All files / src/encryption wallet.ts

89.86% Statements 62/69
75% Branches 12/16
100% Functions 6/6
89.86% Lines 62/69

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 1661x 1x 1x 1x 1x 1x                     1x         3x   3x   1x 1x 1x       2x     2x   2x 1x   1x   2x 2x 2x 2x   2x 2x   2x 2x 2x   2x 2x                   4x 4x 4x 4x   4x 4x 4x 4x 4x   4x 4x   2x 2x       2x 2x 2x   2x           2x 2x           2x       2x                               2x 2x     2x           2x 1x   1x                               1x       4x 4x 4x     2x     2x 1x      
import { validateMnemonic, mnemonicToEntropy, entropyToMnemonic } from 'bip39'
import { randomBytes, GetRandomBytes } from './cryptoRandom'
import { createSha2Hash } from './sha2Hash'
import { createHmacSha256 } from './hmacSha256'
import { createCipher } from './aesCipher'
import { createPbkdf2 } from './pbkdf2'
import { TriplesecDecryptSignature } from './cryptoUtils'
 
/**
 * Encrypt a raw mnemonic phrase to be password protected
 * @param {string} phrase - Raw mnemonic phrase
 * @param {string} password - Password to encrypt mnemonic with
 * @return {Promise<Buffer>} The encrypted phrase
 * @private
 * @ignore 
 * */
export async function encryptMnemonic(phrase: string, password: string, opts?: {
  getRandomBytes?: GetRandomBytes
}): Promise<Buffer> {
  // hex encoded mnemonic string
  let mnemonicEntropy: string
  try {
    // must be bip39 mnemonic
    mnemonicEntropy = mnemonicToEntropy(phrase)
  } catch (error) {
    console.error('Invalid mnemonic phrase provided')
    console.error(error)
    throw new Error('Not a valid bip39 mnemonic')
  }
 
  // normalize plaintext to fixed length byte string
  const plaintextNormalized = Buffer.from(mnemonicEntropy, 'hex')
 
  // AES-128-CBC with SHA256 HMAC
  const pbkdf2 = await createPbkdf2()
  let salt: Buffer
  if (opts && opts.getRandomBytes) {
    salt = opts.getRandomBytes(16)
  } else {
    salt = randomBytes(16)
  }
  const keysAndIV = await pbkdf2.derive(password, salt, 100000, 48, 'sha512')
  const encKey = keysAndIV.slice(0, 16)
  const macKey = keysAndIV.slice(16, 32)
  const iv = keysAndIV.slice(32, 48)
 
  const cipher = await createCipher()
  const cipherText = await cipher.encrypt('aes-128-cbc', encKey, iv, plaintextNormalized)
 
  const hmacPayload = Buffer.concat([salt, cipherText])
  const hmacSha256 = await createHmacSha256()
  const hmacDigest = await hmacSha256.digest(macKey, hmacPayload)
 
  const payload = Buffer.concat([salt, hmacDigest, cipherText])
  return payload
}
 
// Used to distinguish bad password during decrypt vs invalid format
class PasswordError extends Error { }
 
/**
* @ignore
*/
async function decryptMnemonicBuffer(dataBuffer: Buffer, password: string): Promise<string> {
  const salt = dataBuffer.slice(0, 16)
  const hmacSig = dataBuffer.slice(16, 48)   // 32 bytes
  const cipherText = dataBuffer.slice(48)
  const hmacPayload = Buffer.concat([salt, cipherText])
 
  const pbkdf2 = await createPbkdf2()
  const keysAndIV = await pbkdf2.derive(password, salt, 100000, 48, 'sha512')
  const encKey = keysAndIV.slice(0, 16)
  const macKey = keysAndIV.slice(16, 32)
  const iv = keysAndIV.slice(32, 48)
 
  const decipher = await createCipher()
  const decryptedResult = await decipher.decrypt('aes-128-cbc', encKey, iv, cipherText)
 
  const hmacSha256 = await createHmacSha256()
  const hmacDigest = await hmacSha256.digest(macKey, hmacPayload)
 
  // hash both hmacSig and hmacDigest so string comparison time
  // is uncorrelated to the ciphertext
  const sha2Hash = await createSha2Hash()
  const hmacSigHash = await sha2Hash.digest(hmacSig)
  const hmacDigestHash = await sha2Hash.digest(hmacDigest)
 
  Iif (!hmacSigHash.equals(hmacDigestHash)) {
    // not authentic
    throw new PasswordError('Wrong password (HMAC mismatch)')
  }
 
  let mnemonic: string
  try {
    mnemonic = entropyToMnemonic(decryptedResult)
  } catch (error) {
    console.error('Error thrown by `entropyToMnemonic`')
    console.error(error)
    throw new PasswordError('Wrong password (invalid plaintext)')
  }
  Iif (!validateMnemonic(mnemonic)) {
    throw new PasswordError('Wrong password (invalid plaintext)')
  }
 
  return mnemonic
}
 
 
/**
 * Decrypt legacy triplesec keys
 * @param {Buffer} dataBuffer - The encrypted key
 * @param {String} password - Password for data
 * @return {Promise<Buffer>} Decrypted seed
 * @private
 * @ignore 
 */
function decryptLegacy(dataBuffer: Buffer, 
                       password: string, 
                       triplesecDecrypt: TriplesecDecryptSignature
): Promise<Buffer> {
  return new Promise<Buffer>((resolve, reject) => {
    Iif (!triplesecDecrypt) {
      reject(new Error('The `triplesec.decrypt` function must be provided'))
    }
    triplesecDecrypt(
      {
        key: Buffer.from(password),
        data: dataBuffer
      },
      (err, plaintextBuffer) => {
        if (!err) {
          resolve(plaintextBuffer)
        } else {
          reject(err)
        }
      }
    )
  })
}
 
/**
 * Decrypt an encrypted mnemonic phrase with a password. 
 * Legacy triplesec encrypted payloads are also supported. 
 * @param data - Buffer or hex-encoded string of the encrypted mnemonic
 * @param password - Password for data
 * @return the raw mnemonic phrase
 * @private
 * @ignore 
 */
export async function decryptMnemonic(data: (string | Buffer), 
                                      password: string, 
                                      triplesecDecrypt: TriplesecDecryptSignature
): Promise<string> {
  const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, 'hex')
  try {
    return await decryptMnemonicBuffer(dataBuffer, password)
  } catch (err) {
    // If it was a password error, don't even bother with legacy
    Iif (err instanceof PasswordError) {
      throw err
    }
    const data = await decryptLegacy(dataBuffer, password, triplesecDecrypt)
    return data.toString()
  }
}