Support extended bip32 keys

This change will enable users to load and use extended bip32 keys to sign transactions.

Author: cffls

integration-test/keys/extended.skey

@@ -0,0 +1,5 @@
+{
+    "type": "PaymentExtendedSigningKeyShelley_ed25519_bip32",
+    "description": "Payment Signing Key",
+    "cborHex": "5880e8428867ab9cc9304379a3ce0c238a592bd6d2349d2ebaf8a6ed2c6d2974a15ad59c74b6d8fa3edd032c6261a73998b7deafe983b6eeaff8b6fb3fab06bdf8019b693a62bce7a3cad1b9c02d22125767201c65db27484bb67d3cee7df7288d62c099ac0ce4a215355b149fd3114a2a7ef0438f01f8872c4487a61b469e26aae4"
+}

integration-test/run_tests.sh

@@ -17,6 +17,7 @@ docker-compose down --volume
 docker-compose up -d
 
 export PAYMENT_KEY="$ROOT"/configs/local-alonzo/shelley/utxo-keys/utxo1.skey
+export EXTENDED_PAYMENT_KEY="$ROOT"/keys/extended.skey
 poetry run pytest -s "$ROOT"/test
 
 # Cleanup

integration-test/test/test_mint_nft.py

@@ -5,7 +5,6 @@
 import tempfile
 import time
 
-import websocket
 from retry import retry
 
 from pycardano import *
@@ -28,12 +27,17 @@ def test_mint(self):
         chain_context = OgmiosChainContext(self.OGMIOS_WS, Network.TESTNET)
 
         payment_key_path = os.environ.get("PAYMENT_KEY")
-        if not payment_key_path:
+        extended_key_path = os.environ.get("EXTENDED_PAYMENT_KEY")
+        if not payment_key_path or not extended_key_path:
             raise Exception(
-                "Cannot find payment key. Please specify environment variable PAYMENT_KEY"
+                "Cannot find payment key. Please specify environment variable PAYMENT_KEY and extended_key_path"
             )
         payment_skey = PaymentSigningKey.load(payment_key_path)
         payment_vkey = PaymentVerificationKey.from_signing_key(payment_skey)
+        extended_payment_skey = PaymentExtendedSigningKey.load(extended_key_path)
+        extended_payment_vkey = PaymentExtendedVerificationKey.from_signing_key(
+            extended_payment_skey
+        )
         address = Address(payment_vkey.hash(), network=self.NETWORK)
 
         # Load payment keys or create them if they don't exist
@@ -67,13 +71,16 @@ def load_or_create_key_pair(base_dir, base_name):
 
         """Create policy"""
         # A policy that requires a signature from the policy key we generated above
-        pub_key_policy = ScriptPubkey(policy_vkey.hash())
+        pub_key_policy_1 = ScriptPubkey(policy_vkey.hash())
+
+        # A policy that requires a signature from the extended payment key
+        pub_key_policy_2 = ScriptPubkey(extended_payment_vkey.hash())
 
         # A time policy that disallows token minting after 10000 seconds from last block
         must_before_slot = InvalidHereAfter(chain_context.last_block_slot + 10000)
 
         # Combine two policies using ScriptAll policy
-        policy = ScriptAll([pub_key_policy, must_before_slot])
+        policy = ScriptAll([pub_key_policy_1, pub_key_policy_2, must_before_slot])
 
         # Calculate policy ID, which is the hash of the policy
         policy_id = policy.hash()
@@ -149,13 +156,17 @@ def load_or_create_key_pair(base_dir, base_name):
         # Sign the transaction body hash using the payment signing key
         payment_signature = payment_skey.sign(tx_body.hash())
 
+        # Sign the transaction body hash using the extended payment signing key
+        extended_payment_signature = extended_payment_skey.sign(tx_body.hash())
+
         # Sign the transaction body hash using the policy signing key because we are minting new tokens
         policy_signature = policy_skey.sign(tx_body.hash())
 
         # Add verification keys and their signatures to the witness set
         vk_witnesses = [
             VerificationKeyWitness(payment_vkey, payment_signature),
             VerificationKeyWitness(policy_vkey, policy_signature),
+            VerificationKeyWitness(extended_payment_vkey, extended_payment_signature),
         ]
 
         # Create final signed transaction

poetry.lock

@@ -0,0 +1,50 @@
+"""
+BIP32 implemented on curve ED25519
+Paper: https://github.com/LedgerHQ/orakolo/blob/master/papers/Ed25519_BIP%20Final.pdf
+This is a modified version of https://github.com/johnoliverdriscoll/py-edhd/blob/master/src/edhd/__init__.py
+
+"""
+
+from __future__ import annotations
+
+import hashlib
+
+from nacl import bindings
+
+
+class BIP32ED25519PrivateKey:
+    def __init__(self, private_key: bytes, chain_code: bytes):
+        self.private_key = private_key
+        self.left = self.private_key[:32]
+        self.right = self.private_key[32:]
+        self.chain_code = chain_code
+        self.public_key = bindings.crypto_scalarmult_ed25519_base_noclamp(self.left)
+
+    def sign(self, message: bytes) -> bytes:
+        r = bindings.crypto_core_ed25519_scalar_reduce(
+            hashlib.sha512(self.right + message).digest(),
+        )
+        R = bindings.crypto_scalarmult_ed25519_base_noclamp(r)
+        hram = bindings.crypto_core_ed25519_scalar_reduce(
+            hashlib.sha512(R + self.public_key + message).digest(),
+        )
+        S = bindings.crypto_core_ed25519_scalar_add(
+            bindings.crypto_core_ed25519_scalar_mul(hram, self.left),
+            r,
+        )
+        return R + S
+
+
+class BIP32ED25519PublicKey:
+    def __init__(self, public_key: bytes, chain_code: bytes):
+        self.public_key = public_key
+        self.chain_code = chain_code
+
+    @classmethod
+    def from_private_key(
+        cls, private_key: BIP32ED25519PrivateKey
+    ) -> BIP32ED25519PublicKey:
+        return cls(private_key.public_key, private_key.chain_code)
+
+    def verify(self, signature, message):
+        return bindings.crypto_sign_open(signature + message, self.public_key)

pycardano/crypto/bip32.py

@@ -5,23 +5,29 @@
 import json
 import os
 
-from nacl.bindings import crypto_sign_PUBLICKEYBYTES, crypto_sign_SEEDBYTES
 from nacl.encoding import RawEncoder
 from nacl.hash import blake2b
 from nacl.public import PrivateKey
 from nacl.signing import SigningKey as NACLSigningKey
 
+from pycardano.crypto.bip32 import BIP32ED25519PrivateKey
 from pycardano.exception import InvalidKeyTypeException
 from pycardano.hash import VERIFICATION_KEY_HASH_SIZE, VerificationKeyHash
 from pycardano.serialization import CBORSerializable
 
 __all__ = [
     "Key",
+    "ExtendedSigningKey",
+    "ExtendedVerificationKey",
     "VerificationKey",
     "SigningKey",
+    "PaymentExtendedSigningKey",
+    "PaymentExtendedVerificationKey",
     "PaymentSigningKey",
     "PaymentVerificationKey",
     "PaymentKeyPair",
+    "StakeExtendedSigningKey",
+    "StakeExtendedVerificationKey",
     "StakeSigningKey",
     "StakeVerificationKey",
     "StakeKeyPair",
@@ -132,16 +138,21 @@ def __repr__(self) -> str:
         return self.to_json()
 
 
-class VerificationKey(Key):
+class SigningKey(Key):
+    def sign(self, data: bytes) -> bytes:
+        signed_message = NACLSigningKey(self.payload).sign(data)
+        return signed_message.signature
+
+    @classmethod
+    def generate(cls) -> SigningKey:
+        signing_key = PrivateKey.generate()
+        return cls(bytes(signing_key))
 
-    SIZE = crypto_sign_PUBLICKEYBYTES
 
+class VerificationKey(Key):
     def hash(self) -> VerificationKeyHash:
         """Compute a blake2b hash from the key
 
-        Args:
-            hash_size: Size of the hash output in bytes.
-
         Returns:
             VerificationKeyHash: Hash output in bytes.
         """
@@ -152,33 +163,65 @@ def hash(self) -> VerificationKeyHash:
     @classmethod
     def from_signing_key(cls, key: SigningKey) -> VerificationKey:
         verification_key = NACLSigningKey(bytes(key)).verify_key
-        return cls(bytes(verification_key))
+        return cls(
+            bytes(verification_key),
+            key.key_type.replace("Signing", "Verification"),
+            key.description.replace("Signing", "Verification"),
+        )
 
 
-class SigningKey(Key):
+class ExtendedSigningKey(Key):
+    def sign(self, data: bytes) -> bytes:
+        private_key = BIP32ED25519PrivateKey(self.payload[:64], self.payload[96:])
+        return private_key.sign(data)
 
-    SIZE = crypto_sign_SEEDBYTES
 
-    def sign(self, data: bytes) -> bytes:
-        signed_message = NACLSigningKey(self.payload).sign(data)
-        return signed_message.signature
+class ExtendedVerificationKey(Key):
+    def hash(self) -> VerificationKeyHash:
+        """Compute a blake2b hash from the key, excluding chain code
+
+        Returns:
+            VerificationKeyHash: Hash output in bytes.
+        """
+        return self.to_non_extended().hash()
 
     @classmethod
-    def generate(cls) -> SigningKey:
-        signing_key = PrivateKey.generate()
-        return cls(bytes(signing_key))
+    def from_signing_key(cls, key: ExtendedSigningKey) -> ExtendedVerificationKey:
+        return cls(
+            key.payload[64:],
+            key.key_type.replace("Signing", "Verification"),
+            key.description.replace("Signing", "Verification"),
+        )
+
+    def to_non_extended(self) -> VerificationKey:
+        """Get the 32-byte verification with chain code trimmed off
+
+        Returns:
+            VerificationKey: 32-byte verification with chain code trimmed off
+        """
+        return VerificationKey(self.payload[:32])
 
 
 class PaymentSigningKey(SigningKey):
     KEY_TYPE = "PaymentSigningKeyShelley_ed25519"
-    DESCRIPTION = "Payment Verification Key"
+    DESCRIPTION = "Payment Signing Key"
 
 
 class PaymentVerificationKey(VerificationKey):
     KEY_TYPE = "PaymentVerificationKeyShelley_ed25519"
     DESCRIPTION = "Payment Verification Key"
 
 
+class PaymentExtendedSigningKey(ExtendedSigningKey):
+    KEY_TYPE = "PaymentExtendedSigningKeyShelley_ed25519_bip32"
+    DESCRIPTION = "Payment Signing Key"
+
+
+class PaymentExtendedVerificationKey(ExtendedVerificationKey):
+    KEY_TYPE = "PaymentExtendedVerificationKeyShelley_ed25519_bip32"
+    DESCRIPTION = "Payment Verification Key"
+
+
 class PaymentKeyPair:
     def __init__(
         self, signing_key: PaymentSigningKey, verification_key: PaymentVerificationKey
@@ -205,14 +248,24 @@ def __eq__(self, other):
 
 class StakeSigningKey(SigningKey):
     KEY_TYPE = "StakeSigningKeyShelley_ed25519"
-    DESCRIPTION = "Stake Verification Key"
+    DESCRIPTION = "Stake Signing Key"
 
 
 class StakeVerificationKey(VerificationKey):
     KEY_TYPE = "StakeVerificationKeyShelley_ed25519"
     DESCRIPTION = "Stake Verification Key"
 
 
+class StakeExtendedSigningKey(ExtendedSigningKey):
+    KEY_TYPE = "StakeExtendedSigningKeyShelley_ed25519_bip32"
+    DESCRIPTION = "Stake Signing Key"
+
+
+class StakeExtendedVerificationKey(ExtendedVerificationKey):
+    KEY_TYPE = "StakeExtendedVerificationKeyShelley_ed25519_bip32"
+    DESCRIPTION = "Stake Verification Key"
+
+
 class StakeKeyPair:
     def __init__(
         self, signing_key: StakeSigningKey, verification_key: StakeVerificationKey

pycardano/key.py

@@ -1,9 +1,9 @@
 """Transaction witness."""
 
 from dataclasses import dataclass, field
-from typing import Any, List
+from typing import Any, List, Union
 
-from pycardano.key import VerificationKey
+from pycardano.key import ExtendedVerificationKey, VerificationKey
 from pycardano.nativescript import NativeScript
 from pycardano.plutus import PlutusData, Redeemer
 from pycardano.serialization import (
@@ -17,9 +17,15 @@
 
 @dataclass(repr=False)
 class VerificationKeyWitness(ArrayCBORSerializable):
-    vkey: VerificationKey
+    vkey: Union[VerificationKey, ExtendedVerificationKey]
     signature: bytes
 
+    def __post_init__(self):
+        # When vkey is in extended format, we need to convert it to non-extended, so it can match the
+        # key hash of the input address we are trying to spend.
+        if isinstance(self.vkey, ExtendedVerificationKey):
+            self.vkey = self.vkey.to_non_extended()
+
 
 @dataclass(repr=False)
 class TransactionWitnessSet(MapCBORSerializable):