Merge pull request #154 from xmtp/nm/commonjs-support-fix

Use @noble/curves
xmtp · Feb 16, 2024 · f05bd30 · f05bd30
2 parents 0987d27 + faeaefc
commit f05bd30
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 16 deletions.
diff --git a/.changeset/green-tools-pay.md b/.changeset/green-tools-pay.md
@@ -0,0 +1,5 @@
+---
+"@xmtp/frames-validator": minor
+---
+
+Switch out encryption library for better commonjs support
diff --git a/packages/frames-validator/package.json b/packages/frames-validator/package.json
@@ -24,8 +24,8 @@
     "provenance": true
   },
   "dependencies": {
+    "@noble/curves": "^1.3.0",
     "@noble/hashes": "^1.3.3",
-    "@noble/secp256k1": "^2.0.0",
     "@xmtp/proto": "3.41.0-beta.6",
     "viem": "^2.7.8"
   },

diff --git a/packages/frames-validator/src/utils.ts b/packages/frames-validator/src/utils.ts
@@ -1,5 +1,6 @@
+import { bytesToHex } from "@noble/curves/abstract/utils"
+import { secp256k1 } from "@noble/curves/secp256k1"
 import { sha256 } from "@noble/hashes/sha256"
-import * as secp from "@noble/secp256k1"
 import { publicKey, signature } from "@xmtp/proto"
 import { SignedPublicKeyBundle } from "@xmtp/xmtp-js"
 import {
@@ -8,7 +9,6 @@ import {
   hashMessage,
   keccak256,
 } from "viem/utils"
-const bytesToHex = secp.etc.bytesToHex
 
 export type ECDSACompactWithRecovery = {
   bytes: Uint8Array // compact representation [ R || S ], 64 bytes
@@ -100,7 +100,7 @@ export function verifyIdentityKeySignature(
   }
 
   const digest = sha256(message)
-  const isVerified = secp.verify(
+  const isVerified = secp256k1.verify(
     sig.ecdsaCompact.bytes,
     digest,
     pubKey.secp256k1Uncompressed.bytes,
@@ -122,7 +122,7 @@ function recoverWalletAddress(
   sig: ECDSACompactWithRecovery,
 ) {
   const digest = hexToBytes(hashMessage(messageString))
-  const pubKey = secp.Signature.fromCompact(sig.bytes)
+  const pubKey = secp256k1.Signature.fromCompact(sig.bytes)
     .addRecoveryBit(sig.recovery)
     .recoverPublicKey(digest)
     .toRawBytes(false)
@@ -135,7 +135,7 @@ function recoverWalletAddress(
  * @param publicKeyBundle
  * @returns string wallet address
  */
-export async function verifyWalletSignature(
+export function verifyWalletSignature(
   publicKeyBundle: publicKey.SignedPublicKeyBundle,
 ) {
   if (!validateSignedPublicKeyBundle(publicKeyBundle)) {

diff --git a/packages/frames-validator/src/validation.ts b/packages/frames-validator/src/validation.ts
@@ -63,7 +63,7 @@ async function getVerifiedWalletAddress(
   signature: signature.Signature,
   signedPublicKeyBundle: publicKey.SignedPublicKeyBundle,
 ): Promise<string> {
-  const walletAddress = await verifyWalletSignature(signedPublicKeyBundle)
+  const walletAddress = verifyWalletSignature(signedPublicKeyBundle)
   verifyIdentityKeySignature(actionBodyBytes, signature, signedPublicKeyBundle)
 
   return walletAddress

diff --git a/yarn.lock b/yarn.lock
@@ -1895,14 +1895,23 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/curves@npm:^1.3.0":
+  version: 1.3.0
+  resolution: "@noble/curves@npm:1.3.0"
+  dependencies:
+    "@noble/hashes": "npm:1.3.3"
+  checksum: f3cbdd1af00179e30146eac5539e6df290228fb857a7a8ba36d1a772cbe59288a2ca83d06f175d3446ef00db3a80d7fd8b8347f7de9c2d4d5bf3865d8bb78252
+  languageName: node
+  linkType: hard
+
 "@noble/hashes@npm:1.3.2":
   version: 1.3.2
   resolution: "@noble/hashes@npm:1.3.2"
   checksum: 685f59d2d44d88e738114b71011d343a9f7dce9dfb0a121f1489132f9247baa60bc985e5ec6f3213d114fbd1e1168e7294644e46cbd0ce2eba37994f28eeb51b
   languageName: node
   linkType: hard
 
-"@noble/hashes@npm:^1.3.3, @noble/hashes@npm:~1.3.0, @noble/hashes@npm:~1.3.2":
+"@noble/hashes@npm:1.3.3, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:~1.3.0, @noble/hashes@npm:~1.3.2":
   version: 1.3.3
   resolution: "@noble/hashes@npm:1.3.3"
   checksum: 1025ddde4d24630e95c0818e63d2d54ee131b980fe113312d17ed7468bc18f54486ac86c907685759f8a7e13c2f9b9e83ec7b67d1cc20836f36b5e4a65bb102d
@@ -1916,13 +1925,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/secp256k1@npm:^2.0.0":
-  version: 2.0.0
-  resolution: "@noble/secp256k1@npm:2.0.0"
-  checksum: 64677b25988c1fa0a97af718332f88d49ec46a9d030c1d119861a665863cbabddefb1fd1e037608e130ee2aedb4c5edfc430b9bf4c96b43797855343b96318de
-  languageName: node
-  linkType: hard
-
 "@nodelib/fs.scandir@npm:2.1.5":
   version: 2.1.5
   resolution: "@nodelib/fs.scandir@npm:2.1.5"
@@ -3177,8 +3179,8 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@xmtp/frames-validator@workspace:packages/frames-validator"
   dependencies:
+    "@noble/curves": "npm:^1.3.0"
     "@noble/hashes": "npm:^1.3.3"
-    "@noble/secp256k1": "npm:^2.0.0"
     "@open-frames/types": "npm:^0.0.6"
     "@rollup/plugin-typescript": "npm:^11.1.6"
     "@xmtp/frames-client": "npm:^0.2.2"