jcc_wallet 4.0.8 → 4.0.12

package/lib/minify-eosjs/PrivateKey.d.ts

@@ -3,7 +3,6 @@
  *
  * rewrite curves
  */
-import BN from "bn.js";
 import { Key, KeyType } from "./eosjs-numeric";
 import { ProjPointType, CurveFn } from "@noble/curves/abstract/weierstrass.js";
 import { PublicKey, Signature } from "./eosjs-key-conversions";
@@ -21,7 +20,7 @@ export declare class PrivateKey {
     /** Retrieve the public key from a private key */
     getPublicKey(): PublicKey;
     /** Sign a message or hashed message digest with private key */
-    sign(data: BN, shouldHash?: boolean, encoding?: BufferEncoding): Signature;
+    sign(data: string | Uint8Array, shouldHash?: boolean, encoding?: BufferEncoding): Signature;
     /** Validate a private key */
     isValid(): boolean;
 }

package/lib/minify-eosjs/PrivateKey.js

@@ -7,6 +7,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PrivateKey = void 0;
 const eosjs_numeric_1 = require("./eosjs-numeric");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
 const eosjs_key_conversions_1 = require("./eosjs-key-conversions");
 /** Represents/stores a private key and provides easy conversion for use with `elliptic` lib */
 class PrivateKey {
@@ -41,7 +42,7 @@ class PrivateKey {
             if (typeof data === "string") {
                 data = Buffer.from(data, encoding);
             }
-            data = this.ec.CURVE.hash(data);
+            data = (0, sha2_js_1.sha256)(data);
         }
         let tries = 0;
         let signature;

package/lib/minify-eosjs/Signature.d.ts

@@ -5,7 +5,6 @@
  */
 import { Key, KeyType } from "./eosjs-numeric";
 import { PublicKey } from "./eosjs-key-conversions";
-import { BN } from "bn.js";
 import { CurveFn, SignatureType, RecoveredSignatureType } from "@noble/curves/abstract/weierstrass.js";
 /** Represents/stores a Signature and provides easy conversion for use with `elliptic` lib */
 export declare class Signature {
@@ -30,5 +29,5 @@ export declare class Signature {
     /** Get key type from signature */
     getType(): KeyType;
     /** Recover a public key from a message or hashed message digest and signature */
-    recover(data: BN, shouldHash?: boolean, encoding?: BufferEncoding): PublicKey;
+    recover(data: string | Uint8Array, shouldHash?: boolean, encoding?: BufferEncoding): PublicKey;
 }

package/lib/minify-eosjs/Signature.js

@@ -8,6 +8,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Signature = void 0;
 const eosjs_numeric_1 = require("./eosjs-numeric");
 const eosjs_key_conversions_1 = require("./eosjs-key-conversions");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
 const bn_utils_1 = require("./bn-utils");
 /** Represents/stores a Signature and provides easy conversion for use with `elliptic` lib */
 class Signature {
@@ -89,7 +90,7 @@ class Signature {
             if (typeof data === "string") {
                 data = Buffer.from(data, encoding);
             }
-            data = this.ec.CURVE.hash(data);
+            data = (0, sha2_js_1.sha256)(data);
         }
         const sig = this.toRecoveredSignature();
         const recoveredPublicKey = sig.recoverPublicKey(data);

package/lib/minify-swtc-keypair/index.js

@@ -55,12 +55,12 @@ const Factory = (alphabet) => {
                 // Would fail tests if signatures aren't deterministic
                 extraEntropy: undefined
             })
-                .toDERHex(true)
+                .toDERHex()
                 .toUpperCase();
         },
         verify(message, signature, publicKey) {
             const signHash = sha512_1.default.half(message);
-            return secp256k1_js_1.secp256k1.verify(signature, signHash, publicKey);
+            return secp256k1_js_1.secp256k1.verify((0, utils_js_1.hexToBytes)(signature), signHash, (0, utils_js_1.hexToBytes)(publicKey));
         }
     };
     const ed25519 = {

package/lib/minify-tron/crypto.d.ts

@@ -3,5 +3,5 @@ export declare function isAddressValid(base58Str: any): boolean;
 export declare function computeAddress(pubBytes: any): any[];
 export declare function getAddressFromPriKey(priKeyBytes: any): any[];
 export declare function getPubKeyFromPriKey(priKeyBytes: any): any[];
-export declare function SHA256(msgBytes: any): any[];
+export declare function SHA256(msgBytes: any): number[];
 export declare function pkToAddress(privateKey: any, strict?: boolean): string;

package/lib/minify-tron/crypto.js

@@ -13,7 +13,9 @@ const code_1 = require("./code");
 const base58_1 = require("./base58");
 const bytes_1 = require("./bytes");
 const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
-const crypto_1 = require("ethers/crypto");
+const keccak_js_1 = require("ethereum-cryptography/keccak.js");
+const sha256_js_1 = require("ethereum-cryptography/sha256.js");
+const utils_js_1 = require("ethereum-cryptography/utils.js");
 function normalizePrivateKeyBytes(priKeyBytes) {
     return (0, code_1.hexStr2byteArray)((0, bytes_1.byteArray2hexStr)(priKeyBytes).padStart(64, "0"));
 }
@@ -50,9 +52,7 @@ function isAddressValid(base58Str) {
 function computeAddress(pubBytes) {
     if (pubBytes.length === 65)
         pubBytes = pubBytes.slice(1);
-    const hash = (0, crypto_1.keccak256)(new Uint8Array(pubBytes))
-        .toString()
-        .substring(2);
+    const hash = (0, utils_js_1.toHex)((0, keccak_js_1.keccak256)(new Uint8Array(pubBytes)));
     const addressHex = address_1.ADDRESS_PREFIX + hash.substring(24);
     return (0, code_1.hexStr2byteArray)(addressHex);
 }
@@ -71,9 +71,7 @@ function getPubKeyFromPriKey(priKeyBytes) {
     return pubkeyBytes;
 }
 function SHA256(msgBytes) {
-    const msgHex = (0, bytes_1.byteArray2hexStr)(msgBytes);
-    const hashHex = (0, crypto_1.sha256)("0x" + msgHex).replace(/^0x/, "");
-    return (0, code_1.hexStr2byteArray)(hashHex);
+    return Array.from((0, sha256_js_1.sha256)(new Uint8Array(msgBytes)));
 }
 function pkToAddress(privateKey, strict = false) {
     const com_priKeyBytes = (0, code_1.hexStr2byteArray)(privateKey, strict);

package/lib/minify-tron/message.js

@@ -5,37 +5,44 @@ exports.TRON_MESSAGE_PREFIX = void 0;
 exports.hashMessage = hashMessage;
 exports.signMessage = signMessage;
 exports.verifyMessage = verifyMessage;
-const address_1 = require("./address");
 const crypto_1 = require("./crypto");
-const code_1 = require("./code");
-const crypto_2 = require("ethers/crypto");
-const transaction_1 = require("ethers/transaction");
-const utils_1 = require("ethers/utils");
-const joinSignature = (splitSig) => crypto_2.Signature.from(splitSig).serialized;
+const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
+const keccak_js_1 = require("ethereum-cryptography/keccak.js");
+const utils_js_1 = require("ethereum-cryptography/utils.js");
+const bytes_1 = require("../minify-ethereumjs-util/bytes");
 exports.TRON_MESSAGE_PREFIX = "\x19TRON Signed Message:\n";
-function hashMessage(message) {
+function normalizeMessage(message) {
     if (typeof message === "string") {
-        message = (0, utils_1.toUtf8Bytes)(message);
+        return (0, utils_js_1.utf8ToBytes)(message);
     }
     if (Array.isArray(message)) {
-        message = new Uint8Array(message);
+        return new Uint8Array(message);
     }
-    return (0, crypto_2.keccak256)((0, utils_1.concat)([(0, utils_1.toUtf8Bytes)(exports.TRON_MESSAGE_PREFIX), (0, utils_1.toUtf8Bytes)(String(message.length)), message]));
+    return message;
+}
+function hashMessage(message) {
+    const messageBytes = normalizeMessage(message);
+    return (0, bytes_1.bytesToHex)((0, keccak_js_1.keccak256)((0, bytes_1.concatBytes)((0, utils_js_1.utf8ToBytes)(exports.TRON_MESSAGE_PREFIX), (0, utils_js_1.utf8ToBytes)(String(messageBytes.length)), messageBytes)));
 }
 function signMessage(message, privateKey) {
     if (!privateKey.match(/^0x/)) {
         privateKey = "0x" + privateKey;
     }
-    const signingKey = new crypto_2.SigningKey(privateKey);
-    const messageDigest = hashMessage(message);
-    const signature = signingKey.sign(messageDigest);
-    return joinSignature(signature);
+    const messageDigest = (0, bytes_1.hexToBytes)(hashMessage(message));
+    const signature = secp256k1_js_1.secp256k1.sign(messageDigest, (0, bytes_1.hexToBytes)(privateKey));
+    const serialized = (0, bytes_1.concatBytes)(signature.toCompactRawBytes(), new Uint8Array([signature.recovery + 27]));
+    return (0, bytes_1.bytesToHex)(serialized);
 }
 function verifyMessage(message, signature) {
     if (!signature.match(/^0x/)) {
         signature = "0x" + signature;
     }
-    const recovered = (0, transaction_1.recoverAddress)(hashMessage(message), signature);
-    const base58Address = (0, crypto_1.getBase58CheckAddress)((0, code_1.hexStr2byteArray)(recovered.replace(/^0x/, address_1.ADDRESS_PREFIX)));
+    const signatureBytes = (0, bytes_1.hexToBytes)(signature);
+    const recovery = signatureBytes[64] >= 27 ? signatureBytes[64] - 27 : signatureBytes[64];
+    const recovered = secp256k1_js_1.secp256k1.Signature.fromCompact(signatureBytes.subarray(0, 64))
+        .addRecoveryBit(recovery)
+        .recoverPublicKey((0, bytes_1.hexToBytes)(hashMessage(message)))
+        .toRawBytes(false);
+    const base58Address = (0, crypto_1.getBase58CheckAddress)((0, crypto_1.computeAddress)(Array.from(recovered)));
     return base58Address;
 }

package/lib/util/index.js

@@ -10,6 +10,17 @@ const utils_js_1 = require("@noble/hashes/utils.js");
 const scrypt_js_1 = require("@noble/hashes/scrypt.js");
 const constant_1 = require("../constant");
 const is_plain_object_1 = __importDefault(require("is-plain-object"));
+// Constant-time buffer comparison to prevent MAC timing attacks
+function equalConstTime(b1, b2) {
+    if (b1.length !== b2.length) {
+        return false;
+    }
+    let res = 0;
+    for (let i = 0; i < b1.length; i++) {
+        res |= b1[i] ^ b2[i];
+    }
+    return res === 0;
+}
 const isEmptyPlainObject = (obj) => {
     const isPlain = (0, is_plain_object_1.default)(obj);
     if (!isPlain) {
@@ -45,7 +56,7 @@ const decrypt = async (password, encryptData) => {
         .create()
         .update(Buffer.concat([derivedKey.slice(16, 32), ciphertext]))
         .digest();
-    if (Buffer.from(mac).toString("hex") !== encryptData.mac) {
+    if (!equalConstTime(Buffer.from(mac), Buffer.from(encryptData.mac, "hex"))) {
         throw new Error(constant_1.PASSWORD_IS_WRONG);
     }
     const buf = await (0, aes_1.decrypt)(ciphertext, derivedKey.slice(0, 16), iv, "aes-128-ctr");
@@ -64,7 +75,7 @@ const encrypt = async (password, data, opts) => {
     const iv = opts.iv || Buffer.from((0, utils_js_1.randomBytes)(16)).toString("hex");
     const kdfparams = {
         dklen: opts.dklen || 32,
-        n: opts.n || 4096,
+        n: opts.n || 16384,
         p: opts.p || 1,
         r: opts.r || 8,
         salt: opts.salt || Buffer.from((0, utils_js_1.randomBytes)(32)).toString("hex")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jcc_wallet",
-  "version": "4.0.8",
+  "version": "4.0.12",
   "description": "Toolkit of wallet to manage multiple chains & support multiple keystores for each chain",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -75,26 +75,61 @@
     "karma-mocha": "^2.0.1",
     "karma-webpack": "^5.0.1",
     "mocha": "^10.2.0",
-    "node-polyfill-webpack-plugin": "^4.0.0",
     "prettier": "^1.19.1",
     "pretty-quick": "^2.0.1",
     "sinon": "^17.0.1",
     "ts-loader": "^9.5.1",
     "typescript": "5.7.2",
     "typescript-eslint": "^8.48.1",
-    "webpack": "^5.89.0",
+    "webpack": "^5.106.2",
     "webpack-bundle-analyzer": "^4.10.1",
     "webpack-cli": "^5.1.4"
   },
   "dependencies": {
+    "@noble/curves": "1.9.7",
+    "@noble/hashes": "1.8.0",
+    "@scure/bip32": "1.7.0",
     "base-x": "^4.0.1",
     "bip39": "^3.1.0",
     "bip44-constants": "^396.0.0",
+    "bn.js": "5.2.3",
+    "buffer": "^6.0.3",
     "clone-deep": "^4.0.1",
     "ethereum-cryptography": "^3.2.0",
-    "ethers": "^6.16.0",
     "lockr": "^0.8.5"
   },
   "sideEffects": false,
-  "packageManager": "yarn@4.0.0-rc.48"
+  "packageManager": "yarn@4.0.0-rc.48",
+  "overrides": {
+    "elliptic": "6.6.1",
+    "flatted": "3.4.2",
+    "lodash": "4.18.1",
+    "follow-redirects": "1.16.0",
+    "qs": "6.15.1",
+    "fast-uri": "3.1.2",
+    "picomatch": "4.0.4",
+    "socket.io-parser": "4.2.6",
+    "serialize-javascript": "7.0.5",
+    "babel-plugin-istanbul": "8.0.2",
+    "bn.js": "5.2.3",
+    "diff": "5.2.2",
+    "@noble/curves": "1.9.7",
+    "@noble/hashes": "1.8.0"
+  },
+  "resolutions": {
+    "elliptic": "6.6.1",
+    "flatted": "3.4.2",
+    "lodash": "4.18.1",
+    "follow-redirects": "1.16.0",
+    "qs": "6.15.1",
+    "fast-uri": "3.1.2",
+    "picomatch": "4.0.4",
+    "socket.io-parser": "4.2.6",
+    "serialize-javascript": "7.0.5",
+    "babel-plugin-istanbul": "8.0.2",
+    "bn.js": "5.2.3",
+    "diff": "5.2.2",
+    "@noble/curves": "1.9.7",
+    "@noble/hashes": "1.8.0"
+  }
 }