2018-06-21 14:28:34 +00:00
|
|
|
# This file is part of the Trezor project.
|
|
|
|
#
|
2021-11-26 14:50:43 +00:00
|
|
|
# Copyright (C) 2012-2022 SatoshiLabs and contributors
|
2018-06-21 14:28:34 +00:00
|
|
|
#
|
|
|
|
# This library is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Lesser General Public License version 3
|
|
|
|
# as published by the Free Software Foundation.
|
|
|
|
#
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Lesser General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the License along with this library.
|
|
|
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
|
|
|
|
2022-06-23 07:27:48 +00:00
|
|
|
import warnings
|
2018-08-13 16:21:24 +00:00
|
|
|
from functools import reduce
|
2022-09-06 09:18:05 +00:00
|
|
|
from typing import TYPE_CHECKING, Iterable, Optional, Sequence, Tuple
|
2017-10-03 22:37:45 +00:00
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
from . import _ed25519, messages
|
2018-06-13 17:04:18 +00:00
|
|
|
from .tools import expect
|
|
|
|
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
if TYPE_CHECKING:
|
|
|
|
from .client import TrezorClient
|
|
|
|
from .tools import Address
|
|
|
|
from .protobuf import MessageType
|
|
|
|
|
2018-05-28 12:20:26 +00:00
|
|
|
# XXX, these could be NewType's, but that would infect users of the cosi module with these types as well.
|
|
|
|
# Unsure if we want that.
|
|
|
|
Ed25519PrivateKey = bytes
|
|
|
|
Ed25519PublicPoint = bytes
|
|
|
|
Ed25519Signature = bytes
|
2017-10-03 22:37:45 +00:00
|
|
|
|
2018-05-28 12:20:26 +00:00
|
|
|
|
|
|
|
def combine_keys(pks: Iterable[Ed25519PublicPoint]) -> Ed25519PublicPoint:
|
|
|
|
"""Combine a list of Ed25519 points into a "global" CoSi key."""
|
2018-05-25 11:07:02 +00:00
|
|
|
P = [_ed25519.decodepoint(pk) for pk in pks]
|
2018-10-12 10:20:41 +00:00
|
|
|
combine = reduce(_ed25519.edwards_add, P)
|
2018-05-28 12:20:26 +00:00
|
|
|
return Ed25519PublicPoint(_ed25519.encodepoint(combine))
|
2017-10-03 22:37:45 +00:00
|
|
|
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
def combine_sig(
|
|
|
|
global_R: Ed25519PublicPoint, sigs: Iterable[Ed25519Signature]
|
|
|
|
) -> Ed25519Signature:
|
2018-05-28 12:20:26 +00:00
|
|
|
"""Combine a list of signatures into a single CoSi signature."""
|
2018-05-25 11:07:02 +00:00
|
|
|
S = [_ed25519.decodeint(si) for si in sigs]
|
|
|
|
s = sum(S) % _ed25519.l
|
2018-05-28 12:20:26 +00:00
|
|
|
sig = global_R + _ed25519.encodeint(s)
|
|
|
|
return Ed25519Signature(sig)
|
|
|
|
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
def get_nonce(
|
|
|
|
sk: Ed25519PrivateKey, data: bytes, ctr: int = 0
|
|
|
|
) -> Tuple[int, Ed25519PublicPoint]:
|
2018-05-28 12:20:26 +00:00
|
|
|
"""Calculate CoSi nonces for given data.
|
|
|
|
These differ from Ed25519 deterministic nonces in that there is a counter appended at end.
|
2017-10-03 22:37:45 +00:00
|
|
|
|
2018-05-28 12:20:26 +00:00
|
|
|
Returns both the private point `r` and the partial signature `R`.
|
|
|
|
`r` is returned for performance reasons: :func:`sign_with_privkey`
|
|
|
|
takes it as its `nonce` argument so that it doesn't repeat the `get_nonce` call.
|
2017-10-03 22:37:45 +00:00
|
|
|
|
2018-05-28 12:20:26 +00:00
|
|
|
`R` should be combined with other partial signatures through :func:`combine_keys`
|
|
|
|
to obtain a "global commitment".
|
|
|
|
"""
|
2018-09-27 14:49:17 +00:00
|
|
|
# r = hash(hash(sk)[b .. 2b] + M + ctr)
|
|
|
|
# R = rB
|
2018-05-25 11:07:02 +00:00
|
|
|
h = _ed25519.H(sk)
|
2018-09-27 14:49:17 +00:00
|
|
|
bytesize = _ed25519.b // 8
|
|
|
|
assert len(h) == bytesize * 2
|
|
|
|
r = _ed25519.Hint(h[bytesize:] + data + ctr.to_bytes(4, "big"))
|
2018-05-25 11:07:02 +00:00
|
|
|
R = _ed25519.scalarmult(_ed25519.B, r)
|
2018-05-28 12:20:26 +00:00
|
|
|
return r, Ed25519PublicPoint(_ed25519.encodepoint(R))
|
2017-10-03 22:37:45 +00:00
|
|
|
|
|
|
|
|
2019-12-20 12:45:41 +00:00
|
|
|
def verify_combined(
|
2018-08-13 16:21:24 +00:00
|
|
|
signature: Ed25519Signature, digest: bytes, pub_key: Ed25519PublicPoint
|
|
|
|
) -> None:
|
2019-12-20 12:45:41 +00:00
|
|
|
"""Verify Ed25519 signature. Raise exception if the signature is invalid.
|
|
|
|
|
|
|
|
A CoSi combined signature is equivalent to a plain Ed25519 signature with a public
|
|
|
|
key that is a combination of the cosigners' public keys. This function takes the
|
|
|
|
combined public key and performs simple Ed25519 verification.
|
|
|
|
"""
|
2018-05-28 12:20:26 +00:00
|
|
|
# XXX this *might* change to bool function
|
2018-05-25 11:07:02 +00:00
|
|
|
_ed25519.checkvalid(signature, digest, pub_key)
|
2018-05-17 10:53:01 +00:00
|
|
|
|
|
|
|
|
2019-12-20 12:45:41 +00:00
|
|
|
def verify(
|
2018-10-12 10:20:41 +00:00
|
|
|
signature: Ed25519Signature,
|
|
|
|
digest: bytes,
|
2019-12-20 12:45:41 +00:00
|
|
|
sigs_required: int,
|
2022-09-06 09:18:05 +00:00
|
|
|
keys: Sequence[Ed25519PublicPoint],
|
2019-12-20 12:45:41 +00:00
|
|
|
mask: int,
|
2018-10-12 10:20:41 +00:00
|
|
|
) -> None:
|
2019-12-20 12:45:41 +00:00
|
|
|
"""Verify a CoSi multi-signature. Raise exception if the signature is invalid.
|
|
|
|
|
|
|
|
This function verifies a M-of-N signature scheme. The arguments are:
|
|
|
|
- the minimum number M of signatures required
|
|
|
|
- public keys of all N possible cosigners
|
|
|
|
- a bitmask specifying which of the N cosigners have produced the signature.
|
|
|
|
|
|
|
|
The verification checks that the mask specifies at least M cosigners, then combines
|
|
|
|
the selected public keys and verifies the signature against the combined key.
|
|
|
|
"""
|
|
|
|
if sigs_required < 1:
|
|
|
|
raise ValueError("At least one signer must be specified.")
|
|
|
|
if mask.bit_length() > len(keys):
|
|
|
|
raise ValueError("Sigmask specifies more public keys than provided.")
|
|
|
|
selected_keys = [key for i, key in enumerate(keys) if mask & (1 << i)]
|
|
|
|
if len(selected_keys) < sigs_required:
|
|
|
|
raise _ed25519.SignatureMismatch("Insufficient number of signatures.")
|
2018-10-12 10:20:41 +00:00
|
|
|
global_pk = combine_keys(selected_keys)
|
2019-12-20 12:45:41 +00:00
|
|
|
return verify_combined(signature, digest, global_pk)
|
2018-10-12 10:20:41 +00:00
|
|
|
|
|
|
|
|
2018-05-28 12:20:26 +00:00
|
|
|
def pubkey_from_privkey(privkey: Ed25519PrivateKey) -> Ed25519PublicPoint:
|
|
|
|
"""Interpret 32 bytes of data as an Ed25519 private key.
|
2020-09-25 11:59:16 +00:00
|
|
|
Calculate and return the corresponding public key.
|
|
|
|
"""
|
2018-10-12 10:20:41 +00:00
|
|
|
return Ed25519PublicPoint(_ed25519.publickey_unsafe(privkey))
|
2018-05-25 11:12:42 +00:00
|
|
|
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
def sign_with_privkey(
|
|
|
|
digest: bytes,
|
|
|
|
privkey: Ed25519PrivateKey,
|
|
|
|
global_pubkey: Ed25519PublicPoint,
|
|
|
|
nonce: int,
|
|
|
|
global_commit: Ed25519PublicPoint,
|
|
|
|
) -> Ed25519Signature:
|
2018-05-28 12:20:26 +00:00
|
|
|
"""Create a CoSi signature of `digest` with the supplied private key.
|
|
|
|
This function needs to know the global public key and global commitment.
|
|
|
|
"""
|
2018-09-27 14:49:17 +00:00
|
|
|
h = _ed25519.H(privkey)
|
2018-10-12 10:20:41 +00:00
|
|
|
a = _ed25519.decodecoord(h)
|
2018-09-27 14:49:17 +00:00
|
|
|
|
2018-05-25 11:07:02 +00:00
|
|
|
S = (nonce + _ed25519.Hint(global_commit + global_pubkey + digest) * a) % _ed25519.l
|
2018-05-28 12:20:26 +00:00
|
|
|
return Ed25519Signature(_ed25519.encodeint(S))
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
2018-08-10 14:05:14 +00:00
|
|
|
# ====== Client functions ====== #
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
@expect(messages.CosiCommitment)
|
2022-06-23 07:27:48 +00:00
|
|
|
def commit(
|
|
|
|
client: "TrezorClient", n: "Address", data: Optional[bytes] = None
|
|
|
|
) -> "MessageType":
|
|
|
|
if data is not None:
|
|
|
|
warnings.warn(
|
|
|
|
"'data' argument is deprecated",
|
|
|
|
DeprecationWarning,
|
|
|
|
stacklevel=2,
|
|
|
|
)
|
|
|
|
|
|
|
|
return client.call(messages.CosiCommit(address_n=n))
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
@expect(messages.CosiSignature)
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
def sign(
|
|
|
|
client: "TrezorClient",
|
|
|
|
n: "Address",
|
|
|
|
data: bytes,
|
|
|
|
global_commitment: bytes,
|
|
|
|
global_pubkey: bytes,
|
|
|
|
) -> "MessageType":
|
2018-08-13 16:21:24 +00:00
|
|
|
return client.call(
|
|
|
|
messages.CosiSign(
|
|
|
|
address_n=n,
|
|
|
|
data=data,
|
|
|
|
global_commitment=global_commitment,
|
|
|
|
global_pubkey=global_pubkey,
|
|
|
|
)
|
|
|
|
)
|