tools: update keyctl and friends to use new cosi functions

tools/binctl

@@ -8,7 +8,7 @@ import binascii
 
 import pyblake2
 
-from trezorlib import ed25519raw, ed25519cosi
+from trezorlib import cosi
 
 
 def format_sigmask(sigmask):
@@ -285,11 +285,11 @@ def binopen(filename):
             # check signatures against signing keys in the vendor header
             if firmware.sigmask > 0:
                 pk = [vheader.vpub[i] for i in range(8) if firmware.sigmask & (1 << i)]
-                global_pk = ed25519cosi.combine_keys(pk)
+                global_pk = cosi.combine_keys(pk)
                 hdr = subdata[:IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE] + IMAGE_SIG_SIZE * b'\x00'
                 digest = pyblake2.blake2s(hdr).digest()
                 try:
-                    ed25519raw.checkvalid(firmware.sig, digest, global_pk)
+                    cosi.verify(firmware.sig, digest, global_pk)
                     print('Firmware signature OK')
                 except:
                     print('Firmware signature INCORRECT')

tools/keyctl

@@ -3,7 +3,7 @@ import binascii
 import struct
 import click
 import pyblake2
-from trezorlib import ed25519raw, ed25519cosi
+from trezorlib import cosi
 
 indexmap = {
     'bootloader': 0,
@@ -40,30 +40,26 @@ def sign(index, filename, seckeys):
     # compute header digest
     digest = header_digest(index, filename)
     # collect commits
-    pks, Rs = [], []
+    pks, nonces, Rs = [], [], []
     for ctr, seckey in enumerate(seckeys):
         sk = binascii.unhexlify(seckey)
-        pk = ed25519raw.publickey(sk)
+        pk = cosi.pubkey_from_privkey(sk)
-        _, R = ed25519cosi.get_nonce(sk, digest, ctr)
+        r, R = cosi.get_nonce(sk, digest, ctr)
         pks.append(pk)
+        nonces.append(r)
         Rs.append(R)
     # compute global commit
-    global_pk = ed25519cosi.combine_keys(pks)
+    global_pk = cosi.combine_keys(pks)
-    global_R = ed25519cosi.combine_keys(Rs)
+    global_R = cosi.combine_keys(Rs)
     # collect signatures
     sigs = []
-    for ctr, seckey in enumerate(seckeys):
+    for seckey, nonce in zip(seckeys, nonces):
         sk = binascii.unhexlify(seckey)
-        r, _ = ed25519cosi.get_nonce(sk, digest, ctr)
+        sig = cosi.sign_with_privkey(digest, sk, global_pk, nonce, global_R)
-        h = ed25519raw.H(sk)
-        b = ed25519raw.b
-        a = 2 ** (b - 2) + sum(2 ** i * ed25519raw.bit(h, i) for i in range(3, b - 2))
-        S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l
-        sig = ed25519raw.encodeint(S)
         sigs.append(sig)
     # compute global signature
-    sig = ed25519cosi.combine_sig(global_R, sigs)
+    sig = cosi.combine_sig(global_R, sigs)
-    ed25519raw.checkvalid(sig, digest, global_pk)
+    cosi.verify(sig, digest, global_pk)
     print(binascii.hexlify(sig).decode())
 
 

tools/keyctl-coordinator

@@ -5,7 +5,7 @@ import click
 import pyblake2
 import Pyro4
 import serpent
-from trezorlib import ed25519raw, ed25519cosi
+from trezorlib import cosi
 
 PORT = 5001
 indexmap = {
@@ -58,8 +58,8 @@ def sign(index, filename, participants):
         pks.append(pk)
         Rs.append(R)
     # compute global commit
-    global_pk = ed25519cosi.combine_keys(pks)
+    global_pk = cosi.combine_keys(pks)
-    global_R = ed25519cosi.combine_keys(Rs)
+    global_R = cosi.combine_keys(Rs)
     # collect signatures
     sigs = []
     for p in proxy:
@@ -67,8 +67,8 @@ def sign(index, filename, participants):
         sig = serpent.tobytes(sig)
         sigs.append(sig)
     # compute global signature
-    sig = ed25519cosi.combine_sig(global_R, sigs)
+    sig = cosi.combine_sig(global_R, sigs)
-    ed25519raw.checkvalid(sig, digest, global_pk)
+    cosi.verify(sig, digest, global_pk)
     print(binascii.hexlify(sig).decode())