ox 0.12.3 → 0.13.0

package/core/WebCryptoP256.ts

@@ -283,7 +283,10 @@ export declare namespace sign {
  * @returns Whether the payload was signed by the provided public key.
  */
 export async function verify(options: verify.Options): Promise<boolean> {
-  const { payload, signature } = options
+  const { lowS = true, payload, signature } = options
+
+  // Reject high-S signatures if lowS is enabled.
+  if (lowS && signature.s > p256.CURVE.n / 2n) return false
 
   const publicKey = await globalThis.crypto.subtle.importKey(
     'raw',
@@ -306,6 +309,8 @@ export async function verify(options: verify.Options): Promise<boolean> {
 
 export declare namespace verify {
   type Options = {
+    /** If set to `true`, only low-S signatures will be accepted. @default true */
+    lowS?: boolean | undefined
     /** Public key that signed the payload. */
     publicKey: PublicKey.PublicKey<boolean>
     /** Signature of the payload. */

package/core/internal/webauthn.ts

@@ -1,157 +1,7 @@
 import { p256 } from '@noble/curves/p256'
+import * as Registration from '../../webauthn/Registration.js'
 import type * as Errors from '../Errors.js'
-import * as Hex from '../Hex.js'
 import * as PublicKey from '../PublicKey.js'
-import { CredentialCreationFailedError } from '../WebAuthnP256.js'
-
-/** @internal */
-export type AttestationConveyancePreference =
-  | 'direct'
-  | 'enterprise'
-  | 'indirect'
-  | 'none'
-
-/** @internal */
-export type AuthenticatorAttachment = 'cross-platform' | 'platform'
-
-/** @internal */
-export type AuthenticatorTransport =
-  | 'ble'
-  | 'hybrid'
-  | 'internal'
-  | 'nfc'
-  | 'usb'
-
-/** @internal */
-export type COSEAlgorithmIdentifier = number
-
-/** @internal */
-export type CredentialMediationRequirement =
-  | 'conditional'
-  | 'optional'
-  | 'required'
-  | 'silent'
-
-/** @internal */
-export type PublicKeyCredentialType = 'public-key'
-
-/** @internal */
-export type ResidentKeyRequirement = 'discouraged' | 'preferred' | 'required'
-
-/** @internal */
-export type UserVerificationRequirement =
-  | 'discouraged'
-  | 'preferred'
-  | 'required'
-
-/** @internal */
-export type LargeBlobSupport = {
-  support: 'required' | 'preferred'
-}
-
-/** @internal */
-export type BufferSource = ArrayBufferView | ArrayBuffer
-
-/** @internal */
-export type PrfExtension = Record<'eval', Record<'first', Uint8Array>>
-
-/** @internal */
-export interface AuthenticationExtensionsClientInputs {
-  appid?: string
-  credProps?: boolean
-  hmacCreateSecret?: boolean
-  minPinLength?: boolean
-  prf?: PrfExtension
-  largeBlob?: LargeBlobSupport
-}
-
-/** @internal */
-export interface AuthenticatorSelectionCriteria {
-  authenticatorAttachment?: AuthenticatorAttachment
-  requireResidentKey?: boolean
-  residentKey?: ResidentKeyRequirement
-  userVerification?: UserVerificationRequirement
-}
-
-/** @internal */
-export interface Credential {
-  readonly id: string
-  readonly type: string
-}
-
-/** @internal */
-export interface CredentialCreationOptions {
-  publicKey?: PublicKeyCredentialCreationOptions
-  signal?: AbortSignal
-}
-
-/** @internal */
-export interface CredentialRequestOptions {
-  mediation?: CredentialMediationRequirement
-  publicKey?: PublicKeyCredentialRequestOptions
-  signal?: AbortSignal
-}
-
-/** @internal */
-export interface PublicKeyCredential extends Credential {
-  readonly authenticatorAttachment: string | null
-  readonly rawId: ArrayBuffer
-  readonly response: AuthenticatorResponse
-  getClientExtensionResults(): AuthenticationExtensionsClientOutputs
-}
-
-/** @internal */
-export interface PublicKeyCredentialCreationOptions {
-  attestation?: AttestationConveyancePreference
-  authenticatorSelection?: AuthenticatorSelectionCriteria
-  challenge: BufferSource
-  excludeCredentials?: PublicKeyCredentialDescriptor[]
-  extensions?: AuthenticationExtensionsClientInputs
-  pubKeyCredParams: PublicKeyCredentialParameters[]
-  rp: PublicKeyCredentialRpEntity
-  timeout?: number
-  user: PublicKeyCredentialUserEntity
-}
-
-/** @internal */
-export interface PublicKeyCredentialDescriptor {
-  id: BufferSource
-  transports?: AuthenticatorTransport[]
-  type: PublicKeyCredentialType
-}
-
-/** @internal */
-export interface PublicKeyCredentialEntity {
-  name: string
-}
-
-/** @internal */
-export interface PublicKeyCredentialParameters {
-  alg: COSEAlgorithmIdentifier
-  type: PublicKeyCredentialType
-}
-
-/** @internal */
-export interface PublicKeyCredentialRequestOptions {
-  allowCredentials?: PublicKeyCredentialDescriptor[]
-  challenge: BufferSource
-  extensions?: AuthenticationExtensionsClientInputs
-  rpId?: string
-  timeout?: number
-  userVerification?: UserVerificationRequirement
-}
-
-/** @internal */
-export interface PublicKeyCredentialRpEntity extends PublicKeyCredentialEntity {
-  id?: string
-}
-
-/** @internal */
-export interface PublicKeyCredentialUserEntity
-  extends PublicKeyCredentialEntity {
-  displayName: string
-  id: BufferSource
-}
 
 /**
  * Parses an ASN.1 signature into a r and s value.
@@ -159,17 +9,8 @@ export interface PublicKeyCredentialUserEntity
  * @internal
  */
 export function parseAsn1Signature(bytes: Uint8Array) {
-  const r_start = bytes[4] === 0 ? 5 : 4
-  const r_end = r_start + 32
-  const s_start = bytes[r_end + 2] === 0 ? r_end + 3 : r_end + 2
-
-  const r = BigInt(Hex.fromBytes(bytes.slice(r_start, r_end)))
-  const s = BigInt(Hex.fromBytes(bytes.slice(s_start)))
-
-  return {
-    r,
-    s: s > p256.CURVE.n / 2n ? p256.CURVE.n - s : s,
-  }
+  const sig = p256.Signature.fromDER(bytes).normalizeS()
+  return { r: sig.r, s: sig.s }
 }
 
 /**
@@ -183,7 +24,7 @@ export async function parseCredentialPublicKey(
 ): Promise<PublicKey.PublicKey> {
   try {
     const publicKeyBuffer = response.getPublicKey()
-    if (!publicKeyBuffer) throw new CredentialCreationFailedError()
+    if (!publicKeyBuffer) throw new Registration.CreateFailedError()
 
     // Converting `publicKeyBuffer` throws when credential is created by 1Password Firefox Add-on
     const publicKeyBytes = new Uint8Array(publicKeyBuffer)
@@ -218,7 +59,7 @@ export async function parseCredentialPublicKey(
       for (let i = 0; i < data.length - coordinate.length; i++)
         if (coordinate.every((byte, j) => data[i + j] === byte))
           return i + coordinate.length
-      throw new CredentialCreationFailedError()
+      throw new Registration.CreateFailedError()
     }
 
     const xStart = findStart(0x21)
@@ -235,5 +76,5 @@ export async function parseCredentialPublicKey(
 }
 
 export declare namespace parseCredentialPublicKey {
-  type ErrorType = CredentialCreationFailedError | Errors.GlobalErrorType
+  type ErrorType = Registration.CreateFailedError | Errors.GlobalErrorType
 }

package/erc8021/index.ts

@@ -17,7 +17,7 @@ export type {}
  *
  * const dataSuffix2 = Attribution.toDataSuffix({
  *   codes: ['baseapp', 'morpho'],
- *   codeRegistryAddress: '0x...'
+ *   codeRegistry: { address: '0x0000000000000000000000000000000000000000', chainId: 1 },
  * })
  * ```
  *
@@ -30,7 +30,7 @@ export type {}
  * const attribution = Attribution.fromData('0x...')
  *
  * console.log(attribution)
- * // @log: { codes: ['baseapp', 'morpho'], codeRegistryAddress: '0x...' }
+ * // @log: { codes: ['baseapp', 'morpho'], codeRegistry: { address: '0x...', chainId: 1 } }
  * ```
  *
  * @category ERC-8021

package/index.docs.ts

@@ -7,4 +7,5 @@ export * from './erc6492/index.js'
 export * from './erc7821/index.js'
 export * from './erc8010/index.js'
 export * from './erc8021/index.js'
+export * from './webauthn/index.js'
 export * from './tempo/index.js'

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "ox",
   "description": "Ethereum Standard Library",
-  "version": "0.12.3",
+  "version": "0.13.0",
   "main": "./_cjs/index.js",
   "module": "./_esm/index.js",
   "types": "./_types/index.d.ts",
@@ -554,6 +554,36 @@
       "import": "./_esm/trusted-setups/index.js",
       "default": "./_cjs/trusted-setups/index.js"
     },
+    "./webauthn/Authentication": {
+      "types": "./_types/webauthn/Authentication.d.ts",
+      "import": "./_esm/webauthn/Authentication.js",
+      "default": "./_cjs/webauthn/Authentication.js"
+    },
+    "./webauthn/Authenticator": {
+      "types": "./_types/webauthn/Authenticator.d.ts",
+      "import": "./_esm/webauthn/Authenticator.js",
+      "default": "./_cjs/webauthn/Authenticator.js"
+    },
+    "./webauthn/Credential": {
+      "types": "./_types/webauthn/Credential.d.ts",
+      "import": "./_esm/webauthn/Credential.js",
+      "default": "./_cjs/webauthn/Credential.js"
+    },
+    "./webauthn/Registration": {
+      "types": "./_types/webauthn/Registration.d.ts",
+      "import": "./_esm/webauthn/Registration.js",
+      "default": "./_cjs/webauthn/Registration.js"
+    },
+    "./webauthn/Types": {
+      "types": "./_types/webauthn/Types.d.ts",
+      "import": "./_esm/webauthn/Types.js",
+      "default": "./_cjs/webauthn/Types.js"
+    },
+    "./webauthn": {
+      "types": "./_types/webauthn/index.d.ts",
+      "import": "./_esm/webauthn/index.js",
+      "default": "./_cjs/webauthn/index.js"
+    },
     "./window": {
       "types": "./_types/window/index.d.ts",
       "import": "./_esm/window/index.js",

package/tempo/Transaction.ts

@@ -13,7 +13,7 @@ import type { Call } from './TxEnvelopeTempo.js'
 /**
  * A Transaction as defined in the [Execution API specification](https://github.com/ethereum/execution-apis/blob/main/src/schemas/transaction.yaml).
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions Tempo Transactions}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions}
  */
 export type Transaction<
   pending extends boolean = false,
@@ -39,7 +39,7 @@ export type Rpc<pending extends boolean = false> = UnionCompute<
  * Features configurable fee tokens, call batching, fee sponsorship, access keys,
  * parallelizable nonces, and scheduled execution via `validAfter`/`validBefore`.
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction Tempo Transaction Specification}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction}
  */
 export type Tempo<
   pending extends boolean = false,

package/tempo/TransactionReceipt.ts

@@ -9,7 +9,7 @@ import * as ox_TransactionReceipt from '../core/TransactionReceipt.js'
  * Extends standard receipts with `feePayer` (the address that paid fees) and
  * `feeToken` (the TIP-20 token used for fee payment).
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions Tempo Transactions}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions}
  */
 export type TransactionReceipt<
   status = ox_TransactionReceipt.Status,
@@ -60,7 +60,7 @@ export const toRpcType = {
 /**
  * Converts an RPC receipt to a TransactionReceipt.
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions Tempo Transactions}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions}
  *
  * @example
  * ```ts twoslash

package/tempo/TransactionRequest.ts

@@ -16,7 +16,7 @@ type KeyType = 'secp256k1' | 'p256' | 'webAuthn'
  * Extends the [Execution API specification](https://github.com/ethereum/execution-apis/blob/4aca1d7a3e5aab24c8f6437131289ad386944eaa/src/schemas/transaction.yaml#L358-L423)
  * with Tempo-specific fields for batched calls, fee tokens, access keys, and scheduled execution.
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions Tempo Transactions}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions}
  */
 export type TransactionRequest<
   bigintType = bigint,
@@ -54,7 +54,7 @@ export type Rpc = Omit<
 /**
  * Converts a {@link ox#TransactionRequest.TransactionRequest} to a {@link ox#TransactionRequest.Rpc}.
  *
- * @see {@link https://docs.tempo.xyz/protocol/transactions Tempo Transactions}
+ * @see {@link https://docs.tempo.xyz/protocol/transactions}
  *
  * @example
  * ```ts twoslash

package/tempo/TxEnvelopeTempo.test.ts

@@ -7,6 +7,7 @@ import * as TxEnvelopeTempo from './TxEnvelopeTempo.js'
 
 const privateKey =
   '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80'
+const address = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey }))
 
 describe('assert', () => {
   test('empty calls list', () => {
@@ -340,6 +341,7 @@ describe('deserialize', () => {
       })
       expect(TxEnvelopeTempo.deserialize(serialized)).toEqual({
         ...transaction,
+        from: address,
         signature: { signature, type: 'secp256k1' },
       })
     })
@@ -354,6 +356,7 @@ describe('deserialize', () => {
       })
       expect(TxEnvelopeTempo.deserialize(serialized)).toEqual({
         ...transaction,
+        from: address,
         signature: { signature, type: 'secp256k1' },
       })
     })
@@ -377,6 +380,7 @@ describe('deserialize', () => {
       delete signature.yParity
       expect(TxEnvelopeTempo.deserialize(serialized)).toEqual({
         ...transaction,
+        from: Address.fromPublicKey(publicKey),
         signature: { prehash: true, publicKey, signature, type: 'p256' },
       })
     })
@@ -417,6 +421,7 @@ describe('deserialize', () => {
     ]).slice(2)}` as const
     const deserialized = TxEnvelopeTempo.deserialize(serialized)
     expect(deserialized.feePayerSignature).toBe(null)
+    expect(deserialized.from).toBe('0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266')
   })
 
   test('feePayerSignature with signature tuple', () => {
@@ -1174,6 +1179,7 @@ describe('serialize', () => {
       delete signature.yParity
       expect(TxEnvelopeTempo.deserialize(serialized)).toEqual({
         ...transaction,
+        from: Address.fromPublicKey(publicKey),
         nonceKey: 0n,
         signature: { prehash: true, publicKey, signature, type: 'p256' },
       })

package/tempo/TxEnvelopeTempo.ts

@@ -351,9 +351,11 @@ export function deserialize(serialized: Serialized): Compute<TxEnvelopeTempo> {
     if (
       feePayerSignatureOrSender === '0x00' ||
       Address.validate(feePayerSignatureOrSender)
-    )
+    ) {
       transaction.feePayerSignature = null
-    else
+      if (Address.validate(feePayerSignatureOrSender))
+        transaction.from = feePayerSignatureOrSender
+    } else
       transaction.feePayerSignature = Signature.fromTuple(
         feePayerSignatureOrSender as never,
       )
@@ -373,6 +375,24 @@ export function deserialize(serialized: Serialized): Compute<TxEnvelopeTempo> {
       signature: signatureEnvelope,
     }
 
+  // Recover sender address from the signature if not already set.
+  if (!transaction.from && signatureEnvelope) {
+    try {
+      if (signatureEnvelope.type === 'keychain')
+        transaction.from = signatureEnvelope.userAddress
+      else if (
+        signatureEnvelope.type === 'p256' ||
+        signatureEnvelope.type === 'webAuthn'
+      )
+        transaction.from = Address.fromPublicKey(signatureEnvelope.publicKey)
+      else if (signatureEnvelope.type === 'secp256k1')
+        transaction.from = Secp256k1.recoverAddress({
+          payload: getSignPayload(from(transaction)),
+          signature: signatureEnvelope.signature,
+        })
+    } catch {}
+  }
+
   assert(transaction)
 
   return transaction

package/version.ts

@@ -1,2 +1,2 @@
 /** @internal */
-export const version = '0.12.3'
+export const version = '0.13.0'

package/webauthn/Authentication/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "types": "../../_types/webauthn/Authentication.d.ts",
+  "main": "../../_cjs/webauthn/Authentication.js",
+  "module": "../../_esm/webauthn/Authentication.js"
+}