Support Ed25519 keys and signatures:

Recognize a new JSON parameter `key_type` in handlers for wallet_propose and sign/submit. In addition to letting the caller to specify either of secp256k1 or ed25519, its presence prohibits the (now-deprecated) use of heuristically polymorphic parameters for secret data -- the `passphrase` parameter to wallet_propose will be not be considered as an encoded seed value (for which `seed` and `seed_hex` should be used), and the `secret` parameter to sign and submit will be obsoleted entirely by the same trio above. * Use constants instead of literals for JSON parameter names. * Move KeyType to its own unit and add string conversions. * RippleAddress * Pass the entire message, rather than a hash, to accountPrivateSign() and accountPublicVerify(). * Recognize a 33-byte value beginning with 0xED as an Ed25519 key when signing and verifying (for accounts only). * Add keyFromSeed() to generate an Ed25519 secret key from a seed. * Add getSeedFromRPC() to extract the seed from JSON parameters for an RPC call. * Add generateKeysFromSeed() to produce a key pair of either type from a seed. * Extend Ledger tests to cover both key types.
2025-12-06 17:27:52 +00:00 · 2015-02-26 16:20:16 -08:00
parent 1b46e003c3
commit d082a0696d
18 changed files with 527 additions and 94 deletions
--- a/src/ripple/protocol/tests/RippleAddress.test.cpp
+++ b/src/ripple/protocol/tests/RippleAddress.test.cpp
@@ -18,15 +18,15 @@
 //==============================================================================

 #include <BeastConfig.h>
+#include <ripple/basics/TestSuite.h>
 #include <ripple/protocol/RippleAddress.h>
 #include <ripple/protocol/RipplePublicKey.h>
 #include <ripple/protocol/Serializer.h>
 #include <ripple/basics/StringUtilities.h>
-#include <beast/unit_test/suite.h>

 namespace ripple {

-class RippleAddress_test : public beast::unit_test::suite
+class RippleAddress_test : public ripple::TestSuite
 {
 public:
    void run()
@@ -57,6 +57,16 @@ public:

        expect (generator.humanGenerator () == "fhuJKrhSDzV2SkjLn9qbwm5AaRmrxDPfFsHDCP6yfDZWcxDFz4mt", generator.humanGenerator ());

+        // Create ed25519 account public/private key pair.
+        KeyPair keys = generateKeysFromSeed (KeyType::ed25519, naSeed);
+        expectEquals (keys.publicKey.humanAccountPublic(), "aKGheSBjmCsKJVuLNKRAKpZXT6wpk2FCuEZAXJupXgdAxX5THCqR");
+
+        // Check ed25519 account signing.
+        vucTextSig = keys.secretKey.accountPrivateSign (vucTextSrc);
+
+        expect (!vucTextSig.empty(), "ed25519 signing failed.");
+        expect (keys.publicKey.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA()), "ed25519 verify failed.");
+
        // Create account #0 public/private key pair.
        RippleAddress   naAccountPublic0    = RippleAddress::createAccountPublic (generator, 0);
        RippleAddress   naAccountPrivate0   = RippleAddress::createAccountPrivate (generator, naSeed, 0);
@@ -72,15 +82,19 @@ public:
        expect (naAccountPublic1.humanAccountPublic () == "aBPXpTfuLy1Bhk3HnGTTAqnovpKWQ23NpFMNkAF6F1Atg5vDyPrw", naAccountPublic1.humanAccountPublic ());

        // Check account signing.
-        expect (naAccountPrivate0.accountPrivateSign (uHash, vucTextSig), "Signing failed.");
-        expect (naAccountPublic0.accountPublicVerify (uHash, vucTextSig, ECDSA::strict), "Verify failed.");
-        expect (!naAccountPublic1.accountPublicVerify (uHash, vucTextSig, ECDSA::not_strict), "Anti-verify failed.");
-        expect (!naAccountPublic1.accountPublicVerify (uHash, vucTextSig, ECDSA::strict), "Anti-verify failed.");
+        vucTextSig = naAccountPrivate0.accountPrivateSign (vucTextSrc);

-        expect (naAccountPrivate1.accountPrivateSign (uHash, vucTextSig), "Signing failed.");
-        expect (naAccountPublic1.accountPublicVerify (uHash, vucTextSig, ECDSA::strict), "Verify failed.");
-        expect (!naAccountPublic0.accountPublicVerify (uHash, vucTextSig, ECDSA::not_strict), "Anti-verify failed.");
-        expect (!naAccountPublic0.accountPublicVerify (uHash, vucTextSig, ECDSA::strict), "Anti-verify failed.");
+        expect (!vucTextSig.empty(), "Signing failed.");
+        expect (naAccountPublic0.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::strict), "Verify failed.");
+        expect (!naAccountPublic1.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::not_strict), "Anti-verify failed.");
+        expect (!naAccountPublic1.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::strict), "Anti-verify failed.");
+
+        vucTextSig = naAccountPrivate1.accountPrivateSign (vucTextSrc);
+
+        expect (!vucTextSig.empty(), "Signing failed.");
+        expect (naAccountPublic1.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::strict), "Verify failed.");
+        expect (!naAccountPublic0.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::not_strict), "Anti-verify failed.");
+        expect (!naAccountPublic0.accountPublicVerify (vucTextSrc, vucTextSig, ECDSA::strict), "Anti-verify failed.");

        // Check account encryption.
        Blob vucTextCipher