From db442133b8316d1cb3b4dd3f78c3646e527b46dc Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Thu, 2 Sep 2021 13:45:56 +0200
Subject: [PATCH] Compares kotlin-bip39 library with bitcoinj library

to ensure that kotlin-bip39 is not malicious and can be upgraded safely
---
 app/build.gradle                              |  2 +
 .../seedvault/crypto/Bip39ComparisonTest.kt   | 55 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 app/src/test/java/com/stevesoltys/seedvault/crypto/Bip39ComparisonTest.kt

diff --git a/app/build.gradle b/app/build.gradle
index fe1a84da..2f5208c1 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -138,7 +138,9 @@ dependencies {
         exclude group: "com.google.auto.service", module: "auto-service"
     }
     testImplementation "org.junit.jupiter:junit-jupiter-api:$junit5_version"
+    testImplementation "org.junit.jupiter:junit-jupiter-params:$junit5_version"
     testImplementation "io.mockk:mockk:$mockk_version"
+    testImplementation 'org.bitcoinj:bitcoinj-core:0.15.10'
     testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junit5_version"
     testRuntimeOnly "org.junit.vintage:junit-vintage-engine:$junit5_version"
 
diff --git a/app/src/test/java/com/stevesoltys/seedvault/crypto/Bip39ComparisonTest.kt b/app/src/test/java/com/stevesoltys/seedvault/crypto/Bip39ComparisonTest.kt
new file mode 100644
index 00000000..c1e89895
--- /dev/null
+++ b/app/src/test/java/com/stevesoltys/seedvault/crypto/Bip39ComparisonTest.kt
@@ -0,0 +1,55 @@
+package com.stevesoltys.seedvault.crypto
+
+import cash.z.ecc.android.bip39.Mnemonics
+import cash.z.ecc.android.bip39.toSeed
+import com.stevesoltys.seedvault.ui.recoverycode.toMnemonicChars
+import org.bitcoinj.crypto.MnemonicCode
+import org.junit.jupiter.api.Assertions.assertArrayEquals
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.Arguments
+import org.junit.jupiter.params.provider.MethodSource
+import kotlin.random.Random
+
+/**
+ * Compares kotlin-bip39 library with bitcoinj library
+ * to ensure that kotlin-bip39 is not malicious and can be upgraded safely.
+ */
+class Bip39ComparisonTest {
+
+    companion object {
+        private const val ITERATIONS = 128
+        private val SEED_SIZE = Mnemonics.WordCount.COUNT_12.bitLength / 8
+
+        @JvmStatic
+        @Suppress("unused")
+        private fun provideEntropy() = ArrayList<Arguments>(ITERATIONS).apply {
+            for (i in 0 until ITERATIONS) {
+                add(Arguments.of(Random.nextBytes(SEED_SIZE)))
+            }
+        }
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideEntropy")
+    fun compareLibs(entropy: ByteArray) {
+        val actualCodeFromEntropy = Mnemonics.MnemonicCode(entropy)
+        val actualWordsFromEntropy = actualCodeFromEntropy.words.map { it.joinToString("") }
+        val expectedWordsFromEntropy = MnemonicCode.INSTANCE.toMnemonic(entropy)
+        // check that entropy produces the same words
+        assertEquals(expectedWordsFromEntropy, actualWordsFromEntropy)
+
+        val actualCodeFromWords =
+            Mnemonics.MnemonicCode(expectedWordsFromEntropy.toMnemonicChars())
+        // check that both codes are valid
+        MnemonicCode.INSTANCE.check(expectedWordsFromEntropy)
+        actualCodeFromEntropy.validate()
+
+        // check that both codes produce same seed
+        assertArrayEquals(
+            MnemonicCode.toSeed(expectedWordsFromEntropy, ""),
+            actualCodeFromWords.toSeed()
+        )
+    }
+
+}