Skip to content

Commit

Permalink
[bls-signing] sign using the stored pk instead of derive it again
Browse files Browse the repository at this point in the history
  • Loading branch information
spalmer25 committed Nov 6, 2024
1 parent 47c61e5 commit 9146ccf
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 15 deletions.
1 change: 1 addition & 0 deletions src/apdu_hmac.c
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ static inline tz_exc hmac(uint8_t *const out,
CX_CHECK(sign(state->signed_hmac_key,
&signed_hmac_key_size,
path_with_curve,
NULL,
key_sha256,
sizeof(key_sha256)));

Expand Down
7 changes: 6 additions & 1 deletion src/apdu_sign.c
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,12 @@ static int perform_signature(bool const send_hash) {

size_t signature_size = MAX_SIGNATURE_SIZE;

CX_CHECK(sign(resp + offset, &signature_size, &global.path_with_curve, message, message_len));
CX_CHECK(sign(resp + offset,
&signature_size,
&global.path_with_curve,
(cx_ecfp_public_key_t *) &global.public_key,
message,
message_len));

offset += signature_size;

Expand Down
27 changes: 19 additions & 8 deletions src/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -131,12 +131,14 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path,
// https://gitlab.com/tezos/tezos/-/blob/master/src/lib_bls12_381_signature/bls12_381_signature.ml?ref_type=heads#L351
static const uint8_t CIPHERSUITE[] = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_AUG_";

WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t *path,
size_t path_len,
uint8_t const *msg,
size_t msg_len,
uint8_t *sig,
size_t *sig_len) {
WARN_UNUSED_RESULT cx_err_t
bip32_derive_with_seed_bls_sign_hash(const uint32_t *path,
size_t path_len,
cx_ecfp_384_public_key_t *public_key,
uint8_t const *msg,
size_t msg_len,
uint8_t *sig,
size_t *sig_len) {
cx_err_t error = CX_OK;
cx_ecfp_384_private_key_t privkey = {0};
uint8_t hash[CX_BLS_BLS12381_PARAM_LEN * 4] = {0};
Expand All @@ -156,8 +158,17 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t
// Derive private key according to BIP32 path
CX_CHECK(bip32_derive_init_privkey_bls(path, path_len, &privkey));

CX_CHECK(bip32_derive_get_pubkey_bls(path, path_len, raw_pubkey));
memmove(tmp, raw_pubkey + 1, BLS_COMPRESSED_PK_LEN);
if (public_key == NULL) {
CX_CHECK(bip32_derive_get_pubkey_bls(path, path_len, raw_pubkey));
memmove(tmp, raw_pubkey + 1, BLS_COMPRESSED_PK_LEN);
} else {
if ((public_key->curve != CX_CURVE_BLS12_381_G1) ||
(public_key->W_len < (BLS_COMPRESSED_PK_LEN + 1u))) {
error = CX_INVALID_PARAMETER_VALUE;
goto end;
}
memmove(tmp, public_key->W + 1, BLS_COMPRESSED_PK_LEN);
}
memmove(tmp + BLS_COMPRESSED_PK_LEN, msg, msg_len);

CX_CHECK(cx_hash_to_field(tmp,
Expand Down
17 changes: 11 additions & 6 deletions src/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path,
*
* @param[in] path_len Bip32 path length.
*
* @param[in] public_key Must be the BLS key associated with the path and the inner seed.
* If NULL, it will be computed using the path and the inner seed.
*
* @param[in] msg Digest of the message to be signed.
* The length of *message* must be shorter than the group order size.
* Otherwise it is truncated.
Expand All @@ -73,10 +76,12 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path,
* - CX_EC_INVALID_CURVE
* - CX_INTERNAL_ERROR
*/
WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t *path,
size_t path_len,
uint8_t const *msg,
size_t msg_len,
uint8_t *sig,
size_t *sig_len);
WARN_UNUSED_RESULT cx_err_t
bip32_derive_with_seed_bls_sign_hash(const uint32_t *path,
size_t path_len,
cx_ecfp_384_public_key_t *public_key,
uint8_t const *msg,
size_t msg_len,
uint8_t *sig,
size_t *sig_len);
#endif
5 changes: 5 additions & 0 deletions src/keys.c
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,12 @@ cx_err_t public_key_hash(uint8_t *const hash_out,
cx_err_t sign(uint8_t *const out,
size_t *out_size,
bip32_path_with_curve_t const *const path_with_curve,
cx_ecfp_public_key_t *public_key,
uint8_t const *const in,
size_t const in_size) {
#ifdef TARGET_NANOS
UNUSED(public_key);
#endif
if ((out == NULL) || (out_size == NULL) || (path_with_curve == NULL) || (in == NULL)) {
return CX_INVALID_PARAMETER;
}
Expand Down Expand Up @@ -219,6 +223,7 @@ cx_err_t sign(uint8_t *const out,
case DERIVATION_TYPE_BLS12_381: {
CX_CHECK(bip32_derive_with_seed_bls_sign_hash(bip32_path->components,
bip32_path->length,
(cx_ecfp_384_public_key_t *) public_key,
(uint8_t const *) PIC(in),
in_size,
out,
Expand Down
4 changes: 4 additions & 0 deletions src/keys.h
Original file line number Diff line number Diff line change
Expand Up @@ -289,12 +289,16 @@ cx_err_t public_key_hash(uint8_t *const hash_out,
* @param out: signature output
* @param out_size: output size
* @param path_with_curve: bip32 path and curve of the key
* @param public_key: BLS public key associated with the path and the inner seed.
* Will be used only for BLS signature.
* If NULL, it will be computed using the path and the inner seed.
* @param in: message input
* @param in_size: input size
* @return cx_err_t: error, CX_OK if none
*/
cx_err_t sign(uint8_t *const out,
size_t *out_size,
bip32_path_with_curve_t const *const path_with_curve,
cx_ecfp_public_key_t *public_key,
uint8_t const *const in,
size_t const in_size);

0 comments on commit 9146ccf

Please sign in to comment.