From 69de87abf75a2c4e3013df9582835ec4ddf258c6 Mon Sep 17 00:00:00 2001
From: Emma Turner <emma.turner@trili.tech>
Date: Tue, 19 Dec 2023 08:46:31 +0000
Subject: [PATCH] crypto: remove legacy base58 encoding for SecretKeyEd25519

---
 CHANGELOG.md       |  3 ++-
 crypto/src/hash.rs | 22 +++++++++++++++++-----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 967da3f6b2..5a1941bb71 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,7 +24,7 @@ parameterized by the lifetime of the input byte slice.
 
 ### Removed
 
-- Nothing.
+- Removed legacy `SecretKeyEd25519` encoding.
 
 ### Fixed
 
@@ -32,6 +32,7 @@ parameterized by the lifetime of the input byte slice.
 - Add explicit prefix check during base58check decoding.
 - Hash input before signing with `SecretKeyEd25519`, to match octez impl.
 - Fix `BlsSignature` base58 check encoding/decoding.
+- Fix `SecretKeyEd25519` base58 check encoding/decoding.
 
 ### Security
 
diff --git a/crypto/src/hash.rs b/crypto/src/hash.rs
index 7680fefcf1..42a7dac383 100644
--- a/crypto/src/hash.rs
+++ b/crypto/src/hash.rs
@@ -38,7 +38,9 @@ mod prefix_bytes {
     pub const PUBLIC_KEY_P256: [u8; 4] = [3, 178, 139, 127];
     pub const PUBLIC_KEY_BLS: [u8; 4] = [6, 149, 135, 204];
     pub const SEED_ED25519: [u8; 4] = [13, 15, 58, 7];
-    pub const SECRET_KEY_ED25519: [u8; 4] = [43, 246, 78, 7];
+    // SecretKeyEd25519 uses identical b58 encoding as SeedEd25519 in
+    // non-legacy format.
+    pub const SECRET_KEY_ED25519: [u8; 4] = SEED_ED25519;
     pub const SECRET_KEY_BLS: [u8; 4] = [3, 150, 192, 40];
     pub const GENERIC_SIGNATURE_HASH: [u8; 3] = [4, 130, 43];
     pub const ED22519_SIGNATURE_HASH: [u8; 5] = [9, 245, 205, 134, 18];
@@ -363,7 +365,7 @@ pub enum HashType {
     PublicKeyBls,
     // "\013\015\058\007" (* edsk(54) *)
     SeedEd25519,
-    // "\043\246\078\007" (* edsk(98) *)
+    // "\013\015\058\007" (* edsk(54) *)
     SecretKeyEd25519,
     // "\003\150\192\040" (* BLsk(54) *)
     SecretKeyBls,
@@ -448,10 +450,9 @@ impl HashType {
             | HashType::ContractTz4Hash
             | HashType::SmartRollupHash => 20,
             HashType::PublicKeySecp256k1 | HashType::PublicKeyP256 => 33,
-            HashType::SeedEd25519 | HashType::SecretKeyBls => 32,
+            HashType::SecretKeyEd25519 | HashType::SeedEd25519 | HashType::SecretKeyBls => 32,
             HashType::PublicKeyBls => 48,
-            HashType::SecretKeyEd25519
-            | HashType::Ed25519Signature
+            HashType::Ed25519Signature
             | HashType::Secp256k1Signature
             | HashType::P256Signature
             | HashType::UnknownSignature => 64,
@@ -1181,6 +1182,8 @@ mod tests {
                 fn $name() {
                     for str in $h {
                         let h = $ty::from_base58_check(str).expect("Invalid hash");
+                        assert_eq!(str, h.to_base58_check());
+
                         let json = serde_json::to_string(&h).expect("Cannot convert to json");
                         assert_eq!(json, format!(r#""{}""#, h));
                         let h1 = serde_json::from_str(&json).expect("Cannot convert from json");
@@ -1262,6 +1265,15 @@ mod tests {
             ["edsk31vznjHSSpGExDMHYASz45VZqXN4DPxvsa4hAyY8dHM28cZzp6"]
         );
 
+        test!(
+            sk_ed25519,
+            SecretKeyEd25519,
+            [
+                "edsk31vznjHSSpGExDMHYASz45VZqXN4DPxvsa4hAyY8dHM28cZzp6",
+                "edsk3gUfUPyBSfrS9CCgmCiQsTCHGkviBDusMxDJstFtojtc1zcpsh"
+            ]
+        );
+
         test!(pk_hash, CryptoboxPublicKeyHash, []);
 
         test!(pk_ed25519, PublicKeyEd25519, []);