@scure/bip32
Advanced tools
Comparing version 1.3.1 to 1.3.2
@@ -186,6 +186,7 @@ /*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */ | ||
const m = /^(\d+)('?)$/.exec(c); | ||
if (!m || m.length !== 3) { | ||
const m1 = m && m[1]; | ||
if (!m || m.length !== 3 || typeof m1 !== 'string') { | ||
throw new Error(`Invalid child index: ${c}`); | ||
} | ||
let idx = +m[1]; | ||
let idx = +m1; | ||
if (!Number.isSafeInteger(idx) || idx >= HARDENED_OFFSET) { | ||
@@ -192,0 +193,0 @@ throw new Error('Invalid index'); |
@@ -0,1 +1,2 @@ | ||
/*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */ | ||
import { hmac } from '@noble/hashes/hmac'; | ||
@@ -19,2 +20,3 @@ import { ripemd160 } from '@noble/hashes/ripemd160'; | ||
const MASTER_SECRET = utf8ToBytes('Bitcoin seed'); | ||
// Bitcoin hardcoded by default | ||
const BITCOIN_VERSIONS = { private: 0x0488ade4, public: 0x0488b21e }; | ||
@@ -77,2 +79,3 @@ export const HARDENED_OFFSET = 0x80000000; | ||
static fromExtendedKey(base58key, versions = BITCOIN_VERSIONS) { | ||
// => version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33) | ||
const keyBuffer = base58check.decode(base58key); | ||
@@ -134,3 +137,3 @@ const keyView = createView(keyBuffer); | ||
else if (opt.publicKey) { | ||
this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); | ||
this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point | ||
} | ||
@@ -150,12 +153,15 @@ else { | ||
const parts = path.replace(/^[mM]'?\//, '').split('/'); | ||
// tslint:disable-next-line | ||
let child = this; | ||
for (const c of parts) { | ||
const m = /^(\d+)('?)$/.exec(c); | ||
if (!m || m.length !== 3) { | ||
const m1 = m && m[1]; | ||
if (!m || m.length !== 3 || typeof m1 !== 'string') { | ||
throw new Error(`Invalid child index: ${c}`); | ||
} | ||
let idx = +m[1]; | ||
let idx = +m1; | ||
if (!Number.isSafeInteger(idx) || idx >= HARDENED_OFFSET) { | ||
throw new Error('Invalid index'); | ||
} | ||
// hardened key | ||
if (m[2] === "'") { | ||
@@ -174,2 +180,3 @@ idx += HARDENED_OFFSET; | ||
if (index >= HARDENED_OFFSET) { | ||
// Hardened | ||
const priv = this.privateKey; | ||
@@ -179,5 +186,7 @@ if (!priv) { | ||
} | ||
// Hardened child: 0x00 || ser256(kpar) || ser32(index) | ||
data = concatBytes(new Uint8Array([0]), priv, data); | ||
} | ||
else { | ||
// Normal child: serP(point(kpar)) || ser32(index) | ||
data = concatBytes(this.pubKey, data); | ||
@@ -199,2 +208,3 @@ } | ||
try { | ||
// Private parent key -> private child key | ||
if (this.privateKey) { | ||
@@ -209,2 +219,3 @@ const added = mod(this.privKey + childTweak, secp.CURVE.n); | ||
const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak)); | ||
// Cryptographically impossible: hmac-sha512 preimage would need to be found | ||
if (added.equals(Point.ZERO)) { | ||
@@ -262,2 +273,3 @@ throw new Error('The tweak was equal to negative P, which made the result key invalid'); | ||
assertBytes(key, 33); | ||
// version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33) | ||
return concatBytes(toU32(version), new Uint8Array([this.depth]), toU32(this.parentFingerprint), toU32(this.index), this.chainCode, key); | ||
@@ -264,0 +276,0 @@ } |
{ | ||
"type": "module", | ||
"browser": { | ||
"crypto": false | ||
} | ||
"sideEffects": false | ||
} |
@@ -50,1 +50,2 @@ export declare const HARDENED_OFFSET: number; | ||
export {}; | ||
//# sourceMappingURL=index.d.ts.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.HDKey = exports.HARDENED_OFFSET = void 0; | ||
/*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */ | ||
const hmac_1 = require("@noble/hashes/hmac"); | ||
@@ -22,2 +23,3 @@ const ripemd160_1 = require("@noble/hashes/ripemd160"); | ||
const MASTER_SECRET = (0, utils_1.utf8ToBytes)('Bitcoin seed'); | ||
// Bitcoin hardcoded by default | ||
const BITCOIN_VERSIONS = { private: 0x0488ade4, public: 0x0488b21e }; | ||
@@ -80,2 +82,3 @@ exports.HARDENED_OFFSET = 0x80000000; | ||
static fromExtendedKey(base58key, versions = BITCOIN_VERSIONS) { | ||
// => version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33) | ||
const keyBuffer = base58check.decode(base58key); | ||
@@ -137,3 +140,3 @@ const keyView = (0, utils_1.createView)(keyBuffer); | ||
else if (opt.publicKey) { | ||
this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); | ||
this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point | ||
} | ||
@@ -153,12 +156,15 @@ else { | ||
const parts = path.replace(/^[mM]'?\//, '').split('/'); | ||
// tslint:disable-next-line | ||
let child = this; | ||
for (const c of parts) { | ||
const m = /^(\d+)('?)$/.exec(c); | ||
if (!m || m.length !== 3) { | ||
const m1 = m && m[1]; | ||
if (!m || m.length !== 3 || typeof m1 !== 'string') { | ||
throw new Error(`Invalid child index: ${c}`); | ||
} | ||
let idx = +m[1]; | ||
let idx = +m1; | ||
if (!Number.isSafeInteger(idx) || idx >= exports.HARDENED_OFFSET) { | ||
throw new Error('Invalid index'); | ||
} | ||
// hardened key | ||
if (m[2] === "'") { | ||
@@ -177,2 +183,3 @@ idx += exports.HARDENED_OFFSET; | ||
if (index >= exports.HARDENED_OFFSET) { | ||
// Hardened | ||
const priv = this.privateKey; | ||
@@ -182,5 +189,7 @@ if (!priv) { | ||
} | ||
// Hardened child: 0x00 || ser256(kpar) || ser32(index) | ||
data = (0, utils_1.concatBytes)(new Uint8Array([0]), priv, data); | ||
} | ||
else { | ||
// Normal child: serP(point(kpar)) || ser32(index) | ||
data = (0, utils_1.concatBytes)(this.pubKey, data); | ||
@@ -202,2 +211,3 @@ } | ||
try { | ||
// Private parent key -> private child key | ||
if (this.privateKey) { | ||
@@ -212,2 +222,3 @@ const added = (0, modular_1.mod)(this.privKey + childTweak, secp256k1_1.secp256k1.CURVE.n); | ||
const added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak)); | ||
// Cryptographically impossible: hmac-sha512 preimage would need to be found | ||
if (added.equals(Point.ZERO)) { | ||
@@ -265,2 +276,3 @@ throw new Error('The tweak was equal to negative P, which made the result key invalid'); | ||
(0, _assert_1.bytes)(key, 33); | ||
// version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33) | ||
return (0, utils_1.concatBytes)(toU32(version), new Uint8Array([this.depth]), toU32(this.parentFingerprint), toU32(this.index), this.chainCode, key); | ||
@@ -267,0 +279,0 @@ } |
{ | ||
"name": "@scure/bip32", | ||
"version": "1.3.1", | ||
"version": "1.3.2", | ||
"description": "Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1", | ||
@@ -25,5 +25,5 @@ "files": [ | ||
"dependencies": { | ||
"@noble/curves": "~1.1.0", | ||
"@noble/hashes": "~1.3.1", | ||
"@scure/base": "~1.1.0" | ||
"@noble/curves": "~1.2.0", | ||
"@noble/hashes": "~1.3.2", | ||
"@scure/base": "~1.1.2" | ||
}, | ||
@@ -35,4 +35,5 @@ "devDependencies": { | ||
}, | ||
"sideEffects": false, | ||
"author": "Paul Miller (https://paulmillr.com)", | ||
"homepage": "https://paulmillr.com/", | ||
"homepage": "https://paulmillr.com/noble/#scure", | ||
"repository": { | ||
@@ -54,3 +55,3 @@ "type": "git", | ||
"scripts": { | ||
"build": "tsc -d && tsc -p tsconfig.esm.json", | ||
"build": "tsc && tsc -p tsconfig.esm.json", | ||
"lint": "prettier --check 'index.ts' 'test/*.test.ts'", | ||
@@ -57,0 +58,0 @@ "format": "prettier --write 'index.ts' 'test/*.test.ts'", |
@@ -21,6 +21,7 @@ # scure-bip32 | ||
- Check out all libraries: | ||
[base](https://github.com/paulmillr/scure-base), | ||
[bip32](https://github.com/paulmillr/scure-bip32), | ||
[bip39](https://github.com/paulmillr/scure-bip39), | ||
[btc-signer](https://github.com/paulmillr/scure-btc-signer) | ||
[scure-base](https://github.com/paulmillr/scure-base), | ||
[scure-bip32](https://github.com/paulmillr/scure-bip32), | ||
[scure-bip39](https://github.com/paulmillr/scure-bip39), | ||
[scure-btc-signer](https://github.com/paulmillr/scure-btc-signer), | ||
[starknet](https://github.com/paulmillr/scure-starknet) | ||
@@ -99,6 +100,6 @@ ## Usage | ||
1. The library was initially developed for [js-ethereum-cryptography](https://github.com/ethereum/js-ethereum-cryptography) | ||
2. At commit [ae00e6d7](https://github.com/ethereum/js-ethereum-cryptography/commit/ae00e6d7d24fb3c76a1c7fe10039f6ecd120b77e), it | ||
was extracted to a separate package called `micro-bip32` | ||
3. After the audit we've decided to use NPM namespace for security. Since `@micro` namespace was taken, we've renamed the package to `@scure/bip32` | ||
The library was initially developed for [js-ethereum-cryptography](https://github.com/ethereum/js-ethereum-cryptography). | ||
At commit [ae00e6d7](https://github.com/ethereum/js-ethereum-cryptography/commit/ae00e6d7d24fb3c76a1c7fe10039f6ecd120b77e), | ||
it was extracted to a separate package called `micro-bip32`. | ||
After the audit we've decided to use `@scure` NPM namespace for security. | ||
@@ -105,0 +106,0 @@ ## License |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
57696
879
109
+ Added@noble/curves@1.2.0(transitive)
+ Added@noble/hashes@1.3.2(transitive)
+ Added@scure/base@1.1.8(transitive)
- Removed@noble/curves@1.1.0(transitive)
- Removed@noble/hashes@1.3.1(transitive)
- Removed@scure/base@1.1.9(transitive)
Updated@noble/curves@~1.2.0
Updated@noble/hashes@~1.3.2
Updated@scure/base@~1.1.2