Update build system to enforce -std=c89 -pedantic.
AC_CANONICAL_HOST
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
AH_TOP([#define LIBSECP256K1_CONFIG_H])
-AH_BOTTOM([#endif //LIBSECP256K1_CONFIG_H])
+AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/])
AM_INIT_AUTOMAKE([foreign subdir-objects])
LT_INIT
CFLAGS="-O3 -g"
fi
-AC_PROG_CC_C99
-if test x"$ac_cv_prog_cc_c99" = x"no"; then
- AC_MSG_ERROR([c99 compiler support required])
+AC_PROG_CC_C89
+if test x"$ac_cv_prog_cc_c89" = x"no"; then
+ AC_MSG_ERROR([c89 compiler support required])
fi
case $host in
CFLAGS="$CFLAGS -W"
-warn_CFLAGS="-Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function"
+warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long"
saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $warn_CFLAGS"
AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}])
}
void run_benchmark(void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) {
+ int i;
double min = HUGE_VAL;
double sum = 0.0;
double max = 0.0;
- for (int i = 0; i < count; i++) {
+ for (i = 0; i < count; i++) {
+ double begin, total;
if (setup) setup(data);
- double begin = gettimedouble();
+ begin = gettimedouble();
benchmark(data);
- double total = gettimedouble() - begin;
+ total = gettimedouble() - begin;
if (teardown) teardown(data);
if (total < min) min = total;
if (total > max) max = total;
}
void bench_inv(void* arg) {
+ int i;
bench_inv_t *data = (bench_inv_t*)arg;
- for (int i=0; i<20000; i++) {
+ for (i = 0; i < 20000; i++) {
secp256k1_scalar_inverse(&data->x, &data->x);
secp256k1_scalar_add(&data->x, &data->x, &data->base);
}
} bench_recover_t;
void bench_recover(void* arg) {
+ int i;
bench_recover_t *data = (bench_recover_t*)arg;
-
unsigned char pubkey[33];
- for (int i=0; i<20000; i++) {
+
+ for (i = 0; i < 20000; i++) {
+ int j;
int pubkeylen = 33;
CHECK(secp256k1_ecdsa_recover_compact(data->msg, data->sig, pubkey, &pubkeylen, 1, i % 2));
- for (int j = 0; j < 32; j++) {
+ for (j = 0; j < 32; j++) {
data->sig[j + 32] = data->msg[j]; /* Move former message to S. */
data->msg[j] = data->sig[j]; /* Move former R to message. */
data->sig[j] = pubkey[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */
}
void bench_recover_setup(void* arg) {
+ int i;
bench_recover_t *data = (bench_recover_t*)arg;
- for (int i = 0; i < 32; i++) data->msg[i] = 1 + i;
- for (int i = 0; i < 64; i++) data->sig[i] = 65 + i;
+ for (i = 0; i < 32; i++) data->msg[i] = 1 + i;
+ for (i = 0; i < 64; i++) data->sig[i] = 65 + i;
}
int main(void) {
+ bench_recover_t data;
secp256k1_start(SECP256K1_START_VERIFY);
- bench_recover_t data;
run_benchmark(bench_recover, bench_recover_setup, NULL, &data, 10, 20000);
secp256k1_stop();
} bench_sign_t;
static void bench_sign_setup(void* arg) {
+ int i;
bench_sign_t *data = (bench_sign_t*)arg;
- for (int i = 0; i < 32; i++) data->msg[i] = i + 1;
- for (int i = 0; i < 32; i++) data->key[i] = i + 65;
+ for (i = 0; i < 32; i++) data->msg[i] = i + 1;
+ for (i = 0; i < 32; i++) data->key[i] = i + 65;
}
static void bench_sign(void* arg) {
+ int i;
bench_sign_t *data = (bench_sign_t*)arg;
unsigned char sig[64];
- for (int i=0; i<20000; i++) {
+ for (i = 0; i < 20000; i++) {
+ int j;
int recid = 0;
CHECK(secp256k1_ecdsa_sign_compact(data->msg, sig, data->key, NULL, NULL, &recid));
- for (int j = 0; j < 32; j++) {
+ for (j = 0; j < 32; j++) {
data->msg[j] = sig[j]; /* Move former R to message. */
data->key[j] = sig[j + 32]; /* Move former S to key. */
}
}
int main(void) {
+ bench_sign_t data;
secp256k1_start(SECP256K1_START_SIGN);
- bench_sign_t data;
run_benchmark(bench_sign, bench_sign_setup, NULL, &data, 10, 20000);
secp256k1_stop();
} benchmark_verify_t;
static void benchmark_verify(void* arg) {
+ int i;
benchmark_verify_t* data = (benchmark_verify_t*)arg;
- for (int i=0; i<20000; i++) {
+ for (i = 0; i < 20000; i++) {
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
}
int main(void) {
- secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
-
+ int i;
benchmark_verify_t data;
- for (int i = 0; i < 32; i++) data.msg[i] = 1 + i;
- for (int i = 0; i < 32; i++) data.key[i] = 33 + i;
+ secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
+
+ for (i = 0; i < 32; i++) data.msg[i] = 1 + i;
+ for (i = 0; i < 32; i++) data.key[i] = 33 + i;
data.siglen = 72;
secp256k1_ecdsa_sign(data.msg, data.sig, &data.siglen, data.key, NULL, NULL);
data.pubkeylen = 33;
static const secp256k1_ecmult_gen_consts_t *secp256k1_ecmult_gen_consts = NULL;
static void secp256k1_ecmult_gen_start(void) {
+ secp256k1_ge_t prec[1024];
+ secp256k1_gej_t gj;
+ secp256k1_gej_t nums_gej;
+ secp256k1_ecmult_gen_consts_t *ret;
+ int i, j;
if (secp256k1_ecmult_gen_consts != NULL)
return;
/* Allocate the precomputation table. */
- secp256k1_ecmult_gen_consts_t *ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
+ ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
/* get the generator */
- secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
+ secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
/* Construct a group element with no known corresponding scalar (nothing up my sleeve). */
- secp256k1_gej_t nums_gej;
{
static const unsigned char nums_b32[32] = "The scalar for this x is unknown";
secp256k1_fe_t nums_x;
- VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
secp256k1_ge_t nums_ge;
+ VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
secp256k1_gej_set_ge(&nums_gej, &nums_ge);
/* Add G to make the bits in x uniformly distributed. */
}
/* compute prec. */
- secp256k1_ge_t prec[1024];
{
secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */
- secp256k1_gej_t gbase; gbase = gj; /* 16^j * G */
- secp256k1_gej_t numsbase; numsbase = nums_gej; /* 2^j * nums. */
- for (int j=0; j<64; j++) {
+ secp256k1_gej_t gbase;
+ secp256k1_gej_t numsbase;
+ gbase = gj; /* 16^j * G */
+ numsbase = nums_gej; /* 2^j * nums. */
+ for (j = 0; j < 64; j++) {
/* Set precj[j*16 .. j*16+15] to (numsbase, numsbase + gbase, ..., numsbase + 15*gbase). */
precj[j*16] = numsbase;
- for (int i=1; i<16; i++) {
+ for (i = 1; i < 16; i++) {
secp256k1_gej_add_var(&precj[j*16 + i], &precj[j*16 + i - 1], &gbase);
}
/* Multiply gbase by 16. */
- for (int i=0; i<4; i++) {
+ for (i = 0; i < 4; i++) {
secp256k1_gej_double_var(&gbase, &gbase);
}
/* Multiply numbase by 2. */
}
secp256k1_ge_set_all_gej_var(1024, prec, precj);
}
- for (int j=0; j<64; j++) {
- for (int i=0; i<16; i++) {
+ for (j = 0; j < 64; j++) {
+ for (i = 0; i < 16; i++) {
secp256k1_ge_to_storage(&ret->prec[j][i], &prec[j*16 + i]);
}
}
}
static void secp256k1_ecmult_gen_stop(void) {
+ secp256k1_ecmult_gen_consts_t *c;
if (secp256k1_ecmult_gen_consts == NULL)
return;
- secp256k1_ecmult_gen_consts_t *c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
+ c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
secp256k1_ecmult_gen_consts = NULL;
free(c);
}
const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
secp256k1_ge_t add;
secp256k1_ge_storage_t adds;
+ int bits;
+ int i, j;
secp256k1_gej_set_infinity(r);
add.infinity = 0;
- int bits;
- for (int j=0; j<64; j++) {
+ for (j = 0; j < 64; j++) {
bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
- for (int i=0; i<16; i++) {
+ for (i = 0; i < 16; i++) {
secp256k1_ge_storage_cmov(&adds, &c->prec[j][i], i == bits);
}
secp256k1_ge_from_storage(&add, &adds);
* G is constant, so it only needs to be done once in advance.
*/
static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const secp256k1_gej_t *a, int w) {
+ secp256k1_gej_t d;
+ int i;
pre[0] = *a;
- secp256k1_gej_t d; secp256k1_gej_double_var(&d, &pre[0]);
- for (int i=1; i<(1 << (w-2)); i++)
+ secp256k1_gej_double_var(&d, &pre[0]);
+ for (i = 1; i < (1 << (w-2)); i++)
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
}
static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, int w) {
+ secp256k1_gej_t d;
+ int i;
const int table_size = 1 << (w-2);
secp256k1_gej_t *prej = checked_malloc(sizeof(secp256k1_gej_t) * table_size);
secp256k1_ge_t *prea = checked_malloc(sizeof(secp256k1_ge_t) * table_size);
prej[0] = *a;
- secp256k1_gej_t d; secp256k1_gej_double_var(&d, a);
- for (int i=1; i<table_size; i++) {
+ secp256k1_gej_double_var(&d, a);
+ for (i = 1; i < table_size; i++) {
secp256k1_gej_add_var(&prej[i], &d, &prej[i-1]);
}
secp256k1_ge_set_all_gej_var(table_size, prea, prej);
- for (int i=0; i<table_size; i++) {
+ for (i = 0; i < table_size; i++) {
secp256k1_ge_to_storage(&pre[i], &prea[i]);
}
free(prej);
static const secp256k1_ecmult_consts_t *secp256k1_ecmult_consts = NULL;
static void secp256k1_ecmult_start(void) {
+ secp256k1_gej_t gj;
+ secp256k1_ecmult_consts_t *ret;
if (secp256k1_ecmult_consts != NULL)
return;
/* Allocate the precomputation table. */
- secp256k1_ecmult_consts_t *ret = (secp256k1_ecmult_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_consts_t));
+ ret = (secp256k1_ecmult_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_consts_t));
/* get the generator */
- secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
+ secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
-#ifdef USE_ENDOMORPHISM
- /* calculate 2^128*generator */
- secp256k1_gej_t g_128j = gj;
- for (int i=0; i<128; i++)
- secp256k1_gej_double_var(&g_128j, &g_128j);
-#endif
/* precompute the tables with odd multiples */
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g, &gj, WINDOW_G);
+
#ifdef USE_ENDOMORPHISM
- secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G);
+ {
+ secp256k1_gej_t g_128j;
+ int i;
+ /* calculate 2^128*generator */
+ g_128j = gj;
+ for (i = 0; i < 128; i++)
+ secp256k1_gej_double_var(&g_128j, &g_128j);
+ secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G);
+ }
#endif
/* Set the global pointer to the precomputation table. */
}
static void secp256k1_ecmult_stop(void) {
+ secp256k1_ecmult_consts_t *c;
if (secp256k1_ecmult_consts == NULL)
return;
- secp256k1_ecmult_consts_t *c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts;
+ c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts;
secp256k1_ecmult_consts = NULL;
free(c);
}
*/
static int secp256k1_ecmult_wnaf(int *wnaf, const secp256k1_scalar_t *a, int w) {
secp256k1_scalar_t s = *a;
-
+ int set_bits = 0;
+ int bit = 0;
int sign = 1;
+
if (secp256k1_scalar_get_bits(&s, 255, 1)) {
secp256k1_scalar_negate(&s, &s);
sign = -1;
}
- int set_bits = 0;
- int bit = 0;
while (bit < 256) {
+ int now;
+ int word;
if (secp256k1_scalar_get_bits(&s, bit, 1) == 0) {
bit++;
continue;
while (set_bits < bit) {
wnaf[set_bits++] = 0;
}
- int now = w;
+ now = w;
if (bit + now > 256) {
now = 256 - bit;
}
- int word = secp256k1_scalar_get_bits_var(&s, bit, now);
+ word = secp256k1_scalar_get_bits_var(&s, bit, now);
if (word & (1 << (w-1))) {
secp256k1_scalar_add_bit(&s, bit + w);
wnaf[set_bits++] = sign * (word - (1 << w));
}
static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_scalar_t *na, const secp256k1_scalar_t *ng) {
+ secp256k1_gej_t tmpj;
+ secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
+ secp256k1_ge_t tmpa;
const secp256k1_ecmult_consts_t *c = secp256k1_ecmult_consts;
-
#ifdef USE_ENDOMORPHISM
+ secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_scalar_t na_1, na_lam;
+ /* Splitted G factors. */
+ secp256k1_scalar_t ng_1, ng_128;
+ int wnaf_na_1[130];
+ int wnaf_na_lam[130];
+ int bits_na_1;
+ int bits_na_lam;
+ int wnaf_ng_1[129];
+ int bits_ng_1;
+ int wnaf_ng_128[129];
+ int bits_ng_128;
+#else
+ int wnaf_na[256];
+ int bits_na;
+ int wnaf_ng[257];
+ int bits_ng;
+#endif
+ int i;
+ int bits;
+
+#ifdef USE_ENDOMORPHISM
/* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */
secp256k1_scalar_split_lambda_var(&na_1, &na_lam, na);
/* build wnaf representation for na_1 and na_lam. */
- int wnaf_na_1[130]; int bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A);
- int wnaf_na_lam[130]; int bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A);
+ bits_na_1 = secp256k1_ecmult_wnaf(wnaf_na_1, &na_1, WINDOW_A);
+ bits_na_lam = secp256k1_ecmult_wnaf(wnaf_na_lam, &na_lam, WINDOW_A);
VERIFY_CHECK(bits_na_1 <= 130);
VERIFY_CHECK(bits_na_lam <= 130);
- int bits = bits_na_1;
+ bits = bits_na_1;
if (bits_na_lam > bits) bits = bits_na_lam;
#else
/* build wnaf representation for na. */
- int wnaf_na[256]; int bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A);
- int bits = bits_na;
+ bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A);
+ bits = bits_na;
#endif
/* calculate odd multiples of a */
- secp256k1_gej_t pre_a[ECMULT_TABLE_SIZE(WINDOW_A)];
secp256k1_ecmult_table_precomp_gej_var(pre_a, a, WINDOW_A);
#ifdef USE_ENDOMORPHISM
- secp256k1_gej_t pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)];
- for (int i=0; i<ECMULT_TABLE_SIZE(WINDOW_A); i++)
+ for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++)
secp256k1_gej_mul_lambda(&pre_a_lam[i], &pre_a[i]);
- /* Splitted G factors. */
- secp256k1_scalar_t ng_1, ng_128;
-
/* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */
secp256k1_scalar_split_128(&ng_1, &ng_128, ng);
/* Build wnaf representation for ng_1 and ng_128 */
- int wnaf_ng_1[129]; int bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, &ng_1, WINDOW_G);
- int wnaf_ng_128[129]; int bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, &ng_128, WINDOW_G);
+ bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, &ng_1, WINDOW_G);
+ bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, &ng_128, WINDOW_G);
if (bits_ng_1 > bits) bits = bits_ng_1;
if (bits_ng_128 > bits) bits = bits_ng_128;
#else
- int wnaf_ng[257]; int bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G);
+ bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G);
if (bits_ng > bits) bits = bits_ng;
#endif
secp256k1_gej_set_infinity(r);
- secp256k1_gej_t tmpj;
- secp256k1_ge_t tmpa;
- for (int i=bits-1; i>=0; i--) {
- secp256k1_gej_double_var(r, r);
+ for (i = bits-1; i >= 0; i--) {
int n;
+ secp256k1_gej_double_var(r, r);
#ifdef USE_ENDOMORPHISM
if (i < bits_na_1 && (n = wnaf_na_1[i])) {
ECMULT_TABLE_GET_GEJ(&tmpj, pre_a, n, WINDOW_A);
#endif
}
-static inline void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) {
+static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage_t *r, const secp256k1_fe_storage_t *a, int flag) {
uint64_t mask0 = flag + ~((uint64_t)0), mask1 = ~mask0;
r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1);
r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1);
r->n[3] = a->n[3] >> 36 | a->n[4] << 16;
}
-static inline void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) {
+static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe_t *r, const secp256k1_fe_storage_t *a) {
r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL;
r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL);
r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL);
}
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
+ secp256k1_fe_t z2, z3;
r->infinity = a->infinity;
secp256k1_fe_inv(&a->z, &a->z);
- secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
- secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2);
+ secp256k1_fe_sqr(&z2, &a->z);
+ secp256k1_fe_mul(&z3, &a->z, &z2);
secp256k1_fe_mul(&a->x, &a->x, &z2);
secp256k1_fe_mul(&a->y, &a->y, &z3);
secp256k1_fe_set_int(&a->z, 1);
}
static void secp256k1_ge_set_gej_var(secp256k1_ge_t *r, secp256k1_gej_t *a) {
+ secp256k1_fe_t z2, z3;
r->infinity = a->infinity;
if (a->infinity) {
return;
}
secp256k1_fe_inv_var(&a->z, &a->z);
- secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
- secp256k1_fe_t z3; secp256k1_fe_mul(&z3, &a->z, &z2);
+ secp256k1_fe_sqr(&z2, &a->z);
+ secp256k1_fe_mul(&z3, &a->z, &z2);
secp256k1_fe_mul(&a->x, &a->x, &z2);
secp256k1_fe_mul(&a->y, &a->y, &z3);
secp256k1_fe_set_int(&a->z, 1);
}
static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge_t *r, const secp256k1_gej_t *a) {
+ secp256k1_fe_t *az;
+ secp256k1_fe_t *azi;
+ size_t i;
size_t count = 0;
- secp256k1_fe_t *az = checked_malloc(sizeof(secp256k1_fe_t) * len);
- for (size_t i=0; i<len; i++) {
+ az = checked_malloc(sizeof(secp256k1_fe_t) * len);
+ for (i = 0; i < len; i++) {
if (!a[i].infinity) {
az[count++] = a[i].z;
}
}
- secp256k1_fe_t *azi = checked_malloc(sizeof(secp256k1_fe_t) * count);
+ azi = checked_malloc(sizeof(secp256k1_fe_t) * count);
secp256k1_fe_inv_all_var(count, azi, az);
free(az);
count = 0;
- for (size_t i=0; i<len; i++) {
+ for (i = 0; i < len; i++) {
r[i].infinity = a[i].infinity;
if (!a[i].infinity) {
+ secp256k1_fe_t zi2, zi3;
secp256k1_fe_t *zi = &azi[count++];
- secp256k1_fe_t zi2; secp256k1_fe_sqr(&zi2, zi);
- secp256k1_fe_t zi3; secp256k1_fe_mul(&zi3, &zi2, zi);
+ secp256k1_fe_sqr(&zi2, zi);
+ secp256k1_fe_mul(&zi3, &zi2, zi);
secp256k1_fe_mul(&r[i].x, &a[i].x, &zi2);
secp256k1_fe_mul(&r[i].y, &a[i].y, &zi3);
}
}
static int secp256k1_ge_set_xo_var(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) {
+ secp256k1_fe_t x2, x3, c;
r->x = *x;
- secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x);
- secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2);
+ secp256k1_fe_sqr(&x2, x);
+ secp256k1_fe_mul(&x3, x, &x2);
r->infinity = 0;
- secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7);
+ secp256k1_fe_set_int(&c, 7);
secp256k1_fe_add(&c, &x3);
if (!secp256k1_fe_sqrt_var(&r->y, &c))
return 0;
}
static int secp256k1_gej_eq_x_var(const secp256k1_fe_t *x, const secp256k1_gej_t *a) {
+ secp256k1_fe_t r, r2;
VERIFY_CHECK(!a->infinity);
- secp256k1_fe_t r; secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x);
- secp256k1_fe_t r2 = a->x; secp256k1_fe_normalize_weak(&r2);
+ secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x);
+ r2 = a->x; secp256k1_fe_normalize_weak(&r2);
return secp256k1_fe_equal_var(&r, &r2);
}
}
static int secp256k1_gej_is_valid_var(const secp256k1_gej_t *a) {
+ secp256k1_fe_t y2, x3, z2, z6;
if (a->infinity)
return 0;
/** y^2 = x^3 + 7
* Y^2 / Z^6 = X^3 / Z^6 + 7
* Y^2 = X^3 + 7*Z^6
*/
- secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y);
- secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
- secp256k1_fe_t z2; secp256k1_fe_sqr(&z2, &a->z);
- secp256k1_fe_t z6; secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2);
+ secp256k1_fe_sqr(&y2, &a->y);
+ secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
+ secp256k1_fe_sqr(&z2, &a->z);
+ secp256k1_fe_sqr(&z6, &z2); secp256k1_fe_mul(&z6, &z6, &z2);
secp256k1_fe_mul_int(&z6, 7);
secp256k1_fe_add(&x3, &z6);
secp256k1_fe_normalize_weak(&x3);
}
static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a) {
+ secp256k1_fe_t y2, x3, c;
if (a->infinity)
return 0;
/* y^2 = x^3 + 7 */
- secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y);
- secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
- secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7);
+ secp256k1_fe_sqr(&y2, &a->y);
+ secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
+ secp256k1_fe_set_int(&c, 7);
secp256k1_fe_add(&x3, &c);
secp256k1_fe_normalize_weak(&x3);
return secp256k1_fe_equal_var(&y2, &x3);
}
static void secp256k1_gej_double_var(secp256k1_gej_t *r, const secp256k1_gej_t *a) {
+ secp256k1_fe_t t1,t2,t3,t4;
/** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity,
* Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have
* y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.
return;
}
- secp256k1_fe_t t1,t2,t3,t4;
secp256k1_fe_mul(&r->z, &a->z, &a->y);
secp256k1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */
secp256k1_fe_sqr(&t1, &a->x);
}
static void secp256k1_gej_add_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_gej_t *b) {
+ secp256k1_fe_t z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t;
if (a->infinity) {
*r = *b;
return;
return;
}
r->infinity = 0;
- secp256k1_fe_t z22; secp256k1_fe_sqr(&z22, &b->z);
- secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
- secp256k1_fe_t u1; secp256k1_fe_mul(&u1, &a->x, &z22);
- secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12);
- secp256k1_fe_t s1; secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z);
- secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
- secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
- secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
+ secp256k1_fe_sqr(&z22, &b->z);
+ secp256k1_fe_sqr(&z12, &a->z);
+ secp256k1_fe_mul(&u1, &a->x, &z22);
+ secp256k1_fe_mul(&u2, &b->x, &z12);
+ secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z);
+ secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
+ secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
+ secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
secp256k1_gej_double_var(r, a);
}
return;
}
- secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i);
- secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h);
- secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2);
+ secp256k1_fe_sqr(&i2, &i);
+ secp256k1_fe_sqr(&h2, &h);
+ secp256k1_fe_mul(&h3, &h, &h2);
secp256k1_fe_mul(&r->z, &a->z, &b->z); secp256k1_fe_mul(&r->z, &r->z, &h);
- secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2);
+ secp256k1_fe_mul(&t, &u1, &h2);
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
}
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
+ secp256k1_fe_t z12, u1, u2, s1, s2, h, i, i2, h2, h3, t;
if (a->infinity) {
r->infinity = b->infinity;
r->x = b->x;
return;
}
r->infinity = 0;
- secp256k1_fe_t z12; secp256k1_fe_sqr(&z12, &a->z);
- secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1);
- secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &z12);
- secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1);
- secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
- secp256k1_fe_t h; secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
- secp256k1_fe_t i; secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
+ secp256k1_fe_sqr(&z12, &a->z);
+ u1 = a->x; secp256k1_fe_normalize_weak(&u1);
+ secp256k1_fe_mul(&u2, &b->x, &z12);
+ s1 = a->y; secp256k1_fe_normalize_weak(&s1);
+ secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z);
+ secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2);
+ secp256k1_fe_negate(&i, &s1, 1); secp256k1_fe_add(&i, &s2);
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
secp256k1_gej_double_var(r, a);
}
return;
}
- secp256k1_fe_t i2; secp256k1_fe_sqr(&i2, &i);
- secp256k1_fe_t h2; secp256k1_fe_sqr(&h2, &h);
- secp256k1_fe_t h3; secp256k1_fe_mul(&h3, &h, &h2);
+ secp256k1_fe_sqr(&i2, &i);
+ secp256k1_fe_sqr(&h2, &h);
+ secp256k1_fe_mul(&h3, &h, &h2);
r->z = a->z; secp256k1_fe_mul(&r->z, &r->z, &h);
- secp256k1_fe_t t; secp256k1_fe_mul(&t, &u1, &h2);
+ secp256k1_fe_mul(&t, &u1, &h2);
r->x = t; secp256k1_fe_mul_int(&r->x, 2); secp256k1_fe_add(&r->x, &h3); secp256k1_fe_negate(&r->x, &r->x, 3); secp256k1_fe_add(&r->x, &i2);
secp256k1_fe_negate(&r->y, &r->x, 5); secp256k1_fe_add(&r->y, &t); secp256k1_fe_mul(&r->y, &r->y, &i);
secp256k1_fe_mul(&h3, &h3, &s1); secp256k1_fe_negate(&h3, &h3, 1);
}
static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b) {
+ secp256k1_fe_t zz, u1, u2, s1, s2, z, t, m, n, q, rr;
+ int infinity;
VERIFY_CHECK(!b->infinity);
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
* (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.)
*/
- secp256k1_fe_t zz; secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */
- secp256k1_fe_t u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */
- secp256k1_fe_t u2; secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */
- secp256k1_fe_t s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */
- secp256k1_fe_t s2; secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */
- secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */
- secp256k1_fe_t z = a->z; /* z = Z = Z1*Z2 (8) */
- secp256k1_fe_t t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */
- secp256k1_fe_t m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */
- secp256k1_fe_t n; secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */
- secp256k1_fe_t q; secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */
- secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */
- secp256k1_fe_t rr; secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */
+ secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */
+ u1 = a->x; secp256k1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */
+ secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */
+ s1 = a->y; secp256k1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */
+ secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z2^2 (1) */
+ secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */
+ z = a->z; /* z = Z = Z1*Z2 (8) */
+ t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */
+ m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */
+ secp256k1_fe_sqr(&n, &m); /* n = M^2 (1) */
+ secp256k1_fe_mul(&q, &n, &t); /* q = Q = T*M^2 (1) */
+ secp256k1_fe_sqr(&n, &n); /* n = M^4 (1) */
+ secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */
secp256k1_fe_mul(&t, &u1, &u2); secp256k1_fe_negate(&t, &t, 1); /* t = -U1*U2 (2) */
secp256k1_fe_add(&rr, &t); /* rr = R = T^2-U1*U2 (3) */
secp256k1_fe_sqr(&t, &rr); /* t = R^2 (1) */
secp256k1_fe_mul(&r->z, &m, &z); /* r->z = M*Z (1) */
- int infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity);
+ infinity = secp256k1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity);
secp256k1_fe_mul_int(&r->z, 2 * (1 - a->infinity)); /* r->z = Z3 = 2*M*Z (2) */
r->x = t; /* r->x = R^2 (1) */
secp256k1_fe_negate(&q, &q, 1); /* q = -Q (2) */
/** Compare two scalars. */
static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
-static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
-
#ifdef USE_ENDOMORPHISM
+/** Find r1 and r2 such that r1+r2*2^128 = a. */
+static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
#endif
secp256k1_scalar_reduce_512(r, l);
}
+#ifdef USE_ENDOMORPHISM
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
r1->d[0] = a->d[0];
r1->d[1] = a->d[1];
r2->d[6] = 0;
r2->d[7] = 0;
}
+#endif
SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b) {
return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0;
}
int secp256k1_ecdsa_verify(const unsigned char *msg32, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {
+ secp256k1_ge_t q;
+ secp256k1_ecdsa_sig_t s;
+ secp256k1_scalar_t m;
+ int ret = -3;
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(msg32 != NULL);
DEBUG_CHECK(sig != NULL);
DEBUG_CHECK(pubkey != NULL);
- int ret = -3;
- secp256k1_scalar_t m;
- secp256k1_ecdsa_sig_t s;
- secp256k1_ge_t q;
secp256k1_scalar_set_b32(&m, msg32, NULL);
if (!secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen)) {
}
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) {
- (void)data;
secp256k1_rfc6979_hmac_sha256_t rng;
+ unsigned int i;
+ (void)data;
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key32, 32, msg32, 32);
- for (unsigned int i = 0; i <= counter; i++) {
+ for (i = 0; i <= counter; i++) {
secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32);
}
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979;
int secp256k1_ecdsa_sign(const unsigned char *msg32, unsigned char *signature, int *signaturelen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) {
+ secp256k1_ecdsa_sig_t sig;
+ secp256k1_scalar_t sec, non, msg;
+ int ret = 0;
+ int overflow = 0;
+ unsigned int count = 0;
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
DEBUG_CHECK(msg32 != NULL);
DEBUG_CHECK(signature != NULL);
noncefp = secp256k1_nonce_function_default;
}
- secp256k1_scalar_t sec, non, msg;
secp256k1_scalar_set_b32(&sec, seckey, NULL);
secp256k1_scalar_set_b32(&msg, msg32, NULL);
- int overflow = 0;
- int ret = 0;
- unsigned int count = 0;
- secp256k1_ecdsa_sig_t sig;
while (1) {
unsigned char nonce32[32];
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
}
int secp256k1_ecdsa_sign_compact(const unsigned char *msg32, unsigned char *sig64, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata, int *recid) {
+ secp256k1_ecdsa_sig_t sig;
+ secp256k1_scalar_t sec, non, msg;
+ int ret = 0;
+ int overflow = 0;
+ unsigned int count = 0;
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
DEBUG_CHECK(msg32 != NULL);
DEBUG_CHECK(sig64 != NULL);
noncefp = secp256k1_nonce_function_default;
}
- secp256k1_scalar_t sec, non, msg;
secp256k1_scalar_set_b32(&sec, seckey, NULL);
secp256k1_scalar_set_b32(&msg, msg32, NULL);
- int overflow = 0;
- int ret = 0;
- unsigned int count = 0;
- secp256k1_ecdsa_sig_t sig;
while (1) {
unsigned char nonce32[32];
ret = noncefp(nonce32, msg32, seckey, count, noncedata);
}
int secp256k1_ecdsa_recover_compact(const unsigned char *msg32, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) {
+ secp256k1_ge_t q;
+ secp256k1_ecdsa_sig_t sig;
+ secp256k1_scalar_t m;
+ int ret = 0;
+ int overflow = 0;
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(msg32 != NULL);
DEBUG_CHECK(sig64 != NULL);
DEBUG_CHECK(pubkeylen != NULL);
DEBUG_CHECK(recid >= 0 && recid <= 3);
- int ret = 0;
- secp256k1_scalar_t m;
- secp256k1_ecdsa_sig_t sig;
- int overflow = 0;
secp256k1_scalar_set_b32(&sig.r, sig64, &overflow);
if (overflow) {
return 0;
}
secp256k1_scalar_set_b32(&m, msg32, NULL);
- secp256k1_ge_t q;
if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) {
ret = secp256k1_eckey_pubkey_serialize(&q, pubkey, pubkeylen, compressed);
}
}
int secp256k1_ec_seckey_verify(const unsigned char *seckey) {
- DEBUG_CHECK(seckey != NULL);
-
secp256k1_scalar_t sec;
+ int ret;
int overflow;
+ DEBUG_CHECK(seckey != NULL);
+
secp256k1_scalar_set_b32(&sec, seckey, &overflow);
- int ret = !secp256k1_scalar_is_zero(&sec) && !overflow;
+ ret = !secp256k1_scalar_is_zero(&sec) && !overflow;
secp256k1_scalar_clear(&sec);
return ret;
}
int secp256k1_ec_pubkey_verify(const unsigned char *pubkey, int pubkeylen) {
+ secp256k1_ge_t q;
DEBUG_CHECK(pubkey != NULL);
- secp256k1_ge_t q;
return secp256k1_eckey_pubkey_parse(&q, pubkey, pubkeylen);
}
int secp256k1_ec_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) {
+ secp256k1_gej_t pj;
+ secp256k1_ge_t p;
+ secp256k1_scalar_t sec;
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(pubkeylen != NULL);
DEBUG_CHECK(seckey != NULL);
- secp256k1_scalar_t sec;
secp256k1_scalar_set_b32(&sec, seckey, NULL);
- secp256k1_gej_t pj;
secp256k1_ecmult_gen(&pj, &sec);
secp256k1_scalar_clear(&sec);
- secp256k1_ge_t p;
secp256k1_ge_set_gej(&p, &pj);
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, compressed);
}
int secp256k1_ec_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) {
+ secp256k1_ge_t p;
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(pubkeylen != NULL);
- secp256k1_ge_t p;
if (!secp256k1_eckey_pubkey_parse(&p, pubkey, *pubkeylen))
return 0;
return secp256k1_eckey_pubkey_serialize(&p, pubkey, pubkeylen, 0);
}
int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *tweak) {
+ secp256k1_scalar_t term;
+ secp256k1_scalar_t sec;
+ int ret;
+ int overflow = 0;
DEBUG_CHECK(seckey != NULL);
DEBUG_CHECK(tweak != NULL);
- secp256k1_scalar_t term;
- int overflow = 0;
secp256k1_scalar_set_b32(&term, tweak, &overflow);
- secp256k1_scalar_t sec;
secp256k1_scalar_set_b32(&sec, seckey, NULL);
- int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow;
+ ret = secp256k1_eckey_privkey_tweak_add(&sec, &term) && !overflow;
if (ret) {
secp256k1_scalar_get_b32(seckey, &sec);
}
}
int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
+ secp256k1_ge_t p;
+ secp256k1_scalar_t term;
+ int ret;
+ int overflow = 0;
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(tweak != NULL);
- secp256k1_scalar_t term;
- int overflow = 0;
secp256k1_scalar_set_b32(&term, tweak, &overflow);
if (overflow) {
return 0;
}
- secp256k1_ge_t p;
- int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
+ ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
if (ret) {
ret = secp256k1_eckey_pubkey_tweak_add(&p, &term);
}
}
int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *tweak) {
+ secp256k1_scalar_t factor;
+ secp256k1_scalar_t sec;
+ int ret;
+ int overflow = 0;
DEBUG_CHECK(seckey != NULL);
DEBUG_CHECK(tweak != NULL);
- secp256k1_scalar_t factor;
- int overflow = 0;
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
- secp256k1_scalar_t sec;
secp256k1_scalar_set_b32(&sec, seckey, NULL);
- int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow;
+ ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor) && !overflow;
if (ret) {
secp256k1_scalar_get_b32(seckey, &sec);
}
}
int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
+ secp256k1_ge_t p;
+ secp256k1_scalar_t factor;
+ int ret;
+ int overflow = 0;
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(tweak != NULL);
- secp256k1_scalar_t factor;
- int overflow = 0;
secp256k1_scalar_set_b32(&factor, tweak, &overflow);
if (overflow) {
return 0;
}
- secp256k1_ge_t p;
- int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
+ ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
if (ret) {
ret = secp256k1_eckey_pubkey_tweak_mul(&p, &factor);
}
}
int secp256k1_ec_privkey_export(const unsigned char *seckey, unsigned char *privkey, int *privkeylen, int compressed) {
+ secp256k1_scalar_t key;
+ int ret;
DEBUG_CHECK(seckey != NULL);
DEBUG_CHECK(privkey != NULL);
DEBUG_CHECK(privkeylen != NULL);
- secp256k1_scalar_t key;
secp256k1_scalar_set_b32(&key, seckey, NULL);
- int ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed);
+ ret = secp256k1_eckey_privkey_serialize(privkey, privkeylen, &key, compressed);
secp256k1_scalar_clear(&key);
return ret;
}
int secp256k1_ec_privkey_import(unsigned char *seckey, const unsigned char *privkey, int privkeylen) {
+ secp256k1_scalar_t key;
+ int ret;
DEBUG_CHECK(seckey != NULL);
DEBUG_CHECK(privkey != NULL);
- secp256k1_scalar_t key;
- int ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
+ ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
if (ret)
secp256k1_scalar_get_b32(seckey, &key);
secp256k1_scalar_clear(&key);
/* find random seed */
if (argc > 2) {
- seed = strtoull(argv[2], NULL, 0);
+ sscanf(argv[2], "%" I64uFORMAT, (unsigned long long*)&seed);
} else {
FILE *frand = fopen("/dev/urandom", "r");
if (!frand || !fread(&seed, sizeof(seed), 1, frand)) {
secp256k1_rand_seed(seed);
printf("test count = %i\n", count);
- printf("random seed = %llu\n", (unsigned long long)seed);
+ printf("random seed = %" I64uFORMAT "\n", (unsigned long long)seed);
/* initialize */
secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY);
# endif
#endif
+#if defined(_WIN32)
+# define I64FORMAT "I64d"
+# define I64uFORMAT "I64u"
+#else
+# define I64FORMAT "lld"
+# define I64uFORMAT "llu"
+#endif
+
#if defined(HAVE___INT128)
-typedef unsigned __int128 uint128_t;
+# if defined(__GNUC__)
+# define SECP256K1_GNUC_EXT __extension__
+# else
+# define SECP256K1_GNUC_EXT
+# endif
+SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
#endif
#endif
projects / secp256k1.git / commitdiff