cleanup

Author: chaitanyapotti

src/helpers/common.ts

@@ -54,11 +54,17 @@ export function base64ToBytes(b64: string): Uint8Array {
   return bytes;
 }
 
+/** Returns keccak256 hash as hex string (0x-prefixed). Use keccak256Bytes when you need bytes to avoid double conversion. */
 export function keccak256(a: Uint8Array): string {
   const hash = bytesToHex(keccakHash(a));
   return `0x${hash}`;
 }
 
+/** Returns keccak256 hash as raw bytes. Use instead of hexToBytes(keccak256(...)) to avoid double conversion. */
+export function keccak256Bytes(a: Uint8Array): Uint8Array {
+  return keccakHash(a);
+}
+
 export const generatePrivateKey = (keyType: KeyType): Uint8Array => {
   if (keyType === KEY_TYPE.SECP256K1) {
     return secp256k1.utils.randomSecretKey();

src/helpers/keyUtils.ts

@@ -60,21 +60,21 @@ function adjustScalarBytes(bytes: Uint8Array): Uint8Array {
 }
 
 /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */
-export function getEd25519ExtendedPublicKey(keyBuffer: Uint8Array): {
+export function getEd25519ExtendedPublicKey(keyBytes: Uint8Array): {
   scalar: bigint;
   point: Point2D;
 } {
   const ed25519Curve = getKeyCurve(KEY_TYPE.ED25519);
   const len = 32;
   const N = ed25519Curve.Point.CURVE().n;
 
-  if (keyBuffer.length !== 32) {
-    log.error("Invalid seed for ed25519 key derivation", keyBuffer.length);
+  if (keyBytes.length !== 32) {
+    log.error("Invalid seed for ed25519 key derivation", keyBytes.length);
     throw new Error("Invalid seed for ed25519 key derivation");
   }
   // Hash private key with curve's hash function to produce uniformingly random input
   // Check byte lengths: ensure(64, h(ensure(32, key)))
-  const hashed = sha512(keyBuffer);
+  const hashed = sha512(keyBytes);
   if (hashed.length !== 64) {
     throw new Error("Invalid hash length for ed25519 seed");
   }
@@ -122,11 +122,11 @@ export const generateEd25519KeyData = async (ed25519Seed: Uint8Array): Promise<P
   };
 };
 
-export const generateSecp256k1KeyData = async (scalarBuffer: Uint8Array): Promise<PrivateKeyData> => {
+export const generateSecp256k1KeyData = async (scalarBytes: Uint8Array): Promise<PrivateKeyData> => {
   const secp256k1Curve = getKeyCurve(KEY_TYPE.SECP256K1);
   const N = secp256k1Curve.Point.CURVE().n;
 
-  const scalar = bytesToNumberBE(scalarBuffer);
+  const scalar = bytesToNumberBE(scalarBytes);
   const randomNonce = bytesToNumberBE(generatePrivateKey(KEY_TYPE.SECP256K1));
   const oAuthKey = mod(scalar - randomNonce, N);
   const oAuthPub = secp256k1Curve.Point.BASE.multiply(oAuthKey).toAffine();
@@ -148,9 +148,9 @@ export const generateSecp256k1KeyData = async (scalarBuffer: Uint8Array): Promis
 
 function generateAddressFromPoint(keyType: KeyType, point: Point2D): string {
   if (keyType === KEY_TYPE.SECP256K1) {
-    const uncompressed = bytesToHex(getSecp256k1().Point.fromAffine(point).toBytes(false));
-    const publicKey = uncompressed.slice(2); // remove 04 prefix
-    const evmAddressLower = `0x${keccak256(hexToBytes(publicKey)).slice(64 - 38)}`;
+    const uncompressed = getSecp256k1().Point.fromAffine(point).toBytes(false);
+    const publicKey = uncompressed.slice(1); // remove 04 prefix
+    const evmAddressLower = `0x${keccak256(publicKey).slice(64 - 38)}`;
     return toChecksumAddress(evmAddressLower);
   } else if (keyType === KEY_TYPE.ED25519) {
     const publicKey = encodeEd25519Point(point);

src/helpers/metadataUtils.ts

@@ -28,7 +28,7 @@ import {
   Curve,
   encParamsHexToBuf,
   hexToBytes,
-  keccak256,
+  keccak256Bytes,
   numberToBytesBE,
   toBigIntBE,
   utf8ToBytes,
@@ -62,21 +62,21 @@ export function convertMetadataToNonce(params: { message?: string }): bigint {
 
 export async function decryptNodeData(eciesData: EciesHex, ciphertextHex: string, privKey: Uint8Array): Promise<Uint8Array> {
   const metadata = encParamsHexToBuf(eciesData);
-  const decryptedSigBuffer = await decrypt(privKey, {
+  const decryptedSigBytes = await decrypt(privKey, {
     ...metadata,
     ciphertext: hexToBytes(ciphertextHex),
   });
-  return decryptedSigBuffer;
+  return decryptedSigBytes;
 }
 
 export async function decryptNodeDataWithPadding(eciesData: EciesHex, ciphertextHex: string, privKey: Uint8Array): Promise<Uint8Array> {
   const metadata = encParamsHexToBuf(eciesData);
   try {
-    const decryptedSigBuffer = await decrypt(privKey, {
+    const decryptedSigBytes = await decrypt(privKey, {
       ...metadata,
       ciphertext: hexToBytes(ciphertextHex),
     });
-    return decryptedSigBuffer;
+    return decryptedSigBytes;
   } catch (error) {
     // ciphertext can be any length. not just 64. depends on input. we have this for legacy reason
     const ciphertextHexPadding = ciphertextHex.padStart(64, "0");
@@ -92,7 +92,7 @@ export function generateMetadataParams(ecCurve: Curve, serverTimeOffset: number,
     data: message,
     timestamp: (~~(serverTimeOffset + Date.now() / 1000)).toString(16),
   };
-  const msgHash = hexToBytes(keccak256(utf8ToBytes(stringify(setData))).slice(2));
+  const msgHash = keccak256Bytes(utf8ToBytes(stringify(setData)));
   // metadata only uses secp for sig validation; prehash: false because msgHash is already hashed
   const sig = secp256k1.sign(msgHash, hexToBytes(bigintToHex(privateKey)), { prehash: false });
   const pubKey = ecCurve.Point.BASE.multiply(privateKey).toAffine();
@@ -145,7 +145,7 @@ export function generateNonceMetadataParams(
     setData.seed = ""; // setting it as empty to keep ordering same while serializing the data on backend.
   }
 
-  const msgHash = hexToBytes(keccak256(utf8ToBytes(stringify(setData))).slice(2));
+  const msgHash = keccak256Bytes(utf8ToBytes(stringify(setData)));
   const sig = secp256k1.sign(msgHash, hexToBytes(bigintToHex(privateKey)), { prehash: false });
   const pubKey = secp256k1.Point.BASE.multiply(privateKey).toAffine();
   return {
@@ -256,7 +256,7 @@ export async function getOrSetSapphireMetadataNonce(
       operation: "getOrSetNonce",
       timestamp: (~~(serverTimeOffset + Date.now() / 1000)).toString(16),
     };
-    const msgHash = hexToBytes(keccak256(utf8ToBytes(stringify(setData))).slice(2));
+    const msgHash = keccak256Bytes(utf8ToBytes(stringify(setData)));
     const sig = secp256k1.sign(msgHash, hexToBytes(bigintToHex(privKey)), { prehash: false });
     const pubKey = secp256k1.Point.BASE.multiply(privKey).toAffine();
     data = {

src/torus.ts

@@ -15,6 +15,7 @@ import {
   getOrSetNonce,
   GetOrSetNonceError,
   GetPubKeyOrKeyAssign,
+  hexToBytes,
   retrieveOrImportShare,
   toBigIntBE,
 } from "./helpers";
@@ -203,27 +204,26 @@ class Torus {
       extraParams.session_token_exp_second = Torus.sessionTime;
     }
 
-    let privKeyBuffer;
+    let privKeyBytes: Uint8Array;
 
     if (this.keyType === KEY_TYPE.SECP256K1) {
-      privKeyBuffer = Buffer.from(newPrivateKey.padStart(64, "0"), "hex");
-      if (privKeyBuffer.length !== 32) {
+      privKeyBytes = hexToBytes(newPrivateKey.padStart(64, "0"));
+      if (privKeyBytes.length !== 32) {
         throw new Error("Invalid private key length for given secp256k1 key");
       }
-    }
-    if (this.keyType === KEY_TYPE.ED25519) {
-      privKeyBuffer = Buffer.from(newPrivateKey.padStart(64, "0"), "hex");
-      if (privKeyBuffer.length !== 32) {
+    } else {
+      privKeyBytes = hexToBytes(newPrivateKey.padStart(64, "0"));
+      if (privKeyBytes.length !== 32) {
         throw new Error("Invalid private key length for given ed25519 key");
       }
     }
 
-    const sharesData = await generateShares(this.ec, this.keyType, this.serverTimeOffset, nodeIndexes, nodePubkeys, privKeyBuffer);
+    const sharesData = await generateShares(this.ec, this.keyType, this.serverTimeOffset, nodeIndexes, nodePubkeys, privKeyBytes);
     if (this.keyType === KEY_TYPE.ED25519) {
-      const ed25519Key = getEd25519ExtendedPublicKey(privKeyBuffer);
+      const ed25519Key = getEd25519ExtendedPublicKey(privKeyBytes);
       const ed25519PubKey = encodeEd25519Point(ed25519Key.point);
       const encodedPubKey = encodeEd25519Point(sharesData[0].final_user_point);
-      const importedPubKey = Buffer.from(ed25519PubKey).toString("hex");
+      const importedPubKey = bytesToHex(ed25519PubKey);
       const derivedPubKey = bytesToHex(encodedPubKey);
       if (importedPubKey !== derivedPubKey) {
         throw new Error("invalid shares data for ed25519 key, public key is not matching after generating shares");