UNPKG

@taquito/signer

Version:

Provide signing functionality to be with taquito

168 lines (167 loc) 7.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __exportStar = (this && this.__exportStar) || function(m, exports) { for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p); }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.InMemorySigner = exports.InvalidPassphraseError = exports.VERSION = void 0; /** * @packageDocumentation * @module @taquito/signer */ const nacl_1 = require("@stablelib/nacl"); const blake2b_1 = require("@stablelib/blake2b"); const utils_1 = require("@taquito/utils"); const typedarray_to_buffer_1 = require("typedarray-to-buffer"); const ed_key_1 = require("./ed-key"); const ec_key_1 = require("./ec-key"); const pbkdf2_1 = require("pbkdf2"); const Bip39 = require("bip39"); const helpers_1 = require("./helpers"); const errors_1 = require("./errors"); const core_1 = require("@taquito/core"); __exportStar(require("./import-key"), exports); var version_1 = require("./version"); Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return version_1.VERSION; } }); __exportStar(require("./derivation-tools"), exports); __exportStar(require("./helpers"), exports); var errors_2 = require("./errors"); Object.defineProperty(exports, "InvalidPassphraseError", { enumerable: true, get: function () { return errors_2.InvalidPassphraseError; } }); /** * @description A local implementation of the signer. Will represent a Tezos account and be able to produce signature in its behalf * * @warn If running in production and dealing with tokens that have real value, it is strongly recommended to use a HSM backed signer so that private key material is not stored in memory or on disk * @throws {@link InvalidMnemonicError} */ class InMemorySigner { static fromFundraiser(email, password, mnemonic) { if (!Bip39.validateMnemonic(mnemonic)) { throw new errors_1.InvalidMnemonicError(mnemonic); } const seed = Bip39.mnemonicToSeedSync(mnemonic, `${email}${password}`); const key = (0, utils_1.b58cencode)(seed.slice(0, 32), utils_1.prefix.edsk2); return new InMemorySigner(key); } static fromSecretKey(key, passphrase) { return __awaiter(this, void 0, void 0, function* () { return new InMemorySigner(key, passphrase); }); } /** * * @description Instantiation of an InMemorySigner instance from a mnemonic * @param mnemonic 12-24 word mnemonic * @param password password used to encrypt the mnemonic to seed value * @param derivationPath default 44'/1729'/0'/0' (44'/1729' mandatory) * @param curve currently only supported for tz1, tz2, tz3 addresses. soon bip25519 * @returns InMemorySigner * @throws {@link InvalidMnemonicError} */ static fromMnemonic({ mnemonic, password = '', derivationPath = "44'/1729'/0'/0'", curve = 'ed25519', }) { // check if curve is defined if not default tz1 if (!Bip39.validateMnemonic(mnemonic)) { // avoiding exposing mnemonic again in case of mistake making invalid throw new errors_1.InvalidMnemonicError(mnemonic); } const seed = Bip39.mnemonicToSeedSync(mnemonic, password); const sk = (0, helpers_1.generateSecretKey)(seed, derivationPath, curve); return new InMemorySigner(sk); } /** * * @param key Encoded private key * @param passphrase Passphrase to decrypt the private key if it is encrypted * @throws {@link InvalidKeyError} * */ constructor(key, passphrase) { const encrypted = key.substring(2, 3) === 'e'; let decrypt = (k) => k; if (encrypted) { if (!passphrase) { throw new errors_1.InvalidPassphraseError('No passphrase provided to decrypt encrypted key'); } decrypt = (constructedKey) => { const salt = (0, typedarray_to_buffer_1.default)(constructedKey.slice(0, 8)); const encryptedSk = constructedKey.slice(8); const encryptionKey = pbkdf2_1.default.pbkdf2Sync(passphrase, salt, 32768, 32, 'sha512'); return (0, nacl_1.openSecretBox)(new Uint8Array(encryptionKey), new Uint8Array(24), new Uint8Array(encryptedSk)); }; } switch (key.substring(0, 4)) { case 'edes': case 'edsk': this._key = new ed_key_1.Tz1(key, encrypted, decrypt); break; case 'spsk': case 'spes': this._key = new ec_key_1.Tz2(key, encrypted, decrypt); break; case 'p2sk': case 'p2es': this._key = new ec_key_1.Tz3(key, encrypted, decrypt); break; default: throw new core_1.InvalidKeyError(`${(0, utils_1.invalidDetail)(utils_1.ValidationResult.NO_PREFIX_MATCHED)} expecting one of the following '${utils_1.Prefix.EDESK}', '${utils_1.Prefix.EDSK}', '${utils_1.Prefix.SPSK}', '${utils_1.Prefix.SPESK}', '${utils_1.Prefix.P2SK}' or '${utils_1.Prefix.P2ESK}'.`); } } /** * * @param bytes Bytes to sign * @param watermark Watermark to append to the bytes */ sign(bytes, watermark) { return __awaiter(this, void 0, void 0, function* () { let bb = (0, utils_1.hex2buf)(bytes); if (typeof watermark !== 'undefined') { bb = (0, utils_1.mergebuf)(watermark, bb); } const bytesHash = (0, blake2b_1.hash)(bb, 32); return this._key.sign(bytes, bytesHash); }); } /** * @returns Encoded public key */ publicKey() { return __awaiter(this, void 0, void 0, function* () { return this._key.publicKey(); }); } /** * @returns Encoded public key hash */ publicKeyHash() { return __awaiter(this, void 0, void 0, function* () { return this._key.publicKeyHash(); }); } /** * @returns Encoded private key */ secretKey() { return __awaiter(this, void 0, void 0, function* () { return this._key.secretKey(); }); } } exports.InMemorySigner = InMemorySigner;