Skip to content

Commit 50391fb

Browse files
elichaielichai
committed
Make schnorr sign/verify accept a message slice
1 parent 30dda2c commit 50391fb

File tree

2 files changed

+217
-21
lines changed

2 files changed

+217
-21
lines changed

src/key.rs

+3-3
Original file line numberDiff line numberDiff line change
@@ -958,8 +958,8 @@ impl Keypair {
958958
/// Constructs an schnorr signature for `msg` using the global [`SECP256K1`] context.
959959
#[inline]
960960
#[cfg(all(feature = "global-context", feature = "rand-std"))]
961-
pub fn sign_schnorr(&self, msg: Message) -> schnorr::Signature {
962-
SECP256K1.sign_schnorr(&msg, self)
961+
pub fn sign_schnorr(&self, msg: &[u8]) -> schnorr::Signature {
962+
SECP256K1.sign_schnorr(msg, self)
963963
}
964964

965965
/// Attempts to erase the secret within the underlying array.
@@ -1316,7 +1316,7 @@ impl XOnlyPublicKey {
13161316
pub fn verify<C: Verification>(
13171317
&self,
13181318
secp: &Secp256k1<C>,
1319-
msg: &Message,
1319+
msg: &[u8],
13201320
sig: &schnorr::Signature,
13211321
) -> Result<(), Error> {
13221322
secp.verify_schnorr(sig, msg, self)

src/schnorr.rs

+214-18
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,13 @@ use core::{fmt, ptr, str};
77

88
#[cfg(feature = "rand")]
99
use rand::{CryptoRng, Rng};
10+
use secp256k1_sys::SchnorrSigExtraParams;
1011

1112
use crate::ffi::{self, CPtr};
1213
use crate::key::{Keypair, XOnlyPublicKey};
1314
#[cfg(feature = "global-context")]
1415
use crate::SECP256K1;
15-
use crate::{constants, from_hex, Error, Message, Secp256k1, Signing, Verification};
16+
use crate::{constants, from_hex, Error, Secp256k1, Signing, Verification};
1617

1718
/// Represents a schnorr signature.
1819
#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
@@ -93,28 +94,30 @@ impl Signature {
9394
/// Verifies a schnorr signature for `msg` using `pk` and the global [`SECP256K1`] context.
9495
#[inline]
9596
#[cfg(feature = "global-context")]
96-
pub fn verify(&self, msg: &Message, pk: &XOnlyPublicKey) -> Result<(), Error> {
97+
pub fn verify(&self, msg: &[u8], pk: &XOnlyPublicKey) -> Result<(), Error> {
9798
SECP256K1.verify_schnorr(self, msg, pk)
9899
}
99100
}
100101

101102
impl<C: Signing> Secp256k1<C> {
102103
fn sign_schnorr_helper(
103104
&self,
104-
msg: &Message,
105+
msg: &[u8],
105106
keypair: &Keypair,
106107
nonce_data: *const ffi::types::c_uchar,
107108
) -> Signature {
108109
unsafe {
109110
let mut sig = [0u8; constants::SCHNORR_SIGNATURE_SIZE];
111+
let extra = SchnorrSigExtraParams::new(None, nonce_data.cast());
110112
assert_eq!(
111113
1,
112-
ffi::secp256k1_schnorrsig_sign(
114+
ffi::secp256k1_schnorrsig_sign_custom(
113115
self.ctx.as_ptr(),
114116
sig.as_mut_c_ptr(),
115117
msg.as_c_ptr(),
118+
msg.len(),
116119
keypair.as_c_ptr(),
117-
nonce_data,
120+
&extra,
118121
)
119122
);
120123

@@ -125,19 +128,19 @@ impl<C: Signing> Secp256k1<C> {
125128
/// Creates a schnorr signature internally using the [`rand::rngs::ThreadRng`] random number
126129
/// generator to generate the auxiliary random data.
127130
#[cfg(feature = "rand-std")]
128-
pub fn sign_schnorr(&self, msg: &Message, keypair: &Keypair) -> Signature {
131+
pub fn sign_schnorr(&self, msg: &[u8], keypair: &Keypair) -> Signature {
129132
self.sign_schnorr_with_rng(msg, keypair, &mut rand::thread_rng())
130133
}
131134

132135
/// Creates a schnorr signature without using any auxiliary random data.
133-
pub fn sign_schnorr_no_aux_rand(&self, msg: &Message, keypair: &Keypair) -> Signature {
136+
pub fn sign_schnorr_no_aux_rand(&self, msg: &[u8], keypair: &Keypair) -> Signature {
134137
self.sign_schnorr_helper(msg, keypair, ptr::null())
135138
}
136139

137140
/// Creates a schnorr signature using the given auxiliary random data.
138141
pub fn sign_schnorr_with_aux_rand(
139142
&self,
140-
msg: &Message,
143+
msg: &[u8],
141144
keypair: &Keypair,
142145
aux_rand: &[u8; 32],
143146
) -> Signature {
@@ -149,7 +152,7 @@ impl<C: Signing> Secp256k1<C> {
149152
#[cfg(feature = "rand")]
150153
pub fn sign_schnorr_with_rng<R: Rng + CryptoRng>(
151154
&self,
152-
msg: &Message,
155+
msg: &[u8],
153156
keypair: &Keypair,
154157
rng: &mut R,
155158
) -> Signature {
@@ -164,15 +167,15 @@ impl<C: Verification> Secp256k1<C> {
164167
pub fn verify_schnorr(
165168
&self,
166169
sig: &Signature,
167-
msg: &Message,
170+
msg: &[u8],
168171
pubkey: &XOnlyPublicKey,
169172
) -> Result<(), Error> {
170173
unsafe {
171174
let ret = ffi::secp256k1_schnorrsig_verify(
172175
self.ctx.as_ptr(),
173176
sig.as_c_ptr(),
174177
msg.as_c_ptr(),
175-
32,
178+
msg.len(),
176179
pubkey.as_c_ptr(),
177180
);
178181

@@ -236,7 +239,7 @@ mod tests {
236239

237240
#[cfg(feature = "rand-std")]
238241
fn sign_helper(
239-
sign: fn(&Secp256k1<crate::All>, &Message, &Keypair, &mut ThreadRng) -> Signature,
242+
sign: fn(&Secp256k1<crate::All>, &[u8], &Keypair, &mut ThreadRng) -> Signature,
240243
) {
241244
let secp = Secp256k1::new();
242245

@@ -246,7 +249,6 @@ mod tests {
246249

247250
for _ in 0..100 {
248251
let msg = crate::random_32_bytes(&mut rand::thread_rng());
249-
let msg = Message::from_digest_slice(&msg).unwrap();
250252

251253
let sig = sign(&secp, &msg, &kp, &mut rng);
252254

@@ -260,8 +262,7 @@ mod tests {
260262
fn schnorr_sign() {
261263
let secp = Secp256k1::new();
262264

263-
let hex_msg = hex_32!("E48441762FB75010B2AA31A512B62B4148AA3FB08EB0765D76B252559064A614");
264-
let msg = Message::from_digest_slice(&hex_msg).unwrap();
265+
let msg = hex_32!("E48441762FB75010B2AA31A512B62B4148AA3FB08EB0765D76B252559064A614");
265266
let sk = Keypair::from_seckey_str(
266267
&secp,
267268
"688C77BC2D5AAFF5491CF309D4753B732135470D05B7B2CD21ADD0744FE97BEF",
@@ -282,8 +283,7 @@ mod tests {
282283
fn schnorr_verify() {
283284
let secp = Secp256k1::new();
284285

285-
let hex_msg = hex_32!("E48441762FB75010B2AA31A512B62B4148AA3FB08EB0765D76B252559064A614");
286-
let msg = Message::from_digest_slice(&hex_msg).unwrap();
286+
let msg = hex_32!("E48441762FB75010B2AA31A512B62B4148AA3FB08EB0765D76B252559064A614");
287287
let sig = Signature::from_str("6470FD1303DDA4FDA717B9837153C24A6EAB377183FC438F939E0ED2B620E9EE5077C4A8B8DCA28963D772A94F5F0DDF598E1C47C137F91933274C7C3EDADCE8").unwrap();
288288
let pubkey = XOnlyPublicKey::from_str(
289289
"B33CC9EDC096D0A83416964BD3C6247B8FECD256E4EFA7870D2C854BDEB33390",
@@ -293,6 +293,7 @@ mod tests {
293293
assert!(secp.verify_schnorr(&sig, &msg, &pubkey).is_ok());
294294
}
295295

296+
296297
#[test]
297298
fn test_serialize() {
298299
let sig = Signature::from_str("6470FD1303DDA4FDA717B9837153C24A6EAB377183FC438F939E0ED2B620E9EE5077C4A8B8DCA28963D772A94F5F0DDF598E1C47C137F91933274C7C3EDADCE8").unwrap();
@@ -462,7 +463,7 @@ mod tests {
462463

463464
let s = Secp256k1::new();
464465

465-
let msg = Message::from_digest_slice(&[1; 32]).unwrap();
466+
let msg = [1; 32];
466467
let keypair = Keypair::from_seckey_slice(&s, &[2; 32]).unwrap();
467468
let aux = [3u8; 32];
468469
let sig = s.sign_schnorr_with_aux_rand(&msg, &keypair, &aux);
@@ -506,4 +507,199 @@ mod tests {
506507
assert_tokens(&pk.readable(), &[Token::Str(PK_STR)]);
507508
assert_tokens(&pk.readable(), &[Token::String(PK_STR)]);
508509
}
510+
511+
512+
513+
#[test]
514+
#[cfg(feature = "alloc")]
515+
#[cfg(not(secp256k1_fuzz))] // fixed sig vectors can't work with fuzz-sigs
516+
fn bip340_test_vectors() {
517+
struct TestVector {
518+
secret_key: Option<[u8; 32]>,
519+
public_key: [u8; 32],
520+
aux_rand: Option<[u8; 32]>,
521+
message: Vec<u8>,
522+
signature: [u8; 64],
523+
should_fail_verify: bool,
524+
}
525+
fn hex_arr<T: From<[u8; N]>, const N: usize>(s: &str) -> T {
526+
let mut out = [0; N];
527+
from_hex(s, &mut out).unwrap();
528+
out.into()
529+
}
530+
let hex_vec = |s: &str| {
531+
let mut v = vec![0u8; s.len() / 2];
532+
from_hex(s, v.as_mut_slice()).unwrap();
533+
v
534+
};
535+
536+
let vectors = [
537+
TestVector {
538+
secret_key: hex_arr("0000000000000000000000000000000000000000000000000000000000000003"),
539+
public_key: hex_arr("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"),
540+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000000"),
541+
message: hex_vec("0000000000000000000000000000000000000000000000000000000000000000"),
542+
signature: hex_arr("E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"),
543+
should_fail_verify: false,
544+
},
545+
TestVector {
546+
secret_key: hex_arr("B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF"),
547+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
548+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000001"),
549+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
550+
signature: hex_arr("6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"),
551+
should_fail_verify: false,
552+
},
553+
TestVector {
554+
secret_key: hex_arr("C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9"),
555+
public_key: hex_arr("DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8"),
556+
aux_rand: hex_arr("C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906"),
557+
message: hex_vec("7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C"),
558+
signature: hex_arr("5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"),
559+
should_fail_verify: false,
560+
},
561+
TestVector {
562+
secret_key: hex_arr("0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710"),
563+
public_key: hex_arr("25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517"),
564+
aux_rand: hex_arr("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"),
565+
message: hex_vec("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"),
566+
signature: hex_arr("7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"),
567+
should_fail_verify: false,
568+
},
569+
TestVector {
570+
secret_key: None,
571+
public_key: hex_arr("D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9"),
572+
aux_rand: None,
573+
message: hex_vec("4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703"),
574+
signature: hex_arr("00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4"),
575+
should_fail_verify: false,
576+
},
577+
TestVector {
578+
secret_key: None,
579+
public_key: hex_arr("EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"),
580+
aux_rand: None,
581+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
582+
signature: hex_arr("6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"),
583+
should_fail_verify: true,
584+
},
585+
TestVector {
586+
secret_key: None,
587+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
588+
aux_rand: None,
589+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
590+
signature: hex_arr("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2"),
591+
should_fail_verify: true,
592+
},
593+
TestVector {
594+
secret_key: None,
595+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
596+
aux_rand: None,
597+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
598+
signature: hex_arr("1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD"),
599+
should_fail_verify: true,
600+
},
601+
TestVector {
602+
secret_key: None,
603+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
604+
aux_rand: None,
605+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
606+
signature: hex_arr("6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6"),
607+
should_fail_verify: true,
608+
},
609+
TestVector {
610+
secret_key: None,
611+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
612+
aux_rand: None,
613+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
614+
signature: hex_arr("0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051"),
615+
should_fail_verify: true,
616+
},
617+
TestVector {
618+
secret_key: None,
619+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
620+
aux_rand: None,
621+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
622+
signature: hex_arr("00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197"),
623+
should_fail_verify: true,
624+
},
625+
TestVector {
626+
secret_key: None,
627+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
628+
aux_rand: None,
629+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
630+
signature: hex_arr("4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"),
631+
should_fail_verify: true,
632+
},
633+
TestVector {
634+
secret_key: None,
635+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
636+
aux_rand: None,
637+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
638+
signature: hex_arr("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"),
639+
should_fail_verify: true,
640+
},
641+
TestVector {
642+
secret_key: None,
643+
public_key: hex_arr("DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659"),
644+
aux_rand: None,
645+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
646+
signature: hex_arr("6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"),
647+
should_fail_verify: true,
648+
},
649+
TestVector {
650+
secret_key: None,
651+
public_key: hex_arr("778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117"),
652+
aux_rand: None,
653+
message: hex_vec("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89"),
654+
signature: hex_arr("6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"),
655+
should_fail_verify: true,
656+
},
657+
TestVector {
658+
secret_key: hex_arr("0340034003400340034003400340034003400340034003400340034003400340"),
659+
public_key: hex_arr("778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117"),
660+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000000"),
661+
message: hex_vec(""),
662+
signature: hex_arr("71535DB165ECD9FBBC046E5FFAEA61186BB6AD436732FCCC25291A55895464CF6069CE26BF03466228F19A3A62DB8A649F2D560FAC652827D1AF0574E427AB63"),
663+
should_fail_verify: false,
664+
},
665+
TestVector {
666+
secret_key: hex_arr("0340034003400340034003400340034003400340034003400340034003400340"),
667+
public_key: hex_arr("778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117"),
668+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000000"),
669+
message: hex_vec("11"),
670+
signature: hex_arr("08A20A0AFEF64124649232E0693C583AB1B9934AE63B4C3511F3AE1134C6A303EA3173BFEA6683BD101FA5AA5DBC1996FE7CACFC5A577D33EC14564CEC2BACBF"),
671+
should_fail_verify: false,
672+
},
673+
TestVector {
674+
secret_key: hex_arr("0340034003400340034003400340034003400340034003400340034003400340"),
675+
public_key: hex_arr("778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117"),
676+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000000"),
677+
message: hex_vec("0102030405060708090A0B0C0D0E0F1011"),
678+
signature: hex_arr("5130F39A4059B43BC7CAC09A19ECE52B5D8699D1A71E3C52DA9AFDB6B50AC370C4A482B77BF960F8681540E25B6771ECE1E5A37FD80E5A51897C5566A97EA5A5"),
679+
should_fail_verify: false,
680+
},
681+
TestVector {
682+
secret_key: hex_arr("0340034003400340034003400340034003400340034003400340034003400340"),
683+
public_key: hex_arr("778CAA53B4393AC467774D09497A87224BF9FAB6F6E68B23086497324D6FD117"),
684+
aux_rand: hex_arr("0000000000000000000000000000000000000000000000000000000000000000"),
685+
message: hex_vec("99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999"),
686+
signature: hex_arr("403B12B0D8555A344175EA7EC746566303321E5DBFA8BE6F091635163ECA79A8585ED3E3170807E7C03B720FC54C7B23897FCBA0E9D0B4A06894CFD249F22367"),
687+
should_fail_verify: false,
688+
},
689+
];
690+
let secp = Secp256k1::new();
691+
692+
693+
for TestVector { secret_key, public_key, aux_rand, message, signature, should_fail_verify } in vectors {
694+
if let (Some(secret_key), Some(aux_rand)) = (secret_key, aux_rand) {
695+
let keypair = Keypair::from_seckey_slice(&secp, &secret_key).unwrap();
696+
assert_eq!(keypair.x_only_public_key().0.serialize(), public_key);
697+
let sig = secp.sign_schnorr_with_aux_rand(&message, &keypair, &aux_rand);
698+
assert_eq!(sig.serialize(), signature);
699+
}
700+
let sig = Signature::from_slice(&signature).unwrap();
701+
let is_verified = XOnlyPublicKey::from_slice(&public_key).is_ok_and(|pubkey |secp.verify_schnorr(&sig, &message, &pubkey).is_ok());
702+
assert_eq!(is_verified, !should_fail_verify);
703+
}
704+
}
509705
}

0 commit comments

Comments
 (0)