Seed generation, encryption and storage support

[shamardy]

Cryptographic operations shouldn't be the frontend/GUIs responsibility. Instead, they should be handled by the DeFi framework. To achieve this we should:

• Allow initialization of the framework without a seed, in this case, a seed must be generated, encrypted and saved for reuse in a secure manner. It would also be good to create encrypt/decrypt APIs that GUIs can use to send files/data to the defi framework to encrypt before they can save it on their side or to decrypt after loading it from storage.
• Seed generation should support BIP39 standard plus any other used/known standards.
• This can be part of the crypto crate which includes the crypto context for HD/HW/Metamask/etc.. or a new crate can be created specifically for this. The idea is to separate this critical code from other non-critical parts.
• We already use tiny-bip39 lib to create the HD wallet seed/secret from the Mnemonic phrase passed on initialization. This lib contains implementations for creating a new Mnemonic phrase from entropy. We need to check the library for any known issues before using it for this purpose.

ref: https://github.com/KomodoPlatform/komodo_encryption_tool/pull/1#issuecomment-1651230832, https://github.com/KomodoPlatform/komodo_encryption_tool/pull/1#issuecomment-1678687099
C.C. @ca333 @Alrighttt @yurii-khi

[shamardy]

For the library to use for mnemonic phrase generation I suggest rust-bip39, it's actively maintained unlike tiny-bip39 which we currently use for converting the phrase to bytes. rust-bip39 is also part of the Rust Bitcoin Community which is maintained by blockstream and the bitcoin community. It also includes pbkdf2 implementation if we decided to use it for seed encryption/hashing, if we decided to use Argon2 instead I suggest this library https://github.com/RustCrypto/password-hashes/tree/master/argon2, Argon2 is slower or more resource-intensive on mobiles or embedded systems though since it requires a large amount of memory.

@Alrighttt @ca333 @DeckerSU I would like your opinion on the above and which of pbkdf2, Argon2d, Argon2i and Argon2id should we use. I also think rust-bip39 should be checked from security perspective before using it, but it's ok for me if you check it on the PR instead since switching libraries shouldn't be a big problem.

[shamardy]

Checklist

• Research Web Crypto APIs and if I should go back to using openssl for non-wasm and Web Crypto APIs for wasm.
• APIs to encrypt and save, decrypt, encrypt and return data. feat(crypto): mnemonic generation/encryption/decryption/storage #2014 (comment)
• Covering more test cases.
• Complete zeroization of sensitive data and disabling memory swapping for them fix(hd-wallet): enable/withdraw using any account'/change/address_index #1933 (comment)
• Explore newly used crates features more to optimize performance, e.g. aes has some features to optimize compilation size vs performance on certain architectures.

Future:

• Support different key derivations and encryption algorithms for the framework (SDK)

[mariocynicys]

the original issue is completed. trackers for improvements are here #2442.