From cd6e1af8c7c6ba0e4060f047cb0cad4c0d7626a4 Mon Sep 17 00:00:00 2001
From: ziffee <xiphiness@protonmail.com>
Date: Thu, 12 Dec 2024 06:43:53 +0700
Subject: [PATCH 1/2] gw/secp: add secp256k1_scalar_to_point

---
 urcrypt/secp256k1.c | 29 +++++++++++++++++++++++++++++
 urcrypt/urcrypt.h   |  4 ++++
 2 files changed, 33 insertions(+)

diff --git a/urcrypt/secp256k1.c b/urcrypt/secp256k1.c
index 8c599b6..eab9e67 100644
--- a/urcrypt/secp256k1.c
+++ b/urcrypt/secp256k1.c
@@ -243,3 +243,32 @@ urcrypt_secp_schnorr_veri(urcrypt_secp_context* context,
   }
   return true;
 }
+
+int
+urcrypt_secp_point_from_scalar(urcrypt_secp_context* context,
+                                const uint8_t scalar[32],
+                                uint8_t point[65]) {
+  urcrypt__reverse(32, scalar);
+  secp256k1_keypair keypair;
+  secp256k1_pubkey pubkey;
+
+  secp256k1_keypair_create(context->secp, &keypair, scalar);
+
+  secp256k1_keypair_pub(context->secp, &pubkey, &keypair);
+
+  size_t output_len = 65;
+  if (1 != secp256k1_ec_pubkey_serialize(
+          context->secp,
+          point,
+          &output_len,
+          &pubkey,
+          SECP256K1_FLAGS_TYPE_COMPRESSION)) {
+    return -1;
+  }
+
+  urcrypt__reverse(32, point + 1);
+  urcrypt__reverse(32, point + 33);
+
+  return 0;
+}
+
diff --git a/urcrypt/urcrypt.h b/urcrypt/urcrypt.h
index 1a0ca9d..fdc9574 100644
--- a/urcrypt/urcrypt.h
+++ b/urcrypt/urcrypt.h
@@ -284,6 +284,10 @@ void urcrypt_scrypt_pbkdf_sha256(const uint8_t *passwd,
                                  size_t outlen, // must be at most 32*(2^32-1)
                                  uint8_t *out);
 
+int urcrypt_secp_point_from_scalar(urcrypt_secp_context* context,
+                                const uint8_t scalar[32],
+                                uint8_t point[65]);
+
 int urcrypt_scrypt(const uint8_t *passwd,
                    size_t passwdlen,
                    const uint8_t *salt,

From 978dde45c404f1a1ab61f24366c13a2e46d81bdc Mon Sep 17 00:00:00 2001
From: cyclomancer <ygyzyx@gmail.com>
Date: Mon, 13 Jan 2025 15:45:16 -0600
Subject: [PATCH 2/2] add tweak to privkeys and compressed pubkeys, change
 pub-from-priv interface to use compressed pubkeys

---
 urcrypt/secp256k1.c | 64 ++++++++++++++++++++++++++++++++++++++-------
 urcrypt/urcrypt.h   | 14 +++++++---
 2 files changed, 66 insertions(+), 12 deletions(-)

diff --git a/urcrypt/secp256k1.c b/urcrypt/secp256k1.c
index eab9e67..45e93f4 100644
--- a/urcrypt/secp256k1.c
+++ b/urcrypt/secp256k1.c
@@ -245,30 +245,76 @@ urcrypt_secp_schnorr_veri(urcrypt_secp_context* context,
 }
 
 int
-urcrypt_secp_point_from_scalar(urcrypt_secp_context* context,
-                                const uint8_t scalar[32],
-                                uint8_t point[65]) {
+urcrypt_secp_cmp_point_from_scalar(urcrypt_secp_context* context,
+                               const uint8_t scalar[32],
+                               uint8_t cmp_point[33]) {
   urcrypt__reverse(32, scalar);
+
   secp256k1_keypair keypair;
   secp256k1_pubkey pubkey;
 
   secp256k1_keypair_create(context->secp, &keypair, scalar);
-
   secp256k1_keypair_pub(context->secp, &pubkey, &keypair);
 
-  size_t output_len = 65;
+  size_t output_len = 33;
   if (1 != secp256k1_ec_pubkey_serialize(
           context->secp,
-          point,
+          cmp_point,
           &output_len,
           &pubkey,
-          SECP256K1_FLAGS_TYPE_COMPRESSION)) {
+          SECP256K1_EC_COMPRESSED)) {
     return -1;
   }
 
-  urcrypt__reverse(32, point + 1);
-  urcrypt__reverse(32, point + 33);
+  urcrypt__reverse(33, cmp_point);
+
+  return 0;
+}
+
+int
+urcrypt_secp_scalar_tweak_add(urcrypt_secp_context* context,
+                              uint8_t scalar[32],
+                              const uint8_t tweak[32]) {
+  urcrypt__reverse(32, scalar);
+  urcrypt__reverse(32, tweak);
+
+  if (1 != secp256k1_ec_seckey_tweak_add(context, scalar, tweak)) {
+    return -1;
+  }
+
+  urcrypt__reverse(32, scalar);
 
   return 0;
 }
 
+int
+urcrypt_secp_cmp_point_tweak_add(urcrypt_secp_context* context,
+                             uint8_t cmp_point[33],
+                             const uint8_t tweak[32]) {
+  urcrypt__reverse(33, cmp_point);
+  urcrypt__reverse(32, tweak);
+
+  secp256k1_pubkey point;
+  size_t cmp_len = 33;
+
+  if (1 != secp256k1_ec_pubkey_parse(context->secp, &point, cmp_point, cmp_len)) {
+    return -1; //invalid compressed point
+  }
+
+  if (1 != secp256k1_ec_pubkey_tweak_add(context->secp, &point, tweak)) {
+    return -2; //invalid tweak
+  }
+
+  if (1 != secp256k1_ec_pubkey_serialize(
+           context->secp,
+           cmp_point,
+           &cmp_len,
+           &point,
+           SECP256K1_EC_COMPRESSED)) {
+    return -3; //something is very wrong
+  }
+
+  urcrypt__reverse(33, cmp_point);
+
+  return 0;
+}
\ No newline at end of file
diff --git a/urcrypt/urcrypt.h b/urcrypt/urcrypt.h
index fdc9574..59b0253 100644
--- a/urcrypt/urcrypt.h
+++ b/urcrypt/urcrypt.h
@@ -284,9 +284,17 @@ void urcrypt_scrypt_pbkdf_sha256(const uint8_t *passwd,
                                  size_t outlen, // must be at most 32*(2^32-1)
                                  uint8_t *out);
 
-int urcrypt_secp_point_from_scalar(urcrypt_secp_context* context,
-                                const uint8_t scalar[32],
-                                uint8_t point[65]);
+int urcrypt_secp_cmp_point_from_scalar(urcrypt_secp_context* context,
+                                   const uint8_t scalar[32],
+                                   uint8_t cmp_point[33]);
+
+int urcrypt_secp_scalar_tweak_add(urcrypt_secp_context* context,
+                                  uint8_t scalar[32],
+                                  const uint8_t tweak[32]);
+
+int urcrypt_secp_cmp_point_tweak_add(urcrypt_secp_context* context,
+                                  uint8_t cmp_point[33],
+                                  const uint8_t tweak[32]);
 
 int urcrypt_scrypt(const uint8_t *passwd,
                    size_t passwdlen,