LCOV - code coverage report
Current view: top level - src/wallet - bip39.cpp (source / functions) Hit Total Coverage
Test: test_dash_coverage.info Lines: 74 81 91.4 %
Date: 2026-06-25 07:23:51 Functions: 4 4 100.0 % 

          Line data    Source code
       1             : /**
       2             :  * Copyright (c) 2013-2014 Tomas Dzetkulic
       3             :  * Copyright (c) 2013-2014 Pavol Rusnak
       4             :  *
       5             :  * Permission is hereby granted, free of charge, to any person obtaining
       6             :  * a copy of this software and associated documentation files (the "Software"),
       7             :  * to deal in the Software without restriction, including without limitation
       8             :  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
       9             :  * and/or sell copies of the Software, and to permit persons to whom the
      10             :  * Software is furnished to do so, subject to the following conditions:
      11             :  *
      12             :  * The above copyright notice and this permission notice shall be included
      13             :  * in all copies or substantial portions of the Software.
      14             :  *
      15             :  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
      16             :  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
      17             :  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
      18             :  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
      19             :  * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
      20             :  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
      21             :  * OTHER DEALINGS IN THE SOFTWARE.
      22             :  */
      23             : 
      24             : // Source:
      25             : // https://github.com/trezor/trezor-crypto
      26             : 
      27             : #include <wallet/bip39.h>
      28             : #include <wallet/bip39_english.h>
      29             : #include <crypto/pkcs5_pbkdf2_hmac_sha512.h>
      30             : #include <crypto/sha256.h>
      31             : #include <random.h>
      32             : 
      33         649 : SecureString CMnemonic::Generate(int strength)
      34             : {
      35         649 :     if (strength % 32 || strength < 128 || strength > 256) {
      36           0 :         return SecureString();
      37             :     }
      38         649 :     SecureVector data(32);
      39         649 :     GetStrongRandBytes({data.data(), 32});
      40         649 :     SecureString mnemonic = FromData(data, strength / 8);
      41         649 :     return mnemonic;
      42         649 : }
      43             : 
      44             : // SecureString CMnemonic::FromData(const uint8_t *data, int len)
      45         673 : SecureString CMnemonic::FromData(const SecureVector& data, int len)
      46             : {
      47         673 :     if (len % 4 || len < 16 || len > 32) {
      48           0 :         return SecureString();
      49             :     }
      50             : 
      51         673 :     SecureVector checksum(32);
      52         673 :     CSHA256().Write(data.data(), len).Finalize(checksum.data());
      53             : 
      54             :     // data
      55         673 :     SecureVector bits(len);
      56         673 :     memcpy(bits.data(), data.data(), len);
      57             :     // checksum
      58         673 :     bits.push_back(checksum[0]);
      59             : 
      60         673 :     int mlen = len * 3 / 4;
      61         673 :     SecureString mnemonic;
      62             : 
      63        8893 :     for (int i = 0; i < mlen; i++) {
      64        8220 :         int idx = 0;
      65       98640 :         for (int j = 0; j < 11; j++) {
      66       90420 :             idx <<= 1;
      67       90420 :             idx += (bits[(i * 11 + j) / 8] & (1 << (7 - ((i * 11 + j) % 8)))) > 0;
      68       90420 :         }
      69        8220 :         mnemonic.append(wordlist[idx]);
      70        8220 :         if (i < mlen - 1) {
      71        7547 :             mnemonic += ' ';
      72        7547 :         }
      73        8220 :     }
      74             : 
      75         673 :     return mnemonic;
      76         673 : }
      77             : 
      78          46 : bool CMnemonic::Check(const SecureString& mnemonic)
      79             : {
      80          46 :     if (mnemonic.empty()) {
      81           0 :         return false;
      82             :     }
      83             : 
      84          46 :     uint32_t nWordCount{};
      85             : 
      86        4430 :     for (size_t i = 0; i < mnemonic.size(); ++i) {
      87        4384 :         if (mnemonic[i] == ' ') {
      88         650 :             nWordCount++;
      89         650 :         }
      90        4384 :     }
      91          46 :     nWordCount++;
      92             :     // check number of words
      93          46 :     if (nWordCount % 3 != 0 || nWordCount < 12 || nWordCount > 24) {
      94           0 :         return false;
      95             :     }
      96             : 
      97          46 :     SecureString ssCurrentWord;
      98          46 :     SecureVector bits(32 + 1);
      99          46 :     uint32_t nBitsCount{};
     100             : 
     101         742 :     for (size_t i = 0; i < mnemonic.size(); ++i)
     102             :     {
     103         696 :         ssCurrentWord.resize(0); // we resize ssCurrentWord instead recreating to avoid new allocations
     104        4430 :         while (i + ssCurrentWord.size() < mnemonic.size() && mnemonic[i + ssCurrentWord.size()] != ' ') {
     105        3734 :             if (ssCurrentWord.size() >= 9) {
     106           0 :                 return false;
     107             :             }
     108        3734 :             ssCurrentWord += mnemonic[i + ssCurrentWord.size()];
     109             :         }
     110         696 :         i += ssCurrentWord.size();
     111         696 :         uint32_t nWordIndex = 0;
     112      721922 :         for (;;) {
     113      721922 :             if (!wordlist[nWordIndex]) { // word not found
     114           0 :                 return false;
     115             :             }
     116      721922 :             if (ssCurrentWord == wordlist[nWordIndex]) { // word found on index nWordIndex
     117        8352 :                 for (uint32_t ki = 0; ki < 11; ki++) {
     118        7656 :                     if (nWordIndex & (1 << (10 - ki))) {
     119        3803 :                         bits[nBitsCount / 8] |= 1 << (7 - (nBitsCount % 8));
     120        3803 :                     }
     121        7656 :                     nBitsCount++;
     122        7656 :                 }
     123         696 :                 break;
     124             :             }
     125      721226 :             nWordIndex++;
     126             :         }
     127         696 :     }
     128          46 :     if (nBitsCount != nWordCount * 11) {
     129           0 :         return false;
     130             :     }
     131          46 :     bits[32] = bits[nWordCount * 4 / 3];
     132          46 :     CSHA256().Write(bits.data(), nWordCount * 4 / 3).Finalize(bits.data());
     133             : 
     134          46 :     const char checksum_length = nWordCount / 3;
     135          46 :     const char mask = (2 ^ checksum_length) << (8 - checksum_length);
     136             : 
     137          46 :     return (bits[0] & mask) == (bits[32] & mask);
     138          46 : }
     139             : 
     140             : // passphrase must be at most 256 characters otherwise it would be truncated
     141         118 : void CMnemonic::ToSeed(const SecureString& mnemonic, const SecureString& passphrase, SecureVector& seedRet)
     142             : {
     143             : 
     144         118 :     SecureString ssSalt = SecureString("mnemonic") + passphrase;
     145         118 :     SecureVector vchSalt(ssSalt.begin(), ssSalt.begin() + std::min<size_t>(256, ssSalt.size()));
     146         118 :     seedRet.resize(64);
     147             :     // NOTE: c_str() here is fine because mnemonic has only [a-z ] characters
     148         118 :     PKCS5_PBKDF2_HMAC_SHA512(mnemonic.c_str(), mnemonic.size(), vchSalt.data(), vchSalt.size(), 2048, 64, seedRet.data());
     149         118 : }

Generated by: LCOV version 1.16