[WIP] Use ed25519::Signature as the signature type; MSRV 1.60

tarcieri · tarcieri · commit 81837a1a88df · 2023-01-20T17:09:37.000-07:00
This allows using `ed25519-consensus` in conjunction with the
`signature::{Signer, Verifier}` traits.

These traits are generic around a signature type parameter which is used
to identify a particular signature algorithm, which in this case is
`ed25519::Signature`. This type has been used to replace the signature
type originally defined in this crate, which is necessary to make
`Signer`/`Verifier` work.

Uses namespaced features to activate both `dep:serde` and
`ed25519/serde`, which requires an MSRV of 1.60.
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,6 +19,7 @@ curve25519-dalek = { package = "curve25519-dalek-ng", version = "4.1", default-f
 serde = { version = "1", optional = true, features = ["derive"] }
 zeroize = { version = "1.1", default-features = false }
 thiserror = { version = "1", optional = true }
+ed25519 = { version = "2", default-features = false }
 
 [dev-dependencies]
 rand = "0.8"
@@ -31,6 +32,7 @@ once_cell = "1.4"
 [features]
 std = ["thiserror"]
 default = ["serde", "std"]
+serde = ["dep:serde", "ed25519/serde"]
 
 [[test]]
 name = "rfc8032"
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ Do you know what your validation criteria are?*][blog]
 ## Example
 
 ```
-use std::convert::TryFrom;
+use std::convert::{TryFrom, TryInto};
 use rand::thread_rng;
 use ed25519_consensus::*;
 
@@ -68,9 +68,10 @@ let (vk_bytes, sig_bytes) = {
 };
 
 // Verify the signature
+
 assert!(
     VerificationKey::try_from(vk_bytes)
-        .and_then(|vk| vk.verify(&sig_bytes.into(), msg))
+        .and_then(|vk| vk.verify(&sig_bytes.try_into().unwrap(), msg))
         .is_ok()
 );
 ```
@@ -79,4 +80,4 @@ assert!(
 [RFC8032]: https://tools.ietf.org/html/rfc8032
 [zebra]: https://github.com/ZcashFoundation/zebra
 [ZIP215]: https://github.com/zcash/zips/blob/master/zip-0215.rst
-[blog]: https://hdevalence.ca/blog/2020-10-04-its-25519am
+[blog]: https://hdevalence.ca/blog/2020-10-04-its-25519am
diff --git a/src/batch.rs b/src/batch.rs
@@ -85,7 +85,7 @@ impl<'msg, M: AsRef<[u8]> + ?Sized> From<(VerificationKeyBytes, Signature, &'msg
         // Compute k now to avoid dependency on the msg lifetime.
         let k = Scalar::from_hash(
             Sha512::default()
-                .chain(&sig.R_bytes[..])
+                .chain(sig.r_bytes())
                 .chain(&vk_bytes.0[..])
                 .chain(msg),
         );
@@ -187,10 +187,11 @@ impl Verifier {
             let mut A_coeff = Scalar::zero();
 
             for (k, sig) in sigs.iter() {
-                let R = CompressedEdwardsY(sig.R_bytes)
+                let R = CompressedEdwardsY(*sig.r_bytes())
                     .decompress()
                     .ok_or(Error::InvalidSignature)?;
-                let s = Scalar::from_canonical_bytes(sig.s_bytes).ok_or(Error::InvalidSignature)?;
+                let s =
+                    Scalar::from_canonical_bytes(*sig.s_bytes()).ok_or(Error::InvalidSignature)?;
                 let z = Scalar::from(gen_u128(&mut rng));
                 B_coeff -= z * s;
                 Rs.push(R);
diff --git a/src/lib.rs b/src/lib.rs
@@ -6,11 +6,10 @@
 #[cfg(feature = "std")]
 pub mod batch;
 mod error;
-mod signature;
 mod signing_key;
 mod verification_key;
 
+pub use ed25519::{signature, Signature};
 pub use error::Error;
-pub use signature::Signature;
 pub use signing_key::SigningKey;
 pub use verification_key::{VerificationKey, VerificationKeyBytes};
diff --git a/src/signature.rs b/src/signature.rs
diff --git a/src/signing_key.rs b/src/signing_key.rs
@@ -1,6 +1,7 @@
 use core::convert::TryFrom;
 
 use curve25519_dalek::{constants, scalar::Scalar};
+use ed25519::signature::{self, Signer};
 use rand_core::{CryptoRng, RngCore};
 use sha2::{Digest, Sha512};
 
@@ -156,8 +157,14 @@ impl SigningKey {
     }
 
     /// Create a signature on `msg` using this key.
-    #[allow(non_snake_case)]
     pub fn sign(&self, msg: &[u8]) -> Signature {
+        Signer::<Signature>::sign(self, msg)
+    }
+}
+
+impl Signer<Signature> for SigningKey {
+    #[allow(non_snake_case)]
+    fn try_sign(&self, msg: &[u8]) -> signature::Result<Signature> {
         let r = Scalar::from_hash(Sha512::default().chain(&self.prefix[..]).chain(msg));
 
         let R_bytes = (&r * &constants::ED25519_BASEPOINT_TABLE)
@@ -173,6 +180,6 @@ impl SigningKey {
 
         let s_bytes = (r + k * self.s).to_bytes();
 
-        Signature { R_bytes, s_bytes }
+        Signature::from_components(R_bytes, s_bytes)
     }
 }
diff --git a/src/verification_key.rs b/src/verification_key.rs
@@ -5,6 +5,7 @@ use curve25519_dalek::{
     scalar::Scalar,
     traits::IsIdentity,
 };
+use ed25519::signature::{self, Verifier};
 use sha2::{Digest, Sha512};
 
 use crate::{Error, Signature};
@@ -207,7 +208,7 @@ impl VerificationKey {
     pub fn verify(&self, signature: &Signature, msg: &[u8]) -> Result<(), Error> {
         let k = Scalar::from_hash(
             Sha512::default()
-                .chain(&signature.R_bytes[..])
+                .chain(signature.r_bytes())
                 .chain(&self.A_bytes.0[..])
                 .chain(msg),
         );
@@ -219,9 +220,10 @@ impl VerificationKey {
     #[allow(non_snake_case)]
     pub(crate) fn verify_prehashed(&self, signature: &Signature, k: Scalar) -> Result<(), Error> {
         // `s_bytes` MUST represent an integer less than the prime `l`.
-        let s = Scalar::from_canonical_bytes(signature.s_bytes).ok_or(Error::InvalidSignature)?;
+        let s =
+            Scalar::from_canonical_bytes(*signature.s_bytes()).ok_or(Error::InvalidSignature)?;
         // `R_bytes` MUST be an encoding of a point on the twisted Edwards form of Curve25519.
-        let R = CompressedEdwardsY(signature.R_bytes)
+        let R = CompressedEdwardsY(*signature.r_bytes())
             .decompress()
             .ok_or(Error::InvalidSignature)?;
         // We checked the encoding of A_bytes when constructing `self`.
@@ -239,3 +241,9 @@ impl VerificationKey {
         }
     }
 }
+
+impl Verifier<Signature> for VerificationKey {
+    fn verify(&self, msg: &[u8], signature: &Signature) -> signature::Result<()> {
+        self.verify(signature, msg).map_err(|_| signature::Error::new())
+    }
+}
diff --git a/tests/small_order.rs b/tests/small_order.rs
@@ -91,7 +91,7 @@ fn individual_matches_batch_verification() -> Result<(), Report> {
     use std::convert::TryFrom;
     for case in SMALL_ORDER_SIGS.iter() {
         let msg = b"Zcash";
-        let sig = Signature::from(case.sig_bytes);
+        let sig = Signature::try_from(case.sig_bytes).unwrap();
         let vkb = VerificationKeyBytes::from(case.vk_bytes);
         let individual_verification =
             VerificationKey::try_from(vkb).and_then(|vk| vk.verify(&sig, msg));
diff --git a/tests/util/mod.rs b/tests/util/mod.rs
@@ -57,7 +57,7 @@ impl TestCase {
 
     fn check_zip215(&self) -> Result<(), Report> {
         use ed25519_consensus::{Signature, VerificationKey};
-        let sig = Signature::from(self.sig_bytes);
+        let sig = Signature::try_from(&self.sig_bytes).unwrap();
         VerificationKey::try_from(self.vk_bytes).and_then(|vk| vk.verify(&sig, b"Zcash"))?;
         Ok(())
     }

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ impl TestCase {`
`57`	`57`
`58`	`58`	`fn check_zip215(&self) -> Result<(), Report> {`
`59`	`59`	`use ed25519_consensus::{Signature, VerificationKey};`
`60`		`- let sig = Signature::from(self.sig_bytes);`
	`60`	`+ let sig = Signature::try_from(&self.sig_bytes).unwrap();`
`61`	`61`	`VerificationKey::try_from(self.vk_bytes).and_then(\|vk\| vk.verify(&sig, b"Zcash"))?;`
`62`	`62`	`Ok(())`
`63`	`63`	`}`