[WIP] Use ed25519::Signature as the signature type; MSRV 1.60

This allows using `ed25519-consensus` in conjunction with the `signature::{Signer, Verifier}` traits. These traits are generic around a signature type parameter, which in this case is `ed25519::Signature`. Uses namespaced features to activate both `dep:serde` and `ed25519/serde`, which requires an MSRV of 1.60.
penumbra-zone · Dec 27, 2022 · ccc05a9 · ccc05a9
1 parent 94763f4
commit ccc05a9
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 77 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,6 +19,7 @@ curve25519-dalek = { package = "curve25519-dalek-ng", version = "4.1", default-f
 serde = { version = "1", optional = true, features = ["derive"] }
 zeroize = { version = "1.1", default-features = false }
 thiserror = { version = "1", optional = true }
+ed25519 = { version = "=2.0.0-pre.2", default-features = false }
 
 [dev-dependencies]
 rand = "0.8"
@@ -31,6 +32,7 @@ once_cell = "1.4"
 [features]
 std = ["thiserror"]
 default = ["serde", "std"]
+serde = ["dep:serde", "ed25519/serde"]
 
 [[test]]
 name = "rfc8032"

diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ Do you know what your validation criteria are?*][blog]
 ## Example
 
 ```
-use std::convert::TryFrom;
+use std::convert::{TryFrom, TryInto};
 use rand::thread_rng;
 use ed25519_consensus::*;
 
@@ -68,9 +68,10 @@ let (vk_bytes, sig_bytes) = {
 };
 
 // Verify the signature
+
 assert!(
     VerificationKey::try_from(vk_bytes)
-        .and_then(|vk| vk.verify(&sig_bytes.into(), msg))
+        .and_then(|vk| vk.verify(&sig_bytes.try_into().unwrap(), msg))
         .is_ok()
 );
 ```
@@ -79,4 +80,4 @@ assert!(
 [RFC8032]: https://tools.ietf.org/html/rfc8032
 [zebra]: https://github.com/ZcashFoundation/zebra
 [ZIP215]: https://github.com/zcash/zips/blob/master/zip-0215.rst
-[blog]: https://hdevalence.ca/blog/2020-10-04-its-25519am
+[blog]: https://hdevalence.ca/blog/2020-10-04-its-25519am
diff --git a/src/batch.rs b/src/batch.rs
@@ -85,7 +85,7 @@ impl<'msg, M: AsRef<[u8]> + ?Sized> From<(VerificationKeyBytes, Signature, &'msg
         // Compute k now to avoid dependency on the msg lifetime.
         let k = Scalar::from_hash(
             Sha512::default()
-                .chain(&sig.R_bytes[..])
+                .chain(sig.r_bytes())
                 .chain(&vk_bytes.0[..])
                 .chain(msg),
         );
@@ -187,10 +187,11 @@ impl Verifier {
             let mut A_coeff = Scalar::zero();
 
             for (k, sig) in sigs.iter() {
-                let R = CompressedEdwardsY(sig.R_bytes)
+                let R = CompressedEdwardsY(*sig.r_bytes())
                     .decompress()
                     .ok_or(Error::InvalidSignature)?;
-                let s = Scalar::from_canonical_bytes(sig.s_bytes).ok_or(Error::InvalidSignature)?;
+                let s =
+                    Scalar::from_canonical_bytes(*sig.s_bytes()).ok_or(Error::InvalidSignature)?;
                 let z = Scalar::from(gen_u128(&mut rng));
                 B_coeff -= z * s;
                 Rs.push(R);

diff --git a/src/lib.rs b/src/lib.rs
@@ -6,11 +6,10 @@
 #[cfg(feature = "std")]
 pub mod batch;
 mod error;
-mod signature;
 mod signing_key;
 mod verification_key;
 
+pub use ed25519::{signature, Signature};
 pub use error::Error;
-pub use signature::Signature;
 pub use signing_key::SigningKey;
 pub use verification_key::{VerificationKey, VerificationKeyBytes};
diff --git a/src/signature.rs b/src/signature.rs
diff --git a/src/signing_key.rs b/src/signing_key.rs
@@ -173,6 +173,6 @@ impl SigningKey {
 
         let s_bytes = (r + k * self.s).to_bytes();
 
-        Signature { R_bytes, s_bytes }
+        Signature::from_components(R_bytes, s_bytes).unwrap()
     }
 }
diff --git a/src/verification_key.rs b/src/verification_key.rs
@@ -207,7 +207,7 @@ impl VerificationKey {
     pub fn verify(&self, signature: &Signature, msg: &[u8]) -> Result<(), Error> {
         let k = Scalar::from_hash(
             Sha512::default()
-                .chain(&signature.R_bytes[..])
+                .chain(signature.r_bytes())
                 .chain(&self.A_bytes.0[..])
                 .chain(msg),
         );
@@ -219,9 +219,10 @@ impl VerificationKey {
     #[allow(non_snake_case)]
     pub(crate) fn verify_prehashed(&self, signature: &Signature, k: Scalar) -> Result<(), Error> {
         // `s_bytes` MUST represent an integer less than the prime `l`.
-        let s = Scalar::from_canonical_bytes(signature.s_bytes).ok_or(Error::InvalidSignature)?;
+        let s =
+            Scalar::from_canonical_bytes(*signature.s_bytes()).ok_or(Error::InvalidSignature)?;
         // `R_bytes` MUST be an encoding of a point on the twisted Edwards form of Curve25519.
-        let R = CompressedEdwardsY(signature.R_bytes)
+        let R = CompressedEdwardsY(*signature.r_bytes())
             .decompress()
             .ok_or(Error::InvalidSignature)?;
         // We checked the encoding of A_bytes when constructing `self`.

diff --git a/tests/small_order.rs b/tests/small_order.rs
@@ -91,7 +91,7 @@ fn individual_matches_batch_verification() -> Result<(), Report> {
     use std::convert::TryFrom;
     for case in SMALL_ORDER_SIGS.iter() {
         let msg = b"Zcash";
-        let sig = Signature::from(case.sig_bytes);
+        let sig = Signature::try_from(case.sig_bytes).unwrap();
         let vkb = VerificationKeyBytes::from(case.vk_bytes);
         let individual_verification =
             VerificationKey::try_from(vkb).and_then(|vk| vk.verify(&sig, msg));

diff --git a/tests/util/mod.rs b/tests/util/mod.rs
@@ -57,7 +57,7 @@ impl TestCase {
 
     fn check_zip215(&self) -> Result<(), Report> {
         use ed25519_consensus::{Signature, VerificationKey};
-        let sig = Signature::from(self.sig_bytes);
+        let sig = Signature::try_from(&self.sig_bytes).unwrap();
         VerificationKey::try_from(self.vk_bytes).and_then(|vk| vk.verify(&sig, b"Zcash"))?;
         Ok(())
     }