From 9146ccfb690457df878b10e91d3ff50ee07d4d48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= Date: Fri, 25 Oct 2024 17:56:37 +0200 Subject: [PATCH] [bls-signing] sign using the stored pk instead of derive it again --- src/apdu_hmac.c | 1 + src/apdu_sign.c | 7 ++++++- src/crypto.c | 27 +++++++++++++++++++-------- src/crypto.h | 17 +++++++++++------ src/keys.c | 5 +++++ src/keys.h | 4 ++++ 6 files changed, 46 insertions(+), 15 deletions(-) diff --git a/src/apdu_hmac.c b/src/apdu_hmac.c index ec0558ee..b6e5e02e 100644 --- a/src/apdu_hmac.c +++ b/src/apdu_hmac.c @@ -66,6 +66,7 @@ static inline tz_exc hmac(uint8_t *const out, CX_CHECK(sign(state->signed_hmac_key, &signed_hmac_key_size, path_with_curve, + NULL, key_sha256, sizeof(key_sha256))); diff --git a/src/apdu_sign.c b/src/apdu_sign.c index 709c5742..3826f03f 100644 --- a/src/apdu_sign.c +++ b/src/apdu_sign.c @@ -311,7 +311,12 @@ static int perform_signature(bool const send_hash) { size_t signature_size = MAX_SIGNATURE_SIZE; - CX_CHECK(sign(resp + offset, &signature_size, &global.path_with_curve, message, message_len)); + CX_CHECK(sign(resp + offset, + &signature_size, + &global.path_with_curve, + (cx_ecfp_public_key_t *) &global.public_key, + message, + message_len)); offset += signature_size; diff --git a/src/crypto.c b/src/crypto.c index f60eb31d..42df1861 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -131,12 +131,14 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path, // https://gitlab.com/tezos/tezos/-/blob/master/src/lib_bls12_381_signature/bls12_381_signature.ml?ref_type=heads#L351 static const uint8_t CIPHERSUITE[] = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_AUG_"; -WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t *path, - size_t path_len, - uint8_t const *msg, - size_t msg_len, - uint8_t *sig, - size_t *sig_len) { +WARN_UNUSED_RESULT cx_err_t +bip32_derive_with_seed_bls_sign_hash(const uint32_t *path, + size_t path_len, + cx_ecfp_384_public_key_t *public_key, + uint8_t const *msg, + size_t msg_len, + uint8_t *sig, + size_t *sig_len) { cx_err_t error = CX_OK; cx_ecfp_384_private_key_t privkey = {0}; uint8_t hash[CX_BLS_BLS12381_PARAM_LEN * 4] = {0}; @@ -156,8 +158,17 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t // Derive private key according to BIP32 path CX_CHECK(bip32_derive_init_privkey_bls(path, path_len, &privkey)); - CX_CHECK(bip32_derive_get_pubkey_bls(path, path_len, raw_pubkey)); - memmove(tmp, raw_pubkey + 1, BLS_COMPRESSED_PK_LEN); + if (public_key == NULL) { + CX_CHECK(bip32_derive_get_pubkey_bls(path, path_len, raw_pubkey)); + memmove(tmp, raw_pubkey + 1, BLS_COMPRESSED_PK_LEN); + } else { + if ((public_key->curve != CX_CURVE_BLS12_381_G1) || + (public_key->W_len < (BLS_COMPRESSED_PK_LEN + 1u))) { + error = CX_INVALID_PARAMETER_VALUE; + goto end; + } + memmove(tmp, public_key->W + 1, BLS_COMPRESSED_PK_LEN); + } memmove(tmp + BLS_COMPRESSED_PK_LEN, msg, msg_len); CX_CHECK(cx_hash_to_field(tmp, diff --git a/src/crypto.h b/src/crypto.h index ba51738b..6b849015 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -58,6 +58,9 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path, * * @param[in] path_len Bip32 path length. * + * @param[in] public_key Must be the BLS key associated with the path and the inner seed. + * If NULL, it will be computed using the path and the inner seed. + * * @param[in] msg Digest of the message to be signed. * The length of *message* must be shorter than the group order size. * Otherwise it is truncated. @@ -73,10 +76,12 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_get_pubkey_bls(const uint32_t *path, * - CX_EC_INVALID_CURVE * - CX_INTERNAL_ERROR */ -WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_bls_sign_hash(const uint32_t *path, - size_t path_len, - uint8_t const *msg, - size_t msg_len, - uint8_t *sig, - size_t *sig_len); +WARN_UNUSED_RESULT cx_err_t +bip32_derive_with_seed_bls_sign_hash(const uint32_t *path, + size_t path_len, + cx_ecfp_384_public_key_t *public_key, + uint8_t const *msg, + size_t msg_len, + uint8_t *sig, + size_t *sig_len); #endif diff --git a/src/keys.c b/src/keys.c index d8c925dd..faa5f7c7 100644 --- a/src/keys.c +++ b/src/keys.c @@ -165,8 +165,12 @@ cx_err_t public_key_hash(uint8_t *const hash_out, cx_err_t sign(uint8_t *const out, size_t *out_size, bip32_path_with_curve_t const *const path_with_curve, + cx_ecfp_public_key_t *public_key, uint8_t const *const in, size_t const in_size) { +#ifdef TARGET_NANOS + UNUSED(public_key); +#endif if ((out == NULL) || (out_size == NULL) || (path_with_curve == NULL) || (in == NULL)) { return CX_INVALID_PARAMETER; } @@ -219,6 +223,7 @@ cx_err_t sign(uint8_t *const out, case DERIVATION_TYPE_BLS12_381: { CX_CHECK(bip32_derive_with_seed_bls_sign_hash(bip32_path->components, bip32_path->length, + (cx_ecfp_384_public_key_t *) public_key, (uint8_t const *) PIC(in), in_size, out, diff --git a/src/keys.h b/src/keys.h index 7d5071fa..66863ea9 100644 --- a/src/keys.h +++ b/src/keys.h @@ -289,6 +289,9 @@ cx_err_t public_key_hash(uint8_t *const hash_out, * @param out: signature output * @param out_size: output size * @param path_with_curve: bip32 path and curve of the key + * @param public_key: BLS public key associated with the path and the inner seed. + * Will be used only for BLS signature. + * If NULL, it will be computed using the path and the inner seed. * @param in: message input * @param in_size: input size * @return cx_err_t: error, CX_OK if none @@ -296,5 +299,6 @@ cx_err_t public_key_hash(uint8_t *const hash_out, cx_err_t sign(uint8_t *const out, size_t *out_size, bip32_path_with_curve_t const *const path_with_curve, + cx_ecfp_public_key_t *public_key, uint8_t const *const in, size_t const in_size);