Subkey supports 24-word phrases (#2827)

* Revamp crypto API and make seeds work better in subkey

* Final tweaks

* Update tests

* line spacing

* Avoid escapes in hex constants

* Fix build

* Another fix

* More fixes

* Minor nits

substrate/core/primitives/src/ed25519.rs

@@ -29,8 +29,6 @@ use substrate_bip39::seed_from_entropy;
 #[cfg(feature = "std")]
 use bip39::{Mnemonic, Language, MnemonicType};
 #[cfg(feature = "std")]
-use rand::Rng;
-#[cfg(feature = "std")]
 use crate::crypto::{Pair as TraitPair, DeriveJunction, SecretStringError, Derive, Ss58Codec};
 #[cfg(feature = "std")]
 use serde::{de, Serializer, Serialize, Deserializer, Deserialize};
@@ -355,46 +353,38 @@ impl TraitPair for Pair {
 	type Signature = Signature;
 	type DeriveError = DeriveError;
 
-	/// Generate new secure (random) key pair.
-	///
-	/// This is only for ephemeral keys really, since you won't have access to the secret key
-	/// for storage. If you want a persistent key pair, use `generate_with_phrase` instead.
-	fn generate() -> Pair {
-		let mut seed: Seed = Default::default();
-		rand::rngs::EntropyRng::new().fill(seed.as_mut());
-		Self::from_seed(seed)
-	}
-
 	/// Generate new secure (random) key pair and provide the recovery phrase.
 	///
 	/// You can recover the same key later with `from_phrase`.
-	fn generate_with_phrase(password: Option<&str>) -> (Pair, String) {
+	fn generate_with_phrase(password: Option<&str>) -> (Pair, String, Seed) {
 		let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
 		let phrase = mnemonic.phrase();
+		let (pair, seed) = Self::from_phrase(phrase, password)
+			.expect("All phrases generated by Mnemonic are valid; qed");
 		(
-			Self::from_phrase(phrase, password).expect("All phrases generated by Mnemonic are valid; qed"),
+			pair,
 			phrase.to_owned(),
+			seed,
 		)
 	}
 
 	/// Generate key pair from given recovery phrase and password.
-	fn from_phrase(phrase: &str, password: Option<&str>) -> Result<Pair, SecretStringError> {
+	fn from_phrase(phrase: &str, password: Option<&str>) -> Result<(Pair, Seed), SecretStringError> {
 		let big_seed = seed_from_entropy(
 			Mnemonic::from_phrase(phrase, Language::English)
 				.map_err(|_| SecretStringError::InvalidPhrase)?.entropy(),
 			password.unwrap_or(""),
 		).map_err(|_| SecretStringError::InvalidSeed)?;
-		Self::from_seed_slice(&big_seed[0..32])
+		let mut seed = Seed::default();
+		seed.copy_from_slice(&big_seed[0..32]);
+		Self::from_seed_slice(&big_seed[0..32]).map(|x| (x, seed))
 	}
 
 	/// Make a new key pair from secret seed material.
 	///
 	/// You should never need to use this; generate(), generate_with_phrasee
-	fn from_seed(seed: Seed) -> Pair {
-		let secret = ed25519_dalek::SecretKey::from_bytes(&seed[..])
-			.expect("seed has valid length; qed");
-		let public = ed25519_dalek::PublicKey::from(&secret);
-		Pair(ed25519_dalek::Keypair { secret, public })
+	fn from_seed(seed: &Seed) -> Pair {
+		Self::from_seed_slice(&seed[..]).expect("seed has valid length; qed")
 	}
 
 	/// Make a new key pair from secret seed material. The slice must be 32 bytes long or it
@@ -402,13 +392,10 @@ impl TraitPair for Pair {
 	///
 	/// You should never need to use this; generate(), generate_with_phrase
 	fn from_seed_slice(seed_slice: &[u8]) -> Result<Pair, SecretStringError> {
-		if seed_slice.len() != 32 {
-			Err(SecretStringError::InvalidSeedLength)
-		} else {
-			let mut seed = [0u8; 32];
-			seed.copy_from_slice(&seed_slice);
-			Ok(Self::from_seed(seed))
-		}
+		let secret = ed25519_dalek::SecretKey::from_bytes(seed_slice)
+			.map_err(|_| SecretStringError::InvalidSeedLength)?;
+		let public = ed25519_dalek::PublicKey::from(&secret);
+		Ok(Pair(ed25519_dalek::Keypair { secret, public }))
 	}
 
 	/// Derive a child key from a series of given junctions.
@@ -420,12 +407,18 @@ impl TraitPair for Pair {
 				DeriveJunction::Hard(cc) => acc = derive_hard_junction(&acc, &cc),
 			}
 		}
-		Ok(Self::from_seed(acc))
+		Ok(Self::from_seed(&acc))
 	}
 
 	/// Generate a key from the phrase, password and derivation path.
-	fn from_standard_components<I: Iterator<Item=DeriveJunction>>(phrase: &str, password: Option<&str>, path: I) -> Result<Pair, SecretStringError> {
-		Self::from_phrase(phrase, password)?.derive(path).map_err(|_| SecretStringError::InvalidPath)
+	fn from_standard_components<I: Iterator<Item=DeriveJunction>>(
+		phrase: &str,
+		password: Option<&str>,
+		path: I
+	) -> Result<Pair, SecretStringError> {
+		Self::from_phrase(phrase, password)?.0
+			.derive(path)
+			.map_err(|_| SecretStringError::InvalidPath)
 	}
 
 	/// Get the public key.
@@ -483,7 +476,7 @@ impl Pair {
 			let mut padded_seed: Seed = [' ' as u8; 32];
 			let len = s.len().min(32);
 			padded_seed[..len].copy_from_slice(&s.as_bytes()[..len]);
-			Self::from_seed(padded_seed)
+			Self::from_seed(&padded_seed)
 		})
 	}
 }
@@ -505,38 +498,52 @@ mod test {
 	#[test]
 	fn seed_and_derive_should_work() {
 		let seed = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60");
-		let pair = Pair::from_seed(seed);
+		let pair = Pair::from_seed(&seed);
 		assert_eq!(pair.seed(), &seed);
 		let path = vec![DeriveJunction::Hard([0u8; 32])];
 		let derived = pair.derive(path.into_iter()).ok().unwrap();
-		assert_eq!(derived.seed(), &hex!("ede3354e133f9c8e337ddd6ee5415ed4b4ffe5fc7d21e933f4930a3730e5b21c"));
+		assert_eq!(
+			derived.seed(),
+			&hex!("ede3354e133f9c8e337ddd6ee5415ed4b4ffe5fc7d21e933f4930a3730e5b21c")
+		);
 	}
 
 	#[test]
 	fn test_vector_should_work() {
-		let pair: Pair = Pair::from_seed(hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"));
+		let pair = Pair::from_seed(
+			&hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60")
+		);
 		let public = pair.public();
-		assert_eq!(public, Public::from_raw(hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")));
+		assert_eq!(public, Public::from_raw(
+			hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")
+		));
 		let message = b"";
-		let signature = Signature::from_raw(hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"));
+		let signature = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+		let signature = Signature::from_raw(signature);
 		assert!(&pair.sign(&message[..]) == &signature);
 		assert!(Pair::verify(&signature, &message[..], &public));
 	}
 
 	#[test]
 	fn test_vector_by_string_should_work() {
-		let pair: Pair = Pair::from_string("0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", None).unwrap();
+		let pair = Pair::from_string(
+			"0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
+			None
+		).unwrap();
 		let public = pair.public();
-		assert_eq!(public, Public::from_raw(hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")));
+		assert_eq!(public, Public::from_raw(
+			hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")
+		));
 		let message = b"";
-		let signature = Signature::from_raw(hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"));
+		let signature = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+		let signature = Signature::from_raw(signature);
 		assert!(&pair.sign(&message[..]) == &signature);
 		assert!(Pair::verify(&signature, &message[..], &public));
 	}
 
 	#[test]
 	fn generated_pair_should_work() {
-		let pair = Pair::generate();
+		let (pair, _) = Pair::generate();
 		let public = pair.public();
 		let message = b"Something important";
 		let signature = pair.sign(&message[..]);
@@ -546,9 +553,11 @@ mod test {
 
 	#[test]
 	fn seeded_pair_should_work() {
-		let pair = Pair::from_seed(*b"12345678901234567890123456789012");
+		let pair = Pair::from_seed(b"12345678901234567890123456789012");
 		let public = pair.public();
-		assert_eq!(public, Public::from_raw(hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee")));
+		assert_eq!(public, Public::from_raw(
+			hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee")
+		));
 		let message = hex!("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee00000000000000000200d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a4500000000000000");
 		let signature = pair.sign(&message[..]);
 		println!("Correct signature: {:?}", signature);
@@ -558,31 +567,31 @@ mod test {
 
 	#[test]
 	fn generate_with_phrase_recovery_possible() {
-		let (pair1, phrase) = Pair::generate_with_phrase(None);
-		let pair2 = Pair::from_phrase(&phrase, None).unwrap();
+		let (pair1, phrase, _) = Pair::generate_with_phrase(None);
+		let (pair2, _) = Pair::from_phrase(&phrase, None).unwrap();
 
 		assert_eq!(pair1.public(), pair2.public());
 	}
 
 	#[test]
 	fn generate_with_password_phrase_recovery_possible() {
-		let (pair1, phrase) = Pair::generate_with_phrase(Some("password"));
-		let pair2 = Pair::from_phrase(&phrase, Some("password")).unwrap();
+		let (pair1, phrase, _) = Pair::generate_with_phrase(Some("password"));
+		let (pair2, _) = Pair::from_phrase(&phrase, Some("password")).unwrap();
 
 		assert_eq!(pair1.public(), pair2.public());
 	}
 
 	#[test]
 	fn password_does_something() {
-		let (pair1, phrase) = Pair::generate_with_phrase(Some("password"));
-		let pair2 = Pair::from_phrase(&phrase, None).unwrap();
+		let (pair1, phrase, _) = Pair::generate_with_phrase(Some("password"));
+		let (pair2, _) = Pair::from_phrase(&phrase, None).unwrap();
 
 		assert_ne!(pair1.public(), pair2.public());
 	}
 
 	#[test]
 	fn ss58check_roundtrip_works() {
-		let pair = Pair::from_seed(*b"12345678901234567890123456789012");
+		let pair = Pair::from_seed(b"12345678901234567890123456789012");
 		let public = pair.public();
 		let s = public.to_ss58check();
 		println!("Correct: {}", s);