ホーム エクスプローラ ヘルプ
登録 サインイン
seven
/
bot-28
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 6b422a3e46
ブランチ タグ
bot-28
/
node
/
node_modules
/
@scure
/
bip32
/
lib
/
index.js

index.js 10 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273 
  1. "use strict";
    2. 

  2. Object.defineProperty(exports, "__esModule", { value: true });
    3. 

  3. exports.HDKey = exports.HARDENED_OFFSET = void 0;
    4. 

  4. /*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */
    5. 

  5. const hmac_1 = require("@noble/hashes/hmac");
    6. 

  6. const ripemd160_1 = require("@noble/hashes/ripemd160");
    7. 

  7. const sha256_1 = require("@noble/hashes/sha256");
    8. 

  8. const sha512_1 = require("@noble/hashes/sha512");
    9. 

  9. const _assert_1 = require("@noble/hashes/_assert");
    10. 

  10. const utils_1 = require("@noble/hashes/utils");
    11. 

  11. const secp256k1_1 = require("@noble/curves/secp256k1");
    12. 

  12. const modular_1 = require("@noble/curves/abstract/modular");
    13. 

  13. const base_1 = require("@scure/base");
    14. 

  14. const Point = secp256k1_1.secp256k1.ProjectivePoint;
    15. 

  15. const base58check = (0, base_1.createBase58check)(sha256_1.sha256);
    16. 

  16. function bytesToNumber(bytes) {
    17. 

  17.     return BigInt(`0x${(0, utils_1.bytesToHex)(bytes)}`);
    18. 

  18. }
    19. 

  19. function numberToBytes(num) {
    20. 

  20.     return (0, utils_1.hexToBytes)(num.toString(16).padStart(64, '0'));
    21. 

  21. }
    22. 

  22. const MASTER_SECRET = (0, utils_1.utf8ToBytes)('Bitcoin seed');
    23. 

  23. // Bitcoin hardcoded by default
    24. 

  24. const BITCOIN_VERSIONS = { private: 0x0488ade4, public: 0x0488b21e };
    25. 

  25. exports.HARDENED_OFFSET = 0x80000000;
    26. 

  26. const hash160 = (data) => (0, ripemd160_1.ripemd160)((0, sha256_1.sha256)(data));
    27. 

  27. const fromU32 = (data) => (0, utils_1.createView)(data).getUint32(0, false);
    28. 

  28. const toU32 = (n) => {
    29. 

  29.     if (!Number.isSafeInteger(n) || n < 0 || n > 2 ** 32 - 1) {
    30. 

  30.         throw new Error(`Invalid number=${n}. Should be from 0 to 2 ** 32 - 1`);
    31. 

  31.     }
    32. 

  32.     const buf = new Uint8Array(4);
    33. 

  33.     (0, utils_1.createView)(buf).setUint32(0, n, false);
    34. 

  34.     return buf;
    35. 

  35. };
    36. 

  36. class HDKey {
    37. 

  37.     get fingerprint() {
    38. 

  38.         if (!this.pubHash) {
    39. 

  39.             throw new Error('No publicKey set!');
    40. 

  40.         }
    41. 

  41.         return fromU32(this.pubHash);
    42. 

  42.     }
    43. 

  43.     get identifier() {
    44. 

  44.         return this.pubHash;
    45. 

  45.     }
    46. 

  46.     get pubKeyHash() {
    47. 

  47.         return this.pubHash;
    48. 

  48.     }
    49. 

  49.     get privateKey() {
    50. 

  50.         return this.privKeyBytes || null;
    51. 

  51.     }
    52. 

  52.     get publicKey() {
    53. 

  53.         return this.pubKey || null;
    54. 

  54.     }
    55. 

  55.     get privateExtendedKey() {
    56. 

  56.         const priv = this.privateKey;
    57. 

  57.         if (!priv) {
    58. 

  58.             throw new Error('No private key');
    59. 

  59.         }
    60. 

  60.         return base58check.encode(this.serialize(this.versions.private, (0, utils_1.concatBytes)(new Uint8Array([0]), priv)));
    61. 

  61.     }
    62. 

  62.     get publicExtendedKey() {
    63. 

  63.         if (!this.pubKey) {
    64. 

  64.             throw new Error('No public key');
    65. 

  65.         }
    66. 

  66.         return base58check.encode(this.serialize(this.versions.public, this.pubKey));
    67. 

  67.     }
    68. 

  68.     static fromMasterSeed(seed, versions = BITCOIN_VERSIONS) {
    69. 

  69.         (0, _assert_1.bytes)(seed);
    70. 

  70.         if (8 * seed.length < 128 || 8 * seed.length > 512) {
    71. 

  71.             throw new Error(`HDKey: wrong seed length=${seed.length}. Should be between 128 and 512 bits; 256 bits is advised)`);
    72. 

  72.         }
    73. 

  73.         const I = (0, hmac_1.hmac)(sha512_1.sha512, MASTER_SECRET, seed);
    74. 

  74.         return new HDKey({
    75. 

  75.             versions,
    76. 

  76.             chainCode: I.slice(32),
    77. 

  77.             privateKey: I.slice(0, 32),
    78. 

  78.         });
    79. 

  79.     }
    80. 

  80.     static fromExtendedKey(base58key, versions = BITCOIN_VERSIONS) {
    81. 

  81.         // => version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
    82. 

  82.         const keyBuffer = base58check.decode(base58key);
    83. 

  83.         const keyView = (0, utils_1.createView)(keyBuffer);
    84. 

  84.         const version = keyView.getUint32(0, false);
    85. 

  85.         const opt = {
    86. 

  86.             versions,
    87. 

  87.             depth: keyBuffer[4],
    88. 

  88.             parentFingerprint: keyView.getUint32(5, false),
    89. 

  89.             index: keyView.getUint32(9, false),
    90. 

  90.             chainCode: keyBuffer.slice(13, 45),
    91. 

  91.         };
    92. 

  92.         const key = keyBuffer.slice(45);
    93. 

  93.         const isPriv = key[0] === 0;
    94. 

  94.         if (version !== versions[isPriv ? 'private' : 'public']) {
    95. 

  95.             throw new Error('Version mismatch');
    96. 

  96.         }
    97. 

  97.         if (isPriv) {
    98. 

  98.             return new HDKey({ ...opt, privateKey: key.slice(1) });
    99. 

  99.         }
    100. 

  100.         else {
    101. 

  101.             return new HDKey({ ...opt, publicKey: key });
    102. 

  102.         }
    103. 

  103.     }
    104. 

  104.     static fromJSON(json) {
    105. 

  105.         return HDKey.fromExtendedKey(json.xpriv);
    106. 

  106.     }
    107. 

  107.     constructor(opt) {
    108. 

  108.         this.depth = 0;
    109. 

  109.         this.index = 0;
    110. 

  110.         this.chainCode = null;
    111. 

  111.         this.parentFingerprint = 0;
    112. 

  112.         if (!opt || typeof opt !== 'object') {
    113. 

  113.             throw new Error('HDKey.constructor must not be called directly');
    114. 

  114.         }
    115. 

  115.         this.versions = opt.versions || BITCOIN_VERSIONS;
    116. 

  116.         this.depth = opt.depth || 0;
    117. 

  117.         this.chainCode = opt.chainCode || null;
    118. 

  118.         this.index = opt.index || 0;
    119. 

  119.         this.parentFingerprint = opt.parentFingerprint || 0;
    120. 

  120.         if (!this.depth) {
    121. 

  121.             if (this.parentFingerprint || this.index) {
    122. 

  122.                 throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
    123. 

  123.             }
    124. 

  124.         }
    125. 

  125.         if (opt.publicKey && opt.privateKey) {
    126. 

  126.             throw new Error('HDKey: publicKey and privateKey at same time.');
    127. 

  127.         }
    128. 

  128.         if (opt.privateKey) {
    129. 

  129.             if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(opt.privateKey)) {
    130. 

  130.                 throw new Error('Invalid private key');
    131. 

  131.             }
    132. 

  132.             this.privKey =
    133. 

  133.                 typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
    134. 

  134.             this.privKeyBytes = numberToBytes(this.privKey);
    135. 

  135.             this.pubKey = secp256k1_1.secp256k1.getPublicKey(opt.privateKey, true);
    136. 

  136.         }
    137. 

  137.         else if (opt.publicKey) {
    138. 

  138.             this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point
    139. 

  139.         }
    140. 

  140.         else {
    141. 

  141.             throw new Error('HDKey: no public or private key provided');
    142. 

  142.         }
    143. 

  143.         this.pubHash = hash160(this.pubKey);
    144. 

  144.     }
    145. 

  145.     derive(path) {
    146. 

  146.         if (!/^[mM]'?/.test(path)) {
    147. 

  147.             throw new Error('Path must start with "m" or "M"');
    148. 

  148.         }
    149. 

  149.         if (/^[mM]'?$/.test(path)) {
    150. 

  150.             return this;
    151. 

  151.         }
    152. 

  152.         const parts = path.replace(/^[mM]'?\//, '').split('/');
    153. 

  153.         // tslint:disable-next-line
    154. 

  154.         let child = this;
    155. 

  155.         for (const c of parts) {
    156. 

  156.             const m = /^(\d+)('?)$/.exec(c);
    157. 

  157.             const m1 = m && m[1];
    158. 

  158.             if (!m || m.length !== 3 || typeof m1 !== 'string') {
    159. 

  159.                 throw new Error(`Invalid child index: ${c}`);
    160. 

  160.             }
    161. 

  161.             let idx = +m1;
    162. 

  162.             if (!Number.isSafeInteger(idx) || idx >= exports.HARDENED_OFFSET) {
    163. 

  163.                 throw new Error('Invalid index');
    164. 

  164.             }
    165. 

  165.             // hardened key
    166. 

  166.             if (m[2] === "'") {
    167. 

  167.                 idx += exports.HARDENED_OFFSET;
    168. 

  168.             }
    169. 

  169.             child = child.deriveChild(idx);
    170. 

  170.         }
    171. 

  171.         return child;
    172. 

  172.     }
    173. 

  173.     deriveChild(index) {
    174. 

  174.         if (!this.pubKey || !this.chainCode) {
    175. 

  175.             throw new Error('No publicKey or chainCode set');
    176. 

  176.         }
    177. 

  177.         let data = toU32(index);
    178. 

  178.         if (index >= exports.HARDENED_OFFSET) {
    179. 

  179.             // Hardened
    180. 

  180.             const priv = this.privateKey;
    181. 

  181.             if (!priv) {
    182. 

  182.                 throw new Error('Could not derive hardened child key');
    183. 

  183.             }
    184. 

  184.             // Hardened child: 0x00 || ser256(kpar) || ser32(index)
    185. 

  185.             data = (0, utils_1.concatBytes)(new Uint8Array([0]), priv, data);
    186. 

  186.         }
    187. 

  187.         else {
    188. 

  188.             // Normal child: serP(point(kpar)) || ser32(index)
    189. 

  189.             data = (0, utils_1.concatBytes)(this.pubKey, data);
    190. 

  190.         }
    191. 

  191.         const I = (0, hmac_1.hmac)(sha512_1.sha512, this.chainCode, data);
    192. 

  192.         const childTweak = bytesToNumber(I.slice(0, 32));
    193. 

  193.         const chainCode = I.slice(32);
    194. 

  194.         if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(childTweak)) {
    195. 

  195.             throw new Error('Tweak bigger than curve order');
    196. 

  196.         }
    197. 

  197.         const opt = {
    198. 

  198.             versions: this.versions,
    199. 

  199.             chainCode,
    200. 

  200.             depth: this.depth + 1,
    201. 

  201.             parentFingerprint: this.fingerprint,
    202. 

  202.             index,
    203. 

  203.         };
    204. 

  204.         try {
    205. 

  205.             // Private parent key -> private child key
    206. 

  206.             if (this.privateKey) {
    207. 

  207.                 const added = (0, modular_1.mod)(this.privKey + childTweak, secp256k1_1.secp256k1.CURVE.n);
    208. 

  208.                 if (!secp256k1_1.secp256k1.utils.isValidPrivateKey(added)) {
    209. 

  209.                     throw new Error('The tweak was out of range or the resulted private key is invalid');
    210. 

  210.                 }
    211. 

  211.                 opt.privateKey = added;
    212. 

  212.             }
    213. 

  213.             else {
    214. 

  214.                 const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
    215. 

  215.                 // Cryptographically impossible: hmac-sha512 preimage would need to be found
    216. 

  216.                 if (added.equals(Point.ZERO)) {
    217. 

  217.                     throw new Error('The tweak was equal to negative P, which made the result key invalid');
    218. 

  218.                 }
    219. 

  219.                 opt.publicKey = added.toRawBytes(true);
    220. 

  220.             }
    221. 

  221.             return new HDKey(opt);
    222. 

  222.         }
    223. 

  223.         catch (err) {
    224. 

  224.             return this.deriveChild(index + 1);
    225. 

  225.         }
    226. 

  226.     }
    227. 

  227.     sign(hash) {
    228. 

  228.         if (!this.privateKey) {
    229. 

  229.             throw new Error('No privateKey set!');
    230. 

  230.         }
    231. 

  231.         (0, _assert_1.bytes)(hash, 32);
    232. 

  232.         return secp256k1_1.secp256k1.sign(hash, this.privKey).toCompactRawBytes();
    233. 

  233.     }
    234. 

  234.     verify(hash, signature) {
    235. 

  235.         (0, _assert_1.bytes)(hash, 32);
    236. 

  236.         (0, _assert_1.bytes)(signature, 64);
    237. 

  237.         if (!this.publicKey) {
    238. 

  238.             throw new Error('No publicKey set!');
    239. 

  239.         }
    240. 

  240.         let sig;
    241. 

  241.         try {
    242. 

  242.             sig = secp256k1_1.secp256k1.Signature.fromCompact(signature);
    243. 

  243.         }
    244. 

  244.         catch (error) {
    245. 

  245.             return false;
    246. 

  246.         }
    247. 

  247.         return secp256k1_1.secp256k1.verify(sig, hash, this.publicKey);
    248. 

  248.     }
    249. 

  249.     wipePrivateData() {
    250. 

  250.         this.privKey = undefined;
    251. 

  251.         if (this.privKeyBytes) {
    252. 

  252.             this.privKeyBytes.fill(0);
    253. 

  253.             this.privKeyBytes = undefined;
    254. 

  254.         }
    255. 

  255.         return this;
    256. 

  256.     }
    257. 

  257.     toJSON() {
    258. 

  258.         return {
    259. 

  259.             xpriv: this.privateExtendedKey,
    260. 

  260.             xpub: this.publicExtendedKey,
    261. 

  261.         };
    262. 

  262.     }
    263. 

  263.     serialize(version, key) {
    264. 

  264.         if (!this.chainCode) {
    265. 

  265.             throw new Error('No chainCode set');
    266. 

  266.         }
    267. 

  267.         (0, _assert_1.bytes)(key, 33);
    268. 

  268.         // version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
    269. 

  269.         return (0, utils_1.concatBytes)(toU32(version), new Uint8Array([this.depth]), toU32(this.parentFingerprint), toU32(this.index), this.chainCode, key);
    270. 

  270.     }
    271. 

  271. }
    272. 

  272. exports.HDKey = HDKey;
    273. 

  273. //# sourceMappingURL=index.js.map
    274.