PRCYCoin  2.0.0.7rc1
P2P Digital Currency
secp256k1_2.c
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2013-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #include "include/secp256k1_2.h"
8 
9 #include "util.h"
10 #include "num_impl.h"
11 #include "field_impl.h"
12 #include "scalar_impl.h"
13 #include "group_impl.h"
14 #include "ecmult_impl.h"
15 #include "ecmult_const_impl.h"
16 #include "ecmult_gen_impl.h"
17 #include "ecdsa_impl.h"
18 #include "eckey_impl.h"
19 #include "hash_impl.h"
20 #include "scratch_impl.h"
21 
22 #ifdef ENABLE_MODULE_GENERATOR
23 # include "include/secp256k1_generator.h"
24 #endif
25 
26 #ifdef ENABLE_MODULE_COMMITMENT
27 # include "include/secp256k1_commitment.h"
28 #endif
29 
30 #ifdef ENABLE_MODULE_RANGEPROOF
31 # include "include/secp256k1_rangeproof.h"
32 #endif
33 
34 #ifdef ENABLE_MODULE_BULLETPROOF
35 # include "include/secp256k1_bulletproofs.h"
36 #endif
37 
38 #define ARG_CHECK(cond) do { \
39  if (EXPECT(!(cond), 0)) { \
40  secp256k1_callback_call(&ctx->illegal_callback, #cond); \
41  return 0; \
42  } \
43 } while(0)
44 
45 static void default_illegal_callback_fn(const char* str, void* data) {
46  (void)data;
47  fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str);
48  abort();
49 }
50 
51 static const secp256k1_callback default_illegal_callback = {
52  default_illegal_callback_fn,
53  NULL
54 };
55 
56 static void default_error_callback_fn(const char* str, void* data) {
57  (void)data;
58  fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str);
59  abort();
60 }
61 
62 static const secp256k1_callback default_error_callback = {
63  default_error_callback_fn,
64  NULL
65 };
66 
67 
68 struct secp256k1_context_struct2 {
69  secp256k1_ecmult_context ecmult_ctx;
70  secp256k1_ecmult_gen_context ecmult_gen_ctx;
71  secp256k1_callback illegal_callback;
72  secp256k1_callback error_callback;
73 };
74 
75 secp256k1_context2* secp256k1_context_create2(unsigned int flags) {
76  secp256k1_context2* ret = (secp256k1_context2*)checked_malloc(&default_error_callback, sizeof(secp256k1_context2));
77  ret->illegal_callback = default_illegal_callback;
78  ret->error_callback = default_error_callback;
79 
80  if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) {
81  printf("\n illegal_callback flasg\n");
82  secp256k1_callback_call(&ret->illegal_callback,
83  "Invalid flags");
84  free(ret);
85  return NULL;
86  }
87 
88  secp256k1_ecmult_context_init(&ret->ecmult_ctx);
89  secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx);
90 
91  if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) {
92  secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &ret->error_callback);
93  }
94  if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) {
95  secp256k1_ecmult_context_build(&ret->ecmult_ctx, &ret->error_callback);
96  }
97 
98  return ret;
99 }
100 
101 secp256k1_context2* secp256k1_context_clone(const secp256k1_context2* ctx) {
102  secp256k1_context2* ret = (secp256k1_context2*)checked_malloc(&ctx->error_callback, sizeof(secp256k1_context2));
103  ret->illegal_callback = ctx->illegal_callback;
104  ret->error_callback = ctx->error_callback;
105  secp256k1_ecmult_context_clone(&ret->ecmult_ctx, &ctx->ecmult_ctx, &ctx->error_callback);
106  secp256k1_ecmult_gen_context_clone(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx, &ctx->error_callback);
107  return ret;
108 }
109 
110 void secp256k1_context_destroy(secp256k1_context2* ctx) {
111  if (ctx != NULL) {
112  secp256k1_ecmult_context_clear(&ctx->ecmult_ctx);
113  secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx);
114 
115  free(ctx);
116  }
117 }
118 
119 void secp256k1_context_set_illegal_callback(secp256k1_context2* ctx, void (*fun)(const char* message, void* data), const void* data) {
120  if (fun == NULL) {
121  fun = default_illegal_callback_fn;
122  }
123  ctx->illegal_callback.fn = fun;
124  ctx->illegal_callback.data = data;
125 }
126 
127 void secp256k1_context_set_error_callback(secp256k1_context2* ctx, void (*fun)(const char* message, void* data), const void* data) {
128  if (fun == NULL) {
129  fun = default_error_callback_fn;
130  }
131  ctx->error_callback.fn = fun;
132  ctx->error_callback.data = data;
133 }
134 
135 secp256k1_scratch_space2* secp256k1_scratch_space_create(const secp256k1_context2* ctx, size_t max_size) {
136  VERIFY_CHECK(ctx != NULL);
137  return secp256k1_scratch_create(&ctx->error_callback, max_size);
138 }
139 
140 void secp256k1_scratch_space_destroy(secp256k1_scratch_space2* scratch) {
141  secp256k1_scratch_destroy(scratch);
142 }
143 
144 static int secp256k1_pubkey2_load(const secp256k1_context2* ctx, secp256k1_ge* ge, const secp256k1_pubkey2* pubkey) {
145  if (sizeof(secp256k1_ge_storage) == 64) {
146  /* When the secp256k1_ge_storage type is exactly 64 byte, use its
147  * representation inside secp256k1_pubkey2, as conversion is very fast.
148  * Note that secp256k1_pubkey2_save must use the same representation. */
149  secp256k1_ge_storage s;
150  memcpy(&s, &pubkey->data[0], sizeof(s));
151  secp256k1_ge_from_storage(ge, &s);
152  } else {
153  /* Otherwise, fall back to 32-byte big endian for X and Y. */
154  secp256k1_fe x, y;
155  secp256k1_fe_set_b32(&x, pubkey->data);
156  secp256k1_fe_set_b32(&y, pubkey->data + 32);
157  secp256k1_ge_set_xy(ge, &x, &y);
158  }
159  ARG_CHECK(!secp256k1_fe_is_zero(&ge->x));
160  return 1;
161 }
162 
163 static void secp256k1_pubkey2_save(secp256k1_pubkey2* pubkey, secp256k1_ge* ge) {
164  if (sizeof(secp256k1_ge_storage) == 64) {
165  secp256k1_ge_storage s;
166  secp256k1_ge_to_storage(&s, ge);
167  memcpy(&pubkey->data[0], &s, sizeof(s));
168  } else {
169  VERIFY_CHECK(!secp256k1_ge_is_infinity(ge));
170  secp256k1_fe_normalize_var(&ge->x);
171  secp256k1_fe_normalize_var(&ge->y);
172  secp256k1_fe_get_b32(pubkey->data, &ge->x);
173  secp256k1_fe_get_b32(pubkey->data + 32, &ge->y);
174  }
175 }
176 
177 int secp256k1_ec_pubkey_parse2(const secp256k1_context2* ctx, secp256k1_pubkey2* pubkey, const unsigned char *input, size_t inputlen) {
178  secp256k1_ge Q;
179 
180  VERIFY_CHECK(ctx != NULL);
181  ARG_CHECK(pubkey != NULL);
182  memset(pubkey, 0, sizeof(*pubkey));
183  ARG_CHECK(input != NULL);
184  if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) {
185  return 0;
186  }
187  secp256k1_pubkey2_save(pubkey, &Q);
188  secp256k1_ge_clear(&Q);
189  return 1;
190 }
191 
192 int secp256k1_ec_pubkey_serialize2(const secp256k1_context2* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey2* pubkey, unsigned int flags) {
193  secp256k1_ge Q;
194  size_t len;
195  int ret = 0;
196 
197  VERIFY_CHECK(ctx != NULL);
198  ARG_CHECK(outputlen != NULL);
199  ARG_CHECK(*outputlen >= ((flags & SECP256K1_FLAGS_BIT_COMPRESSION) ? 33 : 65));
200  len = *outputlen;
201  *outputlen = 0;
202  ARG_CHECK(output != NULL);
203  memset(output, 0, len);
204  ARG_CHECK(pubkey != NULL);
205  ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION);
206  if (secp256k1_pubkey2_load(ctx, &Q, pubkey)) {
207  ret = secp256k1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION);
208  if (ret) {
209  *outputlen = len;
210  }
211  }
212  return ret;
213 }
214 
215 static void secp256k1_ecdsa_sign2ature2_load(const secp256k1_context2* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_sign2ature2* sig) {
216  (void)ctx;
217  if (sizeof(secp256k1_scalar) == 32) {
218  /* When the secp256k1_scalar type is exactly 32 byte, use its
219  * representation inside secp256k1_ecdsa_sign2ature2, as conversion is very fast.
220  * Note that secp256k1_ecdsa_sign2ature2_save must use the same representation. */
221  memcpy(r, &sig->data[0], 32);
222  memcpy(s, &sig->data[32], 32);
223  } else {
224  secp256k1_scalar_set_b32(r, &sig->data[0], NULL);
225  secp256k1_scalar_set_b32(s, &sig->data[32], NULL);
226  }
227 }
228 
229 static void secp256k1_ecdsa_sign2ature2_save(secp256k1_ecdsa_sign2ature2* sig, const secp256k1_scalar* r, const secp256k1_scalar* s) {
230  if (sizeof(secp256k1_scalar) == 32) {
231  memcpy(&sig->data[0], r, 32);
232  memcpy(&sig->data[32], s, 32);
233  } else {
234  secp256k1_scalar_get_b32(&sig->data[0], r);
235  secp256k1_scalar_get_b32(&sig->data[32], s);
236  }
237 }
238 
239 int secp256k1_ecdsa_sign2ature2_parse_der(const secp256k1_context2* ctx, secp256k1_ecdsa_sign2ature2* sig, const unsigned char *input, size_t inputlen) {
240  secp256k1_scalar r, s;
241 
242  VERIFY_CHECK(ctx != NULL);
243  ARG_CHECK(sig != NULL);
244  ARG_CHECK(input != NULL);
245 
246  if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) {
247  secp256k1_ecdsa_sign2ature2_save(sig, &r, &s);
248  return 1;
249  } else {
250  memset(sig, 0, sizeof(*sig));
251  return 0;
252  }
253 }
254 
255 int secp256k1_ecdsa_sign2ature2_parse_compact(const secp256k1_context2* ctx, secp256k1_ecdsa_sign2ature2* sig, const unsigned char *input64) {
256  secp256k1_scalar r, s;
257  int ret = 1;
258  int overflow = 0;
259 
260  VERIFY_CHECK(ctx != NULL);
261  ARG_CHECK(sig != NULL);
262  ARG_CHECK(input64 != NULL);
263 
264  secp256k1_scalar_set_b32(&r, &input64[0], &overflow);
265  ret &= !overflow;
266  secp256k1_scalar_set_b32(&s, &input64[32], &overflow);
267  ret &= !overflow;
268  if (ret) {
269  secp256k1_ecdsa_sign2ature2_save(sig, &r, &s);
270  } else {
271  memset(sig, 0, sizeof(*sig));
272  }
273  return ret;
274 }
275 
276 int secp256k1_ecdsa_sign2ature2_serialize_der(const secp256k1_context2* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_sign2ature2* sig) {
277  secp256k1_scalar r, s;
278 
279  VERIFY_CHECK(ctx != NULL);
280  ARG_CHECK(output != NULL);
281  ARG_CHECK(outputlen != NULL);
282  ARG_CHECK(sig != NULL);
283 
284  secp256k1_ecdsa_sign2ature2_load(ctx, &r, &s, sig);
285  return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s);
286 }
287 
288 int secp256k1_ecdsa_sign2ature2_serialize_compact(const secp256k1_context2* ctx, unsigned char *output64, const secp256k1_ecdsa_sign2ature2* sig) {
289  secp256k1_scalar r, s;
290 
291  VERIFY_CHECK(ctx != NULL);
292  ARG_CHECK(output64 != NULL);
293  ARG_CHECK(sig != NULL);
294 
295  secp256k1_ecdsa_sign2ature2_load(ctx, &r, &s, sig);
296  secp256k1_scalar_get_b32(&output64[0], &r);
297  secp256k1_scalar_get_b32(&output64[32], &s);
298  return 1;
299 }
300 
301 int secp256k1_ecdsa_sign2ature2_normalize(const secp256k1_context2* ctx, secp256k1_ecdsa_sign2ature2 *sigout, const secp256k1_ecdsa_sign2ature2 *sigin) {
302  secp256k1_scalar r, s;
303  int ret = 0;
304 
305  VERIFY_CHECK(ctx != NULL);
306  ARG_CHECK(sigin != NULL);
307 
308  secp256k1_ecdsa_sign2ature2_load(ctx, &r, &s, sigin);
309  ret = secp256k1_scalar_is_high(&s);
310  if (sigout != NULL) {
311  if (ret) {
312  secp256k1_scalar_negate(&s, &s);
313  }
314  secp256k1_ecdsa_sign2ature2_save(sigout, &r, &s);
315  }
316 
317  return ret;
318 }
319 
320 int secp256k1_ecdsa_verify2(const secp256k1_context2* ctx, const secp256k1_ecdsa_sign2ature2 *sig, const unsigned char *msg32, const secp256k1_pubkey2 *pubkey) {
321  secp256k1_ge q;
322  secp256k1_scalar r, s;
323  secp256k1_scalar m;
324  VERIFY_CHECK(ctx != NULL);
325  ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
326  ARG_CHECK(msg32 != NULL);
327  ARG_CHECK(sig != NULL);
328  ARG_CHECK(pubkey != NULL);
329 
330  secp256k1_scalar_set_b32(&m, msg32, NULL);
331  secp256k1_ecdsa_sign2ature2_load(ctx, &r, &s, sig);
332  return (!secp256k1_scalar_is_high(&s) &&
333  secp256k1_pubkey2_load(ctx, &q, pubkey) &&
334  secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m));
335 }
336 
337 static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) {
338  memcpy(buf + *offset, data, len);
339  *offset += len;
340 }
341 
342 static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
343  unsigned char keydata[112];
344  unsigned int offset = 0;
345  secp256k1_rfc6979_hmac_sha256 rng;
346  unsigned int i;
347  /* We feed a byte array to the PRNG as input, consisting of:
348  * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d.
349  * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data.
350  * - optionally 16 extra bytes with the algorithm name.
351  * Because the arguments have distinct fixed lengths it is not possible for
352  * different argument mixtures to emulate each other and result in the same
353  * nonces.
354  */
355  buffer_append(keydata, &offset, key32, 32);
356  buffer_append(keydata, &offset, msg32, 32);
357  if (data != NULL) {
358  buffer_append(keydata, &offset, data, 32);
359  }
360  if (algo16 != NULL) {
361  buffer_append(keydata, &offset, algo16, 16);
362  }
363  secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset);
364  memset(keydata, 0, sizeof(keydata));
365  for (i = 0; i <= counter; i++) {
366  secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32);
367  }
368  secp256k1_rfc6979_hmac_sha256_finalize(&rng);
369  return 1;
370 }
371 
372 const secp256k1_nonce_function2 secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979;
373 const secp256k1_nonce_function2 secp256k1_nonce_function_default = nonce_function_rfc6979;
374 
375 int secp256k1_ecdsa_sign2(const secp256k1_context2* ctx, secp256k1_ecdsa_sign2ature2 *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function2 noncefp, const void* noncedata) {
376  secp256k1_scalar r, s;
377  secp256k1_scalar sec, non, msg;
378  int ret = 0;
379  int overflow = 0;
380  VERIFY_CHECK(ctx != NULL);
381  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
382  ARG_CHECK(msg32 != NULL);
383  ARG_CHECK(signature != NULL);
384  ARG_CHECK(seckey != NULL);
385  if (noncefp == NULL) {
386  noncefp = secp256k1_nonce_function_default;
387  }
388 
389  secp256k1_scalar_set_b32(&sec, seckey, &overflow);
390  /* Fail if the secret key is invalid. */
391  if (!overflow && !secp256k1_scalar_is_zero(&sec)) {
392  unsigned char nonce32[32];
393  unsigned int count = 0;
394  secp256k1_scalar_set_b32(&msg, msg32, NULL);
395  while (1) {
396  ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count);
397  if (!ret) {
398  break;
399  }
400  secp256k1_scalar_set_b32(&non, nonce32, &overflow);
401  if (!overflow && !secp256k1_scalar_is_zero(&non)) {
402  if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, NULL)) {
403  break;
404  }
405  }
406  count++;
407  }
408  memset(nonce32, 0, 32);
409  secp256k1_scalar_clear(&msg);
410  secp256k1_scalar_clear(&non);
411  secp256k1_scalar_clear(&sec);
412  }
413  if (ret) {
414  secp256k1_ecdsa_sign2ature2_save(signature, &r, &s);
415  } else {
416  memset(signature, 0, sizeof(*signature));
417  }
418  return ret;
419 }
420 
421 int secp256k1_ec_seckey_verify2(const secp256k1_context2* ctx, const unsigned char *seckey) {
422  secp256k1_scalar sec;
423  int ret;
424  int overflow;
425  VERIFY_CHECK(ctx != NULL);
426  ARG_CHECK(seckey != NULL);
427 
428  secp256k1_scalar_set_b32(&sec, seckey, &overflow);
429  ret = !overflow && !secp256k1_scalar_is_zero(&sec);
430  secp256k1_scalar_clear(&sec);
431  return ret;
432 }
433 
434 int secp256k1_ec_pubkey_create2(const secp256k1_context2* ctx, secp256k1_pubkey2 *pubkey, const unsigned char *seckey) {
435  secp256k1_gej pj;
436  secp256k1_ge p;
437  secp256k1_scalar sec;
438  int overflow;
439  int ret = 0;
440  VERIFY_CHECK(ctx != NULL);
441  ARG_CHECK(pubkey != NULL);
442  memset(pubkey, 0, sizeof(*pubkey));
443  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
444  ARG_CHECK(seckey != NULL);
445 
446  secp256k1_scalar_set_b32(&sec, seckey, &overflow);
447  ret = (!overflow) & (!secp256k1_scalar_is_zero(&sec));
448  if (ret) {
449  secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec);
450  secp256k1_ge_set_gej(&p, &pj);
451  secp256k1_pubkey2_save(pubkey, &p);
452  }
453  secp256k1_scalar_clear(&sec);
454  return ret;
455 }
456 
457 int secp256k1_ec_privkey_negate2(const secp256k1_context2* ctx, unsigned char *seckey) {
458  secp256k1_scalar sec;
459  VERIFY_CHECK(ctx != NULL);
460  ARG_CHECK(seckey != NULL);
461 
462  secp256k1_scalar_set_b32(&sec, seckey, NULL);
463  secp256k1_scalar_negate(&sec, &sec);
464  secp256k1_scalar_get_b32(seckey, &sec);
465 
466  return 1;
467 }
468 
469 int secp256k1_ec_pubkey_negate2(const secp256k1_context2* ctx, secp256k1_pubkey2 *pubkey) {
470  int ret = 0;
471  secp256k1_ge p;
472  VERIFY_CHECK(ctx != NULL);
473  ARG_CHECK(pubkey != NULL);
474 
475  ret = secp256k1_pubkey2_load(ctx, &p, pubkey);
476  memset(pubkey, 0, sizeof(*pubkey));
477  if (ret) {
478  secp256k1_ge_neg(&p, &p);
479  secp256k1_pubkey2_save(pubkey, &p);
480  }
481  return ret;
482 }
483 
484 int secp256k1_ec_pubkey_raw_negate2(unsigned char *pub, size_t size) {
485  secp256k1_ge p;
486  size_t ss = 0;
487  if (!secp256k1_eckey_pubkey_parse(&p, pub, size)) {
488  return 0;
489  }
490  memset(pub, 0, size);
491  secp256k1_ge_neg(&p, &p);
492  return secp256k1_eckey_pubkey_serialize(&p, pub, &ss, 1);
493 }
494 
495 int secp256k1_ec_privkey_tweak_add2(const secp256k1_context2* ctx, unsigned char *seckey, const unsigned char *tweak) {
496  secp256k1_scalar term;
497  secp256k1_scalar sec;
498  int ret = 0;
499  int overflow = 0;
500  VERIFY_CHECK(ctx != NULL);
501  ARG_CHECK(seckey != NULL);
502  ARG_CHECK(tweak != NULL);
503 
504  secp256k1_scalar_set_b32(&term, tweak, &overflow);
505  secp256k1_scalar_set_b32(&sec, seckey, NULL);
506 
507  ret = !overflow && secp256k1_eckey_privkey_tweak_add(&sec, &term);
508  memset(seckey, 0, 32);
509  if (ret) {
510  secp256k1_scalar_get_b32(seckey, &sec);
511  }
512 
513  secp256k1_scalar_clear(&sec);
514  secp256k1_scalar_clear(&term);
515  return ret;
516 }
517 
518 int secp256k1_ec_pubkey_tweak_add2(const secp256k1_context2* ctx, secp256k1_pubkey2 *pubkey, const unsigned char *tweak) {
519  secp256k1_ge p;
520  secp256k1_scalar term;
521  int ret = 0;
522  int overflow = 0;
523  VERIFY_CHECK(ctx != NULL);
524  ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
525  ARG_CHECK(pubkey != NULL);
526  ARG_CHECK(tweak != NULL);
527 
528  secp256k1_scalar_set_b32(&term, tweak, &overflow);
529  ret = !overflow && secp256k1_pubkey2_load(ctx, &p, pubkey);
530  memset(pubkey, 0, sizeof(*pubkey));
531  if (ret) {
532  if (secp256k1_eckey_pubkey_tweak_add(&ctx->ecmult_ctx, &p, &term)) {
533  secp256k1_pubkey2_save(pubkey, &p);
534  } else {
535  ret = 0;
536  }
537  }
538 
539  return ret;
540 }
541 
542 int secp256k1_ec_privkey_tweak_mul2(const secp256k1_context2* ctx, unsigned char *seckey, const unsigned char *tweak) {
543  secp256k1_scalar factor;
544  secp256k1_scalar sec;
545  int ret = 0;
546  int overflow = 0;
547  VERIFY_CHECK(ctx != NULL);
548  ARG_CHECK(seckey != NULL);
549  ARG_CHECK(tweak != NULL);
550 
551  secp256k1_scalar_set_b32(&factor, tweak, &overflow);
552  secp256k1_scalar_set_b32(&sec, seckey, NULL);
553  ret = !overflow && secp256k1_eckey_privkey_tweak_mul(&sec, &factor);
554  memset(seckey, 0, 32);
555  if (ret) {
556  secp256k1_scalar_get_b32(seckey, &sec);
557  }
558 
559  secp256k1_scalar_clear(&sec);
560  secp256k1_scalar_clear(&factor);
561  return ret;
562 }
563 
564 int secp256k1_ec_pubkey_tweak_mul2(const secp256k1_context2* ctx, secp256k1_pubkey2 *pubkey, const unsigned char *tweak) {
565  secp256k1_ge p;
566  secp256k1_scalar factor;
567  int ret = 0;
568  int overflow = 0;
569  VERIFY_CHECK(ctx != NULL);
570  ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
571  ARG_CHECK(pubkey != NULL);
572  ARG_CHECK(tweak != NULL);
573 
574  secp256k1_scalar_set_b32(&factor, tweak, &overflow);
575  ret = !overflow && secp256k1_pubkey2_load(ctx, &p, pubkey);
576  memset(pubkey, 0, sizeof(*pubkey));
577  if (ret) {
578  if (secp256k1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) {
579  secp256k1_pubkey2_save(pubkey, &p);
580  } else {
581  ret = 0;
582  }
583  }
584 
585  return ret;
586 }
587 
588 int secp256k1_context_randomize2(secp256k1_context2* ctx, const unsigned char *seed32) {
589  VERIFY_CHECK(ctx != NULL);
590  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
591  secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32);
592  return 1;
593 }
594 
595 int secp256k1_ec_pubkey_combine2(const secp256k1_context2* ctx, secp256k1_pubkey2 *pubnonce, const secp256k1_pubkey2 * const *pubnonces, size_t n) {
596  size_t i;
597  secp256k1_gej Qj;
598  secp256k1_ge Q;
599 
600  ARG_CHECK(pubnonce != NULL);
601  memset(pubnonce, 0, sizeof(*pubnonce));
602  ARG_CHECK(n >= 1);
603  ARG_CHECK(pubnonces != NULL);
604 
605  secp256k1_gej_set_infinity(&Qj);
606 
607  for (i = 0; i < n; i++) {
608  secp256k1_pubkey2_load(ctx, &Q, pubnonces[i]);
609  secp256k1_gej_add_ge(&Qj, &Qj, &Q);
610  }
611  if (secp256k1_gej_is_infinity(&Qj)) {
612  return 0;
613  }
614  secp256k1_ge_set_gej(&Q, &Qj);
615  secp256k1_pubkey2_save(pubnonce, &Q);
616  return 1;
617 }
618 
619 #ifdef ENABLE_MODULE_ECDH
620 # include "modules/ecdh/main_impl.h"
621 #endif
622 
623 #ifdef ENABLE_MODULE_RECOVERY
624 # include "modules/recovery/main_impl.h"
625 #endif
626 
627 #ifdef ENABLE_MODULE_GENERATOR
628 # include "modules/generator/main_impl.h"
629 #endif
630 
631 #ifdef ENABLE_MODULE_COMMITMENT
632 # include "modules/commitment/main_impl.h"
633 #endif
634 
635 #ifdef ENABLE_MODULE_RANGEPROOF
636 # include "modules/rangeproof/main_impl.h"
637 #endif
638 
639 #ifdef ENABLE_MODULE_BULLETPROOF
640 # include "modules/bulletproofs/main_impl.h"
641 #endif
642 
643 #ifdef ENABLE_MODULE_WHITELIST
644 # include "modules/whitelist/main_impl.h"
645 #endif
646 
647 #ifdef ENABLE_MODULE_SURJECTIONPROOF
648 # include "modules/surjection/main_impl.h"
649 #endif
secp256k1_scratch_space_struct2
Definition: scratch.h:14
field_impl.h
ecdsa_impl.h
secp256k1_ec_pubkey_tweak_mul2
int secp256k1_ec_pubkey_tweak_mul2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubkey, const unsigned char *tweak)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1_2.c:564
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:61
main_impl.h
secp256k1_context_struct2::illegal_callback
secp256k1_callback illegal_callback
Definition: secp256k1_types.h:18
secp256k1_ge::y
secp256k1_fe y
Definition: group.h:20
secp256k1_ecdsa_sign2ature2
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1_2.h:79
secp256k1_ec_privkey_tweak_add2
int secp256k1_ec_privkey_tweak_add2(const secp256k1_context2 *ctx, unsigned char *seckey, const unsigned char *tweak)
Tweak a private key by adding tweak to it.
Definition: secp256k1_2.c:495
util.h
secp256k1_ecdsa_verify2
int secp256k1_ecdsa_verify2(const secp256k1_context2 *ctx, const secp256k1_ecdsa_sign2ature2 *sig, const unsigned char *msg32, const secp256k1_pubkey2 *pubkey)
Verify an ECDSA signature.
Definition: secp256k1_2.c:320
SECP256K1_FLAGS_TYPE_CONTEXT
#define SECP256K1_FLAGS_TYPE_CONTEXT
Definition: secp256k1_2.h:159
secp256k1_ecdsa_sign2ature2::data
unsigned char data[64]
Definition: secp256k1_2.h:80
tinyformat::printf
void printf(const char *fmt, const Args &... args)
Format list of arguments to std::cout, according to the given format string.
Definition: tinyformat.h:975
flags
int flags
Definition: prcycoin-tx.cpp:297
secp256k1_ecdsa_sign2ature2_serialize_der
int secp256k1_ecdsa_sign2ature2_serialize_der(const secp256k1_context2 *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_sign2ature2 *sig)
Serialize an ECDSA signature in DER format.
Definition: secp256k1_2.c:276
secp256k1_context_destroy
void secp256k1_context_destroy(secp256k1_context2 *ctx)
Destroy a secp256k1 context object.
Definition: secp256k1_2.c:110
secp256k1_pubkey2::data
unsigned char data[64]
Definition: secp256k1_2.h:67
memcpy
void * memcpy(void *a, const void *b, size_t c)
Definition: glibc_compat.cpp:15
secp256k1_pubkey2
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1_2.h:66
secp256k1_ec_privkey_tweak_mul2
int secp256k1_ec_privkey_tweak_mul2(const secp256k1_context2 *ctx, unsigned char *seckey, const unsigned char *tweak)
Tweak a private key by multiplying it by a tweak.
Definition: secp256k1_2.c:542
secp256k1_ec_privkey_negate2
int secp256k1_ec_privkey_negate2(const secp256k1_context2 *ctx, unsigned char *seckey)
Negates a private key in place.
Definition: secp256k1_2.c:457
secp256k1_ec_seckey_verify2
int secp256k1_ec_seckey_verify2(const secp256k1_context2 *ctx, const unsigned char *seckey)
Verify an ECDSA secret key.
Definition: secp256k1_2.c:421
ecmult_const_impl.h
main_impl.h
secp256k1_context_struct2::ecmult_ctx
secp256k1_ecmult_context ecmult_ctx
Definition: secp256k1_types.h:16
r
void const uint64_t uint64_t * r
Definition: field_5x52_asm_impl.h:10
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
secp256k1_context_clone
secp256k1_context2 * secp256k1_context_clone(const secp256k1_context2 *ctx)
Copies a secp256k1 context object.
Definition: secp256k1_2.c:101
secp256k1_ecdsa_sign2ature2_serialize_compact
int secp256k1_ecdsa_sign2ature2_serialize_compact(const secp256k1_context2 *ctx, unsigned char *output64, const secp256k1_ecdsa_sign2ature2 *sig)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1_2.c:288
secp256k1_context_create2
secp256k1_context2 * secp256k1_context_create2(unsigned int flags)
Create a secp256k1 context object.
Definition: secp256k1_2.c:75
secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:24
secp256k1_ecdsa_sign2
int secp256k1_ecdsa_sign2(const secp256k1_context2 *ctx, secp256k1_ecdsa_sign2ature2 *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function2 noncefp, const void *noncedata)
Create an ECDSA signature.
Definition: secp256k1_2.c:375
secp256k1_nonce_function2
int(* secp256k1_nonce_function2)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1_2.h:99
ecmult_gen_impl.h
secp256k1_callback::data
const void * data
Definition: util.h:24
secp256k1_ec_pubkey_negate2
int secp256k1_ec_pubkey_negate2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubkey)
Negates a public key in place.
Definition: secp256k1_2.c:469
secp256k1_bulletproofs.h
eckey_impl.h
secp256k1_fe
Definition: field_10x26.h:12
secp256k1_ge_storage
Definition: group.h:34
SECP256K1_FLAGS_TYPE_MASK
#define SECP256K1_FLAGS_TYPE_MASK
All flags' lower 8 bits indicate what they're for.
Definition: secp256k1_2.h:158
hash_impl.h
secp256k1_scratch_space_destroy
void secp256k1_scratch_space_destroy(secp256k1_scratch_space2 *scratch)
Destroy a secp256k1 scratch space.
Definition: secp256k1_2.c:140
secp256k1_ecmult_gen_context
Definition: ecmult_gen.h:13
secp256k1_context_set_illegal_callback
void secp256k1_context_set_illegal_callback(secp256k1_context2 *ctx, void(*fun)(const char *message, void *data), const void *data)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1_2.c:119
secp256k1_ec_pubkey_create2
int secp256k1_ec_pubkey_create2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubkey, const unsigned char *seckey)
Compute the public key for a secret key.
Definition: secp256k1_2.c:434
secp256k1_rangeproof.h
main_impl.h
scalar_impl.h
main_impl.h
secp256k1_ec_pubkey_serialize2
int secp256k1_ec_pubkey_serialize2(const secp256k1_context2 *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey2 *pubkey, unsigned int flags)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1_2.c:192
main_impl.h
secp256k1_ecdsa_sign2ature2_parse_compact
int secp256k1_ecdsa_sign2ature2_parse_compact(const secp256k1_context2 *ctx, secp256k1_ecdsa_sign2ature2 *sig, const unsigned char *input64)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1_2.c:255
secp256k1_context_struct2::error_callback
secp256k1_callback error_callback
Definition: secp256k1_types.h:19
num_impl.h
SECP256K1_FLAGS_BIT_COMPRESSION
#define SECP256K1_FLAGS_BIT_COMPRESSION
Definition: secp256k1_2.h:164
secp256k1_scratch_space_create
secp256k1_scratch_space2 * secp256k1_scratch_space_create(const secp256k1_context2 *ctx, size_t max_size)
Create a secp256k1 scratch space object.
Definition: secp256k1_2.c:135
secp256k1_context_struct2
Definition: secp256k1_types.h:15
secp256k1_ec_pubkey_tweak_add2
int secp256k1_ec_pubkey_tweak_add2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubkey, const unsigned char *tweak)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1_2.c:518
secp256k1_callback::fn
void(* fn)(const char *text, void *data)
Definition: util.h:23
secp256k1_callback
Definition: util.h:18
EXPECT
#define EXPECT(x, c)
Definition: util.h:31
secp256k1_generator.h
secp256k1_2.h
secp256k1_rfc6979_hmac_sha256
Definition: hash.h:31
scratch_impl.h
secp256k1_ec_pubkey_combine2
int secp256k1_ec_pubkey_combine2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubnonce, const secp256k1_pubkey2 *const *pubnonces, size_t n)
Add a number of public keys together.
Definition: secp256k1_2.c:595
secp256k1_ecdsa_sign2ature2_parse_der
int secp256k1_ecdsa_sign2ature2_parse_der(const secp256k1_context2 *ctx, secp256k1_ecdsa_sign2ature2 *sig, const unsigned char *input, size_t inputlen)
Parse a DER ECDSA signature.
Definition: secp256k1_2.c:239
main_impl.h
SECP256K1_FLAGS_TYPE_COMPRESSION
#define SECP256K1_FLAGS_TYPE_COMPRESSION
Definition: secp256k1_2.h:160
secp256k1_ecdsa_sign2ature2_normalize
int secp256k1_ecdsa_sign2ature2_normalize(const secp256k1_context2 *ctx, secp256k1_ecdsa_sign2ature2 *sigout, const secp256k1_ecdsa_sign2ature2 *sigin)
Convert a signature to a normalized lower-S form.
Definition: secp256k1_2.c:301
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: secp256k1.h:23
group_impl.h
main_impl.h
secp256k1_ge::x
secp256k1_fe x
Definition: group.h:19
secp256k1_ecmult_context
Definition: ecmult.h:15
secp256k1_ec_pubkey_raw_negate2
int secp256k1_ec_pubkey_raw_negate2(unsigned char *pub, size_t size)
Definition: secp256k1_2.c:484
secp256k1_ec_pubkey_parse2
int secp256k1_ec_pubkey_parse2(const secp256k1_context2 *ctx, secp256k1_pubkey2 *pubkey, const unsigned char *input, size_t inputlen)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1_2.c:177
main_impl.h
secp256k1_context_randomize2
int secp256k1_context_randomize2(secp256k1_context2 *ctx, const unsigned char *seed32)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1_2.c:588
SECP256K1_FLAGS_BIT_CONTEXT_VERIFY
#define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY
The higher bits contain the actual data.
Definition: secp256k1_2.h:162
secp256k1_commitment.h
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:14
secp256k1_context_set_error_callback
void secp256k1_context_set_error_callback(secp256k1_context2 *ctx, void(*fun)(const char *message, void *data), const void *data)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1_2.c:127
ecmult_impl.h
secp256k1_context_struct2::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition: secp256k1_types.h:17
ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1_2.c:38
SECP256K1_FLAGS_BIT_CONTEXT_SIGN
#define SECP256K1_FLAGS_BIT_CONTEXT_SIGN
Definition: secp256k1_2.h:163
secp256k1_nonce_function_rfc6979
const secp256k1_nonce_function2 secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1_2.c:372
secp256k1_nonce_function_default
const secp256k1_nonce_function2 secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1_2.c:373
Generated on Tue Apr 28 2026 00:02:58 for PRCYCoin by   doxygen 1.8.17