@pezkuwi/util-crypto 14.0.1

package/src/ed25519/sign.spec.ts

@@ -0,0 +1,40 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { stringToU8a } from '@pezkuwi/util';
+import { waitReady } from '@pezkuwi/wasm-crypto';
+
+import { perfWasm } from '../test/index.js';
+import { ed25519PairFromSeed, ed25519Sign } from './index.js';
+
+const PAIR = ed25519PairFromSeed(
+  stringToU8a('12345678901234567890123456789012')
+);
+
+describe('ed25519Sign', (): void => {
+  beforeEach(async (): Promise<void> => {
+    await waitReady();
+  });
+
+  for (const onlyJs of [false, true]) {
+    describe(`onlyJs=${(onlyJs && 'true') || 'false'}`, (): void => {
+      it('returns a valid signature for the message', (): void => {
+        expect(
+          ed25519Sign(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+            PAIR,
+            onlyJs
+          )
+        ).toEqual(
+          new Uint8Array([28, 58, 206, 239, 249, 70, 59, 191, 166, 40, 219, 218, 235, 170, 25, 79, 10, 94, 9, 197, 34, 126, 1, 150, 246, 68, 28, 238, 36, 26, 172, 163, 168, 90, 202, 211, 126, 246, 57, 212, 43, 24, 88, 197, 240, 113, 118, 76, 37, 81, 91, 110, 236, 50, 144, 134, 100, 223, 220, 238, 34, 185, 211, 7])
+        );
+      });
+    });
+  }
+
+  perfWasm('ed25519Sign', 250, (input, onlyJs) =>
+    ed25519Sign(input, PAIR, onlyJs)
+  );
+});

package/src/ed25519/sign.ts

@@ -0,0 +1,38 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { Keypair } from '../types.js';
+
+import { ed25519 } from '@noble/curves/ed25519';
+
+import { hasBigInt, u8aToU8a } from '@pezkuwi/util';
+import { ed25519Sign as wasmSign, isReady } from '@pezkuwi/wasm-crypto';
+
+/**
+ * @name ed25519Sign
+ * @summary Signs a message using the supplied secretKey
+ * @description
+ * Returns message signature of `message`, using the `secretKey`.
+ * @example
+ * <BR>
+ *
+ * ```javascript
+ * import { ed25519Sign } from '@pezkuwi/util-crypto';
+ *
+ * ed25519Sign([...], [...]); // => [...]
+ * ```
+ */
+export function ed25519Sign (message: string | Uint8Array, { publicKey, secretKey }: Partial<Keypair>, onlyJs?: boolean): Uint8Array {
+  if (!secretKey) {
+    throw new Error('Expected a valid secretKey');
+  } else if (!publicKey) {
+    throw new Error('Expected a valid publicKey');
+  }
+
+  const messageU8a = u8aToU8a(message);
+  const privateU8a = secretKey.subarray(0, 32);
+
+  return !hasBigInt || (!onlyJs && isReady())
+    ? wasmSign(publicKey, privateU8a, messageU8a)
+    : ed25519.sign(messageU8a, privateU8a);
+}

package/src/ed25519/verify.spec.ts

@@ -0,0 +1,84 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { stringToU8a } from '@pezkuwi/util';
+import { waitReady } from '@pezkuwi/wasm-crypto';
+
+import { ed25519PairFromSeed, ed25519Verify } from './index.js';
+
+describe('ed25519Verify', (): void => {
+  let publicKey: Uint8Array;
+  let signature: Uint8Array;
+
+  beforeEach(async (): Promise<void> => {
+    await waitReady();
+
+    publicKey = ed25519PairFromSeed(
+      stringToU8a('12345678901234567890123456789012')
+    ).publicKey;
+    signature = new Uint8Array([28, 58, 206, 239, 249, 70, 59, 191, 166, 40, 219, 218, 235, 170, 25, 79, 10, 94, 9, 197, 34, 126, 1, 150, 246, 68, 28, 238, 36, 26, 172, 163, 168, 90, 202, 211, 126, 246, 57, 212, 43, 24, 88, 197, 240, 113, 118, 76, 37, 81, 91, 110, 236, 50, 144, 134, 100, 223, 220, 238, 34, 185, 211, 7]);
+  });
+
+  for (const onlyJs of [false, true]) {
+    describe(`onlyJs=${(onlyJs && 'true') || 'false'}`, (): void => {
+      it('validates a correctly signed message', (): void => {
+        expect(
+          ed25519Verify(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+            signature,
+            publicKey,
+            onlyJs
+          )
+        ).toEqual(true);
+      });
+
+      it('fails a correctly signed message (message changed)', (): void => {
+        expect(
+          ed25519Verify(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64, 0x65]),
+            signature,
+            publicKey,
+            onlyJs
+          )
+        ).toEqual(false);
+      });
+
+      it('fails a correctly signed message (signature changed)', (): void => {
+        signature[0] = 0xff;
+
+        expect(
+          ed25519Verify(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+            signature,
+            publicKey,
+            onlyJs
+          )
+        ).toEqual(false);
+      });
+
+      it('throws error when publicKey lengths do not match', (): void => {
+        expect(
+          () => ed25519Verify(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+            signature,
+            new Uint8Array([1, 2]),
+            onlyJs
+          )
+        ).toThrow(/Invalid publicKey/);
+      });
+
+      it('throws error when signature lengths do not match', (): void => {
+        expect(
+          () => ed25519Verify(
+            new Uint8Array([0x61, 0x62, 0x63, 0x64]),
+            new Uint8Array([1, 2]),
+            publicKey,
+            onlyJs
+          )
+        ).toThrow(/Invalid signature/);
+      });
+    });
+  }
+});

package/src/ed25519/verify.ts

@@ -0,0 +1,41 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import { ed25519 } from '@noble/curves/ed25519';
+
+import { hasBigInt, u8aToU8a } from '@pezkuwi/util';
+import { ed25519Verify as wasmVerify, isReady } from '@pezkuwi/wasm-crypto';
+
+/**
+ * @name ed25519Sign
+ * @summary Verifies the signature on the supplied message.
+ * @description
+ * Verifies the `signature` on `message` with the supplied `publicKey`. Returns `true` on sucess, `false` otherwise.
+ * @example
+ * <BR>
+ *
+ * ```javascript
+ * import { ed25519Verify } from '@pezkuwi/util-crypto';
+ *
+ * ed25519Verify([...], [...], [...]); // => true/false
+ * ```
+ */
+export function ed25519Verify (message: string | Uint8Array, signature: string | Uint8Array, publicKey: string | Uint8Array, onlyJs?: boolean): boolean {
+  const messageU8a = u8aToU8a(message);
+  const publicKeyU8a = u8aToU8a(publicKey);
+  const signatureU8a = u8aToU8a(signature);
+
+  if (publicKeyU8a.length !== 32) {
+    throw new Error(`Invalid publicKey, received ${publicKeyU8a.length}, expected 32`);
+  } else if (signatureU8a.length !== 64) {
+    throw new Error(`Invalid signature, received ${signatureU8a.length} bytes, expected 64`);
+  }
+
+  try {
+    return !hasBigInt || (!onlyJs && isReady())
+      ? wasmVerify(signatureU8a, messageU8a, publicKeyU8a)
+      : ed25519.verify(signatureU8a, messageU8a, publicKeyU8a);
+  } catch {
+    return false;
+  }
+}

package/src/ethereum/encode.spec.ts

@@ -0,0 +1,59 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { keccakAsU8a } from '../keccak/index.js';
+import { ethereumEncode } from './index.js';
+
+describe('formatAddress', () => {
+  describe('address to address encoding', (): void => {
+    const ADDRESS = '0x00a329c0648769A73afAc7F9381E08FB43dBEA72';
+
+    it('returns 0x for no address', () => {
+      expect(ethereumEncode()).toBe('0x');
+    });
+
+    it('returns fails on invalid address', () => {
+      expect(
+        () => ethereumEncode('0xnotaddress')
+      ).toThrow(/Invalid address or publicKey provided/);
+    });
+
+    it('converts lowercase to the checksummed address', () => {
+      expect(ethereumEncode(ADDRESS.toLowerCase())).toBe(ADDRESS);
+    });
+
+    it('converts uppercase to the checksummed address', () => {
+      expect(ethereumEncode(ADDRESS.toUpperCase().replace('0X', '0x'))).toBe(ADDRESS);
+    });
+
+    it('returns formatted address on checksum input', () => {
+      expect(ethereumEncode(ADDRESS)).toBe(ADDRESS);
+    });
+  });
+
+  describe('from publicKey', (): void => {
+    const ADDRESS = '0x4119b2e6c3Cb618F4f0B93ac77f9BeeC7FF02887';
+
+    it('encodes a compressed publicKey', (): void => {
+      expect(
+        ethereumEncode('0x03b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb13077')
+      ).toEqual(ADDRESS);
+    });
+
+    it('encodes an expanded publicKey', (): void => {
+      expect(
+        ethereumEncode('0x04b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb1307763fe926c273235fd979a134076d00fd1683cbd35868cb485d4a3a640e52184af')
+      ).toEqual(ADDRESS);
+    });
+
+    it('encodes a pre-hashed key', (): void => {
+      expect(
+        ethereumEncode(
+          keccakAsU8a('0xb9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb1307763fe926c273235fd979a134076d00fd1683cbd35868cb485d4a3a640e52184af')
+        )
+      ).toEqual(ADDRESS);
+    });
+  });
+});

package/src/ethereum/encode.ts

@@ -0,0 +1,39 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { HexString } from '@pezkuwi/util/types';
+
+import { u8aToHex, u8aToU8a } from '@pezkuwi/util';
+
+import { keccakAsU8a } from '../keccak/index.js';
+import { secp256k1Expand } from '../secp256k1/index.js';
+
+function getH160 (u8a: Uint8Array): Uint8Array {
+  if ([33, 65].includes(u8a.length)) {
+    u8a = keccakAsU8a(secp256k1Expand(u8a));
+  }
+
+  return u8a.slice(-20);
+}
+
+export function ethereumEncode (addressOrPublic?: string | Uint8Array): HexString {
+  if (!addressOrPublic) {
+    return '0x';
+  }
+
+  const u8aAddress = u8aToU8a(addressOrPublic);
+
+  if (![20, 32, 33, 65].includes(u8aAddress.length)) {
+    throw new Error(`Invalid address or publicKey provided, received ${u8aAddress.length} bytes input`);
+  }
+
+  const address = u8aToHex(getH160(u8aAddress), -1, false);
+  const hash = u8aToHex(keccakAsU8a(address), -1, false);
+  let result = '';
+
+  for (let i = 0; i < 40; i++) {
+    result = `${result}${parseInt(hash[i], 16) > 7 ? address[i].toUpperCase() : address[i]}`;
+  }
+
+  return `0x${result}`;
+}

package/src/ethereum/index.ts

@@ -0,0 +1,6 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+export { ethereumEncode } from './encode.js';
+export { isEthereumAddress } from './isAddress.js';
+export { isEthereumChecksum } from './isChecksum.js';

package/src/ethereum/isAddress.spec.ts

@@ -0,0 +1,34 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { isEthereumAddress } from './index.js';
+
+const ADDRESS = '0x00a329c0648769A73afAc7F9381E08FB43dBEA72';
+
+describe('isEthereumAddress', () => {
+  it('returns true when fully lowercase', () => {
+    expect(isEthereumAddress(ADDRESS.toLowerCase())).toBe(true);
+  });
+
+  it('returns true when fully uppercase', () => {
+    expect(isEthereumAddress(ADDRESS.toUpperCase().replace('0X', '0x'))).toBe(true);
+  });
+
+  it('returns true when checksummed', () => {
+    expect(isEthereumAddress(ADDRESS)).toBe(true);
+  });
+
+  it('returns false when empty address', () => {
+    expect(isEthereumAddress()).toBe(false);
+  });
+
+  it('returns false when invalid address', () => {
+    expect(isEthereumAddress('0xinvalid')).toBe(false);
+  });
+
+  it('returns false when invalid address of correct length', () => {
+    expect(isEthereumAddress('0xinvalid000123456789012345678901234567890')).toBe(false);
+  });
+});

package/src/ethereum/isAddress.ts

@@ -0,0 +1,16 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import { isHex } from '@pezkuwi/util';
+
+import { isEthereumChecksum } from './isChecksum.js';
+
+export function isEthereumAddress (address?: string): boolean {
+  if (!address || address.length !== 42 || !isHex(address)) {
+    return false;
+  } else if (/^(0x)?[0-9a-f]{40}$/.test(address) || /^(0x)?[0-9A-F]{40}$/.test(address)) {
+    return true;
+  }
+
+  return isEthereumChecksum(address);
+}

package/src/ethereum/isChecksum.ts

@@ -0,0 +1,27 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import { u8aToHex } from '@pezkuwi/util';
+
+import { keccakAsU8a } from '../keccak/index.js';
+
+function isInvalidChar (char: string, byte: number): boolean {
+  return char !== (
+    byte > 7
+      ? char.toUpperCase()
+      : char.toLowerCase()
+  );
+}
+
+export function isEthereumChecksum (_address: string): boolean {
+  const address = _address.replace('0x', '');
+  const hash = u8aToHex(keccakAsU8a(address.toLowerCase()), -1, false);
+
+  for (let i = 0; i < 40; i++) {
+    if (isInvalidChar(address[i], parseInt(hash[i], 16))) {
+      return false;
+    }
+  }
+
+  return true;
+}

package/src/ethereum/isCheksum.spec.ts

@@ -0,0 +1,30 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { isEthereumChecksum } from './index.js';
+
+const ADDRESS = '0x00a329c0648769A73afAc7F9381E08FB43dBEA72';
+
+describe('isEthereumChecksum', () => {
+  it('returns false on invalid address', () => {
+    expect(isEthereumChecksum('0x00a329c0648769')).toBe(false);
+  });
+
+  it('returns false on non-checksum address', () => {
+    expect(isEthereumChecksum('0x1234567890abcdeedcba1234567890abcdeedcba')).toBe(false);
+  });
+
+  it('returns false when fully lowercase', () => {
+    expect(isEthereumChecksum(ADDRESS.toLowerCase())).toBe(false);
+  });
+
+  it('returns false when fully uppercase', () => {
+    expect(isEthereumChecksum(ADDRESS.toUpperCase().replace('0X', '0x'))).toBe(false);
+  });
+
+  it('returns true on a checksummed address', () => {
+    expect(isEthereumChecksum(ADDRESS)).toBe(true);
+  });
+});

package/src/hd/ethereum/index.spec.ts

@@ -0,0 +1,54 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { mnemonicToLegacySeed } from '@pezkuwi/util-crypto';
+
+import { hdEthereum } from './index.js';
+
+describe('hdEthereum', (): void => {
+  const PHRASE = 'seed sock milk update focus rotate barely fade car face mechanic mercy';
+  const derivationPath = 'm/44\'/60\'/0\'/0/0';
+  const PUBLIC = new Uint8Array([
+    3, 118, 64, 77, 247, 27, 4, 157,
+    236, 206, 251, 221, 230, 244, 154, 147,
+    189, 131, 249, 169, 102, 78, 3, 185,
+    153, 19, 89, 40, 24, 25, 139, 131,
+    93
+  ]);
+  const SECRET = new Uint8Array([
+    166, 162, 203, 17, 2, 206, 110, 176,
+    18, 102, 230, 144, 90, 158, 25, 232,
+    43, 180, 176, 49, 189, 149, 3, 71,
+    243, 228, 223, 104, 125, 132, 58, 228
+  ]
+  );
+  const PUBLICDERIVED = new Uint8Array([
+    3, 129, 53, 27, 27, 70, 210, 96,
+    43, 9, 146, 187, 93, 85, 49, 249,
+    193, 105, 107, 8, 18, 254, 178, 83,
+    75, 104, 132, 173, 196, 126, 46, 29,
+    139
+  ]);
+  const SECRETDERIVED = new Uint8Array([
+    7, 13, 195, 17, 115, 0, 1, 25,
+    24, 226, 107, 2, 23, 105, 69, 204,
+    21, 195, 213, 72, 207, 73, 253, 132,
+    24, 217, 127, 147, 175, 105, 158, 70
+  ]);
+
+  it('derives the right key pair from a mnemonic', (): void => {
+    const key = hdEthereum(mnemonicToLegacySeed(PHRASE, '', false, 64));
+
+    expect(key.publicKey).toEqual(PUBLIC);
+    expect(key.secretKey).toEqual(SECRET);
+  });
+
+  it('derives the right key pair from a mnemonic and a derivation path', (): void => {
+    const key = hdEthereum(mnemonicToLegacySeed(PHRASE, '', false, 64), derivationPath);
+
+    expect(key.publicKey).toEqual(PUBLICDERIVED);
+    expect(key.secretKey).toEqual(SECRETDERIVED);
+  });
+});

package/src/hd/ethereum/index.ts

@@ -0,0 +1,69 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import type { Keypair } from '../../types.js';
+
+import { bnToU8a, stringToU8a, u8aConcat } from '@pezkuwi/util';
+
+import { BN_BE_32_OPTS } from '../../bn.js';
+import { hmacShaAsU8a } from '../../hmac/index.js';
+import { secp256k1PairFromSeed, secp256k1PrivateKeyTweakAdd } from '../../secp256k1/index.js';
+import { HARDENED, hdValidatePath } from '../validatePath.js';
+
+interface CodedKeypair extends Keypair {
+  chainCode: Uint8Array;
+}
+
+const MASTER_SECRET = stringToU8a('Bitcoin seed');
+
+function createCoded (secretKey: Uint8Array, chainCode: Uint8Array): CodedKeypair {
+  return {
+    chainCode,
+    publicKey: secp256k1PairFromSeed(secretKey).publicKey,
+    secretKey
+  };
+}
+
+function deriveChild (hd: CodedKeypair, index: number): CodedKeypair {
+  const indexBuffer = bnToU8a(index, BN_BE_32_OPTS);
+  const data = index >= HARDENED
+    ? u8aConcat(new Uint8Array(1), hd.secretKey, indexBuffer)
+    : u8aConcat(hd.publicKey, indexBuffer);
+
+  try {
+    const I = hmacShaAsU8a(hd.chainCode, data, 512);
+
+    return createCoded(
+      secp256k1PrivateKeyTweakAdd(hd.secretKey, I.slice(0, 32)),
+      I.slice(32)
+    );
+  } catch {
+    // In case parse256(IL) >= n or ki == 0, proceed with the next value for i
+    return deriveChild(hd, index + 1);
+  }
+}
+
+export function hdEthereum (seed: Uint8Array, path = ''): Keypair {
+  const I = hmacShaAsU8a(MASTER_SECRET, seed, 512);
+  let hd = createCoded(I.slice(0, 32), I.slice(32));
+
+  if (!path || path === 'm' || path === 'M' || path === "m'" || path === "M'") {
+    return hd;
+  }
+
+  if (!hdValidatePath(path)) {
+    throw new Error('Invalid derivation path');
+  }
+
+  const parts = path.split('/').slice(1);
+
+  for (const p of parts) {
+    hd = deriveChild(hd, parseInt(p, 10) + (
+      (p.length > 1) && p.endsWith("'")
+        ? HARDENED
+        : 0
+    ));
+  }
+
+  return hd;
+}

package/src/hd/index.ts

@@ -0,0 +1,6 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+export { hdEthereum } from './ethereum/index.js';
+export { hdLedger } from './ledger/index.js';
+export { hdValidatePath } from './validatePath.js';

package/src/hd/ledger/derivePrivate.ts

@@ -0,0 +1,34 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+import { BN_EIGHT, bnToU8a, u8aConcat, u8aToBn } from '@pezkuwi/util';
+
+import { BN_LE_32_OPTS, BN_LE_512_OPTS, BN_LE_OPTS } from '../../bn.js';
+import { hmacShaAsU8a } from '../../hmac/index.js';
+
+// performs hard-only derivation on the xprv
+export function ledgerDerivePrivate (xprv: Uint8Array, index: number): Uint8Array {
+  const kl = xprv.subarray(0, 32);
+  const kr = xprv.subarray(32, 64);
+  const cc = xprv.subarray(64, 96);
+  const data = u8aConcat([0], kl, kr, bnToU8a(index, BN_LE_32_OPTS));
+  const z = hmacShaAsU8a(cc, data, 512);
+
+  data[0] = 0x01;
+
+  return u8aConcat(
+    bnToU8a(
+      u8aToBn(kl, BN_LE_OPTS).iadd(
+        u8aToBn(z.subarray(0, 28), BN_LE_OPTS).imul(BN_EIGHT)
+      ),
+      BN_LE_512_OPTS
+    ).subarray(0, 32),
+    bnToU8a(
+      u8aToBn(kr, BN_LE_OPTS).iadd(
+        u8aToBn(z.subarray(32, 64), BN_LE_OPTS)
+      ),
+      BN_LE_512_OPTS
+    ).subarray(0, 32),
+    hmacShaAsU8a(cc, data, 512).subarray(32, 64)
+  );
+}

package/src/hd/ledger/index.spec.ts

@@ -0,0 +1,64 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+/// <reference types="@polkadot/dev-test/globals.d.ts" />
+
+import { u8aToHex } from '@pezkuwi/util';
+
+import { hdLedger } from '../index.js';
+
+const MNE_0 = 'abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about';
+const MNE_1 = 'open jelly jeans corn ketchup supreme brief element armed lens vault weather original scissors rug priority vicious lesson raven spot gossip powder person volcano';
+const MNE_P = `${MNE_1} testing`;
+
+const TESTS = {
+  Kusama: {
+    slip44: 0x01b2,
+    tests: [
+      {
+        ed25519: '0x98cb4e14e0e08ea876f88d728545ea7572dc07dbbe69f1731c418fb827e69d41',
+        index: [0, 0],
+        mnemonic: MNE_0
+      },
+      {
+        ed25519: '0x70e9010e84c81095aaa5f63b1c5a6a66a1dcbec017a23c2f3b7a1b08fe5ea65a',
+        index: [0, 0],
+        mnemonic: MNE_1
+      },
+      {
+        ed25519: '0xf06730efb1e6ea59ac752a7c3620fade3909062fb88597856cc3af72045fa65a',
+        index: [5, 7],
+        mnemonic: MNE_1
+      }
+    ]
+  },
+  Polkadot: {
+    slip44: 0x0162,
+    tests: [
+      {
+        ed25519: '0xe8c68348586d53e4e8d1a864b0e4e17c75e4eb06e0c63c1432bef2ba29e69d41',
+        index: [0, 0],
+        mnemonic: MNE_0
+      },
+      {
+        ed25519: '0x3890e8db837eba3f8f25215c753e1091062298ce671a51441e7ef89a7adc4f48',
+        index: [0, 0],
+        mnemonic: MNE_P
+      }
+    ]
+  }
+};
+
+describe('ledgerDerive', (): void => {
+  Object.entries(TESTS).forEach(([network, { slip44, tests }]): void => {
+    tests.forEach(({ ed25519, index: [account, address], mnemonic }, index): void => {
+      it(`derives a known ed25519 seed for ${network} (${index})`, (): void => {
+        expect(u8aToHex(
+          hdLedger(mnemonic, `m/44'/${slip44}'/${account}'/0'/${address}'`)
+            .secretKey
+            .slice(0, 32)
+        )).toEqual(ed25519);
+      });
+    });
+  });
+});