chore: pin eciesjs to 0.4.17, remove dead ECIES.ts (#26626)

## **Description**

Upgrades eciesjs from `^0.3.15` (resolved 0.3.21, native C addon) to
exact pin `0.4.17` (pure-JS `@noble/*` libraries). This aligns
metamask-mobile with the connect-monorepo and mobile-wallet-protocol
repos, which are already on eciesjs 0.4.x.

**Why:** The version split between mobile (0.3.x) and the dApp side
(0.4.x) risked silent decryption failures in cross-platform relay
communication. The wire format is identical between versions, so this is
a safe upgrade.

**Changes:**
- **package.json**: Pin eciesjs to exact `0.4.17` (no caret). Remove two
`lavamoat.allowScripts` entries for `eciesjs>secp256k1` (0.4.x has no
native dependencies).
- **key-manager.ts**: Update API calls: `.compressed` ->
`.toBytes(true)`, remove unnecessary `Buffer.from()` wrapping on inputs,
add `Buffer.from()` wrapping on return values for type safety.
- **ECIES.ts**: Deleted. This file was dead code - nothing in the
codebase imported it. The V1 SDK Connect path uses the ECIES class
bundled inside the `@metamask/sdk-communication-layer`.

Part of a cross-repo eciesjs version alignment effort (companion PRs in
[connect-monorepo](https://github.com/MetaMask/connect-monorepo) and
[mobile-wallet-protocol](https://github.com/MetaMask/mobile-wallet-protocol)).

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Refs: WAPI-1131

## **Manual testing steps**

No manual steps

## **Screenshots/Recordings**

No UI changes.


https://github.com/user-attachments/assets/a5c73bd9-3d90-4780-84a3-acfbeed0cc85



## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it upgrades and rewires ECIES encryption key
handling (a compatibility- and data-path-sensitive area) and adds custom
Metro resolution for cipher subpaths that could affect bundling/runtime
on React Native.
> 
> **Overview**
> Pins `eciesjs` to `0.4.17` (bringing in `@noble/*` + `@ecies/ciphers`)
and updates `yarn.lock`/`lavamoat` entries to reflect removal of the
prior native `secp256k1` dependency.
> 
> Updates `SDKConnectV2` `KeyManager` to use the new `eciesjs`
key/public-key byte APIs and to pass `Uint8Array` keys directly to
`encrypt`/`decrypt`, with explicit `Buffer.from(...)` wrapping on
outputs for consistent base64/utf8 conversions.
> 
> Deletes the unused legacy `ECIES.ts` implementation, and adds Metro
`resolveRequest` overrides to map `@ecies/ciphers` export subpaths
(`@ecies/ciphers/aes`, `@ecies/ciphers/chacha`) to RN-friendly bundle
targets.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8e07b1c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: chakra-guy

app/core/SDKConnect/ECIES/ECIES.ts

@@ -5,8 +5,8 @@ export class KeyManager implements IKeyManager {
   generateKeyPair(): KeyPair {
     const privateKey = new PrivateKey();
     return {
-      privateKey: Uint8Array.from(privateKey.secret),
-      publicKey: Uint8Array.from(privateKey.publicKey.compressed),
+      privateKey: new Uint8Array(privateKey.secret),
+      publicKey: privateKey.publicKey.toBytes(true),
     };
   }
 
@@ -15,18 +15,16 @@ export class KeyManager implements IKeyManager {
     theirPublicKey: Uint8Array,
   ): Promise<string> {
     const plaintextBuffer = Buffer.from(plaintext, 'utf8');
-    const theirPublicKeyBuffer = Buffer.from(theirPublicKey);
-    const encryptedBuffer = encrypt(theirPublicKeyBuffer, plaintextBuffer);
-    return encryptedBuffer.toString('base64');
+    const encryptedBuffer = encrypt(theirPublicKey, plaintextBuffer);
+    return Buffer.from(encryptedBuffer).toString('base64');
   }
 
   async decrypt(
     encryptedB64: string,
     myPrivateKey: Uint8Array,
   ): Promise<string> {
     const encryptedBuffer = Buffer.from(encryptedB64, 'base64');
-    const myPrivateKeyBuffer = Buffer.from(myPrivateKey);
-    const decryptedBuffer = decrypt(myPrivateKeyBuffer, encryptedBuffer);
-    return decryptedBuffer.toString('utf8');
+    const decryptedBuffer = decrypt(myPrivateKey, encryptedBuffer);
+    return Buffer.from(decryptedBuffer).toString('utf8');
   }
 }

app/core/SDKConnectV2/services/key-manager.ts

@@ -98,6 +98,29 @@ module.exports = function (baseConfig) {
           'node:buffer': '@craftzdog/react-native-buffer',
         },
         resolveRequest: (context, moduleName, platform) => {
+          // @ecies/ciphers uses package.json "exports" subpaths that Metro
+          // can't resolve without unstable_enablePackageExports. Map them to
+          // the react-native condition targets manually.
+          // Note: require.resolve can't be used here because the package's
+          // "exports" field blocks direct dist/ access.
+          if (moduleName === '@ecies/ciphers/aes') {
+            return {
+              filePath: path.resolve(
+                __dirname,
+                'node_modules/@ecies/ciphers/dist/aes/noble.js',
+              ),
+              type: 'sourceFile',
+            };
+          }
+          if (moduleName === '@ecies/ciphers/chacha') {
+            return {
+              filePath: path.resolve(
+                __dirname,
+                'node_modules/@ecies/ciphers/dist/chacha/noble.js',
+              ),
+              type: 'sourceFile',
+            };
+          }
           // Use axios browser build so Node-only deps (e.g. http2) are never pulled in
           if (
             moduleName === 'axios' ||

metro.config.js

@@ -363,7 +363,7 @@
     "cross-spawn": "7.0.6",
     "d3-shape": "^3.2.0",
     "dayjs": "^1.11.13",
-    "eciesjs": "^0.3.15",
+    "eciesjs": "0.4.17",
     "eth-ens-namehash": "2.0.8",
     "eth-url-parser": "1.0.4",
     "ethereumjs-abi": "^0.6.8",
@@ -683,7 +683,6 @@
       "chromedriver": false,
       "detox": true,
       "detox>bunyan>dtrace-provider": false,
-      "eciesjs>secp256k1": true,
       "ethereumjs-util>keccak": true,
       "ethereumjs-util>secp256k1": true,
       "ganache>@trufflesuite/bigint-buffer": false,
@@ -700,7 +699,6 @@
       "@metamask/sdk-communication-layer>utf-8-validate": false,
       "detox>ws>bufferutil": false,
       "@metamask/notification-services-controller>firebase>@firebase/firestore>@grpc/proto-loader>protobufjs": false,
-      "@metamask/sdk-communication-layer>eciesjs>secp256k1": false,
       "detox>ws>utf-8-validate": false,
       "ganache>@trufflesuite/uws-js-unofficial>utf-8-validate": false,
       "@react-native-firebase/app>firebase>@firebase/firestore>@grpc/proto-loader>protobufjs": false,

package.json

@@ -2270,6 +2270,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@ecies/ciphers@npm:^0.2.5":
+  version: 0.2.5
+  resolution: "@ecies/ciphers@npm:0.2.5"
+  peerDependencies:
+    "@noble/ciphers": ^1.0.0
+  checksum: 10/af90636ee51812c9ead6e2c4be006f334bd6e12c5840de9c673b974b1ff3f79776747059257da3cb1731fcbc2d435a67b86dfb18fa90e07a6962c8816e6ab596
+  languageName: node
+  linkType: hard
+
 "@egjs/hammerjs@npm:^2.0.17":
   version: 2.0.17
   resolution: "@egjs/hammerjs@npm:2.0.17"
@@ -10447,7 +10456,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/curves@npm:1.9.7, @noble/curves@npm:^1.0.0, @noble/curves@npm:^1.2.0, @noble/curves@npm:^1.4.2, @noble/curves@npm:^1.8.0, @noble/curves@npm:^1.8.1, @noble/curves@npm:^1.9.1, @noble/curves@npm:^1.9.2, @noble/curves@npm:~1.9.0":
+"@noble/curves@npm:1.9.7, @noble/curves@npm:^1.0.0, @noble/curves@npm:^1.2.0, @noble/curves@npm:^1.4.2, @noble/curves@npm:^1.8.0, @noble/curves@npm:^1.8.1, @noble/curves@npm:^1.9.1, @noble/curves@npm:^1.9.2, @noble/curves@npm:^1.9.7, @noble/curves@npm:~1.9.0":
   version: 1.9.7
   resolution: "@noble/curves@npm:1.9.7"
   dependencies:
@@ -26726,13 +26735,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eciesjs@npm:^0.3.15":
-  version: 0.3.21
-  resolution: "eciesjs@npm:0.3.21"
+"eciesjs@npm:0.4.17":
+  version: 0.4.17
+  resolution: "eciesjs@npm:0.4.17"
   dependencies:
-    futoin-hkdf: "npm:^1.5.3"
-    secp256k1: "npm:^5.0.1"
-  checksum: 10/7f10709d20c0f65a887ba6d4a4b01685b3a18b933e4296a232372f9e8dc7b957cd68d339457737bf358be8a68ff4fcc8501cb617437e142ac483b0ba04fbc26c
+    "@ecies/ciphers": "npm:^0.2.5"
+    "@noble/ciphers": "npm:^1.3.0"
+    "@noble/curves": "npm:^1.9.7"
+    "@noble/hashes": "npm:^1.8.0"
+  checksum: 10/89e3db5d916e9b4badb516f0a89514300ce7bbc4e1a8a0b8f1e0ef4ac1d88c5aef622a65cb277b6a020e423c3b04f981398eeb349d5bd7e3e42a35132e871e7f
   languageName: node
   linkType: hard
 
@@ -30362,13 +30373,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"futoin-hkdf@npm:^1.5.3":
-  version: 1.5.3
-  resolution: "futoin-hkdf@npm:1.5.3"
-  checksum: 10/aa64b93b4fdca77e6e9c7f045c539dd912f10077bc31d933e219eb5784e88e90a6d830b5d34431da840cc7477c0ed5f2d504dec49718b9f57941de5f23c20471
-  languageName: node
-  linkType: hard
-
 "fwd-stream@npm:^1.0.4":
   version: 1.0.4
   resolution: "fwd-stream@npm:1.0.4"
@@ -35590,7 +35594,7 @@ __metadata:
     dotenv: "npm:^16.0.3"
     dpdm: "npm:^3.14.0"
     eas-cli: "npm:^12.6.1"
-    eciesjs: "npm:^0.3.15"
+    eciesjs: "npm:0.4.17"
     enzyme: "npm:3.9.0"
     enzyme-adapter-react-16: "npm:1.10.0"
     enzyme-to-json: "npm:3.3.5"
@@ -42493,18 +42497,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"secp256k1@npm:^5.0.1":
-  version: 5.0.1
-  resolution: "secp256k1@npm:5.0.1"
-  dependencies:
-    elliptic: "npm:^6.5.7"
-    node-addon-api: "npm:^5.0.0"
-    node-gyp: "npm:latest"
-    node-gyp-build: "npm:^4.2.0"
-  checksum: 10/63fbd35624be4fd9cf3d39e5f79c5471b4a8aea6944453b2bea7b100bb1c77a25c55e6e08e2210cdabdf478c4c62d34c408b34214f2afd9367e19a52a3a4236c
-  languageName: node
-  linkType: hard
-
 "seedrandom@npm:^3.0.5":
   version: 3.0.5
   resolution: "seedrandom@npm:3.0.5"