Use ec.Signature type in wallet

Author: jchavannes

auth/certificates/certificate.go

@@ -264,6 +264,11 @@ func (c *Certificate) Verify(ctx context.Context) error {
 		return fmt.Errorf("failed to create verifier wallet: %w", err)
 	}
 
+	signature, err := ec.ParseSignature(c.Signature)
+	if err != nil {
+		return fmt.Errorf("failed to parse signature: %w", err)
+	}
+
 	// Get the binary representation without the signature
 	data, err := c.ToBinary(false)
 	if err != nil {
@@ -284,7 +289,7 @@ func (c *Certificate) Verify(ctx context.Context) error {
 			},
 		},
 		Data:      data,
-		Signature: c.Signature,
+		Signature: signature,
 	}
 
 	verifyResult, err := verifier.VerifySignature(ctx, verifyArgs, "")
@@ -343,7 +348,7 @@ func (c *Certificate) Sign(ctx context.Context, certifierWallet *wallet.ProtoWal
 	}
 
 	// Store the signature
-	c.Signature = signResult.Signature
+	c.Signature = signResult.Signature.Serialize()
 
 	return nil
 }

auth/peer.go

@@ -235,7 +235,7 @@ func (p *Peer) ToPeer(ctx context.Context, message []byte, identityKey *ec.Publi
 		return fmt.Errorf("failed to sign message: %w", err)
 	}
 
-	generalMessage.Signature = sigResult.Signature
+	generalMessage.Signature = sigResult.Signature.Serialize()
 
 	// Update session timestamp
 	now := time.Now().UnixNano() / int64(time.Millisecond)
@@ -595,6 +595,11 @@ func (p *Peer) handleCertificateRequest(ctx context.Context, message *AuthMessag
 		return fmt.Errorf("failed to serialize certificate request data: %w", err)
 	}
 
+	signature, err := ec.ParseSignature(message.Signature)
+	if err != nil {
+		return fmt.Errorf("failed to parse signature: %w", err)
+	}
+
 	// Verify signature
 	verifyResult, err := p.wallet.VerifySignature(ctx, wallet.VerifySignatureArgs{
 		EncryptionArgs: wallet.EncryptionArgs{
@@ -610,7 +615,7 @@ func (p *Peer) handleCertificateRequest(ctx context.Context, message *AuthMessag
 			},
 		},
 		Data:      certRequestData,
-		Signature: message.Signature,
+		Signature: signature,
 	}, "")
 
 	if err != nil || !verifyResult.Valid {
@@ -671,6 +676,11 @@ func (p *Peer) handleCertificateResponse(ctx context.Context, message *AuthMessa
 		return fmt.Errorf("failed to serialize certificate data: %w", err)
 	}
 
+	signature, err := ec.ParseSignature(message.Signature)
+	if err != nil {
+		return nil
+	}
+
 	// Verify signature
 	verifyResult, err := p.wallet.VerifySignature(ctx, wallet.VerifySignatureArgs{
 		EncryptionArgs: wallet.EncryptionArgs{
@@ -686,7 +696,7 @@ func (p *Peer) handleCertificateResponse(ctx context.Context, message *AuthMessa
 			},
 		},
 		Data:      certData,
-		Signature: message.Signature,
+		Signature: signature,
 	}, "")
 
 	if err != nil || !verifyResult.Valid {
@@ -762,6 +772,11 @@ func (p *Peer) handleGeneralMessage(ctx context.Context, message *AuthMessage, s
 	session.LastUpdate = time.Now().UnixMilli()
 	p.sessionManager.UpdateSession(session)
 
+	signature, err := ec.ParseSignature(message.Signature)
+	if err != nil {
+		return nil
+	}
+
 	// Verify signature
 	verifyResult, err := p.wallet.VerifySignature(ctx, wallet.VerifySignatureArgs{
 		EncryptionArgs: wallet.EncryptionArgs{
@@ -777,7 +792,7 @@ func (p *Peer) handleGeneralMessage(ctx context.Context, message *AuthMessage, s
 			},
 		},
 		Data:      message.Payload,
-		Signature: message.Signature,
+		Signature: signature,
 	}, "")
 
 	if err != nil || !verifyResult.Valid {
@@ -862,7 +877,7 @@ func (p *Peer) RequestCertificates(ctx context.Context, identityKey *ec.PublicKe
 		return fmt.Errorf("failed to sign certificate request: %w", err)
 	}
 
-	certRequest.Signature = sigResult.Signature
+	certRequest.Signature = sigResult.Signature.Serialize()
 
 	// Send the request
 	err = p.transport.Send(ctx, certRequest)
@@ -944,7 +959,7 @@ func (p *Peer) SendCertificateResponse(ctx context.Context, identityKey *ec.Publ
 		return fmt.Errorf("failed to sign certificate response: %w", err)
 	}
 
-	certResponse.Signature = sigResult.Signature
+	certResponse.Signature = sigResult.Signature.Serialize()
 
 	// Send the response
 	err = p.transport.Send(ctx, certResponse)

auth/peer_test.go

@@ -109,13 +109,12 @@ func CreatePeerPair(t *testing.T) (*Peer, *Peer, *wallet.MockWallet, *wallet.Moc
 	// Setup basic crypto operations
 	dummySig, err := alicePk.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummySigBytes := dummySig.Serialize()
 
 	aliceWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 
 	aliceWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
@@ -441,7 +440,6 @@ func TestPeerCertificateExchange(t *testing.T) {
 	require.NoError(t, err)
 	dummySig, err := dummyKey.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummySigBytes := dummySig.Serialize()
 
 	// Mock the certificate verification to always succeed
 	aliceWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
@@ -537,10 +535,10 @@ func TestPeerCertificateExchange(t *testing.T) {
 
 	// Setup crypto operations
 	aliceWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 
 	// Force all signature verifications to succeed
@@ -746,13 +744,12 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 	// Setup crypto operations for both Alice wallets
 	dummyAliceSig, err := alicePk.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummyAliceSigBytes := dummyAliceSig.Serialize()
 
 	aliceWallet1.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummyAliceSigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummyAliceSig}, nil
 	}
 	aliceWallet2.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummyAliceSigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummyAliceSig}, nil
 	}
 
 	aliceWallet1.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
@@ -800,17 +797,16 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 	// Setup Bob's crypto operations
 	dummyBobSig, err := bobPk.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummyBobSigBytes := dummyBobSig.Serialize()
 
 	bobWallet1.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummyBobSigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummyBobSig}, nil
 	}
 	bobWallet1.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
 	}
 
 	bobWallet2.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummyBobSigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummyBobSig}, nil
 	}
 	bobWallet2.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
@@ -973,7 +969,6 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 	require.NoError(t, err)
 	dummySig, err := dummyKey.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummySigBytes := dummySig.Serialize()
 
 	// Mock the certificate verification to always succeed
 	aliceWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
@@ -1065,10 +1060,10 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 
 	// Setup crypto operations
 	aliceWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 
 	// Force all signature verifications to succeed
@@ -1286,7 +1281,6 @@ func TestLibraryCardVerification(t *testing.T) {
 	require.NoError(t, err)
 	dummySig, err := dummyKey.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummySigBytes := dummySig.Serialize()
 
 	// Mock the certificate verification to always succeed
 	aliceWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
@@ -1342,10 +1336,10 @@ func TestLibraryCardVerification(t *testing.T) {
 
 	// Setup crypto operations
 	aliceWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 
 	// Force all signature verifications to succeed
@@ -1622,13 +1616,12 @@ func TestNonmatchingCertificateRejection(t *testing.T) {
 	// Set up crypto functions
 	dummySig, err := aliceKey.Sign([]byte("test"))
 	require.NoError(t, err)
-	dummySigBytes := dummySig.Serialize()
 
 	aliceWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
-		return &wallet.CreateSignatureResult{Signature: dummySigBytes}, nil
+		return &wallet.CreateSignatureResult{Signature: dummySig}, nil
 	}
 
 	aliceWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {

auth/utils/certificate_debug.go

@@ -105,9 +105,6 @@ func SignCertificateForTest(ctx context.Context, cert wallet.Certificate, signer
 		return encodedCert, fmt.Errorf("failed to sign certificate: %w", err)
 	}
 
-	// Update the certificate object with the new signature
-	certObj.Signature = signature.Serialize()
-
 	// Convert back to wallet.Certificate format
 	finalCert := wallet.Certificate{
 		Type:               encodedCert.Type,
@@ -116,7 +113,7 @@ func SignCertificateForTest(ctx context.Context, cert wallet.Certificate, signer
 		Certifier:          &certObj.Certifier,
 		RevocationOutpoint: encodedCert.RevocationOutpoint,
 		Fields:             encodedCert.Fields,
-		Signature:          certObj.Signature,
+		Signature:          signature,
 	}
 
 	return finalCert, nil

auth/utils/get_verifiable_certificates.go

@@ -102,8 +102,8 @@ func GetVerifiableCertificates(ctx context.Context, options *GetVerifiableCertif
 		}
 
 		// Handle Signature
-		if len(certResult.Signature) > 0 {
-			baseCert.Signature = certResult.Signature
+		if certResult.Signature != nil {
+			baseCert.Signature = certResult.Signature.Serialize()
 		}
 
 		// Handle nil Subject and Certifier safely

auth/utils/get_verifiable_certificates_test.go

@@ -31,6 +31,8 @@ func TestGetVerifiableCertificates(t *testing.T) {
 	certType1 := tu.GetByte32FromString("certType1")
 	certType2 := tu.GetByte32FromString("certType2")
 	serial1 := tu.GetByte32FromString("serial1")
+	const TestSigHex = "3045022100a6f09ee70382ab364f3f6b040aebb8fe7a51dbc3b4c99cfeb2f7756432162833022067349b91a6319345996faddf36d1b2f3a502e4ae002205f9d2db85474f9aed5a"
+	testSig := tu.GetSigFromHex(t, TestSigHex)
 
 	// Test case 1: Retrieves matching certificates based on requested set
 	t.Run("retrieves matching certificates based on requested set", func(t *testing.T) {
@@ -67,7 +69,7 @@ func TestGetVerifiableCertificates(t *testing.T) {
 						Certifier:          certifier,
 						RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 						Fields:             map[string]string{"field1": field1ValueBase64, "field2": field2ValueBase64}, // Use base64-encoded field values
-						Signature:          []byte{0x01, 0x02, 0x03, 0x04},
+						Signature:          testSig,
 					},
 				},
 			},

identity/client.go

@@ -98,7 +98,7 @@ func (c *Client) PubliclyRevealAttributes(
 		Certifier:          *certificate.Certifier,
 		RevocationOutpoint: revocationOutpoint,
 		Fields:             fields,
-		Signature:          certificate.Signature,
+		Signature:          certificate.Signature.Serialize(),
 	}
 
 	// Verify the certificate
@@ -141,7 +141,7 @@ func (c *Client) PubliclyRevealAttributes(
 		"certifier":          certificate.Certifier.Compressed(),
 		"revocationOutpoint": revocationOutpointString,
 		"fields":             certificate.Fields,
-		"signature":          hex.EncodeToString(certificate.Signature),
+		"signature":          hex.EncodeToString(certificate.Signature.Serialize()),
 		"keyring":            proveResult.KeyringForVerifier,
 	}