Bitcoin Core  27.99.0
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1 #ifndef SECP256K1_H
2 #define SECP256K1_H
3 
4 #ifdef __cplusplus
5 extern "C" {
6 #endif
7 
8 #include <stddef.h>
9 
51 
64 
74 typedef struct {
75  unsigned char data[64];
77 
87 typedef struct {
88  unsigned char data[64];
90 
108  unsigned char *nonce32,
109  const unsigned char *msg32,
110  const unsigned char *key32,
111  const unsigned char *algo16,
112  void *data,
113  unsigned int attempt
114 );
115 
116 # if !defined(SECP256K1_GNUC_PREREQ)
117 # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
118 # define SECP256K1_GNUC_PREREQ(_maj,_min) \
119  ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
120 # else
121 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
122 # endif
123 # endif
124 
125 /* When this header is used at build-time the SECP256K1_BUILD define needs to be set
126  * to correctly setup export attributes and nullness checks. This is normally done
127  * by secp256k1.c but to guard against this header being included before secp256k1.c
128  * has had a chance to set the define (e.g. via test harnesses that just includes
129  * secp256k1.c) we set SECP256K1_NO_BUILD when this header is processed without the
130  * BUILD define so this condition can be caught.
131  */
132 #ifndef SECP256K1_BUILD
133 # define SECP256K1_NO_BUILD
134 #endif
135 
136 /* Symbol visibility. */
137 #if defined(_WIN32)
138  /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax
139  * for MSVC compatibility. A __declspec declaration implies (but is not
140  * exactly equivalent to) __attribute__ ((visibility("default"))), and so we
141  * actually want __declspec even on GCC, see "Microsoft Windows Function
142  * Attributes" in the GCC manual and the recommendations in
143  * https://gcc.gnu.org/wiki/Visibility. */
144 # if defined(SECP256K1_BUILD)
145 # if defined(DLL_EXPORT) || defined(SECP256K1_DLL_EXPORT)
146  /* Building libsecp256k1 as a DLL.
147  * 1. If using Libtool, it defines DLL_EXPORT automatically.
148  * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */
149 # define SECP256K1_API extern __declspec (dllexport)
150 # endif
151  /* The user must define SECP256K1_STATIC when consuming libsecp256k1 as a static
152  * library on Windows. */
153 # elif !defined(SECP256K1_STATIC)
154  /* Consuming libsecp256k1 as a DLL. */
155 # define SECP256K1_API extern __declspec (dllimport)
156 # endif
157 #endif
158 #ifndef SECP256K1_API
159 # if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
160  /* Building libsecp256k1 on non-Windows using GCC or compatible. */
161 # define SECP256K1_API extern __attribute__ ((visibility ("default")))
162 # else
163  /* All cases not captured above. */
164 # define SECP256K1_API extern
165 # endif
166 #endif
167 
168 /* Warning attributes
169  * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out
170  * some paranoid null checks. */
171 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
172 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
173 # else
174 # define SECP256K1_WARN_UNUSED_RESULT
175 # endif
176 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
177 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
178 # else
179 # define SECP256K1_ARG_NONNULL(_x)
180 # endif
181 
182 /* Attribute for marking functions, types, and variables as deprecated */
183 #if !defined(SECP256K1_BUILD) && defined(__has_attribute)
184 # if __has_attribute(__deprecated__)
185 # define SECP256K1_DEPRECATED(_msg) __attribute__ ((__deprecated__(_msg)))
186 # else
187 # define SECP256K1_DEPRECATED(_msg)
188 # endif
189 #else
190 # define SECP256K1_DEPRECATED(_msg)
191 #endif
192 
193 /* All flags' lower 8 bits indicate what they're for. Do not use directly. */
194 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
195 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
196 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
197 /* The higher bits contain the actual data. Do not use directly. */
198 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
199 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
200 #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
201 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
202 
205 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
206 
208 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
209 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
210 
211 /* Testing flag. Do not use. */
212 #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
213 
215 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
216 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
217 
219 #define SECP256K1_TAG_PUBKEY_EVEN 0x02
220 #define SECP256K1_TAG_PUBKEY_ODD 0x03
221 #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
222 #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
223 #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
224 
237 
240 SECP256K1_DEPRECATED("Use secp256k1_context_static instead");
241 
259 
260 
287  unsigned int flags
289 
303  const secp256k1_context *ctx
305 
321  secp256k1_context *ctx
323 
362  secp256k1_context *ctx,
363  void (*fun)(const char *message, void *data),
364  const void *data
366 
390  secp256k1_context *ctx,
391  void (*fun)(const char *message, void *data),
392  const void *data
394 
403  const secp256k1_context *ctx,
404  size_t size
406 
414  const secp256k1_context *ctx,
415  secp256k1_scratch_space *scratch
417 
433  const secp256k1_context *ctx,
434  secp256k1_pubkey *pubkey,
435  const unsigned char *input,
436  size_t inputlen
438 
455  const secp256k1_context *ctx,
456  unsigned char *output,
457  size_t *outputlen,
458  const secp256k1_pubkey *pubkey,
459  unsigned int flags
461 
472  const secp256k1_context *ctx,
473  const secp256k1_pubkey *pubkey1,
474  const secp256k1_pubkey *pubkey2
476 
493  const secp256k1_context *ctx,
495  const unsigned char *input64
497 
514  const secp256k1_context *ctx,
516  const unsigned char *input,
517  size_t inputlen
519 
532  const secp256k1_context *ctx,
533  unsigned char *output,
534  size_t *outputlen,
535  const secp256k1_ecdsa_signature *sig
537 
548  const secp256k1_context *ctx,
549  unsigned char *output64,
550  const secp256k1_ecdsa_signature *sig
552 
579  const secp256k1_context *ctx,
580  const secp256k1_ecdsa_signature *sig,
581  const unsigned char *msghash32,
582  const secp256k1_pubkey *pubkey
584 
627  const secp256k1_context *ctx,
629  const secp256k1_ecdsa_signature *sigin
631 
637 
640 
660  const secp256k1_context *ctx,
662  const unsigned char *msghash32,
663  const unsigned char *seckey,
664  secp256k1_nonce_function noncefp,
665  const void *ndata
667 
681  const secp256k1_context *ctx,
682  const unsigned char *seckey
684 
694  const secp256k1_context *ctx,
695  secp256k1_pubkey *pubkey,
696  const unsigned char *seckey
698 
710  const secp256k1_context *ctx,
711  unsigned char *seckey
713 
717  const secp256k1_context *ctx,
718  unsigned char *seckey
721 
729  const secp256k1_context *ctx,
730  secp256k1_pubkey *pubkey
732 
749  const secp256k1_context *ctx,
750  unsigned char *seckey,
751  const unsigned char *tweak32
753 
757  const secp256k1_context *ctx,
758  unsigned char *seckey,
759  const unsigned char *tweak32
762 
777  const secp256k1_context *ctx,
778  secp256k1_pubkey *pubkey,
779  const unsigned char *tweak32
781 
796  const secp256k1_context *ctx,
797  unsigned char *seckey,
798  const unsigned char *tweak32
800 
804  const secp256k1_context *ctx,
805  unsigned char *seckey,
806  const unsigned char *tweak32
809 
822  const secp256k1_context *ctx,
823  secp256k1_pubkey *pubkey,
824  const unsigned char *tweak32
826 
860  secp256k1_context *ctx,
861  const unsigned char *seed32
863 
874  const secp256k1_context *ctx,
876  const secp256k1_pubkey * const *ins,
877  size_t n
879 
897  const secp256k1_context *ctx,
898  unsigned char *hash32,
899  const unsigned char *tag,
900  size_t taglen,
901  const unsigned char *msg,
902  size_t msglen
904 
905 #ifdef __cplusplus
906 }
907 #endif
908 
909 #endif /* SECP256K1_H */
int flags
Definition: bitcoin-tx.cpp:528
const secp256k1_context * secp256k1_context_no_precomp
Definition: secp256k1.c:74
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:186
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:692
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:179
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:739
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:749
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:602
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.h:639
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:368
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:279
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:210
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
Definition: secp256k1.c:302
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:561
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:198
#define SECP256K1_API
Definition: secp256k1.h:164
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:547
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:261
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:107
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:352
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
Definition: secp256k1.c:85
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:584
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:162
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:140
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
Definition: secp256k1.c:775
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:433
#define SECP256K1_DEPRECATED(_msg)
Definition: secp256k1.h:190
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:414
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
Definition: secp256k1.c:222
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:675
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.h:636
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:389
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:621
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_add instead")
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:664
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
Definition: secp256k1.c:227
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_negate instead")
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:617
#define SECP256K1_WARN_UNUSED_RESULT
Definition: secp256k1.h:174
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:648
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:716
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:401
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:236
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_mul instead")
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
Definition: secp256k1.c:712
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
void * data
actual allocated data
Definition: scratch.h:16