#include "../../../include/secp256k1.h"
#include "../../../include/secp256k1_schnorrsig.h"
#include "../../hash.h"

Include dependency graph for main_impl.h:

This graph shows which files directly or indirectly include this file:

Functions
static void	secp256k1_nonce_function_bip340_sha256_tagged (secp256k1_sha256 *sha)

static void	secp256k1_nonce_function_bip340_sha256_tagged_aux (secp256k1_sha256 *sha)

static int	nonce_function_bip340 (unsigned char nonce32, const unsigned char msg, size_t msglen, const unsigned char key32, const unsigned char xonly_pk32, const unsigned char algo, size_t algolen, void data)

static void	secp256k1_schnorrsig_sha256_tagged (secp256k1_sha256 *sha)

static void	secp256k1_schnorrsig_challenge (secp256k1_scalar e, const unsigned char r32, const unsigned char msg, size_t msglen, const unsigned char pubkey32)

static int	secp256k1_schnorrsig_sign_internal (const secp256k1_context ctx, unsigned char sig64, const unsigned char msg, size_t msglen, const secp256k1_keypair keypair, secp256k1_nonce_function_hardened noncefp, void *ndata)

int	secp256k1_schnorrsig_sign32 (const secp256k1_context ctx, unsigned char sig64, const unsigned char msg32, const secp256k1_keypair keypair, const unsigned char *aux_rand32)
	Create a Schnorr signature. More...

int	secp256k1_schnorrsig_sign (const secp256k1_context ctx, unsigned char sig64, const unsigned char msg32, const secp256k1_keypair keypair, const unsigned char *aux_rand32)
	Same as secp256k1_schnorrsig_sign32, but DEPRECATED. More...

int	secp256k1_schnorrsig_sign_custom (const secp256k1_context ctx, unsigned char sig64, const unsigned char msg, size_t msglen, const secp256k1_keypair keypair, secp256k1_schnorrsig_extraparams *extraparams)
	Create a Schnorr signature with a more flexible API. More...

int	secp256k1_schnorrsig_verify (const secp256k1_context ctx, const unsigned char sig64, const unsigned char msg, size_t msglen, const secp256k1_xonly_pubkey pubkey)
	Verify a Schnorr signature. More...

Variables
static const unsigned char	bip340_algo [] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'}

static const unsigned char	schnorrsig_extraparams_magic [4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC

const secp256k1_nonce_function_hardened	secp256k1_nonce_function_bip340 = nonce_function_bip340

Function Documentation

◆ nonce_function_bip340()

static int nonce_function_bip340	(	unsigned char *	nonce32,
		const unsigned char *	msg,
		size_t	msglen,
		const unsigned char *	key32,
		const unsigned char *	xonly_pk32,
		const unsigned char *	algo,
		size_t	algolen,
		void *	data
	)

static

Definition at line 52 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_nonce_function_bip340_sha256_tagged()

static void secp256k1_nonce_function_bip340_sha256_tagged ( secp256k1_sha256 * sha )

static

Definition at line 16 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_nonce_function_bip340_sha256_tagged_aux()

static void secp256k1_nonce_function_bip340_sha256_tagged_aux ( secp256k1_sha256 * sha )

static

Definition at line 32 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_challenge()

static void secp256k1_schnorrsig_challenge	(	secp256k1_scalar *	e,
		const unsigned char *	r32,
		const unsigned char *	msg,
		size_t	msglen,
		const unsigned char *	pubkey32
	)

static

Definition at line 117 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sha256_tagged()

static void secp256k1_schnorrsig_sha256_tagged ( secp256k1_sha256 * sha )

static

Definition at line 104 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign()

int secp256k1_schnorrsig_sign	(	const secp256k1_context *	ctx,
		unsigned char *	sig64,
		const unsigned char *	msg32,
		const secp256k1_keypair *	keypair,
		const unsigned char *	aux_rand32
	)

Same as secp256k1_schnorrsig_sign32, but DEPRECATED.

Will be removed in future versions.

Definition at line 202 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign32()

int secp256k1_schnorrsig_sign32	(	const secp256k1_context *	ctx,
		unsigned char *	sig64,
		const unsigned char *	msg32,
		const secp256k1_keypair *	keypair,
		const unsigned char *	aux_rand32
	)

Create a Schnorr signature.

Does not strictly follow BIP-340 because it does not verify the resulting signature. Instead, you can manually use secp256k1_schnorrsig_verify and abort if it fails.

This function only signs 32-byte messages. If you have messages of a different size (or the same size but without a context-specific tag prefix), it is recommended to create a 32-byte message hash with secp256k1_tagged_sha256 and then sign the hash. Tagged hashing allows providing an context-specific tag for domain separation. This prevents signatures from being valid in multiple contexts by accident.

Returns 1 on success, 0 on failure. Args: ctx: pointer to a context object (not secp256k1_context_static). Out: sig64: pointer to a 64-byte array to store the serialized signature. In: msg32: the 32-byte message being signed. keypair: pointer to an initialized keypair. aux_rand32: 32 bytes of fresh randomness. While recommended to provide this, it is only supplemental to security and can be NULL. A NULL argument is treated the same as an all-zero one. See BIP-340 "Default Signing" for a full explanation of this argument and for guidance if randomness is expensive.

Definition at line 197 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign_custom()

int secp256k1_schnorrsig_sign_custom	(	const secp256k1_context *	ctx,
		unsigned char *	sig64,
		const unsigned char *	msg,
		size_t	msglen,
		const secp256k1_keypair *	keypair,
		secp256k1_schnorrsig_extraparams *	extraparams
	)

Create a Schnorr signature with a more flexible API.

Same arguments as secp256k1_schnorrsig_sign except that it allows signing variable length messages and accepts a pointer to an extraparams object that allows customizing signing by passing additional arguments.

Equivalent to secp256k1_schnorrsig_sign32(..., aux_rand32) if msglen is 32 and extraparams is initialized as follows:

secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;

extraparams.ndata = (unsigned char*)aux_rand32;

SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT

#define SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT

Definition: secp256k1_schnorrsig.h:89

secp256k1_schnorrsig_extraparams

Data structure that contains additional arguments for schnorrsig_sign_custom.

Definition: secp256k1_schnorrsig.h:82

secp256k1_schnorrsig_extraparams::ndata

void * ndata

Definition: secp256k1_schnorrsig.h:85

Returns 1 on success, 0 on failure. Args: ctx: pointer to a context object (not secp256k1_context_static). Out: sig64: pointer to a 64-byte array to store the serialized signature. In: msg: the message being signed. Can only be NULL if msglen is 0. msglen: length of the message. keypair: pointer to an initialized keypair. extraparams: pointer to an extraparams object (can be NULL).

Definition at line 206 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign_internal()

static int secp256k1_schnorrsig_sign_internal	(	const secp256k1_context *	ctx,
		unsigned char *	sig64,
		const unsigned char *	msg,
		size_t	msglen,
		const secp256k1_keypair *	keypair,
		secp256k1_nonce_function_hardened	noncefp,
		void *	ndata
	)

static

Definition at line 133 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_schnorrsig_verify()

int secp256k1_schnorrsig_verify	(	const secp256k1_context *	ctx,
		const unsigned char *	sig64,
		const unsigned char *	msg,
		size_t	msglen,
		const secp256k1_xonly_pubkey *	pubkey
	)

Verify a Schnorr signature.

Returns: 1: correct signature 0: incorrect signature Args: ctx: pointer to a context object. In: sig64: pointer to the 64-byte signature to verify. msg: the message being verified. Can only be NULL if msglen is 0. msglen: length of the message pubkey: pointer to an x-only public key to verify with

Definition at line 221 of file main_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

◆ bip340_algo

const unsigned char bip340_algo[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'}

static

Definition at line 48 of file main_impl.h.

◆ schnorrsig_extraparams_magic

const unsigned char schnorrsig_extraparams_magic[4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC

static

Definition at line 50 of file main_impl.h.

◆ secp256k1_nonce_function_bip340

const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340 = nonce_function_bip340

Definition at line 100 of file main_impl.h.

Functions

Variables

Function Documentation

◆ nonce_function_bip340()

◆ secp256k1_nonce_function_bip340_sha256_tagged()

◆ secp256k1_nonce_function_bip340_sha256_tagged_aux()

◆ secp256k1_schnorrsig_challenge()

◆ secp256k1_schnorrsig_sha256_tagged()

◆ secp256k1_schnorrsig_sign()

◆ secp256k1_schnorrsig_sign32()

◆ secp256k1_schnorrsig_sign_custom()

◆ secp256k1_schnorrsig_sign_internal()

◆ secp256k1_schnorrsig_verify()

Variable Documentation

◆ bip340_algo

◆ schnorrsig_extraparams_magic

◆ secp256k1_nonce_function_bip340