diff --git a/src/lib_crypto/aggregate_signature.ml b/src/lib_crypto/aggregate_signature.ml index 080560895fba5128601a55bf4fce1ededca004fc..55ea95a2f209fc60031b6032688bdcd57a514578 100644 --- a/src/lib_crypto/aggregate_signature.ml +++ b/src/lib_crypto/aggregate_signature.ml @@ -461,16 +461,19 @@ let pp ppf t = Format.fprintf ppf "%s" (to_b58check t) let zero = Bls12_381 Bls.zero let sign ?watermark (Secret_key.Bls12_381 sk) bytes = - Bls12_381 (Bls.sign ?watermark sk bytes) + (* NOTE: Not hashing for compatibility with TORU *) + Bls12_381 (Bls.sign_raw ?watermark sk bytes) let check ?watermark pk signature message = + (* NOTE: Not hashing for compatibility with TORU *) match (pk, signature) with | Public_key.Bls12_381 pk, Unknown signature -> Bls.of_bytes_opt signature - |> Option.map (fun signature -> Bls.check ?watermark pk signature message) + |> Option.map (fun signature -> + Bls.check_raw ?watermark pk signature message) |> Option.value ~default:false | Public_key.Bls12_381 pk, Bls12_381 signature -> - Bls.check ?watermark pk signature message + Bls.check_raw ?watermark pk signature message let generate_key ?seed () = let pkh, pk, sk = Bls.generate_key ?seed () in @@ -491,11 +494,12 @@ let aggregate_check pks signature = (pk, watermark, bytes)) pks in + (* NOTE: Not hashing for compatibility with TORU *) match signature with - | Bls12_381 signature -> Bls.aggregate_check pks signature + | Bls12_381 signature -> Bls.aggregate_check_raw pks signature | Unknown signature -> Bls.of_bytes_opt signature - |> Option.map (Bls.aggregate_check pks) + |> Option.map (Bls.aggregate_check_raw pks) |> Option.value ~default:false let aggregate_signature_opt signatures = diff --git a/src/lib_crypto/bls.ml b/src/lib_crypto/bls.ml index c3414094b8a4f574bef0473f57ed315877ad8799..8a0d268e90cd0a5eaa213f8318530016b95164a9 100644 --- a/src/lib_crypto/bls.ml +++ b/src/lib_crypto/bls.ml @@ -326,18 +326,32 @@ let zero = @@ Bytes.of_string "\192\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" -let sign ?watermark sk msg = +let sign_aux ~blake2b ?watermark sk msg = let msg = match watermark with None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in Bls12_381.Signature.MinPk.Aug.sign sk msg -let check ?watermark pk signature msg = +let sign_raw = sign_aux ~blake2b:false + +let sign = sign_aux ~blake2b:true + +let check_aux ~blake2b ?watermark pk signature msg = let msg = match watermark with None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in Bls12_381.Signature.MinPk.Aug.verify pk msg signature +let check_raw = check_aux ~blake2b:false + +let check = check_aux ~blake2b:true + (* [seed] must be at least of 32 bytes or [Bls12_381.Signature.generate_sk] will throw an error. *) let generate_key ?seed () = @@ -361,7 +375,7 @@ let deterministic_nonce sk msg = let deterministic_nonce_hash sk msg = Blake2B.to_bytes (Blake2B.hash_bytes [deterministic_nonce sk msg]) -let aggregate_check pk_msg_list signature = +let aggregate_check_aux ~blake2b pk_msg_list signature = let pk_msg_list = List.map (fun (pk, watermark, msg) -> @@ -370,9 +384,16 @@ let aggregate_check pk_msg_list signature = | None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in (pk, msg)) pk_msg_list in Bls12_381.Signature.MinPk.Aug.aggregate_verify pk_msg_list signature +let aggregate_check_raw = aggregate_check_aux ~blake2b:false + +let aggregate_check = aggregate_check_aux ~blake2b:true + let aggregate_signature_opt = Bls12_381.Signature.MinPk.aggregate_signature_opt diff --git a/src/lib_crypto/bls.mli b/src/lib_crypto/bls.mli index 42bce61a3fa999cec9497388d0fb17e04305083e..1ee7fe6c26ca96e64f1488b22c469f8d96b2e5c8 100644 --- a/src/lib_crypto/bls.mli +++ b/src/lib_crypto/bls.mli @@ -1,7 +1,7 @@ (*****************************************************************************) (* *) (* Open Source License *) -(* Copyright (c) 2021 Nomadic Labs *) +(* Copyright (c) 2022 Nomadic Labs *) (* *) (* Permission is hereby granted, free of charge, to any person obtaining a *) (* copy of this software and associated documentation files (the "Software"),*) @@ -33,3 +33,13 @@ include and type watermark = Bytes.t include S.RAW_DATA with type t := t + +(** Same as {!sign} but without hashing the message with Blake2B. *) +val sign_raw : ?watermark:watermark -> Secret_key.t -> Bytes.t -> t + +(** Same as {!check} but without hashing the message with Blake2B. *) +val check_raw : ?watermark:watermark -> Public_key.t -> t -> Bytes.t -> bool + +(** Same as {!aggregate_check} but without hashing the message with Blake2B. *) +val aggregate_check_raw : + (Public_key.t * watermark option * bytes) list -> t -> bool diff --git a/src/lib_crypto/test/test_prop_signature.ml b/src/lib_crypto/test/test_prop_signature.ml index 9531322c8a92286efa1e79d1afcb122b3b2e57f6..dde66c8d81d164a0f941e1594c8ec8d51bb53165 100644 --- a/src/lib_crypto/test/test_prop_signature.ml +++ b/src/lib_crypto/test/test_prop_signature.ml @@ -28,7 +28,7 @@ Component: Crypto Invocation: dune build @src/lib_crypto/runtest Subject: Property-tests over the interface S.SIGNATURE and its - instantiations Ed25519 and Secp256k1. + instantiations. *) open Lib_test.Qcheck2_helpers @@ -49,8 +49,8 @@ module Signature_Properties (Desc : sig end) (X : SIGNATURE) = struct - (** Tests that a signature of [s] by a generated key and [X.sign] is - accepted by [X.check] with the same key. *) + (** Tests that a signature of [s], with optional [watermark], by a generated + key and [X.sign] is accepted by [X.check] with the same key. *) let test_prop_sign_check (s, watermark) = let _, pk, sk = X.generate_key () in let data = Bytes.of_string s in @@ -84,7 +84,8 @@ module Aggregate_Signature_Properties (Desc : sig end) (X : AGGREGATE_SIGNATURE) = struct - (** Tests that signatures of [s] obtained using [X.sign] are accepted by + (** Tests that signatures of [msg1], [msg2], [msg3], (with optional + corresponding watermarks) obtained using [X.sign] are accepted by [X.check] when using the corresponding key. It then tests that the aggregation of all these signatures obtained using [X.aggregate_signature_opt] is accepted by [X.aggregate_check]. *) diff --git a/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml b/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml index 33c9c482b6bb64ee3cdbdb661943837929be4b44..c91f55be3de695f4f1c2ce4527be861baa50bfde 100644 --- a/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml +++ b/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml @@ -165,7 +165,7 @@ let sign_transaction : Tx_rollup_l2_batch.V1.transaction_encoding transaction in - List.map (fun sk -> Bls.sign sk buf) sks + List.map (fun sk -> Bls.sign_raw sk buf) sks type Environment.Error_monad.error += Test_error of string diff --git a/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml b/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml index 33c9c482b6bb64ee3cdbdb661943837929be4b44..c91f55be3de695f4f1c2ce4527be861baa50bfde 100644 --- a/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml +++ b/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml @@ -165,7 +165,7 @@ let sign_transaction : Tx_rollup_l2_batch.V1.transaction_encoding transaction in - List.map (fun sk -> Bls.sign sk buf) sks + List.map (fun sk -> Bls.sign_raw sk buf) sks type Environment.Error_monad.error += Test_error of string