@aztec/key-store 0.0.1-commit.f650c0a5c → 0.0.1-commit.f7ea82942
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dest/key_store.d.ts +1 -1
- package/dest/key_store.d.ts.map +1 -1
- package/dest/key_store.js +54 -48
- package/package.json +5 -5
- package/src/key_store.ts +64 -54
package/dest/key_store.d.ts
CHANGED
|
@@ -106,4 +106,4 @@ export declare class KeyStore {
|
|
|
106
106
|
*/
|
|
107
107
|
getKeyPrefixAndAccount(value: Bufferable): Promise<[KeyPrefix, AztecAddress]>;
|
|
108
108
|
}
|
|
109
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
109
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5X3N0b3JlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMva2V5X3N0b3JlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE9BQU8sRUFBRSxFQUFFLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUNwRCxPQUFPLEVBQUUsY0FBYyxFQUFTLE1BQU0sbUNBQW1DLENBQUM7QUFFMUUsT0FBTyxFQUFFLEtBQUssVUFBVSxFQUFxQixNQUFNLDZCQUE2QixDQUFDO0FBQ2pGLE9BQU8sS0FBSyxFQUFFLGlCQUFpQixFQUFpQixNQUFNLGlCQUFpQixDQUFDO0FBQ3hFLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUMzRCxPQUFPLEVBQUUsZUFBZSxFQUFFLEtBQUssY0FBYyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDOUUsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDNUQsT0FBTyxFQUVMLEtBQUssU0FBUyxFQUNkLEtBQUssU0FBUyxFQUlmLE1BQU0sb0JBQW9CLENBQUM7QUFPNUI7O0dBRUc7QUFDSCxxQkFBYSxRQUFROztJQUNuQixnQkFBdUIsY0FBYyxLQUFLO0lBSTFDLFlBQVksUUFBUSxFQUFFLGlCQUFpQixFQUd0QztJQUVEOzs7T0FHRztJQUNJLGFBQWEsSUFBSSxPQUFPLENBQUMsZUFBZSxDQUFDLENBSS9DO0lBRUQ7Ozs7O09BS0c7SUFDVSxVQUFVLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxjQUFjLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0F3Q3hGO0lBRUQ7OztPQUdHO0lBQ1UsV0FBVyxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUtsRDtJQUVELGdFQUFnRTtJQUNuRCxVQUFVLENBQUMsT0FBTyxFQUFFLFlBQVksR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLENBRS9EO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksdUJBQXVCLENBQUMsT0FBTyxFQUFFLEVBQUUsRUFBRSxlQUFlLEVBQUUsWUFBWSxHQUFHLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxDQXdDeEc7SUFFRDs7Ozs7T0FLRztJQUNVLDJCQUEyQixDQUFDLE9BQU8sRUFBRSxZQUFZLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQVFsRjtJQUVEOzs7OztPQUtHO0lBQ1UsaUNBQWlDLENBQUMsT0FBTyxFQUFFLFlBQVksR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLENBUXhGO0lBRUQ7Ozs7O09BS0c7SUFDVSxpQ0FBaUMsQ0FBQyxPQUFPLEVBQUUsWUFBWSxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FReEY7SUFFRDs7Ozs7T0FLRztJQUNVLHlCQUF5QixDQUFDLE9BQU8sRUFBRSxZQUFZLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQVFoRjtJQUVEOzs7OztPQUtHO0lBQ1UsaUNBQWlDLENBQUMsT0FBTyxFQUFFLFlBQVksR0FBRyxPQUFPLENBQUMsY0FBYyxDQUFDLENBUTdGO0lBRUQ7Ozs7OztPQU1HO0lBQ1UsOEJBQThCLENBQUMsT0FBTyxFQUFFLFlBQVksRUFBRSxHQUFHLEVBQUUsWUFBWSxHQUFHLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0Fhakc7SUFFRDs7Ozs7O09BTUc7SUFDSSxrQkFBa0IsQ0FBQyxHQUFHLEVBQUUsU0FBUyxHQUFHLE9BQU8sQ0FBQyxjQUFjLENBQUMsQ0F3QmpFO0lBRUQ7Ozs7O09BS0c7SUFDSSxhQUFhLENBQUMsT0FBTyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsRUFBRSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FXekU7SUFFRDs7Ozs7T0FLRztJQUNVLHNCQUFzQixDQUFDLEtBQUssRUFBRSxVQUFVLEdBQUcsT0FBTyxDQUFDLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBY3pGO0NBQ0YifQ==
|
package/dest/key_store.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"key_store.d.ts","sourceRoot":"","sources":["../src/key_store.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,EAAE,EAAE,MAAM,gCAAgC,CAAC;AACpD,OAAO,EAAE,cAAc,EAAS,MAAM,mCAAmC,CAAC;AAE1E,OAAO,EAAE,KAAK,UAAU,EAAqB,MAAM,6BAA6B,CAAC;AACjF,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,SAAS,EAIf,MAAM,oBAAoB,CAAC;AAO5B;;GAEG;AACH,qBAAa,QAAQ;;IACnB,gBAAuB,cAAc,KAAK;IAI1C,YAAY,QAAQ,EAAE,iBAAiB,EAGtC;IAED;;;OAGG;IACI,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CAI/C;IAED;;;;;OAKG;IACU,UAAU,CAAC,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAwCxF;IAED;;;OAGG;IACU,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,CAKlD;IAED,gEAAgE;IACnD,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAE/D;IAED;;;;;;OAMG;
|
|
1
|
+
{"version":3,"file":"key_store.d.ts","sourceRoot":"","sources":["../src/key_store.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,EAAE,EAAE,MAAM,gCAAgC,CAAC;AACpD,OAAO,EAAE,cAAc,EAAS,MAAM,mCAAmC,CAAC;AAE1E,OAAO,EAAE,KAAK,UAAU,EAAqB,MAAM,6BAA6B,CAAC;AACjF,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,SAAS,EAIf,MAAM,oBAAoB,CAAC;AAO5B;;GAEG;AACH,qBAAa,QAAQ;;IACnB,gBAAuB,cAAc,KAAK;IAI1C,YAAY,QAAQ,EAAE,iBAAiB,EAGtC;IAED;;;OAGG;IACI,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC,CAI/C;IAED;;;;;OAKG;IACU,UAAU,CAAC,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAwCxF;IAED;;;OAGG;IACU,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,CAKlD;IAED,gEAAgE;IACnD,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAE/D;IAED;;;;;;OAMG;IACI,uBAAuB,CAAC,OAAO,EAAE,EAAE,EAAE,eAAe,EAAE,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAwCxG;IAED;;;;;OAKG;IACU,2BAA2B,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAQlF;IAED;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAQxF;IAED;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAQxF;IAED;;;;;OAKG;IACU,yBAAyB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAQhF;IAED;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC,CAQ7F;IAED;;;;;;OAMG;IACU,8BAA8B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC,CAajG;IAED;;;;;;OAMG;IACI,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,cAAc,CAAC,CAwBjE;IAED;;;;;OAKG;IACI,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAWzE;IAED;;;;;OAKG;IACU,sBAAsB,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAczF;CACF"}
|
package/dest/key_store.js
CHANGED
|
@@ -81,33 +81,34 @@ import { KEY_PREFIXES, computeAppSecretKey, deriveKeys, derivePublicKeyFromSecre
|
|
|
81
81
|
* @param pkMHash - The master public key hash.
|
|
82
82
|
* @param contractAddress - The contract address to silo the secret key in the key validation request with.
|
|
83
83
|
* @returns The key validation request.
|
|
84
|
-
*/
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
84
|
+
*/ getKeyValidationRequest(pkMHash, contractAddress) {
|
|
85
|
+
return this.#db.transactionAsync(async ()=>{
|
|
86
|
+
const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkMHash);
|
|
87
|
+
// Now we find the master public key for the account
|
|
88
|
+
const pkMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}pk_m`);
|
|
89
|
+
if (!pkMBuffer) {
|
|
90
|
+
throw new Error(`Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
|
|
91
|
+
}
|
|
92
|
+
const pkM = Point.fromBuffer(pkMBuffer);
|
|
93
|
+
// Now we find the secret key for the public key
|
|
94
|
+
const skStorageSuffix = secretKeyStorageSuffix(keyPrefix);
|
|
95
|
+
const skMBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
96
|
+
if (!skMBuffer) {
|
|
97
|
+
throw new Error(`Could not find ${skStorageSuffix} for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
|
|
98
|
+
}
|
|
99
|
+
const skM = GrumpkinScalar.fromBuffer(skMBuffer);
|
|
100
|
+
// The remaining awaits are non-DB computations. They are safe because no further IDB operations follow them.
|
|
101
|
+
const computedPkMHash = await pkM.hash();
|
|
102
|
+
if (!computedPkMHash.equals(pkMHash)) {
|
|
103
|
+
throw new Error(`Could not find ${keyPrefix}pkM for ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
|
|
104
|
+
}
|
|
105
|
+
const derivedPkM = await derivePublicKeyFromSecretKey(skM);
|
|
106
|
+
if (!derivedPkM.equals(pkM)) {
|
|
107
|
+
throw new Error(`Could not derive ${keyPrefix}pkM from ${keyPrefix}skM.`);
|
|
108
|
+
}
|
|
109
|
+
const skApp = await computeAppSecretKey(skM, contractAddress, keyPrefix);
|
|
110
|
+
return new KeyValidationRequest(pkM, skApp);
|
|
111
|
+
});
|
|
111
112
|
}
|
|
112
113
|
/**
|
|
113
114
|
* Gets the master nullifier public key for a given account.
|
|
@@ -193,34 +194,39 @@ import { KEY_PREFIXES, computeAppSecretKey, deriveKeys, derivePublicKeyFromSecre
|
|
|
193
194
|
* @param pkM - The master public key to get secret key for.
|
|
194
195
|
* @returns A Promise that resolves to sk_m.
|
|
195
196
|
* @dev Used when feeding the sk_m to the kernel circuit for keys verification.
|
|
196
|
-
*/
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
197
|
+
*/ getMasterSecretKey(pkM) {
|
|
198
|
+
return this.#db.transactionAsync(async ()=>{
|
|
199
|
+
const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkM);
|
|
200
|
+
const skStorageSuffix = secretKeyStorageSuffix(keyPrefix);
|
|
201
|
+
const secretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
202
|
+
if (!secretKeyBuffer) {
|
|
203
|
+
throw new Error(`Could not find ${skStorageSuffix} for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`);
|
|
204
|
+
}
|
|
205
|
+
const skM = GrumpkinScalar.fromBuffer(secretKeyBuffer);
|
|
206
|
+
// Non-DB computation — safe because no further IDB operations follow.
|
|
207
|
+
const derivedpkM = await derivePublicKeyFromSecretKey(skM);
|
|
208
|
+
if (!derivedpkM.equals(pkM)) {
|
|
209
|
+
throw new Error(`Could not find ${skStorageSuffix} for ${keyPrefix}pkM ${pkM.toString()} in secret keys buffer.`);
|
|
210
|
+
}
|
|
211
|
+
return skM;
|
|
212
|
+
});
|
|
209
213
|
}
|
|
210
214
|
/**
|
|
211
215
|
* Checks whether a given account has a key matching the provided master public key hash.
|
|
212
216
|
* @param account - The account address to check.
|
|
213
217
|
* @param pkMHash - The master public key hash to look for.
|
|
214
218
|
* @returns True if the account has a key with the given hash.
|
|
215
|
-
*/
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
const
|
|
219
|
-
|
|
220
|
-
|
|
219
|
+
*/ accountHasKey(account, pkMHash) {
|
|
220
|
+
return this.#db.transactionAsync(async ()=>{
|
|
221
|
+
const pkMHashBuffer = serializeToBuffer(pkMHash);
|
|
222
|
+
for (const prefix of KEY_PREFIXES){
|
|
223
|
+
const stored = await this.#keys.getAsync(`${account.toString()}-${prefix}pk_m_hash`);
|
|
224
|
+
if (stored && Buffer.from(stored).equals(pkMHashBuffer)) {
|
|
225
|
+
return true;
|
|
226
|
+
}
|
|
221
227
|
}
|
|
222
|
-
|
|
223
|
-
|
|
228
|
+
return false;
|
|
229
|
+
});
|
|
224
230
|
}
|
|
225
231
|
/**
|
|
226
232
|
* Gets the key prefix and account address for a given value.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aztec/key-store",
|
|
3
|
-
"version": "0.0.1-commit.
|
|
3
|
+
"version": "0.0.1-commit.f7ea82942",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"exports": "./dest/index.js",
|
|
6
6
|
"typedocOptions": {
|
|
@@ -57,10 +57,10 @@
|
|
|
57
57
|
]
|
|
58
58
|
},
|
|
59
59
|
"dependencies": {
|
|
60
|
-
"@aztec/constants": "0.0.1-commit.
|
|
61
|
-
"@aztec/foundation": "0.0.1-commit.
|
|
62
|
-
"@aztec/kv-store": "0.0.1-commit.
|
|
63
|
-
"@aztec/stdlib": "0.0.1-commit.
|
|
60
|
+
"@aztec/constants": "0.0.1-commit.f7ea82942",
|
|
61
|
+
"@aztec/foundation": "0.0.1-commit.f7ea82942",
|
|
62
|
+
"@aztec/kv-store": "0.0.1-commit.f7ea82942",
|
|
63
|
+
"@aztec/stdlib": "0.0.1-commit.f7ea82942",
|
|
64
64
|
"tslib": "^2.4.0"
|
|
65
65
|
},
|
|
66
66
|
"devDependencies": {
|
package/src/key_store.ts
CHANGED
|
@@ -116,44 +116,46 @@ export class KeyStore {
|
|
|
116
116
|
* @param contractAddress - The contract address to silo the secret key in the key validation request with.
|
|
117
117
|
* @returns The key validation request.
|
|
118
118
|
*/
|
|
119
|
-
public
|
|
120
|
-
|
|
119
|
+
public getKeyValidationRequest(pkMHash: Fr, contractAddress: AztecAddress): Promise<KeyValidationRequest> {
|
|
120
|
+
return this.#db.transactionAsync(async () => {
|
|
121
|
+
const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkMHash);
|
|
122
|
+
|
|
123
|
+
// Now we find the master public key for the account
|
|
124
|
+
const pkMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}pk_m`);
|
|
125
|
+
if (!pkMBuffer) {
|
|
126
|
+
throw new Error(
|
|
127
|
+
`Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
|
|
128
|
+
);
|
|
129
|
+
}
|
|
121
130
|
|
|
122
|
-
|
|
123
|
-
const pkMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}pk_m`);
|
|
124
|
-
if (!pkMBuffer) {
|
|
125
|
-
throw new Error(
|
|
126
|
-
`Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
|
|
127
|
-
);
|
|
128
|
-
}
|
|
131
|
+
const pkM = Point.fromBuffer(pkMBuffer);
|
|
129
132
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
133
|
+
// Now we find the secret key for the public key
|
|
134
|
+
const skStorageSuffix = secretKeyStorageSuffix(keyPrefix);
|
|
135
|
+
const skMBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
136
|
+
if (!skMBuffer) {
|
|
137
|
+
throw new Error(
|
|
138
|
+
`Could not find ${skStorageSuffix} for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
|
|
139
|
+
);
|
|
140
|
+
}
|
|
135
141
|
|
|
136
|
-
|
|
137
|
-
const skStorageSuffix = secretKeyStorageSuffix(keyPrefix);
|
|
138
|
-
const skMBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
139
|
-
if (!skMBuffer) {
|
|
140
|
-
throw new Error(
|
|
141
|
-
`Could not find ${skStorageSuffix} for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
|
|
142
|
-
);
|
|
143
|
-
}
|
|
142
|
+
const skM = GrumpkinScalar.fromBuffer(skMBuffer);
|
|
144
143
|
|
|
145
|
-
|
|
144
|
+
// The remaining awaits are non-DB computations. They are safe because no further IDB operations follow them.
|
|
145
|
+
const computedPkMHash = await pkM.hash();
|
|
146
|
+
if (!computedPkMHash.equals(pkMHash)) {
|
|
147
|
+
throw new Error(`Could not find ${keyPrefix}pkM for ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
|
|
148
|
+
}
|
|
146
149
|
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
}
|
|
150
|
+
const derivedPkM = await derivePublicKeyFromSecretKey(skM);
|
|
151
|
+
if (!derivedPkM.equals(pkM)) {
|
|
152
|
+
throw new Error(`Could not derive ${keyPrefix}pkM from ${keyPrefix}skM.`);
|
|
153
|
+
}
|
|
152
154
|
|
|
153
|
-
|
|
154
|
-
const skApp = await computeAppSecretKey(skM, contractAddress, keyPrefix!);
|
|
155
|
+
const skApp = await computeAppSecretKey(skM, contractAddress, keyPrefix!);
|
|
155
156
|
|
|
156
|
-
|
|
157
|
+
return new KeyValidationRequest(pkM, skApp);
|
|
158
|
+
});
|
|
157
159
|
}
|
|
158
160
|
|
|
159
161
|
/**
|
|
@@ -265,24 +267,30 @@ export class KeyStore {
|
|
|
265
267
|
* @returns A Promise that resolves to sk_m.
|
|
266
268
|
* @dev Used when feeding the sk_m to the kernel circuit for keys verification.
|
|
267
269
|
*/
|
|
268
|
-
public
|
|
269
|
-
|
|
270
|
+
public getMasterSecretKey(pkM: PublicKey): Promise<GrumpkinScalar> {
|
|
271
|
+
return this.#db.transactionAsync(async () => {
|
|
272
|
+
const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkM);
|
|
273
|
+
|
|
274
|
+
const skStorageSuffix = secretKeyStorageSuffix(keyPrefix);
|
|
275
|
+
const secretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
276
|
+
if (!secretKeyBuffer) {
|
|
277
|
+
throw new Error(
|
|
278
|
+
`Could not find ${skStorageSuffix} for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`,
|
|
279
|
+
);
|
|
280
|
+
}
|
|
270
281
|
|
|
271
|
-
|
|
272
|
-
const secretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-${skStorageSuffix}`);
|
|
273
|
-
if (!secretKeyBuffer) {
|
|
274
|
-
throw new Error(
|
|
275
|
-
`Could not find ${skStorageSuffix} for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`,
|
|
276
|
-
);
|
|
277
|
-
}
|
|
282
|
+
const skM = GrumpkinScalar.fromBuffer(secretKeyBuffer);
|
|
278
283
|
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
+
// Non-DB computation — safe because no further IDB operations follow.
|
|
285
|
+
const derivedpkM = await derivePublicKeyFromSecretKey(skM);
|
|
286
|
+
if (!derivedpkM.equals(pkM)) {
|
|
287
|
+
throw new Error(
|
|
288
|
+
`Could not find ${skStorageSuffix} for ${keyPrefix}pkM ${pkM.toString()} in secret keys buffer.`,
|
|
289
|
+
);
|
|
290
|
+
}
|
|
284
291
|
|
|
285
|
-
|
|
292
|
+
return skM;
|
|
293
|
+
});
|
|
286
294
|
}
|
|
287
295
|
|
|
288
296
|
/**
|
|
@@ -291,15 +299,17 @@ export class KeyStore {
|
|
|
291
299
|
* @param pkMHash - The master public key hash to look for.
|
|
292
300
|
* @returns True if the account has a key with the given hash.
|
|
293
301
|
*/
|
|
294
|
-
public
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
const
|
|
298
|
-
|
|
299
|
-
|
|
302
|
+
public accountHasKey(account: AztecAddress, pkMHash: Fr): Promise<boolean> {
|
|
303
|
+
return this.#db.transactionAsync(async () => {
|
|
304
|
+
const pkMHashBuffer = serializeToBuffer(pkMHash);
|
|
305
|
+
for (const prefix of KEY_PREFIXES) {
|
|
306
|
+
const stored = await this.#keys.getAsync(`${account.toString()}-${prefix}pk_m_hash`);
|
|
307
|
+
if (stored && Buffer.from(stored).equals(pkMHashBuffer)) {
|
|
308
|
+
return true;
|
|
309
|
+
}
|
|
300
310
|
}
|
|
301
|
-
|
|
302
|
-
|
|
311
|
+
return false;
|
|
312
|
+
});
|
|
303
313
|
}
|
|
304
314
|
|
|
305
315
|
/**
|