bool secret_to_public(const secp256k1_context* context, byte_array<Size>& out,
const ec_secret& secret)
{
secp256k1_pubkey pubkey;
return secp256k1_ec_pubkey_create(context, &pubkey, secret.data()) == 1 &&
serialize(context, out, pubkey);
}
static void random_key(secp256k1_context *ctx,
struct seckey *seckey, secp256k1_pubkey *pkey)
{
do {
random_bytes(seckey->u.u8, sizeof(seckey->u));
} while (!secp256k1_ec_pubkey_create(ctx, pkey, seckey->u.u8));
}
bool bp_key_add_secret(struct bp_key *out,
const struct bp_key *key,
const uint8_t *tweak32)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
// If the secret is valid, tweak it and calculate the
// resulting public key. Otherwise tweak the public key (and
// ensure the output private key is invalid).
if (secp256k1_ec_seckey_verify(ctx, key->secret)) {
memcpy(out->secret, key->secret, sizeof(key->secret));
if (secp256k1_ec_privkey_tweak_add(ctx, out->secret, tweak32)) {
return secp256k1_ec_pubkey_create(
ctx, &out->pubkey, out->secret);
}
return false;
}
memset(out->secret, 0, sizeof(out->secret));
memcpy(&out->pubkey, &key->pubkey, sizeof(secp256k1_pubkey));
return secp256k1_ec_pubkey_tweak_add(ctx, &out->pubkey, tweak32);
}
int main(void) {
int i;
secp256k1_pubkey pubkey;
secp256k1_ecdsa_signature sig;
benchmark_verify_t data;
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
for (i = 0; i < 32; i++) {
data.msg[i] = 1 + i;
}
for (i = 0; i < 32; i++) {
data.key[i] = 33 + i;
}
data.siglen = 72;
CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
data.pubkeylen = 33;
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
#ifdef ENABLE_OPENSSL_TESTS
data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);
EC_GROUP_free(data.ec_group);
#endif
secp256k1_context_destroy(data.ctx);
return 0;
}
int main(void) {
int i;
secp256k1_pubkey_t pubkey;
secp256k1_ecdsa_signature_t sig;
benchmark_verify_t data;
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
for (i = 0; i < 32; i++) {
data.msg[i] = 1 + i;
}
for (i = 0; i < 32; i++) {
data.key[i] = 33 + i;
}
data.siglen = 72;
CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
secp256k1_context_destroy(data.ctx);
return 0;
}
public_key private_key::get_public_key()const
{
FC_ASSERT( my->_key != empty_priv );
public_key_data pub;
unsigned int pk_len;
FC_ASSERT( secp256k1_ec_pubkey_create( detail::_get_context(), (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) );
FC_ASSERT( pk_len == pub.size() );
return public_key(pub);
}
bool bp_privkey_set(struct bp_key *key, const void *privkey, size_t pk_len)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
if (ec_privkey_import_der(ctx, key->secret, privkey, pk_len)) {
if (secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret)) {
return true;
}
}
return false;
}
bool bp_key_secret_set(struct bp_key *key, const void *privkey_, size_t pk_len)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
if (sizeof(key->secret) == pk_len) {
memcpy(key->secret, privkey_, sizeof(key->secret));
if (secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret)) {
return true;
}
}
return false;
}
ec_point secret_to_public_key(const ec_secret& secret,
bool compressed)
{
init.init();
size_t public_key_size = ec_uncompressed_size;
if (compressed)
public_key_size = ec_compressed_size;
ec_point out(public_key_size);
int out_size;
if (!secp256k1_ec_pubkey_create(out.data(), &out_size, secret.data(),
compressed))
return ec_point();
BITCOIN_ASSERT(public_key_size == static_cast<size_t>(out_size));
return out;
}
bool bp_key_generate(struct bp_key *key)
{
secp256k1_context *ctx = get_secp256k1_context();
if (!ctx) {
return false;
}
// Keep trying until public key generation passes (random
// secret is valid).
do {
if (!RAND_bytes(key->secret, (int )sizeof(key->secret))) {
return false;
}
} while (!secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret));
return true;
}
void ecc_get_pubkey(const uint8_t *private_key, uint8_t *public_key,
int public_key_len, int compressed)
{
secp256k1_pubkey pubkey;
assert(secp256k1_ctx);
memset(public_key, 0, public_key_len);
if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &pubkey, (const unsigned char *)private_key)) {
return;
}
if (!secp256k1_ec_pubkey_serialize(secp256k1_ctx, public_key, (size_t *)&public_key_len, &pubkey,
compressed)) {
return;
}
return;
}
SECP256K1_API jobjectArray JNICALL Java_org_commercium_NativeSecp256k1_secp256k1_1ec_1pubkey_1create
(JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l)
{
secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l;
const unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject);
secp256k1_pubkey pubkey;
jobjectArray retArray;
jbyteArray pubkeyArray, intsByteArray;
unsigned char intsarray[2];
int ret = secp256k1_ec_pubkey_create(ctx, &pubkey, secKey);
unsigned char outputSer[65];
size_t outputLen = 65;
if( ret ) {
int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2;
}
intsarray[0] = outputLen;
intsarray[1] = ret;
retArray = (*env)->NewObjectArray(env, 2,
(*env)->FindClass(env, "[B"),
(*env)->NewByteArray(env, 1));
pubkeyArray = (*env)->NewByteArray(env, outputLen);
(*env)->SetByteArrayRegion(env, pubkeyArray, 0, outputLen, (jbyte*)outputSer);
(*env)->SetObjectArrayElement(env, retArray, 0, pubkeyArray);
intsByteArray = (*env)->NewByteArray(env, 2);
(*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray);
(*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray);
(void)classObject;
return retArray;
}
void BitcoinECCgetPubkey_secp256k1(unsigned char *Here64x,unsigned char *Secret){
unsigned char privkey[32];
unsigned char pubkeyc[65];
int pubkeyclen = 65;
secp256k1_pubkey_t pubkey;
unsigned char digest[SHA256_DIGEST_LENGTH];
unsigned char digest2[20];
//secp256k1_ec_seckey_verify(ctx,Secret);
secp256k1_ec_pubkey_create(ctx, &pubkey, Secret);
secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, 0);
SHA256((unsigned char*)pubkeyc, pubkeyclen, digest);
RIPEMD160((unsigned char*)digest, SHA256_DIGEST_LENGTH, digest2);
for (int i = 0; i < 20; i++){
sprintf((char*)Here64x+i*2, "%02x", digest2[i]);
}
return;
}
bool per_commit_point(const struct sha256 *shaseed,
struct pubkey *commit_point,
u64 per_commit_index)
{
struct secret secret;
if (!per_commit_secret(shaseed, &secret, per_commit_index))
return false;
/* BOLT #3:
*
* The `per_commitment_point` is generated using elliptic-curve
* multiplication:
*
* per_commitment_point = per_commitment_secret * G
*/
if (secp256k1_ec_pubkey_create(secp256k1_ctx,
&commit_point->pubkey,
secret.data) != 1)
return false;
return true;
}
bool key_from_base58(const char *base58, size_t base58_len,
bool *test_net, struct privkey *priv, struct pubkey *key)
{
u8 keybuf[1 + 32 + 1 + 4];
u8 csum[4];
BIGNUM bn;
bool compressed;
secp256k1_context_t *secpctx;
int keylen;
BN_init(&bn);
if (!raw_decode_base58(&bn, base58, base58_len))
return false;
keylen = BN_num_bytes(&bn);
if (keylen == 1 + 32 + 4)
compressed = false;
else if (keylen == 1 + 32 + 1 + 4)
compressed = true;
else
goto fail_free_bn;
BN_bn2bin(&bn, keybuf);
base58_get_checksum(csum, keybuf, keylen - sizeof(csum));
if (memcmp(csum, keybuf + keylen - sizeof(csum), sizeof(csum)) != 0)
goto fail_free_bn;
/* Byte after key should be 1 to represent a compressed key. */
if (compressed && keybuf[1 + 32] != 1)
goto fail_free_bn;
if (keybuf[0] == 128)
*test_net = false;
else if (keybuf[0] == 239)
*test_net = true;
else
goto fail_free_bn;
/* Copy out secret. */
memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
goto fail_free_secpctx;
/* Get public key, too. */
if (!secp256k1_ec_pubkey_create(secpctx, key->key, &keylen,
priv->secret, compressed))
goto fail_free_secpctx;
assert(keylen == pubkey_len(key));
BN_free(&bn);
secp256k1_context_destroy(secpctx);
return true;
fail_free_secpctx:
secp256k1_context_destroy(secpctx);
fail_free_bn:
BN_free(&bn);
return false;
}
int main(void)
{
setup_locale();
struct privkey privkey;
struct secret base_secret, per_commitment_secret;
struct pubkey base_point, per_commitment_point, pubkey, pubkey2;
setup_tmpctx();
secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY
| SECP256K1_CONTEXT_SIGN);
base_secret = secret_from_hex("0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
per_commitment_secret = secret_from_hex("0x1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100");
printf("base_secret: 0x%s\n",
tal_hexstr(tmpctx, &base_secret, sizeof(base_secret)));
printf("per_commitment_secret: 0x%s\n",
tal_hexstr(tmpctx, &per_commitment_secret,
sizeof(per_commitment_secret)));
if (!secp256k1_ec_pubkey_create(secp256k1_ctx,
&per_commitment_point.pubkey,
per_commitment_secret.data))
abort();
if (!secp256k1_ec_pubkey_create(secp256k1_ctx,
&base_point.pubkey,
base_secret.data))
abort();
printf("base_point: 0x%s\n",
type_to_string(tmpctx, struct pubkey, &base_point));
printf("per_commitment_point: 0x%s\n",
type_to_string(tmpctx, struct pubkey, &per_commitment_point));
/* FIXME: Annotate internal steps. */
if (!derive_simple_key(&base_point, &per_commitment_point, &pubkey))
abort();
printf("localkey: 0x%s\n",
type_to_string(tmpctx, struct pubkey, &pubkey));
if (!derive_simple_privkey(&base_secret, &base_point,
&per_commitment_point, &privkey))
abort();
printf("localprivkey: 0x%s\n",
tal_hexstr(tmpctx, &privkey, sizeof(privkey)));
pubkey_from_privkey(&privkey, &pubkey2);
assert(pubkey_eq(&pubkey, &pubkey2));
/* FIXME: Annotate internal steps. */
if (!derive_revocation_key(&base_point, &per_commitment_point, &pubkey))
abort();
printf("revocationkey: 0x%s\n",
type_to_string(tmpctx, struct pubkey, &pubkey));
if (!derive_revocation_privkey(&base_secret, &per_commitment_secret,
&base_point, &per_commitment_point,
&privkey))
abort();
printf("revocationprivkey: 0x%s\n",
tal_hexstr(tmpctx, &privkey, sizeof(privkey)));
pubkey_from_privkey(&privkey, &pubkey2);
assert(pubkey_eq(&pubkey, &pubkey2));
/* No memory leaks please */
secp256k1_context_destroy(secp256k1_ctx);
tal_free(tmpctx);
return 0;
}
int main(int argc, char *argv[])
{
secp256k1_context *ctx;
struct onion onion;
bool generate = false, decode = false;
assert(EVP_CIPHER_iv_length(EVP_aes_128_ctr()) == sizeof(struct iv));
opt_register_noarg("--help|-h", opt_usage_and_exit,
"--generate <pubkey>... OR\n"
"--decode <privkey>\n"
"Either create an onion message, or decode one step",
"Print this message.");
opt_register_noarg("--generate",
opt_set_bool, &generate,
"Generate onion through the given hex pubkeys");
opt_register_noarg("--decode",
opt_set_bool, &decode,
"Decode onion given the private key");
opt_register_version();
opt_parse(&argc, argv, opt_log_stderr_exit);
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
if (generate) {
secp256k1_pubkey pubkeys[MAX_HOPS];
char *msgs[MAX_HOPS];
size_t i;
if (argc == 1)
opt_usage_exit_fail("Expected at least one pubkey");
if (argc-1 > MAX_HOPS)
opt_usage_exit_fail("Expected at most %u pubkeys",
MAX_HOPS);
for (i = 1; i < argc; i++) {
if (!parse_onion_pubkey(ctx, argv[i], &pubkeys[i-1]))
errx(1, "Bad pubkey '%s'", argv[i]);
msgs[i-1] = make_message(ctx, &pubkeys[i-1]);
}
if (!create_onion(pubkeys, msgs, argc - 1, &onion))
errx(1, "Creating onion packet failed");
if (!write_all(STDOUT_FILENO, &onion, sizeof(onion)))
err(1, "Writing onion packet");
return 0;
} else if (decode) {
struct seckey seckey;
secp256k1_pubkey pubkey;
struct enckey enckey;
struct iv pad_iv;
if (argc != 2)
opt_usage_exit_fail("Expect a privkey with --decode");
if (!hex_decode(argv[1], strlen(argv[1]), &seckey, sizeof(seckey)))
errx(1, "Invalid private key hex '%s'", argv[1]);
if (!secp256k1_ec_pubkey_create(ctx, &pubkey, seckey.u.u8))
errx(1, "Invalid private key '%s'", argv[1]);
if (!read_all(STDIN_FILENO, &onion, sizeof(onion)))
errx(1, "Reading in onion");
if (!decrypt_onion(&seckey, &onion, &enckey, &pad_iv))
errx(1, "Failed decrypting onion for '%s'", argv[1]);
if (strncmp((char *)myhop(&onion)->msg, make_message(ctx, &pubkey),
sizeof(myhop(&onion)->msg)))
errx(1, "Bad message '%s'", (char *)myhop(&onion)->msg);
if (!peel_onion(&onion, &enckey, &pad_iv))
errx(1, "Peeling onion for '%s'", argv[1]);
if (!write_all(STDOUT_FILENO, &onion, sizeof(onion)))
err(1, "Writing onion packet");
return 0;
} else
opt_usage_exit_fail("Need --decode or --generate");
secp256k1_context_destroy(ctx);
return 0;
}
void test_ecdsa_end_to_end(void) {
unsigned char privkey[32];
unsigned char message[32];
/* Generate a random key and message. */
{
secp256k1_scalar_t msg, key;
random_scalar_order_test(&msg);
random_scalar_order_test(&key);
secp256k1_scalar_get_b32(privkey, &key);
secp256k1_scalar_get_b32(message, &msg);
}
/* Construct and verify corresponding public key. */
CHECK(secp256k1_ec_seckey_verify(privkey) == 1);
unsigned char pubkey[65]; int pubkeylen = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey, &pubkeylen, privkey, secp256k1_rand32() % 2) == 1);
CHECK(secp256k1_ec_pubkey_verify(pubkey, pubkeylen));
/* Verify private key import and export. */
unsigned char seckey[300]; int seckeylen = 300;
CHECK(secp256k1_ec_privkey_export(privkey, seckey, &seckeylen, secp256k1_rand32() % 2) == 1);
unsigned char privkey2[32];
CHECK(secp256k1_ec_privkey_import(privkey2, seckey, seckeylen) == 1);
CHECK(memcmp(privkey, privkey2, 32) == 0);
/* Optionally tweak the keys using addition. */
if (secp256k1_rand32() % 3 == 0) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
int ret1 = secp256k1_ec_privkey_tweak_add(privkey, rnd);
int ret2 = secp256k1_ec_pubkey_tweak_add(pubkey, pubkeylen, rnd);
CHECK(ret1 == ret2);
if (ret1 == 0) return;
unsigned char pubkey2[65]; int pubkeylen2 = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1);
CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0);
}
/* Optionally tweak the keys using multiplication. */
if (secp256k1_rand32() % 3 == 0) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
int ret1 = secp256k1_ec_privkey_tweak_mul(privkey, rnd);
int ret2 = secp256k1_ec_pubkey_tweak_mul(pubkey, pubkeylen, rnd);
CHECK(ret1 == ret2);
if (ret1 == 0) return;
unsigned char pubkey2[65]; int pubkeylen2 = 65;
CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1);
CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0);
}
/* Sign. */
unsigned char signature[72]; int signaturelen = 72;
while(1) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
if (secp256k1_ecdsa_sign(message, 32, signature, &signaturelen, privkey, rnd) == 1) {
break;
}
}
/* Verify. */
CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) == 1);
/* Destroy signature and verify again. */
signature[signaturelen - 1 - secp256k1_rand32() % 20] += 1 + (secp256k1_rand32() % 255);
CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) != 1);
/* Compact sign. */
unsigned char csignature[64]; int recid = 0;
while(1) {
unsigned char rnd[32];
secp256k1_rand256_test(rnd);
if (secp256k1_ecdsa_sign_compact(message, 32, csignature, privkey, rnd, &recid) == 1) {
break;
}
}
/* Recover. */
unsigned char recpubkey[65]; int recpubkeylen = 0;
CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) == 1);
CHECK(recpubkeylen == pubkeylen);
CHECK(memcmp(pubkey, recpubkey, pubkeylen) == 0);
/* Destroy signature and verify again. */
csignature[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255);
CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) != 1 ||
memcmp(pubkey, recpubkey, pubkeylen) != 0);
CHECK(recpubkeylen == pubkeylen);
}
