[CRITICAL CHANGE] Remove message at the end of signature

CKB fits detached message mode of SPHINCS+, since the signing messages
will be calculated based on enclosing CKB transactions.

Author: xxuejie

contracts/c-sphincs-all-in-one-lock/ckb-sphincsplus.c

@@ -18,15 +18,11 @@
 enum SphincsPlusError {
   SphincsPlusError_Params = 200,
   SphincsPlusError_Verify,
-  SphincsPlusError_Verify_MsgLen,
-  SphincsPlusError_Verify_MsgCmp,
+  SphincsPlusError_OutputSignLength,
 };
 
 #ifndef CKB_VM
 
-// TODO: switch the code to use crypto_sign_signature / crypto_sign_verify,
-// so we don't need to append message to the end of the signature.
-
 #include <stdlib.h>
 
 int sphincs_plus_generate_keypair(uint8_t *pk, uint8_t *sk) {
@@ -35,11 +31,14 @@ int sphincs_plus_generate_keypair(uint8_t *pk, uint8_t *sk) {
 
 int sphincs_plus_sign(const uint8_t *message, const uint8_t *sk,
                       uint8_t *out_sign) {
-  unsigned long long out_sign_len = SPHINCS_PLUS_SIGN_SIZE;
-  int ret = crypto_sign(out_sign, (unsigned long long *)&out_sign_len, message,
-                        SPX_MLEN, sk);
+  size_t out_sign_len = 0;
+  int ret =
+      crypto_sign_signature(out_sign, &out_sign_len, message, SPX_MLEN, sk);
+  if (ret != 0) {
+    return ret;
+  }
   if ((uint32_t)out_sign_len != SPHINCS_PLUS_SIGN_SIZE) {
-    return 1;
+    return SphincsPlusError_OutputSignLength;
   }
   return ret;
 }
@@ -58,21 +57,12 @@ int sphincs_plus_verify(const uint8_t *sign, uint32_t sign_size,
       pubkey_size != SPHINCS_PLUS_PK_SIZE) {
     return SphincsPlusError_Params;
   }
-  unsigned char mout[SPX_BYTES + SPX_MLEN];
-  unsigned long long mlen = 0;
 
-  int err = crypto_sign_open(mout, &mlen, sign, SPHINCS_PLUS_SIGN_SIZE, pubkey);
+  int err = crypto_sign_verify(sign, SPHINCS_PLUS_SIGN_SIZE, message,
+                               message_size, pubkey);
   if (err != 0) {
     return SphincsPlusError_Verify;
   }
 
-  if (mlen != SPX_MLEN) {
-    return SphincsPlusError_Verify_MsgLen;
-  }
-
-  if (memcmp(mout, message, SPX_MLEN) != 0) {
-    return SphincsPlusError_Verify_MsgCmp;
-  }
-
   return 0;
 }

contracts/c-sphincs-all-in-one-lock/ckb-sphincsplus.h

@@ -7,7 +7,7 @@
 
 #define SPHINCS_PLUS_PK_SIZE SPX_PK_BYTES
 #define SPHINCS_PLUS_SK_SIZE SPX_SK_BYTES
-#define SPHINCS_PLUS_SIGN_SIZE (SPX_BYTES + SPX_MLEN)
+#define SPHINCS_PLUS_SIGN_SIZE SPX_BYTES
 
 #ifndef CKB_VM
 int sphincs_plus_generate_keypair(uint8_t *pk, uint8_t *sk);

tests/sphincsplus/test-ckb-sphincs-plus.c

@@ -1,6 +1,7 @@
 
 #include <assert.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -14,7 +15,7 @@
 #define ASSERT(c)                                \
   if (!(c)) {                                    \
     printf("Assert: %s:%d", __FILE__, __LINE__); \
-    ((void)0);                                   \
+    exit(-1);                                    \
   }
 #endif  // ASSERT
 
@@ -52,8 +53,13 @@ int main() {
   clock_t start, end;
   start = clock();
 
+  /*
+   * G_TEST_DATA_SIGN was prepared at a time where signature is followed
+   * by message. We remove this behavior later, so sizeof(G_TEST_DATA_SIGN)
+   * will not give correct result here.
+   */
   int ret =
-      sphincs_plus_verify(G_TEST_DATA_SIGN, sizeof(G_TEST_DATA_SIGN),
+      sphincs_plus_verify(G_TEST_DATA_SIGN, SPHINCS_PLUS_SIGN_SIZE,
                           G_TEST_DATA_MSG, sizeof(G_TEST_DATA_MSG),
                           G_TEST_DATA_PUB_KEY, sizeof(G_TEST_DATA_PUB_KEY));
   ASSERT(ret == 0);