github.com/arieschain/arieschain@v0.0.0-20191023063405-37c074544356/crypto/secp256k1/ext.h (about) 1 // secp256k1_context_create_sign_verify creates a context for signing and signature verification. 2 static secp256k1_context* secp256k1_context_create_sign_verify() { 3 return secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); 4 } 5 6 // secp256k1_ext_ecdsa_recover recovers the public key of an encoded compact signature. 7 // 8 // Returns: 1: recovery was successful 9 // 0: recovery was not successful 10 // Args: ctx: pointer to a context object (cannot be NULL) 11 // Out: pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL) 12 // In: sigdata: pointer to a 65-byte signature with the recovery id at the end (cannot be NULL) 13 // msgdata: pointer to a 32-byte message (cannot be NULL) 14 static int secp256k1_ext_ecdsa_recover( 15 const secp256k1_context* ctx, 16 unsigned char *pubkey_out, 17 const unsigned char *sigdata, 18 const unsigned char *msgdata 19 ) { 20 secp256k1_ecdsa_recoverable_signature sig; 21 secp256k1_pubkey pubkey; 22 23 if (!secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) { 24 return 0; 25 } 26 if (!secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) { 27 return 0; 28 } 29 size_t outputlen = 65; 30 return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED); 31 } 32 33 // secp256k1_ext_ecdsa_verify verifies an encoded compact signature. 34 // 35 // Returns: 1: signature is valid 36 // 0: signature is invalid 37 // Args: ctx: pointer to a context object (cannot be NULL) 38 // In: sigdata: pointer to a 64-byte signature (cannot be NULL) 39 // msgdata: pointer to a 32-byte message (cannot be NULL) 40 // pubkeydata: pointer to public key data (cannot be NULL) 41 // pubkeylen: length of pubkeydata 42 static int secp256k1_ext_ecdsa_verify( 43 const secp256k1_context* ctx, 44 const unsigned char *sigdata, 45 const unsigned char *msgdata, 46 const unsigned char *pubkeydata, 47 size_t pubkeylen 48 ) { 49 secp256k1_ecdsa_signature sig; 50 secp256k1_pubkey pubkey; 51 52 if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) { 53 return 0; 54 } 55 if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 56 return 0; 57 } 58 return secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey); 59 } 60 61 // secp256k1_ext_reencode_pubkey decodes then encodes a public key. It can be used to 62 // convert between public key formats. The input/output formats are chosen depending on the 63 // length of the input/output buffers. 64 // 65 // Returns: 1: conversion successful 66 // 0: conversion unsuccessful 67 // Args: ctx: pointer to a context object (cannot be NULL) 68 // Out: out: output buffer that will contain the reencoded key (cannot be NULL) 69 // In: outlen: length of out (33 for compressed keys, 65 for uncompressed keys) 70 // pubkeydata: the input public key (cannot be NULL) 71 // pubkeylen: length of pubkeydata 72 static int secp256k1_ext_reencode_pubkey( 73 const secp256k1_context* ctx, 74 unsigned char *out, 75 size_t outlen, 76 const unsigned char *pubkeydata, 77 size_t pubkeylen 78 ) { 79 secp256k1_pubkey pubkey; 80 81 if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 82 return 0; 83 } 84 unsigned int flag = (outlen == 33) ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED; 85 return secp256k1_ec_pubkey_serialize(ctx, out, &outlen, &pubkey, flag); 86 } 87 88 // secp256k1_ext_scalar_mul multiplies a point by a scalar in constant time. 89 // 90 // Returns: 1: multiplication was successful 91 // 0: scalar was invalid (zero or overflow) 92 // Args: ctx: pointer to a context object (cannot be NULL) 93 // Out: point: the multiplied point (usually secret) 94 // In: point: pointer to a 64-byte public point, 95 // encoded as two 256bit big-endian numbers. 96 // scalar: a 32-byte scalar with which to multiply the point 97 int secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) { 98 int ret = 0; 99 int overflow = 0; 100 secp256k1_fe feX, feY; 101 secp256k1_gej res; 102 secp256k1_ge ge; 103 secp256k1_scalar s; 104 ARG_CHECK(point != NULL); 105 ARG_CHECK(scalar != NULL); 106 (void)ctx; 107 108 secp256k1_fe_set_b32(&feX, point); 109 secp256k1_fe_set_b32(&feY, point+32); 110 secp256k1_ge_set_xy(&ge, &feX, &feY); 111 secp256k1_scalar_set_b32(&s, scalar, &overflow); 112 if (overflow || secp256k1_scalar_is_zero(&s)) { 113 ret = 0; 114 } else { 115 secp256k1_ecmult_const(&res, &ge, &s); 116 secp256k1_ge_set_gej(&ge, &res); 117 /* Note: can't use secp256k1_pubkey_save here because it is not constant time. */ 118 secp256k1_fe_normalize(&ge.x); 119 secp256k1_fe_normalize(&ge.y); 120 secp256k1_fe_get_b32(point, &ge.x); 121 secp256k1_fe_get_b32(point+32, &ge.y); 122 ret = 1; 123 } 124 secp256k1_scalar_clear(&s); 125 return ret; 126 }