-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
index.js
297 lines (297 loc) · 12.5 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var basex_1 = require("@ethersproject/basex");
var bytes_1 = require("@ethersproject/bytes");
var bignumber_1 = require("@ethersproject/bignumber");
var strings_1 = require("@ethersproject/strings");
var pbkdf2_1 = require("@ethersproject/pbkdf2");
var properties_1 = require("@ethersproject/properties");
var signing_key_1 = require("@ethersproject/signing-key");
var sha2_1 = require("@ethersproject/sha2");
var transactions_1 = require("@ethersproject/transactions");
var wordlists_1 = require("@ethersproject/wordlists");
var logger_1 = require("@ethersproject/logger");
var _version_1 = require("./_version");
var logger = new logger_1.Logger(_version_1.version);
var N = bignumber_1.BigNumber.from("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
// "Bitcoin seed"
var MasterSecret = strings_1.toUtf8Bytes("Bitcoin seed");
var HardenedBit = 0x80000000;
// Returns a byte with the MSB bits set
function getUpperMask(bits) {
return ((1 << bits) - 1) << (8 - bits);
}
// Returns a byte with the LSB bits set
function getLowerMask(bits) {
return (1 << bits) - 1;
}
function bytes32(value) {
return bytes_1.hexZeroPad(bytes_1.hexlify(value), 32);
}
function base58check(data) {
return basex_1.Base58.encode(bytes_1.concat([data, bytes_1.hexDataSlice(sha2_1.sha256(sha2_1.sha256(data)), 0, 4)]));
}
var _constructorGuard = {};
exports.defaultPath = "m/44'/60'/0'/0/0";
var HDNode = /** @class */ (function () {
/**
* This constructor should not be called directly.
*
* Please use:
* - fromMnemonic
* - fromSeed
*/
function HDNode(constructorGuard, privateKey, publicKey, parentFingerprint, chainCode, index, depth, mnemonic, path) {
var _newTarget = this.constructor;
logger.checkNew(_newTarget, HDNode);
if (constructorGuard !== _constructorGuard) {
throw new Error("HDNode constructor cannot be called directly");
}
if (privateKey) {
var signingKey = new signing_key_1.SigningKey(privateKey);
properties_1.defineReadOnly(this, "privateKey", signingKey.privateKey);
properties_1.defineReadOnly(this, "publicKey", signingKey.compressedPublicKey);
}
else {
properties_1.defineReadOnly(this, "privateKey", null);
properties_1.defineReadOnly(this, "publicKey", bytes_1.hexlify(publicKey));
}
properties_1.defineReadOnly(this, "parentFingerprint", parentFingerprint);
properties_1.defineReadOnly(this, "fingerprint", bytes_1.hexDataSlice(sha2_1.ripemd160(sha2_1.sha256(this.publicKey)), 0, 4));
properties_1.defineReadOnly(this, "address", transactions_1.computeAddress(this.publicKey));
properties_1.defineReadOnly(this, "chainCode", chainCode);
properties_1.defineReadOnly(this, "index", index);
properties_1.defineReadOnly(this, "depth", depth);
properties_1.defineReadOnly(this, "mnemonic", mnemonic);
properties_1.defineReadOnly(this, "path", path);
}
Object.defineProperty(HDNode.prototype, "extendedKey", {
get: function () {
// We only support the mainnet values for now, but if anyone needs
// testnet values, let me know. I believe current senitment is that
// we should always use mainnet, and use BIP-44 to derive the network
// - Mainnet: public=0x0488B21E, private=0x0488ADE4
// - Testnet: public=0x043587CF, private=0x04358394
if (this.depth >= 256) {
throw new Error("Depth too large!");
}
return base58check(bytes_1.concat([
((this.privateKey != null) ? "0x0488ADE4" : "0x0488B21E"),
bytes_1.hexlify(this.depth),
this.parentFingerprint,
bytes_1.hexZeroPad(bytes_1.hexlify(this.index), 4),
this.chainCode,
((this.privateKey != null) ? bytes_1.concat(["0x00", this.privateKey]) : this.publicKey),
]));
},
enumerable: true,
configurable: true
});
HDNode.prototype.neuter = function () {
return new HDNode(_constructorGuard, null, this.publicKey, this.parentFingerprint, this.chainCode, this.index, this.depth, null, this.path);
};
HDNode.prototype._derive = function (index) {
if (index > 0xffffffff) {
throw new Error("invalid index - " + String(index));
}
// Base path
var path = this.path;
if (path) {
path += "/" + (index & ~HardenedBit);
}
var data = new Uint8Array(37);
if (index & HardenedBit) {
if (!this.privateKey) {
throw new Error("cannot derive child of neutered node");
}
// Data = 0x00 || ser_256(k_par)
data.set(bytes_1.arrayify(this.privateKey), 1);
// Hardened path
if (path) {
path += "'";
}
}
else {
// Data = ser_p(point(k_par))
data.set(bytes_1.arrayify(this.publicKey));
}
// Data += ser_32(i)
for (var i = 24; i >= 0; i -= 8) {
data[33 + (i >> 3)] = ((index >> (24 - i)) & 0xff);
}
var I = bytes_1.arrayify(sha2_1.computeHmac(sha2_1.SupportedAlgorithms.sha512, this.chainCode, data));
var IL = I.slice(0, 32);
var IR = I.slice(32);
// The private key
var ki = null;
// The public key
var Ki = null;
if (this.privateKey) {
ki = bytes32(bignumber_1.BigNumber.from(IL).add(this.privateKey).mod(N));
}
else {
var ek = new signing_key_1.SigningKey(bytes_1.hexlify(IL));
Ki = ek._addPoint(this.publicKey);
}
return new HDNode(_constructorGuard, ki, Ki, this.fingerprint, bytes32(IR), index, this.depth + 1, this.mnemonic, path);
};
HDNode.prototype.derivePath = function (path) {
var components = path.split("/");
if (components.length === 0 || (components[0] === "m" && this.depth !== 0)) {
throw new Error("invalid path - " + path);
}
if (components[0] === "m") {
components.shift();
}
var result = this;
for (var i = 0; i < components.length; i++) {
var component = components[i];
if (component.match(/^[0-9]+'$/)) {
var index = parseInt(component.substring(0, component.length - 1));
if (index >= HardenedBit) {
throw new Error("invalid path index - " + component);
}
result = result._derive(HardenedBit + index);
}
else if (component.match(/^[0-9]+$/)) {
var index = parseInt(component);
if (index >= HardenedBit) {
throw new Error("invalid path index - " + component);
}
result = result._derive(index);
}
else {
throw new Error("invalid path component - " + component);
}
}
return result;
};
HDNode._fromSeed = function (seed, mnemonic) {
var seedArray = bytes_1.arrayify(seed);
if (seedArray.length < 16 || seedArray.length > 64) {
throw new Error("invalid seed");
}
var I = bytes_1.arrayify(sha2_1.computeHmac(sha2_1.SupportedAlgorithms.sha512, MasterSecret, seedArray));
return new HDNode(_constructorGuard, bytes32(I.slice(0, 32)), null, "0x00000000", bytes32(I.slice(32)), 0, 0, mnemonic, "m");
};
HDNode.fromMnemonic = function (mnemonic, password, wordlist) {
// Normalize the case and spacing in the mnemonic (throws if the mnemonic is invalid)
mnemonic = entropyToMnemonic(mnemonicToEntropy(mnemonic, wordlist), wordlist);
return HDNode._fromSeed(mnemonicToSeed(mnemonic, password), mnemonic);
};
HDNode.fromSeed = function (seed) {
return HDNode._fromSeed(seed, null);
};
HDNode.fromExtendedKey = function (extendedKey) {
var bytes = basex_1.Base58.decode(extendedKey);
if (bytes.length !== 82 || base58check(bytes.slice(0, 78)) !== extendedKey) {
logger.throwArgumentError("invalid extended key", "extendedKey", "[REDACTED]");
}
var depth = bytes[4];
var parentFingerprint = bytes_1.hexlify(bytes.slice(5, 9));
var index = parseInt(bytes_1.hexlify(bytes.slice(9, 13)).substring(2), 16);
var chainCode = bytes_1.hexlify(bytes.slice(13, 45));
var key = bytes.slice(45, 78);
switch (bytes_1.hexlify(bytes.slice(0, 4))) {
// Public Key
case "0x0488b21e":
case "0x043587cf":
return new HDNode(_constructorGuard, null, bytes_1.hexlify(key), parentFingerprint, chainCode, index, depth, null, null);
// Private Key
case "0x0488ade4":
case "0x04358394 ":
if (key[0] !== 0) {
break;
}
return new HDNode(_constructorGuard, bytes_1.hexlify(key.slice(1)), null, parentFingerprint, chainCode, index, depth, null, null);
}
return logger.throwError("invalid extended key", "extendedKey", "[REDACTED]");
};
return HDNode;
}());
exports.HDNode = HDNode;
function mnemonicToSeed(mnemonic, password) {
if (!password) {
password = "";
}
var salt = strings_1.toUtf8Bytes("mnemonic" + password, strings_1.UnicodeNormalizationForm.NFKD);
return pbkdf2_1.pbkdf2(strings_1.toUtf8Bytes(mnemonic, strings_1.UnicodeNormalizationForm.NFKD), salt, 2048, 64, "sha512");
}
exports.mnemonicToSeed = mnemonicToSeed;
function mnemonicToEntropy(mnemonic, wordlist) {
if (!wordlist) {
wordlist = wordlists_1.wordlists["en"];
}
logger.checkNormalize();
var words = wordlist.split(mnemonic);
if ((words.length % 3) !== 0) {
throw new Error("invalid mnemonic");
}
var entropy = bytes_1.arrayify(new Uint8Array(Math.ceil(11 * words.length / 8)));
var offset = 0;
for (var i = 0; i < words.length; i++) {
var index = wordlist.getWordIndex(words[i].normalize("NFKD"));
if (index === -1) {
throw new Error("invalid mnemonic");
}
for (var bit = 0; bit < 11; bit++) {
if (index & (1 << (10 - bit))) {
entropy[offset >> 3] |= (1 << (7 - (offset % 8)));
}
offset++;
}
}
var entropyBits = 32 * words.length / 3;
var checksumBits = words.length / 3;
var checksumMask = getUpperMask(checksumBits);
var checksum = bytes_1.arrayify(sha2_1.sha256(entropy.slice(0, entropyBits / 8)))[0] & checksumMask;
if (checksum !== (entropy[entropy.length - 1] & checksumMask)) {
throw new Error("invalid checksum");
}
return bytes_1.hexlify(entropy.slice(0, entropyBits / 8));
}
exports.mnemonicToEntropy = mnemonicToEntropy;
function entropyToMnemonic(entropy, wordlist) {
entropy = bytes_1.arrayify(entropy);
if ((entropy.length % 4) !== 0 || entropy.length < 16 || entropy.length > 32) {
throw new Error("invalid entropy");
}
var indices = [0];
var remainingBits = 11;
for (var i = 0; i < entropy.length; i++) {
// Consume the whole byte (with still more to go)
if (remainingBits > 8) {
indices[indices.length - 1] <<= 8;
indices[indices.length - 1] |= entropy[i];
remainingBits -= 8;
// This byte will complete an 11-bit index
}
else {
indices[indices.length - 1] <<= remainingBits;
indices[indices.length - 1] |= entropy[i] >> (8 - remainingBits);
// Start the next word
indices.push(entropy[i] & getLowerMask(8 - remainingBits));
remainingBits += 3;
}
}
// Compute the checksum bits
var checksumBits = entropy.length / 4;
var checksum = bytes_1.arrayify(sha2_1.sha256(entropy))[0] & getUpperMask(checksumBits);
// Shift the checksum into the word indices
indices[indices.length - 1] <<= checksumBits;
indices[indices.length - 1] |= (checksum >> (8 - checksumBits));
if (!wordlist) {
wordlist = wordlists_1.wordlists["en"];
}
return wordlist.join(indices.map(function (index) { return wordlist.getWord(index); }));
}
exports.entropyToMnemonic = entropyToMnemonic;
function isValidMnemonic(mnemonic, wordlist) {
try {
mnemonicToEntropy(mnemonic, wordlist);
return true;
}
catch (error) { }
return false;
}
exports.isValidMnemonic = isValidMnemonic;