backend/btc: use PSBT as the internal format for passing unsigned tx

PSBT BIP: https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki

bitbox02-api-go now has a `BTCSignPSBT()` function, which simplifies
the signing code in the app significantly.

Benefits include:
- Standardized, so easier for devs to understand and maintain
- Future-proofing (interopable, extensible)
- Clear lifecycle:
  - Create (unsigned)
  - Update (add metadata)
  - Sign (BitBox)
  - Extract (create sigscripts and witnesses, create final signed tx)

The btcd/psbt lib is used and contains a function to extract the tx,
which makes our own functions to create sigscripts/witnesses
redundant.

godot is removed as a linter b/c of false positives and it not being
worth wasting time over not finishing a docstring with a dot.

Author: benma

.golangci.yml

@@ -120,6 +120,7 @@ linters:
     - predeclared
     - tenv
     - recvcheck
+    - godot
   disable-all: false
 
 issues:

backend/coins/btc/addresses/address.go

@@ -21,7 +21,6 @@ import (
 	"github.com/BitBoxSwiss/bitbox-wallet-app/backend/coins/btc/types"
 	ourbtcutil "github.com/BitBoxSwiss/bitbox-wallet-app/backend/coins/btc/util"
 	"github.com/BitBoxSwiss/bitbox-wallet-app/backend/signing"
-	"github.com/BitBoxSwiss/bitbox-wallet-app/util/errp"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcec/v2/schnorr"
 	"github.com/btcsuite/btcd/btcutil"
@@ -38,12 +37,13 @@ type AccountAddress struct {
 
 	// AccountConfiguration is the account level configuration from which this address was derived.
 	AccountConfiguration *signing.Configuration
-	// publicKey is the public key of a single-sig address.
-	publicKey  *btcec.PublicKey
+	// PublicKey is the public key of a single-sig address.
+	PublicKey  *btcec.PublicKey
 	Derivation types.Derivation
 
-	// redeemScript stores the redeem script of a BIP16 P2SH output or nil if address type is P2PKH.
-	redeemScript []byte
+	// redeemScript stores the redeem script of a BIP16 P2SH output or nil if address type is not
+	// P2SH.
+	RedeemScript []byte
 
 	log *logrus.Entry
 }
@@ -116,9 +116,9 @@ func NewAccountAddress(
 	return &AccountAddress{
 		Address:              address,
 		AccountConfiguration: accountConfiguration,
-		publicKey:            publicKey,
+		PublicKey:            publicKey,
 		Derivation:           derivation,
-		redeemScript:         redeemScript,
+		RedeemScript:         redeemScript,
 		log:                  log,
 	}
 }
@@ -128,23 +128,6 @@ func (address *AccountAddress) ID() string {
 	return string(address.PubkeyScriptHashHex())
 }
 
-// BIP352Pubkey returns the pubkey used for silent payments:
-// - 33 byte compressed public key for p2pkh, p2wpkh, p2wpkh-p2sh.
-// - 32 byte x-only public key for p2tr
-// See https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki#user-content-Inputs_For_Shared_Secret_Derivation.
-func (address *AccountAddress) BIP352Pubkey() ([]byte, error) {
-	publicKey := address.publicKey
-	switch address.AccountConfiguration.ScriptType() {
-	case signing.ScriptTypeP2PKH, signing.ScriptTypeP2WPKHP2SH, signing.ScriptTypeP2WPKH:
-		return publicKey.SerializeCompressed(), nil
-	case signing.ScriptTypeP2TR:
-		outputKey := txscript.ComputeTaprootKeyNoScript(publicKey)
-		return schnorr.SerializePubKey(outputKey), nil
-	default:
-		return nil, errp.New("unsupported script type for silent payments")
-	}
-}
-
 // EncodeForHumans implements accounts.Address.
 func (address *AccountAddress) EncodeForHumans() string {
 	return address.EncodeAddress()
@@ -180,7 +163,7 @@ func (address *AccountAddress) ScriptForHashToSign() (bool, []byte) {
 	case signing.ScriptTypeP2PKH:
 		return false, address.PubkeyScript()
 	case signing.ScriptTypeP2WPKHP2SH:
-		return true, address.redeemScript
+		return true, address.RedeemScript
 	case signing.ScriptTypeP2WPKH:
 		return true, address.PubkeyScript()
 	default:
@@ -194,7 +177,7 @@ func (address *AccountAddress) ScriptForHashToSign() (bool, []byte) {
 func (address *AccountAddress) SignatureScript(
 	signature types.Signature,
 ) ([]byte, wire.TxWitness) {
-	publicKey := address.publicKey
+	publicKey := address.PublicKey
 	switch address.AccountConfiguration.ScriptType() {
 	case signing.ScriptTypeP2PKH:
 		signatureScript, err := txscript.NewScriptBuilder().
@@ -207,7 +190,7 @@ func (address *AccountAddress) SignatureScript(
 		return signatureScript, nil
 	case signing.ScriptTypeP2WPKHP2SH:
 		signatureScript, err := txscript.NewScriptBuilder().
-			AddData(address.redeemScript).
+			AddData(address.RedeemScript).
 			Script()
 		if err != nil {
 			address.log.WithError(err).Panic("Failed to build segwit signature script.")

backend/coins/btc/addresses/address_export_test.go

@@ -143,7 +143,7 @@ func (s *addressChainTestSuite) TestEnsureAddresses() {
 	s.Require().Len(newAddresses, s.gapLimit)
 	for index, address := range newAddresses {
 		s.Require().Equal(uint32(index), address.AbsoluteKeypath().ToUInt32()[1])
-		s.Require().Equal(getPubKey(index), address.TstPublicKey())
+		s.Require().Equal(getPubKey(index), address.PublicKey)
 	}
 	// Address statuses are still the same, so calling it again won't produce more addresses.
 	addrs, err := s.addresses.EnsureAddresses()

backend/coins/btc/addresses/addresschain_test.go

@@ -28,6 +28,7 @@ import (
 	"github.com/BitBoxSwiss/bitbox-wallet-app/backend/signing"
 	"github.com/BitBoxSwiss/bitbox-wallet-app/util/errp"
 	"github.com/btcsuite/btcd/btcutil"
+	"github.com/btcsuite/btcd/btcutil/psbt"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
@@ -49,8 +50,7 @@ type TxProposal struct {
 	// Amount is the amount that is sent out. The fee is not included and is deducted on top.
 	Amount btcutil.Amount
 	// Fee is the mining fee used.
-	Fee         btcutil.Amount
-	Transaction *wire.MsgTx
+	Fee btcutil.Amount
 	// ChangeAddress is the address of the wallet to which the change of the transaction is sent.
 	ChangeAddress   *addresses.AccountAddress
 	PreviousOutputs PreviousOutputs
@@ -60,11 +60,12 @@ type TxProposal struct {
 	SilentPaymentAddress string
 	// OutIndex is the index of the output we send to.
 	OutIndex int
+	Psbt     *psbt.Packet
 }
 
 // SigHashes computes the hashes cache to speed up per-input sighash computations.
 func (txProposal *TxProposal) SigHashes() *txscript.TxSigHashes {
-	return txscript.NewTxSigHashes(txProposal.Transaction, txProposal.PreviousOutputs)
+	return txscript.NewTxSigHashes(txProposal.Psbt.UnsignedTx, txProposal.PreviousOutputs)
 }
 
 // Total is amount+fee.
@@ -209,15 +210,19 @@ func NewTxSpendAll(
 	log.WithField("fee", maxRequiredFee).Debug("Preparing transaction to spend all outputs")
 
 	setRBF(coin, unsignedTransaction)
+	psbt, err := psbt.NewFromUnsignedTx(unsignedTransaction)
+	if err != nil {
+		return nil, err
+	}
 	return &TxProposal{
 		Coin:                 coin,
 		Amount:               btcutil.Amount(output.Value),
 		Fee:                  maxRequiredFee,
-		Transaction:          unsignedTransaction,
 		PreviousOutputs:      spendableOutputs,
 		SilentPaymentAddress: outputInfo.silentPaymentAddress,
 		// Only one output in send-all
 		OutIndex: 0,
+		Psbt:     psbt,
 	}, nil
 }
 
@@ -307,15 +312,20 @@ func NewTx(
 		}
 
 		setRBF(coin, unsignedTransaction)
+		psbt, err := psbt.NewFromUnsignedTx(unsignedTransaction)
+		if err != nil {
+			return nil, err
+		}
+
 		return &TxProposal{
 			Coin:                 coin,
 			Amount:               targetAmount,
 			Fee:                  finalFee,
-			Transaction:          unsignedTransaction,
 			ChangeAddress:        changeAddress,
 			PreviousOutputs:      previousOutputs,
 			SilentPaymentAddress: outputInfo.silentPaymentAddress,
 			OutIndex:             outIndex,
+			Psbt:                 psbt,
 		}, nil
 	}
 }

backend/coins/btc/maketx/maketx.go

@@ -165,7 +165,7 @@ func (s *newTxSuite) check(
 		s.Require().NoError(err)
 	}
 
-	tx := txProposal.Transaction
+	tx := txProposal.Psbt.UnsignedTx
 
 	// Check invariants independent of the particular coin selection algorithm.
 	s.Require().Equal(s.coin, txProposal.Coin)