Skip to content

Commit

Permalink
Squashed 'src/secp256k1/' changes from b19c000..763484a1e5
Browse files Browse the repository at this point in the history
763484a1e5 f fix undefined behavior when shifting an int 31 places
5af66e7f79 f expose nonce_function_bipschnorr
594e3abb69 f hash noncedata into nonce in nonce_function_bipschnorr
318d55155c f make helper functions static
d65adc82f8 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification.
f4153a29ab add chacha20 function
REVERT: b19c000 Merge bitcoin#607: Use size_t shifts when computing a size_t
REVERT: 4d01bc2 Merge bitcoin#606: travis: Remove unused sudo:false
REVERT: e6d01e9 Use size_t shifts when computing a size_t
REVERT: 7667532 travis: Remove unused sudo:false
REVERT: ee99f12 Merge bitcoin#599: Switch x86_64 asm to use "i" instead of "n" for immediate values.
REVERT: d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values.
REVERT: 05362ee Merge bitcoin#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
REVERT: 8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
REVERT: aa15154 Merge bitcoin#568: Fix integer overflow in ecmult_multi_var when n is large
REVERT: 2277af5 Fix integer overflow in ecmult_multi_var when n is large
REVERT: 85d0e1b Merge bitcoin#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
REVERT: 1419637 Merge bitcoin#580: Add trivial ecmult_multi algorithm which does not require a scratch space
REVERT: a697d82 Add trivial ecmult_multi to the benchmark tool
REVERT: bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points.
REVERT: 5545e13 Merge bitcoin#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler
REVERT: 20c5869 Merge bitcoin#516: improvements to random seed in src/tests.c
REVERT: b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
REVERT: 870a977 Merge bitcoin#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
REVERT: be40c4d Fixup for C90 mixed declarations.
REVERT: c71dd2c Merge bitcoin#509: Fix algorithm selection in bench_ecmult
REVERT: 6492bf8 Merge bitcoin#518: Summarize build options after running configure
REVERT: 0e9ada1 Merge bitcoin#567: Correct order of libs returned on pkg-config --libs --static libsecp2…
REVERT: e96901a Merge bitcoin#587: Make randomization of a non-signing context a noop
REVERT: 58df8d0 Merge bitcoin#511: Portability fix for the configure scripts generated
REVERT: 2ebdad7 Merge bitcoin#552: Make constants static:
REVERT: 1c131af Merge bitcoin#551: secp256k1_fe_sqrt: Verify that the arguments don't alias.
REVERT: ba698f8 Merge bitcoin#539: Assorted minor corrections
REVERT: 949e85b Merge bitcoin#550: Optimize secp256k1_fe_normalize_weak calls.
REVERT: a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker
REVERT: 2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler
REVERT: b408c6a Merge bitcoin#579: Use __GNUC_PREREQ for detecting __builtin_expect
REVERT: 6198375 Make randomization of a non-signing context a noop
REVERT: c663397 Use __GNUC_PREREQ for detecting __builtin_expect
REVERT: e34ceb3 Merge bitcoin#557: Eliminate scratch memory used when generating contexts
REVERT: b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything
REVERT: efa783f Store z-ratios in the 'x' coord they'll recover
REVERT: ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points
REVERT: 84740ac ecmult_impl: save one fe_inv_var
REVERT: 4704527 ecmult_impl: eliminate scratch memory used when generating context
REVERT: 7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context
REVERT: 314a61d Merge bitcoin#553: add static context object which has no capabilities
REVERT: 89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call.
REVERT: d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
REVERT: 40fde61 prevent attempts to modify `secp256k1_context_no_precomp`
REVERT: ed7c084 add static context object which has no capabilities
REVERT: 496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B;
REVERT: bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias.
REVERT: 9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
REVERT: 52ab96f clean dependendies in field_*_impl.h
REVERT: deff5ed Correct math typos in field_*.h
REVERT: 4efb3f8 Add check that restrict pointers don't alias with all parameters.
REVERT: 3965027 Summarize build options in configure script
REVERT: 0f05173 Fix algorithm selection in bench_ecmult
REVERT: 8b3841c fix bug in fread() failure check
REVERT: cddef0c tests: add warning message when /dev/urandom fails
REVERT: 270f6c8 Portability fix for the configure scripts generated

git-subtree-dir: src/secp256k1
git-subtree-split: 763484a1e5bed2b8b990e71c2f66129ae1038d59
  • Loading branch information
sipa committed Apr 1, 2019
1 parent 5424598 commit 3fe71bb
Show file tree
Hide file tree
Showing 32 changed files with 1,829 additions and 427 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
bench_inv
bench_ecdh
bench_ecmult
bench_schnorrsig
bench_sign
bench_verify
bench_schnorr_verify
bench_recover
bench_internal
tests
Expand Down
3 changes: 2 additions & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
language: c
os: linux
sudo: false
addons:
apt:
packages: libgmp-dev
Expand Down Expand Up @@ -66,3 +66,4 @@ script:
- if [ -n "$HOST" ]; then export USE_HOST="--host=$HOST"; fi
- if [ "x$HOST" = "xi686-linux-gnu" ]; then export CC="$CC -m32"; fi
- ./configure --enable-experimental=$EXPERIMENTAL --enable-endomorphism=$ENDOMORPHISM --with-field=$FIELD --with-bignum=$BIGNUM --with-scalar=$SCALAR --enable-ecmult-static-precomputation=$STATICPRECOMPUTATION --enable-module-ecdh=$ECDH --enable-module-recovery=$RECOVERY --enable-jni=$JNI $EXTRAFLAGS $USE_HOST && make -j2 $BUILD
os: linux
9 changes: 7 additions & 2 deletions Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ exhaustive_tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src $(SECP_INCLUDE
if !ENABLE_COVERAGE
exhaustive_tests_CPPFLAGS += -DVERIFY
endif
exhaustive_tests_LDADD = $(SECP_LIBS) $(COMMON_LIB)
exhaustive_tests_LDADD = $(SECP_LIBS)
exhaustive_tests_LDFLAGS = -static
TESTS += exhaustive_tests
endif
Expand Down Expand Up @@ -151,14 +151,15 @@ endif

if USE_ECMULT_STATIC_PRECOMPUTATION
CPPFLAGS_FOR_BUILD +=-I$(top_srcdir)
CFLAGS_FOR_BUILD += -Wall -Wextra -Wno-unused-function

gen_context_OBJECTS = gen_context.o
gen_context_BIN = gen_context$(BUILD_EXEEXT)
gen_%.o: src/gen_%.c
$(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) -c $< -o $@

$(gen_context_BIN): $(gen_context_OBJECTS)
$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@
$(CC_FOR_BUILD) $^ -o $@

$(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h
$(tests_OBJECTS): src/ecmult_static_context.h
Expand All @@ -177,6 +178,10 @@ if ENABLE_MODULE_ECDH
include src/modules/ecdh/Makefile.am.include
endif

if ENABLE_MODULE_SCHNORRSIG
include src/modules/schnorrsig/Makefile.am.include
endif

if ENABLE_MODULE_RECOVERY
include src/modules/recovery/Makefile.am.include
endif
96 changes: 40 additions & 56 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@ AC_ARG_ENABLE(module_ecdh,
[enable_module_ecdh=$enableval],
[enable_module_ecdh=no])

AC_ARG_ENABLE(module_schnorrsig,
AS_HELP_STRING([--enable-module-schnorrsig],[enable schnorrsig module (experimental)]),
[enable_module_schnorrsig=$enableval],
[enable_module_schnorrsig=no])

AC_ARG_ENABLE(module_recovery,
AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module (default is no)]),
[enable_module_recovery=$enableval],
Expand All @@ -153,6 +158,12 @@ AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto]

AC_CHECK_TYPES([__int128])

AC_MSG_CHECKING([for __builtin_expect])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_EXPECT,1,[Define this symbol if __builtin_expect is available]) ],
[ AC_MSG_RESULT([no])
])

if test x"$enable_coverage" = x"yes"; then
AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code])
CFLAGS="$CFLAGS -O0 --coverage"
Expand All @@ -162,54 +173,27 @@ else
fi

if test x"$use_ecmult_static_precomputation" != x"no"; then
# Temporarily switch to an environment for the native compiler
save_cross_compiling=$cross_compiling
cross_compiling=no
SAVE_CC="$CC"
TEMP_CC="$CC"
CC="$CC_FOR_BUILD"
SAVE_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS_FOR_BUILD"
SAVE_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS_FOR_BUILD"
SAVE_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS_FOR_BUILD"

warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function"
saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $warn_CFLAGS_FOR_BUILD"
AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
[ AC_MSG_RESULT([yes]) ],
[ AC_MSG_RESULT([no])
CFLAGS="$saved_CFLAGS"
])

AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}])
AC_MSG_CHECKING([native compiler: ${CC_FOR_BUILD}])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM([], [])],
[AC_LANG_PROGRAM([], [return 0])],
[working_native_cc=yes],
[working_native_cc=no],[dnl])

CFLAGS_FOR_BUILD="$CFLAGS"

# Restore the environment
CC="$TEMP_CC"
cross_compiling=$save_cross_compiling
CC="$SAVE_CC"
CFLAGS="$SAVE_CFLAGS"
CPPFLAGS="$SAVE_CPPFLAGS"
LDFLAGS="$SAVE_LDFLAGS"

if test x"$working_native_cc" = x"no"; then
AC_MSG_RESULT([no])
set_precomp=no
m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.])
if test x"$use_ecmult_static_precomputation" = x"yes"; then
AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
AC_MSG_ERROR([${CC_FOR_BUILD} does not produce working binaries. Please set CC_FOR_BUILD])
else
AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
AC_MSG_RESULT([${CC_FOR_BUILD} does not produce working binaries. Please set CC_FOR_BUILD])
fi
else
AC_MSG_RESULT([yes])
AC_MSG_RESULT([ok])
set_precomp=yes
fi
else
Expand Down Expand Up @@ -452,6 +436,10 @@ if test x"$enable_module_ecdh" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
fi

if test x"$enable_module_schnorrsig" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module])
fi

if test x"$enable_module_recovery" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
fi
Expand All @@ -462,16 +450,32 @@ if test x"$use_external_asm" = x"yes"; then
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
fi

AC_MSG_NOTICE([Using static precomputation: $set_precomp])
AC_MSG_NOTICE([Using assembly optimizations: $set_asm])
AC_MSG_NOTICE([Using field implementation: $set_field])
AC_MSG_NOTICE([Using bignum implementation: $set_bignum])
AC_MSG_NOTICE([Using scalar implementation: $set_scalar])
AC_MSG_NOTICE([Using endomorphism optimizations: $use_endomorphism])
AC_MSG_NOTICE([Building benchmarks: $use_benchmark])
AC_MSG_NOTICE([Building for coverage analysis: $enable_coverage])
AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
AC_MSG_NOTICE([Building ECDSA pubkey recovery module: $enable_module_recovery])
AC_MSG_NOTICE([Using jni: $use_jni])

if test x"$enable_experimental" = x"yes"; then
AC_MSG_NOTICE([******])
AC_MSG_NOTICE([WARNING: experimental build])
AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
AC_MSG_NOTICE([Building schnorrsig module: $enable_module_schnorrsig])
AC_MSG_NOTICE([******])
else
if test x"$enable_module_ecdh" = x"yes"; then
AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_schnorrsig" = x"yes"; then
AC_MSG_ERROR([schnorrsig module is experimental. Use --enable-experimental to allow.])
fi
if test x"$set_asm" = x"arm"; then
AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.])
fi
Expand All @@ -490,8 +494,9 @@ AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$use_exhaustive_tests" != x"no"])
AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"])
AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
AM_CONDITIONAL([USE_JNI], [test x"$use_jni" = x"yes"])
AM_CONDITIONAL([USE_JNI], [test x"$use_jni" == x"yes"])
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])

Expand All @@ -501,24 +506,3 @@ unset PKG_CONFIG_PATH
PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP"

AC_OUTPUT

echo
echo "Build Options:"
echo " with endomorphism = $use_endomorphism"
echo " with ecmult precomp = $set_precomp"
echo " with jni = $use_jni"
echo " with benchmarks = $use_benchmark"
echo " with coverage = $enable_coverage"
echo " module ecdh = $enable_module_ecdh"
echo " module recovery = $enable_module_recovery"
echo
echo " asm = $set_asm"
echo " bignum = $set_bignum"
echo " field = $set_field"
echo " scalar = $set_scalar"
echo
echo " CC = $CC"
echo " CFLAGS = $CFLAGS"
echo " CPPFLAGS = $CPPFLAGS"
echo " LDFLAGS = $LDFLAGS"
echo
20 changes: 7 additions & 13 deletions include/secp256k1.h
Original file line number Diff line number Diff line change
Expand Up @@ -179,13 +179,6 @@ typedef int (*secp256k1_nonce_function)(
#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07

/** A simple secp256k1 context object with no precomputed tables. These are useful for
* type serialization/parsing functions which require a context object to maintain
* API consistency, but currently do not require expensive precomputations or dynamic
* allocations.
*/
SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp;

/** Create a secp256k1 context object.
*
* Returns: a newly created context object.
Expand Down Expand Up @@ -482,6 +475,12 @@ SECP256K1_API int secp256k1_ecdsa_signature_normalize(
*/
SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979;

/** An implementation of the nonce generation function as defined in BIP-schnorr.
* If a data pointer is passed, it is assumed to be a pointer to 32 bytes of
* extra entropy.
*/
SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_bipschnorr;

/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */
SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default;

Expand Down Expand Up @@ -615,7 +614,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Updates the context randomization to protect against side-channel leakage.
* Returns: 1: randomization successfully updated or nothing to randomize
* Returns: 1: randomization successfully updated
* 0: error
* Args: ctx: pointer to a context object (cannot be NULL)
* In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)
Expand All @@ -630,11 +629,6 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
* that it does not affect function results, but shields against attacks which
* rely on any input-dependent behaviour.
*
* This function has currently an effect only on contexts initialized for signing
* because randomization is currently used only for signing. However, this is not
* guaranteed and may change in the future. It is safe to call this function on
* contexts not initialized for signing; then it will have no effect and return 1.
*
* You should call this after secp256k1_context_create or
* secp256k1_context_clone, and may call this repeatedly afterwards.
*/
Expand Down
118 changes: 118 additions & 0 deletions include/secp256k1_schnorrsig.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
#ifndef SECP256K1_SCHNORRSIG_H
#define SECP256K1_SCHNORRSIG_H

/** This module implements a variant of Schnorr signatures compliant with
* BIP-schnorr
* (https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki).
*/

/** Opaque data structure that holds a parsed Schnorr signature.
*
* The exact representation of data inside is implementation defined and not
* guaranteed to be portable between different platforms or versions. It is
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
* If you need to convert to a format suitable for storage, transmission, or
* comparison, use the `secp256k1_schnorrsig_serialize` and
* `secp256k1_schnorrsig_parse` functions.
*/
typedef struct {
unsigned char data[64];
} secp256k1_schnorrsig;

/** Serialize a Schnorr signature.
*
* Returns: 1
* Args: ctx: a secp256k1 context object
* Out: out64: pointer to a 64-byte array to store the serialized signature
* In: sig: pointer to the signature
*
* See secp256k1_schnorrsig_parse for details about the encoding.
*/
SECP256K1_API int secp256k1_schnorrsig_serialize(
const secp256k1_context* ctx,
unsigned char *out64,
const secp256k1_schnorrsig* sig
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Parse a Schnorr signature.
*
* Returns: 1 when the signature could be parsed, 0 otherwise.
* Args: ctx: a secp256k1 context object
* Out: sig: pointer to a signature object
* In: in64: pointer to the 64-byte signature to be parsed
*
* The signature is serialized in the form R||s, where R is a 32-byte public
* key (x-coordinate only; the y-coordinate is considered to be the unique
* y-coordinate satisfying the curve equation that is a quadratic residue)
* and s is a 32-byte big-endian scalar.
*
* After the call, sig will always be initialized. If parsing failed or the
* encoded numbers are out of range, signature validation with it is
* guaranteed to fail for every message and public key.
*/
SECP256K1_API int secp256k1_schnorrsig_parse(
const secp256k1_context* ctx,
secp256k1_schnorrsig* sig,
const unsigned char *in64
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Create a Schnorr signature.
*
* Returns 1 on success, 0 on failure.
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
* Out: sig: pointer to the returned signature (cannot be NULL)
* nonce_is_negated: a pointer to an integer indicates if signing algorithm negated the
* nonce (can be NULL)
* In: msg32: the 32-byte message hash being signed (cannot be NULL)
* seckey: pointer to a 32-byte secret key (cannot be NULL)
* noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_bipschnorr is used
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
*/
SECP256K1_API int secp256k1_schnorrsig_sign(
const secp256k1_context* ctx,
secp256k1_schnorrsig *sig,
int *nonce_is_negated,
const unsigned char *msg32,
const unsigned char *seckey,
secp256k1_nonce_function noncefp,
void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);

/** Verify a Schnorr signature.
*
* Returns: 1: correct signature
* 0: incorrect or unparseable signature
* Args: ctx: a secp256k1 context object, initialized for verification.
* In: sig: the signature being verified (cannot be NULL)
* msg32: the 32-byte message hash being verified (cannot be NULL)
* pubkey: pointer to a public key to verify with (cannot be NULL)
*/
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(
const secp256k1_context* ctx,
const secp256k1_schnorrsig *sig,
const unsigned char *msg32,
const secp256k1_pubkey *pubkey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Verifies a set of Schnorr signatures.
*
* Returns 1 if all succeeded, 0 otherwise. In particular, returns 1 if n_sigs is 0.
*
* Args: ctx: a secp256k1 context object, initialized for verification.
* scratch: scratch space used for the multiexponentiation
* In: sig: array of signatures, or NULL if there are no signatures
* msg32: array of messages, or NULL if there are no signatures
* pk: array of public keys, or NULL if there are no signatures
* n_sigs: number of signatures in above arrays. Must be smaller than
* 2^31 and smaller than half the maximum size_t value. Must be 0
* if above arrays are NULL.
*/
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify_batch(
const secp256k1_context* ctx,
secp256k1_scratch_space *scratch,
const secp256k1_schnorrsig *const *sig,
const unsigned char *const *msg32,
const secp256k1_pubkey *const *pk,
size_t n_sigs
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
#endif
Loading

0 comments on commit 3fe71bb

Please sign in to comment.