cardano_sdk/crypto/

key.rs

//! Cardano Crypto Keys
//!
//! Secret keys:
//!
//! * HDKey : Hierarchical Deterministic
//! * ExtendedEd25519Key : Extended ED25519 key
//! * Ed25519Key : Standard Ed25519 key
//!
//! Public keys:
//!
//! * HDPublicKey
//! * Ed25519PublicKey
//! * Ed25519PublicKey
//!
//!
//! ```none
//! HDKey --------------- .to_public() -----> HDPublicKey
//!   |                                          |
//!  .strip_hd()                             .strip_hd()
//!   |                                          |
//!   ↓                                          ↓
//! ExtendedEd25519Key -- .to_public() ---> Ed25519PublicKey
//!                                              ^
//!                                              |
//! Ed25519Key ---------- .to_public() ---------/
//! ```
//!
use bech32::{ToBase32, Variant};
use cbored::CborRepr;
use cryptoxide::ed25519;
use cryptoxide::{hashing::blake2b_224, hmac::Hmac, pbkdf2::pbkdf2, sha2::Sha512};
use ed25519_bip32::{DerivationScheme, XPrv, XPub, XPRV_SIZE};
use std::fmt;

use crate::chain::{Ed25519KeyHash, TxHash, VkeyWitness};

/// A Secret HD (Hierarchical Deterministic) key
///
/// It can turns into a `ExtendedEd25519Key` by using the `.strip_hd()` method
#[derive(Clone)]
pub struct HDKey(XPrv);

/// A Extended ED25519 Secret key
///
/// It can turns into a `Ed25519PublicKey` by using the `.to_public()` method
#[derive(Clone)]
pub struct Ed25519ExtendedKey([u8; 64]);

/// A ED25519 Secret key
///
/// Note: the inner format is actually an ED25519 keypair
///
/// It can turns into a `Ed25519PublicKey` by using the `.to_public()` method
#[derive(Clone)]
pub struct Ed25519Key([u8; 64]);

#[derive(Clone, CborRepr, PartialEq, Eq)]
#[cborrepr(structure = "flat")]
pub struct Ed25519Signature([u8; 64]);

impl fmt::Debug for Ed25519Signature {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ed25519sig-{}", hex::encode(&self.0))
    }
}

impl fmt::Display for Ed25519Signature {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ed25519sig-{}", hex::encode(&self.0))
    }
}

/// A Public HD (Hierarchical Deterministic) key
///
/// It can turns into a `Ed25519PublicKey` by using the `.strip_hd()` method
#[derive(Clone, PartialEq, Eq, Hash)]
pub struct HDPublicKey(XPub);

impl fmt::Debug for HDPublicKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "hdpub-{}", hex::encode(&self.0))
    }
}

impl fmt::Display for HDPublicKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "hdpub-{}", hex::encode(&self.0))
    }
}

impl cbored::Encode for HDPublicKey {
    fn encode(&self, writer: &mut cbored::Writer) {
        writer.encode(self.0.as_ref());
    }
}

impl cbored::Decode for HDPublicKey {
    fn decode<'a>(reader: &mut cbored::Reader<'a>) -> Result<Self, cbored::DecodeError> {
        reader
            .decode::<[u8; 64]>()
            .map(|x| HDPublicKey(XPub::from_bytes(x)))
    }
}

/// Standard Ed25519 Public Key (32 bytes)
#[derive(Clone, CborRepr, PartialEq, Eq)]
#[cborrepr(structure = "flat")]
pub struct Ed25519PublicKey([u8; 32]);

impl fmt::Debug for Ed25519PublicKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ed25519pub-{}", hex::encode(&self.0))
    }
}

impl fmt::Display for Ed25519PublicKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ed25519pub-{}", hex::encode(&self.0))
    }
}

fn xprv_bip39_like_hashing(entropy: &[u8], password: &[u8]) -> XPrv {
    const ITER: u32 = 4096;

    let mut pbkdf2_result = [0; XPRV_SIZE];
    let mut mac = Hmac::new(Sha512::new(), password);
    pbkdf2(&mut mac, entropy.as_ref(), ITER, &mut pbkdf2_result);
    XPrv::normalize_bytes_force3rd(pbkdf2_result)
}

/// BIP32 index (32 bit integer, where highest bit mark soft or hard derivation)
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct Bip32Index(u32);

/// Enumeration for all cryptographic signature verification to prevent boolean blindness
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum SignatureVerification {
    Passed,
    Failed,
}

impl Bip32Index {
    /// Get the raw u32 value
    pub const fn u32(self) -> u32 {
        self.0
    }

    /// Return whether the index is hard
    pub const fn is_hard(self) -> bool {
        (self.0 & 0x8000_0000) != 0
    }

    /// Return whether the index is soft
    pub const fn is_soft(self) -> bool {
        !self.is_hard()
    }

    /// Create a hard index from 31 bits
    ///
    /// if the 32th bit is set, it will raised a panic
    pub const fn hard(v: u32) -> Self {
        assert!((v & 0x8000_0000) == 0);
        Bip32Index(v | 0x8000_0000)
    }

    /// Create a soft index from 31 bits
    ///
    /// if the 32th bit is set, it will raised a panic
    pub const fn soft(v: u32) -> Self {
        assert!((v & 0x8000_0000) == 0);
        Bip32Index(v)
    }
}

impl HDKey {
    pub fn from_bip39_entropy(entropy: &[u8], password: &[u8]) -> Self {
        Self(xprv_bip39_like_hashing(entropy, password))
    }

    pub fn bip32_derive(&self, index: Bip32Index) -> Self {
        Self(self.0.derive(ed25519_bip32::DerivationScheme::V2, index.0))
    }

    pub fn bip32_derive_multiple(&self, mut indices: &[Bip32Index]) -> Self {
        let mut sk = self.clone();
        while !indices.is_empty() {
            let index = indices[0];
            sk = sk.bip32_derive(index);
            indices = &indices[1..];
        }
        return sk;
    }

    pub fn strip_hd(&self) -> Ed25519ExtendedKey {
        Ed25519ExtendedKey(self.0.extended_secret_key_bytes().clone())
    }

    pub fn to_public(&self) -> HDPublicKey {
        HDPublicKey(self.0.public())
    }

    pub fn to_bech32_string(&self, hrp: &str) -> String {
        bech32::encode(hrp, self.0.as_ref().to_base32(), Variant::Bech32).unwrap()
    }

    pub fn from_bytes(key: &[u8; 96]) -> Self {
        HDKey(XPrv::from_bytes_verified(*key).unwrap())
    }

    pub fn to_bytes(&self) -> [u8; 96] {
        let mut out = [0u8; 96];
        out[0..64].copy_from_slice(self.0.extended_secret_key_bytes());
        out[64..96].copy_from_slice(self.0.chain_code());
        out
    }
}

impl Ed25519ExtendedKey {
    pub fn sign(&self, data: &[u8]) -> Ed25519Signature {
        Ed25519Signature(ed25519::signature_extended(data, &self.0))
    }

    pub fn to_public(&self) -> Ed25519PublicKey {
        Ed25519PublicKey(ed25519::extended_to_public(&self.0))
    }

    pub fn to_witness(&self, hash: &TxHash) -> VkeyWitness {
        let data = hash.0;

        let pk = self.to_public();
        let sig = self.sign(&data);
        VkeyWitness {
            vkey: pk,
            signature: sig,
        }
    }

    pub fn from_bytes(key: &[u8; 64]) -> Self {
        Self(key.clone())
    }

    pub fn to_bytes(&self) -> [u8; 64] {
        self.0.clone()
    }
}

impl Ed25519Key {
    pub fn sign(&self, data: &[u8]) -> Ed25519Signature {
        Ed25519Signature(ed25519::signature(data, &self.0))
    }

    pub fn to_public(&self) -> Ed25519PublicKey {
        Ed25519PublicKey(ed25519::keypair_public(&self.0).clone())
    }

    pub fn from_bytes(secret_key: &[u8; 32]) -> Self {
        let (kp, _) = ed25519::keypair(secret_key);
        Self(kp)
    }

    pub fn to_witness(&self, hash: &TxHash) -> VkeyWitness {
        let data = hash.0;

        let pk = self.to_public();
        let sig = self.sign(&data);
        VkeyWitness {
            vkey: pk,
            signature: sig,
        }
    }

    pub fn to_bytes(&self) -> [u8; 32] {
        let mut out = [0u8; 32];
        out.copy_from_slice(&self.0[0..32]);
        out
    }
}

impl HDPublicKey {
    pub fn to_bytes(&self) -> [u8; 64] {
        self.0.into()
    }

    pub fn from_bytes(pub_key: [u8; 64]) -> Self {
        Self(XPub::from_bytes(pub_key))
    }

    pub fn strip_hd(&self) -> Ed25519PublicKey {
        Ed25519PublicKey(self.0.public_key_bytes().clone())
    }

    pub fn hash(&self) -> Ed25519KeyHash {
        let pk = self.0.public_key_bytes();
        Ed25519KeyHash(blake2b_224(pk))
    }

    pub fn bip32_derive(&self, idx: Bip32Index) -> Self {
        Self(
            self.0
                .derive(DerivationScheme::V2, idx.0)
                .expect("valid soft derivation for public derivation"),
        )
    }
}

impl Ed25519PublicKey {
    pub fn hash(&self) -> Ed25519KeyHash {
        Ed25519KeyHash(blake2b_224(&self.0))
    }

    pub fn verify(&self, signature: &Ed25519Signature, data: &[u8]) -> SignatureVerification {
        if ed25519::verify(data, &self.0, &signature.0) {
            SignatureVerification::Passed
        } else {
            SignatureVerification::Failed
        }
    }

    pub fn as_bytes(&self) -> &[u8; 32] {
        &self.0
    }

    pub fn from_bytes(bytes: &[u8; 32]) -> Self {
        Self(*bytes)
    }
}

impl Ed25519Signature {
    pub fn as_bytes(&self) -> &[u8; 64] {
        &self.0
    }

    pub fn from_bytes(bytes: &[u8; 64]) -> Self {
        Self(*bytes)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn sign_verify() {
        let msg = &[1, 2, 3];
        let key = Ed25519Key::from_bytes(&[1; 32]);
        let pk = key.to_public();
        let sig = key.sign(msg);
        assert_eq!(pk.verify(&sig, msg), SignatureVerification::Passed);
    }
}