fix signed message

Author: shruggr

message/signed.go

@@ -3,6 +3,7 @@ package message
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 
@@ -37,7 +38,8 @@ func Sign(message []byte, signer *ec.PrivateKey, verifier *ec.PublicKey) ([]byte
 	if err != nil {
 		return nil, err
 	}
-	signature, err := signingPriv.Sign(message)
+	hashedMessage := sha256.Sum256(message)
+	signature, err := signingPriv.Sign(hashedMessage[:])
 	if err != nil {
 		return nil, err
 	}
@@ -80,11 +82,11 @@ func Verify(message []byte, sig []byte, recipient *ec.PrivateKey) (bool, error)
 		counter += 32
 		verifierDER := append([]byte{verifierFirst}, verifierRest...)
 		if recipient == nil {
-			return false, nil
+			return false, fmt.Errorf("this signature can only be verified with knowledge of a specific private key. The associated public key is: %x", verifierDER)
 		}
 		recipientDER := recipient.PubKey().Compressed()
 		if !bytes.Equal(verifierDER, recipientDER) {
-			errorStr := "the recipient public key is %x but the signature requres the recipient to have public key %x"
+			errorStr := "the recipient public key is %x but the signature requires the recipient to have public key %x"
 			err = fmt.Errorf(errorStr, recipientDER, verifierDER)
 			return false, err
 		}
@@ -102,7 +104,8 @@ func Verify(message []byte, sig []byte, recipient *ec.PrivateKey) (bool, error)
 	if err != nil {
 		return false, err
 	}
-	verified := signature.Verify(message, signingKey)
+	hashedMessage := sha256.Sum256(message)
+	verified := signature.Verify(hashedMessage[:], signingKey)
 	return verified, nil
 
 }

message/signed_test.go

@@ -2,6 +2,7 @@ package message
 
 import (
 	"crypto/rand"
+	"fmt"
 	"math/big"
 	"testing"
 
@@ -49,13 +50,85 @@ func TestSignedMessage(t *testing.T) {
 		require.Equal(t, "message version mismatch: Expected 42423301, received 01423301", err.Error())
 	})
 
+	t.Run("Fails to verify a message with no verifier when required", func(t *testing.T) {
+		senderPriv, _ := ec.PrivateKeyFromBytes([]byte{15})
+		_, recipientPub := ec.PrivateKeyFromBytes([]byte{21}) // Specific recipient
+
+		message := []byte{1, 2, 4, 8, 16, 32}
+		signature, err := Sign(message, senderPriv, recipientPub)
+		require.NoError(t, err)
+
+		verified, err := Verify(message, signature, nil) // No recipient private key provided
+		require.Error(t, err)
+		require.False(t, verified)
+		// Construct expected public key from recipientPub for the error message
+		expectedVerifierPubHex := fmt.Sprintf("%x", recipientPub.Compressed())
+		require.Contains(t, err.Error(), "this signature can only be verified with knowledge of a specific private key. The associated public key is: "+expectedVerifierPubHex)
+	})
+
+	t.Run("Fails to verify a message with a wrong verifier", func(t *testing.T) {
+		senderPriv, _ := ec.PrivateKeyFromBytes([]byte{15})
+		_, recipientPub := ec.PrivateKeyFromBytes([]byte{21})
+		wrongRecipientPriv, _ := ec.PrivateKeyFromBytes([]byte{22})
+
+		message := []byte{1, 2, 4, 8, 16, 32}
+		signature, err := Sign(message, senderPriv, recipientPub)
+		require.NoError(t, err)
+
+		verified, err := Verify(message, signature, wrongRecipientPriv)
+		require.Error(t, err)
+		require.False(t, verified)
+		expectedRecipientPubHex := fmt.Sprintf("%x", recipientPub.Compressed())
+		actualRecipientPubHex := fmt.Sprintf("%x", wrongRecipientPriv.PubKey().Compressed())
+		require.Equal(t, fmt.Sprintf("the recipient public key is %s but the signature requires the recipient to have public key %s", actualRecipientPubHex, expectedRecipientPubHex), err.Error())
+	})
+
+}
+
+func TestTamperedMessage_AnyoneCanVerify(t *testing.T) {
+	senderPriv, _ := ec.PrivateKeyFromBytes([]byte{15})
+
+	messageA := []byte{1, 2, 4, 8, 16, 32}
+	signatureFromA, err := Sign(messageA, senderPriv, nil) // nil for "anyone can verify"
+	require.NoError(t, err)
+
+	// Create a tampered message (messageB)
+	messageB := make([]byte, len(messageA))
+	copy(messageB, messageA)
+	messageB[len(messageB)-1] = 64 // Modify the last byte
+
+	// Attempt to verify signatureFromA against messageB
+	// This verification should fail if the system is working correctly.
+	verified, err := Verify(messageB, signatureFromA, nil) // nil recipient
+	require.NoError(t, err, "Verification process itself should not error for a tampered message if signature format is valid")
+	require.False(t, verified, "Verification should fail for a tampered message")
+}
+
+func TestTamperedMessage_SpecificRecipient(t *testing.T) {
+	senderPriv, _ := ec.PrivateKeyFromBytes([]byte{15})
+	recipientPriv, recipientPub := ec.PrivateKeyFromBytes([]byte{21})
+
+	messageA := []byte{1, 2, 4, 8, 16, 32}
+	signatureFromA, err := Sign(messageA, senderPriv, recipientPub)
+	require.NoError(t, err)
+
+	// Create a tampered message (messageB)
+	messageB := make([]byte, len(messageA))
+	copy(messageB, messageA)
+	messageB[len(messageB)-1] = 64 // Modify the last byte
+
+	// Attempt to verify signatureFromA against messageB
+	// This verification should fail if the system is working correctly.
+	verified, err := Verify(messageB, signatureFromA, recipientPriv)
+	require.NoError(t, err, "Verification process itself should not error for a tampered message if signature format is valid")
+	require.False(t, verified, "Verification should fail for a tampered message with a specific recipient")
 }
 
 func TestEdgeCases(t *testing.T) {
 	signingPriv, _ := ec.PrivateKeyFromBytes([]byte{15})
 
 	message := make([]byte, 32)
-	for i := 0; i < 10000; i++ {
+	for range 10000 {
 		_, _ = rand.Read(message)
 		signature, err := signingPriv.Sign(message)
 		require.NoError(t, err)
@@ -71,6 +144,5 @@ func TestEdgeCases(t *testing.T) {
 
 		require.Equal(t, signatureSerialized, signatureDER)
 		require.Equal(t, len(signatureSerialized), len(signatureDER))
-		t.Logf("Signature serialized: %d %x - %d %x\n", len(signatureDER), signatureDER, len(signatureSerialized), signatureSerialized)
 	}
 }