forked from trustwallet/wallet-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathHDWallet.cpp
409 lines (355 loc) · 15.1 KB
/
HDWallet.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
// SPDX-License-Identifier: Apache-2.0
//
// Copyright © 2017 Trust Wallet.
#include "HDWallet.h"
#include "Base58.h"
#include "BinaryCoding.h"
#include "Bitcoin/CashAddress.h"
#include "Bitcoin/SegwitAddress.h"
#include "Coin.h"
#include "ImmutableX/StarkKey.h"
#include "Mnemonic.h"
#include "memory/memzero_wrapper.h"
#include <TrustWalletCore/TWHRP.h>
#include <TrustWalletCore/TWPublicKeyType.h>
#include <TrezorCrypto/options.h>
#include <TrezorCrypto/bip32.h>
#include <TrezorCrypto/bip39.h>
#include <TrezorCrypto/cardano.h>
#include <TrezorCrypto/curves.h>
#include <array>
#include <cstring>
using namespace TW;
namespace {
uint32_t fingerprint(HDNode* node, Hash::Hasher hasher);
std::string serialize(const HDNode* node, uint32_t fingerprint, uint32_t version, bool use_public, Hash::Hasher hasher);
bool deserialize(const std::string& extended, TWCurve curve, Hash::Hasher hasher, HDNode* node);
const char* curveName(TWCurve curve);
} // namespace
const int MnemonicBufLength = Mnemonic::MaxWords * (BIP39_MAX_WORD_LENGTH + 3) + 20; // some extra slack
template <std::size_t seedSize>
HDWallet<seedSize>::HDWallet(const Data& seed) {
std::copy_n(seed.begin(), seedSize, this->seed.begin());
}
template <std::size_t seedSize>
void HDWallet<seedSize>::updateSeedAndEntropy(bool check) {
assert(!check || Mnemonic::isValid(mnemonic)); // precondition
// generate seed from mnemonic
mnemonic_to_seed(mnemonic.c_str(), passphrase.c_str(), seed.data(), nullptr);
// generate entropy bits from mnemonic
Data entropyRaw((Mnemonic::MaxWords * Mnemonic::BitsPerWord) / 8);
// entropy is truncated to fully bytes, 4 bytes for each 3 words (=33 bits)
auto entropyBytes = mnemonic_to_bits(mnemonic.c_str(), entropyRaw.data()) / 33 * 4;
// copy to truncate
entropy = data(entropyRaw.data(), entropyBytes);
assert(!check || entropy.size() > 10);
}
template <std::size_t seedSize>
HDWallet<seedSize>::HDWallet(int strength, const std::string& passphrase)
: passphrase(passphrase) {
char buf[MnemonicBufLength];
const char* mnemonic_chars = mnemonic_generate(strength, buf, MnemonicBufLength);
if (mnemonic_chars == nullptr) {
throw std::invalid_argument("Invalid strength");
}
mnemonic = mnemonic_chars;
TW::memzero(buf, MnemonicBufLength);
updateSeedAndEntropy();
}
template <std::size_t seedSize>
HDWallet<seedSize>::HDWallet(const std::string& mnemonic, const std::string& passphrase, const bool check)
: mnemonic(mnemonic), passphrase(passphrase) {
if (mnemonic.length() == 0 ||
(check && !Mnemonic::isValid(mnemonic))) {
throw std::invalid_argument("Invalid mnemonic");
}
updateSeedAndEntropy(check);
}
template <std::size_t seedSize>
HDWallet<seedSize>::HDWallet(const Data& entropy, const std::string& passphrase)
: passphrase(passphrase) {
char buf[MnemonicBufLength];
const char* mnemonic_chars = mnemonic_from_data(entropy.data(), static_cast<int>(entropy.size()), buf, MnemonicBufLength);
if (mnemonic_chars == nullptr) {
throw std::invalid_argument("Invalid mnemonic data");
}
mnemonic = mnemonic_chars;
TW::memzero(buf, MnemonicBufLength);
updateSeedAndEntropy();
}
template <std::size_t seedSize>
HDWallet<seedSize>::~HDWallet() {
memzero(seed.data(), seed.size());
memzero(mnemonic.data(), mnemonic.size());
memzero(passphrase.data(), passphrase.size());
}
template <size_t seedSize>
static HDNode getMasterNode(const HDWallet<seedSize>& wallet, TWCurve curve) {
const auto privateKeyType = PrivateKey::getType(curve);
HDNode node;
switch (privateKeyType) {
case TWPrivateKeyTypeCardano: {
// Derives the root Cardano HDNode from a passphrase and the entropy encoded in
// a BIP-0039 mnemonic using the Icarus derivation (V2) scheme
const auto entropy = wallet.getEntropy();
uint8_t secret[CARDANO_SECRET_LENGTH];
secret_from_entropy_cardano_icarus((const uint8_t*)"", 0, entropy.data(), int(entropy.size()), secret, nullptr);
hdnode_from_secret_cardano(secret, &node);
TW::memzero(secret, CARDANO_SECRET_LENGTH);
break;
}
case TWPrivateKeyTypeDefault:
default:
hdnode_from_seed(wallet.getSeed().data(), HDWallet<seedSize>::mSeedSize, curveName(curve), &node);
break;
}
return node;
}
template <size_t seedSize>
static HDNode getNode(const HDWallet<seedSize>& wallet, TWCurve curve, const DerivationPath& derivationPath) {
const auto privateKeyType = PrivateKey::getType(curve);
auto node = getMasterNode<seedSize>(wallet, curve);
for (auto& index : derivationPath.indices) {
switch (privateKeyType) {
case TWPrivateKeyTypeCardano:
hdnode_private_ckd_cardano(&node, index.derivationIndex());
break;
case TWPrivateKeyTypeDefault:
default:
hdnode_private_ckd(&node, index.derivationIndex());
break;
}
}
return node;
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::getMasterKey(TWCurve curve) const {
auto node = getMasterNode(*this, curve);
auto data = Data(node.private_key, node.private_key + PrivateKey::_size);
return PrivateKey(data);
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::getMasterKeyExtension(TWCurve curve) const {
auto node = getMasterNode(*this, curve);
auto data = Data(node.private_key_extension, node.private_key_extension + PrivateKey::_size);
return PrivateKey(data);
}
template <std::size_t seedSize>
DerivationPath HDWallet<seedSize>::cardanoStakingDerivationPath(const DerivationPath& path) {
DerivationPath stakingPath = path;
stakingPath.indices[3].value = 2;
stakingPath.indices[4].value = 0;
return stakingPath;
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::getKeyByCurve(TWCurve curve, const DerivationPath& derivationPath) const {
const auto privateKeyType = PrivateKey::getType(curve);
auto node = getNode<seedSize>(*this, curve, derivationPath);
switch (privateKeyType) {
case TWPrivateKeyTypeCardano: {
if (derivationPath.indices.size() < 4 || derivationPath.indices[3].value > 1) {
// invalid derivation path
return PrivateKey(Data(PrivateKey::cardanoKeySize));
}
const DerivationPath stakingPath = cardanoStakingDerivationPath(derivationPath);
auto pkData = Data(node.private_key, node.private_key + PrivateKey::_size);
auto extData = Data(node.private_key_extension, node.private_key_extension + PrivateKey::_size);
auto chainCode = Data(node.chain_code, node.chain_code + PrivateKey::_size);
// repeat with staking path
const auto node2 = getNode(*this, curve, stakingPath);
auto pkData2 = Data(node2.private_key, node2.private_key + PrivateKey::_size);
auto extData2 = Data(node2.private_key_extension, node2.private_key_extension + PrivateKey::_size);
auto chainCode2 = Data(node2.chain_code, node2.chain_code + PrivateKey::_size);
TW::memzero(&node);
return PrivateKey(pkData, extData, chainCode, pkData2, extData2, chainCode2);
}
case TWPrivateKeyTypeDefault:
default:
// default path
auto data = Data(node.private_key, node.private_key + PrivateKey::_size);
TW::memzero(&node);
if (curve == TWCurveStarkex) {
return ImmutableX::getPrivateKeyFromEthPrivKey(PrivateKey(data));
}
return PrivateKey(data);
}
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::getKey(TWCoinType coin, const DerivationPath& derivationPath) const {
const auto curve = TWCoinTypeCurve(coin);
return getKeyByCurve(curve, derivationPath);
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::getKey(TWCoinType coin, TWDerivation derivation) const {
const auto path = TW::derivationPath(coin, derivation);
return getKey(coin, path);
}
template <std::size_t seedSize>
std::string HDWallet<seedSize>::getRootKey(TWCoinType coin, TWHDVersion version) const {
const auto curve = TWCoinTypeCurve(coin);
auto node = getMasterNode(*this, curve);
return serialize(&node, 0, version, false, base58Hasher(coin));
}
template <std::size_t seedSize>
std::string HDWallet<seedSize>::deriveAddress(TWCoinType coin, TWDerivation derivation) const {
const auto derivationPath = TW::derivationPath(coin, derivation);
return TW::deriveAddress(coin, getKey(coin, derivationPath), derivation);
}
template <std::size_t seedSize>
std::string HDWallet<seedSize>::deriveAddress(TWCoinType coin) const {
return deriveAddress(coin, TWDerivationDefault);
}
template <std::size_t seedSize>
std::string HDWallet<seedSize>::getExtendedPrivateKeyAccount(TWPurpose purpose, TWCoinType coin, TWDerivation derivation, TWHDVersion version, uint32_t account) const {
if (version == TWHDVersionNone) {
return "";
}
const auto curve = TWCoinTypeCurve(coin);
const auto path = TW::derivationPath(coin, derivation);
auto derivationPath = DerivationPath({DerivationPathIndex(purpose, true), DerivationPathIndex(path.coin(), true)});
auto node = getNode(*this, curve, derivationPath);
auto fingerprintValue = fingerprint(&node, publicKeyHasher(coin));
hdnode_private_ckd(&node, account + 0x80000000);
return serialize(&node, fingerprintValue, version, false, base58Hasher(coin));
}
template <std::size_t seedSize>
std::string HDWallet<seedSize>::getExtendedPublicKeyAccount(TWPurpose purpose, TWCoinType coin, TWDerivation derivation, TWHDVersion version, uint32_t account) const {
if (version == TWHDVersionNone) {
return "";
}
const auto curve = TWCoinTypeCurve(coin);
const auto path = TW::derivationPath(coin, derivation);
auto derivationPath = DerivationPath({DerivationPathIndex(purpose, true), DerivationPathIndex(path.coin(), true)});
auto node = getNode(*this, curve, derivationPath);
auto fingerprintValue = fingerprint(&node, publicKeyHasher(coin));
hdnode_private_ckd(&node, account + 0x80000000);
hdnode_fill_public_key(&node);
return serialize(&node, fingerprintValue, version, true, base58Hasher(coin));
}
template <std::size_t seedSize>
std::optional<PublicKey> HDWallet<seedSize>::getPublicKeyFromExtended(const std::string& extended, TWCoinType coin, const DerivationPath& path) {
const auto curve = TW::curve(coin);
const auto hasher = TW::base58Hasher(coin);
auto node = HDNode{};
if (!deserialize(extended, curve, hasher, &node)) {
return {};
}
if (node.curve->params == nullptr) {
return {};
}
hdnode_public_ckd(&node, path.change());
hdnode_public_ckd(&node, path.address());
hdnode_fill_public_key(&node);
// These public key type are not applicable. Handled above, as node.curve->params is null
assert(curve != TWCurveED25519 && curve != TWCurveED25519Blake2bNano && curve != TWCurveED25519ExtendedCardano && curve != TWCurveCurve25519);
TWPublicKeyType keyType = TW::publicKeyType(coin);
if (curve == TWCurveSECP256k1) {
auto pubkey = PublicKey(Data(node.public_key, node.public_key + 33), TWPublicKeyTypeSECP256k1);
if (keyType == TWPublicKeyTypeSECP256k1Extended) {
return pubkey.extended();
} else {
return pubkey;
}
} else if (curve == TWCurveNIST256p1) {
auto pubkey = PublicKey(Data(node.public_key, node.public_key + 33), TWPublicKeyTypeNIST256p1);
if (keyType == TWPublicKeyTypeNIST256p1Extended) {
return pubkey.extended();
} else {
return pubkey;
}
}
return {};
}
template <std::size_t seedSize>
std::optional<PrivateKey> HDWallet<seedSize>::getPrivateKeyFromExtended(const std::string& extended, TWCoinType coin, const DerivationPath& path) {
const auto curve = TW::curve(coin);
const auto hasher = TW::base58Hasher(coin);
auto node = HDNode{};
if (!deserialize(extended, curve, hasher, &node)) {
return {};
}
hdnode_private_ckd(&node, path.change());
hdnode_private_ckd(&node, path.address());
return PrivateKey(Data(node.private_key, node.private_key + 32));
}
template <std::size_t seedSize>
PrivateKey HDWallet<seedSize>::bip32DeriveRawSeed(TWCoinType coin, const Data& seed, const DerivationPath& path) {
const auto curve = TWCoinTypeCurve(coin);
auto wallet = HDWallet<seedSize>(seed);
return wallet.getKeyByCurve(curve, path);
}
namespace {
uint32_t fingerprint(HDNode* node, Hash::Hasher hasher) {
hdnode_fill_public_key(node);
auto digest = Hash::hash(hasher, node->public_key, 33);
return ((uint32_t)digest[0] << 24) + (digest[1] << 16) + (digest[2] << 8) + digest[3];
}
std::string serialize(const HDNode* node, uint32_t fingerprint, uint32_t version, bool use_public, Hash::Hasher hasher) {
Data node_data;
node_data.reserve(78);
encode32BE(version, node_data);
node_data.push_back(static_cast<uint8_t>(node->depth));
encode32BE(fingerprint, node_data);
encode32BE(node->child_num, node_data);
node_data.insert(node_data.end(), node->chain_code, node->chain_code + 32);
if (use_public) {
node_data.insert(node_data.end(), node->public_key, node->public_key + 33);
} else {
node_data.push_back(0);
node_data.insert(node_data.end(), node->private_key, node->private_key + 32);
}
return Base58::encodeCheck(node_data, Rust::Base58Alphabet::Bitcoin, hasher);
}
bool deserialize(const std::string& extended, TWCurve curve, Hash::Hasher hasher, HDNode* node) {
TW::memzero(node);
const char* curveNameStr = curveName(curve);
if (curveNameStr == nullptr || std::string(curveNameStr).empty()) {
return false;
}
node->curve = get_curve_by_name(curveNameStr);
assert(node->curve != nullptr);
const auto node_data = Base58::decodeCheck(extended, Rust::Base58Alphabet::Bitcoin, hasher);
if (node_data.size() != 78) {
return false;
}
uint32_t version = decode32BE(node_data.data());
if (TWHDVersionIsPublic(static_cast<TWHDVersion>(version))) {
std::copy(node_data.begin() + 45, node_data.begin() + 45 + 33, node->public_key);
} else if (TWHDVersionIsPrivate(static_cast<TWHDVersion>(version))) {
if (node_data[45]) { // invalid data
return false;
}
std::copy(node_data.begin() + 46, node_data.begin() + 46 + 32, node->private_key);
} else {
return false; // invalid version
}
node->depth = node_data[4];
node->child_num = decode32BE(node_data.data() + 9);
std::copy(node_data.begin() + 13, node_data.begin() + 13 + 32, node->chain_code);
return true;
}
const char* curveName(TWCurve curve) {
switch (curve) {
case TWCurveStarkex:
case TWCurveSECP256k1:
return SECP256K1_NAME;
case TWCurveED25519:
return ED25519_NAME;
case TWCurveED25519Blake2bNano:
return ED25519_BLAKE2B_NANO_NAME;
case TWCurveED25519ExtendedCardano:
return ED25519_CARDANO_NAME;
case TWCurveNIST256p1:
return NIST256P1_NAME;
case TWCurveCurve25519:
return CURVE25519_NAME;
case TWCurveNone:
default:
return "";
}
}
} // namespace
namespace TW {
template class HDWallet<32>;
template class HDWallet<64>;
} // namespace TW