Bitcoin Core 29.99.0
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1#ifndef SECP256K1_H
2#define SECP256K1_H
3
4#ifdef __cplusplus
5extern "C" {
6#endif
7
8#include <stddef.h>
9
51
61typedef struct secp256k1_pubkey {
62 unsigned char data[64];
64
75 unsigned char data[64];
77
95 unsigned char *nonce32,
96 const unsigned char *msg32,
97 const unsigned char *key32,
98 const unsigned char *algo16,
99 void *data,
100 unsigned int attempt
101);
102
103# if !defined(SECP256K1_GNUC_PREREQ)
104# if defined(__GNUC__)&&defined(__GNUC_MINOR__)
105# define SECP256K1_GNUC_PREREQ(_maj,_min) \
106 ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
107# else
108# define SECP256K1_GNUC_PREREQ(_maj,_min) 0
109# endif
110# endif
111
112/* When this header is used at build-time the SECP256K1_BUILD define needs to be set
113 * to correctly setup export attributes and nullness checks. This is normally done
114 * by secp256k1.c but to guard against this header being included before secp256k1.c
115 * has had a chance to set the define (e.g. via test harnesses that just includes
116 * secp256k1.c) we set SECP256K1_NO_BUILD when this header is processed without the
117 * BUILD define so this condition can be caught.
118 */
119#ifndef SECP256K1_BUILD
120# define SECP256K1_NO_BUILD
121#endif
122
123/* Symbol visibility. */
124#if !defined(SECP256K1_API) && defined(SECP256K1_NO_API_VISIBILITY_ATTRIBUTES)
125 /* The user has requested that we don't specify visibility attributes in
126 * the public API.
127 *
128 * Since all our non-API declarations use the static qualifier, this means
129 * that the user can use -fvisibility=<value> to set the visibility of the
130 * API symbols. For instance, -fvisibility=hidden can be useful *even for
131 * the API symbols*, e.g., when building a static library which is linked
132 * into a shared library, and the latter should not re-export the
133 * libsecp256k1 API.
134 *
135 * While visibility is a concept that applies only to shared libraries,
136 * setting visibility will still make a difference when building a static
137 * library: the visibility settings will be stored in the static library,
138 * solely for the potential case that the static library will be linked into
139 * a shared library. In that case, the stored visibility settings will
140 * resurface and be honored for the shared library. */
141# define SECP256K1_API extern
142#endif
143#if !defined(SECP256K1_API)
144# if defined(SECP256K1_BUILD)
145 /* On Windows, assume a shared library only if explicitly requested.
146 * 1. If using Libtool, it defines DLL_EXPORT automatically.
147 * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */
148# if defined(_WIN32) && (defined(SECP256K1_DLL_EXPORT) || defined(DLL_EXPORT))
149 /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax for
150 * MSVC compatibility. A __declspec declaration implies (but is not
151 * exactly equivalent to) __attribute__ ((visibility("default"))),
152 * and so we actually want __declspec even on GCC, see "Microsoft
153 * Windows Function Attributes" in the GCC manual and the
154 * recommendations in https://gcc.gnu.org/wiki/Visibility . */
155# define SECP256K1_API extern __declspec(dllexport)
156 /* Avoid __attribute__ ((visibility("default"))) on Windows to get rid
157 * of warnings when compiling with -flto due to a bug in GCC, see
158 * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */
159# elif !defined(_WIN32) && defined (__GNUC__) && (__GNUC__ >= 4)
160# define SECP256K1_API extern __attribute__ ((visibility("default")))
161# else
162# define SECP256K1_API extern
163# endif
164# else
165 /* On Windows, SECP256K1_STATIC must be defined when consuming
166 * libsecp256k1 as a static library. Note that SECP256K1_STATIC is a
167 * "consumer-only" macro, and it has no meaning when building
168 * libsecp256k1. */
169# if defined(_WIN32) && !defined(SECP256K1_STATIC)
170# define SECP256K1_API extern __declspec(dllimport)
171# else
172# define SECP256K1_API extern
173# endif
174# endif
175#endif
176
177/* Warning attributes
178 * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out
179 * some paranoid null checks. */
180# if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
181# define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
182# else
183# define SECP256K1_WARN_UNUSED_RESULT
184# endif
185# if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
186# define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
187# else
188# define SECP256K1_ARG_NONNULL(_x)
189# endif
190
191/* Attribute for marking functions, types, and variables as deprecated */
192#if !defined(SECP256K1_BUILD) && defined(__has_attribute)
193# if __has_attribute(__deprecated__)
194# define SECP256K1_DEPRECATED(_msg) __attribute__ ((__deprecated__(_msg)))
195# else
196# define SECP256K1_DEPRECATED(_msg)
197# endif
198#else
199# define SECP256K1_DEPRECATED(_msg)
200#endif
201
202/* All flags' lower 8 bits indicate what they're for. Do not use directly. */
203#define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
204#define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
205#define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
206/* The higher bits contain the actual data. Do not use directly. */
207#define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
208#define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
209#define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
210#define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
211
214#define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
215
217#define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
218#define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
219
220/* Testing flag. Do not use. */
221#define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
222
224#define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
225#define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
226
228#define SECP256K1_TAG_PUBKEY_EVEN 0x02
229#define SECP256K1_TAG_PUBKEY_ODD 0x03
230#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
231#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
232#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
233
246
249SECP256K1_DEPRECATED("Use secp256k1_context_static instead");
250
268
269
296 unsigned int flags
298
312 const secp256k1_context *ctx
314
332
372 void (*fun)(const char *message, void *data),
373 const void *data
375
400 void (*fun)(const char *message, void *data),
401 const void *data
403
419 const secp256k1_context *ctx,
420 secp256k1_pubkey *pubkey,
421 const unsigned char *input,
422 size_t inputlen
424
441 const secp256k1_context *ctx,
442 unsigned char *output,
443 size_t *outputlen,
444 const secp256k1_pubkey *pubkey,
445 unsigned int flags
447
458 const secp256k1_context *ctx,
459 const secp256k1_pubkey *pubkey1,
460 const secp256k1_pubkey *pubkey2
462
472 const secp256k1_context *ctx,
473 const secp256k1_pubkey **pubkeys,
474 size_t n_pubkeys
476
493 const secp256k1_context *ctx,
495 const unsigned char *input64
497
514 const secp256k1_context *ctx,
516 const unsigned char *input,
517 size_t inputlen
519
532 const secp256k1_context *ctx,
533 unsigned char *output,
534 size_t *outputlen,
537
548 const secp256k1_context *ctx,
549 unsigned char *output64,
552
579 const secp256k1_context *ctx,
580 const secp256k1_ecdsa_signature *sig,
581 const unsigned char *msghash32,
582 const secp256k1_pubkey *pubkey
584
627 const secp256k1_context *ctx,
629 const secp256k1_ecdsa_signature *sigin
631
637
640
660 const secp256k1_context *ctx,
662 const unsigned char *msghash32,
663 const unsigned char *seckey,
665 const void *ndata
667
683 const secp256k1_context *ctx,
684 const unsigned char *seckey
686
696 const secp256k1_context *ctx,
697 secp256k1_pubkey *pubkey,
698 const unsigned char *seckey
700
712 const secp256k1_context *ctx,
713 unsigned char *seckey
715
723 const secp256k1_context *ctx,
724 secp256k1_pubkey *pubkey
726
743 const secp256k1_context *ctx,
744 unsigned char *seckey,
745 const unsigned char *tweak32
747
762 const secp256k1_context *ctx,
763 secp256k1_pubkey *pubkey,
764 const unsigned char *tweak32
766
781 const secp256k1_context *ctx,
782 unsigned char *seckey,
783 const unsigned char *tweak32
785
798 const secp256k1_context *ctx,
799 secp256k1_pubkey *pubkey,
800 const unsigned char *tweak32
802
837 const unsigned char *seed32
839
850 const secp256k1_context *ctx,
852 const secp256k1_pubkey * const *ins,
853 size_t n
855
873 const secp256k1_context *ctx,
874 unsigned char *hash32,
875 const unsigned char *tag,
876 size_t taglen,
877 const unsigned char *msg,
878 size_t msglen
880
881#ifdef __cplusplus
882}
883#endif
884
885#endif /* SECP256K1_H */
int flags
Definition: bitcoin-tx.cpp:529
const secp256k1_context *const secp256k1_context_no_precomp
Definition: secp256k1.c:75
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:187
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:704
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:188
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:747
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:757
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:622
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.h:639
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:385
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:268
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:211
SECP256K1_API int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:637
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
Definition: secp256k1.c:291
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an elliptic curve secret key.
Definition: secp256k1.c:580
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:141
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:199
#define SECP256K1_API
Definition: secp256k1.h:172
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:566
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:250
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:94
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:369
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
Definition: secp256k1.c:86
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:604
struct secp256k1_pubkey secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:450
#define SECP256K1_DEPRECATED(_msg)
Definition: secp256k1.h:199
SECP256K1_API int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
Definition: secp256k1.c:783
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:245
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:431
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:163
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:687
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.h:636
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:406
struct secp256k1_ecdsa_signature secp256k1_ecdsa_signature
Opaque data structure that holds a parsed ECDSA signature.
SECP256K1_API int secp256k1_ec_pubkey_sort(const secp256k1_context *ctx, const secp256k1_pubkey **pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Sort public keys using lexicographic (of compressed serialization) order.
Definition: secp256k1.c:323
#define SECP256K1_WARN_UNUSED_RESULT
Definition: secp256k1.h:183
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:664
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:724
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:418
Opaque data structure that holds a parsed ECDSA signature.
Definition: secp256k1.h:74
unsigned char data[64]
Definition: secp256k1.h:75
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61
unsigned char data[64]
Definition: secp256k1.h:62