github.com/0xsequence/ethkit@v1.25.0/go-ethereum/crypto/secp256k1/ext.h (about) 1 // Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be found in 3 // the LICENSE file. 4 5 // secp256k1_context_create_sign_verify creates a context for signing and signature verification. 6 static secp256k1_context* secp256k1_context_create_sign_verify() { 7 return ethkit_secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); 8 } 9 10 // secp256k1_ext_ecdsa_recover recovers the public key of an encoded compact signature. 11 // 12 // Returns: 1: recovery was successful 13 // 0: recovery was not successful 14 // Args: ctx: pointer to a context object (cannot be NULL) 15 // Out: pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL) 16 // In: sigdata: pointer to a 65-byte signature with the recovery id at the end (cannot be NULL) 17 // msgdata: pointer to a 32-byte message (cannot be NULL) 18 static int secp256k1_ext_ecdsa_recover( 19 const secp256k1_context* ctx, 20 unsigned char *pubkey_out, 21 const unsigned char *sigdata, 22 const unsigned char *msgdata 23 ) { 24 secp256k1_ecdsa_recoverable_signature sig; 25 secp256k1_pubkey pubkey; 26 27 if (!ethkit_secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) { 28 return 0; 29 } 30 if (!ethkit_secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) { 31 return 0; 32 } 33 size_t outputlen = 65; 34 return ethkit_secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED); 35 } 36 37 // secp256k1_ext_ecdsa_verify verifies an encoded compact signature. 38 // 39 // Returns: 1: signature is valid 40 // 0: signature is invalid 41 // Args: ctx: pointer to a context object (cannot be NULL) 42 // In: sigdata: pointer to a 64-byte signature (cannot be NULL) 43 // msgdata: pointer to a 32-byte message (cannot be NULL) 44 // pubkeydata: pointer to public key data (cannot be NULL) 45 // pubkeylen: length of pubkeydata 46 static int secp256k1_ext_ecdsa_verify( 47 const secp256k1_context* ctx, 48 const unsigned char *sigdata, 49 const unsigned char *msgdata, 50 const unsigned char *pubkeydata, 51 size_t pubkeylen 52 ) { 53 secp256k1_ecdsa_signature sig; 54 secp256k1_pubkey pubkey; 55 56 if (!ethkit_secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) { 57 return 0; 58 } 59 if (!ethkit_secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 60 return 0; 61 } 62 return ethkit_secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey); 63 } 64 65 // secp256k1_ext_reencode_pubkey decodes then encodes a public key. It can be used to 66 // convert between public key formats. The input/output formats are chosen depending on the 67 // length of the input/output buffers. 68 // 69 // Returns: 1: conversion successful 70 // 0: conversion unsuccessful 71 // Args: ctx: pointer to a context object (cannot be NULL) 72 // Out: out: output buffer that will contain the reencoded key (cannot be NULL) 73 // In: outlen: length of out (33 for compressed keys, 65 for uncompressed keys) 74 // pubkeydata: the input public key (cannot be NULL) 75 // pubkeylen: length of pubkeydata 76 static int secp256k1_ext_reencode_pubkey( 77 const secp256k1_context* ctx, 78 unsigned char *out, 79 size_t outlen, 80 const unsigned char *pubkeydata, 81 size_t pubkeylen 82 ) { 83 secp256k1_pubkey pubkey; 84 85 if (!ethkit_secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 86 return 0; 87 } 88 unsigned int flag = (outlen == 33) ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED; 89 return ethkit_secp256k1_ec_pubkey_serialize(ctx, out, &outlen, &pubkey, flag); 90 } 91 92 // ethkit_secp256k1_ext_scalar_mul multiplies a point by a scalar in constant time. 93 // 94 // Returns: 1: multiplication was successful 95 // 0: scalar was invalid (zero or overflow) 96 // Args: ctx: pointer to a context object (cannot be NULL) 97 // Out: point: the multiplied point (usually secret) 98 // In: point: pointer to a 64-byte public point, 99 // encoded as two 256bit big-endian numbers. 100 // scalar: a 32-byte scalar with which to multiply the point 101 int ethkit_secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) { 102 int ret = 0; 103 int overflow = 0; 104 secp256k1_fe feX, feY; 105 secp256k1_gej res; 106 secp256k1_ge ge; 107 secp256k1_scalar s; 108 ARG_CHECK(point != NULL); 109 ARG_CHECK(scalar != NULL); 110 (void)ctx; 111 112 secp256k1_fe_set_b32(&feX, point); 113 secp256k1_fe_set_b32(&feY, point+32); 114 secp256k1_ge_set_xy(&ge, &feX, &feY); 115 secp256k1_scalar_set_b32(&s, scalar, &overflow); 116 if (overflow || secp256k1_scalar_is_zero(&s)) { 117 ret = 0; 118 } else { 119 secp256k1_ecmult_const(&res, &ge, &s); 120 secp256k1_ge_set_gej(&ge, &res); 121 /* Note: can't use secp256k1_pubkey_save here because it is not constant time. */ 122 secp256k1_fe_normalize(&ge.x); 123 secp256k1_fe_normalize(&ge.y); 124 secp256k1_fe_get_b32(point, &ge.x); 125 secp256k1_fe_get_b32(point+32, &ge.y); 126 ret = 1; 127 } 128 secp256k1_scalar_clear(&s); 129 return ret; 130 }