search

GoUpNumber / gun

The Go Up Number Wallet
BSD Zero Clause License
49 stars 10 forks source link

BIP39 Passphrase with new XKeySigner #80

Closed nickfarrow closed 2 years ago

nickfarrow commented 2 years ago

Based on https://github.com/LLFourn/gun/pull/77 fixes https://github.com/LLFourn/gun/issues/46 https://github.com/LLFourn/gun/pull/58 Adds new --has-passphrase bool to init seed. Passphrase validation (with external_descriptor) not fully implemented.

nickfarrow commented 2 years ago

Added BIP85 for secret randomness when using a Seed wallet. I believe this update would break any live bets if you update and recreated your existing Seed wallets (using --use-existing). In Config::into_v1 we could overwrite the secret_protocol_randomness and force Seed wallets to migrate to using the bip85 new randomness. But perhaps safer to leave it to users?

on the side wondering, is there a better way to do this line? https://github.com/LLFourn/gun/pull/80/commits/132e689bd33ef5be904aa4aa2bb69d2e3e0c3416#diff-d97a27b442016db4753314f34ed66d40492d34b8ba6a2c04338e367c5ad8e68bR234

nickfarrow commented 2 years ago

wrench just put bip85_key.private_key into the hash. You will need to call as_bytes on it or something first.

Are you sure that you're only meant to hash the private key and not the extended private key?

yeah bip says to use the private key as the message. I did mess up the derivation path for the hex application number though, doing a fixup now.

To match the test vector you can replace L225:

let xpriv = ExtendedPrivKey::from_str("xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu3vca1LqdGhUtyoFnCNkfmXRyPXLjbKb").unwrap();
let secp = Secp256k1::signing_only();
let bip85_key = xpriv
    .derive_priv(
        &secp,
        // &DerivationPath::from_str("m/83696968'/128169'/64'/0'").unwrap(),
        &DerivationPath::from_str("m/83696968'/128169'/64'/0'").unwrap(),
    )
    .unwrap();

let mut engine = HmacEngine::<sha512::Hash>::new("bip-entropy-from-k".as_bytes());
engine.input(&bip85_key.private_key.serialize_secret());
let hash = Hmac::<sha512::Hash>::from_engine(engine);
dbg!(hash);

492db4698cf3b73a5a24998aa3e9d7fa96275d85724a91e71aa2d645442f878555d078fd1f1f67e368976f04137b1f7a0d19232136ca50c44614af72b5582a5c