@arkade-os/sdk 0.0.16

package/dist/esm/tree/signingSession.js

@@ -0,0 +1,200 @@
+import * as musig2 from '../musig2/index.js';
+import { getCosignerKeys } from './vtxoTree.js';
+import { Script, SigHash, Transaction } from "@scure/btc-signer";
+import { base64, hex } from "@scure/base";
+import { schnorr, secp256k1 } from "@noble/curves/secp256k1";
+import { randomPrivateKeyBytes } from "@scure/btc-signer/utils";
+export const ErrMissingVtxoTree = new Error("missing vtxo tree");
+export const ErrMissingAggregateKey = new Error("missing aggregate key");
+export class TreeSignerSession {
+    constructor(secretKey) {
+        this.secretKey = secretKey;
+        this.myNonces = null;
+        this.aggregateNonces = null;
+        this.tree = null;
+        this.scriptRoot = null;
+        this.rootSharedOutputAmount = null;
+    }
+    static random() {
+        const secretKey = randomPrivateKeyBytes();
+        return new TreeSignerSession(secretKey);
+    }
+    init(tree, scriptRoot, rootInputAmount) {
+        this.tree = tree;
+        this.scriptRoot = scriptRoot;
+        this.rootSharedOutputAmount = rootInputAmount;
+    }
+    getPublicKey() {
+        return secp256k1.getPublicKey(this.secretKey);
+    }
+    getNonces() {
+        if (!this.tree)
+            throw ErrMissingVtxoTree;
+        if (!this.myNonces) {
+            this.myNonces = this.generateNonces();
+        }
+        const nonces = [];
+        for (const levelNonces of this.myNonces) {
+            const levelPubNonces = [];
+            for (const nonce of levelNonces) {
+                if (!nonce) {
+                    levelPubNonces.push(null);
+                    continue;
+                }
+                levelPubNonces.push({ pubNonce: nonce.pubNonce });
+            }
+            nonces.push(levelPubNonces);
+        }
+        return nonces;
+    }
+    setAggregatedNonces(nonces) {
+        if (this.aggregateNonces)
+            throw new Error("nonces already set");
+        this.aggregateNonces = nonces;
+    }
+    sign() {
+        if (!this.tree)
+            throw ErrMissingVtxoTree;
+        if (!this.aggregateNonces)
+            throw new Error("nonces not set");
+        if (!this.myNonces)
+            throw new Error("nonces not generated");
+        const sigs = [];
+        for (let levelIndex = 0; levelIndex < this.tree.levels.length; levelIndex++) {
+            const levelSigs = [];
+            const level = this.tree.levels[levelIndex];
+            for (let nodeIndex = 0; nodeIndex < level.length; nodeIndex++) {
+                const node = level[nodeIndex];
+                const tx = Transaction.fromPSBT(base64.decode(node.tx));
+                const sig = this.signPartial(tx, levelIndex, nodeIndex);
+                if (sig) {
+                    levelSigs.push(sig);
+                }
+                else {
+                    levelSigs.push(null);
+                }
+            }
+            sigs.push(levelSigs);
+        }
+        return sigs;
+    }
+    generateNonces() {
+        if (!this.tree)
+            throw ErrMissingVtxoTree;
+        const myNonces = [];
+        const publicKey = secp256k1.getPublicKey(this.secretKey);
+        for (const level of this.tree.levels) {
+            const levelNonces = [];
+            for (let i = 0; i < level.length; i++) {
+                const nonces = musig2.generateNonces(publicKey);
+                levelNonces.push(nonces);
+            }
+            myNonces.push(levelNonces);
+        }
+        return myNonces;
+    }
+    signPartial(tx, levelIndex, nodeIndex) {
+        if (!this.tree || !this.scriptRoot || !this.rootSharedOutputAmount) {
+            throw TreeSignerSession.NOT_INITIALIZED;
+        }
+        if (!this.myNonces || !this.aggregateNonces) {
+            throw new Error("session not properly initialized");
+        }
+        const myNonce = this.myNonces[levelIndex][nodeIndex];
+        if (!myNonce)
+            return null;
+        const aggNonce = this.aggregateNonces[levelIndex][nodeIndex];
+        if (!aggNonce)
+            throw new Error("missing aggregate nonce");
+        const prevoutAmounts = [];
+        const prevoutScripts = [];
+        const cosigners = getCosignerKeys(tx);
+        const { finalKey } = musig2.aggregateKeys(cosigners, true, {
+            taprootTweak: this.scriptRoot,
+        });
+        for (let inputIndex = 0; inputIndex < tx.inputsLength; inputIndex++) {
+            const prevout = getPrevOutput(finalKey, this.tree, this.rootSharedOutputAmount, tx);
+            prevoutAmounts.push(prevout.amount);
+            prevoutScripts.push(prevout.script);
+        }
+        const message = tx.preimageWitnessV1(0, // always first input
+        prevoutScripts, SigHash.DEFAULT, prevoutAmounts);
+        return musig2.sign(myNonce.secNonce, this.secretKey, aggNonce.pubNonce, cosigners, message, {
+            taprootTweak: this.scriptRoot,
+            sortKeys: true,
+        });
+    }
+}
+TreeSignerSession.NOT_INITIALIZED = new Error("session not initialized, call init method");
+// Helper function to validate tree signatures
+export async function validateTreeSigs(finalAggregatedKey, sharedOutputAmount, vtxoTree) {
+    // Iterate through each level of the tree
+    for (const level of vtxoTree.levels) {
+        for (const node of level) {
+            // Parse the transaction
+            const tx = Transaction.fromPSBT(base64.decode(node.tx));
+            const input = tx.getInput(0);
+            // Check if input has signature
+            if (!input.tapKeySig) {
+                throw new Error("unsigned tree input");
+            }
+            // Get the previous output information
+            const prevout = getPrevOutput(finalAggregatedKey, vtxoTree, sharedOutputAmount, tx);
+            // Calculate the message that was signed
+            const message = tx.preimageWitnessV1(0, // always first input
+            [prevout.script], SigHash.DEFAULT, [prevout.amount]);
+            // Verify the signature
+            const isValid = schnorr.verify(input.tapKeySig, message, finalAggregatedKey);
+            if (!isValid) {
+                throw new Error("invalid signature");
+            }
+        }
+    }
+}
+function getPrevOutput(finalKey, vtxoTree, sharedOutputAmount, partial) {
+    // Generate P2TR script
+    const pkScript = Script.encode(["OP_1", finalKey.slice(1)]);
+    // Get root node
+    const rootNode = vtxoTree.levels[0][0];
+    if (!rootNode)
+        throw new Error("empty vtxo tree");
+    const input = partial.getInput(0);
+    if (!input.txid)
+        throw new Error("missing input txid");
+    const parentTxID = hex.encode(input.txid);
+    // Check if parent is root
+    if (rootNode.parentTxid === parentTxID) {
+        return {
+            amount: sharedOutputAmount,
+            script: pkScript,
+        };
+    }
+    // Search for parent in tree
+    let parent = null;
+    for (const level of vtxoTree.levels) {
+        for (const node of level) {
+            if (node.txid === parentTxID) {
+                parent = node;
+                break;
+            }
+        }
+        if (parent)
+            break;
+    }
+    if (!parent) {
+        throw new Error("parent tx not found");
+    }
+    // Parse parent tx
+    const parentTx = Transaction.fromPSBT(base64.decode(parent.tx));
+    if (!input.index)
+        throw new Error("missing input index");
+    const parentOutput = parentTx.getOutput(input.index);
+    if (!parentOutput)
+        throw new Error("parent output not found");
+    if (!parentOutput.amount)
+        throw new Error("parent output amount not found");
+    return {
+        amount: parentOutput.amount,
+        script: pkScript,
+    };
+}

package/dist/esm/tree/validation.js

@@ -0,0 +1,179 @@
+import { hex } from "@scure/base";
+import { Transaction } from "@scure/btc-signer";
+import { base64 } from "@scure/base";
+import { sha256x2 } from "@scure/btc-signer/utils";
+import { aggregateKeys } from '../musig2/index.js';
+import { getCosignerKeys, TxTreeError } from './vtxoTree.js';
+export const ErrInvalidSettlementTx = new TxTreeError("invalid settlement transaction");
+export const ErrInvalidSettlementTxOutputs = new TxTreeError("invalid settlement transaction outputs");
+export const ErrEmptyTree = new TxTreeError("empty tree");
+export const ErrInvalidRootLevel = new TxTreeError("invalid root level");
+export const ErrNumberOfInputs = new TxTreeError("invalid number of inputs");
+export const ErrWrongSettlementTxid = new TxTreeError("wrong settlement txid");
+export const ErrInvalidAmount = new TxTreeError("invalid amount");
+export const ErrNoLeaves = new TxTreeError("no leaves");
+export const ErrNodeTxEmpty = new TxTreeError("node transaction empty");
+export const ErrNodeTxidEmpty = new TxTreeError("node txid empty");
+export const ErrNodeParentTxidEmpty = new TxTreeError("node parent txid empty");
+export const ErrNodeTxidDifferent = new TxTreeError("node txid different");
+export const ErrParentTxidInput = new TxTreeError("parent txid input mismatch");
+export const ErrLeafChildren = new TxTreeError("leaf node has children");
+export const ErrInvalidTaprootScript = new TxTreeError("invalid taproot script");
+export const ErrInternalKey = new TxTreeError("invalid internal key");
+export const ErrInvalidControlBlock = new TxTreeError("invalid control block");
+export const ErrInvalidRootTransaction = new TxTreeError("invalid root transaction");
+export const ErrInvalidNodeTransaction = new TxTreeError("invalid node transaction");
+const SHARED_OUTPUT_INDEX = 0;
+const CONNECTORS_OUTPUT_INDEX = 1;
+export function validateConnectorsTree(settlementTxB64, connectorsTree) {
+    connectorsTree.validate();
+    const rootNode = connectorsTree.root();
+    if (!rootNode)
+        throw ErrEmptyTree;
+    const rootTx = Transaction.fromPSBT(base64.decode(rootNode.tx));
+    if (rootTx.inputsLength !== 1)
+        throw ErrNumberOfInputs;
+    const rootInput = rootTx.getInput(0);
+    const settlementTx = Transaction.fromPSBT(base64.decode(settlementTxB64));
+    if (settlementTx.outputsLength <= CONNECTORS_OUTPUT_INDEX)
+        throw ErrInvalidSettlementTxOutputs;
+    const expectedRootTxid = hex.encode(sha256x2(settlementTx.toBytes(true)).reverse());
+    if (!rootInput.txid)
+        throw ErrWrongSettlementTxid;
+    if (hex.encode(rootInput.txid) !== expectedRootTxid)
+        throw ErrWrongSettlementTxid;
+    if (rootInput.index !== CONNECTORS_OUTPUT_INDEX)
+        throw ErrWrongSettlementTxid;
+}
+export function validateVtxoTree(settlementTx, vtxoTree, sweepTapTreeRoot) {
+    vtxoTree.validate();
+    // Parse settlement transaction
+    let settlementTransaction;
+    try {
+        settlementTransaction = Transaction.fromPSBT(base64.decode(settlementTx));
+    }
+    catch {
+        throw ErrInvalidSettlementTx;
+    }
+    if (settlementTransaction.outputsLength <= SHARED_OUTPUT_INDEX) {
+        throw ErrInvalidSettlementTxOutputs;
+    }
+    const sharedOutput = settlementTransaction.getOutput(SHARED_OUTPUT_INDEX);
+    if (!sharedOutput?.amount)
+        throw ErrInvalidSettlementTxOutputs;
+    const sharedOutputAmount = sharedOutput.amount;
+    const nbNodes = vtxoTree.numberOfNodes();
+    if (nbNodes === 0) {
+        throw ErrEmptyTree;
+    }
+    if (vtxoTree.levels[0].length !== 1) {
+        throw ErrInvalidRootLevel;
+    }
+    // Check root input is connected to settlement tx
+    const rootNode = vtxoTree.levels[0][0];
+    let rootTx;
+    try {
+        rootTx = Transaction.fromPSBT(base64.decode(rootNode.tx));
+    }
+    catch {
+        throw ErrInvalidRootTransaction;
+    }
+    if (rootTx.inputsLength !== 1) {
+        throw ErrNumberOfInputs;
+    }
+    const rootInput = rootTx.getInput(0);
+    if (!rootInput.txid || rootInput.index === undefined)
+        throw ErrWrongSettlementTxid;
+    const settlementTxid = hex.encode(sha256x2(settlementTransaction.toBytes(true)).reverse());
+    if (hex.encode(rootInput.txid) !== settlementTxid ||
+        rootInput.index !== SHARED_OUTPUT_INDEX) {
+        throw ErrWrongSettlementTxid;
+    }
+    // Check root output amounts
+    let sumRootValue = 0n;
+    for (let i = 0; i < rootTx.outputsLength; i++) {
+        const output = rootTx.getOutput(i);
+        if (!output?.amount)
+            continue;
+        sumRootValue += output.amount;
+    }
+    if (sumRootValue >= sharedOutputAmount) {
+        throw ErrInvalidAmount;
+    }
+    if (vtxoTree.leaves().length === 0) {
+        throw ErrNoLeaves;
+    }
+    // Validate each node in the tree
+    for (const level of vtxoTree.levels) {
+        for (const node of level) {
+            validateNode(vtxoTree, node, sweepTapTreeRoot);
+        }
+    }
+}
+function validateNode(vtxoTree, node, tapTreeRoot) {
+    if (!node.tx)
+        throw ErrNodeTxEmpty;
+    if (!node.txid)
+        throw ErrNodeTxidEmpty;
+    if (!node.parentTxid)
+        throw ErrNodeParentTxidEmpty;
+    // Parse node transaction
+    let tx;
+    try {
+        tx = Transaction.fromPSBT(base64.decode(node.tx));
+    }
+    catch {
+        throw ErrInvalidNodeTransaction;
+    }
+    const txid = hex.encode(sha256x2(tx.toBytes(true)).reverse());
+    if (txid !== node.txid) {
+        throw ErrNodeTxidDifferent;
+    }
+    if (tx.inputsLength !== 1) {
+        throw ErrNumberOfInputs;
+    }
+    const input = tx.getInput(0);
+    if (!input.txid)
+        throw ErrParentTxidInput;
+    if (hex.encode(input.txid) !== node.parentTxid) {
+        throw ErrParentTxidInput;
+    }
+    const children = vtxoTree.children(node.txid);
+    if (node.leaf && children.length >= 1) {
+        throw ErrLeafChildren;
+    }
+    // Validate each child
+    for (let childIndex = 0; childIndex < children.length; childIndex++) {
+        const child = children[childIndex];
+        const childTx = Transaction.fromPSBT(base64.decode(child.tx));
+        const parentOutput = tx.getOutput(childIndex);
+        if (!parentOutput?.script)
+            throw ErrInvalidTaprootScript;
+        const previousScriptKey = parentOutput.script.slice(2);
+        if (previousScriptKey.length !== 32) {
+            throw ErrInvalidTaprootScript;
+        }
+        // Get cosigner keys from input
+        const cosignerKeys = getCosignerKeys(childTx);
+        // Aggregate keys
+        const { finalKey } = aggregateKeys(cosignerKeys, true, {
+            taprootTweak: tapTreeRoot,
+        });
+        if (hex.encode(finalKey) !== hex.encode(previousScriptKey.slice(2))) {
+            throw ErrInternalKey;
+        }
+        // Check amounts
+        let sumChildAmount = 0n;
+        for (let i = 0; i < childTx.outputsLength; i++) {
+            const output = childTx.getOutput(i);
+            if (!output?.amount)
+                continue;
+            sumChildAmount += output.amount;
+        }
+        if (!parentOutput.amount)
+            throw ErrInvalidAmount;
+        if (sumChildAmount >= parentOutput.amount) {
+            throw ErrInvalidAmount;
+        }
+    }
+}

package/dist/esm/tree/vtxoTree.js

@@ -0,0 +1,157 @@
+import * as bip68 from "bip68";
+import { ScriptNum, Transaction } from "@scure/btc-signer";
+import { sha256x2 } from "@scure/btc-signer/utils";
+import { base64, hex } from "@scure/base";
+export class TxTreeError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "TxTreeError";
+    }
+}
+export const ErrLeafNotFound = new TxTreeError("leaf not found in tx tree");
+export const ErrParentNotFound = new TxTreeError("parent not found");
+// TxTree is represented as a matrix of Node objects
+// the first level of the matrix is the root of the tree
+export class TxTree {
+    constructor(tree) {
+        this.tree = tree;
+    }
+    get levels() {
+        return this.tree;
+    }
+    // Returns the root node of the vtxo tree
+    root() {
+        if (this.tree.length <= 0 || this.tree[0].length <= 0) {
+            throw new TxTreeError("empty vtxo tree");
+        }
+        return this.tree[0][0];
+    }
+    // Returns the leaves of the vtxo tree
+    leaves() {
+        const leaves = [...this.tree[this.tree.length - 1]];
+        // Check other levels for leaf nodes
+        for (let i = 0; i < this.tree.length - 1; i++) {
+            for (const node of this.tree[i]) {
+                if (node.leaf) {
+                    leaves.push(node);
+                }
+            }
+        }
+        return leaves;
+    }
+    // Returns all nodes that have the given node as parent
+    children(nodeTxid) {
+        const children = [];
+        for (const level of this.tree) {
+            for (const node of level) {
+                if (node.parentTxid === nodeTxid) {
+                    children.push(node);
+                }
+            }
+        }
+        return children;
+    }
+    // Returns the total number of nodes in the vtxo tree
+    numberOfNodes() {
+        return this.tree.reduce((count, level) => count + level.length, 0);
+    }
+    // Returns the branch of the given vtxo txid from root to leaf
+    branch(vtxoTxid) {
+        const branch = [];
+        const leaves = this.leaves();
+        // Check if the vtxo is a leaf
+        const leaf = leaves.find((leaf) => leaf.txid === vtxoTxid);
+        if (!leaf) {
+            throw ErrLeafNotFound;
+        }
+        branch.push(leaf);
+        const rootTxid = this.root().txid;
+        while (branch[0].txid !== rootTxid) {
+            const parent = this.findParent(branch[0]);
+            branch.unshift(parent);
+        }
+        return branch;
+    }
+    // Helper method to find parent of a node
+    findParent(node) {
+        for (const level of this.tree) {
+            for (const potentialParent of level) {
+                if (potentialParent.txid === node.parentTxid) {
+                    return potentialParent;
+                }
+            }
+        }
+        throw ErrParentNotFound;
+    }
+    // Validates that the tree is coherent by checking txids and parent relationships
+    validate() {
+        // Skip the root level, validate from level 1 onwards
+        for (let i = 1; i < this.tree.length; i++) {
+            for (const node of this.tree[i]) {
+                // Verify that the node's transaction matches its claimed txid
+                const tx = Transaction.fromPSBT(base64.decode(node.tx));
+                const txid = hex.encode(sha256x2(tx.toBytes(true)).reverse());
+                if (txid !== node.txid) {
+                    throw new TxTreeError(`node ${node.txid} has txid ${node.txid}, but computed txid is ${txid}`);
+                }
+                // Verify that the node has a valid parent
+                try {
+                    this.findParent(node);
+                }
+                catch (err) {
+                    throw new TxTreeError(`node ${node.txid} has no parent: ${err instanceof Error ? err.message : String(err)}`);
+                }
+            }
+        }
+    }
+}
+const COSIGNER_KEY_PREFIX = new Uint8Array("cosigner".split("").map((c) => c.charCodeAt(0)));
+const VTXO_TREE_EXPIRY_PSBT_KEY = new Uint8Array("expiry".split("").map((c) => c.charCodeAt(0)));
+export function getVtxoTreeExpiry(input) {
+    if (!input.unknown)
+        return null;
+    for (const u of input.unknown) {
+        // Check if key contains the VTXO tree expiry key
+        if (u.key.length < VTXO_TREE_EXPIRY_PSBT_KEY.length)
+            continue;
+        let found = true;
+        for (let i = 0; i < VTXO_TREE_EXPIRY_PSBT_KEY.length; i++) {
+            if (u.key[i] !== VTXO_TREE_EXPIRY_PSBT_KEY[i]) {
+                found = false;
+                break;
+            }
+        }
+        if (found) {
+            const value = ScriptNum(6, true).decode(u.value);
+            const { blocks, seconds } = bip68.decode(Number(value));
+            return {
+                type: blocks ? "blocks" : "seconds",
+                value: BigInt(blocks ?? seconds ?? 0),
+            };
+        }
+    }
+    return null;
+}
+function parsePrefixedCosignerKey(key) {
+    if (key.length < COSIGNER_KEY_PREFIX.length)
+        return false;
+    for (let i = 0; i < COSIGNER_KEY_PREFIX.length; i++) {
+        if (key[i] !== COSIGNER_KEY_PREFIX[i])
+            return false;
+    }
+    return true;
+}
+export function getCosignerKeys(tx) {
+    const keys = [];
+    const input = tx.getInput(0);
+    if (!input.unknown)
+        return keys;
+    for (const unknown of input.unknown) {
+        const ok = parsePrefixedCosignerKey(new Uint8Array([unknown[0].type, ...unknown[0].key]));
+        if (!ok)
+            continue;
+        // Assuming the value is already a valid public key in compressed format
+        keys.push(unknown[1]);
+    }
+    return keys;
+}

package/dist/esm/utils/bip21.js

@@ -0,0 +1,110 @@
+export var BIP21Error;
+(function (BIP21Error) {
+    BIP21Error["INVALID_URI"] = "Invalid BIP21 URI";
+    BIP21Error["INVALID_ADDRESS"] = "Invalid address";
+})(BIP21Error || (BIP21Error = {}));
+export class BIP21 {
+    static create(params) {
+        const { address, ...options } = params;
+        // Build query string
+        const queryParams = {};
+        for (const [key, value] of Object.entries(options)) {
+            if (value === undefined)
+                continue;
+            if (key === "amount") {
+                if (!isFinite(value)) {
+                    console.warn("Invalid amount");
+                    continue;
+                }
+                if (value < 0) {
+                    continue;
+                }
+                queryParams[key] = value;
+            }
+            else if (key === "ark") {
+                // Validate ARK address format
+                if (typeof value === "string" &&
+                    (value.startsWith("ark") || value.startsWith("tark"))) {
+                    queryParams[key] = value;
+                }
+                else {
+                    console.warn("Invalid ARK address format");
+                }
+            }
+            else if (key === "sp") {
+                // Validate Silent Payment address format (placeholder)
+                if (typeof value === "string" && value.startsWith("sp")) {
+                    queryParams[key] = value;
+                }
+                else {
+                    console.warn("Invalid Silent Payment address format");
+                }
+            }
+            else if (typeof value === "string" || typeof value === "number") {
+                queryParams[key] = value;
+            }
+        }
+        const query = Object.keys(queryParams).length > 0
+            ? "?" +
+                new URLSearchParams(Object.fromEntries(Object.entries(queryParams).map(([k, v]) => [
+                    k,
+                    String(v),
+                ]))).toString()
+            : "";
+        return `bitcoin:${address ? address.toLowerCase() : ""}${query}`;
+    }
+    static parse(uri) {
+        if (!uri.toLowerCase().startsWith("bitcoin:")) {
+            throw new Error(BIP21Error.INVALID_URI);
+        }
+        // Remove bitcoin: prefix, preserving case of the rest
+        const withoutPrefix = uri.slice(uri.toLowerCase().indexOf("bitcoin:") + 8);
+        const [address, query] = withoutPrefix.split("?");
+        const params = {};
+        if (address) {
+            params.address = address.toLowerCase();
+        }
+        if (query) {
+            const queryParams = new URLSearchParams(query);
+            for (const [key, value] of queryParams.entries()) {
+                if (!value)
+                    continue;
+                if (key === "amount") {
+                    const amount = Number(value);
+                    if (!isFinite(amount)) {
+                        continue;
+                    }
+                    if (amount < 0) {
+                        continue;
+                    }
+                    params[key] = amount;
+                }
+                else if (key === "ark") {
+                    // Validate ARK address format
+                    if (value.startsWith("ark") || value.startsWith("tark")) {
+                        params[key] = value;
+                    }
+                    else {
+                        console.warn("Invalid ARK address format");
+                    }
+                }
+                else if (key === "sp") {
+                    // Validate Silent Payment address format (placeholder)
+                    if (value.startsWith("sp")) {
+                        params[key] = value;
+                    }
+                    else {
+                        console.warn("Invalid Silent Payment address format");
+                    }
+                }
+                else {
+                    params[key] = value;
+                }
+            }
+        }
+        return {
+            originalString: uri,
+            params,
+        };
+    }
+}