From c64a247f69c6145ec2963699dd4a60ae127d77ce Mon Sep 17 00:00:00 2001 From: Emma Turner Date: Tue, 19 Dec 2023 08:46:31 +0000 Subject: [PATCH] crypto: remove legacy base58 encoding for SecretKeyEd25519 --- CHANGELOG.md | 3 ++- crypto/src/hash.rs | 22 +++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46d04b3471..78b796c8ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,7 @@ parameterized by the lifetime of the input byte slice. ### Removed -- Nothing. +- Removed legacy `SecretKeyEd25519` encoding. ### Fixed @@ -29,6 +29,7 @@ parameterized by the lifetime of the input byte slice. - Add explicit prefix check during base58check decoding. - Hash input before signing with `SecretKeyEd25519`, to match octez impl. - Fix `BlsSignature` base58 check encoding/decoding. +- Fix `SecretKeyEd25519` base58 check encoding/decoding. ### Security diff --git a/crypto/src/hash.rs b/crypto/src/hash.rs index 3478e077cd..87132c958f 100644 --- a/crypto/src/hash.rs +++ b/crypto/src/hash.rs @@ -37,7 +37,9 @@ mod prefix_bytes { pub const PUBLIC_KEY_P256: [u8; 4] = [3, 178, 139, 127]; pub const PUBLIC_KEY_BLS: [u8; 4] = [6, 149, 135, 204]; pub const SEED_ED25519: [u8; 4] = [13, 15, 58, 7]; - pub const SECRET_KEY_ED25519: [u8; 4] = [43, 246, 78, 7]; + // SecretKeyEd25519 uses identical b58 encoding as SeedEd25519 in + // non-legacy format. + pub const SECRET_KEY_ED25519: [u8; 4] = SEED_ED25519; pub const SECRET_KEY_BLS: [u8; 4] = [3, 150, 192, 40]; pub const GENERIC_SIGNATURE_HASH: [u8; 3] = [4, 130, 43]; pub const ED22519_SIGNATURE_HASH: [u8; 5] = [9, 245, 205, 134, 18]; @@ -362,7 +364,7 @@ pub enum HashType { PublicKeyBls, // "\013\015\058\007" (* edsk(54) *) SeedEd25519, - // "\043\246\078\007" (* edsk(98) *) + // "\013\015\058\007" (* edsk(54) *) SecretKeyEd25519, // "\003\150\192\040" (* BLsk(54) *) SecretKeyBls, @@ -447,10 +449,9 @@ impl HashType { | HashType::ContractTz4Hash | HashType::SmartRollupHash => 20, HashType::PublicKeySecp256k1 | HashType::PublicKeyP256 => 33, - HashType::SeedEd25519 | HashType::SecretKeyBls => 32, + HashType::SecretKeyEd25519 | HashType::SeedEd25519 | HashType::SecretKeyBls => 32, HashType::PublicKeyBls => 48, - HashType::SecretKeyEd25519 - | HashType::Ed25519Signature + HashType::Ed25519Signature | HashType::Secp256k1Signature | HashType::P256Signature | HashType::Signature => 64, @@ -1178,6 +1179,8 @@ mod tests { fn $name() { for str in $h { let h = $ty::from_base58_check(str).expect("Invalid hash"); + assert_eq!(str, h.to_base58_check()); + let json = serde_json::to_string(&h).expect("Cannot convert to json"); assert_eq!(json, format!(r#""{}""#, h)); let h1 = serde_json::from_str(&json).expect("Cannot convert from json"); @@ -1259,6 +1262,15 @@ mod tests { ["edsk31vznjHSSpGExDMHYASz45VZqXN4DPxvsa4hAyY8dHM28cZzp6"] ); + test!( + sk_ed25519, + SecretKeyEd25519, + [ + "edsk31vznjHSSpGExDMHYASz45VZqXN4DPxvsa4hAyY8dHM28cZzp6", + "edsk3gUfUPyBSfrS9CCgmCiQsTCHGkviBDusMxDJstFtojtc1zcpsh" + ] + ); + test!(pk_hash, CryptoboxPublicKeyHash, []); test!(pk_ed25519, PublicKeyEd25519, []);