o2-sdk 0.2.0

Rust SDK for the O2 Exchange — a fully on-chain order book DEX on the Fuel Network
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

use secp256k1::ecdsa::RecoverableSignature;
/// Cryptographic operations for O2 Exchange: key generation, signing, and address derivation.
///
/// Implements:
/// - Fuel-native key generation (SHA-256 address derivation)
/// - EVM key generation (keccak256 address derivation)
/// - personalSign (Fuel prefix + SHA-256)
/// - rawSign (plain SHA-256)
/// - evm_personal_sign (Ethereum prefix + keccak256)
/// - fuel_compact_sign with low-s normalization and recovery ID in MSB of byte 32
use secp256k1::{Message, PublicKey, Secp256k1, SecretKey};
use sha2::{Digest as Sha256Digest, Sha256};
use sha3::Keccak256;

use crate::errors::O2Error;

/// Half of the secp256k1 group order, used for low-s normalization.
const SECP256K1_ORDER_HALF: [u8; 32] = [
    0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0x5D, 0x57, 0x6E, 0x73, 0x57, 0xA4, 0x50, 0x1D, 0xDF, 0xE9, 0x2F, 0x46, 0x68, 0x1B, 0x20, 0xA0,
];

/// Full secp256k1 group order.
const SECP256K1_ORDER: [u8; 32] = [
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
    0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
];

/// A Fuel-native wallet with SHA-256 derived B256 address.
#[derive(Debug, Clone)]
pub struct Wallet {
    pub private_key: [u8; 32],
    pub public_key: [u8; 65],
    pub b256_address: [u8; 32],
}

/// An EVM-compatible wallet with keccak256 derived address, zero-padded to B256.
#[derive(Debug, Clone)]
pub struct EvmWallet {
    pub private_key: [u8; 32],
    pub public_key: [u8; 65],
    pub evm_address: [u8; 20],
    pub b256_address: [u8; 32],
}

/// Generate a Fuel-native secp256k1 keypair.
/// Address = SHA-256(uncompressed_pubkey[1..65])
pub fn generate_keypair() -> Result<Wallet, O2Error> {
    let secp = Secp256k1::new();
    let mut rng = rand::thread_rng();
    let (secret_key, public_key) = secp.generate_keypair(&mut rng);

    let pubkey_bytes = public_key.serialize_uncompressed();
    let address = Sha256::digest(&pubkey_bytes[1..65]);

    Ok(Wallet {
        private_key: secret_key.secret_bytes(),
        public_key: pubkey_bytes,
        b256_address: address.into(),
    })
}

/// Generate an EVM-compatible keypair.
/// EVM address = last 20 bytes of keccak256(uncompressed_pubkey[1..65])
/// B256 address = 12 zero bytes + 20 EVM address bytes
pub fn generate_evm_keypair() -> Result<EvmWallet, O2Error> {
    let secp = Secp256k1::new();
    let mut rng = rand::thread_rng();
    let (secret_key, public_key) = secp.generate_keypair(&mut rng);

    let pubkey_bytes = public_key.serialize_uncompressed();
    let keccak_hash = Keccak256::digest(&pubkey_bytes[1..65]);

    let mut evm_address = [0u8; 20];
    evm_address.copy_from_slice(&keccak_hash[12..32]);

    let mut b256_address = [0u8; 32];
    b256_address[12..32].copy_from_slice(&evm_address);

    Ok(EvmWallet {
        private_key: secret_key.secret_bytes(),
        public_key: pubkey_bytes,
        evm_address,
        b256_address,
    })
}

/// Load a Fuel-native wallet from a private key.
pub fn load_wallet(private_key: &[u8; 32]) -> Result<Wallet, O2Error> {
    let secp = Secp256k1::new();
    let secret_key = SecretKey::from_slice(private_key)
        .map_err(|e| O2Error::CryptoError(format!("Invalid private key: {e}")))?;
    let public_key = PublicKey::from_secret_key(&secp, &secret_key);
    let pubkey_bytes = public_key.serialize_uncompressed();
    let address = Sha256::digest(&pubkey_bytes[1..65]);

    Ok(Wallet {
        private_key: *private_key,
        public_key: pubkey_bytes,
        b256_address: address.into(),
    })
}

/// Load an EVM wallet from a private key.
pub fn load_evm_wallet(private_key: &[u8; 32]) -> Result<EvmWallet, O2Error> {
    let secp = Secp256k1::new();
    let secret_key = SecretKey::from_slice(private_key)
        .map_err(|e| O2Error::CryptoError(format!("Invalid private key: {e}")))?;
    let public_key = PublicKey::from_secret_key(&secp, &secret_key);
    let pubkey_bytes = public_key.serialize_uncompressed();
    let keccak_hash = Keccak256::digest(&pubkey_bytes[1..65]);

    let mut evm_address = [0u8; 20];
    evm_address.copy_from_slice(&keccak_hash[12..32]);

    let mut b256_address = [0u8; 32];
    b256_address[12..32].copy_from_slice(&evm_address);

    Ok(EvmWallet {
        private_key: *private_key,
        public_key: pubkey_bytes,
        evm_address,
        b256_address,
    })
}

/// Compare two 32-byte big-endian numbers: returns true if a > b.
fn gt_be(a: &[u8; 32], b: &[u8; 32]) -> bool {
    for i in 0..32 {
        if a[i] > b[i] {
            return true;
        }
        if a[i] < b[i] {
            return false;
        }
    }
    false
}

/// Negate a 32-byte big-endian number modulo the secp256k1 order.
/// result = ORDER - value
fn negate_s(s: &[u8; 32]) -> [u8; 32] {
    let mut result = [0u8; 32];
    let mut borrow: u16 = 0;
    for i in (0..32).rev() {
        let diff = SECP256K1_ORDER[i] as u16 - s[i] as u16 - borrow;
        result[i] = diff as u8;
        borrow = if diff > 255 { 1 } else { 0 };
    }
    result
}

/// Sign a 32-byte digest and return a 64-byte Fuel compact signature.
///
/// The recovery ID is embedded in the MSB of byte 32 (first byte of s).
/// Low-s normalization is applied: if s > order/2, negate s and flip recovery_id.
pub fn fuel_compact_sign(private_key: &[u8; 32], digest: &[u8; 32]) -> Result<[u8; 64], O2Error> {
    let secp = Secp256k1::new();
    let secret_key = SecretKey::from_slice(private_key)
        .map_err(|e| O2Error::CryptoError(format!("Invalid private key: {e}")))?;
    let message = Message::from_digest(*digest);

    let recoverable_sig: RecoverableSignature = secp.sign_ecdsa_recoverable(&message, &secret_key);
    let (rec_id, compact) = recoverable_sig.serialize_compact();
    let mut recovery_id = rec_id.to_i32() as u8;

    let mut r = [0u8; 32];
    let mut s = [0u8; 32];
    r.copy_from_slice(&compact[0..32]);
    s.copy_from_slice(&compact[32..64]);

    // Low-s normalization
    if gt_be(&s, &SECP256K1_ORDER_HALF) {
        s = negate_s(&s);
        recovery_id ^= 1;
    }

    // Embed recovery ID in MSB of s[0]
    s[0] = (recovery_id << 7) | (s[0] & 0x7F);

    let mut result = [0u8; 64];
    result[0..32].copy_from_slice(&r);
    result[32..64].copy_from_slice(&s);
    Ok(result)
}

/// Sign using Fuel's personalSign format (for session creation).
/// prefix = b"\x19Fuel Signed Message:\n" + str(len(message)) + message
/// digest = sha256(prefix)
pub fn personal_sign(private_key: &[u8; 32], message: &[u8]) -> Result<[u8; 64], O2Error> {
    let prefix = b"\x19Fuel Signed Message:\n";
    let length_str = message.len().to_string();

    let mut hasher = Sha256::new();
    hasher.update(prefix);
    hasher.update(length_str.as_bytes());
    hasher.update(message);
    let digest: [u8; 32] = hasher.finalize().into();

    fuel_compact_sign(private_key, &digest)
}

/// Sign using raw SHA-256 hash, no prefix (for session actions).
/// digest = sha256(message)
pub fn raw_sign(private_key: &[u8; 32], message: &[u8]) -> Result<[u8; 64], O2Error> {
    let digest: [u8; 32] = Sha256::digest(message).into();
    fuel_compact_sign(private_key, &digest)
}

/// Sign using Ethereum's personal_sign format (for EVM owner session creation).
/// prefix = "\x19Ethereum Signed Message:\n" + str(len(message))
/// digest = keccak256(prefix_bytes + message)
pub fn evm_personal_sign(private_key: &[u8; 32], message: &[u8]) -> Result<[u8; 64], O2Error> {
    let prefix = format!("\x19Ethereum Signed Message:\n{}", message.len());

    let mut hasher = Keccak256::new();
    hasher.update(prefix.as_bytes());
    hasher.update(message);
    let digest: [u8; 32] = hasher.finalize().into();

    fuel_compact_sign(private_key, &digest)
}

/// Trait for wallets that can sign messages for O2 Exchange operations.
///
/// Implemented for both [`Wallet`] (Fuel-native, SHA-256) and [`EvmWallet`] (keccak256).
pub trait SignableWallet {
    /// The B256 address used as the owner identity.
    fn b256_address(&self) -> &[u8; 32];
    /// Sign a message using the wallet's personal_sign scheme.
    ///
    /// - Fuel wallets use `\x19Fuel Signed Message:\n` prefix + SHA-256.
    /// - EVM wallets use `\x19Ethereum Signed Message:\n` prefix + keccak256.
    fn personal_sign(&self, message: &[u8]) -> Result<[u8; 64], O2Error>;
}

impl SignableWallet for Wallet {
    fn b256_address(&self) -> &[u8; 32] {
        &self.b256_address
    }
    fn personal_sign(&self, message: &[u8]) -> Result<[u8; 64], O2Error> {
        personal_sign(&self.private_key, message)
    }
}

impl SignableWallet for EvmWallet {
    fn b256_address(&self) -> &[u8; 32] {
        &self.b256_address
    }
    fn personal_sign(&self, message: &[u8]) -> Result<[u8; 64], O2Error> {
        evm_personal_sign(&self.private_key, message)
    }
}

/// Derive a Fuel B256 address from a public key (65 bytes, 0x04 prefix).
pub fn address_from_pubkey(public_key: &[u8; 65]) -> [u8; 32] {
    Sha256::digest(&public_key[1..65]).into()
}

/// Derive an EVM address from a public key (65 bytes, 0x04 prefix).
pub fn evm_address_from_pubkey(public_key: &[u8; 65]) -> [u8; 20] {
    let hash = Keccak256::digest(&public_key[1..65]);
    let mut addr = [0u8; 20];
    addr.copy_from_slice(&hash[12..32]);
    addr
}

/// Format a 32-byte array as a "0x"-prefixed hex string.
pub fn to_hex_string(bytes: &[u8]) -> String {
    format!("0x{}", hex::encode(bytes))
}

/// Parse a "0x"-prefixed hex string into a 32-byte array.
pub fn parse_hex_32(s: &str) -> Result<[u8; 32], O2Error> {
    let s = s.strip_prefix("0x").unwrap_or(s);
    let bytes = hex::decode(s).map_err(|e| O2Error::CryptoError(format!("Invalid hex: {e}")))?;
    if bytes.len() != 32 {
        return Err(O2Error::CryptoError(format!(
            "Expected 32 bytes, got {}",
            bytes.len()
        )));
    }
    let mut result = [0u8; 32];
    result.copy_from_slice(&bytes);
    Ok(result)
}