UNPKG

@mysten/sui

Version:

Sui TypeScript API(Work in Progress)

sdk.mystenlabs.com

307 lines (277 loc) 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
// Copyright (c) Mysten Labs, Inc. // SPDX-License-Identifier: Apache-2.0 import { toBase64 } from '@mysten/bcs'; import { secp256r1 } from '@noble/curves/p256'; import { blake2b } from '@noble/hashes/blake2b'; import { sha256 } from '@noble/hashes/sha256'; import { randomBytes } from '@noble/hashes/utils'; import { PasskeyAuthenticator } from '../../bcs/bcs.js'; import type { IntentScope, SignatureWithBytes } from '../../cryptography/index.js'; import { messageWithIntent, SIGNATURE_SCHEME_TO_FLAG, Signer } from '../../cryptography/index.js'; import type { PublicKey } from '../../cryptography/publickey.js'; import type { SignatureScheme } from '../../cryptography/signature-scheme.js'; import { parseDerSPKI, PASSKEY_PUBLIC_KEY_SIZE, PASSKEY_SIGNATURE_SIZE, PasskeyPublicKey, } from './publickey.js'; import type { AuthenticationCredential, RegistrationCredential } from './types.js'; type DeepPartialConfigKeys = 'rp' | 'user' | 'authenticatorSelection'; type DeepPartial<T> = T extends object ? { [P in keyof T]?: DeepPartial<T[P]>; } : T; export type BrowserPasswordProviderOptions = Pick< DeepPartial<PublicKeyCredentialCreationOptions>, DeepPartialConfigKeys > & Omit< Partial<PublicKeyCredentialCreationOptions>, DeepPartialConfigKeys | 'pubKeyCredParams' | 'challenge' >; export interface PasskeyProvider { create(): Promise<RegistrationCredential>; get(challenge: Uint8Array): Promise<AuthenticationCredential>; } // Default browser implementation export class BrowserPasskeyProvider implements PasskeyProvider { #name: string; #options: BrowserPasswordProviderOptions; constructor(name: string, options: BrowserPasswordProviderOptions) { this.#name = name; this.#options = options; } async create(): Promise<RegistrationCredential> { return (await navigator.credentials.create({ publicKey: { timeout: this.#options.timeout ?? 60000, ...this.#options, rp: { name: this.#name, ...this.#options.rp, }, user: { name: this.#name, displayName: this.#name, ...this.#options.user, id: randomBytes(10), }, challenge: new TextEncoder().encode('Create passkey wallet on Sui'), pubKeyCredParams: [{ alg: -7, type: 'public-key' }], authenticatorSelection: { authenticatorAttachment: 'cross-platform', residentKey: 'required', requireResidentKey: true, userVerification: 'required', ...this.#options.authenticatorSelection, }, }, })) as RegistrationCredential; } async get(challenge: Uint8Array): Promise<AuthenticationCredential> { return (await navigator.credentials.get({ publicKey: { challenge, userVerification: this.#options.authenticatorSelection?.userVerification || 'required', timeout: this.#options.timeout ?? 60000, }, })) as AuthenticationCredential; } } /** * @experimental * A passkey signer used for signing transactions. This is a client side implementation for [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md). */ export class PasskeyKeypair extends Signer { private publicKey: Uint8Array; private provider: PasskeyProvider; /** * Get the key scheme of passkey, */ getKeyScheme(): SignatureScheme { return 'Passkey'; } /** * Creates an instance of Passkey signer. If no passkey wallet had created before, * use `getPasskeyInstance`. For example: * ``` * let provider = new BrowserPasskeyProvider('Sui Passkey Example',{ * rpName: 'Sui Passkey Example', * rpId: window.location.hostname, * } as BrowserPasswordProviderOptions); * const signer = await PasskeyKeypair.getPasskeyInstance(provider); * ``` * * If there are existing passkey wallet, use `signAndRecover` to identify the correct * public key and then initialize the instance. See usage in `signAndRecover`. */ constructor(publicKey: Uint8Array, provider: PasskeyProvider) { super(); this.publicKey = publicKey; this.provider = provider; } /** * Creates an instance of Passkey signer invoking the passkey from navigator. * Note that this will invoke the passkey device to create a fresh credential. * Should only be called if passkey wallet is created for the first time. * * @param provider - the passkey provider. * @returns the passkey instance. */ static async getPasskeyInstance(provider: PasskeyProvider): Promise<PasskeyKeypair> { // create a passkey secp256r1 with the provider. const credential = await provider.create(); if (!credential.response.getPublicKey()) { throw new Error('Invalid credential create response'); } else { const derSPKI = credential.response.getPublicKey()!; const pubkeyUncompressed = parseDerSPKI(new Uint8Array(derSPKI)); const pubkey = secp256r1.ProjectivePoint.fromHex(pubkeyUncompressed); const pubkeyCompressed = pubkey.toRawBytes(true); return new PasskeyKeypair(pubkeyCompressed, provider); } } /** * Return the public key for this passkey. */ getPublicKey(): PublicKey { return new PasskeyPublicKey(this.publicKey); } /** * Return the signature for the provided data (i.e. blake2b(intent_message)). * This is sent to passkey as the challenge field. */ async sign(data: Uint8Array) { // asks the passkey to sign over challenge as the data. const credential = await this.provider.get(data); // parse authenticatorData (as bytes), clientDataJSON (decoded as string). const authenticatorData = new Uint8Array(credential.response.authenticatorData); const clientDataJSON = new Uint8Array(credential.response.clientDataJSON); // response.clientDataJSON is already UTF-8 encoded JSON const decoder = new TextDecoder(); const clientDataJSONString: string = decoder.decode(clientDataJSON); // parse the signature from DER format, normalize and convert to compressed format (33 bytes). const sig = secp256r1.Signature.fromDER(new Uint8Array(credential.response.signature)); const normalized = sig.normalizeS().toCompactRawBytes(); if ( normalized.length !== PASSKEY_SIGNATURE_SIZE || this.publicKey.length !== PASSKEY_PUBLIC_KEY_SIZE ) { throw new Error('Invalid signature or public key length'); } // construct userSignature as flag || sig || pubkey for the secp256r1 signature. const arr = new Uint8Array(1 + normalized.length + this.publicKey.length); arr.set([SIGNATURE_SCHEME_TO_FLAG['Secp256r1']]); arr.set(normalized, 1); arr.set(this.publicKey, 1 + normalized.length); // serialize all fields into a passkey signature according to https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md#signature-encoding return PasskeyAuthenticator.serialize({ authenticatorData: authenticatorData, clientDataJson: clientDataJSONString, userSignature: arr, }).toBytes(); } /** * This overrides the base class implementation that accepts the raw bytes and signs its * digest of the intent message, then serialize it with the passkey flag. */ async signWithIntent(bytes: Uint8Array, intent: IntentScope): Promise<SignatureWithBytes> { // prepend it into an intent message and computes the digest. const intentMessage = messageWithIntent(intent, bytes); const digest = blake2b(intentMessage, { dkLen: 32 }); // sign the digest. const signature = await this.sign(digest); // prepend with the passkey flag. const serializedSignature = new Uint8Array(1 + signature.length); serializedSignature.set([SIGNATURE_SCHEME_TO_FLAG[this.getKeyScheme()]]); serializedSignature.set(signature, 1); return { signature: toBase64(serializedSignature), bytes: toBase64(bytes), }; } /** * Given a message, asks the passkey device to sign it and return all (up to 4) possible public keys. * See: https://bitcoin.stackexchange.com/questions/81232/how-is-public-key-extracted-from-message-digital-signature-address * * This is useful if the user previously created passkey wallet with the origin, but the wallet session * does not have the public key / address. By calling this method twice with two different messages, the * wallet can compare the returned public keys and uniquely identify the previously created passkey wallet * using `findCommonPublicKey`. * * Alternatively, one call can be made and all possible public keys should be checked onchain to see if * there is any assets. * * Once the correct public key is identified, a passkey instance can then be initialized with this public key. * * Example usage to recover wallet with two signing calls: * ``` * let provider = new BrowserPasskeyProvider('Sui Passkey Example',{ * rpName: 'Sui Passkey Example', * rpId: window.location.hostname, * } as BrowserPasswordProviderOptions); * const testMessage = new TextEncoder().encode('Hello world!'); * const possiblePks = await PasskeyKeypair.signAndRecover(provider, testMessage); * const testMessage2 = new TextEncoder().encode('Hello world 2!'); * const possiblePks2 = await PasskeyKeypair.signAndRecover(provider, testMessage2); * const commonPk = findCommonPublicKey(possiblePks, possiblePks2); * const signer = new PasskeyKeypair(provider, commonPk.toRawBytes()); * ``` * * @param provider - the passkey provider. * @param message - the message to sign. * @returns all possible public keys. */ static async signAndRecover( provider: PasskeyProvider, message: Uint8Array, ): Promise<PublicKey[]> { const credential = await provider.get(message); const fullMessage = messageFromAssertionResponse(credential.response); const sig = secp256r1.Signature.fromDER(new Uint8Array(credential.response.signature)); const res = []; for (let i = 0; i < 4; i++) { const s = sig.addRecoveryBit(i); try { const pubkey = s.recoverPublicKey(sha256(fullMessage)); const pk = new PasskeyPublicKey(pubkey.toRawBytes(true)); res.push(pk); } catch { continue; } } return res; } } /** * Finds the unique public key that exists in both arrays, throws error if the common * pubkey does not equal to one. * * @param arr1 - The first pubkeys array. * @param arr2 - The second pubkeys array. * @returns The only common pubkey in both arrays. */ export function findCommonPublicKey(arr1: PublicKey[], arr2: PublicKey[]): PublicKey { const matchingPubkeys: PublicKey[] = []; for (const pubkey1 of arr1) { for (const pubkey2 of arr2) { if (pubkey1.equals(pubkey2)) { matchingPubkeys.push(pubkey1); } } } if (matchingPubkeys.length !== 1) { throw new Error('No unique public key found'); } return matchingPubkeys[0]; } /** * Constructs the message that the passkey signature is produced over as authenticatorData || sha256(clientDataJSON). */ function messageFromAssertionResponse(response: AuthenticatorAssertionResponse): Uint8Array { const authenticatorData = new Uint8Array(response.authenticatorData); const clientDataJSON = new Uint8Array(response.clientDataJSON); const clientDataJSONDigest = sha256(clientDataJSON); return new Uint8Array([...authenticatorData, ...clientDataJSONDigest]); }