private byte[] adaptorAdapt(byte[] secret, byte[] adaptorSig)
{
Assert.True(SecpECDSAAdaptorSignature.TryCreate(adaptorSig, out var adaptorSigObj));
var privKey = Context.Instance.CreateECPrivKey(secret);
return(adaptorSigObj.AdaptECDSA(privKey).ToDER());
}
private bool adaptorVerify(byte[] adaptorSig, byte[] pubkey, byte[] msg, byte[] adaptor, byte[] adaptorProof)
{
Assert.True(SecpECDSAAdaptorSignature.TryCreate(adaptorSig, out var adaptorSigObj));
Assert.True(Context.Instance.TryCreatePubKey(pubkey, out var pubkeyObj));
Assert.True(Context.Instance.TryCreatePubKey(adaptor, out var adaptorObj));
Assert.True(SecpECDSAAdaptorProof.TryCreate(adaptorProof, out var adaptorProofObj));
return(pubkeyObj.SigVerify(adaptorSigObj, adaptorProofObj, msg, adaptorObj));
}
private byte[] adaptorExtractSecret(byte[] sig, byte[] adaptorSig, byte[] adaptor)
{
Assert.True(SecpECDSAAdaptorSignature.TryCreate(adaptorSig, out var adaptorSigObj));
Assert.True(SecpECDSASignature.TryCreateFromDer(sig, out var sigObj));
Assert.True(Context.Instance.TryCreatePubKey(adaptor, out var pubkey));
Assert.True(adaptorSigObj.TryExtractSecret(sigObj, pubkey, out var secret));
var result = new byte[32];
secret.WriteToSpan(result);
return(result);
}
public static AdaptorSignature ParseFromTLV(TLVReader reader)
{
Span <byte> output = stackalloc byte[65 + 97];
reader.ReadBytes(output);
if (!SecpECDSAAdaptorSignature.TryCreate(output.Slice(0, 65), out var sig))
{
throw new FormatException("Invalid adaptor signature");
}
if (!SecpECDSAAdaptorProof.TryCreate(output.Slice(65), out var proof))
{
throw new FormatException("Invalid adaptor proof");
}
return(new AdaptorSignature(sig, proof));
}
public static bool TryParse(string str, out AdaptorSignature?result)
{
if (str == null)
{
throw new ArgumentNullException(nameof(str));
}
var bytes = Encoders.Hex.DecodeData(str);
if (bytes.Length == 65 + 97 &&
SecpECDSAAdaptorSignature.TryCreate(bytes.AsSpan().Slice(0, 65), out var sig) &&
SecpECDSAAdaptorProof.TryCreate(bytes.AsSpan().Slice(65), out var proof) &&
sig is SecpECDSAAdaptorSignature && proof is SecpECDSAAdaptorProof)
{
result = new AdaptorSignature(sig, proof);
return(true);
}
result = null;
return(false);
}
void adaptor_tests_core()
{
var secKey = Context.Instance.CreateECPrivKey(rand_scalar());
Span <byte> msg = stackalloc byte[32];
Random.Generate(msg);
var adaptor_secret = Context.Instance.CreateECPrivKey(rand_scalar());
var pubkey = secKey.CreatePubKey();
var adaptor = adaptor_secret.CreatePubKey();
Assert.True(secKey.TrySignAdaptor(msg, adaptor, out var adaptor_sig, out var adaptor_proof));
{
/* Test adaptor_sig_serialize roundtrip */
Span <byte> adaptor_sig_tmp = stackalloc byte[65];
Span <byte> adaptor_sig_tmp2 = stackalloc byte[65];
adaptor_sig.WriteToSpan(adaptor_sig_tmp);
Assert.True(SecpECDSAAdaptorSignature.TryCreate(adaptor_sig_tmp, out var adaptor_sig2));
adaptor_sig2.WriteToSpan(adaptor_sig_tmp2);
Assert.True(adaptor_sig_tmp.SequenceEqual(adaptor_sig_tmp2));
}
///* Test adaptor_sig_verify */
Assert.True(pubkey.SigVerify(adaptor_sig, adaptor_proof, msg, adaptor));
{
Span <byte> adaptor_sig_tmp = stackalloc byte[65];
adaptor_sig.WriteToSpan(adaptor_sig_tmp);
rand_flip_bit(adaptor_sig_tmp);
if (SecpECDSAAdaptorSignature.TryCreate(adaptor_sig_tmp, out var sigg))
{
Assert.False(pubkey.SigVerify(sigg, adaptor_proof, msg, adaptor));
}
}
Assert.False(adaptor.SigVerify(adaptor_sig, adaptor_proof, msg, adaptor));
{
Span <byte> msg_tmp = stackalloc byte[32];
msg.CopyTo(msg_tmp);
rand_flip_bit(msg_tmp);
Assert.False(pubkey.SigVerify(adaptor_sig, adaptor_proof, msg_tmp, adaptor));
}
Assert.False(pubkey.SigVerify(adaptor_sig, adaptor_proof, msg, pubkey));
{
Span <byte> adaptor_proof_tmp = stackalloc byte[97];
adaptor_proof.WriteToSpan(adaptor_proof_tmp);
rand_flip_bit(adaptor_proof_tmp);
if (SecpECDSAAdaptorProof.TryCreate(adaptor_proof_tmp, out var proof))
{
Assert.False(pubkey.SigVerify(adaptor_sig, proof, msg, adaptor));
}
}
var sig = adaptor_sig.AdaptECDSA(adaptor_secret);
///* Test adaptor_adapt */
Assert.True(pubkey.SigVerify(sig, msg));
{
/* Test adaptor_extract_secret */
Assert.True(adaptor_sig.TryExtractSecret(sig, adaptor, out var adaptor_secret2));
Assert.Equal(adaptor_secret, adaptor_secret2);
}
}