From f37454ed1e730c7588b3980962011b687112d0ac Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Thu, 30 Apr 2026 14:21:47 -0400 Subject: [PATCH] Refactor signatures (#457) * fix BIP-340 signatures for fixed sized messages * fmt * fix unit test * Removed privacy keycard calls * Revert "Removed privacy keycard calls" This reverts commit d70ef505a1f40b87159099761f5fce5a31e3f17b. * Add domain separators * CI fixes * add hash_message tests * fix deny * addressed comments --- common/src/block.rs | 20 +- .../privacy_preserving_transaction/message.rs | 76 ++++- .../witness_set.rs | 8 +- nssa/src/public_transaction/message.rs | 73 ++++ nssa/src/public_transaction/witness_set.rs | 10 +- nssa/src/signature/bip340_test_vectors.rs | 318 ++++++++++-------- nssa/src/signature/mod.rs | 17 +- 7 files changed, 344 insertions(+), 178 deletions(-) diff --git a/common/src/block.rs b/common/src/block.rs index 92adbdb1..fbc4c9a6 100644 --- a/common/src/block.rs +++ b/common/src/block.rs @@ -85,9 +85,20 @@ impl HashableBlockData { signing_key: &nssa::PrivateKey, bedrock_parent_id: MantleMsgId, ) -> Block { + const PREFIX: &[u8; 32] = b"/LEE/v0.3/Message/Block/\x00\x00\x00\x00\x00\x00\x00\x00"; + let data_bytes = borsh::to_vec(&self).unwrap(); - let signature = nssa::Signature::new(signing_key, &data_bytes); - let hash = OwnHasher::hash(&data_bytes); + let mut bytes = Vec::with_capacity( + PREFIX + .len() + .checked_add(data_bytes.len()) + .expect("length overflow"), + ); + bytes.extend_from_slice(PREFIX); + bytes.extend_from_slice(&data_bytes); + + let hash = OwnHasher::hash(&bytes); + let signature = nssa::Signature::new(signing_key, &hash.0); Block { header: BlockHeader { block_id: self.block_id, @@ -103,11 +114,6 @@ impl HashableBlockData { bedrock_parent_id, } } - - #[must_use] - pub fn block_hash(&self) -> BlockHash { - OwnHasher::hash(&borsh::to_vec(&self).unwrap()) - } } impl From for HashableBlockData { diff --git a/nssa/src/privacy_preserving_transaction/message.rs b/nssa/src/privacy_preserving_transaction/message.rs index ee46d0b3..697f66ac 100644 --- a/nssa/src/privacy_preserving_transaction/message.rs +++ b/nssa/src/privacy_preserving_transaction/message.rs @@ -9,6 +9,8 @@ use sha2::{Digest as _, Sha256}; use crate::{AccountId, error::NssaError}; +const PREFIX: &[u8; 32] = b"/LEE/v0.3/Message/Privacy/\x00\x00\x00\x00\x00\x00"; + pub type ViewTag = u8; #[derive(Debug, Clone, PartialEq, Eq, BorshSerialize, BorshDeserialize)] @@ -118,22 +120,34 @@ impl Message { timestamp_validity_window: output.timestamp_validity_window, }) } + + #[must_use] + pub fn hash(&self) -> [u8; 32] { + let msg = self.to_bytes(); + let mut bytes = Vec::with_capacity( + PREFIX + .len() + .checked_add(msg.len()) + .expect("length overflow"), + ); + bytes.extend_from_slice(PREFIX); + bytes.extend_from_slice(&msg); + + Sha256::digest(bytes).into() + } } #[cfg(test)] pub mod tests { use nssa_core::{ Commitment, EncryptionScheme, Nullifier, NullifierPublicKey, SharedSecretKey, - account::Account, + account::{Account, AccountId, Nonce}, encryption::{EphemeralPublicKey, ViewingPublicKey}, program::{BlockValidityWindow, TimestampValidityWindow}, }; use sha2::{Digest as _, Sha256}; - use crate::{ - AccountId, - privacy_preserving_transaction::message::{EncryptedAccountData, Message}, - }; + use super::{EncryptedAccountData, Message, PREFIX}; #[must_use] pub fn message_for_tests() -> Message { @@ -176,6 +190,58 @@ pub mod tests { } } + #[test] + fn hash_privacy_pinned() { + let msg = Message { + public_account_ids: vec![AccountId::new([42_u8; 32])], + nonces: vec![Nonce(5)], + public_post_states: vec![], + encrypted_private_post_states: vec![], + new_commitments: vec![], + new_nullifiers: vec![], + block_validity_window: BlockValidityWindow::new_unbounded(), + timestamp_validity_window: TimestampValidityWindow::new_unbounded(), + }; + + let public_account_ids_bytes: &[u8] = &[42_u8; 32]; + let nonces_bytes: &[u8] = &[1, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + // all remaining vec fields are empty: u32 len=0 + let empty_vec_bytes: &[u8] = &[0_u8; 4]; + // validity windows: unbounded = {from: None (0u8), to: None (0u8)} + let unbounded_window_bytes: &[u8] = &[0_u8; 2]; + + let expected_borsh_vec: Vec = [ + &[1_u8, 0, 0, 0], // public_account_ids + public_account_ids_bytes, + nonces_bytes, + empty_vec_bytes, // public_post_state + empty_vec_bytes, // encrypted_private_post_states + empty_vec_bytes, // new_commitments + empty_vec_bytes, // new_nullifiers + unbounded_window_bytes, // block_validity_window + unbounded_window_bytes, // timestamp_validity_window + ] + .concat(); + let expected_borsh: &[u8] = &expected_borsh_vec; + + assert_eq!( + borsh::to_vec(&msg).unwrap(), + expected_borsh, + "`privacy_preserving_transaction::hash()`: expected borsh order has changed" + ); + + let mut preimage = Vec::with_capacity(PREFIX.len() + expected_borsh.len()); + preimage.extend_from_slice(PREFIX); + preimage.extend_from_slice(expected_borsh); + let expected_hash: [u8; 32] = Sha256::digest(&preimage).into(); + + assert_eq!( + msg.hash(), + expected_hash, + "`privacy_preserving_transaction::hash()`: serialization has changed" + ); + } + #[test] fn encrypted_account_data_constructor() { let npk = NullifierPublicKey::from(&[1; 32]); diff --git a/nssa/src/privacy_preserving_transaction/witness_set.rs b/nssa/src/privacy_preserving_transaction/witness_set.rs index 373bbc9c..e17df90c 100644 --- a/nssa/src/privacy_preserving_transaction/witness_set.rs +++ b/nssa/src/privacy_preserving_transaction/witness_set.rs @@ -14,12 +14,12 @@ pub struct WitnessSet { impl WitnessSet { #[must_use] pub fn for_message(message: &Message, proof: Proof, private_keys: &[&PrivateKey]) -> Self { - let message_bytes = message.to_bytes(); + let message_hash = message.hash(); let signatures_and_public_keys = private_keys .iter() .map(|&key| { ( - Signature::new(key, &message_bytes), + Signature::new(key, &message_hash), PublicKey::new_from_private_key(key), ) }) @@ -32,9 +32,9 @@ impl WitnessSet { #[must_use] pub fn signatures_are_valid_for(&self, message: &Message) -> bool { - let message_bytes = message.to_bytes(); + let message_hash = message.hash(); for (signature, public_key) in self.signatures_and_public_keys() { - if !signature.is_valid_for(&message_bytes, public_key) { + if !signature.is_valid_for(&message_hash, public_key) { return false; } } diff --git a/nssa/src/public_transaction/message.rs b/nssa/src/public_transaction/message.rs index d4838b87..3ab7d74c 100644 --- a/nssa/src/public_transaction/message.rs +++ b/nssa/src/public_transaction/message.rs @@ -4,9 +4,12 @@ use nssa_core::{ program::{InstructionData, ProgramId}, }; use serde::Serialize; +use sha2::{Digest as _, Sha256}; use crate::{AccountId, error::NssaError, program::Program}; +const PREFIX: &[u8; 32] = b"/LEE/v0.3/Message/Public/\x00\x00\x00\x00\x00\x00\x00"; + #[derive(Clone, PartialEq, Eq, BorshSerialize, BorshDeserialize)] pub struct Message { pub program_id: ProgramId, @@ -63,4 +66,74 @@ impl Message { instruction_data, } } + + #[must_use] + pub fn hash(&self) -> [u8; 32] { + let mut bytes = Vec::with_capacity( + PREFIX + .len() + .checked_add(self.to_bytes().len()) + .expect("length overflow"), + ); + bytes.extend_from_slice(PREFIX); + bytes.extend_from_slice(&self.to_bytes()); + + Sha256::digest(bytes).into() + } +} + +#[cfg(test)] +mod tests { + use nssa_core::account::{AccountId, Nonce}; + use sha2::{Digest as _, Sha256}; + + use super::{Message, PREFIX}; + + #[test] + fn hash_public_pinned() { + let msg = Message::new_preserialized( + [1_u32; 8], + vec![AccountId::new([42_u8; 32])], + vec![Nonce(5)], + vec![], + ); + + // program_id: [1_u32; 8], each word as LE u32 + let program_id_bytes: &[u8] = &[ + 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, + 0, 0, 0, + ]; + // account_ids: AccountId([42_u8; 32]) + let account_ids_bytes: &[u8] = &[42_u8; 32]; + // nonces: u32 len=1, then Nonce(5) as LE u128 + let nonces_bytes: &[u8] = &[1, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + let instruction_data_bytes: &[u8] = &[0_u8; 4]; + + let expected_borsh_vec: Vec = [ + program_id_bytes, + &[1_u8, 0, 0, 0], // account_ids len=1 + account_ids_bytes, + nonces_bytes, + instruction_data_bytes, + ] + .concat(); + let expected_borsh: &[u8] = &expected_borsh_vec; + + assert_eq!( + borsh::to_vec(&msg).unwrap(), + expected_borsh, + "`public_transaction::hash()`: expected borsh order has changed" + ); + + let mut preimage = Vec::with_capacity(PREFIX.len() + expected_borsh.len()); + preimage.extend_from_slice(PREFIX); + preimage.extend_from_slice(expected_borsh); + let expected_hash: [u8; 32] = Sha256::digest(&preimage).into(); + + assert_eq!( + msg.hash(), + expected_hash, + "`public_transaction::hash()`: serialization has changed" + ); + } } diff --git a/nssa/src/public_transaction/witness_set.rs b/nssa/src/public_transaction/witness_set.rs index d6b32891..1605f488 100644 --- a/nssa/src/public_transaction/witness_set.rs +++ b/nssa/src/public_transaction/witness_set.rs @@ -10,12 +10,12 @@ pub struct WitnessSet { impl WitnessSet { #[must_use] pub fn for_message(message: &Message, private_keys: &[&PrivateKey]) -> Self { - let message_bytes = message.to_bytes(); + let message_hash = message.hash(); let signatures_and_public_keys = private_keys .iter() .map(|&key| { ( - Signature::new(key, &message_bytes), + Signature::new(key, &message_hash), PublicKey::new_from_private_key(key), ) }) @@ -27,9 +27,9 @@ impl WitnessSet { #[must_use] pub fn is_valid_for(&self, message: &Message) -> bool { - let message_bytes = message.to_bytes(); + let message_hash = message.hash(); for (signature, public_key) in self.signatures_and_public_keys() { - if !signature.is_valid_for(&message_bytes, public_key) { + if !signature.is_valid_for(&message_hash, public_key) { return false; } } @@ -75,7 +75,7 @@ mod tests { assert_eq!(witness_set.signatures_and_public_keys.len(), 2); - let message_bytes = message.to_bytes(); + let message_bytes = message.hash(); for ((signature, public_key), expected_public_key) in witness_set .signatures_and_public_keys .into_iter() diff --git a/nssa/src/signature/bip340_test_vectors.rs b/nssa/src/signature/bip340_test_vectors.rs index e316db5e..ac3eb044 100644 --- a/nssa/src/signature/bip340_test_vectors.rs +++ b/nssa/src/signature/bip340_test_vectors.rs @@ -4,7 +4,7 @@ pub struct TestVector { pub seckey: Option, pub pubkey: PublicKey, pub aux_rand: Option<[u8; 32]>, - pub message: Option>, + pub message: [u8; 32], pub signature: Signature, pub verification_result: bool, } @@ -15,18 +15,21 @@ pub struct TestVector { pub fn test_vectors() -> Vec { vec![ TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0000000000000000000000000000000000000000000000000000000000000003", - )).unwrap()), + seckey: Some( + PrivateKey::try_new(hex_to_bytes( + "0000000000000000000000000000000000000000000000000000000000000003", + )) + .unwrap(), + ), pubkey: PublicKey::try_new(hex_to_bytes( "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - )).unwrap(), + )) + .unwrap(), aux_rand: Some(hex_to_bytes::<32>( "0000000000000000000000000000000000000000000000000000000000000000", )), - message: Some( - hex::decode("0000000000000000000000000000000000000000000000000000000000000000") - .unwrap(), + message: hex_to_bytes::<32>( + "0000000000000000000000000000000000000000000000000000000000000000", ), signature: Signature { value: hex_to_bytes( @@ -36,18 +39,21 @@ pub fn test_vectors() -> Vec { verification_result: true, }, TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF", - )).unwrap()), + seckey: Some( + PrivateKey::try_new(hex_to_bytes( + "B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF", + )) + .unwrap(), + ), pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: Some(hex_to_bytes::<32>( "0000000000000000000000000000000000000000000000000000000000000001", )), - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -57,18 +63,21 @@ pub fn test_vectors() -> Vec { verification_result: true, }, TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9", - )).unwrap()), + seckey: Some( + PrivateKey::try_new(hex_to_bytes( + "C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9", + )) + .unwrap(), + ), pubkey: PublicKey::try_new(hex_to_bytes( "DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", - )).unwrap(), + )) + .unwrap(), aux_rand: Some(hex_to_bytes::<32>( "C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906", )), - message: Some( - hex::decode("7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C") - .unwrap(), + message: hex_to_bytes::<32>( + "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", ), signature: Signature { value: hex_to_bytes( @@ -78,18 +87,21 @@ pub fn test_vectors() -> Vec { verification_result: true, }, TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710", - )).unwrap()), + seckey: Some( + PrivateKey::try_new(hex_to_bytes( + "0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710", + )) + .unwrap(), + ), pubkey: PublicKey::try_new(hex_to_bytes( "25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", - )).unwrap(), + )) + .unwrap(), aux_rand: Some(hex_to_bytes::<32>( "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", )), - message: Some( - hex::decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") - .unwrap(), + message: hex_to_bytes::<32>( + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", ), signature: Signature { value: hex_to_bytes( @@ -102,11 +114,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703") - .unwrap(), + message: hex_to_bytes::<32>( + "4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703", ), signature: Signature { value: hex_to_bytes( @@ -122,13 +134,15 @@ pub fn test_vectors() -> Vec { // "EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34", // )).unwrap(), // aux_rand: None, - // message: Some( - // hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89").unwrap(), - // ), + // message: + // + // hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"). + // unwrap(), ), // signature: Signature { // value: hex_to_bytes( - // "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B", - // ), + // + // "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B" + // , ), // }, // verification_result: false, // }, @@ -136,11 +150,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -153,11 +167,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -170,11 +184,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -187,11 +201,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -204,11 +218,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -221,11 +235,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -238,11 +252,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -255,11 +269,11 @@ pub fn test_vectors() -> Vec { seckey: None, pubkey: PublicKey::try_new(hex_to_bytes( "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - )).unwrap(), + )) + .unwrap(), aux_rand: None, - message: Some( - hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89") - .unwrap(), + message: hex_to_bytes::<32>( + "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", ), signature: Signature { value: hex_to_bytes( @@ -275,90 +289,96 @@ pub fn test_vectors() -> Vec { // "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", // )).unwrap(), // aux_rand: None, - // message: Some( - // hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89").unwrap(), - // ), + // message: + // + // hex::decode("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"). + // unwrap(), ), // signature: Signature { // value: hex_to_bytes( - // "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B", - // ), + // + // "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B" + // , ), // }, // verification_result: false, // }, - TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0340034003400340034003400340034003400340034003400340034003400340", - )).unwrap()), - pubkey: PublicKey::try_new(hex_to_bytes( - "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", - )).unwrap(), - aux_rand: Some(hex_to_bytes::<32>( - "0000000000000000000000000000000000000000000000000000000000000000", - )), - message: None, - signature: Signature { - value: hex_to_bytes( - "71535DB165ECD9FBBC046E5FFAEA61186BB6AD436732FCCC25291A55895464CF6069CE26BF03466228F19A3A62DB8A649F2D560FAC652827D1AF0574E427AB63", - ), - }, - verification_result: true, - }, - TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0340034003400340034003400340034003400340034003400340034003400340", - )).unwrap()), - pubkey: PublicKey::try_new(hex_to_bytes( - "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", - )).unwrap(), - aux_rand: Some(hex_to_bytes::<32>( - "0000000000000000000000000000000000000000000000000000000000000000", - )), - message: Some(hex::decode("11").unwrap()), - signature: Signature { - value: hex_to_bytes( - "08A20A0AFEF64124649232E0693C583AB1B9934AE63B4C3511F3AE1134C6A303EA3173BFEA6683BD101FA5AA5DBC1996FE7CACFC5A577D33EC14564CEC2BACBF", - ), - }, - verification_result: true, - }, - TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0340034003400340034003400340034003400340034003400340034003400340", - )).unwrap()), - pubkey: PublicKey::try_new(hex_to_bytes( - "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", - )).unwrap(), - aux_rand: Some(hex_to_bytes::<32>( - "0000000000000000000000000000000000000000000000000000000000000000", - )), - message: Some(hex::decode("0102030405060708090A0B0C0D0E0F1011").unwrap()), - signature: Signature { - value: hex_to_bytes( - "5130F39A4059B43BC7CAC09A19ECE52B5D8699D1A71E3C52DA9AFDB6B50AC370C4A482B77BF960F8681540E25B6771ECE1E5A37FD80E5A51897C5566A97EA5A5", - ), - }, - verification_result: true, - }, - TestVector { - seckey: Some(PrivateKey::try_new(hex_to_bytes( - "0340034003400340034003400340034003400340034003400340034003400340", - )).unwrap()), - pubkey: PublicKey::try_new(hex_to_bytes( - "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", - )).unwrap(), - aux_rand: Some(hex_to_bytes::<32>( - "0000000000000000000000000000000000000000000000000000000000000000", - )), - message: Some( - hex::decode("99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999").unwrap(), - ), - signature: Signature { - value: hex_to_bytes( - "403B12B0D8555A344175EA7EC746566303321E5DBFA8BE6F091635163ECA79A8585ED3E3170807E7C03B720FC54C7B23897FCBA0E9D0B4A06894CFD249F22367", - ), - }, - verification_result: true, - }, + // Test with invalid message length (0); valid test for BIP-340 post 2022. + // TestVector { + // seckey: PrivateKey::try_new(hex_to_bytes( + // "0340034003400340034003400340034003400340034003400340034003400340", + // )).unwrap()), + // pubkey: PublicKey::try_new(hex_to_bytes( + // "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", + // )).unwrap(), + // aux_rand: hex_to_bytes::<32>( + // "0000000000000000000000000000000000000000000000000000000000000000", + // )), + // message: None, + // signature: Signature { + // value: hex_to_bytes( + // "71535DB165ECD9FBBC046E5FFAEA61186BB6AD436732FCCC25291A55895464CF6069CE26BF03466228F19A3A62DB8A649F2D560FAC652827D1AF0574E427AB63", + // ), + // }, + // verification_result: true, + // }, + // Test with invalid message length (1); valid test for BIP-340 post 2022. + // TestVector { + // seckey: PrivateKey::try_new(hex_to_bytes( + // "0340034003400340034003400340034003400340034003400340034003400340", + // )).unwrap()), + // pubkey: PublicKey::try_new(hex_to_bytes( + // "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", + // )).unwrap(), + // aux_rand: hex_to_bytes::<32>( + // "0000000000000000000000000000000000000000000000000000000000000000", + // )), + // message: hex::decode("11").unwrap()), + // signature: Signature { + // value: hex_to_bytes( + // "08A20A0AFEF64124649232E0693C583AB1B9934AE63B4C3511F3AE1134C6A303EA3173BFEA6683BD101FA5AA5DBC1996FE7CACFC5A577D33EC14564CEC2BACBF", + // ), + // }, + // verification_result: true, + // }, + // Test with invalid message length (17); valid test for BIP-340 post 2022. + // TestVector { + // seckey: PrivateKey::try_new(hex_to_bytes( + // "0340034003400340034003400340034003400340034003400340034003400340", + // )).unwrap()), + // pubkey: PublicKey::try_new(hex_to_bytes( + // "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", + // )).unwrap(), + // aux_rand: hex_to_bytes::<32>( + // "0000000000000000000000000000000000000000000000000000000000000000", + // )), + // message: hex::decode("0102030405060708090A0B0C0D0E0F1011").unwrap()), + // signature: Signature { + // value: hex_to_bytes( + // "5130F39A4059B43BC7CAC09A19ECE52B5D8699D1A71E3C52DA9AFDB6B50AC370C4A482B77BF960F8681540E25B6771ECE1E5A37FD80E5A51897C5566A97EA5A5", + // ), + // }, + // erification_result: true, + // }, + // Test with invalid message length (100); valid test for BIP-340 post 2022. + // TestVector { + // seckey: PrivateKey::try_new(hex_to_bytes( + // "0340034003400340034003400340034003400340034003400340034003400340", + // )).unwrap()), + // pubkey: PublicKey::try_new(hex_to_bytes( + // "778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117", + // )).unwrap(), + // aux_rand: hex_to_bytes::<32>( + // "0000000000000000000000000000000000000000000000000000000000000000", + // )), + // message: + // hex::decode("99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999").unwrap(), + // ), + // signature: Signature { + // value: hex_to_bytes( + // "403B12B0D8555A344175EA7EC746566303321E5DBFA8BE6F091635163ECA79A8585ED3E3170807E7C03B720FC54C7B23897FCBA0E9D0B4A06894CFD249F22367", + // ), + // }, + // verification_result: true, + // }, ] } diff --git a/nssa/src/signature/mod.rs b/nssa/src/signature/mod.rs index 3a594da6..a46b1ff5 100644 --- a/nssa/src/signature/mod.rs +++ b/nssa/src/signature/mod.rs @@ -36,8 +36,10 @@ impl FromStr for Signature { } impl Signature { + /// This function expects the incoming message to be prehashed to be pre-2022 BIP-340/Keycard + /// compatible. #[must_use] - pub fn new(key: &PrivateKey, message: &[u8]) -> Self { + pub fn new(key: &PrivateKey, message: &[u8; 32]) -> Self { let mut aux_random = [0_u8; 32]; OsRng.fill_bytes(&mut aux_random); Self::new_with_aux_random(key, message, aux_random) @@ -45,14 +47,14 @@ impl Signature { pub(crate) fn new_with_aux_random( key: &PrivateKey, - message: &[u8], + message: &[u8; 32], aux_random: [u8; 32], ) -> Self { let value = { let signing_key = k256::schnorr::SigningKey::from_bytes(key.value()) .expect("Expect valid signing key"); signing_key - .sign_raw(message, &aux_random) + .sign_prehash_with_aux_rand(message, &aux_random) .expect("Expect to produce a valid signature") .to_bytes() }; @@ -61,7 +63,7 @@ impl Signature { } #[must_use] - pub fn is_valid_for(&self, bytes: &[u8], public_key: &PublicKey) -> bool { + pub fn is_valid_for(&self, bytes: &[u8; 32], public_key: &PublicKey) -> bool { let Ok(pk) = k256::schnorr::VerifyingKey::from_bytes(public_key.value()) else { return false; }; @@ -97,9 +99,8 @@ mod tests { let Some(aux_random) = test_vector.aux_rand else { continue; }; - let Some(message) = test_vector.message else { - continue; - }; + let message = test_vector.message; + if !test_vector.verification_result { continue; } @@ -114,7 +115,7 @@ mod tests { #[test] fn signature_verification_from_bip340_test_vectors() { for (i, test_vector) in bip340_test_vectors::test_vectors().into_iter().enumerate() { - let message = test_vector.message.unwrap_or(vec![]); + let message = test_vector.message; let expected_result = test_vector.verification_result; let result = test_vector