1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 23:08:14 +00:00

modtrezorcrypto: add cosi cosigning scheme to ed25519 class

This commit is contained in:
Pavol Rusnak 2017-04-03 22:26:21 +02:00
parent eef147d810
commit 0a7997f798
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
2 changed files with 139 additions and 0 deletions

View File

@ -101,11 +101,105 @@ STATIC mp_obj_t mod_TrezorCrypto_Ed25519_verify(size_t n_args, const mp_obj_t *a
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Ed25519_verify_obj, 4, 4, mod_TrezorCrypto_Ed25519_verify);
/// def trezor.crypto.curve.ed25519.cosi_combine_publickeys(public_keys: list) -> bytes:
/// '''
/// Combines a list of public keys used in COSI cosigning scheme
/// '''
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_combine_publickeys(mp_obj_t self, mp_obj_t public_keys) {
mp_uint_t pklen;
mp_obj_t *pkitems;
mp_obj_get_array(public_keys, &pklen, &pkitems);
if (pklen > 15) {
mp_raise_ValueError("Can't combine more than 15 public keys");
}
mp_buffer_info_t buf;
ed25519_public_key pks[pklen];
for (int i = 0; i < pklen; i++) {
mp_get_buffer_raise(pkitems[i], &buf, MP_BUFFER_READ);
if (buf.len != 32) {
mp_raise_ValueError("Invalid length of public key");
}
memcpy(pks[i], buf.buf, buf.len);
}
vstr_t vstr;
vstr_init_len(&vstr, 32);
if (0 != ed25519_cosi_combine_publickeys(*(ed25519_public_key *)vstr.buf, pks, pklen)) {
mp_raise_ValueError("Error combining public keys");
}
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_TrezorCrypto_Ed25519_cosi_combine_publickeys_obj, mod_TrezorCrypto_Ed25519_cosi_combine_publickeys);
/// def trezor.crypto.curve.ed25519.cosi_combine_signatures(R: bytes, signatures: list) -> bytes:
/// '''
/// Combines a list of signatures used in COSI cosigning scheme
/// '''
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_combine_signatures(mp_obj_t self, mp_obj_t R, mp_obj_t signatures) {
mp_buffer_info_t sigR;
mp_get_buffer_raise(R, &sigR, MP_BUFFER_READ);
if (sigR.len != 32) {
mp_raise_ValueError("Invalid length of R");
}
mp_uint_t siglen;
mp_obj_t *sigitems;
mp_obj_get_array(signatures, &siglen, &sigitems);
if (siglen > 15) {
mp_raise_ValueError("Can't combine more than 15 COSI signatures");
}
mp_buffer_info_t buf;
ed25519_cosi_signature sigs[siglen];
for (int i = 0; i < siglen; i++) {
mp_get_buffer_raise(sigitems[i], &buf, MP_BUFFER_READ);
if (buf.len != 32) {
mp_raise_ValueError("Invalid length of COSI signature");
}
memcpy(sigs[i], buf.buf, buf.len);
}
vstr_t vstr;
vstr_init_len(&vstr, 64);
ed25519_cosi_combine_signatures(*(ed25519_signature *)vstr.buf, *(const ed25519_public_key *)sigR.buf, sigs, siglen);
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_TrezorCrypto_Ed25519_cosi_combine_signatures_obj, mod_TrezorCrypto_Ed25519_cosi_combine_signatures);
/// def trezor.crypto.curve.ed25519.cosi_sign(secret_key: bytes, message: bytes, nonce: bytes, sigR: bytes, combined_pubkey: bytes) -> bytes:
/// '''
/// Produce signature of message using COSI cosigning scheme
/// '''
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_sign(size_t n_args, const mp_obj_t *args) {
mp_buffer_info_t sk, msg, nonce, sigR, pk;
mp_get_buffer_raise(args[1], &sk, MP_BUFFER_READ);
mp_get_buffer_raise(args[2], &msg, MP_BUFFER_READ);
mp_get_buffer_raise(args[3], &nonce, MP_BUFFER_READ);
mp_get_buffer_raise(args[4], &sigR, MP_BUFFER_READ);
mp_get_buffer_raise(args[5], &pk, MP_BUFFER_READ);
if (sk.len != 32) {
mp_raise_ValueError("Invalid length of secret key");
}
if (nonce.len != 32) {
mp_raise_ValueError("Invalid length of nonce");
}
if (sigR.len != 32) {
mp_raise_ValueError("Invalid length of R");
}
if (pk.len != 32) {
mp_raise_ValueError("Invalid length of aggregated public key");
}
vstr_t vstr;
vstr_init_len(&vstr, 32);
ed25519_cosi_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, *(const ed25519_secret_key *)nonce.buf, *(const ed25519_public_key *)sigR.buf, *(const ed25519_secret_key *)pk.buf, *(ed25519_cosi_signature *)vstr.buf);
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Ed25519_cosi_sign_obj, 6, 6, mod_TrezorCrypto_Ed25519_cosi_sign);
STATIC const mp_rom_map_elem_t mod_TrezorCrypto_Ed25519_locals_dict_table[] = {
{ MP_ROM_QSTR(MP_QSTR_generate_secret), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_generate_secret_obj) },
{ MP_ROM_QSTR(MP_QSTR_publickey), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_publickey_obj) },
{ MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_sign_obj) },
{ MP_ROM_QSTR(MP_QSTR_verify), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_verify_obj) },
{ MP_ROM_QSTR(MP_QSTR_cosi_combine_publickeys), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_combine_publickeys_obj) },
{ MP_ROM_QSTR(MP_QSTR_cosi_combine_signatures), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_combine_signatures_obj) },
{ MP_ROM_QSTR(MP_QSTR_cosi_sign), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_sign_obj) },
};
STATIC MP_DEFINE_CONST_DICT(mod_TrezorCrypto_Ed25519_locals_dict, mod_TrezorCrypto_Ed25519_locals_dict_table);

View File

@ -0,0 +1,45 @@
from common import *
from trezor.crypto import random
from trezor.crypto.curve import ed25519
class TestCryptoEd25519Cosi(unittest.TestCase):
def test_cosi(self):
for N in range(1, 11):
# generate random message to be signed
msg = random.bytes(128)
# phase 0: create priv/pubkeys and combine pubkeys
keys = [None] * N
pubkeys = [None] * N
for j in range(N):
keys[j] = ed25519.generate_secret()
pubkeys[j] = ed25519.publickey(keys[j])
pubkey = ed25519.cosi_combine_publickeys(pubkeys)
# phase 1: create nonces, commitments (R values) and combine commitments
nonces = [None] * N
Rs = [None] * N
for j in range(N):
nonces[j] = ed25519.generate_secret()
Rs[j] = ed25519.publickey(nonces[j])
R = ed25519.cosi_combine_publickeys(Rs)
# phase 2: sign and combine signatures
sigs = [None] * N
for j in range(N):
sigs[j] = ed25519.cosi_sign(keys[j], msg, nonces[j], R, pubkey)
sig = ed25519.cosi_combine_signatures(R, sigs)
# check signature using normal ed25519.verify
res = ed25519.verify(pubkey, sig, msg)
self.assertTrue(res)
if __name__ == '__main__':
unittest.main()