@opcat-labs/opcat 1.0.0

package/lib/crypto/hash.browser.js

@@ -0,0 +1,171 @@
+'use strict';
+
+var hash = require('hash.js');
+var $ = require('../util/preconditions');
+
+var Hash = module.exports;
+
+/**
+ * A SHA or SHA1 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-1
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha1 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Buffer.from(hash.sha1().update(buf).digest('hex'), 'hex');
+};
+
+Hash.sha1.blocksize = 512;
+
+/**
+ * A SHA256 hash, which is always 256 bits or 32 bytes long.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Buffer.from(hash.sha256().update(buf).digest('hex'), 'hex');
+};
+
+Hash.sha256.blocksize = 512;
+
+/**
+ * A double SHA256 hash, which is always 256 bits or 32 bytes bytes long. This
+ * hash function is commonly used inside Bitcoin, particularly for the hash of a
+ * block and the hash of a transaction.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Hash.sha256(Hash.sha256(buf));
+};
+
+/**
+ * A RIPEMD160 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Buffer.from(hash.ripemd160().update(buf).digest('hex'), 'hex');
+};
+/**
+ * A RIPEMD160 hash of a SHA256 hash, which is always 160 bits or 20 bytes long.
+ * This value is commonly used inside Bitcoin, particularly for Bitcoin
+ * addresses.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Hash.ripemd160(Hash.sha256(buf));
+};
+
+/**
+ * A SHA512 hash, which is always 512 bits or 64 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-2
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha512 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Buffer.from(hash.sha512().update(buf).digest('hex'), 'hex');
+};
+
+Hash.sha512.blocksize = 1024;
+
+/**
+ * A way to do HMAC using any underlying hash function. If you ever find that
+ * you want to hash two pieces of data together, you should use HMAC instead of
+ * just using a hash function. Rather than doing hash(data1 + data2) you should
+ * do HMAC(data1, data2). Actually, rather than use HMAC directly, we recommend
+ * you use either sha256hmac or sha515hmac provided below.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/Length_extension_attack
+ * https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
+ *
+ * @param {function} hashf Which hash function to use.
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.hmac = function (hashf, data, key) {
+  // http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+  // http://tools.ietf.org/html/rfc4868#section-2
+  $.checkArgument(Buffer.isBuffer(data));
+  $.checkArgument(Buffer.isBuffer(key));
+  $.checkArgument(hashf.blocksize);
+
+  var blocksize = hashf.blocksize / 8;
+
+  if (key.length > blocksize) {
+    key = hashf(key);
+  } else if (key < blocksize) {
+    var fill = Buffer.alloc(blocksize);
+    fill.fill(0);
+    key.copy(fill);
+    key = fill;
+  }
+
+  var oKey = Buffer.alloc(blocksize);
+  oKey.fill(0x5c);
+
+  var iKey = Buffer.alloc(blocksize);
+  iKey.fill(0x36);
+
+  var oKeyPad = Buffer.alloc(blocksize);
+  var iKeyPad = Buffer.alloc(blocksize);
+  for (var i = 0; i < blocksize; i++) {
+    oKeyPad[i] = oKey[i] ^ key[i];
+    iKeyPad[i] = iKey[i] ^ key[i];
+  }
+
+  return hashf(Buffer.concat([oKeyPad, hashf(Buffer.concat([iKeyPad, data]))]));
+};
+
+/**
+ * A SHA256 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha256hmac = function (data, key) {
+  return Hash.hmac(Hash.sha256, data, key);
+};
+
+/**
+ * A SHA512 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha512hmac = function (data, key) {
+  return Hash.hmac(Hash.sha512, data, key);
+};

package/lib/crypto/hash.js

@@ -0,0 +1,2 @@
+if (process.browser) module.exports = require('./hash.browser');
+else module.exports = require('./hash.node');

package/lib/crypto/hash.node.js

@@ -0,0 +1,171 @@
+'use strict';
+
+var crypto = require('crypto');
+var $ = require('../util/preconditions');
+
+var Hash = module.exports;
+
+/**
+ * A SHA or SHA1 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-1
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha1 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return crypto.createHash('sha1').update(buf).digest();
+};
+
+Hash.sha1.blocksize = 512;
+
+/**
+ * A SHA256 hash, which is always 256 bits or 32 bytes long.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return crypto.createHash('sha256').update(buf).digest();
+};
+
+Hash.sha256.blocksize = 512;
+
+/**
+ * A double SHA256 hash, which is always 256 bits or 32 bytes bytes long. This
+ * hash function is commonly used inside Bitcoin, particularly for the hash of a
+ * block and the hash of a transaction.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Hash.sha256(Hash.sha256(buf));
+};
+
+/**
+ * A RIPEMD160 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return crypto.createHash('ripemd160').update(buf).digest();
+};
+/**
+ * A RIPEMD160 hash of a SHA256 hash, which is always 160 bits or 20 bytes long.
+ * This value is commonly used inside Bitcoin, particularly for Bitcoin
+ * addresses.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return Hash.ripemd160(Hash.sha256(buf));
+};
+
+/**
+ * A SHA512 hash, which is always 512 bits or 64 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-2
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha512 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf));
+  return crypto.createHash('sha512').update(buf).digest();
+};
+
+Hash.sha512.blocksize = 1024;
+
+/**
+ * A way to do HMAC using any underlying hash function. If you ever find that
+ * you want to hash two pieces of data together, you should use HMAC instead of
+ * just using a hash function. Rather than doing hash(data1 + data2) you should
+ * do HMAC(data1, data2). Actually, rather than use HMAC directly, we recommend
+ * you use either sha256hmac or sha515hmac provided below.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/Length_extension_attack
+ * https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
+ *
+ * @param {function} hashf Which hash function to use.
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.hmac = function (hashf, data, key) {
+  // http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+  // http://tools.ietf.org/html/rfc4868#section-2
+  $.checkArgument(Buffer.isBuffer(data));
+  $.checkArgument(Buffer.isBuffer(key));
+  $.checkArgument(hashf.blocksize);
+
+  var blocksize = hashf.blocksize / 8;
+
+  if (key.length > blocksize) {
+    key = hashf(key);
+  } else if (key < blocksize) {
+    var fill = Buffer.alloc(blocksize);
+    fill.fill(0);
+    key.copy(fill);
+    key = fill;
+  }
+
+  var oKey = Buffer.alloc(blocksize);
+  oKey.fill(0x5c);
+
+  var iKey = Buffer.alloc(blocksize);
+  iKey.fill(0x36);
+
+  var oKeyPad = Buffer.alloc(blocksize);
+  var iKeyPad = Buffer.alloc(blocksize);
+  for (var i = 0; i < blocksize; i++) {
+    oKeyPad[i] = oKey[i] ^ key[i];
+    iKeyPad[i] = iKey[i] ^ key[i];
+  }
+
+  return hashf(Buffer.concat([oKeyPad, hashf(Buffer.concat([iKeyPad, data]))]));
+};
+
+/**
+ * A SHA256 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha256hmac = function (data, key) {
+  return Hash.hmac(Hash.sha256, data, key);
+};
+
+/**
+ * A SHA512 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha512hmac = function (data, key) {
+  return Hash.hmac(Hash.sha512, data, key);
+};

package/lib/crypto/point.js

@@ -0,0 +1,221 @@
+'use strict';
+
+var BN = require('./bn');
+var elliptic = require('elliptic');
+var EC = elliptic.ec;
+var ec = new EC('secp256k1');
+var ecPoint = ec.curve.point.bind(ec.curve);
+var ecPointFromX = ec.curve.pointFromX.bind(ec.curve);
+
+/**
+ * Instantiate a valid secp256k1 Point from the X and Y coordinates. This class
+ * is just an extension of the secp256k1 code from the library "elliptic" by
+ * Fedor Indutny. It includes a few extra features that are useful in Bitcoin.
+ *
+ * @param {BN|String} x - The X coordinate
+ * @param {BN|String} y - The Y coordinate
+ * @link https://github.com/indutny/elliptic
+ * @augments elliptic.curve.point
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of Point
+ * @constructor
+ */
+var Point = function Point(x, y, isRed) {
+  try {
+    var point = ecPoint(x, y, isRed);
+  } catch (e) {
+    throw new Error('Invalid Point');
+  }
+  point.validate();
+  return point;
+};
+
+Point.prototype = Object.getPrototypeOf(ec.curve.point());
+
+/**
+ *
+ * Instantiate a valid secp256k1 Point from only the X coordinate. This is
+ * useful to rederive a full point from the compressed form of a point.
+ *
+ * @param {boolean} odd - If the Y coordinate is odd
+ * @param {BN|String} x - The X coordinate
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of Point
+ */
+Point.fromX = function fromX(odd, x) {
+  try {
+    var point = ecPointFromX(x, odd);
+  } catch (e) {
+    throw new Error('Invalid X');
+  }
+  point.validate();
+  return point;
+};
+
+/**
+ *
+ * Will return a secp256k1 ECDSA base point.
+ *
+ * @link https://en.bitcoin.it/wiki/Secp256k1
+ * @returns {Point} An instance of the base point.
+ */
+Point.getG = function getG() {
+  return ec.curve.g;
+};
+
+/**
+ *
+ * Will return the max of range of valid private keys as governed by the
+ * secp256k1 ECDSA standard.
+ *
+ * @link https://en.bitcoin.it/wiki/Private_key#Range_of_valid_ECDSA_private_keys
+ * @returns {BN} A BN instance of the number of points on the curve
+ */
+Point.getN = function getN() {
+  return new BN(ec.curve.n.toArray());
+};
+
+if (!Point.prototype._getX) {
+  Point.prototype._getX = Point.prototype.getX;
+}
+
+/**
+ * Will return the X coordinate of the Point.
+ *
+ * @returns {BN} A BN instance of the X coordinate
+ */
+Point.prototype.getX = function getX() {
+  return new BN(this._getX().toArray());
+};
+
+if (!Point.prototype._getY) {
+  Point.prototype._getY = Point.prototype.getY;
+}
+
+/**
+ * Will return the Y coordinate of the Point.
+ *
+ * @returns {BN} A BN instance of the Y coordinate
+ */
+Point.prototype.getY = function getY() {
+  return new BN(this._getY().toArray());
+};
+
+/**
+ * Will determine if the point is valid.
+ *
+ * @link https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of the same Point
+ */
+Point.prototype.validate = function validate() {
+  if (this.isInfinity()) {
+    throw new Error('Point cannot be equal to Infinity');
+  }
+
+  var p2;
+  try {
+    p2 = ecPointFromX(this.getX(), this.getY().isOdd());
+  } catch (e) {
+    throw new Error('Point does not lie on the curve');
+  }
+
+  if (p2.y.cmp(this.y) !== 0) {
+    throw new Error('Invalid y value for curve.');
+  }
+
+  // todo: needs test case
+  if (!this.mul(Point.getN()).isInfinity()) {
+    throw new Error('Point times N must be infinity');
+  }
+
+  return this;
+};
+
+/**
+ * A "compressed" format point is the X part of the (X, Y) point plus an extra
+ * bit (which takes an entire byte) to indicate whether the Y value is odd or
+ * not. Storing points this way takes a bit less space, but requires a bit more
+ * computation to rederive the full point.
+ *
+ * @param {Point} point An instance of Point.
+ * @returns {Buffer} A compressed point in the form of a buffer.
+ */
+Point.pointToCompressed = function pointToCompressed(point) {
+  var xbuf = point.getX().toBuffer({ size: 32 });
+  var ybuf = point.getY().toBuffer({ size: 32 });
+
+  var prefix;
+  var odd = ybuf[ybuf.length - 1] % 2;
+  if (odd) {
+    prefix = Buffer.from([0x03]);
+  } else {
+    prefix = Buffer.from([0x02]);
+  }
+  return Buffer.concat([prefix, xbuf]);
+};
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} buf A compressed point.
+ * @returns {Point} A Point.
+ */
+Point.pointFromCompressed = function (buf) {
+  if (buf.length !== 33) {
+    throw new Error('invalid buffer length');
+  }
+  let prefix = buf[0];
+  let odd;
+  if (prefix === 0x03) {
+    odd = true;
+  } else if (prefix === 0x02) {
+    odd = false;
+  } else {
+    throw new Error('invalid value of compressed prefix');
+  }
+
+  let xbuf = buf.slice(1, 33);
+  let x = BN.fromBuffer(xbuf);
+  return Point.fromX(odd, x);
+};
+
+/**
+ * Convert point to a compressed buffer.
+ *
+ * @returns {Buffer} A compressed point.
+ */
+Point.prototype.toBuffer = function () {
+  return Point.pointToCompressed(this);
+};
+
+/**
+ * Convert point to a compressed hex string.
+ *
+ * @returns {string} A compressed point as a hex string.
+ */
+Point.prototype.toHex = function () {
+  return this.toBuffer().toString('hex');
+};
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} buf A compressed point.
+ * @returns {Point} A Point.
+ */
+Point.fromBuffer = function (buf) {
+  return Point.pointFromCompressed(buf);
+};
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} hex A compressed point as a hex string.
+ * @returns {Point} A Point.
+ */
+Point.fromHex = function (hex) {
+  return Point.fromBuffer(Buffer.from(hex, 'hex'));
+};
+
+module.exports = Point;

package/lib/crypto/random.browser.js

@@ -0,0 +1,28 @@
+'use strict';
+
+function Random() {}
+
+/* secure random bytes that sometimes throws an error due to lack of entropy */
+Random.getRandomBuffer = function (size) {
+  if (!window.crypto && !window.msCrypto) {
+    throw new Error('window.crypto not available');
+  }
+  var crypto;
+
+  if (window.crypto && window.crypto.getRandomValues) {
+    crypto = window.crypto;
+  } else if (window.msCrypto && window.msCrypto.getRandomValues) {
+    // internet explorer
+    crypto = window.msCrypto;
+  } else {
+    throw new Error('window.crypto.getRandomValues not available');
+  }
+
+  var bbuf = new Uint8Array(size);
+  crypto.getRandomValues(bbuf);
+  var buf = Buffer.from(bbuf);
+
+  return buf;
+};
+
+module.exports = Random;

package/lib/crypto/random.js

@@ -0,0 +1,2 @@
+if (process.browser) module.exports = require('./random.browser');
+else module.exports = require('./random.node');

package/lib/crypto/random.node.js

@@ -0,0 +1,11 @@
+'use strict';
+
+function Random() {}
+
+/* secure random bytes that sometimes throws an error due to lack of entropy */
+Random.getRandomBuffer = function (size) {
+  var crypto = require('crypto');
+  return crypto.randomBytes(size);
+};
+
+module.exports = Random;