Skip to content

feat: add signHash and signAuthorization#156

Open
ggonzalez94 wants to merge 5 commits intoopen-wallet-standard:mainfrom
ggonzalez94:feat/sign-hash-and-eip7702
Open

feat: add signHash and signAuthorization#156
ggonzalez94 wants to merge 5 commits intoopen-wallet-standard:mainfrom
ggonzalez94:feat/sign-hash-and-eip7702

Conversation

@ggonzalez94
Copy link
Copy Markdown
Contributor

@ggonzalez94 ggonzalez94 commented Mar 31, 2026
edited
Loading

Fixes #155

Summary

Adds two new signing operations to OWS:

  • signHash — sign a raw 32-byte hash on any secp256k1-backed chain. No prefix, no domain separator. Needed for protocols that compute their own digest (EIP-7702, custom schemes).
  • signAuthorization — convenience for EIP-7702 authorization tuples. Computes keccak256(0x05 || rlp([chain_id, address, nonce])) and signs it. EVM-only.

Both work through owner-mode (passphrase) and agent-mode (API key + policy evaluation). The policy engine sees the full preimage for authorization signing, so executable policies can inspect the RLP tuple.

Also refactors key_ops to eliminate duplicated policy-enforcement boilerplate across sign_with_api_key, sign_message_with_api_key, and the new sign_hash_with_api_key — they all share enforce_policy_and_decrypt_key_with_raw_hex now.

Changes span Rust core, Node bindings, Python bindings, spec, and SDK docs.

Test plan

  • 11 new Rust unit tests covering both paths, chain gating, policy enforcement, and payload inspection
  • Full test suite passes (491 tests, 0 failures)
  • Node binding tests for owner-mode and API-key-mode
  • Python binding tests for owner-mode and API-key-mode

@vercel
Copy link
Copy Markdown

vercel bot commented Mar 31, 2026

@ggonzalez94 is attempting to deploy a commit to the MoonPay Team on Vercel.

A member of the Team first needs to authorize it.

ggonzalez94 and others added 2 commits April 1, 2026 11:42
@ggonzalez94 @claude
feat: add signHash and signAuthorization operations
ef7709c 
Add raw 32-byte hash signing (secp256k1 chains) and EIP-7702
authorization signing (EVM chains) across Rust core, Node, and
Python bindings. Both paths support owner-mode and API-key-mode
with full policy evaluation.

Refactors key_ops to share policy enforcement via
enforce_policy_and_decrypt_key_with_raw_hex, eliminating
duplicated boilerplate across sign_with_api_key,
sign_message_with_api_key, and the new sign_hash_with_api_key.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ggonzalez94 @claude
fix: reject oversized decimal inputs early in EIP-7702 parsing
f8cdecb 
parse_quantity_bytes now checks the decimal string length against
a conservative upper bound (3 * max_len + 1 digits) before entering
the O(n·m) byte-conversion loop. Prevents CPU abuse from million-digit
nonce or chain_id strings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ggonzalez94 ggonzalez94 force-pushed the feat/sign-hash-and-eip7702 branch from 45da1d2 to f8cdecb Compare April 1, 2026 15:51
@ggonzalez94 ggonzalez94 marked this pull request as ready for review April 1, 2026 19:51
@ggonzalez94 ggonzalez94 requested a review from njdawn as a code owner April 1, 2026 19:51
@Sertug17 Sertug17 mentioned this pull request Apr 2, 2026
Open
@Sertug17
Copy link
Copy Markdown
Contributor

Sertug17 commented Apr 2, 2026

Found the CI failure — cargo fmt wasn't run on the new tests in evm.rs.
Two long lines in the test_eip7702_rejects_huge_nonce test need wrapping
to pass the formatter check. Happy to submit a fixup commit if you'd like.

njdawn
njdawn requested changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@njdawn njdawn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, can merge after ci is fixed.

Sertug17 added a commit to Sertug17/core that referenced this pull request Apr 3, 2026
@Sertug17
fix: apply cargo fmt to evm.rs tests (fixes CI for open-wallet-standa…
365d989 
…rd#156)
@Sertug17 Sertug17 mentioned this pull request Apr 4, 2026
Open
ggonzalez94 and others added 2 commits April 6, 2026 14:59
@ggonzalez94 @claude
style: fix cargo fmt in EIP-7702 nonce overflow test
fae3ea4 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ggonzalez94 @claude
merge: resolve upstream/main package-lock.json version conflict
21f1634 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ggonzalez94
Copy link
Copy Markdown
Contributor Author

ggonzalez94 commented Apr 6, 2026

lgtm, can merge after ci is fixed.

should be good now

@ggonzalez94
Copy link
Copy Markdown
Contributor Author

ggonzalez94 commented Apr 8, 2026

@njdawn CI should be green now — anything else needed before we can merge this?

@ggonzalez94
Merge remote-tracking branch 'upstream/main' into feat/sign-hash-and-…
6fd8fe7 
…eip7702

# Conflicts:
#	bindings/node/__test__/index.spec.mjs
#	bindings/python/tests/test_bindings.py
#	ows/crates/ows-lib/src/key_ops.rs
@ggonzalez94
Copy link
Copy Markdown
Contributor Author

ggonzalez94 commented Apr 8, 2026

updated with main and resolved conflicts after #148 was merged

@Sertug17
Copy link
Copy Markdown
Contributor

Sertug17 commented Apr 9, 2026

+1 to merge — CI is green, conflicts resolved, fmt fixed.
This unlocks signHash for EIP-7702 and raw digest signing use cases
that several protocol SDKs need (#131).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@njdawn njdawn njdawn requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add signHash for raw secp256k1 signing (needed for EIP-7702)

3 participants

@ggonzalez94 @Sertug17 @njdawn