UNPKG

@oasisprotocol/sapphire-paratime

Version:

The Sapphire ParaTime Web3 integration library.

github.com/oasisprotocol/sapphire-paratime/tree/main/clients/js

oasisprotocol/sapphire-paratime

329 lines (278 loc) 9.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
// SPDX-License-Identifier: Apache-2.0 import { decode as cborDecode, encode as cborEncode } from 'cborg'; import deoxysii from '@oasisprotocol/deoxysii'; import { sha512_256 } from '@noble/hashes/sha512'; import { hmac } from '@noble/hashes/hmac'; import { randomBytes } from '@noble/hashes/utils'; import { BoxKeyPair, boxKeyPairFromSecretKey, crypto_box_SECRETKEYBYTES, naclScalarMult, } from './munacl.js'; import { BytesLike, isBytesLike, getBytes, hexlify } from './ethersutils.js'; /** * Some Ethereum libraries are picky about hex encoding vs Uint8Array * * The ethers BytesLike type can be either, if the request came as a hex encoded * string we should return hex encoded string, if request came as Uint8Array we * should return one. * * Notably hardhat-ignition doesn't work well with Uint8Array responses * * @param example Some example data, where we should return the same type * @param output Output data * @returns Output data, as either hex encoded 0x-prefixed string, or Uint8Array */ function asBytesLike(example: BytesLike, output: BytesLike): BytesLike { if (!isBytesLike(example) || !isBytesLike(output)) { throw new Error('Not byteslike data!'); } if (typeof example === 'string') { if (typeof output === 'string') { return output; } return hexlify(output); } if (typeof output === 'string') { return hexlify(output); } return output; } export enum CipherKind { X25519DeoxysII = 1, } export type InnerEnvelope = { body: Uint8Array; }; export type Envelope = { format: CipherKind; body: { pk: Uint8Array; nonce: Uint8Array; data: Uint8Array; epoch?: number; }; }; export type AeadEnvelope = { nonce: Uint8Array; data: Uint8Array }; export type CallResult = { ok?: string | Uint8Array | AeadEnvelope; fail?: CallFailure; unknown?: AeadEnvelope; }; export type CallFailure = { module: string; code: number; message?: string }; function formatFailure(fail: CallFailure): string { if (fail.message) return fail.message; return `Call failed in module '${fail.module}' with code '${fail.code}'`; } export abstract class Cipher { public abstract kind: CipherKind; // The Sapphire's public key rotated each epoch public abstract publicKey: Uint8Array; // The client's keypair for encrypting/decrypting transactions and queries using the X25519-DeoxysII, rotated on-demand. public abstract ephemeralKey: Uint8Array; public abstract epoch?: number; public abstract encrypt( plaintext: Uint8Array, nonce?: Uint8Array, ): { ciphertext: Uint8Array; nonce: Uint8Array; }; public abstract decrypt( nonce: Uint8Array, ciphertext: Uint8Array, ): Uint8Array; /** Encrypts the plaintext and encodes it for sending. */ public encryptCall( calldata?: BytesLike | null, nonce?: Uint8Array, ): BytesLike { // Txs without data are just balance transfers, and all data in those is public. if (calldata === undefined || calldata === null || calldata.length === 0) return ''; if (!isBytesLike(calldata)) { throw new Error('Attempted to sign tx having non-byteslike data.'); } const innerEnvelope = cborEncode({ body: getBytes(calldata) }); let ciphertext: Uint8Array; ({ ciphertext, nonce } = this.encrypt(innerEnvelope, nonce)); const envelope: Envelope = { format: this.kind, body: { pk: this.publicKey, nonce, data: ciphertext, epoch: this.epoch, }, }; return asBytesLike(calldata, cborEncode(envelope)); } public decryptCall(envelopeBytes: BytesLike): BytesLike { const envelope = cborDecode(getBytes(envelopeBytes)); if (!isEnvelopeFormatOk(envelope)) { throw new EnvelopeError('Unexpected non-envelope!'); } const result = this.decrypt(envelope.body.nonce, envelope.body.data); const inner = cborDecode(result) as InnerEnvelope; return asBytesLike(envelopeBytes, inner.body); } public encryptResult( ok?: Uint8Array, innerFail?: string, outerFail?: string, ): Uint8Array { if (ok || innerFail) { if ((ok && innerFail) || outerFail) { throw new EnvelopeError('Conflicting result envelope', { ok, innerFail, outerFail, }); } // Inner envelope is encrypted const inner = cborEncode(innerFail ? { fail: innerFail } : { ok }); const { nonce, ciphertext: data } = this.encrypt(inner); // Outer envelope is plaintext const envelope = cborEncode({ ok: { nonce, data } as AeadEnvelope, }); return envelope; } if (outerFail) { // Outer failures are returned in plaintext return cborEncode({ fail: outerFail }); } throw new EnvelopeError('Cannot encrypt result with no data or failures!', { ok, innerFail, outerFail, }); } /** Decrypts the data contained within a hex-encoded serialized envelope. */ public decryptResult(callResult: BytesLike): BytesLike { const envelope = cborDecode(getBytes(callResult)); if (envelope.fail) { throw new EnvelopeError(formatFailure(envelope.fail), envelope.fail); } // Unencrypted results will have `ok` as bytes, not a struct if ( envelope.ok && (typeof envelope.ok === 'string' || envelope.ok instanceof Uint8Array) ) { throw new EnvelopeError('Received unencrypted envelope', envelope); } // Encrypted result will have `ok` as a CBOR encoded struct const { nonce, data } = (envelope.ok as AeadEnvelope) ?? envelope.unknown; const inner = cborDecode(this.decrypt(nonce, data)); if (inner.ok) { return asBytesLike(callResult, getBytes(inner.ok)); } if (inner.fail) { throw new EnvelopeError(formatFailure(inner.fail), inner.fail); } throw new EnvelopeError( `Unexpected inner call result: ${JSON.stringify(inner)}`, inner, ); } } /** * A {@link Cipher} that derives a shared secret using X25519 and then uses DeoxysII for encrypting using that secret. * * This is the default cipher. */ export class X25519DeoxysII extends Cipher { public override readonly kind = CipherKind.X25519DeoxysII; public override readonly publicKey: Uint8Array; public override readonly ephemeralKey: Uint8Array; public override readonly epoch: number | undefined; private cipher: deoxysii.AEAD; public secretKey: Uint8Array; // Stored for curious users. /** Creates a new cipher using an ephemeral keypair stored in memory. */ static ephemeral(peerPublicKey: BytesLike, epoch?: number): X25519DeoxysII { const keypair = boxKeyPairFromSecretKey( randomBytes(crypto_box_SECRETKEYBYTES), ); return new X25519DeoxysII(keypair, getBytes(peerPublicKey), epoch); } static fromSecretKey( secretKey: BytesLike, peerPublicKey: BytesLike, epoch?: number, ): X25519DeoxysII { const keypair = boxKeyPairFromSecretKey(getBytes(secretKey)); return new X25519DeoxysII(keypair, getBytes(peerPublicKey), epoch); } public constructor( keypair: BoxKeyPair, peerPublicKey: Uint8Array, epoch?: number, ) { super(); this.publicKey = keypair.publicKey; this.ephemeralKey = keypair.secretKey; this.epoch = epoch; // Derive a shared secret using X25519 (followed by hashing to remove ECDH bias). const keyBytes = hmac .create( sha512_256, new TextEncoder().encode('MRAE_Box_Deoxys-II-256-128'), ) .update(naclScalarMult(keypair.secretKey, peerPublicKey)) .digest().buffer; this.secretKey = new Uint8Array(keyBytes); this.cipher = new deoxysii.AEAD(new Uint8Array(this.secretKey)); // deoxysii owns the input } public encrypt( plaintext: Uint8Array, nonce: Uint8Array = randomBytes(deoxysii.NonceSize), ): { ciphertext: Uint8Array; nonce: Uint8Array; } { const ciphertext = this.cipher.encrypt(nonce, plaintext); return { nonce, ciphertext }; } public decrypt(nonce: Uint8Array, ciphertext: Uint8Array): Uint8Array { return this.cipher.decrypt(nonce, ciphertext); } } // ----------------------------------------------------------------------------- // Determine if the CBOR encoded calldata is a signed query or an evelope export class EnvelopeError extends Error { public constructor(message: string, public readonly response?: unknown) { super(message); } } function isEnvelopeFormatOk(envelope: any): envelope is Envelope { const { format, body } = envelope; if (!body || !format) { throw new EnvelopeError('No body or format specified', envelope); } if (format !== CipherKind.X25519DeoxysII) { throw new EnvelopeError('Not encrypted format', envelope); } if (isBytesLike(body)) throw new EnvelopeError('Requires struct body', envelope); if (!isBytesLike(body.data)) throw new EnvelopeError('No body data', envelope); return true; } export function isCalldataEnveloped(calldata?: BytesLike): boolean { if (calldata === undefined) { return false; } try { const envelope = cborDecode(getBytes(calldata)); if (!isEnvelopeFormatOk(envelope)) { throw new EnvelopeError( 'Bogus Sapphire enveloped data found in transaction!', ); } return true; } catch (e: any) { if (e instanceof EnvelopeError) throw e; } return false; }