diff --git a/hubzilla/addon/g1wallet/view/css/g1wallet.js b/hubzilla/addon/g1wallet/view/css/g1wallet.js deleted file mode 100644 index c49ce91..0000000 --- a/hubzilla/addon/g1wallet/view/css/g1wallet.js +++ /dev/null @@ -1,442 +0,0 @@ -/** - * g1wallet.js — Ğ1 Wallet client-side implementation. - * - * DERIVATION (Substrate / Duniter v2 / Ğecko standard): - * 12-word BIP39 mnemonic - * → mnemonicToEntropy() → 16 bytes of raw entropy (hex) - * → zero-pad right to 32 bytes → Ed25519 seed (the Substrate "mini-secret") - * → nacl.sign.keyPair.fromSeed(seed) → { publicKey: Uint8Array(32) } - * → SS58-encode publicKey with Ğ1 prefix bytes [0x58, 0x91] → g1... address - * - * Signing uses SubtleCrypto (Ed25519, non-extractable CryptoKey). - * Key derivation uses TweetNaCl (nacl-fast.min.js, vendored, pinned v1.0.3). - * - * CRITICAL RULES: - * - The private key NEVER leaves the browser. - * - The mnemonic NEVER leaves the browser. - * - No key material in localStorage, sessionStorage, or cookies. - * - The private CryptoKey is non-extractable. - * - One document, one confirmation, one click — no batch signing. - */ - -(function () { - 'use strict'; - - // ------------------------------------------------------------------------- - // SESSION STATE — module-scope memory only, gone on page close - // ------------------------------------------------------------------------- - - var _session = { - unlocked: false, - pubkey: null, // SS58 g1... address - pubkeyHex: null, // 32-byte pubkey as hex - _cryptoKey: null // SubtleCrypto CryptoKey (non-extractable Ed25519) - }; - - // ------------------------------------------------------------------------- - // SS58 ENCODING - // Ğ1 prefix bytes: [0x58, 0x91] (verified against live mainnet address) - // Format: prefix(2) + pubkey(32) + checksum(2) = 36 bytes, base58-encoded - // Checksum: first 2 bytes of Blake2b-512("SS58PRE" + prefix + pubkey) - // ------------------------------------------------------------------------- - - var _BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; - - function _base58Encode(bytes) { - var zeros = 0; - for (var i = 0; i < bytes.length && bytes[i] === 0; i++) zeros++; - var digits = [0]; - for (var i = 0; i < bytes.length; i++) { - var carry = bytes[i]; - for (var j = 0; j < digits.length; j++) { - carry += digits[j] << 8; - digits[j] = carry % 58; - carry = Math.floor(carry / 58); - } - while (carry > 0) { digits.push(carry % 58); carry = Math.floor(carry / 58); } - } - var str = ''; - for (var i = 0; i < zeros; i++) str += '1'; - for (var i = digits.length - 1; i >= 0; i--) str += _BASE58_ALPHABET[digits[i]]; - return str; - } - - // Blake2b-512 — minimal synchronous pure-JS implementation. - // Used only for SS58 checksum (2 bytes of a 64-byte hash). - var _blake2b512 = (function () { - var IV = new Uint32Array([ - 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, - 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, - 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, - 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 - ]); - var SIGMA = [ - 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, - 14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3, - 11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4, - 7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8, - 9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13, - 2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9, - 12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11, - 13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10, - 6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5, - 10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0, - 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, - 14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3 - ]; - - function G(v, a, b, c, d, x0, x1, y0, y1) { - // 64-bit add via 32-bit pairs (hi, lo) - function add64(ah, al, bh, bl) { - var lo = (al >>> 0) + (bl >>> 0); - return { h: (ah + bh + (lo / 0x100000000 | 0)) >>> 0, l: lo >>> 0 }; - } - function rotr64(h, l, r) { - if (r < 32) return { h: (h >>> r) | (l << (32-r)), l: (l >>> r) | (h << (32-r)) }; - return { h: (l >>> (r-32)) | (h << (64-r)), l: (h >>> (r-32)) | (l << (64-r)) }; - } - var va = {h:v[a*2],l:v[a*2+1]}, vb = {h:v[b*2],l:v[b*2+1]}; - var vc = {h:v[c*2],l:v[c*2+1]}, vd = {h:v[d*2],l:v[d*2+1]}; - var mx = {h:x0,l:x1}, my = {h:y0,l:y1}; - va = add64(va.h,va.l, vb.h,vb.l); va = add64(va.h,va.l, mx.h,mx.l); - vd = rotr64(vd.h^va.h, vd.l^va.l, 32); - vc = add64(vc.h,vc.l, vd.h,vd.l); - vb = rotr64(vb.h^vc.h, vb.l^vc.l, 24); - va = add64(va.h,va.l, vb.h,vb.l); va = add64(va.h,va.l, my.h,my.l); - vd = rotr64(vd.h^va.h, vd.l^va.l, 16); - vc = add64(vc.h,vc.l, vd.h,vd.l); - vb = rotr64(vb.h^vc.h, vb.l^vc.l, 63); - v[a*2]=va.h; v[a*2+1]=va.l; v[b*2]=vb.h; v[b*2+1]=vb.l; - v[c*2]=vc.h; v[c*2+1]=vc.l; v[d*2]=vd.h; v[d*2+1]=vd.l; - } - - function compress(h, m, t, last) { - var v = new Uint32Array(32); - for (var i = 0; i < 16; i++) v[i] = h[i]; - for (var i = 0; i < 16; i++) v[16+i] = IV[i]; - v[24] ^= t & 0xffffffff; v[25] ^= Math.floor(t / 0x100000000); - if (last) { v[28] = ~v[28]; v[29] = ~v[29]; } - for (var r = 0; r < 12; r++) { - var s = SIGMA.slice(r*16, r*16+16); - G(v,0,4,8,12, m[s[0]*2],m[s[0]*2+1], m[s[1]*2],m[s[1]*2+1]); - G(v,1,5,9,13, m[s[2]*2],m[s[2]*2+1], m[s[3]*2],m[s[3]*2+1]); - G(v,2,6,10,14, m[s[4]*2],m[s[4]*2+1], m[s[5]*2],m[s[5]*2+1]); - G(v,3,7,11,15, m[s[6]*2],m[s[6]*2+1], m[s[7]*2],m[s[7]*2+1]); - G(v,0,5,10,15, m[s[8]*2],m[s[8]*2+1], m[s[9]*2],m[s[9]*2+1]); - G(v,1,6,11,12, m[s[10]*2],m[s[10]*2+1], m[s[11]*2],m[s[11]*2+1]); - G(v,2,7,8,13, m[s[12]*2],m[s[12]*2+1], m[s[13]*2],m[s[13]*2+1]); - G(v,3,4,9,14, m[s[14]*2],m[s[14]*2+1], m[s[15]*2],m[s[15]*2+1]); - } - for (var i = 0; i < 16; i++) h[i] ^= v[i] ^ v[16+i]; - } - - function hash(input) { - var h = new Uint32Array(16); - for (var i = 0; i < 16; i++) h[i] = IV[i]; - h[0] ^= 0x01010040; // fanout=1, depth=1, outlen=64 - - var buf = new Uint8Array(128), buflen = 0, total = 0; - - function update(data) { - for (var i = 0; i < data.length; i++) { - if (buflen === 128) { - total += 128; - var m = new Uint32Array(32); - for (var j = 0; j < 32; j++) - m[j] = buf[j*4] | (buf[j*4+1]<<8) | (buf[j*4+2]<<16) | (buf[j*4+3]<<24); - compress(h, m, total, false); - buflen = 0; - } - buf[buflen++] = data[i]; - } - } - - update(input); - total += buflen; - while (buflen < 128) buf[buflen++] = 0; - var m = new Uint32Array(32); - for (var j = 0; j < 32; j++) - m[j] = buf[j*4] | (buf[j*4+1]<<8) | (buf[j*4+2]<<16) | (buf[j*4+3]<<24); - compress(h, m, total, true); - - var out = new Uint8Array(64); - for (var i = 0; i < 16; i++) { - out[i*4] = h[i] & 0xff; - out[i*4+1] = (h[i] >>> 8) & 0xff; - out[i*4+2] = (h[i] >>> 16)& 0xff; - out[i*4+3] = (h[i] >>> 24)& 0xff; - } - return out; - } - - return { hash: hash }; - })(); - - function _ss58Encode(pubkeyBytes) { - // Ğ1 prefix bytes [0x58, 0x91] — verified against live mainnet. - var prefixBytes = new Uint8Array([0x58, 0x91]); - var payload = new Uint8Array(34); - payload.set(prefixBytes, 0); - payload.set(pubkeyBytes, 2); - - var ss58pre = new TextEncoder().encode('SS58PRE'); - var checksumInput = new Uint8Array(ss58pre.length + payload.length); - checksumInput.set(ss58pre, 0); - checksumInput.set(payload, ss58pre.length); - - var hashBytes = _blake2b512.hash(checksumInput); - var full = new Uint8Array(36); - full.set(prefixBytes, 0); - full.set(pubkeyBytes, 2); - full.set(hashBytes.slice(0, 2), 34); - return _base58Encode(full); - } - - function _hexToBytes(hex) { - var b = new Uint8Array(hex.length / 2); - for (var i = 0; i < hex.length; i += 2) b[i/2] = parseInt(hex.slice(i,i+2), 16); - return b; - } - - function _bytesToHex(bytes) { - var s = ''; - for (var i = 0; i < bytes.length; i++) s += ('0' + bytes[i].toString(16)).slice(-2); - return s; - } - - // ------------------------------------------------------------------------- - // KEY DERIVATION - // Uses TweetNaCl (nacl-fast.min.js) for Ed25519 pubkey derivation. - // nacl.sign.keyPair.fromSeed(seed) is the correct primitive: - // seed (32 bytes) → { publicKey: Uint8Array(32), secretKey: Uint8Array(64) } - // The secretKey is discarded — signing uses SubtleCrypto with a - // non-extractable CryptoKey imported from the same seed. - // ------------------------------------------------------------------------- - - function _deriveKeypair(mnemonic) { - if (!window.nacl || typeof window.nacl.sign === 'undefined') { - return Promise.reject(new Error('TweetNaCl library not loaded. Please reload the page.')); - } - - var entropyHex = window.bip39.mnemonicToEntropy(mnemonic); - var entropy = _hexToBytes(entropyHex); // 16 bytes for 12-word mnemonic - - // Substrate mini-secret: entropy zero-padded right to 32 bytes. - var seed32 = new Uint8Array(32); - seed32.set(entropy, 0); - - // Derive Ed25519 pubkey via TweetNaCl. - var keypair = window.nacl.sign.keyPair.fromSeed(seed32); - var pubkeyBytes = keypair.publicKey; // Uint8Array(32) - var pubkeyHex = _bytesToHex(pubkeyBytes); - var pubkeyAddress = _ss58Encode(pubkeyBytes); - - // Import seed as non-extractable Ed25519 CryptoKey for signing. - // PKCS8 DER wrapper for Ed25519 (RFC 5958): - var pkcs8 = new Uint8Array([ - 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, - 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20 - ].concat(Array.from(seed32))); - - return crypto.subtle.importKey( - 'pkcs8', pkcs8.buffer, - { name: 'Ed25519' }, - false, ['sign'] - ).then(function (cryptoKey) { - return { pubkeyAddress: pubkeyAddress, pubkeyHex: pubkeyHex, cryptoKey: cryptoKey }; - }); - } - - // ------------------------------------------------------------------------- - // PUBLIC API - // ------------------------------------------------------------------------- - - window.g1wallet = { - isUnlocked: function () { return _session.unlocked; }, - getPubkey: function () { return _session.unlocked ? _session.pubkey : null; }, - getPubkeyHex:function () { return _session.unlocked ? _session.pubkeyHex : null; }, - - requestSignature: function (document, callback) { - if (!_session.unlocked || !_session._cryptoKey) { - window.dispatchEvent(new CustomEvent('g1wallet:sign_request_blocked', { - detail: { reason: 'Wallet is locked. Please unlock your wallet first.' } - })); - return; - } - var data = (typeof document === 'string') - ? new TextEncoder().encode(document) - : document; - crypto.subtle.sign('Ed25519', _session._cryptoKey, data) - .then(function (sigBuf) { - window.dispatchEvent(new CustomEvent(callback, { - detail: { signature: _bytesToHex(new Uint8Array(sigBuf)), pubkey: _session.pubkey, pubkeyHex: _session.pubkeyHex } - })); - }) - .catch(function (err) { - window.dispatchEvent(new CustomEvent(callback, { detail: { error: err.message } })); - }); - } - }; - - // ------------------------------------------------------------------------- - // WIDGET API - // ------------------------------------------------------------------------- - - window.G1WalletWidget = { - init: function (uid, walletUrl) { - window.addEventListener('g1wallet:unlocked', function (e) { - var el = document.getElementById(uid + '-status'); - if (!el) return; - var short = (e.detail.pubkey || '').substring(0, 12) + '…'; - el.innerHTML = '
' + - '🔓 ' + - 'Unlocked' + - '
' + _escHtml(short) + '
'; - }); - window.addEventListener('g1wallet:locked', function () { - var el = document.getElementById(uid + '-status'); - if (!el) return; - el.innerHTML = '
' + - '🔒 ' + - 'Locked' + - '
Unlock
'; - }); - } - }; - - // ------------------------------------------------------------------------- - // UNLOCK BUTTON - // ------------------------------------------------------------------------- - - document.addEventListener('DOMContentLoaded', function () { - var unlockBtn = document.getElementById('g1wallet-unlock-btn'); - var lockedView = document.getElementById('g1wallet-locked-view'); - var unlockedView = document.getElementById('g1wallet-unlocked-view'); - var spinner = document.getElementById('g1wallet-unlock-spinner'); - var lockBtn = document.getElementById('g1wallet-lock-btn'); - - if (!unlockBtn) return; - - unlockBtn.addEventListener('click', function () { - var mnemonicEl = document.getElementById('g1wallet-mnemonic'); - var mnemonic = (mnemonicEl || {}).value || ''; - mnemonic = mnemonic.trim().replace(/\s+/g, ' ').toLowerCase(); - _clearError(); - - if (!mnemonic) { _showError('Mnemonic phrase is required.'); return; } - - var words = mnemonic.split(' '); - if (words.length !== 12) { - _showError('Mnemonic phrase must be exactly 12 words. You entered ' + words.length + '.'); - return; - } - - if (!window.bip39 || typeof window.bip39.validateMnemonic !== 'function') { - _showError('Mnemonic validation library not available. Please reload the page.'); - return; - } - - if (!window.bip39.validateMnemonic(mnemonic)) { - _showError('Invalid mnemonic phrase. Check the words and try again.'); - return; - } - - // Clear mnemonic field immediately after validation. - if (mnemonicEl) mnemonicEl.value = ''; - - if (spinner) spinner.style.display = 'inline'; - unlockBtn.disabled = true; - - _deriveKeypair(mnemonic).then(function (result) { - if (spinner) spinner.style.display = 'none'; - unlockBtn.disabled = false; - _unlockWallet(result.pubkeyAddress, result.pubkeyHex, result.cryptoKey); - }).catch(function (err) { - if (spinner) spinner.style.display = 'none'; - unlockBtn.disabled = false; - _showError('Key derivation failed: ' + err.message); - }); - }); - - if (lockBtn) { - lockBtn.addEventListener('click', function () { - _lockWallet(); - if (lockedView) lockedView.style.display = ''; - if (unlockedView) unlockedView.style.display = 'none'; - }); - } - - window.addEventListener('g1wallet:unlocked', function (e) { - if (lockedView) lockedView.style.display = 'none'; - if (unlockedView) unlockedView.style.display = ''; - var pd = document.getElementById('g1wallet-pubkey-display'); - if (pd) pd.textContent = e.detail.pubkey || '—'; - _postPubkeyToServer(e.detail.pubkey); - }); - }); - - // ------------------------------------------------------------------------- - // PUBKEY POST - // ------------------------------------------------------------------------- - - function _postPubkeyToServer(pubkey) { - var form = document.getElementById('g1wallet-pubkey-form'); - if (!form) return; - var csrfInput = form.querySelector('input[name="g1wallet_csrf"]'); - var pubkeyInput = document.getElementById('g1wallet-pubkey-input'); - if (!csrfInput || !pubkeyInput) return; - pubkeyInput.value = pubkey; - var fd = new FormData(); - fd.append('g1wallet_csrf', csrfInput.value); - fd.append('g1_pubkey', pubkey); - fetch('/g1wallet/pubkey', { method: 'POST', body: fd, credentials: 'same-origin' }) - .then(function (r) { return r.json(); }) - .then(function (d) { if (d.status !== 'ok') console.warn('[g1wallet] pubkey store:', d.status); }) - .catch(function (e) { console.warn('[g1wallet] pubkey store error:', e.message); }); - } - - // ------------------------------------------------------------------------- - // INTERNAL HELPERS - // ------------------------------------------------------------------------- - - function _unlockWallet(pubkeyAddress, pubkeyHex, cryptoKey) { - _session.unlocked = true; - _session.pubkey = pubkeyAddress; - _session.pubkeyHex = pubkeyHex; - _session._cryptoKey = cryptoKey; - window.dispatchEvent(new CustomEvent('g1wallet:unlocked', { - detail: { pubkey: pubkeyAddress, pubkeyHex: pubkeyHex } - })); - } - - function _lockWallet() { - _session.unlocked = false; _session.pubkey = null; - _session.pubkeyHex = null; _session._cryptoKey = null; - window.dispatchEvent(new CustomEvent('g1wallet:locked')); - } - - function _showError(msg) { - var el = document.getElementById('g1wallet-unlock-error'); - if (el) { el.textContent = msg; el.style.display = ''; } - } - - function _clearError() { - var el = document.getElementById('g1wallet-unlock-error'); - if (el) { el.textContent = ''; el.style.display = 'none'; } - } - - function _escHtml(s) { - return String(s).replace(/&/g,'&').replace(//g,'>').replace(/"/g,'"'); - } - - // Auto-populate data-g1wallet-target="pubkey" fields on other addons. - window.addEventListener('g1wallet:unlocked', function (e) { - document.querySelectorAll('[data-g1wallet-target="pubkey"]') - .forEach(function (el) { el.value = e.detail.pubkey || ''; }); - }); - window.addEventListener('g1wallet:locked', function () { - document.querySelectorAll('[data-g1wallet-target="pubkey"]') - .forEach(function (el) { el.value = ''; }); - }); - -}());