add support for array as phrase

Author: pharms-eth

Sources/Web3Core/KeystoreManager/BIP32HDNode.swift

@@ -22,12 +22,11 @@ extension UInt32 {
 }
 
 public class HDNode {
-    public struct HDversion {
-        // swiftlint:disable force_unwrapping
-        public var privatePrefix: Data = Data.fromHex("0x0488ADE4")!
-        public var publicPrefix: Data = Data.fromHex("0x0488B21E")!
-        // swiftlint:enable force_unwrapping
-        public init() {}
+
+    private struct HDversion{
+        public static var privatePrefix: Data? = Data.fromHex("0x0488ADE4")
+        public static var publicPrefix: Data? = Data.fromHex("0x0488B21E")
+
     }
     public var path: String? = "m"
     public var privateKey: Data?
@@ -40,11 +39,11 @@ public class HDNode {
         childNumber >= (UInt32(1) << 31)
     }
     public var index: UInt32 {
-            if self.isHardened {
-                return childNumber - (UInt32(1) << 31)
-            } else {
-                return childNumber
-            }
+        if self.isHardened {
+            return childNumber - (UInt32(1) << 31)
+        } else {
+            return childNumber
+        }
     }
     public var hasPrivate: Bool {
         privateKey != nil
@@ -65,7 +64,7 @@ public class HDNode {
         guard data.count == 82 else { return nil }
         let header = data[0..<4]
         var serializePrivate = false
-        if header == HDNode.HDversion().privatePrefix {
+        if header == HDversion.privatePrefix {
             serializePrivate = true
         }
         depth = data[4..<5].bytes[0]
@@ -90,25 +89,25 @@ public class HDNode {
 
     public init?(seed: Data) {
         guard seed.count >= 16 else { return nil }
-        // swiftlint:disable force_unwrapping
-        let hmacKey = "Bitcoin seed".data(using: .ascii)!
-        let hmac = HMAC(key: hmacKey.bytes, variant: HMAC.Variant.sha2(.sha512))
+
+        guard let hmacKey = "Bitcoin seed".data(using: .ascii) else { return nil }
+        let hmac:Authenticator = HMAC(key: hmacKey.bytes, variant: HMAC.Variant.sha2(.sha512))
+
         guard let entropy = try? hmac.authenticate(seed.bytes), entropy.count == 64 else { return nil }
         let I_L = entropy[0..<32]
         let I_R = entropy[32..<64]
         chaincode = Data(I_R)
         let privKeyCandidate = Data(I_L)
         guard SECP256K1.verifyPrivateKey(privateKey: privKeyCandidate) else { return nil }
         guard let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: privKeyCandidate, compressed: true) else { return nil }
-        guard pubKeyCandidate.bytes[0] == 0x02 || pubKeyCandidate.bytes[0] == 0x03 else { return nil }
+        guard pubKeyCandidate.bytes.first == 0x02 || pubKeyCandidate.bytes.first == 0x03 else { return nil }
         publicKey = pubKeyCandidate
         privateKey = privKeyCandidate
         depth = 0x00
         childNumber = UInt32(0)
     }
 
     private static var curveOrder = BigUInt("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", radix: 16)!
-    // swiftlint:enable force_unwrapping
     public static var defaultPath: String = "m/44'/60'/0'/0"
     public static var defaultPathPrefix: String = "m/44'/60'/0'"
     public static var defaultPathMetamask: String = "m/44'/60'/0'/0/0"
@@ -119,183 +118,184 @@ public class HDNode {
 extension HDNode {
     public func derive(index: UInt32, derivePrivateKey: Bool, hardened: Bool = false) -> HDNode? {
         if derivePrivateKey {
-            return self.derivePrivateKey(index: index, hardened: hardened)
-        } else {
-            return derivePublicKey(index: index, hardened: hardened)
+            return deriveWithPrivateKey(index: index, hardened: hardened)
+        } else { // deriving only the public key
+            return deriveWithoutPrivateKey(index: index, hardened: hardened)
         }
     }
 
-    public func derive(path: String, derivePrivateKey: Bool = true) -> HDNode? {
-        let components = path.components(separatedBy: "/")
-        var currentNode: HDNode = self
-        var firstComponent = 0
-        if path.hasPrefix("m") {
-            firstComponent = 1
+    public func deriveWithoutPrivateKey(index: UInt32, hardened: Bool = false) -> HDNode? {
+        var entropy: [UInt8] // derive public key when is itself public key
+        if index >= (UInt32(1) << 31) || hardened {
+            return nil // no derivation of hardened public key from extended public key
+        } else {
+            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
+            var inputForHMAC = Data()
+            inputForHMAC.append(self.publicKey)
+            inputForHMAC.append(index.serialize32())
+            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else {return nil }
+            guard ent.count == 64 else { return nil }
+            entropy = ent
         }
-        for component in components[firstComponent ..< components.count] {
-            var hardened = false
-            if component.hasSuffix("'") {
-                hardened = true
+        let I_L = entropy[0..<32]
+        let I_R = entropy[32..<64]
+        let cc = Data(I_R)
+        let bn = BigUInt(Data(I_L))
+        if bn > HDNode.curveOrder {
+            if index < UInt32.max {
+                return self.derive(index: index+1, derivePrivateKey: false, hardened: hardened)
             }
-            guard let index = UInt32(component.trimmingCharacters(in: CharacterSet(charactersIn: "'"))) else { return nil }
-            guard let newNode = currentNode.derive(index: index, derivePrivateKey: derivePrivateKey, hardened: hardened) else { return nil }
-            currentNode = newNode
+            return nil
         }
-        return currentNode
+        guard let tempKey = bn.serialize().setLengthLeft(32) else { return nil }
+        guard SECP256K1.verifyPrivateKey(privateKey: tempKey) else {return nil }
+        guard let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: tempKey, compressed: true) else { return nil }
+        guard pubKeyCandidate.bytes.first == 0x02 || pubKeyCandidate.bytes.first == 0x03 else { return nil }
+        guard let newPublicKey = SECP256K1.combineSerializedPublicKeys(keys: [self.publicKey, pubKeyCandidate], outputCompressed: true) else { return nil }
+        guard newPublicKey.bytes.first == 0x02 || newPublicKey.bytes.first == 0x03 else { return nil }
+        guard self.depth < UInt8.max else { return nil }
+        let newNode = HDNode()
+        newNode.chaincode = cc
+        newNode.depth = self.depth + 1
+        newNode.publicKey = newPublicKey
+        newNode.childNumber = index
+        guard let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4] else {
+            return nil
+        }
+        newNode.parentFingerprint = fprint
+        var newPath = String()
+        if newNode.isHardened {
+            newPath = (self.path ?? "") + "/"
+            newPath += String(newNode.index % HDNode.hardenedIndexPrefix) + "'"
+        } else {
+            newPath = (self.path ?? "") + "/" + String(newNode.index)
+        }
+        newNode.path = newPath
+        return newNode
     }
+    public func deriveWithPrivateKey(index: UInt32, hardened: Bool = false) -> HDNode? {
 
-    /// Derive public key when is itself private key.
-    /// Derivation of private key when is itself extended public key is impossible and will return `nil`.
-    private func derivePrivateKey(index: UInt32, hardened: Bool) -> HDNode? {
-        guard let privateKey = privateKey else {
-            // derive private key when is itself extended public key (impossible)
+        guard let privateKey = self.privateKey else {
             return nil
         }
-
-        var trueIndex = index
-        if trueIndex < (UInt32(1) << 31) && hardened {
-            trueIndex += (UInt32(1) << 31)
+        var entropy: [UInt8]
+        var trueIndex: UInt32
+        if index >= (UInt32(1) << 31) || hardened {
+            trueIndex = index
+            if trueIndex < (UInt32(1) << 31) {
+                trueIndex = trueIndex + (UInt32(1) << 31)
+            }
+            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
+            var inputForHMAC = Data()
+            inputForHMAC.append(Data([UInt8(0x00)]))
+            inputForHMAC.append(privateKey)
+            inputForHMAC.append(trueIndex.serialize32())
+            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else {return nil }
+            guard ent.count == 64 else { return nil }
+            entropy = ent
+        } else {
+            trueIndex = index
+            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
+            var inputForHMAC = Data()
+            inputForHMAC.append(self.publicKey)
+            inputForHMAC.append(trueIndex.serialize32())
+            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else {return nil }
+            guard ent.count == 64 else { return nil }
+            entropy = ent
         }
-
-        guard let entropy = calculateEntropy(index: trueIndex, privateKey: privateKey, hardened: hardened) else { return nil }
-
         let I_L = entropy[0..<32]
         let I_R = entropy[32..<64]
-        let chainCode = Data(I_R)
+        let cc = Data(I_R)
         let bn = BigUInt(Data(I_L))
         if bn > HDNode.curveOrder {
             if trueIndex < UInt32.max {
-                return self.derive(index: index + 1, derivePrivateKey: true, hardened: hardened)
+                return self.derive(index: index+1, derivePrivateKey: true, hardened: hardened)
             }
             return nil
         }
-        let newPK = (bn + BigUInt(privateKey)) % HDNode.curveOrder
+        let newPK = (bn + BigUInt(self.privateKey!)) % HDNode.curveOrder
         if newPK == BigUInt(0) {
             if trueIndex < UInt32.max {
-                return self.derive(index: index + 1, derivePrivateKey: true, hardened: hardened)
+                return self.derive(index: index+1, derivePrivateKey: true, hardened: hardened)
             }
             return nil
         }
-
-        guard
-            let newPrivateKey = newPK.serialize().setLengthLeft(32),
-            SECP256K1.verifyPrivateKey(privateKey: newPrivateKey),
-            let newPublicKey = SECP256K1.privateToPublic(privateKey: newPrivateKey, compressed: true),
-            (newPublicKey.bytes[0] == 0x02 || newPublicKey.bytes[0] == 0x03),
-            self.depth < UInt8.max
-        else { return nil }
-        return createNode(chainCode: chainCode, depth: depth + 1, publicKey: newPublicKey, privateKey: newPrivateKey, childNumber: trueIndex)
-    }
-
-    /// Derive public key when is itself public key.
-    /// No derivation of hardened public key from extended public key is allowed.
-    private func derivePublicKey(index: UInt32, hardened: Bool) -> HDNode? {
-        if index >= (UInt32(1) << 31) || hardened {
-            // no derivation of hardened public key from extended public key
-            return nil
-        }
-
-        guard let entropy = calculateEntropy(index: index, hardened: hardened) else { return nil }
-
-        let I_L = entropy[0..<32]
-        let I_R = entropy[32..<64]
-        let chainCode = Data(I_R)
-        let bn = BigUInt(Data(I_L))
-        if bn > HDNode.curveOrder {
-            if index < UInt32.max {
-                return self.derive(index: index+1, derivePrivateKey: false, hardened: hardened)
-            }
+        guard let privKeyCandidate = newPK.serialize().setLengthLeft(32) else { return nil }
+        guard SECP256K1.verifyPrivateKey(privateKey: privKeyCandidate) else {return nil }
+        guard let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: privKeyCandidate, compressed: true) else { return nil }
+        guard pubKeyCandidate.bytes[0] == 0x02 || pubKeyCandidate.bytes[0] == 0x03 else { return nil }
+        guard self.depth < UInt8.max else { return nil }
+        let newNode = HDNode()
+        newNode.chaincode = cc
+        newNode.depth = self.depth + 1
+        newNode.publicKey = pubKeyCandidate
+        newNode.privateKey = privKeyCandidate
+        newNode.childNumber = trueIndex
+        guard let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4] else {
             return nil
         }
-
-        guard
-            let tempKey = bn.serialize().setLengthLeft(32),
-            SECP256K1.verifyPrivateKey(privateKey: tempKey),
-            let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: tempKey, compressed: true),
-            (pubKeyCandidate.bytes[0] == 0x02 || pubKeyCandidate.bytes[0] == 0x03),
-            let newPublicKey = SECP256K1.combineSerializedPublicKeys(keys: [self.publicKey, pubKeyCandidate], outputCompressed: true),
-            (newPublicKey.bytes[0] == 0x02 || newPublicKey.bytes[0] == 0x03),
-            self.depth < UInt8.max
-        else { return nil }
-
-        return createNode(chainCode: chainCode, depth: depth + 1, publicKey: newPublicKey, childNumber: index)
-    }
-
-    private func createNode(chainCode: Data, depth: UInt8, publicKey: Data, privateKey: Data? = nil, childNumber: UInt32) -> HDNode? {
-        let newNode = HDNode()
-        newNode.chaincode = chainCode
-        newNode.depth = depth
-        newNode.publicKey = publicKey
-        newNode.privateKey = privateKey
-        newNode.childNumber = childNumber
-        guard
-            let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4],
-            let path = path
-        else { return nil }
         newNode.parentFingerprint = fprint
         var newPath = String()
         if newNode.isHardened {
-            newPath = path + "/"
+            newPath = self.path! + "/"
             newPath += String(newNode.index % HDNode.hardenedIndexPrefix) + "'"
         } else {
-            newPath = path + "/" + String(newNode.index)
+            newPath = self.path! + "/" + String(newNode.index)
         }
         newNode.path = newPath
         return newNode
+
     }
 
-    private func calculateHMACInput(_ index: UInt32, privateKey: Data? = nil, hardened: Bool) -> Data {
-        var inputForHMAC = Data()
+    public func derive(path: String, derivePrivateKey: Bool = true) -> HDNode? {
 
-        if let privateKey = privateKey, (index >= (UInt32(1) << 31) || hardened) {
-            inputForHMAC.append(Data([UInt8(0x00)]))
-            inputForHMAC.append(privateKey)
-        } else {
-            inputForHMAC.append(self.publicKey)
+        let components = path.components(separatedBy: "/")
+        var currentNode: HDNode = self
+        var firstComponent = 0
+        if path.hasPrefix("m") {
+            firstComponent = 1
         }
-
-        inputForHMAC.append(index.serialize32())
-        return inputForHMAC
+        for component in components[firstComponent ..< components.count] {
+            var hardened = false
+            if component.hasSuffix("'") {
+                hardened = true
+            }
+            guard let index = UInt32(component.trimmingCharacters(in: CharacterSet(charactersIn: "'"))) else { return nil }
+            guard let newNode = currentNode.derive(index: index, derivePrivateKey: derivePrivateKey, hardened: hardened) else { return nil }
+            currentNode = newNode
+        }
+        return currentNode
     }
 
-    /// Calculates entropy used for private or public key derivation.
-    /// - Parameters:
-    ///   - index: index
-    ///   - privateKey: private key data or `nil` if entropy is calculated for a public key;
-    ///   - hardened: is hardened key
-    /// - Returns: 64 bytes entropy or `nil`.
-    private func calculateEntropy(index: UInt32, privateKey: Data? = nil, hardened: Bool) -> [UInt8]? {
-        let inputForHMAC = calculateHMACInput(index, privateKey: privateKey, hardened: hardened)
-        let hmac = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
-        guard let entropy = try? hmac.authenticate(inputForHMAC.bytes), entropy.count == 64 else { return nil }
-        return entropy
+    public func serializeToString(serializePublic: Bool = true) -> String? {
+        guard let data = self.serialize(serializePublic: serializePublic) else { return nil }
+        let encoded = Base58.base58FromBytes(data.bytes)
+        return encoded
     }
 
-    public func serializeToString(serializePublic: Bool = true, version: HDversion = HDversion()) -> String? {
-        guard let data = self.serialize(serializePublic: serializePublic, version: version) else { return nil }
-        return Base58.base58FromBytes(data.bytes)
-    }
+    public func serialize(serializePublic: Bool = true) -> Data? {
 
-    public func serialize(serializePublic: Bool = true, version: HDversion = HDversion()) -> Data? {
         var data = Data()
-        /// Public or private key
-        let keyData: Data
+
+        guard serializePublic || privateKey != nil else {
+            return nil
+        }
+
         if serializePublic {
-            keyData = publicKey
-            data.append(version.publicPrefix)
+            data.append(HDversion.publicPrefix!)
         } else {
-            guard let privateKey = privateKey else { return nil }
-            keyData = privateKey
-            data.append(version.privatePrefix)
+            data.append(HDversion.privatePrefix!)
         }
-        data.append(contentsOf: [depth])
-        data.append(parentFingerprint)
-        data.append(childNumber.serialize32())
-        data.append(chaincode)
-        if !serializePublic {
+        data.append(contentsOf: [self.depth])
+        data.append(self.parentFingerprint)
+        data.append(self.childNumber.serialize32())
+        data.append(self.chaincode)
+        if serializePublic {
+            data.append(self.publicKey)
+        } else {
             data.append(contentsOf: [0x00])
+            data.append(self.privateKey!)
         }
-        data.append(keyData)
         let hashedData = data.sha256().sha256()
         let checksum = hashedData[0..<4]
         data.append(checksum)