pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-13 22:11:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Overhaul crypto (Schnorr/Ristretto, HDKD, BIP39) (#1795)

Browse Source 
* Rijig to Ristretto

* Rebuild wasm

* adds compatibility test with the wasm module

* Add Ed25519-BIP39 support

* Bump subkey version

* Update CLI output

* New keys.

* Standard phrase/password/path keys.

* Subkey uses S-URI for secrets

* Move everything to use new HDKD crypto.

* Test fixes

* Ignore old test vector.

* fix the ^^ old test vector.

* Fix tests

* Test fixes

* Cleanups

* Fix broken key conversion logic in grandpa

CC @rphmeier

* Remove legacy Keyring usage

* Traitify `Pair`

* Replace Ed25519AuthorityId with ed25519::Public

* Expunge Ed25519AuthorityId type!

* Replace Sr25519AuthorityId with sr25519::Public

* Remove dodgy crypto type-punning conversions

* Fix some tests

* Avoid trait

* Deduplicate DeriveJunction string decode

* Remove cruft code

* Fix test

* Minor removals

* Build fix

* Subkey supports sign and verify

* Inspect works for public key URIs

* Remove more crypto type-punning

* Fix typo

* Fix tests
This commit is contained in:
Gav Wood
2019-03-13 14:08:31 +01:00
committed by GitHub
parent 17f093da13
commit d7fcf5dc9d
83 changed files with 2636 additions and 1687 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/core/primitives/src/sr25519.rs
+402 -316
View File
@@ -16,136 +16,48 @@
// tag::description[]
//! Simple sr25519 (Schnorr-Ristretto) API.
//!
//! Note: `CHAIN_CODE_LENGTH` must be equal to `crate::crypto::JUNCTION_ID_LEN`
//! for this to work.
// end::description[]
use base58::{FromBase58, ToBase58};
#[cfg(feature = "std")]
use blake2_rfc;
#[cfg(feature = "std")]
use rand::rngs::OsRng;
#[cfg(feature = "std")]
use schnorrkel::{signing_context, Keypair, SecretKey, MiniSecretKey, PublicKey,
derive::{Derivation, ChainCode, CHAIN_CODE_LENGTH}
};
#[cfg(feature = "std")]
use substrate_bip39::mini_secret_from_entropy;
//use sha2::Sha512;
#[cfg(feature = "std")]
use bip39::{Mnemonic, Language, MnemonicType};
#[cfg(feature = "std")]
use crate::crypto::{Pair as TraitPair, DeriveJunction, Infallible, SecretStringError, Derive, Ss58Codec};
use crate::{hash::{H256, H512}, crypto::UncheckedFrom};
use parity_codec::{Encode, Decode};
use crate::hash::H512;
use bip39::{Mnemonic, Language};
#[cfg(feature = "std")]
use serde::{de, Deserialize, Deserializer, Serializer};
use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
#[cfg(feature = "std")]
use schnorrkel::keys::MINI_SECRET_KEY_LENGTH;
// signing context
const SIGNING_CTX: &'static [u8] = b"substrate transaction";
/// An Schnorrkel/Ristretto x25519 ("sr25519") signature.
///
/// Instead of importing it for the local module, alias it to be available as a public type
pub type Signature = H512;
/// A localized signature also contains sender information.
/// NOTE: Encode and Decode traits are supported in ed25519 but not possible for now here.
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct LocalizedSignature {
/// The signer of the signature.
pub signer: Public,
/// The signature itself.
pub signature: Signature,
}
#[cfg(feature = "std")]
const SIGNING_CTX: &[u8] = b"substrate";
/// An Schnorrkel/Ristretto x25519 ("sr25519") public key.
#[derive(PartialEq, Eq, Clone, Encode, Decode)]
#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Encode, Decode, Default)]
pub struct Public(pub [u8; 32]);
/// An Schnorrkel/Ristretto x25519 ("sr25519") key pair.
#[cfg(feature = "std")]
pub struct Pair(Keypair);
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// An error type for SS58 decoding.
#[derive(Clone, Copy, Eq, PartialEq, Debug)]
pub enum PublicError {
/// Bad alphabet.
BadBase58,
/// Bad length.
BadLength,
/// Unknown version.
UnknownVersion,
/// Invalid checksum.
InvalidChecksum,
}
impl Public {
/// A new instance from the given 32-byte `data`.
pub fn from_raw(data: [u8; 32]) -> Self {
Public(data)
}
/// A new instance from the given slice that should be 32 bytes long.
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 32];
r.copy_from_slice(data);
Public(r)
}
/// Some if the string is a properly encoded SS58Check address.
pub fn from_ss58check(s: &str) -> Result<Self, PublicError> {
let d = s.from_base58().map_err(|_| PublicError::BadBase58)?; // failure here would be invalid encoding.
if d.len() != 35 {
// Invalid length.
return Err(PublicError::BadLength);
}
if d[0] != 42 {
// Invalid version.
return Err(PublicError::UnknownVersion);
}
if d[33..35] != blake2_rfc::blake2b::blake2b(64, &[], &d[0..33]).as_bytes()[0..2] {
// Invalid checksum.
return Err(PublicError::InvalidChecksum);
}
Ok(Self::from_slice(&d[1..33]))
}
/// Return a `Vec<u8>` filled with raw data.
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
/// Return the ss58-check string for this key.
pub fn to_ss58check(&self) -> String {
let mut v = vec![42u8];
v.extend(self.as_slice());
let r = blake2_rfc::blake2b::blake2b(64, &[], &v);
v.extend(&r.as_bytes()[0..2]);
v.to_base58()
}
/// Derive a child key from a series of given junctions.
///
/// `None` if there are any hard junctions in there.
pub fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, mut path: Iter) -> Option<Public> {
let mut acc = PublicKey::from_bytes(self.as_ref()).ok()?;
for j in path {
match j {
DeriveJunction::Soft(cc) => acc = acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => return None,
}
}
Some(Self(acc.to_bytes()))
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
}
}
@@ -161,60 +73,44 @@ impl AsRef<[u8]> for Public {
}
}
impl Into<[u8; 32]> for Public {
fn into(self) -> [u8; 32] {
self.0
impl AsMut<[u8]> for Public {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
impl AsRef<Public> for Public {
fn as_ref(&self) -> &Public {
&self
impl From<Public> for [u8; 32] {
fn from(x: Public) -> [u8; 32] {
x.0
}
}
impl AsRef<Pair> for Pair {
fn as_ref(&self) -> &Pair {
&self
impl From<Public> for H256 {
fn from(x: Public) -> H256 {
x.0.into()
}
}
impl From<MiniSecretKey> for Pair {
fn from(sec: MiniSecretKey) -> Pair {
Pair(sec.expand_to_keypair())
impl UncheckedFrom<[u8; 32]> for Public {
fn unchecked_from(x: [u8; 32]) -> Self {
Public::from_raw(x)
}
}
impl From<SecretKey> for Pair {
fn from(sec: SecretKey) -> Pair {
Pair(Keypair::from(sec))
}
}
impl From<schnorrkel::Keypair> for Pair {
fn from(p: schnorrkel::Keypair) -> Pair {
Pair(p)
}
}
impl From<Pair> for schnorrkel::Keypair {
fn from(p: Pair) -> schnorrkel::Keypair {
p.0
}
}
impl AsRef<schnorrkel::Keypair> for Pair {
fn as_ref(&self) -> &schnorrkel::Keypair {
&self.0
impl UncheckedFrom<H256> for Public {
fn unchecked_from(x: H256) -> Self {
Public::from_h256(x)
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Display for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", self.to_ss58check())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Public {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
let s = self.to_ss58check();
@@ -222,81 +118,253 @@ impl ::std::fmt::Debug for Public {
}
}
/// A since derivation junction description. It is the single parameter used when creating
/// a new secret key from an existing secret key and, in the case of `SoftRaw` and `SoftIndex`
/// a new public key from an existing public key.
#[derive(Copy, Clone, Eq, PartialEq, Hash, Debug, Encode, Decode)]
pub enum DeriveJunction {
/// Soft (vanilla) derivation. Public keys have a correspondent derivation.
Soft([u8; CHAIN_CODE_LENGTH]),
/// Hard ("hardened") derivation. Public keys do not have a correspondent derivation.
Hard([u8; CHAIN_CODE_LENGTH]),
#[cfg(feature = "std")]
impl Serialize for Public {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: Serializer {
serializer.serialize_str(&self.to_ss58check())
}
}
impl DeriveJunction {
/// Consume self to return a soft derive junction with the same chain code.
pub fn soften(self) -> Self { DeriveJunction::Soft(self.unwrap_inner()) }
#[cfg(feature = "std")]
impl<'de> Deserialize<'de> for Public {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: Deserializer<'de> {
Public::from_ss58check(&String::deserialize(deserializer)?)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
}
}
/// Consume self to return a hard derive junction with the same chain code.
pub fn harden(self) -> Self { DeriveJunction::Hard(self.unwrap_inner()) }
#[cfg(feature = "std")]
impl ::std::hash::Hash for Public {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
self.0.hash(state);
}
}
/// Create a new soft (vanilla) DeriveJunction from a given, encodable, value.
/// An Schnorrkel/Ristretto x25519 ("sr25519") signature.
///
/// Instead of importing it for the local module, alias it to be available as a public type
#[derive(Encode, Decode)]
pub struct Signature(pub [u8; 64]);
impl Clone for Signature {
fn clone(&self) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(&self.0[..]);
Signature(r)
}
}
impl Default for Signature {
fn default() -> Self {
Signature([0u8; 64])
}
}
impl PartialEq for Signature {
fn eq(&self, b: &Self) -> bool {
&self.0[..] == &b.0[..]
}
}
impl Eq for Signature {}
impl From<Signature> for [u8; 64] {
fn from(v: Signature) -> [u8; 64] {
v.0
}
}
impl From<Signature> for H512 {
fn from(v: Signature) -> H512 {
H512::from(v.0)
}
}
impl AsRef<[u8; 64]> for Signature {
fn as_ref(&self) -> &[u8; 64] {
&self.0
}
}
impl AsRef<[u8]> for Signature {
fn as_ref(&self) -> &[u8] {
&self.0[..]
}
}
impl AsMut<[u8]> for Signature {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0[..]
}
}
#[cfg(feature = "std")]
impl From<schnorrkel::Signature> for Signature {
fn from(s: schnorrkel::Signature) -> Signature {
Signature(s.to_bytes())
}
}
#[cfg(feature = "std")]
impl ::std::fmt::Debug for Signature {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "{}", crate::hexdisplay::HexDisplay::from(&self.0))
}
}
#[cfg(feature = "std")]
impl ::std::hash::Hash for Signature {
fn hash<H: ::std::hash::Hasher>(&self, state: &mut H) {
::std::hash::Hash::hash(&self.0[..], state);
}
}
/// A localized signature also contains sender information.
/// NOTE: Encode and Decode traits are supported in ed25519 but not possible for now here.
#[cfg(feature = "std")]
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct LocalizedSignature {
/// The signer of the signature.
pub signer: Public,
/// The signature itself.
pub signature: Signature,
}
impl Signature {
/// A new instance from the given 64-byte `data`.
///
/// If you need a hard junction, use `hard()`.
pub fn soft<T: Encode>(index: T) -> Self {
let mut cc: [u8; CHAIN_CODE_LENGTH] = Default::default();
index.using_encoded(|data| if data.len() > CHAIN_CODE_LENGTH {
let hash_result = blake2_rfc::blake2b::blake2b(CHAIN_CODE_LENGTH, &[], data);
let hash = hash_result.as_bytes();
cc.copy_from_slice(hash);
} else {
cc[0..data.len()].copy_from_slice(data);
});
DeriveJunction::Soft(cc)
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_raw(data: [u8; 64]) -> Signature {
Signature(data)
}
/// Create a new hard (hardened) DeriveJunction from a given, encodable, value.
/// A new instance from the given slice that should be 64 bytes long.
///
/// If you need a soft junction, use `soft()`.
pub fn hard<T: Encode>(index: T) -> Self {
Self::soft(index).harden()
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 64];
r.copy_from_slice(data);
Signature(r)
}
/// Consume self to return the chain code.
pub fn unwrap_inner(self) -> [u8; CHAIN_CODE_LENGTH] {
match self {
DeriveJunction::Hard(c) | DeriveJunction::Soft(c) => c,
/// A new instance from an H512.
///
/// NOTE: No checking goes on to ensure this is a real signature. Only use it if
/// you are certain that the array actually is a signature. GIGO!
pub fn from_h512(v: H512) -> Signature {
Signature(v.into())
}
}
#[cfg(feature = "std")]
impl Derive for Public {
/// Derive a child key from a series of given junctions.
///
/// `None` if there are any hard junctions in there.
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Option<Public> {
let mut acc = PublicKey::from_bytes(self.as_ref()).ok()?;
for j in path {
match j {
DeriveJunction::Soft(cc) => acc = acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(_cc) => return None,
}
}
Some(Self(acc.to_bytes()))
}
}
impl Public {
/// A new instance from the given 32-byte `data`.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_raw(data: [u8; 32]) -> Self {
Public(data)
}
/// Consume self to return the chain code.
pub fn unwrap_chain_code(self) -> ChainCode {
ChainCode(self.unwrap_inner())
/// A new instance from the given slice that should be 32 bytes long.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_slice(data: &[u8]) -> Self {
let mut r = [0u8; 32];
r.copy_from_slice(data);
Public(r)
}
/// Return a reference to the chain code.
pub fn chain_code(&self) -> ChainCode {
self.clone().unwrap_chain_code()
/// A new instance from an H256.
///
/// NOTE: No checking goes on to ensure this is a real public key. Only use it if
/// you are certain that the array actually is a pubkey. GIGO!
pub fn from_h256(x: H256) -> Self {
Public(x.into())
}
/// Return `true` if the junction is soft.
pub fn is_soft(&self) -> bool {
match *self {
DeriveJunction::Soft(_) => true,
_ => false,
}
/// Return a `Vec<u8>` filled with raw data.
#[cfg(feature = "std")]
pub fn to_raw_vec(self) -> Vec<u8> {
let r: &[u8; 32] = self.as_ref();
r.to_vec()
}
/// Return `true` if the junction is hard.
pub fn is_hard(&self) -> bool {
match *self {
DeriveJunction::Hard(_) => true,
_ => false,
}
/// Return a slice filled with raw data.
pub fn as_slice(&self) -> &[u8] {
let r: &[u8; 32] = self.as_ref();
&r[..]
}
/// Return a slice filled with raw data.
pub fn as_array_ref(&self) -> &[u8; 32] {
self.as_ref()
}
}
#[cfg(feature = "std")]
impl AsRef<Pair> for Pair {
fn as_ref(&self) -> &Pair {
&self
}
}
#[cfg(feature = "std")]
impl From<MiniSecretKey> for Pair {
fn from(sec: MiniSecretKey) -> Pair {
Pair(sec.expand_to_keypair())
}
}
#[cfg(feature = "std")]
impl From<SecretKey> for Pair {
fn from(sec: SecretKey) -> Pair {
Pair(Keypair::from(sec))
}
}
#[cfg(feature = "std")]
impl From<schnorrkel::Keypair> for Pair {
fn from(p: schnorrkel::Keypair) -> Pair {
Pair(p)
}
}
#[cfg(feature = "std")]
impl From<Pair> for schnorrkel::Keypair {
fn from(p: Pair) -> schnorrkel::Keypair {
p.0
}
}
#[cfg(feature = "std")]
impl AsRef<schnorrkel::Keypair> for Pair {
fn as_ref(&self) -> &schnorrkel::Keypair {
&self.0
}
}
/// Derive a single hard junction.
#[cfg(feature = "std")]
fn derive_hard_junction(secret: &SecretKey, cc: &[u8; CHAIN_CODE_LENGTH]) -> SecretKey {
("SchnorrRistrettoHDKD", &secret.to_bytes()[..], cc).using_encoded(|data|
MiniSecretKey::from_bytes(blake2_rfc::blake2b::blake2b(32, &[], data).as_bytes())
@@ -305,173 +373,181 @@ fn derive_hard_junction(secret: &SecretKey, cc: &[u8; CHAIN_CODE_LENGTH]) -> Sec
)
}
impl Pair {
#[cfg(feature = "std")]
type Seed = [u8; MINI_SECRET_KEY_LENGTH];
#[cfg(feature = "std")]
impl TraitPair for Pair {
type Public = Public;
type Seed = Seed;
type Signature = Signature;
type DeriveError = Infallible;
/// Generate new secure (random) key pair.
pub fn generate() -> Pair {
fn generate() -> Pair {
let mut csprng: OsRng = OsRng::new().expect("os random generator works; qed");
let key_pair: Keypair = Keypair::generate(&mut csprng);
Pair(key_pair)
}
/// Make a new key pair from a seed phrase.
/// Make a new key pair from raw secret seed material.
///
/// This is generated using schnorrkel's Mini-Secret-Keys.
///
/// A MiniSecretKey is literally what Ed25519 calls a SecretKey, which is just 32 random bytes.
pub fn from_seed(seed: &[u8; 32]) -> Pair {
let mini_key: MiniSecretKey = MiniSecretKey::from_bytes(seed)
fn from_seed(seed: Seed) -> Pair {
let mini_key: MiniSecretKey = MiniSecretKey::from_bytes(&seed[..])
.expect("32 bytes can always build a key; qed");
let kp = mini_key.expand_to_keypair();
Pair(kp)
}
/// Make a new key pair from a seed phrase.
/// This is generated using schnorrkel's Mini-Secret-Keys.
/// A MiniSecretKey is literally what Ed25519 calls a SecretKey, which is just 32 random bytes.
/// Get the public key.
fn public(&self) -> Public {
let mut pk = [0u8; 32];
pk.copy_from_slice(&self.0.public.to_bytes());
Public(pk)
}
/// Make a new key pair from secret seed material. The slice must be 32 bytes long or it
/// will return `None`.
///
/// You should never need to use this; generate(), generate_with_phrase(), from_phrase()
fn from_seed_slice(seed: &[u8]) -> Result<Pair, SecretStringError> {
if seed.len() != MINI_SECRET_KEY_LENGTH {
Err(SecretStringError::InvalidSeedLength)
} else {
Ok(Pair(
MiniSecretKey::from_bytes(seed)
.map_err(|_| SecretStringError::InvalidSeed)?
.expand_to_keypair()
))
}
}
/// Generate a key from the phrase, password and derivation path.
fn from_standard_components<I: Iterator<Item=DeriveJunction>>(phrase: &str, password: Option<&str>, path: I) -> Result<Pair, SecretStringError> {
Self::from_phrase(phrase, password)?
.derive(path)
.map_err(|_| SecretStringError::InvalidPath)
}
fn generate_with_phrase(password: Option<&str>) -> (Pair, String) {
let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
let phrase = mnemonic.phrase();
(
Self::from_phrase(phrase, password).expect("All phrases generated by Mnemonic are valid; qed"),
phrase.to_owned(),
)
}
fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Pair, SecretStringError> {
Mnemonic::from_phrase(phrase, Language::English)
.map_err(|_| SecretStringError::InvalidPhrase)
.map(|m| Self::from_entropy(m.entropy(), password))
}
fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, path: Iter) -> Result<Pair, Self::DeriveError> {
let init = self.0.secret.clone();
let result = path.fold(init, |acc, j| match j {
DeriveJunction::Soft(cc) => acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => derive_hard_junction(&acc, &cc),
});
Ok(Self(result.into()))
}
fn sign(&self, message: &[u8]) -> Signature {
let context = signing_context(SIGNING_CTX);
self.0.sign(context.bytes(message)).into()
}
/// Verify a signature on a message. Returns true if the signature is good.
fn verify<P: AsRef<Self::Public>, M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(&sig.as_ref()) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref().as_slice()) {
Ok(pk) => pk.verify(
signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
),
Err(_) => false,
}
}
/// Verify a signature on a message. Returns true if the signature is good.
fn verify_weak<P: AsRef<[u8]>, M: AsRef<[u8]>>(sig: &[u8], message: M, pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(sig) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref()) {
Ok(pk) => pk.verify(
signing_context(SIGNING_CTX).bytes(message.as_ref()), &signature
),
Err(_) => false,
}
}
}
#[cfg(feature = "std")]
impl Pair {
/// Make a new key pair from binary data derived from a valid seed phrase.
///
/// This uses a key derivation function to convert the entropy into a seed, then returns
/// the pair generated from it.
pub fn from_entropy(entropy: &[u8], password: Option<&str>) -> Pair {
let mini_key: MiniSecretKey = mini_secret_from_entropy(entropy, password.unwrap_or(""))
.expect("32 bytes can always build a key; qed");
let kp = mini_key.expand_to_keypair();
Pair(kp)
}
/// Returns the KeyPair from the English BIP39 seed `phrase`, or `None` if it's invalid.
pub fn from_phrase(phrase: &str, password: Option<&str>) -> Option<Pair> {
Mnemonic::from_phrase(phrase, Language::English)
.ok()
.map(|m| Self::from_entropy(m.entropy(), password))
}
/// Derive a child key from a series of given junctions.
pub fn derive<Iter: Iterator<Item=DeriveJunction>>(&self, mut path: Iter) -> Pair {
let init = self.0.secret.clone();
let result = path.fold(init, |acc, j| match j {
DeriveJunction::Soft(cc) => acc.derived_key_simple(ChainCode(cc), &[]).0,
DeriveJunction::Hard(cc) => derive_hard_junction(&acc, &cc),
});
Self(result.into())
}
/// Sign a message.
pub fn sign(&self, message: &[u8]) -> Signature {
let context = signing_context(SIGNING_CTX);
Signature::from(self.0.sign(context.bytes(message)).to_bytes())
}
/// Get the public key.
pub fn public(&self) -> Public {
let mut pk = [0u8; 32];
pk.copy_from_slice(&self.0.public.to_bytes());
Public(pk)
}
}
/// Verify a signature on a message. Returns true if the signature is good.
pub fn verify_strong<P: AsRef<Public>>(sig: &Signature, message: &[u8], pubkey: P) -> bool {
let signature: schnorrkel::Signature = match schnorrkel::Signature::from_bytes(&sig[..]) {
Ok(some_signature) => some_signature,
Err(_) => return false
};
match PublicKey::from_bytes(pubkey.as_ref().as_slice()) {
Ok(pk) => pk.verify(signing_context(SIGNING_CTX).bytes(message), &signature),
Err(_) => false,
}
}
/// Verify a message without type checking the parameters' types for the right size.
/// Returns true if both the pubkey and the signature is good.
pub fn verify<P: AsRef<[u8]>>(sig: &[u8], message: &[u8], pubkey: P) -> bool {
let signature = match schnorrkel::Signature::from_bytes(&sig[..]) {
Ok(sig) => sig,
Err(_) => return false,
};
match PublicKey::from_bytes(pubkey.as_ref()) {
Ok(pk) => pk.verify_simple(SIGNING_CTX, message, &signature),
Err(_) => false,
}
}
/// Something that acts as a signature allowing a message to be verified.
pub trait Verifiable {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool;
}
impl Verifiable for Signature {
/// Verify something that acts like a signature.
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
verify_strong(&self, message, pubkey)
}
}
impl Verifiable for LocalizedSignature {
fn verify<P: AsRef<Public>>(&self, message: &[u8], pubkey: P) -> bool {
pubkey.as_ref() == &self.signer && self.signature.verify(message, pubkey)
}
}
/// Deserialize from `ss58` into something that can be constructed from `[u8; 32]`.
#[cfg(feature = "std")]
pub fn deserialize<'de, D, T: From<[u8; 32]>>(deserializer: D) -> Result<T, D::Error>
where
D: Deserializer<'de>,
{
let ss58 = String::deserialize(deserializer)?;
Public::from_ss58check(&ss58)
.map_err(|e| de::Error::custom(format!("{:?}", e)))
.map(|v| v.0.into())
}
/// Serializes something that implements `AsRef<[u8; 32]>` into `ss58`.
#[cfg(feature = "std")]
pub fn serialize<S, T: AsRef<[u8; 32]>>(data: &T, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
serializer.serialize_str(&Public(*data.as_ref()).to_ss58check())
}
#[cfg(test)]
mod test {
use super::*;
use crate::Pair as _Pair;
use hex_literal::{hex, hex_impl};
#[test]
fn derive_soft_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let derive_1 = pair.derive(Some(DeriveJunction::soft(1)).into_iter());
let derive_1b = pair.derive(Some(DeriveJunction::soft(1)).into_iter());
let derive_2 = pair.derive(Some(DeriveJunction::soft(2)).into_iter());
let derive_1 = pair.derive(Some(DeriveJunction::soft(1)).into_iter()).unwrap();
let derive_1b = pair.derive(Some(DeriveJunction::soft(1)).into_iter()).unwrap();
let derive_2 = pair.derive(Some(DeriveJunction::soft(2)).into_iter()).unwrap();
assert_eq!(derive_1.public(), derive_1b.public());
assert_ne!(derive_1.public(), derive_2.public());
}
#[test]
fn derive_hard_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let derive_1 = pair.derive(Some(DeriveJunction::hard(1)).into_iter());
let derive_1b = pair.derive(Some(DeriveJunction::hard(1)).into_iter());
let derive_2 = pair.derive(Some(DeriveJunction::hard(2)).into_iter());
let derive_1 = pair.derive(Some(DeriveJunction::hard(1)).into_iter()).unwrap();
let derive_1b = pair.derive(Some(DeriveJunction::hard(1)).into_iter()).unwrap();
let derive_2 = pair.derive(Some(DeriveJunction::hard(2)).into_iter()).unwrap();
assert_eq!(derive_1.public(), derive_1b.public());
assert_ne!(derive_1.public(), derive_2.public());
}
#[test]
fn derive_soft_public_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let path = Some(DeriveJunction::soft(1));
let pair_1 = pair.derive(path.clone().into_iter());
let pair_1 = pair.derive(path.clone().into_iter()).unwrap();
let public_1 = pair.public().derive(path.into_iter()).unwrap();
assert_eq!(pair_1.public(), public_1);
}
#[test]
fn derive_hard_public_should_fail() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let path = Some(DeriveJunction::hard(1));
@@ -480,7 +556,7 @@ mod test {
#[test]
fn sr_test_vector_should_work() {
let pair: Pair = Pair::from_seed(&hex!(
let pair: Pair = Pair::from_seed(hex!(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
));
let public = pair.public();
@@ -492,8 +568,7 @@ mod test {
);
let message = b"";
let signature = pair.sign(message);
assert!(verify(&signature[..], message, &public.0));
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
@@ -502,13 +577,13 @@ mod test {
let public = pair.public();
let message = b"Something important";
let signature = pair.sign(&message[..]);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
fn seeded_pair_should_work() {
let pair = Pair::from_seed(b"12345678901234567890123456789012");
let pair = Pair::from_seed(*b"12345678901234567890123456789012");
let public = pair.public();
assert_eq!(
public,
@@ -518,7 +593,7 @@ mod test {
);
let message = hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee00000000000000000200d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a4500000000000000");
let signature = pair.sign(&message[..]);
assert!(verify_strong(&signature, &message[..], &public));
assert!(Pair::verify(&signature, &message[..], &public));
}
#[test]
@@ -537,4 +612,15 @@ mod test {
let enc = hex!["090fa15cb5b1666222fff584b4cc2b1761fe1e238346b340491b37e25ea183ff"];
assert_eq!(Public::from_ss58check(k).unwrap(), Public::from_raw(enc));
}
#[test]
fn verify_from_wasm_works() {
// The values in this test case are compared to the output of `node-test.js` in schnorrkel-js.
//
// This is to make sure that the wasm library is compatible.
let pk = Pair::from_seed(hex!("0000000000000000000000000000000000000000000000000000000000000000"));
let public = pk.public();
let js_signature = Signature::from_raw(hex!("28a854d54903e056f89581c691c1f7d2ff39f8f896c9e9c22475e60902cc2b3547199e0e91fa32902028f2ca2355e8cdd16cfe19ba5e8b658c94aa80f3b81a00"));
assert!(Pair::verify(&js_signature, b"SUBSTRATE", public));
}
}