bitcore-lib-cash - npm Package Compare versions

Comparing version 0.15.1 to 0.16.0

index.js

@@ -40,2 +40,4 @@ 'use strict';
 bitcore.util.preconditions = require('./lib/util/preconditions');
+bitcore.util.base32 = require('./lib/util/base32');
+bitcore.util.convertBits = require('./lib/util/convertBits');
 
@@ -42,0 +44,0 @@ // errors thrown by the library

lib/address.js

@@ -11,3 +11,7 @@ 'use strict';
 var PublicKey = require('./publickey');
+var BN = require('./crypto/bn');
 
+var base32 = require('./util/base32');
+var convertBits = require('./util/convertBits');
+
 /**
@@ -270,4 +274,98 @@ * Instantiate an address from an address String or Buffer, a public key or script hash Buffer,
 
+
+function decodeCashAddress(address) {
+
+
+  function hasSingleCase(string) {
+    var lowerCase = string.toLowerCase();
+    var upperCase = string.toUpperCase();
+    var hasSingleCase  = string === lowerCase || string === upperCase;
+
+    return hasSingleCase;
+  }
+
+  function validChecksum(prefix, payload) {
+    function prefixToArray(prefix) {
+      var result = [];
+      for (var i=0; i<prefix.length; i++) {
+        result.push(prefix.charCodeAt(i) & 31);
+      }
+      return result;
+    }
+
+    var prefixData = prefixToArray(prefix).concat([0]);
+    return polymod(prefixData.concat(payload)).eqn(0);
+  }
+
+  $.checkArgument(hasSingleCase(address), 'Mixed case');
+  address = address.toLowerCase();
+
+  var pieces = address.split(':');
+  $.checkArgument(pieces.length <= 2, 'Invalid format:'+ address);
+
+  var prefix, encodedPayload;
+
+  if (pieces.length == 2) {
+    prefix = pieces[0];
+    encodedPayload = pieces[1];
+  } else {
+    prefix = null;
+    encodedPayload = pieces[0];
+  }
+
+  var payload = base32.decode(encodedPayload.toLowerCase());
+
+  if (prefix) {
+    $.checkArgument(validChecksum(prefix, payload), 'Invalid checksum:'+ address);
+  } else {
+
+    var netNames = ['livenet','testnet'];
+    var i;
+
+    while(!prefix && (i = netNames.shift())){
+      var p  =  Networks.get(i).prefix;
+      if(validChecksum(p, payload)) {
+        prefix = p;
+      }
+    }
+    $.checkArgument(prefix, 'Invalid checksum:'+ address);
+  }
+
+  var convertedBits = convertBits(payload.slice(0, -8), 5, 8, true);
+  var versionByte = convertedBits.shift();
+  var hash = convertedBits;
+
+  $.checkArgument(getHashSize(versionByte) === hash.length * 8, 'Invalid hash size:'+ address);
+
+  function getType(versionByte) {
+    switch (versionByte & 120) {
+    case 0:
+      return 'pubkeyhash';
+    case 8:
+      return 'scripthash';
+    default:
+      throw new Error('Invalid address type in version byte:' + versionByte);
+    }
+  }
+
+
+  var type = getType(versionByte);
+  var network = Networks.get(prefix, 'prefix');
+//console.log('[address.js.336:network:]',network); //TODO
+
+  var info = {};
+
+  //return { prefix, type, hash };
+//console.log('[address.js.339]', hash); //TODO
+
+  info.hashBuffer = new Buffer(hash);
+  info.network = network;
+  info.type = type;
+  return info;
+};
+
+
+
 /**
- * Internal function to transform a bitcoin address string
+ * Internal function to transform a bitcoin cash address string
  *
@@ -285,3 +383,12 @@ * @param {string} data
   data = data.trim();
-  var addressBuffer = Base58Check.decode(data);
+  var addressBuffer;
+
+  try {
+    addressBuffer = Base58Check.decode(data);
+  } catch (e) {
+    info = decodeCashAddress(data);
+    return info;
+  }
+
+  // Legacy addr
   var info = Address._transformBuffer(addressBuffer, network, type);
@@ -291,2 +398,3 @@ return info;
 
+
 /**
@@ -487,3 +595,3 @@ * Instantiate an address from a PublicKey instance
 /**
- * Will return a the string representation of the address
+ * Will return a the base58 (legacy) string representation of the address
  *
@@ -493,2 +601,3 @@ * @returns {string} Bitcoin address
 Address.prototype.toString = function() {
+  //console.log('Warning: Using deprecated bitcoin cash address type. Replace to .toCashAddress');
   return Base58Check.encode(this.toBuffer());
@@ -506,4 +615,152 @@ };
 
+/***
+ * @license
+ * https://github.com/bitcoincashjs/cashaddr
+ * Copyright (c) 2017 Emilio Almansi
+ * Distributed under the MIT software license, see the accompanying
+ * file LICENSE or http://www.opensource.org/licenses/mit-license.php.
+ */
+
+Address.prototype.toCashBuffer = function() {
+  var version = new Buffer([this.network[this.type]]);
+  var buf = Buffer.concat([version, this.hashBuffer]);
+  return buf;
+};
+
+
+
+/**
+ * Will return a cashaddr representation of the address. Always return lower case
+ * Can be converted by the caller to uppercase is needed (still valid).
+ *
+ * @returns {string} Bitcoin Cash address
+ */
+
+
+Address.prototype.toCashAddress = function() {
+  function getTypeBits(type) {
+    switch (type) {
+      case 'pubkeyhash':
+        return 0;
+      case 'scripthash':
+        return 8;
+      default:
+        throw new Error('Invalid type:'+ type);
+    }
+  }
+
+  function getHashSizeBits(hash) {
+    switch (hash.length * 8) {
+      case 160:
+        return 0;
+      case 192:
+        return 1;
+      case 224:
+        return 2;
+      case 256:
+        return 3;
+      case 320:
+        return 4;
+      case 384:
+        return 5;
+      case 448:
+        return 6;
+      case 512:
+        return 7;
+      default:
+        throw new Error('Invalid hash size:'+ hash.length);
+      }
+  }
+
+  var eight0 = [0,0,0,0, 0,0,0,0];
+  var prefixData = this.network.prefixArray.concat([0]);
+  var versionByte = getTypeBits(this.type) + getHashSizeBits(this.hashBuffer);
+  var arr =  Array.prototype.slice.call(this.hashBuffer, 0);
+  var payloadData = convertBits([versionByte].concat(arr), 8, 5);
+  var checksumData = prefixData.concat(payloadData).concat(eight0);
+  var payload = payloadData.concat(checksumToArray(polymod(checksumData)));
+  return this.network.prefix+ ':' + base32.encode(payload);
+};
+
+
+/***
+ * Retrieves the the length in bits of the encoded hash from its bit
+ * representation within the version byte.
+ *
+ * @param {number} versionByte 
+ */
+function getHashSize(versionByte) {
+  switch (versionByte & 7) {
+  case 0:
+    return 160;
+  case 1:
+    return 192;
+  case 2:
+    return 224;
+  case 3:
+    return 256;
+  case 4:
+    return 320;
+  case 5:
+    return 384;
+  case 6:
+    return 448;
+  case 7:
+    return 512;
+  }
+}
+
+
+/***
+ * Returns an array representation of the given checksum to be encoded
+ * within the address' payload.
+ *
+ * @param {BigInteger} checksum Computed checksum.
+ */
+function checksumToArray(checksum) {
+  var result = [];
+  var N31 = new BN(31);
+  for (var i = 0; i < 8; ++i) {
+    result.push(checksum.and(N31).toNumber());
+    checksum = checksum.shrn(5);
+  }
+  return result.reverse();
+}
+
+/***
+ * Computes a checksum from the given input data as specified for the CashAddr
+ * format: https://github.com/Bitcoin-UAHF/spec/blob/master/cashaddr.md.
+ *
+ * @param {Array} data Array of 5-bit integers over which the checksum is to be computed.
+ */
+ var GENERATOR = _.map(
+  [0x98f2bc8e61, 0x79b76d99e2, 0xf33e5fb3c4, 0xae2eabe2a8, 0x1e4f43e470], function(x){ 
+    return new BN(x);
+  }
+);
+
+function polymod(data) {
+
+  var checksum = new BN(1);
+  var C = new BN(0x07ffffffff);
+
+  for (var j=0; j<data.length; j++) {
+    var value = data[j];
+    var topBits = checksum.shrn(35);
+
+    checksum = checksum.and(C);
+    checksum = checksum.shln(5).xor(new BN(value));
+
+    for (var i = 0; i < GENERATOR.length; ++i) {
+      var D = topBits.shrn(i).and(BN.One);
+      if (D.eqn(1)) {
+        checksum = checksum.xor(GENERATOR[i]);
+      }
+    }
+  }
+  return checksum.xor(BN.One);
+}
+
 module.exports = Address;
 
 var Script = require('./script');

lib/networks.js

@@ -50,2 +50,16 @@ 'use strict';
 
+/***
+ * Derives an array from the given prefix to be used in the computation
+ * of the address' checksum.
+ *
+ * @param {string} prefix Network prefix. E.g.: 'bitcoincash'. 
+ */
+function prefixToArray(prefix) {
+  var result = [];
+  for (var i=0; i<prefix.length; i++) {
+    result.push(prefix.charCodeAt(i) & 31);
+  }
+  return result;
+}
+
 /**
@@ -72,2 +86,4 @@ * @function
 
+  data.prefix = data.prefix || data.name;
+
   JSUtil.defineImmutable(network, {
@@ -80,3 +96,5 @@ name: data.name,
     xpubkey: data.xpubkey,
-    xprivkey: data.xprivkey
+    xprivkey: data.xprivkey,
+    prefix: data.prefix,
+    prefixArray: prefixToArray(data.prefix),
   });
@@ -135,2 +153,3 @@
   alias: 'mainnet',
+  prefix: 'bitcoincash',
   pubkeyhash: 28,
@@ -160,3 +179,3 @@ privatekey: 0x80,
   name: 'testnet',
-  alias: 'regtest',
+  prefix: 'bchtest',
   pubkeyhash: 0x6f,
@@ -181,6 +200,7 @@ privatekey: 0xef,
   DNS_SEEDS: [
-    'testnet-seed.bitcoin.petertodd.org',
-    'testnet-seed.bluematt.me',
-    'testnet-seed.alexykot.me',
-    'testnet-seed.bitcoin.schildbach.de'
+    'seed.bitcoinabc.org',
+    'seed-abc.bitcoinforks.org',
+    'seed.bitcoinunlimited.info',
+    'seed.bitprim.org ',
+    'seed.deadalnix.me',
   ]
@@ -187,0 +207,0 @@ };

package.json

 {
   "name": "bitcore-lib-cash",
-  "version": "0.15.1",
+  "version": "0.16.0",
   "description": "A pure and powerful JavaScript Bitcoin Cash library.",
@@ -42,3 +42,4 @@ "author": "BitPay <dev@bitpay.com>",
     "inherits": "=2.0.1",
-    "lodash": "=4.17.4"
+    "lodash": "=4.17.4",
+    "phantomjs-prebuilt": "^2.1.16"
   },
@@ -45,0 +46,0 @@ "devDependencies": {

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

Improved metrics

Number of package files

146

increased by73.81%

Number of low quality alerts

2

decreased by-33.33%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

3966744

decreased by-17.45%

Dependency count

7

increased by16.67%

Lines of code

77675

decreased by-33.52%

Number of low supply chain risk alerts

5

increased by25%

Dependency changes

• + Addedphantomjs-prebuilt@^2.1.16

• + Addedajv@6.12.6(transitive)

• + Addedasn1@0.2.6(transitive)

• + Addedassert-plus@1.0.0(transitive)

• + Addedasynckit@0.4.0(transitive)

• + Addedaws-sign2@0.7.0(transitive)

• + Addedaws4@1.13.0(transitive)

• + Addedbcrypt-pbkdf@1.0.2(transitive)

• + Addedbuffer-crc32@0.2.13(transitive)

• + Addedbuffer-from@1.1.2(transitive)

• + Addedcaseless@0.12.0(transitive)

• + Addedcombined-stream@1.0.8(transitive)

• + Addedconcat-stream@1.6.2(transitive)

• + Addedcore-util-is@1.0.21.0.3(transitive)

• + Addeddashdash@1.14.1(transitive)

• + Addeddebug@2.6.9(transitive)

• + Addeddelayed-stream@1.0.0(transitive)

• + Addedecc-jsbn@0.1.2(transitive)

• + Addedes6-promise@4.2.8(transitive)

• + Addedextend@3.0.2(transitive)

• + Addedextract-zip@1.7.0(transitive)

• + Addedextsprintf@1.3.0(transitive)

• + Addedfast-deep-equal@3.1.3(transitive)

• + Addedfast-json-stable-stringify@2.1.0(transitive)

• + Addedfd-slicer@1.1.0(transitive)

• + Addedforever-agent@0.6.1(transitive)

• + Addedform-data@2.3.3(transitive)

• + Addedfs-extra@1.0.0(transitive)

• + Addedgetpass@0.1.7(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedhar-schema@2.0.0(transitive)

• + Addedhar-validator@5.1.5(transitive)

• + Addedhasha@2.2.0(transitive)

• + Addedhttp-signature@1.2.0(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedis-stream@1.1.0(transitive)

• + Addedis-typedarray@1.0.0(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedisexe@2.0.0(transitive)

• + Addedisstream@0.1.2(transitive)

• + Addedjsbn@0.1.1(transitive)

• + Addedjson-schema@0.4.0(transitive)

• + Addedjson-schema-traverse@0.4.1(transitive)

• + Addedjson-stringify-safe@5.0.1(transitive)

• + Addedjsonfile@2.4.0(transitive)

• + Addedjsprim@1.4.2(transitive)

• + Addedkew@0.7.0(transitive)

• + Addedklaw@1.3.1(transitive)

• + Addedmime-db@1.52.0(transitive)

• + Addedmime-types@2.1.35(transitive)

• + Addedminimist@1.2.8(transitive)

• + Addedmkdirp@0.5.6(transitive)

• + Addedms@2.0.0(transitive)

• + Addedoauth-sign@0.9.0(transitive)

• + Addedpend@1.2.0(transitive)

• + Addedperformance-now@2.1.0(transitive)

• + Addedphantomjs-prebuilt@2.1.16(transitive)

• + Addedpinkie@2.0.4(transitive)

• + Addedpinkie-promise@2.0.1(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedprogress@1.1.8(transitive)

• + Addedpsl@1.9.0(transitive)

• + Addedpunycode@2.3.1(transitive)

• + Addedqs@6.5.3(transitive)

• + Addedreadable-stream@2.3.8(transitive)

• + Addedrequest@2.88.2(transitive)

• + Addedrequest-progress@2.0.1(transitive)

• + Addedsafe-buffer@5.1.2(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• + Addedsshpk@1.18.0(transitive)

• + Addedstring_decoder@1.1.1(transitive)

• + Addedthrottleit@1.0.1(transitive)

• + Addedtough-cookie@2.5.0(transitive)

• + Addedtunnel-agent@0.6.0(transitive)

• + Addedtweetnacl@0.14.5(transitive)

• + Addedtypedarray@0.0.6(transitive)

• + Addeduri-js@4.4.1(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• + Addeduuid@3.4.0(transitive)

• + Addedverror@1.10.0(transitive)

• + Addedwhich@1.3.1(transitive)

• + Addedyauzl@2.10.0(transitive)