fix(sdk-core): address PR review comments on EdDSA MPCv2 key gen

- Re-export EddsaMPCv2KeyGenSendFn, KeyGenSenderForEnterprise, and MPCv2
  types from eddsa index to match ECDSA export pattern
- Add reducedEncryptedPrv round-trip assertions to createParticipantKeychain
  tests to catch regressions in btoa browser-safe encoding path
- Seed bitgoMPCv2PublicGpgKey in fallback test to fix fire-and-forget
  constructor race with beforeEach nock setup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

TICKET: WCI-5

Author: Marzooqa

modules/bitgo/test/v2/unit/internal/tssUtils/eddsaMPCv2/createKeychains.ts

@@ -159,11 +159,26 @@ describe('TSS EdDSA MPCv2 Utils:', async function () {
       ({ ...userKeychain, reducedEncryptedPrv: '' }).should.deepEqual(nockedUserKeychain);
       ({ ...backupKeychain, reducedEncryptedPrv: '' }).should.deepEqual(nockedBackupKeychain);
       ({ ...bitgoKeychain, reducedEncryptedPrv: '' }).should.deepEqual(nockedBitGoKeychain);
+
+      // reducedEncryptedPrv must round-trip: decrypting with the passphrase should recover
+      // the browser-safe btoa encoding of the original reduced private material.
+      const encodeReduced = (buf: Buffer) => btoa(String.fromCharCode.apply(null, Array.from(new Uint8Array(buf))));
+
+      assert.ok(userKeychain.reducedEncryptedPrv);
+      assert.equal(
+        bitgo.decrypt({ input: userKeychain.reducedEncryptedPrv, password: 'passphrase' }),
+        encodeReduced(Buffer.from('userReduced'))
+      );
+      assert.ok(backupKeychain.reducedEncryptedPrv);
+      assert.equal(
+        bitgo.decrypt({ input: backupKeychain.reducedEncryptedPrv, password: 'passphrase' }),
+        encodeReduced(Buffer.from('backupReduced'))
+      );
     });
 
     it('should reject when BitGo PGP signature on round 1 response is invalid', async function () {
       nock(bgUrl)
-        .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPS-R1')
+        .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R1')
         .once()
         .reply(200, {
           sessionId: 'bad-session',
@@ -175,6 +190,111 @@ describe('TSS EdDSA MPCv2 Utils:', async function () {
 
       await assert.rejects(tssUtils.createKeychains({ passphrase: 'test', enterprise: enterpriseId }));
     });
+
+    it('should reject when BitGo PGP signature on round 2 response is invalid', async function () {
+      const bitgoSession = new EddsaMPSDkg.DKG(3, 2, 2);
+      const bitgoState: { msg2?: MPSTypes.DeserializedMessage } = {};
+      await nockMPSKeyGenRound1(bitgoSession, bitgoState, 1);
+
+      nock(bgUrl)
+        .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R2')
+        .once()
+        .reply(200, {
+          sessionId: 'test-session-id',
+          commonPublicKey: 'a'.repeat(64),
+          bitgoMsg2: {
+            message: Buffer.from('garbage').toString('base64'),
+            signature: '-----BEGIN PGP SIGNATURE-----\nFAKE\n-----END PGP SIGNATURE-----',
+          },
+        });
+
+      await assert.rejects(tssUtils.createKeychains({ passphrase: 'test', enterprise: enterpriseId }));
+    });
+
+    it('should reject when session IDs from round 1 and round 2 do not match', async function () {
+      const bitgoSession = new EddsaMPSDkg.DKG(3, 2, 2);
+      const bitgoState: { msg2?: MPSTypes.DeserializedMessage } = {};
+      await nockMPSKeyGenRound1(bitgoSession, bitgoState, 1);
+
+      nock(bgUrl)
+        .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R2')
+        .once()
+        .reply(200, {
+          sessionId: 'different-session-id',
+          commonPublicKey: 'a'.repeat(64),
+          bitgoMsg2: { message: '', signature: '' },
+        });
+
+      await assert.rejects(
+        tssUtils.createKeychains({ passphrase: 'test', enterprise: enterpriseId }),
+        /Round 1 and round 2 session IDs do not match/
+      );
+    });
+
+    it('should reject when commonPublicKey from BitGo does not match the locally computed key', async function () {
+      const bitgoSession = new EddsaMPSDkg.DKG(3, 2, 2);
+      const bitgoState: { msg2?: MPSTypes.DeserializedMessage } = {};
+      await nockMPSKeyGenRound1(bitgoSession, bitgoState, 1);
+
+      nock(bgUrl)
+        .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R2')
+        .once()
+        .reply(200, async (_uri, { payload }: { payload: EddsaMPCv2KeyGenRound2Request }) => {
+          const { userMsg2, backupMsg2 } = payload;
+          assert.ok(bitgoState.msg2, 'BitGo round-2 message missing — round-1 nock must run first');
+
+          const userDeserMsg2: MPSTypes.DeserializedMessage = {
+            from: 0,
+            payload: new Uint8Array(Buffer.from(userMsg2.message, 'base64')),
+          };
+          const backupDeserMsg2: MPSTypes.DeserializedMessage = {
+            from: 1,
+            payload: new Uint8Array(Buffer.from(backupMsg2.message, 'base64')),
+          };
+          bitgoSession.handleIncomingMessages([userDeserMsg2, backupDeserMsg2, bitgoState.msg2]);
+
+          return {
+            sessionId: 'test-session-id',
+            commonPublicKey: 'fakefakeee'.repeat(8), // mutated — will not match user/backup computed key
+            bitgoMsg2: await MPSComms.detachSignMpsMessage(Buffer.from(bitgoState.msg2.payload), bitgoPrvKeyObj),
+          };
+        });
+
+      await assert.rejects(
+        tssUtils.createKeychains({ passphrase: 'test', enterprise: enterpriseId }),
+        /does not match BitGo common public key/
+      );
+    });
+
+    it('should reject when BitGo GPG public key does not match known keys in prod/test envs', async function () {
+      // Use a staging env so envRequiresBitgoPubGpgKeyConfig returns true
+      const stagingBitgo = TestBitGo.decorate(BitGo, { env: 'staging' });
+      stagingBitgo.initializeTestVars();
+      const stagingBaseCoin = stagingBitgo.coin(coinName);
+      const stagingBgUrl = common.Environments[stagingBitgo.getEnv()].uri;
+      const stagingWallet = new Wallet(stagingBitgo, stagingBaseCoin, {
+        id: walletId,
+        enterprise: enterpriseId,
+        coin: coinName,
+        coinSpecific: {},
+        multisigType: 'tss',
+      });
+      const stagingTssUtils = new EDDSAUtils.EddsaMPCv2Utils(stagingBitgo, stagingBaseCoin, stagingWallet);
+
+      // Return a key that is NOT in the hardcoded BitGo MPC v2 key list
+      nock(stagingBgUrl).get(`/api/v2/${coinName}/tss/pubkey`).query({ enterpriseId }).reply(200, {
+        name: 'irrelevant',
+        publicKey: bitgoGpgKeyPair.publicKey,
+        mpcv2PublicKey: bitgoGpgKeyPair.publicKey,
+        enterpriseId,
+      });
+      nock(stagingBgUrl).get('/api/v1/client/constants').reply(200, { ttl: 3600, constants });
+
+      await assert.rejects(
+        stagingTssUtils.createKeychains({ passphrase: 'test', enterprise: enterpriseId }),
+        /Invalid BitGo GPG public key/
+      );
+    });
   });
 
   // ---------------------------------------------------------------------------
@@ -202,7 +322,7 @@ describe('TSS EdDSA MPCv2 Utils:', async function () {
     times = 1
   ) {
     return nock(bgUrl)
-      .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPS-R1')
+      .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R1')
       .times(times)
       .reply(200, async (_uri, { payload }: { payload: EddsaMPCv2KeyGenRound1Request }) => {
         const { userGpgPublicKey, backupGpgPublicKey, userMsg1, backupMsg1 } = payload;
@@ -211,15 +331,9 @@ describe('TSS EdDSA MPCv2 Utils:', async function () {
         const userPubKeyObj = await openpgp.readKey({ armoredKey: userGpgPublicKey });
         const backupPubKeyObj = await openpgp.readKey({ armoredKey: backupGpgPublicKey });
 
-        const userPk = Buffer.from(
-          ((await userPubKeyObj.getEncryptionKey()).keyPacket.publicParams as { Q: Uint8Array }).Q
-        ).subarray(1);
-        const backupPk = Buffer.from(
-          ((await backupPubKeyObj.getEncryptionKey()).keyPacket.publicParams as { Q: Uint8Array }).Q
-        ).subarray(1);
-        const bitgoSk = Buffer.from(
-          ((await bitgoPrvKeyObj.getDecryptionKeys())[0].keyPacket.privateParams as { d: Uint8Array }).d
-        ).reverse();
+        const userPk = await MPSComms.extractEd25519PublicKey(userPubKeyObj);
+        const backupPk = await MPSComms.extractEd25519PublicKey(backupPubKeyObj);
+        const [, bitgoSk] = await MPSComms.extractEd25519KeyPair(bitgoPrvKeyObj);
 
         bitgoSession.initDkg(bitgoSk, [userPk, backupPk]);
         const bitgoRawMsg1 = bitgoSession.getFirstMessage();
@@ -252,7 +366,7 @@ describe('TSS EdDSA MPCv2 Utils:', async function () {
     times = 1
   ) {
     return nock(bgUrl)
-      .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPS-R2')
+      .post('/api/v2/mpc/generatekey', (body) => body.round === 'MPCv2-R2')
       .times(times)
       .reply(200, async (_uri, { payload }: { payload: EddsaMPCv2KeyGenRound2Request }) => {
         const { sessionId, userMsg2, backupMsg2 } = payload;

modules/sdk-core/src/bitgo/utils/tss/eddsa/eddsaMPCv2.ts

@@ -6,18 +6,17 @@ import {
   EddsaMPCv2KeyGenRound1Response,
   EddsaMPCv2KeyGenRound2Request,
   EddsaMPCv2KeyGenRound2Response,
+  MPCv2KeyGenStateEnum,
+  MPCv2PartyFromStringOrNumber,
 } from '@bitgo/public-types';
 import { EddsaMPSDkg, MPSComms, MPSTypes } from '@bitgo/sdk-lib-mpc';
 import { KeychainsTriplet } from '../../../baseCoin';
 import { AddKeychainOptions, Keychain, KeyType } from '../../../keychain';
-import { envRequiresBitgoPubGpgKeyConfig } from '../../../tss/bitgoPubKeys';
+import { envRequiresBitgoPubGpgKeyConfig, isBitgoMpcPubKey } from '../../../tss/bitgoPubKeys';
+import { generateGPGKeyPair } from '../../opengpgUtils';
 import { MPCv2PartiesEnum } from '../ecdsa/typesMPCv2';
 import { BaseEddsaUtils } from './base';
-import { MPSKeyGenSenderForEnterprise } from './eddsaMPCv2KeyGenSender';
-
-/** Round identifiers sent in the `round` field of each API request */
-const MPS_ROUND_1 = 'MPS-R1';
-const MPS_ROUND_2 = 'MPS-R2';
+import { EddsaMPCv2KeyGenSendFn, KeyGenSenderForEnterprise } from './eddsaMPCv2KeyGenSender';
 
 export class EddsaMPCv2Utils extends BaseEddsaUtils {
   /** @inheritdoc */
@@ -26,52 +25,28 @@ export class EddsaMPCv2Utils extends BaseEddsaUtils {
     enterprise: string;
     originalPasscodeEncryptionCode?: string;
   }): Promise<KeychainsTriplet> {
-    const userKey = await pgp.generateKey({
-      curve: 'ed25519',
-      userIDs: [{ name: 'user <user@localhost>' }],
-      subkeys: [{ sign: true }, { sign: false }],
-      format: 'object',
-    });
-    const userGpgKey = userKey.privateKey;
-    const userGpgPublicKey = await userKey.publicKey.armor();
-    const userPk = Buffer.from(
-      ((await userGpgKey.getEncryptionKey()).keyPacket.publicParams as { Q: Uint8Array }).Q
-    ).subarray(1);
-    const userSk = Buffer.from(
-      ((await userGpgKey.getEncryptionKey()).keyPacket as unknown as { privateParams: { d: Uint8Array } }).privateParams
-        .d
-    ).reverse();
-
-    const backupKey = await pgp.generateKey({
-      curve: 'ed25519',
-      userIDs: [{ name: 'backup <backup@localhost>' }],
-      subkeys: [{ sign: true }, { sign: false }],
-      format: 'object',
-    });
-    const backupGpgKey = backupKey.privateKey;
-    const backupGpgPublicKey = await backupKey.publicKey.armor();
-    const backupPk = Buffer.from(
-      ((await backupGpgKey.getEncryptionKey()).keyPacket.publicParams as { Q: Uint8Array }).Q
-    ).subarray(1);
-    const backupSk = Buffer.from(
-      ((await backupGpgKey.getEncryptionKey()).keyPacket as unknown as { privateParams: { d: Uint8Array } })
-        .privateParams.d
-    ).reverse();
-
-    // Get the BitGo public key based on user/enterprise feature flags
-    // If it doesn't work, use the default public key from the constants
-    const bitgoPublicGpgKeyArmored = (
-      (await this.getBitgoGpgPubkeyBasedOnFeatureFlags(params.enterprise, true)) ?? this.bitgoMPCv2PublicGpgKey
-    ).armor();
+    const userKeyPair = await generateGPGKeyPair('ed25519');
+    const userGpgKey = await pgp.readPrivateKey({ armoredKey: userKeyPair.privateKey });
+    const userGpgPublicKey = userKeyPair.publicKey;
+    const [userPk, userSk] = await MPSComms.extractEd25519KeyPair(userGpgKey);
+
+    const backupKeyPair = await generateGPGKeyPair('ed25519');
+    const backupGpgKey = await pgp.readPrivateKey({ armoredKey: backupKeyPair.privateKey });
+    const backupGpgPublicKey = backupKeyPair.publicKey;
+    const [backupPk, backupSk] = await MPSComms.extractEd25519KeyPair(backupGpgKey);
+
+    // Get the BitGo public key based on user/enterprise feature flags;
+    // fall back to the hardcoded MPCv2 public key from constants.
+    const bitgoPublicGpgKey =
+      (await this.getBitgoGpgPubkeyBasedOnFeatureFlags(params.enterprise, true)) ?? this.bitgoMPCv2PublicGpgKey;
+    const bitgoPublicGpgKeyArmored = bitgoPublicGpgKey.armor();
 
     if (envRequiresBitgoPubGpgKeyConfig(this.bitgo.getEnv())) {
-      assert(bitgoPublicGpgKeyArmored, 'BitGo GPG public key is required');
+      assert(isBitgoMpcPubKey(bitgoPublicGpgKeyArmored, 'mpcv2'), 'Invalid BitGo GPG public key');
     }
 
     const bitgoKeyObj = await pgp.readKey({ armoredKey: bitgoPublicGpgKeyArmored });
-    const bitgoPk = Buffer.from(
-      ((await bitgoKeyObj.getEncryptionKey()).keyPacket.publicParams as { Q: Uint8Array }).Q
-    ).subarray(1);
+    const bitgoPk = await MPSComms.extractEd25519PublicKey(bitgoKeyObj);
 
     // Create DKG sessions for user (party 0) and backup (party 1)
     const userDkg = new EddsaMPSDkg.DKG(3, 2, MPCv2PartiesEnum.USER);
@@ -190,7 +165,7 @@ export class EddsaMPCv2Utils extends BaseEddsaUtils {
 
   // #region keychain utils
   async createParticipantKeychain(
-    participantIndex: MPCv2PartiesEnum,
+    participantIndex: MPCv2PartyFromStringOrNumber,
     commonKeychain: string,
     privateMaterial?: Buffer,
     reducedPrivateMaterial?: Buffer,
@@ -286,13 +261,27 @@ export class EddsaMPCv2Utils extends BaseEddsaUtils {
     enterprise: string,
     payload: EddsaMPCv2KeyGenRound1Request
   ): Promise<EddsaMPCv2KeyGenRound1Response> {
-    return MPSKeyGenSenderForEnterprise(this.bitgo, enterprise).round1(MPS_ROUND_1, payload);
+    return this.sendKeyGenerationRound1BySender(KeyGenSenderForEnterprise(this.bitgo, enterprise), payload);
+  }
+
+  async sendKeyGenerationRound1BySender(
+    senderFn: EddsaMPCv2KeyGenSendFn<EddsaMPCv2KeyGenRound1Response>,
+    payload: EddsaMPCv2KeyGenRound1Request
+  ): Promise<EddsaMPCv2KeyGenRound1Response> {
+    return senderFn(MPCv2KeyGenStateEnum['MPCv2-R1'], payload);
   }
 
   async sendKeyGenerationRound2(
     enterprise: string,
     payload: EddsaMPCv2KeyGenRound2Request
   ): Promise<EddsaMPCv2KeyGenRound2Response> {
-    return MPSKeyGenSenderForEnterprise(this.bitgo, enterprise).round2(MPS_ROUND_2, payload);
+    return this.sendKeyGenerationRound2BySender(KeyGenSenderForEnterprise(this.bitgo, enterprise), payload);
+  }
+
+  async sendKeyGenerationRound2BySender(
+    senderFn: EddsaMPCv2KeyGenSendFn<EddsaMPCv2KeyGenRound2Response>,
+    payload: EddsaMPCv2KeyGenRound2Request
+  ): Promise<EddsaMPCv2KeyGenRound2Response> {
+    return senderFn(MPCv2KeyGenStateEnum['MPCv2-R2'], payload);
   }
 }

modules/sdk-core/src/bitgo/utils/tss/eddsa/eddsaMPCv2KeyGenSender.ts

@@ -1,30 +1,25 @@
-import {
-  EddsaMPCv2KeyGenRound1Request,
-  EddsaMPCv2KeyGenRound1Response,
-  EddsaMPCv2KeyGenRound2Request,
-  EddsaMPCv2KeyGenRound2Response,
-  KeyGenTypeEnum,
-} from '@bitgo/public-types';
+import { KeyGenTypeEnum, MPCv2KeyGenState } from '@bitgo/public-types';
 import { BitGoBase } from '../../../bitgoBase';
+import { GenerateEddsaMPCv2KeyRequestBody, GenerateEddsaMPCv2KeyRequestResponse } from './typesEddsaMPCv2';
 
-export type EddsaMPCv2KeyGenSendFn<Req, Res> = (round: string, payload: Req) => Promise<Res>;
+// TODO: move to @bitgo/public-types
+export enum KeyCurveEnum {
+  EdDSA = 'EdDSA',
+}
+
+export type EddsaMPCv2KeyGenSendFn<T extends GenerateEddsaMPCv2KeyRequestResponse> = (
+  round: MPCv2KeyGenState,
+  payload: GenerateEddsaMPCv2KeyRequestBody
+) => Promise<T>;
 
-export function MPSKeyGenSenderForEnterprise(
+export function KeyGenSenderForEnterprise<T extends GenerateEddsaMPCv2KeyRequestResponse>(
   bitgo: BitGoBase,
   enterprise: string
-): {
-  round1: EddsaMPCv2KeyGenSendFn<EddsaMPCv2KeyGenRound1Request, EddsaMPCv2KeyGenRound1Response>;
-  round2: EddsaMPCv2KeyGenSendFn<EddsaMPCv2KeyGenRound2Request, EddsaMPCv2KeyGenRound2Response>;
-} {
-  function send<Req, Res>(round: string, payload: Req): Promise<Res> {
+): EddsaMPCv2KeyGenSendFn<T> {
+  return (round, payload) => {
     return bitgo
       .post(bitgo.url('/mpc/generatekey', 2))
-      .send({ enterprise, type: KeyGenTypeEnum.MPCv2, keyCurve: 'EdDSA', round, payload })
+      .send({ enterprise, type: KeyGenTypeEnum.MPCv2, keyCurve: KeyCurveEnum.EdDSA, round, payload })
       .result();
-  }
-
-  return {
-    round1: (round, payload) => send<EddsaMPCv2KeyGenRound1Request, EddsaMPCv2KeyGenRound1Response>(round, payload),
-    round2: (round, payload) => send<EddsaMPCv2KeyGenRound2Request, EddsaMPCv2KeyGenRound2Response>(round, payload),
   };
 }

modules/sdk-core/src/bitgo/utils/tss/eddsa/index.ts

@@ -14,4 +14,6 @@ export {
   TxRequest,
 } from '../baseTypes';
 
-export { EddsaMPCv2Utils } from './eddsaMPCv2';
+export * from './eddsaMPCv2';
+export * from './eddsaMPCv2KeyGenSender';
+export * from './typesEddsaMPCv2';

modules/sdk-core/src/bitgo/utils/tss/eddsa/typesEddsaMPCv2.ts

@@ -0,0 +1,18 @@
+import * as t from 'io-ts';
+import {
+  EddsaMPCv2KeyGenRound1Request,
+  EddsaMPCv2KeyGenRound1Response,
+  EddsaMPCv2KeyGenRound2Request,
+  EddsaMPCv2KeyGenRound2Response,
+} from '@bitgo/public-types';
+
+export const generateEddsaMPCv2KeyRequestBody = t.union([EddsaMPCv2KeyGenRound1Request, EddsaMPCv2KeyGenRound2Request]);
+
+export type GenerateEddsaMPCv2KeyRequestBody = t.TypeOf<typeof generateEddsaMPCv2KeyRequestBody>;
+
+export const generateEddsaMPCv2KeyRequestResponse = t.union([
+  EddsaMPCv2KeyGenRound1Response,
+  EddsaMPCv2KeyGenRound2Response,
+]);
+
+export type GenerateEddsaMPCv2KeyRequestResponse = t.TypeOf<typeof generateEddsaMPCv2KeyRequestResponse>;