int secp256k1_ecdsa_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
int ret = 1;
secp256k1_num_t term;
secp256k1_num_init(&term);
secp256k1_num_set_bin(&term, tweak, 32);
if (secp256k1_num_cmp(&term, &secp256k1_ge_consts->order) >= 0)
ret = 0;
secp256k1_ge_t p;
if (ret) {
if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, pubkeylen))
ret = 0;
}
if (ret) {
secp256k1_gej_t pt;
secp256k1_ecmult_gen(&pt, &term);
secp256k1_gej_add_ge(&pt, &pt, &p);
if (secp256k1_gej_is_infinity(&pt))
ret = 0;
secp256k1_ge_set_gej(&p, &pt);
int oldlen = pubkeylen;
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, &pubkeylen, oldlen <= 33);
assert(pubkeylen == oldlen);
}
secp256k1_num_free(&term);
return ret;
}
int secp256k1_ecdsa_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
int ret = 1;
secp256k1_num_t factor;
secp256k1_num_init(&factor);
secp256k1_num_set_bin(&factor, tweak, 32);
if (secp256k1_num_is_zero(&factor))
ret = 0;
if (secp256k1_num_cmp(&factor, &secp256k1_ge_consts->order) >= 0)
ret = 0;
secp256k1_ge_t p;
if (ret) {
if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, pubkeylen))
ret = 0;
}
if (ret) {
secp256k1_num_t zero;
secp256k1_num_init(&zero);
secp256k1_num_set_int(&zero, 0);
secp256k1_gej_t pt;
secp256k1_gej_set_ge(&pt, &p);
secp256k1_ecmult(&pt, &pt, &factor, &zero);
secp256k1_num_free(&zero);
secp256k1_ge_set_gej(&p, &pt);
int oldlen = pubkeylen;
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, &pubkeylen, oldlen <= 33);
assert(pubkeylen == oldlen);
}
secp256k1_num_free(&factor);
return ret;
}
int secp256k1_ecdsa_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const unsigned char *tweak) {
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(tweak != NULL);
int ret = 1;
secp256k1_num_t term;
secp256k1_num_init(&term);
secp256k1_num_set_bin(&term, tweak, 32);
if (secp256k1_num_cmp(&term, &secp256k1_ge_consts->order) >= 0)
ret = 0;
secp256k1_ge_t p;
if (ret) {
if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, pubkeylen))
ret = 0;
}
if (ret) {
secp256k1_gej_t pt;
secp256k1_gej_set_ge(&pt, &p);
secp256k1_num_t one;
secp256k1_num_init(&one);
secp256k1_num_set_int(&one, 1);
secp256k1_ecmult(&pt, &pt, &one, &term);
secp256k1_num_free(&one);
if (secp256k1_gej_is_infinity(&pt))
ret = 0;
secp256k1_ge_set_gej(&p, &pt);
int oldlen = pubkeylen;
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, &pubkeylen, oldlen <= 33);
VERIFY_CHECK(pubkeylen == oldlen);
}
secp256k1_num_free(&term);
return ret;
}
int secp256k1_ecdsa_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) {
secp256k1_ge_t p;
if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, *pubkeylen))
return 0;
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, pubkeylen, 0);
return 1;
}
int secp256k1_ecdsa_recover_compact(const unsigned char *msg, int msglen, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) {
DEBUG_CHECK(secp256k1_ecmult_consts != NULL);
DEBUG_CHECK(msg != NULL);
DEBUG_CHECK(msglen <= 32);
DEBUG_CHECK(sig64 != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(pubkeylen != NULL);
DEBUG_CHECK(recid >= 0 && recid <= 3);
int ret = 0;
secp256k1_num_t m;
secp256k1_num_init(&m);
secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig);
secp256k1_num_set_bin(&sig.r, sig64, 32);
secp256k1_num_set_bin(&sig.s, sig64 + 32, 32);
secp256k1_num_set_bin(&m, msg, msglen);
secp256k1_ge_t q;
if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) {
secp256k1_ecdsa_pubkey_serialize(&q, pubkey, pubkeylen, compressed);
ret = 1;
}
secp256k1_ecdsa_sig_free(&sig);
secp256k1_num_free(&m);
return ret;
}
int secp256k1_ecdsa_pubkey_compress(unsigned char *pubkey, int *pubkeylen) {
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(pubkeylen != NULL);
secp256k1_ge_t p;
if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, *pubkeylen))
return 0;
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, pubkeylen, 1);
return 1;
}
int secp256k1_ecdsa_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) {
secp256k1_num_t sec;
secp256k1_num_init(&sec);
secp256k1_num_set_bin(&sec, seckey, 32);
secp256k1_gej_t pj;
secp256k1_ecmult_gen(&pj, &sec);
secp256k1_ge_t p;
secp256k1_ge_set_gej(&p, &pj);
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, pubkeylen, compressed);
return 1;
}
int secp256k1_ecdsa_pubkey_create(unsigned char *pubkey, int *pubkeylen, const unsigned char *seckey, int compressed) {
DEBUG_CHECK(secp256k1_ecmult_gen_consts != NULL);
DEBUG_CHECK(pubkey != NULL);
DEBUG_CHECK(pubkeylen != NULL);
DEBUG_CHECK(seckey != NULL);
secp256k1_num_t sec;
secp256k1_num_init(&sec);
secp256k1_num_set_bin(&sec, seckey, 32);
secp256k1_gej_t pj;
secp256k1_ecmult_gen(&pj, &sec);
secp256k1_num_clear(&sec);
secp256k1_num_free(&sec);
secp256k1_ge_t p;
secp256k1_ge_set_gej(&p, &pj);
secp256k1_ecdsa_pubkey_serialize(&p, pubkey, pubkeylen, compressed);
return 1;
}
int secp256k1_ecdsa_recover_compact(const unsigned char *msg, int msglen, const unsigned char *sig64, unsigned char *pubkey, int *pubkeylen, int compressed, int recid) {
int ret = 0;
secp256k1_num_t m;
secp256k1_num_init(&m);
secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig);
secp256k1_num_set_bin(&sig.r, sig64, 32);
secp256k1_num_set_bin(&sig.s, sig64 + 32, 32);
secp256k1_num_set_bin(&m, msg, msglen);
secp256k1_ge_t q;
if (secp256k1_ecdsa_sig_recover(&sig, &q, &m, recid)) {
secp256k1_ecdsa_pubkey_serialize(&q, pubkey, pubkeylen, compressed);
ret = 1;
}
secp256k1_ecdsa_sig_free(&sig);
secp256k1_num_free(&m);
return ret;
}
