feat: LogicSignature

Author: joe-p

packages/transact/src/index.ts

@@ -34,10 +34,4 @@ export * from './transactions/key-registration'
 export * from './transactions/payment'
 export * from './signer'
 
-export {
-  addressFromMultisigSignature,
-  applyMultisigSubsignature,
-  mergeMultisignatures,
-  newMultisigSignature,
-  participantsFromMultisigSignature,
-} from './multisig'
+export * from './multisig'

packages/transact/src/logicsig.ts

@@ -0,0 +1,110 @@
+import { Address, concatArrays, hash, isValidAddress } from '@algorandfoundation/algokit-common'
+import { MultisigAccount } from './multisig'
+import { MultisigSignature } from './transactions/signed-transaction'
+
+// base64regex is the regex to test for base64 strings
+const base64regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/
+
+/** sanityCheckProgram performs heuristic program validation:
+ * check if passed in bytes are Algorand address or is B64 encoded, rather than Teal bytes
+ *
+ * @param program - Program bytes to check
+ */
+export function sanityCheckProgram(program: Uint8Array) {
+  if (!program || program.length === 0) throw new Error('empty program')
+
+  const lineBreakOrd = '\n'.charCodeAt(0)
+  const blankSpaceOrd = ' '.charCodeAt(0)
+  const tildeOrd = '~'.charCodeAt(0)
+
+  const isPrintable = (x: number) => blankSpaceOrd <= x && x <= tildeOrd
+  const isAsciiPrintable = program.every((x: number) => x === lineBreakOrd || isPrintable(x))
+
+  if (isAsciiPrintable) {
+    const programStr = new TextDecoder().decode(program)
+
+    if (isValidAddress(programStr)) throw new Error('requesting program bytes, get Algorand address')
+
+    if (base64regex.test(programStr)) throw new Error('program should not be b64 encoded')
+
+    throw new Error('program bytes are all ASCII printable characters, not looking like Teal byte code')
+  }
+}
+
+const PROGRAM_TAG = new TextEncoder().encode('Program')
+const MSIG_PROGRAM_TAG = new TextEncoder().encode('MsigProgram')
+const SIGN_PROGRAM_DATA_PREFIX = new TextEncoder().encode('ProgData')
+
+/** Function for signing logic signatures for delegation */
+export type DelegatedLsigSigner = (lsig: LogicSig, msig?: MultisigAccount) => Promise<Uint8Array>
+
+/** Function for signing program data for a logic signature */
+export type ProgramDataSigner = (data: Uint8Array, lsig: LogicSig) => Promise<Uint8Array>
+
+export class LogicSig {
+  logic: Uint8Array
+  args: Uint8Array[]
+  sig?: Uint8Array
+  msig?: MultisigSignature
+  lmsig?: MultisigSignature
+
+  constructor(program: Uint8Array, programArgs?: Array<Uint8Array> | null) {
+    if (programArgs && (!Array.isArray(programArgs) || !programArgs.every((arg) => arg.constructor === Uint8Array))) {
+      throw new TypeError('Invalid arguments')
+    }
+
+    let args: Uint8Array[] = []
+    if (programArgs != null) args = programArgs.map((arg) => new Uint8Array(arg))
+
+    sanityCheckProgram(program)
+
+    this.logic = program
+    this.args = args
+  }
+
+  /**
+   * Compute hash of the logic sig program (that is the same as escrow account address) as string address
+   * @returns String representation of the address
+   */
+  address(): Address {
+    const toBeSigned = concatArrays(PROGRAM_TAG, this.logic)
+    const h = hash(toBeSigned)
+    return new Address(h)
+  }
+
+  async delegate(signer: DelegatedLsigSigner) {
+    this.sig = await signer(this)
+  }
+
+  async deletegateMultisig(msig: MultisigAccount) {
+    if (this.lmsig == undefined) {
+      this.lmsig = {
+        subsignatures: [],
+        version: msig.params.version,
+        threshold: msig.params.threshold,
+      }
+    }
+    for (const addrWithSigner of msig.subSigners) {
+      const { lsigSigner, addr } = addrWithSigner
+      const signature = await lsigSigner(this, msig)
+
+      this.lmsig.subsignatures.push({ address: addr, signature })
+    }
+  }
+
+  bytesToSignForDelegation(msig?: MultisigAccount): Uint8Array {
+    if (msig) {
+      return concatArrays(MSIG_PROGRAM_TAG, msig.addr.publicKey, this.logic)
+    } else {
+      return concatArrays(PROGRAM_TAG, this.logic)
+    }
+  }
+
+  signProgramData(data: Uint8Array, signer: ProgramDataSigner): Promise<Uint8Array> {
+    return signer(data, this)
+  }
+
+  programDataToSign(data: Uint8Array): Uint8Array {
+    return concatArrays(SIGN_PROGRAM_DATA_PREFIX, this.address().publicKey, data)
+  }
+}

packages/transact/src/multisig.spec.ts

@@ -106,7 +106,7 @@ describe('multisig', () => {
         'ALGOC4J2BCZ33TCKSSAMV5GAXQBMV3HDCHDBSPRBZRNSR7BM2FFDZRFGXA',
       ].map(Address.fromString)
 
-      const multisigLarge = newMultisigSignature(300, 2, participants)
+      const multisigLarge = newMultisigSignature(254, 2, participants)
       const addressLarge = addressFromMultisigSignature(multisigLarge)
 
       // Should be different from the original small values

packages/transact/src/multisig.ts

@@ -9,6 +9,7 @@ import {
   SIGNATURE_BYTE_LENGTH,
 } from '@algorandfoundation/algokit-common'
 import {
+  AddressWithDelegatedLsigSigner,
   AddressWithTransactionSigner,
   decodeSignedTransaction,
   encodeSignedTransaction,
@@ -396,9 +397,9 @@ export function addressFromMultisigPreImg({
 }: Omit<MultisigMetadata, 'addrs'> & {
   pks: Uint8Array[]
 }): Address {
-  if (version !== 1 || version > 255 || version < 0) {
+  if (version > 255 || version < 0) {
     // ^ a tad redundant, but in case in the future version != 1, still check for uint8
-    throw new Error(INVALID_MSIG_VERSION_ERROR_MSG)
+    throw new Error(`${INVALID_MSIG_VERSION_ERROR_MSG}: ${version}`)
   }
   if (threshold === 0 || pks.length === 0 || threshold > pks.length || threshold > 255) {
     throw new Error(INVALID_MSIG_THRESHOLD_ERROR_MSG)
@@ -458,13 +459,13 @@ export interface MultisigMetadata {
   /**
    * A list of Algorand addresses representing possible signers for this multisig. Order is important.
    */
-  addrs: Array<string | Address>
+  addrs: Array<Address>
 }
 
 /** Account wrapper that supports partial or full multisig signing. */
 export class MultisigAccount implements AddressWithTransactionSigner {
   _params: MultisigMetadata
-  _subSigners: AddressWithTransactionSigner[]
+  _subSigners: (AddressWithTransactionSigner & AddressWithDelegatedLsigSigner)[]
   _addr: Address
   _signer: TransactionSigner
 
@@ -473,8 +474,8 @@ export class MultisigAccount implements AddressWithTransactionSigner {
     return this._params
   }
 
-  /** The list of accounts that are present to sign */
-  get signingAccounts(): Readonly<AddressWithTransactionSigner[]> {
+  /** The list of accounts that are present to sign transactions or lsigs */
+  get subSigners() {
     return this._subSigners
   }
 
@@ -488,7 +489,7 @@ export class MultisigAccount implements AddressWithTransactionSigner {
     return this._signer
   }
 
-  constructor(multisigParams: MultisigMetadata, subSigners: AddressWithTransactionSigner[]) {
+  constructor(multisigParams: MultisigMetadata, subSigners: (AddressWithTransactionSigner & AddressWithDelegatedLsigSigner)[]) {
     this._params = multisigParams
     this._subSigners = subSigners
     this._addr = multisigAddress(multisigParams)
@@ -499,7 +500,7 @@ export class MultisigAccount implements AddressWithTransactionSigner {
       for (const txn of txnsToSign) {
         let signedMsigTxn = createMultisigTransaction(txn, this._params)
 
-        for (const subSigner of this._subSigners) {
+        for (const subSigner of this.subSigners) {
           const stxn = (await subSigner.signer([txn], [0]))[0]
           const sig = decodeSignedTransaction(stxn).signature
 

packages/transact/src/signer.ts

@@ -1,9 +1,65 @@
-import { Addressable, ReadableAddress } from '@algorandfoundation/algokit-common'
-import { Transaction } from './transactions/transaction'
+import { Address, Addressable, ReadableAddress } from '@algorandfoundation/algokit-common'
+import { encodeTransaction, Transaction } from './transactions/transaction'
+import { DelegatedLsigSigner, ProgramDataSigner } from './logicsig'
+import { encodeSignedTransaction, SignedTransaction } from './transactions/signed-transaction'
 
+/** Function for signing a group of transactions */
 export type TransactionSigner = (txnGroup: Transaction[], indexesToSign: number[]) => Promise<Uint8Array[]>
 
+/** A transaction signer attached to an address */
 export interface AddressWithTransactionSigner extends Addressable {
   signer: TransactionSigner
 }
+
+/** An address that can be used to send transactions that may or may not have a signer */
 export type SendingAddress = ReadableAddress | AddressWithTransactionSigner
+
+/** A delegated logic signature signer attached to an address */
+export interface AddressWithDelegatedLsigSigner extends Addressable {
+  lsigSigner: DelegatedLsigSigner
+}
+
+export type AddressWithSigners = Addressable &
+  AddressWithTransactionSigner &
+  AddressWithDelegatedLsigSigner & { programDataSigner: ProgramDataSigner }
+
+/** Generate type-safe domain-separated signer callbacks given an ed25519 pubkey and a signing callback */
+export function generateSigners(
+  ed25519Pubkey: Uint8Array,
+  rawEd25519Signer: (bytesToSign: Uint8Array) => Promise<Uint8Array>,
+): AddressWithSigners {
+  const addr = new Address(ed25519Pubkey)
+
+  const signer: TransactionSigner = async (txnGroup: Transaction[], indexesToSign: number[]) => {
+    const stxns: SignedTransaction[] = []
+    for (const index of indexesToSign) {
+      const txn = txnGroup[index]
+      const bytesToSign = encodeTransaction(txn)
+      const signature = await rawEd25519Signer(bytesToSign)
+      const stxn: SignedTransaction = {
+        txn,
+        signature,
+      }
+
+      if (!txn.sender.equals(addr)) {
+        stxn.authAddress = addr
+      }
+
+      stxns.push(stxn)
+    }
+
+    return stxns.map(encodeSignedTransaction)
+  }
+
+  const lsigSigner: DelegatedLsigSigner = async (lsig, msig) => {
+    const bytesToSign = lsig.bytesToSignForDelegation(msig)
+    return await rawEd25519Signer(bytesToSign)
+  }
+
+  const programDataSigner: ProgramDataSigner = async (data, lsig) => {
+    const toBeSigned = lsig.programDataToSign(data)
+    return await rawEd25519Signer(toBeSigned)
+  }
+
+  return { addr, signer, lsigSigner, programDataSigner }
+}

src/testing/account.ts

@@ -4,7 +4,7 @@ import * as algosdk from '@algorandfoundation/sdk'
 import { Address, Kmd } from '@algorandfoundation/sdk'
 import { AlgorandClient, Config } from '../'
 import { GetTestAccountParams } from '../types/testing'
-import { AddressWithTransactionSigner } from '@algorandfoundation/algokit-transact'
+import { AddressWithSigners, AddressWithTransactionSigner } from '@algorandfoundation/algokit-transact'
 
 /**
  * @deprecated Use `getTestAccount(params, algorandClient)` instead. The `algorandClient` object can be created using `AlgorandClient.fromClients({ algod, kmd })`.
@@ -35,7 +35,7 @@ export async function getTestAccount(
 export async function getTestAccount(
   params: GetTestAccountParams,
   algorand: AlgorandClient,
-): Promise<Address & Account & AddressWithTransactionSigner>
+): Promise<Address & Account & AddressWithSigners>
 export async function getTestAccount(
   { suppressLog, initialFunds, accountGetter }: GetTestAccountParams,
   algodOrAlgorandClient: AlgodClient | AlgorandClient,

src/types/account-manager.ts

@@ -11,9 +11,9 @@ import { CommonTransactionParams, TransactionComposer } from './composer'
 import { TestNetDispenserApiClient } from './dispenser-client'
 import { KmdAccountManager } from './kmd-account-manager'
 import { SendParams, SendSingleTransactionResult } from './transaction'
-import { AddressWithTransactionSigner, TransactionSigner } from '@algorandfoundation/algokit-transact'
+import { AddressWithSigners, AddressWithTransactionSigner, TransactionSigner } from '@algorandfoundation/algokit-transact'
 import { getAddress, ReadableAddress } from '@algorandfoundation/algokit-common'
-import { MultisigAccount } from '@algorandfoundation/algokit-transact/multisig'
+import { MultisigAccount, MultisigMetadata } from '@algorandfoundation/algokit-transact'
 
 /** Result from performing an ensureFunded call. */
 export interface EnsureFundedResult {
@@ -393,7 +393,7 @@ export class AccountManager {
    * @param subSigners The signers that are currently present
    * @returns A multisig account wrapper
    */
-  public multisig(multisigParams: algosdk.MultisigMetadata, subSigners: AddressWithTransactionSigner[]) {
+  public multisig(multisigParams: MultisigMetadata, subSigners: AddressWithSigners[]) {
     return this.signerAccount(new MultisigAccount(multisigParams, subSigners))
   }
 

src/types/testing.ts

@@ -1,5 +1,5 @@
 import { AlgodClient } from '@algorandfoundation/algokit-algod-client'
-import { AddressWithTransactionSigner, Transaction } from '@algorandfoundation/algokit-transact'
+import { AddressWithSigners, AddressWithTransactionSigner, Transaction } from '@algorandfoundation/algokit-transact'
 import type { Account } from '@algorandfoundation/sdk'
 import * as algosdk from '@algorandfoundation/sdk'
 import { Address, Indexer, Kmd, LogicSigAccount } from '@algorandfoundation/sdk'
@@ -26,9 +26,9 @@ export interface AlgorandTestAutomationContext {
   /** Transaction logger that will log transaction IDs for all transactions issued by `algod` */
   transactionLogger: TransactionLogger
   /** Default, funded test account that is ephemerally created */
-  testAccount: Address & AddressWithTransactionSigner & Account
+  testAccount: Address & AddressWithSigners & Account
   /** Generate and fund an additional ephemerally created account */
-  generateAccount: (params: GetTestAccountParams) => Promise<Address & Account & AddressWithTransactionSigner>
+  generateAccount: (params: GetTestAccountParams) => Promise<Address & Account & AddressWithSigners>
   /** Wait for the indexer to catch up with all transactions logged by `transactionLogger` */
   waitForIndexer: () => Promise<void>
   /** Wait for the indexer to catch up with the given transaction ID */