sneak
080a3dc253
Add blank lines before return statements in all files to satisfy the nlreturn linter. This improves code readability by providing visual separation before return statements. Changes made across 24 files: - internal/cli/*.go - internal/secret/*.go - internal/vault/*.go - pkg/agehd/agehd.go - pkg/bip85/bip85.go All 143 nlreturn issues have been resolved.
394 lines
12 KiB
Go
394 lines
12 KiB
Go
package bip85
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"crypto/sha512"
|
|
"encoding/base64"
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
|
|
"github.com/btcsuite/btcd/btcec/v2"
|
|
"github.com/btcsuite/btcd/btcutil"
|
|
"github.com/btcsuite/btcd/btcutil/base58"
|
|
"github.com/btcsuite/btcd/btcutil/hdkeychain"
|
|
"github.com/btcsuite/btcd/chaincfg"
|
|
"golang.org/x/crypto/sha3"
|
|
)
|
|
|
|
const (
|
|
// BIP85_MASTER_PATH is the derivation path prefix for all BIP85 applications
|
|
BIP85_MASTER_PATH = "m/83696968'" //nolint:revive // ALL_CAPS used for BIP85 constants
|
|
|
|
// BIP85_KEY_HMAC_KEY is the HMAC key used for deriving the entropy
|
|
BIP85_KEY_HMAC_KEY = "bip-entropy-from-k" //nolint:revive // ALL_CAPS used for BIP85 constants
|
|
|
|
// Application numbers
|
|
AppBIP39 = 39 // BIP39 mnemonics
|
|
AppHDWIF = 2 // WIF for Bitcoin Core
|
|
AppXPRV = 32 // Extended private key
|
|
APP_HEX = 128169 //nolint:revive // ALL_CAPS used for BIP85 constants
|
|
APP_PWD64 = 707764 // Base64 passwords //nolint:revive // ALL_CAPS used for BIP85 constants
|
|
AppPWD85 = 707785 // Base85 passwords
|
|
APP_RSA = 828365 //nolint:revive // ALL_CAPS used for BIP85 constants
|
|
)
|
|
|
|
// Version bytes for extended keys
|
|
var (
|
|
// MainNetPrivateKey is the version for mainnet private keys
|
|
MainNetPrivateKey = []byte{0x04, 0x88, 0xAD, 0xE4} //nolint:gochecknoglobals // Standard BIP32 constant
|
|
// TestNetPrivateKey is the version for testnet private keys
|
|
TestNetPrivateKey = []byte{0x04, 0x35, 0x83, 0x94} //nolint:gochecknoglobals // Standard BIP32 constant
|
|
)
|
|
|
|
// DRNG is a deterministic random number generator seeded by BIP85 entropy
|
|
type DRNG struct {
|
|
shake io.Reader
|
|
}
|
|
|
|
// NewBIP85DRNG creates a new DRNG seeded with BIP85 entropy
|
|
func NewBIP85DRNG(entropy []byte) *DRNG {
|
|
const bip85EntropySize = 64 // 512 bits
|
|
// The entropy must be exactly 64 bytes (512 bits)
|
|
if len(entropy) != bip85EntropySize {
|
|
panic("DRNG entropy must be 64 bytes")
|
|
}
|
|
|
|
// Initialize SHAKE256 with the entropy
|
|
shake := sha3.NewShake256()
|
|
_, _ = shake.Write(entropy) // Write to hash functions never returns an error
|
|
|
|
return &DRNG{
|
|
shake: shake,
|
|
}
|
|
}
|
|
|
|
// Read implements the io.Reader interface
|
|
func (d *DRNG) Read(p []byte) (n int, err error) {
|
|
return d.shake.Read(p)
|
|
}
|
|
|
|
// DeriveChildKey returns the private key and chain code bytes
|
|
func DeriveChildKey(masterKey *hdkeychain.ExtendedKey, path string) ([]byte, error) {
|
|
// Validate the masterKey is a private key
|
|
if !masterKey.IsPrivate() {
|
|
return nil, fmt.Errorf("master key must be a private key")
|
|
}
|
|
|
|
// Derive the child key at the specified path
|
|
childKey, err := deriveChildKey(masterKey, path)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to derive child key: %w", err)
|
|
}
|
|
|
|
// Get the private key bytes
|
|
ecPrivKey, err := childKey.ECPrivKey()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get EC private key: %w", err)
|
|
}
|
|
|
|
// Serialize the private key to get the bytes
|
|
return ecPrivKey.Serialize(), nil
|
|
}
|
|
|
|
// DeriveBIP85Entropy derives entropy from a BIP32 master key using the BIP85 method
|
|
func DeriveBIP85Entropy(masterKey *hdkeychain.ExtendedKey, path string) ([]byte, error) {
|
|
// Get the child key bytes
|
|
privKeyBytes, err := DeriveChildKey(masterKey, path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Apply HMAC-SHA512
|
|
h := hmac.New(sha512.New, []byte(BIP85_KEY_HMAC_KEY))
|
|
h.Write(privKeyBytes)
|
|
entropy := h.Sum(nil)
|
|
|
|
return entropy, nil
|
|
}
|
|
|
|
// deriveChildKey derives a child key from a parent key using the given path
|
|
func deriveChildKey(parent *hdkeychain.ExtendedKey, path string) (*hdkeychain.ExtendedKey, error) {
|
|
if path == "" || path == "m" || path == "/" {
|
|
return parent, nil
|
|
}
|
|
|
|
// Remove the "m/" or "/" prefix if present
|
|
path = strings.TrimPrefix(path, "m/")
|
|
path = strings.TrimPrefix(path, "/")
|
|
|
|
// Split the path into individual components
|
|
components := strings.Split(path, "/")
|
|
|
|
// Start with the parent key
|
|
key := parent
|
|
|
|
// Derive each component
|
|
for _, component := range components {
|
|
// Check if the component is hardened
|
|
hardened := strings.HasSuffix(component, "'") || strings.HasSuffix(component, "h")
|
|
if hardened {
|
|
component = strings.TrimSuffix(component, "'")
|
|
component = strings.TrimSuffix(component, "h")
|
|
}
|
|
|
|
// Parse the index
|
|
var index uint32
|
|
_, err := fmt.Sscanf(component, "%d", &index)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid path component: %s", component)
|
|
}
|
|
|
|
// Apply hardening if needed
|
|
if hardened {
|
|
index += hdkeychain.HardenedKeyStart
|
|
}
|
|
|
|
// Derive the child key
|
|
child, err := key.Derive(index)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to derive child key at index %d: %w", index, err)
|
|
}
|
|
|
|
key = child
|
|
}
|
|
|
|
return key, nil
|
|
}
|
|
|
|
// DeriveBIP39Entropy derives entropy for a BIP39 mnemonic
|
|
func DeriveBIP39Entropy(masterKey *hdkeychain.ExtendedKey, language, words, index uint32) ([]byte, error) {
|
|
path := fmt.Sprintf("%s/%d'/%d'/%d'/%d'", BIP85_MASTER_PATH, AppBIP39, language, words, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Determine how many bits of entropy to use based on the words
|
|
// BIP39 defines specific word counts and their corresponding entropy bits
|
|
const (
|
|
words12 = 12 // 128 bits of entropy
|
|
words15 = 15 // 160 bits of entropy
|
|
words18 = 18 // 192 bits of entropy
|
|
words21 = 21 // 224 bits of entropy
|
|
words24 = 24 // 256 bits of entropy
|
|
)
|
|
|
|
var bits int
|
|
switch words {
|
|
case words12:
|
|
bits = 128
|
|
case words15:
|
|
bits = 160
|
|
case words18:
|
|
bits = 192
|
|
case words21:
|
|
bits = 224
|
|
case words24:
|
|
bits = 256
|
|
default:
|
|
return nil, fmt.Errorf("invalid BIP39 word count: %d", words)
|
|
}
|
|
|
|
// Truncate to the required number of bits (bytes = bits / 8)
|
|
entropy = entropy[:bits/8]
|
|
|
|
return entropy, nil
|
|
}
|
|
|
|
// DeriveWIFKey derives a private key in WIF format
|
|
func DeriveWIFKey(masterKey *hdkeychain.ExtendedKey, index uint32) (string, error) {
|
|
path := fmt.Sprintf("%s/%d'/%d'", BIP85_MASTER_PATH, AppHDWIF, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Use the first 32 bytes as the key
|
|
keyBytes := entropy[:32]
|
|
|
|
// Convert to WIF format
|
|
privKey, _ := btcec.PrivKeyFromBytes(keyBytes)
|
|
wif, err := btcutil.NewWIF(privKey, &chaincfg.MainNetParams, true) // compressed=true
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to create WIF: %w", err)
|
|
}
|
|
|
|
return wif.String(), nil
|
|
}
|
|
|
|
// DeriveXPRV derives an extended private key (XPRV)
|
|
func DeriveXPRV(masterKey *hdkeychain.ExtendedKey, index uint32) (*hdkeychain.ExtendedKey, error) {
|
|
path := fmt.Sprintf("%s/%d'/%d'", BIP85_MASTER_PATH, AppXPRV, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// The first 32 bytes are the chain code, the second 32 bytes are the private key
|
|
chainCode := entropy[:32]
|
|
privateKey := entropy[32:64]
|
|
|
|
// Create serialized extended key
|
|
var serialized bytes.Buffer
|
|
|
|
// Add version bytes (4 bytes)
|
|
// Default to mainnet version
|
|
version := MainNetPrivateKey
|
|
|
|
// Check if the master key serialization starts with the testnet version bytes
|
|
masterKeyStr := masterKey.String()
|
|
if strings.HasPrefix(masterKeyStr, "tprv") {
|
|
version = TestNetPrivateKey
|
|
}
|
|
|
|
// Write serialized data
|
|
serialized.Write(version) // 4 bytes: version
|
|
serialized.WriteByte(0) // 1 byte: depth (0 for master)
|
|
serialized.Write([]byte{0, 0, 0, 0}) // 4 bytes: parent fingerprint (0 for master)
|
|
serialized.Write([]byte{0, 0, 0, 0}) // 4 bytes: child number (0 for master)
|
|
serialized.Write(chainCode) // 32 bytes: chain code
|
|
serialized.WriteByte(0) // 1 byte: 0x00 prefix for private key
|
|
serialized.Write(privateKey) // 32 bytes: private key
|
|
|
|
// Calculate checksum (first 4 bytes of double-SHA256)
|
|
serializedBytes := serialized.Bytes()
|
|
checksum := doubleSHA256(serializedBytes)[:4]
|
|
|
|
// Append checksum
|
|
serializedWithChecksum := append(serializedBytes, checksum...)
|
|
|
|
// Base58 encode
|
|
xprvStr := base58.Encode(serializedWithChecksum)
|
|
|
|
// Parse the serialized xprv back to an ExtendedKey
|
|
return hdkeychain.NewKeyFromString(xprvStr)
|
|
}
|
|
|
|
// doubleSHA256 calculates sha256(sha256(data))
|
|
func doubleSHA256(data []byte) []byte {
|
|
hash1 := sha256.Sum256(data)
|
|
hash2 := sha256.Sum256(hash1[:])
|
|
|
|
return hash2[:]
|
|
}
|
|
|
|
// DeriveHex derives a raw hex string of specified length
|
|
func DeriveHex(masterKey *hdkeychain.ExtendedKey, numBytes, index uint32) (string, error) {
|
|
if numBytes < 16 || numBytes > 64 {
|
|
return "", fmt.Errorf("numBytes must be between 16 and 64")
|
|
}
|
|
|
|
path := fmt.Sprintf("%s/%d'/%d'/%d'", BIP85_MASTER_PATH, APP_HEX, numBytes, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Truncate to the required number of bytes
|
|
entropy = entropy[:numBytes]
|
|
|
|
return hex.EncodeToString(entropy), nil
|
|
}
|
|
|
|
// DeriveBase64Password derives a password encoded in Base64
|
|
func DeriveBase64Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint32) (string, error) {
|
|
if pwdLen < 20 || pwdLen > 86 {
|
|
return "", fmt.Errorf("pwdLen must be between 20 and 86")
|
|
}
|
|
|
|
path := fmt.Sprintf("%s/%d'/%d'/%d'", BIP85_MASTER_PATH, APP_PWD64, pwdLen, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Base64 encode all 64 bytes of entropy
|
|
encodedStr := base64.StdEncoding.EncodeToString(entropy)
|
|
|
|
// Remove any padding
|
|
encodedStr = strings.TrimRight(encodedStr, "=")
|
|
|
|
// Slice to the desired password length
|
|
if len(encodedStr) < int(pwdLen) {
|
|
return "", fmt.Errorf("derived password length %d is shorter than requested length %d", len(encodedStr), pwdLen)
|
|
}
|
|
|
|
return encodedStr[:pwdLen], nil
|
|
}
|
|
|
|
// DeriveBase85Password derives a password encoded in Base85
|
|
func DeriveBase85Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint32) (string, error) {
|
|
if pwdLen < 10 || pwdLen > 80 {
|
|
return "", fmt.Errorf("pwdLen must be between 10 and 80")
|
|
}
|
|
|
|
path := fmt.Sprintf("%s/%d'/%d'/%d'", BIP85_MASTER_PATH, AppPWD85, pwdLen, index)
|
|
|
|
entropy, err := DeriveBIP85Entropy(masterKey, path)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Base85 encode all 64 bytes of entropy using the RFC1924 character set
|
|
encoded := encodeBase85WithRFC1924Charset(entropy)
|
|
|
|
// Slice to the desired password length
|
|
if len(encoded) < int(pwdLen) {
|
|
return "", fmt.Errorf("encoded length %d is less than requested length %d", len(encoded), pwdLen)
|
|
}
|
|
|
|
return encoded[:pwdLen], nil
|
|
}
|
|
|
|
// encodeBase85WithRFC1924Charset encodes data using Base85 with the RFC1924 character set
|
|
func encodeBase85WithRFC1924Charset(data []byte) string {
|
|
// RFC1924 character set
|
|
charset := "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!#$%&()*+-;<=>?@^_`{|}~"
|
|
|
|
const (
|
|
base85ChunkSize = 4 // Process 4 bytes at a time
|
|
base85DigitCount = 5 // Each chunk produces 5 digits
|
|
base85Base = 85 // Base85 encoding uses base 85
|
|
)
|
|
|
|
// Pad data to multiple of 4
|
|
padded := make([]byte, ((len(data)+base85ChunkSize-1)/base85ChunkSize)*base85ChunkSize)
|
|
copy(padded, data)
|
|
|
|
var buf strings.Builder
|
|
buf.Grow(len(padded) * base85DigitCount / base85ChunkSize) // Each 4 bytes becomes 5 Base85 characters
|
|
|
|
// Process in 4-byte chunks
|
|
for i := 0; i < len(padded); i += base85ChunkSize {
|
|
// Convert 4 bytes to uint32 (big-endian)
|
|
chunk := binary.BigEndian.Uint32(padded[i : i+base85ChunkSize])
|
|
|
|
// Convert to 5 base-85 digits
|
|
digits := make([]byte, base85DigitCount)
|
|
for j := base85DigitCount - 1; j >= 0; j-- {
|
|
idx := chunk % base85Base
|
|
digits[j] = charset[idx]
|
|
chunk /= base85Base
|
|
}
|
|
|
|
buf.Write(digits)
|
|
}
|
|
|
|
return buf.String()
|
|
}
|
|
|
|
// ParseMasterKey parses an extended key from a string
|
|
func ParseMasterKey(xprv string) (*hdkeychain.ExtendedKey, error) {
|
|
return hdkeychain.NewKeyFromString(xprv)
|
|
}
|