mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 10:43:19 -03:00
Merge pull request #201
f735446
Convert the rest of the codebase to C89. (Gregory Maxwell)
This commit is contained in:
commit
f0d851ee6a
15 changed files with 279 additions and 196 deletions
10
configure.ac
10
configure.ac
|
@ -5,7 +5,7 @@ AC_CONFIG_MACRO_DIR([build-aux/m4])
|
||||||
AC_CANONICAL_HOST
|
AC_CANONICAL_HOST
|
||||||
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
|
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
|
||||||
AH_TOP([#define LIBSECP256K1_CONFIG_H])
|
AH_TOP([#define LIBSECP256K1_CONFIG_H])
|
||||||
AH_BOTTOM([#endif //LIBSECP256K1_CONFIG_H])
|
AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/])
|
||||||
AM_INIT_AUTOMAKE([foreign subdir-objects])
|
AM_INIT_AUTOMAKE([foreign subdir-objects])
|
||||||
LT_INIT
|
LT_INIT
|
||||||
|
|
||||||
|
@ -22,9 +22,9 @@ if test "x$CFLAGS" = "x"; then
|
||||||
CFLAGS="-O3 -g"
|
CFLAGS="-O3 -g"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AC_PROG_CC_C99
|
AC_PROG_CC_C89
|
||||||
if test x"$ac_cv_prog_cc_c99" = x"no"; then
|
if test x"$ac_cv_prog_cc_c89" = x"no"; then
|
||||||
AC_MSG_ERROR([c99 compiler support required])
|
AC_MSG_ERROR([c89 compiler support required])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $host in
|
case $host in
|
||||||
|
@ -70,7 +70,7 @@ esac
|
||||||
|
|
||||||
CFLAGS="$CFLAGS -W"
|
CFLAGS="$CFLAGS -W"
|
||||||
|
|
||||||
warn_CFLAGS="-Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function"
|
warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long"
|
||||||
saved_CFLAGS="$CFLAGS"
|
saved_CFLAGS="$CFLAGS"
|
||||||
CFLAGS="$CFLAGS $warn_CFLAGS"
|
CFLAGS="$CFLAGS $warn_CFLAGS"
|
||||||
AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}])
|
AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}])
|
||||||
|
|
|
@ -18,14 +18,16 @@ static double gettimedouble(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_benchmark(void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) {
|
void run_benchmark(void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) {
|
||||||
|
int i;
|
||||||
double min = HUGE_VAL;
|
double min = HUGE_VAL;
|
||||||
double sum = 0.0;
|
double sum = 0.0;
|
||||||
double max = 0.0;
|
double max = 0.0;
|
||||||
for (int i = 0; i < count; i++) {
|
for (i = 0; i < count; i++) {
|
||||||
|
double begin, total;
|
||||||
if (setup) setup(data);
|
if (setup) setup(data);
|
||||||
double begin = gettimedouble();
|
begin = gettimedouble();
|
||||||
benchmark(data);
|
benchmark(data);
|
||||||
double total = gettimedouble() - begin;
|
total = gettimedouble() - begin;
|
||||||
if (teardown) teardown(data);
|
if (teardown) teardown(data);
|
||||||
if (total < min) min = total;
|
if (total < min) min = total;
|
||||||
if (total > max) max = total;
|
if (total > max) max = total;
|
||||||
|
|
|
@ -33,9 +33,10 @@ void bench_inv_setup(void* arg) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void bench_inv(void* arg) {
|
void bench_inv(void* arg) {
|
||||||
|
int i;
|
||||||
bench_inv_t *data = (bench_inv_t*)arg;
|
bench_inv_t *data = (bench_inv_t*)arg;
|
||||||
|
|
||||||
for (int i=0; i<20000; i++) {
|
for (i = 0; i < 20000; i++) {
|
||||||
secp256k1_scalar_inverse(&data->x, &data->x);
|
secp256k1_scalar_inverse(&data->x, &data->x);
|
||||||
secp256k1_scalar_add(&data->x, &data->x, &data->base);
|
secp256k1_scalar_add(&data->x, &data->x, &data->base);
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,13 +14,15 @@ typedef struct {
|
||||||
} bench_recover_t;
|
} bench_recover_t;
|
||||||
|
|
||||||
void bench_recover(void* arg) {
|
void bench_recover(void* arg) {
|
||||||
|
int i;
|
||||||
bench_recover_t *data = (bench_recover_t*)arg;
|
bench_recover_t *data = (bench_recover_t*)arg;
|
||||||
|
|
||||||
unsigned char pubkey[33];
|
unsigned char pubkey[33];
|
||||||
for (int i=0; i<20000; i++) {
|
|
||||||
|
for (i = 0; i < 20000; i++) {
|
||||||
|
int j;
|
||||||
int pubkeylen = 33;
|
int pubkeylen = 33;
|
||||||
CHECK(secp256k1_ecdsa_recover_compact(data->msg, data->sig, pubkey, &pubkeylen, 1, i % 2));
|
CHECK(secp256k1_ecdsa_recover_compact(data->msg, data->sig, pubkey, &pubkeylen, 1, i % 2));
|
||||||
for (int j = 0; j < 32; j++) {
|
for (j = 0; j < 32; j++) {
|
||||||
data->sig[j + 32] = data->msg[j]; /* Move former message to S. */
|
data->sig[j + 32] = data->msg[j]; /* Move former message to S. */
|
||||||
data->msg[j] = data->sig[j]; /* Move former R to message. */
|
data->msg[j] = data->sig[j]; /* Move former R to message. */
|
||||||
data->sig[j] = pubkey[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */
|
data->sig[j] = pubkey[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */
|
||||||
|
@ -29,16 +31,17 @@ void bench_recover(void* arg) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void bench_recover_setup(void* arg) {
|
void bench_recover_setup(void* arg) {
|
||||||
|
int i;
|
||||||
bench_recover_t *data = (bench_recover_t*)arg;
|
bench_recover_t *data = (bench_recover_t*)arg;
|
||||||
|
|
||||||
for (int i = 0; i < 32; i++) data->msg[i] = 1 + i;
|
for (i = 0; i < 32; i++) data->msg[i] = 1 + i;
|
||||||
for (int i = 0; i < 64; i++) data->sig[i] = 65 + i;
|
for (i = 0; i < 64; i++) data->sig[i] = 65 + i;
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(void) {
|
int main(void) {
|
||||||
|
bench_recover_t data;
|
||||||
secp256k1_start(SECP256K1_START_VERIFY);
|
secp256k1_start(SECP256K1_START_VERIFY);
|
||||||
|
|
||||||
bench_recover_t data;
|
|
||||||
run_benchmark(bench_recover, bench_recover_setup, NULL, &data, 10, 20000);
|
run_benchmark(bench_recover, bench_recover_setup, NULL, &data, 10, 20000);
|
||||||
|
|
||||||
secp256k1_stop();
|
secp256k1_stop();
|
||||||
|
|
|
@ -14,20 +14,23 @@ typedef struct {
|
||||||
} bench_sign_t;
|
} bench_sign_t;
|
||||||
|
|
||||||
static void bench_sign_setup(void* arg) {
|
static void bench_sign_setup(void* arg) {
|
||||||
|
int i;
|
||||||
bench_sign_t *data = (bench_sign_t*)arg;
|
bench_sign_t *data = (bench_sign_t*)arg;
|
||||||
|
|
||||||
for (int i = 0; i < 32; i++) data->msg[i] = i + 1;
|
for (i = 0; i < 32; i++) data->msg[i] = i + 1;
|
||||||
for (int i = 0; i < 32; i++) data->key[i] = i + 65;
|
for (i = 0; i < 32; i++) data->key[i] = i + 65;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void bench_sign(void* arg) {
|
static void bench_sign(void* arg) {
|
||||||
|
int i;
|
||||||
bench_sign_t *data = (bench_sign_t*)arg;
|
bench_sign_t *data = (bench_sign_t*)arg;
|
||||||
|
|
||||||
unsigned char sig[64];
|
unsigned char sig[64];
|
||||||
for (int i=0; i<20000; i++) {
|
for (i = 0; i < 20000; i++) {
|
||||||
|
int j;
|
||||||
int recid = 0;
|
int recid = 0;
|
||||||
CHECK(secp256k1_ecdsa_sign_compact(data->msg, sig, data->key, NULL, NULL, &recid));
|
CHECK(secp256k1_ecdsa_sign_compact(data->msg, sig, data->key, NULL, NULL, &recid));
|
||||||
for (int j = 0; j < 32; j++) {
|
for (j = 0; j < 32; j++) {
|
||||||
data->msg[j] = sig[j]; /* Move former R to message. */
|
data->msg[j] = sig[j]; /* Move former R to message. */
|
||||||
data->key[j] = sig[j + 32]; /* Move former S to key. */
|
data->key[j] = sig[j + 32]; /* Move former S to key. */
|
||||||
}
|
}
|
||||||
|
@ -35,9 +38,9 @@ static void bench_sign(void* arg) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(void) {
|
int main(void) {
|
||||||
|
bench_sign_t data;
|
||||||
secp256k1_start(SECP256K1_START_SIGN);
|
secp256k1_start(SECP256K1_START_SIGN);
|
||||||
|
|
||||||
bench_sign_t data;
|
|
||||||
run_benchmark(bench_sign, bench_sign_setup, NULL, &data, 10, 20000);
|
run_benchmark(bench_sign, bench_sign_setup, NULL, &data, 10, 20000);
|
||||||
|
|
||||||
secp256k1_stop();
|
secp256k1_stop();
|
||||||
|
|
|
@ -21,9 +21,10 @@ typedef struct {
|
||||||
} benchmark_verify_t;
|
} benchmark_verify_t;
|
||||||
|
|
||||||
static void benchmark_verify(void* arg) {
|
static void benchmark_verify(void* arg) {
|
||||||
|
int i;
|
||||||
benchmark_verify_t* data = (benchmark_verify_t*)arg;
|
benchmark_verify_t* data = (benchmark_verify_t*)arg;
|
||||||
|
|
||||||
for (int i=0; i<20000; i++) {
|
for (i = 0; i < 20000; i++) {
|
||||||
data->sig[data->siglen - 1] ^= (i & 0xFF);
|
data->sig[data->siglen - 1] ^= (i & 0xFF);
|
||||||
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
|
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
|
||||||
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
|
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
|
||||||
|
@ -35,12 +36,13 @@ static void benchmark_verify(void* arg) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(void) {
|
int main(void) {
|
||||||
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
|
int i;
|
||||||
|
|
||||||
benchmark_verify_t data;
|
benchmark_verify_t data;
|
||||||
|
|
||||||
for (int i = 0; i < 32; i++) data.msg[i] = 1 + i;
|
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
|
||||||
for (int i = 0; i < 32; i++) data.key[i] = 33 + i;
|
|
||||||
|
for (i = 0; i < 32; i++) data.msg[i] = 1 + i;
|
||||||
|
for (i = 0; i < 32; i++) data.key[i] = 33 + i;
|
||||||
data.siglen = 72;
|
data.siglen = 72;
|
||||||
secp256k1_ecdsa_sign(data.msg, data.sig, &data.siglen, data.key, NULL, NULL);
|
secp256k1_ecdsa_sign(data.msg, data.sig, &data.siglen, data.key, NULL, NULL);
|
||||||
data.pubkeylen = 33;
|
data.pubkeylen = 33;
|
||||||
|
|
|
@ -30,22 +30,26 @@ typedef struct {
|
||||||
static const secp256k1_ecmult_gen_consts_t *secp256k1_ecmult_gen_consts = NULL;
|
static const secp256k1_ecmult_gen_consts_t *secp256k1_ecmult_gen_consts = NULL;
|
||||||
|
|
||||||
static void secp256k1_ecmult_gen_start(void) {
|
static void secp256k1_ecmult_gen_start(void) {
|
||||||
|
secp256k1_ge_t prec[1024];
|
||||||
|
secp256k1_gej_t gj;
|
||||||
|
secp256k1_gej_t nums_gej;
|
||||||
|
secp256k1_ecmult_gen_consts_t *ret;
|
||||||
|
int i, j;
|
||||||
if (secp256k1_ecmult_gen_consts != NULL)
|
if (secp256k1_ecmult_gen_consts != NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* Allocate the precomputation table. */
|
/* Allocate the precomputation table. */
|
||||||
secp256k1_ecmult_gen_consts_t *ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
|
ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
|
||||||
|
|
||||||
/* get the generator */
|
/* get the generator */
|
||||||
secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
|
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
|
||||||
|
|
||||||
/* Construct a group element with no known corresponding scalar (nothing up my sleeve). */
|
/* Construct a group element with no known corresponding scalar (nothing up my sleeve). */
|
||||||
secp256k1_gej_t nums_gej;
|
|
||||||
{
|
{
|
||||||
static const unsigned char nums_b32[32] = "The scalar for this x is unknown";
|
static const unsigned char nums_b32[32] = "The scalar for this x is unknown";
|
||||||
secp256k1_fe_t nums_x;
|
secp256k1_fe_t nums_x;
|
||||||
VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
|
|
||||||
secp256k1_ge_t nums_ge;
|
secp256k1_ge_t nums_ge;
|
||||||
|
VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
|
||||||
VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
|
VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
|
||||||
secp256k1_gej_set_ge(&nums_gej, &nums_ge);
|
secp256k1_gej_set_ge(&nums_gej, &nums_ge);
|
||||||
/* Add G to make the bits in x uniformly distributed. */
|
/* Add G to make the bits in x uniformly distributed. */
|
||||||
|
@ -53,19 +57,20 @@ static void secp256k1_ecmult_gen_start(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* compute prec. */
|
/* compute prec. */
|
||||||
secp256k1_ge_t prec[1024];
|
|
||||||
{
|
{
|
||||||
secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */
|
secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */
|
||||||
secp256k1_gej_t gbase; gbase = gj; /* 16^j * G */
|
secp256k1_gej_t gbase;
|
||||||
secp256k1_gej_t numsbase; numsbase = nums_gej; /* 2^j * nums. */
|
secp256k1_gej_t numsbase;
|
||||||
for (int j=0; j<64; j++) {
|
gbase = gj; /* 16^j * G */
|
||||||
|
numsbase = nums_gej; /* 2^j * nums. */
|
||||||
|
for (j = 0; j < 64; j++) {
|
||||||
/* Set precj[j*16 .. j*16+15] to (numsbase, numsbase + gbase, ..., numsbase + 15*gbase). */
|
/* Set precj[j*16 .. j*16+15] to (numsbase, numsbase + gbase, ..., numsbase + 15*gbase). */
|
||||||
precj[j*16] = numsbase;
|
precj[j*16] = numsbase;
|
||||||
for (int i=1; i<16; i++) {
|
for (i = 1; i < 16; i++) {
|
||||||
secp256k1_gej_add_var(&precj[j*16 + i], &precj[j*16 + i - 1], &gbase);
|
secp256k1_gej_add_var(&precj[j*16 + i], &precj[j*16 + i - 1], &gbase);
|
||||||
}
|
}
|
||||||
/* Multiply gbase by 16. */
|
/* Multiply gbase by 16. */
|
||||||
for (int i=0; i<4; i++) {
|
for (i = 0; i < 4; i++) {
|
||||||
secp256k1_gej_double_var(&gbase, &gbase);
|
secp256k1_gej_double_var(&gbase, &gbase);
|
||||||
}
|
}
|
||||||
/* Multiply numbase by 2. */
|
/* Multiply numbase by 2. */
|
||||||
|
@ -78,8 +83,8 @@ static void secp256k1_ecmult_gen_start(void) {
|
||||||
}
|
}
|
||||||
secp256k1_ge_set_all_gej_var(1024, prec, precj);
|
secp256k1_ge_set_all_gej_var(1024, prec, precj);
|
||||||
}
|
}
|
||||||
for (int j=0; j<64; j++) {
|
for (j = 0; j < 64; j++) {
|
||||||
for (int i=0; i<16; i++) {
|
for (i = 0; i < 16; i++) {
|
||||||
secp256k1_ge_to_storage(&ret->prec[j][i], &prec[j*16 + i]);
|
secp256k1_ge_to_storage(&ret->prec[j][i], &prec[j*16 + i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -89,10 +94,11 @@ static void secp256k1_ecmult_gen_start(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ecmult_gen_stop(void) {
|
static void secp256k1_ecmult_gen_stop(void) {
|
||||||
|
secp256k1_ecmult_gen_consts_t *c;
|
||||||
if (secp256k1_ecmult_gen_consts == NULL)
|
if (secp256k1_ecmult_gen_consts == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
secp256k1_ecmult_gen_consts_t *c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
|
c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
|
||||||
secp256k1_ecmult_gen_consts = NULL;
|
secp256k1_ecmult_gen_consts = NULL;
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
@ -101,12 +107,13 @@ static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *g
|
||||||
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
|
||||||
secp256k1_ge_t add;
|
secp256k1_ge_t add;
|
||||||
secp256k1_ge_storage_t adds;
|
secp256k1_ge_storage_t adds;
|
||||||
|
int bits;
|
||||||
|
int i, j;
|
||||||
secp256k1_gej_set_infinity(r);
|
secp256k1_gej_set_infinity(r);
|
||||||
add.infinity = 0;
|
add.infinity = 0;
|
||||||
int bits;
|
for (j = 0; j < 64; j++) {
|
||||||
for (int j=0; j<64; j++) {
|
|
||||||
bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
|
bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
|
||||||
for (int i=0; i<16; i++) {
|
for (i = 0; i < 16; i++) {
|
||||||
secp256k1_ge_storage_cmov(&adds, &c->prec[j][i], i == bits);
|
secp256k1_ge_storage_cmov(&adds, &c->prec[j][i], i == bits);
|
||||||
}
|
}
|
||||||
secp256k1_ge_from_storage(&add, &adds);
|
secp256k1_ge_from_storage(&add, &adds);
|
||||||
|
|
|
@ -37,23 +37,27 @@
|
||||||
* G is constant, so it only needs to be done once in advance.
|
* G is constant, so it only needs to be done once in advance.
|
||||||
*/
|
*/
|
||||||
static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
|
secp256k1_gej_t d;
|
||||||
|
int i;
|
||||||
pre[0] = *a;
|
pre[0] = *a;
|
||||||
secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
|
secp256k1_gej_double_var(&d, &pre[0]);
|
||||||
for (int i=1; i<(1 << (w-2)); i++)
|
for (i = 1; i < (1 << (w-2)); i++)
|
||||||
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, int w) {
|
static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, int w) {
|
||||||
|
secp256k1_gej_t d;
|
||||||
|
int i;
|
||||||
const int table_size = 1 << (w-2);
|
const int table_size = 1 << (w-2);
|
||||||
secp256k1_gej_t *prej = checked_malloc(sizeof(secp256k1_gej_t) * table_size);
|
secp256k1_gej_t *prej = checked_malloc(sizeof(secp256k1_gej_t) * table_size);
|
||||||
secp256k1_ge_t *prea = checked_malloc(sizeof(secp256k1_ge_t) * table_size);
|
secp256k1_ge_t *prea = checked_malloc(sizeof(secp256k1_ge_t) * table_size);
|
||||||
prej[0] = *a;
|
prej[0] = *a;
|
||||||
secp256k1_gej_t d; secp256k1_gej_double_var(&d, a);
|
secp256k1_gej_double_var(&d, a);
|
||||||
for (int i=1; i<table_size; i++) {
|
for (i = 1; i < table_size; i++) {
|
||||||
secp256k1_gej_add_var(&prej[i], &d, &prej[i-1]);
|
secp256k1_gej_add_var(&prej[i], &d, &prej[i-1]);
|
||||||
}
|
}
|
||||||
secp256k1_ge_set_all_gej_var(table_size, prea, prej);
|
secp256k1_ge_set_all_gej_var(table_size, prea, prej);
|
||||||
for (int i=0; i<table_size; i++) {
|
for (i = 0; i < table_size; i++) {
|
||||||
secp256k1_ge_to_storage(&pre[i], &prea[i]);
|
secp256k1_ge_to_storage(&pre[i], &prea[i]);
|
||||||
}
|
}
|
||||||
free(prej);
|
free(prej);
|
||||||
|
@ -97,26 +101,31 @@ typedef struct {
|
||||||
static const secp256k1_ecmult_consts_t *secp256k1_ecmult_consts = NULL;
|
static const secp256k1_ecmult_consts_t *secp256k1_ecmult_consts = NULL;
|
||||||
|
|
||||||
static void secp256k1_ecmult_start(void) {
|
static void secp256k1_ecmult_start(void) {
|
||||||
|
secp256k1_gej_t gj;
|
||||||
|
secp256k1_ecmult_consts_t *ret;
|
||||||
if (secp256k1_ecmult_consts != NULL)
|
if (secp256k1_ecmult_consts != NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* Allocate the precomputation table. */
|
/* Allocate the precomputation table. */
|
||||||
secp256k1_ecmult_consts_t *ret = (secp256k1_ecmult_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_consts_t));
|
ret = (secp256k1_ecmult_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_consts_t));
|
||||||
|
|
||||||
/* get the generator */
|
/* get the generator */
|
||||||
secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
|
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
|
||||||
/* calculate 2^128*generator */
|
|
||||||
secp256k1_gej_t g_128j = gj;
|
|
||||||
for (int i=0; i<128; i++)
|
|
||||||
secp256k1_gej_double_var(&g_128j, &g_128j);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* precompute the tables with odd multiples */
|
/* precompute the tables with odd multiples */
|
||||||
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g, &gj, WINDOW_G);
|
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g, &gj, WINDOW_G);
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G);
|
{
|
||||||
|
secp256k1_gej_t g_128j;
|
||||||
|
int i;
|
||||||
|
/* calculate 2^128*generator */
|
||||||
|
g_128j = gj;
|
||||||
|
for (i = 0; i < 128; i++)
|
||||||
|
secp256k1_gej_double_var(&g_128j, &g_128j);
|
||||||
|
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Set the global pointer to the precomputation table. */
|
/* Set the global pointer to the precomputation table. */
|
||||||
|
@ -124,10 +133,11 @@ static void secp256k1_ecmult_start(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ecmult_stop(void) {
|
static void secp256k1_ecmult_stop(void) {
|
||||||
|
secp256k1_ecmult_consts_t *c;
|
||||||
if (secp256k1_ecmult_consts == NULL)
|
if (secp256k1_ecmult_consts == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
secp256k1_ecmult_consts_t *c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts;
|
c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts;
|
||||||
secp256k1_ecmult_consts = NULL;
|
secp256k1_ecmult_consts = NULL;
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
@ -141,16 +151,18 @@ static void secp256k1_ecmult_stop(void) {
|
||||||
*/
|
*/
|
||||||
static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) {
|
static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) {
|
||||||
secp256k1_scalar_t s = *a;
|
secp256k1_scalar_t s = *a;
|
||||||
|
int set_bits = 0;
|
||||||
|
int bit = 0;
|
||||||
int sign = 1;
|
int sign = 1;
|
||||||
|
|
||||||
if (secp256k1_scalar_get_bits(&s, 255, 1)) {
|
if (secp256k1_scalar_get_bits(&s, 255, 1)) {
|
||||||
secp256k1_scalar_negate(&s, &s);
|
secp256k1_scalar_negate(&s, &s);
|
||||||
sign = -1;
|
sign = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int set_bits = 0;
|
|
||||||
int bit = 0;
|
|
||||||
while (bit < 256) {
|
while (bit < 256) {
|
||||||
|
int now;
|
||||||
|
int word;
|
||||||
if (secp256k1_scalar_get_bits(&s, bit, 1) == 0) {
|
if (secp256k1_scalar_get_bits(&s, bit, 1) == 0) {
|
||||||
bit++;
|
bit++;
|
||||||
continue;
|
continue;
|
||||||
|
@ -158,11 +170,11 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w)
|
||||||
while (set_bits < bit) {
|
while (set_bits < bit) {
|
||||||
wnaf[set_bits++] = 0;
|
wnaf[set_bits++] = 0;
|
||||||
}
|
}
|
||||||
int now = w;
|
now = w;
|
||||||
if (bit + now > 256) {
|
if (bit + now > 256) {
|
||||||
now = 256 - bit;
|
now = 256 - bit;
|
||||||
}
|
}
|
||||||
int word = secp256k1_scalar_get_bits_var(&s, bit, now);
|
word = secp256k1_scalar_get_bits_var(&s, bit, now);
|
||||||
if (word & (1 << (w-1))) {
|
if (word & (1 << (w-1))) {
|
||||||
secp256k1_scalar_add_bit(&s, bit + w);
|
secp256k1_scalar_add_bit(&s, bit + w);
|
||||||
wnaf[set_bits++] = sign * (word - (1 << w));
|
wnaf[set_bits++] = sign * (word - (1 << w));
|
||||||
|
@ -175,58 +187,74 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w)
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_scalar_t *na, const secp256k1_scalar_t *ng) {
|
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_scalar_t *na, const secp256k1_scalar_t *ng) {
|
||||||
|
secp256k1_gej_t tmpj;
|
||||||
|
secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
|
||||||
|
secp256k1_ge_t tmpa;
|
||||||
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
|
||||||
|
#ifdef USE_ENDOMORPHISM
|
||||||
|
secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
|
||||||
|
secp256k1_scalar_t na_1, na_lam;
|
||||||
|
/* Splitted G factors. */
|
||||||
|
secp256k1_scalar_t ng_1, ng_128;
|
||||||
|
int wnaf_na_1[130];
|
||||||
|
int wnaf_na_lam[130];
|
||||||
|
int bits_na_1;
|
||||||
|
int bits_na_lam;
|
||||||
|
int wnaf_ng_1[129];
|
||||||
|
int bits_ng_1;
|
||||||
|
int wnaf_ng_128[129];
|
||||||
|
int bits_ng_128;
|
||||||
|
#else
|
||||||
|
int wnaf_na[256];
|
||||||
|
int bits_na;
|
||||||
|
int wnaf_ng[257];
|
||||||
|
int bits_ng;
|
||||||
|
#endif
|
||||||
|
int i;
|
||||||
|
int bits;
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
secp256k1_scalar_t na_1, na_lam;
|
|
||||||
/* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */
|
/* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */
|
||||||
secp256k1_scalar_split_lambda_var(&na_1, &na_lam, na);
|
secp256k1_scalar_split_lambda_var(&na_1, &na_lam, na);
|
||||||
|
|
||||||
/* build wnaf representation for na_1 and na_lam. */
|
/* build wnaf representation for na_1 and na_lam. */
|
||||||
int wnaf_na_1[130]; int bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A);
|
bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A);
|
||||||
int wnaf_na_lam[130]; int bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A);
|
bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A);
|
||||||
VERIFY_CHECK(bits_na_1 <= 130);
|
VERIFY_CHECK(bits_na_1 <= 130);
|
||||||
VERIFY_CHECK(bits_na_lam <= 130);
|
VERIFY_CHECK(bits_na_lam <= 130);
|
||||||
int bits = bits_na_1;
|
bits = bits_na_1;
|
||||||
if (bits_na_lam > bits) bits = bits_na_lam;
|
if (bits_na_lam > bits) bits = bits_na_lam;
|
||||||
#else
|
#else
|
||||||
/* build wnaf representation for na. */
|
/* build wnaf representation for na. */
|
||||||
int wnaf_na[256]; int bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A);
|
bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A);
|
||||||
int bits = bits_na;
|
bits = bits_na;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* calculate odd multiples of a */
|
/* calculate odd multiples of a */
|
||||||
secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
|
|
||||||
secp256k1_ecmult_table_precomp_gej_var(pre_a, a, WINDOW_A);
|
secp256k1_ecmult_table_precomp_gej_var(pre_a, a, WINDOW_A);
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
|
for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++)
|
||||||
for (int i=0; i<ECMULT_TABLE_SIZE(WINDOW_A); i++)
|
|
||||||
secp256k1_gej_mul_lambda(&pre_a_lam[i], &pre_a[i]);
|
secp256k1_gej_mul_lambda(&pre_a_lam[i], &pre_a[i]);
|
||||||
|
|
||||||
/* Splitted G factors. */
|
|
||||||
secp256k1_scalar_t ng_1, ng_128;
|
|
||||||
|
|
||||||
/* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */
|
/* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */
|
||||||
secp256k1_scalar_split_128(&ng_1, &ng_128, ng);
|
secp256k1_scalar_split_128(&ng_1, &ng_128, ng);
|
||||||
|
|
||||||
/* Build wnaf representation for ng_1 and ng_128 */
|
/* Build wnaf representation for ng_1 and ng_128 */
|
||||||
int wnaf_ng_1[129]; int bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, &ng_1, WINDOW_G);
|
bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, &ng_1, WINDOW_G);
|
||||||
int wnaf_ng_128[129]; int bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, &ng_128, WINDOW_G);
|
bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, &ng_128, WINDOW_G);
|
||||||
if (bits_ng_1 > bits) bits = bits_ng_1;
|
if (bits_ng_1 > bits) bits = bits_ng_1;
|
||||||
if (bits_ng_128 > bits) bits = bits_ng_128;
|
if (bits_ng_128 > bits) bits = bits_ng_128;
|
||||||
#else
|
#else
|
||||||
int wnaf_ng[257]; int bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G);
|
bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G);
|
||||||
if (bits_ng > bits) bits = bits_ng;
|
if (bits_ng > bits) bits = bits_ng;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
secp256k1_gej_set_infinity(r);
|
secp256k1_gej_set_infinity(r);
|
||||||
secp256k1_gej_t tmpj;
|
|
||||||
secp256k1_ge_t tmpa;
|
|
||||||
|
|
||||||
for (int i=bits-1; i>=0; i--) {
|
for (i = bits-1; i >= 0; i--) {
|
||||||
secp256k1_gej_double_var(r, r);
|
|
||||||
int n;
|
int n;
|
||||||
|
secp256k1_gej_double_var(r, r);
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
if (i < bits_na_1 && (n = wnaf_na_1[i])) {
|
if (i < bits_na_1 && (n = wnaf_na_1[i])) {
|
||||||
ECMULT_TABLE_GET_GEJ(&tmpj, pre_a, n, WINDOW_A);
|
ECMULT_TABLE_GET_GEJ(&tmpj, pre_a, n, WINDOW_A);
|
||||||
|
|
|
@ -398,7 +398,7 @@ static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) {
|
static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) {
|
||||||
uint64_t mask0 = flag + ~((uint64_t)0), mask1 = ~mask0;
|
uint64_t mask0 = flag + ~((uint64_t)0), mask1 = ~mask0;
|
||||||
r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1);
|
r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1);
|
||||||
r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1);
|
r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1);
|
||||||
|
@ -416,7 +416,7 @@ static void secp256k1_fe_to_storage(secp256k1_fe_storage_t *r, const secp256k1_f
|
||||||
r->n[3] = a->n[3] >> 36 | a->n[4] << 16;
|
r->n[3] = a->n[3] >> 36 | a->n[4] << 16;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) {
|
static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) {
|
||||||
r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL;
|
r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL;
|
||||||
r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL);
|
r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL);
|
||||||
r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL);
|
r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL);
|
||||||
|
|
134
src/group_impl.h
134
src/group_impl.h
|
@ -54,10 +54,11 @@ static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t z2, z3;
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
secp256k1_fe_inv(&a->z, &a->z);
|
secp256k1_fe_inv(&a->z, &a->z);
|
||||||
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
secp256k1_fe_sqr(&z2, &a->z);
|
||||||
secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2);
|
secp256k1_fe_mul(&z3, &a->z, &z2);
|
||||||
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
||||||
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
||||||
secp256k1_fe_set_int(&a->z, 1);
|
secp256k1_fe_set_int(&a->z, 1);
|
||||||
|
@ -66,13 +67,14 @@ static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t z2, z3;
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
secp256k1_fe_inv_var(&a->z, &a->z);
|
secp256k1_fe_inv_var(&a->z, &a->z);
|
||||||
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
secp256k1_fe_sqr(&z2, &a->z);
|
||||||
secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2);
|
secp256k1_fe_mul(&z3, &a->z, &z2);
|
||||||
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
||||||
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
||||||
secp256k1_fe_set_int(&a->z, 1);
|
secp256k1_fe_set_int(&a->z, 1);
|
||||||
|
@ -81,25 +83,29 @@ static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t *r, const secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t *az;
|
||||||
|
secp256k1_fe_t *azi;
|
||||||
|
size_t i;
|
||||||
size_t count = 0;
|
size_t count = 0;
|
||||||
secp256k1_fe_t *az = checked_malloc(sizeof(secp256k1_fe_t) * len);
|
az = checked_malloc(sizeof(secp256k1_fe_t) * len);
|
||||||
for (size_t i=0; i<len; i++) {
|
for (i = 0; i < len; i++) {
|
||||||
if (!a[i].infinity) {
|
if (!a[i].infinity) {
|
||||||
az[count++] = a[i].z;
|
az[count++] = a[i].z;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
secp256k1_fe_t *azi = checked_malloc(sizeof(secp256k1_fe_t) * count);
|
azi = checked_malloc(sizeof(secp256k1_fe_t) * count);
|
||||||
secp256k1_fe_inv_all_var(count, azi, az);
|
secp256k1_fe_inv_all_var(count, azi, az);
|
||||||
free(az);
|
free(az);
|
||||||
|
|
||||||
count = 0;
|
count = 0;
|
||||||
for (size_t i=0; i<len; i++) {
|
for (i = 0; i < len; i++) {
|
||||||
r[i].infinity = a[i].infinity;
|
r[i].infinity = a[i].infinity;
|
||||||
if (!a[i].infinity) {
|
if (!a[i].infinity) {
|
||||||
|
secp256k1_fe_t zi2, zi3;
|
||||||
secp256k1_fe_t *zi = &azi[count++];
|
secp256k1_fe_t *zi = &azi[count++];
|
||||||
secp256k1_fe_t zi2; secp256k1_fe_sqr(&zi2, zi);
|
secp256k1_fe_sqr(&zi2, zi);
|
||||||
secp256k1_fe_t zi3; secp256k1_fe_mul(&zi3, &zi2, zi);
|
secp256k1_fe_mul(&zi3, &zi2, zi);
|
||||||
secp256k1_fe_mul(&r[i].x, &a[i].x, &zi2);
|
secp256k1_fe_mul(&r[i].x, &a[i].x, &zi2);
|
||||||
secp256k1_fe_mul(&r[i].y, &a[i].y, &zi3);
|
secp256k1_fe_mul(&r[i].y, &a[i].y, &zi3);
|
||||||
}
|
}
|
||||||
|
@ -135,11 +141,12 @@ static void secp256k1_ge_clear(secp256k1_ge_t *r) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int secp256k1_ge_set_xo_var(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
static int secp256k1_ge_set_xo_var(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
|
||||||
|
secp256k1_fe_t x2, x3, c;
|
||||||
r->x = *x;
|
r->x = *x;
|
||||||
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
|
secp256k1_fe_sqr(&x2, x);
|
||||||
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
|
secp256k1_fe_mul(&x3, x, &x2);
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7);
|
secp256k1_fe_set_int(&c, 7);
|
||||||
secp256k1_fe_add(&c, &x3);
|
secp256k1_fe_add(&c, &x3);
|
||||||
if (!secp256k1_fe_sqrt_var(&r->y, &c))
|
if (!secp256k1_fe_sqrt_var(&r->y, &c))
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -157,9 +164,10 @@ static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int secp256k1_gej_eq_x_var(const secp256k1_fe_t *x, const secp256k1_gej_t *a) {
|
static int secp256k1_gej_eq_x_var(const secp256k1_fe_t *x, const secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t r, r2;
|
||||||
VERIFY_CHECK(!a->infinity);
|
VERIFY_CHECK(!a->infinity);
|
||||||
secp256k1_fe_t r; secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x);
|
secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x);
|
||||||
secp256k1_fe_t r2 = a->x; secp256k1_fe_normalize_weak(&r2);
|
r2 = a->x; secp256k1_fe_normalize_weak(&r2);
|
||||||
return secp256k1_fe_equal_var(&r, &r2);
|
return secp256k1_fe_equal_var(&r, &r2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -177,6 +185,7 @@ static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) {
|
static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t y2, x3, z2, z6;
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
/** y^2 = x^3 + 7
|
/** y^2 = x^3 + 7
|
||||||
|
@ -184,10 +193,10 @@ static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) {
|
||||||
* Y^2 / Z^6 = X^3 / Z^6 + 7
|
* Y^2 / Z^6 = X^3 / Z^6 + 7
|
||||||
* Y^2 = X^3 + 7*Z^6
|
* Y^2 = X^3 + 7*Z^6
|
||||||
*/
|
*/
|
||||||
secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y);
|
secp256k1_fe_sqr(&y2, &a->y);
|
||||||
secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
|
secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
|
||||||
secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
|
secp256k1_fe_sqr(&z2, &a->z);
|
||||||
secp256k1_fe_t z6; secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2);
|
secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2);
|
||||||
secp256k1_fe_mul_int(&z6, 7);
|
secp256k1_fe_mul_int(&z6, 7);
|
||||||
secp256k1_fe_add(&x3, &z6);
|
secp256k1_fe_add(&x3, &z6);
|
||||||
secp256k1_fe_normalize_weak(&x3);
|
secp256k1_fe_normalize_weak(&x3);
|
||||||
|
@ -195,18 +204,20 @@ static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a) {
|
static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a) {
|
||||||
|
secp256k1_fe_t y2, x3, c;
|
||||||
if (a->infinity)
|
if (a->infinity)
|
||||||
return 0;
|
return 0;
|
||||||
/* y^2 = x^3 + 7 */
|
/* y^2 = x^3 + 7 */
|
||||||
secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y);
|
secp256k1_fe_sqr(&y2, &a->y);
|
||||||
secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
|
secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
|
||||||
secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7);
|
secp256k1_fe_set_int(&c, 7);
|
||||||
secp256k1_fe_add(&x3, &c);
|
secp256k1_fe_add(&x3, &c);
|
||||||
secp256k1_fe_normalize_weak(&x3);
|
secp256k1_fe_normalize_weak(&x3);
|
||||||
return secp256k1_fe_equal_var(&y2, &x3);
|
return secp256k1_fe_equal_var(&y2, &x3);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
|
||||||
|
secp256k1_fe_t t1,t2,t3,t4;
|
||||||
/** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity,
|
/** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity,
|
||||||
* Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have
|
* Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have
|
||||||
* y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.
|
* y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.
|
||||||
|
@ -216,7 +227,6 @@ static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
secp256k1_fe_t t1,t2,t3,t4;
|
|
||||||
secp256k1_fe_mul(&r->z, &a->z, &a->y);
|
secp256k1_fe_mul(&r->z, &a->z, &a->y);
|
||||||
secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */
|
secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */
|
||||||
secp256k1_fe_sqr(&t1, &a->x);
|
secp256k1_fe_sqr(&t1, &a->x);
|
||||||
|
@ -240,6 +250,7 @@ static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
|
||||||
|
secp256k1_fe_t z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t;
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
*r = *b;
|
*r = *b;
|
||||||
return;
|
return;
|
||||||
|
@ -249,14 +260,14 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_t z22; secp256k1_fe_sqr(&z22, &b->z);
|
secp256k1_fe_sqr(&z22, &b->z);
|
||||||
secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
|
secp256k1_fe_sqr(&z12, &a->z);
|
||||||
secp256k1_fe_t u1; secp256k1_fe_mul(&u1, &a->x, &z22);
|
secp256k1_fe_mul(&u1, &a->x, &z22);
|
||||||
secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12);
|
secp256k1_fe_mul(&u2, &b->x, &z12);
|
||||||
secp256k1_fe_t s1; secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z);
|
secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z);
|
||||||
secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
|
secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
|
||||||
secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
|
secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
|
||||||
secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
|
secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
|
||||||
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
|
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
|
||||||
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
|
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
|
||||||
secp256k1_gej_double_var(r, a);
|
secp256k1_gej_double_var(r, a);
|
||||||
|
@ -265,11 +276,11 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a,
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i);
|
secp256k1_fe_sqr(&i2, &i);
|
||||||
secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h);
|
secp256k1_fe_sqr(&h2, &h);
|
||||||
secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2);
|
secp256k1_fe_mul(&h3, &h, &h2);
|
||||||
secp256k1_fe_mul(&r->z, &a->z, &b->z); secp256k1_fe_mul(&r->z, &r->z, &h);
|
secp256k1_fe_mul(&r->z, &a->z, &b->z); secp256k1_fe_mul(&r->z, &r->z, &h);
|
||||||
secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2);
|
secp256k1_fe_mul(&t, &u1, &h2);
|
||||||
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
|
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
|
||||||
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
|
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
|
||||||
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
|
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
|
||||||
|
@ -277,6 +288,7 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a,
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
|
secp256k1_fe_t z12, u1, u2, s1, s2, h, i, i2, h2, h3, t;
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = b->infinity;
|
r->infinity = b->infinity;
|
||||||
r->x = b->x;
|
r->x = b->x;
|
||||||
|
@ -289,13 +301,13 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
r->infinity = 0;
|
r->infinity = 0;
|
||||||
secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
|
secp256k1_fe_sqr(&z12, &a->z);
|
||||||
secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1);
|
u1 = a->x; secp256k1_fe_normalize_weak(&u1);
|
||||||
secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12);
|
secp256k1_fe_mul(&u2, &b->x, &z12);
|
||||||
secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1);
|
s1 = a->y; secp256k1_fe_normalize_weak(&s1);
|
||||||
secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
|
secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
|
||||||
secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
|
secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
|
||||||
secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
|
secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
|
||||||
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
|
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
|
||||||
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
|
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
|
||||||
secp256k1_gej_double_var(r, a);
|
secp256k1_gej_double_var(r, a);
|
||||||
|
@ -304,11 +316,11 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i);
|
secp256k1_fe_sqr(&i2, &i);
|
||||||
secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h);
|
secp256k1_fe_sqr(&h2, &h);
|
||||||
secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2);
|
secp256k1_fe_mul(&h3, &h, &h2);
|
||||||
r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h);
|
r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h);
|
||||||
secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2);
|
secp256k1_fe_mul(&t, &u1, &h2);
|
||||||
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
|
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
|
||||||
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
|
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
|
||||||
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
|
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
|
||||||
|
@ -316,6 +328,8 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
|
||||||
|
secp256k1_fe_t zz, u1, u2, s1, s2, z, t, m, n, q, rr;
|
||||||
|
int infinity;
|
||||||
VERIFY_CHECK(!b->infinity);
|
VERIFY_CHECK(!b->infinity);
|
||||||
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
|
||||||
|
|
||||||
|
@ -341,24 +355,24 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
|
||||||
* (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.)
|
* (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
secp256k1_fe_t zz; secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */
|
secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */
|
||||||
secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */
|
u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */
|
||||||
secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */
|
secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */
|
||||||
secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */
|
s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */
|
||||||
secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */
|
secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */
|
||||||
secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */
|
secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */
|
||||||
secp256k1_fe_t z = a->z; /* z = Z = Z1*Z2 (8) */
|
z = a->z; /* z = Z = Z1*Z2 (8) */
|
||||||
secp256k1_fe_t t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */
|
t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */
|
||||||
secp256k1_fe_t m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */
|
m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */
|
||||||
secp256k1_fe_t n; secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */
|
secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */
|
||||||
secp256k1_fe_t q; secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */
|
secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */
|
||||||
secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */
|
secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */
|
||||||
secp256k1_fe_t rr; secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */
|
secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */
|
||||||
secp256k1_fe_mul(&t, &u1, &u2); secp256k1_fe_negate(&t, &t, 1); /* t = -U1*U2 (2) */
|
secp256k1_fe_mul(&t, &u1, &u2); secp256k1_fe_negate(&t, &t, 1); /* t = -U1*U2 (2) */
|
||||||
secp256k1_fe_add(&rr, &t); /* rr = R = T^2-U1*U2 (3) */
|
secp256k1_fe_add(&rr, &t); /* rr = R = T^2-U1*U2 (3) */
|
||||||
secp256k1_fe_sqr(&t, &rr); /* t = R^2 (1) */
|
secp256k1_fe_sqr(&t, &rr); /* t = R^2 (1) */
|
||||||
secp256k1_fe_mul(&r->z, &m, &z); /* r->z = M*Z (1) */
|
secp256k1_fe_mul(&r->z, &m, &z); /* r->z = M*Z (1) */
|
||||||
int infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity);
|
infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity);
|
||||||
secp256k1_fe_mul_int(&r->z, 2 * (1 - a->infinity)); /* r->z = Z3 = 2*M*Z (2) */
|
secp256k1_fe_mul_int(&r->z, 2 * (1 - a->infinity)); /* r->z = Z3 = 2*M*Z (2) */
|
||||||
r->x = t; /* r->x = R^2 (1) */
|
r->x = t; /* r->x = R^2 (1) */
|
||||||
secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */
|
secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */
|
||||||
|
|
|
@ -80,9 +80,9 @@ static void secp256k1_scalar_order_get_num(secp256k1_num_t *r);
|
||||||
/** Compare two scalars. */
|
/** Compare two scalars. */
|
||||||
static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
|
||||||
|
|
||||||
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
|
/** Find r1 and r2 such that r1+r2*2^128 = a. */
|
||||||
|
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
||||||
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
|
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
|
||||||
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -630,6 +630,7 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||||
secp256k1_scalar_reduce_512(r, l);
|
secp256k1_scalar_reduce_512(r, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef USE_ENDOMORPHISM
|
||||||
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
|
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
|
||||||
r1->d[0] = a->d[0];
|
r1->d[0] = a->d[0];
|
||||||
r1->d[1] = a->d[1];
|
r1->d[1] = a->d[1];
|
||||||
|
@ -648,6 +649,7 @@ static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_
|
||||||
r2->d[6] = 0;
|
r2->d[6] = 0;
|
||||||
r2->d[7] = 0;
|
r2->d[7] = 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
|
||||||
return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0;
|
return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0;
|
||||||
|
|
106
src/secp256k1.c
106
src/secp256k1.c
|
@ -34,15 +34,15 @@ void secp256k1_stop(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_verify(const unsigned char *msg32, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {
|
int secp256k1_ecdsa_verify(const unsigned char *msg32, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {
|
||||||
|
secp256k1_ge_t q;
|
||||||
|
secp256k1_ecdsa_sig_t s;
|
||||||
|
secp256k1_scalar_t m;
|
||||||
|
int ret = -3;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
||||||
DEBUG_CHECK(msg32 != NULL);
|
DEBUG_CHECK(msg32 != NULL);
|
||||||
DEBUG_CHECK(sig != NULL);
|
DEBUG_CHECK(sig != NULL);
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
|
|
||||||
int ret = -3;
|
|
||||||
secp256k1_scalar_t m;
|
|
||||||
secp256k1_ecdsa_sig_t s;
|
|
||||||
secp256k1_ge_t q;
|
|
||||||
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
||||||
|
|
||||||
if (!secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen)) {
|
if (!secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen)) {
|
||||||
|
@ -63,10 +63,11 @@ end:
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) {
|
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) {
|
||||||
(void)data;
|
|
||||||
secp256k1_rfc6979_hmac_sha256_t rng;
|
secp256k1_rfc6979_hmac_sha256_t rng;
|
||||||
|
unsigned int i;
|
||||||
|
(void)data;
|
||||||
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key32, 32, msg32, 32);
|
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key32, 32, msg32, 32);
|
||||||
for (unsigned int i = 0; i <= counter; i++) {
|
for (i = 0; i <= counter; i++) {
|
||||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32);
|
secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32);
|
||||||
}
|
}
|
||||||
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
|
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
|
||||||
|
@ -77,6 +78,11 @@ const secp256k1_nonce_function_t secp256k1_nonce_function_rfc6979 = nonce_functi
|
||||||
const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979;
|
const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979;
|
||||||
|
|
||||||
int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, int *signaturelen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) {
|
int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, int *signaturelen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) {
|
||||||
|
secp256k1_ecdsa_sig_t sig;
|
||||||
|
secp256k1_scalar_t sec, non, msg;
|
||||||
|
int ret = 0;
|
||||||
|
int overflow = 0;
|
||||||
|
unsigned int count = 0;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
||||||
DEBUG_CHECK(msg32 != NULL);
|
DEBUG_CHECK(msg32 != NULL);
|
||||||
DEBUG_CHECK(signature != NULL);
|
DEBUG_CHECK(signature != NULL);
|
||||||
|
@ -86,13 +92,8 @@ int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, i
|
||||||
noncefp = secp256k1_nonce_function_default;
|
noncefp = secp256k1_nonce_function_default;
|
||||||
}
|
}
|
||||||
|
|
||||||
secp256k1_scalar_t sec, non, msg;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
||||||
secp256k1_scalar_set_b32(&msg, msg32, NULL);
|
secp256k1_scalar_set_b32(&msg, msg32, NULL);
|
||||||
int overflow = 0;
|
|
||||||
int ret = 0;
|
|
||||||
unsigned int count = 0;
|
|
||||||
secp256k1_ecdsa_sig_t sig;
|
|
||||||
while (1) {
|
while (1) {
|
||||||
unsigned char nonce32[32];
|
unsigned char nonce32[32];
|
||||||
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
|
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
|
||||||
|
@ -118,6 +119,11 @@ int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, i
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig64, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata, int *recid) {
|
int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig64, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata, int *recid) {
|
||||||
|
secp256k1_ecdsa_sig_t sig;
|
||||||
|
secp256k1_scalar_t sec, non, msg;
|
||||||
|
int ret = 0;
|
||||||
|
int overflow = 0;
|
||||||
|
unsigned int count = 0;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
||||||
DEBUG_CHECK(msg32 != NULL);
|
DEBUG_CHECK(msg32 != NULL);
|
||||||
DEBUG_CHECK(sig64 != NULL);
|
DEBUG_CHECK(sig64 != NULL);
|
||||||
|
@ -126,13 +132,8 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig6
|
||||||
noncefp = secp256k1_nonce_function_default;
|
noncefp = secp256k1_nonce_function_default;
|
||||||
}
|
}
|
||||||
|
|
||||||
secp256k1_scalar_t sec, non, msg;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
||||||
secp256k1_scalar_set_b32(&msg, msg32, NULL);
|
secp256k1_scalar_set_b32(&msg, msg32, NULL);
|
||||||
int overflow = 0;
|
|
||||||
int ret = 0;
|
|
||||||
unsigned int count = 0;
|
|
||||||
secp256k1_ecdsa_sig_t sig;
|
|
||||||
while (1) {
|
while (1) {
|
||||||
unsigned char nonce32[32];
|
unsigned char nonce32[32];
|
||||||
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
|
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
|
||||||
|
@ -159,6 +160,11 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig6
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) {
|
int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) {
|
||||||
|
secp256k1_ge_t q;
|
||||||
|
secp256k1_ecdsa_sig_t sig;
|
||||||
|
secp256k1_scalar_t m;
|
||||||
|
int ret = 0;
|
||||||
|
int overflow = 0;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
||||||
DEBUG_CHECK(msg32 != NULL);
|
DEBUG_CHECK(msg32 != NULL);
|
||||||
DEBUG_CHECK(sig64 != NULL);
|
DEBUG_CHECK(sig64 != NULL);
|
||||||
|
@ -166,10 +172,6 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c
|
||||||
DEBUG_CHECK(pubkeylen != NULL);
|
DEBUG_CHECK(pubkeylen != NULL);
|
||||||
DEBUG_CHECK(recid >= 0 && recid <= 3);
|
DEBUG_CHECK(recid >= 0 && recid <= 3);
|
||||||
|
|
||||||
int ret = 0;
|
|
||||||
secp256k1_scalar_t m;
|
|
||||||
secp256k1_ecdsa_sig_t sig;
|
|
||||||
int overflow = 0;
|
|
||||||
secp256k1_scalar_set_b32(&sig.r, sig64, &overflow);
|
secp256k1_scalar_set_b32(&sig.r, sig64, &overflow);
|
||||||
if (overflow) {
|
if (overflow) {
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -180,7 +182,6 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c
|
||||||
}
|
}
|
||||||
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
secp256k1_scalar_set_b32(&m, msg32, NULL);
|
||||||
|
|
||||||
secp256k1_ge_t q;
|
|
||||||
if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) {
|
if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) {
|
||||||
ret = secp256k1_eckey_pubkey_serialize(&q, pubkey, pubkeylen, compressed);
|
ret = secp256k1_eckey_pubkey_serialize(&q, pubkey, pubkeylen, compressed);
|
||||||
}
|
}
|
||||||
|
@ -188,60 +189,62 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_seckey_verify(const unsigned char *seckey) {
|
int secp256k1_ec_seckey_verify(const unsigned char *seckey) {
|
||||||
|
secp256k1_scalar_t sec;
|
||||||
|
int ret;
|
||||||
|
int overflow;
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t sec;
|
|
||||||
int overflow;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, &overflow);
|
secp256k1_scalar_set_b32(&sec, seckey, &overflow);
|
||||||
int ret = !secp256k1_scalar_is_zero(&sec) && !overflow;
|
ret = !secp256k1_scalar_is_zero(&sec) && !overflow;
|
||||||
secp256k1_scalar_clear(&sec);
|
secp256k1_scalar_clear(&sec);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_verify(const unsigned char *pubkey, int pubkeylen) {
|
int secp256k1_ec_pubkey_verify(const unsigned char *pubkey, int pubkeylen) {
|
||||||
|
secp256k1_ge_t q;
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
|
|
||||||
secp256k1_ge_t q;
|
|
||||||
return secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen);
|
return secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) {
|
int secp256k1_ec_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) {
|
||||||
|
secp256k1_gej_t pj;
|
||||||
|
secp256k1_ge_t p;
|
||||||
|
secp256k1_scalar_t sec;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
DEBUG_CHECK(pubkeylen != NULL);
|
DEBUG_CHECK(pubkeylen != NULL);
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t sec;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
||||||
secp256k1_gej_t pj;
|
|
||||||
secp256k1_ecmult_gen(&pj, &sec);
|
secp256k1_ecmult_gen(&pj, &sec);
|
||||||
secp256k1_scalar_clear(&sec);
|
secp256k1_scalar_clear(&sec);
|
||||||
secp256k1_ge_t p;
|
|
||||||
secp256k1_ge_set_gej(&p, &pj);
|
secp256k1_ge_set_gej(&p, &pj);
|
||||||
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, compressed);
|
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, compressed);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) {
|
int secp256k1_ec_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) {
|
||||||
|
secp256k1_ge_t p;
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
DEBUG_CHECK(pubkeylen != NULL);
|
DEBUG_CHECK(pubkeylen != NULL);
|
||||||
|
|
||||||
secp256k1_ge_t p;
|
|
||||||
if (!secp256k1_eckey_pubkey_parse(&p, pubkey, *pubkeylen))
|
if (!secp256k1_eckey_pubkey_parse(&p, pubkey, *pubkeylen))
|
||||||
return 0;
|
return 0;
|
||||||
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, 0);
|
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *tweak) {
|
||||||
|
secp256k1_scalar_t term;
|
||||||
|
secp256k1_scalar_t sec;
|
||||||
|
int ret;
|
||||||
|
int overflow = 0;
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
DEBUG_CHECK(tweak != NULL);
|
DEBUG_CHECK(tweak != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t term;
|
|
||||||
int overflow = 0;
|
|
||||||
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
||||||
secp256k1_scalar_t sec;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
||||||
|
|
||||||
int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow;
|
ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow;
|
||||||
if (ret) {
|
if (ret) {
|
||||||
secp256k1_scalar_get_b32(seckey, &sec);
|
secp256k1_scalar_get_b32(seckey, &sec);
|
||||||
}
|
}
|
||||||
|
@ -252,18 +255,19 @@ int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *t
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
|
int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
|
||||||
|
secp256k1_ge_t p;
|
||||||
|
secp256k1_scalar_t term;
|
||||||
|
int ret;
|
||||||
|
int overflow = 0;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
DEBUG_CHECK(tweak != NULL);
|
DEBUG_CHECK(tweak != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t term;
|
|
||||||
int overflow = 0;
|
|
||||||
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
secp256k1_scalar_set_b32(&term, tweak, &overflow);
|
||||||
if (overflow) {
|
if (overflow) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
secp256k1_ge_t p;
|
ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
|
||||||
int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
ret = secp256k1_eckey_pubkey_tweak_add(&p, &term);
|
ret = secp256k1_eckey_pubkey_tweak_add(&p, &term);
|
||||||
}
|
}
|
||||||
|
@ -277,15 +281,16 @@ int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const un
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *tweak) {
|
int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *tweak) {
|
||||||
|
secp256k1_scalar_t factor;
|
||||||
|
secp256k1_scalar_t sec;
|
||||||
|
int ret;
|
||||||
|
int overflow = 0;
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
DEBUG_CHECK(tweak != NULL);
|
DEBUG_CHECK(tweak != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t factor;
|
|
||||||
int overflow = 0;
|
|
||||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
||||||
secp256k1_scalar_t sec;
|
|
||||||
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
secp256k1_scalar_set_b32(&sec, seckey, NULL);
|
||||||
int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow;
|
ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow;
|
||||||
if (ret) {
|
if (ret) {
|
||||||
secp256k1_scalar_get_b32(seckey, &sec);
|
secp256k1_scalar_get_b32(seckey, &sec);
|
||||||
}
|
}
|
||||||
|
@ -296,18 +301,19 @@ int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *t
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
|
int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
|
||||||
|
secp256k1_ge_t p;
|
||||||
|
secp256k1_scalar_t factor;
|
||||||
|
int ret;
|
||||||
|
int overflow = 0;
|
||||||
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
|
||||||
DEBUG_CHECK(pubkey != NULL);
|
DEBUG_CHECK(pubkey != NULL);
|
||||||
DEBUG_CHECK(tweak != NULL);
|
DEBUG_CHECK(tweak != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t factor;
|
|
||||||
int overflow = 0;
|
|
||||||
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
|
||||||
if (overflow) {
|
if (overflow) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
secp256k1_ge_t p;
|
ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
|
||||||
int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
ret = secp256k1_eckey_pubkey_tweak_mul(&p, &factor);
|
ret = secp256k1_eckey_pubkey_tweak_mul(&p, &factor);
|
||||||
}
|
}
|
||||||
|
@ -321,23 +327,25 @@ int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const un
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_export(const unsigned char *seckey, unsigned char *privkey, int *privkeylen, int compressed) {
|
int secp256k1_ec_privkey_export(const unsigned char *seckey, unsigned char *privkey, int *privkeylen, int compressed) {
|
||||||
|
secp256k1_scalar_t key;
|
||||||
|
int ret;
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
DEBUG_CHECK(privkey != NULL);
|
DEBUG_CHECK(privkey != NULL);
|
||||||
DEBUG_CHECK(privkeylen != NULL);
|
DEBUG_CHECK(privkeylen != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t key;
|
|
||||||
secp256k1_scalar_set_b32(&key, seckey, NULL);
|
secp256k1_scalar_set_b32(&key, seckey, NULL);
|
||||||
int ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed);
|
ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed);
|
||||||
secp256k1_scalar_clear(&key);
|
secp256k1_scalar_clear(&key);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256k1_ec_privkey_import(unsigned char *seckey, const unsigned char *privkey, int privkeylen) {
|
int secp256k1_ec_privkey_import(unsigned char *seckey, const unsigned char *privkey, int privkeylen) {
|
||||||
|
secp256k1_scalar_t key;
|
||||||
|
int ret;
|
||||||
DEBUG_CHECK(seckey != NULL);
|
DEBUG_CHECK(seckey != NULL);
|
||||||
DEBUG_CHECK(privkey != NULL);
|
DEBUG_CHECK(privkey != NULL);
|
||||||
|
|
||||||
secp256k1_scalar_t key;
|
ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
|
||||||
int ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
|
|
||||||
if (ret)
|
if (ret)
|
||||||
secp256k1_scalar_get_b32(seckey, &key);
|
secp256k1_scalar_get_b32(seckey, &key);
|
||||||
secp256k1_scalar_clear(&key);
|
secp256k1_scalar_clear(&key);
|
||||||
|
|
|
@ -1741,7 +1741,7 @@ int main(int argc, char **argv) {
|
||||||
|
|
||||||
/* find random seed */
|
/* find random seed */
|
||||||
if (argc > 2) {
|
if (argc > 2) {
|
||||||
seed = strtoull(argv[2], NULL, 0);
|
sscanf(argv[2], "%" I64uFORMAT, (unsigned long long*)&seed);
|
||||||
} else {
|
} else {
|
||||||
FILE *frand = fopen("/dev/urandom", "r");
|
FILE *frand = fopen("/dev/urandom", "r");
|
||||||
if (!frand || !fread(&seed, sizeof(seed), 1, frand)) {
|
if (!frand || !fread(&seed, sizeof(seed), 1, frand)) {
|
||||||
|
@ -1752,7 +1752,7 @@ int main(int argc, char **argv) {
|
||||||
secp256k1_rand_seed(seed);
|
secp256k1_rand_seed(seed);
|
||||||
|
|
||||||
printf("test count = %i\n", count);
|
printf("test count = %i\n", count);
|
||||||
printf("random seed = %llu\n", (unsigned long long)seed);
|
printf("random seed = %" I64uFORMAT "\n", (unsigned long long)seed);
|
||||||
|
|
||||||
/* initialize */
|
/* initialize */
|
||||||
secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY);
|
secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY);
|
||||||
|
|
15
src/util.h
15
src/util.h
|
@ -84,8 +84,21 @@ static SECP256K1_INLINE void *checked_malloc(size_t size) {
|
||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(_WIN32)
|
||||||
|
# define I64FORMAT "I64d"
|
||||||
|
# define I64uFORMAT "I64u"
|
||||||
|
#else
|
||||||
|
# define I64FORMAT "lld"
|
||||||
|
# define I64uFORMAT "llu"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(HAVE___INT128)
|
#if defined(HAVE___INT128)
|
||||||
typedef unsigned __int128 uint128_t;
|
# if defined(__GNUC__)
|
||||||
|
# define SECP256K1_GNUC_EXT __extension__
|
||||||
|
# else
|
||||||
|
# define SECP256K1_GNUC_EXT
|
||||||
|
# endif
|
||||||
|
SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Add table
Reference in a new issue