Skip to content

feat(sdk-coin-sol): add MPCv2 signed recovery to Sol.recover() #9045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vibhavgo wants to merge 1 commit into
base: master
Choose a base branch
from
+451 −63
Open

feat(sdk-coin-sol): add MPCv2 signed recovery to Sol.recover() #9045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 84 additions & 34 deletions modules/sdk-coin-sol/src/sol.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,9 @@ import {
DeriveAddressOptions,
DeriveAddressResult,
UnexpectedAddressError,
EDDSAUtils,
} from '@bitgo/sdk-core';
import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
import { auditEddsaPrivateKey, deriveUnhardenedMps, getDerivationPath } from '@bitgo/sdk-lib-mpc';
import { BaseNetwork, CoinFamily, coins, SolCoin, BaseCoin as StaticsBaseCoin } from '@bitgo/statics';
import {
KeyPair as SolKeyPair,
Expand Down Expand Up @@ -1224,13 +1225,42 @@ export class Sol extends BaseCoin {
const bitgoKey = params.bitgoKey.replace(/\s/g, '');
const isUnsignedSweep = !params.walletPassphrase;

// Build the transaction
const MPC = await EDDSAMethods.getInitializedMpcInstance();
// Validate signing keys and detect MPCv2 format early for signed recovery
let isMpcV2 = false;
if (params.walletPassphrase) {
if (!params.userKey) {
throw new Error('missing userKey');
}
if (!params.backupKey) {
throw new Error('missing backupKey');
}
// Detect MPCv2 keycards — will throw if decryption fails (e.g., wrong password).
// MPCv1 keycards decrypt to JSON with uShare/bitgoYShare; MPCv2 keycards are CBOR.
try {
const isV1 = await EDDSAUtils.EddsaMPCv2RecoveryFunctions.isEddsaMpcV1SigningMaterial(
params.userKey.replace(/\s/g, ''),
params.walletPassphrase,
this.bitgo
);
isMpcV2 = !isV1;
} catch (e) {
// Re-wrap decryption errors with context
throw new Error(`Error decrypting user keychain: ${e instanceof Error ? e.message : String(e)}`);
}
}

let balance = 0;

const index = params.index || 0;
const currPath = params.seed ? getDerivationPath(params.seed) + `/${index}` : `m/${index}`;
const accountId = MPC.deriveUnhardened(bitgoKey, currPath).slice(0, 64);

let accountId: string;
if (isMpcV2) {
accountId = deriveUnhardenedMps(bitgoKey, currPath).slice(0, 64);
} else {
const MPC = await EDDSAMethods.getInitializedMpcInstance();
accountId = MPC.deriveUnhardened(bitgoKey, currPath).slice(0, 64);
}
const bs58EncodedPublicKey = new SolKeyPair({ pub: accountId }).getAddress();

balance = await this.getAccountBalance(bs58EncodedPublicKey, params.apiKey);
Expand Down Expand Up @@ -1421,40 +1451,60 @@ export class Sol extends BaseCoin {
const userKey = params.userKey.replace(/\s/g, '');
const backupKey = params.backupKey.replace(/\s/g, '');

// Decrypt private keys from KeyCard values
let userPrv;

try {
userPrv = await this.bitgo.decryptAsync({
input: userKey,
password: params.walletPassphrase,
});
} catch (e) {
throw new Error(`Error decrypting user keychain: ${e.message}`);
}
if (!isMpcV2) {
// MPCv1 path: decrypt JSON signing material and use TSS signing
let userPrv: string;
try {
userPrv = await this.bitgo.decryptAsync({
input: userKey,
password: params.walletPassphrase,
});
} catch (e) {
throw new Error(`Error decrypting user keychain: ${e.message}`);
}
const userSigningMaterial = JSON.parse(userPrv) as EDDSAMethodTypes.UserSigningMaterial;

const userSigningMaterial = JSON.parse(userPrv) as EDDSAMethodTypes.UserSigningMaterial;
let backupPrv: string;
try {
backupPrv = await this.bitgo.decryptAsync({
input: backupKey,
password: params.walletPassphrase,
});
} catch (e) {
throw new Error(`Error decrypting backup keychain: ${e.message}`);
}
const backupSigningMaterial = JSON.parse(backupPrv) as EDDSAMethodTypes.BackupSigningMaterial;

let backupPrv;
try {
backupPrv = await this.bitgo.decryptAsync({
input: backupKey,
password: params.walletPassphrase,
});
} catch (e) {
throw new Error(`Error decrypting backup keychain: ${e.message}`);
}
const backupSigningMaterial = JSON.parse(backupPrv) as EDDSAMethodTypes.BackupSigningMaterial;
const signatureHex = await EDDSAMethods.getTSSSignature(
userSigningMaterial,
backupSigningMaterial,
currPath,
unsignedTransaction
);
txBuilder.addSignature({ pub: bs58EncodedPublicKey } as PublicKey, signatureHex);
} else {
// MPCv2 path: decrypt CBOR reduced key shares and sign with MPS DSG protocol
const { userKeyShare, backupKeyShare, commonKeyChain } =
await EDDSAUtils.EddsaMPCv2RecoveryFunctions.getEddsaMpcV2RecoveryKeySharesFromReducedKey(
userKey,
backupKey,
params.walletPassphrase,
this.bitgo
);

const signatureHex = await EDDSAMethods.getTSSSignature(
userSigningMaterial,
backupSigningMaterial,
currPath,
unsignedTransaction
);
if (commonKeyChain.toLowerCase() !== bitgoKey.toLowerCase()) {
throw new Error('EdDSA MPCv2 recovery: commonKeyChain from keycard does not match bitgoKey');
}

const publicKeyObj = { pub: bs58EncodedPublicKey };
txBuilder.addSignature(publicKeyObj as PublicKey, signatureHex);
const signature = EDDSAUtils.EddsaMPCv2RecoveryFunctions.signRecoveryEddsaMPCv2(
unsignedTransaction.signablePayload,
currPath,
userKeyShare,
backupKeyShare,
commonKeyChain
);
txBuilder.addSignature({ pub: bs58EncodedPublicKey } as PublicKey, signature);
}
}

if (params.durableNonce) {
Expand Down
Loading