From: Chris Duncan <chris@zoso.dev>
Date: Fri, 8 Aug 2025 02:40:10 +0000 (-0700)
Subject: Integrate blake ckd into wallet safe.
X-Git-Tag: v0.10.5~43^2~34
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=110bbe69d15aa34bfa5e1b574b540983d20c1bff;p=libnemo.git

Integrate blake ckd into wallet safe.
---

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index e5ce411..89a67b3 100644
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -145,7 +145,7 @@ export class Safe {
 			}
 			const prv = this.#type === 'BIP-44'
 				? await Bip44Ckd.ckd(this.#seed, BIP44_COIN_NANO, index)
-				: await Blake2bCkd.ckd(this.#seed, index)
+				: await this.#deriveBlake2bPrivateKey(this.#seed, index)
 			const pub = await NanoNaCl.convert(new Uint8Array(prv))
 			return { index, publicKey: pub.buffer }
 		} catch (err) {
@@ -337,6 +337,27 @@ export class Safe {
 		}
 	}
 
+	/**
+	* Derives account private keys from a wallet seed using the BLAKE2b hashing
+	* algorithm.
+	*
+	* Separately, account public keys are derived from the private key using the
+	* Ed25519 key algorithm, and account addresses are derived from the public key
+	* as described in the Nano documentation.
+	* https://docs.nano.org/integration-guides/the-basics/
+	*
+	* @param {ArrayBuffer} seed - 32-byte secret seed of the wallet
+	* @param {number} index - 4-byte index of account to derive
+	* @returns {ArrayBuffer} Private key for the account
+	*/
+	static #deriveBlake2bPrivateKey (seed: ArrayBuffer, index: number): ArrayBuffer {
+		const b = new ArrayBuffer(4)
+		new DataView(b).setUint32(0, index, false)
+		const s = new Uint8Array(seed)
+		const i = new Uint8Array(b)
+		return new Blake2b(32).update(s).update(i).digest().buffer
+	}
+
 	static async #createAesKey (purpose: 'encrypt' | 'decrypt', password: ArrayBuffer, keySalt: ArrayBuffer): Promise<CryptoKey> {
 		const derivationKey = await crypto.subtle.importKey('raw', password, 'PBKDF2', false, ['deriveBits', 'deriveKey'])
 		new Uint8Array(password).fill(0).buffer.transfer()