Sajjon · January 22, 2025 10:04 · Sajjon · Jan 22, 2025 · Sajjon · Jan 22, 2025
diff --git a/radix_slip10.py b/radix_slip10.py
 #!/usr/bin/env python3

 # This is a simplified and modified version of
 # https://github.com/satoshilabs/slips/blob/master/slip-0010/testvectors.py

 # You need to install these dependencies:
 # `python3 -m pip install cryptography`
 # `python3 -m pip install Mnemonic`

 import hashlib
 import hmac
 from mnemonic import Mnemonic
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey

 HARDENED_KEY_SPACE_OFFSET = 2**31 # same as `0x80000000`
 SECURIFIED_KEY_SPACE_OFFSET = 2**30 # same as `0x40000000`
 USE_RADIX_CUSTOM_SECURIFIED_HALF_NOTATION = False

 # mode 0 - compatible with BIP32 private derivation
 def seed2hdnode(seed, curve, modifier, curve_order):
    k = seed
    while True:
        h = hmac.new(modifier, seed, hashlib.sha512).digest()
        key, chaincode = h[:32], h[32:]
        a = int.from_bytes(key, 'big')
        if (curve in ('ed25519', 'curve25519')):
            break
        if (a < curve_order and a != 0):
            break
        seed = h
    return (key, chaincode)

 def publickey(private_key, curve):
    if curve == 'ed25519':
        sk = Ed25519PrivateKey.from_private_bytes(private_key)
        key_encoding = serialization.Encoding.Raw
        key_format = serialization.PublicFormat.Raw
        prefix = b'\x00'
    else:
        raise BaseException('unsupported curve: '+curve)
    return prefix + sk.public_key().public_bytes(key_encoding, key_format)

 def derive(parent_key, parent_chaincode, i, curve, curve_order):
    assert len(parent_key) == 32
    assert len(parent_chaincode) == 32
    k = parent_chaincode
    if ((i & HARDENED_KEY_SPACE_OFFSET) != 0):
        key = b'\x00' + parent_key
    else:
        key = publickey(parent_key, curve)
    d = key + i.to_bytes(4, 'big')
    while True:
        h = hmac.new(k, d, hashlib.sha512).digest()
        key, chaincode = h[:32], h[32:]
        if curve in ('ed25519', 'curve25519'):
            break
        a = int.from_bytes(key, 'big')
        key = (a + int.from_bytes(parent_key, 'big')) % curve_order
        if (a < curve_order and key != 0):
            key = key.to_bytes(32, 'big')
            break
        d = b'\x01' + h[32:] + i.to_bytes(4, 'big')
                        
    return (key, chaincode)

 def get_curve_info():
    return ('ed25519', b'ed25519 seed', None)

 def generate_by_hardening(name, seedhex, unhardened_path):
    hardened_path = list(map(lambda x: x + HARDENED_KEY_SPACE_OFFSET, unhardened_path))
    curve, seedmodifier, curve_order = get_curve_info()
    curvename = 'ed25519'
    master_seed = bytes.fromhex(seedhex)
    k,c = seed2hdnode(master_seed, curve, seedmodifier, curve_order)
    p = publickey(k, curve)
    path = 'm'
    print("### "+name+" for "+curvename)

    depth = 0
    for i in hardened_path:
        if curve in ('ed25519', 'curve25519'):
            # no public derivation for ed25519 and curve25519
            i = i | HARDENED_KEY_SPACE_OFFSET
        depth = depth + 1
        if depth == 6 and ((i & SECURIFIED_KEY_SPACE_OFFSET) != 0) and USE_RADIX_CUSTOM_SECURIFIED_HALF_NOTATION:
            path = path + "/" + str(i - HARDENED_KEY_SPACE_OFFSET - SECURIFIED_KEY_SPACE_OFFSET)
            path = path + "S"
        elif ((i & HARDENED_KEY_SPACE_OFFSET) != 0):
            path = path + "/" + str(i - HARDENED_KEY_SPACE_OFFSET)
            path = path + "H"

        k,c = derive(k, c, i, curve, curve_order)
        p = publickey(k, curve) 
        if depth != 6:
            continue
        print('  * path: ' + path)
        print('  * private: ' + k.hex())
        print('  * public: ' + p[1:].hex())
    print()

 def show_testvectors(mnemonic, expected_seedhex):
    assert HARDENED_KEY_SPACE_OFFSET == 2**31
    assert HARDENED_KEY_SPACE_OFFSET == 0x80000000
    assert SECURIFIED_KEY_SPACE_OFFSET == 2**30
    assert SECURIFIED_KEY_SPACE_OFFSET == 0x40000000

    mnemo = Mnemonic("english")
    seed = mnemo.to_seed(mnemonic, passphrase="")
    seedhex = seed.hex()
    assert seedhex == expected_seedhex
    account_tx_signing_base_path = [44, 1022, 1, 525, 1460]
    for (sign_of_i, offset) in [('+', 0), ('-', SECURIFIED_KEY_SPACE_OFFSET), ('+', SECURIFIED_KEY_SPACE_OFFSET), ('-', 2**31 - 1)]:
        for i in [0, 1, 2, 3]:
            entity_index_base = i if sign_of_i == '+' else -i
            entity_index = entity_index_base + offset
            unhardened_path = account_tx_signing_base_path.copy()
            unhardened_path.append(entity_index)
            description = f"Index: {entity_index} ([index_base] {entity_index_base} + {offset} [offset])"
            generate_by_hardening(description, seedhex, unhardened_path)



 show_testvectors(
    "device phone sign source sample other device sample other device sample other device sample other device sample other device sample other device other paddle",
    'ee4072e80ab4eb00706077f56ccc585ee715099dca0607d13ccf8aa94dce8ec013e85f5375046d5bf72f5aa0b85ebea364e16a4acfb89addf37b68200a8616d0'
 )
	#!/usr/bin/env python3

	# This is a simplified and modified version of
	# https://github.com/satoshilabs/slips/blob/master/slip-0010/testvectors.py

	# You need to install these dependencies:
	# `python3 -m pip install cryptography`
	# `python3 -m pip install Mnemonic`

	import hashlib
	import hmac
	from mnemonic import Mnemonic
	from cryptography.hazmat.primitives import serialization
	from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey

	HARDENED_KEY_SPACE_OFFSET = 2**31 # same as `0x80000000`
	SECURIFIED_KEY_SPACE_OFFSET = 2**30 # same as `0x40000000`
	USE_RADIX_CUSTOM_SECURIFIED_HALF_NOTATION = False

	# mode 0 - compatible with BIP32 private derivation
	def seed2hdnode(seed, curve, modifier, curve_order):
	k = seed
	while True:
	h = hmac.new(modifier, seed, hashlib.sha512).digest()
	key, chaincode = h[:32], h[32:]
	a = int.from_bytes(key, 'big')
	if (curve in ('ed25519', 'curve25519')):
	break
	if (a < curve_order and a != 0):
	break
	seed = h
	return (key, chaincode)

	def publickey(private_key, curve):
	if curve == 'ed25519':
	sk = Ed25519PrivateKey.from_private_bytes(private_key)
	key_encoding = serialization.Encoding.Raw
	key_format = serialization.PublicFormat.Raw
	prefix = b'\x00'
	else:
	raise BaseException('unsupported curve: '+curve)
	return prefix + sk.public_key().public_bytes(key_encoding, key_format)

	def derive(parent_key, parent_chaincode, i, curve, curve_order):
	assert len(parent_key) == 32
	assert len(parent_chaincode) == 32
	k = parent_chaincode
	if ((i & HARDENED_KEY_SPACE_OFFSET) != 0):
	key = b'\x00' + parent_key
	else:
	key = publickey(parent_key, curve)
	d = key + i.to_bytes(4, 'big')
	while True:
	h = hmac.new(k, d, hashlib.sha512).digest()
	key, chaincode = h[:32], h[32:]
	if curve in ('ed25519', 'curve25519'):
	break
	a = int.from_bytes(key, 'big')
	key = (a + int.from_bytes(parent_key, 'big')) % curve_order
	if (a < curve_order and key != 0):
	key = key.to_bytes(32, 'big')
	break
	d = b'\x01' + h[32:] + i.to_bytes(4, 'big')

	return (key, chaincode)

	def get_curve_info():
	return ('ed25519', b'ed25519 seed', None)

	def generate_by_hardening(name, seedhex, unhardened_path):
	hardened_path = list(map(lambda x: x + HARDENED_KEY_SPACE_OFFSET, unhardened_path))
	curve, seedmodifier, curve_order = get_curve_info()
	curvename = 'ed25519'
	master_seed = bytes.fromhex(seedhex)
	k,c = seed2hdnode(master_seed, curve, seedmodifier, curve_order)
	p = publickey(k, curve)
	path = 'm'
	print("### "+name+" for "+curvename)

	depth = 0
	for i in hardened_path:
	if curve in ('ed25519', 'curve25519'):
	# no public derivation for ed25519 and curve25519
	i = i \| HARDENED_KEY_SPACE_OFFSET
	depth = depth + 1
	if depth == 6 and ((i & SECURIFIED_KEY_SPACE_OFFSET) != 0) and USE_RADIX_CUSTOM_SECURIFIED_HALF_NOTATION:
	path = path + "/" + str(i - HARDENED_KEY_SPACE_OFFSET - SECURIFIED_KEY_SPACE_OFFSET)
	path = path + "S"
	elif ((i & HARDENED_KEY_SPACE_OFFSET) != 0):
	path = path + "/" + str(i - HARDENED_KEY_SPACE_OFFSET)
	path = path + "H"

	k,c = derive(k, c, i, curve, curve_order)
	p = publickey(k, curve)
	if depth != 6:
	continue
	print(' * path: ' + path)
	print(' * private: ' + k.hex())
	print(' * public: ' + p[1:].hex())
	print()

	def show_testvectors(mnemonic, expected_seedhex):
	assert HARDENED_KEY_SPACE_OFFSET == 2**31
	assert HARDENED_KEY_SPACE_OFFSET == 0x80000000
	assert SECURIFIED_KEY_SPACE_OFFSET == 2**30
	assert SECURIFIED_KEY_SPACE_OFFSET == 0x40000000

	mnemo = Mnemonic("english")
	seed = mnemo.to_seed(mnemonic, passphrase="")
	seedhex = seed.hex()
	assert seedhex == expected_seedhex
	account_tx_signing_base_path = [44, 1022, 1, 525, 1460]
	for (sign_of_i, offset) in [('+', 0), ('-', SECURIFIED_KEY_SPACE_OFFSET), ('+', SECURIFIED_KEY_SPACE_OFFSET), ('-', 2**31 - 1)]:
	for i in [0, 1, 2, 3]:
	entity_index_base = i if sign_of_i == '+' else -i
	entity_index = entity_index_base + offset
	unhardened_path = account_tx_signing_base_path.copy()
	unhardened_path.append(entity_index)
	description = f"Index: {entity_index} ([index_base] {entity_index_base} + {offset} [offset])"
	generate_by_hardening(description, seedhex, unhardened_path)



	show_testvectors(
	"device phone sign source sample other device sample other device sample other device sample other device sample other device sample other device other paddle",
	'ee4072e80ab4eb00706077f56ccc585ee715099dca0607d13ccf8aa94dce8ec013e85f5375046d5bf72f5aa0b85ebea364e16a4acfb89addf37b68200a8616d0'
	)