2022-09-05 23:14:43 +03:00
|
|
|
import { pbkdf2, sha256 } from "../crypto/index.js";
|
2022-09-09 06:21:08 +03:00
|
|
|
import {
|
2022-10-25 11:06:00 +03:00
|
|
|
defineProperties, getBytes, hexlify, assertNormalize, assertPrivate, assertArgument, toUtf8Bytes
|
2022-09-09 06:21:08 +03:00
|
|
|
} from "../utils/index.js";
|
2022-11-28 05:49:12 +03:00
|
|
|
import { LangEn } from "../wordlists/lang-en.js";
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
import type { BytesLike } from "../utils/index.js";
|
|
|
|
|
import type { Wordlist } from "../wordlists/index.js";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Returns a byte with the MSB bits set
|
|
|
|
|
function getUpperMask(bits: number): number {
|
|
|
|
|
return ((1 << bits) - 1) << (8 - bits) & 0xff;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Returns a byte with the LSB bits set
|
|
|
|
|
function getLowerMask(bits: number): number {
|
|
|
|
|
return ((1 << bits) - 1) & 0xff;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-11-28 05:49:12 +03:00
|
|
|
function mnemonicToEntropy(mnemonic: string, wordlist?: null | Wordlist): string {
|
2022-09-09 06:21:08 +03:00
|
|
|
assertNormalize("NFKD");
|
2022-09-05 23:14:43 +03:00
|
|
|
|
2022-11-28 05:49:12 +03:00
|
|
|
if (wordlist == null) { wordlist = LangEn.wordlist(); }
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
const words = wordlist.split(mnemonic);
|
2022-10-25 11:06:00 +03:00
|
|
|
assertArgument((words.length % 3) === 0 && words.length >= 12 && words.length <= 24,
|
|
|
|
|
"invalid mnemonic length", "mnemonic", "[ REDACTED ]");
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
const entropy = new Uint8Array(Math.ceil(11 * words.length / 8));
|
|
|
|
|
|
|
|
|
|
let offset = 0;
|
|
|
|
|
for (let i = 0; i < words.length; i++) {
|
|
|
|
|
let index = wordlist.getWordIndex(words[i].normalize("NFKD"));
|
2022-10-25 11:06:00 +03:00
|
|
|
assertArgument(index >= 0, `invalid mnemonic word at index ${ i }`, "mnemonic", "[ REDACTED ]");
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
for (let bit = 0; bit < 11; bit++) {
|
|
|
|
|
if (index & (1 << (10 - bit))) {
|
|
|
|
|
entropy[offset >> 3] |= (1 << (7 - (offset % 8)));
|
|
|
|
|
}
|
|
|
|
|
offset++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const entropyBits = 32 * words.length / 3;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const checksumBits = words.length / 3;
|
|
|
|
|
const checksumMask = getUpperMask(checksumBits);
|
|
|
|
|
|
2022-09-09 06:21:08 +03:00
|
|
|
const checksum = getBytes(sha256(entropy.slice(0, entropyBits / 8)))[0] & checksumMask;
|
2022-09-05 23:14:43 +03:00
|
|
|
|
2022-10-25 11:06:00 +03:00
|
|
|
assertArgument(checksum === (entropy[entropy.length - 1] & checksumMask),
|
|
|
|
|
"invalid mnemonic checksum", "mnemonic", "[ REDACTED ]");
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
return hexlify(entropy.slice(0, entropyBits / 8));
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-28 05:49:12 +03:00
|
|
|
function entropyToMnemonic(entropy: Uint8Array, wordlist?: null | Wordlist): string {
|
|
|
|
|
|
2022-10-25 11:06:00 +03:00
|
|
|
assertArgument((entropy.length % 4) === 0 && entropy.length >= 16 && entropy.length <= 32,
|
|
|
|
|
"invalid entropy size", "entropy", "[ REDACTED ]");
|
2022-09-05 23:14:43 +03:00
|
|
|
|
2022-11-28 05:49:12 +03:00
|
|
|
if (wordlist == null) { wordlist = LangEn.wordlist(); }
|
2022-09-05 23:14:43 +03:00
|
|
|
|
|
|
|
|
const indices: Array<number> = [ 0 ];
|
|
|
|
|
|
|
|
|
|
let remainingBits = 11;
|
|
|
|
|
for (let i = 0; i < entropy.length; i++) {
|
|
|
|
|
|
|
|
|
|
// Consume the whole byte (with still more to go)
|
|
|
|
|
if (remainingBits > 8) {
|
|
|
|
|
indices[indices.length - 1] <<= 8;
|
|
|
|
|
indices[indices.length - 1] |= entropy[i];
|
|
|
|
|
|
|
|
|
|
remainingBits -= 8;
|
|
|
|
|
|
|
|
|
|
// This byte will complete an 11-bit index
|
|
|
|
|
} else {
|
|
|
|
|
indices[indices.length - 1] <<= remainingBits;
|
|
|
|
|
indices[indices.length - 1] |= entropy[i] >> (8 - remainingBits);
|
|
|
|
|
|
|
|
|
|
// Start the next word
|
|
|
|
|
indices.push(entropy[i] & getLowerMask(8 - remainingBits));
|
|
|
|
|
|
|
|
|
|
remainingBits += 3;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Compute the checksum bits
|
|
|
|
|
const checksumBits = entropy.length / 4;
|
|
|
|
|
const checksum = parseInt(sha256(entropy).substring(2, 4), 16) & getUpperMask(checksumBits);
|
|
|
|
|
|
|
|
|
|
// Shift the checksum into the word indices
|
|
|
|
|
indices[indices.length - 1] <<= checksumBits;
|
|
|
|
|
indices[indices.length - 1] |= (checksum >> (8 - checksumBits));
|
|
|
|
|
|
|
|
|
|
return wordlist.join(indices.map((index) => (<Wordlist>wordlist).getWord(index)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const _guard = { };
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* A **Mnemonic** wraps all properties required to compute [[link-bip39]]
|
|
|
|
|
* seeds and convert between phrases and entropy.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
export class Mnemonic {
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* The mnemonic phrase of 12, 15, 18, 21 or 24 words.
|
|
|
|
|
*
|
|
|
|
|
* Use the [[wordlist]] ``split`` method to get the individual words.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
readonly phrase!: string;
|
2022-12-03 05:23:13 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The password used for this mnemonic. If no password is used this
|
|
|
|
|
* is the empty string (i.e. ``""``) as per the specification.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
readonly password!: string;
|
2022-12-03 05:23:13 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The wordlist for this mnemonic.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
readonly wordlist!: Wordlist;
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* The underlying entropy which the mnemonic encodes.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
readonly entropy!: string;
|
|
|
|
|
|
2022-11-28 05:49:12 +03:00
|
|
|
/**
|
|
|
|
|
* @private
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
constructor(guard: any, entropy: string, phrase: string, password?: null | string, wordlist?: null | Wordlist) {
|
|
|
|
|
if (password == null) { password = ""; }
|
2022-11-28 05:49:12 +03:00
|
|
|
if (wordlist == null) { wordlist = LangEn.wordlist(); }
|
2022-09-09 06:21:08 +03:00
|
|
|
assertPrivate(guard, _guard, "Mnemonic");
|
2022-09-05 23:14:43 +03:00
|
|
|
defineProperties<Mnemonic>(this, { phrase, password, wordlist, entropy });
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the seed for the mnemonic.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
computeSeed(): string {
|
|
|
|
|
const salt = toUtf8Bytes("mnemonic" + this.password, "NFKD");
|
|
|
|
|
return pbkdf2(toUtf8Bytes(this.phrase, "NFKD"), salt, 2048, 64, "sha512");
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Creates a new Mnemonic for the %%phrase%%.
|
|
|
|
|
*
|
|
|
|
|
* The default %%password%% is the empty string and the default
|
|
|
|
|
* wordlist is the [English wordlists](LangEn).
|
|
|
|
|
*/
|
2022-09-09 06:21:08 +03:00
|
|
|
static fromPhrase(phrase: string, password?: null | string, wordlist?: null | Wordlist): Mnemonic {
|
2022-09-05 23:14:43 +03:00
|
|
|
// Normalize the case and space; throws if invalid
|
|
|
|
|
const entropy = mnemonicToEntropy(phrase, wordlist);
|
2022-09-09 06:21:08 +03:00
|
|
|
phrase = entropyToMnemonic(getBytes(entropy), wordlist);
|
2022-09-05 23:14:43 +03:00
|
|
|
return new Mnemonic(_guard, entropy, phrase, password, wordlist);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Create a new **Mnemonic** from the %%entropy%%.
|
|
|
|
|
*
|
|
|
|
|
* The default %%password%% is the empty string and the default
|
|
|
|
|
* wordlist is the [English wordlists](LangEn).
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
static fromEntropy(_entropy: BytesLike, password?: null | string, wordlist?: null | Wordlist): Mnemonic {
|
2022-09-09 06:21:08 +03:00
|
|
|
const entropy = getBytes(_entropy, "entropy");
|
2022-09-05 23:14:43 +03:00
|
|
|
const phrase = entropyToMnemonic(entropy, wordlist);
|
|
|
|
|
return new Mnemonic(_guard, hexlify(entropy), phrase, password, wordlist);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the phrase for %%mnemonic%%.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
static entropyToPhrase(_entropy: BytesLike, wordlist?: null | Wordlist): string {
|
2022-09-09 06:21:08 +03:00
|
|
|
const entropy = getBytes(_entropy, "entropy");
|
2022-09-05 23:14:43 +03:00
|
|
|
return entropyToMnemonic(entropy, wordlist);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the entropy for %%phrase%%.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
static phraseToEntropy(phrase: string, wordlist?: null | Wordlist): string {
|
|
|
|
|
return mnemonicToEntropy(phrase, wordlist);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 05:23:13 +03:00
|
|
|
/**
|
|
|
|
|
* Returns true if %%phrase%% is a valid [[link-bip39]] phrase.
|
|
|
|
|
*
|
|
|
|
|
* This checks all the provided words belong to the %%wordlist%%,
|
|
|
|
|
* that the length is valid and the checksum is correct.
|
|
|
|
|
*/
|
2022-09-05 23:14:43 +03:00
|
|
|
static isValidMnemonic(phrase: string, wordlist?: null | Wordlist): boolean {
|
|
|
|
|
try {
|
|
|
|
|
mnemonicToEntropy(phrase, wordlist);
|
|
|
|
|
return true;
|
|
|
|
|
} catch (error) { }
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
