Genesis commit

2019-11-23 22:34:59 +02:00 · 2019-11-23 22:34:59 +02:00 · db36cb33cf
commit db36cb33cf
parent 9258d6f234
19 changed files with 2184 additions and 0 deletions
--- a/config/default.json
+++ b/config/default.json
@ -0,0 +1,18 @@
+{
+    "bcrypt" : {
+        "salt" : 11
+    },
+    "database" : {
+        "dialect" : "sqlite",
+        "host" : "localhost",
+        "database" : "databases",
+        "username" : "databases",
+        "password" : "thisisfortheotherdbtypes",
+        "storage" : "database.sqlite",
+        "logging": false
+        // Encryption on database...
+        // "dialectOptions": {
+        //     "encrypt": true
+        // }
+    }
+}
--- a/lib/commands/add-lock.js
+++ b/lib/commands/add-lock.js
@ -0,0 +1,75 @@
+const persistence = require("../core/persistence/persistence");
+const cryptoUtil = require("../core/cryptoUtil");
+
+module.exports.description = "Add lock which we will use our keys on."
+
+module.exports.builder = (yargs) => {
+    return yargs
+        .usage(`Usage: $0 add-lock [options]`)
+        .help(false)
+        .version(false)
+        .option('lock-definition', {
+            describe: 'New lock to add to our system',
+            type: 'string'
+        })
+        .demandOption(['lock-definition'])
+        .argv;
+}
+
+module.exports.handler = (argv) => {
+    console.log("Add lock which we will use our keys on.");
+    console.log("Lock Definition: ", argv["lock-definition"]);
+
+    const lockDefintion = argv["lock-definition"] || argv["lock-definition"].js;
+    const challenge = JSON.parse(lockDefintion);
+    const registerationMessage = JSON.parse(challenge.message);
+
+    // TODO: Validate lock-definition is of the correct format...
+    persistence().LoadDB()
+        .then(db => {
+            // TODO validate lock definition has all the parameters we need
+            // TODO: Verify challenge comes from a service we know...
+            return db.ExtendedPublicKey.findOne({
+                where: {
+                    xpub: challenge.xpub
+                },
+                include: [
+                    {
+                        association: db.ExtendedPublicKey.Key // TODO: update this to wallet
+                    }
+                ]
+            }).then(extendedPublicKey => {
+                if (extendedPublicKey) {
+                    const encryptedKey = extendedPublicKey.key.encryptedPrivateKey;
+                    const password = "vanished";
+                    const walletXpriv = cryptoUtil.decrypt(encryptedKey, password);
+    
+                    var challengeDerivationPath = `${extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`;
+                    
+                    const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message)
+    
+                    
+                    // TODO: save lock
+                    return db.Lock.create({
+                        userIdentifier: registerationMessage.userIdentifier,
+                        url: registerationMessage.url,
+                        signature: signature.toString('hex'),
+                        message: challenge.message,
+                        extendedPublicKeyId: extendedPublicKey.id
+                    })
+                } else {
+                    console.error("Sorry we can't create a lock with xpub: ", challenge.xpub);
+                    return null;
+                }
+            }).then(lock => {
+                if(lock) {
+                    console.log("Lock: ", lock.id);
+                    console.log("Signature: ", lock.signature);
+                } else {
+                    console.error("Failed to create the lock.");
+                }
+                
+            })
+        })
+        
+}
--- a/lib/commands/authenticate-challenge.js
+++ b/lib/commands/authenticate-challenge.js
@ -0,0 +1,73 @@
+const persistence = require("../core/persistence/persistence");
+const cryptoUtil = require("../core/cryptoUtil");
+
+module.exports.description = "Sign a challenge to authenticate papao"
+
+module.exports.builder = (yargs) => {
+    return yargs
+        // .usage(`Usage: $0 add-lock [options]`)
+        .help(false)
+        .version(false)
+        .option('challenge', {
+            describe: 'challenge that needs to be signed',
+            type: 'string'
+        })
+        .option('domain-url', {
+            describe: 'override domain url belong to the service making the challenge',
+            type: 'string'
+        })
+        .option('user-identifier', {
+            describe: 'override user identifier which will be used to sign this challenge',
+            type: 'string'
+        })
+        .demandOption(['challenge'])
+        .argv;
+}
+
+module.exports.handler = (argv) => {
+    const challenge = JSON.parse(argv.challenge);
+    // TODO get userIdentifier and domainUrl from challenge 
+    const loginRequest = JSON.parse(challenge.message);
+    const domainUrl = argv.domainUrl || loginRequest.domainUrl;
+    const userIdentifier = argv.userIdentifier || loginRequest.userIdentifier;
+    persistence().LoadDB()
+        .then(db => {
+            console.log("Looking for");
+            console.log("url: ", domainUrl);
+            console.log("userIdentifier: ", userIdentifier);
+
+            return db.Lock.findOne({
+                where: {
+                    url: domainUrl,
+                    userIdentifier: userIdentifier
+                },
+                include: [
+                    {
+                        association: db.Lock.ExtendedPublicKey, 
+                        require: true,
+                        include: [
+                            {
+                                association: db.ExtendedPublicKey.Key, // TODO rename key to wallet
+                                required: true
+                            }
+                        ]
+                    }
+                ]
+            })
+            .then(lock => {
+                if(lock) {
+                    // Sign the message with the key that corresponds with this lock...
+                    const encryptedKey = lock.extendedPublicKey.key.encryptedPrivateKey;
+                    const password = "vanished";
+                    const walletXpriv = cryptoUtil.decrypt(encryptedKey, password);
+    
+                    var challengeDerivationPath = `${lock.extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`;
+                    
+                    const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message)
+                    console.log("Signature: ", signature.toString('hex'));
+                } else {
+                    console.error("Failed to find a lock with these parameters");
+                }
+            })
+        })
+}
--- a/lib/commands/create-keys.js
+++ b/lib/commands/create-keys.js
@ -0,0 +1,41 @@
+const persistence = require("../core/persistence/persistence");
+const cryptoUtil = require("../core/cryptoUtil");
+
+const bip39 = require('bip39');
+const bip32 = require('bip32');
+
+module.exports.description = "Create keys using a randomly generated seed";
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Create keys using a randomly generated seed");
+    persistence().LoadDB()
+        .then(db => {
+            const mnemonic = bip39.generateMnemonic();
+            console.log("Backup generated Mnemonic: ", mnemonic);
+
+            // TODO: validate user backed up mnemonic
+            const seed = bip39.mnemonicToSeedSync(mnemonic);
+            console.log("Seed: ", seed.toString('hex'))
+            const node = bip32.fromSeed(seed);
+            console.log("xpriv: ", node.toBase58());
+
+            // TODO: Get user key password
+            const password = "vanished";
+            // TODO: Encrypt text securely...
+            const encryptedPrivateKey = cryptoUtil.encrypt(node.toBase58(), password);
+
+            console.log("Encrypted Private Key: ", encryptedPrivateKey);
+
+            // Check if a key exist...
+            db.Key.create({
+                encryptedPrivateKey: encryptedPrivateKey,
+                name: "FirstKey"
+            }).then(key => {
+                console.log("Successfully created: ", key.name)
+            })
+        })
+}
--- a/lib/commands/drop-keys.js
+++ b/lib/commands/drop-keys.js
@ -0,0 +1,9 @@
+module.exports.description = "Drop the keys we have instantiated"
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Drop the keys we have instantiated");
+}
--- a/lib/commands/random-xpub.js
+++ b/lib/commands/random-xpub.js
@ -0,0 +1,59 @@
+const persistence = require("../core/persistence/persistence");
+const cryptoUtil = require("../core/cryptoUtil");
+
+const bip32 = require('bip32');
+
+module.exports.description = "Get random xpub to use on a service"
+
+module.exports.builder = (yargs) => {
+    return yargs.argv;
+}
+
+module.exports.handler = (argv) => {
+    console.log("Get random xpub to use on a service");
+    persistence().LoadDB()
+        .then(db => {
+            db.Key.findOne({
+                where: {
+                    name: "FirstKey"
+                }
+            })
+            .then(key => {
+                // TODO: Load password from config...
+                if(key) {
+                    const password = "vanished";
+
+                    console.log("Encrypted: ", key.encryptedPrivateKey);
+
+                    const decryptedPrivateKey = cryptoUtil.decrypt(key.encryptedPrivateKey, password);
+                    console.log("Decrypted: ", decryptedPrivateKey);
+                    const masterNode = bip32.fromBase58(decryptedPrivateKey);
+                    
+                    console.log("Node: ", masterNode.toBase58());
+
+                    const derivationPath = `m/${cryptoUtil.randomDerivationPath(true)}`
+                    
+                    const xpubNode = masterNode.derivePath(derivationPath);
+                    console.log("Xpub: ", xpubNode.neutered().toBase58());
+
+                    // TODO save xpub and derivation path in db...
+                    return db.ExtendedPublicKey.create({
+                        xpub: xpubNode.neutered().toBase58(),
+                        derivationPath: derivationPath,
+                        keyId: key.id // TODO rename this to walletID
+                        // TODO add name if availabe...
+                    }).catch(error => {
+                        console.error("Failed to create extended public key: ", error);
+                    })
+                } else {
+                    console.error("Couldn't create xpub without key")
+                }
+            })
+            .then(extendedPublicKey => {
+                console.log("Extened public key: ", extendedPublicKey.xpub);
+            })
+            .catch(error => {
+                console.error("Failed to find key: ", error);
+            })
+        })
+}
--- a/lib/commands/restore-keys.js
+++ b/lib/commands/restore-keys.js
@ -0,0 +1,9 @@
+module.exports.description = "Restore keys using a seed if keys haven't been in"
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Restore keys using a seed if keys haven't been in");
+}
--- a/lib/commands/show-keys.js
+++ b/lib/commands/show-keys.js
@ -0,0 +1,18 @@
+const persistence = require("../core/persistence/persistence");
+
+module.exports.description = "Show the keys we have instantiate"
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Show the keys we have instantiate");
+    persistence().LoadDB()
+        .then(db => {
+            db.Key.findAll()
+            .then(keys => {
+                console.log("Keys: ", keys.map(k => k.name));
+            })
+        })
+}
--- a/lib/commands/show-locks.js
+++ b/lib/commands/show-locks.js
@ -0,0 +1,19 @@
+const persistence = require("../core/persistence/persistence");
+
+module.exports.description = "Show all locks our keys have access to"
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Show all locks our keys have access to.");
+    persistence().LoadDB()
+        .then(db => {
+            db.Lock.findAll()
+            .then(locks => {
+                console.log("locks: ", locks.map(l => {
+                    return l
+                }));
+            })
+        })
+}
--- a/lib/commands/show-xpubs.js
+++ b/lib/commands/show-xpubs.js
@ -0,0 +1,25 @@
+const persistence = require("../core/persistence/persistence");
+
+module.exports.description = "Show the ExtendedPublicKeys we have created"
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Show the ExtendedPublicKeys we have created");
+    persistence().LoadDB()
+        .then(db => {
+            db.ExtendedPublicKey.findAll()
+            .then(extendedPublicKey => {
+                console.log("Keys: ", extendedPublicKey.map(k => {
+                    return {
+                        id: k.id,
+                        name: k.name,
+                        xpub: k.xpub,
+                        derivationPath: k.derivationPath
+                    };
+                }));
+            })
+        })
+}
--- a/lib/commands/verify-message.js
+++ b/lib/commands/verify-message.js
@ -0,0 +1,9 @@
+module.exports.description = "Verify a message was signed by a specific key"
+
+module.exports.builder = (yargs) => {
+
+}
+
+module.exports.handler = (argv) => {
+    console.log("Verify message using one of the keys");
+}
--- a/lib/core/cryptoUtil.js
+++ b/lib/core/cryptoUtil.js
@ -0,0 +1,58 @@
+const crypto = require('crypto');
+const algorithm = 'aes-256-ctr';
+const bip32 = require('bip32');
+
+module.exports.encrypt = (plainText, password) => {
+    // TODO encrypt text
+    // const cipher = crypto.createCipheriv(algorithm, password);
+
+    // var cipherText = cipher.update(plainText, 'utf8', 'hex');
+    // cipher += cipher.final('hex');
+
+    // console.log("CipherText: ", cipherText);
+    return plainText;
+}
+
+module.exports.decrypt = (cipherText, password) => {
+    // TODO decrypt cipherText
+    // const decipher = crypto.createDecipheriv(algorithm, password)
+        
+    // var plainText = decipher.update(cipherText, 'hex', 'utf8');
+    // plainText += decipher.final('utf8');
+
+    return cipherText;
+}
+
+module.exports.randomDerivationPath = function(hardenedDerivation) {
+    // TODO harden derivation path
+    var randomNumbers = [];
+
+    for(var i = 0; i < 3; i++) {
+        randomNumbers.push(parseInt(crypto.randomBytes(3).toString('hex'), 16))
+    }
+
+    return randomNumbers.join('/')
+}
+
+module.exports.verifyMessage = function(base58Key, derivationPath, message, signature) {
+    if(derivationPath.startsWith("a/")) {
+        derivationPath = derivationPath.split("a/")[1];
+    }
+
+    if(derivationPath.startsWith("c/")) {
+        derivationPath = derivationPath.split("c/")[1];
+    }
+
+    const verificationNode = bip32.fromBase58(base58Key).derivePath(derivationPath);
+    const hash = crypto.createHash('sha256').update(message, 'utf8').digest();
+
+    return verificationNode.verify(hash, Buffer.from(signature, 'hex'));
+}
+
+module.exports.signMessage = function(base58Key, derivationPath, message) {
+    let signingNode = bip32.fromBase58(base58Key).derivePath(derivationPath);
+
+    var hash = crypto.createHash('sha256').update(message, 'utf8').digest();
+
+    return signingNode.sign(hash);
+}
--- a/lib/core/persistence/models/extendedPublicKey.js
+++ b/lib/core/persistence/models/extendedPublicKey.js
@ -0,0 +1,37 @@
+module.exports = function (sequelize, DataTypes, options) {
+    const model = sequelize.define("extendedPublicKey", {
+        id: {
+            type: DataTypes.STRING,
+            defaultValue: function() {
+                return options.generateUniqueId()
+            },
+            primaryKey: true,
+            unique: true
+        },
+        xpub: {
+            type: DataTypes.STRING,
+            // TODO add validation
+            allowNull: false,
+            unique: true
+        },
+        derivationPath: {
+            type: DataTypes.STRING,
+            // TODO add validation...
+            allowNull: false,
+            unique: true
+        },
+        name: {
+            type: DataTypes.STRING,
+            unique: true
+        }
+    }, {
+        comment: "Exteneded public keys."
+    });
+
+    model.associate = (db) => {
+        // TODO Update key to wallet...
+        model.Key = model.belongsTo(db.Key);
+    }
+
+    return model;
+};
--- a/lib/core/persistence/models/key.js
+++ b/lib/core/persistence/models/key.js
@ -0,0 +1,30 @@
+module.exports = function (sequelize, DataTypes, options) {
+    const model = sequelize.define("key", { // TODO: Rename to wallet
+        id: {
+            type: DataTypes.STRING,
+            defaultValue: function() {
+                return options.generateUniqueId()
+            },
+            primaryKey: true,
+            unique: true
+        },
+        encryptedPrivateKey: {
+            type: DataTypes.STRING,
+            allowNull: false
+        },
+        name: {
+            type: DataTypes.STRING,
+            unique: true
+        }
+        // TODO: Add order to allow for user to set default keys
+    }, {
+        comment: "The keys we are using in our system (seedphrase)."
+    });
+
+    model.associate = (db) => {
+        model.Locks = model.hasMany(db.Lock);
+        model.ExtendedPublicKeys = model.hasMany(db.ExtendedPublicKey);
+    }
+
+    return model;
+};
--- a/lib/core/persistence/models/lock.js
+++ b/lib/core/persistence/models/lock.js
@ -0,0 +1,39 @@
+module.exports = function (sequelize, DataTypes, options) {
+    const model = sequelize.define("lock", {
+        id: {
+            type: DataTypes.STRING,
+            defaultValue: function() {
+                return options.generateUniqueId()
+            },
+            primaryKey: true,
+            unique: true
+        },
+        userIdentifier: {
+            type: DataTypes.STRING,
+            allowNull: false
+        },
+        url: {
+            type: DataTypes.STRING,
+            allowNull: false
+        },
+        signature: {
+            // Derivation from the master key...
+            // TODO: Add validation...
+            type: DataTypes.STRING,
+            allowNull: false,
+            unique: true
+        },
+        message: {
+            type: DataTypes.STRING,
+            allowNull: false
+        }
+    }, {
+        comment: "lock which our keys has access to"
+    });
+
+    model.associate = (db) => {
+        model.ExtendedPublicKey = model.belongsTo(db.ExtendedPublicKey);
+    }
+
+    return model;
+};
--- a/lib/core/persistence/persistence.js
+++ b/lib/core/persistence/persistence.js
@ -0,0 +1,82 @@
+'use strict';
+
+module.exports = function () {
+    var db = {};
+
+    const config = require('config');
+    const fs = require('fs');
+    const path = require('path');
+    const nanoid = require('nanoid');
+
+    var dbOptions = {
+        db: db,
+        generateUniqueId: (customIdSize) => {
+            var idSize = customIdSize || 11;
+            return nanoid(idSize); //=> "hsCc0ocrXkc"
+        }
+    };
+
+    dbOptions.Sequelize = require('sequelize');
+    
+    dbOptions.sequelize = new dbOptions.Sequelize(config.get('database'));
+
+    // Load all the models...
+    var modelDir = path.join(__dirname, './models/');
+    fs.readdirSync(modelDir)
+        .filter(file => {
+            return (file.indexOf('.') !== 0) && (file !== "index.js") && (file.slice(-3) === '.js');
+        })
+        .forEach(file => {
+            // const model = sequelize['import'](path.join(modelDir, file));
+            const model = require(path.join(modelDir, file))(dbOptions.sequelize, dbOptions.Sequelize, dbOptions);
+
+            // Format the Model Name like we have for this project...
+            var modelName = model.name;
+            modelName = modelName.replace(modelName[0], modelName[0].toUpperCase());
+
+            // Add model to the db...
+            db[modelName] = model;
+        });
+
+    // Time for the associations...
+    Object.keys(db).forEach(modelName => {
+        if (db[modelName].associate) {
+            db[modelName].associate(db);
+        }
+    });
+
+    db.LoadDB = () => {
+        db.Sequelize = dbOptions.Sequelize;
+        db.sequelize = dbOptions.sequelize;
+        
+        return new Promise((resolve, reject) => {
+            dbOptions.sequelize.sync()
+                .then(() => {
+                    resolve(db);
+                }).catch(error => {
+                    // Do the things...
+                    reject(error);
+                    console.error('Unable to connect to the database:', error);
+                })
+        })
+    } 
+
+    db.updateDatabaseFromModels = () => {
+        return new Promise((resolve, reject) => {
+            dbOptions.sequelize.sync({
+                alter: true
+            })
+            .then(() => {
+                resolve(true);
+                console.log("DB update successful.");
+            })
+            .catch(error => {
+                // Do the things...
+                reject(error);
+                console.error('Unable to connect to the database:', error);
+            })
+        })   
+    }
+    return db;
+};
+
--- a/lib/hd-auth-wallet.js
+++ b/lib/hd-auth-wallet.js
@ -0,0 +1,31 @@
+#!/usr/bin/env node
+
+const bip32 = require("bip32");
+
+const yargs = require('yargs');
+const path = require('path');
+const fs = require('fs');
+
+const cli = yargs
+  .help()
+  .version()
+  .strict();
+
+// Lets load up all the commands written in the commands directory
+var commandsDirectory = path.join(__dirname, './commands/');
+fs.readdirSync(commandsDirectory)
+  .filter(file => {
+      return (file.indexOf('.') !== 0) && (file !== "index.js") && (file.slice(-3) === '.js');
+  })
+  .forEach(file => {
+      const command = require(path.join(commandsDirectory, file));
+
+      cli.command(file, command.description, command);
+  });
+
+const args = cli.argv;
+
+// show help if no command provided
+if (!args._[0]) {
+  cli.showHelp();
+}
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -0,0 +1,23 @@
+{
+  "name": "hd-auth-wallet",
+  "version": "0.0.1",
+  "description": "example wallet features for hd-auth use.",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "bip32": "^2.0.4",
+    "bip38": "^3.0.0",
+    "bip39": "^3.0.2",
+    "config": "^3.2.4",
+    "nanoid": "^2.1.7",
+    "sequelize": "^5.21.2",
+    "sqlite3": "^4.1.0",
+    "yargs": "^15.0.2"
+  },
+  "bin": {
+    "hd-auth-wallet": "./lib/index.js"
+  }
+}