ecdh.c (5423B)
1 /************************************************************************* 2 * Written in 2020-2022 by Elichai Turkel * 3 * To the extent possible under law, the author(s) have dedicated all * 4 * copyright and related and neighboring rights to the software in this * 5 * file to the public domain worldwide. This software is distributed * 6 * without any warranty. For the CC0 Public Domain Dedication, see * 7 * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 * 8 *************************************************************************/ 9 10 #include <stdio.h> 11 #include <assert.h> 12 #include <string.h> 13 14 #include <secp256k1.h> 15 #include <secp256k1_ecdh.h> 16 17 #include "examples_util.h" 18 19 int main(void) { 20 unsigned char seckey1[32]; 21 unsigned char seckey2[32]; 22 unsigned char compressed_pubkey1[33]; 23 unsigned char compressed_pubkey2[33]; 24 unsigned char shared_secret1[32]; 25 unsigned char shared_secret2[32]; 26 unsigned char randomize[32]; 27 int return_val; 28 size_t len; 29 haskellsecp256k1_v0_1_0_pubkey pubkey1; 30 haskellsecp256k1_v0_1_0_pubkey pubkey2; 31 32 /* Before we can call actual API functions, we need to create a "context". */ 33 haskellsecp256k1_v0_1_0_context* ctx = haskellsecp256k1_v0_1_0_context_create(SECP256K1_CONTEXT_NONE); 34 if (!fill_random(randomize, sizeof(randomize))) { 35 printf("Failed to generate randomness\n"); 36 return 1; 37 } 38 /* Randomizing the context is recommended to protect against side-channel 39 * leakage See `haskellsecp256k1_v0_1_0_context_randomize` in secp256k1.h for more 40 * information about it. This should never fail. */ 41 return_val = haskellsecp256k1_v0_1_0_context_randomize(ctx, randomize); 42 assert(return_val); 43 44 /*** Key Generation ***/ 45 46 /* If the secret key is zero or out of range (bigger than secp256k1's 47 * order), we try to sample a new key. Note that the probability of this 48 * happening is negligible. */ 49 while (1) { 50 if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) { 51 printf("Failed to generate randomness\n"); 52 return 1; 53 } 54 if (haskellsecp256k1_v0_1_0_ec_seckey_verify(ctx, seckey1) && haskellsecp256k1_v0_1_0_ec_seckey_verify(ctx, seckey2)) { 55 break; 56 } 57 } 58 59 /* Public key creation using a valid context with a verified secret key should never fail */ 60 return_val = haskellsecp256k1_v0_1_0_ec_pubkey_create(ctx, &pubkey1, seckey1); 61 assert(return_val); 62 return_val = haskellsecp256k1_v0_1_0_ec_pubkey_create(ctx, &pubkey2, seckey2); 63 assert(return_val); 64 65 /* Serialize pubkey1 in a compressed form (33 bytes), should always return 1 */ 66 len = sizeof(compressed_pubkey1); 67 return_val = haskellsecp256k1_v0_1_0_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED); 68 assert(return_val); 69 /* Should be the same size as the size of the output, because we passed a 33 byte array. */ 70 assert(len == sizeof(compressed_pubkey1)); 71 72 /* Serialize pubkey2 in a compressed form (33 bytes) */ 73 len = sizeof(compressed_pubkey2); 74 return_val = haskellsecp256k1_v0_1_0_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED); 75 assert(return_val); 76 /* Should be the same size as the size of the output, because we passed a 33 byte array. */ 77 assert(len == sizeof(compressed_pubkey2)); 78 79 /*** Creating the shared secret ***/ 80 81 /* Perform ECDH with seckey1 and pubkey2. Should never fail with a verified 82 * seckey and valid pubkey */ 83 return_val = haskellsecp256k1_v0_1_0_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL); 84 assert(return_val); 85 86 /* Perform ECDH with seckey2 and pubkey1. Should never fail with a verified 87 * seckey and valid pubkey */ 88 return_val = haskellsecp256k1_v0_1_0_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL); 89 assert(return_val); 90 91 /* Both parties should end up with the same shared secret */ 92 return_val = memcmp(shared_secret1, shared_secret2, sizeof(shared_secret1)); 93 assert(return_val == 0); 94 95 printf("Secret Key1: "); 96 print_hex(seckey1, sizeof(seckey1)); 97 printf("Compressed Pubkey1: "); 98 print_hex(compressed_pubkey1, sizeof(compressed_pubkey1)); 99 printf("\nSecret Key2: "); 100 print_hex(seckey2, sizeof(seckey2)); 101 printf("Compressed Pubkey2: "); 102 print_hex(compressed_pubkey2, sizeof(compressed_pubkey2)); 103 printf("\nShared Secret: "); 104 print_hex(shared_secret1, sizeof(shared_secret1)); 105 106 /* This will clear everything from the context and free the memory */ 107 haskellsecp256k1_v0_1_0_context_destroy(ctx); 108 109 /* It's best practice to try to clear secrets from memory after using them. 110 * This is done because some bugs can allow an attacker to leak memory, for 111 * example through "out of bounds" array access (see Heartbleed), Or the OS 112 * swapping them to disk. Hence, we overwrite the secret key buffer with zeros. 113 * 114 * Here we are preventing these writes from being optimized out, as any good compiler 115 * will remove any writes that aren't used. */ 116 secure_erase(seckey1, sizeof(seckey1)); 117 secure_erase(seckey2, sizeof(seckey2)); 118 secure_erase(shared_secret1, sizeof(shared_secret1)); 119 secure_erase(shared_secret2, sizeof(shared_secret2)); 120 121 return 0; 122 }