Beispiel #1
0
        /// <summary>
        /// Recreates the private key of the parent from the private key of the child
        /// combinated with the public key of the parent (hardened children cannot be
        /// used to recreate the parent).
        /// </summary>
        public ExtKey GetParentExtKey(ExtPubKey parent)
        {
            if (parent == null)
            {
                throw new ArgumentNullException(nameof(parent));
            }
            if (Depth == 0)
            {
                throw new InvalidOperationException("This ExtKey is the root key of the HD tree");
            }
            if (IsHardened)
            {
                throw new InvalidOperationException("This private key is hardened, so you can't get its parent");
            }
            var expectedFingerPrint = parent.PubKey.GetHDFingerPrint();

            if (parent.Depth != this.Depth - 1 || expectedFingerPrint != parentFingerprint)
            {
                throw new ArgumentException("The parent ExtPubKey is not the immediate parent of this ExtKey", "parent");
            }
#if HAS_SPAN
            Span <byte> pubkey = stackalloc byte[33];
            Span <byte> l      = stackalloc byte[64];
            parent.PubKey.ToBytes(pubkey, out _);
            Hashes.BIP32Hash(parent.vchChainCode, nChild, pubkey[0], pubkey.Slice(1), l);
            var parse256LL = new Secp256k1.Scalar(l.Slice(0, 32), out int overflow);
            if (overflow != 0 || parse256LL.IsZero)
            {
                throw new InvalidOperationException("Invalid extkey (this should never happen)");
            }
            if (!l.Slice(32, 32).SequenceEqual(vchChainCode))
            {
                throw new InvalidOperationException("The derived chain code of the parent is not equal to this child chain code");
            }
            var kPar = this.PrivateKey._ECKey.sec + parse256LL.Negate();
            return(new ExtKey
            {
                vchChainCode = parent.vchChainCode,
                nDepth = parent.Depth,
                parentFingerprint = parent.ParentFingerprint,
                nChild = parent.nChild,
                key = new Key(new Secp256k1.ECPrivKey(kPar, this.PrivateKey._ECKey.ctx, true), true)
            });
#else
            byte[] l  = null;
            byte[] ll = new byte[32];
            byte[] lr = new byte[32];

            var pubKey = parent.PubKey.ToBytes();
            l = Hashes.BIP32Hash(parent.vchChainCode, nChild, pubKey[0], pubKey.SafeSubarray(1));
            Array.Copy(l, ll, 32);
            Array.Copy(l, 32, lr, 0, 32);
            var ccChild = lr;

            BigInteger parse256LL = new BigInteger(1, ll);
            BigInteger N          = ECKey.CURVE.N;

            if (!ccChild.SequenceEqual(vchChainCode))
            {
                throw new InvalidOperationException("The derived chain code of the parent is not equal to this child chain code");
            }

            var keyBytes = PrivateKey.ToBytes();
            var key      = new BigInteger(1, keyBytes);

            BigInteger kPar           = key.Add(parse256LL.Negate()).Mod(N);
            var        keyParentBytes = kPar.ToByteArrayUnsigned();
            if (keyParentBytes.Length < 32)
            {
                keyParentBytes = new byte[32 - keyParentBytes.Length].Concat(keyParentBytes).ToArray();
            }

            var parentExtKey = new ExtKey
            {
                vchChainCode      = parent.vchChainCode,
                nDepth            = parent.Depth,
                parentFingerprint = parent.ParentFingerprint,
                nChild            = parent.nChild,
                key = new Key(keyParentBytes)
            };
            return(parentExtKey);
#endif
        }