aboutsummaryrefslogtreecommitdiff
path: root/src/ecdsa_impl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/ecdsa_impl.h')
-rw-r--r--src/ecdsa_impl.h84
1 files changed, 58 insertions, 26 deletions
diff --git a/src/ecdsa_impl.h b/src/ecdsa_impl.h
index 1a77649390..ed1d228189 100644
--- a/src/ecdsa_impl.h
+++ b/src/ecdsa_impl.h
@@ -53,35 +53,59 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch
int lenr;
int lens;
int overflow;
- if (sig[0] != 0x30) return 0;
+ if (sig[0] != 0x30) {
+ return 0;
+ }
lenr = sig[3];
- if (5+lenr >= size) return 0;
+ if (5+lenr >= size) {
+ return 0;
+ }
lens = sig[lenr+5];
- if (sig[1] != lenr+lens+4) return 0;
- if (lenr+lens+6 > size) return 0;
- if (sig[2] != 0x02) return 0;
- if (lenr == 0) return 0;
- if (sig[lenr+4] != 0x02) return 0;
- if (lens == 0) return 0;
+ if (sig[1] != lenr+lens+4) {
+ return 0;
+ }
+ if (lenr+lens+6 > size) {
+ return 0;
+ }
+ if (sig[2] != 0x02) {
+ return 0;
+ }
+ if (lenr == 0) {
+ return 0;
+ }
+ if (sig[lenr+4] != 0x02) {
+ return 0;
+ }
+ if (lens == 0) {
+ return 0;
+ }
sp = sig + 6 + lenr;
while (lens > 0 && sp[0] == 0) {
lens--;
sp++;
}
- if (lens > 32) return 0;
+ if (lens > 32) {
+ return 0;
+ }
rp = sig + 4;
while (lenr > 0 && rp[0] == 0) {
lenr--;
rp++;
}
- if (lenr > 32) return 0;
+ if (lenr > 32) {
+ return 0;
+ }
memcpy(ra + 32 - lenr, rp, lenr);
memcpy(sa + 32 - lens, sp, lens);
overflow = 0;
secp256k1_scalar_set_b32(&r->r, ra, &overflow);
- if (overflow) return 0;
+ if (overflow) {
+ return 0;
+ }
secp256k1_scalar_set_b32(&r->s, sa, &overflow);
- if (overflow) return 0;
+ if (overflow) {
+ return 0;
+ }
return 1;
}
@@ -93,8 +117,9 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
secp256k1_scalar_get_b32(&s[1], &a->s);
while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; }
while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; }
- if (*size < 6+lenS+lenR)
+ if (*size < 6+lenS+lenR) {
return 0;
+ }
*size = 6 + lenS + lenR;
sig[0] = 0x30;
sig[1] = 4 + lenS + lenR;
@@ -107,21 +132,22 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
return 1;
}
-static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) {
+static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) {
unsigned char c[32];
secp256k1_scalar_t sn, u1, u2;
secp256k1_fe_t xr;
secp256k1_gej_t pubkeyj;
secp256k1_gej_t pr;
- if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s))
+ if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
return 0;
+ }
secp256k1_scalar_inverse_var(&sn, &sig->s);
secp256k1_scalar_mul(&u1, &sn, message);
secp256k1_scalar_mul(&u2, &sn, &sig->r);
secp256k1_gej_set_ge(&pubkeyj, pubkey);
- secp256k1_ecmult(&pr, &pubkeyj, &u2, &u1);
+ secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1);
if (secp256k1_gej_is_infinity(&pr)) {
return 0;
}
@@ -160,7 +186,7 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const se
return 0;
}
-static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) {
+static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) {
unsigned char brx[32];
secp256k1_fe_t fx;
secp256k1_ge_t x;
@@ -168,36 +194,39 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
secp256k1_scalar_t rn, u1, u2;
secp256k1_gej_t qj;
- if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s))
+ if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
return 0;
+ }
secp256k1_scalar_get_b32(brx, &sig->r);
VERIFY_CHECK(secp256k1_fe_set_b32(&fx, brx)); /* brx comes from a scalar, so is less than the order; certainly less than p */
if (recid & 2) {
- if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0)
+ if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) {
return 0;
+ }
secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe);
}
- if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1))
+ if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) {
return 0;
+ }
secp256k1_gej_set_ge(&xj, &x);
secp256k1_scalar_inverse_var(&rn, &sig->r);
secp256k1_scalar_mul(&u1, &rn, message);
secp256k1_scalar_negate(&u1, &u1);
secp256k1_scalar_mul(&u2, &rn, &sig->s);
- secp256k1_ecmult(&qj, &xj, &u2, &u1);
+ secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1);
secp256k1_ge_set_gej_var(pubkey, &qj);
return !secp256k1_gej_is_infinity(&qj);
}
-static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
+static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
unsigned char b[32];
secp256k1_gej_t rp;
secp256k1_ge_t r;
secp256k1_scalar_t n;
int overflow = 0;
- secp256k1_ecmult_gen(&rp, nonce);
+ secp256k1_ecmult_gen(ctx, &rp, nonce);
secp256k1_ge_set_gej(&r, &rp);
secp256k1_fe_normalize(&r.x);
secp256k1_fe_normalize(&r.y);
@@ -209,8 +238,9 @@ static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
secp256k1_ge_clear(&r);
return 0;
}
- if (recid)
+ if (recid) {
*recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
+ }
secp256k1_scalar_mul(&n, &sig->r, seckey);
secp256k1_scalar_add(&n, &n, message);
secp256k1_scalar_inverse(&sig->s, nonce);
@@ -218,12 +248,14 @@ static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
secp256k1_scalar_clear(&n);
secp256k1_gej_clear(&rp);
secp256k1_ge_clear(&r);
- if (secp256k1_scalar_is_zero(&sig->s))
+ if (secp256k1_scalar_is_zero(&sig->s)) {
return 0;
+ }
if (secp256k1_scalar_is_high(&sig->s)) {
secp256k1_scalar_negate(&sig->s, &sig->s);
- if (recid)
+ if (recid) {
*recid ^= 1;
+ }
}
return 1;
}
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-09 15:29:49 +0000