DEL: lock file, not needed in a dep

ADD: react-native-blue-crypto as a peer dependency
Use BlueCrypto
2024-07-19 21:55:21 +01:00 · 2021-08-07 17:36:44 +03:00 · 2021-08-07 13:16:10 +03:00 · 2021-03-31 09:51:29 +09:00 · 2021-03-30 17:22:30 +00:00 · 2020-08-10 17:14:26 +09:00
4 changed files with 84 additions and 7492 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,7 +1,29 @@
+3.1.1 / 2020-05-31
+------------------
+- Add safe-buffer as explicit dependency
+
+3.1.0 / 2020-04-09
+------------------
+- Add async methods
+
+3.0.0 / 2019-09-12
+------------------
+- Fixed backwards incompatible bug with passphrase NFC normalization
+
 2.0.3 / 2019-05-22
 ------------------
 - made compatible for Electron v4

+2.0.2 / 2017-12-14
+------------------
+- use safe-buffer
+- upgrade scryptsy
+
+2.0.1 / 2017-04-20
+------------------
+- upgrade bs58check
+- index: rm unused address parameter
+
 2.0.0 / 2016-12-20
 ------------------
 - removed class instantiation. Removed `coinstring` dep.
--- a/index.js
+++ b/index.js
@ -1,3 +1,4 @@
+const BlueCrypto = require('react-native-blue-crypto');
 var aes = require('browserify-aes')
 var assert = require('assert')
 var Buffer = require('safe-buffer').Buffer
@ -47,6 +48,18 @@ function getAddress (d, compressed) {
  return bs58check.encode(payload)
 }

+async function scryptWrapper(secret, salt, N, r, p, dkLen, progressCallback, promiseInterval) {
+  if (BlueCrypto.isAvailable()) {
+    secret = Buffer.from(secret).toString('hex');
+    salt = Buffer.from(salt).toString('hex');
+    const hex = await BlueCrypto.scrypt(secret, salt, N, r, p, dkLen);
+    return Buffer.from(hex, 'hex');
+  } else {
+    // fallback to js implementation
+    return await scrypt.async(secret, salt, N, r, p, dkLen, progressCallback, promiseInterval);
+  }
+}
+
 function prepareEncryptRaw (buffer, compressed, passphrase, scryptParams) {
  if (buffer.length !== 32) throw new Error('Invalid private key length')

@ -100,7 +113,7 @@ async function encryptRawAsync (buffer, compressed, passphrase, progressCallback
    p
  } = prepareEncryptRaw(buffer, compressed, passphrase, scryptParams)

-  var scryptBuf = await scrypt.async(secret, salt, N, r, p, 64, progressCallback, promiseInterval)
+  var scryptBuf = await scryptWrapper(secret, salt, N, r, p, 64, progressCallback, promiseInterval)

  return finishEncryptRaw(buffer, compressed, salt, scryptBuf)
 }
@ -172,7 +185,7 @@ function finishDecryptRaw (buffer, salt, compressed, scryptBuf) {
  var d = BigInteger.fromBuffer(privateKey)
  var address = getAddress(d, compressed)
  var checksum = hash256(address).slice(0, 4)
-  assert.deepStrictEqual(salt, checksum)
+  assert.deepStrictEqual(salt, checksum, 'Invalid private key.')

  return {
    privateKey: privateKey,
@ -192,7 +205,7 @@ async function decryptRawAsync (buffer, passphrase, progressCallback, scryptPara
  } = prepareDecryptRaw(buffer, progressCallback, scryptParams)
  if (decryptEC === true) return decryptECMultAsync(buffer, passphrase, progressCallback, scryptParams, promiseInterval)

-  var scryptBuf = await scrypt.async(passphrase.normalize('NFC'), salt, N, r, p, 64, progressCallback, promiseInterval)
+  var scryptBuf = await scryptWrapper(passphrase.normalize('NFC'), salt, N, r, p, 64, progressCallback, promiseInterval)
  return finishDecryptRaw(buffer, salt, compressed, scryptBuf)
 }

@ -274,7 +287,7 @@ function getPassIntAndPoint (preFactor, ownerEntropy, hasLotSeq) {
    passPoint: curve.G.multiply(passInt).getEncoded(true)
  }
 }
-
+// async function decryptECMult (buffer, passphrase, progressCallback, scryptParams) {
 function finishDecryptECMult (seedBPass, encryptedPart1, encryptedPart2, passInt, compressed) {
  var derivedHalf1 = seedBPass.slice(0, 32)
  var derivedHalf2 = seedBPass.slice(32, 64)
@ -322,16 +335,27 @@ async function decryptECMultAsync (buffer, passphrase, progressCallback, scryptP
    p
  } = prepareDecryptECMult(buffer, passphrase, progressCallback, scryptParams)

-  var preFactor = await scrypt.async(passphrase, ownerSalt, N, r, p, 32, progressCallback, promiseInterval)
+  var preFactor = await scryptWrapper(passphrase, ownerSalt, N, r, p, 32, progressCallback, promiseInterval)
+

  const {
    passInt,
    passPoint
  } = getPassIntAndPoint(preFactor, ownerEntropy, hasLotSeq)

-  var seedBPass = await scrypt.async(passPoint, Buffer.concat([addressHash, ownerEntropy]), 1024, 1, 1, 64, undefined, promiseInterval)
+  var seedBPass = await scryptWrapper(passPoint, Buffer.concat([addressHash, ownerEntropy]), 1024, 1, 1, 64, undefined, promiseInterval)

-  return finishDecryptECMult(seedBPass, encryptedPart1, encryptedPart2, passInt, compressed)
+  const res = finishDecryptECMult(seedBPass, encryptedPart1, encryptedPart2, passInt, compressed)
+
+  // added by overtorment: see https://github.com/bitcoinjs/bip38/issues/60
+  // verify salt matches address
+  var d = BigInteger.fromBuffer(res.privateKey)
+  var address = getAddress(d, compressed)
+  var checksum = hash256(address).slice(0, 4)
+  var salt = buffer.slice(2, 6)
+  assert.deepEqual(salt, checksum, 'Incorrect passphrase.')
+
+  return res
 }

 function decryptECMult (buffer, passphrase, progressCallback, scryptParams) {
@ -386,12 +410,13 @@ function verify (string) {
  return true
 }

+// expose only async methods. they use fast BlueCrypto
 module.exports = {
-  decrypt: decrypt,
-  decryptECMult: decryptECMult,
-  decryptRaw: decryptRaw,
-  encrypt: encrypt,
-  encryptRaw: encryptRaw,
+  // decrypt: decrypt,
+  // decryptECMult: decryptECMult,
+  // decryptRaw: decryptRaw,
+  // encrypt: encrypt,
+  // encryptRaw: encryptRaw,
  decryptAsync: decryptAsync,
  decryptECMultAsync: decryptECMultAsync,
  decryptRawAsync: decryptRawAsync,
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "bip38",
-  "version": "3.1.0",
+  "version": "3.1.1",
  "description": "BIP38 is a standard process to encrypt Bitcoin and crypto currency private keys that is impervious to brute force attacks thus protecting the user.",
  "main": "index.js",
  "keywords": [
@ -18,6 +18,7 @@
    "buffer-xor": "^1.0.2",
    "create-hash": "^1.1.1",
    "ecurve": "^1.0.0",
+    "safe-buffer": "~5.1.1",
    "scryptsy": "^2.1.0"
  },
  "devDependencies": {
@ -40,5 +41,28 @@
    "standard": "standard",
    "test": "npm run standard && npm run unit",
    "unit": "mocha --ui bdd --timeout 240000"
+  },
+  "react-native": {
+    "path": "path-browserify",
+    "fs": "react-native-level-fs",
+    "_stream_transform": "readable-stream/transform",
+    "_stream_readable": "readable-stream/readable",
+    "_stream_writable": "readable-stream/writable",
+    "_stream_duplex": "readable-stream/duplex",
+    "_stream_passthrough": "readable-stream/passthrough",
+    "stream": "stream-browserify"
+  },
+  "browser": {
+    "path": "path-browserify",
+    "fs": "react-native-level-fs",
+    "_stream_transform": "readable-stream/transform",
+    "_stream_readable": "readable-stream/readable",
+    "_stream_writable": "readable-stream/writable",
+    "_stream_duplex": "readable-stream/duplex",
+    "_stream_passthrough": "readable-stream/passthrough",
+    "stream": "stream-browserify"
+  },
+  "peerDependencies": {
+    "react-native-blue-crypto": "*"
  }
 }
Author	SHA1	Message	Date
overtorment	7ec4b1932b	DEL: lock file, not needed in a dep	2024-07-19 21:55:21 +01:00
Ivan Vershigora	60018f7c61	ADD: react-native-blue-crypto as a peer dependency	2021-08-07 17:36:44 +03:00
Ivan Vershigora	1bc031b801	Use BlueCrypto	2021-08-07 13:16:10 +03:00
Jonathan Underwood	df2094dbd3	Merge pull request #69 from bitcoinjs/dependabot/npm_and_yarn/y18n-4.0.1 build(deps): bump y18n from 4.0.0 to 4.0.1	2021-03-31 09:51:29 +09:00
dependabot[bot]	f4a204191d	build(deps): bump y18n from 4.0.0 to 4.0.1 Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com>	2021-03-30 17:22:30 +00:00
Jonathan Underwood	0c28d5c376	Merge pull request #65 from bitcoinjs/dependabot/npm_and_yarn/lodash-4.17.19 build(deps): bump lodash from 4.17.14 to 4.17.19	2020-08-10 17:14:26 +09:00
Jonathan Underwood	890cd7b758	Merge pull request #66 from bitcoinjs/dependabot/npm_and_yarn/elliptic-6.5.3 build(deps): bump elliptic from 6.4.1 to 6.5.3	2020-07-30 23:19:09 +09:00
dependabot[bot]	02cd2a0edb	build(deps): bump elliptic from 6.4.1 to 6.5.3 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.4.1...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com>	2020-07-30 13:29:32 +00:00
dependabot[bot]	1ffa0532d5	build(deps): bump lodash from 4.17.14 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.14...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>	2020-07-16 20:33:56 +00:00
junderw	db6f6545a7	3.1.1	2020-05-31 19:17:54 +09:00
Jonathan Underwood	8ffdefa8b9	Merge pull request #64 from faustbrian/safe-buffer add safe-buffer as direct dependency	2020-05-31 18:31:38 +09:00
Brian Faust	de84b992bc	add safe-buffer as direct dependency	2020-05-31 10:42:07 +03:00
Jonathan Underwood	31b9dce628	Merge pull request #62 from bitcoinjs/dependabot/npm_and_yarn/https-proxy-agent-2.2.4 build(deps): bump https-proxy-agent from 2.2.1 to 2.2.4	2020-04-17 08:27:30 +09:00
dependabot[bot]	dd99bac38f	build(deps): bump https-proxy-agent from 2.2.1 to 2.2.4 Bumps [https-proxy-agent](https://github.com/TooTallNate/node-https-proxy-agent) from 2.2.1 to 2.2.4. - [Release notes](https://github.com/TooTallNate/node-https-proxy-agent/releases) - [Commits](https://github.com/TooTallNate/node-https-proxy-agent/compare/2.2.1...2.2.4) Signed-off-by: dependabot[bot] <support@github.com>	2020-04-16 12:19:43 +00:00
Jonathan Underwood	58719dbfff	Merge pull request #61 from bitcoinjs/dependabot/npm_and_yarn/acorn-5.7.4 build(deps): bump acorn from 5.7.3 to 5.7.4	2020-04-09 12:54:37 +09:00
dependabot[bot]	d27da0e281	build(deps): bump acorn from 5.7.3 to 5.7.4 Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) Signed-off-by: dependabot[bot] <support@github.com>	2020-04-09 03:48:41 +00:00
Jonathan Underwood	3c20104641	Merge pull request #50 from bitcoinjs/addAsync Add async	2020-04-09 12:48:04 +09:00