add secp256k1_ec_pubkey_equal and secp256k1_ec_pubkey_leq methods

apoelstra · apoelstra · commit 0831038edd32 · 2020-11-22T17:33:46.000Z
diff --git a/include/secp256k1.h b/include/secp256k1.h
@@ -61,8 +61,9 @@ typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space;
  *  The exact representation of data inside is implementation defined and not
  *  guaranteed to be portable between different platforms or versions. It is
  *  however guaranteed to be 64 bytes in size, and can be safely copied/moved.
- *  If you need to convert to a format suitable for storage, transmission, or
- *  comparison, use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse.
+ *  If you need to convert to a format suitable for storage or transmission,
+ *  use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. To
+ *  compare keys, use secp256k1_ec_pubkey_equal or secp256k1_ec_pubkey_leq.
  */
 typedef struct {
     unsigned char data[64];
@@ -370,6 +371,34 @@ SECP256K1_API int secp256k1_ec_pubkey_serialize(
     unsigned int flags
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
+/** Determine whether two public keys are equal
+ *
+ *  Returns: 1 if the public keys were equal
+ *           0 otherwise
+ *  Args: ctx:      a secp256k1 context object.
+ *  In:   pubkey1:  first public key to compare
+ *        pubkey2:  second public key to compare
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_equal(
+    const secp256k1_context* ctx,
+    const secp256k1_pubkey* pubkey1,
+    const secp256k1_pubkey* pubkey2
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Determine the lexicographic compressed serialization ordering of two public keys
+ *
+ *  Returns: 1 if the first key was less than or equal to the second one
+ *           0 if the first key was greater than the second one
+ *  Args: ctx:      a secp256k1 context object.
+ *  In:   pubkey1:  first public key to compare
+ *        pubkey2:  second public key to compare
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_leq(
+    const secp256k1_context* ctx,
+    const secp256k1_pubkey* pubkey1,
+    const secp256k1_pubkey* pubkey2
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
 /** Parse an ECDSA signature in compact (64 bytes) format.
  *
  *  Returns: 1 when the signature could be parsed, 0 otherwise.
diff --git a/src/secp256k1.c b/src/secp256k1.c
@@ -317,6 +317,41 @@ int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *o
     return ret;
 }
 
+int secp256k1_ec_pubkey_equal(const secp256k1_context* ctx, const secp256k1_pubkey* pubkey1, const secp256k1_pubkey* pubkey2) {
+    VERIFY_CHECK(ctx != NULL);
+    ARG_CHECK(pubkey1 != NULL);
+    ARG_CHECK(pubkey2 != NULL);
+    return !secp256k1_memcmp_var(pubkey1, pubkey2, sizeof(pubkey1));
+}
+
+int secp256k1_ec_pubkey_leq(const secp256k1_context* ctx, const secp256k1_pubkey* pubkey1, const secp256k1_pubkey* pubkey2) {
+    unsigned char out1[33];
+    unsigned char out2[33];
+    size_t out_size = sizeof(out1);
+    size_t i;
+    int check;
+
+    VERIFY_CHECK(ctx != NULL);
+    ARG_CHECK(pubkey1 != NULL);
+    ARG_CHECK(pubkey2 != NULL);
+
+    check = secp256k1_ec_pubkey_serialize(ctx, out1, &out_size, pubkey1, SECP256K1_EC_COMPRESSED);
+    VERIFY_CHECK(check == 1);
+    VERIFY_CHECK(out_size == sizeof(out1));
+    check = secp256k1_ec_pubkey_serialize(ctx, out2, &out_size, pubkey2, SECP256K1_EC_COMPRESSED);
+    VERIFY_CHECK(check == 1);
+    VERIFY_CHECK(out_size == sizeof(out1));
+
+    for (i = 0; i < out_size; i++) {
+        if (out1[i] > out2[i]) {
+            return 0;
+        } else if (out1[i] < out2[i]) {
+            return 1;
+        }
+    }
+    return 1;
+}
+
 static void secp256k1_ecdsa_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_signature* sig) {
     (void)ctx;
     if (sizeof(secp256k1_scalar) == 32) {
diff --git a/src/tests.c b/src/tests.c
@@ -4654,6 +4654,53 @@ void test_random_pubkeys(void) {
     }
 }
 
+void run_pubkey_comparison(void) {
+    unsigned char pk1_ser[33] = {
+        0x02,
+        0x58, 0x84, 0xb3, 0xa2, 0x4b, 0x97, 0x37, 0x88, 0x92, 0x38, 0xa6, 0x26, 0x62, 0x52, 0x35, 0x11,
+        0xd0, 0x9a, 0xa1, 0x1b, 0x80, 0x0b, 0x5e, 0x93, 0x80, 0x26, 0x11, 0xef, 0x67, 0x4b, 0xd9, 0x23
+    };
+    const unsigned char pk2_ser[33] = {
+        0x02,
+        0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d,
+        0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c
+    };
+    secp256k1_pubkey pk1;
+    secp256k1_pubkey pk2;
+    int32_t ecount = 0;
+
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pk1, pk1_ser, sizeof(pk1_ser)) == 1);
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk2_ser, sizeof(pk2_ser)) == 1);
+
+    secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
+    CHECK(secp256k1_ec_pubkey_equal(ctx, NULL, &pk2) == 0);
+    CHECK(ecount == 1);
+    CHECK(secp256k1_ec_pubkey_equal(ctx, &pk1, NULL) == 0);
+    CHECK(ecount == 2);
+    CHECK(secp256k1_ec_pubkey_equal(ctx, &pk1, &pk2) == 0);
+    CHECK(secp256k1_ec_pubkey_equal(ctx, &pk1, &pk1) == 1);
+    CHECK(secp256k1_ec_pubkey_equal(ctx, &pk2, &pk2) == 1);
+    CHECK(ecount == 2);
+
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk1, NULL) == 0);
+    CHECK(ecount == 3);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, NULL, &pk2) == 0);
+    CHECK(ecount == 4);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk1, &pk2) == 1);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk2, &pk1) == 0);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk1, &pk1) == 1);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk2, &pk2) == 1);
+    CHECK(ecount == 4);
+    secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
+
+    /* Make pk2 the same as pk1 but with 3 rather than 2. Note that in
+     * an uncompressed encoding, these would have the opposite ordering */
+    pk1_ser[0] = 3;
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk1_ser, sizeof(pk1_ser)) == 1);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk1, &pk2) == 1);
+    CHECK(secp256k1_ec_pubkey_leq(ctx, &pk2, &pk1) == 0);
+}
+
 void run_random_pubkeys(void) {
     int i;
     for (i = 0; i < 10*count; i++) {
@@ -5700,6 +5747,7 @@ int main(int argc, char **argv) {
 #endif
 
     /* ecdsa tests */
+    run_pubkey_comparison();
     run_random_pubkeys();
     run_ecdsa_der_parse();
     run_ecdsa_sign_verify();
