update bitcoinjs-lib to the latest version

Summary:
update bitcoinjs-lib to the latest version

- Remove our fork of bitcoinjs-lib and update the SDK to use the most recent
  version of bitcoinjs-lib.

- Add some dependencies (the same as used by bitcoinjs-lib) that are not
  exposed by bitcoinjs-lib, but necessary for some functionality (bs58,
  b58check, bigi).

- No longer expose bitcoinjs-lib classes like Address, ECKey, etc., since we
  cannot be responsible for maintaining bitcoinjs-lib's API. If a tool using
  our SDK needs bitcoinjs-lib functionality, it should include bitcoinjs-lib
  separately.

- Rename main network from "prod" to "bitcoin" to be compatible with
  bitcoinjs-lib. Note that this is a backwards-incompatible change, so anyone
  using the setNetwork or getNetwork features of the SDK will need to change
  this.

- Updated version number to 0.10.0, since this is an API-breaking change due to
  the removal of the now-obsolete bitcoinjs-lib from the exposures and changing
  of network name. (Although all of the BitGo-specific API stuff is still the
  same.)

- Update the recover wallet example to link to use the new bitcoinjs-lib (and
  confirmed to work on testnet).

- Updated the random number generator to use only node's (cryptographically
  secure) RNG, or the the browser's (cryptographically secure) window.crypto
  RNG (which is what browserify uses when browserifying node's RNG).  Fail
  otherwise.  Attempting to compensate for a poor RNG is futile - we should
  only support platforms that have a good RNG.

Reviewers: mike, benchan, ben

Reviewed By: benchan, ben

Subscribers: ben

Differential Revision: https://phabricator.bitgo.com/D831

Author: Ryan X. Charles

example/recoverwallet.js

@@ -9,6 +9,14 @@
 
 var BitGoJS = require('../src/index.js');
 var readline = require('readline');
+var HDNode = require('../src/hdnode');
+var Address = require('bitcoinjs-lib/src/address');
+var Script = require('bitcoinjs-lib/src/script');
+var Scripts = require('bitcoinjs-lib/src/scripts');
+var Transaction = require('bitcoinjs-lib/src/transaction');
+var TransactionBuilder = require('bitcoinjs-lib/src/transaction_builder');
+var networks = require('bitcoinjs-lib/src/networks');
+var Util = require('../src/util');
 var Q = require('q');
 
 var chain = require('chain-node');   // Use chain.com as our alternate blockchain api provider
@@ -23,7 +31,7 @@ var bitgoKey;          // The BIP32 xpub for the bitgo public key
 var subAddresses = {}; // A map of addresses containing funds to recover
 var unspents;          // The unspents from the HD wallet
 var transaction;       // The transaction to send
-var bitcoinNetwork = 'prod';
+var bitcoinNetwork = 'bitcoin';
 
 var info = '\n' +
 '**********************************\n' +
@@ -36,7 +44,6 @@ var info = '\n' +
 'Please enter a blank line after each input.\n';
 console.log(info);
 
-
 //
 // collectInputs
 // Function to asynchronously collect inputs for the recovery tool.
@@ -114,7 +121,7 @@ var decryptKeys = function() {
            throw new Error('must be xprv key');
          }
        }
-       return new BitGoJS.BIP32(key);
+       return HDNode.fromBase58(key);
     } catch(e) {
       throw new Error('invalid key: ' + e);
     }
@@ -168,11 +175,12 @@ var findBaseAddress = function() {
 
     for (var key in keys) {
       var keyData = keys[key];
-      keyData.derived = keyData.key.derive(keyData.path);
-      keyData.derivedPubKey = keyData.derived.eckey.getPub();
+      keyData.derived = keyData.key.deriveFromPath(keyData.path);
+      keyData.derivedPubKey = keyData.derived.pubKey;
       pubKeys.push(keyData.derivedPubKey);
     }
-    var baseAddress = BitGoJS.Address.createMultiSigAddress(pubKeys, 2);
+    var network = BitGoJS.getNetwork() === 'bitcoin' ? networks.bitcoin : networks.testnet;
+    var baseAddress = Address.fromOutputScript(Util.p2shMultisigOutputScript(2, pubKeys), network).toBase58Check();
 
     console.log("\tTrying address: " + baseAddress);
     chain.getAddress(baseAddress, function(err, data) {
@@ -280,13 +288,14 @@ var findSubAddresses = function(baseAddress) {
     for (var key in baseAddress.keys) {
       var keyData = baseAddress.keys[key];
       var path = keyData.path + '/' + keyIndex + '/' + addressIndex;
-      keyData.derived = keyData.key.derive(path);
-      keyData.derivedPubKey = keyData.derived.eckey.getPub();
+      keyData.derived = keyData.key.deriveFromPath(path);
+      keyData.derivedPubKey = keyData.derived.pubKey;
       pubKeys.push(keyData.derivedPubKey);
     }
 
-    var subAddress = BitGoJS.Address.createMultiSigAddress(pubKeys, 2);
-    var subAddressString = subAddress.toString();
+    var network = BitGoJS.getNetwork() === 'bitcoin' ? networks.bitcoin : networks.testnet;
+    var redeemScript = Scripts.multisigOutput(2, pubKeys);
+    var subAddressString = Address.fromOutputScript(Util.p2shMultisigOutputScript(2, pubKeys), network).toBase58Check();
 
     console.log("Trying keyIndex " + keyIndex + " addressIndex " + addressIndex + ": " + subAddressString + "...");
     chain.getAddress(subAddressString, function(err, data) {
@@ -297,15 +306,15 @@ var findSubAddresses = function(baseAddress) {
         lookahead = 0;
         console.log('\tfound: ' + data.balance + ' at ' + subAddressString);
         subAddresses[subAddressString] = {
-          address: subAddress,
+          address: subAddressString,
           keyIndex: keyIndex,
           addressIndex: addressIndex,
           keys: [
             { key: baseAddress.keys[0].derived, path: baseAddress.keys[0].path + '/' + keyIndex + '/' + addressIndex },
             { key: baseAddress.keys[1].derived, path: baseAddress.keys[1].path + '/' + keyIndex + '/' + addressIndex },
             { key: baseAddress.keys[2].derived, path: baseAddress.keys[2].path + '/' + keyIndex + '/' + addressIndex },
           ],
-          redeemScript: BitGoJS.Util.bytesToHex(subAddress.redeemScript)
+          redeemScript: redeemScript.toBuffer().toString('hex')
         };
       } else {
         if (++lookahead >= MAX_LOOKAHEAD_ADDRESSES) {
@@ -358,22 +367,23 @@ var findUnspents = function() {
 
 var createTransaction = function() {
   var totalValue = 0;
-  transaction = new BitGoJS.Transaction();
+  transaction = new Transaction();
 
   // Add the inputs
   for (var index in unspents) {
     var unspent = unspents[index];
-    transaction.addInput(new BitGoJS.TransactionIn({
-      outpoint: { hash: unspent.transaction_hash, index: unspent.output_index },
-      script: new BitGoJS.Script(unspent.script_hex),
-      sequence: 4294967295
-    }));
+    var hash = new Buffer(unspent.transaction_hash, 'hex');
+    hash = new Buffer(Array.prototype.reverse.call(hash));
+    var index = unspent.output_index;
+    var script = Script.fromHex(unspent.script_hex);
+    var sequence = 0xffffffff;
+    transaction.addInput(hash, index, sequence, script);
     totalValue += unspent.value;
   }
 
   // Note:  we haven't signed the inputs yet.  When we sign them, the transaction will grow by
   //        about 232 bytes per input (2 sigs + redeemscript + misc)
-  var approximateSize = transaction.serialize().length + (232 * unspents.length);
+  var approximateSize = transaction.toBuffer().length + (232 * unspents.length);
   var approximateFee = ((Math.floor(approximateSize / 1024)) + 1) * 0.0001 * 1e8;
   if (approximateFee > totalValue) {
     throw new Error("Insufficient funds to recover (Have your transactions confirmed yet?)");
@@ -384,22 +394,32 @@ var createTransaction = function() {
   console.log("Fee: " + approximateFee / 1e8 + "BTC");
 
   // Create the output
-  transaction.addOutput(new BitGoJS.Address(inputs.destination), totalValue);
+  var script = Address.fromBase58Check(inputs.destination).toOutputScript();
+  transaction.addOutput(Address.fromBase58Check(inputs.destination), totalValue);
+
+  var txb = TransactionBuilder.fromTransaction(transaction);
 
   for (index in unspents) {
+    index = parseInt(index);
     var unspent = unspents[index];
-    var redeemScript = new BitGoJS.Script(unspent.redeemScript);
+    var redeemScript = Script.fromHex(unspent.redeemScript);
 
-    console.log("Signing input " + (parseInt(index) + 1) + " of " + unspents.length);
+    console.log("Signing input " + (index + 1) + " of " + unspents.length);
 
-    if (!transaction.signMultiSigWithKey(index, unspent.keys[0].key.eckey, redeemScript)) {
-      throw new Error('Signature failure for user key');
+    try {
+      txb.sign(index, unspent.keys[0].key.privKey, redeemScript);
+    } catch (e) {
+      throw new Error('Signature failure for user key: ' + e);
     }
-    if (!transaction.signMultiSigWithKey(index, unspent.keys[1].key.eckey, redeemScript)) {
-      throw new Error('Signature failure for backup key');
+    try {
+      txb.sign(index, unspent.keys[1].key.privKey, redeemScript);
+    } catch (e) {
+      throw new Error('Signature failure for backup key: ' + e);
     }
   }
 
+  transaction = txb.build();
+
   return Q.when();
 };
 
@@ -408,7 +428,7 @@ var createTransaction = function() {
 // Actually send the fully created transaction to the bitcoin network.
 //
 var sendTransaction = function() {
-  var tx = BitGoJS.Util.bytesToHex(transaction.serialize());
+  var tx = transaction.toBuffer().toString('hex');
 
   console.log("Sending transaction: " + tx);
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "bitgo",
-  "version": "0.9.26",
+  "version": "0.10.0",
   "description": "BitGo Javascript SDK",
   "main": "./src/index.js",
   "keywords": [
@@ -44,9 +44,13 @@
     "compile": "./node_modules/.bin/browserify ./src/index.js -s Bitcoin | ./node_modules/.bin/uglifyjs > BitGoJS-min.js",
     "compile-dbg": "./node_modules/.bin/browserify ./src/index.js -s Bitcoin | ./node_modules/.bin/uglifyjs --beautify > BitGoJS.js",
     "test": "npm run-script unit",
-    "unit": "./node_modules/.bin/istanbul test ./node_modules/.bin/_mocha -- --timeout 10000 --reporter list test/*.js test/bitcoin/*.js"
+    "unit": "./node_modules/.bin/istanbul test ./node_modules/.bin/_mocha -- --timeout 10000 --reporter list test/*.js"
   },
   "dependencies": {
+    "bitcoinjs-lib": "1.5.4",
+    "bs58": "2.0.1",
+    "bs58check": "1.0.4",
+    "bigi": "1.4.0",
     "chain-node": "0.0.17",
     "minimist": "0.2.0",
     "superagent": "0.18.0",