Add bip39 mnemonic support

Author: voloshinskii

Source/TonSwift/Crypto/25519/Ed25519.swift

@@ -1,17 +1,106 @@
 import Foundation
+import CryptoKit
 
 public enum Ed25519 {
-  public enum Error: Swift.Error {
-    case sharedSecretError(Swift.Error)
-  }
-  
-  public static func getSharedSecret(privateKey: PrivateKey, publicKey: PublicKey) throws -> Data {
-    do {
-      let xPrivateKey = try privateKey.toX25519
-      let xPublicKey = try publicKey.toX25519
-      return try X25519.getSharedSecret(privateKey: xPrivateKey, publicKey: xPublicKey)
-    } catch {
-      throw Error.sharedSecretError(error)
-    }
-  }
+    
+    public enum Error: Swift.Error {
+        case sharedSecretError(Swift.Error)
+        case derivePathError(String)
+    }
+    
+    static let ED25519_CURVE = "ed25519 seed"
+    public static let HARDENED_OFFSET: UInt32 = 0x80000000
+    
+    public struct Keys {
+        var key: Data
+        var chainCode: Data
+    }
+    
+    public static func getSharedSecret(privateKey: PrivateKey, publicKey: PublicKey) throws -> Data {
+        do {
+            let xPrivateKey = try privateKey.toX25519
+            let xPublicKey = try publicKey.toX25519
+            return try X25519.getSharedSecret(privateKey: xPrivateKey, publicKey: xPublicKey)
+        } catch {
+            throw Error.sharedSecretError(error)
+            
+        }
+    }
+    
+    public static func getMasterKeyFromSeed(seed: String) throws -> Keys {
+        guard let seedData = Data(hexString: seed) else {
+            throw Error.derivePathError("Invalid seed hex string")
+        }
+        
+        let hmac = HMAC<SHA512>.authenticationCode(for: seedData, using: SymmetricKey(data: ED25519_CURVE.data(using: .utf8)!))
+        let I = Data(hmac)
+        let IL = I.prefix(32)
+        let IR = I.suffix(from: 32)
+        
+        return Keys(key: IL, chainCode: IR)
+    }
+    
+    public static func CKDPriv(keys: Keys, index: UInt32) -> Keys {
+        var indexData = Data(count: 4)
+        indexData.withUnsafeMutableBytes { $0.bindMemory(to: UInt8.self).baseAddress?.withMemoryRebound(to: UInt32.self, capacity: 1) {
+            $0.pointee = index.bigEndian
+        }}
+        
+        let data = Data([0]) + keys.key + indexData
+        let hmacValue = HMAC<SHA512>.authenticationCode(for: data, using: SymmetricKey(data: keys.chainCode))
+        let I = Data(hmacValue)
+        let IL = I.prefix(32)
+        let IR = I.suffix(from: 32)
+        
+        return Keys(key: IL, chainCode: IR)
+    }
+    
+    public static func isValidPath(path: String) -> Bool {
+        let pathRegex = #"^m(\/[0-9]+')+$"#
+        let regex = try? NSRegularExpression(pattern: pathRegex)
+        
+        let range = NSRange(location: 0, length: path.utf16.count)
+        guard regex?.firstMatch(in: path, options: [], range: range) != nil else {
+            return false
+        }
+        
+        return !path.split(separator: "/").dropFirst().map { $0.replacingOccurrences(of: "'", with: "") }.contains { Int($0) == nil }
+    }
+    
+    public static func derivePath(path: String, seed: String, offset: UInt32 = HARDENED_OFFSET) throws -> Keys {
+        guard isValidPath(path: path) else {
+            throw Error.derivePathError("Invalid derivation path")
+        }
+        
+        var keys = try getMasterKeyFromSeed(seed: seed)
+        
+        let segments = path
+            .split(separator: "/")
+            .dropFirst()
+            .map { $0.replacingOccurrences(of: "'", with: "") }
+            .compactMap { UInt32($0) }
+        
+        for segment in segments {
+            keys = CKDPriv(keys: keys, index: segment + offset)
+        }
+        
+        return keys
+    }
+}
+
+extension Data {
+    init?(hexString: String) {
+        let length = hexString.count / 2
+        var data = Data(capacity: length)
+        var index = hexString.startIndex
+        for _ in 0..<length {
+            let nextIndex = hexString.index(index, offsetBy: 2)
+            guard let byte = UInt8(hexString[index..<nextIndex], radix: 16) else {
+                return nil
+            }
+            data.append(byte)
+            index = nextIndex
+        }
+        self = data
+    }
 }

Source/TonSwift/Mnemonic/Mnemonic.swift

@@ -146,6 +146,44 @@ public enum Mnemonic {
         return src.map({ $0.lowercased() })
     }
 
+    public static func isValidBip39Mnemonic(mnemonicArray: [String]) -> Bool {
+        guard !mnemonicArray.isEmpty else { return false }
+        guard mnemonicArray.allSatisfy({ words.contains($0) }) else { return false }
+        return mnemonicArray.count % 3 == 0
+    }
+        
+    public static func bip39MnemonicToSeed(mnemonicArray: [String], password: String = "") -> Data {
+        let salt: (_ password: String) -> String = { password in
+            let salt = "mnemonic" + password
+            return salt
+        }
+        
+        let mnemonicBuffer = Data(normalizeMnemonic(src: mnemonicArray).joined(separator: " ").utf8)
+        let saltBuffer = Data(salt(password).utf8)
+        
+        let res = pbkdf2Sha512(phrase: mnemonicBuffer, salt: saltBuffer, iterations: 2048, keyLength: 64)
+        
+        return Data(res)
+    }
+    
+    public static func bip39MnemonicToPrivateKey(mnemonicArray: [String]) throws -> KeyPair {
+        guard isValidBip39Mnemonic(mnemonicArray: mnemonicArray) else {
+            throw NSError(domain: "Mnemonic", code: 0, userInfo: [NSLocalizedDescriptionKey: "Invalid mnemonic"])
+        }
+        
+        let seed = bip39MnemonicToSeed(mnemonicArray: mnemonicArray)
+        
+        do {
+            let derived = try Ed25519.derivePath(path: "m/44'/607'/0'", seed: seed.hexString())
+            
+            let keyPair = try TweetNacl.NaclSign.KeyPair.keyPair(fromSeed: derived.key)
+            return KeyPair(publicKey: .init(data: keyPair.publicKey), privateKey: .init(data: keyPair.secretKey))
+            
+        } catch {
+            throw error
+        }
+    }
+    
     /**
      Extract private key from mnemonic
 
@@ -165,4 +203,12 @@ public enum Mnemonic {
             throw error
         }
     }
+    
+    public static func anyMnemonicToPrivateKey(mnemonicArray: [String], password: String = "") throws -> KeyPair {
+        if(mnemonicValidate(mnemonicArray: mnemonicArray)) {
+            return try mnemonicToPrivateKey(mnemonicArray: mnemonicArray)
+        } else {
+            return try bip39MnemonicToPrivateKey(mnemonicArray: mnemonicArray)
+        }
+    }
 }

Tests/TonSwiftTests/Mnemonic/MnemonicTest.swift

@@ -15,7 +15,7 @@ final class MnemonicTest: XCTestCase {
 
         // should create valid key pair
 
-        let keyPair = try Mnemonic.mnemonicToPrivateKey(mnemonicArray: mnemonicArray)
+        let keyPair = try Mnemonic.anyMnemonicToPrivateKey(mnemonicArray: mnemonicArray)
         XCTAssertEqual(keyPair.publicKey.hexString, "34eb4b67d64f74d989ce2bc2e3dfddb7ed4cb0eec92f29fbecd05b1eabab0254")
         XCTAssertEqual(keyPair.privateKey.hexString, "c893fc0b676782a5c157ad8fddb389f75caba6eea1c198d8075a8a43afce70a934eb4b67d64f74d989ce2bc2e3dfddb7ed4cb0eec92f29fbecd05b1eabab0254")
     }