Merge 0767ee5 into c0088fd

Makefile.am

@@ -93,6 +93,8 @@ src_libbitcoin_la_SOURCES = \
     src/machine/program.cpp \
     src/math/checksum.cpp \
     src/math/crypto.cpp \
+    src/math/ec_scalar.cpp \
+    src/math/ec_point.cpp \
     src/math/elliptic_curve.cpp \
     src/math/hash.cpp \
     src/math/ring_signature.cpp \
@@ -278,6 +280,7 @@ test_libbitcoin_test_SOURCES = \
     test/machine/opcode.cpp \
     test/machine/operation.cpp \
     test/math/checksum.cpp \
+    test/math/ec_arithmetic.cpp \
     test/math/elliptic_curve.cpp \
     test/math/hash.cpp \
     test/math/hash.hpp \
@@ -504,6 +507,8 @@ include_bitcoin_bitcoin_mathdir = ${includedir}/bitcoin/bitcoin/math
 include_bitcoin_bitcoin_math_HEADERS = \
     include/bitcoin/bitcoin/math/checksum.hpp \
     include/bitcoin/bitcoin/math/crypto.hpp \
+    include/bitcoin/bitcoin/math/ec_scalar.hpp \
+    include/bitcoin/bitcoin/math/ec_point.hpp \
     include/bitcoin/bitcoin/math/elliptic_curve.hpp \
     include/bitcoin/bitcoin/math/hash.hpp \
     include/bitcoin/bitcoin/math/limits.hpp \

include/bitcoin/bitcoin.hpp

@@ -94,6 +94,8 @@
 #include <bitcoin/bitcoin/machine/sighash_algorithm.hpp>
 #include <bitcoin/bitcoin/math/checksum.hpp>
 #include <bitcoin/bitcoin/math/crypto.hpp>
+#include <bitcoin/bitcoin/math/ec_point.hpp>
+#include <bitcoin/bitcoin/math/ec_scalar.hpp>
 #include <bitcoin/bitcoin/math/elliptic_curve.hpp>
 #include <bitcoin/bitcoin/math/hash.hpp>
 #include <bitcoin/bitcoin/math/limits.hpp>

include/bitcoin/bitcoin/math/ec_point.hpp

@@ -0,0 +1,69 @@
+/**
+ * Copyright (c) 2011-2018 libbitcoin developers (see AUTHORS)
+ *
+ * This file is part of libbitcoin.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef LIBBITCOIN_EC_POINT_HPP
+#define LIBBITCOIN_EC_POINT_HPP
+
+#include <bitcoin/bitcoin/math/ec_scalar.hpp>
+#include <bitcoin/bitcoin/math/elliptic_curve.hpp>
+
+namespace libbitcoin {
+
+class ec_point
+{
+public:
+    ec_point();
+    ec_point(const std::string& hex);
+    ec_point(const ec_compressed& point);
+
+    ec_point& operator=(const std::string& hex);
+    ec_point& operator=(const ec_compressed& point);
+
+    bool is_valid() const;
+    operator bool() const;
+
+    ec_point operator-() const;
+    ec_point& operator+=(const ec_point& rhs);
+    ec_point& operator-=(const ec_point& rhs);
+
+    friend ec_point operator+(ec_point lhs, const ec_point& rhs);
+    friend ec_point operator-(ec_point lhs, const ec_point& rhs);
+    friend ec_point operator*(ec_point lhs, const ec_scalar& rhs);
+
+    const ec_compressed& point() const;
+    operator ec_compressed() const;
+
+    static const ec_point G;
+
+private:
+    void invalidate();
+
+    static ec_point initialize_G();
+
+    ec_compressed point_;
+};
+
+ec_point operator+(ec_point lhs, const ec_point& rhs);
+ec_point operator-(ec_point lhs, const ec_point& rhs);
+ec_point operator*(ec_point lhs, const ec_scalar& rhs);
+ec_point operator*(const ec_scalar& lhs, ec_point rhs);
+
+} // namespace libbitcoin
+
+#endif
+

include/bitcoin/bitcoin/math/ec_scalar.hpp

@@ -0,0 +1,68 @@
+/**
+ * Copyright (c) 2011-2018 libbitcoin developers (see AUTHORS)
+ *
+ * This file is part of libbitcoin.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef LIBBITCOIN_EC_SCALAR_HPP
+#define LIBBITCOIN_EC_SCALAR_HPP
+
+#include <bitcoin/bitcoin/math/elliptic_curve.hpp>
+
+namespace libbitcoin {
+
+class ec_scalar
+{
+public:
+    ec_scalar();
+    ec_scalar(uint64_t value);
+    ec_scalar(const ec_secret& secret);
+
+    void reset();
+
+    ec_scalar& operator=(uint64_t value);
+    ec_scalar& operator=(const ec_secret& secret);
+
+    bool is_valid() const;
+    operator bool() const;
+
+    ec_scalar operator-() const;
+    ec_scalar& operator+=(const ec_scalar& rhs);
+    ec_scalar& operator-=(const ec_scalar& rhs);
+
+    friend ec_scalar operator+(ec_scalar lhs, const ec_scalar& rhs);
+    friend ec_scalar operator-(ec_scalar lhs, const ec_scalar& rhs);
+    friend ec_scalar operator*(ec_scalar lhs, const ec_scalar& rhs);
+
+    const ec_secret& secret() const;
+    operator ec_secret() const;
+
+    static const ec_scalar zero;
+
+private:
+    void invalidate();
+
+    bool valid_ = false;
+    ec_secret scalar_;
+};
+
+ec_scalar operator+(ec_scalar lhs, const ec_scalar& rhs);
+ec_scalar operator-(ec_scalar lhs, const ec_scalar& rhs);
+ec_scalar operator*(ec_scalar lhs, const ec_scalar& rhs);
+
+} // namespace libbitcoin
+
+#endif
+

include/bitcoin/bitcoin/wallet/ec_private.hpp

@@ -25,6 +25,7 @@
 #include <bitcoin/bitcoin/compat.hpp>
 #include <bitcoin/bitcoin/define.hpp>
 #include <bitcoin/bitcoin/math/checksum.hpp>
+#include <bitcoin/bitcoin/math/ec_scalar.hpp>
 #include <bitcoin/bitcoin/math/elliptic_curve.hpp>
 #include <bitcoin/bitcoin/math/hash.hpp>
 #include <bitcoin/bitcoin/wallet/ec_public.hpp>
@@ -43,6 +44,7 @@ typedef byte_array<wif_compressed_size> wif_compressed;
 
 /// Use to pass an ec secret with compresson and version information.
 class BC_API ec_private
+ : public ec_scalar
 {
 public:
     static const uint8_t compressed_sentinel;

include/bitcoin/bitcoin/wallet/ec_public.hpp

@@ -24,6 +24,7 @@
 #include <string>
 #include <bitcoin/bitcoin/define.hpp>
 #include <bitcoin/bitcoin/math/hash.hpp>
+#include <bitcoin/bitcoin/math/ec_point.hpp>
 #include <bitcoin/bitcoin/math/elliptic_curve.hpp>
 #include <bitcoin/bitcoin/utility/data.hpp>
 
@@ -36,6 +37,7 @@ class payment_address;
 /// Use to pass an ec point as either ec_compressed or ec_uncompressed.
 /// ec_public doesn't carry a version for address creation or base58 encoding.
 class BC_API ec_public
+ : public ec_point
 {
 public:
     static const uint8_t compressed_even;

src/math/ec_point.cpp

@@ -0,0 +1,152 @@
+/**
+ * Copyright (c) 2011-2018 libbitcoin developers (see AUTHORS)
+ *
+ * This file is part of libbitcoin.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <bitcoin/bitcoin/math/ec_point.hpp>
+
+#include <bitcoin/bitcoin/formats/base_16.hpp>
+#include <bitcoin/bitcoin/math/hash.hpp>
+#include <bitcoin/bitcoin/utility/serializer.hpp>
+
+namespace libbitcoin {
+
+const ec_point ec_point::G = ec_point::initialize_G();
+
+ec_point::ec_point()
+{
+    invalidate();
+}
+ec_point::ec_point(const std::string& hex)
+{
+    *this = hex;
+}
+ec_point::ec_point(const ec_compressed& point)
+{
+    *this = point;
+}
+
+void ec_point::invalidate()
+{
+    point_[0] = 0;
+}
+
+ec_point& ec_point::operator=(const std::string& hex)
+{
+    bool rc = decode_base16(point_, hex);
+    if (!rc)
+        invalidate();
+    return *this;
+}
+ec_point& ec_point::operator=(const ec_compressed& point)
+{
+    point_ = point;
+    return *this;
+}
+
+bool ec_point::is_valid() const
+{
+    return point_[0] == 2 || point_[0] == 3;
+}
+ec_point::operator bool() const
+{
+    return is_valid();
+}
+
+ec_point ec_point::operator-() const
+{
+    if (!is_valid())
+        return *this;
+    auto result = *this;
+    bool rc = ec_negate(result.point_);
+    if (!rc)
+        result.invalidate();
+    return result;
+}
+ec_point& ec_point::operator+=(const ec_point& rhs)
+{
+    if (!is_valid())
+        return *this;
+    *this = *this + rhs;
+    return *this;
+}
+ec_point& ec_point::operator-=(const ec_point& rhs)
+{
+    if (!is_valid())
+        return *this;
+    *this = *this - rhs;
+    return *this;
+}
+
+ec_point operator+(ec_point lhs, const ec_point& rhs)
+{
+    if (!lhs.is_valid() || !rhs.is_valid())
+    {
+        lhs.invalidate();
+        return lhs;
+    }
+    bool rc = ec_sum(lhs.point_, { lhs.point_, rhs.point_ });
+    if (!rc)
+        lhs.invalidate();
+    return lhs;
+}
+ec_point operator-(ec_point lhs, const ec_point& rhs)
+{
+    if (!lhs.is_valid() || !rhs.is_valid())
+    {
+        lhs.invalidate();
+        return lhs;
+    }
+    const auto negative_rhs = -rhs;
+    if (!negative_rhs.is_valid())
+        lhs.invalidate();
+    return lhs + negative_rhs;
+}
+ec_point operator*(ec_point lhs, const ec_scalar& rhs)
+{
+    if (!lhs.is_valid() || !rhs.is_valid())
+    {
+        lhs.invalidate();
+        return lhs;
+    }
+    bool rc = ec_multiply(lhs.point_, rhs.secret());
+    if (!rc)
+        lhs.invalidate();
+    return lhs;
+}
+
+ec_point operator*(const ec_scalar& lhs, ec_point rhs)
+{
+    return rhs * lhs;
+}
+
+const ec_compressed& ec_point::point() const
+{
+    return point_;
+}
+ec_point::operator ec_compressed() const
+{
+    return point();
+}
+
+ec_point ec_point::initialize_G()
+{
+    return ec_point(
+        "0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798");
+}
+
+} // namespace libbitcoin
+