Merge pull request #68 from ethereumjs/update-secp256k1

Update secp256k1 to v4.0.1

package.json

@@ -63,7 +63,7 @@
     "lru-cache": "^5.1.1",
     "ms": "^0.7.1",
     "rlp-encoding": "^3.0.0",
-    "secp256k1": "^3.1.0"
+    "secp256k1": "^4.0.1"
   },
   "devDependencies": {
     "@ethereumjs/config-nyc": "^1.1.1",
@@ -78,7 +78,7 @@
     "@types/ip": "^1.1.0",
     "@types/lru-cache": "^5.1.0",
     "@types/ms": "^0.7.30",
-    "@types/secp256k1": "3.5.0",
+    "@types/secp256k1": "^4.0.1",
     "@types/tape": "^4.2.33",
     "async": "^2.6.0",
     "chalk": "^2.4.2",

src/dpt/dpt.ts

@@ -23,7 +23,7 @@ export class DPT extends EventEmitter {
     super()
 
     this.privateKey = Buffer.from(privateKey)
-    this._id = pk2id(publicKeyCreate(this.privateKey, false))
+    this._id = pk2id(Buffer.from(publicKeyCreate(this.privateKey, false)))
 
     this.banlist = new BanList()
 

src/dpt/message.ts

@@ -175,8 +175,8 @@ export function encode<T>(typename: string, data: T, privateKey: Buffer) {
   const typedata = Buffer.concat([Buffer.from([type]), rlp.encode(encodedMsg)])
 
   const sighash = keccak256(typedata)
-  const sig = secp256k1.sign(sighash, privateKey)
-  const hashdata = Buffer.concat([sig.signature, Buffer.from([sig.recovery]), typedata])
+  const sig = secp256k1.ecdsaSign(sighash, privateKey)
+  const hashdata = Buffer.concat([Buffer.from(sig.signature), Buffer.from([sig.recid]), typedata])
   const hash = keccak256(hashdata)
   return Buffer.concat([hash, hashdata])
 }
@@ -194,7 +194,7 @@ export function decode(buffer: Buffer) {
   const sighash = keccak256(typedata)
   const signature = buffer.slice(32, 96)
   const recoverId = buffer[96]
-  const publicKey = secp256k1.recover(sighash, signature, recoverId, false)
+  const publicKey = Buffer.from(secp256k1.ecdsaRecover(signature, recoverId, sighash, false))
 
   return { typename, data, publicKey }
 }

src/rlpx/ecies.ts

@@ -1,5 +1,5 @@
 import crypto, { Decipher } from 'crypto'
-import { publicKeyCreate, ecdhUnsafe, sign, recover } from 'secp256k1'
+import { publicKeyCreate, ecdh, ecdsaRecover, ecdsaSign } from 'secp256k1'
 import rlp from 'rlp-encoding'
 import { MAC } from './mac'
 
@@ -17,7 +17,14 @@ import {
 
 function ecdhX(publicKey: Buffer, privateKey: Buffer) {
   // return (publicKey * privateKey).x
-  return ecdhUnsafe(publicKey, privateKey, true).slice(1)
+  function hashfn(x: Uint8Array, y: Uint8Array) {
+    const pubKey = new Uint8Array(33)
+    pubKey[0] = (y[31] & 1) === 0 ? 0x02 : 0x03
+    pubKey.set(x, 1)
+    return pubKey
+  }
+  // @ts-ignore
+  return Buffer.from(ecdh(publicKey, privateKey, { hashfn }, Buffer.alloc(33)).slice(1))
 }
 
 // a straigth rip from python interop w/go ecies implementation
@@ -74,7 +81,7 @@ export class ECIES {
 
     this._nonce = crypto.randomBytes(32)
     this._ephemeralPrivateKey = genPrivateKey()
-    this._ephemeralPublicKey = publicKeyCreate(this._ephemeralPrivateKey, false)
+    this._ephemeralPublicKey = Buffer.from(publicKeyCreate(this._ephemeralPrivateKey, false))
   }
 
   _encryptMessage(data: Buffer, sharedMacData: Buffer | null = null): Buffer | undefined {
@@ -171,9 +178,9 @@ export class ECIES {
   createAuthEIP8() {
     if (!this._remotePublicKey) return
     const x = ecdhX(this._remotePublicKey, this._privateKey)
-    const sig = sign(xor(x, this._nonce), this._ephemeralPrivateKey)
+    const sig = ecdsaSign(xor(x, this._nonce), this._ephemeralPrivateKey)
     const data = [
-      Buffer.concat([sig.signature, Buffer.from([sig.recovery])]),
+      Buffer.concat([Buffer.from(sig.signature), Buffer.from([sig.recid])]),
       // keccak256(pk2id(this._ephemeralPublicKey)),
       pk2id(this._publicKey),
       this._nonce,
@@ -194,10 +201,10 @@ export class ECIES {
   createAuthNonEIP8(): Buffer | undefined {
     if (!this._remotePublicKey) return
     const x = ecdhX(this._remotePublicKey, this._privateKey)
-    const sig = sign(xor(x, this._nonce), this._ephemeralPrivateKey)
+    const sig = ecdsaSign(xor(x, this._nonce), this._ephemeralPrivateKey)
     const data = Buffer.concat([
-      sig.signature,
-      Buffer.from([sig.recovery]),
+      Buffer.from(sig.signature),
+      Buffer.from([sig.recid]),
       keccak256(pk2id(this._ephemeralPublicKey)),
       pk2id(this._publicKey),
       this._nonce,
@@ -244,11 +251,8 @@ export class ECIES {
     const x = ecdhX(this._remotePublicKey, this._privateKey)
 
     if (!this._remoteNonce) return
-    this._remoteEphemeralPublicKey = recover(
-      xor(x, this._remoteNonce),
-      signature,
-      recoveryId,
-      false,
+    this._remoteEphemeralPublicKey = Buffer.from(
+      ecdsaRecover(signature, recoveryId, xor(x, this._remoteNonce), false),
     )
 
     if (!this._remoteEphemeralPublicKey) return

src/rlpx/rlpx.ts

@@ -43,7 +43,7 @@ export class RLPx extends EventEmitter {
     super()
 
     this._privateKey = Buffer.from(privateKey)
-    this._id = pk2id(publicKeyCreate(this._privateKey, false))
+    this._id = pk2id(Buffer.from(publicKeyCreate(this._privateKey, false)))
 
     // options
     this._timeout = options.timeout || ms('10s')

src/util.ts

@@ -21,7 +21,9 @@ export function genPrivateKey() {
 }
 
 export function pk2id(pk: Buffer): Buffer {
-  if (pk.length === 33) pk = publicKeyConvert(pk, false)
+  if (pk.length === 33) {
+    pk = Buffer.from(publicKeyConvert(pk, false))
+  }
   return pk.slice(1)
 }
 

test/dpt-message.ts

@@ -6,7 +6,7 @@ const privateKey = Buffer.from(
   'b71c71a67e1177ad4e901695e1b4b9ee17ae16c6668d313eac2f96dbcda3f291',
   'hex',
 )
-const publicKey = secp256k1.publicKeyCreate(privateKey, false)
+const publicKey = Buffer.from(secp256k1.publicKeyCreate(privateKey, false))
 
 test('ping packet with version 4, additional list elements', t => {
   const buffer = Buffer.from(

test/rlpx-ecies.ts

@@ -16,8 +16,8 @@ function randomBefore(fn: Function) {
   return (t: Test) => {
     const privateKey1 = util.genPrivateKey()
     const privateKey2 = util.genPrivateKey()
-    const publicKey1 = secp256k1.publicKeyCreate(privateKey1, false)
-    const publicKey2 = secp256k1.publicKeyCreate(privateKey2, false)
+    const publicKey1 = Buffer.from(secp256k1.publicKeyCreate(privateKey1, false))
+    const publicKey2 = Buffer.from(secp256k1.publicKeyCreate(privateKey2, false))
     t.context = {
       a: new ECIES(privateKey1, util.pk2id(publicKey1), util.pk2id(publicKey2)),
       b: new ECIES(privateKey2, util.pk2id(publicKey2), util.pk2id(publicKey1)),