MystenLabs · joyqvq · Sep 19, 2022 · Sep 12, 2022 · joyqvq · Sep 8, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/sui-sdk/Cargo.toml b/crates/sui-sdk/Cargo.toml
@@ -18,8 +18,8 @@ signature = "1.6.0"
 tokio = "1.20.1"
 rand = "0.8.5"
 bcs = "0.1.3"
-
-bip39 = { git = "https://github.com/patrickkuo/rust-bip39.git" , rev = "a76fe8310416555e6383b42b8acc4eb93c7bcc89", features = ["rand"]}
+tiny-bip39 = "1.0.0"
+bip32 = "0.4.0"
 
 sui-json-rpc = { path = "../sui-json-rpc" }
 sui-json-rpc-types= { path = "../sui-json-rpc-types" }

diff --git a/crates/sui-sdk/src/crypto.rs b/crates/sui-sdk/src/crypto.rs
@@ -1,10 +1,9 @@
 // Copyright (c) 2022, Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-// TODO: Remove usage of rand::rngs::adapter::ReadRng.
-#![allow(deprecated)]
-
 use anyhow::anyhow;
+use bip32::DerivationPath;
+use bip39::{Language, Mnemonic, MnemonicType, Seed};
 use rand::{rngs::StdRng, SeedableRng};
 use serde::{Deserialize, Serialize};
 use signature::Signer;
@@ -15,15 +14,11 @@ use std::fs;
 use std::fs::File;
 use std::io::BufReader;
 use std::path::{Path, PathBuf};
-use std::str::FromStr;
-
-use bip39::Mnemonic;
-use rand::rngs::adapter::ReadRng;
 
 use sui_types::base_types::SuiAddress;
 use sui_types::crypto::{
-    get_key_pair_from_rng, random_key_pair_by_type_from_rng, EncodeDecodeBase64, PublicKey,
-    Signature, SignatureScheme, SuiKeyPair,
+    derive_key_pair_from_path, get_key_pair_from_rng, EncodeDecodeBase64, PublicKey, Signature,
+    SignatureScheme, SuiKeyPair,
 };
 
 #[derive(Serialize, Deserialize)]
@@ -157,15 +152,17 @@ impl SuiKeystore {
     pub fn generate_new_key(
         &mut self,
         key_scheme: SignatureScheme,
+        derivation_path: Option<DerivationPath>,
     ) -> Result<(SuiAddress, String, SignatureScheme), anyhow::Error> {
-        let mnemonic = Mnemonic::generate(12)?;
-        let seed = mnemonic.to_seed("");
-        let mut rng = RngWrapper(ReadRng::new(&seed));
-        match random_key_pair_by_type_from_rng(key_scheme, &mut rng) {
-            Ok((address, kp)) => {
-                let k = kp.public();
-                self.0.add_key(kp)?;
-                Ok((address, mnemonic.to_string(), k.scheme()))
+        let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
+        match derive_key_pair_from_path(
+            Seed::new(&mnemonic, "").as_bytes(),
+            derivation_path,
+            &key_scheme,
+        ) {
+            Ok((address, keypair)) => {
+                self.add_key(keypair)?;
+                Ok((address, mnemonic.phrase().to_string(), key_scheme))
             }
             Err(e) => Err(anyhow!("error generating key {:?}", e)),
         }
@@ -187,10 +184,12 @@ impl SuiKeystore {
         &mut self,
         phrase: &str,
         key_scheme: SignatureScheme,
+        derivation_path: Option<DerivationPath>,
     ) -> Result<SuiAddress, anyhow::Error> {
-        let seed = &Mnemonic::from_str(phrase).unwrap().to_seed("");
-        let mut rng = RngWrapper(ReadRng::new(seed));
-        match random_key_pair_by_type_from_rng(key_scheme, &mut rng) {
+        let mnemonic = Mnemonic::from_phrase(phrase, Language::English)
+            .map_err(|e| anyhow::anyhow!("Invalid mnemonic phrase: {:?}", e))?;
+        let seed = Seed::new(&mnemonic, "");
+        match derive_key_pair_from_path(seed.as_bytes(), derivation_path, &key_scheme) {
             Ok((address, kp)) => {
                 self.0.add_key(kp)?;
                 Ok(address)
@@ -204,28 +203,6 @@ impl SuiKeystore {
     }
 }
 
-/// wrapper for adding CryptoRng and RngCore impl to ReadRng.
-struct RngWrapper<'a>(ReadRng<&'a [u8]>);
-
-impl rand::CryptoRng for RngWrapper<'_> {}
-impl rand::RngCore for RngWrapper<'_> {
-    fn next_u32(&mut self) -> u32 {
-        self.0.next_u32()
-    }
-
-    fn next_u64(&mut self) -> u64 {
-        self.0.next_u64()
-    }
-
-    fn fill_bytes(&mut self, dest: &mut [u8]) {
-        self.0.fill_bytes(dest)
-    }
-
-    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
-        self.0.try_fill_bytes(dest)
-    }
-}
-
 struct KeystoreSigner<'a> {
     keystore: &'a dyn AccountKeystore,
     address: SuiAddress,

diff --git a/crates/sui-sdk/tests/tests.rs b/crates/sui-sdk/tests/tests.rs
@@ -16,13 +16,14 @@ fn mnemonic_test() {
     let temp_dir = TempDir::new().unwrap();
     let keystore_path = temp_dir.path().join("sui.keystore");
     let mut keystore = KeystoreType::File(keystore_path).init().unwrap();
-
-    let (address, phrase, scheme) = keystore.generate_new_key(SignatureScheme::ED25519).unwrap();
+    let (address, phrase, scheme) = keystore
+        .generate_new_key(SignatureScheme::ED25519, None)
+        .unwrap();
 
     let keystore_path_2 = temp_dir.path().join("sui2.keystore");
     let mut keystore2 = KeystoreType::File(keystore_path_2).init().unwrap();
     let imported_address = keystore2
-        .import_from_mnemonic(&phrase, SignatureScheme::ED25519)
+        .import_from_mnemonic(&phrase, SignatureScheme::ED25519, None)
         .unwrap();
     assert_eq!(scheme.flag(), Ed25519SuiSignature::SCHEME.flag());
     assert_eq!(address, imported_address);
@@ -31,22 +32,22 @@ fn mnemonic_test() {
 /// This test confirms rust's implementation of mnemonic is the same with the Sui Wallet
 #[test]
 fn sui_wallet_address_mnemonic_test() -> Result<(), anyhow::Error> {
-    // Recovery phase and SuiAddress obtained from Sui wallet v0.0.4 (prior key flag changes)
-    let phrase = "oil puzzle immense upon pony govern jelly neck portion laptop laptop wall";
-    let expected_address = SuiAddress::from_str("0x6a06dd564dfb2f0c71f3e167a48f569c705ed34c")?;
+    let phrase = "result crisp session latin must fruit genuine question prevent start coconut brave speak student dismiss";
+    let expected_address = SuiAddress::from_str("0x1a4623343cd42be47d67314fce0ad042f3c82685")?;
 
     let temp_dir = TempDir::new().unwrap();
     let keystore_path = temp_dir.path().join("sui.keystore");
     let mut keystore = KeystoreType::File(keystore_path).init().unwrap();
 
     keystore
-        .import_from_mnemonic(phrase, SignatureScheme::ED25519)
+        .import_from_mnemonic(phrase, SignatureScheme::ED25519, None)
         .unwrap();
 
     let pubkey = keystore.keys()[0].clone();
     assert_eq!(pubkey.flag(), Ed25519SuiSignature::SCHEME.flag());
 
     let mut hasher = Sha3_256::default();
+    hasher.update([pubkey.flag()]);
     hasher.update(pubkey);
     let g_arr = hasher.finalize();
     let mut res = [0u8; SUI_ADDRESS_LENGTH];

diff --git a/crates/sui-types/Cargo.toml b/crates/sui-types/Cargo.toml
@@ -38,6 +38,8 @@ strum_macros = "^0.24"
 roaring = "0.10.1"
 enum_dispatch = "^0.3"
 eyre = "0.6.8"
+bip32 = "0.4.0"
+slip10_ed25519 = "0.1.3"
 
 name-variant = "0.1.0"
 typed-store = "0.1.0"

@@ -6,6 +6,7 @@ use std::str::FromStr;
 
 use anyhow::{anyhow, Error};
 use base64ct::Encoding;
+use bip32::{ChildNumber, DerivationPath, XPrv};
 use digest::Digest;
 use fastcrypto::bls12381::{
     BLS12381AggregateSignature, BLS12381KeyPair, BLS12381PrivateKey, BLS12381PublicKey,
@@ -29,6 +30,7 @@ use serde::{Deserialize, Deserializer, Serialize};
 use serde_with::{serde_as, Bytes};
 use sha3::Sha3_256;
 use signature::Signer;
+use slip10_ed25519::derive_ed25519_private_key;
 
 use crate::base_types::{AuthorityName, SuiAddress};
 use crate::committee::{Committee, EpochId};
@@ -54,6 +56,9 @@ pub type NetworkPublicKey = Ed25519PublicKey;
 pub type NetworkPrivateKey = Ed25519PrivateKey;
 
 pub const PROOF_OF_POSSESSION_DOMAIN: &[u8] = b"kosk";
+pub const DERIVATION_PATH_COIN_TYPE: u32 = 784;
+pub const DERVIATION_PATH_PURPOSE_ED25519: u32 = 44;
+pub const DERVIATION_PATH_PURPOSE_SECP256K1: u32 = 54;
 
 // Creates a proof that the keypair is possesed, as well as binds this proof to a specific SuiAddress.
 pub fn generate_proof_of_possession<K: KeypairTraits>(
@@ -489,6 +494,106 @@ where
     (kp.public().into(), kp)
 }
 
+/// Ed25519 follows SLIP-0010 using hardened path: m/44'/784'/0'/0'/{index}'
+/// Secp256k1 follows BIP-32 using path where the first 3 levels are hardened: m/54'/784'/0'/0/{index}
+/// Note that the purpose for Secp256k1 is registered as 54, to differentiate from Ed25519 with purpose 44.
+pub fn derive_key_pair_from_path(
+    seed: &[u8],
+    derivation_path: Option<DerivationPath>,
+    key_scheme: &SignatureScheme,
+) -> Result<(SuiAddress, SuiKeyPair), SuiError> {
+    let path = validate_path(key_scheme, derivation_path)?;
+    match key_scheme {
+        SignatureScheme::ED25519 => {
+            let indexes = path.into_iter().map(|i| i.into()).collect::<Vec<_>>();
+            let derived = derive_ed25519_private_key(seed, &indexes);
+            let sk = Ed25519PrivateKey::from_bytes(&derived)
+                .map_err(|e| SuiError::SignatureKeyGenError(e.to_string()))?;
+            let kp = Ed25519KeyPair::from(sk);
+            Ok((kp.public().into(), SuiKeyPair::Ed25519SuiKeyPair(kp)))
+        }
+        SignatureScheme::Secp256k1 => {
+            let child_xprv = XPrv::derive_from_path(&seed, &path)
+                .map_err(|e| SuiError::SignatureKeyGenError(e.to_string()))?;
+            let kp = Secp256k1KeyPair::from(
+                Secp256k1PrivateKey::from_bytes(child_xprv.private_key().to_bytes().as_slice())
+                    .unwrap(),
+            );
+            Ok((kp.public().into(), SuiKeyPair::Secp256k1SuiKeyPair(kp)))
+        }
+        SignatureScheme::BLS12381 => Err(SuiError::UnsupportedFeatureError {
+            error: "BLS is not supported for user key derivation".to_string(),
+        }),
+    }
+}
+
+pub fn validate_path(
+    key_scheme: &SignatureScheme,
+    path: Option<DerivationPath>,
+) -> Result<DerivationPath, SuiError> {
+    match key_scheme {
+        SignatureScheme::ED25519 => {
+            match path {
+                Some(p) => {
+                    // The derivation path must be hardened at all levels with purpose = 44, coin_type = 784
+                    if let &[purpose, coin_type, account, change, address] = p.as_ref() {
+                        if purpose
+                            == ChildNumber::new(DERVIATION_PATH_PURPOSE_ED25519, true).unwrap()
+                            && coin_type
+                                == ChildNumber::new(DERIVATION_PATH_COIN_TYPE, true).unwrap()
+                            && account.is_hardened()
+                            && change.is_hardened()
+                            && address.is_hardened()
+                        {
+                            Ok(p)
+                        } else {
+                            Err(SuiError::SignatureKeyGenError("Invalid path".to_string()))
+                        }
+                    } else {
+                        Err(SuiError::SignatureKeyGenError("Invalid path".to_string()))
+                    }
+                }
+                None => Ok(format!(
+                    "m/{DERVIATION_PATH_PURPOSE_ED25519}'/{DERIVATION_PATH_COIN_TYPE}'/0'/0'/0'"
+                )
+                .parse()
+                .unwrap()),
+            }
+        }
+        SignatureScheme::Secp256k1 => {
+            match path {
+                Some(p) => {
+                    // The derivation path must be hardened at first 3 levels with purpose = 54, coin_type = 784
+                    if let &[purpose, coin_type, account, change, address] = p.as_ref() {
+                        if purpose
+                            == ChildNumber::new(DERVIATION_PATH_PURPOSE_SECP256K1, true).unwrap()
+                            && coin_type
+                                == ChildNumber::new(DERIVATION_PATH_COIN_TYPE, true).unwrap()
+                            && account.is_hardened()
+                            && !change.is_hardened()
+                            && !address.is_hardened()
+                        {
+                            Ok(p)
+                        } else {
+                            Err(SuiError::SignatureKeyGenError("Invalid path".to_string()))
+                        }
+                    } else {
+                        Err(SuiError::SignatureKeyGenError("Invalid path".to_string()))
+                    }
+                }
+                None => Ok(format!(
+                    "m/{DERVIATION_PATH_PURPOSE_SECP256K1}'/{DERIVATION_PATH_COIN_TYPE}'/0'/0/0"
+                )
+                .parse()
+                .unwrap()),
+            }
+        }
+        SignatureScheme::BLS12381 => Err(SuiError::UnsupportedFeatureError {
+            error: "BLS is not supported for user key derivation".to_string(),
+        }),
+    }
+}
+
 /// Wrapper function to return SuiKeypair based on key scheme string with seedable rng.
 pub fn random_key_pair_by_type_from_rng<R>(
     key_scheme: SignatureScheme,

diff --git a/crates/sui/Cargo.toml b/crates/sui/Cargo.toml
@@ -20,6 +20,7 @@ tracing = "0.1.36"
 bcs = "0.1.3"
 clap = { version = "3.2.17", features = ["derive"] }
 telemetry-subscribers = "0.1.0"
+bip32 = "0.4.0"
 
 sui-core = { path = "../sui-core" }
 sui-framework = { path = "../sui-framework" }

diff --git a/crates/sui/src/client_commands.rs b/crates/sui/src/client_commands.rs
@@ -10,6 +10,7 @@ use std::{
 };
 
 use anyhow::anyhow;
+use bip32::DerivationPath;
 use clap::*;
 use colored::Colorize;
 use move_core_types::language_storage::TypeTag;
@@ -190,9 +191,13 @@ pub enum SuiClientCommands {
     #[clap(name = "addresses")]
     Addresses,
 
-    /// Generate new address and keypair with keypair scheme flag {ed25519 | secp256k1}.
+    /// Generate new address and keypair with keypair scheme flag {ed25519 | secp256k1}
+    /// with optional derivation path, default to m/44'/784'/0'/0'/0' for ed25519 or m/54'/784'/0'/0/0 for secp256k1.
     #[clap(name = "new-address")]
-    NewAddress { key_scheme: SignatureScheme },
+    NewAddress {
+        key_scheme: SignatureScheme,
+        derivation_path: Option<DerivationPath>,
+    },
 
     /// Obtain all objects owned by the address.
     #[clap(name = "objects")]
@@ -409,8 +414,13 @@ impl SuiClientCommands {
 
                 SuiClientCommandResult::SyncClientState
             }
-            SuiClientCommands::NewAddress { key_scheme } => {
-                let (address, phrase, scheme) = context.keystore.generate_new_key(key_scheme)?;
+            SuiClientCommands::NewAddress {
+                key_scheme,
+                derivation_path,
+            } => {
+                let (address, phrase, scheme) = context
+                    .keystore
+                    .generate_new_key(key_scheme, derivation_path)?;
                 SuiClientCommandResult::NewAddress((address, phrase, scheme))
             }
             SuiClientCommands::Gas { address } => {