@silencelaboratories/walletprovider-sdk 4.0.0-hackaton → 4.0.1-hackathon

package/dist/EOAauthentication.d.ts

@@ -0,0 +1,67 @@
+/** Externally Owned Account (EOA) atuhentication. Uses secret key stored on a wallet to sign requests.
+ * The requests are presented to the user in a readable form by using TypedData (EIP712).
+ */
+import { MetadataSetupOpts, KeygenSetupOpts } from './setupMessage';
+import { type UserAuthentication } from './authentication';
+import { type TypedDataDomain } from 'viem';
+import { EphKeyClaim } from './ephemeralAuthentication';
+export type FieldDefinition = {
+    name: string;
+    type: string;
+};
+/** EIP-712 Typed data struct definition.
+ * @alpha
+ * */
+export type TypedData<T> = {
+    /** contains the schema definition of the types that are in `msg` */
+    types: Record<string, Array<FieldDefinition>>;
+    /** is the signature domain separator */
+    domain: TypedDataDomain;
+    /** points to the type from `types`. It's the root object of `message` */
+    primaryType: string;
+    /** the request that User is asked to sign */
+    message: T;
+};
+/**
+ * Interface to implement communication between this library, and a Browser Wallet. In order to
+ * request the signature from the User.
+ * @alpha
+ */
+export interface IBrowserWallet {
+    /** Sign data using the secret key stored on Browser Wallet
+     * It creates a popup window, presenting the human readable form of `request`
+     * @param from - the address used to sign the request
+     * @param request - the request to sign by the User in the form of EIP712 typed data.
+     * @throws Throws an error if User rejected signature
+     * @example The example implementation:
+     * ```ts
+     * async signTypedData<T>(from: string, request: TypedData<T>): Promise<unknown> {
+     *   return await browserWallet.request({
+     *     method: 'eth_signTypedData_v4',
+     *     params: [from, JSON.stringify(request)],
+     *   });
+     * }
+     * ```
+     */
+    signTypedData<T>(from: string, request: TypedData<T>): Promise<unknown>;
+}
+type RequestToSign<T> = {
+    setup: T;
+    challenge: string;
+};
+export declare const EIP712SilentShardAuthenticationDomain: {
+    name: string;
+    version: string;
+};
+export declare function createTypedRequest(setup: KeygenSetupOpts | MetadataSetupOpts, aggregated_challenge: string, ephClaim: EphKeyClaim): TypedData<RequestToSign<KeygenSetupOpts | MetadataSetupOpts>>;
+/** Present the request to the User using wallet UI, and ask for sign.
+ * The signature is the authorization for keygen operation
+ */
+export declare function authenticateUsingEOA({ setup, eoa, challenge, browserWallet, ephClaim, }: {
+    setup: KeygenSetupOpts | MetadataSetupOpts;
+    eoa: string;
+    challenge: string;
+    browserWallet: IBrowserWallet;
+    ephClaim: EphKeyClaim;
+}): Promise<UserAuthentication>;
+export {};

package/dist/authentication.d.ts

@@ -0,0 +1,146 @@
+import { MetadataSetupOpts, KeygenSetupOpts, SignSetupOpts } from './setupMessage';
+import { IBrowserWallet } from './EOAauthentication';
+import { PasskeyUser, RelyingPartyConfig } from './passkeyAuthentication';
+import { EphKeyClaim, SignAlgorithm } from './ephemeralAuthentication';
+/** Type of the request authentication
+ * @alpha
+ */
+export type UserCredentials = {
+    id: string;
+    method: 'eoa' | 'ephemeral' | 'passkey';
+    credentials: string;
+};
+export type UserAuthentication = {
+    credentials: UserCredentials;
+    signature: string;
+};
+export interface AuthModule {
+    authenticate({ setup, challenge, signAlg, }: {
+        setup: KeygenSetupOpts | SignSetupOpts | MetadataSetupOpts;
+        challenge: string;
+        signAlg: string;
+    }): Promise<UserAuthentication>;
+}
+export interface DkgAuthModule extends AuthModule {
+    getEphClaims(): EphKeyClaim | Map<string, EphKeyClaim>;
+}
+/** The `EOAAuth` implementing Externally Owned Account authentication.
+ * @alpha
+ */
+export declare class EOAAuth implements DkgAuthModule {
+    /** An interface to the wallet, like MetaMask, that is used to sign the requests */
+    private browserWallet;
+    /** the ETH address that is used to do EOA authentication */
+    private eoa;
+    /** Ephemeral key claim populated for non batched requests*/
+    ephClaim?: EphKeyClaim;
+    /** Ephemeral key claims map contains pairs of
+     * SignatureAlgorithms and their appropriate EphKeyClaims in case of batched requests */
+    ephClaims?: Map<string, EphKeyClaim>;
+    /**
+     *
+     * @param eoa - Ethereum address
+     * @param browserWallet - Interface to the wallet provider, like MetaMask, that is used to sign the requests
+     * @param ephClaimOptions - Either EphKeyClaim or Map of SignatureAlgorithms and their appropriate EphKeyClaims
+     */
+    constructor(eoa: string, browserWallet: IBrowserWallet, ephClaimOptions: {
+        ephClaim?: EphKeyClaim;
+        ephClaims?: Map<string, EphKeyClaim>;
+    });
+    private validateInputs;
+    getEphClaims(): EphKeyClaim | Map<string, EphKeyClaim>;
+    /**
+     * Prepares a message to present on the Browser Wallet window and requests to sign it.
+     * @param setup - Keygen setup options
+     * @param challenge - the challenge received from the backend
+     * @param signAlg - signature algorithm of the EphKeyClaim used for authentication
+     * @public
+     */
+    authenticate({ setup, challenge, signAlg, }: {
+        setup: KeygenSetupOpts | MetadataSetupOpts;
+        challenge: string;
+        signAlg: string;
+    }): Promise<UserAuthentication>;
+}
+/** The `EphAuth` module is only used for signing requests to the network.
+ * @alpha
+ * An Ephmeral key used to locally sign the signature requests to network.
+ * This eph key is registered during keygen. The key is used to sign the requests without
+ * asking the user to sign the request each time.
+ * */
+export declare class EphAuth implements AuthModule {
+    /** Secret key of the ephemeral keypair */
+    private ephSK;
+    /** Ephemeral key claim */
+    private ephClaim;
+    /**
+     *
+     * @param ephId - Ephemeral key ID
+     * @param ephSK - Ephemeral secret key
+     * @param signAlg - Signature algorithm
+     */
+    constructor(ephId: string, ephSK: Uint8Array, signAlg: SignAlgorithm);
+    /**
+     * Prepares a message to present on the Browser Wallet window and requests to sign it.
+     * @param setup - Signgen setup options
+     * @param challenge - the challenge received from the backend
+     *
+     * @public
+     */
+    authenticate({ setup, challenge, }: {
+        setup: SignSetupOpts | MetadataSetupOpts;
+        challenge: string;
+        signAlg: string;
+    }): Promise<UserAuthentication>;
+}
+/** The `AuthModule` implementing Passkey authentication.
+ * @alpha
+ */
+export declare class PasskeyAuth implements DkgAuthModule {
+    /** Replying party object. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp */
+    private rpConfig;
+    /** ID of the acceptable credential by user. App proves that user has passkey credential by passing the value of this field */
+    private allowCredentialId;
+    /** Ephemeral key claim populated for non batched requests*/
+    ephClaim?: EphKeyClaim;
+    /** Ephemeral key claims map contains pairs of
+     * SignatureAlgorithms and their appropriate EphKeyClaims in case of batched requests */
+    ephClaims?: Map<string, EphKeyClaim>;
+    /**
+     *
+     * @param rpConfig - Passkey relying party configuration. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp
+     * @param allowCredentialId - ID of the acceptable credential by user. App proves that user has passkey credential by passing the value of this field
+     * @param ephClaimOptions - Either EphKeyClaim or Map of SignatureAlgorithms and their appropriate EphKeyClaims
+     */
+    constructor(rpConfig: RelyingPartyConfig, allowCredentialId: string, ephClaimOptions: {
+        ephClaim?: EphKeyClaim;
+        ephClaims?: Map<string, EphKeyClaim>;
+    });
+    private validateInputs;
+    getEphClaims(): EphKeyClaim | Map<string, EphKeyClaim>;
+    authenticate({ setup, challenge, signAlg, }: {
+        setup: KeygenSetupOpts | MetadataSetupOpts;
+        challenge: string;
+        signAlg: string;
+    }): Promise<UserAuthentication>;
+}
+/** The `AuthModule` implementing Passkey register.
+ * @alpha
+ */
+export declare class PasskeyRegister implements AuthModule {
+    /** Replying party object. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp */
+    private rpConfig;
+    /** Passkey user information, only requires while registering. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#user */
+    private user;
+    /**
+     *
+     * @param rpConfig - Passkey relying party configuration. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp
+     * @param user - Passkey user information, only requires while registering. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#user
+     */
+    constructor(rpConfig: RelyingPartyConfig, user: PasskeyUser);
+    authenticate({ setup, challenge, }: {
+        setup: MetadataSetupOpts;
+        challenge: string;
+        signAlg: string;
+    }): Promise<UserAuthentication>;
+}

package/dist/client/api.d.ts

@@ -0,0 +1,18 @@
+interface RequestOptions extends RequestInit {
+    headers?: Record<string, string>;
+}
+export declare class HttpClient {
+    private readonly baseURL;
+    private defaultHeaders;
+    constructor(baseURL?: string);
+    setDefaultHeaders(headers: Record<string, string>): void;
+    private buildUrl;
+    private handleResponse;
+    private request;
+    get<T>(endpoint: string, options?: RequestOptions): Promise<T>;
+    post<T, D = unknown>(endpoint: string, data: D, options?: RequestOptions): Promise<T>;
+    put<T, D = unknown>(endpoint: string, data: D, options?: RequestOptions): Promise<T>;
+    patch<T, D = unknown>(endpoint: string, data: D, options?: RequestOptions): Promise<T>;
+    delete<T>(endpoint: string, options?: RequestOptions): Promise<T>;
+}
+export {};

package/dist/client/intentServiceClient.d.ts

@@ -0,0 +1,4 @@
+export interface IntentSetupOpts {
+    t: number;
+    message: string;
+}

package/dist/client/keyRefresher.d.ts

@@ -0,0 +1,34 @@
+import { AuthModule } from '../auth/authentication';
+import { type IWalletProviderServiceClient } from './walletProviderServiceClientInterface';
+import { KeyRefreshResponse } from './networkResponse';
+import { MPCSignAlgorithm } from './networkSigner';
+/** The NetworkKeyRefresher contains API to run key refresh towards Silent Network.
+ * the Auth module, that is used to prompt the User before executing the request.
+ * @public
+ */
+export declare class NetworkKeyRefresher {
+    /** Authentication module, used to get confirmation from the User before request execution */
+    authModule: AuthModule;
+    /** Number of nodes that needs to participate in DSG. New `t` of (t;n) setup for this key. */
+    newThreshold: number;
+    /** Number of nodes that participate in key refresh operation. New `n` of (t;n) setup for this key. */
+    newTotalNodes: number;
+    /** Wallet Provider backend client */
+    wpClient: IWalletProviderServiceClient;
+    /**
+     * Facade class used to execute key refresh on Silent Network.
+     * @param wpClient - Wallet Provider backend client
+     * @param newThreshold - Number of nodes that needs to participate in DSG. New `t` of (t;n) setup for this key.
+     * @param newTotalNodes - Number of nodes that participate in key refresh operation. New `n` of (t;n) setup for this key.
+     * @param authModule - Authentication module, used to get confirmation from the User before request execution
+     */
+    constructor(wpClient: IWalletProviderServiceClient, newThreshold: number, newTotalNodes: number, authModule: AuthModule);
+    /** Generate a distributed key that's generated by Silent Network.
+     * Uses `authModule` to authenticate the User with the Silent Network.
+     * @param keyId - the key id returned from `keygen`
+     * @param signAlg - signature algorithm of the refresh key.
+     * @returns {@link KeyRefreshResponse} containing `keyId`, `pubKey`,
+     * @public
+     */
+    refreshKey(keyId: string, signAlg: MPCSignAlgorithm): Promise<KeyRefreshResponse>;
+}

package/dist/client/types.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Response from the network for keygen requests
+ * @alpha
+ */
+export interface KeygenResponse {
+    /**
+     * Unique ID of produced key used in subsequent API calls.
+     */
+    keyId: string;
+    /**
+     * Public key encoded with SEC1 format.
+     *
+     * If point is uncompressed it's in a form of 0x04 || X || Y
+     *
+     * If point is compressed it's in a form Y || X,
+     *
+     * where Y is set to 0x02 if Y-coord is even, or 0x03 if Y-coord is odd
+     */
+    publicKey: string;
+    /**
+     * Signature algorithm that uses this key for signing
+     */
+    signAlg: string;
+}
+/**
+ * Response from the network for sign request
+ * @alpha
+ */
+export interface SignResponse {
+    transactionId: string;
+    /**
+     * Hexstring of length 128 bytes, in a form: r || s
+     */
+    sign: string;
+    /**
+     * Recovery id, either 0, or 1
+     */
+    recid: number;
+}
+/**
+ * Response from the network for adding ephemeral key request
+ * @alpha
+ */
+export interface OperationStatusResponse {
+    /**
+     * Status of the request.
+     */
+    status: string;
+}
+/**
+ * Response from the network for registering passkey request
+ * @alpha
+ */
+export interface RegisterPasskeyResponse {
+    /**
+     * The registered passkey credential id. This helps both the user and the network to identify the passkey.
+     * @alpha
+     */
+    passkeyCredentialId: string;
+}

package/dist/encoding.d.ts

@@ -0,0 +1,4 @@
+export declare const decodeBase64: (b64: string) => Uint8Array;
+export declare const encodeBase64: (b: Uint8Array) => string;
+export declare const arrayBufferToBase64Url: (a: ArrayBuffer) => string;
+export declare const calculateFinalChallenge: (setupOpts: string) => string;

package/dist/ephemeralAuthentication.d.ts

@@ -0,0 +1,44 @@
+import { UserAuthentication } from './authentication';
+import { SignSetupOpts } from './setupMessage';
+/**
+ * Supported signature algorithms for ephemeral key
+ * @alpha
+ */
+export type SignAlgorithm = 'ed25519' | 'secp256k1';
+/** The `EphKeyClaim` object represents the public claim of the ephemeral key.
+ * @alpha
+ */
+export declare class EphKeyClaim {
+    ephId: string;
+    ephPK: string;
+    signAlg: SignAlgorithm;
+    expiry: number;
+    /**
+     *
+     * @param ephId - Ephemeral key ID
+     * @param ephPK - Ephemeral public key
+     * @param signAlg - Signature algorithm.
+     * @param lifetime - Lifetime of the ephemeral key. Default is 1 hour
+     */
+    constructor(ephId: string, ephPK: Uint8Array, signAlg: SignAlgorithm, lifetime?: number);
+    private validateInputs;
+    toJSON(): string;
+}
+/** Locally sign the signature requests to network without asking the user, the ephSK is registered during keygen.
+ * The signature is the authorization for signgen operation
+ */
+export declare function authenticateUsingEphKey({ setup, challenge, ephSK, ephClaim, }: {
+    setup: SignSetupOpts;
+    challenge: string;
+    ephSK: Uint8Array;
+    ephClaim: EphKeyClaim;
+}): Promise<UserAuthentication>;
+export declare function genHexSignature(msg: Uint8Array, ephSK: Uint8Array, signAlg: SignAlgorithm): Promise<string>;
+/** Generate Ephemeral `privateKey`
+ * @public
+ */
+export declare function generateEphPrivateKey(algSign: SignAlgorithm): Uint8Array;
+/** Derive Ephemeral `publicKey` from `privateKey` returned from `generateEphPrivateKey`
+ * @public
+ */
+export declare function getEphPublicKey(ephSK: Uint8Array, algSign: SignAlgorithm): Uint8Array;

package/dist/networkSigner.d.ts

@@ -0,0 +1,129 @@
+import { AuthModule } from './authentication';
+import { type IWalletProviderServiceClient } from './walletProviderServiceClientInterface';
+/**
+ * Response from the network for keygen requests
+ * @alpha
+ */
+export interface KeygenResponse {
+    /**
+     * Unique ID of produced key used in subsequent API calls.
+     */
+    keyId: string;
+    /**
+     * Public key encoded with SEC1 format.
+     *
+     * If point is uncompressed it's in a form of 0x04 || X || Y
+     *
+     * If point is compressed it's in a form Y || X,
+     *
+     * where Y is set to 0x02 if Y-coord is even, or 0x03 if Y-coord is odd
+     */
+    publicKey: string;
+    /**
+     * Signature algorithm that uses this key for signing
+     */
+    signAlg: string;
+}
+/**
+ * Response from the network for sign request
+ * @alpha
+ */
+export interface SignResponse {
+    /**
+     * Hexstring of length 128 bytes, in a form: r || s
+     */
+    sign: string;
+    /**
+     * Recovery id, either 0, or 1
+     */
+    recid: number;
+}
+/**
+ * Response from the network for adding ephemeral key request
+ * @alpha
+ */
+export interface OperationStatusResponse {
+    /**
+     * Status of the request.
+     */
+    status: string;
+}
+/**
+ * Response from the network for registering passkey request
+ * @alpha
+ */
+export interface RegisterPasskeyResponse {
+    /**
+     * The registered passkey credential id. This helps both the user and the network to identify the passkey.
+     * @alpha
+     */
+    passkeyCredentialId: string;
+}
+/** The networkSigner contains an API to communicate with the Silent MPC Network. Call to sign and keygen require
+ * the Auth module, that is used to prompt the User before executing the request.
+ * @alpha
+ */
+export declare class NetworkSigner {
+    /** Authentication module, used to get confirmation from the User before request execution */
+    authModule: AuthModule;
+    /** Number of nodes that needs to participate in protocol in order to generate valid signature. Also known as `t`. */
+    threshold: number;
+    /** Number of nodes that participate in keygen operation. Also known as `n`. */
+    totalNodes: number;
+    /** Wallet Provider backend client */
+    wpClient: IWalletProviderServiceClient;
+    /**
+     * Facade class used to execute operations on Silent Network.
+     * @param wpClient - Wallet Provider backend client
+     * @param threshold - Number of nodes that needs to participate in protocol in order to generate valid signature. Also known as `t`.
+     * @param totalNodes - Number of nodes that participate in keygen operation. Also known as `n`.
+     * @param authModule - Authentication module, used to get confirmation from the User before request execution
+     */
+    constructor(wpClient: IWalletProviderServiceClient, threshold: number, totalNodes: number, authModule: AuthModule);
+    /** Generate a distributed key that's generated by Silent Network.
+     * Uses `authModule` to authenticate the User with the Silent Network.
+     * @param signAlgs - signature algorithms for which MPC keys will be generated.
+     * @param permissions - optional permissions that will be stored in the key metadata.
+     * The permissions are validated during sign requests.
+     * @returns {@link KeygenResponse} containing `keyId` and the `pubKey` public part of the key
+     * @public
+     */
+    generateKey(signAlgs: string[], permissions?: string): Promise<KeygenResponse[]>;
+    /** Generate a signature by the distributed key of Silent Network.
+     * Uses `authModule` to authenticate the sign request by the User.
+     * The network chooses `t` nodes to execute the protocol.
+     * @param keyId - the key id returned from `keygen`
+     * @param signAlg - the signature algorithm to use for MPC signing, different form signAlg inside EphKeyClaim
+     * @param message - the message to sign by the MPC network
+     * @returns {@link SignResponse}
+     * @public
+     */
+    signMessage(keyId: string, signAlg: string, message: string): Promise<SignResponse>;
+    /** Add new ephemeral key to an exist distributed key on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @returns {@link OperationStatusResponse}
+     * @public
+     */
+    addEphemeralKey(keyId: string): Promise<OperationStatusResponse>;
+    /** Revoke ephemeral key of an exist distributed key on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @returns {@link OperationStatusResponse}
+     * @public
+     */
+    revokeEphemeralKey(keyId: string): Promise<OperationStatusResponse>;
+    /** Register new user's passkey on the network. This will try to register to all the available nodes on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @returns {@link RegisterPasskeyResponse}
+     * @public
+     */
+    registerPasskey(): Promise<RegisterPasskeyResponse>;
+    private setEphClaimOf;
+}
+/**
+ *
+ * @param signgenResponse - response from the network for sign request
+ * @returns - flattened signature in a form: 0x{signature}{recover_id}
+ */
+export declare const flattenSignature: (signgenResponse: SignResponse) => `0x${string}`;

package/dist/passkeyAuthentication.d.ts

@@ -0,0 +1,28 @@
+import { UserAuthentication } from './authentication';
+import { EphKeyClaim } from './ephemeralAuthentication';
+/** Information about the user currently registering. Read more: https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-user
+ * @alpha
+ * */
+export type PasskeyUser = {
+    id: string;
+    name: string;
+    displayName: string;
+};
+/** The RP responsible for registering and authenticating the user. Read more: https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-rp
+ * @alpha
+ * */
+export type RelyingPartyConfig = {
+    rpName: string;
+    rpId: string;
+};
+export declare function passkeyRegister({ user, challenge, rpConfig, }: {
+    user: PasskeyUser;
+    challenge: string;
+    rpConfig: RelyingPartyConfig;
+}): Promise<UserAuthentication>;
+export declare function passkeyLogin({ challenge, allowCredentialId, rpConfig, ephClaim, }: {
+    challenge: string;
+    allowCredentialId: string | null;
+    rpConfig: RelyingPartyConfig;
+    ephClaim: EphKeyClaim;
+}): Promise<UserAuthentication>;