From: Chris Duncan <chris@zoso.dev>
Date: Fri, 27 Mar 2026 07:33:22 +0000 (-0700)
Subject: Fixes for nano25519 API.
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=6b7dcf0a77564bcdabb23deb1213ae18ead06d51;p=libnemo.git

Fixes for nano25519 API.
---

diff --git a/src/lib/block.ts b/src/lib/block.ts
index 790d2ea..9666c60 100644
--- a/src/lib/block.ts
+++ b/src/lib/block.ts
@@ -412,7 +412,9 @@ export class Block {
 		return new Promise(async (resolve, reject) => {
 			try {
 				if (typeof input === 'string' && /^[A-F0-9]{64}$/i.test(input)) {
-					const signature = await nano25519.sign(hex.toBytes(this.hash), hex.toBytes(input))
+					const prv = hex.toBytes(input)
+					const pub = nano25519.derive(prv)
+					const signature = nano25519.sign(hex.toBytes(this.hash), new Uint8Array([...prv, ...pub]))
 					this.signature = bytes.toHex(signature)
 				} else if (input instanceof Wallet && typeof index === 'number'
 					&& (frontier === undefined || frontier instanceof (this.constructor as typeof Block))
diff --git a/src/lib/tools.ts b/src/lib/tools.ts
index 2e1a89d..3f342e9 100644
--- a/src/lib/tools.ts
+++ b/src/lib/tools.ts
@@ -134,7 +134,7 @@ export class Tools {
 	* Signs arbitrary strings with a private key using the Ed25519 signature scheme.
 	* The strings are first hashed to a 32-byte value using BLAKE2b.
 	*
-	* @param {string | Uint8Array<ArrayBuffer>} key - Hexadecimal-formatted private key to use for signing
+	* @param {string | Uint8Array<ArrayBuffer>} key - Hexadecimal-formatted secret key to use for signing
 	* @param {...string} input - Data to be signed
 	* @returns {Promise<string>} Hexadecimal-formatted signature
 	*/
@@ -219,7 +219,7 @@ export class Tools {
 	static async verify (key: string | Uint8Array<ArrayBuffer>, signature: string, ...input: string[]): Promise<boolean> {
 		if (typeof key === 'string') key = hex.toBytes(key)
 		try {
-			return await nano25519.verify(this.hash(input), hex.toBytes(signature), key)
+			return await nano25519.verify(hex.toBytes(signature), this.hash(input), key)
 		} catch (err) {
 			throw new Error('Failed to verify signature', { cause: err })
 		} finally {
diff --git a/src/lib/vault/index.ts b/src/lib/vault/index.ts
index 93ae64b..71b8cd4 100644
--- a/src/lib/vault/index.ts
+++ b/src/lib/vault/index.ts
@@ -1,11 +1,11 @@
 //! SPDX-FileCopyrightText: 2025 Chris Duncan <chris@zoso.dev>
 //! SPDX-License-Identifier: GPL-3.0-or-later
 
-import * as nano25519 from 'nano25519'
 import { Worker as NodeWorker } from 'node:worker_threads'
 import { default as CONSTANTS } from '../constants'
 import { Bip39, Bip44, Blake2b, Secp256k1, WalletAesGcm } from '../crypto'
 import { Data } from '../database'
+import { vaultDependencies } from './dependencies'
 import { Passkey } from './passkey'
 import { VaultTimer } from './vault-timer'
 import { VaultWorker } from './vault-worker'
@@ -123,10 +123,8 @@ export class Vault {
 	}
 }
 
-const nano25519Url = URL.createObjectURL(new Blob([`${nano25519}`], { type: 'text/javascript' }))
-
 const blob = `
-	const nano25519 = await import(${nano25519Url})
+	;${vaultDependencies};
 	${CONSTANTS}
 	const ${Secp256k1.name} = ${Secp256k1}
 	const ${Bip39.name} = ${Bip39}
diff --git a/src/lib/vault/vault-worker.ts b/src/lib/vault/vault-worker.ts
index 20e0815..3c6bfc7 100644
--- a/src/lib/vault/vault-worker.ts
+++ b/src/lib/vault/vault-worker.ts
@@ -259,8 +259,10 @@ export class VaultWorker {
 			const derive = this.#type === 'BLAKE2b'
 				? Blake2b.ckd(this.#seed, index)
 				: Bip44.ckd(this.#type === 'Exodus' ? 'Bitcoin seed' : 'ed25519 seed', this.#seed, BIP44_COIN_NANO, index)
-			return derive.then(prv => {
-				const sig = nano25519.sign(new Uint8Array(data), new Uint8Array(prv))
+			return derive.then(buf => {
+				const prv = new Uint8Array(buf)
+				const pub = nano25519.derive(prv)
+				const sig = nano25519.sign(new Uint8Array(data), new Uint8Array([...prv, ...pub]))
 				this.#timer = new VaultTimer(() => this.lock(), this.#timeout)
 				return { signature: sig.buffer }
 			})
diff --git a/test/test.tools.mjs b/test/test.tools.mjs
index 81ba67d..2965c1c 100644
--- a/test/test.tools.mjs
+++ b/test/test.tools.mjs
@@ -101,12 +101,12 @@ await Promise.all([
 	suite('signature tests', async () => {
 
 		await test('should sign data with a single parameter', async () => {
-			const result = await Tools.sign(NANO_TEST_VECTORS.PRIVATE_0, 'miro@metsanheimo.fi')
+			const result = await Tools.sign(NANO_TEST_VECTORS.PRIVATE_0 + NANO_TEST_VECTORS.PUBLIC_0, 'miro@metsanheimo.fi')
 			assert.equal(result, 'FECB9B084065ADC969904B55A0099C63746B68DF41FECB713244D387EED83A80B9D4907278C5EBC0998A5FC8BA597FBAAABBFCE0ABD2CA2212ACFE788637040C')
 		})
 
 		await test('should sign data with multiple parameters', async () => {
-			const result = await Tools.sign(NANO_TEST_VECTORS.PRIVATE_0, 'miro@metsanheimo.fi', 'somePassword')
+			const result = await Tools.sign(NANO_TEST_VECTORS.PRIVATE_0 + NANO_TEST_VECTORS.PUBLIC_0, 'miro@metsanheimo.fi', 'somePassword')
 			assert.equal(result, 'BB534F9B469AF451B1941FFEF8EE461FC5D284B5D393140900C6E13A65EF08D0AE2BC77131EE182922F66C250C7237A83878160457D5C39A70E55F7FCE925804')
 		})