Skip to main content

movement_sdk/crypto/
mod.rs

1//! Cryptographic primitives for the Movement SDK.
2//!
3//! This module provides implementations of the signature schemes supported
4//! by Movement, including Ed25519, Secp256k1, and Secp256r1 (P-256).
5//!
6//! # Feature Flags
7//!
8//! - `ed25519` (default): Ed25519 signatures
9//! - `secp256k1` (default): Secp256k1 ECDSA signatures
10//! - `secp256r1`: Secp256r1 (P-256) ECDSA signatures
11//! - `bls`: BLS12-381 signatures
12//!
13//! # Security Considerations
14//!
15//! ## Timing Attacks
16//!
17//! The `PartialEq` implementations for cryptographic types use standard byte
18//! comparisons which may not be constant-time. This is generally acceptable
19//! because:
20//!
21//! - Public keys and signatures are not secret material
22//! - Signature verification in the underlying libraries uses constant-time
23//!   operations for the actual cryptographic comparisons
24//!
25//! If you need constant-time comparisons for specific use cases (e.g., comparing
26//! against expected signatures in tests), consider using the `subtle` crate's
27//! `ConstantTimeEq` trait.
28//!
29//! ## Key Material Protection
30//!
31//! Private key types implement `Zeroize` and `ZeroizeOnDrop` to clear sensitive
32//! key material from memory when dropped. The underlying cryptographic libraries
33//! (ed25519-dalek, k256, p256) also implement secure key handling.
34//!
35//! # Example
36//!
37//! ```rust,ignore
38//! use movement_sdk::crypto::{Ed25519PrivateKey, Signer};
39//!
40//! let private_key = Ed25519PrivateKey::generate();
41//! let message = b"hello world";
42//! let signature = private_key.sign(message);
43//!
44//! let public_key = private_key.public_key();
45//! assert!(public_key.verify(message, &signature).is_ok());
46//! ```
47
48mod hash;
49mod traits;
50
51#[cfg(feature = "bls")]
52mod bls12381;
53#[cfg(feature = "ed25519")]
54mod ed25519;
55#[cfg(feature = "ed25519")]
56mod multi_ed25519;
57mod multi_key;
58#[cfg(feature = "secp256k1")]
59mod secp256k1;
60#[cfg(feature = "secp256r1")]
61mod secp256r1;
62#[cfg(feature = "twisted_ed25519")]
63pub mod twisted_ed25519;
64
65// Re-export hash functions
66pub use hash::{HashFunction, sha2_256, sha3_256, sha3_256_of, signing_message};
67
68// Re-export traits
69pub use traits::{PublicKey, Signature, Signer, Verifier};
70
71// Re-export Ed25519 types
72#[cfg(feature = "ed25519")]
73pub use ed25519::{
74    ED25519_PRIVATE_KEY_LENGTH, ED25519_PUBLIC_KEY_LENGTH, ED25519_SIGNATURE_LENGTH,
75    Ed25519PrivateKey, Ed25519PublicKey, Ed25519Signature,
76};
77
78// Re-export Multi-Ed25519 types
79#[cfg(feature = "ed25519")]
80pub use multi_ed25519::{
81    MAX_NUM_OF_KEYS, MIN_THRESHOLD, MultiEd25519PublicKey, MultiEd25519Signature,
82};
83
84// Re-export Multi-Key types
85pub use multi_key::{
86    AnyPublicKey, AnyPublicKeyVariant, AnySignature, MAX_NUM_OF_KEYS as MULTI_KEY_MAX_NUM_OF_KEYS,
87    MIN_THRESHOLD as MULTI_KEY_MIN_THRESHOLD, MultiKeyPublicKey, MultiKeySignature,
88};
89
90// Re-export Secp256k1 types
91#[cfg(feature = "secp256k1")]
92pub use secp256k1::{
93    SECP256K1_PRIVATE_KEY_LENGTH, SECP256K1_PUBLIC_KEY_LENGTH,
94    SECP256K1_PUBLIC_KEY_UNCOMPRESSED_LENGTH, SECP256K1_SIGNATURE_LENGTH, Secp256k1PrivateKey,
95    Secp256k1PublicKey, Secp256k1Signature,
96};
97
98// Re-export Secp256r1 types
99#[cfg(feature = "secp256r1")]
100pub use secp256r1::{
101    SECP256R1_PRIVATE_KEY_LENGTH, SECP256R1_PUBLIC_KEY_LENGTH, SECP256R1_SIGNATURE_LENGTH,
102    Secp256r1PrivateKey, Secp256r1PublicKey, Secp256r1Signature,
103};
104
105// Re-export BLS12-381 types
106#[cfg(feature = "bls")]
107pub use bls12381::{
108    BLS12381_POP_LENGTH, BLS12381_PRIVATE_KEY_LENGTH, BLS12381_PUBLIC_KEY_LENGTH,
109    BLS12381_SIGNATURE_LENGTH, Bls12381PrivateKey, Bls12381ProofOfPossession, Bls12381PublicKey,
110    Bls12381Signature,
111};
112
113// Re-export Twisted Ed25519 types
114#[cfg(feature = "twisted_ed25519")]
115pub use twisted_ed25519::{
116    DECRYPTION_KEY_DERIVATION_MESSAGE, H_RISTRETTO_COMPRESSED, TWISTED_ED25519_PRIVATE_KEY_LENGTH,
117    TWISTED_ED25519_PUBLIC_KEY_LENGTH, TwistedEd25519PrivateKey, TwistedEd25519PublicKey,
118    h_ristretto,
119};
120
121/// The authentication key scheme byte for Ed25519 single-key accounts.
122pub const ED25519_SCHEME: u8 = 0;
123
124/// The authentication key scheme byte for multi-Ed25519 accounts.
125pub const MULTI_ED25519_SCHEME: u8 = 1;
126
127/// The authentication key scheme byte for single-key accounts (unified).
128pub const SINGLE_KEY_SCHEME: u8 = 2;
129
130/// The authentication key scheme byte for multi-key accounts (unified).
131pub const MULTI_KEY_SCHEME: u8 = 3;
132
133/// The authentication key scheme byte for keyless accounts.
134pub const KEYLESS_SCHEME: u8 = 5;
135
136/// Derives an authentication key from a public key and scheme.
137///
138/// The authentication key is SHA3-256(public_key_bytes || `scheme_byte`).
139pub fn derive_authentication_key(public_key: &[u8], scheme: u8) -> [u8; 32] {
140    use sha3::{Digest, Sha3_256};
141    let mut hasher = Sha3_256::new();
142    hasher.update(public_key);
143    hasher.update([scheme]);
144    let result = hasher.finalize();
145    let mut auth_key = [0u8; 32];
146    auth_key.copy_from_slice(&result);
147    auth_key
148}
149
150/// Derives an account address from a public key and scheme.
151///
152/// For most accounts, the address equals the authentication key.
153pub fn derive_address(public_key: &[u8], scheme: u8) -> crate::types::AccountAddress {
154    let auth_key = derive_authentication_key(public_key, scheme);
155    crate::types::AccountAddress::new(auth_key)
156}