@algorandfoundation/algokit-utils 10.0.0-alpha.39 → 10.0.0-alpha.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/algorand-client-transaction-creator.d.ts +4 -4
- package/algorand-client-transaction-sender.d.ts +4 -4
- package/app-client.d.ts +7 -7
- package/app-factory.d.ts +8 -8
- package/crypto/index.d.ts +4 -3
- package/crypto/index.js +3 -1
- package/crypto/index.mjs +3 -2
- package/package.json +1 -1
- package/packages/crypto/src/ed25519.d.ts +18 -1
- package/packages/crypto/src/ed25519.js.map +1 -1
- package/packages/crypto/src/ed25519.mjs.map +1 -1
- package/packages/crypto/src/hd.d.ts +26 -5
- package/packages/crypto/src/hd.js +17 -32
- package/packages/crypto/src/hd.js.map +1 -1
- package/packages/crypto/src/hd.mjs +18 -32
- package/packages/crypto/src/hd.mjs.map +1 -1
- package/packages/crypto/src/index.d.ts +28 -0
- package/packages/crypto/src/index.js +141 -0
- package/packages/crypto/src/index.js.map +1 -0
- package/packages/crypto/src/index.mjs +138 -0
- package/packages/crypto/src/index.mjs.map +1 -0
|
@@ -568,7 +568,6 @@ declare class AlgorandClientTransactionCreator {
|
|
|
568
568
|
* @returns The application ABI method create transaction
|
|
569
569
|
*/
|
|
570
570
|
appCreateMethodCall: (params: {
|
|
571
|
-
appId?: 0 | undefined;
|
|
572
571
|
sender: SendingAddress;
|
|
573
572
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
574
573
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -580,6 +579,7 @@ declare class AlgorandClientTransactionCreator {
|
|
|
580
579
|
validityWindow?: number | bigint | undefined;
|
|
581
580
|
firstValidRound?: bigint | undefined;
|
|
582
581
|
lastValidRound?: bigint | undefined;
|
|
582
|
+
appId?: 0 | undefined;
|
|
583
583
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.UpdateApplication | OnApplicationComplete.DeleteApplication | undefined;
|
|
584
584
|
accountReferences?: ReadableAddress[] | undefined;
|
|
585
585
|
appReferences?: bigint[] | undefined;
|
|
@@ -649,7 +649,6 @@ declare class AlgorandClientTransactionCreator {
|
|
|
649
649
|
* @returns The application ABI method update transaction
|
|
650
650
|
*/
|
|
651
651
|
appUpdateMethodCall: (params: {
|
|
652
|
-
appId: bigint;
|
|
653
652
|
sender: SendingAddress;
|
|
654
653
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
655
654
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -661,6 +660,7 @@ declare class AlgorandClientTransactionCreator {
|
|
|
661
660
|
validityWindow?: number | bigint | undefined;
|
|
662
661
|
firstValidRound?: bigint | undefined;
|
|
663
662
|
lastValidRound?: bigint | undefined;
|
|
663
|
+
appId: bigint;
|
|
664
664
|
onComplete?: OnApplicationComplete.UpdateApplication | undefined;
|
|
665
665
|
accountReferences?: ReadableAddress[] | undefined;
|
|
666
666
|
appReferences?: bigint[] | undefined;
|
|
@@ -721,7 +721,6 @@ declare class AlgorandClientTransactionCreator {
|
|
|
721
721
|
* @returns The application ABI method delete transaction
|
|
722
722
|
*/
|
|
723
723
|
appDeleteMethodCall: (params: {
|
|
724
|
-
appId: bigint;
|
|
725
724
|
sender: SendingAddress;
|
|
726
725
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
727
726
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -733,6 +732,7 @@ declare class AlgorandClientTransactionCreator {
|
|
|
733
732
|
validityWindow?: number | bigint | undefined;
|
|
734
733
|
firstValidRound?: bigint | undefined;
|
|
735
734
|
lastValidRound?: bigint | undefined;
|
|
735
|
+
appId: bigint;
|
|
736
736
|
onComplete?: OnApplicationComplete.DeleteApplication | undefined;
|
|
737
737
|
accountReferences?: ReadableAddress[] | undefined;
|
|
738
738
|
appReferences?: bigint[] | undefined;
|
|
@@ -791,7 +791,6 @@ declare class AlgorandClientTransactionCreator {
|
|
|
791
791
|
* @returns The application ABI method call transaction
|
|
792
792
|
*/
|
|
793
793
|
appCallMethodCall: (params: {
|
|
794
|
-
appId: bigint;
|
|
795
794
|
sender: SendingAddress;
|
|
796
795
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
797
796
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -803,6 +802,7 @@ declare class AlgorandClientTransactionCreator {
|
|
|
803
802
|
validityWindow?: number | bigint | undefined;
|
|
804
803
|
firstValidRound?: bigint | undefined;
|
|
805
804
|
lastValidRound?: bigint | undefined;
|
|
805
|
+
appId: bigint;
|
|
806
806
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.DeleteApplication | undefined;
|
|
807
807
|
accountReferences?: ReadableAddress[] | undefined;
|
|
808
808
|
appReferences?: bigint[] | undefined;
|
|
@@ -746,7 +746,6 @@ declare class AlgorandClientTransactionSender {
|
|
|
746
746
|
* @returns The result of the application ABI method create transaction and the transaction that was sent
|
|
747
747
|
*/
|
|
748
748
|
appCreateMethodCall: (params: {
|
|
749
|
-
appId?: 0 | undefined;
|
|
750
749
|
sender: SendingAddress;
|
|
751
750
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
752
751
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -758,6 +757,7 @@ declare class AlgorandClientTransactionSender {
|
|
|
758
757
|
validityWindow?: number | bigint | undefined;
|
|
759
758
|
firstValidRound?: bigint | undefined;
|
|
760
759
|
lastValidRound?: bigint | undefined;
|
|
760
|
+
appId?: 0 | undefined;
|
|
761
761
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.UpdateApplication | OnApplicationComplete.DeleteApplication | undefined;
|
|
762
762
|
accountReferences?: ReadableAddress[] | undefined;
|
|
763
763
|
appReferences?: bigint[] | undefined;
|
|
@@ -834,7 +834,6 @@ declare class AlgorandClientTransactionSender {
|
|
|
834
834
|
* @returns The result of the application ABI method update transaction and the transaction that was sent
|
|
835
835
|
*/
|
|
836
836
|
appUpdateMethodCall: (params: {
|
|
837
|
-
appId: bigint;
|
|
838
837
|
sender: SendingAddress;
|
|
839
838
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
840
839
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -846,6 +845,7 @@ declare class AlgorandClientTransactionSender {
|
|
|
846
845
|
validityWindow?: number | bigint | undefined;
|
|
847
846
|
firstValidRound?: bigint | undefined;
|
|
848
847
|
lastValidRound?: bigint | undefined;
|
|
848
|
+
appId: bigint;
|
|
849
849
|
onComplete?: OnApplicationComplete.UpdateApplication | undefined;
|
|
850
850
|
accountReferences?: ReadableAddress[] | undefined;
|
|
851
851
|
appReferences?: bigint[] | undefined;
|
|
@@ -913,7 +913,6 @@ declare class AlgorandClientTransactionSender {
|
|
|
913
913
|
* @returns The result of the application ABI method delete transaction and the transaction that was sent
|
|
914
914
|
*/
|
|
915
915
|
appDeleteMethodCall: (params: {
|
|
916
|
-
appId: bigint;
|
|
917
916
|
sender: SendingAddress;
|
|
918
917
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
919
918
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -925,6 +924,7 @@ declare class AlgorandClientTransactionSender {
|
|
|
925
924
|
validityWindow?: number | bigint | undefined;
|
|
926
925
|
firstValidRound?: bigint | undefined;
|
|
927
926
|
lastValidRound?: bigint | undefined;
|
|
927
|
+
appId: bigint;
|
|
928
928
|
onComplete?: OnApplicationComplete.DeleteApplication | undefined;
|
|
929
929
|
accountReferences?: ReadableAddress[] | undefined;
|
|
930
930
|
appReferences?: bigint[] | undefined;
|
|
@@ -990,7 +990,6 @@ declare class AlgorandClientTransactionSender {
|
|
|
990
990
|
* @returns The result of the application ABI method call transaction and the transaction that was sent
|
|
991
991
|
*/
|
|
992
992
|
appCallMethodCall: (params: {
|
|
993
|
-
appId: bigint;
|
|
994
993
|
sender: SendingAddress;
|
|
995
994
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
996
995
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -1002,6 +1001,7 @@ declare class AlgorandClientTransactionSender {
|
|
|
1002
1001
|
validityWindow?: number | bigint | undefined;
|
|
1003
1002
|
firstValidRound?: bigint | undefined;
|
|
1004
1003
|
lastValidRound?: bigint | undefined;
|
|
1004
|
+
appId: bigint;
|
|
1005
1005
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.DeleteApplication | undefined;
|
|
1006
1006
|
accountReferences?: ReadableAddress[] | undefined;
|
|
1007
1007
|
appReferences?: bigint[] | undefined;
|
package/app-client.d.ts
CHANGED
|
@@ -458,7 +458,7 @@ declare class AppClient {
|
|
|
458
458
|
signer: AddressWithTransactionSigner | TransactionSigner | undefined;
|
|
459
459
|
method: ABIMethod;
|
|
460
460
|
onComplete: OnApplicationComplete.UpdateApplication;
|
|
461
|
-
args: (Transaction |
|
|
461
|
+
args: (Transaction | ABIValue | TransactionWithSigner | AppMethodCall<{
|
|
462
462
|
sender: SendingAddress;
|
|
463
463
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
464
464
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -511,7 +511,7 @@ declare class AppClient {
|
|
|
511
511
|
rejectVersion?: number | undefined;
|
|
512
512
|
approvalProgram: string | Uint8Array;
|
|
513
513
|
clearStateProgram: string | Uint8Array;
|
|
514
|
-
}> | AppMethodCall<AppMethodCallParams> | undefined)[] | undefined;
|
|
514
|
+
}> | AppMethodCall<AppMethodCallParams> | Promise<Transaction> | undefined)[] | undefined;
|
|
515
515
|
}>;
|
|
516
516
|
/**
|
|
517
517
|
* Return params for an opt-in ABI call
|
|
@@ -519,7 +519,6 @@ declare class AppClient {
|
|
|
519
519
|
* @returns The parameters which can be used to create an opt-in ABI method call
|
|
520
520
|
*/
|
|
521
521
|
optIn: (params: AppClientMethodCallParams) => Promise<{
|
|
522
|
-
appId: bigint;
|
|
523
522
|
sender: SendingAddress;
|
|
524
523
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
525
524
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -531,6 +530,7 @@ declare class AppClient {
|
|
|
531
530
|
validityWindow?: number | bigint | undefined;
|
|
532
531
|
firstValidRound?: bigint | undefined;
|
|
533
532
|
lastValidRound?: bigint | undefined;
|
|
533
|
+
appId: bigint;
|
|
534
534
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.DeleteApplication | undefined;
|
|
535
535
|
accountReferences?: ReadableAddress[] | undefined;
|
|
536
536
|
appReferences?: bigint[] | undefined;
|
|
@@ -547,7 +547,6 @@ declare class AppClient {
|
|
|
547
547
|
* @returns The parameters which can be used to create a delete ABI method call
|
|
548
548
|
*/
|
|
549
549
|
delete: (params: AppClientMethodCallParams) => Promise<{
|
|
550
|
-
appId: bigint;
|
|
551
550
|
sender: SendingAddress;
|
|
552
551
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
553
552
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -559,6 +558,7 @@ declare class AppClient {
|
|
|
559
558
|
validityWindow?: number | bigint | undefined;
|
|
560
559
|
firstValidRound?: bigint | undefined;
|
|
561
560
|
lastValidRound?: bigint | undefined;
|
|
561
|
+
appId: bigint;
|
|
562
562
|
onComplete?: OnApplicationComplete.DeleteApplication | undefined;
|
|
563
563
|
accountReferences?: ReadableAddress[] | undefined;
|
|
564
564
|
appReferences?: bigint[] | undefined;
|
|
@@ -574,7 +574,6 @@ declare class AppClient {
|
|
|
574
574
|
* @returns The parameters which can be used to create a close out ABI method call
|
|
575
575
|
*/
|
|
576
576
|
closeOut: (params: AppClientMethodCallParams) => Promise<{
|
|
577
|
-
appId: bigint;
|
|
578
577
|
sender: SendingAddress;
|
|
579
578
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
580
579
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -586,6 +585,7 @@ declare class AppClient {
|
|
|
586
585
|
validityWindow?: number | bigint | undefined;
|
|
587
586
|
firstValidRound?: bigint | undefined;
|
|
588
587
|
lastValidRound?: bigint | undefined;
|
|
588
|
+
appId: bigint;
|
|
589
589
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.DeleteApplication | undefined;
|
|
590
590
|
accountReferences?: ReadableAddress[] | undefined;
|
|
591
591
|
appReferences?: bigint[] | undefined;
|
|
@@ -601,7 +601,6 @@ declare class AppClient {
|
|
|
601
601
|
* @returns The parameters which can be used to create an ABI method call
|
|
602
602
|
*/
|
|
603
603
|
call: (params: AppClientMethodCallParams & CallOnComplete) => Promise<{
|
|
604
|
-
appId: bigint;
|
|
605
604
|
sender: SendingAddress;
|
|
606
605
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
607
606
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -613,6 +612,7 @@ declare class AppClient {
|
|
|
613
612
|
validityWindow?: number | bigint | undefined;
|
|
614
613
|
firstValidRound?: bigint | undefined;
|
|
615
614
|
lastValidRound?: bigint | undefined;
|
|
615
|
+
appId: bigint;
|
|
616
616
|
onComplete?: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.DeleteApplication | undefined;
|
|
617
617
|
accountReferences?: ReadableAddress[] | undefined;
|
|
618
618
|
appReferences?: bigint[] | undefined;
|
|
@@ -709,8 +709,8 @@ declare class AppClient {
|
|
|
709
709
|
update: (params: AppClientMethodCallParams & AppClientCompilationParams & SendParams) => Promise<{
|
|
710
710
|
compiledApproval?: CompiledTeal | undefined;
|
|
711
711
|
compiledClear?: CompiledTeal | undefined;
|
|
712
|
-
transactions: Transaction[];
|
|
713
712
|
confirmations: PendingTransactionResponse[];
|
|
713
|
+
transactions: Transaction[];
|
|
714
714
|
groupId: string | undefined;
|
|
715
715
|
txIds: string[];
|
|
716
716
|
returns?: ABIReturn[] | undefined;
|
package/app-factory.d.ts
CHANGED
|
@@ -211,7 +211,7 @@ declare class AppFactory {
|
|
|
211
211
|
sender: Address;
|
|
212
212
|
signer: AddressWithTransactionSigner | TransactionSigner | undefined;
|
|
213
213
|
method: ABIMethod;
|
|
214
|
-
args: (Transaction |
|
|
214
|
+
args: (Transaction | ABIValue | TransactionWithSigner | AppMethodCall<{
|
|
215
215
|
sender: SendingAddress;
|
|
216
216
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
217
217
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -264,7 +264,7 @@ declare class AppFactory {
|
|
|
264
264
|
rejectVersion?: number | undefined;
|
|
265
265
|
approvalProgram: string | Uint8Array;
|
|
266
266
|
clearStateProgram: string | Uint8Array;
|
|
267
|
-
}> | AppMethodCall<AppMethodCallParams> | undefined)[] | undefined;
|
|
267
|
+
}> | AppMethodCall<AppMethodCallParams> | Promise<Transaction> | undefined)[] | undefined;
|
|
268
268
|
onComplete: OnApplicationComplete.NoOp | OnApplicationComplete.OptIn | OnApplicationComplete.CloseOut | OnApplicationComplete.UpdateApplication | OnApplicationComplete.DeleteApplication;
|
|
269
269
|
}>;
|
|
270
270
|
/** Return params for a deployment update ABI call */
|
|
@@ -293,7 +293,7 @@ declare class AppFactory {
|
|
|
293
293
|
sender: Address;
|
|
294
294
|
signer: AddressWithTransactionSigner | TransactionSigner | undefined;
|
|
295
295
|
method: ABIMethod;
|
|
296
|
-
args: (Transaction |
|
|
296
|
+
args: (Transaction | ABIValue | TransactionWithSigner | AppMethodCall<{
|
|
297
297
|
sender: SendingAddress;
|
|
298
298
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
299
299
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -346,7 +346,7 @@ declare class AppFactory {
|
|
|
346
346
|
rejectVersion?: number | undefined;
|
|
347
347
|
approvalProgram: string | Uint8Array;
|
|
348
348
|
clearStateProgram: string | Uint8Array;
|
|
349
|
-
}> | AppMethodCall<AppMethodCallParams> | undefined)[] | undefined;
|
|
349
|
+
}> | AppMethodCall<AppMethodCallParams> | Promise<Transaction> | undefined)[] | undefined;
|
|
350
350
|
onComplete: OnApplicationComplete.UpdateApplication;
|
|
351
351
|
};
|
|
352
352
|
/** Return params for a deployment delete ABI call */
|
|
@@ -375,7 +375,7 @@ declare class AppFactory {
|
|
|
375
375
|
sender: Address;
|
|
376
376
|
signer: AddressWithTransactionSigner | TransactionSigner | undefined;
|
|
377
377
|
method: ABIMethod;
|
|
378
|
-
args: (Transaction |
|
|
378
|
+
args: (Transaction | ABIValue | TransactionWithSigner | AppMethodCall<{
|
|
379
379
|
sender: SendingAddress;
|
|
380
380
|
signer?: (TransactionSigner | AddressWithTransactionSigner) | undefined;
|
|
381
381
|
rekeyTo?: ReadableAddress | undefined;
|
|
@@ -428,7 +428,7 @@ declare class AppFactory {
|
|
|
428
428
|
rejectVersion?: number | undefined;
|
|
429
429
|
approvalProgram: string | Uint8Array;
|
|
430
430
|
clearStateProgram: string | Uint8Array;
|
|
431
|
-
}> | AppMethodCall<AppMethodCallParams> | undefined)[] | undefined;
|
|
431
|
+
}> | AppMethodCall<AppMethodCallParams> | Promise<Transaction> | undefined)[] | undefined;
|
|
432
432
|
onComplete: OnApplicationComplete.DeleteApplication;
|
|
433
433
|
};
|
|
434
434
|
bare: {
|
|
@@ -653,9 +653,9 @@ declare class AppFactory {
|
|
|
653
653
|
compiledApproval?: CompiledTeal | undefined;
|
|
654
654
|
compiledClear?: CompiledTeal | undefined;
|
|
655
655
|
operationPerformed: "create";
|
|
656
|
-
version: string;
|
|
657
656
|
updatable?: boolean | undefined;
|
|
658
657
|
deletable?: boolean | undefined;
|
|
658
|
+
version: string;
|
|
659
659
|
createdRound: bigint;
|
|
660
660
|
updatedRound: bigint;
|
|
661
661
|
createdMetadata: AppDeployMetadata;
|
|
@@ -699,9 +699,9 @@ declare class AppFactory {
|
|
|
699
699
|
compiledApproval?: CompiledTeal | undefined;
|
|
700
700
|
compiledClear?: CompiledTeal | undefined;
|
|
701
701
|
operationPerformed: "replace";
|
|
702
|
-
version: string;
|
|
703
702
|
updatable?: boolean | undefined;
|
|
704
703
|
deletable?: boolean | undefined;
|
|
704
|
+
version: string;
|
|
705
705
|
createdRound: bigint;
|
|
706
706
|
updatedRound: bigint;
|
|
707
707
|
createdMetadata: AppDeployMetadata;
|
package/crypto/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import { Ed25519Generator, RawEd25519Signer, RawEd25519Verifier, ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier } from "../packages/crypto/src/ed25519.js";
|
|
1
|
+
import { Ed25519Generator, Ed25519SigningKey, RawEd25519Signer, RawEd25519Verifier, WrappedEd25519Seed, ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier } from "../packages/crypto/src/ed25519.js";
|
|
2
|
+
import { BIP44Path, HdAccountGenerator, HdWalletGenerator, WrappedHdExtendedPrivateKey, peikertXHdWalletGenerator } from "../packages/crypto/src/hd.js";
|
|
2
3
|
import { hash } from "../packages/crypto/src/hash.js";
|
|
3
|
-
import {
|
|
4
|
-
export { BIP44Path, Ed25519Generator, HdAccountGenerator, HdWalletGenerator, RawEd25519Signer, RawEd25519Verifier,
|
|
4
|
+
import { WrappedEd25519Secret, ed25519SigningKeyFromWrappedSecret, nobleEd25519SigningKeyFromWrappedSecret } from "../packages/crypto/src/index.js";
|
|
5
|
+
export { BIP44Path, Ed25519Generator, Ed25519SigningKey, HdAccountGenerator, HdWalletGenerator, RawEd25519Signer, RawEd25519Verifier, WrappedEd25519Secret, WrappedEd25519Seed, WrappedHdExtendedPrivateKey, ed25519Generator, ed25519SigningKeyFromWrappedSecret, ed25519Verifier, hash, nobleEd25519Generator, nobleEd25519SigningKeyFromWrappedSecret, nobleEd25519Verifier, peikertXHdWalletGenerator };
|
package/crypto/index.js
CHANGED
|
@@ -2,11 +2,13 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
|
2
2
|
const require_ed25519 = require('../packages/crypto/src/ed25519.js');
|
|
3
3
|
const require_hash = require('../packages/crypto/src/hash.js');
|
|
4
4
|
const require_hd = require('../packages/crypto/src/hd.js');
|
|
5
|
+
const require_index = require('../packages/crypto/src/index.js');
|
|
5
6
|
|
|
6
7
|
exports.ed25519Generator = require_ed25519.ed25519Generator;
|
|
8
|
+
exports.ed25519SigningKeyFromWrappedSecret = require_index.ed25519SigningKeyFromWrappedSecret;
|
|
7
9
|
exports.ed25519Verifier = require_ed25519.ed25519Verifier;
|
|
8
10
|
exports.hash = require_hash.hash;
|
|
9
11
|
exports.nobleEd25519Generator = require_ed25519.nobleEd25519Generator;
|
|
12
|
+
exports.nobleEd25519SigningKeyFromWrappedSecret = require_index.nobleEd25519SigningKeyFromWrappedSecret;
|
|
10
13
|
exports.nobleEd25519Verifier = require_ed25519.nobleEd25519Verifier;
|
|
11
|
-
exports.peikertXHdAccountGenerator = require_hd.peikertXHdAccountGenerator;
|
|
12
14
|
exports.peikertXHdWalletGenerator = require_hd.peikertXHdWalletGenerator;
|
package/crypto/index.mjs
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier } from "../packages/crypto/src/ed25519.mjs";
|
|
2
2
|
import { hash } from "../packages/crypto/src/hash.mjs";
|
|
3
|
-
import {
|
|
3
|
+
import { peikertXHdWalletGenerator } from "../packages/crypto/src/hd.mjs";
|
|
4
|
+
import { ed25519SigningKeyFromWrappedSecret, nobleEd25519SigningKeyFromWrappedSecret } from "../packages/crypto/src/index.mjs";
|
|
4
5
|
|
|
5
|
-
export { ed25519Generator, ed25519Verifier, hash, nobleEd25519Generator,
|
|
6
|
+
export { ed25519Generator, ed25519SigningKeyFromWrappedSecret, ed25519Verifier, hash, nobleEd25519Generator, nobleEd25519SigningKeyFromWrappedSecret, nobleEd25519Verifier, peikertXHdWalletGenerator };
|
package/package.json
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
"**"
|
|
7
7
|
],
|
|
8
8
|
"name": "@algorandfoundation/algokit-utils",
|
|
9
|
-
"version": "10.0.0-alpha.
|
|
9
|
+
"version": "10.0.0-alpha.40",
|
|
10
10
|
"private": false,
|
|
11
11
|
"description": "A set of core Algorand utilities written in TypeScript and released via npm that make it easier to build solutions on Algorand.",
|
|
12
12
|
"author": "Algorand Foundation",
|
|
@@ -38,6 +38,23 @@ declare const nobleEd25519Generator: Ed25519Generator;
|
|
|
38
38
|
* @returns An object containing the ed25519 public key, secret key, and a raw signer function.
|
|
39
39
|
*/
|
|
40
40
|
declare const ed25519Generator: Ed25519Generator;
|
|
41
|
+
type Ed25519SigningKey = {
|
|
42
|
+
ed25519Pubkey: Uint8Array;
|
|
43
|
+
rawEd25519Signer: RawEd25519Signer;
|
|
44
|
+
};
|
|
45
|
+
/**
|
|
46
|
+
* Represents a 32-byte Ed25519 seed that can be unwrapped for short-lived use and then re-wrapped.
|
|
47
|
+
*/
|
|
48
|
+
type WrappedEd25519Seed = {
|
|
49
|
+
/**
|
|
50
|
+
* Unwraps and returns the 32-byte Ed25519 seed.
|
|
51
|
+
*/
|
|
52
|
+
unwrapEd25519Seed: () => Promise<Uint8Array>;
|
|
53
|
+
/**
|
|
54
|
+
* Re-wraps the Ed25519 seed after use.
|
|
55
|
+
*/
|
|
56
|
+
wrapEd25519Seed: () => Promise<void>;
|
|
57
|
+
};
|
|
41
58
|
//#endregion
|
|
42
|
-
export { Ed25519Generator, RawEd25519Signer, RawEd25519Verifier, ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier };
|
|
59
|
+
export { Ed25519Generator, Ed25519SigningKey, RawEd25519Signer, RawEd25519Verifier, WrappedEd25519Seed, ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier };
|
|
43
60
|
//# sourceMappingURL=ed25519.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ed25519.js","names":["ed"],"sources":["../../../../packages/crypto/src/ed25519.ts"],"sourcesContent":["import * as ed from '@noble/ed25519'\nimport { sha512 } from '@noble/hashes/sha2.js'\n\nexport type RawEd25519Verifier = (signature: Uint8Array, message: Uint8Array, pubkey: Uint8Array) => Promise<boolean>\nexport type RawEd25519Signer = (bytesToSign: Uint8Array) => Promise<Uint8Array>\nexport type Ed25519Generator = (seed?: Uint8Array) => {\n ed25519Pubkey: Uint8Array\n ed25519SecretKey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Verifies an ed25519 signature using the @noble/ed25519 implementation.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const nobleEd25519Verifier: RawEd25519Verifier = async (\n signature: Uint8Array,\n message: Uint8Array,\n pubkey: Uint8Array,\n): Promise<boolean> => {\n return ed.verifyAsync(signature, message, pubkey)\n}\n\n/**\n * Verifies an ed25519 signature using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Verifier`.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const ed25519Verifier: RawEd25519Verifier = nobleEd25519Verifier\n\ned.hashes.sha512 = (msg: ed.Bytes) => sha512(msg)\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the @noble/ed25519 implementation.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const nobleEd25519Generator: Ed25519Generator = (seed?: Uint8Array) => {\n const ed25519SecretKey = ed.utils.randomSecretKey(seed)\n const ed25519Pubkey = ed.getPublicKey(ed25519SecretKey)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return ed.signAsync(bytesToSign, ed25519SecretKey)\n }\n\n return { ed25519Pubkey, ed25519SecretKey, rawEd25519Signer }\n}\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Generator`.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const ed25519Generator: Ed25519Generator = nobleEd25519Generator\n"],"mappings":";;;;;;;;;;;;;AAkBA,MAAa,uBAA2C,OACtD,WACA,SACA,WACqB;AACrB,QAAOA,eAAG,YAAY,WAAW,SAAS,OAAO;;;;;;;;;;AAWnD,MAAa,kBAAsC;AAEnD,eAAG,OAAO,UAAU,0CAAyB,IAAI;;;;;;;AAQjD,MAAa,yBAA2C,SAAsB;CAC5E,MAAM,mBAAmBA,eAAG,MAAM,gBAAgB,KAAK;CACvD,MAAM,gBAAgBA,eAAG,aAAa,iBAAiB;CAEvD,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,SAAOA,eAAG,UAAU,aAAa,iBAAiB;;AAGpD,QAAO;EAAE;EAAe;EAAkB;EAAkB;;;;;;;;;AAU9D,MAAa,mBAAqC"}
|
|
1
|
+
{"version":3,"file":"ed25519.js","names":["ed"],"sources":["../../../../packages/crypto/src/ed25519.ts"],"sourcesContent":["import * as ed from '@noble/ed25519'\nimport { sha512 } from '@noble/hashes/sha2.js'\n\nexport type RawEd25519Verifier = (signature: Uint8Array, message: Uint8Array, pubkey: Uint8Array) => Promise<boolean>\nexport type RawEd25519Signer = (bytesToSign: Uint8Array) => Promise<Uint8Array>\nexport type Ed25519Generator = (seed?: Uint8Array) => {\n ed25519Pubkey: Uint8Array\n ed25519SecretKey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Verifies an ed25519 signature using the @noble/ed25519 implementation.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const nobleEd25519Verifier: RawEd25519Verifier = async (\n signature: Uint8Array,\n message: Uint8Array,\n pubkey: Uint8Array,\n): Promise<boolean> => {\n return ed.verifyAsync(signature, message, pubkey)\n}\n\n/**\n * Verifies an ed25519 signature using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Verifier`.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const ed25519Verifier: RawEd25519Verifier = nobleEd25519Verifier\n\ned.hashes.sha512 = (msg: ed.Bytes) => sha512(msg)\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the @noble/ed25519 implementation.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const nobleEd25519Generator: Ed25519Generator = (seed?: Uint8Array) => {\n const ed25519SecretKey = ed.utils.randomSecretKey(seed)\n const ed25519Pubkey = ed.getPublicKey(ed25519SecretKey)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return ed.signAsync(bytesToSign, ed25519SecretKey)\n }\n\n return { ed25519Pubkey, ed25519SecretKey, rawEd25519Signer }\n}\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Generator`.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const ed25519Generator: Ed25519Generator = nobleEd25519Generator\n\nexport type Ed25519SigningKey = {\n ed25519Pubkey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Represents a 32-byte Ed25519 seed that can be unwrapped for short-lived use and then re-wrapped.\n */\nexport type WrappedEd25519Seed = {\n /**\n * Unwraps and returns the 32-byte Ed25519 seed.\n */\n unwrapEd25519Seed: () => Promise<Uint8Array>\n /**\n * Re-wraps the Ed25519 seed after use.\n */\n wrapEd25519Seed: () => Promise<void>\n}\n"],"mappings":";;;;;;;;;;;;;AAkBA,MAAa,uBAA2C,OACtD,WACA,SACA,WACqB;AACrB,QAAOA,eAAG,YAAY,WAAW,SAAS,OAAO;;;;;;;;;;AAWnD,MAAa,kBAAsC;AAEnD,eAAG,OAAO,UAAU,0CAAyB,IAAI;;;;;;;AAQjD,MAAa,yBAA2C,SAAsB;CAC5E,MAAM,mBAAmBA,eAAG,MAAM,gBAAgB,KAAK;CACvD,MAAM,gBAAgBA,eAAG,aAAa,iBAAiB;CAEvD,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,SAAOA,eAAG,UAAU,aAAa,iBAAiB;;AAGpD,QAAO;EAAE;EAAe;EAAkB;EAAkB;;;;;;;;;AAU9D,MAAa,mBAAqC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ed25519.mjs","names":[],"sources":["../../../../packages/crypto/src/ed25519.ts"],"sourcesContent":["import * as ed from '@noble/ed25519'\nimport { sha512 } from '@noble/hashes/sha2.js'\n\nexport type RawEd25519Verifier = (signature: Uint8Array, message: Uint8Array, pubkey: Uint8Array) => Promise<boolean>\nexport type RawEd25519Signer = (bytesToSign: Uint8Array) => Promise<Uint8Array>\nexport type Ed25519Generator = (seed?: Uint8Array) => {\n ed25519Pubkey: Uint8Array\n ed25519SecretKey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Verifies an ed25519 signature using the @noble/ed25519 implementation.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const nobleEd25519Verifier: RawEd25519Verifier = async (\n signature: Uint8Array,\n message: Uint8Array,\n pubkey: Uint8Array,\n): Promise<boolean> => {\n return ed.verifyAsync(signature, message, pubkey)\n}\n\n/**\n * Verifies an ed25519 signature using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Verifier`.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const ed25519Verifier: RawEd25519Verifier = nobleEd25519Verifier\n\ned.hashes.sha512 = (msg: ed.Bytes) => sha512(msg)\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the @noble/ed25519 implementation.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const nobleEd25519Generator: Ed25519Generator = (seed?: Uint8Array) => {\n const ed25519SecretKey = ed.utils.randomSecretKey(seed)\n const ed25519Pubkey = ed.getPublicKey(ed25519SecretKey)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return ed.signAsync(bytesToSign, ed25519SecretKey)\n }\n\n return { ed25519Pubkey, ed25519SecretKey, rawEd25519Signer }\n}\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Generator`.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const ed25519Generator: Ed25519Generator = nobleEd25519Generator\n"],"mappings":";;;;;;;;;;;AAkBA,MAAa,uBAA2C,OACtD,WACA,SACA,WACqB;AACrB,QAAO,GAAG,YAAY,WAAW,SAAS,OAAO;;;;;;;;;;AAWnD,MAAa,kBAAsC;AAEnD,GAAG,OAAO,UAAU,QAAkB,OAAO,IAAI;;;;;;;AAQjD,MAAa,yBAA2C,SAAsB;CAC5E,MAAM,mBAAmB,GAAG,MAAM,gBAAgB,KAAK;CACvD,MAAM,gBAAgB,GAAG,aAAa,iBAAiB;CAEvD,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,SAAO,GAAG,UAAU,aAAa,iBAAiB;;AAGpD,QAAO;EAAE;EAAe;EAAkB;EAAkB;;;;;;;;;AAU9D,MAAa,mBAAqC"}
|
|
1
|
+
{"version":3,"file":"ed25519.mjs","names":[],"sources":["../../../../packages/crypto/src/ed25519.ts"],"sourcesContent":["import * as ed from '@noble/ed25519'\nimport { sha512 } from '@noble/hashes/sha2.js'\n\nexport type RawEd25519Verifier = (signature: Uint8Array, message: Uint8Array, pubkey: Uint8Array) => Promise<boolean>\nexport type RawEd25519Signer = (bytesToSign: Uint8Array) => Promise<Uint8Array>\nexport type Ed25519Generator = (seed?: Uint8Array) => {\n ed25519Pubkey: Uint8Array\n ed25519SecretKey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Verifies an ed25519 signature using the @noble/ed25519 implementation.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const nobleEd25519Verifier: RawEd25519Verifier = async (\n signature: Uint8Array,\n message: Uint8Array,\n pubkey: Uint8Array,\n): Promise<boolean> => {\n return ed.verifyAsync(signature, message, pubkey)\n}\n\n/**\n * Verifies an ed25519 signature using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Verifier`.\n *\n * @param message - The original message that was signed.\n * @param signature - The ed25519 signature to verify.\n * @returns A promise that resolves to true if the signature is valid, false otherwise.\n */\nexport const ed25519Verifier: RawEd25519Verifier = nobleEd25519Verifier\n\ned.hashes.sha512 = (msg: ed.Bytes) => sha512(msg)\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the @noble/ed25519 implementation.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const nobleEd25519Generator: Ed25519Generator = (seed?: Uint8Array) => {\n const ed25519SecretKey = ed.utils.randomSecretKey(seed)\n const ed25519Pubkey = ed.getPublicKey(ed25519SecretKey)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return ed.signAsync(bytesToSign, ed25519SecretKey)\n }\n\n return { ed25519Pubkey, ed25519SecretKey, rawEd25519Signer }\n}\n\n/**\n * Generates an ed25519 keypair and a raw signer function using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519Generator`.\n *\n * @param seed - Optional seed for key generation. If not provided, a random seed will be used.\n * @returns An object containing the ed25519 public key, secret key, and a raw signer function.\n */\nexport const ed25519Generator: Ed25519Generator = nobleEd25519Generator\n\nexport type Ed25519SigningKey = {\n ed25519Pubkey: Uint8Array\n rawEd25519Signer: RawEd25519Signer\n}\n\n/**\n * Represents a 32-byte Ed25519 seed that can be unwrapped for short-lived use and then re-wrapped.\n */\nexport type WrappedEd25519Seed = {\n /**\n * Unwraps and returns the 32-byte Ed25519 seed.\n */\n unwrapEd25519Seed: () => Promise<Uint8Array>\n /**\n * Re-wraps the Ed25519 seed after use.\n */\n wrapEd25519Seed: () => Promise<void>\n}\n"],"mappings":";;;;;;;;;;;AAkBA,MAAa,uBAA2C,OACtD,WACA,SACA,WACqB;AACrB,QAAO,GAAG,YAAY,WAAW,SAAS,OAAO;;;;;;;;;;AAWnD,MAAa,kBAAsC;AAEnD,GAAG,OAAO,UAAU,QAAkB,OAAO,IAAI;;;;;;;AAQjD,MAAa,yBAA2C,SAAsB;CAC5E,MAAM,mBAAmB,GAAG,MAAM,gBAAgB,KAAK;CACvD,MAAM,gBAAgB,GAAG,aAAa,iBAAiB;CAEvD,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,SAAO,GAAG,UAAU,aAAa,iBAAiB;;AAGpD,QAAO;EAAE;EAAe;EAAkB;EAAkB;;;;;;;;;AAU9D,MAAa,mBAAqC"}
|
|
@@ -2,18 +2,39 @@ import { RawEd25519Signer } from "./ed25519.js";
|
|
|
2
2
|
|
|
3
3
|
//#region packages/crypto/src/hd.d.ts
|
|
4
4
|
type BIP44Path = [number, number, number, number, number];
|
|
5
|
-
type RawHdWalletSigner = (bytesToSign: Uint8Array, bip44Path: BIP44Path) => Promise<Uint8Array>;
|
|
6
5
|
type HdWalletGenerator = (seed?: Uint8Array) => Promise<{
|
|
7
6
|
hdRootKey: Uint8Array;
|
|
8
|
-
|
|
7
|
+
accountGenerator: HdAccountGenerator;
|
|
9
8
|
}>;
|
|
10
|
-
type HdAccountGenerator = (
|
|
9
|
+
type HdAccountGenerator = (account: number, index: number) => Promise<{
|
|
10
|
+
/** The ed25519 public key corresponding to the generated account and index. */
|
|
11
11
|
ed25519Pubkey: Uint8Array;
|
|
12
|
+
/** The extended ed25519 private key (96 bytes for scalar + prefix + chain code) corresponding to the generated account and index. */
|
|
13
|
+
extendedPrivateKey: Uint8Array;
|
|
14
|
+
/** The BIP44 path used to derive the key for the generated account and index. */
|
|
12
15
|
bip44Path: BIP44Path;
|
|
16
|
+
/** A signer function that can sign bytes using the ed25519 secret key corresponding to the generated account and index. */
|
|
13
17
|
rawEd25519Signer: RawEd25519Signer;
|
|
14
18
|
}>;
|
|
15
19
|
declare const peikertXHdWalletGenerator: HdWalletGenerator;
|
|
16
|
-
|
|
20
|
+
/**
|
|
21
|
+
* Represents a 96-byte `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` secret that can be unwrapped
|
|
22
|
+
* for short-lived use and then re-wrapped.
|
|
23
|
+
*
|
|
24
|
+
* It should be noted that the `chain_code` is NOT used for signing. It can, however, be used for key derivation.
|
|
25
|
+
* If your secret is only used for signing, it is recommended to only store the first 64 bytes in the secret store
|
|
26
|
+
* and then pad the secret to 96 bytes in the unwrap function
|
|
27
|
+
*/
|
|
28
|
+
type WrappedHdExtendedPrivateKey = {
|
|
29
|
+
/**
|
|
30
|
+
* Unwraps and returns the 96-byte HD `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code`.
|
|
31
|
+
*/
|
|
32
|
+
unwrapHdExtendedPrivateKey: () => Promise<Uint8Array>;
|
|
33
|
+
/**
|
|
34
|
+
* Re-wraps the `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` after use.
|
|
35
|
+
*/
|
|
36
|
+
wrapHdExtendedPrivateKey: () => Promise<void>;
|
|
37
|
+
};
|
|
17
38
|
//#endregion
|
|
18
|
-
export { BIP44Path, HdAccountGenerator, HdWalletGenerator,
|
|
39
|
+
export { BIP44Path, HdAccountGenerator, HdWalletGenerator, WrappedHdExtendedPrivateKey, peikertXHdWalletGenerator };
|
|
19
40
|
//# sourceMappingURL=hd.d.ts.map
|
|
@@ -2,51 +2,36 @@ const require_runtime = require('../../../_virtual/_rolldown/runtime.js');
|
|
|
2
2
|
let _algorandfoundation_xhd_wallet_api = require("@algorandfoundation/xhd-wallet-api");
|
|
3
3
|
|
|
4
4
|
//#region packages/crypto/src/hd.ts
|
|
5
|
-
const verifyPath = (bip44Path) => {
|
|
6
|
-
if (bip44Path.length !== 5) throw new Error("BIP44 path must have exactly 5 elements");
|
|
7
|
-
if (bip44Path[0] !== (0, _algorandfoundation_xhd_wallet_api.harden)(44)) throw new Error("BIP44 path must start with 44'");
|
|
8
|
-
if (bip44Path[1] !== (0, _algorandfoundation_xhd_wallet_api.harden)(283)) throw new Error("BIP44 path must have hardened coin type 283' for Algorand");
|
|
9
|
-
};
|
|
10
|
-
const getPathComponents = (bip44Path) => {
|
|
11
|
-
return {
|
|
12
|
-
account: bip44Path[2],
|
|
13
|
-
index: bip44Path[4]
|
|
14
|
-
};
|
|
15
|
-
};
|
|
16
5
|
const xhd = new _algorandfoundation_xhd_wallet_api.XHDWalletAPI();
|
|
17
6
|
const peikertXHdWalletGenerator = async (seed) => {
|
|
18
7
|
const seedArray = seed ?? new Uint8Array(32);
|
|
19
8
|
if (seed === void 0) crypto.getRandomValues(seedArray);
|
|
20
9
|
const rootKey = (0, _algorandfoundation_xhd_wallet_api.fromSeed)(Buffer.from(seedArray));
|
|
21
|
-
const
|
|
22
|
-
|
|
23
|
-
const
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
hdRootKey: rootKey,
|
|
28
|
-
rawHdSigner
|
|
29
|
-
};
|
|
30
|
-
};
|
|
31
|
-
const peikertXHdAccountGenerator = async (rootKey, account, index) => {
|
|
32
|
-
const ed25519Pubkey = await xhd.keyGen(rootKey, _algorandfoundation_xhd_wallet_api.KeyContext.Address, account, index, _algorandfoundation_xhd_wallet_api.BIP32DerivationType.Peikert);
|
|
33
|
-
const rawEd25519Signer = async (bytesToSign) => {
|
|
34
|
-
return xhd.signAlgoTransaction(rootKey, _algorandfoundation_xhd_wallet_api.KeyContext.Address, account, index, bytesToSign, _algorandfoundation_xhd_wallet_api.BIP32DerivationType.Peikert);
|
|
35
|
-
};
|
|
36
|
-
return {
|
|
37
|
-
ed25519Pubkey,
|
|
38
|
-
rawEd25519Signer,
|
|
39
|
-
bip44Path: [
|
|
10
|
+
const accountGenerator = async (account, index) => {
|
|
11
|
+
const ed25519Pubkey = await xhd.keyGen(rootKey, _algorandfoundation_xhd_wallet_api.KeyContext.Address, account, index, _algorandfoundation_xhd_wallet_api.BIP32DerivationType.Peikert);
|
|
12
|
+
const rawEd25519Signer = async (bytesToSign) => {
|
|
13
|
+
return xhd.signAlgoTransaction(rootKey, _algorandfoundation_xhd_wallet_api.KeyContext.Address, account, index, bytesToSign, _algorandfoundation_xhd_wallet_api.BIP32DerivationType.Peikert);
|
|
14
|
+
};
|
|
15
|
+
const bip44Path = [
|
|
40
16
|
(0, _algorandfoundation_xhd_wallet_api.harden)(44),
|
|
41
17
|
(0, _algorandfoundation_xhd_wallet_api.harden)(283),
|
|
42
18
|
(0, _algorandfoundation_xhd_wallet_api.harden)(account),
|
|
43
19
|
0,
|
|
44
20
|
index
|
|
45
|
-
]
|
|
21
|
+
];
|
|
22
|
+
return {
|
|
23
|
+
ed25519Pubkey,
|
|
24
|
+
rawEd25519Signer,
|
|
25
|
+
bip44Path,
|
|
26
|
+
extendedPrivateKey: await xhd.deriveKey(rootKey, bip44Path, true, _algorandfoundation_xhd_wallet_api.BIP32DerivationType.Peikert)
|
|
27
|
+
};
|
|
28
|
+
};
|
|
29
|
+
return {
|
|
30
|
+
hdRootKey: rootKey,
|
|
31
|
+
accountGenerator
|
|
46
32
|
};
|
|
47
33
|
};
|
|
48
34
|
|
|
49
35
|
//#endregion
|
|
50
|
-
exports.peikertXHdAccountGenerator = peikertXHdAccountGenerator;
|
|
51
36
|
exports.peikertXHdWalletGenerator = peikertXHdWalletGenerator;
|
|
52
37
|
//# sourceMappingURL=hd.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hd.js","names":["XHDWalletAPI","KeyContext","BIP32DerivationType"],"sources":["../../../../packages/crypto/src/hd.ts"],"sourcesContent":["import { BIP32DerivationType, fromSeed, KeyContext, XHDWalletAPI, harden } from '@algorandfoundation/xhd-wallet-api'\nimport { RawEd25519Signer } from './ed25519'\
|
|
1
|
+
{"version":3,"file":"hd.js","names":["XHDWalletAPI","KeyContext","BIP32DerivationType"],"sources":["../../../../packages/crypto/src/hd.ts"],"sourcesContent":["import { BIP32DerivationType, fromSeed, KeyContext, XHDWalletAPI, harden } from '@algorandfoundation/xhd-wallet-api'\nimport { RawEd25519Signer } from './ed25519'\nexport type BIP44Path = [number, number, number, number, number]\n\nexport type HdWalletGenerator = (seed?: Uint8Array) => Promise<{\n hdRootKey: Uint8Array\n accountGenerator: HdAccountGenerator\n}>\n\nexport type HdAccountGenerator = (\n account: number,\n index: number,\n) => Promise<{\n /** The ed25519 public key corresponding to the generated account and index. */\n ed25519Pubkey: Uint8Array\n /** The extended ed25519 private key (96 bytes for scalar + prefix + chain code) corresponding to the generated account and index. */\n extendedPrivateKey: Uint8Array\n /** The BIP44 path used to derive the key for the generated account and index. */\n bip44Path: BIP44Path\n /** A signer function that can sign bytes using the ed25519 secret key corresponding to the generated account and index. */\n rawEd25519Signer: RawEd25519Signer\n}>\n\nconst xhd = new XHDWalletAPI()\n\nexport const peikertXHdWalletGenerator: HdWalletGenerator = async (seed?: Uint8Array) => {\n const seedArray = seed ?? new Uint8Array(32)\n if (seed === undefined) {\n crypto.getRandomValues(seedArray)\n }\n\n const rootKey = fromSeed(Buffer.from(seedArray))\n\n const accountGenerator: HdAccountGenerator = async (account: number, index: number) => {\n const ed25519Pubkey = await xhd.keyGen(rootKey, KeyContext.Address, account, index, BIP32DerivationType.Peikert)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return xhd.signAlgoTransaction(rootKey, KeyContext.Address, account, index, bytesToSign, BIP32DerivationType.Peikert)\n }\n\n const bip44Path: BIP44Path = [harden(44), harden(283), harden(account), 0, index]\n\n const xPrv = await xhd.deriveKey(rootKey, bip44Path, true, BIP32DerivationType.Peikert)\n\n return { ed25519Pubkey, rawEd25519Signer, bip44Path, extendedPrivateKey: xPrv }\n }\n\n return { hdRootKey: rootKey, accountGenerator }\n}\n\n/**\n * Represents a 96-byte `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` secret that can be unwrapped\n * for short-lived use and then re-wrapped.\n *\n * It should be noted that the `chain_code` is NOT used for signing. It can, however, be used for key derivation.\n * If your secret is only used for signing, it is recommended to only store the first 64 bytes in the secret store\n * and then pad the secret to 96 bytes in the unwrap function\n */\nexport type WrappedHdExtendedPrivateKey = {\n /**\n * Unwraps and returns the 96-byte HD `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code`.\n */\n unwrapHdExtendedPrivateKey: () => Promise<Uint8Array>\n /**\n * Re-wraps the `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` after use.\n */\n wrapHdExtendedPrivateKey: () => Promise<void>\n}\n"],"mappings":";;;;AAuBA,MAAM,MAAM,IAAIA,iDAAc;AAE9B,MAAa,4BAA+C,OAAO,SAAsB;CACvF,MAAM,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC5C,KAAI,SAAS,OACX,QAAO,gBAAgB,UAAU;CAGnC,MAAM,2DAAmB,OAAO,KAAK,UAAU,CAAC;CAEhD,MAAM,mBAAuC,OAAO,SAAiB,UAAkB;EACrF,MAAM,gBAAgB,MAAM,IAAI,OAAO,SAASC,8CAAW,SAAS,SAAS,OAAOC,uDAAoB,QAAQ;EAEhH,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,UAAO,IAAI,oBAAoB,SAASD,8CAAW,SAAS,SAAS,OAAO,aAAaC,uDAAoB,QAAQ;;EAGvH,MAAM,YAAuB;kDAAQ,GAAG;kDAAS,IAAI;kDAAS,QAAQ;GAAE;GAAG;GAAM;AAIjF,SAAO;GAAE;GAAe;GAAkB;GAAW,oBAFxC,MAAM,IAAI,UAAU,SAAS,WAAW,MAAMA,uDAAoB,QAAQ;GAER;;AAGjF,QAAO;EAAE,WAAW;EAAS;EAAkB"}
|
|
@@ -1,50 +1,36 @@
|
|
|
1
1
|
import { BIP32DerivationType, KeyContext, XHDWalletAPI, fromSeed, harden } from "@algorandfoundation/xhd-wallet-api";
|
|
2
2
|
|
|
3
3
|
//#region packages/crypto/src/hd.ts
|
|
4
|
-
const verifyPath = (bip44Path) => {
|
|
5
|
-
if (bip44Path.length !== 5) throw new Error("BIP44 path must have exactly 5 elements");
|
|
6
|
-
if (bip44Path[0] !== harden(44)) throw new Error("BIP44 path must start with 44'");
|
|
7
|
-
if (bip44Path[1] !== harden(283)) throw new Error("BIP44 path must have hardened coin type 283' for Algorand");
|
|
8
|
-
};
|
|
9
|
-
const getPathComponents = (bip44Path) => {
|
|
10
|
-
return {
|
|
11
|
-
account: bip44Path[2],
|
|
12
|
-
index: bip44Path[4]
|
|
13
|
-
};
|
|
14
|
-
};
|
|
15
4
|
const xhd = new XHDWalletAPI();
|
|
16
5
|
const peikertXHdWalletGenerator = async (seed) => {
|
|
17
6
|
const seedArray = seed ?? new Uint8Array(32);
|
|
18
7
|
if (seed === void 0) crypto.getRandomValues(seedArray);
|
|
19
8
|
const rootKey = fromSeed(Buffer.from(seedArray));
|
|
20
|
-
const
|
|
21
|
-
|
|
22
|
-
const
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
hdRootKey: rootKey,
|
|
27
|
-
rawHdSigner
|
|
28
|
-
};
|
|
29
|
-
};
|
|
30
|
-
const peikertXHdAccountGenerator = async (rootKey, account, index) => {
|
|
31
|
-
const ed25519Pubkey = await xhd.keyGen(rootKey, KeyContext.Address, account, index, BIP32DerivationType.Peikert);
|
|
32
|
-
const rawEd25519Signer = async (bytesToSign) => {
|
|
33
|
-
return xhd.signAlgoTransaction(rootKey, KeyContext.Address, account, index, bytesToSign, BIP32DerivationType.Peikert);
|
|
34
|
-
};
|
|
35
|
-
return {
|
|
36
|
-
ed25519Pubkey,
|
|
37
|
-
rawEd25519Signer,
|
|
38
|
-
bip44Path: [
|
|
9
|
+
const accountGenerator = async (account, index) => {
|
|
10
|
+
const ed25519Pubkey = await xhd.keyGen(rootKey, KeyContext.Address, account, index, BIP32DerivationType.Peikert);
|
|
11
|
+
const rawEd25519Signer = async (bytesToSign) => {
|
|
12
|
+
return xhd.signAlgoTransaction(rootKey, KeyContext.Address, account, index, bytesToSign, BIP32DerivationType.Peikert);
|
|
13
|
+
};
|
|
14
|
+
const bip44Path = [
|
|
39
15
|
harden(44),
|
|
40
16
|
harden(283),
|
|
41
17
|
harden(account),
|
|
42
18
|
0,
|
|
43
19
|
index
|
|
44
|
-
]
|
|
20
|
+
];
|
|
21
|
+
return {
|
|
22
|
+
ed25519Pubkey,
|
|
23
|
+
rawEd25519Signer,
|
|
24
|
+
bip44Path,
|
|
25
|
+
extendedPrivateKey: await xhd.deriveKey(rootKey, bip44Path, true, BIP32DerivationType.Peikert)
|
|
26
|
+
};
|
|
27
|
+
};
|
|
28
|
+
return {
|
|
29
|
+
hdRootKey: rootKey,
|
|
30
|
+
accountGenerator
|
|
45
31
|
};
|
|
46
32
|
};
|
|
47
33
|
|
|
48
34
|
//#endregion
|
|
49
|
-
export {
|
|
35
|
+
export { peikertXHdWalletGenerator };
|
|
50
36
|
//# sourceMappingURL=hd.mjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hd.mjs","names":[],"sources":["../../../../packages/crypto/src/hd.ts"],"sourcesContent":["import { BIP32DerivationType, fromSeed, KeyContext, XHDWalletAPI, harden } from '@algorandfoundation/xhd-wallet-api'\nimport { RawEd25519Signer } from './ed25519'\
|
|
1
|
+
{"version":3,"file":"hd.mjs","names":[],"sources":["../../../../packages/crypto/src/hd.ts"],"sourcesContent":["import { BIP32DerivationType, fromSeed, KeyContext, XHDWalletAPI, harden } from '@algorandfoundation/xhd-wallet-api'\nimport { RawEd25519Signer } from './ed25519'\nexport type BIP44Path = [number, number, number, number, number]\n\nexport type HdWalletGenerator = (seed?: Uint8Array) => Promise<{\n hdRootKey: Uint8Array\n accountGenerator: HdAccountGenerator\n}>\n\nexport type HdAccountGenerator = (\n account: number,\n index: number,\n) => Promise<{\n /** The ed25519 public key corresponding to the generated account and index. */\n ed25519Pubkey: Uint8Array\n /** The extended ed25519 private key (96 bytes for scalar + prefix + chain code) corresponding to the generated account and index. */\n extendedPrivateKey: Uint8Array\n /** The BIP44 path used to derive the key for the generated account and index. */\n bip44Path: BIP44Path\n /** A signer function that can sign bytes using the ed25519 secret key corresponding to the generated account and index. */\n rawEd25519Signer: RawEd25519Signer\n}>\n\nconst xhd = new XHDWalletAPI()\n\nexport const peikertXHdWalletGenerator: HdWalletGenerator = async (seed?: Uint8Array) => {\n const seedArray = seed ?? new Uint8Array(32)\n if (seed === undefined) {\n crypto.getRandomValues(seedArray)\n }\n\n const rootKey = fromSeed(Buffer.from(seedArray))\n\n const accountGenerator: HdAccountGenerator = async (account: number, index: number) => {\n const ed25519Pubkey = await xhd.keyGen(rootKey, KeyContext.Address, account, index, BIP32DerivationType.Peikert)\n\n const rawEd25519Signer: RawEd25519Signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n return xhd.signAlgoTransaction(rootKey, KeyContext.Address, account, index, bytesToSign, BIP32DerivationType.Peikert)\n }\n\n const bip44Path: BIP44Path = [harden(44), harden(283), harden(account), 0, index]\n\n const xPrv = await xhd.deriveKey(rootKey, bip44Path, true, BIP32DerivationType.Peikert)\n\n return { ed25519Pubkey, rawEd25519Signer, bip44Path, extendedPrivateKey: xPrv }\n }\n\n return { hdRootKey: rootKey, accountGenerator }\n}\n\n/**\n * Represents a 96-byte `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` secret that can be unwrapped\n * for short-lived use and then re-wrapped.\n *\n * It should be noted that the `chain_code` is NOT used for signing. It can, however, be used for key derivation.\n * If your secret is only used for signing, it is recommended to only store the first 64 bytes in the secret store\n * and then pad the secret to 96 bytes in the unwrap function\n */\nexport type WrappedHdExtendedPrivateKey = {\n /**\n * Unwraps and returns the 96-byte HD `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code`.\n */\n unwrapHdExtendedPrivateKey: () => Promise<Uint8Array>\n /**\n * Re-wraps the `scalar (aka LHS or zL) || prefix (aka RHS or zR) || chain_code` after use.\n */\n wrapHdExtendedPrivateKey: () => Promise<void>\n}\n"],"mappings":";;;AAuBA,MAAM,MAAM,IAAI,cAAc;AAE9B,MAAa,4BAA+C,OAAO,SAAsB;CACvF,MAAM,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC5C,KAAI,SAAS,OACX,QAAO,gBAAgB,UAAU;CAGnC,MAAM,UAAU,SAAS,OAAO,KAAK,UAAU,CAAC;CAEhD,MAAM,mBAAuC,OAAO,SAAiB,UAAkB;EACrF,MAAM,gBAAgB,MAAM,IAAI,OAAO,SAAS,WAAW,SAAS,SAAS,OAAO,oBAAoB,QAAQ;EAEhH,MAAM,mBAAqC,OAAO,gBAAiD;AACjG,UAAO,IAAI,oBAAoB,SAAS,WAAW,SAAS,SAAS,OAAO,aAAa,oBAAoB,QAAQ;;EAGvH,MAAM,YAAuB;GAAC,OAAO,GAAG;GAAE,OAAO,IAAI;GAAE,OAAO,QAAQ;GAAE;GAAG;GAAM;AAIjF,SAAO;GAAE;GAAe;GAAkB;GAAW,oBAFxC,MAAM,IAAI,UAAU,SAAS,WAAW,MAAM,oBAAoB,QAAQ;GAER;;AAGjF,QAAO;EAAE,WAAW;EAAS;EAAkB"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { Ed25519Generator, Ed25519SigningKey, RawEd25519Signer, RawEd25519Verifier, WrappedEd25519Seed, ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier } from "./ed25519.js";
|
|
2
|
+
import { BIP44Path, HdAccountGenerator, HdWalletGenerator, WrappedHdExtendedPrivateKey, peikertXHdWalletGenerator } from "./hd.js";
|
|
3
|
+
import { hash } from "./hash.js";
|
|
4
|
+
|
|
5
|
+
//#region packages/crypto/src/index.d.ts
|
|
6
|
+
type WrappedEd25519Secret = WrappedEd25519Seed | WrappedHdExtendedPrivateKey;
|
|
7
|
+
/**
|
|
8
|
+
* Creates an Ed25519 signing key from a wrapped secret using the @noble/ed25519 implementation.
|
|
9
|
+
*
|
|
10
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
11
|
+
*
|
|
12
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the Ed25519 secret.
|
|
13
|
+
* @returns A promise that resolves to an Ed25519 signing key containing the public key and raw signer.
|
|
14
|
+
*/
|
|
15
|
+
declare const nobleEd25519SigningKeyFromWrappedSecret: (wrapUnwrap: WrappedEd25519Secret) => Promise<Ed25519SigningKey>;
|
|
16
|
+
/**
|
|
17
|
+
* Creates an ed25519 signing key from a wrapped secret using the default ed25519 implementation (currently @noble/ed25519).
|
|
18
|
+
* The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519SigningKeyFromWrappedSecret`.
|
|
19
|
+
*
|
|
20
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
21
|
+
*
|
|
22
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the ed25519 secret.
|
|
23
|
+
* @returns A promise that resolves to an ed25519 signing key with public key and raw signer.
|
|
24
|
+
*/
|
|
25
|
+
declare const ed25519SigningKeyFromWrappedSecret: (wrapUnwrap: WrappedEd25519Secret) => Promise<Ed25519SigningKey>;
|
|
26
|
+
//#endregion
|
|
27
|
+
export { WrappedEd25519Secret, ed25519SigningKeyFromWrappedSecret, nobleEd25519SigningKeyFromWrappedSecret };
|
|
28
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
const require_runtime = require('../../../_virtual/_rolldown/runtime.js');
|
|
2
|
+
const require_utils = require('../../../node_modules/@noble/curves/utils.js');
|
|
3
|
+
const require_modular = require('../../../node_modules/@noble/curves/abstract/modular.js');
|
|
4
|
+
const require_ed25519 = require('../../../node_modules/@noble/curves/ed25519.js');
|
|
5
|
+
const require_ed25519$1 = require('./ed25519.js');
|
|
6
|
+
const require_hash = require('./hash.js');
|
|
7
|
+
const require_hd = require('./hd.js');
|
|
8
|
+
let _noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
|
|
9
|
+
let _noble_ed25519 = require("@noble/ed25519");
|
|
10
|
+
_noble_ed25519 = require_runtime.__toESM(_noble_ed25519);
|
|
11
|
+
|
|
12
|
+
//#region packages/crypto/src/index.ts
|
|
13
|
+
const ED25519_SEED_LENGTH = 32;
|
|
14
|
+
const ED25519_EXTENDED_PRIVATE_KEY_LENGTH = 96;
|
|
15
|
+
const assertEd25519SecretLength = (secret, secretType) => {
|
|
16
|
+
let expectedLength;
|
|
17
|
+
switch (secretType) {
|
|
18
|
+
case "ed25519 seed":
|
|
19
|
+
expectedLength = ED25519_SEED_LENGTH;
|
|
20
|
+
break;
|
|
21
|
+
case "HD extended key":
|
|
22
|
+
expectedLength = ED25519_EXTENDED_PRIVATE_KEY_LENGTH;
|
|
23
|
+
break;
|
|
24
|
+
default: throw new Error(`Unknown secret type: ${secretType}`);
|
|
25
|
+
}
|
|
26
|
+
if (secret.length !== expectedLength) throw new Error(`Expected unwrapped ${secretType} to be ${expectedLength} bytes, got ${secret.length}.`);
|
|
27
|
+
};
|
|
28
|
+
const throwWrapUnwrapErrors = (operationError, wrapError, operationName) => {
|
|
29
|
+
throw new AggregateError([operationError, wrapError], `${operationName} failed and failed to re-wrap Ed25519 secret. Check both errors for details.`);
|
|
30
|
+
};
|
|
31
|
+
function rawSign(extendedSecretKey, data) {
|
|
32
|
+
const scalar = require_utils.bytesToNumberLE(extendedSecretKey.slice(0, 32));
|
|
33
|
+
const kR = extendedSecretKey.slice(32, 64);
|
|
34
|
+
const publicKey = rawPubkey(extendedSecretKey);
|
|
35
|
+
const r = require_modular.mod(require_utils.bytesToNumberLE((0, _noble_hashes_sha2_js.sha512)(new Uint8Array([...kR, ...data]))), require_ed25519.ed25519.Point.Fn.ORDER);
|
|
36
|
+
const R = require_ed25519.ed25519.Point.BASE.multiply(r);
|
|
37
|
+
const S = require_modular.mod(r + require_modular.mod(require_utils.bytesToNumberLE((0, _noble_hashes_sha2_js.sha512)(new Uint8Array([
|
|
38
|
+
...R.toBytes(),
|
|
39
|
+
...publicKey,
|
|
40
|
+
...data
|
|
41
|
+
]))), require_ed25519.ed25519.Point.Fn.ORDER) * scalar, require_ed25519.ed25519.Point.Fn.ORDER);
|
|
42
|
+
return new Uint8Array([...R.toBytes(), ...require_utils.numberToBytesLE(S, 32)]);
|
|
43
|
+
}
|
|
44
|
+
function rawPubkey(extendedSecretKey) {
|
|
45
|
+
const reducedScalar = require_modular.mod(require_utils.bytesToNumberLE(extendedSecretKey.slice(0, 32)) & (1n << 255n) - 1n, require_ed25519.ed25519.Point.Fn.ORDER);
|
|
46
|
+
return require_ed25519.ed25519.Point.BASE.multiply(reducedScalar).toBytes();
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Creates an Ed25519 signing key from a wrapped secret using the @noble/ed25519 implementation.
|
|
50
|
+
*
|
|
51
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
52
|
+
*
|
|
53
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the Ed25519 secret.
|
|
54
|
+
* @returns A promise that resolves to an Ed25519 signing key containing the public key and raw signer.
|
|
55
|
+
*/
|
|
56
|
+
const nobleEd25519SigningKeyFromWrappedSecret = async (wrapUnwrap) => {
|
|
57
|
+
let wrapFunction;
|
|
58
|
+
if ("wrapEd25519Seed" in wrapUnwrap) wrapFunction = wrapUnwrap.wrapEd25519Seed;
|
|
59
|
+
else if ("wrapHdExtendedPrivateKey" in wrapUnwrap) wrapFunction = wrapUnwrap.wrapHdExtendedPrivateKey;
|
|
60
|
+
else throw new Error("Invalid WrappedEd25519Secret: missing wrap function");
|
|
61
|
+
const signer = async (bytesToSign) => {
|
|
62
|
+
let secret = void 0;
|
|
63
|
+
let signature = void 0;
|
|
64
|
+
let signingError;
|
|
65
|
+
let wrapError;
|
|
66
|
+
try {
|
|
67
|
+
if ("unwrapEd25519Seed" in wrapUnwrap) {
|
|
68
|
+
secret = await wrapUnwrap.unwrapEd25519Seed();
|
|
69
|
+
assertEd25519SecretLength(secret, "ed25519 seed");
|
|
70
|
+
signature = await _noble_ed25519.signAsync(bytesToSign, secret);
|
|
71
|
+
} else if ("unwrapHdExtendedPrivateKey" in wrapUnwrap) {
|
|
72
|
+
secret = await wrapUnwrap.unwrapHdExtendedPrivateKey();
|
|
73
|
+
assertEd25519SecretLength(secret, "HD extended key");
|
|
74
|
+
signature = rawSign(secret.slice(0, 64), bytesToSign);
|
|
75
|
+
} else throw new Error("Invalid WrappedEd25519Secret: missing unwrap function");
|
|
76
|
+
} catch (error) {
|
|
77
|
+
signingError = error;
|
|
78
|
+
} finally {
|
|
79
|
+
try {
|
|
80
|
+
await wrapFunction();
|
|
81
|
+
} catch (error) {
|
|
82
|
+
wrapError = error;
|
|
83
|
+
} finally {
|
|
84
|
+
secret?.fill(0);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
if (signingError !== void 0 && wrapError !== void 0) throwWrapUnwrapErrors(signingError, wrapError, "Signing");
|
|
88
|
+
if (signingError !== void 0) throw signingError;
|
|
89
|
+
if (wrapError !== void 0) throw wrapError;
|
|
90
|
+
if (signature === void 0) throw new Error("Signing failed unexpectedly without an error.");
|
|
91
|
+
return signature;
|
|
92
|
+
};
|
|
93
|
+
let pubkey = void 0;
|
|
94
|
+
let pubkeyError;
|
|
95
|
+
let wrapError;
|
|
96
|
+
let secret = void 0;
|
|
97
|
+
try {
|
|
98
|
+
if ("unwrapEd25519Seed" in wrapUnwrap) {
|
|
99
|
+
secret = await wrapUnwrap.unwrapEd25519Seed();
|
|
100
|
+
assertEd25519SecretLength(secret, "ed25519 seed");
|
|
101
|
+
pubkey = await _noble_ed25519.getPublicKeyAsync(secret);
|
|
102
|
+
} else if ("unwrapHdExtendedPrivateKey" in wrapUnwrap) {
|
|
103
|
+
secret = await wrapUnwrap.unwrapHdExtendedPrivateKey();
|
|
104
|
+
assertEd25519SecretLength(secret, "HD extended key");
|
|
105
|
+
pubkey = rawPubkey(secret.slice(0, 64));
|
|
106
|
+
} else throw new Error("Invalid WrappedEd25519Secret: missing unwrap function");
|
|
107
|
+
} catch (error) {
|
|
108
|
+
pubkeyError = error;
|
|
109
|
+
} finally {
|
|
110
|
+
try {
|
|
111
|
+
await wrapFunction();
|
|
112
|
+
} catch (error) {
|
|
113
|
+
wrapError = error;
|
|
114
|
+
} finally {
|
|
115
|
+
secret?.fill(0);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
if (pubkeyError !== void 0 && wrapError !== void 0) throwWrapUnwrapErrors(pubkeyError, wrapError, "Deriving Ed25519 public key");
|
|
119
|
+
if (pubkeyError !== void 0) throw pubkeyError;
|
|
120
|
+
if (wrapError !== void 0) throw wrapError;
|
|
121
|
+
if (pubkey === void 0) throw new Error("Deriving Ed25519 public key failed unexpectedly without an error.");
|
|
122
|
+
return {
|
|
123
|
+
ed25519Pubkey: pubkey,
|
|
124
|
+
rawEd25519Signer: signer
|
|
125
|
+
};
|
|
126
|
+
};
|
|
127
|
+
/**
|
|
128
|
+
* Creates an ed25519 signing key from a wrapped secret using the default ed25519 implementation (currently @noble/ed25519).
|
|
129
|
+
* The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519SigningKeyFromWrappedSecret`.
|
|
130
|
+
*
|
|
131
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
132
|
+
*
|
|
133
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the ed25519 secret.
|
|
134
|
+
* @returns A promise that resolves to an ed25519 signing key with public key and raw signer.
|
|
135
|
+
*/
|
|
136
|
+
const ed25519SigningKeyFromWrappedSecret = nobleEd25519SigningKeyFromWrappedSecret;
|
|
137
|
+
|
|
138
|
+
//#endregion
|
|
139
|
+
exports.ed25519SigningKeyFromWrappedSecret = ed25519SigningKeyFromWrappedSecret;
|
|
140
|
+
exports.nobleEd25519SigningKeyFromWrappedSecret = nobleEd25519SigningKeyFromWrappedSecret;
|
|
141
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","names":["bytesToNumberLE","mod","ed25519","numberToBytesLE","ed"],"sources":["../../../../packages/crypto/src/index.ts"],"sourcesContent":["import { Ed25519SigningKey, WrappedEd25519Seed } from './ed25519'\nimport * as ed from '@noble/ed25519'\nimport { WrappedHdExtendedPrivateKey } from './hd'\nimport { ed25519 } from '@noble/curves/ed25519.js'\nimport { sha512 } from '@noble/hashes/sha2.js'\nimport { bytesToNumberLE, numberToBytesLE } from '@noble/curves/utils.js'\nimport { mod } from '@noble/curves/abstract/modular.js'\n\nexport * from './ed25519'\nexport * from './hash'\nexport * from './hd'\n\nexport type WrappedEd25519Secret = WrappedEd25519Seed | WrappedHdExtendedPrivateKey\n\nconst ED25519_SEED_LENGTH = 32\nconst ED25519_EXTENDED_PRIVATE_KEY_LENGTH = 96\n\nconst assertEd25519SecretLength = (secret: Uint8Array, secretType: 'ed25519 seed' | 'HD extended key'): void => {\n let expectedLength: number\n switch (secretType) {\n case 'ed25519 seed':\n expectedLength = ED25519_SEED_LENGTH\n break\n case 'HD extended key':\n expectedLength = ED25519_EXTENDED_PRIVATE_KEY_LENGTH\n break\n default:\n throw new Error(`Unknown secret type: ${secretType}`)\n }\n\n if (secret.length !== expectedLength) {\n throw new Error(`Expected unwrapped ${secretType} to be ${expectedLength} bytes, got ${secret.length}.`)\n }\n}\n\nconst throwWrapUnwrapErrors = (operationError: unknown, wrapError: unknown, operationName: string): never => {\n throw new AggregateError(\n [operationError, wrapError],\n `${operationName} failed and failed to re-wrap Ed25519 secret. Check both errors for details.`,\n )\n}\n\nfunction rawSign(extendedSecretKey: Uint8Array, data: Uint8Array): Uint8Array {\n const scalar = bytesToNumberLE(extendedSecretKey.slice(0, 32))\n\n const kR = extendedSecretKey.slice(32, 64)\n\n // (1): pubKey = scalar * G\n const publicKey = rawPubkey(extendedSecretKey)\n\n // (2): h = hash(kR || msg) mod q\n const rHash = sha512(new Uint8Array([...kR, ...data]))\n const r = mod(bytesToNumberLE(rHash), ed25519.Point.Fn.ORDER)\n\n // (4): R = r * G\n const R = ed25519.Point.BASE.multiply(r)\n\n // h = hash(R || pubKey || msg) mod q\n const hHash = sha512(new Uint8Array([...R.toBytes(), ...publicKey, ...data]))\n const h = mod(bytesToNumberLE(hHash), ed25519.Point.Fn.ORDER)\n\n // (5): S = (r + h * k) mod q\n const S = mod(r + h * scalar, ed25519.Point.Fn.ORDER)\n\n return new Uint8Array([...R.toBytes(), ...numberToBytesLE(S, 32)])\n}\n\nfunction rawPubkey(extendedSecretKey: Uint8Array): Uint8Array {\n const scalar = bytesToNumberLE(extendedSecretKey.slice(0, 32))\n const clearedTopBitScalar = scalar & ((1n << 255n) - 1n)\n const reducedScalar = mod(clearedTopBitScalar, ed25519.Point.Fn.ORDER)\n\n // pubKey = scalar * G\n const publicKey = ed25519.Point.BASE.multiply(reducedScalar)\n return publicKey.toBytes()\n}\n\n/**\n * Creates an Ed25519 signing key from a wrapped secret using the @noble/ed25519 implementation.\n *\n * NOTE: This function will zero out the unwrapped secret after the wrap function is called.\n *\n * @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the Ed25519 secret.\n * @returns A promise that resolves to an Ed25519 signing key containing the public key and raw signer.\n */\nexport const nobleEd25519SigningKeyFromWrappedSecret = async (wrapUnwrap: WrappedEd25519Secret): Promise<Ed25519SigningKey> => {\n let wrapFunction: () => Promise<void>\n if ('wrapEd25519Seed' in wrapUnwrap) {\n wrapFunction = wrapUnwrap.wrapEd25519Seed\n } else if ('wrapHdExtendedPrivateKey' in wrapUnwrap) {\n wrapFunction = wrapUnwrap.wrapHdExtendedPrivateKey\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing wrap function')\n }\n\n const signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n let secret: Uint8Array | undefined = undefined\n let signature: Uint8Array | undefined = undefined\n let signingError: unknown\n let wrapError: unknown\n try {\n if ('unwrapEd25519Seed' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapEd25519Seed()\n assertEd25519SecretLength(secret, 'ed25519 seed')\n signature = await ed.signAsync(bytesToSign, secret)\n } else if ('unwrapHdExtendedPrivateKey' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapHdExtendedPrivateKey()\n assertEd25519SecretLength(secret, 'HD extended key')\n signature = rawSign(secret.slice(0, 64), bytesToSign)\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing unwrap function')\n }\n } catch (error) {\n signingError = error\n } finally {\n try {\n await wrapFunction()\n } catch (error) {\n wrapError = error\n } finally {\n secret?.fill(0)\n }\n }\n\n if (signingError !== undefined && wrapError !== undefined) {\n throwWrapUnwrapErrors(signingError, wrapError, 'Signing')\n }\n\n if (signingError !== undefined) {\n throw signingError\n }\n\n if (wrapError !== undefined) {\n throw wrapError\n }\n\n if (signature === undefined) {\n throw new Error('Signing failed unexpectedly without an error.')\n }\n\n return signature\n }\n\n let pubkey: Uint8Array | undefined = undefined\n let pubkeyError: unknown\n let wrapError: unknown\n let secret: Uint8Array | undefined = undefined\n try {\n if ('unwrapEd25519Seed' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapEd25519Seed()\n assertEd25519SecretLength(secret, 'ed25519 seed')\n pubkey = await ed.getPublicKeyAsync(secret)\n } else if ('unwrapHdExtendedPrivateKey' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapHdExtendedPrivateKey()\n assertEd25519SecretLength(secret, 'HD extended key')\n pubkey = rawPubkey(secret.slice(0, 64))\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing unwrap function')\n }\n } catch (error) {\n pubkeyError = error\n } finally {\n try {\n await wrapFunction()\n } catch (error) {\n wrapError = error\n } finally {\n secret?.fill(0)\n }\n }\n\n if (pubkeyError !== undefined && wrapError !== undefined) {\n throwWrapUnwrapErrors(pubkeyError, wrapError, 'Deriving Ed25519 public key')\n }\n\n if (pubkeyError !== undefined) {\n throw pubkeyError\n }\n\n if (wrapError !== undefined) {\n throw wrapError\n }\n\n if (pubkey === undefined) {\n throw new Error('Deriving Ed25519 public key failed unexpectedly without an error.')\n }\n\n return {\n ed25519Pubkey: pubkey,\n rawEd25519Signer: signer,\n }\n}\n\n/**\n * Creates an ed25519 signing key from a wrapped secret using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519SigningKeyFromWrappedSecret`.\n *\n * NOTE: This function will zero out the unwrapped secret after the wrap function is called.\n *\n * @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the ed25519 secret.\n * @returns A promise that resolves to an ed25519 signing key with public key and raw signer.\n */\nexport const ed25519SigningKeyFromWrappedSecret = nobleEd25519SigningKeyFromWrappedSecret\n"],"mappings":";;;;;;;;;;;;AAcA,MAAM,sBAAsB;AAC5B,MAAM,sCAAsC;AAE5C,MAAM,6BAA6B,QAAoB,eAAyD;CAC9G,IAAI;AACJ,SAAQ,YAAR;EACE,KAAK;AACH,oBAAiB;AACjB;EACF,KAAK;AACH,oBAAiB;AACjB;EACF,QACE,OAAM,IAAI,MAAM,wBAAwB,aAAa;;AAGzD,KAAI,OAAO,WAAW,eACpB,OAAM,IAAI,MAAM,sBAAsB,WAAW,SAAS,eAAe,cAAc,OAAO,OAAO,GAAG;;AAI5G,MAAM,yBAAyB,gBAAyB,WAAoB,kBAAiC;AAC3G,OAAM,IAAI,eACR,CAAC,gBAAgB,UAAU,EAC3B,GAAG,cAAc,8EAClB;;AAGH,SAAS,QAAQ,mBAA+B,MAA8B;CAC5E,MAAM,SAASA,8BAAgB,kBAAkB,MAAM,GAAG,GAAG,CAAC;CAE9D,MAAM,KAAK,kBAAkB,MAAM,IAAI,GAAG;CAG1C,MAAM,YAAY,UAAU,kBAAkB;CAI9C,MAAM,IAAIC,oBAAID,gEADO,IAAI,WAAW,CAAC,GAAG,IAAI,GAAG,KAAK,CAAC,CAAC,CAClB,EAAEE,wBAAQ,MAAM,GAAG,MAAM;CAG7D,MAAM,IAAIA,wBAAQ,MAAM,KAAK,SAAS,EAAE;CAOxC,MAAM,IAAID,oBAAI,IAHJA,oBAAID,gEADO,IAAI,WAAW;EAAC,GAAG,EAAE,SAAS;EAAE,GAAG;EAAW,GAAG;EAAK,CAAC,CAAC,CACzC,EAAEE,wBAAQ,MAAM,GAAG,MAAM,GAGvC,QAAQA,wBAAQ,MAAM,GAAG,MAAM;AAErD,QAAO,IAAI,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,GAAGC,8BAAgB,GAAG,GAAG,CAAC,CAAC;;AAGpE,SAAS,UAAU,mBAA2C;CAG5D,MAAM,gBAAgBF,oBAFPD,8BAAgB,kBAAkB,MAAM,GAAG,GAAG,CAAC,IACvB,MAAM,QAAQ,IACNE,wBAAQ,MAAM,GAAG,MAAM;AAItE,QADkBA,wBAAQ,MAAM,KAAK,SAAS,cAAc,CAC3C,SAAS;;;;;;;;;;AAW5B,MAAa,0CAA0C,OAAO,eAAiE;CAC7H,IAAI;AACJ,KAAI,qBAAqB,WACvB,gBAAe,WAAW;UACjB,8BAA8B,WACvC,gBAAe,WAAW;KAE1B,OAAM,IAAI,MAAM,sDAAsD;CAGxE,MAAM,SAAS,OAAO,gBAAiD;EACrE,IAAI,SAAiC;EACrC,IAAI,YAAoC;EACxC,IAAI;EACJ,IAAI;AACJ,MAAI;AACF,OAAI,uBAAuB,YAAY;AACrC,aAAS,MAAM,WAAW,mBAAmB;AAC7C,8BAA0B,QAAQ,eAAe;AACjD,gBAAY,MAAME,eAAG,UAAU,aAAa,OAAO;cAC1C,gCAAgC,YAAY;AACrD,aAAS,MAAM,WAAW,4BAA4B;AACtD,8BAA0B,QAAQ,kBAAkB;AACpD,gBAAY,QAAQ,OAAO,MAAM,GAAG,GAAG,EAAE,YAAY;SAErD,OAAM,IAAI,MAAM,wDAAwD;WAEnE,OAAO;AACd,kBAAe;YACP;AACR,OAAI;AACF,UAAM,cAAc;YACb,OAAO;AACd,gBAAY;aACJ;AACR,YAAQ,KAAK,EAAE;;;AAInB,MAAI,iBAAiB,UAAa,cAAc,OAC9C,uBAAsB,cAAc,WAAW,UAAU;AAG3D,MAAI,iBAAiB,OACnB,OAAM;AAGR,MAAI,cAAc,OAChB,OAAM;AAGR,MAAI,cAAc,OAChB,OAAM,IAAI,MAAM,gDAAgD;AAGlE,SAAO;;CAGT,IAAI,SAAiC;CACrC,IAAI;CACJ,IAAI;CACJ,IAAI,SAAiC;AACrC,KAAI;AACF,MAAI,uBAAuB,YAAY;AACrC,YAAS,MAAM,WAAW,mBAAmB;AAC7C,6BAA0B,QAAQ,eAAe;AACjD,YAAS,MAAMA,eAAG,kBAAkB,OAAO;aAClC,gCAAgC,YAAY;AACrD,YAAS,MAAM,WAAW,4BAA4B;AACtD,6BAA0B,QAAQ,kBAAkB;AACpD,YAAS,UAAU,OAAO,MAAM,GAAG,GAAG,CAAC;QAEvC,OAAM,IAAI,MAAM,wDAAwD;UAEnE,OAAO;AACd,gBAAc;WACN;AACR,MAAI;AACF,SAAM,cAAc;WACb,OAAO;AACd,eAAY;YACJ;AACR,WAAQ,KAAK,EAAE;;;AAInB,KAAI,gBAAgB,UAAa,cAAc,OAC7C,uBAAsB,aAAa,WAAW,8BAA8B;AAG9E,KAAI,gBAAgB,OAClB,OAAM;AAGR,KAAI,cAAc,OAChB,OAAM;AAGR,KAAI,WAAW,OACb,OAAM,IAAI,MAAM,oEAAoE;AAGtF,QAAO;EACL,eAAe;EACf,kBAAkB;EACnB;;;;;;;;;;;AAYH,MAAa,qCAAqC"}
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
import { bytesToNumberLE, numberToBytesLE } from "../../../node_modules/@noble/curves/utils.mjs";
|
|
2
|
+
import { mod } from "../../../node_modules/@noble/curves/abstract/modular.mjs";
|
|
3
|
+
import { ed25519 } from "../../../node_modules/@noble/curves/ed25519.mjs";
|
|
4
|
+
import { ed25519Generator, ed25519Verifier, nobleEd25519Generator, nobleEd25519Verifier } from "./ed25519.mjs";
|
|
5
|
+
import { hash } from "./hash.mjs";
|
|
6
|
+
import { peikertXHdWalletGenerator } from "./hd.mjs";
|
|
7
|
+
import { sha512 } from "@noble/hashes/sha2.js";
|
|
8
|
+
import * as ed from "@noble/ed25519";
|
|
9
|
+
|
|
10
|
+
//#region packages/crypto/src/index.ts
|
|
11
|
+
const ED25519_SEED_LENGTH = 32;
|
|
12
|
+
const ED25519_EXTENDED_PRIVATE_KEY_LENGTH = 96;
|
|
13
|
+
const assertEd25519SecretLength = (secret, secretType) => {
|
|
14
|
+
let expectedLength;
|
|
15
|
+
switch (secretType) {
|
|
16
|
+
case "ed25519 seed":
|
|
17
|
+
expectedLength = ED25519_SEED_LENGTH;
|
|
18
|
+
break;
|
|
19
|
+
case "HD extended key":
|
|
20
|
+
expectedLength = ED25519_EXTENDED_PRIVATE_KEY_LENGTH;
|
|
21
|
+
break;
|
|
22
|
+
default: throw new Error(`Unknown secret type: ${secretType}`);
|
|
23
|
+
}
|
|
24
|
+
if (secret.length !== expectedLength) throw new Error(`Expected unwrapped ${secretType} to be ${expectedLength} bytes, got ${secret.length}.`);
|
|
25
|
+
};
|
|
26
|
+
const throwWrapUnwrapErrors = (operationError, wrapError, operationName) => {
|
|
27
|
+
throw new AggregateError([operationError, wrapError], `${operationName} failed and failed to re-wrap Ed25519 secret. Check both errors for details.`);
|
|
28
|
+
};
|
|
29
|
+
function rawSign(extendedSecretKey, data) {
|
|
30
|
+
const scalar = bytesToNumberLE(extendedSecretKey.slice(0, 32));
|
|
31
|
+
const kR = extendedSecretKey.slice(32, 64);
|
|
32
|
+
const publicKey = rawPubkey(extendedSecretKey);
|
|
33
|
+
const r = mod(bytesToNumberLE(sha512(new Uint8Array([...kR, ...data]))), ed25519.Point.Fn.ORDER);
|
|
34
|
+
const R = ed25519.Point.BASE.multiply(r);
|
|
35
|
+
const S = mod(r + mod(bytesToNumberLE(sha512(new Uint8Array([
|
|
36
|
+
...R.toBytes(),
|
|
37
|
+
...publicKey,
|
|
38
|
+
...data
|
|
39
|
+
]))), ed25519.Point.Fn.ORDER) * scalar, ed25519.Point.Fn.ORDER);
|
|
40
|
+
return new Uint8Array([...R.toBytes(), ...numberToBytesLE(S, 32)]);
|
|
41
|
+
}
|
|
42
|
+
function rawPubkey(extendedSecretKey) {
|
|
43
|
+
const reducedScalar = mod(bytesToNumberLE(extendedSecretKey.slice(0, 32)) & (1n << 255n) - 1n, ed25519.Point.Fn.ORDER);
|
|
44
|
+
return ed25519.Point.BASE.multiply(reducedScalar).toBytes();
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Creates an Ed25519 signing key from a wrapped secret using the @noble/ed25519 implementation.
|
|
48
|
+
*
|
|
49
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
50
|
+
*
|
|
51
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the Ed25519 secret.
|
|
52
|
+
* @returns A promise that resolves to an Ed25519 signing key containing the public key and raw signer.
|
|
53
|
+
*/
|
|
54
|
+
const nobleEd25519SigningKeyFromWrappedSecret = async (wrapUnwrap) => {
|
|
55
|
+
let wrapFunction;
|
|
56
|
+
if ("wrapEd25519Seed" in wrapUnwrap) wrapFunction = wrapUnwrap.wrapEd25519Seed;
|
|
57
|
+
else if ("wrapHdExtendedPrivateKey" in wrapUnwrap) wrapFunction = wrapUnwrap.wrapHdExtendedPrivateKey;
|
|
58
|
+
else throw new Error("Invalid WrappedEd25519Secret: missing wrap function");
|
|
59
|
+
const signer = async (bytesToSign) => {
|
|
60
|
+
let secret = void 0;
|
|
61
|
+
let signature = void 0;
|
|
62
|
+
let signingError;
|
|
63
|
+
let wrapError;
|
|
64
|
+
try {
|
|
65
|
+
if ("unwrapEd25519Seed" in wrapUnwrap) {
|
|
66
|
+
secret = await wrapUnwrap.unwrapEd25519Seed();
|
|
67
|
+
assertEd25519SecretLength(secret, "ed25519 seed");
|
|
68
|
+
signature = await ed.signAsync(bytesToSign, secret);
|
|
69
|
+
} else if ("unwrapHdExtendedPrivateKey" in wrapUnwrap) {
|
|
70
|
+
secret = await wrapUnwrap.unwrapHdExtendedPrivateKey();
|
|
71
|
+
assertEd25519SecretLength(secret, "HD extended key");
|
|
72
|
+
signature = rawSign(secret.slice(0, 64), bytesToSign);
|
|
73
|
+
} else throw new Error("Invalid WrappedEd25519Secret: missing unwrap function");
|
|
74
|
+
} catch (error) {
|
|
75
|
+
signingError = error;
|
|
76
|
+
} finally {
|
|
77
|
+
try {
|
|
78
|
+
await wrapFunction();
|
|
79
|
+
} catch (error) {
|
|
80
|
+
wrapError = error;
|
|
81
|
+
} finally {
|
|
82
|
+
secret?.fill(0);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
if (signingError !== void 0 && wrapError !== void 0) throwWrapUnwrapErrors(signingError, wrapError, "Signing");
|
|
86
|
+
if (signingError !== void 0) throw signingError;
|
|
87
|
+
if (wrapError !== void 0) throw wrapError;
|
|
88
|
+
if (signature === void 0) throw new Error("Signing failed unexpectedly without an error.");
|
|
89
|
+
return signature;
|
|
90
|
+
};
|
|
91
|
+
let pubkey = void 0;
|
|
92
|
+
let pubkeyError;
|
|
93
|
+
let wrapError;
|
|
94
|
+
let secret = void 0;
|
|
95
|
+
try {
|
|
96
|
+
if ("unwrapEd25519Seed" in wrapUnwrap) {
|
|
97
|
+
secret = await wrapUnwrap.unwrapEd25519Seed();
|
|
98
|
+
assertEd25519SecretLength(secret, "ed25519 seed");
|
|
99
|
+
pubkey = await ed.getPublicKeyAsync(secret);
|
|
100
|
+
} else if ("unwrapHdExtendedPrivateKey" in wrapUnwrap) {
|
|
101
|
+
secret = await wrapUnwrap.unwrapHdExtendedPrivateKey();
|
|
102
|
+
assertEd25519SecretLength(secret, "HD extended key");
|
|
103
|
+
pubkey = rawPubkey(secret.slice(0, 64));
|
|
104
|
+
} else throw new Error("Invalid WrappedEd25519Secret: missing unwrap function");
|
|
105
|
+
} catch (error) {
|
|
106
|
+
pubkeyError = error;
|
|
107
|
+
} finally {
|
|
108
|
+
try {
|
|
109
|
+
await wrapFunction();
|
|
110
|
+
} catch (error) {
|
|
111
|
+
wrapError = error;
|
|
112
|
+
} finally {
|
|
113
|
+
secret?.fill(0);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
if (pubkeyError !== void 0 && wrapError !== void 0) throwWrapUnwrapErrors(pubkeyError, wrapError, "Deriving Ed25519 public key");
|
|
117
|
+
if (pubkeyError !== void 0) throw pubkeyError;
|
|
118
|
+
if (wrapError !== void 0) throw wrapError;
|
|
119
|
+
if (pubkey === void 0) throw new Error("Deriving Ed25519 public key failed unexpectedly without an error.");
|
|
120
|
+
return {
|
|
121
|
+
ed25519Pubkey: pubkey,
|
|
122
|
+
rawEd25519Signer: signer
|
|
123
|
+
};
|
|
124
|
+
};
|
|
125
|
+
/**
|
|
126
|
+
* Creates an ed25519 signing key from a wrapped secret using the default ed25519 implementation (currently @noble/ed25519).
|
|
127
|
+
* The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519SigningKeyFromWrappedSecret`.
|
|
128
|
+
*
|
|
129
|
+
* NOTE: This function will zero out the unwrapped secret after the wrap function is called.
|
|
130
|
+
*
|
|
131
|
+
* @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the ed25519 secret.
|
|
132
|
+
* @returns A promise that resolves to an ed25519 signing key with public key and raw signer.
|
|
133
|
+
*/
|
|
134
|
+
const ed25519SigningKeyFromWrappedSecret = nobleEd25519SigningKeyFromWrappedSecret;
|
|
135
|
+
|
|
136
|
+
//#endregion
|
|
137
|
+
export { ed25519SigningKeyFromWrappedSecret, nobleEd25519SigningKeyFromWrappedSecret };
|
|
138
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","names":[],"sources":["../../../../packages/crypto/src/index.ts"],"sourcesContent":["import { Ed25519SigningKey, WrappedEd25519Seed } from './ed25519'\nimport * as ed from '@noble/ed25519'\nimport { WrappedHdExtendedPrivateKey } from './hd'\nimport { ed25519 } from '@noble/curves/ed25519.js'\nimport { sha512 } from '@noble/hashes/sha2.js'\nimport { bytesToNumberLE, numberToBytesLE } from '@noble/curves/utils.js'\nimport { mod } from '@noble/curves/abstract/modular.js'\n\nexport * from './ed25519'\nexport * from './hash'\nexport * from './hd'\n\nexport type WrappedEd25519Secret = WrappedEd25519Seed | WrappedHdExtendedPrivateKey\n\nconst ED25519_SEED_LENGTH = 32\nconst ED25519_EXTENDED_PRIVATE_KEY_LENGTH = 96\n\nconst assertEd25519SecretLength = (secret: Uint8Array, secretType: 'ed25519 seed' | 'HD extended key'): void => {\n let expectedLength: number\n switch (secretType) {\n case 'ed25519 seed':\n expectedLength = ED25519_SEED_LENGTH\n break\n case 'HD extended key':\n expectedLength = ED25519_EXTENDED_PRIVATE_KEY_LENGTH\n break\n default:\n throw new Error(`Unknown secret type: ${secretType}`)\n }\n\n if (secret.length !== expectedLength) {\n throw new Error(`Expected unwrapped ${secretType} to be ${expectedLength} bytes, got ${secret.length}.`)\n }\n}\n\nconst throwWrapUnwrapErrors = (operationError: unknown, wrapError: unknown, operationName: string): never => {\n throw new AggregateError(\n [operationError, wrapError],\n `${operationName} failed and failed to re-wrap Ed25519 secret. Check both errors for details.`,\n )\n}\n\nfunction rawSign(extendedSecretKey: Uint8Array, data: Uint8Array): Uint8Array {\n const scalar = bytesToNumberLE(extendedSecretKey.slice(0, 32))\n\n const kR = extendedSecretKey.slice(32, 64)\n\n // (1): pubKey = scalar * G\n const publicKey = rawPubkey(extendedSecretKey)\n\n // (2): h = hash(kR || msg) mod q\n const rHash = sha512(new Uint8Array([...kR, ...data]))\n const r = mod(bytesToNumberLE(rHash), ed25519.Point.Fn.ORDER)\n\n // (4): R = r * G\n const R = ed25519.Point.BASE.multiply(r)\n\n // h = hash(R || pubKey || msg) mod q\n const hHash = sha512(new Uint8Array([...R.toBytes(), ...publicKey, ...data]))\n const h = mod(bytesToNumberLE(hHash), ed25519.Point.Fn.ORDER)\n\n // (5): S = (r + h * k) mod q\n const S = mod(r + h * scalar, ed25519.Point.Fn.ORDER)\n\n return new Uint8Array([...R.toBytes(), ...numberToBytesLE(S, 32)])\n}\n\nfunction rawPubkey(extendedSecretKey: Uint8Array): Uint8Array {\n const scalar = bytesToNumberLE(extendedSecretKey.slice(0, 32))\n const clearedTopBitScalar = scalar & ((1n << 255n) - 1n)\n const reducedScalar = mod(clearedTopBitScalar, ed25519.Point.Fn.ORDER)\n\n // pubKey = scalar * G\n const publicKey = ed25519.Point.BASE.multiply(reducedScalar)\n return publicKey.toBytes()\n}\n\n/**\n * Creates an Ed25519 signing key from a wrapped secret using the @noble/ed25519 implementation.\n *\n * NOTE: This function will zero out the unwrapped secret after the wrap function is called.\n *\n * @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the Ed25519 secret.\n * @returns A promise that resolves to an Ed25519 signing key containing the public key and raw signer.\n */\nexport const nobleEd25519SigningKeyFromWrappedSecret = async (wrapUnwrap: WrappedEd25519Secret): Promise<Ed25519SigningKey> => {\n let wrapFunction: () => Promise<void>\n if ('wrapEd25519Seed' in wrapUnwrap) {\n wrapFunction = wrapUnwrap.wrapEd25519Seed\n } else if ('wrapHdExtendedPrivateKey' in wrapUnwrap) {\n wrapFunction = wrapUnwrap.wrapHdExtendedPrivateKey\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing wrap function')\n }\n\n const signer = async (bytesToSign: Uint8Array): Promise<Uint8Array> => {\n let secret: Uint8Array | undefined = undefined\n let signature: Uint8Array | undefined = undefined\n let signingError: unknown\n let wrapError: unknown\n try {\n if ('unwrapEd25519Seed' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapEd25519Seed()\n assertEd25519SecretLength(secret, 'ed25519 seed')\n signature = await ed.signAsync(bytesToSign, secret)\n } else if ('unwrapHdExtendedPrivateKey' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapHdExtendedPrivateKey()\n assertEd25519SecretLength(secret, 'HD extended key')\n signature = rawSign(secret.slice(0, 64), bytesToSign)\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing unwrap function')\n }\n } catch (error) {\n signingError = error\n } finally {\n try {\n await wrapFunction()\n } catch (error) {\n wrapError = error\n } finally {\n secret?.fill(0)\n }\n }\n\n if (signingError !== undefined && wrapError !== undefined) {\n throwWrapUnwrapErrors(signingError, wrapError, 'Signing')\n }\n\n if (signingError !== undefined) {\n throw signingError\n }\n\n if (wrapError !== undefined) {\n throw wrapError\n }\n\n if (signature === undefined) {\n throw new Error('Signing failed unexpectedly without an error.')\n }\n\n return signature\n }\n\n let pubkey: Uint8Array | undefined = undefined\n let pubkeyError: unknown\n let wrapError: unknown\n let secret: Uint8Array | undefined = undefined\n try {\n if ('unwrapEd25519Seed' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapEd25519Seed()\n assertEd25519SecretLength(secret, 'ed25519 seed')\n pubkey = await ed.getPublicKeyAsync(secret)\n } else if ('unwrapHdExtendedPrivateKey' in wrapUnwrap) {\n secret = await wrapUnwrap.unwrapHdExtendedPrivateKey()\n assertEd25519SecretLength(secret, 'HD extended key')\n pubkey = rawPubkey(secret.slice(0, 64))\n } else {\n throw new Error('Invalid WrappedEd25519Secret: missing unwrap function')\n }\n } catch (error) {\n pubkeyError = error\n } finally {\n try {\n await wrapFunction()\n } catch (error) {\n wrapError = error\n } finally {\n secret?.fill(0)\n }\n }\n\n if (pubkeyError !== undefined && wrapError !== undefined) {\n throwWrapUnwrapErrors(pubkeyError, wrapError, 'Deriving Ed25519 public key')\n }\n\n if (pubkeyError !== undefined) {\n throw pubkeyError\n }\n\n if (wrapError !== undefined) {\n throw wrapError\n }\n\n if (pubkey === undefined) {\n throw new Error('Deriving Ed25519 public key failed unexpectedly without an error.')\n }\n\n return {\n ed25519Pubkey: pubkey,\n rawEd25519Signer: signer,\n }\n}\n\n/**\n * Creates an ed25519 signing key from a wrapped secret using the default ed25519 implementation (currently @noble/ed25519).\n * The implementation may change in the future. To explicitly use the @noble/ed25519 implementation, use `nobleEd25519SigningKeyFromWrappedSecret`.\n *\n * NOTE: This function will zero out the unwrapped secret after the wrap function is called.\n *\n * @param wrapUnwrap - The wrapped secret provider that unwraps and re-wraps the ed25519 secret.\n * @returns A promise that resolves to an ed25519 signing key with public key and raw signer.\n */\nexport const ed25519SigningKeyFromWrappedSecret = nobleEd25519SigningKeyFromWrappedSecret\n"],"mappings":";;;;;;;;;;AAcA,MAAM,sBAAsB;AAC5B,MAAM,sCAAsC;AAE5C,MAAM,6BAA6B,QAAoB,eAAyD;CAC9G,IAAI;AACJ,SAAQ,YAAR;EACE,KAAK;AACH,oBAAiB;AACjB;EACF,KAAK;AACH,oBAAiB;AACjB;EACF,QACE,OAAM,IAAI,MAAM,wBAAwB,aAAa;;AAGzD,KAAI,OAAO,WAAW,eACpB,OAAM,IAAI,MAAM,sBAAsB,WAAW,SAAS,eAAe,cAAc,OAAO,OAAO,GAAG;;AAI5G,MAAM,yBAAyB,gBAAyB,WAAoB,kBAAiC;AAC3G,OAAM,IAAI,eACR,CAAC,gBAAgB,UAAU,EAC3B,GAAG,cAAc,8EAClB;;AAGH,SAAS,QAAQ,mBAA+B,MAA8B;CAC5E,MAAM,SAAS,gBAAgB,kBAAkB,MAAM,GAAG,GAAG,CAAC;CAE9D,MAAM,KAAK,kBAAkB,MAAM,IAAI,GAAG;CAG1C,MAAM,YAAY,UAAU,kBAAkB;CAI9C,MAAM,IAAI,IAAI,gBADA,OAAO,IAAI,WAAW,CAAC,GAAG,IAAI,GAAG,KAAK,CAAC,CAAC,CAClB,EAAE,QAAQ,MAAM,GAAG,MAAM;CAG7D,MAAM,IAAI,QAAQ,MAAM,KAAK,SAAS,EAAE;CAOxC,MAAM,IAAI,IAAI,IAHJ,IAAI,gBADA,OAAO,IAAI,WAAW;EAAC,GAAG,EAAE,SAAS;EAAE,GAAG;EAAW,GAAG;EAAK,CAAC,CAAC,CACzC,EAAE,QAAQ,MAAM,GAAG,MAAM,GAGvC,QAAQ,QAAQ,MAAM,GAAG,MAAM;AAErD,QAAO,IAAI,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,gBAAgB,GAAG,GAAG,CAAC,CAAC;;AAGpE,SAAS,UAAU,mBAA2C;CAG5D,MAAM,gBAAgB,IAFP,gBAAgB,kBAAkB,MAAM,GAAG,GAAG,CAAC,IACvB,MAAM,QAAQ,IACN,QAAQ,MAAM,GAAG,MAAM;AAItE,QADkB,QAAQ,MAAM,KAAK,SAAS,cAAc,CAC3C,SAAS;;;;;;;;;;AAW5B,MAAa,0CAA0C,OAAO,eAAiE;CAC7H,IAAI;AACJ,KAAI,qBAAqB,WACvB,gBAAe,WAAW;UACjB,8BAA8B,WACvC,gBAAe,WAAW;KAE1B,OAAM,IAAI,MAAM,sDAAsD;CAGxE,MAAM,SAAS,OAAO,gBAAiD;EACrE,IAAI,SAAiC;EACrC,IAAI,YAAoC;EACxC,IAAI;EACJ,IAAI;AACJ,MAAI;AACF,OAAI,uBAAuB,YAAY;AACrC,aAAS,MAAM,WAAW,mBAAmB;AAC7C,8BAA0B,QAAQ,eAAe;AACjD,gBAAY,MAAM,GAAG,UAAU,aAAa,OAAO;cAC1C,gCAAgC,YAAY;AACrD,aAAS,MAAM,WAAW,4BAA4B;AACtD,8BAA0B,QAAQ,kBAAkB;AACpD,gBAAY,QAAQ,OAAO,MAAM,GAAG,GAAG,EAAE,YAAY;SAErD,OAAM,IAAI,MAAM,wDAAwD;WAEnE,OAAO;AACd,kBAAe;YACP;AACR,OAAI;AACF,UAAM,cAAc;YACb,OAAO;AACd,gBAAY;aACJ;AACR,YAAQ,KAAK,EAAE;;;AAInB,MAAI,iBAAiB,UAAa,cAAc,OAC9C,uBAAsB,cAAc,WAAW,UAAU;AAG3D,MAAI,iBAAiB,OACnB,OAAM;AAGR,MAAI,cAAc,OAChB,OAAM;AAGR,MAAI,cAAc,OAChB,OAAM,IAAI,MAAM,gDAAgD;AAGlE,SAAO;;CAGT,IAAI,SAAiC;CACrC,IAAI;CACJ,IAAI;CACJ,IAAI,SAAiC;AACrC,KAAI;AACF,MAAI,uBAAuB,YAAY;AACrC,YAAS,MAAM,WAAW,mBAAmB;AAC7C,6BAA0B,QAAQ,eAAe;AACjD,YAAS,MAAM,GAAG,kBAAkB,OAAO;aAClC,gCAAgC,YAAY;AACrD,YAAS,MAAM,WAAW,4BAA4B;AACtD,6BAA0B,QAAQ,kBAAkB;AACpD,YAAS,UAAU,OAAO,MAAM,GAAG,GAAG,CAAC;QAEvC,OAAM,IAAI,MAAM,wDAAwD;UAEnE,OAAO;AACd,gBAAc;WACN;AACR,MAAI;AACF,SAAM,cAAc;WACb,OAAO;AACd,eAAY;YACJ;AACR,WAAQ,KAAK,EAAE;;;AAInB,KAAI,gBAAgB,UAAa,cAAc,OAC7C,uBAAsB,aAAa,WAAW,8BAA8B;AAG9E,KAAI,gBAAgB,OAClB,OAAM;AAGR,KAAI,cAAc,OAChB,OAAM;AAGR,KAAI,WAAW,OACb,OAAM,IAAI,MAAM,oEAAoE;AAGtF,QAAO;EACL,eAAe;EACf,kBAAkB;EACnB;;;;;;;;;;;AAYH,MAAa,qCAAqC"}
|