// Copyright 2015 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . // secp256k1_context_create_sign_verify creates a context for signing and signature verification. static secp256k1_context* secp256k1_context_create_sign_verify() { return secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); } // secp256k1_ecdsa_recover_pubkey recovers the public key of an encoded compact signature. // // Returns: 1: recovery was successful // 0: recovery was not successful // Args: ctx: pointer to a context object (cannot be NULL) // Out: pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL) // In: sigdata: pointer to a 65-byte signature with the recovery id at the end (cannot be NULL) // msgdata: pointer to a 32-byte message (cannot be NULL) static int secp256k1_ecdsa_recover_pubkey( const secp256k1_context* ctx, unsigned char *pubkey_out, const unsigned char *sigdata, const unsigned char *msgdata ) { secp256k1_ecdsa_recoverable_signature sig; secp256k1_pubkey pubkey; if (!secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) { return 0; } if (!secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) { return 0; } size_t outputlen = 65; return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED); } // secp256k1_ecdsa_verify_enc verifies an encoded compact signature. // // Returns: 1: signature is valid // 0: signature is invalid // Args: ctx: pointer to a context object (cannot be NULL) // In: sigdata: pointer to a 64-byte signature (cannot be NULL) // msgdata: pointer to a 32-byte message (cannot be NULL) // pubkeydata: pointer to public key data (cannot be NULL) // pubkeylen: length of pubkeydata static int secp256k1_ecdsa_verify_enc( const secp256k1_context* ctx, const unsigned char *sigdata, const unsigned char *msgdata, const unsigned char *pubkeydata, size_t pubkeylen ) { secp256k1_ecdsa_signature sig; secp256k1_pubkey pubkey; if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) { return 0; } if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) { return 0; } return secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey); } // secp256k1_decompress_pubkey decompresses a public key. // // Returns: 1: public key is valid // 0: public key is invalid // Args: ctx: pointer to a context object (cannot be NULL) // Out: pubkey_out: the serialized 65-byte public key (cannot be NULL) // In: pubkeydata: pointer to 33 bytes of compressed public key data (cannot be NULL) static int secp256k1_decompress_pubkey( const secp256k1_context* ctx, unsigned char *pubkey_out, const unsigned char *pubkeydata ) { secp256k1_pubkey pubkey; if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, 33)) { return 0; } size_t outputlen = 65; return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED); } // secp256k1_pubkey_scalar_mul multiplies a point by a scalar in constant time. // // Returns: 1: multiplication was successful // 0: scalar was invalid (zero or overflow) // Args: ctx: pointer to a context object (cannot be NULL) // Out: point: the multiplied point (usually secret) // In: point: pointer to a 64-byte public point, // encoded as two 256bit big-endian numbers. // scalar: a 32-byte scalar with which to multiply the point int secp256k1_pubkey_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) { int ret = 0; int overflow = 0; secp256k1_fe feX, feY; secp256k1_gej res; secp256k1_ge ge; secp256k1_scalar s; ARG_CHECK(point != NULL); ARG_CHECK(scalar != NULL); (void)ctx; secp256k1_fe_set_b32(&feX, point); secp256k1_fe_set_b32(&feY, point+32); secp256k1_ge_set_xy(&ge, &feX, &feY); secp256k1_scalar_set_b32(&s, scalar, &overflow); if (overflow || secp256k1_scalar_is_zero(&s)) { ret = 0; } else { secp256k1_ecmult_const(&res, &ge, &s); secp256k1_ge_set_gej(&ge, &res); /* Note: can't use secp256k1_pubkey_save here because it is not constant time. */ secp256k1_fe_normalize(&ge.x); secp256k1_fe_normalize(&ge.y); secp256k1_fe_get_b32(point, &ge.x); secp256k1_fe_get_b32(point+32, &ge.y); ret = 1; } secp256k1_scalar_clear(&s); return ret; }