2014-08-12 02:26:14 +00:00
|
|
|
// Bitcoin secp256k1 bindings
|
|
|
|
// Written in 2014 by
|
|
|
|
// Dawid Ciężarkiewicz
|
|
|
|
// Andrew Poelstra
|
|
|
|
//
|
|
|
|
// To the extent possible under law, the author(s) have dedicated all
|
|
|
|
// copyright and related and neighboring rights to this software to
|
|
|
|
// the public domain worldwide. This software is distributed without
|
|
|
|
// any warranty.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the CC0 Public Domain Dedication
|
|
|
|
// along with this software.
|
|
|
|
// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
|
|
//
|
|
|
|
|
2015-10-09 16:39:42 +00:00
|
|
|
//! # Public and secret keys
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2017-12-19 20:49:01 +00:00
|
|
|
#[cfg(any(test, feature = "rand"))] use rand::Rng;
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2019-08-08 21:19:31 +00:00
|
|
|
use core::{fmt, str};
|
2017-12-21 00:59:22 +00:00
|
|
|
|
2018-08-26 18:39:41 +00:00
|
|
|
use super::{from_hex, Secp256k1};
|
2018-06-03 08:48:21 +00:00
|
|
|
use super::Error::{self, InvalidPublicKey, InvalidSecretKey};
|
2018-06-03 02:35:12 +00:00
|
|
|
use Signing;
|
|
|
|
use Verification;
|
2014-09-05 01:21:09 +00:00
|
|
|
use constants;
|
2019-08-16 18:48:03 +00:00
|
|
|
use ffi::{self, CPtr};
|
2014-08-10 01:03:17 +00:00
|
|
|
|
|
|
|
/// Secret 256-bit key used as `x` in an ECDSA signature
|
2015-01-17 16:13:45 +00:00
|
|
|
pub struct SecretKey([u8; constants::SECRET_KEY_SIZE]);
|
|
|
|
impl_array_newtype!(SecretKey, u8, constants::SECRET_KEY_SIZE);
|
2015-07-28 16:03:10 +00:00
|
|
|
impl_pretty_debug!(SecretKey);
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2019-07-23 09:56:23 +00:00
|
|
|
impl fmt::LowerHex for SecretKey {
|
2018-08-15 20:40:15 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
for ch in &self.0[..] {
|
|
|
|
write!(f, "{:02x}", *ch)?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-23 09:56:23 +00:00
|
|
|
impl fmt::Display for SecretKey {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
fmt::LowerHex::fmt(self, f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-26 18:39:41 +00:00
|
|
|
impl str::FromStr for SecretKey {
|
|
|
|
type Err = Error;
|
|
|
|
fn from_str(s: &str) -> Result<SecretKey, Error> {
|
|
|
|
let mut res = [0; constants::SECRET_KEY_SIZE];
|
|
|
|
match from_hex(s, &mut res) {
|
2021-04-26 05:43:54 +00:00
|
|
|
Ok(constants::SECRET_KEY_SIZE) => SecretKey::from_slice(&res),
|
2018-08-26 18:39:41 +00:00
|
|
|
_ => Err(Error::InvalidSecretKey)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-08-07 21:33:38 +00:00
|
|
|
/// The number 1 encoded as a secret key
|
|
|
|
pub const ONE_KEY: SecretKey = SecretKey([0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 1]);
|
|
|
|
|
2015-07-28 16:03:10 +00:00
|
|
|
/// A Secp256k1 public key, used for verification of signatures
|
2020-11-09 17:30:57 +00:00
|
|
|
#[derive(Copy, Clone, PartialEq, Eq, Debug, Hash)]
|
2021-03-31 01:07:20 +00:00
|
|
|
#[repr(transparent)]
|
2015-07-28 16:03:10 +00:00
|
|
|
pub struct PublicKey(ffi::PublicKey);
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2019-07-23 09:56:23 +00:00
|
|
|
impl fmt::LowerHex for PublicKey {
|
2018-08-15 20:40:15 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
let ser = self.serialize();
|
|
|
|
for ch in &ser[..] {
|
|
|
|
write!(f, "{:02x}", *ch)?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-23 09:56:23 +00:00
|
|
|
impl fmt::Display for PublicKey {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
fmt::LowerHex::fmt(self, f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-26 18:39:41 +00:00
|
|
|
impl str::FromStr for PublicKey {
|
|
|
|
type Err = Error;
|
|
|
|
fn from_str(s: &str) -> Result<PublicKey, Error> {
|
|
|
|
let mut res = [0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
|
|
|
|
match from_hex(s, &mut res) {
|
|
|
|
Ok(constants::PUBLIC_KEY_SIZE) => {
|
|
|
|
PublicKey::from_slice(
|
|
|
|
&res[0..constants::PUBLIC_KEY_SIZE]
|
|
|
|
)
|
|
|
|
}
|
|
|
|
Ok(constants::UNCOMPRESSED_PUBLIC_KEY_SIZE) => {
|
2018-11-06 21:57:52 +00:00
|
|
|
PublicKey::from_slice(&res)
|
2018-08-26 18:39:41 +00:00
|
|
|
}
|
|
|
|
_ => Err(Error::InvalidPublicKey)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-19 20:49:01 +00:00
|
|
|
#[cfg(any(test, feature = "rand"))]
|
2019-04-16 13:35:33 +00:00
|
|
|
fn random_32_bytes<R: Rng + ?Sized>(rng: &mut R) -> [u8; 32] {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0u8; 32];
|
|
|
|
rng.fill_bytes(&mut ret);
|
2014-08-16 09:21:35 +00:00
|
|
|
ret
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
impl SecretKey {
|
2018-07-31 15:55:58 +00:00
|
|
|
/// Creates a new random secret key. Requires compilation with the "rand" feature.
|
2014-08-10 01:03:17 +00:00
|
|
|
#[inline]
|
2017-12-19 20:49:01 +00:00
|
|
|
#[cfg(any(test, feature = "rand"))]
|
2019-04-16 13:35:33 +00:00
|
|
|
pub fn new<R: Rng + ?Sized>(rng: &mut R) -> SecretKey {
|
2015-04-12 20:54:22 +00:00
|
|
|
let mut data = random_32_bytes(rng);
|
2014-08-28 18:11:25 +00:00
|
|
|
unsafe {
|
2018-11-06 21:57:52 +00:00
|
|
|
while ffi::secp256k1_ec_seckey_verify(
|
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
data.as_c_ptr(),
|
2018-11-06 21:57:52 +00:00
|
|
|
) == 0
|
|
|
|
{
|
2015-04-12 20:54:22 +00:00
|
|
|
data = random_32_bytes(rng);
|
2014-08-28 18:11:25 +00:00
|
|
|
}
|
|
|
|
}
|
2014-09-12 13:28:35 +00:00
|
|
|
SecretKey(data)
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
/// Converts a `SECRET_KEY_SIZE`-byte slice to a secret key
|
2014-08-10 01:46:38 +00:00
|
|
|
#[inline]
|
2018-11-06 21:57:52 +00:00
|
|
|
pub fn from_slice(data: &[u8])-> Result<SecretKey, Error> {
|
2014-08-10 01:46:38 +00:00
|
|
|
match data.len() {
|
|
|
|
constants::SECRET_KEY_SIZE => {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0; constants::SECRET_KEY_SIZE];
|
2014-08-10 01:46:38 +00:00
|
|
|
unsafe {
|
2018-11-06 21:57:52 +00:00
|
|
|
if ffi::secp256k1_ec_seckey_verify(
|
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
data.as_c_ptr(),
|
2018-11-06 21:57:52 +00:00
|
|
|
) == 0
|
|
|
|
{
|
2014-08-24 23:13:08 +00:00
|
|
|
return Err(InvalidSecretKey);
|
|
|
|
}
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
2017-05-08 11:18:35 +00:00
|
|
|
ret[..].copy_from_slice(data);
|
2014-09-12 13:28:35 +00:00
|
|
|
Ok(SecretKey(ret))
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
_ => Err(InvalidSecretKey)
|
|
|
|
}
|
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2020-02-07 04:31:43 +00:00
|
|
|
#[inline]
|
|
|
|
/// Negates one secret key.
|
|
|
|
pub fn negate_assign(
|
|
|
|
&mut self
|
|
|
|
) {
|
|
|
|
unsafe {
|
2020-05-13 11:52:18 +00:00
|
|
|
let res = ffi::secp256k1_ec_seckey_negate(
|
2020-02-07 04:31:43 +00:00
|
|
|
ffi::secp256k1_context_no_precomp,
|
|
|
|
self.as_mut_c_ptr()
|
|
|
|
);
|
2020-06-10 00:59:55 +00:00
|
|
|
debug_assert_eq!(res, 1);
|
2020-02-07 04:31:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-28 16:16:53 +00:00
|
|
|
#[inline]
|
2018-08-15 17:11:32 +00:00
|
|
|
/// Adds one secret key to another, modulo the curve order. WIll
|
|
|
|
/// return an error if the resulting key would be invalid or if
|
|
|
|
/// the tweak was not a 32-byte length slice.
|
|
|
|
pub fn add_assign(
|
|
|
|
&mut self,
|
|
|
|
other: &[u8],
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
if other.len() != 32 {
|
|
|
|
return Err(Error::InvalidTweak);
|
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
unsafe {
|
2020-05-13 11:52:18 +00:00
|
|
|
if ffi::secp256k1_ec_seckey_tweak_add(
|
2018-11-06 21:57:52 +00:00
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
self.as_mut_c_ptr(),
|
|
|
|
other.as_c_ptr(),
|
2018-11-06 21:57:52 +00:00
|
|
|
) != 1
|
|
|
|
{
|
2018-08-15 17:11:32 +00:00
|
|
|
Err(Error::InvalidTweak)
|
2014-08-28 16:16:53 +00:00
|
|
|
} else {
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-08-20 17:00:39 +00:00
|
|
|
|
|
|
|
#[inline]
|
2018-08-15 17:11:32 +00:00
|
|
|
/// Multiplies one secret key by another, modulo the curve order. Will
|
|
|
|
/// return an error if the resulting key would be invalid or if
|
|
|
|
/// the tweak was not a 32-byte length slice.
|
|
|
|
pub fn mul_assign(
|
|
|
|
&mut self,
|
|
|
|
other: &[u8],
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
if other.len() != 32 {
|
|
|
|
return Err(Error::InvalidTweak);
|
|
|
|
}
|
2016-08-20 17:00:39 +00:00
|
|
|
unsafe {
|
2020-05-13 11:52:18 +00:00
|
|
|
if ffi::secp256k1_ec_seckey_tweak_mul(
|
2018-11-06 21:57:52 +00:00
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
self.as_mut_c_ptr(),
|
|
|
|
other.as_c_ptr(),
|
2018-11-06 21:57:52 +00:00
|
|
|
) != 1
|
|
|
|
{
|
2018-08-15 17:11:32 +00:00
|
|
|
Err(Error::InvalidTweak)
|
2016-08-20 17:00:39 +00:00
|
|
|
} else {
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2020-05-15 12:37:08 +00:00
|
|
|
#[cfg(feature = "serde")]
|
|
|
|
impl ::serde::Serialize for SecretKey {
|
|
|
|
fn serialize<S: ::serde::Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
|
|
|
|
if s.is_human_readable() {
|
|
|
|
s.collect_str(self)
|
|
|
|
} else {
|
|
|
|
s.serialize_bytes(&self[..])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(feature = "serde")]
|
|
|
|
impl<'de> ::serde::Deserialize<'de> for SecretKey {
|
|
|
|
fn deserialize<D: ::serde::Deserializer<'de>>(d: D) -> Result<Self, D::Error> {
|
|
|
|
if d.is_human_readable() {
|
2021-01-12 22:54:33 +00:00
|
|
|
d.deserialize_str(super::serde_util::FromStrVisitor::new(
|
2020-05-15 12:37:08 +00:00
|
|
|
"a hex string representing 32 byte SecretKey"
|
|
|
|
))
|
|
|
|
} else {
|
|
|
|
d.deserialize_bytes(super::serde_util::BytesVisitor::new(
|
|
|
|
"raw 32 bytes SecretKey",
|
|
|
|
SecretKey::from_slice
|
|
|
|
))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-07-25 13:57:36 +00:00
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
impl PublicKey {
|
2019-04-16 18:48:24 +00:00
|
|
|
/// Obtains a raw const pointer suitable for use with FFI functions
|
2015-07-28 16:03:10 +00:00
|
|
|
#[inline]
|
|
|
|
pub fn as_ptr(&self) -> *const ffi::PublicKey {
|
2020-11-30 02:47:34 +00:00
|
|
|
&self.0
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2019-04-16 18:48:24 +00:00
|
|
|
/// Obtains a raw mutable pointer suitable for use with FFI functions
|
|
|
|
#[inline]
|
|
|
|
pub fn as_mut_ptr(&mut self) -> *mut ffi::PublicKey {
|
2020-11-30 02:47:34 +00:00
|
|
|
&mut self.0
|
2019-04-16 18:48:24 +00:00
|
|
|
}
|
|
|
|
|
2014-08-28 17:59:44 +00:00
|
|
|
/// Creates a new public key from a secret key.
|
2014-08-10 01:03:17 +00:00
|
|
|
#[inline]
|
2018-06-03 02:35:12 +00:00
|
|
|
pub fn from_secret_key<C: Signing>(secp: &Secp256k1<C>,
|
2015-07-28 16:03:10 +00:00
|
|
|
sk: &SecretKey)
|
2018-06-03 09:08:09 +00:00
|
|
|
-> PublicKey {
|
2014-08-28 17:59:44 +00:00
|
|
|
unsafe {
|
2020-11-27 17:49:11 +00:00
|
|
|
let mut pk = ffi::PublicKey::new();
|
2014-08-28 18:11:25 +00:00
|
|
|
// We can assume the return value because it's not possible to construct
|
|
|
|
// an invalid `SecretKey` without transmute trickery or something
|
2019-08-16 18:49:24 +00:00
|
|
|
let res = ffi::secp256k1_ec_pubkey_create(secp.ctx, &mut pk, sk.as_c_ptr());
|
2015-04-11 18:07:43 +00:00
|
|
|
debug_assert_eq!(res, 1);
|
2020-11-27 17:49:11 +00:00
|
|
|
PublicKey(pk)
|
2014-08-10 03:34:16 +00:00
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-08-10 01:46:38 +00:00
|
|
|
/// Creates a public key directly from a slice
|
|
|
|
#[inline]
|
2018-11-06 21:57:52 +00:00
|
|
|
pub fn from_slice(data: &[u8]) -> Result<PublicKey, Error> {
|
2019-08-08 20:01:08 +00:00
|
|
|
if data.is_empty() {return Err(Error::InvalidPublicKey);}
|
|
|
|
|
2015-07-28 16:03:10 +00:00
|
|
|
unsafe {
|
2020-11-27 17:49:11 +00:00
|
|
|
let mut pk = ffi::PublicKey::new();
|
2018-11-06 21:57:52 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_parse(
|
|
|
|
ffi::secp256k1_context_no_precomp,
|
|
|
|
&mut pk,
|
2019-08-16 18:49:24 +00:00
|
|
|
data.as_c_ptr(),
|
2018-12-27 13:39:54 +00:00
|
|
|
data.len() as usize,
|
2018-11-06 21:57:52 +00:00
|
|
|
) == 1
|
|
|
|
{
|
2015-07-28 16:03:10 +00:00
|
|
|
Ok(PublicKey(pk))
|
|
|
|
} else {
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[inline]
|
2015-07-28 16:03:10 +00:00
|
|
|
/// Serialize the key as a byte-encoded pair of values. In compressed form
|
|
|
|
/// the y-coordinate is represented by only a single bit, as x determines
|
|
|
|
/// it up to one bit.
|
2017-12-19 20:36:46 +00:00
|
|
|
pub fn serialize(&self) -> [u8; constants::PUBLIC_KEY_SIZE] {
|
|
|
|
let mut ret = [0; constants::PUBLIC_KEY_SIZE];
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2015-07-28 16:03:10 +00:00
|
|
|
unsafe {
|
2018-12-27 13:39:54 +00:00
|
|
|
let mut ret_len = constants::PUBLIC_KEY_SIZE as usize;
|
2017-12-19 20:36:46 +00:00
|
|
|
let err = ffi::secp256k1_ec_pubkey_serialize(
|
2018-11-06 21:57:52 +00:00
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
ret.as_mut_c_ptr(),
|
2017-12-19 20:36:46 +00:00
|
|
|
&mut ret_len,
|
2019-08-16 18:49:24 +00:00
|
|
|
self.as_c_ptr(),
|
2017-12-19 20:36:46 +00:00
|
|
|
ffi::SECP256K1_SER_COMPRESSED,
|
|
|
|
);
|
2015-11-19 00:22:16 +00:00
|
|
|
debug_assert_eq!(err, 1);
|
2017-12-19 20:36:46 +00:00
|
|
|
debug_assert_eq!(ret_len, ret.len());
|
|
|
|
}
|
|
|
|
ret
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Serialize the key as a byte-encoded pair of values, in uncompressed form
|
|
|
|
pub fn serialize_uncompressed(&self) -> [u8; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE] {
|
|
|
|
let mut ret = [0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
|
|
|
|
|
|
|
|
unsafe {
|
2018-12-27 13:39:54 +00:00
|
|
|
let mut ret_len = constants::UNCOMPRESSED_PUBLIC_KEY_SIZE as usize;
|
2017-12-19 20:36:46 +00:00
|
|
|
let err = ffi::secp256k1_ec_pubkey_serialize(
|
2018-11-06 21:57:52 +00:00
|
|
|
ffi::secp256k1_context_no_precomp,
|
2019-08-16 18:49:24 +00:00
|
|
|
ret.as_mut_c_ptr(),
|
2017-12-19 20:36:46 +00:00
|
|
|
&mut ret_len,
|
2019-08-16 18:49:24 +00:00
|
|
|
self.as_c_ptr(),
|
2017-12-19 20:36:46 +00:00
|
|
|
ffi::SECP256K1_SER_UNCOMPRESSED,
|
|
|
|
);
|
|
|
|
debug_assert_eq!(err, 1);
|
|
|
|
debug_assert_eq!(ret_len, ret.len());
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
2015-07-28 16:03:10 +00:00
|
|
|
ret
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2020-02-07 04:31:43 +00:00
|
|
|
#[inline]
|
|
|
|
/// Negates the pk to the pk `self` in place
|
|
|
|
/// Will return an error if the pk would be invalid.
|
|
|
|
pub fn negate_assign<C: Verification>(
|
|
|
|
&mut self,
|
|
|
|
secp: &Secp256k1<C>
|
2020-06-10 00:59:55 +00:00
|
|
|
) {
|
2020-02-07 04:31:43 +00:00
|
|
|
unsafe {
|
2020-11-30 02:47:34 +00:00
|
|
|
let res = ffi::secp256k1_ec_pubkey_negate(secp.ctx, &mut self.0);
|
2020-06-10 00:59:55 +00:00
|
|
|
debug_assert_eq!(res, 1);
|
2020-02-07 04:31:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-28 16:16:53 +00:00
|
|
|
#[inline]
|
|
|
|
/// Adds the pk corresponding to `other` to the pk `self` in place
|
2018-08-15 17:11:32 +00:00
|
|
|
/// Will return an error if the resulting key would be invalid or
|
|
|
|
/// if the tweak was not a 32-byte length slice.
|
|
|
|
pub fn add_exp_assign<C: Verification>(
|
|
|
|
&mut self,
|
|
|
|
secp: &Secp256k1<C>,
|
|
|
|
other: &[u8]
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
if other.len() != 32 {
|
|
|
|
return Err(Error::InvalidTweak);
|
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
unsafe {
|
2020-11-30 02:47:34 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_tweak_add(secp.ctx, &mut self.0, other.as_c_ptr()) == 1 {
|
2014-08-28 16:16:53 +00:00
|
|
|
Ok(())
|
2015-07-28 16:03:10 +00:00
|
|
|
} else {
|
2018-08-15 17:11:32 +00:00
|
|
|
Err(Error::InvalidTweak)
|
2014-08-28 16:16:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-08-20 17:00:39 +00:00
|
|
|
|
|
|
|
#[inline]
|
|
|
|
/// Muliplies the pk `self` in place by the scalar `other`
|
2018-08-15 17:11:32 +00:00
|
|
|
/// Will return an error if the resulting key would be invalid or
|
|
|
|
/// if the tweak was not a 32-byte length slice.
|
|
|
|
pub fn mul_assign<C: Verification>(
|
|
|
|
&mut self,
|
|
|
|
secp: &Secp256k1<C>,
|
|
|
|
other: &[u8],
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
if other.len() != 32 {
|
|
|
|
return Err(Error::InvalidTweak);
|
|
|
|
}
|
2016-08-20 17:00:39 +00:00
|
|
|
unsafe {
|
2020-11-30 02:47:34 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_tweak_mul(secp.ctx, &mut self.0, other.as_c_ptr()) == 1 {
|
2016-08-20 17:00:39 +00:00
|
|
|
Ok(())
|
|
|
|
} else {
|
2018-08-15 17:11:32 +00:00
|
|
|
Err(Error::InvalidTweak)
|
2016-08-20 17:00:39 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-08-22 20:18:25 +00:00
|
|
|
|
|
|
|
/// Adds a second key to this one, returning the sum. Returns an error if
|
|
|
|
/// the result would be the point at infinity, i.e. we are adding this point
|
|
|
|
/// to its own negation
|
2018-11-06 21:57:52 +00:00
|
|
|
pub fn combine(&self, other: &PublicKey) -> Result<PublicKey, Error> {
|
2021-03-31 01:07:20 +00:00
|
|
|
PublicKey::combine_keys(&[self, other])
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Adds the keys in the provided slice together, returning the sum. Returns
|
|
|
|
/// an error if the result would be the point at infinity, i.e. we are adding
|
|
|
|
/// a point to its own negation
|
|
|
|
pub fn combine_keys(keys: &[&PublicKey]) -> Result<PublicKey, Error> {
|
|
|
|
use core::mem::transmute;
|
|
|
|
use core::i32::MAX;
|
|
|
|
|
|
|
|
debug_assert!(keys.len() < MAX as usize);
|
2018-08-22 20:18:25 +00:00
|
|
|
unsafe {
|
2019-08-08 21:19:31 +00:00
|
|
|
let mut ret = ffi::PublicKey::new();
|
2021-03-31 01:07:20 +00:00
|
|
|
let ptrs : &[*const ffi::PublicKey] =
|
|
|
|
transmute::<&[&PublicKey], &[*const ffi::PublicKey]>(keys);
|
2018-11-06 21:57:52 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_combine(
|
|
|
|
ffi::secp256k1_context_no_precomp,
|
|
|
|
&mut ret,
|
2019-08-16 18:49:24 +00:00
|
|
|
ptrs.as_c_ptr(),
|
2021-03-31 01:07:20 +00:00
|
|
|
keys.len() as i32
|
2018-11-06 21:57:52 +00:00
|
|
|
) == 1
|
|
|
|
{
|
2018-08-22 20:18:25 +00:00
|
|
|
Ok(PublicKey(ret))
|
|
|
|
} else {
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2019-08-16 18:48:03 +00:00
|
|
|
impl CPtr for PublicKey {
|
|
|
|
type Target = ffi::PublicKey;
|
|
|
|
fn as_c_ptr(&self) -> *const Self::Target {
|
|
|
|
self.as_ptr()
|
|
|
|
}
|
|
|
|
|
|
|
|
fn as_mut_c_ptr(&mut self) -> *mut Self::Target {
|
|
|
|
self.as_mut_ptr()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-14 14:35:02 +00:00
|
|
|
/// Creates a new public key from a FFI public key
|
|
|
|
impl From<ffi::PublicKey> for PublicKey {
|
|
|
|
#[inline]
|
|
|
|
fn from(pk: ffi::PublicKey) -> PublicKey {
|
|
|
|
PublicKey(pk)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-15 12:37:08 +00:00
|
|
|
#[cfg(feature = "serde")]
|
|
|
|
impl ::serde::Serialize for PublicKey {
|
|
|
|
fn serialize<S: ::serde::Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
|
|
|
|
if s.is_human_readable() {
|
|
|
|
s.collect_str(self)
|
|
|
|
} else {
|
|
|
|
s.serialize_bytes(&self.serialize())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(feature = "serde")]
|
|
|
|
impl<'de> ::serde::Deserialize<'de> for PublicKey {
|
|
|
|
fn deserialize<D: ::serde::Deserializer<'de>>(d: D) -> Result<PublicKey, D::Error> {
|
|
|
|
if d.is_human_readable() {
|
2021-01-12 22:54:33 +00:00
|
|
|
d.deserialize_str(super::serde_util::FromStrVisitor::new(
|
2020-05-15 12:37:08 +00:00
|
|
|
"an ASCII hex string representing a public key"
|
|
|
|
))
|
|
|
|
} else {
|
|
|
|
d.deserialize_bytes(super::serde_util::BytesVisitor::new(
|
|
|
|
"a bytestring representing a public key",
|
|
|
|
PublicKey::from_slice
|
|
|
|
))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-07-25 13:57:36 +00:00
|
|
|
|
2020-11-09 17:30:57 +00:00
|
|
|
impl PartialOrd for PublicKey {
|
|
|
|
fn partial_cmp(&self, other: &PublicKey) -> Option<::core::cmp::Ordering> {
|
|
|
|
self.serialize().partial_cmp(&other.serialize())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Ord for PublicKey {
|
|
|
|
fn cmp(&self, other: &PublicKey) -> ::core::cmp::Ordering {
|
|
|
|
self.serialize().cmp(&other.serialize())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-10 01:46:38 +00:00
|
|
|
#[cfg(test)]
|
|
|
|
mod test {
|
2018-08-26 18:39:41 +00:00
|
|
|
use Secp256k1;
|
|
|
|
use from_hex;
|
2018-06-03 08:48:21 +00:00
|
|
|
use super::super::Error::{InvalidPublicKey, InvalidSecretKey};
|
2015-04-06 05:13:38 +00:00
|
|
|
use super::{PublicKey, SecretKey};
|
2015-04-12 15:51:15 +00:00
|
|
|
use super::super::constants;
|
|
|
|
|
2019-01-11 20:57:34 +00:00
|
|
|
use rand::{Error, ErrorKind, RngCore, thread_rng};
|
|
|
|
use rand_core::impls;
|
2018-08-26 18:39:41 +00:00
|
|
|
use std::iter;
|
|
|
|
use std::str::FromStr;
|
2014-08-10 02:02:09 +00:00
|
|
|
|
2020-12-21 23:27:55 +00:00
|
|
|
#[cfg(target_arch = "wasm32")]
|
|
|
|
use wasm_bindgen_test::wasm_bindgen_test as test;
|
|
|
|
|
2018-03-21 22:01:08 +00:00
|
|
|
macro_rules! hex {
|
2018-08-26 18:39:41 +00:00
|
|
|
($hex:expr) => ({
|
|
|
|
let mut result = vec![0; $hex.len() / 2];
|
|
|
|
from_hex($hex, &mut result).expect("valid hex string");
|
|
|
|
result
|
|
|
|
});
|
2018-03-21 22:01:08 +00:00
|
|
|
}
|
2017-12-21 00:59:22 +00:00
|
|
|
|
2014-08-10 02:02:09 +00:00
|
|
|
#[test]
|
|
|
|
fn skey_from_slice() {
|
2018-11-06 21:57:52 +00:00
|
|
|
let sk = SecretKey::from_slice(&[1; 31]);
|
2014-09-12 13:28:35 +00:00
|
|
|
assert_eq!(sk, Err(InvalidSecretKey));
|
|
|
|
|
2018-11-06 21:57:52 +00:00
|
|
|
let sk = SecretKey::from_slice(&[1; 32]);
|
2014-09-12 13:28:35 +00:00
|
|
|
assert!(sk.is_ok());
|
2014-08-10 02:02:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn pubkey_from_slice() {
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(PublicKey::from_slice(&[]), Err(InvalidPublicKey));
|
|
|
|
assert_eq!(PublicKey::from_slice(&[1, 2, 3]), Err(InvalidPublicKey));
|
2014-08-10 01:46:38 +00:00
|
|
|
|
2018-11-06 21:57:52 +00:00
|
|
|
let uncompressed = PublicKey::from_slice(&[4, 54, 57, 149, 239, 162, 148, 175, 246, 254, 239, 75, 154, 152, 10, 82, 234, 224, 85, 220, 40, 100, 57, 121, 30, 162, 94, 156, 135, 67, 74, 49, 179, 57, 236, 53, 162, 124, 149, 144, 168, 77, 74, 30, 72, 211, 229, 110, 111, 55, 96, 193, 86, 227, 183, 152, 195, 155, 51, 247, 123, 113, 60, 228, 188]);
|
2014-08-10 01:46:38 +00:00
|
|
|
assert!(uncompressed.is_ok());
|
|
|
|
|
2018-11-06 21:57:52 +00:00
|
|
|
let compressed = PublicKey::from_slice(&[3, 23, 183, 225, 206, 31, 159, 148, 195, 42, 67, 115, 146, 41, 248, 140, 11, 3, 51, 41, 111, 180, 110, 143, 114, 134, 88, 73, 198, 174, 52, 184, 78]);
|
2014-08-10 01:46:38 +00:00
|
|
|
assert!(compressed.is_ok());
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn keypair_slice_round_trip() {
|
2015-04-12 20:54:22 +00:00
|
|
|
let s = Secp256k1::new();
|
2014-08-10 01:46:38 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
let (sk1, pk1) = s.generate_keypair(&mut thread_rng());
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(SecretKey::from_slice(&sk1[..]), Ok(sk1));
|
|
|
|
assert_eq!(PublicKey::from_slice(&pk1.serialize()[..]), Ok(pk1));
|
|
|
|
assert_eq!(PublicKey::from_slice(&pk1.serialize_uncompressed()[..]), Ok(pk1));
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
2014-08-10 02:02:09 +00:00
|
|
|
|
2014-08-24 23:13:08 +00:00
|
|
|
#[test]
|
|
|
|
fn invalid_secret_key() {
|
|
|
|
// Zero
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(SecretKey::from_slice(&[0; 32]), Err(InvalidSecretKey));
|
2021-04-26 05:43:54 +00:00
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_str(&format!("0000000000000000000000000000000000000000000000000000000000000000")),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
2014-08-24 23:13:08 +00:00
|
|
|
// -1
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(SecretKey::from_slice(&[0xff; 32]), Err(InvalidSecretKey));
|
2014-08-24 23:13:08 +00:00
|
|
|
// Top of range
|
2018-11-06 21:57:52 +00:00
|
|
|
assert!(SecretKey::from_slice(&[
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
|
|
|
|
0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
|
|
|
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x40,
|
|
|
|
]).is_ok());
|
2014-08-24 23:13:08 +00:00
|
|
|
// One past top of range
|
2018-11-06 21:57:52 +00:00
|
|
|
assert!(SecretKey::from_slice(&[
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
|
|
|
|
0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
|
|
|
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
|
|
|
|
]).is_err());
|
2014-08-24 23:13:08 +00:00
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2015-04-12 15:51:15 +00:00
|
|
|
#[test]
|
|
|
|
fn test_out_of_range() {
|
|
|
|
|
|
|
|
struct BadRng(u8);
|
2019-01-11 20:57:34 +00:00
|
|
|
impl RngCore for BadRng {
|
2015-04-12 15:51:15 +00:00
|
|
|
fn next_u32(&mut self) -> u32 { unimplemented!() }
|
2019-01-11 20:57:34 +00:00
|
|
|
fn next_u64(&mut self) -> u64 { unimplemented!() }
|
2015-04-12 15:51:15 +00:00
|
|
|
// This will set a secret key to a little over the
|
|
|
|
// group order, then decrement with repeated calls
|
|
|
|
// until it returns a valid key
|
|
|
|
fn fill_bytes(&mut self, data: &mut [u8]) {
|
|
|
|
let group_order: [u8; 32] = [
|
|
|
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
|
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
|
|
|
|
0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
|
|
|
|
0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41];
|
|
|
|
assert_eq!(data.len(), 32);
|
2017-05-08 11:18:35 +00:00
|
|
|
data.copy_from_slice(&group_order[..]);
|
2015-04-12 15:51:15 +00:00
|
|
|
data[31] = self.0;
|
|
|
|
self.0 -= 1;
|
|
|
|
}
|
2019-01-11 20:57:34 +00:00
|
|
|
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
|
2020-12-22 02:45:19 +00:00
|
|
|
self.fill_bytes(dest);
|
|
|
|
Ok(())
|
2019-01-11 20:57:34 +00:00
|
|
|
}
|
2015-04-12 15:51:15 +00:00
|
|
|
}
|
|
|
|
|
2015-04-12 20:54:22 +00:00
|
|
|
let s = Secp256k1::new();
|
2018-06-03 09:08:09 +00:00
|
|
|
s.generate_keypair(&mut BadRng(0xff));
|
2015-04-12 15:51:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_pubkey_from_bad_slice() {
|
|
|
|
// Bad sizes
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0; constants::PUBLIC_KEY_SIZE - 1]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0; constants::PUBLIC_KEY_SIZE + 1]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE - 1]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE + 1]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
2015-04-12 15:51:15 +00:00
|
|
|
|
|
|
|
// Bad parse
|
2018-11-06 21:57:52 +00:00
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0xff; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[0x55; constants::PUBLIC_KEY_SIZE]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
2019-08-21 21:58:55 +00:00
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_slice(&[]),
|
|
|
|
Err(InvalidPublicKey)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_seckey_from_bad_slice() {
|
|
|
|
// Bad sizes
|
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_slice(&[0; constants::SECRET_KEY_SIZE - 1]),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_slice(&[0; constants::SECRET_KEY_SIZE + 1]),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
|
|
|
// Bad parse
|
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_slice(&[0xff; constants::SECRET_KEY_SIZE]),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_slice(&[0x00; constants::SECRET_KEY_SIZE]),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_slice(&[]),
|
|
|
|
Err(InvalidSecretKey)
|
|
|
|
);
|
2015-04-12 15:51:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_debug_output() {
|
|
|
|
struct DumbRng(u32);
|
2019-01-11 20:57:34 +00:00
|
|
|
impl RngCore for DumbRng {
|
2015-04-12 15:51:15 +00:00
|
|
|
fn next_u32(&mut self) -> u32 {
|
|
|
|
self.0 = self.0.wrapping_add(1);
|
|
|
|
self.0
|
|
|
|
}
|
2019-01-11 20:57:34 +00:00
|
|
|
fn next_u64(&mut self) -> u64 {
|
|
|
|
self.next_u32() as u64
|
|
|
|
}
|
|
|
|
fn fill_bytes(&mut self, dest: &mut [u8]) {
|
|
|
|
impls::fill_bytes_via_next(self, dest);
|
|
|
|
}
|
2019-11-18 01:04:11 +00:00
|
|
|
|
|
|
|
fn try_fill_bytes(&mut self, _dest: &mut [u8]) -> Result<(), Error> {
|
|
|
|
Err(Error::new(ErrorKind::Unavailable, "not implemented"))
|
|
|
|
}
|
2015-04-12 15:51:15 +00:00
|
|
|
}
|
|
|
|
|
2015-04-12 20:54:22 +00:00
|
|
|
let s = Secp256k1::new();
|
2018-06-03 09:08:09 +00:00
|
|
|
let (sk, _) = s.generate_keypair(&mut DumbRng(0));
|
2015-04-12 15:51:15 +00:00
|
|
|
|
2015-07-28 16:03:10 +00:00
|
|
|
assert_eq!(&format!("{:?}", sk),
|
2019-01-11 20:57:34 +00:00
|
|
|
"SecretKey(0100000000000000020000000000000003000000000000000400000000000000)");
|
2015-07-28 16:03:10 +00:00
|
|
|
}
|
|
|
|
|
2018-08-15 20:40:15 +00:00
|
|
|
#[test]
|
|
|
|
fn test_display_output() {
|
|
|
|
static SK_BYTES: [u8; 32] = [
|
|
|
|
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
|
|
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
|
|
|
0xff, 0xff, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
|
|
|
|
0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63,
|
|
|
|
];
|
|
|
|
|
|
|
|
let s = Secp256k1::signing_only();
|
2018-11-06 21:57:52 +00:00
|
|
|
let sk = SecretKey::from_slice(&SK_BYTES).expect("sk");
|
2021-02-18 14:50:58 +00:00
|
|
|
|
|
|
|
// In fuzzing mode secret->public key derivation is different, so
|
|
|
|
// hard-code the epected result.
|
|
|
|
#[cfg(not(fuzzing))]
|
2018-08-15 20:40:15 +00:00
|
|
|
let pk = PublicKey::from_secret_key(&s, &sk);
|
2021-02-18 14:50:58 +00:00
|
|
|
#[cfg(fuzzing)]
|
|
|
|
let pk = PublicKey::from_slice(&[0x02, 0x18, 0x84, 0x57, 0x81, 0xf6, 0x31, 0xc4, 0x8f, 0x1c, 0x97, 0x09, 0xe2, 0x30, 0x92, 0x06, 0x7d, 0x06, 0x83, 0x7f, 0x30, 0xaa, 0x0c, 0xd0, 0x54, 0x4a, 0xc8, 0x87, 0xfe, 0x91, 0xdd, 0xd1, 0x66]).expect("pk");
|
2018-08-15 20:40:15 +00:00
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
sk.to_string(),
|
|
|
|
"01010101010101010001020304050607ffff0000ffff00006363636363636363"
|
|
|
|
);
|
2018-08-26 18:39:41 +00:00
|
|
|
assert_eq!(
|
|
|
|
SecretKey::from_str("01010101010101010001020304050607ffff0000ffff00006363636363636363").unwrap(),
|
|
|
|
sk
|
|
|
|
);
|
2018-08-15 20:40:15 +00:00
|
|
|
assert_eq!(
|
|
|
|
pk.to_string(),
|
|
|
|
"0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd166"
|
|
|
|
);
|
2018-08-26 18:39:41 +00:00
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_str("0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd166").unwrap(),
|
|
|
|
pk
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PublicKey::from_str("04\
|
|
|
|
18845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd166\
|
|
|
|
84B84DB303A340CD7D6823EE88174747D12A67D2F8F2F9BA40846EE5EE7A44F6"
|
|
|
|
).unwrap(),
|
|
|
|
pk
|
|
|
|
);
|
|
|
|
|
|
|
|
assert!(SecretKey::from_str("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").is_err());
|
|
|
|
assert!(SecretKey::from_str("01010101010101010001020304050607ffff0000ffff0000636363636363636363").is_err());
|
|
|
|
assert!(SecretKey::from_str("01010101010101010001020304050607ffff0000ffff0000636363636363636").is_err());
|
|
|
|
assert!(SecretKey::from_str("01010101010101010001020304050607ffff0000ffff000063636363636363").is_err());
|
|
|
|
assert!(SecretKey::from_str("01010101010101010001020304050607ffff0000ffff000063636363636363xx").is_err());
|
|
|
|
assert!(PublicKey::from_str("0300000000000000000000000000000000000000000000000000000000000000000").is_err());
|
|
|
|
assert!(PublicKey::from_str("0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd16601").is_err());
|
|
|
|
assert!(PublicKey::from_str("0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd16").is_err());
|
|
|
|
assert!(PublicKey::from_str("0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd1").is_err());
|
|
|
|
assert!(PublicKey::from_str("xx0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd1").is_err());
|
|
|
|
|
|
|
|
let long_str: String = iter::repeat('a').take(1024 * 1024).collect();
|
|
|
|
assert!(SecretKey::from_str(&long_str).is_err());
|
|
|
|
assert!(PublicKey::from_str(&long_str).is_err());
|
2018-08-15 20:40:15 +00:00
|
|
|
}
|
|
|
|
|
2015-07-28 16:03:10 +00:00
|
|
|
#[test]
|
2021-02-18 14:50:58 +00:00
|
|
|
// In fuzzing mode the Y coordinate is expected to match the X, so this
|
|
|
|
// test uses invalid public keys.
|
|
|
|
#[cfg(not(fuzzing))]
|
2015-07-28 16:03:10 +00:00
|
|
|
fn test_pubkey_serialize() {
|
|
|
|
struct DumbRng(u32);
|
2019-01-11 20:57:34 +00:00
|
|
|
impl RngCore for DumbRng {
|
2015-07-28 16:03:10 +00:00
|
|
|
fn next_u32(&mut self) -> u32 {
|
|
|
|
self.0 = self.0.wrapping_add(1);
|
|
|
|
self.0
|
|
|
|
}
|
2019-01-11 20:57:34 +00:00
|
|
|
fn next_u64(&mut self) -> u64 {
|
|
|
|
self.next_u32() as u64
|
|
|
|
}
|
|
|
|
fn try_fill_bytes(&mut self, _dest: &mut [u8]) -> Result<(), Error> {
|
|
|
|
Err(Error::new(ErrorKind::Unavailable, "not implemented"))
|
|
|
|
}
|
|
|
|
|
|
|
|
fn fill_bytes(&mut self, dest: &mut [u8]) {
|
|
|
|
impls::fill_bytes_via_next(self, dest);
|
|
|
|
}
|
2015-07-28 16:03:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
let s = Secp256k1::new();
|
2018-06-03 09:08:09 +00:00
|
|
|
let (_, pk1) = s.generate_keypair(&mut DumbRng(0));
|
2017-12-19 20:36:46 +00:00
|
|
|
assert_eq!(&pk1.serialize_uncompressed()[..],
|
2019-01-11 20:57:34 +00:00
|
|
|
&[4, 124, 121, 49, 14, 253, 63, 197, 50, 39, 194, 107, 17, 193, 219, 108, 154, 126, 9, 181, 248, 2, 12, 149, 233, 198, 71, 149, 134, 250, 184, 154, 229, 185, 28, 165, 110, 27, 3, 162, 126, 238, 167, 157, 242, 221, 76, 251, 237, 34, 231, 72, 39, 245, 3, 191, 64, 111, 170, 117, 103, 82, 28, 102, 163][..]);
|
2017-12-19 20:36:46 +00:00
|
|
|
assert_eq!(&pk1.serialize()[..],
|
2019-01-11 20:57:34 +00:00
|
|
|
&[3, 124, 121, 49, 14, 253, 63, 197, 50, 39, 194, 107, 17, 193, 219, 108, 154, 126, 9, 181, 248, 2, 12, 149, 233, 198, 71, 149, 134, 250, 184, 154, 229][..]);
|
2015-04-12 15:51:15 +00:00
|
|
|
}
|
|
|
|
|
2014-08-28 16:16:53 +00:00
|
|
|
#[test]
|
|
|
|
fn test_addition() {
|
2015-04-12 20:54:22 +00:00
|
|
|
let s = Secp256k1::new();
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
let (mut sk1, mut pk1) = s.generate_keypair(&mut thread_rng());
|
|
|
|
let (mut sk2, mut pk2) = s.generate_keypair(&mut thread_rng());
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
|
2018-08-15 17:11:32 +00:00
|
|
|
assert!(sk1.add_assign(&sk2[..]).is_ok());
|
|
|
|
assert!(pk1.add_exp_assign(&s, &sk2[..]).is_ok());
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
|
2014-08-28 17:59:44 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
|
2018-08-15 17:11:32 +00:00
|
|
|
assert!(sk2.add_assign(&sk1[..]).is_ok());
|
|
|
|
assert!(pk2.add_exp_assign(&s, &sk1[..]).is_ok());
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
|
2014-08-28 16:16:53 +00:00
|
|
|
}
|
2016-01-09 03:45:20 +00:00
|
|
|
|
2016-08-20 17:00:39 +00:00
|
|
|
#[test]
|
|
|
|
fn test_multiplication() {
|
|
|
|
let s = Secp256k1::new();
|
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
let (mut sk1, mut pk1) = s.generate_keypair(&mut thread_rng());
|
|
|
|
let (mut sk2, mut pk2) = s.generate_keypair(&mut thread_rng());
|
2016-08-20 17:00:39 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
|
2018-08-15 17:11:32 +00:00
|
|
|
assert!(sk1.mul_assign(&sk2[..]).is_ok());
|
|
|
|
assert!(pk1.mul_assign(&s, &sk2[..]).is_ok());
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
|
2016-08-20 17:00:39 +00:00
|
|
|
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
|
2018-08-15 17:11:32 +00:00
|
|
|
assert!(sk2.mul_assign(&sk1[..]).is_ok());
|
|
|
|
assert!(pk2.mul_assign(&s, &sk1[..]).is_ok());
|
2018-06-03 09:08:09 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
|
2016-08-20 17:00:39 +00:00
|
|
|
}
|
|
|
|
|
2020-02-07 04:31:43 +00:00
|
|
|
#[test]
|
|
|
|
fn test_negation() {
|
|
|
|
let s = Secp256k1::new();
|
|
|
|
|
|
|
|
let (mut sk, mut pk) = s.generate_keypair(&mut thread_rng());
|
|
|
|
|
|
|
|
let original_sk = sk;
|
|
|
|
let original_pk = pk;
|
|
|
|
|
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk), pk);
|
|
|
|
sk.negate_assign();
|
2020-06-10 00:59:55 +00:00
|
|
|
pk.negate_assign(&s);
|
2020-02-07 04:31:43 +00:00
|
|
|
assert_ne!(original_sk, sk);
|
|
|
|
assert_ne!(original_pk, pk);
|
|
|
|
sk.negate_assign();
|
2020-06-10 00:59:55 +00:00
|
|
|
pk.negate_assign(&s);
|
2020-02-07 04:31:43 +00:00
|
|
|
assert_eq!(original_sk, sk);
|
|
|
|
assert_eq!(original_pk, pk);
|
|
|
|
assert_eq!(PublicKey::from_secret_key(&s, &sk), pk);
|
|
|
|
}
|
|
|
|
|
2016-01-09 03:45:20 +00:00
|
|
|
#[test]
|
|
|
|
fn pubkey_hash() {
|
2017-04-27 19:46:28 +00:00
|
|
|
use std::collections::hash_map::DefaultHasher;
|
|
|
|
use std::hash::{Hash, Hasher};
|
2016-01-09 03:45:20 +00:00
|
|
|
use std::collections::HashSet;
|
|
|
|
|
|
|
|
fn hash<T: Hash>(t: &T) -> u64 {
|
2017-04-27 19:46:28 +00:00
|
|
|
let mut s = DefaultHasher::new();
|
2016-01-09 03:45:20 +00:00
|
|
|
t.hash(&mut s);
|
|
|
|
s.finish()
|
|
|
|
}
|
|
|
|
|
|
|
|
let s = Secp256k1::new();
|
|
|
|
let mut set = HashSet::new();
|
|
|
|
const COUNT : usize = 1024;
|
2020-12-22 03:02:31 +00:00
|
|
|
for _ in 0..COUNT {
|
2018-06-03 09:08:09 +00:00
|
|
|
let (_, pk) = s.generate_keypair(&mut thread_rng());
|
2016-01-09 03:45:20 +00:00
|
|
|
let hash = hash(&pk);
|
|
|
|
assert!(!set.contains(&hash));
|
|
|
|
set.insert(hash);
|
2020-12-22 03:02:31 +00:00
|
|
|
};
|
|
|
|
assert_eq!(set.len(), COUNT);
|
2016-01-09 03:45:20 +00:00
|
|
|
}
|
2017-12-21 00:59:22 +00:00
|
|
|
|
2021-02-18 14:50:58 +00:00
|
|
|
#[cfg_attr(not(fuzzing), test)]
|
2018-08-22 20:18:25 +00:00
|
|
|
fn pubkey_combine() {
|
|
|
|
let compressed1 = PublicKey::from_slice(
|
|
|
|
&hex!("0241cc121c419921942add6db6482fb36243faf83317c866d2a28d8c6d7089f7ba"),
|
|
|
|
).unwrap();
|
|
|
|
let compressed2 = PublicKey::from_slice(
|
|
|
|
&hex!("02e6642fd69bd211f93f7f1f36ca51a26a5290eb2dd1b0d8279a87bb0d480c8443"),
|
|
|
|
).unwrap();
|
|
|
|
let exp_sum = PublicKey::from_slice(
|
|
|
|
&hex!("0384526253c27c7aef56c7b71a5cd25bebb66dddda437826defc5b2568bde81f07"),
|
|
|
|
).unwrap();
|
|
|
|
|
2018-11-06 21:57:52 +00:00
|
|
|
let sum1 = compressed1.combine(&compressed2);
|
2018-08-22 20:18:25 +00:00
|
|
|
assert!(sum1.is_ok());
|
2018-11-06 21:57:52 +00:00
|
|
|
let sum2 = compressed2.combine(&compressed1);
|
2018-08-22 20:18:25 +00:00
|
|
|
assert!(sum2.is_ok());
|
|
|
|
assert_eq!(sum1, sum2);
|
|
|
|
assert_eq!(sum1.unwrap(), exp_sum);
|
|
|
|
}
|
|
|
|
|
2021-02-18 14:50:58 +00:00
|
|
|
#[cfg_attr(not(fuzzing), test)]
|
2021-03-31 01:07:20 +00:00
|
|
|
fn pubkey_combine_keys() {
|
|
|
|
let compressed1 = PublicKey::from_slice(
|
|
|
|
&hex!("0241cc121c419921942add6db6482fb36243faf83317c866d2a28d8c6d7089f7ba"),
|
|
|
|
).unwrap();
|
|
|
|
let compressed2 = PublicKey::from_slice(
|
|
|
|
&hex!("02e6642fd69bd211f93f7f1f36ca51a26a5290eb2dd1b0d8279a87bb0d480c8443"),
|
|
|
|
).unwrap();
|
|
|
|
let compressed3 = PublicKey::from_slice(
|
|
|
|
&hex!("03e74897d8644eb3e5b391ca2ab257aec2080f4d1a95cad57e454e47f021168eb0")
|
|
|
|
).unwrap();
|
|
|
|
let exp_sum = PublicKey::from_slice(
|
|
|
|
&hex!("0252d73a47f66cf341e5651542f0348f452b7c793af62a6d8bff75ade703a451ad"),
|
|
|
|
).unwrap();
|
|
|
|
|
|
|
|
let sum1 = PublicKey::combine_keys(&[&compressed1, &compressed2, &compressed3]);
|
|
|
|
assert!(sum1.is_ok());
|
|
|
|
let sum2 = PublicKey::combine_keys(&[&compressed1, &compressed2, &compressed3]);
|
|
|
|
assert!(sum2.is_ok());
|
|
|
|
assert_eq!(sum1, sum2);
|
|
|
|
assert_eq!(sum1.unwrap(), exp_sum);
|
2018-08-22 20:18:25 +00:00
|
|
|
}
|
|
|
|
|
2021-02-18 14:50:58 +00:00
|
|
|
#[test]
|
|
|
|
fn create_pubkey_combine() {
|
|
|
|
let s = Secp256k1::new();
|
|
|
|
|
|
|
|
let (mut sk1, pk1) = s.generate_keypair(&mut thread_rng());
|
|
|
|
let (sk2, pk2) = s.generate_keypair(&mut thread_rng());
|
|
|
|
|
|
|
|
let sum1 = pk1.combine(&pk2);
|
|
|
|
assert!(sum1.is_ok());
|
|
|
|
let sum2 = pk2.combine(&pk1);
|
|
|
|
assert!(sum2.is_ok());
|
|
|
|
assert_eq!(sum1, sum2);
|
|
|
|
|
|
|
|
assert!(sk1.add_assign(&sk2.as_ref()[..]).is_ok());
|
|
|
|
let sksum = PublicKey::from_secret_key(&s, &sk1);
|
|
|
|
assert_eq!(Ok(sksum), sum1);
|
|
|
|
}
|
|
|
|
|
2018-05-29 11:11:18 +00:00
|
|
|
#[test]
|
|
|
|
fn pubkey_equal() {
|
|
|
|
let pk1 = PublicKey::from_slice(
|
|
|
|
&hex!("0241cc121c419921942add6db6482fb36243faf83317c866d2a28d8c6d7089f7ba"),
|
|
|
|
).unwrap();
|
2020-12-22 03:10:46 +00:00
|
|
|
let pk2 = pk1;
|
2018-05-29 11:11:18 +00:00
|
|
|
let pk3 = PublicKey::from_slice(
|
|
|
|
&hex!("02e6642fd69bd211f93f7f1f36ca51a26a5290eb2dd1b0d8279a87bb0d480c8443"),
|
|
|
|
).unwrap();
|
|
|
|
|
|
|
|
assert!(pk1 == pk2);
|
|
|
|
assert!(pk1 <= pk2);
|
|
|
|
assert!(pk2 <= pk1);
|
|
|
|
assert!(!(pk2 < pk1));
|
|
|
|
assert!(!(pk1 < pk2));
|
2018-06-03 02:35:12 +00:00
|
|
|
|
2020-11-09 17:30:57 +00:00
|
|
|
assert!(pk3 > pk1);
|
|
|
|
assert!(pk1 < pk3);
|
|
|
|
assert!(pk3 >= pk1);
|
|
|
|
assert!(pk1 <= pk3);
|
2018-05-29 11:11:18 +00:00
|
|
|
}
|
2018-07-25 13:57:36 +00:00
|
|
|
|
|
|
|
#[cfg(feature = "serde")]
|
|
|
|
#[test]
|
2021-01-12 00:49:44 +00:00
|
|
|
fn test_serde() {
|
2019-05-13 22:22:37 +00:00
|
|
|
use serde_test::{Configure, Token, assert_tokens};
|
2018-07-25 13:57:36 +00:00
|
|
|
static SK_BYTES: [u8; 32] = [
|
|
|
|
1, 1, 1, 1, 1, 1, 1, 1,
|
|
|
|
0, 1, 2, 3, 4, 5, 6, 7,
|
|
|
|
0xff, 0xff, 0, 0, 0xff, 0xff, 0, 0,
|
|
|
|
99, 99, 99, 99, 99, 99, 99, 99
|
|
|
|
];
|
2019-05-13 22:22:37 +00:00
|
|
|
static SK_STR: &'static str = "\
|
|
|
|
01010101010101010001020304050607ffff0000ffff00006363636363636363\
|
|
|
|
";
|
2018-07-25 13:57:36 +00:00
|
|
|
static PK_BYTES: [u8; 33] = [
|
|
|
|
0x02,
|
|
|
|
0x18, 0x84, 0x57, 0x81, 0xf6, 0x31, 0xc4, 0x8f,
|
|
|
|
0x1c, 0x97, 0x09, 0xe2, 0x30, 0x92, 0x06, 0x7d,
|
|
|
|
0x06, 0x83, 0x7f, 0x30, 0xaa, 0x0c, 0xd0, 0x54,
|
|
|
|
0x4a, 0xc8, 0x87, 0xfe, 0x91, 0xdd, 0xd1, 0x66,
|
|
|
|
];
|
2019-07-23 09:56:40 +00:00
|
|
|
static PK_STR: &'static str = "\
|
|
|
|
0218845781f631c48f1c9709e23092067d06837f30aa0cd0544ac887fe91ddd166\
|
|
|
|
";
|
2018-07-25 13:57:36 +00:00
|
|
|
|
|
|
|
let s = Secp256k1::new();
|
2018-11-06 21:57:52 +00:00
|
|
|
let sk = SecretKey::from_slice(&SK_BYTES).unwrap();
|
2021-02-18 14:55:46 +00:00
|
|
|
|
|
|
|
// In fuzzing mode secret->public key derivation is different, so
|
|
|
|
// hard-code the epected result.
|
|
|
|
#[cfg(not(fuzzing))]
|
2018-07-25 13:57:36 +00:00
|
|
|
let pk = PublicKey::from_secret_key(&s, &sk);
|
2021-02-18 14:55:46 +00:00
|
|
|
#[cfg(fuzzing)]
|
|
|
|
let pk = PublicKey::from_slice(&PK_BYTES).expect("pk");
|
2018-07-25 13:57:36 +00:00
|
|
|
|
2019-05-13 22:22:37 +00:00
|
|
|
assert_tokens(&sk.compact(), &[Token::BorrowedBytes(&SK_BYTES[..])]);
|
2020-05-15 12:37:08 +00:00
|
|
|
assert_tokens(&sk.compact(), &[Token::Bytes(&SK_BYTES)]);
|
|
|
|
assert_tokens(&sk.compact(), &[Token::ByteBuf(&SK_BYTES)]);
|
|
|
|
|
2019-05-13 22:22:37 +00:00
|
|
|
assert_tokens(&sk.readable(), &[Token::BorrowedStr(SK_STR)]);
|
2020-05-15 12:37:08 +00:00
|
|
|
assert_tokens(&sk.readable(), &[Token::Str(SK_STR)]);
|
|
|
|
assert_tokens(&sk.readable(), &[Token::String(SK_STR)]);
|
|
|
|
|
2019-07-23 09:56:40 +00:00
|
|
|
assert_tokens(&pk.compact(), &[Token::BorrowedBytes(&PK_BYTES[..])]);
|
2020-05-15 12:37:08 +00:00
|
|
|
assert_tokens(&pk.compact(), &[Token::Bytes(&PK_BYTES)]);
|
|
|
|
assert_tokens(&pk.compact(), &[Token::ByteBuf(&PK_BYTES)]);
|
|
|
|
|
2019-07-23 09:56:40 +00:00
|
|
|
assert_tokens(&pk.readable(), &[Token::BorrowedStr(PK_STR)]);
|
2020-05-15 12:37:08 +00:00
|
|
|
assert_tokens(&pk.readable(), &[Token::Str(PK_STR)]);
|
|
|
|
assert_tokens(&pk.readable(), &[Token::String(PK_STR)]);
|
|
|
|
|
2018-07-25 13:57:36 +00:00
|
|
|
}
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|