refactor(eddsa-poseidon)!: restrict message types

packages/eddsa-poseidon/src/eddsa-poseidon.ts

@@ -9,7 +9,7 @@ import {
     subOrder,
     unpackPoint
 } from "@zk-kit/baby-jubjub"
-import type { BigNumberish } from "@zk-kit/utils"
+import type { BigNumber, BigNumberish } from "@zk-kit/utils"
 import { crypto, requireBuffer } from "@zk-kit/utils"
 import { bigNumberishToBigInt, leBigIntToBuffer, leBufferToBigInt } from "@zk-kit/utils/conversions"
 import { requireBigNumberish } from "@zk-kit/utils/error-handlers"
@@ -87,7 +87,7 @@ export function derivePublicKey(privateKey: Buffer | Uint8Array | string): Point
  * @param message The message to be signed.
  * @returns The signature object, containing properties relevant to EdDSA signatures, such as 'R8' and 'S' values.
  */
-export function signMessage(privateKey: Buffer | Uint8Array | string, message: BigNumberish): Signature<bigint> {
+export function signMessage(privateKey: Buffer | Uint8Array | string, message: BigNumber): Signature<bigint> {
     // Convert the private key to buffer.
     privateKey = checkPrivateKey(privateKey)
 
@@ -121,7 +121,7 @@ export function signMessage(privateKey: Buffer | Uint8Array | string, message: B
  * @param publicKey The public key associated with the private key used to sign the message.
  * @returns Returns true if the signature is valid and corresponds to the message and public key, false otherwise.
  */
-export function verifySignature(message: BigNumberish, signature: Signature, publicKey: Point): boolean {
+export function verifySignature(message: BigNumber, signature: Signature, publicKey: Point): boolean {
     if (
         !isPoint(publicKey) ||
         !isSignature(signature) ||
@@ -281,7 +281,7 @@ export class EdDSAPoseidon {
      * @param message The message to be signed.
      * @returns The signature of the message.
      */
-    signMessage(message: BigNumberish): Signature<bigint> {
+    signMessage(message: BigNumber): Signature<bigint> {
         return signMessage(this.privateKey, message)
     }
 
@@ -291,7 +291,7 @@ export class EdDSAPoseidon {
      * @param signature The signature to be verified.
      * @returns True if the signature is valid for the message and public key, false otherwise.
      */
-    verifySignature(message: BigNumberish, signature: Signature): boolean {
+    verifySignature(message: BigNumber, signature: Signature): boolean {
         return verifySignature(message, signature, this.publicKey)
     }
 }

packages/eddsa-poseidon/src/utils.ts

@@ -1,5 +1,5 @@
 import { Point } from "@zk-kit/baby-jubjub"
-import type { BigNumberish } from "@zk-kit/utils"
+import { type BigNumberish } from "@zk-kit/utils"
 import { bigNumberishToBigInt, bufferToBigInt } from "@zk-kit/utils/conversions"
 import { requireTypes } from "@zk-kit/utils/error-handlers"
 import { isArray, isBigNumber, isBigNumberish, isObject } from "@zk-kit/utils/type-checks"

packages/eddsa-poseidon/tests/index.test.ts

@@ -1,6 +1,6 @@
 import { babyjub, eddsa } from "circomlibjs"
 import { Buffer } from "buffer"
-import { crypto } from "@zk-kit/utils"
+import { bufferToBigInt, crypto } from "@zk-kit/utils"
 import { utils } from "ffjavascript"
 import { r, packPoint, Point } from "@zk-kit/baby-jubjub"
 import {
@@ -84,7 +84,7 @@
     it("Should sign a message (number)", async () => {
         const message = 22
 
-        const signature = signMessage(privateKey, message)
+        const signature = signMessage(privateKey, BigInt(message))
 
         const circomlibSignature = eddsa.signPoseidon(privateKey, BigInt(message))
 
@@ -96,7 +96,7 @@
     it("Should sign a message (hexadecimal)", async () => {
         const message = "0x12"
 
-        const signature = signMessage(privateKey, message)
+        const signature = signMessage(privateKey, BigInt(message))
 
         const circomlibSignature = eddsa.signPoseidon(privateKey, BigInt(message))
 
@@ -108,7 +108,7 @@
     it("Should sign a message (buffer)", async () => {
         const message = Buffer.from("message")
 
-        const signature = signMessage(privateKey, message)
+        const signature = signMessage(privateKey, bufferToBigInt(message))
 
         const circomlibSignature = eddsa.signPoseidon(privateKey, BigInt(`0x${message.toString("hex")}`))
 
@@ -117,7 +117,7 @@
         expect(signature.S).toBe(circomlibSignature.S)
     })
 
-    it("Should sign a message (string)", async () => {
+    it("Should sign a message if less than 32 bytes (string)", async () => {
         const message = "message"
 
         const signature = signMessage(privateKey, message)
@@ -129,6 +129,13 @@
         expect(signature.S).toBe(circomlibSignature.S)
     })
 
+    it("Should fail if message is larger than 32 bytes (string)", async () => {
+        const message = bufferToBigInt(Buffer.from(crypto.getRandomValues(34)))
+
+        const fun = () => signMessage(privateKey, message)
+        expect(fun).toThrow("Size 32 is too small, need at least 33 bytes")
+    })
+
     it("Should throw an error if the message type is not supported", async () => {
         const message = true
 
@@ -346,7 +353,7 @@
         expect(fun).toThrow("Invalid packed signature point")
     })
 
     it("Should still unpack a packed signature with scalar malformed", async () => {
         const signature = signMessage(privateKey, message)
 
         const packedSignature = packSignature(signature)