From 1dad7fe7c5e32a6e539b67b48b3f74e41c5b94f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= Date: Thu, 17 Jun 2021 17:33:15 +0200 Subject: [PATCH] feat(crypto): add wrapers for BIP-340 compatible Schnorr signatures from secp256k1_zkp --- crypto/Makefile | 5 +- crypto/zkp_schnorr.c | 146 +++++++++++++++++++++++++++++++++++++++++++ crypto/zkp_schnorr.h | 15 +++++ 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 crypto/zkp_schnorr.c create mode 100644 crypto/zkp_schnorr.h diff --git a/crypto/Makefile b/crypto/Makefile index 27b61619af..3a2403e965 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -44,7 +44,9 @@ ZKP_CFLAGS = \ -DECMULT_GEN_PREC_BITS=4 \ -DECMULT_WINDOW_SIZE=8 \ -DENABLE_MODULE_GENERATOR \ - -DENABLE_MODULE_RECOVERY + -DENABLE_MODULE_RECOVERY \ + -DENABLE_MODULE_SCHNORRSIG \ + -DENABLE_MODULE_EXTRAKEYS ZKP_PATH = ../vendor/secp256k1-zkp CFLAGS += -DSECP256K1_CONTEXT_SIZE=73952 @@ -97,6 +99,7 @@ SRCS += slip39.c SRCS += schnorr.c SRCS += zkp_context.c SRCS += zkp_ecdsa.c +SRCS += zkp_schnorr.c OBJS = $(SRCS:.c=.o) OBJS += secp256k1-zkp.o diff --git a/crypto/zkp_schnorr.c b/crypto/zkp_schnorr.c new file mode 100644 index 0000000000..462ab221e9 --- /dev/null +++ b/crypto/zkp_schnorr.c @@ -0,0 +1,146 @@ +/** + * Copyright (c) SatoshiLabs + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + */ + +#include +#include + +#include "memzero.h" +#include "zkp_context.h" + +#include "vendor/secp256k1-zkp/include/secp256k1.h" +#include "vendor/secp256k1-zkp/include/secp256k1_extrakeys.h" +#include "vendor/secp256k1-zkp/include/secp256k1_schnorrsig.h" + +#include "zkp_schnorr.h" + +// BIP340 Schnorr public key derivation +// private_key_bytes has 32 bytes +// public_key_bytes has 32 bytes +int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes, + uint8_t *public_key_bytes) { + int result = 0; + + secp256k1_pubkey pubkey = {0}; + + if (result == 0) { + secp256k1_context *context_writable = zkp_context_acquire_writable(); + secp256k1_context_writable_randomize(context_writable); + if (secp256k1_ec_pubkey_create(context_writable, &pubkey, + private_key_bytes) != 1) { + result = -1; + } + zkp_context_release_writable(); + } + + secp256k1_xonly_pubkey xonly_pubkey = {0}; + const secp256k1_context *context_read_only = zkp_context_get_read_only(); + + if (result == 0) { + if (secp256k1_xonly_pubkey_from_pubkey(context_read_only, &xonly_pubkey, + NULL, &pubkey) != 1) { + result = -1; + } + } + + memzero(&pubkey, sizeof(pubkey)); + + if (result == 0) { + if (secp256k1_xonly_pubkey_serialize(context_read_only, public_key_bytes, + &xonly_pubkey) != 1) { + result = -1; + } + } + + memzero(&xonly_pubkey, sizeof(xonly_pubkey)); + + return result; +} + +// BIP340 Schnorr signature signing +// private_key_bytes has 32 bytes +// digest has 32 bytes +// signature_bytes has 64 bytes +// auxiliary_data has 32 bytes or is NULL +// returns 0 on success +int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes, + const uint8_t *digest, uint8_t *signature_bytes, + uint8_t *auxiliary_data) { + int result = 0; + + secp256k1_keypair keypair = {0}; + + if (result == 0) { + secp256k1_context *context_writable = zkp_context_acquire_writable(); + secp256k1_context_writable_randomize(context_writable); + if (secp256k1_keypair_create(context_writable, &keypair, + private_key_bytes) != 1) { + result = -1; + } + zkp_context_release_writable(); + } + + if (result == 0) { + secp256k1_context *context_writable = zkp_context_acquire_writable(); + secp256k1_context_writable_randomize(context_writable); + if (secp256k1_schnorrsig_sign(context_writable, signature_bytes, digest, + &keypair, NULL, auxiliary_data) != 1) { + result = -1; + } + zkp_context_release_writable(); + } + + memzero(&keypair, sizeof(keypair)); + + return result; +} + +// BIP340 Schnorr signature verification +// public_key_bytes has 32 bytes +// signature_bytes has 64 bytes +// digest has 32 bytes +// returns 0 if verification succeeded +int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes, + const uint8_t *signature_bytes, + const uint8_t *digest) { + int result = 0; + + secp256k1_xonly_pubkey xonly_pubkey = {0}; + const secp256k1_context *context_read_only = zkp_context_get_read_only(); + + if (result == 0) { + if (secp256k1_xonly_pubkey_parse(context_read_only, &xonly_pubkey, + public_key_bytes) != 1) { + result = 1; + } + } + + if (result == 0) { + if (secp256k1_schnorrsig_verify(context_read_only, signature_bytes, digest, + &xonly_pubkey) != 1) { + result = 5; + } + } + + memzero(&xonly_pubkey, sizeof(xonly_pubkey)); + + return result; +} diff --git a/crypto/zkp_schnorr.h b/crypto/zkp_schnorr.h new file mode 100644 index 0000000000..4bc83cc919 --- /dev/null +++ b/crypto/zkp_schnorr.h @@ -0,0 +1,15 @@ +#ifndef __ZKP_SCHNORR_H__ +#define __ZKP_SCHNORR_H__ + +#include + +int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes, + uint8_t *public_key_bytes); +int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes, + const uint8_t *digest, uint8_t *signature_bytes, + uint8_t *auxiliary_data); +int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes, + const uint8_t *signature_bytes, + const uint8_t *digest); + +#endif