ruby-bitcoin-secp256k1 0.5.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 03ab3f4eeaa3515c7ef68d9bc438f0a8447d93958b35d7220af1e734408516bd
+  data.tar.gz: 2b470759548d5611adf3351dd7bbe06559e2953f7d5e314a0babe1a208573a2c
+SHA512:
+  metadata.gz: '08d8e8b4dd92b3088f25cff4f326e6d09b01b417dc89bc7376628162e2205445cfd61117fa2fb1db1f15d9f7e6c1a0961e8c141ebe898f0d4031a1e23311cf8b'
+  data.tar.gz: 3bd4282824621b3f127d748176e8b5a5b6b43a898c296f7eb09a9294c07231ae32b505743d1a66540173542067d42af57a07303c8874d255fa30743601c6ff25

data/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+tmp
+lib/ethash/ethash.so
+tags

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "secp256k1"]
+	path = secp256k1
+	url = https://github.com/bitcoin-core/secp256k1.git

data/.travis.yml

@@ -0,0 +1,61 @@
+################
+# CI Workflow:
+# feature development, trigger by `git push`:
+#   test -> code_audit(code_security_audit and code_quality_audit)
+#
+# feature deploy, trigger by `git push --tags`
+#   test -> deploy
+#
+# Stages:
+# - test: run `rake test`
+# - code_audit: run `code_quality security_audit` and `code_quality quality_audit`
+# - deploy: auto build and upload a gem package to rubygems.org after `git push --tags`
+#
+# Principle:
+# - fail fast
+# - done is better than perfect
+################
+
+stages:
+  - test
+  - code_audit
+  - deploy
+
+sudo: false
+language: ruby
+rvm:
+  - 2.4.4
+  - 2.5.3
+before_install:
+  - gem install bundler
+  - git submodule update --init --recursive
+  - ./install_lib.sh
+
+# config GitHub OAuth Token
+env:
+  global:
+    secure: ENV_GLOBAL_SECURE
+
+jobs:
+  include:
+    - stage: code_audit
+      if: branch != master
+      install: gem install code_quality --no-ri --no-rdoc
+      script:
+        - bundle install # to generate Gemfile.lock
+        - code_quality security_audit:bundler_audit
+        - code_quality quality_audit fail_fast=false generate_index=true lowest_score=80 rubocop_max_offenses=200
+
+# automatically release Ruby gem to RubyGems after a successful build with `git push --tags`
+# refs: https://docs.travis-ci.com/user/deployment/rubygems/
+# 1. how to get your api_key: https://rubygems.org/profile/edit
+# 2. intall `travis` cli: $ gem install travis
+# 3. get encrypted api_key secure: $ travis setup rubygems
+deploy:
+  - provider: rubygems
+    api_key:
+      secure: oAeCF8k1NW3a94NXJoQs6kBRJG5TY9zdGJAVgvMxFuEnDVgjmuoKceTLdeQzKin+2PS2KRzGhT5E27wrNvCnQGfjKmQA9kPDqSQeJNnRBkbTjxKwkbi2P4g2EE1wR5PYgKq0mJ/4BMxVWZOleYT+ihwMiZDzoadAglbs5PSlC1HNnaQbnPQ3nfN1iG7o1KXdva5Bw4mcm86QPDrSoR9Fl/7ZJvteVouvC71Qt4QhkcaVV3piDUDM6JRbxa6ydsDOV6zq4nZP7UwufgK1GIpVNiLnVZtL3jCndY84a4MYz5sgBbvSEmSVbF1OdrPgllCV2wnauOtuzTqRYF5ATYyM3Hx58jYLUyd6YwXQrEoirHCyt2XaKSF1r2f9zvllVdXSCj+6/CJ70HkHrJTO3K2C9/uZEYIfNbTFZjMASWKyB52Vch5dFmlTloI/eLF2vp5jjY4iYTInPeb59UzqyBkMT4jtwconbre8eVKW/9qHTdTJDKQqmp4jKD+raeia/FbVaOTKyZ9nWxSQI3mVy49diK2j+Pd1LVw3nXY9zMz5f5W/D/zyGVf/Xt6gRNo0aj8UdMvZJm3awvruwQpJTa2tcp5m/iv74JzsFMdgit1pEbimF6xs7Ph8wVAI7eKVctZtI/zeaw+nv3mcg3+/GNGzSSj0RsjdXetrFSh6eh+qfL0=
+    gem: bitcoin-secp256k1
+    on:
+      tags: true
+      repo: cryptape/ruby-bitcoin-secp256k1

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,25 @@
+PATH
+  remote: .
+  specs:
+    ruby-bitcoin-secp256k1 (0.5.2)
+      ffi (>= 1.9.25)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ffi (1.15.5)
+    minitest (5.11.3)
+    rake (12.3.2)
+    yard (0.9.20)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  minitest (= 5.11.3)
+  rake (~> 12.3)
+  ruby-bitcoin-secp256k1!
+  yard (= 0.9.20)
+
+BUNDLED WITH
+   1.17.2

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Jan Xie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,54 @@
+# ruby-bitcoin-secp256k1
+
+## Prerequisite
+
+In order to use this gem, [libsecp256k1](https://github.com/bitcoin/secp256k1) must be in place.
+
+### macOS
+
+```bash
+brew tap nervosnetwork/tap
+brew install libsecp256k1
+```
+
+### Ubuntu 18.04 or above
+
+```bash
+sudo apt install libsecp256k1-dev
+```
+
+### Ubuntu 16.04 or below
+
+```
+$ git clone https://github.com/bitcoin-core/secp256k1.git && cd secp256k1
+$ ./autogen.sh
+$ ./configure
+$ make
+$ sudo make install
+```
+
+Or if you have cloned the project, you could go to project root and run this install script:
+
+```
+git submodule update --init --recursive
+./install_lib.sh
+```
+
+The recovery and ecdh modules are optional. If your local installation of secp256k1 doesn't enable them then the gem would throw `LoadModuleError` when related functions are invoked.
+
+## Install
+
+```
+gem i bitcoin-secp256k1
+```
+
+Then `require 'secp256k1'` (without `bitcoin-` prefix) in your source code.
+
+## Usage
+
+Check [test](test) for examples.
+
+## LICENSE
+
+[MIT License](LICENSE)
+

data/Rakefile

@@ -0,0 +1,9 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs += %w(lib test)
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end
+
+task default: [:test]

data/install_lib.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+pushd secp256k1
+./autogen.sh
+./configure --enable-module-recovery --enable-experimental --enable-module-ecdh --enable-module-schnorr
+make && sudo make install
+popd

data/lib/bitcoin_secp256k1/c.rb

@@ -0,0 +1,107 @@
+# -*- encoding : ascii-8bit -*-
+require 'ffi'
+require 'ffi/tools/const_generator'
+
+module BitcoinSecp256k1
+  module C
+    extend FFI::Library
+
+    ffi_lib (ENV['LIBSECP256K1'] || 'libsecp256k1')
+
+    Constants = FFI::ConstGenerator.new('BitcoinSecp256k1', required: true) do |gen|
+      gen.include 'secp256k1.h'
+
+      gen.const(:SECP256K1_EC_COMPRESSED)
+      gen.const(:SECP256K1_EC_UNCOMPRESSED)
+
+      gen.const(:SECP256K1_CONTEXT_SIGN)
+      gen.const(:SECP256K1_CONTEXT_VERIFY)
+      gen.const(:SECP256K1_CONTEXT_NONE)
+    end
+
+    class Pubkey < FFI::Struct
+      layout :data, [:uchar, 64]
+    end
+
+    class ECDSASignature < FFI::Struct
+      layout :data, [:uchar, 64]
+    end
+
+    class ECDSARecoverableSignature < FFI::Struct
+      layout :data, [:uchar, 65]
+    end
+
+    # secp256k1_context* secp256k1_context_create(unsigned int flags)
+    attach_function :secp256k1_context_create, [:uint], :pointer
+
+    # void secp256k1_context_destroy(secp256k1_context* ctx)
+    attach_function :secp256k1_context_destroy, [:pointer], :void
+
+    # int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen)
+    attach_function :secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int
+
+    # int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey)
+    attach_function :secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags)
+    attach_function :secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int
+
+    # int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey)
+    attach_function :secp256k1_ec_seckey_verify, [:pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig)
+    attach_function :secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, const secp256k1_ecdsa_signature* sig)
+    attach_function :secp256k1_ecdsa_signature_serialize_compact, [:pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen)
+    attach_function :secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int
+
+    # int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input64)
+    attach_function :secp256k1_ecdsa_signature_parse_compact, [:pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
+    attach_function :secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey)
+    attach_function :secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int
+
+    # int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin)
+    attach_function :secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int
+
+    # recovery module
+    begin
+      # int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid)
+      attach_function :secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int
+
+      # int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin)
+      attach_function :secp256k1_ecdsa_recoverable_signature_convert, [:pointer, :pointer, :pointer], :int
+
+      # int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig)
+      attach_function :secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int
+
+      # int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
+      attach_function :secp256k1_ecdsa_sign_recoverable, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+
+      # int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32)
+      attach_function :secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+    end
+
+    def self.module_recovery_enabled?
+      respond_to? :secp256k1_ecdsa_recover
+    end
+
+    # ecdh module
+    begin
+      # int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar)
+      attach_function :secp256k1_ecdh, [:pointer, :pointer, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+    end
+
+    def self.module_ecdh_enabled?
+      respond_to :secp256k1_ecdh
+    end
+  end
+end

data/lib/bitcoin_secp256k1/ecdsa.rb

@@ -0,0 +1,102 @@
+# -*- encoding : ascii-8bit -*-
+module BitcoinSecp256k1
+  module ECDSA
+
+    SIZE_SERIALIZED = 74
+    SIZE_COMPACT = 64
+
+    def ecdsa_serialize(raw_sig)
+      output = FFI::MemoryPointer.new(:uchar, SIZE_SERIALIZED)
+      outputlen = FFI::MemoryPointer.new(:size_t).put_uint(0, SIZE_SERIALIZED)
+
+      res = C.secp256k1_ecdsa_signature_serialize_der(@ctx, output, outputlen, raw_sig)
+      raise AssertError, "failed to seriazlie signature" unless res == 1
+
+      output.read_bytes(outputlen.read_uint)
+    end
+
+    def ecdsa_deserialize(ser_sig)
+      raw_sig = C::ECDSASignature.new.pointer
+
+      res = C.secp256k1_ecdsa_signature_parse_der(@ctx, raw_sig, ser_sig, ser_sig.size)
+      raise AssertError, "raw signature parse failed" unless res == 1
+
+      raw_sig
+    end
+
+    def ecdsa_serialize_compact(raw_sig)
+      output = FFI::MemoryPointer.new(:uchar, SIZE_COMPACT)
+
+      res = C.secp256k1_ecdsa_signature_serialize_compact(@ctx, output, raw_sig)
+      raise AssertError, "failed to seriazlie compact signature" unless res == 1
+
+      output.read_bytes(SIZE_COMPACT)
+    end
+
+    def ecdsa_deserialize_compact(ser_sig)
+      raise ArgumentError, 'invalid signature length' unless ser_sig.size == 64
+
+      raw_sig = C::ECDSASignature.new.pointer
+
+      res = C.secp256k1_ecdsa_signature_parse_compact(@ctx, raw_sig, ser_sig)
+      raise AssertError, "failed to deserialize compact signature" unless res == 1
+
+      raw_sig
+    end
+
+    ##
+    # Check and optionally convert a signature to a normalized lower-S form. If
+    # check_only is `true` then the normalized signature is not returned.
+    #
+    # This function always return a tuple containing a boolean (`true` if not
+    # previously normalized or `false` if signature was already normalized),
+    # and the normalized signature. When check_only is `true`, the normalized
+    # signature returned is always `nil`.
+    #
+    def ecdsa_signature_normalize(raw_sig, check_only: false)
+      sigout = check_only ? nil : C::ECDSASignature.new.pointer
+      res = C.secp256k1_ecdsa_signature_normalize(@ctx, sigout, raw_sig)
+      [res == 1, sigout]
+    end
+
+    def ecdsa_recover(msg, recover_sig, raw: false, digest: Digest::SHA256)
+      raise AssertError, 'instance not configured for ecdsa recover' if (@flags & ALL_FLAGS) != ALL_FLAGS
+
+      msg32 = hash32 msg, raw, digest
+      pubkey = C::Pubkey.new.pointer
+
+      res = C.secp256k1_ecdsa_recover(@ctx, pubkey, recover_sig, msg32)
+      raise AssertError, 'failed to recover ECDSA public key' unless res == 1
+
+      pubkey
+    end
+
+    def ecdsa_recoverable_serialize(recover_sig)
+      output = FFI::MemoryPointer.new :uchar, SIZE_COMPACT
+      recid = FFI::MemoryPointer.new :int
+
+      C.secp256k1_ecdsa_recoverable_signature_serialize_compact(@ctx, output, recid, recover_sig)
+
+      [output.read_bytes(SIZE_COMPACT), recid.read_int]
+    end
+
+    def ecdsa_recoverable_deserialize(ser_sig, rec_id)
+      raise ArgumentError, 'invalid rec_id' if rec_id < 0 || rec_id > 3
+      raise ArgumentError, 'invalid signature length' if ser_sig.size != 64
+
+      recover_sig = C::ECDSARecoverableSignature.new.pointer
+
+      res = C.secp256k1_ecdsa_recoverable_signature_parse_compact(@ctx, recover_sig, ser_sig, rec_id)
+      raise AssertError, 'failed to parse ECDSA compact sig' unless res == 1
+
+      recover_sig
+    end
+
+    def ecdsa_recoverable_convert(recover_sig)
+      normal_sig = C::ECDSASignature.new.pointer
+      C.secp256k1_ecdsa_recoverable_signature_convert(@ctx, normal_sig, recover_sig)
+      normal_sig
+    end
+
+  end
+end

data/lib/bitcoin_secp256k1/key.rb

@@ -0,0 +1,252 @@
+# -*- encoding : ascii-8bit -*-
+require 'digest'
+require 'securerandom'
+
+module BitcoinSecp256k1
+
+  class BaseKey
+    def initialize(ctx, flags)
+      @destroy = false
+
+      unless ctx
+        raise ArgumentError, "invalid flags" unless [NO_FLAGS, FLAG_SIGN, FLAG_VERIFY, ALL_FLAGS].include?(flags)
+        ctx = FFI::AutoPointer.new C.secp256k1_context_create(flags), C.method(:secp256k1_context_destroy)
+        @destroy = true
+      end
+
+      @flags = flags
+      @ctx = ctx
+    end
+  end
+
+  class PublicKey < BaseKey
+    include ECDSA, Utils
+
+    attr_accessor :public_key
+
+    def initialize(pubkey: nil, raw: false, flags: FLAG_VERIFY, ctx: nil)
+      super(ctx, flags)
+
+      if pubkey
+        if raw
+          raise ArgumentError, 'raw pubkey must be bytes' unless pubkey.instance_of?(String)
+          @public_key = deserialize pubkey
+        else
+          #raise ArgumentError, 'pubkey must be an internal object' unless pubkey.instance_of?(String)
+          @public_key = pubkey
+        end
+      else
+        @public_key = nil
+      end
+    end
+
+    def serialize(compressed: true)
+      raise AssertError, 'No public key defined' unless @public_key
+
+      len_compressed = compressed ? 33 : 65
+      res_compressed = FFI::MemoryPointer.new :char, len_compressed
+      outlen = FFI::MemoryPointer.new(:size_t).write_uint(len_compressed)
+      compflag = compressed ? EC_COMPRESSED : EC_UNCOMPRESSED
+
+      res = C.secp256k1_ec_pubkey_serialize(@ctx, res_compressed, outlen, @public_key, compflag)
+      raise AssertError, 'pubkey serialization failed' unless res == 1
+
+      res_compressed.read_bytes(len_compressed)
+    end
+
+    def deserialize(pubkey_ser)
+      raise ArgumentError, 'unknown public key size (expected 33 or 65)' unless [33,65].include?(pubkey_ser.size)
+
+      pubkey = C::Pubkey.new.pointer
+
+      res = C.secp256k1_ec_pubkey_parse(@ctx, pubkey, pubkey_ser, pubkey_ser.size)
+      raise AssertError, 'invalid public key' unless res == 1
+
+      @public_key = pubkey
+      pubkey
+    end
+
+    ##
+    # Add a number of public keys together.
+    #
+    def combine(pubkeys)
+      raise ArgumentError, 'must give at least 1 pubkey' if pubkeys.empty?
+
+      outpub = FFI::Pubkey.new.pointer
+      #pubkeys.each {|item| }
+
+      res = C.secp256k1_ec_pubkey_combine(@ctx, outpub, pubkeys, pubkeys.size)
+      raise AssertError, 'failed to combine public keys' unless res == 1
+
+      @public_key = outpub
+      outpub
+    end
+
+    ##
+    # Tweak the current public key by adding a 32 byte scalar times the
+    # generator to it and return a new PublicKey instance.
+    #
+    def tweak_add(scalar)
+      tweak_public :secp256k1_ec_pubkey_tweak_add, scalar
+    end
+
+    ##
+    # Tweak the current public key by multiplying it by a 32 byte scalar and
+    # return a new PublicKey instance.
+    #
+    def tweak_mul(scalar)
+      tweak_public :secp256k1_ec_pubkey_tweak_mul, scalar
+    end
+
+    def ecdsa_verify(msg, raw_sig, raw: false, digest: Digest::SHA256)
+      raise AssertError, 'No public key defined' unless @public_key
+      raise AssertError, 'instance not configured for sig verification' if (@flags & FLAG_VERIFY) != FLAG_VERIFY
+
+      msg32 = hash32 msg, raw, digest
+
+      C.secp256k1_ecdsa_verify(@ctx, raw_sig, msg32, @public_key) == 1
+    end
+
+    def ecdh(scalar)
+      raise AssertError, 'No public key defined' unless @public_key
+      raise ArgumentError, 'scalar must be composed of 32 bytes' unless scalar.instance_of?(String) && scalar.size == 32
+
+      result = FFI::MemoryPointer.new :char, 32
+
+      res = C.secp256k1_ecdh @ctx, result, @public_key, scalar
+      raise AssertError, "invalid scalar (#{scalar})" unless res == 1
+
+      result.read_bytes(32)
+    end
+
+    private
+
+    def tweak_public(meth, scalar)
+      raise ArgumentError, 'scalar must be composed of 32 bytes' unless scalar.instance_of?(String) && scalar.size == 32
+      raise AssertError, 'No public key defined.' unless @public_key
+
+      newpub = self.class.new serialize, raw: true
+
+      res = C.send meth, newpub.public_key, scalar
+      raise AssertError, 'Tweak is out of range' unless res == 1
+
+      newpub
+    end
+
+  end
+
+  class PrivateKey < BaseKey
+    include ECDSA, Utils
+
+    attr :pubkey
+
+    def initialize(privkey: nil, raw: true, flags: ALL_FLAGS, ctx: nil)
+      raise AssertError, "invalid flags" unless [ALL_FLAGS, FLAG_SIGN].include?(flags)
+
+      super(ctx, flags)
+
+      @pubkey = nil
+      @private_key = nil
+
+      if privkey
+        if raw
+          raise ArgumentError, "privkey must be composed of 32 bytes" unless privkey.instance_of?(String) && privkey.size == 32
+          set_raw_privkey privkey
+        else
+          deserialize privkey
+        end
+      else
+        set_raw_privkey generate_private_key
+      end
+    end
+
+    def ecdsa_sign(msg, raw: false, digest: Digest::SHA256)
+      msg32 = hash32 msg, raw, digest
+      raw_sig = C::ECDSASignature.new.pointer
+
+      res = C.secp256k1_ecdsa_sign @ctx, raw_sig, msg32, @private_key, nil, nil
+      raise AssertError, "failed to sign" unless res == 1
+
+      raw_sig
+    end
+
+    def ecdsa_sign_recoverable(msg, raw: false, digest: Digest::SHA256)
+      raise LoadModuleError, "libsecp256k1 recovery module is not enabled" unless C.module_recovery_enabled?
+
+      msg32 = hash32 msg, raw, digest
+      raw_sig = C::ECDSARecoverableSignature.new.pointer
+
+      res = C.secp256k1_ecdsa_sign_recoverable @ctx, raw_sig, msg32, @private_key, nil, nil
+      raise AssertError, "failed to sign" unless res == 1
+
+      raw_sig
+    end
+
+    def set_raw_privkey(privkey)
+      raise ArgumentError, "invalid private key" unless C.secp256k1_ec_seckey_verify(@ctx, privkey)
+      @private_key = privkey
+      update_public_key
+    end
+
+    ##
+    # Tweak the current private key by adding a 32 bytes scalar to it and
+    # return a new raw private key composed of 32 bytes.
+    #
+    def tweak_add(scalar)
+      tweak_private :secp256k1_ec_privkey_tweak_add, scalar
+    end
+
+    ##
+    # Tweak the current private key by multiplying it by a 32 byte scalar and
+    # return a new raw private key composed of 32 bytes.
+    #
+    def tweak_mul(scalar)
+      tweak_private :secp256k1_ec_pubkey_tweak_mul, scalar
+    end
+
+    private
+
+    def tweak_private(meth, scalar)
+      raise ArgumentError, "scalar must be composed of 32 bytes" unless scalar.instance_of?(String) && scalar.size == 32
+
+      key = FFI::MemoryPointer.new(:uchar, 32).put_string(@private_key)
+
+      C.send meth, @ctx, key, scalar
+      raise AssertError, "Tweak is out of range" unless res == 1
+
+      key.read_string(32)
+    end
+
+    def update_public_key
+      public_key = generate_public_key @private_key
+      @pubkey = PublicKey.new pubkey: public_key, raw: false, ctx: @ctx, flags: @flags
+    end
+
+    def generate_public_key(privkey)
+      pubkey_ptr = C::Pubkey.new.pointer
+
+      res = C.secp256k1_ec_pubkey_create @ctx, pubkey_ptr, privkey
+      raise AssertError, "failed to generate public key" unless res == 1
+
+      pubkey_ptr
+    end
+
+    def generate_private_key
+      SecureRandom.random_bytes(32)
+    end
+
+    def serialize
+      encode_hex @private_key
+    end
+
+    def deserialize(privkey_serialized)
+      raise ArgumentError, "invalid private key" unless privkey_serialized.size == 64
+
+      rawkey = decode_hex privkey_serialized
+      set_raw_privkey rawkey
+
+      @private_key
+    end
+
+  end
+end

data/lib/bitcoin_secp256k1/utils.rb

@@ -0,0 +1,22 @@
+# -*- encoding : ascii-8bit -*-
+module BitcoinSecp256k1
+  module Utils
+
+    extend self
+
+    def hash32(msg, raw, digest)
+      msg32 = raw ? msg : digest.digest(msg)
+      raise AssertError, "digest function must produce 256 bits" unless msg32.size == 32
+      msg32
+    end
+
+    def encode_hex(b)
+      b.unpack('H*').first
+    end
+
+    def decode_hex(s)
+      [s].pack('H*')
+    end
+
+  end
+end