@wishknish/knishio-client-js 0.5.2 → 0.6.1

package/src/Wallet.js

@@ -45,119 +45,125 @@ Please visit https://github.com/WishKnish/KnishIO-Client-JS for information.
 
 License: https://github.com/WishKnish/KnishIO-Client-JS/blob/master/LICENSE
 */
-import { shake256 } from 'js-sha3';
-import bigInt from 'big-integer/BigInteger';
+import JsSHA from 'jssha'
 import {
   chunkSubstr,
   isHex,
   randomString
-} from './libraries/strings';
+} from './libraries/strings'
 import {
   generateBatchId,
-  generateBundleHash
-} from './libraries/crypto';
-import BaseX from './libraries/BaseX';
-import TokenUnit from './TokenUnit';
-import Soda from './libraries/Soda';
+  generateBundleHash,
+  generateSecret
+} from './libraries/crypto'
+import TokenUnit from './TokenUnit'
+import WalletCredentialException from './exception/WalletCredentialException'
+import { ml_kem768 as MlKEM768 } from '@noble/post-quantum/ml-kem'
 
 /**
  * Wallet class represents the set of public and private
  * keys to sign Molecules
  */
 export default class Wallet {
-
   /**
    * Class constructor
    *
    * @param {string|null} secret - typically a 2048-character biometric hash
+   * @param {string|null} bundle - 64-character hexadecimal user identifier
    * @param {string} token - slug for the token this wallet is intended for
+   * @param {string|null} address - hexadecimal public key for the signature of this wallet
    * @param {string|null} position - hexadecimal string used to salt the secret and produce one-time signatures
    * @param {string|null} batchId
    * @param {string|null} characters
    */
-  constructor ( {
+  constructor ({
     secret = null,
+    bundle = null,
     token = 'USER',
+    address = null,
     position = null,
     batchId = null,
     characters = null
-  } ) {
-
-    this.token = token;
-    this.balance = 0;
-    this.molecules = {};
+  }) {
+    this.token = token
+    this.balance = 0
+    this.molecules = {}
 
     // Empty values
-    this.key = null;
-    this.address = null;
-    this.privkey = null;
-    this.pubkey = null;
-    this.tokenUnits = [];
-    this.tradeRates = {};
-
-    this.bundle = null;
-    this.batchId = batchId;
-    this.position = position;
-    this.characters = characters;
-
-    if ( secret ) {
-
+    this.key = null
+    this.privkey = null
+    this.pubkey = null
+    this.tokenUnits = []
+    this.tradeRates = {}
+
+    this.address = address
+    this.position = position
+    this.bundle = bundle
+    this.batchId = batchId
+    this.characters = characters
+
+    if (secret) {
       // Set bundle from the secret
-      this.bundle = generateBundleHash( secret );
+      this.bundle = this.bundle || generateBundleHash(secret, 'Wallet::constructor')
 
       // Generate a position for non-shadow wallet if not initialized
-      this.position = this.position || Wallet.generatePosition();
+      this.position = this.position || Wallet.generatePosition()
 
       // Key & address initialization
-      this.key = Wallet.generateKey( {
+      this.key = Wallet.generateKey({
         secret,
         token: this.token,
         position: this.position
-      } );
-      this.address = Wallet.generateAddress( this.key );
-
-      // Soda object initialization
-      this.soda = new Soda( characters );
-
-      // Private & pubkey initialization
-      this.privkey = this.soda.generatePrivateKey( this.key );
-      this.pubkey = this.soda.generatePublicKey( this.privkey );
+      })
+      this.address = this.address || Wallet.generateAddress(this.key)
 
       // Set characters
-      this.characters = this.characters || 'BASE64';
+      this.characters = this.characters || 'BASE64'
+
+      // Initialize ML-KEM keys
+      this.initializeMLKEM()
     }
   }
 
   /**
    * Creates a new Wallet instance
    *
-   * @param {string} secretOrBundle
+   * @param {string|null} secret
+   * @param {string|null} bundle
    * @param {string} token
    * @param {string|null} batchId
    * @param {string|null} characters
    * @return {Wallet}
    */
-  static create ( {
-    secretOrBundle,
+  static create ({
+    secret = null,
+    bundle = null,
     token,
     batchId = null,
     characters = null
-  } ) {
+  }) {
+    let position = null
+
+    // No credentials parameters provided?
+    if (!secret && !bundle) {
+      throw new WalletCredentialException()
+    }
 
-    let secret = Wallet.isBundleHash( secretOrBundle ) ? null : secretOrBundle;
-    let bundle = secret ? generateBundleHash( secret ) : secretOrBundle;
-    let position = secret ? Wallet.generatePosition() : null;
+    // Secret, but no bundle?
+    if (secret && !bundle) {
+      position = Wallet.generatePosition()
+      bundle = generateBundleHash(secret, 'Wallet::create')
+    }
 
     // Wallet initialization
-    let wallet = new Wallet( {
+    return new Wallet({
       secret,
+      bundle,
       token,
       position,
       batchId,
       characters
-    } );
-    wallet.bundle = bundle;
-    return wallet;
+    })
   }
 
   /**
@@ -166,13 +172,12 @@ export default class Wallet {
    * @param {string} maybeBundleHash
    * @return {boolean}
    */
-  static isBundleHash ( maybeBundleHash ) {
-
-    if ( typeof maybeBundleHash !== 'string' ) {
-      return false;
+  static isBundleHash (maybeBundleHash) {
+    if (typeof maybeBundleHash !== 'string') {
+      return false
     }
 
-    return maybeBundleHash.length === 64 && isHex( maybeBundleHash );
+    return maybeBundleHash.length === 64 && isHex(maybeBundleHash)
   }
 
   /**
@@ -181,278 +186,283 @@ export default class Wallet {
    * @param unitsData
    * @return {[]}
    */
-  static getTokenUnits ( unitsData ) {
-    let result = [];
-    unitsData.forEach( unitData => {
-      result.push( TokenUnit.createFromDB( unitData ) );
-    } );
-    return result;
-  }
-
-  /**
-   *
-   * @returns {*[]}
-   */
-  getTokenUnitsData () {
-    const result = [];
-    this.tokenUnits.forEach( tokenUnit => {
-      result.push( tokenUnit.toData() );
-    } );
-    return result;
+  static getTokenUnits (unitsData) {
+    const result = []
+    unitsData.forEach(unitData => {
+      result.push(TokenUnit.createFromDB(unitData))
+    })
+    return result
   }
 
-
   /**
-   * Split token units
+   * Generates a private key for the given parameters
    *
-   * @param {array} units
-   * @param remainderWallet
-   * @param recipientWallet
+   * @param {string} secret
+   * @param {string} token
+   * @param {string} position
+   * @return {string}
    */
-  splitUnits (
-    units, // Array: token unit IDs
-    remainderWallet,
-    recipientWallet = null
-  ) {
-
-    // No units supplied, nothing to split
-    if ( units.length === 0 ) {
-      return;
-    }
+  static generateKey ({
+    secret,
+    token,
+    position
+  }) {
+    // Converting secret to bigInt
+    const bigIntSecret = BigInt(`0x${ secret }`)
 
-    // Init recipient & remainder token units
-    let recipientTokenUnits = [];
-    let remainderTokenUnits = [];
-    this.tokenUnits.forEach( tokenUnit => {
-      if ( units.includes( tokenUnit.id ) ) {
-        recipientTokenUnits.push( tokenUnit );
-      } else {
-        remainderTokenUnits.push( tokenUnit );
-      }
-    } );
+    // Adding new position to the user secret to produce the indexed key
+    const indexedKey = bigIntSecret + BigInt(`0x${ position }`)
 
+    // Hashing the indexed key to produce the intermediate key
+    const intermediateKeySponge = new JsSHA('SHAKE256', 'TEXT')
 
-    // Reset token units to the sending value
-    this.tokenUnits = recipientTokenUnits;
+    intermediateKeySponge.update(indexedKey.toString(16))
 
-    // Set token units to recipient & remainder
-    if ( recipientWallet !== null ) {
-      recipientWallet.tokenUnits = recipientTokenUnits;
+    if (token) {
+      intermediateKeySponge.update(token)
     }
-    remainderWallet.tokenUnits = remainderTokenUnits;
-  }
 
-  /**
-   * @return boolean
-   */
-  isShadow () {
-    return (
-      ( typeof this.position === 'undefined' || null === this.position ) &&
-      ( typeof this.address === 'undefined' || null === this.address )
-    );
+    // Hashing the intermediate key to produce the private key
+    const privateKeySponge = new JsSHA('SHAKE256', 'TEXT')
+    privateKeySponge.update(intermediateKeySponge.getHash('HEX', { outputLen: 8192 }))
+    return privateKeySponge.getHash('HEX', { outputLen: 8192 })
   }
 
   /**
-   * Sets up a batch ID - either using the sender's, or a new one
+   * Generates a wallet address
    *
-   * @param {Wallet} sourceWallet
-   * @param {boolean} isRemainder
+   * @param {string} key
+   * @return {string}
    */
-  initBatchId ( {
-    sourceWallet,
-    isRemainder = false
-  } ) {
+  static generateAddress (key) {
+    // Subdivide private key into 16 fragments of 128 characters each
+    const keyFragments = chunkSubstr(key, 128)
+    // Generating wallet digest
+    const digestSponge = new JsSHA('SHAKE256', 'TEXT')
+
+    for (const index in keyFragments) {
+      let workingFragment = keyFragments[index]
+      for (let fragmentCount = 1; fragmentCount <= 16; fragmentCount++) {
+        const workingSponge = new JsSHA('SHAKE256', 'TEXT')
+        workingSponge.update(workingFragment)
+        workingFragment = workingSponge.getHash('HEX', { outputLen: 512 })
+      }
 
-    if ( sourceWallet.batchId ) {
-      this.batchId = isRemainder ? sourceWallet.batchId : generateBatchId( {} );
+      digestSponge.update(workingFragment)
     }
+
+    // Producing wallet address
+    const outputSponge = new JsSHA('SHAKE256', 'TEXT')
+    outputSponge.update(digestSponge.getHash('HEX', { outputLen: 8192 }))
+    return outputSponge.getHash('HEX', { outputLen: 256 })
   }
 
   /**
-   * Encrypts a message for this wallet instance
    *
-   * @param {object|array} message
-   * @return {object}
+   * @param saltLength
+   * @returns {string}
    */
-  encryptMessage ( message ) {
-
-    const encrypt = {};
-
-    for ( let index = 1, length = arguments.length; index < length; index++ ) {
-      encrypt[ this.soda.shortHash( arguments[ index ] ) ] = this.soda.encrypt( message, arguments[ index ] );
-    }
-
-    return encrypt;
+  static generatePosition (saltLength = 64) {
+    return randomString(saltLength, 'abcdef0123456789')
   }
 
   /**
-   * Uses the current wallet's private key to decrypt the given message
-   *
-   * @param {string|object} message
-   * @return {null|any}
+   * Initializes the ML-KEM key pair
    */
-  decryptMessage ( message ) {
-
-    const pubKey = this.pubkey;
-    let encrypt = message;
-
-    if ( message !== null
-      && typeof message === 'object'
-      && Object.prototype.toString.call( message ) === '[object Object]' ) {
-
-      encrypt = message[ this.soda.shortHash( pubKey ) ] || '';
+  initializeMLKEM () {
+    // Generate a 64-byte (512-bit) seed from the Knish.IO private key
+    const seedHex = generateSecret(this.key, 64)
+
+    // Convert the hex string to a Uint8Array
+    const seed = new Uint8Array(64)
+    for (let i = 0; i < 64; i++) {
+      seed[i] = parseInt(seedHex.substr(i * 2, 2), 16)
     }
 
-    return this.soda.decrypt( encrypt, this.privkey, pubKey );
+    const { publicKey, secretKey } = MlKEM768.keygen(seed)
+    this.pubkey = this.serializeKey(publicKey)
+    this.privkey = secretKey // Note: We're keeping privkey as UInt8Array for security
   }
 
-  /**
-   * @param {string|object} message
-   *
-   * @returns {Buffer|ArrayBuffer|Uint8Array}
-   */
-  decryptBinary ( message ) {
-    const decrypt = this.decryptMessage( message );
-    return ( new BaseX( { characters: 'BASE64' } ) ).decode( decrypt );
+  serializeKey (key) {
+    return btoa(String.fromCharCode.apply(null, key))
+  }
+
+  deserializeKey (serializedKey) {
+    const binaryString = atob(serializedKey)
+    return new Uint8Array(binaryString.length).map((_, i) => binaryString.charCodeAt(i))
   }
 
   /**
-   * @param {Buffer|ArrayBuffer|Uint8Array} message
-   * @returns {{string}}
+   *
+   * @returns {*[]}
    */
-  encryptBinary ( message ) {
-    const arg = Array.from( arguments ).slice( 1 );
-
-    const messageBase64 = ( new BaseX( { characters: 'BASE64' } ) ).encode( message );
-
-    return this.encryptMessage( messageBase64, ...arg );
+  getTokenUnitsData () {
+    const result = []
+    this.tokenUnits.forEach(tokenUnit => {
+      result.push(tokenUnit.toData())
+    })
+    return result
   }
 
   /**
-   * Encrypts a string for the given public keys
+   * Split token units
    *
-   * @param {string} data
-   * @param {string|array} publicKeys
-   * @return {string}
+   * @param {array} units
+   * @param remainderWallet
+   * @param recipientWallet
    */
-  encryptString ( {
-    data,
-    publicKeys
-  } ) {
-
-    if ( data ) {
-
-      // Retrieving sender's encryption public key
-      const publicKey = this.pubkey;
+  splitUnits (
+    units, // Array: token unit IDs
+    remainderWallet,
+    recipientWallet = null
+  ) {
+    // No units supplied, nothing to split
+    if (units.length === 0) {
+      return
+    }
 
-      // If the additional public keys is supplied as a string, convert to array
-      if ( typeof publicKeys === 'string' ) {
-        publicKeys = [ publicKeys ];
+    // Init recipient & remainder token units
+    const recipientTokenUnits = []
+    const remainderTokenUnits = []
+    this.tokenUnits.forEach(tokenUnit => {
+      if (units.includes(tokenUnit.id)) {
+        recipientTokenUnits.push(tokenUnit)
+      } else {
+        remainderTokenUnits.push(tokenUnit)
       }
+    })
 
-      // Encrypting message
-      const encryptedData = this.encryptMessage( data, publicKey, ...publicKeys );
-      return btoa( JSON.stringify( encryptedData ) );
+    // Reset token units to the sending value
+    this.tokenUnits = recipientTokenUnits
 
+    // Set token units to recipient & remainder
+    if (recipientWallet !== null) {
+      recipientWallet.tokenUnits = recipientTokenUnits
     }
-  };
+    remainderWallet.tokenUnits = remainderTokenUnits
+  }
 
   /**
-   * Attempts to decrypt the given string
+   * Create a remainder wallet from the source one
    *
-   * @param {string} data
-   * @param {string|null} fallbackValue
-   * @return {array|object}
+   * @param secret
    */
-  decryptString ( {
-    data,
-    fallbackValue = null
-  } ) {
-
-    if ( data ) {
-      try {
-
-        const decrypted = JSON.parse( atob( data ) );
-        return this.decryptMessage( decrypted ) || fallbackValue;
-
-      } catch ( e ) {
-
-        // Probably not actually encrypted
-        console.error( e );
-        return fallbackValue || data;
-
-      }
-    }
-
-  };
+  createRemainder (secret) {
+    const remainderWallet = Wallet.create({
+      secret,
+      token: this.token,
+      characters: this.characters
+    })
+    remainderWallet.initBatchId({
+      sourceWallet: this,
+      isRemainder: true
+    })
+    return remainderWallet
+  }
 
   /**
-   * Generates a private key for the given parameters
-   *
-   * @param {string} secret
-   * @param {string} token
-   * @param {string} position
-   * @return {string}
+   * @return boolean
    */
-  static generateKey ( {
-    secret,
-    token,
-    position
-  } ) {
-
-    // Converting secret to bigInt
-    const bigIntSecret = bigInt( secret, 16 ),
-      // Adding new position to the user secret to produce the indexed key
-      indexedKey = bigIntSecret.add( bigInt( position, 16 ) ),
-      // Hashing the indexed key to produce the intermediate key
-      intermediateKeySponge = shake256.create( 8192 );
-
-    intermediateKeySponge.update( indexedKey.toString( 16 ) );
-
-    if ( token ) {
-      intermediateKeySponge.update( token );
-    }
-
-    // Hashing the intermediate key to produce the private key
-    return shake256.create( 8192 ).update( intermediateKeySponge.hex() ).hex();
+  isShadow () {
+    return (
+      (typeof this.position === 'undefined' || this.position === null) &&
+      (typeof this.address === 'undefined' || this.address === null)
+    )
   }
 
   /**
-   * Generates a wallet address
+   * Sets up a batch ID - either using the sender's, or a new one
    *
-   * @param {string} key
-   * @return {string}
+   * @param {Wallet} sourceWallet
+   * @param {boolean} isRemainder
    */
-  static generateAddress ( key ) {
-
-    // Subdivide private key into 16 fragments of 128 characters each
-    const keyFragments = chunkSubstr( key, 128 ),
-      // Generating wallet digest
-      digestSponge = shake256.create( 8192 );
-
-    for ( const index in keyFragments ) {
-
-      let workingFragment = keyFragments[ index ];
+  initBatchId ({
+    sourceWallet,
+    isRemainder = false
+  }) {
+    if (sourceWallet.batchId) {
+      this.batchId = isRemainder ? sourceWallet.batchId : generateBatchId({})
+    }
+  }
 
-      for ( let fragmentCount = 1; fragmentCount <= 16; fragmentCount++ ) {
+  async encryptMessage (message, recipientPubkey) {
+    const messageString = JSON.stringify(message)
+    const messageUint8 = new TextEncoder().encode(messageString)
+    const deserializedPubkey = this.deserializeKey(recipientPubkey)
+    const { cipherText, sharedSecret } = MlKEM768.encapsulate(deserializedPubkey)
+    const encryptedMessage = await this.encryptWithSharedSecret(messageUint8, sharedSecret)
+    return {
+      cipherText: this.serializeKey(cipherText),
+      encryptedMessage: this.serializeKey(encryptedMessage)
+    }
+  }
 
-        workingFragment = shake256.create( 512 ).update( workingFragment ).hex();
+  async decryptMessage (encryptedData) {
+    const { cipherText, encryptedMessage } = encryptedData
 
-      }
+    const sharedSecret = MlKEM768.decapsulate(this.deserializeKey(cipherText), this.privkey)
+    const decryptedUint8 = await this.decryptWithSharedSecret(this.deserializeKey(encryptedMessage), sharedSecret)
 
-      digestSponge.update( workingFragment );
-    }
+    const decryptedString = new TextDecoder().decode(decryptedUint8)
+    return JSON.parse(decryptedString)
+  }
 
-    // Producing wallet address
-    return shake256.create( 256 ).update( digestSponge.hex() ).hex();
+  async encryptWithSharedSecret (message, sharedSecret) {
+    const iv = crypto.getRandomValues(new Uint8Array(12))
+    const algorithm = { name: 'AES-GCM', iv }
+
+    // Convert the shared secret to a CryptoKey
+    const key = await crypto.subtle.importKey(
+      'raw',
+      sharedSecret,
+      { name: 'AES-GCM' },
+      false,
+      ['encrypt']
+    )
+
+    // Encrypt the message
+    const encryptedContent = await crypto.subtle.encrypt(
+      algorithm,
+      key,
+      message
+    )
+
+    // Combine IV and encrypted content
+    const result = new Uint8Array(iv.length + encryptedContent.byteLength)
+    result.set(iv)
+    result.set(new Uint8Array(encryptedContent), iv.length)
+
+    return result
   }
 
   /**
-   *
-   * @param saltLength
-   * @returns {string}
+   * Decrypts the given message using the shared secret
+   * @param encryptedMessage
+   * @param sharedSecret
+   * @returns {Promise<Uint8Array>}
    */
-  static generatePosition ( saltLength = 64 ) {
-    return randomString( saltLength, 'abcdef0123456789' );
+  async decryptWithSharedSecret (encryptedMessage, sharedSecret) {
+    // Extract IV from the encrypted message
+    const iv = encryptedMessage.slice(0, 12)
+    const algorithm = { name: 'AES-GCM', iv }
+
+    // Convert the shared secret to a CryptoKey
+    const key = await crypto.subtle.importKey(
+      'raw',
+      sharedSecret,
+      { name: 'AES-GCM' },
+      false,
+      ['decrypt']
+    )
+
+    // Decrypt the message
+    const decryptedContent = await crypto.subtle.decrypt(
+      algorithm,
+      key,
+      encryptedMessage.slice(12)
+    )
+
+    return new Uint8Array(decryptedContent)
   }
 }