github.com/verovm/record-replay@v1.9.7/crypto/secp256k1/libsecp256k1/include/secp256k1.h (about) 1 #ifndef _SECP256K1_ 2 # define _SECP256K1_ 3 4 # ifdef __cplusplus 5 extern "C" { 6 # endif 7 8 #include <stddef.h> 9 10 /* These rules specify the order of arguments in API calls: 11 * 12 * 1. Context pointers go first, followed by output arguments, combined 13 * output/input arguments, and finally input-only arguments. 14 * 2. Array lengths always immediately the follow the argument whose length 15 * they describe, even if this violates rule 1. 16 * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated 17 * later go first. This means: signatures, public nonces, private nonces, 18 * messages, public keys, secret keys, tweaks. 19 * 4. Arguments that are not data pointers go last, from more complex to less 20 * complex: function pointers, algorithm names, messages, void pointers, 21 * counts, flags, booleans. 22 * 5. Opaque data pointers follow the function pointer they are to be passed to. 23 */ 24 25 /** Opaque data structure that holds context information (precomputed tables etc.). 26 * 27 * The purpose of context structures is to cache large precomputed data tables 28 * that are expensive to construct, and also to maintain the randomization data 29 * for blinding. 30 * 31 * Do not create a new context object for each operation, as construction is 32 * far slower than all other API calls (~100 times slower than an ECDSA 33 * verification). 34 * 35 * A constructed context can safely be used from multiple threads 36 * simultaneously, but API call that take a non-const pointer to a context 37 * need exclusive access to it. In particular this is the case for 38 * secp256k1_context_destroy and secp256k1_context_randomize. 39 * 40 * Regarding randomization, either do it once at creation time (in which case 41 * you do not need any locking for the other calls), or use a read-write lock. 42 */ 43 typedef struct secp256k1_context_struct secp256k1_context; 44 45 /** Opaque data structure that holds a parsed and valid public key. 46 * 47 * The exact representation of data inside is implementation defined and not 48 * guaranteed to be portable between different platforms or versions. It is 49 * however guaranteed to be 64 bytes in size, and can be safely copied/moved. 50 * If you need to convert to a format suitable for storage, transmission, or 51 * comparison, use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. 52 */ 53 typedef struct { 54 unsigned char data[64]; 55 } secp256k1_pubkey; 56 57 /** Opaque data structured that holds a parsed ECDSA signature. 58 * 59 * The exact representation of data inside is implementation defined and not 60 * guaranteed to be portable between different platforms or versions. It is 61 * however guaranteed to be 64 bytes in size, and can be safely copied/moved. 62 * If you need to convert to a format suitable for storage, transmission, or 63 * comparison, use the secp256k1_ecdsa_signature_serialize_* and 64 * secp256k1_ecdsa_signature_serialize_* functions. 65 */ 66 typedef struct { 67 unsigned char data[64]; 68 } secp256k1_ecdsa_signature; 69 70 /** A pointer to a function to deterministically generate a nonce. 71 * 72 * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail. 73 * Out: nonce32: pointer to a 32-byte array to be filled by the function. 74 * In: msg32: the 32-byte message hash being verified (will not be NULL) 75 * key32: pointer to a 32-byte secret key (will not be NULL) 76 * algo16: pointer to a 16-byte array describing the signature 77 * algorithm (will be NULL for ECDSA for compatibility). 78 * data: Arbitrary data pointer that is passed through. 79 * attempt: how many iterations we have tried to find a nonce. 80 * This will almost always be 0, but different attempt values 81 * are required to result in a different nonce. 82 * 83 * Except for test cases, this function should compute some cryptographic hash of 84 * the message, the algorithm, the key and the attempt. 85 */ 86 typedef int (*secp256k1_nonce_function)( 87 unsigned char *nonce32, 88 const unsigned char *msg32, 89 const unsigned char *key32, 90 const unsigned char *algo16, 91 void *data, 92 unsigned int attempt 93 ); 94 95 # if !defined(SECP256K1_GNUC_PREREQ) 96 # if defined(__GNUC__)&&defined(__GNUC_MINOR__) 97 # define SECP256K1_GNUC_PREREQ(_maj,_min) \ 98 ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min)) 99 # else 100 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0 101 # endif 102 # endif 103 104 # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) 105 # if SECP256K1_GNUC_PREREQ(2,7) 106 # define SECP256K1_INLINE __inline__ 107 # elif (defined(_MSC_VER)) 108 # define SECP256K1_INLINE __inline 109 # else 110 # define SECP256K1_INLINE 111 # endif 112 # else 113 # define SECP256K1_INLINE inline 114 # endif 115 116 #ifndef SECP256K1_API 117 # if defined(_WIN32) 118 # ifdef SECP256K1_BUILD 119 # define SECP256K1_API __declspec(dllexport) 120 # else 121 # define SECP256K1_API 122 # endif 123 # elif defined(__GNUC__) && defined(SECP256K1_BUILD) 124 # define SECP256K1_API __attribute__ ((visibility ("default"))) 125 # else 126 # define SECP256K1_API 127 # endif 128 #endif 129 130 /**Warning attributes 131 * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out 132 * some paranoid null checks. */ 133 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) 134 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__)) 135 # else 136 # define SECP256K1_WARN_UNUSED_RESULT 137 # endif 138 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4) 139 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x))) 140 # else 141 # define SECP256K1_ARG_NONNULL(_x) 142 # endif 143 144 /** All flags' lower 8 bits indicate what they're for. Do not use directly. */ 145 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1) 146 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0) 147 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1) 148 /** The higher bits contain the actual data. Do not use directly. */ 149 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8) 150 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9) 151 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) 152 153 /** Flags to pass to secp256k1_context_create. */ 154 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) 155 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) 156 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) 157 158 /** Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export. */ 159 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) 160 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) 161 162 /** Create a secp256k1 context object. 163 * 164 * Returns: a newly created context object. 165 * In: flags: which parts of the context to initialize. 166 */ 167 SECP256K1_API secp256k1_context* secp256k1_context_create( 168 unsigned int flags 169 ) SECP256K1_WARN_UNUSED_RESULT; 170 171 /** Copies a secp256k1 context object. 172 * 173 * Returns: a newly created context object. 174 * Args: ctx: an existing context to copy (cannot be NULL) 175 */ 176 SECP256K1_API secp256k1_context* secp256k1_context_clone( 177 const secp256k1_context* ctx 178 ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; 179 180 /** Destroy a secp256k1 context object. 181 * 182 * The context pointer may not be used afterwards. 183 * Args: ctx: an existing context to destroy (cannot be NULL) 184 */ 185 SECP256K1_API void secp256k1_context_destroy( 186 secp256k1_context* ctx 187 ); 188 189 /** Set a callback function to be called when an illegal argument is passed to 190 * an API call. It will only trigger for violations that are mentioned 191 * explicitly in the header. 192 * 193 * The philosophy is that these shouldn't be dealt with through a 194 * specific return value, as calling code should not have branches to deal with 195 * the case that this code itself is broken. 196 * 197 * On the other hand, during debug stage, one would want to be informed about 198 * such mistakes, and the default (crashing) may be inadvisable. 199 * When this callback is triggered, the API function called is guaranteed not 200 * to cause a crash, though its return value and output arguments are 201 * undefined. 202 * 203 * Args: ctx: an existing context object (cannot be NULL) 204 * In: fun: a pointer to a function to call when an illegal argument is 205 * passed to the API, taking a message and an opaque pointer 206 * (NULL restores a default handler that calls abort). 207 * data: the opaque pointer to pass to fun above. 208 */ 209 SECP256K1_API void secp256k1_context_set_illegal_callback( 210 secp256k1_context* ctx, 211 void (*fun)(const char* message, void* data), 212 const void* data 213 ) SECP256K1_ARG_NONNULL(1); 214 215 /** Set a callback function to be called when an internal consistency check 216 * fails. The default is crashing. 217 * 218 * This can only trigger in case of a hardware failure, miscompilation, 219 * memory corruption, serious bug in the library, or other error would can 220 * otherwise result in undefined behaviour. It will not trigger due to mere 221 * incorrect usage of the API (see secp256k1_context_set_illegal_callback 222 * for that). After this callback returns, anything may happen, including 223 * crashing. 224 * 225 * Args: ctx: an existing context object (cannot be NULL) 226 * In: fun: a pointer to a function to call when an internal error occurs, 227 * taking a message and an opaque pointer (NULL restores a default 228 * handler that calls abort). 229 * data: the opaque pointer to pass to fun above. 230 */ 231 SECP256K1_API void secp256k1_context_set_error_callback( 232 secp256k1_context* ctx, 233 void (*fun)(const char* message, void* data), 234 const void* data 235 ) SECP256K1_ARG_NONNULL(1); 236 237 /** Parse a variable-length public key into the pubkey object. 238 * 239 * Returns: 1 if the public key was fully valid. 240 * 0 if the public key could not be parsed or is invalid. 241 * Args: ctx: a secp256k1 context object. 242 * Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a 243 * parsed version of input. If not, its value is undefined. 244 * In: input: pointer to a serialized public key 245 * inputlen: length of the array pointed to by input 246 * 247 * This function supports parsing compressed (33 bytes, header byte 0x02 or 248 * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header 249 * byte 0x06 or 0x07) format public keys. 250 */ 251 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( 252 const secp256k1_context* ctx, 253 secp256k1_pubkey* pubkey, 254 const unsigned char *input, 255 size_t inputlen 256 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 257 258 /** Serialize a pubkey object into a serialized byte sequence. 259 * 260 * Returns: 1 always. 261 * Args: ctx: a secp256k1 context object. 262 * Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if 263 * compressed==1) byte array to place the serialized key 264 * in. 265 * In/Out: outputlen: a pointer to an integer which is initially set to the 266 * size of output, and is overwritten with the written 267 * size. 268 * In: pubkey: a pointer to a secp256k1_pubkey containing an 269 * initialized public key. 270 * flags: SECP256K1_EC_COMPRESSED if serialization should be in 271 * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. 272 */ 273 SECP256K1_API int secp256k1_ec_pubkey_serialize( 274 const secp256k1_context* ctx, 275 unsigned char *output, 276 size_t *outputlen, 277 const secp256k1_pubkey* pubkey, 278 unsigned int flags 279 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 280 281 /** Parse an ECDSA signature in compact (64 bytes) format. 282 * 283 * Returns: 1 when the signature could be parsed, 0 otherwise. 284 * Args: ctx: a secp256k1 context object 285 * Out: sig: a pointer to a signature object 286 * In: input64: a pointer to the 64-byte array to parse 287 * 288 * The signature must consist of a 32-byte big endian R value, followed by a 289 * 32-byte big endian S value. If R or S fall outside of [0..order-1], the 290 * encoding is invalid. R and S with value 0 are allowed in the encoding. 291 * 292 * After the call, sig will always be initialized. If parsing failed or R or 293 * S are zero, the resulting sig value is guaranteed to fail validation for any 294 * message and public key. 295 */ 296 SECP256K1_API int secp256k1_ecdsa_signature_parse_compact( 297 const secp256k1_context* ctx, 298 secp256k1_ecdsa_signature* sig, 299 const unsigned char *input64 300 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 301 302 /** Parse a DER ECDSA signature. 303 * 304 * Returns: 1 when the signature could be parsed, 0 otherwise. 305 * Args: ctx: a secp256k1 context object 306 * Out: sig: a pointer to a signature object 307 * In: input: a pointer to the signature to be parsed 308 * inputlen: the length of the array pointed to be input 309 * 310 * This function will accept any valid DER encoded signature, even if the 311 * encoded numbers are out of range. 312 * 313 * After the call, sig will always be initialized. If parsing failed or the 314 * encoded numbers are out of range, signature validation with it is 315 * guaranteed to fail for every message and public key. 316 */ 317 SECP256K1_API int secp256k1_ecdsa_signature_parse_der( 318 const secp256k1_context* ctx, 319 secp256k1_ecdsa_signature* sig, 320 const unsigned char *input, 321 size_t inputlen 322 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 323 324 /** Serialize an ECDSA signature in DER format. 325 * 326 * Returns: 1 if enough space was available to serialize, 0 otherwise 327 * Args: ctx: a secp256k1 context object 328 * Out: output: a pointer to an array to store the DER serialization 329 * In/Out: outputlen: a pointer to a length integer. Initially, this integer 330 * should be set to the length of output. After the call 331 * it will be set to the length of the serialization (even 332 * if 0 was returned). 333 * In: sig: a pointer to an initialized signature object 334 */ 335 SECP256K1_API int secp256k1_ecdsa_signature_serialize_der( 336 const secp256k1_context* ctx, 337 unsigned char *output, 338 size_t *outputlen, 339 const secp256k1_ecdsa_signature* sig 340 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 341 342 /** Serialize an ECDSA signature in compact (64 byte) format. 343 * 344 * Returns: 1 345 * Args: ctx: a secp256k1 context object 346 * Out: output64: a pointer to a 64-byte array to store the compact serialization 347 * In: sig: a pointer to an initialized signature object 348 * 349 * See secp256k1_ecdsa_signature_parse_compact for details about the encoding. 350 */ 351 SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact( 352 const secp256k1_context* ctx, 353 unsigned char *output64, 354 const secp256k1_ecdsa_signature* sig 355 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 356 357 /** Verify an ECDSA signature. 358 * 359 * Returns: 1: correct signature 360 * 0: incorrect or unparseable signature 361 * Args: ctx: a secp256k1 context object, initialized for verification. 362 * In: sig: the signature being verified (cannot be NULL) 363 * msg32: the 32-byte message hash being verified (cannot be NULL) 364 * pubkey: pointer to an initialized public key to verify with (cannot be NULL) 365 * 366 * To avoid accepting malleable signatures, only ECDSA signatures in lower-S 367 * form are accepted. 368 * 369 * If you need to accept ECDSA signatures from sources that do not obey this 370 * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to 371 * validation, but be aware that doing so results in malleable signatures. 372 * 373 * For details, see the comments for that function. 374 */ 375 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify( 376 const secp256k1_context* ctx, 377 const secp256k1_ecdsa_signature *sig, 378 const unsigned char *msg32, 379 const secp256k1_pubkey *pubkey 380 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 381 382 /** Convert a signature to a normalized lower-S form. 383 * 384 * Returns: 1 if sigin was not normalized, 0 if it already was. 385 * Args: ctx: a secp256k1 context object 386 * Out: sigout: a pointer to a signature to fill with the normalized form, 387 * or copy if the input was already normalized. (can be NULL if 388 * you're only interested in whether the input was already 389 * normalized). 390 * In: sigin: a pointer to a signature to check/normalize (cannot be NULL, 391 * can be identical to sigout) 392 * 393 * With ECDSA a third-party can forge a second distinct signature of the same 394 * message, given a single initial signature, but without knowing the key. This 395 * is done by negating the S value modulo the order of the curve, 'flipping' 396 * the sign of the random point R which is not included in the signature. 397 * 398 * Forgery of the same message isn't universally problematic, but in systems 399 * where message malleability or uniqueness of signatures is important this can 400 * cause issues. This forgery can be blocked by all verifiers forcing signers 401 * to use a normalized form. 402 * 403 * The lower-S form reduces the size of signatures slightly on average when 404 * variable length encodings (such as DER) are used and is cheap to verify, 405 * making it a good choice. Security of always using lower-S is assured because 406 * anyone can trivially modify a signature after the fact to enforce this 407 * property anyway. 408 * 409 * The lower S value is always between 0x1 and 410 * 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, 411 * inclusive. 412 * 413 * No other forms of ECDSA malleability are known and none seem likely, but 414 * there is no formal proof that ECDSA, even with this additional restriction, 415 * is free of other malleability. Commonly used serialization schemes will also 416 * accept various non-unique encodings, so care should be taken when this 417 * property is required for an application. 418 * 419 * The secp256k1_ecdsa_sign function will by default create signatures in the 420 * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case 421 * signatures come from a system that cannot enforce this property, 422 * secp256k1_ecdsa_signature_normalize must be called before verification. 423 */ 424 SECP256K1_API int secp256k1_ecdsa_signature_normalize( 425 const secp256k1_context* ctx, 426 secp256k1_ecdsa_signature *sigout, 427 const secp256k1_ecdsa_signature *sigin 428 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); 429 430 /** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. 431 * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of 432 * extra entropy. 433 */ 434 SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; 435 436 /** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */ 437 SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default; 438 439 /** Create an ECDSA signature. 440 * 441 * Returns: 1: signature created 442 * 0: the nonce generation function failed, or the private key was invalid. 443 * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) 444 * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) 445 * In: msg32: the 32-byte message hash being signed (cannot be NULL) 446 * seckey: pointer to a 32-byte secret key (cannot be NULL) 447 * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used 448 * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) 449 * 450 * The created signature is always in lower-S form. See 451 * secp256k1_ecdsa_signature_normalize for more details. 452 */ 453 SECP256K1_API int secp256k1_ecdsa_sign( 454 const secp256k1_context* ctx, 455 secp256k1_ecdsa_signature *sig, 456 const unsigned char *msg32, 457 const unsigned char *seckey, 458 secp256k1_nonce_function noncefp, 459 const void *ndata 460 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 461 462 /** Verify an ECDSA secret key. 463 * 464 * Returns: 1: secret key is valid 465 * 0: secret key is invalid 466 * Args: ctx: pointer to a context object (cannot be NULL) 467 * In: seckey: pointer to a 32-byte secret key (cannot be NULL) 468 */ 469 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( 470 const secp256k1_context* ctx, 471 const unsigned char *seckey 472 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); 473 474 /** Compute the public key for a secret key. 475 * 476 * Returns: 1: secret was valid, public key stores 477 * 0: secret was invalid, try again 478 * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) 479 * Out: pubkey: pointer to the created public key (cannot be NULL) 480 * In: seckey: pointer to a 32-byte private key (cannot be NULL) 481 */ 482 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( 483 const secp256k1_context* ctx, 484 secp256k1_pubkey *pubkey, 485 const unsigned char *seckey 486 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 487 488 /** Tweak a private key by adding tweak to it. 489 * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for 490 * uniformly random 32-byte arrays, or if the resulting private key 491 * would be invalid (only when the tweak is the complement of the 492 * private key). 1 otherwise. 493 * Args: ctx: pointer to a context object (cannot be NULL). 494 * In/Out: seckey: pointer to a 32-byte private key. 495 * In: tweak: pointer to a 32-byte tweak. 496 */ 497 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add( 498 const secp256k1_context* ctx, 499 unsigned char *seckey, 500 const unsigned char *tweak 501 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 502 503 /** Tweak a public key by adding tweak times the generator to it. 504 * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for 505 * uniformly random 32-byte arrays, or if the resulting public key 506 * would be invalid (only when the tweak is the complement of the 507 * corresponding private key). 1 otherwise. 508 * Args: ctx: pointer to a context object initialized for validation 509 * (cannot be NULL). 510 * In/Out: pubkey: pointer to a public key object. 511 * In: tweak: pointer to a 32-byte tweak. 512 */ 513 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( 514 const secp256k1_context* ctx, 515 secp256k1_pubkey *pubkey, 516 const unsigned char *tweak 517 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 518 519 /** Tweak a private key by multiplying it by a tweak. 520 * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for 521 * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. 522 * Args: ctx: pointer to a context object (cannot be NULL). 523 * In/Out: seckey: pointer to a 32-byte private key. 524 * In: tweak: pointer to a 32-byte tweak. 525 */ 526 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul( 527 const secp256k1_context* ctx, 528 unsigned char *seckey, 529 const unsigned char *tweak 530 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 531 532 /** Tweak a public key by multiplying it by a tweak value. 533 * Returns: 0 if the tweak was out of range (chance of around 1 in 2^128 for 534 * uniformly random 32-byte arrays, or equal to zero. 1 otherwise. 535 * Args: ctx: pointer to a context object initialized for validation 536 * (cannot be NULL). 537 * In/Out: pubkey: pointer to a public key obkect. 538 * In: tweak: pointer to a 32-byte tweak. 539 */ 540 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( 541 const secp256k1_context* ctx, 542 secp256k1_pubkey *pubkey, 543 const unsigned char *tweak 544 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 545 546 /** Updates the context randomization. 547 * Returns: 1: randomization successfully updated 548 * 0: error 549 * Args: ctx: pointer to a context object (cannot be NULL) 550 * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state) 551 */ 552 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( 553 secp256k1_context* ctx, 554 const unsigned char *seed32 555 ) SECP256K1_ARG_NONNULL(1); 556 557 /** Add a number of public keys together. 558 * Returns: 1: the sum of the public keys is valid. 559 * 0: the sum of the public keys is not valid. 560 * Args: ctx: pointer to a context object 561 * Out: out: pointer to a public key object for placing the resulting public key 562 * (cannot be NULL) 563 * In: ins: pointer to array of pointers to public keys (cannot be NULL) 564 * n: the number of public keys to add together (must be at least 1) 565 */ 566 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine( 567 const secp256k1_context* ctx, 568 secp256k1_pubkey *out, 569 const secp256k1_pubkey * const * ins, 570 size_t n 571 ) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 572 573 # ifdef __cplusplus 574 } 575 # endif 576 577 #endif