[secp256k1.git] / src / modules / ecdh / main_impl.h

/**********************************************************************
 * Copyright (c) 2015 Andrew Poelstra                                 *
 * Distributed under the MIT software license, see the accompanying   *
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/

#ifndef SECP256K1_MODULE_ECDH_MAIN_H
#define SECP256K1_MODULE_ECDH_MAIN_H

#include "include/secp256k1_ecdh.h"
#include "ecmult_const_impl.h"

static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x32, const unsigned char *y32, void *data) {
    unsigned char version = (y32[31] & 0x01) | 0x02;
    secp256k1_sha256 sha;
    (void)data;

    secp256k1_sha256_initialize(&sha);
    secp256k1_sha256_write(&sha, &version, 1);
    secp256k1_sha256_write(&sha, x32, 32);
    secp256k1_sha256_finalize(&sha, output);

    return 1;
}

const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256;
const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256;

int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) {
    int ret = 0;
    int overflow = 0;
    secp256k1_gej res;
    secp256k1_ge pt;
    secp256k1_scalar s;
    unsigned char x[32];
    unsigned char y[32];

    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(output != NULL);
    ARG_CHECK(point != NULL);
    ARG_CHECK(scalar != NULL);

    if (hashfp == NULL) {
        hashfp = secp256k1_ecdh_hash_function_default;
    }

    secp256k1_pubkey_load(ctx, &pt, point);
    secp256k1_scalar_set_b32(&s, scalar, &overflow);

    overflow |= secp256k1_scalar_is_zero(&s);
    secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow);

    secp256k1_ecmult_const(&res, &pt, &s, 256);
    secp256k1_ge_set_gej(&pt, &res);

    /* Compute a hash of the point */
    secp256k1_fe_normalize(&pt.x);
    secp256k1_fe_normalize(&pt.y);
    secp256k1_fe_get_b32(x, &pt.x);
    secp256k1_fe_get_b32(y, &pt.y);

    ret = hashfp(output, x, y, data);

    memset(x, 0, 32);
    memset(y, 0, 32);
    secp256k1_scalar_clear(&s);

    return !!ret & !overflow;
}

#endif /* SECP256K1_MODULE_ECDH_MAIN_H */
Commit	Line	Data
0739bbb6 AP	1	/**********************************************************************
	2	* Copyright (c) 2015 Andrew Poelstra *
	3	* Distributed under the MIT software license, see the accompanying *
	4	* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
	5	**********************************************************************/
	6
abe2d3e8 DR	7	#ifndef SECP256K1_MODULE_ECDH_MAIN_H
abe2d3e8 DR	8	#define SECP256K1_MODULE_ECDH_MAIN_H
0739bbb6	9
4e646080	10	#include "include/secp256k1_ecdh.h"
0739bbb6 AP	11	#include "ecmult_const_impl.h"
0739bbb6 AP	12
eb45ef33 TR	13	static int ecdh_hash_function_sha256(unsigned char output, const unsigned char x32, const unsigned char y32, void data) {
eb45ef33 TR	14	unsigned char version = (y32[31] & 0x01) \| 0x02;
b00be650	15	secp256k1_sha256 sha;
c8fbc3c3	16	(void)data;
b00be650 KF	17
	18	secp256k1_sha256_initialize(&sha);
	19	secp256k1_sha256_write(&sha, &version, 1);
eb45ef33	20	secp256k1_sha256_write(&sha, x32, 32);
b00be650 KF	21	secp256k1_sha256_finalize(&sha, output);
	22
	23	return 1;
	24	}
	25
	26	const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256;
	27	const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256;
	28
c8fbc3c3	29	int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char output, const secp256k1_pubkey point, const unsigned char scalar, secp256k1_ecdh_hash_function hashfp, void data) {
0739bbb6 AP	30	int ret = 0;
0739bbb6 AP	31	int overflow = 0;
dd891e0e PW	32	secp256k1_gej res;
	33	secp256k1_ge pt;
	34	secp256k1_scalar s;
34a67c77 GM	35	unsigned char x[32];
	36	unsigned char y[32];
	37
6f8ae2f3	38	VERIFY_CHECK(ctx != NULL);
b00be650	39	ARG_CHECK(output != NULL);
0739bbb6 AP	40	ARG_CHECK(point != NULL);
0739bbb6 AP	41	ARG_CHECK(scalar != NULL);
34a67c77	42
b00be650 KF	43	if (hashfp == NULL) {
	44	hashfp = secp256k1_ecdh_hash_function_default;
	45	}
0739bbb6 AP	46
	47	secp256k1_pubkey_load(ctx, &pt, point);
	48	secp256k1_scalar_set_b32(&s, scalar, &overflow);
0739bbb6	49
34a67c77 GM	50	overflow \|= secp256k1_scalar_is_zero(&s);
	51	secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow);
	52
	53	secp256k1_ecmult_const(&res, &pt, &s, 256);
	54	secp256k1_ge_set_gej(&pt, &res);
	55
	56	/* Compute a hash of the point */
	57	secp256k1_fe_normalize(&pt.x);
	58	secp256k1_fe_normalize(&pt.y);
	59	secp256k1_fe_get_b32(x, &pt.x);
	60	secp256k1_fe_get_b32(y, &pt.y);
	61
	62	ret = hashfp(output, x, y, data);
	63
	64	memset(x, 0, 32);
	65	memset(y, 0, 32);
0739bbb6	66	secp256k1_scalar_clear(&s);
34a67c77 GM	67
34a67c77 GM	68	return !!ret & !overflow;
0739bbb6 AP	69	}
0739bbb6 AP	70
abe2d3e8	71	#endif /* SECP256K1_MODULE_ECDH_MAIN_H */