Fix https://github.com/serai-dex/serai/issues/150

2025-12-08 12:19:24 +00:00 · 2022-11-10 22:35:09 -05:00
parent d714f2202d
commit 84de427d72
32 changed files with 313 additions and 278 deletions
--- a/crypto/schnorr/src/lib.rs
+++ b/crypto/schnorr/src/lib.rs
@@ -1,8 +1,9 @@
+use core::ops::Deref;
 use std::io::{self, Read, Write};

 use rand_core::{RngCore, CryptoRng};

-use zeroize::Zeroize;
+use zeroize::{Zeroize, Zeroizing};

 use group::{
  ff::{Field, PrimeField},
@@ -46,11 +47,16 @@ impl<C: Ciphersuite> SchnorrSignature<C> {
  }

  /// Sign a Schnorr signature with the given nonce for the specified challenge.
-  pub fn sign(mut private_key: C::F, mut nonce: C::F, challenge: C::F) -> SchnorrSignature<C> {
-    let res = SchnorrSignature { R: C::generator() * nonce, s: nonce + (private_key * challenge) };
-    private_key.zeroize();
-    nonce.zeroize();
-    res
+  pub fn sign(
+    private_key: &Zeroizing<C::F>,
+    nonce: Zeroizing<C::F>,
+    challenge: C::F,
+  ) -> SchnorrSignature<C> {
+    SchnorrSignature {
+      // Uses deref instead of * as * returns C::F yet deref returns &C::F, preventing a copy
+      R: C::generator() * nonce.deref(),
+      s: (challenge * private_key.deref()) + nonce.deref(),
+    }
  }

  /// Verify a Schnorr signature for the given key with the specified challenge.
--- a/crypto/schnorr/src/tests.rs
+++ b/crypto/schnorr/src/tests.rs
@@ -1,5 +1,9 @@
+use core::ops::Deref;
+
 use rand_core::OsRng;

+use zeroize::Zeroizing;
+
 use blake2::{digest::typenum::U32, Blake2b};
 type Blake2b256 = Blake2b<U32>;

@@ -14,11 +18,11 @@ use crate::{
 };

 pub(crate) fn sign<C: Ciphersuite>() {
-  let private_key = C::random_nonzero_F(&mut OsRng);
-  let nonce = C::random_nonzero_F(&mut OsRng);
+  let private_key = Zeroizing::new(C::random_nonzero_F(&mut OsRng));
+  let nonce = Zeroizing::new(C::random_nonzero_F(&mut OsRng));
  let challenge = C::random_nonzero_F(&mut OsRng); // Doesn't bother to craft an HRAm
-  assert!(SchnorrSignature::<C>::sign(private_key, nonce, challenge)
-    .verify(C::generator() * private_key, challenge));
+  assert!(SchnorrSignature::<C>::sign(&private_key, nonce, challenge)
+    .verify(C::generator() * private_key.deref(), challenge));
 }

 // The above sign function verifies signing works
@@ -35,16 +39,20 @@ pub(crate) fn batch_verify<C: Ciphersuite>() {
  let mut challenges = vec![];
  let mut sigs = vec![];
  for i in 0 .. 5 {
-    keys.push(C::random_nonzero_F(&mut OsRng));
+    keys.push(Zeroizing::new(C::random_nonzero_F(&mut OsRng)));
    challenges.push(C::random_nonzero_F(&mut OsRng));
-    sigs.push(SchnorrSignature::<C>::sign(keys[i], C::random_nonzero_F(&mut OsRng), challenges[i]));
+    sigs.push(SchnorrSignature::<C>::sign(
+      &keys[i],
+      Zeroizing::new(C::random_nonzero_F(&mut OsRng)),
+      challenges[i],
+    ));
  }

  // Batch verify
  {
    let mut batch = BatchVerifier::new(5);
    for (i, sig) in sigs.iter().enumerate() {
-      sig.batch_verify(&mut OsRng, &mut batch, i, C::generator() * keys[i], challenges[i]);
+      sig.batch_verify(&mut OsRng, &mut batch, i, C::generator() * keys[i].deref(), challenges[i]);
    }
    batch.verify_with_vartime_blame().unwrap();
  }
@@ -60,7 +68,7 @@ pub(crate) fn batch_verify<C: Ciphersuite>() {
      if i == 2 {
        sig.s -= C::F::one();
      }
-      sig.batch_verify(&mut OsRng, &mut batch, i, C::generator() * keys[i], challenges[i]);
+      sig.batch_verify(&mut OsRng, &mut batch, i, C::generator() * keys[i].deref(), challenges[i]);
    }
    if let Err(blame) = batch.verify_with_vartime_blame() {
      assert!((blame == 1) || (blame == 2));
@@ -76,12 +84,16 @@ pub(crate) fn aggregate<C: Ciphersuite>() {
  let mut challenges = vec![];
  let mut aggregator = SchnorrAggregator::<Blake2b256, C>::new();
  for i in 0 .. 5 {
-    keys.push(C::random_nonzero_F(&mut OsRng));
+    keys.push(Zeroizing::new(C::random_nonzero_F(&mut OsRng)));
    challenges.push(C::random_nonzero_F(&mut OsRng));
    aggregator.aggregate(
-      C::generator() * keys[i],
+      C::generator() * keys[i].deref(),
      challenges[i],
-      SchnorrSignature::<C>::sign(keys[i], C::random_nonzero_F(&mut OsRng), challenges[i]),
+      SchnorrSignature::<C>::sign(
+        &keys[i],
+        Zeroizing::new(C::random_nonzero_F(&mut OsRng)),
+        challenges[i],
+      ),
    );
  }

@@ -91,7 +103,7 @@ pub(crate) fn aggregate<C: Ciphersuite>() {
  assert!(aggregate.verify::<Blake2b256>(
    keys
      .iter()
-      .map(|key| C::generator() * key)
+      .map(|key| C::generator() * key.deref())
      .zip(challenges.iter().cloned())
      .collect::<Vec<_>>()
      .as_ref()