Swift APIs for Elliptic Curve Diffie Hellman (#195)

Author: csjones

Package.swift

@@ -145,11 +145,13 @@ let package = Package(
                 "swift-crypto/Tests/Test Vectors"
             ],
             sources: [
+                "Asymmetric.swift",
+                "DH.swift",
                 "Digests.swift",
+                "ECDH.swift",
                 "ECDSA.swift",
                 "EdDSA.swift",
                 "Errors.swift",
-                "NISTCurvesKeys.swift",
                 "PrettyBytes.swift",
                 "SafeCompare.swift",
                 "Schnorr.swift",

README.md

@@ -51,13 +51,35 @@ var messageDigest = try! "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9
 let signature = try! privateKey.schnorr.signature(message: &messageDigest, auxiliaryRand: &auxRand)
 ```
 
+## Tweak
+
+```swift
+let privateBytes = try! "C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9".bytes
+let privateKey = try! secp256k1.Signing.PrivateKey(rawRepresentation: privateBytes)
+
+// Adding a tweak to the private key and public key
+let tweak = try! "5f0da318c6e02f653a789950e55756ade9f194e1ec228d7f368de1bd821322b6".bytes
+let tweakedPrivateKey = try! privateKey.tweak(tweak)
+let tweakedPublicKeyKey = try! privateKey.publicKey.tweak(tweak)
+```
+
+## Elliptic Curve Diffie Hellman
+
+```swift
+let privateKey1 = try! secp256k1.KeyAgreement.PrivateKey()
+let privateKey2 = try! secp256k1.KeyAgreement.PrivateKey()
+
+let sharedSecret1 = try! privateKey1.sharedSecretFromKeyAgreement(with: privateKey2.publicKey)
+let sharedSecret2 = try! privateKey2.sharedSecretFromKeyAgreement(with: privateKey1.publicKey)
+```
+
 
 # Getting Started
 
-In your `Package.swift`:
+This repository primarily uses Swift package manager as its build tool, so we recommend using that as well. If you want to depend on `secp256k1.swift` in your own project, simply add it as a dependencies' clause in your `Package.swift`:
 
 ```swift
-.package(url: "https://github.com/GigaBitcoin/secp256k1.swift.git", .upToNextMajor(from: "0.5.0"))
+.package(url: "https://github.com/GigaBitcoin/secp256k1.swift.git", .upToNextMajor(from: "0.6.0"))
 ```
 
 Try in a [playground](spi-playgrounds://open?dependencies=GigaBitcoin/secp256k1.swift) using the [SPI Playgrounds app](https://swiftpackageindex.com/try-in-a-playground) or 🏟 [Arena](https://github.com/finestructure/arena)

Sources/implementation/Asymmetric.swift

@@ -0,0 +1,136 @@
+//
+//  Asymmetric.swift
+//  GigaBitcoin/secp256k1.swift
+//
+//  Copyright (c) 2022 GigaBitcoin LLC
+//  Distributed under the MIT software license
+//
+//  See the accompanying file LICENSE for information
+//
+
+import Foundation
+
+/// The secp256k1 Elliptic Curve.
+public extension secp256k1 {
+    /// Signing operations on secp256k1
+    enum Signing {
+        /// A Private Key for signing.
+        public struct PrivateKey: Equatable {
+            /// Generated secp256k1 Signing Key.
+            private let baseKey: PrivateKeyImplementation
+
+            /// The secp256k1 private key object
+            var key: SecureBytes {
+                baseKey.key
+            }
+
+            /// ECDSA Signing object.
+            public var ecdsa: secp256k1.Signing.ECDSASigner {
+                ECDSASigner(signingKey: baseKey)
+            }
+
+            /// Schnorr Signing object.
+            public var schnorr: secp256k1.Signing.SchnorrSigner {
+                SchnorrSigner(signingKey: baseKey)
+            }
+
+            /// The associated public key for verifying signatures done with this private key.
+            ///
+            /// - Returns: The associated public key
+            public var publicKey: PublicKey {
+                PublicKey(baseKey: baseKey.publicKey)
+            }
+
+            /// A data representation of the private key
+            public var rawRepresentation: Data {
+                baseKey.rawRepresentation
+            }
+
+            /// Creates a random secp256k1 private key for signing
+            public init(format: secp256k1.Format = .compressed) throws {
+                self.baseKey = try PrivateKeyImplementation(format: format)
+            }
+
+            /// Creates a secp256k1 private key for signing from a data representation.
+            /// - Parameter data: A raw representation of the key.
+            /// - Throws: An error is thrown when the raw representation does not create a private key for signing.
+            public init<D: ContiguousBytes>(rawRepresentation data: D, format: secp256k1.Format = .compressed) throws {
+                self.baseKey = try PrivateKeyImplementation(rawRepresentation: data, format: format)
+            }
+
+            public static func == (lhs: Self, rhs: Self) -> Bool {
+                lhs.key == rhs.key
+            }
+        }
+
+        /// The corresponding public key.
+        public struct PublicKey {
+            /// Generated secp256k1 public key.
+            private let baseKey: PublicKeyImplementation
+
+            /// The secp256k1 public key object
+            var keyBytes: [UInt8] {
+                baseKey.bytes
+            }
+
+            /// A data representation of the public key
+            public var rawRepresentation: Data {
+                baseKey.rawRepresentation
+            }
+
+            /// ECDSA Validating object.
+            public var ecdsa: secp256k1.Signing.ECDSAValidator {
+                ECDSAValidator(validatingKey: baseKey)
+            }
+
+            /// Schnorr Validating object.
+            public var schnorr: secp256k1.Signing.SchnorrValidator {
+                SchnorrValidator(validatingKey: baseKey)
+            }
+
+            /// The associated x-only public key for verifying Schnorr signatures.
+            ///
+            /// - Returns: The associated x-only public key
+            public var xonly: XonlyKey {
+                XonlyKey(baseKey: baseKey.xonly)
+            }
+
+            /// A key format representation of the public key
+            public var format: secp256k1.Format {
+                baseKey.format
+            }
+
+            /// Generates a secp256k1 public key.
+            /// - Parameter baseKey: generated secp256k1 public key.
+            fileprivate init(baseKey: PublicKeyImplementation) {
+                self.baseKey = baseKey
+            }
+
+            /// Generates a secp256k1 public key from a raw representation.
+            /// - Parameter data: A raw representation of the key.
+            /// - Throws: An error is thrown when the raw representation does not create a public key.
+            public init<D: ContiguousBytes>(rawRepresentation data: D, xonly: D, format: secp256k1.Format) {
+                self.baseKey = PublicKeyImplementation(rawRepresentation: data, xonly: xonly, format: format)
+            }
+        }
+
+        /// The corresponding x-only public key.
+        public struct XonlyKey {
+            /// Generated secp256k1 x-only public key.
+            private let baseKey: XonlyKeyImplementation
+
+            /// The secp256k1 x-only public key object
+            public var bytes: [UInt8] {
+                baseKey.bytes
+            }
+
+            fileprivate init(baseKey: XonlyKeyImplementation) {
+                self.baseKey = baseKey
+            }
+
+            public init<D: ContiguousBytes>(rawRepresentation data: D) {
+                self.baseKey = XonlyKeyImplementation(rawRepresentation: data)
+            }
+        }
+    }
+}

Sources/implementation/DH.swift

@@ -0,0 +1,81 @@
+//
+//  DH.swift
+//  GigaBitcoin/secp256k1.swift
+//
+//  Modifications Copyright (c) 2022 GigaBitcoin LLC
+//  Distributed under the MIT software license
+//
+//  See the accompanying file LICENSE for information
+//
+//
+//  NOTICE: THIS FILE HAS BEEN MODIFIED BY GigaBitcoin LLC
+//  UNDER COMPLIANCE WITH THE APACHE 2.0 LICENSE FROM THE
+//  ORIGINAL WORK OF THE COMPANY Apple Inc.
+//
+//  THE FOLLOWING IS THE COPYRIGHT OF THE ORIGINAL DOCUMENT:
+//
+//
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftCrypto open source project
+//
+// Copyright (c) 2019-2020 Apple Inc. and the SwiftCrypto project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.md for the list of SwiftCrypto project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Foundation
+
+/// A Diffie-Hellman Key Agreement Key
+protocol DiffieHellmanKeyAgreement {
+    /// The public key share type to perform the DH Key Agreement
+    associatedtype P
+    var publicKey: P { get }
+
+    /// Performs a Diffie-Hellman Key Agreement
+    ///
+    /// - Parameter publicKeyShare: The public key share
+    /// - Returns: The resulting key agreement result
+    func sharedSecretFromKeyAgreement(with publicKeyShare: P) throws -> SharedSecret
+}
+
+/// A Key Agreement Result
+/// A SharedSecret has to go through a Key Derivation Function before being able to use by a symmetric key operation.
+public struct SharedSecret: ContiguousBytes {
+    var ss: SecureBytes
+
+    public func withUnsafeBytes<R>(_ body: (UnsafeRawBufferPointer) throws -> R) rethrows -> R {
+        try ss.withUnsafeBytes(body)
+    }
+}
+
+extension SharedSecret: Hashable {
+    public func hash(into hasher: inout Hasher) {
+        ss.withUnsafeBytes { hasher.combine(bytes: $0) }
+    }
+}
+
+// We want to implement constant-time comparison for digests.
+extension SharedSecret: CustomStringConvertible, Equatable {
+    public static func == (lhs: Self, rhs: Self) -> Bool {
+        safeCompare(lhs, rhs)
+    }
+
+    public static func == <D: DataProtocol>(lhs: Self, rhs: D) -> Bool {
+        if rhs.regions.count != 1 {
+            let rhsContiguous = Data(rhs)
+            return safeCompare(lhs, rhsContiguous)
+        } else {
+            return safeCompare(lhs, rhs.regions.first!)
+        }
+    }
+
+    public var description: String {
+        "\(Self.self): \(ss.hexString)"
+    }
+}

Sources/implementation/ECDH.swift

@@ -0,0 +1,97 @@
+//
+//  ECDH.swift
+//  GigaBitcoin/secp256k1.swift
+//
+//  Copyright (c) 2022 GigaBitcoin LLC
+//  Distributed under the MIT software license
+//
+//  See the accompanying file LICENSE for information
+//
+
+import Foundation
+import secp256k1_bindings
+
+// MARK: - secp256k1 + KeyAgreement
+
+public extension secp256k1 {
+    enum KeyAgreement {
+        public struct PublicKey /*: NISTECPublicKey */ {
+            let baseKey: PublicKeyImplementation
+
+            /// Creates a secp256k1 public key for key agreement from a collection of bytes.
+            /// - Parameters:
+            ///   - data: A raw representation of the public key as a collection of contiguous bytes.
+            ///   - xonly: A raw representation of the xonly key as a collection of contiguous bytes.
+            ///   - format: the format of the public key object
+            public init<D: ContiguousBytes>(rawRepresentation data: D, xonly: D, format: secp256k1.Format) {
+                self.baseKey = PublicKeyImplementation(rawRepresentation: data, xonly: xonly, format: format)
+            }
+
+            /// Initializes a secp256k1 public key for key agreement.
+            /// - Parameter baseKey: generated secp256k1 public key.
+            init(baseKey: PublicKeyImplementation) {
+                self.baseKey = baseKey
+            }
+
+            /// A data representation of the public key
+            public var rawRepresentation: Data { baseKey.rawRepresentation }
+
+            /// Implementation public key object
+            var bytes: [UInt8] { baseKey.bytes }
+        }
+
+        public struct PrivateKey /*: NISTECPrivateKey */ {
+            let baseKey: PrivateKeyImplementation
+
+            /// Creates a random secp256k1 private key for key agreement.
+            public init(format: secp256k1.Format = .compressed) throws {
+                self.baseKey = try PrivateKeyImplementation(format: format)
+            }
+
+            /// Creates a secp256k1 private key for key agreement from a collection of bytes.
+            /// - Parameter data: A raw representation of the key.
+            /// - Throws: An error is thrown when the raw representation does not create a private key for key agreement.
+            public init<D: ContiguousBytes>(rawRepresentation data: D, format: secp256k1.Format = .compressed) throws {
+                self.baseKey = try PrivateKeyImplementation(rawRepresentation: data, format: format)
+            }
+
+            /// Initializes a secp256k1 private key for key agreement.
+            /// - Parameter baseKey: generated secp256k1 private key.
+            init(baseKey: PrivateKeyImplementation) {
+                self.baseKey = baseKey
+            }
+
+            /// The associated public key for verifying signatures done with this private key.
+            public var publicKey: secp256k1.KeyAgreement.PublicKey {
+                PublicKey(baseKey: baseKey.publicKey)
+            }
+
+            /// A data representation of the private key
+            public var rawRepresentation: Data { baseKey.rawRepresentation }
+
+            /// Implementation public key object
+            var bytes: SecureBytes { baseKey.key }
+        }
+    }
+}
+
+// MARK: - secp256k1 + DH
+
+extension secp256k1.KeyAgreement.PrivateKey: DiffieHellmanKeyAgreement {
+    /// Performs a key agreement with provided public key share.
+    ///
+    /// - Parameter publicKeyShare: The public key to perform the ECDH with.
+    /// - Returns: Returns a shared secret
+    /// - Throws: An error occurred while computing the shared secret
+    public func sharedSecretFromKeyAgreement(with publicKeyShare: secp256k1.KeyAgreement.PublicKey) throws -> SharedSecret {
+        var publicKey = secp256k1_pubkey()
+        var sharedSecret = [UInt8](repeating: 0, count: 32)
+
+        guard secp256k1_ec_pubkey_parse(secp256k1.Context.raw, &publicKey, publicKeyShare.bytes, publicKeyShare.bytes.count).boolValue,
+              secp256k1_ecdh(secp256k1.Context.raw, &sharedSecret, &publicKey, baseKey.key.bytes, nil, nil).boolValue else {
+            throw secp256k1Error.underlyingCryptoError
+        }
+
+        return SharedSecret(ss: SecureBytes(bytes: sharedSecret))
+    }
+}