compact_signature sign_compact(ec_secret secret, hash_digest hash,
ec_secret nonce)
{
init.init();
compact_signature out;
if (0 < secp256k1_ecdsa_sign_compact(hash.data(), hash.size(),
out.signature.data(), secret.data(), nonce.data(), &out.recid))
{
return out;
}
// Error case:
return compact_signature{{{0}}, 0};
}
bool secret_to_public(const secp256k1_context* context, byte_array<Size>& out,
const ec_secret& secret)
{
secp256k1_pubkey pubkey;
return secp256k1_ec_pubkey_create(context, &pubkey, secret.data()) == 1 &&
serialize(context, out, pubkey);
}
endorsement sign(ec_secret secret, hash_digest hash, ec_secret nonce)
{
init.init();
int out_size = max_endorsement_size;
endorsement signature(out_size);
if (0 < secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(),
&out_size, secret.data(), nonce.data()))
{
signature.resize(out_size);
return signature;
}
// Error case:
return endorsement();
}
data_chunk sign(ec_secret secret, hash_digest hash, ec_secret nonce)
{
std::reverse(hash.begin(), hash.end());
init.init();
int out_size = 72;
data_chunk signature(out_size);
if (!verify_private_key(nonce)) // Needed because of upstream bug
return data_chunk();
bool valid = secp256k1_ecdsa_sign(hash.data(), hash.size(),
signature.data(), &out_size, secret.data(), nonce.data()) == 1;
if (!valid)
return data_chunk();
signature.resize(out_size);
return signature;
}
bool ec_multiply(const secp256k1_context* context, byte_array<Size>& in_out,
const ec_secret& secret)
{
secp256k1_pubkey pubkey;
return parse(context, pubkey, in_out) &&
secp256k1_ec_pubkey_tweak_mul(context, &pubkey, secret.data()) == 1 &&
serialize(context, in_out, pubkey);
}
bool sign(ec_signature& out, const ec_secret& secret, const hash_digest& hash)
{
secp256k1_ecdsa_signature signature;
const auto context = signing.context();
if (secp256k1_ecdsa_sign(context, &signature, hash.data(), secret.data(),
secp256k1_nonce_function_rfc6979, nullptr) != 1)
return false;
std::copy_n(std::begin(signature.data), out.size(), out.begin());
return true;
}
ec_point secret_to_public_key(const ec_secret& secret, bool compressed)
{
init.init();
size_t size = ec_uncompressed_size;
if (compressed)
size = ec_compressed_size;
ec_point out(size);
int out_size;
if (!secp256k1_ec_pubkey_create(init.getContext(), out.data(), &out_size, secret.data(),
compressed))
return ec_point();
assert(size == static_cast<size_t>(out_size));
return out;
}
compact_signature sign_compact(ec_secret secret, hash_digest hash)
{
init.init();
compact_signature out;
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign_compact(hash.data(), hash.size(),
out.signature.data(), secret.data(), nonce.data(), &out.recid) <= 0);
return out;
}
ec_point secret_to_public_key(const ec_secret& secret,
bool compressed)
{
init.init();
size_t public_key_size = ec_uncompressed_size;
if (compressed)
public_key_size = ec_compressed_size;
ec_point out(public_key_size);
int out_size;
if (!secp256k1_ec_pubkey_create(out.data(), &out_size, secret.data(),
compressed))
return ec_point();
BITCOIN_ASSERT(public_key_size == static_cast<size_t>(out_size));
return out;
}
bool sign_recoverable(recoverable_signature& out, const ec_secret& secret,
const hash_digest& hash)
{
int recovery_id;
const auto context = signing.context();
secp256k1_ecdsa_recoverable_signature signature;
const auto result =
secp256k1_ecdsa_sign_recoverable(context, &signature, hash.data(),
secret.data(), secp256k1_nonce_function_rfc6979, nullptr) == 1 &&
secp256k1_ecdsa_recoverable_signature_serialize_compact(context,
out.signature.data(), &recovery_id, &signature) == 1;
BITCOIN_ASSERT(recovery_id >= 0 && recovery_id <= 3);
out.recovery_id = static_cast<uint8_t>(recovery_id);
return result;
}
endorsement sign(ec_secret secret, hash_digest hash)
{
init.init();
int out_size = max_endorsement_size;
endorsement signature(out_size);
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(),
&out_size, secret.data(), nonce.data()) <= 0);
signature.resize(out_size);
return signature;
}
bool ec_tweak_add(ec_point& a, const ec_secret& b)
{
init.init();
return secp256k1_ecdsa_pubkey_tweak_add(a.data(), a.size(), b.data()) == 1;
}
bool ec_tweak_add(ec_point& a, const ec_secret& b)
{
init.init();
return secp256k1_ec_pubkey_tweak_add(init.getContext(), a.data(), a.size(), b.data());
}
bool ec_multiply(ec_secret& a, const ec_secret& b)
{
init.init();
return secp256k1_ecdsa_privkey_tweak_mul(a.data(), b.data()) == 1;
}
bool ec_multiply(ec_point& a, const ec_secret& b)
{
init.init();
return secp256k1_ec_pubkey_tweak_mul(a.data(), a.size(), b.data()) == 1;
}
bool ec_add(ec_secret& a, const ec_secret& b)
{
init.init();
return secp256k1_ec_privkey_tweak_add(a.data(), b.data()) == 1;
}
bool verify(const ec_secret& secret)
{
const auto context = verification.context();
return secp256k1_ec_seckey_verify(context, secret.data()) == 1;
}
bool verify_private_key(const ec_secret& private_key)
{
init.init();
return secp256k1_ecdsa_seckey_verify(private_key.data()) == 1;
}
bool ec_multiply(ec_secret& left, const ec_secret& right)
{
const auto context = verification.context();
return secp256k1_ec_privkey_tweak_mul(context, left.data(),
right.data()) == 1;
}
