bip340: add bip340 tagged hash functionality

instagibbs · jgriffiths · commit 3821e5ee1010 · 2022-12-07T13:36:22.000+13:00
diff --git a/include/wally.hpp b/include/wally.hpp
@@ -416,6 +416,12 @@ inline int bip32_key_to_address(const HDKEY& hdkey, uint32_t flags, uint32_t ver
     return ret;
 }
 
+template <class BYTES, class TAG, class BYTES_OUT>
+inline int bip340_tagged_hash(const BYTES& bytes, const TAG& tag, BYTES_OUT& bytes_out) {
+    int ret = ::wally_bip340_tagged_hash(bytes.data(), bytes.size(), detail::get_p(tag), bytes_out.data(), bytes_out.size());
+    return ret;
+}
+
 template <class BYTES>
 inline int bzero(const BYTES& bytes, size_t bytes_len) {
     int ret = ::wally_bzero(detail::get_p(bytes), bytes_len);
diff --git a/include/wally_crypto.h b/include/wally_crypto.h
@@ -153,6 +153,22 @@ WALLY_CORE_API int wally_sha512(
     unsigned char *bytes_out,
     size_t len);
 
+/**
+ * BIP340 tagged hash: SHA-256(SHA-256(tag) || SHA-256(tag) || m).
+ *
+ * :param bytes: The message to hash.
+ * :param bytes_len: The length of ``bytes`` in bytes.
+ * :param tag: The BIP340 UTF-8 domain tag.
+ * :param bytes_out: Destination for the resulting hash.
+ * FIXED_SIZED_OUTPUT(len, bytes_out, SHA256_LEN)
+ */
+WALLY_CORE_API int wally_bip340_tagged_hash(
+    const unsigned char *bytes,
+    size_t bytes_len,
+    const char *tag,
+    unsigned char *bytes_out,
+    size_t len);
+
 /** Output length for `wally_ripemd160` */
 #define RIPEMD160_LEN 20
 
diff --git a/src/internal.c b/src/internal.c
@@ -103,6 +103,29 @@ int wally_bzero(void *bytes, size_t len)
     return WALLY_OK;
 }
 
+int wally_bip340_tagged_hash(const unsigned char *bytes, size_t bytes_len,
+                             const char *tag, unsigned char *bytes_out, size_t len)
+{
+    struct sha256 sha;
+    struct sha256_ctx ctx;
+
+    if (!bytes || !bytes_len || !tag || !bytes_out || len != SHA256_LEN)
+        return WALLY_EINVAL;
+
+    /* SHA256(SHA256(tag) || SHA256(tag) || msg) */
+    /* TODO: Add optimised impls for Taproot fixed tags */
+    sha256(&sha, tag, strlen(tag));
+    sha256_init(&ctx);
+    sha256_update(&ctx, &sha, sizeof(sha));
+    sha256_update(&ctx, &sha, sizeof(sha));
+    sha256_update(&ctx, bytes, bytes_len);
+    sha256_done(&ctx, &sha);
+
+    memcpy(bytes_out, &sha, sizeof(sha));
+    wally_clear_2(&sha, sizeof(sha), &ctx, sizeof(ctx));
+    return WALLY_OK;
+}
+
 int wally_sha256(const unsigned char *bytes, size_t bytes_len,
                  unsigned char *bytes_out, size_t len)
 {
diff --git a/src/swig_java/swig.i b/src/swig_java/swig.i
@@ -488,6 +488,7 @@ static jbyteArray create_jintArray(JNIEnv *jenv, const uint32_t* p, size_t len)
 %returns_size_t(wally_base64_get_maximum_length);
 %returns_string(wally_bip32_key_to_address);
 %returns_string(wally_bip32_key_to_addr_segwit);
+%returns_array_(wally_bip340_tagged_hash, 4, 5, SHA256_LEN);
 %returns_string(wally_confidential_addr_to_addr);
 %returns_array_(wally_confidential_addr_to_ec_public_key, 3, 4, EC_PUBLIC_KEY_LEN);
 %returns_string(wally_confidential_addr_from_addr);
diff --git a/src/swig_python/python_extra.py_in b/src/swig_python/python_extra.py_in
@@ -124,6 +124,7 @@ sha256 = _wrap_bin(sha256, SHA256_LEN)
 sha256_midstate = _wrap_bin(sha256_midstate, SHA256_LEN)
 sha256d = _wrap_bin(sha256d, SHA256_LEN)
 sha512 = _wrap_bin(sha512, SHA512_LEN)
+bip340_tagged_hash = _wrap_bin(bip340_tagged_hash, SHA256_LEN)
 ripemd160 = _wrap_bin(ripemd160, RIPEMD160_LEN)
 hash160 = _wrap_bin(hash160, HASH160_LEN)
 hmac_sha256 = _wrap_bin(hmac_sha256, HMAC_SHA256_LEN)
diff --git a/src/test/util.py b/src/test/util.py
@@ -286,6 +286,7 @@ class wally_psbt(Structure):
     ('wally_base64_to_bytes', c_int, [c_char_p, c_uint32, c_void_p, c_size_t, c_size_t_p]),
     ('wally_bip32_key_to_addr_segwit', c_int, [POINTER(ext_key), c_char_p, c_uint32, c_char_p_p]),
     ('wally_bip32_key_to_address', c_int, [POINTER(ext_key), c_uint32, c_uint32, c_char_p_p]),
+    ('wally_bip340_tagged_hash', c_int, [c_void_p, c_size_t, c_char_p, c_void_p, c_size_t]),
     ('wally_bzero', c_int, [c_void_p, c_size_t]),
     ('wally_cleanup', c_int, [c_uint32]),
     ('wally_confidential_addr_from_addr', c_int, [c_char_p, c_uint32, c_void_p, c_size_t, c_char_p_p]),
diff --git a/src/wasm_package/functions.js b/src/wasm_package/functions.js
diff --git a/src/wasm_package/index.d.ts b/src/wasm_package/index.d.ts
@@ -89,6 +89,7 @@ export function bip32_key_unserialize(bytes: Buffer|Uint8Array): Ref_ext_key;
 export function bip32_key_unserialize_noalloc(bytes: Buffer|Uint8Array, output: Ref_ext_key): void;
 export function bip32_key_with_tweak_from_parent_path(hdkey: Ref_ext_key, child_path: Uint32Array|number[], flags: number): Ref_ext_key;
 export function bip32_key_with_tweak_from_parent_path_noalloc(hdkey: Ref_ext_key, child_path: Uint32Array|number[], flags: number, output: Ref_ext_key): void;
+export function bip340_tagged_hash(bytes: Buffer|Uint8Array, tag: string): Buffer;
 export function bip38_from_private_key(bytes: Buffer|Uint8Array, pass: Buffer|Uint8Array, flags: number): string;
 export function bip38_get_flags(bip38: string): number;
 export function bip38_raw_from_private_key(bytes: Buffer|Uint8Array, pass: Buffer|Uint8Array, flags: number): Buffer;
diff --git a/tools/wasm_exports.sh b/tools/wasm_exports.sh
@@ -72,6 +72,7 @@ EXPORTED_FUNCTIONS="['_malloc','_free','_bip32_key_free' \
 ,'_wally_base64_to_bytes' \
 ,'_wally_bip32_key_to_addr_segwit' \
 ,'_wally_bip32_key_to_address' \
+,'_wally_bip340_tagged_hash' \
 ,'_wally_bzero' \
 ,'_wally_cleanup' \
 ,'_wally_ec_private_key_verify' \
