int secp256k1_ecdsa_sign(const unsigned char *message, int messagelen, unsigned char *signature, int *signaturelen, const unsigned char *seckey, const unsigned char *nonce) { secp256k1_num_t sec, non, msg; secp256k1_num_init(&sec); secp256k1_num_init(&non); secp256k1_num_init(&msg); secp256k1_num_set_bin(&sec, seckey, 32); secp256k1_num_set_bin(&non, nonce, 32); secp256k1_num_set_bin(&msg, message, messagelen); int ret = !secp256k1_num_is_zero(&non) && (secp256k1_num_cmp(&non, &secp256k1_ge_consts->order) < 0); secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_init(&sig); if (ret) { ret = secp256k1_ecdsa_sig_sign(&sig, &sec, &msg, &non, NULL); } if (ret) { secp256k1_ecdsa_sig_serialize(signature, signaturelen, &sig); } secp256k1_ecdsa_sig_free(&sig); secp256k1_num_clear(&msg); secp256k1_num_clear(&non); secp256k1_num_clear(&sec); secp256k1_num_free(&msg); secp256k1_num_free(&non); secp256k1_num_free(&sec); return ret; }
void test_ecdsa_openssl(void) { secp256k1_scalar_t key, msg; unsigned char message[32]; secp256k1_rand256_test(message); secp256k1_scalar_set_b32(&msg, message, NULL); random_scalar_order_test(&key); secp256k1_gej_t qj; secp256k1_ecmult_gen(&qj, &key); secp256k1_ge_t q; secp256k1_ge_set_gej(&q, &qj); EC_KEY *ec_key = get_openssl_key(&key); CHECK(ec_key); unsigned char signature[80]; unsigned int sigsize = 80; CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); secp256k1_ecdsa_sig_t sig; CHECK(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize)); CHECK(secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); secp256k1_scalar_t one; secp256k1_scalar_set_int(&one, 1); secp256k1_scalar_t msg2; secp256k1_scalar_add(&msg2, &msg, &one); CHECK(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg2)); random_sign(&sig, &key, &msg, NULL); int secp_sigsize = 80; CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sig)); CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); EC_KEY_free(ec_key); }
Blob Sec256Signature::Serialize() const { uint8_t buf[100]; size_t size = sizeof buf; if (!secp256k1_ecdsa_sig_serialize(buf, &size, &m_r, &m_s)) Throw(errc::invalid_argument); return Blob(buf, size); }
void test_ecdsa_openssl() { const secp256k1_ge_consts_t *c = secp256k1_ge_consts; secp256k1_num_t key, msg; secp256k1_num_init(&msg); unsigned char message[32]; secp256k1_rand256_test(message); secp256k1_num_set_bin(&msg, message, 32); secp256k1_num_init(&key); random_num_order_test(&key); secp256k1_gej_t qj; secp256k1_ecmult_gen(&qj, &key); secp256k1_ge_t q; secp256k1_ge_set_gej(&q, &qj); EC_KEY *ec_key = get_openssl_key(&key); assert(ec_key); unsigned char signature[80]; int sigsize = 80; assert(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_init(&sig); assert(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize)); assert(secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); secp256k1_num_inc(&sig.r); assert(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); random_sign(&sig, &key, &msg, NULL); sigsize = 80; assert(secp256k1_ecdsa_sig_serialize(signature, &sigsize, &sig)); assert(ECDSA_verify(0, message, sizeof(message), signature, sigsize, ec_key) == 1); secp256k1_ecdsa_sig_free(&sig); EC_KEY_free(ec_key); secp256k1_num_free(&key); secp256k1_num_free(&msg); }
int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig) { secp256k1_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output != NULL); ARG_CHECK(outputlen != NULL); ARG_CHECK(sig != NULL); secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); }
int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *msg32, unsigned char *signature, int *signaturelen, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) { secp256k1_ecdsa_sig_t sig; secp256k1_scalar_t sec, non, msg; int ret = 0; int overflow = 0; unsigned int count = 0; DEBUG_CHECK(ctx != NULL); DEBUG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); DEBUG_CHECK(msg32 != NULL); DEBUG_CHECK(signature != NULL); DEBUG_CHECK(signaturelen != NULL); DEBUG_CHECK(seckey != NULL); if (noncefp == NULL) { noncefp = secp256k1_nonce_function_default; } secp256k1_scalar_set_b32(&sec, seckey, &overflow); /* Fail if the secret key is invalid. */ if (!overflow && !secp256k1_scalar_is_zero(&sec)) { secp256k1_scalar_set_b32(&msg, msg32, NULL); while (1) { unsigned char nonce32[32]; ret = noncefp(nonce32, msg32, seckey, count, noncedata); if (!ret) { break; } secp256k1_scalar_set_b32(&non, nonce32, &overflow); memset(nonce32, 0, 32); if (!secp256k1_scalar_is_zero(&non) && !overflow) { if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &sig, &sec, &msg, &non, NULL)) { break; } } count++; } if (ret) { ret = secp256k1_ecdsa_sig_serialize(signature, signaturelen, &sig); } secp256k1_scalar_clear(&msg); secp256k1_scalar_clear(&non); secp256k1_scalar_clear(&sec); } if (!ret) { *signaturelen = 0; } return ret; }