Bitcoin ABC 0.30.5
P2P Digital Currency
main_impl.h
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2017 Amaury Séchet *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#ifndef SECP256K1_MODULE_SCHNORR_MAIN_H
8#define SECP256K1_MODULE_SCHNORR_MAIN_H
9
10#include "include/secp256k1_schnorr.h"
11#include "modules/schnorr/schnorr_impl.h"
12
13int secp256k1_schnorr_verify(
14 const secp256k1_context* ctx,
15 const unsigned char *sig64,
16 const unsigned char *msghash32,
17 const secp256k1_pubkey *pubkey
18) {
19 secp256k1_ge q;
20 VERIFY_CHECK(ctx != NULL);
21 ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
22 ARG_CHECK(msghash32 != NULL);
23 ARG_CHECK(sig64 != NULL);
24 ARG_CHECK(pubkey != NULL);
25
26 if (!secp256k1_pubkey_load(ctx, &q, pubkey)) {
27 return 0;
28 }
29
30 return secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &q, msghash32);
31}
32
33int secp256k1_schnorr_sign(
34 const secp256k1_context *ctx,
35 unsigned char *sig64,
36 const unsigned char *msghash32,
37 const unsigned char *seckey,
38 secp256k1_nonce_function noncefp,
39 const void *ndata
40) {
41 secp256k1_scalar sec;
42 secp256k1_pubkey pubkey;
43 secp256k1_ge p;
44 int overflow;
45 int ret = 0;
46 int pubkeyret;
47 VERIFY_CHECK(ctx != NULL);
48 ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
49 ARG_CHECK(msghash32 != NULL);
50 ARG_CHECK(sig64 != NULL);
51 ARG_CHECK(seckey != NULL);
52
53 pubkeyret = secp256k1_ec_pubkey_create(ctx, &pubkey, seckey);
54 secp256k1_declassify(ctx, &pubkeyret, sizeof(pubkeyret));
55 if (!pubkeyret) {
56 return 0;
57 }
58
59 secp256k1_declassify(ctx, &pubkey, sizeof(pubkey));
60 if (!secp256k1_pubkey_load(ctx, &p, &pubkey)) {
61 return 0;
62 }
63
64 secp256k1_scalar_set_b32(&sec, seckey, &overflow);
65 overflow |= secp256k1_scalar_is_zero(&sec);
66 secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, overflow);
67
68 ret = secp256k1_schnorr_sig_sign(ctx, sig64, msghash32, &sec, &p, noncefp, ndata);
69 if (!ret) {
70 memset(sig64, 0, 64);
71 }
72
73 secp256k1_scalar_clear(&sec);
74 return !!ret & !overflow;
75}
76
77#endif
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
secp256k1_ecmult_context_is_built
static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx)
secp256k1_ecmult_gen_context_is_built
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context *ctx)
secp256k1_scalar_cmov
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
secp256k1_scalar_is_zero
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
secp256k1_scalar_clear
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.
secp256k1_scalar_one
static const secp256k1_scalar secp256k1_scalar_one
Definition: scalar_impl.h:31
secp256k1_schnorr_sign
int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
secp256k1_schnorr_verify
int secp256k1_schnorr_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msghash32, const secp256k1_pubkey *pubkey)
Verify a signature created by secp256k1_schnorr_sign.
Definition: main_impl.h:13
secp256k1_schnorr_sig_verify
static int secp256k1_schnorr_sig_verify(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, secp256k1_ge *pubkey, const unsigned char *msg32)
secp256k1_schnorr_sig_sign
static int secp256k1_schnorr_sig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_scalar *privkey, secp256k1_ge *pubkey, secp256k1_nonce_function noncefp, const void *ndata)
schnorr_impl.h
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:68
ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1.c:28
secp256k1_declassify
static SECP256K1_INLINE void secp256k1_declassify(const secp256k1_context *ctx, const void *p, size_t len)
Definition: secp256k1.c:235
secp256k1_pubkey_load
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
Definition: secp256k1.c:245
secp256k1_nonce_function
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:103
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:599
secp256k1_schnorr.h
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_context_struct::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition: secp256k1.c:71
secp256k1_context_struct::ecmult_ctx
secp256k1_ecmult_context ecmult_ctx
Definition: secp256k1.c:70
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:13
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
Generated on Wed Nov 20 2024 17:55:59 for Bitcoin ABC by doxygen 1.9.4