errors updated

Author: curiecrypt

mithril-stm/src/signature_scheme/schnorr_signature/error.rs

@@ -1,5 +1,5 @@
 #[cfg(feature = "future_snark")]
-use super::{SchnorrSignature, SchnorrVerificationKey};
+use super::{PrimeOrderProjectivePoint, SchnorrSignature};
 
 /// Error types for Schnorr signatures.
 #[cfg(feature = "future_snark")]
@@ -9,15 +9,15 @@ pub enum SchnorrSignatureError {
     #[error("Invalid Schnorr single signature")]
     SignatureInvalid(Box<SchnorrSignature>),
 
-    /// Invalid Verification key
-    #[error("Invalid Schnorr Verification key")]
-    VerificationKeyInvalid(Box<SchnorrVerificationKey>),
-
     /// This error occurs when the serialization of the raw bytes failed
     #[error("Invalid bytes")]
     SerializationError,
 
     /// This error occurs when the random scalar fails to generate during the signature
     #[error("Failed generation of the signature's random scalar")]
     RandomScalarGenerationError,
+
+    /// Given point is not on the curve
+    #[error("Given point is not on the curve")]
+    PointIsNotOnCurve(Box<PrimeOrderProjectivePoint>),
 }

mithril-stm/src/signature_scheme/schnorr_signature/jubjub_wrapper/curve_points.rs

@@ -16,6 +16,14 @@ impl AffinePoint {
         AffinePoint(JubjubAffinePoint::from(projective_point.0))
     }
 
+    pub(crate) fn from_prime_order_projective_point(
+        prime_order_projective_point: PrimeOrderProjectivePoint,
+    ) -> Self {
+        AffinePoint(JubjubAffinePoint::from(
+            ProjectivePoint::from_prime_order_projective_point(prime_order_projective_point).0,
+        ))
+    }
+
     pub(crate) fn get_u(&self) -> BaseFieldElement {
         BaseFieldElement(self.0.get_u())
     }

mithril-stm/src/signature_scheme/schnorr_signature/signature.rs

@@ -44,13 +44,7 @@ impl SchnorrSignature {
     ///
     pub fn verify(&self, msg: &[u8], verification_key: &SchnorrVerificationKey) -> StmResult<()> {
         // Check that the verification key is on the curve
-        if !is_on_curve(ProjectivePoint::from_prime_order_projective_point(
-            verification_key.0,
-        )) {
-            return Err(anyhow!(SchnorrSignatureError::VerificationKeyInvalid(
-                Box::new(*verification_key)
-            )));
-        }
+        is_on_curve(verification_key.0).with_context(|| "The verification key is invalid.")?;
 
         let generator = PrimeOrderProjectivePoint::create_generator();
 

mithril-stm/src/signature_scheme/schnorr_signature/signing_key.rs

@@ -57,7 +57,8 @@ impl SchnorrSigningKey {
         let sigma = msg_hash.scalar_multiplication(&self.0);
 
         // r1 = H(msg) * r, r2 = g * r
-        let random_scalar = ScalarFieldElement::new_random_nonzero_scalar(rng)?;
+        let random_scalar = ScalarFieldElement::new_random_nonzero_scalar(rng)
+            .with_context(|| "Random scalar generation failed during signing.")?;
 
         let random_point_1 = msg_hash.scalar_multiplication(&random_scalar);
         let random_point_2 = generator.scalar_multiplication(&random_scalar);
@@ -94,10 +95,12 @@ impl SchnorrSigningKey {
     /// The bytes must represent a Jubjub scalar or the conversion will fail
     pub fn from_bytes(bytes: &[u8]) -> StmResult<Self> {
         if bytes.len() < 32 {
-            return Err(anyhow!(SchnorrSignatureError::SerializationError))
-                .with_context(|| "Not enough bytes provided to create a Schnorr signing key.");
+            return Err(anyhow!(SchnorrSignatureError::SerializationError)).with_context(
+                || "Not enough bytes provided to re-construct a Schnorr signing key.",
+            );
         }
-        let scalar_field_element = ScalarFieldElement::from_bytes(bytes)?;
+        let scalar_field_element = ScalarFieldElement::from_bytes(bytes)
+            .with_context(|| "Could not construct Schnorr signing key from given bytes.")?;
         Ok(SchnorrSigningKey(scalar_field_element))
     }
 }

mithril-stm/src/signature_scheme/schnorr_signature/utils.rs

@@ -1,10 +1,15 @@
+use anyhow::anyhow;
 use dusk_jubjub::EDWARDS_D;
 
-use super::{AffinePoint, BaseFieldElement, ProjectivePoint};
+use super::{
+    AffinePoint, BaseFieldElement, PrimeOrderProjectivePoint, ProjectivePoint,
+    SchnorrSignatureError,
+};
+use crate::StmResult;
 
 /// Check if the given point is on the curve using its coordinates
-pub fn is_on_curve(point: ProjectivePoint) -> bool {
-    let point_affine_representation = AffinePoint::from_projective_point(point);
+pub fn is_on_curve(point: PrimeOrderProjectivePoint) -> StmResult<PrimeOrderProjectivePoint> {
+    let point_affine_representation = AffinePoint::from_prime_order_projective_point(point);
     let (x, y) = (
         point_affine_representation.get_u(),
         point_affine_representation.get_v(),
@@ -17,7 +22,12 @@ pub fn is_on_curve(point: ProjectivePoint) -> bool {
     rhs = rhs.mul(&BaseFieldElement(EDWARDS_D));
     rhs = rhs.add(&BaseFieldElement::get_one());
 
-    lhs == rhs
+    if lhs != rhs {
+        return Err(anyhow!(SchnorrSignatureError::PointIsNotOnCurve(Box::new(
+            point
+        ))));
+    }
+    Ok(point)
 }
 
 /// Extract the coordinates of given points in an Extended form

mithril-stm/src/signature_scheme/schnorr_signature/verification_key.rs

@@ -20,10 +20,11 @@ impl SchnorrVerificationKey {
     pub fn from_bytes(bytes: &[u8]) -> StmResult<Self> {
         if bytes.len() < 32 {
             return Err(anyhow!(SchnorrSignatureError::SerializationError)).with_context(
-                || "Not enough bytes provided to create a Schnorr verification key.",
+                || "Not enough bytes provided to construct a Schnorr verification key.",
             );
         }
-        let prime_order_projective_point = PrimeOrderProjectivePoint::from_bytes(bytes)?;
+        let prime_order_projective_point = PrimeOrderProjectivePoint::from_bytes(bytes)
+            .with_context(|| "Cannot construct Schnorr verification key from given bytes.")?;
 
         Ok(SchnorrVerificationKey(prime_order_projective_point))
     }