mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-23 23:08:14 +00:00
modtrezorcrypto: add cosi cosigning scheme to ed25519 class
This commit is contained in:
parent
eef147d810
commit
0a7997f798
@ -101,11 +101,105 @@ STATIC mp_obj_t mod_TrezorCrypto_Ed25519_verify(size_t n_args, const mp_obj_t *a
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Ed25519_verify_obj, 4, 4, mod_TrezorCrypto_Ed25519_verify);
|
||||
|
||||
/// def trezor.crypto.curve.ed25519.cosi_combine_publickeys(public_keys: list) -> bytes:
|
||||
/// '''
|
||||
/// Combines a list of public keys used in COSI cosigning scheme
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_combine_publickeys(mp_obj_t self, mp_obj_t public_keys) {
|
||||
mp_uint_t pklen;
|
||||
mp_obj_t *pkitems;
|
||||
mp_obj_get_array(public_keys, &pklen, &pkitems);
|
||||
if (pklen > 15) {
|
||||
mp_raise_ValueError("Can't combine more than 15 public keys");
|
||||
}
|
||||
mp_buffer_info_t buf;
|
||||
ed25519_public_key pks[pklen];
|
||||
for (int i = 0; i < pklen; i++) {
|
||||
mp_get_buffer_raise(pkitems[i], &buf, MP_BUFFER_READ);
|
||||
if (buf.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
}
|
||||
memcpy(pks[i], buf.buf, buf.len);
|
||||
}
|
||||
vstr_t vstr;
|
||||
vstr_init_len(&vstr, 32);
|
||||
if (0 != ed25519_cosi_combine_publickeys(*(ed25519_public_key *)vstr.buf, pks, pklen)) {
|
||||
mp_raise_ValueError("Error combining public keys");
|
||||
}
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_TrezorCrypto_Ed25519_cosi_combine_publickeys_obj, mod_TrezorCrypto_Ed25519_cosi_combine_publickeys);
|
||||
|
||||
/// def trezor.crypto.curve.ed25519.cosi_combine_signatures(R: bytes, signatures: list) -> bytes:
|
||||
/// '''
|
||||
/// Combines a list of signatures used in COSI cosigning scheme
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_combine_signatures(mp_obj_t self, mp_obj_t R, mp_obj_t signatures) {
|
||||
mp_buffer_info_t sigR;
|
||||
mp_get_buffer_raise(R, &sigR, MP_BUFFER_READ);
|
||||
if (sigR.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of R");
|
||||
}
|
||||
mp_uint_t siglen;
|
||||
mp_obj_t *sigitems;
|
||||
mp_obj_get_array(signatures, &siglen, &sigitems);
|
||||
if (siglen > 15) {
|
||||
mp_raise_ValueError("Can't combine more than 15 COSI signatures");
|
||||
}
|
||||
mp_buffer_info_t buf;
|
||||
ed25519_cosi_signature sigs[siglen];
|
||||
for (int i = 0; i < siglen; i++) {
|
||||
mp_get_buffer_raise(sigitems[i], &buf, MP_BUFFER_READ);
|
||||
if (buf.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of COSI signature");
|
||||
}
|
||||
memcpy(sigs[i], buf.buf, buf.len);
|
||||
}
|
||||
vstr_t vstr;
|
||||
vstr_init_len(&vstr, 64);
|
||||
ed25519_cosi_combine_signatures(*(ed25519_signature *)vstr.buf, *(const ed25519_public_key *)sigR.buf, sigs, siglen);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_TrezorCrypto_Ed25519_cosi_combine_signatures_obj, mod_TrezorCrypto_Ed25519_cosi_combine_signatures);
|
||||
|
||||
/// def trezor.crypto.curve.ed25519.cosi_sign(secret_key: bytes, message: bytes, nonce: bytes, sigR: bytes, combined_pubkey: bytes) -> bytes:
|
||||
/// '''
|
||||
/// Produce signature of message using COSI cosigning scheme
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_TrezorCrypto_Ed25519_cosi_sign(size_t n_args, const mp_obj_t *args) {
|
||||
mp_buffer_info_t sk, msg, nonce, sigR, pk;
|
||||
mp_get_buffer_raise(args[1], &sk, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[2], &msg, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[3], &nonce, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[4], &sigR, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[5], &pk, MP_BUFFER_READ);
|
||||
if (sk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of secret key");
|
||||
}
|
||||
if (nonce.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of nonce");
|
||||
}
|
||||
if (sigR.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of R");
|
||||
}
|
||||
if (pk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of aggregated public key");
|
||||
}
|
||||
vstr_t vstr;
|
||||
vstr_init_len(&vstr, 32);
|
||||
ed25519_cosi_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, *(const ed25519_secret_key *)nonce.buf, *(const ed25519_public_key *)sigR.buf, *(const ed25519_secret_key *)pk.buf, *(ed25519_cosi_signature *)vstr.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Ed25519_cosi_sign_obj, 6, 6, mod_TrezorCrypto_Ed25519_cosi_sign);
|
||||
|
||||
STATIC const mp_rom_map_elem_t mod_TrezorCrypto_Ed25519_locals_dict_table[] = {
|
||||
{ MP_ROM_QSTR(MP_QSTR_generate_secret), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_generate_secret_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_publickey), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_publickey_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_sign_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_verify), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_verify_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_cosi_combine_publickeys), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_combine_publickeys_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_cosi_combine_signatures), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_combine_signatures_obj) },
|
||||
{ MP_ROM_QSTR(MP_QSTR_cosi_sign), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_cosi_sign_obj) },
|
||||
};
|
||||
STATIC MP_DEFINE_CONST_DICT(mod_TrezorCrypto_Ed25519_locals_dict, mod_TrezorCrypto_Ed25519_locals_dict_table);
|
||||
|
||||
|
45
tests/test_trezor.crypto.curve.ed25519_cosi.py
Normal file
45
tests/test_trezor.crypto.curve.ed25519_cosi.py
Normal file
@ -0,0 +1,45 @@
|
||||
from common import *
|
||||
|
||||
from trezor.crypto import random
|
||||
from trezor.crypto.curve import ed25519
|
||||
|
||||
class TestCryptoEd25519Cosi(unittest.TestCase):
|
||||
|
||||
def test_cosi(self):
|
||||
|
||||
for N in range(1, 11):
|
||||
|
||||
# generate random message to be signed
|
||||
msg = random.bytes(128)
|
||||
|
||||
# phase 0: create priv/pubkeys and combine pubkeys
|
||||
keys = [None] * N
|
||||
pubkeys = [None] * N
|
||||
for j in range(N):
|
||||
keys[j] = ed25519.generate_secret()
|
||||
pubkeys[j] = ed25519.publickey(keys[j])
|
||||
|
||||
pubkey = ed25519.cosi_combine_publickeys(pubkeys)
|
||||
|
||||
# phase 1: create nonces, commitments (R values) and combine commitments
|
||||
nonces = [None] * N
|
||||
Rs = [None] * N
|
||||
for j in range(N):
|
||||
nonces[j] = ed25519.generate_secret()
|
||||
Rs[j] = ed25519.publickey(nonces[j])
|
||||
|
||||
R = ed25519.cosi_combine_publickeys(Rs)
|
||||
|
||||
# phase 2: sign and combine signatures
|
||||
sigs = [None] * N
|
||||
for j in range(N):
|
||||
sigs[j] = ed25519.cosi_sign(keys[j], msg, nonces[j], R, pubkey)
|
||||
|
||||
sig = ed25519.cosi_combine_signatures(R, sigs)
|
||||
|
||||
# check signature using normal ed25519.verify
|
||||
res = ed25519.verify(pubkey, sig, msg)
|
||||
self.assertTrue(res)
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
Loading…
Reference in New Issue
Block a user