Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/ecdh/main_impl.h
Show All 26 Lines | |||||
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; | const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; | ||||
int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { | int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { | ||||
int ret = 0; | int ret = 0; | ||||
int overflow = 0; | int overflow = 0; | ||||
secp256k1_gej res; | secp256k1_gej res; | ||||
secp256k1_ge pt; | secp256k1_ge pt; | ||||
secp256k1_scalar s; | secp256k1_scalar s; | ||||
unsigned char x[32]; | |||||
unsigned char y[32]; | |||||
VERIFY_CHECK(ctx != NULL); | VERIFY_CHECK(ctx != NULL); | ||||
ARG_CHECK(output != NULL); | ARG_CHECK(output != NULL); | ||||
ARG_CHECK(point != NULL); | ARG_CHECK(point != NULL); | ||||
ARG_CHECK(scalar != NULL); | ARG_CHECK(scalar != NULL); | ||||
if (hashfp == NULL) { | if (hashfp == NULL) { | ||||
hashfp = secp256k1_ecdh_hash_function_default; | hashfp = secp256k1_ecdh_hash_function_default; | ||||
} | } | ||||
secp256k1_pubkey_load(ctx, &pt, point); | secp256k1_pubkey_load(ctx, &pt, point); | ||||
secp256k1_scalar_set_b32(&s, scalar, &overflow); | secp256k1_scalar_set_b32(&s, scalar, &overflow); | ||||
if (overflow || secp256k1_scalar_is_zero(&s)) { | |||||
ret = 0; | overflow |= secp256k1_scalar_is_zero(&s); | ||||
} else { | secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow); | ||||
unsigned char x[32]; | |||||
unsigned char y[32]; | |||||
secp256k1_ecmult_const(&res, &pt, &s, 256); | secp256k1_ecmult_const(&res, &pt, &s, 256); | ||||
secp256k1_ge_set_gej(&pt, &res); | secp256k1_ge_set_gej(&pt, &res); | ||||
/* Compute a hash of the point */ | /* Compute a hash of the point */ | ||||
secp256k1_fe_normalize(&pt.x); | secp256k1_fe_normalize(&pt.x); | ||||
secp256k1_fe_normalize(&pt.y); | secp256k1_fe_normalize(&pt.y); | ||||
secp256k1_fe_get_b32(x, &pt.x); | secp256k1_fe_get_b32(x, &pt.x); | ||||
secp256k1_fe_get_b32(y, &pt.y); | secp256k1_fe_get_b32(y, &pt.y); | ||||
ret = hashfp(output, x, y, data); | ret = hashfp(output, x, y, data); | ||||
} | |||||
memset(x, 0, 32); | |||||
memset(y, 0, 32); | |||||
secp256k1_scalar_clear(&s); | secp256k1_scalar_clear(&s); | ||||
return ret; | |||||
return !!ret & !overflow; | |||||
} | } | ||||
#endif /* SECP256K1_MODULE_ECDH_MAIN_H */ | #endif /* SECP256K1_MODULE_ECDH_MAIN_H */ |