feat(wasm-utxo): allow verifying replay protection signatures with keys

Add support for verifying replay protection signatures using a wallet key
directly through the main verifySignature method, rather than requiring
the deprecated verifyReplayProtectionSignature method.

This adds cleaner support for replay protection verification with the
same API as normal signature verification.

Issue: BTC-2786

Co-authored-by: llm-git <[email protected]>

Author: OttoAllmendinger

packages/wasm-utxo/js/fixedScriptWallet/BitGoPsbt.ts

@@ -152,6 +152,8 @@ export class BitGoPsbt {
   }
 
   /**
+   * @deprecated - use verifySignature with the replay protection key instead
+   *
    * Verify if a replay protection input has a valid signature.
    *
    * This method checks if a given input is a replay protection input (like P2shP2pk) and verifies

packages/wasm-utxo/test/fixedScript/fixtureUtil.ts

@@ -1,10 +1,12 @@
+import assert from "node:assert";
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { fileURLToPath } from "node:url";
 import { dirname } from "node:path";
 import type { IWalletKeys } from "../../js/fixedScriptWallet/RootWalletKeys.js";
 import { BIP32, type BIP32Interface } from "../../js/bip32.js";
 import { RootWalletKeys } from "../../js/fixedScriptWallet/RootWalletKeys.js";
+import { ECPair } from "../../js/ecpair.js";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -119,17 +121,7 @@ export function loadPsbtFixture(network: string, signatureState: string): Fixtur
 /**
  * Load wallet keys from fixture
  */
-export function loadWalletKeysFromFixture(network: string): RootWalletKeys {
-  const fixturePath = path.join(
-    __dirname,
-    "..",
-    "fixtures",
-    "fixed-script",
-    `psbt-lite.${network}.fullsigned.json`,
-  );
-  const fixtureContent = fs.readFileSync(fixturePath, "utf-8");
-  const fixture = JSON.parse(fixtureContent) as Fixture;
-
+export function loadWalletKeysFromFixture(fixture: Fixture): RootWalletKeys {
   // Parse xprvs and convert to xpubs
   const xpubs = fixture.walletKeys.map((xprv) => {
     const key = BIP32.fromBase58(xprv);
@@ -144,6 +136,14 @@ export function loadWalletKeysFromFixture(network: string): RootWalletKeys {
   return RootWalletKeys.from(walletKeysLike);
 }
 
+export function loadReplayProtectionKeyFromFixture(fixture: Fixture): ECPair {
+  // underived user key
+  const userBip32 = BIP32.fromBase58(fixture.walletKeys[0]);
+  assert(userBip32.privateKey);
+  const userECPair = ECPair.fromPrivateKey(Buffer.from(userBip32.privateKey));
+  return userECPair;
+}
+
 /**
  * Get extracted transaction hex from fixture
  */

packages/wasm-utxo/test/fixedScript/parseTransactionWithWalletKeys.ts

@@ -66,7 +66,7 @@ describe("parseTransactionWithWalletKeys", function () {
         fixture = loadPsbtFixture(networkName, "fullsigned");
         fullsignedPsbtBytes = getPsbtBuffer(fixture);
         bitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBytes, networkName);
-        rootWalletKeys = loadWalletKeysFromFixture(networkName);
+        rootWalletKeys = loadWalletKeysFromFixture(fixture);
       });
 
       it("should have matching unsigned transaction ID", function () {

packages/wasm-utxo/test/fixedScript/verifySignature.ts

@@ -1,12 +1,13 @@
 import assert from "node:assert";
 import * as utxolib from "@bitgo/utxo-lib";
-import { fixedScriptWallet, BIP32 } from "../../js/index.js";
-import { BitGoPsbt, RootWalletKeys } from "../../js/fixedScriptWallet/index.js";
+import { fixedScriptWallet, BIP32, ECPair } from "../../js/index.js";
+import { BitGoPsbt, RootWalletKeys, ParsedTransaction } from "../../js/fixedScriptWallet/index.js";
 import {
   loadPsbtFixture,
   loadWalletKeysFromFixture,
   getPsbtBuffer,
   type Fixture,
+  loadReplayProtectionKeyFromFixture,
 } from "./fixtureUtil.js";
 
 type SignatureStage = "unsigned" | "halfsigned" | "fullsigned";
@@ -61,7 +62,9 @@ function getExpectedSignatures(
  */
 function verifyInputSignatures(
   bitgoPsbt: BitGoPsbt,
+  parsed: ParsedTransaction,
   rootWalletKeys: RootWalletKeys,
+  replayProtectionKey: ECPair,
   inputIndex: number,
   expectedSignatures: ExpectedSignatures,
 ): void {
@@ -82,6 +85,20 @@ function verifyInputSignatures(
     return;
   }
 
+  if (parsed.inputs[inputIndex].scriptType === "p2shP2pk") {
+    const hasReplaySig = bitgoPsbt.verifySignature(inputIndex, replayProtectionKey);
+    assert.ok(
+      "hasReplayProtectionSignature" in expectedSignatures,
+      "Expected hasReplayProtectionSignature to be present",
+    );
+    assert.strictEqual(
+      hasReplaySig,
+      expectedSignatures.hasReplayProtectionSignature,
+      `Input ${inputIndex} replay protection signature mismatch`,
+    );
+    return;
+  }
+
   // Handle standard multisig inputs
   const hasUserSig = bitgoPsbt.verifySignature(inputIndex, rootWalletKeys.userKey());
   const hasBackupSig = bitgoPsbt.verifySignature(inputIndex, rootWalletKeys.backupKey());
@@ -121,18 +138,25 @@ describe("verifySignature", function () {
 
     describe(`network: ${networkName}`, function () {
       let rootWalletKeys: RootWalletKeys;
+      let replayProtectionKey: ECPair;
       let unsignedFixture: Fixture;
       let halfsignedFixture: Fixture;
       let fullsignedFixture: Fixture;
       let unsignedBitgoPsbt: BitGoPsbt;
       let halfsignedBitgoPsbt: BitGoPsbt;
       let fullsignedBitgoPsbt: BitGoPsbt;
+      let replayProtectionScript: Uint8Array;
 
       before(function () {
-        rootWalletKeys = loadWalletKeysFromFixture(networkName);
         unsignedFixture = loadPsbtFixture(networkName, "unsigned");
         halfsignedFixture = loadPsbtFixture(networkName, "halfsigned");
         fullsignedFixture = loadPsbtFixture(networkName, "fullsigned");
+        rootWalletKeys = loadWalletKeysFromFixture(fullsignedFixture);
+        replayProtectionKey = loadReplayProtectionKeyFromFixture(fullsignedFixture);
+        replayProtectionScript = Buffer.from(
+          "a91420b37094d82a513451ff0ccd9db23aba05bc5ef387",
+          "hex",
+        );
         unsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(
           getPsbtBuffer(unsignedFixture),
           networkName,
@@ -149,11 +173,16 @@ describe("verifySignature", function () {
 
       describe("unsigned PSBT", function () {
         it("should return false for unsigned inputs", function () {
+          const parsed = unsignedBitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+            outputScripts: [replayProtectionScript],
+          });
           // Verify all xpubs return false for all inputs
           unsignedFixture.psbtInputs.forEach((input, index) => {
             verifyInputSignatures(
               unsignedBitgoPsbt,
+              parsed,
               rootWalletKeys,
+              replayProtectionKey,
               index,
               getExpectedSignatures(input.type, "unsigned"),
             );
@@ -163,10 +192,15 @@ describe("verifySignature", function () {
 
       describe("half-signed PSBT", function () {
         it("should return true for signed xpubs and false for unsigned", function () {
+          const parsed = halfsignedBitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+            outputScripts: [replayProtectionScript],
+          });
           halfsignedFixture.psbtInputs.forEach((input, index) => {
             verifyInputSignatures(
               halfsignedBitgoPsbt,
+              parsed,
               rootWalletKeys,
+              replayProtectionKey,
               index,
               getExpectedSignatures(input.type, "halfsigned"),
             );
@@ -177,10 +211,15 @@ describe("verifySignature", function () {
       describe("fully signed PSBT", function () {
         it("should have 2 signatures (2-of-3 multisig)", function () {
           // In fullsigned fixtures, verify 2 signatures exist per multisig input
+          const parsed = fullsignedBitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+            outputScripts: [replayProtectionScript],
+          });
           fullsignedFixture.psbtInputs.forEach((input, index) => {
             verifyInputSignatures(
               fullsignedBitgoPsbt,
+              parsed,
               rootWalletKeys,
+              replayProtectionKey,
               index,
               getExpectedSignatures(input.type, "fullsigned"),
             );