smartledger-bsv 3.0.0

package/lib/ecies/electrum-ecies.js

@@ -0,0 +1,175 @@
+'use strict'
+
+var bsv = require('../../')
+
+var PublicKey = bsv.PublicKey
+var PrivateKey = bsv.PrivateKey
+var Hash = bsv.crypto.Hash
+var $ = bsv.util.preconditions
+var bitcoreECIES = require('./bitcore-ecies')
+var errors = require('./errors')
+var aesjs = require('aes-js')
+var CBC = aesjs.ModeOfOperation.cbc
+
+var AESCBC = function AESCBC () {}
+
+AESCBC.encrypt = function (messagebuf, keybuf, ivbuf) {
+  $.checkArgument(messagebuf)
+  $.checkArgument(keybuf)
+  $.checkArgument(ivbuf)
+  $.checkArgument(keybuf.length === 16, 'keybuf length must be 16')
+  $.checkArgument(ivbuf.length === 16, 'ivbuf length must be 16')
+  messagebuf = aesjs.padding.pkcs7.pad(messagebuf)
+  var aesCbc = new CBC(keybuf, ivbuf)
+  var encryptedBytes = aesCbc.encrypt(messagebuf)
+  return Buffer.from(encryptedBytes)
+}
+
+AESCBC.decrypt = function (encbuf, keybuf, ivbuf) {
+  $.checkArgument(encbuf)
+  $.checkArgument(keybuf)
+  $.checkArgument(ivbuf)
+  $.checkArgument(keybuf.length === 16, 'keybuf length must be 16')
+  $.checkArgument(ivbuf.length === 16, 'ivbuf length must be 16')
+  var aesCbc = new CBC(keybuf, ivbuf)
+  var decryptedBytes = aesCbc.decrypt(encbuf)
+  return Buffer.from(aesjs.padding.pkcs7.strip(decryptedBytes))
+}
+
+// Electrum BIE1 ECIES
+// Difference from Original Bitcore ECIES:
+//  BIE1:
+//      1.Secret S is compressed P(33 bytes), while Bitcore's Secret is Px(32 bytes). See ivkEkM.
+//      2.use AES-128-CBC instead of AES-256-CBC.
+//      3.IV is retrived from first 16 bytes of Hashed Secret Buffer. See iv
+//      4.key Encryption(kE) is retrived from 17-32 bytes of Hashed Secret Buffer, instead of 1-32 bytes. See kE
+//      5.a magic word 'BIE1' is used to identify message type.
+//      6.ephemeral key is introduced, so you can encrypt messages only with public key.
+//      7.HMAC is whole message.
+//  Notice:
+//      Electrum does not support shortTag nor noKey
+//      Do NOT use those 2 options if you are to send a message to Electrum
+//      Encrypted message is NOT recoverable if you use ephemeral key
+//  Security:
+//
+
+// Default algorithm is set to BIE1, however original Bitcore ECIES is still preserved.
+var ECIES = function ECIES (opts, algorithm = 'BIE1') {
+  if (algorithm !== 'BIE1') throw new errors.UnsupportAlgorithm(algorithm)
+  if (!(this instanceof ECIES)) {
+    return new ECIES(opts, algorithm)
+  }
+  // use ephemeral key if privateKey is not set.
+  this._privateKey = new bsv.PrivateKey()
+  this.opts = opts || {}
+  this.opts.ephemeralKey = true
+}
+
+ECIES.prototype.privateKey = function (privateKey) {
+  $.checkArgument(PrivateKey.isValid(privateKey), 'no private key provided')
+
+  this._privateKey = PrivateKey(privateKey.toHex()) || null
+  this.opts.ephemeralKey = false
+
+  return this
+}
+
+ECIES.prototype.publicKey = function (publicKey) {
+  $.checkArgument(PublicKey.isValid(publicKey), 'no public key provided')
+
+  this._publicKey = PublicKey(publicKey.toString()) || null
+  if (this._publicKey != null) this.opts.fixedPublicKey = true
+
+  return this
+}
+
+var defineProperty = function (name, getter) {
+  var cachedName = '_' + name
+  Object.defineProperty(ECIES.prototype, name, {
+    configurable: false,
+    enumerable: true,
+    get: function () {
+      var value = this[cachedName]
+      value = this[cachedName] = getter.apply(this)
+      return value
+    }
+  })
+}
+
+defineProperty('Rbuf', function () {
+  return this._privateKey.publicKey.toDER(true)
+})
+
+defineProperty('ivkEkM', function () {
+  var r = this._privateKey.bn
+  var KB = this._publicKey.point
+  var P = KB.mul(r)
+  var S = PublicKey(P)
+  var Sbuf = S.toBuffer()
+  return Hash.sha512(Sbuf)
+})
+
+defineProperty('iv', function () {
+  return this.ivkEkM.slice(0, 16)
+})
+
+defineProperty('kE', function () {
+  return this.ivkEkM.slice(16, 32)
+})
+
+defineProperty('kM', function () {
+  return this.ivkEkM.slice(32, 64)
+})
+
+// Encrypts the message (String or Buffer).
+ECIES.prototype.encrypt = function (message) {
+  if (!Buffer.isBuffer(message)) message = Buffer.from(message)
+  var ciphertext = AESCBC.encrypt(message, this.kE, this.iv)
+  var encbuf
+  var BIE1 = Buffer.from('BIE1')
+  if (this.opts.noKey && !this.opts.ephemeralKey) {
+    encbuf = Buffer.concat([BIE1, ciphertext])
+  } else {
+    encbuf = Buffer.concat([BIE1, this.Rbuf, ciphertext])
+  }
+  var hmac = Hash.sha256hmac(encbuf, this.kM)
+  if (this.opts.shortTag) hmac = hmac.slice(0, 4)
+  return Buffer.concat([encbuf, hmac])
+}
+
+ECIES.prototype.decrypt = function (encbuf) {
+  $.checkArgument(Buffer.isBuffer(encbuf), 'ciphetext must be a buffer')
+  var tagLength = 32
+  var offset = 4
+  if (this.opts.shortTag) {
+    tagLength = 4
+  }
+  var magic = encbuf.slice(0, 4)
+  if (!magic.equals(Buffer.from('BIE1'))) {
+    throw new errors.DecryptionError('Invalid Magic')
+  }
+  if (!this.opts.noKey) {
+    var pub
+    // BIE1 use compressed public key, length is always 33.
+    pub = encbuf.slice(4, 37)
+    if (this.opts.fixedPublicKey) console.log('Notice: Overriding PublicKey in message. Consider use "noKey" option if you are not sending message to electrum and do not want to use ephemeral key')
+    else this._publicKey = PublicKey.fromDER(pub)
+    offset = 37
+  }
+
+  var ciphertext = encbuf.slice(offset, encbuf.length - tagLength)
+  var hmac = encbuf.slice(encbuf.length - tagLength, encbuf.length)
+
+  var hmac2 = Hash.sha256hmac(encbuf.slice(0, encbuf.length - tagLength), this.kM)
+  if (this.opts.shortTag) hmac2 = hmac2.slice(0, 4)
+
+  if (!hmac.equals(hmac2)) {
+    throw new errors.DecryptionError('Invalid checksum')
+  }
+
+  return AESCBC.decrypt(ciphertext, this.kE, this.iv)
+}
+
+ECIES.bitcoreECIES = bitcoreECIES
+
+module.exports = ECIES

package/lib/ecies/errors.js

@@ -0,0 +1,16 @@
+'use strict'
+
+var spec = {
+  name: 'ECIES',
+  message: 'Internal Error on bsv-ecies Module {0}',
+  errors: [{
+    name: 'DecryptionError',
+    message: 'Invalid Message: {0}'
+  },
+  {
+    name: 'UnsupportAlgorithm',
+    message: 'Unsupport Algorithm: {0}'
+  }]
+}
+
+module.exports = require('../../').errors.extend(spec)

package/lib/ecies/index.js

@@ -0,0 +1 @@
+module.exports = require('./electrum-ecies')

package/lib/encoding/base58.js

@@ -0,0 +1,108 @@
+'use strict'
+
+var _ = require('../util/_')
+var bs58 = require('bs58')
+var buffer = require('buffer')
+
+/**
+ * The alphabet for the Bitcoin-specific Base 58 encoding distinguishes between
+ * lower case L and upper case i - neither of those characters are allowed to
+ * prevent accidentaly miscopying of letters.
+ */
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.split('')
+
+/**
+ * A Base58 object can encode/decoded Base 58, which is used primarily for
+ * string-formatted Bitcoin addresses and private keys. Addresses and private
+ * keys actually use an additional checksum, and so they actually use the
+ * Base58Check class.
+ *
+ * @param {object} obj Can be a string or buffer.
+ */
+var Base58 = function Base58 (obj) {
+  if (!(this instanceof Base58)) {
+    return new Base58(obj)
+  }
+  if (Buffer.isBuffer(obj)) {
+    var buf = obj
+    this.fromBuffer(buf)
+  } else if (typeof obj === 'string') {
+    var str = obj
+    this.fromString(str)
+  }
+}
+
+Base58.validCharacters = function validCharacters (chars) {
+  if (buffer.Buffer.isBuffer(chars)) {
+    chars = chars.toString()
+  }
+  return _.every(_.map(chars, function (char) { return _.includes(ALPHABET, char) }))
+}
+
+Base58.prototype.set = function (obj) {
+  this.buf = obj.buf || this.buf || undefined
+  return this
+}
+
+/**
+ * Encode a buffer to Bsae 58.
+ *
+ * @param {Buffer} buf Any buffer to be encoded.
+ * @returns {string} A Base 58 encoded string.
+ */
+Base58.encode = function (buf) {
+  if (!buffer.Buffer.isBuffer(buf)) {
+    throw new Error('Input should be a buffer')
+  }
+  return bs58.encode(buf)
+}
+
+/**
+ * Decode a Base 58 string to a buffer.
+ *
+ * @param {string} str A Base 58 encoded string.
+ * @returns {Buffer} The decoded buffer.
+ */
+Base58.decode = function (str) {
+  if (typeof str !== 'string') {
+    throw new Error('Input should be a string')
+  }
+  return Buffer.from(bs58.decode(str))
+}
+
+Base58.prototype.fromBuffer = function (buf) {
+  this.buf = buf
+  return this
+}
+
+Base58.fromBuffer = function (buf) {
+  return new Base58().fromBuffer(buf)
+}
+
+Base58.fromHex = function (hex) {
+  return Base58.fromBuffer(Buffer.from(hex, 'hex'))
+}
+
+Base58.prototype.fromString = function (str) {
+  var buf = Base58.decode(str)
+  this.buf = buf
+  return this
+}
+
+Base58.fromString = function (str) {
+  return new Base58().fromString(str)
+}
+
+Base58.prototype.toBuffer = function () {
+  return this.buf
+}
+
+Base58.prototype.toHex = function () {
+  return this.toBuffer().toString('hex')
+}
+
+Base58.prototype.toString = function () {
+  return Base58.encode(this.buf)
+}
+
+module.exports = Base58

package/lib/encoding/base58check.js

@@ -0,0 +1,112 @@
+'use strict'
+
+var _ = require('../util/_')
+var Base58 = require('./base58')
+var buffer = require('buffer')
+var sha256sha256 = require('../crypto/hash').sha256sha256
+
+/**
+ * A Base58check object can encode/decodd Base 58, which is used primarily for
+ * string-formatted Bitcoin addresses and private keys. This is the same as
+ * Base58, except that it includes a checksum to prevent accidental mistypings.
+ *
+ * @param {object} obj Can be a string or buffer.
+ */
+var Base58Check = function Base58Check (obj) {
+  if (!(this instanceof Base58Check)) { return new Base58Check(obj) }
+  if (Buffer.isBuffer(obj)) {
+    var buf = obj
+    this.fromBuffer(buf)
+  } else if (typeof obj === 'string') {
+    var str = obj
+    this.fromString(str)
+  }
+}
+
+Base58Check.prototype.set = function (obj) {
+  this.buf = obj.buf || this.buf || undefined
+  return this
+}
+
+Base58Check.validChecksum = function validChecksum (data, checksum) {
+  if (_.isString(data)) {
+    data = buffer.Buffer.from(Base58.decode(data))
+  }
+  if (_.isString(checksum)) {
+    checksum = buffer.Buffer.from(Base58.decode(checksum))
+  }
+  if (!checksum) {
+    checksum = data.slice(-4)
+    data = data.slice(0, -4)
+  }
+  return Base58Check.checksum(data).toString('hex') === checksum.toString('hex')
+}
+
+Base58Check.decode = function (s) {
+  if (typeof s !== 'string') { throw new Error('Input must be a string') }
+
+  var buf = Buffer.from(Base58.decode(s))
+
+  if (buf.length < 4) { throw new Error('Input string too short') }
+
+  var data = buf.slice(0, -4)
+  var csum = buf.slice(-4)
+
+  var hash = sha256sha256(data)
+  var hash4 = hash.slice(0, 4)
+
+  if (csum.toString('hex') !== hash4.toString('hex')) { throw new Error('Checksum mismatch') }
+
+  return data
+}
+
+Base58Check.checksum = function (buffer) {
+  return sha256sha256(buffer).slice(0, 4)
+}
+
+Base58Check.encode = function (buf) {
+  if (!Buffer.isBuffer(buf)) { throw new Error('Input must be a buffer') }
+  var checkedBuf = Buffer.alloc(buf.length + 4)
+  var hash = Base58Check.checksum(buf)
+  buf.copy(checkedBuf)
+  hash.copy(checkedBuf, buf.length)
+  return Base58.encode(checkedBuf)
+}
+
+Base58Check.prototype.fromBuffer = function (buf) {
+  this.buf = buf
+  return this
+}
+
+Base58Check.fromBuffer = function (buf) {
+  return new Base58Check().fromBuffer(buf)
+}
+
+Base58Check.fromHex = function (hex) {
+  return Base58Check.fromBuffer(Buffer.from(hex, 'hex'))
+}
+
+Base58Check.prototype.fromString = function (str) {
+  var buf = Base58Check.decode(str)
+  this.buf = buf
+  return this
+}
+
+Base58Check.fromString = function (str) {
+  var buf = Base58Check.decode(str)
+  return new Base58(buf)
+}
+
+Base58Check.prototype.toBuffer = function () {
+  return this.buf
+}
+
+Base58Check.prototype.toHex = function () {
+  return this.toBuffer().toString('hex')
+}
+
+Base58Check.prototype.toString = function () {
+  return Base58Check.encode(this.buf)
+}
+
+module.exports = Base58Check

package/lib/encoding/bufferreader.js

@@ -0,0 +1,200 @@
+'use strict'
+
+var _ = require('../util/_')
+var $ = require('../util/preconditions')
+var BN = require('../crypto/bn')
+
+var BufferReader = function BufferReader (buf) {
+  if (!(this instanceof BufferReader)) {
+    return new BufferReader(buf)
+  }
+  if (_.isUndefined(buf)) {
+    return
+  }
+  if (Buffer.isBuffer(buf)) {
+    this.set({
+      buf: buf
+    })
+  } else if (_.isString(buf)) {
+    var b = Buffer.from(buf, 'hex')
+    if (b.length * 2 !== buf.length) { throw new TypeError('Invalid hex string') }
+
+    this.set({
+      buf: b
+    })
+  } else if (_.isObject(buf)) {
+    var obj = buf
+    this.set(obj)
+  } else {
+    throw new TypeError('Unrecognized argument for BufferReader')
+  }
+}
+
+BufferReader.prototype.set = function (obj) {
+  this.buf = obj.buf || this.buf || undefined
+  this.pos = obj.pos || this.pos || 0
+  return this
+}
+
+BufferReader.prototype.eof = function () {
+  return this.pos >= this.buf.length
+}
+
+BufferReader.prototype.finished = BufferReader.prototype.eof
+
+BufferReader.prototype.read = function (len) {
+  $.checkArgument(!_.isUndefined(len), 'Must specify a length')
+  var buf = this.buf.slice(this.pos, this.pos + len)
+  this.pos = this.pos + len
+  return buf
+}
+
+BufferReader.prototype.readAll = function () {
+  var buf = this.buf.slice(this.pos, this.buf.length)
+  this.pos = this.buf.length
+  return buf
+}
+
+BufferReader.prototype.readUInt8 = function () {
+  var val = this.buf.readUInt8(this.pos)
+  this.pos = this.pos + 1
+  return val
+}
+
+BufferReader.prototype.readUInt16BE = function () {
+  var val = this.buf.readUInt16BE(this.pos)
+  this.pos = this.pos + 2
+  return val
+}
+
+BufferReader.prototype.readUInt16LE = function () {
+  var val = this.buf.readUInt16LE(this.pos)
+  this.pos = this.pos + 2
+  return val
+}
+
+BufferReader.prototype.readUInt32BE = function () {
+  var val = this.buf.readUInt32BE(this.pos)
+  this.pos = this.pos + 4
+  return val
+}
+
+BufferReader.prototype.readUInt32LE = function () {
+  var val = this.buf.readUInt32LE(this.pos)
+  this.pos = this.pos + 4
+  return val
+}
+
+BufferReader.prototype.readInt32LE = function () {
+  var val = this.buf.readInt32LE(this.pos)
+  this.pos = this.pos + 4
+  return val
+}
+
+BufferReader.prototype.readUInt64BEBN = function () {
+  var buf = this.buf.slice(this.pos, this.pos + 8)
+  var bn = BN.fromBuffer(buf)
+  this.pos = this.pos + 8
+  return bn
+}
+
+BufferReader.prototype.readUInt64LEBN = function () {
+  var second = this.buf.readUInt32LE(this.pos)
+  var first = this.buf.readUInt32LE(this.pos + 4)
+  var combined = (first * 0x100000000) + second
+  // Instantiating an instance of BN with a number is faster than with an
+  // array or string. However, the maximum safe number for a double precision
+  // floating point is 2 ^ 52 - 1 (0x1fffffffffffff), thus we can safely use
+  // non-floating point numbers less than this amount (52 bits). And in the case
+  // that the number is larger, we can instatiate an instance of BN by passing
+  // an array from the buffer (slower) and specifying the endianness.
+  var bn
+  if (combined <= 0x1fffffffffffff) {
+    bn = new BN(combined)
+  } else {
+    var data = Array.prototype.slice.call(this.buf, this.pos, this.pos + 8)
+    bn = new BN(data, 10, 'le')
+  }
+  this.pos = this.pos + 8
+  return bn
+}
+
+BufferReader.prototype.readVarintNum = function () {
+  var first = this.readUInt8()
+  switch (first) {
+    case 0xFD:
+      return this.readUInt16LE()
+    case 0xFE:
+      return this.readUInt32LE()
+    case 0xFF:
+      var bn = this.readUInt64LEBN()
+      var n = bn.toNumber()
+      if (n <= Math.pow(2, 53)) {
+        return n
+      } else {
+        throw new Error('number too large to retain precision - use readVarintBN')
+      }
+      // break // unreachable
+    default:
+      return first
+  }
+}
+
+/**
+ * reads a length prepended buffer
+ */
+BufferReader.prototype.readVarLengthBuffer = function () {
+  var len = this.readVarintNum()
+  var buf = this.read(len)
+  $.checkState(buf.length === len, 'Invalid length while reading varlength buffer. ' +
+    'Expected to read: ' + len + ' and read ' + buf.length)
+  return buf
+}
+
+BufferReader.prototype.readVarintBuf = function () {
+  var first = this.buf.readUInt8(this.pos)
+  switch (first) {
+    case 0xFD:
+      return this.read(1 + 2)
+    case 0xFE:
+      return this.read(1 + 4)
+    case 0xFF:
+      return this.read(1 + 8)
+    default:
+      return this.read(1)
+  }
+}
+
+BufferReader.prototype.readVarintBN = function () {
+  var first = this.readUInt8()
+  switch (first) {
+    case 0xFD:
+      return new BN(this.readUInt16LE())
+    case 0xFE:
+      return new BN(this.readUInt32LE())
+    case 0xFF:
+      return this.readUInt64LEBN()
+    default:
+      return new BN(first)
+  }
+}
+
+BufferReader.prototype.reverse = function () {
+  var buf = Buffer.alloc(this.buf.length)
+  for (var i = 0; i < buf.length; i++) {
+    buf[i] = this.buf[this.buf.length - 1 - i]
+  }
+  this.buf = buf
+  return this
+}
+
+BufferReader.prototype.readReverse = function (len) {
+  if (_.isUndefined(len)) {
+    len = this.buf.length
+  }
+  var buf = this.buf.slice(this.pos, this.pos + len)
+  this.pos = this.pos + len
+  return Buffer.from(buf).reverse()
+}
+
+module.exports = BufferReader