mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-07-02 05:57:23 +00:00
8de0e55778
* Cherry pick all crypto related changes from pull-request #13311 applied to master's head * Import some stuff just if 'full_crypto' is on * Remove copyright year * Cleanup * First generic BLS draft * Finalize generic implementation * Restore tests * Fix rust docs * Fix after master merge * Fix after master merge * Use double bls with G1 as signature group and verify individual signatures using DLEQ proof. * Fix inclusions and types used within substrate * Remove unused cruft * Restore usage of upstream crates * Fix test * Reduce the diff by aligning Cargo.lock to master * Application-crypto provides bls381 * Implement bls381 for local keystore * Use new generic keystore features * import DoublePublickey[Scheme] from the bls-like root to be less confusing. * fix compilation * Apply suggestions from code review Co-authored-by: Robert Hambrock <roberthambrock@gmail.com> * Clean leftovers * - update bls test vector after applying spec change recommendation. - send message as ref. * Different hard junction ids for different bls12 types * update to new bls-like * bls-like → w3f-bls * Make clippy happy * update test vector after replacing hash and crop with hash to field. * cargo fmt * account for #13972 * hide BLS behind "bls_non_production" feature flag * Remove Cargo.lock entries duplicated in merge * add bls377 to primitives/keystore and client/keystore add bls377 to primitives/application-crypto/ add bls_non_production to primitives/keystore and client/keystore bump up w3f-bls version * rename feature `bls_non_production` to `bls-experimental` --------- Co-authored-by: Davide Galassi <davxy@datawok.net> Co-authored-by: André Silva <andrerfosilva@gmail.com> Co-authored-by: Robert Hambrock <roberthambrock@gmail.com>
326 lines
11 KiB
Rust
326 lines
11 KiB
Rust
// This file is part of Substrate.
|
|
|
|
// Copyright (C) Parity Technologies (UK) Ltd.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
//! Keystore traits
|
|
|
|
pub mod testing;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
use sp_core::{bls377, bls381};
|
|
use sp_core::{
|
|
crypto::{ByteArray, CryptoTypeId, KeyTypeId},
|
|
ecdsa, ed25519, sr25519,
|
|
};
|
|
|
|
use std::sync::Arc;
|
|
|
|
/// Keystore error
|
|
#[derive(Debug, thiserror::Error)]
|
|
pub enum Error {
|
|
/// Public key type is not supported
|
|
#[error("Key not supported: {0:?}")]
|
|
KeyNotSupported(KeyTypeId),
|
|
/// Validation error
|
|
#[error("Validation error: {0}")]
|
|
ValidationError(String),
|
|
/// Keystore unavailable
|
|
#[error("Keystore unavailable")]
|
|
Unavailable,
|
|
/// Programming errors
|
|
#[error("An unknown keystore error occurred: {0}")]
|
|
Other(String),
|
|
}
|
|
|
|
/// Something that generates, stores and provides access to secret keys.
|
|
pub trait Keystore: Send + Sync {
|
|
/// Returns all the sr25519 public keys for the given key type.
|
|
fn sr25519_public_keys(&self, key_type: KeyTypeId) -> Vec<sr25519::Public>;
|
|
|
|
/// Generate a new sr25519 key pair for the given key type and an optional seed.
|
|
///
|
|
/// Returns an `sr25519::Public` key of the generated key pair or an `Err` if
|
|
/// something failed during key generation.
|
|
fn sr25519_generate_new(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
seed: Option<&str>,
|
|
) -> Result<sr25519::Public, Error>;
|
|
|
|
/// Generate an sr25519 signature for a given message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`sr25519::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`sr25519::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn sr25519_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &sr25519::Public,
|
|
msg: &[u8],
|
|
) -> Result<Option<sr25519::Signature>, Error>;
|
|
|
|
/// Generate an sr25519 VRF signature for the given data.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`sr25519::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns `None` if the given `key_type` and `public` combination doesn't
|
|
/// exist in the keystore or an `Err` when something failed.
|
|
fn sr25519_vrf_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &sr25519::Public,
|
|
data: &sr25519::vrf::VrfSignData,
|
|
) -> Result<Option<sr25519::vrf::VrfSignature>, Error>;
|
|
|
|
/// Generate an sr25519 VRF output for a given input data.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`sr25519::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns `None` if the given `key_type` and `public` combination doesn't
|
|
/// exist in the keystore or an `Err` when something failed.
|
|
fn sr25519_vrf_output(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &sr25519::Public,
|
|
input: &sr25519::vrf::VrfInput,
|
|
) -> Result<Option<sr25519::vrf::VrfOutput>, Error>;
|
|
|
|
/// Returns all ed25519 public keys for the given key type.
|
|
fn ed25519_public_keys(&self, key_type: KeyTypeId) -> Vec<ed25519::Public>;
|
|
|
|
/// Generate a new ed25519 key pair for the given key type and an optional seed.
|
|
///
|
|
/// Returns an `ed25519::Public` key of the generated key pair or an `Err` if
|
|
/// something failed during key generation.
|
|
fn ed25519_generate_new(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
seed: Option<&str>,
|
|
) -> Result<ed25519::Public, Error>;
|
|
|
|
/// Generate an ed25519 signature for a given message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`ed25519::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`ed25519::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn ed25519_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &ed25519::Public,
|
|
msg: &[u8],
|
|
) -> Result<Option<ed25519::Signature>, Error>;
|
|
|
|
/// Returns all ecdsa public keys for the given key type.
|
|
fn ecdsa_public_keys(&self, key_type: KeyTypeId) -> Vec<ecdsa::Public>;
|
|
|
|
/// Generate a new ecdsa key pair for the given key type and an optional seed.
|
|
///
|
|
/// Returns an `ecdsa::Public` key of the generated key pair or an `Err` if
|
|
/// something failed during key generation.
|
|
fn ecdsa_generate_new(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
seed: Option<&str>,
|
|
) -> Result<ecdsa::Public, Error>;
|
|
|
|
/// Generate an ecdsa signature for a given message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`ecdsa::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`ecdsa::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn ecdsa_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &ecdsa::Public,
|
|
msg: &[u8],
|
|
) -> Result<Option<ecdsa::Signature>, Error>;
|
|
|
|
/// Generate an ecdsa signature for a given pre-hashed message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and an [`ecdsa::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`ecdsa::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn ecdsa_sign_prehashed(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &ecdsa::Public,
|
|
msg: &[u8; 32],
|
|
) -> Result<Option<ecdsa::Signature>, Error>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Returns all bls12-381 public keys for the given key type.
|
|
fn bls381_public_keys(&self, id: KeyTypeId) -> Vec<bls381::Public>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Returns all bls12-377 public keys for the given key type.
|
|
fn bls377_public_keys(&self, id: KeyTypeId) -> Vec<bls377::Public>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Generate a new bls381 key pair for the given key type and an optional seed.
|
|
///
|
|
/// Returns an `bls381::Public` key of the generated key pair or an `Err` if
|
|
/// something failed during key generation.
|
|
fn bls381_generate_new(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
seed: Option<&str>,
|
|
) -> Result<bls381::Public, Error>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Generate a new bls377 key pair for the given key type and an optional seed.
|
|
///
|
|
/// Returns an `bls377::Public` key of the generated key pair or an `Err` if
|
|
/// something failed during key generation.
|
|
fn bls377_generate_new(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
seed: Option<&str>,
|
|
) -> Result<bls377::Public, Error>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Generate a bls381 signature for a given message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and a [`bls381::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`bls381::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn bls381_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &bls381::Public,
|
|
msg: &[u8],
|
|
) -> Result<Option<bls381::Signature>, Error>;
|
|
|
|
#[cfg(feature = "bls-experimental")]
|
|
/// Generate a bls377 signature for a given message.
|
|
///
|
|
/// Receives [`KeyTypeId`] and a [`bls377::Public`] key to be able to map
|
|
/// them to a private key that exists in the keystore.
|
|
///
|
|
/// Returns an [`bls377::Signature`] or `None` in case the given `key_type`
|
|
/// and `public` combination doesn't exist in the keystore.
|
|
/// An `Err` will be returned if generating the signature itself failed.
|
|
fn bls377_sign(
|
|
&self,
|
|
key_type: KeyTypeId,
|
|
public: &bls377::Public,
|
|
msg: &[u8],
|
|
) -> Result<Option<bls377::Signature>, Error>;
|
|
|
|
/// Insert a new secret key.
|
|
fn insert(&self, key_type: KeyTypeId, suri: &str, public: &[u8]) -> Result<(), ()>;
|
|
|
|
/// List all supported keys of a given type.
|
|
///
|
|
/// Returns a set of public keys the signer supports in raw format.
|
|
fn keys(&self, key_type: KeyTypeId) -> Result<Vec<Vec<u8>>, Error>;
|
|
|
|
/// Checks if the private keys for the given public key and key type combinations exist.
|
|
///
|
|
/// Returns `true` iff all private keys could be found.
|
|
fn has_keys(&self, public_keys: &[(Vec<u8>, KeyTypeId)]) -> bool;
|
|
|
|
/// Convenience method to sign a message using the given key type and a raw public key
|
|
/// for secret lookup.
|
|
///
|
|
/// The message is signed using the cryptographic primitive specified by `crypto_id`.
|
|
///
|
|
/// Schemes supported by the default trait implementation:
|
|
/// - sr25519
|
|
/// - ed25519
|
|
/// - ecdsa
|
|
/// - bls381
|
|
/// - bls377
|
|
///
|
|
/// To support more schemes you can overwrite this method.
|
|
///
|
|
/// Returns the SCALE encoded signature if key is found and supported, `None` if the key doesn't
|
|
/// exist or an error when something failed.
|
|
fn sign_with(
|
|
&self,
|
|
id: KeyTypeId,
|
|
crypto_id: CryptoTypeId,
|
|
public: &[u8],
|
|
msg: &[u8],
|
|
) -> Result<Option<Vec<u8>>, Error> {
|
|
use codec::Encode;
|
|
|
|
let signature = match crypto_id {
|
|
sr25519::CRYPTO_ID => {
|
|
let public = sr25519::Public::from_slice(public)
|
|
.map_err(|_| Error::ValidationError("Invalid public key format".into()))?;
|
|
self.sr25519_sign(id, &public, msg)?.map(|s| s.encode())
|
|
},
|
|
ed25519::CRYPTO_ID => {
|
|
let public = ed25519::Public::from_slice(public)
|
|
.map_err(|_| Error::ValidationError("Invalid public key format".into()))?;
|
|
self.ed25519_sign(id, &public, msg)?.map(|s| s.encode())
|
|
},
|
|
ecdsa::CRYPTO_ID => {
|
|
let public = ecdsa::Public::from_slice(public)
|
|
.map_err(|_| Error::ValidationError("Invalid public key format".into()))?;
|
|
|
|
self.ecdsa_sign(id, &public, msg)?.map(|s| s.encode())
|
|
},
|
|
#[cfg(feature = "bls-experimental")]
|
|
bls381::CRYPTO_ID => {
|
|
let public = bls381::Public::from_slice(public)
|
|
.map_err(|_| Error::ValidationError("Invalid public key format".into()))?;
|
|
self.bls381_sign(id, &public, msg)?.map(|s| s.encode())
|
|
},
|
|
#[cfg(feature = "bls-experimental")]
|
|
bls377::CRYPTO_ID => {
|
|
let public = bls377::Public::from_slice(public)
|
|
.map_err(|_| Error::ValidationError("Invalid public key format".into()))?;
|
|
self.bls377_sign(id, &public, msg)?.map(|s| s.encode())
|
|
},
|
|
_ => return Err(Error::KeyNotSupported(id)),
|
|
};
|
|
Ok(signature)
|
|
}
|
|
}
|
|
|
|
/// A shared pointer to a keystore implementation.
|
|
pub type KeystorePtr = Arc<dyn Keystore>;
|
|
|
|
sp_externalities::decl_extension! {
|
|
/// The keystore extension to register/retrieve from the externalities.
|
|
pub struct KeystoreExt(KeystorePtr);
|
|
}
|
|
|
|
impl KeystoreExt {
|
|
/// Create a new instance of `KeystoreExt`
|
|
pub fn new<T: Keystore + 'static>(keystore: T) -> Self {
|
|
Self(Arc::new(keystore))
|
|
}
|
|
}
|