@aztec/wallet-sdk 0.0.1-commit.fce3e4f → 0.0.1-commit.ffe5b04ea

package/dest/base-wallet/utils.js

@@ -0,0 +1,131 @@
+import { MAX_ENQUEUED_CALLS_PER_CALL } from '@aztec/constants';
+import { makeTuple } from '@aztec/foundation/array';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { displayDebugLogs } from '@aztec/pxe/client/lazy';
+import { generateSimulatedProvingResult } from '@aztec/pxe/simulator';
+import { ClaimedLengthArray, CountedPublicCallRequest, PrivateCircuitPublicInputs, PublicCallRequest } from '@aztec/stdlib/kernel';
+import { ChonkProof } from '@aztec/stdlib/proofs';
+import { HashedValues, PrivateCallExecutionResult, PrivateExecutionResult, Tx, TxContext, TxSimulationResult } from '@aztec/stdlib/tx';
+/**
+ * Splits an execution payload into a leading prefix of public static calls
+ * (eligible for direct node simulation) and the remaining calls.
+ *
+ * Only a leading run of public static calls is eligible for optimization.
+ * Any non-public-static call may enqueue public state mutations
+ * (e.g. private calls can enqueue public calls), so all calls that follow
+ * must go through the normal simulation path to see the correct state.
+ *
+ */ export function extractOptimizablePublicStaticCalls(payload) {
+    const splitIndex = payload.calls.findIndex((call)=>!call.isPublicStatic());
+    const boundary = splitIndex === -1 ? payload.calls.length : splitIndex;
+    return {
+        optimizableCalls: payload.calls.slice(0, boundary),
+        remainingCalls: payload.calls.slice(boundary)
+    };
+}
+/**
+ * Simulates a batch of public static calls by bypassing account entrypoint and private execution,
+ * directly constructing a minimal Tx and calling node.simulatePublicCalls.
+ *
+ * @param node - The Aztec node to simulate on.
+ * @param publicStaticCalls - Array of public static function calls (max MAX_ENQUEUED_CALLS_PER_CALL).
+ * @param from - The account address making the calls.
+ * @param chainInfo - Chain information (chainId and version).
+ * @param gasSettings - Gas settings for the transaction.
+ * @param blockHeader - Block header to use as anchor.
+ * @param skipFeeEnforcement - Whether to skip fee enforcement during simulation.
+ * @returns TxSimulationResult with public return values.
+ */ async function simulateBatchViaNode(node, publicStaticCalls, from, chainInfo, gasSettings, blockHeader, skipFeeEnforcement, getContractName) {
+    const txContext = new TxContext(chainInfo.chainId, chainInfo.version, gasSettings);
+    const publicFunctionCalldata = [];
+    for (const call of publicStaticCalls){
+        const calldata = await HashedValues.fromCalldata([
+            call.selector.toField(),
+            ...call.args
+        ]);
+        publicFunctionCalldata.push(calldata);
+    }
+    const publicCallRequests = makeTuple(MAX_ENQUEUED_CALLS_PER_CALL, (i)=>{
+        const call = publicStaticCalls[i];
+        if (!call) {
+            return CountedPublicCallRequest.empty();
+        }
+        const publicCallRequest = new PublicCallRequest(from, call.to, call.isStatic, publicFunctionCalldata[i].hash);
+        // Counter starts at 1 (minRevertibleSideEffectCounter) so all calls are revertible
+        return new CountedPublicCallRequest(publicCallRequest, i + 1);
+    });
+    const publicCallRequestsArray = new ClaimedLengthArray(publicCallRequests, publicStaticCalls.length);
+    const publicInputs = PrivateCircuitPublicInputs.from({
+        ...PrivateCircuitPublicInputs.empty(),
+        anchorBlockHeader: blockHeader,
+        txContext: txContext,
+        publicCallRequests: publicCallRequestsArray,
+        startSideEffectCounter: new Fr(0),
+        endSideEffectCounter: new Fr(publicStaticCalls.length + 1)
+    });
+    // Minimal entrypoint structure — no real private execution, just public call requests
+    const emptyEntrypoint = new PrivateCallExecutionResult(Buffer.alloc(0), Buffer.alloc(0), new Map(), publicInputs, [], new Map(), [], [], [], [], []);
+    const privateResult = new PrivateExecutionResult(emptyEntrypoint, Fr.random(), publicFunctionCalldata);
+    const provingResult = await generateSimulatedProvingResult(privateResult, (_contractAddress, _functionSelector)=>Promise.resolve(''), node, 1);
+    provingResult.publicInputs.feePayer = from;
+    const tx = await Tx.create({
+        data: provingResult.publicInputs,
+        chonkProof: ChonkProof.empty(),
+        contractClassLogFields: [],
+        publicFunctionCalldata: publicFunctionCalldata
+    });
+    const publicOutput = await node.simulatePublicCalls(tx, skipFeeEnforcement);
+    if (publicOutput.revertReason) {
+        throw publicOutput.revertReason;
+    }
+    // Display debug logs from the public simulation.
+    await displayDebugLogs(publicOutput.debugLogs, getContractName);
+    return new TxSimulationResult(privateResult, provingResult.publicInputs, publicOutput, undefined);
+}
+/**
+ * Simulates public static calls by splitting them into batches of MAX_ENQUEUED_CALLS_PER_CALL
+ * and sending each batch directly to the node.
+ *
+ * @param node - The Aztec node to simulate on.
+ * @param publicStaticCalls - Array of public static function calls to optimize.
+ * @param from - The account address making the calls.
+ * @param chainInfo - Chain information (chainId and version).
+ * @param gasSettings - Gas settings for the transaction.
+ * @param blockHeader - Block header to use as anchor.
+ * @param skipFeeEnforcement - Whether to skip fee enforcement during simulation.
+ * @returns Array of TxSimulationResult, one per batch.
+ */ export async function simulateViaNode(node, publicStaticCalls, from, chainInfo, gasSettings, blockHeader, skipFeeEnforcement = true, getContractName) {
+    const batches = [];
+    for(let i = 0; i < publicStaticCalls.length; i += MAX_ENQUEUED_CALLS_PER_CALL){
+        batches.push(publicStaticCalls.slice(i, i + MAX_ENQUEUED_CALLS_PER_CALL));
+    }
+    const results = [];
+    for (const batch of batches){
+        const result = await simulateBatchViaNode(node, batch, from, chainInfo, gasSettings, blockHeader, skipFeeEnforcement, getContractName);
+        results.push(result);
+    }
+    return results;
+}
+/**
+ * Merges simulation results from the optimized (public static) and normal paths.
+ * Since optimized calls are always a leading prefix, return values are simply
+ * concatenated: optimized first, then normal.
+ * Stats are taken from the normal result only (the optimized path doesn't produce them).
+ *
+ * @param optimizedResults - Results from optimized public static call batches.
+ * @param normalResult - Result from normal simulation (null if all calls were optimized).
+ * @returns A single TxSimulationResult with return values in original call order.
+ */ export function buildMergedSimulationResult(optimizedResults, normalResult) {
+    const optimizedReturnValues = optimizedResults.flatMap((r)=>r.publicOutput?.publicReturnValues ?? []);
+    const normalReturnValues = normalResult?.publicOutput?.publicReturnValues ?? [];
+    const allReturnValues = [
+        ...optimizedReturnValues,
+        ...normalReturnValues
+    ];
+    const baseResult = normalResult ?? optimizedResults[0];
+    const mergedPublicOutput = baseResult.publicOutput ? {
+        ...baseResult.publicOutput,
+        publicReturnValues: allReturnValues
+    } : undefined;
+    return new TxSimulationResult(baseResult.privateExecutionResult, baseResult.publicInputs, mergedPublicOutput, normalResult?.stats);
+}

package/dest/crypto.d.ts

@@ -0,0 +1,192 @@
+/**
+ * Exported public key in JWK format for transmission over untrusted channels.
+ *
+ * Contains only the public components of an ECDH P-256 key, safe to share.
+ */
+export interface ExportedPublicKey {
+    /** Key type - always "EC" for elliptic curve */
+    kty: string;
+    /** Curve name - always "P-256" */
+    crv: string;
+    /** X coordinate (base64url encoded) */
+    x: string;
+    /** Y coordinate (base64url encoded) */
+    y: string;
+}
+/**
+ * Encrypted message payload containing ciphertext and initialization vector.
+ *
+ * Both fields are base64-encoded for safe transmission as JSON.
+ */
+export interface EncryptedPayload {
+    /** Initialization vector (base64 encoded, 12 bytes) */
+    iv: string;
+    /** Ciphertext (base64 encoded) */
+    ciphertext: string;
+}
+/**
+ * ECDH key pair for secure communication.
+ *
+ * The private key should never be exported or transmitted.
+ * The public key can be exported via {@link exportPublicKey} for exchange.
+ */
+export interface SecureKeyPair {
+    /** Public key - safe to share */
+    publicKey: CryptoKey;
+    /** Private key - keep secret, used for key derivation */
+    privateKey: CryptoKey;
+}
+/**
+ * Session keys derived from ECDH key exchange.
+ *
+ * Contains both the encryption key and the verification hash (verificationHash)
+ * computed from a separate HMAC key.
+ */
+export interface SessionKeys {
+    /** AES-256-GCM key for message encryption/decryption */
+    encryptionKey: CryptoKey;
+    /** Hex-encoded verificationHash for verification */
+    verificationHash: string;
+}
+/**
+ * Generates an ECDH P-256 key pair for key exchange.
+ *
+ * The generated key pair can be used to derive session keys with another
+ * party's public key using {@link deriveSessionKeys}.
+ *
+ * @returns A new ECDH key pair
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const publicKey = await exportPublicKey(keyPair.publicKey);
+ * // Send publicKey to the other party
+ * ```
+ */
+export declare function generateKeyPair(): Promise<SecureKeyPair>;
+/**
+ * Exports a public key to JWK format for transmission.
+ *
+ * The exported key contains only public components and is safe to transmit
+ * over untrusted channels.
+ *
+ * @param publicKey - The CryptoKey public key to export
+ * @returns The public key in JWK format
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const exported = await exportPublicKey(keyPair.publicKey);
+ * // exported can be JSON serialized and sent to another party
+ * ```
+ */
+export declare function exportPublicKey(publicKey: CryptoKey): Promise<ExportedPublicKey>;
+/**
+ * Imports a public key from JWK format.
+ *
+ * Used to import the other party's public key for deriving session keys.
+ *
+ * @param exported - The public key in JWK format
+ * @returns A CryptoKey that can be used with {@link deriveSessionKeys}
+ *
+ * @example
+ * ```typescript
+ * // App side: receive wallet's public key and derive session
+ * const walletPublicKey = await importPublicKey(receivedWalletKey);
+ * const session = await deriveSessionKeys(appKeyPair, walletPublicKey, true);
+ * ```
+ */
+export declare function importPublicKey(exported: ExportedPublicKey): Promise<CryptoKey>;
+/**
+ * Derives session keys from ECDH key exchange using HKDF.
+ *
+ * This is the main key derivation function that produces:
+ * 1. An AES-256-GCM encryption key (first 256 bits)
+ * 2. An HMAC key for verificationHash computation (second 256 bits)
+ * 3. A verificationHash computed as HMAC(hmacKey, "aztec-wallet-verification-verificationHash")
+ *
+ * The keys are derived using a single HKDF call that produces 512 bits,
+ * then split into the two keys.
+ *
+ * @param ownKeyPair - The caller's ECDH key pair (private for ECDH, public for salt)
+ * @param peerPublicKey - The peer's ECDH public key (for ECDH and salt)
+ * @param isApp - true if caller is the app, false if caller is the wallet
+ * @returns Session keys containing encryption key and verificationHash
+ *
+ * @example
+ * ```typescript
+ * // App side
+ * const sessionA = await deriveSessionKeys(appKeyPair, walletPublicKey, true);
+ * // Wallet side
+ * const sessionB = await deriveSessionKeys(walletKeyPair, appPublicKey, false);
+ * // sessionA.verificationHash === sessionB.verificationHash
+ * ```
+ */
+export declare function deriveSessionKeys(ownKeyPair: SecureKeyPair, peerPublicKey: CryptoKey, isApp: boolean): Promise<SessionKeys>;
+/**
+ * Encrypts data using AES-256-GCM.
+ *
+ * A random 12-byte IV is generated for each encryption operation.
+ *
+ * AES-GCM provides both confidentiality and authenticity - any tampering
+ * with the ciphertext will cause decryption to fail.
+ *
+ * @param key - The AES-GCM key (from {@link deriveSessionKeys})
+ * @param data - The string data to encrypt (caller is responsible for serialization)
+ * @returns The encrypted payload with IV and ciphertext
+ *
+ * @example
+ * ```typescript
+ * const encrypted = await encrypt(session.encryptionKey, JSON.stringify({ action: 'transfer', amount: 100 }));
+ * // encrypted.iv and encrypted.ciphertext are base64 strings
+ * ```
+ */
+export declare function encrypt(key: CryptoKey, data: string): Promise<EncryptedPayload>;
+/**
+ * Decrypts data using AES-256-GCM.
+ *
+ * The decrypted data is JSON parsed before returning.
+ *
+ * @typeParam T - The expected type of the decrypted data
+ * @param key - The AES-GCM key (from {@link deriveSessionKeys})
+ * @param payload - The encrypted payload from {@link encrypt}
+ * @returns The decrypted and parsed data
+ *
+ * @throws Error if decryption fails (wrong key or tampered ciphertext)
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await decrypt<{ action: string; amount: number }>(session.encryptionKey, encrypted);
+ * console.log(decrypted.action); // 'transfer'
+ * ```
+ */
+export declare function decrypt<T = unknown>(key: CryptoKey, payload: EncryptedPayload): Promise<T>;
+/**
+ * Default grid size for emoji verification display.
+ * 3x3 grid = 9 emojis = 72 bits of security.
+ */
+export declare const DEFAULT_EMOJI_GRID_SIZE = 9;
+/**
+ * Converts a hex hash to an emoji sequence for visual verification.
+ *
+ * This is used for verification - both the dApp and wallet
+ * independently compute the same emoji sequence from the derived keys.
+ * Users can visually compare the sequences to detect interception.
+ *
+ * With a 256-emoji alphabet and 9 emojis (3x3 grid), this provides
+ * 72 bits of security (9 * 8 = 72 bits), making brute-force attacks
+ * computationally infeasible.
+ *
+ * @param hash - Hex string from verification hash (64 chars = 32 bytes)
+ * @param count - Number of emojis to generate (default: 9 for 3x3 grid)
+ * @returns A string of emojis representing the hash
+ *
+ * @example
+ * ```typescript
+ * const session = await deriveSessionKeys(...);
+ * const emoji = hashToEmoji(session.verificationHash); // e.g., "🔵🦋🎯🐼🌟🎲🦊🐸💎"
+ * // Display as 3x3 grid to user for verification
+ * ```
+ */
+export declare function hashToEmoji(hash: string, count?: number): string;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvY3J5cHRvLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQThEQTs7OztHQUlHO0FBQ0gsTUFBTSxXQUFXLGlCQUFpQjtJQUNoQyxnREFBZ0Q7SUFDaEQsR0FBRyxFQUFFLE1BQU0sQ0FBQztJQUNaLGtDQUFrQztJQUNsQyxHQUFHLEVBQUUsTUFBTSxDQUFDO0lBQ1osdUNBQXVDO0lBQ3ZDLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDVix1Q0FBdUM7SUFDdkMsQ0FBQyxFQUFFLE1BQU0sQ0FBQztDQUNYO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sV0FBVyxnQkFBZ0I7SUFDL0IsdURBQXVEO0lBQ3ZELEVBQUUsRUFBRSxNQUFNLENBQUM7SUFDWCxrQ0FBa0M7SUFDbEMsVUFBVSxFQUFFLE1BQU0sQ0FBQztDQUNwQjtBQUVEOzs7OztHQUtHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsaUNBQWlDO0lBQ2pDLFNBQVMsRUFBRSxTQUFTLENBQUM7SUFDckIseURBQXlEO0lBQ3pELFVBQVUsRUFBRSxTQUFTLENBQUM7Q0FDdkI7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sV0FBVyxXQUFXO0lBQzFCLHdEQUF3RDtJQUN4RCxhQUFhLEVBQUUsU0FBUyxDQUFDO0lBQ3pCLG9EQUFvRDtJQUNwRCxnQkFBZ0IsRUFBRSxNQUFNLENBQUM7Q0FDMUI7QUFTRDs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILHdCQUFzQixlQUFlLElBQUksT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQWE5RDtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUNILHdCQUFzQixlQUFlLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxPQUFPLENBQUMsaUJBQWlCLENBQUMsQ0FRdEY7QUFFRDs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILHdCQUFnQixlQUFlLENBQUMsUUFBUSxFQUFFLGlCQUFpQixHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FnQi9FO0FBc0REOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0F3Qkc7QUFDSCx3QkFBc0IsaUJBQWlCLENBQ3JDLFVBQVUsRUFBRSxhQUFhLEVBQ3pCLGFBQWEsRUFBRSxTQUFTLEVBQ3hCLEtBQUssRUFBRSxPQUFPLEdBQ2IsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQXdEdEI7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCx3QkFBc0IsT0FBTyxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsQ0FVckY7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCx3QkFBc0IsT0FBTyxDQUFDLENBQUMsR0FBRyxPQUFPLEVBQUUsR0FBRyxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQVFoRztBQXdERDs7O0dBR0c7QUFDSCxlQUFPLE1BQU0sdUJBQXVCLElBQUksQ0FBQztBQUV6Qzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBcUJHO0FBQ0gsd0JBQWdCLFdBQVcsQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFLEtBQUssR0FBRSxNQUFnQyxHQUFHLE1BQU0sQ0FPekYifQ==

package/dest/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AA8DA;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,CAAC,EAAE,MAAM,CAAC;IACV,uCAAuC;IACvC,CAAC,EAAE,MAAM,CAAC;CACX;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,iCAAiC;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,yDAAyD;IACzD,UAAU,EAAE,SAAS,CAAC;CACvB;AAED;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,aAAa,EAAE,SAAS,CAAC;IACzB,oDAAoD;IACpD,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AASD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,aAAa,CAAC,CAa9D;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAQtF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC,CAgB/E;AAsDD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,aAAa,EACzB,aAAa,EAAE,SAAS,EACxB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,WAAW,CAAC,CAwDtB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAUrF;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,CAQhG;AAwDD;;;GAGG;AACH,eAAO,MAAM,uBAAuB,IAAI,CAAC;AAEzC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,GAAE,MAAgC,GAAG,MAAM,CAOzF"}