bool key_from_base58(secp256k1_context *secpctx,
const char *base58, size_t base58_len,
bool *test_net, struct privkey *priv, struct pubkey *key)
{
// 1 byte version, 32 byte private key, 1 byte compressed, 4 byte checksum
u8 keybuf[1 + 32 + 1 + 4];
size_t keybuflen = sizeof(keybuf);
b58tobin(keybuf, &keybuflen, base58, base58_len);
if (b58check(keybuf, sizeof(keybuf), base58, base58_len) < 0)
return false;
/* Byte after key should be 1 to represent a compressed key. */
if (keybuf[1 + 32] != 1)
return false;
if (keybuf[0] == 128)
*test_net = false;
else if (keybuf[0] == 239)
*test_net = true;
else
return false;
/* Copy out secret. */
memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
return false;
/* Get public key, too. */
if (!pubkey_from_privkey(secpctx, priv, key))
return false;
return true;
}
bool bp_key_add_secret(struct bp_key *out,
const struct bp_key *key,
const uint8_t *tweak32)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
// If the secret is valid, tweak it and calculate the
// resulting public key. Otherwise tweak the public key (and
// ensure the output private key is invalid).
if (secp256k1_ec_seckey_verify(ctx, key->secret)) {
memcpy(out->secret, key->secret, sizeof(key->secret));
if (secp256k1_ec_privkey_tweak_add(ctx, out->secret, tweak32)) {
return secp256k1_ec_pubkey_create(
ctx, &out->pubkey, out->secret);
}
return false;
}
memset(out->secret, 0, sizeof(out->secret));
memcpy(&out->pubkey, &key->pubkey, sizeof(secp256k1_pubkey));
return secp256k1_ec_pubkey_tweak_add(ctx, &out->pubkey, tweak32);
}
static void keytest_secp256k1()
{
secp256k1_context *secp_ctx = secp256k1_context_create(
SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN
);
{
uint8_t test_private_key[32];
memset(test_private_key, 0, sizeof(test_private_key));
assert(!secp256k1_ec_seckey_verify(secp_ctx, test_private_key));
test_private_key[31] = 0x1;
assert(secp256k1_ec_seckey_verify(secp_ctx, test_private_key));
}
secp256k1_context_destroy(secp_ctx);
}
bool key_from_base58(secp256k1_context *secpctx,
const char *base58, size_t base58_len,
bool *test_net, struct privkey *priv, struct pubkey *key)
{
u8 keybuf[1 + 32 + 1 + 4];
u8 csum[4];
BIGNUM bn;
bool compressed;
size_t keylen;
BN_init(&bn);
if (!raw_decode_base58(&bn, base58, base58_len))
return false;
keylen = BN_num_bytes(&bn);
if (keylen == 1 + 32 + 4)
compressed = false;
else if (keylen == 1 + 32 + 1 + 4)
compressed = true;
else
goto fail_free_bn;
BN_bn2bin(&bn, keybuf);
base58_get_checksum(csum, keybuf, keylen - sizeof(csum));
if (memcmp(csum, keybuf + keylen - sizeof(csum), sizeof(csum)) != 0)
goto fail_free_bn;
/* Byte after key should be 1 to represent a compressed key. */
if (compressed && keybuf[1 + 32] != 1)
goto fail_free_bn;
if (keybuf[0] == 128)
*test_net = false;
else if (keybuf[0] == 239)
*test_net = true;
else
goto fail_free_bn;
/* Copy out secret. */
memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
goto fail_free_bn;
/* Get public key, too, since we know if it's compressed. */
if (!pubkey_from_privkey(secpctx, priv, key,
compressed ? SECP256K1_EC_COMPRESSED : 0))
goto fail_free_bn;
BN_free(&bn);
return true;
fail_free_bn:
BN_free(&bn);
return false;
}
SECP256K1_API jint JNICALL Java_org_commercium_NativeSecp256k1_secp256k1_1ec_1seckey_1verify
(JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l)
{
secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l;
unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject);
(void)classObject;
return secp256k1_ec_seckey_verify(ctx, secKey);
}
bits256 bitcoin_randkey(secp256k1_context *ctx)
{
int32_t i; bits256 privkey;
SECP_ENSURE_CTX
{
for (i=0; i<100; i++)
{
privkey = rand256(0);
if ( secp256k1_ec_seckey_verify(ctx,privkey.bytes) > 0 )
{
ENDSECP_ENSURE_CTX
return(privkey);
}
}
ENDSECP_ENSURE_CTX
}
bool bp_key_secret_get(void *p, size_t len, const struct bp_key *key)
{
if (!p || sizeof(key->secret) > len) {
return false;
}
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
if (!secp256k1_ec_seckey_verify(ctx, key->secret)) {
return false;
}
memcpy(p, key->secret, sizeof(key->secret));
return true;
}
bool bp_privkey_get(const struct bp_key *key, void **privkey, size_t *pk_len)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
if (secp256k1_ec_seckey_verify(ctx, key->secret)) {
void *pk = malloc(279);
if (pk) {
if (ec_privkey_export_der(ctx, pk, pk_len, key->secret, 1)) {
*privkey = pk;
return true;
}
free(pk);
}
}
return false;
}
bool bp_sign(const struct bp_key *key, const void *data, size_t data_len,
void **sig_, size_t *sig_len_)
{
secp256k1_ecdsa_signature sig;
if (32 != data_len) {
return false;
}
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
if (!secp256k1_ec_seckey_verify(ctx, key->secret)) {
return false;
}
if (!secp256k1_ecdsa_sign(ctx, &sig,
data,
key->secret,
secp256k1_nonce_function_rfc6979,
NULL)) {
return false;
}
*sig_ = malloc(72);
*sig_len_ = 72;
if (!secp256k1_ecdsa_signature_serialize_der(ctx, *sig_, sig_len_, &sig)) {
free(sig_);
*sig_ = NULL;
return false;
}
return true;
}
bool key_from_base58(const char *base58, size_t base58_len,
bool *test_net, struct privkey *priv, struct pubkey *key)
{
u8 keybuf[1 + 32 + 1 + 4];
u8 csum[4];
BIGNUM bn;
bool compressed;
secp256k1_context_t *secpctx;
int keylen;
BN_init(&bn);
if (!raw_decode_base58(&bn, base58, base58_len))
return false;
keylen = BN_num_bytes(&bn);
if (keylen == 1 + 32 + 4)
compressed = false;
else if (keylen == 1 + 32 + 1 + 4)
compressed = true;
else
goto fail_free_bn;
BN_bn2bin(&bn, keybuf);
base58_get_checksum(csum, keybuf, keylen - sizeof(csum));
if (memcmp(csum, keybuf + keylen - sizeof(csum), sizeof(csum)) != 0)
goto fail_free_bn;
/* Byte after key should be 1 to represent a compressed key. */
if (compressed && keybuf[1 + 32] != 1)
goto fail_free_bn;
if (keybuf[0] == 128)
*test_net = false;
else if (keybuf[0] == 239)
*test_net = true;
else
goto fail_free_bn;
/* Copy out secret. */
memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
goto fail_free_secpctx;
/* Get public key, too. */
if (!secp256k1_ec_pubkey_create(secpctx, key->key, &keylen,
priv->secret, compressed))
goto fail_free_secpctx;
assert(keylen == pubkey_len(key));
BN_free(&bn);
secp256k1_context_destroy(secpctx);
return true;
fail_free_secpctx:
secp256k1_context_destroy(secpctx);
fail_free_bn:
BN_free(&bn);
return false;
}
void test_ecdsa_end_to_end(void) {
unsigned char privkey[32];
unsigned char message[32];
/* Generate a random key and message. */
{
secp256k1_scalar_t msg, key;
random_scalar_order_test(&msg);
random_scalar_order_test(&key);
secp256k1_scalar_get_b32(privkey, &key);
secp256k1_scalar_get_b32(message, &msg);
}
/* Construct and verify corresponding public key. */
CHECK(secp256k1_ec_seckey_verify(privkey) == 1);
unsigned char pubkey[65]; int pubkeylen = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey, &pubkeylen, privkey, secp256k1_rand32() % 2) == 1);
CHECK(secp256k1_ec_pubkey_verify(pubkey, pubkeylen));
/* Verify private key import and export. */
unsigned char seckey[300]; int seckeylen = 300;
CHECK(secp256k1_ec_privkey_export(privkey, seckey, &seckeylen, secp256k1_rand32() % 2) == 1);
unsigned char privkey2[32];
CHECK(secp256k1_ec_privkey_import(privkey2, seckey, seckeylen) == 1);
CHECK(memcmp(privkey, privkey2, 32) == 0);
/* Optionally tweak the keys using addition. */
if (secp256k1_rand32() % 3 == 0) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
int ret1 = secp256k1_ec_privkey_tweak_add(privkey, rnd);
int ret2 = secp256k1_ec_pubkey_tweak_add(pubkey, pubkeylen, rnd);
CHECK(ret1 == ret2);
if (ret1 == 0) return;
unsigned char pubkey2[65]; int pubkeylen2 = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1);
CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0);
}
/* Optionally tweak the keys using multiplication. */
if (secp256k1_rand32() % 3 == 0) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
int ret1 = secp256k1_ec_privkey_tweak_mul(privkey, rnd);
int ret2 = secp256k1_ec_pubkey_tweak_mul(pubkey, pubkeylen, rnd);
CHECK(ret1 == ret2);
if (ret1 == 0) return;
unsigned char pubkey2[65]; int pubkeylen2 = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1);
CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0);
}
/* Sign. */
unsigned char signature[72]; int signaturelen = 72;
while(1) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
if (secp256k1_ecdsa_sign(message, 32, signature, &signaturelen, privkey, rnd) == 1) {
break;
}
}
/* Verify. */
CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) == 1);
/* Destroy signature and verify again. */
signature[signaturelen - 1 - secp256k1_rand32() % 20] += 1 + (secp256k1_rand32() % 255);
CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) != 1);
/* Compact sign. */
unsigned char csignature[64]; int recid = 0;
while(1) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
if (secp256k1_ecdsa_sign_compact(message, 32, csignature, privkey, rnd, &recid) == 1) {
break;
}
}
/* Recover. */
unsigned char recpubkey[65]; int recpubkeylen = 0;
CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) == 1);
CHECK(recpubkeylen == pubkeylen);
CHECK(memcmp(pubkey, recpubkey, pubkeylen) == 0);
/* Destroy signature and verify again. */
csignature[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255);
CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) != 1 ||
memcmp(pubkey, recpubkey, pubkeylen) != 0);
CHECK(recpubkeylen == pubkeylen);
}
bool verify_private_key(const ec_secret& private_key)
{
init.init();
return secp256k1_ec_seckey_verify(private_key.data()) == 1;
}
bool ecc_verify_privatekey(const uint8_t *private_key)
{
assert(secp256k1_ctx);
return secp256k1_ec_seckey_verify(secp256k1_ctx, (const unsigned char *)private_key);
}
bool verify(const ec_secret& secret)
{
const auto context = verification.context();
return secp256k1_ec_seckey_verify(context, secret.data()) == 1;
}
