npm - @steemit/steem-js - Versions diffs - 1.0.10 → 1.0.11 - Mend

@steemit/steem-js 1.0.10 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -29,3 +29,4 @@ declare const steem: {
 export { steem };
 export * from './crypto';
 export { Api } from './api';
+export { sign as signRequest, validate as validateRequest } from './api/rpc-auth';

package/dist/index.js CHANGED Viewed

@@ -14173,6 +14173,77 @@ function sign$3(curve, hash, d, nonce) {
     const finalS = s.gt(N_OVER_TWO) ? n.sub(s) : s;
     return new ECSignature(r, finalS);
 }
+/**
+ * Recover a public key from a signature.
+ *
+ * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
+ * Key Recovery Operation".
+ *
+ * http://www.secg.org/download/aid-780/sec1-v2.pdf
+ */
+function recoverPubKey(curve, e, signature, i) {
+    if ((i & 3) !== i) {
+        throw new Error('Recovery param is more than two bits');
+    }
+    const n = new BN(curve.n.toString());
+    const r = signature.r;
+    const s = signature.s;
+    if (r.isNeg() || r.isZero() || !r.lt(n))
+        throw new Error('Invalid r value');
+    if (s.isNeg() || s.isZero() || !s.lt(n))
+        throw new Error('Invalid s value');
+    // Try using elliptic's built-in recoverPubKey method
+    // It expects: msg (Buffer), signature ({r: BN, s: BN}), j (recovery param)
+    try {
+        // Convert e (BN) to Buffer
+        const msgBuffer = e.toArrayLike(Buffer, 'be', 32);
+        // Create signature object compatible with elliptic's recoverPubKey
+        // elliptic expects {r: BN, s: BN} format
+        const sigObj = { r: r, s: s };
+        // Use elliptic's built-in method
+        const Q = curve.recoverPubKey(msgBuffer, sigObj, i);
+        return Q;
+    }
+    catch (error) {
+        // Fallback to manual implementation if elliptic's method fails
+        const G = curve.g;
+        // A set LSB signifies that the y-coordinate is odd
+        const isYOdd = !!(i & 1);
+        // The more significant bit specifies whether we should use the
+        // first or second candidate key.
+        const isSecondKey = i >> 1;
+        // 1.1 Let x = r + jn
+        const x = isSecondKey ? r.add(n) : r;
+        // pointFromX expects a hex string (not BN object)
+        // Convert BN to hex string and ensure proper padding
+        const xHex = x.toString(16);
+        // Ensure hex string is properly padded to 64 characters (32 bytes)
+        const xHexPadded = xHex.padStart(64, '0');
+        // pointFromX may also accept a Buffer, but hex string is more reliable
+        let R;
+        try {
+            R = curve.curve.pointFromX(xHexPadded, isYOdd);
+        }
+        catch (error) {
+            // If hex string fails, try with Buffer
+            const xBuffer = x.toArrayLike(Buffer, 'be', 32);
+            R = curve.curve.pointFromX(xBuffer, isYOdd);
+        }
+        // 1.4 Check that nR is at infinity
+        const nR = R.mul(n);
+        if (!nR.isInfinity())
+            throw new Error('nR is not a valid curve point');
+        // Compute -e from e
+        const eNeg = e.neg().mod(n);
+        // 1.6.1 Compute Q = r^-1 (sR -  eG)
+        //               Q = r^-1 (sR + -eG)
+        const rInv = r.invm(n);
+        const sR = R.mul(s);
+        const eGNeg = G.mul(eNeg);
+        const Q = sR.add(eGNeg).mul(rInv);
+        return Q;
+    }
+}
 /**
  * Calculate pubkey extraction parameter.
  *
@@ -14187,11 +14258,15 @@ function sign$3(curve, hash, d, nonce) {
 function calcPubKeyRecoveryParam(curve, e, signature, Q) {
     for (let i = 0; i < 4; i++) {
         try {
-            // Use elliptic's built-in recovery method
-            const Qprime = curve.recoverPubKey(e, signature, i);
+            // Use our own recoverPubKey function instead of curve.recoverPubKey
+            const Qprime = recoverPubKey(curve, e, signature, i);
             // 1.6.2 Verify Q = Q'
-            // Compare points by checking if they are the same point
-            if (Qprime.eq(Q)) {
+            // Compare points by checking coordinates (more reliable than eq method)
+            const Qx = Q.getX().toString(16);
+            const Qy = Q.getY().toString(16);
+            const QprimeX = Qprime.getX().toString(16);
+            const QprimeY = Qprime.getY().toString(16);
+            if (Qx === QprimeX && Qy === QprimeY) {
                 return i;
             }
         }
@@ -14225,7 +14300,13 @@ class Signature {
             throw new Error('Invalid signature length');
         }
         const i = buffer.readUInt8(0);
-        if ((i - 27) !== ((i - 27) & 7)) {
+        // Support both formats: 27-30 (old/legacy) and 31-34 (dsteem compatible)
+        // Check if it's in the old format (27-30) or new format (31-34)
+        const recoveryOld = i - 27;
+        const recoveryNew = i - 31;
+        const isValidOld = recoveryOld >= 0 && recoveryOld <= 3 && (recoveryOld === (recoveryOld & 7));
+        const isValidNew = recoveryNew >= 0 && recoveryNew <= 3 && (recoveryNew === (recoveryNew & 7));
+        if (!isValidOld && !isValidNew) {
             throw new Error('Invalid signature parameter');
         }
         const r = new BN(buffer.slice(1, 33));
@@ -14274,7 +14355,9 @@ class Signature {
             }
         }
         const i = calcPubKeyRecoveryParam(secp256k1, new BN(buf_sha256), ecsignature, privKey.toPublic().Q);
-        return new Signature(ecsignature.r, ecsignature.s, i + 27);
+        // Use recovery byte 31-34 (instead of 27-30) to be compatible with dsteem
+        // dsteem expects: recovery = byte - 31, so byte = recovery + 31
+        return new Signature(ecsignature.r, ecsignature.s, i + 31);
     }
     static isCanonical(r, s) {
         // See libraries/fc/src/crypto/elliptic_common.cpp is_fc_canonical
@@ -25734,7 +25817,7 @@ const steem = {
     operations,
     serializer,
     utils: utils$3,
-    version: '1.0.10',
+    version: '1.0.11',
     config: {
         set: (options) => {
             // If nodes is provided, extract the first node as url for API
@@ -25774,5 +25857,5 @@ if (typeof window !== 'undefined' || typeof globalThis !== 'undefined') {
     }
 }
-export { Api, doubleSha256, generateKeyPair, hmacSha256, ripemd160, sha256, sign, steem, verify };
+export { Api, doubleSha256, generateKeyPair, hmacSha256, ripemd160, sha256, sign, sign$2 as signRequest, steem, validate as validateRequest, verify };
 //# sourceMappingURL=index.js.map