Merge branch 'leo-sm-derive' into 'master'

feat(sm-tests) Sign messages using derived private keys

In the sm tests, we currently sign all the tECDSA messages using the same private key. With this change we will use the derived private key, which is a better representation of tECDSA signing. 

Closes FI-724. 

Closes FI-724

See merge request dfinity-lab/public/ic!12490

Author: leokazz

Cargo.lock

@@ -7,6 +7,7 @@ DEPENDENCIES = [
     "//rs/config",
     "//rs/constants",
     "//rs/crypto/ecdsa_secp256k1",
+    "//rs/crypto/extended_bip32",
     "//rs/crypto/internal/crypto_lib/seed",
     "//rs/crypto/internal/crypto_lib/threshold_sig/bls12_381",
     "//rs/crypto/internal/crypto_lib/types",
@@ -51,7 +52,10 @@ DEPENDENCIES = [
 
 rust_library(
     name = "state_machine_tests",
-    srcs = ["src/lib.rs"],
+    srcs = [
+        "src/lib.rs",
+        "src/tests.rs",
+    ],
     crate_name = "ic_state_machine_tests",
     version = "0.8.0",
     deps = DEPENDENCIES,
@@ -101,3 +105,11 @@ rust_test(
         "@crate_index//:serde_bytes",
     ],
 )
+
+rust_test(
+    name = "state_machine_unit_test",
+    crate = ":state_machine_tests",
+    deps = [
+        "@crate_index//:proptest",
+    ],
+)

rs/state_machine_tests/BUILD.bazel

@@ -14,6 +14,7 @@ ic-config = { path = "../config" }
 ic-constants = { path = "../constants" }
 ic-crypto = { path = "../crypto" }
 ic-crypto-ecdsa-secp256k1 = { path = "../crypto/ecdsa_secp256k1" }
+ic-crypto-extended-bip32 = { path = "../crypto/extended_bip32" }
 ic-crypto-internal-seed = { path= "../crypto/internal/crypto_lib/seed" }
 ic-crypto-internal-threshold-sig-bls12381 = { path= "../crypto/internal/crypto_lib/threshold_sig/bls12_381" }
 ic-crypto-internal-types = { path= "../crypto/internal/crypto_lib/types" }
@@ -54,3 +55,6 @@ tempfile = "3.1.0"
 tokio = { version = "1.15.0", features = ["full"] }
 wat = "1.0.52"
 maplit = "1.0.2"
+
+[dev-dependencies]
+proptest = "1.0"

rs/state_machine_tests/Cargo.toml

@@ -4,7 +4,8 @@ use ic_config::{
     subnet_config::{SubnetConfig, SubnetConfigs},
 };
 use ic_constants::{MAX_INGRESS_TTL, PERMITTED_DRIFT, SMALL_APP_SUBNET_MAX_SIZE};
-use ic_crypto_ecdsa_secp256k1::PrivateKey;
+use ic_crypto_ecdsa_secp256k1::{PrivateKey, PublicKey};
+use ic_crypto_extended_bip32::{DerivationIndex, DerivationPath};
 use ic_crypto_internal_seed::Seed;
 use ic_crypto_internal_threshold_sig_bls12381::api::{
     combine_signatures, combined_public_key, generate_threshold_key, sign_message,
@@ -109,6 +110,9 @@ use std::{fmt, io};
 use tempfile::TempDir;
 use tokio::runtime::Runtime;
 
+#[cfg(test)]
+mod tests;
+
 struct FakeVerifier;
 
 impl Verifier for FakeVerifier {
@@ -766,13 +770,19 @@ impl StateMachine {
             .sign_with_ecdsa_contexts
             .clone();
         for (id, ecdsa_context) in sign_with_ecdsa_contexts {
-            // TODO Here we use the same key to sign every message.
-            // Once https://dfinity.atlassian.net/browse/CRP-2029 is closed,
-            // we should use the derived private key to sign the message.
-            let signature = self
-                .ecdsa_secret_key
-                .sign_message(&ecdsa_context.message_hash);
+            // The chain code is an additional input used during the key derivation process
+            // to ensure deterministic generation of child keys from the master key.
+            // We are using an array with 32 zeros by default.
+
+            let signature = sign_message_with_derived_key(
+                &self.ecdsa_secret_key,
+                &ecdsa_context.message_hash,
+                &ecdsa_context.derivation_path,
+                &[0; 32],
+            );
+
             let reply = SignWithECDSAReply { signature };
+
             payload.consensus_responses.push(Response {
                 originator: CanisterId::ic_00(),
                 respondent: CanisterId::ic_00(),
@@ -1791,6 +1801,36 @@ impl StateMachine {
     }
 }
 
+fn sign_message_with_derived_key(
+    ecdsa_secret_key: &PrivateKey,
+    message_hash: &[u8],
+    derivation_path: &[Vec<u8>],
+    chain_code: &[u8],
+) -> Vec<u8> {
+    let public_key = ecdsa_secret_key.public_key();
+    let derivation_path = DerivationPath::new(
+        derivation_path
+            .iter()
+            .cloned()
+            .map(DerivationIndex)
+            .collect(),
+    );
+    let derived_public_key_bytes = derivation_path
+        .public_key_derivation(&public_key.serialize_sec1(true), chain_code)
+        .expect("couldn't derive ecdsa public key");
+    let derived_private_key_bytes = derivation_path
+        .private_key_derivation(&ecdsa_secret_key.serialize_sec1(), chain_code)
+        .expect("couldn't derive ecdsa private key");
+    let derived_private_key =
+        PrivateKey::deserialize_sec1(&derived_private_key_bytes.derived_private_key)
+            .expect("couldn't deserialize to sec1 ecdsa private key");
+    let signature = derived_private_key.sign_message(message_hash);
+    let pk = PublicKey::deserialize_sec1(&derived_public_key_bytes.derived_public_key)
+        .expect("couldn't deserialize sec1");
+    assert!(pk.verify_signature(message_hash, &signature));
+    signature
+}
+
 #[derive(Clone)]
 pub struct PayloadBuilder {
     expiry_time: Time,

rs/state_machine_tests/src/lib.rs

@@ -0,0 +1,35 @@
+use ic_crypto_ecdsa_secp256k1::{PrivateKey, PublicKey};
+use ic_crypto_extended_bip32::{DerivationIndex, DerivationPath};
+use proptest::{collection::vec as pvec, prelude::*, prop_assert, proptest};
+
+proptest! {
+    #[test]
+    fn test_derivation_prop(
+        derivation_path_bytes in pvec(pvec(any::<u8>(), 1..10), 1..10),
+        message_hash in pvec(any::<u8>(), 32),
+        chain_code in pvec(any::<u8>(), 32)
+    ) {
+        let private_key_bytes =
+            hex::decode("fb7d1f5b82336bb65b82bf4f27776da4db71c1ef632c6a7c171c0cbfa2ea4920").unwrap();
+
+        let ecdsa_secret_key: PrivateKey =
+            PrivateKey::deserialize_sec1(private_key_bytes.as_slice()).unwrap();
+
+        let signature = crate::sign_message_with_derived_key(&ecdsa_secret_key, &message_hash, &derivation_path_bytes, &chain_code);
+
+        let public_key = ecdsa_secret_key.public_key();
+
+        let derivation_path = DerivationPath::new(
+            derivation_path_bytes
+                .into_iter()
+                .map(DerivationIndex)
+                .collect(),
+        );
+        let derived_public_key_bytes = derivation_path
+            .public_key_derivation(&public_key.serialize_sec1(true), &chain_code)
+            .expect("couldn't derive ecdsa public key");
+        let derived_public_key = PublicKey::deserialize_sec1(&derived_public_key_bytes.derived_public_key)
+            .expect("couldn't deserialize sec1");
+        prop_assert!(derived_public_key.verify_signature(&message_hash, &signature));
+    }
+}