silentpayments: implement output spending privkey creation (for receiver)

theStack · theStack · commit 6ee113116690 · 2023-12-23T16:52:40.000+01:00
Labels are not supported yet, the corresponding parameter
label_tweak32 must be set to NULL right now.
diff --git a/include/secp256k1_silentpayments.h b/include/secp256k1_silentpayments.h
@@ -170,6 +170,33 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_create_o
     const unsigned char *label_tweak32
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
+/** Create Silent Payment output private key (for spending receiver's funds).
+ *
+ *  Given a shared_secret, a recipient's spend private key b_spend, and an
+ *  output counter k, calculate the corresponding output private key d:
+ *
+ *  d = (b_spend + sha256(shared_secret || ser_32(k))) mod n
+ *
+ *  Returns: 1 if private key creation was successful. 0 if an error occured.
+ *  Args:                  ctx: pointer to a context object
+ *  Out:         output_seckey: pointer to the resulting spending private key
+ *  In:        shared_secret33: shared secret, derived from either sender's
+ *                              or receiver's perspective with routines from above
+ *       receiver_spend_seckey: pointer to the receiver's spend private key
+ *                           k: output counter (usually set to 0, should be increased for
+ *                              every additional output to the same recipient)
+ *               label_tweak32: an optional 32-byte label tweak
+ *                              (not supported yet, must be set to NULL right now)
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_create_output_seckey(
+    const secp256k1_context *ctx,
+    unsigned char *output_seckey,
+    const unsigned char *shared_secret33,
+    const unsigned char *receiver_spend_seckey,
+    unsigned int k,
+    const unsigned char *label_tweak32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/modules/silentpayments/main_impl.h b/src/modules/silentpayments/main_impl.h
@@ -239,4 +239,25 @@ int secp256k1_silentpayments_create_output_pubkey(const secp256k1_context *ctx,
     return 1;
 }
 
+int secp256k1_silentpayments_create_output_seckey(const secp256k1_context *ctx, unsigned char *output_seckey, const unsigned char *shared_secret33, const unsigned char *receiver_spend_seckey, unsigned int k, const unsigned char *label_tweak32) {
+    unsigned char t_k[32];
+
+    /* Sanity check inputs */
+    VERIFY_CHECK(ctx != NULL);
+    ARG_CHECK(output_seckey != NULL);
+    memset(output_seckey, 0, 32);
+    ARG_CHECK(shared_secret33 != NULL);
+    ARG_CHECK(receiver_spend_seckey != NULL);
+    ARG_CHECK(label_tweak32 == NULL); /* label tweaks are not supported yet */
+
+    /* Compute and return d = (b_spend + t_k) mod n */
+    memcpy(output_seckey, receiver_spend_seckey, 32);
+    secp256k1_silentpayments_create_t_k(t_k, shared_secret33, k);
+    if (!secp256k1_ec_seckey_tweak_add(ctx, output_seckey, t_k)) {
+        return 0;
+    }
+
+    return 1;
+}
+
 #endif
