Bitcoin Core  22.99.0
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1 #ifndef SECP256K1_H
2 #define SECP256K1_H
3 
4 #ifdef __cplusplus
5 extern "C" {
6 #endif
7 
8 #include <stddef.h>
9 
10 /* These rules specify the order of arguments in API calls:
11  *
12  * 1. Context pointers go first, followed by output arguments, combined
13  * output/input arguments, and finally input-only arguments.
14  * 2. Array lengths always immediately follow the argument whose length
15  * they describe, even if this violates rule 1.
16  * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
17  * later go first. This means: signatures, public nonces, secret nonces,
18  * messages, public keys, secret keys, tweaks.
19  * 4. Arguments that are not data pointers go last, from more complex to less
20  * complex: function pointers, algorithm names, messages, void pointers,
21  * counts, flags, booleans.
22  * 5. Opaque data pointers follow the function pointer they are to be passed to.
23  */
24 
45 
58 
67 typedef struct {
68  unsigned char data[64];
70 
80 typedef struct {
81  unsigned char data[64];
83 
101  unsigned char *nonce32,
102  const unsigned char *msg32,
103  const unsigned char *key32,
104  const unsigned char *algo16,
105  void *data,
106  unsigned int attempt
107 );
108 
109 # if !defined(SECP256K1_GNUC_PREREQ)
110 # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
111 # define SECP256K1_GNUC_PREREQ(_maj,_min) \
112  ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
113 # else
114 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
115 # endif
116 # endif
117 
118 # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
119 # if SECP256K1_GNUC_PREREQ(2,7)
120 # define SECP256K1_INLINE __inline__
121 # elif (defined(_MSC_VER))
122 # define SECP256K1_INLINE __inline
123 # else
124 # define SECP256K1_INLINE
125 # endif
126 # else
127 # define SECP256K1_INLINE inline
128 # endif
129 
130 #ifndef SECP256K1_API
131 # if defined(_WIN32)
132 # ifdef SECP256K1_BUILD
133 # define SECP256K1_API __declspec(dllexport)
134 # else
135 # define SECP256K1_API
136 # endif
137 # elif defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
138 # define SECP256K1_API __attribute__ ((visibility ("default")))
139 # else
140 # define SECP256K1_API
141 # endif
142 #endif
143 
147 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
148 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
149 # else
150 # define SECP256K1_WARN_UNUSED_RESULT
151 # endif
152 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
153 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
154 # else
155 # define SECP256K1_ARG_NONNULL(_x)
156 # endif
157 
159 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
160 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
161 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
162 
163 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
164 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
165 #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
166 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
167 
170 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
171 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
172 #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
173 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
174 
176 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
177 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
178 
180 #define SECP256K1_TAG_PUBKEY_EVEN 0x02
181 #define SECP256K1_TAG_PUBKEY_ODD 0x03
182 #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
183 #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
184 #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
185 
192 
205  unsigned int flags
207 
218  const secp256k1_context* ctx
220 
236 );
237 
277  void (*fun)(const char* message, void* data),
278  const void* data
280 
302  void (*fun)(const char* message, void* data),
303  const void* data
305 
314  const secp256k1_context* ctx,
315  size_t size
317 
325  const secp256k1_context* ctx,
326  secp256k1_scratch_space* scratch
328 
344  const secp256k1_context* ctx,
345  secp256k1_pubkey* pubkey,
346  const unsigned char *input,
347  size_t inputlen
349 
366  const secp256k1_context* ctx,
367  unsigned char *output,
368  size_t *outputlen,
369  const secp256k1_pubkey* pubkey,
370  unsigned int flags
372 
389  const secp256k1_context* ctx,
391  const unsigned char *input64
393 
410  const secp256k1_context* ctx,
412  const unsigned char *input,
413  size_t inputlen
415 
428  const secp256k1_context* ctx,
429  unsigned char *output,
430  size_t *outputlen,
431  const secp256k1_ecdsa_signature* sig
433 
444  const secp256k1_context* ctx,
445  unsigned char *output64,
446  const secp256k1_ecdsa_signature* sig
448 
475  const secp256k1_context* ctx,
476  const secp256k1_ecdsa_signature *sig,
477  const unsigned char *msghash32,
478  const secp256k1_pubkey *pubkey
480 
524  const secp256k1_context* ctx,
526  const secp256k1_ecdsa_signature *sigin
528 
534 
537 
553  const secp256k1_context* ctx,
555  const unsigned char *msghash32,
556  const unsigned char *seckey,
557  secp256k1_nonce_function noncefp,
558  const void *ndata
560 
574  const secp256k1_context* ctx,
575  const unsigned char *seckey
577 
587  const secp256k1_context* ctx,
588  secp256k1_pubkey *pubkey,
589  const unsigned char *seckey
591 
604  const secp256k1_context* ctx,
605  unsigned char *seckey
607 
611  const secp256k1_context* ctx,
612  unsigned char *seckey
614 
622  const secp256k1_context* ctx,
623  secp256k1_pubkey *pubkey
625 
642  const secp256k1_context* ctx,
643  unsigned char *seckey,
644  const unsigned char *tweak32
646 
650  const secp256k1_context* ctx,
651  unsigned char *seckey,
652  const unsigned char *tweak32
654 
670  const secp256k1_context* ctx,
671  secp256k1_pubkey *pubkey,
672  const unsigned char *tweak32
674 
689  const secp256k1_context* ctx,
690  unsigned char *seckey,
691  const unsigned char *tweak32
693 
697  const secp256k1_context* ctx,
698  unsigned char *seckey,
699  const unsigned char *tweak32
701 
715  const secp256k1_context* ctx,
716  secp256k1_pubkey *pubkey,
717  const unsigned char *tweak32
719 
747  const unsigned char *seed32
749 
761  const secp256k1_context* ctx,
762  secp256k1_pubkey *out,
763  const secp256k1_pubkey * const * ins,
764  size_t n
766 
767 #ifdef __cplusplus
768 }
769 #endif
770 
771 #endif /* SECP256K1_H */
secp256k1_context_set_error_callback
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:212
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
secp256k1_ecdsa_signature_parse_der
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:343
secp256k1_context_clone
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:177
secp256k1_scratch_space_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
Definition: secp256k1.c:221
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:380
secp256k1_ecdsa_signature_normalize
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:405
secp256k1_ec_pubkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:609
secp256k1_scratch_space_struct::data
void * data
actual allocated data
Definition: scratch.h:20
flags
int flags
Definition: bitcoin-tx.cpp:512
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:392
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:590
secp256k1_scratch_space_struct
Definition: scratch.h:12
secp256k1_context_set_illegal_callback
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:203
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:196
secp256k1_scratch_space_destroy
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
Definition: secp256k1.c:226
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:152
secp256k1_ecdsa_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:424
SECP256K1_API
#define SECP256K1_API
Definition: secp256k1.h:140
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:296
secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:278
secp256k1_ec_privkey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
Definition: secp256k1.c:701
SECP256K1_WARN_UNUSED_RESULT
#define SECP256K1_WARN_UNUSED_RESULT
Warning attributes NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out...
Definition: secp256k1.h:150
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:535
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:549
secp256k1_ec_privkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:605
secp256k1_ec_pubkey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:705
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:636
SECP256K1_ARG_NONNULL
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:155
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:572
secp256k1_ec_privkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:652
secp256k1_context_no_precomp
const SECP256K1_API secp256k1_context * secp256k1_context_no_precomp
A simple secp256k1 context object with no precomputed tables.
Definition: secp256k1.c:84
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:681
secp256k1_ecdsa_signature_parse_compact
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:359
secp256k1_ec_pubkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:663
secp256k1_ec_pubkey_combine
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:737
secp256k1_nonce_function_default
const SECP256K1_API secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.c:477
secp256k1_nonce_function_rfc6979
const SECP256K1_API secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:476
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
secp256k1_nonce_function
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:100
ctx
static secp256k1_context * ctx
Definition: tests.c:42
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:729