Skip to content

Commit

Permalink
Enforce hashing of message signing
Browse files Browse the repository at this point in the history
  • Loading branch information
@alekswaslet
alekswaslet committed May 16, 2024
1 parent e50056a commit 78f29b6
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 16 deletions.
4 changes: 2 additions & 2 deletions src/transaction/input.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { type Blockchain } from '../chain'
import { JuneoBuffer, ParsingError, sha256, type Serializable, SignatureError, InputError } from '../utils'
import { JuneoBuffer, ParsingError, type Serializable, SignatureError, InputError } from '../utils'
import { type VMWallet } from '../wallet'
import { type Utxo } from './output'
import { type Signable } from './signature'
Expand Down Expand Up @@ -78,7 +78,7 @@ export class TransferableInput implements Serializable, Signable, Spendable {
const address: Address = this.input.utxo.output.addresses[indices[i]]
for (const wallet of wallets) {
if (address.matches(wallet.getJuneoAddress())) {
signatures.push(new Signature(wallet.sign(sha256(bytes))))
signatures.push(new Signature(wallet.sign(bytes)))
break
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/transaction/jevm/transaction.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { JuneoBuffer, sha256, type Serializable, SignatureError } from '../../utils'
import { JuneoBuffer, type Serializable, SignatureError } from '../../utils'
import { type VMWallet } from '../../wallet'
import { type Spendable, TransferableInput } from '../input'
import { TransferableOutput } from '../output'
Expand Down Expand Up @@ -74,7 +74,7 @@ export class EVMInput implements Serializable, Signable, Spendable {
const address: Address = this.address
for (const wallet of wallets) {
if (address.matches(wallet.getAddress())) {
signatures.push(new Signature(wallet.sign(sha256(bytes))))
signatures.push(new Signature(wallet.sign(bytes)))
break
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/transaction/platform/supernet.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { type Serializable, JuneoBuffer, SignatureError, sha256 } from '../../utils'
import { type Serializable, JuneoBuffer, SignatureError } from '../../utils'
import { type VMWallet } from '../../wallet'
import { getSignersIndices } from '../builder'
import { type Signable } from '../signature'
Expand Down Expand Up @@ -29,7 +29,7 @@ export class SupernetAuth implements Serializable, Signable {
const address: Address = this.rewardsOwner.addresses[i]
for (const wallet of wallets) {
if (address.matches(wallet.getJuneoAddress())) {
signatures.push(new Signature(wallet.sign(sha256(bytes))))
signatures.push(new Signature(wallet.sign(bytes)))
break
}
}
Expand Down
19 changes: 9 additions & 10 deletions src/utils/crypto.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,14 @@ export function sha256 (data: string | JuneoBuffer): JuneoBuffer {
return JuneoBuffer.fromBytes(Buffer.from(nobleSha256(buffer.getBytes())))
}

export function recoverPubKey (signature: JuneoBuffer, hash: JuneoBuffer, recovery: number): string {
export function recoverPubKey (signature: JuneoBuffer, message: JuneoBuffer, recovery: number): string {
const sig: Signature = parseSignature(signature)
return JuneoBuffer.fromBytes(Buffer.from(recoverPublicKey(hash.getBytes(), sig, recovery, true)))
.toHex()
.padStart(66, '0')
const bytes: Buffer = Buffer.from(recoverPublicKey(nobleSha256(message.getBytes()), sig, recovery, true))
return JuneoBuffer.fromBytes(bytes).toHex().padStart(66, '0')
}

export function verifySignature (signature: JuneoBuffer, hash: JuneoBuffer, publicKey: string): boolean {
return verify(parseSignature(signature), hash.toHex(), publicKey)
export function verifySignature (signature: JuneoBuffer, message: JuneoBuffer, publicKey: string): boolean {
return verify(parseSignature(signature), nobleSha256(message.getBytes()), publicKey)
}

function parseSignature (signature: JuneoBuffer): Signature {
Expand All @@ -41,11 +40,11 @@ export class ECKeyPair {
.padStart(66, '0')
}

sign (buffer: JuneoBuffer): JuneoBuffer {
const signature: Signature = Signature.fromHex(signSync(buffer.getBytes(), this.privateKey))
sign (message: JuneoBuffer): JuneoBuffer {
const signature: Signature = Signature.fromHex(signSync(nobleSha256(message.getBytes()), this.privateKey))
// noble as of v1.7.1 does not provide recovery param so do it here
const v: number =
recoverPubKey(JuneoBuffer.fromString(signature.toCompactHex()), buffer, 0) === this.publicKey ? 0 : 1
const publicKey: string = recoverPubKey(JuneoBuffer.fromString(signature.toCompactHex()), message, 0)
const v: number = publicKey === this.publicKey ? 0 : 1
return JuneoBuffer.fromString(`${signature.toCompactHex()}${v.toString(16).padStart(2, '0')}`)
}
}

0 comments on commit 78f29b6

Please sign in to comment.