From c0ee25c85173f1f184ebb8effb3952789aad9ffa Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 21 Jan 2014 18:38:44 +0100 Subject: [PATCH] don't use implicit versions in bip32 --- bip32.c | 42 ++++++++++++++++++++++++++++-------------- bip32.h | 13 +++++++------ tests.c | 6 +++--- 3 files changed, 38 insertions(+), 23 deletions(-) diff --git a/bip32.c b/bip32.c index a37041e480..5acfd6d590 100644 --- a/bip32.c +++ b/bip32.c @@ -7,30 +7,44 @@ #include "sha2.h" #include "ripemd160.h" -uint8_t hdnode_coin_version = 0x00; - -void hdnode_from_pub(uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *public_key, HDNode *out) +void hdnode_from_xpub(uint8_t version_byte, uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *public_key, HDNode *out) { out->version = version; out->depth = depth; out->fingerprint = fingerprint; out->child_num = child_num; - memset(out->private_key, 0, 32); memcpy(out->chain_code, chain_code, 32); + memset(out->private_key, 0, 32); memcpy(out->public_key, public_key, 33); + out->version_byte = version_byte; hdnode_fill_address(out); } -void hdnode_from_seed(uint8_t *seed, int seed_len, HDNode *out) +void hdnode_from_xprv(uint8_t version_byte, uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *private_key, HDNode *out) { - out->version = 0x0488ADE4; // main-net + out->version = version; + out->depth = depth; + out->fingerprint = fingerprint; + out->child_num = child_num; + memcpy(out->chain_code, chain_code, 32); + memcpy(out->private_key, private_key, 32); + hdnode_fill_public_key(out); + out->version_byte = version_byte; + hdnode_fill_address(out); +} + +void hdnode_from_seed(uint8_t version_byte, uint32_t version, uint8_t *seed, int seed_len, HDNode *out) +{ + uint8_t I[32 + 32]; + out->version = version; out->depth = 0; out->fingerprint = 0x00000000; out->child_num = 0; - // this can be done because private_key[32] and chain_code[32] - // form a continuous 64 byte block in the memory - hmac_sha512((uint8_t *)"Bitcoin seed", 12, seed, seed_len, out->private_key); + hmac_sha512((uint8_t *)"Bitcoin seed", 12, seed, seed_len, I); + memcpy(out->chain_code, I + 32, 32); + memcpy(out->private_key, I, 32); hdnode_fill_public_key(out); + out->version_byte = version_byte; hdnode_fill_address(out); } @@ -56,8 +70,8 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i) bn_read_be(inout->private_key, &a); hmac_sha512(inout->chain_code, 32, data, sizeof(data), I); - memcpy(inout->private_key, I, 32); memcpy(inout->chain_code, I + 32, 32); + memcpy(inout->private_key, I, 32); bn_read_be(inout->private_key, &b); bn_addmod(&a, &b, &order256k1); @@ -110,12 +124,12 @@ int hdnode_public_ckd(HDNode *inout, uint32_t i) return 1; } -void hdnode_fill_public_key(HDNode *xprv) +void hdnode_fill_public_key(HDNode *node) { - ecdsa_get_public_key33(xprv->private_key, xprv->public_key); + ecdsa_get_public_key33(node->private_key, node->public_key); } -void hdnode_fill_address(HDNode *xprv) +void hdnode_fill_address(HDNode *node) { - ecdsa_get_address(xprv->public_key, hdnode_coin_version, xprv->address); + ecdsa_get_address(node->public_key, node->version_byte, node->address); } diff --git a/bip32.h b/bip32.h index 605b182f62..a49ba85197 100644 --- a/bip32.h +++ b/bip32.h @@ -8,17 +8,18 @@ typedef struct { uint32_t depth; uint32_t fingerprint; uint32_t child_num; - uint8_t private_key[32]; uint8_t chain_code[32]; + uint8_t private_key[32]; uint8_t public_key[33]; + uint8_t version_byte; char address[35]; } HDNode; -extern uint8_t hdnode_coin_version; +void hdnode_from_xpub(uint8_t version_byte, uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *public_key, HDNode *out); -void hdnode_from_pub(uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *public_key, HDNode *out); +void hdnode_from_xprv(uint8_t version_byte, uint32_t version, uint32_t depth, uint32_t fingerprint, uint32_t child_num, uint8_t *chain_code, uint8_t *private_key, HDNode *out); -void hdnode_from_seed(uint8_t *seed, int seed_len, HDNode *out); +void hdnode_from_seed(uint8_t version_byte, uint32_t version, uint8_t *seed, int seed_len, HDNode *out); #define hdnode_private_ckd_prime(X, I) hdnode_private_ckd((X), ((I) | 0x80000000)) @@ -26,8 +27,8 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i); int hdnode_public_ckd(HDNode *inout, uint32_t i); -void hdnode_fill_public_key(HDNode *xprv); +void hdnode_fill_public_key(HDNode *node); -void hdnode_fill_address(HDNode *xprv); +void hdnode_fill_address(HDNode *node); #endif diff --git a/tests.c b/tests.c index 8ec319d0e3..779657e89c 100644 --- a/tests.c +++ b/tests.c @@ -80,7 +80,7 @@ START_TEST(test_bip32_vector_1) HDNode node; // init m - hdnode_from_seed(fromhex("000102030405060708090a0b0c0d0e0f"), 16, &node); + hdnode_from_seed(0x00, 0x0488B21E, fromhex("000102030405060708090a0b0c0d0e0f"), 16, &node); // [Chain m] ck_assert_int_eq(node.fingerprint, 0x00000000); @@ -138,7 +138,7 @@ START_TEST(test_bip32_vector_2) int r; // init m - hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); + hdnode_from_seed(0x00, 0x0488B21E, fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); // [Chain m] ck_assert_int_eq(node.fingerprint, 0x00000000); @@ -193,7 +193,7 @@ START_TEST(test_bip32_vector_2) ck_assert_str_eq(node.address, "14UKfRV9ZPUp6ZC9PLhqbRtxdihW9em3xt"); // init m - hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); + hdnode_from_seed(0x00, 0x0488B21E, fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); // test public derivation // [Chain m/0]