/// <summary>
/// Recreates the private key of the parent from the private key of the child
/// combinated with the public key of the parent (hardened children cannot be
/// used to recreate the parent).
/// </summary>
public ExtKey GetParentExtKey(ExtPubKey parent)
{
if (parent == null)
{
throw new ArgumentNullException(nameof(parent));
}
if (Depth == 0)
{
throw new InvalidOperationException("This ExtKey is the root key of the HD tree");
}
if (IsHardened)
{
throw new InvalidOperationException("This private key is hardened, so you can't get its parent");
}
var expectedFingerPrint = parent.PubKey.GetHDFingerPrint();
if (parent.Depth != this.Depth - 1 || expectedFingerPrint != parentFingerprint)
{
throw new ArgumentException("The parent ExtPubKey is not the immediate parent of this ExtKey", "parent");
}
#if HAS_SPAN
Span <byte> pubkey = stackalloc byte[33];
Span <byte> l = stackalloc byte[64];
parent.PubKey.ToBytes(pubkey, out _);
Hashes.BIP32Hash(parent.vchChainCode, nChild, pubkey[0], pubkey.Slice(1), l);
var parse256LL = new Secp256k1.Scalar(l.Slice(0, 32), out int overflow);
if (overflow != 0 || parse256LL.IsZero)
{
throw new InvalidOperationException("Invalid extkey (this should never happen)");
}
if (!l.Slice(32, 32).SequenceEqual(vchChainCode))
{
throw new InvalidOperationException("The derived chain code of the parent is not equal to this child chain code");
}
var kPar = this.PrivateKey._ECKey.sec + parse256LL.Negate();
return(new ExtKey
{
vchChainCode = parent.vchChainCode,
nDepth = parent.Depth,
parentFingerprint = parent.ParentFingerprint,
nChild = parent.nChild,
key = new Key(new Secp256k1.ECPrivKey(kPar, this.PrivateKey._ECKey.ctx, true), true)
});
#else
byte[] l = null;
byte[] ll = new byte[32];
byte[] lr = new byte[32];
var pubKey = parent.PubKey.ToBytes();
l = Hashes.BIP32Hash(parent.vchChainCode, nChild, pubKey[0], pubKey.SafeSubarray(1));
Array.Copy(l, ll, 32);
Array.Copy(l, 32, lr, 0, 32);
var ccChild = lr;
BigInteger parse256LL = new BigInteger(1, ll);
BigInteger N = ECKey.CURVE.N;
if (!ccChild.SequenceEqual(vchChainCode))
{
throw new InvalidOperationException("The derived chain code of the parent is not equal to this child chain code");
}
var keyBytes = PrivateKey.ToBytes();
var key = new BigInteger(1, keyBytes);
BigInteger kPar = key.Add(parse256LL.Negate()).Mod(N);
var keyParentBytes = kPar.ToByteArrayUnsigned();
if (keyParentBytes.Length < 32)
{
keyParentBytes = new byte[32 - keyParentBytes.Length].Concat(keyParentBytes).ToArray();
}
var parentExtKey = new ExtKey
{
vchChainCode = parent.vchChainCode,
nDepth = parent.Depth,
parentFingerprint = parent.ParentFingerprint,
nChild = parent.nChild,
key = new Key(keyParentBytes)
};
return(parentExtKey);
#endif
}