Bitcoin Core  24.99.0
P2P Digital Currency
secp256k1.h
Go to the documentation of this file.
1 #ifndef SECP256K1_H
2 #define SECP256K1_H
3 
4 #ifdef __cplusplus
5 extern "C" {
6 #endif
7 
8 #include <stddef.h>
9 
10 /* Unless explicitly stated all pointer arguments must not be NULL.
11  *
12  * The following rules specify the order of arguments in API calls:
13  *
14  * 1. Context pointers go first, followed by output arguments, combined
15  * output/input arguments, and finally input-only arguments.
16  * 2. Array lengths always immediately follow the argument whose length
17  * they describe, even if this violates rule 1.
18  * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
19  * later go first. This means: signatures, public nonces, secret nonces,
20  * messages, public keys, secret keys, tweaks.
21  * 4. Arguments that are not data pointers go last, from more complex to less
22  * complex: function pointers, algorithm names, messages, void pointers,
23  * counts, flags, booleans.
24  * 5. Opaque data pointers follow the function pointer they are to be passed to.
25  */
26 
47 
60 
70 typedef struct {
71  unsigned char data[64];
73 
83 typedef struct {
84  unsigned char data[64];
86 
104  unsigned char *nonce32,
105  const unsigned char *msg32,
106  const unsigned char *key32,
107  const unsigned char *algo16,
108  void *data,
109  unsigned int attempt
110 );
111 
112 # if !defined(SECP256K1_GNUC_PREREQ)
113 # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
114 # define SECP256K1_GNUC_PREREQ(_maj,_min) \
115  ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
116 # else
117 # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
118 # endif
119 # endif
120 
121 # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
122 # if SECP256K1_GNUC_PREREQ(2,7)
123 # define SECP256K1_INLINE __inline__
124 # elif (defined(_MSC_VER))
125 # define SECP256K1_INLINE __inline
126 # else
127 # define SECP256K1_INLINE
128 # endif
129 # else
130 # define SECP256K1_INLINE inline
131 # endif
132 
140 #ifndef SECP256K1_BUILD
141 # define SECP256K1_NO_BUILD
142 #endif
143 
148 #ifndef SECP256K1_API
149 # if defined(_WIN32)
150 # if defined(SECP256K1_BUILD) && defined(DLL_EXPORT)
151 # define SECP256K1_API __declspec(dllexport)
152 # else
153 # define SECP256K1_API
154 # endif
155 # elif defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
156 # define SECP256K1_API __attribute__ ((visibility ("default")))
157 # else
158 # define SECP256K1_API
159 # endif
160 #endif
161 
165 # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
166 # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
167 # else
168 # define SECP256K1_WARN_UNUSED_RESULT
169 # endif
170 # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
171 # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
172 # else
173 # define SECP256K1_ARG_NONNULL(_x)
174 # endif
175 
177 #if !defined(SECP256K1_BUILD) && defined(__has_attribute)
178 # if __has_attribute(__deprecated__)
179 # define SECP256K1_DEPRECATED(_msg) __attribute__ ((__deprecated__(_msg)))
180 # else
181 # define SECP256K1_DEPRECATED(_msg)
182 # endif
183 #else
184 # define SECP256K1_DEPRECATED(_msg)
185 #endif
186 
188 #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
189 #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
190 #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
192 #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
193 #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
194 #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
195 #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
196 
199 #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
200 #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
201 #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
202 #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
203 
205 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
206 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
207 
209 #define SECP256K1_TAG_PUBKEY_EVEN 0x02
210 #define SECP256K1_TAG_PUBKEY_ODD 0x03
211 #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
212 #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
213 #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
214 
221 
234  unsigned int flags
236 
247  const secp256k1_context* ctx
249 
266 
306  void (*fun)(const char* message, void* data),
307  const void* data
309 
331  void (*fun)(const char* message, void* data),
332  const void* data
334 
343  const secp256k1_context* ctx,
344  size_t size
346 
354  const secp256k1_context* ctx,
355  secp256k1_scratch_space* scratch
357 
373  const secp256k1_context* ctx,
374  secp256k1_pubkey* pubkey,
375  const unsigned char *input,
376  size_t inputlen
378 
395  const secp256k1_context* ctx,
396  unsigned char *output,
397  size_t *outputlen,
398  const secp256k1_pubkey* pubkey,
399  unsigned int flags
401 
412  const secp256k1_context* ctx,
413  const secp256k1_pubkey* pubkey1,
414  const secp256k1_pubkey* pubkey2
416 
433  const secp256k1_context* ctx,
435  const unsigned char *input64
437 
454  const secp256k1_context* ctx,
456  const unsigned char *input,
457  size_t inputlen
459 
472  const secp256k1_context* ctx,
473  unsigned char *output,
474  size_t *outputlen,
475  const secp256k1_ecdsa_signature* sig
477 
488  const secp256k1_context* ctx,
489  unsigned char *output64,
490  const secp256k1_ecdsa_signature* sig
492 
519  const secp256k1_context* ctx,
520  const secp256k1_ecdsa_signature *sig,
521  const unsigned char *msghash32,
522  const secp256k1_pubkey *pubkey
524 
567  const secp256k1_context* ctx,
569  const secp256k1_ecdsa_signature *sigin
571 
577 
580 
600  const secp256k1_context* ctx,
602  const unsigned char *msghash32,
603  const unsigned char *seckey,
604  secp256k1_nonce_function noncefp,
605  const void *ndata
607 
621  const secp256k1_context* ctx,
622  const unsigned char *seckey
624 
634  const secp256k1_context* ctx,
635  secp256k1_pubkey *pubkey,
636  const unsigned char *seckey
638 
650  const secp256k1_context* ctx,
651  unsigned char *seckey
653 
657  const secp256k1_context* ctx,
658  unsigned char *seckey
661 
669  const secp256k1_context* ctx,
670  secp256k1_pubkey *pubkey
672 
689  const secp256k1_context* ctx,
690  unsigned char *seckey,
691  const unsigned char *tweak32
693 
697  const secp256k1_context* ctx,
698  unsigned char *seckey,
699  const unsigned char *tweak32
702 
717  const secp256k1_context* ctx,
718  secp256k1_pubkey *pubkey,
719  const unsigned char *tweak32
721 
736  const secp256k1_context* ctx,
737  unsigned char *seckey,
738  const unsigned char *tweak32
740 
744  const secp256k1_context* ctx,
745  unsigned char *seckey,
746  const unsigned char *tweak32
749 
762  const secp256k1_context* ctx,
763  secp256k1_pubkey *pubkey,
764  const unsigned char *tweak32
766 
794  const unsigned char *seed32
796 
807  const secp256k1_context* ctx,
808  secp256k1_pubkey *out,
809  const secp256k1_pubkey * const * ins,
810  size_t n
812 
830  const secp256k1_context* ctx,
831  unsigned char *hash32,
832  const unsigned char *tag,
833  size_t taglen,
834  const unsigned char *msg,
835  size_t msglen
837 
838 #ifdef __cplusplus
839 }
840 #endif
841 
842 #endif /* SECP256K1_H */
int flags
Definition: bitcoin-tx.cpp:525
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:146
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:659
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:173
SECP256K1_API const secp256k1_context * secp256k1_context_no_precomp
A simple secp256k1 context object with no precomputed tables.
Definition: secp256k1.c:60
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:706
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
Definition: secp256k1.c:714
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:569
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default
A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979).
Definition: secp256k1.c:456
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:335
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:246
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:162
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
Definition: secp256k1.c:269
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:528
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:153
#define SECP256K1_API
At secp256k1 build-time DLL_EXPORT is defined when building objects destined for a shared library,...
Definition: secp256k1.h:158
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:514
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:228
int(* secp256k1_nonce_function)(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
A pointer to a function to deterministically generate a nonce.
Definition: secp256k1.h:103
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:319
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:551
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:128
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:107
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
Definition: secp256k1.c:740
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:400
#define SECP256K1_DEPRECATED(_msg)
Attribute for marking functions, types, and variables as deprecated.
Definition: secp256k1.h:184
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:381
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
Definition: secp256k1.c:171
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:642
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:455
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:356
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
Definition: secp256k1.c:588
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_add instead")
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:631
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
Definition: secp256k1.c:176
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_negate instead")
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:584
#define SECP256K1_WARN_UNUSED_RESULT
Warning attributes NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out...
Definition: secp256k1.h:168
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:615
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
Definition: secp256k1.c:683
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:368
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_mul instead")
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
Definition: secp256k1.c:679
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
void * data
actual allocated data
Definition: scratch.h:16
static secp256k1_context * ctx
Definition: tests.c:34