modtrezorcrypto: add ECDH for nist256p1, secp256k1, curve25519 (multiply method)

2024-11-21 23:18:13 +00:00 · 2016-10-22 00:51:52 +02:00 · 2016-10-22 00:51:52 +02:00 · 7f5fa78f35
commit 7f5fa78f35
parent 4216e6f544
9 changed files with 133 additions and 3 deletions
--- a/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h
+++ b/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h
@ -0,0 +1,55 @@
+/*
+ * Copyright (c) Pavol Rusnak, SatoshiLabs
+ *
+ * Licensed under TREZOR License
+ * see LICENSE file for details
+ */
+
+#include "py/objstr.h"
+
+#include "trezor-crypto/curve25519-donna/curve25519-donna.h"
+
+typedef struct _mp_obj_Curve25519_t {
+    mp_obj_base_t base;
+} mp_obj_Curve25519_t;
+
+STATIC mp_obj_t mod_TrezorCrypto_Curve25519_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
+    mp_arg_check_num(n_args, n_kw, 0, 0, false);
+    mp_obj_Curve25519_t *o = m_new_obj(mp_obj_Curve25519_t);
+    o->base.type = type;
+    return MP_OBJ_FROM_PTR(o);
+}
+
+/// def trezor.crypto.curve.curve25519.multiply(secret_key: bytes, public_key: bytes) -> bytes:
+///     '''
+///     Multiplies point defined by public_key with scalar defined by secret_key
+///     Useful for ECDH
+///     '''
+STATIC mp_obj_t mod_TrezorCrypto_Curve25519_multiply(mp_obj_t self, mp_obj_t secret_key, mp_obj_t public_key) {
+    mp_buffer_info_t sk, pk;
+    mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
+    mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
+    if (sk.len != 32) {
+        mp_raise_ValueError("Invalid length of secret key");
+    }
+    if (pk.len != 32) {
+        mp_raise_ValueError("Invalid length of public key");
+    }
+    vstr_t vstr;
+    vstr_init_len(&vstr, 32);
+    curve25519_scalarmult((uint8_t *)vstr.buf, (const uint8_t *)sk.buf, (const uint8_t *)pk.buf);
+    return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_TrezorCrypto_Curve25519_multiply_obj, mod_TrezorCrypto_Curve25519_multiply);
+
+STATIC const mp_rom_map_elem_t mod_TrezorCrypto_Curve25519_locals_dict_table[] = {
+    { MP_ROM_QSTR(MP_QSTR_multiply), MP_ROM_PTR(&mod_TrezorCrypto_Curve25519_multiply_obj) },
+};
+STATIC MP_DEFINE_CONST_DICT(mod_TrezorCrypto_Curve25519_locals_dict, mod_TrezorCrypto_Curve25519_locals_dict_table);
+
+STATIC const mp_obj_type_t mod_TrezorCrypto_Curve25519_type = {
+    { &mp_type_type },
+    .name = MP_QSTR_Curve25519,
+    .make_new = mod_TrezorCrypto_Curve25519_make_new,
+    .locals_dict = (void*)&mod_TrezorCrypto_Curve25519_locals_dict,
+};
--- a/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
+++ b/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
@ -92,10 +92,35 @@ STATIC mp_obj_t mod_TrezorCrypto_Nist256p1_verify(size_t n_args, const mp_obj_t
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Nist256p1_verify_obj, 4, 4, mod_TrezorCrypto_Nist256p1_verify);

+/// def trezor.crypto.curve.nist256p1.multiply(secret_key: bytes, public_key: bytes) -> bytes:
+///     '''
+///     Multiplies point defined by public_key with scalar defined by secret_key
+///     Useful for ECDH
+///     '''
+STATIC mp_obj_t mod_TrezorCrypto_Nist256p1_multiply(mp_obj_t self, mp_obj_t secret_key, mp_obj_t public_key) {
+    mp_buffer_info_t sk, pk;
+    mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
+    mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
+    if (sk.len != 32) {
+        mp_raise_ValueError("Invalid length of secret key");
+    }
+    if (pk.len != 33 && pk.len != 65) {
+        mp_raise_ValueError("Invalid length of public key");
+    }
+    vstr_t vstr;
+    vstr_init_len(&vstr, 65);
+    if (0 != ecdh_multiply(&nist256p1, (const uint8_t *)sk.buf, (const uint8_t *)pk.buf, (uint8_t *)vstr.buf)) {
+        mp_raise_ValueError("Multiply failed");
+    }
+    return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_TrezorCrypto_Nist256p1_multiply_obj, mod_TrezorCrypto_Nist256p1_multiply);
+
 STATIC const mp_rom_map_elem_t mod_TrezorCrypto_Nist256p1_locals_dict_table[] = {
    { MP_ROM_QSTR(MP_QSTR_publickey), MP_ROM_PTR(&mod_TrezorCrypto_Nist256p1_publickey_obj) },
    { MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_TrezorCrypto_Nist256p1_sign_obj) },
    { MP_ROM_QSTR(MP_QSTR_verify), MP_ROM_PTR(&mod_TrezorCrypto_Nist256p1_verify_obj) },
+    { MP_ROM_QSTR(MP_QSTR_multiply), MP_ROM_PTR(&mod_TrezorCrypto_Nist256p1_multiply_obj) },
 };
 STATIC MP_DEFINE_CONST_DICT(mod_TrezorCrypto_Nist256p1_locals_dict, mod_TrezorCrypto_Nist256p1_locals_dict_table);

--- a/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h
+++ b/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h
@ -92,10 +92,35 @@ STATIC mp_obj_t mod_TrezorCrypto_Secp256k1_verify(size_t n_args, const mp_obj_t
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_TrezorCrypto_Secp256k1_verify_obj, 4, 4, mod_TrezorCrypto_Secp256k1_verify);

+/// def trezor.crypto.curve.secp256k1.multiply(secret_key: bytes, public_key: bytes) -> bytes:
+///     '''
+///     Multiplies point defined by public_key with scalar defined by secret_key
+///     Useful for ECDH
+///     '''
+STATIC mp_obj_t mod_TrezorCrypto_Secp256k1_multiply(mp_obj_t self, mp_obj_t secret_key, mp_obj_t public_key) {
+    mp_buffer_info_t sk, pk;
+    mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
+    mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
+    if (sk.len != 32) {
+        mp_raise_ValueError("Invalid length of secret key");
+    }
+    if (pk.len != 33 && pk.len != 65) {
+        mp_raise_ValueError("Invalid length of public key");
+    }
+    vstr_t vstr;
+    vstr_init_len(&vstr, 65);
+    if (0 != ecdh_multiply(&secp256k1, (const uint8_t *)sk.buf, (const uint8_t *)pk.buf, (uint8_t *)vstr.buf)) {
+        mp_raise_ValueError("Multiply failed");
+    }
+    return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_TrezorCrypto_Secp256k1_multiply_obj, mod_TrezorCrypto_Secp256k1_multiply);
+
 STATIC const mp_rom_map_elem_t mod_TrezorCrypto_Secp256k1_locals_dict_table[] = {
    { MP_ROM_QSTR(MP_QSTR_publickey), MP_ROM_PTR(&mod_TrezorCrypto_Secp256k1_publickey_obj) },
    { MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_TrezorCrypto_Secp256k1_sign_obj) },
    { MP_ROM_QSTR(MP_QSTR_verify), MP_ROM_PTR(&mod_TrezorCrypto_Secp256k1_verify_obj) },
+    { MP_ROM_QSTR(MP_QSTR_multiply), MP_ROM_PTR(&mod_TrezorCrypto_Secp256k1_multiply_obj) },
 };
 STATIC MP_DEFINE_CONST_DICT(mod_TrezorCrypto_Secp256k1_locals_dict, mod_TrezorCrypto_Secp256k1_locals_dict_table);

--- a/extmod/modtrezorcrypto/modtrezorcrypto.c
+++ b/extmod/modtrezorcrypto/modtrezorcrypto.c
@ -18,6 +18,7 @@
 #include "modtrezorcrypto-aes.h"
 #include "modtrezorcrypto-bip32.h"
 #include "modtrezorcrypto-bip39.h"
+#include "modtrezorcrypto-curve25519.h"
 #include "modtrezorcrypto-ed25519.h"
 #include "modtrezorcrypto-pbkdf2.h"
 #include "modtrezorcrypto-random.h"
@ -35,6 +36,7 @@ STATIC const mp_rom_map_elem_t mp_module_TrezorCrypto_globals_table[] = {
    { MP_ROM_QSTR(MP_QSTR_AES), MP_ROM_PTR(&mod_TrezorCrypto_AES_type) },
    { MP_ROM_QSTR(MP_QSTR_Bip32), MP_ROM_PTR(&mod_TrezorCrypto_Bip32_type) },
    { MP_ROM_QSTR(MP_QSTR_Bip39), MP_ROM_PTR(&mod_TrezorCrypto_Bip39_type) },
+    { MP_ROM_QSTR(MP_QSTR_Curve25519), MP_ROM_PTR(&mod_TrezorCrypto_Curve25519_type) },
    { MP_ROM_QSTR(MP_QSTR_Ed25519), MP_ROM_PTR(&mod_TrezorCrypto_Ed25519_type) },
    { MP_ROM_QSTR(MP_QSTR_Nist256p1), MP_ROM_PTR(&mod_TrezorCrypto_Nist256p1_type) },
    { MP_ROM_QSTR(MP_QSTR_Pbkdf2), MP_ROM_PTR(&mod_TrezorCrypto_Pbkdf2_type) },
--- a/src/tests/test_crypto_curve25519.py
+++ b/src/tests/test_crypto_curve25519.py
@ -0,0 +1,21 @@
+import sys
+sys.path.append('..')
+sys.path.append('../lib')
+import unittest
+from ubinascii import unhexlify
+
+from trezor.crypto.curve import curve25519
+
+class TestCryptoCurve25519(unittest.TestCase):
+
+    vectors = [
+        ('38c9d9b17911de26ed812f5cc19c0029e8d016bcbc6078bc9db2af33f1761e4a', '311b6248af8dabec5cc81eac5bf229925f6d218a12e0547fb1856e015cc76f5d', 'a93dbdb23e5c99da743e203bd391af79f2b83fb8d0fd6ec813371c71f08f2d4d'),
+    ]
+
+    def test_multiply(self):
+        for sk, pk, session in self.vectors:
+            session2 = curve25519.multiply(unhexlify(sk), unhexlify(pk))
+            self.assertEqual(session2, unhexlify(session))
+
+if __name__ == '__main__':
+    unittest.main()
--- a/src/tests/test_crypto_ed25519.py
+++ b/src/tests/test_crypto_ed25519.py
@ -8,7 +8,7 @@ from trezor.crypto.curve import ed25519

 class TestCryptoEd25519(unittest.TestCase):

-    # vectors from https://github.com/torproject/tor/blob/master/src/test/ed25519_vectors.in
+    # vectors from https://github.com/torproject/tor/blob/master/src/test/ed25519_vectors.inc
    vectors = [
        ('26c76712d89d906e6672dafa614c42e5cb1caac8c6568e4d2493087db51f0d36', 'c2247870536a192d142d056abefca68d6193158e7c1a59c1654c954eccaff894', 'd23188eac3773a316d46006fa59c095060be8b1a23582a0dd99002a82a0662bd246d8449e172e04c5f46ac0d1404cebe4aabd8a75a1457aa06cae41f3334f104'),
        ('fba7a5366b5cb98c2667a18783f5cf8f4f8d1a2ce939ad22a6e685edde85128d', '1519a3b15816a1aafab0b213892026ebf5c0dc232c58b21088d88cb90e9b940d', '3a785ac1201c97ee5f6f0d99323960d5f264c7825e61aa7cc81262f15bef75eb4fa5723add9b9d45b12311b6d403eb3ac79ff8e4e631fc3cd51e4ad2185b200b'),
--- a/src/trezor/crypto/curve.py
+++ b/src/trezor/crypto/curve.py
@ -1,7 +1,9 @@
+from TrezorCrypto import Curve25519
 from TrezorCrypto import Ed25519
 from TrezorCrypto import Nist256p1
 from TrezorCrypto import Secp256k1

+curve25519 = Curve25519()
 ed25519 = Ed25519()
 nist256p1 = Nist256p1()
 secp256k1 = Secp256k1()
--- a/vendor/micropython
+++ b/vendor/micropython
@ -1 +1 @@
-Subproject commit 2b160213ea5f9b1ba7ccefec34a4c6fc8448a7df
+Subproject commit 51bcadba1da9157b177b58103ceb072f9df57be7
--- a/vendor/trezor-crypto
+++ b/vendor/trezor-crypto
@ -1 +1 @@
-Subproject commit f45bcc65f29986156568201217d06f6966a1b31d
+Subproject commit 6d08eb99b8472a2896f73905c00a6405a258750c