From 5012fcb81b3f56a6ecce793be3a9ebdc4ccb248d Mon Sep 17 00:00:00 2001 From: mDuo13 Date: Mon, 14 Oct 2019 17:02:36 -0700 Subject: [PATCH] Key derivation: code cleanup per @seelabs review --- .../{key-derivation.py => key_derivation.py} | 18 ++++++++---------- .../accounts/cryptographic-keys.md | 2 +- 2 files changed, 9 insertions(+), 11 deletions(-) rename content/_code-samples/key-derivation/{key-derivation.py => key_derivation.py} (96%) diff --git a/content/_code-samples/key-derivation/key-derivation.py b/content/_code-samples/key-derivation/key_derivation.py similarity index 96% rename from content/_code-samples/key-derivation/key-derivation.py rename to content/_code-samples/key-derivation/key_derivation.py index de9d394c20..48d72067fb 100755 --- a/content/_code-samples/key-derivation/key-derivation.py +++ b/content/_code-samples/key-derivation/key_derivation.py @@ -30,13 +30,12 @@ from fastecdsa import keys, curve import ed25519 import RFC1751 -import base58.base58 as base58 +from base58 import base58 XRPL_SEED_PREFIX = b'\x21' XRPL_ACCT_PUBKEY_PREFIX = b'\x23' XRPL_VALIDATOR_PUBKEY_PREFIX = b'\x1c' ED_PREFIX = b'\xed' -SECP_MODULUS = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 def sha512half(buf): """ @@ -63,6 +62,7 @@ class Seed: # Keys are lazy-derived later self._secp256k1_sec = None self._secp256k1_pub = None + self._secp256k1_root_pub = None self._ed25519_sec = None self._ed25519_pub = None @@ -202,11 +202,11 @@ class Seed: root_pub_point = keys.get_public_key(root_sec_i, curve.secp256k1) root_pub_b = compress_secp256k1_public(root_pub_point) fam_b = bytes(4) # Account families are unused; just 4 bytes of zeroes - inter_pk_i = secp256k1_secret_key_from(root_pub_b+fam_b) + inter_pk_i = secp256k1_secret_key_from( b''.join([root_pub_b, fam_b]) ) inter_pub_point = keys.get_public_key(inter_pk_i, curve.secp256k1) # Secret keys are ints, so just add them mod the secp256k1 group order - master_sec_i = (root_sec_i + inter_pk_i) % SECP_MODULUS + master_sec_i = (root_sec_i + inter_pk_i) % curve.secp256k1.q # Public keys are points, so the fastecdsa lib handles adding them master_pub_point = root_pub_point + inter_pub_point @@ -256,12 +256,10 @@ def secp256k1_secret_key_from(seed): buf = seed + seq.to_bytes(4, byteorder="big", signed=False) h = sha512half(buf) h_i = int.from_bytes(h, byteorder="big", signed=False) - if h_i > SECP_MODULUS or h_i == 0: - # Not a valid secp256k1 key - seq += 1 - continue - break - return h_i + if h_i < curve.secp256k1.q and h_i != 0: + return h_i + # Else, not a valid secp256k1 key; try again with a new sequence value. + seq += 1 def compress_secp256k1_public(point): """ diff --git a/content/concepts/payment-system-basics/accounts/cryptographic-keys.md b/content/concepts/payment-system-basics/accounts/cryptographic-keys.md index 5d054fa8aa..1adf4c206b 100644 --- a/content/concepts/payment-system-basics/accounts/cryptographic-keys.md +++ b/content/concepts/payment-system-basics/accounts/cryptographic-keys.md @@ -134,7 +134,7 @@ The key derivation processes described here are implemented in multiple places a - [Seed definition](https://github.com/ripple/rippled/blob/develop/src/ripple/protocol/Seed.h) - [General & Ed25519 key derivation](https://github.com/ripple/rippled/blob/develop/src/ripple/protocol/impl/SecretKey.cpp) - [secp256k1 key derivation](https://github.com/ripple/rippled/blob/develop/src/ripple/crypto/impl/GenerateDeterministicKey.cpp) -- In Python 3 in [this repository's code samples section]({{target.github_forkurl}}/blob/{{target.github_branch}}/content/_code-samples/key-derivation/key-derivation.py). +- In Python 3 in [this repository's code samples section]({{target.github_forkurl}}/blob/{{target.github_branch}}/content/_code-samples/key-derivation/key_derivation.py). - In JavaScript in the [`ripple-keypairs`](https://github.com/ripple/ripple-keypairs/) package. ### Ed25519 Key Derivation