Skip to content
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
208 changes: 173 additions & 35 deletions barretenberg/cpp/src/barretenberg/crypto/ecdsa/c_bind.cpp
Original file line number Diff line number Diff line change
@@ -1,30 +1,85 @@
#include "ecdsa.hpp"
#include <barretenberg/ecc/curves/secp256k1/secp256k1.hpp>
#include <barretenberg/ecc/curves/secp256r1/secp256r1.hpp>

using namespace bb;
using namespace bb::crypto;

WASM_EXPORT void ecdsa__compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf)
// secp256k1 curve

template <typename fr, typename g1> void ecdsa__compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf)
{
auto priv_key = from_buffer<secp256k1::fr>(private_key);
secp256k1::g1::affine_element pub_key = secp256k1::g1::one * priv_key;
auto priv_key = from_buffer<fr>(private_key);
typename g1::affine_element pub_key = g1::one * priv_key;
write(public_key_buf, pub_key);
}

WASM_EXPORT void ecdsa__compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf)
{
ecdsa__compute_public_key<secp256k1::fr, secp256k1::g1>(private_key, public_key_buf);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can rename the templated methods so they don't have the same name as the WASM export for the k1 curve, it's a bit confusing, looks like recursion
Other than that the c_bind change LGTM!

}

WASM_EXPORT void ecdsa_r_compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf)
{
ecdsa__compute_public_key<secp256r1::fr, secp256r1::g1>(private_key, public_key_buf);
}

template <typename fr, typename fq, typename g1>
void ecdsa__construct_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
using serialize::write;
auto priv_key = from_buffer<fr>(private_key);
auto pub_key = g1::one * priv_key;
ecdsa_key_pair<fr, g1> key_pair = { priv_key, pub_key };

auto sig = ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(std::string((char*)message, msg_len), key_pair);
write(output_sig_r, sig.r);
write(output_sig_s, sig.s);
write(output_sig_v, sig.v);
}

WASM_EXPORT void ecdsa__construct_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
ecdsa__construct_signature<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message, msg_len, private_key, output_sig_r, output_sig_s, output_sig_v);
}

WASM_EXPORT void ecdsa_r_construct_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
ecdsa__construct_signature<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message, msg_len, private_key, output_sig_r, output_sig_s, output_sig_v);
}

template <typename fr, typename fq, typename g1>
void ecdsa__construct_signature_(uint8_t const* message_buf,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
using serialize::write;
auto priv_key = from_buffer<secp256k1::fr>(private_key);
secp256k1::g1::affine_element pub_key = secp256k1::g1::one * priv_key;
ecdsa_key_pair<secp256k1::fr, secp256k1::g1> key_pair = { priv_key, pub_key };
auto priv_key = from_buffer<fr>(private_key);
auto pub_key = g1::one * priv_key;
ecdsa_key_pair<fr, g1> key_pair = { priv_key, pub_key };

auto message = from_buffer<std::string>(message_buf);

auto sig = ecdsa_construct_signature<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(
std::string((char*)message, msg_len), key_pair);
auto sig = ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(message, key_pair);
write(output_sig_r, sig.r);
write(output_sig_s, sig.s);
write(output_sig_v, sig.v);
Expand All @@ -36,17 +91,37 @@ WASM_EXPORT void ecdsa__construct_signature_(uint8_t const* message_buf,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
using serialize::write;
auto priv_key = from_buffer<secp256k1::fr>(private_key);
secp256k1::g1::affine_element pub_key = secp256k1::g1::one * priv_key;
ecdsa_key_pair<secp256k1::fr, secp256k1::g1> key_pair = { priv_key, pub_key };
ecdsa__construct_signature_<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message_buf, private_key, output_sig_r, output_sig_s, output_sig_v);
}

auto message = from_buffer<std::string>(message_buf);
WASM_EXPORT void ecdsa_r_construct_signature_(uint8_t const* message_buf,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v)
{
ecdsa__construct_signature_<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message_buf, private_key, output_sig_r, output_sig_s, output_sig_v);
}

auto sig = ecdsa_construct_signature<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(message, key_pair);
write(output_sig_r, sig.r);
write(output_sig_s, sig.s);
write(output_sig_v, sig.v);
template <typename fr, typename fq, typename g1>
void ecdsa__recover_public_key_from_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t* sig_v,
uint8_t* output_pub_key)
{
std::array<uint8_t, 32> r, s;
std::copy(sig_r, sig_r + 32, r.begin());
std::copy(sig_s, sig_s + 32, s.begin());
const uint8_t v = *sig_v;

ecdsa_signature sig = { r, s, v };
auto recovered_pub_key =
ecdsa_recover_public_key<Sha256Hasher, fq, fr, g1>(std::string((char*)message, msg_len), sig);
write(output_pub_key, recovered_pub_key);
}

WASM_EXPORT void ecdsa__recover_public_key_from_signature(uint8_t const* message,
Expand All @@ -55,31 +130,67 @@ WASM_EXPORT void ecdsa__recover_public_key_from_signature(uint8_t const* message
uint8_t const* sig_s,
uint8_t* sig_v,
uint8_t* output_pub_key)
{
ecdsa__recover_public_key_from_signature<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message, msg_len, sig_r, sig_s, sig_v, output_pub_key);
}

WASM_EXPORT void ecdsa_r_recover_public_key_from_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t* sig_v,
uint8_t* output_pub_key)
{
ecdsa__recover_public_key_from_signature<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message, msg_len, sig_r, sig_s, sig_v, output_pub_key);
}

template <typename fr, typename fq, typename g1>
void ecdsa__recover_public_key_from_signature_(
uint8_t const* message_buf, uint8_t const* sig_r, uint8_t const* sig_s, uint8_t* sig_v, uint8_t* output_pub_key)
{
std::array<uint8_t, 32> r, s;
std::copy(sig_r, sig_r + 32, r.begin());
std::copy(sig_s, sig_s + 32, s.begin());
const uint8_t v = *sig_v;

auto message = from_buffer<std::string>(message_buf);
ecdsa_signature sig = { r, s, v };
auto recovered_pub_key = ecdsa_recover_public_key<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(
std::string((char*)message, msg_len), sig);
auto recovered_pub_key = ecdsa_recover_public_key<Sha256Hasher, fq, fr, g1>(message, sig);
write(output_pub_key, recovered_pub_key);
}

WASM_EXPORT void ecdsa__recover_public_key_from_signature_(
uint8_t const* message_buf, uint8_t const* sig_r, uint8_t const* sig_s, uint8_t* sig_v, uint8_t* output_pub_key)
{
ecdsa__recover_public_key_from_signature_<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message_buf, sig_r, sig_s, sig_v, output_pub_key);
}

WASM_EXPORT void ecdsa_r_recover_public_key_from_signature_(
uint8_t const* message_buf, uint8_t const* sig_r, uint8_t const* sig_s, uint8_t* sig_v, uint8_t* output_pub_key)
{
ecdsa__recover_public_key_from_signature_<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message_buf, sig_r, sig_s, sig_v, output_pub_key);
}

template <typename fr, typename fq, typename g1>
bool ecdsa__verify_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v)
{
auto pubk = from_buffer<typename g1::affine_element>(pub_key);
std::array<uint8_t, 32> r, s;
std::copy(sig_r, sig_r + 32, r.begin());
std::copy(sig_s, sig_s + 32, s.begin());
const uint8_t v = *sig_v;

auto message = from_buffer<std::string>(message_buf);
ecdsa_signature sig = { r, s, v };
auto recovered_pub_key =
ecdsa_recover_public_key<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(message, sig);
write(output_pub_key, recovered_pub_key);
return ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(std::string((char*)message, msg_len), pubk, sig);
}

WASM_EXPORT bool ecdsa__verify_signature(uint8_t const* message,
Expand All @@ -89,31 +200,58 @@ WASM_EXPORT bool ecdsa__verify_signature(uint8_t const* message,
uint8_t const* sig_s,
uint8_t const* sig_v)
{
auto pubk = from_buffer<secp256k1::g1::affine_element>(pub_key);
return ecdsa__verify_signature<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message, msg_len, pub_key, sig_r, sig_s, sig_v);
}

WASM_EXPORT bool ecdsa_r_verify_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v)
{
return ecdsa__verify_signature<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message, msg_len, pub_key, sig_r, sig_s, sig_v);
}

template <typename fr, typename fq, typename g1>
void ecdsa__verify_signature_(uint8_t const* message_buf,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v,
bool* result)
{
auto pubk = from_buffer<typename g1::affine_element>(pub_key);
std::array<uint8_t, 32> r, s;
std::copy(sig_r, sig_r + 32, r.begin());
std::copy(sig_s, sig_s + 32, s.begin());
const uint8_t v = *sig_v;

auto message = from_buffer<std::string>(message_buf);
ecdsa_signature sig = { r, s, v };
return ecdsa_verify_signature<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(
std::string((char*)message, msg_len), pubk, sig);
*result = ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(message, pubk, sig);
}

WASM_EXPORT void ecdsa__verify_signature_(uint8_t const* message_buf,
WASM_EXPORT void ecdsa__verify_signature_(uint8_t const* message,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v,
bool* result)
{
auto pubk = from_buffer<secp256k1::g1::affine_element>(pub_key);
std::array<uint8_t, 32> r, s;
std::copy(sig_r, sig_r + 32, r.begin());
std::copy(sig_s, sig_s + 32, s.begin());
const uint8_t v = *sig_v;
ecdsa__verify_signature_<secp256k1::fr, secp256k1::fq, secp256k1::g1>(
message, pub_key, sig_r, sig_s, sig_v, result);
}

auto message = from_buffer<std::string>(message_buf);
ecdsa_signature sig = { r, s, v };
*result = ecdsa_verify_signature<Sha256Hasher, secp256k1::fq, secp256k1::fr, secp256k1::g1>(message, pubk, sig);
WASM_EXPORT void ecdsa_r_verify_signature_(uint8_t const* message,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v,
bool* result)
{
ecdsa__verify_signature_<secp256r1::fr, secp256r1::fq, secp256r1::g1>(
message, pub_key, sig_r, sig_s, sig_v, result);
}
52 changes: 50 additions & 2 deletions barretenberg/cpp/src/barretenberg/crypto/ecdsa/c_bind.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
#include "barretenberg/common/wasm_export.hpp"
#include <ecc/curves/secp256k1/secp256k1.hpp>
#include <ecc/curves/secp256r1/secp256r1.hpp>

// secp256k1 curve

WASM_EXPORT void ecdsa__compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf);

Expand Down Expand Up @@ -33,5 +36,50 @@ WASM_EXPORT bool ecdsa__verify_signature(uint8_t const* message,
uint8_t const* sig_s,
uint8_t const* sig_v);

WASM_EXPORT bool ecdsa__verify_signature_(
uint8_t const* message, uint8_t const* pub_key, uint8_t const* sig_r, uint8_t const* sig_s, uint8_t const* sig_v);
WASM_EXPORT bool ecdsa__verify_signature_(uint8_t const* message,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v,
bool* result);

// secp256r1 curve

WASM_EXPORT void ecdsa_r_compute_public_key(uint8_t const* private_key, uint8_t* public_key_buf);

WASM_EXPORT void ecdsa_r_construct_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v);

WASM_EXPORT void ecdsa_r_construct_signature_(uint8_t const* message_buf,
uint8_t const* private_key,
uint8_t* output_sig_r,
uint8_t* output_sig_s,
uint8_t* output_sig_v);

WASM_EXPORT void ecdsa_r_recover_public_key_from_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t* sig_v,
uint8_t* output_pub_key);

WASM_EXPORT void ecdsa_r_recover_public_key_from_signature_(
uint8_t const* message_buf, uint8_t const* sig_r, uint8_t const* sig_s, uint8_t* sig_v, uint8_t* output_pub_key);

WASM_EXPORT bool ecdsa_r_verify_signature(uint8_t const* message,
size_t msg_len,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v);

WASM_EXPORT void ecdsa_r_verify_signature_(uint8_t const* message,
uint8_t const* pub_key,
uint8_t const* sig_r,
uint8_t const* sig_s,
uint8_t const* sig_v,
bool* result);
42 changes: 42 additions & 0 deletions yarn-project/accounts/src/ecdsa/ecdsa_r/account_contract.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
import type { AuthWitnessProvider } from '@aztec/aztec.js/account';
import { Ecdsa } from '@aztec/foundation/crypto';
import type { Fr } from '@aztec/foundation/fields';
import { AuthWitness } from '@aztec/stdlib/auth-witness';
import { CompleteAddress } from '@aztec/stdlib/contract';

import { DefaultAccountContract } from '../../defaults/account_contract.js';

/**
* Account contract that authenticates transactions using ECDSA signatures
* verified against a secp256r1 public key stored in an immutable encrypted note.
* This abstract version does not provide a way to retrieve the artifact, as it
* can be implemented with or without lazy loading.
*/
export abstract class EcdsaRBaseAccountContract extends DefaultAccountContract {
constructor(private signingPrivateKey: Buffer) {
super();
}

async getDeploymentFunctionAndArgs() {
const signingPublicKey = await new Ecdsa('secp256r1').computePublicKey(this.signingPrivateKey);
return {
constructorName: 'constructor',
constructorArgs: [signingPublicKey.subarray(0, 32), signingPublicKey.subarray(32, 64)],
};
}

getAuthWitnessProvider(_address: CompleteAddress): AuthWitnessProvider {
return new EcdsaRAuthWitnessProvider(this.signingPrivateKey);
}
}

/** Creates auth witnesses using ECDSA signatures. */
class EcdsaRAuthWitnessProvider implements AuthWitnessProvider {
constructor(private signingPrivateKey: Buffer) {}

async createAuthWit(messageHash: Fr): Promise<AuthWitness> {
const ecdsa = new Ecdsa('secp256r1');
const signature = await ecdsa.constructSignature(messageHash.toBuffer(), this.signingPrivateKey);
return Promise.resolve(new AuthWitness(messageHash, [...signature.r, ...signature.s]));
}
}
Loading