Update to schnorrkel 0.8.0 (#3267)

* Update to schnorrkel `0.8.0`

* Increase `spec_version`

* Bump schnorrkel to 0.8.3 (#3283)

* Schnorrkel 0.8.1 (builds on bkchr upgrade branch)

* Add tests for known hard/soft derivation values

* Bump all schnorrkel versions

* Flatten for easier inspection

* 0.8.2

* 0.8.3

* Update subkey/Cargo.toml

Co-Authored-By: Bastian Köcher <bkchr@users.noreply.github.com>

* Update `Cargo.lock`

* 0.8.4

* Fix cargo lock file.

* Adding an error message for `NotMarkedSchnorrkel` as that was missing.
Also fixing a typo, strage -> stage.

substrate/core/primitives/src/sr25519.rs

@@ -22,7 +22,7 @@
 // end::description[]
 
 #[cfg(feature = "std")]
-use schnorrkel::{signing_context, Keypair, SecretKey, MiniSecretKey, PublicKey,
+use schnorrkel::{signing_context, ExpansionMode, Keypair, SecretKey, MiniSecretKey, PublicKey,
 	derive::{Derivation, ChainCode, CHAIN_CODE_LENGTH}
 };
 #[cfg(feature = "std")]
@@ -341,7 +341,7 @@ impl AsRef<Pair> for Pair {
 #[cfg(feature = "std")]
 impl From<MiniSecretKey> for Pair {
 	fn from(sec: MiniSecretKey) -> Pair {
-		Pair(sec.expand_to_keypair())
+		Pair(sec.expand_to_keypair(ExpansionMode::Ed25519))
 	}
 }
 
@@ -376,7 +376,7 @@ impl AsRef<schnorrkel::Keypair> for Pair {
 /// Derive a single hard junction.
 #[cfg(feature = "std")]
 fn derive_hard_junction(secret: &SecretKey, cc: &[u8; CHAIN_CODE_LENGTH]) -> SecretKey {
-	secret.hard_derive_mini_secret_key(Some(ChainCode(cc.clone())), b"").0.expand()
+	secret.hard_derive_mini_secret_key(Some(ChainCode(cc.clone())), b"").0.expand(ExpansionMode::Ed25519)
 }
 
 /// The raw secret seed, which can be used to recreate the `Pair`.
@@ -417,7 +417,7 @@ impl TraitPair for Pair {
 				Ok(Pair(
 					MiniSecretKey::from_bytes(seed)
 						.map_err(|_| SecretStringError::InvalidSeed)?
-						.expand_to_keypair()
+						.expand_to_keypair(ExpansionMode::Ed25519)
 				))
 			}
 			SECRET_KEY_LENGTH => {
@@ -476,28 +476,23 @@ impl TraitPair for Pair {
 
 	/// Verify a signature on a message. Returns true if the signature is good.
 	fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: P) -> bool {
-		let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(&sig.as_ref()) {
-			Ok(some_signature) => some_signature,
-			Err(_) => return false
-		};
+		// Match both schnorrkel 0.1.1 and 0.8.0+ signatures, supporting both wallets
+		// that have not been upgraded and those that have. To swap to 0.8.0 only,
+		// create `schnorrkel::Signature` and pass that into `verify_simple`
 		match PublicKey::from_bytes(pubkey.as_ref().as_slice()) {
-			Ok(pk) => pk.verify(
-				signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
-			),
+			Ok(pk) => pk.verify_simple_preaudit_deprecated(
+				SIGNING_CTX, message.as_ref(), &sig.as_ref(),
+			).is_ok(),
 			Err(_) => false,
 		}
 	}
 
 	/// Verify a signature on a message. Returns true if the signature is good.
 	fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(sig: &[u8], message: M, pubkey: P) -> bool {
-		let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(sig) {
-			Ok(some_signature) => some_signature,
-			Err(_) => return false
-		};
 		match PublicKey::from_bytes(pubkey.as_ref()) {
-			Ok(pk) => pk.verify(
-				signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
-			),
+			Ok(pk) => pk.verify_simple_preaudit_deprecated(
+				SIGNING_CTX, message.as_ref(), &sig,
+			).is_ok(),
 			Err(_) => false,
 		}
 	}
@@ -518,7 +513,7 @@ impl Pair {
 		let mini_key: MiniSecretKey = mini_secret_from_entropy(entropy, password.unwrap_or(""))
 			.expect("32 bytes can always build a key; qed");
 
-		let kp = mini_key.expand_to_keypair();
+		let kp = mini_key.expand_to_keypair(ExpansionMode::Ed25519);
 		(Pair(kp), mini_key.to_bytes())
 	}
 }
@@ -536,6 +531,43 @@ impl TypedKey for Pair {
 	const KEY_TYPE: KeyTypeId = key_types::SR25519;
 }
 
+#[cfg(test)]
+mod compatibility_test {
+	use super::*;
+	use crate::crypto::{DEV_PHRASE};
+	use hex_literal::hex;
+
+	// NOTE: tests to ensure addresses that are created with the `0.1.x` version (pre-audit) are
+	// still functional.
+
+	#[test]
+	fn derive_soft_known_pair_should_work() {
+		let pair = Pair::from_string(&format!("{}/Alice", DEV_PHRASE), None).unwrap();
+		// known address of DEV_PHRASE with 1.1
+		let known = hex!("d6c71059dbbe9ad2b0ed3f289738b800836eb425544ce694825285b958ca755e");
+		assert_eq!(pair.public().to_raw_vec(), known);
+	}
+
+	#[test]
+	fn derive_hard_known_pair_should_work() {
+		let pair = Pair::from_string(&format!("{}//Alice", DEV_PHRASE), None).unwrap();
+		// known address of DEV_PHRASE with 1.1
+		let known = hex!("d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d");
+		assert_eq!(pair.public().to_raw_vec(), known);
+	}
+
+	#[test]
+	fn verify_known_message_should_work() {
+		let public = Public::from_raw(hex!("b4bfa1f7a5166695eb75299fd1c4c03ea212871c342f2c5dfea0902b2c246918"));
+		// signature generated by the 1.1 version with the same ^^ public key.
+		let signature = Signature::from_raw(hex!(
+			"5a9755f069939f45d96aaf125cf5ce7ba1db998686f87f2fb3cbdea922078741a73891ba265f70c31436e18a9acd14d189d73c12317ab6c313285cd938453202"
+		));
+		let message = b"Verifying that I am the owner of 5G9hQLdsKQswNPgB499DeA5PkFBbgkLPJWkkS6FAM6xGQ8xD. Hash: 221455a3\n";
+		assert!(Pair::verify(&signature, &message[..], &public));
+	}
+}
+
 #[cfg(test)]
 mod test {
 	use super::*;
@@ -646,7 +678,6 @@ mod test {
 
 	#[test]
 	fn seeded_pair_should_work() {
-
 		let pair = Pair::from_seed(b"12345678901234567890123456789012");
 		let public = pair.public();
 		assert_eq!(
@@ -679,9 +710,9 @@ mod test {
 			&hex!("0000000000000000000000000000000000000000000000000000000000000000")
 		);
 		let public = pk.public();
-		let js_signature = Signature::from_raw(
-			hex!("28a854d54903e056f89581c691c1f7d2ff39f8f896c9e9c22475e60902cc2b3547199e0e91fa32902028f2ca2355e8cdd16cfe19ba5e8b658c94aa80f3b81a00")
-		);
+		let js_signature = Signature::from_raw(hex!(
+			"28a854d54903e056f89581c691c1f7d2ff39f8f896c9e9c22475e60902cc2b3547199e0e91fa32902028f2ca2355e8cdd16cfe19ba5e8b658c94aa80f3b81a00"
+		));
 		assert!(Pair::verify(&js_signature, b"SUBSTRATE", public));
 	}
 }