forked from bitcoin/bitcoin
-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed 'src/secp256k1/' changes from b19c000..763484a1e5
763484a1e5 f fix undefined behavior when shifting an int 31 places 5af66e7f79 f expose nonce_function_bipschnorr 594e3abb69 f hash noncedata into nonce in nonce_function_bipschnorr 318d55155c f make helper functions static d65adc82f8 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. f4153a29ab add chacha20 function REVERT: b19c000 Merge bitcoin#607: Use size_t shifts when computing a size_t REVERT: 4d01bc2 Merge bitcoin#606: travis: Remove unused sudo:false REVERT: e6d01e9 Use size_t shifts when computing a size_t REVERT: 7667532 travis: Remove unused sudo:false REVERT: ee99f12 Merge bitcoin#599: Switch x86_64 asm to use "i" instead of "n" for immediate values. REVERT: d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values. REVERT: 05362ee Merge bitcoin#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build REVERT: 8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build REVERT: aa15154 Merge bitcoin#568: Fix integer overflow in ecmult_multi_var when n is large REVERT: 2277af5 Fix integer overflow in ecmult_multi_var when n is large REVERT: 85d0e1b Merge bitcoin#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. REVERT: 1419637 Merge bitcoin#580: Add trivial ecmult_multi algorithm which does not require a scratch space REVERT: a697d82 Add trivial ecmult_multi to the benchmark tool REVERT: bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. REVERT: 5545e13 Merge bitcoin#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler REVERT: 20c5869 Merge bitcoin#516: improvements to random seed in src/tests.c REVERT: b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. REVERT: 870a977 Merge bitcoin#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse REVERT: be40c4d Fixup for C90 mixed declarations. REVERT: c71dd2c Merge bitcoin#509: Fix algorithm selection in bench_ecmult REVERT: 6492bf8 Merge bitcoin#518: Summarize build options after running configure REVERT: 0e9ada1 Merge bitcoin#567: Correct order of libs returned on pkg-config --libs --static libsecp2… REVERT: e96901a Merge bitcoin#587: Make randomization of a non-signing context a noop REVERT: 58df8d0 Merge bitcoin#511: Portability fix for the configure scripts generated REVERT: 2ebdad7 Merge bitcoin#552: Make constants static: REVERT: 1c131af Merge bitcoin#551: secp256k1_fe_sqrt: Verify that the arguments don't alias. REVERT: ba698f8 Merge bitcoin#539: Assorted minor corrections REVERT: 949e85b Merge bitcoin#550: Optimize secp256k1_fe_normalize_weak calls. REVERT: a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker REVERT: 2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler REVERT: b408c6a Merge bitcoin#579: Use __GNUC_PREREQ for detecting __builtin_expect REVERT: 6198375 Make randomization of a non-signing context a noop REVERT: c663397 Use __GNUC_PREREQ for detecting __builtin_expect REVERT: e34ceb3 Merge bitcoin#557: Eliminate scratch memory used when generating contexts REVERT: b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything REVERT: efa783f Store z-ratios in the 'x' coord they'll recover REVERT: ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points REVERT: 84740ac ecmult_impl: save one fe_inv_var REVERT: 4704527 ecmult_impl: eliminate scratch memory used when generating context REVERT: 7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context REVERT: 314a61d Merge bitcoin#553: add static context object which has no capabilities REVERT: 89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. REVERT: d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse REVERT: 40fde61 prevent attempts to modify `secp256k1_context_no_precomp` REVERT: ed7c084 add static context object which has no capabilities REVERT: 496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; REVERT: bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias. REVERT: 9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. REVERT: 52ab96f clean dependendies in field_*_impl.h REVERT: deff5ed Correct math typos in field_*.h REVERT: 4efb3f8 Add check that restrict pointers don't alias with all parameters. REVERT: 3965027 Summarize build options in configure script REVERT: 0f05173 Fix algorithm selection in bench_ecmult REVERT: 8b3841c fix bug in fread() failure check REVERT: cddef0c tests: add warning message when /dev/urandom fails REVERT: 270f6c8 Portability fix for the configure scripts generated git-subtree-dir: src/secp256k1 git-subtree-split: 763484a1e5bed2b8b990e71c2f66129ae1038d59
- Loading branch information
Showing
32 changed files
with
1,829 additions
and
427 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
#ifndef SECP256K1_SCHNORRSIG_H | ||
#define SECP256K1_SCHNORRSIG_H | ||
|
||
/** This module implements a variant of Schnorr signatures compliant with | ||
* BIP-schnorr | ||
* (https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki). | ||
*/ | ||
|
||
/** Opaque data structure that holds a parsed Schnorr signature. | ||
* | ||
* The exact representation of data inside is implementation defined and not | ||
* guaranteed to be portable between different platforms or versions. It is | ||
* however guaranteed to be 64 bytes in size, and can be safely copied/moved. | ||
* If you need to convert to a format suitable for storage, transmission, or | ||
* comparison, use the `secp256k1_schnorrsig_serialize` and | ||
* `secp256k1_schnorrsig_parse` functions. | ||
*/ | ||
typedef struct { | ||
unsigned char data[64]; | ||
} secp256k1_schnorrsig; | ||
|
||
/** Serialize a Schnorr signature. | ||
* | ||
* Returns: 1 | ||
* Args: ctx: a secp256k1 context object | ||
* Out: out64: pointer to a 64-byte array to store the serialized signature | ||
* In: sig: pointer to the signature | ||
* | ||
* See secp256k1_schnorrsig_parse for details about the encoding. | ||
*/ | ||
SECP256K1_API int secp256k1_schnorrsig_serialize( | ||
const secp256k1_context* ctx, | ||
unsigned char *out64, | ||
const secp256k1_schnorrsig* sig | ||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); | ||
|
||
/** Parse a Schnorr signature. | ||
* | ||
* Returns: 1 when the signature could be parsed, 0 otherwise. | ||
* Args: ctx: a secp256k1 context object | ||
* Out: sig: pointer to a signature object | ||
* In: in64: pointer to the 64-byte signature to be parsed | ||
* | ||
* The signature is serialized in the form R||s, where R is a 32-byte public | ||
* key (x-coordinate only; the y-coordinate is considered to be the unique | ||
* y-coordinate satisfying the curve equation that is a quadratic residue) | ||
* and s is a 32-byte big-endian scalar. | ||
* | ||
* After the call, sig will always be initialized. If parsing failed or the | ||
* encoded numbers are out of range, signature validation with it is | ||
* guaranteed to fail for every message and public key. | ||
*/ | ||
SECP256K1_API int secp256k1_schnorrsig_parse( | ||
const secp256k1_context* ctx, | ||
secp256k1_schnorrsig* sig, | ||
const unsigned char *in64 | ||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); | ||
|
||
/** Create a Schnorr signature. | ||
* | ||
* Returns 1 on success, 0 on failure. | ||
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) | ||
* Out: sig: pointer to the returned signature (cannot be NULL) | ||
* nonce_is_negated: a pointer to an integer indicates if signing algorithm negated the | ||
* nonce (can be NULL) | ||
* In: msg32: the 32-byte message hash being signed (cannot be NULL) | ||
* seckey: pointer to a 32-byte secret key (cannot be NULL) | ||
* noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_bipschnorr is used | ||
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) | ||
*/ | ||
SECP256K1_API int secp256k1_schnorrsig_sign( | ||
const secp256k1_context* ctx, | ||
secp256k1_schnorrsig *sig, | ||
int *nonce_is_negated, | ||
const unsigned char *msg32, | ||
const unsigned char *seckey, | ||
secp256k1_nonce_function noncefp, | ||
void *ndata | ||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); | ||
|
||
/** Verify a Schnorr signature. | ||
* | ||
* Returns: 1: correct signature | ||
* 0: incorrect or unparseable signature | ||
* Args: ctx: a secp256k1 context object, initialized for verification. | ||
* In: sig: the signature being verified (cannot be NULL) | ||
* msg32: the 32-byte message hash being verified (cannot be NULL) | ||
* pubkey: pointer to a public key to verify with (cannot be NULL) | ||
*/ | ||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify( | ||
const secp256k1_context* ctx, | ||
const secp256k1_schnorrsig *sig, | ||
const unsigned char *msg32, | ||
const secp256k1_pubkey *pubkey | ||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); | ||
|
||
/** Verifies a set of Schnorr signatures. | ||
* | ||
* Returns 1 if all succeeded, 0 otherwise. In particular, returns 1 if n_sigs is 0. | ||
* | ||
* Args: ctx: a secp256k1 context object, initialized for verification. | ||
* scratch: scratch space used for the multiexponentiation | ||
* In: sig: array of signatures, or NULL if there are no signatures | ||
* msg32: array of messages, or NULL if there are no signatures | ||
* pk: array of public keys, or NULL if there are no signatures | ||
* n_sigs: number of signatures in above arrays. Must be smaller than | ||
* 2^31 and smaller than half the maximum size_t value. Must be 0 | ||
* if above arrays are NULL. | ||
*/ | ||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify_batch( | ||
const secp256k1_context* ctx, | ||
secp256k1_scratch_space *scratch, | ||
const secp256k1_schnorrsig *const *sig, | ||
const unsigned char *const *msg32, | ||
const secp256k1_pubkey *const *pk, | ||
size_t n_sigs | ||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); | ||
#endif |
Oops, something went wrong.