feat(mbe): consolidation eddsa

Author: cpatino-intive

masterBitgoExpress.json

@@ -6,6 +6,120 @@
     "description": "BitGo Enclaved Express - Secure enclave for BitGo signing operations with mTLS"
   },
   "paths": {
+    "/api/{coin}/wallet/{walletId}/accelerate": {
+      "post": {
+        "parameters": [
+          {
+            "name": "walletId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "coin",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "pubkey": {
+                    "type": "string"
+                  },
+                  "source": {
+                    "type": "string",
+                    "enum": [
+                      "user",
+                      "backup"
+                    ]
+                  },
+                  "cpfpTxIds": {
+                    "type": "array",
+                    "items": {
+                      "type": "string"
+                    }
+                  },
+                  "cpfpFeeRate": {
+                    "type": "number"
+                  },
+                  "maxFee": {
+                    "type": "number"
+                  },
+                  "rbfTxIds": {
+                    "type": "array",
+                    "items": {
+                      "type": "string"
+                    }
+                  },
+                  "feeMultiplier": {
+                    "type": "number"
+                  }
+                },
+                "required": [
+                  "pubkey",
+                  "source"
+                ]
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "OK",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "txid": {
+                      "type": "string"
+                    },
+                    "tx": {
+                      "type": "string"
+                    }
+                  },
+                  "required": [
+                    "txid",
+                    "tx"
+                  ]
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "Internal Server Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "error": {
+                      "type": "string"
+                    },
+                    "details": {
+                      "type": "string"
+                    }
+                  },
+                  "required": [
+                    "error",
+                    "details"
+                  ]
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/api/{coin}/wallet/{walletId}/consolidate": {
       "post": {
         "parameters": [
@@ -54,6 +168,9 @@
                       "full",
                       "lite"
                     ]
+                  },
+                  "commonKeychain": {
+                    "type": "string"
                   }
                 },
                 "required": [
@@ -142,9 +259,6 @@
                       "backup"
                     ]
                   },
-                  "walletPassphrase": {
-                    "type": "string"
-                  },
                   "feeRate": {
                     "type": "number"
                   },

src/api/master/handlerUtils.ts

@@ -17,7 +17,7 @@ export async function getWalletAndSigningKeychain({
   bitgo: BitGo;
   coin: string;
   walletId: string;
-  params: { source: 'user' | 'backup'; pubkey?: string };
+  params: { source: 'user' | 'backup'; pubkey?: string; commonKeychain?: string };
   reqId: RequestTracer;
   KeyIndices: { USER: number; BACKUP: number; BITGO: number };
 }) {
@@ -34,14 +34,20 @@ export async function getWalletAndSigningKeychain({
     id: wallet.keyIds()[keyIdIndex],
   });
 
-  if (!signingKeychain || !signingKeychain.pub) {
+  if (!signingKeychain) {
     throw new Error(`Signing keychain for ${params.source} not found`);
   }
 
   if (params.pubkey && params.pubkey !== signingKeychain.pub) {
     throw new Error(`Pub provided does not match the keychain on wallet for ${params.source}`);
   }
 
+  if (params.commonKeychain && signingKeychain.commonKeychain !== params.commonKeychain) {
+    throw new Error(
+      `Common keychain provided does not match the keychain on wallet for ${params.source}`,
+    );
+  }
+
   return { baseCoin, wallet, signingKeychain };
 }
 /**

src/api/master/handlers/eddsa.ts

@@ -9,6 +9,9 @@ import {
   EddsaUtils,
   BaseCoin,
   ApiKeyShare,
+  CustomRShareGeneratingFunction,
+  CustomGShareGeneratingFunction,
+  CustomCommitmentGeneratingFunction,
 } from '@bitgo/sdk-core';
 import { EnclavedExpressClient } from '../clients/enclavedExpressClient';
 import { exchangeEddsaCommitments } from '@bitgo/sdk-core/dist/src/bitgo/tss/common';
@@ -198,3 +201,70 @@ export async function orchestrateEddsaKeyGen({
   walletParams.keys = [userMpcKey.id, backupMpcKey.id, bitgoKeychain.id];
   return { walletParams, keychains };
 }
+
+// Commitment
+export function createCustomCommitmentGenerator(
+  bitgo: BitGoBase,
+  wallet: Wallet,
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): CustomCommitmentGeneratingFunction {
+  return async function customCommitmentGeneratingFunction(params) {
+    const eddsaUtils = new EddsaUtils(bitgo, wallet.baseCoin);
+    const bitgoGpgKey = await eddsaUtils.getBitgoPublicGpgKey();
+    const { txRequest } = params;
+    const response = await enclavedExpressClient.signMpcCommitment({
+      txRequest,
+      bitgoGpgPubKey: bitgoGpgKey.armor(),
+      source,
+      pub,
+    });
+    return {
+      ...response,
+      encryptedUserToBitgoRShare: {
+        ...response.encryptedUserToBitgoRShare,
+        encryptedDataKey: response.encryptedDataKey,
+      },
+    };
+  };
+}
+
+// RShare
+export function createCustomRShareGenerator(
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): CustomRShareGeneratingFunction {
+  return async function customRShareGeneratingFunction(params) {
+    const { txRequest, encryptedUserToBitgoRShare } = params;
+    const encryptedDataKey = (encryptedUserToBitgoRShare as any).encryptedDataKey;
+    return await enclavedExpressClient.signMpcRShare({
+      txRequest,
+      encryptedUserToBitgoRShare,
+      encryptedDataKey,
+      source,
+      pub,
+    });
+  };
+}
+
+// GShare
+export function createCustomGShareGenerator(
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): CustomGShareGeneratingFunction {
+  return async function customGShareGeneratingFunction(params) {
+    const { txRequest, bitgoToUserRShare, userToBitgoRShare, bitgoToUserCommitment } = params;
+    const response = await enclavedExpressClient.signMpcGShare({
+      txRequest,
+      bitgoToUserRShare,
+      userToBitgoRShare,
+      bitgoToUserCommitment,
+      source,
+      pub,
+    });
+    return response.gShare;
+  };
+}

src/api/master/handlers/handleConsolidate.ts

@@ -1,7 +1,17 @@
-import { RequestTracer, KeyIndices } from '@bitgo/sdk-core';
+import {
+  RequestTracer,
+  KeyIndices,
+  BuildConsolidationTransactionOptions,
+  MPCType,
+} from '@bitgo/sdk-core';
 import logger from '../../../logger';
 import { MasterApiSpecRouteRequest } from '../routers/masterApiSpec';
 import { getWalletAndSigningKeychain, makeCustomSigningFunction } from '../handlerUtils';
+import {
+  createCustomCommitmentGenerator,
+  createCustomRShareGenerator,
+  createCustomGShareGenerator,
+} from './eddsa';
 
 export async function handleConsolidate(
   req: MasterApiSpecRouteRequest<'v1.wallet.consolidate', 'post'>,
@@ -33,20 +43,50 @@ export async function handleConsolidate(
   }
 
   try {
-    // Create custom signing function that delegates to EBE
-    const customSigningFunction = makeCustomSigningFunction({
-      enclavedExpressClient,
-      source: params.source,
-      pub: signingKeychain.pub!,
-    });
-
-    // Prepare consolidation parameters
-    const consolidationParams = {
+    const consolidationParams: BuildConsolidationTransactionOptions = {
       ...params,
-      customSigningFunction,
       reqId,
     };
 
+    // --- TSS/MPC support ---
+    if (wallet._wallet.multisigType === 'tss') {
+      // Always force apiVersion to 'full' for TSS/MPC
+      consolidationParams.apiVersion = 'full';
+
+      // EDDSA (e.g., Solana)
+      if (baseCoin.getMPCAlgorithm() === MPCType.EDDSA) {
+        consolidationParams.customCommitmentGeneratingFunction = createCustomCommitmentGenerator(
+          bitgo,
+          wallet,
+          enclavedExpressClient,
+          params.source,
+          signingKeychain.commonKeychain!,
+        );
+        consolidationParams.customRShareGeneratingFunction = createCustomRShareGenerator(
+          enclavedExpressClient,
+          params.source,
+          signingKeychain.commonKeychain!,
+        );
+        consolidationParams.customGShareGeneratingFunction = createCustomGShareGenerator(
+          enclavedExpressClient,
+          params.source,
+          signingKeychain.commonKeychain!,
+        );
+      }
+      // ECDSA (future-proof, not needed for Solana)
+      else if (baseCoin.getMPCAlgorithm() === MPCType.ECDSA) {
+        // Add ECDSA custom signing hooks here if needed, following SDK pattern
+        throw new Error('ECDSA MPC consolidations not yet implemented');
+      }
+    } else {
+      // Non-TSS: legacy custom signing function
+      consolidationParams.customSigningFunction = makeCustomSigningFunction({
+        enclavedExpressClient,
+        source: params.source,
+        pub: signingKeychain.pub!,
+      });
+    }
+
     // Send account consolidations
     const result = await wallet.sendAccountConsolidations(consolidationParams);
 

src/api/master/routers/masterApiSpec.ts

@@ -106,10 +106,11 @@ export const SendManyResponse: HttpResponse = {
 
 // Request type for /consolidate endpoint
 export const ConsolidateRequest = {
-  pubkey: t.string,
+  pubkey: t.union([t.undefined, t.string]),
   source: t.union([t.literal('user'), t.literal('backup')]),
   consolidateAddresses: t.union([t.undefined, t.array(t.string)]),
   apiVersion: t.union([t.undefined, t.literal('full'), t.literal('lite')]),
+  commonKeychain: t.union([t.undefined, t.string]),
 };
 
 // Response type for /consolidate endpoint