monacoin-ruby 0.1.2 → 0.1.3

data/lib/bitcoin/ffi/secp256k1.rb

@@ -0,0 +1,266 @@
+# encoding: ascii-8bit
+
+# bindings for secp256k1 inside bitcoin (https://github.com/bitcoin/bitcoin/tree/v0.13.1/src/secp256k1)
+# tag: v0.13.1
+# commit: 03422e564b552c1d3c16ae854f8471f7cb39e25d
+#  bitcoin@master% git checkout v0.13.1
+#  bitcoin@tags/v0.13.1^0% cd src/secp256k1
+#  bitcoin@tags/v0.13.1^0 src/secp256k1% ./autogen.sh
+#  bitcoin@tags/v0.13.1^0 src/secp256k1% ./configure --enable-module-recovery
+#  bitcoin@tags/v0.13.1^0 src/secp256k1% make libsecp256k1.la
+#  bitcoin@tags/v0.13.1^0 src/secp256k1% nm -D .libs/libsecp256k1.so.0.0.0 | grep secp
+#  export SECP256K1_LIB_PATH=/path/to/bitcoin/src/secp256k1/.libs/libsecp256k1.so.0.0.0
+
+require 'ffi'
+
+module Bitcoin
+  module Secp256k1
+    extend FFI::Library
+
+    SECP256K1_FLAGS_TYPE_MASK = ((1 << 8) - 1)
+    SECP256K1_FLAGS_TYPE_CONTEXT = (1 << 0)
+    SECP256K1_FLAGS_TYPE_COMPRESSION = (1 << 1)
+
+    # The higher bits contain the actual data. Do not use directly.
+    SECP256K1_FLAGS_BIT_CONTEXT_VERIFY = (1 << 8)
+    SECP256K1_FLAGS_BIT_CONTEXT_SIGN = (1 << 9)
+    SECP256K1_FLAGS_BIT_COMPRESSION = (1 << 8)
+
+    # Flags to pass to secp256k1_context_create.
+    SECP256K1_CONTEXT_VERIFY = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
+    SECP256K1_CONTEXT_SIGN = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
+
+    # Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export.
+    SECP256K1_EC_COMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
+    SECP256K1_EC_UNCOMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION)
+
+    def self.ffi_load_functions(file)
+      class_eval <<-RUBY
+        ffi_lib [ %[#{file}] ]
+
+        ##
+        # source: https://github.com/bitcoin/bitcoin/blob/v0.13.1/src/secp256k1/include/secp256k1.h
+        ##
+
+        # secp256k1_context* secp256k1_context_create(unsigned int flags)
+        attach_function :secp256k1_context_create, [:uint], :pointer
+
+        # void secp256k1_context_destroy(secp256k1_context* ctx)
+        attach_function :secp256k1_context_destroy, [:pointer], :void
+
+        # int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32)
+        attach_function :secp256k1_context_randomize, [:pointer, :pointer], :int
+
+        # int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey)
+        attach_function :secp256k1_ec_seckey_verify, [:pointer, :pointer], :int
+
+        # int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey)
+        attach_function :secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags)
+        attach_function :secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int
+
+        # int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
+        attach_function :secp256k1_ecdsa_sign_recoverable, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig)
+        attach_function :secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid)
+        attach_function :secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int
+
+        # int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32)
+        attach_function :secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
+        attach_function :secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig)
+        attach_function :secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen)
+        attach_function :secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int
+
+        # int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin)
+        attach_function :secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey)
+        attach_function :secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int
+
+        # int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen)
+        attach_function :secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int
+
+        # TODO: add or port
+        # # int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) 
+        # attach_function :ecdsa_signature_parse_der_lax, [:pointer, :pointer, :pointer, :size_t], :int
+      RUBY
+    end
+
+    def self.init
+      return if @loaded
+      lib_path = [ ENV['SECP256K1_LIB_PATH'], 'vendor/bitcoin/src/secp256k1/.libs/libsecp256k1.so' ].find{|f| File.exists?(f.to_s) }
+      ffi_load_functions(lib_path)
+      @loaded = true
+    end
+
+    def self.with_context(flags=nil, seed=nil)
+      init
+      flags = flags || (SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN)
+      context = secp256k1_context_create(flags)
+
+      ret, tries, max = 0, 0, 20
+      while ret != 1
+        raise "secp256k1_context_randomize failed." if tries >= max
+        tries += 1
+        ret = secp256k1_context_randomize(context, FFI::MemoryPointer.from_string(seed || SecureRandom.random_bytes(32)))
+      end
+
+      yield(context) if block_given?
+    ensure
+      secp256k1_context_destroy(context)
+    end
+
+    def self.generate_key_pair(compressed=true)
+      with_context do |context|
+
+        ret, tries, max = 0, 0, 20
+        while ret != 1
+          raise "secp256k1_ec_seckey_verify in generate_key_pair failed." if tries >= max
+          tries += 1
+
+          seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, SecureRandom.random_bytes(32))
+          ret = secp256k1_ec_seckey_verify(context, seckey)
+        end
+
+        internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ec_pubkey_create(context, internal_pubkey, seckey)
+        raise "error creating pubkey" unless result
+
+        pubkey, pubkey_len = FFI::MemoryPointer.new(:uchar, 65), FFI::MemoryPointer.new(:uint64)
+        result = if compressed
+          pubkey_len.put_uint64(0, 33)
+          secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_COMPRESSED)
+        else
+          pubkey_len.put_uint64(0, 65)
+          secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_UNCOMPRESSED)
+        end
+        raise "error serialize pubkey" unless result || pubkey_len.read_uint64 > 0
+
+        [ seckey.read_string(32), pubkey.read_string(pubkey_len.read_uint64) ]
+      end
+    end
+
+    def self.generate_key(compressed=true)
+      priv, pub = generate_key_pair(compressed)
+      Bitcoin::Key.new(priv.unpack("H*")[0], pub.unpack("H*")[0])
+    end
+
+    def self.sign(data, priv_key)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
+        raise "priv_key invalid" unless secp256k1_ec_seckey_verify(context, seckey)
+
+        internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+
+        ret, tries, max = 0, 0, 20
+        while ret != 1
+          raise "secp256k1_ecdsa_sign failed." if tries >= max
+          tries += 1
+
+          ret = secp256k1_ecdsa_sign(context, internal_signature, msg32, seckey, nil, nil)
+        end
+
+        signature, signature_len = FFI::MemoryPointer.new(:uchar, 72), FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+        result = secp256k1_ecdsa_signature_serialize_der(context, signature, signature_len, internal_signature)
+        raise "secp256k1_ecdsa_signature_serialize_der failed" unless result
+
+        signature.read_string(signature_len.read_uint64)
+      end
+    end
+
+    def self.verify(data, sig, pub_key)
+      with_context do |context|
+        return false if data.bytesize == 0
+
+        pubkey = FFI::MemoryPointer.new(:uchar, pub_key.bytesize).put_bytes(0, pub_key)
+        internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ec_pubkey_parse(context, internal_pubkey, pubkey, pubkey.size)
+        return false unless result
+
+        signature = FFI::MemoryPointer.new(:uchar, sig.bytesize).put_bytes(0, sig)
+        internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ecdsa_signature_parse_der(context, internal_signature, signature, signature.size)
+        #result = ecdsa_signature_parse_der_lax(context, internal_signature, signature, signature.size)
+        return false unless result
+
+        # libsecp256k1's ECDSA verification requires lower-S signatures, which have not historically been enforced in Bitcoin, so normalize them first.
+        secp256k1_ecdsa_signature_normalize(context, internal_signature, internal_signature)
+
+        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+        result = secp256k1_ecdsa_verify(context, internal_signature, msg32, internal_pubkey)
+
+        return result ? true : false
+      end
+    end
+
+    def self.sign_compact(message, priv_key, compressed=true)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, priv_key.bytesize).put_bytes(0, priv_key)
+        raise "priv_key invalid" unless secp256k1_ec_seckey_verify(context, seckey)
+
+        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
+        internal_recoverable_signature = FFI::MemoryPointer.new(:uchar, 65)
+        rec_id = FFI::MemoryPointer.new(:int).put_int(0, -1)
+
+        ret, tries, max = 0, 0, 20
+        while ret != 1
+          raise "secp256k1_ecdsa_sign_recoverable failed." if tries >= max
+          tries += 1
+
+          ret = secp256k1_ecdsa_sign_recoverable(context, internal_recoverable_signature, msg32, seckey, nil, nil)
+        end
+
+        recoverable_signature = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ecdsa_recoverable_signature_serialize_compact(context, recoverable_signature, rec_id, internal_recoverable_signature)
+        raise "secp256k1_ecdsa_recoverable_signature_serialize_compact failed" unless result
+        raise "secp256k1_ecdsa_recoverable_signature_serialize_compact failed" unless rec_id.read_int != -1
+
+        header = [27 + rec_id.read_int + (compressed ? 4 : 0)].pack("C")
+        [ header, recoverable_signature.read_string(64) ].join
+      end
+    end
+
+    def self.recover_compact(message, signature)
+      with_context do |context|
+        return nil if signature.bytesize != 65
+
+        version = signature.unpack('C')[0]
+        return nil if version < 27 || version > 34
+
+        compressed = version >= 31 ? true : false
+        flag = compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED
+        version -= 4 if compressed
+
+        recid = version - 27
+        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, message)
+        recoverable_signature = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature[1..-1])
+
+        internal_recoverable_signature = FFI::MemoryPointer.new(:uchar, 65)
+        result = secp256k1_ecdsa_recoverable_signature_parse_compact(context, internal_recoverable_signature, recoverable_signature, recid)
+        return nil unless result
+
+        internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ecdsa_recover(context, internal_pubkey, internal_recoverable_signature, msg32)
+        return nil unless result
+
+        pubkey, pubkey_len = FFI::MemoryPointer.new(:uchar, 65), FFI::MemoryPointer.new(:uint64).put_uint64(0, 65)
+        result = secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, flag)
+        raise "error serialize pubkey" unless result || pubkey_len.read_uint64 > 0
+
+        pubkey.read_string(pubkey_len.read_uint64)
+      end
+    end
+
+  end
+end

data/lib/bitcoin/key.rb

@@ -0,0 +1,280 @@
+# encoding: ascii-8bit
+
+module Bitcoin
+
+  # Elliptic Curve key as used in bitcoin.
+  class Key
+
+    attr_reader :key
+
+    MIN_PRIV_KEY_MOD_ORDER = 0x01
+    # Order of secp256k1's generator minus 1.
+    MAX_PRIV_KEY_MOD_ORDER = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
+
+    # Generate a new keypair.
+    #  Bitcoin::Key.generate
+    def self.generate(opts={compressed: true})
+      k = new(nil, nil, opts); k.generate; k
+    end
+
+    # Import private key from base58 fromat as described in
+    # https://en.bitcoin.it/wiki/Private_key#Base_58_Wallet_Import_format and
+    # https://en.bitcoin.it/wiki/Base58Check_encoding#Encoding_a_private_key.
+    # See also #to_base58
+    def self.from_base58(str)
+      hex = Bitcoin.decode_base58(str)
+      compressed = hex.size == 76
+      version, key, flag, checksum = hex.unpack("a2a64a#{compressed ? 2 : 0}a8")
+      raise "Invalid version"   unless version == Bitcoin.network[:privkey_version]
+      raise "Invalid checksum"  unless Bitcoin.checksum(version + key + flag) == checksum
+      key = new(key, nil, compressed)
+    end
+
+    def ==(other)
+      self.priv == other.priv
+    end
+
+    # Create a new key with given +privkey+ and +pubkey+.
+    #  Bitcoin::Key.new
+    #  Bitcoin::Key.new(privkey)
+    #  Bitcoin::Key.new(nil, pubkey)
+    def initialize(privkey = nil, pubkey = nil, opts={compressed: true})
+      compressed = opts.is_a?(Hash) ? opts.fetch(:compressed, true) : opts
+      @key = Bitcoin.bitcoin_elliptic_curve
+      @pubkey_compressed = pubkey ? self.class.is_compressed_pubkey?(pubkey) : compressed
+      set_priv(privkey)  if privkey
+      set_pub(pubkey, @pubkey_compressed)  if pubkey
+    end
+
+    # Generate new priv/pub key.
+    def generate
+      @key.generate_key
+    end
+
+    # Get the private key (in hex).
+    def priv
+      return nil  unless @key.private_key
+      @key.private_key.to_hex.rjust(64, '0')
+    end
+
+    # Set the private key to +priv+ (in hex).
+    def priv= priv
+      set_priv(priv)
+      regenerate_pubkey
+    end
+
+    # Get the public key (in hex).
+    # In case the key was initialized with only
+    # a private key, the public key is regenerated.
+    def pub
+      regenerate_pubkey unless @key.public_key
+      return nil        unless @key.public_key
+      @pubkey_compressed ? pub_compressed : pub_uncompressed
+    end
+
+    def pub_compressed
+      public_key = @key.public_key
+      public_key.group.point_conversion_form = :compressed
+      public_key.to_hex.rjust(66, '0')
+    end
+
+    def pub_uncompressed
+      public_key = @key.public_key
+      public_key.group.point_conversion_form = :uncompressed
+      public_key.to_hex.rjust(130, '0')
+    end
+
+    def compressed
+      @pubkey_compressed
+    end
+
+    # Set the public key (in hex).
+    def pub= pub
+      set_pub(pub)
+    end
+
+    # Get the hash160 of the public key.
+    def hash160
+      Bitcoin.hash160(pub)
+    end
+
+    # Get the address corresponding to the public key.
+    def addr
+      Bitcoin.hash160_to_address(hash160)
+    end
+
+    # Sign +data+ with the key.
+    #  key1 = Bitcoin::Key.generate
+    #  sig = key1.sign("some data")
+    def sign(data)
+      Bitcoin.sign_data(key, data)
+    end
+
+    # Verify signature +sig+ for +data+.
+    #  key2 = Bitcoin::Key.new(nil, key1.pub)
+    #  key2.verify("some data", sig)
+    def verify(data, sig)
+      regenerate_pubkey unless @key.public_key
+      sig = Bitcoin::OpenSSL_EC.repack_der_signature(sig)
+      if sig
+        @key.dsa_verify_asn1(data, sig)
+      else
+        false
+      end
+    end
+
+
+    def sign_message(message)
+      Bitcoin.sign_message(priv, pub, message)['signature']
+    end
+
+    def verify_message(signature, message)
+      Bitcoin.verify_message(addr, signature, message)
+    end
+
+    def self.verify_message(address, signature, message)
+      Bitcoin.verify_message(address, signature, message)
+    end
+
+    # Thanks to whoever wrote http://pastebin.com/bQtdDzHx
+    # for help with compact signatures
+    #
+    # Given +data+ and a compact signature (65 bytes, base64-encoded to
+    # a larger string), recover the public components of the key whose
+    # private counterpart validly signed +data+.
+    #
+    # If the signature validly signed +data+, create a new Key
+    # having the signing public key and address. Otherwise return nil.
+    #
+    # Be sure to check that the returned Key matches the one you were
+    # expecting! Otherwise you are merely checking that *someone* validly
+    # signed the data.
+    def self.recover_compact_signature_to_key(data, signature_base64)
+      signature = signature_base64.unpack("m0")[0]
+      return nil if signature.size != 65
+
+      version = signature.unpack('C')[0]
+      return nil if version < 27 or version > 34
+ 
+      compressed = (version >= 31) ? (version -= 4; true) : false
+
+      hash = Bitcoin.bitcoin_signed_message_hash(data)
+      pub_hex = Bitcoin::OpenSSL_EC.recover_public_key_from_signature(hash, signature, version-27, compressed)
+      return nil unless pub_hex
+
+      Key.new(nil, pub_hex)
+    end
+
+    # Export private key to base58 format.
+    # See also Key.from_base58
+    def to_base58
+      data = Bitcoin.network[:privkey_version] + priv
+      data += "01"  if @pubkey_compressed
+      hex  = data + Bitcoin.checksum(data)
+      Bitcoin.int_to_base58( hex.to_i(16) )
+    end
+
+
+    # Export private key to bip38 (non-ec-multiply) format as described in
+    # https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki
+    # See also Key.from_bip38
+    def to_bip38(passphrase)
+      flagbyte = compressed ? "\xe0" : "\xc0"
+      addresshash = Digest::SHA256.digest( Digest::SHA256.digest( self.addr ) )[0...4]
+
+      require 'scrypt' unless defined?(::SCrypt::Engine)
+      buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
+      derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]
+
+      aes = proc{|k,a,b|
+        cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.encrypt; cipher.padding = 0; cipher.key = k
+        cipher.update [ (a.to_i(16) ^ b.unpack("H*")[0].to_i(16)).to_s(16).rjust(32, '0') ].pack("H*")
+      }
+
+      encryptedhalf1 = aes.call(derivedhalf2, self.priv[0...32], derivedhalf1[0...16])
+      encryptedhalf2 = aes.call(derivedhalf2, self.priv[32..-1], derivedhalf1[16..-1])
+
+      encrypted_privkey = "\x01\x42" + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2
+      encrypted_privkey += Digest::SHA256.digest( Digest::SHA256.digest( encrypted_privkey ) )[0...4]
+
+      encrypted_privkey = Bitcoin.encode_base58( encrypted_privkey.unpack("H*")[0] )
+    end
+
+    # Import private key from bip38 (non-ec-multiply) fromat as described in
+    # https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki
+    # See also #to_bip38
+    def self.from_bip38(encrypted_privkey, passphrase)
+      version, flagbyte, addresshash, encryptedhalf1, encryptedhalf2, checksum =
+        [ Bitcoin.decode_base58(encrypted_privkey) ].pack("H*").unpack("a2aa4a16a16a4")
+      compressed = (flagbyte == "\xe0") ? true : false
+
+      raise "Invalid version"   unless version == "\x01\x42"
+      raise "Invalid checksum"  unless Digest::SHA256.digest(Digest::SHA256.digest(version + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2))[0...4] == checksum
+
+      require 'scrypt' unless defined?(::SCrypt::Engine)
+      buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
+      derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]
+
+      aes = proc{|k,a|
+        cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.decrypt; cipher.padding = 0; cipher.key = k
+        cipher.update(a)
+      }
+
+      decryptedhalf2 = aes.call(derivedhalf2, encryptedhalf2)
+      decryptedhalf1 = aes.call(derivedhalf2, encryptedhalf1)
+
+      priv = decryptedhalf1 + decryptedhalf2
+      priv = (priv.unpack("H*")[0].to_i(16) ^ derivedhalf1.unpack("H*")[0].to_i(16)).to_s(16).rjust(64, '0')
+      key = Bitcoin::Key.new(priv, nil, compressed)
+
+      if Digest::SHA256.digest( Digest::SHA256.digest( key.addr ) )[0...4] != addresshash
+        raise "Invalid addresshash! Password is likely incorrect."
+      end
+
+      key
+    end
+
+    # Import private key from warp fromat as described in
+    # https://github.com/keybase/warpwallet
+    # https://keybase.io/warp/
+    def self.from_warp(passphrase, salt="", compressed=false)
+      require 'scrypt' unless defined?(::SCrypt::Engine)
+      s1 = SCrypt::Engine.scrypt(passphrase+"\x01", salt+"\x01", 2**18, 8, 1, 32)
+      s2 = OpenSSL::PKCS5.pbkdf2_hmac(passphrase+"\x02", salt+"\x02", 2**16, 32, OpenSSL::Digest::SHA256.new)
+      s3 = s1.bytes.zip(s2.bytes).map{|a,b| a ^ b }.pack("C*")
+
+      key = Bitcoin::Key.new(s3.unpack("H*")[0], nil, compressed)
+      # [key.addr, key.to_base58, [s1,s2,s3].map{|i| i.unpack("H*")[0] }, compressed]
+      key
+    end
+
+
+    protected
+
+    # Regenerate public key from the private key.
+    def regenerate_pubkey
+      return nil unless @key.private_key
+      set_pub(Bitcoin::OpenSSL_EC.regenerate_key(priv)[1], @pubkey_compressed)
+    end
+
+    # Set +priv+ as the new private key (converting from hex).
+    def set_priv(priv)
+      value = priv.to_i(16)
+      raise 'private key is not on curve' unless MIN_PRIV_KEY_MOD_ORDER <= value && value <= MAX_PRIV_KEY_MOD_ORDER
+      @key.private_key = OpenSSL::BN.from_hex(priv)
+    end
+
+    # Set +pub+ as the new public key (converting from hex).
+    def set_pub(pub, compressed = nil)
+      @pubkey_compressed = compressed == nil ? self.class.is_compressed_pubkey?(pub) : compressed
+      @key.public_key = OpenSSL::PKey::EC::Point.from_hex(@key.group, pub)
+    end
+
+    def self.is_compressed_pubkey?(pub)
+      ["02","03"].include?(pub[0..1])
+    end
+
+  end
+
+end
+