Electroneum
main_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2013-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_RECOVERY_MAIN_H
8 #define SECP256K1_MODULE_RECOVERY_MAIN_H
9 
10 #include "../../../include/secp256k1_recovery.h"
11 
12 static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) {
13  (void)ctx;
14  if (sizeof(secp256k1_scalar) == 32) {
15  /* When the secp256k1_scalar type is exactly 32 byte, use its
16  * representation inside secp256k1_ecdsa_signature, as conversion is very fast.
17  * Note that secp256k1_ecdsa_signature_save must use the same representation. */
18  memcpy(r, &sig->data[0], 32);
19  memcpy(s, &sig->data[32], 32);
20  } else {
21  secp256k1_scalar_set_b32(r, &sig->data[0], NULL);
22  secp256k1_scalar_set_b32(s, &sig->data[32], NULL);
23  }
24  *recid = sig->data[64];
25 }
26 
27 static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) {
28  if (sizeof(secp256k1_scalar) == 32) {
29  memcpy(&sig->data[0], r, 32);
30  memcpy(&sig->data[32], s, 32);
31  } else {
32  secp256k1_scalar_get_b32(&sig->data[0], r);
33  secp256k1_scalar_get_b32(&sig->data[32], s);
34  }
35  sig->data[64] = recid;
36 }
37 
39  secp256k1_scalar r, s;
40  int ret = 1;
41  int overflow = 0;
42 
43  VERIFY_CHECK(ctx != NULL);
44  ARG_CHECK(sig != NULL);
45  ARG_CHECK(input64 != NULL);
46  ARG_CHECK(recid >= 0 && recid <= 3);
47 
48  secp256k1_scalar_set_b32(&r, &input64[0], &overflow);
49  ret &= !overflow;
50  secp256k1_scalar_set_b32(&s, &input64[32], &overflow);
51  ret &= !overflow;
52  if (ret) {
53  secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid);
54  } else {
55  memset(sig, 0, sizeof(*sig));
56  }
57  return ret;
58 }
59 
61  secp256k1_scalar r, s;
62 
63  VERIFY_CHECK(ctx != NULL);
64  ARG_CHECK(output64 != NULL);
65  ARG_CHECK(sig != NULL);
66  ARG_CHECK(recid != NULL);
67 
68  secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig);
69  secp256k1_scalar_get_b32(&output64[0], &r);
70  secp256k1_scalar_get_b32(&output64[32], &s);
71  return 1;
72 }
73 
75  secp256k1_scalar r, s;
76  int recid;
77 
78  VERIFY_CHECK(ctx != NULL);
79  ARG_CHECK(sig != NULL);
80  ARG_CHECK(sigin != NULL);
81 
82  secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin);
83  secp256k1_ecdsa_signature_save(sig, &r, &s);
84  return 1;
85 }
86 
87 static int secp256k1_ecdsa_sig_recover(const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) {
88  unsigned char brx[32];
89  secp256k1_fe fx;
90  secp256k1_ge x;
91  secp256k1_gej xj;
92  secp256k1_scalar rn, u1, u2;
93  secp256k1_gej qj;
94  int r;
95 
96  if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {
97  return 0;
98  }
99 
100  secp256k1_scalar_get_b32(brx, sigr);
101  r = secp256k1_fe_set_b32(&fx, brx);
102  (void)r;
103  VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */
104  if (recid & 2) {
105  if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) {
106  return 0;
107  }
108  secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe);
109  }
110  if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) {
111  return 0;
112  }
113  secp256k1_gej_set_ge(&xj, &x);
114  secp256k1_scalar_inverse_var(&rn, sigr);
115  secp256k1_scalar_mul(&u1, &rn, message);
116  secp256k1_scalar_negate(&u1, &u1);
117  secp256k1_scalar_mul(&u2, &rn, sigs);
118  secp256k1_ecmult(&qj, &xj, &u2, &u1);
119  secp256k1_ge_set_gej_var(pubkey, &qj);
120  return !secp256k1_gej_is_infinity(&qj);
121 }
122 
123 int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {
124  secp256k1_scalar r, s;
125  int ret, recid;
126  VERIFY_CHECK(ctx != NULL);
127  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
128  ARG_CHECK(msghash32 != NULL);
129  ARG_CHECK(signature != NULL);
130  ARG_CHECK(seckey != NULL);
131 
132  ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata);
133  secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid);
134  return ret;
135 }
136 
137 int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) {
138  secp256k1_ge q;
139  secp256k1_scalar r, s;
141  int recid;
142  VERIFY_CHECK(ctx != NULL);
143  ARG_CHECK(msghash32 != NULL);
144  ARG_CHECK(signature != NULL);
145  ARG_CHECK(pubkey != NULL);
146 
147  secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature);
148  VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */
149  secp256k1_scalar_set_b32(&m, msghash32, NULL);
150  if (secp256k1_ecdsa_sig_recover(&r, &s, &q, &m, recid)) {
151  secp256k1_pubkey_save(pubkey, &q);
152  return 1;
153  } else {
154  memset(pubkey, 0, sizeof(*pubkey));
155  return 0;
156  }
157 }
158 
159 #endif /* SECP256K1_MODULE_RECOVERY_MAIN_H */
#define VERIFY_CHECK(cond)
Definition: util.h:96
int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin)
Definition: main_impl.h:74
int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig)
Definition: main_impl.h:60
int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32)
Definition: main_impl.h:137
int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid)
Definition: main_impl.h:38
struct secp256k1_context_struct secp256k1_context
Definition: secp256k1.h:50
std::string message("Message requiring signing")
POD_CLASS signature
Definition: crypto.h:108
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
Definition: secp256k1.h:107
void * memcpy(void *a, const void *b, size_t c)
int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *noncedata)
Definition: main_impl.h:123