Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/include/secp256k1_schnorrsig.h
#ifndef SECP256K1_SCHNORRSIG_H | #ifndef SECP256K1_SCHNORRSIG_H | ||||
#define SECP256K1_SCHNORRSIG_H | #define SECP256K1_SCHNORRSIG_H | ||||
#include "secp256k1.h" | #include "secp256k1.h" | ||||
#include "secp256k1_extrakeys.h" | #include "secp256k1_extrakeys.h" | ||||
#ifdef __cplusplus | #ifdef __cplusplus | ||||
extern "C" { | extern "C" { | ||||
#endif | #endif | ||||
/* TODO */ | /** This module implements a variant of Schnorr signatures compliant with | ||||
* Bitcoin Improvement Proposal 340 "Schnorr Signatures for secp256k1" | |||||
* (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). | |||||
*/ | |||||
/** A pointer to a function to deterministically generate a nonce. | |||||
* | |||||
* Same as secp256k1_nonce function with the exception of accepting an | |||||
* additional pubkey argument and not requiring an attempt argument. The pubkey | |||||
* argument can protect signature schemes with key-prefixed challenge hash | |||||
* inputs against reusing the nonce when signing with the wrong precomputed | |||||
* pubkey. | |||||
* | |||||
* Returns: 1 if a nonce was successfully generated. 0 will cause signing to | |||||
* return an error. | |||||
* Out: nonce32: pointer to a 32-byte array to be filled by the function. | |||||
* In: msg32: the 32-byte message hash being verified (will not be NULL) | |||||
* key32: pointer to a 32-byte secret key (will not be NULL) | |||||
* xonly_pk32: the 32-byte serialized xonly pubkey corresponding to key32 | |||||
* (will not be NULL) | |||||
* algo16: pointer to a 16-byte array describing the signature | |||||
* algorithm (will not be NULL). | |||||
* data: Arbitrary data pointer that is passed through. | |||||
* | |||||
* Except for test cases, this function should compute some cryptographic hash of | |||||
* the message, the key, the pubkey, the algorithm description, and data. | |||||
*/ | |||||
typedef int (*secp256k1_nonce_function_hardened)( | |||||
unsigned char *nonce32, | |||||
const unsigned char *msg32, | |||||
const unsigned char *key32, | |||||
const unsigned char *xonly_pk32, | |||||
const unsigned char *algo16, | |||||
void *data | |||||
); | |||||
/** An implementation of the nonce generation function as defined in Bitcoin | |||||
* Improvement Proposal 340 "Schnorr Signatures for secp256k1" | |||||
* (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). | |||||
* | |||||
* If a data pointer is passed, it is assumed to be a pointer to 32 bytes of | |||||
* auxiliary random data as defined in BIP-340. If the data pointer is NULL, | |||||
* schnorrsig_sign does not produce BIP-340 compliant signatures. The algo16 | |||||
* argument must be non-NULL, otherwise the function will fail and return 0. | |||||
* The hash will be tagged with algo16 after removing all terminating null | |||||
* bytes. Therefore, to create BIP-340 compliant signatures, algo16 must be set | |||||
* to "BIP0340/nonce\0\0\0" | |||||
*/ | |||||
SECP256K1_API extern const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340; | |||||
#ifdef __cplusplus | #ifdef __cplusplus | ||||
} | } | ||||
#endif | #endif | ||||
#endif /* SECP256K1_SCHNORRSIG_H */ | #endif /* SECP256K1_SCHNORRSIG_H */ |