Use well-defined signature scheme enum instead of arbitrary byte flag (…

…MystenLabs#3737) Co-authored-by: Chris Li <[email protected]>
VohaStar · Aug 5, 2022 · 0b6b198 · 0b6b198
1 parent bfb41f2
commit 0b6b198
Show file tree

Hide file tree

Showing 17 changed files with 100 additions and 60 deletions.
diff --git a/crates/sui-gateway/src/unit_tests/rpc_server_tests.rs b/crates/sui-gateway/src/unit_tests/rpc_server_tests.rs
@@ -59,12 +59,12 @@ async fn test_public_transfer_object() -> Result<(), anyhow::Error> {
     let signature = keystore.sign(address, &tx_bytes)?;
 
     let tx_bytes = Base64::from_bytes(&tx_bytes);
-    let flag_bytes = Base64::from_bytes(&[signature.flag_byte()]);
+    let sig_scheme = signature.scheme();
     let signature_bytes = Base64::from_bytes(signature.signature_bytes());
     let pub_key = Base64::from_bytes(signature.public_key_bytes());
 
     let tx_response: TransactionResponse = http_client
-        .execute_transaction(tx_bytes, flag_bytes, signature_bytes, pub_key)
+        .execute_transaction(tx_bytes, sig_scheme, signature_bytes, pub_key)
         .await?;
 
     let effect = tx_response.to_effect_response()?.effects;
@@ -100,12 +100,12 @@ async fn test_publish() -> Result<(), anyhow::Error> {
     let signature = keystore.sign(address, &tx_bytes)?;
 
     let tx_bytes = Base64::from_bytes(&tx_bytes);
-    let flag_bytes = Base64::from_bytes(&[signature.flag_byte()]);
+    let sig_scheme = signature.scheme();
     let signature_bytes = Base64::from_bytes(signature.signature_bytes());
     let pub_key = Base64::from_bytes(signature.public_key_bytes());
 
     let tx_response: TransactionResponse = http_client
-        .execute_transaction(tx_bytes, flag_bytes, signature_bytes, pub_key)
+        .execute_transaction(tx_bytes, sig_scheme, signature_bytes, pub_key)
         .await?;
 
     let response = tx_response.to_publish_response()?;
@@ -150,12 +150,12 @@ async fn test_move_call() -> Result<(), anyhow::Error> {
     let signature = keystore.sign(address, &tx_bytes)?;
 
     let tx_bytes = Base64::from_bytes(&tx_bytes);
-    let flag_bytes = Base64::from_bytes(&[signature.flag_byte()]);
+    let sig_scheme = signature.scheme();
     let signature_bytes = Base64::from_bytes(signature.signature_bytes());
     let pub_key = Base64::from_bytes(signature.public_key_bytes());
 
     let tx_response: TransactionResponse = http_client
-        .execute_transaction(tx_bytes, flag_bytes, signature_bytes, pub_key)
+        .execute_transaction(tx_bytes, sig_scheme, signature_bytes, pub_key)
         .await?;
 
     let effect = tx_response.to_effect_response()?.effects;
@@ -204,12 +204,12 @@ async fn test_get_transaction() -> Result<(), anyhow::Error> {
         let signature = keystore.sign(address, &tx_bytes)?;
 
         let tx_bytes = Base64::from_bytes(&tx_bytes);
-        let flag_bytes = Base64::from_bytes(&[signature.flag_byte()]);
+        let sig_scheme = signature.scheme();
         let signature_bytes = Base64::from_bytes(signature.signature_bytes());
         let pub_key = Base64::from_bytes(signature.public_key_bytes());
 
         let response: TransactionResponse = http_client
-            .execute_transaction(tx_bytes, flag_bytes, signature_bytes, pub_key)
+            .execute_transaction(tx_bytes, sig_scheme, signature_bytes, pub_key)
             .await?;
 
         if let TransactionResponse::EffectResponse(effects) = response {

diff --git a/crates/sui-json-rpc/src/api.rs b/crates/sui-json-rpc/src/api.rs
@@ -11,6 +11,7 @@ use sui_json_rpc_types::{
 };
 use sui_open_rpc_macros::open_rpc;
 use sui_types::base_types::{ObjectID, SuiAddress, TransactionDigest};
+use sui_types::crypto::SignatureScheme;
 use sui_types::sui_serde::Base64;
 
 #[open_rpc(namespace = "sui", tag = "Gateway Transaction Execution API")]
@@ -23,7 +24,7 @@ pub trait RpcGatewayApi {
         /// transaction data bytes, as base-64 encoded string
         tx_bytes: Base64,
         /// Flag of the signature scheme that is used.
-        flag: Base64,
+        sig_scheme: SignatureScheme,
         /// transaction signature, as base-64 encoded string
         signature: Base64,
         /// signer's public key, as base-64 encoded string

diff --git a/crates/sui-json-rpc/src/gateway_api.rs b/crates/sui-json-rpc/src/gateway_api.rs
@@ -19,6 +19,7 @@ use sui_json_rpc_types::{
     TransactionBytes, TransactionEffectsResponse, TransactionResponse,
 };
 use sui_open_rpc::Module;
+use sui_types::crypto::SignatureScheme;
 use sui_types::sui_serde::Base64;
 use sui_types::{
     base_types::{ObjectID, SuiAddress, TransactionDigest},
@@ -71,13 +72,14 @@ impl RpcGatewayApiServer for RpcGatewayImpl {
     async fn execute_transaction(
         &self,
         tx_bytes: Base64,
-        flag: Base64,
+        sig_scheme: SignatureScheme,
         signature: Base64,
         pub_key: Base64,
     ) -> RpcResult<TransactionResponse> {
         let data = TransactionData::from_signable_bytes(&tx_bytes.to_vec()?)?;
+        let flag = vec![sig_scheme.flag()];
         let signature = crypto::Signature::from_bytes(
-            &[&*flag.to_vec()?, &*signature.to_vec()?, &pub_key.to_vec()?].concat(),
+            &[&*flag, &*signature.to_vec()?, &pub_key.to_vec()?].concat(),
         )
         .map_err(|e| anyhow!(e))?;
         let result = self

diff --git a/crates/sui-open-rpc/spec/openrpc.json b/crates/sui-open-rpc/spec/openrpc.json
@@ -160,11 +160,11 @@
           }
         },
         {
-          "name": "flag",
+          "name": "sig_scheme",
           "description": "Flag of the signature scheme that is used.",
           "required": true,
           "schema": {
-            "$ref": "#/components/schemas/Base64"
+            "$ref": "#/components/schemas/SignatureScheme"
           }
         },
         {
@@ -200,8 +200,8 @@
               "value": "VHJhbnNhY3Rpb25EYXRhOjoAABdY7bkmDSqGyDbvwF8X5cWVJeQExGwtZKelsdk7LYZGgF2NKhIvzNsCAAAAAAAAACA7x9yXWrdfyGV5NTb2bmQYkFA2D2I9yIq7gwAYDN0Kj9BnwzQmQaTOqrLB29rQESsuPkj4xqk9BRZR/i5O764oE0klaDiQqUICAAAAAAAAACD2POST9RLwss+3xCoHzpEwy20FmjiNiGFTbLnFuBqajQEAAAAAAAAA6AMAAAAAAAA="
             },
             {
-              "name": "flag",
-              "value": "AA=="
+              "name": "sig_scheme",
+              "value": "ED25519"
             },
             {
               "name": "signature",
@@ -2924,6 +2924,13 @@
           }
         ]
       },
+      "SignatureScheme": {
+        "type": "string",
+        "enum": [
+          "ED25519",
+          "Secp256k1"
+        ]
+      },
       "SplitCoinResponse": {
         "type": "object",
         "required": [

diff --git a/crates/sui-open-rpc/src/examples.rs b/crates/sui-open-rpc/src/examples.rs
@@ -169,7 +169,7 @@ impl RpcExampleProvider {
                 "Execute an object transfer transaction",
                 vec![
                     ("tx_bytes", json!(tx_bytes.tx_bytes)),
-                    ("flag", json!(Base64::from_bytes(&[signature.flag_byte()]))),
+                    ("sig_scheme", json!(signature.scheme())),
                     (
                         "signature",
                         json!(Base64::from_bytes(signature.signature_bytes())),

diff --git a/crates/sui-open-rpc/src/generate_json_rpc_spec.rs b/crates/sui-open-rpc/src/generate_json_rpc_spec.rs
@@ -35,7 +35,7 @@ use sui_json_rpc_types::{
 };
 use sui_types::base_types::{ObjectID, SuiAddress};
 use sui_types::crypto::SuiSignature;
-use sui_types::sui_serde::{Base64, Encoding};
+use sui_types::sui_serde::Base64;
 use sui_types::SUI_FRAMEWORK_ADDRESS;
 use test_utils::network::{start_rpc_test_network, TestNetwork};
 
@@ -340,22 +340,22 @@ async fn create_error_response(
     let signature = context
         .keystore
         .sign(&address, &response.tx_bytes.to_vec()?)?;
-    let flag_bytes = Base64::encode(&[signature.flag_byte()]);
-    let signature_byte = Base64::encode(signature.signature_bytes());
-    let pub_key = Base64::encode(signature.public_key_bytes());
-    let tx_data = response.tx_bytes.encoded();
+    let sig_scheme = signature.scheme();
+    let signature_byte = Base64::from_bytes(signature.signature_bytes());
+    let pub_key = Base64::from_bytes(signature.public_key_bytes());
+    let tx_data = response.tx_bytes;
 
     let client = Client::new();
     let request = Request::builder()
         .uri(network.rpc_url.clone())
         .method(Method::POST)
         .header("Content-Type", "application/json")
         .body(Body::from(format!(
-            "{{ \"jsonrpc\": \"2.0\",\"method\": \"sui_executeTransaction\",\"params\": [\"{}\", \"{}\", \"{}\", \"{}\"],\"id\": 1 }}",
-            tx_data,
-            flag_bytes,
-            signature_byte,
-            pub_key
+            "{{ \"jsonrpc\": \"2.0\",\"method\": \"sui_executeTransaction\",\"params\": [{}, {}, {}, {}],\"id\": 1 }}",
+            json![tx_data],
+            json![sig_scheme],
+            json![signature_byte],
+            json![pub_key]
         )))?;
 
     let res = client.request(request).await?;

diff --git a/crates/sui-sdk/src/lib.rs b/crates/sui-sdk/src/lib.rs
@@ -224,15 +224,15 @@ impl SuiClient {
         Ok(match &self {
             Self::Http(c) => {
                 let tx_bytes = Base64::from_bytes(&tx.data.to_bytes());
-                let flag = Base64::from_bytes(&[tx.tx_signature.flag_byte()]);
+                let flag = tx.tx_signature.scheme();
                 let signature = Base64::from_bytes(tx.tx_signature.signature_bytes());
                 let pub_key = Base64::from_bytes(tx.tx_signature.public_key_bytes());
                 c.execute_transaction(tx_bytes, flag, signature, pub_key)
                     .await?
             }
             Self::Ws(c) => {
                 let tx_bytes = Base64::from_bytes(&tx.data.to_bytes());
-                let flag = Base64::from_bytes(&[tx.tx_signature.flag_byte()]);
+                let flag = tx.tx_signature.scheme();
                 let signature = Base64::from_bytes(tx.tx_signature.signature_bytes());
                 let pub_key = Base64::from_bytes(tx.tx_signature.public_key_bytes());
                 c.execute_transaction(tx_bytes, flag, signature, pub_key)

diff --git a/crates/sui-types/src/base_types.rs b/crates/sui-types/src/base_types.rs
@@ -185,7 +185,7 @@ impl TryFrom<Vec<u8>> for SuiAddress {
 impl From<&AuthorityPublicKeyBytes> for SuiAddress {
     fn from(pkb: &AuthorityPublicKeyBytes) -> Self {
         let mut hasher = Sha3_256::default();
-        hasher.update(&[AuthorityPublicKey::FLAG]);
+        hasher.update(&[AuthorityPublicKey::SIGNATURE_SCHEME.flag()]);
         hasher.update(pkb);
         let g_arr = hasher.finalize();
 
@@ -198,7 +198,7 @@ impl From<&AuthorityPublicKeyBytes> for SuiAddress {
 impl<T: SuiPublicKey> From<&T> for SuiAddress {
     fn from(pk: &T) -> Self {
         let mut hasher = Sha3_256::default();
-        hasher.update(&[T::FLAG]);
+        hasher.update(&[T::SIGNATURE_SCHEME.flag()]);
         hasher.update(pk);
         let g_arr = hasher.finalize();
 

diff --git a/crates/sui-types/src/crypto.rs b/crates/sui-types/src/crypto.rs
@@ -301,8 +301,8 @@ impl AsRef<[u8]> for Signature {
 
 impl signature::Signature for Signature {
     fn from_bytes(bytes: &[u8]) -> Result<Self, signature::Error> {
-        match bytes.first().ok_or_else(signature::Error::new)? {
-            x if x == &Ed25519SuiSignature::FLAG => {
+        match bytes.first() {
+            Some(x) if x == &Ed25519SuiSignature::SCHEME.flag() => {
                 Ok(<Ed25519SuiSignature as ToFromBytes>::from_bytes(bytes)
                     .map_err(|_| signature::Error::new())?
                     .into())
@@ -314,7 +314,7 @@ impl signature::Signature for Signature {
 
 impl std::fmt::Debug for Signature {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
-        let flag = base64ct::Base64::encode_string(&[self.flag_byte()]);
+        let flag = base64ct::Base64::encode_string(&[self.scheme().flag()]);
         let s = base64ct::Base64::encode_string(self.signature_bytes());
         let p = base64ct::Base64::encode_string(self.public_key_bytes());
         write!(f, "{flag}@{s}@{p}")?;
@@ -342,7 +342,7 @@ impl SuiSignatureInner for Ed25519SuiSignature {
 }
 
 impl SuiPublicKey for Ed25519PublicKey {
-    const FLAG: u8 = 0x00;
+    const SIGNATURE_SCHEME: SignatureScheme = SignatureScheme::ED25519;
 }
 
 impl AsRef<[u8]> for Ed25519SuiSignature {
@@ -393,7 +393,7 @@ impl SuiSignatureInner for Secp256k1SuiSignature {
 // }
 
 impl SuiPublicKey for Secp256k1PublicKey {
-    const FLAG: u8 = 0xed;
+    const SIGNATURE_SCHEME: SignatureScheme = SignatureScheme::Secp256k1;
 }
 
 impl AsRef<[u8]> for Secp256k1SuiSignature {
@@ -430,7 +430,7 @@ pub trait SuiSignatureInner: Sized + signature::Signature {
     type KeyPair: KeypairTraits<PubKey = Self::PubKey, Sig = Self::Sig>;
 
     const LENGTH: usize = Self::Sig::LENGTH + Self::PubKey::LENGTH + 1;
-    const FLAG: u8 = Self::PubKey::FLAG;
+    const SCHEME: SignatureScheme = Self::PubKey::SIGNATURE_SCHEME;
 
     fn get_verification_inputs(&self, author: SuiAddress) -> SuiResult<(Self::Sig, Self::PubKey)> {
         // Is this signature emitted by the expected author?
@@ -463,7 +463,8 @@ pub trait SuiSignatureInner: Sized + signature::Signature {
             })?;
 
         let mut signature_bytes: Vec<u8> = Vec::new();
-        signature_bytes.extend_from_slice(&[<Self::PubKey as SuiPublicKey>::FLAG]);
+        signature_bytes
+            .extend_from_slice(&[<Self::PubKey as SuiPublicKey>::SIGNATURE_SCHEME.flag()]);
         signature_bytes.extend_from_slice(sig.as_ref());
         signature_bytes.extend_from_slice(kp.public().as_ref());
         Self::from_bytes(&signature_bytes[..]).map_err(|err| SuiError::InvalidSignature {
@@ -473,14 +474,14 @@ pub trait SuiSignatureInner: Sized + signature::Signature {
 }
 
 pub trait SuiPublicKey: VerifyingKey {
-    const FLAG: u8;
+    const SIGNATURE_SCHEME: SignatureScheme;
 }
 
 #[enum_dispatch(Signature)]
 pub trait SuiSignature: Sized + signature::Signature {
     fn signature_bytes(&self) -> &[u8];
     fn public_key_bytes(&self) -> &[u8];
-    fn flag_byte(&self) -> u8;
+    fn scheme(&self) -> SignatureScheme;
 
     fn verify<T>(&self, value: &T, author: SuiAddress) -> SuiResult<()>
     where
@@ -536,8 +537,8 @@ impl<S: SuiSignatureInner + Sized> SuiSignature for S {
         &self.as_ref()[S::Sig::LENGTH + 1..]
     }
 
-    fn flag_byte(&self) -> u8 {
-        S::PubKey::FLAG
+    fn scheme(&self) -> SignatureScheme {
+        S::PubKey::SIGNATURE_SCHEME
     }
 }
 
@@ -1002,3 +1003,18 @@ pub mod bcs_signable_test {
         (obligation, idx)
     }
 }
+
+#[derive(Deserialize, Serialize, JsonSchema, Debug)]
+pub enum SignatureScheme {
+    ED25519,
+    Secp256k1,
+}
+
+impl SignatureScheme {
+    pub fn flag(&self) -> u8 {
+        match self {
+            SignatureScheme::ED25519 => 0x00,
+            SignatureScheme::Secp256k1 => 0xed,
+        }
+    }
+}
diff --git a/sdk/typescript/src/cryptography/publickey.ts b/sdk/typescript/src/cryptography/publickey.ts
@@ -27,6 +27,13 @@ export type PublicKeyData = {
 export const PUBLIC_KEY_SIZE = 32;
 export const TYPE_BYTE = 0x00;
 
+export type SignatureScheme = 'ED25519' | 'Secp256k1';
+
+const SIGNATURE_SCHEME_TO_FLAG = {
+  ED25519: 0x00,
+  Secp256k1: 0x01,
+};
+
 function isPublicKeyData(value: PublicKeyInitData): value is PublicKeyData {
   return (value as PublicKeyData)._bn !== undefined;
 }
@@ -108,9 +115,9 @@ export class PublicKey {
   /**
    * Return the Sui address associated with this public key
    */
-  toSuiAddress(): string {
+  toSuiAddress(scheme: SignatureScheme = 'ED25519'): string {
     let tmp = new Uint8Array(PUBLIC_KEY_SIZE + 1);
-    tmp.set([TYPE_BYTE]);
+    tmp.set([SIGNATURE_SCHEME_TO_FLAG[scheme]]);
     tmp.set(this.toBytes(), 1);
     const hexHash = sha3_256(tmp);
     const publicKeyBytes = new BN(hexHash, 16).toArray(undefined, 32);

diff --git a/sdk/typescript/src/index.guard.ts b/sdk/typescript/src/index.guard.ts
@@ -5,7 +5,7 @@
  * Generated type guards for "index.ts".
  * WARNING: Do not manually change this file.
  */
-import { Ed25519KeypairData, Keypair, PublicKeyInitData, PublicKeyData, TransferObjectTransaction, TransferSuiTransaction, MergeCoinTransaction, SplitCoinTransaction, MoveCallTransaction, PublishTransaction, TxnDataSerializer, SignaturePubkeyPair, Signer, TransactionDigest, SuiAddress, ObjectOwner, SuiObjectRef, SuiObjectInfo, ObjectContentFields, MovePackageContent, SuiData, SuiMoveObject, SuiMovePackage, SuiObject, ObjectStatus, ObjectType, GetOwnedObjectsResponse, GetObjectDataResponse, ObjectDigest, ObjectId, SequenceNumber, TransferObject, SuiTransferSui, SuiChangeEpoch, TransactionKindName, SuiTransactionKind, TransactionData, EpochId, AuthorityQuorumSignInfo, CertifiedTransaction, GasCostSummary, ExecutionStatusType, ExecutionStatus, OwnedObjectRef, TransactionEffects, TransactionEffectsResponse, GatewayTxSeqNumber, GetTxnDigestsResponse, MoveCall, SuiJsonValue, EmptySignInfo, AuthorityName, AuthoritySignature, TransactionBytes, MergeCoinResponse, SplitCoinResponse, PublishResponse, SuiPackage, TransactionResponse } from "./index";
+import { Ed25519KeypairData, Keypair, PublicKeyInitData, PublicKeyData, SignatureScheme, TransferObjectTransaction, TransferSuiTransaction, MergeCoinTransaction, SplitCoinTransaction, MoveCallTransaction, PublishTransaction, TxnDataSerializer, SignaturePubkeyPair, Signer, TransactionDigest, SuiAddress, ObjectOwner, SuiObjectRef, SuiObjectInfo, ObjectContentFields, MovePackageContent, SuiData, SuiMoveObject, SuiMovePackage, SuiObject, ObjectStatus, ObjectType, GetOwnedObjectsResponse, GetObjectDataResponse, ObjectDigest, ObjectId, SequenceNumber, TransferObject, SuiTransferSui, SuiChangeEpoch, TransactionKindName, SuiTransactionKind, TransactionData, EpochId, AuthorityQuorumSignInfo, CertifiedTransaction, GasCostSummary, ExecutionStatusType, ExecutionStatus, OwnedObjectRef, TransactionEffects, TransactionEffectsResponse, GatewayTxSeqNumber, GetTxnDigestsResponse, MoveCall, SuiJsonValue, EmptySignInfo, AuthorityName, AuthoritySignature, TransactionBytes, MergeCoinResponse, SplitCoinResponse, PublishResponse, SuiPackage, TransactionResponse } from "./index";
 import { BN } from "bn.js";
 import { Base64DataBuffer } from "./serialization/base64";
 import { PublicKey } from "./cryptography/publickey";
@@ -53,6 +53,13 @@ export function isPublicKeyData(obj: any, _argumentName?: string): obj is Public
     )
 }
 
+export function isSignatureScheme(obj: any, _argumentName?: string): obj is SignatureScheme {
+    return (
+        (obj === "ED25519" ||
+            obj === "Secp256k1")
+    )
+}
+
 export function isTransferObjectTransaction(obj: any, _argumentName?: string): obj is TransferObjectTransaction {
     return (
         (obj !== null &&
@@ -164,7 +171,7 @@ export function isSignaturePubkeyPair(obj: any, _argumentName?: string): obj is
         (obj !== null &&
             typeof obj === "object" ||
             typeof obj === "function") &&
-        obj.flag instanceof Base64DataBuffer &&
+        isSignatureScheme(obj.signatureScheme) as boolean &&
         obj.signature instanceof Base64DataBuffer &&
         obj.pubKey instanceof PublicKey
     )