mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-12-11 21:22:47 +01:00
afb7a6fe06
8746600eec Merge bitcoin-core/secp256k1#1093: hash: Make code agnostic of endianness 37d36927df tests: Add tests for _read_be32 and _write_be32 912b7ccc44 Merge bitcoin-core/secp256k1#1094: doc: Clarify configure flags for optional modules 55512d30b7 doc: clean up module help text in configure.ac d9d94a9969 doc: mention optional modules in README 616b43dd3b util: Remove endianness detection 8d89b9e6e5 hash: Make code agnostic of endianness d0ad5814a5 Merge bitcoin-core/secp256k1#995: build: stop treating schnorrsig, extrakeys modules as experimental 1ac7e31c5b Merge bitcoin-core/secp256k1#1089: Schnorrsig API improvements 587239dbe3 Merge bitcoin-core/secp256k1#731: Change SHA256 byte counter from size_t to uint64_t f8d9174357 Add SHA256 bit counter tests 7f09d0f311 README: mention that ARM assembly is experimental b8f8b99f0f docs: Fix return value for functions that don't have invalid inputs f813bb0df3 schnorrsig: Adapt example to new API 99e6568fc6 schnorrsig: Rename schnorrsig_sign to schnorsig_sign32 and deprecate fc94a2da44 Use SECP256K1_DEPRECATED for existing deprecated API functions 3db0560606 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated 80cf4eea5f build: stop treating schnorrsig, extrakeys modules as experimental e0508ee9db Merge bitcoin-core/secp256k1#1090: configure: Remove redundant pkg-config code 21b2ebaf74 configure: Remove redundant pkg-config code 0e5cbd01b3 Merge bitcoin-core/secp256k1#1088: configure: Use modern way to set AR 0d253d52e8 configure: Use modern way to set AR 9b514ce1d2 Add test vector for very long SHA256 messages 8e3dde1137 Simplify struct initializer for SHA256 padding eb28464a8b Change SHA256 byte counter from size_t to uint64_t ac83be33d0 Merge bitcoin-core/secp256k1#1079: configure: Add hidden --enable-dev-mode to enable all the stuff e0838d663d configure: Add hidden --enable-dev-mode to enable all the stuff fabd579dfa configure: Remove redundant code that sets _enable variables 0d4226c051 configure: Use canonical variable prefix _enable consistently 64b34979ed Merge bitcoin-core/secp256k1#748: Add usage examples 7c9502cece Add a copy of the CC0 license to the examples 42e03432e6 Add usage examples to the readme 517644eab1 Optionally compile the examples in autotools, compile+run in travis 422a7cc86a Add a ecdh shared secret example b0cfbcc143 Add a Schnorr signing and verifying example fee7d4bf9e Add an ECDSA signing and verifying example 1253a27756 Merge bitcoin-core/secp256k1#1033: Add _fe_half and use in _gej_add_ge and _gej_double 3ef94aa5ba Merge bitcoin-core/secp256k1#1026: ecdh: Add test computing shared_secret=basepoint with random inputs 3531a43b5b ecdh: Make generator_basepoint test depend on global iteration count c881dd49bd ecdh: Add test computing shared_secret=basepoint with random inputs 077528317d Merge bitcoin-core/secp256k1#1074: ci: Retry brew update a few times to avoid random failures e51ad3b737 ci: Retry `brew update` a few times to avoid random failures b1cb969e8a ci: Revert "Attempt to make macOS builds more reliable" 5dcc6f8dbd Merge bitcoin-core/secp256k1#1069: build: Replace use of deprecated autoconf macro AC_PROG_CC_C89 59547943d6 Merge bitcoin-core/secp256k1#1072: ci: Attempt to make macOS builds more reliable 85b00a1c65 Merge bitcoin-core/secp256k1#1068: sage: Fix incompatibility with sage 9.4 ebb1beea78 sage: Ensure that constraints are always fastfracs d8d54859ed ci: Run sage prover on CI 77cfa98dbc sage: Normalize sign of polynomial factors in prover eae75869cf sage: Exit with non-zero status in case of failures d9396a56da ci: Attempt to make macOS builds more reliable e0db3f8a25 build: Replace use of deprecated autoconf macro AC_PROG_CC_C89 e848c3799c Update sage files for new formulae d64bb5d4f3 Add fe_half tests for worst-case inputs b54d843eac sage: Fix printing of errors 4eb8b932ff Further improve doubling formula using fe_half 557b31fac3 Doubling formula using fe_half 2cbb4b1a42 Run more iterations of run_field_misc 9cc5c257ed Add test for secp256k1_fe_half 925f78d55e Add _fe_half and use in _gej_add_ge e108d0039c sage: Fix incompatibility with sage 9.4 d8a2463246 Merge bitcoin-core/secp256k1#899: Reduce stratch space needed by ecmult_strauss_wnaf. 0a40a4861a Merge bitcoin-core/secp256k1#1049: Faster fixed-input ecmult tests 070e772211 Faster fixed-input ecmult tests c8aa516b57 Merge bitcoin-core/secp256k1#1064: Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes #1063 b797a500ec Create a SECP256K1_ECMULT_TABLE_VERIFY macro. a731200cc3 Replace ECMULT_TABLE_GET_GE_STORAGE macro with a function. fe34d9f341 Eliminate input_pos state field from ecmult_strauss_wnaf. 0397d00ba0 Eliminate na_1 and na_lam state fields from ecmult_strauss_wnaf. 7ba3ffcca0 Remove the unused pre_a_lam allocations. b3b57ad6ee Eliminate the pre_a_lam array from ecmult_strauss_wnaf. ae7ba0f922 Remove the unused prej allocations. e5c18892db Eliminate the prej array from ecmult_strauss_wnaf. c9da1baad1 Move secp256k1_fe_one to field.h 45f37b6506 Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes #1063. a1102b1219 Merge bitcoin-core/secp256k1#1029: Simpler and faster ecdh skew fixup e82144edfb Fixup skew before global Z fixup 40b624c90b Add tests for _gej_cmov 8c13a9bfe1 ECDH skews by 0 or 1 1515099433 Simpler and faster ecdh skew fixup 39a36db94a Merge bitcoin-core/secp256k1#1054: tests: Fix test whose result is implementation-defined a310e79ee5 Merge bitcoin-core/secp256k1#1052: Use xoshiro256++ instead of RFC6979 for tests 423b6d19d3 Merge bitcoin-core/secp256k1#964: Add release-process.md 9281c9f4e1 Merge bitcoin-core/secp256k1#1053: ecmult: move `_ecmult_odd_multiples_table_globalz_windowa` 77a19750b4 Use xoshiro256++ PRNG instead of RFC6979 in tests 5f2efe684e secp256k1_testrand_int(2**N) -> secp256k1_testrand_bits(N) 05e049b73c ecmult: move `_ecmult_odd_multiples_table_globalz_windowa` 3d7cbafb5f tests: Fix test whose result is implementation-defined 3ed0d02bf7 doc: add CHANGELOG template 6f42dc16c8 doc: add release_process.md 0bd3e4243c build: set library version to 0.0.0 explicitly b4b02fd8c4 build: change libsecp version from 0.1 to 0.1.0-pre 09971a3ffd Merge bitcoin-core/secp256k1#1047: ci: Various improvements 0b83b203e1 Merge bitcoin-core/secp256k1#1030: doc: Fix upper bounds + cleanup in field_5x52_impl.h comment 1287786c7a doc: Add comment to top of field_10x26_impl.h 58da5bd589 doc: Fix upper bounds + cleanup in field_5x52_impl.h comment b39d431aed Merge bitcoin-core/secp256k1#1044: Add another ecmult_multi test b4ac1a1d5f ci: Run valgrind/memcheck tasks with 2 CPUs e70acab601 ci: Use Cirrus "greedy" flag to use idle CPU time when available d07e30176e ci: Update brew on macOS 22382f0ea0 ci: Test different ecmult window sizes a69df3ad24 Merge bitcoin-core/secp256k1#816: Improve checks at top of _fe_negate methods 22d25c8e0a Add another ecmult_multi test 515e7953ca Improve checks at top of _fe_negate methods 26a022a3a0 ci: Remove STATICPRECOMPUTATION 10461d8bd3 precompute_ecmult: Always compute all tables up to default WINDOW_G be6944ade9 Merge bitcoin-core/secp256k1#1042: Follow-ups to making all tables fully static e05da9e480 Fix c++ build c45386d994 Cleanup preprocessor indentation in precompute{,d}_ecmult{,_gen} 19d96e15f9 Split off .c file from precomputed_ecmult.h 1a6691adae Split off .c file from precomputed_ecmult_gen.h bb36331412 Simplify precompute_ecmult_print_* 38cd84a0cb Compute ecmult tables at runtime for tests_exhaustive e458ec26d6 Move ecmult table computation code to separate file fc1bf9f15f Split ecmult table computation and printing 31feab053b Rename function secp256k1_ecmult_gen_{create_prec -> compute}_table 725370c3f2 Rename ecmult_gen_prec -> ecmult_gen_compute_table 075252c1b7 Rename ecmult_static_pre_g -> precomputed_ecmult 7cf47f72bc Rename ecmult_gen_static_prec_table -> precomputed_ecmult_gen f95b8106d0 Rename gen_ecmult_static_pre_g -> precompute_ecmult bae77685eb Rename gen_ecmult_gen_static_prec_table -> precompute_ecmult_gen git-subtree-dir: src/secp256k1 git-subtree-split: 8746600eec5e7fcd35dabd480839a3a4bdfee87b
250 lines
11 KiB
C
250 lines
11 KiB
C
#ifndef SECP256K1_EXTRAKEYS_H
|
|
#define SECP256K1_EXTRAKEYS_H
|
|
|
|
#include "secp256k1.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Opaque data structure that holds a parsed and valid "x-only" public key.
|
|
* An x-only pubkey encodes a point whose Y coordinate is even. It is
|
|
* serialized using only its X coordinate (32 bytes). See BIP-340 for more
|
|
* information about x-only pubkeys.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
|
|
* If you need to convert to a format suitable for storage, transmission, use
|
|
* use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To
|
|
* compare keys, use secp256k1_xonly_pubkey_cmp.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[64];
|
|
} secp256k1_xonly_pubkey;
|
|
|
|
/** Opaque data structure that holds a keypair consisting of a secret and a
|
|
* public key.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
|
|
*/
|
|
typedef struct {
|
|
unsigned char data[96];
|
|
} secp256k1_keypair;
|
|
|
|
/** Parse a 32-byte sequence into a xonly_pubkey object.
|
|
*
|
|
* Returns: 1 if the public key was fully valid.
|
|
* 0 if the public key could not be parsed or is invalid.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
|
|
* parsed version of input. If not, it's set to an invalid value.
|
|
* In: input32: pointer to a serialized xonly_pubkey.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey* pubkey,
|
|
const unsigned char *input32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Serialize an xonly_pubkey object into a 32-byte sequence.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: a secp256k1 context object.
|
|
* Out: output32: a pointer to a 32-byte array to place the serialized key in.
|
|
* In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an initialized public key.
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_serialize(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *output32,
|
|
const secp256k1_xonly_pubkey* pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Compare two x-only public keys using lexicographic order
|
|
*
|
|
* Returns: <0 if the first public key is less than the second
|
|
* >0 if the first public key is greater than the second
|
|
* 0 if the two public keys are equal
|
|
* Args: ctx: a secp256k1 context object.
|
|
* In: pubkey1: first public key to compare
|
|
* pubkey2: second public key to compare
|
|
*/
|
|
SECP256K1_API int secp256k1_xonly_pubkey_cmp(
|
|
const secp256k1_context* ctx,
|
|
const secp256k1_xonly_pubkey* pk1,
|
|
const secp256k1_xonly_pubkey* pk2
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
|
|
*
|
|
* Returns: 1 always.
|
|
*
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: xonly_pubkey: pointer to an x-only public key object for placing the converted public key.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that
|
|
* will be set to 1 if the point encoded by xonly_pubkey is
|
|
* the negation of the pubkey and set to 0 otherwise.
|
|
* In: pubkey: pointer to a public key that is converted.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *xonly_pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_pubkey *pubkey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak an x-only public key by adding the generator multiplied with tweak32
|
|
* to it.
|
|
*
|
|
* Note that the resulting point can not in general be represented by an x-only
|
|
* pubkey because it may have an odd Y coordinate. Instead, the output_pubkey
|
|
* is a normal secp256k1_pubkey.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting public key would be
|
|
* invalid (only when the tweak is the negation of the corresponding
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* Out: output_pubkey: pointer to a public key to store the result. Will be set
|
|
* to an invalid value if this function returns 0.
|
|
* In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak. If the tweak is invalid
|
|
* according to secp256k1_ec_seckey_verify, this function
|
|
* returns 0. For uniformly random 32-byte arrays the
|
|
* chance of being invalid is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *output_pubkey,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Checks that a tweaked pubkey is the result of calling
|
|
* secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.
|
|
*
|
|
* The tweaked pubkey is represented by its 32-byte x-only serialization and
|
|
* its pk_parity, which can both be obtained by converting the result of
|
|
* tweak_add to a secp256k1_xonly_pubkey.
|
|
*
|
|
* Note that this alone does _not_ verify that the tweaked pubkey is a
|
|
* commitment. If the tweak is not chosen in a specific way, the tweaked pubkey
|
|
* can easily be the result of a different internal_pubkey and tweak.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the tweaked pubkey is not the
|
|
* result of tweaking the internal_pubkey with tweak32. 1 otherwise.
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* In: tweaked_pubkey32: pointer to a serialized xonly_pubkey.
|
|
* tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization
|
|
* is passed in as tweaked_pubkey32). This must match the
|
|
* pk_parity value that is returned when calling
|
|
* secp256k1_xonly_pubkey with the tweaked pubkey, or
|
|
* this function will fail.
|
|
* internal_pubkey: pointer to an x-only public key object to apply the tweak to.
|
|
* tweak32: pointer to a 32-byte tweak.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(
|
|
const secp256k1_context* ctx,
|
|
const unsigned char *tweaked_pubkey32,
|
|
int tweaked_pk_parity,
|
|
const secp256k1_xonly_pubkey *internal_pubkey,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
|
|
|
|
/** Compute the keypair for a secret key.
|
|
*
|
|
* Returns: 1: secret was valid, keypair is ready to use
|
|
* 0: secret was invalid, try again with a different secret
|
|
* Args: ctx: pointer to a context object, initialized for signing.
|
|
* Out: keypair: pointer to the created keypair.
|
|
* In: seckey: pointer to a 32-byte secret key.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *seckey
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the secret key from a keypair.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: seckey: pointer to a 32-byte buffer for the secret key.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(
|
|
const secp256k1_context* ctx,
|
|
unsigned char *seckey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the public key from a keypair.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to
|
|
* the keypair public key. If not, it's set to an invalid value.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_pubkey *pubkey,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Get the x-only public key from a keypair.
|
|
*
|
|
* This is the same as calling secp256k1_keypair_pub and then
|
|
* secp256k1_xonly_pubkey_from_pubkey.
|
|
*
|
|
* Returns: 1 always.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set
|
|
* to the keypair public key after converting it to an
|
|
* xonly_pubkey. If not, it's set to an invalid value.
|
|
* pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the
|
|
* pk_parity argument of secp256k1_xonly_pubkey_from_pubkey.
|
|
* In: keypair: pointer to a keypair.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_xonly_pubkey *pubkey,
|
|
int *pk_parity,
|
|
const secp256k1_keypair *keypair
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Tweak a keypair by adding tweak32 to the secret key and updating the public
|
|
* key accordingly.
|
|
*
|
|
* Calling this function and then secp256k1_keypair_pub results in the same
|
|
* public key as calling secp256k1_keypair_xonly_pub and then
|
|
* secp256k1_xonly_pubkey_tweak_add.
|
|
*
|
|
* Returns: 0 if the arguments are invalid or the resulting keypair would be
|
|
* invalid (only when the tweak is the negation of the keypair's
|
|
* secret key). 1 otherwise.
|
|
*
|
|
* Args: ctx: pointer to a context object initialized for verification.
|
|
* In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to
|
|
* an invalid value if this function returns 0.
|
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according
|
|
* to secp256k1_ec_seckey_verify, this function returns 0. For
|
|
* uniformly random 32-byte arrays the chance of being invalid
|
|
* is negligible (around 1 in 2^128).
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_keypair *keypair,
|
|
const unsigned char *tweak32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_EXTRAKEYS_H */
|