Switch scalar to use get/set 32-byte arrays

This commit is contained in:
Pieter Wuille 2014-10-29 00:35:09 -07:00
parent 774594e979
commit eca6cdb123
6 changed files with 41 additions and 28 deletions

View file

@ -159,7 +159,7 @@ int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
int overflow = 0; int overflow = 0;
secp256k1_scalar_t sigr; secp256k1_scalar_t sigr;
secp256k1_scalar_init(&sigr); secp256k1_scalar_init(&sigr);
secp256k1_scalar_set_bin(&sigr, b, 32, &overflow); secp256k1_scalar_set_b32(&sigr, b, &overflow);
if (recid) if (recid)
*recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0); *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
secp256k1_scalar_t n; secp256k1_scalar_t n;

View file

@ -73,7 +73,10 @@ int static secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned
if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1])
return 0; return 0;
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(key, privkey+2, privkey[1], &overflow); unsigned char c[32] = {0};
memcpy(c + 32 - privkey[1], privkey + 2, privkey[1]);
secp256k1_scalar_set_b32(key, c, &overflow);
memset(c, 0, 32);
return !overflow; return !overflow;
} }
@ -99,7 +102,7 @@ int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke
}; };
unsigned char *ptr = privkey; unsigned char *ptr = privkey;
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
secp256k1_scalar_get_bin(ptr, 32, key); ptr += 32; secp256k1_scalar_get_b32(ptr, key); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
int pubkeylen = 0; int pubkeylen = 0;
secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 1); ptr += pubkeylen; secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 1); ptr += pubkeylen;
@ -123,7 +126,7 @@ int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke
}; };
unsigned char *ptr = privkey; unsigned char *ptr = privkey;
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
secp256k1_scalar_get_bin(ptr, 32, key); ptr += 32; secp256k1_scalar_get_b32(ptr, key); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
int pubkeylen = 0; int pubkeylen = 0;
secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 0); ptr += pubkeylen; secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 0); ptr += pubkeylen;

View file

@ -25,10 +25,10 @@ void static secp256k1_scalar_free(secp256k1_scalar_t *r);
int static secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count); int static secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, int count);
/** Set a scalar from a big endian byte array. */ /** Set a scalar from a big endian byte array. */
void static secp256k1_scalar_set_bin(secp256k1_scalar_t *r, const unsigned char *bin, int len, int *overflow); void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
/** Convert a scalar to a byte array. */ /** Convert a scalar to a byte array. */
void static secp256k1_scalar_get_bin(unsigned char *bin, int len, const secp256k1_scalar_t* a); void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
/** Add two scalars together (modulo the group order). */ /** Add two scalars together (modulo the group order). */
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b); void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);

View file

@ -27,16 +27,16 @@ int static secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, int offset, in
return secp256k1_num_get_bits(&a->n, offset, count); return secp256k1_num_get_bits(&a->n, offset, count);
} }
void static secp256k1_scalar_set_bin(secp256k1_scalar_t *r, const unsigned char *bin, int len, int *overflow) { void static secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow) {
secp256k1_num_set_bin(&r->n, bin, len); secp256k1_num_set_bin(&r->n, bin, 32);
if (overflow) { if (overflow) {
*overflow = secp256k1_num_cmp(&r->n, &secp256k1_ge_consts->order) >= 0; *overflow = secp256k1_num_cmp(&r->n, &secp256k1_ge_consts->order) >= 0;
} }
secp256k1_num_mod(&r->n, &secp256k1_ge_consts->order); secp256k1_num_mod(&r->n, &secp256k1_ge_consts->order);
} }
void static secp256k1_scalar_get_bin(unsigned char *bin, int len, const secp256k1_scalar_t* a) { void static secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
secp256k1_num_get_bin(bin, len, &a->n); secp256k1_num_get_bin(bin, 32, &a->n);
} }
void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) { void static secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {

View file

@ -80,10 +80,15 @@ int secp256k1_ecdsa_sign(const unsigned char *message, int messagelen, unsigned
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
secp256k1_scalar_init(&non); secp256k1_scalar_init(&non);
secp256k1_scalar_init(&msg); secp256k1_scalar_init(&msg);
secp256k1_scalar_set_bin(&sec, seckey, 32, NULL); secp256k1_scalar_set_b32(&sec, seckey, NULL);
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(&non, nonce, 32, &overflow); secp256k1_scalar_set_b32(&non, nonce, &overflow);
secp256k1_scalar_set_bin(&msg, message, messagelen, NULL); {
unsigned char c[32] = {0};
memcpy(c + 32 - messagelen, message, messagelen);
secp256k1_scalar_set_b32(&msg, c, NULL);
memset(c, 0, 32);
}
int ret = !secp256k1_scalar_is_zero(&non) && !overflow; int ret = !secp256k1_scalar_is_zero(&non) && !overflow;
secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig); secp256k1_ecdsa_sig_init(&sig);
@ -115,10 +120,15 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *message, int messagelen, u
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
secp256k1_scalar_init(&non); secp256k1_scalar_init(&non);
secp256k1_scalar_init(&msg); secp256k1_scalar_init(&msg);
secp256k1_scalar_set_bin(&sec, seckey, 32, NULL); secp256k1_scalar_set_b32(&sec, seckey, NULL);
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(&non, nonce, 32, &overflow); secp256k1_scalar_set_b32(&non, nonce, &overflow);
secp256k1_scalar_set_bin(&msg, message, messagelen, NULL); {
unsigned char c[32] = {0};
memcpy(c + 32 - messagelen, message, messagelen);
secp256k1_scalar_set_b32(&msg, c, NULL);
memset(c, 0, 32);
}
int ret = !secp256k1_scalar_is_zero(&non) && !overflow; int ret = !secp256k1_scalar_is_zero(&non) && !overflow;
secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig); secp256k1_ecdsa_sig_init(&sig);
@ -173,7 +183,7 @@ int secp256k1_ec_seckey_verify(const unsigned char *seckey) {
secp256k1_scalar_t sec; secp256k1_scalar_t sec;
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
int overflow; int overflow;
secp256k1_scalar_set_bin(&sec, seckey, 32, &overflow); secp256k1_scalar_set_b32(&sec, seckey, &overflow);
int ret = !secp256k1_scalar_is_zero(&sec) && !overflow; int ret = !secp256k1_scalar_is_zero(&sec) && !overflow;
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
secp256k1_scalar_free(&sec); secp256k1_scalar_free(&sec);
@ -195,7 +205,7 @@ int secp256k1_ec_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsi
secp256k1_scalar_t sec; secp256k1_scalar_t sec;
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
secp256k1_scalar_set_bin(&sec, seckey, 32, NULL); secp256k1_scalar_set_b32(&sec, seckey, NULL);
secp256k1_gej_t pj; secp256k1_gej_t pj;
secp256k1_ecmult_gen(&pj, &sec); secp256k1_ecmult_gen(&pj, &sec);
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
@ -224,14 +234,14 @@ int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *t
secp256k1_scalar_t term; secp256k1_scalar_t term;
secp256k1_scalar_init(&term); secp256k1_scalar_init(&term);
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(&term, tweak, 32, &overflow); secp256k1_scalar_set_b32(&term, tweak, &overflow);
secp256k1_scalar_t sec; secp256k1_scalar_t sec;
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
secp256k1_scalar_set_bin(&sec, seckey, 32, NULL); secp256k1_scalar_set_b32(&sec, seckey, NULL);
int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow; int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow;
if (ret) { if (ret) {
secp256k1_scalar_get_bin(seckey, 32, &sec); secp256k1_scalar_get_b32(seckey, &sec);
} }
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
@ -271,13 +281,13 @@ int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *t
secp256k1_scalar_t factor; secp256k1_scalar_t factor;
secp256k1_scalar_init(&factor); secp256k1_scalar_init(&factor);
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(&factor, tweak, 32, &overflow); secp256k1_scalar_set_b32(&factor, tweak, &overflow);
secp256k1_scalar_t sec; secp256k1_scalar_t sec;
secp256k1_scalar_init(&sec); secp256k1_scalar_init(&sec);
secp256k1_scalar_set_bin(&sec, seckey, 32, NULL); secp256k1_scalar_set_b32(&sec, seckey, NULL);
int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow; int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow;
if (ret) { if (ret) {
secp256k1_scalar_get_bin(seckey, 32, &sec); secp256k1_scalar_get_b32(seckey, &sec);
} }
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
@ -317,7 +327,7 @@ int secp256k1_ec_privkey_export(const unsigned char *seckey, unsigned char *priv
secp256k1_scalar_t key; secp256k1_scalar_t key;
secp256k1_scalar_init(&key); secp256k1_scalar_init(&key);
secp256k1_scalar_set_bin(&key, seckey, 32, NULL); secp256k1_scalar_set_b32(&key, seckey, NULL);
int ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed); int ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed);
secp256k1_scalar_clear(&key); secp256k1_scalar_clear(&key);
secp256k1_scalar_free(&key); secp256k1_scalar_free(&key);
@ -332,7 +342,7 @@ int secp256k1_ec_privkey_import(unsigned char *seckey, const unsigned char *priv
secp256k1_scalar_init(&key); secp256k1_scalar_init(&key);
int ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen); int ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
if (ret) if (ret)
secp256k1_scalar_get_bin(seckey, 32, &key); secp256k1_scalar_get_b32(seckey, &key);
secp256k1_scalar_clear(&key); secp256k1_scalar_clear(&key);
secp256k1_scalar_free(&key); secp256k1_scalar_free(&key);
return ret; return ret;

View file

@ -46,7 +46,7 @@ void random_scalar_order_test(secp256k1_scalar_t *num) {
unsigned char b32[32]; unsigned char b32[32];
secp256k1_rand256_test(b32); secp256k1_rand256_test(b32);
int overflow = 0; int overflow = 0;
secp256k1_scalar_set_bin(num, b32, 32, &overflow); secp256k1_scalar_set_b32(num, b32, &overflow);
if (overflow || secp256k1_scalar_is_zero(num)) if (overflow || secp256k1_scalar_is_zero(num))
continue; continue;
break; break;
@ -677,7 +677,7 @@ void test_ecdsa_openssl() {
secp256k1_scalar_init(&msg); secp256k1_scalar_init(&msg);
unsigned char message[32]; unsigned char message[32];
secp256k1_rand256_test(message); secp256k1_rand256_test(message);
secp256k1_scalar_set_bin(&msg, message, 32, NULL); secp256k1_scalar_set_b32(&msg, message, NULL);
secp256k1_scalar_init(&key); secp256k1_scalar_init(&key);
random_scalar_order_test(&key); random_scalar_order_test(&key);
secp256k1_gej_t qj; secp256k1_gej_t qj;