feat(core): extract SignerMultisigCkbBase for Omnilock multisig

Extract shared multisig logic into abstract SignerMultisigCkbBase with
encodeWitnessLock/decodeWitnessLock template methods. CKB multisig and
Omnilock multisig are thin subclasses differing only in witness encoding.

MultisigCkbWitness entity moved to its own module. OmniLockWitnessLock
molecule encoding added as standalone utility.

Author: phroi

packages/core/src/signer/ckb/index.ts

@@ -1,7 +1,12 @@
+export * from "./multisigCkbWitness.js";
+export * from "./omniLockWitnessLock.js";
 export * from "./secp256k1Signing.js";
 export * from "./signerCkbPrivateKey.js";
 export * from "./signerCkbPublicKey.js";
 export * from "./signerCkbScriptReadonly.js";
+export * from "./signerMultisigCkbBase.js";
 export * from "./signerMultisigCkbPrivateKey.js";
 export * from "./signerMultisigCkbReadonly.js";
+export * from "./signerMultisigOmniLockPrivateKey.js";
+export * from "./signerMultisigOmniLockReadonly.js";
 export * from "./verifyJoyId.js";

packages/core/src/signer/ckb/multisigCkbWitness.ts

@@ -0,0 +1,185 @@
+import { Bytes, bytesConcat, bytesFrom } from "../../bytes/index.js";
+import { Since, SinceLike } from "../../ckb/index.js";
+import { codec, Entity } from "../../codec/index.js";
+import { HASH_CKB_SHORT_LENGTH, hashCkb } from "../../hasher/index.js";
+import { Hex, hexFrom, HexLike } from "../../hex/index.js";
+import { numFrom, NumLike, numToBytes } from "../../num/index.js";
+import { SECP256K1_SIGNATURE_LENGTH } from "./secp256k1Signing.js";
+
+export type MultisigCkbWitnessLike = (
+  | {
+      publicKeyHashes: HexLike[];
+      publicKeys?: undefined | null;
+    }
+  | {
+      publicKeyHashes?: undefined | null;
+      publicKeys: HexLike[];
+    }
+) & {
+  threshold: NumLike;
+  mustMatch?: NumLike | null;
+  signatures?: HexLike[] | null;
+};
+
+/**
+ * A class representing multisig information, holding information ingredients and containing utilities.
+ * @public
+ */
+@codec({
+  encode: (encodable: MultisigCkbWitness) => {
+    const { publicKeyHashes, threshold, mustMatch, signatures } =
+      MultisigCkbWitness.from(encodable);
+
+    if (
+      signatures.some((s) => s.length !== SECP256K1_SIGNATURE_LENGTH * 2 + 2)
+    ) {
+      throw Error("MultisigCkbWitness: invalid signature length");
+    }
+    if (
+      publicKeyHashes.some((s) => s.length !== HASH_CKB_SHORT_LENGTH * 2 + 2)
+    ) {
+      throw Error("MultisigCkbWitness: invalid public key hash length");
+    }
+
+    return bytesConcat(
+      "0x00",
+      numToBytes(mustMatch ?? 0),
+      numToBytes(threshold),
+      numToBytes(publicKeyHashes.length),
+      ...publicKeyHashes,
+      ...signatures,
+    );
+  },
+  decode: (raw: Bytes) => {
+    const [
+      _reserved,
+      mustMatch,
+      threshold,
+      publicKeyHashesLength,
+      ...rawKeyAndSignatures
+    ] = raw;
+
+    if (
+      rawKeyAndSignatures.length <
+      publicKeyHashesLength * HASH_CKB_SHORT_LENGTH
+    ) {
+      throw Error("MultisigCkbWitness: invalid public key hashes length");
+    }
+
+    const signatures = rawKeyAndSignatures.slice(
+      publicKeyHashesLength * HASH_CKB_SHORT_LENGTH,
+    );
+
+    return MultisigCkbWitness.from({
+      publicKeyHashes: Array.from(new Array(publicKeyHashesLength), (_, i) =>
+        hexFrom(
+          rawKeyAndSignatures.slice(
+            i * HASH_CKB_SHORT_LENGTH,
+            (i + 1) * HASH_CKB_SHORT_LENGTH,
+          ),
+        ),
+      ),
+      threshold: numFrom(threshold),
+      mustMatch: numFrom(mustMatch),
+      signatures: Array.from(
+        new Array(Math.floor(signatures.length / SECP256K1_SIGNATURE_LENGTH)),
+        (_, i) =>
+          hexFrom(
+            signatures.slice(
+              i * SECP256K1_SIGNATURE_LENGTH,
+              (i + 1) * SECP256K1_SIGNATURE_LENGTH,
+            ),
+          ),
+      ),
+    });
+  },
+})
+export class MultisigCkbWitness extends Entity.Base<
+  MultisigCkbWitnessLike,
+  MultisigCkbWitness
+>() {
+  /**
+   * @param publicKeyHashes - The public key hashes.
+   * @param threshold - The threshold.
+   * @param mustMatch - The number of signatures that must match.
+   * @param signatures - The signatures.
+   */
+  constructor(
+    public publicKeyHashes: Hex[],
+    public threshold: number,
+    public mustMatch: number,
+    public signatures: Hex[],
+  ) {
+    super();
+
+    const keysLength = publicKeyHashes.length;
+
+    if (threshold <= 0 || threshold > keysLength) {
+      throw new Error(
+        "threshold should be in range from 1 to public keys length",
+      );
+    }
+    if (mustMatch < 0 || mustMatch > Math.min(keysLength, threshold)) {
+      throw new Error(
+        "mustMatch should be in range from 0 to min(public keys length, threshold)",
+      );
+    }
+    if (keysLength > 255) {
+      throw new Error("public keys length should be less than 256");
+    }
+  }
+
+  /**
+   * Create a MultisigCkbWitness from a MultisigCkbWitnessLike.
+   *
+   * @param witness - The witness like object.
+   * @returns The MultisigCkbWitness.
+   */
+  static from(witness: MultisigCkbWitnessLike): MultisigCkbWitness {
+    const publicKeyHashes = (() => {
+      if (witness.publicKeyHashes) {
+        return witness.publicKeyHashes;
+      }
+      return witness.publicKeys.map((k) => hashCkb(k).slice(0, 42));
+    })();
+
+    return new MultisigCkbWitness(
+      publicKeyHashes.map(hexFrom),
+      Number(numFrom(witness.threshold)),
+      Number(numFrom(witness.mustMatch ?? 0)),
+      witness.signatures?.map(hexFrom) ?? [],
+    );
+  }
+
+  /**
+   * Get the script args of the multisig script.
+   *
+   * @param since - The since value.
+   * @returns The script args.
+   */
+  scriptArgs(since?: SinceLike | null): Bytes {
+    const hash = hashCkb(this.toBytes()).slice(0, 42);
+
+    if (since != null) {
+      return bytesConcat(hash, Since.from(since).toBytes());
+    }
+
+    return bytesFrom(hash);
+  }
+
+  /**
+   * Check if the multisig info is equal to another.
+   *
+   * @param otherLike - The other multisig info.
+   * @returns True if the multisig info is equal, false otherwise.
+   */
+  eqInfo(otherLike: MultisigCkbWitnessLike): boolean {
+    const other = MultisigCkbWitness.from(otherLike);
+    return (
+      this.publicKeyHashes.length === other.publicKeyHashes.length &&
+      this.publicKeyHashes.every((h, i) => h === other.publicKeyHashes[i]) &&
+      this.threshold === other.threshold &&
+      this.mustMatch === other.mustMatch
+    );
+  }
+}

packages/core/src/signer/ckb/omniLockWitnessLock.ts

@@ -0,0 +1,105 @@
+/**
+ * OmniLockWitnessLock molecule table encoding/decoding.
+ *
+ * table OmniLockWitnessLock {
+ *     signature: BytesOpt,
+ *     omni_identity: IdentityOpt,
+ *     preimage: BytesOpt,
+ * }
+ *
+ * For bridge use (auth modes 0x00-0x06, 0xFC), only the signature field is
+ * populated. omni_identity and preimage are None (zero-length).
+ */
+
+import { Bytes, bytesConcat, bytesFrom } from "../../bytes/index.js";
+import { Hex, hexFrom } from "../../hex/index.js";
+import { numToBytes } from "../../num/index.js";
+
+const NUM_FIELDS = 3;
+const HEADER_BYTES = (1 + NUM_FIELDS) * 4; // full_size + 3 offsets = 16
+
+/**
+ * Encode a signature into the OmniLockWitnessLock molecule table format.
+ *
+ * The result is suitable for WitnessArgs.lock when the Omnilock cell uses
+ * a signature-based auth mode (secp256k1, Ethereum, Bitcoin, CKB multisig,
+ * owner lock, etc.) and does not use the administrator (omni_identity) or
+ * preimage fields.
+ *
+ * @param signature - The raw signature bytes.
+ * @returns The encoded OmniLockWitnessLock bytes.
+ * @public
+ */
+export function encodeOmniLockWitnessLock(signature: Bytes): Bytes {
+  const fullSize = HEADER_BYTES + 4 + signature.length;
+  return bytesFrom(
+    bytesConcat(
+      numToBytes(fullSize, 4), // full_size
+      numToBytes(HEADER_BYTES, 4), // offset[0]: signature starts here
+      numToBytes(fullSize, 4), // offset[1]: omni_identity (absent, at end)
+      numToBytes(fullSize, 4), // offset[2]: preimage (absent, at end)
+      numToBytes(signature.length, 4), // Bytes item count
+      signature,
+    ),
+  );
+}
+
+/**
+ * Encode a signature into OmniLockWitnessLock and return as Hex.
+ *
+ * @param signature - The raw signature bytes.
+ * @returns The encoded OmniLockWitnessLock hex string.
+ * @public
+ */
+export function encodeOmniLockWitnessLockToHex(signature: Bytes): Hex {
+  return hexFrom(encodeOmniLockWitnessLock(signature));
+}
+
+/**
+ * Decode the signature from an OmniLockWitnessLock molecule table.
+ *
+ * @param data - The full OmniLockWitnessLock bytes.
+ * @returns The decoded signature, or undefined if the signature field is absent.
+ * @public
+ */
+export function decodeOmniLockWitnessLock(data: Bytes): Bytes | undefined {
+  if (data.length < HEADER_BYTES) {
+    throw new Error("OmniLockWitnessLock: data too short for header");
+  }
+
+  const view = new DataView(data.buffer, data.byteOffset, data.byteLength);
+  const fullSize = view.getUint32(0, true);
+  if (fullSize !== data.length) {
+    throw new Error("OmniLockWitnessLock: full_size mismatch");
+  }
+
+  const signatureOffset = view.getUint32(4, true);
+  const omniIdentityOffset = view.getUint32(8, true);
+
+  // signature field is present if offset[0] < offset[1]
+  if (signatureOffset >= omniIdentityOffset) {
+    return undefined;
+  }
+
+  const sigBytesCount = view.getUint32(signatureOffset, true);
+  const sigStart = signatureOffset + 4;
+  if (sigStart + sigBytesCount > data.length) {
+    throw new Error("OmniLockWitnessLock: signature exceeds data bounds");
+  }
+
+  return data.slice(sigStart, sigStart + sigBytesCount);
+}
+
+/**
+ * Compute the WitnessArgs.lock byte length for an OmniLockWitnessLock
+ * containing a signature of the given length.
+ *
+ * Used to prepare the witness placeholder before computing sighash_all.
+ *
+ * @param signatureLength - The raw signature byte length.
+ * @returns The total OmniLockWitnessLock byte length.
+ * @public
+ */
+export function omniLockWitnessLockLength(signatureLength: number): number {
+  return HEADER_BYTES + 4 + signatureLength;
+}