Browse Source

Get rid of _t as it is POSIX reserved

master
Pieter Wuille 7 years ago
parent
commit
dd891e0ed5
  1. 84
      include/secp256k1.h
  2. 4
      include/secp256k1_ecdh.h
  3. 28
      include/secp256k1_recovery.h
  4. 24
      include/secp256k1_schnorr.h
  5. 4
      src/bench_ecdh.c
  6. 10
      src/bench_internal.c
  7. 6
      src/bench_recover.c
  8. 6
      src/bench_schnorr_verify.c
  9. 4
      src/bench_sign.c
  10. 10
      src/bench_verify.c
  11. 10
      src/ecdsa.h
  12. 38
      src/ecdsa_impl.h
  13. 16
      src/eckey.h
  14. 32
      src/eckey_impl.h
  15. 20
      src/ecmult.h
  16. 2
      src/ecmult_const.h
  17. 30
      src/ecmult_const_impl.h
  18. 24
      src/ecmult_gen.h
  19. 50
      src/ecmult_gen_impl.h
  20. 62
      src/ecmult_impl.h
  21. 50
      src/field.h
  22. 4
      src/field_10x26.h
  23. 46
      src/field_10x26_impl.h
  24. 4
      src/field_5x52.h
  25. 46
      src/field_5x52_impl.h
  26. 24
      src/field_impl.h
  27. 6
      src/gen_context.c
  28. 82
      src/group.h
  29. 116
      src/group_impl.h
  30. 8
      src/modules/ecdh/main_impl.h
  31. 8
      src/modules/ecdh/tests_impl.h
  32. 38
      src/modules/recovery/main_impl.h
  33. 22
      src/modules/recovery/tests_impl.h
  34. 28
      src/modules/schnorr/main_impl.h
  35. 8
      src/modules/schnorr/schnorr.h
  36. 34
      src/modules/schnorr/schnorr_impl.h
  37. 24
      src/modules/schnorr/tests_impl.h
  38. 28
      src/num.h
  39. 2
      src/num_gmp.h
  40. 36
      src/num_gmp_impl.h
  41. 50
      src/scalar.h
  42. 2
      src/scalar_4x64.h
  43. 48
      src/scalar_4x64_impl.h
  44. 2
      src/scalar_8x32.h
  45. 48
      src/scalar_8x32_impl.h
  46. 32
      src/scalar_impl.h
  47. 144
      src/secp256k1.c
  48. 474
      src/tests.c
  49. 8
      src/util.h

84
include/secp256k1.h

@ -40,7 +40,7 @@ extern "C" { @@ -40,7 +40,7 @@ extern "C" {
* Regarding randomization, either do it once at creation time (in which case
* you do not need any locking for the other calls), or use a read-write lock.
*/
typedef struct secp256k1_context_struct secp256k1_context_t;
typedef struct secp256k1_context_struct secp256k1_context;
/** Opaque data structure that holds a parsed and valid public key.
*
@ -55,7 +55,7 @@ typedef struct secp256k1_context_struct secp256k1_context_t; @@ -55,7 +55,7 @@ typedef struct secp256k1_context_struct secp256k1_context_t;
*/
typedef struct {
unsigned char data[64];
} secp256k1_pubkey_t;
} secp256k1_pubkey;
/** Opaque data structured that holds a parsed ECDSA signature.
*
@ -71,7 +71,7 @@ typedef struct { @@ -71,7 +71,7 @@ typedef struct {
*/
typedef struct {
unsigned char data[64];
} secp256k1_ecdsa_signature_t;
} secp256k1_ecdsa_signature;
/** A pointer to a function to deterministically generate a nonce.
*
@ -89,7 +89,7 @@ typedef struct { @@ -89,7 +89,7 @@ typedef struct {
* Except for test cases, this function should compute some cryptographic hash of
* the message, the algorithm, the key and the attempt.
*/
typedef int (*secp256k1_nonce_function_t)(
typedef int (*secp256k1_nonce_function)(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
@ -145,7 +145,7 @@ typedef int (*secp256k1_nonce_function_t)( @@ -145,7 +145,7 @@ typedef int (*secp256k1_nonce_function_t)(
* Returns: a newly created context object.
* In: flags: which parts of the context to initialize.
*/
secp256k1_context_t* secp256k1_context_create(
secp256k1_context* secp256k1_context_create(
unsigned int flags
) SECP256K1_WARN_UNUSED_RESULT;
@ -154,8 +154,8 @@ secp256k1_context_t* secp256k1_context_create( @@ -154,8 +154,8 @@ secp256k1_context_t* secp256k1_context_create(
* Returns: a newly created context object.
* Args: ctx: an existing context to copy (cannot be NULL)
*/
secp256k1_context_t* secp256k1_context_clone(
const secp256k1_context_t* ctx
secp256k1_context* secp256k1_context_clone(
const secp256k1_context* ctx
) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT;
/** Destroy a secp256k1 context object.
@ -164,7 +164,7 @@ secp256k1_context_t* secp256k1_context_clone( @@ -164,7 +164,7 @@ secp256k1_context_t* secp256k1_context_clone(
* Args: ctx: an existing context to destroy (cannot be NULL)
*/
void secp256k1_context_destroy(
secp256k1_context_t* ctx
secp256k1_context* ctx
);
/** Set a callback function to be called when an illegal argument is passed to
@ -188,7 +188,7 @@ void secp256k1_context_destroy( @@ -188,7 +188,7 @@ void secp256k1_context_destroy(
* data: the opaque pointer to pass to fun above.
*/
void secp256k1_context_set_illegal_callback(
secp256k1_context_t* ctx,
secp256k1_context* ctx,
void (*fun)(const char* message, void* data),
const void* data
) SECP256K1_ARG_NONNULL(1);
@ -210,7 +210,7 @@ void secp256k1_context_set_illegal_callback( @@ -210,7 +210,7 @@ void secp256k1_context_set_illegal_callback(
* data: the opaque pointer to pass to fun above.
*/
void secp256k1_context_set_error_callback(
secp256k1_context_t* ctx,
secp256k1_context* ctx,
void (*fun)(const char* message, void* data),
const void* data
) SECP256K1_ARG_NONNULL(1);
@ -230,8 +230,8 @@ void secp256k1_context_set_error_callback( @@ -230,8 +230,8 @@ void secp256k1_context_set_error_callback(
* byte 0x06 or 0x07) format public keys.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t* pubkey,
const secp256k1_context* ctx,
secp256k1_pubkey* pubkey,
const unsigned char *input,
size_t inputlen
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -244,16 +244,16 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( @@ -244,16 +244,16 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(
* compressed==1) byte array to place the serialized key in.
* outputlen: a pointer to an integer which will contain the serialized
* size.
* In: pubkey: a pointer to a secp256k1_pubkey_t containing an initialized
* In: pubkey: a pointer to a secp256k1_pubkey containing an initialized
* public key.
* flags: SECP256K1_EC_COMPRESSED if serialization should be in
* compressed format.
*/
int secp256k1_ec_pubkey_serialize(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *output,
size_t *outputlen,
const secp256k1_pubkey_t* pubkey,
const secp256k1_pubkey* pubkey,
unsigned int flags
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -268,8 +268,8 @@ int secp256k1_ec_pubkey_serialize( @@ -268,8 +268,8 @@ int secp256k1_ec_pubkey_serialize(
* Note that this function also supports some violations of DER and even BER.
*/
int secp256k1_ecdsa_signature_parse_der(
const secp256k1_context_t* ctx,
secp256k1_ecdsa_signature_t* sig,
const secp256k1_context* ctx,
secp256k1_ecdsa_signature* sig,
const unsigned char *input,
size_t inputlen
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -286,10 +286,10 @@ int secp256k1_ecdsa_signature_parse_der( @@ -286,10 +286,10 @@ int secp256k1_ecdsa_signature_parse_der(
* In: sig: a pointer to an initialized signature object
*/
int secp256k1_ecdsa_signature_serialize_der(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *output,
size_t *outputlen,
const secp256k1_ecdsa_signature_t* sig
const secp256k1_ecdsa_signature* sig
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
/** Verify an ECDSA signature.
@ -302,20 +302,20 @@ int secp256k1_ecdsa_signature_serialize_der( @@ -302,20 +302,20 @@ int secp256k1_ecdsa_signature_serialize_der(
* pubkey: pointer to an initialized public key to verify with (cannot be NULL)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(
const secp256k1_context_t* ctx,
const secp256k1_ecdsa_signature_t *sig,
const secp256k1_context* ctx,
const secp256k1_ecdsa_signature *sig,
const unsigned char *msg32,
const secp256k1_pubkey_t *pubkey
const secp256k1_pubkey *pubkey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
/** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
* If a data pointer is passed, it is assumed to be a pointer to 32 bytes of
* extra entropy.
*/
extern const secp256k1_nonce_function_t secp256k1_nonce_function_rfc6979;
extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979;
/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */
extern const secp256k1_nonce_function_t secp256k1_nonce_function_default;
extern const secp256k1_nonce_function secp256k1_nonce_function_default;
/** Create an ECDSA signature.
*
@ -356,11 +356,11 @@ extern const secp256k1_nonce_function_t secp256k1_nonce_function_default; @@ -356,11 +356,11 @@ extern const secp256k1_nonce_function_t secp256k1_nonce_function_default;
* be taken when this property is required for an application.
*/
int secp256k1_ecdsa_sign(
const secp256k1_context_t* ctx,
secp256k1_ecdsa_signature_t *sig,
const secp256k1_context* ctx,
secp256k1_ecdsa_signature *sig,
const unsigned char *msg32,
const unsigned char *seckey,
secp256k1_nonce_function_t noncefp,
secp256k1_nonce_function noncefp,
const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -372,7 +372,7 @@ int secp256k1_ecdsa_sign( @@ -372,7 +372,7 @@ int secp256k1_ecdsa_sign(
* In: seckey: pointer to a 32-byte secret key (cannot be NULL)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
const unsigned char *seckey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
@ -385,8 +385,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( @@ -385,8 +385,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(
* In: seckey: pointer to a 32-byte private key (cannot be NULL)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubkey,
const secp256k1_context* ctx,
secp256k1_pubkey *pubkey,
const unsigned char *seckey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -411,7 +411,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( @@ -411,7 +411,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(
* guaranteed to be parsable by secp256k1_ec_privkey_import.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_export(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *privkey,
size_t *privkeylen,
const unsigned char *seckey,
@ -433,7 +433,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_export( @@ -433,7 +433,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_export(
* key.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_import(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *seckey,
const unsigned char *privkey,
size_t privkeylen
@ -449,7 +449,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_import( @@ -449,7 +449,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_import(
* In: tweak: pointer to a 32-byte tweak.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *seckey,
const unsigned char *tweak
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -465,8 +465,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add( @@ -465,8 +465,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
* In: tweak: pointer to a 32-byte tweak.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubkey,
const secp256k1_context* ctx,
secp256k1_pubkey *pubkey,
const unsigned char *tweak
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -478,7 +478,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( @@ -478,7 +478,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
* In: tweak: pointer to a 32-byte tweak.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *seckey,
const unsigned char *tweak
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -492,8 +492,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul( @@ -492,8 +492,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
* In: tweak: pointer to a 32-byte tweak.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubkey,
const secp256k1_context* ctx,
secp256k1_pubkey *pubkey,
const unsigned char *tweak
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -504,7 +504,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( @@ -504,7 +504,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
* In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(
secp256k1_context_t* ctx,
secp256k1_context* ctx,
const unsigned char *seed32
) SECP256K1_ARG_NONNULL(1);
@ -520,9 +520,9 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( @@ -520,9 +520,9 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(
* uncompressed format is needed.
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *out,
const secp256k1_pubkey_t * const * ins,
const secp256k1_context* ctx,
secp256k1_pubkey *out,
const secp256k1_pubkey * const * ins,
int n
) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

4
include/secp256k1_ecdh.h

@ -17,9 +17,9 @@ extern "C" { @@ -17,9 +17,9 @@ extern "C" {
* scalar: a 32-byte scalar with which to multiply the point
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *result,
const secp256k1_pubkey_t *point,
const secp256k1_pubkey *point,
const unsigned char *scalar
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

28
include/secp256k1_recovery.h

@ -23,7 +23,7 @@ extern "C" { @@ -23,7 +23,7 @@ extern "C" {
*/
typedef struct {
unsigned char data[65];
} secp256k1_ecdsa_recoverable_signature_t;
} secp256k1_ecdsa_recoverable_signature;
/** Parse a compact ECDSA signature (64 bytes + recovery id).
*
@ -34,8 +34,8 @@ typedef struct { @@ -34,8 +34,8 @@ typedef struct {
* recid: the recovery id (0, 1, 2 or 3)
*/
int secp256k1_ecdsa_recoverable_signature_parse_compact(
const secp256k1_context_t* ctx,
secp256k1_ecdsa_recoverable_signature_t* sig,
const secp256k1_context* ctx,
secp256k1_ecdsa_recoverable_signature* sig,
const unsigned char *input64,
int recid
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -47,9 +47,9 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact( @@ -47,9 +47,9 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(
* In: sigin: a pointer to a recoverable signature (cannot be NULL).
*/
int secp256k1_ecdsa_recoverable_signature_convert(
const secp256k1_context_t* ctx,
secp256k1_ecdsa_signature_t* sig,
const secp256k1_ecdsa_recoverable_signature_t* sigin
const secp256k1_context* ctx,
secp256k1_ecdsa_signature* sig,
const secp256k1_ecdsa_recoverable_signature* sigin
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
@ -61,10 +61,10 @@ int secp256k1_ecdsa_recoverable_signature_convert( @@ -61,10 +61,10 @@ int secp256k1_ecdsa_recoverable_signature_convert(
* In: sig: a pointer to an initialized signature object (cannot be NULL)
*/
int secp256k1_ecdsa_recoverable_signature_serialize_compact(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *output64,
int *recid,
const secp256k1_ecdsa_recoverable_signature_t* sig
const secp256k1_ecdsa_recoverable_signature* sig
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
/** Create a recoverable ECDSA signature.
@ -79,11 +79,11 @@ int secp256k1_ecdsa_recoverable_signature_serialize_compact( @@ -79,11 +79,11 @@ int secp256k1_ecdsa_recoverable_signature_serialize_compact(
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
*/
int secp256k1_ecdsa_sign_recoverable(
const secp256k1_context_t* ctx,
secp256k1_ecdsa_recoverable_signature_t *sig,
const secp256k1_context* ctx,
secp256k1_ecdsa_recoverable_signature *sig,
const unsigned char *msg32,
const unsigned char *seckey,
secp256k1_nonce_function_t noncefp,
secp256k1_nonce_function noncefp,
const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -97,9 +97,9 @@ int secp256k1_ecdsa_sign_recoverable( @@ -97,9 +97,9 @@ int secp256k1_ecdsa_sign_recoverable(
* msg32: the 32-byte message hash assumed to be signed (cannot be NULL)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubkey,
const secp256k1_ecdsa_recoverable_signature_t *sig,
const secp256k1_context* ctx,
secp256k1_pubkey *pubkey,
const secp256k1_ecdsa_recoverable_signature *sig,
const unsigned char *msg32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

24
include/secp256k1_schnorr.h

@ -25,11 +25,11 @@ extern "C" { @@ -25,11 +25,11 @@ extern "C" {
* function (can be NULL)
*/
int secp256k1_schnorr_sign(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *sig64,
const unsigned char *msg32,
const unsigned char *seckey,
secp256k1_nonce_function_t noncefp,
secp256k1_nonce_function noncefp,
const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -42,10 +42,10 @@ int secp256k1_schnorr_sign( @@ -42,10 +42,10 @@ int secp256k1_schnorr_sign(
* pubkey: the public key to verify with (cannot be NULL)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
const unsigned char *sig64,
const unsigned char *msg32,
const secp256k1_pubkey_t *pubkey
const secp256k1_pubkey *pubkey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
/** Recover an EC public key from a Schnorr signature created using
@ -62,8 +62,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify( @@ -62,8 +62,8 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(
* be NULL)
*/
int secp256k1_schnorr_recover(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubkey,
const secp256k1_context* ctx,
secp256k1_pubkey *pubkey,
const unsigned char *sig64,
const unsigned char *msg32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -87,12 +87,12 @@ int secp256k1_schnorr_recover( @@ -87,12 +87,12 @@ int secp256k1_schnorr_recover(
* Do not use the output as a private/public key pair for signing/validation.
*/
int secp256k1_schnorr_generate_nonce_pair(
const secp256k1_context_t* ctx,
secp256k1_pubkey_t *pubnonce,
const secp256k1_context* ctx,
secp256k1_pubkey *pubnonce,
unsigned char *privnonce32,
const unsigned char *msg32,
const unsigned char *sec32,
secp256k1_nonce_function_t noncefp,
secp256k1_nonce_function noncefp,
const void* noncedata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(6) SECP256K1_ARG_NONNULL(7);
@ -139,11 +139,11 @@ int secp256k1_schnorr_generate_nonce_pair( @@ -139,11 +139,11 @@ int secp256k1_schnorr_generate_nonce_pair(
* by calling the function again (they are commutative and associative).
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *sig64,
const unsigned char *msg32,
const unsigned char *sec32,
const secp256k1_pubkey_t *pubnonce_others,
const secp256k1_pubkey *pubnonce_others,
const unsigned char *secnonce32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);
@ -160,7 +160,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign( @@ -160,7 +160,7 @@ SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign(
* n: the number of signatures to combine (at least 1)
*/
SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_combine(
const secp256k1_context_t* ctx,
const secp256k1_context* ctx,
unsigned char *sig64,
const unsigned char * const * sig64sin,
int n

4
src/bench_ecdh.c

@ -12,8 +12,8 @@ @@ -12,8 +12,8 @@
#include "bench.h"
typedef struct {
secp256k1_context_t *ctx;
secp256k1_pubkey_t point;
secp256k1_context *ctx;
secp256k1_pubkey point;
unsigned char scalar[32];
} bench_ecdh_t;

10
src/bench_internal.c

@ -19,10 +19,10 @@ @@ -19,10 +19,10 @@
#include "secp256k1.c"
typedef struct {
secp256k1_scalar_t scalar_x, scalar_y;
secp256k1_fe_t fe_x, fe_y;
secp256k1_ge_t ge_x, ge_y;
secp256k1_gej_t gej_x, gej_y;
secp256k1_scalar scalar_x, scalar_y;
secp256k1_fe fe_x, fe_y;
secp256k1_ge ge_x, ge_y;
secp256k1_gej gej_x, gej_y;
unsigned char data[64];
int wnaf[256];
} bench_inv_t;
@ -98,7 +98,7 @@ void bench_scalar_split(void* arg) { @@ -98,7 +98,7 @@ void bench_scalar_split(void* arg) {
bench_inv_t *data = (bench_inv_t*)arg;
for (i = 0; i < 20000; i++) {
secp256k1_scalar_t l, r;
secp256k1_scalar l, r;
secp256k1_scalar_split_lambda(&l, &r, &data->scalar_x);
secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y);
}

6
src/bench_recover.c

@ -10,7 +10,7 @@ @@ -10,7 +10,7 @@
#include "bench.h"
typedef struct {
secp256k1_context_t *ctx;
secp256k1_context *ctx;
unsigned char msg[32];
unsigned char sig[64];
} bench_recover_t;
@ -18,13 +18,13 @@ typedef struct { @@ -18,13 +18,13 @@ typedef struct {
void bench_recover(void* arg) {
int i;
bench_recover_t *data = (bench_recover_t*)arg;
secp256k1_pubkey_t pubkey;
secp256k1_pubkey pubkey;
unsigned char pubkeyc[33];
for (i = 0; i < 20000; i++) {
int j;
size_t pubkeylen = 33;
secp256k1_ecdsa_recoverable_signature_t sig;
secp256k1_ecdsa_recoverable_signature sig;
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2));
CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg));
CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED));

6
src/bench_schnorr_verify.c

@ -20,7 +20,7 @@ typedef struct { @@ -20,7 +20,7 @@ typedef struct {
} benchmark_schnorr_sig_t;
typedef struct {
secp256k1_context_t *ctx;
secp256k1_context *ctx;
unsigned char msg[32];
benchmark_schnorr_sig_t sigs[64];
int numsigs;
@ -34,7 +34,7 @@ static void benchmark_schnorr_init(void* arg) { @@ -34,7 +34,7 @@ static void benchmark_schnorr_init(void* arg) {
data->msg[i] = 1 + i;
}
for (k = 0; k < data->numsigs; k++) {
secp256k1_pubkey_t pubkey;
secp256k1_pubkey pubkey;
for (i = 0; i < 32; i++) {
data->sigs[k].key[i] = 33 + i + k;
}
@ -50,7 +50,7 @@ static void benchmark_schnorr_verify(void* arg) { @@ -50,7 +50,7 @@ static void benchmark_schnorr_verify(void* arg) {
benchmark_schnorr_verify_t* data = (benchmark_schnorr_verify_t*)arg;
for (i = 0; i < 20000 / data->numsigs; i++) {
secp256k1_pubkey_t pubkey;
secp256k1_pubkey pubkey;
data->sigs[0].sig[(i >> 8) % 64] ^= (i & 0xFF);
CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->sigs[0].pubkey, data->sigs[0].pubkeylen));
CHECK(secp256k1_schnorr_verify(data->ctx, data->sigs[0].sig, data->msg, &pubkey) == ((i & 0xFF) == 0));

4
src/bench_sign.c

@ -9,7 +9,7 @@ @@ -9,7 +9,7 @@
#include "bench.h"
typedef struct {
secp256k1_context_t* ctx;
secp256k1_context* ctx;
unsigned char msg[32];
unsigned char key[32];
} bench_sign_t;
@ -34,7 +34,7 @@ static void bench_sign(void* arg) { @@ -34,7 +34,7 @@ static void bench_sign(void* arg) {
for (i = 0; i < 20000; i++) {
size_t siglen = 74;
int j;
secp256k1_ecdsa_signature_t signature;
secp256k1_ecdsa_signature signature;
CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature));
for (j = 0; j < 32; j++) {

10
src/bench_verify.c

@ -12,7 +12,7 @@ @@ -12,7 +12,7 @@
#include "bench.h"
typedef struct {
secp256k1_context_t *ctx;
secp256k1_context *ctx;
unsigned char msg[32];
unsigned char key[32];
unsigned char sig[72];
@ -26,8 +26,8 @@ static void benchmark_verify(void* arg) { @@ -26,8 +26,8 @@ static void benchmark_verify(void* arg) {
benchmark_verify_t* data = (benchmark_verify_t*)arg;
for (i = 0; i < 20000; i++) {
secp256k1_pubkey_t pubkey;
secp256k1_ecdsa_signature_t sig;
secp256k1_pubkey pubkey;
secp256k1_ecdsa_signature sig;
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
@ -42,8 +42,8 @@ static void benchmark_verify(void* arg) { @@ -42,8 +42,8 @@ static void benchmark_verify(void* arg) {
int main(void) {
int i;
secp256k1_pubkey_t pubkey;
secp256k1_ecdsa_signature_t sig;
secp256k1_pubkey pubkey;
secp256k1_ecdsa_signature sig;
benchmark_verify_t data;
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);

10
src/ecdsa.h

@ -13,10 +13,10 @@ @@ -13,10 +13,10 @@
#include "group.h"
#include "ecmult.h"
static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *r, secp256k1_scalar_t *s, const unsigned char *sig, size_t size);
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar_t *r, const secp256k1_scalar_t *s);
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message);
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t* r, secp256k1_scalar_t* s, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid);
static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size);
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s);
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message);
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid);
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid);
#endif

38
src/ecdsa_impl.h

@ -28,7 +28,7 @@ @@ -28,7 +28,7 @@
* sage: '%x' % (EllipticCurve ([F (a), F (b)]).order())
* 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'
*/
static const secp256k1_fe_t secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST(
static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL
);
@ -42,11 +42,11 @@ static const secp256k1_fe_t secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CON @@ -42,11 +42,11 @@ static const secp256k1_fe_t secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CON
* sage: '%x' % (p - EllipticCurve ([F (a), F (b)]).order())
* '14551231950b75fc4402da1722fc9baee'
*/
static const secp256k1_fe_t secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST(
static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST(
0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL
);
static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *rr, secp256k1_scalar_t *rs, const unsigned char *sig, size_t size) {
static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) {
unsigned char ra[32] = {0}, sa[32] = {0};
const unsigned char *rp;
const unsigned char *sp;
@ -109,7 +109,7 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *rr, secp256k1_scalar_t @@ -109,7 +109,7 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *rr, secp256k1_scalar_t
return 1;
}
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar_t* ar, const secp256k1_scalar_t* as) {
static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar* ar, const secp256k1_scalar* as) {
unsigned char r[33] = {0}, s[33] = {0};
unsigned char *rp = r, *sp = s;
size_t lenR = 33, lenS = 33;
@ -133,12 +133,12 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const @@ -133,12 +133,12 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const
return 1;
}
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t *sigs, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) {
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) {
unsigned char c[32];
secp256k1_scalar_t sn, u1, u2;
secp256k1_fe_t xr;
secp256k1_gej_t pubkeyj;
secp256k1_gej_t pr;
secp256k1_scalar sn, u1, u2;
secp256k1_fe xr;
secp256k1_gej pubkeyj;
secp256k1_gej pr;
if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {
return 0;
@ -187,13 +187,13 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, con @@ -187,13 +187,13 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, con
return 0;
}
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t* sigs, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) {
static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) {
unsigned char brx[32];
secp256k1_fe_t fx;
secp256k1_ge_t x;
secp256k1_gej_t xj;
secp256k1_scalar_t rn, u1, u2;
secp256k1_gej_t qj;
secp256k1_fe fx;
secp256k1_ge x;
secp256k1_gej xj;
secp256k1_scalar rn, u1, u2;
secp256k1_gej qj;
if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {
return 0;
@ -220,11 +220,11 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, co @@ -220,11 +220,11 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, co
return !secp256k1_gej_is_infinity(&qj);
}
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t *sigr, secp256k1_scalar_t *sigs, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) {
unsigned char b[32];
secp256k1_gej_t rp;
secp256k1_ge_t r;
secp256k1_scalar_t n;
secp256k1_gej rp;
secp256k1_ge r;
secp256k1_scalar n;
int overflow = 0;
secp256k1_ecmult_gen(ctx, &rp, nonce);

16
src/eckey.h

@ -14,15 +14,15 @@ @@ -14,15 +14,15 @@
#include "ecmult.h"
#include "ecmult_gen.h"
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, size_t size);
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, size_t *size, unsigned int flags);
static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size);
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, unsigned int flags);
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, size_t privkeylen);
static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context_t *ctx, unsigned char *privkey, size_t *privkeylen, const secp256k1_scalar_t *key, unsigned int flags);
static int secp256k1_eckey_privkey_parse(secp256k1_scalar *key, const unsigned char *privkey, size_t privkeylen);
static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context *ctx, unsigned char *privkey, size_t *privkeylen, const secp256k1_scalar *key, unsigned int flags);
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context_t *ctx, secp256k1_ge_t *key, const secp256k1_scalar_t *tweak);
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak);
static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context_t *ctx, secp256k1_ge_t *key, const secp256k1_scalar_t *tweak);
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak);
static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak);
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak);
static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak);
#endif

32
src/eckey_impl.h

@ -14,12 +14,12 @@ @@ -14,12 +14,12 @@
#include "group.h"
#include "ecmult_gen.h"
static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, size_t size) {
static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) {
if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
secp256k1_fe_t x;
secp256k1_fe x;
return secp256k1_fe_set_b32(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == 0x03);
} else if (size == 65 && (pub[0] == 0x04 || pub[0] == 0x06 || pub[0] == 0x07)) {
secp256k1_fe_t x, y;
secp256k1_fe x, y;
if (!secp256k1_fe_set_b32(&x, pub+1) || !secp256k1_fe_set_b32(&y, pub+33)) {
return 0;
}
@ -33,7 +33,7 @@ static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned cha @@ -33,7 +33,7 @@ static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned cha
}
}
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, size_t *size, unsigned int flags) {
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, unsigned int flags) {
if (secp256k1_ge_is_infinity(elem)) {
return 0;
}
@ -51,7 +51,7 @@ static int secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char @@ -51,7 +51,7 @@ static int secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char
return 1;
}
static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned char *privkey, size_t privkeylen) {
static int secp256k1_eckey_privkey_parse(secp256k1_scalar *key, const unsigned char *privkey, size_t privkeylen) {
unsigned char c[32] = {0};
const unsigned char *end = privkey + privkeylen;
int lenb = 0;
@ -94,9 +94,9 @@ static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned @@ -94,9 +94,9 @@ static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned
return !overflow;
}
static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context_t *ctx, unsigned char *privkey, size_t *privkeylen, const secp256k1_scalar_t *key, unsigned int flags) {
secp256k1_gej_t rp;
secp256k1_ge_t r;
static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context *ctx, unsigned char *privkey, size_t *privkeylen, const secp256k1_scalar *key, unsigned int flags) {
secp256k1_gej rp;
secp256k1_ge r;
size_t pubkeylen = 0;
secp256k1_ecmult_gen(ctx, &rp, key);
secp256k1_ge_set_gej(&r, &rp);
@ -154,7 +154,7 @@ static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context_ @@ -154,7 +154,7 @@ static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context_
return 1;
}
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) {
secp256k1_scalar_add(key, key, tweak);
if (secp256k1_scalar_is_zero(key)) {
return 0;
@ -162,9 +162,9 @@ static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp @@ -162,9 +162,9 @@ static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp
return 1;
}
static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context_t *ctx, secp256k1_ge_t *key, const secp256k1_scalar_t *tweak) {
secp256k1_gej_t pt;
secp256k1_scalar_t one;
static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) {
secp256k1_gej pt;
secp256k1_scalar one;
secp256k1_gej_set_ge(&pt, key);
secp256k1_scalar_set_int(&one, 1);
secp256k1_ecmult(ctx, &pt, &pt, &one, tweak);
@ -176,7 +176,7 @@ static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context_t *ct @@ -176,7 +176,7 @@ static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context_t *ct
return 1;
}
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) {
if (secp256k1_scalar_is_zero(tweak)) {
return 0;
}
@ -185,9 +185,9 @@ static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp @@ -185,9 +185,9 @@ static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp
return 1;
}
static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context_t *ctx, secp256k1_ge_t *key, const secp256k1_scalar_t *tweak) {
secp256k1_scalar_t zero;
secp256k1_gej_t pt;
static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) {
secp256k1_scalar zero;
secp256k1_gej pt;
if (secp256k1_scalar_is_zero(tweak)) {
return 0;
}

20
src/ecmult.h

@ -12,20 +12,20 @@ @@ -12,20 +12,20 @@
typedef struct {
/* For accelerating the computation of a*P + b*G: */
secp256k1_ge_storage_t (*pre_g)[]; /* odd multiples of the generator */
secp256k1_ge_storage (*pre_g)[]; /* odd multiples of the generator */
#ifdef USE_ENDOMORPHISM
secp256k1_ge_storage_t (*pre_g_128)[]; /* odd multiples of 2^128*generator */
secp256k1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */
#endif
} secp256k1_ecmult_context_t;
} secp256k1_ecmult_context;
static void secp256k1_ecmult_context_init(secp256k1_ecmult_context_t *ctx);
static void secp256k1_ecmult_context_build(secp256k1_ecmult_context_t *ctx, const callback_t *cb);
static void secp256k1_ecmult_context_clone(secp256k1_ecmult_context_t *dst,
const secp256k1_ecmult_context_t *src, const callback_t *cb);
static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context_t *ctx);
static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context_t *ctx);
static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx);
static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, const secp256k1_callback *cb);
static void secp256k1_ecmult_context_clone(secp256k1_ecmult_context *dst,
const secp256k1_ecmult_context *src, const secp256k1_callback *cb);
static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx);
static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx);
/** Double multiply: R = na*A + ng*G */
static void secp256k1_ecmult(const secp256k1_ecmult_context_t *ctx, secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_scalar_t *na, const secp256k1_scalar_t *ng);
static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng);
#endif

2
src/ecmult_const.h

@ -10,6 +10,6 @@ @@ -10,6 +10,6 @@
#include "scalar.h"
#include "group.h"
static void secp256k1_ecmult_const(secp256k1_gej_t *r, const secp256k1_ge_t *a, const secp256k1_scalar_t *q);
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q);
#endif

30
src/ecmult_const_impl.h

@ -24,7 +24,7 @@ @@ -24,7 +24,7 @@
int m; \
int abs_n = (n) * (((n) > 0) * 2 - 1); \
int idx_n = abs_n / 2; \
secp256k1_fe_t neg_y; \
secp256k1_fe neg_y; \
VERIFY_CHECK(((n) & 1) == 1); \
VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \
@ -54,7 +54,7 @@ @@ -54,7 +54,7 @@
*
* Numbers reference steps of `Algorithm SPA-resistant Width-w NAF with Odd Scalar` on pp. 335
*/
static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar_t s, int w) {
static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar s, int w) {
int global_sign = 1;
int skew = 0;
int word = 0;
@ -74,7 +74,7 @@ static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar_t s, int w) { @@ -74,7 +74,7 @@ static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar_t s, int w) {
/* We add 1 to even numbers, 2 to odd ones, noting that negation flips parity */
int bit = flip ^ (s.d[0] & 1);
/* We check for negative one, since adding 2 to it will cause an overflow */
secp256k1_scalar_t neg_s;
secp256k1_scalar neg_s;
int not_neg_one;
secp256k1_scalar_negate(&neg_s, &s);
not_neg_one = !secp256k1_scalar_is_one(&neg_s);
@ -120,24 +120,24 @@ static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar_t s, int w) { @@ -120,24 +120,24 @@ static int secp256k1_wnaf_const(int *wnaf, secp256k1_scalar_t s, int w) {
}
static void secp256k1_ecmult_const(secp256k1_gej_t *r, const secp256k1_ge_t *a, const secp256k1_scalar_t *scalar) {
secp256k1_ge_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_ge_t tmpa;
secp256k1_fe_t Z;
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *scalar) {
secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_ge tmpa;
secp256k1_fe Z;
#ifdef USE_ENDOMORPHISM
secp256k1_ge_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
int wnaf_1[1 + WNAF_SIZE(WINDOW_A - 1)];
int wnaf_lam[1 + WNAF_SIZE(WINDOW_A - 1)];
int skew_1;
int skew_lam;
secp256k1_scalar_t q_1, q_lam;
secp256k1_scalar q_1, q_lam;
#else
int wnaf[1 + WNAF_SIZE(WINDOW_A - 1)];
#endif
int i;
secp256k1_scalar_t sc = *scalar;
secp256k1_scalar sc = *scalar;
/* build wnaf representation for q. */
#ifdef USE_ENDOMORPHISM
@ -223,11 +223,11 @@ static void secp256k1_ecmult_const(secp256k1_gej_t *r, const secp256k1_ge_t *a, @@ -223,11 +223,11 @@ static void secp256k1_ecmult_const(secp256k1_gej_t *r, const secp256k1_ge_t *a,
#ifdef USE_ENDOMORPHISM
{
/* Correct for wNAF skew */
secp256k1_ge_t correction = *a;
secp256k1_ge_storage_t correction_1_stor;
secp256k1_ge_storage_t correction_lam_stor;
secp256k1_ge_storage_t a2_stor;
secp256k1_gej_t tmpj;
secp256k1_ge correction = *a;
secp256k1_ge_storage correction_1_stor;
secp256k1_ge_storage correction_lam_stor;
secp256k1_ge_storage a2_stor;
secp256k1_gej tmpj;
secp256k1_gej_set_ge(&tmpj, &correction);
secp256k1_gej_double_var(&tmpj, &tmpj, NULL);
secp256k1_ge_set_gej(&correction, &tmpj);

24
src/ecmult_gen.h

@ -23,21 +23,21 @@ typedef struct { @@ -23,21 +23,21 @@ typedef struct {
* None of the resulting prec group elements have a known scalar, and neither do any of
* the intermediate sums while computing a*G.
*/
secp256k1_ge_storage_t (*prec)[64][16]; /* prec[j][i] = 16^j * i * G + U_i */
secp256k1_scalar_t blind;
secp256k1_gej_t initial;
} secp256k1_ecmult_gen_context_t;
secp256k1_ge_storage (*prec)[64][16]; /* prec[j][i] = 16^j * i * G + U_i */
secp256k1_scalar blind;
secp256k1_gej initial;
} secp256k1_ecmult_gen_context;
static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context_t* ctx);
static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t* ctx, const callback_t* cb);
static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context_t *dst,
const secp256k1_ecmult_gen_context_t* src, const callback_t* cb);
static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context_t* ctx);
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context_t* ctx);
static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context* ctx);
static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx, const secp256k1_callback* cb);
static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context *dst,
const secp256k1_ecmult_gen_context* src, const secp256k1_callback* cb);
static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx);
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx);
/** Multiply with the generator: R = a*G */
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context_t* ctx, secp256k1_gej_t *r, const secp256k1_scalar_t *a);
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a);
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context_t *ctx, const unsigned char *seed32);
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32);
#endif

50
src/ecmult_gen_impl.h

@ -14,15 +14,15 @@ @@ -14,15 +14,15 @@
#ifdef USE_ECMULT_STATIC_PRECOMPUTATION
#include "ecmult_static_context.h"
#endif
static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context_t *ctx) {
static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context *ctx) {
ctx->prec = NULL;
}
static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *ctx, const callback_t* cb) {
static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx, const secp256k1_callback* cb) {
#ifndef USE_ECMULT_STATIC_PRECOMPUTATION
secp256k1_ge_t prec[1024];
secp256k1_gej_t gj;
secp256k1_gej_t nums_gej;
secp256k1_ge prec[1024];
secp256k1_gej gj;
secp256k1_gej nums_gej;
int i, j;
#endif
@ -30,7 +30,7 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c @@ -30,7 +30,7 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c
return;
}
#ifndef USE_ECMULT_STATIC_PRECOMPUTATION
ctx->prec = (secp256k1_ge_storage_t (*)[64][16])checked_malloc(cb, sizeof(*ctx->prec));
ctx->prec = (secp256k1_ge_storage (*)[64][16])checked_malloc(cb, sizeof(*ctx->prec));
/* get the generator */
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
@ -38,8 +38,8 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c @@ -38,8 +38,8 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c
/* Construct a group element with no known corresponding scalar (nothing up my sleeve). */
{
static const unsigned char nums_b32[33] = "The scalar for this x is unknown";
secp256k1_fe_t nums_x;
secp256k1_ge_t nums_ge;
secp256k1_fe nums_x;
secp256k1_ge nums_ge;
VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
secp256k1_gej_set_ge(&nums_gej, &nums_ge);
@ -49,9 +49,9 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c @@ -49,9 +49,9 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c
/* compute prec. */
{
secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */
secp256k1_gej_t gbase;
secp256k1_gej_t numsbase;
secp256k1_gej precj[1024]; /* Jacobian versions of prec. */
secp256k1_gej gbase;
secp256k1_gej numsbase;
gbase = gj; /* 16^j * G */
numsbase = nums_gej; /* 2^j * nums. */
for (j = 0; j < 64; j++) {
@ -81,22 +81,22 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c @@ -81,22 +81,22 @@ static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t *c
}
#else
(void)cb;
ctx->prec = (secp256k1_ge_storage_t (*)[64][16])secp256k1_ecmult_static_context;
ctx->prec = (secp256k1_ge_storage (*)[64][16])secp256k1_ecmult_static_context;
#endif
secp256k1_ecmult_gen_blind(ctx, NULL);
}
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context_t* ctx) {
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx) {
return ctx->prec != NULL;
}
static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context_t *dst,
const secp256k1_ecmult_gen_context_t *src, const callback_t* cb) {
static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context *dst,
const secp256k1_ecmult_gen_context *src, const secp256k1_callback* cb) {
if (src->prec == NULL) {
dst->prec = NULL;
} else {
#ifndef USE_ECMULT_STATIC_PRECOMPUTATION
dst->prec = (secp256k1_ge_storage_t (*)[64][16])checked_malloc(cb, sizeof(*dst->prec));
dst->prec = (secp256k1_ge_storage (*)[64][16])checked_malloc(cb, sizeof(*dst->prec));
memcpy(dst->prec, src->prec, sizeof(*dst->prec));
#else
(void)cb;
@ -107,7 +107,7 @@ static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context_t *d @@ -107,7 +107,7 @@ static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context_t *d
}
}
static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context_t *ctx) {
static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx) {
#ifndef USE_ECMULT_STATIC_PRECOMPUTATION
free(ctx->prec);
#endif
@ -116,10 +116,10 @@ static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context_t *c @@ -116,10 +116,10 @@ static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context_t *c
ctx->prec = NULL;
}
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
secp256k1_ge_t add;
secp256k1_ge_storage_t adds;
secp256k1_scalar_t gnb;
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) {
secp256k1_ge add;
secp256k1_ge_storage adds;
secp256k1_scalar gnb;
int bits;
int i, j;
memset(&adds, 0, sizeof(adds));
@ -151,10 +151,10 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context_t *ctx, secp @@ -151,10 +151,10 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context_t *ctx, secp
}
/* Setup blinding values for secp256k1_ecmult_gen. */
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context_t *ctx, const unsigned char *seed32) {
secp256k1_scalar_t b;
secp256k1_gej_t gb;
secp256k1_fe_t s;
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) {
secp256k1_scalar b;
secp256k1_gej gb;
secp256k1_fe s;
unsigned char nonce32[32];
secp256k1_rfc6979_hmac_sha256_t rng;
int retry;

62
src/ecmult_impl.h

@ -32,9 +32,9 @@ @@ -32,9 +32,9 @@
* contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z.
* Prej's Z values are undefined, except for the last value.
*/
static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej_t *prej, secp256k1_fe_t *zr, const secp256k1_gej_t *a) {
secp256k1_gej_t d;
secp256k1_ge_t a_ge, d_ge;
static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej *prej, secp256k1_fe *zr, const secp256k1_gej *a) {
secp256k1_gej d;
secp256k1_ge a_ge, d_ge;
int i;
VERIFY_CHECK(!a->infinity);
@ -82,9 +82,9 @@ static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej_t *prej, s @@ -82,9 +82,9 @@ static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej_t *prej, s
* and for G using the second (which requires an inverse, but it only needs to
* happen once).
*/
static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge_t *pre, secp256k1_fe_t *globalz, const secp256k1_gej_t *a) {
secp256k1_gej_t prej[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_fe_t zr[ECMULT_TABLE_SIZE(WINDOW_A)];
static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) {
secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)];
/* Compute the odd multiples in Jacobian form. */
secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a);
@ -92,10 +92,10 @@ static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge_t @@ -92,10 +92,10 @@ static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge_t
secp256k1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr);
}
static void secp256k1_ecmult_odd_multiples_table_storage_var(int n, secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, const callback_t *cb) {
secp256k1_gej_t *prej = (secp256k1_gej_t*)checked_malloc(cb, sizeof(secp256k1_gej_t) * n);
secp256k1_ge_t *prea = (secp256k1_ge_t*)checked_malloc(cb, sizeof(secp256k1_ge_t) * n);
secp256k1_fe_t *zr = (secp256k1_fe_t*)checked_malloc(cb, sizeof(secp256k1_fe_t) * n);
static void secp256k1_ecmult_odd_multiples_table_storage_var(int n, secp256k1_ge_storage *pre, const secp256k1_gej *a, const secp256k1_callback *cb) {
secp256k1_gej *prej = (secp256k1_gej*)checked_malloc(cb, sizeof(secp256k1_gej) * n);
secp256k1_ge *prea = (secp256k1_ge*)checked_malloc(cb, sizeof(secp256k1_ge) * n);
secp256k1_fe *zr = (secp256k1_fe*)checked_malloc(cb, sizeof(secp256k1_fe) * n);
int i;
/* Compute the odd multiples in Jacobian form. */
@ -137,15 +137,15 @@ static void secp256k1_ecmult_odd_multiples_table_storage_var(int n, secp256k1_ge @@ -137,15 +137,15 @@ static void secp256k1_ecmult_odd_multiples_table_storage_var(int n, secp256k1_ge
} \
} while(0)
static void secp256k1_ecmult_context_init(secp256k1_ecmult_context_t *ctx) {
static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx) {
ctx->pre_g = NULL;
#ifdef USE_ENDOMORPHISM
ctx->pre_g_128 = NULL;
#endif
}
static void secp256k1_ecmult_context_build(secp256k1_ecmult_context_t *ctx, const callback_t *cb) {
secp256k1_gej_t gj;
static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, const secp256k1_callback *cb) {
secp256k1_gej gj;
if (ctx->pre_g != NULL) {
return;
@ -154,17 +154,17 @@ static void secp256k1_ecmult_context_build(secp256k1_ecmult_context_t *ctx, cons @@ -154,17 +154,17 @@ static void secp256k1_ecmult_context_build(secp256k1_ecmult_context_t *ctx, cons
/* get the generator */
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
ctx->pre_g = (secp256k1_ge_storage_t (*)[])checked_malloc(cb, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G));
ctx->pre_g = (secp256k1_ge_storage (*)[])checked_malloc(cb, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G));
/* precompute the tables with odd multiples */
secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj, cb);
#ifdef USE_ENDOMORPHISM