rbsecp256k1 1.0.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad49bf4a099e7afb5cf5ef09af6d61f5019c4378fdc0bda9bc1b7b66d2cbca8b
-  data.tar.gz: 8de35376f226a7955feb12c8214a6f023cbed7dde25fc1d98aa49464e6777cb5
+  metadata.gz: 5549a7ec71d1bddbefe1ea360d9316ea1bbe74f015e6676cfc7495a7b852831a
+  data.tar.gz: dada9673b8fdf01e29ca2a2479ac3ce92ff43ba736f577feb6e58515ae3ab240
 SHA512:
-  metadata.gz: 68a48a57862f066da1477de75283e18c20daa80bb8508e5cf39da06885eb12bc38d40f06e35958d13667fac942d31315b6a13a175970bc5e929eff8bcf1a1514
-  data.tar.gz: b802bda821e12c398c379b003a4a60956d6d69b8f30fe26e2d799ef23290f228ffca603a30e3c376dfe0b546b2d8b7b9dedc86c6862d963228d67c3f3fbb0efe
+  metadata.gz: 9ac13a464fd1e0c5ee4378cea9f6b9c557d65b08e00a00f4dc94b64fc43822cec9c5e69463a450daa6725d12679a5e9440bb0e60a20f282346551099b64e2802
+  data.tar.gz: 58f2932b693056f4051094d43d68636c2a3d99c71d475c5c1e7ca9c062a4e5d956e844209956e7e4041351677e4c4b376bd4b4a0e9dbdc13dab7e52c099302d0

data/ext/rbsecp256k1/extconf.rb

@@ -1,13 +1,19 @@
 require 'mkmf'
 
 # OpenSSL flags
-print("Looking for OpenSSL")
+print("checking for OpenSSL\n")
 results = pkg_config('openssl')
 abort "missing openssl pkg-config information" unless results[1]
 
 # Require that libsecp256k1 be installed using `make install` or similar.
-print("Looking for libsecp256k1")
+print("checking for libsecp256k1\n")
 results = pkg_config('libsecp256k1')
 abort "missing libsecp256k1" unless results[1]
 
+# Check if we have the libsecp256k1 recoverable signature header.
+have_header('secp256k1_recovery.h')
+
+# Check if we have EC Diffie-Hellman functionality
+have_header('secp256k1_ecdh.h')
+
 create_makefile('rbsecp256k1')

data/ext/rbsecp256k1/rbsecp256k1.c

@@ -9,12 +9,21 @@
 // * libsecp256k1
 // * openssl
 #include <ruby.h>
-#include <stdio.h>
 
 #include <openssl/rand.h>
-#include <openssl/sha.h>
+
 #include <secp256k1.h>
 
+// Include recoverable signatures functionality if available
+#ifdef HAVE_SECP256K1_RECOVERY_H
+#include <secp256k1_recovery.h>
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+// Include EC Diffie-Hellman functionality
+#ifdef HAVE_SECP256K1_ECDH_H
+#include <secp256k1_ecdh.h>
+#endif // HAVE_SECP256K1_ECDH_H
+
 // High-level design:
 //
 // The Ruby wrapper is divided into the following hierarchical organization:
@@ -24,20 +33,30 @@
 // |--  KeyPair
 // |--  PublicKey
 // |--  PrivateKey
+// |--  RecoverableSignature
+// |--  SharedSecret
 // |--  Signature
 //
 // The Context class contains most of the methods that invoke libsecp256k1.
-// The KayPair, PublicKey, PrivateKey, and Signature objects act as data
-// objects and are passed to various methods. Contexts are thread safe and can
-// be used across applications. Context initialization is expensive so it is
-// recommended that a single context be initialized and used throughout an
-// application when possible.
+// The KayPair, PublicKey, PrivateKey, RecoverableSignature, SharedSecret, and
+// Signature objects act as data objects and are passed to various
+// methods. Contexts are thread safe and can be used across
+// applications. Context initialization is expensive so it is recommended that
+// a single context be initialized and used throughout an application when
+// possible.
 
 //
 // The section below contains purely internal methods used exclusively by the
 // C internals of the library.
 //
 
+// Size of an uncompressed public key
+const size_t UNCOMPRESSED_PUBKEY_SIZE_BYTES = 65;
+// Size of a compressed public key
+const size_t COMPRESSED_PUBKEY_SIZE_BYTES = 33;
+// Size of a compact signature in bytes
+const size_t COMPACT_SIG_SIZE_BYTES = 64;
+
 // Globally define our module and its associated classes so we can instantiate
 // objects from anywhere. The use of global variables seems to be inline with
 // how the Ruby project builds its own extension gems.
@@ -48,6 +67,14 @@ static VALUE Secp256k1_PublicKey_class;
 static VALUE Secp256k1_PrivateKey_class;
 static VALUE Secp256k1_Signature_class;
 
+#ifdef HAVE_SECP256K1_RECOVERY_H
+static VALUE Secp256k1_RecoverableSignature_class;
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+#ifdef HAVE_SECP256K1_ECDH_H
+static VALUE Secp256k1_SharedSecret_class;
+#endif // HAVE_SECP256K1_ECDH_H
+
 // Forward definitions for all structures
 typedef struct Context_dummy {
   secp256k1_context *ctx; // Context used by libsecp256k1 library
@@ -59,19 +86,168 @@ typedef struct KeyPair_dummy {
 } KeyPair;
 
 typedef struct PublicKey_dummy {
-  secp256k1_pubkey pubkey;
-  Context *context;
+  secp256k1_pubkey pubkey; // Opaque object containing public key data
+  secp256k1_context *ctx;
 } PublicKey;
 
 typedef struct PrivateKey_dummy {
   unsigned char data[32]; // Bytes comprising the private key data
+  secp256k1_context *ctx;
 } PrivateKey;
 
 typedef struct Signature_dummy {
-  secp256k1_ecdsa_signature sig; // Signature object, contains 64-byte signature.
-  Context *context;
+  secp256k1_ecdsa_signature sig; // Signature object, contains 64-byte signature
+  secp256k1_context *ctx;
 } Signature;
 
+#ifdef HAVE_SECP256K1_RECOVERY_H
+typedef struct RecoverableSignature_dummy {
+  secp256k1_ecdsa_recoverable_signature sig; // Recoverable signature object
+  secp256k1_context *ctx;
+} RecoverableSignature;
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+#ifdef HAVE_SECP256K1_ECDH_H
+typedef struct SharedSecret_dummy {
+  unsigned char data[32]; // Shared secret data
+} SharedSecret;
+#endif // HAVE_SECP256K1_ECDH_H
+
+//
+// Typed data definitions
+//
+
+// Context
+static void
+Context_free(void* in_context)
+{
+  Context *context;
+  context = (Context*)in_context;
+  secp256k1_context_destroy(context->ctx);
+  xfree(context);
+}
+
+static const rb_data_type_t Context_DataType = {
+  "Context",
+  { 0, Context_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+
+// PublicKey
+static void
+PublicKey_free(void *in_public_key)
+{
+  PublicKey *public_key;
+  public_key = (PublicKey*)in_public_key;
+  secp256k1_context_destroy(public_key->ctx);
+  xfree(public_key);
+}
+
+static const rb_data_type_t PublicKey_DataType = {
+  "PublicKey",
+  { 0, PublicKey_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+
+// PrivateKey
+static void
+PrivateKey_free(void *in_private_key)
+{
+  PrivateKey *private_key;
+  private_key = (PrivateKey*)in_private_key;
+  secp256k1_context_destroy(private_key->ctx);
+  xfree(private_key);
+}
+
+static const rb_data_type_t PrivateKey_DataType = {
+  "PrivateKey",
+  { 0, PrivateKey_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+
+// KeyPair
+static void
+KeyPair_mark(void *in_key_pair)
+{
+  KeyPair *key_pair = (KeyPair*)in_key_pair;
+
+  // Mark both contained objects to ensure they are properly garbage collected
+  rb_gc_mark(key_pair->public_key);
+  rb_gc_mark(key_pair->private_key);
+}
+
+static void
+KeyPair_free(void *self)
+{
+  xfree(self);
+}
+
+static const rb_data_type_t KeyPair_DataType = {
+  "KeyPair",
+  { KeyPair_mark, KeyPair_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+
+// Signature
+static void
+Signature_free(void *in_signature)
+{
+  Signature *signature = (Signature*)in_signature;
+  secp256k1_context_destroy(signature->ctx);
+  xfree(signature);
+}
+
+static const rb_data_type_t Signature_DataType = {
+  "Signature",
+  { 0, Signature_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+
+// RecoverableSignature
+#ifdef HAVE_SECP256K1_RECOVERY_H
+static void
+RecoverableSignature_free(void *in_recoverable_signature)
+{
+  RecoverableSignature *recoverable_signature = (
+    (RecoverableSignature*)in_recoverable_signature
+  );
+
+  secp256k1_context_destroy(recoverable_signature->ctx);
+  xfree(recoverable_signature);
+}
+
+static const rb_data_type_t RecoverableSignature_DataType = {
+  "RecoverableSignature",
+  { 0, RecoverableSignature_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+// SharedSecret
+#ifdef HAVE_SECP256K1_ECDH_H
+static void
+SharedSecret_free(void *in_shared_secret)
+{
+  SharedSecret *shared_secret;
+
+  shared_secret = (SharedSecret*)in_shared_secret;
+  xfree(shared_secret);
+}
+
+static const rb_data_type_t SharedSecret_DataType = {
+  "SharedSecret",
+  { 0, SharedSecret_free, 0 },
+  0, 0,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+#endif // HAVE_SECP256K1_ECDH_H
+
 /**
  * Macro: SUCCESS
  * 
@@ -120,225 +296,718 @@ GenerateRandomBytes(unsigned char *out_bytes, size_t in_size)
 }
 
 /**
- * Computes the ECDSA signature of the given data.
+ * Computes the ECDSA signature of the given 32-byte SHA-256 hash.
  *
- * This method first computes the ECDSA signature of the given data (can be
- * text or binary data) and outputs both the raw libsecp256k1 signature.
+ * \param in_context libsecp256k1 context
+ * \param in_hash32 32-byte SHA-256 hash
+ * \param in_private_key Private key to be used for signing
+ * \param out_signature Signature produced during the signing proccess
+ * \return RESULT_SUCCESS if the hash and signature were computed successfully,
+ *   RESULT_FAILURE if signing failed or DER encoding failed.
+ */
+static ResultT
+SignData(secp256k1_context *in_context,
+         unsigned char *in_hash32,
+         unsigned char *in_private_key,
+         secp256k1_ecdsa_signature *out_signature)
+{
+  // Sign the hash of the data
+  if (secp256k1_ecdsa_sign(in_context,
+                           out_signature,
+                           in_hash32,
+                           in_private_key,
+                           NULL,
+                           NULL) == 1)
+  {
+    return RESULT_SUCCESS;
+  }
+
+  return RESULT_FAILURE;
+}
+
+#ifdef HAVE_SECP256K1_RECOVERY_H
+
+/**
+ * Computes the recoverable ECDSA signature of the given data.
  *
  * ECDSA signing involves the following steps:
  *   1. Compute the 32-byte SHA-256 hash of the given data.
  *   2. Sign the 32-byte hash using the private key provided.
  *
  * \param in_context libsecp256k1 context
- * \param in_data Data to be signed
- * \param in_data_len Length of data to be signed
+ * \param in_hash32 32-byte SHA-256 hash to sign
  * \param in_private_key Private key to be used for signing
- * \param out_signature Signature produced during the signing proccess
+ * \param out_signature Recoverable signature computed
  * \return RESULT_SUCCESS if the hash and signature were computed successfully,
  *   RESULT_FAILURE if signing failed or DER encoding failed.
  */
-static ResultT
-SignData(secp256k1_context *in_context,
-         unsigned char *in_data,
-         unsigned long in_data_len,
-         unsigned char *in_private_key,
-         secp256k1_ecdsa_signature *out_signature)
+static ResultT
+RecoverableSignData(secp256k1_context *in_context,
+                    unsigned char *in_hash32,
+                    unsigned char *in_private_key,
+                    secp256k1_ecdsa_recoverable_signature *out_signature)
+{
+  if (secp256k1_ecdsa_sign_recoverable(in_context,
+                                       out_signature,
+                                       in_hash32,
+                                       in_private_key,
+                                       NULL,
+                                       NULL) == 1)
+  {
+    return RESULT_SUCCESS;
+  }
+
+  return RESULT_FAILURE;
+}
+
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+//
+// Secp256k1::KeyPair class interface
+//
+
+static VALUE
+KeyPair_alloc(VALUE klass)
+{
+  KeyPair *key_pair;
+
+  key_pair = ALLOC(KeyPair);
+
+  return TypedData_Wrap_Struct(klass, &KeyPair_DataType, key_pair);
+}
+
+/**
+ * Default constructor.
+ *
+ * @param in_public_key [Secp256k1::PublicKey] public key
+ * @param in_private_key [Secp256k1::PrivateKey] private key
+ * @return [Secp256k1::KeyPair] newly initialized key pair.
+ */
+static VALUE
+KeyPair_initialize(VALUE self, VALUE in_public_key, VALUE in_private_key)
+{
+  KeyPair *key_pair;
+
+  TypedData_Get_Struct(self, KeyPair, &KeyPair_DataType, key_pair);
+  Check_TypedStruct(in_public_key, &PublicKey_DataType);
+  Check_TypedStruct(in_private_key, &PrivateKey_DataType);
+
+  key_pair->public_key = in_public_key;
+  key_pair->private_key = in_private_key;
+
+  rb_iv_set(self, "@public_key", in_public_key);
+  rb_iv_set(self, "@private_key", in_private_key);
+
+  return self;
+}
+
+/**
+ * Compare two key pairs.
+ *
+ * Two key pairs are equal if they have the same public and private key. The
+ * keys are compared using their own comparison operators.
+ *
+ * @param other [Secp256k1::KeyPair] key pair to compare to.
+ * @return [Boolean] true if the keys match, false otherwise.
+ */
+static VALUE
+KeyPair_equals(VALUE self, VALUE other)
+{
+  KeyPair *lhs;
+  KeyPair *rhs;
+  VALUE public_keys_equal;
+  VALUE private_keys_equal;
+
+  TypedData_Get_Struct(self, KeyPair, &KeyPair_DataType, lhs);
+  TypedData_Get_Struct(other, KeyPair, &KeyPair_DataType, rhs);
+
+  public_keys_equal = rb_funcall(
+    lhs->public_key, rb_intern("=="), 1, rhs->public_key
+  );
+  private_keys_equal = rb_funcall(
+    lhs->private_key, rb_intern("=="), 1, rhs->private_key
+  );
+
+  if (public_keys_equal == Qtrue && private_keys_equal == Qtrue)
+  {
+    return Qtrue;
+  }
+
+  return Qfalse;
+}
+
+//
+// Secp256k1::PublicKey class interface
+//
+
+static VALUE
+PublicKey_alloc(VALUE klass)
+{
+  VALUE result;
+  PublicKey *public_key;
+
+  public_key = ALLOC(PublicKey);
+  MEMZERO(public_key, PublicKey, 1);
+  result = TypedData_Wrap_Struct(klass, &PublicKey_DataType, public_key);
+
+  return result;
+}
+
+static VALUE
+PublicKey_create_from_private_key(Context *in_context,
+                                  unsigned char *private_key_data)
+{
+  PublicKey *public_key;
+  VALUE result;
+
+  result = PublicKey_alloc(Secp256k1_PublicKey_class);
+  TypedData_Get_Struct(result, PublicKey, &PublicKey_DataType, public_key);
+
+  if (secp256k1_ec_pubkey_create(
+        in_context->ctx,
+        (&public_key->pubkey),
+        private_key_data) != 1)
+  {
+    rb_raise(rb_eTypeError, "invalid private key data");
+  }
+
+  public_key->ctx = secp256k1_context_clone(in_context->ctx);
+  return result;
+}
+
+static VALUE
+PublicKey_create_from_data(Context *in_context,
+                           unsigned char *in_public_key_data,
+                           unsigned int in_public_key_data_len)
+{
+  PublicKey *public_key;
+  VALUE result;
+
+  result = PublicKey_alloc(Secp256k1_PublicKey_class);
+  TypedData_Get_Struct(result, PublicKey, &PublicKey_DataType, public_key);
+
+  if (secp256k1_ec_pubkey_parse(in_context->ctx,
+                                &(public_key->pubkey),
+                                in_public_key_data,
+                                in_public_key_data_len) != 1)
+  {
+    rb_raise(rb_eRuntimeError, "invalid public key data");
+  }
+
+  public_key->ctx = secp256k1_context_clone(in_context->ctx);
+  return result;
+}
+
+/**
+ * @return [String] binary string containing the uncompressed representation
+ *   of this public key.
+ */
+static VALUE
+PublicKey_uncompressed(VALUE self)
+{
+  // TODO: Cache value after first computation
+  PublicKey *public_key;
+  size_t serialized_pubkey_len = UNCOMPRESSED_PUBKEY_SIZE_BYTES;
+  unsigned char serialized_pubkey[UNCOMPRESSED_PUBKEY_SIZE_BYTES];
+
+  TypedData_Get_Struct(self, PublicKey, &PublicKey_DataType, public_key);
+
+  secp256k1_ec_pubkey_serialize(public_key->ctx,
+                                serialized_pubkey,
+                                &serialized_pubkey_len,
+                                &(public_key->pubkey),
+                                SECP256K1_EC_UNCOMPRESSED);
+
+  return rb_str_new((char*)serialized_pubkey, serialized_pubkey_len);
+}
+
+/**
+ * @return [String] binary string containing the compressed representation of
+ *   this public key.
+ */
+static VALUE
+PublicKey_compressed(VALUE self)
+{
+  // TODO: Cache value after first computation
+  PublicKey *public_key;
+  size_t serialized_pubkey_len = COMPRESSED_PUBKEY_SIZE_BYTES;
+  unsigned char serialized_pubkey[COMPRESSED_PUBKEY_SIZE_BYTES];
+
+  TypedData_Get_Struct(self, PublicKey, &PublicKey_DataType, public_key);
+
+  secp256k1_ec_pubkey_serialize(public_key->ctx,
+                                serialized_pubkey,
+                                &serialized_pubkey_len,
+                                &(public_key->pubkey),
+                                SECP256K1_EC_COMPRESSED);
+
+  return rb_str_new((char*)serialized_pubkey, serialized_pubkey_len);
+}
+
+/**
+ * Compares two public keys.
+ *
+ * Public keys are considered equal if their compressed representations match.
+ *
+ * @param other [Secp256k1::PublicKey] public key to compare.
+ * @return [Boolean] true if the public keys are identical, false otherwise.
+ */
+static VALUE
+PublicKey_equals(VALUE self, VALUE other)
+{
+  PublicKey *lhs;
+  PublicKey *rhs;
+  unsigned char lhs_compressed[33];
+  unsigned char rhs_compressed[33];
+  size_t lhs_len;
+  size_t rhs_len;
+
+  lhs_len = 33;
+  rhs_len = 33;
+
+  TypedData_Get_Struct(self, PublicKey, &PublicKey_DataType, lhs);
+  TypedData_Get_Struct(other, PublicKey, &PublicKey_DataType, rhs);
+
+  secp256k1_ec_pubkey_serialize(
+    lhs->ctx,
+    lhs_compressed,
+    &lhs_len,
+    &(lhs->pubkey),
+    SECP256K1_EC_COMPRESSED
+  );
+  secp256k1_ec_pubkey_serialize(
+    rhs->ctx,
+    rhs_compressed,
+    &rhs_len,
+    &(rhs->pubkey),
+    SECP256K1_EC_COMPRESSED
+  );
+
+  if (lhs_len == rhs_len &&
+      memcmp(lhs_compressed, rhs_compressed, lhs_len) == 0)
+  {
+    return Qtrue;
+  }
+
+  return Qfalse;
+}
+
+//
+// Secp256k1::PrivateKey class interface
+//
+
+static VALUE
+PrivateKey_alloc(VALUE klass)
+{
+  VALUE new_instance;
+  PrivateKey *private_key;
+
+  private_key = ALLOC(PrivateKey);
+  MEMZERO(private_key, PrivateKey, 1);
+  new_instance = TypedData_Wrap_Struct(klass, &PrivateKey_DataType, private_key);
+
+  return new_instance;
+}
+
+static VALUE
+PrivateKey_create(Context *in_context, unsigned char *in_private_key_data)
+{
+  PrivateKey *private_key;
+  VALUE result;
+
+  if (secp256k1_ec_seckey_verify(in_context->ctx, in_private_key_data) != 1)
+  {
+    rb_raise(rb_eArgError, "invalid private key data");
+  }
+
+  result = PrivateKey_alloc(Secp256k1_PrivateKey_class);
+  TypedData_Get_Struct(result, PrivateKey, &PrivateKey_DataType, private_key);
+  MEMCPY(private_key->data, in_private_key_data, char, 32);
+  private_key->ctx = secp256k1_context_clone(in_context->ctx);
+
+  rb_iv_set(result, "@data", rb_str_new((char*)in_private_key_data, 32));
+
+  return result;
+}
+
+/**
+ * Compare two private keys.
+ *
+ * Private keys are considered equal if their data fields are identical.
+ *
+ * @param other [Secp256k1::PrivateKey] private key to compare. 
+ * @return [Boolean] true if they are equal, false otherwise.
+ */
+static VALUE
+PrivateKey_equals(VALUE self, VALUE other)
+{
+  PrivateKey *lhs;
+  PrivateKey *rhs;
+
+  TypedData_Get_Struct(self, PrivateKey, &PrivateKey_DataType, lhs);
+  TypedData_Get_Struct(other, PrivateKey, &PrivateKey_DataType, rhs);
+
+  if (memcmp(lhs->data, rhs->data, 32) == 0)
+  {
+    return Qtrue;
+  }
+
+  return Qfalse;
+}
+
+//
+// Secp256k1::Signature class interface
+//
+
+static VALUE
+Signature_alloc(VALUE klass)
+{
+  VALUE new_instance;
+  Signature *signature;
+
+  signature = ALLOC(Signature);
+  MEMZERO(signature, Signature, 1);
+  new_instance = TypedData_Wrap_Struct(klass, &Signature_DataType, signature);
+
+  return new_instance;
+}
+
+/**
+ * Return Distinguished Encoding Rules (DER) encoded signature data.
+ *
+ * @return [String] binary string containing DER-encoded signature data.
+ */
+static VALUE
+Signature_der_encoded(VALUE self)
+{
+  // TODO: Cache value after first computation
+  Signature *signature;
+  unsigned long der_signature_len;
+  unsigned char der_signature[72];
+
+  TypedData_Get_Struct(self, Signature, &Signature_DataType, signature);
+
+  der_signature_len = 72;
+  if (secp256k1_ecdsa_signature_serialize_der(signature->ctx,
+                                              der_signature,
+                                              &der_signature_len,
+                                              &(signature->sig)) != 1)
+  {
+    rb_raise(rb_eRuntimeError, "could not compute DER encoded signature");
+  }
+
+  return rb_str_new((char*)der_signature, der_signature_len);
+}
+
+/**
+ * Returns the 64 byte compact representation of this signature.
+ *
+ * @return [String] 64 byte binary string containing signature data.
+ */
+static VALUE
+Signature_compact(VALUE self)
+{
+  // TODO: Cache value after first computation
+  Signature *signature;
+  unsigned char compact_signature[COMPACT_SIG_SIZE_BYTES];
+
+  TypedData_Get_Struct(self, Signature, &Signature_DataType, signature);
+
+  if (secp256k1_ecdsa_signature_serialize_compact(signature->ctx,
+                                                  compact_signature,
+                                                  &(signature->sig)) != 1)
+  {
+    rb_raise(rb_eRuntimeError, "unable to compute compact signature");
+  }
+
+  return rb_str_new((char*)compact_signature, COMPACT_SIG_SIZE_BYTES);
+}
+
+/**
+ * Returns the normalized lower-S form of this signature.
+ *
+ * This can be useful when importing signatures generated by other applications
+ * that may not be normalized. Non-normalized signatures are potentially
+ * forgeable.
+ *
+ * @return [Array] first element is a boolean that is `true` if the signature
+ *   was normalized, false otherwise. The second element is a `Signature`
+ *   object corresponding to the normalized signature.
+ */
+static VALUE
+Signature_normalized(VALUE self)
 {
-  unsigned char hash[SHA256_DIGEST_LENGTH];
+  VALUE result_sig;
+  VALUE was_normalized;
+  VALUE result;
+  Signature *signature;
+  Signature *normalized_signature;
 
-  // Compute the SHA-256 hash of data
-  SHA256(in_data, in_data_len, hash);
+  TypedData_Get_Struct(self, Signature, &Signature_DataType, signature);
+  result_sig = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(
+    result_sig, Signature, &Signature_DataType, normalized_signature
+  );
 
-  // Sign the hash of the data
-  if (secp256k1_ecdsa_sign(in_context,
-                           out_signature,
-                           hash,
-                           in_private_key,
-                           NULL,
-                           NULL) == 1)
+  was_normalized = Qfalse;
+  if (secp256k1_ecdsa_signature_normalize(
+        signature->ctx,
+        &(normalized_signature->sig),
+        &(signature->sig)) == 1)
   {
-    return RESULT_SUCCESS;
+    was_normalized = Qtrue;
   }
 
-  return RESULT_FAILURE;
+  normalized_signature->ctx = secp256k1_context_clone(signature->ctx);
+
+  result = rb_ary_new2(2);
+  rb_ary_push(result, was_normalized);
+  rb_ary_push(result, result_sig);
+
+  return result;
 }
 
 /**
- * Secp256k1.generate_private_key_bytes
+ * Compares two signatures.
  *
- * Generate cryptographically secure 32 byte private key data.
+ * Two signatures are equal if their compact encodings are identical.
  *
- * Raises:
- *   RuntimeError - If random number generation fails for any reason.
+ * @param other [Secp256k1::Signature] signature to compare
+ * @return [Boolean] true if signatures match, false otherwise.
  */
 static VALUE
-Secp256k1_generate_private_key_bytes(VALUE self)
+Signature_equals(VALUE self, VALUE other)
 {
-  unsigned char private_key_bytes[32];
+  Signature *lhs;
+  Signature *rhs;
+  unsigned char lhs_compact[64];
+  unsigned char rhs_compact[64];
 
-  if (FAILURE(GenerateRandomBytes(private_key_bytes, 32)))
+  TypedData_Get_Struct(self, Signature, &Signature_DataType, lhs);
+  TypedData_Get_Struct(other, Signature, &Signature_DataType, rhs);
+
+  secp256k1_ecdsa_signature_serialize_compact(
+    lhs->ctx, lhs_compact, &(lhs->sig)
+  );
+  secp256k1_ecdsa_signature_serialize_compact(
+    rhs->ctx, rhs_compact, &(rhs->sig)
+  );
+
+  if (memcmp(lhs_compact, rhs_compact, 64) == 0)
   {
-    rb_raise(rb_eRuntimeError, "Random number generation failed.");
+    return Qtrue;
   }
 
-  return rb_str_new((char*)private_key_bytes, 32);
+  return Qfalse;
 }
 
 //
-// Secp256k1::PrivateKey class interface
+// Secp256k1::RecoverableSignature class interface
 //
 
-/* Allocate space for new private key internal data */
+#ifdef HAVE_SECP256K1_RECOVERY_H
+
 static VALUE
-PrivateKey_alloc(VALUE klass)
+RecoverableSignature_alloc(VALUE klass)
 {
   VALUE new_instance;
-  PrivateKey *private_key;
+  RecoverableSignature *recoverable_signature;
 
-  new_instance = Data_Make_Struct(
-    klass, PrivateKey, NULL, free, private_key
+  recoverable_signature = ALLOC(RecoverableSignature);
+  MEMZERO(recoverable_signature, RecoverableSignature, 1);
+  new_instance = TypedData_Wrap_Struct(
+    klass, &RecoverableSignature_DataType, recoverable_signature
   );
-  memset(private_key->data, 0, 32);
 
   return new_instance;
 }
 
 /**
- * PrivateKey.generate
- *
- * Generates a new random private key.
- *
- * \return PrivateKey instance populated with randomly generated key.
- */
-static VALUE
-PrivateKey_generate(VALUE klass)
-{
-  VALUE result = rb_funcall(klass,
-                            rb_intern("new"),
-                            1,
-                            Secp256k1_generate_private_key_bytes(Secp256k1_module));
-  return result;
-}
-
-/**
- * PrivateKey#initialize
- *
- * Initialize a new private key with the given private key data.
+ * Returns the compact encoding of recoverable signature.
  *
- * \param self allocated class instance
- * \param in_bytes private key data as 32 byte string
- * \raises ArgumentError If private key data is not 32 bytes long.
+ * @return [Array] first element is the 64 byte compact encoding of signature,
+ *   the second element is the integer recovery ID.
+ * @raise [RuntimeError] if signature serialization fails.
  */
 static VALUE
-PrivateKey_initialize(VALUE self, VALUE in_bytes)
+RecoverableSignature_compact(VALUE self)
 {
-  PrivateKey *private_key;
+  RecoverableSignature *recoverable_signature;
+  unsigned char compact_sig[64];
+  int recovery_id;
+  VALUE result;
 
-  Check_Type(in_bytes, T_STRING);
+  TypedData_Get_Struct(
+    self,
+    RecoverableSignature,
+    &RecoverableSignature_DataType,
+    recoverable_signature
+  );
 
-  if (RSTRING_LEN(in_bytes) != 32)
+  if (secp256k1_ecdsa_recoverable_signature_serialize_compact(
+        recoverable_signature->ctx,
+        compact_sig,
+        &recovery_id,
+        &(recoverable_signature->sig)) != 1)
   {
-    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
-    return self;
+    rb_raise(rb_eRuntimeError, "unable to serialize recoverable signature");
   }
 
-  Data_Get_Struct(self, PrivateKey, private_key);
-  memcpy(private_key->data, RSTRING_PTR(in_bytes), 32);
+  // Create a new array with room for 2 elements and push data onto it
+  result = rb_ary_new2(2);
+  rb_ary_push(result, rb_str_new((char*)compact_sig, 64));
+  rb_ary_push(result, rb_int_new(recovery_id));
 
-  // Set the PrivateKey.data attribute for later reading
-  rb_iv_set(self, "@data", in_bytes);
-
-  return self;
+  return result;
 }
 
-//
-// Secp256k1::Signature class interface
-//
-
-/* Allocate memory for Signature object */
+/**
+ * Convert a recoverable signature to a non-recoverable signature.
+ *
+ * @return [Secp256k1::Signature] non-recoverable signature derived from this
+ *   recoverable signature.
+ */
 static VALUE
-Signature_alloc(VALUE klass)
+RecoverableSignature_to_signature(VALUE self)
 {
-  VALUE new_instance;
+  RecoverableSignature *recoverable_signature;
   Signature *signature;
+  VALUE result;
 
-  new_instance = Data_Make_Struct(klass,
-                                  Signature,
-                                  NULL,
-                                  free,
-                                  signature);
-  memset(signature, 0, sizeof(Signature));
+  TypedData_Get_Struct(
+    self,
+    RecoverableSignature,
+    &RecoverableSignature_DataType,
+    recoverable_signature
+  );
 
-  return new_instance;
+  result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(
+    result,
+    Signature,
+    &Signature_DataType,
+    signature
+  );
+
+  // NOTE: This method cannot fail
+  secp256k1_ecdsa_recoverable_signature_convert(
+    recoverable_signature->ctx,
+    &(signature->sig),
+    &(recoverable_signature->sig));
+
+  signature->ctx = secp256k1_context_clone(recoverable_signature->ctx);
+  return result;
 }
 
 /**
- * Signature#der_encoded
+ * Attempts to recover the public key associated with this signature.
  *
- * \param self
- * \return DER encoded version of this signature
+ * @param in_hash32 [String] 32-byte SHA-256 hash of data.
+ * @return [Secp256k1::PublicKey] recovered public key.
+ * @raise [RuntimeError] if the public key could not be recovered.
  */
 static VALUE
-Signature_der_encoded(VALUE self)
+RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
 {
-  Signature *signature;
-  unsigned long der_signature_len;
-  unsigned char der_signature[512];
+  RecoverableSignature *recoverable_signature;
+  PublicKey *public_key;
+  VALUE result;
+  unsigned char *hash32;
 
-  Data_Get_Struct(self, Signature, signature);
+  Check_Type(in_hash32, T_STRING);
+  if (RSTRING_LEN(in_hash32) != 32)
+  {
+    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+  }
 
-  der_signature_len = 512;
-  if (secp256k1_ecdsa_signature_serialize_der(signature->context->ctx,
-                                              der_signature,
-                                              &der_signature_len,
-                                              &(signature->sig)) == 1)
+  TypedData_Get_Struct(
+    self,
+    RecoverableSignature,
+    &RecoverableSignature_DataType,
+    recoverable_signature
+  );
+  hash32 = (unsigned char*)StringValuePtr(in_hash32);
+
+  result = PublicKey_alloc(Secp256k1_PublicKey_class);
+  TypedData_Get_Struct(result, PublicKey, &PublicKey_DataType, public_key);
+
+  if (secp256k1_ecdsa_recover(recoverable_signature->ctx,
+                              &(public_key->pubkey),
+                              &(recoverable_signature->sig),
+                              hash32) == 1)
   {
-    return rb_str_new((char*)der_signature, der_signature_len);
+    public_key->ctx = secp256k1_context_clone(recoverable_signature->ctx);
+    return result;
   }
 
-  rb_raise(rb_eRuntimeError, "Could not compute DER encoded signature");
+  rb_raise(rb_eRuntimeError, "unable to recover public key");
 }
 
 /**
- * Signature#compact
+ * Compares two recoverable signatures.
  *
- * Returns the compact (64-byte) representation of this signature.
+ * Two recoverable signatures their secp256k1_ecdsa_recoverable_signature data
+ * is identical.
  *
- * \param self
- * \return Compact encoding of this signature
+ * @param other [Secp256k1::RecoverableSignature] recoverable signature to
+ *   compare.
+ * @return [Boolean] true if the recoverable signatures are identical, false
+ *   otherwise.
  */
 static VALUE
-Signature_compact(VALUE self)
+RecoverableSignature_equals(VALUE self, VALUE other)
 {
-  Signature *signature;
-  unsigned char compact_signature[65];
+  RecoverableSignature *lhs;
+  RecoverableSignature *rhs;
 
-  Data_Get_Struct(self, Signature, signature);
+  TypedData_Get_Struct(
+    self, RecoverableSignature, &RecoverableSignature_DataType, lhs
+  );
+  TypedData_Get_Struct(
+    other, RecoverableSignature, &RecoverableSignature_DataType, rhs
+  );
 
-  if (secp256k1_ecdsa_signature_serialize_compact(signature->context->ctx,
-                                                  compact_signature,
-                                                  &(signature->sig)) == 1)
+  // NOTE: It is safe to directly compare these data structures rather than
+  // first serializing and then comparing.
+  if (memcmp(&(lhs->sig),
+             &(rhs->sig),
+             sizeof(secp256k1_ecdsa_recoverable_signature)) == 0)
   {
-    return rb_str_new((char*)compact_signature, 65);
+    return Qtrue;
   }
 
-  rb_raise(rb_eRuntimeError, "Unable to compute compact signature");
+  return Qfalse;
 }
 
+#endif // HAVE_SECP256K1_RECOVERY_H
+
 //
-// Secp256k1::Context class interface
+// Secp256k1::SharedSecret class interface
 //
 
-/* Deallocate a context when it is garbage collected */
-static void
-Context_free(void* in_context)
+#ifdef HAVE_SECP256K1_ECDH_H
+
+static VALUE
+SharedSecret_alloc(VALUE klass)
 {
-  Context *context = (Context*)in_context;
+  VALUE new_instance;
+  SharedSecret *shared_secret;
 
-  secp256k1_context_destroy(context->ctx);
-  free(context);
+  shared_secret = ALLOC(SharedSecret);
+  MEMZERO(shared_secret, SharedSecret, 1);
+  new_instance = TypedData_Wrap_Struct(
+  klass, &SharedSecret_DataType, shared_secret
+  );
+
+  return new_instance;
 }
 
+#endif // HAVE_SECP256K1_ECDH_H
+
+//
+// Secp256k1::Context class interface
+//
+
 /* Allocate a new context object */
 static VALUE
 Context_alloc(VALUE klass)
@@ -346,20 +1015,21 @@ Context_alloc(VALUE klass)
   VALUE new_instance;
   Context *context;
 
-  new_instance = Data_Make_Struct(
-    klass, Context, NULL, Context_free, context
-  );
-  context->ctx = NULL;
+  context = ALLOC(Context);
+  MEMZERO(context, Context, 1);
+
+  new_instance = TypedData_Wrap_Struct(klass, &Context_DataType, context);
 
   return new_instance;
 }
 
 /**
- * Context#initialize
+ * Initialize a new context.
  *
- * Initialize a new libsecp256k1 context.
+ * Context initialization should be infrequent as it is an expensive operation.
  *
- * \raises RuntimeError if context randomizatino fails.
+ * @return [Secp256k1::Context] 
+ * @raise [RuntimeError] if context randomization fails.
  */
 static VALUE
 Context_initialize(VALUE self)
@@ -367,7 +1037,7 @@ Context_initialize(VALUE self)
   Context *context;
   unsigned char seed[32];
 
-  Data_Get_Struct(self, Context, context);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
   context->ctx = secp256k1_context_create(
     SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY
@@ -378,86 +1048,104 @@ Context_initialize(VALUE self)
   GenerateRandomBytes(seed, 32);
   if (secp256k1_context_randomize(context->ctx, seed) != 1)
   {
-    rb_raise(rb_eRuntimeError, "Randomization of context failed.");
+    rb_raise(rb_eRuntimeError, "context randomization failed");
   }
 
   return self;
 }
 
 /**
- * Context#generate_key_pair
+ * Generate a new public-private key pair.
  *
- * Generate a new (public, private) key pair.
+ * @return [Secp256k1::KeyPair] newly generated key pair.
+ * @raise [RuntimeError] if private key generation fails.
  */
 static VALUE
 Context_generate_key_pair(VALUE self)
 {
+  Context *context;
   VALUE private_key;
   VALUE public_key;
-  VALUE key_pair;
+  VALUE result;
+  unsigned char private_key_bytes[32];
+
+  if (FAILURE(GenerateRandomBytes(private_key_bytes, 32)))
+  {
+    rb_raise(rb_eRuntimeError, "unable to generate private key bytes.");
+  }
+
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
-  private_key = PrivateKey_generate(Secp256k1_PrivateKey_class);
-  public_key = rb_funcall(Secp256k1_PublicKey_class,
-                          rb_intern("new"),
-                          2,
-                          self,
-                          private_key);
-  key_pair = rb_funcall(Secp256k1_KeyPair_class,
-                        rb_intern("new"),
-                        2,
-                        public_key,
-                        private_key);
+  private_key = PrivateKey_create(context, private_key_bytes);
+  public_key = PublicKey_create_from_private_key(context, private_key_bytes);
+  result = rb_funcall(
+    Secp256k1_KeyPair_class,
+    rb_intern("new"),
+    2,
+    public_key,
+    private_key
+  );
 
-  return key_pair;
+  return result;
 }
 
 /**
- * Context#public_key_from_data
- *
  * Loads a public key from compressed or uncompressed binary data.
  *
- * \param self
- * \param in_public_key_data Compressed or uncompressed binary public key data.
+ * @param in_public_key_data [String] binary string with compressed or
+ *   uncompressed public key data.
+ * @return [Secp256k1::PublicKey] public key derived from data.
+ * @raise [RuntimeError] if public key data is invalid.
  */
 static VALUE
 Context_public_key_from_data(VALUE self, VALUE in_public_key_data)
 {
   Context *context;
-  PublicKey *public_key;
   unsigned char *public_key_data;
-  VALUE result;
 
   Check_Type(in_public_key_data, T_STRING);
 
-  Data_Get_Struct(self, Context, context);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
   public_key_data = (unsigned char*)StringValuePtr(in_public_key_data);
-  result = Data_Make_Struct(Secp256k1_PublicKey_class,
-                            PublicKey,
-                            NULL,
-                            free,
-                            public_key);
-  public_key->context = context;
-
-  if (secp256k1_ec_pubkey_parse(context->ctx,
-                                &(public_key->pubkey),
-                                public_key_data,
-                                RSTRING_LEN(in_public_key_data)) != 1)
+  return PublicKey_create_from_data(
+    context,
+    public_key_data,
+    RSTRING_LEN(in_public_key_data)
+  );
+}
+
+/**
+ * Load a private key from binary data.
+ *
+ * @param in_private_key_data [String] 32 byte binary string of private key
+ *   data.
+ * @return [Secp256k1::PrivateKey] private key loaded from the given data.
+ * @raise [ArgumentError] if private key data is not 32 bytes or is invalid.
+ */
+static VALUE
+Context_private_key_from_data(VALUE self, VALUE in_private_key_data)
+{
+  Context *context;
+  unsigned char *private_key_data;
+
+  Check_Type(in_private_key_data, T_STRING);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
+
+  if (RSTRING_LEN(in_private_key_data) != 32)
   {
-    rb_raise(rb_eRuntimeError, "Invalid public key data");
+    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
   }
 
-  return result;
+  return PrivateKey_create(context, private_key_data);
 }
 
 /**
- * Context#key_pair_from_private_key
- *
- * Converts a binary private key into a key pair
+ * Converts binary private key data into a new key pair.
  *
- * \param self
- * \param in_private_key_data Binary private key data to be used
- * \return A KeyPair initialized from the given private key data
- * \raises ArgumentError if the private key data is invalid or key derivation
+ * @param in_private_key_data [String] binary private key data
+ * @return [Secp256k1::KeyPair] key pair initialized from the private key data.
+ * @raise [ArgumentError] if the private key data is invalid or key derivation
  *   fails.
  */
 static VALUE
@@ -466,44 +1154,36 @@ Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
   Context *context;
   VALUE public_key;
   VALUE private_key;
-  VALUE key_pair;
   unsigned char *private_key_data;
 
-  // TODO: Move verification into PrivateKey_initialize?
-  // Verify secret key data before attempting to recover key pair
-  Data_Get_Struct(self, Context, context);
-  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
-
-  if (secp256k1_ec_seckey_verify(context->ctx, private_key_data) != 1)
+  if (RSTRING_LEN(in_private_key_data) != 32)
   {
-    rb_raise(rb_eRuntimeError, "Invalid private key data.");
+    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
   }
 
-  private_key = rb_funcall(Secp256k1_PrivateKey_class,
-                           rb_intern("new"),
-                           1,
-                           in_private_key_data);
-  public_key = rb_funcall(Secp256k1_PublicKey_class,
-                          rb_intern("new"),
-                          2,
-                          self,
-                          private_key);
-  key_pair = rb_funcall(Secp256k1_KeyPair_class,
-                        rb_intern("new"),
-                        2,
-                        public_key,
-                        private_key);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
+
+  private_key = PrivateKey_create(context, private_key_data);
+  public_key = PublicKey_create_from_private_key(context, private_key_data);
 
-  return key_pair;
+  return rb_funcall(
+    Secp256k1_KeyPair_class,
+    rb_intern("new"),
+    2,
+    public_key,
+    private_key
+  );
 }
 
 /**
- * Context#signature_from_der_encoded
+ * Converts a DER encoded binary signature into a signature object.
  *
- * Converts a DER encoded signature into a Secp256k1::Signature object.
- *
- * \param self
- * \param in_der_encoded_signature DER encoded signature as a binary string
+ * @param in_der_encoded_signature [String] DER encoded signature as binary
+ *   string.
+ * @return [Secp256k1::Signature] signature object initialized using signature
+ *   data.
+ * @raise [ArgumentError] if signature data is invalid.
  */
 static VALUE
 Context_signature_from_der_encoded(VALUE self, VALUE in_der_encoded_signature)
@@ -515,36 +1195,31 @@ Context_signature_from_der_encoded(VALUE self, VALUE in_der_encoded_signature)
 
   Check_Type(in_der_encoded_signature, T_STRING);
 
-  Data_Get_Struct(self, Context, context);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
   signature_data = (unsigned char*)StringValuePtr(in_der_encoded_signature);
 
-  signature_result = Data_Make_Struct(Secp256k1_Signature_class,
-                                      Signature,
-                                      NULL,
-                                      free,
-                                      signature);
+  signature_result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
 
   if (secp256k1_ecdsa_signature_parse_der(context->ctx,
                                           &(signature->sig),
                                           signature_data,
                                           RSTRING_LEN(in_der_encoded_signature)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "Invalid DER encoded signature.");
+    rb_raise(rb_eArgError, "invalid DER encoded signature");
   }
 
-  signature->context = context;
+  signature->ctx = secp256k1_context_clone(context->ctx);
   return signature_result;
 }
 
 /**
- * Context#signature_from_compact
- *
  * Deserializes a Signature from 64-byte compact signature data.
  *
- * \param self
- * \param in_compact_signature Compact signature to deserialize
- * \return Signature object deserialized from compact signature.
- * \raises RuntimeError if signature deserialization fails
+ * @param in_compact_signature [String] compact signature as 64-byte binary
+ *   string.
+ * @return [Secp256k1::Signature] object deserialized from compact signature.
+ * @raise [ArgumentError] if signature data is invalid.
  */
 static VALUE
 Context_signature_from_compact(VALUE self, VALUE in_compact_signature)
@@ -554,105 +1229,104 @@ Context_signature_from_compact(VALUE self, VALUE in_compact_signature)
   VALUE signature_result;
   unsigned char *signature_data;
 
-  Check_Type(in_compact_signature, T_STRING);
-
-  Data_Get_Struct(self, Context, context);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
   signature_data = (unsigned char*)StringValuePtr(in_compact_signature);
 
-  signature_result = Data_Make_Struct(Secp256k1_Signature_class,
-                                      Signature,
-                                      NULL,
-                                      free,
-                                      signature);
+  signature_result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
 
   if (secp256k1_ecdsa_signature_parse_compact(context->ctx,
                                               &(signature->sig),
                                               signature_data) != 1)
   {
-    rb_raise(rb_eRuntimeError, "Invalid compact signature.");
+    rb_raise(rb_eArgError, "invalid compact signature");
   }
 
-  signature->context = context;
+  signature->ctx = secp256k1_context_clone(context->ctx);
   return signature_result;
 }
 
 /**
- * Context#sign
- *
- * Computes the ECDSA signature of the data using the secp256k1 EC.
+ * Computes the ECDSA signature of the data using the secp256k1 elliptic curve.
  *
- * \param self
- * \param in_private_key Private key to use for signing
- * \param in_data Data to be signed
- * \raises RuntimeError if signing fails
+ * @param in_private_key [Secp256k1::PrivateKey] private key to use for
+ *   signing.
+ * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
+ * @return [Secp256k1::Signature] signature resulting from signing data.
+ * @raise [RuntimeError] if signature computation fails.
+ * @raise [ArgumentError] if hash is not 32-bytes in length.
  */
 static VALUE
-Context_sign(VALUE self, VALUE in_private_key, VALUE in_data)
+Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
 {
-  unsigned char *data_ptr;
+  unsigned char *hash32;
   PrivateKey *private_key;
   Context *context;
   Signature *signature;
   VALUE signature_result;
 
-  Check_Type(in_data, T_STRING);
+  Check_Type(in_hash32, T_STRING);
 
-  Data_Get_Struct(self, Context, context);
-  Data_Get_Struct(in_private_key, PrivateKey, private_key);
-  data_ptr = (unsigned char*)StringValuePtr(in_data);
+  if (RSTRING_LEN(in_hash32) != 32)
+  {
+    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+  }
 
-  signature_result = Data_Make_Struct(Secp256k1_Signature_class,
-                                      Signature,
-                                      NULL,
-                                      free,
-                                      signature);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  TypedData_Get_Struct(in_private_key, PrivateKey, &PrivateKey_DataType, private_key);
+  hash32 = (unsigned char*)StringValuePtr(in_hash32);
 
+  signature_result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
+ 
   // Attempt to sign the hash of the given data
   if (SUCCESS(SignData(context->ctx,
-                       data_ptr,
-                       RSTRING_LEN(in_data),
+                       hash32,
                        private_key->data,
                        &(signature->sig))))
   {
-    signature->context = context;
+    signature->ctx = secp256k1_context_clone(context->ctx);
     return signature_result;
   }
 
-  rb_raise(rb_eRuntimeError, "Unable to compute signature");
+  rb_raise(rb_eRuntimeError, "unable to compute signature");
 }
 
 /**
- * Context#verify
+ * Verifies that signature matches public key and data.
  *
- * Verifies that the signature by the holder of public key on message.
- *
- * \param self
- * \param in_signature Signature to be verified
- * \param in_pubkey Public key to verify signature against
- * \param in_message Message to verify signature of
- * \return Qtrue if the signature is valid, Qfalse otherwise.
+ * @param in_signature [Secp256k1::Signature] signature to be verified.
+ * @param in_pubkey [Secp256k1::PublicKey] public key to verify signature
+ *   against.
+ * @param in_hash32 [String] 32-byte binary string containing SHA-256 hash of
+ *   data.
+ * @return [Boolean] True if the signature is valid, false otherwise.
+ * @raise [ArgumentError] if hash is not 32-bytes in length.
  */
 static VALUE
-Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_message)
+Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
 {
   Context *context;
   PublicKey *public_key;
   Signature *signature;
-  unsigned char *message_ptr;
-  unsigned char hash[SHA256_DIGEST_LENGTH];
+  unsigned char *hash32;
+
+  Check_Type(in_hash32, T_STRING);
 
-  Check_Type(in_message, T_STRING);
+  if (RSTRING_LEN(in_hash32) != 32)
+  {
+    rb_raise(rb_eArgError, "in_hash32 is not 32-bytes in length");
+  }
 
-  Data_Get_Struct(self, Context, context);
-  Data_Get_Struct(in_pubkey, PublicKey, public_key);
-  Data_Get_Struct(in_signature, Signature, signature);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  TypedData_Get_Struct(in_pubkey, PublicKey, &PublicKey_DataType, public_key);
+  TypedData_Get_Struct(in_signature, Signature, &Signature_DataType, signature);
 
-  message_ptr = (unsigned char*)StringValuePtr(in_message);
-  SHA256(message_ptr, RSTRING_LEN(in_message), hash);
+  hash32 = (unsigned char*)StringValuePtr(in_hash32);
   
   if (secp256k1_ecdsa_verify(context->ctx,
                              &(signature->sig),
-                             hash,
+                             hash32,
                              &(public_key->pubkey)) == 1)
   {
     return Qtrue;
@@ -661,127 +1335,196 @@ Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_message
   return Qfalse;
 }
 
-//
-// Secp256k1::PublicKey class interface
-//
-
-static VALUE
-PublicKey_alloc(VALUE klass)
-{
-  VALUE result;
-  PublicKey *public_key;
-
-  result = Data_Make_Struct(klass, PublicKey, NULL, free, public_key);
-
-  return result;
-}
+// Context recoverable signature methods
+#ifdef HAVE_SECP256K1_RECOVERY_H
 
 /**
- * PublicKey#initialize
- *
- * Initialize a new public key from the given context and private key.
+ * Computes the recoverable ECDSA signature of data signed with private key.
  *
- * \param in_context Context instance to be used in derivation
- * \param in_private_key PrivateKey to derive public key from
- * \return PublicKey instance initialized with data
- * \raises TypeError if private key data is invalid
+ * @param in_private_key [Secp256k1::PrivateKey] private key to sign with.
+ * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
+ * @return [Secp256k1::RecoverableSignature] recoverable signature produced by
+ *   signing the SHA-256 hash `in_hash32` with `in_private_key`.
+ * @raise [ArgumentError] if the hash is not 32 bytes
  */
 static VALUE
-PublicKey_initialize(VALUE self, VALUE in_context, VALUE in_private_key)
+Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
 {
   Context *context;
-  PublicKey *public_key;
   PrivateKey *private_key;
+  RecoverableSignature *recoverable_signature;
+  unsigned char *hash32;
+  VALUE result;
 
-  Data_Get_Struct(self, PublicKey, public_key);
-  Data_Get_Struct(in_context, Context, context);
-  Data_Get_Struct(in_private_key, PrivateKey, private_key);
-
-  if (secp256k1_ec_pubkey_create(context->ctx,
-                                 &(public_key->pubkey),
-                                 private_key->data) == 0)
+  Check_Type(in_hash32, T_STRING);
+  if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eTypeError, "Invalid private key data");
-    return self;
+    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
   }
 
-  public_key->context = context;
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  TypedData_Get_Struct(
+    in_private_key, PrivateKey, &PrivateKey_DataType, private_key
+  );
+  hash32 = (unsigned char*)StringValuePtr(in_hash32);
+
+  result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
+  TypedData_Get_Struct(
+    result,
+    RecoverableSignature,
+    &RecoverableSignature_DataType,
+    recoverable_signature
+  );
+
+  if (SUCCESS(RecoverableSignData(context->ctx,
+                                  hash32,
+                                  private_key->data,
+                                  &(recoverable_signature->sig))))
+  {
+    recoverable_signature->ctx = secp256k1_context_clone(context->ctx);
+    return result;
+  }
 
-  return self;
+  rb_raise(rb_eRuntimeError, "unable to compute recoverable signature");
 }
 
-/* PublicKey#as_uncompressed */
+/**
+ * Loads recoverable signature from compact representation and recovery ID.
+ *
+ * @param in_compact_sig [String] binary string containing compact signature
+ *   data.
+ * @param in_recovery_id [Integer] recovery ID.
+ * @return [Secp256k1::RecoverableSignature] signature parsed from data.
+ * @raise [RuntimeError] if signature data or recovery ID is invalid.
+ * @raise [ArgumentError] if compact signature is not 64 bytes.
+ */
 static VALUE
-PublicKey_as_uncompressed(VALUE self)
+Context_recoverable_signature_from_compact(
+  VALUE self, VALUE in_compact_sig, VALUE in_recovery_id)
 {
-  PublicKey *public_key;
-  size_t serialized_pubkey_len = 65;
-  unsigned char serialized_pubkey[65];
+  Context *context;
+  RecoverableSignature *recoverable_signature;
+  unsigned char *compact_sig;
+  int recovery_id;
+  VALUE result;
+
+  Check_Type(in_compact_sig, T_STRING);
+  Check_Type(in_recovery_id, T_FIXNUM);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
-  Data_Get_Struct(self, PublicKey, public_key);
+  compact_sig = (unsigned char*)StringValuePtr(in_compact_sig);
+  recovery_id = FIX2INT(in_recovery_id);
 
-  if (public_key->context == NULL || public_key->context->ctx == NULL)
+  if (RSTRING_LEN(in_compact_sig) != 64)
   {
-    rb_raise(rb_eRuntimeError, "Public key context is NULL");
+    rb_raise(rb_eArgError, "compact signature is not 64 bytes");
   }
 
-  secp256k1_ec_pubkey_serialize(public_key->context->ctx,
-                                serialized_pubkey,
-                                &serialized_pubkey_len,
-                                &(public_key->pubkey),
-                                SECP256K1_EC_UNCOMPRESSED);
+  result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
+  TypedData_Get_Struct(
+    result,
+    RecoverableSignature,
+    &RecoverableSignature_DataType,
+    recoverable_signature
+  );
 
-  return rb_str_new((char*)serialized_pubkey, serialized_pubkey_len);
+  if (secp256k1_ecdsa_recoverable_signature_parse_compact(
+        context->ctx,
+        &(recoverable_signature->sig),
+        compact_sig,
+        recovery_id) == 1)
+  {
+    recoverable_signature->ctx = secp256k1_context_clone(context->ctx);
+    return result;
+  }
+  
+  rb_raise(rb_eRuntimeError, "unable to parse recoverable signature");
 }
 
-/* PublicKey#as_compressed */
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+// Context EC Diffie-Hellman methods
+#ifdef HAVE_SECP256K1_ECDH_H
+
+/**
+ * Compute EC Diffie-Hellman secret in constant time.
+ *
+ * Creates a new shared secret from public_key and private_key.
+ *
+ * @param point [Secp256k1::PublicKey] public-key representing ECDH point.
+ * @param scalar [Secp256k1::PrivateKey] private-key representing ECDH scalar.
+ * @return [Secp256k1::SharedSecret] shared secret
+ * @raise [RuntimeError] If scalar was invalid (zero or caused overflow).
+ */
 static VALUE
-PublicKey_as_compressed(VALUE self)
+Context_ecdh(VALUE self, VALUE point, VALUE scalar)
 {
+  Context *context;
   PublicKey *public_key;
-  size_t serialized_pubkey_len = 65;
-  unsigned char serialized_pubkey[65];
+  PrivateKey *private_key;
+  SharedSecret *shared_secret;
+  VALUE result;
 
-  Data_Get_Struct(self, PublicKey, public_key);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
+  TypedData_Get_Struct(point, PublicKey, &PublicKey_DataType, public_key);
+  TypedData_Get_Struct(scalar, PrivateKey, &PrivateKey_DataType, private_key);
 
-  secp256k1_ec_pubkey_serialize(public_key->context->ctx,
-                                serialized_pubkey,
-                                &serialized_pubkey_len,
-                                &(public_key->pubkey),
-                                SECP256K1_EC_COMPRESSED);
+  result = SharedSecret_alloc(Secp256k1_SharedSecret_class);
+  TypedData_Get_Struct(
+    result, SharedSecret, &SharedSecret_DataType, shared_secret
+  );
 
-  return rb_str_new((char*)serialized_pubkey, serialized_pubkey_len);
+  if (secp256k1_ecdh(context->ctx,
+                     shared_secret->data,
+                     &(public_key->pubkey),
+                     (unsigned char*)private_key->data,
+                     NULL,
+                     NULL) != 1)
+  {
+    rb_raise(rb_eRuntimeError, "invalid scalar provided to ecdh");
+  }
+
+  rb_iv_set(result, "@data", rb_str_new((char*)shared_secret->data, 32));
+
+  return result;
 }
 
+#endif // HAVE_SECP256K1_ECDH_H
 
 //
-// Secp256k1::KeyPair class interface
+// Secp256k1 module methods
 //
 
+/**
+ * Indicates whether or not the libsecp256k1 recovery module is installed.
+ *
+ * @return [Boolean] true if libsecp256k1 was built with the recovery module,
+ *   false otherwise.
+ */
 static VALUE
-KeyPair_alloc(VALUE klass)
+Secp256k1_have_recovery(VALUE module)
 {
-  VALUE result;
-  KeyPair *key_pair;
-  result = Data_Make_Struct(klass, KeyPair, NULL, free, key_pair);
-
-  return result;
+#ifdef HAVE_SECP256K1_RECOVERY_H
+  return Qtrue;
+#else // HAVE_SECP256K1_RECOVERY_H
+  return Qfalse;
+#endif // HAVE_SECP256K1_RECOVERY_H
 }
 
+/**
+ * Indicates whether or not libsecp256k1 EC Diffie-Hellman module is installed.
+ *
+ * @return [Boolean] true if libsecp256k1 was build with the ECDH module, false
+ *   otherwise.
+ */
 static VALUE
-KeyPair_initialize(VALUE self, VALUE public_key, VALUE private_key)
+Secp256k1_have_ecdh(VALUE module)
 {
-  KeyPair *key_pair;
-
-  Data_Get_Struct(self, KeyPair, key_pair);
-
-  key_pair->public_key = public_key;
-  key_pair->private_key = private_key;
-
-  rb_iv_set(self, "@public_key", public_key);
-  rb_iv_set(self, "@private_key", private_key);
-
-  return self;
+#ifdef HAVE_SECP256K1_ECDH_H
+  return Qtrue;
+#else // HAVE_SECP256K1_ECDH_H
+  return Qfalse;
+#endif // HAVE_SECP256K1_ECDH_H
 }
 
 //
@@ -790,16 +1533,31 @@ KeyPair_initialize(VALUE self, VALUE public_key, VALUE private_key)
 
 void Init_rbsecp256k1()
 {
+  // NOTE: All classes derive from Data (rb_cData) rather than Object
+  // (rb_cObject). This makes it so we don't have to call rb_undef_alloc_func
+  // for each class and can instead simply define the allocation methods for
+  // each class.
+  //
+  // See: https://github.com/ruby/ruby/blob/trunk/doc/extension.rdoc#encapsulate-c-data-into-a-ruby-object
+
   // Secp256k1
   Secp256k1_module = rb_define_module("Secp256k1");
-  rb_define_singleton_method(Secp256k1_module,
-                             "generate_private_key_bytes",
-                             Secp256k1_generate_private_key_bytes,
-                             0);
+  rb_define_singleton_method(
+    Secp256k1_module,
+    "have_recovery?",
+    Secp256k1_have_recovery,
+    0
+  );
+  rb_define_singleton_method(
+    Secp256k1_module,
+    "have_ecdh?",
+    Secp256k1_have_ecdh,
+    0
+  );
 
   // Secp256k1::Context
   Secp256k1_Context_class = rb_define_class_under(
-    Secp256k1_module, "Context", rb_cObject
+    Secp256k1_module, "Context", rb_cData
   );
   rb_define_alloc_func(Secp256k1_Context_class, Context_alloc);
   rb_define_method(Secp256k1_Context_class,
@@ -818,6 +1576,10 @@ void Init_rbsecp256k1()
                    "public_key_from_data",
                    Context_public_key_from_data,
                    1);
+  rb_define_method(Secp256k1_Context_class,
+                   "private_key_from_data",
+                   Context_private_key_from_data,
+                   1);
   rb_define_method(Secp256k1_Context_class,
                    "sign",
                    Context_sign,
@@ -838,7 +1600,7 @@ void Init_rbsecp256k1()
   // Secp256k1::KeyPair
   Secp256k1_KeyPair_class = rb_define_class_under(Secp256k1_module,
                                                   "KeyPair",
-                                                  rb_cObject);
+                                                  rb_cData);
   rb_define_alloc_func(Secp256k1_KeyPair_class, KeyPair_alloc);
   rb_define_attr(Secp256k1_KeyPair_class, "public_key", 1, 0);
   rb_define_attr(Secp256k1_KeyPair_class, "private_key", 1, 0);
@@ -846,44 +1608,35 @@ void Init_rbsecp256k1()
                    "initialize",
                    KeyPair_initialize,
                    2);
+  rb_define_method(Secp256k1_KeyPair_class, "==", KeyPair_equals, 1);
 
   // Secp256k1::PublicKey
   Secp256k1_PublicKey_class = rb_define_class_under(Secp256k1_module,
                                                     "PublicKey",
-                                                    rb_cObject);
+                                                    rb_cData);
   rb_define_alloc_func(Secp256k1_PublicKey_class, PublicKey_alloc);
   rb_define_method(Secp256k1_PublicKey_class,
-                   "initialize",
-                   PublicKey_initialize,
-                   2);
-  rb_define_method(Secp256k1_PublicKey_class,
-                   "as_compressed",
-                   PublicKey_as_compressed,
+                   "compressed",
+                   PublicKey_compressed,
                    0);
   rb_define_method(Secp256k1_PublicKey_class,
-                   "as_uncompressed",
-                   PublicKey_as_uncompressed,
+                   "uncompressed",
+                   PublicKey_uncompressed,
                    0);
+  rb_define_method(Secp256k1_PublicKey_class, "==", PublicKey_equals, 1);
 
   // Secp256k1::PrivateKey
   Secp256k1_PrivateKey_class = rb_define_class_under(
-    Secp256k1_module, "PrivateKey", rb_cObject
+    Secp256k1_module, "PrivateKey", rb_cData
   );
   rb_define_alloc_func(Secp256k1_PrivateKey_class, PrivateKey_alloc);
-  rb_define_singleton_method(Secp256k1_PrivateKey_class,
-                             "generate",
-                             PrivateKey_generate,
-                             0);
   rb_define_attr(Secp256k1_PrivateKey_class, "data", 1, 0);
-  rb_define_method(Secp256k1_PrivateKey_class,
-                   "initialize",
-                   PrivateKey_initialize,
-                   1);
+  rb_define_method(Secp256k1_PrivateKey_class, "==", PrivateKey_equals, 1);
 
   // Secp256k1::Signature
   Secp256k1_Signature_class = rb_define_class_under(Secp256k1_module,
                                                     "Signature",
-                                                    rb_cObject);
+                                                    rb_cData);
   rb_define_alloc_func(Secp256k1_Signature_class, Signature_alloc);
   rb_define_method(Secp256k1_Signature_class,
                    "der_encoded",
@@ -893,4 +1646,81 @@ void Init_rbsecp256k1()
                    "compact",
                    Signature_compact,
                    0);
+  rb_define_method(Secp256k1_Signature_class,
+                   "normalized",
+                   Signature_normalized,
+                   0);
+  rb_define_method(Secp256k1_Signature_class,
+                   "==",
+                   Signature_equals,
+                   1);
+
+#ifdef HAVE_SECP256K1_RECOVERY_H
+  // Secp256k1::RecoverableSignature
+  Secp256k1_RecoverableSignature_class = rb_define_class_under(
+    Secp256k1_module,
+    "RecoverableSignature",
+    rb_cData
+  );
+  rb_define_alloc_func(
+    Secp256k1_RecoverableSignature_class,
+    RecoverableSignature_alloc
+  );
+  rb_define_method(
+    Secp256k1_RecoverableSignature_class,
+    "compact",
+    RecoverableSignature_compact,
+    0
+  );
+  rb_define_method(
+    Secp256k1_RecoverableSignature_class,
+    "to_signature",
+    RecoverableSignature_to_signature,
+    0
+  );
+  rb_define_method(
+    Secp256k1_RecoverableSignature_class,
+    "recover_public_key",
+    RecoverableSignature_recover_public_key,
+    1
+  );
+  rb_define_method(
+    Secp256k1_RecoverableSignature_class,
+    "==",
+    RecoverableSignature_equals,
+    1
+  );
+
+  // Context recoverable signature methods
+  rb_define_method(
+    Secp256k1_Context_class,
+    "sign_recoverable",
+    Context_sign_recoverable,
+    2
+  );
+  rb_define_method(
+    Secp256k1_Context_class,
+    "recoverable_signature_from_compact",
+    Context_recoverable_signature_from_compact,
+    2
+  );
+#endif // HAVE_SECP256K1_RECOVERY_H
+
+#ifdef HAVE_SECP256K1_ECDH_H
+  Secp256k1_SharedSecret_class = rb_define_class_under(
+    Secp256k1_module,
+    "SharedSecret",
+    rb_cData
+  );
+  rb_define_alloc_func(Secp256k1_SharedSecret_class, SharedSecret_alloc);
+  rb_define_attr(Secp256k1_SharedSecret_class, "data", 1, 0);
+
+  // Context EC Diffie-Hellman methods
+  rb_define_method(
+    Secp256k1_Context_class,
+    "ecdh",
+    Context_ecdh,
+    2
+  );
+#endif // HAVE_SECP256K1_ECDH_H
 }