Avoid extra to_vec for key copy (#1160)

0xh3rman · web-flow · commit 3cf11500d26b · 2026-05-26T16:14:47.000+01:00
diff --git a/crates/gem_algorand/src/signer/signing.rs b/crates/gem_algorand/src/signer/signing.rs
@@ -12,7 +12,7 @@ pub(crate) fn sign_transaction(transaction: &AlgorandTransaction, private_key: &
     preimage.extend_from_slice(TX_TAG);
     preimage.extend_from_slice(&encoded);
 
-    let signature = Signer::sign_digest(SignatureScheme::Ed25519, preimage, private_key.to_vec())?;
+    let signature = Signer::sign_digest(SignatureScheme::Ed25519, &preimage, private_key)?;
     let signed = encode_signed_transaction(&encoded, &signature);
     Ok(hex::encode(signed))
 }
diff --git a/crates/gem_bitcoin/src/signer/signature.rs b/crates/gem_bitcoin/src/signer/signature.rs
@@ -9,7 +9,7 @@ pub fn sign_personal(data: &[u8], private_key: &[u8]) -> Result<BitcoinSignDataR
     let message = BitcoinSignMessageData::from_bytes(data)?;
     let hash = message.hash();
 
-    let signed = Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key.to_vec()).map_err(|e| SignerError::InvalidInput(e.to_string()))?;
+    let signed = Signer::sign_digest(SignatureScheme::Secp256k1, &hash, private_key).map_err(|e| SignerError::InvalidInput(e.to_string()))?;
 
     // BIP137: [header(1), r(32), s(32)] from [r(32), s(32), recovery_id(1)]
     let recovery_id = signed[RECOVERY_ID_INDEX];
diff --git a/crates/gem_cosmos/src/signer/chain_signer.rs b/crates/gem_cosmos/src/signer/chain_signer.rs
@@ -152,7 +152,7 @@ impl CosmosChainSigner {
         let sign_doc_bytes = params.encode_sign_doc(&params.body_bytes, &auth_info_bytes);
 
         let digest = Self::sign_doc_digest(chain, &sign_doc_bytes);
-        let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;
+        let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, &digest, private_key)?;
         if signature.len() < 64 {
             return Err(SignerError::signing_error("secp256k1 signature too short"));
         }
diff --git a/crates/gem_tron/src/signer/transaction.rs b/crates/gem_tron/src/signer/transaction.rs
@@ -125,7 +125,7 @@ fn sign_contract(input: &SignerInput, contract: TronContract, fee_limit: u64, pr
 }
 
 fn sign_raw_hash(hash: &[u8], private_key: &[u8]) -> Result<String, SignerError> {
-    Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash.to_vec(), private_key.to_vec())?))
+    Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key)?))
 }
 
 fn encode_trc20_transfer(destination: &TronAddress, value: &str) -> Result<Vec<u8>, SignerError> {
diff --git a/crates/gem_xrp/src/signer/transaction.rs b/crates/gem_xrp/src/signer/transaction.rs
@@ -97,7 +97,7 @@ impl XrpTransaction {
         preimage.extend_from_slice(&SIGNING_PREFIX);
         preimage.extend_from_slice(&unsigned);
         let digest = sha512_half(&preimage);
-        let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;
+        let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, &digest, private_key)?;
         if signature.len() < 64 {
             return Err(SignerError::signing_error("secp256k1 signature too short"));
         }
diff --git a/crates/signer/src/lib.rs b/crates/signer/src/lib.rs
@@ -10,8 +10,6 @@ pub(crate) mod testkit {
     pub const TEST_PRIVATE_KEY: &str = "1e9d38b5274152a78dff1a86fa464ceadc1f4238ca2c17060c3c507349424a34";
 }
 
-use zeroize::Zeroizing;
-
 pub use crate::address::Base32Address;
 pub use crate::ed25519::{ED25519_KEY_TYPE, Ed25519KeyPair};
 pub use crate::error::InvalidInput;
@@ -34,18 +32,16 @@ pub enum SignatureScheme {
 }
 
 impl Signer {
-    pub fn sign_digest(scheme: SignatureScheme, digest: Vec<u8>, private_key: Vec<u8>) -> Result<Vec<u8>, SignerError> {
-        let private_key = Zeroizing::new(private_key);
+    pub fn sign_digest(scheme: SignatureScheme, digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {
         match scheme {
-            SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(&private_key)?.sign(&digest).to_vec()),
-            SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(&digest, &private_key),
+            SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(private_key)?.sign(digest).to_vec()),
+            SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(digest, private_key),
         }
     }
 
     /// Sign a secp256k1 digest returning [r(32), s(32), v(1)] where v ∈ {27, 28}.
     pub fn sign_ethereum_digest(digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {
-        let private_key = Zeroizing::new(private_key.to_vec());
-        secp256k1::sign_ethereum_digest(digest, &private_key)
+        secp256k1::sign_ethereum_digest(digest, private_key)
     }
 
     pub fn sign_eip712(typed_data_json: &str, private_key: &[u8]) -> Result<String, SignerError> {
diff --git a/gemstone/src/message/signer.rs b/gemstone/src/message/signer.rs
@@ -173,7 +173,7 @@ impl MessageSigner {
             }
             SignDigestType::Base58 => {
                 let hash = self.hash()?;
-                let signed = Signer::sign_digest(SignatureScheme::Ed25519, hash, private_key.to_vec())?;
+                let signed = Signer::sign_digest(SignatureScheme::Ed25519, &hash, private_key.as_slice())?;
                 Ok(self.get_result(&signed))
             }
         }
diff --git a/gemstone/src/signer/chain.rs b/gemstone/src/signer/chain.rs
@@ -14,6 +14,7 @@ use gem_ton::signer::TonChainSigner;
 use gem_tron::signer::TronChainSigner;
 use gem_xrp::signer::XrpChainSigner;
 use primitives::{Chain, ChainSigner, ChainType, EVMChain, SignerError, SignerInput};
+use zeroize::Zeroizing;
 
 #[derive(uniffi::Object)]
 pub struct GemChainSigner {
@@ -97,7 +98,8 @@ impl GemChainSigner {
     }
 
     pub fn sign_message(&self, message: Vec<u8>, private_key: Vec<u8>) -> Result<String, GemstoneError> {
-        self.dispatch_message(message, private_key, "message", |signer, msg, key| signer.sign_message(msg, key))
+        let private_key = Zeroizing::new(private_key);
+        self.dispatch_message(&message, private_key.as_slice(), "message", |signer, msg, key| signer.sign_message(msg, key))
     }
 }
 
@@ -107,16 +109,16 @@ impl GemChainSigner {
         F: Fn(&dyn ChainSigner, &SignerInput, &[u8]) -> Result<T, SignerError>,
     {
         let signer_input: SignerInput = input.into();
-        let key = private_key;
+        let private_key = Zeroizing::new(private_key);
 
-        method(self.signer.as_ref(), &signer_input, key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err))
+        method(self.signer.as_ref(), &signer_input, private_key.as_slice()).map_err(|err| map_signer_error(self.chain, action, err))
     }
 
-    fn dispatch_message<T, F>(&self, message: Vec<u8>, private_key: Vec<u8>, action: &'static str, method: F) -> Result<T, GemstoneError>
+    fn dispatch_message<T, F>(&self, message: &[u8], private_key: &[u8], action: &'static str, method: F) -> Result<T, GemstoneError>
     where
         F: Fn(&dyn ChainSigner, &[u8], &[u8]) -> Result<T, SignerError>,
     {
-        method(self.signer.as_ref(), &message, &private_key).map_err(|err| map_signer_error(self.chain, action, err))
+        method(self.signer.as_ref(), message, private_key).map_err(|err| map_signer_error(self.chain, action, err))
     }
 }
 
diff --git a/gemstone/src/signer/decode.rs b/gemstone/src/signer/decode.rs
@@ -4,7 +4,8 @@ use zeroize::Zeroizing;
 
 #[uniffi::export]
 pub fn decode_private_key(chain: Chain, value: String) -> Result<Vec<u8>, GemstoneError> {
-    Ok(signer::decode_private_key(&chain, &value)?.to_vec())
+    let mut private_key = signer::decode_private_key(&chain, &value)?;
+    Ok(std::mem::take(private_key.as_mut()))
 }
 
 #[uniffi::export]

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ pub(crate) fn sign_transaction(transaction: &AlgorandTransaction, private_key: &`
`12`	`12`	`preimage.extend_from_slice(TX_TAG);`
`13`	`13`	`preimage.extend_from_slice(&encoded);`
`14`	`14`
`15`		`- let signature = Signer::sign_digest(SignatureScheme::Ed25519, preimage, private_key.to_vec())?;`
	`15`	`+ let signature = Signer::sign_digest(SignatureScheme::Ed25519, &preimage, private_key)?;`
`16`	`16`	`let signed = encode_signed_transaction(&encoded, &signature);`
`17`	`17`	`Ok(hex::encode(signed))`
`18`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ impl CosmosChainSigner {`
`152`	`152`	`let sign_doc_bytes = params.encode_sign_doc(&params.body_bytes, &auth_info_bytes);`
`153`	`153`
`154`	`154`	`let digest = Self::sign_doc_digest(chain, &sign_doc_bytes);`
`155`		`- let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;`
	`155`	`+ let mut signature = Signer::sign_digest(SignatureScheme::Secp256k1, &digest, private_key)?;`
`156`	`156`	`if signature.len() < 64 {`
`157`	`157`	`return Err(SignerError::signing_error("secp256k1 signature too short"));`
`158`	`158`	`}`
Original file line number	Diff line number	Diff line change
`@@ -125,7 +125,7 @@ fn sign_contract(input: &SignerInput, contract: TronContract, fee_limit: u64, pr`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`fn sign_raw_hash(hash: &[u8], private_key: &[u8]) -> Result<String, SignerError> {`
`128`		`- Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash.to_vec(), private_key.to_vec())?))`
	`128`	`+ Ok(hex::encode(Signer::sign_digest(SignatureScheme::Secp256k1, hash, private_key)?))`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`fn encode_trc20_transfer(destination: &TronAddress, value: &str) -> Result<Vec<u8>, SignerError> {`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ impl XrpTransaction {`
`97`	`97`	`preimage.extend_from_slice(&SIGNING_PREFIX);`
`98`	`98`	`preimage.extend_from_slice(&unsigned);`
`99`	`99`	`let digest = sha512_half(&preimage);`
`100`		`- let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, digest.to_vec(), private_key.to_vec())?;`
	`100`	`+ let mut signature = ::signer::Signer::sign_digest(::signer::SignatureScheme::Secp256k1, &digest, private_key)?;`
`101`	`101`	`if signature.len() < 64 {`
`102`	`102`	`return Err(SignerError::signing_error("secp256k1 signature too short"));`
`103`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,6 @@ pub(crate) mod testkit {`
`10`	`10`	`pub const TEST_PRIVATE_KEY: &str = "1e9d38b5274152a78dff1a86fa464ceadc1f4238ca2c17060c3c507349424a34";`
`11`	`11`	`}`
`12`	`12`
`13`		`-use zeroize::Zeroizing;`
`14`		`-`
`15`	`13`	`pub use crate::address::Base32Address;`
`16`	`14`	`pub use crate::ed25519::{ED25519_KEY_TYPE, Ed25519KeyPair};`
`17`	`15`	`pub use crate::error::InvalidInput;`
`@@ -34,18 +32,16 @@ pub enum SignatureScheme {`
`34`	`32`	`}`
`35`	`33`
`36`	`34`	`impl Signer {`
`37`		`- pub fn sign_digest(scheme: SignatureScheme, digest: Vec<u8>, private_key: Vec<u8>) -> Result<Vec<u8>, SignerError> {`
`38`		`- let private_key = Zeroizing::new(private_key);`
	`35`	`+ pub fn sign_digest(scheme: SignatureScheme, digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {`
`39`	`36`	`match scheme {`
`40`		`- SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(&private_key)?.sign(&digest).to_vec()),`
`41`		`- SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(&digest, &private_key),`
	`37`	`+ SignatureScheme::Ed25519 => Ok(Ed25519KeyPair::from_private_key(private_key)?.sign(digest).to_vec()),`
	`38`	`+ SignatureScheme::Secp256k1 => secp256k1::sign_digest_append_recovery(digest, private_key),`
`42`	`39`	`}`
`43`	`40`	`}`
`44`	`41`
`45`	`42`	`/// Sign a secp256k1 digest returning [r(32), s(32), v(1)] where v ∈ {27, 28}.`
`46`	`43`	`pub fn sign_ethereum_digest(digest: &[u8], private_key: &[u8]) -> Result<Vec<u8>, SignerError> {`
`47`		`- let private_key = Zeroizing::new(private_key.to_vec());`
`48`		`- secp256k1::sign_ethereum_digest(digest, &private_key)`
	`44`	`+ secp256k1::sign_ethereum_digest(digest, private_key)`
`49`	`45`	`}`
`50`	`46`
`51`	`47`	`pub fn sign_eip712(typed_data_json: &str, private_key: &[u8]) -> Result<String, SignerError> {`
Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,7 @@ impl MessageSigner {`
`173`	`173`	`}`
`174`	`174`	`SignDigestType::Base58 => {`
`175`	`175`	`let hash = self.hash()?;`
`176`		`- let signed = Signer::sign_digest(SignatureScheme::Ed25519, hash, private_key.to_vec())?;`
	`176`	`+ let signed = Signer::sign_digest(SignatureScheme::Ed25519, &hash, private_key.as_slice())?;`
`177`	`177`	`Ok(self.get_result(&signed))`
`178`	`178`	`}`
`179`	`179`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ use gem_ton::signer::TonChainSigner;`
`14`	`14`	`use gem_tron::signer::TronChainSigner;`
`15`	`15`	`use gem_xrp::signer::XrpChainSigner;`
`16`	`16`	`use primitives::{Chain, ChainSigner, ChainType, EVMChain, SignerError, SignerInput};`
	`17`	`+use zeroize::Zeroizing;`
`17`	`18`
`18`	`19`	`#[derive(uniffi::Object)]`
`19`	`20`	`pub struct GemChainSigner {`
`@@ -97,7 +98,8 @@ impl GemChainSigner {`
`97`	`98`	`}`
`98`	`99`
`99`	`100`	`pub fn sign_message(&self, message: Vec<u8>, private_key: Vec<u8>) -> Result<String, GemstoneError> {`
`100`		`- self.dispatch_message(message, private_key, "message", \|signer, msg, key\| signer.sign_message(msg, key))`
	`101`	`+ let private_key = Zeroizing::new(private_key);`
	`102`	`+ self.dispatch_message(&message, private_key.as_slice(), "message", \|signer, msg, key\| signer.sign_message(msg, key))`
`101`	`103`	`}`
`102`	`104`	`}`
`103`	`105`
`@@ -107,16 +109,16 @@ impl GemChainSigner {`
`107`	`109`	`F: Fn(&dyn ChainSigner, &SignerInput, &[u8]) -> Result<T, SignerError>,`
`108`	`110`	`{`
`109`	`111`	`let signer_input: SignerInput = input.into();`
`110`		`- let key = private_key;`
	`112`	`+ let private_key = Zeroizing::new(private_key);`
`111`	`113`
`112`		`- method(self.signer.as_ref(), &signer_input, key.as_slice()).map_err(\|err\| map_signer_error(self.chain, action, err))`
	`114`	`+ method(self.signer.as_ref(), &signer_input, private_key.as_slice()).map_err(\|err\| map_signer_error(self.chain, action, err))`
`113`	`115`	`}`
`114`	`116`
`115`		`- fn dispatch_message<T, F>(&self, message: Vec<u8>, private_key: Vec<u8>, action: &'static str, method: F) -> Result<T, GemstoneError>`
	`117`	`+ fn dispatch_message<T, F>(&self, message: &[u8], private_key: &[u8], action: &'static str, method: F) -> Result<T, GemstoneError>`
`116`	`118`	`where`
`117`	`119`	`F: Fn(&dyn ChainSigner, &[u8], &[u8]) -> Result<T, SignerError>,`
`118`	`120`	`{`
`119`		`- method(self.signer.as_ref(), &message, &private_key).map_err(\|err\| map_signer_error(self.chain, action, err))`
	`121`	`+ method(self.signer.as_ref(), message, private_key).map_err(\|err\| map_signer_error(self.chain, action, err))`
`120`	`122`	`}`
`121`	`123`	`}`
`122`	`124`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,8 @@ use zeroize::Zeroizing;`
`4`	`4`
`5`	`5`	`#[uniffi::export]`
`6`	`6`	`pub fn decode_private_key(chain: Chain, value: String) -> Result<Vec<u8>, GemstoneError> {`
`7`		`- Ok(signer::decode_private_key(&chain, &value)?.to_vec())`
	`7`	`+ let mut private_key = signer::decode_private_key(&chain, &value)?;`
	`8`	`+ Ok(std::mem::take(private_key.as_mut()))`
`8`	`9`	`}`
`9`	`10`
`10`	`11`	`#[uniffi::export]`