use k256 for verifying schnorr sig

babylonlabs-io · Sep 5, 2024 · 3d5dad8 · 3d5dad8
1 parent c8b5342
commit 3d5dad8
Show file tree

Hide file tree

Showing 8 changed files with 59 additions and 13 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -50,6 +50,7 @@ cw-multi-test = "2.0.1"
 cw-storage-plus = "2.0.0"
 cw-utils = "2.0.0"
 derivative = "2"
+digest = "0.10"
 hex = "0.4.3"
 ics23 = { version = "0.9.0", default-features = false, features = [
     "host-functions",

diff --git a/contracts/btc-staking/src/contract.rs b/contracts/btc-staking/src/contract.rs
@@ -304,11 +304,7 @@ pub(crate) mod tests {
 
     fn new_params(params: ProtoParams) -> Params {
         Params {
-            covenant_pks: params
-                .covenant_pks
-                .iter()
-                .map(|pk| hex::encode(pk))
-                .collect(),
+            covenant_pks: params.covenant_pks.iter().map(hex::encode).collect(),
             covenant_quorum: params.covenant_quorum,
             btc_network: Network::Regtest, // TODO: fix this
             max_active_finality_providers: params.max_active_finality_providers,

diff --git a/packages/btcstaking/Cargo.toml b/packages/btcstaking/Cargo.toml
@@ -6,6 +6,7 @@ edition.workspace = true
 
 [dependencies]
 bitcoin       = { workspace = true }
+digest        = { workspace = true }
 rust_decimal  = { workspace = true }
 hex           = { workspace = true }
 sha2          = { workspace = true }

diff --git a/packages/btcstaking/src/identity_digest.rs b/packages/btcstaking/src/identity_digest.rs
@@ -0,0 +1,45 @@
+//! Dummy 256-bits Digest impl.
+//! This digest stores/accepts a value of the proper length.
+//! To be used for / with already hashed values, just to comply with the Digest contract.
+//!
+//! Adapted from `sha2` [sha256.rs](https://github.com/RustCrypto/hashes/blob/master/sha2/src/sha256.rs)
+//! and https://github.com/CosmWasm/cosmwasm/blob/main/packages/crypto/src/identity_digest.rs
+use digest::consts::U32;
+use digest::generic_array::GenericArray;
+use digest::{FixedOutput, HashMarker, Output, OutputSizeUser, Reset, Update};
+use sha2::Digest;
+
+/// The 256-bits identity container
+#[derive(Clone, Default)]
+pub struct Identity256 {
+    array: GenericArray<u8, U32>,
+}
+
+impl Update for Identity256 {
+    fn update(&mut self, hash: &[u8]) {
+        assert_eq!(hash.as_ref().len(), 32);
+        self.array = *GenericArray::from_slice(hash);
+    }
+}
+
+impl OutputSizeUser for Identity256 {
+    type OutputSize = U32;
+}
+
+impl FixedOutput for Identity256 {
+    fn finalize_into(self, out: &mut Output<Self>) {
+        *out = self.array;
+    }
+}
+
+impl HashMarker for Identity256 {}
+
+impl Reset for Identity256 {
+    fn reset(&mut self) {
+        *self = Self::default();
+    }
+}
+
+pub fn new_digest(msg_hash: [u8; 32]) -> Identity256 {
+    Identity256::new().chain(msg_hash)
+}
diff --git a/packages/btcstaking/src/lib.rs b/packages/btcstaking/src/lib.rs
@@ -1,5 +1,6 @@
 mod adaptor_sig;
 pub mod error;
+mod identity_digest;
 pub mod scripts_utils;
 pub mod sig_verify;
 pub mod tx_verify;

diff --git a/packages/btcstaking/src/sig_verify.rs b/packages/btcstaking/src/sig_verify.rs
@@ -1,16 +1,14 @@
 use crate::adaptor_sig::AdaptorSignature;
 use crate::error::Error;
+use crate::identity_digest::new_digest;
 use crate::Result;
-use bitcoin::hashes::{sha256, Hash};
+use bitcoin::hashes::Hash;
 use bitcoin::sighash::{Prevouts, SighashCache};
+use bitcoin::Transaction;
 use bitcoin::{Script, TxOut, XOnlyPublicKey};
-use bitcoin::{TapSighash, Transaction};
-use k256::elliptic_curve::FieldBytes;
-use k256::schnorr::signature::{DigestVerifier, Verifier};
+use k256::schnorr::signature::DigestVerifier;
 use k256::schnorr::Signature as SchnorrSignature;
 use k256::schnorr::VerifyingKey;
-use sha2::digest::KeyInit;
-use sha2::{Digest, Sha256};
 
 fn calc_sighash(
     transaction: &Transaction,
@@ -49,11 +47,14 @@ pub fn verify_transaction_sig_with_output(
 ) -> Result<()> {
     // calculate the sig hash of the tx for the given spending path
     let sighash = calc_sighash(transaction, funding_output, path_script)?;
+    let sighash_digest = new_digest(sighash);
+
     // verify the signature w.r.t. the signature, the sig hash, and the public key
     let verifying_key = VerifyingKey::from_bytes(&pub_key.serialize())
         .map_err(|e| Error::FailedToParsePublicKey(e.to_string()))?;
+
     verifying_key
-        .verify(&sighash, signature)
+        .verify_digest(sighash_digest, signature)
         .map_err(|e| Error::InvalidSchnorrSignature(e.to_string()))
 }
 

diff --git a/packages/btcstaking/src/tx_verify.rs b/packages/btcstaking/src/tx_verify.rs
@@ -201,7 +201,7 @@ mod tests {
     };
     use bitcoin::address::Address;
     use bitcoin::consensus::deserialize;
-    use bitcoin::secp256k1::schnorr::Signature;
+
     use bitcoin::{Transaction, XOnlyPublicKey};
     use test_utils::{get_btc_delegation, get_params};