def prv_to_child(parent_prv: ExtendedKey, index: int):
"""Return an extended child private key.
Parameters:
parent_prv -- a parent private key,
index -- an index of a parent private key
"""
cur_key = KeysBTC(parent_prv.key)
ser32_index = int2bytes(index, 4)
# If a hardened index the take the private key,
# otherwise, take the public key.
if index >= 2 ** 31:
data = b"\x00" + cur_key.get_private_key() + ser32_index
else:
data = cur_key.get_public_key() + ser32_index
child_hash = hmac_sha512(parent_prv.chain_code, data)
child_hash_left = bytes2int(child_hash[:32])
k_i = (child_hash_left + cur_key.get_private_key_int()) % \
ECPoint.get_secp256k1_order()
# Check the left part
if child_hash_left >= ECPoint.get_secp256k1_order() or k_i == 0:
raise ValueError("The resulting key is invalid")
# The right part is child_hash[32:]
return ExtendedKey(
int2bytes(k_i),
child_hash[32:],
parent_prv.level + 1, # increase level
index,
ExtendedKey.get_fingerprint(cur_key.get_public_key())
)
def seed_to_master_key(seed):
"""Return an extended master (root) private key (BIP32) for a seed"""
hash = hmac_sha512(b"Bitcoin seed", seed)
key = hash[:32]
chain_code = hash[32:]
# Check key
key_int = bytes2int(key)
if key_int == 0 or key_int >= ECPoint.get_secp256k1_order():
raise ValueError("Wrong master key")
return ExtendedKey(key, chain_code)
def verify(self, hash: bytes, r: bytes, s: bytes):
"""Verify a sign r, s for a hash with the object's keys"""
N = ECPoint.get_secp256k1_order()
h = bytes2int(hash) % N
h = 1 if h == 0 else h
r1 = bytes2int(r)
s_inv = mod_inverse(bytes2int(s), N)
u1 = (h * s_inv) % N
u2 = (r1 * s_inv) % N
C = self.get_generator_point() * u1 + self.get_public_point() * u2
return C.x == r1
def sign(self, hash: bytes):
"""Sign a hash with the object's keys"""
private_key_int = self.get_private_key_int()
N = ECPoint.get_secp256k1_order()
h = bytes2int(hash) % N
h = 1 if h == 0 else h
# get the deterministic random integer with RFC 6979
k = random_rfc6979(hash, private_key_int, N,
self.get_generator_point())
# Calculate G * k
C = self.get_generator_point() * k
s = ((h + C.x * private_key_int) * mod_inverse(k, N)) % N
# Return r and s
return int2bytes(C.x), int2bytes(s)
def pub_to_child(parent_pub: ExtendedKey, index: int):
"""Return an extended child public key.
Parameters:
parent_pub -- a parent public key,
index -- an index of a parent public key
"""
# Check if index is not a hardened key
if index >= 2 ** 31:
raise ValueError(
"Cannot generate a child public key because "
"it is a hardened key"
)
ser32_index = int2bytes(index, 4)
public_key = KeysBTC.point_to_publickey(parent_pub.key)
data = public_key + ser32_index
child_hash = hmac_sha512(parent_pub.chain_code, data)
child_hash_left = bytes2int(child_hash[:32])
K_i = KeysBTC.get_generator_point() * child_hash_left + parent_pub.key
# Check the left part
if child_hash_left >= ECPoint.get_secp256k1_order() or \
K_i == ECPoint.infinity():
raise ValueError(
"The resulting key is invalid for index {:d}".format(index)
)
# The right part is child_hash[32:]
return ExtendedKey(
K_i,
child_hash[32:],
parent_pub.level + 1, # increase level
index,
ExtendedKey.get_fingerprint(public_key)
)