mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-11 11:16:09 -05:00
c020cbaa5c
be8d9c262f Merge bitcoin-core/secp256k1#965: gen_context: Don't use any ASM aeece44599 gen_context: Don't use any ASM 7688a4f13a Merge bitcoin-core/secp256k1#963: "Schnorrsig API overhaul" fixups 90e83449b2 ci: Add C++ test f698caaff6 Use unsigned char consistently for byte arrays b5b8e7b719 Don't declare constants twice 769528f307 Don't use string literals for char arrays without NUL termination 2cc3cfa583 Fix -Wmissing-braces warning in clang 0440945fb5 Merge #844: schnorrsig API overhaul ec3aaa5014 Merge #960: tests_exhaustive: check the result of secp256k1_ecdsa_sign a1ee83c654 tests_exhaustive: check the result of secp256k1_ecdsa_sign 253f90cdeb Merge bitcoin-core/secp256k1#951: configure: replace AC_PATH_PROG to AC_CHECK_PROG 446d28d9de Merge bitcoin-core/secp256k1#944: Various improvements related to CFLAGS 0302138f75 ci: Make compiler warning into errors on CI b924e1e605 build: Ensure that configure's compile checks default to -O2 7939cd571c build: List *CPPFLAGS before *CFLAGS like on the compiler command line 595e8a35d8 build: Enable -Wcast-align=strict warning 07256267ff build: Use own variable SECP_CFLAGS instead of touching user CFLAGS 4866178dfc Merge bitcoin-core/secp256k1#955: Add random field multiply/square tests 75ce488c2a Merge bitcoin-core/secp256k1#959: tests: really test the non-var scalar inverse 41ed13942b tests: really test the non-var scalar inverse 5f6ceafcfa schnorrsig: allow setting MSGLEN != 32 in benchmark fdd06b7967 schnorrsig: add tests for sign_custom and varlen msg verification d8d806aaf3 schnorrsig: add extra parameter struct for sign_custom a0c3fc177f schnorrsig: allow signing and verification of variable length msgs 5a8e4991ad Add secp256k1_tagged_sha256 as defined in BIP-340 b6c0b72fb0 schnorrsig: remove noncefp args from sign; add sign_custom function bdf19f105c Add random field multiply/square tests 8ae56e33e7 Merge #879: Avoid passing out-of-bound pointers to 0-size memcpy a4642fa15e configure: replace AC_PATH_PROG to AC_CHECK_PROG 1758a92ffd Merge #950: ci: Add ppc64le build c58c4ea470 ci: Add ppc64le build 7973576f6e Merge #662: Add ecmult_gen, ecmult_const and ecmult to benchmark 8f879c2887 Fix array size in bench_ecmult 2fe1b50df1 Add ecmult_gen, ecmult_const and ecmult to benchmark 593e6bad9c Clean up ecmult_bench to make space for more benchmarks 50f3367712 Merge #947: ci: Run PRs on merge result even for i686 a35fdd3478 ci: Run PRs on merge result even for i686 442cee5baf schnorrsig: add algolen argument to nonce_function_hardened df3bfa12c3 schnorrsig: clarify result of calling nonce_function_bip340 without data 99e8614812 README: mention schnorrsig module 3dc8c072b6 Merge #846: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 02dcea1ad9 ci: Make test iterations configurable and tweak for sanitizer builds 489ff5c20a tests: Treat empty SECP2561_TEST_ITERS as if it was unset fcfcb97e74 ci: Simplify to use generic wrapper for QEMU, Valgrind, etc de4157f13a ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 399722a63a Merge #941: Clean up git tree 09b3bb8648 Clean up git tree bf0ac46066 Merge #930: Add ARM32/ARM64 CI 202a030f7d Merge #850: add `secp256k1_ec_pubkey_cmp` method 1e78c18d5b Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards 69394879b6 Merge #926: secp256k1.h: clarify that by default arguments must be != NULL 6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method 0d9561ae87 add `secp256k1_ec_pubkey_cmp` method 22a9ea154a contrib: Explain explicit header guards 6c52ae8724 Merge #937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs. 185a6af227 Merge #925: changed include statements without prefix 'include/' 14c9739a1f tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs 4a19668c37 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs 3c90bdda95 change local lib headers to be relative for those pointing at "include/" dir 45b6468d7e Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. 31c0f6de41 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. dd6c3de322 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. d0bd2693e3 Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM 8bbad7a18e Add asm build to ARM32 CI 7d65ed5214 Add ARM32/ARM64 CI c8483520c9 Makefile.am: Don't pass a variable twice 2161f31785 Makefile.am: Honor config when building gen_context 99f47c20ec gen_context: Don't use external ASM because it complicates the build 98e0358d29 Merge #933: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers 99e2d5be0d Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. 34388af6b6 Merge #922: Add mingw32-w64/wine CI build 7012a188e6 Merge #928: Define SECP256K1_BUILD in secp256k1.c directly. ed5a199bed tests: fopen /dev/urandom in binary mode ae9e648526 Define SECP256K1_BUILD in secp256k1.c directly. 4dc37bf81b Add mingw32-w64/wine CI build 0881633dfd secp256k1.h: clarify that by default arguments must be != NULL 9570f674cc Avoid passing out-of-bound pointers to 0-size memcpy git-subtree-dir: src/secp256k1 git-subtree-split: be8d9c262f46309d9b4165b0498b71d704aba8fe
264 lines
12 KiB
C
264 lines
12 KiB
C
#ifndef SECP256K1_EXTRAKEYS_H
|
|
#define SECP256K1_EXTRAKEYS_H
|
|
|
|
#include "secp256k1.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Opaque data structure that holds a parsed and valid "x-only" public key.
|
|
* An x-only pubkey encodes a point whose Y coordinate is even. It is
|
|
* serialized using only its X coordinate (32 bytes). See BIP-340 for more
|
|
* information about x-only pubkeys.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
|
|
* If you need to convert to a format suitable for storage, transmission, use
|
|
* use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To
|
|
* compare keys, use secp256k1_xonly_pubkey_cmp.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[64];
|
|
} secp256k1_xonly_pubkey;
|
|
|
|
/** Opaque data structure that holds a keypair consisting of a secret and a
|
|
* public key.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[96];
|
|
} secp256k1_keypair;
|
|
|
|
/** Parse a 32-byte sequence into a xonly_pubkey object.
|
|
*
|
|
* Returns: 1 if the public key was fully valid.
|
|
* 0 if the public key could not be parsed or is invalid.
|
|
*
|
|
* Args: ctx: a secp256k1 context object (cannot be NULL).
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
|
|
* parsed version of input. If not, it's set to an invalid value.
|
|
* (cannot be NULL).
|
|
* In: input32: pointer to a serialized xonly_pubkey (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey* pubkey,
|
|
const unsigned char *input32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Serialize an xonly_pubkey object into a 32-byte sequence.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: a secp256k1 context object (cannot be NULL).
|
|
* Out: output32: a pointer to a 32-byte array to place the serialized key in
|
|
* (cannot be NULL).
|
|
* In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an
|
|
* initialized public key (cannot be NULL).
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_serialize(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *output32,
|
|
const secp256k1_xonly_pubkey* pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Compare two x-only public keys using lexicographic order
|
|
*
|
|
* Returns: <0 if the first public key is less than the second
|
|
* >0 if the first public key is greater than the second
|
|
* 0 if the two public keys are equal
|
|
* Args: ctx: a secp256k1 context object.
|
|
* In: pubkey1: first public key to compare
|
|
* pubkey2: second public key to compare
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_cmp(
|
|
const secp256k1_context* ctx,
|
|
const secp256k1_xonly_pubkey* pk1,
|
|
const secp256k1_xonly_pubkey* pk2
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
|
|
*
|
|
* Returns: 1 if the public key was successfully converted
|
|
* 0 otherwise
|
|
*
|
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
|
* Out: xonly_pubkey: pointer to an x-only public key object for placing the
|
|
* converted public key (cannot be NULL)
|
|
* pk_parity: pointer to an integer that will be set to 1 if the point
|
|
* encoded by xonly_pubkey is the negation of the pubkey and
|
|
* set to 0 otherwise. (can be NULL)
|
|
* In: pubkey: pointer to a public key that is converted (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *xonly_pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_pubkey *pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak an x-only public key by adding the generator multiplied with tweak32
|
|
* to it.
|
|
*
|
|
* Note that the resulting point can not in general be represented by an x-only
|
|
* pubkey because it may have an odd Y coordinate. Instead, the output_pubkey
|
|
* is a normal secp256k1_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting public key would be
|
|
* invalid (only when the tweak is the negation of the corresponding
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification
|
|
* (cannot be NULL)
|
|
* Out: output_pubkey: pointer to a public key to store the result. Will be set
|
|
* to an invalid value if this function returns 0 (cannot
|
|
* be NULL)
|
|
* In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to.
|
|
* (cannot be NULL).
|
|
* tweak32: pointer to a 32-byte tweak. If the tweak is invalid
|
|
* according to secp256k1_ec_seckey_verify, this function
|
|
* returns 0. For uniformly random 32-byte arrays the
|
|
* chance of being invalid is negligible (around 1 in
|
|
* 2^128) (cannot be NULL).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *output_pubkey,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Checks that a tweaked pubkey is the result of calling
|
|
* secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.
|
|
*
|
|
* The tweaked pubkey is represented by its 32-byte x-only serialization and
|
|
* its pk_parity, which can both be obtained by converting the result of
|
|
* tweak_add to a secp256k1_xonly_pubkey.
|
|
*
|
|
* Note that this alone does _not_ verify that the tweaked pubkey is a
|
|
* commitment. If the tweak is not chosen in a specific way, the tweaked pubkey
|
|
* can easily be the result of a different internal_pubkey and tweak.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the tweaked pubkey is not the
|
|
* result of tweaking the internal_pubkey with tweak32. 1 otherwise.
|
|
* Args: ctx: pointer to a context object initialized for verification
|
|
* (cannot be NULL)
|
|
* In: tweaked_pubkey32: pointer to a serialized xonly_pubkey (cannot be NULL)
|
|
* tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization
|
|
* is passed in as tweaked_pubkey32). This must match the
|
|
* pk_parity value that is returned when calling
|
|
* secp256k1_xonly_pubkey with the tweaked pubkey, or
|
|
* this function will fail.
|
|
* internal_pubkey: pointer to an x-only public key object to apply the
|
|
* tweak to (cannot be NULL)
|
|
* tweak32: pointer to a 32-byte tweak (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(
|
|
const secp256k1_context* ctx,
|
|
const unsigned char *tweaked_pubkey32,
|
|
int tweaked_pk_parity,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
|
|
|
|
/** Compute the keypair for a secret key.
|
|
*
|
|
* Returns: 1: secret was valid, keypair is ready to use
|
|
* 0: secret was invalid, try again with a different secret
|
|
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
|
|
* Out: keypair: pointer to the created keypair (cannot be NULL)
|
|
* In: seckey: pointer to a 32-byte secret key (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *seckey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the secret key from a keypair.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
|
* Out: seckey: pointer to a 32-byte buffer for the secret key (cannot be NULL)
|
|
* In: keypair: pointer to a keypair (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *seckey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the public key from a keypair.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to
|
|
* the keypair public key. If not, it's set to an invalid value.
|
|
* (cannot be NULL)
|
|
* In: keypair: pointer to a keypair (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *pubkey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the x-only public key from a keypair.
|
|
*
|
|
* This is the same as calling secp256k1_keypair_pub and then
|
|
* secp256k1_xonly_pubkey_from_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
|
* Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set
|
|
* to the keypair public key after converting it to an
|
|
* xonly_pubkey. If not, it's set to an invalid value (cannot be
|
|
* NULL).
|
|
* pk_parity: pointer to an integer that will be set to the pk_parity
|
|
* argument of secp256k1_xonly_pubkey_from_pubkey (can be NULL).
|
|
* In: keypair: pointer to a keypair (cannot be NULL)
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak a keypair by adding tweak32 to the secret key and updating the public
|
|
* key accordingly.
|
|
*
|
|
* Calling this function and then secp256k1_keypair_pub results in the same
|
|
* public key as calling secp256k1_keypair_xonly_pub and then
|
|
* secp256k1_xonly_pubkey_tweak_add.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting keypair would be
|
|
* invalid (only when the tweak is the negation of the keypair's
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification
|
|
* (cannot be NULL)
|
|
* In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to
|
|
* an invalid value if this function returns 0 (cannot be
|
|
* NULL).
|
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according
|
|
* to secp256k1_ec_seckey_verify, this function returns 0. For
|
|
* uniformly random 32-byte arrays the chance of being invalid
|
|
* is negligible (around 1 in 2^128) (cannot be NULL).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_EXTRAKEYS_H */
|