diff --git a/README.md b/README.md index aede48f77..49c7d550a 100644 --- a/README.md +++ b/README.md @@ -12,14 +12,6 @@ implementation in JavaScript that can be used on either Node.js or web browsers. - **[API Reference](https://stellar.github.io/js-stellar-base/)** -> **Warning!** Node version of this package is using [`sodium-native`](https://www.npmjs.com/package/sodium-native) package, a native implementation of [Ed25519](https://ed25519.cr.yp.to/) in Node.js, as an [optional dependency](https://docs.npmjs.com/files/package.json#optionaldependencies). -> This means that if for any reason installation of this package fails, `stellar-base` will fallback to the much slower implementation contained in [`tweetnacl`](https://www.npmjs.com/package/tweetnacl). -> -> If you are using `stellar-base` in a browser you can ignore this. However, for production backend deployments you should definitely be using `sodium-native`. -> If `sodium-native` is successfully installed and working -> `StellarBase.FastSigning` variable will be equal `true`. Otherwise it will be -> `false`. - ## Quick start Using yarn to include js-stellar-base in your own project: diff --git a/package.json b/package.json index f23ff548f..9389235ee 100644 --- a/package.json +++ b/package.json @@ -111,9 +111,6 @@ "sha.js": "^2.3.6", "tweetnacl": "^1.0.0" }, - "optionalDependencies": { - "sodium-native": "^2.3.0" - }, "resolutions": { "**/ua-parser-js": "0.7.28" } diff --git a/src/index.js b/src/index.js index 68a376b98..bc8fcea83 100644 --- a/src/index.js +++ b/src/index.js @@ -2,7 +2,7 @@ import xdr from './generated/stellar-xdr_generated'; export { xdr }; export { hash } from './hashing'; -export { sign, verify, FastSigning } from './signing'; +export { sign, verify } from './signing'; export { getLiquidityPoolId, LiquidityPoolFeeV18 diff --git a/src/signing.js b/src/signing.js index 25aaee47c..5f0f85fc6 100644 --- a/src/signing.js +++ b/src/signing.js @@ -1,103 +1,28 @@ -// This module provides the signing functionality used by the stellar network -// The code below may look a little strange... this is because we try to provide -// the most efficient signing method possible. First, we try to load the -// native `sodium-native` package for node.js environments, and if that fails we -// fallback to `tweetnacl` +// This module provides the signing functionality used by the Stellar network -const actualMethods = {}; - -/** - * Use this flag to check if fast signing (provided by `sodium-native` package) is available. - * If your app is signing a large number of transaction or verifying a large number - * of signatures make sure `sodium-native` package is installed. - */ -export const FastSigning = checkFastSigning(); - -export function sign(data, secretKey) { - return actualMethods.sign(data, secretKey); -} - -export function verify(data, signature, publicKey) { - return actualMethods.verify(data, signature, publicKey); -} +import * as nacl from 'tweetnacl'; export function generate(secretKey) { - return actualMethods.generate(secretKey); + const secretKeyUint8 = new Uint8Array(secretKey); + const naclKeys = nacl.sign.keyPair.fromSeed(secretKeyUint8); + return Buffer.from(naclKeys.publicKey); } -function checkFastSigning() { - return typeof window === 'undefined' - ? checkFastSigningNode() - : checkFastSigningBrowser(); -} - -function checkFastSigningNode() { - // NOTE: we use commonjs style require here because es6 imports - // can only occur at the top level. thanks, obama. - let sodium; - try { - // eslint-disable-next-line - sodium = require('sodium-native'); - } catch (err) { - return checkFastSigningBrowser(); - } - - actualMethods.generate = (secretKey) => { - const pk = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES); - const sk = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES); - sodium.crypto_sign_seed_keypair(pk, sk, secretKey); - return pk; - }; - - actualMethods.sign = (data, secretKey) => { - data = Buffer.from(data); - const signature = Buffer.alloc(sodium.crypto_sign_BYTES); - sodium.crypto_sign_detached(signature, data, secretKey); - return signature; - }; +export function sign(data, secretKey) { + data = Buffer.from(data); + data = new Uint8Array(data.toJSON().data); + secretKey = new Uint8Array(secretKey.toJSON().data); - actualMethods.verify = (data, signature, publicKey) => { - data = Buffer.from(data); - try { - return sodium.crypto_sign_verify_detached(signature, data, publicKey); - } catch (e) { - return false; - } - }; + const signature = nacl.sign.detached(data, secretKey); - return true; + return Buffer.from(signature); } -function checkFastSigningBrowser() { - // fallback to `tweetnacl` if we're in the browser or - // if there was a failure installing `sodium-native` - // eslint-disable-next-line - const nacl = require('tweetnacl'); - - actualMethods.generate = (secretKey) => { - const secretKeyUint8 = new Uint8Array(secretKey); - const naclKeys = nacl.sign.keyPair.fromSeed(secretKeyUint8); - return Buffer.from(naclKeys.publicKey); - }; - - actualMethods.sign = (data, secretKey) => { - data = Buffer.from(data); - data = new Uint8Array(data.toJSON().data); - secretKey = new Uint8Array(secretKey.toJSON().data); - - const signature = nacl.sign.detached(data, secretKey); - - return Buffer.from(signature); - }; - - actualMethods.verify = (data, signature, publicKey) => { - data = Buffer.from(data); - data = new Uint8Array(data.toJSON().data); - signature = new Uint8Array(signature.toJSON().data); - publicKey = new Uint8Array(publicKey.toJSON().data); - - return nacl.sign.detached.verify(data, signature, publicKey); - }; +export function verify(data, signature, publicKey) { + data = Buffer.from(data); + data = new Uint8Array(data.toJSON().data); + signature = new Uint8Array(signature.toJSON().data); + publicKey = new Uint8Array(publicKey.toJSON().data); - return false; + return nacl.sign.detached.verify(data, signature, publicKey); } diff --git a/types/index.d.ts b/types/index.d.ts index a5c155383..e669f5893 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -104,8 +104,6 @@ export class Claimant { static predicateBeforeRelativeTime(seconds: string): xdr.ClaimPredicate; } -export const FastSigning: boolean; - export type KeypairType = 'ed25519'; export class Keypair { diff --git a/yarn.lock b/yarn.lock index 69389a1da..a5a1dca31 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4502,7 +4502,7 @@ inherits@2.0.3: resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4= -ini@^1.3.4, ini@^1.3.5: +ini@^1.3.4: version "1.3.7" resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.7.tgz#a09363e1911972ea16d7a8851005d84cf09a9a84" integrity sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ== @@ -5973,11 +5973,6 @@ nan@^2.12.1: resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.1.tgz#d7be34dfa3105b91494c3147089315eff8874b01" integrity sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw== -nan@^2.14.0: - version "2.14.0" - resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.0.tgz#7818f722027b2459a86f0295d434d1fc2336c52c" - integrity sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg== - nanomatch@^1.2.9: version "1.2.13" resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119" @@ -6036,11 +6031,6 @@ node-environment-flags@1.0.6: object.getownpropertydescriptors "^2.0.3" semver "^5.7.0" -node-gyp-build@^4.1.0: - version "4.2.1" - resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-4.2.1.tgz#f28f0d3d3ab268d48ab76c6f446f19bc3d0db9dc" - integrity sha512-XyCKXsqZfLqHep1hhsMncoXuUNt/cXCjg1+8CLbu69V1TKuPiOeSGbL9n+k/ByKH8UT0p4rdIX8XkTRZV0i7Sw== - node-libs-browser@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/node-libs-browser/-/node-libs-browser-2.2.1.tgz#b64f513d18338625f90346d27b0d235e631f6425" @@ -7666,15 +7656,6 @@ socket.io@^3.1.0: socket.io-adapter "~2.1.0" socket.io-parser "~4.0.3" -sodium-native@^2.3.0: - version "2.4.9" - resolved "https://registry.yarnpkg.com/sodium-native/-/sodium-native-2.4.9.tgz#7a7beb997efdbd2c773a385fb959f0cead5f5162" - integrity sha512-mbkiyA2clyfwAyOFIzMvsV6ny2KrKEIhFVASJxWfsmgfUEymgLIS2MLHHcGIQMkrcKhPErRaMR5Dzv0EEn+BWg== - dependencies: - ini "^1.3.5" - nan "^2.14.0" - node-gyp-build "^4.1.0" - source-list-map@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.1.tgz#3993bd873bfc48479cca9ea3a547835c7c154b34"