UNPKG

@mysten/sui

Version:

Sui TypeScript API(Work in Progress)

sdk.mystenlabs.com

102 lines (85 loc) 2.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Copyright (c) Mysten Labs, Inc. // SPDX-License-Identifier: Apache-2.0 import { blake2b } from '@noble/hashes/blake2b'; import { bytesToHex } from '@noble/hashes/utils'; import { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js'; import { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/index.js'; import { decodeJwt } from './jwt-utils.js'; import { genAddressSeed, normalizeZkLoginIssuer, toBigEndianBytes, toPaddedBigEndianBytes, } from './utils.js'; export function computeZkLoginAddressFromSeed( addressSeed: bigint, iss: string, /** TODO: This default should be changed in the next major release */ legacyAddress = true, ) { const addressSeedBytesBigEndian = legacyAddress ? toBigEndianBytes(addressSeed, 32) : toPaddedBigEndianBytes(addressSeed, 32); const addressParamBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss)); const tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length); tmp.set([SIGNATURE_SCHEME_TO_FLAG.ZkLogin]); tmp.set([addressParamBytes.length], 1); tmp.set(addressParamBytes, 2); tmp.set(addressSeedBytesBigEndian, 2 + addressParamBytes.length); return normalizeSuiAddress( bytesToHex(blake2b(tmp, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2), ); } export const MAX_HEADER_LEN_B64 = 248; export const MAX_PADDED_UNSIGNED_JWT_LEN = 64 * 25; export function lengthChecks(jwt: string) { const [header, payload] = jwt.split('.'); /// Is the header small enough if (header.length > MAX_HEADER_LEN_B64) { throw new Error(`Header is too long`); } /// Is the combined length of (header, payload, SHA2 padding) small enough? // unsigned_jwt = header + '.' + payload; const L = (header.length + 1 + payload.length) * 8; const K = (512 + 448 - ((L % 512) + 1)) % 512; // The SHA2 padding is 1 followed by K zeros, followed by the length of the message const padded_unsigned_jwt_len = (L + 1 + K + 64) / 8; // The padded unsigned JWT must be less than the max_padded_unsigned_jwt_len if (padded_unsigned_jwt_len > MAX_PADDED_UNSIGNED_JWT_LEN) { throw new Error(`JWT is too long`); } } export function jwtToAddress(jwt: string, userSalt: string | bigint, legacyAddress = false) { lengthChecks(jwt); const decodedJWT = decodeJwt(jwt); return computeZkLoginAddress({ userSalt, claimName: 'sub', claimValue: decodedJWT.sub, aud: decodedJWT.aud, iss: decodedJWT.iss, legacyAddress, }); } export interface ComputeZkLoginAddressOptions { claimName: string; claimValue: string; userSalt: string | bigint; iss: string; aud: string; legacyAddress?: boolean; } export function computeZkLoginAddress({ claimName, claimValue, iss, aud, userSalt, legacyAddress = false, }: ComputeZkLoginAddressOptions) { return computeZkLoginAddressFromSeed( genAddressSeed(userSalt, claimName, claimValue, aud), iss, legacyAddress, ); }