feat: migrate remaining v1 encrypt callsites to async

Ticket: WCN-284

Author: bdesoky

modules/abstract-utxo/src/abstractUtxoCoin.ts

@@ -699,8 +699,8 @@ export abstract class AbstractUtxoCoin
   /**
    * @deprecated - use function verifyUserPublicKey instead
    */
-  protected verifyUserPublicKey(params: VerifyUserPublicKeyOptions): boolean {
-    return verifyUserPublicKey(this.bitgo, params);
+  protected async verifyUserPublicKey(params: VerifyUserPublicKeyOptions): Promise<boolean> {
+    return await verifyUserPublicKey(this.bitgo, params);
   }
 
   /**

modules/abstract-utxo/src/recovery/backupKeyRecovery.ts

@@ -3,7 +3,7 @@ import {
   BitGoBase,
   ErrorNoInputToRecover,
   getKrsProvider,
-  getBip32Keys as getBip32KeysFromSdkCore,
+  getBip32KeysAsync as getBip32KeysFromSdkCore,
   isTriple,
   krsProviders,
   Triple,
@@ -410,8 +410,8 @@ export function formatBackupKeyRecoveryResult(
   return txInfo;
 }
 
-function getBip32Keys(bitgo: BitGoBase, params: RecoverParams): Triple<BIP32> {
-  const keys = getBip32KeysFromSdkCore(bitgo, params, { requireBitGoXpub: true });
+async function getBip32Keys(bitgo: BitGoBase, params: RecoverParams): Promise<Triple<BIP32>> {
+  const keys = await getBip32KeysFromSdkCore(bitgo, params, { requireBitGoXpub: true });
   if (!isTriple(keys)) {
     throw new Error(`expected key triple`);
   }
@@ -469,7 +469,7 @@ export async function backupKeyRecovery(
   }
 
   // check whether key material and password authenticate the users and return parent keys of all three keys of the wallet
-  const keys = getBip32Keys(bitgo, params);
+  const keys = await getBip32Keys(bitgo, params);
   const walletKeys = fixedScriptWallet.RootWalletKeys.from({
     triple: keys,
     derivationPrefixes: [params.userKeyPath || 'm/0/0', 'm/0/0', 'm/0/0'],

modules/abstract-utxo/src/transaction/fixedScript/verifyTransaction.ts

@@ -79,7 +79,7 @@ export async function verifyTransaction<TNumber extends bigint | number>(
   let userPublicKeyVerified = false;
   try {
     // verify the user public key matches the private key - this will throw if there is no match
-    userPublicKeyVerified = verifyUserPublicKey(bitgo, {
+    userPublicKeyVerified = await verifyUserPublicKey(bitgo, {
       userKeychain: keychains.user,
       disableNetworking,
       txParams,

modules/abstract-utxo/src/verifyKey.ts

@@ -7,7 +7,7 @@ import assert from 'assert';
 
 import buildDebug from 'debug';
 import { BIP32, message } from '@bitgo/wasm-utxo';
-import { BitGoBase, decryptKeychainPrivateKey, KeyIndices } from '@bitgo/sdk-core';
+import { BitGoBase, decryptKeychainPrivateKeyAsync, KeyIndices } from '@bitgo/sdk-core';
 
 import { VerifyKeySignaturesOptions, VerifyUserPublicKeyOptions } from './abstractUtxoCoin';
 import { ParsedTransaction } from './transaction/types';
@@ -84,7 +84,7 @@ export function verifyCustomChangeKeySignatures<TNumber extends number | bigint>
 /**
  * Decrypt the wallet's user private key and verify that the claimed public key matches
  */
-export function verifyUserPublicKey(bitgo: BitGoBase, params: VerifyUserPublicKeyOptions): boolean {
+export async function verifyUserPublicKey(bitgo: BitGoBase, params: VerifyUserPublicKeyOptions): Promise<boolean> {
   const { userKeychain, txParams, disableNetworking } = params;
   if (!userKeychain) {
     throw new Error('user keychain is required');
@@ -94,7 +94,7 @@ export function verifyUserPublicKey(bitgo: BitGoBase, params: VerifyUserPublicKe
 
   let userPrv = userKeychain.prv;
   if (!userPrv && txParams.walletPassphrase) {
-    userPrv = decryptKeychainPrivateKey(bitgo, userKeychain, txParams.walletPassphrase);
+    userPrv = await decryptKeychainPrivateKeyAsync(bitgo, userKeychain, txParams.walletPassphrase);
   }
 
   if (!userPrv) {

modules/bitgo/test/unit/bitgo.ts

@@ -237,41 +237,44 @@ describe('BitGo Prototype Methods', function () {
       'xpub661MyMwAqRbcEusRjkJ64BXgR8ddYsXbuDJfbRc3eZcZVEa2ygswDiFZQpHFsA5N211YDvi2N898h4KrcXcfsR8PLhjJaPUwCUqg1ptBBHN';
     const passwords = ['mickey', 'mouse', 'donald', 'duck'];
 
-    it('should fail to split secret with wrong m', () => {
-      (() =>
-        bitgo.splitSecret({
+    it('should fail to split secret with wrong m', async () => {
+      await bitgo
+        .splitSecret({
           seed,
           passwords: ['abc'],
           m: 0,
-        })).should.throw('m must be a positive integer greater than or equal to 2');
+        })
+        .should.be.rejectedWith('m must be a positive integer greater than or equal to 2');
     });
 
-    it('should fail to split secret with bad password count', () => {
-      (() =>
-        bitgo.splitSecret({
+    it('should fail to split secret with bad password count', async () => {
+      await bitgo
+        .splitSecret({
           seed,
           passwords: ['abc'],
           m: 2,
-        })).should.throw('passwords array length cannot be less than m');
+        })
+        .should.be.rejectedWith('passwords array length cannot be less than m');
     });
 
-    it('should split and fail to reconstitute secret with bad passwords', () => {
-      const splitSecret = bitgo.splitSecret({ seed, passwords: passwords, m: 3 });
+    it('should split and fail to reconstitute secret with bad passwords', async () => {
+      const splitSecret = await bitgo.splitSecret({ seed, passwords: passwords, m: 3 });
       const shards = _.at(splitSecret.seedShares, [0, 2]);
       const subsetPasswords = _.at(passwords, [0, 3]);
-      (() =>
-        bitgo.reconstituteSecret({
+      await bitgo
+        .reconstituteSecret({
           shards,
           passwords: subsetPasswords,
           xpub,
-        } as any)).should.throw(/ccm: tag doesn't match/);
+        } as any)
+        .should.be.rejectedWith(/ccm: tag doesn't match/);
     });
 
-    it('should split and reconstitute secret', () => {
-      const splitSecret = bitgo.splitSecret({ seed, passwords: passwords, m: 2 });
+    it('should split and reconstitute secret', async () => {
+      const splitSecret = await bitgo.splitSecret({ seed, passwords: passwords, m: 2 });
       const shards = _.at(splitSecret.seedShares, [0, 2]);
       const subsetPasswords = _.at(passwords, [0, 2]);
-      const reconstitutedSeed = bitgo.reconstituteSecret({ shards, passwords: subsetPasswords });
+      const reconstitutedSeed = await bitgo.reconstituteSecret({ shards, passwords: subsetPasswords });
       reconstitutedSeed.seed.should.equal(seed);
       reconstitutedSeed.xpub.should.equal(
         'xpub661MyMwAqRbcEusRjkJ64BXgR8ddYsXbuDJfbRc3eZcZVEa2ygswDiFZQpHFsA5N211YDvi2N898h4KrcXcfsR8PLhjJaPUwCUqg1ptBBHN'
@@ -281,22 +284,22 @@ describe('BitGo Prototype Methods', function () {
       );
     });
 
-    it('should split and incorrectly verify secret', () => {
-      const splitSecret = bitgo.splitSecret({ seed, passwords: passwords, m: 3 });
-      const isValid = bitgo.verifyShards({ shards: splitSecret.seedShares, passwords, m: 2 } as any);
+    it('should split and incorrectly verify secret', async () => {
+      const splitSecret = await bitgo.splitSecret({ seed, passwords: passwords, m: 3 });
+      const isValid = await bitgo.verifyShards({ shards: splitSecret.seedShares, passwords, m: 2 } as any);
       isValid.should.equal(false);
     });
 
-    it('should split and verify secret', () => {
-      const splitSecret = bitgo.splitSecret({ seed, passwords: passwords, m: 2 });
-      const isValid = bitgo.verifyShards({ shards: splitSecret.seedShares, passwords, m: 2, xpub });
+    it('should split and verify secret', async () => {
+      const splitSecret = await bitgo.splitSecret({ seed, passwords: passwords, m: 2 });
+      const isValid = await bitgo.verifyShards({ shards: splitSecret.seedShares, passwords, m: 2, xpub });
       isValid.should.equal(true);
     });
 
-    it('should split and verify secret with many parts', () => {
+    it('should split and verify secret with many parts', async () => {
       const allPws = ['0', '1', '2', '3', '4', '5', '6', '7'];
-      const splitSecret = bitgo.splitSecret({ seed, passwords: allPws, m: 3 });
-      const isValid = bitgo.verifyShards({ shards: splitSecret.seedShares, passwords: allPws, m: 3, xpub });
+      const splitSecret = await bitgo.splitSecret({ seed, passwords: allPws, m: 3 });
+      const isValid = await bitgo.verifyShards({ shards: splitSecret.seedShares, passwords: allPws, m: 3, xpub });
       isValid.should.equal(true);
     });
   });
@@ -436,15 +439,15 @@ describe('BitGo Prototype Methods', function () {
       requestHeaders.hmac.should.equal('6de77d5a5446a3e5649456c11480706a71071b15639c3c787af65bdb02ecf1ec');
     });
 
-    it('should correctly handle authentication response', () => {
+    it('should correctly handle authentication response', async () => {
       const responseJson = {
         encryptedToken:
           '{"iv":"EqxVaGTLY4naAYkuBaTz0w==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"4S4dBYcgL4s=","ct":"FgBRJljb8iSYxnAjMi4Qotr7sTKbSmWnlfHZShMSi8YeeE3kiS8bpHNUwAPhY8tgouh3UsEwrJnY+54MvqFD7yd19pG1V4CVssr8"}',
         derivationPath: 'm/999999/104490948/173846667',
         encryptedECDHXprv:
           '{"iv":"QKHEF2GNcwOJwy6+pwANRA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"W2sVFvXDlOw=","ct":"8BTCqS25X37kLzmzQdGenhXH6znn9qEmkszAeS8kLnRdqKSiUiC7bTAVgg/Np5yrV7F7Jyiq+MTpVT76EoUT+PMJzArv0gUQKC2JPB3JuVKeAAVWBQmhWfkEwRfyv4hq4WMxwZtocwBqThvd2pJm9HE51GX4/Wo="}',
       };
-      const parsedAuthenticationData = bitgo.handleTokenIssuance(responseJson, 'test@bitgo.com');
+      const parsedAuthenticationData = await bitgo.handleTokenIssuance(responseJson, 'test@bitgo.com');
       parsedAuthenticationData.token.should.equal(token);
       parsedAuthenticationData.ecdhXprv.should.equal(
         'xprv9s21ZrQH143K3si1bKGp7KqgCQv39ttQ7aUwWzVdytgHd8HtDCHyEp14mxfhiT3qHTq4BaSrA7uUkG6AJTfPJBsRu63drvBqYuMZyTxepH7'

modules/bitgo/test/v2/unit/keychains.ts

@@ -1076,7 +1076,7 @@ describe('V2 Keychains', function () {
       updateKeychainStub = sandbox.stub().returns({ result: sandbox.stub().resolves() });
       sandbox.stub(BitGo.prototype, 'put').returns({ send: updateKeychainStub });
       createKeypairStub = sandbox.stub(ofcKeychains, 'create').returns(mockNewKeypair);
-      encryptionStub = sandbox.stub(BitGo.prototype, 'encrypt').returns('newEncryptedPrv');
+      encryptionStub = sandbox.stub(BitGo.prototype, 'encryptAsync').resolves('newEncryptedPrv');
     });
 
     afterEach(function () {
@@ -1088,7 +1088,7 @@ describe('V2 Keychains', function () {
 
       await ofcKeychains.rotateKeychain({ id: mockOfcKeychain.id, password: '1234' });
       sinon.assert.called(createKeypairStub);
-      sinon.assert.calledWith(encryptionStub, { input: mockNewKeypair.prv, password: '1234' });
+      sinon.assert.calledWith(encryptionStub, { input: mockNewKeypair.prv, password: '1234', encryptionVersion: 2 });
       sinon.assert.calledWith(updateKeychainStub, {
         pub: mockNewKeypair.pub,
         encryptedPrv: 'newEncryptedPrv',

modules/bitgo/test/v2/unit/wallets.ts

@@ -4273,7 +4273,7 @@ describe('V2 Wallets:', function () {
 
       const encryptPrvForUserStub = sinon
         .stub(wallet, 'encryptPrvForUser')
-        .callsFake((prv, pubKey, userPubKey, path) => {
+        .callsFake(async (prv, pubKey, userPubKey, path) => {
           return {
             pub: pubKey,
             encryptedPrv: 'dummyEncryptedPrv',

modules/passkey-crypto/src/attachPasskeyToWallet.ts

@@ -66,7 +66,7 @@ export async function attachPasskeyToWallet(params: {
   }
 
   const prfPassword = derivePassword(authResult.prfResult);
-  const encryptedPrv = await bitgo.encryptAsync({ password: prfPassword, input: privateKey, encryptionVersion: 2 });
+  const encryptedPrv = await bitgo.encryptAsync({ password: prfPassword, input: privateKey });
 
   const updatedKeychain = await bitgo
     .put(bitgo.url(`/${coin}/key/${keychainId}`, 2))