Module: Bitcoin::Secp256k1

Extended by:
FFI::Library
Defined in:
lib/bitcoin/ffi/secp256k1.rb

Constant Summary collapse

SECP256K1_FLAGS_TYPE_MASK = 
((1 << 8) - 1)
SECP256K1_FLAGS_TYPE_CONTEXT = 
(1 << 0)
SECP256K1_FLAGS_TYPE_COMPRESSION = 
(1 << 1)
SECP256K1_FLAGS_BIT_CONTEXT_VERIFY =

The higher bits contain the actual data. Do not use directly.

(1 << 8)
SECP256K1_FLAGS_BIT_CONTEXT_SIGN = 
(1 << 9)
SECP256K1_FLAGS_BIT_COMPRESSION = 
(1 << 8)
SECP256K1_CONTEXT_VERIFY =

Flags to pass to secp256k1_context_create.

(SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
SECP256K1_CONTEXT_SIGN = 
(SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
SECP256K1_EC_COMPRESSED =

Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export.

(SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
SECP256K1_EC_UNCOMPRESSED = 
(SECP256K1_FLAGS_TYPE_COMPRESSION)

Class Method Summary collapse

Class Method Details

.ffi_load_functions(file) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 37

def self.ffi_load_functions(file)
  class_eval <<-RUBY
    ffi_lib [ %[#{file}] ]

    ##
    # source: https://github.com/bitcoin/bitcoin/blob/v0.13.1/src/secp256k1/include/secp256k1.h
    ##

    # secp256k1_context* secp256k1_context_create(unsigned int flags)
    attach_function :secp256k1_context_create, [:uint], :pointer

    # void secp256k1_context_destroy(secp256k1_context* ctx)
    attach_function :secp256k1_context_destroy, [:pointer], :void

    # int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32)
    attach_function :secp256k1_context_randomize, [:pointer, :pointer], :int

    # int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey)
    attach_function :secp256k1_ec_seckey_verify, [:pointer, :pointer], :int

    # int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey)
    attach_function :secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int

    # int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags)
    attach_function :secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int

    # int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
    attach_function :secp256k1_ecdsa_sign_recoverable, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig)
    attach_function :secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid)
    attach_function :secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int

    # int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32)
    attach_function :secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
    attach_function :secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig)
    attach_function :secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen)
    attach_function :secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int

    # int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin)
    attach_function :secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey)
    attach_function :secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int

    # int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen)
    attach_function :secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int

    # TODO: add or port
    # # int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) 
    # attach_function :ecdsa_signature_parse_der_lax, [:pointer, :pointer, :pointer, :size_t], :int
  RUBY
end

.generate_key(compressed = true) ⇒ Object 



153
154
155
156
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 153

def self.generate_key(compressed=true)
  priv, pub = generate_key_pair(compressed)
  Bitcoin::Key.new(priv.unpack("H*")[0], pub.unpack("H*")[0])
end

.generate_key_pair(compressed = true) ⇒ Object 



123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 123

def self.generate_key_pair(compressed=true)
  with_context do |context|

    ret, tries, max = 0, 0, 20
    while ret != 1
      raise "secp256k1_ec_seckey_verify in generate_key_pair failed." if tries >= max
      tries += 1

      seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, SecureRandom.random_bytes(32))
      ret = secp256k1_ec_seckey_verify(context, seckey)
    end

    internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
    result = secp256k1_ec_pubkey_create(context, internal_pubkey, seckey)
    raise "error creating pubkey" unless result == 1

    pubkey, pubkey_len = FFI::MemoryPointer.new(:uchar, 65), FFI::MemoryPointer.new(:uint64)
    result = if compressed
      pubkey_len.put_uint64(0, 33)
      secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_COMPRESSED)
    else
      pubkey_len.put_uint64(0, 65)
      secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_UNCOMPRESSED)
    end
    raise "error serialize pubkey" unless (result == 1) || pubkey_len.read_uint64 > 0

    [ seckey.read_string(32), pubkey.read_string(pubkey_len.read_uint64) ]
  end
end

.initObject 



99
100
101
102
103
104
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 99

def self.init
  return if @loaded
  lib_path = [ ENV['SECP256K1_LIB_PATH'], 'vendor/bitcoin/src/secp256k1/.libs/libsecp256k1.so' ].find{|f| File.exists?(f.to_s) }
  ffi_load_functions(lib_path)
  @loaded = true
end

.recover_compact(message, signature) ⇒ Object 



234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 234

def self.recover_compact(message, signature)
  with_context do |context|
    return nil if signature.bytesize != 65

    version = signature.unpack('C')[0]
    return nil if version < 27 || version > 34

    compressed = version >= 31 ? true : false
    flag = compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED
    version -= 4 if compressed

    recid = version - 27
    msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
    recoverable_signature = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature[1..-1])

    internal_recoverable_signature = FFI::MemoryPointer.new(:uchar, 65)
    result = secp256k1_ecdsa_recoverable_signature_parse_compact(context, internal_recoverable_signature, recoverable_signature, recid)
    return nil unless result == 1

    internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
    result = secp256k1_ecdsa_recover(context, internal_pubkey, internal_recoverable_signature, msg32)
    return nil unless result == 1

    pubkey, pubkey_len = FFI::MemoryPointer.new(:uchar, 65), FFI::MemoryPointer.new(:uint64).put_uint64(0, 65)
    result = secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, flag)
    raise "error serialize pubkey" unless (result == 1) || pubkey_len.read_uint64 > 0

    pubkey.read_string(pubkey_len.read_uint64)
  end
end

.sign(data, priv_key) ⇒ Object 



158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 158

def self.sign(data, priv_key)
  with_context do |context|
    seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
    raise "priv_key invalid" unless secp256k1_ec_seckey_verify(context, seckey) == 1

    internal_signature = FFI::MemoryPointer.new(:uchar, 64)
    msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)

    ret, tries, max = 0, 0, 20
    while ret != 1
      raise "secp256k1_ecdsa_sign failed." if tries >= max
      tries += 1

      ret = secp256k1_ecdsa_sign(context, internal_signature, msg32, seckey, nil, nil)
    end

    signature, signature_len = FFI::MemoryPointer.new(:uchar, 72), FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
    result = secp256k1_ecdsa_signature_serialize_der(context, signature, signature_len, internal_signature)
    raise "secp256k1_ecdsa_signature_serialize_der failed" unless result == 1

    signature.read_string(signature_len.read_uint64)
  end
end

.sign_compact(message, priv_key, compressed = true) ⇒ Object 



207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 207

def self.sign_compact(message, priv_key, compressed=true)
  with_context do |context|
    seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
    raise "priv_key invalid" unless secp256k1_ec_seckey_verify(context, seckey) == 1

    msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
    internal_recoverable_signature = FFI::MemoryPointer.new(:uchar, 65)
    rec_id = FFI::MemoryPointer.new(:int).put_int(0, -1)

    ret, tries, max = 0, 0, 20
    while ret != 1
      raise "secp256k1_ecdsa_sign_recoverable failed." if tries >= max
      tries += 1

      ret = secp256k1_ecdsa_sign_recoverable(context, internal_recoverable_signature, msg32, seckey, nil, nil)
    end

    recoverable_signature = FFI::MemoryPointer.new(:uchar, 64)
    result = secp256k1_ecdsa_recoverable_signature_serialize_compact(context, recoverable_signature, rec_id, internal_recoverable_signature)
    raise "secp256k1_ecdsa_recoverable_signature_serialize_compact failed" unless result == 1
    raise "secp256k1_ecdsa_recoverable_signature_serialize_compact failed" unless rec_id.read_int != -1

    header = [27 + rec_id.read_int + (compressed ? 4 : 0)].pack("C")
    [ header, recoverable_signature.read_string(64) ].join
  end
end

.verify(data, sig, pub_key) ⇒ Object 



182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 182

def self.verify(data, sig, pub_key)
  with_context do |context|
    return false if data.bytesize == 0

    pubkey = FFI::MemoryPointer.new(:uchar, pub_key.bytesize).put_bytes(0, pub_key)
    internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
    result = secp256k1_ec_pubkey_parse(context, internal_pubkey, pubkey, pubkey.size)
    return false unless result == 1

    signature = FFI::MemoryPointer.new(:uchar, sig.bytesize).put_bytes(0, sig)
    internal_signature = FFI::MemoryPointer.new(:uchar, 64)
    result = secp256k1_ecdsa_signature_parse_der(context, internal_signature, signature, signature.size)
    #result = ecdsa_signature_parse_der_lax(context, internal_signature, signature, signature.size)
    return false unless result == 1

    # libsecp256k1's ECDSA verification requires lower-S signatures, which have not historically been enforced in Bitcoin, so normalize them first.
    secp256k1_ecdsa_signature_normalize(context, internal_signature, internal_signature)

    msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
    result = secp256k1_ecdsa_verify(context, internal_signature, msg32, internal_pubkey)

    return result == 1
  end
end

.with_context(flags = nil, seed = nil) ⇒ Object 



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/bitcoin/ffi/secp256k1.rb', line 106

def self.with_context(flags=nil, seed=nil)
  init
  flags = flags || (SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN)
  context = secp256k1_context_create(flags)

  ret, tries, max = 0, 0, 20
  while ret != 1
    raise "secp256k1_context_randomize failed." if tries >= max
    tries += 1
    ret = secp256k1_context_randomize(context, FFI::MemoryPointer.from_string(seed || SecureRandom.random_bytes(32)))
  end

  yield(context) if block_given?
ensure
  secp256k1_context_destroy(context)
end