quantumcoin 7.0.9 → 7.0.11

package/src/utils/hashing.js

@@ -7,9 +7,7 @@
  */
 
 const crypto = require("crypto");
-const { MessagePrefix } = require("../constants");
 const { arrayify, bytesToHex, utf8ToBytes } = require("../internal/hex");
-const { concat } = require("./encoding");
 
 const _MASK64 = (1n << 64n) - 1n;
 
@@ -192,18 +190,6 @@ function ripemd160(data) {
   return _hash("ripemd160", data);
 }
 
-/**
- * EIP-191 personal-sign message digest (ethers.js hashMessage pattern).
- * Prefixes message with MessagePrefix and decimal length, then keccak256.
- * If message is a string, it is converted to UTF-8 bytes first.
- * @param {string|Uint8Array} message
- * @returns {string} Hex digest
- */
-function hashMessage(message) {
-  const msgBytes = typeof message === "string" ? utf8ToBytes(message) : arrayify(message);
-  return keccak256(concat([utf8ToBytes(MessagePrefix), utf8ToBytes(String(msgBytes.length)), msgBytes]));
-}
-
 /**
  * ethers-style id(text) => keccak256(utf8Bytes(text))
  * @param {string} text
@@ -230,8 +216,8 @@ function randomBytes(length) {
  * @returns {string}
  */
 function computeHmac(algorithm, key, data) {
-  const k = arrayify(key);
-  const d = arrayify(data);
+  const k = typeof key === "string" ? utf8ToBytes(key) : arrayify(key);
+  const d = typeof data === "string" ? utf8ToBytes(data) : arrayify(data);
   const h = crypto.createHmac(algorithm, Buffer.from(k)).update(Buffer.from(d)).digest();
   return bytesToHex(new Uint8Array(h));
 }
@@ -246,8 +232,8 @@ function computeHmac(algorithm, key, data) {
  * @returns {string}
  */
 function pbkdf2(password, salt, iterations, keylen, algorithm) {
-  const p = arrayify(password);
-  const s = arrayify(salt);
+  const p = typeof password === "string" ? utf8ToBytes(password) : arrayify(password);
+  const s = typeof salt === "string" ? utf8ToBytes(salt) : arrayify(salt);
   const a = algorithm || "sha256";
   const out = crypto.pbkdf2Sync(Buffer.from(p), Buffer.from(s), iterations, keylen, a);
   return bytesToHex(new Uint8Array(out));
@@ -264,8 +250,8 @@ function pbkdf2(password, salt, iterations, keylen, algorithm) {
  * @returns {Promise<string>}
  */
 function scrypt(password, salt, N, r, p, dkLen) {
-  const pw = arrayify(password);
-  const sa = arrayify(salt);
+  const pw = typeof password === "string" ? utf8ToBytes(password) : arrayify(password);
+  const sa = typeof salt === "string" ? utf8ToBytes(salt) : arrayify(salt);
   return new Promise((resolve, reject) => {
     crypto.scrypt(
       Buffer.from(pw),
@@ -291,15 +277,14 @@ function scrypt(password, salt, N, r, p, dkLen) {
  * @returns {string}
  */
 function scryptSync(password, salt, N, r, p, dkLen) {
-  const pw = arrayify(password);
-  const sa = arrayify(salt);
+  const pw = typeof password === "string" ? utf8ToBytes(password) : arrayify(password);
+  const sa = typeof salt === "string" ? utf8ToBytes(salt) : arrayify(salt);
   const out = crypto.scryptSync(Buffer.from(pw), Buffer.from(sa), dkLen, { N, r, p, maxmem: 257 * 1024 * 1024 }); //257 instead of 256 for buffer for compat for N=262144, r=8, p=1
   return bytesToHex(new Uint8Array(out));
 }
 
 module.exports = {
   keccak256,
-  hashMessage,
   sha256,
   sha512,
   ripemd160,

package/src/utils/index.d.ts

@@ -12,7 +12,6 @@ declare const _exports: {
     encodeRlp(value: any): string;
     decodeRlp(data: string): any;
     keccak256(data: string | Uint8Array): string;
-    hashMessage(message: string | Uint8Array): string;
     sha256(data: string | Uint8Array): string;
     sha512(data: string | Uint8Array): string;
     ripemd160(data: string | Uint8Array): string;
@@ -59,8 +58,6 @@ declare const _exports: {
     }): string;
     getCreate2Address(from: string, salt: string, initCodeHash: string): string;
     computeAddress(key: string | Uint8Array): string;
-    verifyMessage(message: string | Uint8Array, signature: string): string;
-    recoverAddress(message: string | Uint8Array, signature: string): string;
     FixedNumber: typeof import("./fixednumber").FixedNumber;
 };
 export = _exports;

package/src/utils/rlp.js

@@ -110,7 +110,10 @@ function _readLen(bytes, offset, lenOfLen) {
   return len;
 }
 
-function _decode(bytes, start, end) {
+const MAX_RLP_DEPTH = 64;
+
+function _decode(bytes, start, end, depth) {
+  if (depth > MAX_RLP_DEPTH) throw new Error("RLP: maximum nesting depth exceeded");
   if (start >= end) throw new Error("RLP: empty input");
   const prefix = bytes[start];
 
@@ -149,7 +152,7 @@ function _decode(bytes, start, end) {
     const out = [];
     let pos = dataStart;
     while (pos < dataEnd) {
-      const decoded = _decode(bytes, pos, dataEnd);
+      const decoded = _decode(bytes, pos, dataEnd, depth + 1);
       out.push(decoded.value);
       pos = decoded.next;
     }
@@ -166,7 +169,7 @@ function _decode(bytes, start, end) {
   const out = [];
   let pos = dataStart;
   while (pos < dataEnd) {
-    const decoded = _decode(bytes, pos, dataEnd);
+    const decoded = _decode(bytes, pos, dataEnd, depth + 1);
     out.push(decoded.value);
     pos = decoded.next;
   }
@@ -191,7 +194,7 @@ function encodeRlp(value) {
 function decodeRlp(data) {
   if (typeof data !== "string") throw new TypeError("RLP data must be a hex string");
   const bytes = arrayify(data);
-  const decoded = _decode(bytes, 0, bytes.length);
+  const decoded = _decode(bytes, 0, bytes.length, 0);
   if (decoded.next !== bytes.length) throw new Error("RLP: trailing data");
   return decoded.value;
 }

package/src/wallet/wallet.d.ts

@@ -38,14 +38,9 @@ export class BaseWallet extends AbstractSigner {
     _qcWallet: any;
     /** @type {string} */
     address: string;
+    readonly publicKey: string;
+    readonly seed: string | null;
     getAddress(): Promise<string>;
-    /**
-     * Sign a message synchronously.
-     * Signature format: combined publicKey+signature as a hex string.
-     * @param {string|Uint8Array} message
-     * @returns {string}
-     */
-    signMessageSync(message: string | Uint8Array): string;
     /**
      * Sign a transaction using quantum-coin-js-sdk signRawTransaction().
      * @param {import("../providers/provider").TransactionRequest} tx
@@ -77,12 +72,6 @@ export class Wallet extends BaseWallet {
      * @returns {Wallet}
      */
     static createRandom(provider?: import("../providers/provider").AbstractProvider | undefined, keyType?: number | null): Wallet;
-    /**
-     * Creates a new random seed word list (32 words for keyType 3, 36 for keyType 5).
-     * @param {number|null=} keyType  Optional key type: null (default=3), 3, or 5
-     * @returns {string[]}
-     */
-    static createRandomSeed(keyType?: number | null): string[];
     /**
      * Creates a wallet from raw seed bytes.
      * @param {number[]} seed  Raw seed bytes: 64 (keyType 3), 72 (keyType 5), or 96 (legacy)
@@ -148,6 +137,15 @@ export class Wallet extends BaseWallet {
      * @returns {string}
      */
     encryptSync(password: string | Uint8Array): string;
+    /**
+     * Encrypts raw seed bytes into a wallet JSON string (version 5 pre-expansion format).
+     * The resulting JSON can be opened with `Wallet.fromEncryptedJsonSync()` or
+     * Desktop/Mobile/Web/CLI wallet applications.
+     * @param {number[]|Uint8Array} seed  Raw seed bytes: 64 (keyType 3), 72 (keyType 5), or 96 (legacy)
+     * @param {string|Uint8Array} password  Passphrase (at least 12 characters)
+     * @returns {string}
+     */
+    static encryptSeedSync(seed: number[] | Uint8Array, password: string | Uint8Array): string;
     /**
      * Returns a new wallet connected to a provider.
      * @param {import("../providers/provider").AbstractProvider} provider

package/src/wallet/wallet.js

@@ -10,24 +10,52 @@
 
 const qcsdk = require("quantum-coin-js-sdk");
 const { JsonRpcProvider } = require("../providers/json-rpc-provider");
-const { assertArgument, makeError } = require("../errors");
+const { assertArgument, assertSecretArgument, makeError } = require("../errors");
 const { arrayify, bytesToHex, hexToBytes, isHexString, normalizeHex } = require("../internal/hex");
-const { hashMessage } = require("../utils/hashing");
 const { getAddress } = require("../utils/address");
 const { WeiPerEther } = require("../constants");
 
 function _requireInitialized() {
   // eslint-disable-next-line global-require
-  const { isInitialized } = require("../../config");
-  if (!isInitialized()) {
-    throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "wallet" });
+  const { isInitialized, getInitializationPromise } = require("../../config");
+  if (isInitialized()) return;
+  if (getInitializationPromise() != null) {
+    throw makeError(
+      "QuantumCoin SDK is still initializing. Await the Initialize() promise before using SDK methods.",
+      "UNKNOWN_ERROR",
+      { operation: "requireInitialized" },
+    );
   }
+  throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "wallet" });
 }
 
 function _bytesToNumberArray(bytes) {
   return Array.from(bytes);
 }
 
+const _maxSafeInt = 0x1fffffffffffffn; // 2^53 - 1
+
+function _getBigInt(value, name) {
+  if (typeof value === "bigint") return value;
+  if (typeof value === "number") {
+    assertArgument(Number.isInteger(value), "underflow", name, value);
+    assertArgument(value >= -Number(_maxSafeInt) && value <= Number(_maxSafeInt), "overflow", name, value);
+    return BigInt(value);
+  }
+  if (typeof value === "string") {
+    if (value === "0x" || value === "0X") return 0n;
+    try { return BigInt(value); }
+    catch { assertArgument(false, "invalid BigNumberish string", name, value); }
+  }
+  assertArgument(false, "invalid BigNumberish", name, value);
+}
+
+function _getNumber(value, name) {
+  const bi = _getBigInt(value, name);
+  assertArgument(bi >= -_maxSafeInt && bi <= _maxSafeInt, "overflow", name, value);
+  return Number(bi);
+}
+
 /**
  * SigningKey wrapper (PQC private/public key bytes).
  */
@@ -37,9 +65,18 @@ class SigningKey {
    * @param {Uint8Array} publicKeyBytes
    */
   constructor(privateKeyBytes, publicKeyBytes) {
-    this.privateKeyBytes = new Uint8Array(privateKeyBytes);
+    Object.defineProperty(this, "privateKeyBytes", {
+      enumerable: false,
+      configurable: false,
+      writable: false,
+      value: new Uint8Array(privateKeyBytes),
+    });
     this.publicKeyBytes = new Uint8Array(publicKeyBytes);
   }
+
+  toJSON() {
+    return {};
+  }
 }
 
 /**
@@ -71,56 +108,52 @@ class BaseWallet extends AbstractSigner {
   constructor(signingKey, provider, precomputed, qcWallet) {
     super(provider || null);
     _requireInitialized();
-    this.signingKey = signingKey;
-    this._qcWallet = qcWallet || null;
+
+    Object.defineProperty(this, "signingKey", {
+      enumerable: false,
+      configurable: false,
+      writable: false,
+      value: signingKey,
+    });
+    Object.defineProperty(this, "_qcWallet", {
+      enumerable: false,
+      configurable: true,
+      writable: true,
+      value: qcWallet || null,
+    });
 
     /** @type {string} */
     this.address = precomputed?.address || "";
 
     Object.defineProperty(this, "privateKey", {
-      enumerable: true,
+      enumerable: false,
       get: () => bytesToHex(this.signingKey.privateKeyBytes),
     });
+
+    Object.defineProperty(this, "publicKey", {
+      enumerable: true,
+      get: () => bytesToHex(this.signingKey.publicKeyBytes),
+    });
+
+    Object.defineProperty(this, "_seed", {
+      enumerable: false,
+      configurable: true,
+      writable: true,
+      value: null,
+    });
+
+    Object.defineProperty(this, "seed", {
+      enumerable: false,
+      get: () => this._seed,
+    });
   }
 
-  async getAddress() {
-    return this.address;
+  toJSON() {
+    return { address: this.address };
   }
 
-  /**
-   * Sign a message synchronously.
-   * Signature format: combined publicKey+signature as a hex string.
-   * @param {string|Uint8Array} message
-   * @returns {string}
-   */
-  signMessageSync(message) {
-    _requireInitialized();
-    const digestHex = hashMessage(message);
-    const digest = hexToBytes(digestHex);
-    const signResult = qcsdk.sign(this.signingKey.privateKeyBytes, digest, null);
-    if (signResult.resultCode !== 0) {
-      throw makeError("sign failed", "UNKNOWN_ERROR", { resultCode: signResult.resultCode });
-    }
-    const sigBytes = signResult.signature;
-    if (!sigBytes) throw makeError("sign returned no signature", "UNKNOWN_ERROR", {});
-    const sigArr = Array.from(sigBytes instanceof Uint8Array ? sigBytes : sigBytes);
-    let combined = qcsdk.combinePublicKeySignature(
-      _bytesToNumberArray(this.signingKey.publicKeyBytes),
-      sigArr,
-    );
-    if (combined != null && typeof combined === "object") {
-      if (typeof combined.String === "function") combined = combined.String();
-      else if (combined instanceof Uint8Array) combined = bytesToHex(combined);
-      else if (Array.isArray(combined)) combined = bytesToHex(new Uint8Array(combined));
-      else if (typeof combined.length === "number" && combined.length >= 0) combined = bytesToHex(new Uint8Array(Array.from(combined)));
-    }
-    if (combined == null || typeof combined !== "string") {
-      throw makeError("combinePublicKeySignature failed (SDK may not support this key type for message signing)", "UNKNOWN_ERROR", {
-        combinedType: typeof combined,
-        sigLength: sigArr.length,
-      });
-    }
-    return normalizeHex(combined);
+  async getAddress() {
+    return this.address;
   }
 
   /**
@@ -133,27 +166,8 @@ class BaseWallet extends AbstractSigner {
     assertArgument(tx && typeof tx === "object", "invalid tx", "tx", tx);
 
     const toAddress = tx.to == null ? null : getAddress(tx.to);
-    const valueInWei =
-      tx.value == null
-        ? 0n
-        : typeof tx.value === "bigint"
-          ? tx.value
-          : typeof tx.value === "number"
-            ? BigInt(tx.value)
-            : typeof tx.value === "string"
-              ? BigInt(tx.value.startsWith("0x") ? tx.value : tx.value)
-              : 0n;
-
-    const gasLimit =
-      tx.gasLimit == null
-        ? 21000
-        : typeof tx.gasLimit === "bigint"
-          ? Number(tx.gasLimit)
-          : typeof tx.gasLimit === "number"
-            ? tx.gasLimit
-            : typeof tx.gasLimit === "string"
-              ? Number(BigInt(tx.gasLimit))
-              : 21000;
+    const valueInWei = tx.value == null ? 0n : _getBigInt(tx.value, "tx.value");
+    const gasLimit = tx.gasLimit == null ? 21000 : _getNumber(tx.gasLimit, "tx.gasLimit");
 
     const data = tx.data == null ? null : normalizeHex(tx.data);
     const remarks = tx.remarks == null ? null : normalizeHex(tx.remarks);
@@ -299,18 +313,47 @@ class Wallet extends BaseWallet {
   }
 
   /**
-   * Encrypts and serializes this wallet to JSON.
+   * Encrypts and serializes this wallet to JSON. 
    * @param {string|Uint8Array} password
    * @returns {string}
    */
   encryptSync(password) {
     _requireInitialized();
-    const pw = typeof password === "string" ? password : Buffer.from(arrayify(password)).toString("utf8");
+    if (this._seed != null) {
+      return Wallet.encryptSeedSync(hexToBytes(this._seed), password);
+    }
+    const pw = typeof password === "string"
+      ? password.normalize("NFC")
+      : Buffer.from(arrayify(password)).toString("utf8").normalize("NFC");
+    assertSecretArgument(pw.length >= 12, "password must be at least 12 characters", "password");
     const json = qcsdk.serializeEncryptedWallet(this._qcWallet, pw);
     if (typeof json !== "string") throw makeError("serializeEncryptedWallet failed", "UNKNOWN_ERROR", {});
     return json;
   }
 
+  /**
+   * Encrypts raw seed bytes into a wallet JSON string (version 5 pre-expansion format).
+   * The resulting JSON can be opened with `Wallet.fromEncryptedJsonSync()` or
+   * Desktop/Mobile/Web/CLI wallet applications.
+   * @param {number[]|Uint8Array} seed  Raw seed bytes: 64 (keyType 3), 72 (keyType 5), or 96 (legacy)
+   * @param {string|Uint8Array} password  Passphrase (at least 12 characters)
+   * @returns {string}
+   */
+  static encryptSeedSync(seed, password) {
+    _requireInitialized();
+    const seedArr = seed instanceof Uint8Array ? Array.from(seed) : seed;
+    assertArgument(Array.isArray(seedArr), "seed must be an array of numbers or Uint8Array", "seed", seed);
+    const allowedLengths = [64, 72, 96];
+    assertArgument(allowedLengths.includes(seedArr.length), "seed must be 64, 72, or 96 bytes", "seed", seedArr.length);
+    const pw = typeof password === "string"
+      ? password.normalize("NFC")
+      : Buffer.from(arrayify(password)).toString("utf8").normalize("NFC");
+    assertSecretArgument(pw.length >= 12, "password must be at least 12 characters", "password");
+    const json = qcsdk.serializeSeedAsEncryptedWallet(seedArr, pw);
+    if (typeof json !== "string") throw makeError("serializeSeedAsEncryptedWallet failed", "UNKNOWN_ERROR", {});
+    return json;
+  }
+
   /**
    * Returns the recommended signing context for this wallet.
    * Setting fullSign to true may incur additional gas cost.
@@ -335,7 +378,10 @@ class Wallet extends BaseWallet {
    * @returns {Wallet}
    */
   connect(provider) {
-    return new Wallet(this.signingKey, provider);
+    const w = new Wallet(this.signingKey, provider);
+    w._qcWallet = this._qcWallet;
+    w._seed = this._seed;
+    return w;
   }
 
   /**
@@ -349,29 +395,11 @@ class Wallet extends BaseWallet {
     if (keyType != null) {
       assertArgument(keyType === 3 || keyType === 5, "keyType must be null, 3, or 5", "keyType", keyType);
     }
-    const qcWallet = qcsdk.newWallet(keyType ?? null);
-    if (!qcWallet || typeof qcWallet === "number") {
-      throw makeError("newWallet failed", "UNKNOWN_ERROR", { result: qcWallet });
-    }
-    return Wallet._fromQcWallet(qcWallet, provider || null);
-  }
-
-  /**
-   * Creates a new random seed word list (32 words for keyType 3, 36 for keyType 5).
-   * Use the returned words with `Wallet.fromPhrase()` to create a wallet.
-   * @param {number|null=} keyType  Optional key type: null (default=3), 3, or 5
-   * @returns {string[]}
-   */
-  static createRandomSeed(keyType) {
-    _requireInitialized();
-    if (keyType != null) {
-      assertArgument(keyType === 3 || keyType === 5, "keyType must be null, 3, or 5", "keyType", keyType);
-    }
-    const words = qcsdk.newWalletSeed(keyType ?? null);
+    const words = qcsdk.newWalletSeedWords(keyType ?? null);
     if (!words || !Array.isArray(words)) {
-      throw makeError("newWalletSeed failed", "UNKNOWN_ERROR", { result: words });
+      throw makeError("newWalletSeedWords failed", "UNKNOWN_ERROR", { result: words });
     }
-    return words;
+    return Wallet.fromPhrase(words, provider);
   }
 
   /**
@@ -445,8 +473,8 @@ class Wallet extends BaseWallet {
     _requireInitialized();
     const privBytes = typeof privateKey === "string" ? hexToBytes(privateKey) : arrayify(privateKey);
     const pubBytes = typeof publicKey === "string" ? hexToBytes(publicKey) : arrayify(publicKey);
-    assertArgument(privBytes.length > 0, "privateKey must not be empty", "privateKey", privateKey);
-    assertArgument(pubBytes.length > 0, "publicKey must not be empty", "publicKey", publicKey);
+    assertSecretArgument(privBytes.length > 0, "privateKey must not be empty", "privateKey");
+    assertSecretArgument(pubBytes.length > 0, "publicKey must not be empty", "publicKey");
 
     const privArr = _bytesToNumberArray(privBytes);
     const pubArr = _bytesToNumberArray(pubBytes);
@@ -469,15 +497,20 @@ class Wallet extends BaseWallet {
    * @returns {Wallet}
    */
   static _fromQcWallet(qcWallet, provider) {
-    // Preserve key material from quantum-coin-js-sdk Wallet.
-    // newWallet() returns Uint8Array keys; other constructors may return number[].
     const privSrc = qcWallet.privateKey;
     const pubSrc = qcWallet.publicKey;
 
+    if (!privSrc || (privSrc instanceof Uint8Array && privSrc.length === 0) || (Array.isArray(privSrc) && privSrc.length === 0)) {
+      throw makeError("qcWallet.privateKey is empty or missing", "UNKNOWN_ERROR", {});
+    }
+    if (!pubSrc || (pubSrc instanceof Uint8Array && pubSrc.length === 0) || (Array.isArray(pubSrc) && pubSrc.length === 0)) {
+      throw makeError("qcWallet.publicKey is empty or missing", "UNKNOWN_ERROR", {});
+    }
+
     const privBytes =
-      privSrc instanceof Uint8Array ? new Uint8Array(privSrc) : Uint8Array.from(Array.from(privSrc || []).map((n) => (Number(n) & 0xff)));
+      privSrc instanceof Uint8Array ? new Uint8Array(privSrc) : Uint8Array.from(Array.from(privSrc).map((n) => (Number(n) & 0xff)));
     const pubBytes =
-      pubSrc instanceof Uint8Array ? new Uint8Array(pubSrc) : Uint8Array.from(Array.from(pubSrc || []).map((n) => (Number(n) & 0xff)));
+      pubSrc instanceof Uint8Array ? new Uint8Array(pubSrc) : Uint8Array.from(Array.from(pubSrc).map((n) => (Number(n) & 0xff)));
     const key = new SigningKey(privBytes, pubBytes);
 
     const w = new Wallet(key, provider || null);
@@ -486,6 +519,12 @@ class Wallet extends BaseWallet {
     if (typeof qcWallet.address === "string") {
       w.address = normalizeHex(qcWallet.address);
     }
+    if (qcWallet.preExpansionSeed != null) {
+      const seedSrc = qcWallet.preExpansionSeed;
+      const seedBytes =
+        seedSrc instanceof Uint8Array ? seedSrc : Uint8Array.from(Array.from(seedSrc).map((n) => (Number(n) & 0xff)));
+      w._seed = bytesToHex(seedBytes);
+    }
     return w;
   }
 }