Commit Graph

32 Commits

Author SHA1 Message Date
Andrew Poelstra 0739bbb6f0 Add ECDH module which works by hashing the output of ecmult_const 2015-08-01 10:57:33 -05:00
Pieter Wuille 995c548771 Introduce callback functions for dealing with errors. 2015-07-26 18:08:38 +02:00
Pieter Wuille 74a2acdb8a Add a secp256k1_ecdsa_signature_t type 2015-07-26 16:02:20 +02:00
Pieter Wuille 23cfa914d2 Introduce secp256k1_pubkey_t type 2015-07-26 15:59:07 +02:00
Thomas Kerin 99fd963bd5
Add secp256k1_ec_pubkey_compress(), with test similar to the related decompress() function. 2015-07-13 13:09:00 +01:00
Andrew Poelstra 210ffed5cd Use separate in and out pointers in `secp256k1_ec_pubkey_decompress`
Right now `secp256k1_ec_pubkey_decompress` takes an in/out pointer to
a public key and replaces the input key with its decompressed variant.
This forces users who store compressed keys in small (<65 byte) fixed
size buffers (for example, the Rust bindings do this) to explicitly
and wastefully copy their key to a larger buffer.

[API BREAK]
2015-05-13 17:07:34 -05:00
Gregory Maxwell d2275795ff Add scalar blinding and a secp256k1_context_randomize() call.
This computes (n-b)G + bG with random value b, in place of nG in
 ecmult_gen() for signing.

This is intended to reduce exposure to potential power/EMI sidechannels
 during signing and pubkey generation by blinding the secret value with
 another value which is hopefully unknown to the attacker.

It may not be very helpful if the attacker is able to observe the setup
 or if even the scalar addition has an unacceptable leak, but it has low
 overhead in any case and the security should be purely additive on top
 of the existing defenses against sidechannels.
2015-04-22 19:25:16 +00:00
Andrew Poelstra d899b5b67c Expose ability to deep-copy a context 2015-04-11 22:16:03 -05:00
Pieter Wuille a9b6595ef8 [API BREAK] Introduce explicit contexts 2015-04-11 01:01:10 -07:00
Daniel Cousens 5098f62571 Improve documentation formatting consistency 2015-04-10 16:33:33 +10:00
Pieter Wuille 1573a102c0 Add ability to pass extra entropy to rfc6979
Suggested by Greg Maxwell.
2015-03-23 05:39:56 -07:00
Pieter Wuille 8030d7c0e5 Improve signing API documentation & specification 2015-02-14 15:38:27 -08:00
Gregory Maxwell 6cc8425c91 Include a comment on secp256k1_ecdsa_sign explaining low-s.
This was suggested by DavidEGrayson.
2015-02-02 02:47:24 +00:00
Pieter Wuille bbd5ba7cfa Use rfc6979 as default nonce generation function 2014-12-20 14:36:13 +01:00
Pieter Wuille c6e7f4e8d8 [API BREAK] Use a nonce-generation function instead of a nonce 2014-12-20 14:36:11 +01:00
Pieter Wuille cf7b2b4647 Fix ECDSA message hashes to 32 bytes 2014-12-09 12:50:47 +01:00
Pieter Wuille be82e92fc4 Require that r and b are different for field multiplication.
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
2014-12-01 13:40:34 +01:00
Gregory Maxwell 8563713a4f Add non-null and unused-result warnings for the external API.
GCC (and clang) supports extensions to annotate functions so that their
 results must be used and so that their arguments can't be statically
 provable to be null. If a caller violates these requirements they
 get a warning, so this helps them write correct code.

I deployed this in libopus a couple years ago with good success, and
 the implementation here is basically copied straight from that.

One consideration is that the non-null annotation teaches the optimizer
 and will actually compile out runtime non-nullness checks as dead-code.
 Since this is usually not whats wanted, the non-null annotations are
 disabled when compiling the library itself.

The commit also removes some dead inclusions of assert.h and introduces
 compatibility macros for restrict and inline in preparation for some
 portability improvements.
2014-11-12 12:23:09 -08:00
Pieter Wuille c27fdc0b97 Document some preconditions 2014-11-12 03:20:15 -08:00
Pieter Wuille ae6bc76e32 [API CHANGE] Use secp256k1_ec_ prefix for non-ECDSA key operations 2014-10-27 02:51:58 -07:00
Pieter Wuille 04e34d18c3 Split up signing and verification initialization 2014-09-13 17:14:17 +02:00
HaltingState 315d2560b0 updated documentation 2013-11-04 02:50:59 -08:00
Pieter Wuille 86d3cce2a9 Add support for multiplicative tweaking 2013-07-14 17:58:23 +02:00
Pieter Wuille 194eea065f Public inclue improvements 2013-05-11 23:37:48 +02:00
Pieter Wuille da3038c757 Privkey import/export 2013-05-05 05:12:43 +02:00
Pieter Wuille 50eb498ece Compact signatures/pubkey recovery 2013-05-05 02:46:07 +02:00
Pieter Wuille 42cccdaf55 More public implementations 2013-05-05 01:02:05 +02:00
Pieter Wuille 7823916781 Add signing to public interface 2013-05-05 00:21:03 +02:00
Pieter Wuille b2966ce852 public interface docs 2013-04-14 22:44:45 +02:00
Pieter Wuille eb0be8eec6 Final step in converting to C 2013-04-01 07:52:58 +02:00
Pieter Wuille 254327e49a Begin group C interface + start/stop 2013-03-31 06:36:03 +02:00
Pieter Wuille 2d93809255 Source tree reorganization 2013-03-31 05:03:27 +02:00