Commit Graph

55 Commits

Author SHA1 Message Date
Pieter Wuille 9234391ed4 Overhaul flags handling 2015-10-24 19:47:13 +02:00
Rusty Russell 1a368980c8 Make flags more explicit, add runtime checks.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-24 19:39:44 +02:00
Gregory Maxwell 4a243da47c Move secp256k1_ec_privkey_import/export to contrib.
These functions are intended for compatibility with legacy software,
 and are not normally needed in new secp256k1 applications.

They also do not obeying any particular standard (and likely cannot
 without without undermining their compatibility), and so are a
 better fit for contrib.
2015-10-22 22:57:33 +00:00
Pieter Wuille 0c6ab2ff18 Introduce explicit lower-S normalization
ECDSA signature verification now requires normalized signatures (with S in the
lower half of the range). In case the input cannot be guaranteed to provide this,
a new function secp256k1_ecdsa_signature_normalize is provided to preprocess it.
2015-10-21 16:14:42 +02:00
Pieter Wuille 3bb9c44719 Rewrite ECDSA signature parsing code
There are now 2 encoding formats supported: 64-byte "compact" and DER.
The latter is strict: the data has to be exact DER, though the values
inside don't need to be valid.
2015-10-21 16:13:37 +02:00
Pieter Wuille 68a3c766ad
Merge pull request #329
b13d749 Fix couple of typos in API comments (Gustav Simonsson)
2015-10-11 17:15:32 +02:00
Jonas Schnelli 37100d7284
improve ECDH header-doc
- use pubkey instead of point
- use privkey instead of scalar
2015-10-05 20:50:59 +02:00
Gustav Simonsson b13d749947 Fix couple of typos in API comments 2015-09-30 17:23:13 +02:00
Gregory Maxwell 338fc8bd71 Add API exports to secp256k1_nonce_function_default and secp256k1_nonce_function_rfc6979. 2015-09-29 18:56:21 +00:00
Gregory Maxwell 118cd8210f Use explicit symbol visibility.
The use of static makes this somewhat redundant currently, though if
 we later have multiple compilation units it will be needed.

This also sets the dllexport needed for shared libraries on win32.
2015-09-25 05:42:20 +00:00
Gregory Maxwell 4e64608082 Include public module headers when compiling modules.
Also fix the nullness requirements for schnorr nonce-pair generation.
2015-09-24 21:50:06 +00:00
Pieter Wuille dd891e0ed5 Get rid of _t as it is POSIX reserved 2015-09-21 21:03:37 +02:00
Luke Dashjr 486b9bb8ce Use a flags bitfield for compressed option to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export 2015-09-19 19:33:30 +00:00
Luke Dashjr 05732c5a5f Callback data: Accept pointers to either const or non-const data 2015-09-19 19:33:28 +00:00
Luke Dashjr 788038d323 Use size_t for lengths (at least in external API) 2015-09-19 19:33:21 +00:00
Luke Dashjr c9d7c2a484 secp256k1_context_set_{error,illegal}_callback: Restore default handler by passing NULL as function argument 2015-09-19 19:32:52 +00:00
Luke Dashjr 9aac008038 secp256k1_context_destroy: Allow NULL argument as a no-op 2015-09-19 19:32:48 +00:00
Luke Dashjr 64b730bc3f secp256k1_context_create: Use unsigned type for flags bitfield 2015-09-19 19:32:21 +00:00
Pieter Wuille dc0ce9fc41 [API BREAK] Change argument order to out/outin/in 2015-09-04 17:45:57 +02:00
Pieter Wuille 9f443be086 Move pubkey recovery code to separate module 2015-08-28 01:51:52 +02:00
Pieter Wuille 439d34adc6 Separate recoverable and normal signatures 2015-08-27 22:47:24 +02:00
Pieter Wuille f66907f220 Improve/reformat API documentation secp256k1.h 2015-08-27 01:14:28 +02:00
Pieter Wuille a5a66c70b6 Add support for custom EC-Schnorr-SHA256 signatures 2015-08-03 20:08:51 +02:00
Andrew Poelstra 0739bbb6f0 Add ECDH module which works by hashing the output of ecmult_const 2015-08-01 10:57:33 -05:00
Pieter Wuille 995c548771 Introduce callback functions for dealing with errors. 2015-07-26 18:08:38 +02:00
Pieter Wuille 74a2acdb8a Add a secp256k1_ecdsa_signature_t type 2015-07-26 16:02:20 +02:00
Pieter Wuille 23cfa914d2 Introduce secp256k1_pubkey_t type 2015-07-26 15:59:07 +02:00
Thomas Kerin 99fd963bd5
Add secp256k1_ec_pubkey_compress(), with test similar to the related decompress() function. 2015-07-13 13:09:00 +01:00
Andrew Poelstra 210ffed5cd Use separate in and out pointers in `secp256k1_ec_pubkey_decompress`
Right now `secp256k1_ec_pubkey_decompress` takes an in/out pointer to
a public key and replaces the input key with its decompressed variant.
This forces users who store compressed keys in small (<65 byte) fixed
size buffers (for example, the Rust bindings do this) to explicitly
and wastefully copy their key to a larger buffer.

[API BREAK]
2015-05-13 17:07:34 -05:00
Gregory Maxwell d2275795ff Add scalar blinding and a secp256k1_context_randomize() call.
This computes (n-b)G + bG with random value b, in place of nG in
 ecmult_gen() for signing.

This is intended to reduce exposure to potential power/EMI sidechannels
 during signing and pubkey generation by blinding the secret value with
 another value which is hopefully unknown to the attacker.

It may not be very helpful if the attacker is able to observe the setup
 or if even the scalar addition has an unacceptable leak, but it has low
 overhead in any case and the security should be purely additive on top
 of the existing defenses against sidechannels.
2015-04-22 19:25:16 +00:00
Andrew Poelstra d899b5b67c Expose ability to deep-copy a context 2015-04-11 22:16:03 -05:00
Pieter Wuille a9b6595ef8 [API BREAK] Introduce explicit contexts 2015-04-11 01:01:10 -07:00
Daniel Cousens 5098f62571 Improve documentation formatting consistency 2015-04-10 16:33:33 +10:00
Pieter Wuille 1573a102c0 Add ability to pass extra entropy to rfc6979
Suggested by Greg Maxwell.
2015-03-23 05:39:56 -07:00
Pieter Wuille 8030d7c0e5 Improve signing API documentation & specification 2015-02-14 15:38:27 -08:00
Gregory Maxwell 6cc8425c91 Include a comment on secp256k1_ecdsa_sign explaining low-s.
This was suggested by DavidEGrayson.
2015-02-02 02:47:24 +00:00
Pieter Wuille bbd5ba7cfa Use rfc6979 as default nonce generation function 2014-12-20 14:36:13 +01:00
Pieter Wuille c6e7f4e8d8 [API BREAK] Use a nonce-generation function instead of a nonce 2014-12-20 14:36:11 +01:00
Pieter Wuille cf7b2b4647 Fix ECDSA message hashes to 32 bytes 2014-12-09 12:50:47 +01:00
Pieter Wuille be82e92fc4 Require that r and b are different for field multiplication.
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
2014-12-01 13:40:34 +01:00
Gregory Maxwell 8563713a4f Add non-null and unused-result warnings for the external API.
GCC (and clang) supports extensions to annotate functions so that their
 results must be used and so that their arguments can't be statically
 provable to be null. If a caller violates these requirements they
 get a warning, so this helps them write correct code.

I deployed this in libopus a couple years ago with good success, and
 the implementation here is basically copied straight from that.

One consideration is that the non-null annotation teaches the optimizer
 and will actually compile out runtime non-nullness checks as dead-code.
 Since this is usually not whats wanted, the non-null annotations are
 disabled when compiling the library itself.

The commit also removes some dead inclusions of assert.h and introduces
 compatibility macros for restrict and inline in preparation for some
 portability improvements.
2014-11-12 12:23:09 -08:00
Pieter Wuille c27fdc0b97 Document some preconditions 2014-11-12 03:20:15 -08:00
Pieter Wuille ae6bc76e32 [API CHANGE] Use secp256k1_ec_ prefix for non-ECDSA key operations 2014-10-27 02:51:58 -07:00
Pieter Wuille 04e34d18c3 Split up signing and verification initialization 2014-09-13 17:14:17 +02:00
HaltingState 315d2560b0 updated documentation 2013-11-04 02:50:59 -08:00
Pieter Wuille 86d3cce2a9 Add support for multiplicative tweaking 2013-07-14 17:58:23 +02:00
Pieter Wuille 194eea065f Public inclue improvements 2013-05-11 23:37:48 +02:00
Pieter Wuille da3038c757 Privkey import/export 2013-05-05 05:12:43 +02:00
Pieter Wuille 50eb498ece Compact signatures/pubkey recovery 2013-05-05 02:46:07 +02:00
Pieter Wuille 42cccdaf55 More public implementations 2013-05-05 01:02:05 +02:00