Bitcoin Core 29.99.0
P2P Digital Currency
ecdh.c
Go to the documentation of this file.
1/*************************************************************************
2 * Written in 2020-2022 by Elichai Turkel *
3 * To the extent possible under law, the author(s) have dedicated all *
4 * copyright and related and neighboring rights to the software in this *
5 * file to the public domain worldwide. This software is distributed *
6 * without any warranty. For the CC0 Public Domain Dedication, see *
7 * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 *
8 *************************************************************************/
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <assert.h>
13#include <string.h>
14
15#include <secp256k1.h>
16#include <secp256k1_ecdh.h>
17
18#include "examples_util.h"
19
20int main(void) {
21 unsigned char seckey1[32];
22 unsigned char seckey2[32];
23 unsigned char compressed_pubkey1[33];
24 unsigned char compressed_pubkey2[33];
25 unsigned char shared_secret1[32];
26 unsigned char shared_secret2[32];
27 unsigned char randomize[32];
28 int return_val;
29 size_t len;
30 secp256k1_pubkey pubkey1;
31 secp256k1_pubkey pubkey2;
32
33 /* Before we can call actual API functions, we need to create a "context". */
35 if (!fill_random(randomize, sizeof(randomize))) {
36 printf("Failed to generate randomness\n");
37 return EXIT_FAILURE;
38 }
39 /* Randomizing the context is recommended to protect against side-channel
40 * leakage See `secp256k1_context_randomize` in secp256k1.h for more
41 * information about it. This should never fail. */
42 return_val = secp256k1_context_randomize(ctx, randomize);
43 assert(return_val);
44
45 /*** Key Generation ***/
46 if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
47 printf("Failed to generate randomness\n");
48 return EXIT_FAILURE;
49 }
50 /* If the secret key is zero or out of range (greater than secp256k1's
51 * order), we fail. Note that the probability of this occurring is negligible
52 * with a properly functioning random number generator. */
53 if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
54 printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
55 return EXIT_FAILURE;
56 }
57
58 /* Public key creation using a valid context with a verified secret key should never fail */
59 return_val = secp256k1_ec_pubkey_create(ctx, &pubkey1, seckey1);
60 assert(return_val);
61 return_val = secp256k1_ec_pubkey_create(ctx, &pubkey2, seckey2);
62 assert(return_val);
63
64 /* Serialize pubkey1 in a compressed form (33 bytes), should always return 1 */
65 len = sizeof(compressed_pubkey1);
66 return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED);
67 assert(return_val);
68 /* Should be the same size as the size of the output, because we passed a 33 byte array. */
69 assert(len == sizeof(compressed_pubkey1));
70
71 /* Serialize pubkey2 in a compressed form (33 bytes) */
72 len = sizeof(compressed_pubkey2);
73 return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED);
74 assert(return_val);
75 /* Should be the same size as the size of the output, because we passed a 33 byte array. */
76 assert(len == sizeof(compressed_pubkey2));
77
78 /*** Creating the shared secret ***/
79
80 /* Perform ECDH with seckey1 and pubkey2. Should never fail with a verified
81 * seckey and valid pubkey */
82 return_val = secp256k1_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL);
83 assert(return_val);
84
85 /* Perform ECDH with seckey2 and pubkey1. Should never fail with a verified
86 * seckey and valid pubkey */
87 return_val = secp256k1_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL);
88 assert(return_val);
89
90 /* Both parties should end up with the same shared secret */
91 return_val = memcmp(shared_secret1, shared_secret2, sizeof(shared_secret1));
92 assert(return_val == 0);
93
94 printf("Secret Key1: ");
95 print_hex(seckey1, sizeof(seckey1));
96 printf("Compressed Pubkey1: ");
97 print_hex(compressed_pubkey1, sizeof(compressed_pubkey1));
98 printf("\nSecret Key2: ");
99 print_hex(seckey2, sizeof(seckey2));
100 printf("Compressed Pubkey2: ");
101 print_hex(compressed_pubkey2, sizeof(compressed_pubkey2));
102 printf("\nShared Secret: ");
103 print_hex(shared_secret1, sizeof(shared_secret1));
104
105 /* This will clear everything from the context and free the memory */
107
108 /* It's best practice to try to clear secrets from memory after using them.
109 * This is done because some bugs can allow an attacker to leak memory, for
110 * example through "out of bounds" array access (see Heartbleed), or the OS
111 * swapping them to disk. Hence, we overwrite the secret key buffer with zeros.
112 *
113 * Here we are preventing these writes from being optimized out, as any good compiler
114 * will remove any writes that aren't used. */
115 secure_erase(seckey1, sizeof(seckey1));
116 secure_erase(seckey2, sizeof(seckey2));
117 secure_erase(shared_secret1, sizeof(shared_secret1));
118 secure_erase(shared_secret2, sizeof(shared_secret2));
119
120 return EXIT_SUCCESS;
121}
return EXIT_SUCCESS
int main(void)
Definition: ecdh.c:20
static int fill_random(unsigned char *data, size_t size)
Definition: examples_util.h:43
static void secure_erase(void *ptr, size_t len)
Definition: examples_util.h:86
static void print_hex(unsigned char *data, size_t size)
Definition: examples_util.h:72
void printf(FormatStringCheck< sizeof...(Args)> fmt, const Args &... args)
Format list of arguments to std::cout, according to the given format string.
Definition: tinyformat.h:1096
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:187
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:747
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:268
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an elliptic curve secret key.
Definition: secp256k1.c:580
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:141
#define SECP256K1_CONTEXT_NONE
Context flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size,...
Definition: secp256k1.h:202
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:604
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:212
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:30
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61
assert(!tx.IsCoinBase())