private static string GenerateWif(string passphrase, Network network, LotSequence lotsequence, byte[] ownersalt)
{
bool hasLotSequence = lotsequence != null;
//ownersalt is 8 random bytes
ownersalt = ownersalt ?? RandomUtils.GetBytes(8);
var ownerEntropy = ownersalt;
if (hasLotSequence)
{
ownersalt = ownersalt.Take(4).ToArray();
ownerEntropy = ownersalt.Concat(lotsequence.ToBytes()).ToArray();
}
var prefactor = SCrypt.CoinComputeDerivedKey(Encoding.UTF8.GetBytes(passphrase), ownersalt, 32);
var passfactor = prefactor;
if (hasLotSequence)
{
passfactor = Hashes.Hash256(prefactor.Concat(ownerEntropy).ToArray()).ToBytes();
}
var passpoint = new CCKey(passfactor, fCompressedIn: true).PubKey.ToBytes();
var bytes =
network.GetVersionBytes(Network.BASE58_PASSPHRASE_CODE, true)
.Concat(new[] { hasLotSequence ? (byte)0x51 : (byte)0x53 })
.Concat(ownerEntropy)
.Concat(passpoint)
.ToArray();
return(Encoders.Base58Check.EncodeData(bytes));
}
private static string GenerateWif(CCKey key, string password, Network network)
{
var vch = key.ToBytes();
//Compute the Coin address (ASCII),
var addressBytes = Encoders.ASCII.DecodeData(key.PubKey.GetAddress(network).ToString());
// and take the first four bytes of SHA256(SHA256()) of it. Let's call this "addresshash".
var addresshash = Hashes.Hash256(addressBytes).ToBytes().SafeSubarray(0, 4);
var derived = SCrypt.CoinComputeDerivedKey(Encoding.UTF8.GetBytes(password), addresshash);
var encrypted = EncryptKey(vch, derived);
var version = network.GetVersionBytes(Network.BASE58_ENCRYPTED_SECRET_KEY_NO_EC, true);
byte flagByte = 0;
flagByte |= 0x0C0;
flagByte |= (key.IsCompressed ? (byte)0x20 : (byte)0x00);
var bytes = version
.Concat(new[] { flagByte })
.Concat(addresshash)
.Concat(encrypted).ToArray();
return(Encoders.Base58Check.EncodeData(bytes));
}
public PubKey Uncover(CCKey priv, PubKey pub)
{
var curve = ECKey.Secp256k1;
var hash = GetStealthSharedSecret(priv, pub);
//Q' = Q + cG
var qprim = curve.G.Multiply(new BigInteger(1, hash)).Add(curve.Curve.DecodePoint(this.ToBytes()));
return(new PubKey(qprim.GetEncoded()).Compress(this.IsCompressed));
}
public static byte[] GetStealthSharedSecret(CCKey priv, PubKey pub)
{
var curve = ECKey.Secp256k1;
var pubec = curve.Curve.DecodePoint(pub.ToBytes());
var p = pubec.Multiply(new BigInteger(1, priv.ToBytes()));
var pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes();
var hash = Hashes.SHA256(pBytes);
return(hash);
}
//public TransactionSignature Sign(uint256 hash, SigHash sigHash)
//{
// return new TransactionSignature(Sign(hash), sigHash);
//}
public override bool Equals(object obj)
{
CCKey item = obj as CCKey;
if (item == null)
{
return(false);
}
return(PubKey.Equals(item.PubKey));
}
private static byte[] ToBytes(CCKey key)
{
var keyBytes = key.ToBytes();
if (!key.IsCompressed)
{
return(keyBytes);
}
else
{
return(keyBytes.Concat(new byte[] { 0x01 }).ToArray());
}
}
public CCKey GetCCKey(long aIndex)
{
CCKey lKey;
if (aIndex == 0)
{
lKey = new CCKey(Encoding.ASCII.GetBytes(GetIndexKey(aIndex)));
}
else
{
lKey = new CCKey(HexStringToByteArray(GetIndexKey(aIndex)));
}
return(lKey);
}
public override CCKey GetKey(string password)
{
var derived = SCrypt.CoinComputeDerivedKey(password, AddressHash);
var lCoinprivkey = DecryptKey(Encrypted, derived);
var key = new CCKey(lCoinprivkey, fCompressedIn: IsCompressed);
var addressBytes = Encoders.ASCII.DecodeData(key.PubKey.GetAddress(Network).ToString());
var salt = Hashes.Hash256(addressBytes).ToBytes().SafeSubarray(0, 4);
if (!Utils.ArrayEqual(salt, AddressHash))
{
throw new SecurityException("Invalid password (or invalid Network)");
}
return(key);
}
public CCKey Uncover(CCKey scan, PubKey ephem)
{
var curve = ECKey.Secp256k1;
var priv = new BigInteger(1, PubKey.GetStealthSharedSecret(scan, ephem))
.Add(new BigInteger(1, this.ToBytes()))
.Mod(curve.N)
.ToByteArrayUnsigned();
if (priv.Length < 32)
{
priv = new byte[32 - priv.Length].Concat(priv).ToArray();
}
var key = new CCKey(priv, fCompressedIn: this.IsCompressed);
return(key);
}
/// <summary>
/// Exchange shared secret through ECDH
/// </summary>
/// <param name="key">Private key</param>
/// <returns>Shared secret</returns>
public byte[] GetSharedSecret(CCKey key)
{
var pub = _ECKey.GetPublicKeyParameters();
var privKey = key._ECKey.PrivateKey;
if (!pub.Parameters.Equals(privKey.Parameters))
{
throw new InvalidOperationException("ECDH public key has wrong domain parameters");
}
ECPoint q = pub.Q.Multiply(privKey.D).Normalize();
if (q.IsInfinity)
{
throw new InvalidOperationException("Infinity is not a valid agreement value for ECDH");
}
var pubkey = ECKey.Secp256k1.Curve.CreatePoint(q.XCoord.ToBigInteger(), q.YCoord.ToBigInteger()).GetEncoded(true);
return(Hashes.SHA256(pubkey));
}
public override CCKey GetKey(string password)
{
var encrypted = PartialEncrypted.ToArray();
//Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint
byte[] passfactor = CalculatePassFactor(password, LotSequence, OwnerEntropy);
var passpoint = CalculatePassPoint(passfactor);
var derived = SCrypt.CoinComputeDerivedKey2(passpoint, this.AddressHash.Concat(this.OwnerEntropy).ToArray());
//Decrypt encryptedpart1 to yield the remainder of seedb.
var seedb = DecryptSeed(encrypted, derived);
var factorb = Hashes.Hash256(seedb).ToBytes();
var curve = ECKey.Secp256k1;
//Multiply passfactor by factorb mod N to yield the private key associated with generatedaddress.
var keyNum = new BigInteger(1, passfactor).Multiply(new BigInteger(1, factorb)).Mod(curve.N);
var keyBytes = keyNum.ToByteArrayUnsigned();
if (keyBytes.Length < 32)
{
keyBytes = new byte[32 - keyBytes.Length].Concat(keyBytes).ToArray();
}
var key = new CCKey(keyBytes, fCompressedIn: IsCompressed);
var generatedaddress = key.PubKey.GetAddress(Network);
var addresshash = HashAddress(generatedaddress);
if (!Utils.ArrayEqual(addresshash, AddressHash))
{
throw new SecurityException("Invalid password (or invalid Network)");
}
return(key);
}
public CoinSecret(CCKey key, Network network)
: base(ToBytes(key), network)
{
}
public EncryptedKeyResult GenerateEncryptedSecret(bool isCompressed = true, byte[] seedb = null)
{
//Set flagbyte.
byte flagByte = 0;
//Turn on bit 0x20 if the Coin address will be formed by hashing the compressed public key
flagByte |= isCompressed ? (byte)0x20 : (byte)0x00;
flagByte |= LotSequence != null ? (byte)0x04 : (byte)0x00;
//Generate 24 random bytes, call this seedb. Take SHA256(SHA256(seedb)) to yield 32 bytes, call this factorb.
seedb = seedb ?? RandomUtils.GetBytes(24);
var factorb = Hashes.Hash256(seedb).ToBytes();
//ECMultiply passpoint by factorb.
var curve = ECKey.Secp256k1;
var passpoint = curve.Curve.DecodePoint(Passpoint);
var pubPoint = passpoint.Multiply(new BigInteger(1, factorb));
//Use the resulting EC point as a public key
var pubKey = new PubKey(pubPoint.GetEncoded());
//and hash it into a Coin address using either compressed or uncompressed public key
//This is the generated Coin address, call it generatedaddress.
pubKey = isCompressed ? pubKey.Compress() : pubKey.Decompress();
//call it generatedaddress.
var generatedaddress = pubKey.GetAddress(Network);
//Take the first four bytes of SHA256(SHA256(generatedaddress)) and call it addresshash.
var addresshash = CoinEncryptedSecretEC.HashAddress(generatedaddress);
//Derive a second key from passpoint using scrypt
//salt is addresshash + ownerentropy
var derived = CoinEncryptedSecretEC.CalculateDecryptionKey(Passpoint, addresshash, OwnerEntropy);
//Now we will encrypt seedb.
var encrypted = CoinEncryptedSecret.EncryptSeed
(seedb,
derived);
//0x01 0x43 + flagbyte + addresshash + ownerentropy + encryptedpart1[0...7] + encryptedpart2 which totals 39 bytes
var bytes =
new[] { flagByte }
.Concat(addresshash)
.Concat(this.OwnerEntropy)
.Concat(encrypted.Take(8).ToArray())
.Concat(encrypted.Skip(16).ToArray())
.ToArray();
var encryptedSecret = new CoinEncryptedSecretEC(bytes, Network);
return(new EncryptedKeyResult(encryptedSecret, generatedaddress, seedb, () =>
{
//ECMultiply factorb by G, call the result pointb. The result is 33 bytes.
var pointb = new CCKey(factorb).PubKey.ToBytes();
//The first byte is 0x02 or 0x03. XOR it by (derivedhalf2[31] & 0x01), call the resulting byte pointbprefix.
var pointbprefix = (byte)(pointb[0] ^ (byte)(derived[63] & 0x01));
var pointbx = CoinEncryptedSecret.EncryptKey(pointb.Skip(1).ToArray(), derived);
var encryptedpointb = new byte[] { pointbprefix }.Concat(pointbx).ToArray();
var confirmBytes =
Network.GetVersionBytes(Network.BASE58_CONFIRMATION_CODE, true)
.Concat(new[] { flagByte })
.Concat(addresshash)
.Concat(OwnerEntropy)
.Concat(encryptedpointb)
.ToArray();
return new CoinConfirmationCode(Encoders.Base58Check.EncodeData(confirmBytes), Network);
}));
}
public static CoinEncryptedSecretNoEC Generate(CCKey key, string password, Network network)
{
return(new CoinEncryptedSecretNoEC(key, password, network));
}
public PubKey UncoverSender(CCKey ephem, PubKey scan)
{
return(Uncover(ephem, scan));
}
public PubKey UncoverReceiver(CCKey scan, PubKey ephem)
{
return(Uncover(scan, ephem));
}
public CoinEncryptedSecretNoEC(CCKey key, string password, Network network)
: base(GenerateWif(key, password, network), network)
{
}
public CoinSecret CreateCoinSecret(CCKey key)
{
return(new CoinSecret(key, this));
}
public virtual string GetPrivateKey(long aIndex)
{
CCKey lKey = GetCCKey(aIndex);
return(lKey.GetCoinSecret(Network).ToString());
}
