def test_cosi_sign(self): self.setup_mnemonic_pin_passphrase() digest = sha256(b"this is a message").digest() c0 = cosi.commit(self.client, parse_path("10018'/0'"), digest) c1 = cosi.commit(self.client, parse_path("10018'/1'"), digest) c2 = cosi.commit(self.client, parse_path("10018'/2'"), digest) global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey]) global_R = cosi.combine_keys( [c0.commitment, c1.commitment, c2.commitment]) # fmt: off sig0 = cosi.sign(self.client, parse_path("10018'/0'"), digest, global_R, global_pk) sig1 = cosi.sign(self.client, parse_path("10018'/1'"), digest, global_R, global_pk) sig2 = cosi.sign(self.client, parse_path("10018'/2'"), digest, global_R, global_pk) # fmt: on sig = cosi.combine_sig( global_R, [sig0.signature, sig1.signature, sig2.signature]) cosi.verify(sig, digest, global_pk)
def test_cosi_combination(keyset): message = hashlib.sha512(b"You all have to sign this.").digest() selection = [RFC8032_VECTORS[i] for i in keyset] # zip(*iterable) turns a list of tuples to a tuple of lists privkeys, pubkeys, _, _ = zip(*selection) nonce_pairs = [cosi.get_nonce(pk, message) for pk in privkeys] nonces, commits = zip(*nonce_pairs) # calculate global pubkey and commitment global_pk = cosi.combine_keys(pubkeys) global_commit = cosi.combine_keys(commits) # generate individual signatures signatures = [ cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit) for privkey, nonce in zip(privkeys, nonces) ] # combine signatures global_sig = cosi.combine_sig(global_commit, signatures) try: cosi.verify(global_sig, message, global_pk) except Exception: pytest.fail("Failed to validate global signature")
def test_cosi_combination(keyset): message = hashlib.sha512(b"You all have to sign this.").digest() selection = [RFC8032_VECTORS[i] for i in keyset] # zip(*iterable) turns a list of tuples to a tuple of lists privkeys, pubkeys, _, _ = zip(*selection) nonce_pairs = [cosi.get_nonce(pk, message) for pk in privkeys] nonces, commits = zip(*nonce_pairs) # calculate global pubkey and commitment global_pk = cosi.combine_keys(pubkeys) global_commit = cosi.combine_keys(commits) # generate individual signatures signatures = [ cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit) for privkey, nonce in zip(privkeys, nonces) ] # combine signatures global_sig = cosi.combine_sig(global_commit, signatures) try: cosi.verify(global_sig, message, global_pk) except ValueError: pytest.fail("Failed to validate global signature")
def process_remote_signers(fw, addrs: List[str]) -> Tuple[int, List[bytes]]: if len(addrs) < fw.sigs_required: raise click.ClickException( "Not enough signers (need at least {})".format(fw.sigs_required)) digest = fw.digest() name = fw.NAME def mkproxy(addr): return Pyro4.Proxy("PYRO:keyctl@{}:{}".format(addr, PORT)) sigmask = 0 pks, Rs = [], [] for addr in addrs: click.echo("Connecting to {}...".format(addr)) with mkproxy(addr) as proxy: pk, R = proxy.get_commit(name, digest) if pk not in fw.public_keys: raise click.ClickException( "Signer at {} commits with unknown public key {}".format( addr, pk.hex())) idx = fw.public_keys.index(pk) click.echo("Signer at {} commits with public key #{}: {}".format( addr, idx + 1, pk.hex())) sigmask |= 1 << idx pks.append(pk) Rs.append(R) # compute global commit global_pk = cosi.combine_keys(pks) global_R = cosi.combine_keys(Rs) # collect signatures sigs = [] for addr in addrs: click.echo("Waiting for {} to sign... ".format(addr), nl=False) with mkproxy(addr) as proxy: sig = proxy.get_signature(name, digest, global_R, global_pk) sigs.append(sig) click.echo("OK") for addr in addrs: with mkproxy(addr) as proxy: proxy.finish() # compute global signature return sigmask, cosi.combine_sig(global_R, sigs)
def test_m_of_n(): privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS) message = hashlib.sha512(b"My hovercraft is full of eels!").digest() signer_ids = 0, 2, 3 signers = [privkeys[i] for i in signer_ids] signer_pubkeys = [pubkeys[i] for i in signer_ids] sigmask = sum(1 << i for i in signer_ids) # generate multisignature nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers] nonces, commits = zip(*nonce_pairs) global_pk = cosi.combine_keys(signer_pubkeys) global_commit = cosi.combine_keys(commits) signatures = [ cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit) for privkey, nonce in zip(signers, nonces) ] global_sig = cosi.combine_sig(global_commit, signatures) try: # this is what we are actually doing cosi.verify(global_sig, message, 3, pubkeys, sigmask) # we can require less signers too cosi.verify(global_sig, message, 1, pubkeys, sigmask) except Exception: pytest.fail("Failed to validate by sigmask") # and now for various ways that should fail with pytest.raises(ValueError) as e: cosi.verify(global_sig, message, 3, pubkeys[:2], sigmask) assert "more public keys than provided" in e.value.args[0] with pytest.raises(ValueError) as e: cosi.verify(global_sig, message, 0, pubkeys, 0) assert "At least one signer" in e.value.args[0] with pytest.raises(_ed25519.SignatureMismatch) as e: # at least 5 signatures required cosi.verify(global_sig, message, 5, pubkeys, sigmask) assert "Insufficient number of signatures" in e.value.args[0] with pytest.raises(_ed25519.SignatureMismatch) as e: # wrong sigmask cosi.verify(global_sig, message, 3, pubkeys, 7) assert "signature does not pass verification" in e.value.args[0]
def test_m_of_n(): privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS) message = hashlib.sha512(b"My hovercraft is full of eels!").digest() signer_ids = 0, 2, 3 signers = [privkeys[i] for i in signer_ids] signer_pubkeys = [pubkeys[i] for i in signer_ids] sigmask = sum(1 << i for i in signer_ids) # generate multisignature nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers] nonces, commits = zip(*nonce_pairs) global_pk = cosi.combine_keys(signer_pubkeys) global_commit = cosi.combine_keys(commits) signatures = [ cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit) for privkey, nonce in zip(signers, nonces) ] global_sig = cosi.combine_sig(global_commit, signatures) try: # this is what we are actually doing cosi.verify_m_of_n(global_sig, message, 3, 4, sigmask, pubkeys) # we can require less signers too cosi.verify_m_of_n(global_sig, message, 1, 4, sigmask, pubkeys) except Exception: pytest.fail("Failed to validate by sigmask") # and now for various ways that should fail with pytest.raises(ValueError) as e: cosi.verify_m_of_n(global_sig, message, 4, 4, sigmask, pubkeys) assert "Not enough signers" in e.value.args[0] with pytest.raises(_ed25519.SignatureMismatch): # when N < number of possible signers, the topmost signers will be ignored cosi.verify_m_of_n(global_sig, message, 2, 3, sigmask, pubkeys) with pytest.raises(_ed25519.SignatureMismatch): # wrong sigmask cosi.verify_m_of_n(global_sig, message, 1, 4, 5, pubkeys) with pytest.raises(ValueError): # can't use "0 of N" scheme cosi.verify_m_of_n(global_sig, message, 0, 4, sigmask, pubkeys)
def test_cosi_compat(self): self.setup_mnemonic_pin_passphrase() digest = sha256(b'this is not a pipe').digest() remote_commit = self.client.cosi_commit(parse_path("10018'/0'"), digest) local_privkey = sha256(b'private key').digest()[:32] local_pubkey = cosi.pubkey_from_privkey(local_privkey) local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42) global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey]) global_R = cosi.combine_keys([remote_commit.commitment, local_commitment]) remote_sig = self.client.cosi_sign(parse_path("10018'/0'"), digest, global_R, global_pk) local_sig = cosi.sign_with_privkey(digest, local_privkey, global_pk, local_nonce, global_R) sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig]) cosi.verify(sig, digest, global_pk)
def test_cosi_compat(client): digest = sha256(b"this is not a pipe").digest() remote_commit = cosi.commit(client, parse_path("10018'/0'"), digest) local_privkey = sha256(b"private key").digest()[:32] local_pubkey = cosi.pubkey_from_privkey(local_privkey) local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42) global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey]) global_R = cosi.combine_keys([remote_commit.commitment, local_commitment]) remote_sig = cosi.sign(client, parse_path("10018'/0'"), digest, global_R, global_pk) local_sig = cosi.sign_with_privkey(digest, local_privkey, global_pk, local_nonce, global_R) sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig]) cosi.verify_combined(sig, digest, global_pk)
def test_m_of_n(): privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS) message = hashlib.sha512(b"My hovercraft is full of eels!").digest() signer_ids = 0, 2, 3 signers = [privkeys[i] for i in signer_ids] signer_pubkeys = [pubkeys[i] for i in signer_ids] sigmask = sum(1 << i for i in signer_ids) # generate multisignature nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers] nonces, commits = zip(*nonce_pairs) global_pk = cosi.combine_keys(signer_pubkeys) global_commit = cosi.combine_keys(commits) signatures = [ cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit) for privkey, nonce in zip(signers, nonces) ] global_sig = cosi.combine_sig(global_commit, signatures) try: # this is what we are actually doing cosi.verify_m_of_n(global_sig, message, 3, 4, sigmask, pubkeys) # we can require less signers too cosi.verify_m_of_n(global_sig, message, 1, 4, sigmask, pubkeys) except Exception: pytest.fail("Failed to validate by sigmask") # and now for various ways that should fail with pytest.raises(ValueError) as e: cosi.verify_m_of_n(global_sig, message, 4, 4, sigmask, pubkeys) assert "Not enough signers" in e.value.args[0] with pytest.raises(_ed25519.SignatureMismatch): # when N < number of possible signers, the topmost signers will be ignored cosi.verify_m_of_n(global_sig, message, 2, 3, sigmask, pubkeys) with pytest.raises(_ed25519.SignatureMismatch): # wrong sigmask cosi.verify_m_of_n(global_sig, message, 1, 4, 5, pubkeys) with pytest.raises(ValueError): # can't use "0 of N" scheme cosi.verify_m_of_n(global_sig, message, 0, 4, sigmask, pubkeys)
def sign_with_privkeys(digest: bytes, privkeys: List[bytes]) -> bytes: """Locally produce a CoSi signature.""" pubkeys = [cosi.pubkey_from_privkey(sk) for sk in privkeys] nonces = [cosi.get_nonce(sk, digest, i) for i, sk in enumerate(privkeys)] global_pk = cosi.combine_keys(pubkeys) global_R = cosi.combine_keys(R for r, R in nonces) sigs = [ cosi.sign_with_privkey(digest, sk, global_pk, r, global_R) for sk, (r, R) in zip(privkeys, nonces) ] signature = cosi.combine_sig(global_R, sigs) try: cosi.verify_combined(signature, digest, global_pk) except Exception as e: raise click.ClickException("Failed to produce valid signature.") from e return signature
def test_cosi_compat(self): self.setup_mnemonic_pin_passphrase() digest = sha256(b"this is not a pipe").digest() remote_commit = cosi.commit(self.client, parse_path("10018'/0'"), digest) local_privkey = sha256(b"private key").digest()[:32] local_pubkey = cosi.pubkey_from_privkey(local_privkey) local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42) global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey]) global_R = cosi.combine_keys([remote_commit.commitment, local_commitment]) remote_sig = cosi.sign( self.client, parse_path("10018'/0'"), digest, global_R, global_pk ) local_sig = cosi.sign_with_privkey( digest, local_privkey, global_pk, local_nonce, global_R ) sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig]) cosi.verify(sig, digest, global_pk)
def test_cosi_sign(self): self.setup_mnemonic_pin_passphrase() digest = sha256(b"this is a message").digest() c0 = cosi.commit(self.client, parse_path("10018'/0'"), digest) c1 = cosi.commit(self.client, parse_path("10018'/1'"), digest) c2 = cosi.commit(self.client, parse_path("10018'/2'"), digest) global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey]) global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment]) # fmt: off sig0 = cosi.sign(self.client, parse_path("10018'/0'"), digest, global_R, global_pk) sig1 = cosi.sign(self.client, parse_path("10018'/1'"), digest, global_R, global_pk) sig2 = cosi.sign(self.client, parse_path("10018'/2'"), digest, global_R, global_pk) # fmt: on sig = cosi.combine_sig( global_R, [sig0.signature, sig1.signature, sig2.signature] ) cosi.verify(sig, digest, global_pk)
def test_cosi_sign(client): digest = sha256(b"this is a message").digest() c0 = cosi.commit(client, parse_path("10018'/0'"), digest) c1 = cosi.commit(client, parse_path("10018'/1'"), digest) c2 = cosi.commit(client, parse_path("10018'/2'"), digest) global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey]) global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment]) # fmt: off sig0 = cosi.sign(client, parse_path("10018'/0'"), digest, global_R, global_pk) sig1 = cosi.sign(client, parse_path("10018'/1'"), digest, global_R, global_pk) sig2 = cosi.sign(client, parse_path("10018'/2'"), digest, global_R, global_pk) # fmt: on sig = cosi.combine_sig(global_R, [sig0.signature, sig1.signature, sig2.signature]) cosi.verify_combined(sig, digest, global_pk)