@@ -21,6 +21,8 @@ INSTALL_DIR="$HOME/mutant"
2121DAEMON_PORT=" 3030"
2222WEB_PORT=" 8080"
2323
24+ RUST_LOG=mutant=debug,colony=debug
25+
2426# Logging functions
2527log_info () {
2628echo -e" ${BLUE} [INFO]${NC} $1 "
@@ -484,35 +486,78 @@ check_wallet_setup() {
484486
485487# Generate a secure Ethereum private key
486488generate_ethereum_private_key () {
487- # Try multiple methods to generate a secure 32-byte private key
489+ # secp256k1 curve order (max valid private key)
490+ local max_key=" fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140"
491+ local attempts=0
492+ local max_attempts=100
488493
489- # Method 1: Use openssl if available
490- if command_exists openssl; then
491- openssl rand -hex 322> /dev/null&& return
492- fi
494+ while [[$attempts -lt $max_attempts ]]; do
495+ local key=" "
493496
494- # Method 2: Use /dev/urandom if available (Linux/macOS)
495- if [[-r " /dev/urandom" ; then
496- head -c 32 /dev/urandom| xxd -p -c 322> /dev/null&& return
497- fi
497+ # Method 1: Use openssl if available
498+ if command_exists openssl; then
499+ key=$( openssl rand -hex 322> /dev/null)
500+ # Method 2: Use /dev/urandom if available (Linux/macOS)
501+ elif [[-r " /dev/urandom" ; then
502+ key=$( head -c 32 /dev/urandom| xxd -p -c 322> /dev/null| tr -d' \n' )
503+ # Method 3: Use Python if available
504+ elif command_exists python3; then
505+ key=$( python3 -c" import secrets; print(secrets.token_hex(32))" 2> /dev/null)
506+ # Method 4: Use Node.js if available
507+ elif command_exists node; then
508+ key=$( node -e" console.log(require('crypto').randomBytes(32).toString('hex'))" 2> /dev/null)
509+ # Method 5: Fallback using bash RANDOM (less secure, but better than nothing)
510+ else
511+ log_warning" Using less secure fallback method for private key generation"
512+ key=" "
513+ for i in {1..64}; do
514+ key+=$( printf" %x" $(( RANDOM% 16 )) )
515+ done
516+ fi
517+
518+ # Validate the generated key
519+ if [[-n " $key " && is_valid_ethereum_private_key" $key " ; then
520+ echo " $key "
521+ return 0
522+ fi
523+
524+ (( attempts++ ))
525+ done
526+
527+ log_error" Failed to generate valid Ethereum private key after$max_attempts attempts"
528+ return 1
529+ }
530+
531+ # Validate Ethereum private key
532+ is_valid_ethereum_private_key () {
533+ local key=" $1 "
498534
499- # Method 3: Use Python if available
500- if command_exists python3 ; then
501- python3 -c " import secrets; print(secrets.token_hex(32)) " 2> /dev/null && return
535+ # Check if key is 64 hex characters
536+ if [[ ! " $key " =~ ^[0-9a-fA-F]{64}$ ]] ; then
537+ return 1
502538fi
503539
504- # Method 4: Use Node.js if available
505- if command_exists node ; then
506- node -e " console.log(require('crypto').randomBytes(32).toString('hex')) " 2> /dev/null && return
540+ # Check if key is not zero
541+ if [[ " $key " =~ ^0+$ ]] ; then
542+ return 1
507543fi
508544
509- # Method 5: Fallback using bash RANDOM (less secure, but better than nothing)
510- log_warning" Using less secure fallback method for private key generation"
511- local key=" "
512- for i in {1..64}; do
513- key+=$( printf" %x" $(( RANDOM% 16 )) )
514- done
515- echo " $key "
545+ # Check if key is less than secp256k1 curve order
546+ # Note: This is a simplified check for install script purposes
547+ # The probability of generating a key >= curve order is ~1 in 2^128 (astronomically small)
548+ # For production applications, proper big number comparison should be used
549+ local first_char=" ${key: 0: 1} "
550+ if [[" $first_char " =~ ^[0-9a-eA-E]$ ]]; then
551+ # First character is 0-e, so definitely less than f (curve order starts with f)
552+ return 0
553+ elif [[" $first_char " =~ ^[fF]$ ]]; then
554+ # Starts with f - in practice, this is almost certainly valid
555+ # The invalid range is tiny: only ~2^128 out of 2^256 possible values
556+ return 0
557+ else
558+ # Should not happen with valid hex, but just in case
559+ return 1
560+ fi
516561}
517562
518563# Generate a BIP39 mnemonic phrase
@@ -644,18 +689,34 @@ EOF
644689return 0
645690elif [[-z " $PRIVATE_KEY " ; then
646691 log_info" No private key provided. Generating a new Ethereum private key..."
647- PRIVATE_KEY=$( generate_ethereum_private_key)
648- if [[-n " $PRIVATE_KEY " ; then
692+ if PRIVATE_KEY=$( generate_ethereum_private_key) ; then
649693 log_success" Generated new private key:$PRIVATE_KEY "
650694 log_warning" ⚠️ IMPORTANT: Save this private key securely! You'll need it to access your data."
695+ log_info" This key is cryptographically secure and valid for Ethereum/Autonomi networks."
651696else
652- log_error" Failed to generate private key. Daemon will run in public-only mode."
697+ log_error" Failed to generate valid private key. Daemon will run in public-only mode."
698+ log_error" This may be due to insufficient entropy sources on your system."
653699 PRIVATE_KEY=" "
654700fi
655701else
656- # Basic validation - check if it looks like a hex string
657- if [[! " $PRIVATE_KEY " =~ ^[0-9a-fA-F]+$ ]]; then
658- log_warning" Private key doesn't appear to be valid hex format, but continuing..."
702+ # Validate user-provided private key
703+ if is_valid_ethereum_private_key" $PRIVATE_KEY " ; then
704+ log_success" Private key validated successfully"
705+ else
706+ log_error" Invalid private key provided!"
707+ log_error" Ethereum private keys must be:"
708+ log_error" - Exactly 64 hexadecimal characters"
709+ log_error" - Not all zeros"
710+ log_error" - Within valid range for secp256k1 curve"
711+ log_info" Generating a new valid private key instead..."
712+
713+ if PRIVATE_KEY=$( generate_ethereum_private_key) ; then
714+ log_success" Generated new private key:$PRIVATE_KEY "
715+ log_warning" ⚠️ IMPORTANT: Save this private key securely! You'll need it to access your data."
716+ else
717+ log_error" Failed to generate valid private key. Daemon will run in public-only mode."
718+ PRIVATE_KEY=" "
719+ fi
659720fi
660721fi
661722