From 276712a9d03c82dd8b2fbf3c696b17c563acc2ae Mon Sep 17 00:00:00 2001 From: Jan Pochyla Date: Thu, 11 Oct 2018 12:21:34 +0200 Subject: [PATCH] xmr: re-export most of functions in apps.monero.xmr.crypto --- src/apps/monero/xmr/crypto.py | 364 +++++++--------------------------- 1 file changed, 73 insertions(+), 291 deletions(-) diff --git a/src/apps/monero/xmr/crypto.py b/src/apps/monero/xmr/crypto.py index 5cf353a30..b13233b51 100644 --- a/src/apps/monero/xmr/crypto.py +++ b/src/apps/monero/xmr/crypto.py @@ -7,33 +7,24 @@ # https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-00#section-4 # https://github.com/monero-project/research-lab -from trezor.crypto import hmac, monero as tcry, random +from trezor.crypto import hmac +from trezor.crypto import monero as tcry +from trezor.crypto import random from trezor.crypto.hashlib import sha3_256 NULL_KEY_ENC = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -def random_bytes(by): - """ - Generates X random bytes, returns byte-string - """ - return random.bytes(by) +random_bytes = random.bytes def keccak_factory(data=None): return sha3_256(data=data, keccak=True) -def get_keccak(): - return keccak_factory() - - -def keccak_hash(inp): - return tcry.xmr_fast_hash(inp) - - -def keccak_hash_into(r, inp): - return tcry.xmr_fast_hash(r, inp) +get_keccak = keccak_factory +keccak_hash = tcry.xmr_fast_hash +keccak_hash_into = tcry.xmr_fast_hash def keccak_2hash(inp): @@ -50,105 +41,40 @@ def compute_hmac(key, msg=None): # -def new_point(): - return tcry.ge25519_set_neutral() +new_point = tcry.ge25519_set_neutral def new_scalar(): return tcry.init256_modm(0) -def decodepoint(x): - return tcry.ge25519_unpack_vartime(x) - - -def decodepoint_into(r, x, offset=0): - return tcry.ge25519_unpack_vartime(r, x, offset) - - -def encodepoint(pt): - return tcry.ge25519_pack(pt) - - -def encodepoint_into(b, pt, offset=0): - return tcry.ge25519_pack(b, pt, offset) - - -def decodeint(x): - return tcry.unpack256_modm(x) - - -def decodeint_into_noreduce(r, x, offset=0): - return tcry.unpack256_modm_noreduce(r, x, offset) - - -def decodeint_into(r, x, offset=0): - return tcry.unpack256_modm(r, x, offset) - - -def encodeint(x): - return tcry.pack256_modm(x) - - -def encodeint_into(b, x, offset=0): - return tcry.pack256_modm(b, x, offset) - - -def check_ed25519point(x): - return tcry.ge25519_check(x) - - -def scalarmult_base(a): - return tcry.ge25519_scalarmult_base(a) - - -def scalarmult_base_into(r, a): - return tcry.ge25519_scalarmult_base(r, a) - - -def scalarmult(P, e): - return tcry.ge25519_scalarmult(P, e) - - -def scalarmult_into(r, P, e): - return tcry.ge25519_scalarmult(r, P, e) - - -def point_add(P, Q): - return tcry.ge25519_add(P, Q) +decodepoint = tcry.ge25519_unpack_vartime +decodepoint_into = tcry.ge25519_unpack_vartime +encodepoint = tcry.ge25519_pack +encodepoint_into = tcry.ge25519_pack +decodeint = tcry.unpack256_modm +decodeint_into_noreduce = tcry.unpack256_modm_noreduce +decodeint_into = tcry.unpack256_modm +encodeint = tcry.pack256_modm +encodeint_into = tcry.pack256_modm -def point_add_into(r, P, Q): - return tcry.ge25519_add(r, P, Q) +check_ed25519point = tcry.ge25519_check +scalarmult_base = tcry.ge25519_scalarmult_base +scalarmult_base_into = tcry.ge25519_scalarmult_base +scalarmult = tcry.ge25519_scalarmult +scalarmult_into = tcry.ge25519_scalarmult -def point_sub(P, Q): - return tcry.ge25519_sub(P, Q) - - -def point_sub_into(r, P, Q): - return tcry.ge25519_sub(r, P, Q) - - -def point_eq(P, Q): - return tcry.ge25519_eq(P, Q) - - -def point_double(P): - return tcry.ge25519_double(P) - - -def point_double_into(r, P): - return tcry.ge25519_double(r, P) - - -def point_mul8(P): - return tcry.ge25519_mul8(P) - - -def point_mul8_into(r, P): - return tcry.ge25519_mul8(r, P) - +point_add = tcry.ge25519_add +point_add_into = tcry.ge25519_add +point_sub = tcry.ge25519_sub +point_sub_into = tcry.ge25519_sub +point_eq = tcry.ge25519_eq +point_double = tcry.ge25519_double +point_double_into = tcry.ge25519_double +point_mul8 = tcry.ge25519_mul8 +point_mul8_into = tcry.ge25519_mul8 INV_EIGHT = b"\x79\x2f\xdc\xe2\x29\xe5\x06\x61\xd0\xda\x1c\x7d\xb3\x9d\xd3\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06" INV_EIGHT_SC = decodeint(INV_EIGHT) @@ -183,69 +109,16 @@ def sc_init_into(r, x): return tcry.init256_modm(r, x) -def sc_get64(x): - """ - Returns 64bit value from the sc - """ - return tcry.get256_modm(x) - - -def sc_check(key): - """ - sc_check is not relevant for long-integer scalar representation. - """ - tcry.check256_modm(key) - return 0 - +sc_get64 = tcry.get256_modm +sc_check = tcry.check256_modm +check_sc = tcry.check256_modm -def check_sc(key): - """ - throws exception on invalid key - """ - if sc_check(key) != 0: - raise ValueError("Invalid scalar value") - - -def sc_add(aa, bb): - """ - Scalar addition - """ - return tcry.add256_modm(aa, bb) - - -def sc_add_into(r, aa, bb): - """ - Scalar addition - """ - return tcry.add256_modm(r, aa, bb) - - -def sc_sub(aa, bb): - """ - Scalar subtraction - """ - return tcry.sub256_modm(aa, bb) - - -def sc_sub_into(r, aa, bb): - """ - Scalar subtraction - """ - return tcry.sub256_modm(r, aa, bb) - - -def sc_mul(aa, bb): - """ - Scalar multiplication - """ - return tcry.mul256_modm(aa, bb) - - -def sc_mul_into(r, aa, bb): - """ - Scalar multiplication - """ - return tcry.mul256_modm(r, aa, bb) +sc_add = tcry.add256_modm +sc_add_into = tcry.add256_modm +sc_sub = tcry.sub256_modm +sc_sub_into = tcry.sub256_modm +sc_mul = tcry.mul256_modm +sc_mul_into = tcry.mul256_modm def sc_isnonzero(c): @@ -255,46 +128,12 @@ def sc_isnonzero(c): return not tcry.iszero256_modm(c) -def sc_eq(a, b): - """ - Returns true if scalars are equal - """ - return tcry.eq256_modm(a, b) - - -def sc_mulsub(aa, bb, cc): - """ - (cc - aa * bb) % l - """ - return tcry.mulsub256_modm(aa, bb, cc) - - -def sc_mulsub_into(r, aa, bb, cc): - """ - (cc - aa * bb) % l - """ - return tcry.mulsub256_modm(r, aa, bb, cc) - - -def sc_muladd(aa, bb, cc): - """ - (cc + aa * bb) % l - """ - return tcry.muladd256_modm(aa, bb, cc) - - -def sc_muladd_into(r, aa, bb, cc): - """ - (cc + aa * bb) % l - """ - return tcry.muladd256_modm(r, aa, bb, cc) - - -def sc_inv_into(r, x): - """ - Modular inversion mod curve order L - """ - return tcry.inv256_modm(r, x) +sc_eq = tcry.eq256_modm +sc_mulsub = tcry.mulsub256_modm +sc_mulsub_into = tcry.mulsub256_modm +sc_muladd = tcry.muladd256_modm +sc_muladd_into = tcry.muladd256_modm +sc_inv_into = tcry.inv256_modm def random_scalar(r=None): @@ -315,11 +154,7 @@ def ge25519_double_scalarmult_base_vartime(a, A, b): return R -def ge25519_double_scalarmult_vartime2(a, Ai, b, Bi): - """ - void ge_double_scalarmult_precomp_vartime2(ge_p2 *r, const unsigned char *a, const ge_dsmp Ai, const unsigned char *b, const ge_dsmp Bi) - """ - return tcry.xmr_add_keys3(a, Ai, b, Bi) +ge25519_double_scalarmult_vartime2 = tcry.xmr_add_keys3 def identity(byte_enc=False): @@ -327,30 +162,21 @@ def identity(byte_enc=False): return idd if not byte_enc else encodepoint(idd) -def identity_into(r): - return tcry.ge25519_set_neutral(r) - - -def ge_frombytes_vartime_check(point): - """ - https://www.imperialviolet.org/2013/12/25/elligator.html - http://elligator.cr.yp.to/ - http://elligator.cr.yp.to/elligator-20130828.pdf - """ - tcry.ge25519_check(point) - return 0 +identity_into = tcry.ge25519_set_neutral +""" +https://www.imperialviolet.org/2013/12/25/elligator.html +http://elligator.cr.yp.to/ +http://elligator.cr.yp.to/elligator-20130828.pdf +""" +ge_frombytes_vartime_check = tcry.ge25519_check # # Monero specific # -def cn_fast_hash(buff): - """ - Keccak 256, original one (before changes made in SHA3 standard) - """ - return keccak_hash(buff) +cn_fast_hash = keccak_hash def hash_to_scalar(data, length=None): @@ -366,19 +192,15 @@ def hash_to_scalar_into(r, data, length=None): return tcry.xmr_hash_to_scalar(r, dt) -def hash_to_point(buf): - """ - H_p(buf) - - Code adapted from MiniNero: https://github.com/monero-project/mininero - https://github.com/monero-project/research-lab/blob/master/whitepaper/ge_fromfe_writeup/ge_fromfe.pdf - http://archive.is/yfINb - """ - return tcry.xmr_hash_to_ec(buf) +""" +H_p(buf) - -def hash_to_point_into(r, buf): - return tcry.xmr_hash_to_ec(r, buf) +Code adapted from MiniNero: https://github.com/monero-project/mininero +https://github.com/monero-project/research-lab/blob/master/whitepaper/ge_fromfe_writeup/ge_fromfe.pdf +http://archive.is/yfINb +""" +hash_to_point = tcry.xmr_hash_to_ec +hash_to_point_into = tcry.xmr_hash_to_ec # @@ -386,64 +208,26 @@ def hash_to_point_into(r, buf): # -def xmr_H(): - """ - Returns point H - 8b655970153799af2aeadc9ff1add0ea6c7251d54154cfa92c173a0dd39c1f94 - """ - return tcry.ge25519_set_h() +xmr_H = tcry.ge25519_set_h def scalarmult_h(i): return scalarmult(xmr_H(), sc_init(i) if isinstance(i, int) else i) -def add_keys2(a, b, B): - """ - aG + bB, G is basepoint - """ - return tcry.xmr_add_keys2_vartime(a, b, B) - - -def add_keys2_into(r, a, b, B): - """ - aG + bB, G is basepoint - """ - return tcry.xmr_add_keys2_vartime(r, a, b, B) - - -def add_keys3(a, A, b, B): - """ - aA + bB - """ - return tcry.xmr_add_keys3_vartime(a, A, b, B) - - -def add_keys3_into(r, a, A, b, B): - """ - aA + bB - """ - return tcry.xmr_add_keys3_vartime(r, a, A, b, B) - - -def gen_commitment(a, amount): - """ - Generates Pedersen commitment - C = aG + bH - """ - return tcry.xmr_gen_c(a, amount) +add_keys2 = tcry.xmr_add_keys2_vartime +add_keys2_into = tcry.xmr_add_keys2_vartime +add_keys3 = tcry.xmr_add_keys3_vartime +add_keys3_into = tcry.xmr_add_keys3_vartime +gen_commitment = tcry.xmr_gen_c def generate_key_derivation(pub, sec): """ Key derivation: 8*(key2*key1) """ - if sc_check(sec) != 0: - # checks that the secret key is uniform enough... - raise ValueError("error in sc_check in keyder") - if ge_frombytes_vartime_check(pub) != 0: - raise ValueError("didn't pass curve checks in keyder") - + sc_check(sec) # checks that the secret key is uniform enough... + ge_frombytes_vartime_check(pub) return tcry.xmr_generate_key_derivation(pub, sec) @@ -459,8 +243,7 @@ def derive_public_key(derivation, output_index, B): """ H_s(derivation || varint(output_index))G + B """ - if ge_frombytes_vartime_check(B) != 0: # check some conditions on the point - raise ValueError("derive pub key bad point") + ge_frombytes_vartime_check(B) # check some conditions on the point check_ed25519point(B) return tcry.xmr_derive_public_key(derivation, output_index, B) @@ -470,8 +253,7 @@ def derive_secret_key(derivation, output_index, base): """ base + H_s(derivation || varint(output_index)) """ - if sc_check(base) != 0: - raise ValueError("cs_check in derive_secret_key") + sc_check(base) return tcry.xmr_derive_private_key(derivation, output_index, base)