Expose ecdh

Author: LeoComandini

include/wally.hpp

@@ -374,6 +374,7 @@ WALLY_FN_BBB3_BS(aes_cbc, wally_aes_cbc)
 WALLY_FN_BBB3_BS(scriptsig_multisig_from_bytes, wally_scriptsig_multisig_from_bytes)
 WALLY_FN_BB_B(hmac_sha256, wally_hmac_sha256)
 WALLY_FN_BB_B(hmac_sha512, wally_hmac_sha512)
+WALLY_FN_BB_B(ecdh, wally_ecdh)
 WALLY_FN_BP3_A(addr_segwit_from_bytes, wally_addr_segwit_from_bytes)
 WALLY_FN_BB_BS(scriptsig_p2pkh_from_der, wally_scriptsig_p2pkh_from_der)
 WALLY_FN_B_A(bip32_key_unserialize_alloc, bip32_key_unserialize_alloc)

include/wally_crypto.h

@@ -450,6 +450,24 @@ WALLY_CORE_API int wally_format_bitcoin_message(const unsigned char *bytes,
                                                 size_t len,
                                                 size_t *written);
 
+/**
+ *
+ * Compute an EC Diffie-Hellman secret in constant time
+ *
+ * :param pub_key: The public key.
+ * :param pub_key_len: The length of ``pubkey`` in bytes. Must be ``EC_PUBLIC_KEY_LEN``.
+ * :param bytes: The private key.
+ * :param bytes_len: The length of ``privkey`` in bytes. Must be ``EC_PRIVATE_KEY_LEN``.
+ * :param output: Destination for the shared secret.
+ * :param output_len: The length of ``output`` in bytes. Must be ``SHA256_LEN``.
+ */
+WALLY_CORE_API int wally_ecdh(const unsigned char *pub_key,
+                              size_t pub_key_len,
+                              const unsigned char *bytes,
+                              size_t bytes_len,
+                              unsigned char *bytes_out,
+                              size_t len);
+
 #ifdef __cplusplus
 }
 #endif

src/Makefile.am

@@ -172,6 +172,7 @@ libwallycore_la_SOURCES = \
     bip38.c \
     bip39.c \
     bech32.c \
+    ecdh.c \
     elements.c \
     hex.c \
     hmac.c \
@@ -246,6 +247,7 @@ if RUN_PYTHON_TESTS
 	$(AM_V_at)$(PYTHON_TEST) test/test_bip32.py
 	$(AM_V_at)$(PYTHON_TEST) test/test_bip38.py
 	$(AM_V_at)$(PYTHON_TEST) test/test_bip39.py
+	$(AM_V_at)$(PYTHON_TEST) test/test_ecdh.py
 	$(AM_V_at)$(PYTHON_TEST) test/test_hash.py
 	$(AM_V_at)$(PYTHON_TEST) test/test_hex.py
 	$(AM_V_at)$(PYTHON_TEST) test/test_hmac.py

src/ecdh.c

@@ -0,0 +1,33 @@
+#include "internal.h"
+#include <include/wally_crypto.h>
+#include "secp256k1/include/secp256k1.h"
+#include "secp256k1/include/secp256k1_ecdh.h"
+
+int wally_ecdh(const unsigned char *pub_key, size_t pub_key_len,
+               const unsigned char *bytes, size_t bytes_len,
+               unsigned char *bytes_out, size_t len)
+{
+    const secp256k1_context *ctx = secp_ctx();
+    secp256k1_pubkey pub;
+
+    if (!ctx)
+        return WALLY_ENOMEM;
+
+    if (!pub_key || pub_key_len != EC_PUBLIC_KEY_LEN ||
+        !pubkey_parse(ctx, &pub, pub_key, pub_key_len) ||
+        !bytes || bytes_len != EC_PRIVATE_KEY_LEN ||
+        !secp256k1_ec_seckey_verify(ctx, bytes) ||
+        !bytes_out || len != SHA256_LEN) {
+        wally_clear(&pub, sizeof(pub));
+        return WALLY_EINVAL;
+    }
+
+    if (!secp256k1_ecdh(ctx, bytes_out, &pub, bytes, NULL, NULL)) {
+        wally_clear(&pub, sizeof(pub));
+        wally_clear(bytes_out, len);
+        return WALLY_ERROR;
+    }
+
+    wally_clear(&pub, sizeof(pub));
+    return WALLY_OK;
+}

src/swig_java/swig.i

@@ -418,6 +418,7 @@ static jbyteArray create_array(JNIEnv *jenv, const unsigned char* p, size_t len)
 %returns_array_(wally_ec_sig_from_der, 3, 4, EC_SIGNATURE_LEN);
 %returns_size_t(wally_ec_sig_to_der);
 %returns_void__(wally_ec_sig_verify);
+%returns_array_(wally_ecdh, 5, 6, SHA256_LEN);
 %returns_size_t(wally_format_bitcoin_message);
 %returns_array_(wally_hash160, 3, 4, HASH160_LEN);
 %returns_string(wally_hex_from_bytes);

src/swig_python/python_extra.py_in

@@ -67,6 +67,7 @@ ec_sig_from_bytes = _wrap_bin(ec_sig_from_bytes, EC_SIGNATURE_LEN)
 ec_sig_from_der = _wrap_bin(ec_sig_from_der, EC_SIGNATURE_LEN)
 ec_sig_normalize = _wrap_bin(ec_sig_normalize, EC_SIGNATURE_LEN)
 ec_sig_to_der = _wrap_bin(ec_sig_to_der, EC_SIGNATURE_DER_MAX_LEN, resize=True)
+ecdh = _wrap_bin(ecdh, SHA256_LEN)
 
 def base58check_from_bytes(buf):
     return base58_from_bytes(buf, BASE58_FLAG_CHECKSUM)

src/test/test_ecdh.py

@@ -0,0 +1,49 @@
+import unittest
+from util import *
+
+
+class ECDHTests(unittest.TestCase):
+
+    def priv_to_pub(self, priv):
+        pub, _ = make_cbuffer('00'*33)
+        ret = wally_ec_public_key_from_private_key(priv, len(priv), pub, len(pub))
+        self.assertEqual(ret, WALLY_OK)
+        return pub
+
+    def test_ecdh(self):
+        """Tests for ECDH"""
+
+        priv1, _ = make_cbuffer('aa'*32)
+        priv2, _ = make_cbuffer('bb'*32)
+        pub1 = self.priv_to_pub(priv1)
+        pub2 = self.priv_to_pub(priv2)
+
+        out12, _ = make_cbuffer('00'*32)
+        out21, _ = make_cbuffer('00'*32)
+        ret = wally_ecdh(pub1, len(pub1), priv2, len(priv2), out12, len(out12))
+        self.assertEqual(ret, WALLY_OK)
+        ret = wally_ecdh(pub2, len(pub2), priv1, len(priv1), out21, len(out21))
+        self.assertEqual(ret, WALLY_OK)
+
+        self.assertEqual(out12, out21)
+
+        out, _ = make_cbuffer('00'*32)
+        priv_bad, _ = make_cbuffer('00'*32)
+        pub_bad, _ = make_cbuffer('02' + '00'*32)
+
+        for args in [
+            (None, 32, pub1, 32, out, 32),      # Missing private key
+            (priv_bad, 32, pub1, 33, out, 32),  # Invalid private key
+            (priv1, 31, pub1, 32, out, 32),     # Invalid private key length
+            (priv1, 32, None, 33, out, 32),     # Missing public key
+            (priv1, 32, pub_bad, 33, out, 32),  # Invalid public key
+            (priv1, 32, pub1, 32, out, 32),     # Invalid public key length
+            (priv1, 32, pub1, 32, None, 32),    # Missing output
+            (priv1, 32, pub1, 33, out, 31),     # Invalid output length
+        ]:
+            self.assertEqual(WALLY_EINVAL, wally_ecdh(*args))
+            self.assertEqual(h(out), utf8('00'*32))
+
+
+if __name__ == '__main__':
+    unittest.main()

src/test/util.py

@@ -172,6 +172,7 @@ class wally_tx(Structure):
     ('wally_ec_sig_normalize', c_int, [c_void_p, c_ulong, c_void_p, c_ulong]),
     ('wally_ec_sig_to_der', c_int, [c_void_p, c_ulong, c_void_p, c_ulong, c_ulong_p]),
     ('wally_ec_sig_verify', c_int, [c_void_p, c_ulong, c_void_p, c_ulong, c_uint, c_void_p, c_ulong]),
+    ('wally_ecdh', c_int, [c_void_p, c_ulong, c_void_p, c_ulong, c_void_p]),
     ('wally_get_operations', c_int, [POINTER(operations)]),
     ('wally_set_operations', c_int, [POINTER(operations)]),
     ('wally_format_bitcoin_message', c_int, [c_void_p, c_ulong, c_uint, c_void_p, c_ulong, c_ulong_p]),

src/wrap_js/src/combined.c

@@ -6,6 +6,7 @@
 #include "bip32.c"
 #include "bip38.c"
 #include "bip39.c"
+#include "ecdh.c"
 #include "elements.c"
 #include "hex.c"
 #include "hmac.c"

tools/msvc/build.bat

@@ -14,4 +14,4 @@ copy src\ccan\ccan\str\hex\hex.c src\ccan\ccan\str\hex\hex_.c
 REM Compile everything (wally, ccan, libsecp256k) in one lump.
 REM Define USE_ECMULT_STATIC_PRECOMPUTATION  to pick up the
 REM ecmult_static_context.h file generated previously
-cl /DUSE_ECMULT_STATIC_PRECOMPUTATION /DWALLY_CORE_BUILD /DHAVE_CONFIG_H /DSECP256K1_BUILD /I%LIBWALLY_DIR%\src\wrap_js\windows_config /I%LIBWALLY_DIR% /I%LIBWALLY_DIR%\src /I%LIBWALLY_DIR%\include /I%LIBWALLY_DIR%\src\ccan /I%LIBWALLY_DIR%\src\secp256k1 /Zi /LD src/aes.c src/base58.c src/bip32.c src/bip38.c src/bip39.c src/elements.c src/hex.c src/hmac.c src/internal.c src/mnemonic.c src/pbkdf2.c src/script.c src/scrypt.c src/sign.c src/transaction.c src/wif.c src/wordlist.c src/ccan/ccan/crypto/ripemd160/ripemd160.c src/ccan/ccan/crypto/sha256/sha256.c src/ccan/ccan/crypto/sha512/sha512.c src\ccan\ccan\str\hex\hex_.c src/secp256k1/src/secp256k1.c /Fewally.dll
+cl /DUSE_ECMULT_STATIC_PRECOMPUTATION /DWALLY_CORE_BUILD /DHAVE_CONFIG_H /DSECP256K1_BUILD /I%LIBWALLY_DIR%\src\wrap_js\windows_config /I%LIBWALLY_DIR% /I%LIBWALLY_DIR%\src /I%LIBWALLY_DIR%\include /I%LIBWALLY_DIR%\src\ccan /I%LIBWALLY_DIR%\src\secp256k1 /Zi /LD src/aes.c src/base58.c src/bip32.c src/bip38.c src/bip39.c src/ecdh.c src/elements.c src/hex.c src/hmac.c src/internal.c src/mnemonic.c src/pbkdf2.c src/script.c src/scrypt.c src/sign.c src/transaction.c src/wif.c src/wordlist.c src/ccan/ccan/crypto/ripemd160/ripemd160.c src/ccan/ccan/crypto/sha256/sha256.c src/ccan/ccan/crypto/sha512/sha512.c src\ccan\ccan\str\hex\hex_.c src/secp256k1/src/secp256k1.c /Fewally.dll