block_io 1.2.1 → 2.0.0

data/lib/block_io/client.rb

@@ -0,0 +1,179 @@
+module BlockIo
+
+  class Client
+
+    attr_reader :api_key, :version, :network
+
+    def initialize(args = {})
+      # api_key
+      # pin
+      # version
+      # hostname
+      # proxy
+      # pool_size
+      # keys
+      
+      raise "Must provide an API Key." unless args.key?(:api_key) and args[:api_key].to_s.size > 0
+      
+      @api_key = args[:api_key]
+      @encryption_key = Helper.pinToAesKey(args[:pin] || "") if args.key?(:pin)
+      @version = args[:version] || 2
+      @hostname = args[:hostname] || "block.io"
+      @proxy = args[:proxy] || {}
+      @keys = args[:keys] || []
+      @use_low_r = args[:use_low_r]
+      @raise_exception_on_error = args[:raise_exception_on_error] || false
+
+      raise Exception.new("Keys must be provided as an array.") unless @keys.is_a?(Array)
+      raise Exception.new("Keys must be BlockIo::Key objects.") unless @keys.all?{|key| key.is_a?(BlockIo::Key)}
+
+      # make a hash of the keys we've been given
+      @keys = @keys.inject({}){|h,v| h[v.public_key] = v; h}
+      
+      raise Exception.new("Must specify hostname, port, username, password if using a proxy.") if @proxy.keys.size > 0 and [:hostname, :port, :username, :password].any?{|x| !@proxy.key?(x)}
+
+      @conn = ConnectionPool.new(:size => args[:pool_size] || 5) { http = HTTP.headers(:accept => "application/json", :user_agent => "gem:block_io:#{VERSION}");
+        http = http.via(args.dig(:proxy, :hostname), args.dig(:proxy, :port), args.dig(:proxy, :username), args.dig(:proxy, :password)) if @proxy.key?(:hostname);
+        http = http.persistent("https://#{@hostname}");
+        http }
+      
+      # this will get populated after a successful API call
+      @network = nil
+
+    end
+
+    def method_missing(m, *args)
+      
+      method_name = m.to_s
+
+      raise Exception.new("Must provide arguments as a Hash.") unless args.size <= 1 and args.all?{|x| x.is_a?(Hash)}
+      raise Exception.new("Parameter keys must be symbols. For instance: :label => 'default' instead of 'label' => 'default'") unless args[0].nil? or args[0].keys.all?{|x| x.is_a?(Symbol)}
+      raise Exception.new("Cannot pass PINs to any calls. PINs can only be set when initiating this library.") if !args[0].nil? and args[0].key?(:pin)
+      raise Exception.new("Do not specify API Keys here. Initiate a new BlockIo object instead if you need to use another API Key.") if !args[0].nil? and args[0].key?(:api_key)
+      
+      if BlockIo::WITHDRAW_METHODS.key?(method_name) then
+        # it's a withdrawal call
+        withdraw(args[0], method_name)
+      elsif BlockIo::SWEEP_METHODS.key?(method_name) then
+        # we're sweeping from an address
+        sweep(args[0], method_name)
+      elsif BlockIo::FINALIZE_SIGNATURE_METHODS.key?(method_name) then
+        # we're finalize the transaction signatures
+        finalize_signature(args[0], method_name)
+      else
+        api_call({:method_name => method_name, :params => args[0] || {}})
+      end
+      
+    end
+
+    private
+
+    def withdraw(args = {}, method_name = "withdraw")      
+
+      response = api_call({:method_name => method_name, :params => args})
+
+      if response["data"].key?("reference_id") then
+        # Block.io's asking us to provide client-side signatures
+
+        encrypted_passphrase = response["data"]["encrypted_passphrase"]
+
+        if !encrypted_passphrase.nil? and !@keys.key?(encrypted_passphrase["signer_public_key"]) then
+          # encrypted passphrase was provided, and we do not have the signer's key, so let's extract it first
+
+          raise Exception.new("PIN not set and no keys provided. Cannot execute withdrawal requests.") unless @encryption_key or @keys.size > 0
+
+          key = Helper.extractKey(encrypted_passphrase["passphrase"], @encryption_key, @use_low_r)
+          raise Exception.new("Public key mismatch for requested signer and ourselves. Invalid Secret PIN detected.") unless key.public_key.eql?(encrypted_passphrase["signer_public_key"])
+
+          # store this key for later use
+          @keys[key.public_key] = key
+
+        end
+
+        if @keys.size > 0 then
+          # if we have at least one key available, try to send signatures back
+          # if a dtrust withdrawal is used without any keys stored in the BlockIo::Client object, the output of this call will be the previous response from Block.io
+          
+          # we just need reference_id and inputs
+          response["data"] = {"reference_id" => response["data"]["reference_id"], "inputs" => response["data"]["inputs"]}
+        
+          # let's sign all the inputs we can
+          signatures_added = (@keys.size == 0 ? false : Helper.signData(response["data"]["inputs"], @keys))
+          
+          # the response object is now signed, let's stringify it and finalize this withdrawal
+          response = finalize_signature({:signature_data => response["data"]}, "sign_and_finalize_withdrawal") if signatures_added
+          
+          # if we provided all the required signatures, this transaction went through
+          # otherwise Block.io responded with data asking for more signatures and recorded the signature we provided above
+          # the latter will be the case for dTrust addresses
+        end
+        
+      end
+
+      response
+
+    end
+
+    def sweep(args = {}, method_name = "sweep_from_address")
+      # sweep coins from a given address and key
+
+      raise Exception.new("No private_key provided.") unless args.key?(:private_key) and (args[:private_key] || "").size > 0
+
+      key = Key.from_wif(args[:private_key], @use_low_r)
+      sanitized_args = args.merge({:public_key => key.public_key})
+      sanitized_args.delete(:private_key)
+      
+      response = api_call({:method_name => method_name, :params => sanitized_args})
+      
+      if response["data"].key?("reference_id") then
+        # Block.io's asking us to provide client-side signatures
+
+        # we just need the reference_id and inputs
+        response["data"] = {"reference_id" => response["data"]["reference_id"], "inputs" => response["data"]["inputs"]}
+        
+        # let's sign all the inputs we can
+        signatures_added = Helper.signData(response["data"]["inputs"], [key])
+
+        # the response object is now signed, let's stringify it and finalize this transaction
+        response = finalize_signature({:signature_data => response["data"]}, "sign_and_finalize_sweep") if signatures_added
+
+        # if we provided all the required signatures, this transaction went through
+      end
+
+      response
+
+    end
+
+    def finalize_signature(args = {}, method_name = "sign_and_finalize_withdrawal")
+
+      raise Exception.new("Object must have reference_id and inputs keys.") unless args.key?(:signature_data) and args[:signature_data].key?("inputs") and args[:signature_data].key?("reference_id")
+
+      signatures = {"reference_id" => args[:signature_data]["reference_id"], "inputs" => args[:signature_data]["inputs"]}
+
+      response = api_call({:method_name => method_name, :params => {:signature_data => Oj.dump(signatures)}})
+      
+    end
+    
+    def api_call(args)
+
+      raise Exception.new("No connections left to perform API call. Please re-initialize BlockIo::Client with :pool_size greater than #{@conn.size}.") unless @conn.available > 0
+      
+      response = @conn.with {|http| http.post("/api/v#{@version}/#{args[:method_name]}", :json => args[:params].merge({:api_key => @api_key}))}
+
+      begin
+        body = Oj.safe_load(response.to_s)
+      rescue
+        body = {"status" => "fail", "data" => {"error_message" => "Unknown error occurred. Please report this to support@block.io. Status #{response.code}."}}
+      end
+
+      raise Exception.new("#{body["data"]["error_message"]}") if !body["status"].eql?("success") and @raise_exception_on_error
+
+      @network ||= body["data"]["network"] if body["data"].key?("network")
+      
+      body
+      
+    end
+        
+  end
+  
+end

data/lib/block_io/constants.rb

@@ -0,0 +1,10 @@
+module BlockIo
+
+  WITHDRAW_METHODS = ["withdraw", "withdraw_from_address", "withdraw_from_addresses", "withdraw_from_label", "withdraw_from_labels",
+                      "withdraw_from_dtrust_address", "withdraw_from_dtrust_addresses", "withdraw_from_dtrust_label", "withdraw_from_dtrust_labels"].inject({}){|h,v| h[v] = true; h}.freeze
+
+  SWEEP_METHODS = ["sweep_from_address"].inject({}){|h,v| h[v] = true; h}.freeze
+
+  FINALIZE_SIGNATURE_METHODS = ["sign_and_finalize_withdrawal", "sign_and_finalize_sweep"].inject({}){|h,v| h[v] = true; h}.freeze
+  
+end

data/lib/block_io/helper.rb

@@ -0,0 +1,164 @@
+module BlockIo
+
+  class Helper
+
+    def self.signData(inputs, keys)
+      # sign the given data with the given keys
+
+      raise Exception.new("Keys object must be a hash or array containing the appropriate keys.") unless keys.size >= 1
+
+      signatures_added = false
+      
+      # create a dictionary of keys we have
+      # saves the next loop from being O(n^3)
+      hkeys = (keys.is_a?(Hash) ? keys : keys.inject({}){|h,v| h[v.public_key] = v; h})
+      odata = []
+
+      # saves the next loop from being O(n^2)
+      inputs.each{|input| odata << input["data_to_sign"]; odata << input["signatures_needed"]; odata.push(*input["signers"])}
+
+      data_to_sign = nil
+      signatures_needed = nil
+      
+      while !(cdata = odata.shift).nil? do
+        # O(n)
+        
+        if cdata.is_a?(String) then
+          # this is data to sign
+
+          # make a copy of this
+          data_to_sign = '' << cdata
+
+          # number of signatures needed
+          signatures_needed = 0 + odata.shift
+
+        else
+          # add signatures if necessary
+          # dTrust required signatures may be lower than number of keys provided
+          
+          if hkeys.key?(cdata["signer_public_key"]) and signatures_needed > 0 and cdata["signed_data"].nil? then
+            cdata["signed_data"] = hkeys[cdata["signer_public_key"]].sign(data_to_sign) 
+            signatures_needed -= 1
+            signatures_added ||= true
+          end
+          
+        end
+
+      end
+
+      signatures_added
+    end
+
+    def self.extractKey(encrypted_data, b64_enc_key, use_low_r = true)
+      # passphrase is in plain text
+      # encrypted_data is in base64, as it was stored on Block.io
+      # returns the private key extracted from the given encrypted data
+      
+      decrypted = self.decrypt(encrypted_data, b64_enc_key)
+      
+      Key.from_passphrase(decrypted, use_low_r)
+
+    end
+    
+    def self.sha256(value)
+      # returns the hex of the hash of the given value
+      OpenSSL::Digest::SHA256.digest(value).unpack("H*")[0]
+    end
+    
+    def self.pinToAesKey(secret_pin, iterations = 2048)
+      # converts the pincode string to PBKDF2
+      # returns a base64 version of PBKDF2 pincode
+      salt = ""
+
+      part1 = OpenSSL::PKCS5.pbkdf2_hmac(
+        secret_pin,
+        "",
+        1024,
+        128/8,
+        OpenSSL::Digest::SHA256.new
+      ).unpack("H*")[0]
+      
+      part2 = OpenSSL::PKCS5.pbkdf2_hmac(
+        part1,
+        "",
+        1024,
+        256/8,
+        OpenSSL::Digest::SHA256.new
+      ) # binary
+
+      [part2].pack("m0") # the base64 encryption key
+
+    end
+
+    def self.low_r?(r)
+      # https://github.com/bitcoin/bitcoin/blob/v0.20.0/src/key.cpp#L207
+      h = r.scan(/../)
+      h[3].to_i(16) == 32 and h[4].to_i(16) < 0x80
+    end
+    
+    # Decrypts a block of data (encrypted_data) given an encryption key
+    def self.decrypt(encrypted_data, b64_enc_key, iv = nil, cipher_type = "AES-256-ECB")
+      
+      response = nil
+
+      begin
+        aes = OpenSSL::Cipher.new(cipher_type)
+        aes.decrypt
+        aes.key = b64_enc_key.unpack("m0")[0]
+        aes.iv = iv unless iv.nil?
+        response = aes.update(encrypted_data.unpack("m0")[0]) << aes.final
+      rescue Exception => e
+        # decryption failed, must be an invalid Secret PIN
+        raise Exception.new("Invalid Secret PIN provided.")
+      end
+
+      response
+    end
+    
+    # Encrypts a block of data given an encryption key
+    def self.encrypt(data, b64_enc_key, iv = nil, cipher_type = "AES-256-ECB")
+      aes = OpenSSL::Cipher.new(cipher_type)
+      aes.encrypt
+      aes.key = b64_enc_key.unpack("m0")[0]
+      aes.iv = iv unless iv.nil?
+      [aes.update(data) << aes.final].pack("m0")
+    end
+
+    # courtesy bitcoin-ruby
+    
+    def self.int_to_base58(int_val, leading_zero_bytes=0)
+      alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+      base58_val, base = "", alpha.size
+      while int_val > 0
+        int_val, remainder = int_val.divmod(base)
+        base58_val = alpha[remainder] << base58_val
+      end
+      base58_val
+    end
+    
+    def self.base58_to_int(base58_val)
+      alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+      int_val, base = 0, alpha.size
+      base58_val.reverse.each_char.with_index do |char,index|
+        raise ArgumentError, "Value not a valid Base58 String." unless char_index = alpha.index(char)
+        int_val += char_index*(base**index)
+      end
+      int_val
+    end
+    
+    def self.encode_base58(hex)
+      leading_zero_bytes  = (hex.match(/^([0]+)/) ? $1 : "").size / 2
+      ("1"*leading_zero_bytes) << Helper.int_to_base58( hex.to_i(16) )
+    end
+    
+    def self.decode_base58(base58_val)
+      s = Helper.base58_to_int(base58_val).to_s(16)
+      s = (s.bytesize.odd? ? ("0" << s) : s)
+      s = "" if s == "00"
+      leading_zero_bytes = (base58_val.match(/^([1]+)/) ? $1 : "").size
+      s = ("00"*leading_zero_bytes) << s  if leading_zero_bytes > 0
+      s
+    end
+  end
+
+end

data/lib/block_io/key.rb

@@ -0,0 +1,151 @@
+module BlockIo
+
+  class Key
+
+    def initialize(privkey = nil, use_low_r = true, compressed = true)
+      # the privkey must be in hex if at all provided
+
+      @group = ECDSA::Group::Secp256k1
+      @private_key = (privkey.nil? ? (1 + SecureRandom.random_number(@group.order - 1)) : privkey.to_i(16))
+      @public_key = @group.generator.multiply_by_scalar(@private_key)
+      @compressed = compressed
+      @use_low_r = use_low_r
+      
+    end 
+    
+    def private_key
+      # returns private key in hex form
+      @private_key.to_s(16)
+    end
+    
+    def public_key
+      # returns the compressed form of the public key to save network fees (shorter scripts)
+      # hex form
+      ECDSA::Format::PointOctetString.encode(@public_key, compression: @compressed).unpack("H*")[0]
+    end
+    
+    def sign(data)
+      # sign the given hexadecimal string
+
+      counter = 0
+      signature = nil
+      
+      loop do
+
+        # first this we get K, it's without extra entropy
+        # second time onwards, with extra entropy
+        nonce = Key.deterministicGenerateK([data].pack("H*"), @private_key, counter) # RFC6979
+        signature = ECDSA.sign(@group, @private_key, data.to_i(16), nonce)
+      
+        r, s = signature.components
+
+        # BIP0062 -- use lower S values only
+        over_two = @group.order >> 1 # half of what it was                     
+        s = @group.order - s if (s > over_two)
+        
+        signature = ECDSA::Signature.new(r, s)
+
+        # DER encode this, and return it in hex form
+        signature = ECDSA::Format::SignatureDerString.encode(signature).unpack("H*")[0]
+
+        break if !@use_low_r or Helper.low_r?(signature)
+
+        counter += 1
+
+      end
+      
+      signature
+      
+    end
+
+    def valid_signature?(signature, data)
+      ECDSA.valid_signature?(@public_key, [data].pack("H*"), ECDSA::Format::SignatureDerString.decode([signature].pack("H*")))
+    end
+    
+    def self.from_passphrase(passphrase, use_low_r = true)
+      # ATTENTION: use BlockIo::Key.new to generate new private keys. Using passphrases is not recommended due to lack of / low entropy.
+      # create a private/public key pair from a given passphrase
+      # use a long, random passphrase. your security depends on the passphrase's entropy.
+      
+      raise Exception.new("Must provide passphrase at least 8 characters long.") if passphrase.nil? or passphrase.length < 8
+      
+      hashed_key = Helper.sha256([passphrase].pack("H*")) # must pass bytes to sha256
+      
+      # modding is for backward compatibility with legacy bitcoinjs
+      Key.new((hashed_key.to_i(16) % ECDSA::Group::Secp256k1.order).to_s(16), use_low_r)
+    end
+
+    def self.from_wif(wif, use_low_r = true)
+      # returns a new key extracted from the Wallet Import Format provided
+      # TODO check against checksum
+
+      hexkey = Helper.decode_base58(wif)
+      actual_key = hexkey[2...66]
+
+      compressed = hexkey[2..hexkey.length].length-8 > 64 and hexkey[2..hexkey.length][64...66] == "01"
+
+      Key.new(actual_key, use_low_r, compressed)
+
+    end
+
+    private
+    
+    def self.isPositive(i)
+      sig = "!+-"[i <=> 0]
+      sig.eql?("+")
+    end
+    
+    def self.deterministicGenerateK(data, privkey, extra_entropy = nil, group = ECDSA::Group::Secp256k1)
+      # returns a deterministic K  -- RFC6979
+
+      hash = data.bytes.to_a
+
+      x = [privkey.to_s(16)].pack("H*").bytes.to_a
+      
+      k = [0] * 32      
+      v = [1] * 32
+
+      e = (extra_entropy.to_i <= 0 ? [] : [extra_entropy.to_s(16).rjust(64,"0").scan(/../).reverse.join].pack("H*").bytes.to_a)
+      
+      # step D
+      k_data = [v, [0], x, hash, e]
+      k_data.flatten!
+      k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
+      
+      # step E
+      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
+      
+      # step F
+      k_data = [v, [1], x, hash, e]
+      k_data.flatten!
+      k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
+      
+      # step G
+      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
+      
+      # step H2b (Step H1/H2a ignored)
+      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
+      
+      h2b = v.pack("C*").unpack("H*")[0]
+      tNum = h2b.to_i(16)
+      
+      # step H3
+      while (!isPositive(tNum) or tNum >= group.order) do
+        # k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
+        k_data = [v, [0]]
+        k_data.flatten!
+        k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
+        
+        # v = crypto.HmacSHA256(v, k)
+        v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
+        
+        # T = BigInteger.fromBuffer(v)
+        tNum = v.pack("C*").unpack("H*")[0].to_i(16)
+      end
+
+      tNum
+    end
+
+  end
+  
+end