Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/secp256k1.c
Show First 20 Lines • Show All 416 Lines • ▼ Show 20 Lines | if (sigout != NULL) { | ||||
secp256k1_scalar_negate(&s, &s); | secp256k1_scalar_negate(&s, &s); | ||||
} | } | ||||
secp256k1_ecdsa_signature_save(sigout, &r, &s); | secp256k1_ecdsa_signature_save(sigout, &r, &s); | ||||
} | } | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { | int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) { | ||||
secp256k1_ge q; | secp256k1_ge q; | ||||
secp256k1_scalar r, s; | secp256k1_scalar r, s; | ||||
secp256k1_scalar m; | secp256k1_scalar m; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ||||
ARG_CHECK(msg32 != NULL); | ARG_CHECK(msghash32 != NULL); | ||||
ARG_CHECK(sig != NULL); | ARG_CHECK(sig != NULL); | ||||
ARG_CHECK(pubkey != NULL); | ARG_CHECK(pubkey != NULL); | ||||
secp256k1_scalar_set_b32(&m, msg32, NULL); | secp256k1_scalar_set_b32(&m, msghash32, NULL); | ||||
secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); | secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); | ||||
return (!secp256k1_scalar_is_high(&s) && | return (!secp256k1_scalar_is_high(&s) && | ||||
secp256k1_pubkey_load(ctx, &q, pubkey) && | secp256k1_pubkey_load(ctx, &q, pubkey) && | ||||
secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); | secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); | ||||
} | } | ||||
static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { | static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { | ||||
memcpy(buf + *offset, data, len); | memcpy(buf + *offset, data, len); | ||||
▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | static int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const unsigned char algo16[17], const void* noncedata) { | ||||
secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret); | secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret); | ||||
if (recid) { | if (recid) { | ||||
const int zero = 0; | const int zero = 0; | ||||
secp256k1_int_cmov(recid, &zero, !ret); | secp256k1_int_cmov(recid, &zero, !ret); | ||||
} | } | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { | int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { | ||||
secp256k1_scalar r, s; | secp256k1_scalar r, s; | ||||
int ret; | int ret; | ||||
const unsigned char secp256k1_ecdsa_der_algo16[17] = "ECDSA+DER "; | const unsigned char secp256k1_ecdsa_der_algo16[17] = "ECDSA+DER "; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); | ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); | ||||
ARG_CHECK(msg32 != NULL); | ARG_CHECK(msghash32 != NULL); | ||||
ARG_CHECK(signature != NULL); | ARG_CHECK(signature != NULL); | ||||
ARG_CHECK(seckey != NULL); | ARG_CHECK(seckey != NULL); | ||||
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, secp256k1_ecdsa_der_algo16, noncedata); | ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, secp256k1_ecdsa_der_algo16, noncedata); | ||||
secp256k1_ecdsa_signature_save(signature, &r, &s); | secp256k1_ecdsa_signature_save(signature, &r, &s); | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { | int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { | ||||
secp256k1_scalar sec; | secp256k1_scalar sec; | ||||
int ret; | int ret; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
▲ Show 20 Lines • Show All 64 Lines • ▼ Show 20 Lines | int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) { | ||||
if (ret) { | if (ret) { | ||||
secp256k1_ge_neg(&p, &p); | secp256k1_ge_neg(&p, &p); | ||||
secp256k1_pubkey_save(pubkey, &p); | secp256k1_pubkey_save(pubkey, &p); | ||||
} | } | ||||
return ret; | return ret; | ||||
} | } | ||||
static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak) { | static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak32) { | ||||
secp256k1_scalar term; | secp256k1_scalar term; | ||||
int overflow = 0; | int overflow = 0; | ||||
int ret = 0; | int ret = 0; | ||||
secp256k1_scalar_set_b32(&term, tweak, &overflow); | secp256k1_scalar_set_b32(&term, tweak32, &overflow); | ||||
ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term); | ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term); | ||||
secp256k1_scalar_clear(&term); | secp256k1_scalar_clear(&term); | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { | int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { | ||||
secp256k1_scalar sec; | secp256k1_scalar sec; | ||||
int ret = 0; | int ret = 0; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(seckey != NULL); | ARG_CHECK(seckey != NULL); | ||||
ARG_CHECK(tweak != NULL); | ARG_CHECK(tweak32 != NULL); | ||||
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); | ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); | ||||
ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak); | ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak32); | ||||
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); | secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); | ||||
secp256k1_scalar_get_b32(seckey, &sec); | secp256k1_scalar_get_b32(seckey, &sec); | ||||
secp256k1_scalar_clear(&sec); | secp256k1_scalar_clear(&sec); | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { | int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { | ||||
return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak); | return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak32); | ||||
} | } | ||||
static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak) { | static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak32) { | ||||
secp256k1_scalar term; | secp256k1_scalar term; | ||||
int overflow = 0; | int overflow = 0; | ||||
secp256k1_scalar_set_b32(&term, tweak, &overflow); | secp256k1_scalar_set_b32(&term, tweak32, &overflow); | ||||
return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); | return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); | ||||
} | } | ||||
int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { | int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) { | ||||
secp256k1_ge p; | secp256k1_ge p; | ||||
int ret = 0; | int ret = 0; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ||||
ARG_CHECK(pubkey != NULL); | ARG_CHECK(pubkey != NULL); | ||||
ARG_CHECK(tweak != NULL); | ARG_CHECK(tweak32 != NULL); | ||||
ret = secp256k1_pubkey_load(ctx, &p, pubkey); | ret = secp256k1_pubkey_load(ctx, &p, pubkey); | ||||
memset(pubkey, 0, sizeof(*pubkey)); | memset(pubkey, 0, sizeof(*pubkey)); | ||||
ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak); | ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak32); | ||||
if (ret) { | if (ret) { | ||||
secp256k1_pubkey_save(pubkey, &p); | secp256k1_pubkey_save(pubkey, &p); | ||||
} | } | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { | int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { | ||||
secp256k1_scalar factor; | secp256k1_scalar factor; | ||||
secp256k1_scalar sec; | secp256k1_scalar sec; | ||||
int ret = 0; | int ret = 0; | ||||
int overflow = 0; | int overflow = 0; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(seckey != NULL); | ARG_CHECK(seckey != NULL); | ||||
ARG_CHECK(tweak != NULL); | ARG_CHECK(tweak32 != NULL); | ||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow); | secp256k1_scalar_set_b32(&factor, tweak32, &overflow); | ||||
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); | ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); | ||||
ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor); | ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor); | ||||
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); | secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); | ||||
secp256k1_scalar_get_b32(seckey, &sec); | secp256k1_scalar_get_b32(seckey, &sec); | ||||
secp256k1_scalar_clear(&sec); | secp256k1_scalar_clear(&sec); | ||||
secp256k1_scalar_clear(&factor); | secp256k1_scalar_clear(&factor); | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { | int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { | ||||
return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak); | return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak32); | ||||
} | } | ||||
int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { | int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) { | ||||
secp256k1_ge p; | secp256k1_ge p; | ||||
secp256k1_scalar factor; | secp256k1_scalar factor; | ||||
int ret = 0; | int ret = 0; | ||||
int overflow = 0; | int overflow = 0; | ||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | ||||
ARG_CHECK(pubkey != NULL); | ARG_CHECK(pubkey != NULL); | ||||
ARG_CHECK(tweak != NULL); | ARG_CHECK(tweak32 != NULL); | ||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow); | secp256k1_scalar_set_b32(&factor, tweak32, &overflow); | ||||
ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); | ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); | ||||
memset(pubkey, 0, sizeof(*pubkey)); | memset(pubkey, 0, sizeof(*pubkey)); | ||||
if (ret) { | if (ret) { | ||||
if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { | if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { | ||||
secp256k1_pubkey_save(pubkey, &p); | secp256k1_pubkey_save(pubkey, &p); | ||||
} else { | } else { | ||||
ret = 0; | ret = 0; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 60 Lines • Show Last 20 Lines |