2014-08-12 02:26:14 +00:00
|
|
|
// Bitcoin secp256k1 bindings
|
|
|
|
// Written in 2014 by
|
|
|
|
// Dawid Ciężarkiewicz
|
|
|
|
// Andrew Poelstra
|
|
|
|
//
|
|
|
|
// To the extent possible under law, the author(s) have dedicated all
|
|
|
|
// copyright and related and neighboring rights to this software to
|
|
|
|
// the public domain worldwide. This software is distributed without
|
|
|
|
// any warranty.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the CC0 Public Domain Dedication
|
|
|
|
// along with this software.
|
|
|
|
// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
|
|
//
|
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
//! Public/Private keys
|
|
|
|
|
2015-03-25 19:10:02 +00:00
|
|
|
use std::intrinsics::copy_nonoverlapping;
|
2014-09-04 19:29:24 +00:00
|
|
|
use std::cmp;
|
2014-08-10 01:03:17 +00:00
|
|
|
use std::fmt;
|
|
|
|
use std::rand::Rng;
|
2014-09-05 01:21:09 +00:00
|
|
|
use serialize::{Decoder, Decodable, Encoder, Encodable};
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2014-09-04 19:29:24 +00:00
|
|
|
use crypto::digest::Digest;
|
|
|
|
use crypto::sha2::Sha512;
|
|
|
|
use crypto::hmac::Hmac;
|
|
|
|
use crypto::mac::Mac;
|
|
|
|
|
2014-08-28 17:59:44 +00:00
|
|
|
use super::init;
|
2015-01-17 16:13:45 +00:00
|
|
|
use super::Result;
|
|
|
|
use super::Error::{InvalidNonce, InvalidPublicKey, InvalidSecretKey, Unknown};
|
2014-09-05 01:21:09 +00:00
|
|
|
use constants;
|
|
|
|
use ffi;
|
2014-08-10 01:03:17 +00:00
|
|
|
|
|
|
|
/// Secret 256-bit nonce used as `k` in an ECDSA signature
|
2015-01-17 16:13:45 +00:00
|
|
|
pub struct Nonce([u8; constants::NONCE_SIZE]);
|
|
|
|
impl_array_newtype!(Nonce, u8, constants::NONCE_SIZE);
|
2014-08-10 01:03:17 +00:00
|
|
|
|
|
|
|
/// Secret 256-bit key used as `x` in an ECDSA signature
|
2015-01-17 16:13:45 +00:00
|
|
|
pub struct SecretKey([u8; constants::SECRET_KEY_SIZE]);
|
|
|
|
impl_array_newtype!(SecretKey, u8, constants::SECRET_KEY_SIZE);
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
/// The number 1 encoded as a secret key
|
|
|
|
pub static ONE: SecretKey = SecretKey([0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 1]);
|
2014-09-01 16:13:31 +00:00
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
/// Public key
|
2015-03-25 18:59:54 +00:00
|
|
|
#[derive(Clone, PartialEq, Eq, Debug)]
|
2014-08-10 01:03:17 +00:00
|
|
|
pub struct PublicKey(PublicKeyData);
|
2015-01-17 16:13:45 +00:00
|
|
|
impl Copy for PublicKey {}
|
2014-08-10 01:03:17 +00:00
|
|
|
|
|
|
|
enum PublicKeyData {
|
2015-01-17 16:13:45 +00:00
|
|
|
Compressed([u8; constants::COMPRESSED_PUBLIC_KEY_SIZE]),
|
|
|
|
Uncompressed([u8; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE])
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
impl Copy for PublicKeyData {}
|
2014-08-10 01:03:17 +00:00
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
fn random_32_bytes<R:Rng>(rng: &mut R) -> [u8; 32] {
|
|
|
|
let mut ret = [0u8; 32];
|
|
|
|
rng.fill_bytes(&mut ret);
|
2014-08-16 09:21:35 +00:00
|
|
|
ret
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-09-04 19:29:24 +00:00
|
|
|
/// As described in RFC 6979
|
2015-01-17 16:13:45 +00:00
|
|
|
fn bits2octets(data: &[u8]) -> [u8; 32] {
|
|
|
|
let mut ret = [0; 32];
|
2014-09-04 19:29:24 +00:00
|
|
|
unsafe {
|
2015-03-25 19:10:02 +00:00
|
|
|
copy_nonoverlapping(ret.as_mut_ptr(),
|
|
|
|
data.as_ptr(),
|
|
|
|
cmp::min(data.len(), 32));
|
2014-09-04 19:29:24 +00:00
|
|
|
}
|
|
|
|
ret
|
|
|
|
}
|
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
impl Nonce {
|
|
|
|
/// Creates a new random nonce
|
|
|
|
#[inline]
|
|
|
|
pub fn new<R:Rng>(rng: &mut R) -> Nonce {
|
|
|
|
Nonce(random_32_bytes(rng))
|
|
|
|
}
|
|
|
|
|
2014-08-10 02:02:09 +00:00
|
|
|
/// Converts a `NONCE_SIZE`-byte slice to a nonce
|
|
|
|
#[inline]
|
|
|
|
pub fn from_slice(data: &[u8]) -> Result<Nonce> {
|
|
|
|
match data.len() {
|
|
|
|
constants::NONCE_SIZE => {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0; constants::NONCE_SIZE];
|
2014-08-10 02:02:09 +00:00
|
|
|
unsafe {
|
2015-03-25 19:10:02 +00:00
|
|
|
copy_nonoverlapping(ret.as_mut_ptr(),
|
|
|
|
data.as_ptr(),
|
|
|
|
data.len());
|
2014-08-10 02:02:09 +00:00
|
|
|
}
|
|
|
|
Ok(Nonce(ret))
|
|
|
|
}
|
|
|
|
_ => Err(InvalidNonce)
|
|
|
|
}
|
|
|
|
}
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
/// Generates a deterministic nonce by RFC6979 with HMAC-SHA512
|
|
|
|
#[inline]
|
|
|
|
#[allow(non_snake_case)] // so we can match the names in the RFC
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn deterministic(msg: &[u8], key: &SecretKey) -> Nonce {
|
2015-01-17 16:13:45 +00:00
|
|
|
const HMAC_SIZE: usize = 64;
|
2014-09-04 19:29:24 +00:00
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
macro_rules! hmac {
|
|
|
|
($res:expr; key $key:expr, data $($data:expr),+) => ({
|
2014-09-04 19:29:24 +00:00
|
|
|
let mut hmacker = Hmac::new(Sha512::new(), $key.as_slice());
|
|
|
|
$(hmacker.input($data.as_slice());)+
|
|
|
|
hmacker.raw_result($res.as_mut_slice());
|
|
|
|
})
|
2015-01-17 16:13:45 +00:00
|
|
|
}
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2a
|
|
|
|
// Goofy block just to avoid marking `msg_hash` as mutable
|
|
|
|
let mut hasher = Sha512::new();
|
|
|
|
hasher.input(msg);
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut x = [0; HMAC_SIZE];
|
2014-09-04 19:29:24 +00:00
|
|
|
hasher.result(x.as_mut_slice());
|
|
|
|
let msg_hash = bits2octets(x.as_slice());
|
|
|
|
|
|
|
|
// Section 3.2b
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut V = [0x01u8; HMAC_SIZE];
|
2014-09-04 19:29:24 +00:00
|
|
|
// Section 3.2c
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut K = [0x00u8; HMAC_SIZE];
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2d
|
2015-01-17 16:13:45 +00:00
|
|
|
hmac!(K; key K, data V, [0x00], key, msg_hash);
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2e
|
2015-01-17 16:13:45 +00:00
|
|
|
hmac!(V; key K, data V);
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2f
|
2015-01-17 16:13:45 +00:00
|
|
|
hmac!(K; key K, data V, [0x01], key, msg_hash);
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2g
|
2015-01-17 16:13:45 +00:00
|
|
|
hmac!(V; key K, data V);
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// Section 3.2
|
|
|
|
let mut k = Err(InvalidSecretKey);
|
|
|
|
while k.is_err() {
|
|
|
|
// Try to generate the nonce
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut T = [0x00u8; HMAC_SIZE];
|
|
|
|
hmac!(T; key K, data V);
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
k = Nonce::from_slice(T.slice_to(constants::NONCE_SIZE));
|
|
|
|
|
|
|
|
// Replace K, V
|
|
|
|
if k.is_err() {
|
2015-01-17 16:13:45 +00:00
|
|
|
hmac!(K; key K, data V, [0x00]);
|
|
|
|
hmac!(V; key K, data V);
|
2014-09-04 19:29:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
k.unwrap()
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
impl SecretKey {
|
2014-08-10 01:03:17 +00:00
|
|
|
/// Creates a new random secret key
|
|
|
|
#[inline]
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn new<R:Rng>(rng: &mut R) -> SecretKey {
|
2014-09-01 16:13:31 +00:00
|
|
|
init();
|
2014-08-28 18:11:25 +00:00
|
|
|
let mut data = random_32_bytes(rng);
|
|
|
|
unsafe {
|
2015-01-17 16:38:16 +00:00
|
|
|
while ffi::secp256k1_ec_seckey_verify(data.as_ptr()) == 0 {
|
2014-08-28 18:11:25 +00:00
|
|
|
data = random_32_bytes(rng);
|
|
|
|
}
|
|
|
|
}
|
2014-09-12 13:28:35 +00:00
|
|
|
SecretKey(data)
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
/// Converts a `SECRET_KEY_SIZE`-byte slice to a secret key
|
2014-08-10 01:46:38 +00:00
|
|
|
#[inline]
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn from_slice(data: &[u8]) -> Result<SecretKey> {
|
2014-08-28 17:59:44 +00:00
|
|
|
init();
|
2014-08-10 01:46:38 +00:00
|
|
|
match data.len() {
|
|
|
|
constants::SECRET_KEY_SIZE => {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0; constants::SECRET_KEY_SIZE];
|
2014-08-10 01:46:38 +00:00
|
|
|
unsafe {
|
2015-01-17 16:38:16 +00:00
|
|
|
if ffi::secp256k1_ec_seckey_verify(data.as_ptr()) == 0 {
|
2014-08-24 23:13:08 +00:00
|
|
|
return Err(InvalidSecretKey);
|
|
|
|
}
|
2015-03-25 19:10:02 +00:00
|
|
|
copy_nonoverlapping(ret.as_mut_ptr(),
|
|
|
|
data.as_ptr(),
|
|
|
|
data.len());
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
2014-09-12 13:28:35 +00:00
|
|
|
Ok(SecretKey(ret))
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
_ => Err(InvalidSecretKey)
|
|
|
|
}
|
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
|
|
|
#[inline]
|
|
|
|
/// Adds one secret key to another, modulo the curve order
|
2014-08-28 17:59:44 +00:00
|
|
|
/// Marked `unsafe` since you must
|
|
|
|
/// call `init()` (or construct a `Secp256k1`, which does this for you) before
|
|
|
|
/// using this function
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn add_assign(&mut self, other: &SecretKey) -> Result<()> {
|
2014-08-28 17:59:44 +00:00
|
|
|
init();
|
2014-08-28 16:16:53 +00:00
|
|
|
unsafe {
|
2015-01-17 16:38:16 +00:00
|
|
|
if ffi::secp256k1_ec_privkey_tweak_add(self.as_mut_ptr(), other.as_ptr()) != 1 {
|
2014-08-28 16:16:53 +00:00
|
|
|
Err(Unknown)
|
|
|
|
} else {
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-09-01 16:13:31 +00:00
|
|
|
|
|
|
|
#[inline]
|
2014-09-12 13:28:35 +00:00
|
|
|
/// Returns an iterator for the (sk, pk) pairs starting one after this one,
|
|
|
|
/// and incrementing by one each time
|
|
|
|
pub fn sequence(&self, compressed: bool) -> Sequence {
|
|
|
|
Sequence { last_sk: *self, compressed: compressed }
|
2014-09-01 16:13:31 +00:00
|
|
|
}
|
2014-09-12 13:28:35 +00:00
|
|
|
}
|
2014-09-01 16:13:31 +00:00
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
/// An iterator of keypairs `(sk + 1, pk*G)`, `(sk + 2, pk*2G)`, ...
|
|
|
|
pub struct Sequence {
|
|
|
|
compressed: bool,
|
|
|
|
last_sk: SecretKey,
|
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
impl Copy for Sequence {}
|
|
|
|
|
|
|
|
impl Iterator for Sequence {
|
|
|
|
type Item = (SecretKey, PublicKey);
|
2014-09-01 16:13:31 +00:00
|
|
|
|
|
|
|
#[inline]
|
2014-09-12 13:28:35 +00:00
|
|
|
fn next(&mut self) -> Option<(SecretKey, PublicKey)> {
|
|
|
|
self.last_sk.add_assign(&ONE).unwrap();
|
|
|
|
Some((self.last_sk, PublicKey::from_secret_key(&self.last_sk, self.compressed)))
|
2014-09-01 16:13:31 +00:00
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
impl PublicKey {
|
|
|
|
/// Creates a new zeroed out public key
|
|
|
|
#[inline]
|
|
|
|
pub fn new(compressed: bool) -> PublicKey {
|
|
|
|
PublicKey(
|
2015-01-17 16:13:45 +00:00
|
|
|
if compressed {
|
|
|
|
PublicKeyData::Compressed([0; constants::COMPRESSED_PUBLIC_KEY_SIZE])
|
|
|
|
} else {
|
|
|
|
PublicKeyData::Uncompressed([0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE])
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2014-08-28 17:59:44 +00:00
|
|
|
/// Creates a new public key from a secret key.
|
2014-08-10 01:03:17 +00:00
|
|
|
#[inline]
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn from_secret_key(sk: &SecretKey, compressed: bool) -> PublicKey {
|
2014-08-10 01:03:17 +00:00
|
|
|
let mut pk = PublicKey::new(compressed);
|
|
|
|
let compressed = if compressed {1} else {0};
|
2014-08-10 03:34:16 +00:00
|
|
|
let mut len = 0;
|
|
|
|
|
2014-08-28 17:59:44 +00:00
|
|
|
init();
|
|
|
|
unsafe {
|
2014-08-28 18:11:25 +00:00
|
|
|
// We can assume the return value because it's not possible to construct
|
|
|
|
// an invalid `SecretKey` without transmute trickery or something
|
2015-01-17 16:38:16 +00:00
|
|
|
assert_eq!(ffi::secp256k1_ec_pubkey_create(
|
2014-08-28 17:59:44 +00:00
|
|
|
pk.as_mut_ptr(), &mut len,
|
2014-08-28 18:11:25 +00:00
|
|
|
sk.as_ptr(), compressed), 1);
|
2014-08-10 03:34:16 +00:00
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
assert_eq!(len as usize, pk.len());
|
2014-08-28 18:11:25 +00:00
|
|
|
pk
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
2014-08-10 01:46:38 +00:00
|
|
|
/// Creates a public key directly from a slice
|
|
|
|
#[inline]
|
|
|
|
pub fn from_slice(data: &[u8]) -> Result<PublicKey> {
|
|
|
|
match data.len() {
|
|
|
|
constants::COMPRESSED_PUBLIC_KEY_SIZE => {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0; constants::COMPRESSED_PUBLIC_KEY_SIZE];
|
2014-08-10 01:46:38 +00:00
|
|
|
unsafe {
|
2015-01-17 16:38:16 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_verify(data.as_ptr(),
|
2014-08-31 21:04:14 +00:00
|
|
|
data.len() as ::libc::c_int) == 0 {
|
|
|
|
return Err(InvalidPublicKey);
|
|
|
|
}
|
2015-03-25 19:10:02 +00:00
|
|
|
copy_nonoverlapping(ret.as_mut_ptr(),
|
|
|
|
data.as_ptr(),
|
|
|
|
data.len());
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
Ok(PublicKey(PublicKeyData::Compressed(ret)))
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
constants::UNCOMPRESSED_PUBLIC_KEY_SIZE => {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret = [0; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
|
2014-08-10 01:46:38 +00:00
|
|
|
unsafe {
|
2015-03-25 19:10:02 +00:00
|
|
|
copy_nonoverlapping(ret.as_mut_ptr(),
|
|
|
|
data.as_ptr(),
|
|
|
|
data.len());
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
Ok(PublicKey(PublicKeyData::Uncompressed(ret)))
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
_ => Err(InvalidPublicKey)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
/// Returns whether the public key is compressed or uncompressed
|
|
|
|
#[inline]
|
|
|
|
pub fn is_compressed(&self) -> bool {
|
|
|
|
let &PublicKey(ref data) = self;
|
|
|
|
match *data {
|
2015-01-17 16:13:45 +00:00
|
|
|
PublicKeyData::Compressed(_) => true,
|
|
|
|
PublicKeyData::Uncompressed(_) => false
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Returns the length of the public key
|
|
|
|
#[inline]
|
2015-01-17 16:13:45 +00:00
|
|
|
pub fn len(&self) -> usize {
|
2014-08-10 01:03:17 +00:00
|
|
|
let &PublicKey(ref data) = self;
|
|
|
|
match *data {
|
2015-01-17 16:13:45 +00:00
|
|
|
PublicKeyData::Compressed(ref x) => x.len(),
|
|
|
|
PublicKeyData::Uncompressed(ref x) => x.len()
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Converts the public key into a byte slice
|
|
|
|
#[inline]
|
|
|
|
pub fn as_slice<'a>(&'a self) -> &'a [u8] {
|
|
|
|
let &PublicKey(ref data) = self;
|
|
|
|
data.as_slice()
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Converts the public key to a raw pointer suitable for use
|
|
|
|
/// with the FFI functions
|
|
|
|
#[inline]
|
|
|
|
pub fn as_ptr(&self) -> *const u8 {
|
|
|
|
let &PublicKey(ref data) = self;
|
|
|
|
match *data {
|
2015-01-17 16:13:45 +00:00
|
|
|
PublicKeyData::Compressed(ref x) => x.as_ptr(),
|
|
|
|
PublicKeyData::Uncompressed(ref x) => x.as_ptr()
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Converts the public key to a mutable raw pointer suitable for use
|
|
|
|
/// with the FFI functions
|
|
|
|
#[inline]
|
|
|
|
pub fn as_mut_ptr(&mut self) -> *mut u8 {
|
2015-01-17 16:13:45 +00:00
|
|
|
let &mut PublicKey(ref mut data) = self;
|
2014-08-10 01:03:17 +00:00
|
|
|
match *data {
|
2015-01-17 16:13:45 +00:00
|
|
|
PublicKeyData::Compressed(ref mut x) => x.as_mut_ptr(),
|
|
|
|
PublicKeyData::Uncompressed(ref mut x) => x.as_mut_ptr()
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
|
|
|
#[inline]
|
|
|
|
/// Adds the pk corresponding to `other` to the pk `self` in place
|
2014-09-12 13:28:35 +00:00
|
|
|
pub fn add_exp_assign(&mut self, other: &SecretKey) -> Result<()> {
|
2014-08-28 17:59:44 +00:00
|
|
|
init();
|
2014-08-28 16:16:53 +00:00
|
|
|
unsafe {
|
2015-01-17 16:38:16 +00:00
|
|
|
if ffi::secp256k1_ec_pubkey_tweak_add(self.as_mut_ptr(),
|
|
|
|
self.len() as ::libc::c_int,
|
|
|
|
other.as_ptr()) != 1 {
|
2014-08-28 16:16:53 +00:00
|
|
|
Err(Unknown)
|
|
|
|
} else {
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
impl PublicKeyData {
|
|
|
|
#[inline]
|
|
|
|
fn as_slice<'a>(&'a self) -> &'a [u8] {
|
|
|
|
match *self {
|
2015-01-17 16:13:45 +00:00
|
|
|
PublicKeyData::Compressed(ref x) => x.as_slice(),
|
|
|
|
PublicKeyData::Uncompressed(ref x) => x.as_slice()
|
2014-08-10 01:03:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// We have to do all these impls ourselves as Rust can't derive
|
|
|
|
// them for arrays
|
2015-03-25 18:59:54 +00:00
|
|
|
impl fmt::Debug for Nonce {
|
2014-08-10 02:02:09 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
self.as_slice().fmt(f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-27 17:19:10 +00:00
|
|
|
impl Clone for PublicKeyData {
|
|
|
|
fn clone(&self) -> PublicKeyData { *self }
|
|
|
|
}
|
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
impl PartialEq for PublicKeyData {
|
|
|
|
fn eq(&self, other: &PublicKeyData) -> bool {
|
|
|
|
self.as_slice() == other.as_slice()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Eq for PublicKeyData {}
|
|
|
|
|
2015-03-25 18:59:54 +00:00
|
|
|
impl fmt::Debug for PublicKeyData {
|
2014-08-10 01:03:17 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
self.as_slice().fmt(f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
impl Decodable for PublicKey {
|
|
|
|
fn decode<D: Decoder>(d: &mut D) -> ::std::result::Result<PublicKey, D::Error> {
|
2014-09-05 01:21:09 +00:00
|
|
|
d.read_seq(|d, len| {
|
|
|
|
if len == constants::UNCOMPRESSED_PUBLIC_KEY_SIZE {
|
|
|
|
unsafe {
|
|
|
|
use std::mem;
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret: [u8; constants::UNCOMPRESSED_PUBLIC_KEY_SIZE] = mem::uninitialized();
|
2014-09-05 01:21:09 +00:00
|
|
|
for i in range(0, len) {
|
|
|
|
ret[i] = try!(d.read_seq_elt(i, |d| Decodable::decode(d)));
|
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
Ok(PublicKey(PublicKeyData::Uncompressed(ret)))
|
2014-09-05 01:21:09 +00:00
|
|
|
}
|
|
|
|
} else if len == constants::COMPRESSED_PUBLIC_KEY_SIZE {
|
|
|
|
unsafe {
|
|
|
|
use std::mem;
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut ret: [u8; constants::COMPRESSED_PUBLIC_KEY_SIZE] = mem::uninitialized();
|
2014-09-05 01:21:09 +00:00
|
|
|
for i in range(0, len) {
|
|
|
|
ret[i] = try!(d.read_seq_elt(i, |d| Decodable::decode(d)));
|
|
|
|
}
|
2015-01-17 16:13:45 +00:00
|
|
|
Ok(PublicKey(PublicKeyData::Compressed(ret)))
|
2014-09-05 01:21:09 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
Err(d.error("Invalid length"))
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
impl Encodable for PublicKey {
|
|
|
|
fn encode<S: Encoder>(&self, s: &mut S) -> ::std::result::Result<(), S::Error> {
|
|
|
|
self.as_slice().encode(s)
|
2014-09-05 01:21:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-25 18:59:54 +00:00
|
|
|
impl fmt::Debug for SecretKey {
|
2014-08-10 01:46:38 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2014-09-12 13:28:35 +00:00
|
|
|
self.as_slice().fmt(f)
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod test {
|
2014-09-04 19:29:24 +00:00
|
|
|
use serialize::hex::FromHex;
|
2015-01-17 16:13:45 +00:00
|
|
|
use std::rand::thread_rng;
|
2014-08-10 02:02:09 +00:00
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
use test::Bencher;
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
use super::super::Secp256k1;
|
|
|
|
use super::super::Error::{InvalidNonce, InvalidPublicKey, InvalidSecretKey};
|
2014-08-18 01:55:07 +00:00
|
|
|
use super::{Nonce, PublicKey, SecretKey};
|
2014-08-10 01:46:38 +00:00
|
|
|
|
|
|
|
#[test]
|
2014-08-10 02:02:09 +00:00
|
|
|
fn nonce_from_slice() {
|
2015-01-17 16:13:45 +00:00
|
|
|
let n = Nonce::from_slice(&[1; 31]);
|
2014-08-10 02:02:09 +00:00
|
|
|
assert_eq!(n, Err(InvalidNonce));
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
let n = SecretKey::from_slice(&[1; 32]);
|
2014-09-12 13:28:35 +00:00
|
|
|
assert!(n.is_ok());
|
2014-08-10 02:02:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn skey_from_slice() {
|
2015-01-17 16:13:45 +00:00
|
|
|
let sk = SecretKey::from_slice(&[1; 31]);
|
2014-09-12 13:28:35 +00:00
|
|
|
assert_eq!(sk, Err(InvalidSecretKey));
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
let sk = SecretKey::from_slice(&[1; 32]);
|
2014-09-12 13:28:35 +00:00
|
|
|
assert!(sk.is_ok());
|
2014-08-10 02:02:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn pubkey_from_slice() {
|
2015-01-17 16:13:45 +00:00
|
|
|
assert_eq!(PublicKey::from_slice(&[]), Err(InvalidPublicKey));
|
|
|
|
assert_eq!(PublicKey::from_slice(&[1, 2, 3]), Err(InvalidPublicKey));
|
2014-08-10 01:46:38 +00:00
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
let uncompressed = PublicKey::from_slice(&[4, 54, 57, 149, 239, 162, 148, 175, 246, 254, 239, 75, 154, 152, 10, 82, 234, 224, 85, 220, 40, 100, 57, 121, 30, 162, 94, 156, 135, 67, 74, 49, 179, 57, 236, 53, 162, 124, 149, 144, 168, 77, 74, 30, 72, 211, 229, 110, 111, 55, 96, 193, 86, 227, 183, 152, 195, 155, 51, 247, 123, 113, 60, 228, 188]);
|
2014-08-10 01:46:38 +00:00
|
|
|
assert!(uncompressed.is_ok());
|
|
|
|
assert!(!uncompressed.unwrap().is_compressed());
|
|
|
|
|
2015-01-17 16:13:45 +00:00
|
|
|
let compressed = PublicKey::from_slice(&[3, 23, 183, 225, 206, 31, 159, 148, 195, 42, 67, 115, 146, 41, 248, 140, 11, 3, 51, 41, 111, 180, 110, 143, 114, 134, 88, 73, 198, 174, 52, 184, 78]);
|
2014-08-10 01:46:38 +00:00
|
|
|
assert!(compressed.is_ok());
|
|
|
|
assert!(compressed.unwrap().is_compressed());
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn keypair_slice_round_trip() {
|
2014-09-12 13:28:35 +00:00
|
|
|
let mut s = Secp256k1::new().unwrap();
|
2014-08-10 01:46:38 +00:00
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
let (sk1, pk1) = s.generate_keypair(true);
|
|
|
|
assert_eq!(SecretKey::from_slice(sk1.as_slice()), Ok(sk1));
|
2014-09-12 03:36:15 +00:00
|
|
|
assert_eq!(PublicKey::from_slice(pk1.as_slice()), Ok(pk1));
|
2014-09-12 13:28:35 +00:00
|
|
|
|
|
|
|
let (sk2, pk2) = s.generate_keypair(false);
|
|
|
|
assert_eq!(SecretKey::from_slice(sk2.as_slice()), Ok(sk2));
|
2014-08-10 01:46:38 +00:00
|
|
|
assert_eq!(PublicKey::from_slice(pk2.as_slice()), Ok(pk2));
|
|
|
|
}
|
2014-08-10 02:02:09 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn nonce_slice_round_trip() {
|
2015-01-17 16:13:45 +00:00
|
|
|
let mut rng = thread_rng();
|
2014-08-10 02:02:09 +00:00
|
|
|
let nonce = Nonce::new(&mut rng);
|
|
|
|
assert_eq!(Nonce::from_slice(nonce.as_slice()), Ok(nonce));
|
|
|
|
}
|
2014-08-24 23:13:08 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn invalid_secret_key() {
|
|
|
|
// Zero
|
2015-01-17 16:13:45 +00:00
|
|
|
assert_eq!(SecretKey::from_slice(&[0; 32]), Err(InvalidSecretKey));
|
2014-08-24 23:13:08 +00:00
|
|
|
// -1
|
2015-01-17 16:13:45 +00:00
|
|
|
assert_eq!(SecretKey::from_slice(&[0xff; 32]), Err(InvalidSecretKey));
|
2014-08-24 23:13:08 +00:00
|
|
|
// Top of range
|
2015-01-17 16:13:45 +00:00
|
|
|
assert!(SecretKey::from_slice(&[0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
|
|
|
|
0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
|
|
|
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x40]).is_ok());
|
2014-08-24 23:13:08 +00:00
|
|
|
// One past top of range
|
2015-01-17 16:13:45 +00:00
|
|
|
assert!(SecretKey::from_slice(&[0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
|
|
|
|
0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
|
|
|
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41]).is_err());
|
2014-08-24 23:13:08 +00:00
|
|
|
}
|
2014-08-28 16:16:53 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_addition() {
|
2014-09-12 13:28:35 +00:00
|
|
|
let mut s = Secp256k1::new().unwrap();
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2014-09-12 13:28:35 +00:00
|
|
|
let (mut sk1, mut pk1) = s.generate_keypair(true);
|
|
|
|
let (mut sk2, mut pk2) = s.generate_keypair(true);
|
2014-08-28 16:16:53 +00:00
|
|
|
|
2014-08-28 18:11:25 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&sk1, true), pk1);
|
2014-08-28 17:59:44 +00:00
|
|
|
assert!(sk1.add_assign(&sk2).is_ok());
|
|
|
|
assert!(pk1.add_exp_assign(&sk2).is_ok());
|
2014-08-28 18:11:25 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&sk1, true), pk1);
|
2014-08-28 17:59:44 +00:00
|
|
|
|
2014-08-28 18:11:25 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&sk2, true), pk2);
|
2014-08-28 17:59:44 +00:00
|
|
|
assert!(sk2.add_assign(&sk1).is_ok());
|
|
|
|
assert!(pk2.add_exp_assign(&sk1).is_ok());
|
2014-08-28 18:11:25 +00:00
|
|
|
assert_eq!(PublicKey::from_secret_key(&sk2, true), pk2);
|
2014-08-28 16:16:53 +00:00
|
|
|
}
|
2014-09-01 16:13:31 +00:00
|
|
|
|
2014-09-04 19:29:24 +00:00
|
|
|
#[test]
|
|
|
|
fn test_deterministic() {
|
|
|
|
// nb code in comments is equivalent python
|
|
|
|
|
|
|
|
// from ecdsa import rfc6979
|
|
|
|
// from ecdsa.curves import SECP256k1
|
|
|
|
// # This key was generated randomly
|
|
|
|
// sk = 0x09e918bbea76205445e9a73eaad2080a135d1e33e9dd1b3ca8a9a1285e7c1f81
|
2014-09-12 13:28:35 +00:00
|
|
|
let sk = SecretKey::from_slice(hex_slice!("09e918bbea76205445e9a73eaad2080a135d1e33e9dd1b3ca8a9a1285e7c1f81")).unwrap();
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// "%x" % rfc6979.generate_k(SECP256k1.generator, sk, hashlib.sha512, hashlib.sha512('').digest())
|
2015-01-17 16:13:45 +00:00
|
|
|
let nonce = Nonce::deterministic(&[], &sk);
|
2014-09-04 19:29:24 +00:00
|
|
|
assert_eq!(nonce.as_slice(),
|
|
|
|
hex_slice!("d954eddd184cac2b60edcd0e6be9ec54d93f633b28b366420d38ed9c346ffe27"));
|
|
|
|
|
|
|
|
// "%x" % rfc6979.generate_k(SECP256k1.generator, sk, hashlib.sha512, hashlib.sha512('test').digest())
|
|
|
|
let nonce = Nonce::deterministic(b"test", &sk);
|
|
|
|
assert_eq!(nonce.as_slice(),
|
|
|
|
hex_slice!("609cc24acce2f19e46e38a82afc56c1745dee16e04f2b27e24999e1fefeb08bd"));
|
|
|
|
|
|
|
|
// # Decrease the secret key by one
|
|
|
|
// sk = 0x09e918bbea76205445e9a73eaad2080a135d1e33e9dd1b3ca8a9a1285e7c1f80
|
2014-09-12 13:28:35 +00:00
|
|
|
let sk = SecretKey::from_slice(hex_slice!("09e918bbea76205445e9a73eaad2080a135d1e33e9dd1b3ca8a9a1285e7c1f80")).unwrap();
|
2014-09-04 19:29:24 +00:00
|
|
|
|
|
|
|
// "%x" % rfc6979.generate_k(SECP256k1.generator, sk, hashlib.sha512, hashlib.sha512('').digest())
|
2015-01-17 16:13:45 +00:00
|
|
|
let nonce = Nonce::deterministic(&[], &sk);
|
2014-09-04 19:29:24 +00:00
|
|
|
assert_eq!(nonce.as_slice(),
|
|
|
|
hex_slice!("9f45f8d0a28e8956673c8da6db3db86ca4f172f0a2dbd62364fdbf786c7d96df"));
|
|
|
|
|
|
|
|
// "%x" % rfc6979.generate_k(SECP256k1.generator, sk, hashlib.sha512, hashlib.sha512('test').digest())
|
|
|
|
let nonce = Nonce::deterministic(b"test", &sk);
|
|
|
|
assert_eq!(nonce.as_slice(),
|
|
|
|
hex_slice!("355c589ff662c838aee454d62b12c50a87b7e95ede2431c7cfa40b6ba2fddccd"));
|
|
|
|
}
|
2014-09-12 13:28:35 +00:00
|
|
|
|
|
|
|
#[bench]
|
|
|
|
pub fn sequence_iterate(bh: &mut Bencher) {
|
|
|
|
let mut s = Secp256k1::new().unwrap();
|
|
|
|
let (sk, _) = s.generate_keypair(true);
|
|
|
|
let mut iter = sk.sequence(true);
|
|
|
|
bh.iter(|| iter.next())
|
|
|
|
}
|
2014-08-10 01:46:38 +00:00
|
|
|
}
|
|
|
|
|
2014-08-10 01:03:17 +00:00
|
|
|
|