From 1893a0ae9d989d51ba391d65804c71d4ccb13db8 Mon Sep 17 00:00:00 2001 From: "luk.lu" Date: Tue, 16 Aug 2022 11:59:28 +0800 Subject: [PATCH] should check secword because secword_to_seed accepts even empty secword --- ticc.js | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/ticc.js b/ticc.js index 2f71995..5fc0fca 100644 --- a/ticc.js +++ b/ticc.js @@ -444,8 +444,12 @@ class TicCrypto { // 据测试, Purpose和CoinType都可以任意其他值,不必要如规范所示;' 引号可有可无,导致的密钥不一样; // Account 最大为 0x7FFFFFFF, Change/Index 最大均为 0xFFFFFFFF(=4294967295) // 但可以不断延伸下去:/xxx/xxx/xxx/xxx/... - coin = coin?.toUpperCase() || my.COIN + coin = coin?.toUpperCase?.() || my.COIN + if (!this.is_secword(secword)) { + // 由于 secword_to_seed 可以对一切字符串都正常返回,为防止secword为空,在这里先做检查。 + return null + } if (tool === 'nacl') { // 采用自己的算法:bip39算法从secword到种子,hash后用 nacl.sign.keyPair.fromSeed()方法。 hasher = my.HASHER_LIST.includes(hasher) ? hasher : my.HASHER @@ -482,7 +486,6 @@ class TicCrypto { pubkey: key.publicKey.toString('hex'), } } - return null } /** @@ -553,18 +556,18 @@ class TicCrypto { * @return {Object} * @memberof TicCrypto */ - static secword_to_account ({ secword, coin = my.COIN, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { + static secword_to_account ({ secword, coin = my.COIN, world, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { // account 比 keypair 多了 address 字段。 - coin = coin?.toUpperCase() + coin = coin?.toUpperCase?.() || my.COIN let kp = this.secword_to_keypair({ secword, coin, pass, pathRoot, pathIndex, path, tool, hasher }) if (kp) { if (coin === 'ETH') { let uncompressedPubkey = this.decompress_pubkey(kp.pubkey) - kp.address = this.pubkey_to_address({ pubkey: uncompressedPubkey, coin: 'ETH' }) + kp.address = this.pubkey_to_address({ pubkey: uncompressedPubkey, coin: 'ETH', world }) } else { - kp.address = this.pubkey_to_address({ pubkey: kp.pubkey, coin }) + kp.address = this.pubkey_to_address({ pubkey: kp.pubkey, coin, world }) } - return Object.assign(kp, { coin, secword }) + return Object.assign(kp, { coin, world, secword }) } return null } @@ -578,8 +581,8 @@ class TicCrypto { * @return {String} address * @memberof TicCrypto */ - static secword_to_address ({ secword, coin, world, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { - coin = coin?.toUpperCase() || my.COIN + static secword_to_address ({ secword, coin = my.COIN, world, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { + coin = coin?.toUpperCase?.() || my.COIN let kp = this.secword_to_keypair({ secword, coin, pass, pathRoot, pathIndex, path, tool, hasher }) if (kp) { let address @@ -809,7 +812,7 @@ class TicCrypto { * @return {Boolean} * @memberof TicCrypto */ - static is_chain_address ({ address }) { + static which_chain_address ({ address }) { if (/^(0x)?[\da-fA-F]{40}$/.test(address)) { return 'ETH' } else if (/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{26,34}$/.test(address) && address.length !== 32) { @@ -853,7 +856,7 @@ class TicCrypto { * @return {*} * @memberof TicCrypto */ - static secword_to_seed ({ secword, pass }) { + static secword_to_seed ({ secword, pass } = {}) { // 遵循bip39的算法。和 ether.HDNode.mnemonic2Seed 结果一样,是64字节的种子。 // !!! 警告,bip39.mnemonicToSeedSync 也接受不合法的 secword,只要是个string,或者是 undefined/null/0/''/false(这几个的结果都一样) return bip39.mnemonicToSeedSync(secword, pass).toString('hex') // 结果一致与 new BitcoreMnemonic(secword).toSeed(pass).toString('hex') 或 ethers.HDNode.mnemonic2Seed(secword)。 @@ -939,9 +942,9 @@ class TicCrypto { * @return {*} * @memberof TicCrypto */ - static randomize_account ({ lang, wordCount, coin, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { + static randomize_account ({ lang, wordCount, coin, world, pass, pathRoot, pathIndex, path, tool, hasher } = {}) { let secword = this.randomize_secword({ lang, wordCount }) - return this.secword_to_account({ secword, coin, pass, pathRoot, pathIndex, path, tool, hasher }) + return this.secword_to_account({ secword, coin, world, pass, pathRoot, pathIndex, path, tool, hasher }) } /**