From 03119da993d201197befe719742c40e160febedf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Tue, 27 Jun 2023 09:15:06 +0200 Subject: [PATCH] Make the to_bytes/from_bytes round trip of ExpandedSecretKey idempotent --- ed25519-dalek/src/hazmat.rs | 45 ++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/ed25519-dalek/src/hazmat.rs b/ed25519-dalek/src/hazmat.rs index 4414a84eb..54654899f 100644 --- a/ed25519-dalek/src/hazmat.rs +++ b/ed25519-dalek/src/hazmat.rs @@ -63,7 +63,7 @@ impl ExpandedSecretKey { pub fn to_bytes(&self) -> [u8; 64] { let mut bytes: [u8; 64] = [0u8; 64]; - bytes[..32].copy_from_slice(self.scalar.as_bytes()); + bytes[..32].copy_from_slice(&self.scalar_bytes); bytes[32..].copy_from_slice(&self.hash_prefix[..]); bytes } @@ -221,6 +221,7 @@ mod test { use super::*; use rand::{rngs::OsRng, CryptoRng, RngCore}; + use sha2::Sha512; // Pick distinct, non-spec 512-bit hash functions for message and sig-context hashing type CtxDigest = blake2::Blake2b512; @@ -251,6 +252,48 @@ mod test { raw_verify::(&vk, msg, &sig).unwrap(); } + #[test] + fn sign_verify_to_bytes_roundtrip() { + let mut rng = OsRng; + let key = ExpandedSecretKey::random(&mut rng); + let verifying_key = VerifyingKey::from(&key); + + let message = b"It's a secret to everybody"; + + let cloned_key = ExpandedSecretKey::from_bytes(&key.to_bytes()); + + let signature = raw_sign::(&key, message, &verifying_key); + verifying_key + .verify_strict(message, &signature) + .expect("We should be able to verify a signature"); + + let another_signature = raw_sign::(&cloned_key, message, &verifying_key); + + verifying_key + .verify_strict(message, &another_signature) + .expect("We should be able to verify a signature if we cloned the expanded secret key"); + } + + #[test] + fn expanded_secret_key_roundtrip() { + let mut rng = OsRng; + let key = ExpandedSecretKey::random(&mut rng); + let cloned_key = ExpandedSecretKey::from_bytes(&key.to_bytes()); + + assert_eq!( + key.scalar_bytes, cloned_key.scalar_bytes, + "The scalar bytes should be the same after a to_bytes/from_bytes roundtrip" + ); + assert_eq!( + key.scalar, cloned_key.scalar, + "The scalar should be the same after a to_bytes/from_bytes roundtrip" + ); + assert_eq!( + key.hash_prefix, cloned_key.hash_prefix, + "The hash prefix should be the same after a to_bytes/from_bytes roundtrip" + ); + } + // Check that raw_sign_prehashed and raw_verify_prehashed work when distinct, non-spec // MsgDigest and CtxDigest are used #[cfg(feature = "digest")]