@metamask/eth-hd-keyring 4.0.2 → 5.0.1

package/.eslintrc.js

@@ -7,6 +7,9 @@ module.exports = {
     {
       files: ['test/**/*.js'],
       extends: ['@metamask/eslint-config-jest'],
+      rules: {
+        'node/no-unpublished-require': 0,
+      },
     },
   ],
 

package/.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs

@@ -0,0 +1,9 @@
+/* eslint-disable */
+//prettier-ignore
+module.exports = {
+name: "@yarnpkg/plugin-allow-scripts",
+factory: function (require) {
+var plugin=(()=>{var a=Object.create,l=Object.defineProperty;var i=Object.getOwnPropertyDescriptor;var s=Object.getOwnPropertyNames;var p=Object.getPrototypeOf,c=Object.prototype.hasOwnProperty;var u=e=>l(e,"__esModule",{value:!0});var f=e=>{if(typeof require!="undefined")return require(e);throw new Error('Dynamic require of "'+e+'" is not supported')};var g=(e,o)=>{for(var r in o)l(e,r,{get:o[r],enumerable:!0})},m=(e,o,r)=>{if(o&&typeof o=="object"||typeof o=="function")for(let t of s(o))!c.call(e,t)&&t!=="default"&&l(e,t,{get:()=>o[t],enumerable:!(r=i(o,t))||r.enumerable});return e},x=e=>m(u(l(e!=null?a(p(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var k={};g(k,{default:()=>d});var n=x(f("@yarnpkg/shell")),y={hooks:{afterAllInstalled:async()=>{let e=await(0,n.execute)("yarn run allow-scripts");e!==0&&process.exit(e)}}},d=y;return k;})();
+return plugin;
+}
+};

package/CHANGELOG.md

@@ -6,6 +6,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.0.1]
+### Removed
+- Remove prepack script and references in order to fix publish release flow ([#77](https://github.com/MetaMask/eth-hd-keyring/pull/77))
+
+## [5.0.0]
+### Changed
+- **BREAKING**: Update minimum Node.js version from v12 to v14 ([#67](https://github.com/MetaMask/eth-hd-keyring/pull/67))
+- **BREAKING:** Makes version-specific `signTypedData` methods private ([#71](https://github.com/MetaMask/eth-hd-keyring/pull/71))
+    - Consumers should use the generic `signTypedData` method and pass the version they'd like as a property in the options argument.
+- **BREAKING:** Makes the `wallets` property private ([#71](https://github.com/MetaMask/eth-hd-keyring/pull/71))
+    - Consumers should not use this property as it is intended for internal use only.
+- **BREAKING:** Makes `getPrivateKeyFor` a private method ([#71](https://github.com/MetaMask/eth-hd-keyring/pull/71))
+    - Consumers who wish to get the private key for a given account should use the `exportAccount` method.
+- **BREAKING:** Bumps browser requirements to those with ES2020 support or greater ([#70](https://github.com/MetaMask/eth-hd-keyring/pull/70))
+    - This change is introduced in update of `@metamask/eth-sig-util` to v5 and new direct dependency on `ethereumjs/util` v8.0.2
+- Replaces use of `ethereumjs-wallet` implementation of hdkey with one from `ethereum-cryptography` and adapts accordingly.  ([#69](https://github.com/MetaMask/eth-hd-keyring/pull/69))
+- Replaces `@metamask/bip39` with `@metamask/scure-bip39` ([#67](https://github.com/MetaMask/eth-hd-keyring/pull/67))
+
+### Removed
+- **BREAKING:** Remove redundant `newGethSignMessage` method ([#71](https://github.com/MetaMask/eth-hd-keyring/pull/71))
+   - Consumers can use `signPersonalMessage` method as a replacement for newGethSignMessage.
+- **BREAKING:** `HDKeyring` no longer extends `EventEmitter`, so no `EventEmitter` methods are available on this class ([#70](https://github.com/MetaMask/eth-hd-keyring/pull/70))
+- Removes `ethereumjs-util` dependency. ([#67](https://github.com/MetaMask/eth-hd-keyring/pull/67))
+
 ## [4.0.2]
 ### Added
 - Add parameter validation for constructor / `deserialize` method ([#65](https://github.com/MetaMask/eth-hd-keyring/pull/65))
@@ -30,7 +54,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - Deserialize method (and `HdKeyring` constructor by extension) can no longer be passed an options object containing a value for `numberOfAccounts` if it is not also containing a value for `mnemonic`.
 - Package name changed from `eth-hd-keyring` to `@metamask/eth-hd-keyring`.
 
-[Unreleased]: https://github.com/MetaMask/eth-hd-keyring/compare/v4.0.2...HEAD
+[Unreleased]: https://github.com/MetaMask/eth-hd-keyring/compare/v5.0.1...HEAD
+[5.0.1]: https://github.com/MetaMask/eth-hd-keyring/compare/v5.0.0...v5.0.1
+[5.0.0]: https://github.com/MetaMask/eth-hd-keyring/compare/v4.0.2...v5.0.0
 [4.0.2]: https://github.com/MetaMask/eth-hd-keyring/compare/v4.0.1...v4.0.2
 [4.0.1]: https://github.com/MetaMask/eth-hd-keyring/compare/v4.0.0...v4.0.1
 [4.0.0]: https://github.com/MetaMask/eth-hd-keyring/releases/tag/v4.0.0

package/README.md

@@ -79,9 +79,8 @@ Exports the specified account as a private key hex string.
 
 - Install [Node.js](https://nodejs.org) version 12
   - If you are using [nvm](https://github.com/creationix/nvm#installation) (recommended) running `nvm use` will automatically choose the right node version for you.
-- Install [Yarn v1](https://yarnpkg.com/en/docs/install)
-- Run `yarn setup` to install dependencies and run any requried post-install scripts
-  - **Warning:** Do not use the `yarn` / `yarn install` command directly. Use `yarn setup` instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.
+- Install [Yarn v3](https://yarnpkg.com/getting-started/install)
+- Run `yarn install` to install dependencies and run any required post-install scripts
 
 ### Testing and Linting
 

package/index.js

@@ -1,33 +1,88 @@
-const { hdkey } = require('ethereumjs-wallet');
-const SimpleKeyring = require('eth-simple-keyring');
-const bip39 = require('@metamask/bip39');
-const { normalize } = require('@metamask/eth-sig-util');
+const { HDKey } = require('ethereum-cryptography/hdkey');
+const { keccak256 } = require('ethereum-cryptography/keccak');
+const { bytesToHex } = require('ethereum-cryptography/utils');
+const {
+  stripHexPrefix,
+  privateToPublic,
+  publicToAddress,
+  ecsign,
+  arrToBufArr,
+  bufferToHex,
+} = require('@ethereumjs/util');
+const bip39 = require('@metamask/scure-bip39');
+const { wordlist } = require('@metamask/scure-bip39/dist/wordlists/english');
+const {
+  concatSig,
+  decrypt,
+  getEncryptionPublicKey,
+  normalize,
+  personalSign,
+  signTypedData,
+  SignTypedDataVersion,
+} = require('@metamask/eth-sig-util');
 
 // Options:
 const hdPathString = `m/44'/60'/0'/0`;
 const type = 'HD Key Tree';
 
-class HdKeyring extends SimpleKeyring {
+class HdKeyring {
   /* PUBLIC METHODS */
   constructor(opts = {}) {
-    super();
     this.type = type;
+    this._wallets = [];
     this.deserialize(opts);
   }
 
   generateRandomMnemonic() {
-    this._initFromMnemonic(bip39.generateMnemonic());
+    this._initFromMnemonic(bip39.generateMnemonic(wordlist));
   }
 
-  serialize() {
-    const mnemonicAsBuffer =
-      typeof this.mnemonic === 'string'
-        ? Buffer.from(this.mnemonic, 'utf8')
-        : this.mnemonic;
+  _uint8ArrayToString(mnemonic) {
+    const recoveredIndices = Array.from(
+      new Uint16Array(new Uint8Array(mnemonic).buffer),
+    );
+    return recoveredIndices.map((i) => wordlist[i]).join(' ');
+  }
+
+  _stringToUint8Array(mnemonic) {
+    const indices = mnemonic.split(' ').map((word) => wordlist.indexOf(word));
+    return new Uint8Array(new Uint16Array(indices).buffer);
+  }
+
+  _mnemonicToUint8Array(mnemonic) {
+    let mnemonicData = mnemonic;
+    // when encrypted/decrypted, buffers get cast into js object with a property type set to buffer
+    if (mnemonic && mnemonic.type && mnemonic.type === 'Buffer') {
+      mnemonicData = mnemonic.data;
+    }
 
+    if (
+      // this block is for backwards compatibility with vaults that were previously stored as buffers, number arrays or plain text strings
+      typeof mnemonicData === 'string' ||
+      Buffer.isBuffer(mnemonicData) ||
+      Array.isArray(mnemonicData)
+    ) {
+      let mnemonicAsString = mnemonicData;
+      if (Array.isArray(mnemonicData)) {
+        mnemonicAsString = Buffer.from(mnemonicData).toString();
+      } else if (Buffer.isBuffer(mnemonicData)) {
+        mnemonicAsString = mnemonicData.toString();
+      }
+      return this._stringToUint8Array(mnemonicAsString);
+    } else if (
+      mnemonicData instanceof Object &&
+      !(mnemonicData instanceof Uint8Array)
+    ) {
+      // when encrypted/decrypted the Uint8Array becomes a js object we need to cast back to a Uint8Array
+      return Uint8Array.from(Object.values(mnemonicData));
+    }
+    return mnemonicData;
+  }
+
+  serialize() {
     return Promise.resolve({
-      mnemonic: Array.from(mnemonicAsBuffer.values()),
-      numberOfAccounts: this.wallets.length,
+      mnemonic: this._mnemonicToUint8Array(this.mnemonic),
+      numberOfAccounts: this._wallets.length,
       hdPath: this.hdPath,
     });
   }
@@ -45,7 +100,7 @@ class HdKeyring extends SimpleKeyring {
       );
     }
     this.opts = opts;
-    this.wallets = [];
+    this._wallets = [];
     this.mnemonic = null;
     this.root = null;
     this.hdPath = opts.hdPath || hdPathString;
@@ -66,29 +121,147 @@ class HdKeyring extends SimpleKeyring {
       throw new Error('Eth-Hd-Keyring: No secret recovery phrase provided');
     }
 
-    const oldLen = this.wallets.length;
+    const oldLen = this._wallets.length;
     const newWallets = [];
     for (let i = oldLen; i < numberOfAccounts + oldLen; i++) {
-      const child = this.root.deriveChild(i);
-      const wallet = child.getWallet();
+      const wallet = this.root.deriveChild(i);
       newWallets.push(wallet);
-      this.wallets.push(wallet);
+      this._wallets.push(wallet);
     }
     const hexWallets = newWallets.map((w) => {
-      return normalize(w.getAddress().toString('hex'));
+      return this._addressfromPublicKey(w.publicKey);
     });
     return Promise.resolve(hexWallets);
   }
 
   getAccounts() {
-    return Promise.resolve(
-      this.wallets.map((w) => {
-        return normalize(w.getAddress().toString('hex'));
-      }),
+    return this._wallets.map((w) => this._addressfromPublicKey(w.publicKey));
+  }
+
+  /* BASE KEYRING METHODS */
+
+  // returns an address specific to an app
+  async getAppKeyAddress(address, origin) {
+    if (!origin || typeof origin !== 'string') {
+      throw new Error(`'origin' must be a non-empty string`);
+    }
+    const wallet = this._getWalletForAccount(address, {
+      withAppKeyOrigin: origin,
+    });
+    const appKeyAddress = normalize(
+      publicToAddress(wallet.publicKey).toString('hex'),
     );
+
+    return appKeyAddress;
+  }
+
+  // exportAccount should return a hex-encoded private key:
+  async exportAccount(address, opts = {}) {
+    const wallet = this._getWalletForAccount(address, opts);
+    return bytesToHex(wallet.privateKey);
+  }
+
+  // tx is an instance of the ethereumjs-transaction class.
+  async signTransaction(address, tx, opts = {}) {
+    const privKey = this._getPrivateKeyFor(address, opts);
+    const signedTx = tx.sign(privKey);
+    // Newer versions of Ethereumjs-tx are immutable and return a new tx object
+    return signedTx === undefined ? tx : signedTx;
+  }
+
+  // For eth_sign, we need to sign arbitrary data:
+  async signMessage(address, data, opts = {}) {
+    const message = stripHexPrefix(data);
+    const privKey = this._getPrivateKeyFor(address, opts);
+    const msgSig = ecsign(Buffer.from(message, 'hex'), privKey);
+    const rawMsgSig = concatSig(msgSig.v, msgSig.r, msgSig.s);
+    return rawMsgSig;
+  }
+
+  // For personal_sign, we need to prefix the message:
+  async signPersonalMessage(address, msgHex, opts = {}) {
+    const privKey = this._getPrivateKeyFor(address, opts);
+    const privateKey = Buffer.from(privKey, 'hex');
+    const sig = personalSign({ privateKey, data: msgHex });
+    return sig;
+  }
+
+  // For eth_decryptMessage:
+  async decryptMessage(withAccount, encryptedData) {
+    const wallet = this._getWalletForAccount(withAccount);
+    const { privateKey: privateKeyAsUint8Array } = wallet;
+    const privateKeyAsHex = Buffer.from(privateKeyAsUint8Array).toString('hex');
+    const sig = decrypt({ privateKey: privateKeyAsHex, encryptedData });
+    return sig;
   }
 
-  /* PRIVATE METHODS */
+  // personal_signTypedData, signs data along with the schema
+  async signTypedData(
+    withAccount,
+    typedData,
+    opts = { version: SignTypedDataVersion.V1 },
+  ) {
+    // Treat invalid versions as "V1"
+    const version = Object.keys(SignTypedDataVersion).includes(opts.version)
+      ? opts.version
+      : SignTypedDataVersion.V1;
+
+    const privateKey = this._getPrivateKeyFor(withAccount, opts);
+    return signTypedData({ privateKey, data: typedData, version });
+  }
+
+  removeAccount(account) {
+    const address = normalize(account);
+    if (
+      !this._wallets
+        .map(({ publicKey }) => this._addressfromPublicKey(publicKey))
+        .includes(address)
+    ) {
+      throw new Error(`Address ${address} not found in this keyring`);
+    }
+
+    this._wallets = this._wallets.filter(
+      ({ publicKey }) => this._addressfromPublicKey(publicKey) !== address,
+    );
+  }
+
+  // get public key for nacl
+  async getEncryptionPublicKey(withAccount, opts = {}) {
+    const privKey = this._getPrivateKeyFor(withAccount, opts);
+    const publicKey = getEncryptionPublicKey(privKey);
+    return publicKey;
+  }
+
+  _getPrivateKeyFor(address, opts = {}) {
+    if (!address) {
+      throw new Error('Must specify address.');
+    }
+    const wallet = this._getWalletForAccount(address, opts);
+    return wallet.privateKey;
+  }
+
+  _getWalletForAccount(account, opts = {}) {
+    const address = normalize(account);
+    let wallet = this._wallets.find(({ publicKey }) => {
+      return this._addressfromPublicKey(publicKey) === address;
+    });
+    if (!wallet) {
+      throw new Error('HD Keyring - Unable to find matching address.');
+    }
+
+    if (opts.withAppKeyOrigin) {
+      const { privateKey } = wallet;
+      const appKeyOriginBuffer = Buffer.from(opts.withAppKeyOrigin, 'utf8');
+      const appKeyBuffer = Buffer.concat([privateKey, appKeyOriginBuffer]);
+      const appKeyPrivateKey = arrToBufArr(keccak256(appKeyBuffer, 256));
+      const appKeyPublicKey = privateToPublic(appKeyPrivateKey);
+      wallet = { privateKey: appKeyPrivateKey, publicKey: appKeyPublicKey };
+    }
+
+    return wallet;
+  }
+
+  /* PRIVATE / UTILITY METHODS */
 
   /**
    * Sets appropriate properties for the keyring based on the given
@@ -104,26 +277,28 @@ class HdKeyring extends SimpleKeyring {
         'Eth-Hd-Keyring: Secret recovery phrase already provided',
       );
     }
+
+    this.mnemonic = this._mnemonicToUint8Array(mnemonic);
+
     // validate before initializing
-    const isValid = bip39.validateMnemonic(mnemonic);
+    const isValid = bip39.validateMnemonic(this.mnemonic, wordlist);
     if (!isValid) {
       throw new Error(
         'Eth-Hd-Keyring: Invalid secret recovery phrase provided',
       );
     }
 
-    if (typeof mnemonic === 'string') {
-      this.mnemonic = Buffer.from(mnemonic, 'utf8');
-    } else if (Array.isArray(mnemonic)) {
-      this.mnemonic = Buffer.from(mnemonic);
-    } else {
-      this.mnemonic = mnemonic;
-    }
-
     // eslint-disable-next-line node/no-sync
-    const seed = bip39.mnemonicToSeedSync(this.mnemonic);
-    this.hdWallet = hdkey.fromMasterSeed(seed);
-    this.root = this.hdWallet.derivePath(this.hdPath);
+    const seed = bip39.mnemonicToSeedSync(this.mnemonic, wordlist);
+    this.hdWallet = HDKey.fromMasterSeed(seed);
+    this.root = this.hdWallet.derive(this.hdPath);
+  }
+
+  // small helper function to convert publicKey in Uint8Array form to a publicAddress as a hex
+  _addressfromPublicKey(publicKey) {
+    return bufferToHex(
+      publicToAddress(Buffer.from(publicKey), true),
+    ).toLowerCase();
   }
 }
 

package/jest.config.js

@@ -5,8 +5,8 @@ module.exports = {
     global: {
       branches: 84,
       functions: 100,
-      lines: 96,
-      statements: 96,
+      lines: 95,
+      statements: 95,
     },
   },
   moduleFileExtensions: ['js', 'json', 'jsx', 'ts', 'tsx', 'node'],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/eth-hd-keyring",
-  "version": "4.0.2",
+  "version": "5.0.1",
   "description": "A simple standard interface for a seed phrase generated set of Ethereum accounts.",
   "keywords": [
     "ethereum",
@@ -18,26 +18,27 @@
   "author": "Dan Finlay",
   "main": "index.js",
   "scripts": {
-    "setup": "yarn install && yarn allow-scripts",
-    "lint:eslint": "eslint . --cache --ext js,ts",
-    "lint:misc": "prettier '**/*.json' '**/*.md' '!CHANGELOG.md' '**/*.yml' --ignore-path .gitignore",
     "lint": "yarn lint:eslint && yarn lint:misc --check",
+    "lint:eslint": "eslint . --cache --ext js,ts",
     "lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write",
+    "lint:misc": "prettier '**/*.json' '**/*.md' '!CHANGELOG.md' '**/*.yml' '!.yarnrc.yml' --ignore-path .gitignore --no-error-on-unmatched-pattern",
     "test": "jest"
   },
   "dependencies": {
-    "@metamask/bip39": "^4.0.0",
-    "@metamask/eth-sig-util": "^4.0.0",
-    "eth-simple-keyring": "^4.2.0",
-    "ethereumjs-util": "^7.0.9",
-    "ethereumjs-wallet": "^1.0.1"
+    "@ethereumjs/util": "^8.0.2",
+    "@metamask/eth-sig-util": "^5.0.2",
+    "@metamask/scure-bip39": "^2.0.3",
+    "ethereum-cryptography": "^1.1.2"
   },
   "devDependencies": {
-    "@lavamoat/allow-scripts": "^1.0.6",
+    "@ethereumjs/tx": "^4.0.1",
+    "@lavamoat/allow-scripts": "^2.1.0",
     "@metamask/auto-changelog": "^2.5.0",
+    "@metamask/bip39": "^4.0.0",
     "@metamask/eslint-config": "^8.0.0",
     "@metamask/eslint-config-jest": "^9.0.0",
     "@metamask/eslint-config-nodejs": "^8.0.0",
+    "@metamask/eth-hd-keyring": "4.0.1",
     "@types/jest": "^27.4.1",
     "eslint": "^7.32.0",
     "eslint-config-prettier": "^8.3.0",
@@ -49,8 +50,9 @@
     "prettier": "^2.4.1",
     "prettier-plugin-packagejson": "^2.2.12"
   },
+  "packageManager": "yarn@3.3.0",
   "engines": {
-    "node": ">= 12.0.0"
+    "node": ">= 14.0.0"
   },
   "publishConfig": {
     "access": "public",
@@ -59,8 +61,8 @@
   "lavamoat": {
     "allowScripts": {
       "@lavamoat/preinstall-always-fail": false,
-      "keccak": false,
-      "secp256k1": false
+      "@metamask/eth-hd-keyring>ethereumjs-util>ethereum-cryptography>keccak": false,
+      "@metamask/eth-hd-keyring>ethereumjs-util>ethereum-cryptography>secp256k1": false
     }
   }
-}
+}