diff --git a/rust-k256/src/lib.rs b/rust-k256/src/lib.rs index 533639f..6af0ca4 100644 --- a/rust-k256/src/lib.rs +++ b/rust-k256/src/lib.rs @@ -30,14 +30,17 @@ use k256::elliptic_curve::bigint::ArrayEncoding; use k256::elliptic_curve::ops::Reduce; use k256::sha2::{digest::Output, Digest, Sha256}; // requires 'getrandom' feature +use k256::ProjectivePoint; use k256::Scalar; use k256::U256; use signature::RandomizedSigner; -// TODO -pub use k256::ProjectivePoint; -/// Re-exports the `NonZeroScalar` and `SecretKey` types from the `k256` crate. -/// These are used for generating secret keys and non-zero scalars for signing. -pub use k256::{NonZeroScalar, SecretKey}; + +/// Exports types from the `k256` crate: +/// +/// - `NonZeroScalar`: A secret 256-bit scalar value. +/// - `SecretKey`: A secret 256-bit scalar wrapped in a struct. +/// - `AffinePoint`: A public elliptic curve point. +pub use k256::{AffinePoint, NonZeroScalar, SecretKey}; /// Re-exports the [`CryptoRngCore`] trait from the [`rand_core`] crate. /// This allows it to be used from the current module. pub use rand_core::CryptoRngCore; @@ -60,9 +63,9 @@ pub struct PlumeSignature { /// The message that was signed. pub message: Vec, /// The public key used to verify the signature. - pub pk: ProjectivePoint, + pub pk: AffinePoint, /// The nullifier. - pub nullifier: ProjectivePoint, + pub nullifier: AffinePoint, /// Part of the signature data. SHA-256 interpreted as a scalar. pub c: NonZeroScalar, /// Part of the signature data, a scalar value. @@ -74,9 +77,9 @@ pub struct PlumeSignature { #[derive(Debug)] pub struct PlumeSignatureV1Fields { /// Part of the signature data, a curve point. - pub r_point: ProjectivePoint, + pub r_point: AffinePoint, /// Part of the signature data, a curve point. - pub hashed_to_curve_r: ProjectivePoint, + pub hashed_to_curve_r: AffinePoint, } impl PlumeSignature { /// Verifies a PLUME signature. @@ -91,7 +94,7 @@ impl PlumeSignature { let r_point = (ProjectivePoint::GENERATOR * *self.s) - (self.pk * (c_scalar)); - let hashed_to_curve = hash_to_curve(&self.message, &self.pk); + let hashed_to_curve = hash_to_curve(&self.message, &self.pk.into()); if hashed_to_curve.is_err() { return false; } @@ -118,9 +121,9 @@ impl PlumeSignature { c_scalar == Scalar::reduce(U256::from_be_byte_array(c_sha256_vec_signal(vec![ &ProjectivePoint::GENERATOR, - &self.pk, + &self.pk.into(), &hashed_to_curve, - &self.nullifier, + &self.nullifier.into(), &r_point, &hashed_to_curve_r, ]))) @@ -128,7 +131,7 @@ impl PlumeSignature { // Check if the given hash matches c_scalar == Scalar::reduce(U256::from_be_byte_array(c_sha256_vec_signal(vec![ - &self.nullifier, + &self.nullifier.into(), &r_point, &hashed_to_curve_r, ]))) @@ -191,7 +194,7 @@ mod tests { fn test_byte_array_to_scalar() { let scalar = byte_array_to_scalar(&hex!( "c6a7fc2c926ddbaf20731a479fb6566f2daa5514baae5223fe3b32edbce83254" - )); + )); assert_eq!( hex::encode(scalar.to_bytes()), "c6a7fc2c926ddbaf20731a479fb6566f2daa5514baae5223fe3b32edbce83254" diff --git a/rust-k256/src/randomizedsigner.rs b/rust-k256/src/randomizedsigner.rs index 5e25857..bb0d14a 100644 --- a/rust-k256/src/randomizedsigner.rs +++ b/rust-k256/src/randomizedsigner.rs @@ -94,13 +94,13 @@ impl<'signing> RandomizedSigner for PlumeSigner<'signing> { Ok(PlumeSignature { message: msg.to_owned(), pk: pk.into(), - nullifier: nullifier.to_point(), + nullifier: nullifier.to_point().to_affine(), c: c_scalar, s: s_scalar, v1specific: if self.v1 { Some(PlumeSignatureV1Fields { r_point: r_point.into(), - hashed_to_curve_r: hashed_to_curve_r.to_point(), + hashed_to_curve_r: hashed_to_curve_r.to_point().to_affine(), }) } else { None diff --git a/rust-k256/tests/verification.rs b/rust-k256/tests/verification.rs index c8cbc5b..25c6c65 100644 --- a/rust-k256/tests/verification.rs +++ b/rust-k256/tests/verification.rs @@ -3,8 +3,8 @@ //! Their setup is shared, `mod helpers` contains barely not refactored code, which is still instrumental to the tests. use helpers::{gen_test_scalar_sk, test_gen_signals, PlumeVersion}; -use k256::{elliptic_curve::sec1::ToEncodedPoint, NonZeroScalar}; -use plume_rustcrypto::{PlumeSignature, PlumeSignatureV1Fields, ProjectivePoint}; +use k256::{elliptic_curve::sec1::ToEncodedPoint, NonZeroScalar, ProjectivePoint}; +use plume_rustcrypto::{AffinePoint, PlumeSignature, PlumeSignatureV1Fields}; const G: ProjectivePoint = ProjectivePoint::GENERATOR; const M: &[u8; 29] = b"An example app message string"; @@ -33,13 +33,13 @@ fn plume_v1_test() { let sig = PlumeSignature { message: M.to_owned().into(), - pk: G * gen_test_scalar_sk(), - nullifier: test_data.1, + pk: (G * gen_test_scalar_sk()).into(), + nullifier: test_data.1.into(), c: NonZeroScalar::from_repr(C_V1.into()).unwrap(), s: NonZeroScalar::new(test_data.3).unwrap(), v1specific: Some(PlumeSignatureV1Fields { - r_point, - hashed_to_curve_r, + r_point: r_point.into(), + hashed_to_curve_r: hashed_to_curve_r.into(), }), }; let verified = sig.verify(); @@ -48,23 +48,11 @@ fn plume_v1_test() { // Print nullifier println!( "nullifier.x: {:?}", - hex::encode( - sig.nullifier - .to_affine() - .to_encoded_point(false) - .x() - .unwrap() - ) + hex::encode(sig.nullifier.to_encoded_point(false).x().unwrap()) ); println!( "nullifier.y: {:?}", - hex::encode( - sig.nullifier - .to_affine() - .to_encoded_point(false) - .y() - .unwrap() - ) + hex::encode(sig.nullifier.to_encoded_point(false).y().unwrap()) ); // Print c println!("c: {:?}", hex::encode(C_V1)); @@ -109,8 +97,8 @@ fn plume_v2_test() { let test_data = test_gen_signals(M, PlumeVersion::V2); assert!(PlumeSignature { message: M.to_owned().into(), - pk: G * gen_test_scalar_sk(), - nullifier: test_data.1, + pk: (G * gen_test_scalar_sk()).into(), + nullifier: test_data.1.into(), c: NonZeroScalar::from_repr(test_data.2).unwrap(), s: NonZeroScalar::new(test_data.3).unwrap(), v1specific: None @@ -167,6 +155,7 @@ mod helpers { pt } + use k256::ProjectivePoint; // These generate test signals as if it were passed from a secure enclave to wallet. Note that leaking these signals would leak pk, but not sk. // Outputs these 6 signals, in this order // g^sk (private)