1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00
trezor-firmware/tests/device_tests/test_cosi.py

98 lines
3.6 KiB
Python
Raw Normal View History

# This file is part of the Trezor project.
2017-10-03 22:37:45 +00:00
#
2019-05-29 16:44:09 +00:00
# Copyright (C) 2012-2019 SatoshiLabs and contributors
2017-10-03 22:37:45 +00:00
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
2017-10-03 22:37:45 +00:00
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
2017-10-03 22:37:45 +00:00
from hashlib import sha256
2018-08-13 16:21:24 +00:00
import pytest
2017-10-03 22:37:45 +00:00
2018-08-13 16:21:24 +00:00
from trezorlib import cosi
2018-04-18 13:53:40 +00:00
from trezorlib.tools import parse_path
2017-10-03 22:37:45 +00:00
@pytest.mark.skip_t2
2019-09-11 12:29:39 +00:00
class TestCosi:
def test_cosi_commit(self, client):
2018-08-13 16:21:24 +00:00
digest = sha256(b"this is a message").digest()
2017-10-03 22:37:45 +00:00
c0 = cosi.commit(client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(client, parse_path("10018'/2'"), digest)
2017-10-03 22:37:45 +00:00
assert c0.pubkey != c1.pubkey
assert c0.pubkey != c2.pubkey
assert c1.pubkey != c2.pubkey
assert c0.commitment != c1.commitment
assert c0.commitment != c2.commitment
assert c1.commitment != c2.commitment
2018-08-13 16:21:24 +00:00
digestb = sha256(b"this is a different message").digest()
2017-10-03 22:37:45 +00:00
c0b = cosi.commit(client, parse_path("10018'/0'"), digestb)
c1b = cosi.commit(client, parse_path("10018'/1'"), digestb)
c2b = cosi.commit(client, parse_path("10018'/2'"), digestb)
2017-10-03 22:37:45 +00:00
assert c0.pubkey == c0b.pubkey
assert c1.pubkey == c1b.pubkey
assert c2.pubkey == c2b.pubkey
assert c0.commitment != c0b.commitment
assert c1.commitment != c1b.commitment
assert c2.commitment != c2b.commitment
def test_cosi_sign(self, client):
2018-08-13 16:21:24 +00:00
digest = sha256(b"this is a message").digest()
2017-10-03 22:37:45 +00:00
c0 = cosi.commit(client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(client, parse_path("10018'/2'"), digest)
2017-10-03 22:37:45 +00:00
global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey])
global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment])
2017-10-03 22:37:45 +00:00
2018-08-13 16:21:24 +00:00
# fmt: off
sig0 = cosi.sign(client, parse_path("10018'/0'"), digest, global_R, global_pk)
sig1 = cosi.sign(client, parse_path("10018'/1'"), digest, global_R, global_pk)
sig2 = cosi.sign(client, parse_path("10018'/2'"), digest, global_R, global_pk)
2018-08-13 16:21:24 +00:00
# fmt: on
2017-10-03 22:37:45 +00:00
2018-08-13 16:21:24 +00:00
sig = cosi.combine_sig(
global_R, [sig0.signature, sig1.signature, sig2.signature]
)
2017-10-03 22:37:45 +00:00
cosi.verify_combined(sig, digest, global_pk)
def test_cosi_compat(self, client):
2018-08-13 16:21:24 +00:00
digest = sha256(b"this is not a pipe").digest()
remote_commit = cosi.commit(client, parse_path("10018'/0'"), digest)
2018-08-13 16:21:24 +00:00
local_privkey = sha256(b"private key").digest()[:32]
local_pubkey = cosi.pubkey_from_privkey(local_privkey)
local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42)
global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey])
global_R = cosi.combine_keys([remote_commit.commitment, local_commitment])
2018-08-13 16:21:24 +00:00
remote_sig = cosi.sign(
client, parse_path("10018'/0'"), digest, global_R, global_pk
2018-08-13 16:21:24 +00:00
)
local_sig = cosi.sign_with_privkey(
digest, local_privkey, global_pk, local_nonce, global_R
)
sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig])
cosi.verify_combined(sig, digest, global_pk)