Changeset View
Standalone View
src/secp256k1/src/modules/schnorr/main_impl.h
- This file was added.
Property | Old Value | New Value |
---|---|---|
File Mode | null | 100755 |
/********************************************************************** | |||||
* Copyright (c) 2017 Amaury Séchet * | |||||
* Distributed under the MIT software license, see the accompanying * | |||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.* | |||||
**********************************************************************/ | |||||
#ifndef SECP256K1_MODULE_SCHNORR_MAIN | |||||
#define SECP256K1_MODULE_SCHNORR_MAIN | |||||
#include "include/secp256k1_schnorr.h" | |||||
#include "modules/schnorr/schnorr_impl.h" | |||||
int secp256k1_schnorr_verify(const secp256k1_context* ctx, const unsigned char *sig64, const unsigned char *msg32, const secp256k1_pubkey *pubkey) { | |||||
Fabien: Could you please format this on multiple lines ? clang-format does not proceed on secp256k1 lib | |||||
secp256k1_ge q; | |||||
VERIFY_CHECK(ctx != NULL); | |||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | |||||
ARG_CHECK(msg32 != NULL); | |||||
ARG_CHECK(sig64 != NULL); | |||||
ARG_CHECK(pubkey != NULL); | |||||
secp256k1_pubkey_load(ctx, &q, pubkey); | |||||
return secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &q, msg32); | |||||
} | |||||
int secp256k1_schnorr_sign( | |||||
const secp256k1_context *ctx, | |||||
unsigned char *sig64, | |||||
const unsigned char *msg32, | |||||
const unsigned char *seckey, | |||||
const secp256k1_pubkey *pubkey, | |||||
markblundebergUnsubmitted Not Done Inline ActionsRedundant? Can generate pubkey from seckey, and then have same function signature as secp256k1_ecdsa_sign. markblundeberg: Redundant? Can generate pubkey from seckey, and then have same function signature as… | |||||
deadalnixAuthorUnsubmitted Done Inline ActionsOk. deadalnix: Ok. | |||||
jasonbcoxUnsubmitted Not Done Inline Actions+1 I think reducing the public API to it's simplest form is important for reducing any potential attack surface. jasonbcox: +1 I think reducing the public API to it's simplest form is important for reducing any… | |||||
deadalnixAuthorUnsubmitted Done Inline ActionsECDSA doesn't need the pubkey for signing, so that wouldn't make sense to pass it. The comment on attack surface makes no sense to me. The public key is public anyways, so in what case can I attack anything using the public key ? deadalnix: ECDSA doesn't need the pubkey for signing, so that wouldn't make sense to pass it. The comment… | |||||
jasonbcoxUnsubmitted Not Done Inline ActionsI'm referring to the attack surface of the API itself, not the use of the public key. If you derive the public key from the private key that's provided, the attack surface is reduced by removing the case of providing a mismatching pub-priv keypair. jasonbcox: I'm referring to the attack surface of the API itself, not the use of the public key. If you… | |||||
markblundebergUnsubmitted Not Done Inline ActionsRegardless of attacks, it looks like it is not helpful to have pubkey argument in the first place:
Is the reason to keep this pubkey argument because of the speedup for other hypothetical codebases, or am I missing something? If so, it would be even more optimized to require the pubkey to be passed in compressed form (unsigned char * type, instead of secp256k1_pubkey * type). markblundeberg: Regardless of attacks, it looks like it is not helpful to have pubkey argument in the first… | |||||
secp256k1_nonce_function noncefp, | |||||
const void *ndata | |||||
) { | |||||
secp256k1_scalar sec, non; | |||||
secp256k1_ge p; | |||||
int ret = 0; | |||||
VERIFY_CHECK(ctx != NULL); | |||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); | |||||
ARG_CHECK(msg32 != NULL); | |||||
ARG_CHECK(sig64 != NULL); | |||||
ARG_CHECK(seckey != NULL); | |||||
ARG_CHECK(pubkey != NULL); | |||||
if (!secp256k1_schnorr_sig_generate_k(&non, msg32, seckey, noncefp, ndata)) { | |||||
return 0; | |||||
} | |||||
secp256k1_pubkey_load(ctx, &p, pubkey); | |||||
secp256k1_scalar_set_b32(&sec, seckey, NULL); | |||||
ret = secp256k1_schnorr_sig_sign(&ctx->ecmult_gen_ctx, sig64, &sec, &p, &non, msg32); | |||||
if (!ret) { | |||||
memset(sig64, 0, 64); | |||||
} | |||||
secp256k1_scalar_clear(&non); | |||||
secp256k1_scalar_clear(&sec); | |||||
return ret; | |||||
} | |||||
#endif |
Could you please format this on multiple lines ? clang-format does not proceed on secp256k1 lib