1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263
use fuel_types::Bytes32;
use core::fmt;
use core::ops::Deref;
use zeroize::Zeroize;
/// Asymmetric secret key
#[derive(Default, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Zeroize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[repr(transparent)]
pub struct SecretKey(Bytes32);
impl SecretKey {
/// Memory length of the type
pub const LEN: usize = Bytes32::LEN;
/// Add a conversion from arbitrary slices into owned
///
/// # Safety
///
/// There is no guarantee the provided bytes will fit the field. The field
/// security can be checked with [`SecretKey::is_in_field`].
pub unsafe fn from_bytes_unchecked(bytes: [u8; Self::LEN]) -> Self {
Self(bytes.into())
}
/// Add a conversion from arbitrary slices into owned
///
/// # Safety
///
/// This function will not panic if the length of the slice is smaller than
/// `Self::LEN`. Instead, it will cause undefined behavior and read random
/// disowned bytes.
///
/// There is no guarantee the provided bytes will fit the field.
pub unsafe fn from_slice_unchecked(bytes: &[u8]) -> Self {
Self(Bytes32::from_slice_unchecked(bytes))
}
/// Copy-free reference cast
///
/// There is no guarantee the provided bytes will fit the field.
///
/// # Safety
///
/// Inputs smaller than `Self::LEN` will cause undefined behavior.
pub unsafe fn as_ref_unchecked(bytes: &[u8]) -> &Self {
// The interpreter will frequently make references to keys and values using
// logically checked slices.
//
// This function will avoid unnecessary copy to owned slices for the interpreter
// access
&*(bytes.as_ptr() as *const Self)
}
}
impl Deref for SecretKey {
type Target = [u8; SecretKey::LEN];
fn deref(&self) -> &[u8; SecretKey::LEN] {
self.0.deref()
}
}
impl AsRef<[u8]> for SecretKey {
fn as_ref(&self) -> &[u8] {
self.0.as_ref()
}
}
impl From<SecretKey> for [u8; SecretKey::LEN] {
fn from(salt: SecretKey) -> [u8; SecretKey::LEN] {
salt.0.into()
}
}
impl fmt::LowerHex for SecretKey {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.0.fmt(f)
}
}
impl fmt::UpperHex for SecretKey {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.0.fmt(f)
}
}
impl fmt::Debug for SecretKey {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
self.0.fmt(f)
}
}
impl fmt::Display for SecretKey {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
self.0.fmt(f)
}
}
#[cfg(feature = "std")]
mod use_std {
use super::*;
use crate::{Error, PublicKey};
use coins_bip32::path::DerivationPath;
use coins_bip39::{English, Mnemonic};
use core::borrow::Borrow;
use core::str;
use secp256k1::{Error as Secp256k1Error, SecretKey as Secp256k1SecretKey};
use std::str::FromStr;
#[cfg(feature = "random")]
use rand::{
distributions::{Distribution, Standard},
Rng,
};
pub type W = English;
impl SecretKey {
/// Create a new random secret
#[cfg(feature = "random")]
pub fn random<R>(rng: &mut R) -> Self
where
R: rand::Rng + ?Sized,
{
// TODO there is no clear API to generate a scalar for secp256k1. This code is
// very inefficient and not constant time; it was copied from
// https://github.com/rust-bitcoin/rust-secp256k1/blob/ada3f98ab65e6f12cf1550edb0b7ae064ecac153/src/key.rs#L101
//
// Need to improve; generate random bytes and truncate to the field.
//
// We don't call `Secp256k1SecretKey::new` here because the `rand` requirements
// are outdated and inconsistent.
use secp256k1::ffi::{self, CPtr};
let mut secret = Bytes32::zeroed();
loop {
rng.fill(secret.as_mut());
// Safety: FFI call
let overflow =
unsafe { ffi::secp256k1_ec_seckey_verify(ffi::secp256k1_context_no_precomp, secret.as_c_ptr()) };
if overflow != 0 {
break;
}
}
Self(secret)
}
/// Generate a new secret key from a mnemonic phrase and its derivation path.
/// Both are passed as `&str`. If you want to manually create a `DerivationPath`
/// and `Mnemonic`, use [`SecretKey::new_from_mnemonic`].
/// The derivation path is a list of integers, each representing a child index.
pub fn new_from_mnemonic_phrase_with_path(phrase: &str, path: &str) -> Result<Self, Error> {
let mnemonic = Mnemonic::<W>::new_from_phrase(phrase)?;
let path = DerivationPath::from_str(path)?;
Self::new_from_mnemonic(path, mnemonic)
}
/// Generate a new secret key from a `DerivationPath` and `Mnemonic`.
/// If you want to pass strings instead, use [`SecretKey::new_from_mnemonic_phrase_with_path`].
pub fn new_from_mnemonic(d: DerivationPath, m: Mnemonic<W>) -> Result<Self, Error> {
let derived_priv_key = m.derive_key(d, None)?;
let key: &coins_bip32::prelude::SigningKey = derived_priv_key.as_ref();
// Safety: this slice will always be of the expected length (`Bytes32`)
// because it will be a `Secp256k` secret key, coming from
// `coins_bip32::prelude::SigningKey`, which is a 256-bit (32-byte) scalar.
Ok(unsafe { SecretKey::from_slice_unchecked(key.to_bytes().as_ref()) })
}
/// Check if the provided slice represents a scalar that fits the field.
///
/// # Safety
///
/// This function extends the unsafety of
/// [`SecretKey::as_ref_unchecked`].
pub unsafe fn is_slice_in_field_unchecked(slice: &[u8]) -> bool {
use secp256k1::ffi::{self, CPtr};
let secret = Self::as_ref_unchecked(slice);
// Safety: FFI call
let overflow = ffi::secp256k1_ec_seckey_verify(ffi::secp256k1_context_no_precomp, secret.as_c_ptr());
overflow != 0
}
/// Check if the secret key representation fits the scalar field.
pub fn is_in_field(&self) -> bool {
// Safety: struct is guaranteed to reference itself with correct len
unsafe { Self::is_slice_in_field_unchecked(self.as_ref()) }
}
/// Return the curve representation of this secret.
///
/// The discrete logarithm property guarantees this is a one-way
/// function.
pub fn public_key(&self) -> PublicKey {
PublicKey::from(self)
}
}
impl TryFrom<Bytes32> for SecretKey {
type Error = Error;
fn try_from(b: Bytes32) -> Result<Self, Self::Error> {
let secret = SecretKey(b);
secret.is_in_field().then_some(secret).ok_or(Error::InvalidSecretKey)
}
}
impl TryFrom<&[u8]> for SecretKey {
type Error = Error;
fn try_from(slice: &[u8]) -> Result<Self, Self::Error> {
Bytes32::try_from(slice)
.map_err(|_| Secp256k1Error::InvalidSecretKey.into())
.and_then(SecretKey::try_from)
}
}
impl str::FromStr for SecretKey {
type Err = Error;
fn from_str(s: &str) -> Result<Self, Self::Err> {
Bytes32::from_str(s)
.map_err(|_| Secp256k1Error::InvalidSecretKey.into())
.and_then(SecretKey::try_from)
}
}
impl Borrow<Secp256k1SecretKey> for SecretKey {
fn borrow(&self) -> &Secp256k1SecretKey {
// Safety: field checked. The memory representation of the secp256k1 key is
// `[u8; 32]`
unsafe { &*(self.as_ref().as_ptr() as *const Secp256k1SecretKey) }
}
}
#[cfg(feature = "random")]
impl rand::Fill for SecretKey {
fn try_fill<R: rand::Rng + ?Sized>(&mut self, rng: &mut R) -> Result<(), rand::Error> {
*self = Self::random(rng);
Ok(())
}
}
#[cfg(feature = "random")]
impl Distribution<SecretKey> for Standard {
fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> SecretKey {
SecretKey::random(rng)
}
}
}