mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-11 11:16:09 -05:00
86dbc4d075
0559fc6e41 Merge bitcoin-core/secp256k1#988: Make signing table fully static 7dfceceea6 build: Remove #undef hack for ASM in the precomputation programs bb36fe9be0 ci: Test `make precomp` d94a37a20c build: Remove CC_FOR_BUILD stuff ad63bb4c29 build: Prebuild and distribute ecmult_gen table ac49361ed0 prealloc: Get rid of manual memory management for prealloc contexts 6573c08f65 ecmult_gen: Tidy precomputed file and save space 5eba83f17c ecmult_gen: Precompute tables for all values of ECMULT_GEN_PREC_BITS 5d0dbef018 Merge bitcoin-core/secp256k1#942: Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. 486205aa68 Merge bitcoin-core/secp256k1#920: Test all ecmult functions with many j*2^i combinations fdb33dd122 refactor: Make PREC_BITS a parameter of ecmult_gen_build_prec_table 5eb519e1f6 ci: reduce TEST_ITERS in memcheck run e2cf77328a Test ecmult functions for all i*2^j for j=0..255 and odd i=1..255. 61ae37c612 Merge bitcoin-core/secp256k1#1022: build: Windows DLL additions 4f01840b82 Merge bitcoin-core/secp256k1#1027: build: Add a check that Valgrind actually supports a host platform 6ad908aa00 Merge bitcoin-core/secp256k1#1008: bench.c: add `--help` option and ci: move env variables 592661c22f ci: move test environment variable declaration to .cirrus.yml dcbe84b841 bench: add --help option to bench. 099bad945e Comment and check a parameter for inf in secp256k1_ecmult_const. 6c0be857f8 Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. a->x and a->y should not be used if the infinity flag is set. 4900227451 Merge bitcoin-core/secp256k1#1025: build: replace backtick command substitution with $() 7c7ce872a5 build: Add a check that Valgrind actually supports a host platform a4875e30a6 refactor: Move default callbacks to util.h 4c94c55bce doc: Remove obsolete hint for valgrind stack size 5106226991 exhaustive_tests: Fix with ecmult_gen table with custom generator e1a76530db refactor: Make generator a parameter of ecmult_gen_create_prec_table 9ad09f6911 refactor: Rename program that generates static ecmult_gen table 8ae18f1ab3 refactor: Rename file that contains static ecmult_gen table 00d2fa116e ecmult_gen: Make code consistent with comment 3b0c2185ea ecmult_gen: Simplify ecmult_gen context after making table static 2b7c7497ef build: replace backtick command substitution with $() 49f608de47 Merge bitcoin-core/secp256k1#1004: ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS c0cd7de6d4 build: add -no-undefined to libtool LDFLAGS fe32a79d35 build: pass win32-dll to LT_INIT 60bf8890df ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS fecf436d53 Merge bitcoin-core/secp256k1#1019: build: don't append valgrind CPPFLAGS if not installed (macOS) 2e5e4b67df Merge bitcoin-core/secp256k1#1020: doc: remove use of <0xa0> "no break space" 812ff5c747 doc: remove use of 0xa0 "no break space" 214042a170 build: don't append valgrind CPPFLAGS if not installed e43ba02cfc refactor: Decouple table generation and ecmult_gen context 22dc2c0a0d ecmult_gen: Move table creation to new file and force static prec 793ad9016a Merge bitcoin-core/secp256k1#1010: doc: Minor fixes in safegcd_implementation.md dc9b6853b7 doc: Minor fixes in safegcd_implementation.md ea5e8a9c47 Merge bitcoin-core/secp256k1#1012: Fix typos 233297579d Fix typos 7006f1b97f Merge bitcoin-core/secp256k1#1011: ci: Enable -g if we set CFLAGS manually 72de1359e9 ci: Enable -g if we set CFLAGS manually 74c34e727b Merge bitcoin-core/secp256k1#1009: refactor: Use (int)&(int) in boolean context to avoid compiler warning 16d132215c refactor: Use (int)&(int) in boolean context to avoid compiler warning c74a7b7e51 Merge bitcoin-core/secp256k1#1007: doc: Replace apoelstra's GPG key by jonasnick's GPG key 3b157c48ed doc: Suggest keys.openpgp.org as keyserver in SECURITY.md 73a7472cd0 doc: Replace apoelstra's GPG key by jonasnick's GPG key 515a5dbd02 Merge bitcoin-core/secp256k1#991: Merge all "external" benchmarks into a single bench binary af6abcb3d0 Make bench support selecting which benchmarks to run 9f56bdf5b9 Merge bench_schnorrsig into bench 3208557ae1 Merge bench_recover into bench 855e18d8a8 Merge bench_ecdh into bench 2a7be678a6 Combine bench_sign and bench_verify into single bench 8fa41201bd Merge bitcoin-core/secp256k1#1002: Make aux_rnd32==NULL behave identical to 0x0000..00. 5324f8942d Make aux_rnd32==NULL behave identical to 0x0000..00. 21c188b3c5 Merge bitcoin-core/secp256k1#943: VERIFY_CHECK precondition for secp256k1_fe_set_int. 3e7b2ea194 Merge bitcoin-core/secp256k1#999: bench_ecmult: improve clarity of output 23e2f66726 bench: don't return 1 in have_flag() if argc = 1 96b1ad2ea9 bench_ecmult: improve clarity of output 20d791edfb Merge bitcoin-core/secp256k1#989: Shared benchmark format for command line and CSV outputs aa1b889b61 Merge bitcoin-core/secp256k1#996: Fix G.y parity in sage code 044d956305 Fix G.y parity in sage code b4b130678d create csv file from the benchmark output 26a255beb6 Shared benchmark format for command line and CSV outputs 9526874d14 Merge bitcoin-core/secp256k1#810: Avoid overly-wide multiplications in 5x52 field mul/sqr 920a0e5fa6 Merge bitcoin-core/secp256k1#952: Avoid computing out-of-bounds pointer. f34b5cae03 Merge bitcoin-core/secp256k1#983: [RFC] Remove OpenSSL testing support 297ce82091 Merge bitcoin-core/secp256k1#966: Make aux_rand32 arg to secp256k1_schnorrsig_sign const 2888640132 VERIFY_CHECK precondition for secp256k1_fe_set_int. d49011f54c Make _set_fe_int( . , 0 ) set magnitude to 0 bc08599e77 Remove OpenSSL testing support 10f9bd84f4 Merge bitcoin-core/secp256k1#987: Fix unused parameter warnings when building without VERIFY 189f6bcfef Fix unused parameter warnings when building without VERIFY da0092bccc Merge bitcoin-core/secp256k1#986: tests: remove `secp256k1_fe_verify` from tests.c and modify `_fe_from_storage` to call `_fe_verify` d43993724d tests: remove `secp256k1_fe_verify` from tests.c and modify `secp256k1_fe_from_storage` to call `secp256k1_fe_verify` 2a3a97c665 Merge bitcoin-core/secp256k1#976: `secp256k1_schnorrsig_sign_internal` should be static aa5d34a8fe Merge bitcoin-core/secp256k1#783: Make the public API docs more consistent and explicit 72713872a8 Add missing static to secp256k1_schnorrsig_sign_internal db4667d5e0 Make aux_rand32 arg to secp256k1_schnorrsig_sign const 9a5a87e0f1 Merge bitcoin-core/secp256k1#956: Replace ecmult_context with a generated static array. 20abd52c2e Add tests for pre_g tables. 6815761cf5 Remove ecmult_context. f20dcbbad1 Correct typo. 16a3cc07e8 Generate ecmult_static_pre_g.h 8de2d86a06 Bump memory limits in advance of making the ecmult context static. d7ec49a689 Merge bitcoin-core/secp256k1#969: ci: Fixes after Debian release 5d5c74a057 tests: Rewrite code to circument potential bug in clang 3d2f492ceb ci: Install libasan6 (instead of 5) after Debian upgrade adec5a1638 Add missing null check for ctx and input keys in the public API f4edfc7581 Improve consistency for NULL arguments in the public interface 9be7b0f083 Avoid computing out-of-bounds pointer. b53e0cd61f Avoid overly-wide multiplications git-subtree-dir: src/secp256k1 git-subtree-split: 0559fc6e41b65af6e52c32eb9b1286494412a162
250 lines
11 KiB
C
250 lines
11 KiB
C
#ifndef SECP256K1_EXTRAKEYS_H
|
|
#define SECP256K1_EXTRAKEYS_H
|
|
|
|
#include "secp256k1.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Opaque data structure that holds a parsed and valid "x-only" public key.
|
|
* An x-only pubkey encodes a point whose Y coordinate is even. It is
|
|
* serialized using only its X coordinate (32 bytes). See BIP-340 for more
|
|
* information about x-only pubkeys.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
|
|
* If you need to convert to a format suitable for storage, transmission, use
|
|
* use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To
|
|
* compare keys, use secp256k1_xonly_pubkey_cmp.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[64];
|
|
} secp256k1_xonly_pubkey;
|
|
|
|
/** Opaque data structure that holds a keypair consisting of a secret and a
|
|
* public key.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[96];
|
|
} secp256k1_keypair;
|
|
|
|
/** Parse a 32-byte sequence into a xonly_pubkey object.
|
|
*
|
|
* Returns: 1 if the public key was fully valid.
|
|
* 0 if the public key could not be parsed or is invalid.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
|
|
* parsed version of input. If not, it's set to an invalid value.
|
|
* In: input32: pointer to a serialized xonly_pubkey.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey* pubkey,
|
|
const unsigned char *input32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Serialize an xonly_pubkey object into a 32-byte sequence.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: output32: a pointer to a 32-byte array to place the serialized key in.
|
|
* In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an initialized public key.
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_serialize(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *output32,
|
|
const secp256k1_xonly_pubkey* pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Compare two x-only public keys using lexicographic order
|
|
*
|
|
* Returns: <0 if the first public key is less than the second
|
|
* >0 if the first public key is greater than the second
|
|
* 0 if the two public keys are equal
|
|
* Args: ctx: a secp256k1 context object.
|
|
* In: pubkey1: first public key to compare
|
|
* pubkey2: second public key to compare
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_cmp(
|
|
const secp256k1_context* ctx,
|
|
const secp256k1_xonly_pubkey* pk1,
|
|
const secp256k1_xonly_pubkey* pk2
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
|
|
*
|
|
* Returns: 1 if the public key was successfully converted
|
|
* 0 otherwise
|
|
*
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: xonly_pubkey: pointer to an x-only public key object for placing the converted public key.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that
|
|
* will be set to 1 if the point encoded by xonly_pubkey is
|
|
* the negation of the pubkey and set to 0 otherwise.
|
|
* In: pubkey: pointer to a public key that is converted.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *xonly_pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_pubkey *pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak an x-only public key by adding the generator multiplied with tweak32
|
|
* to it.
|
|
*
|
|
* Note that the resulting point can not in general be represented by an x-only
|
|
* pubkey because it may have an odd Y coordinate. Instead, the output_pubkey
|
|
* is a normal secp256k1_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting public key would be
|
|
* invalid (only when the tweak is the negation of the corresponding
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* Out: output_pubkey: pointer to a public key to store the result. Will be set
|
|
* to an invalid value if this function returns 0.
|
|
* In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak. If the tweak is invalid
|
|
* according to secp256k1_ec_seckey_verify, this function
|
|
* returns 0. For uniformly random 32-byte arrays the
|
|
* chance of being invalid is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *output_pubkey,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Checks that a tweaked pubkey is the result of calling
|
|
* secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.
|
|
*
|
|
* The tweaked pubkey is represented by its 32-byte x-only serialization and
|
|
* its pk_parity, which can both be obtained by converting the result of
|
|
* tweak_add to a secp256k1_xonly_pubkey.
|
|
*
|
|
* Note that this alone does _not_ verify that the tweaked pubkey is a
|
|
* commitment. If the tweak is not chosen in a specific way, the tweaked pubkey
|
|
* can easily be the result of a different internal_pubkey and tweak.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the tweaked pubkey is not the
|
|
* result of tweaking the internal_pubkey with tweak32. 1 otherwise.
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* In: tweaked_pubkey32: pointer to a serialized xonly_pubkey.
|
|
* tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization
|
|
* is passed in as tweaked_pubkey32). This must match the
|
|
* pk_parity value that is returned when calling
|
|
* secp256k1_xonly_pubkey with the tweaked pubkey, or
|
|
* this function will fail.
|
|
* internal_pubkey: pointer to an x-only public key object to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(
|
|
const secp256k1_context* ctx,
|
|
const unsigned char *tweaked_pubkey32,
|
|
int tweaked_pk_parity,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
|
|
|
|
/** Compute the keypair for a secret key.
|
|
*
|
|
* Returns: 1: secret was valid, keypair is ready to use
|
|
* 0: secret was invalid, try again with a different secret
|
|
* Args: ctx: pointer to a context object, initialized for signing.
|
|
* Out: keypair: pointer to the created keypair.
|
|
* In: seckey: pointer to a 32-byte secret key.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *seckey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the secret key from a keypair.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: seckey: pointer to a 32-byte buffer for the secret key.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *seckey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the public key from a keypair.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to
|
|
* the keypair public key. If not, it's set to an invalid value.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *pubkey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the x-only public key from a keypair.
|
|
*
|
|
* This is the same as calling secp256k1_keypair_pub and then
|
|
* secp256k1_xonly_pubkey_from_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set
|
|
* to the keypair public key after converting it to an
|
|
* xonly_pubkey. If not, it's set to an invalid value.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the
|
|
* pk_parity argument of secp256k1_xonly_pubkey_from_pubkey.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak a keypair by adding tweak32 to the secret key and updating the public
|
|
* key accordingly.
|
|
*
|
|
* Calling this function and then secp256k1_keypair_pub results in the same
|
|
* public key as calling secp256k1_keypair_xonly_pub and then
|
|
* secp256k1_xonly_pubkey_tweak_add.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting keypair would be
|
|
* invalid (only when the tweak is the negation of the keypair's
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to
|
|
* an invalid value if this function returns 0.
|
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according
|
|
* to secp256k1_ec_seckey_verify, this function returns 0. For
|
|
* uniformly random 32-byte arrays the chance of being invalid
|
|
* is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_EXTRAKEYS_H */
|