Skip to content

Commit

Permalink
Use domain separation for wallet message signing
Browse files Browse the repository at this point in the history
  • Loading branch information
AaronFeickert committed May 19, 2023
1 parent ed120b2 commit cb338c9
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 15 deletions.
3 changes: 3 additions & 0 deletions base_layer/common_types/src/types/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ use tari_crypto::{
RistrettoComAndPubSig,
RistrettoPublicKey,
RistrettoSchnorr,
RistrettoSchnorrWithDomain,
RistrettoSecretKey,
},
};
Expand All @@ -43,6 +44,8 @@ pub use fixed_hash::{FixedHash, FixedHashSizeError};
/// Define the explicit Signature implementation for the Tari base layer. A different signature scheme can be
/// employed by redefining this type.
pub type Signature = RistrettoSchnorr;
/// Define a generic signature type using a hash domain.
pub type SignatureWithDomain<H> = RistrettoSchnorrWithDomain<H>;
/// Define the explicit Commitment Signature implementation for the Tari base layer.
pub type ComAndPubSignature = RistrettoComAndPubSig;

Expand Down
25 changes: 13 additions & 12 deletions base_layer/wallet/src/wallet.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ use tari_common::configuration::bootstrap::ApplicationType;
use tari_common_types::{
tari_address::TariAddress,
transaction::{ImportStatus, TxId},
types::{ComAndPubSignature, Commitment, PrivateKey, PublicKey, Signature},
types::{ComAndPubSignature, Commitment, PrivateKey, PublicKey, SignatureWithDomain},
};
use tari_comms::{
multiaddr::Multiaddr,
Expand All @@ -53,12 +53,7 @@ use tari_core::{
CryptoFactories,
},
};
use tari_crypto::{
hash::blake2::Blake256,
ristretto::{RistrettoPublicKey, RistrettoSchnorr, RistrettoSecretKey},
signatures::{SchnorrSignature, SchnorrSignatureError},
tari_utilities::hex::Hex,
};
use tari_crypto::{hash::blake2::Blake256, hash_domain, signatures::SchnorrSignatureError, tari_utilities::hex::Hex};
use tari_key_manager::{
cipher_seed::CipherSeed,
key_manager::KeyManager,
Expand Down Expand Up @@ -108,6 +103,12 @@ const LOG_TARGET: &str = "wallet";
/// The minimum buffer size for the wallet pubsub_connector channel
const WALLET_BUFFER_MIN_SIZE: usize = 300;

// Domain separator for signing arbitrary messages with a wallet secret key
hash_domain!(
WalletMessageSigningDomain,
"com.tari.tari_project.base_layer.wallet.message_signing"
);

/// A structure containing the config and services that a Wallet application will require. This struct will start up all
/// the services and provide the APIs that applications will use to interact with the services
#[derive(Clone)]
Expand Down Expand Up @@ -500,16 +501,16 @@ where

pub fn sign_message(
&mut self,
secret: &RistrettoSecretKey,
secret: &PrivateKey,
message: &str,
) -> Result<SchnorrSignature<RistrettoPublicKey, RistrettoSecretKey>, SchnorrSignatureError> {
RistrettoSchnorr::sign_message(secret, message.as_bytes())
) -> Result<SignatureWithDomain<WalletMessageSigningDomain>, SchnorrSignatureError> {
SignatureWithDomain::<WalletMessageSigningDomain>::sign_message(secret, message.as_bytes())
}

pub fn verify_message_signature(
&mut self,
public_key: &RistrettoPublicKey,
signature: &Signature,
public_key: &PublicKey,
signature: &SignatureWithDomain<WalletMessageSigningDomain>,
message: &str,
) -> bool {
signature.verify_message(public_key, message)
Expand Down
6 changes: 3 additions & 3 deletions base_layer/wallet_ffi/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ use tari_common_types::{
emoji::emoji_set,
tari_address::{TariAddress, TariAddressError},
transaction::{TransactionDirection, TransactionStatus, TxId},
types::{ComAndPubSignature, Commitment, PublicKey, Signature},
types::{ComAndPubSignature, Commitment, PublicKey, SignatureWithDomain},
};
use tari_comms::{
multiaddr::Multiaddr,
Expand Down Expand Up @@ -161,7 +161,7 @@ use tari_wallet::{
},
},
utxo_scanner_service::{service::UtxoScannerService, RECOVERY_KEY},
wallet::{derive_comms_secret_key, read_or_create_master_seed},
wallet::{derive_comms_secret_key, read_or_create_master_seed, WalletMessageSigningDomain},
Wallet,
WalletConfig,
WalletSqlite,
Expand Down Expand Up @@ -6163,7 +6163,7 @@ pub unsafe extern "C" fn wallet_verify_message_signature(
let public_nonce = TariPublicKey::from_hex(key2);
match public_nonce {
Ok(pn) => {
let sig = Signature::new(pn, p);
let sig = SignatureWithDomain::<WalletMessageSigningDomain>::new(pn, p);
result = (*wallet).wallet.verify_message_signature(&*public_key, &sig, &message)
},
Err(e) => {
Expand Down

0 comments on commit cb338c9

Please sign in to comment.