Avoid extra to_vec for key copy

crates/gem_algorand/src/signer/signing.rs

@@ -12,7 +12,7 @@ pub(crate) fn sign_transaction(transaction: &AlgorandTransaction, private_key: &
     preimage.extend_from_slice(TX_TAG);
     preimage.extend_from_slice(&encoded);
 
-    let signature = Signer::sign_digest(SignatureScheme::Ed25519, preimage, private_key.to_vec())?;
+    let signature = Signer::sign_digest(SignatureScheme::Ed25519, &preimage, private_key)?;
     let signed = encode_signed_transaction(&encoded, &signature);
     Ok(hex::encode(signed))
 }

crates/gem_bitcoin/src/signer/signature.rs

@@ -9,7 +9,7 @@ pub fn sign_personal(data: &[u8], private_key: &[u8]) -> Result<BitcoinSignDataR
     let message = BitcoinSignMessageData::from_bytes(data)?;
     let hash = message.hash();
 
-    let signed = Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key.to_vec()).map_err(|e| SignerError::InvalidInput(e.to_string()))?;
+    let signed = Signer::sign_digest(SignatureScheme::Secp256k1, &hash, private_key).map_err(|e| SignerError::InvalidInput(e.to_string()))?;
 
     // BIP137: [header(1), r(32), s(32)] from [r(32), s(32), recovery_id(1)]
     let recovery_id = signed[RECOVERY_ID_INDEX];

crates/gem_cosmos/src/signer/chain_signer.rs

@@ -152,7 +152,7 @@ impl CosmosChainSigner {
         let sign_doc_bytes = params.encode_sign_doc(&params.body_bytes, &auth_info_bytes);
 
         let digest = Self::sign_doc_digest(chain, &sign_doc_bytes);
-        let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;
+        let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, &digest, private_key)?;
         if signature.len() < 64 {
             return Err(SignerError::signing_error("secp256k1 signature too short"));
         }

crates/gem_tron/src/signer/transaction.rs

@@ -125,7 +125,7 @@ fn sign_contract(input: &SignerInput, contract: TronContract, fee_limit: u64, pr
 }
 
 fn sign_raw_hash(hash: &[u8], private_key: &[u8]) -> Result<String, SignerError> {
-    Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash.to_vec(), private_key.to_vec())?))
+    Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key)?))
 }
 
 fn encode_trc20_transfer(destination: &TronAddress, value: &str) -> Result<Vec<u8>, SignerError> {

crates/gem_xrp/src/signer/transaction.rs

@@ -97,7 +97,7 @@ impl XrpTransaction {
         preimage.extend_from_slice(&SIGNING_PREFIX);
         preimage.extend_from_slice(&unsigned);
         let digest = sha512_half(&preimage);
-        let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;
+        let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, &digest, private_key)?;
         if signature.len() < 64 {
             return Err(SignerError::signing_error("secp256k1 signature too short"));
         }

crates/signer/src/lib.rs

@@ -10,8 +10,6 @@ pub(crate) mod testkit {
     pub const TEST_PRIVATE_KEY: &str = "1e9d38b5274152a78dff1a86fa464ceadc1f4238ca2c17060c3c507349424a34";
 }
 
-use zeroize::Zeroizing;
-
 pub use crate::address::Base32Address;
 pub use crate::ed25519::{ED25519_KEY_TYPE, Ed25519KeyPair};
 pub use crate::error::InvalidInput;
@@ -34,18 +32,16 @@ pub enum SignatureScheme {
 }
 
 impl Signer {
-    pub fn sign_digest(scheme: SignatureScheme, digest: Vec<u8>, private_key: Vec<u8>) -> Result<Vec<u8>, SignerError> {
-        let private_key = Zeroizing::new(private_key);
+    pub fn sign_digest(scheme: SignatureScheme, digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {
         match scheme {
-            SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(&private_key)?.sign(&digest).to_vec()),
-            SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(&digest, &private_key),
+            SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(private_key)?.sign(digest).to_vec()),
+            SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(digest, private_key),
         }
     }
 
     /// Sign a secp256k1 digest returning [r(32), s(32), v(1)] where v ∈ {27, 28}.
     pub fn sign_ethereum_digest(digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {
-        let private_key = Zeroizing::new(private_key.to_vec());
-        secp256k1::sign_ethereum_digest(digest, &private_key)
+        secp256k1::sign_ethereum_digest(digest, private_key)
     }
 
     pub fn sign_eip712(typed_data_json: &str, private_key: &[u8]) -> Result<String, SignerError> {

gemstone/src/message/signer.rs

@@ -173,7 +173,7 @@ impl MessageSigner {
             }
             SignDigestType::Base58 => {
                 let hash = self.hash()?;
-                let signed = Signer::sign_digest(SignatureScheme::Ed25519, hash, private_key.to_vec())?;
+                let signed = Signer::sign_digest(SignatureScheme::Ed25519, &hash, private_key.as_slice())?;
                 Ok(self.get_result(&signed))
             }
         }

gemstone/src/signer/chain.rs

@@ -14,6 +14,7 @@ use gem_ton::signer::TonChainSigner;
 use gem_tron::signer::TronChainSigner;
 use gem_xrp::signer::XrpChainSigner;
 use primitives::{Chain, ChainSigner, ChainType, EVMChain, SignerError, SignerInput};
+use zeroize::Zeroizing;
 
 #[derive(uniffi::Object)]
 pub struct GemChainSigner {
@@ -97,7 +98,8 @@ impl GemChainSigner {
     }
 
     pub fn sign_message(&self, message: Vec<u8>, private_key: Vec<u8>) -> Result<String, GemstoneError> {
-        self.dispatch_message(message, private_key, "message", |signer, msg, key| signer.sign_message(msg, key))
+        let private_key = Zeroizing::new(private_key);
+        self.dispatch_message(&message, private_key.as_slice(), "message", |signer, msg, key| signer.sign_message(msg, key))
     }
 }
 
@@ -107,16 +109,16 @@ impl GemChainSigner {
         F: Fn(&dyn ChainSigner, &SignerInput, &[u8]) -> Result<T, SignerError>,
     {
         let signer_input: SignerInput = input.into();
-        let key = private_key;
+        let private_key = Zeroizing::new(private_key);
 
-        method(self.signer.as_ref(), &signer_input, key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err))
+        method(self.signer.as_ref(), &signer_input, private_key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err))
     }
 
-    fn dispatch_message<T, F>(&self, message: Vec<u8>, private_key: Vec<u8>, action: &'static str, method: F) -> Result<T, GemstoneError>
+    fn dispatch_message<T, F>(&self, message: &[u8], private_key: &[u8], action: &'static str, method: F) -> Result<T, GemstoneError>
     where
         F: Fn(&dyn ChainSigner, &[u8], &[u8]) -> Result<T, SignerError>,
     {
-        method(self.signer.as_ref(), &message, &private_key).map_err(|err| map_signer_error(self.chain, action, err))
+        method(self.signer.as_ref(), message, private_key).map_err(|err| map_signer_error(self.chain, action, err))
     }
 }
 

gemstone/src/signer/decode.rs

@@ -4,7 +4,8 @@ use zeroize::Zeroizing;
 
 #[uniffi::export]
 pub fn decode_private_key(chain: Chain, value: String) -> Result<Vec<u8>, GemstoneError> {
-    Ok(signer::decode_private_key(&chain, &value)?.to_vec())
+    let mut private_key = signer::decode_private_key(&chain, &value)?;
+    Ok(std::mem::take(private_key.as_mut()))
 }
 
 #[uniffi::export]