tempo.ts 0.7.5 → 0.8.0

package/src/ox/TransactionEnvelopeAA.test.ts

@@ -1,6 +1,7 @@
-import { Hex, P256, Rlp, Secp256k1, Value } from 'ox'
+import { Hex, P256, Rlp, Secp256k1, Value, WebAuthnP256 } from 'ox'
 import { describe, expect, test } from 'vitest'
 import { SignatureEnvelope } from './index.js'
+import * as KeyAuthorization from './KeyAuthorization.js'
 import * as TransactionEnvelopeAA from './TransactionEnvelopeAA.js'
 
 const privateKey =
@@ -254,6 +255,37 @@ describe('deserialize', () => {
     )
   })
 
+  test('keyAuthorization', () => {
+    const keyAuthorization = KeyAuthorization.from({
+      expiry: 1234567890,
+      address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      type: 'secp256k1',
+      limits: [
+        {
+          token: '0x20c0000000000000000000000000000000000001',
+          limit: Value.from('10', 6),
+        },
+      ],
+      signature: SignatureEnvelope.from({
+        r: 44944627813007772897391531230081695102703289123332187696115181104739239197517n,
+        s: 36528503505192438307355164441104001310566505351980369085208178712678799181120n,
+        yParity: 0,
+      }),
+    })
+
+    const transaction_keyAuthorization = TransactionEnvelopeAA.from({
+      ...transaction,
+      keyAuthorization,
+    })
+
+    const serialized = TransactionEnvelopeAA.serialize(
+      transaction_keyAuthorization,
+    )
+    expect(TransactionEnvelopeAA.deserialize(serialized)).toEqual(
+      transaction_keyAuthorization,
+    )
+  })
+
   describe('signature', () => {
     test('secp256k1', () => {
       const signature = Secp256k1.sign({
@@ -456,7 +488,7 @@ describe('deserialize', () => {
         [TransactionEnvelope.InvalidSerializedError: Invalid serialized transaction of type "aa" was provided.
 
         Serialized Transaction: "0x76c0"
-        Missing Attributes: chainId, maxPriorityFeePerGas, maxFeePerGas, gas, calls, accessList, nonceKey, nonce, validBefore, validAfter, feeToken, feePayerSignatureOrSender]
+        Missing Attributes: chainId, maxPriorityFeePerGas, maxFeePerGas, gas, calls, accessList, keyAuthorization, nonceKey, nonce, validBefore, validAfter, feeToken, feePayerSignatureOrSender]
       `)
     })
 
@@ -469,7 +501,7 @@ describe('deserialize', () => {
         [TransactionEnvelope.InvalidSerializedError: Invalid serialized transaction of type "aa" was provided.
 
         Serialized Transaction: "0x76c20001"
-        Missing Attributes: maxFeePerGas, gas, calls, accessList, nonceKey, nonce, validBefore, validAfter, feeToken, feePayerSignatureOrSender]
+        Missing Attributes: maxFeePerGas, gas, calls, accessList, keyAuthorization, nonceKey, nonce, validBefore, validAfter, feeToken, feePayerSignatureOrSender]
       `)
     })
 
@@ -520,6 +552,7 @@ describe('deserialize', () => {
             '0x', // feeToken
             '0x', // feePayerSignature
             [], // authorizationList
+            [], // keyAuthorization
             '0x1234', // signature
             '0x5678', // extra field
           ]).slice(2)}`,
@@ -527,7 +560,7 @@ describe('deserialize', () => {
       ).toThrowErrorMatchingInlineSnapshot(`
         [TransactionEnvelope.InvalidSerializedError: Invalid serialized transaction of type "aa" was provided.
 
-        Serialized Transaction: "0x76eb01010101d8d7940000000000000000000000000000000000000000008080000080808080c0821234825678"]
+        Serialized Transaction: "0x76ec01010101d8d7940000000000000000000000000000000000000000008080000080808080c0c0821234825678"]
       `)
     })
   })
@@ -764,6 +797,133 @@ describe('serialize', () => {
     )
   })
 
+  test('keyAuthorization (secp256k1)', () => {
+    const keyAuthorization = KeyAuthorization.from({
+      address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      expiry: 1234567890,
+      type: 'secp256k1',
+      limits: [
+        {
+          token: '0x20c0000000000000000000000000000000000001',
+          limit: Value.from('10', 6),
+        },
+      ],
+      signature: SignatureEnvelope.from({
+        r: 44944627813007772897391531230081695102703289123332187696115181104739239197517n,
+        s: 36528503505192438307355164441104001310566505351980369085208178712678799181120n,
+        yParity: 0,
+      }),
+    })
+
+    const transaction = TransactionEnvelopeAA.from({
+      chainId: 1,
+      calls: [{ to: '0x70997970c51812dc3a010c7d01b50e0d17dc79c8' }],
+      nonce: 0n,
+      keyAuthorization,
+    })
+
+    const serialized = TransactionEnvelopeAA.serialize(transaction)
+    expect(serialized).toMatchInlineSnapshot(
+      `"0x76f8a201808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f87bf7808094be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b841635dc2033e60185bb36709c29c75d64ea51dfbd91c32ef4be198e4ceb169fb4d50c2667ac4c771072746acfdcf1f1483336dcca8bd2df47cd83175dbe60f05401b"`,
+    )
+
+    const deserialized = TransactionEnvelopeAA.deserialize(serialized)
+    expect(deserialized.keyAuthorization).toEqual(keyAuthorization)
+  })
+
+  test('keyAuthorization (p256)', () => {
+    const keyAuthorization = KeyAuthorization.from({
+      address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      expiry: 1234567890,
+      type: 'p256',
+      limits: [
+        {
+          token: '0x20c0000000000000000000000000000000000001',
+          limit: Value.from('10', 6),
+        },
+      ],
+      signature: SignatureEnvelope.from({
+        signature: {
+          r: 92602584010956101470289867944347135737570451066466093224269890121909314569518n,
+          s: 54171125190222965779385658110416711469231271457324878825831748147306957269813n,
+        },
+        publicKey: {
+          prefix: 4,
+          x: 78495282704852028275327922540131762143565388050940484317945369745559774511861n,
+          y: 8109764566587999957624872393871720746996669263962991155166704261108473113504n,
+        },
+        prehash: true,
+      }),
+    })
+
+    const transaction = TransactionEnvelopeAA.from({
+      chainId: 1,
+      calls: [{ to: '0x70997970c51812dc3a010c7d01b50e0d17dc79c8' }],
+      nonce: 0n,
+      keyAuthorization,
+    })
+
+    const serialized = TransactionEnvelopeAA.serialize(transaction)
+    expect(serialized).toMatchInlineSnapshot(
+      `"0x76f8e301808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f8bcf7800194be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b88201ccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba001"`,
+    )
+
+    const deserialized = TransactionEnvelopeAA.deserialize(serialized)
+    expect(deserialized.keyAuthorization).toEqual(keyAuthorization)
+  })
+
+  test('keyAuthorization (webAuthn)', () => {
+    const metadata = {
+      authenticatorData: WebAuthnP256.getAuthenticatorData({
+        rpId: 'localhost',
+      }),
+      clientDataJSON: WebAuthnP256.getClientDataJSON({
+        challenge: '0xdeadbeef',
+        origin: 'http://localhost',
+      }),
+    }
+
+    const keyAuthorization = KeyAuthorization.from({
+      address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      expiry: 1234567890,
+      type: 'webAuthn',
+      limits: [
+        {
+          token: '0x20c0000000000000000000000000000000000001',
+          limit: Value.from('10', 6),
+        },
+      ],
+      signature: SignatureEnvelope.from({
+        signature: {
+          r: 92602584010956101470289867944347135737570451066466093224269890121909314569518n,
+          s: 54171125190222965779385658110416711469231271457324878825831748147306957269813n,
+        },
+        publicKey: {
+          prefix: 4,
+          x: 78495282704852028275327922540131762143565388050940484317945369745559774511861n,
+          y: 8109764566587999957624872393871720746996669263962991155166704261108473113504n,
+        },
+        metadata,
+      }),
+    })
+
+    const transaction = TransactionEnvelopeAA.from({
+      chainId: 1,
+      calls: [{ to: '0x70997970c51812dc3a010c7d01b50e0d17dc79c8' }],
+      nonce: 0n,
+      keyAuthorization,
+    })
+
+    const serialized = TransactionEnvelopeAA.serialize(transaction)
+    expect(serialized).toMatchInlineSnapshot(
+      `"0x76f9016501808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f9013df7800294be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b901020249960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d976305000000007b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a223371322d3777222c226f726967696e223a22687474703a2f2f6c6f63616c686f7374222c2263726f73734f726967696e223a66616c73657dccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba0"`,
+    )
+
+    // Verify roundtrip
+    const deserialized = TransactionEnvelopeAA.deserialize(serialized)
+    expect(deserialized.keyAuthorization).toEqual(keyAuthorization)
+  })
+
   describe('with signature', () => {
     test('secp256k1', () => {
       const transaction = TransactionEnvelopeAA.from({

package/src/ox/TransactionEnvelopeAA.ts

@@ -14,6 +14,7 @@ import type {
   PartialBy,
   UnionPartialBy,
 } from '../internal/types.js'
+import * as KeyAuthorization from './KeyAuthorization.js'
 import * as SignatureEnvelope from './SignatureEnvelope.js'
 import * as TokenId from './TokenId.js'
 
@@ -57,6 +58,16 @@ export type TransactionEnvelopeAA<
       | undefined
     /** Fee token preference. Address or ID of the TIP-20 token. */
     feeToken?: TokenId.TokenIdOrAddress | undefined
+    /**
+     * Key authorization for provisioning a new access key.
+     *
+     * When present, this transaction will add the specified key to the AccountKeychain precompile,
+     * before verifying the transaction signature.
+     * The authorization must be signed with the root key, the tx can be signed by the Keychain signature.
+     */
+    keyAuthorization?:
+      | KeyAuthorization.Signed<bigintType, numberType>
+      | undefined
     /** Total fee per gas in wei (gasPrice/baseFeePerGas + maxPriorityFeePerGas). */
     maxFeePerGas?: bigintType | undefined
     /** Max priority fee per gas (in wei). */
@@ -216,10 +227,24 @@ export function deserialize(
     feeToken,
     feePayerSignatureOrSender,
     _authorizationList, // TODO: add
-    signature,
+    keyAuthorizationOrSignature,
+    maybeSignature,
   ] = transactionArray as readonly Hex.Hex[]
 
-  if (!(transactionArray.length === 13 || transactionArray.length === 14))
+  const keyAuthorization = Array.isArray(keyAuthorizationOrSignature)
+    ? keyAuthorizationOrSignature
+    : undefined
+  const signature = keyAuthorization
+    ? maybeSignature
+    : keyAuthorizationOrSignature
+
+  if (
+    !(
+      transactionArray.length === 13 ||
+      transactionArray.length === 14 ||
+      transactionArray.length === 15
+    )
+  )
     throw new TransactionEnvelope.InvalidSerializedError({
       attributes: {
         chainId,
@@ -228,6 +253,7 @@ export function deserialize(
         gas,
         calls,
         accessList,
+        keyAuthorization,
         nonceKey,
         nonce,
         validBefore,
@@ -296,6 +322,11 @@ export function deserialize(
       )
   }
 
+  if (keyAuthorization)
+    transaction.keyAuthorization = KeyAuthorization.fromTuple(
+      keyAuthorization as never,
+    )
+
   const signatureEnvelope = signature
     ? SignatureEnvelope.deserialize(signature)
     : undefined
@@ -516,6 +547,7 @@ export function serialize(
     chainId,
     feeToken,
     gas,
+    keyAuthorization,
     nonce,
     nonceKey,
     maxFeePerGas,
@@ -562,7 +594,8 @@ export function serialize(
       ? TokenId.toAddress(feeToken)
       : '0x',
     feePayerSignatureOrSender,
-    [], // TODO: authlist
+    [], // TODO: authList
+    ...(keyAuthorization ? [KeyAuthorization.toTuple(keyAuthorization)] : []),
     ...(signature
       ? [SignatureEnvelope.serialize(SignatureEnvelope.from(signature))]
       : []),

package/src/ox/TransactionRequest.ts

@@ -3,6 +3,7 @@ import type * as Errors from 'ox/Errors'
 import * as Hex from 'ox/Hex'
 import * as ox_TransactionRequest from 'ox/TransactionRequest'
 import type { Compute } from '../internal/types.js'
+import * as KeyAuthorization from './KeyAuthorization.js'
 import * as TokenId from './TokenId.js'
 import * as Transaction from './Transaction.js'
 import type { Call } from './TransactionEnvelopeAA.js'
@@ -17,16 +18,24 @@ export type TransactionRequest<
 > = Compute<
   ox_TransactionRequest.TransactionRequest<bigintType, numberType, type> & {
     calls?: readonly Call<bigintType>[] | undefined
+    keyAuthorization?: KeyAuthorization.KeyAuthorization<true> | undefined
     keyData?: Hex.Hex | undefined
     keyType?: KeyType | undefined
     feeToken?: TokenId.TokenIdOrAddress | undefined
+    nonceKey?: 'random' | bigintType | undefined
     validBefore?: numberType | undefined
     validAfter?: numberType | undefined
   }
 >
 
 /** RPC representation of a {@link ox#TransactionRequest.TransactionRequest}. */
-export type Rpc = TransactionRequest<Hex.Hex, Hex.Hex, string>
+export type Rpc = Omit<
+  TransactionRequest<Hex.Hex, Hex.Hex, string>,
+  'keyAuthorization'
+> & {
+  keyAuthorization?: KeyAuthorization.Rpc | undefined
+  nonceKey?: Hex.Hex | undefined
+}
 
 /**
  * Converts a {@link ox#TransactionRequest.TransactionRequest} to a {@link ox#TransactionRequest.Rpc}.
@@ -82,11 +91,23 @@ export function toRpc(request: TransactionRequest): Rpc {
     }))
   if (typeof request.feeToken !== 'undefined')
     request_rpc.feeToken = TokenId.toAddress(request.feeToken)
+  if (request.keyAuthorization)
+    request_rpc.keyAuthorization = KeyAuthorization.toRpc(
+      request.keyAuthorization,
+    )
   if (typeof request.validBefore !== 'undefined')
     request_rpc.validBefore = Hex.fromNumber(request.validBefore)
   if (typeof request.validAfter !== 'undefined')
     request_rpc.validAfter = Hex.fromNumber(request.validAfter)
 
+  const nonceKey = (() => {
+    if (request.nonceKey === 'random') return Hex.random(6)
+    if (typeof request.nonceKey === 'bigint')
+      return Hex.fromNumber(request.nonceKey)
+    return undefined
+  })()
+  if (nonceKey) request_rpc.nonceKey = nonceKey
+
   if (
     request.calls ||
     typeof request.feeToken !== 'undefined' ||