cruzo-web3 0.1.0

package/lib/crypto/account-signature.ts

@@ -0,0 +1,175 @@
+import type { PubKey } from "../types/web3-types";
+import { decodeBase58, decodeHex } from "./decode-bytes";
+import { normalizeSecp256k1Signature } from "./ecdsa-signature";
+import { hashEvmPersonalMessage, keccak256 } from "./keccak256";
+import { recoverSecp256k1PublicKey } from "./secp256k1-verify";
+import { sha256 } from "./sha256";
+
+function bytesToHex(bytes: Uint8Array) {
+  let hex = "";
+
+  for (const byte of bytes) {
+    hex += byte.toString(16).padStart(2, "0");
+  }
+
+  return hex;
+}
+
+function normalizeEvmAddress(value: string) {
+  const hex = value.startsWith("0x") || value.startsWith("0X") ? value.slice(2) : value;
+
+  if (!/^[0-9a-fA-F]{40}$/.test(hex)) return null;
+
+  return `0x${hex.toLowerCase()}`;
+}
+
+export function isEvmAddressPubKey(pubKey: PubKey) {
+  if (pubKey.type !== "secp256k1" || pubKey.encoding !== "hex") return false;
+
+  return normalizeEvmAddress(pubKey.value) != null;
+}
+
+export function isTronAddressPubKey(pubKey: PubKey) {
+  if (pubKey.type !== "secp256k1" || pubKey.encoding !== "base58") return false;
+
+  return /^T[1-9A-HJ-NP-Za-km-z]{33}$/.test(pubKey.value);
+}
+
+export function isSecp256k1PublicKeyPubKey(pubKey: PubKey) {
+  if (pubKey.type !== "secp256k1" || pubKey.encoding !== "hex") return false;
+
+  const hex = pubKey.value.startsWith("0x") ? pubKey.value.slice(2) : pubKey.value;
+
+  return hex.length === 66 || hex.length === 130;
+}
+
+function parseSecp256k1Signature(signature: string, encoding: PubKey["encoding"]) {
+  const bytes = encoding === "hex"
+    ? decodeHex(signature)
+    : encoding === "base64"
+      ? null
+      : decodeBase58(signature);
+
+  if (!bytes?.length) return null;
+
+  let recoveryId: number | undefined;
+
+  if (bytes.length === 65) {
+    recoveryId = bytes[64];
+
+    if (recoveryId >= 27) recoveryId -= 27;
+    if (recoveryId > 1) recoveryId = undefined;
+  }
+
+  const normalized = normalizeSecp256k1Signature(bytes);
+
+  if (!normalized) return null;
+
+  return { signature: normalized, recoveryId };
+}
+
+function evmAddressFromUncompressedPublicKey(publicKey: Uint8Array) {
+  if (publicKey.length !== 65 || publicKey[0] !== 4) return null;
+
+  const hash = keccak256(publicKey.slice(1));
+
+  return `0x${bytesToHex(hash.slice(12))}`;
+}
+
+async function hashTronSignMessageV2(content: Uint8Array) {
+  const messageBytes = content;
+  const messageDigest = messageBytes.length === 32
+    ? messageBytes
+    : await sha256(messageBytes);
+
+  const prefix = new TextEncoder().encode("\x19TRON Signed Message:\n32");
+  const payload = new Uint8Array(prefix.length + messageDigest.length);
+
+  payload.set(prefix, 0);
+  payload.set(messageDigest, prefix.length);
+
+  return keccak256(payload);
+}
+
+function decodeTronAddressPayload(base58: string) {
+  const decoded = decodeBase58(base58);
+
+  if (!decoded || decoded.length !== 25 || decoded[0] !== 0x41) return null;
+
+  return decoded.slice(1, 21);
+}
+
+async function verifyTronAddressSignature(
+  content: Uint8Array,
+  signature: string,
+  expectedAddress: string,
+) {
+  const parsed = parseSecp256k1Signature(signature, "hex");
+
+  if (!parsed) return false;
+
+  const expected = decodeTronAddressPayload(expectedAddress);
+
+  if (!expected) return false;
+
+  const messageHash = await hashTronSignMessageV2(content);
+  const publicKey = recoverSecp256k1PublicKey(messageHash, parsed.signature, parsed.recoveryId);
+
+  if (!publicKey) return false;
+
+  const recoveredPayload = keccak256(publicKey.slice(1)).slice(12);
+
+  if (recoveredPayload.length !== expected.length) return false;
+
+  for (let index = 0; index < expected.length; index++) {
+    if (recoveredPayload[index] !== expected[index]) return false;
+  }
+
+  return true;
+}
+
+function verifyEvmAddressSignature(
+  content: Uint8Array,
+  signature: string,
+  expectedAddress: string,
+  evmPersonalSign: boolean,
+) {
+  const parsed = parseSecp256k1Signature(signature, "hex");
+
+  if (!parsed) return false;
+
+  const normalizedExpected = normalizeEvmAddress(expectedAddress);
+
+  if (!normalizedExpected) return false;
+
+  const messageHash = evmPersonalSign ? hashEvmPersonalMessage(content) : content;
+  const publicKey = recoverSecp256k1PublicKey(messageHash, parsed.signature, parsed.recoveryId);
+
+  if (!publicKey) return false;
+
+  const recoveredAddress = evmAddressFromUncompressedPublicKey(publicKey);
+
+  return recoveredAddress === normalizedExpected;
+}
+
+export async function verifyAccountSignedContent(
+  content: Uint8Array,
+  signature: string,
+  pubKey: PubKey,
+  options?: { evmPersonalSign?: boolean },
+) {
+  if (isEvmAddressPubKey(pubKey)) {
+    return verifyEvmAddressSignature(
+      content,
+      signature,
+      pubKey.value,
+      options?.evmPersonalSign ?? true,
+    );
+  }
+
+  if (isTronAddressPubKey(pubKey)) {
+    return verifyTronAddressSignature(content, signature, pubKey.value);
+  }
+
+  return false;
+}

package/lib/crypto/decode-bytes.ts

@@ -0,0 +1,93 @@
+import type { PubKeyEncoding } from "../types/web3-types";
+
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+
+export function decodeHex(value: string): Uint8Array | null {
+  const hex = value.startsWith("0x") || value.startsWith("0X") ? value.slice(2) : value;
+
+  if (!hex.length || hex.length % 2 || !/^[0-9a-fA-F]+$/.test(hex)) return null;
+
+  const out = new Uint8Array(hex.length / 2);
+
+  for (let i = 0; i < out.length; i++) {
+    out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  }
+
+  return out;
+}
+
+export function decodeBase64(value: string): Uint8Array | null {
+  if (!value.length) return null;
+
+  try {
+    const binary = atob(value);
+    const out = new Uint8Array(binary.length);
+
+    for (let i = 0; i < binary.length; i++) {
+      out[i] = binary.charCodeAt(i);
+    }
+
+    return out;
+  } catch {
+    return null;
+  }
+}
+
+export function decodeBase58(value: string): Uint8Array | null {
+  if (!value.length) return null;
+
+  const bytes: number[] = [0];
+
+  for (const char of value) {
+    const digit = BASE58_ALPHABET.indexOf(char);
+
+    if (digit === -1) return null;
+
+    let carry = digit;
+
+    for (let i = 0; i < bytes.length; i++) {
+      carry += bytes[i] * 58;
+      bytes[i] = carry & 0xff;
+      carry >>= 8;
+    }
+
+    while (carry > 0) {
+      bytes.push(carry & 0xff);
+      carry >>= 8;
+    }
+  }
+
+  let leadingZeros = 0;
+
+  for (const char of value) {
+    if (char === "1") leadingZeros++;
+    else break;
+  }
+
+  const decoded = bytes.reverse();
+
+  if (!leadingZeros) return new Uint8Array(decoded);
+
+  const out = new Uint8Array(leadingZeros + decoded.length);
+  out.set(decoded, leadingZeros);
+  return out;
+}
+
+export function decodeEncodedBytes(value: string, encoding: PubKeyEncoding): Uint8Array | null {
+  switch (encoding) {
+    case "hex":
+      return decodeHex(value);
+    case "base64":
+      return decodeBase64(value);
+    case "base58":
+      return decodeBase58(value);
+    default:
+      return null;
+  }
+}
+
+export function toBytes(content: string | Uint8Array): Uint8Array {
+  if (content instanceof Uint8Array) return content;
+
+  return new TextEncoder().encode(content);
+}

package/lib/crypto/ecdsa-signature.ts

@@ -0,0 +1,45 @@
+export function parseEcdsaDerSignature(signature: Uint8Array): Uint8Array | null {
+  if (signature.length === 64) return signature;
+  if (signature.length === 65) return signature.slice(0, 64);
+  if (signature[0] !== 0x30) return null;
+
+  let offset = 2;
+
+  if (signature[1] & 0x80) {
+    offset = 2 + (signature[1] & 0x7f);
+  }
+
+  const readInt = () => {
+    if (signature[offset] !== 0x02) return null;
+
+    const len = signature[offset + 1];
+    let bytes = signature.slice(offset + 2, offset + 2 + len);
+
+    while (bytes.length > 32 && bytes[0] === 0) {
+      bytes = bytes.slice(1);
+    }
+
+    const out = new Uint8Array(32);
+    out.set(bytes, 32 - bytes.length);
+    offset = offset + 2 + len;
+    return out;
+  };
+
+  const r = readInt();
+  const s = readInt();
+
+  if (!r || !s) return null;
+
+  const out = new Uint8Array(64);
+  out.set(r, 0);
+  out.set(s, 32);
+  return out;
+}
+
+export function normalizeSecp256k1Signature(signature: Uint8Array): Uint8Array | null {
+  if (signature.length === 64 || signature.length === 65) {
+    return signature.length === 65 ? signature.slice(0, 64) : signature;
+  }
+
+  return parseEcdsaDerSignature(signature);
+}

package/lib/crypto/keccak256.ts

@@ -0,0 +1,117 @@
+// Keccak-256 sponge (Ethereum). Adapted from @noble/hashes (MIT).
+
+const U32_MASK = 0xffffffff;
+
+const rotlSH = (h: number, l: number, s: number) => ((h << s) | (l >>> (32 - s))) | 0;
+const rotlSL = (h: number, l: number, s: number) => ((l << s) | (h >>> (32 - s))) >>> 0;
+const rotlBH = (h: number, l: number, s: number) => ((l << (s - 32)) | (h >>> (64 - s))) | 0;
+const rotlBL = (h: number, l: number, s: number) => ((h << (s - 32)) | (l >>> (64 - s))) >>> 0;
+const rotlH = (h: number, l: number, s: number) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));
+const rotlL = (h: number, l: number, s: number) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));
+
+const SHA3_PI: number[] = [];
+const SHA3_ROTL: number[] = [];
+const SHA3_IOTA_H = new Uint32Array(24);
+const SHA3_IOTA_L = new Uint32Array(24);
+
+for (let round = 0, r = 1n, x = 1, y = 0; round < 24; round++) {
+  [x, y] = [y, (2 * x + 3 * y) % 5];
+  SHA3_PI.push(2 * (5 * y + x));
+  SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
+
+  let t = 0n;
+
+  for (let j = 0; j < 7; j++) {
+    r = ((r << 1n) ^ ((r >> 7n) * 0x71n)) % 256n;
+    if (r & 2n) t ^= 1n << ((1n << BigInt(j)) - 1n);
+  }
+
+  SHA3_IOTA_H[round] = Number(t & BigInt(U32_MASK));
+  SHA3_IOTA_L[round] = Number((t >> 32n) & BigInt(U32_MASK));
+}
+
+function keccakP(state32: Uint32Array) {
+  const bc = new Uint32Array(10);
+
+  for (let round = 0; round < 24; round++) {
+    for (let x = 0; x < 10; x++) {
+      bc[x] = state32[x] ^ state32[x + 10] ^ state32[x + 20] ^ state32[x + 30] ^ state32[x + 40];
+    }
+
+    for (let x = 0; x < 10; x += 2) {
+      const idx1 = (x + 8) % 10;
+      const idx0 = (x + 2) % 10;
+      const b0 = bc[idx0];
+      const b1 = bc[idx0 + 1];
+      const th = rotlH(b0, b1, 1) ^ bc[idx1];
+      const tl = rotlL(b0, b1, 1) ^ bc[idx1 + 1];
+
+      for (let y = 0; y < 50; y += 10) {
+        state32[x + y] ^= th;
+        state32[x + y + 1] ^= tl;
+      }
+    }
+
+    let curH = state32[2];
+    let curL = state32[3];
+
+    for (let t = 0; t < 24; t++) {
+      const shift = SHA3_ROTL[t];
+      const th = rotlH(curH, curL, shift);
+      const tl = rotlL(curH, curL, shift);
+      const index = SHA3_PI[t];
+      curH = state32[index];
+      curL = state32[index + 1];
+      state32[index] = th;
+      state32[index + 1] = tl;
+    }
+
+    for (let y = 0; y < 50; y += 10) {
+      for (let x = 0; x < 10; x++) bc[x] = state32[y + x];
+
+      for (let x = 0; x < 10; x++) {
+        state32[y + x] ^= ~bc[(x + 2) % 10] & bc[(x + 4) % 10];
+      }
+    }
+
+    state32[0] ^= SHA3_IOTA_H[round];
+    state32[1] ^= SHA3_IOTA_L[round];
+  }
+}
+
+export function keccak256(input: Uint8Array): Uint8Array {
+  const blockLen = 136;
+  const state = new Uint8Array(200);
+  const state32 = new Uint32Array(state.buffer, state.byteOffset, state.length / 4);
+  let pos = 0;
+
+  for (let offset = 0; offset < input.length; ) {
+    const take = Math.min(blockLen - pos, input.length - offset);
+
+    for (let i = 0; i < take; i++) {
+      state[pos++] ^= input[offset++];
+    }
+
+    if (pos === blockLen) {
+      keccakP(state32);
+      pos = 0;
+    }
+  }
+
+  state[pos] ^= 0x01;
+  state[blockLen - 1] ^= 0x80;
+  keccakP(state32);
+
+  return state.slice(0, 32);
+}
+
+export function hashEvmPersonalMessage(message: Uint8Array): Uint8Array {
+  const prefix = `\x19Ethereum Signed Message:\n${message.length}`;
+  const prefixBytes = new TextEncoder().encode(prefix);
+  const payload = new Uint8Array(prefixBytes.length + message.length);
+
+  payload.set(prefixBytes, 0);
+  payload.set(message, prefixBytes.length);
+
+  return keccak256(payload);
+}

package/lib/crypto/secp256k1-verify.ts

@@ -0,0 +1,232 @@
+import { normalizeSecp256k1Signature } from "./ecdsa-signature";
+
+const P = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2fn;
+const N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n;
+const GX = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798n;
+const GY = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8n;
+
+function mod(a: bigint, m = P) {
+  const result = a % m;
+  return result >= 0n ? result : result + m;
+}
+
+function invert(value: bigint, m = P) {
+  const n = mod(value, m);
+
+  if (n === 0n) throw new Error("invert(0)");
+
+  return pow2(n, m - 2n, m);
+}
+
+function pow2(x: bigint, power: bigint, m = P) {
+  let result = 1n;
+  let base = mod(x, m);
+  let exp = power;
+
+  while (exp > 0n) {
+    if (exp & 1n) result = mod(result * base, m);
+    base = mod(base * base, m);
+    exp >>= 1n;
+  }
+
+  return result;
+}
+
+function sqrtMod(y: bigint) {
+  return pow2(y, (P + 1n) / 4n);
+}
+
+type Point = { x: bigint; y: bigint } | null;
+
+const inf: Point = null;
+
+function isValidPoint(point: Point) {
+  if (!point) return true;
+
+  const { x, y } = point;
+
+  return mod(y * y) === mod(x * x * x + 7n);
+}
+
+function normalizePublicKey(pubKey: Uint8Array): Point | null {
+  if (pubKey.length === 65 && pubKey[0] === 4) {
+    const x = bytesToBigInt(pubKey.slice(1, 33));
+    const y = bytesToBigInt(pubKey.slice(33, 65));
+    const point = { x: mod(x), y: mod(y) };
+
+    return isValidPoint(point) ? point : null;
+  }
+
+  if (pubKey.length === 33 && (pubKey[0] === 2 || pubKey[0] === 3)) {
+    const x = bytesToBigInt(pubKey.slice(1));
+    const y2 = mod(x * x * x + 7n);
+    let y = sqrtMod(y2);
+
+    if (mod(y & 1n) !== BigInt(pubKey[0] & 1)) {
+      y = mod(-y);
+    }
+
+    const point = { x, y };
+
+    return isValidPoint(point) ? point : null;
+  }
+
+  return null;
+}
+
+function pointAdd(a: Point, b: Point): Point {
+  if (!a) return b;
+  if (!b) return a;
+
+  if (a.x === b.x && mod(a.y + b.y) === 0n) return inf;
+
+  const lambda =
+    a.x === b.x && a.y === b.y
+      ? mod(3n * a.x * a.x * invert(2n * a.y))
+      : mod((b.y - a.y) * invert(b.x - a.x));
+
+  const x = mod(lambda * lambda - a.x - b.x);
+  const y = mod(lambda * (a.x - x) - a.y);
+
+  return { x, y };
+}
+
+function pointDouble(point: Point): Point {
+  return pointAdd(point, point);
+}
+
+function pointMultiply(point: Point, scalar: bigint): Point {
+  let k = mod(scalar, N);
+  let acc: Point = inf;
+  let addend: Point = point;
+
+  while (k > 0n) {
+    if (k & 1n) acc = pointAdd(acc, addend);
+    addend = pointDouble(addend);
+    k >>= 1n;
+  }
+
+  return acc;
+}
+
+function bytesToBigInt(bytes: Uint8Array) {
+  let value = 0n;
+
+  for (const byte of bytes) {
+    value = (value << 8n) + BigInt(byte);
+  }
+
+  return value;
+}
+
+function normalizeSignature(signature: Uint8Array) {
+  return normalizeSecp256k1Signature(signature);
+}
+
+function bigIntTo32Bytes(value: bigint) {
+  const out = new Uint8Array(32);
+  let v = mod(value);
+
+  for (let index = 31; index >= 0; index--) {
+    out[index] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+
+  return out;
+}
+
+function pointToUncompressedBytes(point: Point) {
+  if (!point) return null;
+
+  const out = new Uint8Array(65);
+  out[0] = 4;
+  out.set(bigIntTo32Bytes(point.x), 1);
+  out.set(bigIntTo32Bytes(point.y), 33);
+  return out;
+}
+
+function decompressRecoveryPoint(x: bigint, recoveryBit: number): Point | null {
+  const y2 = mod(x * x * x + 7n);
+  let y = sqrtMod(y2);
+
+  if (mod(y & 1n) !== BigInt(recoveryBit)) {
+    y = mod(-y);
+  }
+
+  const point = { x: mod(x), y };
+
+  return isValidPoint(point) ? point : null;
+}
+
+export function recoverSecp256k1PublicKey(
+  messageHash: Uint8Array,
+  signature: Uint8Array,
+  recoveryId?: number,
+) {
+  if (messageHash.length !== 32) return null;
+
+  const normalizedSignature = normalizeSignature(signature);
+
+  if (!normalizedSignature) return null;
+
+  const r = bytesToBigInt(normalizedSignature.slice(0, 32));
+  const s = bytesToBigInt(normalizedSignature.slice(32, 64));
+
+  if (r <= 0n || r >= N || s <= 0n || s >= N) return null;
+
+  const hash = mod(bytesToBigInt(messageHash), N);
+  const attempts = recoveryId === undefined ? [0, 1] : [recoveryId];
+  const generator = { x: mod(GX), y: mod(GY) };
+
+  for (const recId of attempts) {
+    const x = mod(r + BigInt(recId) * N);
+
+    if (x >= P) continue;
+
+    const recoveryPoint = decompressRecoveryPoint(x, recId);
+
+    if (!recoveryPoint) continue;
+
+    const rInv = invert(r, N);
+    const u1 = mod(N - mod(hash * rInv, N), N);
+    const u2 = mod(s * rInv, N);
+    const recovered = pointAdd(pointMultiply(generator, u1), pointMultiply(recoveryPoint, u2));
+    const bytes = pointToUncompressedBytes(recovered);
+
+    if (bytes) return bytes;
+  }
+
+  return null;
+}
+
+export function verifySecp256k1(
+  signature: Uint8Array,
+  messageHash: Uint8Array,
+  publicKey: Uint8Array
+) {
+  if (messageHash.length !== 32) return false;
+
+  const normalizedSignature = normalizeSignature(signature);
+
+  if (!normalizedSignature) return false;
+
+  const r = bytesToBigInt(normalizedSignature.slice(0, 32));
+  const s = bytesToBigInt(normalizedSignature.slice(32, 64));
+
+  if (r <= 0n || r >= N || s <= 0n || s >= N) return false;
+
+  const point = normalizePublicKey(publicKey);
+
+  if (!point) return false;
+
+  const hash = mod(bytesToBigInt(messageHash), N);
+  const w = invert(s, N);
+  const u1 = mod(hash * w, N);
+  const u2 = mod(r * w, N);
+  const generator = { x: mod(GX), y: mod(GY) };
+  const recovered = pointAdd(pointMultiply(generator, u1), pointMultiply(point, u2));
+
+  if (!recovered) return false;
+
+  return mod(recovered.x, N) === r;
+}

package/lib/crypto/sha256.ts

@@ -0,0 +1,8 @@
+export async function sha256(input: Uint8Array): Promise<Uint8Array> {
+  if (!globalThis.crypto?.subtle) {
+    throw new Error("SHA-256 requires Web Crypto (crypto.subtle)");
+  }
+
+  const hash = await crypto.subtle.digest("SHA-256", input as BufferSource);
+  return new Uint8Array(hash);
+}