48949ebb3f
A complete blockchain implementation featuring: - synord: Full node with GHOSTDAG consensus - explorer-web: Modern React blockchain explorer with 3D DAG visualization - CLI wallet and tools - Smart contract SDK and example contracts (DEX, NFT, token) - WASM crypto library for browser/mobile
3.8 KiB
3.8 KiB
Phase 2, Milestone 1: Wallet Cryptography
Cryptographic operations for CLI wallet
Status: ✅ Complete
Priority: High
Application: synor-cli
Overview
Implement all cryptographic operations needed for the CLI wallet: mnemonic handling, keypair generation, encryption, and transaction signing.
Tasks
Task 1.1: Mnemonic Integration
- Use synor-crypto Mnemonic for phrase generation
- Generate 24-word BIP39 phrases
- Implement BIP39 seed derivation
- Support optional passphrase
- Validate mnemonic words
Files:
apps/cli/src/wallet.rs
Validation:
./target/release/synor wallet create
# Verify 24 words are displayed
# Verify words are from BIP39 wordlist
Task 1.2: Keypair Generation
- Generate Ed25519 keypair from seed
- Generate Dilithium3 keypair from seed
- Create hybrid keypair structure
- Derive addresses from public keys
- Support multiple address indices
Files:
apps/cli/src/wallet.rs
Validation:
./target/release/synor wallet create
./target/release/synor wallet addresses
# Verify address format: synor:qz...
Task 1.3: Wallet Encryption
- Implement AES-256-GCM encryption
- Use Argon2id for password-based key derivation
- Store encrypted wallet file
- Implement wallet unlock
- Secure memory handling
Files:
apps/cli/src/wallet.rs
Encryption Parameters:
- Argon2id: m=64MB, t=3, p=4
- AES-256-GCM with random IV
- Salt: 32 bytes random
Validation:
./target/release/synor wallet create
# Enter password
cat ~/.synor/wallet.json
# Verify encrypted format
Task 1.4: Transaction Signing
- Build transaction from inputs/outputs
- Create Ed25519 signature
- Create Dilithium3 signature
- Combine into hybrid signature
- Serialize signed transaction
Files:
apps/cli/src/wallet.rsapps/cli/src/commands/send.rs
Validation:
./target/release/synor send synor:qz... 10.0
# Verify transaction is signed and broadcast
Validation
Validation Commands
# Run wallet tests
cargo test -p synor-cli wallet
# Test mnemonic roundtrip
./target/release/synor wallet create
# Save mnemonic
./target/release/synor wallet recover
# Enter same mnemonic
# Verify same address
Validation Agents
| Agent | Purpose |
|---|---|
code-reviewer |
Review crypto usage |
silent-failure-hunter |
Check password error handling |
Cryptographic Validation
// Test deterministic key derivation
#[test]
fn test_deterministic_keys() {
let mnemonic = "abandon abandon abandon...";
let wallet1 = Wallet::from_mnemonic(mnemonic, "")?;
let wallet2 = Wallet::from_mnemonic(mnemonic, "")?;
assert_eq!(wallet1.address(), wallet2.address());
}
// Test signature verification
#[test]
fn test_hybrid_signature() {
let wallet = Wallet::new()?;
let message = b"test message";
let signature = wallet.sign(message)?;
assert!(wallet.verify(message, &signature)?);
}
Security Checks
- Private keys zeroed after use (zeroize)
- Wallet file has restricted permissions (0600)
- No private key in error messages
- Password not stored in memory after derivation
- Constant-time signature comparison
- Mnemonic display warning shown
Test Coverage
| Component | Coverage Target |
|---|---|
| Mnemonic | >95% |
| Keypair | >90% |
| Encryption | >90% |
| Signing | >95% |
Dependencies
synor-crypto- Cryptographic primitiveszeroize- Secure memory clearingrpassword- Secure password input
Acceptance Criteria
- Mnemonic generates valid 24-word phrase
- Same mnemonic produces same address
- Wallet file is encrypted at rest
- Signatures verify correctly
- All security checks pass
Completed: January 2025