1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273

use fuel_types::Bytes32;

use core::fmt;
use core::ops::Deref;

use zeroize::Zeroize;

/// Asymmetric secret key
#[derive(Default, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Zeroize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[repr(transparent)]
pub struct SecretKey(Bytes32);

impl SecretKey {
    /// Memory length of the type
    pub const LEN: usize = Bytes32::LEN;

    /// Add a conversion from arbitrary slices into owned
    ///
    /// # Safety
    ///
    /// There is no guarantee the provided bytes will fit the field. The field
    /// security can be checked with [`SecretKey::is_in_field`].
    pub unsafe fn from_bytes_unchecked(bytes: [u8; Self::LEN]) -> Self {
        Self(bytes.into())
    }

    /// Add a conversion from arbitrary slices into owned
    ///
    /// # Safety
    ///
    /// This function will not panic if the length of the slice is smaller than
    /// `Self::LEN`. Instead, it will cause undefined behavior and read random
    /// disowned bytes.
    ///
    /// There is no guarantee the provided bytes will fit the field.
    pub unsafe fn from_slice_unchecked(bytes: &[u8]) -> Self {
        Self(Bytes32::from_slice_unchecked(bytes))
    }

    /// Copy-free reference cast
    ///
    /// There is no guarantee the provided bytes will fit the field.
    ///
    /// # Safety
    ///
    /// Inputs smaller than `Self::LEN` will cause undefined behavior.
    pub unsafe fn as_ref_unchecked(bytes: &[u8]) -> &Self {
        // The interpreter will frequently make references to keys and values using
        // logically checked slices.
        //
        // This function will avoid unnecessary copy to owned slices for the interpreter
        // access
        &*(bytes.as_ptr() as *const Self)
    }
}

impl Deref for SecretKey {
    type Target = [u8; SecretKey::LEN];

    fn deref(&self) -> &[u8; SecretKey::LEN] {
        self.0.deref()
    }
}

impl AsRef<[u8]> for SecretKey {
    fn as_ref(&self) -> &[u8] {
        self.0.as_ref()
    }
}

impl From<SecretKey> for [u8; SecretKey::LEN] {
    fn from(salt: SecretKey) -> [u8; SecretKey::LEN] {
        salt.0.into()
    }
}

impl fmt::LowerHex for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::UpperHex for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::Debug for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        self.0.fmt(f)
    }
}

impl fmt::Display for SecretKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        self.0.fmt(f)
    }
}

#[cfg(feature = "std")]
mod use_std {
    use super::*;
    use crate::{Error, PublicKey};
    use coins_bip32::path::DerivationPath;
    use coins_bip39::{English, Mnemonic};
    use core::borrow::Borrow;
    use core::str;
    use secp256k1::{Error as Secp256k1Error, SecretKey as Secp256k1SecretKey};
    use std::str::FromStr;

    #[cfg(feature = "random")]
    use rand::{
        distributions::{Distribution, Standard},
        Rng,
    };

    pub type W = English;

    impl SecretKey {
        /// Create a new random secret
        #[cfg(feature = "random")]
        pub fn random<R>(rng: &mut R) -> Self
        where
            R: rand::Rng + ?Sized,
        {
            // TODO there is no clear API to generate a scalar for secp256k1. This code is
            // very inefficient and not constant time; it was copied from
            // https://github.com/rust-bitcoin/rust-secp256k1/blob/ada3f98ab65e6f12cf1550edb0b7ae064ecac153/src/key.rs#L101
            //
            // Need to improve; generate random bytes and truncate to the field.
            //
            // We don't call `Secp256k1SecretKey::new` here because the `rand` requirements
            // are outdated and inconsistent.

            use secp256k1::ffi::{self, CPtr};

            let mut secret = Bytes32::zeroed();

            loop {
                rng.fill(secret.as_mut());

                // Safety: FFI call
                let overflow = unsafe {
                    ffi::secp256k1_ec_seckey_verify(
                        ffi::secp256k1_context_no_precomp,
                        secret.as_c_ptr(),
                    )
                };

                if overflow != 0 {
                    break;
                }
            }

            Self(secret)
        }

        /// Generate a new secret key from a mnemonic phrase and its derivation path.
        /// Both are passed as `&str`. If you want to manually create a `DerivationPath`
        /// and `Mnemonic`, use [`SecretKey::new_from_mnemonic`].
        /// The derivation path is a list of integers, each representing a child index.
        pub fn new_from_mnemonic_phrase_with_path(phrase: &str, path: &str) -> Result<Self, Error> {
            let mnemonic = Mnemonic::<W>::new_from_phrase(phrase)?;
            let path = DerivationPath::from_str(path)?;
            Self::new_from_mnemonic(path, mnemonic)
        }

        /// Generate a new secret key from a `DerivationPath` and `Mnemonic`.
        /// If you want to pass strings instead, use [`SecretKey::new_from_mnemonic_phrase_with_path`].
        pub fn new_from_mnemonic(d: DerivationPath, m: Mnemonic<W>) -> Result<Self, Error> {
            let derived_priv_key = m.derive_key(d, None)?;
            let key: &coins_bip32::prelude::SigningKey = derived_priv_key.as_ref();

            // Safety: this slice will always be of the expected length (`Bytes32`)
            // because it will be a `Secp256k` secret key, coming from
            // `coins_bip32::prelude::SigningKey`, which is a 256-bit (32-byte) scalar.
            Ok(unsafe { SecretKey::from_slice_unchecked(key.to_bytes().as_ref()) })
        }

        /// Check if the provided slice represents a scalar that fits the field.
        ///
        /// # Safety
        ///
        /// This function extends the unsafety of
        /// [`SecretKey::as_ref_unchecked`].
        pub unsafe fn is_slice_in_field_unchecked(slice: &[u8]) -> bool {
            use secp256k1::ffi::{self, CPtr};

            let secret = Self::as_ref_unchecked(slice);

            // Safety: FFI call
            let overflow = ffi::secp256k1_ec_seckey_verify(
                ffi::secp256k1_context_no_precomp,
                secret.as_c_ptr(),
            );

            overflow != 0
        }

        /// Check if the secret key representation fits the scalar field.
        pub fn is_in_field(&self) -> bool {
            // Safety: struct is guaranteed to reference itself with correct len
            unsafe { Self::is_slice_in_field_unchecked(self.as_ref()) }
        }

        /// Return the curve representation of this secret.
        ///
        /// The discrete logarithm property guarantees this is a one-way
        /// function.
        pub fn public_key(&self) -> PublicKey {
            PublicKey::from(self)
        }
    }

    impl TryFrom<Bytes32> for SecretKey {
        type Error = Error;

        fn try_from(b: Bytes32) -> Result<Self, Self::Error> {
            let secret = SecretKey(b);

            secret
                .is_in_field()
                .then_some(secret)
                .ok_or(Error::InvalidSecretKey)
        }
    }

    impl TryFrom<&[u8]> for SecretKey {
        type Error = Error;

        fn try_from(slice: &[u8]) -> Result<Self, Self::Error> {
            Bytes32::try_from(slice)
                .map_err(|_| Secp256k1Error::InvalidSecretKey.into())
                .and_then(SecretKey::try_from)
        }
    }

    impl str::FromStr for SecretKey {
        type Err = Error;

        fn from_str(s: &str) -> Result<Self, Self::Err> {
            Bytes32::from_str(s)
                .map_err(|_| Secp256k1Error::InvalidSecretKey.into())
                .and_then(SecretKey::try_from)
        }
    }

    impl Borrow<Secp256k1SecretKey> for SecretKey {
        fn borrow(&self) -> &Secp256k1SecretKey {
            // Safety: field checked. The memory representation of the secp256k1 key is
            // `[u8; 32]`
            unsafe { &*(self.as_ref().as_ptr() as *const Secp256k1SecretKey) }
        }
    }

    #[cfg(feature = "random")]
    impl rand::Fill for SecretKey {
        fn try_fill<R: rand::Rng + ?Sized>(&mut self, rng: &mut R) -> Result<(), rand::Error> {
            *self = Self::random(rng);

            Ok(())
        }
    }

    #[cfg(feature = "random")]
    impl Distribution<SecretKey> for Standard {
        fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> SecretKey {
            SecretKey::random(rng)
        }
    }
}