github.com/sberex/go-sberex@v1.8.2-0.20181113200658-ed96ac38f7d7/crypto/secp256k1/ext.h (about) 1 // This file is part of the go-sberex library. The go-sberex library is 2 // free software: you can redistribute it and/or modify it under the terms 3 // of the GNU Lesser General Public License as published by the Free 4 // Software Foundation, either version 3 of the License, or (at your option) 5 // any later version. 6 // 7 // The go-sberex library is distributed in the hope that it will be useful, 8 // but WITHOUT ANY WARRANTY; without even the implied warranty of 9 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser 10 // General Public License <http://www.gnu.org/licenses/> for more details. 11 12 // secp256k1_context_create_sign_verify creates a context for signing and signature verification. 13 static secp256k1_context* secp256k1_context_create_sign_verify() { 14 return secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); 15 } 16 17 // secp256k1_ext_ecdsa_recover recovers the public key of an encoded compact signature. 18 // 19 // Returns: 1: recovery was successful 20 // 0: recovery was not successful 21 // Args: ctx: pointer to a context object (cannot be NULL) 22 // Out: pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL) 23 // In: sigdata: pointer to a 65-byte signature with the recovery id at the end (cannot be NULL) 24 // msgdata: pointer to a 32-byte message (cannot be NULL) 25 static int secp256k1_ext_ecdsa_recover( 26 const secp256k1_context* ctx, 27 unsigned char *pubkey_out, 28 const unsigned char *sigdata, 29 const unsigned char *msgdata 30 ) { 31 secp256k1_ecdsa_recoverable_signature sig; 32 secp256k1_pubkey pubkey; 33 34 if (!secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) { 35 return 0; 36 } 37 if (!secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) { 38 return 0; 39 } 40 size_t outputlen = 65; 41 return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED); 42 } 43 44 // secp256k1_ext_ecdsa_verify verifies an encoded compact signature. 45 // 46 // Returns: 1: signature is valid 47 // 0: signature is invalid 48 // Args: ctx: pointer to a context object (cannot be NULL) 49 // In: sigdata: pointer to a 64-byte signature (cannot be NULL) 50 // msgdata: pointer to a 32-byte message (cannot be NULL) 51 // pubkeydata: pointer to public key data (cannot be NULL) 52 // pubkeylen: length of pubkeydata 53 static int secp256k1_ext_ecdsa_verify( 54 const secp256k1_context* ctx, 55 const unsigned char *sigdata, 56 const unsigned char *msgdata, 57 const unsigned char *pubkeydata, 58 size_t pubkeylen 59 ) { 60 secp256k1_ecdsa_signature sig; 61 secp256k1_pubkey pubkey; 62 63 if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) { 64 return 0; 65 } 66 if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 67 return 0; 68 } 69 return secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey); 70 } 71 72 // secp256k1_ext_reencode_pubkey decodes then encodes a public key. It can be used to 73 // convert between public key formats. The input/output formats are chosen depending on the 74 // length of the input/output buffers. 75 // 76 // Returns: 1: conversion successful 77 // 0: conversion unsuccessful 78 // Args: ctx: pointer to a context object (cannot be NULL) 79 // Out: out: output buffer that will contain the reencoded key (cannot be NULL) 80 // In: outlen: length of out (33 for compressed keys, 65 for uncompressed keys) 81 // pubkeydata: the input public key (cannot be NULL) 82 // pubkeylen: length of pubkeydata 83 static int secp256k1_ext_reencode_pubkey( 84 const secp256k1_context* ctx, 85 unsigned char *out, 86 size_t outlen, 87 const unsigned char *pubkeydata, 88 size_t pubkeylen 89 ) { 90 secp256k1_pubkey pubkey; 91 92 if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { 93 return 0; 94 } 95 unsigned int flag = (outlen == 33) ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED; 96 return secp256k1_ec_pubkey_serialize(ctx, out, &outlen, &pubkey, flag); 97 } 98 99 // secp256k1_ext_scalar_mul multiplies a point by a scalar in constant time. 100 // 101 // Returns: 1: multiplication was successful 102 // 0: scalar was invalid (zero or overflow) 103 // Args: ctx: pointer to a context object (cannot be NULL) 104 // Out: point: the multiplied point (usually secret) 105 // In: point: pointer to a 64-byte public point, 106 // encoded as two 256bit big-endian numbers. 107 // scalar: a 32-byte scalar with which to multiply the point 108 int secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) { 109 int ret = 0; 110 int overflow = 0; 111 secp256k1_fe feX, feY; 112 secp256k1_gej res; 113 secp256k1_ge ge; 114 secp256k1_scalar s; 115 ARG_CHECK(point != NULL); 116 ARG_CHECK(scalar != NULL); 117 (void)ctx; 118 119 secp256k1_fe_set_b32(&feX, point); 120 secp256k1_fe_set_b32(&feY, point+32); 121 secp256k1_ge_set_xy(&ge, &feX, &feY); 122 secp256k1_scalar_set_b32(&s, scalar, &overflow); 123 if (overflow || secp256k1_scalar_is_zero(&s)) { 124 ret = 0; 125 } else { 126 secp256k1_ecmult_const(&res, &ge, &s); 127 secp256k1_ge_set_gej(&ge, &res); 128 /* Note: can't use secp256k1_pubkey_save here because it is not constant time. */ 129 secp256k1_fe_normalize(&ge.x); 130 secp256k1_fe_normalize(&ge.y); 131 secp256k1_fe_get_b32(point, &ge.x); 132 secp256k1_fe_get_b32(point+32, &ge.y); 133 ret = 1; 134 } 135 secp256k1_scalar_clear(&s); 136 return ret; 137 }