mleku
256537ba86
- Added `github.com/ebitengine/purego` as a direct dependency to the project. - Removed the unused `p8k.mleku.dev` dependency from the `go.mod` file. - Refactored the `GenerateConversationKeyFromHex` function to clarify parameter order, aligning with the NIP-44 specification. - Enhanced test cases for conversation key generation to ensure proper handling of public key formats and improved error messages. - Updated the `Signer` interface to include methods for extracting and serializing public keys in compressed format.
459 lines
14 KiB
Go
459 lines
14 KiB
Go
// Package secp provides Go bindings to libsecp256k1 without CGO.
|
|
// It uses dynamic library loading via purego to call C functions directly.
|
|
package secp
|
|
|
|
import (
|
|
"fmt"
|
|
"runtime"
|
|
"sync"
|
|
"unsafe"
|
|
|
|
"github.com/ebitengine/purego"
|
|
)
|
|
|
|
// Constants for context flags
|
|
const (
|
|
ContextNone = 1
|
|
ContextVerify = 257 // 1 | (1 << 8)
|
|
ContextSign = 513 // 1 | (1 << 9)
|
|
ContextDeclassify = 1025 // 1 | (1 << 10)
|
|
)
|
|
|
|
// EC flags
|
|
const (
|
|
ECCompressed = 258 // SECP256K1_EC_COMPRESSED
|
|
ECUncompressed = 2 // SECP256K1_EC_UNCOMPRESSED
|
|
)
|
|
|
|
// Size constants
|
|
const (
|
|
PublicKeySize = 64
|
|
CompressedPublicKeySize = 33
|
|
UncompressedPublicKeySize = 65
|
|
SignatureSize = 64
|
|
CompactSignatureSize = 64
|
|
PrivateKeySize = 32
|
|
SharedSecretSize = 32
|
|
SchnorrSignatureSize = 64
|
|
RecoverableSignatureSize = 65
|
|
)
|
|
|
|
var (
|
|
libHandle uintptr
|
|
loadLibOnce sync.Once
|
|
loadLibErr error
|
|
)
|
|
|
|
// Function pointers
|
|
var (
|
|
contextCreate func(flags uint32) uintptr
|
|
contextDestroy func(ctx uintptr)
|
|
contextRandomize func(ctx uintptr, seed32 *byte) int32
|
|
ecPubkeyCreate func(ctx uintptr, pubkey *byte, seckey *byte) int32
|
|
ecPubkeySerialize func(ctx uintptr, output *byte, outputlen *uint64, pubkey *byte, flags uint32) int32
|
|
ecPubkeyParse func(ctx uintptr, pubkey *byte, input *byte, inputlen uint64) int32
|
|
ecdsaSign func(ctx uintptr, sig *byte, msg32 *byte, seckey *byte, noncefp uintptr, ndata uintptr) int32
|
|
ecdsaVerify func(ctx uintptr, sig *byte, msg32 *byte, pubkey *byte) int32
|
|
ecdsaSignatureSerializeDer func(ctx uintptr, output *byte, outputlen *uint64, sig *byte) int32
|
|
ecdsaSignatureParseDer func(ctx uintptr, sig *byte, input *byte, inputlen uint64) int32
|
|
ecdsaSignatureSerializeCompact func(ctx uintptr, output64 *byte, sig *byte) int32
|
|
ecdsaSignatureParseCompact func(ctx uintptr, sig *byte, input64 *byte) int32
|
|
ecdsaSignatureNormalize func(ctx uintptr, sigout *byte, sigin *byte) int32
|
|
|
|
// Schnorr functions
|
|
schnorrsigSign32 func(ctx uintptr, sig64 *byte, msg32 *byte, keypair *byte, auxrand32 *byte) int32
|
|
schnorrsigVerify func(ctx uintptr, sig64 *byte, msg32 *byte, msglen uint64, pubkey *byte) int32
|
|
keypairCreate func(ctx uintptr, keypair *byte, seckey *byte) int32
|
|
xonlyPubkeyParse func(ctx uintptr, pubkey *byte, input32 *byte) int32
|
|
xonlyPubkeySerialize func(ctx uintptr, output32 *byte, pubkey *byte) int32
|
|
keypairXonlyPub func(ctx uintptr, pubkey *byte, pkParity *int32, keypair *byte) int32
|
|
keypairPub func(ctx uintptr, pubkey *byte, keypair *byte) int32
|
|
|
|
// ECDH functions
|
|
ecdh func(ctx uintptr, output *byte, pubkey *byte, seckey *byte, hashfp uintptr, data uintptr) int32
|
|
|
|
// Recovery functions
|
|
ecdsaRecoverableSignatureSerializeCompact func(ctx uintptr, output64 *byte, recid *int32, sig *byte) int32
|
|
ecdsaRecoverableSignatureParseCompact func(ctx uintptr, sig *byte, input64 *byte, recid int32) int32
|
|
ecdsaSignRecoverable func(ctx uintptr, sig *byte, msg32 *byte, seckey *byte, noncefp uintptr, ndata uintptr) int32
|
|
ecdsaRecover func(ctx uintptr, pubkey *byte, sig *byte, msg32 *byte) int32
|
|
|
|
// Extrakeys
|
|
xonlyPubkeyFromPubkey func(ctx uintptr, xonlyPubkey *byte, pkParity *int32, pubkey *byte) int32
|
|
)
|
|
|
|
// LoadLibrary loads the libsecp256k1 shared library
|
|
func LoadLibrary() (err error) {
|
|
loadLibOnce.Do(func() {
|
|
var libPath string
|
|
|
|
// Try to find the library
|
|
switch runtime.GOOS {
|
|
case "linux":
|
|
// Try common library paths
|
|
// For linux/amd64, try the bundled library first
|
|
paths := []string{
|
|
"./libsecp256k1.so", // Bundled in repo for linux amd64
|
|
"libsecp256k1.so.5",
|
|
"libsecp256k1.so.2",
|
|
"libsecp256k1.so.1",
|
|
"libsecp256k1.so.0",
|
|
"libsecp256k1.so",
|
|
"/usr/lib/libsecp256k1.so",
|
|
"/usr/local/lib/libsecp256k1.so",
|
|
"/usr/lib/x86_64-linux-gnu/libsecp256k1.so",
|
|
}
|
|
for _, p := range paths {
|
|
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
|
|
if err == nil {
|
|
libPath = p
|
|
break
|
|
}
|
|
}
|
|
case "darwin":
|
|
paths := []string{
|
|
"libsecp256k1.2.dylib",
|
|
"libsecp256k1.1.dylib",
|
|
"libsecp256k1.0.dylib",
|
|
"libsecp256k1.dylib",
|
|
"/usr/local/lib/libsecp256k1.dylib",
|
|
"/opt/homebrew/lib/libsecp256k1.dylib",
|
|
}
|
|
for _, p := range paths {
|
|
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
|
|
if err == nil {
|
|
libPath = p
|
|
break
|
|
}
|
|
}
|
|
case "windows":
|
|
paths := []string{
|
|
"libsecp256k1-2.dll",
|
|
"libsecp256k1-1.dll",
|
|
"libsecp256k1-0.dll",
|
|
"libsecp256k1.dll",
|
|
"secp256k1.dll",
|
|
}
|
|
for _, p := range paths {
|
|
libHandle, err = purego.Dlopen(p, purego.RTLD_NOW|purego.RTLD_GLOBAL)
|
|
if err == nil {
|
|
libPath = p
|
|
break
|
|
}
|
|
}
|
|
default:
|
|
err = fmt.Errorf("unsupported platform: %s", runtime.GOOS)
|
|
loadLibErr = err
|
|
return
|
|
}
|
|
|
|
if err != nil {
|
|
loadLibErr = fmt.Errorf("failed to load libsecp256k1: %w", err)
|
|
return
|
|
}
|
|
|
|
// Register symbols
|
|
if err = registerSymbols(); err != nil {
|
|
loadLibErr = fmt.Errorf("failed to register symbols from %s: %w", libPath, err)
|
|
return
|
|
}
|
|
|
|
loadLibErr = nil
|
|
})
|
|
|
|
return loadLibErr
|
|
}
|
|
|
|
// registerSymbols registers all C function symbols
|
|
func registerSymbols() (err error) {
|
|
// Core context functions
|
|
purego.RegisterLibFunc(&contextCreate, libHandle, "secp256k1_context_create")
|
|
purego.RegisterLibFunc(&contextDestroy, libHandle, "secp256k1_context_destroy")
|
|
purego.RegisterLibFunc(&contextRandomize, libHandle, "secp256k1_context_randomize")
|
|
|
|
// Public key functions
|
|
purego.RegisterLibFunc(&ecPubkeyCreate, libHandle, "secp256k1_ec_pubkey_create")
|
|
purego.RegisterLibFunc(&ecPubkeySerialize, libHandle, "secp256k1_ec_pubkey_serialize")
|
|
purego.RegisterLibFunc(&ecPubkeyParse, libHandle, "secp256k1_ec_pubkey_parse")
|
|
|
|
// ECDSA functions
|
|
purego.RegisterLibFunc(&ecdsaSign, libHandle, "secp256k1_ecdsa_sign")
|
|
purego.RegisterLibFunc(&ecdsaVerify, libHandle, "secp256k1_ecdsa_verify")
|
|
purego.RegisterLibFunc(&ecdsaSignatureSerializeDer, libHandle, "secp256k1_ecdsa_signature_serialize_der")
|
|
purego.RegisterLibFunc(&ecdsaSignatureParseDer, libHandle, "secp256k1_ecdsa_signature_parse_der")
|
|
purego.RegisterLibFunc(&ecdsaSignatureSerializeCompact, libHandle, "secp256k1_ecdsa_signature_serialize_compact")
|
|
purego.RegisterLibFunc(&ecdsaSignatureParseCompact, libHandle, "secp256k1_ecdsa_signature_parse_compact")
|
|
purego.RegisterLibFunc(&ecdsaSignatureNormalize, libHandle, "secp256k1_ecdsa_signature_normalize")
|
|
|
|
// Try to load optional modules - don't fail if they're not available
|
|
|
|
// Schnorr module
|
|
tryRegister(&schnorrsigSign32, "secp256k1_schnorrsig_sign32")
|
|
tryRegister(&schnorrsigVerify, "secp256k1_schnorrsig_verify")
|
|
tryRegister(&keypairCreate, "secp256k1_keypair_create")
|
|
tryRegister(&xonlyPubkeyParse, "secp256k1_xonly_pubkey_parse")
|
|
tryRegister(&xonlyPubkeySerialize, "secp256k1_xonly_pubkey_serialize")
|
|
tryRegister(&keypairXonlyPub, "secp256k1_keypair_xonly_pub")
|
|
tryRegister(&keypairPub, "secp256k1_keypair_pub")
|
|
tryRegister(&xonlyPubkeyFromPubkey, "secp256k1_xonly_pubkey_from_pubkey")
|
|
|
|
// ECDH module
|
|
tryRegister(&ecdh, "secp256k1_ecdh")
|
|
|
|
// Recovery module
|
|
tryRegister(&ecdsaRecoverableSignatureSerializeCompact, "secp256k1_ecdsa_recoverable_signature_serialize_compact")
|
|
tryRegister(&ecdsaRecoverableSignatureParseCompact, "secp256k1_ecdsa_recoverable_signature_parse_compact")
|
|
tryRegister(&ecdsaSignRecoverable, "secp256k1_ecdsa_sign_recoverable")
|
|
tryRegister(&ecdsaRecover, "secp256k1_ecdsa_recover")
|
|
|
|
return nil
|
|
}
|
|
|
|
// tryRegister attempts to register a symbol without failing if it doesn't exist
|
|
func tryRegister(fptr interface{}, symbol string) {
|
|
defer func() {
|
|
if r := recover(); r != nil {
|
|
// Symbol not found, ignore
|
|
}
|
|
}()
|
|
purego.RegisterLibFunc(fptr, libHandle, symbol)
|
|
}
|
|
|
|
// Context represents a secp256k1 context
|
|
type Context struct {
|
|
ctx uintptr
|
|
}
|
|
|
|
// NewContext creates a new secp256k1 context
|
|
func NewContext(flags uint32) (c *Context, err error) {
|
|
if err = LoadLibrary(); err != nil {
|
|
return
|
|
}
|
|
|
|
ctx := contextCreate(flags)
|
|
if ctx == 0 {
|
|
err = fmt.Errorf("failed to create context")
|
|
return
|
|
}
|
|
|
|
c = &Context{ctx: ctx}
|
|
runtime.SetFinalizer(c, (*Context).Destroy)
|
|
|
|
return
|
|
}
|
|
|
|
// Destroy destroys the context
|
|
func (c *Context) Destroy() {
|
|
if c.ctx != 0 {
|
|
contextDestroy(c.ctx)
|
|
c.ctx = 0
|
|
}
|
|
}
|
|
|
|
// Randomize randomizes the context with entropy
|
|
func (c *Context) Randomize(seed32 []byte) (err error) {
|
|
if len(seed32) != 32 {
|
|
err = fmt.Errorf("seed must be 32 bytes")
|
|
return
|
|
}
|
|
|
|
ret := contextRandomize(c.ctx, &seed32[0])
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to randomize context")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// CreatePublicKey creates a public key from a private key
|
|
func (c *Context) CreatePublicKey(seckey []byte) (pubkey []byte, err error) {
|
|
if len(seckey) != PrivateKeySize {
|
|
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
|
|
return
|
|
}
|
|
|
|
pubkey = make([]byte, PublicKeySize)
|
|
ret := ecPubkeyCreate(c.ctx, &pubkey[0], &seckey[0])
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to create public key")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// SerializePublicKey serializes a public key
|
|
func (c *Context) SerializePublicKey(pubkey []byte, compressed bool) (output []byte, err error) {
|
|
if len(pubkey) != PublicKeySize {
|
|
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
|
|
return
|
|
}
|
|
|
|
var flags uint32
|
|
if compressed {
|
|
output = make([]byte, CompressedPublicKeySize)
|
|
flags = ECCompressed
|
|
} else {
|
|
output = make([]byte, UncompressedPublicKeySize)
|
|
flags = ECUncompressed
|
|
}
|
|
|
|
outputLen := uint64(len(output))
|
|
ret := ecPubkeySerialize(c.ctx, &output[0], &outputLen, &pubkey[0], flags)
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to serialize public key")
|
|
return
|
|
}
|
|
|
|
output = output[:outputLen]
|
|
return
|
|
}
|
|
|
|
// SerializePublicKeyCompressed serializes a public key in compressed format (33 bytes)
|
|
func (c *Context) SerializePublicKeyCompressed(pubkey []byte) (output []byte, err error) {
|
|
return c.SerializePublicKey(pubkey, true)
|
|
}
|
|
|
|
// ParsePublicKey parses a serialized public key
|
|
func (c *Context) ParsePublicKey(input []byte) (pubkey []byte, err error) {
|
|
pubkey = make([]byte, PublicKeySize)
|
|
ret := ecPubkeyParse(c.ctx, &pubkey[0], &input[0], uint64(len(input)))
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to parse public key")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// Sign creates an ECDSA signature
|
|
func (c *Context) Sign(msg32 []byte, seckey []byte) (sig []byte, err error) {
|
|
if len(msg32) != 32 {
|
|
err = fmt.Errorf("message must be 32 bytes")
|
|
return
|
|
}
|
|
if len(seckey) != PrivateKeySize {
|
|
err = fmt.Errorf("private key must be %d bytes", PrivateKeySize)
|
|
return
|
|
}
|
|
|
|
sig = make([]byte, SignatureSize)
|
|
ret := ecdsaSign(c.ctx, &sig[0], &msg32[0], &seckey[0], 0, 0)
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to sign message")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// Verify verifies an ECDSA signature
|
|
func (c *Context) Verify(msg32 []byte, sig []byte, pubkey []byte) (valid bool, err error) {
|
|
if len(msg32) != 32 {
|
|
err = fmt.Errorf("message must be 32 bytes")
|
|
return
|
|
}
|
|
if len(sig) != SignatureSize {
|
|
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
|
|
return
|
|
}
|
|
if len(pubkey) != PublicKeySize {
|
|
err = fmt.Errorf("public key must be %d bytes", PublicKeySize)
|
|
return
|
|
}
|
|
|
|
ret := ecdsaVerify(c.ctx, &sig[0], &msg32[0], &pubkey[0])
|
|
valid = ret == 1
|
|
|
|
return
|
|
}
|
|
|
|
// SerializeSignatureDER serializes a signature in DER format
|
|
func (c *Context) SerializeSignatureDER(sig []byte) (output []byte, err error) {
|
|
if len(sig) != SignatureSize {
|
|
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
|
|
return
|
|
}
|
|
|
|
output = make([]byte, 72) // Max DER signature size
|
|
outputLen := uint64(len(output))
|
|
|
|
ret := ecdsaSignatureSerializeDer(c.ctx, &output[0], &outputLen, &sig[0])
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to serialize signature")
|
|
return
|
|
}
|
|
|
|
output = output[:outputLen]
|
|
return
|
|
}
|
|
|
|
// ParseSignatureDER parses a DER-encoded signature
|
|
func (c *Context) ParseSignatureDER(input []byte) (sig []byte, err error) {
|
|
sig = make([]byte, SignatureSize)
|
|
ret := ecdsaSignatureParseDer(c.ctx, &sig[0], &input[0], uint64(len(input)))
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to parse DER signature")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// SerializeSignatureCompact serializes a signature in compact format (64 bytes)
|
|
func (c *Context) SerializeSignatureCompact(sig []byte) (output []byte, err error) {
|
|
if len(sig) != SignatureSize {
|
|
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
|
|
return
|
|
}
|
|
|
|
output = make([]byte, CompactSignatureSize)
|
|
ret := ecdsaSignatureSerializeCompact(c.ctx, &output[0], &sig[0])
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to serialize signature")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// ParseSignatureCompact parses a compact (64-byte) signature
|
|
func (c *Context) ParseSignatureCompact(input64 []byte) (sig []byte, err error) {
|
|
if len(input64) != CompactSignatureSize {
|
|
err = fmt.Errorf("compact signature must be %d bytes", CompactSignatureSize)
|
|
return
|
|
}
|
|
|
|
sig = make([]byte, SignatureSize)
|
|
ret := ecdsaSignatureParseCompact(c.ctx, &sig[0], &input64[0])
|
|
if ret != 1 {
|
|
err = fmt.Errorf("failed to parse compact signature")
|
|
return
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
// NormalizeSignature normalizes a signature to lower-S form
|
|
func (c *Context) NormalizeSignature(sig []byte) (normalized []byte, wasNormalized bool, err error) {
|
|
if len(sig) != SignatureSize {
|
|
err = fmt.Errorf("signature must be %d bytes", SignatureSize)
|
|
return
|
|
}
|
|
|
|
normalized = make([]byte, SignatureSize)
|
|
ret := ecdsaSignatureNormalize(c.ctx, &normalized[0], &sig[0])
|
|
wasNormalized = ret == 1
|
|
|
|
return
|
|
}
|
|
|
|
// Utility function to convert *byte to unsafe.Pointer
|
|
func bytesToPtr(b []byte) unsafe.Pointer {
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
return unsafe.Pointer(&b[0])
|
|
}
|