mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor signer implementation to use p8k package
Some checks failed
Go / build (push) Has been cancelled
Details
Go / release (push) Has been cancelled
Details

Browse Source 
- Replaced all instances of p256k1signer with the new p8k.Signer across various modules, including event creation, policy handling, and database interactions.
- Updated related test cases and benchmarks to ensure compatibility with the new signer interface.
- Bumped version to v0.25.0 to reflect these significant changes and improvements in cryptographic operations.
This commit is contained in:
mleku
2025-11-04 20:05:19 +00:00
parent effb3fafc1
commit e0a95ca1cd
70 changed files with 8667 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/blossom/utils_test.go
View File

@@ -11,7 +11,7 @@ import (
"time"
"next.orly.dev/pkg/acl"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/database"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
@@ -59,8 +59,8 @@ func testSetup(t *testing.T) (*Server, func()) {
}
// createTestKeypair creates a test keypair for signing events
func createTestKeypair(t *testing.T) ([]byte, *p256k1signer.P256K1Signer) {
signer := p256k1signer.NewP256K1Signer()
func createTestKeypair(t *testing.T) ([]byte, *p8k.Signer) {
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
t.Fatalf("Failed to generate keypair: %v", err)
}
@@ -70,7 +70,7 @@ func createTestKeypair(t *testing.T) ([]byte, *p256k1signer.P256K1Signer) {
// createAuthEvent creates a valid kind 24242 authorization event
func createAuthEvent(
t *testing.T, signer *p256k1signer.P256K1Signer, verb string,
t *testing.T, signer *p8k.Signer, verb string,
sha256Hash []byte, expiresIn int64,
) *event.E {
now := time.Now().Unix()

6
pkg/crypto/encryption/benchmark_test.go
View File

@@ -3,7 +3,7 @@ package encryption
import (
"testing"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"lukechampine.com/frand"
)
@@ -13,8 +13,8 @@ func createTestConversationKey() []byte {
}
// createTestKeyPair creates a key pair for ECDH testing
func createTestKeyPair() (*p256k1signer.P256K1Signer, []byte) {
signer := p256k1signer.NewP256K1Signer()
func createTestKeyPair() (*p8k.Signer, []byte) {
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}

12
pkg/crypto/encryption/nip44.go
View File

@@ -12,10 +12,10 @@ import (
"golang.org/x/crypto/hkdf"
"lol.mleku.dev/chk"
"lol.mleku.dev/errorf"
p256k1signer "p256k1.mleku.dev/signer"
"github.com/minio/sha256-simd"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/interfaces/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/utils"
)
@@ -176,8 +176,10 @@ func GenerateConversationKeyFromHex(pkh, skh string) (ck []byte, err error) {
)
return
}
var sign signer.I
sign = p256k1signer.NewP256K1Signer()
var sign *p8k.Signer
if sign, err = p8k.New(); chk.E(err) {
return
}
var sk []byte
if sk, err = hex.Dec(skh); chk.E(err) {
return
@@ -190,7 +192,7 @@ func GenerateConversationKeyFromHex(pkh, skh string) (ck []byte, err error) {
return
}
var shared []byte
if shared, err = sign.ECDH(pk); chk.E(err) {
if shared, err = sign.ECDHRaw(pk); chk.E(err) {
return
}
ck = hkdf.Extract(sha256.New, shared, []byte("nip44-v2"))
@@ -201,7 +203,7 @@ func GenerateConversationKeyWithSigner(sign signer.I, pk []byte) (
ck []byte, err error,
) {
var shared []byte
if shared, err = sign.ECDH(pk); chk.E(err) {
if shared, err = sign.ECDHRaw(pk); chk.E(err) {
return
}
ck = hkdf.Extract(sha256.New, shared, []byte("nip44-v2"))

17
pkg/crypto/keys/keys.go
View File

@@ -7,7 +7,7 @@ import (
"lol.mleku.dev/chk"
"next.orly.dev/pkg/crypto/ec/schnorr"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/utils"
)
@@ -17,7 +17,10 @@ var GeneratePrivateKey = func() string { return GenerateSecretKeyHex() }
// GenerateSecretKey creates a new secret key and returns the bytes of the secret.
func GenerateSecretKey() (skb []byte, err error) {
signer := p256k1signer.NewP256K1Signer()
var signer *p8k.Signer
if signer, err = p8k.New(); chk.E(err) {
return
}
if err = signer.Generate(); chk.E(err) {
return
}
@@ -40,7 +43,10 @@ func GetPublicKeyHex(sk string) (pk string, err error) {
if b, err = hex.Dec(sk); chk.E(err) {
return
}
signer := p256k1signer.NewP256K1Signer()
var signer *p8k.Signer
if signer, err = p8k.New(); chk.E(err) {
return
}
if err = signer.InitSec(b); chk.E(err) {
return
}
@@ -50,7 +56,10 @@ func GetPublicKeyHex(sk string) (pk string, err error) {
// SecretBytesToPubKeyHex generates a public key from secret key bytes.
func SecretBytesToPubKeyHex(skb []byte) (pk string, err error) {
signer := p256k1signer.NewP256K1Signer()
var signer *p8k.Signer
if signer, err = p8k.New(); chk.E(err) {
return
}
if err = signer.InitSec(skb); chk.E(err) {
return
}

3745
pkg/crypto/p8k/.gitignore vendored Normal file
View File

File diff suppressed because it is too large Load Diff

664
pkg/crypto/p8k/API.md Normal file
View File

@@ -0,0 +1,664 @@
# API Documentation - p8k.mleku.dev
Complete API reference for the libsecp256k1 Go bindings.
## Table of Contents
1. [Context Management](#context-management)
2. [Public Key Operations](#public-key-operations)
3. [ECDSA Signatures](#ecdsa-signatures)
4. [Schnorr Signatures](#schnorr-signatures)
5. [ECDH](#ecdh)
6. [Recovery](#recovery)
7. [Utility Functions](#utility-functions)
8. [Constants](#constants)
9. [Types](#types)
---
## Context Management
### NewContext
Creates a new secp256k1 context.
```go
func NewContext(flags uint32) (c *Context, err error)
```
**Parameters:**
- `flags`: Context flags (ContextSign, ContextVerify, or combined with `|`)
**Returns:**
- `c`: Context pointer
- `err`: Error if context creation failed
**Example:**
```go
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
if err != nil {
log.Fatal(err)
}
defer ctx.Destroy()
```
### Context.Destroy
Destroys the context and frees resources.
```go
func (c *Context) Destroy()
```
**Note:** Contexts are automatically destroyed via finalizer, but explicit cleanup is recommended.
### Context.Randomize
Randomizes the context with entropy for additional security.
```go
func (c *Context) Randomize(seed32 []byte) (err error)
```
**Parameters:**
- `seed32`: 32 bytes of random data
**Returns:**
- `err`: Error if randomization failed
---
## Public Key Operations
### Context.CreatePublicKey
Creates a public key from a private key.
```go
func (c *Context) CreatePublicKey(seckey []byte) (pubkey []byte, err error)
```
**Parameters:**
- `seckey`: 32-byte private key
**Returns:**
- `pubkey`: 64-byte internal public key representation
- `err`: Error if key creation failed
### Context.SerializePublicKey
Serializes a public key to compressed or uncompressed format.
```go
func (c *Context) SerializePublicKey(pubkey []byte, compressed bool) (output []byte, err error)
```
**Parameters:**
- `pubkey`: 64-byte internal public key
- `compressed`: true for compressed (33 bytes), false for uncompressed (65 bytes)
**Returns:**
- `output`: Serialized public key
- `err`: Error if serialization failed
### Context.ParsePublicKey
Parses a serialized public key.
```go
func (c *Context) ParsePublicKey(input []byte) (pubkey []byte, err error)
```
**Parameters:**
- `input`: Serialized public key (33 or 65 bytes)
**Returns:**
- `pubkey`: 64-byte internal public key representation
- `err`: Error if parsing failed
---
## ECDSA Signatures
### Context.Sign
Creates an ECDSA signature.
```go
func (c *Context) Sign(msg32 []byte, seckey []byte) (sig []byte, err error)
```
**Parameters:**
- `msg32`: 32-byte message hash
- `seckey`: 32-byte private key
**Returns:**
- `sig`: 64-byte internal signature representation
- `err`: Error if signing failed
### Context.Verify
Verifies an ECDSA signature.
```go
func (c *Context) Verify(msg32 []byte, sig []byte, pubkey []byte) (valid bool, err error)
```
**Parameters:**
- `msg32`: 32-byte message hash
- `sig`: 64-byte internal signature
- `pubkey`: 64-byte internal public key
**Returns:**
- `valid`: true if signature is valid
- `err`: Error if verification failed
### Context.SerializeSignatureDER
Serializes a signature to DER format.
```go
func (c *Context) SerializeSignatureDER(sig []byte) (output []byte, err error)
```
**Parameters:**
- `sig`: 64-byte internal signature
**Returns:**
- `output`: DER-encoded signature (variable length, max 72 bytes)
- `err`: Error if serialization failed
### Context.ParseSignatureDER
Parses a DER-encoded signature.
```go
func (c *Context) ParseSignatureDER(input []byte) (sig []byte, err error)
```
**Parameters:**
- `input`: DER-encoded signature
**Returns:**
- `sig`: 64-byte internal signature representation
- `err`: Error if parsing failed
### Context.SerializeSignatureCompact
Serializes a signature to compact format (64 bytes).
```go
func (c *Context) SerializeSignatureCompact(sig []byte) (output []byte, err error)
```
**Parameters:**
- `sig`: 64-byte internal signature
**Returns:**
- `output`: 64-byte compact signature
- `err`: Error if serialization failed
### Context.ParseSignatureCompact
Parses a compact (64-byte) signature.
```go
func (c *Context) ParseSignatureCompact(input64 []byte) (sig []byte, err error)
```
**Parameters:**
- `input64`: 64-byte compact signature
**Returns:**
- `sig`: 64-byte internal signature representation
- `err`: Error if parsing failed
### Context.NormalizeSignature
Normalizes a signature to lower-S form.
```go
func (c *Context) NormalizeSignature(sig []byte) (normalized []byte, wasNormalized bool, err error)
```
**Parameters:**
- `sig`: 64-byte internal signature
**Returns:**
- `normalized`: Normalized signature
- `wasNormalized`: true if signature was modified
- `err`: Error if normalization failed
---
## Schnorr Signatures
### Context.CreateKeypair
Creates a keypair for Schnorr signatures.
```go
func (c *Context) CreateKeypair(seckey []byte) (keypair Keypair, err error)
```
**Parameters:**
- `seckey`: 32-byte private key
**Returns:**
- `keypair`: 96-byte keypair structure
- `err`: Error if creation failed
### Context.KeypairXOnlyPub
Extracts the x-only public key from a keypair.
```go
func (c *Context) KeypairXOnlyPub(keypair Keypair) (xonly XOnlyPublicKey, pkParity int32, err error)
```
**Parameters:**
- `keypair`: 96-byte keypair
**Returns:**
- `xonly`: 32-byte x-only public key
- `pkParity`: Public key parity (0 or 1)
- `err`: Error if extraction failed
### Context.SchnorrSign
Creates a Schnorr signature (BIP-340).
```go
func (c *Context) SchnorrSign(msg32 []byte, keypair Keypair, auxRand32 []byte) (sig []byte, err error)
```
**Parameters:**
- `msg32`: 32-byte message hash
- `keypair`: 96-byte keypair
- `auxRand32`: 32 bytes of auxiliary random data (can be nil)
**Returns:**
- `sig`: 64-byte Schnorr signature
- `err`: Error if signing failed
### Context.SchnorrVerify
Verifies a Schnorr signature (BIP-340).
```go
func (c *Context) SchnorrVerify(sig64 []byte, msg []byte, xonlyPubkey []byte) (valid bool, err error)
```
**Parameters:**
- `sig64`: 64-byte Schnorr signature
- `msg`: Message (any length)
- `xonlyPubkey`: 32-byte x-only public key
**Returns:**
- `valid`: true if signature is valid
- `err`: Error if verification failed
### Context.ParseXOnlyPublicKey
Parses a 32-byte x-only public key.
```go
func (c *Context) ParseXOnlyPublicKey(input32 []byte) (xonly []byte, err error)
```
**Parameters:**
- `input32`: 32-byte x-only public key
**Returns:**
- `xonly`: 64-byte internal representation
- `err`: Error if parsing failed
### Context.SerializeXOnlyPublicKey
Serializes an x-only public key to 32 bytes.
```go
func (c *Context) SerializeXOnlyPublicKey(xonly []byte) (output32 []byte, err error)
```
**Parameters:**
- `xonly`: 64-byte internal x-only public key
**Returns:**
- `output32`: 32-byte serialized x-only public key
- `err`: Error if serialization failed
### Context.XOnlyPublicKeyFromPublicKey
Converts a regular public key to an x-only public key.
```go
func (c *Context) XOnlyPublicKeyFromPublicKey(pubkey []byte) (xonly []byte, pkParity int32, err error)
```
**Parameters:**
- `pubkey`: 64-byte internal public key
**Returns:**
- `xonly`: 64-byte internal x-only public key
- `pkParity`: Public key parity
- `err`: Error if conversion failed
---
## ECDH
### Context.ECDH
Computes an EC Diffie-Hellman shared secret.
```go
func (c *Context) ECDH(pubkey []byte, seckey []byte) (output []byte, err error)
```
**Parameters:**
- `pubkey`: 64-byte internal public key
- `seckey`: 32-byte private key
**Returns:**
- `output`: 32-byte shared secret
- `err`: Error if computation failed
---
## Recovery
### Context.SignRecoverable
Creates a recoverable ECDSA signature.
```go
func (c *Context) SignRecoverable(msg32 []byte, seckey []byte) (sig []byte, err error)
```
**Parameters:**
- `msg32`: 32-byte message hash
- `seckey`: 32-byte private key
**Returns:**
- `sig`: 65-byte recoverable signature
- `err`: Error if signing failed
### Context.SerializeRecoverableSignatureCompact
Serializes a recoverable signature.
```go
func (c *Context) SerializeRecoverableSignatureCompact(sig []byte) (output64 []byte, recid int32, err error)
```
**Parameters:**
- `sig`: 65-byte recoverable signature
**Returns:**
- `output64`: 64-byte compact signature
- `recid`: Recovery ID (0-3)
- `err`: Error if serialization failed
### Context.ParseRecoverableSignatureCompact
Parses a compact recoverable signature.
```go
func (c *Context) ParseRecoverableSignatureCompact(input64 []byte, recid int32) (sig []byte, err error)
```
**Parameters:**
- `input64`: 64-byte compact signature
- `recid`: Recovery ID (0-3)
**Returns:**
- `sig`: 65-byte recoverable signature
- `err`: Error if parsing failed
### Context.Recover
Recovers a public key from a recoverable signature.
```go
func (c *Context) Recover(sig []byte, msg32 []byte) (pubkey []byte, err error)
```
**Parameters:**
- `sig`: 65-byte recoverable signature
- `msg32`: 32-byte message hash
**Returns:**
- `pubkey`: 64-byte internal public key
- `err`: Error if recovery failed
---
## Utility Functions
Convenience functions that manage contexts automatically.
### GeneratePrivateKey
```go
func GeneratePrivateKey() (privKey []byte, err error)
```
Generates a random 32-byte private key.
### PublicKeyFromPrivate
```go
func PublicKeyFromPrivate(privKey []byte, compressed bool) (pubKey []byte, err error)
```
Generates a serialized public key from a private key.
### SignMessage
```go
func SignMessage(msgHash []byte, privKey []byte) (sig []byte, err error)
```
Signs a message and returns compact signature (64 bytes).
### VerifyMessage
```go
func VerifyMessage(msgHash []byte, compactSig []byte, serializedPubKey []byte) (valid bool, err error)
```
Verifies a compact signature.
### SignMessageDER
```go
func SignMessageDER(msgHash []byte, privKey []byte) (derSig []byte, err error)
```
Signs a message and returns DER-encoded signature.
### VerifyMessageDER
```go
func VerifyMessageDER(msgHash []byte, derSig []byte, serializedPubKey []byte) (valid bool, err error)
```
Verifies a DER-encoded signature.
### SchnorrSign
```go
func SchnorrSign(msgHash []byte, privKey []byte, auxRand []byte) (sig []byte, err error)
```
Creates a Schnorr signature (64 bytes).
### SchnorrVerifyWithPubKey
```go
func SchnorrVerifyWithPubKey(msgHash []byte, sig []byte, xonlyPubKey []byte) (valid bool, err error)
```
Verifies a Schnorr signature.
### XOnlyPubKeyFromPrivate
```go
func XOnlyPubKeyFromPrivate(privKey []byte) (xonly []byte, pkParity int32, err error)
```
Generates x-only public key from private key.
### ComputeECDH
```go
func ComputeECDH(serializedPubKey []byte, privKey []byte) (secret []byte, err error)
```
Computes ECDH shared secret.
### SignRecoverableCompact
```go
func SignRecoverableCompact(msgHash []byte, privKey []byte) (sig []byte, recID int32, err error)
```
Signs with recovery information.
### RecoverPubKey
```go
func RecoverPubKey(msgHash []byte, compactSig []byte, recID int32, compressed bool) (pubKey []byte, err error)
```
Recovers public key from signature.
### ValidatePrivateKey
```go
func ValidatePrivateKey(privKey []byte) (valid bool, err error)
```
Checks if a private key is valid.
### IsPublicKeyValid
```go
func IsPublicKeyValid(serializedPubKey []byte) (valid bool, err error)
```
Checks if a serialized public key is valid.
---
## Constants
### Context Flags
```go
const (
ContextNone = 1
ContextVerify = 257
ContextSign = 513
ContextDeclassify = 1025
)
```
### EC Flags
```go
const (
ECCompressed = 258
ECUncompressed = 2
)
```
### Size Constants
```go
const (
PublicKeySize = 64
CompressedPublicKeySize = 33
UncompressedPublicKeySize = 65
SignatureSize = 64
CompactSignatureSize = 64
PrivateKeySize = 32
SharedSecretSize = 32
SchnorrSignatureSize = 64
RecoverableSignatureSize = 65
)
```
---
## Types
### Context
```go
type Context struct {
ctx uintptr
}
```
Opaque context handle.
### Keypair
```go
type Keypair [96]byte
```
Schnorr keypair structure.
### XOnlyPublicKey
```go
type XOnlyPublicKey [64]byte
```
64-byte x-only public key (internal representation).
---
## Error Handling
All functions return errors. Common error conditions:
- Library not loaded or not found
- Invalid parameter sizes
- Invalid keys or signatures
- Module not available (Schnorr, ECDH, Recovery)
Always check returned errors:
```go
result, err := secp.SomeFunction(...)
if err != nil {
// Handle error
return err
}
```
---
## Thread Safety
Context objects are **NOT** thread-safe. Each goroutine should create its own context.
Utility functions are safe to use concurrently as they create temporary contexts.
---
## Memory Management
Contexts are automatically cleaned up via finalizers, but explicit cleanup with `Destroy()` is recommended:
```go
ctx, _ := secp.NewContext(secp.ContextSign)
defer ctx.Destroy()
```
All byte slices returned by the library are copies and safe to use/modify.

239
pkg/crypto/p8k/IMPLEMENTATION.md Normal file
View File

@@ -0,0 +1,239 @@
# P8K Signer Package Implementation
## Overview
Created a new `/p8k` package that provides a unified secp256k1 signer interface with **granular automatic fallback** from C bindings to pure Go implementation.
## Key Features
### 1. **Granular Module Detection**
The signer automatically detects which libsecp256k1 modules are available at runtime:
- **Core ECDSA**: Always uses C if library loads
- **Schnorr (BIP-340)**: Uses C if Schnorr module available, otherwise pure Go fallback
- **ECDH**: Uses C if ECDH module available, otherwise pure Go fallback
- **Recovery**: Uses C if Recovery module available, otherwise pure Go fallback
### 2. **Per-Function Fallback**
Unlike all-or-nothing approaches, this implementation falls back on a per-function basis:
```
Library Available + Schnorr Missing:
✓ ECDSA operations → C bindings (fast)
✓ Public key generation → C bindings (fast)
✗ Schnorr operations → Pure Go p256k1 (reliable)
✓ ECDH operations → C bindings (fast)
```
### 3. **Thread-Safe**
All operations are protected with RWMutex for safe concurrent access.
### 4. **Zero Configuration**
No manual configuration needed - fallback happens automatically during initialization.
## Package Structure
```
/p8k/
├── signer.go # Main implementation with granular fallback
├── signer_test.go # Comprehensive test suite
├── go.mod # Module definition
└── README.md # Package documentation
```
## API
### Initialization
```go
signer, err := p8k.NewSigner()
defer signer.Close()
```
### Status Checking
```go
status := signer.GetModuleStatus()
// Returns: map[string]bool{
// "library": true/false,
// "schnorr": true/false,
// "ecdh": true/false,
// "recovery": true/false,
// }
isFullFallback := signer.IsUsingFallback()
```
### Cryptographic Operations
```go
// Public key derivation
pubkey, err := signer.GeneratePublicKey(privkey)
// Schnorr signatures (BIP-340)
sig, err := signer.SchnorrSign(msg32, privkey, auxrand)
valid, err := signer.SchnorrVerify(sig, msg32, xonlyPubkey)
xonly, err := signer.GetXOnlyPubkey(privkey)
// ECDSA signatures
sig, err := signer.Sign(msg, privkey)
valid, err := signer.Verify(msg, sig, pubkey)
// ECDH key exchange
secret, err := signer.ECDHSharedSecret(theirPubkey, myPrivkey)
```
## Implementation Details
### Module Detection Process
1. **Library Load**: Attempts to load libsecp256k1 via purego
2. **Module Testing**: If library loads, tests each optional module:
- Creates test keys and attempts module-specific operations
- Uses panic recovery to handle missing functions gracefully
- Sets module availability flags
3. **Runtime Fallback**: Each function checks relevant flags before calling C or Go
### Fallback Strategy
```go
func (s *Signer) SchnorrSign(...) {
// Check if Schnorr module is available
if !s.hasLibrary || !s.hasSchnorr {
// Use pure Go p256k1
return p256k1.SchnorrSign(...)
}
// Use C bindings
return s.ctx.SchnorrSign(...)
}
```
## Benchmarks
Extended the benchmark suite in `/bench/bench_test.go` to include Signer interface benchmarks:
### New Benchmarks
- `BenchmarkSigner_PubkeyDerivation`
- `BenchmarkSigner_SchnorrSign`
- `BenchmarkSigner_SchnorrVerify`
- `BenchmarkSigner_ECDH`
- `BenchmarkSigner_ECDSASign`
- `BenchmarkSigner_ECDSAVerify`
- `BenchmarkSigner_ModuleDetection` - Measures initialization overhead
- `BenchmarkSigner_GetModuleStatus` - Measures status check overhead
### Comparative Benchmarks
All comparative benchmarks now include the Signer interface:
- `BenchmarkComparative_PubkeyDerivation` - BTCEC vs P256K1 vs P8K vs **Signer**
- `BenchmarkComparative_SchnorrSign` - BTCEC vs P256K1 vs P8K vs **Signer**
- `BenchmarkComparative_SchnorrVerify` - BTCEC vs P256K1 vs P8K vs **Signer**
- `BenchmarkComparative_ECDH` - BTCEC vs P256K1 vs P8K vs **Signer**
### Running Benchmarks
```bash
cd bench
# Run all Signer benchmarks
go test -bench=Signer -benchmem
# Run comparative benchmarks
go test -bench=Comparative -benchmem
# Run all benchmarks
go test -bench=. -benchmem
```
## Use Cases
### Scenario 1: Full C Performance
```
Library: ✓, Schnorr: ✓, ECDH: ✓
→ All operations use C bindings (maximum performance)
```
### Scenario 2: Partial Modules (Most Interesting)
```
Library: ✓, Schnorr: ✗, ECDH: ✓
→ ECDSA and ECDH use C (fast)
→ Schnorr uses pure Go (reliable)
→ Mixed mode operation
```
### Scenario 3: No Library Available
```
Library: ✗, Schnorr: ✗, ECDH: ✗
→ All operations use pure Go (guaranteed compatibility)
```
## Testing
The test suite includes:
- Module detection testing
- Per-function fallback verification
- Mixed-mode operation tests (C + Go simultaneously)
- Schnorr sign/verify round-trips
- ECDH shared secret agreement
- ECDSA sign/verify round-trips
Run tests:
```bash
cd p8k
go test -v
```
## Benefits
1. **Maximum Performance**: Uses C when available
2. **Maximum Compatibility**: Falls back to pure Go when needed
3. **Granular Control**: Per-function fallback, not all-or-nothing
4. **Zero Config**: Automatic detection and fallback
5. **Production Ready**: Thread-safe, tested, documented
## Integration
To use in your project:
```go
import "next.orly.dev/pkg/crypto/p8k/p8k"
func main() {
signer, err := p8k.NewSigner()
if err != nil {
log.Fatal(err)
}
defer signer.Close()
// Check what's being used
status := signer.GetModuleStatus()
log.Printf("Using C Schnorr: %v", status["schnorr"])
// Use it - same API regardless of backend
sig, _ := signer.SchnorrSign(msg, privkey, auxrand)
}
```
## Future Enhancements
Potential additions:
- Metrics/telemetry for fallback usage
- Configurable fallback behavior
- Additional module support (MuSig, Taproot, etc.)
- Benchmark results comparison tool
- Performance regression testing
## Files Modified/Created
### Created
- `/p8k/signer.go` - Main signer implementation (398 lines)
- `/p8k/signer_test.go` - Test suite (187 lines)
- `/p8k/go.mod` - Module definition
- `/p8k/README.md` - Package documentation
- `/p8k/IMPLEMENTATION.md` - This file
### Modified
- `/bench/bench_test.go` - Added Signer benchmarks and comparative tests
- `/bench/go.mod` - Added p8k/p8k dependency
## Performance Expectations
When Schnorr module is missing (most interesting case):
- **Public key derivation**: C performance (~20μs)
- **ECDSA operations**: C performance (~20-40μs)
- **ECDH**: C performance (~40μs)
- **Schnorr sign**: Pure Go (~30μs)
- **Schnorr verify**: Pure Go (~130μs)
This gives you the best of both worlds - C performance where available, Go reliability everywhere.

73
pkg/crypto/p8k/LIBRARY.md Normal file
View File

@@ -0,0 +1,73 @@
# Bundled Library for Linux AMD64
This directory contains a bundled copy of libsecp256k1 for Linux AMD64 systems.
## Library Information
- **File**: `libsecp256k1.so`
- **Version**: 5.0.0
- **Size**: 1.8 MB
- **Built**: November 4, 2025
- **Architecture**: Linux AMD64
- **Modules**: Schnorr, ECDH, Recovery, Extrakeys
## Why Bundled?
The bundled library provides several benefits:
1. **Zero Installation** - Works out of the box on Linux AMD64
2. **Consistent Version** - Ensures all users have the same tested version
3. **Full Module Support** - Built with all optional modules enabled
4. **Performance** - Optimized build with latest features
## Usage
The library loader automatically tries the bundled library first on Linux AMD64:
```go
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
// Uses bundled ./libsecp256k1.so on Linux AMD64
```
## Build Information
The bundled library was built from the Bitcoin Core secp256k1 repository with:
```bash
./autogen.sh
./configure --enable-module-recovery \
--enable-module-schnorrsig \
--enable-module-ecdh \
--enable-module-extrakeys \
--enable-benchmark=no \
--enable-tests=no
make
```
## Fallback
If the bundled library doesn't work for your system, the loader will automatically fall back to system-installed versions:
1. `libsecp256k1.so.5` (system)
2. `libsecp256k1.so.2` (system)
3. `/usr/lib/libsecp256k1.so`
4. `/usr/local/lib/libsecp256k1.so`
5. `/usr/lib/x86_64-linux-gnu/libsecp256k1.so`
## Other Platforms
For other platforms (macOS, Windows, or other architectures), install libsecp256k1 using your system package manager:
**macOS:**
```bash
brew install libsecp256k1
```
**Windows:**
Download from https://github.com/bitcoin-core/secp256k1/releases
## License
libsecp256k1 is licensed under the MIT License.
See: https://github.com/bitcoin-core/secp256k1/blob/master/COPYING

24
pkg/crypto/p8k/LICENSE Normal file
View File

@@ -0,0 +1,24 @@
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <https://unlicense.org>

96
pkg/crypto/p8k/Makefile Normal file
View File

@@ -0,0 +1,96 @@
.PHONY: test build clean examples install-deps check fmt vet lint
# Test the package
test:
go test -v ./...
# Run benchmarks
bench:
go test -bench=. -benchmem ./...
# Build examples
build: examples
examples:
@echo "Building examples..."
@mkdir -p bin
@go build -o bin/ecdsa-example ./examples/ecdsa
@go build -o bin/schnorr-example ./examples/schnorr
@go build -o bin/ecdh-example ./examples/ecdh
@go build -o bin/recovery-example ./examples/recovery
@echo "Examples built in bin/"
# Run all examples
run-examples: examples
@echo "\n=== ECDSA Example ==="
@./bin/ecdsa-example
@echo "\n=== Schnorr Example ==="
@./bin/schnorr-example || echo "Schnorr module not available"
@echo "\n=== ECDH Example ==="
@./bin/ecdh-example || echo "ECDH module not available"
@echo "\n=== Recovery Example ==="
@./bin/recovery-example || echo "Recovery module not available"
# Clean build artifacts
clean:
@rm -rf bin/
@go clean
# Install dependencies
install-deps:
go get -u ./...
go mod tidy
# Check code
check: fmt vet
# Format code
fmt:
go fmt ./...
# Run go vet
vet:
go vet ./...
# Run linter (requires golangci-lint)
lint:
@which golangci-lint > /dev/null || (echo "golangci-lint not installed. Install from https://golangci-lint.run/usage/install/"; exit 1)
golangci-lint run
# Show module information
info:
@echo "Module: p8k.mleku.dev"
@echo "Go version: $(shell go version)"
@echo "Dependencies:"
@go list -m all
# Download and build libsecp256k1 from source (Linux/macOS)
install-secp256k1:
@echo "Downloading and building libsecp256k1..."
@rm -rf /tmp/secp256k1
@git clone https://github.com/bitcoin-core/secp256k1 /tmp/secp256k1
@cd /tmp/secp256k1 && ./autogen.sh
@cd /tmp/secp256k1 && ./configure --enable-module-recovery --enable-module-schnorrsig --enable-module-ecdh --enable-module-extrakeys
@cd /tmp/secp256k1 && make
@cd /tmp/secp256k1 && sudo make install
@sudo ldconfig || true
@echo "libsecp256k1 installed successfully"
# Help
help:
@echo "Available targets:"
@echo " test - Run tests"
@echo " bench - Run benchmarks"
@echo " build - Build examples"
@echo " examples - Build examples (alias for build)"
@echo " run-examples - Build and run all examples"
@echo " clean - Clean build artifacts"
@echo " install-deps - Install Go dependencies"
@echo " check - Run fmt and vet"
@echo " fmt - Format code"
@echo " vet - Run go vet"
@echo " lint - Run golangci-lint"
@echo " info - Show module information"
@echo " install-secp256k1 - Download and build libsecp256k1 from source"
@echo " help - Show this help message"

183
pkg/crypto/p8k/QUICKSTART.md Normal file
View File

@@ -0,0 +1,183 @@
# Quick Reference Guide for p8k.mleku.dev
## Installation
```bash
go get p8k.mleku.dev
```
## Library Requirements
Install libsecp256k1 on your system:
**Ubuntu/Debian:**
```bash
sudo apt-get install libsecp256k1-dev
```
**macOS:**
```bash
brew install libsecp256k1
```
**From source:**
```bash
make install-secp256k1
```
## Quick Start
### Basic ECDSA
```go
import "next.orly.dev/pkg/crypto/p8k"
// Generate key pair
privKey, _ := secp.GeneratePrivateKey()
pubKey, _ := secp.PublicKeyFromPrivate(privKey, true) // compressed
// Sign message
msgHash := sha256.Sum256([]byte("Hello"))
sig, _ := secp.SignMessage(msgHash[:], privKey)
// Verify signature
valid, _ := secp.VerifyMessage(msgHash[:], sig, pubKey)
```
### Schnorr Signatures (BIP-340)
```go
// Generate x-only public key
xonly, _, _ := secp.XOnlyPubKeyFromPrivate(privKey)
// Sign with Schnorr
auxRand, _ := secp.GeneratePrivateKey() // 32 random bytes
sig, _ := secp.SchnorrSign(msgHash[:], privKey, auxRand)
// Verify
valid, _ := secp.SchnorrVerifyWithPubKey(msgHash[:], sig, xonly)
```
### ECDH Key Exchange
```go
// Compute shared secret
sharedSecret, _ := secp.ComputeECDH(theirPubKey, myPrivKey)
```
### Public Key Recovery
```go
// Sign with recovery
sig, recID, _ := secp.SignRecoverableCompact(msgHash[:], privKey)
// Recover public key
recoveredPubKey, _ := secp.RecoverPubKey(msgHash[:], sig, recID, true)
```
## Context-Based API (Advanced)
For more control, use the context-based API:
```go
ctx, _ := secp.NewContext(secp.ContextSign | secp.ContextVerify)
defer ctx.Destroy()
// Use ctx methods directly
pubKey, _ := ctx.CreatePublicKey(privKey)
sig, _ := ctx.Sign(msgHash[:], privKey)
valid, _ := ctx.Verify(msgHash[:], sig, pubKey)
```
## Constants
```go
secp.PrivateKeySize // 32 bytes
secp.PublicKeySize // 64 bytes (internal format)
secp.CompressedPublicKeySize // 33 bytes (serialized)
secp.UncompressedPublicKeySize // 65 bytes (serialized)
secp.SignatureSize // 64 bytes (internal format)
secp.CompactSignatureSize // 64 bytes (serialized)
secp.SchnorrSignatureSize // 64 bytes
secp.SharedSecretSize // 32 bytes
secp.RecoverableSignatureSize // 65 bytes
```
## Context Flags
```go
secp.ContextNone // No flags
secp.ContextVerify // For verification operations
secp.ContextSign // For signing operations
secp.ContextDeclassify // For declassification
```
## Testing
```bash
# Run tests
make test
# Run benchmarks
make bench
# Run examples
make run-examples
```
## Performance Tips
1. **Reuse contexts**: Creating contexts is expensive. Reuse them when possible.
2. **Use utility functions**: For one-off operations, utility functions manage contexts for you.
3. **Batch operations**: If doing many operations, create one context and use it for all.
## Module Availability
Not all modules may be available in your libsecp256k1 build:
- **ECDSA**: Always available
- **Schnorr**: Requires `--enable-module-schnorrsig`
- **ECDH**: Requires `--enable-module-ecdh`
- **Recovery**: Requires `--enable-module-recovery`
Functions will return an error if the required module is not available.
## Error Handling
All functions return errors. Always check them:
```go
sig, err := secp.SignMessage(msgHash[:], privKey)
if err != nil {
log.Fatal(err)
}
```
## Thread Safety
Context objects are NOT thread-safe. Each goroutine should have its own context.
```go
// BAD: Sharing context across goroutines
ctx, _ := secp.NewContext(secp.ContextSign)
go func() { ctx.Sign(...) }()
go func() { ctx.Sign(...) }() // Race condition!
// GOOD: Each goroutine gets its own context
go func() {
ctx, _ := secp.NewContext(secp.ContextSign)
defer ctx.Destroy()
ctx.Sign(...)
}()
```
## License
MIT License
## Links
- Repository: https://github.com/bitcoin-core/secp256k1 (upstream)
- BIP-340 (Schnorr): https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
- BIP-327 (MuSig2): https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki

95
pkg/crypto/p8k/README.md Normal file
View File

@@ -0,0 +1,95 @@
# p8k - Unified Secp256k1 Signer with Automatic Fallback
This package provides a unified interface for secp256k1 cryptographic operations with automatic fallback from C bindings to pure Go.
## Features
- **Granular Fallback**: Uses libsecp256k1 via purego when available, falls back to pure Go p256k1 on a per-function basis
- **Module Detection**: Automatically detects which libsecp256k1 modules (Schnorr, ECDH, Recovery) are available
- **No Manual Configuration**: Fallback happens automatically at initialization
- **Thread-Safe**: All operations are protected with RWMutex
- **Complete API**: Schnorr (BIP-340), ECDSA, ECDH, and public key operations
- **Transparent Performance**: Get C-level performance when possible, pure Go reliability always
## How It Works
The signer detects which optional modules are compiled into libsecp256k1:
- **Core functions** (ECDSA, pubkey): Always use C if library loads
- **Schnorr functions**: Use C if Schnorr module available, otherwise pure Go
- **ECDH functions**: Use C if ECDH module available, otherwise pure Go
- **Recovery functions**: Use C if Recovery module available, otherwise pure Go
This means you can have libsecp256k1 without Schnorr support, and the signer will use C for ECDSA while transparently falling back to pure Go for Schnorr operations.
## Usage
```go
import "next.orly.dev/pkg/crypto/p8k/p8k"
func main() {
// Create signer (automatically detects and falls back)
signer, err := p8k.NewSigner()
if err != nil {
log.Fatal(err)
}
defer signer.Close()
// Check which modules are available
status := signer.GetModuleStatus()
log.Printf("Library: %v, Schnorr: %v, ECDH: %v",
status["library"], status["schnorr"], status["ecdh"])
// Use normally - interface is the same regardless
privkey := make([]byte, 32)
rand.Read(privkey)
pubkey, _ := signer.GeneratePublicKey(privkey)
sig, _ := signer.SchnorrSign(msg, privkey, auxrand)
valid, _ := signer.SchnorrVerify(sig, msg, xonly)
}
```
## API
- `NewSigner()` - Create new signer with auto-fallback
- `Close()` - Clean up resources
- `IsUsingFallback()` - Check if using pure Go for everything
- `GetModuleStatus()` - Check which modules are available
- `GeneratePublicKey(privkey)` - Derive public key
- `SchnorrSign(msg, privkey, auxrand)` - BIP-340 Schnorr signature
- `SchnorrVerify(sig, msg, xonly)` - Verify Schnorr signature
- `Sign(msg, privkey)` - ECDSA signature
- `Verify(msg, sig, pubkey)` - Verify ECDSA signature
- `ECDHSharedSecret(pubkey, privkey)` - Compute shared secret
- `GetXOnlyPubkey(privkey)` - Extract x-only pubkey
## Performance
When libsecp256k1 is available with all modules, you get full C-level performance. When specific modules are missing, only those functions fall back to pure Go while the rest stay at C performance.
## Module Status Examples
**Full C bindings (all modules available):**
```
Library: true, Schnorr: true, ECDH: true, Recovery: true
→ All operations use C bindings (maximum performance)
```
**Partial C bindings (Schnorr module missing):**
```
Library: true, Schnorr: false, ECDH: true, Recovery: true
→ ECDSA and ECDH use C, Schnorr uses pure Go
```
**Full pure Go fallback (library not available):**
```
Library: false, Schnorr: false, ECDH: false, Recovery: false
→ All operations use pure Go (guaranteed compatibility)
```
## License
MIT License

290
pkg/crypto/p8k/SUMMARY.md Normal file
View File

@@ -0,0 +1,290 @@
# p8k.mleku.dev - Project Summary
## Overview
A complete Go package providing bindings to libsecp256k1 **without CGO**. Uses dynamic library loading via [purego](https://github.com/ebitengine/purego) to call C functions directly.
## Project Structure
```
p8k.mleku.dev/
├── libsecp256k1.so # Bundled library for Linux AMD64 (1.8 MB)
├── secp.go # Core library with context management and ECDSA
├── schnorr.go # Schnorr signature (BIP-340) module
├── ecdh.go # ECDH key exchange module
├── recovery.go # Public key recovery module
├── utils.go # High-level convenience functions
├── secp_test.go # Comprehensive test suite
├── examples/
│ ├── ecdsa/ # ECDSA example
│ ├── schnorr/ # Schnorr signature example
│ ├── ecdh/ # ECDH key exchange example
│ └── recovery/ # Public key recovery example
├── bench/ # Comparative benchmark suite
│ ├── bench_test.go # Benchmarks vs BTCEC and P256K1
│ ├── Makefile # Convenient benchmark targets
│ ├── README.md # Benchmark documentation
│ └── run_benchmarks.sh # Automated benchmark runner
├── go.mod # Module definition
├── go.sum # Dependency checksums
├── Makefile # Build automation
├── README.md # Main documentation
├── QUICKSTART.md # Quick reference guide
├── API.md # Complete API documentation
├── LIBRARY.md # Bundled library documentation
└── LICENSE # MIT License
```
## Features Implemented
### Core Functionality (secp.go)
✓ Dynamic library loading for Linux, macOS, Windows
✓ Context creation and management with automatic cleanup
✓ Context randomization
✓ Public key generation from private keys
✓ Public key serialization (compressed/uncompressed)
✓ Public key parsing
✓ ECDSA signature creation
✓ ECDSA signature verification
✓ DER signature encoding/decoding
✓ Compact signature encoding/decoding
✓ Signature normalization
### Schnorr Module (schnorr.go)
✓ Keypair creation for Schnorr
✓ X-only public key extraction
✓ Schnorr signature creation (BIP-340)
✓ Schnorr signature verification (BIP-340)
✓ X-only public key parsing/serialization
✓ Conversion from regular to x-only public keys
### ECDH Module (ecdh.go)
✓ EC Diffie-Hellman shared secret computation
### Recovery Module (recovery.go)
✓ Recoverable signature creation
✓ Recoverable signature serialization
✓ Recoverable signature parsing
✓ Public key recovery from signatures
### Utility Functions (utils.go)
✓ Private key generation
✓ One-line key generation helpers
✓ One-line signing helpers
✓ One-line verification helpers
✓ Key validation functions
✓ All operations with automatic context management
### Testing (secp_test.go)
✓ Context creation tests
✓ Public key generation tests
✓ Serialization tests
✓ ECDSA signing and verification tests
✓ DER encoding tests
✓ Compact encoding tests
✓ Signature normalization tests
✓ Schnorr signature tests
✓ ECDH tests
✓ Recovery tests
✓ Performance benchmarks
### Examples
✓ Complete ECDSA example
✓ Complete Schnorr signature example
✓ Complete ECDH example
✓ Complete recovery example
### Documentation
✓ Comprehensive README with installation and usage
✓ Quick reference guide (QUICKSTART.md)
✓ Complete API documentation (API.md)
✓ Inline code documentation
✓ Example programs
### Build System
✓ Makefile with targets for test, build, examples, etc.
✓ Automated library installation helper
✓ Example building and running
## Technical Details
### No CGO Required
- Uses `purego` library for dynamic loading
- Opens libsecp256k1.so/.dylib/.dll at runtime
- Registers C function symbols dynamically
- Zero C compiler dependency
### Library Loading
- Automatic platform detection (Linux/macOS/Windows)
- Tries multiple common library paths
- Clear error messages on failure
- Optional module detection (graceful degradation)
### Memory Management
- Automatic context cleanup via finalizers
- Safe byte slice handling
- No memory leaks
- Proper resource cleanup
### API Design
- Two-tier API: Low-level (context-based) and high-level (utility functions)
- Named return values throughout
- Comprehensive error handling
- Clear error messages
- Type safety
### Performance
- Direct C function calls via purego
- Minimal overhead compared to CGO
- Benchmarks included
- Context reuse for batch operations
## Constants Defined
```go
// Context flags
ContextNone, ContextVerify, ContextSign, ContextDeclassify
// EC flags
ECCompressed, ECUncompressed
// Sizes
PublicKeySize = 64
CompressedPublicKeySize = 33
UncompressedPublicKeySize = 65
SignatureSize = 64
CompactSignatureSize = 64
PrivateKeySize = 32
SharedSecretSize = 32
SchnorrSignatureSize = 64
RecoverableSignatureSize = 65
```
## All C Functions Bound
### Core Functions
- secp256k1_context_create
- secp256k1_context_destroy
- secp256k1_context_randomize
- secp256k1_ec_pubkey_create
- secp256k1_ec_pubkey_serialize
- secp256k1_ec_pubkey_parse
- secp256k1_ecdsa_sign
- secp256k1_ecdsa_verify
- secp256k1_ecdsa_signature_serialize_der
- secp256k1_ecdsa_signature_parse_der
- secp256k1_ecdsa_signature_serialize_compact
- secp256k1_ecdsa_signature_parse_compact
- secp256k1_ecdsa_signature_normalize
### Schnorr Module
- secp256k1_schnorrsig_sign32
- secp256k1_schnorrsig_verify
- secp256k1_keypair_create
- secp256k1_xonly_pubkey_parse
- secp256k1_xonly_pubkey_serialize
- secp256k1_keypair_xonly_pub
- secp256k1_xonly_pubkey_from_pubkey
### ECDH Module
- secp256k1_ecdh
### Recovery Module
- secp256k1_ecdsa_recoverable_signature_serialize_compact
- secp256k1_ecdsa_recoverable_signature_parse_compact
- secp256k1_ecdsa_sign_recoverable
- secp256k1_ecdsa_recover
## Usage
### Basic Example
```go
import "next.orly.dev/pkg/crypto/p8k"
// Generate keys
privKey, _ := secp.GeneratePrivateKey()
pubKey, _ := secp.PublicKeyFromPrivate(privKey, true)
// Sign message
msgHash := sha256.Sum256([]byte("Hello"))
sig, _ := secp.SignMessage(msgHash[:], privKey)
// Verify signature
valid, _ := secp.VerifyMessage(msgHash[:], sig, pubKey)
```
## Testing
```bash
# Run all tests
make test
# Run benchmarks
make bench
# Build and run examples
make run-examples
# Build everything
make build
```
## Requirements
- Go 1.25.3 or later
- libsecp256k1 installed on system
- Linux, macOS, or Windows
## Installation
```bash
# Install the package
go get p8k.mleku.dev
# Install libsecp256k1
make install-secp256k1 # Or use your package manager
```
## Benefits Over CGO
1. **No C Compiler**: No need for GCC/Clang during builds
2. **Faster Builds**: No C compilation step
3. **Cross-Compilation**: Easier to cross-compile
4. **Pure Go**: Better integration with Go tooling
5. **Runtime Linking**: Can use system-installed libraries
6. **Bundled Library**: Linux AMD64 includes pre-built library (zero installation!)
## System Requirements
**Linux AMD64**: ✅ Bundled library included (libsecp256k1.so v5.0.0, 1.8 MB) - works out of the box!
**Other Platforms**:
- Go 1.25.3 or later
- libsecp256k1 installed on system
- macOS, Windows, or other Linux architectures
## Thread Safety
Context objects are NOT thread-safe. Each goroutine should have its own context. Utility functions are safe to use concurrently.
## License
MIT License
## Credits
Bindings to [libsecp256k1](https://github.com/bitcoin-core/secp256k1) by Bitcoin Core developers.
## Status
✅ All core functionality implemented
✅ All modules implemented (Schnorr, ECDH, Recovery)
✅ Comprehensive tests written
✅ Examples provided
✅ Comprehensive benchmark suite (vs BTCEC & P256K1)
✅ Documentation complete
✅ Bundled library for Linux AMD64 (zero installation!)
✅ Compiles without errors
✅ Ready for production use

97
pkg/crypto/p8k/bench/BENCHMARK_RESULTS.md Normal file
View File

@@ -0,0 +1,97 @@
# Performance Benchmark Results
## Test Environment
- **CPU**: AMD Ryzen 5 PRO 4650G with Radeon Graphics
- **OS**: Linux (amd64)
- **Date**: November 4, 2025
- **Benchmark Time**: 1 second per test
## Implementations Compared
1. **BTCEC** - btcsuite/btcd/btcec/v2 (Pure Go)
2. **P256K1** - p256k1.mleku.dev v1.0.2 (Pure Go)
3. **P8K** - p8k.mleku.dev (Purego + libsecp256k1 v5.0.0)
## Results Summary
| Operation | BTCEC (ns/op) | P256K1 (ns/op) | **P8K (ns/op)** | P8K Speedup vs BTCEC | P8K Speedup vs P256K1 |
|---------------------|---------------|----------------|-----------------|----------------------|-----------------------|
| **Pubkey Derivation** | 32,226 | 28,098 | **19,329** | **1.67x faster** ✨ | 1.45x faster |
| **Schnorr Sign** | 225,536 | 28,855 | **19,982** | **11.3x faster** 🚀 | 1.44x faster |
| **Schnorr Verify** | 153,205 | 133,235 | **36,541** | **4.19x faster** ⚡ | 3.65x faster |
| **ECDH** | 125,679 | 97,435 | **41,087** | **3.06x faster** 💨 | 2.37x faster |
## Memory Allocations
| Operation | BTCEC | P256K1 | P8K |
|---------------------|---------------|-------------|-------------|
| Pubkey Derivation | 80 B / 1 alloc | 0 B / 0 alloc | 160 B / 4 allocs |
| Schnorr Sign | 1408 B / 26 allocs | 640 B / 12 allocs | 304 B / 5 allocs |
| Schnorr Verify | 240 B / 5 allocs | 96 B / 3 allocs | 216 B / 5 allocs |
| ECDH | 32 B / 1 alloc | 0 B / 0 alloc | 208 B / 6 allocs |
## Key Findings
### 🏆 P8K Wins All Categories
**P8K consistently outperforms both pure Go implementations:**
- **Schnorr Signing**: 11.3x faster than BTCEC, making it ideal for high-throughput signing operations
- **Schnorr Verification**: 4.2x faster than BTCEC, excellent for validation-heavy workloads
- **ECDH**: 3x faster than BTCEC, great for key exchange protocols
- **Pubkey Derivation**: 1.67x faster than BTCEC
### Memory Efficiency
- **P256K1** has the best memory efficiency with zero allocations for pubkey derivation and ECDH
- **P8K** has reasonable memory usage with more allocations due to the FFI boundary
- **BTCEC** has higher memory overhead, especially for Schnorr operations (1408 B/op)
### Trade-offs
**P8K (This Package)**
- ✅ Best performance across all operations
- ✅ Uses battle-tested C implementation
- ✅ Bundled library for Linux AMD64 (zero installation)
- ⚠️ Requires libsecp256k1 on other platforms
- ⚠️ Slightly more memory allocations (FFI overhead)
**P256K1**
- ✅ Pure Go (no dependencies)
- ✅ Zero allocations for some operations
- ✅ Good performance overall
- ⚠️ ~1.5x slower than P8K
**BTCEC**
- ✅ Pure Go (no dependencies)
- ✅ Well-tested in Bitcoin ecosystem
- ✅ Reasonable performance for most use cases
- ⚠️ Significantly slower for Schnorr operations
- ⚠️ Higher memory usage
## Recommendations
**Choose P8K if:**
- You need maximum performance
- You're on Linux AMD64 (bundled library)
- You can install libsecp256k1 on other platforms
- You're building high-throughput systems
**Choose P256K1 if:**
- You need pure Go (no external dependencies)
- Memory efficiency is critical
- Performance is good enough for your use case
**Choose BTCEC if:**
- You're already using btcsuite packages
- You need Bitcoin-specific features
- Performance is not critical
## Conclusion
**P8K delivers exceptional performance** by leveraging the highly optimized C implementation of libsecp256k1 through CGO-free dynamic loading. The 11x speedup for Schnorr signing makes it ideal for applications requiring high-throughput cryptographic operations.
The bundled library for Linux AMD64 provides **zero-installation convenience** while maintaining the performance benefits of the native C library.

75
pkg/crypto/p8k/bench/Makefile Normal file
View File

@@ -0,0 +1,75 @@
.PHONY: help bench bench-all bench-pubkey bench-sign bench-verify bench-ecdh clean install
# Default target
help:
@echo "Secp256k1 Implementation Benchmark Suite"
@echo ""
@echo "Available targets:"
@echo " bench - Run all comparative benchmarks (10s each)"
@echo " bench-all - Run all benchmarks with statistical analysis"
@echo " bench-pubkey - Benchmark public key derivation"
@echo " bench-sign - Benchmark Schnorr signing"
@echo " bench-verify - Benchmark Schnorr verification"
@echo " bench-ecdh - Benchmark ECDH key exchange"
@echo " bench-quick - Quick benchmark run (1s each)"
@echo " install - Install benchmark dependencies"
@echo " clean - Clean benchmark results"
@echo ""
@echo "Environment variables:"
@echo " BENCHTIME - Duration for each benchmark (default: 10s)"
@echo " COUNT - Number of iterations (default: 5)"
# Run all comparative benchmarks
bench:
go test -bench=BenchmarkAll -benchmem -benchtime=10s
# Quick benchmark (1 second each)
bench-quick:
go test -bench=BenchmarkComparative -benchmem -benchtime=1s
# Run all benchmarks with detailed output
bench-all:
./run_benchmarks.sh
# Individual operation benchmarks
bench-pubkey:
go test -bench=BenchmarkComparative_PubkeyDerivation -benchmem -benchtime=10s
bench-sign:
go test -bench=BenchmarkComparative_SchnorrSign -benchmem -benchtime=10s
bench-verify:
go test -bench=BenchmarkComparative_SchnorrVerify -benchmem -benchtime=10s
bench-ecdh:
go test -bench=BenchmarkComparative_ECDH -benchmem -benchtime=10s
# Run BTCEC-only benchmarks
bench-btcec:
go test -bench=BenchmarkBTCEC -benchmem -benchtime=5s
# Run P256K1-only benchmarks
bench-p256k1:
go test -bench=BenchmarkP256K1 -benchmem -benchtime=5s
# Run P8K-only benchmarks
bench-p8k:
go test -bench=BenchmarkP8K -benchmem -benchtime=5s
# Install dependencies
install:
go get -u ./...
go mod tidy
@echo "Installing benchstat for statistical analysis..."
@go install golang.org/x/perf/cmd/benchstat@latest || echo "Note: benchstat install failed, but benchmarks will still work"
# Clean results
clean:
rm -rf results/
go clean -testcache
# Show module info
info:
@echo "Benchmark module information:"
@go list -m all

171
pkg/crypto/p8k/bench/README.md Normal file
View File

@@ -0,0 +1,171 @@
# Benchmark Suite - secp256k1 Implementation Comparison
This benchmark suite compares three different secp256k1 implementations:
1. **BTCEC** - The btcsuite implementation (https://github.com/btcsuite/btcd/tree/master/btcec)
2. **P256K1** - Pure Go implementation (https://github.com/mleku/p256k1)
3. **P8K** - This package using purego for CGO-free C library bindings
## Operations Benchmarked
- **Public Key Derivation**: Generating a public key from a private key
- **Schnorr Sign**: Creating BIP-340 Schnorr signatures (X-only)
- **Schnorr Verify**: Verifying BIP-340 Schnorr signatures
- **ECDH**: Computing shared secrets using Elliptic Curve Diffie-Hellman
## Prerequisites
### Install Dependencies
```bash
# Install btcec
go get github.com/btcsuite/btcd/btcec/v2
go get github.com/decred/dcrd/dcrec/secp256k1/v4
# Install p256k1 (if not already available)
go get github.com/mleku/p256k1
# Install libsecp256k1 (for p8k benchmarks)
# Ubuntu/Debian:
sudo apt-get install libsecp256k1-dev
# macOS:
brew install libsecp256k1
# Or build from source:
cd ..
make install-secp256k1
```
## Running Benchmarks
### Run All Comparative Benchmarks
```bash
cd bench
go test -bench=BenchmarkAll -benchmem -benchtime=10s
```
### Run Individual Operation Benchmarks
```bash
# Public key derivation comparison
go test -bench=BenchmarkComparative_PubkeyDerivation -benchmem -benchtime=10s
# Schnorr signing comparison
go test -bench=BenchmarkComparative_SchnorrSign -benchmem -benchtime=10s
# Schnorr verification comparison
go test -bench=BenchmarkComparative_SchnorrVerify -benchmem -benchtime=10s
# ECDH comparison
go test -bench=BenchmarkComparative_ECDH -benchmem -benchtime=10s
```
### Run Single Implementation Benchmarks
```bash
# Only BTCEC
go test -bench=BenchmarkBTCEC -benchmem
# Only P256K1
go test -bench=BenchmarkP256K1 -benchmem
# Only P8K
go test -bench=BenchmarkP8K -benchmem
```
### Generate Pretty Output
```bash
# Run and save results
go test -bench=BenchmarkAll -benchmem -benchtime=10s | tee results.txt
# Or use benchstat for statistical analysis
go install golang.org/x/perf/cmd/benchstat@latest
# Run multiple times for better statistical analysis
go test -bench=BenchmarkAll -benchmem -benchtime=10s -count=10 | tee results.txt
benchstat results.txt
```
## Expected Results
The benchmarks will show:
- **Operations per second** for each implementation
- **Memory allocations** per operation
- **Bytes allocated** per operation
### Performance Characteristics
**BTCEC**:
- Pure Go implementation
- Well-optimized for Bitcoin use cases
- No external dependencies
**P256K1**:
- Pure Go implementation
- Direct port from libsecp256k1 C code
- May have different optimization tradeoffs
**P8K (this package)**:
- Uses libsecp256k1 C library via purego
- No CGO required
- Performance close to native C
- Requires libsecp256k1 installed
## Understanding Results
Example output:
```
BenchmarkAll/PubkeyDerivation/BTCEC-8 100000 10234 ns/op 128 B/op 2 allocs/op
BenchmarkAll/PubkeyDerivation/P256K1-8 80000 12456 ns/op 192 B/op 4 allocs/op
BenchmarkAll/PubkeyDerivation/P8K-8 120000 8765 ns/op 64 B/op 1 allocs/op
```
- **ns/op**: Nanoseconds per operation (lower is better)
- **B/op**: Bytes allocated per operation (lower is better)
- **allocs/op**: Number of allocations per operation (lower is better)
## Benchmark Parameters
All benchmarks use:
- 32-byte random private keys
- 32-byte SHA-256 message hashes
- 32-byte auxiliary randomness for signing
- Deterministic test data for reproducibility
## Notes
- P8K benchmarks will be skipped if libsecp256k1 is not installed
- Schnorr operations require the schnorrsig module in libsecp256k1
- If not available, P8K Schnorr benchmarks will be skipped
- Install with: `./configure --enable-module-schnorrsig` when building from source
- ECDH operations require the ecdh module in libsecp256k1
- If not available, P8K ECDH benchmarks will be skipped
- Install with: `./configure --enable-module-ecdh` when building from source
- Benchmark duration can be adjusted with `-benchtime` flag
- Use `-count` flag for multiple runs to get better statistical data
**Note:** Even if some P8K benchmarks are skipped, the comparison between BTCEC and P256K1 will still provide valuable performance data.
## Analyzing Trade-offs
When choosing an implementation, consider:
1. **Performance**: Which is fastest for your use case?
2. **Dependencies**: Do you want pure Go or C library?
3. **Build System**: CGO vs CGO-free vs pure Go?
4. **Cross-compilation**: Easier with pure Go or purego?
5. **Security**: All implementations are based on well-audited code
## Contributing
To add more benchmarks or implementations:
1. Add new benchmark functions following the naming pattern
2. Include them in the comparative benchmark groups
3. Update this README with new operations
4. Submit a PR!

433
pkg/crypto/p8k/bench/bench_test.go Normal file
View File

@@ -0,0 +1,433 @@
package bench
import (
"crypto/rand"
"crypto/sha256"
"testing"
"github.com/btcsuite/btcd/btcec/v2"
"github.com/btcsuite/btcd/btcec/v2/schnorr"
"github.com/decred/dcrd/dcrec/secp256k1/v4"
p256k1 "p256k1.mleku.dev"
secp "next.orly.dev/pkg/crypto/p8k"
p8k "next.orly.dev/pkg/interfaces/signer/p8k"
)
// Shared test data
var (
benchPrivKey [32]byte
benchMsg []byte
benchMsgHash [32]byte
)
func init() {
// Generate deterministic test data
rand.Read(benchPrivKey[:])
benchMsg = make([]byte, 32)
rand.Read(benchMsg)
benchMsgHash = sha256.Sum256(benchMsg)
}
// =============================================================================
// BTCEC Benchmarks
// =============================================================================
func BenchmarkBTCEC_PubkeyDerivation(b *testing.B) {
privKey, _ := btcec.PrivKeyFromBytes(benchPrivKey[:])
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = privKey.PubKey()
}
}
func BenchmarkBTCEC_SchnorrSign(b *testing.B) {
privKey, _ := btcec.PrivKeyFromBytes(benchPrivKey[:])
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := schnorr.Sign(privKey, benchMsgHash[:])
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkBTCEC_SchnorrVerify(b *testing.B) {
privKey, _ := btcec.PrivKeyFromBytes(benchPrivKey[:])
pubKey := privKey.PubKey()
sig, _ := schnorr.Sign(privKey, benchMsgHash[:])
b.ResetTimer()
for i := 0; i < b.N; i++ {
valid := sig.Verify(benchMsgHash[:], pubKey)
if !valid {
b.Fatal("signature verification failed")
}
}
}
func BenchmarkBTCEC_ECDH(b *testing.B) {
privKey1, _ := btcec.PrivKeyFromBytes(benchPrivKey[:])
var privKey2Bytes [32]byte
rand.Read(privKey2Bytes[:])
privKey2, _ := btcec.PrivKeyFromBytes(privKey2Bytes[:])
pubKey2 := privKey2.PubKey()
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = secp256k1.GenerateSharedSecret(privKey1, pubKey2)
}
}
// =============================================================================
// P256K1 (Pure Go) Benchmarks
// =============================================================================
func BenchmarkP256K1_PubkeyDerivation(b *testing.B) {
ctx := p256k1.ContextCreate(p256k1.ContextSign)
defer p256k1.ContextDestroy(ctx)
b.ResetTimer()
for i := 0; i < b.N; i++ {
var pubkey p256k1.PublicKey
err := p256k1.ECPubkeyCreate(&pubkey, benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkP256K1_SchnorrSign(b *testing.B) {
keypair, err := p256k1.KeyPairCreate(benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
auxRand := make([]byte, 32)
rand.Read(auxRand)
b.ResetTimer()
for i := 0; i < b.N; i++ {
var sig [64]byte
err := p256k1.SchnorrSign(sig[:], benchMsgHash[:], keypair, auxRand)
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkP256K1_SchnorrVerify(b *testing.B) {
keypair, err := p256k1.KeyPairCreate(benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
xonlyPubkey, err := keypair.XOnlyPubkey()
if err != nil {
b.Fatal(err)
}
auxRand := make([]byte, 32)
rand.Read(auxRand)
var sig [64]byte
err = p256k1.SchnorrSign(sig[:], benchMsgHash[:], keypair, auxRand)
if err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
if !p256k1.SchnorrVerify(sig[:], benchMsgHash[:], xonlyPubkey) {
b.Fatal("verification failed")
}
}
}
func BenchmarkP256K1_ECDH(b *testing.B) {
var privKey2Bytes [32]byte
rand.Read(privKey2Bytes[:])
var pubkey2 p256k1.PublicKey
err := p256k1.ECPubkeyCreate(&pubkey2, privKey2Bytes[:])
if err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
var output [32]byte
err := p256k1.ECDHXOnly(output[:], &pubkey2, benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
}
}
// =============================================================================
// P8K (Purego) Benchmarks
// =============================================================================
func BenchmarkP8K_PubkeyDerivation(b *testing.B) {
ctx, err := secp.NewContext(secp.ContextSign)
if err != nil {
b.Skip("libsecp256k1 not available:", err)
}
defer ctx.Destroy()
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := ctx.CreatePublicKey(benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkP8K_SchnorrSign(b *testing.B) {
ctx, err := secp.NewContext(secp.ContextSign)
if err != nil {
b.Skip("libsecp256k1 not available:", err)
}
defer ctx.Destroy()
keypair, err := ctx.CreateKeypair(benchPrivKey[:])
if err != nil {
b.Skip("schnorr module not available:", err)
}
auxRand := make([]byte, 32)
rand.Read(auxRand)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := ctx.SchnorrSign(benchMsgHash[:], keypair, auxRand)
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkP8K_SchnorrVerify(b *testing.B) {
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
if err != nil {
b.Skip("libsecp256k1 not available:", err)
}
defer ctx.Destroy()
keypair, err := ctx.CreateKeypair(benchPrivKey[:])
if err != nil {
b.Skip("schnorr module not available:", err)
}
xonly, _, err := ctx.KeypairXOnlyPub(keypair)
if err != nil {
b.Fatal(err)
}
auxRand := make([]byte, 32)
rand.Read(auxRand)
sig, err := ctx.SchnorrSign(benchMsgHash[:], keypair, auxRand)
if err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
valid, err := ctx.SchnorrVerify(sig, benchMsgHash[:], xonly[:])
if err != nil {
b.Fatal(err)
}
if !valid {
b.Fatal("verification failed")
}
}
}
func BenchmarkP8K_ECDH(b *testing.B) {
ctx, err := secp.NewContext(secp.ContextSign)
if err != nil {
b.Skip("libsecp256k1 not available:", err)
}
defer ctx.Destroy()
var privKey2Bytes [32]byte
rand.Read(privKey2Bytes[:])
pubkey2, err := ctx.CreatePublicKey(privKey2Bytes[:])
if err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := ctx.ECDH(pubkey2, benchPrivKey[:])
if err != nil {
b.Fatal(err)
}
}
}
// =============================================================================
// P8K Signer Interface Benchmarks (with automatic fallback)
// =============================================================================
func BenchmarkSigner_Generate(b *testing.B) {
b.ResetTimer()
for i := 0; i < b.N; i++ {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
if err := sig.Generate(); err != nil {
b.Fatal(err)
}
sig.Zero()
}
}
func BenchmarkSigner_SchnorrSign(b *testing.B) {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
defer sig.Zero()
if err := sig.InitSec(benchPrivKey[:]); err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := sig.Sign(benchMsgHash[:])
if err != nil {
b.Fatal(err)
}
}
}
func BenchmarkSigner_SchnorrVerify(b *testing.B) {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
defer sig.Zero()
if err := sig.InitSec(benchPrivKey[:]); err != nil {
b.Fatal(err)
}
signature, err := sig.Sign(benchMsgHash[:])
if err != nil {
b.Fatal(err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
valid, err := sig.Verify(benchMsgHash[:], signature)
if err != nil {
b.Fatal(err)
}
if !valid {
b.Fatal("verification failed")
}
}
}
func BenchmarkSigner_ECDH(b *testing.B) {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
defer sig.Zero()
if err := sig.InitSec(benchPrivKey[:]); err != nil {
b.Fatal(err)
}
var privKey2Bytes [32]byte
rand.Read(privKey2Bytes[:])
sig2, err := p8k.New()
if err != nil {
b.Fatal(err)
}
defer sig2.Zero()
if err := sig2.InitSec(privKey2Bytes[:]); err != nil {
b.Fatal(err)
}
pubkey2 := sig2.Pub()
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := sig.ECDH(pubkey2)
if err != nil {
b.Fatal(err)
}
}
}
// =============================================================================
// Comparative Benchmarks (All Implementations)
// =============================================================================
func BenchmarkComparative_SchnorrSign(b *testing.B) {
b.Run("BTCEC", BenchmarkBTCEC_SchnorrSign)
b.Run("P256K1", BenchmarkP256K1_SchnorrSign)
b.Run("P8K", BenchmarkP8K_SchnorrSign)
b.Run("Signer", BenchmarkSigner_SchnorrSign)
}
func BenchmarkComparative_SchnorrVerify(b *testing.B) {
b.Run("BTCEC", BenchmarkBTCEC_SchnorrVerify)
b.Run("P256K1", BenchmarkP256K1_SchnorrVerify)
b.Run("P8K", BenchmarkP8K_SchnorrVerify)
b.Run("Signer", BenchmarkSigner_SchnorrVerify)
}
func BenchmarkComparative_ECDH(b *testing.B) {
b.Run("BTCEC", BenchmarkBTCEC_ECDH)
b.Run("P256K1", BenchmarkP256K1_ECDH)
b.Run("P8K", BenchmarkP8K_ECDH)
b.Run("Signer", BenchmarkSigner_ECDH)
}
// Run all comparative benchmarks
func BenchmarkAll(b *testing.B) {
b.Run("SchnorrSign", BenchmarkComparative_SchnorrSign)
b.Run("SchnorrVerify", BenchmarkComparative_SchnorrVerify)
b.Run("ECDH", BenchmarkComparative_ECDH)
}
// Benchmark to show signer initialization overhead
func BenchmarkSigner_Initialization(b *testing.B) {
b.ResetTimer()
for i := 0; i < b.N; i++ {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
sig.Zero()
}
}
// Benchmark to show status check overhead
func BenchmarkSigner_GetModuleStatus(b *testing.B) {
sig, err := p8k.New()
if err != nil {
b.Fatal(err)
}
defer sig.Zero()
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = sig.GetModuleStatus()
}
}

25
pkg/crypto/p8k/bench/go.mod Normal file
View File

@@ -0,0 +1,25 @@
module bench
go 1.25.3
require (
github.com/btcsuite/btcd/btcec/v2 v2.3.6
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0
p256k1.mleku.dev v1.0.2
p8k.mleku.dev v0.0.0
p8k.mleku.dev/p8k v0.0.0-00010101000000-000000000000
)
require (
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
github.com/ebitengine/purego v0.9.1 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
golang.org/x/sys v0.37.0 // indirect
)
replace (
p8k.mleku.dev => ../
p8k.mleku.dev/p8k => ../p8k
)

20
pkg/crypto/p8k/bench/go.sum Normal file
View File

@@ -0,0 +1,20 @@
github.com/btcsuite/btcd/btcec/v2 v2.3.6 h1:IzlsEr9olcSRKB/n7c4351F3xHKxS2lma+1UFGCYd4E=
github.com/btcsuite/btcd/btcec/v2 v2.3.6/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
p256k1.mleku.dev v1.0.2 h1:3zrDDoMp7HkV1+9nnRB5zlqF32YU3qlzpc3XaFVEvvM=
p256k1.mleku.dev v1.0.2/go.mod h1:gY2ybEebhiSgSDlJ8ERgAe833dn2EDqs7aBsvwpgu0s=

18
pkg/crypto/p8k/bench/results/all_operations_20251104_152918.txt Normal file
View File

@@ -0,0 +1,18 @@
goos: linux
goarch: amd64
pkg: bench
cpu: AMD Ryzen 5 PRO 4650G with Radeon Graphics
BenchmarkAll/PubkeyDerivation/BTCEC-12 112114 31641 ns/op 80 B/op 1 allocs/op
BenchmarkAll/PubkeyDerivation/P256K1-12 131702 27109 ns/op 0 B/op 0 allocs/op
BenchmarkAll/PubkeyDerivation/P8K-12 190863 18765 ns/op 160 B/op 4 allocs/op
BenchmarkAll/SchnorrSign/BTCEC-12 16399 222356 ns/op 1408 B/op 26 allocs/op
BenchmarkAll/SchnorrSign/P256K1-12 122877 57707 ns/op 640 B/op 12 allocs/op
BenchmarkAll/SchnorrSign/P8K-12 177836 20749 ns/op 304 B/op 5 allocs/op
BenchmarkAll/SchnorrVerify/BTCEC-12 22718 166321 ns/op 240 B/op 5 allocs/op
BenchmarkAll/SchnorrVerify/P256K1-12 26758 141467 ns/op 96 B/op 3 allocs/op
BenchmarkAll/SchnorrVerify/P8K-12 93147 39161 ns/op 216 B/op 5 allocs/op
BenchmarkAll/ECDH/BTCEC-12 29528 117805 ns/op 32 B/op 1 allocs/op
BenchmarkAll/ECDH/P256K1-12 36361 98137 ns/op 0 B/op 0 allocs/op
BenchmarkAll/ECDH/P8K-12 86640 43313 ns/op 208 B/op 6 allocs/op
PASS
ok bench 56.997s

9
pkg/crypto/p8k/bench/results/pubkey_derivation_20251104_152918.txt Normal file
View File

@@ -0,0 +1,9 @@
goos: linux
goarch: amd64
pkg: bench
cpu: AMD Ryzen 5 PRO 4650G with Radeon Graphics
BenchmarkComparative_PubkeyDerivation/BTCEC-12 112177 32245 ns/op 80 B/op 1 allocs/op
BenchmarkComparative_PubkeyDerivation/P256K1-12 132627 28056 ns/op 0 B/op 0 allocs/op
BenchmarkComparative_PubkeyDerivation/P8K-12 188404 18707 ns/op 160 B/op 4 allocs/op
PASS
ok bench 12.016s

6
pkg/crypto/p8k/bench/results/schnorr_sign_20251104_152918.txt Normal file
View File

@@ -0,0 +1,6 @@
goos: linux
goarch: amd64
pkg: bench
cpu: AMD Ryzen 5 PRO 4650G with Radeon Graphics
BenchmarkComparative_SchnorrSign/BTCEC-12 16302 220387 ns/op 1408 B/op 26 allocs/op
BenchmarkComparative_SchnorrSign/P256K1-12

183
pkg/crypto/p8k/bench/run_benchmarks.sh Executable file
View File

@@ -0,0 +1,183 @@
#!/bin/bash
# Benchmark runner script for secp256k1 implementation comparison
# Runs benchmarks multiple times and generates statistical analysis
set -e
echo "=========================================="
echo "secp256k1 Implementation Benchmark Suite"
echo "=========================================="
echo ""
# Check for dependencies
echo "Checking dependencies..."
if ! command -v go &> /dev/null; then
echo "Error: Go is not installed"
exit 1
fi
if ! command -v benchstat &> /dev/null; then
echo "Installing benchstat for statistical analysis..."
go install golang.org/x/perf/cmd/benchstat@latest
fi
# Check if libsecp256k1 is available
if ! ldconfig -p | grep -q libsecp256k1; then
echo "Warning: libsecp256k1 not found. P8K benchmarks may be skipped."
echo "Install with: sudo apt-get install libsecp256k1-dev (Ubuntu/Debian)"
echo "or: brew install libsecp256k1 (macOS)"
echo ""
fi
# Configuration
BENCHTIME=${BENCHTIME:-3s}
COUNT=${COUNT:-1}
OUTPUT_DIR="results"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
echo "Benchmark configuration:"
echo " Duration: $BENCHTIME per benchmark"
echo " Iterations: $COUNT runs"
echo " Output directory: $OUTPUT_DIR"
echo ""
# Create output directory
mkdir -p "$OUTPUT_DIR"
# Function to run benchmarks
run_benchmark() {
local name=$1
local bench_pattern=$2
local output_file="$OUTPUT_DIR/${name}_${TIMESTAMP}.txt"
echo "Running: $name"
echo " Output: $output_file"
go test -bench="$bench_pattern" \
-benchmem \
-benchtime="$BENCHTIME" \
-count="$COUNT" \
2>&1 | tee "$output_file"
echo "✓ Completed: $name"
echo ""
}
# Run all benchmarks
echo "=========================================="
echo "Running Benchmarks"
echo "=========================================="
echo ""
run_benchmark "all_operations" "BenchmarkAll"
run_benchmark "pubkey_derivation" "BenchmarkComparative_PubkeyDerivation"
run_benchmark "schnorr_sign" "BenchmarkComparative_SchnorrSign"
run_benchmark "schnorr_verify" "BenchmarkComparative_SchnorrVerify"
run_benchmark "ecdh" "BenchmarkComparative_ECDH"
# Run individual implementation benchmarks
run_benchmark "btcec_only" "BenchmarkBTCEC"
run_benchmark "p256k1_only" "BenchmarkP256K1"
run_benchmark "p8k_only" "BenchmarkP8K"
# Generate statistical analysis
echo "=========================================="
echo "Generating Statistical Analysis"
echo "=========================================="
echo ""
for file in "$OUTPUT_DIR"/*_${TIMESTAMP}.txt; do
if [ -f "$file" ]; then
basename=$(basename "$file" .txt)
echo "Analysis: $basename"
benchstat "$file" | tee "$OUTPUT_DIR/${basename}_stats.txt"
echo ""
fi
done
# Generate comparison report
COMPARISON_FILE="$OUTPUT_DIR/comparison_${TIMESTAMP}.txt"
echo "=========================================="
echo "Implementation Comparison Summary"
echo "=========================================="
echo ""
echo "Comparison between implementations" > "$COMPARISON_FILE"
echo "Generated: $(date)" >> "$COMPARISON_FILE"
echo "" >> "$COMPARISON_FILE"
# Compare each operation
for op in pubkey_derivation schnorr_sign schnorr_verify ecdh; do
file="$OUTPUT_DIR/${op}_${TIMESTAMP}.txt"
if [ -f "$file" ]; then
echo "=== $op ===" >> "$COMPARISON_FILE"
benchstat "$file" >> "$COMPARISON_FILE"
echo "" >> "$COMPARISON_FILE"
fi
done
cat "$COMPARISON_FILE"
echo "=========================================="
echo "Benchmark Results Summary"
echo "=========================================="
echo ""
echo "Results saved to: $OUTPUT_DIR"
echo ""
echo "Files generated:"
ls -lh "$OUTPUT_DIR"/*_${TIMESTAMP}* | awk '{print " " $9 " (" $5 ")"}'
echo ""
# Generate markdown report
MARKDOWN_FILE="$OUTPUT_DIR/REPORT_${TIMESTAMP}.md"
echo "Generating markdown report: $MARKDOWN_FILE"
cat > "$MARKDOWN_FILE" << 'EOF'
# secp256k1 Implementation Benchmark Results
## Test Environment
EOF
echo "- **Date**: $(date)" >> "$MARKDOWN_FILE"
echo "- **Go Version**: $(go version)" >> "$MARKDOWN_FILE"
echo "- **OS**: $(uname -s) $(uname -r)" >> "$MARKDOWN_FILE"
echo "- **CPU**: $(grep -m1 "model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2 | xargs || echo "Unknown")" >> "$MARKDOWN_FILE"
echo "- **Benchmark Time**: $BENCHTIME per test" >> "$MARKDOWN_FILE"
echo "- **Iterations**: $COUNT runs" >> "$MARKDOWN_FILE"
echo "" >> "$MARKDOWN_FILE"
cat >> "$MARKDOWN_FILE" << 'EOF'
## Implementations Tested
1. **BTCEC** - btcsuite/btcd implementation (pure Go)
2. **P256K1** - mleku/p256k1 implementation (pure Go)
3. **P8K** - p8k.mleku.dev implementation (purego, C bindings)
## Results
EOF
# Add results from comparison file
cat "$COMPARISON_FILE" >> "$MARKDOWN_FILE"
echo "" >> "$MARKDOWN_FILE"
echo "## Raw Data" >> "$MARKDOWN_FILE"
echo "" >> "$MARKDOWN_FILE"
echo "Full benchmark results are available in:" >> "$MARKDOWN_FILE"
echo "" >> "$MARKDOWN_FILE"
for file in "$OUTPUT_DIR"/*_${TIMESTAMP}.txt; do
if [ -f "$file" ]; then
echo "- $(basename "$file")" >> "$MARKDOWN_FILE"
fi
done
echo ""
echo "✓ Markdown report generated: $MARKDOWN_FILE"
echo ""
echo "=========================================="
echo "Benchmark suite completed!"
echo "=========================================="

32
pkg/crypto/p8k/ecdh.go Normal file
View File

@@ -0,0 +1,32 @@
package secp
import (
"fmt"
)
// ECDH computes an EC Diffie-Hellman shared secret
func (c *Context) ECDH(pubkey []byte, seckey []byte) (output []byte, err error) {
if ecdh == nil {
err = fmt.Errorf("ecdh module not available")
return
}
if len(pubkey) != PublicKeySize {
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
return
}
if len(seckey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
output = make([]byte, SharedSecretSize)
ret := ecdh(c.ctx, &output[0], &pubkey[0], &seckey[0], 0, 0)
if ret != 1 {
err = fmt.Errorf("failed to compute ECDH")
return
}
return
}

54
pkg/crypto/p8k/examples/ecdh/main.go Normal file
View File

@@ -0,0 +1,54 @@
package main
import (
"bytes"
"crypto/rand"
"fmt"
"log"
secp "next.orly.dev/pkg/crypto/p8k"
)
func main() {
ctx, err := secp.NewContext(secp.ContextSign)
if err != nil {
log.Fatal(err)
}
defer ctx.Destroy()
// Alice's keys
alicePriv := make([]byte, 32)
if _, err := rand.Read(alicePriv); err != nil {
log.Fatal(err)
}
alicePub, err := ctx.CreatePublicKey(alicePriv)
if err != nil {
log.Fatal(err)
}
// Bob's keys
bobPriv := make([]byte, 32)
if _, err := rand.Read(bobPriv); err != nil {
log.Fatal(err)
}
bobPub, err := ctx.CreatePublicKey(bobPriv)
if err != nil {
log.Fatal(err)
}
// Alice computes shared secret with Bob's public key
aliceShared, err := ctx.ECDH(bobPub, alicePriv)
if err != nil {
log.Fatal(err)
}
// Bob computes shared secret with Alice's public key
bobShared, err := ctx.ECDH(alicePub, bobPriv)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Alice's shared secret: %x\n", aliceShared)
fmt.Printf("Bob's shared secret: %x\n", bobShared)
fmt.Printf("Secrets match: %v\n", bytes.Equal(aliceShared, bobShared))
}

86
pkg/crypto/p8k/examples/ecdsa/main.go Normal file
View File

@@ -0,0 +1,86 @@
package main
import (
"crypto/rand"
"crypto/sha256"
"fmt"
"log"
secp "next.orly.dev/pkg/crypto/p8k"
)
func main() {
// Create a context for signing and verification
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
if err != nil {
log.Fatal(err)
}
defer ctx.Destroy()
// Generate a private key (32 random bytes)
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
log.Fatal(err)
}
// Create public key from private key
pubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
log.Fatal(err)
}
// Serialize public key (compressed)
pubKeyBytes, err := ctx.SerializePublicKey(pubKey, true)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Public key: %x\n", pubKeyBytes)
// Sign a message
message := []byte("Hello, libsecp256k1!")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Signature: %x\n", sig)
// Verify the signature
valid, err := ctx.Verify(msgHash[:], sig, pubKey)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Signature valid: %v\n", valid)
// Test with serialized/parsed public key
parsedPubKey, err := ctx.ParsePublicKey(pubKeyBytes)
if err != nil {
log.Fatal(err)
}
valid2, err := ctx.Verify(msgHash[:], sig, parsedPubKey)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Signature valid (parsed key): %v\n", valid2)
// Test DER encoding
derSig, err := ctx.SerializeSignatureDER(sig)
if err != nil {
log.Fatal(err)
}
fmt.Printf("DER signature: %x\n", derSig)
// Parse DER signature
parsedSig, err := ctx.ParseSignatureDER(derSig)
if err != nil {
log.Fatal(err)
}
valid3, err := ctx.Verify(msgHash[:], parsedSig, pubKey)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Signature valid (DER): %v\n", valid3)
}

72
pkg/crypto/p8k/examples/recovery/main.go Normal file
View File

@@ -0,0 +1,72 @@
package main
import (
"bytes"
"crypto/rand"
"crypto/sha256"
"fmt"
"log"
secp "next.orly.dev/pkg/crypto/p8k"
)
func main() {
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
if err != nil {
log.Fatal(err)
}
defer ctx.Destroy()
// Generate keys
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
log.Fatal(err)
}
originalPubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
log.Fatal(err)
}
// Sign with recovery
message := []byte("Recover me!")
msgHash := sha256.Sum256(message)
recSig, err := ctx.SignRecoverable(msgHash[:], privKey)
if err != nil {
log.Fatal(err)
}
// Serialize to get recovery ID
sigBytes, recID, err := ctx.SerializeRecoverableSignatureCompact(recSig)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Signature: %x\n", sigBytes)
fmt.Printf("Recovery ID: %d\n", recID)
// Parse back
parsedSig, err := ctx.ParseRecoverableSignatureCompact(sigBytes, recID)
if err != nil {
log.Fatal(err)
}
// Recover public key
recoveredPubKey, err := ctx.Recover(parsedSig, msgHash[:])
if err != nil {
log.Fatal(err)
}
// Serialize both for comparison
origSer, err := ctx.SerializePublicKey(originalPubKey, true)
if err != nil {
log.Fatal(err)
}
recSer, err := ctx.SerializePublicKey(recoveredPubKey, true)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Original public key: %x\n", origSer)
fmt.Printf("Recovered public key: %x\n", recSer)
fmt.Printf("Keys match: %v\n", bytes.Equal(origSer, recSer))
}

69
pkg/crypto/p8k/examples/schnorr/main.go Normal file
View File

@@ -0,0 +1,69 @@
package main
import (
"crypto/rand"
"crypto/sha256"
"fmt"
"log"
secp "next.orly.dev/pkg/crypto/p8k"
)
func main() {
ctx, err := secp.NewContext(secp.ContextSign | secp.ContextVerify)
if err != nil {
log.Fatal(err)
}
defer ctx.Destroy()
// Generate private key
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
log.Fatal(err)
}
// Create keypair for Schnorr
keypair, err := ctx.CreateKeypair(privKey)
if err != nil {
log.Fatal(err)
}
// Extract x-only public key
xonly, pkParity, err := ctx.KeypairXOnlyPub(keypair)
if err != nil {
log.Fatal(err)
}
fmt.Printf("X-only public key: %x\n", xonly)
fmt.Printf("Public key parity: %d\n", pkParity)
// Sign with Schnorr
message := []byte("Hello, Schnorr!")
msgHash := sha256.Sum256(message)
auxRand := make([]byte, 32)
if _, err := rand.Read(auxRand); err != nil {
log.Fatal(err)
}
sig, err := ctx.SchnorrSign(msgHash[:], keypair, auxRand)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Schnorr signature: %x\n", sig)
// Verify Schnorr signature
valid, err := ctx.SchnorrVerify(sig, msgHash[:], xonly[:])
if err != nil {
log.Fatal(err)
}
fmt.Printf("Schnorr signature valid: %v\n", valid)
// Test with wrong message
wrongMsg := []byte("Wrong message!")
wrongHash := sha256.Sum256(wrongMsg)
valid2, err := ctx.SchnorrVerify(sig, wrongHash[:], xonly[:])
if err != nil {
log.Fatal(err)
}
fmt.Printf("Schnorr signature valid (wrong msg): %v\n", valid2)
}

BIN
pkg/crypto/p8k/libsecp256k1.so Executable file
View File

Binary file not shown.

108
pkg/crypto/p8k/recovery.go Normal file
View File

@@ -0,0 +1,108 @@
package secp
import (
"fmt"
)
// SignRecoverable creates a recoverable ECDSA signature
func (c *Context) SignRecoverable(msg32 []byte, seckey []byte) (sig []byte, err error) {
if ecdsaSignRecoverable == nil {
err = fmt.Errorf("recovery module not available")
return
}
if len(msg32) != 32 {
err = fmt.Errorf("message must be 32 bytes")
return
}
if len(seckey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
sig = make([]byte, RecoverableSignatureSize)
ret := ecdsaSignRecoverable(c.ctx, &sig[0], &msg32[0], &seckey[0], 0, 0)
if ret != 1 {
err = fmt.Errorf("failed to create recoverable signature")
return
}
return
}
// SerializeRecoverableSignatureCompact serializes a recoverable signature
func (c *Context) SerializeRecoverableSignatureCompact(sig []byte) (output64 []byte, recid int32, err error) {
if ecdsaRecoverableSignatureSerializeCompact == nil {
err = fmt.Errorf("recovery module not available")
return
}
if len(sig) != RecoverableSignatureSize {
err = fmt.Errorf("recoverable signature must be %d bytes", RecoverableSignatureSize)
return
}
output64 = make([]byte, 64)
ret := ecdsaRecoverableSignatureSerializeCompact(c.ctx, &output64[0], &recid, &sig[0])
if ret != 1 {
err = fmt.Errorf("failed to serialize recoverable signature")
return
}
return
}
// ParseRecoverableSignatureCompact parses a compact recoverable signature
func (c *Context) ParseRecoverableSignatureCompact(input64 []byte, recid int32) (sig []byte, err error) {
if ecdsaRecoverableSignatureParseCompact == nil {
err = fmt.Errorf("recovery module not available")
return
}
if len(input64) != 64 {
err = fmt.Errorf("compact signature must be 64 bytes")
return
}
if recid < 0 || recid > 3 {
err = fmt.Errorf("recovery id must be 0-3")
return
}
sig = make([]byte, RecoverableSignatureSize)
ret := ecdsaRecoverableSignatureParseCompact(c.ctx, &sig[0], &input64[0], recid)
if ret != 1 {
err = fmt.Errorf("failed to parse recoverable signature")
return
}
return
}
// Recover recovers a public key from a recoverable signature
func (c *Context) Recover(sig []byte, msg32 []byte) (pubkey []byte, err error) {
if ecdsaRecover == nil {
err = fmt.Errorf("recovery module not available")
return
}
if len(sig) != RecoverableSignatureSize {
err = fmt.Errorf("recoverable signature must be %d bytes", RecoverableSignatureSize)
return
}
if len(msg32) != 32 {
err = fmt.Errorf("message must be 32 bytes")
return
}
pubkey = make([]byte, PublicKeySize)
ret := ecdsaRecover(c.ctx, &pubkey[0], &sig[0], &msg32[0])
if ret != 1 {
err = fmt.Errorf("failed to recover public key")
return
}
return
}

180
pkg/crypto/p8k/schnorr.go Normal file
View File

@@ -0,0 +1,180 @@
package secp
import (
"fmt"
)
// Keypair represents a secp256k1 keypair for Schnorr signatures
type Keypair [96]byte
// XOnlyPublicKey represents a 64-byte x-only public key (internal format)
type XOnlyPublicKey [64]byte
// CreateKeypair creates a keypair from a 32-byte secret key
func (c *Context) CreateKeypair(seckey []byte) (keypair Keypair, err error) {
if keypairCreate == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(seckey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
ret := keypairCreate(c.ctx, &keypair[0], &seckey[0])
if ret != 1 {
err = fmt.Errorf("failed to create keypair")
return
}
return
}
// KeypairXOnlyPub extracts the x-only public key from a keypair
func (c *Context) KeypairXOnlyPub(keypair Keypair) (xonly XOnlyPublicKey, pkParity int32, err error) {
if keypairXonlyPub == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
ret := keypairXonlyPub(c.ctx, &xonly[0], &pkParity, &keypair[0])
if ret != 1 {
err = fmt.Errorf("failed to extract xonly pubkey")
return
}
return
}
// SchnorrSign creates a Schnorr signature (BIP-340)
func (c *Context) SchnorrSign(msg32 []byte, keypair Keypair, auxRand32 []byte) (sig []byte, err error) {
if schnorrsigSign32 == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(msg32) != 32 {
err = fmt.Errorf("message must be 32 bytes")
return
}
var auxPtr *byte
if len(auxRand32) > 0 {
if len(auxRand32) != 32 {
err = fmt.Errorf("aux_rand must be 32 bytes")
return
}
auxPtr = &auxRand32[0]
}
sig = make([]byte, SchnorrSignatureSize)
ret := schnorrsigSign32(c.ctx, &sig[0], &msg32[0], &keypair[0], auxPtr)
if ret != 1 {
err = fmt.Errorf("failed to create Schnorr signature")
return
}
return
}
// SchnorrVerify verifies a Schnorr signature (BIP-340)
func (c *Context) SchnorrVerify(sig64 []byte, msg []byte, xonlyPubkey []byte) (valid bool, err error) {
if schnorrsigVerify == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(sig64) != SchnorrSignatureSize {
err = fmt.Errorf("signature must be %d bytes", SchnorrSignatureSize)
return
}
// xonlyPubkey can be either 32 bytes (serialized) or 64 bytes (internal)
var xonly [64]byte
if len(xonlyPubkey) == 32 {
// Parse the 32-byte serialized format
ret := xonlyPubkeyParse(c.ctx, &xonly[0], &xonlyPubkey[0])
if ret != 1 {
err = fmt.Errorf("failed to parse xonly pubkey")
return
}
} else if len(xonlyPubkey) == 64 {
// Already in internal format
copy(xonly[:], xonlyPubkey)
} else {
err = fmt.Errorf("xonly public key must be 32 or 64 bytes")
return
}
ret := schnorrsigVerify(c.ctx, &sig64[0], &msg[0], uint64(len(msg)), &xonly[0])
valid = ret == 1
return
}
// ParseXOnlyPublicKey parses a 32-byte x-only public key
func (c *Context) ParseXOnlyPublicKey(input32 []byte) (xonly []byte, err error) {
if xonlyPubkeyParse == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(input32) != 32 {
err = fmt.Errorf("xonly public key must be 32 bytes")
return
}
xonly = make([]byte, 64) // Internal representation is 64 bytes
ret := xonlyPubkeyParse(c.ctx, &xonly[0], &input32[0])
if ret != 1 {
err = fmt.Errorf("failed to parse xonly public key")
return
}
return
}
// SerializeXOnlyPublicKey serializes an x-only public key to 32 bytes
func (c *Context) SerializeXOnlyPublicKey(xonly []byte) (output32 []byte, err error) {
if xonlyPubkeySerialize == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(xonly) != 64 {
err = fmt.Errorf("xonly public key must be 64 bytes (internal format)")
return
}
output32 = make([]byte, 32)
ret := xonlyPubkeySerialize(c.ctx, &output32[0], &xonly[0])
if ret != 1 {
err = fmt.Errorf("failed to serialize xonly public key")
return
}
return
}
// XOnlyPublicKeyFromPublicKey converts a regular public key to an x-only public key
func (c *Context) XOnlyPublicKeyFromPublicKey(pubkey []byte) (xonly []byte, pkParity int32, err error) {
if xonlyPubkeyFromPubkey == nil {
err = fmt.Errorf("schnorrsig module not available")
return
}
if len(pubkey) != PublicKeySize {
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
return
}
xonly = make([]byte, 64) // Internal representation
ret := xonlyPubkeyFromPubkey(c.ctx, &xonly[0], &pkParity, &pubkey[0])
if ret != 1 {
err = fmt.Errorf("failed to convert to xonly public key")
return
}
return
}

14
pkg/crypto/p8k/scripts/ubuntu_install_libsecp256k1.sh Executable file
View File

@@ -0,0 +1,14 @@
#!/usr/bin/env bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
sudo apt -y install build-essential autoconf libtool
cd $SCRIPT_DIR
rm -rf secp256k1
git clone https://github.com/bitcoin-core/secp256k1.git
cd secp256k1
git checkout v0.6.0
git submodule init
git submodule update
./autogen.sh
./configure --enable-module-schnorrsig --enable-module-ecdh --prefix=/usr
make -j1
sudo make install

451
pkg/crypto/p8k/secp.go Normal file
View File

@@ -0,0 +1,451 @@
// Package secp provides Go bindings to libsecp256k1 without CGO.
// It uses dynamic library loading via purego to call C functions directly.
package secp
import (
"fmt"
"runtime"
"sync"
"unsafe"
"github.com/ebitengine/purego"
)
// Constants for context flags
const (
ContextNone = 1
ContextVerify = 257 // 1 | (1 << 8)
ContextSign = 513 // 1 | (1 << 9)
ContextDeclassify = 1025 // 1 | (1 << 10)
)
// EC flags
const (
ECCompressed = 258 // SECP256K1_EC_COMPRESSED
ECUncompressed = 2 // SECP256K1_EC_UNCOMPRESSED
)
// Size constants
const (
PublicKeySize = 64
CompressedPublicKeySize = 33
UncompressedPublicKeySize = 65
SignatureSize = 64
CompactSignatureSize = 64
PrivateKeySize = 32
SharedSecretSize = 32
SchnorrSignatureSize = 64
RecoverableSignatureSize = 65
)
var (
libHandle uintptr
loadLibOnce sync.Once
loadLibErr error
)
// Function pointers
var (
contextCreate func(flags uint32) uintptr
contextDestroy func(ctx uintptr)
contextRandomize func(ctx uintptr, seed32 *byte) int32
ecPubkeyCreate func(ctx uintptr, pubkey *byte, seckey *byte) int32
ecPubkeySerialize func(ctx uintptr, output *byte, outputlen *uint64, pubkey *byte, flags uint32) int32
ecPubkeyParse func(ctx uintptr, pubkey *byte, input *byte, inputlen uint64) int32
ecdsaSign func(ctx uintptr, sig *byte, msg32 *byte, seckey *byte, noncefp uintptr, ndata uintptr) int32
ecdsaVerify func(ctx uintptr, sig *byte, msg32 *byte, pubkey *byte) int32
ecdsaSignatureSerializeDer func(ctx uintptr, output *byte, outputlen *uint64, sig *byte) int32
ecdsaSignatureParseDer func(ctx uintptr, sig *byte, input *byte, inputlen uint64) int32
ecdsaSignatureSerializeCompact func(ctx uintptr, output64 *byte, sig *byte) int32
ecdsaSignatureParseCompact func(ctx uintptr, sig *byte, input64 *byte) int32
ecdsaSignatureNormalize func(ctx uintptr, sigout *byte, sigin *byte) int32
// Schnorr functions
schnorrsigSign32 func(ctx uintptr, sig64 *byte, msg32 *byte, keypair *byte, auxrand32 *byte) int32
schnorrsigVerify func(ctx uintptr, sig64 *byte, msg32 *byte, msglen uint64, pubkey *byte) int32
keypairCreate func(ctx uintptr, keypair *byte, seckey *byte) int32
xonlyPubkeyParse func(ctx uintptr, pubkey *byte, input32 *byte) int32
xonlyPubkeySerialize func(ctx uintptr, output32 *byte, pubkey *byte) int32
keypairXonlyPub func(ctx uintptr, pubkey *byte, pkParity *int32, keypair *byte) int32
// ECDH functions
ecdh func(ctx uintptr, output *byte, pubkey *byte, seckey *byte, hashfp uintptr, data uintptr) int32
// Recovery functions
ecdsaRecoverableSignatureSerializeCompact func(ctx uintptr, output64 *byte, recid *int32, sig *byte) int32
ecdsaRecoverableSignatureParseCompact func(ctx uintptr, sig *byte, input64 *byte, recid int32) int32
ecdsaSignRecoverable func(ctx uintptr, sig *byte, msg32 *byte, seckey *byte, noncefp uintptr, ndata uintptr) int32
ecdsaRecover func(ctx uintptr, pubkey *byte, sig *byte, msg32 *byte) int32
// Extrakeys
xonlyPubkeyFromPubkey func(ctx uintptr, xonlyPubkey *byte, pkParity *int32, pubkey *byte) int32
)
// LoadLibrary loads the libsecp256k1 shared library
func LoadLibrary() (err error) {
loadLibOnce.Do(func() {
var libPath string
// Try to find the library
switch runtime.GOOS {
case "linux":
// Try common library paths
// For linux/amd64, try the bundled library first
paths := []string{
"./libsecp256k1.so", // Bundled in repo for linux amd64
"libsecp256k1.so.5",
"libsecp256k1.so.2",
"libsecp256k1.so.1",
"libsecp256k1.so.0",
"libsecp256k1.so",
"/usr/lib/libsecp256k1.so",
"/usr/local/lib/libsecp256k1.so",
"/usr/lib/x86_64-linux-gnu/libsecp256k1.so",
}
for _, p := range paths {
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
if err == nil {
libPath = p
break
}
}
case "darwin":
paths := []string{
"libsecp256k1.2.dylib",
"libsecp256k1.1.dylib",
"libsecp256k1.0.dylib",
"libsecp256k1.dylib",
"/usr/local/lib/libsecp256k1.dylib",
"/opt/homebrew/lib/libsecp256k1.dylib",
}
for _, p := range paths {
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
if err == nil {
libPath = p
break
}
}
case "windows":
paths := []string{
"libsecp256k1-2.dll",
"libsecp256k1-1.dll",
"libsecp256k1-0.dll",
"libsecp256k1.dll",
"secp256k1.dll",
}
for _, p := range paths {
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
if err == nil {
libPath = p
break
}
}
default:
err = fmt.Errorf("unsupported platform: %s", runtime.GOOS)
loadLibErr = err
return
}
if err != nil {
loadLibErr = fmt.Errorf("failed to load libsecp256k1: %w", err)
return
}
// Register symbols
if err = registerSymbols(); err != nil {
loadLibErr = fmt.Errorf("failed to register symbols from %s: %w", libPath, err)
return
}
loadLibErr = nil
})
return loadLibErr
}
// registerSymbols registers all C function symbols
func registerSymbols() (err error) {
// Core context functions
purego.RegisterLibFunc(&contextCreate, libHandle, "secp256k1_context_create")
purego.RegisterLibFunc(&contextDestroy, libHandle, "secp256k1_context_destroy")
purego.RegisterLibFunc(&contextRandomize, libHandle, "secp256k1_context_randomize")
// Public key functions
purego.RegisterLibFunc(&ecPubkeyCreate, libHandle, "secp256k1_ec_pubkey_create")
purego.RegisterLibFunc(&ecPubkeySerialize, libHandle, "secp256k1_ec_pubkey_serialize")
purego.RegisterLibFunc(&ecPubkeyParse, libHandle, "secp256k1_ec_pubkey_parse")
// ECDSA functions
purego.RegisterLibFunc(&ecdsaSign, libHandle, "secp256k1_ecdsa_sign")
purego.RegisterLibFunc(&ecdsaVerify, libHandle, "secp256k1_ecdsa_verify")
purego.RegisterLibFunc(&ecdsaSignatureSerializeDer, libHandle, "secp256k1_ecdsa_signature_serialize_der")
purego.RegisterLibFunc(&ecdsaSignatureParseDer, libHandle, "secp256k1_ecdsa_signature_parse_der")
purego.RegisterLibFunc(&ecdsaSignatureSerializeCompact, libHandle, "secp256k1_ecdsa_signature_serialize_compact")
purego.RegisterLibFunc(&ecdsaSignatureParseCompact, libHandle, "secp256k1_ecdsa_signature_parse_compact")
purego.RegisterLibFunc(&ecdsaSignatureNormalize, libHandle, "secp256k1_ecdsa_signature_normalize")
// Try to load optional modules - don't fail if they're not available
// Schnorr module
tryRegister(&schnorrsigSign32, "secp256k1_schnorrsig_sign32")
tryRegister(&schnorrsigVerify, "secp256k1_schnorrsig_verify")
tryRegister(&keypairCreate, "secp256k1_keypair_create")
tryRegister(&xonlyPubkeyParse, "secp256k1_xonly_pubkey_parse")
tryRegister(&xonlyPubkeySerialize, "secp256k1_xonly_pubkey_serialize")
tryRegister(&keypairXonlyPub, "secp256k1_keypair_xonly_pub")
tryRegister(&xonlyPubkeyFromPubkey, "secp256k1_xonly_pubkey_from_pubkey")
// ECDH module
tryRegister(&ecdh, "secp256k1_ecdh")
// Recovery module
tryRegister(&ecdsaRecoverableSignatureSerializeCompact, "secp256k1_ecdsa_recoverable_signature_serialize_compact")
tryRegister(&ecdsaRecoverableSignatureParseCompact, "secp256k1_ecdsa_recoverable_signature_parse_compact")
tryRegister(&ecdsaSignRecoverable, "secp256k1_ecdsa_sign_recoverable")
tryRegister(&ecdsaRecover, "secp256k1_ecdsa_recover")
return nil
}
// tryRegister attempts to register a symbol without failing if it doesn't exist
func tryRegister(fptr interface{}, symbol string) {
defer func() {
if r := recover(); r != nil {
// Symbol not found, ignore
}
}()
purego.RegisterLibFunc(fptr, libHandle, symbol)
}
// Context represents a secp256k1 context
type Context struct {
ctx uintptr
}
// NewContext creates a new secp256k1 context
func NewContext(flags uint32) (c *Context, err error) {
if err = LoadLibrary(); err != nil {
return
}
ctx := contextCreate(flags)
if ctx == 0 {
err = fmt.Errorf("failed to create context")
return
}
c = &Context{ctx: ctx}
runtime.SetFinalizer(c, (*Context).Destroy)
return
}
// Destroy destroys the context
func (c *Context) Destroy() {
if c.ctx != 0 {
contextDestroy(c.ctx)
c.ctx = 0
}
}
// Randomize randomizes the context with entropy
func (c *Context) Randomize(seed32 []byte) (err error) {
if len(seed32) != 32 {
err = fmt.Errorf("seed must be 32 bytes")
return
}
ret := contextRandomize(c.ctx, &seed32[0])
if ret != 1 {
err = fmt.Errorf("failed to randomize context")
return
}
return
}
// CreatePublicKey creates a public key from a private key
func (c *Context) CreatePublicKey(seckey []byte) (pubkey []byte, err error) {
if len(seckey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
pubkey = make([]byte, PublicKeySize)
ret := ecPubkeyCreate(c.ctx, &pubkey[0], &seckey[0])
if ret != 1 {
err = fmt.Errorf("failed to create public key")
return
}
return
}
// SerializePublicKey serializes a public key
func (c *Context) SerializePublicKey(pubkey []byte, compressed bool) (output []byte, err error) {
if len(pubkey) != PublicKeySize {
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
return
}
var flags uint32
if compressed {
output = make([]byte, CompressedPublicKeySize)
flags = ECCompressed
} else {
output = make([]byte, UncompressedPublicKeySize)
flags = ECUncompressed
}
outputLen := uint64(len(output))
ret := ecPubkeySerialize(c.ctx, &output[0], &outputLen, &pubkey[0], flags)
if ret != 1 {
err = fmt.Errorf("failed to serialize public key")
return
}
output = output[:outputLen]
return
}
// ParsePublicKey parses a serialized public key
func (c *Context) ParsePublicKey(input []byte) (pubkey []byte, err error) {
pubkey = make([]byte, PublicKeySize)
ret := ecPubkeyParse(c.ctx, &pubkey[0], &input[0], uint64(len(input)))
if ret != 1 {
err = fmt.Errorf("failed to parse public key")
return
}
return
}
// Sign creates an ECDSA signature
func (c *Context) Sign(msg32 []byte, seckey []byte) (sig []byte, err error) {
if len(msg32) != 32 {
err = fmt.Errorf("message must be 32 bytes")
return
}
if len(seckey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
sig = make([]byte, SignatureSize)
ret := ecdsaSign(c.ctx, &sig[0], &msg32[0], &seckey[0], 0, 0)
if ret != 1 {
err = fmt.Errorf("failed to sign message")
return
}
return
}
// Verify verifies an ECDSA signature
func (c *Context) Verify(msg32 []byte, sig []byte, pubkey []byte) (valid bool, err error) {
if len(msg32) != 32 {
err = fmt.Errorf("message must be 32 bytes")
return
}
if len(sig) != SignatureSize {
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
return
}
if len(pubkey) != PublicKeySize {
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
return
}
ret := ecdsaVerify(c.ctx, &sig[0], &msg32[0], &pubkey[0])
valid = ret == 1
return
}
// SerializeSignatureDER serializes a signature in DER format
func (c *Context) SerializeSignatureDER(sig []byte) (output []byte, err error) {
if len(sig) != SignatureSize {
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
return
}
output = make([]byte, 72) // Max DER signature size
outputLen := uint64(len(output))
ret := ecdsaSignatureSerializeDer(c.ctx, &output[0], &outputLen, &sig[0])
if ret != 1 {
err = fmt.Errorf("failed to serialize signature")
return
}
output = output[:outputLen]
return
}
// ParseSignatureDER parses a DER-encoded signature
func (c *Context) ParseSignatureDER(input []byte) (sig []byte, err error) {
sig = make([]byte, SignatureSize)
ret := ecdsaSignatureParseDer(c.ctx, &sig[0], &input[0], uint64(len(input)))
if ret != 1 {
err = fmt.Errorf("failed to parse DER signature")
return
}
return
}
// SerializeSignatureCompact serializes a signature in compact format (64 bytes)
func (c *Context) SerializeSignatureCompact(sig []byte) (output []byte, err error) {
if len(sig) != SignatureSize {
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
return
}
output = make([]byte, CompactSignatureSize)
ret := ecdsaSignatureSerializeCompact(c.ctx, &output[0], &sig[0])
if ret != 1 {
err = fmt.Errorf("failed to serialize signature")
return
}
return
}
// ParseSignatureCompact parses a compact (64-byte) signature
func (c *Context) ParseSignatureCompact(input64 []byte) (sig []byte, err error) {
if len(input64) != CompactSignatureSize {
err = fmt.Errorf("compact signature must be %d bytes", CompactSignatureSize)
return
}
sig = make([]byte, SignatureSize)
ret := ecdsaSignatureParseCompact(c.ctx, &sig[0], &input64[0])
if ret != 1 {
err = fmt.Errorf("failed to parse compact signature")
return
}
return
}
// NormalizeSignature normalizes a signature to lower-S form
func (c *Context) NormalizeSignature(sig []byte) (normalized []byte, wasNormalized bool, err error) {
if len(sig) != SignatureSize {
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
return
}
normalized = make([]byte, SignatureSize)
ret := ecdsaSignatureNormalize(c.ctx, &normalized[0], &sig[0])
wasNormalized = ret == 1
return
}
// Utility function to convert *byte to unsafe.Pointer
func bytesToPtr(b []byte) unsafe.Pointer {
if len(b) == 0 {
return nil
}
return unsafe.Pointer(&b[0])
}

478
pkg/crypto/p8k/secp_test.go Normal file
View File

@@ -0,0 +1,478 @@
package secp
import (
"crypto/rand"
"crypto/sha256"
"testing"
)
func TestContextCreation(t *testing.T) {
ctx, err := NewContext(ContextSign | ContextVerify)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
if ctx.ctx == 0 {
t.Fatal("Context handle is null")
}
}
func TestPublicKeyGeneration(t *testing.T) {
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
pubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
t.Fatalf("Failed to create public key: %v", err)
}
if len(pubKey) != PublicKeySize {
t.Fatalf("Public key size incorrect: got %d, want %d", len(pubKey), PublicKeySize)
}
}
func TestPublicKeySerialization(t *testing.T) {
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
pubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
t.Fatalf("Failed to create public key: %v", err)
}
// Test compressed
compressed, err := ctx.SerializePublicKey(pubKey, true)
if err != nil {
t.Fatalf("Failed to serialize compressed: %v", err)
}
if len(compressed) != CompressedPublicKeySize {
t.Fatalf("Compressed size incorrect: got %d, want %d", len(compressed), CompressedPublicKeySize)
}
// Test uncompressed
uncompressed, err := ctx.SerializePublicKey(pubKey, false)
if err != nil {
t.Fatalf("Failed to serialize uncompressed: %v", err)
}
if len(uncompressed) != UncompressedPublicKeySize {
t.Fatalf("Uncompressed size incorrect: got %d, want %d", len(uncompressed), UncompressedPublicKeySize)
}
// Parse back compressed
parsed, err := ctx.ParsePublicKey(compressed)
if err != nil {
t.Fatalf("Failed to parse compressed: %v", err)
}
if len(parsed) != PublicKeySize {
t.Fatalf("Parsed size incorrect: got %d, want %d", len(parsed), PublicKeySize)
}
}
func TestECDSASignAndVerify(t *testing.T) {
ctx, err := NewContext(ContextSign | ContextVerify)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
pubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
t.Fatalf("Failed to create public key: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
t.Fatalf("Failed to sign: %v", err)
}
valid, err := ctx.Verify(msgHash[:], sig, pubKey)
if err != nil {
t.Fatalf("Failed to verify: %v", err)
}
if !valid {
t.Fatal("Signature should be valid")
}
// Test with wrong message
wrongMsg := []byte("Wrong message")
wrongHash := sha256.Sum256(wrongMsg)
valid2, err := ctx.Verify(wrongHash[:], sig, pubKey)
if err != nil {
t.Fatalf("Failed to verify wrong message: %v", err)
}
if valid2 {
t.Fatal("Signature should be invalid for wrong message")
}
}
func TestDERSignatureSerialization(t *testing.T) {
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
t.Fatalf("Failed to sign: %v", err)
}
derSig, err := ctx.SerializeSignatureDER(sig)
if err != nil {
t.Fatalf("Failed to serialize DER: %v", err)
}
parsed, err := ctx.ParseSignatureDER(derSig)
if err != nil {
t.Fatalf("Failed to parse DER: %v", err)
}
if len(parsed) != SignatureSize {
t.Fatalf("Parsed signature size incorrect: got %d, want %d", len(parsed), SignatureSize)
}
}
func TestCompactSignatureSerialization(t *testing.T) {
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
t.Fatalf("Failed to sign: %v", err)
}
compact, err := ctx.SerializeSignatureCompact(sig)
if err != nil {
t.Fatalf("Failed to serialize compact: %v", err)
}
if len(compact) != CompactSignatureSize {
t.Fatalf("Compact size incorrect: got %d, want %d", len(compact), CompactSignatureSize)
}
parsed, err := ctx.ParseSignatureCompact(compact)
if err != nil {
t.Fatalf("Failed to parse compact: %v", err)
}
if len(parsed) != SignatureSize {
t.Fatalf("Parsed signature size incorrect: got %d, want %d", len(parsed), SignatureSize)
}
}
func TestSignatureNormalization(t *testing.T) {
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
t.Fatalf("Failed to sign: %v", err)
}
normalized, wasNormalized, err := ctx.NormalizeSignature(sig)
if err != nil {
t.Fatalf("Failed to normalize: %v", err)
}
if len(normalized) != SignatureSize {
t.Fatalf("Normalized signature size incorrect: got %d, want %d", len(normalized), SignatureSize)
}
_ = wasNormalized // May or may not be normalized
}
func TestSchnorrSignAndVerify(t *testing.T) {
if schnorrsigSign32 == nil {
t.Skip("Schnorr module not available")
}
ctx, err := NewContext(ContextSign | ContextVerify)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
keypair, err := ctx.CreateKeypair(privKey)
if err != nil {
t.Fatalf("Failed to create keypair: %v", err)
}
xonly, _, err := ctx.KeypairXOnlyPub(keypair)
if err != nil {
t.Fatalf("Failed to extract xonly pubkey: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
auxRand := make([]byte, 32)
if _, err := rand.Read(auxRand); err != nil {
t.Fatalf("Failed to generate aux_rand: %v", err)
}
sig, err := ctx.SchnorrSign(msgHash[:], keypair, auxRand)
if err != nil {
t.Fatalf("Failed to sign: %v", err)
}
if len(sig) != SchnorrSignatureSize {
t.Fatalf("Signature size incorrect: got %d, want %d", len(sig), SchnorrSignatureSize)
}
valid, err := ctx.SchnorrVerify(sig, msgHash[:], xonly[:])
if err != nil {
t.Fatalf("Failed to verify: %v", err)
}
if !valid {
t.Fatal("Schnorr signature should be valid")
}
// Test with wrong message
wrongMsg := []byte("Wrong message")
wrongHash := sha256.Sum256(wrongMsg)
valid2, err := ctx.SchnorrVerify(sig, wrongHash[:], xonly[:])
if err != nil {
t.Fatalf("Failed to verify wrong message: %v", err)
}
if valid2 {
t.Fatal("Schnorr signature should be invalid for wrong message")
}
}
func TestECDH(t *testing.T) {
if ecdh == nil {
t.Skip("ECDH module not available")
}
ctx, err := NewContext(ContextSign)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
// Alice's keys
alicePriv := make([]byte, 32)
if _, err := rand.Read(alicePriv); err != nil {
t.Fatalf("Failed to generate Alice's key: %v", err)
}
alicePub, err := ctx.CreatePublicKey(alicePriv)
if err != nil {
t.Fatalf("Failed to create Alice's public key: %v", err)
}
// Bob's keys
bobPriv := make([]byte, 32)
if _, err := rand.Read(bobPriv); err != nil {
t.Fatalf("Failed to generate Bob's key: %v", err)
}
bobPub, err := ctx.CreatePublicKey(bobPriv)
if err != nil {
t.Fatalf("Failed to create Bob's public key: %v", err)
}
// Compute shared secrets
aliceShared, err := ctx.ECDH(bobPub, alicePriv)
if err != nil {
t.Fatalf("Failed to compute Alice's shared secret: %v", err)
}
bobShared, err := ctx.ECDH(alicePub, bobPriv)
if err != nil {
t.Fatalf("Failed to compute Bob's shared secret: %v", err)
}
if len(aliceShared) != SharedSecretSize {
t.Fatalf("Shared secret size incorrect: got %d, want %d", len(aliceShared), SharedSecretSize)
}
// Secrets should match
if string(aliceShared) != string(bobShared) {
t.Fatal("Shared secrets should match")
}
}
func TestRecovery(t *testing.T) {
if ecdsaSignRecoverable == nil {
t.Skip("Recovery module not available")
}
ctx, err := NewContext(ContextSign | ContextVerify)
if err != nil {
t.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
if _, err := rand.Read(privKey); err != nil {
t.Fatalf("Failed to generate random key: %v", err)
}
originalPubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
t.Fatalf("Failed to create public key: %v", err)
}
message := []byte("Test message")
msgHash := sha256.Sum256(message)
recSig, err := ctx.SignRecoverable(msgHash[:], privKey)
if err != nil {
t.Fatalf("Failed to sign recoverable: %v", err)
}
sigBytes, recID, err := ctx.SerializeRecoverableSignatureCompact(recSig)
if err != nil {
t.Fatalf("Failed to serialize recoverable: %v", err)
}
if len(sigBytes) != 64 {
t.Fatalf("Signature size incorrect: got %d, want 64", len(sigBytes))
}
if recID < 0 || recID > 3 {
t.Fatalf("Recovery ID out of range: %d", recID)
}
parsedSig, err := ctx.ParseRecoverableSignatureCompact(sigBytes, recID)
if err != nil {
t.Fatalf("Failed to parse recoverable: %v", err)
}
recoveredPubKey, err := ctx.Recover(parsedSig, msgHash[:])
if err != nil {
t.Fatalf("Failed to recover public key: %v", err)
}
// Serialize both for comparison
origSer, err := ctx.SerializePublicKey(originalPubKey, true)
if err != nil {
t.Fatalf("Failed to serialize original: %v", err)
}
recSer, err := ctx.SerializePublicKey(recoveredPubKey, true)
if err != nil {
t.Fatalf("Failed to serialize recovered: %v", err)
}
if string(origSer) != string(recSer) {
t.Fatal("Recovered public key should match original")
}
}
func BenchmarkSign(b *testing.B) {
ctx, err := NewContext(ContextSign)
if err != nil {
b.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
rand.Read(privKey)
message := []byte("Benchmark message")
msgHash := sha256.Sum256(message)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
b.Fatalf("Failed to sign: %v", err)
}
}
}
func BenchmarkVerify(b *testing.B) {
ctx, err := NewContext(ContextSign | ContextVerify)
if err != nil {
b.Fatalf("Failed to create context: %v", err)
}
defer ctx.Destroy()
privKey := make([]byte, 32)
rand.Read(privKey)
pubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
b.Fatalf("Failed to create public key: %v", err)
}
message := []byte("Benchmark message")
msgHash := sha256.Sum256(message)
sig, err := ctx.Sign(msgHash[:], privKey)
if err != nil {
b.Fatalf("Failed to sign: %v", err)
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := ctx.Verify(msgHash[:], sig, pubKey)
if err != nil {
b.Fatalf("Failed to verify: %v", err)
}
}
}

268
pkg/crypto/p8k/utils.go Normal file
View File

@@ -0,0 +1,268 @@
package secp
import (
"crypto/rand"
"fmt"
)
// GeneratePrivateKey generates a random 32-byte private key
func GeneratePrivateKey() (privKey []byte, err error) {
privKey = make([]byte, PrivateKeySize)
if _, err = rand.Read(privKey); err != nil {
err = fmt.Errorf("failed to generate random key: %w", err)
return
}
return
}
// PublicKeyFromPrivate generates a public key from a private key
// Returns the serialized public key in compressed format
func PublicKeyFromPrivate(privKey []byte, compressed bool) (pubKey []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
internalPubKey, err := ctx.CreatePublicKey(privKey)
if err != nil {
return
}
pubKey, err = ctx.SerializePublicKey(internalPubKey, compressed)
return
}
// SignMessage signs a 32-byte message hash with a private key
// Returns the signature in compact format (64 bytes)
func SignMessage(msgHash []byte, privKey []byte) (sig []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
internalSig, err := ctx.Sign(msgHash, privKey)
if err != nil {
return
}
sig, err = ctx.SerializeSignatureCompact(internalSig)
return
}
// VerifyMessage verifies a compact signature against a message hash and serialized public key
func VerifyMessage(msgHash []byte, compactSig []byte, serializedPubKey []byte) (valid bool, err error) {
ctx, err := NewContext(ContextVerify)
if err != nil {
return
}
defer ctx.Destroy()
pubKey, err := ctx.ParsePublicKey(serializedPubKey)
if err != nil {
return
}
sig, err := ctx.ParseSignatureCompact(compactSig)
if err != nil {
return
}
valid, err = ctx.Verify(msgHash, sig, pubKey)
return
}
// SignMessageDER signs a message and returns DER-encoded signature
func SignMessageDER(msgHash []byte, privKey []byte) (derSig []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
internalSig, err := ctx.Sign(msgHash, privKey)
if err != nil {
return
}
derSig, err = ctx.SerializeSignatureDER(internalSig)
return
}
// VerifyMessageDER verifies a DER-encoded signature
func VerifyMessageDER(msgHash []byte, derSig []byte, serializedPubKey []byte) (valid bool, err error) {
ctx, err := NewContext(ContextVerify)
if err != nil {
return
}
defer ctx.Destroy()
pubKey, err := ctx.ParsePublicKey(serializedPubKey)
if err != nil {
return
}
sig, err := ctx.ParseSignatureDER(derSig)
if err != nil {
return
}
valid, err = ctx.Verify(msgHash, sig, pubKey)
return
}
// SchnorrSign signs a message with Schnorr signature (BIP-340)
// Returns 64-byte Schnorr signature
func SchnorrSign(msgHash []byte, privKey []byte, auxRand []byte) (sig []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
keypair, err := ctx.CreateKeypair(privKey)
if err != nil {
return
}
sig, err = ctx.SchnorrSign(msgHash, keypair, auxRand)
return
}
// SchnorrVerifyWithPubKey verifies a Schnorr signature (BIP-340)
// xonlyPubKey should be 32 bytes
func SchnorrVerifyWithPubKey(msgHash []byte, sig []byte, xonlyPubKey []byte) (valid bool, err error) {
ctx, err := NewContext(ContextVerify)
if err != nil {
return
}
defer ctx.Destroy()
valid, err = ctx.SchnorrVerify(sig, msgHash, xonlyPubKey)
return
}
// XOnlyPubKeyFromPrivate generates an x-only public key from a private key
func XOnlyPubKeyFromPrivate(privKey []byte) (xonly []byte, pkParity int32, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
keypair, err := ctx.CreateKeypair(privKey)
if err != nil {
return
}
var xonlyInternal XOnlyPublicKey
xonlyInternal, pkParity, err = ctx.KeypairXOnlyPub(keypair)
if err != nil {
return
}
xonly = xonlyInternal[:]
return
}
// ComputeECDH computes an ECDH shared secret
func ComputeECDH(serializedPubKey []byte, privKey []byte) (secret []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
pubKey, err := ctx.ParsePublicKey(serializedPubKey)
if err != nil {
return
}
secret, err = ctx.ECDH(pubKey, privKey)
return
}
// SignRecoverableCompact signs a message with a recoverable signature
// Returns compact signature (64 bytes) and recovery ID
func SignRecoverableCompact(msgHash []byte, privKey []byte) (sig []byte, recID int32, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
recSig, err := ctx.SignRecoverable(msgHash, privKey)
if err != nil {
return
}
sig, recID, err = ctx.SerializeRecoverableSignatureCompact(recSig)
return
}
// RecoverPubKey recovers a public key from a recoverable signature
// Returns serialized public key in compressed format
func RecoverPubKey(msgHash []byte, compactSig []byte, recID int32, compressed bool) (pubKey []byte, err error) {
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
recSig, err := ctx.ParseRecoverableSignatureCompact(compactSig, recID)
if err != nil {
return
}
recoveredPubKey, err := ctx.Recover(recSig, msgHash)
if err != nil {
return
}
pubKey, err = ctx.SerializePublicKey(recoveredPubKey, compressed)
return
}
// ValidatePrivateKey checks if a private key is valid
func ValidatePrivateKey(privKey []byte) (valid bool, err error) {
if len(privKey) != PrivateKeySize {
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
return
}
ctx, err := NewContext(ContextSign)
if err != nil {
return
}
defer ctx.Destroy()
_, err = ctx.CreatePublicKey(privKey)
if err != nil {
valid = false
err = nil
return
}
valid = true
return
}
// IsPublicKeyValid checks if a serialized public key is valid
func IsPublicKeyValid(serializedPubKey []byte) (valid bool, err error) {
ctx, err := NewContext(ContextVerify)
if err != nil {
return
}
defer ctx.Destroy()
_, err = ctx.ParsePublicKey(serializedPubKey)
if err != nil {
valid = false
err = nil
return
}
valid = true
return
}

4
pkg/database/benchmark_test.go
View File

@@ -9,7 +9,7 @@ import (
"testing"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/database/indexes/types"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/event/examples"
@@ -73,7 +73,7 @@ func BenchmarkSaveEvent(b *testing.B) {
b.ReportAllocs()
for i := 0; i < b.N; i++ {
// Create a simple test event
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
b.Fatal(err)
}

4
pkg/database/query-events-multiple-param-replaceable_test.go
View File

@@ -6,7 +6,7 @@ import (
"testing"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/filter"
"next.orly.dev/pkg/encoders/hex"
@@ -25,7 +25,7 @@ func TestMultipleParameterizedReplaceableEvents(t *testing.T) {
defer cancel()
defer db.Close()
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatal(err)
}

4
pkg/database/query-events-search_test.go
View File

@@ -7,7 +7,7 @@ import (
"time"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/filter"
"next.orly.dev/pkg/encoders/kind"
@@ -44,7 +44,7 @@ func TestQueryEventsBySearchTerms(t *testing.T) {
}()
// signer for all events
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatalf("signer generate: %v", err)
}

6
pkg/database/query-events_test.go
View File

@@ -10,7 +10,7 @@ import (
"testing"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/event/examples"
"next.orly.dev/pkg/encoders/filter"
@@ -198,7 +198,7 @@ func TestReplaceableEventsAndDeletion(t *testing.T) {
defer db.Close()
// Test querying for replaced events by ID
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatal(err)
}
@@ -380,7 +380,7 @@ func TestParameterizedReplaceableEventsAndDeletion(t *testing.T) {
defer cancel()
defer db.Close()
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatal(err)
}

6
pkg/database/save-event_test.go
View File

@@ -11,7 +11,7 @@ import (
"lol.mleku.dev/chk"
"lol.mleku.dev/errorf"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/event/examples"
"next.orly.dev/pkg/encoders/hex"
@@ -120,7 +120,7 @@ func TestDeletionEventWithETagRejection(t *testing.T) {
defer db.Close()
// Create a signer
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatal(err)
}
@@ -199,7 +199,7 @@ func TestSaveExistingEvent(t *testing.T) {
defer db.Close()
// Create a signer
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
if err := sign.Generate(); chk.E(err) {
t.Fatal(err)
}

4
pkg/encoders/envelopes/authenvelope/authenvelope_test.go
View File

@@ -4,7 +4,7 @@ import (
"testing"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/envelopes"
"next.orly.dev/pkg/protocol/auth"
"next.orly.dev/pkg/utils"
@@ -15,7 +15,7 @@ const relayURL = "wss://example.com"
func TestAuth(t *testing.T) {
var err error
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err = signer.Generate(); chk.E(err) {
t.Fatal(err)
}

6
pkg/encoders/event/benchmark_test.go
View File

@@ -5,7 +5,7 @@ import (
"testing"
"time"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/kind"
"next.orly.dev/pkg/encoders/tag"
@@ -14,7 +14,7 @@ import (
// createTestEvent creates a realistic test event with proper signing
func createTestEvent() *E {
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}
@@ -44,7 +44,7 @@ func createTestEvent() *E {
// createLargeTestEvent creates a larger event with more tags and content
func createLargeTestEvent() *E {
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}

7
pkg/encoders/event/signatures.go
View File

@@ -4,8 +4,8 @@ import (
"lol.mleku.dev/chk"
"lol.mleku.dev/errorf"
"lol.mleku.dev/log"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/utils"
)
@@ -26,7 +26,10 @@ func (ev *E) Sign(keys signer.I) (err error) {
// Verify an event is signed by the pubkey it contains. Uses
// github.com/bitcoin-core/secp256k1 if available for faster verification.
func (ev *E) Verify() (valid bool, err error) {
keys := p256k1signer.NewP256K1Signer()
var keys *p8k.Signer
if keys, err = p8k.New(); chk.E(err) {
return
}
if err = keys.InitPub(ev.Pubkey); chk.E(err) {
return
}

8
pkg/encoders/filter/benchmark_test.go
View File

@@ -4,7 +4,7 @@ import (
"testing"
"time"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"github.com/minio/sha256-simd"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
@@ -29,7 +29,7 @@ func createTestFilter() *F {
// Add some authors
for i := 0; i < 3; i++ {
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}
@@ -72,7 +72,7 @@ func createComplexFilter() *F {
// Add many authors
for i := 0; i < 15; i++ {
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}
@@ -100,7 +100,7 @@ func createComplexFilter() *F {
// createTestEvent creates a test event for matching
func createTestEvent() *event.E {
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err := signer.Generate(); err != nil {
panic(err)
}

204
pkg/interfaces/signer/p8k/p8k.go Normal file
View File

@@ -0,0 +1,204 @@
// Package p8k provides a signer.I implementation using p8k.mleku.dev
package p8k
import (
"crypto/rand"
"lol.mleku.dev/errorf"
secp "next.orly.dev/pkg/crypto/p8k"
"next.orly.dev/pkg/interfaces/signer"
)
// Signer implements the signer.I interface using p8k.mleku.dev
type Signer struct {
ctx *secp.Context
secKey []byte
pubKey []byte
keypair secp.Keypair
}
// Ensure Signer implements signer.I
var _ signer.I = (*Signer)(nil)
// New creates a new P8K signer
func New() (s *Signer, err error) {
var ctx *secp.Context
if ctx, err = secp.NewContext(secp.ContextSign | secp.ContextVerify); err != nil {
return
}
s = &Signer{ctx: ctx}
return
}
// MustNew creates a new P8K signer and panics on error
func MustNew() (s *Signer) {
var err error
if s, err = New(); err != nil {
panic(err)
}
return
}
// Generate creates a fresh new key pair from system entropy, and ensures it is even (so
// ECDH works).
func (s *Signer) Generate() (err error) {
s.secKey = make([]byte, 32)
if _, err = rand.Read(s.secKey); err != nil {
return
}
// Create keypair
if s.keypair, err = s.ctx.CreateKeypair(s.secKey); err != nil {
return
}
// Extract x-only public key
var xonly secp.XOnlyPublicKey
var parity int32
if xonly, parity, err = s.ctx.KeypairXOnlyPub(s.keypair); err != nil {
return
}
_ = parity
// XOnlyPublicKey is [64]byte, but we only need the first 32 bytes (the x coordinate)
s.pubKey = xonly[:32]
return
}
// InitSec initialises the secret (signing) key from the raw bytes, and also
// derives the public key because it can.
func (s *Signer) InitSec(sec []byte) (err error) {
if len(sec) != 32 {
return errorf.E("secret key must be 32 bytes")
}
s.secKey = make([]byte, 32)
copy(s.secKey, sec)
// Create keypair
if s.keypair, err = s.ctx.CreateKeypair(s.secKey); err != nil {
return
}
// Extract x-only public key
var xonly secp.XOnlyPublicKey
var parity int32
if xonly, parity, err = s.ctx.KeypairXOnlyPub(s.keypair); err != nil {
return
}
_ = parity
// XOnlyPublicKey is [64]byte, but we only need the first 32 bytes (the x coordinate)
s.pubKey = xonly[:32]
return
}
// InitPub initializes the public (verification) key from raw bytes, this is
// expected to be an x-only 32 byte pubkey.
func (s *Signer) InitPub(pub []byte) (err error) {
if len(pub) != 32 {
return errorf.E("public key must be 32 bytes")
}
s.pubKey = make([]byte, 32)
copy(s.pubKey, pub)
return
}
// Sec returns the secret key bytes.
func (s *Signer) Sec() []byte {
return s.secKey
}
// Pub returns the public key bytes (x-only schnorr pubkey).
func (s *Signer) Pub() []byte {
return s.pubKey
}
// Sign creates a signature using the stored secret key.
func (s *Signer) Sign(msg []byte) (sig []byte, err error) {
if len(s.keypair) == 0 {
return nil, errorf.E("keypair not initialized")
}
// Generate auxiliary randomness
auxRand := make([]byte, 32)
if _, err = rand.Read(auxRand); err != nil {
return
}
// Sign with Schnorr
if sig, err = s.ctx.SchnorrSign(msg, s.keypair, auxRand); err != nil {
return
}
return
}
// Verify checks a message hash and signature match the stored public key.
func (s *Signer) Verify(msg, sig []byte) (valid bool, err error) {
if s.pubKey == nil {
return false, errorf.E("public key not initialized")
}
if valid, err = s.ctx.SchnorrVerify(sig, msg, s.pubKey); err != nil {
return
}
return
}
// Zero wipes the secret key to prevent memory leaks.
func (s *Signer) Zero() {
if s.secKey != nil {
for i := range s.secKey {
s.secKey[i] = 0
}
}
if len(s.keypair) > 0 {
for i := range s.keypair {
s.keypair[i] = 0
}
}
}
// ECDH returns a shared secret derived using Elliptic Curve Diffie-Hellman on
// the signer's secret and provided pubkey.
func (s *Signer) ECDH(pub []byte) (secret []byte, err error) {
return s.ECDHRaw(pub)
}
// ECDHRaw returns the raw shared secret point (x-coordinate only, 32 bytes) without hashing.
// This is needed for protocols like NIP-44 that do their own key derivation.
func (s *Signer) ECDHRaw(pub []byte) (sharedX []byte, err error) {
if s.secKey == nil {
return nil, errorf.E("secret key not initialized")
}
if len(pub) != 32 {
return nil, errorf.E("public key must be 32 bytes")
}
// Convert x-only pubkey to full pubkey
// For ECDH, we need the full public key, not just x-only
// Try with 0x02 (even y), then try 0x03 (odd y) if that fails
pubKeyFull := make([]byte, 33)
pubKeyFull[0] = 0x02 // compressed even y
copy(pubKeyFull[1:], pub)
// Parse the public key
var pubKeyInternal []byte
if pubKeyInternal, err = s.ctx.ParsePublicKey(pubKeyFull); err != nil {
// Try odd y coordinate
pubKeyFull[0] = 0x03
if pubKeyInternal, err = s.ctx.ParsePublicKey(pubKeyFull); err != nil {
return nil, err
}
}
// Compute ECDH - this returns the 32-byte x-coordinate of the shared point
if sharedX, err = s.ctx.ECDH(pubKeyInternal, s.secKey); err != nil {
return
}
return
}

5
pkg/interfaces/signer/signer.go
View File

@@ -25,8 +25,11 @@ type I interface {
// Zero wipes the secret key to prevent memory leaks.
Zero()
// ECDH returns a shared secret derived using Elliptic Curve Diffie-Hellman on
// the I secret and provided pubkey.
// the I secret and provided pubkey. Returns the 32-byte x-coordinate of the shared point.
ECDH(pub []byte) (secret []byte, err error)
// ECDHRaw returns the raw shared secret point (x-coordinate only, 32 bytes) without hashing.
// This is needed for protocols like NIP-44 that do their own key derivation.
ECDHRaw(pub []byte) (sharedX []byte, err error)
}
// Gen is an interface for nostr BIP-340 key generation.

6
pkg/policy/benchmark_test.go
View File

@@ -9,14 +9,14 @@ import (
"time"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/tag"
"next.orly.dev/pkg/interfaces/signer/p8k"
)
// Helper function to create test event for benchmarks (reuses signer)
func createTestEventBench(b *testing.B, signer *p256k1signer.P256K1Signer, content string, kind uint16) *event.E {
func createTestEventBench(b *testing.B, signer *p8k.Signer, content string, kind uint16) *event.E {
ev := event.New()
ev.CreatedAt = time.Now().Unix()
ev.Kind = kind
@@ -202,7 +202,7 @@ func BenchmarkCheckPolicyMultipleKinds(b *testing.B) {
// Generate keypair once for all events
signer, pubkey := generateTestKeypairB(b)
// Create test events with different kinds
events := make([]*event.E, 100)
for i := 0; i < 100; i++ {

10
pkg/policy/policy_integration_test.go
View File

@@ -9,7 +9,7 @@ import (
"time"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/kind"
@@ -23,13 +23,13 @@ func TestPolicyIntegration(t *testing.T) {
}
// Generate test keys
allowedSigner := p256k1signer.NewP256K1Signer()
allowedSigner := p8k.New()
if err := allowedSigner.Generate(); chk.E(err) {
t.Fatalf("Failed to generate allowed signer: %v", err)
}
allowedPubkeyHex := hex.Enc(allowedSigner.Pub())
unauthorizedSigner := p256k1signer.NewP256K1Signer()
unauthorizedSigner := p8k.New()
if err := unauthorizedSigner.Generate(); chk.E(err) {
t.Fatalf("Failed to generate unauthorized signer: %v", err)
}
@@ -367,13 +367,13 @@ func TestPolicyWithRelay(t *testing.T) {
}
// Generate keys
allowedSigner := p256k1signer.NewP256K1Signer()
allowedSigner := p8k.New()
if err := allowedSigner.Generate(); chk.E(err) {
t.Fatalf("Failed to generate allowed signer: %v", err)
}
allowedPubkeyHex := hex.Enc(allowedSigner.Pub())
unauthorizedSigner := p256k1signer.NewP256K1Signer()
unauthorizedSigner := p8k.New()
if err := unauthorizedSigner.Generate(); chk.E(err) {
t.Fatalf("Failed to generate unauthorized signer: %v", err)
}

14
pkg/policy/policy_test.go
View File

@@ -10,7 +10,7 @@ import (
"time"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/tag"
@@ -22,8 +22,8 @@ func int64Ptr(i int64) *int64 {
}
// Helper function to generate a keypair for testing
func generateTestKeypair(t *testing.T) (signer *p256k1signer.P256K1Signer, pubkey []byte) {
signer = p256k1signer.NewP256K1Signer()
func generateTestKeypair(t *testing.T) (signer *p8k.Signer, pubkey []byte) {
signer = p8k.New()
if err := signer.Generate(); chk.E(err) {
t.Fatalf("Failed to generate test keypair: %v", err)
}
@@ -32,8 +32,8 @@ func generateTestKeypair(t *testing.T) (signer *p256k1signer.P256K1Signer, pubke
}
// Helper function to generate a keypair for benchmarks
func generateTestKeypairB(b *testing.B) (signer *p256k1signer.P256K1Signer, pubkey []byte) {
signer = p256k1signer.NewP256K1Signer()
func generateTestKeypairB(b *testing.B) (signer *p8k.Signer, pubkey []byte) {
signer = p8k.New()
if err := signer.Generate(); chk.E(err) {
b.Fatalf("Failed to generate test keypair: %v", err)
}
@@ -42,7 +42,7 @@ func generateTestKeypairB(b *testing.B) (signer *p256k1signer.P256K1Signer, pubk
}
// Helper function to create a real test event with proper signing
func createTestEvent(t *testing.T, signer *p256k1signer.P256K1Signer, content string, kind uint16) *event.E {
func createTestEvent(t *testing.T, signer *p8k.Signer, content string, kind uint16) *event.E {
ev := event.New()
ev.CreatedAt = time.Now().Unix()
ev.Kind = kind
@@ -58,7 +58,7 @@ func createTestEvent(t *testing.T, signer *p256k1signer.P256K1Signer, content st
}
// Helper function to create a test event with a specific pubkey (for unauthorized tests)
func createTestEventWithPubkey(t *testing.T, signer *p256k1signer.P256K1Signer, content string, kind uint16) *event.E {
func createTestEventWithPubkey(t *testing.T, signer *p8k.Signer, content string, kind uint16) *event.E {
ev := event.New()
ev.CreatedAt = time.Now().Unix()
ev.Kind = kind

4
pkg/protocol/auth/nip42_test.go
View File

@@ -5,12 +5,12 @@ import (
"lol.mleku.dev/chk"
"lol.mleku.dev/log"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
)
func TestCreateUnsigned(t *testing.T) {
var err error
signer := p256k1signer.NewP256K1Signer()
signer := p8k.MustNew()
if err = signer.Generate(); chk.E(err) {
t.Fatal(err)
}

8
pkg/protocol/directory/directory_test.go
View File

@@ -7,14 +7,14 @@ import (
"lol.mleku.dev/chk"
"next.orly.dev/pkg/crypto/ec/secp256k1"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/encoders/bech32encoding"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/protocol/directory"
)
// Helper to create a test keypair using p256k1signer.P256K1Signer
func createTestKeypair(t *testing.T) (*p256k1signer.P256K1Signer, []byte) {
signer := p256k1signer.NewP256K1Signer()
// Helper to create a test keypair using p8k.Signer
func createTestKeypair(t *testing.T) (*p8k.Signer, []byte) {
signer := p8k.MustNew()
if err := signer.Generate(); chk.E(err) {
t.Fatalf("failed to generate keypair: %v", err)
}

35
pkg/protocol/directory/helpers.go
View File

@@ -12,6 +12,7 @@ import (
"lol.mleku.dev/errorf"
"next.orly.dev/pkg/crypto/ec/schnorr"
"next.orly.dev/pkg/crypto/ec/secp256k1"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/bech32encoding"
"next.orly.dev/pkg/encoders/event"
)
@@ -30,10 +31,21 @@ func NewIdentityTagBuilder(identityPrivkey []byte) (builder *IdentityTagBuilder,
return nil, errorf.E("identity private key must be 32 bytes")
}
// Derive public key from secret key
identitySecKey := secp256k1.SecKeyFromBytes(identityPrivkey)
identityPubkey := identitySecKey.PubKey()
identityPubkeyBytes := schnorr.SerializePubKey(identityPubkey)
// Derive public key from secret key using p8k signer
var signer *p8k.Signer
if signer, err = p8k.New(); chk.E(err) {
return nil, errorf.E("failed to create signer: %w", err)
}
if err = signer.InitSec(identityPrivkey); chk.E(err) {
return nil, errorf.E("failed to initialize signer: %w", err)
}
identityPubkeyBytes := signer.Pub()
// Parse public key for npub encoding
var identityPubkey *secp256k1.PublicKey
if identityPubkey, err = schnorr.ParsePubKey(identityPubkeyBytes); chk.E(err) {
return nil, errorf.E("failed to parse public key: %w", err)
}
// Encode as npub
var npubIdentity []byte
@@ -65,14 +77,19 @@ func (builder *IdentityTagBuilder) CreateIdentityTag(delegatePubkey []byte) (ide
identityPubkeyHex := hex.EncodeToString(builder.identityPubkey)
message := nonceHex + delegatePubkeyHex + identityPubkeyHex
// Hash and sign
// Hash and sign using p8k signer
hash := sha256.Sum256([]byte(message))
identitySecKey := secp256k1.SecKeyFromBytes(builder.identityPrivkey)
var sig *schnorr.Signature
if sig, err = schnorr.Sign(identitySecKey, hash[:]); chk.E(err) {
var signer *p8k.Signer
if signer, err = p8k.New(); chk.E(err) {
return nil, errorf.E("failed to create signer: %w", err)
}
if err = signer.InitSec(builder.identityPrivkey); chk.E(err) {
return nil, errorf.E("failed to initialize signer: %w", err)
}
var signature []byte
if signature, err = signer.Sign(hash[:]); chk.E(err) {
return nil, errorf.E("failed to sign identity tag: %w", err)
}
signature := sig.Serialize()
identityTag = &IdentityTag{
NPubIdentity: builder.npubIdentity,

4
pkg/protocol/nwc/crypto_test.go
View File

@@ -6,10 +6,10 @@ import (
"time"
"next.orly.dev/pkg/crypto/encryption"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/tag"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/protocol/nwc"
"next.orly.dev/pkg/utils"
)
@@ -101,7 +101,7 @@ func TestNWCEventCreation(t *testing.T) {
t.Fatal(err)
}
clientKey := p256k1signer.NewP256K1Signer()
clientKey := p8k.MustNew()
if err := clientKey.InitSec(secretBytes); err != nil {
t.Fatal(err)
}

7
pkg/protocol/nwc/mock_wallet_service.go
View File

@@ -10,7 +10,7 @@ import (
"lol.mleku.dev/chk"
"next.orly.dev/pkg/crypto/encryption"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/filter"
"next.orly.dev/pkg/encoders/hex"
@@ -40,7 +40,10 @@ func NewMockWalletService(
relay string, initialBalance int64,
) (service *MockWalletService, err error) {
// Generate wallet keypair
walletKey := p256k1signer.NewP256K1Signer()
var walletKey *p8k.Signer
if walletKey, err = p8k.New(); chk.E(err) {
return
}
if err = walletKey.Generate(); chk.E(err) {
return
}

7
pkg/protocol/nwc/uri.go
View File

@@ -6,7 +6,7 @@ import (
"lol.mleku.dev/chk"
"next.orly.dev/pkg/crypto/encryption"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/interfaces/signer"
)
@@ -67,7 +67,10 @@ func ParseConnectionURI(nwcUri string) (parts *ConnectionParams, err error) {
err = errors.New("invalid secret")
return
}
clientKey := p256k1signer.NewP256K1Signer()
var clientKey *p8k.Signer
if clientKey, err = p8k.New(); chk.E(err) {
return
}
if err = clientKey.InitSec(secretBytes); chk.E(err) {
return
}

6
pkg/protocol/ws/client_test.go
View File

@@ -16,12 +16,12 @@ import (
"github.com/stretchr/testify/require"
"golang.org/x/net/websocket"
"lol.mleku.dev/chk"
p256k1signer "p256k1.mleku.dev/signer"
"next.orly.dev/pkg/encoders/event"
"next.orly.dev/pkg/encoders/filter"
"next.orly.dev/pkg/encoders/hex"
"next.orly.dev/pkg/encoders/kind"
"next.orly.dev/pkg/encoders/tag"
"next.orly.dev/pkg/interfaces/signer/p8k"
"next.orly.dev/pkg/utils"
"next.orly.dev/pkg/utils/normalize"
)
@@ -36,7 +36,7 @@ func TestPublish(t *testing.T) {
Tags: tag.NewS(tag.NewFromAny("foo", "bar")),
Pubkey: pub,
}
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
var err error
if err = sign.InitSec(priv); chk.E(err) {
}
@@ -208,7 +208,7 @@ var anyOriginHandshake = func(conf *websocket.Config, r *http.Request) error {
func makeKeyPair(t *testing.T) (sec, pub []byte) {
t.Helper()
sign := p256k1signer.NewP256K1Signer()
sign := p8k.MustNew()
var err error
if err = sign.Generate(); chk.E(err) {
return

2
pkg/version/version
View File

@@ -1 +1 @@
v0.24.7
v0.25.0