Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/include/secp256k1_schnorrsig.h
| #ifndef SECP256K1_SCHNORRSIG_H | #ifndef SECP256K1_SCHNORRSIG_H | ||||
| #define SECP256K1_SCHNORRSIG_H | #define SECP256K1_SCHNORRSIG_H | ||||
| #include "secp256k1.h" | #include "secp256k1.h" | ||||
| #include "secp256k1_extrakeys.h" | #include "secp256k1_extrakeys.h" | ||||
| #ifdef __cplusplus | #ifdef __cplusplus | ||||
| extern "C" { | extern "C" { | ||||
| #endif | #endif | ||||
| /* TODO */ | /** This module implements a variant of Schnorr signatures compliant with | ||||
| * Bitcoin Improvement Proposal 340 "Schnorr Signatures for secp256k1" | |||||
| * (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). | |||||
| */ | |||||
| /** A pointer to a function to deterministically generate a nonce. | |||||
| * | |||||
| * Same as secp256k1_nonce function with the exception of accepting an | |||||
| * additional pubkey argument and not requiring an attempt argument. The pubkey | |||||
| * argument can protect signature schemes with key-prefixed challenge hash | |||||
| * inputs against reusing the nonce when signing with the wrong precomputed | |||||
| * pubkey. | |||||
| * | |||||
| * Returns: 1 if a nonce was successfully generated. 0 will cause signing to | |||||
| * return an error. | |||||
| * Out: nonce32: pointer to a 32-byte array to be filled by the function. | |||||
| * In: msg32: the 32-byte message hash being verified (will not be NULL) | |||||
| * key32: pointer to a 32-byte secret key (will not be NULL) | |||||
| * xonly_pk32: the 32-byte serialized xonly pubkey corresponding to key32 | |||||
| * (will not be NULL) | |||||
| * algo16: pointer to a 16-byte array describing the signature | |||||
| * algorithm (will not be NULL). | |||||
| * data: Arbitrary data pointer that is passed through. | |||||
| * | |||||
| * Except for test cases, this function should compute some cryptographic hash of | |||||
| * the message, the key, the pubkey, the algorithm description, and data. | |||||
| */ | |||||
| typedef int (*secp256k1_nonce_function_hardened)( | |||||
| unsigned char *nonce32, | |||||
| const unsigned char *msg32, | |||||
| const unsigned char *key32, | |||||
| const unsigned char *xonly_pk32, | |||||
| const unsigned char *algo16, | |||||
| void *data | |||||
| ); | |||||
| /** An implementation of the nonce generation function as defined in Bitcoin | |||||
| * Improvement Proposal 340 "Schnorr Signatures for secp256k1" | |||||
| * (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). | |||||
| * | |||||
| * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of | |||||
| * auxiliary random data as defined in BIP-340. If the data pointer is NULL, | |||||
| * schnorrsig_sign does not produce BIP-340 compliant signatures. The algo16 | |||||
| * argument must be non-NULL, otherwise the function will fail and return 0. | |||||
| * The hash will be tagged with algo16 after removing all terminating null | |||||
| * bytes. Therefore, to create BIP-340 compliant signatures, algo16 must be set | |||||
| * to "BIP0340/nonce\0\0\0" | |||||
| */ | |||||
| SECP256K1_API extern const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340; | |||||
| #ifdef __cplusplus | #ifdef __cplusplus | ||||
| } | } | ||||
| #endif | #endif | ||||
| #endif /* SECP256K1_SCHNORRSIG_H */ | #endif /* SECP256K1_SCHNORRSIG_H */ | ||||