@aztec/foundation 0.55.0 → 0.56.0

package/src/crypto/secp256k1-signer/secp256k1_signer.ts

@@ -0,0 +1,38 @@
+import { Buffer32 } from '@aztec/foundation/buffer';
+import { type EthAddress } from '@aztec/foundation/eth-address';
+import { type Signature } from '@aztec/foundation/eth-signature';
+
+import { addressFromPrivateKey, makeEthSignDigest, signMessage } from './utils.js';
+
+/**
+ * Secp256k1Signer
+ *
+ * A class for signing messages using a secp256k1 private key.
+ * - This is a slim drop in replacement for an Ethereum signer, so it can be used in the same way.
+ * - See `utils.ts` for functions that enable recovering addresses and public keys from signatures.
+ */
+export class Secp256k1Signer {
+  public readonly address: EthAddress;
+
+  constructor(private privateKey: Buffer32) {
+    this.address = addressFromPrivateKey(privateKey.buffer);
+  }
+
+  sign(message: Buffer32): Signature {
+    return signMessage(message, this.privateKey.buffer);
+  }
+
+  /**
+   * Sign a message using the same method as eth_sign
+   * @param message - The message to sign.
+   * @returns The signature.
+   */
+  signMessage(message: Buffer32): Signature {
+    const digest = makeEthSignDigest(message);
+    return this.sign(digest);
+  }
+
+  static random(): Secp256k1Signer {
+    return new Secp256k1Signer(Buffer32.random());
+  }
+}

package/src/crypto/secp256k1-signer/utils.ts

@@ -0,0 +1,99 @@
+import { secp256k1 } from '@noble/curves/secp256k1';
+
+import { Buffer32 } from '../../buffer/buffer32.js';
+import { EthAddress } from '../../eth-address/index.js';
+import { Signature } from '../../eth-signature/eth_signature.js';
+import { keccak256 } from '../keccak/index.js';
+
+const ETH_SIGN_PREFIX = '\x19Ethereum Signed Message:\n32';
+
+// We just hash the message to make it easier to work with in the smart contract.
+export function makeEthSignDigest(message: Buffer32): Buffer32 {
+  const prefix = Buffer.from(ETH_SIGN_PREFIX);
+  return Buffer32.fromBuffer(keccak256(Buffer.concat([prefix, message.buffer])));
+}
+
+/**
+ * Converts a public key to an address.
+ * @param publicKey - The public key to convert.
+ * @returns The address.
+ */
+function publicKeyToAddress(publicKey: Buffer): EthAddress {
+  const hash = keccak256(publicKey.subarray(1));
+  return new EthAddress(hash.subarray(12));
+}
+
+/**
+ * Converts a private key to a public key.
+ * @param privateKey - The private key to convert.
+ * @returns The public key.
+ */
+export function publicKeyFromPrivateKey(privateKey: Buffer): Buffer {
+  return Buffer.from(secp256k1.getPublicKey(privateKey, false));
+}
+
+/**
+ * Converts a private key to an address.
+ * @param privateKey - The private key to convert.
+ * @returns The address.
+ */
+export function addressFromPrivateKey(privateKey: Buffer): EthAddress {
+  const publicKey = publicKeyFromPrivateKey(privateKey);
+  return publicKeyToAddress(publicKey);
+}
+
+/**
+ * Recovers an address from a hash and a signature.
+ * @param hash - The hash to recover the address from.
+ * @param signature - The signature to recover the address from.
+ * @returns The address.
+ */
+export function recoverAddress(hash: Buffer32, signature: Signature): EthAddress {
+  const publicKey = recoverPublicKey(hash, signature);
+  return publicKeyToAddress(publicKey);
+}
+
+/**
+ * @attribution - viem
+ * Converts a yParityOrV value to a recovery bit.
+ * @param yParityOrV - The yParityOrV value to convert.
+ * @returns The recovery bit.
+ */
+function toRecoveryBit(yParityOrV: number) {
+  if (yParityOrV === 0 || yParityOrV === 1) {
+    return yParityOrV;
+  }
+  if (yParityOrV === 27) {
+    return 0;
+  }
+  if (yParityOrV === 28) {
+    return 1;
+  }
+  throw new Error('Invalid yParityOrV value');
+}
+
+/**
+ * Signs a message using ecdsa over the secp256k1 curve.
+ * @param message - The message to sign.
+ * @param privateKey - The private key to sign the message with.
+ * @returns The signature.
+ */
+export function signMessage(message: Buffer32, privateKey: Buffer) {
+  const { r, s, recovery } = secp256k1.sign(message.buffer, privateKey);
+  return new Signature(Buffer32.fromBigInt(r), Buffer32.fromBigInt(s), recovery ? 28 : 27);
+}
+
+/**
+ * Recovers a public key from a hash and a signature.
+ * @param hash - The hash to recover the public key from.
+ * @param signature - The signature to recover the public key from.
+ * @returns The public key.
+ */
+export function recoverPublicKey(hash: Buffer32, signature: Signature): Buffer {
+  const { r, s, v } = signature;
+  const recoveryBit = toRecoveryBit(v);
+  const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt()).addRecoveryBit(recoveryBit);
+
+  const publicKey = sig.recoverPublicKey(hash.buffer).toHex(false);
+  return Buffer.from(publicKey, 'hex');
+}

package/src/crypto/sha256/index.ts

@@ -1,14 +1,147 @@
+/* eslint-disable camelcase */
 import { default as hash } from 'hash.js';
 
 import { Fr } from '../../fields/fields.js';
 import { truncateAndPad } from '../../serialize/free_funcs.js';
 import { type Bufferable, serializeToBuffer } from '../../serialize/serialize.js';
 
-export const sha256 = (data: Buffer) => Buffer.from(hash.sha256().update(data).digest());
+export function sha256(data: Buffer) {
+  return Buffer.from(hash.sha256().update(data).digest());
+}
 
-export const sha256Trunc = (data: Buffer) => truncateAndPad(sha256(data));
+export function sha256Trunc(data: Buffer) {
+  return truncateAndPad(sha256(data));
+}
 
-export const sha256ToField = (data: Bufferable[]) => {
+export function sha256ToField(data: Bufferable[]) {
   const buffer = serializeToBuffer(data);
   return Fr.fromBuffer(sha256Trunc(buffer));
-};
+}
+
+/**
+ * The "SHA256 Compression" operation (component operation of SHA256 "Hash").
+ * WARNING: modifies `state` in place (and also returns it)
+ *
+ * This algorithm is extracted from the hash.js package
+ * and modified to take in an initial state to operate on.
+ *
+ * @param state - The initial state to operate on (modified in-place). 8 u32s.
+ * @param inputs - The inputs to compress into the state. 16 u32s.
+ * @returns The modified state. 8 u32s.
+ */
+export function sha256Compression(state: Uint32Array, inputs: Uint32Array): Uint32Array {
+  if (state.length !== 8) {
+    throw new Error('`state` argument to SHA256 compression must be of length 8');
+  }
+  if (inputs.length !== 16) {
+    throw new Error('`inputs` argument to SHA256 compression must be of length 16');
+  }
+
+  const W = new Array(64);
+  const k = [
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98,
+    0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
+    0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8,
+    0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819,
+    0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
+    0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
+    0xc67178f2,
+  ];
+  let i = 0;
+  for (i = 0; i < 16; i++) {
+    W[i] = inputs[i];
+  }
+  for (i = 16; i < W.length; i++) {
+    W[i] = sum32_4(
+      W[i - 16],
+      W[i - 7],
+      g0_256(W[i - 15]), // Rot17, Rot18, Sh3
+      g1_256(W[i - 2]), //ROt17, Rot19, Sh10
+    );
+  }
+
+  let a = state[0];
+  let b = state[1];
+  let c = state[2];
+  let d = state[3];
+  let e = state[4];
+  let f = state[5];
+  let g = state[6];
+  let h = state[7];
+
+  for (let i = 0; i < 64; i++) {
+    const T1 = sum32_5(
+      h,
+      s1_256(e), // Rot6, Rot11, Rot25
+      ch32(e, f, g),
+      k[i],
+      W[i],
+    );
+
+    const T2 = sum32(
+      s0_256(a), // Rot2, Rot13, Rot22
+      maj32(a, b, c),
+    );
+    h = g;
+    g = f;
+    f = e;
+    e = sum32(d, T1);
+    d = c;
+    c = b;
+    b = a;
+    a = sum32(T1, T2);
+  }
+
+  state[0] = sum32(state[0], a);
+  state[1] = sum32(state[1], b);
+  state[2] = sum32(state[2], c);
+  state[3] = sum32(state[3], d);
+  state[4] = sum32(state[4], e);
+  state[5] = sum32(state[5], f);
+  state[6] = sum32(state[6], g);
+  state[7] = sum32(state[7], h);
+  return state;
+}
+
+// SHA256  HELPER FUNCTIONS (from hash.js package)
+
+function rotr32(w: number, b: number) {
+  return (w >>> b) | (w << (32 - b));
+}
+
+function sum32(a: number, b: number) {
+  return (a + b) >>> 0;
+}
+
+function sum32_4(a: number, b: number, c: number, d: number) {
+  return (a + b + c + d) >>> 0;
+}
+
+function sum32_5(a: number, b: number, c: number, d: number, e: number) {
+  return (a + b + c + d + e) >>> 0;
+}
+
+function ch32(x: number, y: number, z: number) {
+  return (x & y) ^ (~x & z);
+}
+
+function maj32(x: number, y: number, z: number) {
+  return (x & y) ^ (x & z) ^ (y & z);
+}
+
+function s0_256(x: number) {
+  return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);
+}
+
+function s1_256(x: number) {
+  return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);
+}
+
+function g0_256(x: number) {
+  return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);
+}
+
+function g1_256(x: number) {
+  return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);
+}

package/src/eth-signature/eth_signature.ts

@@ -0,0 +1,90 @@
+import { Buffer32 } from '@aztec/foundation/buffer';
+import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
+
+/**Viem Signature
+ *
+ * A version of the Signature class that uses `0x${string}` values for r and s rather than
+ * Buffer32s
+ */
+export type ViemSignature = {
+  r: `0x${string}`;
+  s: `0x${string}`;
+  v: number;
+  isEmpty: boolean;
+};
+
+/**
+ * Signature
+ *
+ * Contains a signature split into it's primary components (r,s,v)
+ */
+export class Signature {
+  constructor(
+    /** The r value of the signature */
+    public readonly r: Buffer32,
+    /** The s value of the signature */
+    public readonly s: Buffer32,
+    /** The v value of the signature */
+    public readonly v: number,
+    /** Does this struct store an empty signature */
+    public readonly isEmpty: boolean = false,
+  ) {}
+
+  static fromBuffer(buf: Buffer | BufferReader): Signature {
+    const reader = BufferReader.asReader(buf);
+
+    const r = reader.readObject(Buffer32);
+    const s = reader.readObject(Buffer32);
+    const v = reader.readNumber();
+
+    const isEmpty = r.isZero() && s.isZero();
+
+    return new Signature(r, s, v, isEmpty);
+  }
+
+  /**
+   * A seperate method exists for this as when signing locally with viem, as when
+   * parsing from viem, we can expect the v value to be a u8, rather than our
+   * default serialization of u32
+   */
+  static from0xString(sig: `0x${string}`): Signature {
+    const buf = Buffer.from(sig.slice(2), 'hex');
+    const reader = BufferReader.asReader(buf);
+
+    const r = reader.readObject(Buffer32);
+    const s = reader.readObject(Buffer32);
+    const v = reader.readUInt8();
+
+    const isEmpty = r.isZero() && s.isZero();
+
+    return new Signature(r, s, v, isEmpty);
+  }
+
+  static empty(): Signature {
+    return new Signature(Buffer32.ZERO, Buffer32.ZERO, 0, true);
+  }
+
+  equals(other: Signature): boolean {
+    return this.r.equals(other.r) && this.s.equals(other.s) && this.v === other.v && this.isEmpty === other.isEmpty;
+  }
+
+  toBuffer(): Buffer {
+    return serializeToBuffer([this.r, this.s, this.v]);
+  }
+
+  to0xString(): `0x${string}` {
+    return `0x${this.r.toString()}${this.s.toString()}${this.v.toString(16)}`;
+  }
+
+  /**
+   * Return the signature with `0x${string}` encodings for r and s
+   */
+  toViemSignature(): ViemSignature {
+    return {
+      r: this.r.to0xString(),
+      s: this.s.to0xString(),
+      v: this.v,
+      isEmpty: this.isEmpty,
+    };
+  }
+}

package/src/eth-signature/index.ts

@@ -0,0 +1 @@
+export * from './eth_signature.js';

package/src/fields/point.ts

@@ -1,5 +1,6 @@
 import { toBigIntBE } from '../bigint-buffer/index.js';
-import { poseidon2Hash, randomBoolean } from '../crypto/index.js';
+import { poseidon2Hash } from '../crypto/poseidon/index.js';
+import { randomBoolean } from '../crypto/random/index.js';
 import { BufferReader, FieldReader, serializeToBuffer } from '../serialize/index.js';
 import { Fr } from './fields.js';
 

package/src/index.ts

@@ -30,3 +30,4 @@ export * as worker from './worker/index.js';
 export * as testing from './testing/index.js';
 export * as config from './config/index.js';
 export * as buffer from './buffer/index.js';
+export * as ethSignature from './eth-signature/index.js';

package/src/json-rpc/server/json_rpc_server.ts

@@ -6,6 +6,7 @@ import compress from 'koa-compress';
 import Router from 'koa-router';
 
 import { createDebugLogger } from '../../log/index.js';
+import { promiseWithResolvers } from '../../promise/utils.js';
 import { type JsonClassConverterInput, type StringClassConverterInput } from '../class_converter.js';
 import { convertBigintsInObj } from '../convert.js';
 import { type ClassMaps, JsonProxy } from './json_proxy.js';
@@ -19,6 +20,13 @@ export class JsonRpcServer {
    * The proxy object.
    */
   public proxy: JsonProxy;
+
+  /**
+   * The HTTP server accepting remote requests.
+   * This member field is initialized when the server is started.
+   */
+  private httpServer?: http.Server;
+
   constructor(
     private handler: object,
     private stringClassMap: StringClassConverterInput,
@@ -141,9 +149,32 @@ export class JsonRpcServer {
    * @param port - Port number.
    * @param prefix - Prefix string.
    */
-  public start(port: number, prefix = '') {
-    const httpServer = http.createServer(this.getApp(prefix).callback());
-    httpServer.listen(port);
+  public start(port: number, prefix = ''): void {
+    if (this.httpServer) {
+      throw new Error('Server is already listening');
+    }
+
+    this.httpServer = http.createServer(this.getApp(prefix).callback());
+    this.httpServer.listen(port);
+  }
+
+  /**
+   * Stops the HTTP server
+   */
+  public stop(): Promise<void> {
+    if (!this.httpServer) {
+      return Promise.resolve();
+    }
+
+    const { promise, resolve, reject } = promiseWithResolvers<void>();
+    this.httpServer.close(err => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve();
+      }
+    });
+    return promise;
   }
 
   /**

package/src/serialize/buffer_reader.ts

@@ -70,6 +70,26 @@ export class BufferReader {
     return result as Tuple<number, N>;
   }
 
+  /**
+   * Reads a 256-bit unsigned integer from the buffer at the current index position.
+   * Updates the index position by 32 bytes after reading the number.
+   *
+   * Assumes the number is stored in big-endian format.
+   *
+   * @returns The read 256 bit value as a bigint.
+   */
+  public readUInt256(): bigint {
+    this.#rangeCheck(32);
+
+    let result = BigInt(0);
+    for (let i = 0; i < 32; i++) {
+      result = (result << BigInt(8)) | BigInt(this.buffer[this.index + i]);
+    }
+
+    this.index += 32;
+    return result;
+  }
+
   /**
    * Reads a 16-bit unsigned integer from the buffer at the current index position.
    * Updates the index position by 2 bytes after reading the number.

package/src/serialize/serialize.ts

@@ -242,7 +242,7 @@ export function toFriendlyJSON(obj: object): string {
         ).toFriendlyJSON
       ) {
         return value.toFriendlyJSON();
-      } else if (value && value.type && ['Fr', 'Fq', 'AztecAddress'].includes(value.type)) {
+      } else if (value && value.type && ['Fr', 'Fq', 'AztecAddress', 'EthAddress'].includes(value.type)) {
         return value.value;
       } else {
         return value;

package/src/serialize/types.ts

@@ -35,6 +35,6 @@ type MapTuple<T extends any[], F extends (item: any) => any> = {
  * @see https://github.com/microsoft/TypeScript/issues/29841.
  * @param array - A tuple array.
  */
-export function mapTuple<T extends any[], F extends (item: any) => any>(tuple: T, fn: F): MapTuple<T, F> {
+export function mapTuple<T extends any[], F extends (item: T[number]) => any>(tuple: T, fn: F): MapTuple<T, F> {
   return tuple.map(fn) as MapTuple<T, F>;
 }

package/src/testing/index.ts

@@ -1,2 +1,3 @@
 export * from './test_data.js';
 export * from './snapshot_serializer.js';
+export * from './port_allocator.js';

package/src/testing/port_allocator.ts

@@ -0,0 +1,31 @@
+import net from 'net';
+
+/**
+ * Get a random port that is free to use.
+ * Returns undefined if it fails to get a port.
+ *
+ * @attribution: adapted from https://stackoverflow.com/a/71178451
+ *
+ * @returns a random port that is free to use.
+ */
+export function getRandomPort(): Promise<number | undefined> {
+  return new Promise(resolve => {
+    const server = net.createServer();
+    server.listen(0, () => {
+      const address = server.address();
+      if (address && typeof address === 'object' && 'port' in address) {
+        const port = address.port;
+        server.close(() => {
+          resolve(port);
+        });
+      } else {
+        server.close(() => {
+          resolve(undefined);
+        });
+      }
+    });
+    server.on('error', () => {
+      resolve(undefined);
+    });
+  });
+}

package/src/trees/index.ts

@@ -1,3 +1,5 @@
+export * from './unbalanced_merkle_root.js';
+
 /**
  * A leaf of an indexed merkle tree.
  */

package/src/trees/unbalanced_merkle_root.ts

@@ -0,0 +1,52 @@
+import { padArrayEnd } from '@aztec/foundation/collection';
+import { sha256Trunc } from '@aztec/foundation/crypto';
+
+/**
+ * Computes the merkle root for an unbalanced tree.
+ *
+ * @dev Adapted from proving-state.ts -> findMergeLevel and unbalanced_tree.ts.
+ * Calculates the tree upwards layer by layer until we reach the root.
+ * The L1 calculation instead computes the tree from right to left (slightly cheaper gas).
+ * TODO: A more thorough investigation of which method is cheaper, then use that method everywhere.
+ */
+export function computeUnbalancedMerkleRoot(leaves: Buffer[], emptyLeaf?: Buffer, hasher = sha256Trunc): Buffer {
+  // Pad leaves to 2
+  if (leaves.length < 2) {
+    if (emptyLeaf === undefined) {
+      throw new Error('Cannot compute a Merkle root with less than 2 leaves');
+    } else {
+      leaves = padArrayEnd(leaves, emptyLeaf, 2);
+    }
+  }
+
+  const depth = Math.ceil(Math.log2(leaves.length));
+  let [layerWidth, nodeToShift] =
+    leaves.length & 1 ? [leaves.length - 1, leaves[leaves.length - 1]] : [leaves.length, Buffer.alloc(0)];
+  // Allocate this layer's leaves and init the next layer up
+  let thisLayer = leaves.slice(0, layerWidth);
+  let nextLayer = [];
+  for (let i = 0; i < depth; i++) {
+    for (let j = 0; j < layerWidth; j += 2) {
+      // Store the hash of each pair one layer up
+      nextLayer[j / 2] = hasher(Buffer.concat([thisLayer[j], thisLayer[j + 1]]));
+    }
+    layerWidth /= 2;
+    if (layerWidth & 1) {
+      if (nodeToShift.length) {
+        // If the next layer has odd length, and we have a node that needs to be shifted up, add it here
+        nextLayer.push(nodeToShift);
+        layerWidth += 1;
+        nodeToShift = Buffer.alloc(0);
+      } else {
+        // If we don't have a node waiting to be shifted, store the next layer's final node to be shifted
+        layerWidth -= 1;
+        nodeToShift = nextLayer[layerWidth];
+      }
+    }
+    // reset the layers
+    thisLayer = nextLayer;
+    nextLayer = [];
+  }
+  // return the root
+  return thisLayer[0];
+}