557 lines
12 KiB
JavaScript
557 lines
12 KiB
JavaScript
/*!
|
|
* public.js - hd public keys for bcoin
|
|
* Copyright (c) 2015-2016, Christopher Jeffrey (MIT License).
|
|
* https://github.com/bcoin-org/bcoin
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
const assert = require('assert');
|
|
const sha512 = require('bcrypto/lib/sha512');
|
|
const hash160 = require('bcrypto/lib/hash160');
|
|
const hash256 = require('bcrypto/lib/hash256');
|
|
const cleanse = require('bcrypto/lib/cleanse');
|
|
const secp256k1 = require('bcrypto/lib/secp256k1');
|
|
const Network = require('../protocol/network');
|
|
const StaticWriter = require('bufio/lib/staticwriter');
|
|
const BufferReader = require('bufio/lib/reader');
|
|
const base58 = require('bstring/lib/base58');
|
|
const encoding = require('bufio/lib/encoding');
|
|
const common = require('./common');
|
|
|
|
/**
|
|
* HDPublicKey
|
|
* @alias module:hd.PublicKey
|
|
* @constructor
|
|
* @param {Object|Base58String} options
|
|
* @param {Base58String?} options.xkey - Serialized base58 key.
|
|
* @param {Number?} options.depth
|
|
* @param {Number?} options.parentFingerPrint
|
|
* @param {Number?} options.childIndex
|
|
* @param {Buffer?} options.chainCode
|
|
* @param {Buffer?} options.publicKey
|
|
* @property {Number} depth
|
|
* @property {Number} parentFingerPrint
|
|
* @property {Number} childIndex
|
|
* @property {Buffer} chainCode
|
|
* @property {Buffer} publicKey
|
|
*/
|
|
|
|
function HDPublicKey(options) {
|
|
if (!(this instanceof HDPublicKey))
|
|
return new HDPublicKey(options);
|
|
|
|
this.depth = 0;
|
|
this.parentFingerPrint = 0;
|
|
this.childIndex = 0;
|
|
this.chainCode = encoding.ZERO_HASH;
|
|
this.publicKey = encoding.ZERO_KEY;
|
|
|
|
this.fingerPrint = -1;
|
|
|
|
if (options)
|
|
this.fromOptions(options);
|
|
}
|
|
|
|
/**
|
|
* Inject properties from options object.
|
|
* @private
|
|
* @param {Object} options
|
|
*/
|
|
|
|
HDPublicKey.prototype.fromOptions = function fromOptions(options) {
|
|
assert(options, 'No options for HDPublicKey');
|
|
assert((options.depth & 0xff) === options.depth);
|
|
assert((options.parentFingerPrint >>> 0) === options.parentFingerPrint);
|
|
assert((options.childIndex >>> 0) === options.childIndex);
|
|
assert(Buffer.isBuffer(options.chainCode));
|
|
assert(Buffer.isBuffer(options.publicKey));
|
|
|
|
this.depth = options.depth;
|
|
this.parentFingerPrint = options.parentFingerPrint;
|
|
this.childIndex = options.childIndex;
|
|
this.chainCode = options.chainCode;
|
|
this.publicKey = options.publicKey;
|
|
|
|
return this;
|
|
};
|
|
|
|
/**
|
|
* Instantiate HD public key from options object.
|
|
* @param {Object} options
|
|
* @returns {HDPublicKey}
|
|
*/
|
|
|
|
HDPublicKey.fromOptions = function fromOptions(options) {
|
|
return new HDPublicKey().fromOptions(options);
|
|
};
|
|
|
|
/**
|
|
* Get HD public key (self).
|
|
* @returns {HDPublicKey}
|
|
*/
|
|
|
|
HDPublicKey.prototype.toPublic = function toPublic() {
|
|
return this;
|
|
};
|
|
|
|
/**
|
|
* Get cached base58 xprivkey (always null here).
|
|
* @returns {null}
|
|
*/
|
|
|
|
HDPublicKey.prototype.xprivkey = function xprivkey(network) {
|
|
return null;
|
|
};
|
|
|
|
/**
|
|
* Get cached base58 xpubkey.
|
|
* @returns {Base58String}
|
|
*/
|
|
|
|
HDPublicKey.prototype.xpubkey = function xpubkey(network) {
|
|
return this.toBase58(network);
|
|
};
|
|
|
|
/**
|
|
* Destroy the key (zeroes chain code and pubkey).
|
|
*/
|
|
|
|
HDPublicKey.prototype.destroy = function destroy() {
|
|
this.depth = 0;
|
|
this.childIndex = 0;
|
|
this.parentFingerPrint = 0;
|
|
|
|
cleanse(this.chainCode);
|
|
cleanse(this.publicKey);
|
|
|
|
this.fingerPrint = -1;
|
|
};
|
|
|
|
/**
|
|
* Derive a child key.
|
|
* @param {Number} index - Derivation index.
|
|
* @param {Boolean?} hardened - Whether the derivation
|
|
* should be hardened (throws if true).
|
|
* @returns {HDPrivateKey}
|
|
* @throws on `hardened`
|
|
*/
|
|
|
|
HDPublicKey.prototype.derive = function derive(index, hardened) {
|
|
assert(typeof index === 'number');
|
|
|
|
if ((index >>> 0) !== index)
|
|
throw new Error('Index out of range.');
|
|
|
|
if ((index & common.HARDENED) || hardened)
|
|
throw new Error('Cannot derive hardened.');
|
|
|
|
if (this.depth >= 0xff)
|
|
throw new Error('Depth too high.');
|
|
|
|
const id = this.getID(index);
|
|
const cache = common.cache.get(id);
|
|
|
|
if (cache)
|
|
return cache;
|
|
|
|
const bw = StaticWriter.pool(37);
|
|
|
|
bw.writeBytes(this.publicKey);
|
|
bw.writeU32BE(index);
|
|
|
|
const data = bw.render();
|
|
|
|
const hash = sha512.mac(data, this.chainCode);
|
|
const left = hash.slice(0, 32);
|
|
const right = hash.slice(32, 64);
|
|
|
|
let key;
|
|
try {
|
|
key = secp256k1.publicKeyTweakAdd(this.publicKey, left, true);
|
|
} catch (e) {
|
|
return this.derive(index + 1);
|
|
}
|
|
|
|
if (this.fingerPrint === -1) {
|
|
const fp = hash160.digest(this.publicKey);
|
|
this.fingerPrint = fp.readUInt32BE(0, true);
|
|
}
|
|
|
|
const child = new HDPublicKey();
|
|
child.depth = this.depth + 1;
|
|
child.parentFingerPrint = this.fingerPrint;
|
|
child.childIndex = index;
|
|
child.chainCode = right;
|
|
child.publicKey = key;
|
|
|
|
common.cache.set(id, child);
|
|
|
|
return child;
|
|
};
|
|
|
|
/**
|
|
* Unique HD key ID.
|
|
* @private
|
|
* @param {Number} index
|
|
* @returns {String}
|
|
*/
|
|
|
|
HDPublicKey.prototype.getID = function getID(index) {
|
|
return 'b' + this.publicKey.toString('hex') + index;
|
|
};
|
|
|
|
/**
|
|
* Derive a BIP44 account key (does not derive, only ensures account key).
|
|
* @method
|
|
* @param {Number} purpose
|
|
* @param {Number} type
|
|
* @param {Number} account
|
|
* @returns {HDPublicKey}
|
|
* @throws Error if key is not already an account key.
|
|
*/
|
|
|
|
HDPublicKey.prototype.deriveAccount = function deriveAccount(purpose, type, account) {
|
|
assert((purpose >>> 0) === purpose);
|
|
assert((type >>> 0) === type);
|
|
assert((account >>> 0) === account);
|
|
assert(this.isAccount(account), 'Cannot derive account index.');
|
|
return this;
|
|
};
|
|
|
|
/**
|
|
* Test whether the key is a master key.
|
|
* @method
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.prototype.isMaster = function isMaster() {
|
|
return common.isMaster(this);
|
|
};
|
|
|
|
/**
|
|
* Test whether the key is (most likely) a BIP44 account key.
|
|
* @method
|
|
* @param {Number?} account
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.prototype.isAccount = function isAccount(account) {
|
|
return common.isAccount(this, account);
|
|
};
|
|
|
|
/**
|
|
* Test whether a string is a valid path.
|
|
* @param {String} path
|
|
* @param {Boolean?} hardened
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.isValidPath = function isValidPath(path) {
|
|
try {
|
|
common.parsePath(path, false);
|
|
return true;
|
|
} catch (e) {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Derive a key from a derivation path.
|
|
* @param {String} path
|
|
* @returns {HDPublicKey}
|
|
* @throws Error if `path` is not a valid path.
|
|
* @throws Error if hardened.
|
|
*/
|
|
|
|
HDPublicKey.prototype.derivePath = function derivePath(path) {
|
|
const indexes = common.parsePath(path, false);
|
|
|
|
let key = this;
|
|
|
|
for (const index of indexes)
|
|
key = key.derive(index);
|
|
|
|
return key;
|
|
};
|
|
|
|
/**
|
|
* Compare a key against an object.
|
|
* @param {Object} obj
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.prototype.equals = function equals(obj) {
|
|
assert(HDPublicKey.isHDPublicKey(obj));
|
|
|
|
return this.depth === obj.depth
|
|
&& this.parentFingerPrint === obj.parentFingerPrint
|
|
&& this.childIndex === obj.childIndex
|
|
&& this.chainCode.equals(obj.chainCode)
|
|
&& this.publicKey.equals(obj.publicKey);
|
|
};
|
|
|
|
/**
|
|
* Compare a key against an object.
|
|
* @param {Object} obj
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.prototype.compare = function compare(key) {
|
|
assert(HDPublicKey.isHDPublicKey(key));
|
|
|
|
let cmp = this.depth - key.depth;
|
|
|
|
if (cmp !== 0)
|
|
return cmp;
|
|
|
|
cmp = this.parentFingerPrint - key.parentFingerPrint;
|
|
|
|
if (cmp !== 0)
|
|
return cmp;
|
|
|
|
cmp = this.childIndex - key.childIndex;
|
|
|
|
if (cmp !== 0)
|
|
return cmp;
|
|
|
|
cmp = this.chainCode.compare(key.chainCode);
|
|
|
|
if (cmp !== 0)
|
|
return cmp;
|
|
|
|
cmp = this.publicKey.compare(key.publicKey);
|
|
|
|
if (cmp !== 0)
|
|
return cmp;
|
|
|
|
return 0;
|
|
};
|
|
|
|
/**
|
|
* Convert key to a more json-friendly object.
|
|
* @returns {Object}
|
|
*/
|
|
|
|
HDPublicKey.prototype.toJSON = function toJSON(network) {
|
|
return {
|
|
xpubkey: this.xpubkey(network)
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Inject properties from json object.
|
|
* @private
|
|
* @param {Object} json
|
|
* @param {Network?} network
|
|
*/
|
|
|
|
HDPublicKey.prototype.fromJSON = function fromJSON(json, network) {
|
|
assert(json.xpubkey, 'Could not handle HD key JSON.');
|
|
this.fromBase58(json.xpubkey, network);
|
|
return this;
|
|
};
|
|
|
|
/**
|
|
* Instantiate an HDPublicKey from a jsonified key object.
|
|
* @param {Object} json - The jsonified transaction object.
|
|
* @param {Network?} network
|
|
* @returns {HDPrivateKey}
|
|
*/
|
|
|
|
HDPublicKey.fromJSON = function fromJSON(json, network) {
|
|
return new HDPublicKey().fromJSON(json, network);
|
|
};
|
|
|
|
/**
|
|
* Test whether an object is in the form of a base58 xpubkey.
|
|
* @param {String} data
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.isBase58 = function isBase58(data, network) {
|
|
if (typeof data !== 'string')
|
|
return false;
|
|
|
|
if (data.length < 4)
|
|
return false;
|
|
|
|
const prefix = data.substring(0, 4);
|
|
|
|
try {
|
|
Network.fromPublic58(prefix, network);
|
|
return true;
|
|
} catch (e) {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Test whether a buffer has a valid network prefix.
|
|
* @param {Buffer} data
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {NetworkType}
|
|
*/
|
|
|
|
HDPublicKey.isRaw = function isRaw(data, network) {
|
|
if (!Buffer.isBuffer(data))
|
|
return false;
|
|
|
|
if (data.length < 4)
|
|
return false;
|
|
|
|
const version = data.readUInt32BE(0, true);
|
|
|
|
try {
|
|
Network.fromPublic(version, network);
|
|
return true;
|
|
} catch (e) {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Inject properties from a base58 key.
|
|
* @private
|
|
* @param {Base58String} xkey
|
|
* @param {Network?} network
|
|
*/
|
|
|
|
HDPublicKey.prototype.fromBase58 = function fromBase58(xkey, network) {
|
|
assert(typeof xkey === 'string');
|
|
return this.fromRaw(base58.decode(xkey), network);
|
|
};
|
|
|
|
/**
|
|
* Inject properties from serialized data.
|
|
* @private
|
|
* @param {BufferReader} br
|
|
* @param {(Network|NetworkType)?} network
|
|
*/
|
|
|
|
HDPublicKey.prototype.fromReader = function fromReader(br, network) {
|
|
const version = br.readU32BE();
|
|
|
|
Network.fromPublic(version, network);
|
|
|
|
this.depth = br.readU8();
|
|
this.parentFingerPrint = br.readU32BE();
|
|
this.childIndex = br.readU32BE();
|
|
this.chainCode = br.readBytes(32);
|
|
this.publicKey = br.readBytes(33);
|
|
|
|
br.verifyChecksum(hash256.digest);
|
|
|
|
return this;
|
|
};
|
|
|
|
/**
|
|
* Inject properties from serialized data.
|
|
* @private
|
|
* @param {Buffer} data
|
|
* @param {(Network|NetworkType)?} network
|
|
*/
|
|
|
|
HDPublicKey.prototype.fromRaw = function fromRaw(data, network) {
|
|
return this.fromReader(new BufferReader(data), network);
|
|
};
|
|
|
|
/**
|
|
* Serialize key data to base58 extended key.
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {Base58String}
|
|
*/
|
|
|
|
HDPublicKey.prototype.toBase58 = function toBase58(network) {
|
|
return base58.encode(this.toRaw(network));
|
|
};
|
|
|
|
/**
|
|
* Write the key to a buffer writer.
|
|
* @param {BufferWriter} bw
|
|
* @param {(Network|NetworkType)?} network
|
|
*/
|
|
|
|
HDPublicKey.prototype.toWriter = function toWriter(bw, network) {
|
|
network = Network.get(network);
|
|
|
|
bw.writeU32BE(network.keyPrefix.xpubkey);
|
|
bw.writeU8(this.depth);
|
|
bw.writeU32BE(this.parentFingerPrint);
|
|
bw.writeU32BE(this.childIndex);
|
|
bw.writeBytes(this.chainCode);
|
|
bw.writeBytes(this.publicKey);
|
|
bw.writeChecksum(hash256.digest);
|
|
|
|
return bw;
|
|
};
|
|
|
|
/**
|
|
* Calculate serialization size.
|
|
* @returns {Number}
|
|
*/
|
|
|
|
HDPublicKey.prototype.getSize = function getSize() {
|
|
return 82;
|
|
};
|
|
|
|
/**
|
|
* Serialize the key.
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {Buffer}
|
|
*/
|
|
|
|
HDPublicKey.prototype.toRaw = function toRaw(network) {
|
|
return this.toWriter(new StaticWriter(82), network).render();
|
|
};
|
|
|
|
/**
|
|
* Instantiate an HD public key from a base58 string.
|
|
* @param {Base58String} xkey
|
|
* @param {Network?} network
|
|
* @returns {HDPublicKey}
|
|
*/
|
|
|
|
HDPublicKey.fromBase58 = function fromBase58(xkey, network) {
|
|
return new HDPublicKey().fromBase58(xkey, network);
|
|
};
|
|
|
|
/**
|
|
* Instantiate key from serialized data.
|
|
* @param {BufferReader} br
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {HDPublicKey}
|
|
*/
|
|
|
|
HDPublicKey.fromReader = function fromReader(br, network) {
|
|
return new HDPublicKey().fromReader(br, network);
|
|
};
|
|
|
|
/**
|
|
* Instantiate key from serialized data.
|
|
* @param {Buffer} data
|
|
* @param {(Network|NetworkType)?} network
|
|
* @returns {HDPublicKey}
|
|
*/
|
|
|
|
HDPublicKey.fromRaw = function fromRaw(data, network) {
|
|
return new HDPublicKey().fromRaw(data, network);
|
|
};
|
|
|
|
/**
|
|
* Test whether an object is a HDPublicKey.
|
|
* @param {Object} obj
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
HDPublicKey.isHDPublicKey = function isHDPublicKey(obj) {
|
|
return obj instanceof HDPublicKey;
|
|
};
|
|
|
|
/*
|
|
* Expose
|
|
*/
|
|
|
|
module.exports = HDPublicKey;
|