secp256k1-zkp/include/secp256k1_recovery.h

#ifndef SECP256K1_RECOVERY_H
#define SECP256K1_RECOVERY_H

#include "secp256k1.h"

#ifdef __cplusplus
extern "C" {
#endif

/** Opaque data structured that holds a parsed ECDSA signature,
 *  supporting pubkey recovery.
 *
 *  The exact representation of data inside is implementation defined and not
 *  guaranteed to be portable between different platforms or versions. It is
 *  however guaranteed to be 65 bytes in size, and can be safely copied/moved.
 *  If you need to convert to a format suitable for storage or transmission, use
 *  the secp256k1_ecdsa_signature_serialize_* and
 *  secp256k1_ecdsa_signature_parse_* functions.
 *
 *  Furthermore, it is guaranteed that identical signatures (including their
 *  recoverability) will have identical representation, so they can be
 *  memcmp'ed.
 */
typedef struct {
    unsigned char data[65];
} secp256k1_ecdsa_recoverable_signature;

/** Parse a compact ECDSA signature (64 bytes + recovery id).
 *
 *  Returns: 1 when the signature could be parsed, 0 otherwise
 *  Args: ctx:     a secp256k1 context object
 *  Out:  sig:     a pointer to a signature object
 *  In:   input64: a pointer to a 64-byte compact signature
 *        recid:   the recovery id (0, 1, 2 or 3)
 */
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(
    const secp256k1_context* ctx,
    secp256k1_ecdsa_recoverable_signature* sig,
    const unsigned char *input64,
    int recid
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Convert a recoverable signature into a normal signature.
 *
 *  Returns: 1
 *  Args: ctx:    a secp256k1 context object.
 *  Out:  sig:    a pointer to a normal signature.
 *  In:   sigin:  a pointer to a recoverable signature.
 */
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(
    const secp256k1_context* ctx,
    secp256k1_ecdsa_signature* sig,
    const secp256k1_ecdsa_recoverable_signature* sigin
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
 *
 *  Returns: 1
 *  Args: ctx:      a secp256k1 context object.
 *  Out:  output64: a pointer to a 64-byte array of the compact signature.
 *        recid:    a pointer to an integer to hold the recovery id.
 *  In:   sig:      a pointer to an initialized signature object.
 */
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(
    const secp256k1_context* ctx,
    unsigned char *output64,
    int *recid,
    const secp256k1_ecdsa_recoverable_signature* sig
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Create a recoverable ECDSA signature.
 *
 *  Returns: 1: signature created
 *           0: the nonce generation function failed, or the secret key was invalid.
 *  Args:    ctx:       pointer to a context object (not secp256k1_context_static).
 *  Out:     sig:       pointer to an array where the signature will be placed.
 *  In:      msghash32: the 32-byte message hash being signed.
 *           seckey:    pointer to a 32-byte secret key.
 *           noncefp:   pointer to a nonce generation function. If NULL,
 *                      secp256k1_nonce_function_default is used.
 *           ndata:     pointer to arbitrary data used by the nonce generation function
 *                      (can be NULL for secp256k1_nonce_function_default).
 */
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
    const secp256k1_context* ctx,
    secp256k1_ecdsa_recoverable_signature *sig,
    const unsigned char *msghash32,
    const unsigned char *seckey,
    secp256k1_nonce_function noncefp,
    const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Recover an ECDSA public key from a signature.
 *
 *  Returns: 1: public key successfully recovered (which guarantees a correct signature).
 *           0: otherwise.
 *  Args:    ctx:       pointer to a context object.
 *  Out:     pubkey:    pointer to the recovered public key.
 *  In:      sig:       pointer to initialized signature that supports pubkey recovery.
 *           msghash32: the 32-byte message hash assumed to be signed.
 */
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
    const secp256k1_context* ctx,
    secp256k1_pubkey *pubkey,
    const secp256k1_ecdsa_recoverable_signature *sig,
    const unsigned char *msghash32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

#ifdef __cplusplus
}
#endif

#endif /* SECP256K1_RECOVERY_H */
Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00			`#ifndef SECP256K1_RECOVERY_H`
			`#define SECP256K1_RECOVERY_H`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00
Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00			`#include "secp256k1.h"`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00
Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00			`#ifdef __cplusplus`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`extern "C" {`
Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00			`#endif`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00
			`/** Opaque data structured that holds a parsed ECDSA signature,`
			`* supporting pubkey recovery.`
			`*`
			`* The exact representation of data inside is implementation defined and not`
			`* guaranteed to be portable between different platforms or versions. It is`
			`* however guaranteed to be 65 bytes in size, and can be safely copied/moved.`
			`* If you need to convert to a format suitable for storage or transmission, use`
			`* the secp256k1_ecdsa_signature_serialize_* and`
Fix couple of typos in API comments 2015-09-30 17:23:13 +02:00			`* secp256k1_ecdsa_signature_parse_* functions.`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*`
Fix couple of typos in API comments 2015-09-30 17:23:13 +02:00			`* Furthermore, it is guaranteed that identical signatures (including their`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`* recoverability) will have identical representation, so they can be`
			`* memcmp'ed.`
			`*/`
			`typedef struct {`
			`unsigned char data[65];`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`} secp256k1_ecdsa_recoverable_signature;`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00
			`/** Parse a compact ECDSA signature (64 bytes + recovery id).`
			`*`
			`* Returns: 1 when the signature could be parsed, 0 otherwise`
[API BREAK] Change argument order to out/outin/in 2015-08-28 01:50:47 +02:00			`* Args: ctx: a secp256k1 context object`
			`* Out: sig: a pointer to a signature object`
			`* In: input64: a pointer to a 64-byte compact signature`
			`* recid: the recovery id (0, 1, 2 or 3)`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*/`
Use explicit symbol visibility. The use of static makes this somewhat redundant currently, though if we later have multiple compilation units it will be needed. This also sets the dllexport needed for shared libraries on win32. 2015-09-20 19:36:37 +00:00			`SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_context* ctx,`
			`secp256k1_ecdsa_recoverable_signature* sig,`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`const unsigned char *input64,`
			`int recid`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`

			`/** Convert a recoverable signature into a normal signature.`
			`*`
			`* Returns: 1`
Improve consistency for NULL arguments in the public interface 2020-07-30 12:25:59 +03:00			`* Args: ctx: a secp256k1 context object.`
			`* Out: sig: a pointer to a normal signature.`
			`* In: sigin: a pointer to a recoverable signature.`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*/`
Use explicit symbol visibility. The use of static makes this somewhat redundant currently, though if we later have multiple compilation units it will be needed. This also sets the dllexport needed for shared libraries on win32. 2015-09-20 19:36:37 +00:00			`SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_context* ctx,`
			`secp256k1_ecdsa_signature* sig,`
			`const secp256k1_ecdsa_recoverable_signature* sigin`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`

			`/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).`
			`*`
			`* Returns: 1`
Improve consistency for NULL arguments in the public interface 2020-07-30 12:25:59 +03:00			`* Args: ctx: a secp256k1 context object.`
			`* Out: output64: a pointer to a 64-byte array of the compact signature.`
			`* recid: a pointer to an integer to hold the recovery id.`
			`* In: sig: a pointer to an initialized signature object.`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*/`
Use explicit symbol visibility. The use of static makes this somewhat redundant currently, though if we later have multiple compilation units it will be needed. This also sets the dllexport needed for shared libraries on win32. 2015-09-20 19:36:37 +00:00			`SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_context* ctx,`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`unsigned char *output64,`
			`int *recid,`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_ecdsa_recoverable_signature* sig`
Rewrite ECDSA signature parsing code There are now 2 encoding formats supported: 64-byte "compact" and DER. The latter is strict: the data has to be exact DER, though the values inside don't need to be valid. 2015-09-28 17:40:21 +02:00			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00
			`/** Create a recoverable ECDSA signature.`
			`*`
			`* Returns: 1: signature created`
Rename private key to secret key in public API (with the exception of function names) 2019-12-17 17:10:11 +00:00			`* 0: the nonce generation function failed, or the secret key was invalid.`
docs: Get rid of "initialized for signing" terminology 2022-11-25 21:39:12 +01:00			`* Args: ctx: pointer to a context object (not secp256k1_context_static).`
Improve consistency for NULL arguments in the public interface 2020-07-30 12:25:59 +03:00			`* Out: sig: pointer to an array where the signature will be placed.`
			`* In: msghash32: the 32-byte message hash being signed.`
			`* seckey: pointer to a 32-byte secret key.`
			`* noncefp: pointer to a nonce generation function. If NULL,`
			`* secp256k1_nonce_function_default is used.`
			`* ndata: pointer to arbitrary data used by the nonce generation function`
			`* (can be NULL for secp256k1_nonce_function_default).`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*/`
Use explicit symbol visibility. The use of static makes this somewhat redundant currently, though if we later have multiple compilation units it will be needed. This also sets the dllexport needed for shared libraries on win32. 2015-09-20 19:36:37 +00:00			`SECP256K1_API int secp256k1_ecdsa_sign_recoverable(`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_context* ctx,`
			`secp256k1_ecdsa_recoverable_signature *sig,`
Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 2020-12-03 15:53:31 +00:00			`const unsigned char *msghash32,`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`const unsigned char *seckey,`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`secp256k1_nonce_function noncefp,`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`const void *ndata`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`

			`/** Recover an ECDSA public key from a signature.`
			`*`
			`* Returns: 1: public key successfully recovered (which guarantees a correct signature).`
			`* 0: otherwise.`
docs: Never require a verification context 2022-07-05 22:36:28 +02:00			`* Args: ctx: pointer to a context object.`
Improve consistency for NULL arguments in the public interface 2020-07-30 12:25:59 +03:00			`* Out: pubkey: pointer to the recovered public key.`
			`* In: sig: pointer to initialized signature that supports pubkey recovery.`
			`* msghash32: the 32-byte message hash assumed to be signed.`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`*/`
Use explicit symbol visibility. The use of static makes this somewhat redundant currently, though if we later have multiple compilation units it will be needed. This also sets the dllexport needed for shared libraries on win32. 2015-09-20 19:36:37 +00:00			`SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(`
Get rid of _t as it is POSIX reserved 2015-09-21 20:57:54 +02:00			`const secp256k1_context* ctx,`
			`secp256k1_pubkey *pubkey,`
			`const secp256k1_ecdsa_recoverable_signature *sig,`
Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 2020-12-03 15:53:31 +00:00			`const unsigned char *msghash32`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`

Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00			`#ifdef __cplusplus`
Move pubkey recovery code to separate module 2015-08-27 03:42:57 +02:00			`}`
			`#endif`
Fix header guards using reserved identifiers Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard. The only header guards not fixed are those in the headers auto-generated from java. 2017-08-26 18:44:21 +03:00
			`#endif /* SECP256K1_RECOVERY_H */`