@pezkuwi/wasm-crypto 7.5.7 → 7.5.8

package/src/rs/secp256k1.rs

@@ -0,0 +1,150 @@
+// Copyright 2019-2025 @pezkuwi/wasm-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+use secp256k1::{
+    ecdsa::{RecoverableSignature, RecoveryId},
+    Message, PublicKey, SecretKey, SECP256K1,
+};
+use wasm_bindgen::prelude::*;
+
+#[wasm_bindgen]
+pub fn ext_secp_pub_compress(pubkey: &[u8]) -> Vec<u8> {
+    match PublicKey::from_slice(&pubkey) {
+        Ok(p) => p.serialize().to_vec(),
+        _ => panic!("Invalid pubkey provided."),
+    }
+}
+
+#[wasm_bindgen]
+pub fn ext_secp_pub_expand(pubkey: &[u8]) -> Vec<u8> {
+    match PublicKey::from_slice(&pubkey) {
+        Ok(p) => p.serialize_uncompressed().to_vec(),
+        _ => panic!("Invalid pubkey provided."),
+    }
+}
+
+#[wasm_bindgen]
+pub fn ext_secp_from_seed(seed: &[u8]) -> Vec<u8> {
+    match SecretKey::from_slice(seed) {
+        Ok(s) => {
+            let mut res = vec![];
+            let pubkey = PublicKey::from_secret_key(SECP256K1, &s);
+
+            res.extend_from_slice(&s.serialize_secret());
+            res.extend_from_slice(&pubkey.serialize());
+
+            res
+        }
+        _ => panic!("Invalid seed provided."),
+    }
+}
+
+#[wasm_bindgen]
+pub fn ext_secp_recover(hash: &[u8], sig: &[u8], rec: i32) -> Vec<u8> {
+    match RecoveryId::from_i32(rec) {
+        Ok(r) => match (
+            Message::from_slice(hash),
+            RecoverableSignature::from_compact(&sig, r),
+        ) {
+            (Ok(m), Ok(s)) => {
+                let standard = s.to_standard();
+                let mut normalized = standard;
+                normalized.normalize_s();
+
+                // check if the signature is normalized
+                if normalized.ne(&standard) {
+                    panic!("Non-normalized signature provided.");
+                }
+
+                match s.recover(&m) {
+                    Ok(k) => k.serialize().to_vec(),
+                    _ => panic!("Unable to recover."),
+                }
+            }
+            _ => panic!("Invalid signature provided."),
+        },
+        _ => panic!("Invalid recovery data provided."),
+    }
+}
+
+#[wasm_bindgen]
+pub fn ext_secp_sign(hash: &[u8], seckey: &[u8]) -> Vec<u8> {
+    match (Message::from_slice(hash), SecretKey::from_slice(seckey)) {
+        (Ok(m), Ok(s)) => {
+            let mut res = vec![];
+            let (rec, sig) = SECP256K1.sign_ecdsa_recoverable(&m, &s).serialize_compact();
+
+            res.extend_from_slice(&sig);
+            res.push(rec.to_i32() as u8);
+
+            res
+        }
+        _ => panic!("Invalid message or secret provided."),
+    }
+}
+
+#[cfg(test)]
+pub mod tests {
+    use super::*;
+    use hex_literal::hex;
+
+    #[test]
+    fn can_create_pair() {
+        let seckey = hex!("4380de832af797688026ce24f85204d508243f201650c1a134929e5458b7fbae");
+        let expected = hex!("4380de832af797688026ce24f85204d508243f201650c1a134929e5458b7fbae03fd8c74f795ced92064b86191cb2772b1e3a0947740aa0a5a6e379592471fd85b");
+        let res = ext_secp_from_seed(&seckey);
+
+        assert_eq!(res[..], expected[..]);
+    }
+
+    #[test]
+    fn can_pub_compress_full() {
+        let pubkey = hex!("04b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb1307763fe926c273235fd979a134076d00fd1683cbd35868cb485d4a3a640e52184af");
+        let expected = hex!("03b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb13077");
+        let res = ext_secp_pub_compress(&pubkey);
+
+        assert_eq!(res[..], expected[..]);
+    }
+
+    #[test]
+    fn can_pub_expand_comp() {
+        let pubkey = hex!("03b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb13077");
+        let expected = hex!("04b9dc646dd71118e5f7fda681ad9eca36eb3ee96f344f582fbe7b5bcdebb1307763fe926c273235fd979a134076d00fd1683cbd35868cb485d4a3a640e52184af");
+        let res = ext_secp_pub_expand(&pubkey);
+
+        assert_eq!(res[..], expected[..]);
+    }
+
+    #[test]
+    fn can_recover() {
+        let expected = hex!("028d13da15a02f3a70677339d51b14177ee9b49657662b35e56a9d9dee17db1d30");
+        let sig = hex!("7505f2880114da51b3f5d535f8687953c0ab9af4ab81e592eaebebf53b728d2b6dfd9b5bcd70fee412b1f31360e7c2774009305cb84fc50c1d0ff8034dfa5fff");
+        let msg = hex!("a30b64ce1eedf409c8afb801d72c05234e64849ea538c15dd3c8cf4ffcf166c9");
+        let res = ext_secp_recover(&msg, &sig, 0);
+
+        assert_eq!(res[..], expected[..]);
+    }
+
+    #[test]
+    fn can_sign() {
+        // JS expectation - doesn't match?
+        // let expected = hex!("df92f73d9f060cefacf187b5414491cb992998ace017fa48839b5cda3e264ba8c4efa521361678d9b8582744d77aa4b8d886d7380b7808a683174afad9c4700300");
+        let expected = hex!("df92f73d9f060cefacf187b5414491cb992998ace017fa48839b5cda3e264ba83b105adec9e9872647a7d8bb28855b45e22805aea3d097953cbb1391f671d13e01");
+        let seckey = hex!("4380de832af797688026ce24f85204d508243f201650c1a134929e5458b7fbae");
+        let msg = hex!("68c731589a583d08b70861683b59ce3dd56284cb2f0da5b6cd83e6641dac3aab");
+        let res = ext_secp_sign(&msg, &seckey);
+
+        assert_eq!(res[..], expected[..]);
+    }
+
+    #[test]
+    #[should_panic(expected = "Non-normalized signature provided.")]
+    fn rejects_high_s_signature() {
+        // valid ECDSA signature with a high S value (non-normalized)
+        let sig = hex!(
+            "fa1b7a71500322d70bcd5b982c678c96c95f68893063e1621b8b85c867b80b1caae8c7c4f8b5c6d181e4c8898a3f4c329da0e2c21f6f80552a660e6c1d9fa201");
+        let msg = hex!("9a3c9be3a14a94df8cda1c474c0e9f8b1b35b1d85d2122cb87e6eb3c518e3be3");
+
+        let _ = ext_secp_recover(&msg, &sig, 0);
+    }
+}

package/src/rs/sr25519.rs

@@ -0,0 +1,331 @@
+// Copyright 2019-2025 @pezkuwi/wasm-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+// Based on original work by Paritytech (https://github.com/pezkuwichain/schnorrkel-js/)
+// Adapted for PezkuwiChain by Kurdistan Tech Institute
+// Original fork history: pezkuwichain/schnorrkel-js → pezkuwi-js/schnorrkel-js → pezkuwi/wasm
+
+use curve25519_dalek::scalar::Scalar;
+use schnorrkel::{
+	ExpansionMode, Keypair, MiniSecretKey, PublicKey, SecretKey, Signature,
+	derive::{Derivation, ChainCode, CHAIN_CODE_LENGTH},
+};
+use wasm_bindgen::prelude::*;
+
+// We must make sure that this is the same as declared in the bizinikiwi source code.
+// PezkuwiChain uses "bizinikiwi" as the signing context instead of "bizinikiwi".
+const CTX: &'static [u8] = b"bizinikiwi";
+
+/// ChainCode construction helper
+fn new_cc(data: &[u8]) -> ChainCode {
+	let mut cc = [0u8; CHAIN_CODE_LENGTH];
+
+	cc.copy_from_slice(&data);
+
+	ChainCode(cc)
+}
+
+/// Perform a derivation on a secret
+///
+/// * secret: UIntArray with 64 bytes
+/// * cc: UIntArray with 32 bytes
+///
+/// returned vector the derived keypair as a array of 96 bytes
+#[wasm_bindgen]
+pub fn ext_sr_derive_keypair_hard(pair: &[u8], cc: &[u8]) -> Vec<u8> {
+	match Keypair::from_half_ed25519_bytes(pair) {
+		Ok(p) => p.secret
+			.hard_derive_mini_secret_key(Some(new_cc(cc)), &[]).0
+			.expand_to_keypair(ExpansionMode::Ed25519)
+			.to_half_ed25519_bytes()
+			.to_vec(),
+		_ => panic!("Invalid pair provided.")
+	}
+}
+
+/// Perform a derivation on a secret
+///
+/// * secret: UIntArray with 64 bytes
+/// * cc: UIntArray with 32 bytes
+///
+/// returned vector the derived keypair as a array of 96 bytes
+#[wasm_bindgen]
+pub fn ext_sr_derive_keypair_soft(pair: &[u8], cc: &[u8]) -> Vec<u8> {
+	match Keypair::from_half_ed25519_bytes(pair) {
+		Ok(p) => p
+			.derived_key_simple(new_cc(cc), &[]).0
+			.to_half_ed25519_bytes()
+			.to_vec(),
+		_ => panic!("Invalid pair provided.")
+	}
+}
+
+/// Perform a derivation on a publicKey
+///
+/// * pubkey: UIntArray with 32 bytes
+/// * cc: UIntArray with 32 bytes
+///
+/// returned vector is the derived publicKey as a array of 32 bytes
+#[wasm_bindgen]
+pub fn ext_sr_derive_public_soft(pubkey: &[u8], cc: &[u8]) -> Vec<u8> {
+	match PublicKey::from_bytes(pubkey) {
+		Ok(k) => k
+			.derived_key_simple(new_cc(cc), &[]).0
+			.to_bytes()
+			.to_vec(),
+		_ => panic!("Invalid pubkey provided.")
+	}
+}
+
+/// Generate a key pair.
+///
+/// * seed: UIntArray with 32 element
+///
+/// returned vector is the concatenation of first the private key (64 bytes)
+/// followed by the public key (32) bytes.
+#[wasm_bindgen]
+pub fn ext_sr_from_seed(seed: &[u8]) -> Vec<u8> {
+	match MiniSecretKey::from_bytes(seed) {
+		Ok(s) => s
+			.expand_to_keypair(ExpansionMode::Ed25519)
+			.to_half_ed25519_bytes()
+			.to_vec(),
+		_ => panic!("Invalid seed provided.")
+	}
+}
+
+/// Generate a key pair from a known pair. (This is not exposed via WASM)
+///
+/// * seed: UIntArray with 96 element
+///
+/// returned vector is the concatenation of first the private key (64 bytes)
+/// followed by the public key (32) bytes.
+pub fn ext_sr_from_pair(pair: &[u8]) -> Vec<u8> {
+	match Keypair::from_half_ed25519_bytes(pair) {
+		Ok(p) => p
+			.to_half_ed25519_bytes()
+			.to_vec(),
+		_ => panic!("Invalid pair provided.")
+	}
+}
+
+/// Sign a message
+///
+/// The combination of both public and private key must be provided.
+/// This is effectively equivalent to a keypair.
+///
+/// * pubkey: UIntArray with 32 element
+/// * private: UIntArray with 64 element
+/// * message: Arbitrary length UIntArray
+///
+/// * returned vector is the signature consisting of 64 bytes.
+#[wasm_bindgen]
+pub fn ext_sr_sign(pubkey: &[u8], secret: &[u8], message: &[u8]) -> Vec<u8> {
+	match (SecretKey::from_ed25519_bytes(secret), PublicKey::from_bytes(pubkey)) {
+		(Ok(s), Ok(k)) => s
+			.sign_simple(CTX, message, &k)
+			.to_bytes()
+			.to_vec(),
+		_ => panic!("Invalid secret or pubkey provided.")
+	 }
+}
+
+/// Verify a message and its corresponding against a public key;
+///
+/// * signature: UIntArray with 64 element
+/// * message: Arbitrary length UIntArray
+/// * pubkey: UIntArray with 32 element
+#[wasm_bindgen]
+pub fn ext_sr_verify(signature: &[u8], message: &[u8], pubkey: &[u8]) -> bool {
+	match (Signature::from_bytes(signature), PublicKey::from_bytes(pubkey)) {
+		(Ok(s), Ok(k)) => k
+			.verify_simple(CTX, message, &s)
+			.is_ok(),
+		_ => false
+	}
+}
+
+/// Key agreement between other's public key and self secret key.
+///
+/// * pubkey: UIntArray with 32 element
+/// * secret: UIntArray with 64 element
+///
+/// * returned vector is the generated secret of 32 bytes.
+#[wasm_bindgen]
+pub fn ext_sr_agree(pubkey: &[u8], secret: &[u8]) -> Vec<u8> {
+	match SecretKey::from_ed25519_bytes(secret) {
+		Ok(s) => {
+			// The first 32 bytes holds the canonical private key
+			let mut key = [0u8; 32];
+
+			key.copy_from_slice(&s.to_bytes()[0..32]);
+
+			match (Scalar::from_canonical_bytes(key), PublicKey::from_bytes(pubkey)) {
+				(Some(n), Ok(k)) => (&n * k.as_point())
+					.compress().0
+					.to_vec(),
+				_ => panic!("Invalid scalar or pubkey provided.")
+			}
+		},
+		_ => panic!("Invalid secret provided.")
+	}
+}
+
+#[cfg(test)]
+pub mod tests {
+	extern crate rand;
+	extern crate schnorrkel;
+
+	use super::*;
+	use hex_literal::hex;
+	use schnorrkel::{SIGNATURE_LENGTH, KEYPAIR_LENGTH, SECRET_KEY_LENGTH};
+
+	fn generate_random_seed() -> Vec<u8> {
+		(0..32).map(|_| rand::random::<u8>()).collect()
+	}
+
+	#[test]
+	fn can_new_keypair() {
+		let seed = generate_random_seed();
+		let keypair = ext_sr_from_seed(seed.as_slice());
+
+		assert!(keypair.len() == KEYPAIR_LENGTH);
+	}
+
+	#[test]
+	fn creates_pair_from_known_seed() {
+		let seed = hex!("fac7959dbfe72f052e5a0c3c8d6530f202b02fd8f9f5ca3580ec8deb7797479e");
+		let expected = hex!("46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a");
+		let keypair = ext_sr_from_seed(&seed);
+		let public = &keypair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(public, expected);
+	}
+
+	#[test]
+	fn new_pair_from_known_pair() {
+		let input = hex!("28b0ae221c6bb06856b287f60d7ea0d98552ea5a16db16956849aa371db3eb51fd190cce74df356432b410bd64682309d6dedb27c76845daf388557cbac3ca3446ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a");
+		let keypair = ext_sr_from_pair(&input);
+		let expected = hex!("46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a");
+		let public = &keypair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(public, expected);
+	}
+
+	#[test]
+	fn can_sign_message() {
+		let seed = generate_random_seed();
+		let keypair = ext_sr_from_seed(seed.as_slice());
+		let private = &keypair[0..SECRET_KEY_LENGTH];
+		let public = &keypair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+		let message = b"this is a message";
+		let signature = ext_sr_sign(public, private, message);
+
+		assert!(signature.len() == SIGNATURE_LENGTH);
+	}
+
+	#[test]
+	fn can_verify_message() {
+		let seed = generate_random_seed();
+		let keypair = ext_sr_from_seed(seed.as_slice());
+		let private = &keypair[0..SECRET_KEY_LENGTH];
+		let public = &keypair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+		let message = b"this is a message";
+		let signature = ext_sr_sign(public, private, message);
+		let is_valid = ext_sr_verify(&signature[..], message, public);
+
+		assert!(is_valid);
+	}
+
+	#[test]
+	fn can_verify_known_message() {
+		let message = b"I hereby verify that I control 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY";
+		let public = hex!("d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d");
+		let signature = hex!("1037eb7e51613d0dcf5930ae518819c87d655056605764840d9280984e1b7063c4566b55bf292fcab07b369d01095879b50517beca4d26e6a65866e25fec0d83");
+		let is_valid = ext_sr_verify(&signature, message, &public);
+
+		assert!(is_valid);
+	}
+
+	#[test]
+	fn can_verify_known_wrapped_message() {
+		let message = b"<Bytes>message to sign</Bytes>";
+		let public = hex!("f84d048da2ddae2d9d8fd6763f469566e8817a26114f39408de15547f6d47805");
+		let signature = hex!("48ce2c90e08651adfc8ecef84e916f6d1bb51ebebd16150ee12df247841a5437951ea0f9d632ca165e6ab391532e75e701be6a1caa88c8a6bcca3511f55b4183");
+		let is_valid = ext_sr_verify(&signature, message, &public);
+
+		assert!(is_valid);
+	}
+
+	#[test]
+	fn can_verify_known_wrapped_message_fail() {
+		let message = b"message to sign";
+		let public = hex!("f84d048da2ddae2d9d8fd6763f469566e8817a26114f39408de15547f6d47805");
+		let signature = hex!("48ce2c90e08651adfc8ecef84e916f6d1bb51ebebd16150ee12df247841a5437951ea0f9d632ca165e6ab391532e75e701be6a1caa88c8a6bcca3511f55b4183");
+		let is_valid = ext_sr_verify(&signature, message, &public);
+
+		assert!(!is_valid);
+	}
+
+	#[test]
+	fn soft_derives_pair() {
+		let cc = hex!("0c666f6f00000000000000000000000000000000000000000000000000000000"); // foo
+		let seed = hex!("fac7959dbfe72f052e5a0c3c8d6530f202b02fd8f9f5ca3580ec8deb7797479e");
+		let expected = hex!("40b9675df90efa6069ff623b0fdfcf706cd47ca7452a5056c7ad58194d23440a");
+		let keypair = ext_sr_from_seed(&seed);
+		let derived = ext_sr_derive_keypair_soft(&keypair, &cc);
+		let public = &derived[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(public, expected);
+	}
+
+	#[test]
+	fn soft_derives_public() {
+		let cc = hex!("0c666f6f00000000000000000000000000000000000000000000000000000000"); // foo
+		let public = hex!("46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a");
+		let expected = hex!("40b9675df90efa6069ff623b0fdfcf706cd47ca7452a5056c7ad58194d23440a");
+		let derived = ext_sr_derive_public_soft(&public, &cc);
+
+		assert_eq!(derived, expected);
+	}
+
+	#[test]
+	fn hard_derives_pair() {
+		let cc = hex!("14416c6963650000000000000000000000000000000000000000000000000000"); // Alice
+		let seed = hex!("fac7959dbfe72f052e5a0c3c8d6530f202b02fd8f9f5ca3580ec8deb7797479e");
+		let expected = hex!("d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d");
+		let keypair = ext_sr_from_seed(&seed);
+		let derived = ext_sr_derive_keypair_hard(&keypair, &cc);
+		let public = &derived[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(public, expected);
+	}
+
+	#[test]
+	fn key_agreement() {
+		let self_seed = hex!("98b3d305d5a5eace562387e47e59badd4d77e3f72cabfb10a60f8a197059f0a8");
+		let other_seed = hex!("9732eea001851ff862d949a1699c9971f3a26edbede2ad7922cbbe9a0701f366");
+		let expected = hex!("b03a0b198c34c16f35cae933d88b16341b4cef3e84e851f20e664c6a30527f4e");
+		let self_pair = ext_sr_from_seed(&self_seed);
+		let self_sk = &self_pair[0..SECRET_KEY_LENGTH];
+		let self_pk = &self_pair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+		let other_pair = ext_sr_from_seed(&other_seed);
+		let other_sk = &other_pair[0..SECRET_KEY_LENGTH];
+		let other_pk = &other_pair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(ext_sr_agree(self_pk, other_sk), expected);
+		assert_eq!(ext_sr_agree(other_pk, self_sk), expected);
+
+		let seed = generate_random_seed();
+		let self_pair = ext_sr_from_seed(seed.as_slice());
+		let self_sk = &self_pair[0..SECRET_KEY_LENGTH];
+		let self_pk = &self_pair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		let seed = generate_random_seed();
+		let other_pair = ext_sr_from_seed(seed.as_slice());
+		let other_sk = &other_pair[0..SECRET_KEY_LENGTH];
+		let other_pk = &other_pair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+
+		assert_eq!(ext_sr_agree(self_pk, other_sk), ext_sr_agree(other_pk, self_sk));
+	}
+}

package/src/rs/vrf.rs

@@ -0,0 +1,144 @@
+// Copyright 2019-2025 @pezkuwi/wasm-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+
+// Copyright 2019 Paritytech via https://github.com/pezkuwichain/schnorrkel-js/
+//
+// Originally developed (as a fork) in https://github.com/pezkuwi-js/schnorrkel-js/
+// which was adpated from the initial https://github.com/pezkuwichain/schnorrkel-js/
+// forked at commit eff430ddc3090f56317c80654208b8298ef7ab3f
+
+use merlin::Transcript;
+use schnorrkel::{signing_context, vrf::{VRFOutput, VRFProof}, PublicKey, SecretKey};
+use wasm_bindgen::prelude::*;
+
+/// Size of VRF output, bytes
+pub const OUTPUT_SIZE: usize = 32;
+
+/// Size of VRF proof, bytes
+pub const PROOF_SIZE: usize = 64;
+
+/// Size of VRF raw output, bytes
+pub const RAW_OUTPUT_SIZE: usize = 16;
+
+/// Size of VRF limit, bytes
+pub const THRESHOLD_SIZE: usize = 16;
+
+/// Size of the final full output
+pub const RESULT_SIZE: usize = OUTPUT_SIZE + PROOF_SIZE;
+
+pub fn new_transcript(extra: &[u8]) -> Transcript {
+	let mut transcript = Transcript::new(b"VRF");
+
+	// if is important that we don't append when empty, since the
+	// append in merging encodes length information
+	if extra.len() > 0 {
+		transcript.append_message(b"", extra);
+	}
+
+	transcript
+}
+
+// We don't use the non-extra sign and verify internally  since in sr25519 they only wrap -
+//
+// https://github.com/w3f/schnorrkel/blob/8fa2ad3e9fbf0b652c724df6a87a4b3c5500f759/src/vrf.rs#L660
+
+/// Run a Random Verifiable Function (VRF) on one single input
+/// (message) transcript, and an extra message transcript,
+/// producing the output signature and corresponding short proof.
+///
+/// * secret: UIntArray with 64 element
+/// * context: Arbitrary length UIntArray
+/// * message: Arbitrary length UIntArray
+/// * extra: Arbitrary length UIntArray
+///
+/// * returned vector is the 32-byte output (signature) and 64-byte proof.
+#[wasm_bindgen]
+pub fn ext_vrf_sign(secret: &[u8], ctx: &[u8], msg: &[u8], extra: &[u8]) -> Vec<u8> {
+	match SecretKey::from_ed25519_bytes(secret) {
+		Ok(s) => {
+			let mut res: [u8; RESULT_SIZE] = [0u8; RESULT_SIZE];
+			let (io, proof, _) = s
+				.to_keypair()
+				.vrf_sign_extra(signing_context(ctx).bytes(msg), new_transcript(extra));
+
+			res[..OUTPUT_SIZE].copy_from_slice(io.as_output_bytes());
+			res[OUTPUT_SIZE..].copy_from_slice(&proof.to_bytes());
+
+			res.to_vec()
+		},
+		_ => panic!("Invalid secret provided.")
+	}
+}
+
+/// Verify VRF proof for one single input transcript, and an extra message transcript,
+/// and corresponding output.
+///
+/// * pubkey: UIntArray with 32 element
+/// * context: Arbitrary length UIntArray
+/// * message: Arbitrary length UIntArray
+/// * extra: Arbitrary length UIntArray
+/// * out_and_proof: 96-byte output & proof array from the ext_sign function.
+#[wasm_bindgen]
+pub fn ext_vrf_verify(pubkey: &[u8], ctx: &[u8], msg: &[u8], extra: &[u8], out: &[u8]) -> bool {
+	match (PublicKey::from_bytes(pubkey), VRFOutput::from_bytes(&out[..OUTPUT_SIZE]), VRFProof::from_bytes(&out[OUTPUT_SIZE..RESULT_SIZE])) {
+		(Ok(k), Ok(o), Ok(p)) => k
+			.vrf_verify_extra(signing_context(ctx).bytes(msg), &o, &p, new_transcript(extra))
+			.is_ok(),
+		_ => false,
+	}
+}
+
+#[cfg(test)]
+pub mod tests {
+	extern crate rand;
+	extern crate schnorrkel;
+
+	use super::*;
+	use crate::sr25519::ext_sr_from_seed;
+	use schnorrkel::{KEYPAIR_LENGTH, SECRET_KEY_LENGTH};
+
+	fn generate_random_seed() -> Vec<u8> {
+		(0..32).map(|_| rand::random::<u8>()).collect()
+	}
+
+	#[test]
+	fn sign_extra_and_verify() {
+		let seed = generate_random_seed();
+		let keypair = ext_sr_from_seed(seed.as_slice());
+		let private = &keypair[0..SECRET_KEY_LENGTH];
+		let public = &keypair[SECRET_KEY_LENGTH..KEYPAIR_LENGTH];
+		let context = b"my VRF context";
+		let message = b"this is a message";
+		let extra = b"this is an extra";
+
+		// Perform multiple sign_extra calls w/ same context, message, extra args
+		let out1 = ext_vrf_sign(private, context, message, extra);
+		let out2 = ext_vrf_sign(private, context, message, extra);
+
+		// Basic size checks
+		assert!(out1.len() == RESULT_SIZE);
+		assert!(out2.len() == RESULT_SIZE);
+
+		// Given the same context, message & extra, output should be deterministic
+		assert_eq!(&out1[..OUTPUT_SIZE], &out2[..OUTPUT_SIZE]);
+
+		// But proof is non-deterministic
+		assert_ne!(&out1[OUTPUT_SIZE..], &out2[OUTPUT_SIZE..]);
+
+		// VRF outputs can verified w/ original context, message & extra args
+		assert!(ext_vrf_verify(
+			public,
+			context,
+			message,
+			extra,
+			&out1
+		));
+		assert!(ext_vrf_verify(
+			public,
+			context,
+			message,
+			extra,
+			&out2
+		));
+	}
+}