@talismn/crypto 0.1.0 → 0.1.2

package/dist/declarations/src/derivation/common.d.ts

@@ -1,5 +1,5 @@
 type DerivationDescriptor = [type: "hard" | "soft", code: string];
 export declare const parseSubstrateDerivations: (derivationsStr: string) => DerivationDescriptor[];
-export declare const createChainCode: (code: string) => Uint8Array;
-export declare const deriveSubstrateSecretKey: (seed: Uint8Array, derivationPath: string, prefix: string) => Uint8Array;
+export declare const createChainCode: (code: string) => Uint8Array<ArrayBuffer>;
+export declare const deriveSubstrateSecretKey: (seed: Uint8Array, derivationPath: string, prefix: string) => Uint8Array<ArrayBufferLike>;
 export {};

package/dist/declarations/src/derivation/deriveEcdsa.d.ts

@@ -1,3 +1,3 @@
 import type { Keypair } from "../types";
 export declare const deriveEcdsa: (seed: Uint8Array, derivationPath: string) => Keypair;
-export declare const getPublicKeyEcdsa: (secretKey: Uint8Array) => Uint8Array;
+export declare const getPublicKeyEcdsa: (secretKey: Uint8Array) => Uint8Array<ArrayBufferLike>;

package/dist/declarations/src/derivation/deriveEd25519.d.ts

@@ -1,3 +1,3 @@
 import type { Keypair } from "../types";
 export declare const deriveEd25519: (seed: Uint8Array, derivationPath: string) => Keypair;
-export declare const getPublicKeyEd25519: (secretKey: Uint8Array) => Uint8Array;
+export declare const getPublicKeyEd25519: (secretKey: Uint8Array) => Uint8Array<ArrayBufferLike>;

package/dist/declarations/src/derivation/deriveEthereum.d.ts

@@ -1,3 +1,3 @@
 import type { Keypair } from "../types";
 export declare const deriveEthereum: (seed: Uint8Array, derivationPath: string) => Keypair;
-export declare const getPublicKeyEthereum: (secretKey: Uint8Array) => Uint8Array;
+export declare const getPublicKeyEthereum: (secretKey: Uint8Array) => Uint8Array<ArrayBufferLike>;

package/dist/declarations/src/derivation/deriveSolana.d.ts

@@ -1,3 +1,3 @@
 import type { Keypair } from "../types";
 export declare const deriveSolana: (seed: Uint8Array, derivationPath: string) => Keypair;
-export declare const getPublicKeySolana: (secretKey: Uint8Array) => Uint8Array;
+export declare const getPublicKeySolana: (secretKey: Uint8Array) => Uint8Array<ArrayBufferLike>;

package/dist/declarations/src/derivation/utils.d.ts

@@ -1,7 +1,7 @@
 import { KeypairCurve } from "../types";
 export declare const deriveKeypair: (seed: Uint8Array, derivationPath: string, curve: KeypairCurve) => import("../types").Keypair;
 export declare const getPublicKeyFromSecret: (secretKey: Uint8Array, curve: KeypairCurve) => Uint8Array;
-export declare const addressFromSuri: (suri: string, type: KeypairCurve) => string;
+export declare const addressFromSuri: (suri: string, type: KeypairCurve) => Promise<string>;
 /**
  * @dev we only expect suri to contain a mnemonic and derivation path.
  * for other cases see https://polkadot.js.org/docs/keyring/start/suri/
@@ -12,5 +12,5 @@ export declare const parseSuri: (suri: string) => {
     password: string | undefined;
 };
 export declare const removeHexPrefix: (secretKey: string) => string;
-export declare const parseSecretKey: (secretKey: string, curve: KeypairCurve) => Uint8Array;
-export declare const isValidDerivationPath: (derivationPath: string, curve: KeypairCurve) => boolean;
+export declare const parseSecretKey: (secretKey: string, curve: KeypairCurve) => Uint8Array<ArrayBufferLike>;
+export declare const isValidDerivationPath: (derivationPath: string, curve: KeypairCurve) => Promise<boolean>;

package/dist/declarations/src/hashing/index.d.ts

@@ -4,6 +4,6 @@ export declare const blake3: {
     blockLen: number;
     create(opts: Object): import("@noble/hashes/utils").HashXOF<import("@noble/hashes/utils").HashXOF<import("@noble/hashes/utils").HashXOF<any>>>;
 };
-export declare const blake2b256: (msg: Uint8Array) => Uint8Array;
-export declare const blake2b512: (msg: Uint8Array) => Uint8Array;
+export declare const blake2b256: (msg: Uint8Array) => Uint8Array<ArrayBufferLike>;
+export declare const blake2b512: (msg: Uint8Array) => Uint8Array<ArrayBufferLike>;
 export declare const getSafeHash: (bytes: Uint8Array) => string;

package/dist/declarations/src/mnemonic/index.d.ts

@@ -1,9 +1,9 @@
 import type { KeypairCurve } from "../types";
-export declare const mnemonicToEntropy: (mnemonic: string) => Uint8Array;
+export declare const mnemonicToEntropy: (mnemonic: string) => Uint8Array<ArrayBufferLike>;
 export declare const entropyToMnemonic: (entropy: Uint8Array) => string;
-export declare const entropyToSeed: (entropy: Uint8Array, curve: KeypairCurve, password?: string) => Uint8Array;
+export declare const entropyToSeed: (entropy: Uint8Array, curve: KeypairCurve, password?: string) => Promise<Uint8Array<ArrayBuffer>>;
 export declare const isValidMnemonic: (mnemonic: string) => boolean;
 export declare const generateMnemonic: (words: 12 | 24) => string;
 export declare const DEV_MNEMONIC_POLKADOT = "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
 export declare const DEV_MNEMONIC_ETHEREUM = "test test test test test test test test test test test junk";
-export declare const getDevSeed: (curve: KeypairCurve) => Uint8Array;
+export declare const getDevSeed: (curve: KeypairCurve) => Promise<Uint8Array<ArrayBufferLike>>;

package/dist/declarations/src/utils/index.d.ts

@@ -1 +1,2 @@
 export * from "./exports";
+export * from "./pbkdf2";

package/dist/declarations/src/utils/pbkdf2.d.ts

@@ -0,0 +1 @@
+export declare const pbkdf2: (hash: "SHA-256" | "SHA-512", entropy: Uint8Array, salt: Uint8Array, iterations: number, outputLenBytes: number) => Promise<Uint8Array<ArrayBuffer>>;

package/dist/talismn-crypto.cjs.dev.js

@@ -1,7 +1,5 @@
 'use strict';
 
-var pbkdf2 = require('@noble/hashes/pbkdf2');
-var sha512 = require('@noble/hashes/sha512');
 var bip39 = require('@scure/bip39');
 var english = require('@scure/bip39/wordlists/english');
 var base = require('@scure/base');
@@ -14,30 +12,41 @@ var scaleTs = require('scale-ts');
 var ed25519 = require('@noble/curves/ed25519');
 var bip32 = require('@scure/bip32');
 var hmac = require('@noble/hashes/hmac');
+var sha512 = require('@noble/hashes/sha512');
 var microSr25519 = require('micro-sr25519');
 
+const pbkdf2 = async (hash, entropy, salt, iterations, outputLenBytes) => {
+  // NOTE: react-native-quick-crypto (our `global.crypto` polyfill on Talisman Mobile) doesn't support `crypto.subtle.deriveKey`.
+  // But, we can work around this by using `crypto.subtle.deriveBits` and `crypto.subtle.importKey`, which when used together
+  // can provide the same functionality as `crypto.subtle.deriveKey`.
+  const keyMaterial = await crypto.subtle.importKey("raw", entropy, "PBKDF2", false, ["deriveBits"]);
+  const derivedBits = await crypto.subtle.deriveBits({
+    name: "PBKDF2",
+    salt,
+    iterations,
+    hash
+  }, keyMaterial, outputLenBytes * 8);
+  return new Uint8Array(derivedBits);
+};
+
 const mnemonicToEntropy = mnemonic => {
   return bip39.mnemonicToEntropy(mnemonic, english.wordlist);
 };
 const entropyToMnemonic = entropy => {
   return bip39.entropyToMnemonic(entropy, english.wordlist);
 };
-const salt = password => {
-  return new TextEncoder().encode(`mnemonic${password.normalize("NFKD")}`);
-};
-const entropyToSeedSubstrate = (entropy, password) => {
-  return pbkdf2.pbkdf2(sha512.sha512, entropy, salt(password ?? ""), {
-    c: 2048,
-    dkLen: 32
-  });
-};
-const entropyToSeedClassic = (entropy, password) => {
-  const mnemonic = entropyToMnemonic(entropy);
-  return pbkdf2.pbkdf2(sha512.sha512, mnemonic.normalize("NFKD"), salt(password ?? ""), {
-    c: 2048,
-    dkLen: 64
-  });
-};
+const entropyToSeedSubstrate = async (entropy, password) => await pbkdf2("SHA-512", entropy, mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+32 // 32 bytes (32 * 8 == 256 bits)
+);
+const entropyToSeedClassic = async (entropy, password) => await pbkdf2("SHA-512", encodeNormalized(entropyToMnemonic(entropy)), mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+64 // 64 bytes (64 * 8 == 512 bits)
+);
+const mnemonicPasswordToSalt = password => encodeNormalized(`mnemonic${password}`);
+
+/** Normalizes a UTF-8 string using `NFKD` form, then encodes it into bytes */
+const encodeNormalized = utf8 => new TextEncoder().encode(utf8.normalize("NFKD"));
 const getSeedDerivationType = curve => {
   switch (curve) {
     case "sr25519":
@@ -52,13 +61,13 @@ const getSeedDerivationType = curve => {
 
 // when deriving keys from a mnemonic, we usually dont want a password here.
 // a password provided here would be used as a 25th mnemonic word.
-const entropyToSeed = (entropy, curve, password) => {
+const entropyToSeed = async (entropy, curve, password) => {
   const type = getSeedDerivationType(curve);
   switch (type) {
     case "classic":
-      return entropyToSeedClassic(entropy, password);
+      return await entropyToSeedClassic(entropy, password);
     case "substrate":
-      return entropyToSeedSubstrate(entropy, password);
+      return await entropyToSeedSubstrate(entropy, password);
   }
 };
 const isValidMnemonic = mnemonic => {
@@ -81,21 +90,21 @@ const DEV_MNEMONIC_ETHEREUM = "test test test test test test test test test test
 
 // keep dev seeds in cache as we will reuse them to validate multiple derivation paths
 const DEV_SEED_CACHE = new Map();
-const getDevSeed = curve => {
+const getDevSeed = async curve => {
   const type = getSeedDerivationType(curve);
   if (!DEV_SEED_CACHE.has(type)) {
     switch (type) {
       case "classic":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_ETHEREUM);
-          const seed = entropyToSeedClassic(entropy); // 80ms
+          const seed = await entropyToSeedClassic(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
       case "substrate":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_POLKADOT);
-          const seed = entropyToSeedSubstrate(entropy); // 80ms
+          const seed = await entropyToSeedSubstrate(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
@@ -326,9 +335,38 @@ const deriveEd25519 = (seed, derivationPath) => {
   };
 };
 const getPublicKeyEd25519 = secretKey => {
+  // When importing ed25519 polkadot-js accounts via json, which we do inside of `packages/extension-core/src/domains/keyring/getSecretKeyFromPjsJson.ts`,
+  // the secretKey we produce is 64 bytes in length.
+  //
+  // When using the ed25519 curve to derive a publicKey for this 64 bytes privateKey, we should only take the first 32 bytes:
+  // - https://github.com/paulmillr/noble-curves/issues/53#issuecomment-1577362759
+  // - https://github.com/paulmillr/noble-curves/discussions/33#discussioncomment-5685971
+  // - https://github.com/paulmillr/noble-curves/pull/54
+  // - https://github.com/paulmillr/noble-curves/issues/88
+  //
+  // When you compare the ed25519 publicKey of a given account produced by this function to the publicKey produced by
+  // polkadot-js, you will find that they are the same as eachother.
+  if (secretKey.length === 64) {
+    const [privateComponent, publicComponent] = [secretKey.slice(0, 32), secretKey.slice(32)];
+    const publicKey = ed25519.ed25519.getPublicKey(privateComponent);
+
+    // NOTE: We only accept a 64 byte secretKey when the first 32 bytes successfully produce a public key which equals the second 32 bytes of the secretKey.
+    //
+    // In this scenario, we assume the creator of the secretKey has given us an array of bytes which equals `[...privateKey, ...publicKey]`.
+    //
+    // However, if the second 32 bytes **don't** match the publicKey produced by the first 32 bytes, we no longer know what's going on.
+    //
+    // In that case we pass the 64 bytes directly through to `@noble/curves/ed25519`, which we expect will throw the error: `private key of length 32 expected, got 64`.
+    // But if there's some 64 byte key format for ed25519 we don't know about, or one is added in the future, `@noble/curves/ed25519` can handle that for us instead of throwing.
+    if (!isUint8ArrayEq(publicComponent, publicKey)) return ed25519.ed25519.getPublicKey(secretKey);
+    return publicKey;
+  }
   return ed25519.ed25519.getPublicKey(secretKey);
 };
 
+/** If a is identical to b, this function returns true, otherwise it returns false */
+const isUint8ArrayEq = (a, b) => a.length !== b.length || a.some((v, i) => v !== b[i]) ? false : true;
+
 const deriveEthereum = (seed, derivationPath) => {
   const hdkey = bip32.HDKey.fromMasterSeed(seed);
   const childKey = hdkey.derive(derivationPath);
@@ -430,14 +468,14 @@ const getPublicKeyFromSecret = (secretKey, curve) => {
       return getPublicKeySolana(secretKey);
   }
 };
-const addressFromSuri = (suri, type) => {
+const addressFromSuri = async (suri, type) => {
   const {
     mnemonic,
     derivationPath,
     password
   } = parseSuri(suri);
   const entropy = mnemonicToEntropy(mnemonic);
-  const seed = entropyToSeed(entropy, type, password); // ~80ms
+  const seed = await entropyToSeed(entropy, type, password); // ~80ms
   const {
     secretKey
   } = deriveKeypair(seed, derivationPath, type);
@@ -487,9 +525,9 @@ const parseSecretKey = (secretKey, curve) => {
 };
 
 // @dev: didn't find a reliable source of information on which characters are valid => assume it s valid if a keypair can be generated from it
-const isValidDerivationPath = (derivationPath, curve) => {
+const isValidDerivationPath = async (derivationPath, curve) => {
   try {
-    deriveKeypair(getDevSeed(curve), derivationPath, curve);
+    deriveKeypair(await getDevSeed(curve), derivationPath, curve);
     return true;
   } catch (err) {
     return false;
@@ -562,6 +600,7 @@ exports.mnemonicToEntropy = mnemonicToEntropy;
 exports.normalizeAddress = normalizeAddress;
 exports.parseSecretKey = parseSecretKey;
 exports.parseSuri = parseSuri;
+exports.pbkdf2 = pbkdf2;
 exports.platformFromAddress = platformFromAddress;
 exports.platformFromCurve = platformFromCurve;
 exports.platformFromEncoding = platformFromEncoding;

package/dist/talismn-crypto.cjs.prod.js

@@ -1,7 +1,5 @@
 'use strict';
 
-var pbkdf2 = require('@noble/hashes/pbkdf2');
-var sha512 = require('@noble/hashes/sha512');
 var bip39 = require('@scure/bip39');
 var english = require('@scure/bip39/wordlists/english');
 var base = require('@scure/base');
@@ -14,30 +12,41 @@ var scaleTs = require('scale-ts');
 var ed25519 = require('@noble/curves/ed25519');
 var bip32 = require('@scure/bip32');
 var hmac = require('@noble/hashes/hmac');
+var sha512 = require('@noble/hashes/sha512');
 var microSr25519 = require('micro-sr25519');
 
+const pbkdf2 = async (hash, entropy, salt, iterations, outputLenBytes) => {
+  // NOTE: react-native-quick-crypto (our `global.crypto` polyfill on Talisman Mobile) doesn't support `crypto.subtle.deriveKey`.
+  // But, we can work around this by using `crypto.subtle.deriveBits` and `crypto.subtle.importKey`, which when used together
+  // can provide the same functionality as `crypto.subtle.deriveKey`.
+  const keyMaterial = await crypto.subtle.importKey("raw", entropy, "PBKDF2", false, ["deriveBits"]);
+  const derivedBits = await crypto.subtle.deriveBits({
+    name: "PBKDF2",
+    salt,
+    iterations,
+    hash
+  }, keyMaterial, outputLenBytes * 8);
+  return new Uint8Array(derivedBits);
+};
+
 const mnemonicToEntropy = mnemonic => {
   return bip39.mnemonicToEntropy(mnemonic, english.wordlist);
 };
 const entropyToMnemonic = entropy => {
   return bip39.entropyToMnemonic(entropy, english.wordlist);
 };
-const salt = password => {
-  return new TextEncoder().encode(`mnemonic${password.normalize("NFKD")}`);
-};
-const entropyToSeedSubstrate = (entropy, password) => {
-  return pbkdf2.pbkdf2(sha512.sha512, entropy, salt(password ?? ""), {
-    c: 2048,
-    dkLen: 32
-  });
-};
-const entropyToSeedClassic = (entropy, password) => {
-  const mnemonic = entropyToMnemonic(entropy);
-  return pbkdf2.pbkdf2(sha512.sha512, mnemonic.normalize("NFKD"), salt(password ?? ""), {
-    c: 2048,
-    dkLen: 64
-  });
-};
+const entropyToSeedSubstrate = async (entropy, password) => await pbkdf2("SHA-512", entropy, mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+32 // 32 bytes (32 * 8 == 256 bits)
+);
+const entropyToSeedClassic = async (entropy, password) => await pbkdf2("SHA-512", encodeNormalized(entropyToMnemonic(entropy)), mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+64 // 64 bytes (64 * 8 == 512 bits)
+);
+const mnemonicPasswordToSalt = password => encodeNormalized(`mnemonic${password}`);
+
+/** Normalizes a UTF-8 string using `NFKD` form, then encodes it into bytes */
+const encodeNormalized = utf8 => new TextEncoder().encode(utf8.normalize("NFKD"));
 const getSeedDerivationType = curve => {
   switch (curve) {
     case "sr25519":
@@ -52,13 +61,13 @@ const getSeedDerivationType = curve => {
 
 // when deriving keys from a mnemonic, we usually dont want a password here.
 // a password provided here would be used as a 25th mnemonic word.
-const entropyToSeed = (entropy, curve, password) => {
+const entropyToSeed = async (entropy, curve, password) => {
   const type = getSeedDerivationType(curve);
   switch (type) {
     case "classic":
-      return entropyToSeedClassic(entropy, password);
+      return await entropyToSeedClassic(entropy, password);
     case "substrate":
-      return entropyToSeedSubstrate(entropy, password);
+      return await entropyToSeedSubstrate(entropy, password);
   }
 };
 const isValidMnemonic = mnemonic => {
@@ -81,21 +90,21 @@ const DEV_MNEMONIC_ETHEREUM = "test test test test test test test test test test
 
 // keep dev seeds in cache as we will reuse them to validate multiple derivation paths
 const DEV_SEED_CACHE = new Map();
-const getDevSeed = curve => {
+const getDevSeed = async curve => {
   const type = getSeedDerivationType(curve);
   if (!DEV_SEED_CACHE.has(type)) {
     switch (type) {
       case "classic":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_ETHEREUM);
-          const seed = entropyToSeedClassic(entropy); // 80ms
+          const seed = await entropyToSeedClassic(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
       case "substrate":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_POLKADOT);
-          const seed = entropyToSeedSubstrate(entropy); // 80ms
+          const seed = await entropyToSeedSubstrate(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
@@ -326,9 +335,38 @@ const deriveEd25519 = (seed, derivationPath) => {
   };
 };
 const getPublicKeyEd25519 = secretKey => {
+  // When importing ed25519 polkadot-js accounts via json, which we do inside of `packages/extension-core/src/domains/keyring/getSecretKeyFromPjsJson.ts`,
+  // the secretKey we produce is 64 bytes in length.
+  //
+  // When using the ed25519 curve to derive a publicKey for this 64 bytes privateKey, we should only take the first 32 bytes:
+  // - https://github.com/paulmillr/noble-curves/issues/53#issuecomment-1577362759
+  // - https://github.com/paulmillr/noble-curves/discussions/33#discussioncomment-5685971
+  // - https://github.com/paulmillr/noble-curves/pull/54
+  // - https://github.com/paulmillr/noble-curves/issues/88
+  //
+  // When you compare the ed25519 publicKey of a given account produced by this function to the publicKey produced by
+  // polkadot-js, you will find that they are the same as eachother.
+  if (secretKey.length === 64) {
+    const [privateComponent, publicComponent] = [secretKey.slice(0, 32), secretKey.slice(32)];
+    const publicKey = ed25519.ed25519.getPublicKey(privateComponent);
+
+    // NOTE: We only accept a 64 byte secretKey when the first 32 bytes successfully produce a public key which equals the second 32 bytes of the secretKey.
+    //
+    // In this scenario, we assume the creator of the secretKey has given us an array of bytes which equals `[...privateKey, ...publicKey]`.
+    //
+    // However, if the second 32 bytes **don't** match the publicKey produced by the first 32 bytes, we no longer know what's going on.
+    //
+    // In that case we pass the 64 bytes directly through to `@noble/curves/ed25519`, which we expect will throw the error: `private key of length 32 expected, got 64`.
+    // But if there's some 64 byte key format for ed25519 we don't know about, or one is added in the future, `@noble/curves/ed25519` can handle that for us instead of throwing.
+    if (!isUint8ArrayEq(publicComponent, publicKey)) return ed25519.ed25519.getPublicKey(secretKey);
+    return publicKey;
+  }
   return ed25519.ed25519.getPublicKey(secretKey);
 };
 
+/** If a is identical to b, this function returns true, otherwise it returns false */
+const isUint8ArrayEq = (a, b) => a.length !== b.length || a.some((v, i) => v !== b[i]) ? false : true;
+
 const deriveEthereum = (seed, derivationPath) => {
   const hdkey = bip32.HDKey.fromMasterSeed(seed);
   const childKey = hdkey.derive(derivationPath);
@@ -430,14 +468,14 @@ const getPublicKeyFromSecret = (secretKey, curve) => {
       return getPublicKeySolana(secretKey);
   }
 };
-const addressFromSuri = (suri, type) => {
+const addressFromSuri = async (suri, type) => {
   const {
     mnemonic,
     derivationPath,
     password
   } = parseSuri(suri);
   const entropy = mnemonicToEntropy(mnemonic);
-  const seed = entropyToSeed(entropy, type, password); // ~80ms
+  const seed = await entropyToSeed(entropy, type, password); // ~80ms
   const {
     secretKey
   } = deriveKeypair(seed, derivationPath, type);
@@ -487,9 +525,9 @@ const parseSecretKey = (secretKey, curve) => {
 };
 
 // @dev: didn't find a reliable source of information on which characters are valid => assume it s valid if a keypair can be generated from it
-const isValidDerivationPath = (derivationPath, curve) => {
+const isValidDerivationPath = async (derivationPath, curve) => {
   try {
-    deriveKeypair(getDevSeed(curve), derivationPath, curve);
+    deriveKeypair(await getDevSeed(curve), derivationPath, curve);
     return true;
   } catch (err) {
     return false;
@@ -562,6 +600,7 @@ exports.mnemonicToEntropy = mnemonicToEntropy;
 exports.normalizeAddress = normalizeAddress;
 exports.parseSecretKey = parseSecretKey;
 exports.parseSuri = parseSuri;
+exports.pbkdf2 = pbkdf2;
 exports.platformFromAddress = platformFromAddress;
 exports.platformFromCurve = platformFromCurve;
 exports.platformFromEncoding = platformFromEncoding;

package/dist/talismn-crypto.esm.js

@@ -1,5 +1,3 @@
-import { pbkdf2 } from '@noble/hashes/pbkdf2';
-import { sha512 } from '@noble/hashes/sha512';
 import { mnemonicToEntropy as mnemonicToEntropy$1, entropyToMnemonic as entropyToMnemonic$1, validateMnemonic, generateMnemonic as generateMnemonic$1 } from '@scure/bip39';
 import { wordlist } from '@scure/bip39/wordlists/english';
 import { base58, bytesToString, stringToBytes } from '@scure/base';
@@ -13,7 +11,22 @@ import { Tuple, str, Bytes, u32 } from 'scale-ts';
 import { ed25519 } from '@noble/curves/ed25519';
 import { HDKey } from '@scure/bip32';
 import { hmac } from '@noble/hashes/hmac';
-import { HDKD, secretFromSeed, getPublicKey } from 'micro-sr25519';
+import { sha512 } from '@noble/hashes/sha512';
+import { getPublicKey, HDKD, secretFromSeed } from 'micro-sr25519';
+
+const pbkdf2 = async (hash, entropy, salt, iterations, outputLenBytes) => {
+  // NOTE: react-native-quick-crypto (our `global.crypto` polyfill on Talisman Mobile) doesn't support `crypto.subtle.deriveKey`.
+  // But, we can work around this by using `crypto.subtle.deriveBits` and `crypto.subtle.importKey`, which when used together
+  // can provide the same functionality as `crypto.subtle.deriveKey`.
+  const keyMaterial = await crypto.subtle.importKey("raw", entropy, "PBKDF2", false, ["deriveBits"]);
+  const derivedBits = await crypto.subtle.deriveBits({
+    name: "PBKDF2",
+    salt,
+    iterations,
+    hash
+  }, keyMaterial, outputLenBytes * 8);
+  return new Uint8Array(derivedBits);
+};
 
 const mnemonicToEntropy = mnemonic => {
   return mnemonicToEntropy$1(mnemonic, wordlist);
@@ -21,22 +34,18 @@ const mnemonicToEntropy = mnemonic => {
 const entropyToMnemonic = entropy => {
   return entropyToMnemonic$1(entropy, wordlist);
 };
-const salt = password => {
-  return new TextEncoder().encode(`mnemonic${password.normalize("NFKD")}`);
-};
-const entropyToSeedSubstrate = (entropy, password) => {
-  return pbkdf2(sha512, entropy, salt(password ?? ""), {
-    c: 2048,
-    dkLen: 32
-  });
-};
-const entropyToSeedClassic = (entropy, password) => {
-  const mnemonic = entropyToMnemonic(entropy);
-  return pbkdf2(sha512, mnemonic.normalize("NFKD"), salt(password ?? ""), {
-    c: 2048,
-    dkLen: 64
-  });
-};
+const entropyToSeedSubstrate = async (entropy, password) => await pbkdf2("SHA-512", entropy, mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+32 // 32 bytes (32 * 8 == 256 bits)
+);
+const entropyToSeedClassic = async (entropy, password) => await pbkdf2("SHA-512", encodeNormalized(entropyToMnemonic(entropy)), mnemonicPasswordToSalt(password ?? ""), 2048,
+// 2048 iterations
+64 // 64 bytes (64 * 8 == 512 bits)
+);
+const mnemonicPasswordToSalt = password => encodeNormalized(`mnemonic${password}`);
+
+/** Normalizes a UTF-8 string using `NFKD` form, then encodes it into bytes */
+const encodeNormalized = utf8 => new TextEncoder().encode(utf8.normalize("NFKD"));
 const getSeedDerivationType = curve => {
   switch (curve) {
     case "sr25519":
@@ -51,13 +60,13 @@ const getSeedDerivationType = curve => {
 
 // when deriving keys from a mnemonic, we usually dont want a password here.
 // a password provided here would be used as a 25th mnemonic word.
-const entropyToSeed = (entropy, curve, password) => {
+const entropyToSeed = async (entropy, curve, password) => {
   const type = getSeedDerivationType(curve);
   switch (type) {
     case "classic":
-      return entropyToSeedClassic(entropy, password);
+      return await entropyToSeedClassic(entropy, password);
     case "substrate":
-      return entropyToSeedSubstrate(entropy, password);
+      return await entropyToSeedSubstrate(entropy, password);
   }
 };
 const isValidMnemonic = mnemonic => {
@@ -80,21 +89,21 @@ const DEV_MNEMONIC_ETHEREUM = "test test test test test test test test test test
 
 // keep dev seeds in cache as we will reuse them to validate multiple derivation paths
 const DEV_SEED_CACHE = new Map();
-const getDevSeed = curve => {
+const getDevSeed = async curve => {
   const type = getSeedDerivationType(curve);
   if (!DEV_SEED_CACHE.has(type)) {
     switch (type) {
       case "classic":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_ETHEREUM);
-          const seed = entropyToSeedClassic(entropy); // 80ms
+          const seed = await entropyToSeedClassic(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
       case "substrate":
         {
           const entropy = mnemonicToEntropy(DEV_MNEMONIC_POLKADOT);
-          const seed = entropyToSeedSubstrate(entropy); // 80ms
+          const seed = await entropyToSeedSubstrate(entropy); // 80ms
           DEV_SEED_CACHE.set(type, seed);
           break;
         }
@@ -325,9 +334,38 @@ const deriveEd25519 = (seed, derivationPath) => {
   };
 };
 const getPublicKeyEd25519 = secretKey => {
+  // When importing ed25519 polkadot-js accounts via json, which we do inside of `packages/extension-core/src/domains/keyring/getSecretKeyFromPjsJson.ts`,
+  // the secretKey we produce is 64 bytes in length.
+  //
+  // When using the ed25519 curve to derive a publicKey for this 64 bytes privateKey, we should only take the first 32 bytes:
+  // - https://github.com/paulmillr/noble-curves/issues/53#issuecomment-1577362759
+  // - https://github.com/paulmillr/noble-curves/discussions/33#discussioncomment-5685971
+  // - https://github.com/paulmillr/noble-curves/pull/54
+  // - https://github.com/paulmillr/noble-curves/issues/88
+  //
+  // When you compare the ed25519 publicKey of a given account produced by this function to the publicKey produced by
+  // polkadot-js, you will find that they are the same as eachother.
+  if (secretKey.length === 64) {
+    const [privateComponent, publicComponent] = [secretKey.slice(0, 32), secretKey.slice(32)];
+    const publicKey = ed25519.getPublicKey(privateComponent);
+
+    // NOTE: We only accept a 64 byte secretKey when the first 32 bytes successfully produce a public key which equals the second 32 bytes of the secretKey.
+    //
+    // In this scenario, we assume the creator of the secretKey has given us an array of bytes which equals `[...privateKey, ...publicKey]`.
+    //
+    // However, if the second 32 bytes **don't** match the publicKey produced by the first 32 bytes, we no longer know what's going on.
+    //
+    // In that case we pass the 64 bytes directly through to `@noble/curves/ed25519`, which we expect will throw the error: `private key of length 32 expected, got 64`.
+    // But if there's some 64 byte key format for ed25519 we don't know about, or one is added in the future, `@noble/curves/ed25519` can handle that for us instead of throwing.
+    if (!isUint8ArrayEq(publicComponent, publicKey)) return ed25519.getPublicKey(secretKey);
+    return publicKey;
+  }
   return ed25519.getPublicKey(secretKey);
 };
 
+/** If a is identical to b, this function returns true, otherwise it returns false */
+const isUint8ArrayEq = (a, b) => a.length !== b.length || a.some((v, i) => v !== b[i]) ? false : true;
+
 const deriveEthereum = (seed, derivationPath) => {
   const hdkey = HDKey.fromMasterSeed(seed);
   const childKey = hdkey.derive(derivationPath);
@@ -429,14 +467,14 @@ const getPublicKeyFromSecret = (secretKey, curve) => {
       return getPublicKeySolana(secretKey);
   }
 };
-const addressFromSuri = (suri, type) => {
+const addressFromSuri = async (suri, type) => {
   const {
     mnemonic,
     derivationPath,
     password
   } = parseSuri(suri);
   const entropy = mnemonicToEntropy(mnemonic);
-  const seed = entropyToSeed(entropy, type, password); // ~80ms
+  const seed = await entropyToSeed(entropy, type, password); // ~80ms
   const {
     secretKey
   } = deriveKeypair(seed, derivationPath, type);
@@ -486,9 +524,9 @@ const parseSecretKey = (secretKey, curve) => {
 };
 
 // @dev: didn't find a reliable source of information on which characters are valid => assume it s valid if a keypair can be generated from it
-const isValidDerivationPath = (derivationPath, curve) => {
+const isValidDerivationPath = async (derivationPath, curve) => {
   try {
-    deriveKeypair(getDevSeed(curve), derivationPath, curve);
+    deriveKeypair(await getDevSeed(curve), derivationPath, curve);
     return true;
   } catch (err) {
     return false;
@@ -522,4 +560,4 @@ const platformFromAddress = address => {
   return platformFromEncoding(encoding);
 };
 
-export { DEV_MNEMONIC_ETHEREUM, DEV_MNEMONIC_POLKADOT, addressEncodingFromCurve, addressFromPublicKey, addressFromSuri, blake2b256, blake2b512, blake3, checksumEthereumAddress, decodeSs58Address, deriveKeypair, detectAddressEncoding, encodeAddressBase58, encodeAddressEthereum, encodeAddressSs58, entropyToMnemonic, entropyToSeed, generateMnemonic, getDevSeed, getPublicKeyFromSecret, getSafeHash, isAddressEqual, isBase58Address, isEthereumAddress, isSs58Address, isValidDerivationPath, isValidMnemonic, mnemonicToEntropy, normalizeAddress, parseSecretKey, parseSuri, platformFromAddress, platformFromCurve, platformFromEncoding, removeHexPrefix };
+export { DEV_MNEMONIC_ETHEREUM, DEV_MNEMONIC_POLKADOT, addressEncodingFromCurve, addressFromPublicKey, addressFromSuri, blake2b256, blake2b512, blake3, checksumEthereumAddress, decodeSs58Address, deriveKeypair, detectAddressEncoding, encodeAddressBase58, encodeAddressEthereum, encodeAddressSs58, entropyToMnemonic, entropyToSeed, generateMnemonic, getDevSeed, getPublicKeyFromSecret, getSafeHash, isAddressEqual, isBase58Address, isEthereumAddress, isSs58Address, isValidDerivationPath, isValidMnemonic, mnemonicToEntropy, normalizeAddress, parseSecretKey, parseSuri, pbkdf2, platformFromAddress, platformFromCurve, platformFromEncoding, removeHexPrefix };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@talismn/crypto",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "author": "Talisman",
   "homepage": "https://talisman.xyz",
   "license": "GPL-3.0-or-later",