diff --git a/hubzilla/addon/g1wallet/view/css/g1wallet.js b/hubzilla/addon/g1wallet/view/css/g1wallet.js new file mode 100644 index 0000000..c49ce91 --- /dev/null +++ b/hubzilla/addon/g1wallet/view/css/g1wallet.js @@ -0,0 +1,442 @@ +/** + * g1wallet.js — Ğ1 Wallet client-side implementation. + * + * DERIVATION (Substrate / Duniter v2 / Ğecko standard): + * 12-word BIP39 mnemonic + * → mnemonicToEntropy() → 16 bytes of raw entropy (hex) + * → zero-pad right to 32 bytes → Ed25519 seed (the Substrate "mini-secret") + * → nacl.sign.keyPair.fromSeed(seed) → { publicKey: Uint8Array(32) } + * → SS58-encode publicKey with Ğ1 prefix bytes [0x58, 0x91] → g1... address + * + * Signing uses SubtleCrypto (Ed25519, non-extractable CryptoKey). + * Key derivation uses TweetNaCl (nacl-fast.min.js, vendored, pinned v1.0.3). + * + * CRITICAL RULES: + * - The private key NEVER leaves the browser. + * - The mnemonic NEVER leaves the browser. + * - No key material in localStorage, sessionStorage, or cookies. + * - The private CryptoKey is non-extractable. + * - One document, one confirmation, one click — no batch signing. + */ + +(function () { + 'use strict'; + + // ------------------------------------------------------------------------- + // SESSION STATE — module-scope memory only, gone on page close + // ------------------------------------------------------------------------- + + var _session = { + unlocked: false, + pubkey: null, // SS58 g1... address + pubkeyHex: null, // 32-byte pubkey as hex + _cryptoKey: null // SubtleCrypto CryptoKey (non-extractable Ed25519) + }; + + // ------------------------------------------------------------------------- + // SS58 ENCODING + // Ğ1 prefix bytes: [0x58, 0x91] (verified against live mainnet address) + // Format: prefix(2) + pubkey(32) + checksum(2) = 36 bytes, base58-encoded + // Checksum: first 2 bytes of Blake2b-512("SS58PRE" + prefix + pubkey) + // ------------------------------------------------------------------------- + + var _BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; + + function _base58Encode(bytes) { + var zeros = 0; + for (var i = 0; i < bytes.length && bytes[i] === 0; i++) zeros++; + var digits = [0]; + for (var i = 0; i < bytes.length; i++) { + var carry = bytes[i]; + for (var j = 0; j < digits.length; j++) { + carry += digits[j] << 8; + digits[j] = carry % 58; + carry = Math.floor(carry / 58); + } + while (carry > 0) { digits.push(carry % 58); carry = Math.floor(carry / 58); } + } + var str = ''; + for (var i = 0; i < zeros; i++) str += '1'; + for (var i = digits.length - 1; i >= 0; i--) str += _BASE58_ALPHABET[digits[i]]; + return str; + } + + // Blake2b-512 — minimal synchronous pure-JS implementation. + // Used only for SS58 checksum (2 bytes of a 64-byte hash). + var _blake2b512 = (function () { + var IV = new Uint32Array([ + 0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, + 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A, + 0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, + 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19 + ]); + var SIGMA = [ + 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, + 14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3, + 11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4, + 7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8, + 9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13, + 2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9, + 12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11, + 13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10, + 6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5, + 10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0, + 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, + 14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3 + ]; + + function G(v, a, b, c, d, x0, x1, y0, y1) { + // 64-bit add via 32-bit pairs (hi, lo) + function add64(ah, al, bh, bl) { + var lo = (al >>> 0) + (bl >>> 0); + return { h: (ah + bh + (lo / 0x100000000 | 0)) >>> 0, l: lo >>> 0 }; + } + function rotr64(h, l, r) { + if (r < 32) return { h: (h >>> r) | (l << (32-r)), l: (l >>> r) | (h << (32-r)) }; + return { h: (l >>> (r-32)) | (h << (64-r)), l: (h >>> (r-32)) | (l << (64-r)) }; + } + var va = {h:v[a*2],l:v[a*2+1]}, vb = {h:v[b*2],l:v[b*2+1]}; + var vc = {h:v[c*2],l:v[c*2+1]}, vd = {h:v[d*2],l:v[d*2+1]}; + var mx = {h:x0,l:x1}, my = {h:y0,l:y1}; + va = add64(va.h,va.l, vb.h,vb.l); va = add64(va.h,va.l, mx.h,mx.l); + vd = rotr64(vd.h^va.h, vd.l^va.l, 32); + vc = add64(vc.h,vc.l, vd.h,vd.l); + vb = rotr64(vb.h^vc.h, vb.l^vc.l, 24); + va = add64(va.h,va.l, vb.h,vb.l); va = add64(va.h,va.l, my.h,my.l); + vd = rotr64(vd.h^va.h, vd.l^va.l, 16); + vc = add64(vc.h,vc.l, vd.h,vd.l); + vb = rotr64(vb.h^vc.h, vb.l^vc.l, 63); + v[a*2]=va.h; v[a*2+1]=va.l; v[b*2]=vb.h; v[b*2+1]=vb.l; + v[c*2]=vc.h; v[c*2+1]=vc.l; v[d*2]=vd.h; v[d*2+1]=vd.l; + } + + function compress(h, m, t, last) { + var v = new Uint32Array(32); + for (var i = 0; i < 16; i++) v[i] = h[i]; + for (var i = 0; i < 16; i++) v[16+i] = IV[i]; + v[24] ^= t & 0xffffffff; v[25] ^= Math.floor(t / 0x100000000); + if (last) { v[28] = ~v[28]; v[29] = ~v[29]; } + for (var r = 0; r < 12; r++) { + var s = SIGMA.slice(r*16, r*16+16); + G(v,0,4,8,12, m[s[0]*2],m[s[0]*2+1], m[s[1]*2],m[s[1]*2+1]); + G(v,1,5,9,13, m[s[2]*2],m[s[2]*2+1], m[s[3]*2],m[s[3]*2+1]); + G(v,2,6,10,14, m[s[4]*2],m[s[4]*2+1], m[s[5]*2],m[s[5]*2+1]); + G(v,3,7,11,15, m[s[6]*2],m[s[6]*2+1], m[s[7]*2],m[s[7]*2+1]); + G(v,0,5,10,15, m[s[8]*2],m[s[8]*2+1], m[s[9]*2],m[s[9]*2+1]); + G(v,1,6,11,12, m[s[10]*2],m[s[10]*2+1], m[s[11]*2],m[s[11]*2+1]); + G(v,2,7,8,13, m[s[12]*2],m[s[12]*2+1], m[s[13]*2],m[s[13]*2+1]); + G(v,3,4,9,14, m[s[14]*2],m[s[14]*2+1], m[s[15]*2],m[s[15]*2+1]); + } + for (var i = 0; i < 16; i++) h[i] ^= v[i] ^ v[16+i]; + } + + function hash(input) { + var h = new Uint32Array(16); + for (var i = 0; i < 16; i++) h[i] = IV[i]; + h[0] ^= 0x01010040; // fanout=1, depth=1, outlen=64 + + var buf = new Uint8Array(128), buflen = 0, total = 0; + + function update(data) { + for (var i = 0; i < data.length; i++) { + if (buflen === 128) { + total += 128; + var m = new Uint32Array(32); + for (var j = 0; j < 32; j++) + m[j] = buf[j*4] | (buf[j*4+1]<<8) | (buf[j*4+2]<<16) | (buf[j*4+3]<<24); + compress(h, m, total, false); + buflen = 0; + } + buf[buflen++] = data[i]; + } + } + + update(input); + total += buflen; + while (buflen < 128) buf[buflen++] = 0; + var m = new Uint32Array(32); + for (var j = 0; j < 32; j++) + m[j] = buf[j*4] | (buf[j*4+1]<<8) | (buf[j*4+2]<<16) | (buf[j*4+3]<<24); + compress(h, m, total, true); + + var out = new Uint8Array(64); + for (var i = 0; i < 16; i++) { + out[i*4] = h[i] & 0xff; + out[i*4+1] = (h[i] >>> 8) & 0xff; + out[i*4+2] = (h[i] >>> 16)& 0xff; + out[i*4+3] = (h[i] >>> 24)& 0xff; + } + return out; + } + + return { hash: hash }; + })(); + + function _ss58Encode(pubkeyBytes) { + // Ğ1 prefix bytes [0x58, 0x91] — verified against live mainnet. + var prefixBytes = new Uint8Array([0x58, 0x91]); + var payload = new Uint8Array(34); + payload.set(prefixBytes, 0); + payload.set(pubkeyBytes, 2); + + var ss58pre = new TextEncoder().encode('SS58PRE'); + var checksumInput = new Uint8Array(ss58pre.length + payload.length); + checksumInput.set(ss58pre, 0); + checksumInput.set(payload, ss58pre.length); + + var hashBytes = _blake2b512.hash(checksumInput); + var full = new Uint8Array(36); + full.set(prefixBytes, 0); + full.set(pubkeyBytes, 2); + full.set(hashBytes.slice(0, 2), 34); + return _base58Encode(full); + } + + function _hexToBytes(hex) { + var b = new Uint8Array(hex.length / 2); + for (var i = 0; i < hex.length; i += 2) b[i/2] = parseInt(hex.slice(i,i+2), 16); + return b; + } + + function _bytesToHex(bytes) { + var s = ''; + for (var i = 0; i < bytes.length; i++) s += ('0' + bytes[i].toString(16)).slice(-2); + return s; + } + + // ------------------------------------------------------------------------- + // KEY DERIVATION + // Uses TweetNaCl (nacl-fast.min.js) for Ed25519 pubkey derivation. + // nacl.sign.keyPair.fromSeed(seed) is the correct primitive: + // seed (32 bytes) → { publicKey: Uint8Array(32), secretKey: Uint8Array(64) } + // The secretKey is discarded — signing uses SubtleCrypto with a + // non-extractable CryptoKey imported from the same seed. + // ------------------------------------------------------------------------- + + function _deriveKeypair(mnemonic) { + if (!window.nacl || typeof window.nacl.sign === 'undefined') { + return Promise.reject(new Error('TweetNaCl library not loaded. Please reload the page.')); + } + + var entropyHex = window.bip39.mnemonicToEntropy(mnemonic); + var entropy = _hexToBytes(entropyHex); // 16 bytes for 12-word mnemonic + + // Substrate mini-secret: entropy zero-padded right to 32 bytes. + var seed32 = new Uint8Array(32); + seed32.set(entropy, 0); + + // Derive Ed25519 pubkey via TweetNaCl. + var keypair = window.nacl.sign.keyPair.fromSeed(seed32); + var pubkeyBytes = keypair.publicKey; // Uint8Array(32) + var pubkeyHex = _bytesToHex(pubkeyBytes); + var pubkeyAddress = _ss58Encode(pubkeyBytes); + + // Import seed as non-extractable Ed25519 CryptoKey for signing. + // PKCS8 DER wrapper for Ed25519 (RFC 5958): + var pkcs8 = new Uint8Array([ + 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, + 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20 + ].concat(Array.from(seed32))); + + return crypto.subtle.importKey( + 'pkcs8', pkcs8.buffer, + { name: 'Ed25519' }, + false, ['sign'] + ).then(function (cryptoKey) { + return { pubkeyAddress: pubkeyAddress, pubkeyHex: pubkeyHex, cryptoKey: cryptoKey }; + }); + } + + // ------------------------------------------------------------------------- + // PUBLIC API + // ------------------------------------------------------------------------- + + window.g1wallet = { + isUnlocked: function () { return _session.unlocked; }, + getPubkey: function () { return _session.unlocked ? _session.pubkey : null; }, + getPubkeyHex:function () { return _session.unlocked ? _session.pubkeyHex : null; }, + + requestSignature: function (document, callback) { + if (!_session.unlocked || !_session._cryptoKey) { + window.dispatchEvent(new CustomEvent('g1wallet:sign_request_blocked', { + detail: { reason: 'Wallet is locked. Please unlock your wallet first.' } + })); + return; + } + var data = (typeof document === 'string') + ? new TextEncoder().encode(document) + : document; + crypto.subtle.sign('Ed25519', _session._cryptoKey, data) + .then(function (sigBuf) { + window.dispatchEvent(new CustomEvent(callback, { + detail: { signature: _bytesToHex(new Uint8Array(sigBuf)), pubkey: _session.pubkey, pubkeyHex: _session.pubkeyHex } + })); + }) + .catch(function (err) { + window.dispatchEvent(new CustomEvent(callback, { detail: { error: err.message } })); + }); + } + }; + + // ------------------------------------------------------------------------- + // WIDGET API + // ------------------------------------------------------------------------- + + window.G1WalletWidget = { + init: function (uid, walletUrl) { + window.addEventListener('g1wallet:unlocked', function (e) { + var el = document.getElementById(uid + '-status'); + if (!el) return; + var short = (e.detail.pubkey || '').substring(0, 12) + '…'; + el.innerHTML = '
' + + '🔓 ' + + 'Unlocked' + + '
' + _escHtml(short) + '
'; + }); + window.addEventListener('g1wallet:locked', function () { + var el = document.getElementById(uid + '-status'); + if (!el) return; + el.innerHTML = '
' + + '🔒 ' + + 'Locked' + + '
Unlock
'; + }); + } + }; + + // ------------------------------------------------------------------------- + // UNLOCK BUTTON + // ------------------------------------------------------------------------- + + document.addEventListener('DOMContentLoaded', function () { + var unlockBtn = document.getElementById('g1wallet-unlock-btn'); + var lockedView = document.getElementById('g1wallet-locked-view'); + var unlockedView = document.getElementById('g1wallet-unlocked-view'); + var spinner = document.getElementById('g1wallet-unlock-spinner'); + var lockBtn = document.getElementById('g1wallet-lock-btn'); + + if (!unlockBtn) return; + + unlockBtn.addEventListener('click', function () { + var mnemonicEl = document.getElementById('g1wallet-mnemonic'); + var mnemonic = (mnemonicEl || {}).value || ''; + mnemonic = mnemonic.trim().replace(/\s+/g, ' ').toLowerCase(); + _clearError(); + + if (!mnemonic) { _showError('Mnemonic phrase is required.'); return; } + + var words = mnemonic.split(' '); + if (words.length !== 12) { + _showError('Mnemonic phrase must be exactly 12 words. You entered ' + words.length + '.'); + return; + } + + if (!window.bip39 || typeof window.bip39.validateMnemonic !== 'function') { + _showError('Mnemonic validation library not available. Please reload the page.'); + return; + } + + if (!window.bip39.validateMnemonic(mnemonic)) { + _showError('Invalid mnemonic phrase. Check the words and try again.'); + return; + } + + // Clear mnemonic field immediately after validation. + if (mnemonicEl) mnemonicEl.value = ''; + + if (spinner) spinner.style.display = 'inline'; + unlockBtn.disabled = true; + + _deriveKeypair(mnemonic).then(function (result) { + if (spinner) spinner.style.display = 'none'; + unlockBtn.disabled = false; + _unlockWallet(result.pubkeyAddress, result.pubkeyHex, result.cryptoKey); + }).catch(function (err) { + if (spinner) spinner.style.display = 'none'; + unlockBtn.disabled = false; + _showError('Key derivation failed: ' + err.message); + }); + }); + + if (lockBtn) { + lockBtn.addEventListener('click', function () { + _lockWallet(); + if (lockedView) lockedView.style.display = ''; + if (unlockedView) unlockedView.style.display = 'none'; + }); + } + + window.addEventListener('g1wallet:unlocked', function (e) { + if (lockedView) lockedView.style.display = 'none'; + if (unlockedView) unlockedView.style.display = ''; + var pd = document.getElementById('g1wallet-pubkey-display'); + if (pd) pd.textContent = e.detail.pubkey || '—'; + _postPubkeyToServer(e.detail.pubkey); + }); + }); + + // ------------------------------------------------------------------------- + // PUBKEY POST + // ------------------------------------------------------------------------- + + function _postPubkeyToServer(pubkey) { + var form = document.getElementById('g1wallet-pubkey-form'); + if (!form) return; + var csrfInput = form.querySelector('input[name="g1wallet_csrf"]'); + var pubkeyInput = document.getElementById('g1wallet-pubkey-input'); + if (!csrfInput || !pubkeyInput) return; + pubkeyInput.value = pubkey; + var fd = new FormData(); + fd.append('g1wallet_csrf', csrfInput.value); + fd.append('g1_pubkey', pubkey); + fetch('/g1wallet/pubkey', { method: 'POST', body: fd, credentials: 'same-origin' }) + .then(function (r) { return r.json(); }) + .then(function (d) { if (d.status !== 'ok') console.warn('[g1wallet] pubkey store:', d.status); }) + .catch(function (e) { console.warn('[g1wallet] pubkey store error:', e.message); }); + } + + // ------------------------------------------------------------------------- + // INTERNAL HELPERS + // ------------------------------------------------------------------------- + + function _unlockWallet(pubkeyAddress, pubkeyHex, cryptoKey) { + _session.unlocked = true; + _session.pubkey = pubkeyAddress; + _session.pubkeyHex = pubkeyHex; + _session._cryptoKey = cryptoKey; + window.dispatchEvent(new CustomEvent('g1wallet:unlocked', { + detail: { pubkey: pubkeyAddress, pubkeyHex: pubkeyHex } + })); + } + + function _lockWallet() { + _session.unlocked = false; _session.pubkey = null; + _session.pubkeyHex = null; _session._cryptoKey = null; + window.dispatchEvent(new CustomEvent('g1wallet:locked')); + } + + function _showError(msg) { + var el = document.getElementById('g1wallet-unlock-error'); + if (el) { el.textContent = msg; el.style.display = ''; } + } + + function _clearError() { + var el = document.getElementById('g1wallet-unlock-error'); + if (el) { el.textContent = ''; el.style.display = 'none'; } + } + + function _escHtml(s) { + return String(s).replace(/&/g,'&').replace(//g,'>').replace(/"/g,'"'); + } + + // Auto-populate data-g1wallet-target="pubkey" fields on other addons. + window.addEventListener('g1wallet:unlocked', function (e) { + document.querySelectorAll('[data-g1wallet-target="pubkey"]') + .forEach(function (el) { el.value = e.detail.pubkey || ''; }); + }); + window.addEventListener('g1wallet:locked', function () { + document.querySelectorAll('[data-g1wallet-target="pubkey"]') + .forEach(function (el) { el.value = ''; }); + }); + +}());