feat(core): make core use Schnorr signatures

2025-01-11 07:50:57 +00:00 · 2021-05-14 17:20:32 +02:00 · 2021-05-14 17:20:32 +02:00 · 7ac0bdd215
commit 7ac0bdd215
parent 26463eb3ce
7 changed files with 211 additions and 0 deletions
--- a/core/.changelog.d/1678.added
+++ b/core/.changelog.d/1678.added
@ -0,0 +1 @@
 Support of BIP-340 Schnorr signatures (using secp256k1-zkp).
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@ -134,6 +134,8 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
        ('ECMULT_WINDOW_SIZE', '8'),
        'ENABLE_MODULE_GENERATOR',
        'ENABLE_MODULE_RECOVERY',
        'ENABLE_MODULE_SCHNORRSIG',
        'ENABLE_MODULE_EXTRAKEYS',
    ]
    SOURCE_MOD_SECP256K1_ZKP = [
        'vendor/secp256k1-zkp/src/secp256k1.c',
@ -142,6 +144,7 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
    SOURCE_MOD += [
        'vendor/trezor-crypto/zkp_context.c',
        'vendor/trezor-crypto/zkp_ecdsa.c',
        'vendor/trezor-crypto/zkp_schnorr.c',
    ]
 # modtrezorio
--- a/core/SConscript.unix
+++ b/core/SConscript.unix
@ -130,6 +130,8 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
        ('ECMULT_WINDOW_SIZE', '8'),
        'ENABLE_MODULE_GENERATOR',
        'ENABLE_MODULE_RECOVERY',
        'ENABLE_MODULE_SCHNORRSIG',
        'ENABLE_MODULE_EXTRAKEYS',
    ]
    SOURCE_MOD_SECP256K1_ZKP = [
        'vendor/secp256k1-zkp/src/secp256k1.c',
@ -137,6 +139,7 @@ if FEATURE_FLAGS["SECP256K1_ZKP"]:
    SOURCE_MOD += [
        'vendor/trezor-crypto/zkp_context.c',
        'vendor/trezor-crypto/zkp_ecdsa.c',
        'vendor/trezor-crypto/zkp_schnorr.c',
    ]
 # modtrezorio
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
@ -0,0 +1,159 @@
 /*
 * This file is part of the Trezor project, https://trezor.io/
 *
 * Copyright (c) SatoshiLabs
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "py/objstr.h"
 #include "zkp_schnorr.h"
 /// package: trezorcrypto.schnorr
 /// def generate_secret() -> bytes:
 ///     """
 ///     Generate secret key.
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_schnorr_generate_secret() {
  vstr_t sk = {0};
  vstr_init_len(&sk, 32);
  for (;;) {
    random_buffer((uint8_t *)sk.buf, sk.len);
    // check whether secret > 0 && secret < curve_order
    if (0 ==
        memcmp(
            sk.buf,
            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
            32))
      continue;
    if (0 <=
        memcmp(
            sk.buf,
            "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE"
            "\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41",
            32))
      continue;
    break;
  }
  return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_schnorr_generate_secret_obj,
                                 mod_trezorcrypto_schnorr_generate_secret);
 /// def publickey(secret_key: bytes) -> bytes:
 ///     """
 ///     Computes public key from secret key.
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_schnorr_publickey(mp_obj_t secret_key) {
  mp_buffer_info_t sk = {0};
  mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
  if (sk.len != 32) {
    mp_raise_ValueError("Invalid length of secret key");
  }
  vstr_t pk = {0};
  vstr_init_len(&pk, 32);
  int ret =
      zkp_schnorr_get_public_key((const uint8_t *)sk.buf, (uint8_t *)pk.buf);
  if (0 != ret) {
    vstr_clear(&pk);
    mp_raise_ValueError("Invalid secret key");
  }
  return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_schnorr_publickey_obj,
                                 mod_trezorcrypto_schnorr_publickey);
 /// def sign(
 ///     secret_key: bytes,
 ///     digest: bytes,
 /// ) -> bytes:
 ///     """
 ///     Uses secret key to produce the signature of the digest.
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_schnorr_sign(mp_obj_t secret_key,
                                              mp_obj_t digest) {
  mp_buffer_info_t sk = {0}, dig = {0};
  mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
  mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
  if (sk.len != 32) {
    mp_raise_ValueError("Invalid length of secret key");
  }
  if (dig.len != 32) {
    mp_raise_ValueError("Invalid length of digest");
  }
  vstr_t sig = {0};
  vstr_init_len(&sig, 64);
  int ret =
      zkp_schnorr_sign_digest((const uint8_t *)sk.buf, (const uint8_t *)dig.buf,
                              (uint8_t *)sig.buf, NULL);
  if (0 != ret) {
    vstr_clear(&sig);
    mp_raise_ValueError("Signing failed");
  }
  return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_schnorr_sign_obj,
                                 mod_trezorcrypto_schnorr_sign);
 /// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
 ///     """
 ///     Uses public key to verify the signature of the digest.
 ///     Returns True on success.
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_schnorr_verify(mp_obj_t public_key,
                                                mp_obj_t signature,
                                                mp_obj_t digest) {
  mp_buffer_info_t pk = {0}, sig = {0}, dig = {0};
  mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
  mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
  mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
  if (pk.len != 32) {
    return mp_const_false;
  }
  if (sig.len != 64) {
    return mp_const_false;
  }
  if (dig.len != 32) {
    return mp_const_false;
  }
  int ret = zkp_schnorr_verify_digest((const uint8_t *)pk.buf,
                                      (const uint8_t *)sig.buf,
                                      (const uint8_t *)dig.buf);
  return mp_obj_new_bool(ret == 0);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_schnorr_verify_obj,
                                 mod_trezorcrypto_schnorr_verify);
 STATIC const mp_rom_map_elem_t mod_trezorcrypto_schnorr_globals_table[] = {
    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_schnorr)},
    {MP_ROM_QSTR(MP_QSTR_generate_secret),
     MP_ROM_PTR(&mod_trezorcrypto_schnorr_generate_secret_obj)},
    {MP_ROM_QSTR(MP_QSTR_publickey),
     MP_ROM_PTR(&mod_trezorcrypto_schnorr_publickey_obj)},
    {MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_schnorr_sign_obj)},
    {MP_ROM_QSTR(MP_QSTR_verify),
     MP_ROM_PTR(&mod_trezorcrypto_schnorr_verify_obj)}};
 STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_schnorr_globals,
                            mod_trezorcrypto_schnorr_globals_table);
 STATIC const mp_obj_module_t mod_trezorcrypto_schnorr_module = {
    .base = {&mp_type_module},
    .globals = (mp_obj_dict_t *)&mod_trezorcrypto_schnorr_globals,
 };
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
@ -43,6 +43,9 @@
 #include "modtrezorcrypto-pbkdf2.h"
 #include "modtrezorcrypto-random.h"
 #include "modtrezorcrypto-ripemd160.h"
 #ifdef USE_SECP256K1_ZKP_SCHNORR
 #include "modtrezorcrypto-schnorr.h"
 #endif
 #include "modtrezorcrypto-secp256k1.h"
 #include "modtrezorcrypto-sha1.h"
 #include "modtrezorcrypto-sha256.h"
@ -89,6 +92,10 @@ STATIC const mp_rom_map_elem_t mp_module_trezorcrypto_globals_table[] = {
     MP_ROM_PTR(&mod_trezorcrypto_Ripemd160_type)},
    {MP_ROM_QSTR(MP_QSTR_secp256k1),
     MP_ROM_PTR(&mod_trezorcrypto_secp256k1_module)},
 #ifdef USE_SECP256K1_ZKP_SCHNORR
    {MP_ROM_QSTR(MP_QSTR_schnorr),
     MP_ROM_PTR(&mod_trezorcrypto_schnorr_module)},
 #endif
    {MP_ROM_QSTR(MP_QSTR_sha1), MP_ROM_PTR(&mod_trezorcrypto_Sha1_type)},
    {MP_ROM_QSTR(MP_QSTR_sha256), MP_ROM_PTR(&mod_trezorcrypto_Sha256_type)},
    {MP_ROM_QSTR(MP_QSTR_sha512), MP_ROM_PTR(&mod_trezorcrypto_Sha512_type)},
--- a/core/mocks/generated/trezorcrypto/schnorr.pyi
+++ b/core/mocks/generated/trezorcrypto/schnorr.pyi
@ -0,0 +1,33 @@
 from typing import *
 # extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
 def generate_secret() -> bytes:
    """
    Generate secret key.
    """
 # extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
 def publickey(secret_key: bytes) -> bytes:
    """
    Computes public key from secret key.
    """
 # extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
 def sign(
    secret_key: bytes,
    digest: bytes,
 ) -> bytes:
    """
    Uses secret key to produce the signature of the digest.
    """
 # extmod/modtrezorcrypto/modtrezorcrypto-schnorr.h
 def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
    """
    Uses public key to verify the signature of the digest.
    Returns True on success.
    """
--- a/core/src/trezor/crypto/curve.py
+++ b/core/src/trezor/crypto/curve.py
@ -1 +1,6 @@
 from trezorcrypto import curve25519, ed25519, nist256p1, secp256k1  # noqa: F401
 try:
    from trezorcrypto import schnorr  # noqa: F401
 except ImportError:
    pass
		`@ -0,0 +1 @@`
							`Support of BIP-340 Schnorr signatures (using secp256k1-zkp).`