mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-03-10 09:06:15 +01:00
2d46a89386
0cdc758a563 Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd542a release: prepare for 0.6.0 df2eceb2790 build: add ellswift.md and musig.md to release tarball a306bb7e903 tools: fix check-abi.sh after cmake out locations were changed 145868a84d2 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb8bf Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of #636) a38d879a1a6 Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed02e Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fdb71 Name public API structs 0f73caf7c62 test, ci: Lower default iteration count to 16 9a8db52f4e9 Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef53335a Clear _gej instances after point multiplication to avoid potential leaks 349e6ab916b Introduce separate _clear functions for hash module 99cc9fd6d01 Don't rely on memset to set signed integers to 0 97c57f42ba8 Implement various _clear() functions with secp256k1_memclear() 9bb368d1466 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf001 Separate between clearing memory and setting to zero in tests d79a6ccd43a Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262227 Add secp256k1_memclear() for clearing secret data 1464f15c812 Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df80a util: Remove unused (u)int64_t formatting macros 9b7c59cbb90 Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23f63 ci: Update macOS image e7d384488e8 Don't clear secrets in pippenger implementation 68b55209f1b Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b3d8 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f50c0 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839fb2e Remove unused scratch space from API 57eda3ba300 musig: ctimetests: fix _declassify range for generated nonce points 87384f5c0f2 cmake, test: Add `secp256k1_` prefix to test names e59158b6eb7 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c25 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3c4 examples: make key generation doc consistent e8908221a45 examples: do not retry generating seckey randomness in musig 70b6be1834e extrakeys: improve doc of keypair_create (don't suggest retry) 01b5893389e Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3ba8 Improve examples/documentation: remove key generation loops a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f5 build: allow enabling the musig module in cmake f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f38 util: add constant-time is_zero_array function c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407f f can never equal -m c232486d84e Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2146 cmake: Set top-level target output locations 4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb06d include: Avoid visibility("default") on Windows 472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97f group: add ge_to_bytes and ge_from_bytes 7c987ec89e6 cmake: Call `enable_testing()` unconditionally 6aa576515ef cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: 0cdc758a56360bf58a851fe91085a327ec97685a
113 lines
4.6 KiB
C
113 lines
4.6 KiB
C
#ifndef SECP256K1_RECOVERY_H
|
|
#define SECP256K1_RECOVERY_H
|
|
|
|
#include "secp256k1.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Opaque data structure that holds a parsed ECDSA signature,
|
|
* supporting pubkey recovery.
|
|
*
|
|
* The exact representation of data inside is implementation defined and not
|
|
* guaranteed to be portable between different platforms or versions. It is
|
|
* however guaranteed to be 65 bytes in size, and can be safely copied/moved.
|
|
* If you need to convert to a format suitable for storage or transmission, use
|
|
* the secp256k1_ecdsa_signature_serialize_* and
|
|
* secp256k1_ecdsa_signature_parse_* functions.
|
|
*
|
|
* Furthermore, it is guaranteed that identical signatures (including their
|
|
* recoverability) will have identical representation, so they can be
|
|
* memcmp'ed.
|
|
*/
|
|
typedef struct secp256k1_ecdsa_recoverable_signature {
|
|
unsigned char data[65];
|
|
} secp256k1_ecdsa_recoverable_signature;
|
|
|
|
/** Parse a compact ECDSA signature (64 bytes + recovery id).
|
|
*
|
|
* Returns: 1 when the signature could be parsed, 0 otherwise
|
|
* Args: ctx: pointer to a context object
|
|
* Out: sig: pointer to a signature object
|
|
* In: input64: pointer to a 64-byte compact signature
|
|
* recid: the recovery id (0, 1, 2 or 3)
|
|
*/
|
|
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(
|
|
const secp256k1_context *ctx,
|
|
secp256k1_ecdsa_recoverable_signature *sig,
|
|
const unsigned char *input64,
|
|
int recid
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Convert a recoverable signature into a normal signature.
|
|
*
|
|
* Returns: 1
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: sig: pointer to a normal signature.
|
|
* In: sigin: pointer to a recoverable signature.
|
|
*/
|
|
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(
|
|
const secp256k1_context *ctx,
|
|
secp256k1_ecdsa_signature *sig,
|
|
const secp256k1_ecdsa_recoverable_signature *sigin
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
|
|
*
|
|
* Returns: 1
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: output64: pointer to a 64-byte array of the compact signature.
|
|
* recid: pointer to an integer to hold the recovery id.
|
|
* In: sig: pointer to an initialized signature object.
|
|
*/
|
|
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(
|
|
const secp256k1_context *ctx,
|
|
unsigned char *output64,
|
|
int *recid,
|
|
const secp256k1_ecdsa_recoverable_signature *sig
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Create a recoverable ECDSA signature.
|
|
*
|
|
* Returns: 1: signature created
|
|
* 0: the nonce generation function failed, or the secret key was invalid.
|
|
* Args: ctx: pointer to a context object (not secp256k1_context_static).
|
|
* Out: sig: pointer to an array where the signature will be placed.
|
|
* In: msghash32: the 32-byte message hash being signed.
|
|
* seckey: pointer to a 32-byte secret key.
|
|
* noncefp: pointer to a nonce generation function. If NULL,
|
|
* secp256k1_nonce_function_default is used.
|
|
* ndata: pointer to arbitrary data used by the nonce generation function
|
|
* (can be NULL for secp256k1_nonce_function_default).
|
|
*/
|
|
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
|
|
const secp256k1_context *ctx,
|
|
secp256k1_ecdsa_recoverable_signature *sig,
|
|
const unsigned char *msghash32,
|
|
const unsigned char *seckey,
|
|
secp256k1_nonce_function noncefp,
|
|
const void *ndata
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
/** Recover an ECDSA public key from a signature.
|
|
*
|
|
* Returns: 1: public key successfully recovered (which guarantees a correct signature).
|
|
* 0: otherwise.
|
|
* Args: ctx: pointer to a context object.
|
|
* Out: pubkey: pointer to the recovered public key.
|
|
* In: sig: pointer to initialized signature that supports pubkey recovery.
|
|
* msghash32: the 32-byte message hash assumed to be signed.
|
|
*/
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
|
|
const secp256k1_context *ctx,
|
|
secp256k1_pubkey *pubkey,
|
|
const secp256k1_ecdsa_recoverable_signature *sig,
|
|
const unsigned char *msghash32
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_RECOVERY_H */
|