referrerpolicy=no-referrer-when-downgrade

sp_core/
bls.rs

1// This file is part of Substrate.
2
3// Copyright (C) Parity Technologies (UK) Ltd.
4// SPDX-License-Identifier: Apache-2.0
5
6// Licensed under the Apache License, Version 2.0 (the "License");
7// you may not use this file except in compliance with the License.
8// You may obtain a copy of the License at
9//
10// 	http://www.apache.org/licenses/LICENSE-2.0
11//
12// Unless required by applicable law or agreed to in writing, software
13// distributed under the License is distributed on an "AS IS" BASIS,
14// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15// See the License for the specific language governing permissions and
16// limitations under the License.
17
18//! BLS (Boneh–Lynn–Shacham) Signature along with efficiently verifiable Chaum-Pedersen proof API.
19//! Signatures are implemented according to
20//! [Efficient Aggregatable BLS Signatures with Chaum-Pedersen Proofs](https://eprint.iacr.org/2022/1611)
21//! Hash-to-BLS-curve is using Simplified SWU for AB == 0
22//! [RFC 9380](https://datatracker.ietf.org/doc/rfc9380/) Sect 6.6.3.
23//! Chaum-Pedersen proof uses the same hash-to-field specified in RFC 9380 for the field of the BLS
24//! curve.
25
26use crate::{
27	crypto::{
28		CryptoType, DeriveError, DeriveJunction, Pair as TraitPair, PublicBytes, SecretStringError,
29		SignatureBytes, UncheckedFrom,
30	},
31	proof_of_possession::{
32		statement_of_ownership, ProofOfPossessionGenerator, ProofOfPossessionVerifier,
33	},
34};
35
36use alloc::vec::Vec;
37
38use w3f_bls::{
39	DoublePublicKey, DoublePublicKeyScheme, DoubleSignature, EngineBLS, Keypair, Message,
40	NuggetBLSnCPPoP, ProofOfPossession as BlsProofOfPossession, SecretKey, SerializableToBytes,
41	TinyBLS381,
42};
43
44#[cfg(feature = "full_crypto")]
45use w3f_bls::ProofOfPossessionGenerator as BlsProofOfPossessionGenerator;
46
47/// Required to generate Proof Of Possession
48use sha2::Sha256;
49
50/// BLS-377 specialized types
51pub mod bls377 {
52	pub use super::{
53		PROOF_OF_POSSESSION_SERIALIZED_SIZE, PUBLIC_KEY_SERIALIZED_SIZE, SIGNATURE_SERIALIZED_SIZE,
54	};
55	use crate::crypto::CryptoTypeId;
56	pub(crate) use w3f_bls::TinyBLS377 as BlsEngine;
57
58	/// An identifier used to match public keys against BLS12-377 keys
59	pub const CRYPTO_ID: CryptoTypeId = CryptoTypeId(*b"bls7");
60
61	#[doc(hidden)]
62	pub type Bls377Tag = BlsEngine;
63
64	/// BLS12-377 key pair.
65	pub type Pair = super::Pair<BlsEngine>;
66	/// BLS12-377 public key.
67	pub type Public = super::Public<BlsEngine>;
68	/// BLS12-377 signature.
69	pub type Signature = super::Signature<BlsEngine>;
70	/// BLS12-377 Proof Of Possesion.
71	pub type ProofOfPossession = super::ProofOfPossession<BlsEngine>;
72
73	impl super::HardJunctionId for BlsEngine {
74		const ID: &'static str = "BLS12377HDKD";
75	}
76}
77
78/// BLS-381 specialized types
79pub mod bls381 {
80	pub use super::{
81		PROOF_OF_POSSESSION_SERIALIZED_SIZE, PUBLIC_KEY_SERIALIZED_SIZE, SIGNATURE_SERIALIZED_SIZE,
82	};
83	use crate::crypto::CryptoTypeId;
84	pub use w3f_bls::TinyBLS381 as BlsEngine;
85
86	/// An identifier used to match public keys against BLS12-381 keys
87	pub const CRYPTO_ID: CryptoTypeId = CryptoTypeId(*b"bls8");
88
89	#[doc(hidden)]
90	pub type Bls381Tag = BlsEngine;
91
92	/// BLS12-381 key pair.
93	pub type Pair = super::Pair<BlsEngine>;
94	/// BLS12-381 public key.
95	pub type Public = super::Public<BlsEngine>;
96	/// BLS12-381 signature.
97	pub type Signature = super::Signature<BlsEngine>;
98
99	/// BLS12-381 Proof Of Possesion.
100	pub type ProofOfPossession = super::ProofOfPossession<BlsEngine>;
101
102	impl super::HardJunctionId for BlsEngine {
103		const ID: &'static str = "BLS12381HDKD";
104	}
105}
106
107trait BlsBound: EngineBLS + HardJunctionId + Send + Sync + 'static {}
108
109impl<T: EngineBLS + HardJunctionId + Send + Sync + 'static> BlsBound for T {}
110
111/// Secret key serialized size
112const SECRET_KEY_SERIALIZED_SIZE: usize =
113	<SecretKey<TinyBLS381> as SerializableToBytes>::SERIALIZED_BYTES_SIZE;
114
115/// Public key serialized size
116pub const PUBLIC_KEY_SERIALIZED_SIZE: usize =
117	<DoublePublicKey<TinyBLS381> as SerializableToBytes>::SERIALIZED_BYTES_SIZE;
118
119/// Signature serialized size
120pub const SIGNATURE_SERIALIZED_SIZE: usize =
121	<DoubleSignature<TinyBLS381> as SerializableToBytes>::SERIALIZED_BYTES_SIZE;
122
123/// Signature serialized size (for back cert) + Nugget BLS PoP size
124pub const PROOF_OF_POSSESSION_SERIALIZED_SIZE: usize = SIGNATURE_SERIALIZED_SIZE +
125	<NuggetBLSnCPPoP<TinyBLS381> as SerializableToBytes>::SERIALIZED_BYTES_SIZE;
126
127/// A secret seed.
128///
129/// It's not called a "secret key" because ring doesn't expose the secret keys
130/// of the key pair (yeah, dumb); as such we're forced to remember the seed manually if we
131/// will need it later (such as for HDKD).
132type Seed = [u8; SECRET_KEY_SERIALIZED_SIZE];
133
134#[doc(hidden)]
135pub struct BlsTag;
136
137/// A public key.
138pub type Public<SubTag> = PublicBytes<PUBLIC_KEY_SERIALIZED_SIZE, (BlsTag, SubTag)>;
139
140impl<T: BlsBound> CryptoType for Public<T> {
141	type Pair = Pair<T>;
142}
143
144/// A generic BLS signature.
145pub type Signature<SubTag> = SignatureBytes<SIGNATURE_SERIALIZED_SIZE, (BlsTag, SubTag)>;
146
147impl<T: BlsBound> CryptoType for Signature<T> {
148	type Pair = Pair<T>;
149}
150
151/// A generic BLS ProofOfpossession
152pub type ProofOfPossession<SubTag> =
153	SignatureBytes<PROOF_OF_POSSESSION_SERIALIZED_SIZE, (BlsTag, SubTag)>;
154
155impl<T: BlsBound> CryptoType for ProofOfPossession<T> {
156	type Pair = Pair<T>;
157}
158
159/// A key pair.
160pub struct Pair<T: EngineBLS>(Keypair<T>);
161
162impl<T: EngineBLS> Clone for Pair<T> {
163	fn clone(&self) -> Self {
164		Pair(self.0.clone())
165	}
166}
167
168trait HardJunctionId {
169	const ID: &'static str;
170}
171
172/// Derive a single hard junction.
173fn derive_hard_junction<T: HardJunctionId>(secret_seed: &Seed, cc: &[u8; 32]) -> Seed {
174	use codec::Encode;
175	(T::ID, secret_seed, cc).using_encoded(sp_crypto_hashing::blake2_256)
176}
177
178impl<T: EngineBLS> Pair<T> {}
179
180impl<T: BlsBound> TraitPair for Pair<T> {
181	type Seed = Seed;
182	type Public = Public<T>;
183	type Signature = Signature<T>;
184	type ProofOfPossession = ProofOfPossession<T>;
185
186	fn from_seed_slice(seed_slice: &[u8]) -> Result<Self, SecretStringError> {
187		if seed_slice.len() != SECRET_KEY_SERIALIZED_SIZE {
188			return Err(SecretStringError::InvalidSeedLength)
189		}
190		let secret = w3f_bls::SecretKey::from_seed(seed_slice);
191		let public = secret.into_public();
192		Ok(Pair(w3f_bls::Keypair { secret, public }))
193	}
194
195	fn derive<Iter: Iterator<Item = DeriveJunction>>(
196		&self,
197		path: Iter,
198		seed: Option<Seed>,
199	) -> Result<(Self, Option<Seed>), DeriveError> {
200		let mut acc: [u8; SECRET_KEY_SERIALIZED_SIZE] =
201			seed.unwrap_or(self.0.secret.to_bytes().try_into().expect(
202				"Secret key serializer returns a vector of SECRET_KEY_SERIALIZED_SIZE size; qed",
203			));
204		for j in path {
205			match j {
206				DeriveJunction::Soft(_cc) => return Err(DeriveError::SoftKeyInPath),
207				DeriveJunction::Hard(cc) => acc = derive_hard_junction::<T>(&acc, &cc),
208			}
209		}
210		Ok((Self::from_seed(&acc), Some(acc)))
211	}
212
213	fn public(&self) -> Self::Public {
214		let mut raw = [0u8; PUBLIC_KEY_SERIALIZED_SIZE];
215		let pk = DoublePublicKeyScheme::into_double_public_key(&self.0).to_bytes();
216		raw.copy_from_slice(pk.as_slice());
217		Self::Public::unchecked_from(raw)
218	}
219
220	#[cfg(feature = "full_crypto")]
221	fn sign(&self, message: &[u8]) -> Self::Signature {
222		let mut mutable_self = self.clone();
223		let r: [u8; SIGNATURE_SERIALIZED_SIZE] =
224			DoublePublicKeyScheme::sign(&mut mutable_self.0, &Message::new(b"", message))
225				.to_bytes()
226				.try_into()
227				.expect("Signature serializer returns vectors of SIGNATURE_SERIALIZED_SIZE size");
228		Self::Signature::unchecked_from(r)
229	}
230
231	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: &Self::Public) -> bool {
232		let pubkey_array: [u8; PUBLIC_KEY_SERIALIZED_SIZE] =
233			match <[u8; PUBLIC_KEY_SERIALIZED_SIZE]>::try_from(pubkey.as_ref()) {
234				Ok(pk) => pk,
235				Err(_) => return false,
236			};
237		let public_key = match w3f_bls::double::DoublePublicKey::<T>::from_bytes(&pubkey_array) {
238			Ok(pk) => pk,
239			Err(_) => return false,
240		};
241
242		let sig_array = match sig.0[..].try_into() {
243			Ok(s) => s,
244			Err(_) => return false,
245		};
246		let sig = match w3f_bls::double::DoubleSignature::from_bytes(sig_array) {
247			Ok(s) => s,
248			Err(_) => return false,
249		};
250
251		sig.verify(&Message::new(b"", message.as_ref()), &public_key)
252	}
253
254	/// Get the seed for this key.
255	fn to_raw_vec(&self) -> Vec<u8> {
256		self.0
257			.secret
258			.to_bytes()
259			.try_into()
260			.expect("Secret key serializer returns a vector of SECRET_KEY_SERIALIZED_SIZE size")
261	}
262}
263
264impl<T: BlsBound> ProofOfPossessionGenerator for Pair<T> {
265	#[cfg(feature = "full_crypto")]
266	/// Generate proof of possession for BLS12 curves.
267	///
268	/// Signs on:
269	///  - owner as sort of back cert and proof of ownership to prevent front runner attack
270	///  - on its own public key with unique context to prevent rougue key attack on aggregation
271	fn generate_proof_of_possession(&mut self, owner: &[u8]) -> Self::ProofOfPossession {
272		let proof_of_ownership: [u8; SIGNATURE_SERIALIZED_SIZE] =
273			self.sign(statement_of_ownership(owner).as_slice()).to_raw();
274		let proof_of_possession: [u8; SIGNATURE_SERIALIZED_SIZE] =
275			<Keypair<T> as BlsProofOfPossessionGenerator<
276				T,
277				Sha256,
278				DoublePublicKey<T>,
279				NuggetBLSnCPPoP<T>,
280			>>::generate_pok(&mut self.0)
281			.to_bytes()
282			.try_into()
283			.expect("NuggetBLSnCPPoP serializer returns vectors of SIGNATURE_SERIALIZED_SIZE size");
284		let proof_of_ownership_and_possession: [u8; PROOF_OF_POSSESSION_SERIALIZED_SIZE] =
285			[proof_of_ownership, proof_of_possession]
286				.concat()
287				.try_into()
288				.expect("PROOF_OF_POSSESSION_SERIALIZED_SIZE = SIGNATURE_SERIALIZED_SIZE * 2");
289		Self::ProofOfPossession::unchecked_from(proof_of_ownership_and_possession)
290	}
291}
292
293impl<T: BlsBound> ProofOfPossessionVerifier for Pair<T> {
294	/// Verify both proof of ownership (back cert) and proof of possession of the private key
295	fn verify_proof_of_possession(
296		owner: &[u8],
297		proof_of_possession: &Self::ProofOfPossession,
298		allegedly_possessed_pubkey: &Self::Public,
299	) -> bool {
300		let Ok(allegedly_possessed_pubkey_as_bls_pubkey) =
301			DoublePublicKey::<T>::from_bytes(allegedly_possessed_pubkey.as_ref())
302		else {
303			return false
304		};
305
306		let Ok(proof_of_ownership) = proof_of_possession.0[0..SIGNATURE_SERIALIZED_SIZE].try_into()
307		else {
308			return false
309		};
310
311		if !Self::verify(
312			&proof_of_ownership,
313			statement_of_ownership(owner).as_slice(),
314			allegedly_possessed_pubkey,
315		) {
316			return false;
317		}
318
319		let Ok(proof_of_possession) =
320			NuggetBLSnCPPoP::<T>::from_bytes(&proof_of_possession.0[SIGNATURE_SERIALIZED_SIZE..])
321		else {
322			return false;
323		};
324
325		BlsProofOfPossession::<T, Sha256, _>::verify(
326			&proof_of_possession,
327			&allegedly_possessed_pubkey_as_bls_pubkey,
328		)
329	}
330}
331
332impl<T: BlsBound> CryptoType for Pair<T> {
333	type Pair = Pair<T>;
334}
335
336// Test set exercising the BLS12-377 implementation
337#[cfg(test)]
338mod tests {
339	use super::*;
340	#[cfg(feature = "serde")]
341	use crate::crypto::Ss58Codec;
342	use crate::crypto::DEV_PHRASE;
343	use bls377::Pair as Bls377Pair;
344	use bls381::Pair as Bls381Pair;
345
346	fn default_phrase_should_be_used<E: BlsBound>() {
347		assert_eq!(
348			Pair::<E>::from_string("//Alice///password", None).unwrap().public(),
349			Pair::<E>::from_string(&format!("{}//Alice", DEV_PHRASE), Some("password"))
350				.unwrap()
351				.public(),
352		);
353	}
354
355	#[test]
356	fn default_phrase_should_be_used_for_bls377() {
357		default_phrase_should_be_used::<bls377::BlsEngine>();
358	}
359
360	#[test]
361	fn default_phrase_should_be_used_for_bls381() {
362		default_phrase_should_be_used::<bls381::BlsEngine>();
363	}
364
365	fn seed_and_derive_should_work<E: BlsBound>() -> Vec<u8> {
366		let seed = array_bytes::hex2array_unchecked(
367			"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
368		);
369		let pair = Pair::<E>::from_seed(&seed);
370		// we are using hash-to-field so this is not going to work
371		// assert_eq!(pair.seed(), seed);
372		let path = vec![DeriveJunction::Hard([0u8; 32])];
373		let derived = pair.derive(path.into_iter(), None).ok().unwrap().0;
374		println!("derived is: {:?}", array_bytes::bytes2hex("", derived.to_raw_vec()));
375		derived.to_raw_vec()
376	}
377
378	#[test]
379	fn seed_and_derive_should_work_for_bls377() {
380		let derived_as_raw_vector = seed_and_derive_should_work::<bls377::BlsEngine>();
381		assert_eq!(
382			derived_as_raw_vector,
383			array_bytes::hex2array_unchecked::<_, 32>(
384				"3a0626d095148813cd1642d38254f1cfff7eb8cc1a2fc83b2a135377c3554c12"
385			)
386		);
387	}
388
389	#[test]
390	fn seed_and_derive_should_work_for_bls381() {
391		let derived_as_raw_vector = seed_and_derive_should_work::<bls381::BlsEngine>();
392		assert_eq!(
393			derived_as_raw_vector,
394			array_bytes::hex2array_unchecked::<_, 32>(
395				"bb6ac58be00d3c7ae5608ca64180b5af628e79b58592b6067136bb46255cea27"
396			)
397		);
398	}
399
400	fn test_vector_should_work<E: BlsBound>(
401		pair: Pair<E>,
402		hex_expected_pub_key: &str,
403		hex_expected_signature: &str,
404	) {
405		let public = pair.public();
406		assert_eq!(
407			public,
408			Public::unchecked_from(array_bytes::hex2array_unchecked(hex_expected_pub_key))
409		);
410		let message = b"";
411		let expected_signature_bytes = array_bytes::hex2array_unchecked(hex_expected_signature);
412
413		let expected_signature = Signature::unchecked_from(expected_signature_bytes);
414		let signature = pair.sign(&message[..]);
415
416		assert!(signature == expected_signature);
417		assert!(Pair::verify(&signature, &message[..], &public));
418	}
419
420	#[test]
421	fn test_vector_should_work_for_bls377() {
422		let pair = Bls377Pair::from_seed(&array_bytes::hex2array_unchecked(
423			"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
424		));
425		test_vector_should_work(pair,
426	    "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400",
427	    "124571b4bf23083b5d07e720fde0a984d4d592868156ece77487e97a1ba4b29397dbdc454f13e3aed1ad4b6a99af2501c68ab88ec0495f962a4f55c7c460275a8d356cfa344c27778ca4c641bd9a3604ce5c28f9ed566e1d29bf3b5d3591e46ae28be3ece035e8e4db53a40fc5826002"
428	    )
429	}
430
431	#[test]
432	fn test_vector_should_work_for_bls381() {
433		let pair = Bls381Pair::from_seed(&array_bytes::hex2array_unchecked(
434			"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
435		));
436		test_vector_should_work(pair,
437				    "88ff6c3a32542bc85f2adf1c490a929b7fcee50faeb95af9a036349390e9b3ea7326247c4fc4ebf88050688fd6265de0806284eec09ba0949f5df05dc93a787a14509749f36e4a0981bb748d953435483740907bb5c2fe8ffd97e8509e1a038b05fb08488db628ea0638b8d48c3ddf62ed437edd8b23d5989d6c65820fc70f80fb39b486a3766813e021124aec29a566",
438	    "8f4fe16cbb1b7f26ddbfbcde864a3c2f68802fbca5bd59920a135ed7e0f74cd9ba160e61c85e9acee3b4fe277862f226e60ac1958b57ed4487daf4673af420e8bf036ee8169190a927ede2e8eb3d6600633c69b2a84eb017473988fdfde082e150cbef05b77018c1f8ccc06da9e80421"
439	    )
440	}
441
442	#[test]
443	fn test_vector_by_string_should_work_for_bls377() {
444		let pair = Bls377Pair::from_string(
445			"0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
446			None,
447		)
448		.unwrap();
449		test_vector_should_work(pair,
450	    "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400",
451	    "124571b4bf23083b5d07e720fde0a984d4d592868156ece77487e97a1ba4b29397dbdc454f13e3aed1ad4b6a99af2501c68ab88ec0495f962a4f55c7c460275a8d356cfa344c27778ca4c641bd9a3604ce5c28f9ed566e1d29bf3b5d3591e46ae28be3ece035e8e4db53a40fc5826002"
452	    )
453	}
454
455	#[test]
456	fn test_vector_by_string_should_work_for_bls381() {
457		let pair = Bls381Pair::from_string(
458			"0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
459			None,
460		)
461		.unwrap();
462		test_vector_should_work(pair,
463	    "88ff6c3a32542bc85f2adf1c490a929b7fcee50faeb95af9a036349390e9b3ea7326247c4fc4ebf88050688fd6265de0806284eec09ba0949f5df05dc93a787a14509749f36e4a0981bb748d953435483740907bb5c2fe8ffd97e8509e1a038b05fb08488db628ea0638b8d48c3ddf62ed437edd8b23d5989d6c65820fc70f80fb39b486a3766813e021124aec29a566",
464	    "8f4fe16cbb1b7f26ddbfbcde864a3c2f68802fbca5bd59920a135ed7e0f74cd9ba160e61c85e9acee3b4fe277862f226e60ac1958b57ed4487daf4673af420e8bf036ee8169190a927ede2e8eb3d6600633c69b2a84eb017473988fdfde082e150cbef05b77018c1f8ccc06da9e80421"
465	    )
466	}
467
468	fn test_pair<E: BlsBound>(pair: Pair<E>) -> (String, String) {
469		let public = pair.public();
470		let message = b"Something important";
471		let signature = pair.sign(&message[..]);
472		assert!(Pair::verify(&signature, &message[..], &public));
473		assert!(!Pair::verify(&signature, b"Something else", &public));
474		let public_bytes: &[u8] = public.as_ref();
475		let signature_bytes: &[u8] = signature.as_ref();
476		(array_bytes::bytes2hex("", public_bytes), array_bytes::bytes2hex("", signature_bytes))
477	}
478
479	#[test]
480	fn generated_pair_should_work_for_bls377() {
481		let (pair, _) = Bls377Pair::generate();
482		test_pair(pair);
483	}
484
485	#[test]
486	fn generated_pair_should_work_for_bls381() {
487		let (pair, _) = Bls381Pair::generate();
488		test_pair(pair);
489	}
490
491	#[test]
492	fn seeded_pair_should_work_for_bls377() {
493		let pair = Bls377Pair::from_seed(b"12345678901234567890123456789012");
494		let (public, _) = test_pair(pair);
495		assert_eq!(
496		    public,
497		    "754d2f2bbfa67df54d7e0e951979a18a1e0f45948857752cc2bac6bbb0b1d05e8e48bcc453920bf0c4bbd5993212480112a1fb433f04d74af0a8b700d93dc957ab3207f8d071e948f5aca1a7632c00bdf6d06be05b43e2e6216dccc8a5d55a0071cb2313cfd60b7e9114619cd17c06843b352f0b607a99122f6651df8f02e1ad3697bd208e62af047ddd7b942ba80080"
498		);
499	}
500
501	#[test]
502	fn seeded_pair_should_work_for_bls381() {
503		let pair = Bls381Pair::from_seed(b"12345678901234567890123456789012");
504		let (public, _) = test_pair(pair);
505		assert_eq!(
506			public,
507		    "abe9554cc2cab7fdc391a4e07ed0f45544cf0fe235babedf553c098d37dd162d9402a0aed95c00ed01349a6017a3d864adcc9756e98b7931aa3526b1511730c9cbacf3cbe781ae5efefdb177b301bca0229a5cf87432251cd31341c9b88aea9501005fa16e814ad31a95fcc396633baf563f6306e982ddec978faa0399ba73c1c1a87fa4791b3f5bbb719c1401b2af37"
508		);
509	}
510
511	fn test_recover_with_phrase<E: BlsBound>(
512		pair: Pair<E>,
513		phrase: String,
514		password: Option<&str>,
515	) {
516		let (recovered_pair, _) = Pair::from_phrase(&phrase, password).unwrap();
517
518		assert_eq!(pair.public(), recovered_pair.public());
519	}
520
521	#[test]
522	fn generate_with_phrase_recovery_possible_for_bls377() {
523		let (pair, phrase, _) = Bls377Pair::generate_with_phrase(None);
524		test_recover_with_phrase(pair, phrase, None);
525	}
526
527	#[test]
528	fn generate_with_phrase_recovery_possible_for_bls381() {
529		let (pair, phrase, _) = Bls381Pair::generate_with_phrase(None);
530		test_recover_with_phrase(pair, phrase, None);
531	}
532
533	#[test]
534	fn generate_with_password_phrase_recovery_possible_for_bls377() {
535		let (pair, phrase, _) = Bls377Pair::generate_with_phrase(Some("password"));
536		test_recover_with_phrase(pair, phrase, Some("password"));
537	}
538
539	#[test]
540	fn generate_with_password_phrase_recovery_possible_for_bls381() {
541		let (pair, phrase, _) = Bls381Pair::generate_with_phrase(Some("password"));
542		test_recover_with_phrase(pair, phrase, Some("password"));
543	}
544
545	fn test_recover_from_seed_and_string<E: BlsBound>(pair: Pair<E>, phrase: String, seed: Seed) {
546		let repair_seed = Pair::from_seed_slice(seed.as_ref()).expect("seed slice is valid");
547		assert_eq!(pair.public(), repair_seed.public());
548		assert_eq!(pair.to_raw_vec(), repair_seed.to_raw_vec());
549		let (repair_phrase, reseed) =
550			Pair::from_phrase(phrase.as_ref(), None).expect("seed slice is valid");
551		assert_eq!(seed, reseed);
552		assert_eq!(pair.public(), repair_phrase.public());
553		assert_eq!(pair.to_raw_vec(), repair_seed.to_raw_vec());
554
555		let repair_string = Pair::from_string(phrase.as_str(), None).expect("seed slice is valid");
556		assert_eq!(pair.public(), repair_string.public());
557		assert_eq!(pair.to_raw_vec(), repair_seed.to_raw_vec());
558	}
559
560	#[test]
561	fn generate_with_phrase_should_be_recoverable_with_from_string_for_bls377() {
562		let (pair, phrase, seed) = Bls377Pair::generate_with_phrase(None);
563		test_recover_from_seed_and_string(pair, phrase, seed);
564	}
565
566	#[test]
567	fn generate_with_phrase_should_be_recoverable_with_from_string_for_bls381() {
568		let (pair, phrase, seed) = Bls381Pair::generate_with_phrase(None);
569		test_recover_from_seed_and_string(pair, phrase, seed);
570	}
571
572	fn password_does_something<E: BlsBound>() {
573		let (pair1, phrase, _) = Pair::<E>::generate_with_phrase(Some("password"));
574		let (pair2, _) = Pair::<E>::from_phrase(&phrase, None).unwrap();
575
576		assert_ne!(pair1.public(), pair2.public());
577		assert_ne!(pair1.to_raw_vec(), pair2.to_raw_vec());
578	}
579
580	#[test]
581	fn password_does_something_for_bls377() {
582		password_does_something::<bls377::BlsEngine>();
583	}
584
585	#[test]
586	fn password_does_something_for_bls381() {
587		password_does_something::<bls381::BlsEngine>();
588	}
589
590	fn ss58check_roundtrip_works<E: BlsBound>() {
591		let pair = Pair::<E>::from_seed(b"12345678901234567890123456789012");
592		let public = pair.public();
593		let s = public.to_ss58check();
594		println!("Correct: {}", s);
595		let cmp = Public::from_ss58check(&s).unwrap();
596		assert_eq!(cmp, public);
597	}
598
599	#[test]
600	fn ss58check_roundtrip_works_for_bls377() {
601		ss58check_roundtrip_works::<bls377::BlsEngine>();
602	}
603
604	#[test]
605	fn ss58check_roundtrip_works_for_bls381() {
606		ss58check_roundtrip_works::<bls381::BlsEngine>();
607	}
608
609	fn signature_serialization_works<E: BlsBound>() {
610		let pair = Pair::<E>::from_seed(b"12345678901234567890123456789012");
611		let message = b"Something important";
612		let signature = pair.sign(&message[..]);
613		let serialized_signature = serde_json::to_string(&signature).unwrap();
614		// Signature is 112 bytes, hexify * 2, so 224  chars + 2 quote chars
615		assert_eq!(serialized_signature.len(), 226);
616		let signature = serde_json::from_str(&serialized_signature).unwrap();
617		assert!(Pair::<E>::verify(&signature, &message[..], &pair.public()));
618	}
619	#[test]
620	fn signature_serialization_works_for_bls377() {
621		signature_serialization_works::<bls377::BlsEngine>();
622	}
623
624	#[test]
625	fn signature_serialization_works_for_bls381() {
626		signature_serialization_works::<bls381::BlsEngine>();
627	}
628
629	fn signature_serialization_doesnt_panic<E: BlsBound>() {
630		fn deserialize_signature<E: BlsBound>(
631			text: &str,
632		) -> Result<Signature<E>, serde_json::error::Error> {
633			serde_json::from_str(text)
634		}
635		assert!(deserialize_signature::<E>("Not valid json.").is_err());
636		assert!(deserialize_signature::<E>("\"Not an actual signature.\"").is_err());
637		// Poorly-sized
638		assert!(deserialize_signature::<E>("\"abc123\"").is_err());
639	}
640	#[test]
641	fn signature_serialization_doesnt_panic_for_bls377() {
642		signature_serialization_doesnt_panic::<bls377::BlsEngine>();
643	}
644
645	#[test]
646	fn signature_serialization_doesnt_panic_for_bls381() {
647		signature_serialization_doesnt_panic::<bls381::BlsEngine>();
648	}
649
650	fn must_generate_proof_of_possession<E: BlsBound>() {
651		let mut pair = Pair::<E>::from_seed(b"12345678901234567890123456789012");
652		let owner = b"owner";
653
654		pair.generate_proof_of_possession(owner);
655	}
656
657	#[test]
658	fn must_generate_proof_of_possession_for_bls377() {
659		must_generate_proof_of_possession::<bls377::BlsEngine>();
660	}
661
662	#[test]
663	fn must_generate_proof_of_possession_for_bls381() {
664		must_generate_proof_of_possession::<bls381::BlsEngine>();
665	}
666
667	fn good_proof_of_possession_must_verify<E: BlsBound>() {
668		let mut pair = Pair::<E>::from_seed(b"12345678901234567890123456789012");
669		let owner = b"owner";
670		let proof_of_possession = pair.generate_proof_of_possession(owner);
671		assert!(Pair::<E>::verify_proof_of_possession(owner, &proof_of_possession, &pair.public()));
672	}
673
674	#[test]
675	fn good_proof_of_possession_must_verify_for_bls377() {
676		good_proof_of_possession_must_verify::<bls377::BlsEngine>();
677	}
678
679	#[test]
680	fn good_proof_of_possession_must_verify_for_bls381() {
681		good_proof_of_possession_must_verify::<bls381::BlsEngine>();
682	}
683
684	fn proof_of_possession_must_fail_if_prover_does_not_possess_secret_key<E: BlsBound>() {
685		let owner = b"owner";
686		let not_owner = b"not owner";
687		let mut pair = Pair::<E>::from_seed(b"12345678901234567890123456789012");
688		let other_pair = Pair::<E>::from_seed(b"23456789012345678901234567890123");
689		let proof_of_possession = pair.generate_proof_of_possession(owner);
690		assert!(Pair::verify_proof_of_possession(owner, &proof_of_possession, &pair.public()));
691		assert_eq!(
692			Pair::<E>::verify_proof_of_possession(
693				owner,
694				&proof_of_possession,
695				&other_pair.public()
696			),
697			false
698		);
699		assert!(!Pair::verify_proof_of_possession(not_owner, &proof_of_possession, &pair.public()));
700	}
701
702	#[test]
703	fn proof_of_possession_must_fail_if_prover_does_not_possess_secret_key_for_bls377() {
704		proof_of_possession_must_fail_if_prover_does_not_possess_secret_key::<bls377::BlsEngine>();
705	}
706
707	#[test]
708	fn proof_of_possession_must_fail_if_prover_does_not_possess_secret_key_for_bls381() {
709		proof_of_possession_must_fail_if_prover_does_not_possess_secret_key::<bls381::BlsEngine>();
710	}
711}