frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add fixups from upstream schnorrsig PR

Browse Source 
f make helper functions static
f hash noncedata into nonce in nonce_function_bipschnorr
f expose nonce_function_bipschnorr
f fix undefined behavior when shifting an int 31 places
f add cplusplus ifdef to schnorrsig include file
f hash complete pubkey into batch seed
f chacha20 for bigendians
f add schnorrsig to travis
f show in configure if schnorrsig is enabled
This commit is contained in:
Jonas Nick
2019-02-11 19:06:11 +00:00
parent 6f3b0c05c2
commit cb8f059724
9 changed files with 58 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/modules/schnorrsig/main_impl.h
View File

@@ -240,7 +240,7 @@ static int secp256k1_schnorrsig_verify_batch_ecmult_callback(secp256k1_scalar *s
* pk: array of public keys, or NULL if there are no signatures
* n_sigs: number of signatures in above arrays (must be 0 if they are NULL)
*/
int secp256k1_schnorrsig_verify_batch_init_randomizer(const secp256k1_context *ctx, secp256k1_schnorrsig_verify_ecmult_context *ecmult_context, secp256k1_sha256 *sha, const secp256k1_schnorrsig *const *sig, const unsigned char *const *msg32, const secp256k1_pubkey *const *pk, size_t n_sigs) {
static int secp256k1_schnorrsig_verify_batch_init_randomizer(const secp256k1_context *ctx, secp256k1_schnorrsig_verify_ecmult_context *ecmult_context, secp256k1_sha256 *sha, const secp256k1_schnorrsig *const *sig, const unsigned char *const *msg32, const secp256k1_pubkey *const *pk, size_t n_sigs) {
size_t i;
if (n_sigs > 0) {
@@ -255,7 +255,7 @@ int secp256k1_schnorrsig_verify_batch_init_randomizer(const secp256k1_context *c
secp256k1_sha256_write(sha, sig[i]->data, 64);
secp256k1_sha256_write(sha, msg32[i], 32);
secp256k1_ec_pubkey_serialize(ctx, buf, &buflen, pk[i], SECP256K1_EC_COMPRESSED);
secp256k1_sha256_write(sha, buf, 32);
secp256k1_sha256_write(sha, buf, buflen);
}
ecmult_context->ctx = ctx;
ecmult_context->sig = sig;
@@ -276,7 +276,7 @@ int secp256k1_schnorrsig_verify_batch_init_randomizer(const secp256k1_context *c
* sig: array of signatures, or NULL if there are no signatures
* n_sigs: number of signatures in above array (must be 0 if they are NULL)
*/
int secp256k1_schnorrsig_verify_batch_sum_s(secp256k1_scalar *s, unsigned char *chacha_seed, const secp256k1_schnorrsig *const *sig, size_t n_sigs) {
static int secp256k1_schnorrsig_verify_batch_sum_s(secp256k1_scalar *s, unsigned char *chacha_seed, const secp256k1_schnorrsig *const *sig, size_t n_sigs) {
secp256k1_scalar randomizer_cache[2];
size_t i;
@@ -316,7 +316,7 @@ int secp256k1_schnorrsig_verify_batch(const secp256k1_context *ctx, secp256k1_sc
ARG_CHECK(n_sigs <= SIZE_MAX / 2);
/* Check that n_sigs is less than 2^31 to ensure the same behavior of this function on 32-bit
* and 64-bit platforms. */
ARG_CHECK(n_sigs < (size_t)(1 << 31));
ARG_CHECK(n_sigs < ((uint32_t)1 << 31));
secp256k1_sha256_initialize(&sha);
if (!secp256k1_schnorrsig_verify_batch_init_randomizer(ctx, &ecmult_context, &sha, sig, msg32, pk, n_sigs)) {

2
src/modules/schnorrsig/tests_impl.h
View File

@@ -119,7 +119,7 @@ void test_schnorrsig_api(secp256k1_scratch_space *scratch) {
CHECK(ecount == 5);
CHECK(secp256k1_schnorrsig_verify_batch(vrfy, scratch, &sigptr, &msgptr, &pkptr, (size_t)1 << (sizeof(size_t)*8-1)) == 0);
CHECK(ecount == 6);
CHECK(secp256k1_schnorrsig_verify_batch(vrfy, scratch, &sigptr, &msgptr, &pkptr, 1 << 31) == 0);
CHECK(secp256k1_schnorrsig_verify_batch(vrfy, scratch, &sigptr, &msgptr, &pkptr, (uint32_t)1 << 31) == 0);
CHECK(ecount == 7);
secp256k1_context_destroy(none);

19
src/scalar_4x64_impl.h
View File

@@ -965,9 +965,7 @@ SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r,
#ifdef WORDS_BIGENDIAN
#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#define BE32(p) (p)
#else
#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#define LE32(p) (p)
#endif
@@ -1026,14 +1024,14 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
x14 += 0;
x15 += over_count;
r1->d[3] = LE32((uint64_t) x0) << 32 | LE32(x1);
r1->d[2] = LE32((uint64_t) x2) << 32 | LE32(x3);
r1->d[1] = LE32((uint64_t) x4) << 32 | LE32(x5);
r1->d[0] = LE32((uint64_t) x6) << 32 | LE32(x7);
r2->d[3] = LE32((uint64_t) x8) << 32 | LE32(x9);
r2->d[2] = LE32((uint64_t) x10) << 32 | LE32(x11);
r2->d[1] = LE32((uint64_t) x12) << 32 | LE32(x13);
r2->d[0] = LE32((uint64_t) x14) << 32 | LE32(x15);
r1->d[3] = (((uint64_t) x0) << 32) | x1;
r1->d[2] = (((uint64_t) x2) << 32) | x3;
r1->d[1] = (((uint64_t) x4) << 32) | x5;
r1->d[0] = (((uint64_t) x6) << 32) | x7;
r2->d[3] = (((uint64_t) x8) << 32) | x9;
r2->d[2] = (((uint64_t) x10) << 32) | x11;
r2->d[1] = (((uint64_t) x12) << 32) | x13;
r2->d[0] = (((uint64_t) x14) << 32) | x15;
over1 = secp256k1_scalar_check_overflow(r1);
over2 = secp256k1_scalar_check_overflow(r2);
@@ -1043,7 +1041,6 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
#undef ROTL32
#undef QUARTERROUND
#undef BE32
#undef LE32
#endif /* SECP256K1_SCALAR_REPR_IMPL_H */

35
src/scalar_8x32_impl.h
View File

@@ -740,9 +740,7 @@ SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r,
#ifdef WORDS_BIGENDIAN
#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#define BE32(p) (p)
#else
#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#define LE32(p) (p)
#endif
@@ -801,22 +799,22 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
x14 += 0;
x15 += over_count;
r1->d[7] = LE32(x0);
r1->d[6] = LE32(x1);
r1->d[5] = LE32(x2);
r1->d[4] = LE32(x3);
r1->d[3] = LE32(x4);
r1->d[2] = LE32(x5);
r1->d[1] = LE32(x6);
r1->d[0] = LE32(x7);
r2->d[7] = LE32(x8);
r2->d[6] = LE32(x9);
r2->d[5] = LE32(x10);
r2->d[4] = LE32(x11);
r2->d[3] = LE32(x12);
r2->d[2] = LE32(x13);
r2->d[1] = LE32(x14);
r2->d[0] = LE32(x15);
r1->d[7] = x0;
r1->d[6] = x1;
r1->d[5] = x2;
r1->d[4] = x3;
r1->d[3] = x4;
r1->d[2] = x5;
r1->d[1] = x6;
r1->d[0] = x7;
r2->d[7] = x8;
r2->d[6] = x9;
r2->d[5] = x10;
r2->d[4] = x11;
r2->d[3] = x12;
r2->d[2] = x13;
r2->d[1] = x14;
r2->d[0] = x15;
over1 = secp256k1_scalar_check_overflow(r1);
over2 = secp256k1_scalar_check_overflow(r2);
@@ -826,7 +824,6 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
#undef ROTL32
#undef QUARTERROUND
#undef BE32
#undef LE32
#endif /* SECP256K1_SCALAR_REPR_IMPL_H */

7
src/secp256k1.c
View File

@@ -425,9 +425,8 @@ static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *off
/* This nonce function is described in BIP-schnorr
* (https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki) */
static int secp256k1_nonce_function_bipschnorr(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
static int nonce_function_bipschnorr(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
secp256k1_sha256 sha;
(void) data;
(void) counter;
VERIFY_CHECK(counter == 0);
@@ -440,6 +439,9 @@ static int secp256k1_nonce_function_bipschnorr(unsigned char *nonce32, const uns
if (algo16 != NULL) {
secp256k1_sha256_write(&sha, algo16, 16);
}
if (data != NULL) {
secp256k1_sha256_write(&sha, data, 32);
}
secp256k1_sha256_finalize(&sha, nonce32);
return 1;
}
@@ -474,6 +476,7 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m
return 1;
}
const secp256k1_nonce_function secp256k1_nonce_function_bipschnorr = nonce_function_bipschnorr;
const secp256k1_nonce_function secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979;
const secp256k1_nonce_function secp256k1_nonce_function_default = nonce_function_rfc6979;