Correct the robonode key generation and usage

crates/devutil-auth-ticket/src/lib.rs

@@ -2,12 +2,12 @@
 
 pub use hex::{decode, encode};
 pub use primitives_auth_ticket::{AuthTicket, OpaqueAuthTicket};
-use robonode_crypto::{ed25519_dalek::Signer, Keypair};
+use robonode_crypto::ed25519_dalek::Signer;
 
 /// The input required to generate an auth ticket.
 pub struct Input {
-    /// The robonode keypair to use for authticket reponse signing.
-    pub robonode_keypair: Vec<u8>,
+    /// The robonode secret key to use for authticket reponse signing.
+    pub robonode_secret_key: Vec<u8>,
     /// The auth ticket to sign.
     pub auth_ticket: AuthTicket,
 }
@@ -26,21 +26,21 @@ pub struct Output {
 pub fn make(input: Input) -> Result<Output, anyhow::Error> {
     let Input {
         auth_ticket,
-        robonode_keypair,
+        robonode_secret_key,
     } = input;
 
-    let mut robonode_keypair_buf = [0u8; 64];
-    robonode_keypair_buf.copy_from_slice(&robonode_keypair);
+    let mut robonode_secret_key_buf = robonode_crypto::SecretKey::default();
+    robonode_secret_key_buf.copy_from_slice(&robonode_secret_key);
 
-    let robonode_keypair = Keypair::from_keypair_bytes(&robonode_keypair_buf)?;
+    let robonode_singing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_buf);
 
     let opaque_auth_ticket = OpaqueAuthTicket::from(&auth_ticket);
 
-    let robonode_signature = robonode_keypair
+    let robonode_signature = robonode_singing_key
         .sign(opaque_auth_ticket.as_ref())
         .to_bytes();
 
-    assert!(robonode_keypair
+    assert!(robonode_singing_key
         .verify(
             opaque_auth_ticket.as_ref(),
             &robonode_crypto::Signature::try_from(&robonode_signature[..]).unwrap()
@@ -50,6 +50,6 @@ pub fn make(input: Input) -> Result<Output, anyhow::Error> {
     Ok(Output {
         auth_ticket: opaque_auth_ticket.into(),
         robonode_signature: robonode_signature.into(),
-        robonode_public_key: robonode_keypair.as_ref().as_bytes()[..].into(),
+        robonode_public_key: robonode_singing_key.verifying_key().as_bytes().to_vec(),
     })
 }

crates/devutil-auth-ticket/src/main.rs

@@ -9,7 +9,7 @@ fn read_hex_env(key: &'static str) -> Vec<u8> {
 }
 
 fn main() {
-    let robonode_keypair = read_hex_env("ROBONODE_KEYPAIR");
+    let robonode_secret_key = read_hex_env("ROBONODE_SECRET_KEY");
     let public_key = read_hex_env("AUTH_TICKET_PUBLIC_KEY");
     let authentication_nonce = read_hex_env("AUTH_TICKET_AUTHENTICATION_NONCE");
 
@@ -19,7 +19,7 @@ fn main() {
     };
 
     let output = make(Input {
-        robonode_keypair,
+        robonode_secret_key,
         auth_ticket,
     })
     .unwrap();

crates/humanode-runtime/src/robonode.rs

@@ -57,10 +57,6 @@ impl pallet_bioauth::Verifier<Vec<u8>> for PublicKey {
 mod benchmarks {
     use super::*;
 
-    fn derive_keypair_from_secret_key(secret_key_bytes: [u8; 32]) -> robonode_crypto::Keypair {
-        robonode_crypto::Keypair::from_bytes(&secret_key_bytes)
-    }
-
     impl pallet_bioauth::benchmarking::AuthTicketSigner for Runtime {
         fn sign(
             auth_ticket: &primitives_auth_ticket::OpaqueAuthTicket,
@@ -69,11 +65,12 @@ mod benchmarks {
             // This secret key is taken from the first entry in https://ed25519.cr.yp.to/python/sign.input.
             // Must be compatible with public key provided in benchmark_config() function in
             // crates/humanode-peer/src/chain_spec.rs
-            const ROBONODE_SECRET_KEY: [u8; 32] = hex_literal::hex!(
+            const ROBONODE_SECRET_KEY: robonode_crypto::SecretKey = hex_literal::hex!(
                 "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"
             );
-            let robonode_keypair = derive_keypair_from_secret_key(ROBONODE_SECRET_KEY);
-            robonode_keypair
+            let robonode_signing_key =
+                robonode_crypto::SigningKey::from_bytes(&ROBONODE_SECRET_KEY);
+            robonode_signing_key
                 .try_sign(auth_ticket.as_ref())
                 .unwrap_or(Signature::from_bytes(&[0; 64]))
                 .to_bytes()

crates/robonode-crypto/src/lib.rs

@@ -4,8 +4,8 @@
 
 pub use ed25519_dalek::{self, Signer, Verifier};
 
-/// Robonode keypair.
-pub type Keypair = ed25519_dalek::SigningKey;
+/// Robonode signing key.
+pub type SigningKey = ed25519_dalek::SigningKey;
 
 /// Robonode signature.
 pub type Signature = ed25519_dalek::Signature;
@@ -18,6 +18,7 @@ pub type SecretKey = ed25519_dalek::SecretKey;
 
 #[cfg(test)]
 mod tests {
+    use ed25519_dalek::SigningKey;
     use hex_literal::hex;
     use rand::rngs::OsRng;
 
@@ -26,28 +27,28 @@ mod tests {
     // Test vectors.
     // See: https://ed25519.cr.yp.to/python/sign.py
     //      https://ed25519.cr.yp.to/python/sign.input
-    const SK: [u8; 64] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
+    const SK: [u8; 32] = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60");
     const PK: [u8; 32] = hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
     const M: [u8; 0] = hex!("");
     const SM: [u8; 64] = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
 
     #[test]
     fn test_vectors() {
-        let pair = Keypair::from_keypair_bytes(&SK).unwrap();
+        let secret = SigningKey::from_bytes(&SK);
         let public = PublicKey::from_bytes(&PK).unwrap();
-        assert_eq!(pair.verifying_key(), public);
+        assert_eq!(secret.verifying_key(), public);
 
         let signature: Signature = SM.try_into().unwrap();
 
-        println!("{:#02X?}", pair.sign(&M[..]).to_bytes());
-        assert!(pair.sign(&M[..]) == signature);
+        println!("{:#02X?}", secret.sign(&M[..]).to_bytes());
+        assert!(secret.sign(&M[..]) == signature);
         assert!(public.verify(&M[..], &signature).is_ok());
     }
 
     #[test]
     fn generated_pair() {
         let mut csprng = OsRng {};
-        let pair = Keypair::generate(&mut csprng);
+        let pair = SigningKey::generate(&mut csprng);
 
         let message = b"Something important";
         let signature = pair.sign(&message[..]);

crates/robonode-keygen/Cargo.toml

@@ -7,5 +7,5 @@ publish = false
 [dependencies]
 robonode-crypto = { path = "../robonode-crypto" }
 
-hex = { workspace = true }
-rand = { workspace = true }
+hex = { workspace = true, features = ["alloc"] }
+rand = { workspace = true, features = ["std", "getrandom"] }

crates/robonode-keygen/src/main.rs

@@ -1,10 +1,10 @@
-//! A tiny utility for generating a robonode keypair.
-//! Prints the keypair in HEX.
+//! A tiny utility for generating a robonode key.
+//! Prints the secret key in HEX.
 
 use rand::rngs::OsRng;
 
 fn main() {
     let mut csprng = OsRng {};
-    let keypair = robonode_crypto::Keypair::generate(&mut csprng);
-    println!("{}", hex::encode(keypair.to_bytes()));
+    let signing_key = robonode_crypto::SigningKey::generate(&mut csprng);
+    println!("{}", hex::encode(signing_key.to_bytes()));
 }

crates/robonode-server/src/lib.rs

@@ -21,14 +21,14 @@ pub fn init(
     execution_id: uuid::Uuid,
     facetec_api_client: facetec_api_client::Client<LoggingInspector>,
     facetec_device_sdk_params: FacetecDeviceSdkParams,
-    robonode_keypair: robonode_crypto::Keypair,
+    robonode_signing_key: robonode_crypto::SigningKey,
 ) -> impl Filter<Extract = (impl warp::Reply,), Error = std::convert::Infallible> + Clone {
     let logic = logic::Logic {
         locked: Mutex::new(logic::Locked {
             sequence: sequence::Sequence::new(0),
             execution_id,
             facetec: facetec_api_client,
-            signer: robonode_keypair,
+            signer: robonode_signing_key,
             public_key_type: PhantomData::<validator_key::SubstratePublic<sp_core::sr25519::Public>>,
         }),
         facetec_device_sdk_params,
@@ -40,7 +40,7 @@ pub fn init(
 }
 
 #[async_trait::async_trait]
-impl logic::Signer<Vec<u8>> for robonode_crypto::Keypair {
+impl logic::Signer<Vec<u8>> for robonode_crypto::SigningKey {
     type Error = Infallible;
 
     async fn sign<'a, D>(&self, data: D) -> Result<Vec<u8>, Self::Error>
@@ -54,7 +54,7 @@ impl logic::Signer<Vec<u8>> for robonode_crypto::Keypair {
 }
 
 #[async_trait::async_trait]
-impl logic::PublicKeyProvider for robonode_crypto::Keypair {
+impl logic::PublicKeyProvider for robonode_crypto::SigningKey {
     fn public_key(&self) -> &[u8] {
         self.as_ref().as_ref()
     }

crates/robonode-server/src/main.rs

@@ -15,10 +15,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
     let facetec_device_key_identifier: String = env("FACETEC_DEVICE_KEY_IDENTIFIER")?;
     let facetec_public_face_map_encryption_key = env("FACETEC_PUBLIC_FACE_MAP_ENCRYPTION_KEY")?;
     let facetec_production_key: Option<String> = maybe_env("FACETEC_PRODUCTION_KEY")?;
-    let robonode_keypair_string: String = env("ROBONODE_KEYPAIR")?;
-    let mut robonode_keypair_bytes: [u8; 64] = [0; 64];
-    hex::decode_to_slice(robonode_keypair_string, &mut robonode_keypair_bytes)?;
-    let robonode_keypair = robonode_crypto::Keypair::from_keypair_bytes(&robonode_keypair_bytes)?;
+    let robonode_secret_key_string: String = env("ROBONODE_SECRET_KEY")?;
+
+    let mut robonode_secret_key_bytes = robonode_crypto::SecretKey::default();
+    hex::decode_to_slice(robonode_secret_key_string, &mut robonode_secret_key_bytes)?;
+    let robonode_signing_key = robonode_crypto::SigningKey::from_bytes(&robonode_secret_key_bytes);
 
     let facetec_api_client = facetec_api_client::Client {
         base_url: facetec_server_url,
@@ -39,7 +40,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
         execution_id,
         facetec_api_client,
         face_tec_device_sdk_params,
-        robonode_keypair,
+        robonode_signing_key,
     );
     let (addr, server) =
         warp::serve(root_filter).bind_with_graceful_shutdown(addr, shutdown_signal());