bool secret_to_public(const secp256k1_context* context, byte_array<Size>& out, const ec_secret& secret) { secp256k1_pubkey pubkey; return secp256k1_ec_pubkey_create(context, &pubkey, secret.data()) == 1 && serialize(context, out, pubkey); }
static void random_key(secp256k1_context *ctx, struct seckey *seckey, secp256k1_pubkey *pkey) { do { random_bytes(seckey->u.u8, sizeof(seckey->u)); } while (!secp256k1_ec_pubkey_create(ctx, pkey, seckey->u.u8)); }
bool bp_key_add_secret(struct bp_key *out, const struct bp_key *key, const uint8_t *tweak32) { secp256k1_context *ctx = get_secp256k1_context(); if (!ctx) { return false; } // If the secret is valid, tweak it and calculate the // resulting public key. Otherwise tweak the public key (and // ensure the output private key is invalid). if (secp256k1_ec_seckey_verify(ctx, key->secret)) { memcpy(out->secret, key->secret, sizeof(key->secret)); if (secp256k1_ec_privkey_tweak_add(ctx, out->secret, tweak32)) { return secp256k1_ec_pubkey_create( ctx, &out->pubkey, out->secret); } return false; } memset(out->secret, 0, sizeof(out->secret)); memcpy(&out->pubkey, &key->pubkey, sizeof(secp256k1_pubkey)); return secp256k1_ec_pubkey_tweak_add(ctx, &out->pubkey, tweak32); }
int main(void) { int i; secp256k1_pubkey pubkey; secp256k1_ecdsa_signature sig; benchmark_verify_t data; data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); for (i = 0; i < 32; i++) { data.msg[i] = 1 + i; } for (i = 0; i < 32; i++) { data.key[i] = 33 + i; } data.siglen = 72; CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); data.pubkeylen = 33; CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000); #ifdef ENABLE_OPENSSL_TESTS data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000); EC_GROUP_free(data.ec_group); #endif secp256k1_context_destroy(data.ctx); return 0; }
int main(void) { int i; secp256k1_pubkey_t pubkey; secp256k1_ecdsa_signature_t sig; benchmark_verify_t data; data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); for (i = 0; i < 32; i++) { data.msg[i] = 1 + i; } for (i = 0; i < 32; i++) { data.key[i] = 33 + i; } data.siglen = 72; CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000); secp256k1_context_destroy(data.ctx); return 0; }
public_key private_key::get_public_key()const { FC_ASSERT( my->_key != empty_priv ); public_key_data pub; unsigned int pk_len; FC_ASSERT( secp256k1_ec_pubkey_create( detail::_get_context(), (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) ); FC_ASSERT( pk_len == pub.size() ); return public_key(pub); }
bool bp_privkey_set(struct bp_key *key, const void *privkey, size_t pk_len) { secp256k1_context *ctx = get_secp256k1_context(); if (!ctx) { return false; } if (ec_privkey_import_der(ctx, key->secret, privkey, pk_len)) { if (secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret)) { return true; } } return false; }
bool bp_key_secret_set(struct bp_key *key, const void *privkey_, size_t pk_len) { secp256k1_context *ctx = get_secp256k1_context(); if (!ctx) { return false; } if (sizeof(key->secret) == pk_len) { memcpy(key->secret, privkey_, sizeof(key->secret)); if (secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret)) { return true; } } return false; }
ec_point secret_to_public_key(const ec_secret& secret, bool compressed) { init.init(); size_t public_key_size = ec_uncompressed_size; if (compressed) public_key_size = ec_compressed_size; ec_point out(public_key_size); int out_size; if (!secp256k1_ec_pubkey_create(out.data(), &out_size, secret.data(), compressed)) return ec_point(); BITCOIN_ASSERT(public_key_size == static_cast<size_t>(out_size)); return out; }
bool bp_key_generate(struct bp_key *key) { secp256k1_context *ctx = get_secp256k1_context(); if (!ctx) { return false; } // Keep trying until public key generation passes (random // secret is valid). do { if (!RAND_bytes(key->secret, (int )sizeof(key->secret))) { return false; } } while (!secp256k1_ec_pubkey_create(ctx, &key->pubkey, key->secret)); return true; }
void ecc_get_pubkey(const uint8_t *private_key, uint8_t *public_key, int public_key_len, int compressed) { secp256k1_pubkey pubkey; assert(secp256k1_ctx); memset(public_key, 0, public_key_len); if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &pubkey, (const unsigned char *)private_key)) { return; } if (!secp256k1_ec_pubkey_serialize(secp256k1_ctx, public_key, (size_t *)&public_key_len, &pubkey, compressed)) { return; } return; }
SECP256K1_API jobjectArray JNICALL Java_org_commercium_NativeSecp256k1_secp256k1_1ec_1pubkey_1create (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l) { secp256k1_context *ctx = (secp256k1_context*)(uintptr_t)ctx_l; const unsigned char* secKey = (unsigned char*) (*env)->GetDirectBufferAddress(env, byteBufferObject); secp256k1_pubkey pubkey; jobjectArray retArray; jbyteArray pubkeyArray, intsByteArray; unsigned char intsarray[2]; int ret = secp256k1_ec_pubkey_create(ctx, &pubkey, secKey); unsigned char outputSer[65]; size_t outputLen = 65; if( ret ) { int ret2 = secp256k1_ec_pubkey_serialize(ctx,outputSer, &outputLen, &pubkey,SECP256K1_EC_UNCOMPRESSED );(void)ret2; } intsarray[0] = outputLen; intsarray[1] = ret; retArray = (*env)->NewObjectArray(env, 2, (*env)->FindClass(env, "[B"), (*env)->NewByteArray(env, 1)); pubkeyArray = (*env)->NewByteArray(env, outputLen); (*env)->SetByteArrayRegion(env, pubkeyArray, 0, outputLen, (jbyte*)outputSer); (*env)->SetObjectArrayElement(env, retArray, 0, pubkeyArray); intsByteArray = (*env)->NewByteArray(env, 2); (*env)->SetByteArrayRegion(env, intsByteArray, 0, 2, (jbyte*)intsarray); (*env)->SetObjectArrayElement(env, retArray, 1, intsByteArray); (void)classObject; return retArray; }
void BitcoinECCgetPubkey_secp256k1(unsigned char *Here64x,unsigned char *Secret){ unsigned char privkey[32]; unsigned char pubkeyc[65]; int pubkeyclen = 65; secp256k1_pubkey_t pubkey; unsigned char digest[SHA256_DIGEST_LENGTH]; unsigned char digest2[20]; //secp256k1_ec_seckey_verify(ctx,Secret); secp256k1_ec_pubkey_create(ctx, &pubkey, Secret); secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, 0); SHA256((unsigned char*)pubkeyc, pubkeyclen, digest); RIPEMD160((unsigned char*)digest, SHA256_DIGEST_LENGTH, digest2); for (int i = 0; i < 20; i++){ sprintf((char*)Here64x+i*2, "%02x", digest2[i]); } return; }
bool per_commit_point(const struct sha256 *shaseed, struct pubkey *commit_point, u64 per_commit_index) { struct secret secret; if (!per_commit_secret(shaseed, &secret, per_commit_index)) return false; /* BOLT #3: * * The `per_commitment_point` is generated using elliptic-curve * multiplication: * * per_commitment_point = per_commitment_secret * G */ if (secp256k1_ec_pubkey_create(secp256k1_ctx, &commit_point->pubkey, secret.data) != 1) return false; return true; }
bool key_from_base58(const char *base58, size_t base58_len, bool *test_net, struct privkey *priv, struct pubkey *key) { u8 keybuf[1 + 32 + 1 + 4]; u8 csum[4]; BIGNUM bn; bool compressed; secp256k1_context_t *secpctx; int keylen; BN_init(&bn); if (!raw_decode_base58(&bn, base58, base58_len)) return false; keylen = BN_num_bytes(&bn); if (keylen == 1 + 32 + 4) compressed = false; else if (keylen == 1 + 32 + 1 + 4) compressed = true; else goto fail_free_bn; BN_bn2bin(&bn, keybuf); base58_get_checksum(csum, keybuf, keylen - sizeof(csum)); if (memcmp(csum, keybuf + keylen - sizeof(csum), sizeof(csum)) != 0) goto fail_free_bn; /* Byte after key should be 1 to represent a compressed key. */ if (compressed && keybuf[1 + 32] != 1) goto fail_free_bn; if (keybuf[0] == 128) *test_net = false; else if (keybuf[0] == 239) *test_net = true; else goto fail_free_bn; /* Copy out secret. */ memcpy(priv->secret, keybuf + 1, sizeof(priv->secret)); secpctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); if (!secp256k1_ec_seckey_verify(secpctx, priv->secret)) goto fail_free_secpctx; /* Get public key, too. */ if (!secp256k1_ec_pubkey_create(secpctx, key->key, &keylen, priv->secret, compressed)) goto fail_free_secpctx; assert(keylen == pubkey_len(key)); BN_free(&bn); secp256k1_context_destroy(secpctx); return true; fail_free_secpctx: secp256k1_context_destroy(secpctx); fail_free_bn: BN_free(&bn); return false; }
int main(void) { setup_locale(); struct privkey privkey; struct secret base_secret, per_commitment_secret; struct pubkey base_point, per_commitment_point, pubkey, pubkey2; setup_tmpctx(); secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN); base_secret = secret_from_hex("0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"); per_commitment_secret = secret_from_hex("0x1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100"); printf("base_secret: 0x%s\n", tal_hexstr(tmpctx, &base_secret, sizeof(base_secret))); printf("per_commitment_secret: 0x%s\n", tal_hexstr(tmpctx, &per_commitment_secret, sizeof(per_commitment_secret))); if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &per_commitment_point.pubkey, per_commitment_secret.data)) abort(); if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &base_point.pubkey, base_secret.data)) abort(); printf("base_point: 0x%s\n", type_to_string(tmpctx, struct pubkey, &base_point)); printf("per_commitment_point: 0x%s\n", type_to_string(tmpctx, struct pubkey, &per_commitment_point)); /* FIXME: Annotate internal steps. */ if (!derive_simple_key(&base_point, &per_commitment_point, &pubkey)) abort(); printf("localkey: 0x%s\n", type_to_string(tmpctx, struct pubkey, &pubkey)); if (!derive_simple_privkey(&base_secret, &base_point, &per_commitment_point, &privkey)) abort(); printf("localprivkey: 0x%s\n", tal_hexstr(tmpctx, &privkey, sizeof(privkey))); pubkey_from_privkey(&privkey, &pubkey2); assert(pubkey_eq(&pubkey, &pubkey2)); /* FIXME: Annotate internal steps. */ if (!derive_revocation_key(&base_point, &per_commitment_point, &pubkey)) abort(); printf("revocationkey: 0x%s\n", type_to_string(tmpctx, struct pubkey, &pubkey)); if (!derive_revocation_privkey(&base_secret, &per_commitment_secret, &base_point, &per_commitment_point, &privkey)) abort(); printf("revocationprivkey: 0x%s\n", tal_hexstr(tmpctx, &privkey, sizeof(privkey))); pubkey_from_privkey(&privkey, &pubkey2); assert(pubkey_eq(&pubkey, &pubkey2)); /* No memory leaks please */ secp256k1_context_destroy(secp256k1_ctx); tal_free(tmpctx); return 0; }
int main(int argc, char *argv[]) { secp256k1_context *ctx; struct onion onion; bool generate = false, decode = false; assert(EVP_CIPHER_iv_length(EVP_aes_128_ctr()) == sizeof(struct iv)); opt_register_noarg("--help|-h", opt_usage_and_exit, "--generate <pubkey>... OR\n" "--decode <privkey>\n" "Either create an onion message, or decode one step", "Print this message."); opt_register_noarg("--generate", opt_set_bool, &generate, "Generate onion through the given hex pubkeys"); opt_register_noarg("--decode", opt_set_bool, &decode, "Decode onion given the private key"); opt_register_version(); opt_parse(&argc, argv, opt_log_stderr_exit); ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); if (generate) { secp256k1_pubkey pubkeys[MAX_HOPS]; char *msgs[MAX_HOPS]; size_t i; if (argc == 1) opt_usage_exit_fail("Expected at least one pubkey"); if (argc-1 > MAX_HOPS) opt_usage_exit_fail("Expected at most %u pubkeys", MAX_HOPS); for (i = 1; i < argc; i++) { if (!parse_onion_pubkey(ctx, argv[i], &pubkeys[i-1])) errx(1, "Bad pubkey '%s'", argv[i]); msgs[i-1] = make_message(ctx, &pubkeys[i-1]); } if (!create_onion(pubkeys, msgs, argc - 1, &onion)) errx(1, "Creating onion packet failed"); if (!write_all(STDOUT_FILENO, &onion, sizeof(onion))) err(1, "Writing onion packet"); return 0; } else if (decode) { struct seckey seckey; secp256k1_pubkey pubkey; struct enckey enckey; struct iv pad_iv; if (argc != 2) opt_usage_exit_fail("Expect a privkey with --decode"); if (!hex_decode(argv[1], strlen(argv[1]), &seckey, sizeof(seckey))) errx(1, "Invalid private key hex '%s'", argv[1]); if (!secp256k1_ec_pubkey_create(ctx, &pubkey, seckey.u.u8)) errx(1, "Invalid private key '%s'", argv[1]); if (!read_all(STDIN_FILENO, &onion, sizeof(onion))) errx(1, "Reading in onion"); if (!decrypt_onion(&seckey, &onion, &enckey, &pad_iv)) errx(1, "Failed decrypting onion for '%s'", argv[1]); if (strncmp((char *)myhop(&onion)->msg, make_message(ctx, &pubkey), sizeof(myhop(&onion)->msg))) errx(1, "Bad message '%s'", (char *)myhop(&onion)->msg); if (!peel_onion(&onion, &enckey, &pad_iv)) errx(1, "Peeling onion for '%s'", argv[1]); if (!write_all(STDOUT_FILENO, &onion, sizeof(onion))) err(1, "Writing onion packet"); return 0; } else opt_usage_exit_fail("Need --decode or --generate"); secp256k1_context_destroy(ctx); return 0; }
void test_ecdsa_end_to_end(void) { unsigned char privkey[32]; unsigned char message[32]; /* Generate a random key and message. */ { secp256k1_scalar_t msg, key; random_scalar_order_test(&msg); random_scalar_order_test(&key); secp256k1_scalar_get_b32(privkey, &key); secp256k1_scalar_get_b32(message, &msg); } /* Construct and verify corresponding public key. */ CHECK(secp256k1_ec_seckey_verify(privkey) == 1); unsigned char pubkey[65]; int pubkeylen = 65; CHECK(secp256k1_ec_pubkey_create(pubkey, &pubkeylen, privkey, secp256k1_rand32() % 2) == 1); CHECK(secp256k1_ec_pubkey_verify(pubkey, pubkeylen)); /* Verify private key import and export. */ unsigned char seckey[300]; int seckeylen = 300; CHECK(secp256k1_ec_privkey_export(privkey, seckey, &seckeylen, secp256k1_rand32() % 2) == 1); unsigned char privkey2[32]; CHECK(secp256k1_ec_privkey_import(privkey2, seckey, seckeylen) == 1); CHECK(memcmp(privkey, privkey2, 32) == 0); /* Optionally tweak the keys using addition. */ if (secp256k1_rand32() % 3 == 0) { unsigned char rnd[32]; secp256k1_rand256_test(rnd); int ret1 = secp256k1_ec_privkey_tweak_add(privkey, rnd); int ret2 = secp256k1_ec_pubkey_tweak_add(pubkey, pubkeylen, rnd); CHECK(ret1 == ret2); if (ret1 == 0) return; unsigned char pubkey2[65]; int pubkeylen2 = 65; CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1); CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0); } /* Optionally tweak the keys using multiplication. */ if (secp256k1_rand32() % 3 == 0) { unsigned char rnd[32]; secp256k1_rand256_test(rnd); int ret1 = secp256k1_ec_privkey_tweak_mul(privkey, rnd); int ret2 = secp256k1_ec_pubkey_tweak_mul(pubkey, pubkeylen, rnd); CHECK(ret1 == ret2); if (ret1 == 0) return; unsigned char pubkey2[65]; int pubkeylen2 = 65; CHECK(secp256k1_ec_pubkey_create(pubkey2, &pubkeylen2, privkey, pubkeylen == 33) == 1); CHECK(memcmp(pubkey, pubkey2, pubkeylen) == 0); } /* Sign. */ unsigned char signature[72]; int signaturelen = 72; while(1) { unsigned char rnd[32]; secp256k1_rand256_test(rnd); if (secp256k1_ecdsa_sign(message, 32, signature, &signaturelen, privkey, rnd) == 1) { break; } } /* Verify. */ CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) == 1); /* Destroy signature and verify again. */ signature[signaturelen - 1 - secp256k1_rand32() % 20] += 1 + (secp256k1_rand32() % 255); CHECK(secp256k1_ecdsa_verify(message, 32, signature, signaturelen, pubkey, pubkeylen) != 1); /* Compact sign. */ unsigned char csignature[64]; int recid = 0; while(1) { unsigned char rnd[32]; secp256k1_rand256_test(rnd); if (secp256k1_ecdsa_sign_compact(message, 32, csignature, privkey, rnd, &recid) == 1) { break; } } /* Recover. */ unsigned char recpubkey[65]; int recpubkeylen = 0; CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) == 1); CHECK(recpubkeylen == pubkeylen); CHECK(memcmp(pubkey, recpubkey, pubkeylen) == 0); /* Destroy signature and verify again. */ csignature[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255); CHECK(secp256k1_ecdsa_recover_compact(message, 32, csignature, recpubkey, &recpubkeylen, pubkeylen == 33, recid) != 1 || memcmp(pubkey, recpubkey, pubkeylen) != 0); CHECK(recpubkeylen == pubkeylen); }