Enable ECDH computation on secp256k1 keys

configure.ac

@@ -1869,7 +1869,7 @@ PKGCONFIG_LIBDIR_TEMP="$PKG_CONFIG_LIBDIR"
 unset PKG_CONFIG_LIBDIR
 PKG_CONFIG_LIBDIR="$PKGCONFIG_LIBDIR_TEMP"
 
-ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --disable-openssl-tests"
+ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig --enable-module-ecdh --enable-experimental --disable-openssl-tests"
 AC_CONFIG_SUBDIRS([src/secp256k1])
 
 AC_OUTPUT

src/key.cpp

@@ -11,6 +11,7 @@
 #include <random.h>
 
 #include <secp256k1.h>
+#include <secp256k1_ecdh.h>
 #include <secp256k1_extrakeys.h>
 #include <secp256k1_recovery.h>
 #include <secp256k1_schnorrsig.h>
@@ -332,6 +333,22 @@ bool CKey::Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const
     return ret;
 }
 
+std::optional<ECDHSecret> CKey::ComputeECDHSecret(const CPubKey& pubkey) const {
+    secp256k1_pubkey pubkey_internal;
+    if (!secp256k1_ec_pubkey_parse(secp256k1_context_sign, &pubkey_internal, pubkey.data(), pubkey.size())) {
+        return {};
+    }
+
+    ECDHSecret secret;
+    secret.resize(ECDH_SECRET_SIZE);
+
+    if (secp256k1_ecdh(secp256k1_context_sign, secret.data(), &pubkey_internal,
+                       keydata.data(), secp256k1_ecdh_hash_function_default, NULL) == 0) {
+        return {};
+    }
+    return secret;
+}
+
 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
     out.nDepth = nDepth + 1;
     CKeyID id = key.GetPubKey().GetID();

src/key.h

@@ -12,6 +12,7 @@
 #include <support/allocators/secure.h>
 #include <uint256.h>
 
+#include <optional>
 #include <stdexcept>
 #include <vector>
 
@@ -22,6 +23,11 @@
  */
 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
 
+constexpr static int ECDH_SECRET_SIZE = 32;
+
+// Used to represent a ECDH secret (ECDH_SECRET_SIZE bytes)
+using ECDHSecret = std::vector<uint8_t, secure_allocator<uint8_t> >;
+
 /** An encapsulated private key. */
 class CKey
 {
@@ -156,6 +162,8 @@ class CKey
 
     //! Load private key and check that public key matches.
     bool Load(const CPrivKey& privkey, const CPubKey& vchPubKey, bool fSkipCheck);
+
+    std::optional<ECDHSecret> ComputeECDHSecret(const CPubKey& pubkey) const;
 };
 
 struct CExtKey {

src/test/key_tests.cpp

@@ -12,6 +12,7 @@
 #include <util/string.h>
 #include <util/system.h>
 
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -344,4 +345,26 @@ BOOST_AUTO_TEST_CASE(bip340_test_vectors)
     }
 }
 
+BOOST_AUTO_TEST_CASE(ecdh) {
+    CKey initiator_key = DecodeSecret(strSecret1);
+    CKey responder_key = DecodeSecret(strSecret2C);
+
+    auto initiator_secret = initiator_key.ComputeECDHSecret(responder_key.GetPubKey());
+    auto responder_secret = responder_key.ComputeECDHSecret(initiator_key.GetPubKey());
+    BOOST_CHECK(initiator_secret.has_value());
+    BOOST_CHECK(responder_secret.has_value());
+    BOOST_CHECK_EQUAL(initiator_secret->size(), ECDH_SECRET_SIZE);
+    BOOST_CHECK_EQUAL(responder_secret->size(), ECDH_SECRET_SIZE);
+    BOOST_CHECK(initiator_secret.value() == responder_secret.value());
+
+    // ECDH computation with invalid pubkey
+    std::vector<unsigned char> pubkeydata;
+    auto responder_pubkey = responder_key.GetPubKey();
+    pubkeydata.insert(pubkeydata.end(), responder_pubkey.begin(), responder_pubkey.end());
+    pubkeydata[0] = 0xFF;
+    CPubKey invalid_responder_pubkey(pubkeydata);
+    initiator_secret = initiator_key.ComputeECDHSecret(invalid_responder_pubkey);
+    BOOST_CHECK(!initiator_secret.has_value());
+}
+
 BOOST_AUTO_TEST_SUITE_END()