UNPKG

@mysten/sui

Version:

Sui TypeScript API(Work in Progress)

sdk.mystenlabs.com

158 lines (138 loc) 4.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Copyright (c) Mysten Labs, Inc. // SPDX-License-Identifier: Apache-2.0 import { secp256r1 } from '@noble/curves/p256'; import { blake2b } from '@noble/hashes/blake2b'; import { sha256 } from '@noble/hashes/sha256'; import { bytesToHex } from '@noble/hashes/utils'; import { HDKey } from '@scure/bip32'; import { decodeSuiPrivateKey, encodeSuiPrivateKey, Keypair } from '../../cryptography/keypair.js'; import { isValidBIP32Path, mnemonicToSeed } from '../../cryptography/mnemonics.js'; import type { PublicKey } from '../../cryptography/publickey.js'; import type { SignatureScheme } from '../../cryptography/signature-scheme.js'; import { Secp256r1PublicKey } from './publickey.js'; export const DEFAULT_SECP256R1_DERIVATION_PATH = "m/74'/784'/0'/0/0"; /** * Secp256r1 Keypair data */ export interface Secp256r1KeypairData { publicKey: Uint8Array; secretKey: Uint8Array; } /** * An Secp256r1 Keypair used for signing transactions. */ export class Secp256r1Keypair extends Keypair { private keypair: Secp256r1KeypairData; /** * Create a new keypair instance. * Generate random keypair if no {@link Secp256r1Keypair} is provided. * * @param keypair Secp256r1 keypair */ constructor(keypair?: Secp256r1KeypairData) { super(); if (keypair) { this.keypair = keypair; } else { const secretKey: Uint8Array = secp256r1.utils.randomPrivateKey(); const publicKey: Uint8Array = secp256r1.getPublicKey(secretKey, true); this.keypair = { publicKey, secretKey }; } } /** * Get the key scheme of the keypair Secp256r1 */ getKeyScheme(): SignatureScheme { return 'Secp256r1'; } /** * Generate a new random keypair */ static generate(): Secp256r1Keypair { return new Secp256r1Keypair(); } /** * Create a keypair from a raw secret key byte array. * * This method should only be used to recreate a keypair from a previously * generated secret key. Generating keypairs from a random seed should be done * with the {@link Keypair.fromSeed} method. * * @throws error if the provided secret key is invalid and validation is not skipped. * * @param secretKey secret key byte array or Bech32 secret key string * @param options: skip secret key validation */ static fromSecretKey( secretKey: Uint8Array | string, options?: { skipValidation?: boolean }, ): Secp256r1Keypair { if (typeof secretKey === 'string') { const decoded = decodeSuiPrivateKey(secretKey); if (decoded.schema !== 'Secp256r1') { throw new Error(`Expected a Secp256r1 keypair, got ${decoded.schema}`); } return this.fromSecretKey(decoded.secretKey, options); } const publicKey: Uint8Array = secp256r1.getPublicKey(secretKey, true); if (!options || !options.skipValidation) { const encoder = new TextEncoder(); const signData = encoder.encode('sui validation'); const msgHash = bytesToHex(blake2b(signData, { dkLen: 32 })); const signature = secp256r1.sign(msgHash, secretKey, { lowS: true }); if (!secp256r1.verify(signature, msgHash, publicKey, { lowS: true })) { throw new Error('Provided secretKey is invalid'); } } return new Secp256r1Keypair({ publicKey, secretKey }); } /** * Generate a keypair from a 32 byte seed. * * @param seed seed byte array */ static fromSeed(seed: Uint8Array): Secp256r1Keypair { const publicKey = secp256r1.getPublicKey(seed, true); return new Secp256r1Keypair({ publicKey, secretKey: seed }); } /** * The public key for this keypair */ getPublicKey(): PublicKey { return new Secp256r1PublicKey(this.keypair.publicKey); } /** * The Bech32 secret key string for this Secp256r1 keypair */ getSecretKey(): string { return encodeSuiPrivateKey(this.keypair.secretKey, this.getKeyScheme()); } /** * Return the signature for the provided data. */ async sign(data: Uint8Array) { const msgHash = sha256(data); const sig = secp256r1.sign(msgHash, this.keypair.secretKey, { lowS: true, }); return sig.toCompactRawBytes(); } /** * Derive Secp256r1 keypair from mnemonics and path. The mnemonics must be normalized * and validated against the english wordlist. * * If path is none, it will default to m/74'/784'/0'/0/0, otherwise the path must * be compliant to BIP-32 in form m/74'/784'/{account_index}'/{change_index}/{address_index}. */ static deriveKeypair(mnemonics: string, path?: string): Secp256r1Keypair { if (path == null) { path = DEFAULT_SECP256R1_DERIVATION_PATH; } if (!isValidBIP32Path(path)) { throw new Error('Invalid derivation path'); } // We use HDKey which is hardcoded to use Secp256k1 but since we only need the 32 bytes for the private key it's okay to use here as well. const privateKey = HDKey.fromMasterSeed(mnemonicToSeed(mnemonics)).derive(path).privateKey; return Secp256r1Keypair.fromSecretKey(privateKey!); } }