Skip to content
This repository has been archived by the owner on Jul 27, 2022. It is now read-only.

Commit

Permalink
Problem: rust-secp256k1 fork diverged from upstream (fixes #757)
Browse files Browse the repository at this point in the history
Solution:
- created a branch off upstream rust-secp256k1
https://github.com/crypto-com/rust-secp256k1-zkp/tree/upstream-catchup
- use the vendor script to update the secp256k1 library from PR to upstream with changes to Schnorr signatures
(the vendor script applies custom patches to have mem allocation in Rust etc.)
- updated the code against the upstream changes
(one notable change is that signing uses "synthentic nonces"
-- https://moderncrypto.org/mail-archive/curves/2017/000925.html
-- so needs some fresh randomness)

NOTE: MuSig hasn't been ported up to the latest upstream changes yet,
so its related functionality is currently disabled
(when required, it can later be fixed and enabled
via "experimental" feature flag)
  • Loading branch information
tomtau committed Jul 14, 2020
1 parent 481a399 commit cb5a1d9
Show file tree
Hide file tree
Showing 40 changed files with 298 additions and 156 deletions.
51 changes: 31 additions & 20 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion chain-abci/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ hex = "0.4"
protobuf = "2.7.0"
integer-encoding = "1.1.5"
structopt = "0.3"
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism"] }
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism"] }
parity-scale-codec = { features = ["derive"], version = "1.3" }
thiserror = "1.0"

Expand All @@ -43,6 +43,7 @@ enclave-u-common = { path = "../chain-tx-enclave/enclave-u-common" }
sgx_types = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
sgx_urts = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
zmq = "0.9"
rand = "0.7"

[build-dependencies]
cc = "1.0"
Expand All @@ -58,6 +59,7 @@ base64 = "0.12"
kvdb = "0.7"
kvdb-memorydb = "0.7"
test-common = { path = "../test-common" }
rand = "0.7"

# TODO: currently not maintained benchmarks
# [[bench]]
Expand Down
14 changes: 12 additions & 2 deletions chain-abci/src/enclave_bridge/real/test/seal.rs
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,12 @@ pub fn test_sealing() {
tx1.add_output(TxOut::new(eaddr.clone(), Coin::one()));
let txid1 = tx1.id();
let witness1 = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&txid1).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down Expand Up @@ -228,7 +233,12 @@ pub fn test_sealing() {
tx2.add_output(TxOut::new(eaddr.clone(), Coin::zero()));
let txid2 = tx2.id();
let witness2 = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&txid2).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&txid2).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down
21 changes: 18 additions & 3 deletions chain-abci/tests/abci_app.rs
Original file line number Diff line number Diff line change
Expand Up @@ -908,7 +908,12 @@ fn all_valid_tx_types_should_commit() {
tx1.add_output(TxOut::new(eaddr, Coin::from(99999700u32)));
let txid1 = tx1.id();
let witness1 = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&txid1).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand All @@ -934,7 +939,12 @@ fn all_valid_tx_types_should_commit() {
let utxo2 = TxoPointer::new(*txid, 1);
let tx2 = DepositBondTx::new(vec![utxo2], addr.into(), StakedStateOpAttributes::new(0));
let witness2 = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&tx2.id()).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&tx2.id()).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down Expand Up @@ -964,7 +974,12 @@ fn all_valid_tx_types_should_commit() {
let utxo3 = TxoPointer::new(*txid, 2);
let tx3 = DepositBondTx::new(vec![utxo3], addr2.into(), StakedStateOpAttributes::new(0));
let witness3 = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&tx3.id()).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&tx3.id()).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down
2 changes: 1 addition & 1 deletion chain-abci/tests/tx_validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ pub fn get_tx_witness<C: Signing>(
let proof = merkle_tree
.generate_proof(RawXOnlyPubkey::from(public_key.serialize()))
.unwrap();
let signature = schnorr_sign(&secp, &message, secret_key);
let signature = schnorr_sign(&secp, &message, secret_key, &mut rand::thread_rng());

TxInWitness::TreeSig(signature, proof)
}
Expand Down
9 changes: 5 additions & 4 deletions chain-core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ readme = "../README.md"
edition = "2018"

[features]
default = ["serde", "bech32", "hex", "base64", "secp256k1zkp/serde", "secp256k1zkp/std", "mls", "ra-client"]
edp = ["secp256k1zkp/edp"]
mesalock_sgx = ["sgx_tstd", "secp256k1zkp/sgx"]
default = ["serde", "bech32", "hex", "base64", "secp256k1/serde", "secp256k1/std", "mls", "ra-client"]
edp = ["secp256k1/lowmemory"]
mesalock_sgx = ["secp256k1/lowmemory", "sgx_tstd"]

[dependencies]
mls = { path = "../chain-tx-enclave-next/mls", optional = true }
Expand All @@ -18,7 +18,7 @@ digest = { version = "0.8", default-features = false}
tiny-keccak = { version = "2.0", features = ["keccak"] }
sha2 = { version = "0.8", default-features = false }
hex = { version = "0.4", optional = true }
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism"] }
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "schnorrsig"] }
serde = { version = "1.0", features = ["derive"], optional = true }
blake3 = { version = "0.3.5", default-features = false }
parity-scale-codec = { features = ["derive"], default-features = false, version = "1.3" }
Expand All @@ -34,3 +34,4 @@ quickcheck = "0.9"
serde_json = "1.0"
fixed = "1.0.0"
test-common = { path = "../test-common" }
rand = "0.7"
2 changes: 1 addition & 1 deletion chain-core/src/tx/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -654,7 +654,7 @@ pub mod tests {
let merkle = MerkleTree::new(raw_public_keys.clone());

let w1 = TxInWitness::TreeSig(
schnorr_sign(&secp, &msg, &sk1),
schnorr_sign(&secp, &msg, &sk1, &mut rand::thread_rng()),
merkle.generate_proof(raw_public_keys[0].clone()).unwrap(),
);
let txa = PlainTxAux::TransferTx(tx, vec![w1].into());
Expand Down
2 changes: 1 addition & 1 deletion chain-tx-enclave-next/tx-query-next/enclave-app/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ parity-scale-codec = "1.3"
rand = "0.7"
rs-libc = "0.2"
rustls = "0.18"
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["edp"] }
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["lowmemory"] }
thread-pool = "0.1"
zeroize = "1.1"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,10 @@ pub fn get_random_challenge() -> H256 {
}

pub fn verify_decryption_request(decryption_request: &DecryptionRequest, challenge: H256) -> bool {
decryption_request
.verify(&Secp256k1::verification_only(), challenge)
.is_ok()
// FIXME: provide secp as ref
let mut buf_vfy = vec![0u8; Secp256k1::preallocate_verification_size()];
let secp = Secp256k1::preallocated_verification_only(&mut buf_vfy).expect("allocation");
decryption_request.verify(&secp, challenge).is_ok()
}

pub fn handle_decryption_request(
Expand Down
3 changes: 2 additions & 1 deletion chain-tx-enclave-next/tx-validation-next/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ edition = "2018"
enclave-macro = { path = "../../chain-tx-enclave/enclave-macro" }
chain-tx-validation = { path = "../../chain-tx-validation" }
chain-core = { path = "../../chain-core" }
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "edp"] }
# TODO: "rand" feature may only be dev-dependency / needed for tests
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig", "rand"] }
parity-scale-codec = { version = "1.3" }
enclave-protocol = { path = "../../enclave-protocol" }
chain-tx-filter = { path = "../../chain-tx-filter" }
Expand Down
14 changes: 12 additions & 2 deletions chain-tx-enclave-next/tx-validation-next/src/sgx_module.rs
Original file line number Diff line number Diff line change
Expand Up @@ -346,7 +346,12 @@ mod tests {
tx1.add_output(TxOut::new(eaddr.clone(), Coin::one()));
let txid1 = tx1.id();
let witness1: TxWitness = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&txid1).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down Expand Up @@ -386,7 +391,12 @@ mod tests {
tx2.add_output(TxOut::new(eaddr.clone(), Coin::zero()));
let txid2 = tx2.id();
let witness2: TxWitness = vec![TxInWitness::TreeSig(
schnorr_sign(&secp, &Message::from_slice(&txid2).unwrap(), &secret_key),
schnorr_sign(
&secp,
&Message::from_slice(&txid2).unwrap(),
&secret_key,
&mut rand::thread_rng(),
),
merkle_tree
.generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
.unwrap(),
Expand Down
2 changes: 1 addition & 1 deletion chain-tx-enclave/enclave-t-common/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ edition = "2018"
[dependencies]
sgx_tstd = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
chain-core = { path = "../../chain-core", default-features = false, features = ["mesalock_sgx"] }
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "sgx"] }
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig"] }
zeroize = { version = "1.0", default-features = false }
sgx_tseal = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
parity-scale-codec = { default-features = false, version = "1.0" }
Expand Down
2 changes: 1 addition & 1 deletion chain-tx-enclave/tx-validation/enclave/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ sgx_tcrypto = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-
enclave-macro = { path = "../../enclave-macro" }
chain-tx-validation = { path = "../../../chain-tx-validation", default-features = false, features = ["mesalock_sgx"] }
chain-core = { path = "../../../chain-core", default-features = false, features = ["mesalock_sgx"] }
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "sgx"] }
secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig"] }
parity-scale-codec = { default-features = false, version = "1.3" }
enclave-protocol = { path = "../../../enclave-protocol", default-features = false, features = ["mesalock_sgx"] }
chain-tx-filter = { path = "../../../chain-tx-filter", default-features = false, features = ["mesalock_sgx"] }
Expand Down
Loading

0 comments on commit cb5a1d9

Please sign in to comment.