npm - @arkecosystem/typescript-crypto - Versions diffs - 0.0.11 → 0.0.13 - Mend

@arkecosystem/typescript-crypto 0.0.11 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js +8 -45
package/dist/utils/Message.d.ts.map +1 -1
package/dist/utils/Message.js +12 -9
package/package.json +1 -1
package/src/utils/Message.ts +12 -9
package/tests/fixtures/message-sign.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -5657,7 +5657,7 @@ function weierstrass(curveDef) {
     return drbg(seed, k2sig);
   }
   Point3.BASE._setWindowSize(8);
-  function verify2(signature, msgHash, publicKey, opts = defaultVerOpts) {
+  function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
     const sg = signature;
     msgHash = ensureBytes("msgHash", msgHash);
     publicKey = ensureBytes("publicKey", publicKey);
@@ -5707,7 +5707,7 @@ function weierstrass(curveDef) {
     getPublicKey,
     getSharedSecret,
     sign,
-    verify: verify2,
+    verify,
     ProjectivePoint: Point3,
     Signature: Signature3,
     utils
@@ -23260,7 +23260,6 @@ var cr = () => (
 );
 var _hmacSync;
 var optS = { lowS: true };
-var optV = { lowS: true };
 var prepSig = (msgh, priv, opts = optS) => {
   if (["der", "recovered", "canonical"].some((k) => k in opts))
     err("option not supported");
@@ -23368,42 +23367,6 @@ var signAsync = async (msgh, priv, opts = optS) => {
   const { seed, k2sig } = prepSig(msgh, priv, opts);
   return hmacDrbg(true)(seed, k2sig);
 };
-var verify = (sig, msgh, pub, opts = optV) => {
-  let { lowS } = opts;
-  if (lowS == null)
-    lowS = true;
-  if ("strict" in opts)
-    err("option not supported");
-  let sig_, h, P2;
-  const rs = sig && typeof sig === "object" && "r" in sig;
-  if (!rs && toU8(sig).length !== 2 * fLen)
-    err("signature must be 64 bytes");
-  try {
-    sig_ = rs ? new Signature2(sig.r, sig.s).assertValidity() : Signature2.fromCompact(sig);
-    h = bits2int_modN(toU8(msgh));
-    P2 = pub instanceof Point2 ? pub.ok() : Point2.fromHex(pub);
-  } catch (e) {
-    return false;
-  }
-  if (!sig_)
-    return false;
-  const { r, s } = sig_;
-  if (lowS && high(s))
-    return false;
-  let R;
-  try {
-    const is = inv(s, N3);
-    const u1 = M(h * is, N3);
-    const u2 = M(r * is, N3);
-    R = G.mulAddQUns(P2, u1, u2).aff();
-  } catch (error) {
-    return false;
-  }
-  if (!R)
-    return false;
-  const v = M(R.x, N3);
-  return v === r;
-};
 var hashToPrivateKey = (hash2) => {
   hash2 = toU8(hash2);
   if (hash2.length < fLen + 8 || hash2.length > 1024)
@@ -27992,18 +27955,18 @@ var Message = class _Message {
   static async sign(message, passphrase) {
     const privateKey = PrivateKey.fromPassphrase(passphrase);
     const publicKey = PublicKey.fromPassphrase(passphrase).publicKey;
-    const signature = await privateKey.sign(Buffer.from(message).toString("hex"));
+    const signature = new SigningKey(`0x${privateKey.privateKey}`).sign(hashMessage(message));
     return _Message.new({
       publicKey,
-      signature: signature.r + signature.s + Number(signature.v).toString(16),
+      signature: signature.serialized,
       message
     });
   }
   verify() {
-    const message = Buffer.from(keccak256(Buffer.from(this.message)).slice(2), "hex");
-    const signature = Buffer.from(this.signature.slice(0, 128), "hex");
-    const publicKey = Buffer.from(this.publicKey, "hex");
-    return verify(signature, message, publicKey);
+    const message = new Uint8Array(new TextEncoder().encode(this.message));
+    const address = Address.fromPublicKey(this.publicKey);
+    const signerAddress = verifyMessage(message, this.signature);
+    return signerAddress === address;
   }
   toString() {
     return JSON.stringify(this.toJson());

package/dist/utils/Message.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Message.d.ts","sourceRoot":"","sources":["../../src/utils/Message.ts"],"names":[],"mappings":"~~AAEA~~,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;~~AAIxC~~,qBAAa,OAAO;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;gBAEX,OAAO,EAAE,aAAa;IAMlC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO;WAI9B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;~~IAaxE~~,MAAM,IAAI,OAAO;~~IAQjB~~,QAAQ,IAAI,MAAM;IAIlB,QAAQ,IAAI,MAAM,EAAE;IAIpB,MAAM,IAAI,aAAa;CAOvB"}
1	+ {"version":3,"file":"Message.d.ts","sourceRoot":"","sources":["../../src/utils/Message.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAKxC,qBAAa,OAAO;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;gBAEX,OAAO,EAAE,aAAa;IAMlC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO;WAI9B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAexE,MAAM,IAAI,OAAO;IASjB,QAAQ,IAAI,MAAM;IAIlB,QAAQ,IAAI,MAAM,EAAE;IAIpB,MAAM,IAAI,aAAa;CAOvB"}

package/dist/utils/Message.js CHANGED Viewed

@@ -7,10 +7,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import { PrivateKey } from "@/identities/PrivateKey";
 import { PublicKey } from "@/identities/PublicKey";
-import { keccak256 } from "ethers";
-import { verify } from "@noble/secp256k1";
+import { hashMessage, verifyMessage } from "ethers";
+import { Address, PrivateKey } from "@/identities";
+import { SigningKey } from "ethers";
 export class Message {
     constructor(message) {
         this.publicKey = message.publicKey;
@@ -24,19 +24,22 @@ export class Message {
         return __awaiter(this, void 0, void 0, function* () {
             const privateKey = PrivateKey.fromPassphrase(passphrase);
             const publicKey = PublicKey.fromPassphrase(passphrase).publicKey;
-            const signature = yield privateKey.sign(Buffer.from(message).toString("hex"));
+            // Sign messages using eip-191 signed data specification, to be aligned with ledger signing workflow.
+            // @see https://developers.ledger.com/docs/ledger-live/discover/integration/wallet-api/server/handlers/message
+            const signature = new SigningKey(`0x${privateKey.privateKey}`).sign(hashMessage(message));
             return Message.new({
                 publicKey,
-                signature: signature.r + signature.s + Number(signature.v).toString(16),
+                signature: signature.serialized,
                 message,
             });
         });
     }
     verify() {
-        const message = Buffer.from(keccak256(Buffer.from(this.message)).slice(2), "hex");
-        const signature = Buffer.from(this.signature.slice(0, 128), "hex");
-        const publicKey = Buffer.from(this.publicKey, "hex");
-        return verify(signature, message, publicKey);
+        const message = new Uint8Array(new TextEncoder().encode(this.message));
+        const address = Address.fromPublicKey(this.publicKey);
+        // Messages need to be signed using eip-191 signed data specification
+        const signerAddress = verifyMessage(message, this.signature);
+        return signerAddress === address;
     }
     toString() {
         return JSON.stringify(this.toJson());

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@arkecosystem/typescript-crypto",
-  "version": "0.0.11",
+  "version": "0.0.13",
   "engines": {
     "node": ">=20.12.2"
   },

package/src/utils/Message.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-import { PrivateKey } from "@/identities/PrivateKey";
 import { PublicKey } from "@/identities/PublicKey";
 import { SignedMessage } from "@/types";
-import { keccak256 } from "ethers";
-import { verify } from "@noble/secp256k1";
+import { hashMessage, verifyMessage } from "ethers";
+import { Address, PrivateKey } from "@/identities";
+import { SigningKey } from "ethers";
 export class Message {
 	public publicKey: string;
@@ -23,21 +23,24 @@ export class Message {
 		const privateKey = PrivateKey.fromPassphrase(passphrase);
 		const publicKey = PublicKey.fromPassphrase(passphrase).publicKey;
-		const signature = await privateKey.sign(Buffer.from(message).toString("hex"));
+		// Sign messages using eip-191 signed data specification, to be aligned with ledger signing workflow.
+		// @see https://developers.ledger.com/docs/ledger-live/discover/integration/wallet-api/server/handlers/message
+		const signature = new SigningKey(`0x${privateKey.privateKey}`).sign(hashMessage(message));
 		return Message.new({
 			publicKey,
-			signature: signature.r + signature.s + Number(signature.v).toString(16),
+			signature: signature.serialized,
 			message,
 		});
 	}
 	verify(): boolean {
-		const message = Buffer.from(keccak256(Buffer.from(this.message)).slice(2), "hex");
-		const signature = Buffer.from(this.signature.slice(0, 128), "hex");
-		const publicKey = Buffer.from(this.publicKey, "hex");
+		const message = new Uint8Array(new TextEncoder().encode(this.message));
+		const address = Address.fromPublicKey(this.publicKey);
+		// Messages need to be signed using eip-191 signed data specification
+		const signerAddress = verifyMessage(message, this.signature);
-		return verify(signature, message, publicKey);
+		return signerAddress === address;
 	}
 	toString(): string {

package/tests/fixtures/message-sign.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
 	"message": "Hello, world!",
 	"publicKey": "0243333347c8cbf4e3cbc7a96964181d02a2b0c854faa2fef86b4b8d92afcf473d",
-	"signature": "0e2e53409be748834cac44052817ecef569b429a0492aa6bbc0d934eb71a09547e77aeef33d45669bbcba0498149f0e2b637fe8905186e08a5410c6f2b013bb40"
+	"signature": "0x2bdd0c58ff8a25f456065fb731c73308a25d0a09f351f23e3c7dd3882776d33d626b0cafc0b99dd7504b24f6ecd2e036a267c8e5e005f36dcbc03b2e33fa7fc31c"
 }