[web3.js] Replace sha256 and secp256k1 impls (#27390)

* fix: replace `@ethersproject/sha2` with `@noble/hashes/sha256` * fix: replace `secp256k1` with `@noble/secp256k1`
solana-labs · Aug 25, 2022 · 1a836ab · 1a836ab
1 parent c3c1699
commit 1a836ab
Show file tree

Hide file tree

Showing 7 changed files with 7,544 additions and 7,620 deletions.
diff --git a/web3.js/package-lock.json b/web3.js/package-lock.json
diff --git a/web3.js/package.json b/web3.js/package.json
@@ -58,7 +58,8 @@
   },
   "dependencies": {
     "@babel/runtime": "^7.12.5",
-    "@ethersproject/sha2": "^5.5.0",
+    "@noble/hashes": "^1.1.2",
+    "@noble/secp256k1": "^1.6.3",
     "@solana/buffer-layout": "^4.0.0",
     "bigint-buffer": "^1.1.5",
     "bn.js": "^5.0.0",
@@ -70,7 +71,6 @@
     "js-sha3": "^0.8.0",
     "node-fetch": "2",
     "rpc-websockets": "^7.5.0",
-    "secp256k1": "^4.0.2",
     "superstruct": "^0.14.2",
     "tweetnacl": "^1.0.3"
   },

diff --git a/web3.js/src/programs/secp256k1.ts b/web3.js/src/programs/secp256k1.ts
@@ -1,15 +1,13 @@
 import {Buffer} from 'buffer';
 import * as BufferLayout from '@solana/buffer-layout';
-import secp256k1 from 'secp256k1';
 import sha3 from 'js-sha3';
 
 import {PublicKey} from '../publickey';
 import {TransactionInstruction} from '../transaction';
 import assert from '../utils/assert';
+import {publicKeyCreate, ecdsaSign} from '../utils/secp256k1';
 import {toBuffer} from '../utils/to-buffer';
 
-const {publicKeyCreate, ecdsaSign} = secp256k1;
-
 const PRIVATE_KEY_BYTES = 32;
 const ETHEREUM_ADDRESS_BYTES = 20;
 const PUBLIC_KEY_BYTES = 64;
@@ -209,11 +207,14 @@ export class Secp256k1Program {
 
     try {
       const privateKey = toBuffer(pkey);
-      const publicKey = publicKeyCreate(privateKey, false).slice(1); // throw away leading byte
+      const publicKey = publicKeyCreate(
+        privateKey,
+        false /* isCompressed */,
+      ).slice(1); // throw away leading byte
       const messageHash = Buffer.from(
         sha3.keccak_256.update(toBuffer(message)).digest(),
       );
-      const {signature, recid: recoveryId} = ecdsaSign(messageHash, privateKey);
+      const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
 
       return this.createInstructionWithPublicKey({
         publicKey,

diff --git a/web3.js/src/publickey.ts b/web3.js/src/publickey.ts
@@ -2,7 +2,7 @@ import BN from 'bn.js';
 import bs58 from 'bs58';
 import {Buffer} from 'buffer';
 import nacl from 'tweetnacl';
-import {sha256} from '@ethersproject/sha2';
+import {sha256} from '@noble/hashes/sha256';
 
 import {Struct, SOLANA_SCHEMA} from './utils/borsh-schema';
 import {toBuffer} from './utils/to-buffer';
@@ -140,8 +140,8 @@ export class PublicKey extends Struct {
       Buffer.from(seed),
       programId.toBuffer(),
     ]);
-    const hash = sha256(new Uint8Array(buffer)).slice(2);
-    return new PublicKey(Buffer.from(hash, 'hex'));
+    const publicKeyBytes = sha256(buffer);
+    return new PublicKey(publicKeyBytes);
   }
 
   /**
@@ -164,8 +164,7 @@ export class PublicKey extends Struct {
       programId.toBuffer(),
       Buffer.from('ProgramDerivedAddress'),
     ]);
-    let hash = sha256(new Uint8Array(buffer)).slice(2);
-    let publicKeyBytes = new BN(hash, 16).toArray(undefined, 32);
+    const publicKeyBytes = sha256(buffer);
     if (is_on_curve(publicKeyBytes)) {
       throw new Error(`Invalid seeds, address must fall off the curve`);
     }