feat: eddsa recover txn signature

mohammadalfaiyazbitgo · cpatino-intive · commit e908fe644c8a · 2025-07-15T19:46:18.000-04:00
Ticket: WP-5166
diff --git a/src/__tests__/api/master/musigRecovery.test.ts b/src/__tests__/api/master/musigRecovery.test.ts
@@ -75,7 +75,7 @@ describe('POST /api/:coin/wallet/recovery', () => {
           userPub: ethRecoveryData.userKey,
           backupPub: ethRecoveryData.backupKey,
           walletContractAddress: ethRecoveryData.walletContractAddress,
-          bitgoPub: '',
+          bitgoPub: undefined,
         },
         apiKey: 'etherscan-api-token',
         recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
@@ -158,4 +158,18 @@ describe('POST /api/:coin/wallet/recovery', () => {
     responseNoBackupKey.body.should.have.property('error');
     responseNoBackupKey.body.error.should.match(/backupPub/i);
   });
+
+  it('should fail TSS recovery when common keychain is missing', async () => {
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        isTssRecovery: true,
+        recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
+      });
+
+    response.status.should.equal(400);
+    response.body.should.have.property('error');
+    response.body.error.should.match(/TSS recovery parameters are required/i);
+  });
 });
diff --git a/src/api/enclaved/handlers/signEddsaRecoveryTransaction.ts b/src/api/enclaved/handlers/signEddsaRecoveryTransaction.ts
@@ -1,148 +0,0 @@
-import { BitGoAPI } from '@bitgo/sdk-api';
-import {
-  BaseCoin,
-  BaseTransactionBuilder,
-  Eddsa,
-  EDDSAMethods,
-  EDDSAMethodTypes,
-  PublicKey,
-} from '@bitgo/sdk-core';
-import { Ed25519Bip32HdTree } from '@bitgo/sdk-lib-mpc';
-import { CoinFamily, coins } from '@bitgo/statics';
-import { type KeyPair as SolKeyPair } from '@bitgo/sdk-coin-sol';
-import { retrieveKmsPrvKey } from '../utils';
-import { EnclavedConfig } from '../../../shared/types';
-import logger from '../../../logger';
-
-async function setupTransactionBuilder(
-  sdk: BitGoAPI,
-  coinFamily: CoinFamily,
-  signableHex: string,
-  accountId: string,
-): Promise<{ txBuilder: BaseTransactionBuilder; publicKey: string }> {
-  let modules;
-  switch (coinFamily) {
-    case CoinFamily.NEAR:
-      modules = await import('@bitgo/sdk-coin-near');
-      break;
-    case CoinFamily.DOT:
-      modules = await import('@bitgo/sdk-coin-dot');
-      break;
-    case CoinFamily.SUI:
-      modules = await import('@bitgo/sdk-coin-sui');
-      break;
-    case CoinFamily.ADA:
-      modules = await import('@bitgo/sdk-coin-ada');
-      break;
-    case CoinFamily.SOL:
-      modules = await import('@bitgo/sdk-coin-sol');
-      break;
-    default:
-      throw new Error(`Unsupported coin family: ${coinFamily}`);
-  }
-
-  const { TransactionBuilderFactory, register, KeyPair } = modules;
-  register(sdk);
-
-  const staticCoin = coins.get(coinFamily);
-  try {
-    const keyPair = new KeyPair({ pub: accountId });
-
-    let txBuilder;
-    let publicKey: string;
-    if (coinFamily === CoinFamily.SOL) {
-      txBuilder = new TransactionBuilderFactory(staticCoin).from(signableHex);
-      // For Solana, we need to use the getAddress method to derive the public key
-      publicKey = (keyPair as SolKeyPair).getAddress();
-    } else {
-      txBuilder = new TransactionBuilderFactory(staticCoin).from(
-        Buffer.from(signableHex, 'hex').toString('base64'),
-      );
-      publicKey = keyPair.getKeys().pub;
-    }
-
-    return { txBuilder, publicKey };
-  } catch (error) {
-    logger.error(error);
-    throw error;
-  }
-}
-
-export type SignEddsaRecoveryTransactionParams = {
-  sdk: BitGoAPI;
-  request: {
-    commonKeychain: string;
-    signableHex: string;
-    derivationPath: string;
-  };
-  cfg: EnclavedConfig;
-  coin: BaseCoin;
-};
-
-export async function signEddsaRecoveryTransaction({
-  sdk,
-  cfg,
-  request,
-  coin,
-}: SignEddsaRecoveryTransactionParams) {
-  let publicKey = '';
-  logger.info(`Received request ${JSON.stringify(request)}`);
-
-  const hdTree = await Ed25519Bip32HdTree.initialize();
-  const MPC = await Eddsa.initialize(hdTree);
-
-  const accountId = MPC.deriveUnhardened(request.commonKeychain, request.derivationPath).slice(
-    0,
-    64,
-  );
-
-  const { txBuilder, publicKey: derivedKey } = await setupTransactionBuilder(
-    sdk,
-    coin.getFamily() as CoinFamily,
-    request.signableHex,
-    accountId,
-  );
-
-  publicKey = derivedKey;
-  // Get user and backup private keys
-  const userPrv = await retrieveKmsPrvKey({
-    pub: request.commonKeychain.toString(),
-    source: 'user',
-    cfg,
-    options: { useLocalEncipherment: false },
-  });
-
-  const backupPrv = await retrieveKmsPrvKey({
-    pub: request.commonKeychain.toString(),
-    source: 'backup',
-    cfg,
-    options: { useLocalEncipherment: false },
-  });
-
-  if (!userPrv || !backupPrv) {
-    throw new Error('Missing required private keys for recovery');
-  }
-
-  const userSigningMaterial = JSON.parse(userPrv) as EDDSAMethodTypes.UserSigningMaterial;
-  const backupSigningMaterial = JSON.parse(backupPrv) as EDDSAMethodTypes.BackupSigningMaterial;
-
-  try {
-    const signatureHex = await EDDSAMethods.getTSSSignature(
-      userSigningMaterial,
-      backupSigningMaterial,
-      request.derivationPath,
-      await txBuilder.build(),
-    );
-
-    const publicKeyObj = { pub: publicKey };
-    txBuilder.addSignature(publicKeyObj as PublicKey, signatureHex);
-    const signedTx = await txBuilder.build();
-    const serializedTx = signedTx.toBroadcastFormat();
-
-    return {
-      txHex: serializedTx,
-    };
-  } catch (error) {
-    throw error;
-  }
-}
diff --git a/src/api/master/clients/enclavedExpressClient.ts b/src/api/master/clients/enclavedExpressClient.ts
@@ -174,7 +174,7 @@ export class EnclavedExpressClient {
     userPub: string;
     backupPub: string;
     apiKey: string;
-    coinSpecificParams?: Record<string, unknown>;
+    coinSpecificParams: any;
     walletContractAddress: string;
   }): Promise<SignedTransaction> {
     if (!this.coin) {
diff --git a/src/api/master/handlers/recoveryWallet.ts b/src/api/master/handlers/recoveryWallet.ts
@@ -17,9 +17,6 @@ import {
 } from '../../../shared/recoveryUtils';
 import { EnclavedExpressClient } from '../clients/enclavedExpressClient';
 import { MasterApiSpecRouteRequest } from '../routers/masterApiSpec';
-import { recoverEddsaWallets } from './recoverEddsaWallets';
-import { EnvironmentName } from '../../../shared/types';
-import logger from '../../../logger';
 
 interface RecoveryParams {
   userKey: string;
@@ -69,35 +66,6 @@ async function handleEthLikeRecovery(
   }
 }
 
-async function handleEddsaRecovery(
-  bitgo: BitGoAPI,
-  sdkCoin: BaseCoin,
-  commonRecoveryParams: RecoveryParams,
-  enclavedExpressClient: EnclavedExpressClient,
-  params: EnclavedRecoveryParams,
-) {
-  const { recoveryDestination, userKey } = commonRecoveryParams;
-  try {
-    const unsignedSweepPrebuildTx = await recoverEddsaWallets(bitgo, sdkCoin, {
-      bitgoKey: userKey,
-      recoveryDestination,
-      apiKey: params.apiKey,
-    });
-    logger.info('Unsigned sweep tx: ', JSON.stringify(unsignedSweepPrebuildTx, null, 2));
-
-    return await enclavedExpressClient.recoveryMPC({
-      userPub: params.userPub,
-      backupPub: params.backupPub,
-      apiKey: params.apiKey,
-      unsignedSweepPrebuildTx,
-      coinSpecificParams: params.coinSpecificParams,
-      walletContractAddress: params.walletContractAddress,
-    });
-  } catch (err) {
-    throw err;
-  }
-}
-
 export type UtxoCoinSpecificRecoveryParams = Pick<
   Parameters<AbstractUtxoCoin['recover']>[0],
   | 'apiKey'
diff --git a/src/enclavedBitgoExpress/routers/enclavedApiSpec.ts b/src/enclavedBitgoExpress/routers/enclavedApiSpec.ts
@@ -28,9 +28,6 @@ import { DklsDkg, DklsTypes } from '@bitgo-beta/sdk-lib-mpc';
 import { ecdsaMPCv2Initialize } from '../../api/enclaved/handlers/ecdsaMPCv2Initialize';
 import { ecdsaMPCv2Round } from '../../api/enclaved/handlers/ecdsaMPCv2Round';
 import { ecdsaMPCv2Finalize } from '../../api/enclaved/handlers/ecdsaMPCv2Finalize';
-import { signEddsaRecoveryTransaction } from '../../api/enclaved/handlers/signEddsaRecoveryTransaction';
-import { isEddsaCoin } from '../../shared/coinUtils';
-import { MethodNotImplementedError } from '@bitgo/sdk-core';
 
 // Request type for /key/independent endpoint
 const IndependentKeyRequest = {
@@ -85,31 +82,6 @@ const RecoveryMultisigResponse: HttpResponse = {
   }),
 };
 
-const RecoveryMpcRequest = {
-  commonKeychain: t.string,
-  unsignedSweepPrebuildTx: t.type({
-    txRequests: t.array(
-      t.type({
-        unsignedTx: t.string,
-        signableHex: t.string,
-        derivationPath: t.string,
-      }),
-    ),
-  }),
-};
-
-export type RecoveryMpcRequest = typeof RecoveryMpcRequest;
-
-const RecoveryMpcResponse: HttpResponse = {
-  200: t.type({
-    txHex: t.string,
-  }), // the full signed tx
-  500: t.type({
-    error: t.string,
-    details: t.string,
-  }),
-};
-
 // Request type for /mpc/sign endpoint
 const SignMpcRequest = {
   source: t.string,
@@ -326,20 +298,6 @@ export const EnclavedAPiSpec = apiSpec({
       description: 'Recover a multisig transaction',
     }),
   },
-  'v1.mpc.recovery': {
-    post: httpRoute({
-      method: 'POST',
-      path: `/api/{coin}/mpc/recovery`,
-      request: httpRequest({
-        params: {
-          coin: t.string,
-        },
-        body: RecoveryMpcRequest,
-      }),
-      response: RecoveryMpcResponse,
-      description: 'Sign a recovery transaction with EdDSA user & backup keyshares',
-    }),
-  },
   'v1.key.independent': {
     post: httpRoute({
       method: 'POST',
@@ -522,28 +480,6 @@ export function createKeyGenRouter(config: EnclavedConfig): WrappedRouter<typeof
     }),
   ]);
 
-  router.post('v1.mpc.recovery', [
-    responseHandler<EnclavedConfig>(async (req) => {
-      const typedReq = req as EnclavedApiSpecRouteRequest<'v1.mpc.recovery', 'post'>;
-      const coin = typedReq.bitgo.coin(typedReq.decoded.coin);
-      if (isEddsaCoin(coin)) {
-        const result = await signEddsaRecoveryTransaction({
-          sdk: typedReq.bitgo,
-          request: {
-            commonKeychain: typedReq.decoded.commonKeychain,
-            signableHex: typedReq.decoded.unsignedSweepPrebuildTx.txRequests[0].signableHex,
-            derivationPath: typedReq.decoded.unsignedSweepPrebuildTx.txRequests[0].derivationPath,
-          },
-          cfg: typedReq.config,
-          coin,
-        });
-        return Response.ok(result);
-      } else {
-        throw new MethodNotImplementedError();
-      }
-    }),
-  ]);
-
   router.post('v1.mpc.key.initialize', [
     responseHandler<EnclavedConfig>(async (_req) => {
       try {
diff --git a/src/masterBitgoExpress/enclavedExpressClient.ts b/src/masterBitgoExpress/enclavedExpressClient.ts
