1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202

use fuel_types::Bytes32;

use core::fmt;
use core::ops::Deref;

use zeroize::Zeroize;

/// Asymmetric secret key
#[derive(Default, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Zeroize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[repr(transparent)]
pub struct SecretKey(Bytes32);

impl SecretKey {
    /// Memory length of the type
    pub const LEN: usize = Bytes32::LEN;

    /// Construct a `SecretKey` directly from its bytes.
    ///
    /// This constructor expects the given bytes to be a valid secret key. Validity is unchecked.
    #[cfg(feature = "std")]
    fn from_bytes_unchecked(bytes: [u8; Self::LEN]) -> Self {
        Self(bytes.into())
    }
}

impl Deref for SecretKey {
    type Target = [u8; SecretKey::LEN];

    fn deref(&self) -> &[u8; SecretKey::LEN] {
        self.0.deref()
    }
}

impl AsRef<[u8]> for SecretKey {
    fn as_ref(&self) -> &[u8] {
        self.0.as_ref()
    }
}

impl From<SecretKey> for [u8; SecretKey::LEN] {
    fn from(salt: SecretKey) -> [u8; SecretKey::LEN] {
        salt.0.into()
    }
}

impl fmt::LowerHex for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::UpperHex for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::Debug for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::Display for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        self.0.fmt(f)
    }
}

#[cfg(feature = "std")]
mod use_std {
    use super::*;
    use crate::{Error, PublicKey};
    use coins_bip32::path::DerivationPath;
    use coins_bip39::{English, Mnemonic};
    use core::borrow::Borrow;
    use core::str;
    use secp256k1::{Error as Secp256k1Error, SecretKey as Secp256k1SecretKey};
    use std::str::FromStr;

    #[cfg(feature = "random")]
    use rand::{
        distributions::{Distribution, Standard},
        Rng,
    };

    pub type W = English;

    impl SecretKey {
        /// Create a new random secret
        #[cfg(feature = "random")]
        pub fn random<R>(rng: &mut R) -> Self
        where
            R: rand::Rng + ?Sized,
        {
            // TODO there is no clear API to generate a scalar for secp256k1. This code is
            // very inefficient and not constant time; it was copied from
            // https://github.com/rust-bitcoin/rust-secp256k1/blob/ada3f98ab65e6f12cf1550edb0b7ae064ecac153/src/key.rs#L101
            //
            // Need to improve; generate random bytes and truncate to the field.
            //
            // We don't call `Secp256k1SecretKey::new` here because the `rand` requirements
            // are outdated and inconsistent.
            let mut secret = Bytes32::zeroed();
            loop {
                rng.fill(secret.as_mut());
                if secret_key_bytes_valid(&secret).is_ok() {
                    break;
                }
            }
            Self(secret)
        }

        /// Generate a new secret key from a mnemonic phrase and its derivation path.
        /// Both are passed as `&str`. If you want to manually create a `DerivationPath`
        /// and `Mnemonic`, use [`SecretKey::new_from_mnemonic`].
        /// The derivation path is a list of integers, each representing a child index.
        pub fn new_from_mnemonic_phrase_with_path(phrase: &str, path: &str) -> Result<Self, Error> {
            let mnemonic = Mnemonic::<W>::new_from_phrase(phrase)?;
            let path = DerivationPath::from_str(path)?;
            Self::new_from_mnemonic(path, mnemonic)
        }

        /// Generate a new secret key from a `DerivationPath` and `Mnemonic`.
        /// If you want to pass strings instead, use [`SecretKey::new_from_mnemonic_phrase_with_path`].
        pub fn new_from_mnemonic(d: DerivationPath, m: Mnemonic<W>) -> Result<Self, Error> {
            let derived_priv_key = m.derive_key(d, None)?;
            let key: &coins_bip32::prelude::SigningKey = derived_priv_key.as_ref();
            let bytes: [u8; Self::LEN] = key.to_bytes().into();
            Ok(SecretKey::from_bytes_unchecked(bytes))
        }

        /// Return the curve representation of this secret.
        ///
        /// The discrete logarithm property guarantees this is a one-way
        /// function.
        pub fn public_key(&self) -> PublicKey {
            PublicKey::from(self)
        }
    }

    impl TryFrom<Bytes32> for SecretKey {
        type Error = Error;

        fn try_from(b: Bytes32) -> Result<Self, Self::Error> {
            secret_key_bytes_valid(&b).map(|_| Self(b))
        }
    }

    impl TryFrom<&[u8]> for SecretKey {
        type Error = Error;

        fn try_from(slice: &[u8]) -> Result<Self, Self::Error> {
            Bytes32::try_from(slice)
                .map_err(|_| Secp256k1Error::InvalidSecretKey.into())
                .and_then(SecretKey::try_from)
        }
    }

    impl str::FromStr for SecretKey {
        type Err = Error;

        fn from_str(s: &str) -> Result<Self, Self::Err> {
            Bytes32::from_str(s)
                .map_err(|_| Secp256k1Error::InvalidSecretKey.into())
                .and_then(SecretKey::try_from)
        }
    }

    impl Borrow<Secp256k1SecretKey> for SecretKey {
        fn borrow(&self) -> &Secp256k1SecretKey {
            // Safety: field checked. The memory representation of the secp256k1 key is
            // `[u8; 32]`
            #[allow(unsafe_code)]
            unsafe {
                &*(self.as_ref().as_ptr() as *const Secp256k1SecretKey)
            }
        }
    }

    #[cfg(feature = "random")]
    impl rand::Fill for SecretKey {
        fn try_fill<R: rand::Rng + ?Sized>(&mut self, rng: &mut R) -> Result<(), rand::Error> {
            *self = Self::random(rng);

            Ok(())
        }
    }

    #[cfg(feature = "random")]
    impl Distribution<SecretKey> for Standard {
        fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> SecretKey {
            SecretKey::random(rng)
        }
    }

    /// Check if the secret key byte representation is within the curve.
    fn secret_key_bytes_valid(bytes: &[u8; SecretKey::LEN]) -> Result<(), Error> {
        secp256k1::SecretKey::from_slice(bytes).map(|_| ()).map_err(Into::into)
    }
}