Commit Graph

102 Commits

Author SHA1 Message Date
Cory Fields 6f6cab9989 abi: Don't export symbols in static Windows libraries
libtool takes care of building both object versions, we just need to pick the
right one to export symbols.
2022-05-04 20:12:21 +00:00
Tim Ruffing b8f8b99f0f docs: Fix return value for functions that don't have invalid inputs
_tagged_sha256 simply cannot have invalid inputs.

The other functions could in some sense have invalid inputs but only in
violation of the type system. For example, a pubkey could be invalid but
invalid objects of type secp256k1_pubkey either can't be obtained
via the API or will be caught by an ARG_CHECK when calling pubkey_load.

This is consistent with similar functions in the public API, e.g.,
_ec_pubkey_negate or _ec_pubkey_serialize.
2022-03-18 11:33:23 +01:00
Tim Ruffing fc94a2da44 Use SECP256K1_DEPRECATED for existing deprecated API functions 2022-03-17 22:41:36 +01:00
Tim Ruffing 3db0560606 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated 2022-03-17 22:41:36 +01:00
fanquake 812ff5c747
doc: remove use of 0xa0 "no break space" 2021-11-24 08:11:49 +08:00
Elichai Turkel adec5a1638 Add missing null check for ctx and input keys in the public API 2021-07-04 12:47:46 +03:00
Elichai Turkel f4edfc7581 Improve consistency for NULL arguments in the public interface 2021-07-04 12:47:45 +03:00
Jonas Nick 5a8e4991ad Add secp256k1_tagged_sha256 as defined in BIP-340
Gives users the ability to hash messages to 32 byte before they are signed while
allowing efficient domain separation through the tag.
2021-06-27 20:26:15 +00:00
Jonas Nick 202a030f7d
Merge #850: add `secp256k1_ec_pubkey_cmp` method
6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method (Andrew Poelstra)
0d9561ae87 add `secp256k1_ec_pubkey_cmp` method (Andrew Poelstra)

Pull request description:

ACKs for top commit:
  elichai:
    Code review ACK 6eceec6d56
  jonasnick:
    ACK 6eceec6d56
  real-or-random:
    ACK 6eceec6d56

Tree-SHA512: f95cbf65f16c88a4adfa1ea7cc6ddabab14baa3b68fa069e78e6faad4852cdbfaea42ee72590d2e0b8f3159cf9b37969511550eb6b2d256b101e2147711cc817
2021-05-13 19:17:53 +00:00
Tim Ruffing 69394879b6
Merge #926: secp256k1.h: clarify that by default arguments must be != NULL
0881633dfd secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)

Pull request description:

  The same file says that the illegal callback will only triger for violations
  explicitly mentioned, which is not true without this commit because we often
  don't mention that an argument is not allowed to be NULL.

  This line is extracted from #783 in the hope that it gets merged faster because other PRs depend on it.

ACKs for top commit:
  gmaxwell:
    ACK 0881633dfd
  real-or-random:
    ACK 0881633dfd

Tree-SHA512: ecdc6954a1c21c333da5b03db51f50a0e53984aaef69cc697adaddc96b276da23e342037f476d21742632f6ec02bfa0574f837a5b5791f5985f4c355037176fa
2021-05-07 23:21:19 +02:00
Andrew Poelstra 0d9561ae87 add `secp256k1_ec_pubkey_cmp` method 2021-05-06 18:36:41 +00:00
Gregory Maxwell ae9e648526 Define SECP256K1_BUILD in secp256k1.c directly.
This avoids building without it and makes it safer to use a custom
 building environment.  Test harnesses need to #include secp256k1.c
 first now.
2021-05-01 19:27:27 +00:00
Jonas Nick 0881633dfd secp256k1.h: clarify that by default arguments must be != NULL
The same file says that the illegal callback will only triger for violations
explicitly mentioned, which is not true without this commit because we often
don't mention that an argument is not allowed to be NULL.
2021-04-29 10:21:26 +00:00
Ferdinando M. Ametrano b7bc3a4aaa
fixed typo 2020-12-22 22:31:29 +01:00
Jonas Nick 6e85d675aa Rename tweak to tweak32 in public API 2020-12-04 14:16:43 +00:00
Jonas Nick f587f04e35 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 2020-12-04 14:12:38 +00:00
Gregory Maxwell 1309c03c45 Fix some compile problems on weird/old compilers.
The visibility attribute is a GCC 4+ feature.
GCC 2.95 also warns about the unsigned/signed comparision.
2020-07-26 05:26:56 +00:00
Jonas Nick 7e3952ae82 Clarify documentation of tweak functions.
In particular, mention that the functions return 0 if seckey or tweak are
invalid (as opposed to saying "should" or "must" be valid).
2020-03-30 20:51:47 +00:00
Jonas Nick 89853a0f2e Make tweak function documentation more consistent.
Do this by adding a newline after the first sentence and aligning the rest.
2020-03-30 20:51:47 +00:00
Jonas Nick 41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 2020-03-30 20:51:47 +00:00
Jonas Nick 22911ee6da Rename private key to secret key in public API (with the exception of function names) 2020-03-30 20:51:47 +00:00
Jonas Nick 5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0 2020-03-30 20:51:47 +00:00
Jonas Nick f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify 2020-03-30 20:51:47 +00:00
Jonas Nick 5894e1f1df Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul 2020-03-30 20:51:47 +00:00
Gregory Maxwell 7b50483ad7 Adds a declassify operation to aid constant-time analysis.
ECDSA signing has a retry loop for the exceptionally unlikely case
 that S==0.  S is not a secret at this point and this case is so
 rare that it will never be observed but branching on it will trip
 up tools analysing if the code is constant time with respect to
 secrets.

Derandomized ECDSA can also loop on k being zero or overflowing,
 and while k is a secret these cases are too rare (1:2^255) to
 ever observe and are also of no concern.

This adds a function for marking memory as no-longer-secret and
 sets it up for use with the valgrind memcheck constant-time
 test.
2020-02-20 17:27:26 +00:00
Jonas Nick 59782c68b4 Remove mention of ec_privkey_export because it doesn't exist 2019-09-15 11:27:17 +00:00
Tim Ruffing 556caad2ca
Fix typo in docs for _context_set_illegal_callback 2019-08-09 11:25:09 +02:00
philsmd 6914c25276
typo in comment for secp256k1_ec_pubkey_tweak_mul ()
Fixes a typo in secp256k1.h documentation
2019-06-01 12:21:20 +02:00
Tim Ruffing 5db782e655 Allow usage of external default callbacks 2019-05-26 22:32:36 +02:00
Andrew Poelstra a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated 2019-05-25 23:01:07 +00:00
Andrew Poelstra c2b028a281 scratch space: thread `error_callback` into all scratch space functions
Use it when checking magic bytes
2019-05-25 22:59:50 +00:00
Tim Ruffing 238305fdbb Move _preallocated functions to separate header 2019-05-25 14:01:09 +02:00
Tim Ruffing 695feb6fbd Export _preallocated functions 2019-05-25 14:01:09 +02:00
Tim Ruffing c4fd5dab45 Switch to a single malloc call 2019-05-25 14:01:09 +02:00
Tim Ruffing 6198375218 Make randomization of a non-signing context a noop
Before this commit secp256k1_context_randomize called illegal_callback
when called on a context not initialized for signing. This is not
documented. Moreover, it is not desirable because non-signing contexts
may use randomization in the future.

This commit makes secp256k1_context_randomize a noop in this case. This
is safe because the context cannot be used for signing anyway.

This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82.
2019-01-27 13:33:52 +01:00
Andrew Poelstra ed7c08417a add static context object which has no capabilities 2018-10-04 15:16:34 +00:00
Andrew Poelstra 6fe50439ae scratch: add stack frame support 2018-04-05 22:49:29 +00:00
Thomas Kerin 1646ace4d5
secp256k1_ec_privkey_negate - fix documentation 2018-02-28 14:10:07 +01:00
Andrew Poelstra 548de42ecf add resizeable scratch space API
Alignment support by Pieter Wuille.
2017-12-07 20:13:04 +00:00
Dan Raviv abe2d3e84b Fix header guards using reserved identifiers
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.

The only header guards not fixed are those in the headers auto-generated from java.
2017-08-26 18:44:21 +03:00
Pieter Wuille f532bdc9f7
Merge #459: Add pubkey prefix constants to include/secp256k1.h
bc61b91 add pubkey prefix constants to include/secp256k1.h (Andrew Poelstra)

Pull request description:

  In future multisig implementations we will need to pass nonces around, which are algebraically pubkeys but should not be decodable as pubkeys. The way to do this is to change the prefix byte from the ordinary 0x02/0x03 to something else. However, some forks (notably `secp256k1-zkp`) have started using some bytes for their own encodings, and if we continue to use hardcoded constants the risk of conflict is increased.

  This commit puts the prefixes used by the main library into the `include/secp256k1.h` so that the constants we're using will at least be in a standard easy-to-reference place.

Tree-SHA512: 37fa25be5074b7c519a9c69421320a62f32a3818f144254eb57f96c6657b993fc01962a5c670574275d1c59b095a6c89e60736123f032d6736907284eac526d7
2017-08-10 16:42:01 -07:00
Andrew Poelstra bc61b91aca
add pubkey prefix constants to include/secp256k1.h 2017-06-27 14:05:26 +00:00
Tim Ruffing b0452e664b Fix typo in API documentation 2017-06-05 19:17:53 +02:00
Pieter Wuille 119949232a
Merge #408: Add `secp256k1_ec_pubkey_negate` and `secp256k1_ec_privkey_negate`
8e48aa6 Add `secp256k1_ec_pubkey_negate` and `secp256k1_ec_privkey_negate` (Andrew Poelstra)

Tree-SHA512: 28eeca0b04001958ad86b3c802e33a13273514e9e9802d5b358fd577dc95421a2cffb5591716bea10300717f742f0941c465b9df71dbb4c66d174c643887e06f
2017-03-21 17:54:06 -07:00
Rusty Russell 72d952c9c4 FIXUP: Missing "is"
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 14:43:09 +10:30
Rusty Russell 70ff29b6a7 secp256k1_context_randomize: document.
I think I summarized it correctly after IRC discussion with gmaxwell
and andytoshi; I didn't know it existed :(

It's regrettable to expose this level of detail, but users need to know
this to make a decision about how to use it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-14 15:29:33 +10:30
Andrew Poelstra 8e48aa60dc Add `secp256k1_ec_pubkey_negate` and `secp256k1_ec_privkey_negate` 2016-12-20 00:37:37 +00:00
Andrew Poelstra 91219a1cc0 Remove guarantees about memcmp-ability 2016-08-26 18:03:48 +00:00
Pieter Wuille 06aeea555e Turn secp256k1_ec_pubkey_serialize outlen to in/out 2015-11-05 06:01:56 +01:00
Gregory Maxwell 8e48787d97 Change secp256k1_ec_pubkey_combine's count argument to size_t. 2015-10-31 19:04:34 +00:00