cleanup

src/mpcCoreKit.ts

@@ -53,17 +53,16 @@ import {
   Web3AuthState,
 } from "./interfaces";
 import {
-  bytesToHex,
   deriveShareCoefficients,
   ed25519,
+  generateEd25519Seed,
   generateFactorKey,
   generateSessionNonce,
   generateTSSEndpoints,
   getHashedPrivateKey,
   getSessionId,
   log,
   parseToken,
-  randomBytes,
   sampleEndpoints,
   scalarBNToBufferSEC1,
 } from "./utils";
@@ -644,7 +643,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
    */
   public getPubKeyEd25519(): Buffer {
     const p = this.tkey.tssCurve.keyFromPublic(this.getPubKey()).getPublic();
-    return ed25519().keyFromPublic(p).getPublic();
+    return ed25519.keyFromPublic(p).getPublic();
   }
 
   public async sign(data: Buffer, hashed: boolean = false): Promise<Buffer> {
@@ -881,9 +880,11 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     if (!existingUser) {
       if (!importTssKey && !this.options.useDkg) {
         if (this.keyType === KeyType.ed25519) {
-          importTssKey = bytesToHex(randomBytes(32));
+          const k = generateEd25519Seed();
+          importTssKey = k.toString("hex");
         } else if (this.keyType === KeyType.secp256k1) {
-          importTssKey = generateFactorKey().private.toString("hex", 64);
+          const k = secp256k1.genKeyPair().getPrivate();
+          importTssKey = scalarBNToBufferSEC1(k).toString("hex");
         } else {
           throw CoreKitError.default("Unsupported key type");
         }

src/utils.ts

@@ -11,35 +11,25 @@ import loglevel from "loglevel";
 import { DELIMITERS, SCALAR_LEN } from "./constants";
 import { CoreKitSigner, EthereumSigner, IAsyncStorage, IStorage } from "./interfaces";
 
-export const ed25519 = () => {
-  return new EDDSA("ed25519");
-};
-
-const cr = () =>
-  // We support: 1) browsers 2) node.js 19+
-  typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : undefined;
+export const ed25519 = new EDDSA("ed25519");
 
-// Array where index 0xf0 (240) is mapped to string 'f0'
-const hexes = Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
 /**
- * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
+ * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
  */
-export function bytesToHex(bytes: Uint8Array): string {
-  let hex = "";
-  for (let i = 0; i < bytes.length; i++) {
-    hex += hexes[bytes[i]];
+export function randomBytes(bytesLength = 32): Uint8Array {
+  // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
+  const crypto = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : undefined;
+
+  if (crypto && typeof crypto.getRandomValues === "function") {
+    return crypto.getRandomValues(new Uint8Array(bytesLength));
   }
-  return hex;
+  throw new Error("crypto.getRandomValues must be defined");
+}
+
+export function generateEd25519Seed() {
+  return Buffer.from(randomBytes(32));
 }
 
-export const randomBytes = (len = 32): Uint8Array => {
-  // CSPRNG (random number generator)
-  const crypto = cr(); // Can be shimmed in node.js <= 18 to prevent error:
-  // import { webcrypto } from 'node:crypto';
-  // if (!globalThis.crypto) globalThis.crypto = webcrypto;
-  if (!crypto || !crypto.getRandomValues) throw new Error("crypto.getRandomValues must be defined");
-  return crypto.getRandomValues(new Uint8Array(len));
-};
 export const generateFactorKey = (): { private: BN; pub: TkeyPoint } => {
   const keyPair = factorKeyCurve.genKeyPair();
   const pub = Point.fromElliptic(keyPair.getPublic());

tests/ed25519.spec.ts

@@ -143,8 +143,8 @@ variable.forEach((testVariable) => {
       const msg = "hello world";
       const msgBuffer = Buffer.from(msg);
 
-      const signature = ed25519().makeSignature((await coreKitInstance.sign(msgBuffer)).toString("hex"));
-      const valid = ed25519().verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
+      const signature = ed25519.makeSignature((await coreKitInstance.sign(msgBuffer)).toString("hex"));
+      const valid = ed25519.verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
       assert(valid);
     });
   });