Class: Secp256k1::Context

Inherits:

Object

• Object
• Secp256k1::Context

Defined in:

lib/rbsecp256k1/context.rb,
ext/rbsecp256k1/rbsecp256k1.c

Overview

Wrapper around a secp256k1_context object.

Class Method Summary

• .create ⇒ Secp256k1::Context

  Create a new randomized context.

• .create_unrandomized ⇒ Secp256k1::Context

  Create a new non-randomized context.

Instance Method Summary

• #ecdh(point, scalar) ⇒ Secp256k1::SharedSecret

  Compute EC Diffie-Hellman secret in constant time.

• #generate_key_pair ⇒ Secp256k1::KeyPair

  Generates a new random key pair.

• #initialize(*args) ⇒ Secp256k1::Context constructor

  Initialize a new context.

• #key_pair_from_private_key(in_private_key_data) ⇒ Secp256k1::KeyPair

  Converts binary private key data into a new key pair.

• #recoverable_signature_from_compact(in_compact_sig, in_recovery_id) ⇒ Secp256k1::RecoverableSignature

  Loads recoverable signature from compact representation and recovery ID.

• #sign(in_private_key, in_hash32) ⇒ Secp256k1::Signature

  Computes the ECDSA signature of the data using the secp256k1 elliptic curve.

• #sign_recoverable(in_private_key, in_hash32) ⇒ Secp256k1::RecoverableSignature

  Computes the recoverable ECDSA signature of data signed with private key.

• #verify(in_signature, in_pubkey, in_hash32) ⇒ Boolean

  Verifies that signature matches public key and data.

Constructor Details

#initialize(*args) ⇒ Secp256k1::Context

Initialize a new context.

Context initialization should be infrequent as it is an expensive operation.

Parameters:

• context_randomization_bytes (String, nil) —

  (Optional) 32 bytes of random data used to randomize the context. If omitted then the context remains unrandomized. It is recommended that you provide this argument.

Raises:

• (Secp256k1::Error) —

  if context randomization fails.

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1135

static VALUE
Context_initialize(int argc, const VALUE* argv, VALUE self)
{
  Context *context;
  unsigned char *seed32;
  VALUE context_randomization_bytes;
  VALUE opts;
  static ID kwarg_ids;

  context_randomization_bytes = Qnil;
  if (!kwarg_ids)
  {
    CONST_ID(kwarg_ids, "context_randomization_bytes");
  }

  TypedData_Get_Struct(self, Context, &Context_DataType, context);

  context->ctx = secp256k1_context_create(
    SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY
  );

  // Handle optional second argument containing random bytes to use for
  // randomization. We pass ":" to rb_scan_args to say that we expect keyword
  // arguments. We then parse the opts result of the scan in order to grab
  // context_randomization_bytes from the hash.
  rb_scan_args(argc, argv, ":", &opts);
  rb_get_kwargs(opts, &kwarg_ids, 0, 1, &context_randomization_bytes);

  // We need this check because rb_get_kwargs will set the result to Qundef if
  // the keyword argument is not provided. This lets us use the NIL_P
  // predicate.
  if (context_randomization_bytes == Qundef)
  {
    context_randomization_bytes = Qnil;
  }

  if (!NIL_P(context_randomization_bytes)) // Random bytes given
  {
    Check_Type(context_randomization_bytes, T_STRING);
    if (RSTRING_LEN(context_randomization_bytes) != 32)
    {
      rb_raise(
        Secp256k1_Error_class,
        "context_randomization_bytes must be 32 bytes in length"
      );
    }

    seed32 = (unsigned char*)StringValuePtr(context_randomization_bytes);

    // Randomize the context at initialization time rather than before calls so
    // the same context can be used across threads safely.
    if (secp256k1_context_randomize(context->ctx, seed32) != 1)
    {
      rb_raise(
        Secp256k1_Error_class,
        "context randomization failed"
      );
    }
  }

  return self;
}

Class Method Details

.create ⇒ Secp256k1::Context

Create a new randomized context.

Returns:

• (Secp256k1::Context) —

  randomized context

# File 'lib/rbsecp256k1/context.rb', line 11

def self.create
  new(context_randomization_bytes: SecureRandom.random_bytes(32))
end

.create_unrandomized ⇒ Secp256k1::Context

Create a new non-randomized context.

Returns:

• (Secp256k1::Context) —

  non-randomized context

# File 'lib/rbsecp256k1/context.rb', line 18

def self.create_unrandomized
  new
end

Instance Method Details

#ecdh(point, scalar) ⇒ Secp256k1::SharedSecret

Compute EC Diffie-Hellman secret in constant time.

Creates a new shared secret from public_key and private_key.

Parameters:

• point (Secp256k1::PublicKey) —

  public-key representing ECDH point.

• scalar (Secp256k1::PrivateKey) —

  private-key representing ECDH scalar.

Returns:

• (Secp256k1::SharedSecret) —

  shared secret

Raises:

• (Secp256k1::Error) —

  If scalar was invalid (zero or caused overflow).

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1453

static VALUE
Context_ecdh(VALUE self, VALUE point, VALUE scalar)
{
  Context *context;
  PublicKey *public_key;
  PrivateKey *private_key;
  SharedSecret *shared_secret;
  VALUE result;

  TypedData_Get_Struct(self, Context, &Context_DataType, context);
  TypedData_Get_Struct(point, PublicKey, &PublicKey_DataType, public_key);
  TypedData_Get_Struct(scalar, PrivateKey, &PrivateKey_DataType, private_key);

  result = SharedSecret_alloc(Secp256k1_SharedSecret_class);
  TypedData_Get_Struct(
    result, SharedSecret, &SharedSecret_DataType, shared_secret
  );

  if (secp256k1_ecdh(context->ctx,
                     shared_secret->data,
                     &(public_key->pubkey),
                     (unsigned char*)private_key->data,
                     NULL,
                     NULL) != 1)
  {
    rb_raise(Secp256k1_Error_class, "invalid scalar provided to ecdh");
  }

  rb_iv_set(result, "@data", rb_str_new((char*)shared_secret->data, 32));

  return result;
}

#generate_key_pair ⇒ Secp256k1::KeyPair

Generates a new random key pair.

Returns:

• (Secp256k1::KeyPair) —

  public-private key pair.

# File 'lib/rbsecp256k1/context.rb', line 25

def generate_key_pair
  key_pair_from_private_key(SecureRandom.random_bytes(32))
end

#key_pair_from_private_key(in_private_key_data) ⇒ Secp256k1::KeyPair

Converts binary private key data into a new key pair.

Parameters:

• in_private_key_data (String) —

  binary private key data

Returns:

• (Secp256k1::KeyPair) —

  key pair initialized from the private key data.

Raises:

• (Secp256k1::Error) —

  if the private key data is invalid or key derivation fails.

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1206

static VALUE
Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
{
  Context *context;
  VALUE public_key;
  VALUE private_key;
  unsigned char *private_key_data;

  Check_Type(in_private_key_data, T_STRING);
  TypedData_Get_Struct(self, Context, &Context_DataType, context);

  if (RSTRING_LEN(in_private_key_data) != 32)
  {
    rb_raise(Secp256k1_Error_class, "private key data must be 32 bytes in length");
  }

  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);

  private_key = PrivateKey_create(private_key_data);
  public_key = PublicKey_create_from_private_key(context, private_key_data);

  return rb_funcall(
    Secp256k1_KeyPair_class,
    rb_intern("new"),
    2,
    public_key,
    private_key
  );
}

#recoverable_signature_from_compact(in_compact_sig, in_recovery_id) ⇒ Secp256k1::RecoverableSignature

Loads recoverable signature from compact representation and recovery ID.

Parameters:

• in_compact_sig (String) —

  binary string containing compact signature data.

• in_recovery_id (Integer) —

  recovery ID (range [0, 3])

Returns:

• (Secp256k1::RecoverableSignature) —

  signature parsed from data.

Raises:

• (Secp256k1::DeserializationError) —

  if signature data or recovery ID is invalid.

• (Secp256k1::Error) —

  if compact signature is not 64 bytes or recovery ID is not in range [0, 3].

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1390

static VALUE
Context_recoverable_signature_from_compact(
  VALUE self, VALUE in_compact_sig, VALUE in_recovery_id)
{
  Context *context;
  RecoverableSignature *recoverable_signature;
  unsigned char *compact_sig;
  int recovery_id;
  VALUE result;

  Check_Type(in_compact_sig, T_STRING);
  Check_Type(in_recovery_id, T_FIXNUM);
  TypedData_Get_Struct(self, Context, &Context_DataType, context);

  compact_sig = (unsigned char*)StringValuePtr(in_compact_sig);
  recovery_id = FIX2INT(in_recovery_id);

  if (RSTRING_LEN(in_compact_sig) != 64)
  {
    rb_raise(Secp256k1_Error_class, "compact signature is not 64 bytes");
  }

  if (recovery_id < 0 || recovery_id > 3)
  {
    rb_raise(Secp256k1_Error_class, "invalid recovery ID, must be in range [0, 3]");
  }

  result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
  TypedData_Get_Struct(
    result,
    RecoverableSignature,
    &RecoverableSignature_DataType,
    recoverable_signature
  );

  if (secp256k1_ecdsa_recoverable_signature_parse_compact(
        secp256k1_context_no_precomp,
        &(recoverable_signature->sig),
        compact_sig,
        recovery_id) == 1)
  {
    recoverable_signature->ctx = secp256k1_context_clone(context->ctx);
    return result;
  }
  
  rb_raise(Secp256k1_DeserializationError_class, "unable to parse recoverable signature");
}

#sign(in_private_key, in_hash32) ⇒ Secp256k1::Signature

Computes the ECDSA signature of the data using the secp256k1 elliptic curve.

Parameters:

• in_private_key (Secp256k1::PrivateKey) —

  private key to use for signing.

• in_hash32 (String) —

  32-byte binary string with SHA-256 hash of data.

Returns:

• (Secp256k1::Signature) —

  signature resulting from signing data.

Raises:

• (Secp256k1::Error) —

  if hash is not 32-bytes in length or signature computation fails.

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1246

static VALUE
Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
{
  unsigned char *hash32;
  PrivateKey *private_key;
  Context *context;
  Signature *signature;
  VALUE signature_result;

  Check_Type(in_hash32, T_STRING);

  if (RSTRING_LEN(in_hash32) != 32)
  {
    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
  }

  TypedData_Get_Struct(self, Context, &Context_DataType, context);
  TypedData_Get_Struct(in_private_key, PrivateKey, &PrivateKey_DataType, private_key);
  hash32 = (unsigned char*)StringValuePtr(in_hash32);

  signature_result = Signature_alloc(Secp256k1_Signature_class);
  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
 
  // Attempt to sign the hash of the given data
  if (SUCCESS(SignData(context->ctx,
                       hash32,
                       private_key->data,
                       &(signature->sig))))
  {
    return signature_result;
  }

  rb_raise(Secp256k1_Error_class, "unable to compute signature");
}

#sign_recoverable(in_private_key, in_hash32) ⇒ Secp256k1::RecoverableSignature

Computes the recoverable ECDSA signature of data signed with private key.

Parameters:

• in_private_key (Secp256k1::PrivateKey) —

  private key to sign with.

• in_hash32 (String) —

  32-byte binary string with SHA-256 hash of data.

Returns:

• (Secp256k1::RecoverableSignature) —

  recoverable signature produced by signing the SHA-256 hash ‘in_hash32` with `in_private_key`.

Raises:

• (Secp256k1::Error) —

  if the hash is not 32 bytes or signature could not be computed.

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1337

static VALUE
Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
{
  Context *context;
  PrivateKey *private_key;
  RecoverableSignature *recoverable_signature;
  unsigned char *hash32;
  VALUE result;

  Check_Type(in_hash32, T_STRING);
  if (RSTRING_LEN(in_hash32) != 32)
  {
    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
  }

  TypedData_Get_Struct(self, Context, &Context_DataType, context);
  TypedData_Get_Struct(
    in_private_key, PrivateKey, &PrivateKey_DataType, private_key
  );
  hash32 = (unsigned char*)StringValuePtr(in_hash32);

  result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
  TypedData_Get_Struct(
    result,
    RecoverableSignature,
    &RecoverableSignature_DataType,
    recoverable_signature
  );

  if (SUCCESS(RecoverableSignData(context->ctx,
                                  hash32,
                                  private_key->data,
                                  &(recoverable_signature->sig))))
  {
    recoverable_signature->ctx = secp256k1_context_clone(context->ctx);
    return result;
  }

  rb_raise(Secp256k1_Error_class, "unable to compute recoverable signature");
}

#verify(in_signature, in_pubkey, in_hash32) ⇒ Boolean

Verifies that signature matches public key and data.

Parameters:

• in_signature (Secp256k1::Signature) —

  signature to be verified.

• in_pubkey (Secp256k1::PublicKey) —

  public key to verify signature against.

• in_hash32 (String) —

  32-byte binary string containing SHA-256 hash of data.

Returns:

• (Boolean) —

  True if the signature is valid, false otherwise.

Raises:

• (Secp256k1::Error) —

  if hash is not 32-bytes in length.

# File 'ext/rbsecp256k1/rbsecp256k1.c', line 1292

static VALUE
Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
{
  Context *context;
  PublicKey *public_key;
  Signature *signature;
  unsigned char *hash32;

  Check_Type(in_hash32, T_STRING);

  if (RSTRING_LEN(in_hash32) != 32)
  {
    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32-bytes in length");
  }

  TypedData_Get_Struct(self, Context, &Context_DataType, context);
  TypedData_Get_Struct(in_pubkey, PublicKey, &PublicKey_DataType, public_key);
  TypedData_Get_Struct(in_signature, Signature, &Signature_DataType, signature);

  hash32 = (unsigned char*)StringValuePtr(in_hash32);
  
  if (secp256k1_ecdsa_verify(context->ctx,
                             &(signature->sig),
                             hash32,
                             &(public_key->pubkey)) == 1)
  {
    return Qtrue;
  }

  return Qfalse;
}