status-im
/
secp256k1
mirror of https://github.com/status-im/secp256k1.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Final step in converting to C

This commit is contained in:
Pieter Wuille 2013-04-01 07:52:58 +02:00
parent d41e93a5e2
commit eb0be8eec6
23 changed files with 74 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Makefile
View File

@ -1,10 +1,10 @@
FLAGS_COMMON:=-Wall -Wno-unused -fPIC FLAGS_COMMON:=-Wall -Wno-unused -fPIC -std=c99
FLAGS_PROD:=-DNDEBUG -O2 -march=native FLAGS_PROD:=-DNDEBUG -O2 -march=native
FLAGS_DEBUG:=-DVERIFY -ggdb3 -O1 FLAGS_DEBUG:=-DVERIFY -ggdb3 -O1
FLAGS_TEST:=-DVERIFY -ggdb3 -O2 -march=native FLAGS_TEST:=-DVERIFY -ggdb3 -O2 -march=native
SECP256K1_FILES := src/num.h src/field.h src/field_5x52.h src/group.h src/ecmult.h src/ecdsa.h \ SECP256K1_FILES := src/num.h src/field.h src/field_5x52.h src/group.h src/ecmult.h src/ecdsa.h \
src/num.cpp src/field.cpp src/field_5x52.cpp src/group.cpp src/ecmult.cpp src/ecdsa.cpp src/num.c src/field.c src/field_5x52.c src/group.c src/ecmult.c src/ecdsa.c
JAVA_FILES := src/java/org_bitcoin_NativeSecp256k1.h src/java/org_bitcoin_NativeSecp256k1.c JAVA_FILES := src/java/org_bitcoin_NativeSecp256k1.h src/java/org_bitcoin_NativeSecp256k1.c
@ -19,29 +19,29 @@ default: all
ifeq ($(CONF), openssl) ifeq ($(CONF), openssl)
FLAGS_CONF:=-DUSE_NUM_OPENSSL -DUSE_FIELD_INV_BUILTIN FLAGS_CONF:=-DUSE_NUM_OPENSSL -DUSE_FIELD_INV_BUILTIN
LIBS:=-lcrypto LIBS:=-lcrypto
SECP256K1_FILES := $(SECP256K1_FILES) src/num_openssl.h src/num_openssl.cpp src/field_5x52_int128.cpp SECP256K1_FILES := $(SECP256K1_FILES) src/num_openssl.h src/num_openssl.c src/field_5x52_int128.c
else else
ifeq ($(CONF), gmp) ifeq ($(CONF), gmp)
FLAGS_CONF:=-DUSE_NUM_GMP FLAGS_CONF:=-DUSE_NUM_GMP
LIBS:=-lgmp LIBS:=-lgmp
SECP256K1_FILES := $(SECP256K1_FILES) src/num_gmp.h src/num_gmp.cpp src/field_5x52_int128.cpp SECP256K1_FILES := $(SECP256K1_FILES) src/num_gmp.h src/num_gmp.c src/field_5x52_int128.c
else else
ifeq ($(CONF), gmpasm) ifeq ($(CONF), gmpasm)
FLAGS_CONF:=-DUSE_NUM_GMP -DUSE_FIELD_5X52_ASM FLAGS_CONF:=-DUSE_NUM_GMP -DUSE_FIELD_5X52_ASM
LIBS:=-lgmp obj/field_5x52_asm.o LIBS:=-lgmp obj/field_5x52_asm.o
OBJS:=$(OBJS) obj/field_5x52_asm.o OBJS:=$(OBJS) obj/field_5x52_asm.o
SECP256K1_FILES := $(SECP256K1_FILES) src/num_gmp.h src/num_gmp.cpp src/field_5x52_asm.cpp SECP256K1_FILES := $(SECP256K1_FILES) src/num_gmp.h src/num_gmp.c src/field_5x52_asm.c
obj/field_5x52_asm.o: src/field_5x52_asm.asm obj/field_5x52_asm.o: src/field_5x52_asm.asm
yasm -f elf64 -o obj/field_5x52_asm.o src/field_5x52_asm.asm yasm -f elf64 -o obj/field_5x52_asm.o src/field_5x52_asm.asm
else else
SECP256K1_FILES := $(SECP256K1_FILES) src/field_5x52_int128.cpp SECP256K1_FILES := $(SECP256K1_FILES) src/field_5x52_int128.c
endif endif
endif endif
endif endif
all: src/*.cpp src/*.asm src/*.h include/*.h all: src/*.c src/*.asm src/*.h include/*.h
+make CONF=openssl all-openssl +make CONF=openssl all-openssl
+make CONF=gmp all-gmp +make CONF=gmp all-gmp
+make CONF=gmpasm all-gmpasm +make CONF=gmpasm all-gmpasm
@ -59,19 +59,19 @@ all-$(CONF): bench-$(CONF) tests-$(CONF) libsecp256k1-$(CONF).a
clean-$(CONF): clean-$(CONF):
rm -f bench-$(CONF) tests-$(CONF) libsecp256k1-$(CONF).a libjavasecp256k1-$(CONF).so obj/* rm -f bench-$(CONF) tests-$(CONF) libsecp256k1-$(CONF).a libjavasecp256k1-$(CONF).so obj/*
obj/secp256k1-$(CONF).o: $(SECP256K1_FILES) src/secp256k1.cpp include/secp256k1.h obj/secp256k1-$(CONF).o: $(SECP256K1_FILES) src/secp256k1.c include/secp256k1.h
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) src/secp256k1.cpp -c -o obj/secp256k1-$(CONF).o $(CC) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) src/secp256k1.c -c -o obj/secp256k1-$(CONF).o
bench-$(CONF): $(OBJS) src/bench.cpp bench-$(CONF): $(OBJS) src/bench.c
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) src/bench.cpp $(LIBS) -o bench-$(CONF) $(CC) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) src/bench.c $(LIBS) -o bench-$(CONF)
tests-$(CONF): $(OBJS) src/tests.cpp tests-$(CONF): $(OBJS) src/tests.c
$(CXX) $(FLAGS_COMMON) $(FLAGS_TEST) $(FLAGS_CONF) src/tests.cpp $(LIBS) -o tests-$(CONF) $(CC) $(FLAGS_COMMON) $(FLAGS_TEST) $(FLAGS_CONF) src/tests.c $(LIBS) -o tests-$(CONF)
libsecp256k1-$(CONF).a: $(OBJS) libsecp256k1-$(CONF).a: $(OBJS)
$(AR) -rs $@ $(OBJS) $(AR) -rs $@ $(OBJS)
libjavasecp256k1-$(CONF).so: $(OBJS) $(JAVA_FILES) libjavasecp256k1-$(CONF).so: $(OBJS) $(JAVA_FILES)
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) -I. src/java/org_bitcoin_NativeSecp256k1.c $(LIBS) $(OBJS) -shared -o libjavasecp256k1-$(CONF).so $(CC) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) -I. src/java/org_bitcoin_NativeSecp256k1.c $(LIBS) $(OBJS) -shared -o libjavasecp256k1-$(CONF).so
java: libjavasecp256k1-$(CONF).so java: libjavasecp256k1-$(CONF).so

6
include/secp256k1.h
View File

@ -1,10 +1,16 @@
#ifndef _SECP256K1_ #ifndef _SECP256K1_
#define _SECP256K1_ #define _SECP256K1_
#ifdef __cplusplus
extern "C" { extern "C" {
#endif
void secp256k1_start(void); void secp256k1_start(void);
void secp256k1_stop(void); void secp256k1_stop(void);
int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen); int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen);
#ifdef __cplusplus
} }
#endif
#endif #endif

10
src/bench.cpp → src/bench.c
View File

@ -1,10 +1,10 @@
#include <stdio.h> #include <stdio.h>
#include "num.cpp" #include "num.c"
#include "field.cpp" #include "field.c"
#include "group.cpp" #include "group.c"
#include "ecmult.cpp" #include "ecmult.c"
#include "ecdsa.cpp" #include "ecdsa.c"
int main() { int main() {
secp256k1_num_start(); secp256k1_num_start();

10
src/ecdsa.cpp → src/ecdsa.c
View File

@ -4,8 +4,6 @@
#include "ecmult.h" #include "ecmult.h"
#include "ecdsa.h" #include "ecdsa.h"
extern "C" {
void static secp256k1_ecdsa_sig_init(secp256k1_ecdsa_sig_t *r) { void static secp256k1_ecdsa_sig_init(secp256k1_ecdsa_sig_t *r) {
secp256k1_num_init(&r->r); secp256k1_num_init(&r->r);
secp256k1_num_init(&r->s); secp256k1_num_init(&r->s);
@ -27,9 +25,9 @@ int static secp256k1_ecdsa_pubkey_parse(secp256k1_gej_t *elem, const unsigned ch
secp256k1_fe_set_b32(&y, pub+33); secp256k1_fe_set_b32(&y, pub+33);
secp256k1_gej_set_xy(elem, &x, &y); secp256k1_gej_set_xy(elem, &x, &y);
if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07)) if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07))
return false; return 0;
} else { } else {
return false; return 0;
} }
return secp256k1_gej_is_valid(elem); return secp256k1_gej_is_valid(elem);
} }
@ -136,12 +134,10 @@ int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
return 0; return 0;
if (secp256k1_num_is_odd(&sig->s)) if (secp256k1_num_is_odd(&sig->s))
secp256k1_num_sub(&sig->s, &c->order, &sig->s); secp256k1_num_sub(&sig->s, &c->order, &sig->s);
return true; return 1;
} }
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) { void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s) {
secp256k1_num_copy(&sig->r, r); secp256k1_num_copy(&sig->r, r);
secp256k1_num_copy(&sig->s, s); secp256k1_num_copy(&sig->s, s);
} }
}

4
src/ecdsa.h
View File

@ -3,8 +3,6 @@
#include "num.h" #include "num.h"
extern "C" {
typedef struct { typedef struct {
secp256k1_num_t r, s; secp256k1_num_t r, s;
} secp256k1_ecdsa_sig_t; } secp256k1_ecdsa_sig_t;
@ -18,6 +16,4 @@ int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *seckey, const secp256k1_num_t *message, const secp256k1_num_t *nonce); int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *seckey, const secp256k1_num_t *message, const secp256k1_num_t *nonce);
void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s); void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s);
}
#endif #endif

16
src/ecmult.cpp → src/ecmult.c
View File

@ -1,19 +1,14 @@
#include <sstream>
#include <algorithm>
#include "num.h" #include "num.h"
#include "group.h" #include "group.h"
#include "ecmult.h" #include "ecmult.h"
// optimal for 128-bit and 256-bit exponents // optimal for 128-bit and 256-bit exponents.
#define WINDOW_A 5 #define WINDOW_A 5
// larger numbers may result in slightly better performance, at the cost of // larger numbers may result in slightly better performance, at the cost of
// exponentially larger precomputed tables. WINDOW_G == 13 results in 640 KiB. // exponentially larger precomputed tables. WINDOW_G == 14 results in 640 KiB.
#define WINDOW_G 14 #define WINDOW_G 14
extern "C" {
/** Fill a table 'pre' with precomputed odd multiples of a. W determines the size of the table. /** Fill a table 'pre' with precomputed odd multiples of a. W determines the size of the table.
* pre will contains the values [1*a,3*a,5*a,...,(2^(w-1)-1)*a], so it needs place for * pre will contains the values [1*a,3*a,5*a,...,(2^(w-1)-1)*a], so it needs place for
* 2^(w-2) entries. * 2^(w-2) entries.
@ -196,7 +191,10 @@ void static secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
secp256k1_ecmult_table_precomp_gej(pre_a_1, a, WINDOW_A); secp256k1_ecmult_table_precomp_gej(pre_a_1, a, WINDOW_A);
secp256k1_ecmult_table_precomp_gej(pre_a_lam, &a_lam, WINDOW_A); secp256k1_ecmult_table_precomp_gej(pre_a_lam, &a_lam, WINDOW_A);
int bits = std::max(std::max(bits_na_1, bits_na_lam), std::max(bits_ng_1, bits_ng_128)); int bits = bits_na_1;
if (bits_na_lam > bits) bits = bits_na_lam;
if (bits_ng_1 > bits) bits = bits_ng_1;
if (bits_ng_128 > bits) bits = bits_ng_128;
secp256k1_gej_set_infinity(r); secp256k1_gej_set_infinity(r);
secp256k1_gej_t tmpj; secp256k1_gej_t tmpj;
@ -228,5 +226,3 @@ void static secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
secp256k1_num_free(&ng_1); secp256k1_num_free(&ng_1);
secp256k1_num_free(&ng_128); secp256k1_num_free(&ng_128);
} }
}

4
src/ecmult.h
View File

@ -4,8 +4,6 @@
#include "num.h" #include "num.h"
#include "group.h" #include "group.h"
extern "C" {
static void secp256k1_ecmult_start(void); static void secp256k1_ecmult_start(void);
static void secp256k1_ecmult_stop(void); static void secp256k1_ecmult_stop(void);
@ -14,6 +12,4 @@ static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_num_t *a);
/** Double multiply: R = na*A + ng*G */ /** Double multiply: R = na*A + ng*G */
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng); static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_num_t *na, const secp256k1_num_t *ng);
}
#endif #endif

6
src/field.cpp → src/field.c
View File

@ -1,7 +1,5 @@
// just one implementation for now // just one implementation for now
#include "field_5x52.cpp" #include "field_5x52.c"
extern "C" {
static const unsigned char secp256k1_fe_consts_p[] = { static const unsigned char secp256k1_fe_consts_p[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
@ -154,5 +152,3 @@ void static secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
secp256k1_fe_set_b32(r, b); secp256k1_fe_set_b32(r, b);
#endif #endif
} }
}

4
src/field.h
View File

@ -15,8 +15,6 @@
// just one implementation for now // just one implementation for now
#include "field_5x52.h" #include "field_5x52.h"
extern "C" {
typedef struct { typedef struct {
secp256k1_num_t p; secp256k1_num_t p;
} secp256k1_fe_consts_t; } secp256k1_fe_consts_t;
@ -87,6 +85,4 @@ void static secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a);
/** Convert a hexadecimal string to a field element. */ /** Convert a hexadecimal string to a field element. */
void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen); void static secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen);
}
#endif #endif

12
src/field_5x52.cpp → src/field_5x52.c
View File

@ -4,13 +4,11 @@
#include "field.h" #include "field.h"
#ifdef USE_FIELD_5X52_ASM #ifdef USE_FIELD_5X52_ASM
#include "field_5x52_asm.cpp" #include "field_5x52_asm.c"
#else #else
#include "field_5x52_int128.cpp" #include "field_5x52_int128.c"
#endif #endif
extern "C" {
/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, /** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F,
* represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular,
* each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element * each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element
@ -106,7 +104,7 @@ void static secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
} }
#ifdef VERIFY #ifdef VERIFY
r->magnitude = 1; r->magnitude = 1;
r->normalized = true; r->normalized = 1;
#endif #endif
} }
@ -142,7 +140,7 @@ void static inline secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *
void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) { void static inline secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
#ifdef VERIFY #ifdef VERIFY
r->magnitude *= a; r->magnitude *= a;
r->normalized = false; r->normalized = 0;
#endif #endif
r->n[0] *= a; r->n[0] *= a;
r->n[1] *= a; r->n[1] *= a;
@ -181,5 +179,3 @@ void static secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
#endif #endif
secp256k1_fe_sqr_inner(a->n, r->n); secp256k1_fe_sqr_inner(a->n, r->n);
} }
}

4
src/field_5x52.h
View File

@ -3,8 +3,6 @@
#include <stdint.h> #include <stdint.h>
extern "C" {
typedef struct { typedef struct {
// X = sum(i=0..4, elem[i]*2^52) mod n // X = sum(i=0..4, elem[i]*2^52) mod n
uint64_t n[5]; uint64_t n[5];
@ -14,6 +12,4 @@ typedef struct {
#endif #endif
} secp256k1_fe_t; } secp256k1_fe_t;
}
#endif #endif

2
src/field_5x52_asm.c Normal file
View File

@ -0,0 +1,2 @@
void __attribute__ ((sysv_abi)) secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r);
void __attribute__ ((sysv_abi)) secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r);

2
src/field_5x52_asm.cpp
View File

@ -1,2 +0,0 @@
extern "C" void __attribute__ ((sysv_abi)) secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r);
extern "C" void __attribute__ ((sysv_abi)) secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r);

4
src/field_5x52_int128.cpp → src/field_5x52_int128.c
View File

@ -1,7 +1,5 @@
#include "field.h" #include "field.h"
extern "C" {
void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) { void static inline secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t *b, uint64_t *r) {
unsigned __int128 c = (__int128)a[0] * b[0]; unsigned __int128 c = (__int128)a[0] * b[0];
uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0 uint64_t t0 = c & 0xFFFFFFFFFFFFFULL; c = c >> 52; // c max 0FFFFFFFFFFFFFE0
@ -96,5 +94,3 @@ void static inline secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
r[1] = t1 + c; r[1] = t1 + c;
} }
}

20
src/group.cpp → src/group.c
View File

@ -4,8 +4,6 @@
#include "field.h" #include "field.h"
#include "group.h" #include "group.h"
extern "C" {
void static secp256k1_ge_set_infinity(secp256k1_ge_t *r) { void static secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
r->infinity = 1; r->infinity = 1;
} }
@ -76,7 +74,7 @@ void static secp256k1_gej_set_xo(secp256k1_gej_t *r, const secp256k1_fe_t *x, in
r->x = *x; r->x = *x;
secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x); secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2); secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
r->infinity = false; r->infinity = 0;
secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7); secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7);
secp256k1_fe_add(&c, &x3); secp256k1_fe_add(&c, &x3);
secp256k1_fe_sqrt(&r->y, &c); secp256k1_fe_sqrt(&r->y, &c);
@ -113,7 +111,7 @@ int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a) {
int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) { int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) {
if (a->infinity) if (a->infinity)
return false; return 0;
// y^2 = x^3 + 7 // y^2 = x^3 + 7
// (Y/Z^3)^2 = (X/Z^2)^3 + 7 // (Y/Z^3)^2 = (X/Z^2)^3 + 7
// Y^2 / Z^6 = X^3 / Z^6 + 7 // Y^2 / Z^6 = X^3 / Z^6 + 7
@ -133,7 +131,7 @@ void static secp256k1_gej_double(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
secp256k1_fe_t t5 = a->y; secp256k1_fe_t t5 = a->y;
secp256k1_fe_normalize(&t5); secp256k1_fe_normalize(&t5);
if (a->infinity || secp256k1_fe_is_zero(&t5)) { if (a->infinity || secp256k1_fe_is_zero(&t5)) {
r->infinity = true; r->infinity = 1;
return; return;
} }
@ -158,7 +156,7 @@ void static secp256k1_gej_double(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
secp256k1_fe_mul(&r->y, &t1, &t3); // Y' = 36*X^3*Y^2 - 27*X^6 (1) secp256k1_fe_mul(&r->y, &t1, &t3); // Y' = 36*X^3*Y^2 - 27*X^6 (1)
secp256k1_fe_negate(&t2, &t4, 2); // T2 = -8*Y^4 (3) secp256k1_fe_negate(&t2, &t4, 2); // T2 = -8*Y^4 (3)
secp256k1_fe_add(&r->y, &t2); // Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) secp256k1_fe_add(&r->y, &t2); // Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4)
r->infinity = false; r->infinity = 0;
} }
void static secp256k1_gej_add(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) { void static secp256k1_gej_add(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
@ -170,7 +168,7 @@ void static secp256k1_gej_add(secp256k1_gej_t *r, const secp256k1_gej_t *a, cons
*r = *a; *r = *a;
return; return;
} }
r->infinity = false; r->infinity = 0;
secp256k1_fe_t z22; secp256k1_fe_sqr(&z22, &b->z); secp256k1_fe_t z22; secp256k1_fe_sqr(&z22, &b->z);
secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z); secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
secp256k1_fe_t u1; secp256k1_fe_mul(&u1, &a->x, &z22); secp256k1_fe_t u1; secp256k1_fe_mul(&u1, &a->x, &z22);
@ -185,7 +183,7 @@ void static secp256k1_gej_add(secp256k1_gej_t *r, const secp256k1_gej_t *a, cons
if (secp256k1_fe_equal(&s1, &s2)) { if (secp256k1_fe_equal(&s1, &s2)) {
secp256k1_gej_double(r, a); secp256k1_gej_double(r, a);
} else { } else {
r->infinity = true; r->infinity = 1;
} }
return; return;
} }
@ -214,7 +212,7 @@ void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
*r = *a; *r = *a;
return; return;
} }
r->infinity = false; r->infinity = 0;
secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z); secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize(&u1); secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize(&u1);
secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12); secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12);
@ -228,7 +226,7 @@ void static secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
if (secp256k1_fe_equal(&s1, &s2)) { if (secp256k1_fe_equal(&s1, &s2)) {
secp256k1_gej_double(r, a); secp256k1_gej_double(r, a);
} else { } else {
r->infinity = true; r->infinity = 1;
} }
return; return;
} }
@ -375,5 +373,3 @@ void static secp256k1_ge_stop(void) {
secp256k1_ge_consts = NULL; secp256k1_ge_consts = NULL;
} }
} }
}

4
src/group.h
View File

@ -4,8 +4,6 @@
#include "num.h" #include "num.h"
#include "field.h" #include "field.h"
extern "C" {
typedef struct { typedef struct {
secp256k1_fe_t x; secp256k1_fe_t x;
secp256k1_fe_t y; secp256k1_fe_t y;
@ -52,6 +50,4 @@ void static secp256k1_gej_get_hex(char *r, int *rlen, const secp256k1_gej_t *a);
void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a); void static secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
void static secp256k1_gej_split_exp(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a); void static secp256k1_gej_split_exp(secp256k1_num_t *r1, secp256k1_num_t *r2, const secp256k1_num_t *a);
}
#endif #endif

4
src/num.cpp → src/num.c
View File

@ -1,7 +1,7 @@
#if defined(USE_NUM_GMP) #if defined(USE_NUM_GMP)
#include "num_gmp.cpp" #include "num_gmp.c"
#elif defined(USE_NUM_OPENSSL) #elif defined(USE_NUM_OPENSSL)
#include "num_openssl.cpp" #include "num_openssl.c"
#else #else
#error "Please select num implementation" #error "Please select num implementation"
#endif #endif

4
src/num.h
View File

@ -9,8 +9,6 @@
#error "Please select num implementation" #error "Please select num implementation"
#endif #endif
extern "C" {
void static secp256k1_num_start(void); void static secp256k1_num_start(void);
void static secp256k1_num_stop(void); void static secp256k1_num_stop(void);
void static secp256k1_num_init(secp256k1_num_t *r); void static secp256k1_num_init(secp256k1_num_t *r);
@ -40,6 +38,4 @@ void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const
void static secp256k1_num_negate(secp256k1_num_t *r); void static secp256k1_num_negate(secp256k1_num_t *r);
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a); void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a);
}
#endif #endif

4
src/num_gmp.cpp → src/num_gmp.c
View File

@ -5,8 +5,6 @@
#include "num.h" #include "num.h"
extern "C" {
typedef struct { typedef struct {
int initialized; int initialized;
gmp_randstate_t rng; gmp_randstate_t rng;
@ -155,5 +153,3 @@ void static secp256k1_num_negate(secp256k1_num_t *r) {
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) { void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpz_urandomm(r->bn, secp256k1_num_state.rng, a->bn); mpz_urandomm(r->bn, secp256k1_num_state.rng, a->bn);
} }
}

4
src/num_gmp.h
View File

@ -3,12 +3,8 @@
#include <gmp.h> #include <gmp.h>
extern "C" {
typedef struct { typedef struct {
mpz_t bn; mpz_t bn;
} secp256k1_num_t; } secp256k1_num_t;
}
#endif #endif

0
src/num_openssl.cpp → src/num_openssl.c
View File

14
src/secp256k1.cpp → src/secp256k1.c
View File

@ -1,10 +1,8 @@
#include "num.cpp" #include "num.c"
#include "field.cpp" #include "field.c"
#include "group.cpp" #include "group.c"
#include "ecmult.cpp" #include "ecmult.c"
#include "ecdsa.cpp" #include "ecdsa.c"
extern "C" {
void secp256k1_start(void) { void secp256k1_start(void) {
secp256k1_num_start(); secp256k1_num_start();
@ -48,5 +46,3 @@ end:
return ret; return ret;
} }
}

36
src/tests.cpp → src/tests.c
View File

@ -1,10 +1,10 @@
#include <assert.h> #include <assert.h>
#include "num.cpp" #include "num.c"
#include "field.cpp" #include "field.c"
#include "group.cpp" #include "group.c"
#include "ecmult.cpp" #include "ecmult.c"
#include "ecdsa.cpp" #include "ecdsa.c"
// #define COUNT 2 // #define COUNT 2
#define COUNT 100 #define COUNT 100
@ -70,9 +70,9 @@ void test_run_ecmult_chain() {
secp256k1_num_free(&ge); secp256k1_num_free(&ge);
} }
void test_point_times_order(const secp256k1_gej_t &point) { void test_point_times_order(const secp256k1_gej_t *point) {
// either the point is not on the curve, or multiplying it by the order results in O // either the point is not on the curve, or multiplying it by the order results in O
if (!secp256k1_gej_is_valid(&point)) if (!secp256k1_gej_is_valid(point))
return; return;
const secp256k1_num_t *order = &secp256k1_ge_consts->order; const secp256k1_num_t *order = &secp256k1_ge_consts->order;
@ -80,7 +80,7 @@ void test_point_times_order(const secp256k1_gej_t &point) {
secp256k1_num_init(&zero); secp256k1_num_init(&zero);
secp256k1_num_set_int(&zero, 0); secp256k1_num_set_int(&zero, 0);
secp256k1_gej_t res; secp256k1_gej_t res;
secp256k1_ecmult(&res, &point, order, order); // calc res = order * point + order * G; secp256k1_ecmult(&res, point, order, order); // calc res = order * point + order * G;
assert(secp256k1_gej_is_infinity(&res)); assert(secp256k1_gej_is_infinity(&res));
secp256k1_num_free(&zero); secp256k1_num_free(&zero);
} }
@ -88,8 +88,8 @@ void test_point_times_order(const secp256k1_gej_t &point) {
void test_run_point_times_order() { void test_run_point_times_order() {
secp256k1_fe_t x; secp256k1_fe_set_hex(&x, "02", 2); secp256k1_fe_t x; secp256k1_fe_set_hex(&x, "02", 2);
for (int i=0; i<500; i++) { for (int i=0; i<500; i++) {
secp256k1_gej_t j; secp256k1_gej_set_xo(&j, &x, true); secp256k1_gej_t j; secp256k1_gej_set_xo(&j, &x, 1);
test_point_times_order(j); test_point_times_order(&j);
secp256k1_fe_sqr(&x, &x); secp256k1_fe_sqr(&x, &x);
} }
char c[65]; int cl=65; char c[65]; int cl=65;
@ -97,7 +97,7 @@ void test_run_point_times_order() {
assert(strcmp(c, "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45") == 0); assert(strcmp(c, "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45") == 0);
} }
void test_wnaf(const secp256k1_num_t &number, int w) { void test_wnaf(const secp256k1_num_t *number, int w) {
secp256k1_num_t x, two, t; secp256k1_num_t x, two, t;
secp256k1_num_init(&x); secp256k1_num_init(&x);
secp256k1_num_init(&two); secp256k1_num_init(&two);
@ -105,7 +105,7 @@ void test_wnaf(const secp256k1_num_t &number, int w) {
secp256k1_num_set_int(&x, 0); secp256k1_num_set_int(&x, 0);
secp256k1_num_set_int(&two, 2); secp256k1_num_set_int(&two, 2);
int wnaf[1024]; int wnaf[1024];
int bits = secp256k1_ecmult_wnaf(wnaf, &number, w); int bits = secp256k1_ecmult_wnaf(wnaf, number, w);
int zeroes = -1; int zeroes = -1;
for (int i=bits-1; i>=0; i--) { for (int i=bits-1; i>=0; i--) {
secp256k1_num_mul(&x, &x, &two); secp256k1_num_mul(&x, &x, &two);
@ -123,7 +123,7 @@ void test_wnaf(const secp256k1_num_t &number, int w) {
secp256k1_num_set_int(&t, v); secp256k1_num_set_int(&t, v);
secp256k1_num_add(&x, &x, &t); secp256k1_num_add(&x, &x, &t);
} }
assert(secp256k1_num_cmp(&x, &number) == 0); // check that wnaf represents number assert(secp256k1_num_cmp(&x, number) == 0); // check that wnaf represents number
secp256k1_num_free(&x); secp256k1_num_free(&x);
secp256k1_num_free(&two); secp256k1_num_free(&two);
secp256k1_num_free(&t); secp256k1_num_free(&t);
@ -141,7 +141,7 @@ void test_run_wnaf() {
for (int i=0; i<COUNT; i++) { for (int i=0; i<COUNT; i++) {
secp256k1_num_set_rand(&n, &range); secp256k1_num_set_rand(&n, &range);
secp256k1_num_add(&n, &n, &min); secp256k1_num_add(&n, &n, &min);
test_wnaf(n, 4+(i%10)); test_wnaf(&n, 4+(i%10));
} }
secp256k1_num_free(&range); secp256k1_num_free(&range);
secp256k1_num_free(&min); secp256k1_num_free(&min);
@ -149,18 +149,18 @@ void test_run_wnaf() {
} }
void test_ecdsa_sign_verify() { void test_ecdsa_sign_verify() {
const secp256k1_ge_consts_t &c = *secp256k1_ge_consts; const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
secp256k1_num_t msg, key, nonce; secp256k1_num_t msg, key, nonce;
secp256k1_num_init(&msg); secp256k1_num_init(&msg);
secp256k1_num_set_rand(&msg, &c.order); secp256k1_num_set_rand(&msg, &c->order);
secp256k1_num_init(&key); secp256k1_num_init(&key);
secp256k1_num_set_rand(&key, &c.order); secp256k1_num_set_rand(&key, &c->order);
secp256k1_num_init(&nonce); secp256k1_num_init(&nonce);
secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key); secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key);
secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig); secp256k1_ecdsa_sig_init(&sig);
do { do {
secp256k1_num_set_rand(&nonce, &c.order); secp256k1_num_set_rand(&nonce, &c->order);
} while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce)); } while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce));
assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg)); assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg));
secp256k1_num_inc(&msg); secp256k1_num_inc(&msg);