탐색 도움말
가입하기 로그인
seven
/
bot-28
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 88e843900f
브랜치 태그
bot-28
/
node
/
node_modules
/
@scure
/
bip32
/
index.ts

index.ts 9.7 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308 
  1. /*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */
    2. 

  2. import { hmac } from '@noble/hashes/hmac';
    3. 

  3. import { ripemd160 } from '@noble/hashes/ripemd160';
    4. 

  4. import { sha256 } from '@noble/hashes/sha256';
    5. 

  5. import { sha512 } from '@noble/hashes/sha512';
    6. 

  6. import { bytes as assertBytes } from '@noble/hashes/_assert';
    7. 

  7. import { bytesToHex, concatBytes, createView, hexToBytes, utf8ToBytes } from '@noble/hashes/utils';
    8. 

  8. import { secp256k1 as secp } from '@noble/curves/secp256k1';
    9. 

  9. import { mod } from '@noble/curves/abstract/modular';
    10. 

  10. import { createBase58check } from '@scure/base';
    11. 

  11. 

  12. const Point = secp.ProjectivePoint;
    13. 

  13. const base58check = createBase58check(sha256);
    14. 

  14. 

  15. function bytesToNumber(bytes: Uint8Array): bigint {
    16. 

  16.   return BigInt(`0x${bytesToHex(bytes)}`);
    17. 

  17. }
    18. 

  18. 

  19. function numberToBytes(num: bigint): Uint8Array {
    20. 

  20.   return hexToBytes(num.toString(16).padStart(64, '0'));
    21. 

  21. }
    22. 

  22. 

  23. const MASTER_SECRET = utf8ToBytes('Bitcoin seed');
    24. 

  24. // Bitcoin hardcoded by default
    25. 

  25. const BITCOIN_VERSIONS: Versions = { private: 0x0488ade4, public: 0x0488b21e };
    26. 

  26. export const HARDENED_OFFSET: number = 0x80000000;
    27. 

  27. 

  28. export interface Versions {
    29. 

  29.   private: number;
    30. 

  30.   public: number;
    31. 

  31. }
    32. 

  32. 

  33. const hash160 = (data: Uint8Array) => ripemd160(sha256(data));
    34. 

  34. const fromU32 = (data: Uint8Array) => createView(data).getUint32(0, false);
    35. 

  35. const toU32 = (n: number) => {
    36. 

  36.   if (!Number.isSafeInteger(n) || n < 0 || n > 2 ** 32 - 1) {
    37. 

  37.     throw new Error(`Invalid number=${n}. Should be from 0 to 2 ** 32 - 1`);
    38. 

  38.   }
    39. 

  39.   const buf = new Uint8Array(4);
    40. 

  40.   createView(buf).setUint32(0, n, false);
    41. 

  41.   return buf;
    42. 

  42. };
    43. 

  43. 

  44. interface HDKeyOpt {
    45. 

  45.   versions?: Versions;
    46. 

  46.   depth?: number;
    47. 

  47.   index?: number;
    48. 

  48.   parentFingerprint?: number;
    49. 

  49.   chainCode?: Uint8Array;
    50. 

  50.   publicKey?: Uint8Array;
    51. 

  51.   privateKey?: Uint8Array | bigint;
    52. 

  52. }
    53. 

  53. 

  54. export class HDKey {
    55. 

  55.   get fingerprint(): number {
    56. 

  56.     if (!this.pubHash) {
    57. 

  57.       throw new Error('No publicKey set!');
    58. 

  58.     }
    59. 

  59.     return fromU32(this.pubHash);
    60. 

  60.   }
    61. 

  61.   get identifier(): Uint8Array | undefined {
    62. 

  62.     return this.pubHash;
    63. 

  63.   }
    64. 

  64.   get pubKeyHash(): Uint8Array | undefined {
    65. 

  65.     return this.pubHash;
    66. 

  66.   }
    67. 

  67.   get privateKey(): Uint8Array | null {
    68. 

  68.     return this.privKeyBytes || null;
    69. 

  69.   }
    70. 

  70.   get publicKey(): Uint8Array | null {
    71. 

  71.     return this.pubKey || null;
    72. 

  72.   }
    73. 

  73.   get privateExtendedKey(): string {
    74. 

  74.     const priv = this.privateKey;
    75. 

  75.     if (!priv) {
    76. 

  76.       throw new Error('No private key');
    77. 

  77.     }
    78. 

  78.     return base58check.encode(
    79. 

  79.       this.serialize(this.versions.private, concatBytes(new Uint8Array([0]), priv))
    80. 

  80.     );
    81. 

  81.   }
    82. 

  82.   get publicExtendedKey(): string {
    83. 

  83.     if (!this.pubKey) {
    84. 

  84.       throw new Error('No public key');
    85. 

  85.     }
    86. 

  86.     return base58check.encode(this.serialize(this.versions.public, this.pubKey));
    87. 

  87.   }
    88. 

  88. 

  89.   public static fromMasterSeed(seed: Uint8Array, versions: Versions = BITCOIN_VERSIONS): HDKey {
    90. 

  90.     assertBytes(seed);
    91. 

  91.     if (8 * seed.length < 128 || 8 * seed.length > 512) {
    92. 

  92.       throw new Error(
    93. 

  93.         `HDKey: wrong seed length=${seed.length}. Should be between 128 and 512 bits; 256 bits is advised)`
    94. 

  94.       );
    95. 

  95.     }
    96. 

  96.     const I = hmac(sha512, MASTER_SECRET, seed);
    97. 

  97.     return new HDKey({
    98. 

  98.       versions,
    99. 

  99.       chainCode: I.slice(32),
    100. 

  100.       privateKey: I.slice(0, 32),
    101. 

  101.     });
    102. 

  102.   }
    103. 

  103. 

  104.   public static fromExtendedKey(base58key: string, versions: Versions = BITCOIN_VERSIONS): HDKey {
    105. 

  105.     // => version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
    106. 

  106.     const keyBuffer: Uint8Array = base58check.decode(base58key);
    107. 

  107.     const keyView = createView(keyBuffer);
    108. 

  108.     const version = keyView.getUint32(0, false);
    109. 

  109.     const opt = {
    110. 

  110.       versions,
    111. 

  111.       depth: keyBuffer[4],
    112. 

  112.       parentFingerprint: keyView.getUint32(5, false),
    113. 

  113.       index: keyView.getUint32(9, false),
    114. 

  114.       chainCode: keyBuffer.slice(13, 45),
    115. 

  115.     };
    116. 

  116.     const key = keyBuffer.slice(45);
    117. 

  117.     const isPriv = key[0] === 0;
    118. 

  118.     if (version !== versions[isPriv ? 'private' : 'public']) {
    119. 

  119.       throw new Error('Version mismatch');
    120. 

  120.     }
    121. 

  121.     if (isPriv) {
    122. 

  122.       return new HDKey({ ...opt, privateKey: key.slice(1) });
    123. 

  123.     } else {
    124. 

  124.       return new HDKey({ ...opt, publicKey: key });
    125. 

  125.     }
    126. 

  126.   }
    127. 

  127. 

  128.   public static fromJSON(json: { xpriv: string }): HDKey {
    129. 

  129.     return HDKey.fromExtendedKey(json.xpriv);
    130. 

  130.   }
    131. 

  131.   public readonly versions: Versions;
    132. 

  132.   public readonly depth: number = 0;
    133. 

  133.   public readonly index: number = 0;
    134. 

  134.   public readonly chainCode: Uint8Array | null = null;
    135. 

  135.   public readonly parentFingerprint: number = 0;
    136. 

  136.   private privKey?: bigint;
    137. 

  137.   private privKeyBytes?: Uint8Array;
    138. 

  138.   private pubKey?: Uint8Array;
    139. 

  139.   private pubHash: Uint8Array | undefined;
    140. 

  140. 

  141.   constructor(opt: HDKeyOpt) {
    142. 

  142.     if (!opt || typeof opt !== 'object') {
    143. 

  143.       throw new Error('HDKey.constructor must not be called directly');
    144. 

  144.     }
    145. 

  145.     this.versions = opt.versions || BITCOIN_VERSIONS;
    146. 

  146.     this.depth = opt.depth || 0;
    147. 

  147.     this.chainCode = opt.chainCode || null;
    148. 

  148.     this.index = opt.index || 0;
    149. 

  149.     this.parentFingerprint = opt.parentFingerprint || 0;
    150. 

  150.     if (!this.depth) {
    151. 

  151.       if (this.parentFingerprint || this.index) {
    152. 

  152.         throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
    153. 

  153.       }
    154. 

  154.     }
    155. 

  155.     if (opt.publicKey && opt.privateKey) {
    156. 

  156.       throw new Error('HDKey: publicKey and privateKey at same time.');
    157. 

  157.     }
    158. 

  158.     if (opt.privateKey) {
    159. 

  159.       if (!secp.utils.isValidPrivateKey(opt.privateKey)) {
    160. 

  160.         throw new Error('Invalid private key');
    161. 

  161.       }
    162. 

  162.       this.privKey =
    163. 

  163.         typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
    164. 

  164.       this.privKeyBytes = numberToBytes(this.privKey);
    165. 

  165.       this.pubKey = secp.getPublicKey(opt.privateKey, true);
    166. 

  166.     } else if (opt.publicKey) {
    167. 

  167.       this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point
    168. 

  168.     } else {
    169. 

  169.       throw new Error('HDKey: no public or private key provided');
    170. 

  170.     }
    171. 

  171.     this.pubHash = hash160(this.pubKey);
    172. 

  172.   }
    173. 

  173. 

  174.   public derive(path: string): HDKey {
    175. 

  175.     if (!/^[mM]'?/.test(path)) {
    176. 

  176.       throw new Error('Path must start with "m" or "M"');
    177. 

  177.     }
    178. 

  178.     if (/^[mM]'?$/.test(path)) {
    179. 

  179.       return this;
    180. 

  180.     }
    181. 

  181.     const parts = path.replace(/^[mM]'?\//, '').split('/');
    182. 

  182.     // tslint:disable-next-line
    183. 

  183.     let child: HDKey = this;
    184. 

  184.     for (const c of parts) {
    185. 

  185.       const m = /^(\d+)('?)$/.exec(c);
    186. 

  186.       const m1 = m && m[1];
    187. 

  187.       if (!m || m.length !== 3 || typeof m1 !== 'string') {
    188. 

  188.         throw new Error(`Invalid child index: ${c}`);
    189. 

  189.       }
    190. 

  190.       let idx = +m1;
    191. 

  191.       if (!Number.isSafeInteger(idx) || idx >= HARDENED_OFFSET) {
    192. 

  192.         throw new Error('Invalid index');
    193. 

  193.       }
    194. 

  194.       // hardened key
    195. 

  195.       if (m[2] === "'") {
    196. 

  196.         idx += HARDENED_OFFSET;
    197. 

  197.       }
    198. 

  198.       child = child.deriveChild(idx);
    199. 

  199.     }
    200. 

  200.     return child;
    201. 

  201.   }
    202. 

  202. 

  203.   public deriveChild(index: number): HDKey {
    204. 

  204.     if (!this.pubKey || !this.chainCode) {
    205. 

  205.       throw new Error('No publicKey or chainCode set');
    206. 

  206.     }
    207. 

  207.     let data = toU32(index);
    208. 

  208.     if (index >= HARDENED_OFFSET) {
    209. 

  209.       // Hardened
    210. 

  210.       const priv = this.privateKey;
    211. 

  211.       if (!priv) {
    212. 

  212.         throw new Error('Could not derive hardened child key');
    213. 

  213.       }
    214. 

  214.       // Hardened child: 0x00 || ser256(kpar) || ser32(index)
    215. 

  215.       data = concatBytes(new Uint8Array([0]), priv, data);
    216. 

  216.     } else {
    217. 

  217.       // Normal child: serP(point(kpar)) || ser32(index)
    218. 

  218.       data = concatBytes(this.pubKey, data);
    219. 

  219.     }
    220. 

  220.     const I = hmac(sha512, this.chainCode, data);
    221. 

  221.     const childTweak = bytesToNumber(I.slice(0, 32));
    222. 

  222.     const chainCode = I.slice(32);
    223. 

  223.     if (!secp.utils.isValidPrivateKey(childTweak)) {
    224. 

  224.       throw new Error('Tweak bigger than curve order');
    225. 

  225.     }
    226. 

  226.     const opt: HDKeyOpt = {
    227. 

  227.       versions: this.versions,
    228. 

  228.       chainCode,
    229. 

  229.       depth: this.depth + 1,
    230. 

  230.       parentFingerprint: this.fingerprint,
    231. 

  231.       index,
    232. 

  232.     };
    233. 

  233.     try {
    234. 

  234.       // Private parent key -> private child key
    235. 

  235.       if (this.privateKey) {
    236. 

  236.         const added = mod(this.privKey! + childTweak, secp.CURVE.n);
    237. 

  237.         if (!secp.utils.isValidPrivateKey(added)) {
    238. 

  238.           throw new Error('The tweak was out of range or the resulted private key is invalid');
    239. 

  239.         }
    240. 

  240.         opt.privateKey = added;
    241. 

  241.       } else {
    242. 

  242.         const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
    243. 

  243.         // Cryptographically impossible: hmac-sha512 preimage would need to be found
    244. 

  244.         if (added.equals(Point.ZERO)) {
    245. 

  245.           throw new Error('The tweak was equal to negative P, which made the result key invalid');
    246. 

  246.         }
    247. 

  247.         opt.publicKey = added.toRawBytes(true);
    248. 

  248.       }
    249. 

  249.       return new HDKey(opt);
    250. 

  250.     } catch (err) {
    251. 

  251.       return this.deriveChild(index + 1);
    252. 

  252.     }
    253. 

  253.   }
    254. 

  254. 

  255.   public sign(hash: Uint8Array): Uint8Array {
    256. 

  256.     if (!this.privateKey) {
    257. 

  257.       throw new Error('No privateKey set!');
    258. 

  258.     }
    259. 

  259.     assertBytes(hash, 32);
    260. 

  260.     return secp.sign(hash, this.privKey!).toCompactRawBytes();
    261. 

  261.   }
    262. 

  262. 

  263.   public verify(hash: Uint8Array, signature: Uint8Array): boolean {
    264. 

  264.     assertBytes(hash, 32);
    265. 

  265.     assertBytes(signature, 64);
    266. 

  266.     if (!this.publicKey) {
    267. 

  267.       throw new Error('No publicKey set!');
    268. 

  268.     }
    269. 

  269.     let sig;
    270. 

  270.     try {
    271. 

  271.       sig = secp.Signature.fromCompact(signature);
    272. 

  272.     } catch (error) {
    273. 

  273.       return false;
    274. 

  274.     }
    275. 

  275.     return secp.verify(sig, hash, this.publicKey);
    276. 

  276.   }
    277. 

  277. 

  278.   public wipePrivateData(): this {
    279. 

  279.     this.privKey = undefined;
    280. 

  280.     if (this.privKeyBytes) {
    281. 

  281.       this.privKeyBytes.fill(0);
    282. 

  282.       this.privKeyBytes = undefined;
    283. 

  283.     }
    284. 

  284.     return this;
    285. 

  285.   }
    286. 

  286.   public toJSON(): { xpriv: string; xpub: string } {
    287. 

  287.     return {
    288. 

  288.       xpriv: this.privateExtendedKey,
    289. 

  289.       xpub: this.publicExtendedKey,
    290. 

  290.     };
    291. 

  291.   }
    292. 

  292. 

  293.   private serialize(version: number, key: Uint8Array) {
    294. 

  294.     if (!this.chainCode) {
    295. 

  295.       throw new Error('No chainCode set');
    296. 

  296.     }
    297. 

  297.     assertBytes(key, 33);
    298. 

  298.     // version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
    299. 

  299.     return concatBytes(
    300. 

  300.       toU32(version),
    301. 

  301.       new Uint8Array([this.depth]),
    302. 

  302.       toU32(this.parentFingerprint),
    303. 

  303.       toU32(this.index),
    304. 

  304.       this.chainCode,
    305. 

  305.       key
    306. 

  306.     );
    307. 

  307.   }
    308. 

  308. }
    309.