feat(sm-tests) Sign messages using derived private keys

Author: leokazz

Cargo.lock

@@ -7,6 +7,7 @@ DEPENDENCIES = [
     "//rs/config",
     "//rs/constants",
     "//rs/crypto/ecdsa_secp256k1",
+    "//rs/crypto/extended_bip32",
     "//rs/crypto/internal/crypto_lib/seed",
     "//rs/crypto/internal/crypto_lib/threshold_sig/bls12_381",
     "//rs/crypto/internal/crypto_lib/types",
@@ -51,7 +52,10 @@ DEPENDENCIES = [
 
 rust_library(
     name = "state_machine_tests",
-    srcs = ["src/lib.rs"],
+    srcs = [
+        "src/lib.rs",
+        "src/tests.rs",
+    ],
     crate_name = "ic_state_machine_tests",
     version = "0.8.0",
     deps = DEPENDENCIES,
@@ -101,3 +105,11 @@ rust_test(
         "@crate_index//:serde_bytes",
     ],
 )
+
+rust_test(
+    name = "state_machine_unit_test",
+    crate = ":state_machine_tests",
+    deps = [
+        "@crate_index//:proptest",
+    ],
+)

rs/state_machine_tests/BUILD.bazel

@@ -14,6 +14,7 @@ ic-config = { path = "../config" }
 ic-constants = { path = "../constants" }
 ic-crypto = { path = "../crypto" }
 ic-crypto-ecdsa-secp256k1 = { path = "../crypto/ecdsa_secp256k1" }
+ic-crypto-extended-bip32 = { path = "../crypto/extended_bip32" }
 ic-crypto-internal-seed = { path= "../crypto/internal/crypto_lib/seed" }
 ic-crypto-internal-threshold-sig-bls12381 = { path= "../crypto/internal/crypto_lib/threshold_sig/bls12_381" }
 ic-crypto-internal-types = { path= "../crypto/internal/crypto_lib/types" }
@@ -54,3 +55,6 @@ tempfile = "3.1.0"
 tokio = { version = "1.15.0", features = ["full"] }
 wat = "1.0.52"
 maplit = "1.0.2"
+
+[dev-dependencies]
+proptest = "1.0"

rs/state_machine_tests/Cargo.toml

@@ -4,7 +4,8 @@ use ic_config::{
     subnet_config::{SubnetConfig, SubnetConfigs},
 };
 use ic_constants::{MAX_INGRESS_TTL, PERMITTED_DRIFT, SMALL_APP_SUBNET_MAX_SIZE};
-use ic_crypto_ecdsa_secp256k1::PrivateKey;
+use ic_crypto_ecdsa_secp256k1::{PrivateKey, PublicKey};
+use ic_crypto_extended_bip32::{DerivationIndex, DerivationPath};
 use ic_crypto_internal_seed::Seed;
 use ic_crypto_internal_threshold_sig_bls12381::api::{
     combine_signatures, combined_public_key, generate_threshold_key, sign_message,
@@ -109,6 +110,9 @@ use std::{fmt, io};
 use tempfile::TempDir;
 use tokio::runtime::Runtime;
 
+#[cfg(test)]
+mod tests;
+
 struct FakeVerifier;
 
 impl Verifier for FakeVerifier {
@@ -766,13 +770,19 @@ impl StateMachine {
             .sign_with_ecdsa_contexts
             .clone();
         for (id, ecdsa_context) in sign_with_ecdsa_contexts {
-            // TODO Here we use the same key to sign every message.
-            // Once https://dfinity.atlassian.net/browse/CRP-2029 is closed,
-            // we should use the derived private key to sign the message.
-            let signature = self
-                .ecdsa_secret_key
-                .sign_message(&ecdsa_context.message_hash);
+            // The chain code is an additional input used during the key derivation process
+            // to ensure deterministic generation of child keys from the master key.
+            // We are using an array with 32 zeros by default.
+
+            let signature = sign_message_with_derived_key(
+                &self.ecdsa_secret_key,
+                &ecdsa_context.message_hash,
+                &ecdsa_context.derivation_path,
+                &[0; 32],
+            );
+
             let reply = SignWithECDSAReply { signature };
+
             payload.consensus_responses.push(Response {
                 originator: CanisterId::ic_00(),
                 respondent: CanisterId::ic_00(),
@@ -1791,6 +1801,36 @@ impl StateMachine {
     }
 }
 
+fn sign_message_with_derived_key(
+    ecdsa_secret_key: &PrivateKey,
+    message_hash: &[u8],
+    derivation_path: &[Vec<u8>],
+    chain_code: &[u8],
+) -> Vec<u8> {
+    let public_key = ecdsa_secret_key.public_key();
+    let derivation_path = DerivationPath::new(
+        derivation_path
+            .iter()
+            .cloned()
+            .map(DerivationIndex)
+            .collect(),
+    );
+    let derived_public_key_bytes = derivation_path
+        .public_key_derivation(&public_key.serialize_sec1(true), chain_code)
+        .expect("couldn't derive ecdsa public key");
+    let derived_private_key_bytes = derivation_path
+        .private_key_derivation(&ecdsa_secret_key.serialize_sec1(), chain_code)
+        .expect("couldn't derive ecdsa private key");
+    let derived_private_key =
+        PrivateKey::deserialize_sec1(&derived_private_key_bytes.derived_private_key)
+            .expect("couldn't deserialize to sec1 ecdsa private key");
+    let signature = derived_private_key.sign_message(message_hash);
+    let pk = PublicKey::deserialize_sec1(&derived_public_key_bytes.derived_public_key)
+        .expect("couldn't deserialize sec1");
+    assert!(pk.verify_signature(message_hash, &signature));
+    signature
+}
+
 #[derive(Clone)]
 pub struct PayloadBuilder {
     expiry_time: Time,

rs/state_machine_tests/src/lib.rs

@@ -0,0 +1,35 @@
+use ic_crypto_ecdsa_secp256k1::{PrivateKey, PublicKey};
+use ic_crypto_extended_bip32::{DerivationIndex, DerivationPath};
+use proptest::{collection::vec as pvec, prelude::*, prop_assert, proptest};
+
+proptest! {
+    #[test]
+    fn test_derivation_prop(
+        derivation_path_bytes in pvec(pvec(any::<u8>(), 1..10), 1..10),
+        message_hash in pvec(any::<u8>(), 32),
+        chain_code in pvec(any::<u8>(), 32)
+    ) {
+        let private_key_bytes =
+            hex::decode("fb7d1f5b82336bb65b82bf4f27776da4db71c1ef632c6a7c171c0cbfa2ea4920").unwrap();
+
+        let ecdsa_secret_key: PrivateKey =
+            PrivateKey::deserialize_sec1(private_key_bytes.as_slice()).unwrap();
+
+        let signature = crate::sign_message_with_derived_key(&ecdsa_secret_key, &message_hash, &derivation_path_bytes, &chain_code);
+
+        let public_key = ecdsa_secret_key.public_key();
+
+        let derivation_path = DerivationPath::new(
+            derivation_path_bytes
+                .into_iter()
+                .map(DerivationIndex)
+                .collect(),
+        );
+        let derived_public_key_bytes = derivation_path
+            .public_key_derivation(&public_key.serialize_sec1(true), &chain_code)
+            .expect("couldn't derive ecdsa public key");
+        let derived_public_key = PublicKey::deserialize_sec1(&derived_public_key_bytes.derived_public_key)
+            .expect("couldn't deserialize sec1");
+        prop_assert!(derived_public_key.verify_signature(&message_hash, &signature));
+    }
+}