From 18c329c5067f96dac4ee127ae51a9742e8e26c91 Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Sun, 26 Jul 2015 16:51:58 +0200 Subject: [PATCH] Remove the internal secp256k1_ecdsa_sig_t type --- src/ecdsa.h | 14 ++++------ src/ecdsa_impl.h | 50 ++++++++++++++++++------------------ src/secp256k1.c | 66 ++++++++++++++++++++++++------------------------ src/tests.c | 62 ++++++++++++++++++++++----------------------- 4 files changed, 94 insertions(+), 98 deletions(-) diff --git a/src/ecdsa.h b/src/ecdsa.h index 4ef78e8afb5..c361728e573 100644 --- a/src/ecdsa.h +++ b/src/ecdsa.h @@ -11,14 +11,10 @@ #include "group.h" #include "ecmult.h" -typedef struct { - secp256k1_scalar_t r, s; -} secp256k1_ecdsa_sig_t; - -static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size); -static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a); -static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message); -static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid); -static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid); +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *r, secp256k1_scalar_t *s, const unsigned char *sig, int size); +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_scalar_t *r, const secp256k1_scalar_t *s); +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message); +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t* r, secp256k1_scalar_t* s, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid); +static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid); #endif diff --git a/src/ecdsa_impl.h b/src/ecdsa_impl.h index 7278c9331dd..c0c44fa1827 100644 --- a/src/ecdsa_impl.h +++ b/src/ecdsa_impl.h @@ -46,7 +46,7 @@ static const secp256k1_fe_t secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_C 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL ); -static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) { +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *rr, secp256k1_scalar_t *rs, const unsigned char *sig, int size) { unsigned char ra[32] = {0}, sa[32] = {0}; const unsigned char *rp; const unsigned char *sp; @@ -98,23 +98,23 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch memcpy(ra + 32 - lenr, rp, lenr); memcpy(sa + 32 - lens, sp, lens); overflow = 0; - secp256k1_scalar_set_b32(&r->r, ra, &overflow); + secp256k1_scalar_set_b32(rr, ra, &overflow); if (overflow) { return 0; } - secp256k1_scalar_set_b32(&r->s, sa, &overflow); + secp256k1_scalar_set_b32(rs, sa, &overflow); if (overflow) { return 0; } return 1; } -static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) { +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_scalar_t* ar, const secp256k1_scalar_t* as) { unsigned char r[33] = {0}, s[33] = {0}; unsigned char *rp = r, *sp = s; int lenR = 33, lenS = 33; - secp256k1_scalar_get_b32(&r[1], &a->r); - secp256k1_scalar_get_b32(&s[1], &a->s); + secp256k1_scalar_get_b32(&r[1], ar); + secp256k1_scalar_get_b32(&s[1], as); while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } if (*size < 6+lenS+lenR) { @@ -133,26 +133,26 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se return 1; } -static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) { +static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t *sigs, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) { unsigned char c[32]; secp256k1_scalar_t sn, u1, u2; secp256k1_fe_t xr; secp256k1_gej_t pubkeyj; secp256k1_gej_t pr; - if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) { + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { return 0; } - secp256k1_scalar_inverse_var(&sn, &sig->s); + secp256k1_scalar_inverse_var(&sn, sigs); secp256k1_scalar_mul(&u1, &sn, message); - secp256k1_scalar_mul(&u2, &sn, &sig->r); + secp256k1_scalar_mul(&u2, &sn, sigr); secp256k1_gej_set_ge(&pubkeyj, pubkey); secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); if (secp256k1_gej_is_infinity(&pr)) { return 0; } - secp256k1_scalar_get_b32(c, &sig->r); + secp256k1_scalar_get_b32(c, sigr); secp256k1_fe_set_b32(&xr, c); /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) @@ -187,7 +187,7 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, con return 0; } -static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) { +static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t* sigs, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) { unsigned char brx[32]; secp256k1_fe_t fx; secp256k1_ge_t x; @@ -195,11 +195,11 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, co secp256k1_scalar_t rn, u1, u2; secp256k1_gej_t qj; - if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) { + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { return 0; } - secp256k1_scalar_get_b32(brx, &sig->r); + secp256k1_scalar_get_b32(brx, sigr); VERIFY_CHECK(secp256k1_fe_set_b32(&fx, brx)); /* brx comes from a scalar, so is less than the order; certainly less than p */ if (recid & 2) { if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) { @@ -211,16 +211,16 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, co return 0; } secp256k1_gej_set_ge(&xj, &x); - secp256k1_scalar_inverse_var(&rn, &sig->r); + secp256k1_scalar_inverse_var(&rn, sigr); secp256k1_scalar_mul(&u1, &rn, message); secp256k1_scalar_negate(&u1, &u1); - secp256k1_scalar_mul(&u2, &rn, &sig->s); + secp256k1_scalar_mul(&u2, &rn, sigs); secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1); secp256k1_ge_set_gej_var(pubkey, &qj); return !secp256k1_gej_is_infinity(&qj); } -static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) { +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t *sigr, secp256k1_scalar_t *sigs, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) { unsigned char b[32]; secp256k1_gej_t rp; secp256k1_ge_t r; @@ -232,8 +232,8 @@ static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, s secp256k1_fe_normalize(&r.x); secp256k1_fe_normalize(&r.y); secp256k1_fe_get_b32(b, &r.x); - secp256k1_scalar_set_b32(&sig->r, b, &overflow); - if (secp256k1_scalar_is_zero(&sig->r)) { + secp256k1_scalar_set_b32(sigr, b, &overflow); + if (secp256k1_scalar_is_zero(sigr)) { /* P.x = order is on the curve, so technically sig->r could end up zero, which would be an invalid signature. */ secp256k1_gej_clear(&rp); secp256k1_ge_clear(&r); @@ -242,18 +242,18 @@ static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, s if (recid) { *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0); } - secp256k1_scalar_mul(&n, &sig->r, seckey); + secp256k1_scalar_mul(&n, sigr, seckey); secp256k1_scalar_add(&n, &n, message); - secp256k1_scalar_inverse(&sig->s, nonce); - secp256k1_scalar_mul(&sig->s, &sig->s, &n); + secp256k1_scalar_inverse(sigs, nonce); + secp256k1_scalar_mul(sigs, sigs, &n); secp256k1_scalar_clear(&n); secp256k1_gej_clear(&rp); secp256k1_ge_clear(&r); - if (secp256k1_scalar_is_zero(&sig->s)) { + if (secp256k1_scalar_is_zero(sigs)) { return 0; } - if (secp256k1_scalar_is_high(&sig->s)) { - secp256k1_scalar_negate(&sig->s, &sig->s); + if (secp256k1_scalar_is_high(sigs)) { + secp256k1_scalar_negate(sigs, sigs); if (recid) { *recid ^= 1; } diff --git a/src/secp256k1.c b/src/secp256k1.c index 61bc8b99e76..7247c0f4eb3 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -108,42 +108,42 @@ int secp256k1_ec_pubkey_serialize(const secp256k1_context_t* ctx, unsigned char return secp256k1_eckey_pubkey_serialize(&Q, output, outputlen, compressed); } -static void secp256k1_ecdsa_signature_load(secp256k1_ecdsa_sig_t* s, int* recid, const secp256k1_ecdsa_signature_t* sig) { +static void secp256k1_ecdsa_signature_load(secp256k1_scalar_t* r, secp256k1_scalar_t* s, int* recid, const secp256k1_ecdsa_signature_t* sig) { if (sizeof(secp256k1_scalar_t) == 32) { /* When the secp256k1_scalar_t type is exactly 32 byte, use its * representation inside secp256k1_ecdsa_signature_t, as conversion is very fast. * Note that secp256k1_ecdsa_signature_save must use the same representation. */ - memcpy(&s->r, &sig->data[0], 32); - memcpy(&s->s, &sig->data[32], 32); + memcpy(r, &sig->data[0], 32); + memcpy(s, &sig->data[32], 32); } else { - secp256k1_scalar_set_b32(&s->r, &sig->data[0], NULL); - secp256k1_scalar_set_b32(&s->s, &sig->data[32], NULL); + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); } if (recid) { *recid = sig->data[64]; } } -static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature_t* sig, const secp256k1_ecdsa_sig_t* s, int recid) { +static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature_t* sig, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, int recid) { if (sizeof(secp256k1_scalar_t) == 32) { - memcpy(&sig->data[0], &s->r, 32); - memcpy(&sig->data[32], &s->s, 32); + memcpy(&sig->data[0], r, 32); + memcpy(&sig->data[32], s, 32); } else { - secp256k1_scalar_get_b32(&sig->data[0], &s->r); - secp256k1_scalar_get_b32(&sig->data[32], &s->s); + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); } sig->data[64] = recid; } int secp256k1_ecdsa_signature_parse_der(const secp256k1_context_t* ctx, secp256k1_ecdsa_signature_t* sig, const unsigned char *input, int inputlen) { - secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t r, s; (void)ctx; DEBUG_CHECK(sig != NULL); DEBUG_CHECK(input != NULL); - if (secp256k1_ecdsa_sig_parse(&s, input, inputlen)) { - secp256k1_ecdsa_signature_save(sig, &s, -1); + if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) { + secp256k1_ecdsa_signature_save(sig, &r, &s, -1); return 1; } else { memset(sig, 0, sizeof(*sig)); @@ -152,7 +152,7 @@ int secp256k1_ecdsa_signature_parse_der(const secp256k1_context_t* ctx, secp256k } int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context_t* ctx, secp256k1_ecdsa_signature_t* sig, const unsigned char *input64, int recid) { - secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t r, s; int ret = 1; int overflow = 0; @@ -160,13 +160,13 @@ int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context_t* ctx, secp DEBUG_CHECK(sig != NULL); DEBUG_CHECK(input64 != NULL); - secp256k1_scalar_set_b32(&s.r, &input64[0], &overflow); + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - secp256k1_scalar_set_b32(&s.s, &input64[32], &overflow); + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; ret &= (recid == -1 || (recid >= 0 && recid < 4)); if (ret) { - secp256k1_ecdsa_signature_save(sig, &s, recid); + secp256k1_ecdsa_signature_save(sig, &r, &s, recid); } else { memset(sig, 0, sizeof(*sig)); } @@ -174,28 +174,28 @@ int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context_t* ctx, secp } int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context_t* ctx, unsigned char *output, int *outputlen, const secp256k1_ecdsa_signature_t* sig) { - secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t r, s; (void)ctx; DEBUG_CHECK(output != NULL); DEBUG_CHECK(outputlen != NULL); DEBUG_CHECK(sig != NULL); - secp256k1_ecdsa_signature_load(&s, NULL, sig); - return secp256k1_ecdsa_sig_serialize(output, outputlen, &s); + secp256k1_ecdsa_signature_load(&r, &s, NULL, sig); + return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); } int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context_t* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_signature_t* sig) { - secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t r, s; int rec; (void)ctx; DEBUG_CHECK(output64 != NULL); DEBUG_CHECK(sig != NULL); - secp256k1_ecdsa_signature_load(&s, &rec, sig); - secp256k1_scalar_get_b32(&output64[0], &s.r); - secp256k1_scalar_get_b32(&output64[32], &s.s); + secp256k1_ecdsa_signature_load(&r, &s, &rec, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); if (recid) { DEBUG_CHECK(rec >= 0 && rec < 4); *recid = rec; @@ -205,7 +205,7 @@ int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context_t* ctx, int secp256k1_ecdsa_verify(const secp256k1_context_t* ctx, const unsigned char *msg32, const secp256k1_ecdsa_signature_t *sig, const secp256k1_pubkey_t *pubkey) { secp256k1_ge_t q; - secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t r, s; secp256k1_scalar_t m; DEBUG_CHECK(ctx != NULL); DEBUG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); @@ -215,8 +215,8 @@ int secp256k1_ecdsa_verify(const secp256k1_context_t* ctx, const unsigned char * secp256k1_scalar_set_b32(&m, msg32, NULL); secp256k1_pubkey_load(&q, pubkey); - secp256k1_ecdsa_signature_load(&s, NULL, sig); - return secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &s, &q, &m); + secp256k1_ecdsa_signature_load(&r, &s, NULL, sig); + return secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m); } static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) { @@ -245,7 +245,7 @@ const secp256k1_nonce_function_t secp256k1_nonce_function_rfc6979 = nonce_functi const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979; int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *msg32, secp256k1_ecdsa_signature_t *signature, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) { - secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t r, s; secp256k1_scalar_t sec, non, msg; int recid; int ret = 0; @@ -273,7 +273,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms secp256k1_scalar_set_b32(&non, nonce32, &overflow); memset(nonce32, 0, 32); if (!secp256k1_scalar_is_zero(&non) && !overflow) { - if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &sig, &sec, &msg, &non, &recid)) { + if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, &recid)) { break; } } @@ -284,7 +284,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms secp256k1_scalar_clear(&sec); } if (ret) { - secp256k1_ecdsa_signature_save(signature, &sig, recid); + secp256k1_ecdsa_signature_save(signature, &r, &s, recid); } else { memset(signature, 0, sizeof(*signature)); } @@ -293,7 +293,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms int secp256k1_ecdsa_recover(const secp256k1_context_t* ctx, const unsigned char *msg32, const secp256k1_ecdsa_signature_t *signature, secp256k1_pubkey_t *pubkey) { secp256k1_ge_t q; - secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t r, s; secp256k1_scalar_t m; int recid; DEBUG_CHECK(ctx != NULL); @@ -302,10 +302,10 @@ int secp256k1_ecdsa_recover(const secp256k1_context_t* ctx, const unsigned char DEBUG_CHECK(signature != NULL); DEBUG_CHECK(pubkey != NULL); - secp256k1_ecdsa_signature_load(&sig, &recid, signature); + secp256k1_ecdsa_signature_load(&r, &s, &recid, signature); DEBUG_CHECK(recid >= 0 && recid < 4); secp256k1_scalar_set_b32(&m, msg32, NULL); - if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &sig, &q, &m, recid)) { + if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { secp256k1_pubkey_save(pubkey, &q); return 1; } else { diff --git a/src/tests.c b/src/tests.c index 0f532278d99..6fa7bf86295 100644 --- a/src/tests.c +++ b/src/tests.c @@ -111,7 +111,7 @@ void run_context_tests(void) { secp256k1_gej_t pubj; secp256k1_ge_t pub; secp256k1_scalar_t msg, key, nonce; - secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t sigr, sigs; /*** clone and destroy all of them to make sure cloning was complete ***/ { @@ -132,15 +132,15 @@ void run_context_tests(void) { /* obtain a working nonce */ do { random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sig, &key, &msg, &nonce, NULL)); + } while(!secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try signing */ - CHECK(secp256k1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sig, &key, &msg, &nonce, NULL)); - CHECK(secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sig, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try verifying */ - CHECK(secp256k1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sig, &pub, &msg)); - CHECK(secp256k1_ecdsa_sig_verify(&both->ecmult_ctx, &sig, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); /* cleanup */ secp256k1_context_destroy(none); @@ -1488,11 +1488,11 @@ void run_ecmult_gen_blind(void) { } -void random_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *key, const secp256k1_scalar_t *msg, int *recid) { +void random_sign(secp256k1_scalar_t *sigr, secp256k1_scalar_t *sigs, const secp256k1_scalar_t *key, const secp256k1_scalar_t *msg, int *recid) { secp256k1_scalar_t nonce; do { random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sig, key, msg, &nonce, recid)); + } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); } void test_ecdsa_sign_verify(void) { @@ -1500,7 +1500,7 @@ void test_ecdsa_sign_verify(void) { secp256k1_ge_t pub; secp256k1_scalar_t one; secp256k1_scalar_t msg, key; - secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t sigr, sigs; int recid; int getrec; random_scalar_order_test(&msg); @@ -1508,14 +1508,14 @@ void test_ecdsa_sign_verify(void) { secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); secp256k1_ge_set_gej(&pub, &pubj); getrec = secp256k1_rand32()&1; - random_sign(&sig, &key, &msg, getrec?&recid:NULL); + random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); if (getrec) { CHECK(recid >= 0 && recid < 4); } - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sig, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); secp256k1_scalar_set_int(&one, 1); secp256k1_scalar_add(&msg, &msg, &one); - CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sig, &pub, &msg)); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); } void run_ecdsa_sign_verify(void) { @@ -1926,15 +1926,15 @@ void test_ecdsa_edge_cases(void) { secp256k1_gej_t keyj; secp256k1_ge_t key; secp256k1_scalar_t msg; - secp256k1_ecdsa_sig_t s; - secp256k1_scalar_set_int(&s.s, 1); - secp256k1_scalar_negate(&s.s, &s.s); - secp256k1_scalar_inverse(&s.s, &s.s); - secp256k1_scalar_set_int(&s.r, 1); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &s.r); + secp256k1_scalar_t sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_negate(&ss, &ss); + secp256k1_scalar_inverse(&ss, &ss); + secp256k1_scalar_set_int(&sr, 1); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); secp256k1_ge_set_gej(&key, &keyj); - msg = s.s; - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &s, &key, &msg) == 0); + msg = ss; + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); } /* Test r/s equal to zero */ @@ -2018,7 +2018,7 @@ void test_ecdsa_edge_cases(void) { unsigned char key[32]; unsigned char msg[32]; secp256k1_ecdsa_signature_t sig2; - secp256k1_ecdsa_sig_t s[512]; + secp256k1_scalar_t sr[512], ss; const unsigned char *extra; extra = t == 0 ? NULL : zero; memset(msg, 0, 32); @@ -2051,9 +2051,9 @@ void test_ecdsa_edge_cases(void) { msg[0] = i; CHECK(secp256k1_ecdsa_sign(ctx, msg, &sig2, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(&s[i], NULL, &sig2); + secp256k1_ecdsa_signature_load(&sr[i], &ss, NULL, &sig2); for (j = 0; j < i; j++) { - CHECK(!secp256k1_scalar_eq(&s[i].r, &s[j].r)); + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } } msg[0] = 0; @@ -2064,9 +2064,9 @@ void test_ecdsa_edge_cases(void) { key[0] = i - 256; CHECK(secp256k1_ecdsa_sign(ctx, msg, &sig2, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(&s[i], NULL, &sig2); + secp256k1_ecdsa_signature_load(&sr[i], &ss, NULL, &sig2); for (j = 0; j < i; j++) { - CHECK(!secp256k1_scalar_eq(&s[i].r, &s[j].r)); + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } } key[0] = 0; @@ -2107,7 +2107,7 @@ EC_KEY *get_openssl_key(const secp256k1_scalar_t *key) { void test_ecdsa_openssl(void) { secp256k1_gej_t qj; secp256k1_ge_t q; - secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t sigr, sigs; secp256k1_scalar_t one; secp256k1_scalar_t msg2; secp256k1_scalar_t key, msg; @@ -2124,14 +2124,14 @@ void test_ecdsa_openssl(void) { ec_key = get_openssl_key(&key); CHECK(ec_key); CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); - CHECK(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize)); - CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sig, &q, &msg)); + CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); + CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); secp256k1_scalar_set_int(&one, 1); secp256k1_scalar_add(&msg2, &msg, &one); - CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sig, &q, &msg2)); + CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); - random_sign(&sig, &key, &msg, NULL); - CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sig)); + random_sign(&sigr, &sigs, &key, &msg, NULL); + CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); EC_KEY_free(ec_key);