Skip to content

feat: add VerifyDER, test vector generator, and snap planning docs#176

Merged
salindne merged 5 commits intomainfrom
feat/phase1-crypto-compat
Apr 17, 2026
Merged

feat: add VerifyDER, test vector generator, and snap planning docs#176
salindne merged 5 commits intomainfrom
feat/phase1-crypto-compat

Conversation

@salindne
Copy link
Copy Markdown
Contributor

@salindne salindne commented Apr 1, 2026

Summary

Phase 1 of the MetaMask Snap non-custodial signing effort (see docs/non-custodial-snap-plan.md):

  • VerifyDER (pkg/keys/canton_keys.go) — Server-side verification of DER-encoded ECDSA signatures against a compressed public key and pre-hashed digest. Validates DER structure, low-S normalization, and signature correctness. Needed by the transfer execute endpoint to validate client-provided signatures before forwarding to Canton.
  • cmd/generate-test-vectors — Generates deterministic crypto test vectors (SPKI DER, fingerprints, DER signatures) from hardcoded private keys. Output is a JSON file for cross-validation with the canton-snap TypeScript implementation. Run via make test-vectors.
  • Planning docsdocs/non-custodial-snap-plan.md (full hybrid architecture plan) and docs/phase1-crypto-compatibility.md (detailed Phase 1 task breakdown).

Test plan

  • TestVerifyDER — valid sig, wrong hash, wrong pubkey, malformed DER, wrong hash length, trailing bytes
  • TestVerifyDERWithKnownVector — deterministic key produces verifiable signature
  • cmd/generate-test-vectors self-verifies all generated signatures via VerifyDER
  • make lint passes
  • go test ./pkg/keys/ passes

gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a comprehensive implementation plan for non-custodial signing via MetaMask Snaps, alongside a new utility for generating deterministic crypto test vectors to ensure cross-platform compatibility with TypeScript. The changes also include the addition of a VerifyDER function in the keys package to validate DER-encoded ECDSA signatures. Review feedback suggests improving the VerifyDER implementation by using standard library constants for the secp256k1 curve order and adopting more efficient, idiomatic signature verification methods instead of public key recovery.

Comment thread pkg/keys/canton_keys.go Outdated
Comment thread pkg/keys/canton_keys.go Outdated
@salindne salindne force-pushed the feat/phase1-crypto-compat branch from 3b19432 to d2060f8 Compare April 1, 2026 18:32
salindne added 4 commits April 13, 2026 13:09
@salindne
feat: add VerifyDER, test vector generator, and snap planning docs
25dfb7c 
Add VerifyDER to pkg/keys for server-side validation of client-provided
DER signatures before forwarding to Canton. This is needed for the
non-custodial transfer execute endpoint.

Add cmd/generate-test-vectors to produce deterministic crypto test
vectors (SPKI DER, fingerprints, DER signatures) for cross-validation
with the canton-snap TypeScript implementation.

Add planning docs for the MetaMask Snap non-custodial signing approach.
@salindne
feat: add T5 Canton integration test for snap crypto
7da319b 
Integration test that proves Canton accepts signatures from
test vector keys — the same keys validated by canton-snap
TypeScript cross-validation tests (T3).

Test flow: register external party with test vector key → mint
→ prepare transfer → sign with test vector key → execute → verify
balances.

Run with: go run scripts/testing/test-snap-crypto.go
Requires local Canton environment (bootstrap-local.sh).
@salindne
docs: add Phase 2 snap scaffold implementation plan
32bb75e
@salindne
chore: move planning docs to docs/plans/ (gitignored)
6bea609
@salindne salindne force-pushed the feat/phase1-crypto-compat branch from 71e473b to 6bea609 Compare April 13, 2026 19:10
@salindne
fix: use crypto.S256() for curve order and VerifySignature for direct…
0b6d828 
… verification

Address review feedback:
- Use crypto.S256().Params().N instead of hardcoded secp256k1 curve order
- Replace recovery-based verification loop with crypto.VerifySignature
  for direct, more efficient public key verification
@salindne salindne merged commit 6e74fe0 into main Apr 17, 2026
2 checks passed
@salindne salindne deleted the feat/phase1-crypto-compat branch April 17, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sadiq1971 sadiq1971 sadiq1971 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@salindne @sadiq1971