From 0e768dbfa2b7d0986ed4f806362ecbed16b50fad Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Tue, 26 May 2026 22:43:29 +0900 Subject: [PATCH 1/2] avoid extra to_vec for key --- crates/gem_algorand/src/signer/signing.rs | 2 +- crates/gem_bitcoin/src/signer/signature.rs | 2 +- crates/gem_cosmos/src/signer/chain_signer.rs | 2 +- crates/gem_tron/src/signer/transaction.rs | 2 +- crates/gem_xrp/src/signer/transaction.rs | 2 +- crates/signer/src/lib.rs | 12 ++++-------- gemstone/src/message/signer.rs | 2 +- gemstone/src/signer/chain.rs | 12 +++++++----- gemstone/src/signer/decode.rs | 3 ++- 9 files changed, 19 insertions(+), 20 deletions(-) diff --git a/crates/gem_algorand/src/signer/signing.rs b/crates/gem_algorand/src/signer/signing.rs index e1baf48bc..b623ccf85 100644 --- a/crates/gem_algorand/src/signer/signing.rs +++ b/crates/gem_algorand/src/signer/signing.rs @@ -12,7 +12,7 @@ pub(crate) fn sign_transaction(transaction: &AlgorandTransaction, private_key: & preimage.extend_from_slice(TX_TAG); preimage.extend_from_slice(&encoded); - let signature = Signer::sign_digest(SignatureScheme::Ed25519, preimage, private_key.to_vec())?; + let signature = Signer::sign_digest(SignatureScheme::Ed25519, &preimage, private_key)?; let signed = encode_signed_transaction(&encoded, &signature); Ok(hex::encode(signed)) } diff --git a/crates/gem_bitcoin/src/signer/signature.rs b/crates/gem_bitcoin/src/signer/signature.rs index 610117a4e..3054d5a9b 100644 --- a/crates/gem_bitcoin/src/signer/signature.rs +++ b/crates/gem_bitcoin/src/signer/signature.rs @@ -9,7 +9,7 @@ pub fn sign_personal(data: &[u8], private_key: &[u8]) -> Result Result { - Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash.to_vec(), private_key.to_vec())?)) + Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key)?)) } fn encode_trc20_transfer(destination: &TronAddress, value: &str) -> Result, SignerError> { diff --git a/crates/gem_xrp/src/signer/transaction.rs b/crates/gem_xrp/src/signer/transaction.rs index e43d210f3..87ce2bb98 100644 --- a/crates/gem_xrp/src/signer/transaction.rs +++ b/crates/gem_xrp/src/signer/transaction.rs @@ -97,7 +97,7 @@ impl XrpTransaction { preimage.extend_from_slice(&SIGNING_PREFIX); preimage.extend_from_slice(&unsigned); let digest = sha512_half(&preimage); - let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?; + let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, &digest, private_key)?; if signature.len() < 64 { return Err(SignerError::signing_error("secp256k1 signature too short")); } diff --git a/crates/signer/src/lib.rs b/crates/signer/src/lib.rs index 401288549..bb807ebc2 100644 --- a/crates/signer/src/lib.rs +++ b/crates/signer/src/lib.rs @@ -10,8 +10,6 @@ pub(crate) mod testkit { pub const TEST_PRIVATE_KEY: &str = "1e9d38b5274152a78dff1a86fa464ceadc1f4238ca2c17060c3c507349424a34"; } -use zeroize::Zeroizing; - pub use crate::address::Base32Address; pub use crate::ed25519::{ED25519_KEY_TYPE, Ed25519KeyPair}; pub use crate::error::InvalidInput; @@ -34,18 +32,16 @@ pub enum SignatureScheme { } impl Signer { - pub fn sign_digest(scheme: SignatureScheme, digest: Vec, private_key: Vec) -> Result, SignerError> { - let private_key = Zeroizing::new(private_key); + pub fn sign_digest(scheme: SignatureScheme, digest: &[u8], private_key: &[u8]) -> Result, SignerError> { match scheme { - SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(&private_key)?.sign(&digest).to_vec()), - SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(&digest, &private_key), + SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(private_key)?.sign(digest).to_vec()), + SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(digest, private_key), } } /// Sign a secp256k1 digest returning [r(32), s(32), v(1)] where v ∈ {27, 28}. pub fn sign_ethereum_digest(digest: &[u8], private_key: &[u8]) -> Result, SignerError> { - let private_key = Zeroizing::new(private_key.to_vec()); - secp256k1::sign_ethereum_digest(digest, &private_key) + secp256k1::sign_ethereum_digest(digest, private_key) } pub fn sign_eip712(typed_data_json: &str, private_key: &[u8]) -> Result { diff --git a/gemstone/src/message/signer.rs b/gemstone/src/message/signer.rs index c55f65ea9..53528b7f1 100644 --- a/gemstone/src/message/signer.rs +++ b/gemstone/src/message/signer.rs @@ -173,7 +173,7 @@ impl MessageSigner { } SignDigestType::Base58 => { let hash = self.hash()?; - let signed = Signer::sign_digest(SignatureScheme::Ed25519, hash, private_key.to_vec())?; + let signed = Signer::sign_digest(SignatureScheme::Ed25519, &hash, private_key.as_slice())?; Ok(self.get_result(&signed)) } } diff --git a/gemstone/src/signer/chain.rs b/gemstone/src/signer/chain.rs index 7e1a30521..397cc89ca 100644 --- a/gemstone/src/signer/chain.rs +++ b/gemstone/src/signer/chain.rs @@ -14,6 +14,7 @@ use gem_ton::signer::TonChainSigner; use gem_tron::signer::TronChainSigner; use gem_xrp::signer::XrpChainSigner; use primitives::{Chain, ChainSigner, ChainType, EVMChain, SignerError, SignerInput}; +use zeroize::Zeroizing; #[derive(uniffi::Object)] pub struct GemChainSigner { @@ -97,7 +98,8 @@ impl GemChainSigner { } pub fn sign_message(&self, message: Vec, private_key: Vec) -> Result { - self.dispatch_message(message, private_key, "message", |signer, msg, key| signer.sign_message(msg, key)) + let private_key = Zeroizing::new(private_key); + self.dispatch_message(&message, private_key.as_slice(), "message", |signer, msg, key| signer.sign_message(msg, key)) } } @@ -107,16 +109,16 @@ impl GemChainSigner { F: Fn(&dyn ChainSigner, &SignerInput, &[u8]) -> Result, { let signer_input: SignerInput = input.into(); - let key = private_key; + let private_key = Zeroizing::new(private_key); - method(self.signer.as_ref(), &signer_input, key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err)) + method(self.signer.as_ref(), &signer_input, private_key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err)) } - fn dispatch_message(&self, message: Vec, private_key: Vec, action: &'static str, method: F) -> Result + fn dispatch_message(&self, message: &[u8], private_key: &[u8], action: &'static str, method: F) -> Result where F: Fn(&dyn ChainSigner, &[u8], &[u8]) -> Result, { - method(self.signer.as_ref(), &message, &private_key).map_err(|err| map_signer_error(self.chain, action, err)) + method(self.signer.as_ref(), message, private_key).map_err(|err| map_signer_error(self.chain, action, err)) } } diff --git a/gemstone/src/signer/decode.rs b/gemstone/src/signer/decode.rs index 25d480d89..11c216f86 100644 --- a/gemstone/src/signer/decode.rs +++ b/gemstone/src/signer/decode.rs @@ -4,7 +4,8 @@ use zeroize::Zeroizing; #[uniffi::export] pub fn decode_private_key(chain: Chain, value: String) -> Result, GemstoneError> { - Ok(signer::decode_private_key(&chain, &value)?.to_vec()) + let mut private_key = signer::decode_private_key(&chain, &value)?; + Ok(std::mem::take(&mut private_key)) } #[uniffi::export] From 1b24a8c94caee83958f1d23001f7cade8022ef99 Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Tue, 26 May 2026 22:53:00 +0900 Subject: [PATCH 2/2] Update decode.rs --- gemstone/src/signer/decode.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemstone/src/signer/decode.rs b/gemstone/src/signer/decode.rs index 11c216f86..417d32271 100644 --- a/gemstone/src/signer/decode.rs +++ b/gemstone/src/signer/decode.rs @@ -5,7 +5,7 @@ use zeroize::Zeroizing; #[uniffi::export] pub fn decode_private_key(chain: Chain, value: String) -> Result, GemstoneError> { let mut private_key = signer::decode_private_key(&chain, &value)?; - Ok(std::mem::take(&mut private_key)) + Ok(std::mem::take(private_key.as_mut())) } #[uniffi::export]