view release on metacpan or  search on metacpan

libsecp256k1/examples/ellswift.c  view on Meta::CPAN

    /*** Generate secret keys ***/
    if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
        printf("Failed to generate randomness\n");
        return 1;
    }
    /* If the secret key is zero or out of range (greater than secp256k1's
    * order), we fail. Note that the probability of this occurring is negligible
    * with a properly functioning random number generator. */
    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
        return 1;
    }

    /* Generate ElligatorSwift public keys. This should never fail with valid context and
       verified secret keys. Note that providing additional randomness (fourth parameter) is
       optional, but recommended. */
    if (!fill_random(auxrand1, sizeof(auxrand1)) || !fill_random(auxrand2, sizeof(auxrand2))) {
        printf("Failed to generate randomness\n");
        return 1;
    }
    return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey1, seckey1, auxrand1);
    assert(return_val);
    return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey2, seckey2, auxrand2);
    assert(return_val);

    /*** Create the shared secret on each side ***/

    /* Perform x-only ECDH with seckey1 and ellswift_pubkey2. Should never fail
     * with a verified seckey and valid pubkey. Note that both parties pass both
     * EllSwift pubkeys in the same order; the pubkey of the calling party is
     * determined by the "party" boolean (sixth parameter). */
    return_val = secp256k1_ellswift_xdh(ctx, shared_secret1, ellswift_pubkey1, ellswift_pubkey2,
        seckey1, 0, secp256k1_ellswift_xdh_hash_function_bip324, NULL);
    assert(return_val);

    /* Perform x-only ECDH with seckey2 and ellswift_pubkey1. Should never fail
     * with a verified seckey and valid pubkey. */
    return_val = secp256k1_ellswift_xdh(ctx, shared_secret2, ellswift_pubkey1, ellswift_pubkey2,
        seckey2, 1, secp256k1_ellswift_xdh_hash_function_bip324, NULL);
    assert(return_val);

    /* Both parties should end up with the same shared secret */
    return_val = memcmp(shared_secret1, shared_secret2, sizeof(shared_secret1));
    assert(return_val == 0);

    printf(  "     Secret Key1: ");
    print_hex(seckey1, sizeof(seckey1));
    printf(  "EllSwift Pubkey1: ");
    print_hex(ellswift_pubkey1, sizeof(ellswift_pubkey1));
    printf("\n     Secret Key2: ");
    print_hex(seckey2, sizeof(seckey2));
    printf(  "EllSwift Pubkey2: ");
    print_hex(ellswift_pubkey2, sizeof(ellswift_pubkey2));
    printf("\n   Shared Secret: ");
    print_hex(shared_secret1, sizeof(shared_secret1));

    /* This will clear everything from the context and free the memory */
    secp256k1_context_destroy(ctx);

    /* It's best practice to try to clear secrets from memory after using them.
     * This is done because some bugs can allow an attacker to leak memory, for
     * example through "out of bounds" array access (see Heartbleed), or the OS
     * swapping them to disk. Hence, we overwrite the secret key buffer with zeros.
     *
     * Here we are preventing these writes from being optimized out, as any good compiler
     * will remove any writes that aren't used. */
    secure_erase(seckey1, sizeof(seckey1));
    secure_erase(seckey2, sizeof(seckey2));
    secure_erase(shared_secret1, sizeof(shared_secret1));
    secure_erase(shared_secret2, sizeof(shared_secret2));

    return 0;
}