Commit Graph

148 Commits

Author SHA1 Message Date
Tim Ruffing a49e0940ad docs: Fix typo 2022-12-08 16:31:00 +01:00
Tim Ruffing 7289b51d31 docs: Use doxygen style if and only if comment is user-facing
and improve phrasing slightly.
2022-12-05 11:26:44 +01:00
Tim Ruffing e7d0185c90 docs: Get rid of "initialized for signing" terminology 2022-12-05 11:26:44 +01:00
Tim Ruffing 06126364ad docs: Tidy and improve docs about contexts and randomization 2022-12-05 11:26:44 +01:00
Tim Ruffing e02d6862bd selftest: Expose in public API 2022-12-05 11:26:44 +01:00
Tim Ruffing 53796d2b24 contexts: Rename static context 2022-12-05 11:26:44 +01:00
Tim Ruffing 72fedf8a6c docs: Improve docs for static context 2022-12-05 11:26:39 +01:00
Tim Ruffing 316ac7625a contexts: Deprecate all context flags except SECP256K1_CONTEXT_NONE 2022-12-05 11:26:02 +01:00
Tim Ruffing 1a553ee8be docs: Change signature "validation" to "verification" 2022-11-25 23:26:15 +01:00
Tim Ruffing ee7341fbac docs: Never require a verification context 2022-11-25 23:26:15 +01:00
Cory Fields 6f6cab9989 abi: Don't export symbols in static Windows libraries
libtool takes care of building both object versions, we just need to pick the
right one to export symbols.
2022-05-04 20:12:21 +00:00
Tim Ruffing b8f8b99f0f docs: Fix return value for functions that don't have invalid inputs
_tagged_sha256 simply cannot have invalid inputs.

The other functions could in some sense have invalid inputs but only in
violation of the type system. For example, a pubkey could be invalid but
invalid objects of type secp256k1_pubkey either can't be obtained
via the API or will be caught by an ARG_CHECK when calling pubkey_load.

This is consistent with similar functions in the public API, e.g.,
_ec_pubkey_negate or _ec_pubkey_serialize.
2022-03-18 11:33:23 +01:00
Tim Ruffing 99e6568fc6 schnorrsig: Rename schnorrsig_sign to schnorsig_sign32 and deprecate 2022-03-17 22:41:36 +01:00
Tim Ruffing fc94a2da44 Use SECP256K1_DEPRECATED for existing deprecated API functions 2022-03-17 22:41:36 +01:00
Tim Ruffing 3db0560606 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated 2022-03-17 22:41:36 +01:00
fanquake 812ff5c747
doc: remove use of 0xa0 "no break space" 2021-11-24 08:11:49 +08:00
Pieter Wuille 5324f8942d Make aux_rnd32==NULL behave identical to 0x0000..00.
BIP340's default signing algorithm always requires an aux_rnd argument,
but permits using an all-zero one when no randomness is available.

Make secp256k1_schnorrsig_sign follow this even when aux_rnd32==NULL,
by treating the same as if an all-zero byte array was provided as
input.
2021-10-30 13:03:55 -04:00
Jonas Nick 297ce82091
Merge bitcoin-core/secp256k1#966: Make aux_rand32 arg to secp256k1_schnorrsig_sign const
db4667d5e0 Make aux_rand32 arg to secp256k1_schnorrsig_sign const (Pieter Wuille)

Pull request description:

ACKs for top commit:
  real-or-random:
    ACK db4667d5e0 diff looks good
  jonasnick:
    ACK db4667d5e0

Tree-SHA512: 6f003c856b0e11f3f41f6d8007470129f02f9075416c6a5d3904f8efb5fa461f38e600a6b31d326314b2961946c8c6b3bca1a8e9b333b52e099a6f023a04c698
2021-10-15 15:57:23 +00:00
Tim Ruffing aa5d34a8fe
Merge bitcoin-core/secp256k1#783: Make the public API docs more consistent and explicit
adec5a1638 Add missing null check for ctx and input keys in the public API (Elichai Turkel)
f4edfc7581 Improve consistency for NULL arguments in the public interface (Elichai Turkel)

Pull request description:

  I went over the public API and added missing explanations on when a pointer can be null and when it cannot,
  and added some missing checks for null ctx and null pubkey pointers.

  Open questions IMHO:
  1. Can `secp256k1_context_create` return NULL? right now it could return null if you replaced the callbacks at compile time to ones that do return(unlike the default ones which never return).
  2. Related to the first, should we document that the callbacks should never return? (in the tests we use returning callbacks but we can violate our own API) right now we say the following:

  > After this callback returns, anything may happen, including crashing.

  Is this enough to document answer `no` for the first question and just saying that if the callback returned then you violated the API so `secp256k1_context_create` can return NULL even though it is promised not to?
  Right now we AFAICT we never check if it returns null

  Another nit I'm not sure about is wording `(does nothing if NULL)`/`(ignored if NULL)`/`(can be NULL)`

  More missing docs:
  1. Documenting the `data` argument to the default nonce functions

ACKs for top commit:
  ariard:
    ACK adec5a16
  jonasnick:
    ACK adec5a1638

Tree-SHA512: 6fe785776b7e451e9e8cae944987f927b1eb2e2d404dfcb1b0ceb0a30bda4ce16469708920269417e5ada09739723a430e270dea1868fe7d12ccd5699dde5976
2021-09-15 16:36:11 +02:00
Pieter Wuille db4667d5e0 Make aux_rand32 arg to secp256k1_schnorrsig_sign const 2021-09-11 10:05:14 -04:00
Elichai Turkel adec5a1638 Add missing null check for ctx and input keys in the public API 2021-07-04 12:47:46 +03:00
Elichai Turkel f4edfc7581 Improve consistency for NULL arguments in the public interface 2021-07-04 12:47:45 +03:00
Tim Ruffing 769528f307 Don't use string literals for char arrays without NUL termination
unsigned char foo[4] = "abcd" is not valid C++ because the string
literal "abcd" does not fit into foo due to the terminating NUL
character. This is valid in C, it will just omit the NUL character.

Fixes #962.
2021-07-04 10:40:30 +02:00
Jonas Nick d8d806aaf3 schnorrsig: add extra parameter struct for sign_custom
This simplifies the interface of sign_custom and allows adding more parameters
later in a backward compatible way.
2021-06-27 20:26:15 +00:00
Jonas Nick a0c3fc177f schnorrsig: allow signing and verification of variable length msgs
Varlen message support for the default sign function comes from recommending
tagged_sha256. sign_custom on the other hand gets the ability to directly sign
message of any length. This also implies signing and verification support for
the empty message (NULL) with msglen 0.

Tests for variable lengths follow in a later commit.
2021-06-27 20:26:15 +00:00
Jonas Nick 5a8e4991ad Add secp256k1_tagged_sha256 as defined in BIP-340
Gives users the ability to hash messages to 32 byte before they are signed while
allowing efficient domain separation through the tag.
2021-06-27 20:26:15 +00:00
Jonas Nick b6c0b72fb0 schnorrsig: remove noncefp args from sign; add sign_custom function
This makes the default sign function easier to use while allowing more granular
control through sign_custom.

Tests for sign_custom follow in a later commit.
2021-06-27 20:26:15 +00:00
Jonas Nick 442cee5baf schnorrsig: add algolen argument to nonce_function_hardened
This avoids having to remove trailing NUL bytes in the nonce function
2021-05-28 11:40:52 +00:00
Jonas Nick df3bfa12c3 schnorrsig: clarify result of calling nonce_function_bip340 without data 2021-05-28 11:40:52 +00:00
Jonas Nick 202a030f7d
Merge #850: add `secp256k1_ec_pubkey_cmp` method
6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method (Andrew Poelstra)
0d9561ae87 add `secp256k1_ec_pubkey_cmp` method (Andrew Poelstra)

Pull request description:

ACKs for top commit:
  elichai:
    Code review ACK 6eceec6d56
  jonasnick:
    ACK 6eceec6d56
  real-or-random:
    ACK 6eceec6d56

Tree-SHA512: f95cbf65f16c88a4adfa1ea7cc6ddabab14baa3b68fa069e78e6faad4852cdbfaea42ee72590d2e0b8f3159cf9b37969511550eb6b2d256b101e2147711cc817
2021-05-13 19:17:53 +00:00
Tim Ruffing 69394879b6
Merge #926: secp256k1.h: clarify that by default arguments must be != NULL
0881633dfd secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)

Pull request description:

  The same file says that the illegal callback will only triger for violations
  explicitly mentioned, which is not true without this commit because we often
  don't mention that an argument is not allowed to be NULL.

  This line is extracted from #783 in the hope that it gets merged faster because other PRs depend on it.

ACKs for top commit:
  gmaxwell:
    ACK 0881633dfd
  real-or-random:
    ACK 0881633dfd

Tree-SHA512: ecdc6954a1c21c333da5b03db51f50a0e53984aaef69cc697adaddc96b276da23e342037f476d21742632f6ec02bfa0574f837a5b5791f5985f4c355037176fa
2021-05-07 23:21:19 +02:00
Andrew Poelstra 6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method 2021-05-06 18:36:44 +00:00
Andrew Poelstra 0d9561ae87 add `secp256k1_ec_pubkey_cmp` method 2021-05-06 18:36:41 +00:00
Gregory Maxwell ae9e648526 Define SECP256K1_BUILD in secp256k1.c directly.
This avoids building without it and makes it safer to use a custom
 building environment.  Test harnesses need to #include secp256k1.c
 first now.
2021-05-01 19:27:27 +00:00
Jonas Nick 0881633dfd secp256k1.h: clarify that by default arguments must be != NULL
The same file says that the illegal callback will only triger for violations
explicitly mentioned, which is not true without this commit because we often
don't mention that an argument is not allowed to be NULL.
2021-04-29 10:21:26 +00:00
Tim Ruffing 328aaef22a
Merge #845: Extract the secret key from a keypair
33cb3c2b1f Add secret key extraction from keypair to constant time tests (Elichai Turkel)
36d9dc1e8e Add seckey extraction from keypair to the extrakeys tests (Elichai Turkel)
fc96aa73f5 Add a function to extract the secretkey from a keypair (Elichai Turkel)

Pull request description:

  With schnorrsig if you need to tweak the secret key (for BIP32) you must use the keypair API to get compatible secret/public keys which you do by calling `secp256k1_keypair_xonly_tweak_add()`, but after that there's no currently a way to extract the secret key back for storage.
  so I added a `secp256k1_keypair_seckey` function to extract the key

ACKs for top commit:
  jonasnick:
    ACK 33cb3c2b1f
  real-or-random:
    ACK 33cb3c2b1f code inspection, tests pass

Tree-SHA512: 11212db38c8b87a87e2dc35c4d6993716867b45215b94b20522b1b3164ca63d4c6bf5192a6bff0e9267b333779cc8164844c56669a94e9be72df9ef025ffcfd4
2021-01-12 10:56:14 +01:00
Ferdinando M. Ametrano b7bc3a4aaa
fixed typo 2020-12-22 22:31:29 +01:00
Elichai Turkel fc96aa73f5
Add a function to extract the secretkey from a keypair 2020-12-19 11:00:25 +02:00
Jonas Nick 6e85d675aa Rename tweak to tweak32 in public API 2020-12-04 14:16:43 +00:00
Jonas Nick f587f04e35 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 2020-12-04 14:12:38 +00:00
Jonas Nick 4e43520026 schnorrsig: Add BIP-340 compatible signing and verification 2020-09-06 19:00:03 +00:00
Jonas Nick 7332d2db6b schnorrsig: Add BIP-340 nonce function 2020-09-06 19:00:03 +00:00
Jonas Nick 7a703fd97d schnorrsig: Init empty experimental module 2020-09-06 19:00:03 +00:00
Jonas Nick 6fcb5b845d extrakeys: Add keypair_xonly_tweak_add 2020-09-06 19:00:00 +00:00
Jonas Nick 58254463f9 extrakeys: Add keypair struct with create, pub and pub_xonly 2020-09-06 18:59:57 +00:00
Jonas Nick 910d9c284c extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test 2020-09-06 18:59:57 +00:00
Jonas Nick 4cd2ee474d extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey 2020-09-06 18:59:50 +00:00
Jonas Nick 47e6618e11 extrakeys: Init empty experimental module
This is to prepare for xonly_pubkeys and keypairs.
2020-08-26 19:52:55 +00:00
Gregory Maxwell 1309c03c45 Fix some compile problems on weird/old compilers.
The visibility attribute is a GCC 4+ feature.
GCC 2.95 also warns about the unsigned/signed comparision.
2020-07-26 05:26:56 +00:00
Jonas Nick 7e3952ae82 Clarify documentation of tweak functions.
In particular, mention that the functions return 0 if seckey or tweak are
invalid (as opposed to saying "should" or "must" be valid).
2020-03-30 20:51:47 +00:00