Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/recovery/main_impl.h
Show First 20 Lines • Show All 116 Lines • ▼ Show 20 Lines | static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) { | ||||
secp256k1_scalar_mul(&u2, &rn, sigs); | secp256k1_scalar_mul(&u2, &rn, sigs); | ||||
secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); | secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); | ||||
secp256k1_ge_set_gej_var(pubkey, &qj); | secp256k1_ge_set_gej_var(pubkey, &qj); | ||||
return !secp256k1_gej_is_infinity(&qj); | return !secp256k1_gej_is_infinity(&qj); | ||||
} | } | ||||
int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { | int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { | ||||
secp256k1_scalar r, s; | secp256k1_scalar r, s; | ||||
secp256k1_scalar sec, non, msg; | int ret, recid; | ||||
int recid; | |||||
int ret = 0; | |||||
int overflow = 0; | |||||
const unsigned char secp256k1_ecdsa_recoverable_algo16[17] = "ECDSA+Recovery "; | const unsigned char secp256k1_ecdsa_recoverable_algo16[17] = "ECDSA+Recovery "; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); | ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); | ||||
ARG_CHECK(msg32 != NULL); | ARG_CHECK(msg32 != NULL); | ||||
ARG_CHECK(signature != NULL); | ARG_CHECK(signature != NULL); | ||||
ARG_CHECK(seckey != NULL); | ARG_CHECK(seckey != NULL); | ||||
if (noncefp == NULL) { | |||||
noncefp = secp256k1_nonce_function_default; | |||||
} | |||||
secp256k1_scalar_set_b32(&sec, seckey, &overflow); | ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msg32, seckey, noncefp, secp256k1_ecdsa_recoverable_algo16, noncedata); | ||||
/* Fail if the secret key is invalid. */ | |||||
if (!overflow && !secp256k1_scalar_is_zero(&sec)) { | |||||
unsigned char nonce32[32]; | |||||
unsigned int count = 0; | |||||
secp256k1_scalar_set_b32(&msg, msg32, NULL); | |||||
while (1) { | |||||
ret = noncefp(nonce32, msg32, seckey, secp256k1_ecdsa_recoverable_algo16, (void*)noncedata, count); | |||||
if (!ret) { | |||||
break; | |||||
} | |||||
secp256k1_scalar_set_b32(&non, nonce32, &overflow); | |||||
if (!overflow && !secp256k1_scalar_is_zero(&non)) { | |||||
if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, &recid)) { | |||||
break; | |||||
} | |||||
} | |||||
count++; | |||||
} | |||||
memset(nonce32, 0, 32); | |||||
secp256k1_scalar_clear(&msg); | |||||
secp256k1_scalar_clear(&non); | |||||
secp256k1_scalar_clear(&sec); | |||||
} | |||||
if (ret) { | |||||
secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); | secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); | ||||
} else { | |||||
memset(signature, 0, sizeof(*signature)); | |||||
} | |||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { | int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { | ||||
secp256k1_ge q; | secp256k1_ge q; | ||||
secp256k1_scalar r, s; | secp256k1_scalar r, s; | ||||
secp256k1_scalar m; | secp256k1_scalar m; | ||||
int recid; | int recid; | ||||
Show All 19 Lines |