Bitcoin ABC  0.29.2
P2P Digital Currency
main_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2017 Amaury Séchet *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_SCHNORR_MAIN_H
8 #define SECP256K1_MODULE_SCHNORR_MAIN_H
9 
10 #include "include/secp256k1_schnorr.h"
11 #include "modules/schnorr/schnorr_impl.h"
12 
13 int secp256k1_schnorr_verify(
14  const secp256k1_context* ctx,
15  const unsigned char *sig64,
16  const unsigned char *msghash32,
17  const secp256k1_pubkey *pubkey
18 ) {
19  secp256k1_ge q;
20  VERIFY_CHECK(ctx != NULL);
21  ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
22  ARG_CHECK(msghash32 != NULL);
23  ARG_CHECK(sig64 != NULL);
24  ARG_CHECK(pubkey != NULL);
25 
26  if (!secp256k1_pubkey_load(ctx, &q, pubkey)) {
27  return 0;
28  }
29 
30  return secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &q, msghash32);
31 }
32 
33 int secp256k1_schnorr_sign(
34  const secp256k1_context *ctx,
35  unsigned char *sig64,
36  const unsigned char *msghash32,
37  const unsigned char *seckey,
38  secp256k1_nonce_function noncefp,
39  const void *ndata
40 ) {
41  secp256k1_scalar sec;
42  secp256k1_pubkey pubkey;
43  secp256k1_ge p;
44  int overflow;
45  int ret = 0;
46  int pubkeyret;
47  VERIFY_CHECK(ctx != NULL);
48  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
49  ARG_CHECK(msghash32 != NULL);
50  ARG_CHECK(sig64 != NULL);
51  ARG_CHECK(seckey != NULL);
52 
53  pubkeyret = secp256k1_ec_pubkey_create(ctx, &pubkey, seckey);
54  secp256k1_declassify(ctx, &pubkeyret, sizeof(pubkeyret));
55  if (!pubkeyret) {
56  return 0;
57  }
58 
59  secp256k1_declassify(ctx, &pubkey, sizeof(pubkey));
60  if (!secp256k1_pubkey_load(ctx, &p, &pubkey)) {
61  return 0;
62  }
63 
64  secp256k1_scalar_set_b32(&sec, seckey, &overflow);
65  overflow |= secp256k1_scalar_is_zero(&sec);
66  secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, overflow);
67 
68  ret = secp256k1_schnorr_sig_sign(ctx, sig64, msghash32, &sec, &p, noncefp, ndata);
69  if (!ret) {
70  memset(sig64, 0, 64);
71  }
72 
73  secp256k1_scalar_clear(&sec);
74  return !!ret & !overflow;
75 }
76 
77 #endif
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
secp256k1_ecmult_context_is_built
static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx)
secp256k1_ecmult_gen_context_is_built
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context *ctx)
secp256k1_scalar_cmov
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
secp256k1_scalar_is_zero
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
secp256k1_scalar_clear
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.
secp256k1_scalar_one
static const secp256k1_scalar secp256k1_scalar_one
Definition: scalar_impl.h:31
secp256k1_schnorr_sign
int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
secp256k1_schnorr_verify
int secp256k1_schnorr_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msghash32, const secp256k1_pubkey *pubkey)
Verify a signature created by secp256k1_schnorr_sign.
Definition: main_impl.h:13
secp256k1_schnorr_sig_verify
static int secp256k1_schnorr_sig_verify(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, secp256k1_ge *pubkey, const unsigned char *msg32)
secp256k1_schnorr_sig_sign
static int secp256k1_schnorr_sig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_scalar *privkey, secp256k1_ge *pubkey, secp256k1_nonce_function noncefp, const void *ndata)
schnorr_impl.h
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:68
ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1.c:28
secp256k1_declassify
static SECP256K1_INLINE void secp256k1_declassify(const secp256k1_context *ctx, const void *p, size_t len)
Definition: secp256k1.c:235
secp256k1_pubkey_load
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
Definition: secp256k1.c:245
secp256k1_nonce_function
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:100
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:573
secp256k1_schnorr.h
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_context_struct::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition: secp256k1.c:71
secp256k1_context_struct::ecmult_ctx
secp256k1_ecmult_context ecmult_ctx
Definition: secp256k1.c:70
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:13
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
Generated on Thu Apr 18 2024 13:50:12 for Bitcoin ABC by doxygen 1.9.1