New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix BIP32 secret key derivation (child key < 32 bytes) in ergo-wallet #1636
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change works well for me with all mnemonics tested. (No code review)
@kushti this is probably important fix, please assign the milestone. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How the implementation is tested? What are possible effects for node users, in regards with p2pk and mining script addresses?
@aslesarenko How have you tested it? |
@kushti I'm not working on the issue, I just asked you to assign a milestone. |
@aslesarenko I need to understand how it is tested first |
I wrote unit tests for
Existing wallets should be loaded with old derivation. New and restored wallets ( I planned to look into splitting this PR into wallet lib PR and node PR as was discussed in #core recently. |
I have tested it in linked ergo-appkit build both manually and by unit tests, and used that build in ergoplatform/ergo-wallet-app#94 testing the derivations manually. |
less-than-32-bytes child key bug;
and fix BIP32 secret key derivation;
for wallet restore endpoint;
for new, restored and pre-1627(migration) wallets;
1171c2a
to
380384c
Compare
f3f5938
to
e1a40f8
Compare
e1a40f8
to
71f62a9
Compare
Ref #1627
This PR introduces the fix for incorrect BIP32 derivation in ergo-wallet lib only (child key less than 32 bytes, see #1627). #1841 is the PR enabling fixed derivation in the node's wallet.
Corresponding PR in ergo-appkit that uses updated
ergo-wallet
- ergoplatform/ergo-appkit#139Overview
The ergo node's behavior is unchanged, i.e., it uses pre-1627 derivation in all cases (init, restore wallets).
In ergo-wallet lib, use previous(incorrect) derivation when loading existing wallets (JSON key file loading) without
EncryptedSecret.usePre1627KeyDerivation
option set, fixed key derivation for new wallets and setEncryptedSecret.usePre1627KeyDerivation
, and explicitly ask for key derivation type to be used for the wallets restored from mnemonic.Implementation details
The added
ExtendedSecretKey.usePre1627KeyDerivation
boolean option determines the behaviour ofExtendedSecretKey.deriveChildSecretKey(...)
secret key derivation. It is set viaExtendedSecretKey.deriveMasterKey(...)
which is a sort of a "constructor" method forExtendedSecretKey
class.For user wallets stored in
JsonSecretStorage
a newusePre1627KeyDerivation
argument added torestore
and underlyinginit
methods. It's effectively set tofalse
for new wallets and expected to be set for restored wallets. The option is stored asEncryptedSecret.usePre1627KeyDerivation
optional property, which is set totrue
on loading if it's not found in the JSON file, thus making existing wallets use previous(incorrect) key derivation.Breaking changes(for release notes):
ergo-wallet
ExtendedSecretKey.deriveMasterKey
has addedusePre1627KeyDerivation
parameter;JsonSecretStorage.init
andrestore
has addedusePre1627KeyDerivation
parameter;