@mysten/sui 1.17.0 → 1.18.0

package/src/keypairs/ed25519/ed25519-hd-key.ts

@@ -7,7 +7,6 @@
 import { fromHex } from '@mysten/bcs';
 import { hmac } from '@noble/hashes/hmac';
 import { sha512 } from '@noble/hashes/sha512';
-import nacl from 'tweetnacl';
 
 type Hex = string;
 type Path = string;
@@ -20,11 +19,11 @@ type Keys = {
 const ED25519_CURVE = 'ed25519 seed';
 const HARDENED_OFFSET = 0x80000000;
 
-export const pathRegex = new RegExp("^m(\\/[0-9]+')+$");
+const pathRegex = new RegExp("^m(\\/[0-9]+')+$");
 
-export const replaceDerive = (val: string): string => val.replace("'", '');
+const replaceDerive = (val: string): string => val.replace("'", '');
 
-export const getMasterKeyFromSeed = (seed: Hex): Keys => {
+const getMasterKeyFromSeed = (seed: Hex): Keys => {
 	const h = hmac.create(sha512, ED25519_CURVE);
 	const I = h.update(fromHex(seed)).digest();
 	const IL = I.slice(0, 32);
@@ -54,16 +53,7 @@ const CKDPriv = ({ key, chainCode }: Keys, index: number): Keys => {
 	};
 };
 
-export const getPublicKey = (privateKey: Uint8Array, withZeroByte = true): Uint8Array => {
-	const keyPair = nacl.sign.keyPair.fromSeed(privateKey);
-	const signPk = keyPair.secretKey.subarray(32);
-	const newArr = new Uint8Array(signPk.length + 1);
-	newArr.set([0]);
-	newArr.set(signPk, 1);
-	return withZeroByte ? newArr : signPk;
-};
-
-export const isValidPath = (path: string): boolean => {
+const isValidPath = (path: string): boolean => {
 	if (!pathRegex.test(path)) {
 		return false;
 	}

package/src/keypairs/ed25519/keypair.ts

@@ -1,7 +1,7 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import nacl from 'tweetnacl';
+import { ed25519 } from '@noble/curves/ed25519';
 
 import {
 	decodeSuiPrivateKey,
@@ -41,9 +41,16 @@ export class Ed25519Keypair extends Keypair {
 	constructor(keypair?: Ed25519KeypairData) {
 		super();
 		if (keypair) {
-			this.keypair = keypair;
+			this.keypair = {
+				publicKey: keypair.publicKey,
+				secretKey: keypair.secretKey.slice(0, 32),
+			};
 		} else {
-			this.keypair = nacl.sign.keyPair();
+			const privateKey = ed25519.utils.randomPrivateKey();
+			this.keypair = {
+				publicKey: ed25519.getPublicKey(privateKey),
+				secretKey: privateKey,
+			};
 		}
 	}
 
@@ -58,7 +65,11 @@ export class Ed25519Keypair extends Keypair {
 	 * Generate a new random Ed25519 keypair
 	 */
 	static generate(): Ed25519Keypair {
-		return new Ed25519Keypair(nacl.sign.keyPair());
+		const secretKey = ed25519.utils.randomPrivateKey();
+		return new Ed25519Keypair({
+			publicKey: ed25519.getPublicKey(secretKey),
+			secretKey,
+		});
 	}
 
 	/**
@@ -91,12 +102,16 @@ export class Ed25519Keypair extends Keypair {
 				`Wrong secretKey size. Expected ${PRIVATE_KEY_SIZE} bytes, got ${secretKeyLength}.`,
 			);
 		}
-		const keypair = nacl.sign.keyPair.fromSeed(secretKey);
+		const keypair = {
+			publicKey: ed25519.getPublicKey(secretKey),
+			secretKey,
+		};
+
 		if (!options || !options.skipValidation) {
 			const encoder = new TextEncoder();
 			const signData = encoder.encode('sui validation');
-			const signature = nacl.sign.detached(signData, keypair.secretKey);
-			if (!nacl.sign.detached.verify(signData, signature, keypair.publicKey)) {
+			const signature = ed25519.sign(signData, secretKey);
+			if (!ed25519.verify(signature, signData, keypair.publicKey)) {
 				throw new Error('provided secretKey is invalid');
 			}
 		}
@@ -124,7 +139,7 @@ export class Ed25519Keypair extends Keypair {
 	 * Return the signature for the provided data using Ed25519.
 	 */
 	async sign(data: Uint8Array) {
-		return nacl.sign.detached(data, this.keypair.secretKey);
+		return ed25519.sign(data, this.keypair.secretKey);
 	}
 
 	/**

package/src/keypairs/ed25519/publickey.ts

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { fromBase64 } from '@mysten/bcs';
-import nacl from 'tweetnacl';
+import { ed25519 } from '@noble/curves/ed25519';
 
 import type { PublicKeyInitData } from '../../cryptography/publickey.js';
 import { bytesEqual, PublicKey } from '../../cryptography/publickey.js';
@@ -81,6 +81,6 @@ export class Ed25519PublicKey extends PublicKey {
 			bytes = signature;
 		}
 
-		return nacl.sign.detached.verify(message, bytes, this.toRawBytes());
+		return ed25519.verify(bytes, message, this.toRawBytes());
 	}
 }

package/src/transactions/ObjectCache.ts

@@ -148,13 +148,16 @@ export class InMemoryCache extends AsyncCache {
 
 export interface ObjectCacheOptions {
 	cache?: AsyncCache;
+	onEffects?: (effects: typeof bcs.TransactionEffects.$inferType) => Promise<void>;
 }
 
 export class ObjectCache {
 	#cache: AsyncCache;
+	#onEffects?: (effects: typeof bcs.TransactionEffects.$inferType) => Promise<void>;
 
-	constructor({ cache = new InMemoryCache() }: ObjectCacheOptions) {
+	constructor({ cache = new InMemoryCache(), onEffects }: ObjectCacheOptions) {
 		this.#cache = cache;
+		this.#onEffects = onEffects;
 	}
 
 	asPlugin(): TransactionPlugin {
@@ -291,6 +294,7 @@ export class ObjectCache {
 		await Promise.all([
 			this.#cache.addObjects(addedObjects),
 			this.#cache.deleteObjects(deletedIds),
+			this.#onEffects?.(effects),
 		]);
 	}
 }

package/src/transactions/Transaction.ts

@@ -34,7 +34,7 @@ export type TransactionObjectArgument =
 export type TransactionResult = Extract<Argument, { Result: unknown }> &
 	Extract<Argument, { NestedResult: unknown }>[];
 
-function createTransactionResult(index: number) {
+function createTransactionResult(index: number, length = Infinity): TransactionResult {
 	const baseResult = { $kind: 'Result' as const, Result: index };
 
 	const nestedResults: {
@@ -71,7 +71,7 @@ function createTransactionResult(index: number) {
 			if (property === Symbol.iterator) {
 				return function* () {
 					let i = 0;
-					while (true) {
+					while (i < length) {
 						yield nestedResultFor(i);
 						i++;
 					}
@@ -410,20 +410,24 @@ export class Transaction {
 
 	// Method shorthands:
 
-	splitCoins(
-		coin: TransactionObjectArgument | string,
-		amounts: (TransactionArgument | SerializedBcs<any> | number | string | bigint)[],
-	) {
-		return this.add(
-			Commands.SplitCoins(
-				typeof coin === 'string' ? this.object(coin) : this.#resolveArgument(coin),
-				amounts.map((amount) =>
-					typeof amount === 'number' || typeof amount === 'bigint' || typeof amount === 'string'
-						? this.pure.u64(amount)
-						: this.#normalizeTransactionArgument(amount),
-				),
+	splitCoins<
+		const Amounts extends (TransactionArgument | SerializedBcs<any> | number | string | bigint)[],
+	>(coin: TransactionObjectArgument | string, amounts: Amounts) {
+		const command = Commands.SplitCoins(
+			typeof coin === 'string' ? this.object(coin) : this.#resolveArgument(coin),
+			amounts.map((amount) =>
+				typeof amount === 'number' || typeof amount === 'bigint' || typeof amount === 'string'
+					? this.pure.u64(amount)
+					: this.#normalizeTransactionArgument(amount),
 			),
 		);
+		const index = this.#data.commands.push(command);
+		return createTransactionResult(index - 1, amounts.length) as Extract<
+			Argument,
+			{ Result: unknown }
+		> & {
+			[K in keyof Amounts]: Extract<Argument, { NestedResult: unknown }>;
+		};
 	}
 	mergeCoins(
 		destination: TransactionObjectArgument | string,

package/src/transactions/executor/serial.ts

@@ -3,7 +3,7 @@
 
 import { toBase64 } from '@mysten/bcs';
 
-import { bcs } from '../../bcs/index.js';
+import type { bcs } from '../../bcs/index.js';
 import type { SuiClient, SuiTransactionBlockResponseOptions } from '../../client/index.js';
 import type { Signer } from '../../cryptography/keypair.js';
 import type { ObjectCacheOptions } from '../ObjectCache.js';
@@ -32,11 +32,12 @@ export class SerialTransactionExecutor {
 		this.#cache = new CachingTransactionExecutor({
 			client: options.client,
 			cache: options.cache,
+			onEffects: (effects) => this.#cacheGasCoin(effects),
 		});
 	}
 
 	async applyEffects(effects: typeof bcs.TransactionEffects.$inferType) {
-		return Promise.all([this.#cacheGasCoin(effects), this.#cache.cache.applyEffects(effects)]);
+		return this.#cache.applyEffects(effects);
 	}
 
 	#cacheGasCoin = async (effects: typeof bcs.TransactionEffects.$inferType) => {
@@ -104,9 +105,6 @@ export class SerialTransactionExecutor {
 				});
 
 			const effectsBytes = Uint8Array.from(results.rawEffects!);
-			const effects = bcs.TransactionEffects.parse(effectsBytes);
-			await this.applyEffects(effects);
-
 			return {
 				digest: results.digest,
 				effects: toBase64(effectsBytes),

package/src/verify/verify.ts

@@ -14,20 +14,30 @@ import { Secp256r1PublicKey } from '../keypairs/secp256r1/publickey.js';
 import { MultiSigPublicKey } from '../multisig/publickey.js';
 import { ZkLoginPublicIdentifier } from '../zklogin/publickey.js';
 
-export async function verifySignature(bytes: Uint8Array, signature: string): Promise<PublicKey> {
+export async function verifySignature(
+	bytes: Uint8Array,
+	signature: string,
+	options?: {
+		address?: string;
+	},
+): Promise<PublicKey> {
 	const parsedSignature = parseSignature(signature);
 
 	if (!(await parsedSignature.publicKey.verify(bytes, parsedSignature.serializedSignature))) {
 		throw new Error(`Signature is not valid for the provided data`);
 	}
 
+	if (options?.address && !parsedSignature.publicKey.verifyAddress(options.address)) {
+		throw new Error(`Signature is not valid for the provided address`);
+	}
+
 	return parsedSignature.publicKey;
 }
 
 export async function verifyPersonalMessageSignature(
 	message: Uint8Array,
 	signature: string,
-	options: { client?: SuiGraphQLClient } = {},
+	options: { client?: SuiGraphQLClient; address?: string } = {},
 ): Promise<PublicKey> {
 	const parsedSignature = parseSignature(signature, options);
 
@@ -40,13 +50,17 @@ export async function verifyPersonalMessageSignature(
 		throw new Error(`Signature is not valid for the provided message`);
 	}
 
+	if (options?.address && !parsedSignature.publicKey.verifyAddress(options.address)) {
+		throw new Error(`Signature is not valid for the provided address`);
+	}
+
 	return parsedSignature.publicKey;
 }
 
 export async function verifyTransactionSignature(
 	transaction: Uint8Array,
 	signature: string,
-	options: { client?: SuiGraphQLClient } = {},
+	options: { client?: SuiGraphQLClient; address?: string } = {},
 ): Promise<PublicKey> {
 	const parsedSignature = parseSignature(signature, options);
 
@@ -59,6 +73,10 @@ export async function verifyTransactionSignature(
 		throw new Error(`Signature is not valid for the provided Transaction`);
 	}
 
+	if (options?.address && !parsedSignature.publicKey.verifyAddress(options.address)) {
+		throw new Error(`Signature is not valid for the provided address`);
+	}
+
 	return parsedSignature.publicKey;
 }
 

package/src/version.ts

@@ -3,5 +3,5 @@
 
 // This file is generated by genversion.mjs. Do not edit it directly.
 
-export const PACKAGE_VERSION = '1.17.0';
+export const PACKAGE_VERSION = '1.18.0';
 export const TARGETED_RPC_VERSION = '1.40.0';

package/src/zklogin/publickey.ts

@@ -9,7 +9,7 @@ import { PublicKey } from '../cryptography/publickey.js';
 import type { PublicKeyInitData } from '../cryptography/publickey.js';
 import { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';
 import { SuiGraphQLClient } from '../graphql/client.js';
-import { graphql } from '../graphql/schemas/2024.4/index.js';
+import { graphql } from '../graphql/schemas/latest/index.js';
 import { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';
 import { extractClaimValue } from './jwt-utils.js';
 import { parseZkLoginSignature } from './signature.js';
@@ -55,18 +55,22 @@ export class ZkLoginPublicIdentifier extends PublicKey {
 
 	override toSuiAddress(): string {
 		if (this.#legacyAddress) {
-			const legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);
-			const addressBytes = new Uint8Array(legacyBytes.length + 1);
-			addressBytes[0] = this.flag();
-			addressBytes.set(legacyBytes, 1);
-			return normalizeSuiAddress(
-				bytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),
-			);
+			return this.#toLegacyAddress();
 		}
 
 		return super.toSuiAddress();
 	}
 
+	#toLegacyAddress() {
+		const legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);
+		const addressBytes = new Uint8Array(legacyBytes.length + 1);
+		addressBytes[0] = this.flag();
+		addressBytes.set(legacyBytes, 1);
+		return normalizeSuiAddress(
+			bytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),
+		);
+	}
+
 	/**
 	 * Return the byte array representation of the zkLogin public identifier
 	 */
@@ -118,6 +122,13 @@ export class ZkLoginPublicIdentifier extends PublicKey {
 			client: this.#client,
 		});
 	}
+
+	/**
+	 * Verifies that the public key is associated with the provided address
+	 */
+	override verifyAddress(address: string): boolean {
+		return address === super.toSuiAddress() || address === this.#toLegacyAddress();
+	}
 }
 
 // Derive the public identifier for zklogin based on address seed and iss.