Dropped 3rd-party dependencies

Author: chipp

Package.resolved

@@ -8,25 +8,25 @@ let package = Package(
 	products: [
 		.library(name: "IDKit", targets: ["IDKit"]),
 	],
-	dependencies: [
-		.package(url: "https://github.com/attaswift/BigInt.git", from: "5.3.0"),
-        .package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", from: "1.9.0"),
-		.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0"..<"4.0.0"),
-	],
+	dependencies: [],
 	targets: [
+		.target(
+			name: "Keccak",
+			path: "./Sources/Keccak",
+			publicHeadersPath: "include"
+		),
 		.target(
 			name: "IDKit",
 			dependencies: [
-                .product(name: "BigInt", package: "BigInt"),
-                .product(name: "Crypto", package: "swift-crypto"),
-				.product(name: "CryptoSwift", package: "CryptoSwift"),
+				"Keccak",
 			],
 			path: "./Sources/IDKit",
 			swiftSettings: [.enableExperimentalFeature("StrictConcurrency")]
 		),
-        .testTarget(
-            name: "IDKitTests",
-            dependencies: ["IDKit"]
-        )
+		.testTarget(
+			name: "IDKitTests",
+			dependencies: ["IDKit"],
+			swiftSettings: [.enableExperimentalFeature("SwiftTesting")]
+		),
 	]
 )

Package.swift

@@ -1,4 +1,4 @@
-@preconcurrency import Crypto
+@preconcurrency import CryptoKit
 import Foundation
 #if canImport(FoundationNetworking)
 import FoundationNetworking

Sources/IDKit/BridgeClient.swift

@@ -1,4 +1,4 @@
-import Crypto
+import CryptoKit
 import Foundation
 
 /// The error returned by the World App.

Sources/IDKit/BridgeClientTypes.swift

@@ -1,4 +1,4 @@
-import Crypto
+import CryptoKit
 import Foundation
 
 extension Encodable {

Sources/IDKit/Extensions/Encodable+encrypt.swift

@@ -0,0 +1,82 @@
+import CryptoKit
+import Keccak
+
+struct SHA3Keccak256: HashFunction {
+	struct SHA3Keccak256Digest: CryptoKit.Digest, Sendable {
+		static let byteCount = SHA3Keccak256.digestByteCount
+
+		fileprivate let bytes: [UInt8]
+
+		init(bytes: [UInt8]) {
+			precondition(bytes.count == Self.byteCount, "Keccak digest must be 32 bytes")
+			self.bytes = bytes
+		}
+
+		var count: Int { bytes.count }
+
+		func makeIterator() -> Array<UInt8>.Iterator {
+			bytes.makeIterator()
+		}
+
+		func withUnsafeBytes<R>(_ body: (UnsafeRawBufferPointer) throws -> R) rethrows -> R {
+			try bytes.withUnsafeBytes(body)
+		}
+
+		var description: String {
+			bytes.map { String(format: "%02x", $0) }.joined()
+		}
+
+        var debugDescription: String {
+            "SHA3Keccak256Digest(\(description))"
+        }
+
+		static func == (lhs: SHA3Keccak256Digest, rhs: SHA3Keccak256Digest) -> Bool {
+			lhs.bytes == rhs.bytes
+		}
+
+		func hash(into hasher: inout Hasher) {
+			hasher.combine(bytes.count)
+			for chunk in bytes {
+				hasher.combine(chunk)
+			}
+		}
+	}
+
+	typealias Digest = SHA3Keccak256Digest
+
+	static let blockByteCount = 136
+	static let digestByteCount = 32
+	static let maxMessageLength = Int.max
+
+	private var buffer = [UInt8]()
+
+	init() {}
+
+	mutating func update(bufferPointer: UnsafeRawBufferPointer) {
+		guard !bufferPointer.isEmpty else {
+			return
+		}
+		precondition(buffer.count <= Self.maxMessageLength - bufferPointer.count, "Message too long")
+		buffer.append(contentsOf: bufferPointer)
+	}
+
+	func finalize() -> Digest {
+		Digest(bytes: Self.computeDigest(for: buffer))
+	}
+
+	private static func computeDigest(for message: [UInt8]) -> [UInt8] {
+		var digest = [UInt8](repeating: 0, count: digestByteCount)
+
+		digest.withUnsafeMutableBufferPointer { outputBuffer in
+			guard let outputBaseAddress = outputBuffer.baseAddress else {
+				return
+			}
+
+			message.withUnsafeBufferPointer { inputBuffer in
+				keccak256_hash(inputBuffer.baseAddress, inputBuffer.count, outputBaseAddress)
+			}
+		}
+
+		return digest
+	}
+}

Sources/IDKit/KeccakHasher.swift

@@ -1,6 +1,4 @@
-import BigInt
 import Foundation
-import CryptoSwift
 
 public enum SessionError: Error, CustomDebugStringConvertible {
     case incorrectDataEncoding(String)
@@ -92,7 +90,7 @@ public extension Session where Response == Proof {
         let payload = CreateRequestPayload(
             appID: appID,
             action: action,
-            signal: try encodeSignal(signal),
+            signal: encodeSignal(signal),
             actionDescription: actionDescription,
             verificationLevel: verificationLevel
         )
@@ -131,7 +129,7 @@ public extension Session where Response == CredentialCategoryProofResponse {
         let payload = CredentialCategoryRequestPayload(
             appID: appID,
             action: action,
-            signal: try encodeSignal(signal),
+            signal: encodeSignal(signal),
             actionDescription: actionDescription,
             credentialCategories: credentialCategories
         )
@@ -140,18 +138,15 @@ public extension Session where Response == CredentialCategoryProofResponse {
     }
 }
 
-func encodeSignal(_ signal: String) throws -> String {
-	// Encode signal data
-	let signalData = signal.data(using: .utf8) ?? Data()
-	
-	// Convert Data to bytes array and use SHA3 with keccak256 variant
-	let bytes = [UInt8](signalData)
-	let hash = SHA3(variant: .keccak256).calculate(for: bytes)
-	
-	// Convert to hex string
-	let hashData = Data(hash)
-	let hexString = String(BigUInt(hashData) >> 8, radix: 16)
-	// Pad with leading zeros to ensure 64 characters
-	let paddedHex = String(repeating: "0", count: max(0, 64 - hexString.count)) + hexString
+func encodeSignal(_ signal: String) -> String {
+	// Encode signal data and compute Keccak-256
+	let hash = SHA3Keccak256.hash(data: Data(signal.utf8))
+
+	// Drop the least-significant byte to match the legacy BigInt >> 8 behavior
+	let truncated = Array(hash).dropLast()
+	let hex = truncated.map { String(format: "%02x", $0) }.joined()
+
+	// Pad with leading zeros to ensure a 32-byte (64 hex chars) string
+	let paddedHex = String(repeating: "0", count: max(0, 64 - hex.count)) + hex
 	return "0x" + paddedHex
 }

Sources/IDKit/Session.swift

@@ -0,0 +1,39 @@
+// Sourced from https://github.com/XKCP/XKCP/blob/e774b9606029ab79dd787252841816a3c60ef8fe/Standalone/CompactFIPS202/C/Keccak-more-compact.c
+#define FOR(i,n) for(i=0; i<n; ++i)
+typedef unsigned char u8;
+typedef unsigned long long int u64;
+typedef unsigned int ui;
+
+void Keccak(ui r, ui c, const u8 *in, u64 inLen, u8 sfx, u8 *out, u64 outLen);
+void FIPS202_SHAKE128(const u8 *in, u64 inLen, u8 *out, u64 outLen) { Keccak(1344, 256, in, inLen, 0x1F, out, outLen); }
+void FIPS202_SHAKE256(const u8 *in, u64 inLen, u8 *out, u64 outLen) { Keccak(1088, 512, in, inLen, 0x1F, out, outLen); }
+void FIPS202_SHA3_224(const u8 *in, u64 inLen, u8 *out) { Keccak(1152, 448, in, inLen, 0x06, out, 28); }
+void FIPS202_SHA3_256(const u8 *in, u64 inLen, u8 *out) { Keccak(1088, 512, in, inLen, 0x06, out, 32); }
+void FIPS202_SHA3_384(const u8 *in, u64 inLen, u8 *out) { Keccak(832, 768, in, inLen, 0x06, out, 48); }
+void FIPS202_SHA3_512(const u8 *in, u64 inLen, u8 *out) { Keccak(576, 1024, in, inLen, 0x06, out, 64); }
+
+int LFSR86540(u8 *R) { (*R)=((*R)<<1)^(((*R)&0x80)?0x71:0); return ((*R)&2)>>1; }
+#define ROL(a,o) ((((u64)a)<<o)^(((u64)a)>>(64-o)))
+static u64 load64(const u8 *x) { ui i; u64 u=0; FOR(i,8) { u<<=8; u|=x[7-i]; } return u; }
+static void store64(u8 *x, u64 u) { ui i; FOR(i,8) { x[i]=u; u>>=8; } }
+static void xor64(u8 *x, u64 u) { ui i; FOR(i,8) { x[i]^=u; u>>=8; } }
+#define rL(x,y) load64((u8*)s+8*(x+5*y))
+#define wL(x,y,l) store64((u8*)s+8*(x+5*y),l)
+#define XL(x,y,l) xor64((u8*)s+8*(x+5*y),l)
+void KeccakF1600(void *s)
+{
+    ui r,x,y,i,j,Y; u8 R=0x01; u64 C[5],D;
+    for(i=0; i<24; i++) {
+        /*θ*/ FOR(x,5) C[x]=rL(x,0)^rL(x,1)^rL(x,2)^rL(x,3)^rL(x,4); FOR(x,5) { D=C[(x+4)%5]^ROL(C[(x+1)%5],1); FOR(y,5) XL(x,y,D); }
+        /*ρπ*/ x=1; y=r=0; D=rL(x,y); FOR(j,24) { r+=j+1; Y=(2*x+3*y)%5; x=y; y=Y; C[0]=rL(x,y); wL(x,y,ROL(D,r%64)); D=C[0]; }
+        /*χ*/ FOR(y,5) { FOR(x,5) C[x]=rL(x,y); FOR(x,5) wL(x,y,C[x]^((~C[(x+1)%5])&C[(x+2)%5])); }
+        /*ι*/ FOR(j,7) if (LFSR86540(&R)) XL(0,0,(u64)1<<((1<<j)-1));
+    }
+}
+void Keccak(ui r, ui c, const u8 *in, u64 inLen, u8 sfx, u8 *out, u64 outLen)
+{
+    /*initialize*/ u8 s[200]; ui R=r/8; ui i,b=0; FOR(i,200) s[i]=0;
+    /*absorb*/ while(inLen>0) { b=(inLen<R)?inLen:R; FOR(i,b) s[i]^=in[i]; in+=b; inLen-=b; if (b==R) { KeccakF1600(s); b=0; } }
+    /*pad*/ s[b]^=sfx; if((sfx&0x80)&&(b==(R-1))) KeccakF1600(s); s[R-1]^=0x80; KeccakF1600(s);
+    /*squeeze*/ while(outLen>0) { b=(outLen<R)?outLen:R; FOR(i,b) out[i]=s[i]; out+=b; outLen-=b; if(outLen>0) KeccakF1600(s); }
+}

Sources/Keccak/Keccak-more-compact.c

@@ -0,0 +1,16 @@
+#include "KeccakWrapper.h"
+
+void Keccak(unsigned int rate,
+            unsigned int capacity,
+            const unsigned char *input,
+            unsigned long long int inputByteLen,
+            unsigned char delimitedSuffix,
+            unsigned char *output,
+            unsigned long long int outputByteLen);
+
+void keccak256_hash(const uint8_t * _Nullable input, size_t inputByteLen, uint8_t *output)
+{
+    static const uint8_t zero = 0;
+    const unsigned char *message = (inputByteLen == 0 && input == NULL) ? &zero : input;
+    Keccak(1088, 512, message, (unsigned long long int)inputByteLen, 0x01, output, 32);
+}

Sources/Keccak/KeccakWrapper.c

@@ -0,0 +1,17 @@
+#ifndef KECCAK_WRAPPER_H
+#define KECCAK_WRAPPER_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void keccak256_hash(const uint8_t * _Nullable input, size_t inputByteLen, uint8_t * _Nonnull output);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif