diff --git a/tools/binctl b/tools/binctl index 7a8c104c2..ea7432514 100755 --- a/tools/binctl +++ b/tools/binctl @@ -8,7 +8,7 @@ import binascii import pyblake2 -from trezorlib import ed25519raw, ed25519cosi +from trezorlib import cosi def format_sigmask(sigmask): @@ -285,11 +285,11 @@ def binopen(filename): # check signatures against signing keys in the vendor header if firmware.sigmask > 0: pk = [vheader.vpub[i] for i in range(8) if firmware.sigmask & (1 << i)] - global_pk = ed25519cosi.combine_keys(pk) + global_pk = cosi.combine_keys(pk) hdr = subdata[:IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE] + IMAGE_SIG_SIZE * b'\x00' digest = pyblake2.blake2s(hdr).digest() try: - ed25519raw.checkvalid(firmware.sig, digest, global_pk) + cosi.verify(firmware.sig, digest, global_pk) print('Firmware signature OK') except: print('Firmware signature INCORRECT') diff --git a/tools/keyctl b/tools/keyctl index b2d0130be..7254f1a94 100755 --- a/tools/keyctl +++ b/tools/keyctl @@ -3,7 +3,7 @@ import binascii import struct import click import pyblake2 -from trezorlib import ed25519raw, ed25519cosi +from trezorlib import cosi indexmap = { 'bootloader': 0, @@ -40,30 +40,26 @@ def sign(index, filename, seckeys): # compute header digest digest = header_digest(index, filename) # collect commits - pks, Rs = [], [] + pks, nonces, Rs = [], [], [] for ctr, seckey in enumerate(seckeys): sk = binascii.unhexlify(seckey) - pk = ed25519raw.publickey(sk) - _, R = ed25519cosi.get_nonce(sk, digest, ctr) + pk = cosi.pubkey_from_privkey(sk) + r, R = cosi.get_nonce(sk, digest, ctr) pks.append(pk) + nonces.append(r) Rs.append(R) # compute global commit - global_pk = ed25519cosi.combine_keys(pks) - global_R = ed25519cosi.combine_keys(Rs) + global_pk = cosi.combine_keys(pks) + global_R = cosi.combine_keys(Rs) # collect signatures sigs = [] - for ctr, seckey in enumerate(seckeys): + for seckey, nonce in zip(seckeys, nonces): sk = binascii.unhexlify(seckey) - r, _ = ed25519cosi.get_nonce(sk, digest, ctr) - h = ed25519raw.H(sk) - b = ed25519raw.b - a = 2 ** (b - 2) + sum(2 ** i * ed25519raw.bit(h, i) for i in range(3, b - 2)) - S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l - sig = ed25519raw.encodeint(S) + sig = cosi.sign_with_privkey(digest, sk, global_pk, nonce, global_R) sigs.append(sig) # compute global signature - sig = ed25519cosi.combine_sig(global_R, sigs) - ed25519raw.checkvalid(sig, digest, global_pk) + sig = cosi.combine_sig(global_R, sigs) + cosi.verify(sig, digest, global_pk) print(binascii.hexlify(sig).decode()) diff --git a/tools/keyctl-coordinator b/tools/keyctl-coordinator index d59f03603..c07a49b11 100755 --- a/tools/keyctl-coordinator +++ b/tools/keyctl-coordinator @@ -5,7 +5,7 @@ import click import pyblake2 import Pyro4 import serpent -from trezorlib import ed25519raw, ed25519cosi +from trezorlib import cosi PORT = 5001 indexmap = { @@ -58,8 +58,8 @@ def sign(index, filename, participants): pks.append(pk) Rs.append(R) # compute global commit - global_pk = ed25519cosi.combine_keys(pks) - global_R = ed25519cosi.combine_keys(Rs) + global_pk = cosi.combine_keys(pks) + global_R = cosi.combine_keys(Rs) # collect signatures sigs = [] for p in proxy: @@ -67,8 +67,8 @@ def sign(index, filename, participants): sig = serpent.tobytes(sig) sigs.append(sig) # compute global signature - sig = ed25519cosi.combine_sig(global_R, sigs) - ed25519raw.checkvalid(sig, digest, global_pk) + sig = cosi.combine_sig(global_R, sigs) + cosi.verify(sig, digest, global_pk) print(binascii.hexlify(sig).decode())