@sip-protocol/sdk 0.6.22 → 0.6.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/browser.js +22 -2
  2. package/dist/browser.mjs +1 -1
  3. package/dist/{chunk-NM5PTCQ5.mjs → chunk-CHC3HKUM.mjs} +22 -2
  4. package/dist/index.js +22 -2
  5. package/dist/index.mjs +1 -1
  6. package/package.json +1 -1
  7. package/src/intent.ts +39 -3
package/dist/browser.js CHANGED
@@ -5434,9 +5434,29 @@ async function createShieldedIntent(params, options) {
5434
5434
  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
5435
5435
  return (0, import_utils6.hexToBytes)(cleanHex);
5436
5436
  };
5437
- const effectiveOwnershipSig = ownershipSignature ?? (0, import_utils6.randomBytes)(64);
5438
5437
  const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
5439
- const effectiveAuthSig = authorizationSignature ?? (0, import_utils6.randomBytes)(64);
5438
+ const intentHashBytes = (0, import_sha2565.sha256)(new TextEncoder().encode(intentId));
5439
+ const intentHashHex = hash(intentId);
5440
+ let effectiveOwnershipSig;
5441
+ let effectiveAuthSig;
5442
+ if (ownershipSignature && authorizationSignature) {
5443
+ effectiveOwnershipSig = ownershipSignature;
5444
+ effectiveAuthSig = authorizationSignature;
5445
+ } else if (allowPlaceholders && !senderSecret) {
5446
+ effectiveOwnershipSig = (0, import_utils6.randomBytes)(64);
5447
+ effectiveAuthSig = (0, import_utils6.randomBytes)(64);
5448
+ console.warn(
5449
+ "[createShieldedIntent] WARNING: Using placeholder signatures for proof generation. These proofs are NOT cryptographically valid. Do NOT use in production!"
5450
+ );
5451
+ } else {
5452
+ const { secp256k1: secp256k110 } = await import("@noble/curves/secp256k1");
5453
+ const publicKey = secp256k110.getPublicKey(effectiveSenderSecret, true);
5454
+ const senderAddressBytes = (0, import_sha2565.sha256)(publicKey);
5455
+ const ownershipSig = secp256k110.sign(senderAddressBytes, effectiveSenderSecret);
5456
+ effectiveOwnershipSig = ownershipSig.toCompactRawBytes();
5457
+ const authSig = secp256k110.sign(intentHashBytes, effectiveSenderSecret);
5458
+ effectiveAuthSig = authSig.toCompactRawBytes();
5459
+ }
5440
5460
  const fundingResult = await proofProvider.generateFundingProof({
5441
5461
  balance: input.amount,
5442
5462
  minimumRequired: input.amount,
package/dist/browser.mjs CHANGED
@@ -263,7 +263,7 @@ import {
263
263
  walletRegistry,
264
264
  withSecureBuffer,
265
265
  withSecureBufferSync
266
- } from "./chunk-NM5PTCQ5.mjs";
266
+ } from "./chunk-CHC3HKUM.mjs";
267
267
  import {
268
268
  fulfillment_proof_default,
269
269
  funding_proof_default,
package/dist/{chunk-NM5PTCQ5.mjs → chunk-CHC3HKUM.mjs} RENAMED
@@ -1777,9 +1777,29 @@ async function createShieldedIntent(params, options) {
1777
1777
  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
1778
1778
  return hexToBytes4(cleanHex);
1779
1779
  };
1780
- const effectiveOwnershipSig = ownershipSignature ?? randomBytes6(64);
1781
1780
  const effectiveSenderSecret = senderSecret ?? randomBytes6(32);
1782
- const effectiveAuthSig = authorizationSignature ?? randomBytes6(64);
1781
+ const intentHashBytes = sha2565(new TextEncoder().encode(intentId));
1782
+ const intentHashHex = hash(intentId);
1783
+ let effectiveOwnershipSig;
1784
+ let effectiveAuthSig;
1785
+ if (ownershipSignature && authorizationSignature) {
1786
+ effectiveOwnershipSig = ownershipSignature;
1787
+ effectiveAuthSig = authorizationSignature;
1788
+ } else if (allowPlaceholders && !senderSecret) {
1789
+ effectiveOwnershipSig = randomBytes6(64);
1790
+ effectiveAuthSig = randomBytes6(64);
1791
+ console.warn(
1792
+ "[createShieldedIntent] WARNING: Using placeholder signatures for proof generation. These proofs are NOT cryptographically valid. Do NOT use in production!"
1793
+ );
1794
+ } else {
1795
+ const { secp256k1: secp256k19 } = await import("@noble/curves/secp256k1");
1796
+ const publicKey = secp256k19.getPublicKey(effectiveSenderSecret, true);
1797
+ const senderAddressBytes = sha2565(publicKey);
1798
+ const ownershipSig = secp256k19.sign(senderAddressBytes, effectiveSenderSecret);
1799
+ effectiveOwnershipSig = ownershipSig.toCompactRawBytes();
1800
+ const authSig = secp256k19.sign(intentHashBytes, effectiveSenderSecret);
1801
+ effectiveAuthSig = authSig.toCompactRawBytes();
1802
+ }
1783
1803
  const fundingResult = await proofProvider.generateFundingProof({
1784
1804
  balance: input.amount,
1785
1805
  minimumRequired: input.amount,
package/dist/index.js CHANGED
@@ -5421,9 +5421,29 @@ async function createShieldedIntent(params, options) {
5421
5421
  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
5422
5422
  return (0, import_utils6.hexToBytes)(cleanHex);
5423
5423
  };
5424
- const effectiveOwnershipSig = ownershipSignature ?? (0, import_utils6.randomBytes)(64);
5425
5424
  const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
5426
- const effectiveAuthSig = authorizationSignature ?? (0, import_utils6.randomBytes)(64);
5425
+ const intentHashBytes = (0, import_sha2565.sha256)(new TextEncoder().encode(intentId));
5426
+ const intentHashHex = hash(intentId);
5427
+ let effectiveOwnershipSig;
5428
+ let effectiveAuthSig;
5429
+ if (ownershipSignature && authorizationSignature) {
5430
+ effectiveOwnershipSig = ownershipSignature;
5431
+ effectiveAuthSig = authorizationSignature;
5432
+ } else if (allowPlaceholders && !senderSecret) {
5433
+ effectiveOwnershipSig = (0, import_utils6.randomBytes)(64);
5434
+ effectiveAuthSig = (0, import_utils6.randomBytes)(64);
5435
+ console.warn(
5436
+ "[createShieldedIntent] WARNING: Using placeholder signatures for proof generation. These proofs are NOT cryptographically valid. Do NOT use in production!"
5437
+ );
5438
+ } else {
5439
+ const { secp256k1: secp256k19 } = await import("@noble/curves/secp256k1");
5440
+ const publicKey = secp256k19.getPublicKey(effectiveSenderSecret, true);
5441
+ const senderAddressBytes = (0, import_sha2565.sha256)(publicKey);
5442
+ const ownershipSig = secp256k19.sign(senderAddressBytes, effectiveSenderSecret);
5443
+ effectiveOwnershipSig = ownershipSig.toCompactRawBytes();
5444
+ const authSig = secp256k19.sign(intentHashBytes, effectiveSenderSecret);
5445
+ effectiveAuthSig = authSig.toCompactRawBytes();
5446
+ }
5427
5447
  const fundingResult = await proofProvider.generateFundingProof({
5428
5448
  balance: input.amount,
5429
5449
  minimumRequired: input.amount,
package/dist/index.mjs CHANGED
@@ -253,7 +253,7 @@ import {
253
253
  walletRegistry,
254
254
  withSecureBuffer,
255
255
  withSecureBufferSync
256
- } from "./chunk-NM5PTCQ5.mjs";
256
+ } from "./chunk-CHC3HKUM.mjs";
257
257
  import {
258
258
  CryptoError,
259
259
  EncryptionNotImplementedError,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sip-protocol/sdk",
3
- "version": "0.6.22",
3
+ "version": "0.6.23",
4
4
  "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
5
5
  "author": "SIP Protocol <hello@sip-protocol.org>",
6
6
  "homepage": "https://sip-protocol.org",
package/src/intent.ts CHANGED
@@ -555,12 +555,48 @@ export async function createShieldedIntent(
555
555
  return hexToBytes(cleanHex)
556
556
  }
557
557
 
558
- // Use provided signatures or placeholders (if allowed)
558
+ // Use provided signatures or generate them from senderSecret
559
559
  // IMPORTANT: senderSecret must be random even for placeholders, as secp256k1
560
560
  // rejects all-zero private keys. randomBytes generates cryptographically secure random values.
561
- const effectiveOwnershipSig = ownershipSignature ?? randomBytes(64)
562
561
  const effectiveSenderSecret = senderSecret ?? randomBytes(32)
563
- const effectiveAuthSig = authorizationSignature ?? randomBytes(64)
562
+
563
+ // Compute the intent hash that will be used in the circuit
564
+ const intentHashBytes = sha256(new TextEncoder().encode(intentId))
565
+ const intentHashHex = hash(intentId) as HexString
566
+
567
+ // Generate ECDSA signatures using senderSecret if not provided
568
+ // This ensures the signature matches the intentHash computed internally
569
+ let effectiveOwnershipSig: Uint8Array
570
+ let effectiveAuthSig: Uint8Array
571
+
572
+ if (ownershipSignature && authorizationSignature) {
573
+ // Use provided signatures
574
+ effectiveOwnershipSig = ownershipSignature
575
+ effectiveAuthSig = authorizationSignature
576
+ } else if (allowPlaceholders && !senderSecret) {
577
+ // Placeholder mode with no senderSecret - use random bytes (won't verify)
578
+ effectiveOwnershipSig = randomBytes(64)
579
+ effectiveAuthSig = randomBytes(64)
580
+ console.warn(
581
+ '[createShieldedIntent] WARNING: Using placeholder signatures for proof generation. ' +
582
+ 'These proofs are NOT cryptographically valid. Do NOT use in production!'
583
+ )
584
+ } else {
585
+ // Generate real ECDSA signatures using senderSecret
586
+ const { secp256k1 } = await import('@noble/curves/secp256k1')
587
+
588
+ // Derive sender address from senderSecret (hash of public key)
589
+ const publicKey = secp256k1.getPublicKey(effectiveSenderSecret, true)
590
+ const senderAddressBytes = sha256(publicKey)
591
+
592
+ // Sign the sender address for ownership proof
593
+ const ownershipSig = secp256k1.sign(senderAddressBytes, effectiveSenderSecret)
594
+ effectiveOwnershipSig = ownershipSig.toCompactRawBytes()
595
+
596
+ // Sign the intent hash for authorization proof
597
+ const authSig = secp256k1.sign(intentHashBytes, effectiveSenderSecret)
598
+ effectiveAuthSig = authSig.toCompactRawBytes()
599
+ }
564
600
 
565
601
  // Generate funding proof
566
602
  // Note: The funding proof proves balance >= minimumRequired