From 7b5192c27a6de0f6d0fb68fc89bc434d1b9221b4 Mon Sep 17 00:00:00 2001
From: callebtc <93376500+callebtc@users.noreply.github.com>
Date: Thu, 25 Jan 2024 20:56:41 +0100
Subject: [PATCH] fix: do not serialize-deserialize secret for p2pk signature
 check (#398)

---
 cashu/core/p2pk.py       | 6 +++---
 cashu/mint/conditions.py | 2 +-
 cashu/wallet/p2pk.py     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cashu/core/p2pk.py b/cashu/core/p2pk.py
index fab1496..f42a3a9 100644
--- a/cashu/core/p2pk.py
+++ b/cashu/core/p2pk.py
@@ -68,16 +68,16 @@ class P2PKSecret(Secret):
         return int(n_sigs) if n_sigs else None
 
 
-def sign_p2pk_sign(message: bytes, private_key: PrivateKey):
+def sign_p2pk_sign(message: bytes, private_key: PrivateKey) -> bytes:
     # ecdsa version
     # signature = private_key.ecdsa_serialize(private_key.ecdsa_sign(message))
     signature = private_key.schnorr_sign(
         hashlib.sha256(message).digest(), None, raw=True
     )
-    return signature.hex()
+    return signature
 
 
-def verify_p2pk_signature(message: bytes, pubkey: PublicKey, signature: bytes):
+def verify_p2pk_signature(message: bytes, pubkey: PublicKey, signature: bytes) -> bool:
     # ecdsa version
     # return pubkey.ecdsa_verify(message, pubkey.ecdsa_deserialize(signature))
     return pubkey.schnorr_verify(
diff --git a/cashu/mint/conditions.py b/cashu/mint/conditions.py
index d48c06e..e187ac0 100644
--- a/cashu/mint/conditions.py
+++ b/cashu/mint/conditions.py
@@ -83,7 +83,7 @@ class LedgerSpendingConditions:
                 logger.trace(f"verifying signature {input_sig} by pubkey {pubkey}.")
                 logger.trace(f"Message: {p2pk_secret.serialize().encode('utf-8')}")
                 if verify_p2pk_signature(
-                    message=p2pk_secret.serialize().encode("utf-8"),
+                    message=proof.secret.encode("utf-8"),
                     pubkey=PublicKey(bytes.fromhex(pubkey), raw=True),
                     signature=bytes.fromhex(input_sig),
                 ):
diff --git a/cashu/wallet/p2pk.py b/cashu/wallet/p2pk.py
index a2d824c..e246409 100644
--- a/cashu/wallet/p2pk.py
+++ b/cashu/wallet/p2pk.py
@@ -79,7 +79,7 @@ class WalletP2PK(SupportsPrivateKey, SupportsDb):
             sign_p2pk_sign(
                 message=proof.secret.encode("utf-8"),
                 private_key=private_key,
-            )
+            ).hex()
             for proof in proofs
         ]
         logger.debug(f"Signatures: {signatures}")
@@ -95,7 +95,7 @@ class WalletP2PK(SupportsPrivateKey, SupportsDb):
             sign_p2pk_sign(
                 message=output.B_.encode("utf-8"),
                 private_key=private_key,
-            )
+            ).hex()
             for output in outputs
         ]