UNPKG

micro-key-producer

Version:

Produces secure keys and passwords. Supports SSH, PGP, BLS, OTP, and many others

github.com/paulmillr/micro-key-producer

paulmillr/micro-key-producer

125 lines 4.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.HDKey = exports.HARDENED_OFFSET = exports.MASTER_SECRET = void 0; /*! micro-key-producer - MIT License (c) 2024 Paul Miller (paulmillr.com) */ const ed25519_1 = require("@noble/curves/ed25519"); const _assert_1 = require("@noble/hashes/_assert"); const hmac_1 = require("@noble/hashes/hmac"); const ripemd160_1 = require("@noble/hashes/ripemd160"); const sha256_1 = require("@noble/hashes/sha256"); const sha512_1 = require("@noble/hashes/sha512"); const utils_1 = require("@noble/hashes/utils"); exports.MASTER_SECRET = (0, utils_1.utf8ToBytes)('ed25519 seed'); exports.HARDENED_OFFSET = 0x80000000; const ZERO = new Uint8Array([0]); function ensureBytes(b, ...lengths) { if (typeof b === 'string') b = (0, utils_1.hexToBytes)(b); (0, _assert_1.abytes)(b, ...lengths); return b; } const hash160 = (data) => (0, ripemd160_1.ripemd160)((0, sha256_1.sha256)(data)); const fromU32 = (data) => (0, utils_1.createView)(data).getUint32(0, false); const toU32 = (n) => { if (!Number.isSafeInteger(n) || n < 0 || n > 2 ** 32 - 1) { throw new Error(`Invalid number=${n}. Should be from 0 to 2 ** 32 - 1`); } const buf = new Uint8Array(4); (0, utils_1.createView)(buf).setUint32(0, n, false); return buf; }; class HDKey { get publicKeyRaw() { return ed25519_1.ed25519.getPublicKey(this.privateKey); } get publicKey() { return (0, utils_1.concatBytes)(ZERO, this.publicKeyRaw); } get pubHash() { return hash160(this.publicKey); } get fingerprint() { return fromU32(this.pubHash); } get fingerprintHex() { return (0, utils_1.bytesToHex)(toU32(this.fingerprint)); } get parentFingerprintHex() { return (0, utils_1.bytesToHex)(toU32(this.parentFingerprint)); } static fromMasterSeed(seed) { seed = ensureBytes(seed); if (8 * seed.length < 128 || 8 * seed.length > 512) { throw new Error(`HDKey: wrong seed length=${seed.length}. Should be between 128 and 512 bits; 256 bits is advised)`); } const I = (0, hmac_1.hmac)(sha512_1.sha512, exports.MASTER_SECRET, seed); return new HDKey({ privateKey: I.slice(0, 32), chainCode: I.slice(32), }); } constructor(opt) { this.depth = 0; this.index = 0; this.parentFingerprint = 0; if (!opt || typeof opt !== 'object') throw new Error('HDKey.constructor must not be called directly'); (0, _assert_1.abytes)(opt.privateKey, 32); (0, _assert_1.abytes)(opt.chainCode, 32); this.depth = opt.depth || 0; this.index = opt.index || 0; this.parentFingerprint = opt.parentFingerprint || 0; if (!this.depth) { if (this.parentFingerprint || this.index) throw new Error('HDKey: zero depth with non-zero index/parent fingerprint'); } this.chainCode = opt.chainCode; this.privateKey = opt.privateKey; } derive(path, forceHardened = false) { if (!/^[mM]'?/.test(path)) throw new Error('Path must start with "m" or "M"'); if (/^[mM]'?$/.test(path)) return this; const parts = path.replace(/^[mM]'?\//, '').split('/'); // tslint:disable-next-line let child = this; for (const c of parts) { const m = /^(\d+)('?)$/.exec(c); if (!m || m.length !== 3) throw new Error(`Invalid child index: ${c}`); let idx = +m[1]; if (!Number.isSafeInteger(idx) || idx >= exports.HARDENED_OFFSET) throw new Error('Invalid index'); // hardened key if (forceHardened || m[2] === "'") idx += exports.HARDENED_OFFSET; child = child.deriveChild(idx); } return child; } deriveChild(index) { if (index < exports.HARDENED_OFFSET) throw new Error(`Non-hardened child derivation not possible for Ed25519 (index=${index})`); // Hardened child: 0x00 || ser256(kpar) || ser32(index) const data = (0, utils_1.concatBytes)(ZERO, this.privateKey, toU32(index)); const I = (0, hmac_1.hmac)(sha512_1.sha512, this.chainCode, data); return new HDKey({ chainCode: I.slice(32), depth: this.depth + 1, parentFingerprint: this.fingerprint, index, privateKey: I.slice(0, 32), }); } sign(message) { return ed25519_1.ed25519.sign(message, this.privateKey); } verify(message, signature) { signature = ensureBytes(signature, 64); return ed25519_1.ed25519.verify(signature, message, this.publicKeyRaw); } } exports.HDKey = HDKey; exports.default = HDKey; //# sourceMappingURL=slip10.js.map