Bitcoin Core  0.19.99
P2P Digital Currency
main_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2015 Andrew Poelstra *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_ECDH_MAIN_H
8 #define SECP256K1_MODULE_ECDH_MAIN_H
9 
10 #include "include/secp256k1_ecdh.h"
11 #include "ecmult_const_impl.h"
12 
13 static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
14  unsigned char version = (y[31] & 0x01) | 0x02;
15  secp256k1_sha256 sha;
16  (void)data;
17 
19  secp256k1_sha256_write(&sha, &version, 1);
20  secp256k1_sha256_write(&sha, x, 32);
21  secp256k1_sha256_finalize(&sha, output);
22 
23  return 1;
24 }
25 
28 
29 int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) {
30  int ret = 0;
31  int overflow = 0;
32  secp256k1_gej res;
33  secp256k1_ge pt;
35  VERIFY_CHECK(ctx != NULL);
36  ARG_CHECK(output != NULL);
37  ARG_CHECK(point != NULL);
38  ARG_CHECK(scalar != NULL);
39  if (hashfp == NULL) {
41  }
42 
43  secp256k1_pubkey_load(ctx, &pt, point);
44  secp256k1_scalar_set_b32(&s, scalar, &overflow);
45  if (overflow || secp256k1_scalar_is_zero(&s)) {
46  ret = 0;
47  } else {
48  unsigned char x[32];
49  unsigned char y[32];
50 
51  secp256k1_ecmult_const(&res, &pt, &s, 256);
52  secp256k1_ge_set_gej(&pt, &res);
53 
54  /* Compute a hash of the point */
57  secp256k1_fe_get_b32(x, &pt.x);
58  secp256k1_fe_get_b32(y, &pt.y);
59 
60  ret = hashfp(output, x, y, data);
61  }
62 
64  return ret;
65 }
66 
67 #endif /* SECP256K1_MODULE_ECDH_MAIN_H */
#define VERIFY_CHECK(cond)
Definition: util.h:67
int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data)
Compute an EC Diffie-Hellman secret in constant time Returns: 1: exponentiation was successful 0: sca...
Definition: main_impl.h:29
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:24
static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data)
Definition: main_impl.h:13
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits)
#define ARG_CHECK(cond)
Definition: secp256k1.c:22
static secp256k1_context * ctx
Definition: tests.c:46
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256
An implementation of SHA256 hash function that applies to compressed public key.
Definition: main_impl.h:26
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:14
secp256k1_fe x
Definition: group.h:15
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default
A default ecdh hash function (currently equal to secp256k1_ecdh_hash_function_sha256).
Definition: main_impl.h:27
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size)
static void secp256k1_fe_normalize(secp256k1_fe *r)
Field element module.
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a)
Convert a field element to a 32-byte big endian value.
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
Definition: secp256k1.c:138
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
secp256k1_fe y
Definition: group.h:16
int(* secp256k1_ecdh_hash_function)(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data)
A pointer to a function that applies hash function to a point.
static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32)
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:66