sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-26 04:22:55 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
458384ab93
dash/src/wallet/bip39.cpp
laanwj e9f5b4b735
Merge bitcoin/bitcoin#24213: refactor: use Span in random.* 
3ae7791bcaa88f5c68592673b8926ee807242ce7 refactor: use Span in random.* (pasta)

Pull request description:

  ~This PR does two things~
  1. use a Span<unsigned char> for GetRandBytes and GetStrongRandBytes

  ~2. make GetRand a template for which any integral type can be used, where the default behavior is to return a random integral up to the max of the integral unless a max is provided.
  This simplifies a lot of code from `GetRand(std::numeric_limits<uint64_t>::max()` -> `GetRand<uint64_t>()`~

  MarcoFalke this was inspired by your comment here: https://github.com/bitcoin/bitcoin/pull/24185#issuecomment-1025514263 about using Span, so hopefully I'll be able to get this PR done and merged 😂

  ~Also, if requested I could revert the `GetRand(std::numeric_limits<uint64_t>::max()` -> `GetRand<uint64_t>()` related changes if it ends up causing too many conflicts~

ACKs for top commit:
  laanwj:
    Thank you! Code review re-ACK 3ae7791bcaa88f5c68592673b8926ee807242ce7

Tree-SHA512: 12375a83b68b288916ba0de81cfcab4aac14389a66a36811ae850427435eb67dd55e47df9ac3ec47db4e214f4330139e548bec815fff8a3f571484ea558dca79
2024-06-06 22:58:30 -05:00

150 lines
4.7 KiB
C++
Raw Blame History

/**
* Copyright (c) 2013-2014 Tomas Dzetkulic
* Copyright (c) 2013-2014 Pavol Rusnak
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
// Source:
// https://github.com/trezor/trezor-crypto
#include <wallet/bip39.h>
#include <wallet/bip39_english.h>
#include <crypto/pkcs5_pbkdf2_hmac_sha512.h>
#include <crypto/sha256.h>
#include <random.h>
SecureString CMnemonic::Generate(int strength)
{
if (strength % 32 || strength < 128 || strength > 256) {
return SecureString();
}
SecureVector data(32);
GetStrongRandBytes({data.data(), 32});
SecureString mnemonic = FromData(data, strength / 8);
return mnemonic;
}
// SecureString CMnemonic::FromData(const uint8_t *data, int len)
SecureString CMnemonic::FromData(const SecureVector& data, int len)
{
if (len % 4 || len < 16 || len > 32) {
return SecureString();
}
SecureVector checksum(32);
CSHA256().Write(data.data(), len).Finalize(checksum.data());
// data
SecureVector bits(len);
memcpy(bits.data(), data.data(), len);
// checksum
bits.push_back(checksum[0]);
int mlen = len * 3 / 4;
SecureString mnemonic;
for (int i = 0; i < mlen; i++) {
int idx = 0;
for (int j = 0; j < 11; j++) {
idx <<= 1;
idx += (bits[(i * 11 + j) / 8] & (1 << (7 - ((i * 11 + j) % 8)))) > 0;
}
mnemonic.append(wordlist[idx]);
if (i < mlen - 1) {
mnemonic += ' ';
}
}
return mnemonic;
}
bool CMnemonic::Check(const SecureString& mnemonic)
{
if (mnemonic.empty()) {
return false;
}
uint32_t nWordCount{};
for (size_t i = 0; i < mnemonic.size(); ++i) {
if (mnemonic[i] == ' ') {
nWordCount++;
}
}
nWordCount++;
// check number of words
if (nWordCount % 3 != 0 || nWordCount < 12 || nWordCount > 24) {
return false;
}
SecureString ssCurrentWord;
SecureVector bits(32 + 1);
uint32_t ki, nBitsCount{};
for (size_t i = 0; i < mnemonic.size(); ++i)
{
ssCurrentWord = "";
while (i + ssCurrentWord.size() < mnemonic.size() && mnemonic[i + ssCurrentWord.size()] != ' ') {
if (ssCurrentWord.size() >= 9) {
return false;
}
ssCurrentWord += mnemonic[i + ssCurrentWord.size()];
}
i += ssCurrentWord.size();
uint32_t nWordIndex = 0;
for (;;) {
if (!wordlist[nWordIndex]) { // word not found
return false;
}
if (ssCurrentWord == wordlist[nWordIndex]) { // word found on index nWordIndex
for (ki = 0; ki < 11; ki++) {
if (nWordIndex & (1 << (10 - ki))) {
bits[nBitsCount / 8] |= 1 << (7 - (nBitsCount % 8));
}
nBitsCount++;
}
break;
}
nWordIndex++;
}
}
if (nBitsCount != nWordCount * 11) {
return false;
}
bits[32] = bits[nWordCount * 4 / 3];
CSHA256().Write(bits.data(), nWordCount * 4 / 3).Finalize(bits.data());
const char checksum_length = nWordCount / 3;
const char mask = (2 ^ checksum_length) << (8 - checksum_length);
return (bits[0] & mask) == (bits[32] & mask);
}
// passphrase must be at most 256 characters otherwise it would be truncated
void CMnemonic::ToSeed(const SecureString& mnemonic, const SecureString& passphrase, SecureVector& seedRet)
{
SecureString ssSalt = SecureString("mnemonic") + passphrase;
SecureVector vchSalt(ssSalt.begin(), ssSalt.begin() + strnlen(ssSalt.data(), 256));
seedRet.resize(64);
PKCS5_PBKDF2_HMAC_SHA512(mnemonic.c_str(), mnemonic.size(), vchSalt.data(), vchSalt.size(), 2048, 64, seedRet.data());
}
Reference in New Issue View Git Blame Copy Permalink