conseiljs-softsigner - npm Package Compare versions

Comparing version 5.0.3 to 5.0.4-1

dist/KeyStoreUtils.d.ts

@@ -20,2 +20,3 @@ /// <reference types="node" />
     function checkTextSignature(signature: string, message: string, publicKey: string, prehash?: boolean): Promise<boolean>;
+    function checkSignature(signature: string, bytes: Buffer, publicKey: string): Promise<boolean>;
 }

dist/KeyStoreUtils.js

@@ -20,2 +20,4 @@ "use strict";
 const bip39 = __importStar(require("bip39"));
+const secp256k1 = __importStar(require("secp256k1"));
+const Ed25519 = __importStar(require("ed25519-hd-key"));
 const conseiljs_1 = require("conseiljs");
@@ -56,4 +58,12 @@ const conseiljs_2 = require("conseiljs");
             }
-            const seed = (yield bip39.mnemonicToSeed(mnemonic, password)).slice(0, 32);
-            const keys = yield generateKeys(seed);
+            let keys;
+            const seed = yield bip39.mnemonicToSeed(mnemonic, password);
+            if (derivationPath !== undefined && derivationPath.length > 0) {
+                const keySource = Ed25519.derivePath(derivationPath, seed.toString("hex"));
+                const combinedKey = Buffer.concat([keySource.key, keySource.chainCode]);
+                keys = yield recoverKeys(combinedKey);
+            }
+            else {
+                keys = yield generateKeys(seed.slice(0, 32));
+            }
             const secretKey = conseiljs_2.TezosMessageUtils.readKeyWithHint(keys.secretKey, 'edsk');
@@ -110,9 +120,36 @@ const publicKey = conseiljs_2.TezosMessageUtils.readKeyWithHint(keys.publicKey, 'edpk');
             }
-            const sig = conseiljs_2.TezosMessageUtils.writeSignatureWithHint(signature, 'edsig');
-            const pk = conseiljs_2.TezosMessageUtils.writeKeyWithHint(publicKey, 'edpk');
-            return yield CryptoUtils_1.CryptoUtils.checkSignature(sig, messageBytes, pk);
+            return checkSignature(signature, messageBytes, publicKey);
         });
     }
     KeyStoreUtils.checkTextSignature = checkTextSignature;
+    function checkSignature(signature, bytes, publicKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sigPrefix = signature.slice(0, 5);
+            const keyPrefix = publicKey.slice(0, 4);
+            let curve = conseiljs_1.SignerCurve.ED25519;
+            if (sigPrefix === 'edsig' && keyPrefix === 'edpk') {
+                curve = conseiljs_1.SignerCurve.ED25519;
+            }
+            else if (sigPrefix === 'spsig' && keyPrefix === 'sppk') {
+                curve = conseiljs_1.SignerCurve.SECP256K1;
+            }
+            else if (sigPrefix === 'p2sig' && keyPrefix === 'p2pk') {
+                throw new Error('secp256r1 curve is not currently supported');
+            }
+            else {
+                throw new Error(`Signature/key prefix mismatch ${sigPrefix}/${keyPrefix}`);
+            }
+            const sig = conseiljs_2.TezosMessageUtils.writeSignatureWithHint(signature, sigPrefix);
+            const pk = conseiljs_2.TezosMessageUtils.writeKeyWithHint(publicKey, keyPrefix);
+            if (curve === conseiljs_1.SignerCurve.ED25519) {
+                return yield CryptoUtils_1.CryptoUtils.checkSignature(sig, bytes, pk);
+            }
+            if (curve === conseiljs_1.SignerCurve.SECP256K1) {
+                return secp256k1.ecdsaVerify(sig, bytes, pk);
+            }
+            return false;
+        });
+    }
+    KeyStoreUtils.checkSignature = checkSignature;
 })(KeyStoreUtils = exports.KeyStoreUtils || (exports.KeyStoreUtils = {}));
 //# sourceMappingURL=KeyStoreUtils.js.map

dist/SoftSigner.d.ts

@@ -5,14 +5,11 @@ /// <reference types="node" />
     readonly _secretKey: Buffer;
-    private _passphrase;
+    private _isEncrypted;
     private _salt;
-    private _key;
-    private _lockTimout;
-    private _unlocked;
     private constructor();
     getSignerCurve(): SignerCurve;
-    static createSigner(secretKey: Buffer, validity?: number): Promise<Signer>;
-    private getKey;
-    signOperation(bytes: Buffer): Promise<Buffer>;
-    signText(message: string): Promise<string>;
-    signTextHash(message: string): Promise<string>;
+    static createSigner(secretKey: Buffer, password?: string): Promise<Signer>;
+    getKey(password?: string): Promise<Buffer>;
+    signOperation(bytes: Buffer, password?: string): Promise<Buffer>;
+    signText(message: string, password?: string): Promise<string>;
+    signTextHash(message: string, password?: string): Promise<string>;
 }

dist/SoftSigner.js

@@ -11,24 +11,10 @@ "use strict";
 };
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const GeneratePassword = __importStar(require("generate-password"));
 const conseiljs_1 = require("conseiljs");
 const CryptoUtils_1 = require("./utils/CryptoUtils");
 class SoftSigner {
-    constructor(secretKey, validity = -1, passphrase = '', salt) {
+    constructor(secretKey, isEncrypted = false, salt) {
         this._secretKey = secretKey;
-        this._lockTimout = validity;
-        this._passphrase = passphrase;
+        this._isEncrypted = isEncrypted;
         this._salt = salt ? salt : Buffer.alloc(0);
-        this._unlocked = validity < 0;
-        this._key = Buffer.alloc(0);
-        if (validity < 0) {
-            this._key = secretKey;
-        }
     }
@@ -38,50 +24,34 @@ getSignerCurve() {
     }
-    static createSigner(secretKey, validity = 60) {
+    static createSigner(secretKey, password = '') {
         return __awaiter(this, void 0, void 0, function* () {
-            if (validity >= 0) {
-                const passphrase = GeneratePassword.generate({ length: 32, numbers: true, symbols: true, lowercase: true, uppercase: true });
+            if (password.length > 0) {
                 const salt = yield CryptoUtils_1.CryptoUtils.generateSaltForPwHash();
-                secretKey = yield CryptoUtils_1.CryptoUtils.encryptMessage(secretKey, passphrase, salt);
-                return new SoftSigner(secretKey, validity, passphrase, salt);
+                const encryptedKey = yield CryptoUtils_1.CryptoUtils.encryptMessage(secretKey, password, salt);
+                return new SoftSigner(encryptedKey, true, salt);
             }
-            else {
-                return new SoftSigner(secretKey);
-            }
+            return new SoftSigner(secretKey);
         });
     }
-    getKey() {
+    getKey(password = '') {
         return __awaiter(this, void 0, void 0, function* () {
-            if (!this._unlocked) {
-                const k = yield CryptoUtils_1.CryptoUtils.decryptMessage(this._secretKey, this._passphrase, this._salt);
-                if (this._lockTimout == 0) {
-                    return k;
-                }
-                this._key = k;
-                this._unlocked = true;
-                if (this._lockTimout > 0) {
-                    setTimeout(() => {
-                        this._key = Buffer.alloc(0);
-                        this._unlocked = false;
-                    }, this._lockTimout * 1000);
-                }
-                return this._key;
+            if (this._isEncrypted && password.length > 0) {
+                return yield CryptoUtils_1.CryptoUtils.decryptMessage(this._secretKey, password, this._salt);
             }
-            return this._key;
+            return this._secretKey;
         });
     }
-    signOperation(bytes) {
+    signOperation(bytes, password = '') {
         return __awaiter(this, void 0, void 0, function* () {
-            return CryptoUtils_1.CryptoUtils.signDetached(conseiljs_1.TezosMessageUtils.simpleHash(bytes, 32), yield this.getKey());
+            return CryptoUtils_1.CryptoUtils.signDetached(conseiljs_1.TezosMessageUtils.simpleHash(bytes, 32), yield this.getKey(password));
         });
     }
-    signText(message) {
+    signText(message, password = '') {
         return __awaiter(this, void 0, void 0, function* () {
-            const messageSig = yield CryptoUtils_1.CryptoUtils.signDetached(Buffer.from(message, 'utf8'), yield this.getKey());
+            const messageSig = yield CryptoUtils_1.CryptoUtils.signDetached(Buffer.from(message, 'utf8'), yield this.getKey(password));
             return conseiljs_1.TezosMessageUtils.readSignatureWithHint(messageSig, 'edsig');
         });
     }
-    signTextHash(message) {
+    signTextHash(message, password = '') {
         return __awaiter(this, void 0, void 0, function* () {
-            const messageHash = conseiljs_1.TezosMessageUtils.simpleHash(Buffer.from(message, 'utf8'), 32);
-            const messageSig = yield CryptoUtils_1.CryptoUtils.signDetached(messageHash, yield this.getKey());
+            const messageSig = yield this.signOperation(Buffer.from(message, 'utf8'), password);
             return conseiljs_1.TezosMessageUtils.readSignatureWithHint(messageSig, 'edsig');
@@ -88,0 +58,0 @@ });

dist/utils/WrapperWrapper.js

@@ -26,6 +26,11 @@ /**
 
+const seed_keypair = async (seed) => {
+    await sodiumsumo.ready;
+    return sodiumsumo.crypto_sign_seed_keypair(seed);
+}
+
 const publicKey = async (sk) => {
     await sodiumsumo.ready;
     const seed = sodiumsumo.crypto_sign_ed25519_sk_to_seed(sk)
-    return sodiumsumo.crypto_sign_seed_keypair(seed, '');
+    return sodiumsumo.crypto_sign_seed_keypair(seed);
 }
@@ -62,2 +67,2 @@
 
-module.exports = {salt, nonce, keys, publicKey, pwhash, close, open, sign, checkSignature};
+module.exports = {salt, nonce, keys, seed_keypair, publicKey, pwhash, close, open, sign, checkSignature};

package.json

 {
   "name": "conseiljs-softsigner",
-  "version": "5.0.3",
+  "version": "5.0.4-1",
   "description": "ConseilJS software signer plugin for ConseilJS-core. Supports the ED25519 curve via libsodium for tz1-address operations.",
@@ -66,40 +66,34 @@ "browser": "dist/index.js",
   "dependencies": {
-    "bip39": "3.0.2",
-    "conseiljs": "5.0.3",
-    "generate-password": "1.5.1",
-    "libsodium-wrappers-sumo": "0.7.6"
+    "bip39": "3.0.3",
+    "conseiljs": "5.0.7",
+    "ed25519-hd-key": "1.1.2",
+    "libsodium-wrappers-sumo": "0.7.8",
+    "secp256k1": "4.0.2"
   },
   "devDependencies": {
-    "@types/chai": "4.2.11",
-    "@types/chai-as-promised": "7.1.2",
-    "@types/mocha": "7.0.2",
+    "@types/chai": "4.2.14",
+    "@types/chai-as-promised": "7.1.3",
+    "@types/mocha": "8.2.0",
     "@types/nock": "11.1.0",
     "@types/node": "14.0.13",
-    "@typescript-eslint/eslint-plugin": "3.2.0",
-    "@typescript-eslint/parser": "3.2.0",
+    "@typescript-eslint/parser": "4.3.0",
     "awesome-typescript-loader": "5.2.1",
-    "chai": "4.2.0",
+    "chai": "4.3.0",
     "chai-as-promised": "7.1.1",
-    "copyfiles": "2.3.0",
+    "copyfiles": "2.4.1",
     "coveralls": "3.1.0",
-    "eslint": "7.2.0",
-    "eslint-config-airbnb-base": "14.2.0",
-    "eslint-plugin-import": "2.21.2",
-    "mocha": "7.2.0",
+    "eslint": "7.15.0",
+    "mocha": "8.2.1",
     "nyc": "15.1.0",
-    "request-promise": "4.2.5",
     "terser-webpack-plugin": "3.0.3",
-    "ts-loader": "7.0.5",
     "ts-node": "8.10.2",
-    "tsconfig-paths-webpack-plugin": "3.2.0",
-    "typedoc": "0.17.7",
-    "typedoc-plugin-markdown": "2.3.1",
+    "tsconfig-paths-webpack-plugin": "3.3.0",
+    "typedoc": "0.17.8",
     "typescript": "3.8.3",
-    "webpack": "4.43.0",
-    "webpack-cli": "3.3.11",
-    "webpack-node-externals": "1.7.2"
+    "webpack": "4.44.2",
+    "webpack-cli": "3.3.12"
   },
   "engines": {
-    "node": ">=12.16.3",
-    "npm": ">=6.14.4"
+    "node": ">=12.20.1",
+    "npm": ">=6.14.10"
   },
@@ -106,0 +100,0 @@ "eslintConfig": {

README.md

@@ -51,3 +51,3 @@ # ConseilJS-softsigner
     <script src="https://cdn.jsdelivr.net/gh/cryptonomic/conseiljs-softsigner/dist-web/conseiljs-softsigner.min.js"
-        integrity="sha384-V1iaajn0x/SMFcZ9Y/xNQmqQSKyll6Dzt27U6OWiv8NdbHTVaHOGHdQ8g0G68HPd"
+        integrity="sha384-8hUqY2CBknwQhcHbNTu7vcu0oJ/jp9OWtAV1Nc90JlUdR/JRKESIJPQsJP7TiygA"
         crossorigin="anonymous"></script>
@@ -54,0 +54,0 @@ <script>

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

45394

increased by2.1%

Dev dependency count

21

decreased by-25%

Lines of code

391

increased by2.09%

Worsened metrics

Dependency count

5

increased by25%

Number of low quality alerts

1

increased byInfinity%

Dependency changes

• + Addeded25519-hd-key@1.1.2

• + Addedsecp256k1@4.0.2

• + Addedbip39@3.0.3(transitive)

• + Addedbn.js@4.12.1(transitive)

• + Addedbrorand@1.1.0(transitive)

• + Addedconseiljs@5.0.7(transitive)

• + Addeded25519-hd-key@1.1.2(transitive)

• + Addedelliptic@6.6.1(transitive)

• + Addedhash.js@1.1.7(transitive)

• + Addedhmac-drbg@1.0.1(transitive)

• + Addedjsonpath-plus@5.0.2(transitive)

• + Addedlibsodium-sumo@0.7.15(transitive)

• + Addedlibsodium-wrappers-sumo@0.7.8(transitive)

• + Addedminimalistic-assert@1.0.1(transitive)

• + Addedminimalistic-crypto-utils@1.0.1(transitive)

• + Addednode-addon-api@2.0.2(transitive)

• + Addednode-gyp-build@4.8.4(transitive)

• + Addedsecp256k1@4.0.2(transitive)

• + Addedtweetnacl@1.0.3(transitive)

• - Removedgenerate-password@1.5.1

• - Removedconseiljs@5.0.3(transitive)

• - Removedgenerate-password@1.5.1(transitive)

• - Removedjsonpath-plus@4.0.0(transitive)

• - Removedlibsodium-sumo@0.7.6(transitive)

• - Removedlibsodium-wrappers-sumo@0.7.6(transitive)

• Updatedbip39@3.0.3

• Updatedconseiljs@5.0.7

• Updatedlibsodium-wrappers-sumo@0.7.8