feat: use decryptAsync/encryptAsync for remaining WRW flows

bdesoky · bdesoky · commit 4e665edf3e67 · 2026-06-01T15:47:54.000-04:00
Ticket: WCN-172
diff --git a/modules/abstract-cosmos/src/cosmosCoin.ts b/modules/abstract-cosmos/src/cosmosCoin.ts
@@ -243,7 +243,7 @@ export class CosmosCoin<CustomMessage = never> extends BaseCoin {
       throw new Error('Invalid key format');
     }
 
-    return await ECDSAUtils.getMpcV2RecoveryKeyShares(userKey, backupKey, walletPassphrase);
+    return await ECDSAUtils.getMpcV2RecoveryKeyShares(userKey, backupKey, walletPassphrase, this.bitgo);
   }
 
   /**
@@ -491,7 +491,8 @@ export class CosmosCoin<CustomMessage = never> extends BaseCoin {
     const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
       userKey,
       backupKey,
-      params.walletPassphrase
+      params.walletPassphrase,
+      this.bitgo
     ); // baseAddress is not extracted
 
     const MPC = new Ecdsa();
diff --git a/modules/abstract-eth/src/abstractEthLikeNewCoins.ts b/modules/abstract-eth/src/abstractEthLikeNewCoins.ts
@@ -2250,7 +2250,8 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
       const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
         userPublicOrPrivateKeyShare,
         backupPrivateOrPublicKeyShare,
-        params.walletPassphrase
+        params.walletPassphrase,
+        this.bitgo
       );
 
       const { gasLimit, gasPrice } = await this.getGasValues(params);
diff --git a/modules/abstract-utxo/src/recovery/backupKeyRecovery.ts b/modules/abstract-utxo/src/recovery/backupKeyRecovery.ts
@@ -3,7 +3,7 @@ import {
   BitGoBase,
   ErrorNoInputToRecover,
   getKrsProvider,
-  getBip32Keys as getBip32KeysFromSdkCore,
+  getBip32KeysAsync as getBip32KeysFromSdkCore,
   isTriple,
   krsProviders,
   Triple,
@@ -410,8 +410,8 @@ export function formatBackupKeyRecoveryResult(
   return txInfo;
 }
 
-function getBip32Keys(bitgo: BitGoBase, params: RecoverParams): Triple<BIP32> {
-  const keys = getBip32KeysFromSdkCore(bitgo, params, { requireBitGoXpub: true });
+async function getBip32Keys(bitgo: BitGoBase, params: RecoverParams): Promise<Triple<BIP32>> {
+  const keys = await getBip32KeysFromSdkCore(bitgo, params, { requireBitGoXpub: true });
   if (!isTriple(keys)) {
     throw new Error(`expected key triple`);
   }
@@ -469,7 +469,7 @@ export async function backupKeyRecovery(
   }
 
   // check whether key material and password authenticate the users and return parent keys of all three keys of the wallet
-  const keys = getBip32Keys(bitgo, params);
+  const keys = await getBip32Keys(bitgo, params);
   const walletKeys = fixedScriptWallet.RootWalletKeys.from({
     triple: keys,
     derivationPrefixes: [params.userKeyPath || 'm/0/0', 'm/0/0', 'm/0/0'],
diff --git a/modules/abstract-utxo/src/recovery/crossChainRecovery.ts b/modules/abstract-utxo/src/recovery/crossChainRecovery.ts
@@ -1,6 +1,6 @@
 import { BIP32, CoinName, fixedScriptWallet, address as wasmAddress } from '@bitgo/wasm-utxo';
+import { decryptAsync } from '@bitgo/sdk-api';
 import { BitGoBase, IWallet, Keychain, Triple, Wallet } from '@bitgo/sdk-core';
-import { decrypt } from '@bitgo/sdk-api';
 
 import { AbstractUtxoCoin, TransactionInfo } from '../abstractUtxoCoin';
 import { signAndVerifyPsbt } from '../transaction/fixedScript/signTransaction';
@@ -313,7 +313,7 @@ async function getPrv(xprv?: string, passphrase?: string, wallet?: IWallet | Wal
     encryptedPrv = (await (wallet as WalletV1).getEncryptedUserKeychain()).encryptedXprv;
   }
 
-  return getPrv(decrypt(passphrase, encryptedPrv));
+  return getPrv(await decryptAsync(passphrase, encryptedPrv));
 }
 
 /**
diff --git a/modules/sdk-api/src/v1/wallet.ts b/modules/sdk-api/src/v1/wallet.ts
@@ -1751,7 +1751,10 @@ Wallet.prototype.createAndSignTransaction = function (params, callback) {
       const safeUserKey = _.get(this.wallet, 'private.userPrivKey');
       if (_.isString(safeUserKey) && _.isString(params.walletPassphrase)) {
         // @ts-expect-error - no implicit this
-        transaction.signingKey = this.bitgo.decrypt({ password: params.walletPassphrase, input: safeUserKey });
+        transaction.signingKey = await this.bitgo.decryptAsync({
+          password: params.walletPassphrase,
+          input: safeUserKey,
+        });
       } else {
         throw e;
       }
@@ -1809,10 +1812,13 @@ Wallet.prototype.getAndPrepareSigningKeychain = function (params, callback) {
 
   // Caller provided a wallet passphrase
   if (params.walletPassphrase) {
-    return self.getEncryptedUserKeychain().then(function (keychain) {
+    return self.getEncryptedUserKeychain().then(async function (keychain) {
       // Decrypt the user key with a passphrase
       try {
-        keychain.xprv = self.bitgo.decrypt({ password: params.walletPassphrase, input: keychain.encryptedXprv });
+        keychain.xprv = await self.bitgo.decryptAsync({
+          password: params.walletPassphrase,
+          input: keychain.encryptedXprv,
+        });
       } catch (e) {
         throw new Error('Unable to decrypt user keychain');
       }
@@ -2295,21 +2301,24 @@ Wallet.prototype.shareWallet = function (params, callback) {
       sharing = result;
 
       if (needsKeychain) {
-        return self.getEncryptedUserKeychain({}).then(function (keychain) {
+        return self.getEncryptedUserKeychain({}).then(async function (keychain) {
           // Decrypt the user key with a passphrase
           if (keychain.encryptedXprv) {
             if (!params.walletPassphrase) {
               throw new Error('Missing walletPassphrase argument');
             }
             try {
-              keychain.xprv = self.bitgo.decrypt({ password: params.walletPassphrase, input: keychain.encryptedXprv });
+              keychain.xprv = await self.bitgo.decryptAsync({
+                password: params.walletPassphrase,
+                input: keychain.encryptedXprv,
+              });
             } catch (e) {
               throw new Error('Unable to decrypt user keychain');
             }
 
             const eckey = makeRandomKey();
             const secret = getSharedSecret(eckey, Buffer.from(sharing.pubkey, 'hex')).toString('hex');
-            const newEncryptedXprv = self.bitgo.encrypt({ password: secret, input: keychain.xprv });
+            const newEncryptedXprv = await self.bitgo.encryptAsync({ password: secret, input: keychain.xprv });
 
             sharedKeychain = {
               xpub: keychain.xpub,
@@ -2599,10 +2608,10 @@ Wallet.prototype.recover = async function (params) {
   assert(parsedUnsignedTx.outs.length === 1);
   assert(_.sumBy(params.unspents, 'value') - _.sumBy(parsedUnsignedTx.outs, 'value') === Number(approximateTxFee));
 
-  const plainUserKey = this.bitgo.decrypt({ password: params.walletPassphrase, input: params.userKey });
+  const plainUserKey = await this.bitgo.decryptAsync({ password: params.walletPassphrase, input: params.userKey });
   const halfSignedTx = await this.signTransaction({ ...unsignedTx, signingKey: plainUserKey });
 
-  const plainBackupKey = this.bitgo.decrypt({ password: params.walletPassphrase, input: params.backupKey });
+  const plainBackupKey = await this.bitgo.decryptAsync({ password: params.walletPassphrase, input: params.backupKey });
   const fullSignedTx = await this.signTransaction({
     ...unsignedTx,
     transactionHex: halfSignedTx.tx,
@@ -2659,7 +2668,7 @@ Wallet.prototype.sweep = async function (params) {
   assert(parsedUnsignedTx.outs.length === 1);
   assert(_.sumBy(params.unspents, 'value') - _.sumBy(parsedUnsignedTx.outs, 'value') === Number(approximateTxFee));
 
-  const plainUserKey = this.bitgo.decrypt({ password: params.walletPassphrase, input: params.userKey });
+  const plainUserKey = await this.bitgo.decryptAsync({ password: params.walletPassphrase, input: params.userKey });
   const halfSignedTx = await this.signTransaction({ ...unsignedTx, signingKey: plainUserKey });
 
   return await this.sendTransaction({
diff --git a/modules/sdk-coin-eos/src/eos.ts b/modules/sdk-coin-eos/src/eos.ts
@@ -20,7 +20,7 @@ import {
   BitGoBase,
   checkKrsProvider,
   Environments,
-  getBip32Keys,
+  getBip32KeysAsync,
   getIsKrsRecovery,
   getIsUnsignedSweep,
   HalfSignedAccountTransaction as BaseHalfSignedTransaction,
@@ -905,7 +905,7 @@ export class Eos extends BaseCoin {
       throw new Error('Invalid destination address!');
     }
 
-    const keys = getBip32Keys(this.bitgo, params, { requireBitGoXpub: false });
+    const keys = await getBip32KeysAsync(this.bitgo, params, { requireBitGoXpub: false });
 
     const rootAddressDetails = this.getAddressDetails(params.rootAddress);
     const account = await this.getAccountFromNode({ address: rootAddressDetails.address });
diff --git a/modules/sdk-coin-icp/src/icp.ts b/modules/sdk-coin-icp/src/icp.ts
@@ -409,7 +409,8 @@ export class Icp extends BaseCoin {
         ({ userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
           userKey,
           backupKey,
-          params.walletPassphrase
+          params.walletPassphrase,
+          this.bitgo
         ));
         publicKey = MPC.deriveUnhardened(commonKeyChain, ROOT_PATH).slice(0, 66);
       } else {
diff --git a/modules/sdk-coin-rune/src/rune.ts b/modules/sdk-coin-rune/src/rune.ts
@@ -167,7 +167,8 @@ export class Rune extends CosmosCoin {
     const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
       userKey,
       backupKey,
-      params.walletPassphrase
+      params.walletPassphrase,
+      this.bitgo
     ); // baseAddress is not extracted
     // Step 3: Instantiate the ECDSA signer and fetch the address details
     const MPC = new Ecdsa();
diff --git a/modules/sdk-coin-stx/src/stx.ts b/modules/sdk-coin-stx/src/stx.ts
@@ -4,7 +4,7 @@ import {
   BaseTransaction,
   BitGoBase,
   Environments,
-  getBip32Keys,
+  getBip32KeysAsync,
   getIsUnsignedSweep,
   KeyPair,
   MethodNotImplementedError,
@@ -701,7 +701,7 @@ export class Stx extends BaseCoin {
       }
     }
     const isUnsignedSweep = getIsUnsignedSweep(params);
-    const keys = getBip32Keys(this.bitgo, params, { requireBitGoXpub: true });
+    const keys = await getBip32KeysAsync(this.bitgo, params, { requireBitGoXpub: true });
     const rootAddressDetails = getAddressDetails(params.rootAddress);
     const [accountBalanceData, accountNonceData] = await Promise.all([
       this.getNativeStxBalanceFromNode({ address: rootAddressDetails.address }),
diff --git a/modules/sdk-coin-tempo/src/tempo.ts b/modules/sdk-coin-tempo/src/tempo.ts
@@ -492,7 +492,8 @@ export class Tempo extends AbstractEthLikeNewCoins {
     const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
       userKey,
       backupKey,
-      params.walletPassphrase
+      params.walletPassphrase,
+      this.bitgo
     );
 
     const MPC = new Ecdsa();
diff --git a/modules/sdk-coin-trx/src/trx.ts b/modules/sdk-coin-trx/src/trx.ts
@@ -10,7 +10,7 @@ import {
   BaseCoin,
   BitGoBase,
   common,
-  getBip32Keys,
+  getBip32KeysAsync,
   getIsKrsRecovery,
   getIsUnsignedSweep,
   KeyPair,
@@ -848,7 +848,7 @@ export class Trx extends BaseCoin {
     }
 
     // get our user, backup keys
-    const keys = getBip32Keys(this.bitgo, params, { requireBitGoXpub: false });
+    const keys = await getBip32KeysAsync(this.bitgo, params, { requireBitGoXpub: false });
 
     // we need to decode our bitgoKey to a base58 address
     const bitgoHexAddr = this.pubToHexAddress(this.xpubToUncompressedPub(params.bitgoKey));
@@ -1032,7 +1032,7 @@ export class Trx extends BaseCoin {
       );
     }
 
-    const keys = getBip32Keys(this.bitgo, params, { requireBitGoXpub: false });
+    const keys = await getBip32KeysAsync(this.bitgo, params, { requireBitGoXpub: false });
     const baseAddrHex = this.pubToHexAddress(this.xpubToUncompressedPub(params.bitgoKey));
 
     const txnsBatch: RecoveryTransaction[] = [];
diff --git a/modules/sdk-coin-vet/src/vet.ts b/modules/sdk-coin-vet/src/vet.ts
@@ -415,7 +415,8 @@ export class Vet extends BaseCoin {
         ({ userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
           userKey,
           backupKey,
-          params.walletPassphrase
+          params.walletPassphrase,
+          this.bitgo
         ));
         publicKey = MPC.deriveUnhardened(commonKeyChain, 'm/0').slice(0, 66);
       }
@@ -763,7 +764,8 @@ export class Vet extends BaseCoin {
         ({ userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
           userKey,
           backupKey,
-          params.walletPassphrase
+          params.walletPassphrase,
+          this.bitgo
         ));
         publicKey = MPC.deriveUnhardened(commonKeyChain, 'm/0').slice(0, 66);
       }
diff --git a/modules/sdk-coin-xrp/src/xrp.ts b/modules/sdk-coin-xrp/src/xrp.ts
@@ -11,7 +11,7 @@ import {
   BaseCoin,
   BitGoBase,
   checkKrsProvider,
-  getBip32Keys,
+  getBip32KeysAsync,
   InvalidAddressError,
   KeyPair,
   MethodNotImplementedError,
@@ -552,7 +552,7 @@ export class Xrp extends BaseCoin {
       throw new Error('Invalid destination address!');
     }
 
-    const keys = getBip32Keys(this.bitgo, params, { requireBitGoXpub: false });
+    const keys = await getBip32KeysAsync(this.bitgo, params, { requireBitGoXpub: false });
 
     const { addressDetails, feeDetails, serverDetails, accountLines } = await promiseProps({
       addressDetails: this.bitgo.post(rippledUrl).send(accountInfoParams),
diff --git a/modules/sdk-core/src/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts b/modules/sdk-core/src/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts
diff --git a/modules/sdk-core/test/unit/bitgo/utils/tss/baseTSSUtils.ts b/modules/sdk-core/test/unit/bitgo/utils/tss/baseTSSUtils.ts
diff --git a/modules/sdk-core/test/unit/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts b/modules/sdk-core/test/unit/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`import { BIP32, CoinName, fixedScriptWallet, address as wasmAddress } from '@bitgo/wasm-utxo';`
	`2`	`+import { decryptAsync } from '@bitgo/sdk-api';`
`2`	`3`	`import { BitGoBase, IWallet, Keychain, Triple, Wallet } from '@bitgo/sdk-core';`
`3`		`-import { decrypt } from '@bitgo/sdk-api';`
`4`	`4`
`5`	`5`	`import { AbstractUtxoCoin, TransactionInfo } from '../abstractUtxoCoin';`
`6`	`6`	`import { signAndVerifyPsbt } from '../transaction/fixedScript/signTransaction';`
`@@ -313,7 +313,7 @@ async function getPrv(xprv?: string, passphrase?: string, wallet?: IWallet \| Wal`
`313`	`313`	`encryptedPrv = (await (wallet as WalletV1).getEncryptedUserKeychain()).encryptedXprv;`
`314`	`314`	`}`
`315`	`315`
`316`		`- return getPrv(decrypt(passphrase, encryptedPrv));`
	`316`	`+ return getPrv(await decryptAsync(passphrase, encryptedPrv));`
`317`	`317`	`}`
`318`	`318`
`319`	`319`	`/**`