github.com/arieschain/arieschain@v0.0.0-20191023063405-37c074544356/crypto/secp256k1/ext.h

github.com/arieschain/arieschain@v0.0.0-20191023063405-37c074544356/crypto/secp256k1/ext.h (about)

     1  // secp256k1_context_create_sign_verify creates a context for signing and signature verification.
     2  static secp256k1_context* secp256k1_context_create_sign_verify() {
     3  	return secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
     4  }
     5  
     6  // secp256k1_ext_ecdsa_recover recovers the public key of an encoded compact signature.
     7  //
     8  // Returns: 1: recovery was successful
     9  //          0: recovery was not successful
    10  // Args:    ctx:        pointer to a context object (cannot be NULL)
    11  //  Out:    pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL)
    12  //  In:     sigdata:    pointer to a 65-byte signature with the recovery id at the end (cannot be NULL)
    13  //          msgdata:    pointer to a 32-byte message (cannot be NULL)
    14  static int secp256k1_ext_ecdsa_recover(
    15  	const secp256k1_context* ctx,
    16  	unsigned char *pubkey_out,
    17  	const unsigned char *sigdata,
    18  	const unsigned char *msgdata
    19  ) {
    20  	secp256k1_ecdsa_recoverable_signature sig;
    21  	secp256k1_pubkey pubkey;
    22  
    23  	if (!secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) {
    24  		return 0;
    25  	}
    26  	if (!secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) {
    27  		return 0;
    28  	}
    29  	size_t outputlen = 65;
    30  	return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
    31  }
    32  
    33  // secp256k1_ext_ecdsa_verify verifies an encoded compact signature.
    34  //
    35  // Returns: 1: signature is valid
    36  //          0: signature is invalid
    37  // Args:    ctx:        pointer to a context object (cannot be NULL)
    38  //  In:     sigdata:    pointer to a 64-byte signature (cannot be NULL)
    39  //          msgdata:    pointer to a 32-byte message (cannot be NULL)
    40  //          pubkeydata: pointer to public key data (cannot be NULL)
    41  //          pubkeylen:  length of pubkeydata
    42  static int secp256k1_ext_ecdsa_verify(
    43  	const secp256k1_context* ctx,
    44  	const unsigned char *sigdata,
    45  	const unsigned char *msgdata,
    46  	const unsigned char *pubkeydata,
    47  	size_t pubkeylen
    48  ) {
    49  	secp256k1_ecdsa_signature sig;
    50  	secp256k1_pubkey pubkey;
    51  
    52  	if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) {
    53  		return 0;
    54  	}
    55  	if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) {
    56  		return 0;
    57  	}
    58  	return secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey);
    59  }
    60  
    61  // secp256k1_ext_reencode_pubkey decodes then encodes a public key. It can be used to
    62  // convert between public key formats. The input/output formats are chosen depending on the
    63  // length of the input/output buffers.
    64  //
    65  // Returns: 1: conversion successful
    66  //          0: conversion unsuccessful
    67  // Args:    ctx:        pointer to a context object (cannot be NULL)
    68  //  Out:    out:        output buffer that will contain the reencoded key (cannot be NULL)
    69  //  In:     outlen:     length of out (33 for compressed keys, 65 for uncompressed keys)
    70  //          pubkeydata: the input public key (cannot be NULL)
    71  //          pubkeylen:  length of pubkeydata
    72  static int secp256k1_ext_reencode_pubkey(
    73  	const secp256k1_context* ctx,
    74  	unsigned char *out,
    75  	size_t outlen,
    76  	const unsigned char *pubkeydata,
    77  	size_t pubkeylen
    78  ) {
    79  	secp256k1_pubkey pubkey;
    80  
    81  	if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) {
    82  		return 0;
    83  	}
    84  	unsigned int flag = (outlen == 33) ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED;
    85  	return secp256k1_ec_pubkey_serialize(ctx, out, &outlen, &pubkey, flag);
    86  }
    87  
    88  // secp256k1_ext_scalar_mul multiplies a point by a scalar in constant time.
    89  //
    90  // Returns: 1: multiplication was successful
    91  //          0: scalar was invalid (zero or overflow)
    92  // Args:    ctx:      pointer to a context object (cannot be NULL)
    93  //  Out:    point:    the multiplied point (usually secret)
    94  //  In:     point:    pointer to a 64-byte public point,
    95  //                    encoded as two 256bit big-endian numbers.
    96  //          scalar:   a 32-byte scalar with which to multiply the point
    97  int secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) {
    98  	int ret = 0;
    99  	int overflow = 0;
   100  	secp256k1_fe feX, feY;
   101  	secp256k1_gej res;
   102  	secp256k1_ge ge;
   103  	secp256k1_scalar s;
   104  	ARG_CHECK(point != NULL);
   105  	ARG_CHECK(scalar != NULL);
   106  	(void)ctx;
   107  
   108  	secp256k1_fe_set_b32(&feX, point);
   109  	secp256k1_fe_set_b32(&feY, point+32);
   110  	secp256k1_ge_set_xy(&ge, &feX, &feY);
   111  	secp256k1_scalar_set_b32(&s, scalar, &overflow);
   112  	if (overflow || secp256k1_scalar_is_zero(&s)) {
   113  		ret = 0;
   114  	} else {
   115  		secp256k1_ecmult_const(&res, &ge, &s);
   116  		secp256k1_ge_set_gej(&ge, &res);
   117  		/* Note: can't use secp256k1_pubkey_save here because it is not constant time. */
   118  		secp256k1_fe_normalize(&ge.x);
   119  		secp256k1_fe_normalize(&ge.y);
   120  		secp256k1_fe_get_b32(point, &ge.x);
   121  		secp256k1_fe_get_b32(point+32, &ge.y);
   122  		ret = 1;
   123  	}
   124  	secp256k1_scalar_clear(&s);
   125  	return ret;
   126  }