UNPKG

blockstack

Version:

The Blockstack Javascript library for authentication, identity, and storage.

blockstack.org

blockstack/blockstack.js

183 lines (165 loc) 5.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
import { validateMnemonic, mnemonicToEntropy, entropyToMnemonic } from 'bip39'; import { randomBytes, GetRandomBytes } from './cryptoRandom'; import { createSha2Hash } from './sha2Hash'; import { createHmacSha256 } from './hmacSha256'; import { createCipher } from './aesCipher'; import { createPbkdf2 } from './pbkdf2'; import { TriplesecDecryptSignature } from './cryptoUtils'; /** * Encrypt a raw mnemonic phrase to be password protected * @param {string} phrase - Raw mnemonic phrase * @param {string} password - Password to encrypt mnemonic with * @return {Promise<Buffer>} The encrypted phrase * @private * @ignore * */ export async function encryptMnemonic( phrase: string, password: string, opts?: { getRandomBytes?: GetRandomBytes; } ): Promise<Buffer> { // hex encoded mnemonic string let mnemonicEntropy: string; try { // must be bip39 mnemonic mnemonicEntropy = mnemonicToEntropy(phrase); } catch (error) { console.error('Invalid mnemonic phrase provided'); console.error(error); throw new Error('Not a valid bip39 mnemonic'); } // normalize plaintext to fixed length byte string const plaintextNormalized = Buffer.from(mnemonicEntropy, 'hex'); // AES-128-CBC with SHA256 HMAC const pbkdf2 = await createPbkdf2(); let salt: Buffer; if (opts && opts.getRandomBytes) { salt = opts.getRandomBytes(16); } else { salt = randomBytes(16); } const keysAndIV = await pbkdf2.derive(password, salt, 100000, 48, 'sha512'); const encKey = keysAndIV.slice(0, 16); const macKey = keysAndIV.slice(16, 32); const iv = keysAndIV.slice(32, 48); const cipher = await createCipher(); const cipherText = await cipher.encrypt( 'aes-128-cbc', encKey, iv, plaintextNormalized ); const hmacPayload = Buffer.concat([salt, cipherText]); const hmacSha256 = await createHmacSha256(); const hmacDigest = await hmacSha256.digest(macKey, hmacPayload); const payload = Buffer.concat([salt, hmacDigest, cipherText]); return payload; } // Used to distinguish bad password during decrypt vs invalid format class PasswordError extends Error {} /** * @ignore */ async function decryptMnemonicBuffer( dataBuffer: Buffer, password: string ): Promise<string> { const salt = dataBuffer.slice(0, 16); const hmacSig = dataBuffer.slice(16, 48); // 32 bytes const cipherText = dataBuffer.slice(48); const hmacPayload = Buffer.concat([salt, cipherText]); const pbkdf2 = await createPbkdf2(); const keysAndIV = await pbkdf2.derive(password, salt, 100000, 48, 'sha512'); const encKey = keysAndIV.slice(0, 16); const macKey = keysAndIV.slice(16, 32); const iv = keysAndIV.slice(32, 48); const decipher = await createCipher(); const decryptedResult = await decipher.decrypt( 'aes-128-cbc', encKey, iv, cipherText ); const hmacSha256 = await createHmacSha256(); const hmacDigest = await hmacSha256.digest(macKey, hmacPayload); // hash both hmacSig and hmacDigest so string comparison time // is uncorrelated to the ciphertext const sha2Hash = await createSha2Hash(); const hmacSigHash = await sha2Hash.digest(hmacSig); const hmacDigestHash = await sha2Hash.digest(hmacDigest); if (!hmacSigHash.equals(hmacDigestHash)) { // not authentic throw new PasswordError('Wrong password (HMAC mismatch)'); } let mnemonic: string; try { mnemonic = entropyToMnemonic(decryptedResult); } catch (error) { console.error('Error thrown by `entropyToMnemonic`'); console.error(error); throw new PasswordError('Wrong password (invalid plaintext)'); } if (!validateMnemonic(mnemonic)) { throw new PasswordError('Wrong password (invalid plaintext)'); } return mnemonic; } /** * Decrypt legacy triplesec keys * @param {Buffer} dataBuffer - The encrypted key * @param {String} password - Password for data * @return {Promise<Buffer>} Decrypted seed * @private * @ignore */ function decryptLegacy( dataBuffer: Buffer, password: string, triplesecDecrypt: TriplesecDecryptSignature ): Promise<Buffer> { return new Promise<Buffer>((resolve, reject) => { if (!triplesecDecrypt) { reject(new Error('The `triplesec.decrypt` function must be provided')); } triplesecDecrypt( { key: Buffer.from(password), data: dataBuffer }, (err, plaintextBuffer) => { if (!err) { resolve(plaintextBuffer); } else { reject(err); } } ); }); } /** * Decrypt an encrypted mnemonic phrase with a password. * Legacy triplesec encrypted payloads are also supported. * @param data - Buffer or hex-encoded string of the encrypted mnemonic * @param password - Password for data * @return the raw mnemonic phrase * @private * @ignore */ export async function decryptMnemonic( data: string | Buffer, password: string, triplesecDecrypt?: TriplesecDecryptSignature ) { const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, 'hex'); try { return await decryptMnemonicBuffer(dataBuffer, password); } catch (err) { if (err instanceof PasswordError) { throw err; } const data = await decryptLegacy(dataBuffer, password, triplesecDecrypt); return data.toString(); } }