sui-sdk-types: add support for passkeys in multisigs

Author: bmwill

crates/sui-sdk-types/src/crypto/multisig.rs

@@ -2,6 +2,8 @@ use super::zklogin::ZkLoginAuthenticator;
 use super::zklogin::ZkLoginPublicIdentifier;
 use super::Ed25519PublicKey;
 use super::Ed25519Signature;
+use super::PasskeyAuthenticator;
+use super::PasskeyPublicKey;
 use super::Secp256k1PublicKey;
 use super::Secp256k1Signature;
 use super::Secp256r1PublicKey;
@@ -51,6 +53,7 @@ pub enum MultisigMemberPublicKey {
     Secp256k1(Secp256k1PublicKey),
     Secp256r1(Secp256r1PublicKey),
     ZkLogin(ZkLoginPublicIdentifier),
+    Passkey(PasskeyPublicKey),
 }
 
 /// A member in a multisig committee
@@ -328,6 +331,7 @@ pub enum MultisigMemberSignature {
     Secp256k1(Secp256k1Signature),
     Secp256r1(Secp256r1Signature),
     ZkLogin(Box<ZkLoginAuthenticator>),
+    Passkey(PasskeyAuthenticator),
 }
 
 #[cfg(feature = "serde")]
@@ -337,6 +341,7 @@ mod serialization {
     use crate::crypto::Base64Array33;
     use crate::crypto::Base64Array34;
     use crate::Ed25519PublicKey;
+    use crate::PasskeyPublicKey;
     use crate::Secp256k1PublicKey;
     use crate::Secp256r1PublicKey;
     use crate::SignatureScheme;
@@ -383,6 +388,9 @@ mod serialization {
                 MultisigMemberPublicKey::ZkLogin(_) => Err(serde::ser::Error::custom(
                     "zklogin not supported in legacy multisig",
                 )),
+                MultisigMemberPublicKey::Passkey(_) => Err(serde::ser::Error::custom(
+                    "passkey not supported in legacy multisig",
+                )),
             }
         }
     }
@@ -652,6 +660,7 @@ mod serialization {
         Secp256k1(Secp256k1PublicKey),
         Secp256r1(Secp256r1PublicKey),
         ZkLogin(ZkLoginPublicIdentifier),
+        Passkey(PasskeyPublicKey),
     }
 
     #[derive(serde_derive::Serialize, serde_derive::Deserialize)]
@@ -662,6 +671,7 @@ mod serialization {
         Secp256k1 { public_key: Secp256k1PublicKey },
         Secp256r1 { public_key: Secp256r1PublicKey },
         ZkLogin(ZkLoginPublicIdentifier),
+        Passkey { public_key: PasskeyPublicKey },
     }
 
     impl Serialize for MultisigMemberPublicKey {
@@ -689,6 +699,11 @@ mod serialization {
                     MultisigMemberPublicKey::ZkLogin(public_id) => {
                         ReadableMemberPublicKey::ZkLogin(public_id.clone())
                     }
+                    MultisigMemberPublicKey::Passkey(public_key) => {
+                        ReadableMemberPublicKey::Passkey {
+                            public_key: *public_key,
+                        }
+                    }
                 };
                 readable.serialize(serializer)
             } else {
@@ -705,6 +720,9 @@ mod serialization {
                     MultisigMemberPublicKey::ZkLogin(public_id) => {
                         MemberPublicKey::ZkLogin(public_id.clone())
                     }
+                    MultisigMemberPublicKey::Passkey(public_key) => {
+                        MemberPublicKey::Passkey(*public_key)
+                    }
                 };
                 binary.serialize(serializer)
             }
@@ -727,6 +745,7 @@ mod serialization {
                         Self::Secp256r1(public_key)
                     }
                     ReadableMemberPublicKey::ZkLogin(public_id) => Self::ZkLogin(public_id),
+                    ReadableMemberPublicKey::Passkey { public_key } => Self::Passkey(public_key),
                 })
             } else {
                 let binary = MemberPublicKey::deserialize(deserializer)?;
@@ -735,6 +754,7 @@ mod serialization {
                     MemberPublicKey::Secp256k1(public_key) => Self::Secp256k1(public_key),
                     MemberPublicKey::Secp256r1(public_key) => Self::Secp256r1(public_key),
                     MemberPublicKey::ZkLogin(public_id) => Self::ZkLogin(public_id),
+                    MemberPublicKey::Passkey(public_key) => Self::Passkey(public_key),
                 })
             }
         }
@@ -746,6 +766,7 @@ mod serialization {
         Secp256k1(Secp256k1Signature),
         Secp256r1(Secp256r1Signature),
         ZkLogin(Box<ZkLoginAuthenticator>),
+        Passkey(PasskeyAuthenticator),
     }
 
     #[derive(serde_derive::Serialize, serde_derive::Deserialize)]
@@ -756,6 +777,7 @@ mod serialization {
         Secp256k1 { signature: Secp256k1Signature },
         Secp256r1 { signature: Secp256r1Signature },
         ZkLogin(Box<ZkLoginAuthenticator>),
+        Passkey(PasskeyAuthenticator),
     }
 
     impl Serialize for MultisigMemberSignature {
@@ -783,6 +805,9 @@ mod serialization {
                     MultisigMemberSignature::ZkLogin(authenticator) => {
                         ReadableMemberSignature::ZkLogin(authenticator.clone())
                     }
+                    MultisigMemberSignature::Passkey(authenticator) => {
+                        ReadableMemberSignature::Passkey(authenticator.clone())
+                    }
                 };
                 readable.serialize(serializer)
             } else {
@@ -799,6 +824,9 @@ mod serialization {
                     MultisigMemberSignature::ZkLogin(authenticator) => {
                         MemberSignature::ZkLogin(authenticator.clone())
                     }
+                    MultisigMemberSignature::Passkey(authenticator) => {
+                        MemberSignature::Passkey(authenticator.clone())
+                    }
                 };
                 binary.serialize(serializer)
             }
@@ -817,6 +845,7 @@ mod serialization {
                     ReadableMemberSignature::Secp256k1 { signature } => Self::Secp256k1(signature),
                     ReadableMemberSignature::Secp256r1 { signature } => Self::Secp256r1(signature),
                     ReadableMemberSignature::ZkLogin(authenticator) => Self::ZkLogin(authenticator),
+                    ReadableMemberSignature::Passkey(authenticator) => Self::Passkey(authenticator),
                 })
             } else {
                 let binary = MemberSignature::deserialize(deserializer)?;
@@ -825,6 +854,7 @@ mod serialization {
                     MemberSignature::Secp256k1(signature) => Self::Secp256k1(signature),
                     MemberSignature::Secp256r1(signature) => Self::Secp256r1(signature),
                     MemberSignature::ZkLogin(authenticator) => Self::ZkLogin(authenticator),
+                    MemberSignature::Passkey(authenticator) => Self::Passkey(authenticator),
                 })
             }
         }

crates/sui-sdk-types/src/crypto/passkey.rs

@@ -93,12 +93,21 @@ impl PasskeyAuthenticator {
 /// The BCS serialized form for this type is defined by the following ABNF:
 ///
 /// ```text
-/// passkey-public-key = passkey-flag secp256r1-public-key
+/// passkey-public-key = secp256r1-public-key
 /// ```
-#[derive(Debug, Clone, PartialEq, Eq)]
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+#[cfg_attr(
+    feature = "serde",
+    derive(serde_derive::Serialize, serde_derive::Deserialize)
+)]
+#[cfg_attr(feature = "proptest", derive(test_strategy::Arbitrary))]
 pub struct PasskeyPublicKey(Secp256r1PublicKey);
 
 impl PasskeyPublicKey {
+    pub fn new(public_key: Secp256r1PublicKey) -> Self {
+        Self(public_key)
+    }
+
     /// The underlying `Secp256r1PublicKey` for this passkey.
     pub fn inner(&self) -> &Secp256r1PublicKey {
         &self.0

crates/sui-sdk-types/src/crypto/signature.rs

@@ -793,5 +793,34 @@ mod serialization {
                 assert_eq!(sig, serde_json::from_str(&json).unwrap());
             }
         }
+
+        #[test]
+        fn mutisig_with_passkey() {
+            const FIXTURE: &str = "4wMDAQSPAgYlWA5npzp6kvrYZs+ZuUq2Z1mil2S1cYIfq64uix17NuQdAAAAAIMBeyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoieEtoSGhUU1o4TVJTNjAtLTZNbjBreC1vSW1RWUs1RjNFMmtzQm9iRkk3OCIsIm9yaWdpbiI6Imh0dHBzOi8vd3d3LnN1aS5pbyIsImNyb3NzT3JpZ2luIjpmYWxzZX1iAj6cOZNgD7buVIny/mQVv0gt87gEpo/V6yFusFHc0ED0XBdBXIRO8cDcoKDOPeKpNOwyMn4JvCwh/bA9Z27vBcID4FVY2uPg1vTXoKTq74rVS0uaUzafqn5emXJEfpzp9osQAAUADX2rNYyNrapO+gBJp1sHQ2VVsQo2ghm7aA9wVxNJ13UBAQIOF81ZOeRrGWZBlozXWZELold+J/pz/eOHbbm+xbzrKwECA0f7ryPwOKvEwwiicRF6Kkz/rt28X/gcdRe8bHSn7bQwAQM8G2h0dHBzOi8vaWQudHdpdGNoLnR2L29hdXRoMgVuAvSJovCe0hhp6n7cBfcDd20d7RhhkODYMqLqqMIDAQQD4FVY2uPg1vTXoKTq74rVS0uaUzafqn5emXJEfpzp9osBAQA=";
+
+            let bcs = Base64::decode_vec(FIXTURE).unwrap();
+
+            let sig: UserSignature = bcs::from_bytes(&bcs).unwrap();
+            assert_eq!(SignatureScheme::Multisig, sig.scheme());
+
+            let committee = match &sig {
+                UserSignature::Multisig(multisig) => multisig.committee(),
+                _ => panic!("not a multisig"),
+            };
+            assert_eq!(
+                committee.derive_address(),
+                crate::Address::from_hex(
+                    "0x10f58251fa90d7fd5510f99787ac5c5874fe29c033524ba0275f1ed793ed8598"
+                )
+                .unwrap()
+            );
+
+            let bytes = bcs::to_bytes(&sig).unwrap();
+            assert_eq!(bcs, bytes);
+
+            let json = serde_json::to_string_pretty(&sig).unwrap();
+            println!("{json}");
+            assert_eq!(sig, serde_json::from_str(&json).unwrap());
+        }
     }
 }

crates/sui-sdk-types/src/hash.rs

@@ -220,7 +220,7 @@ impl crate::PasskeyPublicKey {
     /// `Secp256r1PublicKey` that corresponds to this passkey prefixed with the Passkey
     /// `SignatureScheme` flag (`0x06`).
     ///
-    /// `hash( 0x06 || 33-byte secp256r1 public key)`
+    /// `hash( 0x06 || 33-byte secp256r1-public-key)`
     pub fn derive_address(&self) -> Address {
         let mut hasher = Hasher::new();
         self.write_into_hasher(&mut hasher);
@@ -265,6 +265,7 @@ impl crate::MultisigCommittee {
                 Secp256k1(p) => p.write_into_hasher(&mut hasher),
                 Secp256r1(p) => p.write_into_hasher(&mut hasher),
                 ZkLogin(p) => p.write_into_hasher_padded(&mut hasher),
+                Passkey(p) => p.write_into_hasher(&mut hasher),
             }
 
             hasher.update(member.weight().to_le_bytes());