def test_cosi_sign(self):
self.setup_mnemonic_pin_passphrase()
digest = sha256(b"this is a message").digest()
c0 = cosi.commit(self.client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(self.client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(self.client, parse_path("10018'/2'"), digest)
global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey])
global_R = cosi.combine_keys(
[c0.commitment, c1.commitment, c2.commitment])
# fmt: off
sig0 = cosi.sign(self.client, parse_path("10018'/0'"), digest,
global_R, global_pk)
sig1 = cosi.sign(self.client, parse_path("10018'/1'"), digest,
global_R, global_pk)
sig2 = cosi.sign(self.client, parse_path("10018'/2'"), digest,
global_R, global_pk)
# fmt: on
sig = cosi.combine_sig(
global_R, [sig0.signature, sig1.signature, sig2.signature])
cosi.verify(sig, digest, global_pk)
def test_cosi_combination(keyset):
message = hashlib.sha512(b"You all have to sign this.").digest()
selection = [RFC8032_VECTORS[i] for i in keyset]
# zip(*iterable) turns a list of tuples to a tuple of lists
privkeys, pubkeys, _, _ = zip(*selection)
nonce_pairs = [cosi.get_nonce(pk, message) for pk in privkeys]
nonces, commits = zip(*nonce_pairs)
# calculate global pubkey and commitment
global_pk = cosi.combine_keys(pubkeys)
global_commit = cosi.combine_keys(commits)
# generate individual signatures
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit)
for privkey, nonce in zip(privkeys, nonces)
]
# combine signatures
global_sig = cosi.combine_sig(global_commit, signatures)
try:
cosi.verify(global_sig, message, global_pk)
except Exception:
pytest.fail("Failed to validate global signature")
def test_cosi_combination(keyset):
message = hashlib.sha512(b"You all have to sign this.").digest()
selection = [RFC8032_VECTORS[i] for i in keyset]
# zip(*iterable) turns a list of tuples to a tuple of lists
privkeys, pubkeys, _, _ = zip(*selection)
nonce_pairs = [cosi.get_nonce(pk, message) for pk in privkeys]
nonces, commits = zip(*nonce_pairs)
# calculate global pubkey and commitment
global_pk = cosi.combine_keys(pubkeys)
global_commit = cosi.combine_keys(commits)
# generate individual signatures
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce,
global_commit)
for privkey, nonce in zip(privkeys, nonces)
]
# combine signatures
global_sig = cosi.combine_sig(global_commit, signatures)
try:
cosi.verify(global_sig, message, global_pk)
except ValueError:
pytest.fail("Failed to validate global signature")
def process_remote_signers(fw, addrs: List[str]) -> Tuple[int, List[bytes]]:
if len(addrs) < fw.sigs_required:
raise click.ClickException(
"Not enough signers (need at least {})".format(fw.sigs_required))
digest = fw.digest()
name = fw.NAME
def mkproxy(addr):
return Pyro4.Proxy("PYRO:keyctl@{}:{}".format(addr, PORT))
sigmask = 0
pks, Rs = [], []
for addr in addrs:
click.echo("Connecting to {}...".format(addr))
with mkproxy(addr) as proxy:
pk, R = proxy.get_commit(name, digest)
if pk not in fw.public_keys:
raise click.ClickException(
"Signer at {} commits with unknown public key {}".format(
addr, pk.hex()))
idx = fw.public_keys.index(pk)
click.echo("Signer at {} commits with public key #{}: {}".format(
addr, idx + 1, pk.hex()))
sigmask |= 1 << idx
pks.append(pk)
Rs.append(R)
# compute global commit
global_pk = cosi.combine_keys(pks)
global_R = cosi.combine_keys(Rs)
# collect signatures
sigs = []
for addr in addrs:
click.echo("Waiting for {} to sign... ".format(addr), nl=False)
with mkproxy(addr) as proxy:
sig = proxy.get_signature(name, digest, global_R, global_pk)
sigs.append(sig)
click.echo("OK")
for addr in addrs:
with mkproxy(addr) as proxy:
proxy.finish()
# compute global signature
return sigmask, cosi.combine_sig(global_R, sigs)
def test_m_of_n():
privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS)
message = hashlib.sha512(b"My hovercraft is full of eels!").digest()
signer_ids = 0, 2, 3
signers = [privkeys[i] for i in signer_ids]
signer_pubkeys = [pubkeys[i] for i in signer_ids]
sigmask = sum(1 << i for i in signer_ids)
# generate multisignature
nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers]
nonces, commits = zip(*nonce_pairs)
global_pk = cosi.combine_keys(signer_pubkeys)
global_commit = cosi.combine_keys(commits)
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce,
global_commit)
for privkey, nonce in zip(signers, nonces)
]
global_sig = cosi.combine_sig(global_commit, signatures)
try:
# this is what we are actually doing
cosi.verify(global_sig, message, 3, pubkeys, sigmask)
# we can require less signers too
cosi.verify(global_sig, message, 1, pubkeys, sigmask)
except Exception:
pytest.fail("Failed to validate by sigmask")
# and now for various ways that should fail
with pytest.raises(ValueError) as e:
cosi.verify(global_sig, message, 3, pubkeys[:2], sigmask)
assert "more public keys than provided" in e.value.args[0]
with pytest.raises(ValueError) as e:
cosi.verify(global_sig, message, 0, pubkeys, 0)
assert "At least one signer" in e.value.args[0]
with pytest.raises(_ed25519.SignatureMismatch) as e:
# at least 5 signatures required
cosi.verify(global_sig, message, 5, pubkeys, sigmask)
assert "Insufficient number of signatures" in e.value.args[0]
with pytest.raises(_ed25519.SignatureMismatch) as e:
# wrong sigmask
cosi.verify(global_sig, message, 3, pubkeys, 7)
assert "signature does not pass verification" in e.value.args[0]
def test_m_of_n():
privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS)
message = hashlib.sha512(b"My hovercraft is full of eels!").digest()
signer_ids = 0, 2, 3
signers = [privkeys[i] for i in signer_ids]
signer_pubkeys = [pubkeys[i] for i in signer_ids]
sigmask = sum(1 << i for i in signer_ids)
# generate multisignature
nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers]
nonces, commits = zip(*nonce_pairs)
global_pk = cosi.combine_keys(signer_pubkeys)
global_commit = cosi.combine_keys(commits)
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce,
global_commit)
for privkey, nonce in zip(signers, nonces)
]
global_sig = cosi.combine_sig(global_commit, signatures)
try:
# this is what we are actually doing
cosi.verify_m_of_n(global_sig, message, 3, 4, sigmask, pubkeys)
# we can require less signers too
cosi.verify_m_of_n(global_sig, message, 1, 4, sigmask, pubkeys)
except Exception:
pytest.fail("Failed to validate by sigmask")
# and now for various ways that should fail
with pytest.raises(ValueError) as e:
cosi.verify_m_of_n(global_sig, message, 4, 4, sigmask, pubkeys)
assert "Not enough signers" in e.value.args[0]
with pytest.raises(_ed25519.SignatureMismatch):
# when N < number of possible signers, the topmost signers will be ignored
cosi.verify_m_of_n(global_sig, message, 2, 3, sigmask, pubkeys)
with pytest.raises(_ed25519.SignatureMismatch):
# wrong sigmask
cosi.verify_m_of_n(global_sig, message, 1, 4, 5, pubkeys)
with pytest.raises(ValueError):
# can't use "0 of N" scheme
cosi.verify_m_of_n(global_sig, message, 0, 4, sigmask, pubkeys)
def test_cosi_compat(self):
self.setup_mnemonic_pin_passphrase()
digest = sha256(b'this is not a pipe').digest()
remote_commit = self.client.cosi_commit(parse_path("10018'/0'"), digest)
local_privkey = sha256(b'private key').digest()[:32]
local_pubkey = cosi.pubkey_from_privkey(local_privkey)
local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42)
global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey])
global_R = cosi.combine_keys([remote_commit.commitment, local_commitment])
remote_sig = self.client.cosi_sign(parse_path("10018'/0'"), digest, global_R, global_pk)
local_sig = cosi.sign_with_privkey(digest, local_privkey, global_pk, local_nonce, global_R)
sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig])
cosi.verify(sig, digest, global_pk)
def test_cosi_compat(client):
digest = sha256(b"this is not a pipe").digest()
remote_commit = cosi.commit(client, parse_path("10018'/0'"), digest)
local_privkey = sha256(b"private key").digest()[:32]
local_pubkey = cosi.pubkey_from_privkey(local_privkey)
local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42)
global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey])
global_R = cosi.combine_keys([remote_commit.commitment, local_commitment])
remote_sig = cosi.sign(client, parse_path("10018'/0'"), digest, global_R,
global_pk)
local_sig = cosi.sign_with_privkey(digest, local_privkey, global_pk,
local_nonce, global_R)
sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig])
cosi.verify_combined(sig, digest, global_pk)
def test_m_of_n():
privkeys, pubkeys, _, _ = zip(*RFC8032_VECTORS)
message = hashlib.sha512(b"My hovercraft is full of eels!").digest()
signer_ids = 0, 2, 3
signers = [privkeys[i] for i in signer_ids]
signer_pubkeys = [pubkeys[i] for i in signer_ids]
sigmask = sum(1 << i for i in signer_ids)
# generate multisignature
nonce_pairs = [cosi.get_nonce(pk, message) for pk in signers]
nonces, commits = zip(*nonce_pairs)
global_pk = cosi.combine_keys(signer_pubkeys)
global_commit = cosi.combine_keys(commits)
signatures = [
cosi.sign_with_privkey(message, privkey, global_pk, nonce, global_commit)
for privkey, nonce in zip(signers, nonces)
]
global_sig = cosi.combine_sig(global_commit, signatures)
try:
# this is what we are actually doing
cosi.verify_m_of_n(global_sig, message, 3, 4, sigmask, pubkeys)
# we can require less signers too
cosi.verify_m_of_n(global_sig, message, 1, 4, sigmask, pubkeys)
except Exception:
pytest.fail("Failed to validate by sigmask")
# and now for various ways that should fail
with pytest.raises(ValueError) as e:
cosi.verify_m_of_n(global_sig, message, 4, 4, sigmask, pubkeys)
assert "Not enough signers" in e.value.args[0]
with pytest.raises(_ed25519.SignatureMismatch):
# when N < number of possible signers, the topmost signers will be ignored
cosi.verify_m_of_n(global_sig, message, 2, 3, sigmask, pubkeys)
with pytest.raises(_ed25519.SignatureMismatch):
# wrong sigmask
cosi.verify_m_of_n(global_sig, message, 1, 4, 5, pubkeys)
with pytest.raises(ValueError):
# can't use "0 of N" scheme
cosi.verify_m_of_n(global_sig, message, 0, 4, sigmask, pubkeys)
def sign_with_privkeys(digest: bytes, privkeys: List[bytes]) -> bytes:
"""Locally produce a CoSi signature."""
pubkeys = [cosi.pubkey_from_privkey(sk) for sk in privkeys]
nonces = [cosi.get_nonce(sk, digest, i) for i, sk in enumerate(privkeys)]
global_pk = cosi.combine_keys(pubkeys)
global_R = cosi.combine_keys(R for r, R in nonces)
sigs = [
cosi.sign_with_privkey(digest, sk, global_pk, r, global_R)
for sk, (r, R) in zip(privkeys, nonces)
]
signature = cosi.combine_sig(global_R, sigs)
try:
cosi.verify_combined(signature, digest, global_pk)
except Exception as e:
raise click.ClickException("Failed to produce valid signature.") from e
return signature
def test_cosi_compat(self):
self.setup_mnemonic_pin_passphrase()
digest = sha256(b"this is not a pipe").digest()
remote_commit = cosi.commit(self.client, parse_path("10018'/0'"), digest)
local_privkey = sha256(b"private key").digest()[:32]
local_pubkey = cosi.pubkey_from_privkey(local_privkey)
local_nonce, local_commitment = cosi.get_nonce(local_privkey, digest, 42)
global_pk = cosi.combine_keys([remote_commit.pubkey, local_pubkey])
global_R = cosi.combine_keys([remote_commit.commitment, local_commitment])
remote_sig = cosi.sign(
self.client, parse_path("10018'/0'"), digest, global_R, global_pk
)
local_sig = cosi.sign_with_privkey(
digest, local_privkey, global_pk, local_nonce, global_R
)
sig = cosi.combine_sig(global_R, [remote_sig.signature, local_sig])
cosi.verify(sig, digest, global_pk)
def test_cosi_sign(self):
self.setup_mnemonic_pin_passphrase()
digest = sha256(b"this is a message").digest()
c0 = cosi.commit(self.client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(self.client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(self.client, parse_path("10018'/2'"), digest)
global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey])
global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment])
# fmt: off
sig0 = cosi.sign(self.client, parse_path("10018'/0'"), digest, global_R, global_pk)
sig1 = cosi.sign(self.client, parse_path("10018'/1'"), digest, global_R, global_pk)
sig2 = cosi.sign(self.client, parse_path("10018'/2'"), digest, global_R, global_pk)
# fmt: on
sig = cosi.combine_sig(
global_R, [sig0.signature, sig1.signature, sig2.signature]
)
cosi.verify(sig, digest, global_pk)
def test_cosi_sign(client):
digest = sha256(b"this is a message").digest()
c0 = cosi.commit(client, parse_path("10018'/0'"), digest)
c1 = cosi.commit(client, parse_path("10018'/1'"), digest)
c2 = cosi.commit(client, parse_path("10018'/2'"), digest)
global_pk = cosi.combine_keys([c0.pubkey, c1.pubkey, c2.pubkey])
global_R = cosi.combine_keys([c0.commitment, c1.commitment, c2.commitment])
# fmt: off
sig0 = cosi.sign(client, parse_path("10018'/0'"), digest, global_R,
global_pk)
sig1 = cosi.sign(client, parse_path("10018'/1'"), digest, global_R,
global_pk)
sig2 = cosi.sign(client, parse_path("10018'/2'"), digest, global_R,
global_pk)
# fmt: on
sig = cosi.combine_sig(global_R,
[sig0.signature, sig1.signature, sig2.signature])
cosi.verify_combined(sig, digest, global_pk)
