Bitcoin Core 28.99.0
P2P Digital Currency
ctime_tests.c
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2020 Gregory Maxwell *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#include <stdio.h>
8#include <string.h>
9
10#include "../include/secp256k1.h"
11#include "assumptions.h"
12#include "checkmem.h"
13
14#if !SECP256K1_CHECKMEM_ENABLED
15# error "This tool cannot be compiled without memory-checking interface (valgrind or msan)"
16#endif
17
18#ifdef ENABLE_MODULE_ECDH
19# include "../include/secp256k1_ecdh.h"
20#endif
21
22#ifdef ENABLE_MODULE_RECOVERY
23# include "../include/secp256k1_recovery.h"
24#endif
25
26#ifdef ENABLE_MODULE_EXTRAKEYS
27# include "../include/secp256k1_extrakeys.h"
28#endif
29
30#ifdef ENABLE_MODULE_SCHNORRSIG
31#include "../include/secp256k1_schnorrsig.h"
32#endif
33
34#ifdef ENABLE_MODULE_MUSIG
35#include "../include/secp256k1_musig.h"
36#endif
37
38#ifdef ENABLE_MODULE_ELLSWIFT
39#include "../include/secp256k1_ellswift.h"
40#endif
41
42static void run_tests(secp256k1_context *ctx, unsigned char *key);
43
44int main(void) {
45 secp256k1_context* ctx;
46 unsigned char key[32];
47 int ret, i;
48
49 if (!SECP256K1_CHECKMEM_RUNNING()) {
50 fprintf(stderr, "This test can only usefully be run inside valgrind because it was not compiled under msan.\n");
51 fprintf(stderr, "Usage: libtool --mode=execute valgrind ./ctime_tests\n");
52 return 1;
53 }
54 ctx = secp256k1_context_create(SECP256K1_CONTEXT_DECLASSIFY);
58 for (i = 0; i < 32; i++) {
59 key[i] = i + 65;
60 }
61
62 run_tests(ctx, key);
63
64 /* Test context randomisation. Do this last because it leaves the context
65 * tainted. */
66 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
67 ret = secp256k1_context_randomize(ctx, key);
68 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
69 CHECK(ret);
70
71 secp256k1_context_destroy(ctx);
72 return 0;
73}
74
75static void run_tests(secp256k1_context *ctx, unsigned char *key) {
76 secp256k1_ecdsa_signature signature;
77 secp256k1_pubkey pubkey;
78 size_t siglen = 74;
79 size_t outputlen = 33;
80 int i;
81 int ret;
82 unsigned char msg[32];
83 unsigned char sig[74];
84 unsigned char spubkey[33];
85#ifdef ENABLE_MODULE_RECOVERY
86 secp256k1_ecdsa_recoverable_signature recoverable_signature;
87 int recid;
88#endif
89#ifdef ENABLE_MODULE_EXTRAKEYS
90 secp256k1_keypair keypair;
91#endif
92#ifdef ENABLE_MODULE_ELLSWIFT
93 unsigned char ellswift[64];
94 static const unsigned char prefix[64] = {'t', 'e', 's', 't'};
95#endif
96
97 for (i = 0; i < 32; i++) {
98 msg[i] = i + 1;
99 }
100
101 /* Test keygen. */
102 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
103 ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
104 SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(secp256k1_pubkey));
105 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
106 CHECK(ret);
107 CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
108
109 /* Test signing. */
110 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
111 ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
112 SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(secp256k1_ecdsa_signature));
113 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
114 CHECK(ret);
115 CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature));
116
117#ifdef ENABLE_MODULE_ECDH
118 /* Test ECDH. */
119 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
120 ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
121 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
122 CHECK(ret == 1);
123#endif
124
125#ifdef ENABLE_MODULE_RECOVERY
126 /* Test signing a recoverable signature. */
127 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
128 ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
129 SECP256K1_CHECKMEM_DEFINE(&recoverable_signature, sizeof(recoverable_signature));
130 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
131 CHECK(ret);
132 CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
133 CHECK(recid >= 0 && recid <= 3);
134#endif
135
136 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
137 ret = secp256k1_ec_seckey_verify(ctx, key);
138 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
139 CHECK(ret == 1);
140
141 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
142 ret = secp256k1_ec_seckey_negate(ctx, key);
143 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
144 CHECK(ret == 1);
145
146 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
147 SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
148 ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
149 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
150 CHECK(ret == 1);
151
152 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
153 SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
154 ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
155 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
156 CHECK(ret == 1);
157
158 /* Test keypair_create and keypair_xonly_tweak_add. */
159#ifdef ENABLE_MODULE_EXTRAKEYS
160 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
161 ret = secp256k1_keypair_create(ctx, &keypair, key);
162 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
163 CHECK(ret == 1);
164
165 /* The tweak is not treated as a secret in keypair_tweak_add */
166 SECP256K1_CHECKMEM_DEFINE(msg, 32);
167 ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
168 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
169 CHECK(ret == 1);
170
171 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
172 SECP256K1_CHECKMEM_UNDEFINE(&keypair, sizeof(keypair));
173 ret = secp256k1_keypair_sec(ctx, key, &keypair);
174 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
175 CHECK(ret == 1);
176#endif
177
178#ifdef ENABLE_MODULE_SCHNORRSIG
179 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
180 ret = secp256k1_keypair_create(ctx, &keypair, key);
181 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
182 CHECK(ret == 1);
183 ret = secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL);
184 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
185 CHECK(ret == 1);
186#endif
187
188#ifdef ENABLE_MODULE_MUSIG
189 {
190 secp256k1_pubkey pk;
191 const secp256k1_pubkey *pk_ptr[1];
192 secp256k1_xonly_pubkey agg_pk;
193 unsigned char session_secrand[32];
194 uint64_t nonrepeating_cnt = 0;
195 secp256k1_musig_secnonce secnonce;
196 secp256k1_musig_pubnonce pubnonce;
197 const secp256k1_musig_pubnonce *pubnonce_ptr[1];
198 secp256k1_musig_aggnonce aggnonce;
199 secp256k1_musig_keyagg_cache cache;
200 secp256k1_musig_session session;
201 secp256k1_musig_partial_sig partial_sig;
202 unsigned char extra_input[32];
203
204 pk_ptr[0] = &pk;
205 pubnonce_ptr[0] = &pubnonce;
206 SECP256K1_CHECKMEM_DEFINE(key, 32);
207 memcpy(session_secrand, key, sizeof(session_secrand));
208 session_secrand[0] = session_secrand[0] + 1;
209 memcpy(extra_input, key, sizeof(extra_input));
210 extra_input[0] = extra_input[0] + 2;
211
212 CHECK(secp256k1_keypair_create(ctx, &keypair, key));
213 CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair));
214 CHECK(secp256k1_musig_pubkey_agg(ctx, &agg_pk, &cache, pk_ptr, 1));
215
216 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
217 SECP256K1_CHECKMEM_UNDEFINE(session_secrand, sizeof(session_secrand));
218 SECP256K1_CHECKMEM_UNDEFINE(extra_input, sizeof(extra_input));
219 ret = secp256k1_musig_nonce_gen(ctx, &secnonce, &pubnonce, session_secrand, key, &pk, msg, &cache, extra_input);
220 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
221 CHECK(ret == 1);
222 ret = secp256k1_musig_nonce_gen_counter(ctx, &secnonce, &pubnonce, nonrepeating_cnt, &keypair, msg, &cache, extra_input);
223 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
224 CHECK(ret == 1);
225
226 CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 1));
227 /* Make sure that previous tests don't undefine msg. It's not used as a secret here. */
228 SECP256K1_CHECKMEM_DEFINE(msg, sizeof(msg));
229 CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &cache) == 1);
230
231 ret = secp256k1_keypair_create(ctx, &keypair, key);
232 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
233 CHECK(ret == 1);
234 ret = secp256k1_musig_partial_sign(ctx, &partial_sig, &secnonce, &keypair, &cache, &session);
235 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
236 CHECK(ret == 1);
237 }
238#endif
239
240#ifdef ENABLE_MODULE_ELLSWIFT
241 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
242 ret = secp256k1_ellswift_create(ctx, ellswift, key, NULL);
243 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
244 CHECK(ret == 1);
245
246 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
247 ret = secp256k1_ellswift_create(ctx, ellswift, key, ellswift);
248 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
249 CHECK(ret == 1);
250
251 for (i = 0; i < 2; i++) {
252 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
253 SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift));
254 ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_bip324, NULL);
255 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
256 CHECK(ret == 1);
257
258 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
259 SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift));
260 ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_prefix, (void *)prefix);
261 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
262 CHECK(ret == 1);
263 }
264
265#endif
266}
ret
int ret
Definition: bitcoin-cli.cpp:1354
SECP256K1_CHECKMEM_UNDEFINE
#define SECP256K1_CHECKMEM_UNDEFINE(p, len)
Definition: checkmem.h:90
SECP256K1_CHECKMEM_DEFINE
#define SECP256K1_CHECKMEM_DEFINE(p, len)
Definition: checkmem.h:91
SECP256K1_CHECKMEM_RUNNING
#define SECP256K1_CHECKMEM_RUNNING()
Definition: checkmem.h:93
run_tests
static void run_tests(secp256k1_context *ctx, unsigned char *key)
Definition: ctime_tests.c:75
main
int main(void)
Definition: ctime_tests.c:44
CHECK
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35
tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:56
tests_wycheproof_generate.pk
def pk
Definition: tests_wycheproof_generate.py:69
prefix
const char * prefix
Definition: rest.cpp:1009
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:187
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:712
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:759
SECP256K1_CONTEXT_DECLASSIFY
#define SECP256K1_CONTEXT_DECLASSIFY
Definition: secp256k1.h:209
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:622
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:268
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an elliptic curve secret key.
Definition: secp256k1.c:580
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:141
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:566
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:604
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:212
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:406
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:668
secp256k1_ecdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:30
secp256k1_ellswift_xdh_hash_function_prefix
SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix
An implementation of an secp256k1_ellswift_xdh_hash_function which uses SHA256(prefix64 || ell_a64 ||...
Definition: secp256k1_ellswift.h:75
secp256k1_ellswift_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute an ElligatorSwift public key for a secret key.
Definition: main_impl.h:450
secp256k1_ellswift_xdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_xdh(const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(7)
Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret ...
Definition: main_impl.h:551
secp256k1_ellswift_xdh_hash_function_bip324
SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324
An implementation of an secp256k1_ellswift_xdh_hash_function compatible with BIP324.
Definition: secp256k1_ellswift.h:83
secp256k1_keypair_pub
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the public key from a keypair.
Definition: main_impl.h:224
secp256k1_keypair_sec
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the secret key from a keypair.
Definition: main_impl.h:214
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a valid secret key.
Definition: main_impl.h:196
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:255
secp256k1_musig_nonce_agg
SECP256K1_API int secp256k1_musig_nonce_agg(const secp256k1_context *ctx, secp256k1_musig_aggnonce *aggnonce, const secp256k1_musig_pubnonce *const *pubnonces, size_t n_pubnonces) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Aggregates the nonces of all signers into a single nonce.
Definition: session_impl.h:536
secp256k1_musig_partial_sign
SECP256K1_API int secp256k1_musig_partial_sign(const secp256k1_context *ctx, secp256k1_musig_partial_sig *partial_sig, secp256k1_musig_secnonce *secnonce, const secp256k1_keypair *keypair, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Produces a partial signature.
Definition: session_impl.h:658
secp256k1_musig_nonce_gen
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6)
Starts a signing session by generating a nonce.
Definition: session_impl.h:461
secp256k1_musig_nonce_gen_counter
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen_counter(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, uint64_t nonrepeating_cnt, const secp256k1_keypair *keypair, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Alternative way to generate a nonce and start a signing session.
Definition: session_impl.h:489
secp256k1_musig_pubkey_agg
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey *const *pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4)
Computes an aggregate public key and uses it to initialize a keyagg_cache.
Definition: keyagg_impl.h:175
secp256k1_musig_nonce_process
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(const secp256k1_context *ctx, secp256k1_musig_session *session, const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Takes the aggregate nonce and creates a session that is required for signing and verification of part...
Definition: session_impl.h:612
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorrsig_sign32
SECP256K1_API int secp256k1_schnorrsig_sign32(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:197
secp256k1_context_struct
Definition: secp256k1.c:61
secp256k1_ecdsa_recoverable_signature
Opaque data structure that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structure that holds a parsed ECDSA signature.
Definition: secp256k1.h:74
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_musig_aggnonce
Opaque data structure that holds an aggregate public nonce.
Definition: secp256k1_musig.h:77
secp256k1_musig_keyagg_cache
This module implements BIP 327 "MuSig2 for BIP340-compatible Multi-Signatures" (https://github....
Definition: secp256k1_musig.h:43
secp256k1_musig_partial_sig
Opaque data structure that holds a partial MuSig signature.
Definition: secp256k1_musig.h:96
secp256k1_musig_pubnonce
Opaque data structure that holds a signer's public nonce.
Definition: secp256k1_musig.h:68
secp256k1_musig_secnonce
Opaque data structure that holds a signer's secret nonce.
Definition: secp256k1_musig.h:59
secp256k1_musig_session
Opaque data structure that holds a MuSig session.
Definition: secp256k1_musig.h:87
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61
secp256k1_xonly_pubkey
Opaque data structure that holds a parsed and valid "x-only" public key.
Definition: secp256k1_extrakeys.h:22
Generated on Wed Dec 18 2024 20:00:11 for Bitcoin Core by doxygen 1.9.4