pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-12 04:11:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Overhaul crypto (Schnorr/Ristretto, HDKD, BIP39) (#1795)

Browse Source 
* Rijig to Ristretto

* Rebuild wasm

* adds compatibility test with the wasm module

* Add Ed25519-BIP39 support

* Bump subkey version

* Update CLI output

* New keys.

* Standard phrase/password/path keys.

* Subkey uses S-URI for secrets

* Move everything to use new HDKD crypto.

* Test fixes

* Ignore old test vector.

* fix the ^^ old test vector.

* Fix tests

* Test fixes

* Cleanups

* Fix broken key conversion logic in grandpa

CC @rphmeier

* Remove legacy Keyring usage

* Traitify `Pair`

* Replace Ed25519AuthorityId with ed25519::Public

* Expunge Ed25519AuthorityId type!

* Replace Sr25519AuthorityId with sr25519::Public

* Remove dodgy crypto type-punning conversions

* Fix some tests

* Avoid trait

* Deduplicate DeriveJunction string decode

* Remove cruft code

* Fix test

* Minor removals

* Build fix

* Subkey supports sign and verify

* Inspect works for public key URIs

* Remove more crypto type-punning

* Fix typo

* Fix tests
This commit is contained in:
Gav Wood
2019-03-13 14:08:31 +01:00
committed by GitHub
parent 17f093da13
commit d7fcf5dc9d
83 changed files with 2636 additions and 1687 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/core/primitives/src/authority_id.rs
-96
View File
@@ -1,96 +0,0 @@
// Copyright 2017-2019 Parity Technologies (UK) Ltd.
// This file is part of Substrate.
// Substrate is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Substrate is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Substrate. If not, see <http://www.gnu.org/licenses/>.
#[cfg(feature = "std")]
use serde::{Serialize, Serializer, Deserialize, Deserializer};
use parity_codec::{Encode, Decode};
use crate::H256;
/// An identifier for an authority in the consensus algorithm. The same size as ed25519::Public.
#[derive(Clone, Copy, PartialEq, Eq, Default, Encode, Decode)]
pub struct Ed25519AuthorityId(pub [u8; 32]);
#[cfg(feature = "std")]
impl ::std::fmt::Display for Ed25519AuthorityId {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", crate::ed25519::Public(self.0).to_ss58check())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Ed25519AuthorityId {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
let h = format!("{}", crate::hexdisplay::HexDisplay::from(&self.0));
write!(f, "{} ({}…{})", crate::ed25519::Public(self.0).to_ss58check(), &h[0..8], &h[60..])
}
}
#[cfg(feature = "std")]
impl ::std::hash::Hash for Ed25519AuthorityId {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
impl AsRef<[u8; 32]> for Ed25519AuthorityId {
fn as_ref(&self) -> &[u8; 32] {
&self.0
}
}
impl AsRef<[u8]> for Ed25519AuthorityId {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl Into<[u8; 32]> for Ed25519AuthorityId {
fn into(self) -> [u8; 32] {
self.0
}
}
impl From<[u8; 32]> for Ed25519AuthorityId {
fn from(a: [u8; 32]) -> Self {
Ed25519AuthorityId(a)
}
}
impl AsRef<Ed25519AuthorityId> for Ed25519AuthorityId {
fn as_ref(&self) -> &Ed25519AuthorityId {
&self
}
}
impl Into<H256> for Ed25519AuthorityId {
fn into(self) -> H256 {
self.0.into()
}
}
#[cfg(feature = "std")]
impl Serialize for Ed25519AuthorityId {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: Serializer {
crate::ed25519::serialize(&self, serializer)
}
}
#[cfg(feature = "std")]
impl<'de> Deserialize<'de> for Ed25519AuthorityId {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: Deserializer<'de> {
crate::ed25519::deserialize(deserializer)
}
}
substrate/core/primitives/src/crypto.rs
+486
View File
@@ -0,0 +1,486 @@
// Copyright 2017-2019 Parity Technologies (UK) Ltd.
// This file is part of Substrate.
// Substrate is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Substrate is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Substrate. If not, see <http://www.gnu.org/licenses/>.
// tag::description[]
//! Cryptographic utilities.
// end::description[]
#[cfg(feature = "std")]
use parity_codec::{Encode, Decode};
#[cfg(feature = "std")]
use regex::Regex;
#[cfg(feature = "std")]
use base58::{FromBase58, ToBase58};
/// The infallible type.
#[derive(Debug)]
pub enum Infallible {}
/// The length of the junction identifier. Note that this is also referred to as the
/// `CHAIN_CODE_LENGTH` in the context of Schnorrkel.
#[cfg(feature = "std")]
pub const JUNCTION_ID_LEN: usize = 32;
/// Similar to `From`, except that the onus is on the part of the caller to ensure
/// that data passed in makes sense. Basically, you're not guaranteed to get anything
/// sensible out.
pub trait UncheckedFrom<T> {
/// Convert from an instance of `T` to Self. This is not guaranteed to be
/// whatever counts as a valid instance of `T` and it's up to the caller to
/// ensure that it makes sense.
fn unchecked_from(t: T) -> Self;
}
/// The counterpart to `UncheckedFrom`.
pub trait UncheckedInto<T> {
/// The counterpart to `unchecked_from`.
fn unchecked_into(self) -> T;
}
impl<S, T: UncheckedFrom<S>> UncheckedInto<T> for S {
fn unchecked_into(self) -> T {
T::unchecked_from(self)
}
}
/// An error with the interpretation of a secret.
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg(feature = "std")]
pub enum SecretStringError {
/// The overall format was invalid (e.g. the seed phrase contained symbols).
InvalidFormat,
/// The seed phrase provided is not a valid BIP39 phrase.
InvalidPhrase,
/// The supplied password was invalid.
InvalidPassword,
/// The seed is invalid (bad content).
InvalidSeed,
/// The seed has an invalid length.
InvalidSeedLength,
/// The derivation path was invalid (e.g. contains soft junctions when they are not supported).
InvalidPath,
}
/// A since derivation junction description. It is the single parameter used when creating
/// a new secret key from an existing secret key and, in the case of `SoftRaw` and `SoftIndex`
/// a new public key from an existing public key.
#[derive(Copy, Clone, Eq, PartialEq, Hash, Debug, Encode, Decode)]
#[cfg(feature = "std")]
pub enum DeriveJunction {
/// Soft (vanilla) derivation. Public keys have a correspondent derivation.
Soft([u8; JUNCTION_ID_LEN]),
/// Hard ("hardened") derivation. Public keys do not have a correspondent derivation.
Hard([u8; JUNCTION_ID_LEN]),
}
#[cfg(feature = "std")]
impl DeriveJunction {
/// Consume self to return a soft derive junction with the same chain code.
pub fn soften(self) -> Self { DeriveJunction::Soft(self.unwrap_inner()) }
/// Consume self to return a hard derive junction with the same chain code.
pub fn harden(self) -> Self { DeriveJunction::Hard(self.unwrap_inner()) }
/// Create a new soft (vanilla) DeriveJunction from a given, encodable, value.
///
/// If you need a hard junction, use `hard()`.
pub fn soft<T: Encode>(index: T) -> Self {
let mut cc: [u8; JUNCTION_ID_LEN] = Default::default();
index.using_encoded(|data| if data.len() > JUNCTION_ID_LEN {
let hash_result = blake2_rfc::blake2b::blake2b(JUNCTION_ID_LEN, &[], data);
let hash = hash_result.as_bytes();
cc.copy_from_slice(hash);
} else {
cc[0..data.len()].copy_from_slice(data);
});
DeriveJunction::Soft(cc)
}
/// Create a new hard (hardened) DeriveJunction from a given, encodable, value.
///
/// If you need a soft junction, use `soft()`.
pub fn hard<T: Encode>(index: T) -> Self {
Self::soft(index).harden()
}
/// Consume self to return the chain code.
pub fn unwrap_inner(self) -> [u8; JUNCTION_ID_LEN] {
match self {
DeriveJunction::Hard(c) | DeriveJunction::Soft(c) => c,
}
}
/// Get a reference to the inner junction id.
pub fn inner(&self) -> &[u8; JUNCTION_ID_LEN] {
match self {
DeriveJunction::Hard(ref c) | DeriveJunction::Soft(ref c) => c,
}
}
/// Return `true` if the junction is soft.
pub fn is_soft(&self) -> bool {
match *self {
DeriveJunction::Soft(_) => true,
_ => false,
}
}
/// Return `true` if the junction is hard.
pub fn is_hard(&self) -> bool {
match *self {
DeriveJunction::Hard(_) => true,
_ => false,
}
}
}
#[cfg(feature = "std")]
impl<T: AsRef<str>> From<T> for DeriveJunction {
fn from(j: T) -> DeriveJunction {
let j = j.as_ref();
let (code, hard) = if j.starts_with("/") {
(&j[1..], true)
} else {
(j, false)
};
let res = if let Ok(n) = str::parse::<u64>(code) {
// number
DeriveJunction::soft(n)
} else {
// something else
DeriveJunction::soft(code)
};
if hard {
res.harden()
} else {
res
}
}
}
/// An error type for SS58 decoding.
#[cfg(feature = "std")]
#[derive(Clone, Copy, Eq, PartialEq, Debug)]
pub enum PublicError {
/// Bad alphabet.
BadBase58,
/// Bad length.
BadLength,
/// Unknown version.
UnknownVersion,
/// Invalid checksum.
InvalidChecksum,
/// Invalid format.
InvalidFormat,
/// Invalid derivation path.
InvalidPath,
}
/// Key that can be encoded to/from SS58.
#[cfg(feature = "std")]
pub trait Ss58Codec: Sized {
/// Some if the string is a properly encoded SS58Check address.
fn from_ss58check(s: &str) -> Result<Self, PublicError>;
/// Some if the string is a properly encoded SS58Check address, optionally with
/// a derivation path following.
fn from_string(s: &str) -> Result<Self, PublicError> { Self::from_ss58check(s) }
/// Return the ss58-check string for this key.
fn to_ss58check(&self) -> String;
}
#[cfg(feature = "std")]
/// Derivable key trait.
pub trait Derive: Sized {
/// Derive a child key from a series of given junctions.
///
/// Will be `None` for public keys if there are any hard junctions in there.
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, _path: Iter) -> Option<Self> { None }
}
#[cfg(feature = "std")]
impl<T: AsMut<[u8]> + AsRef<[u8]> + Default + Derive> Ss58Codec for T {
fn from_ss58check(s: &str) -> Result<Self, PublicError> {
let mut res = T::default();
let len = res.as_mut().len();
let d = s.from_base58().map_err(|_| PublicError::BadBase58)?; // failure here would be invalid encoding.
if d.len() != len + 3 {
// Invalid length.
return Err(PublicError::BadLength);
}
if d[0] != 42 {
// Invalid version.
return Err(PublicError::UnknownVersion);
}
if d[len+1..len+3] != blake2_rfc::blake2b::blake2b(64, &[], &d[0..len+1]).as_bytes()[0..2] {
// Invalid checksum.
return Err(PublicError::InvalidChecksum);
}
res.as_mut().copy_from_slice(&d[1..len+1]);
Ok(res)
}
fn to_ss58check(&self) -> String {
let mut v = vec![42u8];
v.extend(self.as_ref());
let r = blake2_rfc::blake2b::blake2b(64, &[], &v);
v.extend(&r.as_bytes()[0..2]);
v.to_base58()
}
fn from_string(s: &str) -> Result<Self, PublicError> {
let re = Regex::new(r"^(?P<ss58>[\w\d]+)(?P<path>(//?[^/]+)*)$")
.expect("constructed from known-good static value; qed");
let cap = re.captures(s).ok_or(PublicError::InvalidFormat)?;
let re_junction = Regex::new(r"/(/?[^/]+)")
.expect("constructed from known-good static value; qed");
let path = re_junction.captures_iter(&cap["path"])
.map(|f| DeriveJunction::from(&f[1]));
Self::from_ss58check(&cap["ss58"])?.derive(path).ok_or(PublicError::InvalidPath)
}
}
/// Trait suitable for typical cryptographic PKI key pair type.
///
/// For now it just specifies how to create a key from a phrase and derivation path.
#[cfg(feature = "std")]
pub trait Pair: Sized {
/// TThe type which is used to encode a public key.
type Public;
/// The type used to (minimally) encode the data required to securely create
/// a new key pair.
type Seed;
/// The type used to represent a signature. Can be created from a key pair and a message
/// and verified with the message and a public key.
type Signature;
/// Error returned from the `derive` function.
type DeriveError;
/// Generate new secure (random) key pair.
///
/// This is only for ephemeral keys really, since you won't have access to the secret key
/// for storage. If you want a persistent key pair, use `generate_with_phrase` instead.
fn generate() -> Self;
/// Generate new secure (random) key pair and provide the recovery phrase.
///
/// You can recover the same key later with `from_phrase`.
///
/// This is generally slower than `generate()`, so prefer that unless you need to persist
/// the key from the current session.
fn generate_with_phrase(password: Option<&str>) -> (Self, String);
/// Returns the KeyPair from the English BIP39 seed `phrase`, or `None` if it's invalid.
fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Self, SecretStringError>;
/// Derive a child key from a series of given junctions.
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Result<Self, Self::DeriveError>;
/// Generate new key pair from the provided `seed`.
///
/// @WARNING: THIS WILL ONLY BE SECURE IF THE `seed` IS SECURE. If it can be guessed
/// by an attacker then they can also derive your key.
fn from_seed(seed: Self::Seed) -> Self;
/// Make a new key pair from secret seed material. The slice must be the correct size or
/// it will return `None`.
///
/// @WARNING: THIS WILL ONLY BE SECURE IF THE `seed` IS SECURE. If it can be guessed
/// by an attacker then they can also derive your key.
fn from_seed_slice(seed: &[u8]) -> Result<Self, SecretStringError>;
/// Construct a key from a phrase, password and path.
fn from_standard_components<
I: Iterator<Item=DeriveJunction>
>(phrase: &str, password: Option<&str>, path: I) -> Result<Self, SecretStringError>;
/// Sign a message.
fn sign(&self, message: &[u8]) -> Self::Signature;
/// Verify a signature on a message. Returns true if the signature is good.
fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: P) -> bool;
/// Verify a signature on a message. Returns true if the signature is good.
fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(sig: &[u8], message: M, pubkey: P) -> bool;
/// Get the public key.
fn public(&self) -> Self::Public;
/// Interprets the string `s` in order to generate a key Pair.
///
/// This takes a helper function to do the key generation from a phrase, password and
/// junction iterator.
///
/// - If `s` is a possibly `0x` prefixed 64-digit hex string, then it will be interpreted
/// directly as a `MiniSecretKey` (aka "seed" in `subkey`).
/// - If `s` is a valid BIP-39 key phrase of 12, 15, 18, 21 or 24 words, then the key will
/// be derived from it. In this case:
/// - the phrase may be followed by one or more items delimited by `/` characters.
/// - the path may be followed by `///`, in which case everything after the `///` is treated
/// as a password.
/// In this case they are interpreted as HDKD junctions; purely numeric items are interpreted as
/// integers, non-numeric items as strings. Junctions prefixed with `/` are interpreted as soft
/// junctions, and with `//` as hard junctions.
///
/// There is no correspondence mapping between SURI strings and the keys they represent.
/// Two different non-identical strings can actually lead to the same secret being derived.
/// Notably, integer junction indices may be legally prefixed with arbitrary number of zeros.
/// Similarly an empty password (ending the SURI with `///`) is perfectly valid and will generally
/// be equivalent to no password at all.
///
/// `None` is returned if no matches are found.
fn from_string(s: &str, password_override: Option<&str>) -> Result<Self, SecretStringError> {
let hex_seed = if s.starts_with("0x") {
&s[2..]
} else {
s
};
if let Ok(d) = hex::decode(hex_seed) {
if let Ok(r) = Self::from_seed_slice(&d) {
return Ok(r)
}
}
let re = Regex::new(r"^(?P<phrase>\w+( \w+)*)(?P<path>(//?[^/]+)*)(///(?P<password>.*))?$")
.expect("constructed from known-good static value; qed");
let cap = re.captures(s).ok_or(SecretStringError::InvalidFormat)?;
let re_junction = Regex::new(r"/(/?[^/]+)")
.expect("constructed from known-good static value; qed");
let path = re_junction.captures_iter(&cap["path"])
.map(|f| DeriveJunction::from(&f[1]));
Self::from_standard_components(
&cap["phrase"],
password_override.or_else(|| cap.name("password").map(|m| m.as_str())),
path,
)
}
}
#[cfg(test)]
mod tests {
use crate::DeriveJunction;
use hex_literal::{hex, hex_impl};
use super::*;
#[derive(Eq, PartialEq, Debug)]
enum TestPair {
Generated,
GeneratedWithPhrase,
GeneratedFromPhrase{phrase: String, password: Option<String>},
Standard{phrase: String, password: Option<String>, path: Vec<DeriveJunction>},
Seed(Vec<u8>),
}
impl Pair for TestPair {
type Public = ();
type Seed = ();
type Signature = ();
type DeriveError = ();
fn generate() -> Self { TestPair::Generated }
fn generate_with_phrase(_password: Option<&str>) -> (Self, String) { (TestPair::GeneratedWithPhrase, "".into()) }
fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Self, SecretStringError> {
Ok(TestPair::GeneratedFromPhrase{ phrase: phrase.to_owned(), password: password.map(Into::into) })
}
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, _path: Iter) -> Result<Self, Self::DeriveError> {
Err(())
}
fn from_seed(_seed: Self::Seed) -> Self { TestPair::Seed(vec![]) }
fn sign(&self, _message: &[u8]) -> Self::Signature { () }
fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(_sig: &Self::Signature, _message: M, _pubkey: P) -> bool { true }
fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(_sig: &[u8], _message: M, _pubkey: P) -> bool { true }
fn public(&self) -> Self::Public { () }
fn from_standard_components<I: Iterator<Item=DeriveJunction>>(phrase: &str, password: Option<&str>, path: I) -> Result<Self, SecretStringError> {
Ok(TestPair::Standard { phrase: phrase.to_owned(), password: password.map(ToOwned::to_owned), path: path.collect() })
}
fn from_seed_slice(seed: &[u8]) -> Result<Self, SecretStringError> {
Ok(TestPair::Seed(seed.to_owned()))
}
}
#[test]
fn interpret_std_seed_should_work() {
assert_eq!(
TestPair::from_string("0x0123456789abcdef", None),
Ok(TestPair::Seed(hex!["0123456789abcdef"][..].to_owned()))
);
assert_eq!(
TestPair::from_string("0123456789abcdef", None),
Ok(TestPair::Seed(hex!["0123456789abcdef"][..].to_owned()))
);
}
#[test]
fn password_override_should_work() {
assert_eq!(
TestPair::from_string("hello world///password", None),
TestPair::from_string("hello world", Some("password")),
);
assert_eq!(
TestPair::from_string("hello world///password", None),
TestPair::from_string("hello world///other password", Some("password")),
);
}
#[test]
fn interpret_std_secret_string_should_work() {
assert_eq!(
TestPair::from_string("hello world", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![]})
);
assert_eq!(
TestPair::from_string("hello world/1", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::soft(1)]})
);
assert_eq!(
TestPair::from_string("hello world/DOT", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::soft("DOT")]})
);
assert_eq!(
TestPair::from_string("hello world//1", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::hard(1)]})
);
assert_eq!(
TestPair::from_string("hello world//DOT", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::hard("DOT")]})
);
assert_eq!(
TestPair::from_string("hello world//1/DOT", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::hard(1), DeriveJunction::soft("DOT")]})
);
assert_eq!(
TestPair::from_string("hello world//DOT/1", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: None, path: vec![DeriveJunction::hard("DOT"), DeriveJunction::soft(1)]})
);
assert_eq!(
TestPair::from_string("hello world///password", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: Some("password".to_owned()), path: vec![]})
);
assert_eq!(
TestPair::from_string("hello world//1/DOT///password", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: Some("password".to_owned()), path: vec![DeriveJunction::hard(1), DeriveJunction::soft("DOT")]})
);
assert_eq!(
TestPair::from_string("hello world/1//DOT///password", None),
Ok(TestPair::Standard{phrase: "hello world".to_owned(), password: Some("password".to_owned()), path: vec![DeriveJunction::soft(1), DeriveJunction::hard("DOT")]})
);
}
}
substrate/core/primitives/src/ed25519.rs
+434 -187
View File
@@ -18,23 +18,241 @@
//! Simple Ed25519 API.
// end::description[]
use untrusted;
use blake2_rfc;
use ring::{rand, signature, signature::KeyPair};
use crate::{hash::H512, Ed25519AuthorityId};
use base58::{ToBase58, FromBase58};
use crate::{hash::H256, hash::H512};
use parity_codec::{Encode, Decode};
#[cfg(feature = "std")]
use serde::{de, Serializer, Deserializer, Deserialize};
use untrusted;
#[cfg(feature = "std")]
use blake2_rfc;
#[cfg(feature = "std")]
use ring::{signature, signature::KeyPair, rand::{SecureRandom, SystemRandom}};
#[cfg(feature = "std")]
use base58::{ToBase58, FromBase58};
#[cfg(feature = "std")]
use substrate_bip39::seed_from_entropy;
#[cfg(feature = "std")]
use bip39::{Mnemonic, Language, MnemonicType};
#[cfg(feature = "std")]
use crate::crypto::{Pair as TraitPair, DeriveJunction, SecretStringError, Derive};
#[cfg(feature = "std")]
use serde::{de, Serializer, Serialize, Deserializer, Deserialize};
use crate::crypto::UncheckedFrom;
/// Alias to 512-bit hash when used in the context of a signature on the relay chain.
pub type Signature = H512;
/// A secret seed. It's not called a "secret key" because ring doesn't expose the secret keys
/// of the key pair (yeah, dumb); as such we're forced to remember the seed manually if we
/// will need it later (such as for HDKD).
#[cfg(feature = "std")]
type Seed = [u8; 32];
/// Length of the PKCS#8 encoding of the key.
pub const PKCS_LEN: usize = 85;
/// A public key.
#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Encode, Decode, Default)]
pub struct Public(pub [u8; 32]);
/// A key pair.
#[cfg(feature = "std")]
pub struct Pair(signature::Ed25519KeyPair, Seed);
#[cfg(feature = "std")]
impl Clone for Pair {
fn clone(&self) -> Self {
Pair::from_seed(self.1.clone())
}
}
impl AsRef<[u8; 32]> for Public {
fn as_ref(&self) -> &[u8; 32] {
&self.0
}
}
impl AsRef<[u8]> for Public {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl AsMut<[u8]> for Public {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
impl From<Public> for [u8; 32] {
fn from(x: Public) -> Self {
x.0
}
}
#[cfg(feature = "std")]
impl From<Pair> for Public {
fn from(x: Pair) -> Self {
x.public()
}
}
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
}
}
impl From<Public> for H256 {
fn from(x: Public) -> Self {
x.0.into()
}
}
impl UncheckedFrom<[u8; 32]> for Public {
fn unchecked_from(x: [u8; 32]) -> Self {
Public::from_raw(x)
}
}
impl UncheckedFrom<H256> for Public {
fn unchecked_from(x: H256) -> Self {
Public::from_h256(x)
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Display for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", self.to_ss58check())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
let s = self.to_ss58check();
write!(f, "{} ({}...)", crate::hexdisplay::HexDisplay::from(&self.0), &s[0..8])
}
}
#[cfg(feature = "std")]
impl Serialize for Public {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: Serializer {
serializer.serialize_str(&self.to_ss58check())
}
}
#[cfg(feature = "std")]
impl<'de> Deserialize<'de> for Public {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: Deserializer<'de> {
Public::from_ss58check(&String::deserialize(deserializer)?)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
}
}
#[cfg(feature = "std")]
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// A signature (a 512-bit value).
#[derive(Encode, Decode)]
pub struct Signature(pub [u8; 64]);
impl Clone for Signature {
fn clone(&self) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(&self.0[..]);
Signature(r)
}
}
impl Default for Signature {
fn default() -> Self {
Signature([0u8; 64])
}
}
impl PartialEq for Signature {
fn eq(&self, b: &Self) -> bool {
&self.0[..] == &b.0[..]
}
}
impl Eq for Signature {}
impl From<Signature> for H512 {
fn from(v: Signature) -> H512 {
H512::from(v.0)
}
}
impl From<Signature> for [u8; 64] {
fn from(v: Signature) -> [u8; 64] {
v.0
}
}
impl AsRef<[u8; 64]> for Signature {
fn as_ref(&self) -> &[u8; 64] {
&self.0
}
}
impl AsRef<[u8]> for Signature {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl AsMut<[u8]> for Signature {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Signature {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", crate::hexdisplay::HexDisplay::from(&self.0))
}
}
#[cfg(feature = "std")]
impl ::std::hash::Hash for Signature {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
::std::hash::Hash::hash(&self.0[..], state);
}
}
impl Signature {
/// A new instance from the given 64-byte `data`.
///
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_raw(data: [u8; 64]) -> Signature {
Signature(data)
}
/// A new instance from the given slice that should be 64 bytes long.
///
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(data);
Signature(r)
}
/// A new instance from an H512.
///
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_h512(v: H512) -> Signature {
Signature(v.into())
}
}
/// A localized signature also contains sender information.
#[cfg(feature = "std")]
#[derive(PartialEq, Eq, Clone, Debug, Encode, Decode)]
pub struct LocalizedSignature {
/// The signer of the signature.
@@ -43,33 +261,8 @@ pub struct LocalizedSignature {
pub signature: Signature,
}
/// Verify a message without type checking the parameters' types for the right size.
/// Returns true if the signature is good.
pub fn verify<P: AsRef<[u8]>>(sig: &[u8], message: &[u8], public: P) -> bool {
let public_key = untrusted::Input::from(public.as_ref());
let msg = untrusted::Input::from(message);
let sig = untrusted::Input::from(sig);
match signature::verify(&signature::ED25519, public_key, msg, sig) {
Ok(_) => true,
_ => false,
}
}
/// A public key.
#[derive(PartialEq, Eq, Clone, Encode, Decode)]
pub struct Public(pub [u8; 32]);
/// A key pair.
pub struct Pair(signature::Ed25519KeyPair);
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// An error type for SS58 decoding.
#[cfg(feature = "std")]
#[derive(Clone, Copy, Eq, PartialEq, Debug)]
pub enum PublicError {
/// Bad alphabet.
@@ -84,17 +277,55 @@ pub enum PublicError {
impl Public {
/// A new instance from the given 32-byte `data`.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_raw(data: [u8; 32]) -> Self {
Public(data)
}
/// A new instance from the given slice that should be 32 bytes long.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 32];
r.copy_from_slice(data);
Public(r)
}
/// A new instance from an H256.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_h256(x: H256) -> Self {
Public(x.into())
}
/// Return a `Vec<u8>` filled with raw data.
#[cfg(feature = "std")]
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
}
#[cfg(feature = "std")]
impl Derive for Public {}
#[cfg(feature = "std")]
impl Public {
/// Some if the string is a properly encoded SS58Check address.
pub fn from_ss58check(s: &str) -> Result<Self, PublicError> {
let d = s.from_base58().map_err(|_| PublicError::BadBase58)?; // failure here would be invalid encoding.
@@ -113,23 +344,6 @@ impl Public {
Ok(Self::from_slice(&d[1..33]))
}
/// Return a `Vec<u8>` filled with raw data.
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
/// Return the ss58-check string for this key.
pub fn to_ss58check(&self) -> String {
let mut v = vec![42u8];
@@ -140,178 +354,197 @@ impl Public {
}
}
impl AsRef<[u8; 32]> for Public {
fn as_ref(&self) -> &[u8; 32] {
&self.0
}
}
impl AsRef<[u8]> for Public {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl Into<[u8; 32]> for Public {
fn into(self) -> [u8; 32] {
self.0
}
}
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
}
}
#[cfg(feature = "std")]
impl AsRef<Pair> for Pair {
fn as_ref(&self) -> &Pair {
&self
}
}
impl Into<Ed25519AuthorityId> for Public {
fn into(self) -> Ed25519AuthorityId {
Ed25519AuthorityId(self.0)
}
/// Derive a single hard junction.
#[cfg(feature = "std")]
fn derive_hard_junction(secret_seed: &Seed, cc: &[u8; 32]) -> Seed {
("Ed25519HDKD", secret_seed, cc).using_encoded(|data| {
let mut res = [0u8; 32];
res.copy_from_slice(blake2_rfc::blake2b::blake2b(32, &[], data).as_bytes());
res
})
}
impl From<Ed25519AuthorityId> for Public {
fn from(id: Ed25519AuthorityId) -> Self {
Public(id.0)
}
/// An error when deriving a key.
#[cfg(feature = "std")]
pub enum DeriveError {
/// A soft key was found in the path (and is unsupported).
SoftKeyInPath,
}
impl ::std::fmt::Display for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", self.to_ss58check())
}
}
impl ::std::fmt::Debug for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
let s = self.to_ss58check();
write!(f, "{} ({}...)", crate::hexdisplay::HexDisplay::from(&self.0), &s[0..8])
}
}
impl Pair {
/// Generate new secure (random) key pair, yielding it and the corresponding pkcs#8 bytes.
pub fn generate_with_pkcs8() -> (Self, [u8; PKCS_LEN]) {
let rng = rand::SystemRandom::new();
let pkcs8_bytes = signature::Ed25519KeyPair::generate_pkcs8(&rng).expect("system randomness is available; qed");
let pair = Self::from_pkcs8(&pkcs8_bytes.as_ref()).expect("just-generated pkcs#8 data is valid; qed");
let mut out = [0; PKCS_LEN];
out.copy_from_slice(pkcs8_bytes.as_ref());
(pair, out)
}
#[cfg(feature = "std")]
impl TraitPair for Pair {
type Public = Public;
type Seed = Seed;
type Signature = Signature;
type DeriveError = DeriveError;
/// Generate new secure (random) key pair.
pub fn generate() -> Pair {
let (pair, _) = Self::generate_with_pkcs8();
pair
///
/// This is only for ephemeral keys really, since you won't have access to the secret key
/// for storage. If you want a persistent key pair, use `generate_with_phrase` instead.
fn generate() -> Pair {
let mut seed: Seed = Default::default();
SystemRandom::new().fill(seed.as_mut()).expect("system random source should always work! qed");
Self::from_seed(seed)
}
/// Generate from pkcs#8 bytes.
pub fn from_pkcs8(pkcs8_bytes: &[u8]) -> Result<Self, ::ring::error::KeyRejected> {
signature::Ed25519KeyPair::from_pkcs8(untrusted::Input::from(&pkcs8_bytes)).map(Pair)
/// Generate new secure (random) key pair and provide the recovery phrase.
///
/// You can recover the same key later with `from_phrase`.
fn generate_with_phrase(password: Option<&str>) -> (Pair, String) {
let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
let phrase = mnemonic.phrase();
(
Self::from_phrase(phrase, password).expect("All phrases generated by Mnemonic are valid; qed"),
phrase.to_owned(),
)
}
/// Make a new key pair from a seed phrase.
/// NOTE: prefer pkcs#8 unless security doesn't matter -- this is used primarily for tests.
pub fn from_seed(seed: &[u8; 32]) -> Pair {
/// Generate key pair from given recovery phrase and password.
fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Pair, SecretStringError> {
let big_seed = seed_from_entropy(
Mnemonic::from_phrase(phrase, Language::English)
.map_err(|_| SecretStringError::InvalidPhrase)?.entropy(),
password.unwrap_or(""),
).map_err(|_| SecretStringError::InvalidSeed)?;
Self::from_seed_slice(&big_seed[0..32])
}
/// Make a new key pair from secret seed material.
///
/// You should never need to use this; generate(), generate_with_phrasee
fn from_seed(seed: Seed) -> Pair {
let key = signature::Ed25519KeyPair::from_seed_unchecked(untrusted::Input::from(&seed[..]))
.expect("seed has valid length; qed");
Pair(key)
Pair(key, seed)
}
/// Sign a message.
pub fn sign(&self, message: &[u8]) -> Signature {
let mut r = [0u8; 64];
r.copy_from_slice(self.0.sign(message).as_ref());
Signature::from(r)
/// Make a new key pair from secret seed material. The slice must be 32 bytes long or it
/// will return `None`.
///
/// You should never need to use this; generate(), generate_with_phrase
fn from_seed_slice(seed_slice: &[u8]) -> Result<Pair, SecretStringError> {
if seed_slice.len() != 32 {
Err(SecretStringError::InvalidSeedLength)
} else {
let mut seed = [0u8; 32];
seed.copy_from_slice(&seed_slice);
Ok(Self::from_seed(seed))
}
}
/// Derive a child key from a series of given junctions.
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Result<Pair, DeriveError> {
let mut acc = self.1.clone();
for j in path {
match j {
DeriveJunction::Soft(_cc) => return Err(DeriveError::SoftKeyInPath),
DeriveJunction::Hard(cc) => acc = derive_hard_junction(&acc, &cc),
}
}
Ok(Self::from_seed(acc))
}
/// Generate a key from the phrase, password and derivation path.
fn from_standard_components<I: Iterator<Item=DeriveJunction>>(phrase: &str, password: Option<&str>, path: I) -> Result<Pair, SecretStringError> {
Self::from_phrase(phrase, password)?.derive(path).map_err(|_| SecretStringError::InvalidPath)
}
/// Get the public key.
pub fn public(&self) -> Public {
fn public(&self) -> Public {
let mut r = [0u8; 32];
let pk = self.0.public_key().as_ref();
r.copy_from_slice(pk);
Public(r)
}
}
/// Verify a signature on a message. Returns true if the signature is good.
pub fn verify_strong<P: AsRef<Public>>(sig: &Signature, message: &[u8], pubkey: P) -> bool {
let public_key = untrusted::Input::from(&pubkey.as_ref().0[..]);
let msg = untrusted::Input::from(message);
let sig = untrusted::Input::from(&sig.as_bytes());
/// Sign a message.
fn sign(&self, message: &[u8]) -> Signature {
let mut r = [0u8; 64];
r.copy_from_slice(self.0.sign(message).as_ref());
Signature::from_raw(r)
}
match signature::verify(&signature::ED25519, public_key, msg, sig) {
Ok(_) => true,
_ => false,
/// Verify a signature on a message. Returns true if the signature is good.
fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: P) -> bool {
let public_key = untrusted::Input::from(&pubkey.as_ref().0[..]);
let msg = untrusted::Input::from(message.as_ref());
let sig = untrusted::Input::from(&sig.0[..]);
match signature::verify(&signature::ED25519, public_key, msg, sig) {
Ok(_) => true,
_ => false,
}
}
/// Verify a signature on a message. Returns true if the signature is good.
///
/// This doesn't use the type system to ensure that `sig` and `pubkey` are the correct
/// size. Use it only if you're coming from byte buffers and need the speed.
fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(sig: &[u8], message: M, pubkey: P) -> bool {
let public_key = untrusted::Input::from(pubkey.as_ref());
let msg = untrusted::Input::from(message.as_ref());
let sig = untrusted::Input::from(sig);
match signature::verify(&signature::ED25519, public_key, msg, sig) {
Ok(_) => true,
_ => false,
}
}
}
/// Something that acts as a signature allowing a message to be verified.
pub trait Verifiable {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool;
}
impl Verifiable for Signature {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
verify_strong(&self, message, pubkey)
}
}
impl Verifiable for LocalizedSignature {
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
pubkey.as_ref() == &self.signer && self.signature.verify(message, pubkey)
}
}
/// Deserialize from `ss58` into something that can be constructed from `[u8; 32]`.
#[cfg(feature = "std")]
pub fn deserialize<'de, D, T: From<[u8; 32]>>(deserializer: D) -> Result<T, D::Error> where
D: Deserializer<'de>,
{
let ss58 = String::deserialize(deserializer)?;
Public::from_ss58check(&ss58)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
.map(|v| v.0.into())
}
impl Pair {
/// Get the seed for this key.
pub fn seed(&self) -> &Seed {
&self.1
}
/// Serializes something that implements `AsRef<[u8; 32]>` into `ss58`.
#[cfg(feature = "std")]
pub fn serialize<S, T: AsRef<[u8; 32]>>(data: &T, serializer: S) -> Result<S::Ok, S::Error> where
S: Serializer,
{
serializer.serialize_str(&Public(*data.as_ref()).to_ss58check())
/// Exactly as `from_string` except that if no matches are found then, the the first 32
/// characters are taken (padded with spaces as necessary) and used as the MiniSecretKey.
pub fn from_legacy_string(s: &str, password_override: Option<&str>) -> Pair {
Self::from_string(s, password_override).unwrap_or_else(|_| {
let mut padded_seed: Seed = [' ' as u8; 32];
let len = s.len().min(32);
padded_seed[..len].copy_from_slice(&s.as_bytes()[..len]);
Self::from_seed(padded_seed)
})
}
}
#[cfg(test)]
mod test {
use super::*;
use hex_literal::{hex, hex_impl};
fn _test_primitives_signature_and_local_the_same() {
fn takes_two<T>(_: T, _: T) { }
takes_two(Signature::default(), crate::Signature::default())
}
use crate::Pair as _Pair;
#[test]
fn test_vector_should_work() {
let pair: Pair = Pair::from_seed(&hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"));
let pair: Pair = Pair::from_seed(hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"));
let public = pair.public();
assert_eq!(public, Public::from_raw(hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")));
let message = b"";
let signature: Signature = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b").into();
let signature = Signature::from_raw(hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"));
assert!(&pair.sign(&message[..]) == &signature);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
fn test_vector_by_string_should_work() {
let pair: Pair = Pair::from_string("0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", None).unwrap();
let public = pair.public();
assert_eq!(public, Public::from_raw(hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")));
let message = b"";
let signature = Signature::from_raw(hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"));
assert!(&pair.sign(&message[..]) == &signature);
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
@@ -320,33 +553,47 @@ mod test {
let public = pair.public();
let message = b"Something important";
let signature = pair.sign(&message[..]);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
fn seeded_pair_should_work() {
use crate::hexdisplay::HexDisplay;
let pair = Pair::from_seed(b"12345678901234567890123456789012");
let pair = Pair::from_seed(*b"12345678901234567890123456789012");
let public = pair.public();
assert_eq!(public, Public::from_raw(hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee")));
let message = hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee00000000000000000200d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a4500000000000000");
let signature = pair.sign(&message[..]);
println!("Correct signature: {}", HexDisplay::from(&signature.as_bytes()));
assert!(verify_strong(&signature, &message[..], &public));
println!("Correct signature: {:?}", signature);
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
fn generate_with_pkcs8_recovery_possible() {
let (pair1, pkcs8) = Pair::generate_with_pkcs8();
let pair2 = Pair::from_pkcs8(&pkcs8).unwrap();
fn generate_with_phrase_recovery_possible() {
let (pair1, phrase) = Pair::generate_with_phrase(None);
let pair2 = Pair::from_phrase(&phrase, None).unwrap();
assert_eq!(pair1.public(), pair2.public());
}
#[test]
fn generate_with_password_phrase_recovery_possible() {
let (pair1, phrase) = Pair::generate_with_phrase(Some("password"));
let pair2 = Pair::from_phrase(&phrase, Some("password")).unwrap();
assert_eq!(pair1.public(), pair2.public());
}
#[test]
fn password_does_something() {
let (pair1, phrase) = Pair::generate_with_phrase(Some("password"));
let pair2 = Pair::from_phrase(&phrase, None).unwrap();
assert_ne!(pair1.public(), pair2.public());
}
#[test]
fn ss58check_roundtrip_works() {
let pair = Pair::from_seed(b"12345678901234567890123456789012");
let pair = Pair::from_seed(*b"12345678901234567890123456789012");
let public = pair.public();
let s = public.to_ss58check();
println!("Correct: {}", s);
substrate/core/primitives/src/lib.rs
+5 -9
View File
@@ -49,19 +49,17 @@ pub mod hashing;
pub use hashing::{blake2_256, twox_128, twox_256};
#[cfg(feature = "std")]
pub mod hexdisplay;
#[cfg(feature = "std")]
pub mod ed25519;
#[cfg(feature = "std")]
pub mod sr25519;
pub mod crypto;
pub mod u32_trait;
pub mod ed25519;
pub mod sr25519;
pub mod hash;
mod hasher;
pub mod sandbox;
pub mod storage;
pub mod uint;
mod authority_id;
mod changes_trie;
#[cfg(test)]
@@ -69,17 +67,15 @@ mod tests;
pub use self::hash::{H160, H256, H512, convert_hash};
pub use self::uint::U256;
pub use authority_id::Ed25519AuthorityId;
pub use changes_trie::ChangesTrieConfiguration;
#[cfg(feature = "std")]
pub use crypto::{DeriveJunction, Pair};
pub use hash_db::Hasher;
// Switch back to Blake after PoC-3 is out
// pub use self::hasher::blake::BlakeHasher;
pub use self::hasher::blake2::Blake2Hasher;
/// A 512-bit value interpreted as a signature.
pub type Signature = hash::H512;
/// Hex-serialised shim for `Vec<u8>`.
#[derive(PartialEq, Eq, Clone)]
#[cfg_attr(feature = "std", derive(Serialize, Deserialize, Debug, Hash, PartialOrd, Ord))]
substrate/core/primitives/src/sr25519.rs
+402 -316
View File
@@ -16,136 +16,48 @@
// tag::description[]
//! Simple sr25519 (Schnorr-Ristretto) API.
//!
//! Note: `CHAIN_CODE_LENGTH` must be equal to `crate::crypto::JUNCTION_ID_LEN`
//! for this to work.
// end::description[]
use base58::{FromBase58, ToBase58};
#[cfg(feature = "std")]
use blake2_rfc;
#[cfg(feature = "std")]
use rand::rngs::OsRng;
#[cfg(feature = "std")]
use schnorrkel::{signing_context, Keypair, SecretKey, MiniSecretKey, PublicKey,
derive::{Derivation, ChainCode, CHAIN_CODE_LENGTH}
};
#[cfg(feature = "std")]
use substrate_bip39::mini_secret_from_entropy;
//use sha2::Sha512;
#[cfg(feature = "std")]
use bip39::{Mnemonic, Language, MnemonicType};
#[cfg(feature = "std")]
use crate::crypto::{Pair as TraitPair, DeriveJunction, Infallible, SecretStringError, Derive, Ss58Codec};
use crate::{hash::{H256, H512}, crypto::UncheckedFrom};
use parity_codec::{Encode, Decode};
use crate::hash::H512;
use bip39::{Mnemonic, Language};
#[cfg(feature = "std")]
use serde::{de, Deserialize, Deserializer, Serializer};
use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
#[cfg(feature = "std")]
use schnorrkel::keys::MINI_SECRET_KEY_LENGTH;
// signing context
const SIGNING_CTX: &'static [u8] = b"substrate transaction";
/// An Schnorrkel/Ristretto x25519 ("sr25519") signature.
///
/// Instead of importing it for the local module, alias it to be available as a public type
pub type Signature = H512;
/// A localized signature also contains sender information.
/// NOTE: Encode and Decode traits are supported in ed25519 but not possible for now here.
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct LocalizedSignature {
/// The signer of the signature.
pub signer: Public,
/// The signature itself.
pub signature: Signature,
}
#[cfg(feature = "std")]
const SIGNING_CTX: &[u8] = b"substrate";
/// An Schnorrkel/Ristretto x25519 ("sr25519") public key.
#[derive(PartialEq, Eq, Clone, Encode, Decode)]
#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Encode, Decode, Default)]
pub struct Public(pub [u8; 32]);
/// An Schnorrkel/Ristretto x25519 ("sr25519") key pair.
#[cfg(feature = "std")]
pub struct Pair(Keypair);
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// An error type for SS58 decoding.
#[derive(Clone, Copy, Eq, PartialEq, Debug)]
pub enum PublicError {
/// Bad alphabet.
BadBase58,
/// Bad length.
BadLength,
/// Unknown version.
UnknownVersion,
/// Invalid checksum.
InvalidChecksum,
}
impl Public {
/// A new instance from the given 32-byte `data`.
pub fn from_raw(data: [u8; 32]) -> Self {
Public(data)
}
/// A new instance from the given slice that should be 32 bytes long.
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 32];
r.copy_from_slice(data);
Public(r)
}
/// Some if the string is a properly encoded SS58Check address.
pub fn from_ss58check(s: &str) -> Result<Self, PublicError> {
let d = s.from_base58().map_err(|_| PublicError::BadBase58)?; // failure here would be invalid encoding.
if d.len() != 35 {
// Invalid length.
return Err(PublicError::BadLength);
}
if d[0] != 42 {
// Invalid version.
return Err(PublicError::UnknownVersion);
}
if d[33..35] != blake2_rfc::blake2b::blake2b(64, &[], &d[0..33]).as_bytes()[0..2] {
// Invalid checksum.
return Err(PublicError::InvalidChecksum);
}
Ok(Self::from_slice(&d[1..33]))
}
/// Return a `Vec<u8>` filled with raw data.
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
/// Return the ss58-check string for this key.
pub fn to_ss58check(&self) -> String {
let mut v = vec![42u8];
v.extend(self.as_slice());
let r = blake2_rfc::blake2b::blake2b(64, &[], &v);
v.extend(&r.as_bytes()[0..2]);
v.to_base58()
}
/// Derive a child key from a series of given junctions.
///
/// `None` if there are any hard junctions in there.
pub fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, mut path: Iter) -> Option<Public> {
let mut acc = PublicKey::from_bytes(self.as_ref()).ok()?;
for j in path {
match j {
DeriveJunction::Soft(cc) => acc = acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => return None,
}
}
Some(Self(acc.to_bytes()))
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
}
}
@@ -161,60 +73,44 @@ impl AsRef<[u8]> for Public {
}
}
impl Into<[u8; 32]> for Public {
fn into(self) -> [u8; 32] {
self.0
impl AsMut<[u8]> for Public {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
impl From<Public> for [u8; 32] {
fn from(x: Public) -> [u8; 32] {
x.0
}
}
impl AsRef<Pair> for Pair {
fn as_ref(&self) -> &Pair {
&self
impl From<Public> for H256 {
fn from(x: Public) -> H256 {
x.0.into()
}
}
impl From<MiniSecretKey> for Pair {
fn from(sec: MiniSecretKey) -> Pair {
Pair(sec.expand_to_keypair())
impl UncheckedFrom<[u8; 32]> for Public {
fn unchecked_from(x: [u8; 32]) -> Self {
Public::from_raw(x)
}
}
impl From<SecretKey> for Pair {
fn from(sec: SecretKey) -> Pair {
Pair(Keypair::from(sec))
}
}
impl From<schnorrkel::Keypair> for Pair {
fn from(p: schnorrkel::Keypair) -> Pair {
Pair(p)
}
}
impl From<Pair> for schnorrkel::Keypair {
fn from(p: Pair) -> schnorrkel::Keypair {
p.0
}
}
impl AsRef<schnorrkel::Keypair> for Pair {
fn as_ref(&self) -> &schnorrkel::Keypair {
&self.0
impl UncheckedFrom<H256> for Public {
fn unchecked_from(x: H256) -> Self {
Public::from_h256(x)
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Display for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", self.to_ss58check())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
let s = self.to_ss58check();
@@ -222,81 +118,253 @@ impl ::std::fmt::Debug for Public {
}
}
/// A since derivation junction description. It is the single parameter used when creating
/// a new secret key from an existing secret key and, in the case of `SoftRaw` and `SoftIndex`
/// a new public key from an existing public key.
#[derive(Copy, Clone, Eq, PartialEq, Hash, Debug, Encode, Decode)]
pub enum DeriveJunction {
/// Soft (vanilla) derivation. Public keys have a correspondent derivation.
Soft([u8; CHAIN_CODE_LENGTH]),
/// Hard ("hardened") derivation. Public keys do not have a correspondent derivation.
Hard([u8; CHAIN_CODE_LENGTH]),
#[cfg(feature = "std")]
impl Serialize for Public {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: Serializer {
serializer.serialize_str(&self.to_ss58check())
}
}
impl DeriveJunction {
/// Consume self to return a soft derive junction with the same chain code.
pub fn soften(self) -> Self { DeriveJunction::Soft(self.unwrap_inner()) }
#[cfg(feature = "std")]
impl<'de> Deserialize<'de> for Public {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: Deserializer<'de> {
Public::from_ss58check(&String::deserialize(deserializer)?)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
}
}
/// Consume self to return a hard derive junction with the same chain code.
pub fn harden(self) -> Self { DeriveJunction::Hard(self.unwrap_inner()) }
#[cfg(feature = "std")]
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// Create a new soft (vanilla) DeriveJunction from a given, encodable, value.
/// An Schnorrkel/Ristretto x25519 ("sr25519") signature.
///
/// Instead of importing it for the local module, alias it to be available as a public type
#[derive(Encode, Decode)]
pub struct Signature(pub [u8; 64]);
impl Clone for Signature {
fn clone(&self) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(&self.0[..]);
Signature(r)
}
}
impl Default for Signature {
fn default() -> Self {
Signature([0u8; 64])
}
}
impl PartialEq for Signature {
fn eq(&self, b: &Self) -> bool {
&self.0[..] == &b.0[..]
}
}
impl Eq for Signature {}
impl From<Signature> for [u8; 64] {
fn from(v: Signature) -> [u8; 64] {
v.0
}
}
impl From<Signature> for H512 {
fn from(v: Signature) -> H512 {
H512::from(v.0)
}
}
impl AsRef<[u8; 64]> for Signature {
fn as_ref(&self) -> &[u8; 64] {
&self.0
}
}
impl AsRef<[u8]> for Signature {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl AsMut<[u8]> for Signature {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
#[cfg(feature = "std")]
impl From<schnorrkel::Signature> for Signature {
fn from(s: schnorrkel::Signature) -> Signature {
Signature(s.to_bytes())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Signature {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", crate::hexdisplay::HexDisplay::from(&self.0))
}
}
#[cfg(feature = "std")]
impl ::std::hash::Hash for Signature {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
::std::hash::Hash::hash(&self.0[..], state);
}
}
/// A localized signature also contains sender information.
/// NOTE: Encode and Decode traits are supported in ed25519 but not possible for now here.
#[cfg(feature = "std")]
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct LocalizedSignature {
/// The signer of the signature.
pub signer: Public,
/// The signature itself.
pub signature: Signature,
}
impl Signature {
/// A new instance from the given 64-byte `data`.
///
/// If you need a hard junction, use `hard()`.
pub fn soft<T: Encode>(index: T) -> Self {
let mut cc: [u8; CHAIN_CODE_LENGTH] = Default::default();
index.using_encoded(|data| if data.len() > CHAIN_CODE_LENGTH {
let hash_result = blake2_rfc::blake2b::blake2b(CHAIN_CODE_LENGTH, &[], data);
let hash = hash_result.as_bytes();
cc.copy_from_slice(hash);
} else {
cc[0..data.len()].copy_from_slice(data);
});
DeriveJunction::Soft(cc)
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_raw(data: [u8; 64]) -> Signature {
Signature(data)
}
/// Create a new hard (hardened) DeriveJunction from a given, encodable, value.
/// A new instance from the given slice that should be 64 bytes long.
///
/// If you need a soft junction, use `soft()`.
pub fn hard<T: Encode>(index: T) -> Self {
Self::soft(index).harden()
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(data);
Signature(r)
}
/// Consume self to return the chain code.
pub fn unwrap_inner(self) -> [u8; CHAIN_CODE_LENGTH] {
match self {
DeriveJunction::Hard(c) | DeriveJunction::Soft(c) => c,
/// A new instance from an H512.
///
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_h512(v: H512) -> Signature {
Signature(v.into())
}
}
#[cfg(feature = "std")]
impl Derive for Public {
/// Derive a child key from a series of given junctions.
///
/// `None` if there are any hard junctions in there.
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Option<Public> {
let mut acc = PublicKey::from_bytes(self.as_ref()).ok()?;
for j in path {
match j {
DeriveJunction::Soft(cc) => acc = acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(_cc) => return None,
}
}
Some(Self(acc.to_bytes()))
}
}
impl Public {
/// A new instance from the given 32-byte `data`.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_raw(data: [u8; 32]) -> Self {
Public(data)
}
/// Consume self to return the chain code.
pub fn unwrap_chain_code(self) -> ChainCode {
ChainCode(self.unwrap_inner())
/// A new instance from the given slice that should be 32 bytes long.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 32];
r.copy_from_slice(data);
Public(r)
}
/// Return a reference to the chain code.
pub fn chain_code(&self) -> ChainCode {
self.clone().unwrap_chain_code()
/// A new instance from an H256.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_h256(x: H256) -> Self {
Public(x.into())
}
/// Return `true` if the junction is soft.
pub fn is_soft(&self) -> bool {
match *self {
DeriveJunction::Soft(_) => true,
_ => false,
}
/// Return a `Vec<u8>` filled with raw data.
#[cfg(feature = "std")]
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return `true` if the junction is hard.
pub fn is_hard(&self) -> bool {
match *self {
DeriveJunction::Hard(_) => true,
_ => false,
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
}
#[cfg(feature = "std")]
impl AsRef<Pair> for Pair {
fn as_ref(&self) -> &Pair {
&self
}
}
#[cfg(feature = "std")]
impl From<MiniSecretKey> for Pair {
fn from(sec: MiniSecretKey) -> Pair {
Pair(sec.expand_to_keypair())
}
}
#[cfg(feature = "std")]
impl From<SecretKey> for Pair {
fn from(sec: SecretKey) -> Pair {
Pair(Keypair::from(sec))
}
}
#[cfg(feature = "std")]
impl From<schnorrkel::Keypair> for Pair {
fn from(p: schnorrkel::Keypair) -> Pair {
Pair(p)
}
}
#[cfg(feature = "std")]
impl From<Pair> for schnorrkel::Keypair {
fn from(p: Pair) -> schnorrkel::Keypair {
p.0
}
}
#[cfg(feature = "std")]
impl AsRef<schnorrkel::Keypair> for Pair {
fn as_ref(&self) -> &schnorrkel::Keypair {
&self.0
}
}
/// Derive a single hard junction.
#[cfg(feature = "std")]
fn derive_hard_junction(secret: &SecretKey, cc: &[u8; CHAIN_CODE_LENGTH]) -> SecretKey {
("SchnorrRistrettoHDKD", &secret.to_bytes()[..], cc).using_encoded(|data|
MiniSecretKey::from_bytes(blake2_rfc::blake2b::blake2b(32, &[], data).as_bytes())
@@ -305,173 +373,181 @@ fn derive_hard_junction(secret: &SecretKey, cc: &[u8; CHAIN_CODE_LENGTH]) -> Sec
)
}
impl Pair {
#[cfg(feature = "std")]
type Seed = [u8; MINI_SECRET_KEY_LENGTH];
#[cfg(feature = "std")]
impl TraitPair for Pair {
type Public = Public;
type Seed = Seed;
type Signature = Signature;
type DeriveError = Infallible;
/// Generate new secure (random) key pair.
pub fn generate() -> Pair {
fn generate() -> Pair {
let mut csprng: OsRng = OsRng::new().expect("os random generator works; qed");
let key_pair: Keypair = Keypair::generate(&mut csprng);
Pair(key_pair)
}
/// Make a new key pair from a seed phrase.
/// Make a new key pair from raw secret seed material.
///
/// This is generated using schnorrkel's Mini-Secret-Keys.
///
/// A MiniSecretKey is literally what Ed25519 calls a SecretKey, which is just 32 random bytes.
pub fn from_seed(seed: &[u8; 32]) -> Pair {
let mini_key: MiniSecretKey = MiniSecretKey::from_bytes(seed)
fn from_seed(seed: Seed) -> Pair {
let mini_key: MiniSecretKey = MiniSecretKey::from_bytes(&seed[..])
.expect("32 bytes can always build a key; qed");
let kp = mini_key.expand_to_keypair();
Pair(kp)
}
/// Make a new key pair from a seed phrase.
/// This is generated using schnorrkel's Mini-Secret-Keys.
/// A MiniSecretKey is literally what Ed25519 calls a SecretKey, which is just 32 random bytes.
/// Get the public key.
fn public(&self) -> Public {
let mut pk = [0u8; 32];
pk.copy_from_slice(&self.0.public.to_bytes());
Public(pk)
}
/// Make a new key pair from secret seed material. The slice must be 32 bytes long or it
/// will return `None`.
///
/// You should never need to use this; generate(), generate_with_phrase(), from_phrase()
fn from_seed_slice(seed: &[u8]) -> Result<Pair, SecretStringError> {
if seed.len() != MINI_SECRET_KEY_LENGTH {
Err(SecretStringError::InvalidSeedLength)
} else {
Ok(Pair(
MiniSecretKey::from_bytes(seed)
.map_err(|_| SecretStringError::InvalidSeed)?
.expand_to_keypair()
))
}
}
/// Generate a key from the phrase, password and derivation path.
fn from_standard_components<I: Iterator<Item=DeriveJunction>>(phrase: &str, password: Option<&str>, path: I) -> Result<Pair, SecretStringError> {
Self::from_phrase(phrase, password)?
.derive(path)
.map_err(|_| SecretStringError::InvalidPath)
}
fn generate_with_phrase(password: Option<&str>) -> (Pair, String) {
let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
let phrase = mnemonic.phrase();
(
Self::from_phrase(phrase, password).expect("All phrases generated by Mnemonic are valid; qed"),
phrase.to_owned(),
)
}
fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Pair, SecretStringError> {
Mnemonic::from_phrase(phrase, Language::English)
.map_err(|_| SecretStringError::InvalidPhrase)
.map(|m| Self::from_entropy(m.entropy(), password))
}
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Result<Pair, Self::DeriveError> {
let init = self.0.secret.clone();
let result = path.fold(init, |acc, j| match j {
DeriveJunction::Soft(cc) => acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => derive_hard_junction(&acc, &cc),
});
Ok(Self(result.into()))
}
fn sign(&self, message: &[u8]) -> Signature {
let context = signing_context(SIGNING_CTX);
self.0.sign(context.bytes(message)).into()
}
/// Verify a signature on a message. Returns true if the signature is good.
fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(&sig.as_ref()) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref().as_slice()) {
Ok(pk) => pk.verify(
signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
),
Err(_) => false,
}
}
/// Verify a signature on a message. Returns true if the signature is good.
fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(sig: &[u8], message: M, pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(sig) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref()) {
Ok(pk) => pk.verify(
signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
),
Err(_) => false,
}
}
}
#[cfg(feature = "std")]
impl Pair {
/// Make a new key pair from binary data derived from a valid seed phrase.
///
/// This uses a key derivation function to convert the entropy into a seed, then returns
/// the pair generated from it.
pub fn from_entropy(entropy: &[u8], password: Option<&str>) -> Pair {
let mini_key: MiniSecretKey = mini_secret_from_entropy(entropy, password.unwrap_or(""))
.expect("32 bytes can always build a key; qed");
let kp = mini_key.expand_to_keypair();
Pair(kp)
}
/// Returns the KeyPair from the English BIP39 seed `phrase`, or `None` if it's invalid.
pub fn from_phrase(phrase: &str, password: Option<&str>) -> Option<Pair> {
Mnemonic::from_phrase(phrase, Language::English)
.ok()
.map(|m| Self::from_entropy(m.entropy(), password))
}
/// Derive a child key from a series of given junctions.
pub fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, mut path: Iter) -> Pair {
let init = self.0.secret.clone();
let result = path.fold(init, |acc, j| match j {
DeriveJunction::Soft(cc) => acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => derive_hard_junction(&acc, &cc),
});
Self(result.into())
}
/// Sign a message.
pub fn sign(&self, message: &[u8]) -> Signature {
let context = signing_context(SIGNING_CTX);
Signature::from(self.0.sign(context.bytes(message)).to_bytes())
}
/// Get the public key.
pub fn public(&self) -> Public {
let mut pk = [0u8; 32];
pk.copy_from_slice(&self.0.public.to_bytes());
Public(pk)
}
}
/// Verify a signature on a message. Returns true if the signature is good.
pub fn verify_strong<P: AsRef<Public>>(sig: &Signature, message: &[u8], pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(&sig[..]) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref().as_slice()) {
Ok(pk) => pk.verify(signing_context(SIGNING_CTX).bytes(message), &signature),
Err(_) => false,
}
}
/// Verify a message without type checking the parameters' types for the right size.
/// Returns true if both the pubkey and the signature is good.
pub fn verify<P: AsRef<[u8]>>(sig: &[u8], message: &[u8], pubkey: P) -> bool {
let signature = match schnorrkel::Signature::from_bytes(&sig[..]) {
Ok(sig) => sig,
Err(_) => return false,
};
match PublicKey::from_bytes(pubkey.as_ref()) {
Ok(pk) => pk.verify_simple(SIGNING_CTX, message, &signature),
Err(_) => false,
}
}
/// Something that acts as a signature allowing a message to be verified.
pub trait Verifiable {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool;
}
impl Verifiable for Signature {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
verify_strong(&self, message, pubkey)
}
}
impl Verifiable for LocalizedSignature {
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
pubkey.as_ref() == &self.signer && self.signature.verify(message, pubkey)
}
}
/// Deserialize from `ss58` into something that can be constructed from `[u8; 32]`.
#[cfg(feature = "std")]
pub fn deserialize<'de, D, T: From<[u8; 32]>>(deserializer: D) -> Result<T, D::Error>
where
D: Deserializer<'de>,
{
let ss58 = String::deserialize(deserializer)?;
Public::from_ss58check(&ss58)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
.map(|v| v.0.into())
}
/// Serializes something that implements `AsRef<[u8; 32]>` into `ss58`.
#[cfg(feature = "std")]
pub fn serialize<S, T: AsRef<[u8; 32]>>(data: &T, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
serializer.serialize_str(&Public(*data.as_ref()).to_ss58check())
}
#[cfg(test)]
mod test {
use super::*;
use crate::Pair as _Pair;
use hex_literal::{hex, hex_impl};
#[test]
fn derive_soft_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let derive_1 = pair.derive(Some(DeriveJunction::soft(1)).into_iter());
let derive_1b = pair.derive(Some(DeriveJunction::soft(1)).into_iter());
let derive_2 = pair.derive(Some(DeriveJunction::soft(2)).into_iter());
let derive_1 = pair.derive(Some(DeriveJunction::soft(1)).into_iter()).unwrap();
let derive_1b = pair.derive(Some(DeriveJunction::soft(1)).into_iter()).unwrap();
let derive_2 = pair.derive(Some(DeriveJunction::soft(2)).into_iter()).unwrap();
assert_eq!(derive_1.public(), derive_1b.public());
assert_ne!(derive_1.public(), derive_2.public());
}
#[test]
fn derive_hard_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let derive_1 = pair.derive(Some(DeriveJunction::hard(1)).into_iter());
let derive_1b = pair.derive(Some(DeriveJunction::hard(1)).into_iter());
let derive_2 = pair.derive(Some(DeriveJunction::hard(2)).into_iter());
let derive_1 = pair.derive(Some(DeriveJunction::hard(1)).into_iter()).unwrap();
let derive_1b = pair.derive(Some(DeriveJunction::hard(1)).into_iter()).unwrap();
let derive_2 = pair.derive(Some(DeriveJunction::hard(2)).into_iter()).unwrap();
assert_eq!(derive_1.public(), derive_1b.public());
assert_ne!(derive_1.public(), derive_2.public());
}
#[test]
fn derive_soft_public_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let path = Some(DeriveJunction::soft(1));
let pair_1 = pair.derive(path.clone().into_iter());
let pair_1 = pair.derive(path.clone().into_iter()).unwrap();
let public_1 = pair.public().derive(path.into_iter()).unwrap();
assert_eq!(pair_1.public(), public_1);
}
#[test]
fn derive_hard_public_should_fail() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let path = Some(DeriveJunction::hard(1));
@@ -480,7 +556,7 @@ mod test {
#[test]
fn sr_test_vector_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let public = pair.public();
@@ -492,8 +568,7 @@ mod test {
);
let message = b"";
let signature = pair.sign(message);
assert!(verify(&signature[..], message, &public.0));
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
@@ -502,13 +577,13 @@ mod test {
let public = pair.public();
let message = b"Something important";
let signature = pair.sign(&message[..]);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
fn seeded_pair_should_work() {
let pair = Pair::from_seed(b"12345678901234567890123456789012");
let pair = Pair::from_seed(*b"12345678901234567890123456789012");
let public = pair.public();
assert_eq!(
public,
@@ -518,7 +593,7 @@ mod test {
);
let message = hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee00000000000000000200d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a4500000000000000");
let signature = pair.sign(&message[..]);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
@@ -537,4 +612,15 @@ mod test {
let enc = hex!["090fa15cb5b1666222fff584b4cc2b1761fe1e238346b340491b37e25ea183ff"];
assert_eq!(Public::from_ss58check(k).unwrap(), Public::from_raw(enc));
}
#[test]
fn verify_from_wasm_works() {
// The values in this test case are compared to the output of `node-test.js` in schnorrkel-js.
//
// This is to make sure that the wasm library is compatible.
let pk = Pair::from_seed(hex!("0000000000000000000000000000000000000000000000000000000000000000"));
let public = pk.public();
let js_signature = Signature::from_raw(hex!("28a854d54903e056f89581c691c1f7d2ff39f8f896c9e9c22475e60902cc2b3547199e0e91fa32902028f2ca2355e8cdd16cfe19ba5e8b658c94aa80f3b81a00"));
assert!(Pair::verify(&js_signature, b"SUBSTRATE", public));
}
}