Make BIP39 passphrase optional

anoma · Jan 25, 2024 · f5c9257 · f5c9257
1 parent b6bc0e9
commit f5c9257
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 7 deletions.
diff --git a/crates/apps/src/lib/cli.rs b/crates/apps/src/lib/cli.rs
@@ -2979,6 +2979,7 @@ pub mod args {
         arg_default("hd-path", DefaultFn(|| "default".to_string()));
     pub const HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH: ArgFlag =
         flag("allow-non-compliant");
+    pub const HD_PROMPT_BIP39_PASSPHRASE: ArgFlag = flag("bip39-passphrase");
     pub const HISTORIC: ArgFlag = flag("historic");
     pub const IBC_TRANSFER_MEMO_PATH: ArgOpt<PathBuf> = arg_opt("memo-path");
     pub const INPUT_OPT: ArgOpt<PathBuf> = arg_opt("input");
@@ -6201,6 +6202,8 @@ pub mod args {
             let derivation_path = HD_DERIVATION_PATH.parse(matches);
             let allow_non_compliant =
                 HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches);
+            let prompt_bip39_passphrase =
+                HD_PROMPT_BIP39_PASSPHRASE.parse(matches);
             Self {
                 scheme,
                 shielded,
@@ -6210,6 +6213,7 @@ pub mod args {
                 use_device,
                 derivation_path,
                 allow_non_compliant,
+                prompt_bip39_passphrase,
             }
         }
 
@@ -6262,6 +6266,11 @@ pub mod args {
                     .args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name])
                     .requires(HD_DERIVATION_PATH.name),
             )
+            .arg(
+                HD_PROMPT_BIP39_PASSPHRASE.def().help(
+                    "Use an additional passphrase for HD-key generation.",
+                ),
+            )
         }
     }
 
@@ -6276,6 +6285,8 @@ pub mod args {
             let derivation_path = HD_DERIVATION_PATH.parse(matches);
             let allow_non_compliant =
                 HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches);
+            let prompt_bip39_passphrase =
+                HD_PROMPT_BIP39_PASSPHRASE.parse(matches);
             Self {
                 scheme,
                 shielded,
@@ -6285,6 +6296,7 @@ pub mod args {
                 unsafe_dont_encrypt,
                 derivation_path,
                 allow_non_compliant,
+                prompt_bip39_passphrase,
             }
         }
 
@@ -6340,6 +6352,11 @@ pub mod args {
                     .args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name])
                     .requires(HD_DERIVATION_PATH.name),
             )
+            .arg(
+                HD_PROMPT_BIP39_PASSPHRASE.def().help(
+                    "Use an additional passphrase for HD-key generation.",
+                ),
+            )
         }
     }
 

diff --git a/crates/apps/src/lib/cli/wallet.rs b/crates/apps/src/lib/cli/wallet.rs
@@ -239,6 +239,7 @@ fn shielded_key_gen(
         unsafe_dont_encrypt,
         derivation_path,
         allow_non_compliant,
+        prompt_bip39_passphrase,
         ..
     }: args::KeyGen,
 ) {
@@ -261,8 +262,11 @@ fn shielded_key_gen(
             display_line!(io, "No changes are persisted. Exiting.");
             cli::safe_exit(1)
         }
-        let (_mnemonic, seed) =
-            Wallet::<CliWalletUtils>::gen_hd_seed(None, &mut OsRng);
+        let (_mnemonic, seed) = Wallet::<CliWalletUtils>::gen_hd_seed(
+            None,
+            &mut OsRng,
+            prompt_bip39_passphrase,
+        );
         wallet.derive_store_hd_spendind_key(
             alias,
             alias_force,
@@ -535,6 +539,7 @@ fn transparent_key_and_address_gen(
         unsafe_dont_encrypt,
         derivation_path,
         allow_non_compliant,
+        prompt_bip39_passphrase,
         ..
     }: args::KeyGen,
 ) {
@@ -565,8 +570,11 @@ fn transparent_key_and_address_gen(
             display_line!(io, "No changes are persisted. Exiting.");
             cli::safe_exit(1)
         }
-        let (_mnemonic, seed) =
-            Wallet::<CliWalletUtils>::gen_hd_seed(None, &mut OsRng);
+        let (_mnemonic, seed) = Wallet::<CliWalletUtils>::gen_hd_seed(
+            None,
+            &mut OsRng,
+            prompt_bip39_passphrase,
+        );
         wallet.derive_store_hd_secret_key(
             scheme,
             Some(alias),

diff --git a/crates/sdk/src/args.rs b/crates/sdk/src/args.rs
@@ -2112,6 +2112,8 @@ pub struct KeyGen {
     pub unsafe_dont_encrypt: bool,
     /// BIP44 / ZIP32 derivation path
     pub derivation_path: String,
+    /// Prompt for BIP39 passphrase
+    pub prompt_bip39_passphrase: bool,
     /// Allow non-compliant derivation path
     pub allow_non_compliant: bool,
 }
@@ -2133,6 +2135,8 @@ pub struct KeyDerive {
     pub derivation_path: String,
     /// Allow non-compliant derivation path
     pub allow_non_compliant: bool,
+    /// Prompt for BIP39 passphrase
+    pub prompt_bip39_passphrase: bool,
     /// Use device to generate key and address
     pub use_device: bool,
 }

diff --git a/crates/sdk/src/wallet/mod.rs b/crates/sdk/src/wallet/mod.rs
@@ -621,10 +621,12 @@ impl<U: WalletIo> Wallet<U> {
     }
 
     /// Generate a BIP39 mnemonic code, and derive HD wallet seed from it using
-    /// the given passphrase.
+    /// the given passphrase. If no passphrase is provided, optionally prompt
+    /// for a passphrase.
     pub fn gen_hd_seed(
         passphrase: Option<Zeroizing<String>>,
         rng: &mut U::Rng,
+        prompt_bip39_passphrase: bool,
     ) -> (Mnemonic, Seed) {
         const MNEMONIC_TYPE: MnemonicType = MnemonicType::Words24;
         let mnemonic = U::generate_mnemonic_code(MNEMONIC_TYPE, rng);
@@ -634,8 +636,13 @@ impl<U: WalletIo> Wallet<U> {
         );
         println!("{}", mnemonic.clone().into_phrase());
 
-        let passphrase =
-            passphrase.unwrap_or_else(|| U::read_mnemonic_passphrase(true));
+        let passphrase = passphrase.unwrap_or_else(|| {
+            if prompt_bip39_passphrase {
+                U::read_mnemonic_passphrase(true)
+            } else {
+                Zeroizing::default()
+            }
+        });
         let seed = Seed::new(&mnemonic, &passphrase);
         (mnemonic, seed)
     }