|
|
|
|
@@ -145,21 +145,28 @@ typedef int (*secp256k1_nonce_function)(
|
|
|
|
|
# define SECP256K1_NO_BUILD
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/** At secp256k1 build-time DLL_EXPORT is defined when building objects destined
|
|
|
|
|
* for a shared library, but not for those intended for static libraries.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef SECP256K1_API
|
|
|
|
|
# if defined(_WIN32)
|
|
|
|
|
# if defined(SECP256K1_BUILD) && defined(DLL_EXPORT)
|
|
|
|
|
# define SECP256K1_API __declspec(dllexport)
|
|
|
|
|
# else
|
|
|
|
|
# define SECP256K1_API
|
|
|
|
|
/* Symbol visibility. See libtool manual, section "Windows DLLs". */
|
|
|
|
|
#if defined(_WIN32) && !defined(__GNUC__)
|
|
|
|
|
# ifdef SECP256K1_BUILD
|
|
|
|
|
# ifdef DLL_EXPORT
|
|
|
|
|
# define SECP256K1_API __declspec (dllexport)
|
|
|
|
|
# define SECP256K1_API_VAR extern __declspec (dllexport)
|
|
|
|
|
# endif
|
|
|
|
|
# elif defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
|
|
|
|
|
# define SECP256K1_API __attribute__ ((visibility ("default")))
|
|
|
|
|
# elif defined _MSC_VER
|
|
|
|
|
# define SECP256K1_API
|
|
|
|
|
# define SECP256K1_API_VAR extern __declspec (dllimport)
|
|
|
|
|
# elif defined DLL_EXPORT
|
|
|
|
|
# define SECP256K1_API __declspec (dllimport)
|
|
|
|
|
# define SECP256K1_API_VAR extern __declspec (dllimport)
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef SECP256K1_API
|
|
|
|
|
# if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
|
|
|
|
|
# define SECP256K1_API __attribute__ ((visibility ("default")))
|
|
|
|
|
# define SECP256K1_API_VAR extern __attribute__ ((visibility ("default")))
|
|
|
|
|
# else
|
|
|
|
|
# define SECP256K1_API
|
|
|
|
|
# define SECP256K1_API_VAR extern
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
@@ -231,10 +238,10 @@ typedef int (*secp256k1_nonce_function)(
|
|
|
|
|
*
|
|
|
|
|
* It is highly recommended to call secp256k1_selftest before using this context.
|
|
|
|
|
*/
|
|
|
|
|
SECP256K1_API extern const secp256k1_context *secp256k1_context_static;
|
|
|
|
|
SECP256K1_API_VAR const secp256k1_context *secp256k1_context_static;
|
|
|
|
|
|
|
|
|
|
/** Deprecated alias for secp256k1_context_static. */
|
|
|
|
|
SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp
|
|
|
|
|
SECP256K1_API_VAR const secp256k1_context *secp256k1_context_no_precomp
|
|
|
|
|
SECP256K1_DEPRECATED("Use secp256k1_context_static instead");
|
|
|
|
|
|
|
|
|
|
/** Perform basic self tests (to be used in conjunction with secp256k1_context_static)
|
|
|
|
|
@@ -291,8 +298,11 @@ SECP256K1_API secp256k1_context* secp256k1_context_create(
|
|
|
|
|
* called at most once for every call of this function. If you need to avoid dynamic
|
|
|
|
|
* memory allocation entirely, see the functions in secp256k1_preallocated.h.
|
|
|
|
|
*
|
|
|
|
|
* Cloning secp256k1_context_static is not possible, and should not be emulated by
|
|
|
|
|
* the caller (e.g., using memcpy). Create a new context instead.
|
|
|
|
|
*
|
|
|
|
|
* Returns: a newly created context object.
|
|
|
|
|
* Args: ctx: an existing context to copy
|
|
|
|
|
* Args: ctx: an existing context to copy (not secp256k1_context_static)
|
|
|
|
|
*/
|
|
|
|
|
SECP256K1_API secp256k1_context* secp256k1_context_clone(
|
|
|
|
|
const secp256k1_context* ctx
|
|
|
|
|
@@ -310,6 +320,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_clone(
|
|
|
|
|
*
|
|
|
|
|
* Args: ctx: an existing context to destroy, constructed using
|
|
|
|
|
* secp256k1_context_create or secp256k1_context_clone
|
|
|
|
|
* (i.e., not secp256k1_context_static).
|
|
|
|
|
*/
|
|
|
|
|
SECP256K1_API void secp256k1_context_destroy(
|
|
|
|
|
secp256k1_context* ctx
|
|
|
|
|
@@ -627,10 +638,10 @@ SECP256K1_API int secp256k1_ecdsa_signature_normalize(
|
|
|
|
|
* If a data pointer is passed, it is assumed to be a pointer to 32 bytes of
|
|
|
|
|
* extra entropy.
|
|
|
|
|
*/
|
|
|
|
|
SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979;
|
|
|
|
|
SECP256K1_API_VAR const secp256k1_nonce_function secp256k1_nonce_function_rfc6979;
|
|
|
|
|
|
|
|
|
|
/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */
|
|
|
|
|
SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default;
|
|
|
|
|
SECP256K1_API_VAR const secp256k1_nonce_function secp256k1_nonce_function_default;
|
|
|
|
|
|
|
|
|
|
/** Create an ECDSA signature.
|
|
|
|
|
*
|
|
|
|
|
@@ -820,10 +831,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
|
|
|
|
|
|
|
|
|
|
/** Randomizes the context to provide enhanced protection against side-channel leakage.
|
|
|
|
|
*
|
|
|
|
|
* Returns: 1: randomization successful (or called on copy of secp256k1_context_static)
|
|
|
|
|
* Returns: 1: randomization successful
|
|
|
|
|
* 0: error
|
|
|
|
|
* Args: ctx: pointer to a context object.
|
|
|
|
|
* In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)
|
|
|
|
|
* Args: ctx: pointer to a context object (not secp256k1_context_static).
|
|
|
|
|
* In: seed32: pointer to a 32-byte random seed (NULL resets to initial state).
|
|
|
|
|
*
|
|
|
|
|
* While secp256k1 code is written and tested to be constant-time no matter what
|
|
|
|
|
* secret values are, it is possible that a compiler may output code which is not,
|
|
|
|
|
@@ -838,21 +849,17 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
|
|
|
|
|
* functions that perform computations involving secret keys, e.g., signing and
|
|
|
|
|
* public key generation. It is possible to call this function more than once on
|
|
|
|
|
* the same context, and doing so before every few computations involving secret
|
|
|
|
|
* keys is recommended as a defense-in-depth measure.
|
|
|
|
|
* keys is recommended as a defense-in-depth measure. Randomization of the static
|
|
|
|
|
* context secp256k1_context_static is not supported.
|
|
|
|
|
*
|
|
|
|
|
* Currently, the random seed is mainly used for blinding multiplications of a
|
|
|
|
|
* secret scalar with the elliptic curve base point. Multiplications of this
|
|
|
|
|
* kind are performed by exactly those API functions which are documented to
|
|
|
|
|
* require a context that is not the secp256k1_context_static. As a rule of thumb,
|
|
|
|
|
* require a context that is not secp256k1_context_static. As a rule of thumb,
|
|
|
|
|
* these are all functions which take a secret key (or a keypair) as an input.
|
|
|
|
|
* A notable exception to that rule is the ECDH module, which relies on a different
|
|
|
|
|
* kind of elliptic curve point multiplication and thus does not benefit from
|
|
|
|
|
* enhanced protection against side-channel leakage currently.
|
|
|
|
|
*
|
|
|
|
|
* It is safe to call this function on a copy of secp256k1_context_static in writable
|
|
|
|
|
* memory (e.g., obtained via secp256k1_context_clone). In that case, this
|
|
|
|
|
* function is guaranteed to return 1, but the call will have no effect because
|
|
|
|
|
* the static context (or a copy thereof) is not meant to be randomized.
|
|
|
|
|
*/
|
|
|
|
|
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(
|
|
|
|
|
secp256k1_context* ctx,
|
|
|
|
|
|
Jonas Nick