test(crypto): add ecdsa tests for secp256k1_zkp

2024-11-18 05:28:40 +00:00 · 2021-06-16 14:34:34 +02:00 · 2021-06-16 14:34:34 +02:00 · 79153135b7
commit 79153135b7
parent aca37e5eb2
5 changed files with 74 additions and 5 deletions
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -125,8 +125,8 @@ tests/test_speed: tests/test_speed.o $(OBJS)
 tests/test_openssl: tests/test_openssl.o $(OBJS)
 	$(CC) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl

-tests/libtrezor-crypto.so: $(SRCS)
-	$(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) -o tests/libtrezor-crypto.so
+tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o
+	$(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) secp256k1-zkp.o -o tests/libtrezor-crypto.so

 tools: tools/xpubaddrgen tools/mktable tools/bip39bruteforce

--- a/crypto/tests/test_check.c
+++ b/crypto/tests/test_check.c
@ -71,6 +71,8 @@
 #include "shamir.h"
 #include "slip39.h"
 #include "slip39_wordlist.h"
+#include "zkp_context.h"
+#include "zkp_ecdsa.h"

 #if VALGRIND
 /*
@ -3621,6 +3623,11 @@ START_TEST(test_ecdsa_recover_pub_from_sig) {
 }
 END_TEST

+START_TEST(test_zkp_ecdsa_recover_pub_from_sig) {
+  test_ecdsa_recover_pub_from_sig_helper(zkp_ecdsa_recover_pub_from_sig);
+}
+END_TEST
+
 static void test_ecdsa_verify_digest_helper(int (*ecdsa_verify_digest_fn)(
    const ecdsa_curve *, const uint8_t *, const uint8_t *, const uint8_t *)) {
  int res;
@ -3656,6 +3663,11 @@ START_TEST(test_ecdsa_verify_digest) {
 }
 END_TEST

+START_TEST(test_zkp_ecdsa_verify_digest) {
+  test_ecdsa_verify_digest_helper(zkp_ecdsa_verify_digest);
+}
+END_TEST
+
 #define test_deterministic(KEY, MSG, K)           \
  do {                                            \
    sha256_Raw((uint8_t *)MSG, strlen(MSG), buf); \
@ -9178,6 +9190,8 @@ Suite *test_suite(void) {
  tc = tcase_create("ecdsa");
  tcase_add_test(tc, test_ecdsa_recover_pub_from_sig);
  tcase_add_test(tc, test_ecdsa_verify_digest);
+  tcase_add_test(tc, test_zkp_ecdsa_recover_pub_from_sig);
+  tcase_add_test(tc, test_zkp_ecdsa_verify_digest);
  suite_add_tcase(s, tc);

  tc = tcase_create("rfc6979");
@ -9436,6 +9450,7 @@ Suite *test_suite(void) {

 // run suite
 int main(void) {
+  zkp_context_init();
  int number_failed;
  Suite *s = test_suite();
  SRunner *sr = srunner_create(s);
--- a/crypto/tests/test_curves.py
+++ b/crypto/tests/test_curves.py
@ -79,6 +79,8 @@ random_iters = int(os.environ.get("ITERS", 1))

 DIR = os.path.abspath(os.path.dirname(__file__))
 lib = c.cdll.LoadLibrary(os.path.join(DIR, "libtrezor-crypto.so"))
+if not lib.zkp_context_is_initialized():
+    lib.zkp_context_init()

 BIGNUM = c.c_uint32 * 9

@ -139,9 +141,7 @@ def r(request):
    return Random(seed + int(os.environ.get("SEED", 0)))


-@pytest.fixture(params=list(sorted(curves)))
-def curve(request):
-    name = request.param
+def get_curve_obj(name):
    curve_ptr = lib.get_curve_by_name(bytes(name, "ascii")).contents.params
    assert curve_ptr, "curve {} not found".format(name)
    curve_obj = curves[name]
@ -150,6 +150,11 @@ def curve(request):
    return curve_obj


+@pytest.fixture(params=list(sorted(curves)))
+def curve(request):
+    return get_curve_obj(request.param)
+
+
@pytest.fixture(params=points)
 def point(request):
    name = request.param.curve
@ -304,6 +309,29 @@ def test_sign(curve, r):
    assert vk.verify_digest(sig, digest, sigdecode)


+def test_sign_zkp(r):
+    curve = get_curve_obj("secp256k1")
+
+    priv = r.randbytes(32)
+    digest = r.randbytes(32)
+    sig = r.randbytes(64)
+
+    lib.zkp_ecdsa_sign_digest(
+        curve.ptr, priv, digest, sig, c.c_void_p(0), c.c_void_p(0)
+    )
+
+    exp = bytes2num(priv)
+    sk = ecdsa.SigningKey.from_secret_exponent(exp, curve, hashfunc=hashlib.sha256)
+    vk = sk.get_verifying_key()
+
+    sig_ref = sk.sign_digest_deterministic(
+        digest, hashfunc=hashlib.sha256, sigencode=ecdsa.util.sigencode_string_canonize
+    )
+    assert binascii.hexlify(sig) == binascii.hexlify(sig_ref)
+
+    assert vk.verify_digest(sig, digest, sigdecode)
+
+
 def test_validate_pubkey(curve, r):
    p = r.randpoint(curve)
    assert lib.ecdsa_validate_pubkey(curve.ptr, to_POINT(p))
--- a/crypto/tests/test_wycheproof.py
+++ b/crypto/tests/test_wycheproof.py
@ -599,6 +599,8 @@ def generate_eddsa(filename):

 dir = os.path.abspath(os.path.dirname(__file__))
 lib = ctypes.cdll.LoadLibrary(os.path.join(dir, "libtrezor-crypto.so"))
+if not lib.zkp_context_is_initialized():
+    lib.zkp_context_init()
 testvectors_directory = os.path.join(dir, "wycheproof/testvectors")
 context_structure_length = 1024

@ -650,6 +652,28 @@ def test_ecdsa(curve_name, public_key, hasher, message, signature, result):
    assert result == computed_result


+@pytest.mark.parametrize(
+    "curve_name, public_key, hasher, message, signature, result",
+    filter(lambda v: v[0] == "secp256k1", ecdsa_vectors),
+)
+def test_ecdsa_zkp(curve_name, public_key, hasher, message, signature, result):
+    curve = get_curve_by_name(curve_name)
+    if curve is None:
+        raise NotSupported("Curve not supported: {}".format(curve_name))
+
+    public_key = unhexlify(public_key)
+    signature = unhexlify(signature)
+    message = unhexlify(message)
+
+    computed_result = (
+        lib.zkp_ecdsa_verify(
+            curve, hasher, public_key, signature, message, len(message)
+        )
+        == 0
+    )
+    assert result == computed_result
+
+
@pytest.mark.parametrize(
    "public_key, private_key, shared, result", curve25519_dh_vectors
 )
--- a/crypto/zkp_context.c
+++ b/crypto/zkp_context.c
@ -43,6 +43,8 @@ void secp256k1_context_writable_randomize(secp256k1_context *context_writable) {
  assert(returned == 1);
 }

+bool zkp_context_is_initialized(void) { return initialized; }
+
 void zkp_context_init() {
  assert(initialized == false);