SmartAccountUtils

public enum SmartAccountUtils

Cryptographic helpers for smart-account operations.

Provides utilities for WebAuthn signature processing, public-key extraction, and contract-address derivation. All members operate on raw byte material and do not depend on any platform-specific WebAuthn API.

Show on GitHub

  • Normalises a DER-encoded secp256r1 signature to compact format with low-S normalisation.

    Steps:

    1. Parse the DER format via parseDerSignature.
    2. Normalise s to its low-S form (s = n - s) when s > n/2.
    3. Pad both r and s to exactly 32 bytes.
    4. Return concatenated r || s (64 bytes total).

    Low-S normalisation ensures that signatures with s values greater than half the curve order are converted to their complement, which the Stellar/Soroban verifier requires.

    Throws

    SmartAccountValidationException.InvalidInput when the DER format is invalid.

    Declaration

    Swift

    public static func normalizeSignature(_ derSignature: Data) throws -> Data

    Parameters

    derSignature

    DER-encoded signature bytes.

    Return Value

    64-byte compact signature r || s.

    Show on GitHub

  • Extracts the secp256r1 public key from a WebAuthn registration response.

    Tries publicKey, authenticatorData, and attestationObject in order; at least one must be non-nil. Compressed keys (0x02/0x03 prefix) throw immediately.

    Throws

    SmartAccountValidationException.InvalidInput when a compressed key is detected, when no source is provided, or when all strategies fail.

    Declaration

    Swift

    public static func extractPublicKeyFromRegistration(
    publicKey: Data? = nil,
    authenticatorData: Data? = nil,
    attestationObject: Data? = nil
) throws -> Data

    Parameters

    publicKey

    Optional direct public key bytes (last 65 bytes used when longer, handling COSE/SPKI-wrapped keys).
    authenticatorData

    Optional raw authenticator data from registration.
    attestationObject

    Optional raw attestation object from registration.

    Return Value

    65-byte uncompressed public key (0x04 prefix + X + Y).

    Show on GitHub

  • Computes the contract salt from a WebAuthn credential ID.

    The salt is used during contract-address derivation so each credential ID maps to a unique smart-account contract address. The salt is the SHA-256 hash of the credential ID.

    Declaration

    Swift

    public static func getContractSalt(credentialId: Data) -> Data

    Parameters

    credentialId

    WebAuthn credential ID.

    Return Value

    32-byte SHA-256 digest of the credential ID.

    Show on GitHub

  • Derives the smart-account contract address from a credential ID and deployer.

    Computes the deterministic contract address that will be created when deploying a smart-account contract with the given credential ID from the specified deployer account on the specified network.

    Algorithm:

    salt = SHA-256(credentialId)
deployerAddress = SCAddress::Account(deployerPublicKey)
networkId = SHA-256(networkPassphrase as UTF-8)
preimage = HashIDPreimage::ContractID {
  networkId,
  contractIDPreimage: ContractIDPreimage::FromAddress {
    address: deployerAddress, salt: Uint256(salt)
  }
}
contractIdBytes = SHA-256(XDR_encode(preimage))
contractId = StrKey.encodeContractId(contractIdBytes)

    Throws

    SmartAccountValidationException.InvalidAddress when the deployer key is invalid, SmartAccountValidationException.InvalidInput when contract-ID encoding fails, or SmartAccountTransactionException.SigningFailed when XDR encoding fails.

    Declaration

    Swift

    public static func deriveContractAddress(
    credentialId: Data,
    deployerPublicKey: String,
    networkPassphrase: String
) throws -> String

    Parameters

    credentialId

    WebAuthn credential ID used to generate the salt.
    deployerPublicKey

    Stellar account ID (G… strkey) of the deployer.
    networkPassphrase

    Network passphrase.

    Return Value

    Contract address as a C… strkey.

    Show on GitHub