diff --git a/configure.ac b/configure.ac index f691156ff7..62f2229362 100644 --- a/configure.ac +++ b/configure.ac @@ -5,7 +5,7 @@ AC_CONFIG_MACRO_DIR([build-aux/m4]) AC_CANONICAL_HOST AH_TOP([#ifndef LIBSECP256K1_CONFIG_H]) AH_TOP([#define LIBSECP256K1_CONFIG_H]) -AH_BOTTOM([#endif //LIBSECP256K1_CONFIG_H]) +AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/]) AM_INIT_AUTOMAKE([foreign subdir-objects]) LT_INIT @@ -22,9 +22,9 @@ if test "x$CFLAGS" = "x"; then CFLAGS="-O3 -g" fi -AC_PROG_CC_C99 -if test x"$ac_cv_prog_cc_c99" = x"no"; then - AC_MSG_ERROR([c99 compiler support required]) +AC_PROG_CC_C89 +if test x"$ac_cv_prog_cc_c89" = x"no"; then + AC_MSG_ERROR([c89 compiler support required]) fi case $host in @@ -70,7 +70,7 @@ esac CFLAGS="$CFLAGS -W" -warn_CFLAGS="-Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function" +warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long" saved_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $warn_CFLAGS" AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}]) diff --git a/src/bench.h b/src/bench.h index 668ec39f71..76fa36fee8 100644 --- a/src/bench.h +++ b/src/bench.h @@ -18,14 +18,16 @@ static double gettimedouble(void) { } void run_benchmark(void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) { + int i; double min = HUGE_VAL; double sum = 0.0; double max = 0.0; - for (int i = 0; i < count; i++) { + for (i = 0; i < count; i++) { + double begin, total; if (setup) setup(data); - double begin = gettimedouble(); + begin = gettimedouble(); benchmark(data); - double total = gettimedouble() - begin; + total = gettimedouble() - begin; if (teardown) teardown(data); if (total < min) min = total; if (total > max) max = total; diff --git a/src/bench_inv.c b/src/bench_inv.c index 9cf12cff64..0f14f6d679 100644 --- a/src/bench_inv.c +++ b/src/bench_inv.c @@ -33,9 +33,10 @@ void bench_inv_setup(void* arg) { } void bench_inv(void* arg) { + int i; bench_inv_t *data = (bench_inv_t*)arg; - for (int i=0; i<20000; i++) { + for (i = 0; i < 20000; i++) { secp256k1_scalar_inverse(&data->x, &data->x); secp256k1_scalar_add(&data->x, &data->x, &data->base); } diff --git a/src/bench_recover.c b/src/bench_recover.c index b1e0f33efa..851fb9ade1 100644 --- a/src/bench_recover.c +++ b/src/bench_recover.c @@ -14,13 +14,15 @@ typedef struct { } bench_recover_t; void bench_recover(void* arg) { + int i; bench_recover_t *data = (bench_recover_t*)arg; - unsigned char pubkey[33]; - for (int i=0; i<20000; i++) { + + for (i = 0; i < 20000; i++) { + int j; int pubkeylen = 33; CHECK(secp256k1_ecdsa_recover_compact(data->msg, data->sig, pubkey, &pubkeylen, 1, i % 2)); - for (int j = 0; j < 32; j++) { + for (j = 0; j < 32; j++) { data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ data->msg[j] = data->sig[j]; /* Move former R to message. */ data->sig[j] = pubkey[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */ @@ -29,16 +31,17 @@ void bench_recover(void* arg) { } void bench_recover_setup(void* arg) { + int i; bench_recover_t *data = (bench_recover_t*)arg; - for (int i = 0; i < 32; i++) data->msg[i] = 1 + i; - for (int i = 0; i < 64; i++) data->sig[i] = 65 + i; + for (i = 0; i < 32; i++) data->msg[i] = 1 + i; + for (i = 0; i < 64; i++) data->sig[i] = 65 + i; } int main(void) { + bench_recover_t data; secp256k1_start(SECP256K1_START_VERIFY); - bench_recover_t data; run_benchmark(bench_recover, bench_recover_setup, NULL, &data, 10, 20000); secp256k1_stop(); diff --git a/src/bench_sign.c b/src/bench_sign.c index 2276f00b9a..c1e00fe74b 100644 --- a/src/bench_sign.c +++ b/src/bench_sign.c @@ -14,20 +14,23 @@ typedef struct { } bench_sign_t; static void bench_sign_setup(void* arg) { + int i; bench_sign_t *data = (bench_sign_t*)arg; - for (int i = 0; i < 32; i++) data->msg[i] = i + 1; - for (int i = 0; i < 32; i++) data->key[i] = i + 65; + for (i = 0; i < 32; i++) data->msg[i] = i + 1; + for (i = 0; i < 32; i++) data->key[i] = i + 65; } static void bench_sign(void* arg) { + int i; bench_sign_t *data = (bench_sign_t*)arg; unsigned char sig[64]; - for (int i=0; i<20000; i++) { + for (i = 0; i < 20000; i++) { + int j; int recid = 0; CHECK(secp256k1_ecdsa_sign_compact(data->msg, sig, data->key, NULL, NULL, &recid)); - for (int j = 0; j < 32; j++) { + for (j = 0; j < 32; j++) { data->msg[j] = sig[j]; /* Move former R to message. */ data->key[j] = sig[j + 32]; /* Move former S to key. */ } @@ -35,9 +38,9 @@ static void bench_sign(void* arg) { } int main(void) { + bench_sign_t data; secp256k1_start(SECP256K1_START_SIGN); - bench_sign_t data; run_benchmark(bench_sign, bench_sign_setup, NULL, &data, 10, 20000); secp256k1_stop(); diff --git a/src/bench_verify.c b/src/bench_verify.c index a58ca84347..6f4d2789bf 100644 --- a/src/bench_verify.c +++ b/src/bench_verify.c @@ -21,9 +21,10 @@ typedef struct { } benchmark_verify_t; static void benchmark_verify(void* arg) { + int i; benchmark_verify_t* data = (benchmark_verify_t*)arg; - for (int i=0; i<20000; i++) { + for (i = 0; i < 20000; i++) { data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); @@ -35,12 +36,13 @@ static void benchmark_verify(void* arg) { } int main(void) { - secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN); - + int i; benchmark_verify_t data; - for (int i = 0; i < 32; i++) data.msg[i] = 1 + i; - for (int i = 0; i < 32; i++) data.key[i] = 33 + i; + secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN); + + for (i = 0; i < 32; i++) data.msg[i] = 1 + i; + for (i = 0; i < 32; i++) data.key[i] = 33 + i; data.siglen = 72; secp256k1_ecdsa_sign(data.msg, data.sig, &data.siglen, data.key, NULL, NULL); data.pubkeylen = 33; diff --git a/src/ecmult_gen_impl.h b/src/ecmult_gen_impl.h index 4efd162ab8..e886b7dba0 100644 --- a/src/ecmult_gen_impl.h +++ b/src/ecmult_gen_impl.h @@ -30,22 +30,26 @@ typedef struct { static const secp256k1_ecmult_gen_consts_t *secp256k1_ecmult_gen_consts = NULL; static void secp256k1_ecmult_gen_start(void) { + secp256k1_ge_t prec[1024]; + secp256k1_gej_t gj; + secp256k1_gej_t nums_gej; + secp256k1_ecmult_gen_consts_t *ret; + int i, j; if (secp256k1_ecmult_gen_consts != NULL) return; /* Allocate the precomputation table. */ - secp256k1_ecmult_gen_consts_t *ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t)); + ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t)); /* get the generator */ - secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */ - secp256k1_gej_t nums_gej; { static const unsigned char nums_b32[32] = "The scalar for this x is unknown"; secp256k1_fe_t nums_x; - VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32)); secp256k1_ge_t nums_ge; + VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32)); VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0)); secp256k1_gej_set_ge(&nums_gej, &nums_ge); /* Add G to make the bits in x uniformly distributed. */ @@ -53,19 +57,20 @@ static void secp256k1_ecmult_gen_start(void) { } /* compute prec. */ - secp256k1_ge_t prec[1024]; { secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */ - secp256k1_gej_t gbase; gbase = gj; /* 16^j * G */ - secp256k1_gej_t numsbase; numsbase = nums_gej; /* 2^j * nums. */ - for (int j=0; j<64; j++) { + secp256k1_gej_t gbase; + secp256k1_gej_t numsbase; + gbase = gj; /* 16^j * G */ + numsbase = nums_gej; /* 2^j * nums. */ + for (j = 0; j < 64; j++) { /* Set precj[j*16 .. j*16+15] to (numsbase, numsbase + gbase, ..., numsbase + 15*gbase). */ precj[j*16] = numsbase; - for (int i=1; i<16; i++) { + for (i = 1; i < 16; i++) { secp256k1_gej_add_var(&precj[j*16 + i], &precj[j*16 + i - 1], &gbase); } /* Multiply gbase by 16. */ - for (int i=0; i<4; i++) { + for (i = 0; i < 4; i++) { secp256k1_gej_double_var(&gbase, &gbase); } /* Multiply numbase by 2. */ @@ -78,8 +83,8 @@ static void secp256k1_ecmult_gen_start(void) { } secp256k1_ge_set_all_gej_var(1024, prec, precj); } - for (int j=0; j<64; j++) { - for (int i=0; i<16; i++) { + for (j = 0; j < 64; j++) { + for (i = 0; i < 16; i++) { secp256k1_ge_to_storage(&ret->prec[j][i], &prec[j*16 + i]); } } @@ -89,10 +94,11 @@ static void secp256k1_ecmult_gen_start(void) { } static void secp256k1_ecmult_gen_stop(void) { + secp256k1_ecmult_gen_consts_t *c; if (secp256k1_ecmult_gen_consts == NULL) return; - secp256k1_ecmult_gen_consts_t *c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts; + c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts; secp256k1_ecmult_gen_consts = NULL; free(c); } @@ -101,12 +107,13 @@ static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *g const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts; secp256k1_ge_t add; secp256k1_ge_storage_t adds; + int bits; + int i, j; secp256k1_gej_set_infinity(r); add.infinity = 0; - int bits; - for (int j=0; j<64; j++) { + for (j = 0; j < 64; j++) { bits = secp256k1_scalar_get_bits(gn, j * 4, 4); - for (int i=0; i<16; i++) { + for (i = 0; i < 16; i++) { secp256k1_ge_storage_cmov(&adds, &c->prec[j][i], i == bits); } secp256k1_ge_from_storage(&add, &adds); diff --git a/src/ecmult_impl.h b/src/ecmult_impl.h index 74f57aaa77..ece0b0a459 100644 --- a/src/ecmult_impl.h +++ b/src/ecmult_impl.h @@ -37,23 +37,27 @@ * G is constant, so it only needs to be done once in advance. */ static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) { + secp256k1_gej_t d; + int i; pre[0] = *a; - secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]); - for (int i=1; i<(1 << (w-2)); i++) + secp256k1_gej_double_var(&d, &pre[0]); + for (i = 1; i < (1 << (w-2)); i++) secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]); } static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, int w) { + secp256k1_gej_t d; + int i; const int table_size = 1 << (w-2); secp256k1_gej_t *prej = checked_malloc(sizeof(secp256k1_gej_t) * table_size); secp256k1_ge_t *prea = checked_malloc(sizeof(secp256k1_ge_t) * table_size); prej[0] = *a; - secp256k1_gej_t d; secp256k1_gej_double_var(&d, a); - for (int i=1; ipre_g, &gj, WINDOW_G); + #ifdef USE_ENDOMORPHISM - secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G); + { + secp256k1_gej_t g_128j; + int i; + /* calculate 2^128*generator */ + g_128j = gj; + for (i = 0; i < 128; i++) + secp256k1_gej_double_var(&g_128j, &g_128j); + secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G); + } #endif /* Set the global pointer to the precomputation table. */ @@ -124,10 +133,11 @@ static void secp256k1_ecmult_start(void) { } static void secp256k1_ecmult_stop(void) { + secp256k1_ecmult_consts_t *c; if (secp256k1_ecmult_consts == NULL) return; - secp256k1_ecmult_consts_t *c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts; + c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts; secp256k1_ecmult_consts = NULL; free(c); } @@ -141,16 +151,18 @@ static void secp256k1_ecmult_stop(void) { */ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) { secp256k1_scalar_t s = *a; - + int set_bits = 0; + int bit = 0; int sign = 1; + if (secp256k1_scalar_get_bits(&s, 255, 1)) { secp256k1_scalar_negate(&s, &s); sign = -1; } - int set_bits = 0; - int bit = 0; while (bit < 256) { + int now; + int word; if (secp256k1_scalar_get_bits(&s, bit, 1) == 0) { bit++; continue; @@ -158,11 +170,11 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) while (set_bits < bit) { wnaf[set_bits++] = 0; } - int now = w; + now = w; if (bit + now > 256) { now = 256 - bit; } - int word = secp256k1_scalar_get_bits_var(&s, bit, now); + word = secp256k1_scalar_get_bits_var(&s, bit, now); if (word & (1 << (w-1))) { secp256k1_scalar_add_bit(&s, bit + w); wnaf[set_bits++] = sign * (word - (1 << w)); @@ -175,58 +187,74 @@ static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) } static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_scalar_t *na, const secp256k1_scalar_t *ng) { + secp256k1_gej_t tmpj; + secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge_t tmpa; const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts; +#ifdef USE_ENDOMORPHISM + secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_scalar_t na_1, na_lam; + /* Splitted G factors. */ + secp256k1_scalar_t ng_1, ng_128; + int wnaf_na_1[130]; + int wnaf_na_lam[130]; + int bits_na_1; + int bits_na_lam; + int wnaf_ng_1[129]; + int bits_ng_1; + int wnaf_ng_128[129]; + int bits_ng_128; +#else + int wnaf_na[256]; + int bits_na; + int wnaf_ng[257]; + int bits_ng; +#endif + int i; + int bits; #ifdef USE_ENDOMORPHISM - secp256k1_scalar_t na_1, na_lam; /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ secp256k1_scalar_split_lambda_var(&na_1, &na_lam, na); /* build wnaf representation for na_1 and na_lam. */ - int wnaf_na_1[130]; int bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A); - int wnaf_na_lam[130]; int bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A); + bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A); + bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A); VERIFY_CHECK(bits_na_1 <= 130); VERIFY_CHECK(bits_na_lam <= 130); - int bits = bits_na_1; + bits = bits_na_1; if (bits_na_lam > bits) bits = bits_na_lam; #else /* build wnaf representation for na. */ - int wnaf_na[256]; int bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A); - int bits = bits_na; + bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A); + bits = bits_na; #endif /* calculate odd multiples of a */ - secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; secp256k1_ecmult_table_precomp_gej_var(pre_a, a, WINDOW_A); #ifdef USE_ENDOMORPHISM - secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; - for (int i=0; i bits) bits = bits_ng_1; if (bits_ng_128 > bits) bits = bits_ng_128; #else - int wnaf_ng[257]; int bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G); + bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G); if (bits_ng > bits) bits = bits_ng; #endif secp256k1_gej_set_infinity(r); - secp256k1_gej_t tmpj; - secp256k1_ge_t tmpa; - for (int i=bits-1; i>=0; i--) { - secp256k1_gej_double_var(r, r); + for (i = bits-1; i >= 0; i--) { int n; + secp256k1_gej_double_var(r, r); #ifdef USE_ENDOMORPHISM if (i < bits_na_1 && (n = wnaf_na_1[i])) { ECMULT_TABLE_GET_GEJ(&tmpj, pre_a, n, WINDOW_A); diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index 0d07550e19..71ab472b12 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -398,7 +398,7 @@ static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) { #endif } -static inline void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) { +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) { uint64_t mask0 = flag + ~((uint64_t)0), mask1 = ~mask0; r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1); r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1); @@ -416,7 +416,7 @@ static void secp256k1_fe_to_storage(secp256k1_fe_storage_t *r, const secp256k1_f r->n[3] = a->n[3] >> 36 | a->n[4] << 16; } -static inline void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) { +static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) { r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); diff --git a/src/group_impl.h b/src/group_impl.h index a23a22a896..3fbfc887e4 100644 --- a/src/group_impl.h +++ b/src/group_impl.h @@ -54,10 +54,11 @@ static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a) { } static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) { + secp256k1_fe_t z2, z3; r->infinity = a->infinity; secp256k1_fe_inv(&a->z, &a->z); - secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); secp256k1_fe_mul(&a->x, &a->x, &z2); secp256k1_fe_mul(&a->y, &a->y, &z3); secp256k1_fe_set_int(&a->z, 1); @@ -66,13 +67,14 @@ static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) { } static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) { + secp256k1_fe_t z2, z3; r->infinity = a->infinity; if (a->infinity) { return; } secp256k1_fe_inv_var(&a->z, &a->z); - secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); secp256k1_fe_mul(&a->x, &a->x, &z2); secp256k1_fe_mul(&a->y, &a->y, &z3); secp256k1_fe_set_int(&a->z, 1); @@ -81,25 +83,29 @@ static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) { } static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t *r, const secp256k1_gej_t *a) { + secp256k1_fe_t *az; + secp256k1_fe_t *azi; + size_t i; size_t count = 0; - secp256k1_fe_t *az = checked_malloc(sizeof(secp256k1_fe_t) * len); - for (size_t i=0; ix = *x; - secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x); - secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2); + secp256k1_fe_sqr(&x2, x); + secp256k1_fe_mul(&x3, x, &x2); r->infinity = 0; - secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7); + secp256k1_fe_set_int(&c, 7); secp256k1_fe_add(&c, &x3); if (!secp256k1_fe_sqrt_var(&r->y, &c)) return 0; @@ -157,9 +164,10 @@ static void secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a) { } static int secp256k1_gej_eq_x_var(const secp256k1_fe_t *x, const secp256k1_gej_t *a) { + secp256k1_fe_t r, r2; VERIFY_CHECK(!a->infinity); - secp256k1_fe_t r; secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); - secp256k1_fe_t r2 = a->x; secp256k1_fe_normalize_weak(&r2); + secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); + r2 = a->x; secp256k1_fe_normalize_weak(&r2); return secp256k1_fe_equal_var(&r, &r2); } @@ -177,6 +185,7 @@ static int secp256k1_gej_is_infinity(const secp256k1_gej_t *a) { } static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) { + secp256k1_fe_t y2, x3, z2, z6; if (a->infinity) return 0; /** y^2 = x^3 + 7 @@ -184,10 +193,10 @@ static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) { * Y^2 / Z^6 = X^3 / Z^6 + 7 * Y^2 = X^3 + 7*Z^6 */ - secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y); - secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); - secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z); - secp256k1_fe_t z6; secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2); + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2); secp256k1_fe_mul_int(&z6, 7); secp256k1_fe_add(&x3, &z6); secp256k1_fe_normalize_weak(&x3); @@ -195,18 +204,20 @@ static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) { } static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a) { + secp256k1_fe_t y2, x3, c; if (a->infinity) return 0; /* y^2 = x^3 + 7 */ - secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y); - secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); - secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7); + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_set_int(&c, 7); secp256k1_fe_add(&x3, &c); secp256k1_fe_normalize_weak(&x3); return secp256k1_fe_equal_var(&y2, &x3); } static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) { + secp256k1_fe_t t1,t2,t3,t4; /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. @@ -216,7 +227,6 @@ static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t * return; } - secp256k1_fe_t t1,t2,t3,t4; secp256k1_fe_mul(&r->z, &a->z, &a->y); secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ secp256k1_fe_sqr(&t1, &a->x); @@ -240,6 +250,7 @@ static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t * } static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) { + secp256k1_fe_t z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; if (a->infinity) { *r = *b; return; @@ -249,14 +260,14 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, return; } r->infinity = 0; - secp256k1_fe_t z22; secp256k1_fe_sqr(&z22, &b->z); - secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z); - secp256k1_fe_t u1; secp256k1_fe_mul(&u1, &a->x, &z22); - secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12); - secp256k1_fe_t s1; secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); - secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); - secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); - secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + secp256k1_fe_sqr(&z22, &b->z); + secp256k1_fe_sqr(&z12, &a->z); + secp256k1_fe_mul(&u1, &a->x, &z22); + secp256k1_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); if (secp256k1_fe_normalizes_to_zero_var(&h)) { if (secp256k1_fe_normalizes_to_zero_var(&i)) { secp256k1_gej_double_var(r, a); @@ -265,11 +276,11 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, } return; } - secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i); - secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h); - secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2); + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); secp256k1_fe_mul(&r->z, &a->z, &b->z); secp256k1_fe_mul(&r->z, &r->z, &h); - secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2); + secp256k1_fe_mul(&t, &u1, &h2); r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); @@ -277,6 +288,7 @@ static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, } static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) { + secp256k1_fe_t z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; if (a->infinity) { r->infinity = b->infinity; r->x = b->x; @@ -289,13 +301,13 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t * return; } r->infinity = 0; - secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z); - secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1); - secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12); - secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1); - secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); - secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); - secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); + secp256k1_fe_sqr(&z12, &a->z); + u1 = a->x; secp256k1_fe_normalize_weak(&u1); + secp256k1_fe_mul(&u2, &b->x, &z12); + s1 = a->y; secp256k1_fe_normalize_weak(&s1); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2); if (secp256k1_fe_normalizes_to_zero_var(&h)) { if (secp256k1_fe_normalizes_to_zero_var(&i)) { secp256k1_gej_double_var(r, a); @@ -304,11 +316,11 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t * } return; } - secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i); - secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h); - secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2); + secp256k1_fe_sqr(&i2, &i); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_mul(&h3, &h, &h2); r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h); - secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2); + secp256k1_fe_mul(&t, &u1, &h2); r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2); secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i); secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1); @@ -316,6 +328,8 @@ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t * } static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) { + secp256k1_fe_t zz, u1, u2, s1, s2, z, t, m, n, q, rr; + int infinity; VERIFY_CHECK(!b->infinity); VERIFY_CHECK(a->infinity == 0 || a->infinity == 1); @@ -341,24 +355,24 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c * (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.) */ - secp256k1_fe_t zz; secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ - secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ - secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ - secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ - secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */ - secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ - secp256k1_fe_t z = a->z; /* z = Z = Z1*Z2 (8) */ - secp256k1_fe_t t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ - secp256k1_fe_t m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ - secp256k1_fe_t n; secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */ - secp256k1_fe_t q; secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */ - secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */ - secp256k1_fe_t rr; secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ + secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ + u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ + secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ + s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ + secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */ + secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ + z = a->z; /* z = Z = Z1*Z2 (8) */ + t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ + m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ + secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */ + secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */ + secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */ + secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ secp256k1_fe_mul(&t, &u1, &u2); secp256k1_fe_negate(&t, &t, 1); /* t = -U1*U2 (2) */ secp256k1_fe_add(&rr, &t); /* rr = R = T^2-U1*U2 (3) */ secp256k1_fe_sqr(&t, &rr); /* t = R^2 (1) */ secp256k1_fe_mul(&r->z, &m, &z); /* r->z = M*Z (1) */ - int infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); + infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); secp256k1_fe_mul_int(&r->z, 2 * (1 - a->infinity)); /* r->z = Z3 = 2*M*Z (2) */ r->x = t; /* r->x = R^2 (1) */ secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */ diff --git a/src/scalar.h b/src/scalar.h index f524eef269..f5d09f8d47 100644 --- a/src/scalar.h +++ b/src/scalar.h @@ -80,9 +80,9 @@ static void secp256k1_scalar_order_get_num(secp256k1_num_t *r); /** Compare two scalars. */ static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b); -static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a); - #ifdef USE_ENDOMORPHISM +/** Find r1 and r2 such that r1+r2*2^128 = a. */ +static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a); /** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */ static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a); #endif diff --git a/src/scalar_8x32_impl.h b/src/scalar_8x32_impl.h index 9478d8715e..2a7d2c9ac9 100644 --- a/src/scalar_8x32_impl.h +++ b/src/scalar_8x32_impl.h @@ -630,6 +630,7 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t secp256k1_scalar_reduce_512(r, l); } +#ifdef USE_ENDOMORPHISM static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) { r1->d[0] = a->d[0]; r1->d[1] = a->d[1]; @@ -648,6 +649,7 @@ static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_ r2->d[6] = 0; r2->d[7] = 0; } +#endif SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) { return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; diff --git a/src/secp256k1.c b/src/secp256k1.c index 2697394073..22c1febb3e 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -34,15 +34,15 @@ void secp256k1_stop(void) { } int secp256k1_ecdsa_verify(const unsigned char *msg32, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) { + secp256k1_ge_t q; + secp256k1_ecdsa_sig_t s; + secp256k1_scalar_t m; + int ret = -3; DEBUG_CHECK(secp256k1_ecmult_consts != NULL); DEBUG_CHECK(msg32 != NULL); DEBUG_CHECK(sig != NULL); DEBUG_CHECK(pubkey != NULL); - int ret = -3; - secp256k1_scalar_t m; - secp256k1_ecdsa_sig_t s; - secp256k1_ge_t q; secp256k1_scalar_set_b32(&m, msg32, NULL); if (!secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen)) { @@ -63,10 +63,11 @@ end: } static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) { - (void)data; secp256k1_rfc6979_hmac_sha256_t rng; + unsigned int i; + (void)data; secp256k1_rfc6979_hmac_sha256_initialize(&rng, key32, 32, msg32, 32); - for (unsigned int i = 0; i <= counter; i++) { + for (i = 0; i <= counter; i++) { secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); } secp256k1_rfc6979_hmac_sha256_finalize(&rng); @@ -77,6 +78,11 @@ const secp256k1_nonce_function_t secp256k1_nonce_function_rfc6979 = nonce_functi const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979; int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, int *signaturelen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) { + secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t sec, non, msg; + int ret = 0; + int overflow = 0; + unsigned int count = 0; DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL); DEBUG_CHECK(msg32 != NULL); DEBUG_CHECK(signature != NULL); @@ -86,13 +92,8 @@ int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, i noncefp = secp256k1_nonce_function_default; } - secp256k1_scalar_t sec, non, msg; secp256k1_scalar_set_b32(&sec, seckey, NULL); secp256k1_scalar_set_b32(&msg, msg32, NULL); - int overflow = 0; - int ret = 0; - unsigned int count = 0; - secp256k1_ecdsa_sig_t sig; while (1) { unsigned char nonce32[32]; ret = noncefp(nonce32, msg32, seckey, count, noncedata); @@ -118,6 +119,11 @@ int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, i } int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig64, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata, int *recid) { + secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t sec, non, msg; + int ret = 0; + int overflow = 0; + unsigned int count = 0; DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL); DEBUG_CHECK(msg32 != NULL); DEBUG_CHECK(sig64 != NULL); @@ -126,13 +132,8 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig6 noncefp = secp256k1_nonce_function_default; } - secp256k1_scalar_t sec, non, msg; secp256k1_scalar_set_b32(&sec, seckey, NULL); secp256k1_scalar_set_b32(&msg, msg32, NULL); - int overflow = 0; - int ret = 0; - unsigned int count = 0; - secp256k1_ecdsa_sig_t sig; while (1) { unsigned char nonce32[32]; ret = noncefp(nonce32, msg32, seckey, count, noncedata); @@ -159,6 +160,11 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig6 } int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) { + secp256k1_ge_t q; + secp256k1_ecdsa_sig_t sig; + secp256k1_scalar_t m; + int ret = 0; + int overflow = 0; DEBUG_CHECK(secp256k1_ecmult_consts != NULL); DEBUG_CHECK(msg32 != NULL); DEBUG_CHECK(sig64 != NULL); @@ -166,10 +172,6 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c DEBUG_CHECK(pubkeylen != NULL); DEBUG_CHECK(recid >= 0 && recid <= 3); - int ret = 0; - secp256k1_scalar_t m; - secp256k1_ecdsa_sig_t sig; - int overflow = 0; secp256k1_scalar_set_b32(&sig.r, sig64, &overflow); if (overflow) { return 0; @@ -180,7 +182,6 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c } secp256k1_scalar_set_b32(&m, msg32, NULL); - secp256k1_ge_t q; if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) { ret = secp256k1_eckey_pubkey_serialize(&q, pubkey, pubkeylen, compressed); } @@ -188,60 +189,62 @@ int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned c } int secp256k1_ec_seckey_verify(const unsigned char *seckey) { + secp256k1_scalar_t sec; + int ret; + int overflow; DEBUG_CHECK(seckey != NULL); - secp256k1_scalar_t sec; - int overflow; secp256k1_scalar_set_b32(&sec, seckey, &overflow); - int ret = !secp256k1_scalar_is_zero(&sec) && !overflow; + ret = !secp256k1_scalar_is_zero(&sec) && !overflow; secp256k1_scalar_clear(&sec); return ret; } int secp256k1_ec_pubkey_verify(const unsigned char *pubkey, int pubkeylen) { + secp256k1_ge_t q; DEBUG_CHECK(pubkey != NULL); - secp256k1_ge_t q; return secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen); } int secp256k1_ec_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) { + secp256k1_gej_t pj; + secp256k1_ge_t p; + secp256k1_scalar_t sec; DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL); DEBUG_CHECK(pubkey != NULL); DEBUG_CHECK(pubkeylen != NULL); DEBUG_CHECK(seckey != NULL); - secp256k1_scalar_t sec; secp256k1_scalar_set_b32(&sec, seckey, NULL); - secp256k1_gej_t pj; secp256k1_ecmult_gen(&pj, &sec); secp256k1_scalar_clear(&sec); - secp256k1_ge_t p; secp256k1_ge_set_gej(&p, &pj); return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, compressed); } int secp256k1_ec_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) { + secp256k1_ge_t p; DEBUG_CHECK(pubkey != NULL); DEBUG_CHECK(pubkeylen != NULL); - secp256k1_ge_t p; if (!secp256k1_eckey_pubkey_parse(&p, pubkey, *pubkeylen)) return 0; return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, 0); } int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar_t term; + secp256k1_scalar_t sec; + int ret; + int overflow = 0; DEBUG_CHECK(seckey != NULL); DEBUG_CHECK(tweak != NULL); - secp256k1_scalar_t term; - int overflow = 0; secp256k1_scalar_set_b32(&term, tweak, &overflow); - secp256k1_scalar_t sec; secp256k1_scalar_set_b32(&sec, seckey, NULL); - int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow; + ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow; if (ret) { secp256k1_scalar_get_b32(seckey, &sec); } @@ -252,18 +255,19 @@ int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *t } int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) { + secp256k1_ge_t p; + secp256k1_scalar_t term; + int ret; + int overflow = 0; DEBUG_CHECK(secp256k1_ecmult_consts != NULL); DEBUG_CHECK(pubkey != NULL); DEBUG_CHECK(tweak != NULL); - secp256k1_scalar_t term; - int overflow = 0; secp256k1_scalar_set_b32(&term, tweak, &overflow); if (overflow) { return 0; } - secp256k1_ge_t p; - int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen); + ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen); if (ret) { ret = secp256k1_eckey_pubkey_tweak_add(&p, &term); } @@ -277,15 +281,16 @@ int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const un } int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *tweak) { + secp256k1_scalar_t factor; + secp256k1_scalar_t sec; + int ret; + int overflow = 0; DEBUG_CHECK(seckey != NULL); DEBUG_CHECK(tweak != NULL); - secp256k1_scalar_t factor; - int overflow = 0; secp256k1_scalar_set_b32(&factor, tweak, &overflow); - secp256k1_scalar_t sec; secp256k1_scalar_set_b32(&sec, seckey, NULL); - int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow; + ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow; if (ret) { secp256k1_scalar_get_b32(seckey, &sec); } @@ -296,18 +301,19 @@ int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *t } int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) { + secp256k1_ge_t p; + secp256k1_scalar_t factor; + int ret; + int overflow = 0; DEBUG_CHECK(secp256k1_ecmult_consts != NULL); DEBUG_CHECK(pubkey != NULL); DEBUG_CHECK(tweak != NULL); - secp256k1_scalar_t factor; - int overflow = 0; secp256k1_scalar_set_b32(&factor, tweak, &overflow); if (overflow) { return 0; } - secp256k1_ge_t p; - int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen); + ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen); if (ret) { ret = secp256k1_eckey_pubkey_tweak_mul(&p, &factor); } @@ -321,23 +327,25 @@ int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const un } int secp256k1_ec_privkey_export(const unsigned char *seckey, unsigned char *privkey, int *privkeylen, int compressed) { + secp256k1_scalar_t key; + int ret; DEBUG_CHECK(seckey != NULL); DEBUG_CHECK(privkey != NULL); DEBUG_CHECK(privkeylen != NULL); - secp256k1_scalar_t key; secp256k1_scalar_set_b32(&key, seckey, NULL); - int ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed); + ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed); secp256k1_scalar_clear(&key); return ret; } int secp256k1_ec_privkey_import(unsigned char *seckey, const unsigned char *privkey, int privkeylen) { + secp256k1_scalar_t key; + int ret; DEBUG_CHECK(seckey != NULL); DEBUG_CHECK(privkey != NULL); - secp256k1_scalar_t key; - int ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen); + ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen); if (ret) secp256k1_scalar_get_b32(seckey, &key); secp256k1_scalar_clear(&key); diff --git a/src/tests.c b/src/tests.c index ad7c915242..32bb73aa6a 100644 --- a/src/tests.c +++ b/src/tests.c @@ -1741,7 +1741,7 @@ int main(int argc, char **argv) { /* find random seed */ if (argc > 2) { - seed = strtoull(argv[2], NULL, 0); + sscanf(argv[2], "%" I64uFORMAT, (unsigned long long*)&seed); } else { FILE *frand = fopen("/dev/urandom", "r"); if (!frand || !fread(&seed, sizeof(seed), 1, frand)) { @@ -1752,7 +1752,7 @@ int main(int argc, char **argv) { secp256k1_rand_seed(seed); printf("test count = %i\n", count); - printf("random seed = %llu\n", (unsigned long long)seed); + printf("random seed = %" I64uFORMAT "\n", (unsigned long long)seed); /* initialize */ secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY); diff --git a/src/util.h b/src/util.h index ea4893c0be..ae98639f7c 100644 --- a/src/util.h +++ b/src/util.h @@ -84,8 +84,21 @@ static SECP256K1_INLINE void *checked_malloc(size_t size) { # endif #endif +#if defined(_WIN32) +# define I64FORMAT "I64d" +# define I64uFORMAT "I64u" +#else +# define I64FORMAT "lld" +# define I64uFORMAT "llu" +#endif + #if defined(HAVE___INT128) -typedef unsigned __int128 uint128_t; +# if defined(__GNUC__) +# define SECP256K1_GNUC_EXT __extension__ +# else +# define SECP256K1_GNUC_EXT +# endif +SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; #endif #endif