Bitcoin Core  0.19.99
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1 #ifndef SECP256K1_H
2 #define SECP256K1_H
3 
4 #ifdef __cplusplus
5 extern "C" {
6 #endif
7 
8 #include <stddef.h>
9 
10 /* These rules specify the order of arguments in API calls:
11  *
12  * 1. Context pointers go first, followed by output arguments, combined
13  * output/input arguments, and finally input-only arguments.
14  * 2. Array lengths always immediately the follow the argument whose length
15  * they describe, even if this violates rule 1.
16  * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
17  * later go first. This means: signatures, public nonces, private nonces,
18  * messages, public keys, secret keys, tweaks.
19  * 4. Arguments that are not data pointers go last, from more complex to less
20  * complex: function pointers, algorithm names, messages, void pointers,
21  * counts, flags, booleans.
22  * 5. Opaque data pointers follow the function pointer they are to be passed to.
23  */
24 
44 
57 
66 typedef struct {
67  unsigned char data[64];
69 
79 typedef struct {
80  unsigned char data[64];
82 
99 typedef int (*secp256k1_nonce_function)(
100  unsigned char *nonce32,
101  const unsigned char *msg32,
102  const unsigned char *key32,
103  const unsigned char *algo16,
104  void *data,
105  unsigned int attempt
106 );
107 
108 # if !defined(SECP256K1_GNUC_PREREQ)
109 # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
110 # define SECP256K1_GNUC_PREREQ(_maj,_min) \
111  ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
112 # else
113 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
114 # endif
115 # endif
116 
117 # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
118 # if SECP256K1_GNUC_PREREQ(2,7)
119 # define SECP256K1_INLINE __inline__
120 # elif (defined(_MSC_VER))
121 # define SECP256K1_INLINE __inline
122 # else
123 # define SECP256K1_INLINE
124 # endif
125 # else
126 # define SECP256K1_INLINE inline
127 # endif
128 
129 #ifndef SECP256K1_API
130 # if defined(_WIN32)
131 # ifdef SECP256K1_BUILD
132 # define SECP256K1_API __declspec(dllexport)
133 # else
134 # define SECP256K1_API
135 # endif
136 # elif defined(__GNUC__) && defined(SECP256K1_BUILD)
137 # define SECP256K1_API __attribute__ ((visibility ("default")))
138 # else
139 # define SECP256K1_API
140 # endif
141 #endif
142 
146 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
147 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
148 # else
149 # define SECP256K1_WARN_UNUSED_RESULT
150 # endif
151 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
152 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
153 # else
154 # define SECP256K1_ARG_NONNULL(_x)
155 # endif
156 
158 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
159 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
160 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
161 
162 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
163 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
164 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
165 
167 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
168 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
169 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
170 
172 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
173 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
174 
176 #define SECP256K1_TAG_PUBKEY_EVEN 0x02
177 #define SECP256K1_TAG_PUBKEY_ODD 0x03
178 #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
179 #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
180 #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
181 
188 
197  unsigned int flags
199 
206  const secp256k1_context* ctx
207 ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT;
208 
216 );
217 
239  secp256k1_context* ctx,
240  void (*fun)(const char* message, void* data),
241  const void* data
243 
261  secp256k1_context* ctx,
262  void (*fun)(const char* message, void* data),
263  const void* data
264 ) SECP256K1_ARG_NONNULL(1);
265 
273  const secp256k1_context* ctx,
274  size_t max_size
275 ) SECP256K1_ARG_NONNULL(1);
276 
283  secp256k1_scratch_space* scratch
284 );
285 
300 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(
301  const secp256k1_context* ctx,
302  secp256k1_pubkey* pubkey,
303  const unsigned char *input,
304  size_t inputlen
305 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
306 
323  const secp256k1_context* ctx,
324  unsigned char *output,
325  size_t *outputlen,
326  const secp256k1_pubkey* pubkey,
327  unsigned int flags
328 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
329 
346  const secp256k1_context* ctx,
348  const unsigned char *input64
349 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
350 
367  const secp256k1_context* ctx,
369  const unsigned char *input,
370  size_t inputlen
371 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
372 
385  const secp256k1_context* ctx,
386  unsigned char *output,
387  size_t *outputlen,
388  const secp256k1_ecdsa_signature* sig
389 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
390 
401  const secp256k1_context* ctx,
402  unsigned char *output64,
403  const secp256k1_ecdsa_signature* sig
404 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
405 
424 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(
425  const secp256k1_context* ctx,
426  const secp256k1_ecdsa_signature *sig,
427  const unsigned char *msg32,
428  const secp256k1_pubkey *pubkey
429 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
430 
474  const secp256k1_context* ctx,
476  const secp256k1_ecdsa_signature *sigin
477 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3);
478 
484 
487 
503  const secp256k1_context* ctx,
505  const unsigned char *msg32,
506  const unsigned char *seckey,
507  secp256k1_nonce_function noncefp,
508  const void *ndata
509 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
510 
518 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(
519  const secp256k1_context* ctx,
520  const unsigned char *seckey
521 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
522 
531 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(
532  const secp256k1_context* ctx,
533  secp256k1_pubkey *pubkey,
534  const unsigned char *seckey
535 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
536 
543 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(
544  const secp256k1_context* ctx,
545  unsigned char *seckey
546 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
547 
554 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(
555  const secp256k1_context* ctx,
556  secp256k1_pubkey *pubkey
557 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
558 
568 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
569  const secp256k1_context* ctx,
570  unsigned char *seckey,
571  const unsigned char *tweak
572 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
573 
584 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
585  const secp256k1_context* ctx,
586  secp256k1_pubkey *pubkey,
587  const unsigned char *tweak
588 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
589 
597 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
598  const secp256k1_context* ctx,
599  unsigned char *seckey,
600  const unsigned char *tweak
601 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
602 
611 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
612  const secp256k1_context* ctx,
613  secp256k1_pubkey *pubkey,
614  const unsigned char *tweak
615 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
616 
641 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(
642  secp256k1_context* ctx,
643  const unsigned char *seed32
644 ) SECP256K1_ARG_NONNULL(1);
645 
655 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(
656  const secp256k1_context* ctx,
657  secp256k1_pubkey *out,
658  const secp256k1_pubkey * const * ins,
659  size_t n
660 ) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
661 
662 #ifdef __cplusplus
663 }
664 #endif
665 
666 #endif /* SECP256K1_H */
void * data[SECP256K1_SCRATCH_MAX_FRAMES]
Definition: scratch.h:15
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:501
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a private key by multiplying it by a tweak.
Definition: secp256k1.c:525
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call...
Definition: secp256k1.c:111
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:282
#define SECP256K1_WARN_UNUSED_RESULT
Warning attributes NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out...
Definition: secp256k1.h:149
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:295
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.c:367
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:571
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:186
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a private key by adding tweak to it.
Definition: secp256k1.c:478
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a private key in place.
Definition: secp256k1.c:451
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:366
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object.
Definition: secp256k1.c:101
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:428
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:415
static secp256k1_context * ctx
Definition: tests.c:46
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:369
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:547
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:171
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:79
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:120
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:233
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:154
int flags
Definition: bitcoin-tx.cpp:508
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copies a secp256k1 context object.
Definition: secp256k1.c:92
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:270
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:463
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:99
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:249
SECP256K1_API const secp256k1_context * secp256k1_context_no_precomp
A simple secp256k1 context object with no precomputed tables.
Definition: secp256k1.c:65
#define SECP256K1_API
Definition: secp256k1.h:139
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:579
SECP256K1_API void secp256k1_scratch_space_destroy(secp256k1_scratch_space *scratch)
Destroy a secp256k1 scratch space.
Definition: secp256k1.c:134
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t max_size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
Definition: secp256k1.c:129
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object.
Definition: secp256k1.c:67
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:66
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:314