MyCrypto/common/libs/decrypt.js

//@flow

import { createHash, createDecipheriv } from 'crypto';
import { validateMnemonic, mnemonicToSeed } from 'bip39';
import { fromMasterSeed } from 'hdkey';
import { stripHexPrefixAndLower } from 'libs/values';

import { privateToAddress } from 'ethereumjs-util';

//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L230
export function decryptPrivKey(encprivkey: string, password: string): Buffer {
  let cipher = encprivkey.slice(0, 128);
  cipher = decodeCryptojsSalt(cipher);
  let evp = evp_kdf(new Buffer(password), cipher.salt, {
    keysize: 32,
    ivsize: 16
  });
  let decipher = createDecipheriv('aes-256-cbc', evp.key, evp.iv);
  let privKey = decipherBuffer(decipher, new Buffer(cipher.ciphertext));

  return new Buffer(privKey.toString(), 'hex');
}

//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L284
export function decodeCryptojsSalt(input: string): Object {
  let ciphertext = new Buffer(input, 'base64');
  if (ciphertext.slice(0, 8).toString() === 'Salted__') {
    return {
      salt: ciphertext.slice(8, 16),
      ciphertext: ciphertext.slice(16)
    };
  } else {
    return {
      ciphertext: ciphertext
    };
  }
}

//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L297
export function evp_kdf(data: Buffer, salt: Buffer, opts: Object) {
  // A single EVP iteration, returns `D_i`, where block equlas to `D_(i-1)`

  function iter(block) {
    let hash = createHash(opts.digest || 'md5');
    hash.update(block);
    hash.update(data);
    hash.update(salt);
    block = hash.digest();
    for (let i = 1; i < (opts.count || 1); i++) {
      hash = createHash(opts.digest || 'md5');
      hash.update(block);
      block = hash.digest();
    }
    return block;
  }
  let keysize = opts.keysize || 16;
  let ivsize = opts.ivsize || 16;
  let ret = [];
  let i = 0;
  while (Buffer.concat(ret).length < keysize + ivsize) {
    ret[i] = iter(i === 0 ? new Buffer(0) : ret[i - 1]);
    i++;
  }
  let tmp = Buffer.concat(ret);
  return {
    key: tmp.slice(0, keysize),
    iv: tmp.slice(keysize, keysize + ivsize)
  };
}

export function decipherBuffer(decipher: Object, data: Buffer): Buffer {
  return Buffer.concat([decipher.update(data), decipher.final()]);
}

export function decryptMnemonicToPrivKey(
  phrase: string,
  pass: string,
  path: string,
  address: string
): Buffer {
  phrase = phrase.trim();
  address = stripHexPrefixAndLower(address);

  if (!validateMnemonic(phrase)) {
    throw new Error('Invalid mnemonic');
  }

  const seed = mnemonicToSeed(phrase, pass);
  const derived = fromMasterSeed(seed).derive(path);
  const dPrivKey = derived.privateKey;
  const dAddress = privateToAddress(dPrivKey).toString('hex');

  if (dAddress !== address) {
    throw new Error(`Derived ${dAddress}, expected ${address}`);
  }

  return dPrivKey;
}
Keystore & Private Key Wallet Decrypts (#116) * wire up keystore decrypt & build UI * add support for encrypted private keys * add check for key length * rename keystore wallet file * rename encrypted priv key wallet file * add support for presale, v1, & v2 JSON keystores * clean up TODO messages, add class files * add v3 references * add flow type * fix event bug * update privkey validators to accept whole privkey * refactor pkey/pass validation to function * move pass req detection to function, remove unnecessary state * add tests for decrypt & keystore libs 2017-08-20 20:28:47 +00:00			`//@flow`

			`import { createHash, createDecipheriv } from 'crypto';`
Wallet Decrypt - Mnemonic (#180) * add 'bip39' package * add mnemonic decrypt, wallet wrapper * add mnemonic path config * add mnemonic support to deterministic components * add mnemonic support * accomodate for ledger ETH path * remove comments * update comments regarding path length * rename modal open handler * make several props optional * add basic tests for mnemonic decrypt * make flow happy, add user error notifications * convert dpaths to js file, update references * add ledger path to test * Trezor DPath Fix (#196) * Match v3 more closely. * Require wallet index on deterministic wallets, update trezor to send index. * remove redundent stripAndLower function and rename existing stripHex to stripHexPrefixAndLower 2017-09-15 19:29:38 +00:00			`import { validateMnemonic, mnemonicToSeed } from 'bip39';`
			`import { fromMasterSeed } from 'hdkey';`
			`import { stripHexPrefixAndLower } from 'libs/values';`

			`import { privateToAddress } from 'ethereumjs-util';`
Keystore & Private Key Wallet Decrypts (#116) * wire up keystore decrypt & build UI * add support for encrypted private keys * add check for key length * rename keystore wallet file * rename encrypted priv key wallet file * add support for presale, v1, & v2 JSON keystores * clean up TODO messages, add class files * add v3 references * add flow type * fix event bug * update privkey validators to accept whole privkey * refactor pkey/pass validation to function * move pass req detection to function, remove unnecessary state * add tests for decrypt & keystore libs 2017-08-20 20:28:47 +00:00
			`//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L230`
			`export function decryptPrivKey(encprivkey: string, password: string): Buffer {`
			`let cipher = encprivkey.slice(0, 128);`
			`cipher = decodeCryptojsSalt(cipher);`
			`let evp = evp_kdf(new Buffer(password), cipher.salt, {`
			`keysize: 32,`
			`ivsize: 16`
			`});`
			`let decipher = createDecipheriv('aes-256-cbc', evp.key, evp.iv);`
			`let privKey = decipherBuffer(decipher, new Buffer(cipher.ciphertext));`

			`return new Buffer(privKey.toString(), 'hex');`
			`}`

			`//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L284`
			`export function decodeCryptojsSalt(input: string): Object {`
			`let ciphertext = new Buffer(input, 'base64');`
			`if (ciphertext.slice(0, 8).toString() === 'Salted__') {`
			`return {`
			`salt: ciphertext.slice(8, 16),`
			`ciphertext: ciphertext.slice(16)`
			`};`
			`} else {`
			`return {`
			`ciphertext: ciphertext`
			`};`
			`}`
			`}`

			`//adapted from https://github.com/kvhnuke/etherwallet/blob/de536ffebb4f2d1af892a32697e89d1a0d906b01/app/scripts/myetherwallet.js#L297`
			`export function evp_kdf(data: Buffer, salt: Buffer, opts: Object) {`
			// A single EVP iteration, returns `D_i`, where block equlas to `D_(i-1)`

			`function iter(block) {`
			`let hash = createHash(opts.digest \|\| 'md5');`
			`hash.update(block);`
			`hash.update(data);`
			`hash.update(salt);`
			`block = hash.digest();`
			`for (let i = 1; i < (opts.count \|\| 1); i++) {`
			`hash = createHash(opts.digest \|\| 'md5');`
			`hash.update(block);`
			`block = hash.digest();`
			`}`
			`return block;`
			`}`
			`let keysize = opts.keysize \|\| 16;`
			`let ivsize = opts.ivsize \|\| 16;`
			`let ret = [];`
			`let i = 0;`
			`while (Buffer.concat(ret).length < keysize + ivsize) {`
			`ret[i] = iter(i === 0 ? new Buffer(0) : ret[i - 1]);`
			`i++;`
			`}`
			`let tmp = Buffer.concat(ret);`
			`return {`
			`key: tmp.slice(0, keysize),`
			`iv: tmp.slice(keysize, keysize + ivsize)`
			`};`
			`}`

			`export function decipherBuffer(decipher: Object, data: Buffer): Buffer {`
			`return Buffer.concat([decipher.update(data), decipher.final()]);`
			`}`
Wallet Decrypt - Mnemonic (#180) * add 'bip39' package * add mnemonic decrypt, wallet wrapper * add mnemonic path config * add mnemonic support to deterministic components * add mnemonic support * accomodate for ledger ETH path * remove comments * update comments regarding path length * rename modal open handler * make several props optional * add basic tests for mnemonic decrypt * make flow happy, add user error notifications * convert dpaths to js file, update references * add ledger path to test * Trezor DPath Fix (#196) * Match v3 more closely. * Require wallet index on deterministic wallets, update trezor to send index. * remove redundent stripAndLower function and rename existing stripHex to stripHexPrefixAndLower 2017-09-15 19:29:38 +00:00
			`export function decryptMnemonicToPrivKey(`
			`phrase: string,`
			`pass: string,`
			`path: string,`
			`address: string`
			`): Buffer {`
			`phrase = phrase.trim();`
			`address = stripHexPrefixAndLower(address);`

			`if (!validateMnemonic(phrase)) {`
			`throw new Error('Invalid mnemonic');`
			`}`

			`const seed = mnemonicToSeed(phrase, pass);`
			`const derived = fromMasterSeed(seed).derive(path);`
			`const dPrivKey = derived.privateKey;`
			`const dAddress = privateToAddress(dPrivKey).toString('hex');`

			`if (dAddress !== address) {`
			throw new Error(`Derived ${dAddress}, expected ${address}`);
			`}`

			`return dPrivKey;`
			`}`