feat(utxo-core): add support for taproot script types

Add BIP322 signing support for p2tr and p2trMusig2 script types,
allowing message signing for taproot addresses. Update PSBT creation
and handling to accommodate taproot-specific requirements.

NOTE: we are not supporting backup signing, only user-bitgo.

Issue: BTC-2383

Author: davidkaplanbitgo

modules/utxo-core/src/bip322/toSign.ts

@@ -1,6 +1,7 @@
-import { Psbt, bitgo } from '@bitgo/utxo-lib';
+import { Psbt, bitgo, networks } from '@bitgo/utxo-lib';
+import { toXOnlyPublicKey } from '@bitgo/utxo-lib/dist/src/bitgo/outputScripts';
 
-import { addBip322ProofMessage, isTaprootChain } from './utils';
+import { addBip322ProofMessage } from './utils';
 import { BIP322_TAG, buildToSpendTransaction } from './toSpend';
 
 export type AddressDetails = {
@@ -14,9 +15,9 @@ export const MAX_NUM_BIP322_INPUTS = 200;
  * Create the base PSBT for the to_sign transaction for BIP322 signing.
  * There will be ever 1 output.
  */
-export function createBaseToSignPsbt(rootWalletKeys?: bitgo.RootWalletKeys): Psbt {
+export function createBaseToSignPsbt(rootWalletKeys?: bitgo.RootWalletKeys): bitgo.UtxoPsbt {
   // Create PSBT object for constructing the transaction
-  const psbt = new Psbt();
+  const psbt = bitgo.createPsbtForNetwork({ network: networks.bitcoin });
   // Set default value for nVersion and nLockTime
   psbt.setVersion(0); // nVersion = 0
   psbt.setLocktime(0); // nLockTime = 0
@@ -76,31 +77,82 @@ export function addBip322Input(psbt: Psbt, message: string, addressDetails: Addr
 }
 
 export function addBip322InputWithChainAndIndex(
-  psbt: Psbt,
+  psbt: bitgo.UtxoPsbt,
   message: string,
   rootWalletKeys: bitgo.RootWalletKeys,
   scriptId: bitgo.ScriptId
-): Psbt {
-  if (isTaprootChain(scriptId.chain)) {
-    throw new Error('BIP322 is not supported for Taproot script types.');
-  }
+): void {
+  const scriptType = bitgo.scriptTypeForChain(scriptId.chain);
   const walletKeys = rootWalletKeys.deriveForChainAndIndex(scriptId.chain, scriptId.index);
   const output = bitgo.outputScripts.createOutputScript2of3(
     walletKeys.publicKeys,
     bitgo.scriptTypeForChain(scriptId.chain)
   );
 
-  addBip322Input(psbt, message, {
+  addBip322Input(psbt as Psbt, message, {
     scriptPubKey: output.scriptPubKey,
     redeemScript: output.redeemScript,
     witnessScript: output.witnessScript,
   });
 
   const inputIndex = psbt.data.inputs.length - 1;
-  psbt.updateInput(
-    inputIndex,
-    bitgo.getPsbtBip32DerivationOutputUpdate(rootWalletKeys, walletKeys, bitgo.scriptTypeForChain(scriptId.chain))
-  );
 
-  return psbt;
+  // When adding the taproot metadata, we assume that we are NOT using the backup path
+  // For script type p2tr, it means that we are using signer and bitgo keys when creating the tap tree
+  // spending paths. For p2trMusig2, it means that we are using the taproot key path spending
+  const keyNames = ['user', 'bitgo'] as bitgo.KeyName[];
+  if (scriptType === 'p2tr') {
+    const { controlBlock, witnessScript, leafVersion, leafHash } = bitgo.outputScripts.createSpendScriptP2tr(
+      walletKeys.publicKeys,
+      [walletKeys.user.publicKey, walletKeys.bitgo.publicKey]
+    );
+    psbt.updateInput(inputIndex, {
+      tapLeafScript: [{ controlBlock, script: witnessScript, leafVersion }],
+    });
+
+    psbt.updateInput(inputIndex, {
+      tapBip32Derivation: keyNames.map((key) => ({
+        leafHashes: [leafHash],
+        pubkey: toXOnlyPublicKey(walletKeys[key].publicKey),
+        path: rootWalletKeys.getDerivationPath(rootWalletKeys[key], scriptId.chain, scriptId.index),
+        masterFingerprint: rootWalletKeys[key].fingerprint,
+      })),
+    });
+  } else if (scriptType === 'p2trMusig2') {
+    const {
+      internalPubkey: tapInternalKey,
+      outputPubkey: tapOutputKey,
+      taptreeRoot,
+    } = bitgo.outputScripts.createKeyPathP2trMusig2(walletKeys.publicKeys);
+
+    const participantsKeyValData = bitgo.musig2.encodePsbtMusig2Participants({
+      tapOutputKey,
+      tapInternalKey,
+      participantPubKeys: [walletKeys.user.publicKey, walletKeys.bitgo.publicKey],
+    });
+    bitgo.addProprietaryKeyValuesFromUnknownKeyValues(psbt, 'input', inputIndex, participantsKeyValData);
+
+    psbt.updateInput(inputIndex, {
+      tapInternalKey: tapInternalKey,
+    });
+
+    psbt.updateInput(inputIndex, {
+      tapMerkleRoot: taptreeRoot,
+    });
+
+    psbt.updateInput(inputIndex, {
+      tapBip32Derivation: keyNames.map((key) => ({
+        leafHashes: [],
+        pubkey: toXOnlyPublicKey(walletKeys[key].publicKey),
+        path: rootWalletKeys.getDerivationPath(rootWalletKeys[key], scriptId.chain, scriptId.index),
+        masterFingerprint: rootWalletKeys[key].fingerprint,
+      })),
+    });
+  } else {
+    // Add bip32 derivation information for the input
+    psbt.updateInput(
+      inputIndex,
+      bitgo.getPsbtBip32DerivationOutputUpdate(rootWalletKeys, walletKeys, bitgo.scriptTypeForChain(scriptId.chain))
+    );
+  }
 }

modules/utxo-core/src/bip322/toSpend.ts

@@ -1,8 +1,6 @@
 import { Hash } from 'fast-sha256';
 import { Psbt, Transaction, bitgo, networks } from '@bitgo/utxo-lib';
 
-import { isTaprootChain } from './utils';
-
 export const BIP322_TAG = 'BIP0322-signed-message';
 
 /**
@@ -76,10 +74,6 @@ export function buildToSpendTransactionFromChainAndIndex(
   message: string | Buffer,
   tag = BIP322_TAG
 ): Transaction<bigint> {
-  if (isTaprootChain(chain)) {
-    throw new Error('BIP322 is not supported for Taproot script types.');
-  }
-
   const outputScript = bitgo.outputScripts.createOutputScript2of3(
     rootWalletKeys.deriveForChainAndIndex(chain, index).publicKeys,
     bitgo.scriptTypeForChain(chain),

modules/utxo-core/src/bip322/utils.ts

@@ -28,8 +28,3 @@ export function getBip322ProofInputIndex(psbt: utxolib.Psbt): number | undefined
 export function psbtIsBip322Proof(psbt: utxolib.Psbt): boolean {
   return getBip322ProofInputIndex(psbt) !== undefined;
 }
-
-export function isTaprootChain(chain: utxolib.bitgo.ChainCode): boolean {
-  const taprootChains = [...utxolib.bitgo.chainCodesP2tr, ...utxolib.bitgo.chainCodesP2trMusig2];
-  return taprootChains.some((tc) => tc === chain);
-}

modules/utxo-core/test/bip322/toSign.ts

@@ -40,25 +40,23 @@ describe('BIP322 toSign', function () {
   describe('buildToSignPsbtForChainAndIndex', function () {
     const rootWalletKeys = utxolib.testutil.getDefaultWalletKeys();
 
-    function run(chain: utxolib.bitgo.ChainCode, shouldFail: boolean, index: number) {
-      it(`should${
-        shouldFail ? ' fail to' : ''
-      } build and sign a to_sign PSBT for chain ${chain}, index ${index}`, function () {
+    function run(chain: utxolib.bitgo.ChainCode, index: number) {
+      const scriptType = utxolib.bitgo.scriptTypeForChain(chain);
+      it(`should build and sign a to_sign PSBT for chain ${chain}, index ${index}`, function () {
         const message = 'I can believe it is not butter';
-        if (shouldFail) {
-          assert.throws(() => {
-            bip322.buildToSpendTransactionFromChainAndIndex(rootWalletKeys, chain, index, message);
-          }, /BIP322 is not supported for Taproot script types./);
-          return;
-        }
+
         const toSpendTx = bip322.buildToSpendTransactionFromChainAndIndex(rootWalletKeys, chain, index, message);
         const toSignPsbt = bip322.createBaseToSignPsbt(rootWalletKeys);
         bip322.addBip322InputWithChainAndIndex(toSignPsbt, message, rootWalletKeys, { chain, index });
 
         // Can sign the PSBT with the keys
-        // Should be able to use HD because we have the bip32Derivation information
-        toSignPsbt.signAllInputsHD(rootWalletKeys.triple[0]);
-        toSignPsbt.signAllInputsHD(rootWalletKeys.triple[1]);
+        // Should be able to use HD because we have the (tap)bip32Derivation information
+        if (scriptType === 'p2trMusig2') {
+          toSignPsbt.setAllInputsMusig2NonceHD(rootWalletKeys.user);
+          toSignPsbt.setAllInputsMusig2NonceHD(rootWalletKeys.bitgo);
+        }
+        toSignPsbt.signAllInputsHD(rootWalletKeys.user);
+        toSignPsbt.signAllInputsHD(rootWalletKeys.bitgo);
 
         // Wrap the PSBT as a UtxoPsbt so that we can use the validateSignaturesOfInputCommon method
         const utxopsbt = utxolib.bitgo.createPsbtFromBuffer(toSignPsbt.toBuffer(), utxolib.networks.bitcoin);
@@ -127,7 +125,7 @@ describe('BIP322 toSign', function () {
     }
 
     utxolib.bitgo.chainCodes.forEach((chain, i) => {
-      run(chain, bip322.isTaprootChain(chain), i);
+      run(chain, i);
     });
   });
 });

modules/utxo-core/test/bip322/toSpend.ts

@@ -61,20 +61,6 @@ describe('to_spend', function () {
   });
 
   describe('buildToSpendTransactionFromChainAndIndex', function () {
-    it('should throw an error for Taproot chains', function () {
-      const taprootChains = [...bitgo.chainCodesP2tr, ...bitgo.chainCodesP2trMusig2];
-      taprootChains.forEach((chain) => {
-        assert.throws(() => {
-          buildToSpendTransactionFromChainAndIndex(
-            testutil.getDefaultWalletKeys(),
-            chain,
-            0,
-            Buffer.from('Hello World')
-          );
-        }, /BIP322 is not supported for Taproot script types/);
-      });
-    });
-
     describe('should build a to_spend transaction for a non-Taproot chain', function () {
       function run(chain: bitgo.ChainCode) {
         it(`scriptType: ${bitgo.scriptTypeForChain(chain)}, chain ${chain}`, function () {