Util: remove ecsign method (instead directly use secp256k1.sign from external ethereum-cryptography package (ethereumjs#3948)

* util/monorepo: remove ecsign (use secp256k1.sign directly from ethereum-cryptography external package)

* client: read wasm from util

* tx: update auth sign to read from common crypto

* devp2p: convert deprecated ecsign to secp256k1.sign

* update customCrypto.ecsign return type

* fix wasmCrypto test

* switch v to number

* Revert "switch v to number"

This reverts commit 99859e5.

* remove old comment

* dedupe ecdsaSign

* fix test

* remove compat version of ecdsaRecover

* tx: remove TODO

* block/clique: ensure customCrypto and left padding is adhered

---------

Co-authored-by: acolytec3 <[email protected]>
Co-authored-by: Holger Drewes <[email protected]>

Author: 3 people

src/signature.ts

@@ -23,54 +23,6 @@ import { assertIsBytes } from './helpers.ts'
 
 import type { PrefixedHexString } from './types.ts'
 
-export interface ECDSASignature {
-  v: bigint // TODO: change this to number? It is either 0 or 1.
-  r: Uint8Array
-  s: Uint8Array
-}
-
-export interface ECSignOpts {
-  chainId?: bigint
-  extraEntropy?: Uint8Array | boolean
-}
-
-/**
- * Returns the ECDSA signature of a message hash.
- * {@link ECSignOpts.extraEntropy} defaults to `false`. If set to `true`, this will create a "hedged signature"
- * which is non-deterministic and provides additional protections against private key extraction attack vectors,
- * as described in https://github.com/ethereumjs/ethereumjs-monorepo/issues/3801. It will yield a
- * different, random signature each time `ecsign` is called on the same `msgHash` and `privateKey`.
- * In particular: each time a transaction is signed, this will thus yield a different, random
- * transaction hash.
- * Additionally, a `Uint8Array` can be passed to `extraEntropy` to provide custom entropy, which
- * will then still create a
- * To use this feature, pass `true` or a `Uint8Array` to `extraEntropy`.
- * For more information, see: https://github.com/ethereumjs/ethereumjs-monorepo/issues/3801
- */
-export function ecsign(
-  msgHash: Uint8Array,
-  privateKey: Uint8Array,
-  ecSignOpts: { extraEntropy?: Uint8Array | boolean } = { extraEntropy: false },
-): ECDSASignature {
-  const { extraEntropy } = ecSignOpts
-  const sig = secp256k1.sign(msgHash, privateKey, { extraEntropy: extraEntropy ?? false })
-  const buf = sig.toCompactRawBytes()
-  const r = buf.slice(0, 32)
-  const s = buf.slice(32, 64)
-
-  if ([2, 3].includes(sig.recovery)) {
-    // From the yellow paper:
-    /* The recovery identifier is a 1 byte value specifying the parity and finiteness of the coordinates
-       of the curve point for which r is the x-value; this value is in the range of [0, 3],
-       however we declare the upper two possibilities, representing infinite values, invalid. */
-    throw EthereumJSErrorWithoutCode(
-      `Invalid recovery value: values 2/3 are invalid, received: ${sig.recovery}`,
-    )
-  }
-
-  return { r, s, v: BigInt(sig.recovery) }
-}
-
 export function calculateSigRecovery(v: bigint, chainId?: bigint): bigint {
   if (v === BIGINT_0 || v === BIGINT_1) return v
 
@@ -160,7 +112,11 @@ export const toCompactSig = function (
  * NOTE: After EIP1559, `v` could be `0` or `1` but this function assumes
  * it's a signed message (EIP-191 or EIP-712) adding `27` at the end. Remove if needed.
  */
-export const fromRPCSig = function (sig: PrefixedHexString): ECDSASignature {
+export const fromRPCSig = function (sig: PrefixedHexString): {
+  v: bigint
+  r: Uint8Array
+  s: Uint8Array
+} {
   const bytes: Uint8Array = toBytes(sig)
 
   let r: Uint8Array
@@ -182,6 +138,7 @@ export const fromRPCSig = function (sig: PrefixedHexString): ECDSASignature {
 
   // support both versions of `eth_sign` responses
   if (v < 27) {
+    // TODO: verify this behavior, and verify in which context this method (`fromRPCSig`) is used
     v = v + BIGINT_27
   }
 

test/signature.spec.ts

@@ -3,8 +3,6 @@ import { assert, describe, it } from 'vitest'
 import {
   bigIntToBytes,
   ecrecover,
-  ecsign,
-  equalsBytes,
   fromRPCSig,
   hashPersonalMessage,
   hexToBytes,
@@ -15,55 +13,10 @@ import {
   utf8ToBytes,
 } from '../src/index.ts'
 
-import type { ECDSASignature } from '../src/index.ts'
-
 const ecHash = hexToBytes('0x82ff40c0a986c6a5cfad4ddf4c3aa6996f1a7837f9c398e17e5de5cbd5a12b28')
 const ecPrivKey = hexToBytes('0x3c9229289a6125f7fdf1885a77bb12c37a8d3b4962d936f7e3084dece32a3ca1')
 const chainId = BigInt(3) // ropsten
 
-/**
- * Returns `true` if the signatures are equal, or `false` otherwise.
- */
-function sigCmp(sig1: ECDSASignature, sig2: ECDSASignature) {
-  return equalsBytes(sig1.s, sig2.s) && equalsBytes(sig1.r, sig2.r) && sig1.v === sig2.v
-}
-
-describe('ecsign', () => {
-  it('should produce a deterministic signature by default', () => {
-    const sig = ecsign(ecHash, ecPrivKey)
-    assert.deepEqual(
-      sig.r,
-      hexToBytes('0x99e71a99cb2270b8cac5254f9e99b6210c6c10224a1579cf389ef88b20a1abe9'),
-    )
-    assert.deepEqual(
-      sig.s,
-      hexToBytes('0x129ff05af364204442bdb53ab6f18a99ab48acc9326fa689f228040429e3ca66'),
-    )
-    assert.equal(sig.v, BigInt(0))
-  })
-
-  it('should produce hedged signatures (extraEntropy=true)', () => {
-    const sig = ecsign(ecHash, ecPrivKey, { extraEntropy: true })
-    const sig2 = ecsign(ecHash, ecPrivKey)
-    assert.isFalse(sigCmp(sig, sig2), 'no chain id: signatures should be hedged and thus different')
-  })
-
-  it('should produce hedged signatures by default (with provided chainID)', () => {
-    const sigOpts = { extraEntropy: true }
-    const sig = ecsign(ecHash, ecPrivKey, sigOpts)
-    const sig2 = ecsign(ecHash, ecPrivKey, sigOpts)
-    assert.isFalse(sigCmp(sig, sig2), 'chain id: signatures should be hedged and thus different')
-  })
-
-  it('should produce deterministic signatures with set extraEntropy', () => {
-    const extraEntropy = bigIntToBytes(BigInt(13371337))
-    const sigOpts = { extraEntropy }
-    const sig = ecsign(ecHash, ecPrivKey, sigOpts)
-    const sig2 = ecsign(ecHash, ecPrivKey, sigOpts)
-    assert.isTrue(sigCmp(sig, sig2), 'no chain id: signatures should be deterministic')
-  })
-})
-
 describe('ecrecover', () => {
   it('should recover a public key', () => {
     const r = hexToBytes('0x99e71a99cb2270b8cac5254f9e99b6210c6c10224a1579cf389ef88b20a1abe9')