-
Notifications
You must be signed in to change notification settings - Fork 35.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto, refactor: add new KeyPair class #30051
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,6 +28,8 @@ constexpr static size_t ECDH_SECRET_SIZE = CSHA256::OUTPUT_SIZE; | |
// Used to represent ECDH shared secret (ECDH_SECRET_SIZE bytes) | ||
using ECDHSecret = std::array<std::byte, ECDH_SECRET_SIZE>; | ||
|
||
class KeyPair; | ||
|
||
/** An encapsulated private key. */ | ||
class CKey | ||
{ | ||
|
@@ -203,6 +205,20 @@ class CKey | |
ECDHSecret ComputeBIP324ECDHSecret(const EllSwiftPubKey& their_ellswift, | ||
const EllSwiftPubKey& our_ellswift, | ||
bool initiating) const; | ||
/** Compute a KeyPair | ||
* | ||
* Wraps a `secp256k1_keypair` type. `merkle_root` is used to optionally perform tweaking of | ||
* the internal key, as specified in BIP341: | ||
* | ||
* - If merkle_root == nullptr: no tweaking is done, use the internal key directly (this is | ||
* used for signatures in BIP342 script). | ||
* - If merkle_root->IsNull(): tweak the internal key with H_TapTweak(pubkey) (this is used for | ||
* key path spending when no scripts are present). | ||
* - Otherwise: tweak the internal key H_TapTweak(pubkey || *merkle_root) | ||
* (this is used for key path spending, with specific | ||
* Merkle root of the script tree). | ||
*/ | ||
KeyPair ComputeKeyPair(const uint256* merkle_root) const; | ||
}; | ||
|
||
CKey GenerateRandomKey(bool compressed = true) noexcept; | ||
|
@@ -236,6 +252,41 @@ struct CExtKey { | |
void SetSeed(Span<const std::byte> seed); | ||
}; | ||
|
||
/** KeyPair | ||
* | ||
* Wraps a `secp256k1_keypair` type. `merkle_root` is used to optionally perform tweaking of | ||
* the internal key, as specified in BIP341: | ||
* | ||
* - If merkle_root == nullptr: no tweaking is done, use the internal key directly (this is | ||
* used for signatures in BIP342 script). | ||
* - If merkle_root->IsNull(): tweak the internal key with H_TapTweak(pubkey) (this is used for | ||
* key path spending when no scripts are present). | ||
* - Otherwise: tweak the internal key H_TapTweak(pubkey || *merkle_root) | ||
* (this is used for key path spending, with specific | ||
* Merkle root of the script tree). | ||
*/ | ||
class KeyPair | ||
{ | ||
public: | ||
KeyPair(KeyPair&&) noexcept = default; | ||
KeyPair& operator=(KeyPair&&) noexcept = default; | ||
|
||
friend KeyPair CKey::ComputeKeyPair(const uint256* merkle_root) const; | ||
[[nodiscard]] bool GetKey(CKey& key) const; | ||
[[nodiscard]] bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256& aux) const; | ||
|
||
//! Simple read-only vector-like interface. | ||
unsigned int size() const { return m_keydata ? m_keydata->size() : 0; } | ||
const std::byte* data() const { return m_keydata ? reinterpret_cast<const std::byte*>(m_keydata->data()) : nullptr; } | ||
const std::byte* begin() const { return data(); } | ||
const std::byte* end() const { return data() + size(); } | ||
private: | ||
KeyPair(const CKey& key, const uint256* merkle_root); | ||
|
||
using KeyType = std::array<unsigned char, 96>; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: would it make sense to extract the constexpr size_t SECP256K1_KEYPAIR_SIZE = 96;
using KeyType = std::array<unsigned char, SECP256K1_KEYPAIR_SIZE>; There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't really see a benefit. We shouldn't be exposing this value to anything outside the class, so defining a constexpr here seems unnecessarily verbose. |
||
secure_unique_ptr<KeyType> m_keydata; | ||
}; | ||
|
||
/** Check that required EC support is available at runtime. */ | ||
bool ECC_InitSanityCheck(); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -327,6 +327,16 @@ BOOST_AUTO_TEST_CASE(bip340_test_vectors) | |
// Verify those signatures for good measure. | ||
BOOST_CHECK(pubkey.VerifySchnorr(msg256, sig64)); | ||
|
||
// Repeat the same check, but use the KeyPair directly without any merkle tweak | ||
KeyPair keypair = key.ComputeKeyPair(/*merkle_root=*/nullptr); | ||
CKey keypair_seckey; | ||
BOOST_CHECK(keypair.GetKey(keypair_seckey)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: BOOST_CHECK_MESSAGE often produces more readable results, but it may be inconvenient to set it up properly. If you think it adds value, it may be helpful to add some debug info as a message in case of likely failures. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think it adds much here? We are using BOOST_CHECK to to ensure the function call succeeds before proceeding, so getting a line number failure for BOOST_CHECK seems sufficient for debugging. Also, if dealing with valid keys, this function should never fail. |
||
BOOST_CHECK(key == keypair_seckey); | ||
bool kp_ok = keypair.SignSchnorr(msg256, sig64, aux256); | ||
BOOST_CHECK(kp_ok); | ||
XOnlyPubKey keypair_xonly{keypair_seckey.GetPubKey()}; | ||
BOOST_CHECK(keypair_xonly.VerifySchnorr(msg256, sig64)); | ||
|
||
// Do 10 iterations where we sign with a random Merkle root to tweak, | ||
// and compare against the resulting tweaked keys, with random aux. | ||
// In iteration i=0 we tweak with empty Merkle tree. | ||
|
@@ -340,6 +350,16 @@ BOOST_AUTO_TEST_CASE(bip340_test_vectors) | |
bool ok = key.SignSchnorr(msg256, sig64, &merkle_root, aux256); | ||
BOOST_CHECK(ok); | ||
BOOST_CHECK(tweaked_key.VerifySchnorr(msg256, sig64)); | ||
|
||
// Repeat the same check, but use the KeyPair class directly | ||
KeyPair keypair = key.ComputeKeyPair(&merkle_root); | ||
CKey keypair_seckey; | ||
BOOST_CHECK(keypair.GetKey(keypair_seckey)); | ||
XOnlyPubKey keypair_xonly{keypair_seckey.GetPubKey()}; | ||
BOOST_CHECK(tweaked_key == keypair_xonly); | ||
bool kp_ok = keypair.SignSchnorr(msg256, sig64, aux256); | ||
BOOST_CHECK(kp_ok); | ||
BOOST_CHECK(keypair_xonly.VerifySchnorr(msg256, sig64)); | ||
} | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could use a comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.