mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-11 11:16:09 -05:00
9d47e7b71b
21ffe4b22a Merge bitcoin-core/secp256k1#1055: Prepare initial release e025ccdf74 release: prepare for initial release 0.2.0 6d1784a2e2 build: add missing files to EXTRA_DIST 8c949f56da Merge bitcoin-core/secp256k1#1173: Don't use compute credits for now 13bf1b6b32 changelog: make order of change types match keepachangelog.com b1f992a552 doc: improve release process 7e5b22684f Don't use compute credits for now ad39e2dc41 build: change package version to 0.1.0-dev 5c789dcd73 Merge bitcoin-core/secp256k1#1168: Replace deprecated context flags with NONE in benchmarks and tests d6dc0f4ae3 tests: Switch to NONE contexts in module tests 0c8a5caddd tests: Switch to NONE contexts in tests.c 86540e9e1f tests: add test for deprecated flags and rm them from run_context caa0ad631e group: add gej_eq_var 37ba744f5b tests: Switch to NONE contexts in exhaustive and ctime tests 8d7a9a8eda benchmarks: Switch to NONE contexts 90618e9263 doc: move CHANGELOG from doc/ to root directory e3f84777eb Merge bitcoin-core/secp256k1#1126: API cleanup with respect to contexts 4386a2306c examples: Switch to NONE contexts 7289b51d31 docs: Use doxygen style if and only if comment is user-facing e7d0185c90 docs: Get rid of "initialized for signing" terminology 06126364ad docs: Tidy and improve docs about contexts and randomization e02d6862bd selftest: Expose in public API e383fbfa66 selftest: Rename internal function to make name available for API d2c6d48de3 tests: Use new name of static context 53796d2b24 contexts: Rename static context 72fedf8a6c docs: Improve docs for static context 316ac7625a contexts: Deprecate all context flags except SECP256K1_CONTEXT_NONE 477f02c4de Merge bitcoin-core/secp256k1#1165: gitignore: Add *.sage.py files autogenerated by sage [skip ci] 092be61c5e gitignore: Add *.sage.py files autogenerated by sage 1a553ee8be docs: Change signature "validation" to "verification" ee7341fbac docs: Never require a verification context 751c4354d5 Merge bitcoin-core/secp256k1#1152: Update macOS image for CI 2286f80902 Merge bitcoin-core/secp256k1#993: Enable non-experimental modules by default e40fd277b7 Merge bitcoin-core/secp256k1#1156: Followups to int128_struct arithmetic 99bd335599 Make int128 overflow test use secp256k1_[ui]128_mul a8494b02bf Use compute credits for macOS jobs 3afce0af7c Avoid signed overflow in MSVC AMR64 secp256k1_mul128 c0ae48c995 Update macOS image for CI 9b5f589d30 Heuristically decide whether to use int128_struct 63ff064d2f int128: Add test override for testing __(u)mulh on MSVC X64 f2b7e88768 Add int128 randomized tests 6138d73be4 Merge bitcoin-core/secp256k1#1155: Add MSan CI jobs ddf2b2910e Merge bitcoin-core/secp256k1#1000: Synthetic int128 type. 86e3b38a4a Merge bitcoin-core/secp256k1#1149: Remove usage of CHECK from non-test file 00a42b91b3 Add MSan CI job 44916ae915 Merge bitcoin-core/secp256k1#1147: ci: print env to allow reproducing the job outside of CI c2ee9175e9 Merge bitcoin-core/secp256k1#1146: ci: prevent "-v/--version: not found" irrelevant error e13fae487e Merge bitcoin-core/secp256k1#1150: ci: always cat test_env.log a340d9500a ci: add int128_struct tests dceaa1f579 int128: Tidy #includes of int128.h and int128_impl.h 2914bccbc0 Simulated int128 type. 6a965b6b98 Remove usage of CHECK from non-test file 5c9f1a5c37 ci: always cat all logs_snippets 49ae843592 ci: mostly prevent "-v/--version: not found" irrelevant error 4e54c03153 ci: print env to allow reproducing the job outside of CI a43e982bca Merge bitcoin-core/secp256k1#1144: Cleanup `.gitignore` file f5039cb66c Cleanup `.gitignore` file 798727ae1e Revert "Add test logs to gitignore" 41e8704b48 build: Enable some modules by default 694ce8fb2d Merge bitcoin-core/secp256k1#1131: readme: Misc improvements 88b00897e7 readme: Fix line break 78f5296da4 readme: Sell "no runtime dependencies" ef48f088ad readme: Add IRC channel 9f8a13dc8e Merge bitcoin-core/secp256k1#1128: configure: Remove pkgconfig macros again (reintroduced by mismerge) cabe085bb4 configure: Remove pkgconfig macros again (reintroduced by mismerge) 3efeb9da21 Merge bitcoin-core/secp256k1#1121: config: Set preprocessor defaults for ECMULT_* config values 6a873cc4a9 Merge bitcoin-core/secp256k1#1122: tests: Randomize the context with probability 15/16 instead of 1/4 17065f48ae tests: Randomize the context with probability 15/16 instead of 1/4 c27ae45144 config: Remove basic-config.h da6514a04a config: Introduce DEBUG_CONFIG macro for debug output of config 63a3565e97 Merge bitcoin-core/secp256k1#1120: ecmult_gen: Skip RNG when creating blinding if no seed is available d0cf55e13a config: Set preprocessor defaults for ECMULT_* config values 55f8bc99dc ecmult_gen: Improve comments about projective blinding 7a86955800 ecmult_gen: Simplify code (no observable change) 4cc0b1b669 ecmult_gen: Skip RNG when creating blinding if no seed is available af65d30cc8 Merge bitcoin-core/secp256k1#1116: build: Fix #include "..." paths to get rid of further -I arguments 40a3473a9d build: Fix #include "..." paths to get rid of further -I arguments 43756da819 Merge bitcoin-core/secp256k1#1115: Fix sepc256k1 -> secp256k1 typo in group.h 069aba8125 Fix sepc256k1 -> secp256k1 typo in group.h accadc94df Merge bitcoin-core/secp256k1#1114: `_scratch_destroy`: move `VERIFY_CHECK` after invalid scrach space check cd47033335 Merge bitcoin-core/secp256k1#1084: ci: Add MSVC builds 1827c9bf2b scratch_destroy: move VERIFY_CHECK after invalid scrach space check 49e2acd927 configure: Improve rationale for WERROR_CFLAGS 8dc4b03341 ci: Add a C++ job that compiles the public headers without -fpermissive 51f296a46c ci: Run persistent wineserver to speed up wine 3fb3269c22 ci: Add 32-bit MinGW64 build 9efc2e5221 ci: Add MSVC builds 2be6ba0fed configure: Convince autotools to work with MSVC's archiver lib.exe bd81f4140a schnorrsig bench: Suppress a stupid warning in MSVC 09f3d71c51 configure: Add a few CFLAGS for MSVC 3b4f3d0d46 build: Reject C++ compilers in the preprocessor 1cc0941414 configure: Don't abort if the compiler does not define __STDC__ cca8cbbac8 configure: Output message when checking for valgrind 1a6be5745f bench: Make benchmarks compile on MSVC git-subtree-dir: src/secp256k1 git-subtree-split: 21ffe4b22a9683cf24ae0763359e401d1284cc7a
249 lines
11 KiB
C
249 lines
11 KiB
C
#ifndef SECP256K1_EXTRAKEYS_H
|
|
#define SECP256K1_EXTRAKEYS_H
|
|
|
|
#include "secp256k1.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Opaque data structure that holds a parsed and valid "x-only" public key.
|
|
* An x-only pubkey encodes a point whose Y coordinate is even. It is
|
|
* serialized using only its X coordinate (32 bytes). See BIP-340 for more
|
|
* information about x-only pubkeys.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
|
|
* If you need to convert to a format suitable for storage, transmission, use
|
|
* use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To
|
|
* compare keys, use secp256k1_xonly_pubkey_cmp.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[64];
|
|
} secp256k1_xonly_pubkey;
|
|
|
|
/** Opaque data structure that holds a keypair consisting of a secret and a
|
|
* public key.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[96];
|
|
} secp256k1_keypair;
|
|
|
|
/** Parse a 32-byte sequence into a xonly_pubkey object.
|
|
*
|
|
* Returns: 1 if the public key was fully valid.
|
|
* 0 if the public key could not be parsed or is invalid.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
|
|
* parsed version of input. If not, it's set to an invalid value.
|
|
* In: input32: pointer to a serialized xonly_pubkey.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey* pubkey,
|
|
const unsigned char *input32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Serialize an xonly_pubkey object into a 32-byte sequence.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: output32: a pointer to a 32-byte array to place the serialized key in.
|
|
* In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an initialized public key.
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_serialize(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *output32,
|
|
const secp256k1_xonly_pubkey* pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Compare two x-only public keys using lexicographic order
|
|
*
|
|
* Returns: <0 if the first public key is less than the second
|
|
* >0 if the first public key is greater than the second
|
|
* 0 if the two public keys are equal
|
|
* Args: ctx: a secp256k1 context object.
|
|
* In: pubkey1: first public key to compare
|
|
* pubkey2: second public key to compare
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_cmp(
|
|
const secp256k1_context* ctx,
|
|
const secp256k1_xonly_pubkey* pk1,
|
|
const secp256k1_xonly_pubkey* pk2
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: xonly_pubkey: pointer to an x-only public key object for placing the converted public key.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that
|
|
* will be set to 1 if the point encoded by xonly_pubkey is
|
|
* the negation of the pubkey and set to 0 otherwise.
|
|
* In: pubkey: pointer to a public key that is converted.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *xonly_pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_pubkey *pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak an x-only public key by adding the generator multiplied with tweak32
|
|
* to it.
|
|
*
|
|
* Note that the resulting point can not in general be represented by an x-only
|
|
* pubkey because it may have an odd Y coordinate. Instead, the output_pubkey
|
|
* is a normal secp256k1_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting public key would be
|
|
* invalid (only when the tweak is the negation of the corresponding
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: output_pubkey: pointer to a public key to store the result. Will be set
|
|
* to an invalid value if this function returns 0.
|
|
* In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak. If the tweak is invalid
|
|
* according to secp256k1_ec_seckey_verify, this function
|
|
* returns 0. For uniformly random 32-byte arrays the
|
|
* chance of being invalid is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *output_pubkey,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Checks that a tweaked pubkey is the result of calling
|
|
* secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.
|
|
*
|
|
* The tweaked pubkey is represented by its 32-byte x-only serialization and
|
|
* its pk_parity, which can both be obtained by converting the result of
|
|
* tweak_add to a secp256k1_xonly_pubkey.
|
|
*
|
|
* Note that this alone does _not_ verify that the tweaked pubkey is a
|
|
* commitment. If the tweak is not chosen in a specific way, the tweaked pubkey
|
|
* can easily be the result of a different internal_pubkey and tweak.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the tweaked pubkey is not the
|
|
* result of tweaking the internal_pubkey with tweak32. 1 otherwise.
|
|
* Args: ctx: pointer to a context object.
|
|
* In: tweaked_pubkey32: pointer to a serialized xonly_pubkey.
|
|
* tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization
|
|
* is passed in as tweaked_pubkey32). This must match the
|
|
* pk_parity value that is returned when calling
|
|
* secp256k1_xonly_pubkey with the tweaked pubkey, or
|
|
* this function will fail.
|
|
* internal_pubkey: pointer to an x-only public key object to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(
|
|
const secp256k1_context* ctx,
|
|
const unsigned char *tweaked_pubkey32,
|
|
int tweaked_pk_parity,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
|
|
|
|
/** Compute the keypair for a secret key.
|
|
*
|
|
* Returns: 1: secret was valid, keypair is ready to use
|
|
* 0: secret was invalid, try again with a different secret
|
|
* Args: ctx: pointer to a context object (not secp256k1_context_static).
|
|
* Out: keypair: pointer to the created keypair.
|
|
* In: seckey: pointer to a 32-byte secret key.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *seckey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the secret key from a keypair.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: seckey: pointer to a 32-byte buffer for the secret key.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *seckey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the public key from a keypair.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to
|
|
* the keypair public key. If not, it's set to an invalid value.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *pubkey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the x-only public key from a keypair.
|
|
*
|
|
* This is the same as calling secp256k1_keypair_pub and then
|
|
* secp256k1_xonly_pubkey_from_pubkey.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set
|
|
* to the keypair public key after converting it to an
|
|
* xonly_pubkey. If not, it's set to an invalid value.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the
|
|
* pk_parity argument of secp256k1_xonly_pubkey_from_pubkey.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak a keypair by adding tweak32 to the secret key and updating the public
|
|
* key accordingly.
|
|
*
|
|
* Calling this function and then secp256k1_keypair_pub results in the same
|
|
* public key as calling secp256k1_keypair_xonly_pub and then
|
|
* secp256k1_xonly_pubkey_tweak_add.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting keypair would be
|
|
* invalid (only when the tweak is the negation of the keypair's
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object.
|
|
* In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to
|
|
* an invalid value if this function returns 0.
|
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according
|
|
* to secp256k1_ec_seckey_verify, this function returns 0. For
|
|
* uniformly random 32-byte arrays the chance of being invalid
|
|
* is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_EXTRAKEYS_H */
|