update upstream libsecp256k1 to 314a61d72474aa29ff4afba8472553ad91d88e9d
This commit is contained in:
parent
ca08c4f338
commit
4653100b7a
|
@ -179,6 +179,13 @@ typedef int (*secp256k1_nonce_function)(
|
||||||
#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
|
#define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
|
||||||
#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
|
#define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
|
||||||
|
|
||||||
|
/** A simple secp256k1 context object with no precomputed tables. These are useful for
|
||||||
|
* type serialization/parsing functions which require a context object to maintain
|
||||||
|
* API consistency, but currently do not require expensive precomputations or dynamic
|
||||||
|
* allocations.
|
||||||
|
*/
|
||||||
|
SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp;
|
||||||
|
|
||||||
/** Create a secp256k1 context object.
|
/** Create a secp256k1 context object.
|
||||||
*
|
*
|
||||||
* Returns: a newly created context object.
|
* Returns: a newly created context object.
|
||||||
|
|
|
@ -7,21 +7,45 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/** A pointer to a function that applies hash function to a point
|
||||||
|
*
|
||||||
|
* Returns: 1 if a point was successfully hashed. 0 will cause ecdh to fail
|
||||||
|
* Out: output: pointer to an array to be filled by the function
|
||||||
|
* In: x: pointer to a 32-byte x coordinate
|
||||||
|
* y: pointer to a 32-byte y coordinate
|
||||||
|
* data: Arbitrary data pointer that is passed through
|
||||||
|
*/
|
||||||
|
typedef int (*secp256k1_ecdh_hash_function)(
|
||||||
|
unsigned char *output,
|
||||||
|
const unsigned char *x,
|
||||||
|
const unsigned char *y,
|
||||||
|
void *data
|
||||||
|
);
|
||||||
|
|
||||||
|
/** An implementation of SHA256 hash function that applies to compressed public key. */
|
||||||
|
SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256;
|
||||||
|
|
||||||
|
/** A default ecdh hash function (currently equal to secp256k1_ecdh_hash_function_sha256). */
|
||||||
|
SECP256K1_API extern const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default;
|
||||||
|
|
||||||
/** Compute an EC Diffie-Hellman secret in constant time
|
/** Compute an EC Diffie-Hellman secret in constant time
|
||||||
* Returns: 1: exponentiation was successful
|
* Returns: 1: exponentiation was successful
|
||||||
* 0: scalar was invalid (zero or overflow)
|
* 0: scalar was invalid (zero or overflow)
|
||||||
* Args: ctx: pointer to a context object (cannot be NULL)
|
* Args: ctx: pointer to a context object (cannot be NULL)
|
||||||
* Out: result: a 32-byte array which will be populated by an ECDH
|
* Out: output: pointer to an array to be filled by the function
|
||||||
* secret computed from the point and scalar
|
|
||||||
* In: pubkey: a pointer to a secp256k1_pubkey containing an
|
* In: pubkey: a pointer to a secp256k1_pubkey containing an
|
||||||
* initialized public key
|
* initialized public key
|
||||||
* privkey: a 32-byte scalar with which to multiply the point
|
* privkey: a 32-byte scalar with which to multiply the point
|
||||||
|
* hashfp: pointer to a hash function. If NULL, secp256k1_ecdh_hash_function_sha256 is used
|
||||||
|
* data: Arbitrary data pointer that is passed through
|
||||||
*/
|
*/
|
||||||
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(
|
||||||
const secp256k1_context* ctx,
|
const secp256k1_context* ctx,
|
||||||
unsigned char *result,
|
unsigned char *output,
|
||||||
const secp256k1_pubkey *pubkey,
|
const secp256k1_pubkey *pubkey,
|
||||||
const unsigned char *privkey
|
const unsigned char *privkey,
|
||||||
|
secp256k1_ecdh_hash_function hashfp,
|
||||||
|
void *data
|
||||||
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
|
@ -42,7 +42,7 @@ static void bench_ecdh(void* arg) {
|
||||||
bench_ecdh_data *data = (bench_ecdh_data*)arg;
|
bench_ecdh_data *data = (bench_ecdh_data*)arg;
|
||||||
|
|
||||||
for (i = 0; i < 20000; i++) {
|
for (i = 0; i < 20000; i++) {
|
||||||
CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar) == 1);
|
CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -83,7 +83,7 @@ SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1e
|
||||||
|
|
||||||
secp256k1_ecdsa_signature sig[72];
|
secp256k1_ecdsa_signature sig[72];
|
||||||
|
|
||||||
int ret = secp256k1_ecdsa_sign(ctx, sig, data, secKey, NULL, NULL );
|
int ret = secp256k1_ecdsa_sign(ctx, sig, data, secKey, NULL, NULL);
|
||||||
|
|
||||||
unsigned char outputSer[72];
|
unsigned char outputSer[72];
|
||||||
size_t outputLen = 72;
|
size_t outputLen = 72;
|
||||||
|
@ -353,7 +353,9 @@ SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1e
|
||||||
ctx,
|
ctx,
|
||||||
nonce_res,
|
nonce_res,
|
||||||
&pubkey,
|
&pubkey,
|
||||||
secdata
|
secdata,
|
||||||
|
NULL,
|
||||||
|
NULL
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,16 +10,35 @@
|
||||||
#include "include/secp256k1_ecdh.h"
|
#include "include/secp256k1_ecdh.h"
|
||||||
#include "ecmult_const_impl.h"
|
#include "ecmult_const_impl.h"
|
||||||
|
|
||||||
int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar) {
|
static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
|
||||||
|
unsigned char version = (y[31] & 0x01) | 0x02;
|
||||||
|
secp256k1_sha256 sha;
|
||||||
|
(void)data;
|
||||||
|
|
||||||
|
secp256k1_sha256_initialize(&sha);
|
||||||
|
secp256k1_sha256_write(&sha, &version, 1);
|
||||||
|
secp256k1_sha256_write(&sha, x, 32);
|
||||||
|
secp256k1_sha256_finalize(&sha, output);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256;
|
||||||
|
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256;
|
||||||
|
|
||||||
|
int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int overflow = 0;
|
int overflow = 0;
|
||||||
secp256k1_gej res;
|
secp256k1_gej res;
|
||||||
secp256k1_ge pt;
|
secp256k1_ge pt;
|
||||||
secp256k1_scalar s;
|
secp256k1_scalar s;
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
ARG_CHECK(result != NULL);
|
ARG_CHECK(output != NULL);
|
||||||
ARG_CHECK(point != NULL);
|
ARG_CHECK(point != NULL);
|
||||||
ARG_CHECK(scalar != NULL);
|
ARG_CHECK(scalar != NULL);
|
||||||
|
if (hashfp == NULL) {
|
||||||
|
hashfp = secp256k1_ecdh_hash_function_default;
|
||||||
|
}
|
||||||
|
|
||||||
secp256k1_pubkey_load(ctx, &pt, point);
|
secp256k1_pubkey_load(ctx, &pt, point);
|
||||||
secp256k1_scalar_set_b32(&s, scalar, &overflow);
|
secp256k1_scalar_set_b32(&s, scalar, &overflow);
|
||||||
|
@ -27,24 +46,18 @@ int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const se
|
||||||
ret = 0;
|
ret = 0;
|
||||||
} else {
|
} else {
|
||||||
unsigned char x[32];
|
unsigned char x[32];
|
||||||
unsigned char y[1];
|
unsigned char y[32];
|
||||||
secp256k1_sha256 sha;
|
|
||||||
|
|
||||||
secp256k1_ecmult_const(&res, &pt, &s, 256);
|
secp256k1_ecmult_const(&res, &pt, &s, 256);
|
||||||
secp256k1_ge_set_gej(&pt, &res);
|
secp256k1_ge_set_gej(&pt, &res);
|
||||||
/* Compute a hash of the point in compressed form
|
|
||||||
* Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not
|
/* Compute a hash of the point */
|
||||||
* expect its output to be secret and has a timing sidechannel. */
|
|
||||||
secp256k1_fe_normalize(&pt.x);
|
secp256k1_fe_normalize(&pt.x);
|
||||||
secp256k1_fe_normalize(&pt.y);
|
secp256k1_fe_normalize(&pt.y);
|
||||||
secp256k1_fe_get_b32(x, &pt.x);
|
secp256k1_fe_get_b32(x, &pt.x);
|
||||||
y[0] = 0x02 | secp256k1_fe_is_odd(&pt.y);
|
secp256k1_fe_get_b32(y, &pt.y);
|
||||||
|
|
||||||
secp256k1_sha256_initialize(&sha);
|
ret = hashfp(output, x, y, data);
|
||||||
secp256k1_sha256_write(&sha, y, sizeof(y));
|
|
||||||
secp256k1_sha256_write(&sha, x, sizeof(x));
|
|
||||||
secp256k1_sha256_finalize(&sha, result);
|
|
||||||
ret = 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
secp256k1_scalar_clear(&s);
|
secp256k1_scalar_clear(&s);
|
||||||
|
|
|
@ -7,6 +7,23 @@
|
||||||
#ifndef SECP256K1_MODULE_ECDH_TESTS_H
|
#ifndef SECP256K1_MODULE_ECDH_TESTS_H
|
||||||
#define SECP256K1_MODULE_ECDH_TESTS_H
|
#define SECP256K1_MODULE_ECDH_TESTS_H
|
||||||
|
|
||||||
|
int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
|
||||||
|
(void)output;
|
||||||
|
(void)x;
|
||||||
|
(void)y;
|
||||||
|
(void)data;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
|
||||||
|
(void)data;
|
||||||
|
/* Save x and y as uncompressed public key */
|
||||||
|
output[0] = 0x04;
|
||||||
|
memcpy(output + 1, x, 32);
|
||||||
|
memcpy(output + 33, y, 32);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
void test_ecdh_api(void) {
|
void test_ecdh_api(void) {
|
||||||
/* Setup context that just counts errors */
|
/* Setup context that just counts errors */
|
||||||
secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
|
secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
|
||||||
|
@ -21,15 +38,15 @@ void test_ecdh_api(void) {
|
||||||
CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1);
|
CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1);
|
||||||
|
|
||||||
/* Check all NULLs are detected */
|
/* Check all NULLs are detected */
|
||||||
CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
|
CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1);
|
||||||
CHECK(ecount == 0);
|
CHECK(ecount == 0);
|
||||||
CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one) == 0);
|
CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0);
|
||||||
CHECK(ecount == 1);
|
CHECK(ecount == 1);
|
||||||
CHECK(secp256k1_ecdh(tctx, res, NULL, s_one) == 0);
|
CHECK(secp256k1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0);
|
||||||
CHECK(ecount == 2);
|
CHECK(ecount == 2);
|
||||||
CHECK(secp256k1_ecdh(tctx, res, &point, NULL) == 0);
|
CHECK(secp256k1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0);
|
||||||
CHECK(ecount == 3);
|
CHECK(ecount == 3);
|
||||||
CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
|
CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1);
|
||||||
CHECK(ecount == 3);
|
CHECK(ecount == 3);
|
||||||
|
|
||||||
/* Cleanup */
|
/* Cleanup */
|
||||||
|
@ -46,27 +63,34 @@ void test_ecdh_generator_basepoint(void) {
|
||||||
for (i = 0; i < 100; ++i) {
|
for (i = 0; i < 100; ++i) {
|
||||||
secp256k1_sha256 sha;
|
secp256k1_sha256 sha;
|
||||||
unsigned char s_b32[32];
|
unsigned char s_b32[32];
|
||||||
unsigned char output_ecdh[32];
|
unsigned char output_ecdh[65];
|
||||||
unsigned char output_ser[32];
|
unsigned char output_ser[32];
|
||||||
unsigned char point_ser[33];
|
unsigned char point_ser[65];
|
||||||
size_t point_ser_len = sizeof(point_ser);
|
size_t point_ser_len = sizeof(point_ser);
|
||||||
secp256k1_scalar s;
|
secp256k1_scalar s;
|
||||||
|
|
||||||
random_scalar_order(&s);
|
random_scalar_order(&s);
|
||||||
secp256k1_scalar_get_b32(s_b32, &s);
|
secp256k1_scalar_get_b32(s_b32, &s);
|
||||||
|
|
||||||
/* compute using ECDH function */
|
|
||||||
CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1);
|
CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1);
|
||||||
CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32) == 1);
|
|
||||||
/* compute "explicitly" */
|
|
||||||
CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1);
|
CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1);
|
||||||
|
|
||||||
|
/* compute using ECDH function with custom hash function */
|
||||||
|
CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1);
|
||||||
|
/* compute "explicitly" */
|
||||||
|
CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1);
|
||||||
|
/* compare */
|
||||||
|
CHECK(memcmp(output_ecdh, point_ser, 65) == 0);
|
||||||
|
|
||||||
|
/* compute using ECDH function with default hash function */
|
||||||
|
CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1);
|
||||||
|
/* compute "explicitly" */
|
||||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1);
|
CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1);
|
||||||
CHECK(point_ser_len == sizeof(point_ser));
|
|
||||||
secp256k1_sha256_initialize(&sha);
|
secp256k1_sha256_initialize(&sha);
|
||||||
secp256k1_sha256_write(&sha, point_ser, point_ser_len);
|
secp256k1_sha256_write(&sha, point_ser, point_ser_len);
|
||||||
secp256k1_sha256_finalize(&sha, output_ser);
|
secp256k1_sha256_finalize(&sha, output_ser);
|
||||||
/* compare */
|
/* compare */
|
||||||
CHECK(memcmp(output_ecdh, output_ser, sizeof(output_ser)) == 0);
|
CHECK(memcmp(output_ecdh, output_ser, 32) == 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,11 +113,14 @@ void test_bad_scalar(void) {
|
||||||
CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1);
|
CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1);
|
||||||
|
|
||||||
/* Try to multiply it by bad values */
|
/* Try to multiply it by bad values */
|
||||||
CHECK(secp256k1_ecdh(ctx, output, &point, s_zero) == 0);
|
CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0);
|
||||||
CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 0);
|
CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0);
|
||||||
/* ...and a good one */
|
/* ...and a good one */
|
||||||
s_overflow[31] -= 1;
|
s_overflow[31] -= 1;
|
||||||
CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 1);
|
CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1);
|
||||||
|
|
||||||
|
/* Hash function failure results in ecdh failure */
|
||||||
|
CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_ecdh_tests(void) {
|
void run_ecdh_tests(void) {
|
||||||
|
|
|
@ -56,6 +56,14 @@ struct secp256k1_context_struct {
|
||||||
secp256k1_callback error_callback;
|
secp256k1_callback error_callback;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const secp256k1_context secp256k1_context_no_precomp_ = {
|
||||||
|
{ 0 },
|
||||||
|
{ 0 },
|
||||||
|
{ default_illegal_callback_fn, 0 },
|
||||||
|
{ default_error_callback_fn, 0 }
|
||||||
|
};
|
||||||
|
const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_no_precomp_;
|
||||||
|
|
||||||
secp256k1_context* secp256k1_context_create(unsigned int flags) {
|
secp256k1_context* secp256k1_context_create(unsigned int flags) {
|
||||||
secp256k1_context* ret = (secp256k1_context*)checked_malloc(&default_error_callback, sizeof(secp256k1_context));
|
secp256k1_context* ret = (secp256k1_context*)checked_malloc(&default_error_callback, sizeof(secp256k1_context));
|
||||||
ret->illegal_callback = default_illegal_callback;
|
ret->illegal_callback = default_illegal_callback;
|
||||||
|
@ -91,6 +99,7 @@ secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256k1_context_destroy(secp256k1_context* ctx) {
|
void secp256k1_context_destroy(secp256k1_context* ctx) {
|
||||||
|
CHECK(ctx != secp256k1_context_no_precomp);
|
||||||
if (ctx != NULL) {
|
if (ctx != NULL) {
|
||||||
secp256k1_ecmult_context_clear(&ctx->ecmult_ctx);
|
secp256k1_ecmult_context_clear(&ctx->ecmult_ctx);
|
||||||
secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx);
|
secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx);
|
||||||
|
@ -100,6 +109,7 @@ void secp256k1_context_destroy(secp256k1_context* ctx) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) {
|
void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) {
|
||||||
|
CHECK(ctx != secp256k1_context_no_precomp);
|
||||||
if (fun == NULL) {
|
if (fun == NULL) {
|
||||||
fun = default_illegal_callback_fn;
|
fun = default_illegal_callback_fn;
|
||||||
}
|
}
|
||||||
|
@ -108,6 +118,7 @@ void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) {
|
void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) {
|
||||||
|
CHECK(ctx != secp256k1_context_no_precomp);
|
||||||
if (fun == NULL) {
|
if (fun == NULL) {
|
||||||
fun = default_error_callback_fn;
|
fun = default_error_callback_fn;
|
||||||
}
|
}
|
||||||
|
@ -559,6 +570,7 @@ int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey
|
||||||
|
|
||||||
int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) {
|
int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) {
|
||||||
VERIFY_CHECK(ctx != NULL);
|
VERIFY_CHECK(ctx != NULL);
|
||||||
|
CHECK(ctx != secp256k1_context_no_precomp);
|
||||||
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
|
||||||
secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32);
|
secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -3599,6 +3599,7 @@ void run_ec_pubkey_parse_test(void) {
|
||||||
ecount = 0;
|
ecount = 0;
|
||||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1);
|
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1);
|
||||||
|
CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_no_precomp, &pubkey, pubkeyc, 65) == 1);
|
||||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||||
CHECK(ecount == 0);
|
CHECK(ecount == 0);
|
||||||
VG_UNDEF(&ge, sizeof(ge));
|
VG_UNDEF(&ge, sizeof(ge));
|
||||||
|
|
11
src/ecdh.rs
11
src/ecdh.rs
|
@ -16,7 +16,7 @@
|
||||||
//! Support for shared secret computations
|
//! Support for shared secret computations
|
||||||
//!
|
//!
|
||||||
|
|
||||||
use std::ops;
|
use std::{ops, ptr};
|
||||||
|
|
||||||
use super::Secp256k1;
|
use super::Secp256k1;
|
||||||
use key::{SecretKey, PublicKey};
|
use key::{SecretKey, PublicKey};
|
||||||
|
@ -32,7 +32,14 @@ impl SharedSecret {
|
||||||
pub fn new<C>(secp: &Secp256k1<C>, point: &PublicKey, scalar: &SecretKey) -> SharedSecret {
|
pub fn new<C>(secp: &Secp256k1<C>, point: &PublicKey, scalar: &SecretKey) -> SharedSecret {
|
||||||
unsafe {
|
unsafe {
|
||||||
let mut ss = ffi::SharedSecret::blank();
|
let mut ss = ffi::SharedSecret::blank();
|
||||||
let res = ffi::secp256k1_ecdh(secp.ctx, &mut ss, point.as_ptr(), scalar.as_ptr());
|
let res = ffi::secp256k1_ecdh(
|
||||||
|
secp.ctx,
|
||||||
|
&mut ss,
|
||||||
|
point.as_ptr(),
|
||||||
|
scalar.as_ptr(),
|
||||||
|
ffi::secp256k1_ecdh_hash_function_default,
|
||||||
|
ptr::null_mut(),
|
||||||
|
);
|
||||||
debug_assert_eq!(res, 1);
|
debug_assert_eq!(res, 1);
|
||||||
SharedSecret(ss)
|
SharedSecret(ss)
|
||||||
}
|
}
|
||||||
|
|
34
src/ffi.rs
34
src/ffi.rs
|
@ -46,6 +46,14 @@ pub type NonceFn = unsafe extern "C" fn(nonce32: *mut c_uchar,
|
||||||
attempt: c_uint,
|
attempt: c_uint,
|
||||||
data: *const c_void);
|
data: *const c_void);
|
||||||
|
|
||||||
|
/// Hash function to use to post-process an ECDH point to get
|
||||||
|
/// a shared secret.
|
||||||
|
pub type EcdhHashFn = unsafe extern "C" fn(
|
||||||
|
output: *mut c_uchar,
|
||||||
|
x: *const c_uchar,
|
||||||
|
y: *const c_uchar,
|
||||||
|
data: *const c_void,
|
||||||
|
);
|
||||||
|
|
||||||
/// A Secp256k1 context, containing various precomputed values and such
|
/// A Secp256k1 context, containing various precomputed values and such
|
||||||
/// needed to do elliptic curve computations. If you create one of these
|
/// needed to do elliptic curve computations. If you create one of these
|
||||||
|
@ -114,6 +122,9 @@ impl SharedSecret {
|
||||||
|
|
||||||
#[cfg(not(feature = "fuzztarget"))]
|
#[cfg(not(feature = "fuzztarget"))]
|
||||||
extern "C" {
|
extern "C" {
|
||||||
|
/// Default ECDH hash function
|
||||||
|
pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
|
||||||
|
|
||||||
pub static secp256k1_nonce_function_rfc6979: NonceFn;
|
pub static secp256k1_nonce_function_rfc6979: NonceFn;
|
||||||
|
|
||||||
pub static secp256k1_nonce_function_default: NonceFn;
|
pub static secp256k1_nonce_function_default: NonceFn;
|
||||||
|
@ -248,11 +259,14 @@ extern "C" {
|
||||||
n: c_int)
|
n: c_int)
|
||||||
-> c_int;
|
-> c_int;
|
||||||
|
|
||||||
pub fn secp256k1_ecdh(cx: *const Context,
|
pub fn secp256k1_ecdh(
|
||||||
out: *mut SharedSecret,
|
cx: *const Context,
|
||||||
point: *const PublicKey,
|
output: *mut SharedSecret,
|
||||||
scalar: *const c_uchar)
|
pubkey: *const PublicKey,
|
||||||
-> c_int;
|
privkey: *const c_uchar,
|
||||||
|
hashfp: EcdhHashFn,
|
||||||
|
data: *mut c_void,
|
||||||
|
) -> c_int;
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "fuzztarget")]
|
#[cfg(feature = "fuzztarget")]
|
||||||
|
@ -262,6 +276,7 @@ mod fuzz_dummy {
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
|
|
||||||
extern "C" {
|
extern "C" {
|
||||||
|
pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
|
||||||
pub static secp256k1_nonce_function_rfc6979: NonceFn;
|
pub static secp256k1_nonce_function_rfc6979: NonceFn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -618,11 +633,14 @@ mod fuzz_dummy {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Sets out to point[0..16]||scalar[0..16]
|
/// Sets out to point[0..16]||scalar[0..16]
|
||||||
pub unsafe fn secp256k1_ecdh(cx: *const Context,
|
pub unsafe fn secp256k1_ecdh(
|
||||||
|
cx: *const Context,
|
||||||
out: *mut SharedSecret,
|
out: *mut SharedSecret,
|
||||||
point: *const PublicKey,
|
point: *const PublicKey,
|
||||||
scalar: *const c_uchar)
|
scalar: *const c_uchar,
|
||||||
-> c_int {
|
hashfp: EcdhHashFn,
|
||||||
|
data: *mut c_void,
|
||||||
|
) -> c_int {
|
||||||
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
|
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
|
||||||
assert!((*cx).0 as u32 & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
|
assert!((*cx).0 as u32 & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
|
||||||
if secp256k1_ec_seckey_verify(cx, scalar) != 1 { return 0; }
|
if secp256k1_ec_seckey_verify(cx, scalar) != 1 { return 0; }
|
||||||
|
|
Loading…
Reference in New Issue