tools: remove ed25519 dependency, prepare for ed25519cosi signing

.travis.yml

@@ -35,7 +35,7 @@ before_install:
 
 install:
     - pip3 install --user scons
-    - pip3 install --user ed25519 pyblake2
+    - pip3 install --user pyblake2
     - pip3 install --user flake8
     - pip3 install --user pytest
     - pip3 install --user ecdsa mnemonic protobuf requests

README.md

@@ -25,7 +25,7 @@ cd trezor-core
 #### Debian/Ubuntu
 
 ```sh
-sudo -H pip install ed25519 pyblake2
+sudo -H pip install pyblake2
 
 sudo dpkg --add-architecture i386
 sudo apt-get update
@@ -37,7 +37,7 @@ make build_unix
 #### Fedora
 
 ```sh
-sudo pip install ed25519 pyblake2
+sudo pip install pyblake2
 
 sudo yum install scons SDL2-devel.i686 SDL2_image-devel.i686
 
@@ -47,7 +47,7 @@ make build_unix
 #### openSUSE
 
 ```sh
-sudo pip install ed25519 pyblake2
+sudo pip install pyblake2
 
 sudo zypper install scons libSDL2-devel-32bit libSDL2_image-devel-32bit
 
@@ -57,7 +57,7 @@ make build_unix
 ### OS X
 
 ```sh
-pip install ed25519 pyblake2
+pip install pyblake2
 
 brew install scons sdl2 sdl2_image
 
@@ -78,7 +78,7 @@ or `make flash STLINKv21=1` if using a ST-LINK/V2.1 interface.
 #### Debian/Ubuntu
 
 ```sh
-sudo pip install ed25519 pyblake2
+sudo pip install pyblake2
 
 sudo apt-get install gcc-arm-none-eabi libnewlib-arm-none-eabi
 

tools/binctl

@@ -5,14 +5,19 @@ from __future__ import print_function
 import sys
 import struct
 import binascii
-import ed25519
 import pyblake2
 
+import ed25519raw
 
-def sign_data(seckey, data):
-    signkey = ed25519.SigningKey(seckey)
-    digest = pyblake2.blake2s(data).digest()
-    return signkey.sign(digest)
+
+def sign_data(seckeys, data):
+    if len(seckeys) == 1:
+        sk = seckeys[0]
+        pk = ed25519raw.publickey(sk)
+        digest = pyblake2.blake2s(data).digest()
+        return ed25519raw.signature(digest, sk, pk)
+    else:
+        raise NotImplementedError
 
 
 def format_sigmask(sigmask):
@@ -79,12 +84,12 @@ class BinImage(object):
         assert len(header) == self.hdrlen
         return header
 
-    def sign(self, sigmask, seckey):
+    def sign(self, sigmask, seckeys):
         header = self.serialize_header(sig=False)
         data = header + self.code
         assert len(data) == self.hdrlen + self.codelen
         self.sigmask = sigmask
-        self.sig = sign_data(seckey, data)
+        self.sig = sign_data(seckeys, data)
 
     def write(self, filename):
         with open(filename, 'wb') as f:
@@ -180,10 +185,10 @@ class VendorHeader(object):
         assert len(header) == self.hdrlen
         return header
 
-    def sign(self, sigmask, seckey):
+    def sign(self, sigmask, seckeys):
         header = self.serialize_header(sig=False)
         self.sigmask = sigmask
-        self.sig = sign_data(seckey, header)
+        self.sig = sign_data(seckeys, header)
 
     def write(self, filename):
         with open(filename, 'wb') as f:
@@ -216,9 +221,17 @@ def main():
     sign = len(sys.argv) > 2 and sys.argv[2] == '-s'
     b = binopen(fn)
     if sign:
-        sigmask = 1 << (int(sys.argv[3]) - 1)
-        seckey = binascii.unhexlify(sys.argv[4])
-        b.sign(sigmask, seckey)
+        sigmask = 0
+        if ':' in sys.argv[3]:
+            for idx in sys.argv[3].split(':'):
+                sigmask = 1 << (int(idx) - 1)
+        else:
+            sigmask = 1 << (int(sys.argv[3]) - 1)
+        if ':' in sys.argv[4]:
+            seckeys = [binascii.unhexlify(h) for h in sys.argv[4].split(':')]
+        else:
+            seckeys = [binascii.unhexlify(sys.argv[4])]
+        b.sign(sigmask, seckeys)
         print()
         b.write(fn)
     b.print()

tools/ed25519cosi.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python3
 import sys
 import binascii
 import ed25519raw
@@ -201,8 +200,7 @@ def main():
         usage()
 
 
-def test():
-    data = sys.argv[1].encode()
+def test(data):
     N = 3
     keyset = [0, 2]
 
@@ -257,4 +255,7 @@ def test():
 
 
 if __name__ == '__main__':
-    test()
+    if len(sys.argv) > 1:
+        test(data=sys.argv[1].encode())
+    else:
+        test(data=b'test')

tools/genkeys.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 import binascii
-import ed25519
+import ed25519raw
 
 def hex_to_c(s):
     return '"\\x' + '\\x'.join([s[i:i + 2] for i in range(0, len(s), 2)]) + '"'
@@ -12,8 +12,7 @@ for c in 'ABCDEFGHI':
     seckey_hex = binascii.hexlify(seckey).decode()
     print('seckey', seckey_hex)
     print('      ', hex_to_c(seckey_hex))
-    sk = ed25519.SigningKey(seckey)
-    pubkey = sk.get_verifying_key().to_bytes()
+    pubkey = ed25519raw.publickey(seckey)
     pubkey_hex = binascii.hexlify(pubkey).decode()
     print('pubkey', pubkey_hex)
     print('      ', hex_to_c(pubkey_hex))