Merge pull request #1355 from LimeChain/secp256k1-support-new

Add Secp256k1 support

.changeset/wet-seals-end.md

@@ -0,0 +1,12 @@
+---
+"@near-js/crypto": minor
+"@near-js/accounts": patch
+"@near-js/biometric-ed25519": patch
+"@near-js/keystores": patch
+"near-api-js": patch
+"@near-js/signers": patch
+"@near-js/transactions": patch
+"@near-js/wallet-account": patch
+---
+
+Add Secp256k1 support

packages/accounts/test/account.test.js

@@ -4,6 +4,7 @@ const { TypedError } = require('@near-js/types');
 const fs = require('fs');
 
 const { Account, Contract } = require('../lib');
+const { KeyType } = require( '@near-js/crypto' );
 const testUtils = require('./test-utils');
 
 let nearjs;
@@ -38,6 +39,26 @@ test('create account and then view account returns the created account', async (
  expect(state.amount).toEqual(newAmount.toString());
 });
 
+test('create account with a secp256k1 key and then view account returns the created account', async () => {
+ const newAccountName = testUtils.generateUniqueString('test');
+ const newAccountPublicKey = 'secp256k1:45KcWwYt6MYRnnWFSxyQVkuu9suAzxoSkUMEnFNBi9kDayTo5YPUaqMWUrf7YHUDNMMj3w75vKuvfAMgfiFXBy28';
+ const { amount } = await workingAccount.state();
+ const newAmount = BigInt(amount) / BigInt(10);
+ await nearjs.accountCreator.masterAccount.createAccount(newAccountName, newAccountPublicKey, newAmount);
+ const newAccount = new Account(nearjs.connection, newAccountName);
+ const state = await newAccount.state();
+ expect(state.amount).toEqual(newAmount.toString());
+});
+
+test('Secp256k1 send money', async() => {
+ const sender = await testUtils.createAccount(nearjs, KeyType.SECP256K1);
+ const receiver = await testUtils.createAccount(nearjs, KeyType.SECP256K1);
+ const { amount: receiverAmount } = await receiver.state();
+ await sender.sendMoney(receiver.accountId, BigInt(10000));
+ const state = await receiver.state();
+ expect(state.amount).toEqual((BigInt(receiverAmount) + BigInt(10000)).toString());
+});
+
 test('send money', async() => {
  const sender = await testUtils.createAccount(nearjs);
  const receiver = await testUtils.createAccount(nearjs);

packages/accounts/test/test-utils.js

@@ -1,4 +1,4 @@
-const { KeyPair } = require('@near-js/crypto');
+const { KeyPair, KeyType } = require('@near-js/crypto');
 const { InMemoryKeyStore } = require('@near-js/keystores');
 const fs = require('fs').promises;
 const path = require('path');
@@ -81,9 +81,9 @@ function generateUniqueString(prefix) {
  return result + '.test.near';
 }
 
-async function createAccount({ accountCreator, connection }) {
+async function createAccount({ accountCreator, connection }, keyType = KeyType.ED25519) {
  const newAccountName = generateUniqueString('test');
- const newPublicKey = await connection.signer.createKey(newAccountName, networkId);
+ const newPublicKey = await connection.signer.createKey(newAccountName, networkId, keyType);
  await accountCreator.createAccount(newAccountName, newPublicKey);
  return new Account(connection, newAccountName);
 }

packages/biometric-ed25519/src/index.ts

@@ -18,6 +18,7 @@ import {
 } from './utils';
 import { Fido2 } from './fido2';
 import { AssertionResponse } from './index.d';
+import { KeyPairString } from '@near-js/crypto';
 
 const CHALLENGE_TIMEOUT_MS = 90 * 1000;
 const RP_NAME = 'NEAR_API_JS_WEBAUTHN';
@@ -86,7 +87,7 @@ export const createKey = async (username: string): Promise<KeyPair> => {
  const publicKeyBytes = get64BytePublicKeyFromPEM(publicKey);
  const secretKey = sha256.create().update(Buffer.from(publicKeyBytes)).digest();
  const pubKey = ed25519.getPublicKey(secretKey);
- return KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secretKey), Buffer.from(pubKey)]))));
+ return KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secretKey), Buffer.from(pubKey)]))) as KeyPairString);
  });
 };
 
@@ -129,8 +130,8 @@ export const getKeys = async (username: string): Promise<[KeyPair, KeyPair]> =>
  const firstEDPublic = ed25519.getPublicKey(firstEDSecret);
  const secondEDSecret = sha256.create().update(Buffer.from(correctPKs[1])).digest();
  const secondEDPublic = ed25519.getPublicKey(secondEDSecret);
- const firstKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(firstEDSecret), Buffer.from(firstEDPublic)]))));
- const secondKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secondEDSecret), Buffer.from(secondEDPublic)]))));
+ const firstKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(firstEDSecret), Buffer.from(firstEDPublic)]))) as KeyPairString);
+ const secondKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secondEDSecret), Buffer.from(secondEDPublic)]))) as KeyPairString);
  return [firstKeyPair, secondKeyPair];
  });
 };

packages/crypto/package.json

@@ -18,9 +18,10 @@
  "dependencies": {
  "@near-js/types": "workspace:*",
  "@near-js/utils": "workspace:*",
- "borsh": "1.0.0",
  "@noble/curves": "1.2.0",
- "randombytes": "2.1.0"
+ "borsh": "1.0.0",
+ "randombytes": "2.1.0",
+ "secp256k1": "5.0.0"
  },
  "devDependencies": {
  "@types/node": "18.11.18",

packages/crypto/src/constants.ts

@@ -1,8 +1,11 @@
 /** All supported key types */
 export enum KeyType {
  ED25519 = 0,
+ SECP256K1 = 1,
 }
 
 export enum KeySize {
- SECRET_KEY = 32
+ SECRET_KEY = 32,
+ ED25519_PUBLIC_KEY = 32,
+ SECP256k1_PUBLIC_KEY = 64,
 }

packages/crypto/src/index.ts

@@ -1,5 +1,6 @@
 export { KeyType } from './constants';
-export { KeyPair } from './key_pair';
+export { KeyPair, KeyPairString } from './key_pair';
 export { Signature } from './key_pair_base';
 export { KeyPairEd25519 } from './key_pair_ed25519';
+export { KeyPairSecp256k1 } from './key_pair_secp256k1';
 export { PublicKey } from './public_key';

packages/crypto/src/key_pair.ts

@@ -1,14 +1,18 @@
 import { KeyPairBase } from './key_pair_base';
 import { KeyPairEd25519 } from './key_pair_ed25519';
+import { KeyPairSecp256k1 } from './key_pair_secp256k1';
+
+export type KeyPairString = `ed25519:${string}` | `secp256k1:${string}`;
 
 export abstract class KeyPair extends KeyPairBase {
  /**
  * @param curve Name of elliptical curve, case-insensitive
  * @returns Random KeyPair based on the curve
  */
- static fromRandom(curve: string): KeyPair {
+ static fromRandom(curve: 'ed25519' | 'secp256k1'): KeyPair {
  switch (curve.toUpperCase()) {
  case 'ED25519': return KeyPairEd25519.fromRandom();
+ case 'SECP256K1': return KeyPairSecp256k1.fromRandom();
  default: throw new Error(`Unknown curve ${curve}`);
  }
  }
@@ -18,13 +22,12 @@ export abstract class KeyPair extends KeyPairBase {
  * @param encodedKey The encoded key string.
  * @returns {KeyPair} The key pair created from the encoded key string.
  */
- static fromString(encodedKey: string): KeyPair {
+ static fromString(encodedKey: KeyPairString): KeyPair {
  const parts = encodedKey.split(':');
- if (parts.length === 1) {
- return new KeyPairEd25519(parts[0]);
- } else if (parts.length === 2) {
+ if (parts.length === 2) {
  switch (parts[0].toUpperCase()) {
  case 'ED25519': return new KeyPairEd25519(parts[1]);
+ case 'SECP256K1': return new KeyPairSecp256k1(parts[1]);
  default: throw new Error(`Unknown curve: ${parts[0]}`);
  }
  } else {

packages/crypto/src/key_pair_base.ts

@@ -1,3 +1,4 @@
+import { KeyPairString } from './key_pair';
 import { PublicKey } from './public_key';
 
 export interface Signature {
@@ -8,6 +9,6 @@ export interface Signature {
 export abstract class KeyPairBase {
  abstract sign(message: Uint8Array): Signature;
  abstract verify(message: Uint8Array, signature: Uint8Array): boolean;
- abstract toString(): string;
+ abstract toString(): KeyPairString;
  abstract getPublicKey(): PublicKey;
 }

packages/crypto/src/key_pair_ed25519.ts

@@ -5,6 +5,7 @@ import randombytes from 'randombytes';
 import { KeySize, KeyType } from './constants';
 import { KeyPairBase, Signature } from './key_pair_base';
 import { PublicKey } from './public_key';
+import { KeyPairString } from './key_pair';
 
 /**
  * This class provides key pair functionality for Ed25519 curve:
@@ -71,7 +72,7 @@ export class KeyPairEd25519 extends KeyPairBase {
  * Returns a string representation of the key pair in the format 'ed25519:[extendedSecretKey]'.
  * @returns {string} The string representation of the key pair.
  */
- toString(): string {
+ toString(): KeyPairString {
  return `ed25519:${this.extendedSecretKey}`;
  }
 

packages/crypto/src/key_pair_secp256k1.ts

@@ -0,0 +1,78 @@
+import { KeySize, KeyType } from './constants';
+import { KeyPairBase, Signature } from './key_pair_base';
+import { PublicKey } from './public_key';
+import secp256k1 from 'secp256k1';
+import randombytes from 'randombytes';
+import { KeyPairString } from './key_pair';
+import { baseDecode, baseEncode } from '@near-js/utils';
+/**
+ * This class provides key pair functionality for secp256k1 curve:
+ * generating key pairs, encoding key pairs, signing and verifying.
+ * nearcore expects secp256k1 public keys to be 64 bytes at all times, 
+ * even when string encoded the secp256k1 library returns 65 byte keys 
+ * (including a 1 byte header that indicates how the pubkey was encoded).
+ * We'll force the secp256k1 library to always encode uncompressed
+ * keys with the corresponding 0x04 header byte, then manually 
+ * insert/remove that byte as needed.
+ */
+export class KeyPairSecp256k1 extends KeyPairBase {
+ readonly publicKey: PublicKey;
+ readonly secretKey: string;
+ readonly extendedSecretKey: string;
+
+ /**
+ * Construct an instance of key pair given a secret key.
+ * It's generally assumed that these are encoded in base58.
+ * @param {string} extendedSecretKey
+ */
+ constructor(extendedSecretKey: string) {
+ super();
+ const decoded = baseDecode(extendedSecretKey);
+ const secretKey = new Uint8Array(decoded.slice(0, KeySize.SECRET_KEY));
+ const withHeader = secp256k1.publicKeyCreate(new Uint8Array(secretKey), false);
+ const data = withHeader.subarray(1, withHeader.length); // remove the 0x04 header byte
+ this.publicKey = new PublicKey({
+ keyType: KeyType.SECP256K1,
+ data
+ });
+ this.secretKey = baseEncode(secretKey);
+ this.extendedSecretKey = extendedSecretKey;
+ }
+
+ /**
+ * Generate a new random keypair.
+ * @example
+ * const keyRandom = KeyPair.fromRandom();
+ * keyRandom.publicKey
+ * // returns [PUBLIC_KEY]
+ *
+ * keyRandom.secretKey
+ * // returns [SECRET_KEY]
+ */
+ static fromRandom() {
+ // TODO: find better way to generate PK
+ const secretKey = randombytes(KeySize.SECRET_KEY);
+ const withHeader = secp256k1.publicKeyCreate(new Uint8Array(secretKey), false);
+ const publicKey = withHeader.subarray(1, withHeader.length);
+ const extendedSecretKey = new Uint8Array([...secretKey, ...publicKey]);
+ return new KeyPairSecp256k1(baseEncode(extendedSecretKey));
+ }
+
+ sign(message: Uint8Array): Signature {
+ // nearcore expects 65 byte signatures formed by appending the recovery id to the 64 byte signature
+ const { signature, recid } = secp256k1.ecdsaSign(message, baseDecode(this.secretKey)); 
+ return { signature: new Uint8Array([...signature, recid]), publicKey: this.publicKey };
+ }
+
+ verify(message: Uint8Array, signature: Uint8Array): boolean {
+ return this.publicKey.verify(message, signature);
+ }
+
+ toString(): KeyPairString {
+ return `secp256k1:${this.extendedSecretKey}`;
+ }
+
+ getPublicKey(): PublicKey {
+ return this.publicKey;
+ }
+}

packages/crypto/src/public_key.ts

@@ -1,29 +1,44 @@
-import { Assignable } from '@near-js/types';
 import { baseEncode, baseDecode } from '@near-js/utils';
 import { ed25519 } from '@noble/curves/ed25519';
+import secp256k1 from 'secp256k1';
 
 import { KeySize, KeyType } from './constants';
+import { Assignable } from '@near-js/types';
 
 function key_type_to_str(keyType: KeyType): string {
  switch (keyType) {
  case KeyType.ED25519: return 'ed25519';
+ case KeyType.SECP256K1: return 'secp256k1';
  default: throw new Error(`Unknown key type ${keyType}`);
  }
 }
 
 function str_to_key_type(keyType: string): KeyType {
  switch (keyType.toLowerCase()) {
  case 'ed25519': return KeyType.ED25519;
+ case 'secp256k1': return KeyType.SECP256K1;
  default: throw new Error(`Unknown key type ${keyType}`);
  }
 }
 
+class ED25519PublicKey extends Assignable { keyType: KeyType = KeyType.ED25519; data: Uint8Array; }
+class SECP256K1PublicKey extends Assignable { keyType: KeyType = KeyType.SECP256K1; data: Uint8Array; }
+
 /**
  * PublicKey representation that has type and bytes of the key.
  */
 export class PublicKey extends Assignable {
- keyType: KeyType;
- data: Uint8Array;
+ ed25519Key?: ED25519PublicKey;
+ secp256k1Key?: SECP256K1PublicKey;
+
+ constructor({ keyType, data }: { keyType: KeyType, data: Uint8Array }) {
+ super({});
+ if (keyType === KeyType.ED25519) {
+ this.ed25519Key = { keyType, data };
+ } else if (keyType === KeyType.SECP256K1) {
+ this.secp256k1Key = { keyType, data };
+ }
+ }
 
  /**
  * Creates a PublicKey instance from a string or an existing PublicKey instance.
@@ -45,7 +60,7 @@ export class PublicKey extends Assignable {
  static fromString(encodedKey: string): PublicKey {
  const parts = encodedKey.split(':');
  let publicKey: string;
- let keyType = KeyType.ED25519;
+ let keyType;
  if (parts.length === 1) {
  publicKey = parts[0];
  } else if (parts.length === 2) {
@@ -55,8 +70,12 @@ export class PublicKey extends Assignable {
  throw new Error('Invalid encoded key format, must be <curve>:<encoded key>');
  }
  const decodedPublicKey = baseDecode(publicKey);
- if(decodedPublicKey.length !== KeySize.SECRET_KEY) {
- throw new Error(`Invalid public key size (${decodedPublicKey.length}), must be ${KeySize.SECRET_KEY}`);
+ if (!keyType) {
+ keyType = decodedPublicKey.length === KeySize.SECP256k1_PUBLIC_KEY ? KeyType.SECP256K1 : KeyType.ED25519;
+ }
+ const keySize = keyType === KeyType.ED25519 ? KeySize.ED25519_PUBLIC_KEY : KeySize.SECP256k1_PUBLIC_KEY;
+ if (decodedPublicKey.length !== keySize) {
+ throw new Error(`Invalid public key size (${decodedPublicKey.length}), must be ${keySize}`);
  }
  return new PublicKey({ keyType, data: decodedPublicKey });
  }
@@ -66,7 +85,8 @@ export class PublicKey extends Assignable {
  * @returns {string} The string representation of the public key.
  */
  toString(): string {
- return `${key_type_to_str(this.keyType)}:${baseEncode(this.data)}`;
+ const encodedKey = baseEncode(this.data);
+ return `${key_type_to_str(this.keyType)}:${encodedKey}`;
  }
 
  /**
@@ -76,9 +96,27 @@ export class PublicKey extends Assignable {
  * @returns {boolean} `true` if the signature is valid, otherwise `false`.
  */
  verify(message: Uint8Array, signature: Uint8Array): boolean {
- switch (this.keyType) {
- case KeyType.ED25519: return ed25519.verify(signature, message, this.data);
- default: throw new Error(`Unknown key type ${this.keyType}`);
+ const keyType = this.keyType;
+ const data = this.data;
+ switch (keyType) {
+ case KeyType.ED25519:
+ return ed25519.verify(signature, message, data);
+ case KeyType.SECP256K1:
+ return secp256k1.ecdsaVerify(signature.subarray(0, 64), message, new Uint8Array([0x04, ...data]));
+ default:
+ throw new Error(`Unknown key type: ${keyType}`);
  }
  }
+
+ get keyPair() {
+ return this.ed25519Key || this.secp256k1Key;
+ }
+
+ get keyType(): KeyType {
+ return this.keyPair.keyType;
+ }
+
+ get data(): Uint8Array {
+ return this.keyPair.data;
+ }
 }