Bitcoin Core  22.99.0
P2P Digital Currency
Functions | Variables
main_impl.h File Reference
#include "../../../include/secp256k1.h"
#include "../../../include/secp256k1_schnorrsig.h"
#include "../../hash.h"
Include dependency graph for main_impl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static void secp256k1_nonce_function_bip340_sha256_tagged (secp256k1_sha256 *sha)
 
static void secp256k1_nonce_function_bip340_sha256_tagged_aux (secp256k1_sha256 *sha)
 
static int nonce_function_bip340 (unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
 
static void secp256k1_schnorrsig_sha256_tagged (secp256k1_sha256 *sha)
 
static void secp256k1_schnorrsig_challenge (secp256k1_scalar *e, const unsigned char *r32, const unsigned char *msg, size_t msglen, const unsigned char *pubkey32)
 
int secp256k1_schnorrsig_sign_internal (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_nonce_function_hardened noncefp, void *ndata)
 
int secp256k1_schnorrsig_sign (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, unsigned char *aux_rand32)
 Create a Schnorr signature. More...
 
int secp256k1_schnorrsig_sign_custom (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_schnorrsig_extraparams *extraparams)
 Create a Schnorr signature with a more flexible API. More...
 
int secp256k1_schnorrsig_verify (const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey)
 Verify a Schnorr signature. More...
 

Variables

static const unsigned char bip340_algo [13] = "BIP0340/nonce"
 
static const unsigned char schnorrsig_extraparams_magic [4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC
 
const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340 = nonce_function_bip340
 An implementation of the nonce generation function as defined in Bitcoin Improvement Proposal 340 "Schnorr Signatures for secp256k1" (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). More...
 

Function Documentation

◆ nonce_function_bip340()

static int nonce_function_bip340 ( unsigned char *  nonce32,
const unsigned char *  msg,
size_t  msglen,
const unsigned char *  key32,
const unsigned char *  xonly_pk32,
const unsigned char *  algo,
size_t  algolen,
void *  data 
)
static

Definition at line 52 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_nonce_function_bip340_sha256_tagged()

static void secp256k1_nonce_function_bip340_sha256_tagged ( secp256k1_sha256 sha)
static

Definition at line 16 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_nonce_function_bip340_sha256_tagged_aux()

static void secp256k1_nonce_function_bip340_sha256_tagged_aux ( secp256k1_sha256 sha)
static

Definition at line 32 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_challenge()

static void secp256k1_schnorrsig_challenge ( secp256k1_scalar e,
const unsigned char *  r32,
const unsigned char *  msg,
size_t  msglen,
const unsigned char *  pubkey32 
)
static

Definition at line 109 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sha256_tagged()

static void secp256k1_schnorrsig_sha256_tagged ( secp256k1_sha256 sha)
static

Definition at line 96 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign()

int secp256k1_schnorrsig_sign ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *  msg32,
const secp256k1_keypair keypair,
unsigned char *  aux_rand32 
)

Create a Schnorr signature.

Does not strictly follow BIP-340 because it does not verify the resulting signature. Instead, you can manually use secp256k1_schnorrsig_verify and abort if it fails.

This function only signs 32-byte messages. If you have messages of a different size (or the same size but without a context-specific tag prefix), it is recommended to create a 32-byte message hash with secp256k1_tagged_sha256 and then sign the hash. Tagged hashing allows providing an context-specific tag for domain separation. This prevents signatures from being valid in multiple contexts by accident.

Returns 1 on success, 0 on failure. Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) Out: sig64: pointer to a 64-byte array to store the serialized signature (cannot be NULL) In: msg32: the 32-byte message being signed (cannot be NULL) keypair: pointer to an initialized keypair (cannot be NULL) aux_rand32: 32 bytes of fresh randomness. While recommended to provide this, it is only supplemental to security and can be NULL. See BIP-340 "Default Signing" for a full explanation of this argument and for guidance if randomness is expensive.

Definition at line 188 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign_custom()

int secp256k1_schnorrsig_sign_custom ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *  msg,
size_t  msglen,
const secp256k1_keypair keypair,
secp256k1_schnorrsig_extraparams extraparams 
)

Create a Schnorr signature with a more flexible API.

Same arguments as secp256k1_schnorrsig_sign except that it allows signing variable length messages and accepts a pointer to an extraparams object that allows customizing signing by passing additional arguments.

Creates the same signatures as schnorrsig_sign if msglen is 32 and the extraparams.ndata is the same as aux_rand32.

In: msg: the message being signed. Can only be NULL if msglen is 0. msglen: length of the message extraparams: pointer to a extraparams object (can be NULL)

Definition at line 192 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_sign_internal()

int secp256k1_schnorrsig_sign_internal ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *  msg,
size_t  msglen,
const secp256k1_keypair keypair,
secp256k1_nonce_function_hardened  noncefp,
void *  ndata 
)

Definition at line 125 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_schnorrsig_verify()

int secp256k1_schnorrsig_verify ( const secp256k1_context ctx,
const unsigned char *  sig64,
const unsigned char *  msg,
size_t  msglen,
const secp256k1_xonly_pubkey pubkey 
)

Verify a Schnorr signature.

Returns: 1: correct signature 0: incorrect signature Args: ctx: a secp256k1 context object, initialized for verification. In: sig64: pointer to the 64-byte signature to verify (cannot be NULL) msg: the message being verified. Can only be NULL if msglen is 0. msglen: length of the message pubkey: pointer to an x-only public key to verify with (cannot be NULL)

Definition at line 207 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ bip340_algo

const unsigned char bip340_algo[13] = "BIP0340/nonce"
static

Definition at line 48 of file main_impl.h.

◆ schnorrsig_extraparams_magic

const unsigned char schnorrsig_extraparams_magic[4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC
static

Definition at line 50 of file main_impl.h.

◆ secp256k1_nonce_function_bip340

const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340 = nonce_function_bip340

An implementation of the nonce generation function as defined in Bitcoin Improvement Proposal 340 "Schnorr Signatures for secp256k1" (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).

If a data pointer is passed, it is assumed to be a pointer to 32 bytes of auxiliary random data as defined in BIP-340. If the data pointer is NULL, the nonce derivation procedure follows BIP-340 by setting the auxiliary random data to zero. The algo argument must be non-NULL, otherwise the function will fail and return 0. The hash will be tagged with algo. Therefore, to create BIP-340 compliant signatures, algo must be set to "BIP0340/nonce" and algolen to 13.

Definition at line 92 of file main_impl.h.