@miradexio/client 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -292
- package/dist/address/base58.d.ts.map +1 -1
- package/dist/address/base58.js +1 -2
- package/dist/address/base58.js.map +1 -1
- package/dist/address/bech32.d.ts +0 -8
- package/dist/address/bech32.d.ts.map +1 -1
- package/dist/address/bech32.js +3 -9
- package/dist/address/bech32.js.map +1 -1
- package/dist/address/evm.d.ts.map +1 -1
- package/dist/address/evm.js +1 -2
- package/dist/address/evm.js.map +1 -1
- package/dist/address/index.d.ts +0 -6
- package/dist/address/index.d.ts.map +1 -1
- package/dist/address/index.js +6 -9
- package/dist/address/index.js.map +1 -1
- package/dist/address/monero.d.ts +0 -10
- package/dist/address/monero.d.ts.map +1 -1
- package/dist/address/monero.js +4 -10
- package/dist/address/monero.js.map +1 -1
- package/dist/address/polkadot.d.ts +0 -5
- package/dist/address/polkadot.d.ts.map +1 -1
- package/dist/address/polkadot.js +2 -6
- package/dist/address/polkadot.js.map +1 -1
- package/dist/address/ton.d.ts +0 -6
- package/dist/address/ton.d.ts.map +1 -1
- package/dist/address/ton.js +3 -8
- package/dist/address/ton.js.map +1 -1
- package/dist/api/index.d.ts +0 -19
- package/dist/api/index.d.ts.map +1 -1
- package/dist/api/index.js +18 -37
- package/dist/api/index.js.map +1 -1
- package/dist/atomic-swap/drive.d.ts +0 -13
- package/dist/atomic-swap/drive.d.ts.map +1 -1
- package/dist/atomic-swap/drive.js +66 -111
- package/dist/atomic-swap/drive.js.map +1 -1
- package/dist/atomic-swap/extract.d.ts +0 -23
- package/dist/atomic-swap/extract.d.ts.map +1 -1
- package/dist/atomic-swap/extract.js +6 -16
- package/dist/atomic-swap/extract.js.map +1 -1
- package/dist/atomic-swap/index.d.ts +0 -7
- package/dist/atomic-swap/index.d.ts.map +1 -1
- package/dist/atomic-swap/index.js +1 -7
- package/dist/atomic-swap/index.js.map +1 -1
- package/dist/atomic-swap/monero-sweep/errors.d.ts.map +1 -1
- package/dist/atomic-swap/monero-sweep/errors.js +5 -20
- package/dist/atomic-swap/monero-sweep/errors.js.map +1 -1
- package/dist/atomic-swap/monero-sweep/index.d.ts +0 -13
- package/dist/atomic-swap/monero-sweep/index.d.ts.map +1 -1
- package/dist/atomic-swap/monero-sweep/index.js +30 -56
- package/dist/atomic-swap/monero-sweep/index.js.map +1 -1
- package/dist/atomic-swap/monero-sweep/ring-select.d.ts +0 -4
- package/dist/atomic-swap/monero-sweep/ring-select.d.ts.map +1 -1
- package/dist/atomic-swap/monero-sweep/ring-select.js +9 -21
- package/dist/atomic-swap/monero-sweep/ring-select.js.map +1 -1
- package/dist/atomic-swap/presign.d.ts +0 -63
- package/dist/atomic-swap/presign.d.ts.map +1 -1
- package/dist/atomic-swap/presign.js +30 -90
- package/dist/atomic-swap/presign.js.map +1 -1
- package/dist/atomic-swap/refund.d.ts +0 -18
- package/dist/atomic-swap/refund.d.ts.map +1 -1
- package/dist/atomic-swap/refund.js +16 -32
- package/dist/atomic-swap/refund.js.map +1 -1
- package/dist/atomic-swap/run.d.ts +0 -17
- package/dist/atomic-swap/run.d.ts.map +1 -1
- package/dist/atomic-swap/run.js +11 -25
- package/dist/atomic-swap/run.js.map +1 -1
- package/dist/atomic-swap/snapshot.d.ts +0 -30
- package/dist/atomic-swap/snapshot.d.ts.map +1 -1
- package/dist/atomic-swap/snapshot.js +8 -23
- package/dist/atomic-swap/snapshot.js.map +1 -1
- package/dist/atomic-swap/submit-encsig.d.ts +0 -7
- package/dist/atomic-swap/submit-encsig.d.ts.map +1 -1
- package/dist/atomic-swap/submit-encsig.js +2 -11
- package/dist/atomic-swap/submit-encsig.js.map +1 -1
- package/dist/atomic-swap/types.d.ts +2 -55
- package/dist/atomic-swap/types.d.ts.map +1 -1
- package/dist/atomic-swap/types.js +2 -3
- package/dist/atomic-swap/types.js.map +1 -1
- package/dist/blockchain/quorum-provider.d.ts +0 -15
- package/dist/blockchain/quorum-provider.d.ts.map +1 -1
- package/dist/blockchain/quorum-provider.js +7 -9
- package/dist/blockchain/quorum-provider.js.map +1 -1
- package/dist/cooperative-redeem.d.ts +5 -14
- package/dist/cooperative-redeem.d.ts.map +1 -1
- package/dist/cooperative-redeem.js +3 -20
- package/dist/cooperative-redeem.js.map +1 -1
- package/dist/engine/blockchain-querier.d.ts +0 -22
- package/dist/engine/blockchain-querier.d.ts.map +1 -1
- package/dist/engine/engine-state.d.ts +0 -8
- package/dist/engine/engine-state.d.ts.map +1 -1
- package/dist/engine/engine-state.js.map +1 -1
- package/dist/engine/flow-context.d.ts +0 -20
- package/dist/engine/flow-context.d.ts.map +1 -1
- package/dist/engine/flow-context.js +17 -41
- package/dist/engine/flow-context.js.map +1 -1
- package/dist/engine/flows/atomic-flow.d.ts +0 -28
- package/dist/engine/flows/atomic-flow.d.ts.map +1 -1
- package/dist/engine/flows/atomic-flow.js +64 -121
- package/dist/engine/flows/atomic-flow.js.map +1 -1
- package/dist/engine/flows/swap-flow.d.ts +0 -19
- package/dist/engine/flows/swap-flow.d.ts.map +1 -1
- package/dist/engine/flows/swap-flow.js +41 -83
- package/dist/engine/flows/swap-flow.js.map +1 -1
- package/dist/engine/miradex-engine.d.ts +1 -62
- package/dist/engine/miradex-engine.d.ts.map +1 -1
- package/dist/engine/miradex-engine.js +18 -50
- package/dist/engine/miradex-engine.js.map +1 -1
- package/dist/engine/pipeline.d.ts +0 -11
- package/dist/engine/pipeline.d.ts.map +1 -1
- package/dist/engine/pipeline.js +9 -21
- package/dist/engine/pipeline.js.map +1 -1
- package/dist/engine/platform.d.ts +0 -160
- package/dist/engine/platform.d.ts.map +1 -1
- package/dist/engine/platform.js +2 -0
- package/dist/engine/platform.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +7 -11
- package/dist/index.js.map +1 -1
- package/dist/interfaces/blockchain.d.ts +1 -13
- package/dist/interfaces/blockchain.d.ts.map +1 -1
- package/dist/interfaces/blockchain.js +1 -0
- package/dist/interfaces/blockchain.js.map +1 -1
- package/dist/interfaces/logger.d.ts +0 -6
- package/dist/interfaces/logger.d.ts.map +1 -1
- package/dist/interfaces/logger.js.map +1 -1
- package/dist/lib/bitcoin/deposit-watcher.d.ts +0 -23
- package/dist/lib/bitcoin/deposit-watcher.d.ts.map +1 -1
- package/dist/lib/bitcoin/deposit-watcher.js +7 -31
- package/dist/lib/bitcoin/deposit-watcher.js.map +1 -1
- package/dist/lib/bitcoin/script-hash.d.ts.map +1 -1
- package/dist/lib/bitcoin/script-hash.js +2 -6
- package/dist/lib/bitcoin/script-hash.js.map +1 -1
- package/dist/lib/bitcoin/sweep.d.ts +0 -30
- package/dist/lib/bitcoin/sweep.d.ts.map +1 -1
- package/dist/lib/bitcoin/sweep.js +11 -40
- package/dist/lib/bitcoin/sweep.js.map +1 -1
- package/dist/lib/bitcoin/tx-verify.d.ts +0 -28
- package/dist/lib/bitcoin/tx-verify.d.ts.map +1 -1
- package/dist/lib/bitcoin/tx-verify.js +20 -61
- package/dist/lib/bitcoin/tx-verify.js.map +1 -1
- package/dist/lib/bitcoin/wallet.d.ts +0 -38
- package/dist/lib/bitcoin/wallet.d.ts.map +1 -1
- package/dist/lib/bitcoin/wallet.js +13 -38
- package/dist/lib/bitcoin/wallet.js.map +1 -1
- package/dist/lib/crypto/bytes.d.ts +0 -14
- package/dist/lib/crypto/bytes.d.ts.map +1 -1
- package/dist/lib/crypto/bytes.js +5 -14
- package/dist/lib/crypto/bytes.js.map +1 -1
- package/dist/lib/crypto/errors.d.ts +0 -5
- package/dist/lib/crypto/errors.d.ts.map +1 -1
- package/dist/lib/crypto/errors.js +2 -5
- package/dist/lib/crypto/errors.js.map +1 -1
- package/dist/lib/crypto/libp2p-identity.d.ts +0 -15
- package/dist/lib/crypto/libp2p-identity.d.ts.map +1 -1
- package/dist/lib/crypto/libp2p-identity.js +16 -28
- package/dist/lib/crypto/libp2p-identity.js.map +1 -1
- package/dist/lib/crypto/mnemonic.d.ts +0 -9
- package/dist/lib/crypto/mnemonic.d.ts.map +1 -1
- package/dist/lib/crypto/mnemonic.js +11 -27
- package/dist/lib/crypto/mnemonic.js.map +1 -1
- package/dist/lib/crypto/platform.d.ts +0 -6
- package/dist/lib/crypto/platform.d.ts.map +1 -1
- package/dist/lib/crypto/platform.js +2 -6
- package/dist/lib/crypto/platform.js.map +1 -1
- package/dist/lib/crypto/scalars.d.ts +0 -23
- package/dist/lib/crypto/scalars.d.ts.map +1 -1
- package/dist/lib/crypto/scalars.js +10 -23
- package/dist/lib/crypto/scalars.js.map +1 -1
- package/dist/lib/crypto/types.d.ts +0 -4
- package/dist/lib/crypto/types.d.ts.map +1 -1
- package/dist/lib/crypto/wasm.d.ts +0 -23
- package/dist/lib/crypto/wasm.d.ts.map +1 -1
- package/dist/lib/crypto/wasm.js +10 -13
- package/dist/lib/crypto/wasm.js.map +1 -1
- package/dist/lib/default-config.d.ts +1 -59
- package/dist/lib/default-config.d.ts.map +1 -1
- package/dist/lib/default-config.js +22 -61
- package/dist/lib/default-config.js.map +1 -1
- package/dist/lib/errors.d.ts +0 -54
- package/dist/lib/errors.d.ts.map +1 -1
- package/dist/lib/errors.js +12 -35
- package/dist/lib/errors.js.map +1 -1
- package/dist/lib/keystore.d.ts +0 -24
- package/dist/lib/keystore.d.ts.map +1 -1
- package/dist/lib/keystore.js +3 -10
- package/dist/lib/keystore.js.map +1 -1
- package/dist/lib/monero/output-scanner.d.ts +0 -18
- package/dist/lib/monero/output-scanner.d.ts.map +1 -1
- package/dist/lib/monero/output-scanner.js +17 -40
- package/dist/lib/monero/output-scanner.js.map +1 -1
- package/dist/lib/monero/rpc.d.ts +0 -64
- package/dist/lib/monero/rpc.d.ts.map +1 -1
- package/dist/lib/monero/rpc.js +17 -59
- package/dist/lib/monero/rpc.js.map +1 -1
- package/dist/lib/monero/verify-lock.d.ts +0 -12
- package/dist/lib/monero/verify-lock.d.ts.map +1 -1
- package/dist/lib/monero/verify-lock.js +9 -24
- package/dist/lib/monero/verify-lock.js.map +1 -1
- package/dist/lib/monero/verify-sweep.d.ts +0 -20
- package/dist/lib/monero/verify-sweep.d.ts.map +1 -1
- package/dist/lib/monero/verify-sweep.js +7 -25
- package/dist/lib/monero/verify-sweep.js.map +1 -1
- package/dist/lib/pow-solver.d.ts.map +1 -1
- package/dist/lib/pow-solver.js +3 -8
- package/dist/lib/pow-solver.js.map +1 -1
- package/dist/lib/retry.d.ts +7 -64
- package/dist/lib/retry.d.ts.map +1 -1
- package/dist/lib/retry.js +13 -13
- package/dist/lib/retry.js.map +1 -1
- package/dist/portable.d.ts.map +1 -1
- package/dist/portable.js +3 -4
- package/dist/portable.js.map +1 -1
- package/dist/quote-binding.d.ts +0 -13
- package/dist/quote-binding.d.ts.map +1 -1
- package/dist/quote-binding.js +3 -18
- package/dist/quote-binding.js.map +1 -1
- package/dist/swap-executor.d.ts +1 -5
- package/dist/swap-executor.d.ts.map +1 -1
- package/dist/swap-executor.js +1 -1
- package/dist/swap-executor.js.map +1 -1
- package/dist/types/api.d.ts +0 -6
- package/dist/types/api.d.ts.map +1 -1
- package/dist/types/api.js +6 -9
- package/dist/types/api.js.map +1 -1
- package/dist/types/errors.d.ts +0 -7
- package/dist/types/errors.d.ts.map +1 -1
- package/dist/types/errors.js +2 -7
- package/dist/types/errors.js.map +1 -1
- package/dist/types/index.js +1 -1
- package/dist/types/index.js.map +1 -1
- package/dist/types/keys.d.ts +0 -15
- package/dist/types/keys.d.ts.map +1 -1
- package/dist/types/protocol.d.ts +0 -51
- package/dist/types/protocol.d.ts.map +1 -1
- package/dist/types/protocol.js +3 -8
- package/dist/types/protocol.js.map +1 -1
- package/dist/types/status.d.ts.map +1 -1
- package/dist/types/status.js +9 -14
- package/dist/types/status.js.map +1 -1
- package/dist/types/verification.d.ts +0 -10
- package/dist/types/verification.d.ts.map +1 -1
- package/dist/types/verification.js +7 -15
- package/dist/types/verification.js.map +1 -1
- package/dist/verification/chainflip-networks.d.ts +2 -35
- package/dist/verification/chainflip-networks.d.ts.map +1 -1
- package/dist/verification/chainflip-networks.js +12 -4
- package/dist/verification/chainflip-networks.js.map +1 -1
- package/dist/verification/chainflip.d.ts +0 -40
- package/dist/verification/chainflip.d.ts.map +1 -1
- package/dist/verification/chainflip.js +49 -129
- package/dist/verification/chainflip.js.map +1 -1
- package/dist/verification/constants.d.ts +0 -40
- package/dist/verification/constants.d.ts.map +1 -1
- package/dist/verification/constants.js +14 -40
- package/dist/verification/constants.js.map +1 -1
- package/dist/verification/index.d.ts +0 -26
- package/dist/verification/index.d.ts.map +1 -1
- package/dist/verification/index.js +8 -12
- package/dist/verification/index.js.map +1 -1
- package/dist/verification/memo.d.ts +0 -15
- package/dist/verification/memo.d.ts.map +1 -1
- package/dist/verification/memo.js +9 -27
- package/dist/verification/memo.js.map +1 -1
- package/dist/verification/near-intents.d.ts +0 -63
- package/dist/verification/near-intents.d.ts.map +1 -1
- package/dist/verification/near-intents.js +25 -67
- package/dist/verification/near-intents.js.map +1 -1
- package/dist/verification/rate-oracle.d.ts +0 -22
- package/dist/verification/rate-oracle.d.ts.map +1 -1
- package/dist/verification/rate-oracle.js +6 -11
- package/dist/verification/rate-oracle.js.map +1 -1
- package/dist/verification/thorchain-networks.d.ts +0 -27
- package/dist/verification/thorchain-networks.d.ts.map +1 -1
- package/dist/verification/thorchain-networks.js +13 -15
- package/dist/verification/thorchain-networks.js.map +1 -1
- package/dist/verification/thorchain.d.ts +0 -30
- package/dist/verification/thorchain.d.ts.map +1 -1
- package/dist/verification/thorchain.js +24 -47
- package/dist/verification/thorchain.js.map +1 -1
- package/dist/wasm-pins.d.ts +3 -3
- package/dist/wasm-pins.js +1 -1
- package/dist/wire/near-intents.zod.d.ts +0 -27
- package/dist/wire/near-intents.zod.d.ts.map +1 -1
- package/dist/wire/near-intents.zod.js +15 -23
- package/dist/wire/near-intents.zod.js.map +1 -1
- package/dist/wire/server/action.zod.d.ts +0 -10
- package/dist/wire/server/action.zod.d.ts.map +1 -1
- package/dist/wire/server/action.zod.js +8 -14
- package/dist/wire/server/action.zod.js.map +1 -1
- package/dist/wire/server/common.zod.d.ts +0 -13
- package/dist/wire/server/common.zod.d.ts.map +1 -1
- package/dist/wire/server/common.zod.js +6 -14
- package/dist/wire/server/common.zod.js.map +1 -1
- package/dist/wire/server/swap.zod.d.ts +0 -42
- package/dist/wire/server/swap.zod.d.ts.map +1 -1
- package/dist/wire/server/swap.zod.js +12 -26
- package/dist/wire/server/swap.zod.js.map +1 -1
- package/dist/wire/thorchain.zod.d.ts +0 -8
- package/dist/wire/thorchain.zod.d.ts.map +1 -1
- package/dist/wire/thorchain.zod.js +3 -8
- package/dist/wire/thorchain.zod.js.map +1 -1
- package/package.json +4 -5
- package/wasm/miradex-rust/README.md +3 -4
- package/wasm/miradex-rust/miradex_rust.d.ts +4 -6
- package/wasm/miradex-rust/miradex_rust.js +4 -6
- package/wasm/miradex-rust/miradex_rust_bg.wasm +0 -0
|
@@ -9,35 +9,7 @@ export interface TxCancelVerification {
|
|
|
9
9
|
/** Block height at which TxCancel confirmed, present on the success path. */
|
|
10
10
|
readonly blockHeight?: number;
|
|
11
11
|
}
|
|
12
|
-
/**
|
|
13
|
-
* Verify a TxCancel transaction on-chain before sharing s_b.
|
|
14
|
-
*
|
|
15
|
-
* @param blockchain Connected blockchain data provider
|
|
16
|
-
* @param txCancelTxid Transaction ID from the server's cancel response
|
|
17
|
-
* @param txCancelHex Raw transaction hex from the server
|
|
18
|
-
* @param lockAddress The P2WSH lock address our BTC was funded to
|
|
19
|
-
* @param network Bitcoin network
|
|
20
|
-
*/
|
|
21
12
|
export declare function verifyTxCancel(blockchain: BlockchainDataProvider, txCancelTxid: string, txCancelHex: string, lockAddress: string, network: 'mainnet' | 'testnet' | 'regtest'): Promise<TxCancelVerification>;
|
|
22
|
-
/**
|
|
23
|
-
* Additional check: verify the lock address has been spent (no remaining UTXOs).
|
|
24
|
-
* This is a secondary confirmation that TxCancel actually consumed the locked funds.
|
|
25
|
-
*/
|
|
26
13
|
export declare function verifyLockAddressSpent(blockchain: BlockchainDataProvider, lockAddress: string, network: 'mainnet' | 'testnet' | 'regtest'): Promise<boolean>;
|
|
27
|
-
/**
|
|
28
|
-
* Discover and verify TxCancel entirely from on-chain data.
|
|
29
|
-
*
|
|
30
|
-
* Zero server trust — finds TxCancel by querying the lock address's transaction
|
|
31
|
-
* history via Electrum. The lock address will have exactly 2 transactions:
|
|
32
|
-
* TxLock (the deposit) and TxCancel (the spend).
|
|
33
|
-
*
|
|
34
|
-
* If depositTxid is known, we filter it out. If not, we identify TxCancel by
|
|
35
|
-
* checking which transaction spends FROM the lock address (has it as an input).
|
|
36
|
-
*
|
|
37
|
-
* @param blockchain Connected blockchain data provider
|
|
38
|
-
* @param lockAddress The P2WSH lock address
|
|
39
|
-
* @param depositTxid The known deposit (TxLock) txid, or empty string if unknown
|
|
40
|
-
* @param network Bitcoin network
|
|
41
|
-
*/
|
|
42
14
|
export declare function discoverAndVerifyTxCancel(blockchain: BlockchainDataProvider, lockAddress: string, depositTxid: string, network: 'mainnet' | 'testnet' | 'regtest'): Promise<TxCancelVerification>;
|
|
43
15
|
//# sourceMappingURL=tx-verify.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tx-verify.d.ts","sourceRoot":"","sources":["../../../src/lib/bitcoin/tx-verify.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tx-verify.d.ts","sourceRoot":"","sources":["../../../src/lib/bitcoin/tx-verify.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAI7E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,mFAAmF;IACnF,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,4EAA4E;IAC5E,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,6EAA6E;IAC7E,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAsB,cAAc,CAClC,UAAU,EAAE,sBAAsB,EAClC,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,GACzC,OAAO,CAAC,oBAAoB,CAAC,CAuC/B;AA6CD,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,sBAAsB,EAClC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,GACzC,OAAO,CAAC,OAAO,CAAC,CAQlB;AAKD,wBAAsB,yBAAyB,CAC7C,UAAU,EAAE,sBAAsB,EAClC,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,GACzC,OAAO,CAAC,oBAAoB,CAAC,CA2E/B"}
|
|
@@ -1,29 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
* 1. Fetch raw tx from Electrum independently (not from the server)
|
|
11
|
-
* 2. Confirm the server's hex matches the on-chain hex
|
|
12
|
-
* 3. Decode the tx and verify it spends from our known lock address
|
|
13
|
-
* 4. Confirm the tx is included in a block (height > 0)
|
|
14
|
-
*/
|
|
1
|
+
// Verify TxCancel on-chain before sharing s_b. Without this, a server lying
|
|
2
|
+
// about a confirmed TxCancel can trick us into leaking s_b; the maker then
|
|
3
|
+
// combines s_a + s_b to sweep XMR while leaving BTC locked.
|
|
4
|
+
//
|
|
5
|
+
// Steps:
|
|
6
|
+
// 1. fetch raw tx from Electrum independently
|
|
7
|
+
// 2. confirm server-supplied hex matches on-chain hex
|
|
8
|
+
// 3. decode + verify the tx spends from the known lock address
|
|
9
|
+
// 4. confirm block inclusion (height > 0)
|
|
15
10
|
import * as bitcoin from 'bitcoinjs-lib';
|
|
16
11
|
import { addressToScriptHash } from './script-hash.js';
|
|
17
12
|
import { uint8ArrayEquals } from '../crypto/bytes.js';
|
|
18
|
-
/**
|
|
19
|
-
* Verify a TxCancel transaction on-chain before sharing s_b.
|
|
20
|
-
*
|
|
21
|
-
* @param blockchain Connected blockchain data provider
|
|
22
|
-
* @param txCancelTxid Transaction ID from the server's cancel response
|
|
23
|
-
* @param txCancelHex Raw transaction hex from the server
|
|
24
|
-
* @param lockAddress The P2WSH lock address our BTC was funded to
|
|
25
|
-
* @param network Bitcoin network
|
|
26
|
-
*/
|
|
27
13
|
export async function verifyTxCancel(blockchain, txCancelTxid, txCancelHex, lockAddress, network) {
|
|
28
14
|
const onChainHex = await blockchain.getTransaction(txCancelTxid);
|
|
29
15
|
if (!onChainHex) {
|
|
@@ -59,33 +45,22 @@ export async function verifyTxCancel(blockchain, txCancelTxid, txCancelHex, lock
|
|
|
59
45
|
blockHeight: height,
|
|
60
46
|
};
|
|
61
47
|
}
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
*
|
|
66
|
-
* For P2WSH inputs, the previous output script is not directly in the tx.
|
|
67
|
-
* Instead, we verify using the script hash of the lock address against
|
|
68
|
-
* the Electrum UTXO list. As a belt-and-suspenders check, we also verify
|
|
69
|
-
* the lock address has no remaining UTXOs (the TxCancel spent them).
|
|
70
|
-
*/
|
|
48
|
+
// P2WSH inputs don't carry the previous output script. Re-derive the
|
|
49
|
+
// P2WSH from the witness script (last witness element) and compare to the
|
|
50
|
+
// lock address scriptPubKey.
|
|
71
51
|
function verifyTxSpendsFromAddress(rawHex, lockAddress, network) {
|
|
72
52
|
try {
|
|
73
53
|
const tx = bitcoin.Transaction.fromHex(rawHex);
|
|
74
54
|
const btcNetwork = network === 'mainnet' ? bitcoin.networks.bitcoin : (network === 'regtest' ? bitcoin.networks.regtest : bitcoin.networks.testnet);
|
|
75
|
-
// For P2WSH, the witness script's last push is the redeem script.
|
|
76
|
-
// We can derive the expected scriptPubKey from the lock address and compare.
|
|
77
55
|
const expectedOutput = bitcoin.address.toOutputScript(lockAddress, btcNetwork);
|
|
78
|
-
//
|
|
79
|
-
//
|
|
80
|
-
// as the last element; hashing it with OP_0 <SHA256> gives us the scriptPubKey.
|
|
56
|
+
// For each input, the last witness element is the witness script for
|
|
57
|
+
// P2WSH. Re-derive its P2WSH scriptPubKey and compare to the lock.
|
|
81
58
|
for (const input of tx.ins) {
|
|
82
59
|
if (!input.witness || input.witness.length === 0)
|
|
83
60
|
continue;
|
|
84
|
-
// The last witness element for P2WSH is the witness script
|
|
85
61
|
const witnessScript = input.witness[input.witness.length - 1];
|
|
86
62
|
if (!witnessScript || witnessScript.length === 0)
|
|
87
63
|
continue;
|
|
88
|
-
// Derive P2WSH scriptPubKey from the witness script
|
|
89
64
|
const p2wsh = bitcoin.payments.p2wsh({
|
|
90
65
|
redeem: { output: witnessScript },
|
|
91
66
|
network: btcNetwork,
|
|
@@ -101,10 +76,8 @@ function verifyTxSpendsFromAddress(rawHex, lockAddress, network) {
|
|
|
101
76
|
return false;
|
|
102
77
|
}
|
|
103
78
|
}
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
* This is a secondary confirmation that TxCancel actually consumed the locked funds.
|
|
107
|
-
*/
|
|
79
|
+
// Belt-and-suspenders: confirm the lock address has no remaining UTXOs
|
|
80
|
+
// (the TxCancel actually consumed them).
|
|
108
81
|
export async function verifyLockAddressSpent(blockchain, lockAddress, network) {
|
|
109
82
|
try {
|
|
110
83
|
const scriptHash = addressToScriptHash(lockAddress, network);
|
|
@@ -115,21 +88,9 @@ export async function verifyLockAddressSpent(blockchain, lockAddress, network) {
|
|
|
115
88
|
return false;
|
|
116
89
|
}
|
|
117
90
|
}
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
* Zero server trust — finds TxCancel by querying the lock address's transaction
|
|
122
|
-
* history via Electrum. The lock address will have exactly 2 transactions:
|
|
123
|
-
* TxLock (the deposit) and TxCancel (the spend).
|
|
124
|
-
*
|
|
125
|
-
* If depositTxid is known, we filter it out. If not, we identify TxCancel by
|
|
126
|
-
* checking which transaction spends FROM the lock address (has it as an input).
|
|
127
|
-
*
|
|
128
|
-
* @param blockchain Connected blockchain data provider
|
|
129
|
-
* @param lockAddress The P2WSH lock address
|
|
130
|
-
* @param depositTxid The known deposit (TxLock) txid, or empty string if unknown
|
|
131
|
-
* @param network Bitcoin network
|
|
132
|
-
*/
|
|
91
|
+
// Zero server trust: discover TxCancel by querying the lock address's
|
|
92
|
+
// Electrum history. The address has exactly 2 txs (TxLock + TxCancel); filter
|
|
93
|
+
// out the known depositTxid, otherwise find the tx that spends FROM the lock.
|
|
133
94
|
export async function discoverAndVerifyTxCancel(blockchain, lockAddress, depositTxid, network) {
|
|
134
95
|
const scriptHash = addressToScriptHash(lockAddress, network);
|
|
135
96
|
const history = await blockchain.getHistory(scriptHash);
|
|
@@ -139,8 +100,6 @@ export async function discoverAndVerifyTxCancel(blockchain, lockAddress, deposit
|
|
|
139
100
|
reason: `Lock address has ${String(history.length)} transaction(s) — TxCancel not yet broadcast`,
|
|
140
101
|
};
|
|
141
102
|
}
|
|
142
|
-
// Strategy A: If we know the deposit txid, filter it out
|
|
143
|
-
// Strategy B: If we don't, check each tx to find the one that spends FROM the lock address
|
|
144
103
|
let cancelTxid = '';
|
|
145
104
|
let cancelHeight = 0;
|
|
146
105
|
if (depositTxid) {
|
|
@@ -150,7 +109,7 @@ export async function discoverAndVerifyTxCancel(blockchain, lockAddress, deposit
|
|
|
150
109
|
cancelHeight = cancelEntry.height;
|
|
151
110
|
}
|
|
152
111
|
}
|
|
153
|
-
//
|
|
112
|
+
// No depositTxid: scan history for the tx that spends from the lock.
|
|
154
113
|
if (!cancelTxid) {
|
|
155
114
|
for (const entry of history) {
|
|
156
115
|
const hex = await blockchain.getTransaction(entry.tx_hash);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tx-verify.js","sourceRoot":"","sources":["../../../src/lib/bitcoin/tx-verify.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"tx-verify.js","sourceRoot":"","sources":["../../../src/lib/bitcoin/tx-verify.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,2EAA2E;AAC3E,4DAA4D;AAC5D,EAAE;AACF,SAAS;AACT,gDAAgD;AAChD,wDAAwD;AACxD,iEAAiE;AACjE,4CAA4C;AAE5C,OAAO,KAAK,OAAO,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAatD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAkC,EAClC,YAAoB,EACpB,WAAmB,EACnB,WAAmB,EACnB,OAA0C;IAE1C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IACjF,CAAC;IAED,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QAC/B,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,+DAA+D;SACxE,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACnE,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAChB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EACJ,MAAM,KAAK,CAAC;gBACV,CAAC,CAAC,kDAAkD;gBACpD,CAAC,CAAC,2CAA2C;SAClD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,6BAA6B,MAAM,CAAC,MAAM,CAAC,EAAE;QACrD,WAAW,EAAE,UAAU;QACvB,YAAY;QACZ,WAAW,EAAE,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,0EAA0E;AAC1E,6BAA6B;AAC7B,SAAS,yBAAyB,CAChC,MAAc,EACd,WAAmB,EACnB,OAA0C;IAE1C,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,UAAU,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpJ,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAE/E,qEAAqE;QACrE,mEAAmE;QACnE,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,GAAG,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE3D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE3D,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACnC,MAAM,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;gBACjC,OAAO,EAAE,UAAU;aACpB,CAAC,CAAC;YAEH,IACE,KAAK,CAAC,MAAM;gBACZ,gBAAgB,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,EAC9E,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,yCAAyC;AACzC,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,UAAkC,EAClC,WAAmB,EACnB,OAA0C;IAE1C,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACvD,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,UAAkC,EAClC,WAAmB,EACnB,WAAmB,EACnB,OAA0C;IAE1C,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAExD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,oBAAoB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,8CAA8C;SACjG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAAG,EAAE,CAAC;IACpB,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;QAC3E,IAAI,WAAW,EAAE,CAAC;YAChB,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC;YACjC,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC;QACpC,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,yBAAyB,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;gBACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC;gBAC3B,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC;gBAC5B,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,qDAAqD;SAC9D,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EACJ,YAAY,KAAK,CAAC;gBAChB,CAAC,CAAC,kDAAkD;gBACpD,CAAC,CAAC,0CAA0C;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC/E,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,4DAA4D;SACrE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,YAAY,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,2BAA2B,MAAM,CAAC,YAAY,CAAC,EAAE;QAC5F,WAAW,EAAE,MAAM;QACnB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,YAAY;KAC1B,CAAC;AACJ,CAAC"}
|
|
@@ -5,23 +5,8 @@ export interface TempBtcWallet {
|
|
|
5
5
|
readonly publicKey: Buffer;
|
|
6
6
|
readonly wif: string;
|
|
7
7
|
}
|
|
8
|
-
/**
|
|
9
|
-
* Create an ephemeral P2WPKH wallet. The private key is held in memory only
|
|
10
|
-
* and must be persisted via `createKeystore` if the caller needs to resume.
|
|
11
|
-
*/
|
|
12
8
|
export declare function createTempWallet(network?: 'mainnet' | 'testnet' | 'regtest'): TempBtcWallet;
|
|
13
|
-
/**
|
|
14
|
-
* Sign every input of a PSBT with the wallet's key pair and finalise.
|
|
15
|
-
* Returns the base64-encoded signed PSBT.
|
|
16
|
-
*/
|
|
17
9
|
export declare function signPsbt(psbtBase64: string, wallet: TempBtcWallet, network?: 'mainnet' | 'testnet' | 'regtest'): string;
|
|
18
|
-
/**
|
|
19
|
-
* Identity of the lock transaction derivable from an unsigned PSBT.
|
|
20
|
-
*
|
|
21
|
-
* Segwit txid is invariant to signing — it's hash(version, inputs, outputs,
|
|
22
|
-
* locktime) without witnesses — so callers can trust this matches what the
|
|
23
|
-
* sidecar will broadcast after `signFundingPsbt`.
|
|
24
|
-
*/
|
|
25
10
|
export interface UnsignedFundingPsbt {
|
|
26
11
|
/** Base64-encoded UNSIGNED PSBT, ready to send to the sidecar in /presigs. */
|
|
27
12
|
readonly psbtBase64: string;
|
|
@@ -32,40 +17,17 @@ export interface UnsignedFundingPsbt {
|
|
|
32
17
|
/** Lock-output value in satoshis. */
|
|
33
18
|
readonly amountSats: number;
|
|
34
19
|
}
|
|
35
|
-
/**
|
|
36
|
-
* Build an UNSIGNED PSBT that pays from the wallet's UTXOs to a lock address.
|
|
37
|
-
*
|
|
38
|
-
* Returns the unsigned PSBT plus the deterministic txid+vout+value the sidecar
|
|
39
|
-
* uses to drive the libp2p protocol's Message2/3 with Alice. Sign later with
|
|
40
|
-
* `signFundingPsbt` once the encsig has been received and a snapshot persisted.
|
|
41
|
-
*
|
|
42
|
-
* @param lockAmountSats — Exact output amount the protocol negotiated. MUST
|
|
43
|
-
* match what Alice expects in Message2; mismatches cause rejection. When
|
|
44
|
-
* omitted, falls back to the total UTXO value (zero mining fee — testing only).
|
|
45
|
-
*/
|
|
46
20
|
export declare function buildUnsignedFundingPsbt(wallet: TempBtcWallet, utxos: readonly {
|
|
47
21
|
readonly txid: string;
|
|
48
22
|
readonly vout: number;
|
|
49
23
|
readonly value: number;
|
|
50
24
|
}[], lockAddress: string, network?: 'mainnet' | 'testnet' | 'regtest', lockAmountSats?: number): UnsignedFundingPsbt;
|
|
51
|
-
/**
|
|
52
|
-
* Sign a previously-built unsigned funding PSBT. Returns the base64 of the
|
|
53
|
-
* fully-signed, finalized PSBT, ready to broadcast (or to forward to the
|
|
54
|
-
* sidecar's /fund endpoint).
|
|
55
|
-
*/
|
|
56
25
|
export declare function signFundingPsbt(unsignedPsbtBase64: string, wallet: TempBtcWallet, network?: 'mainnet' | 'testnet' | 'regtest'): string;
|
|
57
|
-
/**
|
|
58
|
-
* Backwards-compatible build+sign in one call. Prefer `buildUnsignedFundingPsbt`
|
|
59
|
-
* + `signFundingPsbt` so the snapshot can be written between the two steps.
|
|
60
|
-
*/
|
|
61
26
|
export declare function buildAndSignFundingPsbt(wallet: TempBtcWallet, utxos: readonly {
|
|
62
27
|
readonly txid: string;
|
|
63
28
|
readonly vout: number;
|
|
64
29
|
readonly value: number;
|
|
65
30
|
}[], lockAddress: string, network?: 'mainnet' | 'testnet' | 'regtest', lockAmountSats?: number): string;
|
|
66
|
-
/**
|
|
67
|
-
* Recover a wallet instance from a WIF-encoded private key.
|
|
68
|
-
*/
|
|
69
31
|
export declare function walletFromWif(wif: string, network?: 'mainnet' | 'testnet' | 'regtest'): TempBtcWallet;
|
|
70
32
|
export {};
|
|
71
33
|
//# sourceMappingURL=wallet.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/lib/bitcoin/wallet.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/lib/bitcoin/wallet.ts"],"names":[],"mappings":"AASA,QAAA,MAAM,MAAM,KAAqB,CAAC;AAElC,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;IACvD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAGD,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GAAG,aAAa,CAiBtG;AAGD,wBAAgB,QAAQ,CACtB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,aAAa,EACrB,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACrD,MAAM,CAQR;AAID,MAAM,WAAW,mBAAmB;IAClC,8EAA8E;IAC9E,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,uEAAuE;IACvE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAMD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,SAAS;IAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,EAC1F,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,EACtD,cAAc,CAAC,EAAE,MAAM,GACtB,mBAAmB,CA4DrB;AAGD,wBAAgB,eAAe,CAC7B,kBAAkB,EAAE,MAAM,EAC1B,MAAM,EAAE,aAAa,EACrB,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACrD,MAAM,CAER;AAID,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,SAAS;IAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,EAC1F,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,EACtD,cAAc,CAAC,EAAE,MAAM,GACtB,MAAM,CAGR;AAED,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACrD,aAAa,CAiBf"}
|
|
@@ -1,17 +1,12 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
* Keys are generated in-memory and persisted only via the keystore file.
|
|
4
|
-
*/
|
|
1
|
+
// Ephemeral P2WPKH wallet for the atomic-swap lock tx; keys live in memory
|
|
2
|
+
// only and persist via the keystore file.
|
|
5
3
|
import * as bitcoin from 'bitcoinjs-lib';
|
|
6
4
|
import { ECPairFactory } from 'ecpair';
|
|
7
5
|
import * as ecc from 'tiny-secp256k1';
|
|
8
6
|
import { VerificationError } from '../../types/index.js';
|
|
9
7
|
bitcoin.initEccLib(ecc);
|
|
10
8
|
const ECPair = ECPairFactory(ecc);
|
|
11
|
-
|
|
12
|
-
* Create an ephemeral P2WPKH wallet. The private key is held in memory only
|
|
13
|
-
* and must be persisted via `createKeystore` if the caller needs to resume.
|
|
14
|
-
*/
|
|
9
|
+
// Persist via createKeystore if the caller needs resume.
|
|
15
10
|
export function createTempWallet(network = 'mainnet') {
|
|
16
11
|
const net = network === 'mainnet' ? bitcoin.networks.bitcoin : (network === 'regtest' ? bitcoin.networks.regtest : bitcoin.networks.testnet);
|
|
17
12
|
const keyPair = ECPair.makeRandom({ network: net });
|
|
@@ -28,10 +23,7 @@ export function createTempWallet(network = 'mainnet') {
|
|
|
28
23
|
wif: keyPair.toWIF(),
|
|
29
24
|
};
|
|
30
25
|
}
|
|
31
|
-
|
|
32
|
-
* Sign every input of a PSBT with the wallet's key pair and finalise.
|
|
33
|
-
* Returns the base64-encoded signed PSBT.
|
|
34
|
-
*/
|
|
26
|
+
// Sign every input with the wallet's keypair, finalise, return base64.
|
|
35
27
|
export function signPsbt(psbtBase64, wallet, network = 'mainnet') {
|
|
36
28
|
const net = network === 'mainnet' ? bitcoin.networks.bitcoin : (network === 'regtest' ? bitcoin.networks.regtest : bitcoin.networks.testnet);
|
|
37
29
|
const psbt = bitcoin.Psbt.fromBase64(psbtBase64, { network: net });
|
|
@@ -39,17 +31,10 @@ export function signPsbt(psbtBase64, wallet, network = 'mainnet') {
|
|
|
39
31
|
psbt.finalizeAllInputs();
|
|
40
32
|
return psbt.toBase64();
|
|
41
33
|
}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
* uses to drive the libp2p protocol's Message2/3 with Alice. Sign later with
|
|
47
|
-
* `signFundingPsbt` once the encsig has been received and a snapshot persisted.
|
|
48
|
-
*
|
|
49
|
-
* @param lockAmountSats — Exact output amount the protocol negotiated. MUST
|
|
50
|
-
* match what Alice expects in Message2; mismatches cause rejection. When
|
|
51
|
-
* omitted, falls back to the total UTXO value (zero mining fee — testing only).
|
|
52
|
-
*/
|
|
34
|
+
// Build an unsigned PSBT paying from the wallet's UTXOs to lockAddress.
|
|
35
|
+
// Returns the deterministic txid+vout+value the sidecar uses for Message2/3.
|
|
36
|
+
// Sign later with signFundingPsbt, after encsig + snapshot.
|
|
37
|
+
// lockAmountSats MUST match Message2; omitted = full UTXO value (testing only).
|
|
53
38
|
export function buildUnsignedFundingPsbt(wallet, utxos, lockAddress, network = 'mainnet', lockAmountSats) {
|
|
54
39
|
if (utxos.length === 0)
|
|
55
40
|
throw new Error('At least one UTXO is required');
|
|
@@ -83,9 +68,8 @@ export function buildUnsignedFundingPsbt(wallet, utxos, lockAddress, network = '
|
|
|
83
68
|
address: lockAddress,
|
|
84
69
|
value: BigInt(outputSats),
|
|
85
70
|
});
|
|
86
|
-
//
|
|
87
|
-
//
|
|
88
|
-
// Psbt, so reconstruct one from the public input/output lists.
|
|
71
|
+
// Segwit txid is fixed once inputs/outputs are set, but bitcoinjs-lib
|
|
72
|
+
// doesn't expose an unsigned-tx accessor on Psbt. Rebuild manually.
|
|
89
73
|
const tx = new bitcoin.Transaction();
|
|
90
74
|
tx.version = 2;
|
|
91
75
|
tx.locktime = 0;
|
|
@@ -103,25 +87,16 @@ export function buildUnsignedFundingPsbt(wallet, utxos, lockAddress, network = '
|
|
|
103
87
|
amountSats: outputSats,
|
|
104
88
|
};
|
|
105
89
|
}
|
|
106
|
-
|
|
107
|
-
* Sign a previously-built unsigned funding PSBT. Returns the base64 of the
|
|
108
|
-
* fully-signed, finalized PSBT, ready to broadcast (or to forward to the
|
|
109
|
-
* sidecar's /fund endpoint).
|
|
110
|
-
*/
|
|
90
|
+
// Returns base64 of the fully-signed PSBT, ready to broadcast or POST /fund.
|
|
111
91
|
export function signFundingPsbt(unsignedPsbtBase64, wallet, network = 'mainnet') {
|
|
112
92
|
return signPsbt(unsignedPsbtBase64, wallet, network);
|
|
113
93
|
}
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
* + `signFundingPsbt` so the snapshot can be written between the two steps.
|
|
117
|
-
*/
|
|
94
|
+
// Back-compat helper. Prefer build + sign separately so the snapshot can
|
|
95
|
+
// be written between the two.
|
|
118
96
|
export function buildAndSignFundingPsbt(wallet, utxos, lockAddress, network = 'mainnet', lockAmountSats) {
|
|
119
97
|
const unsigned = buildUnsignedFundingPsbt(wallet, utxos, lockAddress, network, lockAmountSats);
|
|
120
98
|
return signFundingPsbt(unsigned.psbtBase64, wallet, network);
|
|
121
99
|
}
|
|
122
|
-
/**
|
|
123
|
-
* Recover a wallet instance from a WIF-encoded private key.
|
|
124
|
-
*/
|
|
125
100
|
export function walletFromWif(wif, network = 'mainnet') {
|
|
126
101
|
const net = network === 'mainnet' ? bitcoin.networks.bitcoin : (network === 'regtest' ? bitcoin.networks.regtest : bitcoin.networks.testnet);
|
|
127
102
|
const keyPair = ECPair.fromWIF(wif, net);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../../src/lib/bitcoin/wallet.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../../src/lib/bitcoin/wallet.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,0CAA0C;AAE1C,OAAO,KAAK,OAAO,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AACxB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;AASlC,yDAAyD;AACzD,MAAM,UAAU,gBAAgB,CAAC,UAA6C,SAAS;IACrF,MAAM,GAAG,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7I,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;IAEpD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC1C,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACtC,OAAO,EAAE,GAAG;KACb,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO;QACL,OAAO;QACP,OAAO;QACP,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACzC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE;KACrB,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,QAAQ,CACtB,UAAkB,EAClB,MAAqB,EACrB,UAA6C,SAAS;IAEtD,MAAM,GAAG,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7I,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAEzB,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;AACzB,CAAC;AAeD,wEAAwE;AACxE,6EAA6E;AAC7E,4DAA4D;AAC5D,gFAAgF;AAChF,MAAM,UAAU,wBAAwB,CACtC,MAAqB,EACrB,KAA0F,EAC1F,WAAmB,EACnB,UAA6C,SAAS,EACtD,cAAuB;IAEvB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAEzE,MAAM,GAAG,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7I,IAAI,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,iBAAiB,CACzB,qBAAqB,EACrB,eAAe,WAAW,mBAAmB,OAAO,EAAE,CACvD,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;IAEhD,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;QAC7C,OAAO,EAAE,GAAG;KACb,CAAC,CAAC;IACH,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAEtE,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEnE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC;YACZ,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,WAAW,EAAE;gBACX,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aAC1B;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,IAAI,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC;IAE3F,IAAI,CAAC,SAAS,CAAC;QACb,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC;KAC1B,CAAC,CAAC;IAEH,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,EAAE,GAAG,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IACrC,EAAE,CAAC,OAAO,GAAG,CAAC,CAAC;IACf,EAAE,CAAC,QAAQ,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,UAAU,CAAC,CAAC;IACrE,CAAC;IACD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACpC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;IAExB,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE;QAC3B,IAAI;QACJ,IAAI,EAAE,CAAC;QACP,UAAU,EAAE,UAAU;KACvB,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,eAAe,CAC7B,kBAA0B,EAC1B,MAAqB,EACrB,UAA6C,SAAS;IAEtD,OAAO,QAAQ,CAAC,kBAAkB,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,yEAAyE;AACzE,8BAA8B;AAC9B,MAAM,UAAU,uBAAuB,CACrC,MAAqB,EACrB,KAA0F,EAC1F,WAAmB,EACnB,UAA6C,SAAS,EACtD,cAAuB;IAEvB,MAAM,QAAQ,GAAG,wBAAwB,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IAC/F,OAAO,eAAe,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,UAA6C,SAAS;IAEtD,MAAM,GAAG,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7I,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAEzC,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC1C,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACtC,OAAO,EAAE,GAAG;KACb,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAEvE,OAAO;QACL,OAAO;QACP,OAAO;QACP,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACzC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE;KACrB,CAAC;AACJ,CAAC"}
|
|
@@ -2,20 +2,6 @@ import { bytesToHex as toHex, hexToBytes as fromHex } from '@noble/hashes/utils.
|
|
|
2
2
|
export { toHex as bytesToHex, fromHex as hexToBytes };
|
|
3
3
|
/** Byte-wise equality for two `Uint8Array`s of any length. */
|
|
4
4
|
export declare function uint8ArrayEquals(a: Uint8Array, b: Uint8Array): boolean;
|
|
5
|
-
/**
|
|
6
|
-
* Constant-time equality over two equal-length hex strings. Canonical
|
|
7
|
-
* comparator for hex-encoded bytes in the client; used for digest, pubkey, and
|
|
8
|
-
* txid equality checks.
|
|
9
|
-
*
|
|
10
|
-
* @remarks Hex itself is not secret at the boundaries this function is used
|
|
11
|
-
* today, but keeping one comparator avoids footguns when future code compares
|
|
12
|
-
* a secret-dependent hex value.
|
|
13
|
-
*/
|
|
14
5
|
export declare function constantTimeEqualHex(a: string, b: string): boolean;
|
|
15
|
-
/**
|
|
16
|
-
* Zero-fill a buffer holding secret bytes. Best-effort; V8 may copy buffers
|
|
17
|
-
* internally, so this is a defence-in-depth mechanism alongside minimising
|
|
18
|
-
* secret lifetime (AV-G.2).
|
|
19
|
-
*/
|
|
20
6
|
export declare function wipe(buf: Uint8Array): void;
|
|
21
7
|
//# sourceMappingURL=bytes.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bytes.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/bytes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,KAAK,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAEpF,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,EAAE,CAAC;AAEtD,8DAA8D;AAC9D,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAMtE;
|
|
1
|
+
{"version":3,"file":"bytes.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/bytes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,KAAK,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAEpF,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,EAAE,CAAC;AAEtD,8DAA8D;AAC9D,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAMtE;AAKD,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAOlE;AAID,wBAAgB,IAAI,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAE1C"}
|
package/dist/lib/crypto/bytes.js
CHANGED
|
@@ -10,15 +10,9 @@ export function uint8ArrayEquals(a, b) {
|
|
|
10
10
|
}
|
|
11
11
|
return true;
|
|
12
12
|
}
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
* txid equality checks.
|
|
17
|
-
*
|
|
18
|
-
* @remarks Hex itself is not secret at the boundaries this function is used
|
|
19
|
-
* today, but keeping one comparator avoids footguns when future code compares
|
|
20
|
-
* a secret-dependent hex value.
|
|
21
|
-
*/
|
|
13
|
+
// One CT comparator for digest / pubkey / txid checks. Hex isn't itself
|
|
14
|
+
// secret today, but keeping one comparator avoids footguns when a future
|
|
15
|
+
// caller compares a secret-dependent hex value.
|
|
22
16
|
export function constantTimeEqualHex(a, b) {
|
|
23
17
|
if (a.length !== b.length)
|
|
24
18
|
return false;
|
|
@@ -28,11 +22,8 @@ export function constantTimeEqualHex(a, b) {
|
|
|
28
22
|
}
|
|
29
23
|
return acc === 0;
|
|
30
24
|
}
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
* internally, so this is a defence-in-depth mechanism alongside minimising
|
|
34
|
-
* secret lifetime (AV-G.2).
|
|
35
|
-
*/
|
|
25
|
+
// AV-G.2: zero-fill a secret buffer. Best-effort — V8 may copy internally,
|
|
26
|
+
// so this is defence in depth alongside minimising secret lifetime.
|
|
36
27
|
export function wipe(buf) {
|
|
37
28
|
buf.fill(0);
|
|
38
29
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bytes.js","sourceRoot":"","sources":["../../../src/lib/crypto/bytes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,KAAK,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAEpF,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,EAAE,CAAC;AAEtD,8DAA8D;AAC9D,MAAM,UAAU,gBAAgB,CAAC,CAAa,EAAE,CAAa;IAC3D,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"bytes.js","sourceRoot":"","sources":["../../../src/lib/crypto/bytes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,KAAK,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAEpF,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,EAAE,CAAC;AAEtD,8DAA8D;AAC9D,MAAM,UAAU,gBAAgB,CAAC,CAAa,EAAE,CAAa;IAC3D,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wEAAwE;AACxE,yEAAyE;AACzE,gDAAgD;AAChD,MAAM,UAAU,oBAAoB,CAAC,CAAS,EAAE,CAAS;IACvD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,2EAA2E;AAC3E,oEAAoE;AACpE,MAAM,UAAU,IAAI,CAAC,GAAe;IAClC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACd,CAAC"}
|
|
@@ -1,8 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Unified error class for every WASM-backed operation.
|
|
3
|
-
* `.code` is a stable string matching the Rust-side MiradexWasmError::code()
|
|
4
|
-
* (see ../../../miradex-rust/src).
|
|
5
|
-
*/
|
|
6
1
|
export declare class WasmError extends Error {
|
|
7
2
|
readonly code: string;
|
|
8
3
|
readonly cause?: unknown | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/errors.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/errors.ts"],"names":[],"mappings":"AAEA,qBAAa,SAAU,SAAQ,KAAK;aAGhB,IAAI,EAAE,MAAM;aAEZ,KAAK,CAAC,EAAE,OAAO;IAJjC,QAAQ,CAAC,IAAI,eAAe;gBAEV,IAAI,EAAE,MAAM,EAC5B,OAAO,EAAE,MAAM,EACC,KAAK,CAAC,EAAE,OAAO,YAAA;CAIlC"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
* `.code` is a stable string matching the Rust-side MiradexWasmError::code()
|
|
4
|
-
* (see ../../../miradex-rust/src).
|
|
5
|
-
*/
|
|
1
|
+
// .code is a stable string matching MiradexWasmError::code() in Rust
|
|
2
|
+
// (see ../../../miradex-rust/src).
|
|
6
3
|
export class WasmError extends Error {
|
|
7
4
|
code;
|
|
8
5
|
cause;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/crypto/errors.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/crypto/errors.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,mCAAmC;AACnC,MAAM,OAAO,SAAU,SAAQ,KAAK;IAGhB;IAEA;IAJT,IAAI,GAAG,WAAW,CAAC;IAC5B,YACkB,IAAY,EAC5B,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,SAAI,GAAJ,IAAI,CAAQ;QAEZ,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF"}
|
|
@@ -1,18 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Derive a libp2p Ed25519 identity from a 32-byte master seed, matching
|
|
3
|
-
* eigenwallet's swap/src/seed.rs::derive_libp2p_identity byte-for-byte:
|
|
4
|
-
*
|
|
5
|
-
* network_seed = SHA256(master_seed || "NETWORK")
|
|
6
|
-
* libp2p_seed = SHA256(network_seed || "LIBP2P_IDENTITY")
|
|
7
|
-
* keypair = Ed25519::from_bytes(libp2p_seed)
|
|
8
|
-
* peer_id = base58btc(identity_multihash(protobuf(pubkey)))
|
|
9
|
-
*
|
|
10
|
-
* Note: this is plain concatenated SHA-256, NOT HMAC-SHA256. Matches the
|
|
11
|
-
* Rust `derive` helper that does `sha256(seed.bytes() || scope)`.
|
|
12
|
-
*
|
|
13
|
-
* Producing the same peer-id eigenwallet would derive from the same seed is
|
|
14
|
-
* what makes cross-binary recovery work without patching eigenwallet.
|
|
15
|
-
*/
|
|
16
1
|
export interface DerivedLibp2pIdentity {
|
|
17
2
|
/** 32-byte Ed25519 secret seed (hex). What eigenwallet writes to seed.pem. */
|
|
18
3
|
readonly libp2pSeedHex: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libp2p-identity.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/libp2p-identity.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"libp2p-identity.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/libp2p-identity.ts"],"names":[],"mappings":"AAkCA,MAAM,WAAW,qBAAqB;IACpC,8EAA8E;IAC9E,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,oDAAoD;IACpD,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,qEAAqE;IACrE,QAAQ,CAAC,uBAAuB,EAAE,MAAM,CAAC;CAC1C;AASD,wBAAsB,oBAAoB,CACxC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC,CAwChC"}
|
|
@@ -1,31 +1,19 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
* peer_id = base58btc(identity_multihash(protobuf(pubkey)))
|
|
9
|
-
*
|
|
10
|
-
* Note: this is plain concatenated SHA-256, NOT HMAC-SHA256. Matches the
|
|
11
|
-
* Rust `derive` helper that does `sha256(seed.bytes() || scope)`.
|
|
12
|
-
*
|
|
13
|
-
* Producing the same peer-id eigenwallet would derive from the same seed is
|
|
14
|
-
* what makes cross-binary recovery work without patching eigenwallet.
|
|
15
|
-
*/
|
|
1
|
+
// Byte-for-byte match with eigenwallet swap/src/seed.rs::derive_libp2p_identity:
|
|
2
|
+
// network_seed = SHA256(master_seed || "NETWORK")
|
|
3
|
+
// libp2p_seed = SHA256(network_seed || "LIBP2P_IDENTITY")
|
|
4
|
+
// keypair = Ed25519::from_bytes(libp2p_seed)
|
|
5
|
+
// peer_id = base58btc(identity_multihash(protobuf(pubkey)))
|
|
6
|
+
// Plain concat-SHA-256, NOT HMAC. Matching the Rust derivation gives us the
|
|
7
|
+
// same peer-id, which is what enables cross-binary recovery without patching.
|
|
16
8
|
import { sha256, sha512 } from '@noble/hashes/sha2.js';
|
|
17
9
|
import { getPublicKey, hashes as edHashes } from '@noble/ed25519';
|
|
18
10
|
import { base58 } from '@scure/base';
|
|
19
11
|
import { hexToBytes, bytesToHex } from '@noble/hashes/utils.js';
|
|
20
|
-
//
|
|
21
|
-
//
|
|
22
|
-
//
|
|
23
|
-
//
|
|
24
|
-
//
|
|
25
|
-
// polyfill". Wire the pure-JS sha512 from `@noble/hashes` (sibling of the
|
|
26
|
-
// sha256 we already use) into ed25519's sync hash slot once at module load
|
|
27
|
-
// so we can use the sync `getPublicKey` everywhere instead. Same crypto
|
|
28
|
-
// guarantees, zero new deps, no secure-context requirement.
|
|
12
|
+
// @noble/ed25519's async API uses WebCrypto SHA-512, which browsers gate to
|
|
13
|
+
// secure contexts. Self-hosted miradex-web runs over plain HTTP from a LAN
|
|
14
|
+
// IP / .local / onion — none qualify — so getPublicKeyAsync throws. Wire the
|
|
15
|
+
// pure-JS @noble/hashes sha512 into ed25519's sync hash slot to keep the
|
|
16
|
+
// sync API working everywhere. Same crypto, no secure-context requirement.
|
|
29
17
|
edHashes.sha512 = sha512;
|
|
30
18
|
const NETWORK_DOMAIN = new TextEncoder().encode('NETWORK');
|
|
31
19
|
const LIBP2P_IDENTITY_DOMAIN = new TextEncoder().encode('LIBP2P_IDENTITY');
|
|
@@ -56,16 +44,16 @@ export async function deriveLibp2pIdentity(masterSeedHex) {
|
|
|
56
44
|
throw new Error(`Ed25519 pubkey must be 32 bytes, got ${String(publicKey.length)}`);
|
|
57
45
|
}
|
|
58
46
|
// libp2p PublicKey protobuf:
|
|
59
|
-
// field 1
|
|
60
|
-
// field 2
|
|
47
|
+
// field 1 KeyType=Ed25519: tag 0x08, value 0x01
|
|
48
|
+
// field 2 Data 32B: tag 0x12, length 0x20, <32 bytes>
|
|
61
49
|
const pubkeyProto = new Uint8Array(PROTOBUF_PUBKEY_LEN);
|
|
62
50
|
pubkeyProto[0] = PROTOBUF_KEYTYPE_TAG;
|
|
63
51
|
pubkeyProto[1] = PROTOBUF_KEYTYPE_ED25519;
|
|
64
52
|
pubkeyProto[2] = PROTOBUF_DATA_TAG;
|
|
65
53
|
pubkeyProto[3] = ED25519_PUBKEY_BYTES;
|
|
66
54
|
pubkeyProto.set(publicKey, 4);
|
|
67
|
-
// Identity multihash (code 0x00) for keys
|
|
68
|
-
//
|
|
55
|
+
// Identity multihash (code 0x00) for keys <= 42B; libp2p uses this for
|
|
56
|
+
// Ed25519 PeerIds.
|
|
69
57
|
const multihash = new Uint8Array(2 + pubkeyProto.length);
|
|
70
58
|
multihash[0] = IDENTITY_MULTIHASH_CODE;
|
|
71
59
|
multihash[1] = pubkeyProto.length;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libp2p-identity.js","sourceRoot":"","sources":["../../../src/lib/crypto/libp2p-identity.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"libp2p-identity.js","sourceRoot":"","sources":["../../../src/lib/crypto/libp2p-identity.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,oDAAoD;AACpD,6DAA6D;AAC7D,oDAAoD;AACpD,mEAAmE;AACnE,4EAA4E;AAC5E,8EAA8E;AAE9E,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEhE,4EAA4E;AAC5E,2EAA2E;AAC3E,6EAA6E;AAC7E,yEAAyE;AACzE,2EAA2E;AAC3E,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;AAEzB,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC3D,MAAM,sBAAsB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAE3E,SAAS,WAAW,CAAC,CAAa,EAAE,CAAa;IAC/C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,IAAgB,EAAE,KAAiB;IACtD,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AAC1C,CAAC;AAWD,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAChC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAC/B,MAAM,uBAAuB,GAAG,IAAI,CAAC;AACrC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAClC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AACtC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAE/B,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,aAAqB;IAErB,MAAM,UAAU,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,WAAW,GAAG,WAAW,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,WAAW,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC;IAEpE,MAAM,SAAS,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,SAAS,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,wCAAwC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,kDAAkD;IAClD,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,mBAAmB,CAAC,CAAC;IACxD,WAAW,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC;IACtC,WAAW,CAAC,CAAC,CAAC,GAAG,wBAAwB,CAAC;IAC1C,WAAW,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC;IACnC,WAAW,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC;IACtC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAE9B,uEAAuE;IACvE,mBAAmB;IACnB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACzD,SAAS,CAAC,CAAC,CAAC,GAAG,uBAAuB,CAAC;IACvC,SAAS,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC;IAClC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAE9B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAExC,OAAO;QACL,aAAa,EAAE,UAAU,CAAC,UAAU,CAAC;QACrC,YAAY,EAAE,MAAM;QACpB,uBAAuB,EAAE,UAAU,CAAC,WAAW,CAAC;KACjD,CAAC;AACJ,CAAC"}
|