revert changes

Author: pharms-eth

Sources/Web3Core/KeystoreManager/BIP32HDNode.swift

@@ -128,121 +128,118 @@ public class HDNode {
 extension HDNode {
     public func derive(index: UInt32, derivePrivateKey: Bool, hardened: Bool = false) -> HDNode? {
         if derivePrivateKey {
-            return deriveWithPrivateKey(index: index, hardened: hardened)
-        } else { // deriving only the public key
-            return deriveWithoutPrivateKey(index: index, hardened: hardened)
+            return self.derivePrivateKey(index: index, hardened: hardened)
+        } else {
+            return derivePublicKey(index: index, hardened: hardened)
         }
     }
 
-    public func deriveWithoutPrivateKey(index: UInt32, hardened: Bool = false) -> HDNode? {
-        var entropy: [UInt8] // derive public key when is itself public key
-        if index >= Self.maxIterationIndex || hardened {
-            return nil // no derivation of hardened public key from extended public key
-        } else {
-            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
-            var inputForHMAC = Data()
-            inputForHMAC.append(self.publicKey)
-            inputForHMAC.append(index.serialize32())
-            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else { return nil }
-            guard ent.count == 64 else { return nil }
-            entropy = ent
+    public func derive(path: String, derivePrivateKey: Bool = true) -> HDNode? {
+        let components = path.components(separatedBy: "/")
+        var currentNode: HDNode = self
+        var firstComponent = 0
+        if path.hasPrefix("m") {
+            firstComponent = 1
         }
-        let I_L = entropy[0..<32]
-        let I_R = entropy[32..<64]
-        let cc = Data(I_R)
-        let bn = BigUInt(Data(I_L))
-        if bn > HDNode.curveOrder {
-            if index < UInt32.max {
-                return self.derive(index: index+1, derivePrivateKey: false, hardened: hardened)
+        for component in components[firstComponent ..< components.count] {
+            var hardened = false
+            if component.hasSuffix("'") {
+                hardened = true
             }
-            return nil
-        }
-        guard let tempKey = bn.serialize().setLengthLeft(32) else { return nil }
-        guard SECP256K1.verifyPrivateKey(privateKey: tempKey) else { return nil }
-        guard let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: tempKey, compressed: true) else { return nil }
-        guard pubKeyCandidate.bytes.first == 0x02 || pubKeyCandidate.bytes.first == 0x03 else { return nil }
-        guard let newPublicKey = SECP256K1.combineSerializedPublicKeys(keys: [self.publicKey, pubKeyCandidate], outputCompressed: true) else { return nil }
-        guard newPublicKey.bytes.first == 0x02 || newPublicKey.bytes.first == 0x03 else { return nil }
-        guard self.depth < UInt8.max else { return nil }
-        let newNode = HDNode()
-        newNode.chaincode = cc
-        newNode.depth = self.depth + 1
-        newNode.publicKey = newPublicKey
-        newNode.childNumber = index
-        guard let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4] else {
-            return nil
-        }
-        newNode.parentFingerprint = fprint
-        var newPath = String()
-        if newNode.isHardened {
-            newPath = (self.path ?? "") + "/"
-            newPath += String(newNode.index % HDNode.hardenedIndexPrefix) + "'"
-        } else {
-            newPath = (self.path ?? "") + "/" + String(newNode.index)
+            guard let index = UInt32(component.trimmingCharacters(in: CharacterSet(charactersIn: "'"))) else { return nil }
+            guard let newNode = currentNode.derive(index: index, derivePrivateKey: derivePrivateKey, hardened: hardened) else { return nil }
+            currentNode = newNode
         }
-        newNode.path = newPath
-        return newNode
+        return currentNode
     }
-    public func deriveWithPrivateKey(index: UInt32, hardened: Bool = false) -> HDNode? {
 
-        guard let privateKey = self.privateKey else {
+    /// Derive public key when is itself private key.
+    /// Derivation of private key when is itself extended public key is impossible and will return `nil`.
+    private func derivePrivateKey(index: UInt32, hardened: Bool) -> HDNode? {
+        guard let privateKey = privateKey else {
+            // derive private key when is itself extended public key (impossible)
             return nil
         }
-        var entropy: [UInt8]
-        var trueIndex: UInt32
-        if index >= Self.maxIterationIndex || hardened {
-            trueIndex = index
-            if trueIndex < Self.maxIterationIndex {
-                trueIndex = trueIndex + Self.maxIterationIndex
-            }
-            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
-            var inputForHMAC = Data()
-            inputForHMAC.append(Data([UInt8(0x00)]))
-            inputForHMAC.append(privateKey)
-            inputForHMAC.append(trueIndex.serialize32())
-            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else { return nil }
-            guard ent.count == 64 else { return nil }
-            entropy = ent
-        } else {
-            trueIndex = index
-            let hmac: Authenticator = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
-            var inputForHMAC = Data()
-            inputForHMAC.append(self.publicKey)
-            inputForHMAC.append(trueIndex.serialize32())
-            guard let ent = try? hmac.authenticate(inputForHMAC.bytes) else { return nil }
-            guard ent.count == 64 else { return nil }
-            entropy = ent
+
+        var trueIndex = index
+        if trueIndex < (UInt32(1) << 31) && hardened {
+            trueIndex += (UInt32(1) << 31)
         }
+
+        guard let entropy = calculateEntropy(index: trueIndex, privateKey: privateKey, hardened: hardened) else { return nil }
+
         let I_L = entropy[0..<32]
         let I_R = entropy[32..<64]
-        let cc = Data(I_R)
+        let chainCode = Data(I_R)
         let bn = BigUInt(Data(I_L))
         if bn > HDNode.curveOrder {
             if trueIndex < UInt32.max {
-                return self.derive(index: index+1, derivePrivateKey: true, hardened: hardened)
+                return self.derive(index: index + 1, derivePrivateKey: true, hardened: hardened)
             }
             return nil
         }
-        let newPK = (bn + BigUInt(self.privateKey!)) % HDNode.curveOrder
+        let newPK = (bn + BigUInt(privateKey)) % HDNode.curveOrder
         if newPK == BigUInt(0) {
             if trueIndex < UInt32.max {
-                return self.derive(index: index+1, derivePrivateKey: true, hardened: hardened)
+                return self.derive(index: index + 1, derivePrivateKey: true, hardened: hardened)
             }
             return nil
         }
-        guard let privKeyCandidate = newPK.serialize().setLengthLeft(32) else { return nil }
-        guard SECP256K1.verifyPrivateKey(privateKey: privKeyCandidate) else { return nil }
-        guard let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: privKeyCandidate, compressed: true) else { return nil }
-        guard pubKeyCandidate.bytes[0] == 0x02 || pubKeyCandidate.bytes[0] == 0x03 else { return nil }
-        guard self.depth < UInt8.max else { return nil }
+
+        guard
+            let newPrivateKey = newPK.serialize().setLengthLeft(32),
+            SECP256K1.verifyPrivateKey(privateKey: newPrivateKey),
+            let newPublicKey = SECP256K1.privateToPublic(privateKey: newPrivateKey, compressed: true),
+            (newPublicKey.bytes[0] == 0x02 || newPublicKey.bytes[0] == 0x03),
+            self.depth < UInt8.max
+        else { return nil }
+        return createNode(chainCode: chainCode, depth: depth + 1, publicKey: newPublicKey, privateKey: newPrivateKey, childNumber: trueIndex)
+    }
+
+    /// Derive public key when is itself public key.
+    /// No derivation of hardened public key from extended public key is allowed.
+    private func derivePublicKey(index: UInt32, hardened: Bool) -> HDNode? {
+        if index >= (UInt32(1) << 31) || hardened {
+            // no derivation of hardened public key from extended public key
+            return nil
+        }
+
+        guard let entropy = calculateEntropy(index: index, hardened: hardened) else { return nil }
+
+        let I_L = entropy[0..<32]
+        let I_R = entropy[32..<64]
+        let chainCode = Data(I_R)
+        let bn = BigUInt(Data(I_L))
+        if bn > HDNode.curveOrder {
+            if index < UInt32.max {
+                return self.derive(index: index+1, derivePrivateKey: false, hardened: hardened)
+            }
+            return nil
+        }
+
+        guard
+            let tempKey = bn.serialize().setLengthLeft(32),
+            SECP256K1.verifyPrivateKey(privateKey: tempKey),
+            let pubKeyCandidate = SECP256K1.privateToPublic(privateKey: tempKey, compressed: true),
+            (pubKeyCandidate.bytes[0] == 0x02 || pubKeyCandidate.bytes[0] == 0x03),
+            let newPublicKey = SECP256K1.combineSerializedPublicKeys(keys: [self.publicKey, pubKeyCandidate], outputCompressed: true),
+            (newPublicKey.bytes[0] == 0x02 || newPublicKey.bytes[0] == 0x03),
+            self.depth < UInt8.max
+        else { return nil }
+
+        return createNode(chainCode: chainCode, depth: depth + 1, publicKey: newPublicKey, childNumber: index)
+    }
+
+    private func createNode(chainCode: Data, depth: UInt8, publicKey: Data, privateKey: Data? = nil, childNumber: UInt32) -> HDNode? {
         let newNode = HDNode()
-        newNode.chaincode = cc
-        newNode.depth = self.depth + 1
-        newNode.publicKey = pubKeyCandidate
-        newNode.privateKey = privKeyCandidate
-        newNode.childNumber = trueIndex
-        guard let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4],
-              let path = path
+        newNode.chaincode = chainCode
+        newNode.depth = depth
+        newNode.publicKey = publicKey
+        newNode.privateKey = privateKey
+        newNode.childNumber = childNumber
+        guard
+            let fprint = try? RIPEMD160.hash(message: self.publicKey.sha256())[0..<4],
+            let path = path
         else { return nil }
         newNode.parentFingerprint = fprint
         var newPath = String()
@@ -254,58 +251,60 @@ extension HDNode {
         }
         newNode.path = newPath
         return newNode
-
     }
 
-    public func derive(path: String, derivePrivateKey: Bool = true) -> HDNode? {
+    private func calculateHMACInput(_ index: UInt32, privateKey: Data? = nil, hardened: Bool) -> Data {
+        var inputForHMAC = Data()
 
-        let components = path.components(separatedBy: "/")
-        var currentNode: HDNode = self
-        var firstComponent = 0
-        if path.hasPrefix("m") {
-            firstComponent = 1
-        }
-        for component in components[firstComponent ..< components.count] {
-            var hardened = false
-            if component.hasSuffix("'") {
-                hardened = true
-            }
-            guard let index = UInt32(component.trimmingCharacters(in: CharacterSet(charactersIn: "'"))) else { return nil }
-            guard let newNode = currentNode.derive(index: index, derivePrivateKey: derivePrivateKey, hardened: hardened) else { return nil }
-            currentNode = newNode
+        if let privateKey = privateKey, (index >= (UInt32(1) << 31) || hardened) {
+            inputForHMAC.append(Data([UInt8(0x00)]))
+            inputForHMAC.append(privateKey)
+        } else {
+            inputForHMAC.append(self.publicKey)
         }
-        return currentNode
+
+        inputForHMAC.append(index.serialize32())
+        return inputForHMAC
     }
 
-    public func serializeToString(serializePublic: Bool = true) -> String? {
-        guard let data = self.serialize(serializePublic: serializePublic) else { return nil }
-        let encoded = Base58.base58FromBytes(data.bytes)
-        return encoded
+    /// Calculates entropy used for private or public key derivation.
+    /// - Parameters:
+    ///   - index: index
+    ///   - privateKey: private key data or `nil` if entropy is calculated for a public key;
+    ///   - hardened: is hardened key
+    /// - Returns: 64 bytes entropy or `nil`.
+    private func calculateEntropy(index: UInt32, privateKey: Data? = nil, hardened: Bool) -> [UInt8]? {
+        let inputForHMAC = calculateHMACInput(index, privateKey: privateKey, hardened: hardened)
+        let hmac = HMAC(key: self.chaincode.bytes, variant: .sha2(.sha512))
+        guard let entropy = try? hmac.authenticate(inputForHMAC.bytes), entropy.count == 64 else { return nil }
+        return entropy
     }
 
-    public func serialize(serializePublic: Bool = true) -> Data? {
+    public func serializeToString(serializePublic: Bool = true, version: HDversion = HDversion()) -> String? {
+        guard let data = self.serialize(serializePublic: serializePublic, version: version) else { return nil }
+        return Base58.base58FromBytes(data.bytes)
+    }
 
+    public func serialize(serializePublic: Bool = true, version: HDversion = HDversion()) -> Data? {
         var data = Data()
-
-        guard serializePublic || privateKey != nil else {
-            return nil
-        }
-
+        /// Public or private key
+        let keyData: Data
         if serializePublic {
-            data.append(HDversion.publicPrefix)
+            keyData = publicKey
+            data.append(version.publicPrefix)
         } else {
-            data.append(HDversion.privatePrefix)
+            guard let privateKey = privateKey else { return nil }
+            keyData = privateKey
+            data.append(version.privatePrefix)
         }
-        data.append(contentsOf: [self.depth])
-        data.append(self.parentFingerprint)
-        data.append(self.childNumber.serialize32())
-        data.append(self.chaincode)
-        if serializePublic {
-            data.append(self.publicKey)
-        } else {
+        data.append(contentsOf: [depth])
+        data.append(parentFingerprint)
+        data.append(childNumber.serialize32())
+        data.append(chaincode)
+        if !serializePublic {
             data.append(contentsOf: [0x00])
-            data.append(self.privateKey!)
         }
+        data.append(keyData)
         let hashedData = data.sha256().sha256()
         let checksum = hashedData[0..<4]
         data.append(checksum)