private byte[] decryptMnemonic(byte[] entropy, String normalizedPassphrase)
throws GeneralSecurityException {
byte[] salt = Arrays.copyOfRange(entropy, 32, 36);
byte[] encrypted = Arrays.copyOf(entropy, 32);
byte[] derived =
SCrypt.scrypt(normalizedPassphrase.getBytes(Charsets.UTF_8), salt, 16384, 8, 8, 64);
byte[] key = Arrays.copyOfRange(derived, 32, 64);
SecretKeySpec keyspec = new SecretKeySpec(key, "AES");
DRMWorkaround.maybeDisableExportControls();
@SuppressLint("GetInstance") // ECB for 256 bits is enough, and is the same that BIP38 uses
Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, keyspec);
byte[] decrypted = cipher.doFinal(encrypted, 0, 32);
for (int i = 0; i < 32; i++) decrypted[i] ^= derived[i];
byte[] hash = Sha256Hash.createDouble(decrypted).getBytes();
if (!Arrays.equals(Arrays.copyOf(hash, 4), salt))
throw new RuntimeException("Invalid checksum");
return decrypted;
}
