[Tooling] SLIP-0010 HD Child Key Generation

app/client/keybase/README.md

@@ -8,6 +8,7 @@ This document is intended to outline the current Keybase implementation used by
   - [Keybase Code Structure](#keybase-code-structure)
 - [Makefile Testing Helper](#makefile-testing-helper)
 - [KeyPair Encryption \& Armouring](#keypair-encryption--armouring)
+- [SLIP-0010 Child Key Generation](#child-key-generation)
 - [TODO: Future Work](#todo-future-work)
 
 _TODO(#150): The current keybase has not been integrated with any CLI endpoints, and as such is only accessible through the [keybase interface](#keybase-interface)_
@@ -73,6 +74,10 @@ The [documentation in the crypto library](../../../shared/crypto/README.md) cove
 
 The primitives and functions defined there are heavily used throughout this package.
 
+## Child Key Generation
+
+The [documentation in the crypto library](../../../shared/crypto/README.md) covers the specifics of the [SLIPS-0010](https://github.com/satoshilabs/slips/blob/master/slip-0010.md) implementation related to child key generation from a single master key
+
 ## TODO: Future Work
 
 - [ ] Improve error handling and error messages for importing keys with invalid strings/invalid JSON

app/client/keybase/keybase.go

@@ -20,6 +20,14 @@ type Keybase interface {
 	// Insert a new keypair from the JSON string of the encrypted private key into the DB
 	ImportFromJSON(jsonStr, passphrase string) error
 
+	// SLIPS-0010 Key Derivation
+	// Deterministically generate and return the derived child key
+	DeriveChildFromKey(masterAddrHex, passphrase string, childIndex uint32) (crypto.KeyPair, error)
+	DeriveChildFromSeed(seed []byte, childIndex uint32) (crypto.KeyPair, error)
+	// Deterministically generate and store the derived child key in the keybase
+	StoreChildFromKey(masterAddrHex, masterPassphrase string, childIndex uint32, childPassphrase, childHint string) error
+	StoreChildFromSeed(seed []byte, childIndex uint32, childPassphrase, childHint string) error
+
 	// Accessors
 	Get(address string) (crypto.KeyPair, error)
 	GetPubKey(address string) (crypto.PublicKey, error)

app/client/keybase/keystore.go

@@ -235,6 +235,86 @@ func (keybase *badgerKeybase) GetAll() (addresses []string, keyPairs []crypto.Ke
 	return addresses, keyPairs, nil
 }
 
+// Deterministically generate and return the ith child from the seed provided
+func (keybase *badgerKeybase) DeriveChildFromSeed(seed []byte, childIndex uint32) (crypto.KeyPair, error) {
+	path := fmt.Sprintf(crypto.PoktAccountPathFormat, childIndex)
+	childKey, err := crypto.DeriveChild(path, seed)
+	if err != nil {
+		return nil, err
+	}
+	return childKey, nil
+}
+
+// Deterministically generate and return the ith child key from the masterAddrHex key stored in the keybase
+func (keybase *badgerKeybase) DeriveChildFromKey(masterAddrHex, passphrase string, childIndex uint32) (crypto.KeyPair, error) {
+	privKey, err := keybase.GetPrivKey(masterAddrHex, passphrase)
+	if err != nil {
+		return nil, err
+	}
+	seed := privKey.Seed()
+	return keybase.DeriveChildFromSeed(seed, childIndex)
+}
+
+// Deterministically generate and store the ith child from the masterAddrHex key stored in the keybase
+func (keybase *badgerKeybase) StoreChildFromSeed(seed []byte, childIndex uint32, childPassphrase, childHint string) error {
+	path := fmt.Sprintf(crypto.PoktAccountPathFormat, childIndex)
+	childKey, err := crypto.DeriveChild(path, seed)
+	if err != nil {
+		return err
+	}
+	// No need to re-encrypt with provided passphrase
+	if childPassphrase == "" && childHint == "" {
+		err = keybase.db.Update(func(tx *badger.Txn) error {
+			// Use key address as key in DB
+			addrKey := childKey.GetAddressBytes()
+
+			// Encode KeyPair into []byte for value
+			keypairBz, err := childKey.Marshal()
+			if err != nil {
+				return err
+			}
+
+			return tx.Set(addrKey, keypairBz)
+		})
+		return err
+	}
+
+	// Re-encrypt child key with passphrase and hint
+	return keybase.db.Update(func(tx *badger.Txn) error {
+		// Get the private key hex string from the child key
+		privKeyHex, err := childKey.ExportString("") // No passphrase by default
+		if err != nil {
+			return err
+		}
+
+		keyPair, err := crypto.CreateNewKeyFromString(privKeyHex, childPassphrase, childHint)
+		if err != nil {
+			return err
+		}
+
+		// Use key address as key in DB
+		addrKey := keyPair.GetAddressBytes()
+
+		// Encode KeyPair into []byte for value
+		keypairBz, err := keyPair.Marshal()
+		if err != nil {
+			return err
+		}
+
+		return tx.Set(addrKey, keypairBz)
+	})
+}
+
+// Deterministically generate and store the ith child from the masterAddrHex key stored in the keybase
+func (keybase *badgerKeybase) StoreChildFromKey(masterAddrHex, masterPassphrase string, childIndex uint32, childPassphrase, childHint string) error {
+	masterPrivKey, err := keybase.GetPrivKey(masterAddrHex, masterPassphrase)
+	if err != nil {
+		return err
+	}
+	seed := masterPrivKey.Seed()
+	return keybase.StoreChildFromSeed(seed, childIndex, childPassphrase, childHint)
+}
+
 // Check whether an address is currently stored in the DB
 func (keybase *badgerKeybase) Exists(address string) (bool, error) {
 	val, err := keybase.Get(address)