Merge pull request #77 from trilitech/emturner@tz3-verif

crypto: tz3 should hash input
trilitech · Jun 27, 2024 · 9303b71 · 9303b71
2 parents 2727e23 + d0601f0
commit 9303b71
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 102 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -62,6 +62,7 @@ parameterized by the lifetime of the input byte slice.
 - Fix `BlsSignature` base58 check encoding/decoding.
 - Fix `SecretKeyEd25519` base58 check encoding/decoding.
 - Fix all zeros signature encoding: should be `Unknown` rather than defaulting to `Ed25519`.
+- Fix `tz3` signature verification: input should be hashed.
 
 ### Security
 

diff --git a/crypto/src/hash.rs b/crypto/src/hash.rs
@@ -698,8 +698,10 @@ impl PublicKeySignatureVerifier for PublicKeyP256 {
             elliptic_curve::consts::U32,
         };
 
+        let bytes = blake2b::digest_256(bytes);
+
         // By default p256 crate uses sha256 to get a 32-bit hash from input message.
-        // Here though, the input data is already a Tezos hash of proper size.
+        // Here though, the input data is hashed using blake2b -
         // So we need to use identity digest.
         #[derive(Default, Clone)]
         struct NoHash([u8; CRYPTO_KEY_SIZE]);
@@ -1140,17 +1142,15 @@ mod tests {
 
     #[test]
     fn test_p256_signature_verification() {
-        let pk = PublicKeyP256::from_base58_check(
-            "p2pk67Cwb5Ke6oSmqeUbJxURXMe3coVnH9tqPiB2xD84CYhHbBKs4oM",
-        )
-        .unwrap();
-        let sig = Signature::from_base58_check(
-            "sigNCaj9CnmD94eZH9C7aPPqBbVCJF72fYmCFAXqEbWfqE633WNFWYQJFnDUFgRUQXR8fQ5tKSfJeTe6UAi75eTzzQf7AEc1"
-        ).unwrap().try_into().unwrap();
-        let msg = hex::decode("5538e2cc90c9b053a12e2d2f3a985aff1809eac59501db4d644e4bb381b06b4b")
-            .unwrap();
-
-        let result = pk.verify_signature(&sig, &msg).unwrap();
+        // sk: p2sk2bixvFTFTuw9HtD4ucuDsktZTcwRJ5V3gDsQauwE2VTuh6hBiP
+        let tz3 =
+            PublicKeyP256::from_b58check("p2pk65p7HKSGvkMdeK5yckM2nmi59oGNw4ksqdcvwxxF3AV3hopkfGS")
+                .expect("decoding public key should work");
+        let sig = P256Signature::from_base58_check(
+            "p2sigefoF8vJvSshWmLL6NyX6QnQUyUhq76r3F3ST6mTNqeCFzosDQyaRanoZpm14eeakZhAJ3LdGHFE4z9cPv9yTWFqWM4j9A"
+        ).expect("signature decoding should work");
+        let msg = b"hello, message";
+        let result = tz3.verify_signature(&sig, msg).unwrap();
         assert!(result);
     }
 

diff --git a/crypto/src/public_key.rs b/crypto/src/public_key.rs
@@ -145,65 +145,65 @@ mod test {
         assert_eq!(tz3, &tz3_from_pk);
     }
 
-    // #[test]
-    // fn tz1_encoding() {
-    //     let tz1 = "edpkuDMUm7Y53wp4gxeLBXuiAhXZrLn8XB1R83ksvvesH8Lp8bmCfK";
+    #[test]
+    fn tz1_encoding() {
+        let tz1 = "edpkuDMUm7Y53wp4gxeLBXuiAhXZrLn8XB1R83ksvvesH8Lp8bmCfK";
 
-    //     let public_key = PublicKey::from_b58check(tz1).expect("expected valid tz1 hash");
+        let public_key = PublicKey::from_b58check(tz1).expect("expected valid tz1 hash");
 
-    //     let mut bin = Vec::new();
-    //     public_key
-    //         .bin_write(&mut bin)
-    //         .expect("serialization should work");
+        let mut bin = Vec::new();
+        public_key
+            .bin_write(&mut bin)
+            .expect("serialization should work");
 
-    //     let deserde_pk = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pk = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(0_u8, bin[0]);
-    //     assert_eq!(public_key, deserde_pk);
-    // }
+        // Check tag encoding
+        assert_eq!(0_u8, bin[0]);
+        assert_eq!(public_key, deserde_pk);
+    }
 
-    // #[test]
-    // fn tz2_encoding() {
-    //     let tz2 = "sppk7Zik17H7AxECMggqD1FyXUQdrGRFtz9X7aR8W2BhaJoWwSnPEGA";
+    #[test]
+    fn tz2_encoding() {
+        let tz2 = "sppk7Zik17H7AxECMggqD1FyXUQdrGRFtz9X7aR8W2BhaJoWwSnPEGA";
 
-    //     let public_key = PublicKey::from_b58check(tz2).expect("expected valid tz2 hash");
+        let public_key = PublicKey::from_b58check(tz2).expect("expected valid tz2 hash");
 
-    //     let mut bin = Vec::new();
-    //     public_key
-    //         .bin_write(&mut bin)
-    //         .expect("serialization should work");
+        let mut bin = Vec::new();
+        public_key
+            .bin_write(&mut bin)
+            .expect("serialization should work");
 
-    //     let deserde_pk = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pk = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(1_u8, bin[0]);
-    //     assert_eq!(public_key, deserde_pk);
-    // }
+        // Check tag encoding
+        assert_eq!(1_u8, bin[0]);
+        assert_eq!(public_key, deserde_pk);
+    }
 
-    // #[test]
-    // fn tz3_encoding() {
-    //     let tz3 = "p2pk67VpBjWwoPULwXCpayec6rFxaAKv8VjJ8cVMHmLDCYARu31zx5Z";
+    #[test]
+    fn tz3_encoding() {
+        let tz3 = "p2pk67VpBjWwoPULwXCpayec6rFxaAKv8VjJ8cVMHmLDCYARu31zx5Z";
 
-    //     let public_key = PublicKey::from_b58check(tz3).expect("expected valid tz3 hash");
+        let public_key = PublicKey::from_b58check(tz3).expect("expected valid tz3 hash");
 
-    //     let mut bin = Vec::new();
-    //     public_key
-    //         .bin_write(&mut bin)
-    //         .expect("serialization should work");
+        let mut bin = Vec::new();
+        public_key
+            .bin_write(&mut bin)
+            .expect("serialization should work");
 
-    //     let deserde_pk = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pk = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(2_u8, bin[0]);
-    //     assert_eq!(public_key, deserde_pk);
-    // }
+        // Check tag encoding
+        assert_eq!(2_u8, bin[0]);
+        assert_eq!(public_key, deserde_pk);
+    }
 
     #[test]
     fn tz1_signature_signature_verification_succeeds() {
@@ -265,16 +265,15 @@ mod test {
 
     #[test]
     fn tz3_signature_signature_verification_succeeds() {
+        // sk: p2sk2bixvFTFTuw9HtD4ucuDsktZTcwRJ5V3gDsQauwE2VTuh6hBiP
         let tz3 =
-            PublicKey::from_b58check("p2pk67Cwb5Ke6oSmqeUbJxURXMe3coVnH9tqPiB2xD84CYhHbBKs4oM")
+            PublicKey::from_b58check("p2pk65p7HKSGvkMdeK5yckM2nmi59oGNw4ksqdcvwxxF3AV3hopkfGS")
                 .expect("decoding public key should work");
         let sig = Signature::from_base58_check(
-            "sigNCaj9CnmD94eZH9C7aPPqBbVCJF72fYmCFAXqEbWfqE633WNFWYQJFnDUFgRUQXR8fQ5tKSfJeTe6UAi75eTzzQf7AEc1"
+            "sigfMaQ3pkpywf3q5ZqfNzJuKd6apUa1gRpoGb4hK25dBuiTY5u2vVCJcPGdpUqDT1RwfeGy6gvnHuhbTgfKhn2EZVYMatnN"
         ).expect("signature decoding should work");
-        let msg = hex::decode("5538e2cc90c9b053a12e2d2f3a985aff1809eac59501db4d644e4bb381b06b4b")
-            .expect("payload decoding should work");
-
-        let result = tz3.verify_signature(&sig, &msg).unwrap();
+        let msg = b"hello, message";
+        let result = tz3.verify_signature(&sig, msg).unwrap();
         assert!(result);
     }
 

diff --git a/crypto/src/public_key_hash.rs b/crypto/src/public_key_hash.rs
@@ -122,57 +122,57 @@ mod test {
         assert_eq!(tz3, &tz3_from_pkh);
     }
 
-    // #[test]
-    // fn tz1_encoding() {
-    //     let tz1 = "tz1KqTpEZ7Yob7QbPE4Hy4Wo8fHG8LhKxZSx";
+    #[test]
+    fn tz1_encoding() {
+        let tz1 = "tz1KqTpEZ7Yob7QbPE4Hy4Wo8fHG8LhKxZSx";
 
-    //     let pkh = PublicKeyHash::from_b58check(tz1).expect("expected valid tz1 hash");
+        let pkh = PublicKeyHash::from_b58check(tz1).expect("expected valid tz1 hash");
 
-    //     let mut bin = Vec::new();
-    //     pkh.bin_write(&mut bin).expect("serialization should work");
+        let mut bin = Vec::new();
+        pkh.bin_write(&mut bin).expect("serialization should work");
 
-    //     let deserde_pkh = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pkh = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(0_u8, bin[0]);
-    //     assert_eq!(pkh, deserde_pkh);
-    // }
+        // Check tag encoding
+        assert_eq!(0_u8, bin[0]);
+        assert_eq!(pkh, deserde_pkh);
+    }
 
-    // #[test]
-    // fn tz2_encoding() {
-    //     let tz2 = "tz2KZPgf2rshxNUBXFcTaCemik1LH1v9qz3F";
+    #[test]
+    fn tz2_encoding() {
+        let tz2 = "tz2KZPgf2rshxNUBXFcTaCemik1LH1v9qz3F";
 
-    //     let pkh = PublicKeyHash::from_b58check(tz2).expect("expected valid tz2 hash");
+        let pkh = PublicKeyHash::from_b58check(tz2).expect("expected valid tz2 hash");
 
-    //     let mut bin = Vec::new();
-    //     pkh.bin_write(&mut bin).expect("serialization should work");
+        let mut bin = Vec::new();
+        pkh.bin_write(&mut bin).expect("serialization should work");
 
-    //     let deserde_pkh = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pkh = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(1_u8, bin[0]);
-    //     assert_eq!(pkh, deserde_pkh);
-    // }
+        // Check tag encoding
+        assert_eq!(1_u8, bin[0]);
+        assert_eq!(pkh, deserde_pkh);
+    }
 
-    // #[test]
-    // fn tz3_encoding() {
-    //     let tz3 = "tz3fTJbAxj1LQCEKDKmYLWKP6e5vNC9vwvyo";
+    #[test]
+    fn tz3_encoding() {
+        let tz3 = "tz3fTJbAxj1LQCEKDKmYLWKP6e5vNC9vwvyo";
 
-    //     let pkh = PublicKeyHash::from_b58check(tz3).expect("expected valid tz3 hash");
+        let pkh = PublicKeyHash::from_b58check(tz3).expect("expected valid tz3 hash");
 
-    //     let mut bin = Vec::new();
-    //     pkh.bin_write(&mut bin).expect("serialization should work");
+        let mut bin = Vec::new();
+        pkh.bin_write(&mut bin).expect("serialization should work");
 
-    //     let deserde_pkh = NomReader::nom_read(bin.as_slice())
-    //         .expect("deserialization should work")
-    //         .1;
+        let deserde_pkh = NomReader::nom_read(bin.as_slice())
+            .expect("deserialization should work")
+            .1;
 
-    //     // Check tag encoding
-    //     assert_eq!(2_u8, bin[0]);
-    //     assert_eq!(pkh, deserde_pkh);
-    // }
+        // Check tag encoding
+        assert_eq!(2_u8, bin[0]);
+        assert_eq!(pkh, deserde_pkh);
+    }
 }