Use bytes for Ed25519Signature public key

bindings/core/Cargo.toml

@@ -18,7 +18,7 @@ backtrace = { version = "0.3.69", default-features = false, features = ["std"] }
 derivative = { version = "2.2.0", default-features = false }
 fern-logger = { version = "0.5.0", default-features = false }
 futures = { version = "0.3.30", default-features = false }
-iota-crypto = { version = "0.23.0", default-features = false, features = [
+iota-crypto = { version = "0.23.1", default-features = false, features = [
     "slip10",
     "bip44",
 ] }

bindings/core/src/method_handler/utils.rs

@@ -1,4 +1,4 @@
-// Copyright 2023 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 use crypto::keys::bip39::Mnemonic;
@@ -14,7 +14,7 @@ use iota_sdk::{
             output::{AliasId, FoundryId, InputsCommitment, NftId, Output, OutputId, Rent, TokenId},
             payload::{transaction::TransactionEssence, MilestonePayload, TransactionPayload},
             signature::Ed25519Signature,
-            Block,
+            Block, Error,
         },
         TryFromDto,
     },
@@ -96,15 +96,14 @@ pub(crate) fn call_utils_method_internal(method: UtilsMethod) -> Result<Response
         UtilsMethod::VerifyEd25519Signature { signature, message } => {
             let signature = Ed25519Signature::try_from(signature)?;
             let message: Vec<u8> = prefix_hex::decode(message)?;
-            Response::Bool(signature.verify(&message))
+            Response::Bool(signature.try_verify(&message).map_err(Error::from)?)
         }
         UtilsMethod::VerifySecp256k1EcdsaSignature {
             public_key,
             signature,
             message,
         } => {
             use crypto::signatures::secp256k1_ecdsa;
-            use iota_sdk::types::block::Error;
             let public_key = prefix_hex::decode(public_key)?;
             let public_key = secp256k1_ecdsa::PublicKey::try_from_bytes(&public_key).map_err(Error::from)?;
             let signature = prefix_hex::decode(signature)?;

sdk/CHANGELOG.md

@@ -19,6 +19,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security -->
 
+## 1.1.4 - 2024-MM-DD
+
+### Added
+
+- `Ed25519Signature` methods `new_from_bytes`, `public_key_bytes`, `from_bytes`, `try_verify`;
+
+### Deprecated
+
+- `Ed25519Signature` methods `public_key`, `try_from_bytes`, `verify`;
+
+### Fixed
+
+- `Ed25519Signature` type no longer requires validated public key bytes to construct;
+
 ## 1.1.3 - 2023-12-07
 
 ### Added

sdk/Cargo.toml

@@ -34,7 +34,7 @@ hashbrown = { version = "0.14.3", default-features = false, features = [
     "inline-more",
 ] }
 hex = { version = "0.4.3", default-features = false }
-iota-crypto = { version = "0.23.0", default-features = false, features = [
+iota-crypto = { version = "0.23.1", default-features = false, features = [
     "blake2b",
     "ed25519",
     "secp256k1",

sdk/examples/how_tos/sign_and_verify_ed25519/sign_ed25519.rs

@@ -1,4 +1,4 @@
-// Copyright 2023 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 //! In this example we will sign with Ed25519.
@@ -53,12 +53,13 @@ async fn main() -> Result<()> {
         .await?;
     println!(
         "Public key: {}\nSignature: {}",
-        prefix_hex::encode(signature.public_key().as_ref()),
+        prefix_hex::encode(signature.public_key_bytes().as_ref()),
         prefix_hex::encode(signature.signature().to_bytes()),
     );
 
     // Hash the public key to get the address
-    let bech32_address = hex_public_key_to_bech32_address(&prefix_hex::encode(signature.public_key().as_ref()), "rms")?;
+    let bech32_address =
+        hex_public_key_to_bech32_address(&prefix_hex::encode(signature.public_key_bytes().as_ref()), "rms")?;
     println!("Address: {bech32_address}");
 
     Ok(())

sdk/src/types/block/payload/milestone/mod.rs

@@ -1,4 +1,4 @@
-// Copyright 2020-2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 //! Module describing the milestone payload.
@@ -120,16 +120,19 @@ impl MilestonePayload {
         for (index, signature) in self.signatures().iter().enumerate() {
             let Signature::Ed25519(signature) = signature;
 
-            if !applicable_public_keys.contains(&hex::encode(signature.public_key())) {
+            if !applicable_public_keys.contains(&hex::encode(signature.public_key_bytes())) {
                 return Err(MilestoneValidationError::UnapplicablePublicKey(prefix_hex::encode(
-                    signature.public_key().as_ref(),
+                    signature.public_key_bytes().as_ref(),
                 )));
             }
 
-            if !signature.verify(&essence_hash) {
+            if !signature
+                .try_verify(&essence_hash)
+                .map_err(MilestoneValidationError::Crypto)?
+            {
                 return Err(MilestoneValidationError::InvalidSignature(
                     index,
-                    prefix_hex::encode(signature.public_key().as_ref()),
+                    prefix_hex::encode(signature.public_key_bytes().as_ref()),
                 ));
             }
         }
@@ -142,7 +145,7 @@ fn verify_signatures<const VERIFY: bool>(signatures: &[Signature]) -> Result<(),
     if VERIFY
         && !is_unique_sorted(signatures.iter().map(|signature| {
             let Signature::Ed25519(signature) = signature;
-            signature.public_key()
+            signature.public_key_bytes()
         }))
     {
         Err(Error::MilestoneSignaturesNotUniqueSorted)

sdk/src/types/block/signature/ed25519.rs

@@ -1,11 +1,11 @@
-// Copyright 2020-2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 use core::{fmt, ops::Deref};
 
 use crypto::{
     hashes::{blake2b::Blake2b256, Digest},
-    signatures::ed25519::{PublicKey, Signature},
+    signatures::ed25519::{PublicKey, PublicKeyBytes, Signature},
 };
 use packable::{
     error::{UnpackError, UnpackErrorExt},
@@ -19,7 +19,7 @@ use crate::types::block::{address::Ed25519Address, Error};
 /// An Ed25519 signature.
 #[derive(Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
 pub struct Ed25519Signature {
-    public_key: PublicKey,
+    public_key: PublicKeyBytes,
     signature: Signature,
 }
 
@@ -31,24 +31,44 @@ impl Ed25519Signature {
     /// Length of an ED25519 signature.
     pub const SIGNATURE_LENGTH: usize = Signature::LENGTH;
 
-    /// Creates a new [`Ed25519Signature`].
+    /// Creates a new [`Ed25519Signature`] from a validated public key and signature.
     pub fn new(public_key: PublicKey, signature: Signature) -> Self {
+        Self {
+            public_key: public_key.to_bytes().into(),
+            signature,
+        }
+    }
+
+    /// Creates a new [`Ed25519Signature`] from public key bytes and signature.
+    pub fn new_from_bytes(public_key: PublicKeyBytes, signature: Signature) -> Self {
         Self { public_key, signature }
     }
 
     /// Creates a new [`Ed25519Signature`] from bytes.
+    #[deprecated(since = "1.1.4", note = "use Ed25519Signature::from_bytes instead")]
     pub fn try_from_bytes(
         public_key: [u8; Self::PUBLIC_KEY_LENGTH],
         signature: [u8; Self::SIGNATURE_LENGTH],
     ) -> Result<Self, Error> {
-        Ok(Self::new(
-            PublicKey::try_from_bytes(public_key)?,
-            Signature::from_bytes(signature),
-        ))
+        Ok(Self::from_bytes(public_key, signature))
+    }
+
+    /// Creates a new [`Ed25519Signature`] from bytes.
+    pub fn from_bytes(public_key: [u8; Self::PUBLIC_KEY_LENGTH], signature: [u8; Self::SIGNATURE_LENGTH]) -> Self {
+        Self {
+            public_key: PublicKeyBytes::from_bytes(public_key),
+            signature: Signature::from_bytes(signature),
+        }
     }
 
     /// Returns the public key of an [`Ed25519Signature`].
+    #[deprecated(since = "1.1.4", note = "use Ed25519Signature::public_key_bytes instead")]
     pub fn public_key(&self) -> &PublicKey {
+        panic!("deprecated method: use Ed25519Signature::public_key_bytes instead")
+    }
+
+    /// Returns the unvalidated public key bytes of an [`Ed25519Signature`].
+    pub fn public_key_bytes(&self) -> &PublicKeyBytes {
         &self.public_key
     }
 
@@ -57,7 +77,14 @@ impl Ed25519Signature {
         &self.signature
     }
 
+    /// Verify a message using the signature.
+    #[deprecated(since = "1.1.4", note = "use Ed25519Signature::try_verify instead")]
     pub fn verify(&self, message: &[u8]) -> bool {
+        self.public_key.verify(&self.signature, message).unwrap_or_default()
+    }
+
+    /// Verify a message using the signature.
+    pub fn try_verify(&self, message: &[u8]) -> Result<bool, crypto::Error> {
         self.public_key.verify(&self.signature, message)
     }
 
@@ -72,7 +99,7 @@ impl Ed25519Signature {
             });
         }
 
-        if !self.verify(message) {
+        if !self.try_verify(message)? {
             return Err(Error::InvalidSignature);
         }
 
@@ -121,9 +148,7 @@ impl Packable for Ed25519Signature {
     ) -> Result<Self, UnpackError<Self::UnpackError, U::Error>> {
         let public_key = <[u8; Self::PUBLIC_KEY_LENGTH]>::unpack::<_, VERIFY>(unpacker, visitor).coerce()?;
         let signature = <[u8; Self::SIGNATURE_LENGTH]>::unpack::<_, VERIFY>(unpacker, visitor).coerce()?;
-        Self::try_from_bytes(public_key, signature)
-            .map_err(UnpackError::Packable)
-            .coerce()
+        Ok(Self::from_bytes(public_key, signature))
     }
 }
 
@@ -160,10 +185,10 @@ pub(crate) mod dto {
         type Error = Error;
 
         fn try_from(value: Ed25519SignatureDto) -> Result<Self, Self::Error> {
-            Self::try_from_bytes(
+            Ok(Self::from_bytes(
                 prefix_hex::decode(&value.public_key).map_err(|_| Error::InvalidField("publicKey"))?,
                 prefix_hex::decode(&value.signature).map_err(|_| Error::InvalidField("signature"))?,
-            )
+            ))
         }
     }
 }

sdk/src/wallet/account/mod.rs

@@ -1,4 +1,4 @@
-// Copyright 2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 /// The module with the AccountBuilder.
@@ -651,7 +651,7 @@ mod test {
 
         let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
         let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-        let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+        let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
         let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
         let ref_unlock = Unlock::Reference(ReferenceUnlock::new(0).unwrap());
         let unlocks = Unlocks::new([sig_unlock, ref_unlock]).unwrap();

sdk/tests/types/ed25519_signature.rs

@@ -1,4 +1,4 @@
-// Copyright 2020-2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 use iota_sdk::types::block::signature::Ed25519Signature;
@@ -17,7 +17,7 @@ fn kind() {
 fn packed_len() {
     let pub_key_bytes: [u8; 32] = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes: [u8; 64] = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let sig = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let sig = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
 
     assert_eq!(sig.packed_len(), 32 + 64);
     assert_eq!(sig.pack_to_vec().len(), 32 + 64);
@@ -27,7 +27,7 @@ fn packed_len() {
 fn pack_unpack_valid() {
     let pub_key_bytes: [u8; 32] = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes: [u8; 64] = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let sig = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let sig = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_packed = sig.pack_to_vec();
 
     assert_eq!(sig, PackableExt::unpack_verified(sig_packed.as_slice(), &()).unwrap());

sdk/tests/types/payload.rs

@@ -1,4 +1,4 @@
-// Copyright 2020-2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 use core::str::FromStr;
@@ -56,7 +56,7 @@ fn transaction() {
 
     let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
     let ref_unlock = Unlock::Reference(ReferenceUnlock::new(0).unwrap());
     let unlocks = Unlocks::new(vec![sig_unlock, ref_unlock]).unwrap();
@@ -93,9 +93,7 @@ fn milestone() {
             MilestoneOptions::from_vec(vec![]).unwrap(),
         )
         .unwrap(),
-        vec![Signature::from(
-            Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap(),
-        )],
+        vec![Signature::from(Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes))],
     )
     .unwrap()
     .into();

sdk/tests/types/transaction_payload.rs

@@ -1,4 +1,4 @@
-// Copyright 2020-2021 IOTA Stiftung
+// Copyright 2024 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
 use iota_sdk::types::block::{
@@ -53,7 +53,7 @@ fn builder_no_essence_too_few_unlocks() {
     // Construct a list with a single unlock, whereas we have 2 tx inputs.
     let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
     let unlocks = Unlocks::new([sig_unlock]).unwrap();
 
@@ -90,7 +90,7 @@ fn builder_no_essence_too_many_unlocks() {
     // Construct a list of two unlocks, whereas we only have 1 tx input.
     let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
     let ref_unlock = Unlock::Reference(ReferenceUnlock::new(0).unwrap());
 
@@ -130,7 +130,7 @@ fn pack_unpack_valid() {
     // Construct a list of two unlocks, whereas we only have 1 tx input.
     let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
     let ref_unlock = Unlock::Reference(ReferenceUnlock::new(0).unwrap());
     let unlocks = Unlocks::new([sig_unlock, ref_unlock]).unwrap();
@@ -172,7 +172,7 @@ fn getters() {
     // Construct a list of two unlocks, whereas we only have 1 tx input.
     let pub_key_bytes = prefix_hex::decode(ED25519_PUBLIC_KEY).unwrap();
     let sig_bytes = prefix_hex::decode(ED25519_SIGNATURE).unwrap();
-    let signature = Ed25519Signature::try_from_bytes(pub_key_bytes, sig_bytes).unwrap();
+    let signature = Ed25519Signature::from_bytes(pub_key_bytes, sig_bytes);
     let sig_unlock = Unlock::Signature(SignatureUnlock::from(Signature::from(signature)));
     let ref_unlock = Unlock::Reference(ReferenceUnlock::new(0).unwrap());
     let unlocks = Unlocks::new([sig_unlock, ref_unlock]).unwrap();