diff --git a/@stellar/typescript-wallet-sdk-km/package.json b/@stellar/typescript-wallet-sdk-km/package.json index 019e370..d6cb100 100644 --- a/@stellar/typescript-wallet-sdk-km/package.json +++ b/@stellar/typescript-wallet-sdk-km/package.json @@ -35,14 +35,15 @@ "@albedo-link/intent": "^0.12.0", "@ledgerhq/hw-app-str": "^6.28.4", "@ledgerhq/hw-transport-u2f": "^5.36.0-deprecated", + "@stablelib/base64": "^2.0.0", + "@stablelib/utf8": "^2.0.0", "@stellar/freighter-api": "^2.0.0", "@stellar/stellar-sdk": "12.1.0", "@trezor/connect-plugin-stellar": "^9.0.2", "bignumber.js": "^9.1.2", "scrypt-async": "^2.0.1", "trezor-connect": "^8.2.12", - "tweetnacl": "^1.0.3", - "tweetnacl-util": "^0.15.1" + "tweetnacl": "^1.0.3" }, "scripts": { "test": "jest --watchAll", diff --git a/@stellar/typescript-wallet-sdk-km/src/Helpers/scryptEncryption.ts b/@stellar/typescript-wallet-sdk-km/src/Helpers/scryptEncryption.ts index 23be13d..d6e71ee 100644 --- a/@stellar/typescript-wallet-sdk-km/src/Helpers/scryptEncryption.ts +++ b/@stellar/typescript-wallet-sdk-km/src/Helpers/scryptEncryption.ts @@ -1,6 +1,10 @@ +import { encode as utf8Encode, decode as utf8Decode } from "@stablelib/utf8"; +import { + encode as base64Encode, + decode as base64Decode, +} from "@stablelib/base64"; import scrypt from "scrypt-async"; import nacl from "tweetnacl"; -import naclutil from "tweetnacl-util"; export interface ScryptPassParams { password: string; @@ -65,7 +69,7 @@ function scryptPass(params: ScryptPassParams): Promise { } function generateSalt(): string { - return naclutil.encodeBase64(nacl.randomBytes(SALT_BYTES)); + return base64Encode(nacl.randomBytes(SALT_BYTES)); } /** @@ -84,7 +88,7 @@ export async function encrypt(params: EncryptParams): Promise { const secretboxNonce = nonce || nacl.randomBytes(NONCE_BYTES); const scryptedPass = await scryptPass({ password, salt: secretboxSalt }); - const textBytes = naclutil.decodeUTF8(phrase); + const textBytes = utf8Encode(phrase); const cipherText = nacl.secretbox(textBytes, secretboxNonce, scryptedPass); if (!cipherText) { @@ -99,7 +103,7 @@ export async function encrypt(params: EncryptParams): Promise { bundle.set(cipherText, 1 + secretboxNonce.length); return { - encryptedPhrase: naclutil.encodeBase64(bundle), + encryptedPhrase: base64Encode(bundle), salt: secretboxSalt, }; } @@ -108,7 +112,7 @@ export async function decrypt(params: DecryptParams): Promise { const { phrase, password, salt } = params; const scryptedPass = await scryptPass({ password, salt }); - const bundle = naclutil.decodeBase64(phrase); + const bundle = base64Decode(phrase); const version = bundle[0]; let decryptedBytes; if (version === CRYPTO_V1) { @@ -121,5 +125,5 @@ export async function decrypt(params: DecryptParams): Promise { if (!decryptedBytes) { throw new Error("That passphrase wasn’t valid."); } - return naclutil.encodeUTF8(decryptedBytes); + return utf8Decode(decryptedBytes); } diff --git a/@stellar/typescript-wallet-sdk/jest.e2e.config.js b/@stellar/typescript-wallet-sdk/jest.e2e.config.js index ea8b056..7f10317 100644 --- a/@stellar/typescript-wallet-sdk/jest.e2e.config.js +++ b/@stellar/typescript-wallet-sdk/jest.e2e.config.js @@ -1,6 +1,7 @@ module.exports = { rootDir: "./", preset: "ts-jest", + transformIgnorePatterns: [`/node_modules/(?!${["@stablelib"].join("|")})`], transform: { "^.+\\.(ts|tsx)?$": "ts-jest", "^.+\\.(js|jsx)$": "babel-jest", diff --git a/@stellar/typescript-wallet-sdk/jest.integration.config.js b/@stellar/typescript-wallet-sdk/jest.integration.config.js index b286749..f9b9504 100644 --- a/@stellar/typescript-wallet-sdk/jest.integration.config.js +++ b/@stellar/typescript-wallet-sdk/jest.integration.config.js @@ -1,6 +1,7 @@ module.exports = { rootDir: "./", preset: "ts-jest", + transformIgnorePatterns: [`/node_modules/(?!${["@stablelib"].join("|")})`], transform: { "^.+\\.(ts|tsx)?$": "ts-jest", "^.+\\.(js|jsx)$": "babel-jest", diff --git a/@stellar/typescript-wallet-sdk/package.json b/@stellar/typescript-wallet-sdk/package.json index 3e50f50..688bde1 100644 --- a/@stellar/typescript-wallet-sdk/package.json +++ b/@stellar/typescript-wallet-sdk/package.json @@ -44,6 +44,8 @@ "webpack-cli": "^5.1.1" }, "dependencies": { + "@stablelib/base64": "^2.0.0", + "@stablelib/utf8": "^2.0.0", "@stellar/stellar-sdk": "12.1.0", "axios": "^1.4.0", "base64url": "^3.0.1", @@ -53,7 +55,6 @@ "query-string": "^7.1.3", "stream-http": "^3.2.0", "tweetnacl": "^1.0.3", - "tweetnacl-util": "^0.15.1", "url": "^0.11.0", "util": "^0.12.5", "utility-types": "^3.10.0", diff --git a/@stellar/typescript-wallet-sdk/src/walletSdk/Auth/AuthHeaderSigner.ts b/@stellar/typescript-wallet-sdk/src/walletSdk/Auth/AuthHeaderSigner.ts index 25185a6..758b410 100644 --- a/@stellar/typescript-wallet-sdk/src/walletSdk/Auth/AuthHeaderSigner.ts +++ b/@stellar/typescript-wallet-sdk/src/walletSdk/Auth/AuthHeaderSigner.ts @@ -1,7 +1,7 @@ import { AxiosInstance } from "axios"; +import { encode as utf8Encode } from "@stablelib/utf8"; import { StrKey } from "@stellar/stellar-sdk"; import nacl from "tweetnacl"; -import naclUtil from "tweetnacl-util"; import base64url from "base64url"; import { SigningKeypair } from "../Horizon/Account"; @@ -66,12 +66,10 @@ export class DefaultAuthHeaderSigner implements AuthHeaderSigner { const encodedPayload = base64url( JSON.stringify({ ...claims, exp: timeExp, iat: issuedAt }), ); + const utf8Jwt = utf8Encode(`${encodedHeader}.${encodedPayload}`); // sign JWT and create signature - const signature = nacl.sign.detached( - naclUtil.decodeUTF8(`${encodedHeader}.${encodedPayload}`), - naclKP.secretKey, - ); + const signature = nacl.sign.detached(utf8Jwt, naclKP.secretKey); const encodedSignature = base64url(Buffer.from(signature)); const jwt = `${encodedHeader}.${encodedPayload}.${encodedSignature}`; diff --git a/jest.config.js b/jest.config.js index 94b2794..2d60923 100644 --- a/jest.config.js +++ b/jest.config.js @@ -1,4 +1,5 @@ const commonConfigs = { + transformIgnorePatterns: [`/node_modules/(?!${["@stablelib"].join("|")})`], transform: { "^.+\\.(js|jsx|ts|tsx|mjs)$": ["babel-jest"], }, diff --git a/yarn.lock b/yarn.lock index 3b63f37..deb3ef1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2521,6 +2521,16 @@ resolved "https://registry.yarnpkg.com/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz#5981a8db18b56ba38ef0efb7d995b12aa7b51918" integrity sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ== +"@stablelib/base64@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@stablelib/base64/-/base64-2.0.0.tgz#f13a98549cd5ca0750cd177bbd08b599d24e5f8e" + integrity sha512-ffSfySa1ZpZYzM5FQ2xILQ2jifQ+GlgbDJzRTCtaB0sqta88KYghB/tlSV2VS2iHRCvMdUvJlLOW1rmSkziWnw== + +"@stablelib/utf8@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@stablelib/utf8/-/utf8-2.0.0.tgz#05725ef9d39ed10a017e1b6e01374bd998c83167" + integrity sha512-bHaUduwFKYgj6rRvA5udyyg+ASx6gJZiQaXvfBHb7A2r+X9tRIKJ/VmpQKFQnEMInpBTh7jJLy+Gt99GH9YZ9g== + "@stellar/freighter-api@^2.0.0": version "2.0.0" resolved "https://registry.yarnpkg.com/@stellar/freighter-api/-/freighter-api-2.0.0.tgz#488915a4aa0cec8c9a3fc84ef31e21cd5ec41343" @@ -7573,11 +7583,6 @@ tslib@^2.5.0: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.5.0.tgz#42bfed86f5787aeb41d031866c8f402429e0fddf" integrity sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg== -tweetnacl-util@^0.15.1: - version "0.15.1" - resolved "https://registry.yarnpkg.com/tweetnacl-util/-/tweetnacl-util-0.15.1.tgz#b80fcdb5c97bcc508be18c44a4be50f022eea00b" - integrity sha512-RKJBIj8lySrShN4w6i/BonWp2Z/uxwC3h4y7xsRrpP59ZboCd0GpEVsOnMDYLMmKBpYhb5TgHzZXy7wTfYFBRw== - tweetnacl@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-1.0.3.tgz#ac0af71680458d8a6378d0d0d050ab1407d35596"