npm - @weblock-wallet/sdk - Versions diffs - 0.1.71 → 0.1.73 - Mend

@weblock-wallet/sdk 0.1.71 → 0.1.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -29,7 +29,9 @@ declare enum SDKErrorCode {
     NOT_LOGGED_IN = "NOT_LOGGED_IN",
     NETWORK_SWITCH_FAILED = "NETWORK_SWITCH_FAILED",
     TRANSACTION_FAILED = "TRANSACTION_FAILED",
-    INVALID_PIN = "INVALID_PIN"
+    INVALID_PIN = "INVALID_PIN",
+    RECOVERY_FAILED = "RECOVERY_FAILED",
+    UNKNOWN = "UNKNOWN"
 }
 declare class SDKError extends Error {
     readonly code: SDKErrorCode;

package/dist/index.d.ts CHANGED Viewed

@@ -29,7 +29,9 @@ declare enum SDKErrorCode {
     NOT_LOGGED_IN = "NOT_LOGGED_IN",
     NETWORK_SWITCH_FAILED = "NETWORK_SWITCH_FAILED",
     TRANSACTION_FAILED = "TRANSACTION_FAILED",
-    INVALID_PIN = "INVALID_PIN"
+    INVALID_PIN = "INVALID_PIN",
+    RECOVERY_FAILED = "RECOVERY_FAILED",
+    UNKNOWN = "UNKNOWN"
 }
 declare class SDKError extends Error {
     readonly code: SDKErrorCode;

package/dist/index.js CHANGED Viewed

@@ -103944,28 +103944,47 @@ var Crypto = {
   encryptShare(share, password, salt) {
     try {
       const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
-      const iv = randomBytes(16);
-      const cipher = createCipheriv("aes-256-cbc", key, iv);
+      const iv = randomBytes(12);
+      const cipher = createCipheriv("aes-256-gcm", key, iv);
       let encrypted = cipher.update(share, "utf8", "hex");
       encrypted += cipher.final("hex");
-      return `${iv.toString("hex")}:${encrypted}`;
+      const tag = cipher.getAuthTag();
+      return `gcm:${iv.toString("hex")}:${tag.toString("hex")}:${encrypted}`;
     } catch (e7) {
       console.error("Error during encrypting share:", e7);
       throw e7;
     }
   },
   decryptShare(encryptedShare, password, salt) {
+    const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
     try {
-      const [ivHex, encrypted] = encryptedShare.split(":");
+      if (encryptedShare.startsWith("gcm:")) {
+        const parts2 = encryptedShare.split(":");
+        if (parts2.length !== 4) throw new Error("Invalid ciphertext format");
+        const [, ivHex2, tagHex, cipherHex] = parts2;
+        const iv2 = Buffer.from(ivHex2, "hex");
+        const tag = Buffer.from(tagHex, "hex");
+        const decipher2 = createDecipheriv("aes-256-gcm", key, iv2);
+        decipher2.setAuthTag(tag);
+        let decrypted2 = decipher2.update(cipherHex, "hex", "utf8");
+        decrypted2 += decipher2.final("utf8");
+        return decrypted2;
+      }
+      const parts = encryptedShare.split(":");
+      if (parts.length !== 2) throw new Error("Invalid ciphertext format");
+      const [ivHex, encrypted] = parts;
       const iv = Buffer.from(ivHex, "hex");
-      const key = pbkdf2Sync(password, salt, 1e5, 32, "sha512");
       const decipher = createDecipheriv("aes-256-cbc", key, iv);
       let decrypted = decipher.update(encrypted, "hex", "utf8");
       decrypted += decipher.final("utf8");
+      if (!/^[0-9a-fA-F]+$/.test(decrypted) || decrypted.length % 2 !== 0) {
+        throw new Error("Wrong password");
+      }
       return decrypted;
     } catch (e7) {
       console.error("Error during decrypting share:", e7);
-      if (e7.message === "unable to decrypt data") {
+      const msg = String(e7?.message || "").toLowerCase();
+      if (msg.includes("unable to decrypt data") || msg.includes("wrong password") || msg.includes("bad decrypt") || msg.includes("auth") || msg.includes("unsupported state") || msg.includes("invalid tag")) {
         throw new Error("Wrong password");
       }
       throw e7;
@@ -104065,6 +104084,8 @@ var SDKErrorCode = /* @__PURE__ */ ((SDKErrorCode2) => {
   SDKErrorCode2["NETWORK_SWITCH_FAILED"] = "NETWORK_SWITCH_FAILED";
   SDKErrorCode2["TRANSACTION_FAILED"] = "TRANSACTION_FAILED";
   SDKErrorCode2["INVALID_PIN"] = "INVALID_PIN";
+  SDKErrorCode2["RECOVERY_FAILED"] = "RECOVERY_FAILED";
+  SDKErrorCode2["UNKNOWN"] = "UNKNOWN";
   return SDKErrorCode2;
 })(SDKErrorCode || {});
 var SDKError = class extends Error {
@@ -104328,10 +104349,25 @@ var WalletService = class {
           "INVALID_PARAMS" /* INVALID_PARAMS */
         );
       }
+      const walletInfo = await this.walletClient.getWallet();
+      const serverAddr = this.normalizeAddr(walletInfo?.address);
+      const expectedShareLen = String(walletInfo?.share1 ?? "").length;
       const decryptShareOrThrow = (encryptedShare) => {
         try {
-          return Crypto.decryptShare(encryptedShare, password, firebaseId);
+          const share = Crypto.decryptShare(
+            encryptedShare,
+            password,
+            firebaseId
+          );
+          if (expectedShareLen > 0 && share.length !== expectedShareLen) {
+            throw new SDKError(
+              "Incorrect PIN code",
+              "INVALID_PASSWORD" /* INVALID_PASSWORD */
+            );
+          }
+          return share;
         } catch (e7) {
+          if (e7 instanceof SDKError) throw e7;
           if (this.isInvalidPasswordError(e7)) {
             throw new SDKError(
               "Incorrect PIN code",
@@ -104342,8 +104378,6 @@ var WalletService = class {
           throw e7;
         }
       };
-      const walletInfo = await this.walletClient.getWallet();
-      const serverAddr = this.normalizeAddr(walletInfo?.address);
       let share2 = await LocalForage.get(
         STORAGE_KEYS.share2(this.orgHost)
       );
@@ -104366,8 +104400,8 @@ var WalletService = class {
           const derivedAddr2 = this.normalizeAddr(wallet2.address);
           if (this.addressesMismatch(serverAddr, derivedAddr2)) {
             throw new SDKError(
-              `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr2}`,
-              "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
+              "Incorrect PIN code",
+              "INVALID_PASSWORD" /* INVALID_PASSWORD */
             );
           }
           const newShares = await Secrets.split(wallet2.privateKey, 3, 2);
@@ -104402,10 +104436,7 @@ var WalletService = class {
       const wallet = new Wallet(privateKey);
       const derivedAddr = this.normalizeAddr(wallet.address);
       if (this.addressesMismatch(serverAddr, derivedAddr)) {
-        throw new SDKError(
-          `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr}`,
-          "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
-        );
+        throw new SDKError("Incorrect PIN code", "INVALID_PASSWORD" /* INVALID_PASSWORD */);
       }
       await this.ensureDeviceEncryptedShare2(share2, firebaseId);
       this.walletAddress = wallet.address;