// rootXPrv takes a seed binary string and produces a new xprv.
function rootXPrv(seed){
- debugger
- let h = createHmac('sha512', Buffer.from('Root','utf8'))
+ let h = createHmac('sha512', Buffer.from('Root', 'utf8'))
.update(seed)
.digest();
const hL = h.slice(0, 32);
const hR = h.slice(32);
- // h.Write(seed)
- // h.Sum(xprv[:0])
- pruneRootScalar(hR);
+ pruneRootScalar(hL);
let xprv = new XPrv(Buffer.concat( [hL,hR]));
return xprv;
}
+exports.XPrv = XPrv;
exports.newXPrv = newXPrv;
exports.rootXPrv = rootXPrv;
return xpub;
};
-//
-// // Child derives a child xprv based on `selector` string and `hardened` flag.
-// // If `hardened` is false, child xpub can be derived independently
-// // from the parent xpub without using the parent xprv.
-// // If `hardened` is true, child key can only be derived from the parent xprv.
-// function (xprv XPrv) Child(sel []byte, hardened bool) XPrv {
-// if hardened {
-// return xprv.hardenedChild(sel)
-// }
-// return xprv.nonhardenedChild(sel)
-// }
-//
-// function (xprv XPrv) hardenedChild(sel []byte) (res XPrv) {
-// h := hmac.New(sha512.New, xprv[32:])
-// h.Write([]byte{'H'})
-// h.Write(xprv[:32])
-// h.Write(sel)
-// h.Sum(res[:0])
-// pruneRootScalar(res[:32])
-// return
-// }
-//
-// function (xprv XPrv) nonhardenedChild(sel []byte) (res XPrv) {
-// xpub := xprv.XPub()
-//
-// h := hmac.New(sha512.New, xpub[32:])
-// h.Write([]byte{'N'})
-// h.Write(xpub[:32])
-// h.Write(sel)
-// h.Sum(res[:0])
-//
-// pruneIntermediateScalar(res[:32])
-//
-// // Unrolled the following loop:
-// // var carry int
-// // carry = 0
-// // for i := 0; i < 32; i++ {
-// // sum := int(xprv[i]) + int(res[i]) + carry
-// // res[i] = byte(sum & 0xff)
-// // carry = (sum >> 8)
-// // }
-//
-// sum := int(0)
-//
-// sum = int(xprv[0]) + int(res[0]) + (sum >> 8)
-// res[0] = byte(sum & 0xff)
-// sum = int(xprv[1]) + int(res[1]) + (sum >> 8)
-// res[1] = byte(sum & 0xff)
-// sum = int(xprv[2]) + int(res[2]) + (sum >> 8)
-// res[2] = byte(sum & 0xff)
-// sum = int(xprv[3]) + int(res[3]) + (sum >> 8)
-// res[3] = byte(sum & 0xff)
-// sum = int(xprv[4]) + int(res[4]) + (sum >> 8)
-// res[4] = byte(sum & 0xff)
-// sum = int(xprv[5]) + int(res[5]) + (sum >> 8)
-// res[5] = byte(sum & 0xff)
-// sum = int(xprv[6]) + int(res[6]) + (sum >> 8)
-// res[6] = byte(sum & 0xff)
-// sum = int(xprv[7]) + int(res[7]) + (sum >> 8)
-// res[7] = byte(sum & 0xff)
-// sum = int(xprv[8]) + int(res[8]) + (sum >> 8)
-// res[8] = byte(sum & 0xff)
-// sum = int(xprv[9]) + int(res[9]) + (sum >> 8)
-// res[9] = byte(sum & 0xff)
-// sum = int(xprv[10]) + int(res[10]) + (sum >> 8)
-// res[10] = byte(sum & 0xff)
-// sum = int(xprv[11]) + int(res[11]) + (sum >> 8)
-// res[11] = byte(sum & 0xff)
-// sum = int(xprv[12]) + int(res[12]) + (sum >> 8)
-// res[12] = byte(sum & 0xff)
-// sum = int(xprv[13]) + int(res[13]) + (sum >> 8)
-// res[13] = byte(sum & 0xff)
-// sum = int(xprv[14]) + int(res[14]) + (sum >> 8)
-// res[14] = byte(sum & 0xff)
-// sum = int(xprv[15]) + int(res[15]) + (sum >> 8)
-// res[15] = byte(sum & 0xff)
-// sum = int(xprv[16]) + int(res[16]) + (sum >> 8)
-// res[16] = byte(sum & 0xff)
-// sum = int(xprv[17]) + int(res[17]) + (sum >> 8)
-// res[17] = byte(sum & 0xff)
-// sum = int(xprv[18]) + int(res[18]) + (sum >> 8)
-// res[18] = byte(sum & 0xff)
-// sum = int(xprv[19]) + int(res[19]) + (sum >> 8)
-// res[19] = byte(sum & 0xff)
-// sum = int(xprv[20]) + int(res[20]) + (sum >> 8)
-// res[20] = byte(sum & 0xff)
-// sum = int(xprv[21]) + int(res[21]) + (sum >> 8)
-// res[21] = byte(sum & 0xff)
-// sum = int(xprv[22]) + int(res[22]) + (sum >> 8)
-// res[22] = byte(sum & 0xff)
-// sum = int(xprv[23]) + int(res[23]) + (sum >> 8)
-// res[23] = byte(sum & 0xff)
-// sum = int(xprv[24]) + int(res[24]) + (sum >> 8)
-// res[24] = byte(sum & 0xff)
-// sum = int(xprv[25]) + int(res[25]) + (sum >> 8)
-// res[25] = byte(sum & 0xff)
-// sum = int(xprv[26]) + int(res[26]) + (sum >> 8)
-// res[26] = byte(sum & 0xff)
-// sum = int(xprv[27]) + int(res[27]) + (sum >> 8)
-// res[27] = byte(sum & 0xff)
-// sum = int(xprv[28]) + int(res[28]) + (sum >> 8)
-// res[28] = byte(sum & 0xff)
-// sum = int(xprv[29]) + int(res[29]) + (sum >> 8)
-// res[29] = byte(sum & 0xff)
-// sum = int(xprv[30]) + int(res[30]) + (sum >> 8)
-// res[30] = byte(sum & 0xff)
-// sum = int(xprv[31]) + int(res[31]) + (sum >> 8)
-// res[31] = byte(sum & 0xff)
-//
-// if (sum >> 8) != 0 {
-// panic("sum does not fit in 256-bit int")
-// }
-// return
-// }
-//
-// // Child derives a child xpub based on `selector` string.
-// // The corresponding child xprv can be derived from the parent xprv
-// // using non-hardened derivation: `parentxprv.Child(sel, false)`.
-// function (xpub XPub) Child(sel []byte) (res XPub) {
-// h := hmac.New(sha512.New, xpub[32:])
-// h.Write([]byte{'N'})
-// h.Write(xpub[:32])
-// h.Write(sel)
-// h.Sum(res[:0])
-//
-// pruneIntermediateScalar(res[:32])
-//
-// var (
-// f ecmath.Scalar
-// F ecmath.Point
-// )
-// copy(f[:], res[:32])
-// F.ScMulBase(&f)
-//
-// var (
-// pubkey [32]byte
-// P ecmath.Point
-// )
-// copy(pubkey[:], xpub[:32])
-// _, ok := P.Decode(pubkey)
-// if !ok {
-// panic("XPub should have been validated on initialization")
-// }
-//
-// P.Add(&P, &F)
-// pubkey = P.Encode()
-// copy(res[:32], pubkey[:])
-//
-// return
-// }
-//
-// // Derive generates a child xprv by recursively deriving
-// // non-hardened child xprvs over the list of selectors:
-// // `Derive([a,b,c,...]) == Child(a).Child(b).Child(c)...`
-// function (xprv XPrv) Derive(path [][]byte) XPrv {
-// res := xprv
-// for _, p := range path {
-// res = res.Child(p, false)
-// }
-// return res
-// }
-//
-// // Derive generates a child xpub by recursively deriving
-// // non-hardened child xpubs over the list of selectors:
-// // `Derive([a,b,c,...]) == Child(a).Child(b).Child(c)...`
-// function (xpub XPub) Derive(path [][]byte) XPub {
-// res := xpub
-// for _, p := range path {
-// res = res.Child(p)
-// }
-// return res
-// }
-//
-// // Sign creates an EdDSA signature using expanded private key
-// // derived from the xprv.
-// function (xprv XPrv) Sign(msg []byte) []byte {
-// return Ed25519InnerSign(xprv.ExpandedPrivateKey(), msg)
-// }
-//
-// // Verify checks an EdDSA signature using public key
-// // extracted from the first 32 bytes of the xpub.
-// function (xpub XPub) Verify(msg []byte, sig []byte) bool {
-// return ed25519.Verify(xpub.PublicKey(), msg, sig)
-// }
-//
-// // ExpandedPrivateKey generates a 64-byte key where
-// // the first half is the scalar copied from xprv,
-// // and the second half is the `prefix` is generated via PRF
-// // from the xprv.
-// function (xprv XPrv) ExpandedPrivateKey() ExpandedPrivateKey {
-// var res [64]byte
-// let h = createHmac('sha512', Buffer.from('Expand'));
-//
-// h.Write(xprv[:])
-// h.Sum(res[:0])
-// copy(res[:32], xprv[:32])
-// return res[:]
-// }
-//
-// // PublicKey extracts the ed25519 public key from an xpub.
-// function (xpub XPub) PublicKey() ed25519.PublicKey {
-// return ed25519.PublicKey(xpub[:32])
-// }
-// s must be >= 32 bytes long and gets rewritten in place.
-// This is NOT the same pruning as in Ed25519: it additionally clears the third
-// highest bit to ensure subkeys do not overflow the second highest bit.
function pruneRootScalar(s) {
s[0] &= 248;
s[31] &= 31; // clear top 3 bits
s[31] |= 64; // set second highest bit
}
-
-// // Clears lowest 3 bits and highest 23 bits of `f`.
-// function pruneIntermediateScalar(f) {
-// f[0] &= 248; // clear bottom 3 bits
-// f[29] &= 1; // clear 7 high bits
-// f[30] = 0; // clear 8 bits
-// f[31] = 0; // clear 8 bits
-// }