Adding Tweaking API (#192)

Author: csjones

Package.swift

@@ -145,7 +145,6 @@ let package = Package(
                 "swift-crypto/Tests/Test Vectors"
             ],
             sources: [
-                "Data.swift",
                 "Digests.swift",
                 "ECDSA.swift",
                 "EdDSA.swift",
@@ -156,12 +155,13 @@ let package = Package(
                 "Schnorr.swift",
                 "secp256k1.swift",
                 "SHA256.swift",
-                "String.swift",
                 "swift-crypto/Sources/Crypto/Digests/Digest.swift",
                 "swift-crypto/Sources/Crypto/Signatures/Signature.swift",
                 "swift-crypto/Sources/Crypto/Util/BoringSSL/RNG_boring.swift",
                 "swift-crypto/Sources/Crypto/Util/SecureBytes.swift",
                 "swift-crypto/Tests/_CryptoExtrasTests/Utils/BytesUtil.swift",
+                "Tweak.swift",
+                "Utility.swift",
                 "Zeroization.swift"
             ]
         ),

README.md

@@ -4,7 +4,6 @@
 Swift package with elliptic curve public key cryptography, ECDSA, Schnorr Signatures for Bitcoin and C bindings from [libsecp256k1](https://github.com/bitcoin-core/secp256k1).
 
 
-
 # Objectives
 
 Long-term goals are:

Sources/implementation/Data.swift

@@ -76,7 +76,7 @@ public extension secp256k1.Signing {
                 throw secp256k1Error.underlyingCryptoError
             }
 
-            self.rawRepresentation = Data(bytes: &signature.data, count: MemoryLayout.size(ofValue: signature.data))
+            self.rawRepresentation = signature.dataValue
         }
 
         /// Initializes ECDSASignature from the Compact representation.
@@ -87,14 +87,13 @@ public extension secp256k1.Signing {
 
             defer { secp256k1_context_destroy(context) }
 
-            let compactSignatureBytes = Array(compactRepresentation)
             var signature = secp256k1_ecdsa_signature()
 
-            guard secp256k1_ecdsa_signature_parse_compact(context, &signature, compactSignatureBytes) == 1 else {
+            guard secp256k1_ecdsa_signature_parse_compact(context, &signature, Array(compactRepresentation)) == 1 else {
                 throw secp256k1Error.underlyingCryptoError
             }
 
-            self.rawRepresentation = Data(bytes: &signature.data, count: MemoryLayout.size(ofValue: signature.data))
+            self.rawRepresentation = signature.dataValue
         }
 
         /// Invokes the given closure with a buffer pointer covering the raw bytes of the digest.
@@ -170,7 +169,6 @@ extension secp256k1.Signing.ECDSASigner: DigestSigner, Signer {
     /// - Throws: If there is a failure producing the signature
     public func signature<D: Digest>(for digest: D) throws -> secp256k1.Signing.ECDSASignature {
         let context = try secp256k1.Context.create()
-
         defer { secp256k1_context_destroy(context) }
 
         var signature = secp256k1_ecdsa_signature()
@@ -179,7 +177,7 @@ extension secp256k1.Signing.ECDSASigner: DigestSigner, Signer {
             throw secp256k1Error.underlyingCryptoError
         }
 
-        return try secp256k1.Signing.ECDSASignature(Data(bytes: &signature.data, count: MemoryLayout.size(ofValue: signature.data)))
+        return try secp256k1.Signing.ECDSASignature(signature.dataValue)
     }
 
     /// Generates an ECDSA signature over the secp256k1 elliptic curve.
@@ -218,11 +216,10 @@ extension secp256k1.Signing.ECDSAValidator: DigestValidator, DataValidator {
 
         var secp256k1Signature = secp256k1_ecdsa_signature()
         var secp256k1PublicKey = secp256k1_pubkey()
-        let pubKey = validatingKey.keyBytes
 
         signature.rawRepresentation.copyToUnsafeMutableBytes(of: &secp256k1Signature.data)
 
-        return secp256k1_ec_pubkey_parse(context, &secp256k1PublicKey, pubKey, pubKey.count) == 1 &&
+        return secp256k1_ec_pubkey_parse(context, &secp256k1PublicKey, validatingKey.bytes, validatingKey.bytes.count) == 1 &&
             secp256k1_ecdsa_verify(context, &secp256k1Signature, Array(digest), &secp256k1PublicKey) == 1
     }
 

Sources/implementation/ECDSA.swift

@@ -20,6 +20,10 @@ extension secp256k1 {
             64
         }
 
+        @inlinable static var xonlyByteCount: Int {
+            32
+        }
+
         /// Tuple representation of ``SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC``
         ///
         /// Only used at initialization and has no other function than making sure the object is initialized.
@@ -96,7 +100,7 @@ extension secp256k1.Signing.SchnorrSigner: DigestSigner, Signer {
     /// - Returns: The Schnorr Signature.
     /// - Throws: If there is a failure producing the signature.
     public func signature<D: DataProtocol>(for data: D) throws -> secp256k1.Signing.SchnorrSignature {
-        try signature(for: data, auxiliaryRand: SecureBytes(count: 32).bytes)
+        try signature(for: data, auxiliaryRand: SecureBytes(count: secp256k1.Schnorr.xonlyByteCount).bytes)
     }
 
     /// Generates an Schnorr signature from the hash digest object
@@ -111,7 +115,7 @@ extension secp256k1.Signing.SchnorrSigner: DigestSigner, Signer {
     /// - Returns: The Schnorr Signature.
     /// - Throws: If there is a failure producing the signature.
     public func signature<D: Digest>(for digest: D) throws -> secp256k1.Signing.SchnorrSignature {
-        try signature(for: digest, auxiliaryRand: SecureBytes(count: 32).bytes)
+        try signature(for: digest, auxiliaryRand: SecureBytes(count: secp256k1.Schnorr.xonlyByteCount).bytes)
     }
 
     /// Generates an Schnorr signature from a hash of a variable length data object
@@ -239,7 +243,7 @@ extension secp256k1.Signing.SchnorrValidator: DigestValidator, DataValidator {
 
         var pubKey = secp256k1_xonly_pubkey()
 
-        return secp256k1_xonly_pubkey_parse(context, &pubKey, validatingKey.xonlyKeyBytes) == 1 &&
+        return secp256k1_xonly_pubkey_parse(context, &pubKey, validatingKey.xonly.bytes) == 1 &&
             secp256k1_schnorrsig_verify(context, signature.rawRepresentation.bytes, message, message.count, &pubKey) == 1
     }
 }

Sources/implementation/Schnorr.swift

@@ -0,0 +1,63 @@
+//
+//  Tweak.swift
+//  GigaBitcoin/secp256k1.swift
+//
+//  Copyright (c) 2022 GigaBitcoin LLC
+//  Distributed under the MIT software license
+//
+//  See the accompanying file LICENSE for information
+//
+
+import Foundation
+import secp256k1_bindings
+
+public extension secp256k1.Signing.PrivateKey {
+    /// Create a new `PrivateKey` by adding tweak to the secret key.
+    /// - Parameter tweak: the 32-byte tweak object
+    /// - Returns: tweaked `PrivateKey` object
+    func tweak(_ tweak: [UInt8]) throws -> Self {
+        let context = try secp256k1.Context.create()
+        defer { secp256k1_context_destroy(context) }
+
+        var keypair = secp256k1_keypair()
+        var privateBytes = [UInt8](repeating: 0, count: secp256k1.ByteDetails.count)
+
+        guard secp256k1_keypair_create(context, &keypair, key.bytes).boolValue,
+              secp256k1_keypair_xonly_tweak_add(context, &keypair, tweak).boolValue,
+              secp256k1_keypair_sec(context, &privateBytes, &keypair).boolValue else {
+            throw secp256k1Error.underlyingCryptoError
+        }
+
+        return try Self(rawRepresentation: privateBytes)
+    }
+}
+
+public extension secp256k1.Signing.PublicKey {
+    /// Create a new `PublicKey` by adding tweak to the public key.
+    /// - Parameters:
+    ///   - tweak: the 32-byte tweak object
+    ///   - format: the format of the tweaked `PublicKey` object
+    /// - Returns: tweaked `PublicKey` object
+    func tweak(_ tweak: [UInt8], format: secp256k1.Format = .compressed) throws -> Self {
+        let context = try secp256k1.Context.create()
+        defer { secp256k1_context_destroy(context) }
+
+        var xonlyPubKey = secp256k1_xonly_pubkey()
+        var pubKey = secp256k1_pubkey()
+        var pubKeyLen = format.length
+        var pubBytes = [UInt8](repeating: 0, count: pubKeyLen)
+        var xonlyPubKeyOutput = secp256k1_xonly_pubkey()
+        var xonlyBytes = [UInt8](repeating: 0, count: secp256k1.Schnorr.xonlyByteCount)
+        var keyParity = Int32()
+
+        guard secp256k1_xonly_pubkey_parse(context, &xonlyPubKey, xonlyBytes).boolValue,
+              secp256k1_xonly_pubkey_tweak_add(context, &pubKey, &xonlyPubKey, tweak).boolValue,
+              secp256k1_ec_pubkey_serialize(context, &pubBytes, &pubKeyLen, &pubKey, format.rawValue).boolValue,
+              secp256k1_xonly_pubkey_from_pubkey(context, &xonlyPubKeyOutput, &keyParity, &pubKey).boolValue,
+              secp256k1_xonly_pubkey_serialize(context, &xonlyBytes, &xonlyPubKeyOutput).boolValue else {
+            throw secp256k1Error.underlyingCryptoError
+        }
+
+        return Self(rawRepresentation: pubBytes, xonly: xonlyBytes, format: format)
+    }
+}

Sources/implementation/String.swift

@@ -0,0 +1,61 @@
+//
+//  Utility.swift
+//  GigaBitcoin/secp256k1.swift
+//
+//  Copyright (c) 2022 GigaBitcoin LLC
+//  Distributed under the MIT software license
+//
+//  See the accompanying file LICENSE for information
+//
+
+import Foundation
+import secp256k1_bindings
+
+public extension ContiguousBytes {
+    @inlinable var bytes: [UInt8] {
+        withUnsafeBytes { bytesPtr in Array(bytesPtr) }
+    }
+}
+
+public extension Data {
+    @inlinable var bytes: [UInt8] {
+        withUnsafeBytes { bytesPtr in Array(bytesPtr) }
+    }
+
+    func copyToUnsafeMutableBytes<T>(of value: inout T) {
+        _ = Swift.withUnsafeMutableBytes(of: &value) { ptr in
+            ptr.copyBytes(from: self.prefix(ptr.count))
+        }
+    }
+}
+
+extension Int32 {
+    var boolValue: Bool {
+        Bool(truncating: NSNumber(value: self))
+    }
+}
+
+public extension secp256k1_ecdsa_signature {
+    var dataValue: Data {
+        var mutableSig = self
+        return Data(bytes: &mutableSig.data, count: MemoryLayout.size(ofValue: data))
+    }
+}
+
+public extension String {
+    /// Public initializer backed by the `BytesUtil.swift` DataProtocol extension property `hexString`
+    /// - Parameter bytes: byte array to initialize
+    init<T: DataProtocol>(bytes: T) {
+        self.init()
+        self = bytes.hexString
+    }
+
+    /// Public convenience property backed by the `BytesUtil.swift` Array extension initializer
+    /// - Throws: `ByteHexEncodingErrors` for invalid string or hex value
+    var bytes: [UInt8] {
+        get throws {
+            // The `BytesUtil.swift` Array extension expects lowercase strings
+            try Array(hexString: lowercased())
+        }
+    }
+}