arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00
Code Issues Releases Wiki Activity

feat(crypto): add wrapers for BIP-340 compatible Schnorr signatures from secp256k1_zkp

Browse Source
This commit is contained in:
Ondřej Vejpustek 2021-06-17 17:33:15 +02:00
parent f2459e335d
commit 1dad7fe7c5
3 changed files with 165 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/Makefile
View File

@ -44,7 +44,9 @@ ZKP_CFLAGS = \
-DECMULT_GEN_PREC_BITS=4 \
-DECMULT_WINDOW_SIZE=8 \
-DENABLE_MODULE_GENERATOR \
-DENABLE_MODULE_RECOVERY
-DENABLE_MODULE_RECOVERY \
-DENABLE_MODULE_SCHNORRSIG \
-DENABLE_MODULE_EXTRAKEYS
ZKP_PATH = ../vendor/secp256k1-zkp
CFLAGS += -DSECP256K1_CONTEXT_SIZE=73952
@ -97,6 +99,7 @@ SRCS += slip39.c
SRCS += schnorr.c
SRCS += zkp_context.c
SRCS += zkp_ecdsa.c
SRCS += zkp_schnorr.c
OBJS = $(SRCS:.c=.o)
OBJS += secp256k1-zkp.o

146
crypto/zkp_schnorr.c Normal file
View File

@ -0,0 +1,146 @@
/**
* Copyright (c) SatoshiLabs
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#include <stdbool.h>
#include <string.h>
#include "memzero.h"
#include "zkp_context.h"
#include "vendor/secp256k1-zkp/include/secp256k1.h"
#include "vendor/secp256k1-zkp/include/secp256k1_extrakeys.h"
#include "vendor/secp256k1-zkp/include/secp256k1_schnorrsig.h"
#include "zkp_schnorr.h"
// BIP340 Schnorr public key derivation
// private_key_bytes has 32 bytes
// public_key_bytes has 32 bytes
int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes,
uint8_t *public_key_bytes) {
int result = 0;
secp256k1_pubkey pubkey = {0};
if (result == 0) {
secp256k1_context *context_writable = zkp_context_acquire_writable();
secp256k1_context_writable_randomize(context_writable);
if (secp256k1_ec_pubkey_create(context_writable, &pubkey,
private_key_bytes) != 1) {
result = -1;
}
zkp_context_release_writable();
}
secp256k1_xonly_pubkey xonly_pubkey = {0};
const secp256k1_context *context_read_only = zkp_context_get_read_only();
if (result == 0) {
if (secp256k1_xonly_pubkey_from_pubkey(context_read_only, &xonly_pubkey,
NULL, &pubkey) != 1) {
result = -1;
}
}
memzero(&pubkey, sizeof(pubkey));
if (result == 0) {
if (secp256k1_xonly_pubkey_serialize(context_read_only, public_key_bytes,
&xonly_pubkey) != 1) {
result = -1;
}
}
memzero(&xonly_pubkey, sizeof(xonly_pubkey));
return result;
}
// BIP340 Schnorr signature signing
// private_key_bytes has 32 bytes
// digest has 32 bytes
// signature_bytes has 64 bytes
// auxiliary_data has 32 bytes or is NULL
// returns 0 on success
int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes,
const uint8_t *digest, uint8_t *signature_bytes,
uint8_t *auxiliary_data) {
int result = 0;
secp256k1_keypair keypair = {0};
if (result == 0) {
secp256k1_context *context_writable = zkp_context_acquire_writable();
secp256k1_context_writable_randomize(context_writable);
if (secp256k1_keypair_create(context_writable, &keypair,
private_key_bytes) != 1) {
result = -1;
}
zkp_context_release_writable();
}
if (result == 0) {
secp256k1_context *context_writable = zkp_context_acquire_writable();
secp256k1_context_writable_randomize(context_writable);
if (secp256k1_schnorrsig_sign(context_writable, signature_bytes, digest,
&keypair, NULL, auxiliary_data) != 1) {
result = -1;
}
zkp_context_release_writable();
}
memzero(&keypair, sizeof(keypair));
return result;
}
// BIP340 Schnorr signature verification
// public_key_bytes has 32 bytes
// signature_bytes has 64 bytes
// digest has 32 bytes
// returns 0 if verification succeeded
int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes,
const uint8_t *signature_bytes,
const uint8_t *digest) {
int result = 0;
secp256k1_xonly_pubkey xonly_pubkey = {0};
const secp256k1_context *context_read_only = zkp_context_get_read_only();
if (result == 0) {
if (secp256k1_xonly_pubkey_parse(context_read_only, &xonly_pubkey,
public_key_bytes) != 1) {
result = 1;
}
}
if (result == 0) {
if (secp256k1_schnorrsig_verify(context_read_only, signature_bytes, digest,
&xonly_pubkey) != 1) {
result = 5;
}
}
memzero(&xonly_pubkey, sizeof(xonly_pubkey));
return result;
}

15
crypto/zkp_schnorr.h Normal file
View File

@ -0,0 +1,15 @@
#ifndef __ZKP_SCHNORR_H__
#define __ZKP_SCHNORR_H__
#include <stdint.h>
int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes,
uint8_t *public_key_bytes);
int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes,
const uint8_t *digest, uint8_t *signature_bytes,
uint8_t *auxiliary_data);
int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes,
const uint8_t *signature_bytes,
const uint8_t *digest);
#endif