@mysten/signers 0.1.12 → 0.1.14

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @mysten/signers
 
+## 0.1.14
+
+### Patch Changes
+
+- 5217cab: Fix signature not having lowS enforced
+- a08ead6: Add webcrypto to the files allowlist
+- b34f523: Fix re-constructing signers from exported bytes, and introduce import / export methods
+
+## 0.1.13
+
+### Patch Changes
+
+- 1e87d03: Add new WebCrypto signer
+
 ## 0.1.12
 
 ### Patch Changes

package/dist/cjs/webcrypto/index.d.ts

@@ -0,0 +1,20 @@
+import type { SignatureScheme } from '@mysten/sui/cryptography';
+import { Signer } from '@mysten/sui/cryptography';
+import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
+export interface ExportedWebCryptoKeypair {
+    privateKey: CryptoKey;
+    publicKey: Uint8Array;
+}
+export declare class WebCryptoSigner extends Signer {
+    #private;
+    privateKey: CryptoKey;
+    static generate({ extractable }?: {
+        extractable?: boolean;
+    }): Promise<WebCryptoSigner>;
+    static import(data: ExportedWebCryptoKeypair): WebCryptoSigner;
+    getKeyScheme(): SignatureScheme;
+    constructor(privateKey: CryptoKey, publicKey: Uint8Array);
+    export(): ExportedWebCryptoKeypair;
+    getPublicKey(): Secp256r1PublicKey;
+    sign(bytes: Uint8Array): Promise<Uint8Array>;
+}

package/dist/cjs/webcrypto/index.js

@@ -0,0 +1,98 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var webcrypto_exports = {};
+__export(webcrypto_exports, {
+  WebCryptoSigner: () => WebCryptoSigner
+});
+module.exports = __toCommonJS(webcrypto_exports);
+var import_cryptography = require("@mysten/sui/cryptography");
+var import_secp256r1 = require("@mysten/sui/keypairs/secp256r1");
+var import_p256 = require("@noble/curves/p256");
+var _publicKey;
+function getCompressedPublicKey(publicKey) {
+  const rawBytes = new Uint8Array(publicKey);
+  const x = rawBytes.slice(1, 33);
+  const y = rawBytes.slice(33, 65);
+  const prefix = (y[31] & 1) === 0 ? 2 : 3;
+  const compressed = new Uint8Array(import_secp256r1.Secp256r1PublicKey.SIZE);
+  compressed[0] = prefix;
+  compressed.set(x, 1);
+  return compressed;
+}
+const _WebCryptoSigner = class _WebCryptoSigner extends import_cryptography.Signer {
+  constructor(privateKey, publicKey) {
+    super();
+    __privateAdd(this, _publicKey);
+    this.privateKey = privateKey;
+    __privateSet(this, _publicKey, new import_secp256r1.Secp256r1PublicKey(publicKey));
+  }
+  static async generate({ extractable = false } = {}) {
+    const keypair = await globalThis.crypto.subtle.generateKey(
+      {
+        name: "ECDSA",
+        namedCurve: "P-256"
+      },
+      extractable,
+      ["sign", "verify"]
+    );
+    const publicKey = await globalThis.crypto.subtle.exportKey("raw", keypair.publicKey);
+    return new _WebCryptoSigner(
+      keypair.privateKey,
+      getCompressedPublicKey(new Uint8Array(publicKey))
+    );
+  }
+  static import(data) {
+    return new _WebCryptoSigner(data.privateKey, data.publicKey);
+  }
+  getKeyScheme() {
+    return "Secp256r1";
+  }
+  // Exports the keypair to store in IndexedDB.
+  export() {
+    return {
+      privateKey: this.privateKey,
+      publicKey: __privateGet(this, _publicKey).toRawBytes()
+    };
+  }
+  getPublicKey() {
+    return __privateGet(this, _publicKey);
+  }
+  async sign(bytes) {
+    const rawSignature = await globalThis.crypto.subtle.sign(
+      {
+        name: "ECDSA",
+        hash: "SHA-256"
+      },
+      this.privateKey,
+      bytes
+    );
+    const signature = import_p256.secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));
+    return signature.normalizeS().toCompactRawBytes();
+  }
+};
+_publicKey = new WeakMap();
+let WebCryptoSigner = _WebCryptoSigner;
+//# sourceMappingURL=index.js.map

package/dist/cjs/webcrypto/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/webcrypto/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t// Exports the keypair to store in IndexedDB.\n\texport(): ExportedWebCryptoKeypair {\n\t\t// TODO: Should we add something like `toJSON` on this so that if you attempt to serialize it throws?\n\t\treturn {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes();\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAuB;AACvB,uBAAmC;AACnC,kBAA0B;AAN1B;AASA,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,oCAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,2BAAO;AAAA,EA+B3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AA7BP;AA8BC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,oCAAmB,SAAS;AAAA,EACnD;AAAA,EA9BA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA,EAEA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA,EASA,SAAmC;AAElC,WAAO;AAAA,MACN,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAAA,EACD;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,sBAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA7DC;AAHM,IAAM,kBAAN;",
+  "names": []
+}

package/dist/esm/webcrypto/index.d.ts

@@ -0,0 +1,20 @@
+import type { SignatureScheme } from '@mysten/sui/cryptography';
+import { Signer } from '@mysten/sui/cryptography';
+import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
+export interface ExportedWebCryptoKeypair {
+    privateKey: CryptoKey;
+    publicKey: Uint8Array;
+}
+export declare class WebCryptoSigner extends Signer {
+    #private;
+    privateKey: CryptoKey;
+    static generate({ extractable }?: {
+        extractable?: boolean;
+    }): Promise<WebCryptoSigner>;
+    static import(data: ExportedWebCryptoKeypair): WebCryptoSigner;
+    getKeyScheme(): SignatureScheme;
+    constructor(privateKey: CryptoKey, publicKey: Uint8Array);
+    export(): ExportedWebCryptoKeypair;
+    getPublicKey(): Secp256r1PublicKey;
+    sign(bytes: Uint8Array): Promise<Uint8Array>;
+}

package/dist/esm/webcrypto/index.js

@@ -0,0 +1,78 @@
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var _publicKey;
+import { Signer } from "@mysten/sui/cryptography";
+import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+import { secp256r1 } from "@noble/curves/p256";
+function getCompressedPublicKey(publicKey) {
+  const rawBytes = new Uint8Array(publicKey);
+  const x = rawBytes.slice(1, 33);
+  const y = rawBytes.slice(33, 65);
+  const prefix = (y[31] & 1) === 0 ? 2 : 3;
+  const compressed = new Uint8Array(Secp256r1PublicKey.SIZE);
+  compressed[0] = prefix;
+  compressed.set(x, 1);
+  return compressed;
+}
+const _WebCryptoSigner = class _WebCryptoSigner extends Signer {
+  constructor(privateKey, publicKey) {
+    super();
+    __privateAdd(this, _publicKey);
+    this.privateKey = privateKey;
+    __privateSet(this, _publicKey, new Secp256r1PublicKey(publicKey));
+  }
+  static async generate({ extractable = false } = {}) {
+    const keypair = await globalThis.crypto.subtle.generateKey(
+      {
+        name: "ECDSA",
+        namedCurve: "P-256"
+      },
+      extractable,
+      ["sign", "verify"]
+    );
+    const publicKey = await globalThis.crypto.subtle.exportKey("raw", keypair.publicKey);
+    return new _WebCryptoSigner(
+      keypair.privateKey,
+      getCompressedPublicKey(new Uint8Array(publicKey))
+    );
+  }
+  static import(data) {
+    return new _WebCryptoSigner(data.privateKey, data.publicKey);
+  }
+  getKeyScheme() {
+    return "Secp256r1";
+  }
+  // Exports the keypair to store in IndexedDB.
+  export() {
+    return {
+      privateKey: this.privateKey,
+      publicKey: __privateGet(this, _publicKey).toRawBytes()
+    };
+  }
+  getPublicKey() {
+    return __privateGet(this, _publicKey);
+  }
+  async sign(bytes) {
+    const rawSignature = await globalThis.crypto.subtle.sign(
+      {
+        name: "ECDSA",
+        hash: "SHA-256"
+      },
+      this.privateKey,
+      bytes
+    );
+    const signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));
+    return signature.normalizeS().toCompactRawBytes();
+  }
+};
+_publicKey = new WeakMap();
+let WebCryptoSigner = _WebCryptoSigner;
+export {
+  WebCryptoSigner
+};
+//# sourceMappingURL=index.js.map

package/dist/esm/webcrypto/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/webcrypto/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { secp256r1 } from '@noble/curves/p256';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t// Exports the keypair to store in IndexedDB.\n\texport(): ExportedWebCryptoKeypair {\n\t\t// TODO: Should we add something like `toJSON` on this so that if you attempt to serialize it throws?\n\t\treturn {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));\n\n\t\treturn signature.normalizeS().toCompactRawBytes();\n\t}\n}\n"],
+  "mappings": ";;;;;;;AAAA;AAIA,SAAS,cAAc;AACvB,SAAS,0BAA0B;AACnC,SAAS,iBAAiB;AAG1B,SAAS,uBAAuB,WAAuB;AACtD,QAAM,WAAW,IAAI,WAAW,SAAS;AACzC,QAAM,IAAI,SAAS,MAAM,GAAG,EAAE;AAC9B,QAAM,IAAI,SAAS,MAAM,IAAI,EAAE;AAE/B,QAAM,UAAU,EAAE,EAAE,IAAI,OAAO,IAAI,IAAO;AAE1C,QAAM,aAAa,IAAI,WAAW,mBAAmB,IAAI;AACzD,aAAW,CAAC,IAAI;AAChB,aAAW,IAAI,GAAG,CAAC;AAEnB,SAAO;AACR;AAOO,MAAM,mBAAN,MAAM,yBAAwB,OAAO;AAAA,EA+B3C,YAAY,YAAuB,WAAuB;AACzD,UAAM;AA7BP;AA8BC,SAAK,aAAa;AAClB,uBAAK,YAAa,IAAI,mBAAmB,SAAS;AAAA,EACnD;AAAA,EA9BA,aAAa,SAAS,EAAE,cAAc,MAAM,IAA+B,CAAC,GAAG;AAC9E,UAAM,UAAU,MAAM,WAAW,OAAO,OAAO;AAAA,MAC9C;AAAA,QACC,MAAM;AAAA,QACN,YAAY;AAAA,MACb;AAAA,MACA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,IAClB;AAEA,UAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,SAAS;AAEnF,WAAO,IAAI;AAAA,MACV,QAAQ;AAAA,MACR,uBAAuB,IAAI,WAAW,SAAS,CAAC;AAAA,IACjD;AAAA,EACD;AAAA,EAEA,OAAO,OAAO,MAAgC;AAC7C,WAAO,IAAI,iBAAgB,KAAK,YAAY,KAAK,SAAS;AAAA,EAC3D;AAAA,EAEA,eAAgC;AAC/B,WAAO;AAAA,EACR;AAAA;AAAA,EASA,SAAmC;AAElC,WAAO;AAAA,MACN,YAAY,KAAK;AAAA,MACjB,WAAW,mBAAK,YAAW,WAAW;AAAA,IACvC;AAAA,EACD;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,KAAK,OAAwC;AAClD,UAAM,eAAe,MAAM,WAAW,OAAO,OAAO;AAAA,MACnD;AAAA,QACC,MAAM;AAAA,QACN,MAAM;AAAA,MACP;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACD;AAEA,UAAM,YAAY,UAAU,UAAU,YAAY,IAAI,WAAW,YAAY,CAAC;AAE9E,WAAO,UAAU,WAAW,EAAE,kBAAkB;AAAA,EACjD;AACD;AA7DC;AAHM,IAAM,kBAAN;",
+  "names": []
+}