@steemit/steem-js 1.0.10 → 1.0.11

package/dist/index.umd.js

@@ -16928,6 +16928,77 @@
 	    const finalS = s.gt(N_OVER_TWO) ? n.sub(s) : s;
 	    return new ECSignature(r, finalS);
 	}
+	/**
+	 * Recover a public key from a signature.
+	 *
+	 * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
+	 * Key Recovery Operation".
+	 *
+	 * http://www.secg.org/download/aid-780/sec1-v2.pdf
+	 */
+	function recoverPubKey(curve, e, signature, i) {
+	    if ((i & 3) !== i) {
+	        throw new Error('Recovery param is more than two bits');
+	    }
+	    const n = new BN(curve.n.toString());
+	    const r = signature.r;
+	    const s = signature.s;
+	    if (r.isNeg() || r.isZero() || !r.lt(n))
+	        throw new Error('Invalid r value');
+	    if (s.isNeg() || s.isZero() || !s.lt(n))
+	        throw new Error('Invalid s value');
+	    // Try using elliptic's built-in recoverPubKey method
+	    // It expects: msg (Buffer), signature ({r: BN, s: BN}), j (recovery param)
+	    try {
+	        // Convert e (BN) to Buffer
+	        const msgBuffer = e.toArrayLike(buffer.Buffer, 'be', 32);
+	        // Create signature object compatible with elliptic's recoverPubKey
+	        // elliptic expects {r: BN, s: BN} format
+	        const sigObj = { r: r, s: s };
+	        // Use elliptic's built-in method
+	        const Q = curve.recoverPubKey(msgBuffer, sigObj, i);
+	        return Q;
+	    }
+	    catch (error) {
+	        // Fallback to manual implementation if elliptic's method fails
+	        const G = curve.g;
+	        // A set LSB signifies that the y-coordinate is odd
+	        const isYOdd = !!(i & 1);
+	        // The more significant bit specifies whether we should use the
+	        // first or second candidate key.
+	        const isSecondKey = i >> 1;
+	        // 1.1 Let x = r + jn
+	        const x = isSecondKey ? r.add(n) : r;
+	        // pointFromX expects a hex string (not BN object)
+	        // Convert BN to hex string and ensure proper padding
+	        const xHex = x.toString(16);
+	        // Ensure hex string is properly padded to 64 characters (32 bytes)
+	        const xHexPadded = xHex.padStart(64, '0');
+	        // pointFromX may also accept a Buffer, but hex string is more reliable
+	        let R;
+	        try {
+	            R = curve.curve.pointFromX(xHexPadded, isYOdd);
+	        }
+	        catch (error) {
+	            // If hex string fails, try with Buffer
+	            const xBuffer = x.toArrayLike(buffer.Buffer, 'be', 32);
+	            R = curve.curve.pointFromX(xBuffer, isYOdd);
+	        }
+	        // 1.4 Check that nR is at infinity
+	        const nR = R.mul(n);
+	        if (!nR.isInfinity())
+	            throw new Error('nR is not a valid curve point');
+	        // Compute -e from e
+	        const eNeg = e.neg().mod(n);
+	        // 1.6.1 Compute Q = r^-1 (sR -  eG)
+	        //               Q = r^-1 (sR + -eG)
+	        const rInv = r.invm(n);
+	        const sR = R.mul(s);
+	        const eGNeg = G.mul(eNeg);
+	        const Q = sR.add(eGNeg).mul(rInv);
+	        return Q;
+	    }
+	}
 	/**
 	 * Calculate pubkey extraction parameter.
 	 *
@@ -16942,11 +17013,15 @@
 	function calcPubKeyRecoveryParam(curve, e, signature, Q) {
 	    for (let i = 0; i < 4; i++) {
 	        try {
-	            // Use elliptic's built-in recovery method
-	            const Qprime = curve.recoverPubKey(e, signature, i);
+	            // Use our own recoverPubKey function instead of curve.recoverPubKey
+	            const Qprime = recoverPubKey(curve, e, signature, i);
 	            // 1.6.2 Verify Q = Q'
-	            // Compare points by checking if they are the same point
-	            if (Qprime.eq(Q)) {
+	            // Compare points by checking coordinates (more reliable than eq method)
+	            const Qx = Q.getX().toString(16);
+	            const Qy = Q.getY().toString(16);
+	            const QprimeX = Qprime.getX().toString(16);
+	            const QprimeY = Qprime.getY().toString(16);
+	            if (Qx === QprimeX && Qy === QprimeY) {
 	                return i;
 	            }
 	        }
@@ -16980,7 +17055,13 @@
 	            throw new Error('Invalid signature length');
 	        }
 	        const i = buffer.readUInt8(0);
-	        if ((i - 27) !== ((i - 27) & 7)) {
+	        // Support both formats: 27-30 (old/legacy) and 31-34 (dsteem compatible)
+	        // Check if it's in the old format (27-30) or new format (31-34)
+	        const recoveryOld = i - 27;
+	        const recoveryNew = i - 31;
+	        const isValidOld = recoveryOld >= 0 && recoveryOld <= 3 && (recoveryOld === (recoveryOld & 7));
+	        const isValidNew = recoveryNew >= 0 && recoveryNew <= 3 && (recoveryNew === (recoveryNew & 7));
+	        if (!isValidOld && !isValidNew) {
 	            throw new Error('Invalid signature parameter');
 	        }
 	        const r = new BN(buffer.slice(1, 33));
@@ -17029,7 +17110,9 @@
 	            }
 	        }
 	        const i = calcPubKeyRecoveryParam(secp256k1, new BN(buf_sha256), ecsignature, privKey.toPublic().Q);
-	        return new Signature(ecsignature.r, ecsignature.s, i + 27);
+	        // Use recovery byte 31-34 (instead of 27-30) to be compatible with dsteem
+	        // dsteem expects: recovery = byte - 31, so byte = recovery + 31
+	        return new Signature(ecsignature.r, ecsignature.s, i + 31);
 	    }
 	    static isCanonical(r, s) {
 	        // See libraries/fc/src/crypto/elliptic_common.cpp is_fc_canonical
@@ -28761,7 +28844,7 @@
 	    serializer,
 	    utils: utils$n,
 	    ...crypto$1,
-	    version: '1.0.10',
+	    version: '1.0.11',
 	    config: {
 	        set: (options) => {
 	            // If nodes is provided, extract the first node as url for API