Page MenuHomePhabricator
Differential D9376 Diff 28103 src/secp256k1/src/secp256k1.c

Changeset View

Standalone View

View Options

src/secp256k1/src/secp256k1.c

Show First 20 LinesShow All 416 Lines▼ Show 20 Lines if (sigout != NULL) {
secp256k1_scalar_negate(&s, &s); secp256k1_scalar_negate(&s, &s);
} }
secp256k1_ecdsa_signature_save(sigout, &r, &s); secp256k1_ecdsa_signature_save(sigout, &r, &s);
} }
return ret; return ret;
} }
int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) {
secp256k1_ge q; secp256k1_ge q;
secp256k1_scalar r, s; secp256k1_scalar r, s;
secp256k1_scalar m; secp256k1_scalar m;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
ARG_CHECK(msg32 != NULL); ARG_CHECK(msghash32 != NULL);
ARG_CHECK(sig != NULL); ARG_CHECK(sig != NULL);
ARG_CHECK(pubkey != NULL); ARG_CHECK(pubkey != NULL);
secp256k1_scalar_set_b32(&m, msg32, NULL); secp256k1_scalar_set_b32(&m, msghash32, NULL);
secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); secp256k1_ecdsa_signature_load(ctx, &r, &s, sig);
return (!secp256k1_scalar_is_high(&s) && return (!secp256k1_scalar_is_high(&s) &&
secp256k1_pubkey_load(ctx, &q, pubkey) && secp256k1_pubkey_load(ctx, &q, pubkey) &&
secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m));
} }
static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) {
memcpy(buf + *offset, data, len); memcpy(buf + *offset, data, len);
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Linesstatic int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const unsigned char algo16[17], const void* noncedata) {
secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret); secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret);
if (recid) { if (recid) {
const int zero = 0; const int zero = 0;
secp256k1_int_cmov(recid, &zero, !ret); secp256k1_int_cmov(recid, &zero, !ret);
} }
return ret; return ret;
} }
int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
secp256k1_scalar r, s; secp256k1_scalar r, s;
int ret; int ret;
const unsigned char secp256k1_ecdsa_der_algo16[17] = "ECDSA+DER "; const unsigned char secp256k1_ecdsa_der_algo16[17] = "ECDSA+DER ";
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
ARG_CHECK(msg32 != NULL); ARG_CHECK(msghash32 != NULL);
ARG_CHECK(signature != NULL); ARG_CHECK(signature != NULL);
ARG_CHECK(seckey != NULL); ARG_CHECK(seckey != NULL);
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, secp256k1_ecdsa_der_algo16, noncedata); ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, secp256k1_ecdsa_der_algo16, noncedata);
secp256k1_ecdsa_signature_save(signature, &r, &s); secp256k1_ecdsa_signature_save(signature, &r, &s);
return ret; return ret;
} }
int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) {
secp256k1_scalar sec; secp256k1_scalar sec;
int ret; int ret;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Linesint secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) {
if (ret) { if (ret) {
secp256k1_ge_neg(&p, &p); secp256k1_ge_neg(&p, &p);
secp256k1_pubkey_save(pubkey, &p); secp256k1_pubkey_save(pubkey, &p);
} }
return ret; return ret;
} }
static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak) { static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak32) {
secp256k1_scalar term; secp256k1_scalar term;
int overflow = 0; int overflow = 0;
int ret = 0; int ret = 0;
secp256k1_scalar_set_b32(&term, tweak, &overflow); secp256k1_scalar_set_b32(&term, tweak32, &overflow);
ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term); ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term);
secp256k1_scalar_clear(&term); secp256k1_scalar_clear(&term);
return ret; return ret;
} }
int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
secp256k1_scalar sec; secp256k1_scalar sec;
int ret = 0; int ret = 0;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(seckey != NULL); ARG_CHECK(seckey != NULL);
ARG_CHECK(tweak != NULL); ARG_CHECK(tweak32 != NULL);
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak); ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak32);
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
secp256k1_scalar_get_b32(seckey, &sec); secp256k1_scalar_get_b32(seckey, &sec);
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
return ret; return ret;
} }
int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak); return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak32);
} }
static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak) { static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak32) {
secp256k1_scalar term; secp256k1_scalar term;
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_b32(&term, tweak, &overflow); secp256k1_scalar_set_b32(&term, tweak32, &overflow);
return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term);
} }
int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) {
secp256k1_ge p; secp256k1_ge p;
int ret = 0; int ret = 0;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
ARG_CHECK(pubkey != NULL); ARG_CHECK(pubkey != NULL);
ARG_CHECK(tweak != NULL); ARG_CHECK(tweak32 != NULL);
ret = secp256k1_pubkey_load(ctx, &p, pubkey); ret = secp256k1_pubkey_load(ctx, &p, pubkey);
memset(pubkey, 0, sizeof(*pubkey)); memset(pubkey, 0, sizeof(*pubkey));
ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak); ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak32);
if (ret) { if (ret) {
secp256k1_pubkey_save(pubkey, &p); secp256k1_pubkey_save(pubkey, &p);
} }
return ret; return ret;
} }
int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
secp256k1_scalar factor; secp256k1_scalar factor;
secp256k1_scalar sec; secp256k1_scalar sec;
int ret = 0; int ret = 0;
int overflow = 0; int overflow = 0;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(seckey != NULL); ARG_CHECK(seckey != NULL);
ARG_CHECK(tweak != NULL); ARG_CHECK(tweak32 != NULL);
secp256k1_scalar_set_b32(&factor, tweak, &overflow); secp256k1_scalar_set_b32(&factor, tweak32, &overflow);
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor); ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor);
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
secp256k1_scalar_get_b32(seckey, &sec); secp256k1_scalar_get_b32(seckey, &sec);
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
secp256k1_scalar_clear(&factor); secp256k1_scalar_clear(&factor);
return ret; return ret;
} }
int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak); return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak32);
} }
int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) { int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) {
secp256k1_ge p; secp256k1_ge p;
secp256k1_scalar factor; secp256k1_scalar factor;
int ret = 0; int ret = 0;
int overflow = 0; int overflow = 0;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
ARG_CHECK(pubkey != NULL); ARG_CHECK(pubkey != NULL);
ARG_CHECK(tweak != NULL); ARG_CHECK(tweak32 != NULL);
secp256k1_scalar_set_b32(&factor, tweak, &overflow); secp256k1_scalar_set_b32(&factor, tweak32, &overflow);
ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey);
memset(pubkey, 0, sizeof(*pubkey)); memset(pubkey, 0, sizeof(*pubkey));
if (ret) { if (ret) {
if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) {
secp256k1_pubkey_save(pubkey, &p); secp256k1_pubkey_save(pubkey, &p);
} else { } else {
ret = 0; ret = 0;
} }
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines