Signature API for Ed25519 and ECDSA-secp256k1 signatures doesn't match

[abacabadabacaba]

The parameter data to SecretKey::sign() and Signature::verify() is supposed to hold the message being signed. However, in the current implementation, its meaning depends on signature type:

• For Ed25519 signatures, it holds the message itself and can be of arbitrary length.
• For ECDSA-secp256k1 signatures, it holds the hash of the message, and must be exactly 32 bytes long.

As a result, it is not possible to use this API properly if support for both signature types is desired. Currently, the code that signs transactions hashes them one extra time when using Ed25519 (which is not necessary), and the code that signs approvals only uses Ed25519 signatures (and will crash if we try to make it work with ECDSA-secp256k1 signatures, because approvals' length is not 32 bytes).

We need to change the API to interpret data as the message itself for both signature types (or get rid of ECDSA-secp256k1 signatures).

[ilblackdragon]

I don't mind removing support of secp256k1 (or of ed25519 if we want use secp256k1 to simplify verification in Ethereum) for specifically ValidatorSigner / block & approval signatures. I don't think we need to have 2 possible key types there.

For transactions it still make sense IMO. And may be even adding secp256p1 to add support for iOS secure enclaves.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity in the last 2 months. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity in the last 2 months. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.