ethereumjs-wallet/index.js

311 lines
9.3 KiB
JavaScript
Raw Normal View History

var Buffer = require('safe-buffer').Buffer
2016-02-23 18:57:37 +00:00
var ethUtil = require('ethereumjs-util')
var crypto = require('crypto')
2016-02-24 02:05:42 +00:00
var scryptsy = require('scrypt.js')
2016-02-23 18:57:37 +00:00
var uuid = require('uuid')
2016-03-23 12:15:44 +00:00
var bs58check = require('bs58check')
2016-02-23 18:57:37 +00:00
function assert (val, msg) {
if (!val) {
throw new Error(msg || 'Assertion failed')
}
}
function decipherBuffer (decipher, data) {
return Buffer.concat([ decipher.update(data), decipher.final() ])
}
2016-03-23 00:39:20 +00:00
var Wallet = function (priv, pub) {
if (priv && pub) {
throw new Error('Cannot supply both a private and a public key to the constructor')
}
2016-03-23 00:39:20 +00:00
if (priv && !ethUtil.isValidPrivate(priv)) {
throw new Error('Private key does not satisfy the curve requirements (ie. it is invalid)')
}
if (pub && !ethUtil.isValidPublic(pub)) {
throw new Error('Invalid public key')
}
2016-03-23 00:39:20 +00:00
this._privKey = priv
this._pubKey = pub
2016-02-23 18:57:37 +00:00
}
2016-03-23 00:39:20 +00:00
Object.defineProperty(Wallet.prototype, 'privKey', {
get: function () {
assert(this._privKey, 'This is a public key only wallet')
return this._privKey
}
})
Object.defineProperty(Wallet.prototype, 'pubKey', {
get: function () {
if (!this._pubKey) {
this._pubKey = ethUtil.privateToPublic(this.privKey)
}
return this._pubKey
}
})
Wallet.generate = function (icapDirect) {
if (icapDirect) {
var max = new ethUtil.BN('088f924eeceeda7fe92e1f5b0fffffffffffffff', 16)
while (true) {
var privKey = crypto.randomBytes(32)
if (new ethUtil.BN(ethUtil.privateToAddress(privKey)).lte(max)) {
return new Wallet(privKey)
}
}
} else {
return new Wallet(crypto.randomBytes(32))
}
}
2016-03-26 17:57:34 +00:00
Wallet.generateVanityAddress = function (pattern) {
if (typeof pattern !== 'object') {
pattern = new RegExp(pattern)
}
while (true) {
var privKey = crypto.randomBytes(32)
var address = ethUtil.privateToAddress(privKey)
if (pattern.test(address.toString('hex'))) {
return new Wallet(privKey)
}
}
}
2016-02-23 18:57:37 +00:00
Wallet.prototype.getPrivateKey = function () {
return this.privKey
}
Wallet.prototype.getPrivateKeyString = function () {
2016-03-22 23:56:01 +00:00
return ethUtil.bufferToHex(this.getPrivateKey())
2016-02-23 18:57:37 +00:00
}
Wallet.prototype.getPublicKey = function () {
2016-03-23 00:39:20 +00:00
return this.pubKey
2016-02-23 18:57:37 +00:00
}
Wallet.prototype.getPublicKeyString = function () {
2016-03-22 23:56:01 +00:00
return ethUtil.bufferToHex(this.getPublicKey())
2016-02-23 18:57:37 +00:00
}
Wallet.prototype.getAddress = function () {
2016-03-23 00:39:20 +00:00
return ethUtil.publicToAddress(this.pubKey)
2016-02-23 18:57:37 +00:00
}
Wallet.prototype.getAddressString = function () {
2016-03-22 23:56:01 +00:00
return ethUtil.bufferToHex(this.getAddress())
2016-02-23 18:57:37 +00:00
}
Wallet.prototype.getChecksumAddressString = function () {
return ethUtil.toChecksumAddress(this.getAddressString())
}
2016-02-23 18:57:37 +00:00
// https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition
Wallet.prototype.toV3 = function (password, opts) {
2016-03-23 00:39:20 +00:00
assert(this._privKey, 'This is a public key only wallet')
2016-02-23 18:57:37 +00:00
opts = opts || {}
var salt = opts.salt || crypto.randomBytes(32)
var iv = opts.iv || crypto.randomBytes(16)
var derivedKey
2016-02-24 01:51:22 +00:00
var kdf = opts.kdf || 'scrypt'
2016-02-23 18:57:37 +00:00
var kdfparams = {
dklen: opts.dklen || 32,
salt: salt.toString('hex')
}
if (kdf === 'pbkdf2') {
kdfparams.c = opts.c || 262144
kdfparams.prf = 'hmac-sha256'
derivedKey = crypto.pbkdf2Sync(Buffer.from(password), salt, kdfparams.c, kdfparams.dklen, 'sha256')
2016-02-23 18:57:37 +00:00
} else if (kdf === 'scrypt') {
// FIXME: support progress reporting callback
kdfparams.n = opts.n || 262144
2016-02-24 01:50:24 +00:00
kdfparams.r = opts.r || 8
kdfparams.p = opts.p || 1
derivedKey = scryptsy(Buffer.from(password), salt, kdfparams.n, kdfparams.r, kdfparams.p, kdfparams.dklen)
2016-02-23 18:57:37 +00:00
} else {
throw new Error('Unsupported kdf')
}
var cipher = crypto.createCipheriv(opts.cipher || 'aes-128-ctr', derivedKey.slice(0, 16), iv)
if (!cipher) {
throw new Error('Unsupported cipher')
}
var ciphertext = Buffer.concat([ cipher.update(this.privKey), cipher.final() ])
var mac = ethUtil.sha3(Buffer.concat([ derivedKey.slice(16, 32), Buffer.from(ciphertext, 'hex') ]))
2016-02-23 18:57:37 +00:00
return {
version: 3,
id: uuid.v4({ random: opts.uuid || crypto.randomBytes(16) }),
address: this.getAddress().toString('hex'),
crypto: {
2016-02-23 18:57:37 +00:00
ciphertext: ciphertext.toString('hex'),
cipherparams: {
iv: iv.toString('hex')
},
cipher: opts.cipher || 'aes-128-ctr',
kdf: kdf,
kdfparams: kdfparams,
mac: mac.toString('hex')
}
}
}
Wallet.prototype.getV3Filename = function (timestamp) {
/*
* We want a timestamp like 2016-03-15T17-11-33.007598288Z. Date formatting
* is a pain in Javascript, everbody knows that. We could use moment.js,
* but decide to do it manually in order to save space.
*
* toJSON() returns a pretty close version, so let's use it. It is not UTC though,
* but does it really matter?
*
* Alternative manual way with padding and Date fields: http://stackoverflow.com/a/7244288/4964819
*
*/
var ts = timestamp ? new Date(timestamp) : new Date()
return [
'UTC--',
ts.toJSON().replace(/:/g, '-'),
'--',
this.getAddress().toString('hex')
].join('')
}
2016-02-23 18:57:37 +00:00
Wallet.prototype.toV3String = function (password, opts) {
return JSON.stringify(this.toV3(password, opts))
}
Wallet.fromPublicKey = function (pub, nonStrict) {
if (nonStrict) {
pub = ethUtil.importPublic(pub)
}
2016-03-23 00:39:20 +00:00
return new Wallet(null, pub)
}
2016-03-23 12:15:44 +00:00
Wallet.fromExtendedPublicKey = function (pub) {
assert(pub.slice(0, 4) === 'xpub', 'Not an extended public key')
pub = bs58check.decode(pub).slice(45)
// Convert to an Ethereum public key
return Wallet.fromPublicKey(pub, true)
2016-03-23 12:15:44 +00:00
}
2016-02-23 18:57:37 +00:00
Wallet.fromPrivateKey = function (priv) {
return new Wallet(priv)
}
2016-03-23 12:15:44 +00:00
Wallet.fromExtendedPrivateKey = function (priv) {
assert(priv.slice(0, 4) === 'xprv', 'Not an extended private key')
var tmp = bs58check.decode(priv)
assert(tmp[45] === 0, 'Invalid extended private key')
return Wallet.fromPrivateKey(tmp.slice(46))
}
2016-02-23 18:57:37 +00:00
// https://github.com/ethereum/go-ethereum/wiki/Passphrase-protected-key-store-spec
Wallet.fromV1 = function (input, password) {
assert(typeof password === 'string')
2016-02-23 18:57:37 +00:00
var json = (typeof input === 'object') ? input : JSON.parse(input)
2016-02-23 21:25:23 +00:00
if (json.Version !== '1') {
throw new Error('Not a V1 wallet')
}
if (json.Crypto.KeyHeader.Kdf !== 'scrypt') {
throw new Error('Unsupported key derivation scheme')
}
var kdfparams = json.Crypto.KeyHeader.KdfParams
var derivedKey = scryptsy(Buffer.from(password), Buffer.from(json.Crypto.Salt, 'hex'), kdfparams.N, kdfparams.R, kdfparams.P, kdfparams.DkLen)
2016-02-23 21:25:23 +00:00
var ciphertext = Buffer.from(json.Crypto.CipherText, 'hex')
2016-02-23 21:25:23 +00:00
var mac = ethUtil.sha3(Buffer.concat([ derivedKey.slice(16, 32), ciphertext ]))
if (mac.toString('hex') !== json.Crypto.MAC) {
throw new Error('Key derivation failed - possibly wrong passphrase')
}
var decipher = crypto.createDecipheriv('aes-128-cbc', ethUtil.sha3(derivedKey.slice(0, 16)).slice(0, 16), Buffer.from(json.Crypto.IV, 'hex'))
2016-02-23 21:25:23 +00:00
var seed = decipherBuffer(decipher, ciphertext)
return new Wallet(seed)
2016-02-23 18:57:37 +00:00
}
Wallet.fromV3 = function (input, password, nonStrict) {
assert(typeof password === 'string')
var json = (typeof input === 'object') ? input : JSON.parse(nonStrict ? input.toLowerCase() : input)
2016-02-23 18:57:37 +00:00
2016-02-23 20:55:14 +00:00
if (json.version !== 3) {
throw new Error('Not a V3 wallet')
}
2016-02-23 18:57:37 +00:00
var derivedKey
var kdfparams
if (json.crypto.kdf === 'scrypt') {
kdfparams = json.crypto.kdfparams
2016-02-23 18:57:37 +00:00
// FIXME: support progress reporting callback
derivedKey = scryptsy(Buffer.from(password), Buffer.from(kdfparams.salt, 'hex'), kdfparams.n, kdfparams.r, kdfparams.p, kdfparams.dklen)
} else if (json.crypto.kdf === 'pbkdf2') {
kdfparams = json.crypto.kdfparams
2016-02-23 18:57:37 +00:00
if (kdfparams.prf !== 'hmac-sha256') {
throw new Error('Unsupported parameters to PBKDF2')
}
derivedKey = crypto.pbkdf2Sync(Buffer.from(password), Buffer.from(kdfparams.salt, 'hex'), kdfparams.c, kdfparams.dklen, 'sha256')
2016-02-23 18:57:37 +00:00
} else {
throw new Error('Unsupported key derivation scheme')
}
var ciphertext = Buffer.from(json.crypto.ciphertext, 'hex')
2016-02-23 20:58:13 +00:00
var mac = ethUtil.sha3(Buffer.concat([ derivedKey.slice(16, 32), ciphertext ]))
if (mac.toString('hex') !== json.crypto.mac) {
2016-02-23 18:57:37 +00:00
throw new Error('Key derivation failed - possibly wrong passphrase')
}
var decipher = crypto.createDecipheriv(json.crypto.cipher, derivedKey.slice(0, 16), Buffer.from(json.crypto.cipherparams.iv, 'hex'))
2016-02-23 20:58:13 +00:00
var seed = decipherBuffer(decipher, ciphertext, 'hex')
2016-02-23 18:57:37 +00:00
return new Wallet(seed)
}
/*
* Based on https://github.com/ethereum/pyethsaletool/blob/master/pyethsaletool.py
* JSON fields: encseed, ethaddr, btcaddr, email
*/
Wallet.fromEthSale = function (input, password) {
assert(typeof password === 'string')
var json = (typeof input === 'object') ? input : JSON.parse(input)
var encseed = Buffer.from(json.encseed, 'hex')
2016-02-23 18:57:37 +00:00
// key derivation
var derivedKey = crypto.pbkdf2Sync(password, password, 2000, 32, 'sha256').slice(0, 16)
// seed decoding (IV is first 16 bytes)
2016-03-23 16:23:48 +00:00
// NOTE: crypto (derived from openssl) when used with aes-*-cbc will handle PKCS#7 padding internally
// see also http://stackoverflow.com/a/31614770/4964819
2016-02-23 18:57:37 +00:00
var decipher = crypto.createDecipheriv('aes-128-cbc', derivedKey, encseed.slice(0, 16))
var seed = decipherBuffer(decipher, encseed.slice(16))
var wallet = new Wallet(ethUtil.sha3(seed))
if (wallet.getAddress().toString('hex') !== json.ethaddr) {
throw new Error('Decoded key mismatch - possibly wrong passphrase')
}
return wallet
}
module.exports = Wallet