Derive transparent (t-addr) keys from the HD seed and add BIP39 mnemonic seed phrases that are byte-for-byte compatible with SilentDragonXLite, so the same 24 words recover the same shielded and transparent addresses in either wallet. HD transparent keys: - Derive t-keys from the seed at m/44'/coin'/0'/0/i (were random CKeys). - CHDChain gains a version-gated transparent counter; existing wallets load unchanged. GenerateNewKey routes through DeriveNewChildKey when enabled (-hdtransparent, default on). - Restore from a seed hex via -hdseed with gap-limit pre-derivation; birthday pinned to genesis so the rescan is not clipped. BIP39 seed phrases: - Wire the vendored trezor BIP39 lib (src/crypto/bip39) into the build, fix its BIP39_WORDS guard, and disable the insecure mnemonic cache. - Match SDXLite exactly: English wordlist, empty passphrase, PBKDF2 64-byte seed, coin type 141, ZIP-32 m/32'/141'/i' and BIP44 m/44'/141'/0'/0/i. Store the 32-byte entropy and expand to the 64-byte seed on demand. - Restore via -mnemonic, create via -usemnemonic, reveal via z_exportmnemonic. Verified by gtests including a known-answer BIP39 seed vector and z/t address derivation checks (src/gtest/test_hdtransparent.cpp, test_mnemonic_compat.cpp). Docs in doc/hd-transparent-keys.md and doc/seed-phrase.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
40 lines
1.8 KiB
C++
40 lines
1.8 KiB
C++
// Copyright (c) 2016-2024 The Hush developers
|
|
// Distributed under the GPLv3 software license, see the accompanying
|
|
// file COPYING or https://www.gnu.org/licenses/gpl-3.0.en.html
|
|
#ifndef HUSH_WALLET_MNEMONIC_H
|
|
#define HUSH_WALLET_MNEMONIC_H
|
|
|
|
#include <string>
|
|
|
|
#include "zcash/zip32.h" // RawHDSeed
|
|
|
|
// Thin, thread-safe C++ wrapper over the vendored BIP39 (trezor-crypto) library.
|
|
// It reproduces SilentDragonXLite's tiny-bip39 0.6.2 conventions EXACTLY so the
|
|
// same 24 words yield the same addresses in both wallets:
|
|
// - English wordlist only (byte-identical to tiny-bip39's english.txt)
|
|
// - empty BIP39 passphrase (no "25th word")
|
|
// - PBKDF2-HMAC-SHA512, 2048 rounds, 64-byte seed
|
|
// - the seed is derived from the CANONICAL phrase regenerated from entropy,
|
|
// matching SDXLite's Mnemonic::from_entropy(entropy).phrase() round-trip.
|
|
|
|
//! True if `phrase` is a valid BIP39 mnemonic (word list + checksum).
|
|
bool MnemonicIsValid(const std::string& phrase);
|
|
|
|
//! Parse `phrase` into its BIP39 entropy (16/20/24/28/32 bytes). Validates the
|
|
//! checksum first. Returns false on any invalid input.
|
|
bool MnemonicToEntropy(const std::string& phrase, RawHDSeed& entropyOut);
|
|
|
|
//! Regenerate the canonical English mnemonic phrase from `entropy`.
|
|
bool EntropyToMnemonic(const RawHDSeed& entropy, std::string& phraseOut);
|
|
|
|
//! Derive the 64-byte BIP39 seed used for HD derivation from `entropy`, exactly
|
|
//! as SilentDragonXLite does: canonical phrase from entropy, then PBKDF2 with an
|
|
//! empty passphrase.
|
|
bool Bip39SeedFromEntropy(const RawHDSeed& entropy, RawHDSeed& seed64Out);
|
|
|
|
//! Generate fresh BIP39 entropy of `bits` (128/160/192/224/256) from the node
|
|
//! CSPRNG, for creating a new mnemonic wallet.
|
|
bool GenerateMnemonicEntropy(int bits, RawHDSeed& entropyOut);
|
|
|
|
#endif // HUSH_WALLET_MNEMONIC_H
|