@tapforce/pod-bridge-sdk 1.2.4 → 2.0.1

package/dist/libs/helpers/signature-recovery.helper.js

@@ -1,447 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseDerSignature = parseDerSignature;
-exports.addressFromPublicKey = addressFromPublicKey;
-exports.recoverSignature65B = recoverSignature65B;
-exports.recoverAggregatedSignatures65B = recoverAggregatedSignatures65B;
-exports.computeDepositTxHash = computeDepositTxHash;
-exports.extractAggregatedSignatures = extractAggregatedSignatures;
-exports.recoverSignatureWithoutPubkey = recoverSignatureWithoutPubkey;
-exports.recoverSignatureWithValidators = recoverSignatureWithValidators;
-exports.decompressPublicKey = decompressPublicKey;
-exports.extractAggregatedSignaturesWithValidators = extractAggregatedSignaturesWithValidators;
-exports.extractSignatureInfo = extractSignatureInfo;
-const ethers_1 = require("ethers");
-/**
- * Parse a DER-encoded ECDSA signature to extract r and s components.
- *
- * DER format:
- * 0x30 [total-length] 0x02 [r-length] [r] 0x02 [s-length] [s]
- *
- * Example: 3044022020749ca9...0220292484ed...
- * - 30 = SEQUENCE tag
- * - 44 = total length (68 bytes)
- * - 02 = INTEGER tag for r
- * - 20 = r length (32 bytes)
- * - [32 bytes of r]
- * - 02 = INTEGER tag for s
- * - 20 = s length (32 bytes)
- * - [32 bytes of s]
- *
- * @param derSignature The DER-encoded signature as hex string
- * @returns Object with r and s as 32-byte hex strings (0x prefixed)
- */
-function parseDerSignature(derSignature) {
-    const hex = derSignature.replace('0x', '');
-    const bytes = Uint8Array.from(Buffer.from(hex, 'hex'));
-    let offset = 0;
-    // Check SEQUENCE tag (0x30)
-    if (bytes[offset++] !== 0x30) {
-        throw new Error('Invalid DER signature: expected SEQUENCE tag (0x30)');
-    }
-    // Skip total length
-    const totalLength = bytes[offset++];
-    if (totalLength > 127) {
-        // Long form length (shouldn't happen for ECDSA sigs)
-        throw new Error('Invalid DER signature: unexpected long form length');
-    }
-    // Parse r
-    if (bytes[offset++] !== 0x02) {
-        throw new Error('Invalid DER signature: expected INTEGER tag (0x02) for r');
-    }
-    let rLength = bytes[offset++];
-    let rStart = offset;
-    offset += rLength;
-    // Parse s
-    if (bytes[offset++] !== 0x02) {
-        throw new Error('Invalid DER signature: expected INTEGER tag (0x02) for s');
-    }
-    let sLength = bytes[offset++];
-    let sStart = offset;
-    // Extract r and s, handling potential leading zero padding
-    let rBytes = bytes.slice(rStart, rStart + rLength);
-    let sBytes = bytes.slice(sStart, sStart + sLength);
-    // Remove leading zero if present (DER adds 0x00 prefix for values with high bit set)
-    if (rBytes.length === 33 && rBytes[0] === 0) {
-        rBytes = rBytes.slice(1);
-    }
-    if (sBytes.length === 33 && sBytes[0] === 0) {
-        sBytes = sBytes.slice(1);
-    }
-    // Pad to 32 bytes if necessary
-    const r = Buffer.from(rBytes).toString('hex').padStart(64, '0');
-    const s = Buffer.from(sBytes).toString('hex').padStart(64, '0');
-    return { r: '0x' + r, s: '0x' + s };
-}
-/**
- * Derive Ethereum address from a public key.
- *
- * @param publicKey The public key (uncompressed 65 bytes with 04 prefix, or 64 bytes x||y)
- * @returns The Ethereum address
- */
-function addressFromPublicKey(publicKey) {
-    const pubKeyHex = publicKey.replace('0x', '');
-    // Handle different public key formats
-    let xyBytes;
-    if (pubKeyHex.length === 130 && pubKeyHex.startsWith('04')) {
-        // Uncompressed: 04 + x (32 bytes) + y (32 bytes)
-        xyBytes = pubKeyHex.slice(2);
-    }
-    else if (pubKeyHex.length === 128) {
-        // Already x || y without prefix
-        xyBytes = pubKeyHex;
-    }
-    else {
-        throw new Error(`Invalid public key length: ${pubKeyHex.length}. Expected 128 or 130 hex chars.`);
-    }
-    // Address = keccak256(x || y)[12:] = last 20 bytes
-    const hash = (0, ethers_1.keccak256)('0x' + xyBytes);
-    return '0x' + hash.slice(-40);
-}
-/**
- * Recover a 65-byte ECDSA signature (r,s,v) from a 64-byte compact signature.
- *
- * Exactly matches the Rust implementation:
- * ```rust
- * pub fn recover_65b_signature(
- *     sig: &Signature,
- *     msg_hash: [u8; 32],
- *     pubkey: &PublicKey,
- * ) -> anyhow::Result<[u8; 65]> {
- *     let secp = Secp256k1::new();
- *     let msg = Message::from_digest(msg_hash);
- *     let sig_bytes = sig.serialize_compact();
- *
- *     for recovery_id in [RecoveryId::Zero, RecoveryId::One] {
- *         let recoverable_sig = RecoverableSignature::from_compact(&sig_bytes, recovery_id)?;
- *         match secp.recover_ecdsa(msg, &recoverable_sig) {
- *             Ok(recovered_key) => {
- *                 if recovered_key == *pubkey {
- *                     return Ok(recoverable_sig.to_alloy().as_bytes());
- *                 }
- *             }
- *             Err(e) => { ... }
- *         }
- *     }
- *     Err(anyhow!("Could not find valid recovery ID for signature"))
- * }
- * ```
- *
- * @param r The r component of the signature (32 bytes hex)
- * @param s The s component of the signature (32 bytes hex)
- * @param msgHash The 32-byte message hash that was signed
- * @param publicKey The expected signer's public key
- * @returns The 65-byte signature (r || s || v) or null if recovery fails
- */
-function recoverSignature65B(r, s, msgHash, publicKey) {
-    // Normalize r and s
-    const rHex = r.replace('0x', '').padStart(64, '0');
-    const sHex = s.replace('0x', '').padStart(64, '0');
-    // Derive expected address from public key
-    let expectedAddress;
-    try {
-        expectedAddress = addressFromPublicKey(publicKey);
-    }
-    catch (e) {
-        console.error('Failed to derive address from public key:', e);
-        return null;
-    }
-    // Try both recovery IDs (27 and 28 in Ethereum, corresponding to RecoveryId::Zero and RecoveryId::One)
-    for (const v of [27, 28]) {
-        try {
-            const signature = { r: '0x' + rHex, s: '0x' + sHex, v };
-            const recoveredAddress = (0, ethers_1.recoverAddress)(msgHash, signature);
-            if (recoveredAddress.toLowerCase() === expectedAddress.toLowerCase()) {
-                // Found the correct v value - matches Rust: "if recovered_key == *pubkey"
-                const vHex = v.toString(16).padStart(2, '0');
-                return '0x' + rHex + sHex + vHex;
-            }
-        }
-        catch (e) {
-            // Recovery failed with this v, try the other
-            continue;
-        }
-    }
-    return null;
-}
-/**
- * Recover multiple 65-byte signatures from concatenated 64-byte signatures.
- *
- * @param aggregatedSig64 Concatenated 64-byte signatures (r || s for each)
- * @param msgHash The message hash that was signed
- * @param publicKeys Array of expected signer public keys in order
- * @returns Concatenated 65-byte signatures or null if any recovery fails
- */
-function recoverAggregatedSignatures65B(aggregatedSig64, msgHash, publicKeys) {
-    const sigBytes = typeof aggregatedSig64 === 'string'
-        ? Uint8Array.from(Buffer.from(aggregatedSig64.replace('0x', ''), 'hex'))
-        : aggregatedSig64;
-    const sigCount = sigBytes.length / 64;
-    if (sigCount !== publicKeys.length) {
-        throw new Error(`Signature count (${sigCount}) doesn't match expected public keys count (${publicKeys.length})`);
-    }
-    const recovered65BSigs = [];
-    for (let i = 0; i < sigCount; i++) {
-        const offset = i * 64;
-        const r = '0x' + Buffer.from(sigBytes.slice(offset, offset + 32)).toString('hex');
-        const s = '0x' + Buffer.from(sigBytes.slice(offset + 32, offset + 64)).toString('hex');
-        const sig65 = recoverSignature65B(r, s, msgHash, publicKeys[i]);
-        if (!sig65) {
-            console.error(`Failed to recover signature ${i} for public key ${publicKeys[i]}`);
-            return null;
-        }
-        recovered65BSigs.push(sig65.replace('0x', ''));
-    }
-    return '0x' + recovered65BSigs.join('');
-}
-/**
- * Compute the transaction hash for a bridge deposit that needs to be signed.
- * This matches the depositTxHash function in the Bridge.sol contract.
- *
- * @param domainSeparator The domain separator from the bridge contract
- * @param bridgeContract The address of the bridge contract on the other chain
- * @param token The token address
- * @param amount The amount
- * @param to The recipient address
- * @param proof The proof (deposit TX hash)
- * @returns The transaction hash to be signed
- */
-function computeDepositTxHash(domainSeparator, bridgeContract, token, amount, to, proof) {
-    const { AbiCoder, solidityPackedKeccak256 } = require('ethers');
-    const abiCoder = new AbiCoder();
-    // DEPOSIT_SELECTOR = keccak256("deposit(address,uint256,address)")[:4]
-    const DEPOSIT_SELECTOR = '0x47e7ef24';
-    // Compute dataHash = keccak256(selector || token || amount || to)
-    const dataHash = solidityPackedKeccak256(['bytes4', 'address', 'uint256', 'address'], [DEPOSIT_SELECTOR, token, amount, to]);
-    // Compute final hash = keccak256(domainSeparator || bridgeContract || dataHash || proof)
-    return (0, ethers_1.keccak256)(abiCoder.encode(['bytes32', 'address', 'bytes32', 'bytes'], [domainSeparator, bridgeContract, dataHash, proof]));
-}
-/**
- * Extract aggregated 65-byte signatures from Pod transaction receipt.
- *
- * Receipt format:
- * - attested_tx.hash: The transaction hash that was signed
- * - signatures: Object with numeric keys containing DER-encoded signatures
- *
- * @param receipt The Pod transaction receipt
- * @param msgHash Optional override for the message hash (defaults to attested_tx.hash)
- * @param committeePublicKeys Optional array of validator public keys for v-value recovery
- * @returns Concatenated 65-byte signatures (r || s || v for each signature)
- */
-function extractAggregatedSignatures(receipt, msgHash, committeePublicKeys) {
-    // Use attested_tx.hash as the message that was signed
-    const hashToSign = msgHash || receipt.attested_tx.hash;
-    // Get signatures in order (0, 1, 2, ...)
-    const sigKeys = Object.keys(receipt.signatures).sort((a, b) => parseInt(a) - parseInt(b));
-    if (sigKeys.length === 0) {
-        throw new Error('No signatures found in receipt');
-    }
-    const signatures = [];
-    for (let i = 0; i < sigKeys.length; i++) {
-        const derSig = receipt.signatures[sigKeys[i]];
-        const { r, s } = parseDerSignature(derSig);
-        if (committeePublicKeys && committeePublicKeys[i]) {
-            // Use public key to recover correct v value
-            const sig65 = recoverSignature65B(r, s, hashToSign, committeePublicKeys[i]);
-            if (!sig65) {
-                throw new Error(`Failed to recover signature ${i} for public key ${committeePublicKeys[i]}`);
-            }
-            signatures.push(sig65.replace('0x', ''));
-        }
-        else {
-            // No public key available - try both v values and use the first valid one
-            const sig65 = recoverSignatureWithoutPubkey(r, s, hashToSign);
-            signatures.push(sig65.replace('0x', ''));
-        }
-    }
-    return '0x' + signatures.join('');
-}
-/**
- * Recover a 65-byte signature without knowing the public key.
- * Tries both v values (27 and 28) and returns the first valid recovery.
- *
- * WARNING: This is less secure as we can't verify the signer.
- * Use recoverSignature65B with public key when possible.
- *
- * @param r The r component
- * @param s The s component
- * @param msgHash The message hash
- * @returns The 65-byte signature with v=27 (tries 27 first, then 28)
- */
-function recoverSignatureWithoutPubkey(r, s, msgHash) {
-    const rHex = r.replace('0x', '').padStart(64, '0');
-    const sHex = s.replace('0x', '').padStart(64, '0');
-    // Try v=27 first, then v=28
-    for (const v of [27, 28]) {
-        try {
-            const signature = { r: '0x' + rHex, s: '0x' + sHex, v };
-            const recoveredAddress = (0, ethers_1.recoverAddress)(msgHash, signature);
-            // If recovery succeeds, use this v value
-            if (recoveredAddress) {
-                const vHex = v.toString(16).padStart(2, '0');
-                return '0x' + rHex + sHex + vHex;
-            }
-        }
-        catch (e) {
-            continue;
-        }
-    }
-    // Default to v=27 if both fail
-    return '0x' + rHex + sHex + '1b';
-}
-/**
- * Recover a 65-byte signature by checking which v-value recovers to a known validator address.
- *
- * @param r The r component
- * @param s The s component
- * @param msgHash The message hash
- * @param validatorAddresses Set of known validator addresses (lowercase)
- * @returns Object with signature and recovered address, or null if no validator match
- */
-function recoverSignatureWithValidators(r, s, msgHash, validatorAddresses) {
-    const rHex = r.replace('0x', '').padStart(64, '0');
-    const sHex = s.replace('0x', '').padStart(64, '0');
-    // Try both v values and check if recovered address is a known validator
-    for (const v of [27, 28]) {
-        try {
-            const signature = { r: '0x' + rHex, s: '0x' + sHex, v };
-            const recoveredAddress = (0, ethers_1.recoverAddress)(msgHash, signature);
-            if (recoveredAddress && validatorAddresses.has(recoveredAddress.toLowerCase())) {
-                const vHex = v.toString(16).padStart(2, '0');
-                return {
-                    signature: '0x' + rHex + sHex + vHex,
-                    recoveredAddress: recoveredAddress.toLowerCase()
-                };
-            }
-        }
-        catch (e) {
-            continue;
-        }
-    }
-    return null;
-}
-/**
- * Decompress a compressed secp256k1 public key (33 bytes) to uncompressed format.
- * Compressed format: 02/03 prefix + 32-byte x coordinate
- * Uncompressed format: 04 prefix + 32-byte x + 32-byte y
- *
- * @param compressedPubKey The compressed public key (66 hex chars with 02/03 prefix)
- * @returns The uncompressed public key (130 hex chars with 04 prefix)
- */
-function decompressPublicKey(compressedPubKey) {
-    const hex = compressedPubKey.replace('0x', '');
-    if (hex.length !== 66) {
-        throw new Error(`Invalid compressed public key length: ${hex.length}. Expected 66 hex chars.`);
-    }
-    const prefix = hex.slice(0, 2);
-    if (prefix !== '02' && prefix !== '03') {
-        throw new Error(`Invalid compressed public key prefix: ${prefix}. Expected 02 or 03.`);
-    }
-    // secp256k1 curve parameters
-    const p = BigInt('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F');
-    const x = BigInt('0x' + hex.slice(2));
-    // y² = x³ + 7 (mod p)
-    const ySquared = (x ** 3n + 7n) % p;
-    // Calculate modular square root using Tonelli-Shanks for p ≡ 3 (mod 4)
-    // y = ySquared^((p+1)/4) mod p
-    const y = modPow(ySquared, (p + 1n) / 4n, p);
-    // Check if we need to negate y based on the prefix
-    const isYEven = y % 2n === 0n;
-    const needsEvenY = prefix === '02';
-    const finalY = isYEven === needsEvenY ? y : p - y;
-    // Convert to hex, pad to 64 chars
-    const xHex = x.toString(16).padStart(64, '0');
-    const yHex = finalY.toString(16).padStart(64, '0');
-    return '04' + xHex + yHex;
-}
-/**
- * Modular exponentiation: base^exp mod mod
- */
-function modPow(base, exp, mod) {
-    let result = 1n;
-    base = base % mod;
-    while (exp > 0n) {
-        if (exp % 2n === 1n) {
-            result = (result * base) % mod;
-        }
-        exp = exp / 2n;
-        base = (base * base) % mod;
-    }
-    return result;
-}
-/**
- * Extract aggregated 65-byte signatures using validator public keys for v-value recovery.
- * Committee format: Array of [index, compressed_public_key] tuples
- *
- * @param receipt The Pod transaction receipt
- * @param validators Array of [index, compressedPubKey] tuples from pod_getCommittee
- * @param msgHash Optional override for the message hash
- * @returns Concatenated 65-byte signatures (r || s || v for each signature)
- */
-function extractAggregatedSignaturesWithValidators(receipt, validators, msgHash) {
-    const hashToSign = msgHash || receipt.attested_tx.hash;
-    // Convert compressed public keys to addresses
-    const validatorAddresses = new Map();
-    for (const [index, compressedPubKey] of validators) {
-        try {
-            const uncompressed = decompressPublicKey(compressedPubKey);
-            const address = addressFromPublicKey(uncompressed);
-            validatorAddresses.set(index, address.toLowerCase());
-        }
-        catch (e) {
-            console.warn(`Failed to decompress public key for validator ${index}:`, e);
-        }
-    }
-    console.log('Validator addresses:', Object.fromEntries(validatorAddresses));
-    // Create a set of all validator addresses for lookup
-    const validatorSet = new Set(validatorAddresses.values());
-    // Get signatures in order (0, 1, 2, ...)
-    const sigKeys = Object.keys(receipt.signatures).sort((a, b) => parseInt(a) - parseInt(b));
-    if (sigKeys.length === 0) {
-        throw new Error('No signatures found in receipt');
-    }
-    const signatures = [];
-    const recoveredValidators = [];
-    for (let i = 0; i < sigKeys.length; i++) {
-        const sigIndex = parseInt(sigKeys[i]);
-        const derSig = receipt.signatures[sigKeys[i]];
-        const { r, s } = parseDerSignature(derSig);
-        // Try to recover with validator address verification
-        const result = recoverSignatureWithValidators(r, s, hashToSign, validatorSet);
-        if (result) {
-            signatures.push(result.signature.replace('0x', ''));
-            recoveredValidators.push(result.recoveredAddress);
-        }
-        else {
-            // Fallback to without validator check (will likely fail on contract)
-            console.warn(`Signature ${sigIndex}: Could not match to any validator address`);
-            const sig65 = recoverSignatureWithoutPubkey(r, s, hashToSign);
-            signatures.push(sig65.replace('0x', ''));
-        }
-    }
-    console.log('Recovered validators:', recoveredValidators);
-    return '0x' + signatures.join('');
-}
-/**
- * Extract signature info from Pod receipt for debugging/verification.
- *
- * @param receipt The Pod transaction receipt
- * @param msgHash Optional override for the message hash
- * @returns Array of signature info with recovered 65-byte signatures
- */
-function extractSignatureInfo(receipt, msgHash) {
-    const hashToSign = msgHash || receipt.attested_tx.hash;
-    const sigKeys = Object.keys(receipt.signatures).sort((a, b) => parseInt(a) - parseInt(b));
-    return sigKeys.map((key, index) => {
-        const derSig = receipt.signatures[key];
-        const { r, s } = parseDerSignature(derSig);
-        const sig65 = recoverSignatureWithoutPubkey(r, s, hashToSign);
-        return {
-            index,
-            derSignature: derSig,
-            r,
-            s,
-            signature65: sig65
-        };
-    });
-}