Electroneum
main_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2020 Jonas Nick *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_EXTRAKEYS_MAIN_H
8 #define SECP256K1_MODULE_EXTRAKEYS_MAIN_H
9 
10 #include "../../../include/secp256k1.h"
11 #include "../../../include/secp256k1_extrakeys.h"
12 
13 static SECP256K1_INLINE int secp256k1_xonly_pubkey_load(const secp256k1_context* ctx, secp256k1_ge *ge, const secp256k1_xonly_pubkey *pubkey) {
14  return secp256k1_pubkey_load(ctx, ge, (const secp256k1_pubkey *) pubkey);
15 }
16 
17 static SECP256K1_INLINE void secp256k1_xonly_pubkey_save(secp256k1_xonly_pubkey *pubkey, secp256k1_ge *ge) {
18  secp256k1_pubkey_save((secp256k1_pubkey *) pubkey, ge);
19 }
20 
21 int secp256k1_xonly_pubkey_parse(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) {
22  secp256k1_ge pk;
23  secp256k1_fe x;
24 
25  VERIFY_CHECK(ctx != NULL);
26  ARG_CHECK(pubkey != NULL);
27  memset(pubkey, 0, sizeof(*pubkey));
28  ARG_CHECK(input32 != NULL);
29 
30  if (!secp256k1_fe_set_b32(&x, input32)) {
31  return 0;
32  }
33  if (!secp256k1_ge_set_xo_var(&pk, &x, 0)) {
34  return 0;
35  }
36  if (!secp256k1_ge_is_in_correct_subgroup(&pk)) {
37  return 0;
38  }
39  secp256k1_xonly_pubkey_save(pubkey, &pk);
40  return 1;
41 }
42 
43 int secp256k1_xonly_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) {
44  secp256k1_ge pk;
45 
46  VERIFY_CHECK(ctx != NULL);
47  ARG_CHECK(output32 != NULL);
48  memset(output32, 0, 32);
49  ARG_CHECK(pubkey != NULL);
50 
51  if (!secp256k1_xonly_pubkey_load(ctx, &pk, pubkey)) {
52  return 0;
53  }
54  secp256k1_fe_get_b32(output32, &pk.x);
55  return 1;
56 }
57 
59  unsigned char out[2][32];
60  const secp256k1_xonly_pubkey* pk[2];
61  int i;
62 
63  VERIFY_CHECK(ctx != NULL);
64  pk[0] = pk0; pk[1] = pk1;
65  for (i = 0; i < 2; i++) {
66  /* If the public key is NULL or invalid, xonly_pubkey_serialize will
67  * call the illegal_callback and return 0. In that case we will
68  * serialize the key as all zeros which is less than any valid public
69  * key. This results in consistent comparisons even if NULL or invalid
70  * pubkeys are involved and prevents edge cases such as sorting
71  * algorithms that use this function and do not terminate as a
72  * result. */
73  if (!secp256k1_xonly_pubkey_serialize(ctx, out[i], pk[i])) {
74  /* Note that xonly_pubkey_serialize should already set the output to
75  * zero in that case, but it's not guaranteed by the API, we can't
76  * test it and writing a VERIFY_CHECK is more complex than
77  * explicitly memsetting (again). */
78  memset(out[i], 0, sizeof(out[i]));
79  }
80  }
81  return secp256k1_memcmp_var(out[0], out[1], sizeof(out[1]));
82 }
83 
87 static int secp256k1_extrakeys_ge_even_y(secp256k1_ge *r) {
88  int y_parity = 0;
89  VERIFY_CHECK(!secp256k1_ge_is_infinity(r));
90 
91  if (secp256k1_fe_is_odd(&r->y)) {
92  secp256k1_fe_negate(&r->y, &r->y, 1);
93  y_parity = 1;
94  }
95  return y_parity;
96 }
97 
98 int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context* ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) {
99  secp256k1_ge pk;
100  int tmp;
101 
102  VERIFY_CHECK(ctx != NULL);
103  ARG_CHECK(xonly_pubkey != NULL);
104  ARG_CHECK(pubkey != NULL);
105 
106  if (!secp256k1_pubkey_load(ctx, &pk, pubkey)) {
107  return 0;
108  }
109  tmp = secp256k1_extrakeys_ge_even_y(&pk);
110  if (pk_parity != NULL) {
111  *pk_parity = tmp;
112  }
113  secp256k1_xonly_pubkey_save(xonly_pubkey, &pk);
114  return 1;
115 }
116 
117 int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) {
118  secp256k1_ge pk;
119 
120  VERIFY_CHECK(ctx != NULL);
121  ARG_CHECK(output_pubkey != NULL);
122  memset(output_pubkey, 0, sizeof(*output_pubkey));
123  ARG_CHECK(internal_pubkey != NULL);
124  ARG_CHECK(tweak32 != NULL);
125 
126  if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey)
127  || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) {
128  return 0;
129  }
130  secp256k1_pubkey_save(output_pubkey, &pk);
131  return 1;
132 }
133 
134 int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) {
135  secp256k1_ge pk;
136  unsigned char pk_expected32[32];
137 
138  VERIFY_CHECK(ctx != NULL);
139  ARG_CHECK(internal_pubkey != NULL);
140  ARG_CHECK(tweaked_pubkey32 != NULL);
141  ARG_CHECK(tweak32 != NULL);
142 
143  if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey)
144  || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) {
145  return 0;
146  }
147  secp256k1_fe_normalize_var(&pk.x);
148  secp256k1_fe_normalize_var(&pk.y);
149  secp256k1_fe_get_b32(pk_expected32, &pk.x);
150 
151  return secp256k1_memcmp_var(&pk_expected32, tweaked_pubkey32, 32) == 0
152  && secp256k1_fe_is_odd(&pk.y) == tweaked_pk_parity;
153 }
154 
155 static void secp256k1_keypair_save(secp256k1_keypair *keypair, const secp256k1_scalar *sk, secp256k1_ge *pk) {
156  secp256k1_scalar_get_b32(&keypair->data[0], sk);
157  secp256k1_pubkey_save((secp256k1_pubkey *)&keypair->data[32], pk);
158 }
159 
160 
161 static int secp256k1_keypair_seckey_load(const secp256k1_context* ctx, secp256k1_scalar *sk, const secp256k1_keypair *keypair) {
162  int ret;
163 
164  ret = secp256k1_scalar_set_b32_seckey(sk, &keypair->data[0]);
165  /* We can declassify ret here because sk is only zero if a keypair function
166  * failed (which zeroes the keypair) and its return value is ignored. */
167  secp256k1_declassify(ctx, &ret, sizeof(ret));
168  ARG_CHECK(ret);
169  return ret;
170 }
171 
172 /* Load a keypair into pk and sk (if non-NULL). This function declassifies pk
173  * and ARG_CHECKs that the keypair is not invalid. It always initializes sk and
174  * pk with dummy values. */
175 static int secp256k1_keypair_load(const secp256k1_context* ctx, secp256k1_scalar *sk, secp256k1_ge *pk, const secp256k1_keypair *keypair) {
176  int ret;
177  const secp256k1_pubkey *pubkey = (const secp256k1_pubkey *)&keypair->data[32];
178 
179  /* Need to declassify the pubkey because pubkey_load ARG_CHECKs if it's
180  * invalid. */
181  secp256k1_declassify(ctx, pubkey, sizeof(*pubkey));
182  ret = secp256k1_pubkey_load(ctx, pk, pubkey);
183  if (sk != NULL) {
184  ret = ret && secp256k1_keypair_seckey_load(ctx, sk, keypair);
185  }
186  if (!ret) {
187  *pk = secp256k1_ge_const_g;
188  if (sk != NULL) {
189  *sk = secp256k1_scalar_one;
190  }
191  }
192  return ret;
193 }
194 
195 int secp256k1_keypair_create(const secp256k1_context* ctx, secp256k1_keypair *keypair, const unsigned char *seckey32) {
196  secp256k1_scalar sk;
197  secp256k1_ge pk;
198  int ret = 0;
199  VERIFY_CHECK(ctx != NULL);
200  ARG_CHECK(keypair != NULL);
201  memset(keypair, 0, sizeof(*keypair));
202  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
203  ARG_CHECK(seckey32 != NULL);
204 
205  ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32);
206  secp256k1_keypair_save(keypair, &sk, &pk);
207  secp256k1_memczero(keypair, sizeof(*keypair), !ret);
208 
209  secp256k1_scalar_clear(&sk);
210  return ret;
211 }
212 
213 int secp256k1_keypair_sec(const secp256k1_context* ctx, unsigned char *seckey, const secp256k1_keypair *keypair) {
214  VERIFY_CHECK(ctx != NULL);
215  ARG_CHECK(seckey != NULL);
216  memset(seckey, 0, 32);
217  ARG_CHECK(keypair != NULL);
218 
219  memcpy(seckey, &keypair->data[0], 32);
220  return 1;
221 }
222 
224  VERIFY_CHECK(ctx != NULL);
225  ARG_CHECK(pubkey != NULL);
226  memset(pubkey, 0, sizeof(*pubkey));
227  ARG_CHECK(keypair != NULL);
228 
229  memcpy(pubkey->data, &keypair->data[32], sizeof(*pubkey));
230  return 1;
231 }
232 
234  secp256k1_ge pk;
235  int tmp;
236 
237  VERIFY_CHECK(ctx != NULL);
238  ARG_CHECK(pubkey != NULL);
239  memset(pubkey, 0, sizeof(*pubkey));
240  ARG_CHECK(keypair != NULL);
241 
242  if (!secp256k1_keypair_load(ctx, NULL, &pk, keypair)) {
243  return 0;
244  }
245  tmp = secp256k1_extrakeys_ge_even_y(&pk);
246  if (pk_parity != NULL) {
247  *pk_parity = tmp;
248  }
249  secp256k1_xonly_pubkey_save(pubkey, &pk);
250 
251  return 1;
252 }
253 
254 int secp256k1_keypair_xonly_tweak_add(const secp256k1_context* ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) {
255  secp256k1_ge pk;
256  secp256k1_scalar sk;
257  int y_parity;
258  int ret;
259 
260  VERIFY_CHECK(ctx != NULL);
261  ARG_CHECK(keypair != NULL);
262  ARG_CHECK(tweak32 != NULL);
263 
264  ret = secp256k1_keypair_load(ctx, &sk, &pk, keypair);
265  memset(keypair, 0, sizeof(*keypair));
266 
267  y_parity = secp256k1_extrakeys_ge_even_y(&pk);
268  if (y_parity == 1) {
269  secp256k1_scalar_negate(&sk, &sk);
270  }
271 
272  ret &= secp256k1_ec_seckey_tweak_add_helper(&sk, tweak32);
273  ret &= secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32);
274 
275  secp256k1_declassify(ctx, &ret, sizeof(ret));
276  if (ret) {
277  secp256k1_keypair_save(keypair, &sk, &pk);
278  }
279 
280  secp256k1_scalar_clear(&sk);
281  return ret;
282 }
283 
284 #endif
#define VERIFY_CHECK(cond)
Definition: util.h:96
std::vector< std::string > keypair
int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey)
Definition: main_impl.h:43
int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32)
Definition: main_impl.h:21
int secp256k1_keypair_pub(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair)
Definition: main_impl.h:223
int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey)
Definition: main_impl.h:98
struct secp256k1_context_struct secp256k1_context
Definition: secp256k1.h:50
int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair)
Definition: main_impl.h:213
#define SECP256K1_INLINE
Definition: secp256k1.h:131
int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32)
Definition: main_impl.h:254
secp256k1_fe x
Definition: group.h:17
int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32)
Definition: main_impl.h:117
int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32)
Definition: main_impl.h:134
unsigned char data[64]
Definition: secp256k1.h:75
void * memcpy(void *a, const void *b, size_t c)
int secp256k1_keypair_xonly_pub(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, int *pk_parity, const secp256k1_keypair *keypair)
Definition: main_impl.h:233
int secp256k1_xonly_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_xonly_pubkey *pk0, const secp256k1_xonly_pubkey *pk1)
Definition: main_impl.h:58
secp256k1_fe y
Definition: group.h:18
int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey32)
Definition: main_impl.h:195