cardano-crypto.js
Advanced tools
Comparing version 1.0.0 to 2.0.0
257
index.js
var Module = require('./lib.js') | ||
var bip39 = require('bip39') | ||
var cbor = require('cbor') | ||
var blake2 = require('blakejs') | ||
var crypto = require('crypto') | ||
@@ -29,3 +27,32 @@ | ||
exports.sign = function(msg, walletSecret){ | ||
function validateBool(input) { | ||
if (typeof(input) !== typeof(true)) { | ||
throw new Error('not a boolean!') | ||
} | ||
} | ||
function validateString(input) { | ||
if (typeof(input) !== typeof('aa')) { | ||
throw new Error('not a string!') | ||
} | ||
} | ||
function cborEncodeBuffer(input) { | ||
validateBuffer(input) | ||
var len = input.length | ||
var cborPrefix = [] | ||
if (len < 24) { | ||
cborPrefix = [0x40 + len] | ||
} else if (len < 256) { | ||
cborPrefix = [0x58, len] | ||
} else { | ||
throw Error('CBOR encode for more than 256 bytes not yet implemented') | ||
} | ||
return Buffer.concat([Buffer.from(cborPrefix), input]) | ||
} | ||
function sign(msg, walletSecret) { | ||
validateBuffer(msg) | ||
@@ -40,3 +67,3 @@ validateBuffer(walletSecret, 128) | ||
var sigPtr = Module._malloc(64) | ||
var sig = new Uint8Array(Module.HEAPU8.buffer, sigPtr, 64) | ||
var sigArr = new Uint8Array(Module.HEAPU8.buffer, sigPtr, 64) | ||
@@ -51,6 +78,32 @@ msgArr.set(msg) | ||
return new Buffer(sig) | ||
} | ||
return new Buffer(sigArr) | ||
} | ||
function walletSecretFromSeed(seed, chainCode){ | ||
function verify(msg, publicKey, sig) { | ||
validateBuffer(msg) | ||
validateBuffer(publicKey, 32) | ||
validateBuffer(sig, 64) | ||
var msgLen = msg.length | ||
var msgArrPtr = Module._malloc(msgLen) | ||
var msgArr = new Uint8Array(Module.HEAPU8.buffer, msgArrPtr, msgLen) | ||
var publicKeyArrPtr = Module._malloc(32) | ||
var publicKeyArr = new Uint8Array(Module.HEAPU8.buffer, publicKeyArrPtr, 32) | ||
var sigPtr = Module._malloc(64) | ||
var sigArr = new Uint8Array(Module.HEAPU8.buffer, sigPtr, 64) | ||
msgArr.set(msg) | ||
publicKeyArr.set(publicKey) | ||
sigArr.set(sig) | ||
var result = Module._verify(msgArrPtr, msgLen, publicKeyArrPtr, sigPtr) === 0 | ||
Module._free(msgArrPtr) | ||
Module._free(publicKeyArrPtr) | ||
Module._free(sigPtr) | ||
return result | ||
} | ||
function walletSecretFromSeed(seed, chainCode) { | ||
validateBuffer(seed, 32) | ||
@@ -94,11 +147,6 @@ validateBuffer(chainCode, 32) | ||
return cbor.encode(hashBlake2b256(cbor.encode(ent))) | ||
return cborEncodeBuffer(blake2b256(cborEncodeBuffer(ent))) | ||
} | ||
function hashBlake2b256(input) { | ||
return Buffer.from(blake2.blake2b(input, null, 32)) | ||
} | ||
exports.walletSecretFromMnemonic = function(mnemonic) { | ||
function walletSecretFromMnemonic(mnemonic) { | ||
var hashSeed = mnemonicToHashSeed(mnemonic) | ||
@@ -136,3 +184,3 @@ var result | ||
exports.derivePrivate = function(parentKey, index, derivationMode){ | ||
function derivePrivate(parentKey, index, derivationMode) { | ||
validateBuffer(parentKey, 128) | ||
@@ -153,3 +201,3 @@ validateDerivationIndex(index) | ||
exports.derivePublic = function(parentExtPubKey, index, derivationMode){ | ||
function derivePublic(parentExtPubKey, index, derivationMode) { | ||
validateBuffer(parentExtPubKey, 64) | ||
@@ -174,5 +222,5 @@ validateDerivationIndex(index) | ||
parentChainCodeArr.set(parentChainCode) | ||
Module._derive_public(parentPubKeyArrPtr, parentChainCodeArrPtr, index, childPubKeyArrPtr, childChainCodeArrPtr, derivationMode) | ||
Module._free(parentPubKeyArrPtr) | ||
@@ -185,1 +233,174 @@ Module._free(parentChainCodeArrPtr) | ||
} | ||
function blake2b256(input) { | ||
validateBuffer(input) | ||
var inputLen = input.length | ||
var inputArrPtr = Module._malloc(inputLen) | ||
var inputArr = new Uint8Array(Module.HEAPU8.buffer, inputArrPtr, inputLen) | ||
var outputArrPtr = Module._malloc(32) | ||
var outputArr = new Uint8Array(Module.HEAPU8.buffer, outputArrPtr, 32) | ||
inputArr.set(input) | ||
Module._blake2b256(inputArrPtr, inputLen, outputArrPtr) | ||
Module._free(inputArrPtr) | ||
Module._free(outputArrPtr) | ||
return Buffer.from(outputArr) | ||
} | ||
function sha3_256(input) { | ||
validateBuffer(input) | ||
var inputLen = input.length | ||
var inputArrPtr = Module._malloc(inputLen) | ||
var inputArr = new Uint8Array(Module.HEAPU8.buffer, inputArrPtr, inputLen) | ||
var outputLen = 32 | ||
var outputArrPtr = Module._malloc(outputLen) | ||
var outputArr = new Uint8Array(Module.HEAPU8.buffer, outputArrPtr, outputLen) | ||
inputArr.set(input) | ||
Module._sha3_256(inputArrPtr, inputLen, outputArrPtr) | ||
Module._free(inputArrPtr) | ||
Module._free(outputArrPtr) | ||
return Buffer.from(outputArr) | ||
} | ||
function cardanoMemoryCombine(input, password) { | ||
validateString(password) | ||
validateBuffer(input) | ||
if (password === '') { | ||
return input | ||
} | ||
var transformedPassword = blake2b256(Buffer.from(password, 'utf-8')) | ||
var transformedPasswordLen = transformedPassword.length | ||
var transformedPasswordArrPtr = Module._malloc(transformedPasswordLen) | ||
var transformedPasswordArr = new Uint8Array(Module.HEAPU8.buffer, transformedPasswordArrPtr, transformedPasswordLen) | ||
var inputLen = input.length | ||
var inputArrPtr = Module._malloc(inputLen) | ||
var inputArr = new Uint8Array(Module.HEAPU8.buffer, inputArrPtr, inputLen) | ||
var outputArrPtr = Module._malloc(inputLen) | ||
var outputArr = new Uint8Array(Module.HEAPU8.buffer, outputArrPtr, inputLen) | ||
inputArr.set(input) | ||
transformedPasswordArr.set(transformedPassword) | ||
Module._cardano_memory_combine(transformedPasswordArrPtr, transformedPasswordLen, inputArrPtr, outputArrPtr, inputLen) | ||
Module._free(inputArrPtr) | ||
Module._free(outputArrPtr) | ||
Module._free(transformedPasswordArrPtr) | ||
return Buffer.from(outputArr) | ||
} | ||
function chacha20poly1305Encrypt(input, key, nonce) { | ||
validateBuffer(input) | ||
validateBuffer(key, 32) | ||
validateBuffer(nonce, 12) | ||
var inputLen = input.length | ||
var inputArrPtr = Module._malloc(inputLen) | ||
var inputArr = new Uint8Array(Module.HEAPU8.buffer, inputArrPtr, inputLen) | ||
var keyLen = key.length | ||
var keyArrPtr = Module._malloc(keyLen) | ||
var keyArr = new Uint8Array(Module.HEAPU8.buffer, keyArrPtr, keyLen) | ||
var nonceLen = nonce.length | ||
var nonceArrPtr = Module._malloc(nonceLen) | ||
var nonceArr = new Uint8Array(Module.HEAPU8.buffer, nonceArrPtr, nonceLen) | ||
var tagLen = 16 | ||
var outputLen = inputLen + tagLen | ||
var outputArrPtr = Module._malloc(outputLen) | ||
var outputArr = new Uint8Array(Module.HEAPU8.buffer, outputArrPtr, outputLen) | ||
inputArr.set(input) | ||
keyArr.set(key) | ||
nonceArr.set(nonce) | ||
var resultCode = Module._chacha20poly1305_enc(keyArrPtr, nonceArrPtr, inputArrPtr, inputLen, outputArrPtr, outputArrPtr + inputLen, tagLen, 1) | ||
Module._free(inputArrPtr) | ||
Module._free(keyArrPtr) | ||
Module._free(nonceArrPtr) | ||
Module._free(outputArrPtr) | ||
if (resultCode !== 0) { | ||
throw Error('chacha20poly1305 encryption has failed!') | ||
} | ||
return Buffer.from(outputArr) | ||
} | ||
function chacha20poly1305Decrypt(input, key, nonce) { | ||
validateBuffer(input) | ||
validateBuffer(key, 32) | ||
validateBuffer(nonce, 12) | ||
// extract tag from input | ||
var tagLen = 16 | ||
var tag = input.slice(input.length - tagLen, input.length) | ||
var input = input.slice(0, input.length - tagLen) | ||
var inputLen = input.length | ||
var inputArrPtr = Module._malloc(inputLen) | ||
var inputArr = new Uint8Array(Module.HEAPU8.buffer, inputArrPtr, inputLen) | ||
var tagArrPtr = Module._malloc(tagLen) | ||
var tagArr = new Uint8Array(Module.HEAPU8.buffer, tagArrPtr, tagLen) | ||
var keyLen = key.length | ||
var keyArrPtr = Module._malloc(keyLen) | ||
var keyArr = new Uint8Array(Module.HEAPU8.buffer, keyArrPtr, keyLen) | ||
var nonceLen = nonce.length | ||
var nonceArrPtr = Module._malloc(nonceLen) | ||
var nonceArr = new Uint8Array(Module.HEAPU8.buffer, nonceArrPtr, nonceLen) | ||
var outputLen = inputLen | ||
var outputArrPtr = Module._malloc(outputLen) | ||
var outputArr = new Uint8Array(Module.HEAPU8.buffer, outputArrPtr, outputLen) | ||
inputArr.set(input) | ||
tagArr.set(tag) | ||
keyArr.set(key) | ||
nonceArr.set(nonce) | ||
var resultCode = Module._chacha20poly1305_enc(keyArrPtr, nonceArrPtr, inputArrPtr, inputLen, outputArrPtr, tagArrPtr, tagLen, 0) | ||
Module._free(inputArrPtr) | ||
Module._free(keyArrPtr) | ||
Module._free(nonceArrPtr) | ||
Module._free(outputArrPtr) | ||
Module._free(tagArrPtr) | ||
if (resultCode !== 0) { | ||
throw Error('chacha20poly1305 decryption has failed!') | ||
} | ||
return Buffer.from(outputArr) | ||
} | ||
module.exports = { | ||
derivePublic, | ||
derivePrivate, | ||
sign, | ||
verify, | ||
sha3_256, | ||
chacha20poly1305Encrypt, | ||
chacha20poly1305Decrypt, | ||
blake2b256, | ||
walletSecretFromMnemonic, | ||
cardanoMemoryCombine, | ||
} |
{ | ||
"name": "cardano-crypto.js", | ||
"version": "1.0.0", | ||
"version": "2.0.0", | ||
"description": "input-output-hk/cardano-crypto compiled to pure javascript using Emscripten", | ||
"main": "index.js", | ||
"scripts": { | ||
"build": "node build.js" | ||
"build": "node build.js", | ||
"test": "tape test/**/*.js" | ||
}, | ||
@@ -25,10 +26,8 @@ "repository": { | ||
"devDependencies": { | ||
"glob": "^7.0.3" | ||
"glob": "^7.0.3", | ||
"tape": "^4.9.1" | ||
}, | ||
"dependencies": { | ||
"bip39": "^2.5.0", | ||
"blake2": "^2.0.1", | ||
"cbor": "^4.1.0", | ||
"crypto": "^1.0.1" | ||
"bip39": "^2.5.0" | ||
} | ||
} |
# cardano-crypto.js | ||
[input-output-hk/cardano-crypto](https://github.com/input-output-hk/cardano-crypto/tree/master/cbits) compiled to pure javascript using Emscripten | ||
* [input-output-hk/cardano-crypto](https://github.com/input-output-hk/cardano-crypto/tree/master/cbits) | ||
* [haskell-crypto/cryptonite](https://github.com/haskell-crypto/cryptonite) | ||
* [grigorig/chachapoly](https://github.com/grigorig/chachapoly) | ||
compiled to pure javascript using Emscripten. This is a collection of cryptolibraries useful for doing Cardano cryptography, eliminating the need for many dependencies. | ||
# examples | ||
@@ -11,3 +15,3 @@ ## signing | ||
var mnemonic = 'logic easily waste eager injury oval sentence wine bomb embrace gossip supreme' | ||
var parentWalletSecret = lib.walletSecretFromMnemonic(mnemonic) | ||
var walletSecret = lib.walletSecretFromMnemonic(mnemonic) | ||
var msg = new Buffer('hello there') | ||
@@ -37,1 +41,26 @@ var sig = lib.sign(msg, walletSecret) | ||
``` | ||
# available functions | ||
* `Buffer sign(Buffer msg, Buffer walletSecret)` | ||
* `Bool verify(Buffer msg, Buffer publicKey, Buffer sig)` | ||
* `Buffer walletSecretFromMnemonic(String mnemonic)` | ||
* `Buffer derivePrivate(Buffer parentKey, int index, int derivationMode)` | ||
* `Buffer derivePublic(Buffer parentExtPubKey, int index, int derivationMode)` | ||
* `Buffer blake2b256(Buffer input)` | ||
* `Buffer sha3_256(Buffer input)` | ||
* `Buffer chacha20poly1305Encrypt(Buffer input, Buffer key, Buffer nonce)` | ||
* `Buffer chacha20poly1305Decrypt(Buffer input, Buffer key, Buffer nonce)` | ||
* `Buffer cardanoMemoryCombine(Buffer input, String password)` | ||
We encourage you to take a look `at test/index.js` to see how the functions above should be used. | ||
# development | ||
* Install [emscripten](https://askubuntu.com/questions/891630/how-to-install-the-latest-emscripten-on-ubuntu-using-command-line) | ||
* run `npm install` | ||
* run `npm run build` | ||
# tests | ||
* run `npm run test` |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
1
6
64
1
229226
2
1139
1
2
- Removedblake2@^2.0.1
- Removedcbor@^4.1.0
- Removedcrypto@^1.0.1
- Removedbignumber.js@9.1.2(transitive)
- Removedblake2@2.0.2(transitive)
- Removedcbor@4.3.0(transitive)
- Removedcommander@3.0.2(transitive)
- Removedcrypto@1.0.1(transitive)
- Removeddelimit-stream@0.1.0(transitive)
- Removedjson-text-sequence@0.1.1(transitive)
- Removednan@2.22.0(transitive)
- Removednofilter@1.0.4(transitive)