Merge sergei's branch

nikhil-gupta-tw · nikhil-gupta-tw · commit 67fa2ae786f5 · 2026-03-25T18:01:00.000+05:30
diff --git a/src/PrivateKey.cpp b/src/PrivateKey.cpp
@@ -256,10 +256,9 @@ PublicKey PrivateKey::getPublicKey(TWPublicKeyType type) const {
 }
 
 int ecdsa_sign_digest_checked(const ecdsa_curve* curve, const uint8_t* priv_key, const uint8_t* digest, size_t digest_size, uint8_t* sig, uint8_t* pby, int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
-    if (digest_size < 32) {
+    if (digest_size != PrivateKey::ecdsaMessageSize) {
         return -1;
     }
-    assert(digest_size >= 32);
     return ecdsa_sign_digest(curve, priv_key, digest, sig, pby, is_canonical);
 }
 
diff --git a/src/PrivateKey.h b/src/PrivateKey.h
@@ -20,6 +20,8 @@ class PrivateKey {
     static const size_t _size = 32;
     /// The number of bytes in a Cardano key (two extended ed25519 keys + chain code)
     static const size_t cardanoKeySize = 2 * 3 * 32;
+    /// The number of bytes in an ECDSA message digest (e.g., 32-byte hash) that can be signed.
+    static const size_t ecdsaMessageSize = 32;
 
     /// The private key bytes:
     /// - common case: 'size' bytes
diff --git a/src/PublicKey.cpp b/src/PublicKey.cpp
@@ -20,9 +20,7 @@
 
 namespace TW {
 
-static constexpr size_t kEcdsaMinDigestSize = 32;
-
-bool validateSignatureLength(TWPublicKeyType type, const Data& signature) {
+static bool validateSignatureLength(TWPublicKeyType type, const Data& signature) {
     switch (type) {
     case TWPublicKeyTypeSECP256k1:
     case TWPublicKeyTypeSECP256k1Extended:
@@ -37,6 +35,27 @@ bool validateSignatureLength(TWPublicKeyType type, const Data& signature) {
     }
 }
 
+static bool validateMessageLength(TWPublicKeyType type, const Data& message) {
+    switch (type) {
+    case TWPublicKeyTypeED25519:
+    case TWPublicKeyTypeCURVE25519:
+    case TWPublicKeyTypeED25519Blake2b:
+    case TWPublicKeyTypeED25519Cardano:
+        // Allow any message size for ed25519.
+        return true;
+    case TWPublicKeyTypeSECP256k1:
+    case TWPublicKeyTypeNIST256p1:
+    case TWPublicKeyTypeSECP256k1Extended:
+    case TWPublicKeyTypeNIST256p1Extended:
+        return message.size() == PublicKey::ecdsaMessageSize;
+    case TWPublicKeyTypeStarkex:
+        // Digest shorter than 32 bytes will be left-padded with zeros before verification.
+        return message.size() <= PublicKey::starkexMessageMaxSize;
+    default:
+        return false;
+    }
+}
+
 /// Determines if a collection of bytes makes a valid public key of the
 /// given type.
 bool PublicKey::isValid(const Data& data, enum TWPublicKeyType type) {
@@ -167,15 +186,16 @@ bool PublicKey::verify(const Data& signature, const Data& message) const {
     if (!validateSignatureLength(type, signature)) {
         return false;
     }
+    if (!validateMessageLength(type, message)) {
+        return false;
+    }
 
     switch (type) {
     case TWPublicKeyTypeSECP256k1:
     case TWPublicKeyTypeSECP256k1Extended:
-        if (message.size() < kEcdsaMinDigestSize) { return false; }
         return ecdsa_verify_digest(&secp256k1, bytes.data(), signature.data(), message.data()) == 0;
     case TWPublicKeyTypeNIST256p1:
     case TWPublicKeyTypeNIST256p1Extended:
-        if (message.size() < kEcdsaMinDigestSize) { return false; }
         return ecdsa_verify_digest(&nist256p1, bytes.data(), signature.data(), message.data()) == 0;
     case TWPublicKeyTypeED25519:
         return ed25519_sign_open(message.data(), message.size(), bytes.data(), signature.data()) == 0;
@@ -187,7 +207,7 @@ bool PublicKey::verify(const Data& signature, const Data& message) const {
     }
     case TWPublicKeyTypeCURVE25519: {
         auto ed25519PublicKey = Data();
-        ed25519PublicKey.resize(PublicKey::ed25519Size);
+        ed25519PublicKey.resize(ed25519Size);
         curve25519_pk_to_ed25519(ed25519PublicKey.data(), bytes.data());
 
         ed25519PublicKey[31] &= 0x7F;
@@ -207,10 +227,13 @@ bool PublicKey::verify(const Data& signature, const Data& message) const {
 }
 
 bool PublicKey::verifyAsDER(const Data& signature, const Data& message) const {
+    if (message.size() != ecdsaMessageSize) {
+        return false;
+    }
+
     switch (type) {
     case TWPublicKeyTypeSECP256k1:
     case TWPublicKeyTypeSECP256k1Extended: {
-        if (message.size() < kEcdsaMinDigestSize) { return false; }
         Data sig(64);
         int ret = ecdsa_sig_from_der(signature.data(), signature.size(), sig.data());
         if (ret) {
diff --git a/src/PublicKey.h b/src/PublicKey.h
@@ -37,9 +37,15 @@ class PublicKey {
     /// The number of bytes in a secp256k1 signature.
     static const size_t secp256k1SignatureSize = 65;
 
-    /// Magic number used in V compnent encoding
+    /// Magic number used in V component encoding
     static const byte SignatureVOffset = 27;
 
+    /// The number of bytes in an ECDSA message digest (e.g., 32-byte hash) that can be verified.
+    static const size_t ecdsaMessageSize = 32;
+    /// The maximum number of bytes in a message that can be verified with a starkex public key.
+    /// Digest shorter than 32 bytes will be left-padded with zeros before verification.
+    static const size_t starkexMessageMaxSize = 32;
+
     /// The public key bytes.
     Data bytes;
 
diff --git a/tests/common/PrivateKeyTests.cpp b/tests/common/PrivateKeyTests.cpp
@@ -323,6 +323,24 @@ TEST(PrivateKey, SignShortDigest) {
     }
 }
 
+TEST(PrivateKey, SignLongDigest) {
+    Data privKeyData = parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5");
+    auto privateKey = PrivateKey(privKeyData);
+    Data shortDigest = TW::data("123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012");
+    {
+        Data actual = privateKey.sign(shortDigest, TWCurveSECP256k1);
+        EXPECT_EQ(actual.size(), 0ul);
+    }
+    {
+        Data actual = privateKey.sign(shortDigest, TWCurveNIST256p1);
+        EXPECT_EQ(actual.size(), 0ul);
+    }
+    {
+        Data actual = privateKey.sign(shortDigest, TWCurveSECP256k1, isCanonical);
+        EXPECT_EQ(actual.size(), 0ul);
+    }
+}
+
 TEST(PrivateKey, SignWithDifferentCurveWorks) {
     Data privKeyData = parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5");
     // Using the deprecated constructor without specifying a curve
diff --git a/tests/interface/TWPublicKeyTests.cpp b/tests/interface/TWPublicKeyTests.cpp
@@ -91,6 +91,19 @@ TEST(TWPublicKeyTests, VerifyInvalidLength) {
     ASSERT_FALSE(TWPublicKeyVerify(publicKey.get(), signature.get(), message.get()));
 }
 
+TEST(TWPublicKeyTests, VerifyInvalidMessageLength) {
+    const PrivateKey key(parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5"), TWCurveSECP256k1);
+    const auto privateKey = WRAP(TWPrivateKey, new TWPrivateKey{ key });
+
+    // Invalid message length - 31 bytes instead of 32
+    const auto invalidMessage = DATA("de4e9524586d6fce45667f9ff12f661e79870c4105fa0fb58af976619bb114");
+    // Valid 64-byte signature
+    const auto signature = DATA("00000000000000000000000000000000000000000000000000000000000000020123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef80");
+
+    auto publicKey = WRAP(TWPublicKey, TWPrivateKeyGetPublicKeySecp256k1(privateKey.get(), false));
+    ASSERT_FALSE(TWPublicKeyVerify(publicKey.get(), signature.get(), invalidMessage.get()));
+}
+
 TEST(TWPublicKeyTests, VerifyAsDER) {
     const PrivateKey key = PrivateKey(parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5"), TWCurveSECP256k1);
     const auto privateKey = WRAP(TWPrivateKey, new TWPrivateKey{ key });
@@ -108,6 +121,19 @@ TEST(TWPublicKeyTests, VerifyAsDER) {
     ASSERT_FALSE(TWPublicKeyVerify(publicKey.get(), signature.get(), digest.get()));
 }
 
+TEST(TWPublicKeyTests, VerifyAsDERInvalidMessageLength) {
+    const PrivateKey key = PrivateKey(parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5"), TWCurveSECP256k1);
+    const auto privateKey = WRAP(TWPrivateKey, new TWPrivateKey{ key });
+
+    // Invalid message length - 31 bytes instead of 32
+    const auto invalidMessage = DATA("de4e9524586d6fce45667f9ff12f661e79870c4105fa0fb58af976619bb114");
+    // Valid 64-byte signature
+    const auto signature = DATA("00000000000000000000000000000000000000000000000000000000000000020123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef80");
+
+    auto publicKey = WRAP(TWPublicKey, TWPrivateKeyGetPublicKeySecp256k1(privateKey.get(), false));
+    ASSERT_FALSE(TWPublicKeyVerifyAsDER(publicKey.get(), signature.get(), invalidMessage.get()));
+}
+
 TEST(TWPublicKeyTests, VerifyEd25519) {
     const PrivateKey key(parse_hex("afeefca74d9a325cf1d6b6911d61a65c32afa8e02bd5e78e2e4ac2910bab45f5"));
     const auto privateKey = WRAP(TWPrivateKey, new TWPrivateKey{ key });

Original file line number	Diff line number	Diff line change
`@@ -256,10 +256,9 @@ PublicKey PrivateKey::getPublicKey(TWPublicKeyType type) const {`
`256`	`256`	`}`
`257`	`257`
`258`	`258`	`int ecdsa_sign_digest_checked(const ecdsa_curve* curve, const uint8_t* priv_key, const uint8_t* digest, size_t digest_size, uint8_t* sig, uint8_t* pby, int (*is_canonical)(uint8_t by, uint8_t sig[64])) {`
`259`		`- if (digest_size < 32) {`
	`259`	`+ if (digest_size != PrivateKey::ecdsaMessageSize) {`
`260`	`260`	`return -1;`
`261`	`261`	`}`
`262`		`- assert(digest_size >= 32);`
`263`	`262`	`return ecdsa_sign_digest(curve, priv_key, digest, sig, pby, is_canonical);`
`264`	`263`	`}`
`265`	`264`