You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

secp256k1_recovery.h 4.6KB

Squashed 'src/secp256k1/' changes from 22f60a6..2bfb82b 2bfb82b Merge pull request #351 06aeea5 Turn secp256k1_ec_pubkey_serialize outlen to in/out 970164d Merge pull request #348 6466625 Improvements for coordinate decompression e2100ad Merge pull request #347 8e48787 Change secp256k1_ec_pubkey_combine's count argument to size_t. c69dea0 Clear output in more cases for pubkey_combine, adds tests. 269d422 Comment copyediting. b4d17da Merge pull request #344 4709265 Merge pull request #345 26abce7 Adds 32 static test vectors for scalar mul, sqr, inv. 5b71a3f Better error case handling for pubkey_create & pubkey_serialize, more tests. 3b7bc69 Merge pull request #343 eed87af Change contrib/laxder from headers-only to files compilable as standalone C d7eb1ae Merge pull request #342 7914a6e Make lax_der_privatekey_parsing.h not depend on internal code 73f64ff Merge pull request #339 9234391 Overhaul flags handling 1a36898 Make flags more explicit, add runtime checks. 1a3e03a Merge pull request #340 96be204 Add additional tests for eckey and arg-checks. bb5aa4d Make the tweak function zeroize-output-on-fail behavior consistent. 4a243da Move secp256k1_ec_privkey_import/export to contrib. 1b3efc1 Move secp256k1_ecdsa_sig_recover into the recovery module. e3cd679 Eliminate all side-effects from VERIFY_CHECK() usage. b30fc85 Avoid nonce_function_rfc6979 algo16 argument emulation. 70d4640 Make secp256k1_ec_pubkey_create skip processing invalid secret keys. 6c476a8 Minor comment improvements. 131afe5 Merge pull request #334 0c6ab2f Introduce explicit lower-S normalization fea19e7 Add contrib/lax_der_parsing.h 3bb9c44 Rewrite ECDSA signature parsing code fa57f1b Use secp256k1_rand_int and secp256k1_rand_bits more 49b3749 Add new tests for the extra testrand functions f684d7d Faster secp256k1_rand_int implementation 251b1a6 Improve testrand: add extra random functions 31994c8 Merge pull request #338 f79aa88 Bugfix: swap arguments to noncefp c98df26 Merge pull request #319 67f7da4 Extensive interface and operations tests for secp256k1_ec_pubkey_parse. ee2cb40 Add ARG_CHECKs to secp256k1_ec_pubkey_parse/secp256k1_ec_pubkey_serialize 7450ef1 Merge pull request #328 68a3c76 Merge pull request #329 98135ee Merge pull request #332 37100d7 improve ECDH header-doc b13d749 Fix couple of typos in API comments 7c823e3 travis: fixup module configs cc3141a Merge pull request #325 ee58fae Merge pull request #326 213aa67 Do not force benchmarks to be statically linked. 338fc8b Add API exports to secp256k1_nonce_function_default and secp256k1_nonce_function_rfc6979. 52fd03f Merge pull request #320 9f6993f Remove some dead code. 357f8cd Merge pull request #314 118cd82 Use explicit symbol visibility. 4e64608 Include public module headers when compiling modules. 1f41437 Merge pull request #316 fe0d463 Merge pull request #317 cfe0ed9 Fix miscellaneous style nits that irritate overactive static analysis. 2b199de Use the explicit NULL macro for pointer comparisons. 9e90516 Merge pull request #294 dd891e0 Get rid of _t as it is POSIX reserved 201819b Merge pull request #313 912f203 Eliminate a few unbraced statements that crept into the code. eeab823 Merge pull request #299 486b9bb Use a flags bitfield for compressed option to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export 05732c5 Callback data: Accept pointers to either const or non-const data 1973c73 Bugfix: Reinitialise buffer lengths that have been used as outputs 788038d Use size_t for lengths (at least in external API) c9d7c2a secp256k1_context_set_{error,illegal}_callback: Restore default handler by passing NULL as function argument 9aac008 secp256k1_context_destroy: Allow NULL argument as a no-op 64b730b secp256k1_context_create: Use unsigned type for flags bitfield cb04ab5 Merge pull request #309 a551669 Merge pull request #295 81e45ff Update group_impl.h 85e3a2c Merge pull request #112 b2eb63b Merge pull request #293 dc0ce9f [API BREAK] Change argument order to out/outin/in 6d947ca Merge pull request #298 c822693 Merge pull request #301 6d04350 Merge pull request #303 7ab311c Merge pull request #304 5fb3229 Fixes a bug where bench_sign would fail due to passing in too small a buffer. 263dcbc remove unused assignment b183b41 bugfix: "ARG_CHECK(ctx != NULL)" makes no sense 6da1446 build: fix parallel build 5eb4356 Merge pull request #291 c996d53 Print success 9f443be Move pubkey recovery code to separate module d49abbd Separate ECDSA recovery tests 439d34a Separate recoverable and normal signatures a7b046e Merge pull request #289 f66907f Improve/reformat API documentation secp256k1.h 2f77487 Add context building benchmarks cc623d5 Merge pull request #287 de7e398 small typo fix 9d96e36 Merge pull request #280 432e1ce Merge pull request #283 14727fd Use correct name in gitignore 356b0e9 Actually test static precomputation in Travis ff3a5df Merge pull request #284 2587208 Merge pull request #212 a5a66c7 Add support for custom EC-Schnorr-SHA256 signatures d84a378 Merge pull request #252 72ae443 Improve perf. of cmov-based table lookup 92e53fc Implement endomorphism optimization for secp256k1_ecmult_const ed35d43 Make `secp256k1_scalar_add_bit` conditional; make `secp256k1_scalar_split_lambda_var` constant time 91c0ce9 Add benchmarks for ECDH and const-time multiplication 0739bbb Add ECDH module which works by hashing the output of ecmult_const 4401500 Add constant-time multiply `secp256k1_ecmult_const` for ECDH e4ce393 build: fix hard-coded usage of "gen_context" b8e39ac build: don't use BUILT_SOURCES for the static context header baa75da tests: add a couple tests ae4f0c6 Merge pull request #278 995c548 Introduce callback functions for dealing with errors. c333074 Merge pull request #282 18c329c Remove the internal secp256k1_ecdsa_sig_t type 74a2acd Add a secp256k1_ecdsa_signature_t type 23cfa91 Introduce secp256k1_pubkey_t type 4c63780 Merge pull request #269 3e6f1e2 Change rfc6979 implementation to be a generic PRNG ed5334a Update configure.ac to make it build on OpenBSD 1b68366 Merge pull request #274 a83bb48 Make ecmult static precomputation default 166b32f Merge pull request #276 c37812f Add gen_context src/ecmult_static_context.h to CLEANFILES to fix distclean. 125c15d Merge pull request #275 76f6769 Fix build with static ecmult altroot and make dist. 5133f78 Merge pull request #254 b0a60e6 Merge pull request #258 733c1e6 Add travis build to test the static context. fbecc38 Add ability to use a statically generated ecmult context. 4fb174d Merge pull request #263 4ab8990 Merge pull request #270 bdf0e0c Merge pull request #271 31d0c1f Merge pull request #273 eb2c8ff Add missing casts to SECP256K1_FE_CONST_INNER 55399c2 Further performance improvements to _ecmult_wnaf 99fd963 Add secp256k1_ec_pubkey_compress(), with test similar to the related decompress() function. 145cc6e Improve performance of _ecmult_wnaf 36b305a Verify the result of GMP modular inverse using non-GMP code 0cbc860 Merge pull request #266 06ff7fe Merge pull request #267 5a43124 Save 1 _fe_negate since s1 == -s2 a5d796e Update code comments 3f3964e Add specific VERIFY tests for _fe_cmov 7d054cd Refactor to save a _fe_negate b28d02a Refactor to remove a local var 55e7fc3 Perf. improvement in _gej_add_ge a0601cd Fix VERIFY calculations in _fe_cmov methods 17f7148 Merge pull request #261 7657420 Add tests for adding P+Q with P.x!=Q.x and P.y=-Q.y 8c5d5f7 tests: Add failing unit test for #257 (bad addition formula) 5de4c5d gej_add_ge: fix degenerate case when computing P + (-lambda)P bcf2fcf gej_add_ge: rearrange algebra e2a07c7 Fix compilation with C++ 873a453 Merge pull request #250 91eb0da Merge pull request #247 210ffed Use separate in and out pointers in `secp256k1_ec_pubkey_decompress` a1d5ae1 Tiny optimization 729badf Merge pull request #210 2d5a186 Apply effective-affine trick to precomp 4f9791a Effective affine addition in EC multiplication 2b4cf41 Use pkg-config always when possible, with failover to manual checks for libcrypto git-subtree-dir: src/secp256k1 git-subtree-split: 2bfb82b10edf0f0b0e366a12f94c8b21a914159d
6 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
  1. #ifndef _SECP256K1_RECOVERY_
  2. # define _SECP256K1_RECOVERY_
  3. # include "secp256k1.h"
  4. # ifdef __cplusplus
  5. extern "C" {
  6. # endif
  7. /** Opaque data structured that holds a parsed ECDSA signature,
  8. * supporting pubkey recovery.
  9. *
  10. * The exact representation of data inside is implementation defined and not
  11. * guaranteed to be portable between different platforms or versions. It is
  12. * however guaranteed to be 65 bytes in size, and can be safely copied/moved.
  13. * If you need to convert to a format suitable for storage or transmission, use
  14. * the secp256k1_ecdsa_signature_serialize_* and
  15. * secp256k1_ecdsa_signature_parse_* functions.
  16. *
  17. * Furthermore, it is guaranteed that identical signatures (including their
  18. * recoverability) will have identical representation, so they can be
  19. * memcmp'ed.
  20. */
  21. typedef struct {
  22. unsigned char data[65];
  23. } secp256k1_ecdsa_recoverable_signature;
  24. /** Parse a compact ECDSA signature (64 bytes + recovery id).
  25. *
  26. * Returns: 1 when the signature could be parsed, 0 otherwise
  27. * Args: ctx: a secp256k1 context object
  28. * Out: sig: a pointer to a signature object
  29. * In: input64: a pointer to a 64-byte compact signature
  30. * recid: the recovery id (0, 1, 2 or 3)
  31. */
  32. SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(
  33. const secp256k1_context* ctx,
  34. secp256k1_ecdsa_recoverable_signature* sig,
  35. const unsigned char *input64,
  36. int recid
  37. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
  38. /** Convert a recoverable signature into a normal signature.
  39. *
  40. * Returns: 1
  41. * Out: sig: a pointer to a normal signature (cannot be NULL).
  42. * In: sigin: a pointer to a recoverable signature (cannot be NULL).
  43. */
  44. SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(
  45. const secp256k1_context* ctx,
  46. secp256k1_ecdsa_signature* sig,
  47. const secp256k1_ecdsa_recoverable_signature* sigin
  48. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
  49. /** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
  50. *
  51. * Returns: 1
  52. * Args: ctx: a secp256k1 context object
  53. * Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL)
  54. * recid: a pointer to an integer to hold the recovery id (can be NULL).
  55. * In: sig: a pointer to an initialized signature object (cannot be NULL)
  56. */
  57. SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(
  58. const secp256k1_context* ctx,
  59. unsigned char *output64,
  60. int *recid,
  61. const secp256k1_ecdsa_recoverable_signature* sig
  62. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
  63. /** Create a recoverable ECDSA signature.
  64. *
  65. * Returns: 1: signature created
  66. * 0: the nonce generation function failed, or the private key was invalid.
  67. * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
  68. * Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
  69. * In: msg32: the 32-byte message hash being signed (cannot be NULL)
  70. * seckey: pointer to a 32-byte secret key (cannot be NULL)
  71. * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
  72. * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
  73. */
  74. SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
  75. const secp256k1_context* ctx,
  76. secp256k1_ecdsa_recoverable_signature *sig,
  77. const unsigned char *msg32,
  78. const unsigned char *seckey,
  79. secp256k1_nonce_function noncefp,
  80. const void *ndata
  81. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
  82. /** Recover an ECDSA public key from a signature.
  83. *
  84. * Returns: 1: public key successfully recovered (which guarantees a correct signature).
  85. * 0: otherwise.
  86. * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL)
  87. * Out: pubkey: pointer to the recovered public key (cannot be NULL)
  88. * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL)
  89. * msg32: the 32-byte message hash assumed to be signed (cannot be NULL)
  90. */
  91. SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
  92. const secp256k1_context* ctx,
  93. secp256k1_pubkey *pubkey,
  94. const secp256k1_ecdsa_recoverable_signature *sig,
  95. const unsigned char *msg32
  96. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
  97. # ifdef __cplusplus
  98. }
  99. # endif
  100. #endif