BTCPrivate
/
bitcore
mirror of https://github.com/BTCPrivate/bitcore.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
bitcore/lib/BIP32.js

341 lines
10 KiB
JavaScript
Raw Blame History

var imports = require('soop').imports();
var base58 = imports.base58 || require('./Base58').base58;
var coinUtil = imports.coinUtil || require('../util');
var Key = imports.Key || require('./Key');
var Point = imports.Point || require('./Point');
var SecureRandom = imports.SecureRandom || require('./SecureRandom');
var bignum = imports.bignum || require('./Bignum');
var networks = require('../networks');
var secp256k1_n = new bignum('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16);
var secp256k1_Gx = new bignum('79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16);
/*
random new BIP32: new BIP32();
from extended public or private key: new BIP32(str);
new blank BIP32: new BIP32(null);
*/
var BIP32 = function(bytes) {
if (typeof bytes == 'undefined' || bytes == 'mainnet' || bytes == 'livenet') {
bytes = 'livenet';
this.version = networks['livenet'].bip32privateVersion;
}
else if (bytes == 'testnet') {
this.version = networks['testnet'].bip32privateVersion;
}
if (bytes == 'livenet' || bytes == 'testnet') {
this.depth = 0x00;
this.parentFingerprint = new Buffer([0, 0, 0, 0]);
this.childIndex = new Buffer([0, 0, 0, 0]);
this.chainCode = SecureRandom.getRandomBuffer(32);
this.eckey = Key.generateSync();
this.hasPrivateKey = true;
this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public);
this.buildExtendedPublicKey();
this.buildExtendedPrivateKey();
return;
}
// decode base58
if (typeof bytes === 'string') {
var decoded = base58.decode(bytes);
if (decoded.length != 82)
throw new Error('Not enough data, expected 82 and received '+decoded.length);
var checksum = decoded.slice(78, 82);
bytes = decoded.slice(0, 78);
var hash = coinUtil.sha256(coinUtil.sha256(bytes));
if (hash[0] != checksum[0] || hash[1] != checksum[1] || hash[2] != checksum[2] || hash[3] != checksum[3]) {
throw new Error('Invalid checksum');
}
}
if (bytes !== undefined && bytes !== null)
this.initFromBytes(bytes);
}
BIP32.seed = function(bytes, network) {
if (!network)
network = 'livenet';
if (!Buffer.isBuffer(bytes))
bytes = new Buffer(bytes, 'hex'); //if not buffer, assume hex
if (bytes.length < 128/8)
return false; //need more entropy
var hash = coinUtil.sha512hmac(bytes, new Buffer('Bitcoin seed'));
var bip32 = new BIP32(null);
bip32.depth = 0x00;
bip32.parentFingerprint = new Buffer([0, 0, 0, 0]);
bip32.childIndex = new Buffer([0, 0, 0, 0]);
bip32.chainCode = hash.slice(32, 64);
bip32.version = networks[network].bip32privateVersion;
bip32.eckey = new Key();
bip32.eckey.private = hash.slice(0, 32);
bip32.eckey.regenerateSync();
bip32.hasPrivateKey = true;
bip32.pubKeyHash = coinUtil.sha256ripe160(bip32.eckey.public);
bip32.buildExtendedPublicKey();
bip32.buildExtendedPrivateKey();
return bip32;
};
BIP32.prototype.initFromBytes = function(bytes) {
// Both pub and private extended keys are 78 bytes
if(bytes.length != 78) throw new Error('not enough data');
this.version = u32(bytes.slice(0, 4));
this.depth = u8(bytes.slice(4, 5));
this.parentFingerprint = bytes.slice(5, 9);
this.childIndex = u32(bytes.slice(9, 13));
this.chainCode = bytes.slice(13, 45);
var keyBytes = bytes.slice(45, 78);
var isPrivate =
(this.version == networks['livenet'].bip32privateVersion ||
this.version == networks['testnet'].bip32privateVersion );
var isPublic =
(this.version == networks['livenet'].bip32publicVersion ||
this.version == networks['testnet'].bip32publicVersion );
if (isPrivate && keyBytes[0] == 0) {
this.eckey = new Key();
this.eckey.private = keyBytes.slice(1, 33);
this.eckey.compressed = true;
this.eckey.regenerateSync();
this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public);
this.hasPrivateKey = true;
} else if (isPublic && (keyBytes[0] == 0x02 || keyBytes[0] == 0x03)) {
this.eckey = new Key();
this.eckey.public = keyBytes;
this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public);
this.hasPrivateKey = false;
} else {
throw new Error('Invalid key');
}
this.buildExtendedPublicKey();
this.buildExtendedPrivateKey();
}
BIP32.prototype.buildExtendedPublicKey = function() {
this.extendedPublicKey = new Buffer([]);
var v = null;
switch(this.version) {
case networks['livenet'].bip32publicVersion:
case networks['livenet'].bip32privateVersion:
v = networks['livenet'].bip32publicVersion;
break;
case networks['testnet'].bip32publicVersion:
case networks['testnet'].bip32privateVersion:
v = networks['testnet'].bip32publicVersion;
break;
default:
throw new Error('Unknown version');
}
// Version
this.extendedPublicKey = Buffer.concat([
new Buffer([v >> 24]),
new Buffer([(v >> 16) & 0xff]),
new Buffer([(v >> 8) & 0xff]),
new Buffer([v & 0xff]),
new Buffer([this.depth]),
this.parentFingerprint,
new Buffer([this.childIndex >>> 24]),
new Buffer([(this.childIndex >>> 16) & 0xff]),
new Buffer([(this.childIndex >>> 8) & 0xff]),
new Buffer([this.childIndex & 0xff]),
this.chainCode,
this.eckey.public
]);
}
BIP32.prototype.extendedPublicKeyString = function(format) {
if (format === undefined || format === 'base58') {
var hash = coinUtil.sha256(coinUtil.sha256(this.extendedPublicKey));
var checksum = hash.slice(0, 4);
var data = Buffer.concat([this.extendedPublicKey, checksum]);
return base58.encode(data);
} else if (format === 'hex') {
return this.extendedPublicKey.toString('hex');;
} else {
throw new Error('bad format');
}
}
BIP32.prototype.buildExtendedPrivateKey = function() {
if (!this.hasPrivateKey) return;
this.extendedPrivateKey = new Buffer([]);
var v = this.version;
this.extendedPrivateKey = Buffer.concat([
new Buffer([v >> 24]),
new Buffer([(v >> 16) & 0xff]),
new Buffer([(v >> 8) & 0xff]),
new Buffer([v & 0xff]),
new Buffer([this.depth]),
this.parentFingerprint,
new Buffer([this.childIndex >>> 24]),
new Buffer([(this.childIndex >>> 16) & 0xff]),
new Buffer([(this.childIndex >>> 8) & 0xff]),
new Buffer([this.childIndex & 0xff]),
this.chainCode,
new Buffer([0]),
this.eckey.private
]);
}
BIP32.prototype.extendedPrivateKeyString = function(format) {
if (format === undefined || format === 'base58') {
var hash = coinUtil.sha256(coinUtil.sha256(this.extendedPrivateKey));
var checksum = hash.slice(0, 4);
var data = Buffer.concat([this.extendedPrivateKey, checksum]);
return base58.encode(data);
} else if (format === 'hex') {
return this.extendedPrivateKey.toString('hex');
} else {
throw new Error('bad format');
}
}
BIP32.prototype.derive = function(path) {
var e = path.split('/');
// Special cases:
if (path == 'm' || path == 'M' || path == 'm\'' || path == 'M\'')
return this;
var bip32 = this;
for (var i in e) {
var c = e[i];
if (i == 0 ) {
if (c != 'm') throw new Error('invalid path');
continue;
}
var usePrivate = (c.length > 1) && (c[c.length-1] == '\'');
var childIndex = parseInt(usePrivate ? c.slice(0, c.length - 1) : c) & 0x7fffffff;
if (usePrivate)
childIndex += 0x80000000;
bip32 = bip32.deriveChild(childIndex);
}
return bip32;
}
BIP32.prototype.deriveChild = function(i) {
var ib = [];
ib.push((i >> 24) & 0xff);
ib.push((i >> 16) & 0xff);
ib.push((i >> 8) & 0xff);
ib.push(i & 0xff);
ib = new Buffer(ib);
var usePrivate = (i & 0x80000000) != 0;
var isPrivate =
(this.version == networks['livenet'].bip32privateVersion ||
this.version == networks['testnet'].bip32privateVersion );
if (usePrivate && (!this.hasPrivateKey || !isPrivate))
throw new Error('Cannot do private key derivation without private key');
var ret = null;
if (this.hasPrivateKey) {
var data = null;
if (usePrivate) {
data = Buffer.concat([new Buffer([0]), this.eckey.private, ib]);
} else {
data = Buffer.concat([this.eckey.public, ib]);
}
var hash = coinUtil.sha512hmac(data, this.chainCode);
var il = bignum.fromBuffer(hash.slice(0, 32), {size: 32});
var ir = hash.slice(32, 64);
// ki = IL + kpar (mod n).
var priv = bignum.fromBuffer(this.eckey.private, {size: 32});
var k = il.add(priv).mod(secp256k1_n);
ret = new BIP32(null);
ret.chainCode = ir;
ret.eckey = new Key();
ret.eckey.private = k.toBuffer({size: 32});
ret.eckey.regenerateSync();
ret.hasPrivateKey = true;
} else {
var data = Buffer.concat([this.eckey.public, ib]);
var hash = coinUtil.sha512hmac(data, this.chainCode);
var il = hash.slice(0, 32);
var ir = hash.slice(32, 64);
// Ki = (IL + kpar)*G = IL*G + Kpar
var ilGkey = new Key();
ilGkey.private = il;
ilGkey.regenerateSync();
ilGkey.compressed = false;
var ilG = Point.fromUncompressedPubKey(ilGkey.public);
var oldkey = new Key();
oldkey.public = this.eckey.public;
oldkey.compressed = false;
var Kpar = Point.fromUncompressedPubKey(oldkey.public);
var newpub = Point.add(ilG, Kpar).toUncompressedPubKey();
ret = new BIP32(null);
ret.chainCode = new Buffer(ir);
var eckey = new Key();
eckey.public = newpub;
eckey.compressed = true;
ret.eckey = eckey;
ret.hasPrivateKey = false;
}
ret.childIndex = i;
ret.parentFingerprint = this.pubKeyHash.slice(0,4);
ret.version = this.version;
ret.depth = this.depth + 1;
ret.eckey.compressed = true;
ret.pubKeyHash = coinUtil.sha256ripe160(ret.eckey.public);
ret.buildExtendedPublicKey();
ret.buildExtendedPrivateKey();
return ret;
}
function uint(f, size) {
if (f.length < size)
throw new Error('not enough data');
var n = 0;
for (var i = 0; i < size; i++) {
n *= 256;
n += f[i];
}
return n;
}
function u8(f) {return uint(f,1);}
function u16(f) {return uint(f,2);}
function u32(f) {return uint(f,4);}
function u64(f) {return uint(f,8);}
module.exports = require('soop')(BIP32);
Reference in New Issue View Git Blame Copy Permalink