feat: add encryptStringAsync + refactor calls

package.json

@@ -217,6 +217,7 @@
     "style-loader": "^3.3.3",
     "tamagui-loader": "1.108.0",
     "ts-jest": "^29.1.1",
+    "typescript": "5.1.6",
     "ultra-runner": "^3.10.5",
     "webpack": "5.90.3",
     "webpack-bundle-analyzer": "^4.9.1",

packages/core/@tests/coreTestsUtils.ts

@@ -7,6 +7,13 @@ import {
   mnemonicToRevealableSeed,
 } from '../src/secret';
 
+function checkIsDefined<T>(value: T | undefined | null): T {
+  if (value === undefined || value === null) {
+    throw new Error('Expected value to be defined');
+  }
+  return value;
+}
+
 import type {
   ICoreTestsAccountInfo,
   ICoreTestsHdCredential,
@@ -170,9 +177,9 @@ async function expectGetPrivateKeysHdOk({
     // c1c3e59db78da160261befeef577daa7b54cd756e48601473cfe98d012b3ccfca240a8a3e1a328ee7611ba2688f3fadf1d7c61d36c379c0ced0eec0b66ff9ecd635a8dbfcae4cce36c15c64a79d5873d1d26cbf6c90a36034f96077d66cef413
     expect(encryptKey).toBeTruthy();
     // 105434ca932be16664cb5e44e5b006728577dd757440d068e6d15ef52c15a82f
-    const privateKey = decryptString({
+    const privateKey = await decryptString({
       password,
-      data: encryptKey,
+      data: checkIsDefined(encryptKey),
     });
     expect(privateKey).toEqual(account.privateKeyRaw);
   }

packages/core/src/base/CoreChainApiBase.ts

@@ -20,7 +20,8 @@ import {
   decrypt,
   decryptImportedCredential,
   ed25519,
-  encrypt,
+  encrypt, // @deprecated Use encryptAsync instead
+  encryptAsync,
   nistp256,
   secp256k1,
 } from '../secret';
@@ -109,6 +110,10 @@ export abstract class CoreChainApiBase {
     });
   }
 
+  /**
+   * @deprecated The synchronous encryption methods used in this function will be deprecated.
+   * Please use async encryption methods instead.
+   */
   protected async baseGetPrivateKeys({
     payload,
     curve,
@@ -140,7 +145,9 @@ export abstract class CoreChainApiBase {
         password,
         credential: credentials.imported,
       });
-      const encryptPrivateKey = bufferUtils.bytesToHex(encrypt(password, p));
+      const encryptPrivateKey = bufferUtils.bytesToHex(
+        await encryptAsync({ password, data: p })
+      );
       privateKeys[account.path] = encryptPrivateKey;
       privateKeys[''] = encryptPrivateKey;
     }
@@ -150,6 +157,10 @@ export abstract class CoreChainApiBase {
     return privateKeys;
   }
 
+  /**
+   * @deprecated The synchronous encryption methods used in this function will be deprecated.
+   * Please use async encryption methods instead.
+   */
   protected async baseGetPrivateKeysHd({
     curve,
     password,
@@ -170,14 +181,14 @@ export abstract class CoreChainApiBase {
       );
     }
 
-    const keys = batchGetPrivateKeys(
+    const keys = await batchGetPrivateKeys(
       curve,
       hdCredential,
       password,
       basePath,
       usedRelativePaths,
     );
-    const map: ICoreApiPrivateKeysMap = keys.reduce((ret, key) => {
+    const map: ICoreApiPrivateKeysMap = keys.reduce((ret: ICoreApiPrivateKeysMap, key: ISecretPrivateKeyInfo) => {
       const result: ICoreApiPrivateKeysMap = {
         ...ret,
         [key.path]: bufferUtils.bytesToHex(key.extendedKey.key),
@@ -187,6 +198,10 @@ export abstract class CoreChainApiBase {
     return map;
   }
 
+  /**
+   * @deprecated The synchronous encryption methods used in this function will be deprecated.
+   * Please use async encryption methods instead.
+   */
   protected async baseGetAddressesFromHd(
     query: ICoreApiGetAddressesQueryHd,
     options: {
@@ -205,7 +220,7 @@ export abstract class CoreChainApiBase {
     let pvtkeyInfos: ISecretPrivateKeyInfo[] = [];
 
     if (isPrivateKeyMode) {
-      pvtkeyInfos = batchGetPrivateKeys(
+      pvtkeyInfos = await batchGetPrivateKeys(
         curve,
         hdCredential,
         password,
@@ -235,7 +250,7 @@ export abstract class CoreChainApiBase {
         let result: ICoreApiGetAddressItem | undefined;
 
         if (isPrivateKeyMode) {
-          const privateKeyRaw = bufferUtils.bytesToHex(decrypt(password, key));
+          const privateKeyRaw = bufferUtils.bytesToHex(await decrypt(password, key));
           result = await this.getAddressFromPrivate({
             networkInfo: query.networkInfo,
             privateKeyRaw,

packages/core/src/chains/ada/CoreChainSoftware.ts

@@ -2,7 +2,7 @@ import { checkIsDefined } from '@onekeyhq/shared/src/utils/assertUtils';
 import bufferUtils from '@onekeyhq/shared/src/utils/bufferUtils';
 
 import { CoreChainApiBase } from '../../base/CoreChainApiBase';
-import { decrypt, encrypt } from '../../secret';
+import { decrypt, encrypt, encryptAsync } from '../../secret';
 import {
   ECoreApiExportedSecretKeyType,
   type ICoreApiGetAddressItem,
@@ -53,7 +53,7 @@ export default class CoreChainSoftware extends CoreChainApiBase {
 
     const xprv = await generateExportedCredential(password, hdCredential, path);
     const privateKey = decodePrivateKeyByXprv(xprv);
-    const privateKeyEncrypt = encrypt(password, privateKey);
+    const privateKeyEncrypt = await encryptAsync({ password, data: privateKey });
 
     const map: ICoreApiPrivateKeysMap = {
       [path]: bufferUtils.bytesToHex(privateKeyEncrypt),
@@ -280,7 +280,7 @@ export default class CoreChainSoftware extends CoreChainApiBase {
         );
       }
       if (credentials.imported) {
-        const privateKey = decrypt(password, privateKeyRaw);
+        const privateKey = await decrypt(password, privateKeyRaw);
         return generateXprvFromPrivateKey(privateKey);
       }
     }

packages/core/src/chains/btc/CoreChainSoftware.ts

@@ -31,6 +31,7 @@ import {
   batchGetPublicKeysAsync,
   decrypt,
   encrypt,
+  encryptAsync,
   mnemonicFromEntropyAsync,
   mnemonicToSeedAsync,
   secp256k1,
@@ -247,15 +248,15 @@ export default class CoreChainSoftwareBtc extends CoreChainApiBase {
             .fill(
               Buffer.concat([
                 Buffer.from([0]),
-                decrypt(password, privateKeyRaw),
+                await decrypt(password, privateKeyRaw),
               ]),
               45,
               78,
             ),
         );
       }
       if (credentials.imported) {
-        return bs58check.encode(decrypt(password, privateKeyRaw));
+        return bs58check.encode(await decrypt(password, privateKeyRaw));
       }
     }
     throw new Error(`SecretKey type not support: ${keyType}`);
@@ -433,55 +434,57 @@ export default class CoreChainSoftwareBtc extends CoreChainApiBase {
     return psbt;
   }
 
-  private appendImportedRelPathPrivateKeys({
+  private async appendImportedRelPathPrivateKeys({
     privateKeys,
     password,
     relPaths,
   }: {
     privateKeys: ICoreApiPrivateKeysMap;
     password: string;
     relPaths?: string[];
-  }): ICoreApiPrivateKeysMap {
+  }): Promise<ICoreApiPrivateKeysMap> {
     const deriver = new BaseBip32KeyDeriver(
       Buffer.from('Bitcoin seed'),
       secp256k1,
     ) as IBip32KeyDeriver;
 
     // imported account return "" key as root privateKey
     const privateKey = privateKeys[''];
-    const xprv = decrypt(password, bufferUtils.toBuffer(privateKey));
+    const xprv = await decrypt(password, bufferUtils.toBuffer(privateKey));
     const startKey = {
       chainCode: xprv.slice(13, 45),
       key: xprv.slice(46, 78),
     };
 
     const cache: Record<string, IBip32ExtendedKey> = {};
 
-    relPaths?.forEach((relPath) => {
-      const pathComponents = relPath.split('/');
-
-      let currentPath = '';
-      let parent = startKey;
-      pathComponents.forEach((pathComponent) => {
-        currentPath =
-          currentPath.length > 0
-            ? `${currentPath}/${pathComponent}`
-            : pathComponent;
-        if (typeof cache[currentPath] === 'undefined') {
-          const index = pathComponent.endsWith("'")
-            ? parseInt(pathComponent.slice(0, -1), 10) + 2 ** 31
-            : parseInt(pathComponent, 10);
-          const thisPrivKey = deriver.CKDPriv(parent, index);
-          cache[currentPath] = thisPrivKey;
-        }
-        parent = cache[currentPath];
-      });
+    await Promise.all(
+      relPaths?.map(async (relPath) => {
+        const pathComponents = relPath.split('/');
+
+        let currentPath = '';
+        let parent = startKey;
+        pathComponents.forEach((pathComponent) => {
+          currentPath =
+            currentPath.length > 0
+              ? `${currentPath}/${pathComponent}`
+              : pathComponent;
+          if (typeof cache[currentPath] === 'undefined') {
+            const index = pathComponent.endsWith("'")
+              ? parseInt(pathComponent.slice(0, -1), 10) + 2 ** 31
+              : parseInt(pathComponent, 10);
+            const thisPrivKey = deriver.CKDPriv(parent, index);
+            cache[currentPath] = thisPrivKey;
+          }
+          parent = cache[currentPath];
+        });
 
-      // TODO use dbAccountAddresses save fullPath/relPath key
-      privateKeys[relPath] = bufferUtils.bytesToHex(
-        encrypt(password, cache[relPath].key),
-      );
-    });
+        // TODO use dbAccountAddresses save fullPath/relPath key
+        privateKeys[relPath] = bufferUtils.bytesToHex(
+          await encryptAsync({ password, data: cache[relPath].key })
+        );
+      }) || [],
+    );
     return privateKeys;
   }
 
@@ -703,7 +706,7 @@ export default class CoreChainSoftwareBtc extends CoreChainApiBase {
       curve: curveName,
     });
     if (isImported) {
-      this.appendImportedRelPathPrivateKeys({
+      await this.appendImportedRelPathPrivateKeys({
         privateKeys,
         password,
         relPaths,

packages/core/src/chains/dot/CoreChainSoftware.ts

@@ -14,6 +14,7 @@ import {
   decrypt,
   decryptImportedCredential,
   encrypt,
+  encryptAsync,
   mnemonicFromEntropy,
 } from '../../secret';
 import {
@@ -78,7 +79,7 @@ export default class CoreChainSoftware extends CoreChainApiBase {
       throw new Error('privateKeyRaw is required');
     }
     if (keyType === ECoreApiExportedSecretKeyType.privateKey) {
-      return `0x${decrypt(password, privateKeyRaw).toString('hex')}`;
+      return `0x${(await decrypt(password, privateKeyRaw)).toString('hex')}`;
     }
     throw new Error(`SecretKey type not support: ${keyType}`);
   }
@@ -90,39 +91,59 @@ export default class CoreChainSoftware extends CoreChainApiBase {
   }): Promise<ICoreApiPrivateKeysMap> {
     const { credentials, account, password, relPaths } = payload;
     let privateKeys: ICoreApiPrivateKeysMap = {};
-    if (credentials.hd) {
-      const pathComponents = account.path.split('/');
-      const usedRelativePaths = relPaths || [pathComponents.pop() as string];
-      const basePath = pathComponents.join('/');
-      const mnemonic = mnemonicFromEntropy(credentials.hd, password);
-      const keys = usedRelativePaths.map((relPath) => {
-        const path = `${basePath}/${relPath}`;
-
-        const keyPair = derivationHdLedger(mnemonic, path);
-        return {
-          path,
-          key: encrypt(password, Buffer.from(keyPair.secretKey.slice(0, 32))),
-        };
-      });
-
-      privateKeys = keys.reduce(
+    try {
+      if (credentials.hd) {
+        const pathComponents = account.path.split('/');
+        const usedRelativePaths = relPaths || [pathComponents.pop() as string];
+        const basePath = pathComponents.join('/');
+        const mnemonic = mnemonicFromEntropy(credentials.hd, password);
+        const keys = await Promise.all(usedRelativePaths.map(async (relPath) => {
+          const path = `${basePath}/${relPath}`;
+          try {
+            const keyPair = derivationHdLedger(mnemonic, path);
+            const encryptedKey = await encryptAsync({ 
+              password, 
+              data: Buffer.from(keyPair.secretKey.slice(0, 32)) 
+            });
+            return {
+              path,
+              key: encryptedKey,
+            };
+          } catch (error) {
+            console.error(`Failed to process key for path ${path}:`, error);
+            throw error;
+          }
+        }));
+
+        privateKeys = keys.reduce(
         (ret, key) => ({ ...ret, [key.path]: bufferUtils.bytesToHex(key.key) }),
         {},
       );
     }
     if (credentials.imported) {
-      const { privateKey: p } = decryptImportedCredential({
-        password,
-        credential: credentials.imported,
-      });
-      const encryptPrivateKey = bufferUtils.bytesToHex(encrypt(password, p));
-      privateKeys[account.path] = encryptPrivateKey;
-      privateKeys[''] = encryptPrivateKey;
+      try {
+        const { privateKey: p } = decryptImportedCredential({
+          password,
+          credential: credentials.imported,
+        });
+        const encryptPrivateKey = bufferUtils.bytesToHex(
+          await encryptAsync({ password, data: p })
+        );
+        privateKeys[account.path] = encryptPrivateKey;
+        privateKeys[''] = encryptPrivateKey;
+      } catch (error) {
+        console.error('Failed to process imported credentials:', error);
+        throw error;
+      }
     }
     if (!Object.keys(privateKeys).length) {
       throw new Error('No private keys found');
     }
     return privateKeys;
+    } catch (error) {
+      console.error('Error in baseGetPrivateKeys:', error);
+      throw error;
+    }
   }
 
   override async getPrivateKeys(

packages/core/src/chains/lightning/sdkLightning/account.ts

@@ -30,7 +30,7 @@ export const generateNativeSegwitAccounts = async ({
     (index) => `${index.toString()}'`, // btc
   );
 
-  const pubkeyInfos = batchGetPublicKeys(
+  const pubkeyInfos = await batchGetPublicKeys(
     curve,
     hdCredential,
     password,

packages/core/src/secret/bip32.ts

@@ -26,7 +26,7 @@ function serNum(p: BigNumber, bits: 32 | 256): Buffer {
 }
 
 function ser32(index: number): Buffer {
-  if (!Number.isInteger(index)) {
+  if (typeof index !== 'number' || !Number.isInteger(index) || index < 0) {
     throw Error('Invalid index.');
   }