BIP38: Passphrase Unicode Normalization

[rogerioyuuki]

According to BIP38, the passphrase should be normalized:

Parameters: passphrase is the passphrase itself encoded in UTF-8 and normalized using Unicode Normalization Form C (NFC).

But there isn't any treatment in this library. It should either be implemented or explicitly warned in the README.

Example (No Compression, No EC-multiply Test Vector 3): Unencrypted Key (WIF): 5Jajm8eQ22H3pGWLEVCXyvND8dQZhiQhoLJNKjYXk9roUFTMSZ4 Unencrypted Key (hex): 64eeab5f9be2a01a8365a579511eb3373c87c40da6d2a25f05bda68fe077b66e Passphrase ϓ␀𐐀💩 (\u03D2\u0301\u0000\U00010400\U0001F4A9) Encrypted Key: 6PRW5o9FLp4gJDDVqJQKJFTpMvdsSGJxMYHtHaQBF3ooa8mwD69bapcDQn

const passphrase = '\u03D2\u0301\u{0000}\u{00010400}\u{0001F4A9}';
const unencrypted = Buffer.from('64eeab5f9be2a01a8365a579511eb3373c87c40da6d2a25f05bda68fe077b66e', 'hex');

// This doesn't pass the test
bip38.encrypt(unencrypted, false, passphrase);  
> 6PRW5o9FMK7cTQUL1mbVD1NzNjHvhkXwkafES6NB1yvbEeZc3tcseHu5CW

// This works
bip38.encrypt(unencrypted, false, passphrase.normalize("NFC")); 
> 6PRW5o9FLp4gJDDVqJQKJFTpMvdsSGJxMYHtHaQBF3ooa8mwD69bapcDQn

[junderw]

Thanks for the catch.

Just for record keeping sake:

1. NFC normalization was merged into BIP38 on June 24th 2014
2. At that time, bip38 was already at version 1.1.0 (so we were compliant with the BIP38 at the time of creation)
3. Since most people working on the BIP are English natives, they did not realize NFC was a breaking change. (NFC doesn't modify ASCII English passwords)
4. You just notified us of the discrepancy.

Thank you so much. This is one reason why I think there needs to be more non-English-native developers in the crypto space.

I look forward to your continued contribution to the open source crypto community. It really helps us all. :+1:

[junderw]

Updated as v3.0.0