@aztec/wallet-sdk 0.0.1-commit.d1f2d6c → 0.0.1-commit.d20b825a7

package/src/base-wallet/utils.ts

@@ -0,0 +1,240 @@
+import type { AztecNode } from '@aztec/aztec.js/node';
+import { TxSimulationResultWithAppOffset } from '@aztec/aztec.js/wallet';
+import { MAX_ENQUEUED_CALLS_PER_CALL } from '@aztec/constants';
+import type { ChainInfo } from '@aztec/entrypoints/interfaces';
+import { makeTuple } from '@aztec/foundation/array';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import type { Tuple } from '@aztec/foundation/serialize';
+import type { ContractNameResolver } from '@aztec/pxe/client/lazy';
+import { displayDebugLogs } from '@aztec/pxe/client/lazy';
+import { generateSimulatedProvingResult } from '@aztec/pxe/simulator';
+import { type FunctionCall, FunctionSelector } from '@aztec/stdlib/abi';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { GasSettings } from '@aztec/stdlib/gas';
+import {
+  ClaimedLengthArray,
+  CountedPublicCallRequest,
+  PrivateCircuitPublicInputs,
+  PublicCallRequest,
+} from '@aztec/stdlib/kernel';
+import { ChonkProof } from '@aztec/stdlib/proofs';
+import {
+  type BlockHeader,
+  type ExecutionPayload,
+  HashedValues,
+  PrivateCallExecutionResult,
+  PrivateExecutionResult,
+  PublicSimulationOutput,
+  Tx,
+  TxContext,
+  TxSimulationResult,
+} from '@aztec/stdlib/tx';
+
+/**
+ * Splits an execution payload into a leading prefix of public static calls
+ * (eligible for direct node simulation) and the remaining calls.
+ *
+ * Only a leading run of public static calls is eligible for optimization.
+ * Any non-public-static call may enqueue public state mutations
+ * (e.g. private calls can enqueue public calls), so all calls that follow
+ * must go through the normal simulation path to see the correct state.
+ *
+ */
+export function extractOptimizablePublicStaticCalls(payload: ExecutionPayload): {
+  /** Leading public static calls eligible for direct node simulation. */
+  optimizableCalls: FunctionCall[];
+  /** All remaining calls. */
+  remainingCalls: FunctionCall[];
+} {
+  const splitIndex = payload.calls.findIndex(call => !call.isPublicStatic());
+  const boundary = splitIndex === -1 ? payload.calls.length : splitIndex;
+  return {
+    optimizableCalls: payload.calls.slice(0, boundary),
+    remainingCalls: payload.calls.slice(boundary),
+  };
+}
+
+/**
+ * Simulates a batch of public static calls by bypassing account entrypoint and private execution,
+ * directly constructing a minimal Tx and calling node.simulatePublicCalls.
+ *
+ * @param node - The Aztec node to simulate on.
+ * @param publicStaticCalls - Array of public static function calls (max MAX_ENQUEUED_CALLS_PER_CALL).
+ * @param from - The account address making the calls.
+ * @param chainInfo - Chain information (chainId and version).
+ * @param gasSettings - Gas settings for the transaction.
+ * @param blockHeader - Block header to use as anchor.
+ * @param skipFeeEnforcement - Whether to skip fee enforcement during simulation.
+ * @returns TxSimulationResult with public return values.
+ */
+async function simulateBatchViaNode(
+  node: AztecNode,
+  publicStaticCalls: FunctionCall[],
+  from: AztecAddress,
+  chainInfo: ChainInfo,
+  gasSettings: GasSettings,
+  blockHeader: BlockHeader,
+  skipFeeEnforcement: boolean,
+  getContractName: ContractNameResolver,
+): Promise<TxSimulationResult> {
+  const txContext = new TxContext(chainInfo.chainId, chainInfo.version, gasSettings);
+
+  const publicFunctionCalldata: HashedValues[] = [];
+  for (const call of publicStaticCalls) {
+    const calldata = await HashedValues.fromCalldata([call.selector.toField(), ...call.args]);
+    publicFunctionCalldata.push(calldata);
+  }
+
+  const publicCallRequests = makeTuple(MAX_ENQUEUED_CALLS_PER_CALL, i => {
+    const call = publicStaticCalls[i];
+    if (!call) {
+      return CountedPublicCallRequest.empty();
+    }
+    const publicCallRequest = new PublicCallRequest(from, call.to, call.isStatic, publicFunctionCalldata[i]!.hash);
+    // Counter starts at 1 (minRevertibleSideEffectCounter) so all calls are revertible
+    return new CountedPublicCallRequest(publicCallRequest, i + 1);
+  });
+
+  const publicCallRequestsArray: ClaimedLengthArray<CountedPublicCallRequest, typeof MAX_ENQUEUED_CALLS_PER_CALL> =
+    new ClaimedLengthArray(
+      publicCallRequests as Tuple<CountedPublicCallRequest, typeof MAX_ENQUEUED_CALLS_PER_CALL>,
+      publicStaticCalls.length,
+    );
+
+  const publicInputs = PrivateCircuitPublicInputs.from({
+    ...PrivateCircuitPublicInputs.empty(),
+    anchorBlockHeader: blockHeader,
+    txContext: txContext,
+    publicCallRequests: publicCallRequestsArray,
+    startSideEffectCounter: new Fr(0),
+    endSideEffectCounter: new Fr(publicStaticCalls.length + 1),
+  });
+
+  // Minimal entrypoint structure — no real private execution, just public call requests
+  const emptyEntrypoint = new PrivateCallExecutionResult(
+    Buffer.alloc(0),
+    Buffer.alloc(0),
+    new Map(),
+    publicInputs,
+    [],
+    new Map(),
+    [],
+    [],
+    [],
+    [],
+    [],
+  );
+
+  const privateResult = new PrivateExecutionResult(emptyEntrypoint, Fr.random(), publicFunctionCalldata);
+
+  const provingResult = await generateSimulatedProvingResult(
+    privateResult,
+    (_contractAddress: AztecAddress, _functionSelector: FunctionSelector) => Promise.resolve(''),
+    node,
+    1, // minRevertibleSideEffectCounter
+  );
+
+  provingResult.publicInputs.feePayer = from;
+
+  const tx = await Tx.create({
+    data: provingResult.publicInputs,
+    chonkProof: ChonkProof.empty(),
+    contractClassLogFields: [],
+    publicFunctionCalldata: publicFunctionCalldata,
+  });
+
+  const publicOutput = await node.simulatePublicCalls(tx, skipFeeEnforcement);
+
+  if (publicOutput.revertReason) {
+    throw publicOutput.revertReason;
+  }
+
+  // Display debug logs from the public simulation.
+  await displayDebugLogs(publicOutput.debugLogs, getContractName);
+
+  return new TxSimulationResult(privateResult, provingResult.publicInputs, publicOutput, undefined);
+}
+
+/**
+ * Simulates public static calls by splitting them into batches of MAX_ENQUEUED_CALLS_PER_CALL
+ * and sending each batch directly to the node.
+ *
+ * @param node - The Aztec node to simulate on.
+ * @param publicStaticCalls - Array of public static function calls to optimize.
+ * @param from - The account address making the calls.
+ * @param chainInfo - Chain information (chainId and version).
+ * @param gasSettings - Gas settings for the transaction.
+ * @param blockHeader - Block header to use as anchor.
+ * @param skipFeeEnforcement - Whether to skip fee enforcement during simulation.
+ * @returns Array of TxSimulationResult, one per batch.
+ */
+export async function simulateViaNode(
+  node: AztecNode,
+  publicStaticCalls: FunctionCall[],
+  from: AztecAddress,
+  chainInfo: ChainInfo,
+  gasSettings: GasSettings,
+  blockHeader: BlockHeader,
+  skipFeeEnforcement: boolean = true,
+  getContractName: ContractNameResolver,
+): Promise<TxSimulationResult[]> {
+  const batches: FunctionCall[][] = [];
+
+  for (let i = 0; i < publicStaticCalls.length; i += MAX_ENQUEUED_CALLS_PER_CALL) {
+    batches.push(publicStaticCalls.slice(i, i + MAX_ENQUEUED_CALLS_PER_CALL));
+  }
+
+  const results: TxSimulationResult[] = [];
+
+  for (const batch of batches) {
+    const result = await simulateBatchViaNode(
+      node,
+      batch,
+      from,
+      chainInfo,
+      gasSettings,
+      blockHeader,
+      skipFeeEnforcement,
+      getContractName,
+    );
+    results.push(result);
+  }
+
+  return results;
+}
+
+/**
+ * Merges simulation results from the optimized (public static) and normal paths.
+ * Since optimized calls are always a leading prefix, return values are simply
+ * concatenated: optimized first, then normal.
+ * Stats are taken from the normal result only (the optimized path doesn't produce them).
+ *
+ * @param optimizedResults - Results from optimized public static call batches.
+ * @param normalResult - Result from normal simulation (null if all calls were optimized).
+ * @returns A single TxSimulationResult with return values in original call order.
+ */
+export function buildMergedSimulationResult(
+  optimizedResults: TxSimulationResult[],
+  normalResult: TxSimulationResultWithAppOffset | null,
+): TxSimulationResultWithAppOffset {
+  const optimizedReturnValues = optimizedResults.flatMap(r => r.publicOutput?.publicReturnValues ?? []);
+  const normalReturnValues = normalResult?.publicOutput?.publicReturnValues ?? [];
+  const allReturnValues = [...optimizedReturnValues, ...normalReturnValues];
+
+  const baseResult: TxSimulationResult = normalResult ?? optimizedResults[0];
+
+  const mergedPublicOutput: PublicSimulationOutput | undefined = baseResult.publicOutput
+    ? {
+        ...baseResult.publicOutput,
+        publicReturnValues: allReturnValues,
+      }
+    : undefined;
+
+  const merged = new TxSimulationResult(
+    baseResult.privateExecutionResult,
+    baseResult.publicInputs,
+    mergedPublicOutput,
+    normalResult?.stats,
+  );
+  return TxSimulationResultWithAppOffset.fromResultAndOffset(merged, normalResult?.appCallOffset ?? 0);
+}

package/src/crypto.ts

@@ -497,3 +497,107 @@ export function hashToEmoji(hash: string, count: number = DEFAULT_EMOJI_GRID_SIZ
   }
   return emojis.join('');
 }
+
+// ─── Passphrase-based encryption (PBKDF2 + AES-256-GCM) ───────────────────
+
+/** Default PBKDF2 iteration count. High to compensate for short PINs (~1-2s on modern hardware). */
+const DEFAULT_PBKDF2_ITERATIONS = 2_000_000;
+const PBKDF2_SALT_BYTES = 16;
+const PBKDF2_IV_BYTES = 12;
+
+/**
+ * Derives an AES-256-GCM key from a passphrase using PBKDF2-SHA256.
+ *
+ * @param passphrase - The user-provided passphrase or PIN
+ * @param salt - Random salt bytes
+ * @param iterations - PBKDF2 iteration count (default: 2,000,000)
+ * @returns An AES-256-GCM CryptoKey
+ */
+export async function deriveKeyFromPassphrase(
+  passphrase: string,
+  salt: Uint8Array,
+  iterations: number = DEFAULT_PBKDF2_ITERATIONS,
+): Promise<CryptoKey> {
+  const keyMaterial = await crypto.subtle.importKey('raw', new TextEncoder().encode(passphrase), 'PBKDF2', false, [
+    'deriveKey',
+  ]);
+  return crypto.subtle.deriveKey(
+    { name: 'PBKDF2', salt: salt as BufferSource, iterations, hash: 'SHA-256' },
+    keyMaterial,
+    { name: 'AES-GCM', length: 256 },
+    false,
+    ['encrypt', 'decrypt'],
+  );
+}
+
+/**
+ * Encrypts arbitrary bytes with a passphrase using PBKDF2 + AES-256-GCM.
+ *
+ * Output layout: `[salt (16)] [iv (12)] [ciphertext (...)]`
+ *
+ * @param plaintext - Data to encrypt
+ * @param passphrase - User passphrase or PIN
+ * @param iterations - PBKDF2 iteration count (default: 2,000,000)
+ * @returns A Uint8Array containing salt + iv + ciphertext
+ */
+export async function encryptWithPassphrase(
+  plaintext: Uint8Array,
+  passphrase: string,
+  iterations: number = DEFAULT_PBKDF2_ITERATIONS,
+): Promise<Uint8Array> {
+  const salt = crypto.getRandomValues(new Uint8Array(PBKDF2_SALT_BYTES));
+  const iv = crypto.getRandomValues(new Uint8Array(PBKDF2_IV_BYTES));
+  const key = await deriveKeyFromPassphrase(passphrase, salt, iterations);
+  const ciphertext = new Uint8Array(
+    await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, plaintext as BufferSource),
+  );
+  const result = new Uint8Array(PBKDF2_SALT_BYTES + PBKDF2_IV_BYTES + ciphertext.length);
+  result.set(salt, 0);
+  result.set(iv, PBKDF2_SALT_BYTES);
+  result.set(ciphertext, PBKDF2_SALT_BYTES + PBKDF2_IV_BYTES);
+  return result;
+}
+
+/**
+ * Decrypts data produced by {@link encryptWithPassphrase}.
+ *
+ * @param data - The encrypted blob (salt + iv + ciphertext)
+ * @param passphrase - The passphrase used during encryption
+ * @param iterations - PBKDF2 iteration count (must match encryption)
+ * @returns The decrypted plaintext bytes
+ * @throws On wrong passphrase (AES-GCM auth tag mismatch)
+ */
+export async function decryptWithPassphrase(
+  data: Uint8Array,
+  passphrase: string,
+  iterations: number = DEFAULT_PBKDF2_ITERATIONS,
+): Promise<Uint8Array> {
+  const salt = data.slice(0, PBKDF2_SALT_BYTES);
+  const iv = data.slice(PBKDF2_SALT_BYTES, PBKDF2_SALT_BYTES + PBKDF2_IV_BYTES);
+  const ciphertext = data.slice(PBKDF2_SALT_BYTES + PBKDF2_IV_BYTES);
+  const key = await deriveKeyFromPassphrase(passphrase, salt, iterations);
+  return new Uint8Array(await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext as BufferSource));
+}
+
+/**
+ * Converts a Uint8Array to a base64 string.
+ */
+export function uint8ToBase64(bytes: Uint8Array): string {
+  let binary = '';
+  for (const b of bytes) {
+    binary += String.fromCharCode(b);
+  }
+  return btoa(binary);
+}
+
+/**
+ * Converts a base64 string to a Uint8Array.
+ */
+export function base64ToUint8(b64: string): Uint8Array {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}

package/src/extension/provider/extension_wallet.ts

@@ -6,7 +6,7 @@ import { schemaHasMethod } from '@aztec/foundation/schemas';
 import type { FunctionsOf } from '@aztec/foundation/types';
 
 import { type EncryptedPayload, decrypt, encrypt } from '../../crypto.js';
-import { type WalletMessage, WalletMessageType, type WalletResponse } from '../../types.js';
+import { type DisconnectCallback, type WalletMessage, WalletMessageType, type WalletResponse } from '../../types.js';
 
 /**
  * Internal type representing a wallet method call before encryption.
@@ -19,11 +19,6 @@ type WalletMethodCall = {
   args: unknown[];
 };
 
-/**
- * Callback type for wallet disconnect events.
- */
-export type DisconnectCallback = () => void;
-
 /**
  * A wallet implementation that communicates with browser extension wallets
  * using an encrypted MessageChannel.
@@ -109,7 +104,7 @@ export class ExtensionWallet {
     sharedKey: CryptoKey,
     chainInfo: ChainInfo,
     appId: string,
-  ): Wallet {
+  ): ExtensionWallet {
     const wallet = new ExtensionWallet(chainInfo, appId, extensionId, port, sharedKey);
 
     // Set up message handler for encrypted responses and unencrypted control messages
@@ -127,8 +122,10 @@ export class ExtensionWallet {
     wallet.port.start();
 
     return new Proxy(wallet, {
-      get: (target, prop) => {
-        if (schemaHasMethod(WalletSchema, prop.toString())) {
+      get: (target, prop, receiver) => {
+        if (prop === 'asWallet') {
+          return () => receiver as unknown as Wallet;
+        } else if (schemaHasMethod(WalletSchema, prop.toString())) {
           return async (...args: unknown[]) => {
             const result = await target.postMessage({
               type: prop.toString() as keyof FunctionsOf<Wallet>,
@@ -140,7 +137,13 @@ export class ExtensionWallet {
           return target[prop as keyof ExtensionWallet];
         }
       },
-    }) as unknown as Wallet;
+    });
+  }
+
+  asWallet(): Wallet {
+    // Overridden by the proxy in create() to return the proxy itself.
+    // This body is never reached when accessed through create().
+    return this as unknown as Wallet;
   }
 
   /**

package/src/extension/provider/index.ts

@@ -1,4 +1,4 @@
-export { ExtensionWallet, type DisconnectCallback } from './extension_wallet.js';
+export { ExtensionWallet } from './extension_wallet.js';
 export {
   ExtensionProvider,
   type DiscoveredWallet,