rename entropy choices, check checksum while re-creating mnemoning from string

Author: tamasblummer

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "bitcoin-wallet"
-version = "1.0.1"
+version = "1.1.0"
 authors = ["Tamas Blummer <tamas.blummer@gmail.com>"]
 license = "Apache-2.0"
 homepage = "https://github.com/rust-bitcoin/rust-wallet/"

src/account.rs

@@ -53,8 +53,8 @@ use crate::mnemonic::Mnemonic;
 /// chose your security level
 #[derive(Copy, Clone)]
 pub enum MasterKeyEntropy {
-    Low = 16,
-    Recommended = 32,
+    Sufficient = 16,
+    Double = 32,
     Paranoid = 64,
 }
 
@@ -918,7 +918,7 @@ mod test {
     #[test]
     fn test_pkh() {
         let mut master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let mut unlocker = Unlocker::new_for_master(&master, PASSPHRASE).unwrap();
         let account = Account::new(&mut unlocker, AccountAddressType::P2PKH, 0, 0, 10).unwrap();
         master.add_account(account);
@@ -987,7 +987,7 @@ mod test {
     #[test]
     fn test_wpkh() {
         let mut master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let mut unlocker = Unlocker::new_for_master(&master, PASSPHRASE).unwrap();
         let account = Account::new(&mut unlocker, AccountAddressType::P2WPKH, 0, 0, 10).unwrap();
         master.add_account(account);
@@ -1057,7 +1057,7 @@ mod test {
     #[test]
     fn test_shwpkh() {
         let mut master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let mut unlocker = Unlocker::new_for_master(&master, PASSPHRASE).unwrap();
         let account = Account::new(&mut unlocker, AccountAddressType::P2SHWPKH, 0, 0, 10).unwrap();
         master.add_account(account);
@@ -1128,7 +1128,7 @@ mod test {
     #[test]
     fn test_wsh() {
         let mut master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let mut unlocker = Unlocker::new_for_master(&master, PASSPHRASE).unwrap();
         let account =
             Account::new(&mut unlocker, AccountAddressType::P2WSH(4711), 0, 0, 0).unwrap();
@@ -1213,7 +1213,7 @@ mod test {
     #[test]
     fn test_wsh_csv() {
         let mut master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let mut unlocker = Unlocker::new_for_master(&master, PASSPHRASE).unwrap();
         let account =
             Account::new(&mut unlocker, AccountAddressType::P2WSH(4711), 0, 0, 0).unwrap();

src/mnemonic.rs

@@ -18,6 +18,7 @@
 //!
 //! TREZOR compatible mnemonic in english
 //!
+use bitcoin::util::bip158::{BitStreamReader, BitStreamWriter};
 use account::Seed;
 use crypto::{
     digest::Digest,
@@ -26,6 +27,7 @@ use crypto::{
     sha2::{Sha256, Sha512},
 };
 use error::Error;
+use std::io::Cursor;
 
 #[derive(Clone, Eq, PartialEq, Debug)]
 pub struct Mnemonic(Vec<&'static str>);
@@ -58,14 +60,23 @@ impl Mnemonic {
                 "Mnemonic must have a word count divisible with 6",
             ));
         }
+        let mut data = Vec::new();
+        let mut writer = BitStreamWriter::new(&mut data);
         let mut mnemonic = Vec::new();
         for word in &words {
             if let Ok(idx) = WORDS.binary_search(word) {
                 mnemonic.push(WORDS[idx]);
+                writer.write(idx as u64, 11).unwrap();
             } else {
                 return Err(Error::Mnemonic("Mnemonic contains an unknown word"));
             }
         }
+        writer.flush().unwrap();
+        let (payload, checksum) = data.split_at(data.len() - std::cmp::max(1,data.len()/32));
+        if Self::checksum(payload).as_slice() != checksum {
+            return Err(Error::Mnemonic("Checksum failed"));
+        }
+
         Ok(Mnemonic(mnemonic))
     }
 
@@ -76,34 +87,34 @@ impl Mnemonic {
                 "Data for mnemonic should have a length divisible by 4",
             ));
         }
-        let mut check = [0u8; 32];
-
-        let mut sha2 = Sha256::new();
-        sha2.input(data);
-        sha2.result(&mut check);
-
-        let mut bits = vec![false; data.len() * 8 + data.len() / 4];
-        for i in 0..data.len() {
-            for j in 0..8 {
-                bits[i * 8 + j] = (data[i] & (1 << (7 - j))) > 0;
-            }
-        }
-        for i in 0..data.len() / 4 {
-            bits[8 * data.len() + i] = (check[i / 8] & (1 << (7 - (i % 8)))) > 0;
-        }
+        let mut with_checksum = data.to_vec();
+        with_checksum.extend_from_slice(Self::checksum(data).as_slice());
+        let mut cursor = Cursor::new(&with_checksum);
+        let mut reader = BitStreamReader::new(&mut cursor);
         let mlen = data.len() * 3 / 4;
         let mut memo = Vec::new();
-        for i in 0..mlen {
-            let mut idx = 0;
-            for j in 0..11 {
-                if bits[i * 11 + j] {
-                    idx += 1 << (10 - j);
-                }
-            }
-            memo.push(WORDS[idx]);
+        for _ in 0..mlen {
+            memo.push(WORDS[reader.read(11).unwrap() as usize]);
         }
         Ok(Mnemonic(memo))
     }
+
+    fn checksum(data: &[u8]) -> Vec<u8> {
+        let mut hash = [0u8; 32];
+        let mut checksum = Vec::new();
+        let mut writer = BitStreamWriter::new(&mut checksum);
+
+        let mut sha2 = Sha256::new();
+        sha2.input(data);
+        sha2.result(&mut hash);
+        let mut check_cursor = Cursor::new(&hash);
+        let mut check_reader = BitStreamReader::new(&mut check_cursor);
+        for _ in 0..data.len()/4 {
+            writer.write(check_reader.read(1).unwrap(), 1).unwrap();
+        }
+        writer.flush().unwrap();
+        checksum
+    }
 }
 
 #[cfg(test)]
@@ -137,7 +148,9 @@ mod test {
         for t in 0..tests.len() {
             let values = tests[t].as_array().unwrap();
             let data = decode(values[0].as_str().unwrap()).unwrap();
-            let mnemonic = Mnemonic::from_str(values[1].as_str().unwrap()).unwrap();
+            let m = values[1].as_str().unwrap();
+            println!("{}", m);
+            let mnemonic = Mnemonic::from_str(m).unwrap();
             let seed = mnemonic.to_seed(Some("TREZOR"));
             assert_eq!(
                 mnemonic.to_string(),

src/sss.rs

@@ -692,7 +692,7 @@ mod test {
     #[test]
     pub fn reconstruct() {
         let master =
-            MasterAccount::new(MasterKeyEntropy::Low, Network::Bitcoin, PASSPHRASE).unwrap();
+            MasterAccount::new(MasterKeyEntropy::Sufficient, Network::Bitcoin, PASSPHRASE).unwrap();
         let seed = master.seed(Network::Bitcoin, PASSPHRASE).unwrap();
         let shares = ShamirSecretSharing::generate(1, &[(3, 5)], &seed, None, 1).unwrap();
         let reconstructed_seed = ShamirSecretSharing::combine(&shares[..3], None).unwrap();