use blake1 impl from @noble/hashes instead of foundry-primitives fork

The fork no longer has a reason to exist now.

This also silences a security alert about foundry-primitives
depending on an insecure version of crypto-js.

Author: dynst

packages/xchain-crypto/package.json

@@ -45,10 +45,10 @@
     "@types/uuid": "^9.0.1"
   },
   "dependencies": {
+    "@noble/hashes": "^1.8.0",
     "@scure/base": "^1.2.6",
     "bip39": "^3.1.0",
     "crypto-js": "4.2.0",
-    "foundry-primitives-xchainjs": "github:xchainjs/foundry-primitives-js#master",
     "uuid": "^9.0.0"
   },
   "publishConfig": {

packages/xchain-crypto/src/crypto.ts

@@ -1,6 +1,6 @@
 import * as bip39 from 'bip39'
 import crypto from 'crypto'
-import { blake256 } from 'foundry-primitives-xchainjs'
+import { blake256 } from '@noble/hashes/blake1.js'
 import { v4 as uuidv4 } from 'uuid'
 
 import { pbkdf2Async } from './utils'
@@ -123,7 +123,8 @@ export const encryptToKeyStore = async (phrase: string, password: string): Promi
   const derivedKey = await pbkdf2Async(Buffer.from(password), salt, kdfParams.c, kdfParams.dklen, hashFunction)
   const cipherIV = crypto.createCipheriv(cipher, derivedKey.slice(0, 16), iv)
   const cipherText = Buffer.concat([cipherIV.update(Buffer.from(phrase, 'utf8')), cipherIV.final()])
-  const mac = blake256(Buffer.concat([derivedKey.slice(16, 32), Buffer.from(cipherText)]))
+  const mac_bytes: Uint8Array = blake256(Buffer.concat([derivedKey.slice(16, 32), Buffer.from(cipherText)]))
+  const mac: string = Buffer.from(mac_bytes).toString('hex')
 
   const cryptoStruct = {
     cipher: cipher,
@@ -162,7 +163,8 @@ export const decryptFromKeystore = async (keystore: Keystore, password: string):
   )
 
   const ciphertext = Buffer.from(keystore.crypto.ciphertext, 'hex')
-  const mac = blake256(Buffer.concat([derivedKey.slice(16, 32), ciphertext]))
+  const mac_bytes: Uint8Array = blake256(Buffer.concat([derivedKey.slice(16, 32), ciphertext]))
+  const mac: string = Buffer.from(mac_bytes).toString('hex')
 
   if (mac !== keystore.crypto.mac) throw new Error('Invalid password')
   const decipher = crypto.createDecipheriv(

yarn.lock

@@ -4057,14 +4057,14 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "@xchainjs/xchain-crypto@workspace:packages/xchain-crypto"
   dependencies:
+    "@noble/hashes": "npm:^1.8.0"
     "@scure/base": "npm:^1.2.6"
     "@types/bip39": "npm:^3.0.0"
     "@types/crypto-js": "npm:^4.1.1"
     "@types/node": "npm:^18.15.12"
     "@types/uuid": "npm:^9.0.1"
     bip39: "npm:^3.1.0"
     crypto-js: "npm:4.2.0"
-    foundry-primitives-xchainjs: "github:xchainjs/foundry-primitives-js#master"
     uuid: "npm:^9.0.0"
   languageName: unknown
   linkType: soft
@@ -5129,13 +5129,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"bignumber.js@npm:^7.2.1":
-  version: 7.2.1
-  resolution: "bignumber.js@npm:7.2.1"
-  checksum: 10c0/7e2cb10cdc1991696666b129f3b888c44a5e35bd3a5e990b2d2c934c7bc6863fb42b45fdea830484ca0d9e0b9a70d15e1d43fcd03a0e04326612b8e3ac76a0ae
-  languageName: node
-  linkType: hard
-
 "bignumber.js@npm:^9.0.0, bignumber.js@npm:^9.1.2":
   version: 9.1.2
   resolution: "bignumber.js@npm:9.1.2"
@@ -5348,7 +5341,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"blakejs@npm:1.2.1, blakejs@npm:^1.1.0":
+"blakejs@npm:1.2.1":
   version: 1.2.1
   resolution: "blakejs@npm:1.2.1"
   checksum: 10c0/c284557ce55b9c70203f59d381f1b85372ef08ee616a90162174d1291a45d3e5e809fdf9edab6e998740012538515152471dc4f1f9dbfa974ba2b9c1f7b9aad7
@@ -5571,7 +5564,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"buffer@npm:^5.2.1, buffer@npm:^5.5.0":
+"buffer@npm:^5.5.0":
   version: 5.7.1
   resolution: "buffer@npm:5.7.1"
   dependencies:
@@ -7495,25 +7488,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"foundry-primitives-xchainjs@github:xchainjs/foundry-primitives-js#master":
-  version: 0.2.1
-  resolution: "foundry-primitives-xchainjs@https://github.com/xchainjs/foundry-primitives-js.git#commit=7daeca67840d95bda9afb8f527e9d5a397d67ac9"
-  dependencies:
-    bignumber.js: "npm:^7.2.1"
-    blakejs: "npm:^1.1.0"
-    bn.js: "npm:^4.11.8"
-    buffer: "npm:^5.2.1"
-    crypto-js: "npm:4.2.0"
-    elliptic: "npm:^6.6.1"
-    hmac-drbg: "npm:^1.0.1"
-    lodash: "npm:^4.17.21"
-    node-forge: "npm:^1.3.1"
-    rlp: "npm:^2.1.0"
-    tweetnacl: "npm:^1.0.3"
-  checksum: 10c0/1c0adb408012a4c35a63d043503e515595ca7310ab1dccb3e143071e44a20fb655a596a8caa097f4ba5d3d7a46682a8bffd76203784a6d25e29b4a6dff949009
-  languageName: node
-  linkType: hard
-
 "fs-constants@npm:^1.0.0":
   version: 1.0.0
   resolution: "fs-constants@npm:1.0.0"
@@ -10230,13 +10204,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"node-forge@npm:^1.3.1":
-  version: 1.3.1
-  resolution: "node-forge@npm:1.3.1"
-  checksum: 10c0/e882819b251a4321f9fc1d67c85d1501d3004b4ee889af822fd07f64de3d1a8e272ff00b689570af0465d65d6bf5074df9c76e900e0aff23e60b847f2a46fbe8
-  languageName: node
-  linkType: hard
-
 "node-gyp-build@npm:^4.2.0, node-gyp-build@npm:^4.3.0, node-gyp-build@npm:^4.5.0":
   version: 4.7.1
   resolution: "node-gyp-build@npm:4.7.1"
@@ -11379,17 +11346,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"rlp@npm:^2.1.0":
-  version: 2.2.7
-  resolution: "rlp@npm:2.2.7"
-  dependencies:
-    bn.js: "npm:^5.2.0"
-  bin:
-    rlp: bin/rlp
-  checksum: 10c0/166c449f4bc794d47f8e337bf0ffbcfdb26c33109030aac4b6e5a33a91fa85783f2290addeb7b3c89d6d9b90c8276e719494d193129bed0a60a2d4a6fd658277
-  languageName: node
-  linkType: hard
-
 "rollup-plugin-visualizer@npm:^5.14.0":
   version: 5.14.0
   resolution: "rollup-plugin-visualizer@npm:5.14.0"
@@ -12693,7 +12649,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tweetnacl@npm:1.0.3, tweetnacl@npm:^1.0.3":
+"tweetnacl@npm:1.0.3":
   version: 1.0.3
   resolution: "tweetnacl@npm:1.0.3"
   checksum: 10c0/069d9df51e8ad4a89fbe6f9806c68e06c65be3c7d42f0701cc43dba5f0d6064686b238bbff206c5addef8854e3ce00c643bff59432ea2f2c639feab0ee1a93f9