Skip to content

Commit

Permalink
crypto: tz2 should hash input
Browse files Browse the repository at this point in the history
  • Loading branch information
emturner committed Jun 27, 2024
1 parent 2d4b4ae commit 901645c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 12 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ parameterized by the lifetime of the input byte slice.
- Fix `BlsSignature` base58 check encoding/decoding.
- Fix `SecretKeyEd25519` base58 check encoding/decoding.
- Fix all zeros signature encoding: should be `Unknown` rather than defaulting to `Ed25519`.
- Fix `tz2` signature verification: input should be hashed.

### Security

Expand Down
17 changes: 10 additions & 7 deletions crypto/src/hash.rs
Original file line number Diff line number Diff line change
Expand Up @@ -673,8 +673,11 @@ impl PublicKeySignatureVerifier for PublicKeySecp256k1 {
.map_err(|_| CryptoError::InvalidPublicKey)?;
let sig = libsecp256k1::Signature::parse_standard_slice(signature.as_ref())
.map_err(|_| CryptoError::InvalidSignature)?;
let msg =
libsecp256k1::Message::parse_slice(bytes).map_err(|_| CryptoError::InvalidMessage)?;

let payload = crate::blake2b::digest_256(bytes);

let msg = libsecp256k1::Message::parse_slice(&payload)
.map_err(|_| CryptoError::InvalidMessage)?;

Ok(libsecp256k1::verify(&msg, &sig, &pk))
}
Expand Down Expand Up @@ -1126,15 +1129,15 @@ mod tests {

#[test]
fn test_secp256k1_signature_verification() {
// sk: spsk1sheno8Jt8FoBEoamFoNBxUEpjEggNNpepTFc8cEoJBA9QjDJq
let pk = PublicKeySecp256k1::from_base58_check(
"sppk7cwkTzCPptCSxSTvGNg4uqVcuTbyWooLnJp4yxJNH5DReUGxYvs",
"sppk7a2WEfU54QzcQZ2EMjihtcxLeRtNTVxHw4FW2e8W5kEJ8ZargSb",
)
.unwrap();
let sig = Signature::from_base58_check("sigrJ2jqanLupARzKGvzWgL1Lv6NGUqDovHKQg9MX4PtNtHXgcvG6131MRVzujJEXfvgbuRtfdGbXTFaYJJjuUVLNNZTf5q1").unwrap().try_into().unwrap();
let msg = hex::decode("5538e2cc90c9b053a12e2d2f3a985aff1809eac59501db4d644e4bb381b06b4b")
.unwrap();
let sig = Secp256k1Signature::from_base58_check("spsig1QLf7cczTbt4UHFGQKUrB2pS3ZTu9wdXR29zKxVPQkhBaiLez6hRcM142ms7HagQa3vuPstvMtYq44y4x4RPcrLu76ZuQ7").unwrap();
let msg = b"hello, test";

let result = pk.verify_signature(&sig, &msg).unwrap();
let result = pk.verify_signature(&sig, msg).unwrap();
assert!(result);
}

Expand Down
11 changes: 6 additions & 5 deletions crypto/src/public_key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -240,14 +240,15 @@ mod test {

#[test]
fn tz2_signature_signature_verification_succeeds() {
// sk: spsk1sheno8Jt8FoBEoamFoNBxUEpjEggNNpepTFc8cEoJBA9QjDJq
let tz2 =
PublicKey::from_b58check("sppk7cwkTzCPptCSxSTvGNg4uqVcuTbyWooLnJp4yxJNH5DReUGxYvs")
PublicKey::from_b58check("sppk7a2WEfU54QzcQZ2EMjihtcxLeRtNTVxHw4FW2e8W5kEJ8ZargSb")
.expect("public key decoding should work");
let sig = Signature::from_base58_check("sigrJ2jqanLupARzKGvzWgL1Lv6NGUqDovHKQg9MX4PtNtHXgcvG6131MRVzujJEXfvgbuRtfdGbXTFaYJJjuUVLNNZTf5q1").expect("signature decoding should work");
let msg = hex::decode("5538e2cc90c9b053a12e2d2f3a985aff1809eac59501db4d644e4bb381b06b4b")
.expect("payload decoding should work");
// todo use sig not spsig
let sig = Signature::from_base58_check("siggWynZ1jzFuv67FWSAvhX8948jgL5szpwT2fZAL5brmU9egqoXd3fDXCLQJ2EBcYVLBkev3HvkQ6xnFxSBjthdonajN8JX").expect("signature decoding should work");
let msg = b"hello, test";

let result = tz2.verify_signature(&sig, &msg).unwrap();
let result = tz2.verify_signature(&sig, msg).unwrap();
assert!(result);
}

Expand Down

0 comments on commit 901645c

Please sign in to comment.