From b68d11c9fa575191a89aa0d748de048a78d59f4e Mon Sep 17 00:00:00 2001 From: Sebastian Falbesoner Date: Mon, 21 Oct 2024 23:09:54 +0200 Subject: [PATCH] Add "hazmat" module which exposes low-level primitives (scalar, point) --- CMakeLists.txt | 6 + Makefile.am | 4 + configure.ac | 10 ++ include/secp256k1_hazmat.h | 52 +++++++++ src/CMakeLists.txt | 3 + src/modules/hazmat/Makefile.am.include | 2 + src/modules/hazmat/main_impl.h | 147 +++++++++++++++++++++++++ src/secp256k1.c | 4 + 8 files changed, 228 insertions(+) create mode 100644 include/secp256k1_hazmat.h create mode 100644 src/modules/hazmat/Makefile.am.include create mode 100644 src/modules/hazmat/main_impl.h diff --git a/CMakeLists.txt b/CMakeLists.txt index aba6e51259..d31d12db2b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,9 +62,14 @@ option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON) option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON) option(SECP256K1_ENABLE_MODULE_MUSIG "Enable musig module." ON) option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON) +option(SECP256K1_ENABLE_MODULE_HAZMAT "Enable hazmat module." OFF) # Processing must be done in a topological sorting of the dependency graph # (dependent module first). +if(SECP256K1_ENABLE_MODULE_HAZMAT) + add_compile_definitions(ENABLE_MODULE_HAZMAT=1) +endif() + if(SECP256K1_ENABLE_MODULE_ELLSWIFT) add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1) endif() @@ -327,6 +332,7 @@ message(" extrakeys ........................... ${SECP256K1_ENABLE_MODULE_EXTRA message(" schnorrsig .......................... ${SECP256K1_ENABLE_MODULE_SCHNORRSIG}") message(" musig ............................... ${SECP256K1_ENABLE_MODULE_MUSIG}") message(" ElligatorSwift ...................... ${SECP256K1_ENABLE_MODULE_ELLSWIFT}") +message(" hazmat .............................. ${SECP256K1_ENABLE_MODULE_HAZMAT}") message("Parameters:") message(" ecmult window size .................. ${SECP256K1_ECMULT_WINDOW_SIZE}") message(" ecmult gen table size ............... ${SECP256K1_ECMULT_GEN_KB} KiB") diff --git a/Makefile.am b/Makefile.am index a95b4809d4..f4f2e9ea04 100644 --- a/Makefile.am +++ b/Makefile.am @@ -300,3 +300,7 @@ endif if ENABLE_MODULE_ELLSWIFT include src/modules/ellswift/Makefile.am.include endif + +if ENABLE_MODULE_HAZMAT +include src/modules/hazmat/Makefile.am.include +endif diff --git a/configure.ac b/configure.ac index c62a391d78..2420b9cd13 100644 --- a/configure.ac +++ b/configure.ac @@ -192,6 +192,10 @@ AC_ARG_ENABLE(module_ellswift, AS_HELP_STRING([--enable-module-ellswift],[enable ElligatorSwift module [default=yes]]), [], [SECP_SET_DEFAULT([enable_module_ellswift], [yes], [yes])]) +AC_ARG_ENABLE(module_hazmat, + AS_HELP_STRING([--enable-module-hazmat],[enable hazmat module [default=no]]), [], + [SECP_SET_DEFAULT([enable_module_hazmat], [no], [yes])]) + AC_ARG_ENABLE(external_default_callbacks, AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), [], [SECP_SET_DEFAULT([enable_external_default_callbacks], [no], [no])]) @@ -430,6 +434,10 @@ if test x"$enable_module_ecdh" = x"yes"; then SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1" fi +if test x"$enable_module_hazmat" = x"yes"; then + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_HAZMAT=1" +fi + if test x"$enable_external_default_callbacks" = x"yes"; then SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1" fi @@ -463,6 +471,7 @@ AM_CONDITIONAL([ENABLE_MODULE_EXTRAKEYS], [test x"$enable_module_extrakeys" = x" AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"]) AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"]) AM_CONDITIONAL([ENABLE_MODULE_ELLSWIFT], [test x"$enable_module_ellswift" = x"yes"]) +AM_CONDITIONAL([ENABLE_MODULE_HAZMAT], [test x"$enable_module_hazmat" = x"yes"]) AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$enable_external_asm" = x"yes"]) AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm32"]) AM_CONDITIONAL([BUILD_WINDOWS], [test "$build_windows" = "yes"]) @@ -486,6 +495,7 @@ echo " module extrakeys = $enable_module_extrakeys" echo " module schnorrsig = $enable_module_schnorrsig" echo " module musig = $enable_module_musig" echo " module ellswift = $enable_module_ellswift" +echo " module hazmat = $enable_module_hazmat" echo echo " asm = $set_asm" echo " ecmult window size = $set_ecmult_window" diff --git a/include/secp256k1_hazmat.h b/include/secp256k1_hazmat.h new file mode 100644 index 0000000000..41b6cc8e19 --- /dev/null +++ b/include/secp256k1_hazmat.h @@ -0,0 +1,52 @@ +#ifndef SECP256K1_HAZMAT_H +#define SECP256K1_HAZMAT_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* This module provides low-level cryptographic primitives of secp256k1. + * Note that these can be used incorrectly and require an in-depth knowledge + * of the cryptographic concepts at work, therefore we call this the + * "hazardous materials" library or "hazmat" for short. + */ + +/* Scalar */ +typedef union { + unsigned char data[32]; + uint64_t align8; /* ensure alignment on 8-bytes boundaries */ +} secp256k1_hazmat_scalar; + +SECP256K1_API int secp256k1_hazmat_scalar_parse(secp256k1_hazmat_scalar *s, const unsigned char *bin32); +SECP256K1_API void secp256k1_hazmat_scalar_serialize(unsigned char *bin32, const secp256k1_hazmat_scalar *s); +SECP256K1_API void secp256k1_hazmat_scalar_set_zero(secp256k1_hazmat_scalar *s); +SECP256K1_API int secp256k1_hazmat_scalar_is_zero(const secp256k1_hazmat_scalar *s); +SECP256K1_API void secp256k1_hazmat_scalar_add(secp256k1_hazmat_scalar *sres, const secp256k1_hazmat_scalar *s1, const secp256k1_hazmat_scalar *s2); +SECP256K1_API void secp256k1_hazmat_scalar_mul(secp256k1_hazmat_scalar *sres, const secp256k1_hazmat_scalar *s1, const secp256k1_hazmat_scalar *s2); +SECP256K1_API void secp256k1_hazmat_scalar_negate(secp256k1_hazmat_scalar *s); + +/* Point */ +typedef union { + unsigned char data[160]; + uint64_t align8; /* ensure alignment on 8-bytes boundaries */ +} secp256k1_hazmat_point; + +SECP256K1_API int secp256k1_hazmat_point_parse(secp256k1_hazmat_point *p, const unsigned char *pubkey33); +SECP256K1_API void secp256k1_hazmat_point_serialize(unsigned char *pubkey33, secp256k1_hazmat_point *p); +SECP256K1_API void secp256k1_hazmat_point_set_infinity(secp256k1_hazmat_point *p); +SECP256K1_API int secp256k1_hazmat_point_is_infinity(const secp256k1_hazmat_point *p); +SECP256K1_API void secp256k1_hazmat_point_add(secp256k1_hazmat_point *pres, secp256k1_hazmat_point *p1, secp256k1_hazmat_point *p2); +SECP256K1_API void secp256k1_hazmat_point_negate(secp256k1_hazmat_point *p); +SECP256K1_API int secp256k1_hazmat_point_equal(const secp256k1_hazmat_point *p1, const secp256k1_hazmat_point *p2); + +/* Point multiplication */ +SECP256K1_API void secp256k1_hazmat_multiply_with_generator(const secp256k1_context *ctx, secp256k1_hazmat_point *pres, const secp256k1_hazmat_scalar *s); +SECP256K1_API void secp256k1_hazmat_multiply_with_point(secp256k1_hazmat_point *pres, const secp256k1_hazmat_scalar *s, secp256k1_hazmat_point *p); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_HAZMAT_H */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f31b8c8f55..0fc339ffd2 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -138,6 +138,9 @@ if(SECP256K1_INSTALL) if(SECP256K1_ENABLE_MODULE_ELLSWIFT) list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_ellswift.h") endif() + if(SECP256K1_ENABLE_MODULE_HAZMAT) + list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_hazmat.h") + endif() install(FILES ${${PROJECT_NAME}_headers} DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ) diff --git a/src/modules/hazmat/Makefile.am.include b/src/modules/hazmat/Makefile.am.include new file mode 100644 index 0000000000..6339ff36bc --- /dev/null +++ b/src/modules/hazmat/Makefile.am.include @@ -0,0 +1,2 @@ +include_HEADERS += include/secp256k1_hazmat.h +noinst_HEADERS += src/modules/hazmat/main_impl.h diff --git a/src/modules/hazmat/main_impl.h b/src/modules/hazmat/main_impl.h new file mode 100644 index 0000000000..a6cd628454 --- /dev/null +++ b/src/modules/hazmat/main_impl.h @@ -0,0 +1,147 @@ +/*********************************************************************** + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ + +#ifndef SECP256K1_MODULE_HAZMAT_MAIN_H +#define SECP256K1_MODULE_HAZMAT_MAIN_H + +#include "../../../include/secp256k1.h" +#include "../../../include/secp256k1_hazmat.h" +#include "../../scalar.h" +#include "../../group.h" +#include "../../eckey.h" +#include "../../ecmult_const.h" + +typedef struct { + secp256k1_gej gej; + int z_is_one; /* set if z == 1, i.e. gej can be converted to ge trivially by assigning x/y */ +} secp256k1_hazmat_point_struct; + +/* Verify that the opaque data types are large enough to hold the underlying structures + (note that this function is never called at run-time and only exists since the STATIC_ASSERT + macro can only be used inside of functions) */ +static void secp256k1_hazmat_assertions(void) { + STATIC_ASSERT(sizeof(secp256k1_hazmat_scalar) >= sizeof(secp256k1_scalar)); + STATIC_ASSERT(sizeof(secp256k1_hazmat_point) >= sizeof(secp256k1_hazmat_point_struct)); +} + +int secp256k1_hazmat_scalar_parse(secp256k1_hazmat_scalar *s, const unsigned char *bin32) { + int overflow; + secp256k1_scalar_set_b32((secp256k1_scalar*)s, bin32, &overflow); + return !overflow; +} + +void secp256k1_hazmat_scalar_serialize(unsigned char *bin32, const secp256k1_hazmat_scalar *s) { + secp256k1_scalar_get_b32(bin32, (secp256k1_scalar*)s); +} + +void secp256k1_hazmat_scalar_set_zero(secp256k1_hazmat_scalar *s) { + *((secp256k1_scalar*)s) = secp256k1_scalar_zero; +} + +int secp256k1_hazmat_scalar_is_zero(const secp256k1_hazmat_scalar *s) { + return secp256k1_scalar_is_zero((secp256k1_scalar*)s); +} + +void secp256k1_hazmat_scalar_add(secp256k1_hazmat_scalar *sres, const secp256k1_hazmat_scalar *s1, const secp256k1_hazmat_scalar *s2) { + secp256k1_scalar_add((secp256k1_scalar*)sres, (secp256k1_scalar*)s1, (secp256k1_scalar*)s2); +} + +void secp256k1_hazmat_scalar_mul(secp256k1_hazmat_scalar *sres, const secp256k1_hazmat_scalar *s1, const secp256k1_hazmat_scalar *s2) { + secp256k1_scalar_mul((secp256k1_scalar*)sres, (secp256k1_scalar*)s1, (secp256k1_scalar*)s2); +} + +void secp256k1_hazmat_scalar_negate(secp256k1_hazmat_scalar *s) { + secp256k1_scalar_negate((secp256k1_scalar*)s, (secp256k1_scalar*)s); +} + +static void secp256k1_hazmat_point_to_ge(secp256k1_ge *ge, secp256k1_hazmat_point_struct *p) { + if (p->z_is_one) { + secp256k1_ge_set_xy(ge, &p->gej.x, &p->gej.y); + } else { + secp256k1_ge_set_gej(ge, &p->gej); + p->z_is_one = 1; + } +} + +int secp256k1_hazmat_point_parse(secp256k1_hazmat_point *p, const unsigned char *pubkey33) { + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + secp256k1_ge ge; + + if (!secp256k1_eckey_pubkey_parse(&ge, pubkey33, 33)) { + return 0; + } + secp256k1_gej_set_ge(&ps->gej, &ge); + ps->z_is_one = 1; + return 1; +} + +void secp256k1_hazmat_point_serialize(unsigned char *pubkey33, secp256k1_hazmat_point *p) { + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + secp256k1_ge ge; + size_t size; + int ret; + + secp256k1_hazmat_point_to_ge(&ge, ps); + ret = secp256k1_eckey_pubkey_serialize(&ge, pubkey33, &size, 1); + VERIFY_CHECK(ret == 1 && size == 33); + (void)ret; +} + +void secp256k1_hazmat_point_set_infinity(secp256k1_hazmat_point *p) { + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + + secp256k1_gej_set_infinity(&ps->gej); + ps->z_is_one = 0; +} + +int secp256k1_hazmat_point_is_infinity(const secp256k1_hazmat_point *p) { + const secp256k1_hazmat_point_struct *ps = (const secp256k1_hazmat_point_struct*)p; + + return secp256k1_gej_is_infinity(&ps->gej); +} + +void secp256k1_hazmat_point_add(secp256k1_hazmat_point *pres, secp256k1_hazmat_point *p1, secp256k1_hazmat_point *p2) { + secp256k1_hazmat_point_struct *press = (secp256k1_hazmat_point_struct*)pres; + secp256k1_hazmat_point_struct *p1s = (secp256k1_hazmat_point_struct*)p1; + secp256k1_hazmat_point_struct *p2s = (secp256k1_hazmat_point_struct*)p2; + secp256k1_ge ge; + + secp256k1_hazmat_point_to_ge(&ge, p2s); + secp256k1_gej_add_ge(&press->gej, &p1s->gej, &ge); + press->z_is_one = 0; +} + +void secp256k1_hazmat_point_negate(secp256k1_hazmat_point *p) { + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + + secp256k1_gej_neg(&ps->gej, &ps->gej); + /* negation only changes y; z is untouched, so no update of z_is_one is needed */ +} + +int secp256k1_hazmat_point_equal(const secp256k1_hazmat_point *p1, const secp256k1_hazmat_point *p2) { + const secp256k1_hazmat_point_struct *p1s = (secp256k1_hazmat_point_struct*)p1; + const secp256k1_hazmat_point_struct *p2s = (secp256k1_hazmat_point_struct*)p2; + + return secp256k1_gej_eq_var(&p1s->gej, &p2s->gej); +} + +void secp256k1_hazmat_multiply_with_generator(const secp256k1_context *ctx, secp256k1_hazmat_point *p, const secp256k1_hazmat_scalar *s) { + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &ps->gej, (secp256k1_scalar*)s); + ps->z_is_one = 0; +} + +void secp256k1_hazmat_multiply_with_point(secp256k1_hazmat_point *pres, const secp256k1_hazmat_scalar *s, secp256k1_hazmat_point *p) { + secp256k1_hazmat_point_struct *press = (secp256k1_hazmat_point_struct*)pres; + secp256k1_hazmat_point_struct *ps = (secp256k1_hazmat_point_struct*)p; + secp256k1_ge ge; + + secp256k1_hazmat_point_to_ge(&ge, ps); + secp256k1_ecmult_const(&press->gej, &ge, (secp256k1_scalar*)s); + press->z_is_one = 0; +} + +#endif diff --git a/src/secp256k1.c b/src/secp256k1.c index a248519dfd..65eeafe40c 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -829,3 +829,7 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32, #ifdef ENABLE_MODULE_ELLSWIFT # include "modules/ellswift/main_impl.h" #endif + +#ifdef ENABLE_MODULE_HAZMAT +# include "modules/hazmat/main_impl.h" +#endif