search

iancoleman / bip39

A web tool for converting BIP39 mnemonic codes
https://iancoleman.io/bip39/
MIT License
3.52k stars 1.44k forks source link

bip32 generate incorrect child key in some mnemonic #421

Open athlona64 opened 4 years ago

athlona64 commented 4 years ago

i generate more 2,000 mnemonic is looks like good

but i found some problem in other language library bip32 is correct private key for child1 but i found flutter bip32 is incorrect private key in one mnemonic (other mnemonic is correct)

how to solution for solve guide me pls.

mnemonic problem : path one ceiling head menu robot video already dry quantum analyst disagree

"m/44'/60'/0'/0/0"

in normally public address should show: 0x1f6F564C490d10C69bC1D94a7f09a922BA08A6aB

but in flutter https://pub.dev/packages/bip32 library incorrect address: 0x946b271a9868f6390525b2365b8cee448cb7a452

i found problem on this function generate private key exceed


BIP32 derive(int index) {
    if (index > UINT32_MAX || index < 0) throw new ArgumentError("Expected UInt32");
    final isHardened = index >= HIGHEST_BIT;
    Uint8List data = new Uint8List(37);
    if (isHardened) {
      if (isNeutered()) {
        throw new ArgumentError("Missing private key for hardened child key");
      }
      data[0] = 0x00;
      data.setRange(1, 33, privateKey);
      data.buffer.asByteData().setUint32(33, index);
    } else {
      data.setRange(0, 33, publicKey);
      data.buffer.asByteData().setUint32(33, index);
    }

    final I = hmacSHA512(chainCode, data);
    final IL = I.sublist(0, 32);
    final IR = I.sublist(32);

    if (!ecc.isPrivate(IL)) {
      print('!ecc');
      return derive(index + 1);
    }
    BIP32 hd;
    if (!isNeutered()) {
      final ki = ecc.privateAdd(privateKey, IL);
      if (ki == null) return derive(index + 1);

      hd = BIP32.fromPrivateKey(ki, IR, network);
    } else {
      final ki = ecc.pointAddScalar(publicKey, IL, true);
      if (ki == null) return derive(index + 1);

      hd = BIP32.fromPublicKey(ki, IR, network);
    }
    hd.depth = depth + 1;
    hd.index = index;
    hd.parentFingerprint = fingerprint.buffer.asByteData().getUint32(0);

    return hd;
  }
wigy-opensource-developer commented 4 years ago

This repository has nothing to do with that flutter package. Also, I could not find the source code for the bip32 flutter package at https://github.com/anicdh?tab=repositories or anywhere linked from the package metadata so I do not recommend using it for cryptography that needs auditable privacy of keys before those sources are shared. @anicdh

wigy-opensource-developer commented 4 years ago

@athlona64 After some social engineering, I found the sources of the https://pub.dev/packages/bip32 flutter package at https://github.com/dart-bitcoin/bip32-dart

I think you should open an issue there and close this one.

iancoleman commented 4 years ago

Thanks @wigy-opensource-developer for the help with this.

I'll leave it to @athlona64 to close this when the bip32-dart package is confirmed to be the true source of the issue.