fix: Added nativescript checks for ownSignatureKeyPaths

Author: Riley-Kilgore

Diff for: packages/key-management/src/InMemoryKeyAgent.ts

@@ -134,7 +134,7 @@ export class InMemoryKeyAgent extends KeyAgentBase implements KeyAgent {
 
   async signTransaction(
     txBody: Serialization.TransactionBody,
-    { txInKeyPathMap, knownAddresses }: SignTransactionContext,
+    { txInKeyPathMap, knownAddresses, scripts }: SignTransactionContext,
     { additionalKeyPaths = [] }: SignTransactionOptions = {}
   ): Promise<Cardano.Signatures> {
     // Possible optimization is casting strings to OpaqueString types directly and skipping validation
@@ -143,7 +143,7 @@ export class InMemoryKeyAgent extends KeyAgentBase implements KeyAgent {
     const dRepKeyHash = (
       await Crypto.Ed25519PublicKey.fromHex(await this.derivePublicKey(DREP_KEY_DERIVATION_PATH)).hash()
     ).hex();
-    const derivationPaths = ownSignatureKeyPaths(body, knownAddresses, txInKeyPathMap, dRepKeyHash);
+    const derivationPaths = ownSignatureKeyPaths(body, knownAddresses, txInKeyPathMap, dRepKeyHash, scripts);
     const keyPaths = uniqBy([...derivationPaths, ...additionalKeyPaths], ({ role, index }) => `${role}.${index}`);
     // TODO:
     // if (keyPaths.length === 0) {

Diff for: packages/key-management/src/types.ts

@@ -175,6 +175,7 @@ export interface SignTransactionContext {
   handleResolutions?: HandleResolution[];
   dRepKeyHashHex?: Crypto.Ed25519KeyHashHex;
   sender?: MessageSender;
+  scripts?: Cardano.Script[];
 }
 
 export type SignDataContext = Cip8SignDataContext & { sender?: MessageSender };

Diff for: packages/key-management/src/util/ownSignatureKeyPaths.ts

@@ -294,6 +294,96 @@ const getRequiredSignersKeyPaths = (
   return paths;
 };
 
+const checkStakeCredential = (
+  address: GroupedAddress,
+  keyHash: Crypto.Ed25519KeyHashHex,
+): SignatureCheck => {
+  if (
+    address.stakeKeyDerivationPath &&
+    Cardano.RewardAccount.toHash(address.rewardAccount) === Crypto.Hash28ByteBase16.fromEd25519KeyHashHex(keyHash)
+  ) {
+    return { derivationPaths: [address.stakeKeyDerivationPath], requiresForeignSignatures: false };
+  } else {
+    return { derivationPaths: [], requiresForeignSignatures: true };
+  }
+};
+
+const checkPaymentCredential = (
+  address: GroupedAddress,
+  keyHash: Crypto.Ed25519KeyHashHex,
+): SignatureCheck => {
+  const paymentCredential = Cardano.Address.fromBech32(address.address)?.asBase()?.getPaymentCredential();
+  if (
+    paymentCredential?.type === Cardano.CredentialType.KeyHash &&
+    paymentCredential.hash === Crypto.Hash28ByteBase16.fromEd25519KeyHashHex(keyHash)
+  ) {
+    return {
+      derivationPaths: [{ index: address.index, role: Number(address.type) }],
+      requiresForeignSignatures: false
+    };
+  } else {
+    return {derivationPaths: [], requiresForeignSignatures: true}
+  }
+};
+
+const combineSignatureChecks = (a: SignatureCheck, b: SignatureCheck): SignatureCheck => ({
+  derivationPaths: [...a.derivationPaths, ...b.derivationPaths],
+  requiresForeignSignatures: a.requiresForeignSignatures || b.requiresForeignSignatures
+});
+
+const processSignatureScript = (
+  script: Cardano.RequireSignatureScript,
+  groupedAddresses: GroupedAddress[],
+): SignatureCheck => {
+  let signatureCheck: SignatureCheck = { derivationPaths: [], requiresForeignSignatures: false };
+
+  for (const address of groupedAddresses) {
+    if (address.stakeKeyDerivationPath) {
+      signatureCheck = checkStakeCredential(address, script.keyHash);
+    }
+    signatureCheck = combineSignatureChecks(signatureCheck, checkPaymentCredential(address, script.keyHash));
+  }
+
+  return signatureCheck;
+};
+
+const getNativeScriptKeyPaths = (
+  groupedAddresses: GroupedAddress[],
+  nativeScripts?: Cardano.Script[]
+): SignatureCheck => {
+  const signatureCheck: SignatureCheck = { derivationPaths: [], requiresForeignSignatures: false };
+  if (!nativeScripts?.length) return signatureCheck;
+
+  const processScript = (script: Cardano.Script): SignatureCheck => {
+    if (!Cardano.isNativeScript(script)) {
+      return { derivationPaths: [], requiresForeignSignatures: false };
+    }
+
+    switch (script.kind) {
+      case Cardano.NativeScriptKind.RequireSignature: {
+        return processSignatureScript(script as Cardano.RequireSignatureScript, groupedAddresses);
+      }
+      case Cardano.NativeScriptKind.RequireAllOf:
+      case Cardano.NativeScriptKind.RequireAnyOf:
+      case Cardano.NativeScriptKind.RequireNOf: {
+        const scriptWithScripts = script as Cardano.RequireAllOfScript | Cardano.RequireAnyOfScript;
+        return scriptWithScripts.scripts.reduce<SignatureCheck>(
+          (acc, subScript) => combineSignatureChecks(acc, processScript(subScript)),
+          { derivationPaths: [], requiresForeignSignatures: false }
+        );
+      }
+      case Cardano.NativeScriptKind.RequireTimeBefore:
+      case Cardano.NativeScriptKind.RequireTimeAfter:
+        return { derivationPaths: [], requiresForeignSignatures: false };
+    }
+  };
+
+  return nativeScripts.reduce<SignatureCheck>(
+    (acc, script) => combineSignatureChecks(acc, processScript(script)),
+    signatureCheck
+  );
+};
+
 /** Check if there are certificates that require DRep credentials and if we own them */
 export const getDRepCredentialKeyPaths = ({
   dRepKeyHash,
@@ -357,7 +447,8 @@ export const ownSignatureKeyPaths = (
   txBody: Cardano.TxBody,
   knownAddresses: GroupedAddress[],
   txInKeyPathMap: TxInKeyPathMap,
-  dRepKeyHash?: Crypto.Ed25519KeyHashHex
+  dRepKeyHash?: Crypto.Ed25519KeyHashHex,
+  scripts?: Cardano.Script[]
 ): AccountKeyDerivationPath[] => {
   // TODO: add `proposal_procedure` witnesses.
 
@@ -368,7 +459,8 @@ export const ownSignatureKeyPaths = (
       ...getStakeCredentialKeyPaths(knownAddresses, txBody).derivationPaths,
       ...getDRepCredentialKeyPaths({ dRepKeyHash, txBody }).derivationPaths,
       ...getRequiredSignersKeyPaths(knownAddresses, txBody.requiredExtraSignatures),
-      ...getVotingProcedureKeyPaths({ dRepKeyHash, groupedAddresses: knownAddresses, txBody }).derivationPaths
+      ...getVotingProcedureKeyPaths({ dRepKeyHash, groupedAddresses: knownAddresses, txBody }).derivationPaths,
+      ...getNativeScriptKeyPaths(knownAddresses, scripts).derivationPaths
     ],
     isEqual
   );

Diff for: packages/key-management/src/util/stubSignTransaction.ts

@@ -17,15 +17,15 @@ export interface StubSignTransactionProps {
 
 export const stubSignTransaction = async ({
   txBody,
-  context: { knownAddresses, txInKeyPathMap, dRepKeyHashHex: dRepKeyHash },
+  context: { knownAddresses, txInKeyPathMap, dRepKeyHashHex: dRepKeyHash, scripts },
   signTransactionOptions: { extraSigners, additionalKeyPaths = [] } = {}
 }: StubSignTransactionProps): Promise<Cardano.Signatures> => {
   const mockSignature = Crypto.Ed25519SignatureHex(
     // eslint-disable-next-line max-len
     'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
   );
   const signatureKeyPaths = uniqWith(
-    [...ownSignatureKeyPaths(txBody, knownAddresses, txInKeyPathMap, dRepKeyHash), ...additionalKeyPaths],
+    [...ownSignatureKeyPaths(txBody, knownAddresses, txInKeyPathMap, dRepKeyHash, scripts), ...additionalKeyPaths],
     deepEquals
   );
 

Diff for: packages/key-management/test/util/ownSignaturePaths.test.ts

@@ -578,4 +578,24 @@ describe('KeyManagement.util.ownSignaturePaths', () => {
       ]);
     });
   });
+
+  it('includes derivation paths from native scripts when scripts are provided', () => {
+    const txBody: Cardano.TxBody = {
+      inputs: [],
+      outputs: [],
+      fee: BigInt(0)
+    };
+    const scripts: Cardano.Script[] = [{
+      __type: Cardano.ScriptType.Native,
+      kind: Cardano.NativeScriptKind.RequireSignature,
+      keyHash: Ed25519KeyHashHex(ownStakeKeyHash)
+    }];
+
+    const paths = util.ownSignatureKeyPaths(txBody, [knownAddress1], {}, undefined, scripts);
+    
+    expect(paths).toEqual([{
+      index: 0,
+      role: KeyRole.Stake
+    }]);
+  });
 });