chore: update with latest ic packages

Cargo.toml

@@ -30,8 +30,8 @@ const-hex = "1"
 sha2 = "0.10"
 sha3 = "0.10"
 num-traits = "0.2"
-ic-cdk = "0.16"
-ic-cdk-timers = "0.10"
+ic-cdk = "0.17"
+ic-cdk-timers = "0.11"
 ic-stable-structures = "0.6"
 icrc-ledger-types = "0.1"
 getrandom = { version = "0.2", features = ["custom"] }

src/ic_cose_canister/src/api_cose.rs

@@ -46,7 +46,7 @@ fn schnorr_public_key(
             store::ns::schnorr_public_key(&caller, algorithm, input.ns, input.derivation_path)
         }
         None => store::state::with(|s| match algorithm {
-            SchnorrAlgorithm::Bip340Secp256k1 => s
+            SchnorrAlgorithm::Bip340secp256k1 => s
                 .schnorr_secp256k1_public_key
                 .as_ref()
                 .cloned()

src/ic_cose_canister/src/schnorr.rs

@@ -1,20 +1,14 @@
-use candid::{CandidType, Principal};
-use ic_cose_types::{
-    format_error,
-    types::{PublicKeyOutput, SchnorrAlgorithm},
-};
-use serde::{Deserialize, Serialize};
+use ic_cdk::api::management_canister::schnorr;
+use ic_cose_types::{format_error, types::PublicKeyOutput};
 use serde_bytes::ByteBuf;
 
-const MAX_SIGN_WITH_SCHNORR_FEE: u128 = 26_153_846_153;
-
 pub fn derive_schnorr_public_key(
-    alg: SchnorrAlgorithm,
+    alg: schnorr::SchnorrAlgorithm,
     public_key: &PublicKeyOutput,
     derivation_path: Vec<Vec<u8>>,
 ) -> Result<PublicKeyOutput, String> {
     match alg {
-        SchnorrAlgorithm::Bip340Secp256k1 => {
+        schnorr::SchnorrAlgorithm::Bip340secp256k1 => {
             let path = ic_crypto_secp256k1::DerivationPath::new(
                 derivation_path
                     .into_iter()
@@ -38,7 +32,7 @@ pub fn derive_schnorr_public_key(
             })
         }
 
-        SchnorrAlgorithm::Ed25519 => {
+        schnorr::SchnorrAlgorithm::Ed25519 => {
             let path = ic_crypto_ed25519::DerivationPath::new(
                 derivation_path
                     .into_iter()
@@ -64,78 +58,47 @@ pub fn derive_schnorr_public_key(
     }
 }
 
-#[derive(CandidType, Deserialize, Serialize, Debug)]
-pub struct SignWithSchnorrArgs {
-    pub message: Vec<u8>,
-    pub derivation_path: Vec<Vec<u8>>,
-    pub key_id: SchnorrKeyId,
-}
-
-#[derive(CandidType, Deserialize, Serialize, Debug)]
-pub struct SignWithSchnorrResult {
-    pub signature: Vec<u8>,
-}
-
 pub async fn sign_with_schnorr(
     key_name: String,
-    alg: SchnorrAlgorithm,
+    alg: schnorr::SchnorrAlgorithm,
     derivation_path: Vec<Vec<u8>>,
     message: Vec<u8>,
 ) -> Result<Vec<u8>, String> {
-    let args = SignWithSchnorrArgs {
+    let args = schnorr::SignWithSchnorrArgument {
         message,
         derivation_path,
-        key_id: SchnorrKeyId {
+        key_id: schnorr::SchnorrKeyId {
             algorithm: alg,
             name: key_name,
         },
     };
 
-    let (res,): (SignWithSchnorrResult,) = ic_cdk::api::call::call_with_payment128(
-        Principal::management_canister(),
-        "sign_with_schnorr",
-        (args,),
-        MAX_SIGN_WITH_SCHNORR_FEE,
-    )
-    .await
-    .map_err(|err| format!("sign_with_ecdsa failed {:?}", err))?;
+    let (res,): (schnorr::SignWithSchnorrResponse,) = schnorr::sign_with_schnorr(args)
+        .await
+        .map_err(|err| format!("sign_with_ecdsa failed: {:?}", err))?;
 
     Ok(res.signature)
 }
 
-#[derive(CandidType, Deserialize, Serialize, Debug)]
-pub struct SchnorrPublicKeyArgs {
-    pub canister_id: Option<Principal>,
-    pub derivation_path: Vec<Vec<u8>>,
-    pub key_id: SchnorrKeyId,
-}
-
-#[derive(CandidType, Deserialize, Serialize, Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub struct SchnorrKeyId {
-    algorithm: SchnorrAlgorithm,
-    name: String,
-}
-
 pub async fn schnorr_public_key(
     key_name: String,
-    alg: SchnorrAlgorithm,
+    alg: schnorr::SchnorrAlgorithm,
     derivation_path: Vec<Vec<u8>>,
 ) -> Result<PublicKeyOutput, String> {
-    let args = SchnorrPublicKeyArgs {
+    let args = schnorr::SchnorrPublicKeyArgument {
         canister_id: None,
         derivation_path,
-        key_id: SchnorrKeyId {
+        key_id: schnorr::SchnorrKeyId {
             algorithm: alg,
             name: key_name,
         },
     };
 
-    let (res,): (PublicKeyOutput,) = ic_cdk::call(
-        Principal::management_canister(),
-        "schnorr_public_key",
-        (args,),
-    )
-    .await
-    .map_err(|err| format!("schnorr_public_key failed {:?}", err))?;
-    Ok(res)
+    let (res,): (schnorr::SchnorrPublicKeyResponse,) = schnorr::schnorr_public_key(args)
+        .await
+        .map_err(|err| format!("schnorr_public_key failed {:?}", err))?;
+    Ok(PublicKeyOutput {
+        public_key: ByteBuf::from(res.public_key),
+        chain_code: ByteBuf::from(res.chain_code),
+    })
 }

src/ic_cose_canister/src/store.rs

@@ -467,7 +467,7 @@ pub mod state {
                 .ok();
 
         let schnorr_secp256k1_public_key =
-            schnorr_public_key(schnorr_key_name, SchnorrAlgorithm::Bip340Secp256k1, vec![])
+            schnorr_public_key(schnorr_key_name, SchnorrAlgorithm::Bip340secp256k1, vec![])
                 .await
                 .map_err(|err| {
                     ic_cdk::print(format!(
@@ -616,7 +616,7 @@ pub mod ns {
 
             state::with(|s| {
                 let pk = match alg {
-                    SchnorrAlgorithm::Bip340Secp256k1 => s
+                    SchnorrAlgorithm::Bip340secp256k1 => s
                         .schnorr_secp256k1_public_key
                         .as_ref()
                         .ok_or("no schnorr secp256k1 public key")?,
@@ -703,11 +703,11 @@ pub mod ns {
         let payload = claims.to_vec().map_err(format_error)?;
         let alg = match algorithm {
             SchnorrAlgorithm::Ed25519 => EdDSA,
-            SchnorrAlgorithm::Bip340Secp256k1 => ES256K,
+            SchnorrAlgorithm::Bip340secp256k1 => ES256K,
         };
         let mut sign1 = cose_sign1(payload, alg, None)?;
         let mut tbs_data = sign1.tbs_data(caller.as_slice());
-        if algorithm == SchnorrAlgorithm::Bip340Secp256k1 {
+        if algorithm == SchnorrAlgorithm::Bip340secp256k1 {
             tbs_data = sha256(&tbs_data).into();
         }
         let sig = sign_with_schnorr(key_name, algorithm, vec![], tbs_data).await?;

src/ic_cose_types/Cargo.toml

@@ -16,6 +16,7 @@ serde_bytes = { workspace = true }
 num-traits = { workspace = true }
 ciborium = { workspace = true }
 icrc-ledger-types = { workspace = true }
+ic-cdk = { workspace = true }
 k256 = { workspace = true }
 ed25519-dalek = { workspace = true }
 x25519-dalek = { workspace = true }

src/ic_cose_types/src/cose/k256.rs

@@ -102,5 +102,29 @@ mod test {
 
         let signature = decode("6d8983dbeaf2977d2a41d69e0a6fb46b51fb7c1616a8ddd8bb948e1b08bb10e31eee92ef0f8b44ff62f231e6afd7f443a132414d431b57a6ce6dd23ffac8f878").unwrap();
         assert!(secp256k1_verify(&pk, &message, &signature).is_ok());
+        assert!(schnorr_secp256k1_verify(&pk, &message, &signature).is_err());
+    }
+
+    #[test]
+    fn schnorr_secp256k1_verify_works() {
+        // generated with:
+        // dfx canister call ic_cose_canister schnorr_public_key '(variant { bip340secp256k1 }, opt record {
+        //     ns = "_";
+        //     derivation_path = vec {};
+        //   })' --ic
+        let pk =
+            decode("0387f4b6c52971d340eade21f7d73a65111f5345ade1b13cac845a93bb87255129").unwrap();
+
+        // generated with:
+        // dfx canister call ic_cose_canister schnorr_sign '(variant { bip340secp256k1 }, record {
+        //     ns = "_";
+        //     derivation_path = vec {};
+        //     message = blob "\62\33\97\68\50\d2\fc\6a\b6\53\30\6b\33\2d\de\43\89\a4\e8\7b\79\d5\21\a3\31\68\3c\f9\01\02\c4\78";
+        //   })' --ic
+        let message =
+            decode("6233976850d2fc6ab653306b332dde4389a4e87b79d521a331683cf90102c478").unwrap();
+        let signature = decode("a45e4cb08af0dd0eecc1afe26d6d65fc86de0fac1a5e81fb9e85f776afafb3165278ca25ddc3f53114bae8e42938cedbc3bdcbd423ce5cb8104a8c0c46b4c17b").unwrap();
+        assert!(schnorr_secp256k1_verify(&pk, &message, &signature).is_ok());
+        assert!(secp256k1_verify(&pk, &message, &signature).is_err());
     }
 }

src/ic_cose_types/src/types/mod.rs

@@ -3,6 +3,7 @@ use serde::{Deserialize, Serialize};
 use serde_bytes::{ByteArray, ByteBuf};
 use std::collections::BTreeMap;
 
+pub use ic_cdk::api::management_canister::schnorr::SchnorrAlgorithm;
 pub mod namespace;
 pub mod setting;
 pub mod state;
@@ -12,14 +13,6 @@ pub use setting::SettingPath;
 pub type MapValue =
     BTreeMap<String, icrc_ledger_types::icrc::generic_metadata_value::MetadataValue>;
 
-#[derive(CandidType, Deserialize, Serialize, Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub enum SchnorrAlgorithm {
-    #[serde(rename = "bip340secp256k1")]
-    Bip340Secp256k1,
-    #[serde(rename = "ed25519")]
-    Ed25519,
-}
-
 #[derive(CandidType, Clone, Debug, Deserialize, Serialize, PartialEq, Eq)]
 pub struct PublicKeyInput {
     pub ns: String,