Struct RootSeed

pub struct RootSeed(/* private fields */);
Expand description

The user’s root seed from which we derive all child secrets.

Implementations§

§

impl RootSeed

pub const LENGTH: usize = 32usize

pub fn new(bytes: Secret<[u8; 32]>) -> RootSeed

pub fn from_rng<R>(rng: &mut R) -> RootSeed
where R: Crng,

pub fn to_mnemonic(&self) -> Mnemonic

Creates a [bip39::Mnemonic] from this RootSeed. Use [bip39::Mnemonic]’s Display / FromStr impls to convert from / to user-facing strings.

pub fn derive_bip39_seed(&self) -> Secret<[u8; 64]>

Derives the BIP39-compatible 64-byte seed from this RootSeed.

This uses the standard BIP39 derivation: PBKDF2(password=mnemonic, salt="mnemonic", 2048 rounds, HMAC-SHA512)

The resulting seed is compatible with standard wallets when used to derive a BIP32 master xpriv.

New Lexe wallets created > node-v0.9.1 use this to derive their on-chain wallet BIP32 master xprivs.

Old Lexe on-chain wallets use the Self::derive_legacy_master_xprv instead.

pub fn derive_to_slice(&self, label: &[&[u8]], out: &mut [u8])

Derive a new child secret with label into a prepared buffer out.

pub fn derive(&self, label: &[&[u8]]) -> Secret<[u8; 32]>

Derive a new child secret with label to a hash-output-sized buffer.

pub fn derive_vec(&self, label: &[&[u8]], out_len: usize) -> Secret<Vec<u8>>

Convenience method to derive a new child secret with label into a Vec<u8> of size out_len.

pub fn derive_ephemeral_issuing_ca_key_pair(&self) -> KeyPair

Derive the keypair for the “ephemeral issuing” CA that endorses client and server certs under the “shared seed” mTLS construction.

pub fn derive_revocable_issuing_ca_key_pair(&self) -> KeyPair

Derive the keypair for the “revocable issuing” CA that endorses client and server certs under the “shared seed” mTLS construction.

pub fn derive_user_key_pair(&self) -> KeyPair

Derive the user key pair, which is the key behind the UserPk. This key pair is also used to sign up and authenticate as the user against the lexe backend.

pub fn derive_user_pk(&self) -> UserPk

Convenience function to derive the UserPk.

pub fn derive_bip32_master_xprv(&self, network: LxNetwork) -> Xpriv

Derive the BIP32 master xpriv using the BIP39-compatible derived 64-byte seed.

This is used for new Lexe on-chain wallets created > node-v0.9.1. Wallets created before then use the Self::derive_legacy_master_xprv.

This produces keys compatible with standard wallets that follow the BIP39 spec.

pub fn derive_legacy_master_xprv(&self, network: LxNetwork) -> Xpriv

Derive the “legacy” BIP32 master xpriv by feeding the 32-byte RootSeed directly into BIP32’s HMAC-SHA512.

This is used for LDK seed derivation (via Self::derive_ldk_seed) and for existing on-chain wallets created before BIP39 compatibility.

It’s called “legacy” because standard BIP39 wallets derive the master xpriv from a 64-byte seed (produced by PBKDF2), not the original 32-byte entropy. This makes Lexe’s old on-chain addresses incompatible with external wallets. New on-chain wallets use the BIP39-compatible derivation instead.

pub fn derive_ldk_seed<R>(&self, rng: &mut R) -> Secret<[u8; 32]>
where R: Crng,

Derives the root seed used in LDK. The KeysManager is initialized using this seed, and secp256k1 keys are derived from this seed.

pub fn derive_node_key_pair<R>(&self, rng: &mut R) -> Keypair
where R: Crng,

Derive the Lightning node key pair without needing to derive all the other auxiliary node secrets used in the KeysManager.

pub fn derive_node_pk<R>(&self, rng: &mut R) -> NodePk
where R: Crng,

Convenience function to derive the Lightning node pubkey.

pub fn derive_vfs_master_key(&self) -> AesMasterKey

pub fn password_encrypt( &self, rng: &mut impl Crng, password: &str, ) -> Result<Vec<u8>, Error>

Attempts to encrypt this root seed under the given password.

The password must have at least MIN_PASSWORD_LENGTH characters and must not have any more than MAX_PASSWORD_LENGTH characters.

Returns a Vec<u8> which can be persisted and later decrypted using only the given password.

pub fn password_decrypt( password: &str, combined: Vec<u8>, ) -> Result<RootSeed, Error>

Attempts to construct a RootSeed given a decryption password and the Vec<u8> returned from a previous call to password_encrypt.

pub fn read_from_path(path: &Path) -> Result<Option<RootSeed>, Error>

Reads a RootSeed from a seedphrase file containing a BIP39 mnemonic.

Returns Ok(None) if the file doesn’t exist.

pub fn write_to_path(&self, path: &Path) -> Result<(), Error>

Writes this RootSeed’s BIP39 mnemonic to a seedphrase file.

Creates parent directories if needed. Returns an error if the file already exists. On Unix, the file is created with mode 0600 (owner read/write only).

Trait Implementations§

§

impl Debug for RootSeed

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl<'de> Deserialize<'de> for RootSeed

§

fn deserialize<D>( deserializer: D, ) -> Result<RootSeed, <D as Deserializer<'de>>::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
§

impl ExposeSecret<[u8; 32]> for RootSeed

§

fn expose_secret(&self) -> &[u8; 32]

Expose secret: this is the only method providing access to a secret.
§

impl<'a> From<&'a RootSeed> for CredentialsRef<'a>

§

fn from(root_seed: &'a RootSeed) -> CredentialsRef<'a>

Converts to this type from the input type.
§

impl From<RootSeed> for Credentials

§

fn from(root_seed: RootSeed) -> Credentials

Converts to this type from the input type.
§

impl FromStr for RootSeed

§

type Err = DecodeError

The associated error which can be returned from parsing.
§

fn from_str(hex: &str) -> Result<RootSeed, <RootSeed as FromStr>::Err>

Parses a string s to return a value of this type. Read more
§

impl Serialize for RootSeed

§

fn serialize<S>( &self, serializer: S, ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more
§

impl TryFrom<&[u8]> for RootSeed

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from( bytes: &[u8], ) -> Result<RootSeed, <RootSeed as TryFrom<&[u8]>>::Error>

Performs the conversion.
§

impl TryFrom<Mnemonic> for RootSeed

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from( mnemonic: Mnemonic, ) -> Result<RootSeed, <RootSeed as TryFrom<Mnemonic>>::Error>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<F, T, U> Apply<F, U> for T
where F: FnOnce(T) -> U,

§

fn apply(self, f: F) -> U

§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,