Create rust-bidings

Create bindings for all methods and static types in ellswift.h in
secp256k1-sys and their respective safe-rust types.

All methods are extensively commented and tested using BIP324's
test vectors

Author: Davidson-Souza

secp256k1-sys/build.rs

@@ -23,7 +23,8 @@ fn main() {
                .define("SECP256K1_API", Some(""))
                .define("ENABLE_MODULE_ECDH", Some("1"))
                .define("ENABLE_MODULE_SCHNORRSIG", Some("1"))
-               .define("ENABLE_MODULE_EXTRAKEYS", Some("1"));
+               .define("ENABLE_MODULE_EXTRAKEYS", Some("1"))
+               .define("ENABLE_MODULE_ELLSWIFT", Some("1"));
 
     if cfg!(feature = "lowmemory") {
         base_config.define("ECMULT_WINDOW_SIZE", Some("4")); // A low-enough value to consume negligible memory

secp256k1-sys/src/lib.rs

@@ -82,6 +82,16 @@ pub type SchnorrNonceFn = Option<unsafe extern "C" fn(
     data: *mut c_void,
 ) -> c_int>;
 
+pub type EllswiftECDHHashFn = Option<
+    unsafe extern "C" fn(
+        output: *mut c_uchar,
+        x32: *const c_uchar,
+        ell_a64: *const c_uchar,
+        ell_b64: *const c_uchar,
+        data: *mut c_void,
+    ) -> c_int,
+>;
+
 /// Data structure that contains additional arguments for schnorrsig_sign_custom.
 #[repr(C)]
 pub struct SchnorrSigExtraParams {
@@ -517,11 +527,41 @@ impl core::hash::Hash for Keypair {
     }
 }
 
+pub struct XOnlySharedSecret(pub [u8; 32]);
+
+impl XOnlySharedSecret {
+    pub fn as_bytes(&self) -> &[u8] {
+        &self.0
+    }
+    pub fn as_mut_bytes(&mut self) -> &mut [u8] {
+        &mut self.0
+    }
+}
+
+impl_array_newtype!(XOnlySharedSecret, u8, 32);
+impl_raw_debug!(XOnlySharedSecret);
+
+#[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
+pub struct ElligatorSwift([u8; 64]);
+
+impl ElligatorSwift {
+    pub fn from_array(arr: [u8; 64]) -> Self {
+        ElligatorSwift(arr)
+    }
+}
+
+impl_array_newtype!(ElligatorSwift, u8, 64);
+impl_raw_debug!(ElligatorSwift);
+
 extern "C" {
     /// Default ECDH hash function
     #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ecdh_hash_function_default")]
     pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
 
+    /// Default ECDH hash function for BIP324 key establishment
+    #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ellswift_xdh_hash_function_bip324")]
+    pub static secp256k1_ellswift_xdh_hash_function_bip324: EllswiftECDHHashFn;
+
     #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_nonce_function_rfc6979")]
     pub static secp256k1_nonce_function_rfc6979: NonceFn;
 
@@ -600,6 +640,38 @@ extern "C" {
                                  output_pubkey: *mut PublicKey,
                                  keypair: *const Keypair)
                                  -> c_int;
+    // Elligator Swift
+    #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ellswift_encode")]
+    pub fn secp256k1_ellswift_encode(
+        ctx: *const Context,
+        ell64: *mut c_uchar,
+        pubkey: *const PublicKey,
+        rnd32: *const c_uchar,
+    ) -> c_int;
+    #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ellswift_decode")]
+    pub fn secp256k1_ellswift_decode(
+        ctx: *const Context,
+        pubkey: *mut u8,
+        ell64: *const c_uchar,
+    ) -> c_int;
+    #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ellswift_create")]
+    pub fn secp256k1_ellswift_create(
+        ctx: *const Context,
+        ell64: *mut c_uchar,
+        seckey32: *const c_uchar,
+        aux_rand32: *const c_uchar,
+    ) -> c_int;
+    #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_9_0_ellswift_xdh")]
+    pub fn secp256k1_ellswift_xdh(
+        ctx: *const Context,
+        output: *mut c_uchar,
+        ell_a64: *const c_uchar,
+        ell_b64: *const c_uchar,
+        seckey32: *const c_uchar,
+        party: c_int,
+        hashfp: EllswiftECDHHashFn,
+        data: *mut c_void,
+      ) -> c_int;
 }
 
 #[cfg(not(secp256k1_fuzz))]

src/constants.rs

@@ -30,6 +30,9 @@ pub const SCHNORR_PUBLIC_KEY_SIZE: usize = 32;
 /// The size of a key pair.
 pub const KEY_PAIR_SIZE: usize = 96;
 
+/// The size of a full ElligatorSwift encoding.
+pub const ELLSWIFT_ENCODING_SIZE: usize = 64;
+
 /// The Prime for the secp256k1 field element.
 #[rustfmt::skip]
 pub const FIELD_SIZE: [u8; 32] = [