Bitcoin Core  22.99.0
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1 #ifndef SECP256K1_H
2 #define SECP256K1_H
3 
4 #ifdef __cplusplus
5 extern "C" {
6 #endif
7 
8 #include <stddef.h>
9 
10 /* Unless explicitly stated all pointer arguments must not be NULL.
11  *
12  * The following rules specify the order of arguments in API calls:
13  *
14  * 1. Context pointers go first, followed by output arguments, combined
15  * output/input arguments, and finally input-only arguments.
16  * 2. Array lengths always immediately follow the argument whose length
17  * they describe, even if this violates rule 1.
18  * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
19  * later go first. This means: signatures, public nonces, secret nonces,
20  * messages, public keys, secret keys, tweaks.
21  * 4. Arguments that are not data pointers go last, from more complex to less
22  * complex: function pointers, algorithm names, messages, void pointers,
23  * counts, flags, booleans.
24  * 5. Opaque data pointers follow the function pointer they are to be passed to.
25  */
26 
47 
60 
70 typedef struct {
71  unsigned char data[64];
73 
83 typedef struct {
84  unsigned char data[64];
86 
104  unsigned char *nonce32,
105  const unsigned char *msg32,
106  const unsigned char *key32,
107  const unsigned char *algo16,
108  void *data,
109  unsigned int attempt
110 );
111 
112 # if !defined(SECP256K1_GNUC_PREREQ)
113 # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
114 # define SECP256K1_GNUC_PREREQ(_maj,_min) \
115  ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
116 # else
117 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
118 # endif
119 # endif
120 
121 # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
122 # if SECP256K1_GNUC_PREREQ(2,7)
123 # define SECP256K1_INLINE __inline__
124 # elif (defined(_MSC_VER))
125 # define SECP256K1_INLINE __inline
126 # else
127 # define SECP256K1_INLINE
128 # endif
129 # else
130 # define SECP256K1_INLINE inline
131 # endif
132 
140 #ifndef SECP256K1_BUILD
141 # define SECP256K1_NO_BUILD
142 #endif
143 
144 #ifndef SECP256K1_API
145 # if defined(_WIN32)
146 # ifdef SECP256K1_BUILD
147 # define SECP256K1_API __declspec(dllexport)
148 # else
149 # define SECP256K1_API
150 # endif
151 # elif defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
152 # define SECP256K1_API __attribute__ ((visibility ("default")))
153 # else
154 # define SECP256K1_API
155 # endif
156 #endif
157 
161 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
162 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
163 # else
164 # define SECP256K1_WARN_UNUSED_RESULT
165 # endif
166 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
167 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
168 # else
169 # define SECP256K1_ARG_NONNULL(_x)
170 # endif
171 
173 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
174 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
175 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
176 
177 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
178 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
179 #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
180 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
181 
184 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
185 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
186 #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
187 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
188 
190 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
191 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
192 
194 #define SECP256K1_TAG_PUBKEY_EVEN 0x02
195 #define SECP256K1_TAG_PUBKEY_ODD 0x03
196 #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
197 #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
198 #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
199 
206 
219  unsigned int flags
221 
232  const secp256k1_context* ctx
234 
250 );
251 
291  void (*fun)(const char* message, void* data),
292  const void* data
294 
316  void (*fun)(const char* message, void* data),
317  const void* data
319 
328  const secp256k1_context* ctx,
329  size_t size
331 
339  const secp256k1_context* ctx,
340  secp256k1_scratch_space* scratch
342 
358  const secp256k1_context* ctx,
359  secp256k1_pubkey* pubkey,
360  const unsigned char *input,
361  size_t inputlen
363 
380  const secp256k1_context* ctx,
381  unsigned char *output,
382  size_t *outputlen,
383  const secp256k1_pubkey* pubkey,
384  unsigned int flags
386 
397  const secp256k1_context* ctx,
398  const secp256k1_pubkey* pubkey1,
399  const secp256k1_pubkey* pubkey2
401 
418  const secp256k1_context* ctx,
420  const unsigned char *input64
422 
439  const secp256k1_context* ctx,
441  const unsigned char *input,
442  size_t inputlen
444 
457  const secp256k1_context* ctx,
458  unsigned char *output,
459  size_t *outputlen,
460  const secp256k1_ecdsa_signature* sig
462 
473  const secp256k1_context* ctx,
474  unsigned char *output64,
475  const secp256k1_ecdsa_signature* sig
477 
504  const secp256k1_context* ctx,
505  const secp256k1_ecdsa_signature *sig,
506  const unsigned char *msghash32,
507  const secp256k1_pubkey *pubkey
509 
553  const secp256k1_context* ctx,
555  const secp256k1_ecdsa_signature *sigin
557 
563 
566 
582  const secp256k1_context* ctx,
584  const unsigned char *msghash32,
585  const unsigned char *seckey,
586  secp256k1_nonce_function noncefp,
587  const void *ndata
589 
603  const secp256k1_context* ctx,
604  const unsigned char *seckey
606 
616  const secp256k1_context* ctx,
617  secp256k1_pubkey *pubkey,
618  const unsigned char *seckey
620 
633  const secp256k1_context* ctx,
634  unsigned char *seckey
636 
640  const secp256k1_context* ctx,
641  unsigned char *seckey
643 
651  const secp256k1_context* ctx,
652  secp256k1_pubkey *pubkey
654 
671  const secp256k1_context* ctx,
672  unsigned char *seckey,
673  const unsigned char *tweak32
675 
679  const secp256k1_context* ctx,
680  unsigned char *seckey,
681  const unsigned char *tweak32
683 
699  const secp256k1_context* ctx,
700  secp256k1_pubkey *pubkey,
701  const unsigned char *tweak32
703 
718  const secp256k1_context* ctx,
719  unsigned char *seckey,
720  const unsigned char *tweak32
722 
726  const secp256k1_context* ctx,
727  unsigned char *seckey,
728  const unsigned char *tweak32
730 
744  const secp256k1_context* ctx,
745  secp256k1_pubkey *pubkey,
746  const unsigned char *tweak32
748 
776  const unsigned char *seed32
778 
790  const secp256k1_context* ctx,
791  secp256k1_pubkey *out,
792  const secp256k1_pubkey * const * ins,
793  size_t n
795 
813  const secp256k1_context* ctx,
814  unsigned char *hash32,
815  const unsigned char *tag,
816  size_t taglen,
817  const unsigned char *msg,
818  size_t msglen
820 
821 #ifdef __cplusplus
822 }
823 #endif
824 
825 #endif /* SECP256K1_H */
secp256k1_context_set_error_callback
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:218
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83
secp256k1_ecdsa_signature_parse_der
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:375
secp256k1_context_clone
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:183
secp256k1_scratch_space_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
Definition: secp256k1.c:227
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:412
secp256k1_ecdsa_signature_normalize
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:437
secp256k1_ec_pubkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:641
secp256k1_scratch_space_struct::data
void * data
actual allocated data
Definition: scratch.h:20
flags
int flags
Definition: bitcoin-tx.cpp:525
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:424
secp256k1_context_struct
Definition: secp256k1.c:75
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:622
secp256k1_scratch_space_struct
Definition: scratch.h:12
secp256k1_context_set_illegal_callback
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:209
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:202
secp256k1_scratch_space_destroy
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
Definition: secp256k1.c:232
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:158
secp256k1_ecdsa_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:456
SECP256K1_API
#define SECP256K1_API
Definition: secp256k1.h:154
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:302
secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:284
secp256k1_ec_pubkey_cmp
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
Definition: secp256k1.c:325
secp256k1_ec_privkey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
Definition: secp256k1.c:733
SECP256K1_WARN_UNUSED_RESULT
#define SECP256K1_WARN_UNUSED_RESULT
Warning attributes NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out...
Definition: secp256k1.h:164
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:567
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:581
secp256k1_ec_privkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:637
secp256k1_ec_pubkey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:737
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:668
SECP256K1_ARG_NONNULL
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:169
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:604
secp256k1_ec_privkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:684
secp256k1_context_no_precomp
const SECP256K1_API secp256k1_context * secp256k1_context_no_precomp
A simple secp256k1 context object with no precomputed tables.
Definition: secp256k1.c:90
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:713
secp256k1_ecdsa_signature_parse_compact
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:391
secp256k1_ec_pubkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:695
secp256k1_ec_pubkey_combine
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:769
secp256k1_tagged_sha256
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
Definition: secp256k1.c:793
secp256k1_nonce_function_default
const SECP256K1_API secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.c:509
secp256k1_nonce_function_rfc6979
const SECP256K1_API secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:508
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
secp256k1_nonce_function
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:103
ctx
static secp256k1_context * ctx
Definition: tests.c:42
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:761