balsoft/ligo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Crypto: replace ocaml-tweetnacl with ocaml-hacl

Browse Source
This commit is contained in:
Marco Stronati 2018-04-05 23:22:30 +02:00 committed by Vincent Bernardoff
parent 07a97ab94a
commit 7d6da7179b
15 changed files with 164 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib_client_base/client_keys.ml
View File

@ -207,9 +207,8 @@ let gen_keys_containing ?(prefix=false) ?(force=false) ~containing ~name (cctxt
(fun key -> try ignore (Re.Str.search_forward re key 0); true (fun key -> try ignore (Re.Str.search_forward re key 0); true
with Not_found -> false) in with Not_found -> false) in
let rec loop attempts = let rec loop attempts =
let seed = Ed25519.Seed.generate () in
let public_key_hash, public_key, secret_key = let public_key_hash, public_key, secret_key =
Signature.generate_key ~seed () in Signature.generate_key () in
let hash = Signature.Public_key_hash.to_b58check @@ let hash = Signature.Public_key_hash.to_b58check @@
Signature.Public_key.hash public_key in Signature.Public_key.hash public_key in
if matches hash if matches hash

2
src/lib_client_base/client_keys.mli
View File

@ -113,7 +113,7 @@ val append :
val gen_keys : val gen_keys :
?force:bool -> ?force:bool ->
?algo:Signature.algo -> ?algo:Signature.algo ->
?seed:Ed25519.Seed.t -> ?seed:MBytes.t ->
#Client_context.io_wallet -> string -> unit tzresult Lwt.t #Client_context.io_wallet -> string -> unit tzresult Lwt.t
val register_key : val register_key :

6
src/lib_client_base_unix/client_signer_encrypted.ml
View File

@ -46,7 +46,7 @@ module Encrypted_signer : SIGNER = struct
let rec decrypt_sk sk salt = function let rec decrypt_sk sk salt = function
| [] -> None | [] -> None
| password :: pws -> | password :: pws ->
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in
match Crypto_box.Secretbox.box_open key sk nonce with match Crypto_box.Secretbox.box_open key sk nonce with
| None -> decrypt_sk sk salt pws | None -> decrypt_sk sk salt pws
| Some sk -> Some sk | Some sk -> Some sk
@ -63,7 +63,7 @@ module Encrypted_signer : SIGNER = struct
cctxt#prompt_password "Enter password for encrypted key %s: " name >>= fun password -> cctxt#prompt_password "Enter password for encrypted key %s: " name >>= fun password ->
let password = MBytes.of_string password in let password = MBytes.of_string password in
let key = pbkdf ~salt ~password in let key = pbkdf ~salt ~password in
let key = Crypto_box.Secretbox.of_bytes_exn key in let key = Crypto_box.Secretbox.unsafe_of_bytes key in
match Crypto_box.Secretbox.box_open key skenc nonce with match Crypto_box.Secretbox.box_open key skenc nonce with
| None -> passwd_ask_loop cctxt ~name ~salt ~skenc | None -> passwd_ask_loop cctxt ~name ~salt ~skenc
| Some decrypted_sk -> | Some decrypted_sk ->
@ -111,7 +111,7 @@ module Encrypted_signer : SIGNER = struct
input_new_passphrase cctxt >>=? fun password -> input_new_passphrase cctxt >>=? fun password ->
let password = MBytes.of_string password in let password = MBytes.of_string password in
let salt = Rand.generate salt_len in let salt = Rand.generate salt_len in
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in let key = Crypto_box.Secretbox.unsafe_of_bytes (pbkdf ~password ~salt) in
let msg = Data_encoding.Binary.to_bytes Signature.Secret_key.encoding sk in let msg = Data_encoding.Binary.to_bytes Signature.Secret_key.encoding sk in
let encrypted_passwd = Crypto_box.Secretbox.box key msg nonce in let encrypted_passwd = Crypto_box.Secretbox.box key msg nonce in
let payload = MBytes.(to_string (concat "" [salt; encrypted_passwd])) in let payload = MBytes.(to_string (concat "" [salt; encrypted_passwd])) in

108
src/lib_crypto/crypto_box.ml
View File

@ -9,26 +9,36 @@
(** Tezos - X25519/XSalsa20-Poly1305 cryptography *) (** Tezos - X25519/XSalsa20-Poly1305 cryptography *)
open Tweetnacl open Hacl
type secret_key = Box.secret Box.key type secret_key = secret Box.key
type public_key = Box.public Box.key type public_key = public Box.key
type channel_key = Box.combined Box.key type channel_key = Box.combined Box.key
type nonce = Nonce.t type nonce = Bigstring.t
type target = Z.t type target = Z.t
module Secretbox = struct module Secretbox = struct
include Secretbox include Secretbox
let box key msg nonce = box ~key ~msg ~nonce
let box_open key cmsg nonce = box_open ~key ~cmsg ~nonce
let box_noalloc key nonce msg = let box_noalloc key nonce msg =
box_noalloc ~key ~nonce ~msg box ~key ~nonce ~msg ~cmsg:msg
let box_open_noalloc key nonce cmsg = let box_open_noalloc key nonce cmsg =
box_open_noalloc ~key ~nonce ~cmsg box_open ~key ~nonce ~cmsg ~msg:cmsg
let box key msg nonce =
let msglen = MBytes.length msg in
let cmsg = MBytes.create (msglen + zerobytes) in
MBytes.fill cmsg '\x00' ;
MBytes.blit msg 0 cmsg zerobytes msglen ;
box ~key ~nonce ~msg:cmsg ~cmsg ;
cmsg
let box_open key cmsg nonce =
let cmsglen = MBytes.length cmsg in
let msg = MBytes.create cmsglen in
match box_open ~key ~nonce ~cmsg ~msg with
| false -> None
| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))
end end
module Public_key_hash = Blake2B.Make (Base58) (struct module Public_key_hash = Blake2B.Make (Base58) (struct
@ -42,7 +52,7 @@ let () =
Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30 Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30
let hash pk = let hash pk =
Public_key_hash.hash_bytes [Box.to_bytes pk] Public_key_hash.hash_bytes [Box.unsafe_to_bytes pk]
let zerobytes = Box.zerobytes let zerobytes = Box.zerobytes
let boxzerobytes = Box.boxzerobytes let boxzerobytes = Box.boxzerobytes
@ -51,33 +61,32 @@ let random_keypair () =
let pk, sk = Box.keypair () in let pk, sk = Box.keypair () in
sk, pk, hash pk sk, pk, hash pk
let zero_nonce = Tweetnacl.Nonce.(of_bytes_exn (MBytes.make bytes '\x00')) let zero_nonce = MBytes.make Nonce.bytes '\x00'
let random_nonce = Nonce.gen let random_nonce = Nonce.gen
let increment_nonce = Nonce.increment let increment_nonce = Nonce.increment
let box sk pk msg nonce = Box.box ~sk ~pk ~msg ~nonce let precompute sk pk = Box.dh pk sk
let box_open sk pk cmsg nonce = Box.box_open ~sk ~pk ~cmsg ~nonce
let box_noalloc sk pk nonce msg =
Box.box_noalloc ~sk ~pk ~nonce ~msg
let box_open_noalloc sk pk nonce cmsg =
Box.box_open_noalloc ~sk ~pk ~nonce ~cmsg
let precompute sk pk = Box.combine pk sk
let fast_box k msg nonce =
Box.box_combined ~k ~msg ~nonce
let fast_box_open k cmsg nonce =
Box.box_open_combined ~k ~cmsg ~nonce
let fast_box_noalloc k nonce msg = let fast_box_noalloc k nonce msg =
Box.box_combined_noalloc ~k ~nonce ~msg Box.box ~k ~nonce ~msg ~cmsg:msg
let fast_box_open_noalloc k nonce cmsg = let fast_box_open_noalloc k nonce cmsg =
Box.box_open_combined_noalloc ~k ~nonce ~cmsg Box.box_open ~k ~nonce ~cmsg ~msg:cmsg
let fast_box k msg nonce =
let msglen = MBytes.length msg in
let cmsg = MBytes.create (msglen + zerobytes) in
MBytes.fill cmsg '\x00' ;
MBytes.blit msg 0 cmsg zerobytes msglen ;
Box.box ~k ~nonce ~msg:cmsg ~cmsg ;
cmsg
let fast_box_open k cmsg nonce =
let cmsglen = MBytes.length cmsg in
let msg = MBytes.create cmsglen in
match Box.box_open ~k ~nonce ~cmsg ~msg with
| false -> None
| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))
let compare_target hash target = let compare_target hash target =
let hash = Z.of_bits (Blake2B.to_string hash) in let hash = Z.of_bits (Blake2B.to_string hash) in
@ -106,8 +115,8 @@ let default_target = make_target 24.
let check_proof_of_work pk nonce target = let check_proof_of_work pk nonce target =
let hash = let hash =
Blake2B.hash_bytes [ Blake2B.hash_bytes [
Box.to_bytes pk ; Box.unsafe_to_bytes pk ;
Nonce.to_bytes nonce ; nonce ;
] in ] in
compare_target hash target compare_target hash target
@ -124,16 +133,28 @@ let generate_proof_of_work ?max pk target =
loop (Nonce.increment nonce) (cpt + 1) in loop (Nonce.increment nonce) (cpt + 1) in
loop (random_nonce ()) 0 loop (random_nonce ()) 0
let public_key_to_bigarray = Box.to_bytes let public_key_to_bigarray pk =
let public_key_of_bigarray = Box.pk_of_bytes_exn let buf = MBytes.create Box.pkbytes in
Box.blit_to_bytes pk buf ;
buf
let public_key_of_bigarray buf =
let pk = MBytes.copy buf in
Box.unsafe_pk_of_bytes pk
let public_key_size = Box.pkbytes let public_key_size = Box.pkbytes
let secret_key_to_bigarray = Box.to_bytes let secret_key_to_bigarray sk =
let secret_key_of_bigarray = Box.sk_of_bytes_exn let buf = MBytes.create Box.skbytes in
Box.blit_to_bytes sk buf ;
buf
let secret_key_of_bigarray buf =
let sk = MBytes.copy buf in
Box.unsafe_sk_of_bytes sk
let secret_key_size = Box.skbytes let secret_key_size = Box.skbytes
let nonce_to_bigarray = Nonce.to_bytes
let nonce_of_bigarray = Nonce.of_bytes_exn
let nonce_size = Nonce.bytes let nonce_size = Nonce.bytes
let public_key_encoding = let public_key_encoding =
@ -151,9 +172,4 @@ let secret_key_encoding =
(Fixed.bytes secret_key_size) (Fixed.bytes secret_key_size)
let nonce_encoding = let nonce_encoding =
let open Data_encoding in Data_encoding.Fixed.bytes nonce_size
conv
nonce_to_bigarray
nonce_of_bigarray
(Fixed.bytes nonce_size)

25
src/lib_crypto/crypto_box.mli
View File

@ -9,7 +9,8 @@
(** Tezos - X25519/XSalsa20-Poly1305 cryptography *) (** Tezos - X25519/XSalsa20-Poly1305 cryptography *)
type nonce type nonce = Bigstring.t
val nonce_size : int
val zero_nonce : nonce val zero_nonce : nonce
val random_nonce : unit -> nonce val random_nonce : unit -> nonce
@ -18,17 +19,13 @@ val increment_nonce : ?step:int -> nonce -> nonce
module Secretbox : sig module Secretbox : sig
type key type key
val zerobytes : int val unsafe_of_bytes : MBytes.t -> key
val boxzerobytes : int
val of_bytes : MBytes.t -> key option
val of_bytes_exn : MBytes.t -> key
val box : key -> MBytes.t -> nonce -> MBytes.t
val box_open : key -> MBytes.t -> nonce -> MBytes.t option
val box_noalloc : key -> nonce -> MBytes.t -> unit val box_noalloc : key -> nonce -> MBytes.t -> unit
val box_open_noalloc : key -> nonce -> MBytes.t -> bool val box_open_noalloc : key -> nonce -> MBytes.t -> bool
val box : key -> MBytes.t -> nonce -> MBytes.t
val box_open : key -> MBytes.t -> nonce -> MBytes.t option
end end
type target type target
@ -47,12 +44,6 @@ val boxzerobytes : int
val random_keypair : unit -> secret_key * public_key * Public_key_hash.t val random_keypair : unit -> secret_key * public_key * Public_key_hash.t
val box : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t
val box_open : secret_key -> public_key -> MBytes.t -> nonce -> MBytes.t option
val box_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> unit
val box_open_noalloc : secret_key -> public_key -> nonce -> MBytes.t -> bool
val precompute : secret_key -> public_key -> channel_key val precompute : secret_key -> public_key -> channel_key
val fast_box : channel_key -> MBytes.t -> nonce -> MBytes.t val fast_box : channel_key -> MBytes.t -> nonce -> MBytes.t
@ -72,10 +63,6 @@ val secret_key_to_bigarray : secret_key -> Cstruct.buffer
val secret_key_of_bigarray : Cstruct.buffer -> secret_key val secret_key_of_bigarray : Cstruct.buffer -> secret_key
val secret_key_size : int val secret_key_size : int
val nonce_to_bigarray : nonce -> Cstruct.buffer
val nonce_of_bigarray : Cstruct.buffer -> nonce
val nonce_size : int
val public_key_encoding : public_key Data_encoding.t val public_key_encoding : public_key Data_encoding.t
val secret_key_encoding : secret_key Data_encoding.t val secret_key_encoding : secret_key Data_encoding.t
val nonce_encoding : nonce Data_encoding.t val nonce_encoding : nonce Data_encoding.t

126
src/lib_crypto/ed25519.ml
View File

@ -19,20 +19,35 @@ module Public_key_hash = Blake2B.Make(Base58)(struct
let () = let () =
Base58.check_encoded_prefix Public_key_hash.b58check_encoding "tz1" 36 Base58.check_encoded_prefix Public_key_hash.b58check_encoding "tz1" 36
open Tweetnacl open Hacl
module Public_key = struct module Public_key = struct
type t = Sign.public Sign.key type t = public Sign.key
let name = "Ed25519.Public_key" let name = "Ed25519.Public_key"
let title = "Ed25519 public key" let title = "Ed25519 public key"
let to_string s = MBytes.to_string (Sign.to_bytes s) let to_string s = MBytes.to_string (Sign.unsafe_to_bytes s)
let of_string_opt s = Sign.pk_of_bytes (MBytes.of_string s) let of_string_opt s =
if String.length s < Sign.pkbytes then None
else
let pk = MBytes.create Sign.pkbytes in
MBytes.blit_of_string s 0 pk 0 Sign.pkbytes ;
Some (Sign.unsafe_pk_of_bytes pk)
let to_bytes = Sign.to_bytes let to_bytes pk =
let of_bytes_opt = Sign.pk_of_bytes let buf = MBytes.create Sign.pkbytes in
Sign.blit_to_bytes pk buf ;
buf
let of_bytes_opt buf =
let buflen = MBytes.length buf in
if buflen < Sign.pkbytes then None
else
let pk = MBytes.create Sign.pkbytes in
MBytes.blit buf 0 pk 0 Sign.pkbytes ;
Some (Sign.unsafe_pk_of_bytes pk)
let size = Sign.pkbytes let size = Sign.pkbytes
@ -51,12 +66,12 @@ module Public_key = struct
Base58.check_encoded_prefix b58check_encoding "edpk" 54 Base58.check_encoded_prefix b58check_encoding "edpk" 54
let hash v = let hash v =
Public_key_hash.hash_bytes [ Sign.to_bytes v ] Public_key_hash.hash_bytes [ Sign.unsafe_to_bytes v ]
include Compare.Make(struct include Compare.Make(struct
type nonrec t = t type nonrec t = t
let compare a b = let compare a b =
MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b) MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b)
end) end)
include Helpers.MakeRaw(struct include Helpers.MakeRaw(struct
@ -94,24 +109,29 @@ end
module Secret_key = struct module Secret_key = struct
type t = Sign.secret Sign.key type t = secret Sign.key
let name = "Ed25519.Secret_key" let name = "Ed25519.Secret_key"
let title = "An Ed25519 secret key" let title = "An Ed25519 secret key"
let size = Sign.seedbytes let size = Sign.skbytes
let to_bytes sk =
let buf = MBytes.create Sign.skbytes in
Sign.blit_to_bytes sk buf ;
buf
let to_bytes = Sign.seed
let of_bytes_opt s = let of_bytes_opt s =
match MBytes.length s with if MBytes.length s > 64 then None
| 32 -> let _pk, sk = Sign.keypair ~seed:s () in Some sk else
| 64 -> Sign.sk_of_bytes s let sk = MBytes.create Sign.skbytes in
| _ -> None MBytes.blit s 0 sk 0 Sign.skbytes ;
Some (Sign.unsafe_sk_of_bytes sk)
let to_string s = MBytes.to_string (to_bytes s) let to_string s = MBytes.to_string (to_bytes s)
let of_string_opt s = of_bytes_opt (MBytes.of_string s) let of_string_opt s = of_bytes_opt (MBytes.of_string s)
let to_public_key = Sign.public let to_public_key = Sign.neuterize
type Base58.data += type Base58.data +=
| Data of t | Data of t
@ -120,20 +140,29 @@ module Secret_key = struct
Base58.register_encoding Base58.register_encoding
~prefix: Base58.Prefix.ed25519_seed ~prefix: Base58.Prefix.ed25519_seed
~length: size ~length: size
~to_raw: (fun sk -> MBytes.to_string (Sign.seed sk)) ~to_raw: (fun sk -> MBytes.to_string (Sign.unsafe_to_bytes sk))
~of_raw: (fun buf -> ~of_raw: (fun buf ->
let seed = MBytes.of_string buf in if String.length buf <> Sign.skbytes then None
match Sign.keypair ~seed () with else Some (Sign.unsafe_sk_of_bytes (MBytes.of_string buf)))
| exception _ -> None
| _pk, sk -> Some sk)
~wrap: (fun sk -> Data sk) ~wrap: (fun sk -> Data sk)
(* Legacy NaCl secret key encoding. Used to store both sk and pk. *)
let secret_key_encoding = let secret_key_encoding =
Base58.register_encoding Base58.register_encoding
~prefix: Base58.Prefix.ed25519_secret_key ~prefix: Base58.Prefix.ed25519_secret_key
~length: Sign.skbytes ~length: Sign.(skbytes + pkbytes)
~to_raw: (fun sk -> MBytes.to_string (Sign.to_bytes sk)) ~to_raw: (fun sk ->
~of_raw: (fun buf -> Sign.sk_of_bytes (MBytes.of_string buf)) let pk = Sign.neuterize sk in
let buf = MBytes.create Sign.(skbytes + pkbytes) in
Sign.blit_to_bytes sk buf ;
Sign.blit_to_bytes pk ~pos:Sign.skbytes buf ;
MBytes.to_string buf)
~of_raw: (fun buf ->
if String.length buf <> Sign.(skbytes + pkbytes) then None
else
let sk = MBytes.create Sign.skbytes in
MBytes.blit_of_string buf 0 sk 0 Sign.skbytes ;
Some (Sign.unsafe_sk_of_bytes sk))
~wrap: (fun x -> Data x) ~wrap: (fun x -> Data x)
let of_b58check_opt s = let of_b58check_opt s =
@ -165,7 +194,7 @@ module Secret_key = struct
include Compare.Make(struct include Compare.Make(struct
type nonrec t = t type nonrec t = t
let compare a b = let compare a b =
MBytes.compare (Sign.to_bytes a) (Sign.to_bytes b) MBytes.compare (Sign.unsafe_to_bytes a) (Sign.unsafe_to_bytes b)
end) end)
include Helpers.MakeRaw(struct include Helpers.MakeRaw(struct
@ -222,11 +251,6 @@ let b58check_encoding =
let () = let () =
Base58.check_encoded_prefix b58check_encoding "edsig" 99 Base58.check_encoded_prefix b58check_encoding "edsig" 99
include Compare.Make(struct
type nonrec t = t
let compare = MBytes.compare
end)
include Helpers.MakeRaw(struct include Helpers.MakeRaw(struct
type nonrec t = t type nonrec t = t
let name = name let name = name
@ -260,30 +284,32 @@ let pp ppf t = Format.fprintf ppf "%s" (to_b58check t)
let zero = MBytes.make size '\000' let zero = MBytes.make size '\000'
let sign key msg = Sign.detached ~key msg let sign sk msg =
let signature = MBytes.create Sign.bytes in
Sign.sign ~sk ~msg ~signature ;
signature
let check public_key signature msg = let check pk signature msg =
Sign.verify_detached ~key:public_key ~signature msg Sign.verify ~pk ~signature ~msg
module Seed = struct let generate_key ?seed () =
match seed with
type t = Bigstring.t | None ->
let pk, sk = Sign.keypair () in
let generate () = Rand.gen 32 Public_key.hash pk, pk, sk
let extract = Sign.seed | Some seed ->
let seedlen = MBytes.length seed in
end if seedlen < Sign.skbytes then
invalid_arg (Printf.sprintf "Ed25519.generate_key: seed must \
let generate_seeded_key seed = be at least %d bytes long (got %d)"
let pk, sk = Sign.keypair ~seed () in Sign.skbytes seedlen) ;
(Public_key.hash pk, pk, sk) let sk = MBytes.create Sign.skbytes in
MBytes.blit seed 0 sk 0 Sign.skbytes ;
let generate_key () = let sk = Sign.unsafe_sk_of_bytes sk in
let seed = Seed.generate () in let pk = Sign.neuterize sk in
generate_seeded_key seed Public_key.hash pk, pk, sk
include Compare.Make(struct include Compare.Make(struct
type nonrec t = t type nonrec t = t
let compare = MBytes.compare let compare = MBytes.compare
end) end)

9
src/lib_crypto/ed25519.mli
View File

@ -10,13 +10,4 @@
(** Tezos - Ed25519 cryptography *) (** Tezos - Ed25519 cryptography *)
include S.SIGNATURE include S.SIGNATURE
include S.RAW_DATA with type t := t include S.RAW_DATA with type t := t
module Seed : sig
type t
val generate : unit -> t
val extract : Secret_key.t -> t
end
val generate_seeded_key: Seed.t -> (Public_key_hash.t * Public_key.t * Secret_key.t)

2
src/lib_crypto/jbuild
View File

@ -17,7 +17,7 @@
lwt lwt
nocrypto nocrypto
blake2 blake2
tweetnacl hacl
secp256k1 secp256k1
zarith)))) zarith))))

4
src/lib_crypto/rand.ml
View File

@ -7,7 +7,7 @@
(* *) (* *)
(**************************************************************************) (**************************************************************************)
let generate = Tweetnacl.Rand.gen let generate = Hacl.Rand.gen
let generate_into ?(pos=0) ?len buf = let generate_into ?(pos=0) ?len buf =
let buflen = MBytes.length buf in let buflen = MBytes.length buf in
@ -18,4 +18,4 @@ let generate_into ?(pos=0) ?len buf =
invalid_arg (Printf.sprintf "Rand.generate_into: \ invalid_arg (Printf.sprintf "Rand.generate_into: \
invalid slice (pos=%d len=%d)" pos len) ; invalid slice (pos=%d len=%d)" pos len) ;
let buf = MBytes.sub buf pos len in let buf = MBytes.sub buf pos len in
Tweetnacl.Rand.write buf Hacl.Rand.write buf

2
src/lib_crypto/s.ml
View File

@ -208,6 +208,6 @@ module type SIGNATURE = sig
val sign: Secret_key.t -> MBytes.t -> t val sign: Secret_key.t -> MBytes.t -> t
val check: Public_key.t -> t -> MBytes.t -> bool val check: Public_key.t -> t -> MBytes.t -> bool
val generate_key: unit -> (Public_key_hash.t * Public_key.t * Secret_key.t) val generate_key: ?seed:MBytes.t -> unit -> (Public_key_hash.t * Public_key.t * Secret_key.t)
end end

6
src/lib_crypto/secp256k1.ml
View File

@ -245,9 +245,9 @@ let sign sk msg =
let check public_key signature msg = let check public_key signature msg =
Sign.verify_exn context ~pk:public_key ~msg ~signature Sign.verify_exn context ~pk:public_key ~msg ~signature
let generate_key () = let generate_key ?(seed=Rand.generate 32) () =
let sk = Key.read_sk_exn context (Rand.generate 32) in let sk = Key.read_sk_exn context seed in
let pk = Key.neuterize_exn context sk in let pk = Key.neuterize_exn context sk in
let pkh = Public_key.hash pk in let pkh = Public_key.hash pk in
(pkh, pk, sk) pkh, pk, sk

16
src/lib_crypto/signature.ml
View File

@ -486,18 +486,12 @@ let algo_param () =
end end
let generate_key ?(algo = Ed25519) ?seed () = let generate_key ?(algo = Ed25519) ?seed () =
match algo, seed with match algo with
| Secp256k1, Some _ -> | Secp256k1 ->
invalid_arg "Signature.generate_key" let pkh, pk, sk = Secp256k1.generate_key ?seed () in
| Secp256k1, None ->
let (pkh, pk, sk) = Secp256k1.generate_key () in
(Public_key_hash.Secp256k1 pkh, (Public_key_hash.Secp256k1 pkh,
Public_key.Secp256k1 pk, Secret_key.Secp256k1 sk) Public_key.Secp256k1 pk, Secret_key.Secp256k1 sk)
| Ed25519, seed -> | Ed25519 ->
let seed = let pkh, pk, sk = Ed25519.generate_key ?seed () in
match seed with
| None -> Ed25519.Seed.generate ()
| Some seed -> seed in
let (pkh, pk, sk) = Ed25519.generate_seeded_key seed in
(Public_key_hash.Ed25519 pkh, (Public_key_hash.Ed25519 pkh,
Public_key.Ed25519 pk, Secret_key.Ed25519 sk) Public_key.Ed25519 pk, Secret_key.Ed25519 sk)

2
src/lib_crypto/signature.mli
View File

@ -41,5 +41,5 @@ val algo_param: unit -> (algo, 'a) Clic.parameter
val generate_key: val generate_key:
?algo:algo -> ?algo:algo ->
?seed:Ed25519.Seed.t -> ?seed:MBytes.t ->
unit -> public_key_hash * public_key * secret_key unit -> public_key_hash * public_key * secret_key

6
src/lib_crypto/test/test_ed25519.ml
View File

@ -7,10 +7,6 @@
(* *) (* *)
(**************************************************************************) (**************************************************************************)
let get_keys () =
let seed = Ed25519.Seed.generate () in
Ed25519.generate_seeded_key seed
module type B58CHECK = sig module type B58CHECK = sig
type t type t
val pp: Format.formatter -> t -> unit val pp: Format.formatter -> t -> unit
@ -29,7 +25,7 @@ let test_b58check_roundtrip
input input
let test_b58check_roundtrips () = let test_b58check_roundtrips () =
let (pubkey_hash, pubkey, seckey) = get_keys () in let pubkey_hash, pubkey, seckey = Ed25519.generate_key () in
test_b58check_roundtrip (module Ed25519.Public_key_hash) pubkey_hash; test_b58check_roundtrip (module Ed25519.Public_key_hash) pubkey_hash;
test_b58check_roundtrip (module Ed25519.Public_key) pubkey; test_b58check_roundtrip (module Ed25519.Public_key) pubkey;
test_b58check_roundtrip (module Ed25519.Secret_key) seckey test_b58check_roundtrip (module Ed25519.Secret_key) seckey

2
src/lib_crypto/tezos-crypto.opam
View File

@ -17,7 +17,7 @@ depends: [
"lwt" "lwt"
"nocrypto" "nocrypto"
"blake2" "blake2"
"tweetnacl" "hacl"
"zarith" "zarith"
"secp256k1" "secp256k1"
"alcotest" { test & >= "0.8.3" } "alcotest" { test & >= "0.8.3" }