main_impl.h File Reference

#include "../../../include/secp256k1.h"
#include "../../../include/secp256k1_extrakeys.h"

Include dependency graph for main_impl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	secp256k1_xonly_pubkey_parse (const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32)
int	secp256k1_xonly_pubkey_serialize (const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey)
int	secp256k1_xonly_pubkey_cmp (const secp256k1_context *ctx, const secp256k1_xonly_pubkey *pk0, const secp256k1_xonly_pubkey *pk1)
int	secp256k1_xonly_pubkey_from_pubkey (const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey)
int	secp256k1_xonly_pubkey_tweak_add (const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32)
int	secp256k1_xonly_pubkey_tweak_add_check (const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32)
int	secp256k1_keypair_create (const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey32)
int	secp256k1_keypair_sec (const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair)
int	secp256k1_keypair_pub (const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair)
int	secp256k1_keypair_xonly_pub (const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, int *pk_parity, const secp256k1_keypair *keypair)
int	secp256k1_keypair_xonly_tweak_add (const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32)

Function Documentation

secp256k1_keypair_create()

int secp256k1_keypair_create	(	const secp256k1_context *	ctx,
		secp256k1_keypair *	keypair,
		const unsigned char *	seckey )

Compute the keypair for a secret key.

Returns: 1: secret was valid, keypair is ready to use 0: secret was invalid, try again with a different secret Args: ctx: pointer to a context object, initialized for signing. Out: keypair: pointer to the created keypair. In: seckey: pointer to a 32-byte secret key.

Definition at line 195 of file main_impl.h.

                                                                                                                      {
    secp256k1_scalar sk;
    secp256k1_ge pk;
    int ret = 0;
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(keypair != NULL);
    memset(keypair, 0, sizeof(*keypair));
    ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
    ARG_CHECK(seckey32 != NULL);
 
    ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32);
    secp256k1_keypair_save(keypair, &sk, &pk);
    secp256k1_memczero(keypair, sizeof(*keypair), !ret);
 
    secp256k1_scalar_clear(&sk);
    return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_keypair_pub()

int secp256k1_keypair_pub	(	const secp256k1_context *	ctx,
		secp256k1_pubkey *	pubkey,
		const secp256k1_keypair *	keypair )

Get the public key from a keypair.

Returns: 1 always. Args: ctx: pointer to a context object. Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to the keypair public key. If not, it's set to an invalid value. In: keypair: pointer to a keypair.

Definition at line 223 of file main_impl.h.

                                                                                                                    {
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(pubkey != NULL);
    memset(pubkey, 0, sizeof(*pubkey));
    ARG_CHECK(keypair != NULL);
 
    memcpy(pubkey->data, &keypair->data[32], sizeof(*pubkey));
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_keypair_sec()

int secp256k1_keypair_sec	(	const secp256k1_context *	ctx,
		unsigned char *	seckey,
		const secp256k1_keypair *	keypair )

Get the secret key from a keypair.

Returns: 1 always. Args: ctx: pointer to a context object. Out: seckey: pointer to a 32-byte buffer for the secret key. In: keypair: pointer to a keypair.

Definition at line 213 of file main_impl.h.

                                                                                                                 {
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(seckey != NULL);
    memset(seckey, 0, 32);
    ARG_CHECK(keypair != NULL);
 
    memcpy(seckey, &keypair->data[0], 32);
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_keypair_xonly_pub()

int secp256k1_keypair_xonly_pub	(	const secp256k1_context *	ctx,
		secp256k1_xonly_pubkey *	pubkey,
		int *	pk_parity,
		const secp256k1_keypair *	keypair )

Get the x-only public key from a keypair.

This is the same as calling secp256k1_keypair_pub and then secp256k1_xonly_pubkey_from_pubkey.

Returns: 1 always. Args: ctx: pointer to a context object. Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set to the keypair public key after converting it to an xonly_pubkey. If not, it's set to an invalid value. pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the pk_parity argument of secp256k1_xonly_pubkey_from_pubkey. In: keypair: pointer to a keypair.

Definition at line 233 of file main_impl.h.

                                                                                                                                                {
    secp256k1_ge pk;
    int tmp;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(pubkey != NULL);
    memset(pubkey, 0, sizeof(*pubkey));
    ARG_CHECK(keypair != NULL);
 
    if (!secp256k1_keypair_load(ctx, NULL, &pk, keypair)) {
        return 0;
    }
    tmp = secp256k1_extrakeys_ge_even_y(&pk);
    if (pk_parity != NULL) {
        *pk_parity = tmp;
    }
    secp256k1_xonly_pubkey_save(pubkey, &pk);
 
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_keypair_xonly_tweak_add()

int secp256k1_keypair_xonly_tweak_add	(	const secp256k1_context *	ctx,
		secp256k1_keypair *	keypair,
		const unsigned char *	tweak32 )

Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.

Calling this function and then secp256k1_keypair_pub results in the same public key as calling secp256k1_keypair_xonly_pub and then secp256k1_xonly_pubkey_tweak_add.

Returns: 0 if the arguments are invalid or the resulting keypair would be invalid (only when the tweak is the negation of the keypair's secret key). 1 otherwise.

Args: ctx: pointer to a context object initialized for verification. In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to an invalid value if this function returns 0. In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to secp256k1_ec_seckey_verify, this function returns 0. For uniformly random 32-byte arrays the chance of being invalid is negligible (around 1 in 2^128).

Definition at line 254 of file main_impl.h.

                                                                                                                              {
    secp256k1_ge pk;
    secp256k1_scalar sk;
    int y_parity;
    int ret;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(keypair != NULL);
    ARG_CHECK(tweak32 != NULL);
 
    ret = secp256k1_keypair_load(ctx, &sk, &pk, keypair);
    memset(keypair, 0, sizeof(*keypair));
 
    y_parity = secp256k1_extrakeys_ge_even_y(&pk);
    if (y_parity == 1) {
        secp256k1_scalar_negate(&sk, &sk);
    }
 
    ret &= secp256k1_ec_seckey_tweak_add_helper(&sk, tweak32);
    ret &= secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32);
 
    secp256k1_declassify(ctx, &ret, sizeof(ret));
    if (ret) {
        secp256k1_keypair_save(keypair, &sk, &pk);
    }
 
    secp256k1_scalar_clear(&sk);
    return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_xonly_pubkey_cmp()

int secp256k1_xonly_pubkey_cmp	(	const secp256k1_context *	ctx,
		const secp256k1_xonly_pubkey *	pk1,
		const secp256k1_xonly_pubkey *	pk2 )

Compare two x-only public keys using lexicographic order

Returns: <0 if the first public key is less than the second >0 if the first public key is greater than the second 0 if the two public keys are equal Args: ctx: a secp256k1 context object. In: pubkey1: first public key to compare pubkey2: second public key to compare

Definition at line 58 of file main_impl.h.

                                                                                                                                   {
    unsigned char out[2][32];
    const secp256k1_xonly_pubkey* pk[2];
    int i;
 
    VERIFY_CHECK(ctx != NULL);
    pk[0] = pk0; pk[1] = pk1;
    for (i = 0; i < 2; i++) {
        /* If the public key is NULL or invalid, xonly_pubkey_serialize will
         * call the illegal_callback and return 0. In that case we will
         * serialize the key as all zeros which is less than any valid public
         * key. This results in consistent comparisons even if NULL or invalid
         * pubkeys are involved and prevents edge cases such as sorting
         * algorithms that use this function and do not terminate as a
         * result. */
        if (!secp256k1_xonly_pubkey_serialize(ctx, out[i], pk[i])) {
            /* Note that xonly_pubkey_serialize should already set the output to
             * zero in that case, but it's not guaranteed by the API, we can't
             * test it and writing a VERIFY_CHECK is more complex than
             * explicitly memsetting (again). */
            memset(out[i], 0, sizeof(out[i]));
        }
    }
    return secp256k1_memcmp_var(out[0], out[1], sizeof(out[1]));
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_xonly_pubkey_from_pubkey()

int secp256k1_xonly_pubkey_from_pubkey	(	const secp256k1_context *	ctx,
		secp256k1_xonly_pubkey *	xonly_pubkey,
		int *	pk_parity,
		const secp256k1_pubkey *	pubkey )

Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.

Returns: 1 always.

Args: ctx: pointer to a context object. Out: xonly_pubkey: pointer to an x-only public key object for placing the converted public key. pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to 1 if the point encoded by xonly_pubkey is the negation of the pubkey and set to 0 otherwise. In: pubkey: pointer to a public key that is converted.

Definition at line 98 of file main_impl.h.

                                                                                                                                                           {
    secp256k1_ge pk;
    int tmp;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(xonly_pubkey != NULL);
    ARG_CHECK(pubkey != NULL);
 
    if (!secp256k1_pubkey_load(ctx, &pk, pubkey)) {
        return 0;
    }
    tmp = secp256k1_extrakeys_ge_even_y(&pk);
    if (pk_parity != NULL) {
        *pk_parity = tmp;
    }
    secp256k1_xonly_pubkey_save(xonly_pubkey, &pk);
    return 1;
}

Here is the caller graph for this function:

secp256k1_xonly_pubkey_parse()

int secp256k1_xonly_pubkey_parse	(	const secp256k1_context *	ctx,
		secp256k1_xonly_pubkey *	pubkey,
		const unsigned char *	input32 )

Parse a 32-byte sequence into a xonly_pubkey object.

Returns: 1 if the public key was fully valid. 0 if the public key could not be parsed or is invalid.

Args: ctx: a secp256k1 context object. Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a parsed version of input. If not, it's set to an invalid value. In: input32: pointer to a serialized xonly_pubkey.

Definition at line 21 of file main_impl.h.

                                                                                                                             {
    secp256k1_ge pk;
    secp256k1_fe x;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(pubkey != NULL);
    memset(pubkey, 0, sizeof(*pubkey));
    ARG_CHECK(input32 != NULL);
 
    if (!secp256k1_fe_set_b32(&x, input32)) {
        return 0;
    }
    if (!secp256k1_ge_set_xo_var(&pk, &x, 0)) {
        return 0;
    }
    if (!secp256k1_ge_is_in_correct_subgroup(&pk)) {
        return 0;
    }
    secp256k1_xonly_pubkey_save(pubkey, &pk);
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_xonly_pubkey_serialize()

int secp256k1_xonly_pubkey_serialize	(	const secp256k1_context *	ctx,
		unsigned char *	output32,
		const secp256k1_xonly_pubkey *	pubkey )

Serialize an xonly_pubkey object into a 32-byte sequence.

Returns: 1 always.

Args: ctx: a secp256k1 context object. Out: output32: a pointer to a 32-byte array to place the serialized key in. In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an initialized public key.

Definition at line 43 of file main_impl.h.

                                                                                                                                  {
    secp256k1_ge pk;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(output32 != NULL);
    memset(output32, 0, 32);
    ARG_CHECK(pubkey != NULL);
 
    if (!secp256k1_xonly_pubkey_load(ctx, &pk, pubkey)) {
        return 0;
    }
    secp256k1_fe_get_b32(output32, &pk.x);
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_xonly_pubkey_tweak_add()

int secp256k1_xonly_pubkey_tweak_add	(	const secp256k1_context *	ctx,
		secp256k1_pubkey *	output_pubkey,
		const secp256k1_xonly_pubkey *	internal_pubkey,
		const unsigned char *	tweak32 )

Tweak an x-only public key by adding the generator multiplied with tweak32 to it.

Note that the resulting point can not in general be represented by an x-only pubkey because it may have an odd Y coordinate. Instead, the output_pubkey is a normal secp256k1_pubkey.

Returns: 0 if the arguments are invalid or the resulting public key would be invalid (only when the tweak is the negation of the corresponding secret key). 1 otherwise.

Args: ctx: pointer to a context object initialized for verification. Out: output_pubkey: pointer to a public key to store the result. Will be set to an invalid value if this function returns 0. In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to. tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to secp256k1_ec_seckey_verify, this function returns 0. For uniformly random 32-byte arrays the chance of being invalid is negligible (around 1 in 2^128).

Definition at line 117 of file main_impl.h.

                                                                                                                                                                                 {
    secp256k1_ge pk;
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(output_pubkey != NULL);
    memset(output_pubkey, 0, sizeof(*output_pubkey));
    ARG_CHECK(internal_pubkey != NULL);
    ARG_CHECK(tweak32 != NULL);
 
    if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey)
        || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) {
        return 0;
    }
    secp256k1_pubkey_save(output_pubkey, &pk);
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_xonly_pubkey_tweak_add_check()

int secp256k1_xonly_pubkey_tweak_add_check	(	const secp256k1_context *	ctx,
		const unsigned char *	tweaked_pubkey32,
		int	tweaked_pk_parity,
		const secp256k1_xonly_pubkey *	internal_pubkey,
		const unsigned char *	tweak32 )

Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.

The tweaked pubkey is represented by its 32-byte x-only serialization and its pk_parity, which can both be obtained by converting the result of tweak_add to a secp256k1_xonly_pubkey.

Note that this alone does not verify that the tweaked pubkey is a commitment. If the tweak is not chosen in a specific way, the tweaked pubkey can easily be the result of a different internal_pubkey and tweak.

Returns: 0 if the arguments are invalid or the tweaked pubkey is not the result of tweaking the internal_pubkey with tweak32. 1 otherwise. Args: ctx: pointer to a context object initialized for verification. In: tweaked_pubkey32: pointer to a serialized xonly_pubkey. tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization is passed in as tweaked_pubkey32). This must match the pk_parity value that is returned when calling secp256k1_xonly_pubkey with the tweaked pubkey, or this function will fail. internal_pubkey: pointer to an x-only public key object to apply the tweak to. tweak32: pointer to a 32-byte tweak.

Definition at line 134 of file main_impl.h.

                                                                                                                                                                                                                    {
    secp256k1_ge pk;
    unsigned char pk_expected32[32];
 
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(internal_pubkey != NULL);
    ARG_CHECK(tweaked_pubkey32 != NULL);
    ARG_CHECK(tweak32 != NULL);
 
    if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey)
        || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) {
        return 0;
    }
    secp256k1_fe_normalize_var(&pk.x);
    secp256k1_fe_normalize_var(&pk.y);
    secp256k1_fe_get_b32(pk_expected32, &pk.x);
 
    return secp256k1_memcmp_var(&pk_expected32, tweaked_pubkey32, 32) == 0
            && secp256k1_fe_is_odd(&pk.y) == tweaked_pk_parity;
}

Here is the caller graph for this function: