Add a key generation example

elichai · elichai · commit ddd99ebe55e3 · 2020-05-19T01:10:23.000+03:00
diff --git a/examples/keygen.c b/examples/keygen.c
@@ -0,0 +1,77 @@
+/**********************************************************************
+ * Copyright (c) 2020 Elichai Turkel	                              *
+ * Distributed under the MIT software license, see the accompanying   *
+ * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
+ **********************************************************************/
+
+#include <stdio.h>
+#include <assert.h>
+#include <string.h>
+
+#include "random.h"
+#include "secp256k1.h"
+
+
+void print_hex(unsigned char* data, size_t size) {
+    size_t i;
+    printf("0x");
+    for (i = 0; i < size; i++) {
+        printf("%02x", data[i]);
+    }
+    printf("\n");
+}
+
+int main(void) {
+    unsigned char seckey[32];
+    unsigned char compressed_pubkey[33];
+    unsigned char uncompressed_pubkey[65];
+    size_t len;
+    secp256k1_pubkey pubkey;
+    /* The docs in secp256k1.h above the `secp256k1_ec_pubkey_create` function say:
+     * "pointer to a context object, initialized for signing"
+     * Which is why we create a context for signing(SECP256K1_CONTEXT_SIGN). */
+    secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
+    while (1) {
+        if (!fill_random(seckey, sizeof(seckey))) {
+            printf("Failed to generate randomness\n");
+            return 1;
+        }
+        if (secp256k1_ec_seckey_verify(ctx, seckey)) {
+            break;
+        }
+    }
+
+    /* Pubkey creation on a valid Context with a verified seckey should never fail */
+    assert(secp256k1_ec_pubkey_create(ctx, &pubkey, seckey));
+
+    /* Serialize the pubkey in a compressed form */
+    len = sizeof(compressed_pubkey);
+    secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey, &len, &pubkey, SECP256K1_EC_COMPRESSED);
+    /* Should be the same size as the size of the output */
+    assert(len == sizeof(compressed_pubkey));
+
+    /* Serialize the pubkey in an uncompressed form */
+    len = sizeof(uncompressed_pubkey);
+    secp256k1_ec_pubkey_serialize(ctx, uncompressed_pubkey, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED);
+    assert(len == sizeof(uncompressed_pubkey));
+
+    printf("Secret Key: ");
+    print_hex(seckey, sizeof(seckey));
+    printf("Compressed Pubkey: ");
+    print_hex(compressed_pubkey, sizeof(compressed_pubkey));
+    printf("Uncompressed Pubkey: ");
+    print_hex(uncompressed_pubkey, sizeof(uncompressed_pubkey));
+
+    /* This will clear everything from the context and free the memory */
+    secp256k1_context_destroy(ctx);
+
+   /* It's best practice to try and zero out secrets after using them.
+    * This is done because some bugs can allow an attacker leak memory, for example out of bounds array access(see Heartbleed for example).
+    * We want to prevent the secrets from living in memory after they are used so they won't be leaked,
+    * for that we zero out the buffer.
+    *
+    * TODO: Prevent these writes from being optimized out, as any good compiler will remove any writes that aren't used. */
+    memset(seckey, 0, sizeof(seckey));
+
+    return 0;
+}
diff --git a/examples/random.h b/examples/random.h
@@ -0,0 +1,54 @@
+/**********************************************************************
+ * Copyright (c) 2020 Elichai Turkel	                              *
+ * Distributed under the MIT software license, see the accompanying   *
+ * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
+ **********************************************************************/
+/*
+ * In this file only the best practice randomness sources are used
+ * Platform randomness sources:
+ * Linux   -> `getrandom(2)`(`sys/random.h`), if not available `/dev/urandom` should be used. http://man7.org/linux/man-pages/man2/getrandom.2.html, https://linux.die.net/man/4/urandom
+ * macOS   -> `getentropy(2)`(`sys/random.h`), if not available `/dev/urandom` should be used. https://www.unix.com/man-page/mojave/2/getentropy, https://opensource.apple.com/source/xnu/xnu-517.12.7/bsd/man/man4/random.4.auto.html
+ * FreeBSD -> `getrandom(2)`(`sys/random.h`), if not available `kern.arandom` should be used. https://www.freebsd.org/cgi/man.cgi?query=getrandom, https://www.freebsd.org/cgi/man.cgi?query=random&sektion=4
+ * OpenBSD -> `getentropy(2)`(`unistd.h`), if not available `/dev/urandom` should be used. https://man.openbsd.org/getentropy, https://man.openbsd.org/urandom
+ * Windows -> `BCryptGenRandom`(`bcrypt.h`). https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
+ */
+
+#if defined(_WIN32)
+#include <bcrypt.h>
+#elif defined(__linux__) || defined(__APPLE__) || defined(__FreeBSD__)
+#include <sys/random.h>
+#elif defined(__OpenBSD__)
+#include <unistd.h>
+#else
+#error "Couldn't identify the OS"
+#endif
+
+
+/* Returns 1 on success, and 0 on failure. */
+int fill_random(unsigned char* data, unsigned long size) {
+#if defined(_WIN32)
+    NTSTATUS res = BCryptGenRandom(NULL, data, size, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
+    if (res == STATUS_SUCCESS) {
+        return 1;
+    } else {
+        return 0;
+    }
+#elif defined(__linux__) || defined(__FreeBSD__)
+    /* If `getrandom(2)` is not available you should fallback to /dev/urandom */
+    ssize_t res = getrandom(data, size, 0);
+    if (res == (ssize_t)size) {
+        return 1;
+    } else {
+        return 0;
+    }
+#elif defined(__APPLE__) || defined(__OpenBSD__)
+    /* If `getentropy(2)` is not available you should fallback to either `SecRandomCopyBytes` or /dev/urandom */
+    int res = getentropy(data, size);
+    if (res == 0) {
+        return 1;
+    } else {
+        return 0;
+    }
+#endif
+    return 0;
+}
