@opcat-labs/opcat 1.0.1 → 1.0.3

package/esm/message/message.js

@@ -0,0 +1,228 @@
+'use strict';
+
+import _ from '../util/_.js';
+import PrivateKey from '../privatekey.js';
+import PublicKey from '../publickey.js';
+import Address from '../address.js';
+import BufferWriter from '../encoding/bufferwriter.js';
+import ECDSA from '../crypto/ecdsa.js';
+import Signature from '../crypto/signature.js';
+import Hash from '../crypto/hash.js';
+import JSUtil from '../util/js.js';
+import $ from '../util/preconditions.js';
+
+
+/**
+ * Creates a Message instance from a string or Buffer.
+ * @constructor
+ * @param {string|Buffer} message - The message content as either a string or Buffer
+ * @throws {Error} Will throw if message is not a string or Buffer
+ * @returns {Message} A new Message instance containing the message buffer
+ */
+function Message(message) {
+  if (!(this instanceof Message)) {
+    return new Message(message);
+  }
+
+  $.checkArgument(
+    _.isString(message) || Buffer.isBuffer(message),
+    'First argument should be a string or Buffer',
+  );
+
+  if (_.isString(message)) {
+    this.messageBuffer = Buffer.from(message);
+  }
+
+  if (Buffer.isBuffer(message)) {
+    this.messageBuffer = message;
+  }
+  return this;
+}
+
+/**
+ * Signs a message with the given private key.
+ * @param {string|Buffer} message - The message to sign.
+ * @param {PrivateKey} privateKey - The private key used for signing.
+ * @returns {Message} The signed message instance.
+ */
+Message.sign = function (message, privateKey) {
+  return new Message(message).sign(privateKey);
+};
+
+Message.verify = function (message, address, signature) {
+  return new Message(message).verify(address, signature);
+};
+
+Message.MAGIC_BYTES = Buffer.from('Bitcoin Signed Message:\n');
+
+/**
+ * Calculates the magic hash for the message by concatenating magic bytes prefixes
+ * with the message buffer and computing a double SHA-256 hash.
+ * @returns {Buffer} The resulting 32-byte hash.
+ */
+Message.prototype.magicHash = function magicHash() {
+  var prefix1 = BufferWriter.varintBufNum(Message.MAGIC_BYTES.length);
+  var prefix2 = BufferWriter.varintBufNum(this.messageBuffer.length);
+  var buf = Buffer.concat([prefix1, Message.MAGIC_BYTES, prefix2, this.messageBuffer]);
+  var hash = Hash.sha256sha256(buf);
+  return hash;
+};
+
+/**
+ * Signs the message with the provided private key.
+ * @private
+ * @param {PrivateKey} privateKey - The private key instance to sign with.
+ * @returns {Buffer} The signature generated using ECDSA.
+ * @throws {Error} If the first argument is not a PrivateKey instance.
+ */
+Message.prototype._sign = function _sign(privateKey) {
+  $.checkArgument(
+    privateKey instanceof PrivateKey,
+    'First argument should be an instance of PrivateKey',
+  );
+  var hash = this.magicHash();
+  return ECDSA.signWithCalcI(hash, privateKey);
+};
+
+/**
+ * Will sign a message with a given bitcoin private key.
+ *
+ * @param {PrivateKey} privateKey - An instance of PrivateKey
+ * @returns {String} A base64 encoded compact signature
+ */
+Message.prototype.sign = function sign(privateKey) {
+  var signature = this._sign(privateKey);
+  return signature.toCompact().toString('base64');
+};
+
+/**
+ * Verifies the message signature using the provided public key.
+ * @param {PublicKey} publicKey - The public key to verify against
+ * @param {Signature} signature - The signature to verify
+ * @returns {boolean} True if signature is valid, false otherwise
+ * @throws {Error} If arguments are not valid PublicKey/Signature instances
+ */
+Message.prototype._verify = function _verify(publicKey, signature) {
+  $.checkArgument(
+    publicKey instanceof PublicKey,
+    'First argument should be an instance of PublicKey',
+  );
+  $.checkArgument(
+    signature instanceof Signature,
+    'Second argument should be an instance of Signature',
+  );
+  var hash = this.magicHash();
+  var verified = ECDSA.verify(hash, signature, publicKey);
+  if (!verified) {
+    this.error = 'The signature was invalid';
+  }
+  return verified;
+};
+
+/**
+ * Will return a boolean of the signature is valid for a given bitcoin address.
+ * If it isn't the specific reason is accessible via the "error" member.
+ *
+ * @param {Address|String} bitcoinAddress - A bitcoin address
+ * @param {String} signatureString - A base64 encoded compact signature
+ * @returns {Boolean}
+ */
+Message.prototype.verify = function verify(bitcoinAddress, signatureString) {
+  $.checkArgument(bitcoinAddress);
+  $.checkArgument(signatureString && _.isString(signatureString));
+
+  if (_.isString(bitcoinAddress)) {
+    bitcoinAddress = Address.fromString(bitcoinAddress);
+  }
+  var signature = Signature.fromCompact(Buffer.from(signatureString, 'base64'));
+
+  // recover the public key
+  var ecdsa = new ECDSA();
+  ecdsa.hashbuf = this.magicHash();
+  ecdsa.sig = signature;
+  var publicKey = ecdsa.toPublicKey();
+
+  var signatureAddress = Address.fromPublicKey(publicKey.toBuffer(), bitcoinAddress.network);
+
+  // check that the recovered address and specified address match
+  if (bitcoinAddress.toString() !== signatureAddress.toString()) {
+    this.error = 'The signature did not match the message digest';
+    return false;
+  }
+
+  return this._verify(publicKey, signature);
+};
+
+/**
+ * Instantiate a message from a message string
+ *
+ * @param {String} str - A string of the message
+ * @returns {Message} A new instance of a Message
+ */
+Message.fromString = function (str) {
+  return new Message(str);
+};
+
+/**
+ * Instantiate a message from JSON
+ *
+ * @param {String} json - An JSON string or Object with keys: message
+ * @returns {Message} A new instance of a Message
+ */
+Message.fromJSON = function fromJSON(json) {
+  if (JSUtil.isValidJSON(json)) {
+    json = JSON.parse(json);
+  }
+  return Message.fromObject(json);
+};
+
+
+/**
+ * Converts the message to a plain object with hex representation.
+ * @returns {Object} An object containing the hex string of the message buffer.
+ */
+Message.prototype.toObject = function toObject() {
+  return {
+    messageHex: this.messageBuffer.toString('hex'),
+  };
+};
+
+/**
+ * Creates a Message instance from an object containing a hex-encoded message.
+ * @param {Object} obj - The source object containing the message data.
+ * @param {string} obj.messageHex - Hex-encoded message string.
+ * @returns {Message} A new Message instance created from the decoded buffer.
+ */
+Message.fromObject = function (obj) {
+  let messageBuffer = Buffer.from(obj.messageHex, 'hex');
+  return new Message(messageBuffer);
+};
+
+
+/**
+ * Converts the Message instance to a JSON string representation.
+ * @returns {string} The JSON string representation of the Message object.
+ */
+Message.prototype.toJSON = function toJSON() {
+  return JSON.stringify(this.toObject());
+};
+
+
+/**
+ * Converts the message buffer to a string representation.
+ * @returns {string} The string representation of the message buffer.
+ */
+Message.prototype.toString = function () {
+  return this.messageBuffer.toString();
+};
+
+
+/**
+ * Custom inspect method for Message instances.
+ * @returns {string} String representation in format '<Message: [content]>'.
+ */
+Message.prototype.inspect = function () {
+  return '<Message: ' + this.toString() + '>';
+};
+
+export default Message;

package/esm/mnemonic/index.js

@@ -0,0 +1,3 @@
+import Mnemonic from './mnemonic.js';
+
+export default Mnemonic;

package/esm/mnemonic/mnemonic.js

@@ -0,0 +1,332 @@
+'use strict';
+import BN from '../crypto/bn.js';
+import Hash from '../crypto/hash.js';
+import Random from '../crypto/random.js';
+import unorm from 'unorm';
+import _ from '../util/_.js';
+import pbkdf2 from './pbkdf2.js';
+import errors from '../errors/index.js';
+import $ from '../util/preconditions.js';
+import HDPrivateKey from '../hdprivatekey.js';
+import Words from './words/index.js';
+
+
+/**
+ * This is an immutable class that represents a BIP39 Mnemonic code.
+ * See BIP39 specification for more info: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
+ * A Mnemonic code is a a group of easy to remember words used for the generation
+ * of deterministic wallets. A Mnemonic can be used to generate a seed using
+ * an optional passphrase, for later generate a HDPrivateKey.
+ *
+ * @example
+ * // generate a random mnemonic
+ * var mnemonic = new Mnemonic();
+ * var phrase = mnemonic.phrase;
+ *
+ * // use a different language
+ * var mnemonic = new Mnemonic(Mnemonic.Words.SPANISH);
+ * var xprivkey = mnemonic.toHDPrivateKey();
+ *
+ * @param {Buffer|string|number} [data] - Input data (Buffer for seed, string for phrase, or number for entropy bits)
+ * @param {Array} [wordlist] - Optional wordlist for phrase generation/validation
+ * @throws {InvalidArgument} If invalid data type provided
+ * @throws {Mnemonic.UnknownWordlist} If phrase language can't be detected
+ * @throws {Mnemonic.InvalidMnemonic} If phrase is invalid
+ * @throws {InvalidArgument} If invalid ENT value (must be >=128 and divisible by 32)
+ * @returns {Mnemonic} A new instance of Mnemonic
+ * @constructor
+ */
+function Mnemonic (data, wordlist) {
+  if (!(this instanceof Mnemonic)) {
+    return new Mnemonic(data, wordlist);
+  }
+
+  if (_.isArray(data)) {
+    wordlist = data;
+    data = null;
+  }
+
+  // handle data overloading
+  var ent, phrase, seed;
+  if (Buffer.isBuffer(data)) {
+    seed = data;
+  } else if (_.isString(data)) {
+    phrase = unorm.nfkd(data);
+  } else if (_.isNumber(data)) {
+    ent = data;
+  } else if (data) {
+    throw new errors.InvalidArgument('data', 'Must be a Buffer, a string or an integer');
+  }
+  ent = ent || 128;
+
+  // check and detect wordlist
+  wordlist = wordlist || Mnemonic._getDictionary(phrase);
+  if (phrase && !wordlist) {
+    throw new errors.Mnemonic.UnknownWordlist(phrase);
+  }
+  wordlist = wordlist || Mnemonic.Words.ENGLISH;
+
+  if (seed) {
+    phrase = Mnemonic._entropy2mnemonic(seed, wordlist);
+  }
+
+  // validate phrase and ent
+  if (phrase && !Mnemonic.isValid(phrase, wordlist)) {
+    throw new errors.Mnemonic.InvalidMnemonic(phrase);
+  }
+  if (ent % 32 !== 0 || ent < 128) {
+    throw new errors.InvalidArgument('ENT', 'Values must be ENT > 128 and ENT % 32 == 0');
+  }
+
+  phrase = phrase || Mnemonic._mnemonic(ent, wordlist);
+
+  Object.defineProperty(this, 'wordlist', {
+    configurable: false,
+    value: wordlist,
+  });
+
+  Object.defineProperty(this, 'phrase', {
+    configurable: false,
+    value: phrase,
+  });
+}
+
+/**
+ * Creates a new Mnemonic instance with random entropy using the specified wordlist.
+ * @param {Array} [wordlist=Mnemonic.Words.ENGLISH] - The wordlist to use for mnemonic generation (defaults to English).
+ * @returns {Mnemonic} A new Mnemonic instance with random entropy.
+ */
+Mnemonic.fromRandom = function (wordlist = Mnemonic.Words.ENGLISH) {
+  return new Mnemonic(wordlist);
+};
+
+/**
+ * Creates a Mnemonic instance from a mnemonic string.
+ * @param {string} mnemonic - The mnemonic phrase string.
+ * @param {string} [wordlist=Mnemonic.Words.ENGLISH] - Optional wordlist (defaults to English).
+ * @returns {Mnemonic} A new Mnemonic instance.
+ */
+Mnemonic.fromString = function (mnemonic, wordlist = Mnemonic.Words.ENGLISH) {
+  return new Mnemonic(mnemonic, wordlist);
+};
+
+/**
+ * Will return a boolean if the mnemonic is valid
+ *
+ * @example
+ *
+ * var valid = Mnemonic.isValid('lab rescue lunch elbow recall phrase perfect donkey biology guess moment husband');
+ * // true
+ *
+ * @param {String} mnemonic - The mnemonic string
+ * @param {String} [wordlist] - The wordlist used
+ * @returns {boolean}
+ */
+Mnemonic.isValid = function (mnemonic, wordlist) {
+  mnemonic = unorm.nfkd(mnemonic);
+  wordlist = wordlist || Mnemonic._getDictionary(mnemonic);
+
+  if (!wordlist) {
+    return false;
+  }
+
+  var words = mnemonic.split(' ');
+  var bin = '';
+  for (var i = 0; i < words.length; i++) {
+    var ind = wordlist.indexOf(words[i]);
+    if (ind < 0) return false;
+    bin = bin + ('00000000000' + ind.toString(2)).slice(-11);
+  }
+
+  var cs = bin.length / 33;
+  var hashBits = bin.slice(-cs);
+  var nonhashBits = bin.slice(0, bin.length - cs);
+  var buf = Buffer.alloc(nonhashBits.length / 8);
+  for (i = 0; i < nonhashBits.length / 8; i++) {
+    buf.writeUInt8(parseInt(bin.slice(i * 8, (i + 1) * 8), 2), i);
+  }
+  var expectedHashBits = Mnemonic._entropyChecksum(buf);
+  return expectedHashBits === hashBits;
+};
+
+/**
+ * Internal function to check if a mnemonic belongs to a wordlist.
+ *
+ * @param {String} mnemonic - The mnemonic string
+ * @param {String} wordlist - The wordlist
+ * @returns {boolean}
+ * @private
+ */
+Mnemonic._belongsToWordlist = function (mnemonic, wordlist) {
+  var words = unorm.nfkd(mnemonic).split(' ');
+  for (var i = 0; i < words.length; i++) {
+    var ind = wordlist.indexOf(words[i]);
+    if (ind < 0) return false;
+  }
+  return true;
+};
+
+/**
+ * Internal function to detect the wordlist used to generate the mnemonic.
+ *
+ * @param {String} mnemonic - The mnemonic string
+ * @returns {Array} the wordlist or null
+ * @private
+ */
+Mnemonic._getDictionary = function (mnemonic) {
+  if (!mnemonic) return null;
+
+  var dicts = Object.keys(Mnemonic.Words);
+  for (var i = 0; i < dicts.length; i++) {
+    var key = dicts[i];
+    if (Mnemonic._belongsToWordlist(mnemonic, Mnemonic.Words[key])) {
+      return Mnemonic.Words[key];
+    }
+  }
+  return null;
+};
+
+/**
+ * Will generate a seed based on the mnemonic and optional passphrase. Note that
+ * this seed is absolutely NOT the seed that is output by .toSeed(). These are
+ * two different seeds. The seed you want to put in here, if any, is just some
+ * random byte string. Normally you should rely on the .fromRandom() method.
+ *
+ * @param {String} [passphrase]
+ * @returns {Buffer}
+ */
+Mnemonic.prototype.toSeed = function (passphrase) {
+  passphrase = passphrase || '';
+  return pbkdf2(unorm.nfkd(this.phrase), unorm.nfkd('mnemonic' + passphrase), 2048, 64);
+};
+
+/**
+ * Will generate a Mnemonic object based on a seed.
+ *
+ * @param {Buffer} [seed]
+ * @param {string} [wordlist]
+ * @returns {Mnemonic}
+ */
+Mnemonic.fromSeed = function (seed, wordlist) {
+  $.checkArgument(Buffer.isBuffer(seed), 'seed must be a Buffer.');
+  $.checkArgument(
+    _.isArray(wordlist) || _.isString(wordlist),
+    'wordlist must be a string or an array.',
+  );
+  return new Mnemonic(seed, wordlist);
+};
+
+/**
+ *
+ * Generates a HD Private Key from a Mnemonic.
+ * Optionally receive a passphrase and bitcoin network.
+ *
+ * @param {String=} [passphrase]
+ * @param {Network|String|number=} [network] - The network: 'livenet' or 'testnet'
+ * @returns {HDPrivateKey}
+ */
+Mnemonic.prototype.toHDPrivateKey = function (passphrase, network) {
+  var seed = this.toSeed(passphrase);
+  return HDPrivateKey.fromSeed(seed, network);
+};
+
+/**
+ * Will return a the string representation of the mnemonic
+ *
+ * @returns {String} Mnemonic
+ */
+Mnemonic.prototype.toString = function () {
+  return this.phrase;
+};
+
+/**
+ * Will return a string formatted for the console
+ *
+ * @returns {String} Mnemonic
+ */
+Mnemonic.prototype.inspect = function () {
+  return '<Mnemonic: ' + this.toString() + ' >';
+};
+
+/**
+ * Internal function to generate a random mnemonic
+ *
+ * @param {Number} ENT - Entropy size, defaults to 128
+ * @param {Array} wordlist - Array of words to generate the mnemonic
+ * @returns {String} Mnemonic string
+ * @private
+ */
+Mnemonic._mnemonic = function (ENT, wordlist) {
+  var buf = Random.getRandomBuffer(ENT / 8);
+  return Mnemonic._entropy2mnemonic(buf, wordlist);
+};
+
+/**
+ * Internal function to generate mnemonic based on entropy
+ *
+ * @param {Number} entropy - Entropy buffer
+ * @param {Array} wordlist - Array of words to generate the mnemonic
+ * @returns {String} Mnemonic string
+ * @private
+ */
+Mnemonic._entropy2mnemonic = function (entropy, wordlist) {
+  var bin = '';
+  for (var i = 0; i < entropy.length; i++) {
+    bin = bin + ('00000000' + entropy[i].toString(2)).slice(-8);
+  }
+
+  bin = bin + Mnemonic._entropyChecksum(entropy);
+  if (bin.length % 11 !== 0) {
+    throw new errors.InvalidEntropy(bin);
+  }
+  var mnemonic = [];
+  for (i = 0; i < bin.length / 11; i++) {
+    var wi = parseInt(bin.slice(i * 11, (i + 1) * 11), 2);
+    mnemonic.push(wordlist[wi]);
+  }
+  var ret;
+  if (wordlist === Mnemonic.Words.JAPANESE) {
+    ret = mnemonic.join('\u3000');
+  } else {
+    ret = mnemonic.join(' ');
+  }
+  return ret;
+};
+
+/**
+ * Internal function to create checksum of entropy
+ *
+ * @param entropy
+ * @returns {string} Checksum of entropy length / 32
+ * @private
+ */
+Mnemonic._entropyChecksum = function (entropy) {
+  var hash = Hash.sha256(entropy);
+  var bits = entropy.length * 8;
+  var cs = bits / 32;
+
+  var hashbits = new BN(hash.toString('hex'), 16).toString(2);
+
+  // zero pad the hash bits
+  while (hashbits.length % 256 !== 0) {
+    hashbits = '0' + hashbits;
+  }
+
+  var checksum = hashbits.slice(0, cs);
+
+  return checksum;
+};
+/**
+ * The list of valid mnemonic words used by the Mnemonic class.
+ * @type {Words}
+ */
+Mnemonic.Words = Words;
+
+/**
+ * Assigns the pbkdf2 function to Mnemonic.pbkdf2 for key derivation.
+ * @type {Function}
+ */
+Mnemonic.pbkdf2 = pbkdf2;
+
+export default Mnemonic;
+

package/{lib/mnemonic/pbkdf2.browser.js → esm/mnemonic/pbkdf2.js}

@@ -1,11 +1,18 @@
 'use strict';
 
-var hash = require('hash.js');
+import crypto from 'crypto';
 
 /**
- * PDKBF2
+ * PDKBF2: Derives a key using PBKDF2 (Password-Based Key Derivation Function 2) with HMAC-SHA512.
  * Credit to: https://github.com/stayradiated/pbkdf2-sha512
- * Copyright (c) 2014, JP Richardson Copyright (c) 2010-2011 Intalio Pte, All Rights Reserved
+ *
+ * @param {string|Buffer} key - The input key/password (as string or Buffer)
+ * @param {string|Buffer} salt - The salt value (as string or Buffer)
+ * @param {number} iterations - Number of iterations to perform
+ * @param {number} dkLen - Desired length of the derived key in bytes
+ * @returns {Buffer} Derived key as Buffer
+ * @throws {TypeError} If key or salt are not strings or Buffers
+ * @throws {Error} If requested key length is too long
  */
 function pbkdf2(key, salt, iterations, dkLen) {
   var hLen = 64; // SHA512 Mac length
@@ -45,12 +52,12 @@ function pbkdf2(key, salt, iterations, dkLen) {
     block1[salt.length + 2] = (i >> 8) & 0xff;
     block1[salt.length + 3] = (i >> 0) & 0xff;
 
-    U = hash.hmac(hash.sha512, key).update(block1).digest();
+    U = crypto.createHmac('sha512', key).update(block1).digest();
 
     U.copy(T, 0, 0, hLen);
 
     for (var j = 1; j < iterations; j++) {
-      U = hash.hmac(hash.sha512, key).update(U).digest();
+      U = crypto.createHmac('sha512', key).update(U).digest();
 
       for (var k = 0; k < hLen; k++) {
         T[k] ^= U[k];
@@ -65,4 +72,4 @@ function pbkdf2(key, salt, iterations, dkLen) {
   return DK;
 }
 
-module.exports = pbkdf2;
+export default pbkdf2;