@ocap/mcrypto 1.29.13 → 1.29.15

package/esm/crypter/aes.mjs

@@ -9,7 +9,7 @@ var AesCrypter = class extends crypter_default {
 	encrypt(message, secret, encoding = "hex") {
 		const keyBuffer = sha3_default.hash256(secret, 1, "buffer");
 		const key = Uint8Array.from(keyBuffer);
-		const cipher = crypto.createCipheriv("aes-256-ecb", key, null);
+		const cipher = crypto.createCipheriv("aes-256-ecb", key, "");
 		cipher.setAutoPadding(true);
 		const output = cipher.update(Uint8Array.from(toBuffer(message)));
 		return encode(Uint8Array.from(Buffer.concat([Uint8Array.from(output), Uint8Array.from(cipher.final())])), encoding);
@@ -17,7 +17,7 @@ var AesCrypter = class extends crypter_default {
 	decrypt(message, secret, encoding = "hex") {
 		const keyBuffer = sha3_default.hash256(secret, 1, "buffer");
 		const key = Uint8Array.from(keyBuffer);
-		const decipher = crypto.createDecipheriv("aes-256-ecb", key, null);
+		const decipher = crypto.createDecipheriv("aes-256-ecb", key, "");
 		decipher.setAutoPadding(true);
 		const output = decipher.update(Uint8Array.from(toBuffer(message)));
 		return encode(Uint8Array.from(Buffer.concat([Uint8Array.from(output), Uint8Array.from(decipher.final())])), encoding);

package/esm/index.d.mts

@@ -39,7 +39,7 @@ interface SignerType {
   sign(data: BytesType, sk: BytesType, encoding?: 'Uint8Array'): Uint8Array;
   sign(data: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
   /** extra is JSON string for passkey signer containing {authenticatorData, clientDataJSON} */
-  verify(data: BytesType, pk: BytesType, signature: BytesType, extra?: string): boolean;
+  verify(data: BytesType, signature: BytesType, pk: BytesType, extra?: string): boolean;
   ethHash?(data: string): string;
   ethSign?(data: string, sk: string): string;
   ethVerify?(data: string, pk: string, signature: BytesType): boolean;

package/esm/signer/ed25519.d.mts

@@ -25,6 +25,16 @@ declare class Ed25519Signer extends _default$1 {
    * @memberof Ed25519Signer
    */
   genKeyPair(encoding?: EncodingType, userSeed?: BytesType): KeyPairType;
+  /**
+   * Validate that a 64-byte key (in seed|pk format) has a matching embedded public key.
+   * Note: Cross-platform keys (e.g. Elixir) may use private_scalar|pk format where
+   * the first 32 bytes are NOT a seed, so this check only applies to seed|pk format keys.
+   *
+   * @param {Uint8Array} skBytes - 64-byte key to validate
+   * @returns {boolean} true if embedded pk matches seed-derived pk
+   * @throws {Error} if the key is not 64 bytes
+   */
+  validateKeyPair(sk: BytesType): boolean;
   /**
    * Get publicKey from secretKey
    *

package/esm/signer/ed25519.mjs

@@ -41,6 +41,23 @@ var Ed25519Signer = class extends signer_default {
 		};
 	}
 	/**
+	* Validate that a 64-byte key (in seed|pk format) has a matching embedded public key.
+	* Note: Cross-platform keys (e.g. Elixir) may use private_scalar|pk format where
+	* the first 32 bytes are NOT a seed, so this check only applies to seed|pk format keys.
+	*
+	* @param {Uint8Array} skBytes - 64-byte key to validate
+	* @returns {boolean} true if embedded pk matches seed-derived pk
+	* @throws {Error} if the key is not 64 bytes
+	*/
+	validateKeyPair(sk) {
+		const skBytes = toUint8Array(sk);
+		if (skBytes.byteLength !== 64) throw new Error("validateKeyPair requires a 64-byte key");
+		const seed = skBytes.slice(0, 32);
+		const derivedPk = ed.getPublicKey(seed);
+		const embeddedPk = skBytes.slice(32, 64);
+		return derivedPk.length === embeddedPk.length && derivedPk.every((b, i) => b === embeddedPk[i]);
+	}
+	/**
 	* Get publicKey from secretKey
 	*
 	* @param {hex|buffer|base58|Uint8Array} sk - can be either a hex encoded string or a buffer

package/esm/signer/secp256k1.mjs

@@ -57,23 +57,31 @@ var Secp256k1Signer = class extends signer_default {
 	* Sign a message and get the signature hex
 	*/
 	sign(message, sk, encoding = "hex") {
-		let msg = message;
-		try {
-			msg = toUint8Array(message);
-		} catch (_err) {}
+		const msg = toUint8Array(message);
 		return encode(`0x${secp256k1.keyFromPrivate(toBuffer(sk)).sign(stripHexPrefix(msg), { canonical: true }).toDER("hex")}`, encoding);
 	}
 	/**
 	* Verify if a signature is valid
 	*/
 	verify(message, signature, pk) {
-		let msg = message;
-		try {
-			msg = toUint8Array(message);
-		} catch (_err) {}
+		const msg = toUint8Array(message);
+		const sigHex = stripHexPrefix(toHex(signature));
+		const sigBuf = Buffer.from(sigHex, "hex");
+		if (sigBuf.length > 6 && sigBuf[0] === 48) {
+			const sLenIndex = 4 + sigBuf[3] + 1;
+			if (sLenIndex < sigBuf.length) {
+				const sLen = sigBuf[sLenIndex];
+				const sStart = sLenIndex + 1;
+				if (sStart + sLen <= sigBuf.length) {
+					const sValue = new BN(sigBuf.slice(sStart, sStart + sLen));
+					const halfOrder = secp256k1.curve.n.shrn(1);
+					if (sValue.cmp(halfOrder) > 0) return false;
+				}
+			}
+		}
 		let pkBuffer = toBuffer(pk);
 		if (this.pkHasFormatPrefix === false && pkBuffer[0] !== 4 && pkBuffer.byteLength === 64) pkBuffer = Buffer.concat([Uint8Array.from([4]), Uint8Array.from(pkBuffer)]);
-		return secp256k1.keyFromPublic(pkBuffer).verify(stripHexPrefix(msg), stripHexPrefix(toHex(signature)));
+		return secp256k1.keyFromPublic(pkBuffer).verify(stripHexPrefix(msg), sigHex);
 	}
 };
 var secp256k1_default = new Secp256k1Signer();

package/lib/crypter/aes.cjs

@@ -12,7 +12,7 @@ var AesCrypter = class extends require_protocols_crypter.default {
 	encrypt(message, secret, encoding = "hex") {
 		const keyBuffer = require_hasher_sha3.default.hash256(secret, 1, "buffer");
 		const key = Uint8Array.from(keyBuffer);
-		const cipher = node_crypto.default.createCipheriv("aes-256-ecb", key, null);
+		const cipher = node_crypto.default.createCipheriv("aes-256-ecb", key, "");
 		cipher.setAutoPadding(true);
 		const output = cipher.update(Uint8Array.from((0, _ocap_util.toBuffer)(message)));
 		return require_encode.encode(Uint8Array.from(Buffer.concat([Uint8Array.from(output), Uint8Array.from(cipher.final())])), encoding);
@@ -20,7 +20,7 @@ var AesCrypter = class extends require_protocols_crypter.default {
 	decrypt(message, secret, encoding = "hex") {
 		const keyBuffer = require_hasher_sha3.default.hash256(secret, 1, "buffer");
 		const key = Uint8Array.from(keyBuffer);
-		const decipher = node_crypto.default.createDecipheriv("aes-256-ecb", key, null);
+		const decipher = node_crypto.default.createDecipheriv("aes-256-ecb", key, "");
 		decipher.setAutoPadding(true);
 		const output = decipher.update(Uint8Array.from((0, _ocap_util.toBuffer)(message)));
 		return require_encode.encode(Uint8Array.from(Buffer.concat([Uint8Array.from(output), Uint8Array.from(decipher.final())])), encoding);

package/lib/index.d.cts

@@ -39,7 +39,7 @@ interface SignerType {
   sign(data: BytesType, sk: BytesType, encoding?: 'Uint8Array'): Uint8Array;
   sign(data: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
   /** extra is JSON string for passkey signer containing {authenticatorData, clientDataJSON} */
-  verify(data: BytesType, pk: BytesType, signature: BytesType, extra?: string): boolean;
+  verify(data: BytesType, signature: BytesType, pk: BytesType, extra?: string): boolean;
   ethHash?(data: string): string;
   ethSign?(data: string, sk: string): string;
   ethVerify?(data: string, pk: string, signature: BytesType): boolean;

package/lib/signer/ed25519.cjs

@@ -45,6 +45,23 @@ var Ed25519Signer = class extends require_protocols_signer.default {
 		};
 	}
 	/**
+	* Validate that a 64-byte key (in seed|pk format) has a matching embedded public key.
+	* Note: Cross-platform keys (e.g. Elixir) may use private_scalar|pk format where
+	* the first 32 bytes are NOT a seed, so this check only applies to seed|pk format keys.
+	*
+	* @param {Uint8Array} skBytes - 64-byte key to validate
+	* @returns {boolean} true if embedded pk matches seed-derived pk
+	* @throws {Error} if the key is not 64 bytes
+	*/
+	validateKeyPair(sk) {
+		const skBytes = (0, _ocap_util.toUint8Array)(sk);
+		if (skBytes.byteLength !== 64) throw new Error("validateKeyPair requires a 64-byte key");
+		const seed = skBytes.slice(0, 32);
+		const derivedPk = _noble_ed25519.getPublicKey(seed);
+		const embeddedPk = skBytes.slice(32, 64);
+		return derivedPk.length === embeddedPk.length && derivedPk.every((b, i) => b === embeddedPk[i]);
+	}
+	/**
 	* Get publicKey from secretKey
 	*
 	* @param {hex|buffer|base58|Uint8Array} sk - can be either a hex encoded string or a buffer

package/lib/signer/ed25519.d.cts

@@ -25,6 +25,16 @@ declare class Ed25519Signer extends _default$1 {
    * @memberof Ed25519Signer
    */
   genKeyPair(encoding?: EncodingType, userSeed?: BytesType): KeyPairType;
+  /**
+   * Validate that a 64-byte key (in seed|pk format) has a matching embedded public key.
+   * Note: Cross-platform keys (e.g. Elixir) may use private_scalar|pk format where
+   * the first 32 bytes are NOT a seed, so this check only applies to seed|pk format keys.
+   *
+   * @param {Uint8Array} skBytes - 64-byte key to validate
+   * @returns {boolean} true if embedded pk matches seed-derived pk
+   * @throws {Error} if the key is not 64 bytes
+   */
+  validateKeyPair(sk: BytesType): boolean;
   /**
    * Get publicKey from secretKey
    *

package/lib/signer/secp256k1.cjs

@@ -61,23 +61,31 @@ var Secp256k1Signer = class extends require_protocols_signer.default {
 	* Sign a message and get the signature hex
 	*/
 	sign(message, sk, encoding = "hex") {
-		let msg = message;
-		try {
-			msg = (0, _ocap_util.toUint8Array)(message);
-		} catch (_err) {}
+		const msg = (0, _ocap_util.toUint8Array)(message);
 		return require_encode.encode(`0x${secp256k1.keyFromPrivate((0, _ocap_util.toBuffer)(sk)).sign((0, _ocap_util.stripHexPrefix)(msg), { canonical: true }).toDER("hex")}`, encoding);
 	}
 	/**
 	* Verify if a signature is valid
 	*/
 	verify(message, signature, pk) {
-		let msg = message;
-		try {
-			msg = (0, _ocap_util.toUint8Array)(message);
-		} catch (_err) {}
+		const msg = (0, _ocap_util.toUint8Array)(message);
+		const sigHex = (0, _ocap_util.stripHexPrefix)((0, _ocap_util.toHex)(signature));
+		const sigBuf = Buffer.from(sigHex, "hex");
+		if (sigBuf.length > 6 && sigBuf[0] === 48) {
+			const sLenIndex = 4 + sigBuf[3] + 1;
+			if (sLenIndex < sigBuf.length) {
+				const sLen = sigBuf[sLenIndex];
+				const sStart = sLenIndex + 1;
+				if (sStart + sLen <= sigBuf.length) {
+					const sValue = new _ocap_util.BN(sigBuf.slice(sStart, sStart + sLen));
+					const halfOrder = secp256k1.curve.n.shrn(1);
+					if (sValue.cmp(halfOrder) > 0) return false;
+				}
+			}
+		}
 		let pkBuffer = (0, _ocap_util.toBuffer)(pk);
 		if (this.pkHasFormatPrefix === false && pkBuffer[0] !== 4 && pkBuffer.byteLength === 64) pkBuffer = Buffer.concat([Uint8Array.from([4]), Uint8Array.from(pkBuffer)]);
-		return secp256k1.keyFromPublic(pkBuffer).verify((0, _ocap_util.stripHexPrefix)(msg), (0, _ocap_util.stripHexPrefix)((0, _ocap_util.toHex)(signature)));
+		return secp256k1.keyFromPublic(pkBuffer).verify((0, _ocap_util.stripHexPrefix)(msg), sigHex);
 	}
 };
 var secp256k1_default = new Secp256k1Signer();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ocap/mcrypto",
-  "version": "1.29.13",
+  "version": "1.29.15",
   "type": "module",
   "description": "Crypto lib that provides signer,crypter,hasher interface",
   "keywords": [
@@ -48,7 +48,7 @@
     "esm"
   ],
   "devDependencies": {
-    "@ocap/e2e-test": "1.29.13",
+    "@ocap/e2e-test": "1.29.15",
     "@types/crypto-js": "^4.2.2",
     "@types/elliptic": "^6.4.18",
     "@types/node": "^22.7.5",
@@ -76,9 +76,9 @@
   "dependencies": {
     "@noble/ed25519": "^3.0.0",
     "@noble/hashes": "^2.0.1",
-    "@ocap/util": "1.29.13",
+    "@ocap/util": "1.29.15",
     "@simplewebauthn/server": "^13.0.0",
-    "bn.js": "5.2.2",
+    "bn.js": "5.2.3",
     "crypto-js": "^4.2.0",
     "elliptic": "^6.6.1",
     "eth-lib": "^0.2.8",
@@ -86,7 +86,7 @@
     "randombytes": "^2.1.0"
   },
   "resolutions": {
-    "bn.js": "5.2.2",
+    "bn.js": "5.2.3",
     "elliptic": "6.5.3"
   }
 }