schnorrsig: add algolen argument to nonce_function_hardened

This avoids having to remove trailing NUL bytes in the nonce function
2021-01-15 21:43:23 +00:00
parent df3bfa12c3
commit 442cee5baf
4 changed files with 67 additions and 59 deletions
--- a/include/secp256k1_schnorrsig.h
+++ b/include/secp256k1_schnorrsig.h
@@ -23,14 +23,15 @@ extern "C" {
 *
 *  Returns: 1 if a nonce was successfully generated. 0 will cause signing to
 *           return an error.
- *  Out:     nonce32:   pointer to a 32-byte array to be filled by the function.
- *  In:      msg32:     the 32-byte message hash being verified (will not be NULL)
- *           key32:     pointer to a 32-byte secret key (will not be NULL)
- *      xonly_pk32:     the 32-byte serialized xonly pubkey corresponding to key32
- *                      (will not be NULL)
- *           algo16:    pointer to a 16-byte array describing the signature
- *                      algorithm (will not be NULL).
- *           data:      Arbitrary data pointer that is passed through.
+ *  Out:  nonce32: pointer to a 32-byte array to be filled by the function
+ *  In:     msg32: the 32-byte message hash being verified (will not be NULL)
+ *          key32: pointer to a 32-byte secret key (will not be NULL)
+ *     xonly_pk32: the 32-byte serialized xonly pubkey corresponding to key32
+ *                 (will not be NULL)
+ *           algo: pointer to an array describing the signature
+ *                 algorithm (will not be NULL)
+ *        algolen: the length of the algo array
+ *           data: arbitrary data pointer that is passed through
 *
 *  Except for test cases, this function should compute some cryptographic hash of
 *  the message, the key, the pubkey, the algorithm description, and data.
@@ -40,7 +41,8 @@ typedef int (*secp256k1_nonce_function_hardened)(
    const unsigned char *msg32,
    const unsigned char *key32,
    const unsigned char *xonly_pk32,
-    const unsigned char *algo16,
+    const unsigned char *algo,
+    size_t algolen,
    void *data
 );

@@ -51,10 +53,10 @@ typedef int (*secp256k1_nonce_function_hardened)(
 *  If a data pointer is passed, it is assumed to be a pointer to 32 bytes of
 *  auxiliary random data as defined in BIP-340. If the data pointer is NULL,
 *  the nonce derivation procedure follows BIP-340 by setting the auxiliary
- *  random data to zero. The algo16 argument must be non-NULL, otherwise the
- *  function will fail and return 0. The hash will be tagged with algo16 after
- *  removing all terminating null bytes. Therefore, to create BIP-340 compliant
- *  signatures, algo16 must be set to "BIP0340/nonce\0\0\0"
+ *  random data to zero. The algo argument must be non-NULL, otherwise the
+ *  function will fail and return 0. The hash will be tagged with algo.
+ *  Therefore, to create BIP-340 compliant signatures, algo must be set to
+ *  "BIP0340/nonce" and algolen to 13.
 */
 SECP256K1_API extern const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340;