github.com/ethereum/go-ethereum@v1.16.1/crypto/secp256k1/libsecp256k1/examples/ecdh.c (about) 1 /************************************************************************* 2 * Written in 2020-2022 by Elichai Turkel * 3 * To the extent possible under law, the author(s) have dedicated all * 4 * copyright and related and neighboring rights to the software in this * 5 * file to the public domain worldwide. This software is distributed * 6 * without any warranty. For the CC0 Public Domain Dedication, see * 7 * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 * 8 *************************************************************************/ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <assert.h> 13 #include <string.h> 14 15 #include <secp256k1.h> 16 #include <secp256k1_ecdh.h> 17 18 #include "examples_util.h" 19 20 int main(void) { 21 unsigned char seckey1[32]; 22 unsigned char seckey2[32]; 23 unsigned char compressed_pubkey1[33]; 24 unsigned char compressed_pubkey2[33]; 25 unsigned char shared_secret1[32]; 26 unsigned char shared_secret2[32]; 27 unsigned char randomize[32]; 28 int return_val; 29 size_t len; 30 secp256k1_pubkey pubkey1; 31 secp256k1_pubkey pubkey2; 32 33 /* Before we can call actual API functions, we need to create a "context". */ 34 secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); 35 if (!fill_random(randomize, sizeof(randomize))) { 36 printf("Failed to generate randomness\n"); 37 return EXIT_FAILURE; 38 } 39 /* Randomizing the context is recommended to protect against side-channel 40 * leakage See `secp256k1_context_randomize` in secp256k1.h for more 41 * information about it. This should never fail. */ 42 return_val = secp256k1_context_randomize(ctx, randomize); 43 assert(return_val); 44 45 /*** Key Generation ***/ 46 if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) { 47 printf("Failed to generate randomness\n"); 48 return EXIT_FAILURE; 49 } 50 /* If the secret key is zero or out of range (greater than secp256k1's 51 * order), we fail. Note that the probability of this occurring is negligible 52 * with a properly functioning random number generator. */ 53 if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) { 54 printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); 55 return EXIT_FAILURE; 56 } 57 58 /* Public key creation using a valid context with a verified secret key should never fail */ 59 return_val = secp256k1_ec_pubkey_create(ctx, &pubkey1, seckey1); 60 assert(return_val); 61 return_val = secp256k1_ec_pubkey_create(ctx, &pubkey2, seckey2); 62 assert(return_val); 63 64 /* Serialize pubkey1 in a compressed form (33 bytes), should always return 1 */ 65 len = sizeof(compressed_pubkey1); 66 return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED); 67 assert(return_val); 68 /* Should be the same size as the size of the output, because we passed a 33 byte array. */ 69 assert(len == sizeof(compressed_pubkey1)); 70 71 /* Serialize pubkey2 in a compressed form (33 bytes) */ 72 len = sizeof(compressed_pubkey2); 73 return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED); 74 assert(return_val); 75 /* Should be the same size as the size of the output, because we passed a 33 byte array. */ 76 assert(len == sizeof(compressed_pubkey2)); 77 78 /*** Creating the shared secret ***/ 79 80 /* Perform ECDH with seckey1 and pubkey2. Should never fail with a verified 81 * seckey and valid pubkey */ 82 return_val = secp256k1_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL); 83 assert(return_val); 84 85 /* Perform ECDH with seckey2 and pubkey1. Should never fail with a verified 86 * seckey and valid pubkey */ 87 return_val = secp256k1_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL); 88 assert(return_val); 89 90 /* Both parties should end up with the same shared secret */ 91 return_val = memcmp(shared_secret1, shared_secret2, sizeof(shared_secret1)); 92 assert(return_val == 0); 93 94 printf("Secret Key1: "); 95 print_hex(seckey1, sizeof(seckey1)); 96 printf("Compressed Pubkey1: "); 97 print_hex(compressed_pubkey1, sizeof(compressed_pubkey1)); 98 printf("\nSecret Key2: "); 99 print_hex(seckey2, sizeof(seckey2)); 100 printf("Compressed Pubkey2: "); 101 print_hex(compressed_pubkey2, sizeof(compressed_pubkey2)); 102 printf("\nShared Secret: "); 103 print_hex(shared_secret1, sizeof(shared_secret1)); 104 105 /* This will clear everything from the context and free the memory */ 106 secp256k1_context_destroy(ctx); 107 108 /* It's best practice to try to clear secrets from memory after using them. 109 * This is done because some bugs can allow an attacker to leak memory, for 110 * example through "out of bounds" array access (see Heartbleed), or the OS 111 * swapping them to disk. Hence, we overwrite the secret key buffer with zeros. 112 * 113 * Here we are preventing these writes from being optimized out, as any good compiler 114 * will remove any writes that aren't used. */ 115 secure_erase(seckey1, sizeof(seckey1)); 116 secure_erase(seckey2, sizeof(seckey2)); 117 secure_erase(shared_secret1, sizeof(shared_secret1)); 118 secure_erase(shared_secret2, sizeof(shared_secret2)); 119 120 return EXIT_SUCCESS; 121 }