ligo/vendors/ocaml-secp256k1/src/external.ml

module Context = struct
  type t

  external create : int -> t = "caml_secp256k1_context_create"
  external clone : t -> t = "caml_secp256k1_context_clone"
  external randomize : t -> Bigstring.t -> bool = "caml_secp256k1_context_randomize" [@@noalloc]

  let create ?(sign=true) ?(verify=true) () =
    let flags = 1 lor
                (if sign then 0x100 else 0) lor
                (if verify then 0x200 else 0) in
    create flags

  let randomize ctx buf =
    if Bigstring.length buf < 32 then
      invalid_arg "Context.randomize: input must be at least 32 bytes long" ;
    randomize ctx buf
end

module Key = struct
  type secret
  type public
  type _ t =
    | Sk : Bigstring.t -> secret t
    | Pk : Bigstring.t -> public t

  let buffer : type a. a t -> Bigstring.t = function
    | Sk sk -> sk
    | Pk pk -> pk

  let secret_bytes = 32
  let public_bytes = 64
  let compressed_pk_bytes = 33
  let uncompressed_pk_bytes = 65

  let bytes : type a. a t -> int = function
    | Sk _ -> secret_bytes
    | Pk _ -> public_bytes

  let serialized_bytes :
    type a. ?compressed:bool -> a t -> int =
    fun ?(compressed=true) -> function
      | Sk _ -> secret_bytes
      | Pk _ -> if compressed then public_bytes + 1 else secret_bytes + 1

  let equal : type a. a t -> a t -> bool = fun a b ->
    match a, b with
    | Sk a, Sk b -> Bigstring.equal a b
    | Pk a, Pk b -> Bigstring.equal a b

  let copy : type a. a t -> a t = function
    | Sk sk -> Sk (Bigstring.copy sk)
    | Pk pk -> Pk (Bigstring.copy pk)

  external sk_negate_inplace : Context.t -> Bigstring.t -> unit =
    "caml_secp256k1_ec_privkey_negate" [@@noalloc]
  external sk_add_tweak_inplace : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_privkey_tweak_add" [@@noalloc]
  external sk_mul_tweak_inplace : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_privkey_tweak_mul" [@@noalloc]
  external pk_negate_inplace : Context.t -> Bigstring.t -> unit =
    "caml_secp256k1_ec_pubkey_negate" [@@noalloc]
  external pk_add_tweak_inplace : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_pubkey_tweak_add" [@@noalloc]
  external pk_mul_tweak_inplace : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_pubkey_tweak_mul" [@@noalloc]
  external pk_combine : Context.t -> Bigstring.t -> Bigstring.t list -> bool =
    "caml_secp256k1_ec_pubkey_combine" [@@noalloc]

  let negate_inplace :
    type a. Context.t -> a t -> unit = fun ctx -> function
    | Sk k -> sk_negate_inplace ctx k
    | Pk k -> pk_negate_inplace ctx k

  let negate ctx k =
    let k' = copy k in
    negate_inplace ctx k' ;
    k'

  let op_tweak :
    type a. string -> (Context.t -> Bigstring.t -> Bigstring.t -> bool) ->
    Context.t -> a t -> Bigstring.t -> Bigstring.t =
    fun name f ctx k buf ->
      let buflen = Bigstring.length buf in
      if buflen < 32 then
        invalid_arg (Printf.sprintf "Key.%s: " name) ;
      let k' = buffer (copy k) in
      if not (f ctx k' buf) then
        failwith (Printf.sprintf "Key.%s: operation failed" name) ;
      k'

  let add_tweak :
    type a. Context.t -> a t -> Bigstring.t -> a t =
    fun ctx k buf ->
      match k with
      | Sk _ -> Sk (op_tweak "add_tweak" sk_add_tweak_inplace ctx k buf)
      | Pk _ -> Pk (op_tweak "add_tweak" pk_add_tweak_inplace ctx k buf)

  let mul_tweak :
    type a. Context.t -> a t -> Bigstring.t -> a t =
    fun ctx k buf ->
      match k with
      | Sk _ -> Sk (op_tweak "mul_tweak" sk_mul_tweak_inplace ctx k buf)
      | Pk _ -> Pk (op_tweak "mul_tweak" pk_mul_tweak_inplace ctx k buf)

  external pk_parse : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_pubkey_parse" [@@noalloc]
  external pk_serialize : Context.t -> Bigstring.t -> Bigstring.t -> int =
    "caml_secp256k1_ec_pubkey_serialize" [@@noalloc]
  external pk_create : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_pubkey_create" [@@noalloc]

  let neuterize :
    type a. Context.t -> a t -> public t option = fun ctx -> function
    | Pk pk -> Some (Pk pk)
    | Sk sk ->
        let pk = Bigstring.create public_bytes in
        if pk_create ctx pk sk then Some (Pk pk) else None

  let neuterize_exn ctx k =
    match neuterize ctx k with
    | None -> invalid_arg "Key.neuterize_exn: invalid secret key"
    | Some pk -> pk

  let list_map_filter_opt ~f l =
    ListLabels.fold_left ~init:[] ~f:begin fun a e ->
      match f e with
      | None -> a
      | Some r -> r :: a
    end l

  let combine ctx pks =
    let nb_pks = List.length pks in
    if nb_pks = 0 || nb_pks > 1024 then None
    else
      let pk = Bigstring.create public_bytes in
      let pks = list_map_filter_opt ~f:begin fun k ->
          match neuterize ctx k with
          | None -> None
          | Some (Pk k) -> Some k
        end pks in
      if pk_combine ctx pk pks then Some (Pk pk)
      else None

  let combine_exn ctx pks =
    match combine ctx pks with
    | None -> invalid_arg "Key.combine_exn: sum of pks is invalid"
    | Some pk -> pk

  external verify_sk : Context.t -> Bigstring.t -> bool =
    "caml_secp256k1_ec_seckey_verify" [@@noalloc]

  let read_sk_exn ctx buf =
    let buflen = Bigstring.length buf in
    if buflen < secret_bytes then
      invalid_arg (Printf.sprintf "Key.read_sk: invalid buffer size %d" buflen) ;
    match verify_sk ctx buf with
    | true -> Sk Bigstring.(copy (sub buf 0 secret_bytes))
    | false -> invalid_arg "Key.read_sk: secret key is invalid"

  let read_sk ctx buf =
    try Ok (read_sk_exn ctx buf) with
    | Invalid_argument msg -> Error msg

  let read_pk_exn ctx buf =
    let buflen = Bigstring.length buf in
    if buflen < compressed_pk_bytes then
      invalid_arg (Printf.sprintf "Key.read_pk: invalid buffer size %d" buflen) ;
    let outbuf = Bigstring.create public_bytes in
    if pk_parse ctx outbuf buf then
      Pk outbuf
    else
      invalid_arg "Key.read_pk_exn: public key is invalid"

  let read_pk ctx buf =
    try Ok (read_pk_exn ctx buf) with
    | Invalid_argument msg -> Error msg

  let write :
    type a. ?compress:bool -> Context.t -> ?pos:int -> Bigstring.t -> a t -> int =
    fun ?(compress=true) ctx ?(pos=0) buf -> function
      | Sk sk ->
          let buflen = Bigstring.length buf in
          if pos < 0 || pos > buflen - secret_bytes then
            invalid_arg "Key.write (secret): pos < 0 or pos + 32 > buflen" ;
          Bigstring.blit sk 0 buf pos secret_bytes ;
          secret_bytes
      | Pk pk ->
          let buflen = Bigstring.length buf in
          if pos < 0
          || (compress && pos > buflen - compressed_pk_bytes)
          || (not compress && pos > buflen - uncompressed_pk_bytes) then
            invalid_arg (Printf.sprintf "Key.write (public): pos=%d, buflen=%d" pos buflen) ;
          let len = if compress then 33 else 65 in
          let buf = Bigstring.sub buf pos len in
          pk_serialize ctx buf pk

  let to_bytes :
    type a. ?compress:bool -> Context.t -> a t -> Bigstring.t =
    fun ?(compress=true) ctx -> function
      | Sk _ as sk ->
          let buf = Bigstring.create secret_bytes in
          let _ = write ~compress ctx buf sk in
          buf
      | Pk _ as pk ->
          let buf =
            Bigstring.create (1 + (if compress then secret_bytes else public_bytes)) in
          let _ = write ~compress ctx buf pk in
          buf
end

module Sign = struct
  type plain
  type recoverable
  type _ t =
    | P : Bigstring.t -> plain t
    | R : Bigstring.t -> recoverable t

  let buffer : type a. a t -> Bigstring.t = function
    | P plain -> plain
    | R recoverable -> recoverable

  let plain_bytes = 64
  let recoverable_bytes = 65
  let msg_bytes = 32

  let equal : type a. a t -> a t -> bool = fun a b ->
    match a, b with
    | P a, P b -> Bigstring.equal a b
    | R a, R b -> Bigstring.equal a b

  external parse_compact : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_signature_parse_compact" [@@noalloc]
  external parse_der : Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_signature_parse_der" [@@noalloc]
  external serialize_compact : Context.t -> Bigstring.t -> Bigstring.t -> unit =
    "caml_secp256k1_ecdsa_signature_serialize_compact" [@@noalloc]
  external serialize_der : Context.t -> Bigstring.t -> Bigstring.t -> int =
    "caml_secp256k1_ecdsa_signature_serialize_der" [@@noalloc]
  external parse_recoverable : Context.t -> Bigstring.t -> Bigstring.t -> int -> bool =
    "caml_secp256k1_ecdsa_recoverable_signature_parse_compact" [@@noalloc]
  external serialize_recoverable : Context.t -> Bigstring.t -> Bigstring.t -> int =
    "caml_secp256k1_ecdsa_recoverable_signature_serialize_compact" [@@noalloc]

  let read_exn ctx buf =
    let buflen = Bigstring.length buf in
    if buflen < plain_bytes then
      invalid_arg (Printf.sprintf "Sign.read: invalid buffer size %d" buflen) ;
    let signature = Bigstring.create plain_bytes in
    if parse_compact ctx signature buf then
      P signature
    else
      invalid_arg "Sign.read: signature could not be parsed"

  let read ctx buf =
    try Ok (read_exn ctx buf) with
      Invalid_argument msg -> Error msg

  let read_der_exn ctx buf =
    let signature = Bigstring.create plain_bytes in
    if parse_der ctx signature buf then
      P signature
    else
      invalid_arg "Sign.read_der: signature could not be parsed"

  let read_der ctx buf =
    try Ok (read_der_exn ctx buf) with
      Invalid_argument msg -> Error msg

  let read_recoverable_exn ctx buf =
    let buflen = Bigstring.length buf in
    if buflen < recoverable_bytes then
      invalid_arg (Printf.sprintf "Sign.read_recoverable: invalid buffer size %d" buflen) ;
    let signature = Bigstring.create recoverable_bytes in
    let recid = int_of_char (Bigstring.get buf 64) in
    if parse_recoverable ctx signature buf recid then
      R signature
    else
      invalid_arg "Sign.read_recoverable: signature could not be parsed"

  let read_recoverable ctx buf =
    try Ok (read_recoverable_exn ctx buf) with
    | Invalid_argument msg -> Error msg

  let write_exn :
    type a. ?der:bool -> Context.t -> Bigstring.t -> a t -> int =
    fun ?(der=false) ctx buf -> function
      | P signature ->
          let buflen = Bigstring.length buf in
          if not der then begin
            if buflen < plain_bytes then
              invalid_arg (Printf.sprintf "Sign.write: buffer length too small (%d)" buflen) ;
            serialize_compact ctx buf signature ;
            plain_bytes
          end
          else begin
            match serialize_der ctx buf signature with
            | 0 -> invalid_arg "Sign.write_exn: buffer too small to \
                                contain a DER signature"
            | len -> len
          end
      | R signature ->
          let buflen = Bigstring.length buf in
          if buflen < recoverable_bytes then
            invalid_arg (Printf.sprintf "Sign.write: buffer length too small (%d)" buflen) ;
          let recid = serialize_recoverable ctx buf signature in
          Bigstring.set buf 64 (char_of_int recid) ;
          recoverable_bytes

  let write ?der ctx buf signature =
    try Ok (write_exn ?der ctx buf signature) with
      Invalid_argument msg -> Error msg

  let to_bytes :
    type a. ?der:bool -> Context.t -> a t -> Bigstring.t =
    fun ?(der=false) ctx -> function
      | P _ as signature ->
          if der then begin
            let buf = Bigstring.create 72 in
            let nb_written = write_exn ~der ctx buf signature in
            Bigstring.sub buf 0 nb_written
          end
          else
            let buf = Bigstring.create plain_bytes in
            let _nb_written = write_exn ~der ctx buf signature in
            buf
      | R _ as signature ->
        let buf = Bigstring.create recoverable_bytes in
        let _nb_written = write_exn ctx buf signature in
        buf

  external normalize :
    Context.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_signature_normalize" [@@noalloc]

  let normalize ctx (P signature) =
    let normalized_sig = Bigstring.create plain_bytes in
    if normalize ctx normalized_sig signature then
      Some (P normalized_sig) else None

  (* [sign ctx signature msg sk] *)
  external sign :
    Context.t -> Bigstring.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_sign" [@@noalloc]

  (* [verify ctx pk msg signature] *)
  external verify :
    Context.t -> Bigstring.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_verify" [@@noalloc]

  let check_msglen msg =
    let msglen = Bigstring.length msg in
    if msglen < msg_bytes
    then invalid_arg
        (Printf.sprintf "message is too small (%d < %d)" msglen msg_bytes)

  let sign_exn ctx buf ~sk ~msg =
    check_msglen msg ;
    let buflen = Bigstring.length buf in
    if buflen < plain_bytes then
      invalid_arg (Printf.sprintf "Sign.write_sign: buffer length too \
                                   small (%d)" buflen) ;
    match sign ctx buf (Key.buffer sk) msg with
    | true -> ()
    | false -> invalid_arg "Sign.write_sign: the nonce generation \
                            function failed, or the private key was \
                            invalid"

  let write_sign_exn ctx buf ~sk ~msg =
    let signature = Bigstring.create plain_bytes in
    sign_exn ctx signature ~sk ~msg ;
    write_exn ctx buf (P signature)

  let write_sign ctx buf ~sk ~msg =
    try Ok (write_sign_exn ctx ~sk ~msg buf)
    with Invalid_argument msg -> Error msg

  let sign_exn ctx ~sk msg =
    let signature = Bigstring.create plain_bytes in
    sign_exn ctx signature ~sk ~msg ;
    P signature

  let sign ctx ~sk msg =
    try Ok (sign_exn ctx ~sk msg)
    with Invalid_argument msg -> Error msg

  external sign_recoverable :
    Context.t -> Bigstring.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_sign_recoverable" [@@noalloc]

  let write_sign_recoverable_exn ctx ~sk ~msg buf =
    check_msglen msg ;
    let buflen = Bigstring.length buf in
    if buflen < recoverable_bytes then
      invalid_arg (Printf.sprintf "Sign.write_sign_recoverable: buffer \
                                   length too small (%d)" buflen) ;
    if sign_recoverable ctx buf (Key.buffer sk) msg then
      recoverable_bytes
    else invalid_arg "Sign.write_sign_recoverable_exn: the nonce \
                      generation function failed, or the private key \
                      was invalid"

  let write_sign_recoverable ctx ~sk ~msg buf =
    try Ok (write_sign_recoverable_exn ctx ~sk ~msg buf)
    with Invalid_argument msg -> Error msg

  let sign_recoverable ctx ~sk msg =
    let signature = Bigstring.create recoverable_bytes in
    match write_sign_recoverable ctx ~sk ~msg signature with
    | Error error -> Error error
    | Ok _nb_written -> Ok (R signature)

  let sign_recoverable_exn ctx ~sk msg =
    match sign_recoverable ctx ~sk msg with
    | Error msg -> invalid_arg msg
    | Ok signature -> signature

  external to_plain : Context.t -> Bigstring.t -> Bigstring.t -> unit =
    "caml_secp256k1_ecdsa_recoverable_signature_convert" [@@noalloc]

  let to_plain : type a. Context.t -> a t -> plain t = fun ctx -> function
    | P _ as signature -> signature
    | R recoverable ->
        let plain = Bigstring.create plain_bytes in
        to_plain ctx plain recoverable ;
        P plain

  let verify_plain_exn ctx ~pk msg signature =
    check_msglen msg ;
    let siglen = Bigstring.length signature in
    if siglen < plain_bytes then
      invalid_arg (Printf.sprintf "verify: signature too short (%d < %d)"
                     siglen plain_bytes) ;
    verify ctx (Key.buffer pk) msg signature

  let verify_exn ctx ~pk ~msg ~signature =
    let P signature = to_plain ctx signature in
    verify_plain_exn ctx ~pk msg signature

  let verify ctx ~pk ~msg ~signature =
    try Ok (verify_exn ctx ~pk ~msg ~signature) with
    | Invalid_argument msg -> Error msg

  external recover :
    Context.t -> Bigstring.t -> Bigstring.t -> Bigstring.t -> bool =
    "caml_secp256k1_ecdsa_recover" [@@noalloc]

  let recover_exn ctx ~signature:(R signature) msg =
    check_msglen msg ;
    let pk = Bigstring.create Key.public_bytes in
    if recover ctx pk signature msg then Key.Pk pk
    else
      invalid_arg "Sign.recover: pk could not be recovered"

  let recover ctx ~signature msg =
    try Ok (recover_exn ctx ~signature msg) with
    Invalid_argument msg -> Error msg
end