1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

// Copyright 2019 The Grin Develope;
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Functions defining wallet 'addresses', i.e. ed2559 keys based on
//! a derivation path

use crate::grin_util::from_hex;
use crate::grin_util::secp::key::SecretKey;
use crate::{Error, ErrorKind};
use grin_wallet_util::grin_keychain::{ChildNumber, Identifier, Keychain, SwitchCommitmentType};

use data_encoding::BASE32;
use ed25519_dalek::PublicKey as DalekPublicKey;
use ed25519_dalek::SecretKey as DalekSecretKey;
use failure::ResultExt;
use sha3::{Digest, Sha3_256};

use crate::blake2::blake2b::blake2b;

/// Derive a secret key given a derivation path and index
pub fn address_from_derivation_path<K>(
	keychain: &K,
	parent_key_id: &Identifier,
	index: u32,
) -> Result<SecretKey, Error>
where
	K: Keychain,
{
	let mut key_path = parent_key_id.to_path();
	// An output derivation for acct m/0
	// is m/0/0/0, m/0/0/1 (for instance), m/1 is m/1/0/0, m/1/0/1
	// Address generation path should be
	// for m/0: m/0/1/0, m/0/1/1
	// for m/1: m/1/1/0, m/1/1/1
	key_path.path[1] = ChildNumber::from(1);
	key_path.depth = key_path.depth + 1;
	key_path.path[key_path.depth as usize - 1] = ChildNumber::from(index);
	let key_id = Identifier::from_path(&key_path);
	let sec_key = keychain.derive_key(0, &key_id, &SwitchCommitmentType::None)?;
	let hashed = blake2b(32, &[], &sec_key.0[..]);
	Ok(SecretKey::from_slice(
		&keychain.secp(),
		&hashed.as_bytes()[..],
	)?)
}

/// Output ed25519 keypair given an rust_secp256k1 SecretKey
pub fn ed25519_keypair(sec_key: &SecretKey) -> Result<(DalekSecretKey, DalekPublicKey), Error> {
	let d_skey = match DalekSecretKey::from_bytes(&sec_key.0) {
		Ok(k) => k,
		Err(e) => {
			return Err(ErrorKind::ED25519Key(format!("{}", e)).to_owned())?;
		}
	};
	let d_pub_key: DalekPublicKey = (&d_skey).into();
	Ok((d_skey, d_pub_key))
}

/// Output ed25519 pubkey represented by string
pub fn ed25519_parse_pubkey(pub_key: &str) -> Result<DalekPublicKey, Error> {
	let bytes = from_hex(pub_key.to_owned())
		.context(ErrorKind::AddressDecoding("Can't parse pubkey".to_owned()))?;
	match DalekPublicKey::from_bytes(&bytes) {
		Ok(k) => Ok(k),
		Err(_) => {
			return Err(
				ErrorKind::AddressDecoding("Not a valid public key".to_owned()).to_owned(),
			)?;
		}
	}
}

/// Return the ed25519 public key represented in an onion address
pub fn pubkey_from_onion_v3(onion_address: &str) -> Result<DalekPublicKey, Error> {
	let mut input = onion_address.to_uppercase();
	if input.starts_with("HTTP://") || input.starts_with("HTTPS://") {
		input = input.replace("HTTP://", "");
		input = input.replace("HTTPS://", "");
	}
	if input.ends_with(".ONION") {
		input = input.replace(".ONION", "");
	}
	let orig_address_raw = input.clone();
	// for now, just check input is the right length and try and decode from base32
	if input.len() != 56 {
		return Err(
			ErrorKind::AddressDecoding("Input address is wrong length".to_owned()).to_owned(),
		)?;
	}
	let mut address = BASE32
		.decode(input.as_bytes())
		.context(ErrorKind::AddressDecoding(
			"Input address is not base 32".to_owned(),
		))?
		.to_vec();

	address.split_off(32);
	let key = match DalekPublicKey::from_bytes(&address) {
		Ok(k) => k,
		Err(_) => {
			return Err(ErrorKind::AddressDecoding(
				"Provided onion V3 address is invalid (parsing key)".to_owned(),
			)
			.to_owned())?;
		}
	};
	let test_v3 = match onion_v3_from_pubkey(&key) {
		Ok(k) => k,
		Err(_) => {
			return Err(ErrorKind::AddressDecoding(
				"Provided onion V3 address is invalid (converting from pubkey)".to_owned(),
			)
			.to_owned())?;
		}
	};

	if test_v3.to_uppercase() != orig_address_raw.to_uppercase() {
		return Err(ErrorKind::AddressDecoding(
			"Provided onion V3 address is invalid (no match)".to_owned(),
		)
		.to_owned())?;
	}
	Ok(key)
}

/// Generate an onion address from an ed25519_dalek public key
pub fn onion_v3_from_pubkey(pub_key: &DalekPublicKey) -> Result<String, Error> {
	// calculate checksum
	let mut hasher = Sha3_256::new();
	hasher.input(b".onion checksum");
	hasher.input(pub_key.as_bytes());
	hasher.input([0x03u8]);
	let checksum = hasher.result();

	let mut address_bytes = pub_key.as_bytes().to_vec();
	address_bytes.push(checksum[0]);
	address_bytes.push(checksum[1]);
	address_bytes.push(0x03u8);

	let ret = BASE32.encode(&address_bytes);
	Ok(ret.to_lowercase())
}

#[cfg(test)]
mod test {
	use super::*;

	#[test]
	fn onion_v3_conversion() {
		let onion_address = "2a6at2obto3uvkpkitqp4wxcg6u36qf534eucbskqciturczzc5suyid";

		let key = pubkey_from_onion_v3(onion_address).unwrap();
		println!("Key: {:?}", &key);

		let out_address = onion_v3_from_pubkey(&key).unwrap();
		println!("Address: {:?}", &out_address);

		assert_eq!(onion_address, out_address);
	}
}