balsoft/ligo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Crypto: replace ocaml-tweetnacl with ocaml-hacl

Browse Source
This commit is contained in:
Marco Stronati 2018-04-05 23:22:30 +02:00 committed by Vincent Bernardoff
parent 07a97ab94a
commit 7d6da7179b
15 changed files with 164 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib_client_base/client_keys.ml
View File

@ -207,9 +207,8 @@ let gen_keys_containing ?(prefix=false) ?(force=false) ~containing ~name (cctxt
(fun key -> try ignore (Re.Str.search_forward re key 0); true
with Not_found -> false) in
let rec loop attempts =
let seed = Ed25519.Seed.generate () in
let public_key_hash, public_key, secret_key =
Signature.generate_key ~seed () in
Signature.generate_key () in
let hash = Signature.Public_key_hash.to_b58check @@
Signature.Public_key.hash public_key in
if matches hash

2
src/lib_client_base/client_keys.mli
View File

@ -113,7 +113,7 @@ val append :
val gen_keys :
?force:bool ->
?algo:Signature.algo ->
?seed:Ed25519.Seed.t ->
?seed:MBytes.t ->
#Client_context.io_wallet -> string -> unit tzresult Lwt.t
val register_key :

6
src/lib_client_base_unix/client_signer_encrypted.ml
View File

@ -46,7 +46,7 @@ module Encrypted_signer : SIGNER = struct
let rec decrypt_sk sk salt = function
| [] -> None
| password :: pws ->
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in
let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in
match Crypto_box.Secretbox.box_open key sk nonce with
| None -> decrypt_sk sk salt pws
| Some sk -> Some sk
@ -63,7 +63,7 @@ module Encrypted_signer : SIGNER = struct
cctxt#prompt_password "Enter password for encrypted key %s: " name >>= fun password ->
let password = MBytes.of_string password in
let key = pbkdf ~salt ~password in
let key = Crypto_box.Secretbox.of_bytes_exn key in
let key = Crypto_box.Secretbox.unsafe_of_bytes key in
match Crypto_box.Secretbox.box_open key skenc nonce with
| None -> passwd_ask_loop cctxt ~name ~salt ~skenc
| Some decrypted_sk ->
@ -111,7 +111,7 @@ module Encrypted_signer : SIGNER = struct
input_new_passphrase cctxt >>=? fun password ->
let password = MBytes.of_string password in
let salt = Rand.generate salt_len in
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in
let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in
let msg = Data_encoding.Binary.to_bytes Signature.Secret_key.encoding sk in
let encrypted_passwd = Crypto_box.Secretbox.box key msg nonce in
let payload = MBytes.(to_string (concat "" [salt; encrypted_passwd])) in

108
src/lib_crypto/crypto_box.ml
View File

@ -9,26 +9,36 @@
(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)
open Tweetnacl
open Hacl
type secret_key = Box.secret Box.key
type public_key = Box.public Box.key
type secret_key = secret Box.key
type public_key = public Box.key
type channel_key = Box.combined Box.key
type nonce = Nonce.t
type nonce = Bigstring.t
type target = Z.t
module Secretbox = struct
include Secretbox
let box key msg nonce = box ~key ~msg ~nonce
let box_open key cmsg nonce = box_open ~key ~cmsg ~nonce
let box_noalloc key nonce msg =
box_noalloc ~key ~nonce ~msg
box ~key ~nonce ~msg ~cmsg:msg
let box_open_noalloc key nonce cmsg =
box_open_noalloc ~key ~nonce ~cmsg
box_open ~key ~nonce ~cmsg ~msg:cmsg
let box key msg nonce =
let msglen = MBytes.length msg in
let cmsg = MBytes.create (msglen + zerobytes) in
MBytes.fill cmsg '\x00' ;
MBytes.blit msg 0 cmsg zerobytes msglen ;
box ~key ~nonce ~msg:cmsg ~cmsg ;
cmsg
let box_open key cmsg nonce =
let cmsglen = MBytes.length cmsg in
let msg = MBytes.create cmsglen in
match box_open ~key ~nonce ~cmsg ~msg with
| false -> None
| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))
end
module Public_key_hash = Blake2B.Make (Base58) (struct
@ -42,7 +52,7 @@ let () =
Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30
let hash pk =
Public_key_hash.hash_bytes [Box.to_bytes pk]
Public_key_hash.hash_bytes [Box.unsafe_to_bytes pk]
let zerobytes = Box.zerobytes
let boxzerobytes = Box.boxzerobytes
@ -51,33 +61,32 @@ let random_keypair () =
let pk, sk = Box.keypair () in
sk, pk, hash pk
let zero_nonce = Tweetnacl.Nonce.(of_bytes_exn (MBytes.make bytes '\x00'))
let zero_nonce = MBytes.make Nonce.bytes '\x00'
let random_nonce = Nonce.gen
let increment_nonce = Nonce.increment
let box sk pk msg nonce = Box.box ~sk ~pk ~msg ~nonce
let box_open sk pk cmsg nonce = Box.box_open ~sk ~pk ~cmsg ~nonce
let box_noalloc sk pk nonce msg =
Box.box_noalloc ~sk ~pk ~nonce ~msg
let box_open_noalloc sk pk nonce cmsg =
Box.box_open_noalloc ~sk ~pk ~nonce ~cmsg
let precompute sk pk = Box.combine pk sk
let fast_box k msg nonce =
Box.box_combined ~k ~msg ~nonce
let fast_box_open k cmsg nonce =
Box.box_open_combined ~k ~cmsg ~nonce
let precompute sk pk = Box.dh pk sk
let fast_box_noalloc k nonce msg =
Box.box_combined_noalloc ~k ~nonce ~msg
Box.box ~k ~nonce ~msg ~cmsg:msg
let fast_box_open_noalloc k nonce cmsg =
Box.box_open_combined_noalloc ~k ~nonce ~cmsg
Box.box_open ~k ~nonce ~cmsg ~msg:cmsg
let fast_box k msg nonce =
let msglen = MBytes.length msg in
let cmsg = MBytes.create (msglen + zerobytes) in
MBytes.fill cmsg '\x00' ;
MBytes.blit msg 0 cmsg zerobytes msglen ;
Box.box ~k ~nonce ~msg:cmsg ~cmsg ;
cmsg
let fast_box_open k cmsg nonce =
let cmsglen = MBytes.length cmsg in
let msg = MBytes.create cmsglen in
match Box.box_open ~k ~nonce ~cmsg ~msg with
| false -> None
| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))
let compare_target hash target =
let hash = Z.of_bits (Blake2B.to_string hash) in
@ -106,8 +115,8 @@ let default_target = make_target 24.
let check_proof_of_work pk nonce target =
let hash =
Blake2B.hash_bytes [
Box.to_bytes pk ;
Nonce.to_bytes nonce ;
Box.unsafe_to_bytes pk ;
nonce ;
] in
compare_target hash target
@ -124,16 +133,28 @@ let generate_proof_of_work ?max pk target =
loop (Nonce.increment nonce) (cpt + 1) in
loop (random_nonce ()) 0
let public_key_to_bigarray = Box.to_bytes
let public_key_of_bigarray = Box.pk_of_bytes_exn
let public_key_to_bigarray pk =
let buf = MBytes.create Box.pkbytes in
Box.blit_to_bytes pk buf ;
buf
let public_key_of_bigarray buf =
let pk = MBytes.copy buf in
Box.unsafe_pk_of_bytes pk
let public_key_size = Box.pkbytes
let secret_key_to_bigarray = Box.to_bytes
let secret_key_of_bigarray = Box.sk_of_bytes_exn
let secret_key_to_bigarray sk =
let buf = MBytes.create Box.skbytes in
Box.blit_to_bytes sk buf ;
buf
let secret_key_of_bigarray buf =
let sk = MBytes.copy buf in
Box.unsafe_sk_of_bytes sk
let secret_key_size = Box.skbytes
let nonce_to_bigarray = Nonce.to_bytes
let nonce_of_bigarray = Nonce.of_bytes_exn
let nonce_size = Nonce.bytes
let public_key_encoding =
@ -151,9 +172,4 @@ let secret_key_encoding =
(Fixed.bytes secret_key_size)
let nonce_encoding =
let open Data_encoding in
conv
nonce_to_bigarray
nonce_of_bigarray
(Fixed.bytes nonce_size)
Data_encoding.Fixed.bytes nonce_size

25
src/lib_crypto/crypto_box.mli
View File

@ -9,7 +9,8 @@
(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)
type nonce
type nonce = Bigstring.t
val nonce_size : int
val zero_nonce : nonce
val random_nonce : unit -> nonce
@ -18,17 +19,13 @@ val increment_nonce : ?step:int -> nonce -> nonce
module Secretbox : sig
type key
val zerobytes : int
val boxzerobytes : int
val of_bytes : MBytes.t -> key option
val of_bytes_exn : MBytes.t -> key
val box : key -> MBytes.t -> nonce -> MBytes.t
val box_open : key -> MBytes.t -> nonce -> MBytes.t option
val unsafe_of_bytes : MBytes.t -> key
val box_noalloc : key -> nonce -> MBytes.t -> unit
val box_open_noalloc : key -> nonce -> MBytes.t -> bool
val box : key -> MBytes.t -> nonce -> MBytes.t
val box_open : key -> MBytes.t -> nonce -> MBytes.t option
end
type target
@ -47,12 +44,6 @@ val boxzerobytes : int
val random_keypair : unit -> secret_key * public_key * Public_key_hash.t
val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t
val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option
val box_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> unit
val box_open_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> bool
val precompute : secret_key -> public_key -> channel_key
val fast_box : channel_key -> MBytes.t -> nonce -> MBytes.t
@ -72,10 +63,6 @@ val secret_key_to_bigarray : secret_key -> Cstruct.buffer
val secret_key_of_bigarray : Cstruct.buffer -> secret_key
val secret_key_size : int
val nonce_to_bigarray : nonce -> Cstruct.buffer
val nonce_of_bigarray : Cstruct.buffer -> nonce
val nonce_size : int
val public_key_encoding : public_key Data_encoding.t
val secret_key_encoding : secret_key Data_encoding.t
val nonce_encoding : nonce Data_encoding.t

126
src/lib_crypto/ed25519.ml
View File

@ -19,20 +19,35 @@ module Public_key_hash = Blake2B.Make(Base58)(struct
let () =
Base58.check_encoded_prefix Public_key_hash.b58check_encoding "tz1" 36
open Tweetnacl
open Hacl
module Public_key = struct
type t = Sign.public Sign.key
type t = public Sign.key
let name = "Ed25519.Public_key"
let title = "Ed25519 public key"
let to_string s = MBytes.to_string (Sign.to_bytes s)
let of_string_opt s = Sign.pk_of_bytes (MBytes.of_string s)
let to_string s = MBytes.to_string (Sign.unsafe_to_bytes s)
let of_string_opt s =
if String.length s < Sign.pkbytes then None
else
let pk = MBytes.create Sign.pkbytes in
MBytes.blit_of_string s 0 pk 0 Sign.pkbytes ;
Some (Sign.unsafe_pk_of_bytes pk)
let to_bytes = Sign.to_bytes
let of_bytes_opt = Sign.pk_of_bytes
let to_bytes pk =
let buf = MBytes.create Sign.pkbytes in
Sign.blit_to_bytes pk buf ;
buf
let of_bytes_opt buf =
let buflen = MBytes.length buf in
if buflen < Sign.pkbytes then None
else
let pk = MBytes.create Sign.pkbytes in
MBytes.blit buf 0 pk 0 Sign.pkbytes ;
Some (Sign.unsafe_pk_of_bytes pk)
let size = Sign.pkbytes
@ -51,12 +66,12 @@ module Public_key = struct
Base58.check_encoded_prefix b58check_encoding "edpk" 54
let hash v =
Public_key_hash.hash_bytes [ Sign.to_bytes v ]
Public_key_hash.hash_bytes [ Sign.unsafe_to_bytes v ]
include Compare.Make(struct
type nonrec t = t
let compare a b =
MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b)
MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b)
end)
include Helpers.MakeRaw(struct
@ -94,24 +109,29 @@ end
module Secret_key = struct
type t = Sign.secret Sign.key
type t = secret Sign.key
let name = "Ed25519.Secret_key"
let title = "An Ed25519 secret key"
let size = Sign.seedbytes
let size = Sign.skbytes
let to_bytes sk =
let buf = MBytes.create Sign.skbytes in
Sign.blit_to_bytes sk buf ;
buf
let to_bytes = Sign.seed
let of_bytes_opt s =
match MBytes.length s with
| 32 -> let _pk, sk = Sign.keypair ~seed:s () in Some sk
| 64 -> Sign.sk_of_bytes s
| _ -> None
if MBytes.length s > 64 then None
else
let sk = MBytes.create Sign.skbytes in
MBytes.blit s 0 sk 0 Sign.skbytes ;
Some (Sign.unsafe_sk_of_bytes sk)
let to_string s = MBytes.to_string (to_bytes s)
let of_string_opt s = of_bytes_opt (MBytes.of_string s)
let to_public_key = Sign.public
let to_public_key = Sign.neuterize
type Base58.data +=
| Data of t
@ -120,20 +140,29 @@ module Secret_key = struct
Base58.register_encoding
~prefix: Base58.Prefix.ed25519_seed
~length: size
~to_raw: (fun sk -> MBytes.to_string (Sign.seed sk))
~to_raw: (fun sk -> MBytes.to_string (Sign.unsafe_to_bytes sk))
~of_raw: (fun buf ->
let seed = MBytes.of_string buf in
match Sign.keypair ~seed () with
| exception _ -> None
| _pk, sk -> Some sk)
if String.length buf <> Sign.skbytes then None
else Some (Sign.unsafe_sk_of_bytes (MBytes.of_string buf)))
~wrap: (fun sk -> Data sk)
(* Legacy NaCl secret key encoding. Used to store both sk and pk. *)
let secret_key_encoding =
Base58.register_encoding
~prefix: Base58.Prefix.ed25519_secret_key
~length: Sign.skbytes
~to_raw: (fun sk -> MBytes.to_string (Sign.to_bytes sk))
~of_raw: (fun buf -> Sign.sk_of_bytes (MBytes.of_string buf))
~length: Sign.(skbytes + pkbytes)
~to_raw: (fun sk ->
let pk = Sign.neuterize sk in
let buf = MBytes.create Sign.(skbytes + pkbytes) in
Sign.blit_to_bytes sk buf ;
Sign.blit_to_bytes pk ~pos:Sign.skbytes buf ;
MBytes.to_string buf)
~of_raw: (fun buf ->
if String.length buf <> Sign.(skbytes + pkbytes) then None
else
let sk = MBytes.create Sign.skbytes in
MBytes.blit_of_string buf 0 sk 0 Sign.skbytes ;
Some (Sign.unsafe_sk_of_bytes sk))
~wrap: (fun x -> Data x)
let of_b58check_opt s =
@ -165,7 +194,7 @@ module Secret_key = struct
include Compare.Make(struct
type nonrec t = t
let compare a b =
MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b)
MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b)
end)
include Helpers.MakeRaw(struct
@ -222,11 +251,6 @@ let b58check_encoding =
let () =
Base58.check_encoded_prefix b58check_encoding "edsig" 99
include Compare.Make(struct
type nonrec t = t
let compare = MBytes.compare
end)
include Helpers.MakeRaw(struct
type nonrec t = t
let name = name
@ -260,30 +284,32 @@ let pp ppf t = Format.fprintf ppf "%s" (to_b58check t)
let zero = MBytes.make size '\000'
let sign key msg = Sign.detached ~key msg
let sign sk msg =
let signature = MBytes.create Sign.bytes in
Sign.sign ~sk ~msg ~signature ;
signature
let check public_key signature msg =
Sign.verify_detached ~key:public_key ~signature msg
let check pk signature msg =
Sign.verify ~pk ~signature ~msg
module Seed = struct
type t = Bigstring.t
let generate () = Rand.gen 32
let extract = Sign.seed
end
let generate_seeded_key seed =
let pk, sk = Sign.keypair ~seed () in
(Public_key.hash pk, pk, sk)
let generate_key () =
let seed = Seed.generate () in
generate_seeded_key seed
let generate_key ?seed () =
match seed with
| None ->
let pk, sk = Sign.keypair () in
Public_key.hash pk, pk, sk
| Some seed ->
let seedlen = MBytes.length seed in
if seedlen < Sign.skbytes then
invalid_arg (Printf.sprintf "Ed25519.generate_key: seed must \
be at least %d bytes long (got %d)"
Sign.skbytes seedlen) ;
let sk = MBytes.create Sign.skbytes in
MBytes.blit seed 0 sk 0 Sign.skbytes ;
let sk = Sign.unsafe_sk_of_bytes sk in
let pk = Sign.neuterize sk in
Public_key.hash pk, pk, sk
include Compare.Make(struct
type nonrec t = t
let compare = MBytes.compare
end)

9
src/lib_crypto/ed25519.mli
View File

@ -10,13 +10,4 @@
(** Tezos - Ed25519 cryptography *)
include S.SIGNATURE
include S.RAW_DATA with type t := t
module Seed : sig
type t
val generate : unit -> t
val extract : Secret_key.t -> t
end
val generate_seeded_key: Seed.t -> (Public_key_hash.t * Public_key.t * Secret_key.t)

2
src/lib_crypto/jbuild
View File

@ -17,7 +17,7 @@
lwt
nocrypto
blake2
tweetnacl
hacl
secp256k1
zarith))))

4
src/lib_crypto/rand.ml
View File

@ -7,7 +7,7 @@
(* *)
(**************************************************************************)
let generate = Tweetnacl.Rand.gen
let generate = Hacl.Rand.gen
let generate_into ?(pos=0) ?len buf =
let buflen = MBytes.length buf in
@ -18,4 +18,4 @@ let generate_into ?(pos=0) ?len buf =
invalid_arg (Printf.sprintf "Rand.generate_into: \
invalid slice (pos=%d len=%d)" pos len) ;
let buf = MBytes.sub buf pos len in
Tweetnacl.Rand.write buf
Hacl.Rand.write buf

2
src/lib_crypto/s.ml
View File

@ -208,6 +208,6 @@ module type SIGNATURE = sig
val sign: Secret_key.t -> MBytes.t -> t
val check: Public_key.t -> t -> MBytes.t -> bool
val generate_key: unit -> (Public_key_hash.t * Public_key.t * Secret_key.t)
val generate_key: ?seed:MBytes.t -> unit -> (Public_key_hash.t * Public_key.t * Secret_key.t)
end

6
src/lib_crypto/secp256k1.ml
View File

@ -245,9 +245,9 @@ let sign sk msg =
let check public_key signature msg =
Sign.verify_exn context ~pk:public_key ~msg ~signature
let generate_key () =
let sk = Key.read_sk_exn context (Rand.generate 32) in
let generate_key ?(seed=Rand.generate 32) () =
let sk = Key.read_sk_exn context seed in
let pk = Key.neuterize_exn context sk in
let pkh = Public_key.hash pk in
(pkh, pk, sk)
pkh, pk, sk

16
src/lib_crypto/signature.ml
View File

@ -486,18 +486,12 @@ let algo_param () =
end
let generate_key ?(algo = Ed25519) ?seed () =
match algo, seed with
| Secp256k1, Some _ ->
invalid_arg "Signature.generate_key"
| Secp256k1, None ->
let (pkh, pk, sk) = Secp256k1.generate_key () in
match algo with
| Secp256k1 ->
let pkh, pk, sk = Secp256k1.generate_key ?seed () in
(Public_key_hash.Secp256k1 pkh,
Public_key.Secp256k1 pk, Secret_key.Secp256k1 sk)
| Ed25519, seed ->
let seed =
match seed with
| None -> Ed25519.Seed.generate ()
| Some seed -> seed in
let (pkh, pk, sk) = Ed25519.generate_seeded_key seed in
| Ed25519 ->
let pkh, pk, sk = Ed25519.generate_key ?seed () in
(Public_key_hash.Ed25519 pkh,
Public_key.Ed25519 pk, Secret_key.Ed25519 sk)

2
src/lib_crypto/signature.mli
View File

@ -41,5 +41,5 @@ val algo_param: unit -> (algo, 'a) Clic.parameter
val generate_key:
?algo:algo ->
?seed:Ed25519.Seed.t ->
?seed:MBytes.t ->
unit -> public_key_hash * public_key * secret_key

6
src/lib_crypto/test/test_ed25519.ml
View File

@ -7,10 +7,6 @@
(* *)
(**************************************************************************)
let get_keys () =
let seed = Ed25519.Seed.generate () in
Ed25519.generate_seeded_key seed
module type B58CHECK = sig
type t
val pp: Format.formatter -> t -> unit
@ -29,7 +25,7 @@ let test_b58check_roundtrip
input
let test_b58check_roundtrips () =
let (pubkey_hash, pubkey, seckey) = get_keys () in
let pubkey_hash, pubkey, seckey = Ed25519.generate_key () in
test_b58check_roundtrip (module Ed25519.Public_key_hash) pubkey_hash;
test_b58check_roundtrip (module Ed25519.Public_key) pubkey;
test_b58check_roundtrip (module Ed25519.Secret_key) seckey

2
src/lib_crypto/tezos-crypto.opam
View File

@ -17,7 +17,7 @@ depends: [
"lwt"
"nocrypto"
"blake2"
"tweetnacl"
"hacl"
"zarith"
"secp256k1"
"alcotest" { test & >= "0.8.3" }