hd-wallet-wasm 0.1.9 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +36 -1
  2. package/dist/hd-wallet.js +25 -59
  3. package/dist/hd-wallet.wasm +0 -0
  4. package/dist/index.d.ts +20 -1
  5. package/package.json +1 -1
  6. package/src/index.d.ts +20 -1
  7. package/src/index.mjs +166 -2
package/dist/hd-wallet.wasm CHANGED
Binary file
package/dist/index.d.ts CHANGED
@@ -24,6 +24,14 @@ export interface HDWalletModule {
24
24
  getSupportedCoins(): string[];
25
25
  getSupportedCurves(): string[];
26
26
 
27
+ // OpenSSL FIPS support (when built with HD_WALLET_USE_OPENSSL)
28
+ /** Initialize OpenSSL in FIPS mode. Returns true if FIPS mode activated, false if using fallback. */
29
+ initFips(): boolean;
30
+ /** Check if OpenSSL backend is being used for FIPS algorithms */
31
+ isOpenSSL(): boolean;
32
+ /** Check if running in FIPS mode (OpenSSL FIPS provider active) */
33
+ isOpenSSLFips(): boolean;
34
+
27
35
  // WASI bridge
28
36
  wasiHasFeature(feature: WasiFeature): boolean;
29
37
  wasiGetWarning(feature: WasiFeature): WasiWarning;
@@ -570,7 +578,7 @@ export interface Keyring {
570
578
  // =============================================================================
571
579
 
572
580
  export interface UtilsAPI {
573
- // Hashing
581
+ // Hashing (sync - Crypto++)
574
582
  sha256(data: Uint8Array): Uint8Array;
575
583
  sha512(data: Uint8Array): Uint8Array;
576
584
  keccak256(data: Uint8Array): Uint8Array;
@@ -584,6 +592,17 @@ export interface UtilsAPI {
584
592
  pbkdf2(password: Uint8Array, salt: Uint8Array, iterations: number, length: number): Uint8Array;
585
593
  scrypt(password: Uint8Array, salt: Uint8Array, n: number, r: number, p: number, length: number): Uint8Array;
586
594
 
595
+ // AES-GCM encryption/decryption (WASM/OpenSSL)
596
+ aesGcm: {
597
+ encrypt(key: Uint8Array, plaintext: Uint8Array, iv: Uint8Array, aad?: Uint8Array): { ciphertext: Uint8Array; tag: Uint8Array };
598
+ decrypt(key: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, iv: Uint8Array, aad?: Uint8Array): Uint8Array;
599
+ };
600
+
601
+ // Random number generation
602
+ getRandomBytes(length: number): Uint8Array;
603
+ generateIv(): Uint8Array;
604
+ generateAesKey(bits?: number): Uint8Array;
605
+
587
606
  // Encoding
588
607
  encodeBase58(data: Uint8Array): string;
589
608
  decodeBase58(str: string): Uint8Array;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hd-wallet-wasm",
3
- "version": "0.1.9",
3
+ "version": "0.2.1",
4
4
  "description": "Comprehensive HD Wallet implementation in WebAssembly - BIP-32/39/44, multi-curve, multi-chain support",
5
5
  "type": "module",
6
6
  "main": "src/index.mjs",
package/src/index.d.ts CHANGED
@@ -24,6 +24,14 @@ export interface HDWalletModule {
24
24
  getSupportedCoins(): string[];
25
25
  getSupportedCurves(): string[];
26
26
 
27
+ // OpenSSL FIPS support (when built with HD_WALLET_USE_OPENSSL)
28
+ /** Initialize OpenSSL in FIPS mode. Returns true if FIPS mode activated, false if using fallback. */
29
+ initFips(): boolean;
30
+ /** Check if OpenSSL backend is being used for FIPS algorithms */
31
+ isOpenSSL(): boolean;
32
+ /** Check if running in FIPS mode (OpenSSL FIPS provider active) */
33
+ isOpenSSLFips(): boolean;
34
+
27
35
  // WASI bridge
28
36
  wasiHasFeature(feature: WasiFeature): boolean;
29
37
  wasiGetWarning(feature: WasiFeature): WasiWarning;
@@ -570,7 +578,7 @@ export interface Keyring {
570
578
  // =============================================================================
571
579
 
572
580
  export interface UtilsAPI {
573
- // Hashing
581
+ // Hashing (sync - Crypto++)
574
582
  sha256(data: Uint8Array): Uint8Array;
575
583
  sha512(data: Uint8Array): Uint8Array;
576
584
  keccak256(data: Uint8Array): Uint8Array;
@@ -584,6 +592,17 @@ export interface UtilsAPI {
584
592
  pbkdf2(password: Uint8Array, salt: Uint8Array, iterations: number, length: number): Uint8Array;
585
593
  scrypt(password: Uint8Array, salt: Uint8Array, n: number, r: number, p: number, length: number): Uint8Array;
586
594
 
595
+ // AES-GCM encryption/decryption (WASM/OpenSSL)
596
+ aesGcm: {
597
+ encrypt(key: Uint8Array, plaintext: Uint8Array, iv: Uint8Array, aad?: Uint8Array): { ciphertext: Uint8Array; tag: Uint8Array };
598
+ decrypt(key: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, iv: Uint8Array, aad?: Uint8Array): Uint8Array;
599
+ };
600
+
601
+ // Random number generation
602
+ getRandomBytes(length: number): Uint8Array;
603
+ generateIv(): Uint8Array;
604
+ generateAesKey(bits?: number): Uint8Array;
605
+
587
606
  // Encoding
588
607
  encodeBase58(data: Uint8Array): string;
589
608
  decodeBase58(str: string): Uint8Array;
package/src/index.mjs CHANGED
@@ -9,7 +9,7 @@
9
9
  * - Transaction building and signing
10
10
  *
11
11
  * @module hd-wallet-wasm
12
- * @version 0.1.0
12
+ * @version 0.2.0
13
13
  */
14
14
 
15
15
  // Import aligned API for batch operations
@@ -2219,7 +2219,7 @@ function createModule(wasm) {
2219
2219
  }
2220
2220
  },
2221
2221
 
2222
- // Key derivation
2222
+ // Key derivation (sync - uses Crypto++ in WASM)
2223
2223
  hkdf(ikm, salt, info, length) {
2224
2224
  const ikmPtr = allocAndCopy(wasm, ikm);
2225
2225
  const saltPtr = allocAndCopy(wasm, salt);
@@ -2238,6 +2238,126 @@ function createModule(wasm) {
2238
2238
  }
2239
2239
  },
2240
2240
 
2241
+ // AES-GCM encryption/decryption (uses WASM/Crypto++ or OpenSSL)
2242
+ aesGcm: {
2243
+ /**
2244
+ * Encrypt data with AES-GCM (synchronous WASM)
2245
+ * @param {Uint8Array} key - AES-256 key (32 bytes)
2246
+ * @param {Uint8Array} plaintext - Data to encrypt
2247
+ * @param {Uint8Array} iv - Initialization vector (12 bytes)
2248
+ * @param {Uint8Array} [aad] - Additional authenticated data
2249
+ * @returns {{ciphertext: Uint8Array, tag: Uint8Array}}
2250
+ */
2251
+ encrypt(key, plaintext, iv, aad = new Uint8Array(0)) {
2252
+ if (key.length !== 32) throw new HDWalletError(ErrorCode.INVALID_ARGUMENT, 'Key must be 32 bytes');
2253
+ if (iv.length !== 12) throw new HDWalletError(ErrorCode.INVALID_ARGUMENT, 'IV must be 12 bytes');
2254
+
2255
+ const keyPtr = allocAndCopy(wasm, key);
2256
+ const ptPtr = allocAndCopy(wasm, plaintext);
2257
+ const ivPtr = allocAndCopy(wasm, iv);
2258
+ const aadPtr = aad.length > 0 ? allocAndCopy(wasm, aad) : 0;
2259
+ const ctPtr = wasm._hd_alloc(plaintext.length);
2260
+ const tagPtr = wasm._hd_alloc(16);
2261
+
2262
+ try {
2263
+ const result = wasm._hd_aes_gcm_encrypt(
2264
+ keyPtr, key.length,
2265
+ ptPtr, plaintext.length,
2266
+ ivPtr, iv.length,
2267
+ aadPtr, aad.length,
2268
+ ctPtr, tagPtr
2269
+ );
2270
+ if (result < 0) throw new HDWalletError(-result);
2271
+
2272
+ return {
2273
+ ciphertext: readBytes(wasm, ctPtr, plaintext.length),
2274
+ tag: readBytes(wasm, tagPtr, 16)
2275
+ };
2276
+ } finally {
2277
+ wasm._hd_secure_wipe(keyPtr, key.length);
2278
+ wasm._hd_dealloc(keyPtr);
2279
+ wasm._hd_dealloc(ptPtr);
2280
+ wasm._hd_dealloc(ivPtr);
2281
+ if (aadPtr) wasm._hd_dealloc(aadPtr);
2282
+ wasm._hd_dealloc(ctPtr);
2283
+ wasm._hd_dealloc(tagPtr);
2284
+ }
2285
+ },
2286
+
2287
+ /**
2288
+ * Decrypt data with AES-GCM (synchronous WASM)
2289
+ * @param {Uint8Array} key - AES-256 key (32 bytes)
2290
+ * @param {Uint8Array} ciphertext - Encrypted data
2291
+ * @param {Uint8Array} tag - Authentication tag (16 bytes)
2292
+ * @param {Uint8Array} iv - Initialization vector (12 bytes)
2293
+ * @param {Uint8Array} [aad] - Additional authenticated data
2294
+ * @returns {Uint8Array} Decrypted plaintext
2295
+ * @throws {HDWalletError} If authentication fails
2296
+ */
2297
+ decrypt(key, ciphertext, tag, iv, aad = new Uint8Array(0)) {
2298
+ if (key.length !== 32) throw new HDWalletError(ErrorCode.INVALID_ARGUMENT, 'Key must be 32 bytes');
2299
+ if (iv.length !== 12) throw new HDWalletError(ErrorCode.INVALID_ARGUMENT, 'IV must be 12 bytes');
2300
+ if (tag.length !== 16) throw new HDWalletError(ErrorCode.INVALID_ARGUMENT, 'Tag must be 16 bytes');
2301
+
2302
+ const keyPtr = allocAndCopy(wasm, key);
2303
+ const ctPtr = allocAndCopy(wasm, ciphertext);
2304
+ const ivPtr = allocAndCopy(wasm, iv);
2305
+ const tagPtr = allocAndCopy(wasm, tag);
2306
+ const aadPtr = aad.length > 0 ? allocAndCopy(wasm, aad) : 0;
2307
+ const ptPtr = wasm._hd_alloc(ciphertext.length);
2308
+
2309
+ try {
2310
+ const result = wasm._hd_aes_gcm_decrypt(
2311
+ keyPtr, key.length,
2312
+ ctPtr, ciphertext.length,
2313
+ ivPtr, iv.length,
2314
+ aadPtr, aad.length,
2315
+ tagPtr, ptPtr
2316
+ );
2317
+ if (result < 0) {
2318
+ throw new HDWalletError(
2319
+ result === -2 ? ErrorCode.VERIFICATION_FAILED : -result,
2320
+ result === -2 ? 'AES-GCM authentication failed' : undefined
2321
+ );
2322
+ }
2323
+
2324
+ return readBytes(wasm, ptPtr, ciphertext.length);
2325
+ } finally {
2326
+ wasm._hd_secure_wipe(keyPtr, key.length);
2327
+ wasm._hd_dealloc(keyPtr);
2328
+ wasm._hd_dealloc(ctPtr);
2329
+ wasm._hd_dealloc(ivPtr);
2330
+ wasm._hd_dealloc(tagPtr);
2331
+ if (aadPtr) wasm._hd_dealloc(aadPtr);
2332
+ wasm._hd_dealloc(ptPtr);
2333
+ }
2334
+ }
2335
+ },
2336
+
2337
+ /** Generate cryptographically secure random bytes */
2338
+ getRandomBytes(length) {
2339
+ const bytes = new Uint8Array(length);
2340
+ if (typeof globalThis.crypto !== 'undefined' && globalThis.crypto.getRandomValues) {
2341
+ globalThis.crypto.getRandomValues(bytes);
2342
+ } else {
2343
+ throw new Error('No cryptographic random source available');
2344
+ }
2345
+ return bytes;
2346
+ },
2347
+
2348
+ /** Generate a random IV for AES-GCM (12 bytes) */
2349
+ generateIv() {
2350
+ return this.getRandomBytes(12);
2351
+ },
2352
+
2353
+ /** Generate a random AES key (default 256 bits) */
2354
+ generateAesKey(bits = 256) {
2355
+ if (![128, 192, 256].includes(bits)) {
2356
+ throw new Error('AES key size must be 128, 192, or 256 bits');
2357
+ }
2358
+ return this.getRandomBytes(bits / 8);
2359
+ },
2360
+
2241
2361
  pbkdf2(password, salt, iterations, length) {
2242
2362
  const pwdPtr = allocAndCopy(wasm, password);
2243
2363
  const saltPtr = allocAndCopy(wasm, salt);
@@ -2482,6 +2602,50 @@ function createModule(wasm) {
2482
2602
  return wasm._hd_get_entropy_status();
2483
2603
  },
2484
2604
 
2605
+ // OpenSSL FIPS support
2606
+ /**
2607
+ * Initialize OpenSSL in FIPS mode
2608
+ * @returns {boolean} True if FIPS mode activated, false if using default provider
2609
+ */
2610
+ initFips() {
2611
+ // Check if the function exists (only when built with HD_WALLET_USE_OPENSSL)
2612
+ if (typeof wasm._hd_openssl_init_fips !== 'function') {
2613
+ console.warn('[HD Wallet] OpenSSL not compiled in, skipping FIPS init');
2614
+ return false;
2615
+ }
2616
+ const result = wasm._hd_openssl_init_fips();
2617
+ if (result === 1) {
2618
+ console.log('[HD Wallet] OpenSSL FIPS mode activated');
2619
+ return true;
2620
+ } else if (result === -1) {
2621
+ console.warn('[HD Wallet] FIPS provider not available, using default OpenSSL');
2622
+ wasm._hd_openssl_init_default();
2623
+ return false;
2624
+ } else {
2625
+ console.error('[HD Wallet] Failed to initialize OpenSSL');
2626
+ return false;
2627
+ }
2628
+ },
2629
+
2630
+ /**
2631
+ * Check if OpenSSL backend is being used
2632
+ * @returns {boolean}
2633
+ */
2634
+ isOpenSSL() {
2635
+ return typeof wasm._hd_openssl_init_fips === 'function';
2636
+ },
2637
+
2638
+ /**
2639
+ * Check if running in FIPS mode (OpenSSL FIPS provider active)
2640
+ * @returns {boolean}
2641
+ */
2642
+ isOpenSSLFips() {
2643
+ if (typeof wasm._hd_openssl_is_fips !== 'function') {
2644
+ return false;
2645
+ }
2646
+ return wasm._hd_openssl_is_fips() !== 0;
2647
+ },
2648
+
2485
2649
  // APIs
2486
2650
  mnemonic,
2487
2651
  hdkey,