@weblock-wallet/sdk 0.1.71 → 0.1.73

package/dist/index.cjs

@@ -103989,28 +103989,47 @@ var Crypto = {
   encryptShare(share, password, salt) {
     try {
       const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
-      const iv = randomBytes(16);
-      const cipher = createCipheriv("aes-256-cbc", key, iv);
+      const iv = randomBytes(12);
+      const cipher = createCipheriv("aes-256-gcm", key, iv);
       let encrypted = cipher.update(share, "utf8", "hex");
       encrypted += cipher.final("hex");
-      return `${iv.toString("hex")}:${encrypted}`;
+      const tag = cipher.getAuthTag();
+      return `gcm:${iv.toString("hex")}:${tag.toString("hex")}:${encrypted}`;
     } catch (e7) {
       console.error("Error during encrypting share:", e7);
       throw e7;
     }
   },
   decryptShare(encryptedShare, password, salt) {
+    const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
     try {
-      const [ivHex, encrypted] = encryptedShare.split(":");
+      if (encryptedShare.startsWith("gcm:")) {
+        const parts2 = encryptedShare.split(":");
+        if (parts2.length !== 4) throw new Error("Invalid ciphertext format");
+        const [, ivHex2, tagHex, cipherHex] = parts2;
+        const iv2 = Buffer2.from(ivHex2, "hex");
+        const tag = Buffer2.from(tagHex, "hex");
+        const decipher2 = createDecipheriv("aes-256-gcm", key, iv2);
+        decipher2.setAuthTag(tag);
+        let decrypted2 = decipher2.update(cipherHex, "hex", "utf8");
+        decrypted2 += decipher2.final("utf8");
+        return decrypted2;
+      }
+      const parts = encryptedShare.split(":");
+      if (parts.length !== 2) throw new Error("Invalid ciphertext format");
+      const [ivHex, encrypted] = parts;
       const iv = Buffer2.from(ivHex, "hex");
-      const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
       const decipher = createDecipheriv("aes-256-cbc", key, iv);
       let decrypted = decipher.update(encrypted, "hex", "utf8");
       decrypted += decipher.final("utf8");
+      if (!/^[0-9a-fA-F]+$/.test(decrypted) || decrypted.length % 2 !== 0) {
+        throw new Error("Wrong password");
+      }
       return decrypted;
     } catch (e7) {
       console.error("Error during decrypting share:", e7);
-      if (e7.message === "unable to decrypt data") {
+      const msg = String(e7?.message || "").toLowerCase();
+      if (msg.includes("unable to decrypt data") || msg.includes("wrong password") || msg.includes("bad decrypt") || msg.includes("auth") || msg.includes("unsupported state") || msg.includes("invalid tag")) {
         throw new Error("Wrong password");
       }
       throw e7;
@@ -104110,6 +104129,8 @@ var SDKErrorCode = /* @__PURE__ */ ((SDKErrorCode2) => {
   SDKErrorCode2["NETWORK_SWITCH_FAILED"] = "NETWORK_SWITCH_FAILED";
   SDKErrorCode2["TRANSACTION_FAILED"] = "TRANSACTION_FAILED";
   SDKErrorCode2["INVALID_PIN"] = "INVALID_PIN";
+  SDKErrorCode2["RECOVERY_FAILED"] = "RECOVERY_FAILED";
+  SDKErrorCode2["UNKNOWN"] = "UNKNOWN";
   return SDKErrorCode2;
 })(SDKErrorCode || {});
 var SDKError = class extends Error {
@@ -104373,10 +104394,25 @@ var WalletService = class {
           "INVALID_PARAMS" /* INVALID_PARAMS */
         );
       }
+      const walletInfo = await this.walletClient.getWallet();
+      const serverAddr = this.normalizeAddr(walletInfo?.address);
+      const expectedShareLen = String(walletInfo?.share1 ?? "").length;
       const decryptShareOrThrow = (encryptedShare) => {
         try {
-          return Crypto.decryptShare(encryptedShare, password, firebaseId);
+          const share = Crypto.decryptShare(
+            encryptedShare,
+            password,
+            firebaseId
+          );
+          if (expectedShareLen > 0 && share.length !== expectedShareLen) {
+            throw new SDKError(
+              "Incorrect PIN code",
+              "INVALID_PASSWORD" /* INVALID_PASSWORD */
+            );
+          }
+          return share;
         } catch (e7) {
+          if (e7 instanceof SDKError) throw e7;
           if (this.isInvalidPasswordError(e7)) {
             throw new SDKError(
               "Incorrect PIN code",
@@ -104387,8 +104423,6 @@ var WalletService = class {
           throw e7;
         }
       };
-      const walletInfo = await this.walletClient.getWallet();
-      const serverAddr = this.normalizeAddr(walletInfo?.address);
       let share2 = await LocalForage.get(
         STORAGE_KEYS.share2(this.orgHost)
       );
@@ -104411,8 +104445,8 @@ var WalletService = class {
           const derivedAddr2 = this.normalizeAddr(wallet2.address);
           if (this.addressesMismatch(serverAddr, derivedAddr2)) {
             throw new SDKError(
-              `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr2}`,
-              "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
+              "Incorrect PIN code",
+              "INVALID_PASSWORD" /* INVALID_PASSWORD */
             );
           }
           const newShares = await Secrets.split(wallet2.privateKey, 3, 2);
@@ -104447,10 +104481,7 @@ var WalletService = class {
       const wallet = new import_ethers2.Wallet(privateKey);
       const derivedAddr = this.normalizeAddr(wallet.address);
       if (this.addressesMismatch(serverAddr, derivedAddr)) {
-        throw new SDKError(
-          `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr}`,
-          "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
-        );
+        throw new SDKError("Incorrect PIN code", "INVALID_PASSWORD" /* INVALID_PASSWORD */);
       }
       await this.ensureDeviceEncryptedShare2(share2, firebaseId);
       this.walletAddress = wallet.address;