Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/schnorr/main_impl.h
Show First 20 Lines • Show All 54 Lines • ▼ Show 20 Lines | ) { | ||||
if (!ret) { | if (!ret) { | ||||
memset(sig64, 0, 64); | memset(sig64, 0, 64); | ||||
} | } | ||||
secp256k1_scalar_clear(&sec); | secp256k1_scalar_clear(&sec); | ||||
return ret; | return ret; | ||||
} | } | ||||
int secp256k1_schnorr_combine_keys( | |||||
const secp256k1_context *ctx, | |||||
unsigned char *C, | |||||
secp256k1_pubkey *combined_pubkey, | |||||
const secp256k1_pubkey *pubkeys, | |||||
const size_t nkeys | |||||
) { | |||||
secp256k1_ge p; | |||||
VERIFY_CHECK(ctx != NULL); | |||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); | |||||
VERIFY_CHECK(C != NULL); | |||||
ARG_CHECK(combined_pubkey != NULL); | |||||
ARG_CHECK(pubkeys != NULL); | |||||
/* We must have at least two key to combine them */ | |||||
ARG_CHECK(nkeys > 1); | |||||
/* But no more than 1 << 31 */ | |||||
ARG_CHECK(nkeys < (size_t)(1 << 31)); | |||||
markblundeberg: Looks like unsigned long int may be better for nkeys. Bizarrely, size_t is allowed to be as… | |||||
FabienUnsubmitted Not Done Inline ActionsThis is likely not the responsibility of the lib, but shouldn't the number of keys be (much) more limited ? Fabien: This is likely not the responsibility of the lib, but shouldn't the number of keys be (much)… | |||||
deadalnixAuthorUnsubmitted Done Inline ActionsIf people want to do it, then good for them. deadalnix: If people want to do it, then good for them. | |||||
if (!secp256k1_schnorr_multisig_compute_c(ctx, C, pubkeys, nkeys)) { | |||||
return 0; | |||||
} | |||||
if (!secp256k1_schnorr_multisig_combine_keys(ctx, &p, C, pubkeys, nkeys)) { | |||||
return 0; | |||||
} | |||||
secp256k1_pubkey_save(combined_pubkey, &p); | |||||
return 1; | |||||
} | |||||
int secp256k1_schnorr_get_partial_key( | |||||
const secp256k1_context *ctx, | |||||
unsigned char *partial_key, | |||||
const unsigned char *C, | |||||
const unsigned char *seckey, | |||||
const secp256k1_pubkey *pubkey | |||||
) { | |||||
secp256k1_scalar sec; | |||||
secp256k1_ge q; | |||||
int ret = 0; | |||||
VERIFY_CHECK(ctx != NULL); | |||||
ARG_CHECK(partial_key != NULL); | |||||
ARG_CHECK(C != NULL); | |||||
ARG_CHECK(seckey != NULL); | |||||
ARG_CHECK(pubkey != NULL); | |||||
secp256k1_pubkey_load(ctx, &q, pubkey); | |||||
secp256k1_scalar_set_b32(&sec, seckey, NULL); | |||||
ret = secp256k1_schnorr_multisig_compute_privkey(&sec, C, &sec, &q); | |||||
if (ret) { | |||||
secp256k1_scalar_get_b32(partial_key, &sec); | |||||
} | |||||
secp256k1_scalar_clear(&sec); | |||||
return ret; | |||||
} | |||||
#endif | #endif |
Looks like unsigned long int may be better for nkeys. Bizarrely, size_t is allowed to be as small as 16 bits, in C99 standard.
https://stackoverflow.com/questions/22514803/maximum-size-of-size-t
(maybe matters if anyone ever throws this into a weird hardware wallet embedded system)