refactor(core,crypto): rename schnorr to BIP340

core/SConscript.firmware

@@ -144,7 +144,7 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
     SOURCE_MOD += [
         'vendor/trezor-crypto/zkp_context.c',
         'vendor/trezor-crypto/zkp_ecdsa.c',
-        'vendor/trezor-crypto/zkp_schnorr.c',
+        'vendor/trezor-crypto/zkp_bip340.c',
     ]
 
 # modtrezorio

core/SConscript.unix

@@ -139,7 +139,7 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
     SOURCE_MOD += [
         'vendor/trezor-crypto/zkp_context.c',
         'vendor/trezor-crypto/zkp_ecdsa.c',
-        'vendor/trezor-crypto/zkp_schnorr.c',
+        'vendor/trezor-crypto/zkp_bip340.c',
     ]
 
 # modtrezorio

core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip340.h

@@ -19,15 +19,15 @@
 
 #include "py/objstr.h"
 
-#include "zkp_schnorr.h"
+#include "zkp_bip340.h"
 
-/// package: trezorcrypto.schnorr
+/// package: trezorcrypto.bip340
 
 /// def generate_secret() -> bytes:
 ///     """
 ///     Generate secret key.
 ///     """
-STATIC mp_obj_t mod_trezorcrypto_schnorr_generate_secret() {
+STATIC mp_obj_t mod_trezorcrypt_bip340_generate_secret() {
   vstr_t sk = {0};
   vstr_init_len(&sk, 32);
   for (;;) {
@@ -51,14 +51,14 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_generate_secret() {
   }
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_schnorr_generate_secret_obj,
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypt_bip340_generate_secret_obj,
-                                 mod_trezorcrypto_schnorr_generate_secret);
+                                 mod_trezorcrypt_bip340_generate_secret);
 
 /// def publickey(secret_key: bytes) -> bytes:
 ///     """
 ///     Computes public key from secret key.
 ///     """
-STATIC mp_obj_t mod_trezorcrypto_schnorr_publickey(mp_obj_t secret_key) {
+STATIC mp_obj_t mod_trezorcrypt_bip340_publickey(mp_obj_t secret_key) {
   mp_buffer_info_t sk = {0};
   mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
   if (sk.len != 32) {
@@ -67,7 +67,7 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_publickey(mp_obj_t secret_key) {
   vstr_t pk = {0};
   vstr_init_len(&pk, 32);
   int ret =
-      zkp_schnorr_get_public_key((const uint8_t *)sk.buf, (uint8_t *)pk.buf);
+      zkp_bip340_get_public_key((const uint8_t *)sk.buf, (uint8_t *)pk.buf);
   if (0 != ret) {
     vstr_clear(&pk);
     mp_raise_ValueError("Invalid secret key");
@@ -75,8 +75,8 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_publickey(mp_obj_t secret_key) {
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
 }
 
-STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_schnorr_publickey_obj,
+STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypt_bip340_publickey_obj,
-                                 mod_trezorcrypto_schnorr_publickey);
+                                 mod_trezorcrypt_bip340_publickey);
 
 /// def sign(
 ///     secret_key: bytes,
@@ -85,7 +85,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_schnorr_publickey_obj,
 ///     """
 ///     Uses secret key to produce the signature of the digest.
 ///     """
-STATIC mp_obj_t mod_trezorcrypto_schnorr_sign(mp_obj_t secret_key,
+STATIC mp_obj_t mod_trezorcrypt_bip340_sign(mp_obj_t secret_key,
                                             mp_obj_t digest) {
   mp_buffer_info_t sk = {0}, dig = {0};
   mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
@@ -100,7 +100,7 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_sign(mp_obj_t secret_key,
   vstr_t sig = {0};
   vstr_init_len(&sig, 64);
   int ret =
-      zkp_schnorr_sign_digest((const uint8_t *)sk.buf, (const uint8_t *)dig.buf,
+      zkp_bip340_sign_digest((const uint8_t *)sk.buf, (const uint8_t *)dig.buf,
                              (uint8_t *)sig.buf, NULL);
   if (0 != ret) {
     vstr_clear(&sig);
@@ -109,15 +109,15 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_sign(mp_obj_t secret_key,
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
 
-STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_schnorr_sign_obj,
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypt_bip340_sign_obj,
-                                 mod_trezorcrypto_schnorr_sign);
+                                 mod_trezorcrypt_bip340_sign);
 
 /// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
 ///     """
 ///     Uses public key to verify the signature of the digest.
 ///     Returns True on success.
 ///     """
-STATIC mp_obj_t mod_trezorcrypto_schnorr_verify(mp_obj_t public_key,
+STATIC mp_obj_t mod_trezorcrypt_bip340_verify(mp_obj_t public_key,
                                               mp_obj_t signature,
                                               mp_obj_t digest) {
   mp_buffer_info_t pk = {0}, sig = {0}, dig = {0};
@@ -133,27 +133,27 @@ STATIC mp_obj_t mod_trezorcrypto_schnorr_verify(mp_obj_t public_key,
   if (dig.len != 32) {
     return mp_const_false;
   }
-  int ret = zkp_schnorr_verify_digest((const uint8_t *)pk.buf,
+  int ret = zkp_bip340_verify_digest((const uint8_t *)pk.buf,
                                      (const uint8_t *)sig.buf,
                                      (const uint8_t *)dig.buf);
   return mp_obj_new_bool(ret == 0);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_schnorr_verify_obj,
+STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypt_bip340_verify_obj,
-                                 mod_trezorcrypto_schnorr_verify);
+                                 mod_trezorcrypt_bip340_verify);
 
-STATIC const mp_rom_map_elem_t mod_trezorcrypto_schnorr_globals_table[] = {
+STATIC const mp_rom_map_elem_t mod_trezorcrypt_bip340_globals_table[] = {
-    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_schnorr)},
+    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_bip340)},
     {MP_ROM_QSTR(MP_QSTR_generate_secret),
-     MP_ROM_PTR(&mod_trezorcrypto_schnorr_generate_secret_obj)},
+     MP_ROM_PTR(&mod_trezorcrypt_bip340_generate_secret_obj)},
     {MP_ROM_QSTR(MP_QSTR_publickey),
-     MP_ROM_PTR(&mod_trezorcrypto_schnorr_publickey_obj)},
+     MP_ROM_PTR(&mod_trezorcrypt_bip340_publickey_obj)},
-    {MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_schnorr_sign_obj)},
+    {MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypt_bip340_sign_obj)},
     {MP_ROM_QSTR(MP_QSTR_verify),
-     MP_ROM_PTR(&mod_trezorcrypto_schnorr_verify_obj)}};
+     MP_ROM_PTR(&mod_trezorcrypt_bip340_verify_obj)}};
-STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_schnorr_globals,
+STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypt_bip340_globals,
-                            mod_trezorcrypto_schnorr_globals_table);
+                            mod_trezorcrypt_bip340_globals_table);
 
-STATIC const mp_obj_module_t mod_trezorcrypto_schnorr_module = {
+STATIC const mp_obj_module_t mod_trezorcrypt_bip340_module = {
     .base = {&mp_type_module},
-    .globals = (mp_obj_dict_t *)&mod_trezorcrypto_schnorr_globals,
+    .globals = (mp_obj_dict_t *)&mod_trezorcrypt_bip340_globals,
 };

core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c

@@ -43,8 +43,8 @@
 #include "modtrezorcrypto-pbkdf2.h"
 #include "modtrezorcrypto-random.h"
 #include "modtrezorcrypto-ripemd160.h"
-#ifdef USE_SECP256K1_ZKP_SCHNORR
+#ifdef USE_SECP256K1_ZKP_BIP340
-#include "modtrezorcrypto-schnorr.h"
+#include "modtrezorcrypto-bip340.h"
 #endif
 #include "modtrezorcrypto-secp256k1.h"
 #include "modtrezorcrypto-sha1.h"
@@ -92,9 +92,8 @@ STATIC const mp_rom_map_elem_t mp_module_trezorcrypto_globals_table[] = {
      MP_ROM_PTR(&mod_trezorcrypto_Ripemd160_type)},
     {MP_ROM_QSTR(MP_QSTR_secp256k1),
      MP_ROM_PTR(&mod_trezorcrypto_secp256k1_module)},
-#ifdef USE_SECP256K1_ZKP_SCHNORR
+#ifdef USE_SECP256K1_ZKP_BIP340
-    {MP_ROM_QSTR(MP_QSTR_schnorr),
+    {MP_ROM_QSTR(MP_QSTR_bip340), MP_ROM_PTR(&mod_trezorcrypto_bip340_module)},
-     MP_ROM_PTR(&mod_trezorcrypto_schnorr_module)},
 #endif
     {MP_ROM_QSTR(MP_QSTR_sha1), MP_ROM_PTR(&mod_trezorcrypto_Sha1_type)},
     {MP_ROM_QSTR(MP_QSTR_sha256), MP_ROM_PTR(&mod_trezorcrypto_Sha256_type)},

core/mocks/generated/trezorcrypto/bip340.pyi

@@ -1,21 +1,21 @@
 from typing import *
 
 
-# extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
+# extmod/modtrezorcrypto/modtrezorcrypto-bip340.h
 def generate_secret() -> bytes:
     """
     Generate secret key.
     """
 
 
-# extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
+# extmod/modtrezorcrypto/modtrezorcrypto-bip340.h
 def publickey(secret_key: bytes) -> bytes:
     """
     Computes public key from secret key.
     """
 
 
-# extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
+# extmod/modtrezorcrypto/modtrezorcrypto-bip340.h
 def sign(
     secret_key: bytes,
     digest: bytes,
@@ -25,7 +25,7 @@ def sign(
     """
 
 
-# extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
+# extmod/modtrezorcrypto/modtrezorcrypto-bip340.h
 def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
     """
     Uses public key to verify the signature of the digest.

core/src/trezor/crypto/curve.py

@@ -1,6 +1,6 @@
 from trezorcrypto import curve25519, ed25519, nist256p1, secp256k1  # noqa: F401
 
 try:
-    from trezorcrypto import schnorr  # noqa: F401
+    from trezorcrypto import bip340  # noqa: F401
 except ImportError:
     pass

crypto/Makefile

@@ -99,7 +99,7 @@ SRCS  += slip39.c
 SRCS  += schnorr.c
 SRCS  += zkp_context.c
 SRCS  += zkp_ecdsa.c
-SRCS  += zkp_schnorr.c
+SRCS  += zkp_bip340.c
 
 OBJS   = $(SRCS:.c=.o)
 OBJS  += secp256k1-zkp.o

crypto/tests/test_check.c

@@ -71,9 +71,9 @@
 #include "shamir.h"
 #include "slip39.h"
 #include "slip39_wordlist.h"
+#include "zkp_bip340.h"
 #include "zkp_context.h"
 #include "zkp_ecdsa.h"
-#include "zkp_schnorr.h"
 
 #if VALGRIND
 /*
@@ -9156,7 +9156,7 @@ START_TEST(test_schnorr_verify_digest) {
 }
 END_TEST
 
-START_TEST(test_zkp_schnorr_sign) {
+START_TEST(test_zkp_bip340_sign) {
   static struct {
     const char *priv_key;
     const char *pub_key;
@@ -9207,17 +9207,17 @@ START_TEST(test_zkp_schnorr_sign) {
     memcpy(digest, fromhex(tests[i].digest), 32);
     memcpy(expected_sig, fromhex(tests[i].sig), 32);
 
-    zkp_schnorr_get_public_key(priv_key, pub_key);
+    zkp_bip340_get_public_key(priv_key, pub_key);
     ck_assert_mem_eq(expected_pub_key, pub_key, 32);
 
-    res = zkp_schnorr_sign_digest(priv_key, digest, sig, aux_input);
+    res = zkp_bip340_sign_digest(priv_key, digest, sig, aux_input);
     ck_assert_mem_eq(expected_sig, sig, 32);
     ck_assert_int_eq(res, 0);
   }
 }
 END_TEST
 
-START_TEST(test_zkp_schnorr_verify) {
+START_TEST(test_zkp_bip340_verify) {
   static struct {
     const char *pub_key;
     const char *digest;
@@ -9294,7 +9294,7 @@ START_TEST(test_zkp_schnorr_verify) {
     memcpy(digest, fromhex(tests[i].digest), 32);
     memcpy(sig, fromhex(tests[i].sig), 64);
 
-    res = zkp_schnorr_verify_digest(pub_key, sig, digest);
+    res = zkp_bip340_verify_digest(pub_key, sig, digest);
     ck_assert_int_eq(res, tests[i].res);
   }
 }
@@ -9612,9 +9612,9 @@ Suite *test_suite(void) {
   tcase_add_test(tc, test_schnorr_verify_digest);
   suite_add_tcase(s, tc);
 
-  tc = tcase_create("zkp_schnorr");
+  tc = tcase_create("zkp_bip340");
-  tcase_add_test(tc, test_zkp_schnorr_sign);
+  tcase_add_test(tc, test_zkp_bip340_sign);
-  tcase_add_test(tc, test_zkp_schnorr_verify);
+  tcase_add_test(tc, test_zkp_bip340_verify);
   suite_add_tcase(s, tc);
 
 #if USE_CARDANO

crypto/zkp_bip340.c

@@ -30,12 +30,13 @@
 #include "vendor/secp256k1-zkp/include/secp256k1_extrakeys.h"
 #include "vendor/secp256k1-zkp/include/secp256k1_schnorrsig.h"
 
-#include "zkp_schnorr.h"
+#include "zkp_bip340.h"
 
 // BIP340 Schnorr public key derivation
 // private_key_bytes has 32 bytes
 // public_key_bytes has 32 bytes
-int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes,
+// returns 0 on success
+int zkp_bip340_get_public_key(const uint8_t *private_key_bytes,
                               uint8_t *public_key_bytes) {
   int result = 0;
 
@@ -81,7 +82,7 @@ int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes,
 // signature_bytes has 64 bytes
 // auxiliary_data has 32 bytes or is NULL
 // returns 0 on success
-int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes,
+int zkp_bip340_sign_digest(const uint8_t *private_key_bytes,
                            const uint8_t *digest, uint8_t *signature_bytes,
                            uint8_t *auxiliary_data) {
   int result = 0;
@@ -118,7 +119,7 @@ int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes,
 // signature_bytes has 64 bytes
 // digest has 32 bytes
 // returns 0 if verification succeeded
-int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes,
+int zkp_bip340_verify_digest(const uint8_t *public_key_bytes,
                              const uint8_t *signature_bytes,
                              const uint8_t *digest) {
   int result = 0;

crypto/zkp_bip340.h

@@ -0,0 +1,15 @@
+#ifndef __ZKP_BIP340_H__
+#define __ZKP_BIP340_H__
+
+#include <stdint.h>
+
+int zkp_bip340_get_public_key(const uint8_t *private_key_bytes,
+                              uint8_t *public_key_bytes);
+int zkp_bip340_sign_digest(const uint8_t *private_key_bytes,
+                           const uint8_t *digest, uint8_t *signature_bytes,
+                           uint8_t *auxiliary_data);
+int zkp_bip340_verify_digest(const uint8_t *public_key_bytes,
+                             const uint8_t *signature_bytes,
+                             const uint8_t *digest);
+
+#endif

crypto/zkp_schnorr.h

@@ -1,15 +0,0 @@
-#ifndef __ZKP_SCHNORR_H__
-#define __ZKP_SCHNORR_H__
-
-#include <stdint.h>
-
-int zkp_schnorr_get_public_key(const uint8_t *private_key_bytes,
-                               uint8_t *public_key_bytes);
-int zkp_schnorr_sign_digest(const uint8_t *private_key_bytes,
-                            const uint8_t *digest, uint8_t *signature_bytes,
-                            uint8_t *auxiliary_data);
-int zkp_schnorr_verify_digest(const uint8_t *public_key_bytes,
-                              const uint8_t *signature_bytes,
-                              const uint8_t *digest);
-
-#endif