From 26d4a178a8e5f05af34f920fb8bc95da1ca6bf23 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <tony@iqlusion.io>
Date: Thu, 10 Jun 2021 09:15:55 -0700
Subject: [PATCH] tendermint: use k256::ecdsa::VerifyingKey as Secp256k1 key

See #873 for background.

This changes the type re-exported as `tendermint::public_key::Secp256k1`
from a `k256::EncodedPoint` to a `k256::ecdsa::VerifyingKey`.

The main distinction this provides is validating the public key (i.e.
making sure it provides a valid solution to the secp256k1 curve
equation), whereas `EncodedPoint` provides no validation of the public
key.

If there were ever a `Signature::Secp256k1` variant added, this would
also make it easy to perform signature verification.
---
 tendermint/src/account.rs    |  4 ++--
 tendermint/src/public_key.rs | 31 ++++++++++++++-----------------
 tendermint/src/validator.rs  |  2 +-
 3 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/tendermint/src/account.rs b/tendermint/src/account.rs
index 1b0b73ea8..488ba1769 100644
--- a/tendermint/src/account.rs
+++ b/tendermint/src/account.rs
@@ -94,7 +94,7 @@ impl Debug for Id {
 #[cfg(feature = "secp256k1")]
 impl From<Secp256k1> for Id {
     fn from(pk: Secp256k1) -> Id {
-        let sha_digest = Sha256::digest(pk.as_bytes());
+        let sha_digest = Sha256::digest(&pk.to_bytes());
         let ripemd_digest = Ripemd160::digest(&sha_digest[..]);
         let mut bytes = [0u8; LENGTH];
         bytes.copy_from_slice(&ripemd_digest[..LENGTH]);
@@ -184,7 +184,7 @@ mod tests {
         let id_bytes = Id::from_str(id_hex).expect("expected id_hex to decode properly");
 
         // get id for pubkey
-        let pubkey = Secp256k1::from_bytes(pubkey_bytes).unwrap();
+        let pubkey = Secp256k1::from_sec1_bytes(pubkey_bytes).unwrap();
         let id = Id::from(pubkey);
 
         assert_eq!(id_bytes.ct_eq(&id).unwrap_u8(), 1);
diff --git a/tendermint/src/public_key.rs b/tendermint/src/public_key.rs
index 1c0fd259e..7d8ca2e62 100644
--- a/tendermint/src/public_key.rs
+++ b/tendermint/src/public_key.rs
@@ -2,7 +2,7 @@
 
 pub use ed25519_dalek::PublicKey as Ed25519;
 #[cfg(feature = "secp256k1")]
-pub use k256::EncodedPoint as Secp256k1;
+pub use k256::ecdsa::VerifyingKey as Secp256k1;
 
 mod pub_key_request;
 mod pub_key_response;
@@ -91,7 +91,7 @@ impl From<PublicKey> for RawPublicKey {
             #[cfg(feature = "secp256k1")]
             PublicKey::Secp256k1(ref pk) => RawPublicKey {
                 sum: Some(tendermint_proto::crypto::public_key::Sum::Secp256k1(
-                    pk.as_bytes().to_vec(),
+                    pk.to_bytes().to_vec(),
                 )),
             },
         }
@@ -103,7 +103,9 @@ impl PublicKey {
     #[cfg(feature = "secp256k1")]
     #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
     pub fn from_raw_secp256k1(bytes: &[u8]) -> Option<PublicKey> {
-        Secp256k1::from_bytes(bytes).ok().map(PublicKey::Secp256k1)
+        Secp256k1::from_sec1_bytes(bytes)
+            .ok()
+            .map(PublicKey::Secp256k1)
     }
 
     /// From raw Ed25519 public key bytes
@@ -153,20 +155,15 @@ impl PublicKey {
         }
     }
 
-    /// View this key as a byte slice
-    pub fn as_bytes(&self) -> &[u8] {
+    /// Serialize this key as a byte vector.
+    pub fn to_bytes(&self) -> Vec<u8> {
         match self {
-            PublicKey::Ed25519(pk) => pk.as_bytes(),
+            PublicKey::Ed25519(pk) => pk.as_bytes().to_vec(),
             #[cfg(feature = "secp256k1")]
-            PublicKey::Secp256k1(pk) => pk.as_bytes(),
+            PublicKey::Secp256k1(pk) => pk.to_bytes().to_vec(),
         }
     }
 
-    /// Get a vector containing the byte serialization of this key
-    pub fn to_vec(self) -> Vec<u8> {
-        self.as_bytes().to_vec()
-    }
-
     /// Serialize this key as Bech32 with the given human readable prefix
     pub fn to_bech32(self, hrp: &str) -> String {
         let backward_compatible_amino_prefixed_pubkey = match self {
@@ -178,7 +175,7 @@ impl PublicKey {
             #[cfg(feature = "secp256k1")]
             PublicKey::Secp256k1(ref pk) => {
                 let mut key_bytes = vec![0xEB, 0x5A, 0xE9, 0x87, 0x21];
-                key_bytes.extend(pk.as_bytes());
+                key_bytes.extend(pk.to_bytes());
                 key_bytes
             }
         };
@@ -187,7 +184,7 @@ impl PublicKey {
 
     /// Serialize this key as hexadecimal
     pub fn to_hex(self) -> String {
-        String::from_utf8(hex::encode_upper(self.as_bytes())).unwrap()
+        String::from_utf8(hex::encode_upper(self.to_bytes())).unwrap()
     }
 }
 
@@ -222,7 +219,7 @@ impl Ord for PublicKey {
             PublicKey::Secp256k1(a) => match other {
                 PublicKey::Ed25519(_) => Ordering::Greater,
                 #[cfg(feature = "secp256k1")]
-                PublicKey::Secp256k1(b) => a.as_bytes().cmp(b.as_bytes()),
+                PublicKey::Secp256k1(b) => a.cmp(b),
             },
         }
     }
@@ -346,7 +343,7 @@ fn serialize_secp256k1_base64<S>(pk: &Secp256k1, serializer: S) -> Result<S::Ok,
 where
     S: ser::Serializer,
 {
-    String::from_utf8(base64::encode(pk.as_bytes()))
+    String::from_utf8(base64::encode(pk.to_bytes()))
         .unwrap()
         .serialize(serializer)
 }
@@ -369,7 +366,7 @@ where
     use de::Error;
     let encoded = String::deserialize(deserializer)?;
     let bytes = base64::decode(&encoded).map_err(D::Error::custom)?;
-    Secp256k1::from_bytes(&bytes).map_err(|_| D::Error::custom("invalid secp256k1 key"))
+    Secp256k1::from_sec1_bytes(&bytes).map_err(|_| D::Error::custom("invalid secp256k1 key"))
 }
 
 #[cfg(test)]
diff --git a/tendermint/src/validator.rs b/tendermint/src/validator.rs
index 8722c30b3..ccdcaabf7 100644
--- a/tendermint/src/validator.rs
+++ b/tendermint/src/validator.rs
@@ -264,7 +264,7 @@ impl From<&Info> for SimpleValidator {
             )),
             #[cfg(feature = "secp256k1")]
             PublicKey::Secp256k1(pk) => Some(tendermint_proto::crypto::public_key::Sum::Secp256k1(
-                pk.as_bytes().to_vec(),
+                pk.to_bytes().to_vec(),
             )),
         };
         SimpleValidator {