wire-sysio/recovery_2main__impl_8h_source.html

/***********************************************************************

 * Copyright (c) 2013-2015 Pieter Wuille                               *

 * Distributed under the MIT software license, see the accompanying    *

 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*

 ***********************************************************************/


#ifndef SECP256K1_MODULE_RECOVERY_MAIN_H

#define SECP256K1_MODULE_RECOVERY_MAIN_H


#include "../../../include/secp256k1_recovery.h"


static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) {

    (void)ctx;

    if (sizeof(secp256k1_scalar) == 32) {

        /* When the secp256k1_scalar type is exactly 32 byte, use its

         * representation inside secp256k1_ecdsa_signature, as conversion is very fast.

         * Note that secp256k1_ecdsa_signature_save must use the same representation. */

        memcpy(r, &sig->data[0], 32);

        memcpy(s, &sig->data[32], 32);

    } else {

        secp256k1_scalar_set_b32(r, &sig->data[0], NULL);

        secp256k1_scalar_set_b32(s, &sig->data[32], NULL);

    }

    *recid = sig->data[64];

}


static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) {

    if (sizeof(secp256k1_scalar) == 32) {

        memcpy(&sig->data[0], r, 32);

        memcpy(&sig->data[32], s, 32);

    } else {

        secp256k1_scalar_get_b32(&sig->data[0], r);

        secp256k1_scalar_get_b32(&sig->data[32], s);

    }

    sig->data[64] = recid;

}


int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) {

    secp256k1_scalar r, s;

    int ret = 1;

    int overflow = 0;


    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(sig != NULL);

    ARG_CHECK(input64 != NULL);

    ARG_CHECK(recid >= 0 && recid <= 3);


    secp256k1_scalar_set_b32(&r, &input64[0], &overflow);

    ret &= !overflow;

    secp256k1_scalar_set_b32(&s, &input64[32], &overflow);

    ret &= !overflow;

    if (ret) {

        secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid);

    } else {

        memset(sig, 0, sizeof(*sig));

    }

    return ret;

}


int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) {

    secp256k1_scalar r, s;


    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(output64 != NULL);

    ARG_CHECK(sig != NULL);

    ARG_CHECK(recid != NULL);


    secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig);

    secp256k1_scalar_get_b32(&output64[0], &r);

    secp256k1_scalar_get_b32(&output64[32], &s);

    return 1;

}


int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const secp256k1_ecdsa_recoverable_signature* sigin) {

    secp256k1_scalar r, s;

    int recid;


    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(sig != NULL);

    ARG_CHECK(sigin != NULL);


    secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin);

    secp256k1_ecdsa_signature_save(sig, &r, &s);

    return 1;

}


static int secp256k1_ecdsa_sig_recover(const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) {

    unsigned char brx[32];

    secp256k1_fe fx;

    secp256k1_ge x;

    secp256k1_gej xj;

    secp256k1_scalar rn, u1, u2;

    secp256k1_gej qj;

    int r;


    if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {

        return 0;

    }


    secp256k1_scalar_get_b32(brx, sigr);

    r = secp256k1_fe_set_b32(&fx, brx);

    (void)r;

    VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */

    if (recid & 2) {

        if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) {

            return 0;

        }

        secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe);

    }

    if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) {

        return 0;

    }

    secp256k1_gej_set_ge(&xj, &x);

    secp256k1_scalar_inverse_var(&rn, sigr);

    secp256k1_scalar_mul(&u1, &rn, message);

    secp256k1_scalar_negate(&u1, &u1);

    secp256k1_scalar_mul(&u2, &rn, sigs);

    secp256k1_ecmult(&qj, &xj, &u2, &u1);

    secp256k1_ge_set_gej_var(pubkey, &qj);

    return !secp256k1_gej_is_infinity(&qj);

}


int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) {

    secp256k1_scalar r, s;

    int ret, recid;

    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));

    ARG_CHECK(msghash32 != NULL);

    ARG_CHECK(signature != NULL);

    ARG_CHECK(seckey != NULL);


    ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata);

    secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid);

    return ret;

}


int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) {

    secp256k1_ge q;

    secp256k1_scalar r, s;

    secp256k1_scalar m;

    int recid;

    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(msghash32 != NULL);

    ARG_CHECK(signature != NULL);

    ARG_CHECK(pubkey != NULL);


    secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature);

    VERIFY_CHECK(recid >= 0 && recid < 4);  /* should have been caught in parse_compact */

    secp256k1_scalar_set_b32(&m, msghash32, NULL);

    if (secp256k1_ecdsa_sig_recover(&r, &s, &q, &m, recid)) {

        secp256k1_pubkey_save(pubkey, &q);

        return 1;

    } else {

        memset(pubkey, 0, sizeof(*pubkey));

        return 0;

    }

}


#endif /* SECP256K1_MODULE_RECOVERY_MAIN_H */

r
const mie::Vuint & r
Definition bn.cpp:28

VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition util.h:95

secp256k1_ecdsa_recoverable_signature_convert
int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin)
Definition main_impl.h:74

secp256k1_ecdsa_recoverable_signature_parse_compact
int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid)
Definition main_impl.h:38

secp256k1_ecdsa_sign_recoverable
int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *noncedata)
Definition main_impl.h:123

secp256k1_ecdsa_recover
int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32)
Definition main_impl.h:137

secp256k1_ecdsa_recoverable_signature_serialize_compact
int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig)
Definition main_impl.h:60

ARG_CHECK
#define ARG_CHECK(cond)
Definition secp256k1.c:34

secp256k1_nonce_function
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
Definition secp256k1.h:103

secp256k1_recovery.h

secp256k1_context_struct
Definition secp256k1.c:47

secp256k1_context_struct::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition secp256k1.c:48

secp256k1_ecdsa_recoverable_signature
Definition secp256k1_recovery.h:24

secp256k1_ecdsa_recoverable_signature::data
unsigned char data[65]
Definition secp256k1_recovery.h:25

secp256k1_ecdsa_signature
Definition secp256k1.h:83

secp256k1_fe
Definition field_10x26.h:12

secp256k1_ge
Definition group.h:16

secp256k1_gej
Definition group.h:28

secp256k1_pubkey
Definition secp256k1.h:70

secp256k1_scalar
Definition scalar_4x64.h:13

ret
CK_RV ret
Definition yubihsm_pkcs11.c:973

overflow
bool overflow
Definition yubihsm_pkcs11.c:467

s
char * s
Definition yubihsm_pkcs11.c:524

pubkey
CK_BYTE_PTR pubkey
Definition yubihsm_pkcs11.c:4984

memset
memset(pInfo->slotDescription, ' ', 64)

memcpy
memcpy((char *) pInfo->slotDescription, s, l)