Update secp256k1 subtree to latest master
This also switches to upstream's copyright headers now that they have switched to HTTPS URLs.
This commit is contained in:
commit
4cd86f7482
|
@ -31,6 +31,7 @@ env:
|
||||||
- BUILD=distcheck WITH_VALGRIND=no CTIMETEST=no BENCH=no
|
- BUILD=distcheck WITH_VALGRIND=no CTIMETEST=no BENCH=no
|
||||||
- CPPFLAGS=-DDETERMINISTIC
|
- CPPFLAGS=-DDETERMINISTIC
|
||||||
- CFLAGS=-O0 CTIMETEST=no
|
- CFLAGS=-O0 CTIMETEST=no
|
||||||
|
- CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" BIGNUM=no ASM=x86_64 ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes CTIMETEST=no
|
||||||
- ECMULTGENPRECISION=2
|
- ECMULTGENPRECISION=2
|
||||||
- ECMULTGENPRECISION=8
|
- ECMULTGENPRECISION=8
|
||||||
- RUN_VALGRIND=yes BIGNUM=no ASM=x86_64 ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes EXTRAFLAGS="--disable-openssl-tests" BUILD=
|
- RUN_VALGRIND=yes BIGNUM=no ASM=x86_64 ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes EXTRAFLAGS="--disable-openssl-tests" BUILD=
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html
|
# https://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html
|
||||||
# ===========================================================================
|
# ===========================================================================
|
||||||
#
|
#
|
||||||
# SYNOPSIS
|
# SYNOPSIS
|
||||||
|
|
|
@ -87,3 +87,11 @@ if test x"$has_gmp" != x"yes"; then
|
||||||
LIBS="$LIBS_TEMP"
|
LIBS="$LIBS_TEMP"
|
||||||
fi
|
fi
|
||||||
])
|
])
|
||||||
|
|
||||||
|
AC_DEFUN([SECP_VALGRIND_CHECK],[
|
||||||
|
if test x"$has_valgrind" != x"yes"; then
|
||||||
|
CPPFLAGS_TEMP="$CPPFLAGS"
|
||||||
|
CPPFLAGS="$VALGRIND_CPPFLAGS $CPPFLAGS"
|
||||||
|
AC_CHECK_HEADER([valgrind/memcheck.h], [has_valgrind=yes; AC_DEFINE(HAVE_VALGRIND,1,[Define this symbol if valgrind is installed])])
|
||||||
|
fi
|
||||||
|
])
|
||||||
|
|
|
@ -14,7 +14,7 @@ AM_INIT_AUTOMAKE([foreign subdir-objects])
|
||||||
: ${CFLAGS="-g"}
|
: ${CFLAGS="-g"}
|
||||||
LT_INIT
|
LT_INIT
|
||||||
|
|
||||||
dnl make the compilation flags quiet unless V=1 is used
|
# Make the compilation flags quiet unless V=1 is used.
|
||||||
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
||||||
|
|
||||||
PKG_PROG_PKG_CONFIG
|
PKG_PROG_PKG_CONFIG
|
||||||
|
@ -22,7 +22,6 @@ PKG_PROG_PKG_CONFIG
|
||||||
AC_PATH_TOOL(AR, ar)
|
AC_PATH_TOOL(AR, ar)
|
||||||
AC_PATH_TOOL(RANLIB, ranlib)
|
AC_PATH_TOOL(RANLIB, ranlib)
|
||||||
AC_PATH_TOOL(STRIP, strip)
|
AC_PATH_TOOL(STRIP, strip)
|
||||||
AX_PROG_CC_FOR_BUILD
|
|
||||||
|
|
||||||
AM_PROG_CC_C_O
|
AM_PROG_CC_C_O
|
||||||
|
|
||||||
|
@ -37,12 +36,12 @@ case $host_os in
|
||||||
if test x$cross_compiling != xyes; then
|
if test x$cross_compiling != xyes; then
|
||||||
AC_PATH_PROG([BREW],brew,)
|
AC_PATH_PROG([BREW],brew,)
|
||||||
if test x$BREW != x; then
|
if test x$BREW != x; then
|
||||||
dnl These Homebrew packages may be keg-only, meaning that they won't be found
|
# These Homebrew packages may be keg-only, meaning that they won't be found
|
||||||
dnl in expected paths because they may conflict with system files. Ask
|
# in expected paths because they may conflict with system files. Ask
|
||||||
dnl Homebrew where each one is located, then adjust paths accordingly.
|
# Homebrew where each one is located, then adjust paths accordingly.
|
||||||
|
|
||||||
openssl_prefix=`$BREW --prefix openssl 2>/dev/null`
|
openssl_prefix=`$BREW --prefix openssl 2>/dev/null`
|
||||||
gmp_prefix=`$BREW --prefix gmp 2>/dev/null`
|
gmp_prefix=`$BREW --prefix gmp 2>/dev/null`
|
||||||
|
valgrind_prefix=`$BREW --prefix valgrind 2>/dev/null`
|
||||||
if test x$openssl_prefix != x; then
|
if test x$openssl_prefix != x; then
|
||||||
PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH"
|
PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH"
|
||||||
export PKG_CONFIG_PATH
|
export PKG_CONFIG_PATH
|
||||||
|
@ -52,10 +51,13 @@ case $host_os in
|
||||||
GMP_CPPFLAGS="-I$gmp_prefix/include"
|
GMP_CPPFLAGS="-I$gmp_prefix/include"
|
||||||
GMP_LIBS="-L$gmp_prefix/lib"
|
GMP_LIBS="-L$gmp_prefix/lib"
|
||||||
fi
|
fi
|
||||||
|
if test x$valgrind_prefix != x; then
|
||||||
|
VALGRIND_CPPFLAGS="-I$valgrind_prefix/include"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
AC_PATH_PROG([PORT],port,)
|
AC_PATH_PROG([PORT],port,)
|
||||||
dnl if homebrew isn't installed and macports is, add the macports default paths
|
# If homebrew isn't installed and macports is, add the macports default paths
|
||||||
dnl as a last resort.
|
# as a last resort.
|
||||||
if test x$PORT != x; then
|
if test x$PORT != x; then
|
||||||
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
|
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
|
||||||
LDFLAGS="$LDFLAGS -L/opt/local/lib"
|
LDFLAGS="$LDFLAGS -L/opt/local/lib"
|
||||||
|
@ -86,6 +88,10 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
||||||
CFLAGS="$saved_CFLAGS"
|
CFLAGS="$saved_CFLAGS"
|
||||||
])
|
])
|
||||||
|
|
||||||
|
###
|
||||||
|
### Define config arguments
|
||||||
|
###
|
||||||
|
|
||||||
AC_ARG_ENABLE(benchmark,
|
AC_ARG_ENABLE(benchmark,
|
||||||
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]),
|
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]),
|
||||||
[use_benchmark=$enableval],
|
[use_benchmark=$enableval],
|
||||||
|
@ -146,8 +152,8 @@ AC_ARG_ENABLE(external_default_callbacks,
|
||||||
[use_external_default_callbacks=$enableval],
|
[use_external_default_callbacks=$enableval],
|
||||||
[use_external_default_callbacks=no])
|
[use_external_default_callbacks=no])
|
||||||
|
|
||||||
dnl Test-only override of the (autodetected by the C code) "widemul" setting.
|
# Test-only override of the (autodetected by the C code) "widemul" setting.
|
||||||
dnl Legal values are int64 (for [u]int64_t), int128 (for [unsigned] __int128), and auto (the default).
|
# Legal values are int64 (for [u]int64_t), int128 (for [unsigned] __int128), and auto (the default).
|
||||||
AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_widemul=auto])
|
AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_widemul=auto])
|
||||||
|
|
||||||
AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto],
|
AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto],
|
||||||
|
@ -177,15 +183,22 @@ AC_ARG_WITH([valgrind], [AS_HELP_STRING([--with-valgrind=yes|no|auto],
|
||||||
)],
|
)],
|
||||||
[req_valgrind=$withval], [req_valgrind=auto])
|
[req_valgrind=$withval], [req_valgrind=auto])
|
||||||
|
|
||||||
|
###
|
||||||
|
### Handle config options (except for modules)
|
||||||
|
###
|
||||||
|
|
||||||
if test x"$req_valgrind" = x"no"; then
|
if test x"$req_valgrind" = x"no"; then
|
||||||
enable_valgrind=no
|
enable_valgrind=no
|
||||||
else
|
else
|
||||||
AC_CHECK_HEADER([valgrind/memcheck.h], [enable_valgrind=yes], [
|
SECP_VALGRIND_CHECK
|
||||||
|
if test x"$has_valgrind" != x"yes"; then
|
||||||
if test x"$req_valgrind" = x"yes"; then
|
if test x"$req_valgrind" = x"yes"; then
|
||||||
AC_MSG_ERROR([Valgrind support explicitly requested but valgrind/memcheck.h header not available])
|
AC_MSG_ERROR([Valgrind support explicitly requested but valgrind/memcheck.h header not available])
|
||||||
fi
|
fi
|
||||||
enable_valgrind=no
|
enable_valgrind=no
|
||||||
], [])
|
else
|
||||||
|
enable_valgrind=yes
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"])
|
AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"])
|
||||||
|
|
||||||
|
@ -197,61 +210,6 @@ else
|
||||||
CFLAGS="-O2 $CFLAGS"
|
CFLAGS="-O2 $CFLAGS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test x"$use_ecmult_static_precomputation" != x"no"; then
|
|
||||||
# Temporarily switch to an environment for the native compiler
|
|
||||||
save_cross_compiling=$cross_compiling
|
|
||||||
cross_compiling=no
|
|
||||||
SAVE_CC="$CC"
|
|
||||||
CC="$CC_FOR_BUILD"
|
|
||||||
SAVE_CFLAGS="$CFLAGS"
|
|
||||||
CFLAGS="$CFLAGS_FOR_BUILD"
|
|
||||||
SAVE_CPPFLAGS="$CPPFLAGS"
|
|
||||||
CPPFLAGS="$CPPFLAGS_FOR_BUILD"
|
|
||||||
SAVE_LDFLAGS="$LDFLAGS"
|
|
||||||
LDFLAGS="$LDFLAGS_FOR_BUILD"
|
|
||||||
|
|
||||||
warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function"
|
|
||||||
saved_CFLAGS="$CFLAGS"
|
|
||||||
CFLAGS="$warn_CFLAGS_FOR_BUILD $CFLAGS"
|
|
||||||
AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}])
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
|
||||||
[ AC_MSG_RESULT([yes]) ],
|
|
||||||
[ AC_MSG_RESULT([no])
|
|
||||||
CFLAGS="$saved_CFLAGS"
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}])
|
|
||||||
AC_RUN_IFELSE(
|
|
||||||
[AC_LANG_PROGRAM([], [])],
|
|
||||||
[working_native_cc=yes],
|
|
||||||
[working_native_cc=no],[:])
|
|
||||||
|
|
||||||
CFLAGS_FOR_BUILD="$CFLAGS"
|
|
||||||
|
|
||||||
# Restore the environment
|
|
||||||
cross_compiling=$save_cross_compiling
|
|
||||||
CC="$SAVE_CC"
|
|
||||||
CFLAGS="$SAVE_CFLAGS"
|
|
||||||
CPPFLAGS="$SAVE_CPPFLAGS"
|
|
||||||
LDFLAGS="$SAVE_LDFLAGS"
|
|
||||||
|
|
||||||
if test x"$working_native_cc" = x"no"; then
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
set_precomp=no
|
|
||||||
m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.])
|
|
||||||
if test x"$use_ecmult_static_precomputation" = x"yes"; then
|
|
||||||
AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
|
|
||||||
else
|
|
||||||
AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
set_precomp=yes
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
set_precomp=no
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x"$req_asm" = x"auto"; then
|
if test x"$req_asm" = x"auto"; then
|
||||||
SECP_64BIT_ASM_CHECK
|
SECP_64BIT_ASM_CHECK
|
||||||
if test x"$has_64bit_asm" = x"yes"; then
|
if test x"$has_64bit_asm" = x"yes"; then
|
||||||
|
@ -305,7 +263,7 @@ else
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# select assembly optimization
|
# Select assembly optimization
|
||||||
use_external_asm=no
|
use_external_asm=no
|
||||||
|
|
||||||
case $set_asm in
|
case $set_asm in
|
||||||
|
@ -322,7 +280,12 @@ no)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# select wide multiplication implementation
|
if test x"$use_external_asm" = x"yes"; then
|
||||||
|
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Select wide multiplication implementation
|
||||||
case $set_widemul in
|
case $set_widemul in
|
||||||
int128)
|
int128)
|
||||||
AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation])
|
AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation])
|
||||||
|
@ -337,7 +300,7 @@ auto)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# select bignum implementation
|
# Select bignum implementation
|
||||||
case $set_bignum in
|
case $set_bignum in
|
||||||
gmp)
|
gmp)
|
||||||
AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed])
|
AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed])
|
||||||
|
@ -355,7 +318,7 @@ no)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
#set ecmult window size
|
# Set ecmult window size
|
||||||
if test x"$req_ecmult_window" = x"auto"; then
|
if test x"$req_ecmult_window" = x"auto"; then
|
||||||
set_ecmult_window=15
|
set_ecmult_window=15
|
||||||
else
|
else
|
||||||
|
@ -377,7 +340,7 @@ case $set_ecmult_window in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
#set ecmult gen precision
|
# Set ecmult gen precision
|
||||||
if test x"$req_ecmult_gen_precision" = x"auto"; then
|
if test x"$req_ecmult_gen_precision" = x"auto"; then
|
||||||
set_ecmult_gen_precision=4
|
set_ecmult_gen_precision=4
|
||||||
else
|
else
|
||||||
|
@ -424,10 +387,93 @@ if test x"$set_bignum" = x"gmp"; then
|
||||||
SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS"
|
SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test x"$enable_valgrind" = x"yes"; then
|
||||||
|
SECP_INCLUDES="$SECP_INCLUDES $VALGRIND_CPPFLAGS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Handle static precomputation (after everything which modifies CFLAGS and friends)
|
||||||
|
if test x"$use_ecmult_static_precomputation" != x"no"; then
|
||||||
|
if test x"$cross_compiling" = x"no"; then
|
||||||
|
set_precomp=yes
|
||||||
|
if test x"${CC_FOR_BUILD+x}${CFLAGS_FOR_BUILD+x}${CPPFLAGS_FOR_BUILD+x}${LDFLAGS_FOR_BUILD+x}" != x; then
|
||||||
|
AC_MSG_WARN([CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD is set but ignored because we are not cross-compiling.])
|
||||||
|
fi
|
||||||
|
# If we're not cross-compiling, simply use the same compiler for building the static precompation code.
|
||||||
|
CC_FOR_BUILD="$CC"
|
||||||
|
CFLAGS_FOR_BUILD="$CFLAGS"
|
||||||
|
CPPFLAGS_FOR_BUILD="$CPPFLAGS"
|
||||||
|
LDFLAGS_FOR_BUILD="$LDFLAGS"
|
||||||
|
else
|
||||||
|
AX_PROG_CC_FOR_BUILD
|
||||||
|
|
||||||
|
# Temporarily switch to an environment for the native compiler
|
||||||
|
save_cross_compiling=$cross_compiling
|
||||||
|
cross_compiling=no
|
||||||
|
SAVE_CC="$CC"
|
||||||
|
CC="$CC_FOR_BUILD"
|
||||||
|
SAVE_CFLAGS="$CFLAGS"
|
||||||
|
CFLAGS="$CFLAGS_FOR_BUILD"
|
||||||
|
SAVE_CPPFLAGS="$CPPFLAGS"
|
||||||
|
CPPFLAGS="$CPPFLAGS_FOR_BUILD"
|
||||||
|
SAVE_LDFLAGS="$LDFLAGS"
|
||||||
|
LDFLAGS="$LDFLAGS_FOR_BUILD"
|
||||||
|
|
||||||
|
warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function"
|
||||||
|
saved_CFLAGS="$CFLAGS"
|
||||||
|
CFLAGS="$warn_CFLAGS_FOR_BUILD $CFLAGS"
|
||||||
|
AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}])
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
||||||
|
[ AC_MSG_RESULT([yes]) ],
|
||||||
|
[ AC_MSG_RESULT([no])
|
||||||
|
CFLAGS="$saved_CFLAGS"
|
||||||
|
])
|
||||||
|
|
||||||
|
AC_MSG_CHECKING([for working native compiler: ${CC_FOR_BUILD}])
|
||||||
|
AC_RUN_IFELSE(
|
||||||
|
[AC_LANG_PROGRAM([], [])],
|
||||||
|
[working_native_cc=yes],
|
||||||
|
[working_native_cc=no],[:])
|
||||||
|
|
||||||
|
CFLAGS_FOR_BUILD="$CFLAGS"
|
||||||
|
|
||||||
|
# Restore the environment
|
||||||
|
cross_compiling=$save_cross_compiling
|
||||||
|
CC="$SAVE_CC"
|
||||||
|
CFLAGS="$SAVE_CFLAGS"
|
||||||
|
CPPFLAGS="$SAVE_CPPFLAGS"
|
||||||
|
LDFLAGS="$SAVE_LDFLAGS"
|
||||||
|
|
||||||
|
if test x"$working_native_cc" = x"no"; then
|
||||||
|
AC_MSG_RESULT([no])
|
||||||
|
set_precomp=no
|
||||||
|
m4_define([please_set_for_build], [Please set CC_FOR_BUILD, CFLAGS_FOR_BUILD, CPPFLAGS_FOR_BUILD, and/or LDFLAGS_FOR_BUILD.])
|
||||||
|
if test x"$use_ecmult_static_precomputation" = x"yes"; then
|
||||||
|
AC_MSG_ERROR([native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
|
||||||
|
else
|
||||||
|
AC_MSG_WARN([Disabling statically generated ecmult table because the native compiler ${CC_FOR_BUILD} does not produce working binaries. please_set_for_build])
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT([yes])
|
||||||
|
set_precomp=yes
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
AC_SUBST(CC_FOR_BUILD)
|
||||||
|
AC_SUBST(CFLAGS_FOR_BUILD)
|
||||||
|
AC_SUBST(CPPFLAGS_FOR_BUILD)
|
||||||
|
AC_SUBST(LDFLAGS_FOR_BUILD)
|
||||||
|
else
|
||||||
|
set_precomp=no
|
||||||
|
fi
|
||||||
|
|
||||||
if test x"$set_precomp" = x"yes"; then
|
if test x"$set_precomp" = x"yes"; then
|
||||||
AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table])
|
AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
###
|
||||||
|
### Handle module options
|
||||||
|
###
|
||||||
|
|
||||||
if test x"$enable_module_ecdh" = x"yes"; then
|
if test x"$enable_module_ecdh" = x"yes"; then
|
||||||
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
|
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
|
||||||
fi
|
fi
|
||||||
|
@ -447,14 +493,14 @@ if test x"$enable_module_extrakeys" = x"yes"; then
|
||||||
AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module])
|
AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test x"$use_external_asm" = x"yes"; then
|
|
||||||
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x"$use_external_default_callbacks" = x"yes"; then
|
if test x"$use_external_default_callbacks" = x"yes"; then
|
||||||
AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used])
|
AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
###
|
||||||
|
### Check for --enable-experimental if necessary
|
||||||
|
###
|
||||||
|
|
||||||
if test x"$enable_experimental" = x"yes"; then
|
if test x"$enable_experimental" = x"yes"; then
|
||||||
AC_MSG_NOTICE([******])
|
AC_MSG_NOTICE([******])
|
||||||
AC_MSG_NOTICE([WARNING: experimental build])
|
AC_MSG_NOTICE([WARNING: experimental build])
|
||||||
|
@ -474,6 +520,10 @@ else
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
###
|
||||||
|
### Generate output
|
||||||
|
###
|
||||||
|
|
||||||
AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
|
AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
|
||||||
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
|
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
|
||||||
AC_SUBST(SECP_INCLUDES)
|
AC_SUBST(SECP_INCLUDES)
|
||||||
|
@ -492,7 +542,7 @@ AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" =
|
||||||
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
|
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
|
||||||
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
|
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
|
||||||
|
|
||||||
dnl make sure nothing new is exported so that we don't break the cache
|
# Make sure nothing new is exported so that we don't break the cache.
|
||||||
PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"
|
PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"
|
||||||
unset PKG_CONFIG_PATH
|
unset PKG_CONFIG_PATH
|
||||||
PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP"
|
PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP"
|
||||||
|
@ -516,7 +566,7 @@ echo " asm = $set_asm"
|
||||||
echo " bignum = $set_bignum"
|
echo " bignum = $set_bignum"
|
||||||
echo " ecmult window size = $set_ecmult_window"
|
echo " ecmult window size = $set_ecmult_window"
|
||||||
echo " ecmult gen prec. bits = $set_ecmult_gen_precision"
|
echo " ecmult gen prec. bits = $set_ecmult_gen_precision"
|
||||||
dnl Hide test-only options unless they're used.
|
# Hide test-only options unless they're used.
|
||||||
if test x"$set_widemul" != xauto; then
|
if test x"$set_widemul" != xauto; then
|
||||||
echo " wide multiplication = $set_widemul"
|
echo " wide multiplication = $set_widemul"
|
||||||
fi
|
fi
|
||||||
|
@ -527,3 +577,9 @@ echo " CFLAGS = $CFLAGS"
|
||||||
echo " CPPFLAGS = $CPPFLAGS"
|
echo " CPPFLAGS = $CPPFLAGS"
|
||||||
echo " LDFLAGS = $LDFLAGS"
|
echo " LDFLAGS = $LDFLAGS"
|
||||||
echo
|
echo
|
||||||
|
if test x"$set_precomp" = x"yes"; then
|
||||||
|
echo " CC_FOR_BUILD = $CC_FOR_BUILD"
|
||||||
|
echo " CFLAGS_FOR_BUILD = $CFLAGS_FOR_BUILD"
|
||||||
|
echo " CPPFLAGS_FOR_BUILD = $CPPFLAGS_FOR_BUILD"
|
||||||
|
echo " LDFLAGS_FOR_BUILD = $LDFLAGS_FOR_BUILD"
|
||||||
|
fi
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Pieter Wuille *
|
* Copyright (c) 2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <secp256k1.h>
|
#include <secp256k1.h>
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Pieter Wuille *
|
* Copyright (c) 2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
/****
|
/****
|
||||||
* Please do not link this file directly. It is not part of the libsecp256k1
|
* Please do not link this file directly. It is not part of the libsecp256k1
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014, 2015 Pieter Wuille *
|
* Copyright (c) 2014, 2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <secp256k1.h>
|
#include <secp256k1.h>
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014, 2015 Pieter Wuille *
|
* Copyright (c) 2014, 2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
/****
|
/****
|
||||||
* Please do not link this file directly. It is not part of the libsecp256k1
|
* Please do not link this file directly. It is not part of the libsecp256k1
|
||||||
|
|
|
@ -28,7 +28,7 @@ fi
|
||||||
if [ "$RUN_VALGRIND" = "yes" ]
|
if [ "$RUN_VALGRIND" = "yes" ]
|
||||||
then
|
then
|
||||||
make -j2
|
make -j2
|
||||||
# the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (http://valgrind.org/docs/manual/manual-core.html)
|
# the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (https://www.valgrind.org/docs/manual/manual-core.html)
|
||||||
valgrind --error-exitcode=42 ./tests 16
|
valgrind --error-exitcode=42 ./tests 16
|
||||||
valgrind --error-exitcode=42 ./exhaustive_tests
|
valgrind --error-exitcode=42 ./exhaustive_tests
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -11,7 +11,7 @@ extern "C" {
|
||||||
*
|
*
|
||||||
* 1. Context pointers go first, followed by output arguments, combined
|
* 1. Context pointers go first, followed by output arguments, combined
|
||||||
* output/input arguments, and finally input-only arguments.
|
* output/input arguments, and finally input-only arguments.
|
||||||
* 2. Array lengths always immediately the follow the argument whose length
|
* 2. Array lengths always immediately follow the argument whose length
|
||||||
* they describe, even if this violates rule 1.
|
* they describe, even if this violates rule 1.
|
||||||
* 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
|
* 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
|
||||||
* later go first. This means: signatures, public nonces, secret nonces,
|
* later go first. This means: signatures, public nonces, secret nonces,
|
||||||
|
@ -452,7 +452,14 @@ SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(
|
||||||
* 0: incorrect or unparseable signature
|
* 0: incorrect or unparseable signature
|
||||||
* Args: ctx: a secp256k1 context object, initialized for verification.
|
* Args: ctx: a secp256k1 context object, initialized for verification.
|
||||||
* In: sig: the signature being verified (cannot be NULL)
|
* In: sig: the signature being verified (cannot be NULL)
|
||||||
* msg32: the 32-byte message hash being verified (cannot be NULL)
|
* msghash32: the 32-byte message hash being verified (cannot be NULL).
|
||||||
|
* The verifier must make sure to apply a cryptographic
|
||||||
|
* hash function to the message by itself and not accept an
|
||||||
|
* msghash32 value directly. Otherwise, it would be easy to
|
||||||
|
* create a "valid" signature without knowledge of the
|
||||||
|
* secret key. See also
|
||||||
|
* https://bitcoin.stackexchange.com/a/81116/35586 for more
|
||||||
|
* background on this topic.
|
||||||
* pubkey: pointer to an initialized public key to verify with (cannot be NULL)
|
* pubkey: pointer to an initialized public key to verify with (cannot be NULL)
|
||||||
*
|
*
|
||||||
* To avoid accepting malleable signatures, only ECDSA signatures in lower-S
|
* To avoid accepting malleable signatures, only ECDSA signatures in lower-S
|
||||||
|
@ -467,7 +474,7 @@ SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
const secp256k1_ecdsa_signature *sig,
|
const secp256k1_ecdsa_signature *sig,
|
||||||
const unsigned char *msg32,
|
const unsigned char *msghash32,
|
||||||
const secp256k1_pubkey *pubkey
|
const secp256k1_pubkey *pubkey
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
||||||
|
|
||||||
|
@ -532,12 +539,12 @@ SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_def
|
||||||
*
|
*
|
||||||
* Returns: 1: signature created
|
* Returns: 1: signature created
|
||||||
* 0: the nonce generation function failed, or the secret key was invalid.
|
* 0: the nonce generation function failed, or the secret key was invalid.
|
||||||
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
|
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
|
||||||
* Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
|
* Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
|
||||||
* In: msg32: the 32-byte message hash being signed (cannot be NULL)
|
* In: msghash32: the 32-byte message hash being signed (cannot be NULL)
|
||||||
* seckey: pointer to a 32-byte secret key (cannot be NULL)
|
* seckey: pointer to a 32-byte secret key (cannot be NULL)
|
||||||
* noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
|
* noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
|
||||||
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
|
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
|
||||||
*
|
*
|
||||||
* The created signature is always in lower-S form. See
|
* The created signature is always in lower-S form. See
|
||||||
* secp256k1_ecdsa_signature_normalize for more details.
|
* secp256k1_ecdsa_signature_normalize for more details.
|
||||||
|
@ -545,7 +552,7 @@ SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_def
|
||||||
SECP256K1_API int secp256k1_ecdsa_sign(
|
SECP256K1_API int secp256k1_ecdsa_sign(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
secp256k1_ecdsa_signature *sig,
|
secp256k1_ecdsa_signature *sig,
|
||||||
const unsigned char *msg32,
|
const unsigned char *msghash32,
|
||||||
const unsigned char *seckey,
|
const unsigned char *seckey,
|
||||||
secp256k1_nonce_function noncefp,
|
secp256k1_nonce_function noncefp,
|
||||||
const void *ndata
|
const void *ndata
|
||||||
|
@ -626,7 +633,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(
|
||||||
* invalid according to secp256k1_ec_seckey_verify, this
|
* invalid according to secp256k1_ec_seckey_verify, this
|
||||||
* function returns 0. seckey will be set to some unspecified
|
* function returns 0. seckey will be set to some unspecified
|
||||||
* value if this function returns 0. (cannot be NULL)
|
* value if this function returns 0. (cannot be NULL)
|
||||||
* In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
|
||||||
* secp256k1_ec_seckey_verify, this function returns 0. For
|
* secp256k1_ec_seckey_verify, this function returns 0. For
|
||||||
* uniformly random 32-byte arrays the chance of being invalid
|
* uniformly random 32-byte arrays the chance of being invalid
|
||||||
* is negligible (around 1 in 2^128) (cannot be NULL).
|
* is negligible (around 1 in 2^128) (cannot be NULL).
|
||||||
|
@ -634,7 +641,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
unsigned char *seckey,
|
unsigned char *seckey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in
|
/** Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in
|
||||||
|
@ -642,7 +649,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
unsigned char *seckey,
|
unsigned char *seckey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Tweak a public key by adding tweak times the generator to it.
|
/** Tweak a public key by adding tweak times the generator to it.
|
||||||
|
@ -654,7 +661,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
|
||||||
* (cannot be NULL).
|
* (cannot be NULL).
|
||||||
* In/Out: pubkey: pointer to a public key object. pubkey will be set to an
|
* In/Out: pubkey: pointer to a public key object. pubkey will be set to an
|
||||||
* invalid value if this function returns 0 (cannot be NULL).
|
* invalid value if this function returns 0 (cannot be NULL).
|
||||||
* In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
|
||||||
* secp256k1_ec_seckey_verify, this function returns 0. For
|
* secp256k1_ec_seckey_verify, this function returns 0. For
|
||||||
* uniformly random 32-byte arrays the chance of being invalid
|
* uniformly random 32-byte arrays the chance of being invalid
|
||||||
* is negligible (around 1 in 2^128) (cannot be NULL).
|
* is negligible (around 1 in 2^128) (cannot be NULL).
|
||||||
|
@ -662,7 +669,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
secp256k1_pubkey *pubkey,
|
secp256k1_pubkey *pubkey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Tweak a secret key by multiplying it by a tweak.
|
/** Tweak a secret key by multiplying it by a tweak.
|
||||||
|
@ -673,7 +680,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
|
||||||
* invalid according to secp256k1_ec_seckey_verify, this
|
* invalid according to secp256k1_ec_seckey_verify, this
|
||||||
* function returns 0. seckey will be set to some unspecified
|
* function returns 0. seckey will be set to some unspecified
|
||||||
* value if this function returns 0. (cannot be NULL)
|
* value if this function returns 0. (cannot be NULL)
|
||||||
* In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
|
||||||
* secp256k1_ec_seckey_verify, this function returns 0. For
|
* secp256k1_ec_seckey_verify, this function returns 0. For
|
||||||
* uniformly random 32-byte arrays the chance of being invalid
|
* uniformly random 32-byte arrays the chance of being invalid
|
||||||
* is negligible (around 1 in 2^128) (cannot be NULL).
|
* is negligible (around 1 in 2^128) (cannot be NULL).
|
||||||
|
@ -681,7 +688,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
unsigned char *seckey,
|
unsigned char *seckey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in
|
/** Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in
|
||||||
|
@ -689,7 +696,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
unsigned char *seckey,
|
unsigned char *seckey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Tweak a public key by multiplying it by a tweak value.
|
/** Tweak a public key by multiplying it by a tweak value.
|
||||||
|
@ -699,7 +706,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
|
||||||
* (cannot be NULL).
|
* (cannot be NULL).
|
||||||
* In/Out: pubkey: pointer to a public key object. pubkey will be set to an
|
* In/Out: pubkey: pointer to a public key object. pubkey will be set to an
|
||||||
* invalid value if this function returns 0 (cannot be NULL).
|
* invalid value if this function returns 0 (cannot be NULL).
|
||||||
* In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to
|
* In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
|
||||||
* secp256k1_ec_seckey_verify, this function returns 0. For
|
* secp256k1_ec_seckey_verify, this function returns 0. For
|
||||||
* uniformly random 32-byte arrays the chance of being invalid
|
* uniformly random 32-byte arrays the chance of being invalid
|
||||||
* is negligible (around 1 in 2^128) (cannot be NULL).
|
* is negligible (around 1 in 2^128) (cannot be NULL).
|
||||||
|
@ -707,7 +714,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
secp256k1_pubkey *pubkey,
|
secp256k1_pubkey *pubkey,
|
||||||
const unsigned char *tweak
|
const unsigned char *tweak32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Updates the context randomization to protect against side-channel leakage.
|
/** Updates the context randomization to protect against side-channel leakage.
|
||||||
|
|
|
@ -165,6 +165,19 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(
|
||||||
const unsigned char *seckey
|
const unsigned char *seckey
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
|
/** Get the secret key from a keypair.
|
||||||
|
*
|
||||||
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
||||||
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
||||||
|
* Out: seckey: pointer to a 32-byte buffer for the secret key (cannot be NULL)
|
||||||
|
* In: keypair: pointer to a keypair (cannot be NULL)
|
||||||
|
*/
|
||||||
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(
|
||||||
|
const secp256k1_context* ctx,
|
||||||
|
unsigned char *seckey,
|
||||||
|
const secp256k1_keypair *keypair
|
||||||
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
||||||
|
|
||||||
/** Get the public key from a keypair.
|
/** Get the public key from a keypair.
|
||||||
*
|
*
|
||||||
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
* Returns: 0 if the arguments are invalid. 1 otherwise.
|
||||||
|
|
|
@ -71,17 +71,17 @@ SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(
|
||||||
*
|
*
|
||||||
* Returns: 1: signature created
|
* Returns: 1: signature created
|
||||||
* 0: the nonce generation function failed, or the secret key was invalid.
|
* 0: the nonce generation function failed, or the secret key was invalid.
|
||||||
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
|
* Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
|
||||||
* Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
|
* Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
|
||||||
* In: msg32: the 32-byte message hash being signed (cannot be NULL)
|
* In: msghash32: the 32-byte message hash being signed (cannot be NULL)
|
||||||
* seckey: pointer to a 32-byte secret key (cannot be NULL)
|
* seckey: pointer to a 32-byte secret key (cannot be NULL)
|
||||||
* noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
|
* noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
|
||||||
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
|
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
|
||||||
*/
|
*/
|
||||||
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
|
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
secp256k1_ecdsa_recoverable_signature *sig,
|
secp256k1_ecdsa_recoverable_signature *sig,
|
||||||
const unsigned char *msg32,
|
const unsigned char *msghash32,
|
||||||
const unsigned char *seckey,
|
const unsigned char *seckey,
|
||||||
secp256k1_nonce_function noncefp,
|
secp256k1_nonce_function noncefp,
|
||||||
const void *ndata
|
const void *ndata
|
||||||
|
@ -91,16 +91,16 @@ SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
|
||||||
*
|
*
|
||||||
* Returns: 1: public key successfully recovered (which guarantees a correct signature).
|
* Returns: 1: public key successfully recovered (which guarantees a correct signature).
|
||||||
* 0: otherwise.
|
* 0: otherwise.
|
||||||
* Args: ctx: pointer to a context object, initialized for verification (cannot be NULL)
|
* Args: ctx: pointer to a context object, initialized for verification (cannot be NULL)
|
||||||
* Out: pubkey: pointer to the recovered public key (cannot be NULL)
|
* Out: pubkey: pointer to the recovered public key (cannot be NULL)
|
||||||
* In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL)
|
* In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL)
|
||||||
* msg32: the 32-byte message hash assumed to be signed (cannot be NULL)
|
* msghash32: the 32-byte message hash assumed to be signed (cannot be NULL)
|
||||||
*/
|
*/
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
secp256k1_pubkey *pubkey,
|
secp256k1_pubkey *pubkey,
|
||||||
const secp256k1_ecdsa_recoverable_signature *sig,
|
const secp256k1_ecdsa_recoverable_signature *sig,
|
||||||
const unsigned char *msg32
|
const unsigned char *msghash32
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
# Define field size and field
|
load("secp256k1_params.sage")
|
||||||
P = 2^256 - 2^32 - 977
|
|
||||||
F = GF(P)
|
|
||||||
BETA = F(0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee)
|
|
||||||
|
|
||||||
assert(BETA != F(1) and BETA^3 == F(1))
|
|
||||||
|
|
||||||
orders_done = set()
|
orders_done = set()
|
||||||
results = {}
|
results = {}
|
||||||
|
|
|
@ -0,0 +1,114 @@
|
||||||
|
""" Generates the constants used in secp256k1_scalar_split_lambda.
|
||||||
|
|
||||||
|
See the comments for secp256k1_scalar_split_lambda in src/scalar_impl.h for detailed explanations.
|
||||||
|
"""
|
||||||
|
|
||||||
|
load("secp256k1_params.sage")
|
||||||
|
|
||||||
|
def inf_norm(v):
|
||||||
|
"""Returns the infinity norm of a vector."""
|
||||||
|
return max(map(abs, v))
|
||||||
|
|
||||||
|
def gauss_reduction(i1, i2):
|
||||||
|
v1, v2 = i1.copy(), i2.copy()
|
||||||
|
while True:
|
||||||
|
if inf_norm(v2) < inf_norm(v1):
|
||||||
|
v1, v2 = v2, v1
|
||||||
|
# This is essentially
|
||||||
|
# m = round((v1[0]*v2[0] + v1[1]*v2[1]) / (inf_norm(v1)**2))
|
||||||
|
# (rounding to the nearest integer) without relying on floating point arithmetic.
|
||||||
|
m = ((v1[0]*v2[0] + v1[1]*v2[1]) + (inf_norm(v1)**2) // 2) // (inf_norm(v1)**2)
|
||||||
|
if m == 0:
|
||||||
|
return v1, v2
|
||||||
|
v2[0] -= m*v1[0]
|
||||||
|
v2[1] -= m*v1[1]
|
||||||
|
|
||||||
|
def find_split_constants_gauss():
|
||||||
|
"""Find constants for secp256k1_scalar_split_lamdba using gauss reduction."""
|
||||||
|
(v11, v12), (v21, v22) = gauss_reduction([0, N], [1, int(LAMBDA)])
|
||||||
|
|
||||||
|
# We use related vectors in secp256k1_scalar_split_lambda.
|
||||||
|
A1, B1 = -v21, -v11
|
||||||
|
A2, B2 = v22, -v21
|
||||||
|
|
||||||
|
return A1, B1, A2, B2
|
||||||
|
|
||||||
|
def find_split_constants_explicit_tof():
|
||||||
|
"""Find constants for secp256k1_scalar_split_lamdba using the trace of Frobenius.
|
||||||
|
|
||||||
|
See Benjamin Smith: "Easy scalar decompositions for efficient scalar multiplication on
|
||||||
|
elliptic curves and genus 2 Jacobians" (https://eprint.iacr.org/2013/672), Example 2
|
||||||
|
"""
|
||||||
|
assert P % 3 == 1 # The paper says P % 3 == 2 but that appears to be a mistake, see [10].
|
||||||
|
assert C.j_invariant() == 0
|
||||||
|
|
||||||
|
t = C.trace_of_frobenius()
|
||||||
|
|
||||||
|
c = Integer(sqrt((4*P - t**2)/3))
|
||||||
|
A1 = Integer((t - c)/2 - 1)
|
||||||
|
B1 = c
|
||||||
|
|
||||||
|
A2 = Integer((t + c)/2 - 1)
|
||||||
|
B2 = Integer(1 - (t - c)/2)
|
||||||
|
|
||||||
|
# We use a negated b values in secp256k1_scalar_split_lambda.
|
||||||
|
B1, B2 = -B1, -B2
|
||||||
|
|
||||||
|
return A1, B1, A2, B2
|
||||||
|
|
||||||
|
A1, B1, A2, B2 = find_split_constants_explicit_tof()
|
||||||
|
|
||||||
|
# For extra fun, use an independent method to recompute the constants.
|
||||||
|
assert (A1, B1, A2, B2) == find_split_constants_gauss()
|
||||||
|
|
||||||
|
# PHI : Z[l] -> Z_n where phi(a + b*l) == a + b*lambda mod n.
|
||||||
|
def PHI(a,b):
|
||||||
|
return Z(a + LAMBDA*b)
|
||||||
|
|
||||||
|
# Check that (A1, B1) and (A2, B2) are in the kernel of PHI.
|
||||||
|
assert PHI(A1, B1) == Z(0)
|
||||||
|
assert PHI(A2, B2) == Z(0)
|
||||||
|
|
||||||
|
# Check that the parallelogram generated by (A1, A2) and (B1, B2)
|
||||||
|
# is a fundamental domain by containing exactly N points.
|
||||||
|
# Since the LHS is the determinant and N != 0, this also checks that
|
||||||
|
# (A1, A2) and (B1, B2) are linearly independent. By the previous
|
||||||
|
# assertions, (A1, A2) and (B1, B2) are a basis of the kernel.
|
||||||
|
assert A1*B2 - B1*A2 == N
|
||||||
|
|
||||||
|
# Check that their components are short enough.
|
||||||
|
assert (A1 + A2)/2 < sqrt(N)
|
||||||
|
assert B1 < sqrt(N)
|
||||||
|
assert B2 < sqrt(N)
|
||||||
|
|
||||||
|
G1 = round((2**384)*B2/N)
|
||||||
|
G2 = round((2**384)*(-B1)/N)
|
||||||
|
|
||||||
|
def rnddiv2(v):
|
||||||
|
if v & 1:
|
||||||
|
v += 1
|
||||||
|
return v >> 1
|
||||||
|
|
||||||
|
def scalar_lambda_split(k):
|
||||||
|
"""Equivalent to secp256k1_scalar_lambda_split()."""
|
||||||
|
c1 = rnddiv2((k * G1) >> 383)
|
||||||
|
c2 = rnddiv2((k * G2) >> 383)
|
||||||
|
c1 = (c1 * -B1) % N
|
||||||
|
c2 = (c2 * -B2) % N
|
||||||
|
r2 = (c1 + c2) % N
|
||||||
|
r1 = (k + r2 * -LAMBDA) % N
|
||||||
|
return (r1, r2)
|
||||||
|
|
||||||
|
# The result of scalar_lambda_split can depend on the representation of k (mod n).
|
||||||
|
SPECIAL = (2**383) // G2 + 1
|
||||||
|
assert scalar_lambda_split(SPECIAL) != scalar_lambda_split(SPECIAL + N)
|
||||||
|
|
||||||
|
print(' A1 =', hex(A1))
|
||||||
|
print(' -B1 =', hex(-B1))
|
||||||
|
print(' A2 =', hex(A2))
|
||||||
|
print(' -B2 =', hex(-B2))
|
||||||
|
print(' =', hex(Z(-B2)))
|
||||||
|
print(' -LAMBDA =', hex(-LAMBDA))
|
||||||
|
|
||||||
|
print(' G1 =', hex(G1))
|
||||||
|
print(' G2 =', hex(G2))
|
|
@ -42,7 +42,7 @@
|
||||||
# as we assume that all constraints in it are complementary with each other.
|
# as we assume that all constraints in it are complementary with each other.
|
||||||
#
|
#
|
||||||
# Based on the sage verification scripts used in the Explicit-Formulas Database
|
# Based on the sage verification scripts used in the Explicit-Formulas Database
|
||||||
# by Tanja Lange and others, see http://hyperelliptic.org/EFD
|
# by Tanja Lange and others, see https://hyperelliptic.org/EFD
|
||||||
|
|
||||||
class fastfrac:
|
class fastfrac:
|
||||||
"""Fractions over rings."""
|
"""Fractions over rings."""
|
||||||
|
@ -65,7 +65,7 @@ class fastfrac:
|
||||||
return self.top in I and self.bot not in I
|
return self.top in I and self.bot not in I
|
||||||
|
|
||||||
def reduce(self,assumeZero):
|
def reduce(self,assumeZero):
|
||||||
zero = self.R.ideal(map(numerator, assumeZero))
|
zero = self.R.ideal(list(map(numerator, assumeZero)))
|
||||||
return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot))
|
return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot))
|
||||||
|
|
||||||
def __add__(self,other):
|
def __add__(self,other):
|
||||||
|
@ -100,7 +100,7 @@ class fastfrac:
|
||||||
"""Multiply something else with a fraction."""
|
"""Multiply something else with a fraction."""
|
||||||
return self.__mul__(other)
|
return self.__mul__(other)
|
||||||
|
|
||||||
def __div__(self,other):
|
def __truediv__(self,other):
|
||||||
"""Divide two fractions."""
|
"""Divide two fractions."""
|
||||||
if parent(other) == ZZ:
|
if parent(other) == ZZ:
|
||||||
return fastfrac(self.R,self.top,self.bot * other)
|
return fastfrac(self.R,self.top,self.bot * other)
|
||||||
|
@ -108,6 +108,11 @@ class fastfrac:
|
||||||
return fastfrac(self.R,self.top * other.bot,self.bot * other.top)
|
return fastfrac(self.R,self.top * other.bot,self.bot * other.top)
|
||||||
return NotImplemented
|
return NotImplemented
|
||||||
|
|
||||||
|
# Compatibility wrapper for Sage versions based on Python 2
|
||||||
|
def __div__(self,other):
|
||||||
|
"""Divide two fractions."""
|
||||||
|
return self.__truediv__(other)
|
||||||
|
|
||||||
def __pow__(self,other):
|
def __pow__(self,other):
|
||||||
"""Compute a power of a fraction."""
|
"""Compute a power of a fraction."""
|
||||||
if parent(other) == ZZ:
|
if parent(other) == ZZ:
|
||||||
|
@ -175,7 +180,7 @@ class constraints:
|
||||||
|
|
||||||
def conflicts(R, con):
|
def conflicts(R, con):
|
||||||
"""Check whether any of the passed non-zero assumptions is implied by the zero assumptions"""
|
"""Check whether any of the passed non-zero assumptions is implied by the zero assumptions"""
|
||||||
zero = R.ideal(map(numerator, con.zero))
|
zero = R.ideal(list(map(numerator, con.zero)))
|
||||||
if 1 in zero:
|
if 1 in zero:
|
||||||
return True
|
return True
|
||||||
# First a cheap check whether any of the individual nonzero terms conflict on
|
# First a cheap check whether any of the individual nonzero terms conflict on
|
||||||
|
@ -195,7 +200,7 @@ def conflicts(R, con):
|
||||||
|
|
||||||
def get_nonzero_set(R, assume):
|
def get_nonzero_set(R, assume):
|
||||||
"""Calculate a simple set of nonzero expressions"""
|
"""Calculate a simple set of nonzero expressions"""
|
||||||
zero = R.ideal(map(numerator, assume.zero))
|
zero = R.ideal(list(map(numerator, assume.zero)))
|
||||||
nonzero = set()
|
nonzero = set()
|
||||||
for nz in map(numerator, assume.nonzero):
|
for nz in map(numerator, assume.nonzero):
|
||||||
for (f,n) in nz.factor():
|
for (f,n) in nz.factor():
|
||||||
|
@ -208,7 +213,7 @@ def get_nonzero_set(R, assume):
|
||||||
|
|
||||||
def prove_nonzero(R, exprs, assume):
|
def prove_nonzero(R, exprs, assume):
|
||||||
"""Check whether an expression is provably nonzero, given assumptions"""
|
"""Check whether an expression is provably nonzero, given assumptions"""
|
||||||
zero = R.ideal(map(numerator, assume.zero))
|
zero = R.ideal(list(map(numerator, assume.zero)))
|
||||||
nonzero = get_nonzero_set(R, assume)
|
nonzero = get_nonzero_set(R, assume)
|
||||||
expl = set()
|
expl = set()
|
||||||
ok = True
|
ok = True
|
||||||
|
@ -250,7 +255,7 @@ def prove_zero(R, exprs, assume):
|
||||||
r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume)
|
r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume)
|
||||||
if not r:
|
if not r:
|
||||||
return (False, map(lambda x: "Possibly zero denominator: %s" % x, e))
|
return (False, map(lambda x: "Possibly zero denominator: %s" % x, e))
|
||||||
zero = R.ideal(map(numerator, assume.zero))
|
zero = R.ideal(list(map(numerator, assume.zero)))
|
||||||
nonzero = prod(x for x in assume.nonzero)
|
nonzero = prod(x for x in assume.nonzero)
|
||||||
expl = []
|
expl = []
|
||||||
for expr in exprs:
|
for expr in exprs:
|
||||||
|
@ -265,8 +270,8 @@ def describe_extra(R, assume, assumeExtra):
|
||||||
"""Describe what assumptions are added, given existing assumptions"""
|
"""Describe what assumptions are added, given existing assumptions"""
|
||||||
zerox = assume.zero.copy()
|
zerox = assume.zero.copy()
|
||||||
zerox.update(assumeExtra.zero)
|
zerox.update(assumeExtra.zero)
|
||||||
zero = R.ideal(map(numerator, assume.zero))
|
zero = R.ideal(list(map(numerator, assume.zero)))
|
||||||
zeroextra = R.ideal(map(numerator, zerox))
|
zeroextra = R.ideal(list(map(numerator, zerox)))
|
||||||
nonzero = get_nonzero_set(R, assume)
|
nonzero = get_nonzero_set(R, assume)
|
||||||
ret = set()
|
ret = set()
|
||||||
# Iterate over the extra zero expressions
|
# Iterate over the extra zero expressions
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
"""Prime order of finite field underlying secp256k1 (2^256 - 2^32 - 977)"""
|
||||||
|
P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
|
||||||
|
|
||||||
|
"""Finite field underlying secp256k1"""
|
||||||
|
F = FiniteField(P)
|
||||||
|
|
||||||
|
"""Elliptic curve secp256k1: y^2 = x^3 + 7"""
|
||||||
|
C = EllipticCurve([F(0), F(7)])
|
||||||
|
|
||||||
|
"""Base point of secp256k1"""
|
||||||
|
G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
|
||||||
|
|
||||||
|
"""Prime order of secp256k1"""
|
||||||
|
N = C.order()
|
||||||
|
|
||||||
|
"""Finite field of scalars of secp256k1"""
|
||||||
|
Z = FiniteField(N)
|
||||||
|
|
||||||
|
""" Beta value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
|
||||||
|
BETA = F(2)^((P-1)/3)
|
||||||
|
|
||||||
|
""" Lambda value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
|
||||||
|
LAMBDA = Z(3)^((N-1)/3)
|
||||||
|
|
||||||
|
assert is_prime(P)
|
||||||
|
assert is_prime(N)
|
||||||
|
|
||||||
|
assert BETA != F(1)
|
||||||
|
assert BETA^3 == F(1)
|
||||||
|
assert BETA^2 + BETA + 1 == 0
|
||||||
|
|
||||||
|
assert LAMBDA != Z(1)
|
||||||
|
assert LAMBDA^3 == Z(1)
|
||||||
|
assert LAMBDA^2 + LAMBDA + 1 == 0
|
||||||
|
|
||||||
|
assert Integer(LAMBDA)*G == C(BETA*G[0], G[1])
|
|
@ -175,24 +175,24 @@ laws_jacobian_weierstrass = {
|
||||||
def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p):
|
def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p):
|
||||||
"""Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field"""
|
"""Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field"""
|
||||||
F = Integers(p)
|
F = Integers(p)
|
||||||
print "Formula %s on Z%i:" % (name, p)
|
print("Formula %s on Z%i:" % (name, p))
|
||||||
points = []
|
points = []
|
||||||
for x in xrange(0, p):
|
for x in range(0, p):
|
||||||
for y in xrange(0, p):
|
for y in range(0, p):
|
||||||
point = affinepoint(F(x), F(y))
|
point = affinepoint(F(x), F(y))
|
||||||
r, e = concrete_verify(on_weierstrass_curve(A, B, point))
|
r, e = concrete_verify(on_weierstrass_curve(A, B, point))
|
||||||
if r:
|
if r:
|
||||||
points.append(point)
|
points.append(point)
|
||||||
|
|
||||||
for za in xrange(1, p):
|
for za in range(1, p):
|
||||||
for zb in xrange(1, p):
|
for zb in range(1, p):
|
||||||
for pa in points:
|
for pa in points:
|
||||||
for pb in points:
|
for pb in points:
|
||||||
for ia in xrange(2):
|
for ia in range(2):
|
||||||
for ib in xrange(2):
|
for ib in range(2):
|
||||||
pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia)
|
pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia)
|
||||||
pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib)
|
pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib)
|
||||||
for branch in xrange(0, branches):
|
for branch in range(0, branches):
|
||||||
assumeAssert, assumeBranch, pC = formula(branch, pA, pB)
|
assumeAssert, assumeBranch, pC = formula(branch, pA, pB)
|
||||||
pC.X = F(pC.X)
|
pC.X = F(pC.X)
|
||||||
pC.Y = F(pC.Y)
|
pC.Y = F(pC.Y)
|
||||||
|
@ -206,13 +206,13 @@ def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p):
|
||||||
r, e = concrete_verify(assumeLaw)
|
r, e = concrete_verify(assumeLaw)
|
||||||
if r:
|
if r:
|
||||||
if match:
|
if match:
|
||||||
print " multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity)
|
print(" multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity))
|
||||||
else:
|
else:
|
||||||
match = True
|
match = True
|
||||||
r, e = concrete_verify(require)
|
r, e = concrete_verify(require)
|
||||||
if not r:
|
if not r:
|
||||||
print " failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e)
|
print(" failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e))
|
||||||
print
|
print()
|
||||||
|
|
||||||
|
|
||||||
def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC):
|
def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC):
|
||||||
|
@ -242,9 +242,9 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula):
|
||||||
for key in laws_jacobian_weierstrass:
|
for key in laws_jacobian_weierstrass:
|
||||||
res[key] = []
|
res[key] = []
|
||||||
|
|
||||||
print ("Formula " + name + ":")
|
print("Formula " + name + ":")
|
||||||
count = 0
|
count = 0
|
||||||
for branch in xrange(branches):
|
for branch in range(branches):
|
||||||
assumeFormula, assumeBranch, pC = formula(branch, pA, pB)
|
assumeFormula, assumeBranch, pC = formula(branch, pA, pB)
|
||||||
pC.X = lift(pC.X)
|
pC.X = lift(pC.X)
|
||||||
pC.Y = lift(pC.Y)
|
pC.Y = lift(pC.Y)
|
||||||
|
@ -255,10 +255,10 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula):
|
||||||
res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch))
|
res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch))
|
||||||
|
|
||||||
for key in res:
|
for key in res:
|
||||||
print " %s:" % key
|
print(" %s:" % key)
|
||||||
val = res[key]
|
val = res[key]
|
||||||
for x in val:
|
for x in val:
|
||||||
if x[0] is not None:
|
if x[0] is not None:
|
||||||
print " branch %i: %s" % (x[1], x[0])
|
print(" branch %i: %s" % (x[1], x[0]))
|
||||||
|
|
||||||
print
|
print()
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
@ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm:
|
@ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm:
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Wladimir J. van der Laan *
|
* Copyright (c) 2014 Wladimir J. van der Laan *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
/*
|
/*
|
||||||
ARM implementation of field_10x26 inner loops.
|
ARM implementation of field_10x26 inner loops.
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Pieter Wuille *
|
* Copyright (c) 2020 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ASSUMPTIONS_H
|
#ifndef SECP256K1_ASSUMPTIONS_H
|
||||||
#define SECP256K1_ASSUMPTIONS_H
|
#define SECP256K1_ASSUMPTIONS_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_BASIC_CONFIG_H
|
#ifndef SECP256K1_BASIC_CONFIG_H
|
||||||
#define SECP256K1_BASIC_CONFIG_H
|
#define SECP256K1_BASIC_CONFIG_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_BENCH_H
|
#ifndef SECP256K1_BENCH_H
|
||||||
#define SECP256K1_BENCH_H
|
#define SECP256K1_BENCH_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Pieter Wuille, Andrew Poelstra *
|
* Copyright (c) 2015 Pieter Wuille, Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2017 Pieter Wuille *
|
* Copyright (c) 2017 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014-2015 Pieter Wuille *
|
* Copyright (c) 2014-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014-2015 Pieter Wuille *
|
* Copyright (c) 2014-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "include/secp256k1_recovery.h"
|
#include "include/secp256k1_recovery.h"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
@ -12,11 +12,11 @@ typedef struct {
|
||||||
secp256k1_context* ctx;
|
secp256k1_context* ctx;
|
||||||
unsigned char msg[32];
|
unsigned char msg[32];
|
||||||
unsigned char key[32];
|
unsigned char key[32];
|
||||||
} bench_sign;
|
} bench_sign_data;
|
||||||
|
|
||||||
static void bench_sign_setup(void* arg) {
|
static void bench_sign_setup(void* arg) {
|
||||||
int i;
|
int i;
|
||||||
bench_sign *data = (bench_sign*)arg;
|
bench_sign_data *data = (bench_sign_data*)arg;
|
||||||
|
|
||||||
for (i = 0; i < 32; i++) {
|
for (i = 0; i < 32; i++) {
|
||||||
data->msg[i] = i + 1;
|
data->msg[i] = i + 1;
|
||||||
|
@ -28,7 +28,7 @@ static void bench_sign_setup(void* arg) {
|
||||||
|
|
||||||
static void bench_sign_run(void* arg, int iters) {
|
static void bench_sign_run(void* arg, int iters) {
|
||||||
int i;
|
int i;
|
||||||
bench_sign *data = (bench_sign*)arg;
|
bench_sign_data *data = (bench_sign_data*)arg;
|
||||||
|
|
||||||
unsigned char sig[74];
|
unsigned char sig[74];
|
||||||
for (i = 0; i < iters; i++) {
|
for (i = 0; i < iters; i++) {
|
||||||
|
@ -45,7 +45,7 @@ static void bench_sign_run(void* arg, int iters) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(void) {
|
int main(void) {
|
||||||
bench_sign data;
|
bench_sign_data data;
|
||||||
|
|
||||||
int iters = get_iters(20000);
|
int iters = get_iters(20000);
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -29,11 +29,11 @@ typedef struct {
|
||||||
#ifdef ENABLE_OPENSSL_TESTS
|
#ifdef ENABLE_OPENSSL_TESTS
|
||||||
EC_GROUP* ec_group;
|
EC_GROUP* ec_group;
|
||||||
#endif
|
#endif
|
||||||
} benchmark_verify_t;
|
} bench_verify_data;
|
||||||
|
|
||||||
static void benchmark_verify(void* arg, int iters) {
|
static void bench_verify(void* arg, int iters) {
|
||||||
int i;
|
int i;
|
||||||
benchmark_verify_t* data = (benchmark_verify_t*)arg;
|
bench_verify_data* data = (bench_verify_data*)arg;
|
||||||
|
|
||||||
for (i = 0; i < iters; i++) {
|
for (i = 0; i < iters; i++) {
|
||||||
secp256k1_pubkey pubkey;
|
secp256k1_pubkey pubkey;
|
||||||
|
@ -51,9 +51,9 @@ static void benchmark_verify(void* arg, int iters) {
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL_TESTS
|
#ifdef ENABLE_OPENSSL_TESTS
|
||||||
static void benchmark_verify_openssl(void* arg, int iters) {
|
static void bench_verify_openssl(void* arg, int iters) {
|
||||||
int i;
|
int i;
|
||||||
benchmark_verify_t* data = (benchmark_verify_t*)arg;
|
bench_verify_data* data = (bench_verify_data*)arg;
|
||||||
|
|
||||||
for (i = 0; i < iters; i++) {
|
for (i = 0; i < iters; i++) {
|
||||||
data->sig[data->siglen - 1] ^= (i & 0xFF);
|
data->sig[data->siglen - 1] ^= (i & 0xFF);
|
||||||
|
@ -84,7 +84,7 @@ int main(void) {
|
||||||
int i;
|
int i;
|
||||||
secp256k1_pubkey pubkey;
|
secp256k1_pubkey pubkey;
|
||||||
secp256k1_ecdsa_signature sig;
|
secp256k1_ecdsa_signature sig;
|
||||||
benchmark_verify_t data;
|
bench_verify_data data;
|
||||||
|
|
||||||
int iters = get_iters(20000);
|
int iters = get_iters(20000);
|
||||||
|
|
||||||
|
@ -103,10 +103,10 @@ int main(void) {
|
||||||
data.pubkeylen = 33;
|
data.pubkeylen = 33;
|
||||||
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
|
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
|
||||||
|
|
||||||
run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, iters);
|
run_benchmark("ecdsa_verify", bench_verify, NULL, NULL, &data, 10, iters);
|
||||||
#ifdef ENABLE_OPENSSL_TESTS
|
#ifdef ENABLE_OPENSSL_TESTS
|
||||||
data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
|
data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
|
||||||
run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, iters);
|
run_benchmark("ecdsa_verify_openssl", bench_verify_openssl, NULL, NULL, &data, 10, iters);
|
||||||
EC_GROUP_free(data.ec_group);
|
EC_GROUP_free(data.ec_group);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECDSA_H
|
#ifndef SECP256K1_ECDSA_H
|
||||||
#define SECP256K1_ECDSA_H
|
#define SECP256K1_ECDSA_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2015 Pieter Wuille *
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
|
|
||||||
#ifndef SECP256K1_ECDSA_IMPL_H
|
#ifndef SECP256K1_ECDSA_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECKEY_H
|
#ifndef SECP256K1_ECKEY_H
|
||||||
#define SECP256K1_ECKEY_H
|
#define SECP256K1_ECKEY_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECKEY_IMPL_H
|
#ifndef SECP256K1_ECKEY_IMPL_H
|
||||||
#define SECP256K1_ECKEY_IMPL_H
|
#define SECP256K1_ECKEY_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra *
|
* Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_H
|
#ifndef SECP256K1_ECMULT_H
|
||||||
#define SECP256K1_ECMULT_H
|
#define SECP256K1_ECMULT_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Andrew Poelstra *
|
* Copyright (c) 2015 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_CONST_H
|
#ifndef SECP256K1_ECMULT_CONST_H
|
||||||
#define SECP256K1_ECMULT_CONST_H
|
#define SECP256K1_ECMULT_CONST_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Pieter Wuille, Andrew Poelstra *
|
* Copyright (c) 2015 Pieter Wuille, Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_CONST_IMPL_H
|
#ifndef SECP256K1_ECMULT_CONST_IMPL_H
|
||||||
#define SECP256K1_ECMULT_CONST_IMPL_H
|
#define SECP256K1_ECMULT_CONST_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_GEN_H
|
#ifndef SECP256K1_ECMULT_GEN_H
|
||||||
#define SECP256K1_ECMULT_GEN_H
|
#define SECP256K1_ECMULT_GEN_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell *
|
* Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_GEN_IMPL_H
|
#ifndef SECP256K1_ECMULT_GEN_IMPL_H
|
||||||
#define SECP256K1_ECMULT_GEN_IMPL_H
|
#define SECP256K1_ECMULT_GEN_IMPL_H
|
||||||
|
@ -144,7 +144,7 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp25
|
||||||
* (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and
|
* (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and
|
||||||
* "Cache Attacks and Countermeasures: the Case of AES", RSA 2006,
|
* "Cache Attacks and Countermeasures: the Case of AES", RSA 2006,
|
||||||
* by Dag Arne Osvik, Adi Shamir, and Eran Tromer
|
* by Dag Arne Osvik, Adi Shamir, and Eran Tromer
|
||||||
* (http://www.tau.ac.il/~tromer/papers/cache.pdf)
|
* (https://www.tau.ac.il/~tromer/papers/cache.pdf)
|
||||||
*/
|
*/
|
||||||
secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits);
|
secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/*****************************************************************************
|
/******************************************************************************
|
||||||
* Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick *
|
* Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php. *
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php. *
|
||||||
*****************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_ECMULT_IMPL_H
|
#ifndef SECP256K1_ECMULT_IMPL_H
|
||||||
#define SECP256K1_ECMULT_IMPL_H
|
#define SECP256K1_ECMULT_IMPL_H
|
||||||
|
@ -595,11 +595,11 @@ static int secp256k1_ecmult_strauss_batch(const secp256k1_callback* error_callba
|
||||||
scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar));
|
scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar));
|
||||||
state.prej = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_gej));
|
state.prej = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_gej));
|
||||||
state.zr = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe));
|
state.zr = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe));
|
||||||
state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * 2 * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge));
|
state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge));
|
||||||
state.pre_a_lam = state.pre_a + n_points * ECMULT_TABLE_SIZE(WINDOW_A);
|
state.pre_a_lam = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge));
|
||||||
state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state));
|
state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state));
|
||||||
|
|
||||||
if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL) {
|
if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL || state.pre_a_lam == NULL || state.ps == NULL) {
|
||||||
secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint);
|
secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_H
|
#ifndef SECP256K1_FIELD_H
|
||||||
#define SECP256K1_FIELD_H
|
#define SECP256K1_FIELD_H
|
||||||
|
@ -114,11 +114,6 @@ static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a);
|
||||||
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
/** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
|
||||||
static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a);
|
static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a);
|
||||||
|
|
||||||
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
|
|
||||||
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
|
|
||||||
* outputs must not overlap in memory. */
|
|
||||||
static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len);
|
|
||||||
|
|
||||||
/** Convert a field element to the storage type. */
|
/** Convert a field element to the storage type. */
|
||||||
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a);
|
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a);
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_REPR_H
|
#ifndef SECP256K1_FIELD_REPR_H
|
||||||
#define SECP256K1_FIELD_REPR_H
|
#define SECP256K1_FIELD_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_REPR_IMPL_H
|
#ifndef SECP256K1_FIELD_REPR_IMPL_H
|
||||||
#define SECP256K1_FIELD_REPR_IMPL_H
|
#define SECP256K1_FIELD_REPR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_REPR_H
|
#ifndef SECP256K1_FIELD_REPR_H
|
||||||
#define SECP256K1_FIELD_REPR_H
|
#define SECP256K1_FIELD_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille *
|
* Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Changelog:
|
* Changelog:
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_REPR_IMPL_H
|
#ifndef SECP256K1_FIELD_REPR_IMPL_H
|
||||||
#define SECP256K1_FIELD_REPR_IMPL_H
|
#define SECP256K1_FIELD_REPR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H
|
#ifndef SECP256K1_FIELD_INNER5X52_IMPL_H
|
||||||
#define SECP256K1_FIELD_INNER5X52_IMPL_H
|
#define SECP256K1_FIELD_INNER5X52_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_FIELD_IMPL_H
|
#ifndef SECP256K1_FIELD_IMPL_H
|
||||||
#define SECP256K1_FIELD_IMPL_H
|
#define SECP256K1_FIELD_IMPL_H
|
||||||
|
@ -263,33 +263,6 @@ static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len) {
|
|
||||||
secp256k1_fe u;
|
|
||||||
size_t i;
|
|
||||||
if (len < 1) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
VERIFY_CHECK((r + len <= a) || (a + len <= r));
|
|
||||||
|
|
||||||
r[0] = a[0];
|
|
||||||
|
|
||||||
i = 0;
|
|
||||||
while (++i < len) {
|
|
||||||
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
|
|
||||||
}
|
|
||||||
|
|
||||||
secp256k1_fe_inv_var(&u, &r[--i]);
|
|
||||||
|
|
||||||
while (i > 0) {
|
|
||||||
size_t j = i--;
|
|
||||||
secp256k1_fe_mul(&r[j], &r[i], &u);
|
|
||||||
secp256k1_fe_mul(&u, &u, &a[j]);
|
|
||||||
}
|
|
||||||
|
|
||||||
r[0] = u;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int secp256k1_fe_is_quad_var(const secp256k1_fe *a) {
|
static int secp256k1_fe_is_quad_var(const secp256k1_fe *a) {
|
||||||
#ifndef USE_NUM_NONE
|
#ifndef USE_NUM_NONE
|
||||||
unsigned char b[32];
|
unsigned char b[32];
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields *
|
* Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
// Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed.
|
/* Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed.
|
||||||
// ifndef guard so downstream users can define their own if they do not use autotools.
|
ifndef guard so downstream users can define their own if they do not use autotools. */
|
||||||
#if !defined(ECMULT_GEN_PREC_BITS)
|
#if !defined(ECMULT_GEN_PREC_BITS)
|
||||||
#include "libsecp256k1-config.h"
|
#include "libsecp256k1-config.h"
|
||||||
#endif
|
#endif
|
||||||
|
@ -47,8 +47,8 @@ int main(int argc, char **argv) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(fp, "#ifndef _SECP256K1_ECMULT_STATIC_CONTEXT_\n");
|
fprintf(fp, "#ifndef SECP256K1_ECMULT_STATIC_CONTEXT_H\n");
|
||||||
fprintf(fp, "#define _SECP256K1_ECMULT_STATIC_CONTEXT_\n");
|
fprintf(fp, "#define SECP256K1_ECMULT_STATIC_CONTEXT_H\n");
|
||||||
fprintf(fp, "#include \"src/group.h\"\n");
|
fprintf(fp, "#include \"src/group.h\"\n");
|
||||||
fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n");
|
fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n");
|
||||||
fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G);
|
fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G);
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_GROUP_H
|
#ifndef SECP256K1_GROUP_H
|
||||||
#define SECP256K1_GROUP_H
|
#define SECP256K1_GROUP_H
|
||||||
|
@ -62,9 +62,12 @@ static int secp256k1_ge_is_valid_var(const secp256k1_ge *a);
|
||||||
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
|
||||||
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a);
|
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a);
|
||||||
|
|
||||||
/** Set a group element equal to another which is given in jacobian coordinates */
|
/** Set a group element equal to another which is given in jacobian coordinates. Constant time. */
|
||||||
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a);
|
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a);
|
||||||
|
|
||||||
|
/** Set a group element equal to another which is given in jacobian coordinates. */
|
||||||
|
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a);
|
||||||
|
|
||||||
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
/** Set a batch of group elements equal to the inputs given in jacobian coordinates */
|
||||||
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len);
|
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len);
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_GROUP_IMPL_H
|
#ifndef SECP256K1_GROUP_IMPL_H
|
||||||
#define SECP256K1_GROUP_IMPL_H
|
#define SECP256K1_GROUP_IMPL_H
|
||||||
|
@ -674,7 +674,7 @@ static int secp256k1_ge_is_in_correct_subgroup(const secp256k1_ge* ge) {
|
||||||
secp256k1_gej out;
|
secp256k1_gej out;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
/* A very simple EC multiplication ladder that avoids a dependecy on ecmult. */
|
/* A very simple EC multiplication ladder that avoids a dependency on ecmult. */
|
||||||
secp256k1_gej_set_infinity(&out);
|
secp256k1_gej_set_infinity(&out);
|
||||||
for (i = 0; i < 32; ++i) {
|
for (i = 0; i < 32; ++i) {
|
||||||
secp256k1_gej_double_var(&out, &out, NULL);
|
secp256k1_gej_double_var(&out, &out, NULL);
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_HASH_H
|
#ifndef SECP256K1_HASH_H
|
||||||
#define SECP256K1_HASH_H
|
#define SECP256K1_HASH_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_HASH_IMPL_H
|
#ifndef SECP256K1_HASH_IMPL_H
|
||||||
#define SECP256K1_HASH_IMPL_H
|
#define SECP256K1_HASH_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Andrew Poelstra *
|
* Copyright (c) 2015 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_MODULE_ECDH_MAIN_H
|
#ifndef SECP256K1_MODULE_ECDH_MAIN_H
|
||||||
#define SECP256K1_MODULE_ECDH_MAIN_H
|
#define SECP256K1_MODULE_ECDH_MAIN_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Andrew Poelstra *
|
* Copyright (c) 2015 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_MODULE_ECDH_TESTS_H
|
#ifndef SECP256K1_MODULE_ECDH_TESTS_H
|
||||||
#define SECP256K1_MODULE_ECDH_TESTS_H
|
#define SECP256K1_MODULE_ECDH_TESTS_H
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Jonas Nick *
|
* Copyright (c) 2020 Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_EXTRAKEYS_MAIN_
|
#ifndef SECP256K1_MODULE_EXTRAKEYS_MAIN_H
|
||||||
#define _SECP256K1_MODULE_EXTRAKEYS_MAIN_
|
#define SECP256K1_MODULE_EXTRAKEYS_MAIN_H
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "include/secp256k1_extrakeys.h"
|
#include "include/secp256k1_extrakeys.h"
|
||||||
|
@ -180,12 +180,22 @@ int secp256k1_keypair_create(const secp256k1_context* ctx, secp256k1_keypair *ke
|
||||||
|
|
||||||
ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32);
|
ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32);
|
||||||
secp256k1_keypair_save(keypair, &sk, &pk);
|
secp256k1_keypair_save(keypair, &sk, &pk);
|
||||||
memczero(keypair, sizeof(*keypair), !ret);
|
secp256k1_memczero(keypair, sizeof(*keypair), !ret);
|
||||||
|
|
||||||
secp256k1_scalar_clear(&sk);
|
secp256k1_scalar_clear(&sk);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int secp256k1_keypair_sec(const secp256k1_context* ctx, unsigned char *seckey, const secp256k1_keypair *keypair) {
|
||||||
|
VERIFY_CHECK(ctx != NULL);
|
||||||
|
ARG_CHECK(seckey != NULL);
|
||||||
|
memset(seckey, 0, 32);
|
||||||
|
ARG_CHECK(keypair != NULL);
|
||||||
|
|
||||||
|
memcpy(seckey, &keypair->data[0], 32);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int secp256k1_keypair_pub(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair) {
|
int secp256k1_keypair_pub(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair) {
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(pubkey != NULL);
|
ARG_CHECK(pubkey != NULL);
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Pieter Wuille *
|
* Copyright (c) 2020 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_
|
#ifndef SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_H
|
||||||
#define _SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_
|
#define SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_H
|
||||||
|
|
||||||
#include "src/modules/extrakeys/main_impl.h"
|
#include "src/modules/extrakeys/main_impl.h"
|
||||||
#include "include/secp256k1_extrakeys.h"
|
#include "include/secp256k1_extrakeys.h"
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Jonas Nick *
|
* Copyright (c) 2020 Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_EXTRAKEYS_TESTS_
|
#ifndef SECP256K1_MODULE_EXTRAKEYS_TESTS_H
|
||||||
#define _SECP256K1_MODULE_EXTRAKEYS_TESTS_
|
#define SECP256K1_MODULE_EXTRAKEYS_TESTS_H
|
||||||
|
|
||||||
#include "secp256k1_extrakeys.h"
|
#include "secp256k1_extrakeys.h"
|
||||||
|
|
||||||
|
@ -311,6 +311,7 @@ void test_xonly_pubkey_tweak_recursive(void) {
|
||||||
|
|
||||||
void test_keypair(void) {
|
void test_keypair(void) {
|
||||||
unsigned char sk[32];
|
unsigned char sk[32];
|
||||||
|
unsigned char sk_tmp[32];
|
||||||
unsigned char zeros96[96] = { 0 };
|
unsigned char zeros96[96] = { 0 };
|
||||||
unsigned char overflows[32];
|
unsigned char overflows[32];
|
||||||
secp256k1_keypair keypair;
|
secp256k1_keypair keypair;
|
||||||
|
@ -396,6 +397,28 @@ void test_keypair(void) {
|
||||||
CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0);
|
CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0);
|
||||||
CHECK(pk_parity == pk_parity_tmp);
|
CHECK(pk_parity == pk_parity_tmp);
|
||||||
|
|
||||||
|
/* Test keypair_seckey */
|
||||||
|
ecount = 0;
|
||||||
|
secp256k1_testrand256(sk);
|
||||||
|
CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
|
||||||
|
CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
|
||||||
|
CHECK(secp256k1_keypair_sec(none, NULL, &keypair) == 0);
|
||||||
|
CHECK(ecount == 1);
|
||||||
|
CHECK(secp256k1_keypair_sec(none, sk_tmp, NULL) == 0);
|
||||||
|
CHECK(ecount == 2);
|
||||||
|
CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
|
||||||
|
|
||||||
|
/* keypair returns the same seckey it got */
|
||||||
|
CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1);
|
||||||
|
CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
|
||||||
|
CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0);
|
||||||
|
|
||||||
|
|
||||||
|
/* Using an invalid keypair is fine for keypair_seckey */
|
||||||
|
memset(&keypair, 0, sizeof(keypair));
|
||||||
|
CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
|
||||||
|
CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
|
||||||
|
|
||||||
secp256k1_context_destroy(none);
|
secp256k1_context_destroy(none);
|
||||||
secp256k1_context_destroy(sign);
|
secp256k1_context_destroy(sign);
|
||||||
secp256k1_context_destroy(verify);
|
secp256k1_context_destroy(verify);
|
||||||
|
@ -484,6 +507,7 @@ void test_keypair_add(void) {
|
||||||
secp256k1_pubkey output_pk_xy;
|
secp256k1_pubkey output_pk_xy;
|
||||||
secp256k1_pubkey output_pk_expected;
|
secp256k1_pubkey output_pk_expected;
|
||||||
unsigned char pk32[32];
|
unsigned char pk32[32];
|
||||||
|
unsigned char sk32[32];
|
||||||
int pk_parity;
|
int pk_parity;
|
||||||
|
|
||||||
secp256k1_testrand256(tweak);
|
secp256k1_testrand256(tweak);
|
||||||
|
@ -501,7 +525,8 @@ void test_keypair_add(void) {
|
||||||
CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
|
CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
|
||||||
|
|
||||||
/* Check that the secret key in the keypair is tweaked correctly */
|
/* Check that the secret key in the keypair is tweaked correctly */
|
||||||
CHECK(secp256k1_ec_pubkey_create(ctx, &output_pk_expected, &keypair.data[0]) == 1);
|
CHECK(secp256k1_keypair_sec(none, sk32, &keypair) == 1);
|
||||||
|
CHECK(secp256k1_ec_pubkey_create(ctx, &output_pk_expected, sk32) == 1);
|
||||||
CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
|
CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
|
||||||
}
|
}
|
||||||
secp256k1_context_destroy(none);
|
secp256k1_context_destroy(none);
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2015 Pieter Wuille *
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H
|
#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H
|
||||||
#define SECP256K1_MODULE_RECOVERY_MAIN_H
|
#define SECP256K1_MODULE_RECOVERY_MAIN_H
|
||||||
|
@ -120,34 +120,34 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context *ctx, cons
|
||||||
return !secp256k1_gej_is_infinity(&qj);
|
return !secp256k1_gej_is_infinity(&qj);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
|
int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
|
||||||
secp256k1_scalar r, s;
|
secp256k1_scalar r, s;
|
||||||
int ret, recid;
|
int ret, recid;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
||||||
ARG_CHECK(msg32 != NULL);
|
ARG_CHECK(msghash32 != NULL);
|
||||||
ARG_CHECK(signature != NULL);
|
ARG_CHECK(signature != NULL);
|
||||||
ARG_CHECK(seckey != NULL);
|
ARG_CHECK(seckey != NULL);
|
||||||
|
|
||||||
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msg32, seckey, noncefp, noncedata);
|
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata);
|
||||||
secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid);
|
secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) {
|
int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) {
|
||||||
secp256k1_ge q;
|
secp256k1_ge q;
|
||||||
secp256k1_scalar r, s;
|
secp256k1_scalar r, s;
|
||||||
secp256k1_scalar m;
|
secp256k1_scalar m;
|
||||||
int recid;
|
int recid;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
||||||
ARG_CHECK(msg32 != NULL);
|
ARG_CHECK(msghash32 != NULL);
|
||||||
ARG_CHECK(signature != NULL);
|
ARG_CHECK(signature != NULL);
|
||||||
ARG_CHECK(pubkey != NULL);
|
ARG_CHECK(pubkey != NULL);
|
||||||
|
|
||||||
secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature);
|
secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature);
|
||||||
VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */
|
VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */
|
||||||
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
secp256k1_scalar_set_b32(&m, msghash32, NULL);
|
||||||
if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) {
|
if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) {
|
||||||
secp256k1_pubkey_save(pubkey, &q);
|
secp256k1_pubkey_save(pubkey, &q);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2016 Andrew Poelstra *
|
* Copyright (c) 2016 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H
|
#ifndef SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H
|
||||||
#define SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H
|
#define SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2015 Pieter Wuille *
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_MODULE_RECOVERY_TESTS_H
|
#ifndef SECP256K1_MODULE_RECOVERY_TESTS_H
|
||||||
#define SECP256K1_MODULE_RECOVERY_TESTS_H
|
#define SECP256K1_MODULE_RECOVERY_TESTS_H
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_SCHNORRSIG_MAIN_
|
#ifndef SECP256K1_MODULE_SCHNORRSIG_MAIN_H
|
||||||
#define _SECP256K1_MODULE_SCHNORRSIG_MAIN_
|
#define SECP256K1_MODULE_SCHNORRSIG_MAIN_H
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "include/secp256k1_schnorrsig.h"
|
#include "include/secp256k1_schnorrsig.h"
|
||||||
|
@ -179,7 +179,7 @@ int secp256k1_schnorrsig_sign(const secp256k1_context* ctx, unsigned char *sig64
|
||||||
secp256k1_scalar_add(&e, &e, &k);
|
secp256k1_scalar_add(&e, &e, &k);
|
||||||
secp256k1_scalar_get_b32(&sig64[32], &e);
|
secp256k1_scalar_get_b32(&sig64[32], &e);
|
||||||
|
|
||||||
memczero(sig64, 64, !ret);
|
secp256k1_memczero(sig64, 64, !ret);
|
||||||
secp256k1_scalar_clear(&k);
|
secp256k1_scalar_clear(&k);
|
||||||
secp256k1_scalar_clear(&sk);
|
secp256k1_scalar_clear(&sk);
|
||||||
memset(seckey, 0, sizeof(seckey));
|
memset(seckey, 0, sizeof(seckey));
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Pieter Wuille *
|
* Copyright (c) 2020 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_
|
#ifndef SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_H
|
||||||
#define _SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_
|
#define SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_H
|
||||||
|
|
||||||
#include "include/secp256k1_schnorrsig.h"
|
#include "include/secp256k1_schnorrsig.h"
|
||||||
#include "src/modules/schnorrsig/main_impl.h"
|
#include "src/modules/schnorrsig/main_impl.h"
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_
|
#ifndef SECP256K1_MODULE_SCHNORRSIG_TESTS_H
|
||||||
#define _SECP256K1_MODULE_SCHNORRSIG_TESTS_
|
#define SECP256K1_MODULE_SCHNORRSIG_TESTS_H
|
||||||
|
|
||||||
#include "secp256k1_schnorrsig.h"
|
#include "secp256k1_schnorrsig.h"
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_NUM_H
|
#ifndef SECP256K1_NUM_H
|
||||||
#define SECP256K1_NUM_H
|
#define SECP256K1_NUM_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_NUM_REPR_H
|
#ifndef SECP256K1_NUM_REPR_H
|
||||||
#define SECP256K1_NUM_REPR_H
|
#define SECP256K1_NUM_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_NUM_REPR_IMPL_H
|
#ifndef SECP256K1_NUM_REPR_IMPL_H
|
||||||
#define SECP256K1_NUM_REPR_IMPL_H
|
#define SECP256K1_NUM_REPR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_NUM_IMPL_H
|
#ifndef SECP256K1_NUM_IMPL_H
|
||||||
#define SECP256K1_NUM_IMPL_H
|
#define SECP256K1_NUM_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_H
|
#ifndef SECP256K1_SCALAR_H
|
||||||
#define SECP256K1_SCALAR_H
|
#define SECP256K1_SCALAR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_H
|
#ifndef SECP256K1_SCALAR_REPR_H
|
||||||
#define SECP256K1_SCALAR_REPR_H
|
#define SECP256K1_SCALAR_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
#define SECP256K1_SCALAR_REPR_IMPL_H
|
#define SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_H
|
#ifndef SECP256K1_SCALAR_REPR_H
|
||||||
#define SECP256K1_SCALAR_REPR_H
|
#define SECP256K1_SCALAR_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
#define SECP256K1_SCALAR_REPR_IMPL_H
|
#define SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2014 Pieter Wuille *
|
* Copyright (c) 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_IMPL_H
|
#ifndef SECP256K1_SCALAR_IMPL_H
|
||||||
#define SECP256K1_SCALAR_IMPL_H
|
#define SECP256K1_SCALAR_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Andrew Poelstra *
|
* Copyright (c) 2015 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_H
|
#ifndef SECP256K1_SCALAR_REPR_H
|
||||||
#define SECP256K1_SCALAR_REPR_H
|
#define SECP256K1_SCALAR_REPR_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2015 Andrew Poelstra *
|
* Copyright (c) 2015 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
#ifndef SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
#define SECP256K1_SCALAR_REPR_IMPL_H
|
#define SECP256K1_SCALAR_REPR_IMPL_H
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2017 Andrew Poelstra *
|
* Copyright (c) 2017 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_SCRATCH_
|
#ifndef SECP256K1_SCRATCH_H
|
||||||
#define _SECP256K1_SCRATCH_
|
#define SECP256K1_SCRATCH_H
|
||||||
|
|
||||||
/* The typedef is used internally; the struct name is used in the public API
|
/* The typedef is used internally; the struct name is used in the public API
|
||||||
* (where it is exposed as a different typedef) */
|
* (where it is exposed as a different typedef) */
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2017 Andrew Poelstra *
|
* Copyright (c) 2017 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef _SECP256K1_SCRATCH_IMPL_H_
|
#ifndef SECP256K1_SCRATCH_IMPL_H
|
||||||
#define _SECP256K1_SCRATCH_IMPL_H_
|
#define SECP256K1_SCRATCH_IMPL_H
|
||||||
|
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "scratch.h"
|
#include "scratch.h"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2015 Pieter Wuille *
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
#include "include/secp256k1_preallocated.h"
|
#include "include/secp256k1_preallocated.h"
|
||||||
|
@ -86,6 +86,8 @@ const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_no_pr
|
||||||
|
|
||||||
size_t secp256k1_context_preallocated_size(unsigned int flags) {
|
size_t secp256k1_context_preallocated_size(unsigned int flags) {
|
||||||
size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context));
|
size_t ret = ROUND_TO_ALIGN(sizeof(secp256k1_context));
|
||||||
|
/* A return value of 0 is reserved as an indicator for errors when we call this function internally. */
|
||||||
|
VERIFY_CHECK(ret != 0);
|
||||||
|
|
||||||
if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) {
|
if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) {
|
||||||
secp256k1_callback_call(&default_illegal_callback,
|
secp256k1_callback_call(&default_illegal_callback,
|
||||||
|
@ -122,21 +124,21 @@ secp256k1_context* secp256k1_context_preallocated_create(void* prealloc, unsigne
|
||||||
if (!secp256k1_selftest()) {
|
if (!secp256k1_selftest()) {
|
||||||
secp256k1_callback_call(&default_error_callback, "self test failed");
|
secp256k1_callback_call(&default_error_callback, "self test failed");
|
||||||
}
|
}
|
||||||
VERIFY_CHECK(prealloc != NULL);
|
|
||||||
prealloc_size = secp256k1_context_preallocated_size(flags);
|
prealloc_size = secp256k1_context_preallocated_size(flags);
|
||||||
|
if (prealloc_size == 0) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
VERIFY_CHECK(prealloc != NULL);
|
||||||
ret = (secp256k1_context*)manual_alloc(&prealloc, sizeof(secp256k1_context), base, prealloc_size);
|
ret = (secp256k1_context*)manual_alloc(&prealloc, sizeof(secp256k1_context), base, prealloc_size);
|
||||||
ret->illegal_callback = default_illegal_callback;
|
ret->illegal_callback = default_illegal_callback;
|
||||||
ret->error_callback = default_error_callback;
|
ret->error_callback = default_error_callback;
|
||||||
|
|
||||||
if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) {
|
|
||||||
secp256k1_callback_call(&ret->illegal_callback,
|
|
||||||
"Invalid flags");
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
secp256k1_ecmult_context_init(&ret->ecmult_ctx);
|
secp256k1_ecmult_context_init(&ret->ecmult_ctx);
|
||||||
secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx);
|
secp256k1_ecmult_gen_context_init(&ret->ecmult_gen_ctx);
|
||||||
|
|
||||||
|
/* Flags have been checked by secp256k1_context_preallocated_size. */
|
||||||
|
VERIFY_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_CONTEXT);
|
||||||
if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) {
|
if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) {
|
||||||
secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc);
|
secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc);
|
||||||
}
|
}
|
||||||
|
@ -420,17 +422,17 @@ int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) {
|
int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) {
|
||||||
secp256k1_ge q;
|
secp256k1_ge q;
|
||||||
secp256k1_scalar r, s;
|
secp256k1_scalar r, s;
|
||||||
secp256k1_scalar m;
|
secp256k1_scalar m;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
||||||
ARG_CHECK(msg32 != NULL);
|
ARG_CHECK(msghash32 != NULL);
|
||||||
ARG_CHECK(sig != NULL);
|
ARG_CHECK(sig != NULL);
|
||||||
ARG_CHECK(pubkey != NULL);
|
ARG_CHECK(pubkey != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
secp256k1_scalar_set_b32(&m, msghash32, NULL);
|
||||||
secp256k1_ecdsa_signature_load(ctx, &r, &s, sig);
|
secp256k1_ecdsa_signature_load(ctx, &r, &s, sig);
|
||||||
return (!secp256k1_scalar_is_high(&s) &&
|
return (!secp256k1_scalar_is_high(&s) &&
|
||||||
secp256k1_pubkey_load(ctx, &q, pubkey) &&
|
secp256k1_pubkey_load(ctx, &q, pubkey) &&
|
||||||
|
@ -531,16 +533,16 @@ static int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_sc
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
|
int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
|
||||||
secp256k1_scalar r, s;
|
secp256k1_scalar r, s;
|
||||||
int ret;
|
int ret;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
||||||
ARG_CHECK(msg32 != NULL);
|
ARG_CHECK(msghash32 != NULL);
|
||||||
ARG_CHECK(signature != NULL);
|
ARG_CHECK(signature != NULL);
|
||||||
ARG_CHECK(seckey != NULL);
|
ARG_CHECK(seckey != NULL);
|
||||||
|
|
||||||
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, noncedata);
|
ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, noncedata);
|
||||||
secp256k1_ecdsa_signature_save(signature, &r, &s);
|
secp256k1_ecdsa_signature_save(signature, &r, &s);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -580,7 +582,7 @@ int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *p
|
||||||
|
|
||||||
ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey);
|
ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey);
|
||||||
secp256k1_pubkey_save(pubkey, &p);
|
secp256k1_pubkey_save(pubkey, &p);
|
||||||
memczero(pubkey, sizeof(*pubkey), !ret);
|
secp256k1_memczero(pubkey, sizeof(*pubkey), !ret);
|
||||||
|
|
||||||
secp256k1_scalar_clear(&seckey_scalar);
|
secp256k1_scalar_clear(&seckey_scalar);
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -621,26 +623,26 @@ int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak) {
|
static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak32) {
|
||||||
secp256k1_scalar term;
|
secp256k1_scalar term;
|
||||||
int overflow = 0;
|
int overflow = 0;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
secp256k1_scalar_set_b32(&term, tweak32, &overflow);
|
||||||
ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term);
|
ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term);
|
||||||
secp256k1_scalar_clear(&term);
|
secp256k1_scalar_clear(&term);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
|
||||||
secp256k1_scalar sec;
|
secp256k1_scalar sec;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(seckey != NULL);
|
ARG_CHECK(seckey != NULL);
|
||||||
ARG_CHECK(tweak != NULL);
|
ARG_CHECK(tweak32 != NULL);
|
||||||
|
|
||||||
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
|
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
|
||||||
ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak);
|
ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak32);
|
||||||
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
|
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
|
||||||
secp256k1_scalar_get_b32(seckey, &sec);
|
secp256k1_scalar_get_b32(seckey, &sec);
|
||||||
|
|
||||||
|
@ -648,28 +650,28 @@ int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *s
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_privkey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
|
||||||
return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak);
|
return secp256k1_ec_seckey_tweak_add(ctx, seckey, tweak32);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak) {
|
static int secp256k1_ec_pubkey_tweak_add_helper(const secp256k1_ecmult_context* ecmult_ctx, secp256k1_ge *p, const unsigned char *tweak32) {
|
||||||
secp256k1_scalar term;
|
secp256k1_scalar term;
|
||||||
int overflow = 0;
|
int overflow = 0;
|
||||||
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
secp256k1_scalar_set_b32(&term, tweak32, &overflow);
|
||||||
return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term);
|
return !overflow && secp256k1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) {
|
int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) {
|
||||||
secp256k1_ge p;
|
secp256k1_ge p;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
||||||
ARG_CHECK(pubkey != NULL);
|
ARG_CHECK(pubkey != NULL);
|
||||||
ARG_CHECK(tweak != NULL);
|
ARG_CHECK(tweak32 != NULL);
|
||||||
|
|
||||||
ret = secp256k1_pubkey_load(ctx, &p, pubkey);
|
ret = secp256k1_pubkey_load(ctx, &p, pubkey);
|
||||||
memset(pubkey, 0, sizeof(*pubkey));
|
memset(pubkey, 0, sizeof(*pubkey));
|
||||||
ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak);
|
ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak32);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
secp256k1_pubkey_save(pubkey, &p);
|
secp256k1_pubkey_save(pubkey, &p);
|
||||||
}
|
}
|
||||||
|
@ -677,16 +679,16 @@ int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
|
||||||
secp256k1_scalar factor;
|
secp256k1_scalar factor;
|
||||||
secp256k1_scalar sec;
|
secp256k1_scalar sec;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int overflow = 0;
|
int overflow = 0;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(seckey != NULL);
|
ARG_CHECK(seckey != NULL);
|
||||||
ARG_CHECK(tweak != NULL);
|
ARG_CHECK(tweak32 != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
secp256k1_scalar_set_b32(&factor, tweak32, &overflow);
|
||||||
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
|
ret = secp256k1_scalar_set_b32_seckey(&sec, seckey);
|
||||||
ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor);
|
ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor);
|
||||||
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
|
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret);
|
||||||
|
@ -697,11 +699,11 @@ int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *s
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_privkey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) {
|
||||||
return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak);
|
return secp256k1_ec_seckey_tweak_mul(ctx, seckey, tweak32);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) {
|
int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) {
|
||||||
secp256k1_ge p;
|
secp256k1_ge p;
|
||||||
secp256k1_scalar factor;
|
secp256k1_scalar factor;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
@ -709,9 +711,9 @@ int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
|
||||||
ARG_CHECK(pubkey != NULL);
|
ARG_CHECK(pubkey != NULL);
|
||||||
ARG_CHECK(tweak != NULL);
|
ARG_CHECK(tweak32 != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
secp256k1_scalar_set_b32(&factor, tweak32, &overflow);
|
||||||
ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey);
|
ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey);
|
||||||
memset(pubkey, 0, sizeof(*pubkey));
|
memset(pubkey, 0, sizeof(*pubkey));
|
||||||
if (ret) {
|
if (ret) {
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Pieter Wuille *
|
* Copyright (c) 2020 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_SELFTEST_H
|
#ifndef SECP256K1_SELFTEST_H
|
||||||
#define SECP256K1_SELFTEST_H
|
#define SECP256K1_SELFTEST_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_TESTRAND_H
|
#ifndef SECP256K1_TESTRAND_H
|
||||||
#define SECP256K1_TESTRAND_H
|
#define SECP256K1_TESTRAND_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013-2015 Pieter Wuille *
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_TESTRAND_IMPL_H
|
#ifndef SECP256K1_TESTRAND_IMPL_H
|
||||||
#define SECP256K1_TESTRAND_IMPL_H
|
#define SECP256K1_TESTRAND_IMPL_H
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell *
|
* Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#if defined HAVE_CONFIG_H
|
#if defined HAVE_CONFIG_H
|
||||||
#include "libsecp256k1-config.h"
|
#include "libsecp256k1-config.h"
|
||||||
|
@ -1964,28 +1964,6 @@ void run_field_inv_var(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_inv_all_var(void) {
|
|
||||||
secp256k1_fe x[16], xi[16], xii[16];
|
|
||||||
int i;
|
|
||||||
/* Check it's safe to call for 0 elements */
|
|
||||||
secp256k1_fe_inv_all_var(xi, x, 0);
|
|
||||||
for (i = 0; i < count; i++) {
|
|
||||||
size_t j;
|
|
||||||
size_t len = secp256k1_testrand_int(15) + 1;
|
|
||||||
for (j = 0; j < len; j++) {
|
|
||||||
random_fe_non_zero(&x[j]);
|
|
||||||
}
|
|
||||||
secp256k1_fe_inv_all_var(xi, x, len);
|
|
||||||
for (j = 0; j < len; j++) {
|
|
||||||
CHECK(check_fe_inverse(&x[j], &xi[j]));
|
|
||||||
}
|
|
||||||
secp256k1_fe_inv_all_var(xii, xi, len);
|
|
||||||
for (j = 0; j < len; j++) {
|
|
||||||
CHECK(check_fe_equal(&x[j], &xii[j]));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void run_sqr(void) {
|
void run_sqr(void) {
|
||||||
secp256k1_fe x, s;
|
secp256k1_fe x, s;
|
||||||
|
|
||||||
|
@ -2111,7 +2089,6 @@ void test_ge(void) {
|
||||||
*/
|
*/
|
||||||
secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs));
|
secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs));
|
||||||
secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs));
|
secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs));
|
||||||
secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs));
|
|
||||||
secp256k1_fe zf;
|
secp256k1_fe zf;
|
||||||
secp256k1_fe zfi2, zfi3;
|
secp256k1_fe zfi2, zfi3;
|
||||||
|
|
||||||
|
@ -2145,23 +2122,6 @@ void test_ge(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Compute z inverses. */
|
|
||||||
{
|
|
||||||
secp256k1_fe *zs = checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs));
|
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
|
||||||
if (i == 0) {
|
|
||||||
/* The point at infinity does not have a meaningful z inverse. Any should do. */
|
|
||||||
do {
|
|
||||||
random_field_element_test(&zs[i]);
|
|
||||||
} while(secp256k1_fe_is_zero(&zs[i]));
|
|
||||||
} else {
|
|
||||||
zs[i] = gej[i].z;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
secp256k1_fe_inv_all_var(zinv, zs, 4 * runs + 1);
|
|
||||||
free(zs);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */
|
/* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */
|
||||||
do {
|
do {
|
||||||
random_field_element_test(&zf);
|
random_field_element_test(&zf);
|
||||||
|
@ -2270,16 +2230,9 @@ void test_ge(void) {
|
||||||
free(gej_shuffled);
|
free(gej_shuffled);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Test batch gej -> ge conversion with and without known z ratios. */
|
/* Test batch gej -> ge conversion without known z ratios. */
|
||||||
{
|
{
|
||||||
secp256k1_fe *zr = (secp256k1_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_fe));
|
|
||||||
secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge));
|
secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge));
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
|
||||||
/* Compute gej[i + 1].z / gez[i].z (with gej[n].z taken to be 1). */
|
|
||||||
if (i < 4 * runs) {
|
|
||||||
secp256k1_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1);
|
secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1);
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
secp256k1_fe s;
|
secp256k1_fe s;
|
||||||
|
@ -2288,7 +2241,6 @@ void test_ge(void) {
|
||||||
ge_equals_gej(&ge_set_all[i], &gej[i]);
|
ge_equals_gej(&ge_set_all[i], &gej[i]);
|
||||||
}
|
}
|
||||||
free(ge_set_all);
|
free(ge_set_all);
|
||||||
free(zr);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Test batch gej -> ge conversion with many infinities. */
|
/* Test batch gej -> ge conversion with many infinities. */
|
||||||
|
@ -2309,7 +2261,6 @@ void test_ge(void) {
|
||||||
|
|
||||||
free(ge);
|
free(ge);
|
||||||
free(gej);
|
free(gej);
|
||||||
free(zinv);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -5444,18 +5395,18 @@ void run_ecdsa_openssl(void) {
|
||||||
# include "modules/schnorrsig/tests_impl.h"
|
# include "modules/schnorrsig/tests_impl.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void run_memczero_test(void) {
|
void run_secp256k1_memczero_test(void) {
|
||||||
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
|
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
|
||||||
unsigned char buf2[sizeof(buf1)];
|
unsigned char buf2[sizeof(buf1)];
|
||||||
|
|
||||||
/* memczero(..., ..., 0) is a noop. */
|
/* secp256k1_memczero(..., ..., 0) is a noop. */
|
||||||
memcpy(buf2, buf1, sizeof(buf1));
|
memcpy(buf2, buf1, sizeof(buf1));
|
||||||
memczero(buf1, sizeof(buf1), 0);
|
secp256k1_memczero(buf1, sizeof(buf1), 0);
|
||||||
CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
|
CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
|
||||||
|
|
||||||
/* memczero(..., ..., 1) zeros the buffer. */
|
/* secp256k1_memczero(..., ..., 1) zeros the buffer. */
|
||||||
memset(buf2, 0, sizeof(buf2));
|
memset(buf2, 0, sizeof(buf2));
|
||||||
memczero(buf1, sizeof(buf1) , 1);
|
secp256k1_memczero(buf1, sizeof(buf1) , 1);
|
||||||
CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
|
CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5626,6 +5577,15 @@ int main(int argc, char **argv) {
|
||||||
/* find iteration count */
|
/* find iteration count */
|
||||||
if (argc > 1) {
|
if (argc > 1) {
|
||||||
count = strtol(argv[1], NULL, 0);
|
count = strtol(argv[1], NULL, 0);
|
||||||
|
} else {
|
||||||
|
const char* env = getenv("SECP256K1_TEST_ITERS");
|
||||||
|
if (env) {
|
||||||
|
count = strtol(env, NULL, 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (count <= 0) {
|
||||||
|
fputs("An iteration count of 0 or less is not allowed.\n", stderr);
|
||||||
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
printf("test count = %i\n", count);
|
printf("test count = %i\n", count);
|
||||||
|
|
||||||
|
@ -5661,7 +5621,6 @@ int main(int argc, char **argv) {
|
||||||
/* field tests */
|
/* field tests */
|
||||||
run_field_inv();
|
run_field_inv();
|
||||||
run_field_inv_var();
|
run_field_inv_var();
|
||||||
run_field_inv_all_var();
|
|
||||||
run_field_misc();
|
run_field_misc();
|
||||||
run_field_convert();
|
run_field_convert();
|
||||||
run_sqr();
|
run_sqr();
|
||||||
|
@ -5723,7 +5682,7 @@ int main(int argc, char **argv) {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* util tests */
|
/* util tests */
|
||||||
run_memczero_test();
|
run_secp256k1_memczero_test();
|
||||||
|
|
||||||
run_cmov_tests();
|
run_cmov_tests();
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2016 Andrew Poelstra *
|
* Copyright (c) 2016 Andrew Poelstra *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#if defined HAVE_CONFIG_H
|
#if defined HAVE_CONFIG_H
|
||||||
#include "libsecp256k1-config.h"
|
#include "libsecp256k1-config.h"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/************************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2013, 2014 Pieter Wuille *
|
* Copyright (c) 2013, 2014 Pieter Wuille *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or https://www.opensource.org/licenses/mit-license.php .*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
************************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#ifndef SECP256K1_UTIL_H
|
#ifndef SECP256K1_UTIL_H
|
||||||
#define SECP256K1_UTIL_H
|
#define SECP256K1_UTIL_H
|
||||||
|
@ -141,7 +141,7 @@ static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_siz
|
||||||
VERIFY_CHECK(((unsigned char*)*prealloc_ptr - (unsigned char*)base) % ALIGNMENT == 0);
|
VERIFY_CHECK(((unsigned char*)*prealloc_ptr - (unsigned char*)base) % ALIGNMENT == 0);
|
||||||
VERIFY_CHECK((unsigned char*)*prealloc_ptr - (unsigned char*)base + aligned_alloc_size <= max_size);
|
VERIFY_CHECK((unsigned char*)*prealloc_ptr - (unsigned char*)base + aligned_alloc_size <= max_size);
|
||||||
ret = *prealloc_ptr;
|
ret = *prealloc_ptr;
|
||||||
*((unsigned char**)prealloc_ptr) += aligned_alloc_size;
|
*prealloc_ptr = (unsigned char*)*prealloc_ptr + aligned_alloc_size;
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -202,7 +202,7 @@ static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_siz
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */
|
/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */
|
||||||
static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) {
|
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag) {
|
||||||
unsigned char *p = (unsigned char *)s;
|
unsigned char *p = (unsigned char *)s;
|
||||||
/* Access flag with a volatile-qualified lvalue.
|
/* Access flag with a volatile-qualified lvalue.
|
||||||
This prevents clang from figuring out (after inlining) that flag can
|
This prevents clang from figuring out (after inlining) that flag can
|
||||||
|
@ -260,14 +260,20 @@ static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
|
||||||
# define SECP256K1_WIDEMUL_INT128 1
|
# define SECP256K1_WIDEMUL_INT128 1
|
||||||
#elif defined(USE_FORCE_WIDEMUL_INT64)
|
#elif defined(USE_FORCE_WIDEMUL_INT64)
|
||||||
# define SECP256K1_WIDEMUL_INT64 1
|
# define SECP256K1_WIDEMUL_INT64 1
|
||||||
#elif defined(__SIZEOF_INT128__)
|
#elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__)
|
||||||
# define SECP256K1_WIDEMUL_INT128 1
|
# define SECP256K1_WIDEMUL_INT128 1
|
||||||
#else
|
#else
|
||||||
# define SECP256K1_WIDEMUL_INT64 1
|
# define SECP256K1_WIDEMUL_INT64 1
|
||||||
#endif
|
#endif
|
||||||
#if defined(SECP256K1_WIDEMUL_INT128)
|
#if defined(SECP256K1_WIDEMUL_INT128)
|
||||||
|
# if !defined(UINT128_MAX) && defined(__SIZEOF_INT128__)
|
||||||
SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
|
SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
|
||||||
SECP256K1_GNUC_EXT typedef __int128 int128_t;
|
SECP256K1_GNUC_EXT typedef __int128 int128_t;
|
||||||
|
#define UINT128_MAX ((uint128_t)(-1))
|
||||||
|
#define INT128_MAX ((int128_t)(UINT128_MAX >> 1))
|
||||||
|
#define INT128_MIN (-INT128_MAX - 1)
|
||||||
|
/* No (U)INT128_C macros because compilers providing __int128 do not support 128-bit literals. */
|
||||||
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* SECP256K1_UTIL_H */
|
#endif /* SECP256K1_UTIL_H */
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
/**********************************************************************
|
/***********************************************************************
|
||||||
* Copyright (c) 2020 Gregory Maxwell *
|
* Copyright (c) 2020 Gregory Maxwell *
|
||||||
* Distributed under the MIT software license, see the accompanying *
|
* Distributed under the MIT software license, see the accompanying *
|
||||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
||||||
**********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
#include <valgrind/memcheck.h>
|
#include <valgrind/memcheck.h>
|
||||||
#include "include/secp256k1.h"
|
#include "include/secp256k1.h"
|
||||||
|
@ -140,6 +140,12 @@ int main(void) {
|
||||||
ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
|
ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
|
||||||
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
|
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
|
||||||
CHECK(ret == 1);
|
CHECK(ret == 1);
|
||||||
|
|
||||||
|
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
|
||||||
|
VALGRIND_MAKE_MEM_UNDEFINED(&keypair, sizeof(keypair));
|
||||||
|
ret = secp256k1_keypair_sec(ctx, key, &keypair);
|
||||||
|
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
|
||||||
|
CHECK(ret == 1);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef ENABLE_MODULE_SCHNORRSIG
|
#ifdef ENABLE_MODULE_SCHNORRSIG
|
||||||
|
|
Loading…
Reference in New Issue