def test_cosi_combination(keyset):
message = hashlib.sha512(b"You all have to sign this.").digest()
selection = [RFC8032_VECTORS[i] for i in keyset]
# zip(*iterable) turns a list of tuples to a tuple of lists
privkeys, pubkeys, _, _ = zip(*selection)
nonce_pairs = [cosi.get_nonce(pk, message) for pk in privkeys]
nonces, commits = zip(*nonce_pairs)
# calculate global pubkey and commitment
global_pk = cosi.combine_keys(pubkeys)
global_commit = cosi.combine_keys(commits)
# generate individual signatures
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce,
global_commit)
for privkey, nonce in zip(privkeys, nonces)
]
# combine signatures
global_sig = cosi.combine_sig(global_commit, signatures)
try:
cosi.verify_combined(global_sig, message, global_pk)
except Exception:
pytest.fail("Failed to validate global signature")
def test_single_eddsa_vector(privkey, pubkey, message, signature):
my_pubkey = cosi.pubkey_from_privkey(privkey)
assert my_pubkey == pubkey
try:
cosi.verify_combined(signature, message, pubkey)
except ValueError:
pytest.fail("Signature does not verify.")
fake_signature = signature[:37] + b"\xf0" + signature[38:]
with pytest.raises(_ed25519.SignatureMismatch):
cosi.verify_combined(fake_signature, message, pubkey)
def test_cosi_compat(client):
digest = sha256(b"this is not a pipe").digest()
remote_commit = cosi.commit(client, parse_path("10018'/0'"), digest)
local_privkey = sha256(b"private key").digest()[:32]
local_pubkey = cosi.pubkey_from_privkey(local_privkey)
local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42)
global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey])
global_R = cosi.combine_keys([remote_commit.commitment, local_commitment])
remote_sig = cosi.sign(client, parse_path("10018'/0'"), digest, global_R,
global_pk)
local_sig = cosi.sign_with_privkey(digest, local_privkey, global_pk,
local_nonce, global_R)
sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig])
cosi.verify_combined(sig, digest, global_pk)
def sign_with_privkeys(digest: bytes, privkeys: List[bytes]) -> bytes:
"""Locally produce a CoSi signature."""
pubkeys = [cosi.pubkey_from_privkey(sk) for sk in privkeys]
nonces = [cosi.get_nonce(sk, digest, i) for i, sk in enumerate(privkeys)]
global_pk = cosi.combine_keys(pubkeys)
global_R = cosi.combine_keys(R for r, R in nonces)
sigs = [
cosi.sign_with_privkey(digest, sk, global_pk, r, global_R)
for sk, (r, R) in zip(privkeys, nonces)
]
signature = cosi.combine_sig(global_R, sigs)
try:
cosi.verify_combined(signature, digest, global_pk)
except Exception as e:
raise click.ClickException("Failed to produce valid signature.") from e
return signature
def test_cosi_sign(client):
digest = sha256(b"this is a message").digest()
c0 = cosi.commit(client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(client, parse_path("10018'/2'"), digest)
global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey])
global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment])
# fmt: off
sig0 = cosi.sign(client, parse_path("10018'/0'"), digest, global_R,
global_pk)
sig1 = cosi.sign(client, parse_path("10018'/1'"), digest, global_R,
global_pk)
sig2 = cosi.sign(client, parse_path("10018'/2'"), digest, global_R,
global_pk)
# fmt: on
sig = cosi.combine_sig(global_R,
[sig0.signature, sig1.signature, sig2.signature])
cosi.verify_combined(sig, digest, global_pk)