smartledger-bsv 3.0.0

package/lib/crypto/hash.node.js

@@ -0,0 +1,171 @@
+'use strict'
+
+var crypto = require('crypto')
+var $ = require('../util/preconditions')
+
+var Hash = module.exports
+
+/**
+ * A SHA or SHA1 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-1
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha1 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return crypto.createHash('sha1').update(buf).digest()
+}
+
+Hash.sha1.blocksize = 512
+
+/**
+ * A SHA256 hash, which is always 256 bits or 32 bytes long.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return crypto.createHash('sha256').update(buf).digest()
+}
+
+Hash.sha256.blocksize = 512
+
+/**
+ * A double SHA256 hash, which is always 256 bits or 32 bytes bytes long. This
+ * hash function is commonly used inside Bitcoin, particularly for the hash of a
+ * block and the hash of a transaction.
+ *
+ * See:
+ * https://www.movable-type.co.uk/scripts/sha256.html
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256sha256 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return Hash.sha256(Hash.sha256(buf))
+}
+
+/**
+ * A RIPEMD160 hash, which is always 160 bits or 20 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return crypto.createHash('ripemd160').update(buf).digest()
+}
+/**
+ * A RIPEMD160 hash of a SHA256 hash, which is always 160 bits or 20 bytes long.
+ * This value is commonly used inside Bitcoin, particularly for Bitcoin
+ * addresses.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/RIPEMD
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha256ripemd160 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return Hash.ripemd160(Hash.sha256(buf))
+}
+
+/**
+ * A SHA512 hash, which is always 512 bits or 64 bytes long.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/SHA-2
+ *
+ * @param {Buffer} buf Data, a.k.a. pre-image, which can be any size.
+ * @returns {Buffer} The hash in the form of a buffer.
+ */
+Hash.sha512 = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf))
+  return crypto.createHash('sha512').update(buf).digest()
+}
+
+Hash.sha512.blocksize = 1024
+
+/**
+ * A way to do HMAC using any underlying hash function. If you ever find that
+ * you want to hash two pieces of data together, you should use HMAC instead of
+ * just using a hash function. Rather than doing hash(data1 + data2) you should
+ * do HMAC(data1, data2). Actually, rather than use HMAC directly, we recommend
+ * you use either sha256hmac or sha515hmac provided below.
+ *
+ * See:
+ * https://en.wikipedia.org/wiki/Length_extension_attack
+ * https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
+ *
+ * @param {function} hashf Which hash function to use.
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.hmac = function (hashf, data, key) {
+  // http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+  // http://tools.ietf.org/html/rfc4868#section-2
+  $.checkArgument(Buffer.isBuffer(data))
+  $.checkArgument(Buffer.isBuffer(key))
+  $.checkArgument(hashf.blocksize)
+
+  var blocksize = hashf.blocksize / 8
+
+  if (key.length > blocksize) {
+    key = hashf(key)
+  } else if (key < blocksize) {
+    var fill = Buffer.alloc(blocksize)
+    fill.fill(0)
+    key.copy(fill)
+    key = fill
+  }
+
+  var oKey = Buffer.alloc(blocksize)
+  oKey.fill(0x5c)
+
+  var iKey = Buffer.alloc(blocksize)
+  iKey.fill(0x36)
+
+  var oKeyPad = Buffer.alloc(blocksize)
+  var iKeyPad = Buffer.alloc(blocksize)
+  for (var i = 0; i < blocksize; i++) {
+    oKeyPad[i] = oKey[i] ^ key[i]
+    iKeyPad[i] = iKey[i] ^ key[i]
+  }
+
+  return hashf(Buffer.concat([oKeyPad, hashf(Buffer.concat([iKeyPad, data]))]))
+}
+
+/**
+ * A SHA256 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha256hmac = function (data, key) {
+  return Hash.hmac(Hash.sha256, data, key)
+}
+
+/**
+ * A SHA512 HMAC.
+ *
+ * @param {Buffer} data Data, which can be any size.
+ * @param {Buffer} key Key, which can be any size.
+ * @returns {Buffer} The HMAC in the form of a buffer.
+ */
+Hash.sha512hmac = function (data, key) {
+  return Hash.hmac(Hash.sha512, data, key)
+}

package/lib/crypto/point.js

@@ -0,0 +1,217 @@
+'use strict'
+
+var BN = require('./bn')
+
+var EC = require('elliptic').ec
+var ec = new EC('secp256k1')
+var ecPoint = ec.curve.point.bind(ec.curve)
+var ecPointFromX = ec.curve.pointFromX.bind(ec.curve)
+
+/**
+ * Instantiate a valid secp256k1 Point from the X and Y coordinates. This class
+ * is just an extension of the secp256k1 code from the library "elliptic" by
+ * Fedor Indutny. It includes a few extra features that are useful in Bitcoin.
+ *
+ * @param {BN|String} x - The X coordinate
+ * @param {BN|String} y - The Y coordinate
+ * @link https://github.com/indutny/elliptic
+ * @augments elliptic.curve.point
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of Point
+ * @constructor
+ */
+var Point = function Point (x, y, isRed) {
+  try {
+    var point = ecPoint(x, y, isRed)
+  } catch (e) {
+    throw new Error('Invalid Point')
+  }
+  point.validate()
+  return point
+}
+
+Point.prototype = Object.getPrototypeOf(ec.curve.point())
+
+/**
+ *
+ * Instantiate a valid secp256k1 Point from only the X coordinate. This is
+ * useful to rederive a full point from the compressed form of a point.
+ *
+ * @param {boolean} odd - If the Y coordinate is odd
+ * @param {BN|String} x - The X coordinate
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of Point
+ */
+Point.fromX = function fromX (odd, x) {
+  try {
+    var point = ecPointFromX(x, odd)
+  } catch (e) {
+    throw new Error('Invalid X')
+  }
+  point.validate()
+  return point
+}
+
+/**
+ *
+ * Will return a secp256k1 ECDSA base point.
+ *
+ * @link https://en.bitcoin.it/wiki/Secp256k1
+ * @returns {Point} An instance of the base point.
+ */
+Point.getG = function getG () {
+  return ec.curve.g
+}
+
+/**
+ *
+ * Will return the max of range of valid private keys as governed by the
+ * secp256k1 ECDSA standard.
+ *
+ * @link https://en.bitcoin.it/wiki/Private_key#Range_of_valid_ECDSA_private_keys
+ * @returns {BN} A BN instance of the number of points on the curve
+ */
+Point.getN = function getN () {
+  return new BN(ec.curve.n.toArray())
+}
+
+if (!Point.prototype._getX) { Point.prototype._getX = Point.prototype.getX }
+
+/**
+ * Will return the X coordinate of the Point.
+ *
+ * @returns {BN} A BN instance of the X coordinate
+ */
+Point.prototype.getX = function getX () {
+  return new BN(this._getX().toArray())
+}
+
+if (!Point.prototype._getY) { Point.prototype._getY = Point.prototype.getY }
+
+/**
+ * Will return the Y coordinate of the Point.
+ *
+ * @returns {BN} A BN instance of the Y coordinate
+ */
+Point.prototype.getY = function getY () {
+  return new BN(this._getY().toArray())
+}
+
+/**
+ * Will determine if the point is valid.
+ *
+ * @link https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
+ * @throws {Error} A validation error if exists
+ * @returns {Point} An instance of the same Point
+ */
+Point.prototype.validate = function validate () {
+  if (this.isInfinity()) {
+    throw new Error('Point cannot be equal to Infinity')
+  }
+
+  var p2
+  try {
+    p2 = ecPointFromX(this.getX(), this.getY().isOdd())
+  } catch (e) {
+    throw new Error('Point does not lie on the curve')
+  }
+
+  if (p2.y.cmp(this.y) !== 0) {
+    throw new Error('Invalid y value for curve.')
+  }
+
+  // todo: needs test case
+  if (!(this.mul(Point.getN()).isInfinity())) {
+    throw new Error('Point times N must be infinity')
+  }
+
+  return this
+}
+
+/**
+ * A "compressed" format point is the X part of the (X, Y) point plus an extra
+ * bit (which takes an entire byte) to indicate whether the Y value is odd or
+ * not. Storing points this way takes a bit less space, but requires a bit more
+ * computation to rederive the full point.
+ *
+ * @param {Point} point An instance of Point.
+ * @returns {Buffer} A compressed point in the form of a buffer.
+ */
+Point.pointToCompressed = function pointToCompressed (point) {
+  var xbuf = point.getX().toBuffer({ size: 32 })
+  var ybuf = point.getY().toBuffer({ size: 32 })
+
+  var prefix
+  var odd = ybuf[ybuf.length - 1] % 2
+  if (odd) {
+    prefix = Buffer.from([0x03])
+  } else {
+    prefix = Buffer.from([0x02])
+  }
+  return Buffer.concat([prefix, xbuf])
+}
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} buf A compressed point.
+ * @returns {Point} A Point.
+ */
+Point.pointFromCompressed = function (buf) {
+  if (buf.length !== 33) {
+    throw new Error('invalid buffer length')
+  }
+  let prefix = buf[0]
+  let odd
+  if (prefix === 0x03) {
+    odd = true
+  } else if (prefix === 0x02) {
+    odd = false
+  } else {
+    throw new Error('invalid value of compressed prefix')
+  }
+
+  let xbuf = buf.slice(1, 33)
+  let x = BN.fromBuffer(xbuf)
+  return Point.fromX(odd, x)
+}
+
+/**
+ * Convert point to a compressed buffer.
+ *
+ * @returns {Buffer} A compressed point.
+ */
+Point.prototype.toBuffer = function () {
+  return Point.pointToCompressed(this)
+}
+
+/**
+ * Convert point to a compressed hex string.
+ *
+ * @returns {string} A compressed point as a hex string.
+ */
+Point.prototype.toHex = function () {
+  return this.toBuffer().toString('hex')
+}
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} buf A compressed point.
+ * @returns {Point} A Point.
+ */
+Point.fromBuffer = function (buf) {
+  return Point.pointFromCompressed(buf)
+}
+
+/**
+ * Converts a compressed buffer into a point.
+ *
+ * @param {Buffer} hex A compressed point as a hex string.
+ * @returns {Point} A Point.
+ */
+Point.fromHex = function (hex) {
+  return Point.fromBuffer(Buffer.from(hex, 'hex'))
+}
+
+module.exports = Point

package/lib/crypto/random.js

@@ -0,0 +1,37 @@
+'use strict'
+
+function Random () {
+}
+
+/* secure random bytes that sometimes throws an error due to lack of entropy */
+Random.getRandomBuffer = function (size) {
+  if (process.browser) { return Random.getRandomBufferBrowser(size) } else { return Random.getRandomBufferNode(size) }
+}
+
+Random.getRandomBufferNode = function (size) {
+  var crypto = require('crypto')
+  return crypto.randomBytes(size)
+}
+
+Random.getRandomBufferBrowser = function (size) {
+  if (!window.crypto && !window.msCrypto) {
+    throw new Error('window.crypto not available')
+  }
+  var crypto
+
+  if (window.crypto && window.crypto.getRandomValues) {
+    crypto = window.crypto
+  } else if (window.msCrypto && window.msCrypto.getRandomValues) { // internet explorer
+    crypto = window.msCrypto
+  } else {
+    throw new Error('window.crypto.getRandomValues not available')
+  }
+
+  var bbuf = new Uint8Array(size)
+  crypto.getRandomValues(bbuf)
+  var buf = Buffer.from(bbuf)
+
+  return buf
+}
+
+module.exports = Random