sui_sdk/
verify_personal_message_signature.rs

1// Copyright (c) Mysten Labs, Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4use std::sync::Arc;
5
6use crate::{SuiClient, error::Error};
7use fastcrypto::encoding::{Base64, Encoding};
8use fastcrypto::traits::ToFromBytes;
9use shared_crypto::intent::{Intent, IntentMessage, PersonalMessage};
10use sui_json_rpc_types::ZkLoginIntentScope;
11use sui_types::{
12    base_types::SuiAddress,
13    signature::{AuthenticatorTrait, GenericSignature, VerifyParams},
14    signature_verification::VerifiedDigestCache,
15};
16
17/// Verify a signature against a personal message bytes and the sui address.
18/// SuiClient is required to pass in if zkLogin signature is supplied.
19pub async fn verify_personal_message_signature(
20    signature: GenericSignature,
21    message: &[u8],
22    address: SuiAddress,
23    client: Option<SuiClient>,
24) -> Result<(), Error> {
25    let intent_msg = IntentMessage::new(
26        Intent::personal_message(),
27        PersonalMessage {
28            message: message.to_vec(),
29        },
30    );
31    match signature {
32        GenericSignature::ZkLoginAuthenticator(ref _sig) => {
33            if let Some(client) = client {
34                let bytes = Base64::encode(message);
35                let sig_string = Base64::encode(signature.as_bytes());
36                let res = client
37                    .read_api()
38                    .verify_zklogin_signature(
39                        bytes,
40                        sig_string,
41                        ZkLoginIntentScope::PersonalMessage,
42                        address,
43                    )
44                    .await?;
45                if res.success {
46                    Ok(())
47                } else {
48                    Err(Error::InvalidSignature)
49                }
50            } else {
51                Err(Error::InvalidSignature)
52            }
53        }
54        _ => signature
55            .verify_claims::<PersonalMessage>(
56                &intent_msg,
57                address,
58                &VerifyParams::default(),
59                Arc::new(VerifiedDigestCache::new_empty()),
60            )
61            .map_err(|_| Error::InvalidSignature),
62    }
63}