From 3560ff283acbf6d2662b4f064ff683b3edcf6b4c Mon Sep 17 00:00:00 2001 From: "Charles E. Lehner" <charles.lehner@spruceid.com> Date: Wed, 27 Oct 2021 14:33:12 -0400 Subject: [PATCH 1/2] Add test for pkh EthereumPersonalSignature2021 --- did-pkh/src/lib.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/did-pkh/src/lib.rs b/did-pkh/src/lib.rs index f3c8d11f2..9e64b253a 100644 --- a/did-pkh/src/lib.rs +++ b/did-pkh/src/lib.rs @@ -1091,6 +1091,18 @@ mod tests { ) .await; + // eth/epsig + credential_prove_verify_did_pkh( + key_secp256k1_eip712sig.clone(), + other_key_secp256k1.clone(), + "eip155", + "#blockchainAccountId", + &ssi::ldp::EthereumPersonalSignature2021, + None, + None, + ) + .await; + // eth/Eip712 let eip712_domain: ssi::eip712::ProofInfo = serde_json::from_value(json!({ "messageSchema": { From 697e055f6f1aba38807b3c1fae0e25a7b5475cd5 Mon Sep 17 00:00:00 2001 From: "Charles E. Lehner" <charles.lehner@spruceid.com> Date: Wed, 27 Oct 2021 14:41:44 -0400 Subject: [PATCH 2/2] Remove use of PassthroughDigest in ldp Do Keccak256 hashing using try_sign and recover_verify_key functions, rather than in hash_personal_message. --- src/keccak_hash.rs | 8 ++++++-- src/ldp.rs | 13 +++++-------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/keccak_hash.rs b/src/keccak_hash.rs index 78cc222b3..f1d092bf7 100644 --- a/src/keccak_hash.rs +++ b/src/keccak_hash.rs @@ -34,10 +34,14 @@ pub fn hash_public_key(jwk: &JWK) -> Result<String, Error> { Ok(hash_last20_hex) } -pub fn hash_personal_message(msg: &str) -> Vec<u8> { +pub fn prefix_personal_message(msg: &str) -> Vec<u8> { let msg_bytes = msg.as_bytes(); let prefix = format!("\x19Ethereum Signed Message:\n{}", msg_bytes.len()); - let data = [prefix.as_bytes().to_vec(), msg_bytes.to_vec()].concat(); + [prefix.as_bytes().to_vec(), msg_bytes.to_vec()].concat() +} + +pub fn hash_personal_message(msg: &str) -> Vec<u8> { + let data = prefix_personal_message(msg); keccak(data).to_fixed_bytes().to_vec() } diff --git a/src/ldp.rs b/src/ldp.rs index e5d3855a6..4c2e8ad01 100644 --- a/src/ldp.rs +++ b/src/ldp.rs @@ -1283,8 +1283,7 @@ impl ProofSuite for EthereumPersonalSignature2021 { key: &JWK, extra_proof_properties: Option<Map<String, Value>>, ) -> Result<Proof, Error> { - use crate::passthrough_digest::PassthroughDigest; - use k256::ecdsa::signature::{digest::Digest, DigestSigner}; + use k256::ecdsa::signature::Signer; let mut proof = Proof { context: serde_json::json!([EPSIG_CONTEXT.clone()]), ..Proof::new("EthereumPersonalSignature2021") @@ -1292,15 +1291,14 @@ impl ProofSuite for EthereumPersonalSignature2021 { .with_properties(extra_proof_properties) }; let signing_string = string_from_document_and_options(document, &proof).await?; - let hash = crate::keccak_hash::hash_personal_message(&signing_string); + let hash = crate::keccak_hash::prefix_personal_message(&signing_string); let ec_params = match &key.params { JWKParams::EC(ec) => ec, _ => return Err(Error::KeyTypeNotImplemented), }; let secret_key = k256::SecretKey::try_from(ec_params)?; let signing_key = k256::ecdsa::SigningKey::from(secret_key); - let digest = Digest::chain(<PassthroughDigest as Digest>::new(), &hash); - let sig: k256::ecdsa::recoverable::Signature = signing_key.try_sign_digest(digest)?; + let sig: k256::ecdsa::recoverable::Signature = signing_key.try_sign(&hash)?; let sig_bytes = &mut sig.as_ref().to_vec(); // Recovery ID starts at 27 instead of 0. sig_bytes[64] += 27; @@ -1371,9 +1369,8 @@ impl ProofSuite for EthereumPersonalSignature2021 { let sig = k256::ecdsa::Signature::try_from(&dec_sig[..64])?; let sig = k256::ecdsa::recoverable::Signature::new(&sig, rec_id)?; let signing_string = string_from_document_and_options(document, proof).await?; - let hash = crate::keccak_hash::hash_personal_message(&signing_string); - let digest = k256::elliptic_curve::FieldBytes::<k256::Secp256k1>::from_slice(&hash); - let recovered_key = sig.recover_verify_key_from_digest_bytes(digest)?; + let hash = crate::keccak_hash::prefix_personal_message(&signing_string); + let recovered_key = sig.recover_verify_key(&hash)?; use crate::jwk::ECParams; let jwk = JWK { params: JWKParams::EC(ECParams::try_from(&k256::PublicKey::from_sec1_bytes(