From e5d9e088cffad70cae080eaf62e4b848aa2279c0 Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Mon, 21 Dec 2020 22:05:26 +0000 Subject: [PATCH 1/6] secp-sys: update scratch_impl.patch for upstream changes --- secp256k1-sys/depend/scratch_impl.h.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secp256k1-sys/depend/scratch_impl.h.patch b/secp256k1-sys/depend/scratch_impl.h.patch index b983ec14a..0afb47be1 100644 --- a/secp256k1-sys/depend/scratch_impl.h.patch +++ b/secp256k1-sys/depend/scratch_impl.h.patch @@ -15,7 +15,7 @@ < static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch) { < if (scratch != NULL) { < VERIFY_CHECK(scratch->alloc_size == 0); /* all checkpoints should be applied */ -< if (memcmp(scratch->magic, "scratch", 8) != 0) { +< if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { < secp256k1_callback_call(error_callback, "invalid scratch space"); < return; < } From a93d671d05234f00a53707a81f4e6af897ef6974 Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Tue, 29 Dec 2020 17:15:51 +0000 Subject: [PATCH 2/6] update libsecp to 98dac87839838b86094f1bccc71cc20e67b146cc --- secp256k1-sys/Cargo.toml | 2 +- .../depend/secp256k1-HEAD-revision.txt | 2 +- secp256k1-sys/depend/secp256k1/.travis.yml | 19 +- secp256k1-sys/depend/secp256k1/Makefile.am | 16 +- secp256k1-sys/depend/secp256k1/README.md | 4 +- .../build-aux/m4/ax_prog_cc_for_build.m4 | 2 +- .../secp256k1/build-aux/m4/bitcoin_secp.m4 | 27 +- secp256k1-sys/depend/secp256k1/configure.ac | 28 +- .../secp256k1/contrib/lax_der_parsing.c | 18 +- .../secp256k1/contrib/lax_der_parsing.h | 20 +- .../contrib/lax_der_privatekey_parsing.c | 24 +- .../contrib/lax_der_privatekey_parsing.h | 16 +- .../depend/secp256k1/contrib/travis.sh | 4 +- .../depend/secp256k1/include/secp256k1.h | 285 +- .../depend/secp256k1/include/secp256k1.h.orig | 305 +- .../depend/secp256k1/include/secp256k1_ecdh.h | 24 +- .../secp256k1/include/secp256k1_extrakeys.h | 98 +- .../include/secp256k1_preallocated.h | 54 +- .../secp256k1/include/secp256k1_recovery.h | 66 +- .../secp256k1/include/secp256k1_schnorrsig.h | 28 +- .../secp256k1/sage/gen_exhaustive_groups.sage | 11 +- .../sage/gen_split_lambda_constants.sage | 114 + .../depend/secp256k1/sage/group_prover.sage | 23 +- ....sage => prove_group_implementations.sage} | 50 +- .../secp256k1/sage/secp256k1_params.sage | 36 + .../secp256k1/sage/weierstrass_prover.sage | 32 +- .../secp256k1/src/asm/field_10x26_arm.s | 26 +- .../depend/secp256k1/src/assumptions.h | 12 +- .../depend/secp256k1/src/basic-config.h | 11 +- secp256k1-sys/depend/secp256k1/src/bench.h | 10 +- .../depend/secp256k1/src/bench_ecdh.c | 22 +- .../depend/secp256k1/src/bench_ecmult.c | 106 +- .../depend/secp256k1/src/bench_internal.c | 168 +- .../depend/secp256k1/src/bench_recover.c | 26 +- .../depend/secp256k1/src/bench_schnorrsig.c | 40 +- .../depend/secp256k1/src/bench_sign.c | 30 +- .../depend/secp256k1/src/bench_verify.c | 54 +- secp256k1-sys/depend/secp256k1/src/ecdsa.h | 18 +- .../depend/secp256k1/src/ecdsa_impl.h | 134 +- secp256k1-sys/depend/secp256k1/src/eckey.h | 22 +- .../depend/secp256k1/src/eckey_impl.h | 84 +- secp256k1-sys/depend/secp256k1/src/ecmult.h | 34 +- .../depend/secp256k1/src/ecmult_const.h | 12 +- .../depend/secp256k1/src/ecmult_const_impl.h | 148 +- .../depend/secp256k1/src/ecmult_gen.h | 32 +- .../depend/secp256k1/src/ecmult_gen_impl.h | 148 +- .../depend/secp256k1/src/ecmult_impl.h | 681 ++- secp256k1-sys/depend/secp256k1/src/field.h | 70 +- .../depend/secp256k1/src/field_10x26.h | 14 +- .../depend/secp256k1/src/field_10x26_impl.h | 106 +- .../depend/secp256k1/src/field_5x52.h | 14 +- .../secp256k1/src/field_5x52_asm_impl.h | 14 +- .../depend/secp256k1/src/field_5x52_impl.h | 98 +- .../secp256k1/src/field_5x52_int128_impl.h | 14 +- .../depend/secp256k1/src/field_impl.h | 224 +- .../depend/secp256k1/src/gen_context.c | 22 +- secp256k1-sys/depend/secp256k1/src/group.h | 98 +- .../depend/secp256k1/src/group_impl.h | 564 ++- secp256k1-sys/depend/secp256k1/src/hash.h | 36 +- .../depend/secp256k1/src/hash_impl.h | 132 +- .../src/modules/ecdh/Makefile.am.include | 2 +- .../secp256k1/src/modules/ecdh/main_impl.h | 56 +- .../secp256k1/src/modules/ecdh/tests_impl.h | 78 +- .../src/modules/extrakeys/Makefile.am.include | 2 +- .../src/modules/extrakeys/main_impl.h | 168 +- .../modules/extrakeys/tests_exhaustive_impl.h | 56 +- .../src/modules/extrakeys/tests_impl.h | 494 +-- .../src/modules/recovery/Makefile.am.include | 2 +- .../src/modules/recovery/main_impl.h | 132 +- .../modules/recovery/tests_exhaustive_impl.h | 90 +- .../src/modules/recovery/tests_impl.h | 282 +- .../modules/schnorrsig/Makefile.am.include | 2 +- .../src/modules/schnorrsig/main_impl.h | 172 +- .../schnorrsig/tests_exhaustive_impl.h | 76 +- .../src/modules/schnorrsig/tests_impl.h | 284 +- secp256k1-sys/depend/secp256k1/src/num.h | 42 +- secp256k1-sys/depend/secp256k1/src/num_gmp.h | 12 +- .../depend/secp256k1/src/num_gmp_impl.h | 94 +- secp256k1-sys/depend/secp256k1/src/num_impl.h | 10 +- secp256k1-sys/depend/secp256k1/src/scalar.h | 71 +- .../depend/secp256k1/src/scalar_4x64.h | 12 +- .../depend/secp256k1/src/scalar_4x64_impl.h | 100 +- .../depend/secp256k1/src/scalar_8x32.h | 12 +- .../depend/secp256k1/src/scalar_8x32_impl.h | 108 +- .../depend/secp256k1/src/scalar_impl.h | 483 ++- .../depend/secp256k1/src/scalar_low.h | 12 +- .../depend/secp256k1/src/scalar_low_impl.h | 58 +- secp256k1-sys/depend/secp256k1/src/scratch.h | 30 +- .../depend/secp256k1/src/scratch_impl.h | 36 +- .../depend/secp256k1/src/secp256k1.c | 530 +-- .../depend/secp256k1/src/secp256k1.c.orig | 560 +-- secp256k1-sys/depend/secp256k1/src/selftest.h | 26 +- secp256k1-sys/depend/secp256k1/src/testrand.h | 30 +- .../depend/secp256k1/src/testrand_impl.h | 78 +- secp256k1-sys/depend/secp256k1/src/tests.c | 3663 +++++++++-------- .../depend/secp256k1/src/tests_exhaustive.c | 252 +- secp256k1-sys/depend/secp256k1/src/util.h | 44 +- .../depend/secp256k1/src/util.h.orig | 52 +- .../secp256k1/src/valgrind_ctime_test.c | 66 +- secp256k1-sys/src/lib.rs | 100 +- secp256k1-sys/src/recovery.rs | 10 +- 101 files changed, 6614 insertions(+), 6305 deletions(-) create mode 100644 secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage rename secp256k1-sys/depend/secp256k1/sage/{secp256k1.sage => prove_group_implementations.sage} (76%) create mode 100644 secp256k1-sys/depend/secp256k1/sage/secp256k1_params.sage diff --git a/secp256k1-sys/Cargo.toml b/secp256k1-sys/Cargo.toml index 02aff6805..79e39e0ba 100644 --- a/secp256k1-sys/Cargo.toml +++ b/secp256k1-sys/Cargo.toml @@ -12,7 +12,7 @@ description = "FFI for Pieter Wuille's `libsecp256k1` library." keywords = [ "secp256k1", "libsecp256k1", "ffi" ] readme = "README.md" build = "build.rs" -links = "rustsecp256k1_v0_3_1" +links = "rustsecp256k1_v0_4_0" # Should make docs.rs show all functions, even those behind non-default features [package.metadata.docs.rs] diff --git a/secp256k1-sys/depend/secp256k1-HEAD-revision.txt b/secp256k1-sys/depend/secp256k1-HEAD-revision.txt index c5527056c..a092d1df6 100644 --- a/secp256k1-sys/depend/secp256k1-HEAD-revision.txt +++ b/secp256k1-sys/depend/secp256k1-HEAD-revision.txt @@ -1,2 +1,2 @@ # This file was automatically created by ./vendor-libsecp.sh -63150ab4da1ef13ebfb4396064e1ff501dbd015e +98dac87839838b86094f1bccc71cc20e67b146cc diff --git a/secp256k1-sys/depend/secp256k1/.travis.yml b/secp256k1-sys/depend/secp256k1/.travis.yml index 20b2253ba..91f1d41a2 100644 --- a/secp256k1-sys/depend/secp256k1/.travis.yml +++ b/secp256k1-sys/depend/secp256k1/.travis.yml @@ -17,33 +17,30 @@ compiler: - gcc env: global: - - WIDEMUL=auto BIGNUM=auto ENDOMORPHISM=no STATICPRECOMPUTATION=yes ECMULTGENPRECISION=auto ASM=no BUILD=check WITH_VALGRIND=yes RUN_VALGRIND=no EXTRAFLAGS= HOST= ECDH=no RECOVERY=no SCHNORRSIG=no EXPERIMENTAL=no CTIMETEST=yes BENCH=yes ITERS=2 + - WIDEMUL=auto BIGNUM=auto STATICPRECOMPUTATION=yes ECMULTGENPRECISION=auto ASM=no BUILD=check WITH_VALGRIND=yes RUN_VALGRIND=no EXTRAFLAGS= HOST= ECDH=no RECOVERY=no SCHNORRSIG=no EXPERIMENTAL=no CTIMETEST=yes BENCH=yes ITERS=2 matrix: - WIDEMUL=int64 RECOVERY=yes - WIDEMUL=int64 ECDH=yes EXPERIMENTAL=yes SCHNORRSIG=yes - - WIDEMUL=int64 ENDOMORPHISM=yes - WIDEMUL=int128 - WIDEMUL=int128 RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes - - WIDEMUL=int128 ENDOMORPHISM=yes - - WIDEMUL=int128 ENDOMORPHISM=yes ECDH=yes EXPERIMENTAL=yes SCHNORRSIG=yes + - WIDEMUL=int128 ECDH=yes EXPERIMENTAL=yes SCHNORRSIG=yes - WIDEMUL=int128 ASM=x86_64 - - WIDEMUL=int128 ENDOMORPHISM=yes ASM=x86_64 - BIGNUM=no - - BIGNUM=no ENDOMORPHISM=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes + - BIGNUM=no RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes - BIGNUM=no STATICPRECOMPUTATION=no - BUILD=distcheck WITH_VALGRIND=no CTIMETEST=no BENCH=no - CPPFLAGS=-DDETERMINISTIC - CFLAGS=-O0 CTIMETEST=no + - CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" BIGNUM=no ASM=x86_64 ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes CTIMETEST=no - ECMULTGENPRECISION=2 - ECMULTGENPRECISION=8 - - RUN_VALGRIND=yes ENDOMORPHISM=yes BIGNUM=no ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes EXTRAFLAGS="--disable-openssl-tests" BUILD= - - RUN_VALGRIND=yes BIGNUM=no ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes EXTRAFLAGS="--disable-openssl-tests" BUILD= + - RUN_VALGRIND=yes BIGNUM=no ASM=x86_64 ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes EXTRAFLAGS="--disable-openssl-tests" BUILD= matrix: fast_finish: true include: - compiler: clang os: linux - env: HOST=i686-linux-gnu ENDOMORPHISM=yes + env: HOST=i686-linux-gnu addons: apt: packages: @@ -63,7 +60,7 @@ matrix: - libtool-bin - libc6-dbg:i386 - compiler: gcc - env: HOST=i686-linux-gnu ENDOMORPHISM=yes + env: HOST=i686-linux-gnu os: linux addons: apt: @@ -85,7 +82,7 @@ matrix: - libc6-dbg:i386 # S390x build (big endian system) - compiler: gcc - env: HOST=s390x-unknown-linux-gnu ECDH=yes RECOVERY=yes EXPERIMENTAL=yes CTIMETEST= + env: HOST=s390x-unknown-linux-gnu ECDH=yes RECOVERY=yes EXPERIMENTAL=yes SCHNORRSIG=yes CTIMETEST= arch: s390x # We use this to install macOS dependencies instead of the built in `homebrew` plugin, diff --git a/secp256k1-sys/depend/secp256k1/Makefile.am b/secp256k1-sys/depend/secp256k1/Makefile.am index 4a4eda0bf..774f51d3f 100644 --- a/secp256k1-sys/depend/secp256k1/Makefile.am +++ b/secp256k1-sys/depend/secp256k1/Makefile.am @@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I build-aux/m4 lib_LTLIBRARIES = libsecp256k1.la include_HEADERS = include/secp256k1.h -include_HEADERS += include/rustsecp256k1_v0_3_1_preallocated.h +include_HEADERS += include/rustsecp256k1_v0_4_0_preallocated.h noinst_HEADERS = noinst_HEADERS += src/scalar.h noinst_HEADERS += src/scalar_4x64.h @@ -52,7 +52,7 @@ noinst_HEADERS += contrib/lax_der_privatekey_parsing.h noinst_HEADERS += contrib/lax_der_privatekey_parsing.c if USE_EXTERNAL_ASM -COMMON_LIB = librustsecp256k1_v0_3_1_common.la +COMMON_LIB = librustsecp256k1_v0_4_0_common.la noinst_LTLIBRARIES = $(COMMON_LIB) else COMMON_LIB = @@ -63,16 +63,16 @@ pkgconfig_DATA = libsecp256k1.pc if USE_EXTERNAL_ASM if USE_ASM_ARM -librustsecp256k1_v0_3_1_common_la_SOURCES = src/asm/field_10x26_arm.s +librustsecp256k1_v0_4_0_common_la_SOURCES = src/asm/field_10x26_arm.s endif endif -librustsecp256k1_v0_3_1_la_SOURCES = src/secp256k1.c -librustsecp256k1_v0_3_1_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES) -librustsecp256k1_v0_3_1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) +librustsecp256k1_v0_4_0_la_SOURCES = src/secp256k1.c +librustsecp256k1_v0_4_0_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES) +librustsecp256k1_v0_4_0_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) if VALGRIND_ENABLED -librustsecp256k1_v0_3_1_la_CPPFLAGS += -DVALGRIND +librustsecp256k1_v0_4_0_la_CPPFLAGS += -DVALGRIND endif noinst_PROGRAMS = @@ -134,7 +134,7 @@ gen_%.o: src/gen_%.c src/libsecp256k1-config.h $(gen_context_BIN): $(gen_context_OBJECTS) $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@ -$(librustsecp256k1_v0_3_1_la_OBJECTS): src/ecmult_static_context.h +$(librustsecp256k1_v0_4_0_la_OBJECTS): src/ecmult_static_context.h $(tests_OBJECTS): src/ecmult_static_context.h $(bench_internal_OBJECTS): src/ecmult_static_context.h $(bench_ecmult_OBJECTS): src/ecmult_static_context.h diff --git a/secp256k1-sys/depend/secp256k1/README.md b/secp256k1-sys/depend/secp256k1/README.md index 434178b37..e07093723 100644 --- a/secp256k1-sys/depend/secp256k1/README.md +++ b/secp256k1-sys/depend/secp256k1/README.md @@ -16,7 +16,7 @@ Features: * Very efficient implementation. * Suitable for embedded systems. * Optional module for public key recovery. -* Optional module for ECDH key exchange (experimental). +* Optional module for ECDH key exchange. Experimental features have not received enough scrutiny to satisfy the standard of quality of this library but are made available for testing and review by the community. The APIs of these features should not be considered stable. @@ -48,7 +48,7 @@ Implementation details * Use wNAF notation for point multiplicands. * Use a much larger window for multiples of G, using precomputed multiples. * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously. - * Optionally (off by default) use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones. + * Use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones. * Point multiplication for signing * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions. * Intended to be completely free of timing sidechannels for secret-key operations (on reasonable hardware/toolchains) diff --git a/secp256k1-sys/depend/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 b/secp256k1-sys/depend/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 index 77fd346a7..7bcbf3200 100644 --- a/secp256k1-sys/depend/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 +++ b/secp256k1-sys/depend/secp256k1/build-aux/m4/ax_prog_cc_for_build.m4 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html +# https://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html # =========================================================================== # # SYNOPSIS diff --git a/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 b/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 index 57595f449..ece3d655e 100644 --- a/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 +++ b/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 @@ -36,16 +36,39 @@ if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then CPPFLAGS_TEMP="$CPPFLAGS" CPPFLAGS="$CRYPTO_CPPFLAGS $CPPFLAGS" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include #include #include #include ]],[[ - EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1); - ECDSA_sign(0, NULL, 0, NULL, NULL, eckey); + # if OPENSSL_VERSION_NUMBER < 0x10100000L + void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {(void)sig->r; (void)sig->s;} + # endif + + unsigned int zero = 0; + const unsigned char *zero_ptr = (unsigned char*)&zero; + EC_KEY_free(EC_KEY_new_by_curve_name(NID_secp256k1)); + EC_KEY *eckey = EC_KEY_new(); + EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1); + EC_KEY_set_group(eckey, group); + ECDSA_sign(0, NULL, 0, NULL, &zero, eckey); ECDSA_verify(0, NULL, 0, NULL, 0, eckey); + o2i_ECPublicKey(&eckey, &zero_ptr, 0); + d2i_ECPrivateKey(&eckey, &zero_ptr, 0); + EC_KEY_check_key(eckey); EC_KEY_free(eckey); + EC_GROUP_free(group); ECDSA_SIG *sig_openssl; sig_openssl = ECDSA_SIG_new(); + d2i_ECDSA_SIG(&sig_openssl, &zero_ptr, 0); + i2d_ECDSA_SIG(sig_openssl, NULL); + ECDSA_SIG_get0(sig_openssl, NULL, NULL); ECDSA_SIG_free(sig_openssl); + const BIGNUM *bignum = BN_value_one(); + BN_is_negative(bignum); + BN_num_bits(bignum); + if (sizeof(zero) >= BN_num_bytes(bignum)) { + BN_bn2bin(bignum, (unsigned char*)&zero); + } ]])],[has_openssl_ec=yes],[has_openssl_ec=no]) AC_MSG_RESULT([$has_openssl_ec]) CPPFLAGS="$CPPFLAGS_TEMP" diff --git a/secp256k1-sys/depend/secp256k1/configure.ac b/secp256k1-sys/depend/secp256k1/configure.ac index 68aef6b58..eb3b449be 100644 --- a/secp256k1-sys/depend/secp256k1/configure.ac +++ b/secp256k1-sys/depend/secp256k1/configure.ac @@ -116,18 +116,13 @@ AC_ARG_ENABLE(exhaustive_tests, [use_exhaustive_tests=$enableval], [use_exhaustive_tests=yes]) -AC_ARG_ENABLE(endomorphism, - AS_HELP_STRING([--enable-endomorphism],[enable endomorphism [default=no]]), - [use_endomorphism=$enableval], - [use_endomorphism=no]) - AC_ARG_ENABLE(ecmult_static_precomputation, AS_HELP_STRING([--enable-ecmult-static-precomputation],[enable precomputed ecmult table for signing [default=auto]]), [use_ecmult_static_precomputation=$enableval], [use_ecmult_static_precomputation=auto]) AC_ARG_ENABLE(module_ecdh, - AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation (experimental)]), + AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation]), [enable_module_ecdh=$enableval], [enable_module_ecdh=no]) @@ -164,8 +159,7 @@ AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto], AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto], [window size for ecmult precomputation for verification, specified as integer in range [2..24].] [Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.] -[The table will store 2^(SIZE-2) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.] -[If the endomorphism optimization is enabled, two tables of this size are used instead of only one.] +[The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.] ["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]] )], [req_ecmult_window=$withval], [req_ecmult_window=auto]) @@ -401,8 +395,8 @@ esac if test x"$use_tests" = x"yes"; then SECP_OPENSSL_CHECK - if test x"$has_openssl_ec" = x"yes"; then - if test x"$enable_openssl_tests" != x"no"; then + if test x"$enable_openssl_tests" != x"no" && test x"$has_openssl_ec" = x"yes"; then + enable_openssl_tests=yes AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available]) SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS $CRYPTO_CPPFLAGS" SECP_TEST_LIBS="$CRYPTO_LIBS" @@ -412,16 +406,17 @@ if test x"$use_tests" = x"yes"; then SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32" ;; esac - fi else if test x"$enable_openssl_tests" = x"yes"; then AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available]) fi + enable_openssl_tests=no fi else if test x"$enable_openssl_tests" = x"yes"; then AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled]) fi + enable_openssl_tests=no fi if test x"$set_bignum" = x"gmp"; then @@ -429,10 +424,6 @@ if test x"$set_bignum" = x"gmp"; then SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS" fi -if test x"$use_endomorphism" = x"yes"; then - AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization]) -fi - if test x"$set_precomp" = x"yes"; then AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table]) fi @@ -468,14 +459,10 @@ if test x"$enable_experimental" = x"yes"; then AC_MSG_NOTICE([******]) AC_MSG_NOTICE([WARNING: experimental build]) AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.]) - AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh]) AC_MSG_NOTICE([Building extrakeys module: $enable_module_extrakeys]) AC_MSG_NOTICE([Building schnorrsig module: $enable_module_schnorrsig]) AC_MSG_NOTICE([******]) else - if test x"$enable_module_ecdh" = x"yes"; then - AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.]) - fi if test x"$enable_module_extrakeys" = x"yes"; then AC_MSG_ERROR([extrakeys module is experimental. Use --enable-experimental to allow.]) fi @@ -514,10 +501,11 @@ AC_OUTPUT echo echo "Build Options:" -echo " with endomorphism = $use_endomorphism" echo " with ecmult precomp = $set_precomp" echo " with external callbacks = $use_external_default_callbacks" echo " with benchmarks = $use_benchmark" +echo " with tests = $use_tests" +echo " with openssl tests = $enable_openssl_tests" echo " with coverage = $enable_coverage" echo " module ecdh = $enable_module_ecdh" echo " module recovery = $enable_module_recovery" diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c index c870f599f..12f569a0b 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c @@ -1,15 +1,15 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include #include "lax_der_parsing.h" -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { size_t rpos, rlen, spos, slen; size_t pos = 0; size_t lenbyte; @@ -17,7 +17,7 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_3_ int overflow = 0; /* Hack to initialize sig with a correctly-parsed but invalid signature. */ - rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig); /* Sequence tag byte */ if (pos == inputlen || input[pos] != 0x30) { @@ -138,11 +138,11 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_3_ } if (!overflow) { - overflow = !rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + overflow = !rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig); } if (overflow) { memset(tmpsig, 0, 64); - rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig); } return 1; } diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h index 7cd50c91e..6e20e0d1c 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ /**** * Please do not link this file directly. It is not part of the libsecp256k1 @@ -26,8 +26,8 @@ * certain violations are easily supported. You may need to adapt it. * * Do not use this for new systems. Use well-defined DER or compact signatures - * instead if you have the choice (see rustsecp256k1_v0_3_1_ecdsa_signature_parse_der and - * rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact). + * instead if you have the choice (see rustsecp256k1_v0_4_0_ecdsa_signature_parse_der and + * rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact). * * The supported violations are: * - All numbers are parsed as nonnegative integers, even though X.609-0207 @@ -77,9 +77,9 @@ extern "C" { * encoded numbers are out of range, signature validation with it is * guaranteed to fail for every message and public key. */ -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der_lax( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c index 706464b59..710f55446 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c @@ -1,15 +1,15 @@ -/********************************************************************** - * Copyright (c) 2014, 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include #include "lax_der_privatekey_parsing.h" -int ec_privkey_import_der(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { +int ec_privkey_import_der(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { const unsigned char *end = privkey + privkeylen; int lenb = 0; int len = 0; @@ -46,17 +46,17 @@ int ec_privkey_import_der(const rustsecp256k1_v0_3_1_context* ctx, unsigned char return 0; } memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]); - if (!rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, out32)) { + if (!rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, out32)) { memset(out32, 0, 32); return 0; } return 1; } -int ec_privkey_export_der(const rustsecp256k1_v0_3_1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { - rustsecp256k1_v0_3_1_pubkey pubkey; +int ec_privkey_export_der(const rustsecp256k1_v0_4_0_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { + rustsecp256k1_v0_4_0_pubkey pubkey; size_t pubkeylen = 0; - if (!rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, key32)) { + if (!rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, key32)) { *privkeylen = 0; return 0; } @@ -80,7 +80,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_3_1_context *ctx, unsigned char memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); pubkeylen = 33; - rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); + rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); ptr += pubkeylen; *privkeylen = ptr - privkey; } else { @@ -105,7 +105,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_3_1_context *ctx, unsigned char memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); pubkeylen = 65; - rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); + rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); ptr += pubkeylen; *privkeylen = ptr - privkey; } diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h index 39fbda21e..671c62e13 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014, 2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014, 2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ /**** * Please do not link this file directly. It is not part of the libsecp256k1 @@ -52,10 +52,10 @@ extern "C" { * simple 32-byte private keys are sufficient. * * Note that this function does not guarantee correct DER output. It is - * guaranteed to be parsable by rustsecp256k1_v0_3_1_ec_privkey_import_der + * guaranteed to be parsable by rustsecp256k1_v0_4_0_ec_privkey_import_der */ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( - const rustsecp256k1_v0_3_1_context* ctx, + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *seckey, @@ -77,7 +77,7 @@ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( * key. */ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der( - const rustsecp256k1_v0_3_1_context* ctx, + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *privkey, size_t privkeylen diff --git a/secp256k1-sys/depend/secp256k1/contrib/travis.sh b/secp256k1-sys/depend/secp256k1/contrib/travis.sh index 5974c3648..ed9862398 100755 --- a/secp256k1-sys/depend/secp256k1/contrib/travis.sh +++ b/secp256k1-sys/depend/secp256k1/contrib/travis.sh @@ -13,7 +13,7 @@ then fi ./configure \ - --enable-experimental="$EXPERIMENTAL" --enable-endomorphism="$ENDOMORPHISM" \ + --enable-experimental="$EXPERIMENTAL" \ --with-test-override-wide-multiply="$WIDEMUL" --with-bignum="$BIGNUM" --with-asm="$ASM" \ --enable-ecmult-static-precomputation="$STATICPRECOMPUTATION" --with-ecmult-gen-precision="$ECMULTGENPRECISION" \ --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \ @@ -28,7 +28,7 @@ fi if [ "$RUN_VALGRIND" = "yes" ] then make -j2 - # the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (http://valgrind.org/docs/manual/manual-core.html) + # the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (https://www.valgrind.org/docs/manual/manual-core.html) valgrind --error-exitcode=42 ./tests 16 valgrind --error-exitcode=42 ./exhaustive_tests fi diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1.h b/secp256k1-sys/depend/secp256k1/include/secp256k1.h index f5bba8f57..107e3c7e3 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1.h @@ -35,13 +35,13 @@ extern "C" { * A constructed context can safely be used from multiple threads * simultaneously, but API calls that take a non-const pointer to a context * need exclusive access to it. In particular this is the case for - * rustsecp256k1_v0_3_1_context_destroy, rustsecp256k1_v0_3_1_context_preallocated_destroy, - * and rustsecp256k1_v0_3_1_context_randomize. + * rustsecp256k1_v0_4_0_context_destroy, rustsecp256k1_v0_4_0_context_preallocated_destroy, + * and rustsecp256k1_v0_4_0_context_randomize. * * Regarding randomization, either do it once at creation time (in which case * you do not need any locking for the other calls), or use a read-write lock. */ -typedef struct rustsecp256k1_v0_3_1_context_struct rustsecp256k1_v0_3_1_context; +typedef struct rustsecp256k1_v0_4_0_context_struct rustsecp256k1_v0_4_0_context; /** Opaque data structure that holds rewriteable "scratch space" * @@ -54,7 +54,7 @@ typedef struct rustsecp256k1_v0_3_1_context_struct rustsecp256k1_v0_3_1_context; * Unlike the context object, this cannot safely be shared between threads * without additional synchronization logic. */ -typedef struct rustsecp256k1_v0_3_1_scratch_space_struct rustsecp256k1_v0_3_1_scratch_space; +typedef struct rustsecp256k1_v0_4_0_scratch_space_struct rustsecp256k1_v0_4_0_scratch_space; /** Opaque data structure that holds a parsed and valid public key. * @@ -62,11 +62,11 @@ typedef struct rustsecp256k1_v0_3_1_scratch_space_struct rustsecp256k1_v0_3_1_sc * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use rustsecp256k1_v0_3_1_ec_pubkey_serialize and rustsecp256k1_v0_3_1_ec_pubkey_parse. + * comparison, use rustsecp256k1_v0_4_0_ec_pubkey_serialize and rustsecp256k1_v0_4_0_ec_pubkey_parse. */ typedef struct { unsigned char data[64]; -} rustsecp256k1_v0_3_1_pubkey; +} rustsecp256k1_v0_4_0_pubkey; /** Opaque data structured that holds a parsed ECDSA signature. * @@ -74,12 +74,12 @@ typedef struct { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use the rustsecp256k1_v0_3_1_ecdsa_signature_serialize_* and - * rustsecp256k1_v0_3_1_ecdsa_signature_parse_* functions. + * comparison, use the rustsecp256k1_v0_4_0_ecdsa_signature_serialize_* and + * rustsecp256k1_v0_4_0_ecdsa_signature_parse_* functions. */ typedef struct { unsigned char data[64]; -} rustsecp256k1_v0_3_1_ecdsa_signature; +} rustsecp256k1_v0_4_0_ecdsa_signature; /** A pointer to a function to deterministically generate a nonce. * @@ -97,7 +97,7 @@ typedef struct { * Except for test cases, this function should compute some cryptographic hash of * the message, the algorithm, the key and the attempt. */ -typedef int (*rustsecp256k1_v0_3_1_nonce_function)( +typedef int (*rustsecp256k1_v0_4_0_nonce_function)( unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, @@ -165,14 +165,14 @@ typedef int (*rustsecp256k1_v0_3_1_nonce_function)( #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10) #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) -/** Flags to pass to rustsecp256k1_v0_3_1_context_create, rustsecp256k1_v0_3_1_context_preallocated_size, and - * rustsecp256k1_v0_3_1_context_preallocated_create. */ +/** Flags to pass to rustsecp256k1_v0_4_0_context_create, rustsecp256k1_v0_4_0_context_preallocated_size, and + * rustsecp256k1_v0_4_0_context_preallocated_create. */ #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY) #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) -/** Flag to pass to rustsecp256k1_v0_3_1_ec_pubkey_serialize. */ +/** Flag to pass to rustsecp256k1_v0_4_0_ec_pubkey_serialize. */ #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) @@ -188,25 +188,25 @@ typedef int (*rustsecp256k1_v0_3_1_nonce_function)( * API consistency, but currently do not require expensive precomputations or dynamic * allocations. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_context_no_precomp; +SECP256K1_API extern const rustsecp256k1_v0_4_0_context *rustsecp256k1_v0_4_0_context_no_precomp; /** Create a secp256k1 context object (in dynamically allocated memory). * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in rustsecp256k1_v0_3_1_preallocated.h. + * memory allocation entirely, see the functions in rustsecp256k1_v0_4_0_preallocated.h. * * Returns: a newly created context object. * In: flags: which parts of the context to initialize. * - * See also rustsecp256k1_v0_3_1_context_randomize. + * See also rustsecp256k1_v0_4_0_context_randomize. */ /** Copy a secp256k1 context object (into dynamically allocated memory). * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in rustsecp256k1_v0_3_1_preallocated.h. + * memory allocation entirely, see the functions in rustsecp256k1_v0_4_0_preallocated.h. * * Returns: a newly created context object. * Args: ctx: an existing context to copy (cannot be NULL) @@ -216,14 +216,14 @@ SECP256K1_API extern const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_co * * The context pointer may not be used afterwards. * - * The context to destroy must have been created using rustsecp256k1_v0_3_1_context_create - * or rustsecp256k1_v0_3_1_context_clone. If the context has instead been created using - * rustsecp256k1_v0_3_1_context_preallocated_create or rustsecp256k1_v0_3_1_context_preallocated_clone, the - * behaviour is undefined. In that case, rustsecp256k1_v0_3_1_context_preallocated_destroy must + * The context to destroy must have been created using rustsecp256k1_v0_4_0_context_create + * or rustsecp256k1_v0_4_0_context_clone. If the context has instead been created using + * rustsecp256k1_v0_4_0_context_preallocated_create or rustsecp256k1_v0_4_0_context_preallocated_clone, the + * behaviour is undefined. In that case, rustsecp256k1_v0_4_0_context_preallocated_destroy must * be used instead. * * Args: ctx: an existing context to destroy, constructed using - * rustsecp256k1_v0_3_1_context_create or rustsecp256k1_v0_3_1_context_clone + * rustsecp256k1_v0_4_0_context_create or rustsecp256k1_v0_4_0_context_clone */ /** Set a callback function to be called when an illegal argument is passed to @@ -247,11 +247,11 @@ SECP256K1_API extern const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_co * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build * has been configured with --enable-external-default-callbacks. Then the * following two symbols must be provided to link against: - * - void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* message, void* data); - * - void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* message, void* data); + * - void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* message, void* data); + * - void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* message, void* data); * The library can call these default handlers even before a proper callback data - * pointer could have been set using rustsecp256k1_v0_3_1_context_set_illegal_callback or - * rustsecp256k1_v0_3_1_context_set_error_callback, e.g., when the creation of a context + * pointer could have been set using rustsecp256k1_v0_4_0_context_set_illegal_callback or + * rustsecp256k1_v0_4_0_context_set_error_callback, e.g., when the creation of a context * fails. In this case, the corresponding default handler will be called with * the data pointer argument set to NULL. * @@ -261,10 +261,10 @@ SECP256K1_API extern const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_co * (NULL restores the default handler.) * data: the opaque pointer to pass to fun above. * - * See also rustsecp256k1_v0_3_1_context_set_error_callback. + * See also rustsecp256k1_v0_4_0_context_set_error_callback. */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_set_illegal_callback( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API void rustsecp256k1_v0_4_0_context_set_illegal_callback( + rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data ) SECP256K1_ARG_NONNULL(1); @@ -275,21 +275,21 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_set_illegal_callback( * This can only trigger in case of a hardware failure, miscompilation, * memory corruption, serious bug in the library, or other error would can * otherwise result in undefined behaviour. It will not trigger due to mere - * incorrect usage of the API (see rustsecp256k1_v0_3_1_context_set_illegal_callback + * incorrect usage of the API (see rustsecp256k1_v0_4_0_context_set_illegal_callback * for that). After this callback returns, anything may happen, including * crashing. * * Args: ctx: an existing context object (cannot be NULL) * In: fun: a pointer to a function to call when an internal error occurs, * taking a message and an opaque pointer (NULL restores the - * default handler, see rustsecp256k1_v0_3_1_context_set_illegal_callback + * default handler, see rustsecp256k1_v0_4_0_context_set_illegal_callback * for details). * data: the opaque pointer to pass to fun above. * - * See also rustsecp256k1_v0_3_1_context_set_illegal_callback. + * See also rustsecp256k1_v0_4_0_context_set_illegal_callback. */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_set_error_callback( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API void rustsecp256k1_v0_4_0_context_set_error_callback( + rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data ) SECP256K1_ARG_NONNULL(1); @@ -323,9 +323,9 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_set_error_callback( * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header * byte 0x06 or 0x07) format public keys. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_parse( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey* pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_parse( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey* pubkey, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -340,16 +340,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_pa * In/Out: outputlen: a pointer to an integer which is initially set to the * size of output, and is overwritten with the written * size. - * In: pubkey: a pointer to a rustsecp256k1_v0_3_1_pubkey containing an + * In: pubkey: a pointer to a rustsecp256k1_v0_4_0_pubkey containing an * initialized public key. * flags: SECP256K1_EC_COMPRESSED if serialization should be in * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ec_pubkey_serialize( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ec_pubkey_serialize( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_3_1_pubkey* pubkey, + const rustsecp256k1_v0_4_0_pubkey* pubkey, unsigned int flags ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -368,9 +368,9 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ec_pubkey_serialize( * S are zero, the resulting sig value is guaranteed to fail validation for any * message and public key. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input64 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -389,9 +389,9 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact( * encoded numbers are out of range, signature validation with it is * guaranteed to fail for every message and public key. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -407,11 +407,11 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der( * if 0 was returned). * In: sig: a pointer to an initialized signature object */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_3_1_ecdsa_signature* sig + const rustsecp256k1_v0_4_0_ecdsa_signature* sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Serialize an ECDSA signature in compact (64 byte) format. @@ -421,12 +421,12 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der( * Out: output64: a pointer to a 64-byte array to store the compact serialization * In: sig: a pointer to an initialized signature object * - * See rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact for details about the encoding. + * See rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact for details about the encoding. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, - const rustsecp256k1_v0_3_1_ecdsa_signature* sig + const rustsecp256k1_v0_4_0_ecdsa_signature* sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Verify an ECDSA signature. @@ -435,23 +435,30 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact( * 0: incorrect or unparseable signature * Args: ctx: a secp256k1 context object, initialized for verification. * In: sig: the signature being verified (cannot be NULL) - * msg32: the 32-byte message hash being verified (cannot be NULL) + * msghash32: the 32-byte message hash being verified (cannot be NULL). + * The verifier must make sure to apply a cryptographic + * hash function to the message by itself and not accept an + * msghash32 value directly. Otherwise, it would be easy to + * create a "valid" signature without knowledge of the + * secret key. See also + * https://bitcoin.stackexchange.com/a/81116/35586 for more + * background on this topic. * pubkey: pointer to an initialized public key to verify with (cannot be NULL) * * To avoid accepting malleable signatures, only ECDSA signatures in lower-S * form are accepted. * * If you need to accept ECDSA signatures from sources that do not obey this - * rule, apply rustsecp256k1_v0_3_1_ecdsa_signature_normalize to the signature prior to + * rule, apply rustsecp256k1_v0_4_0_ecdsa_signature_normalize to the signature prior to * validation, but be aware that doing so results in malleable signatures. * * For details, see the comments for that function. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdsa_verify( - const rustsecp256k1_v0_3_1_context* ctx, - const rustsecp256k1_v0_3_1_ecdsa_signature *sig, - const unsigned char *msg32, - const rustsecp256k1_v0_3_1_pubkey *pubkey +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ecdsa_verify( + const rustsecp256k1_v0_4_0_context* ctx, + const rustsecp256k1_v0_4_0_ecdsa_signature *sig, + const unsigned char *msghash32, + const rustsecp256k1_v0_4_0_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Convert a signature to a normalized lower-S form. @@ -491,46 +498,46 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdsa_verify * accept various non-unique encodings, so care should be taken when this * property is required for an application. * - * The rustsecp256k1_v0_3_1_ecdsa_sign function will by default create signatures in the - * lower-S form, and rustsecp256k1_v0_3_1_ecdsa_verify will not accept others. In case + * The rustsecp256k1_v0_4_0_ecdsa_sign function will by default create signatures in the + * lower-S form, and rustsecp256k1_v0_4_0_ecdsa_verify will not accept others. In case * signatures come from a system that cannot enforce this property, - * rustsecp256k1_v0_3_1_ecdsa_signature_normalize must be called before verification. + * rustsecp256k1_v0_4_0_ecdsa_signature_normalize must be called before verification. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_normalize( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature *sigout, - const rustsecp256k1_v0_3_1_ecdsa_signature *sigin +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_normalize( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature *sigout, + const rustsecp256k1_v0_4_0_ecdsa_signature *sigin ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); /** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of * extra entropy. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_rfc6979; +SECP256K1_API extern const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_rfc6979; -/** A default safe nonce generation function (currently equal to rustsecp256k1_v0_3_1_nonce_function_rfc6979). */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_default; +/** A default safe nonce generation function (currently equal to rustsecp256k1_v0_4_0_nonce_function_rfc6979). */ +SECP256K1_API extern const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_default; /** Create an ECDSA signature. * * Returns: 1: signature created * 0: the nonce generation function failed, or the secret key was invalid. - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) - * In: msg32: the 32-byte message hash being signed (cannot be NULL) - * seckey: pointer to a 32-byte secret key (cannot be NULL) - * noncefp:pointer to a nonce generation function. If NULL, rustsecp256k1_v0_3_1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msghash32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp: pointer to a nonce generation function. If NULL, rustsecp256k1_v0_4_0_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) * * The created signature is always in lower-S form. See - * rustsecp256k1_v0_3_1_ecdsa_signature_normalize for more details. + * rustsecp256k1_v0_4_0_ecdsa_signature_normalize for more details. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature *sig, - const unsigned char *msg32, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_sign( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature *sig, + const unsigned char *msghash32, const unsigned char *seckey, - rustsecp256k1_v0_3_1_nonce_function noncefp, + rustsecp256k1_v0_4_0_nonce_function noncefp, const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -546,8 +553,8 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign( * Args: ctx: pointer to a context object (cannot be NULL) * In: seckey: pointer to a 32-byte secret key (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_verify( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_verify( + const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -559,32 +566,32 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_ve * Out: pubkey: pointer to the created public key (cannot be NULL) * In: seckey: pointer to a 32-byte secret key (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_create( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_create( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Negates a secret key in place. * * Returns: 0 if the given secret key is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify. 1 otherwise + * rustsecp256k1_v0_4_0_ec_seckey_verify. 1 otherwise * Args: ctx: pointer to a context object * In/Out: seckey: pointer to the 32-byte secret key to be negated. If the * secret key is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0 and + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0 and * seckey will be set to some unspecified value. (cannot be * NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_negate( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_negate( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_negate, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_negate, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_negate( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_negate( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -594,9 +601,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_n * Args: ctx: pointer to a context object * In/Out: pubkey: pointer to the public key to be negated (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_negate( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_negate( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); /** Tweak a secret key by adding tweak to it. @@ -606,26 +613,26 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_ne * otherwise. * Args: ctx: pointer to a context object (cannot be NULL). * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_3_1_ec_seckey_verify, this + * invalid according to rustsecp256k1_v0_4_0_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. (cannot be NULL) - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_tweak_add, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a public key by adding tweak times the generator to it. @@ -637,15 +644,15 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_t * (cannot be NULL). * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0 (cannot be NULL). - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const unsigned char *tweak +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a secret key by multiplying it by a tweak. @@ -653,26 +660,26 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tw * Returns: 0 if the arguments are invalid. 1 otherwise. * Args: ctx: pointer to a context object (cannot be NULL). * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_3_1_ec_seckey_verify, this + * invalid according to rustsecp256k1_v0_4_0_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. (cannot be NULL) - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a public key by multiplying it by a tweak value. @@ -682,15 +689,15 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_t * (cannot be NULL). * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0 (cannot be NULL). - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const unsigned char *tweak +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Updates the context randomization to protect against side-channel leakage. @@ -714,12 +721,12 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tw * guaranteed and may change in the future. It is safe to call this function on * contexts not initialized for signing; then it will have no effect and return 1. * - * You should call this after rustsecp256k1_v0_3_1_context_create or - * rustsecp256k1_v0_3_1_context_clone (and rustsecp256k1_v0_3_1_context_preallocated_create or - * rustsecp256k1_v0_3_1_context_clone, resp.), and you may call this repeatedly afterwards. + * You should call this after rustsecp256k1_v0_4_0_context_create or + * rustsecp256k1_v0_4_0_context_clone (and rustsecp256k1_v0_4_0_context_preallocated_create or + * rustsecp256k1_v0_4_0_context_clone, resp.), and you may call this repeatedly afterwards. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_context_randomize( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_context_randomize( + rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seed32 ) SECP256K1_ARG_NONNULL(1); @@ -733,10 +740,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_context_rand * In: ins: pointer to array of pointers to public keys (cannot be NULL) * n: the number of public keys to add together (must be at least 1) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_combine( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *out, - const rustsecp256k1_v0_3_1_pubkey * const * ins, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_combine( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *out, + const rustsecp256k1_v0_4_0_pubkey * const * ins, size_t n ) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1.h.orig b/secp256k1-sys/depend/secp256k1/include/secp256k1.h.orig index d6edb2c68..0d40f742d 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1.h.orig +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1.h.orig @@ -35,13 +35,13 @@ extern "C" { * A constructed context can safely be used from multiple threads * simultaneously, but API calls that take a non-const pointer to a context * need exclusive access to it. In particular this is the case for - * rustsecp256k1_v0_3_1_context_destroy, rustsecp256k1_v0_3_1_context_preallocated_destroy, - * and rustsecp256k1_v0_3_1_context_randomize. + * rustsecp256k1_v0_4_0_context_destroy, rustsecp256k1_v0_4_0_context_preallocated_destroy, + * and rustsecp256k1_v0_4_0_context_randomize. * * Regarding randomization, either do it once at creation time (in which case * you do not need any locking for the other calls), or use a read-write lock. */ -typedef struct rustsecp256k1_v0_3_1_context_struct rustsecp256k1_v0_3_1_context; +typedef struct rustsecp256k1_v0_4_0_context_struct rustsecp256k1_v0_4_0_context; /** Opaque data structure that holds rewriteable "scratch space" * @@ -54,7 +54,7 @@ typedef struct rustsecp256k1_v0_3_1_context_struct rustsecp256k1_v0_3_1_context; * Unlike the context object, this cannot safely be shared between threads * without additional synchronization logic. */ -typedef struct rustsecp256k1_v0_3_1_scratch_space_struct rustsecp256k1_v0_3_1_scratch_space; +typedef struct rustsecp256k1_v0_4_0_scratch_space_struct rustsecp256k1_v0_4_0_scratch_space; /** Opaque data structure that holds a parsed and valid public key. * @@ -62,11 +62,11 @@ typedef struct rustsecp256k1_v0_3_1_scratch_space_struct rustsecp256k1_v0_3_1_sc * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use rustsecp256k1_v0_3_1_ec_pubkey_serialize and rustsecp256k1_v0_3_1_ec_pubkey_parse. + * comparison, use rustsecp256k1_v0_4_0_ec_pubkey_serialize and rustsecp256k1_v0_4_0_ec_pubkey_parse. */ typedef struct { unsigned char data[64]; -} rustsecp256k1_v0_3_1_pubkey; +} rustsecp256k1_v0_4_0_pubkey; /** Opaque data structured that holds a parsed ECDSA signature. * @@ -74,12 +74,12 @@ typedef struct { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use the rustsecp256k1_v0_3_1_ecdsa_signature_serialize_* and - * rustsecp256k1_v0_3_1_ecdsa_signature_parse_* functions. + * comparison, use the rustsecp256k1_v0_4_0_ecdsa_signature_serialize_* and + * rustsecp256k1_v0_4_0_ecdsa_signature_parse_* functions. */ typedef struct { unsigned char data[64]; -} rustsecp256k1_v0_3_1_ecdsa_signature; +} rustsecp256k1_v0_4_0_ecdsa_signature; /** A pointer to a function to deterministically generate a nonce. * @@ -97,7 +97,7 @@ typedef struct { * Except for test cases, this function should compute some cryptographic hash of * the message, the algorithm, the key and the attempt. */ -typedef int (*rustsecp256k1_v0_3_1_nonce_function)( +typedef int (*rustsecp256k1_v0_4_0_nonce_function)( unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, @@ -165,14 +165,14 @@ typedef int (*rustsecp256k1_v0_3_1_nonce_function)( #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10) #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) -/** Flags to pass to rustsecp256k1_v0_3_1_context_create, rustsecp256k1_v0_3_1_context_preallocated_size, and - * rustsecp256k1_v0_3_1_context_preallocated_create. */ +/** Flags to pass to rustsecp256k1_v0_4_0_context_create, rustsecp256k1_v0_4_0_context_preallocated_size, and + * rustsecp256k1_v0_4_0_context_preallocated_create. */ #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN) #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY) #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) -/** Flag to pass to rustsecp256k1_v0_3_1_ec_pubkey_serialize. */ +/** Flag to pass to rustsecp256k1_v0_4_0_ec_pubkey_serialize. */ #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) @@ -188,20 +188,20 @@ typedef int (*rustsecp256k1_v0_3_1_nonce_function)( * API consistency, but currently do not require expensive precomputations or dynamic * allocations. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_context_no_precomp; +SECP256K1_API extern const rustsecp256k1_v0_4_0_context *rustsecp256k1_v0_4_0_context_no_precomp; /** Create a secp256k1 context object (in dynamically allocated memory). * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in rustsecp256k1_v0_3_1_preallocated.h. + * memory allocation entirely, see the functions in rustsecp256k1_v0_4_0_preallocated.h. * * Returns: a newly created context object. * In: flags: which parts of the context to initialize. * - * See also rustsecp256k1_v0_3_1_context_randomize. + * See also rustsecp256k1_v0_4_0_context_randomize. */ -SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_create( +SECP256K1_API rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_create( unsigned int flags ) SECP256K1_WARN_UNUSED_RESULT; @@ -209,30 +209,30 @@ SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_create( * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in rustsecp256k1_v0_3_1_preallocated.h. + * memory allocation entirely, see the functions in rustsecp256k1_v0_4_0_preallocated.h. * * Returns: a newly created context object. * Args: ctx: an existing context to copy (cannot be NULL) */ -SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_clone( - const rustsecp256k1_v0_3_1_context* ctx +SECP256K1_API rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_clone( + const rustsecp256k1_v0_4_0_context* ctx ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; /** Destroy a secp256k1 context object (created in dynamically allocated memory). * * The context pointer may not be used afterwards. * - * The context to destroy must have been created using rustsecp256k1_v0_3_1_context_create - * or rustsecp256k1_v0_3_1_context_clone. If the context has instead been created using - * rustsecp256k1_v0_3_1_context_preallocated_create or rustsecp256k1_v0_3_1_context_preallocated_clone, the - * behaviour is undefined. In that case, rustsecp256k1_v0_3_1_context_preallocated_destroy must + * The context to destroy must have been created using rustsecp256k1_v0_4_0_context_create + * or rustsecp256k1_v0_4_0_context_clone. If the context has instead been created using + * rustsecp256k1_v0_4_0_context_preallocated_create or rustsecp256k1_v0_4_0_context_preallocated_clone, the + * behaviour is undefined. In that case, rustsecp256k1_v0_4_0_context_preallocated_destroy must * be used instead. * * Args: ctx: an existing context to destroy, constructed using - * rustsecp256k1_v0_3_1_context_create or rustsecp256k1_v0_3_1_context_clone + * rustsecp256k1_v0_4_0_context_create or rustsecp256k1_v0_4_0_context_clone */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_destroy( - rustsecp256k1_v0_3_1_context* ctx +SECP256K1_API void rustsecp256k1_v0_4_0_context_destroy( + rustsecp256k1_v0_4_0_context* ctx ); /** Set a callback function to be called when an illegal argument is passed to @@ -256,11 +256,11 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_destroy( * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build * has been configured with --enable-external-default-callbacks. Then the * following two symbols must be provided to link against: - * - void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* message, void* data); - * - void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* message, void* data); + * - void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* message, void* data); + * - void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* message, void* data); * The library can call these default handlers even before a proper callback data - * pointer could have been set using rustsecp256k1_v0_3_1_context_set_illegal_callback or - * rustsecp256k1_v0_3_1_context_set_error_callback, e.g., when the creation of a context + * pointer could have been set using rustsecp256k1_v0_4_0_context_set_illegal_callback or + * rustsecp256k1_v0_4_0_context_set_error_callback, e.g., when the creation of a context * fails. In this case, the corresponding default handler will be called with * the data pointer argument set to NULL. * @@ -270,10 +270,10 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_destroy( * (NULL restores the default handler.) * data: the opaque pointer to pass to fun above. * - * See also rustsecp256k1_v0_3_1_context_set_error_callback. + * See also rustsecp256k1_v0_4_0_context_set_error_callback. */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_set_illegal_callback( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API void rustsecp256k1_v0_4_0_context_set_illegal_callback( + rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data ) SECP256K1_ARG_NONNULL(1); @@ -284,21 +284,21 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_set_illegal_callback( * This can only trigger in case of a hardware failure, miscompilation, * memory corruption, serious bug in the library, or other error would can * otherwise result in undefined behaviour. It will not trigger due to mere - * incorrect usage of the API (see rustsecp256k1_v0_3_1_context_set_illegal_callback + * incorrect usage of the API (see rustsecp256k1_v0_4_0_context_set_illegal_callback * for that). After this callback returns, anything may happen, including * crashing. * * Args: ctx: an existing context object (cannot be NULL) * In: fun: a pointer to a function to call when an internal error occurs, * taking a message and an opaque pointer (NULL restores the - * default handler, see rustsecp256k1_v0_3_1_context_set_illegal_callback + * default handler, see rustsecp256k1_v0_4_0_context_set_illegal_callback * for details). * data: the opaque pointer to pass to fun above. * - * See also rustsecp256k1_v0_3_1_context_set_illegal_callback. + * See also rustsecp256k1_v0_4_0_context_set_illegal_callback. */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_set_error_callback( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API void rustsecp256k1_v0_4_0_context_set_error_callback( + rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data ) SECP256K1_ARG_NONNULL(1); @@ -310,8 +310,8 @@ SECP256K1_API void rustsecp256k1_v0_3_1_context_set_error_callback( * In: size: amount of memory to be available as scratch space. Some extra * (<100 bytes) will be allocated for extra accounting. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT rustsecp256k1_v0_3_1_scratch_space* rustsecp256k1_v0_3_1_scratch_space_create( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT rustsecp256k1_v0_4_0_scratch_space* rustsecp256k1_v0_4_0_scratch_space_create( + const rustsecp256k1_v0_4_0_context* ctx, size_t size ) SECP256K1_ARG_NONNULL(1); @@ -321,9 +321,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT rustsecp256k1_v0_3_1_scratch_space* r * Args: ctx: a secp256k1 context object. * scratch: space to destroy */ -SECP256K1_API void rustsecp256k1_v0_3_1_scratch_space_destroy( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_scratch_space* scratch +SECP256K1_API void rustsecp256k1_v0_4_0_scratch_space_destroy( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_scratch_space* scratch ) SECP256K1_ARG_NONNULL(1); /** Parse a variable-length public key into the pubkey object. @@ -340,9 +340,9 @@ SECP256K1_API void rustsecp256k1_v0_3_1_scratch_space_destroy( * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header * byte 0x06 or 0x07) format public keys. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_parse( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey* pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_parse( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey* pubkey, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -357,16 +357,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_pa * In/Out: outputlen: a pointer to an integer which is initially set to the * size of output, and is overwritten with the written * size. - * In: pubkey: a pointer to a rustsecp256k1_v0_3_1_pubkey containing an + * In: pubkey: a pointer to a rustsecp256k1_v0_4_0_pubkey containing an * initialized public key. * flags: SECP256K1_EC_COMPRESSED if serialization should be in * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ec_pubkey_serialize( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ec_pubkey_serialize( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_3_1_pubkey* pubkey, + const rustsecp256k1_v0_4_0_pubkey* pubkey, unsigned int flags ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -385,9 +385,9 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ec_pubkey_serialize( * S are zero, the resulting sig value is guaranteed to fail validation for any * message and public key. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input64 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -406,9 +406,9 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact( * encoded numbers are out of range, signature validation with it is * guaranteed to fail for every message and public key. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -424,11 +424,11 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der( * if 0 was returned). * In: sig: a pointer to an initialized signature object */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_3_1_ecdsa_signature* sig + const rustsecp256k1_v0_4_0_ecdsa_signature* sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Serialize an ECDSA signature in compact (64 byte) format. @@ -438,12 +438,12 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der( * Out: output64: a pointer to a 64-byte array to store the compact serialization * In: sig: a pointer to an initialized signature object * - * See rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact for details about the encoding. + * See rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact for details about the encoding. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, - const rustsecp256k1_v0_3_1_ecdsa_signature* sig + const rustsecp256k1_v0_4_0_ecdsa_signature* sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Verify an ECDSA signature. @@ -452,23 +452,30 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact( * 0: incorrect or unparseable signature * Args: ctx: a secp256k1 context object, initialized for verification. * In: sig: the signature being verified (cannot be NULL) - * msg32: the 32-byte message hash being verified (cannot be NULL) + * msghash32: the 32-byte message hash being verified (cannot be NULL). + * The verifier must make sure to apply a cryptographic + * hash function to the message by itself and not accept an + * msghash32 value directly. Otherwise, it would be easy to + * create a "valid" signature without knowledge of the + * secret key. See also + * https://bitcoin.stackexchange.com/a/81116/35586 for more + * background on this topic. * pubkey: pointer to an initialized public key to verify with (cannot be NULL) * * To avoid accepting malleable signatures, only ECDSA signatures in lower-S * form are accepted. * * If you need to accept ECDSA signatures from sources that do not obey this - * rule, apply rustsecp256k1_v0_3_1_ecdsa_signature_normalize to the signature prior to + * rule, apply rustsecp256k1_v0_4_0_ecdsa_signature_normalize to the signature prior to * validation, but be aware that doing so results in malleable signatures. * * For details, see the comments for that function. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdsa_verify( - const rustsecp256k1_v0_3_1_context* ctx, - const rustsecp256k1_v0_3_1_ecdsa_signature *sig, - const unsigned char *msg32, - const rustsecp256k1_v0_3_1_pubkey *pubkey +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ecdsa_verify( + const rustsecp256k1_v0_4_0_context* ctx, + const rustsecp256k1_v0_4_0_ecdsa_signature *sig, + const unsigned char *msghash32, + const rustsecp256k1_v0_4_0_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Convert a signature to a normalized lower-S form. @@ -508,46 +515,46 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdsa_verify * accept various non-unique encodings, so care should be taken when this * property is required for an application. * - * The rustsecp256k1_v0_3_1_ecdsa_sign function will by default create signatures in the - * lower-S form, and rustsecp256k1_v0_3_1_ecdsa_verify will not accept others. In case + * The rustsecp256k1_v0_4_0_ecdsa_sign function will by default create signatures in the + * lower-S form, and rustsecp256k1_v0_4_0_ecdsa_verify will not accept others. In case * signatures come from a system that cannot enforce this property, - * rustsecp256k1_v0_3_1_ecdsa_signature_normalize must be called before verification. + * rustsecp256k1_v0_4_0_ecdsa_signature_normalize must be called before verification. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_signature_normalize( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature *sigout, - const rustsecp256k1_v0_3_1_ecdsa_signature *sigin +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_signature_normalize( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature *sigout, + const rustsecp256k1_v0_4_0_ecdsa_signature *sigin ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); /** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of * extra entropy. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_rfc6979; +SECP256K1_API extern const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_rfc6979; -/** A default safe nonce generation function (currently equal to rustsecp256k1_v0_3_1_nonce_function_rfc6979). */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_default; +/** A default safe nonce generation function (currently equal to rustsecp256k1_v0_4_0_nonce_function_rfc6979). */ +SECP256K1_API extern const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_default; /** Create an ECDSA signature. * * Returns: 1: signature created * 0: the nonce generation function failed, or the secret key was invalid. - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) - * In: msg32: the 32-byte message hash being signed (cannot be NULL) - * seckey: pointer to a 32-byte secret key (cannot be NULL) - * noncefp:pointer to a nonce generation function. If NULL, rustsecp256k1_v0_3_1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msghash32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp: pointer to a nonce generation function. If NULL, rustsecp256k1_v0_4_0_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) * * The created signature is always in lower-S form. See - * rustsecp256k1_v0_3_1_ecdsa_signature_normalize for more details. + * rustsecp256k1_v0_4_0_ecdsa_signature_normalize for more details. */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature *sig, - const unsigned char *msg32, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_sign( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature *sig, + const unsigned char *msghash32, const unsigned char *seckey, - rustsecp256k1_v0_3_1_nonce_function noncefp, + rustsecp256k1_v0_4_0_nonce_function noncefp, const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -563,8 +570,8 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign( * Args: ctx: pointer to a context object (cannot be NULL) * In: seckey: pointer to a 32-byte secret key (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_verify( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_verify( + const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -576,32 +583,32 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_ve * Out: pubkey: pointer to the created public key (cannot be NULL) * In: seckey: pointer to a 32-byte secret key (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_create( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_create( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Negates a secret key in place. * * Returns: 0 if the given secret key is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify. 1 otherwise + * rustsecp256k1_v0_4_0_ec_seckey_verify. 1 otherwise * Args: ctx: pointer to a context object * In/Out: seckey: pointer to the 32-byte secret key to be negated. If the * secret key is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0 and + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0 and * seckey will be set to some unspecified value. (cannot be * NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_negate( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_negate( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_negate, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_negate, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_negate( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_negate( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -611,9 +618,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_n * Args: ctx: pointer to a context object * In/Out: pubkey: pointer to the public key to be negated (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_negate( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_negate( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); /** Tweak a secret key by adding tweak to it. @@ -623,26 +630,26 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_ne * otherwise. * Args: ctx: pointer to a context object (cannot be NULL). * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_3_1_ec_seckey_verify, this + * invalid according to rustsecp256k1_v0_4_0_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. (cannot be NULL) - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_tweak_add, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a public key by adding tweak times the generator to it. @@ -654,15 +661,15 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_t * (cannot be NULL). * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0 (cannot be NULL). - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const unsigned char *tweak +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a secret key by multiplying it by a tweak. @@ -670,26 +677,26 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tw * Returns: 0 if the arguments are invalid. 1 otherwise. * Args: ctx: pointer to a context object (cannot be NULL). * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_3_1_ec_seckey_verify, this + * invalid according to rustsecp256k1_v0_4_0_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. (cannot be NULL) - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_seckey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_seckey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_3_1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in +/** Same as rustsecp256k1_v0_4_0_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_privkey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, - const unsigned char *tweak + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Tweak a public key by multiplying it by a tweak value. @@ -699,15 +706,15 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_privkey_t * (cannot be NULL). * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0 (cannot be NULL). - * In: tweak: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to + * rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const unsigned char *tweak +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Updates the context randomization to protect against side-channel leakage. @@ -731,12 +738,12 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_tw * guaranteed and may change in the future. It is safe to call this function on * contexts not initialized for signing; then it will have no effect and return 1. * - * You should call this after rustsecp256k1_v0_3_1_context_create or - * rustsecp256k1_v0_3_1_context_clone (and rustsecp256k1_v0_3_1_context_preallocated_create or - * rustsecp256k1_v0_3_1_context_clone, resp.), and you may call this repeatedly afterwards. + * You should call this after rustsecp256k1_v0_4_0_context_create or + * rustsecp256k1_v0_4_0_context_clone (and rustsecp256k1_v0_4_0_context_preallocated_create or + * rustsecp256k1_v0_4_0_context_clone, resp.), and you may call this repeatedly afterwards. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_context_randomize( - rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_context_randomize( + rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seed32 ) SECP256K1_ARG_NONNULL(1); @@ -750,10 +757,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_context_rand * In: ins: pointer to array of pointers to public keys (cannot be NULL) * n: the number of public keys to add together (must be at least 1) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ec_pubkey_combine( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *out, - const rustsecp256k1_v0_3_1_pubkey * const * ins, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ec_pubkey_combine( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *out, + const rustsecp256k1_v0_4_0_pubkey * const * ins, size_t n ) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h index b1304ccba..44d28a25b 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h @@ -10,15 +10,15 @@ extern "C" { /** A pointer to a function that hashes an EC point to obtain an ECDH secret * * Returns: 1 if the point was successfully hashed. - * 0 will cause rustsecp256k1_v0_3_1_ecdh to fail and return 0. + * 0 will cause rustsecp256k1_v0_4_0_ecdh to fail and return 0. * Other return values are not allowed, and the behaviour of - * rustsecp256k1_v0_3_1_ecdh is undefined for other return values. + * rustsecp256k1_v0_4_0_ecdh is undefined for other return values. * Out: output: pointer to an array to be filled by the function * In: x32: pointer to a 32-byte x coordinate * y32: pointer to a 32-byte y coordinate * data: arbitrary data pointer that is passed through */ -typedef int (*rustsecp256k1_v0_3_1_ecdh_hash_function)( +typedef int (*rustsecp256k1_v0_4_0_ecdh_hash_function)( unsigned char *output, const unsigned char *x32, const unsigned char *y32, @@ -27,11 +27,11 @@ typedef int (*rustsecp256k1_v0_3_1_ecdh_hash_function)( /** An implementation of SHA256 hash function that applies to compressed public key. * Populates the output parameter with 32 bytes. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_ecdh_hash_function rustsecp256k1_v0_3_1_ecdh_hash_function_sha256; +SECP256K1_API extern const rustsecp256k1_v0_4_0_ecdh_hash_function rustsecp256k1_v0_4_0_ecdh_hash_function_sha256; -/** A default ECDH hash function (currently equal to rustsecp256k1_v0_3_1_ecdh_hash_function_sha256). +/** A default ECDH hash function (currently equal to rustsecp256k1_v0_4_0_ecdh_hash_function_sha256). * Populates the output parameter with 32 bytes. */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_ecdh_hash_function rustsecp256k1_v0_3_1_ecdh_hash_function_default; +SECP256K1_API extern const rustsecp256k1_v0_4_0_ecdh_hash_function rustsecp256k1_v0_4_0_ecdh_hash_function_default; /** Compute an EC Diffie-Hellman secret in constant time * @@ -39,19 +39,19 @@ SECP256K1_API extern const rustsecp256k1_v0_3_1_ecdh_hash_function rustsecp256k1 * 0: scalar was invalid (zero or overflow) or hashfp returned 0 * Args: ctx: pointer to a context object (cannot be NULL) * Out: output: pointer to an array to be filled by hashfp - * In: pubkey: a pointer to a rustsecp256k1_v0_3_1_pubkey containing an + * In: pubkey: a pointer to a rustsecp256k1_v0_4_0_pubkey containing an * initialized public key * seckey: a 32-byte scalar with which to multiply the point - * hashfp: pointer to a hash function. If NULL, rustsecp256k1_v0_3_1_ecdh_hash_function_sha256 is used + * hashfp: pointer to a hash function. If NULL, rustsecp256k1_v0_4_0_ecdh_hash_function_sha256 is used * (in which case, 32 bytes will be written to output) * data: arbitrary data pointer that is passed through to hashfp */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdh( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ecdh( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, - const rustsecp256k1_v0_3_1_pubkey *pubkey, + const rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *seckey, - rustsecp256k1_v0_3_1_ecdh_hash_function hashfp, + rustsecp256k1_v0_4_0_ecdh_hash_function hashfp, void *data ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h index 88a3e54c8..b28cb2fb5 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h @@ -16,12 +16,12 @@ extern "C" { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use rustsecp256k1_v0_3_1_xonly_pubkey_serialize and - * rustsecp256k1_v0_3_1_xonly_pubkey_parse. + * comparison, use rustsecp256k1_v0_4_0_xonly_pubkey_serialize and + * rustsecp256k1_v0_4_0_xonly_pubkey_parse. */ typedef struct { unsigned char data[64]; -} rustsecp256k1_v0_3_1_xonly_pubkey; +} rustsecp256k1_v0_4_0_xonly_pubkey; /** Opaque data structure that holds a keypair consisting of a secret and a * public key. @@ -32,7 +32,7 @@ typedef struct { */ typedef struct { unsigned char data[96]; -} rustsecp256k1_v0_3_1_keypair; +} rustsecp256k1_v0_4_0_keypair; /** Parse a 32-byte sequence into a xonly_pubkey object. * @@ -45,9 +45,9 @@ typedef struct { * (cannot be NULL). * In: input32: pointer to a serialized xonly_pubkey (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey_parse( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_xonly_pubkey* pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_xonly_pubkey_parse( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_xonly_pubkey* pubkey, const unsigned char *input32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -58,16 +58,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey * Args: ctx: a secp256k1 context object (cannot be NULL). * Out: output32: a pointer to a 32-byte array to place the serialized key in * (cannot be NULL). - * In: pubkey: a pointer to a rustsecp256k1_v0_3_1_xonly_pubkey containing an + * In: pubkey: a pointer to a rustsecp256k1_v0_4_0_xonly_pubkey containing an * initialized public key (cannot be NULL). */ -SECP256K1_API int rustsecp256k1_v0_3_1_xonly_pubkey_serialize( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_xonly_pubkey_serialize( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output32, - const rustsecp256k1_v0_3_1_xonly_pubkey* pubkey + const rustsecp256k1_v0_4_0_xonly_pubkey* pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Converts a rustsecp256k1_v0_3_1_pubkey into a rustsecp256k1_v0_3_1_xonly_pubkey. +/** Converts a rustsecp256k1_v0_4_0_pubkey into a rustsecp256k1_v0_4_0_xonly_pubkey. * * Returns: 1 if the public key was successfully converted * 0 otherwise @@ -80,11 +80,11 @@ SECP256K1_API int rustsecp256k1_v0_3_1_xonly_pubkey_serialize( * set to 0 otherwise. (can be NULL) * In: pubkey: pointer to a public key that is converted (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_xonly_pubkey *xonly_pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_xonly_pubkey *xonly_pubkey, int *pk_parity, - const rustsecp256k1_v0_3_1_pubkey *pubkey + const rustsecp256k1_v0_4_0_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4); /** Tweak an x-only public key by adding the generator multiplied with tweak32 @@ -92,7 +92,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey * * Note that the resulting point can not in general be represented by an x-only * pubkey because it may have an odd Y coordinate. Instead, the output_pubkey - * is a normal rustsecp256k1_v0_3_1_pubkey. + * is a normal rustsecp256k1_v0_4_0_pubkey. * * Returns: 0 if the arguments are invalid or the resulting public key would be * invalid (only when the tweak is the negation of the corresponding @@ -106,24 +106,24 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey * In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to. * (cannot be NULL). * tweak32: pointer to a 32-byte tweak. If the tweak is invalid - * according to rustsecp256k1_v0_3_1_ec_seckey_verify, this function + * according to rustsecp256k1_v0_4_0_ec_seckey_verify, this function * returns 0. For uniformly random 32-byte arrays the * chance of being invalid is negligible (around 1 in * 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *output_pubkey, - const rustsecp256k1_v0_3_1_xonly_pubkey *internal_pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *output_pubkey, + const rustsecp256k1_v0_4_0_xonly_pubkey *internal_pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Checks that a tweaked pubkey is the result of calling - * rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add with internal_pubkey and tweak32. + * rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add with internal_pubkey and tweak32. * * The tweaked pubkey is represented by its 32-byte x-only serialization and * its pk_parity, which can both be obtained by converting the result of - * tweak_add to a rustsecp256k1_v0_3_1_xonly_pubkey. + * tweak_add to a rustsecp256k1_v0_4_0_xonly_pubkey. * * Note that this alone does _not_ verify that the tweaked pubkey is a * commitment. If the tweak is not chosen in a specific way, the tweaked pubkey @@ -137,17 +137,17 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey * tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization * is passed in as tweaked_pubkey32). This must match the * pk_parity value that is returned when calling - * rustsecp256k1_v0_3_1_xonly_pubkey with the tweaked pubkey, or + * rustsecp256k1_v0_4_0_xonly_pubkey with the tweaked pubkey, or * this function will fail. * internal_pubkey: pointer to an x-only public key object to apply the * tweak to (cannot be NULL) * tweak32: pointer to a 32-byte tweak (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check( + const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, - const rustsecp256k1_v0_3_1_xonly_pubkey *internal_pubkey, + const rustsecp256k1_v0_4_0_xonly_pubkey *internal_pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); @@ -159,9 +159,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_xonly_pubkey * Out: keypair: pointer to the created keypair (cannot be NULL) * In: seckey: pointer to a 32-byte secret key (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_create( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_keypair *keypair, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_keypair_create( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_keypair *keypair, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -174,16 +174,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_crea * (cannot be NULL) * In: keypair: pointer to a keypair (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_pub( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const rustsecp256k1_v0_3_1_keypair *keypair +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_keypair_pub( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const rustsecp256k1_v0_4_0_keypair *keypair ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Get the x-only public key from a keypair. * - * This is the same as calling rustsecp256k1_v0_3_1_keypair_pub and then - * rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey. + * This is the same as calling rustsecp256k1_v0_4_0_keypair_pub and then + * rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey. * * Returns: 0 if the arguments are invalid. 1 otherwise. * Args: ctx: pointer to a context object (cannot be NULL) @@ -192,22 +192,22 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_pub( * xonly_pubkey. If not, it's set to an invalid value (cannot be * NULL). * pk_parity: pointer to an integer that will be set to the pk_parity - * argument of rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey (can be NULL). + * argument of rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey (can be NULL). * In: keypair: pointer to a keypair (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_xonly_pub( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_xonly_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_keypair_xonly_pub( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_xonly_pubkey *pubkey, int *pk_parity, - const rustsecp256k1_v0_3_1_keypair *keypair + const rustsecp256k1_v0_4_0_keypair *keypair ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4); /** Tweak a keypair by adding tweak32 to the secret key and updating the public * key accordingly. * - * Calling this function and then rustsecp256k1_v0_3_1_keypair_pub results in the same - * public key as calling rustsecp256k1_v0_3_1_keypair_xonly_pub and then - * rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add. + * Calling this function and then rustsecp256k1_v0_4_0_keypair_pub results in the same + * public key as calling rustsecp256k1_v0_4_0_keypair_xonly_pub and then + * rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add. * * Returns: 0 if the arguments are invalid or the resulting keypair would be * invalid (only when the tweak is the negation of the keypair's @@ -219,13 +219,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_xonl * an invalid value if this function returns 0 (cannot be * NULL). * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according - * to rustsecp256k1_v0_3_1_ec_seckey_verify, this function returns 0. For + * to rustsecp256k1_v0_4_0_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128) (cannot be NULL). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_keypair_xonly_tweak_add( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_keypair *keypair, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_keypair_xonly_tweak_add( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_keypair *keypair, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h index 75a659766..121fd7dba 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h @@ -16,8 +16,8 @@ extern "C" { * objects created by functions in secp256k1.h, i.e., they can be passed to any * API function that expects a context object (see secp256k1.h for details). The * only exception is that context objects created by functions in this module - * must be destroyed using rustsecp256k1_v0_3_1_context_preallocated_destroy (in this - * module) instead of rustsecp256k1_v0_3_1_context_destroy (in secp256k1.h). + * must be destroyed using rustsecp256k1_v0_4_0_context_preallocated_destroy (in this + * module) instead of rustsecp256k1_v0_4_0_context_destroy (in secp256k1.h). * * It is guaranteed that functions in this module will not call malloc or its * friends realloc, calloc, and free. @@ -27,24 +27,24 @@ extern "C" { * caller-provided memory. * * The purpose of this function is to determine how much memory must be provided - * to rustsecp256k1_v0_3_1_context_preallocated_create. + * to rustsecp256k1_v0_4_0_context_preallocated_create. * * Returns: the required size of the caller-provided memory block * In: flags: which parts of the context to initialize. */ -SECP256K1_API size_t rustsecp256k1_v0_3_1_context_preallocated_size( +SECP256K1_API size_t rustsecp256k1_v0_4_0_context_preallocated_size( unsigned int flags ) SECP256K1_WARN_UNUSED_RESULT; /** Create a secp256k1 context object in caller-provided memory. * * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least rustsecp256k1_v0_3_1_context_preallocated_size(flags) bytes, suitably + * of size at least rustsecp256k1_v0_4_0_context_preallocated_size(flags) bytes, suitably * aligned to hold an object of any type. * * The block of memory is exclusively owned by the created context object during * the lifetime of this context object, which begins with the call to this - * function and ends when a call to rustsecp256k1_v0_3_1_context_preallocated_destroy + * function and ends when a call to rustsecp256k1_v0_4_0_context_preallocated_destroy * (which destroys the context object again) returns. During the lifetime of the * context object, the caller is obligated not to access this block of memory, * i.e., the caller may not read or write the memory, e.g., by copying the memory @@ -54,14 +54,14 @@ SECP256K1_API size_t rustsecp256k1_v0_3_1_context_preallocated_size( * * Returns: a newly created context object. * In: prealloc: a pointer to a rewritable contiguous block of memory of - * size at least rustsecp256k1_v0_3_1_context_preallocated_size(flags) + * size at least rustsecp256k1_v0_4_0_context_preallocated_size(flags) * bytes, as detailed above (cannot be NULL) * flags: which parts of the context to initialize. * - * See also rustsecp256k1_v0_3_1_context_randomize (in secp256k1.h) - * and rustsecp256k1_v0_3_1_context_preallocated_destroy. + * See also rustsecp256k1_v0_4_0_context_randomize (in secp256k1.h) + * and rustsecp256k1_v0_4_0_context_preallocated_destroy. */ -SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_create( +SECP256K1_API rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_create( void* prealloc, unsigned int flags ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; @@ -72,28 +72,28 @@ SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallo * Returns: the required size of the caller-provided memory block. * In: ctx: an existing context to copy (cannot be NULL) */ -SECP256K1_API size_t rustsecp256k1_v0_3_1_context_preallocated_clone_size( - const rustsecp256k1_v0_3_1_context* ctx +SECP256K1_API size_t rustsecp256k1_v0_4_0_context_preallocated_clone_size( + const rustsecp256k1_v0_4_0_context* ctx ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; /** Copy a secp256k1 context object into caller-provided memory. * * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least rustsecp256k1_v0_3_1_context_preallocated_size(flags) bytes, suitably + * of size at least rustsecp256k1_v0_4_0_context_preallocated_size(flags) bytes, suitably * aligned to hold an object of any type. * * The block of memory is exclusively owned by the created context object during * the lifetime of this context object, see the description of - * rustsecp256k1_v0_3_1_context_preallocated_create for details. + * rustsecp256k1_v0_4_0_context_preallocated_create for details. * * Returns: a newly created context object. * Args: ctx: an existing context to copy (cannot be NULL) * In: prealloc: a pointer to a rewritable contiguous block of memory of - * size at least rustsecp256k1_v0_3_1_context_preallocated_size(flags) + * size at least rustsecp256k1_v0_4_0_context_preallocated_size(flags) * bytes, as detailed above (cannot be NULL) */ -SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_clone( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_clone( + const rustsecp256k1_v0_4_0_context* ctx, void* prealloc ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT; @@ -103,22 +103,22 @@ SECP256K1_API rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallo * The context pointer may not be used afterwards. * * The context to destroy must have been created using - * rustsecp256k1_v0_3_1_context_preallocated_create or rustsecp256k1_v0_3_1_context_preallocated_clone. - * If the context has instead been created using rustsecp256k1_v0_3_1_context_create or - * rustsecp256k1_v0_3_1_context_clone, the behaviour is undefined. In that case, - * rustsecp256k1_v0_3_1_context_destroy must be used instead. + * rustsecp256k1_v0_4_0_context_preallocated_create or rustsecp256k1_v0_4_0_context_preallocated_clone. + * If the context has instead been created using rustsecp256k1_v0_4_0_context_create or + * rustsecp256k1_v0_4_0_context_clone, the behaviour is undefined. In that case, + * rustsecp256k1_v0_4_0_context_destroy must be used instead. * * If required, it is the responsibility of the caller to deallocate the block * of memory properly after this function returns, e.g., by calling free on the - * preallocated pointer given to rustsecp256k1_v0_3_1_context_preallocated_create or - * rustsecp256k1_v0_3_1_context_preallocated_clone. + * preallocated pointer given to rustsecp256k1_v0_4_0_context_preallocated_create or + * rustsecp256k1_v0_4_0_context_preallocated_clone. * * Args: ctx: an existing context to destroy, constructed using - * rustsecp256k1_v0_3_1_context_preallocated_create or - * rustsecp256k1_v0_3_1_context_preallocated_clone (cannot be NULL) + * rustsecp256k1_v0_4_0_context_preallocated_create or + * rustsecp256k1_v0_4_0_context_preallocated_clone (cannot be NULL) */ -SECP256K1_API void rustsecp256k1_v0_3_1_context_preallocated_destroy( - rustsecp256k1_v0_3_1_context* ctx +SECP256K1_API void rustsecp256k1_v0_4_0_context_preallocated_destroy( + rustsecp256k1_v0_4_0_context* ctx ); #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h index a96ac6083..65839d3bd 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h @@ -14,8 +14,8 @@ extern "C" { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 65 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage or transmission, use - * the rustsecp256k1_v0_3_1_ecdsa_signature_serialize_* and - * rustsecp256k1_v0_3_1_ecdsa_signature_parse_* functions. + * the rustsecp256k1_v0_4_0_ecdsa_signature_serialize_* and + * rustsecp256k1_v0_4_0_ecdsa_signature_parse_* functions. * * Furthermore, it is guaranteed that identical signatures (including their * recoverability) will have identical representation, so they can be @@ -23,7 +23,7 @@ extern "C" { */ typedef struct { unsigned char data[65]; -} rustsecp256k1_v0_3_1_ecdsa_recoverable_signature; +} rustsecp256k1_v0_4_0_ecdsa_recoverable_signature; /** Parse a compact ECDSA signature (64 bytes + recovery id). * @@ -33,9 +33,9 @@ typedef struct { * In: input64: a pointer to a 64-byte compact signature * recid: the recovery id (0, 1, 2 or 3) */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -46,10 +46,10 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact * Out: sig: a pointer to a normal signature (cannot be NULL). * In: sigin: a pointer to a recoverable signature (cannot be NULL). */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_signature* sig, - const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sigin +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_signature* sig, + const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sigin ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Serialize an ECDSA signature in compact format (64 bytes + recovery id). @@ -60,30 +60,30 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert( * recid: a pointer to an integer to hold the recovery id (can be NULL). * In: sig: a pointer to an initialized signature object (cannot be NULL) */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, int *recid, - const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig + const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Create a recoverable ECDSA signature. * * Returns: 1: signature created * 0: the nonce generation function failed, or the secret key was invalid. - * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) - * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) - * In: msg32: the 32-byte message hash being signed (cannot be NULL) - * seckey: pointer to a 32-byte secret key (cannot be NULL) - * noncefp:pointer to a nonce generation function. If NULL, rustsecp256k1_v0_3_1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) + * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) + * Out: sig: pointer to an array where the signature will be placed (cannot be NULL) + * In: msghash32: the 32-byte message hash being signed (cannot be NULL) + * seckey: pointer to a 32-byte secret key (cannot be NULL) + * noncefp: pointer to a nonce generation function. If NULL, rustsecp256k1_v0_4_0_nonce_function_default is used + * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) */ -SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign_recoverable( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature *sig, - const unsigned char *msg32, +SECP256K1_API int rustsecp256k1_v0_4_0_ecdsa_sign_recoverable( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature *sig, + const unsigned char *msghash32, const unsigned char *seckey, - rustsecp256k1_v0_3_1_nonce_function noncefp, + rustsecp256k1_v0_4_0_nonce_function noncefp, const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -91,16 +91,16 @@ SECP256K1_API int rustsecp256k1_v0_3_1_ecdsa_sign_recoverable( * * Returns: 1: public key successfully recovered (which guarantees a correct signature). * 0: otherwise. - * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) - * Out: pubkey: pointer to the recovered public key (cannot be NULL) - * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL) - * msg32: the 32-byte message hash assumed to be signed (cannot be NULL) + * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) + * Out: pubkey: pointer to the recovered public key (cannot be NULL) + * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL) + * msghash32: the 32-byte message hash assumed to be signed (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_ecdsa_recover( - const rustsecp256k1_v0_3_1_context* ctx, - rustsecp256k1_v0_3_1_pubkey *pubkey, - const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature *sig, - const unsigned char *msg32 +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_ecdsa_recover( + const rustsecp256k1_v0_4_0_context* ctx, + rustsecp256k1_v0_4_0_pubkey *pubkey, + const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature *sig, + const unsigned char *msghash32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h index 886252bde..db1b5ebed 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h @@ -15,7 +15,7 @@ extern "C" { /** A pointer to a function to deterministically generate a nonce. * - * Same as rustsecp256k1_v0_3_1_nonce function with the exception of accepting an + * Same as rustsecp256k1_v0_4_0_nonce function with the exception of accepting an * additional pubkey argument and not requiring an attempt argument. The pubkey * argument can protect signature schemes with key-prefixed challenge hash * inputs against reusing the nonce when signing with the wrong precomputed @@ -35,7 +35,7 @@ extern "C" { * Except for test cases, this function should compute some cryptographic hash of * the message, the key, the pubkey, the algorithm description, and data. */ -typedef int (*rustsecp256k1_v0_3_1_nonce_function_hardened)( +typedef int (*rustsecp256k1_v0_4_0_nonce_function_hardened)( unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, @@ -56,16 +56,16 @@ typedef int (*rustsecp256k1_v0_3_1_nonce_function_hardened)( * bytes. Therefore, to create BIP-340 compliant signatures, algo16 must be set * to "BIP0340/nonce\0\0\0" */ -SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function_hardened rustsecp256k1_v0_3_1_nonce_function_bip340; +SECP256K1_API extern const rustsecp256k1_v0_4_0_nonce_function_hardened rustsecp256k1_v0_4_0_nonce_function_bip340; /** Create a Schnorr signature. * * Does _not_ strictly follow BIP-340 because it does not verify the resulting - * signature. Instead, you can manually use rustsecp256k1_v0_3_1_schnorrsig_verify and + * signature. Instead, you can manually use rustsecp256k1_v0_4_0_schnorrsig_verify and * abort if it fails. * * Otherwise BIP-340 compliant if the noncefp argument is NULL or - * rustsecp256k1_v0_3_1_nonce_function_bip340 and the ndata argument is 32-byte auxiliary + * rustsecp256k1_v0_4_0_nonce_function_bip340 and the ndata argument is 32-byte auxiliary * randomness. * * Returns 1 on success, 0 on failure. @@ -73,18 +73,18 @@ SECP256K1_API extern const rustsecp256k1_v0_3_1_nonce_function_hardened rustsecp * Out: sig64: pointer to a 64-byte array to store the serialized signature (cannot be NULL) * In: msg32: the 32-byte message being signed (cannot be NULL) * keypair: pointer to an initialized keypair (cannot be NULL) - * noncefp: pointer to a nonce generation function. If NULL, rustsecp256k1_v0_3_1_nonce_function_bip340 is used + * noncefp: pointer to a nonce generation function. If NULL, rustsecp256k1_v0_4_0_nonce_function_bip340 is used * ndata: pointer to arbitrary data used by the nonce generation * function (can be NULL). If it is non-NULL and - * rustsecp256k1_v0_3_1_nonce_function_bip340 is used, then ndata must be a + * rustsecp256k1_v0_4_0_nonce_function_bip340 is used, then ndata must be a * pointer to 32-byte auxiliary randomness as per BIP-340. */ -SECP256K1_API int rustsecp256k1_v0_3_1_schnorrsig_sign( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API int rustsecp256k1_v0_4_0_schnorrsig_sign( + const rustsecp256k1_v0_4_0_context* ctx, unsigned char *sig64, const unsigned char *msg32, - const rustsecp256k1_v0_3_1_keypair *keypair, - rustsecp256k1_v0_3_1_nonce_function_hardened noncefp, + const rustsecp256k1_v0_4_0_keypair *keypair, + rustsecp256k1_v0_4_0_nonce_function_hardened noncefp, void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -97,11 +97,11 @@ SECP256K1_API int rustsecp256k1_v0_3_1_schnorrsig_sign( * msg32: the 32-byte message being verified (cannot be NULL) * pubkey: pointer to an x-only public key to verify with (cannot be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_3_1_schnorrsig_verify( - const rustsecp256k1_v0_3_1_context* ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_4_0_schnorrsig_verify( + const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *sig64, const unsigned char *msg32, - const rustsecp256k1_v0_3_1_xonly_pubkey *pubkey + const rustsecp256k1_v0_4_0_xonly_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage b/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage index 8936fd03a..9e1bc17c7 100644 --- a/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage +++ b/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage @@ -1,9 +1,4 @@ -# Define field size and field -P = 2^256 - 2^32 - 977 -F = GF(P) -BETA = F(0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee) - -assert(BETA != F(1) and BETA^3 == F(1)) +load("rustsecp256k1_v0_4_0_params.sage") orders_done = set() results = {} @@ -100,13 +95,13 @@ for f in sorted(results.keys()): G = results[f]["G"] print("# %s EXHAUSTIVE_TEST_ORDER == %i" % ("if" if first else "elif", f)) first = False - print("static const rustsecp256k1_v0_3_1_ge rustsecp256k1_v0_3_1_ge_const_g = SECP256K1_GE_CONST(") + print("static const rustsecp256k1_v0_4_0_ge rustsecp256k1_v0_4_0_ge_const_g = SECP256K1_GE_CONST(") print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x," % tuple((int(G[0]) >> (32 * (7 - i))) & 0xffffffff for i in range(4))) print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x," % tuple((int(G[0]) >> (32 * (7 - i))) & 0xffffffff for i in range(4, 8))) print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x," % tuple((int(G[1]) >> (32 * (7 - i))) & 0xffffffff for i in range(4))) print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x" % tuple((int(G[1]) >> (32 * (7 - i))) & 0xffffffff for i in range(4, 8))) print(");") - print("static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_const_b = SECP256K1_FE_CONST(") + print("static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_fe_const_b = SECP256K1_FE_CONST(") print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x," % tuple((int(b) >> (32 * (7 - i))) & 0xffffffff for i in range(4))) print(" 0x%08x, 0x%08x, 0x%08x, 0x%08x" % tuple((int(b) >> (32 * (7 - i))) & 0xffffffff for i in range(4, 8))) print(");") diff --git a/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage b/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage new file mode 100644 index 000000000..99d05921e --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage @@ -0,0 +1,114 @@ +""" Generates the constants used in rustsecp256k1_v0_4_0_scalar_split_lambda. + +See the comments for rustsecp256k1_v0_4_0_scalar_split_lambda in src/scalar_impl.h for detailed explanations. +""" + +load("rustsecp256k1_v0_4_0_params.sage") + +def inf_norm(v): + """Returns the infinity norm of a vector.""" + return max(map(abs, v)) + +def gauss_reduction(i1, i2): + v1, v2 = i1.copy(), i2.copy() + while True: + if inf_norm(v2) < inf_norm(v1): + v1, v2 = v2, v1 + # This is essentially + # m = round((v1[0]*v2[0] + v1[1]*v2[1]) / (inf_norm(v1)**2)) + # (rounding to the nearest integer) without relying on floating point arithmetic. + m = ((v1[0]*v2[0] + v1[1]*v2[1]) + (inf_norm(v1)**2) // 2) // (inf_norm(v1)**2) + if m == 0: + return v1, v2 + v2[0] -= m*v1[0] + v2[1] -= m*v1[1] + +def find_split_constants_gauss(): + """Find constants for rustsecp256k1_v0_4_0_scalar_split_lamdba using gauss reduction.""" + (v11, v12), (v21, v22) = gauss_reduction([0, N], [1, int(LAMBDA)]) + + # We use related vectors in rustsecp256k1_v0_4_0_scalar_split_lambda. + A1, B1 = -v21, -v11 + A2, B2 = v22, -v21 + + return A1, B1, A2, B2 + +def find_split_constants_explicit_tof(): + """Find constants for rustsecp256k1_v0_4_0_scalar_split_lamdba using the trace of Frobenius. + + See Benjamin Smith: "Easy scalar decompositions for efficient scalar multiplication on + elliptic curves and genus 2 Jacobians" (https://eprint.iacr.org/2013/672), Example 2 + """ + assert P % 3 == 1 # The paper says P % 3 == 2 but that appears to be a mistake, see [10]. + assert C.j_invariant() == 0 + + t = C.trace_of_frobenius() + + c = Integer(sqrt((4*P - t**2)/3)) + A1 = Integer((t - c)/2 - 1) + B1 = c + + A2 = Integer((t + c)/2 - 1) + B2 = Integer(1 - (t - c)/2) + + # We use a negated b values in rustsecp256k1_v0_4_0_scalar_split_lambda. + B1, B2 = -B1, -B2 + + return A1, B1, A2, B2 + +A1, B1, A2, B2 = find_split_constants_explicit_tof() + +# For extra fun, use an independent method to recompute the constants. +assert (A1, B1, A2, B2) == find_split_constants_gauss() + +# PHI : Z[l] -> Z_n where phi(a + b*l) == a + b*lambda mod n. +def PHI(a,b): + return Z(a + LAMBDA*b) + +# Check that (A1, B1) and (A2, B2) are in the kernel of PHI. +assert PHI(A1, B1) == Z(0) +assert PHI(A2, B2) == Z(0) + +# Check that the parallelogram generated by (A1, A2) and (B1, B2) +# is a fundamental domain by containing exactly N points. +# Since the LHS is the determinant and N != 0, this also checks that +# (A1, A2) and (B1, B2) are linearly independent. By the previous +# assertions, (A1, A2) and (B1, B2) are a basis of the kernel. +assert A1*B2 - B1*A2 == N + +# Check that their components are short enough. +assert (A1 + A2)/2 < sqrt(N) +assert B1 < sqrt(N) +assert B2 < sqrt(N) + +G1 = round((2**384)*B2/N) +G2 = round((2**384)*(-B1)/N) + +def rnddiv2(v): + if v & 1: + v += 1 + return v >> 1 + +def scalar_lambda_split(k): + """Equivalent to rustsecp256k1_v0_4_0_scalar_lambda_split().""" + c1 = rnddiv2((k * G1) >> 383) + c2 = rnddiv2((k * G2) >> 383) + c1 = (c1 * -B1) % N + c2 = (c2 * -B2) % N + r2 = (c1 + c2) % N + r1 = (k + r2 * -LAMBDA) % N + return (r1, r2) + +# The result of scalar_lambda_split can depend on the representation of k (mod n). +SPECIAL = (2**383) // G2 + 1 +assert scalar_lambda_split(SPECIAL) != scalar_lambda_split(SPECIAL + N) + +print(' A1 =', hex(A1)) +print(' -B1 =', hex(-B1)) +print(' A2 =', hex(A2)) +print(' -B2 =', hex(-B2)) +print(' =', hex(Z(-B2))) +print(' -LAMBDA =', hex(-LAMBDA)) + +print(' G1 =', hex(G1)) +print(' G2 =', hex(G2)) diff --git a/secp256k1-sys/depend/secp256k1/sage/group_prover.sage b/secp256k1-sys/depend/secp256k1/sage/group_prover.sage index 8521f0799..b200bfeae 100644 --- a/secp256k1-sys/depend/secp256k1/sage/group_prover.sage +++ b/secp256k1-sys/depend/secp256k1/sage/group_prover.sage @@ -42,7 +42,7 @@ # as we assume that all constraints in it are complementary with each other. # # Based on the sage verification scripts used in the Explicit-Formulas Database -# by Tanja Lange and others, see http://hyperelliptic.org/EFD +# by Tanja Lange and others, see https://hyperelliptic.org/EFD class fastfrac: """Fractions over rings.""" @@ -65,7 +65,7 @@ class fastfrac: return self.top in I and self.bot not in I def reduce(self,assumeZero): - zero = self.R.ideal(map(numerator, assumeZero)) + zero = self.R.ideal(list(map(numerator, assumeZero))) return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot)) def __add__(self,other): @@ -100,7 +100,7 @@ class fastfrac: """Multiply something else with a fraction.""" return self.__mul__(other) - def __div__(self,other): + def __truediv__(self,other): """Divide two fractions.""" if parent(other) == ZZ: return fastfrac(self.R,self.top,self.bot * other) @@ -108,6 +108,11 @@ class fastfrac: return fastfrac(self.R,self.top * other.bot,self.bot * other.top) return NotImplemented + # Compatibility wrapper for Sage versions based on Python 2 + def __div__(self,other): + """Divide two fractions.""" + return self.__truediv__(other) + def __pow__(self,other): """Compute a power of a fraction.""" if parent(other) == ZZ: @@ -175,7 +180,7 @@ class constraints: def conflicts(R, con): """Check whether any of the passed non-zero assumptions is implied by the zero assumptions""" - zero = R.ideal(map(numerator, con.zero)) + zero = R.ideal(list(map(numerator, con.zero))) if 1 in zero: return True # First a cheap check whether any of the individual nonzero terms conflict on @@ -195,7 +200,7 @@ def conflicts(R, con): def get_nonzero_set(R, assume): """Calculate a simple set of nonzero expressions""" - zero = R.ideal(map(numerator, assume.zero)) + zero = R.ideal(list(map(numerator, assume.zero))) nonzero = set() for nz in map(numerator, assume.nonzero): for (f,n) in nz.factor(): @@ -208,7 +213,7 @@ def get_nonzero_set(R, assume): def prove_nonzero(R, exprs, assume): """Check whether an expression is provably nonzero, given assumptions""" - zero = R.ideal(map(numerator, assume.zero)) + zero = R.ideal(list(map(numerator, assume.zero))) nonzero = get_nonzero_set(R, assume) expl = set() ok = True @@ -250,7 +255,7 @@ def prove_zero(R, exprs, assume): r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume) if not r: return (False, map(lambda x: "Possibly zero denominator: %s" % x, e)) - zero = R.ideal(map(numerator, assume.zero)) + zero = R.ideal(list(map(numerator, assume.zero))) nonzero = prod(x for x in assume.nonzero) expl = [] for expr in exprs: @@ -265,8 +270,8 @@ def describe_extra(R, assume, assumeExtra): """Describe what assumptions are added, given existing assumptions""" zerox = assume.zero.copy() zerox.update(assumeExtra.zero) - zero = R.ideal(map(numerator, assume.zero)) - zeroextra = R.ideal(map(numerator, zerox)) + zero = R.ideal(list(map(numerator, assume.zero))) + zeroextra = R.ideal(list(map(numerator, zerox))) nonzero = get_nonzero_set(R, assume) ret = set() # Iterate over the extra zero expressions diff --git a/secp256k1-sys/depend/secp256k1/sage/secp256k1.sage b/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage similarity index 76% rename from secp256k1-sys/depend/secp256k1/sage/secp256k1.sage rename to secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage index ac96c6502..a408bf128 100644 --- a/secp256k1-sys/depend/secp256k1/sage/secp256k1.sage +++ b/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage @@ -5,8 +5,8 @@ import sys load("group_prover.sage") load("weierstrass_prover.sage") -def formula_rustsecp256k1_v0_3_1_gej_double_var(a): - """libsecp256k1's rustsecp256k1_v0_3_1_gej_double_var, used by various addition functions""" +def formula_rustsecp256k1_v0_4_0_gej_double_var(a): + """libsecp256k1's rustsecp256k1_v0_4_0_gej_double_var, used by various addition functions""" rz = a.Z * a.Y rz = rz * 2 t1 = a.X^2 @@ -29,8 +29,8 @@ def formula_rustsecp256k1_v0_3_1_gej_double_var(a): ry = ry + t2 return jacobianpoint(rx, ry, rz) -def formula_rustsecp256k1_v0_3_1_gej_add_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_3_1_gej_add_var""" +def formula_rustsecp256k1_v0_4_0_gej_add_var(branch, a, b): + """libsecp256k1's rustsecp256k1_v0_4_0_gej_add_var""" if branch == 0: return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), b) if branch == 1: @@ -48,7 +48,7 @@ def formula_rustsecp256k1_v0_3_1_gej_add_var(branch, a, b): i = -s1 i = i + s2 if branch == 2: - r = formula_rustsecp256k1_v0_3_1_gej_double_var(a) + r = formula_rustsecp256k1_v0_4_0_gej_double_var(a) return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r) if branch == 3: return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -71,8 +71,8 @@ def formula_rustsecp256k1_v0_3_1_gej_add_var(branch, a, b): ry = ry + h3 return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_3_1_gej_add_ge_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_3_1_gej_add_ge_var, which assume bz==1""" +def formula_rustsecp256k1_v0_4_0_gej_add_ge_var(branch, a, b): + """libsecp256k1's rustsecp256k1_v0_4_0_gej_add_ge_var, which assume bz==1""" if branch == 0: return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(nonzero={a.Infinity : 'a_infinite'}), b) if branch == 1: @@ -88,7 +88,7 @@ def formula_rustsecp256k1_v0_3_1_gej_add_ge_var(branch, a, b): i = -s1 i = i + s2 if (branch == 2): - r = formula_rustsecp256k1_v0_3_1_gej_double_var(a) + r = formula_rustsecp256k1_v0_4_0_gej_double_var(a) return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) if (branch == 3): return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -110,8 +110,8 @@ def formula_rustsecp256k1_v0_3_1_gej_add_ge_var(branch, a, b): ry = ry + h3 return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_3_1_gej_add_zinv_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_3_1_gej_add_zinv_var""" +def formula_rustsecp256k1_v0_4_0_gej_add_zinv_var(branch, a, b): + """libsecp256k1's rustsecp256k1_v0_4_0_gej_add_zinv_var""" bzinv = b.Z^(-1) if branch == 0: return (constraints(), constraints(nonzero={b.Infinity : 'b_infinite'}), a) @@ -134,7 +134,7 @@ def formula_rustsecp256k1_v0_3_1_gej_add_zinv_var(branch, a, b): i = -s1 i = i + s2 if branch == 2: - r = formula_rustsecp256k1_v0_3_1_gej_double_var(a) + r = formula_rustsecp256k1_v0_4_0_gej_double_var(a) return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) if branch == 3: return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -157,8 +157,8 @@ def formula_rustsecp256k1_v0_3_1_gej_add_zinv_var(branch, a, b): ry = ry + h3 return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_3_1_gej_add_ge(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_3_1_gej_add_ge""" +def formula_rustsecp256k1_v0_4_0_gej_add_ge(branch, a, b): + """libsecp256k1's rustsecp256k1_v0_4_0_gej_add_ge""" zeroes = {} nonzeroes = {} a_infinity = False @@ -229,8 +229,8 @@ def formula_rustsecp256k1_v0_3_1_gej_add_ge(branch, a, b): return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), point_at_infinity()) return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_3_1_gej_add_ge_old(branch, a, b): - """libsecp256k1's old rustsecp256k1_v0_3_1_gej_add_ge, which fails when ay+by=0 but ax!=bx""" +def formula_rustsecp256k1_v0_4_0_gej_add_ge_old(branch, a, b): + """libsecp256k1's old rustsecp256k1_v0_4_0_gej_add_ge, which fails when ay+by=0 but ax!=bx""" a_infinity = (branch & 1) != 0 zero = {} nonzero = {} @@ -292,15 +292,15 @@ def formula_rustsecp256k1_v0_3_1_gej_add_ge_old(branch, a, b): return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zero, nonzero=nonzero), jacobianpoint(rx, ry, rz)) if __name__ == "__main__": - check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_var) - check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_ge_var) - check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_zinv_var) - check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge", 0, 7, 16, formula_rustsecp256k1_v0_3_1_gej_add_ge) - check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_3_1_gej_add_ge_old) + check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_var) + check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_ge_var) + check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_zinv_var) + check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge", 0, 7, 16, formula_rustsecp256k1_v0_4_0_gej_add_ge) + check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_4_0_gej_add_ge_old) if len(sys.argv) >= 2 and sys.argv[1] == "--exhaustive": - check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_var, 43) - check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_ge_var, 43) - check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_3_1_gej_add_zinv_var, 43) - check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge", 0, 7, 16, formula_rustsecp256k1_v0_3_1_gej_add_ge, 43) - check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_3_1_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_3_1_gej_add_ge_old, 43) + check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_var, 43) + check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_ge_var, 43) + check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_4_0_gej_add_zinv_var, 43) + check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge", 0, 7, 16, formula_rustsecp256k1_v0_4_0_gej_add_ge, 43) + check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_4_0_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_4_0_gej_add_ge_old, 43) diff --git a/secp256k1-sys/depend/secp256k1/sage/secp256k1_params.sage b/secp256k1-sys/depend/secp256k1/sage/secp256k1_params.sage new file mode 100644 index 000000000..4e000726e --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/sage/secp256k1_params.sage @@ -0,0 +1,36 @@ +"""Prime order of finite field underlying secp256k1 (2^256 - 2^32 - 977)""" +P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F + +"""Finite field underlying secp256k1""" +F = FiniteField(P) + +"""Elliptic curve secp256k1: y^2 = x^3 + 7""" +C = EllipticCurve([F(0), F(7)]) + +"""Base point of secp256k1""" +G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) + +"""Prime order of secp256k1""" +N = C.order() + +"""Finite field of scalars of secp256k1""" +Z = FiniteField(N) + +""" Beta value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)""" +BETA = F(2)^((P-1)/3) + +""" Lambda value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)""" +LAMBDA = Z(3)^((N-1)/3) + +assert is_prime(P) +assert is_prime(N) + +assert BETA != F(1) +assert BETA^3 == F(1) +assert BETA^2 + BETA + 1 == 0 + +assert LAMBDA != Z(1) +assert LAMBDA^3 == Z(1) +assert LAMBDA^2 + LAMBDA + 1 == 0 + +assert Integer(LAMBDA)*G == C(BETA*G[0], G[1]) diff --git a/secp256k1-sys/depend/secp256k1/sage/weierstrass_prover.sage b/secp256k1-sys/depend/secp256k1/sage/weierstrass_prover.sage index 03ef2ec90..b770c6daf 100644 --- a/secp256k1-sys/depend/secp256k1/sage/weierstrass_prover.sage +++ b/secp256k1-sys/depend/secp256k1/sage/weierstrass_prover.sage @@ -175,24 +175,24 @@ laws_jacobian_weierstrass = { def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p): """Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field""" F = Integers(p) - print "Formula %s on Z%i:" % (name, p) + print("Formula %s on Z%i:" % (name, p)) points = [] - for x in xrange(0, p): - for y in xrange(0, p): + for x in range(0, p): + for y in range(0, p): point = affinepoint(F(x), F(y)) r, e = concrete_verify(on_weierstrass_curve(A, B, point)) if r: points.append(point) - for za in xrange(1, p): - for zb in xrange(1, p): + for za in range(1, p): + for zb in range(1, p): for pa in points: for pb in points: - for ia in xrange(2): - for ib in xrange(2): + for ia in range(2): + for ib in range(2): pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia) pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib) - for branch in xrange(0, branches): + for branch in range(0, branches): assumeAssert, assumeBranch, pC = formula(branch, pA, pB) pC.X = F(pC.X) pC.Y = F(pC.Y) @@ -206,13 +206,13 @@ def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p): r, e = concrete_verify(assumeLaw) if r: if match: - print " multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity) + print(" multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity)) else: match = True r, e = concrete_verify(require) if not r: - print " failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e) - print + print(" failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e)) + print() def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC): @@ -242,9 +242,9 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula): for key in laws_jacobian_weierstrass: res[key] = [] - print ("Formula " + name + ":") + print("Formula " + name + ":") count = 0 - for branch in xrange(branches): + for branch in range(branches): assumeFormula, assumeBranch, pC = formula(branch, pA, pB) pC.X = lift(pC.X) pC.Y = lift(pC.Y) @@ -255,10 +255,10 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula): res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch)) for key in res: - print " %s:" % key + print(" %s:" % key) val = res[key] for x in val: if x[0] is not None: - print " branch %i: %s" % (x[1], x[0]) + print(" branch %i: %s" % (x[1], x[0])) - print + print() diff --git a/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s b/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s index fa261ff54..ace090c57 100644 --- a/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s +++ b/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s @@ -1,9 +1,9 @@ @ vim: set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab syntax=armasm: -/********************************************************************** - * Copyright (c) 2014 Wladimir J. van der Laan * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Wladimir J. van der Laan * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ /* ARM implementation of field_10x26 inner loops. @@ -27,8 +27,8 @@ Note: .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff .align 2 - .global rustsecp256k1_v0_3_1_fe_mul_inner - .type rustsecp256k1_v0_3_1_fe_mul_inner, %function + .global rustsecp256k1_v0_4_0_fe_mul_inner + .type rustsecp256k1_v0_4_0_fe_mul_inner, %function @ Arguments: @ r0 r Restrict: can overlap with a, not with b @ r1 a @@ -36,7 +36,7 @@ Note: @ Stack (total 4+10*4 = 44) @ sp + #0 saved 'r' pointer @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -rustsecp256k1_v0_3_1_fe_mul_inner: +rustsecp256k1_v0_4_0_fe_mul_inner: stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} sub sp, sp, #48 @ frame=44 + alignment str r0, [sp, #0] @ save result address, we need it only at the end @@ -511,18 +511,18 @@ rustsecp256k1_v0_3_1_fe_mul_inner: add sp, sp, #48 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size rustsecp256k1_v0_3_1_fe_mul_inner, .-rustsecp256k1_v0_3_1_fe_mul_inner + .size rustsecp256k1_v0_4_0_fe_mul_inner, .-rustsecp256k1_v0_4_0_fe_mul_inner .align 2 - .global rustsecp256k1_v0_3_1_fe_sqr_inner - .type rustsecp256k1_v0_3_1_fe_sqr_inner, %function + .global rustsecp256k1_v0_4_0_fe_sqr_inner + .type rustsecp256k1_v0_4_0_fe_sqr_inner, %function @ Arguments: @ r0 r Can overlap with a @ r1 a @ Stack (total 4+10*4 = 44) @ sp + #0 saved 'r' pointer @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -rustsecp256k1_v0_3_1_fe_sqr_inner: +rustsecp256k1_v0_4_0_fe_sqr_inner: stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} sub sp, sp, #48 @ frame=44 + alignment str r0, [sp, #0] @ save result address, we need it only at the end @@ -909,5 +909,5 @@ rustsecp256k1_v0_3_1_fe_sqr_inner: add sp, sp, #48 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size rustsecp256k1_v0_3_1_fe_sqr_inner, .-rustsecp256k1_v0_3_1_fe_sqr_inner + .size rustsecp256k1_v0_4_0_fe_sqr_inner, .-rustsecp256k1_v0_4_0_fe_sqr_inner diff --git a/secp256k1-sys/depend/secp256k1/src/assumptions.h b/secp256k1-sys/depend/secp256k1/src/assumptions.h index 60c52704a..327364185 100644 --- a/secp256k1-sys/depend/secp256k1/src/assumptions.h +++ b/secp256k1-sys/depend/secp256k1/src/assumptions.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ASSUMPTIONS_H #define SECP256K1_ASSUMPTIONS_H @@ -16,7 +16,7 @@ reduce the odds of experiencing an unwelcome surprise. */ -struct rustsecp256k1_v0_3_1_assumption_checker { +struct rustsecp256k1_v0_4_0_assumption_checker { /* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not allowed. */ int dummy_array[( diff --git a/secp256k1-sys/depend/secp256k1/src/basic-config.h b/secp256k1-sys/depend/secp256k1/src/basic-config.h index 83dbe6f25..bb6b58259 100644 --- a/secp256k1-sys/depend/secp256k1/src/basic-config.h +++ b/secp256k1-sys/depend/secp256k1/src/basic-config.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_BASIC_CONFIG_H #define SECP256K1_BASIC_CONFIG_H @@ -11,7 +11,6 @@ #undef USE_ASM_X86_64 #undef USE_ECMULT_STATIC_PRECOMPUTATION -#undef USE_ENDOMORPHISM #undef USE_EXTERNAL_ASM #undef USE_EXTERNAL_DEFAULT_CALLBACKS #undef USE_FIELD_INV_BUILTIN diff --git a/secp256k1-sys/depend/secp256k1/src/bench.h b/secp256k1-sys/depend/secp256k1/src/bench.h index 9bfed903e..63c55df44 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench.h +++ b/secp256k1-sys/depend/secp256k1/src/bench.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_BENCH_H #define SECP256K1_BENCH_H diff --git a/secp256k1-sys/depend/secp256k1/src/bench_ecdh.c b/secp256k1-sys/depend/secp256k1/src/bench_ecdh.c index f6108f1e5..615c0d474 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_ecdh.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_ecdh.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include @@ -12,8 +12,8 @@ #include "bench.h" typedef struct { - rustsecp256k1_v0_3_1_context *ctx; - rustsecp256k1_v0_3_1_pubkey point; + rustsecp256k1_v0_4_0_context *ctx; + rustsecp256k1_v0_4_0_pubkey point; unsigned char scalar[32]; } bench_ecdh_data; @@ -31,7 +31,7 @@ static void bench_ecdh_setup(void* arg) { for (i = 0; i < 32; i++) { data->scalar[i] = i + 1; } - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); } static void bench_ecdh(void* arg, int iters) { @@ -40,7 +40,7 @@ static void bench_ecdh(void* arg, int iters) { bench_ecdh_data *data = (bench_ecdh_data*)arg; for (i = 0; i < iters; i++) { - CHECK(rustsecp256k1_v0_3_1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); } } @@ -50,10 +50,10 @@ int main(void) { int iters = get_iters(20000); /* create a context with no capabilities */ - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); return 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c b/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c index dd2e26be6..884d8f4c8 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2017 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2017 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include "include/secp256k1.h" @@ -21,13 +21,13 @@ typedef struct { /* Setup once in advance */ - rustsecp256k1_v0_3_1_context* ctx; - rustsecp256k1_v0_3_1_scratch_space* scratch; - rustsecp256k1_v0_3_1_scalar* scalars; - rustsecp256k1_v0_3_1_ge* pubkeys; - rustsecp256k1_v0_3_1_scalar* seckeys; - rustsecp256k1_v0_3_1_gej* expected_output; - rustsecp256k1_v0_3_1_ecmult_multi_func ecmult_multi; + rustsecp256k1_v0_4_0_context* ctx; + rustsecp256k1_v0_4_0_scratch_space* scratch; + rustsecp256k1_v0_4_0_scalar* scalars; + rustsecp256k1_v0_4_0_ge* pubkeys; + rustsecp256k1_v0_4_0_scalar* seckeys; + rustsecp256k1_v0_4_0_gej* expected_output; + rustsecp256k1_v0_4_0_ecmult_multi_func ecmult_multi; /* Changes per test */ size_t count; @@ -38,15 +38,15 @@ typedef struct { size_t offset2; /* Test output. */ - rustsecp256k1_v0_3_1_gej* output; + rustsecp256k1_v0_4_0_gej* output; } bench_data; -static int bench_callback(rustsecp256k1_v0_3_1_scalar* sc, rustsecp256k1_v0_3_1_ge* ge, size_t idx, void* arg) { +static int bench_callback(rustsecp256k1_v0_4_0_scalar* sc, rustsecp256k1_v0_4_0_ge* ge, size_t idx, void* arg) { bench_data* data = (bench_data*)arg; if (data->includes_g) ++idx; if (idx == 0) { *sc = data->scalars[data->offset1]; - *ge = rustsecp256k1_v0_3_1_ge_const_g; + *ge = rustsecp256k1_v0_4_0_ge_const_g; } else { *sc = data->scalars[(data->offset1 + idx) % POINTS]; *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS]; @@ -81,14 +81,14 @@ static void bench_ecmult_teardown(void* arg, int iters) { iters = iters / data->count; /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */ for (iter = 0; iter < iters; ++iter) { - rustsecp256k1_v0_3_1_gej tmp; - rustsecp256k1_v0_3_1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&tmp)); + rustsecp256k1_v0_4_0_gej tmp; + rustsecp256k1_v0_4_0_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&tmp)); } } -static void generate_scalar(uint32_t num, rustsecp256k1_v0_3_1_scalar* scalar) { - rustsecp256k1_v0_3_1_sha256 sha256; +static void generate_scalar(uint32_t num, rustsecp256k1_v0_4_0_scalar* scalar) { + rustsecp256k1_v0_4_0_sha256 sha256; unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0}; unsigned char buf[32]; int overflow = 0; @@ -96,16 +96,16 @@ static void generate_scalar(uint32_t num, rustsecp256k1_v0_3_1_scalar* scalar) { c[7] = num >> 8; c[8] = num >> 16; c[9] = num >> 24; - rustsecp256k1_v0_3_1_sha256_initialize(&sha256); - rustsecp256k1_v0_3_1_sha256_write(&sha256, c, sizeof(c)); - rustsecp256k1_v0_3_1_sha256_finalize(&sha256, buf); - rustsecp256k1_v0_3_1_scalar_set_b32(scalar, buf, &overflow); + rustsecp256k1_v0_4_0_sha256_initialize(&sha256); + rustsecp256k1_v0_4_0_sha256_write(&sha256, c, sizeof(c)); + rustsecp256k1_v0_4_0_sha256_finalize(&sha256, buf); + rustsecp256k1_v0_4_0_scalar_set_b32(scalar, buf, &overflow); CHECK(!overflow); } static void run_test(bench_data* data, size_t count, int includes_g, int num_iters) { char str[32]; - static const rustsecp256k1_v0_3_1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const rustsecp256k1_v0_4_0_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); size_t iters = 1 + num_iters / count; size_t iter; @@ -116,15 +116,15 @@ static void run_test(bench_data* data, size_t count, int includes_g, int num_ite data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS; data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS; for (iter = 0; iter < iters; ++iter) { - rustsecp256k1_v0_3_1_scalar tmp; - rustsecp256k1_v0_3_1_scalar total = data->scalars[(data->offset1++) % POINTS]; + rustsecp256k1_v0_4_0_scalar tmp; + rustsecp256k1_v0_4_0_scalar total = data->scalars[(data->offset1++) % POINTS]; size_t i = 0; for (i = 0; i + 1 < count; ++i) { - rustsecp256k1_v0_3_1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); - rustsecp256k1_v0_3_1_scalar_add(&total, &total, &tmp); + rustsecp256k1_v0_4_0_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); + rustsecp256k1_v0_4_0_scalar_add(&total, &total, &tmp); } - rustsecp256k1_v0_3_1_scalar_negate(&total, &total); - rustsecp256k1_v0_3_1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total); + rustsecp256k1_v0_4_0_scalar_negate(&total, &total); + rustsecp256k1_v0_4_0_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total); } /* Run the benchmark. */ @@ -135,27 +135,27 @@ static void run_test(bench_data* data, size_t count, int includes_g, int num_ite int main(int argc, char **argv) { bench_data data; int i, p; - rustsecp256k1_v0_3_1_gej* pubkeys_gej; + rustsecp256k1_v0_4_0_gej* pubkeys_gej; size_t scratch_size; int iters = get_iters(10000); - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - scratch_size = rustsecp256k1_v0_3_1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; - data.scratch = rustsecp256k1_v0_3_1_scratch_space_create(data.ctx, scratch_size); - data.ecmult_multi = rustsecp256k1_v0_3_1_ecmult_multi_var; + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + scratch_size = rustsecp256k1_v0_4_0_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; + data.scratch = rustsecp256k1_v0_4_0_scratch_space_create(data.ctx, scratch_size); + data.ecmult_multi = rustsecp256k1_v0_4_0_ecmult_multi_var; if (argc > 1) { if(have_flag(argc, argv, "pippenger_wnaf")) { printf("Using pippenger_wnaf:\n"); - data.ecmult_multi = rustsecp256k1_v0_3_1_ecmult_pippenger_batch_single; + data.ecmult_multi = rustsecp256k1_v0_4_0_ecmult_pippenger_batch_single; } else if(have_flag(argc, argv, "strauss_wnaf")) { printf("Using strauss_wnaf:\n"); - data.ecmult_multi = rustsecp256k1_v0_3_1_ecmult_strauss_batch_single; + data.ecmult_multi = rustsecp256k1_v0_4_0_ecmult_strauss_batch_single; } else if(have_flag(argc, argv, "simple")) { printf("Using simple algorithm:\n"); - data.ecmult_multi = rustsecp256k1_v0_3_1_ecmult_multi_var; - rustsecp256k1_v0_3_1_scratch_space_destroy(data.ctx, data.scratch); + data.ecmult_multi = rustsecp256k1_v0_4_0_ecmult_multi_var; + rustsecp256k1_v0_4_0_scratch_space_destroy(data.ctx, data.scratch); data.scratch = NULL; } else { fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]); @@ -165,24 +165,24 @@ int main(int argc, char **argv) { } /* Allocate stuff */ - data.scalars = malloc(sizeof(rustsecp256k1_v0_3_1_scalar) * POINTS); - data.seckeys = malloc(sizeof(rustsecp256k1_v0_3_1_scalar) * POINTS); - data.pubkeys = malloc(sizeof(rustsecp256k1_v0_3_1_ge) * POINTS); - data.expected_output = malloc(sizeof(rustsecp256k1_v0_3_1_gej) * (iters + 1)); - data.output = malloc(sizeof(rustsecp256k1_v0_3_1_gej) * (iters + 1)); + data.scalars = malloc(sizeof(rustsecp256k1_v0_4_0_scalar) * POINTS); + data.seckeys = malloc(sizeof(rustsecp256k1_v0_4_0_scalar) * POINTS); + data.pubkeys = malloc(sizeof(rustsecp256k1_v0_4_0_ge) * POINTS); + data.expected_output = malloc(sizeof(rustsecp256k1_v0_4_0_gej) * (iters + 1)); + data.output = malloc(sizeof(rustsecp256k1_v0_4_0_gej) * (iters + 1)); /* Generate a set of scalars, and private/public keypairs. */ - pubkeys_gej = malloc(sizeof(rustsecp256k1_v0_3_1_gej) * POINTS); - rustsecp256k1_v0_3_1_gej_set_ge(&pubkeys_gej[0], &rustsecp256k1_v0_3_1_ge_const_g); - rustsecp256k1_v0_3_1_scalar_set_int(&data.seckeys[0], 1); + pubkeys_gej = malloc(sizeof(rustsecp256k1_v0_4_0_gej) * POINTS); + rustsecp256k1_v0_4_0_gej_set_ge(&pubkeys_gej[0], &rustsecp256k1_v0_4_0_ge_const_g); + rustsecp256k1_v0_4_0_scalar_set_int(&data.seckeys[0], 1); for (i = 0; i < POINTS; ++i) { generate_scalar(i, &data.scalars[i]); if (i) { - rustsecp256k1_v0_3_1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL); - rustsecp256k1_v0_3_1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); + rustsecp256k1_v0_4_0_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL); + rustsecp256k1_v0_4_0_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); } } - rustsecp256k1_v0_3_1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS); + rustsecp256k1_v0_4_0_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS); free(pubkeys_gej); for (i = 1; i <= 8; ++i) { @@ -201,9 +201,9 @@ int main(int argc, char **argv) { } if (data.scratch != NULL) { - rustsecp256k1_v0_3_1_scratch_space_destroy(data.ctx, data.scratch); + rustsecp256k1_v0_4_0_scratch_space_destroy(data.ctx, data.scratch); } - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); free(data.scalars); free(data.pubkeys); free(data.seckeys); diff --git a/secp256k1-sys/depend/secp256k1/src/bench_internal.c b/secp256k1-sys/depend/secp256k1/src/bench_internal.c index 1cc211f64..e2c72441b 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_internal.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_internal.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include "include/secp256k1.h" @@ -20,10 +20,10 @@ #include "secp256k1.c" typedef struct { - rustsecp256k1_v0_3_1_scalar scalar[2]; - rustsecp256k1_v0_3_1_fe fe[4]; - rustsecp256k1_v0_3_1_ge ge[2]; - rustsecp256k1_v0_3_1_gej gej[2]; + rustsecp256k1_v0_4_0_scalar scalar[2]; + rustsecp256k1_v0_4_0_fe fe[4]; + rustsecp256k1_v0_4_0_ge ge[2]; + rustsecp256k1_v0_4_0_gej gej[2]; unsigned char data[64]; int wnaf[256]; } bench_inv; @@ -64,18 +64,18 @@ void bench_setup(void* arg) { } }; - rustsecp256k1_v0_3_1_scalar_set_b32(&data->scalar[0], init[0], NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&data->scalar[1], init[1], NULL); - rustsecp256k1_v0_3_1_fe_set_b32(&data->fe[0], init[0]); - rustsecp256k1_v0_3_1_fe_set_b32(&data->fe[1], init[1]); - rustsecp256k1_v0_3_1_fe_set_b32(&data->fe[2], init[2]); - rustsecp256k1_v0_3_1_fe_set_b32(&data->fe[3], init[3]); - CHECK(rustsecp256k1_v0_3_1_ge_set_xo_var(&data->ge[0], &data->fe[0], 0)); - CHECK(rustsecp256k1_v0_3_1_ge_set_xo_var(&data->ge[1], &data->fe[1], 1)); - rustsecp256k1_v0_3_1_gej_set_ge(&data->gej[0], &data->ge[0]); - rustsecp256k1_v0_3_1_gej_rescale(&data->gej[0], &data->fe[2]); - rustsecp256k1_v0_3_1_gej_set_ge(&data->gej[1], &data->ge[1]); - rustsecp256k1_v0_3_1_gej_rescale(&data->gej[1], &data->fe[3]); + rustsecp256k1_v0_4_0_scalar_set_b32(&data->scalar[0], init[0], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(&data->scalar[1], init[1], NULL); + rustsecp256k1_v0_4_0_fe_set_b32(&data->fe[0], init[0]); + rustsecp256k1_v0_4_0_fe_set_b32(&data->fe[1], init[1]); + rustsecp256k1_v0_4_0_fe_set_b32(&data->fe[2], init[2]); + rustsecp256k1_v0_4_0_fe_set_b32(&data->fe[3], init[3]); + CHECK(rustsecp256k1_v0_4_0_ge_set_xo_var(&data->ge[0], &data->fe[0], 0)); + CHECK(rustsecp256k1_v0_4_0_ge_set_xo_var(&data->ge[1], &data->fe[1], 1)); + rustsecp256k1_v0_4_0_gej_set_ge(&data->gej[0], &data->ge[0]); + rustsecp256k1_v0_4_0_gej_rescale(&data->gej[0], &data->fe[2]); + rustsecp256k1_v0_4_0_gej_set_ge(&data->gej[1], &data->ge[1]); + rustsecp256k1_v0_4_0_gej_rescale(&data->gej[1], &data->fe[3]); memcpy(data->data, init[0], 32); memcpy(data->data + 32, init[1], 32); } @@ -85,7 +85,7 @@ void bench_scalar_add(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - j += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + j += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -95,7 +95,7 @@ void bench_scalar_negate(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_negate(&data->scalar[0], &data->scalar[0]); + rustsecp256k1_v0_4_0_scalar_negate(&data->scalar[0], &data->scalar[0]); } } @@ -104,7 +104,7 @@ void bench_scalar_sqr(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&data->scalar[0], &data->scalar[0]); + rustsecp256k1_v0_4_0_scalar_sqr(&data->scalar[0], &data->scalar[0]); } } @@ -113,30 +113,28 @@ void bench_scalar_mul(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_mul(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + rustsecp256k1_v0_4_0_scalar_mul(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } } -#ifdef USE_ENDOMORPHISM void bench_scalar_split(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_split_lambda(&data->scalar[0], &data->scalar[1], &data->scalar[0]); - j += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + rustsecp256k1_v0_4_0_scalar_split_lambda(&data->scalar[0], &data->scalar[1], &data->scalar[0]); + j += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } -#endif void bench_scalar_inverse(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_inverse(&data->scalar[0], &data->scalar[0]); - j += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + rustsecp256k1_v0_4_0_scalar_inverse(&data->scalar[0], &data->scalar[0]); + j += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -146,8 +144,8 @@ void bench_scalar_inverse_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_scalar_inverse_var(&data->scalar[0], &data->scalar[0]); - j += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + rustsecp256k1_v0_4_0_scalar_inverse_var(&data->scalar[0], &data->scalar[0]); + j += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -157,7 +155,7 @@ void bench_field_normalize(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_normalize(&data->fe[0]); + rustsecp256k1_v0_4_0_fe_normalize(&data->fe[0]); } } @@ -166,7 +164,7 @@ void bench_field_normalize_weak(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_normalize_weak(&data->fe[0]); + rustsecp256k1_v0_4_0_fe_normalize_weak(&data->fe[0]); } } @@ -175,7 +173,7 @@ void bench_field_mul(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_mul(&data->fe[0], &data->fe[0], &data->fe[1]); + rustsecp256k1_v0_4_0_fe_mul(&data->fe[0], &data->fe[0], &data->fe[1]); } } @@ -184,7 +182,7 @@ void bench_field_sqr(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_sqr(&data->fe[0], &data->fe[0]); + rustsecp256k1_v0_4_0_fe_sqr(&data->fe[0], &data->fe[0]); } } @@ -193,8 +191,8 @@ void bench_field_inverse(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_inv(&data->fe[0], &data->fe[0]); - rustsecp256k1_v0_3_1_fe_add(&data->fe[0], &data->fe[1]); + rustsecp256k1_v0_4_0_fe_inv(&data->fe[0], &data->fe[0]); + rustsecp256k1_v0_4_0_fe_add(&data->fe[0], &data->fe[1]); } } @@ -203,20 +201,20 @@ void bench_field_inverse_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_fe_inv_var(&data->fe[0], &data->fe[0]); - rustsecp256k1_v0_3_1_fe_add(&data->fe[0], &data->fe[1]); + rustsecp256k1_v0_4_0_fe_inv_var(&data->fe[0], &data->fe[0]); + rustsecp256k1_v0_4_0_fe_add(&data->fe[0], &data->fe[1]); } } void bench_field_sqrt(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_3_1_fe t; + rustsecp256k1_v0_4_0_fe t; for (i = 0; i < iters; i++) { t = data->fe[0]; - j += rustsecp256k1_v0_3_1_fe_sqrt(&data->fe[0], &t); - rustsecp256k1_v0_3_1_fe_add(&data->fe[0], &data->fe[1]); + j += rustsecp256k1_v0_4_0_fe_sqrt(&data->fe[0], &t); + rustsecp256k1_v0_4_0_fe_add(&data->fe[0], &data->fe[1]); } CHECK(j <= iters); } @@ -226,7 +224,7 @@ void bench_group_double_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_gej_double_var(&data->gej[0], &data->gej[0], NULL); + rustsecp256k1_v0_4_0_gej_double_var(&data->gej[0], &data->gej[0], NULL); } } @@ -235,7 +233,7 @@ void bench_group_add_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_gej_add_var(&data->gej[0], &data->gej[0], &data->gej[1], NULL); + rustsecp256k1_v0_4_0_gej_add_var(&data->gej[0], &data->gej[0], &data->gej[1], NULL); } } @@ -244,7 +242,7 @@ void bench_group_add_affine(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_gej_add_ge(&data->gej[0], &data->gej[0], &data->ge[1]); + rustsecp256k1_v0_4_0_gej_add_ge(&data->gej[0], &data->gej[0], &data->ge[1]); } } @@ -253,7 +251,7 @@ void bench_group_add_affine_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_gej_add_ge_var(&data->gej[0], &data->gej[0], &data->ge[1], NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&data->gej[0], &data->gej[0], &data->ge[1], NULL); } } @@ -262,17 +260,17 @@ void bench_group_jacobi_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - j += rustsecp256k1_v0_3_1_gej_has_quad_y_var(&data->gej[0]); + j += rustsecp256k1_v0_4_0_gej_has_quad_y_var(&data->gej[0]); /* Vary the Y and Z coordinates of the input (the X coordinate doesn't matter to - rustsecp256k1_v0_3_1_gej_has_quad_y_var). Note that the resulting coordinates will + rustsecp256k1_v0_4_0_gej_has_quad_y_var). Note that the resulting coordinates will generally not correspond to a point on the curve, but this is not a problem for the code being benchmarked here. Adding and normalizing have less overhead than EC operations (which could guarantee the point remains on the curve). */ - rustsecp256k1_v0_3_1_fe_add(&data->gej[0].y, &data->fe[1]); - rustsecp256k1_v0_3_1_fe_add(&data->gej[0].z, &data->fe[2]); - rustsecp256k1_v0_3_1_fe_normalize_var(&data->gej[0].y); - rustsecp256k1_v0_3_1_fe_normalize_var(&data->gej[0].z); + rustsecp256k1_v0_4_0_fe_add(&data->gej[0].y, &data->fe[1]); + rustsecp256k1_v0_4_0_fe_add(&data->gej[0].z, &data->fe[2]); + rustsecp256k1_v0_4_0_fe_normalize_var(&data->gej[0].y); + rustsecp256k1_v0_4_0_fe_normalize_var(&data->gej[0].z); } CHECK(j <= iters); } @@ -282,16 +280,16 @@ void bench_group_to_affine_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_3_1_ge_set_gej_var(&data->ge[1], &data->gej[0]); + rustsecp256k1_v0_4_0_ge_set_gej_var(&data->ge[1], &data->gej[0]); /* Use the output affine X/Y coordinates to vary the input X/Y/Z coordinates. Similar to bench_group_jacobi_var, this approach does not result in coordinates of points on the curve. */ - rustsecp256k1_v0_3_1_fe_add(&data->gej[0].x, &data->ge[1].y); - rustsecp256k1_v0_3_1_fe_add(&data->gej[0].y, &data->fe[2]); - rustsecp256k1_v0_3_1_fe_add(&data->gej[0].z, &data->ge[1].x); - rustsecp256k1_v0_3_1_fe_normalize_var(&data->gej[0].x); - rustsecp256k1_v0_3_1_fe_normalize_var(&data->gej[0].y); - rustsecp256k1_v0_3_1_fe_normalize_var(&data->gej[0].z); + rustsecp256k1_v0_4_0_fe_add(&data->gej[0].x, &data->ge[1].y); + rustsecp256k1_v0_4_0_fe_add(&data->gej[0].y, &data->fe[2]); + rustsecp256k1_v0_4_0_fe_add(&data->gej[0].z, &data->ge[1].x); + rustsecp256k1_v0_4_0_fe_normalize_var(&data->gej[0].x); + rustsecp256k1_v0_4_0_fe_normalize_var(&data->gej[0].y); + rustsecp256k1_v0_4_0_fe_normalize_var(&data->gej[0].z); } } @@ -300,8 +298,8 @@ void bench_ecmult_wnaf(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - bits += rustsecp256k1_v0_3_1_ecmult_wnaf(data->wnaf, 256, &data->scalar[0], WINDOW_A); - overflow += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + bits += rustsecp256k1_v0_4_0_ecmult_wnaf(data->wnaf, 256, &data->scalar[0], WINDOW_A); + overflow += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(overflow >= 0); CHECK(bits <= 256*iters); @@ -312,8 +310,8 @@ void bench_wnaf_const(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - bits += rustsecp256k1_v0_3_1_wnaf_const(data->wnaf, &data->scalar[0], WINDOW_A, 256); - overflow += rustsecp256k1_v0_3_1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + bits += rustsecp256k1_v0_4_0_wnaf_const(data->wnaf, &data->scalar[0], WINDOW_A, 256); + overflow += rustsecp256k1_v0_4_0_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(overflow >= 0); CHECK(bits <= 256*iters); @@ -323,35 +321,35 @@ void bench_wnaf_const(void* arg, int iters) { void bench_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_3_1_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_sha256_initialize(&sha); - rustsecp256k1_v0_3_1_sha256_write(&sha, data->data, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, data->data); + rustsecp256k1_v0_4_0_sha256_initialize(&sha); + rustsecp256k1_v0_4_0_sha256_write(&sha, data->data, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, data->data); } } void bench_hmac_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_3_1_hmac_sha256 hmac; + rustsecp256k1_v0_4_0_hmac_sha256 hmac; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, data->data, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, data->data, 32); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, data->data); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, data->data, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, data->data, 32); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, data->data); } } void bench_rfc6979_hmac_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rng; + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rng; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, data->data, 32); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, data->data, 32); } } @@ -359,7 +357,7 @@ void bench_context_verify(void* arg, int iters) { int i; (void)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_context_destroy(rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY)); + rustsecp256k1_v0_4_0_context_destroy(rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY)); } } @@ -367,7 +365,7 @@ void bench_context_sign(void* arg, int iters) { int i; (void)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_context_destroy(rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN)); + rustsecp256k1_v0_4_0_context_destroy(rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN)); } } @@ -375,15 +373,15 @@ void bench_context_sign(void* arg, int iters) { void bench_num_jacobi(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_3_1_num nx, na, norder; + rustsecp256k1_v0_4_0_num nx, na, norder; - rustsecp256k1_v0_3_1_scalar_get_num(&nx, &data->scalar[0]); - rustsecp256k1_v0_3_1_scalar_order_get_num(&norder); - rustsecp256k1_v0_3_1_scalar_get_num(&na, &data->scalar[1]); + rustsecp256k1_v0_4_0_scalar_get_num(&nx, &data->scalar[0]); + rustsecp256k1_v0_4_0_scalar_order_get_num(&norder); + rustsecp256k1_v0_4_0_scalar_get_num(&na, &data->scalar[1]); for (i = 0; i < iters; i++) { - j += rustsecp256k1_v0_3_1_num_jacobi(&nx, &norder); - rustsecp256k1_v0_3_1_num_add(&nx, &nx, &na); + j += rustsecp256k1_v0_4_0_num_jacobi(&nx, &norder); + rustsecp256k1_v0_4_0_num_add(&nx, &nx, &na); } CHECK(j <= iters); } @@ -397,9 +395,7 @@ int main(int argc, char **argv) { if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "negate")) run_benchmark("scalar_negate", bench_scalar_negate, bench_setup, NULL, &data, 10, iters*100); if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "sqr")) run_benchmark("scalar_sqr", bench_scalar_sqr, bench_setup, NULL, &data, 10, iters*10); if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "mul")) run_benchmark("scalar_mul", bench_scalar_mul, bench_setup, NULL, &data, 10, iters*10); -#ifdef USE_ENDOMORPHISM if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "split")) run_benchmark("scalar_split", bench_scalar_split, bench_setup, NULL, &data, 10, iters); -#endif if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse", bench_scalar_inverse, bench_setup, NULL, &data, 10, 2000); if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse_var", bench_scalar_inverse_var, bench_setup, NULL, &data, 10, 2000); diff --git a/secp256k1-sys/depend/secp256k1/src/bench_recover.c b/secp256k1-sys/depend/secp256k1/src/bench_recover.c index 3e299a390..143b9bea9 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_recover.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_recover.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include "include/secp256k1.h" #include "include/secp256k1_recovery.h" @@ -10,7 +10,7 @@ #include "bench.h" typedef struct { - rustsecp256k1_v0_3_1_context *ctx; + rustsecp256k1_v0_4_0_context *ctx; unsigned char msg[32]; unsigned char sig[64]; } bench_recover_data; @@ -18,16 +18,16 @@ typedef struct { void bench_recover(void* arg, int iters) { int i; bench_recover_data *data = (bench_recover_data*)arg; - rustsecp256k1_v0_3_1_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey pubkey; unsigned char pubkeyc[33]; for (i = 0; i < iters; i++) { int j; size_t pubkeylen = 33; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature sig; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature sig; + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); for (j = 0; j < 32; j++) { data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ data->msg[j] = data->sig[j]; /* Move former R to message. */ @@ -53,10 +53,10 @@ int main(void) { int iters = get_iters(20000); - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY); + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY); run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); return 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench_schnorrsig.c b/secp256k1-sys/depend/secp256k1/src/bench_schnorrsig.c index d7a68809b..02fd02e43 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_schnorrsig.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_schnorrsig.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include @@ -14,10 +14,10 @@ #include "bench.h" typedef struct { - rustsecp256k1_v0_3_1_context *ctx; + rustsecp256k1_v0_4_0_context *ctx; int n; - const rustsecp256k1_v0_3_1_keypair **keypairs; + const rustsecp256k1_v0_4_0_keypair **keypairs; const unsigned char **pk; const unsigned char **sigs; const unsigned char **msgs; @@ -32,7 +32,7 @@ void bench_schnorrsig_sign(void* arg, int iters) { for (i = 0; i < iters; i++) { msg[0] = i; msg[1] = i >> 8; - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(data->ctx, sig, msg, data->keypairs[i], NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(data->ctx, sig, msg, data->keypairs[i], NULL, NULL)); } } @@ -41,9 +41,9 @@ void bench_schnorrsig_verify(void* arg, int iters) { int i; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_xonly_pubkey pk; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(data->ctx, &pk, data->pk[i]) == 1); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(data->ctx, data->sigs[i], data->msgs[i], &pk)); + rustsecp256k1_v0_4_0_xonly_pubkey pk; + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(data->ctx, &pk, data->pk[i]) == 1); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(data->ctx, data->sigs[i], data->msgs[i], &pk)); } } @@ -52,8 +52,8 @@ int main(void) { bench_schnorrsig_data data; int iters = get_iters(10000); - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN); - data.keypairs = (const rustsecp256k1_v0_3_1_keypair **)malloc(iters * sizeof(rustsecp256k1_v0_3_1_keypair *)); + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN); + data.keypairs = (const rustsecp256k1_v0_4_0_keypair **)malloc(iters * sizeof(rustsecp256k1_v0_4_0_keypair *)); data.pk = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); data.msgs = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); data.sigs = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); @@ -62,9 +62,9 @@ int main(void) { unsigned char sk[32]; unsigned char *msg = (unsigned char *)malloc(32); unsigned char *sig = (unsigned char *)malloc(64); - rustsecp256k1_v0_3_1_keypair *keypair = (rustsecp256k1_v0_3_1_keypair *)malloc(sizeof(*keypair)); + rustsecp256k1_v0_4_0_keypair *keypair = (rustsecp256k1_v0_4_0_keypair *)malloc(sizeof(*keypair)); unsigned char *pk_char = (unsigned char *)malloc(32); - rustsecp256k1_v0_3_1_xonly_pubkey pk; + rustsecp256k1_v0_4_0_xonly_pubkey pk; msg[0] = sk[0] = i; msg[1] = sk[1] = i >> 8; msg[2] = sk[2] = i >> 16; @@ -77,10 +77,10 @@ int main(void) { data.msgs[i] = msg; data.sigs[i] = sig; - CHECK(rustsecp256k1_v0_3_1_keypair_create(data.ctx, keypair, sk)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(data.ctx, sig, msg, keypair, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(data.ctx, &pk, NULL, keypair)); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(data.ctx, pk_char, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(data.ctx, keypair, sk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(data.ctx, sig, msg, keypair, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(data.ctx, &pk, NULL, keypair)); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(data.ctx, pk_char, &pk) == 1); } run_benchmark("schnorrsig_sign", bench_schnorrsig_sign, NULL, NULL, (void *) &data, 10, iters); @@ -97,6 +97,6 @@ int main(void) { free(data.msgs); free(data.sigs); - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); return 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench_sign.c b/secp256k1-sys/depend/secp256k1/src/bench_sign.c index 9458ec60e..daab28b7b 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_sign.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_sign.c @@ -1,22 +1,22 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include "include/secp256k1.h" #include "util.h" #include "bench.h" typedef struct { - rustsecp256k1_v0_3_1_context* ctx; + rustsecp256k1_v0_4_0_context* ctx; unsigned char msg[32]; unsigned char key[32]; -} bench_sign; +} bench_sign_data; static void bench_sign_setup(void* arg) { int i; - bench_sign *data = (bench_sign*)arg; + bench_sign_data *data = (bench_sign_data*)arg; for (i = 0; i < 32; i++) { data->msg[i] = i + 1; @@ -28,15 +28,15 @@ static void bench_sign_setup(void* arg) { static void bench_sign_run(void* arg, int iters) { int i; - bench_sign *data = (bench_sign*)arg; + bench_sign_data *data = (bench_sign_data*)arg; unsigned char sig[74]; for (i = 0; i < iters; i++) { size_t siglen = 74; int j; - rustsecp256k1_v0_3_1_ecdsa_signature signature; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); + rustsecp256k1_v0_4_0_ecdsa_signature signature; + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); for (j = 0; j < 32; j++) { data->msg[j] = sig[j]; data->key[j] = sig[j + 32]; @@ -45,14 +45,14 @@ static void bench_sign_run(void* arg, int iters) { } int main(void) { - bench_sign data; + bench_sign_data data; int iters = get_iters(20000); - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN); + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN); run_benchmark("ecdsa_sign", bench_sign_run, bench_sign_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); return 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench_verify.c b/secp256k1-sys/depend/secp256k1/src/bench_verify.c index 4ac4fac2b..d708d2e6b 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_verify.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_verify.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include @@ -19,7 +19,7 @@ typedef struct { - rustsecp256k1_v0_3_1_context *ctx; + rustsecp256k1_v0_4_0_context *ctx; unsigned char msg[32]; unsigned char key[32]; unsigned char sig[72]; @@ -29,21 +29,21 @@ typedef struct { #ifdef ENABLE_OPENSSL_TESTS EC_GROUP* ec_group; #endif -} benchmark_verify_t; +} bench_verify_data; -static void benchmark_verify(void* arg, int iters) { +static void bench_verify(void* arg, int iters) { int i; - benchmark_verify_t* data = (benchmark_verify_t*)arg; + bench_verify_data* data = (bench_verify_data*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_ecdsa_signature sig; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_ecdsa_signature sig; data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); @@ -51,9 +51,9 @@ static void benchmark_verify(void* arg, int iters) { } #ifdef ENABLE_OPENSSL_TESTS -static void benchmark_verify_openssl(void* arg, int iters) { +static void bench_verify_openssl(void* arg, int iters) { int i; - benchmark_verify_t* data = (benchmark_verify_t*)arg; + bench_verify_data* data = (bench_verify_data*)arg; for (i = 0; i < iters; i++) { data->sig[data->siglen - 1] ^= (i & 0xFF); @@ -82,13 +82,13 @@ static void benchmark_verify_openssl(void* arg, int iters) { int main(void) { int i; - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_ecdsa_signature sig; - benchmark_verify_t data; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_ecdsa_signature sig; + bench_verify_data data; int iters = get_iters(20000); - data.ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + data.ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); for (i = 0; i < 32; i++) { data.msg[i] = 1 + i; @@ -97,19 +97,19 @@ int main(void) { data.key[i] = 33 + i; } data.siglen = 72; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(data.ctx, &pubkey, data.key)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(data.ctx, &pubkey, data.key)); data.pubkeylen = 33; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, iters); + run_benchmark("ecdsa_verify", bench_verify, NULL, NULL, &data, 10, iters); #ifdef ENABLE_OPENSSL_TESTS data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); - run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, iters); + run_benchmark("ecdsa_verify_openssl", bench_verify_openssl, NULL, NULL, &data, 10, iters); EC_GROUP_free(data.ec_group); #endif - rustsecp256k1_v0_3_1_context_destroy(data.ctx); + rustsecp256k1_v0_4_0_context_destroy(data.ctx); return 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/ecdsa.h b/secp256k1-sys/depend/secp256k1/src/ecdsa.h index 471719869..c07070454 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecdsa.h +++ b/secp256k1-sys/depend/secp256k1/src/ecdsa.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECDSA_H #define SECP256K1_ECDSA_H @@ -13,9 +13,9 @@ #include "group.h" #include "ecmult.h" -static int rustsecp256k1_v0_3_1_ecdsa_sig_parse(rustsecp256k1_v0_3_1_scalar *r, rustsecp256k1_v0_3_1_scalar *s, const unsigned char *sig, size_t size); -static int rustsecp256k1_v0_3_1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *s); -static int rustsecp256k1_v0_3_1_ecdsa_sig_verify(const rustsecp256k1_v0_3_1_ecmult_context *ctx, const rustsecp256k1_v0_3_1_scalar* r, const rustsecp256k1_v0_3_1_scalar* s, const rustsecp256k1_v0_3_1_ge *pubkey, const rustsecp256k1_v0_3_1_scalar *message); -static int rustsecp256k1_v0_3_1_ecdsa_sig_sign(const rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, const rustsecp256k1_v0_3_1_scalar *seckey, const rustsecp256k1_v0_3_1_scalar *message, const rustsecp256k1_v0_3_1_scalar *nonce, int *recid); +static int rustsecp256k1_v0_4_0_ecdsa_sig_parse(rustsecp256k1_v0_4_0_scalar *r, rustsecp256k1_v0_4_0_scalar *s, const unsigned char *sig, size_t size); +static int rustsecp256k1_v0_4_0_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *s); +static int rustsecp256k1_v0_4_0_ecdsa_sig_verify(const rustsecp256k1_v0_4_0_ecmult_context *ctx, const rustsecp256k1_v0_4_0_scalar* r, const rustsecp256k1_v0_4_0_scalar* s, const rustsecp256k1_v0_4_0_ge *pubkey, const rustsecp256k1_v0_4_0_scalar *message); +static int rustsecp256k1_v0_4_0_ecdsa_sig_sign(const rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, const rustsecp256k1_v0_4_0_scalar *seckey, const rustsecp256k1_v0_4_0_scalar *message, const rustsecp256k1_v0_4_0_scalar *nonce, int *recid); #endif /* SECP256K1_ECDSA_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h b/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h index d182134bd..5489efffd 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECDSA_IMPL_H @@ -28,7 +28,7 @@ * sage: '%x' % (EllipticCurve ([F (a), F (b)]).order()) * 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141' */ -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL ); @@ -42,11 +42,11 @@ static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_ecdsa_const_order_as_f * sage: '%x' % (p - EllipticCurve ([F (a), F (b)]).order()) * '14551231950b75fc4402da1722fc9baee' */ -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL ); -static int rustsecp256k1_v0_3_1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { +static int rustsecp256k1_v0_4_0_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { size_t lenleft; unsigned char b1; VERIFY_CHECK(len != NULL); @@ -99,7 +99,7 @@ static int rustsecp256k1_v0_3_1_der_read_len(size_t *len, const unsigned char ** return 1; } -static int rustsecp256k1_v0_3_1_der_parse_integer(rustsecp256k1_v0_3_1_scalar *r, const unsigned char **sig, const unsigned char *sigend) { +static int rustsecp256k1_v0_4_0_der_parse_integer(rustsecp256k1_v0_4_0_scalar *r, const unsigned char **sig, const unsigned char *sigend) { int overflow = 0; unsigned char ra[32] = {0}; size_t rlen; @@ -109,7 +109,7 @@ static int rustsecp256k1_v0_3_1_der_parse_integer(rustsecp256k1_v0_3_1_scalar *r return 0; } (*sig)++; - if (rustsecp256k1_v0_3_1_der_read_len(&rlen, sig, sigend) == 0) { + if (rustsecp256k1_v0_4_0_der_read_len(&rlen, sig, sigend) == 0) { return 0; } if (rlen == 0 || *sig + rlen > sigend) { @@ -141,23 +141,23 @@ static int rustsecp256k1_v0_3_1_der_parse_integer(rustsecp256k1_v0_3_1_scalar *r } if (!overflow) { memcpy(ra + 32 - rlen, *sig, rlen); - rustsecp256k1_v0_3_1_scalar_set_b32(r, ra, &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(r, ra, &overflow); } if (overflow) { - rustsecp256k1_v0_3_1_scalar_set_int(r, 0); + rustsecp256k1_v0_4_0_scalar_set_int(r, 0); } (*sig) += rlen; return 1; } -static int rustsecp256k1_v0_3_1_ecdsa_sig_parse(rustsecp256k1_v0_3_1_scalar *rr, rustsecp256k1_v0_3_1_scalar *rs, const unsigned char *sig, size_t size) { +static int rustsecp256k1_v0_4_0_ecdsa_sig_parse(rustsecp256k1_v0_4_0_scalar *rr, rustsecp256k1_v0_4_0_scalar *rs, const unsigned char *sig, size_t size) { const unsigned char *sigend = sig + size; size_t rlen; if (sig == sigend || *(sig++) != 0x30) { /* The encoding doesn't start with a constructed sequence (X.690-0207 8.9.1). */ return 0; } - if (rustsecp256k1_v0_3_1_der_read_len(&rlen, &sig, sigend) == 0) { + if (rustsecp256k1_v0_4_0_der_read_len(&rlen, &sig, sigend) == 0) { return 0; } if (rlen != (size_t)(sigend - sig)) { @@ -165,10 +165,10 @@ static int rustsecp256k1_v0_3_1_ecdsa_sig_parse(rustsecp256k1_v0_3_1_scalar *rr, return 0; } - if (!rustsecp256k1_v0_3_1_der_parse_integer(rr, &sig, sigend)) { + if (!rustsecp256k1_v0_4_0_der_parse_integer(rr, &sig, sigend)) { return 0; } - if (!rustsecp256k1_v0_3_1_der_parse_integer(rs, &sig, sigend)) { + if (!rustsecp256k1_v0_4_0_der_parse_integer(rs, &sig, sigend)) { return 0; } @@ -180,12 +180,12 @@ static int rustsecp256k1_v0_3_1_ecdsa_sig_parse(rustsecp256k1_v0_3_1_scalar *rr, return 1; } -static int rustsecp256k1_v0_3_1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_3_1_scalar* ar, const rustsecp256k1_v0_3_1_scalar* as) { +static int rustsecp256k1_v0_4_0_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_4_0_scalar* ar, const rustsecp256k1_v0_4_0_scalar* as) { unsigned char r[33] = {0}, s[33] = {0}; unsigned char *rp = r, *sp = s; size_t lenR = 33, lenS = 33; - rustsecp256k1_v0_3_1_scalar_get_b32(&r[1], ar); - rustsecp256k1_v0_3_1_scalar_get_b32(&s[1], as); + rustsecp256k1_v0_4_0_scalar_get_b32(&r[1], ar); + rustsecp256k1_v0_4_0_scalar_get_b32(&s[1], as); while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } if (*size < 6+lenS+lenR) { @@ -204,42 +204,42 @@ static int rustsecp256k1_v0_3_1_ecdsa_sig_serialize(unsigned char *sig, size_t * return 1; } -static int rustsecp256k1_v0_3_1_ecdsa_sig_verify(const rustsecp256k1_v0_3_1_ecmult_context *ctx, const rustsecp256k1_v0_3_1_scalar *sigr, const rustsecp256k1_v0_3_1_scalar *sigs, const rustsecp256k1_v0_3_1_ge *pubkey, const rustsecp256k1_v0_3_1_scalar *message) { +static int rustsecp256k1_v0_4_0_ecdsa_sig_verify(const rustsecp256k1_v0_4_0_ecmult_context *ctx, const rustsecp256k1_v0_4_0_scalar *sigr, const rustsecp256k1_v0_4_0_scalar *sigs, const rustsecp256k1_v0_4_0_ge *pubkey, const rustsecp256k1_v0_4_0_scalar *message) { unsigned char c[32]; - rustsecp256k1_v0_3_1_scalar sn, u1, u2; + rustsecp256k1_v0_4_0_scalar sn, u1, u2; #if !defined(EXHAUSTIVE_TEST_ORDER) - rustsecp256k1_v0_3_1_fe xr; + rustsecp256k1_v0_4_0_fe xr; #endif - rustsecp256k1_v0_3_1_gej pubkeyj; - rustsecp256k1_v0_3_1_gej pr; + rustsecp256k1_v0_4_0_gej pubkeyj; + rustsecp256k1_v0_4_0_gej pr; - if (rustsecp256k1_v0_3_1_scalar_is_zero(sigr) || rustsecp256k1_v0_3_1_scalar_is_zero(sigs)) { + if (rustsecp256k1_v0_4_0_scalar_is_zero(sigr) || rustsecp256k1_v0_4_0_scalar_is_zero(sigs)) { return 0; } - rustsecp256k1_v0_3_1_scalar_inverse_var(&sn, sigs); - rustsecp256k1_v0_3_1_scalar_mul(&u1, &sn, message); - rustsecp256k1_v0_3_1_scalar_mul(&u2, &sn, sigr); - rustsecp256k1_v0_3_1_gej_set_ge(&pubkeyj, pubkey); - rustsecp256k1_v0_3_1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); - if (rustsecp256k1_v0_3_1_gej_is_infinity(&pr)) { + rustsecp256k1_v0_4_0_scalar_inverse_var(&sn, sigs); + rustsecp256k1_v0_4_0_scalar_mul(&u1, &sn, message); + rustsecp256k1_v0_4_0_scalar_mul(&u2, &sn, sigr); + rustsecp256k1_v0_4_0_gej_set_ge(&pubkeyj, pubkey); + rustsecp256k1_v0_4_0_ecmult(ctx, &pr, &pubkeyj, &u2, &u1); + if (rustsecp256k1_v0_4_0_gej_is_infinity(&pr)) { return 0; } #if defined(EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_3_1_scalar computed_r; - rustsecp256k1_v0_3_1_ge pr_ge; - rustsecp256k1_v0_3_1_ge_set_gej(&pr_ge, &pr); - rustsecp256k1_v0_3_1_fe_normalize(&pr_ge.x); + rustsecp256k1_v0_4_0_scalar computed_r; + rustsecp256k1_v0_4_0_ge pr_ge; + rustsecp256k1_v0_4_0_ge_set_gej(&pr_ge, &pr); + rustsecp256k1_v0_4_0_fe_normalize(&pr_ge.x); - rustsecp256k1_v0_3_1_fe_get_b32(c, &pr_ge.x); - rustsecp256k1_v0_3_1_scalar_set_b32(&computed_r, c, NULL); - return rustsecp256k1_v0_3_1_scalar_eq(sigr, &computed_r); + rustsecp256k1_v0_4_0_fe_get_b32(c, &pr_ge.x); + rustsecp256k1_v0_4_0_scalar_set_b32(&computed_r, c, NULL); + return rustsecp256k1_v0_4_0_scalar_eq(sigr, &computed_r); } #else - rustsecp256k1_v0_3_1_scalar_get_b32(c, sigr); - rustsecp256k1_v0_3_1_fe_set_b32(&xr, c); + rustsecp256k1_v0_4_0_scalar_get_b32(c, sigr); + rustsecp256k1_v0_4_0_fe_set_b32(&xr, c); /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) * in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), @@ -255,18 +255,18 @@ static int rustsecp256k1_v0_3_1_ecdsa_sig_verify(const rustsecp256k1_v0_3_1_ecmu * <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x) * * Thus, we can avoid the inversion, but we have to check both cases separately. - * rustsecp256k1_v0_3_1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. + * rustsecp256k1_v0_4_0_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. */ - if (rustsecp256k1_v0_3_1_gej_eq_x_var(&xr, &pr)) { + if (rustsecp256k1_v0_4_0_gej_eq_x_var(&xr, &pr)) { /* xr * pr.z^2 mod p == pr.x, so the signature is valid. */ return 1; } - if (rustsecp256k1_v0_3_1_fe_cmp_var(&xr, &rustsecp256k1_v0_3_1_ecdsa_const_p_minus_order) >= 0) { + if (rustsecp256k1_v0_4_0_fe_cmp_var(&xr, &rustsecp256k1_v0_4_0_ecdsa_const_p_minus_order) >= 0) { /* xr + n >= p, so we can skip testing the second case. */ return 0; } - rustsecp256k1_v0_3_1_fe_add(&xr, &rustsecp256k1_v0_3_1_ecdsa_const_order_as_fe); - if (rustsecp256k1_v0_3_1_gej_eq_x_var(&xr, &pr)) { + rustsecp256k1_v0_4_0_fe_add(&xr, &rustsecp256k1_v0_4_0_ecdsa_const_order_as_fe); + if (rustsecp256k1_v0_4_0_gej_eq_x_var(&xr, &pr)) { /* (xr + n) * pr.z^2 mod p == pr.x, so the signature is valid. */ return 1; } @@ -274,42 +274,42 @@ static int rustsecp256k1_v0_3_1_ecdsa_sig_verify(const rustsecp256k1_v0_3_1_ecmu #endif } -static int rustsecp256k1_v0_3_1_ecdsa_sig_sign(const rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, rustsecp256k1_v0_3_1_scalar *sigr, rustsecp256k1_v0_3_1_scalar *sigs, const rustsecp256k1_v0_3_1_scalar *seckey, const rustsecp256k1_v0_3_1_scalar *message, const rustsecp256k1_v0_3_1_scalar *nonce, int *recid) { +static int rustsecp256k1_v0_4_0_ecdsa_sig_sign(const rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, rustsecp256k1_v0_4_0_scalar *sigr, rustsecp256k1_v0_4_0_scalar *sigs, const rustsecp256k1_v0_4_0_scalar *seckey, const rustsecp256k1_v0_4_0_scalar *message, const rustsecp256k1_v0_4_0_scalar *nonce, int *recid) { unsigned char b[32]; - rustsecp256k1_v0_3_1_gej rp; - rustsecp256k1_v0_3_1_ge r; - rustsecp256k1_v0_3_1_scalar n; + rustsecp256k1_v0_4_0_gej rp; + rustsecp256k1_v0_4_0_ge r; + rustsecp256k1_v0_4_0_scalar n; int overflow = 0; int high; - rustsecp256k1_v0_3_1_ecmult_gen(ctx, &rp, nonce); - rustsecp256k1_v0_3_1_ge_set_gej(&r, &rp); - rustsecp256k1_v0_3_1_fe_normalize(&r.x); - rustsecp256k1_v0_3_1_fe_normalize(&r.y); - rustsecp256k1_v0_3_1_fe_get_b32(b, &r.x); - rustsecp256k1_v0_3_1_scalar_set_b32(sigr, b, &overflow); + rustsecp256k1_v0_4_0_ecmult_gen(ctx, &rp, nonce); + rustsecp256k1_v0_4_0_ge_set_gej(&r, &rp); + rustsecp256k1_v0_4_0_fe_normalize(&r.x); + rustsecp256k1_v0_4_0_fe_normalize(&r.y); + rustsecp256k1_v0_4_0_fe_get_b32(b, &r.x); + rustsecp256k1_v0_4_0_scalar_set_b32(sigr, b, &overflow); if (recid) { /* The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. */ - *recid = (overflow << 1) | rustsecp256k1_v0_3_1_fe_is_odd(&r.y); - } - rustsecp256k1_v0_3_1_scalar_mul(&n, sigr, seckey); - rustsecp256k1_v0_3_1_scalar_add(&n, &n, message); - rustsecp256k1_v0_3_1_scalar_inverse(sigs, nonce); - rustsecp256k1_v0_3_1_scalar_mul(sigs, sigs, &n); - rustsecp256k1_v0_3_1_scalar_clear(&n); - rustsecp256k1_v0_3_1_gej_clear(&rp); - rustsecp256k1_v0_3_1_ge_clear(&r); - high = rustsecp256k1_v0_3_1_scalar_is_high(sigs); - rustsecp256k1_v0_3_1_scalar_cond_negate(sigs, high); + *recid = (overflow << 1) | rustsecp256k1_v0_4_0_fe_is_odd(&r.y); + } + rustsecp256k1_v0_4_0_scalar_mul(&n, sigr, seckey); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, message); + rustsecp256k1_v0_4_0_scalar_inverse(sigs, nonce); + rustsecp256k1_v0_4_0_scalar_mul(sigs, sigs, &n); + rustsecp256k1_v0_4_0_scalar_clear(&n); + rustsecp256k1_v0_4_0_gej_clear(&rp); + rustsecp256k1_v0_4_0_ge_clear(&r); + high = rustsecp256k1_v0_4_0_scalar_is_high(sigs); + rustsecp256k1_v0_4_0_scalar_cond_negate(sigs, high); if (recid) { *recid ^= high; } /* P.x = order is on the curve, so technically sig->r could end up being zero, which would be an invalid signature. * This is cryptographically unreachable as hitting it requires finding the discrete log of P.x = N. */ - return !rustsecp256k1_v0_3_1_scalar_is_zero(sigr) & !rustsecp256k1_v0_3_1_scalar_is_zero(sigs); + return !rustsecp256k1_v0_4_0_scalar_is_zero(sigr) & !rustsecp256k1_v0_4_0_scalar_is_zero(sigs); } #endif /* SECP256K1_ECDSA_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/eckey.h b/secp256k1-sys/depend/secp256k1/src/eckey.h index 4952dcd3c..19798086d 100644 --- a/secp256k1-sys/depend/secp256k1/src/eckey.h +++ b/secp256k1-sys/depend/secp256k1/src/eckey.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECKEY_H #define SECP256K1_ECKEY_H @@ -14,12 +14,12 @@ #include "ecmult.h" #include "ecmult_gen.h" -static int rustsecp256k1_v0_3_1_eckey_pubkey_parse(rustsecp256k1_v0_3_1_ge *elem, const unsigned char *pub, size_t size); -static int rustsecp256k1_v0_3_1_eckey_pubkey_serialize(rustsecp256k1_v0_3_1_ge *elem, unsigned char *pub, size_t *size, int compressed); +static int rustsecp256k1_v0_4_0_eckey_pubkey_parse(rustsecp256k1_v0_4_0_ge *elem, const unsigned char *pub, size_t size); +static int rustsecp256k1_v0_4_0_eckey_pubkey_serialize(rustsecp256k1_v0_4_0_ge *elem, unsigned char *pub, size_t *size, int compressed); -static int rustsecp256k1_v0_3_1_eckey_privkey_tweak_add(rustsecp256k1_v0_3_1_scalar *key, const rustsecp256k1_v0_3_1_scalar *tweak); -static int rustsecp256k1_v0_3_1_eckey_pubkey_tweak_add(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_ge *key, const rustsecp256k1_v0_3_1_scalar *tweak); -static int rustsecp256k1_v0_3_1_eckey_privkey_tweak_mul(rustsecp256k1_v0_3_1_scalar *key, const rustsecp256k1_v0_3_1_scalar *tweak); -static int rustsecp256k1_v0_3_1_eckey_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_ge *key, const rustsecp256k1_v0_3_1_scalar *tweak); +static int rustsecp256k1_v0_4_0_eckey_privkey_tweak_add(rustsecp256k1_v0_4_0_scalar *key, const rustsecp256k1_v0_4_0_scalar *tweak); +static int rustsecp256k1_v0_4_0_eckey_pubkey_tweak_add(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_ge *key, const rustsecp256k1_v0_4_0_scalar *tweak); +static int rustsecp256k1_v0_4_0_eckey_privkey_tweak_mul(rustsecp256k1_v0_4_0_scalar *key, const rustsecp256k1_v0_4_0_scalar *tweak); +static int rustsecp256k1_v0_4_0_eckey_pubkey_tweak_mul(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_ge *key, const rustsecp256k1_v0_4_0_scalar *tweak); #endif /* SECP256K1_ECKEY_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/eckey_impl.h b/secp256k1-sys/depend/secp256k1/src/eckey_impl.h index 02aa9039a..4692c5d81 100644 --- a/secp256k1-sys/depend/secp256k1/src/eckey_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/eckey_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECKEY_IMPL_H #define SECP256K1_ECKEY_IMPL_H @@ -14,82 +14,82 @@ #include "group.h" #include "ecmult_gen.h" -static int rustsecp256k1_v0_3_1_eckey_pubkey_parse(rustsecp256k1_v0_3_1_ge *elem, const unsigned char *pub, size_t size) { +static int rustsecp256k1_v0_4_0_eckey_pubkey_parse(rustsecp256k1_v0_4_0_ge *elem, const unsigned char *pub, size_t size) { if (size == 33 && (pub[0] == SECP256K1_TAG_PUBKEY_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_ODD)) { - rustsecp256k1_v0_3_1_fe x; - return rustsecp256k1_v0_3_1_fe_set_b32(&x, pub+1) && rustsecp256k1_v0_3_1_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); + rustsecp256k1_v0_4_0_fe x; + return rustsecp256k1_v0_4_0_fe_set_b32(&x, pub+1) && rustsecp256k1_v0_4_0_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); } else if (size == 65 && (pub[0] == SECP256K1_TAG_PUBKEY_UNCOMPRESSED || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { - rustsecp256k1_v0_3_1_fe x, y; - if (!rustsecp256k1_v0_3_1_fe_set_b32(&x, pub+1) || !rustsecp256k1_v0_3_1_fe_set_b32(&y, pub+33)) { + rustsecp256k1_v0_4_0_fe x, y; + if (!rustsecp256k1_v0_4_0_fe_set_b32(&x, pub+1) || !rustsecp256k1_v0_4_0_fe_set_b32(&y, pub+33)) { return 0; } - rustsecp256k1_v0_3_1_ge_set_xy(elem, &x, &y); + rustsecp256k1_v0_4_0_ge_set_xy(elem, &x, &y); if ((pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD) && - rustsecp256k1_v0_3_1_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + rustsecp256k1_v0_4_0_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { return 0; } - return rustsecp256k1_v0_3_1_ge_is_valid_var(elem); + return rustsecp256k1_v0_4_0_ge_is_valid_var(elem); } else { return 0; } } -static int rustsecp256k1_v0_3_1_eckey_pubkey_serialize(rustsecp256k1_v0_3_1_ge *elem, unsigned char *pub, size_t *size, int compressed) { - if (rustsecp256k1_v0_3_1_ge_is_infinity(elem)) { +static int rustsecp256k1_v0_4_0_eckey_pubkey_serialize(rustsecp256k1_v0_4_0_ge *elem, unsigned char *pub, size_t *size, int compressed) { + if (rustsecp256k1_v0_4_0_ge_is_infinity(elem)) { return 0; } - rustsecp256k1_v0_3_1_fe_normalize_var(&elem->x); - rustsecp256k1_v0_3_1_fe_normalize_var(&elem->y); - rustsecp256k1_v0_3_1_fe_get_b32(&pub[1], &elem->x); + rustsecp256k1_v0_4_0_fe_normalize_var(&elem->x); + rustsecp256k1_v0_4_0_fe_normalize_var(&elem->y); + rustsecp256k1_v0_4_0_fe_get_b32(&pub[1], &elem->x); if (compressed) { *size = 33; - pub[0] = rustsecp256k1_v0_3_1_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; + pub[0] = rustsecp256k1_v0_4_0_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; } else { *size = 65; pub[0] = SECP256K1_TAG_PUBKEY_UNCOMPRESSED; - rustsecp256k1_v0_3_1_fe_get_b32(&pub[33], &elem->y); + rustsecp256k1_v0_4_0_fe_get_b32(&pub[33], &elem->y); } return 1; } -static int rustsecp256k1_v0_3_1_eckey_privkey_tweak_add(rustsecp256k1_v0_3_1_scalar *key, const rustsecp256k1_v0_3_1_scalar *tweak) { - rustsecp256k1_v0_3_1_scalar_add(key, key, tweak); - return !rustsecp256k1_v0_3_1_scalar_is_zero(key); +static int rustsecp256k1_v0_4_0_eckey_privkey_tweak_add(rustsecp256k1_v0_4_0_scalar *key, const rustsecp256k1_v0_4_0_scalar *tweak) { + rustsecp256k1_v0_4_0_scalar_add(key, key, tweak); + return !rustsecp256k1_v0_4_0_scalar_is_zero(key); } -static int rustsecp256k1_v0_3_1_eckey_pubkey_tweak_add(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_ge *key, const rustsecp256k1_v0_3_1_scalar *tweak) { - rustsecp256k1_v0_3_1_gej pt; - rustsecp256k1_v0_3_1_scalar one; - rustsecp256k1_v0_3_1_gej_set_ge(&pt, key); - rustsecp256k1_v0_3_1_scalar_set_int(&one, 1); - rustsecp256k1_v0_3_1_ecmult(ctx, &pt, &pt, &one, tweak); +static int rustsecp256k1_v0_4_0_eckey_pubkey_tweak_add(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_ge *key, const rustsecp256k1_v0_4_0_scalar *tweak) { + rustsecp256k1_v0_4_0_gej pt; + rustsecp256k1_v0_4_0_scalar one; + rustsecp256k1_v0_4_0_gej_set_ge(&pt, key); + rustsecp256k1_v0_4_0_scalar_set_int(&one, 1); + rustsecp256k1_v0_4_0_ecmult(ctx, &pt, &pt, &one, tweak); - if (rustsecp256k1_v0_3_1_gej_is_infinity(&pt)) { + if (rustsecp256k1_v0_4_0_gej_is_infinity(&pt)) { return 0; } - rustsecp256k1_v0_3_1_ge_set_gej(key, &pt); + rustsecp256k1_v0_4_0_ge_set_gej(key, &pt); return 1; } -static int rustsecp256k1_v0_3_1_eckey_privkey_tweak_mul(rustsecp256k1_v0_3_1_scalar *key, const rustsecp256k1_v0_3_1_scalar *tweak) { +static int rustsecp256k1_v0_4_0_eckey_privkey_tweak_mul(rustsecp256k1_v0_4_0_scalar *key, const rustsecp256k1_v0_4_0_scalar *tweak) { int ret; - ret = !rustsecp256k1_v0_3_1_scalar_is_zero(tweak); + ret = !rustsecp256k1_v0_4_0_scalar_is_zero(tweak); - rustsecp256k1_v0_3_1_scalar_mul(key, key, tweak); + rustsecp256k1_v0_4_0_scalar_mul(key, key, tweak); return ret; } -static int rustsecp256k1_v0_3_1_eckey_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_ge *key, const rustsecp256k1_v0_3_1_scalar *tweak) { - rustsecp256k1_v0_3_1_scalar zero; - rustsecp256k1_v0_3_1_gej pt; - if (rustsecp256k1_v0_3_1_scalar_is_zero(tweak)) { +static int rustsecp256k1_v0_4_0_eckey_pubkey_tweak_mul(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_ge *key, const rustsecp256k1_v0_4_0_scalar *tweak) { + rustsecp256k1_v0_4_0_scalar zero; + rustsecp256k1_v0_4_0_gej pt; + if (rustsecp256k1_v0_4_0_scalar_is_zero(tweak)) { return 0; } - rustsecp256k1_v0_3_1_scalar_set_int(&zero, 0); - rustsecp256k1_v0_3_1_gej_set_ge(&pt, key); - rustsecp256k1_v0_3_1_ecmult(ctx, &pt, &pt, tweak, &zero); - rustsecp256k1_v0_3_1_ge_set_gej(key, &pt); + rustsecp256k1_v0_4_0_scalar_set_int(&zero, 0); + rustsecp256k1_v0_4_0_gej_set_ge(&pt, key); + rustsecp256k1_v0_4_0_ecmult(ctx, &pt, &pt, tweak, &zero); + rustsecp256k1_v0_4_0_ge_set_gej(key, &pt); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult.h b/secp256k1-sys/depend/secp256k1/src/ecmult.h index ede3442f0..622a0b246 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECMULT_H #define SECP256K1_ECMULT_H @@ -14,23 +14,21 @@ typedef struct { /* For accelerating the computation of a*P + b*G: */ - rustsecp256k1_v0_3_1_ge_storage (*pre_g)[]; /* odd multiples of the generator */ -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */ -#endif -} rustsecp256k1_v0_3_1_ecmult_context; + rustsecp256k1_v0_4_0_ge_storage (*pre_g)[]; /* odd multiples of the generator */ + rustsecp256k1_v0_4_0_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */ +} rustsecp256k1_v0_4_0_ecmult_context; static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; -static void rustsecp256k1_v0_3_1_ecmult_context_init(rustsecp256k1_v0_3_1_ecmult_context *ctx); -static void rustsecp256k1_v0_3_1_ecmult_context_build(rustsecp256k1_v0_3_1_ecmult_context *ctx, void **prealloc); -static void rustsecp256k1_v0_3_1_ecmult_context_finalize_memcpy(rustsecp256k1_v0_3_1_ecmult_context *dst, const rustsecp256k1_v0_3_1_ecmult_context *src); -static void rustsecp256k1_v0_3_1_ecmult_context_clear(rustsecp256k1_v0_3_1_ecmult_context *ctx); -static int rustsecp256k1_v0_3_1_ecmult_context_is_built(const rustsecp256k1_v0_3_1_ecmult_context *ctx); +static void rustsecp256k1_v0_4_0_ecmult_context_init(rustsecp256k1_v0_4_0_ecmult_context *ctx); +static void rustsecp256k1_v0_4_0_ecmult_context_build(rustsecp256k1_v0_4_0_ecmult_context *ctx, void **prealloc); +static void rustsecp256k1_v0_4_0_ecmult_context_finalize_memcpy(rustsecp256k1_v0_4_0_ecmult_context *dst, const rustsecp256k1_v0_4_0_ecmult_context *src); +static void rustsecp256k1_v0_4_0_ecmult_context_clear(rustsecp256k1_v0_4_0_ecmult_context *ctx); +static int rustsecp256k1_v0_4_0_ecmult_context_is_built(const rustsecp256k1_v0_4_0_ecmult_context *ctx); /** Double multiply: R = na*A + ng*G */ -static void rustsecp256k1_v0_3_1_ecmult(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_scalar *na, const rustsecp256k1_v0_3_1_scalar *ng); +static void rustsecp256k1_v0_4_0_ecmult(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_scalar *na, const rustsecp256k1_v0_4_0_scalar *ng); -typedef int (rustsecp256k1_v0_3_1_ecmult_multi_callback)(rustsecp256k1_v0_3_1_scalar *sc, rustsecp256k1_v0_3_1_ge *pt, size_t idx, void *data); +typedef int (rustsecp256k1_v0_4_0_ecmult_multi_callback)(rustsecp256k1_v0_4_0_scalar *sc, rustsecp256k1_v0_4_0_ge *pt, size_t idx, void *data); /** * Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai. @@ -43,6 +41,6 @@ typedef int (rustsecp256k1_v0_3_1_ecmult_multi_callback)(rustsecp256k1_v0_3_1_sc * 0 if there is not enough scratch space for a single point or * callback returns 0 */ -static int rustsecp256k1_v0_3_1_ecmult_multi_var(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n); +static int rustsecp256k1_v0_4_0_ecmult_multi_var(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n); #endif /* SECP256K1_ECMULT_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_const.h b/secp256k1-sys/depend/secp256k1/src/ecmult_const.h index abc1ae7d9..600c31f7d 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_const.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_const.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECMULT_CONST_H #define SECP256K1_ECMULT_CONST_H @@ -15,6 +15,6 @@ * Here `bits` should be set to the maximum bitlength of the _absolute value_ of `q`, plus * one because we internally sometimes add 2 to the number during the WNAF conversion. */ -static void rustsecp256k1_v0_3_1_ecmult_const(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_scalar *q, int bits); +static void rustsecp256k1_v0_4_0_ecmult_const(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_scalar *q, int bits); #endif /* SECP256K1_ECMULT_CONST_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h index 4f7ccf18f..e0596bb9c 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECMULT_CONST_IMPL_H #define SECP256K1_ECMULT_CONST_IMPL_H @@ -19,12 +19,12 @@ int mask = (n) >> (sizeof(n) * CHAR_BIT - 1); \ int abs_n = ((n) + mask) ^ mask; \ int idx_n = abs_n >> 1; \ - rustsecp256k1_v0_3_1_fe neg_y; \ + rustsecp256k1_v0_4_0_fe neg_y; \ VERIFY_CHECK(((n) & 1) == 1); \ VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ - VERIFY_SETUP(rustsecp256k1_v0_3_1_fe_clear(&(r)->x)); \ - VERIFY_SETUP(rustsecp256k1_v0_3_1_fe_clear(&(r)->y)); \ + VERIFY_SETUP(rustsecp256k1_v0_4_0_fe_clear(&(r)->x)); \ + VERIFY_SETUP(rustsecp256k1_v0_4_0_fe_clear(&(r)->y)); \ /* Unconditionally set r->x = (pre)[m].x. r->y = (pre)[m].y. because it's either the correct one \ * or will get replaced in the later iterations, this is needed to make sure `r` is initialized. */ \ (r)->x = (pre)[m].x; \ @@ -32,12 +32,12 @@ for (m = 1; m < ECMULT_TABLE_SIZE(w); m++) { \ /* This loop is used to avoid secret data in array indices. See * the comment in ecmult_gen_impl.h for rationale. */ \ - rustsecp256k1_v0_3_1_fe_cmov(&(r)->x, &(pre)[m].x, m == idx_n); \ - rustsecp256k1_v0_3_1_fe_cmov(&(r)->y, &(pre)[m].y, m == idx_n); \ + rustsecp256k1_v0_4_0_fe_cmov(&(r)->x, &(pre)[m].x, m == idx_n); \ + rustsecp256k1_v0_4_0_fe_cmov(&(r)->y, &(pre)[m].y, m == idx_n); \ } \ (r)->infinity = 0; \ - rustsecp256k1_v0_3_1_fe_negate(&neg_y, &(r)->y, 1); \ - rustsecp256k1_v0_3_1_fe_cmov(&(r)->y, &neg_y, (n) != abs_n); \ + rustsecp256k1_v0_4_0_fe_negate(&neg_y, &(r)->y, 1); \ + rustsecp256k1_v0_4_0_fe_cmov(&(r)->y, &neg_y, (n) != abs_n); \ } while(0) @@ -54,7 +54,7 @@ * * Numbers reference steps of `Algorithm SPA-resistant Width-w NAF with Odd Scalar` on pp. 335 */ -static int rustsecp256k1_v0_3_1_wnaf_const(int *wnaf, const rustsecp256k1_v0_3_1_scalar *scalar, int w, int size) { +static int rustsecp256k1_v0_4_0_wnaf_const(int *wnaf, const rustsecp256k1_v0_4_0_scalar *scalar, int w, int size) { int global_sign; int skew = 0; int word = 0; @@ -65,7 +65,7 @@ static int rustsecp256k1_v0_3_1_wnaf_const(int *wnaf, const rustsecp256k1_v0_3_1 int flip; int bit; - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_scalar s; int not_neg_one; VERIFY_CHECK(w > 0); @@ -83,32 +83,32 @@ static int rustsecp256k1_v0_3_1_wnaf_const(int *wnaf, const rustsecp256k1_v0_3_1 * particular, to ensure that the outputs from the endomorphism-split fit into * 128 bits). If we negate, the parity of our number flips, inverting which of * {1, 2} we want to add to the scalar when ensuring that it's odd. Further - * complicating things, -1 interacts badly with `rustsecp256k1_v0_3_1_scalar_cadd_bit` and + * complicating things, -1 interacts badly with `rustsecp256k1_v0_4_0_scalar_cadd_bit` and * we need to special-case it in this logic. */ - flip = rustsecp256k1_v0_3_1_scalar_is_high(scalar); + flip = rustsecp256k1_v0_4_0_scalar_is_high(scalar); /* We add 1 to even numbers, 2 to odd ones, noting that negation flips parity */ - bit = flip ^ !rustsecp256k1_v0_3_1_scalar_is_even(scalar); + bit = flip ^ !rustsecp256k1_v0_4_0_scalar_is_even(scalar); /* We check for negative one, since adding 2 to it will cause an overflow */ - rustsecp256k1_v0_3_1_scalar_negate(&s, scalar); - not_neg_one = !rustsecp256k1_v0_3_1_scalar_is_one(&s); + rustsecp256k1_v0_4_0_scalar_negate(&s, scalar); + not_neg_one = !rustsecp256k1_v0_4_0_scalar_is_one(&s); s = *scalar; - rustsecp256k1_v0_3_1_scalar_cadd_bit(&s, bit, not_neg_one); + rustsecp256k1_v0_4_0_scalar_cadd_bit(&s, bit, not_neg_one); /* If we had negative one, flip == 1, s.d[0] == 0, bit == 1, so caller expects * that we added two to it and flipped it. In fact for -1 these operations are * identical. We only flipped, but since skewing is required (in the sense that * the skew must be 1 or 2, never zero) and flipping is not, we need to change * our flags to claim that we only skewed. */ - global_sign = rustsecp256k1_v0_3_1_scalar_cond_negate(&s, flip); + global_sign = rustsecp256k1_v0_4_0_scalar_cond_negate(&s, flip); global_sign *= not_neg_one * 2 - 1; skew = 1 << bit; /* 4 */ - u_last = rustsecp256k1_v0_3_1_scalar_shr_int(&s, w); + u_last = rustsecp256k1_v0_4_0_scalar_shr_int(&s, w); do { int even; /* 4.1 4.4 */ - u = rustsecp256k1_v0_3_1_scalar_shr_int(&s, w); + u = rustsecp256k1_v0_4_0_scalar_shr_int(&s, w); /* 4.2 */ even = ((u & 1) == 0); /* In contrast to the original algorithm, u_last is always > 0 and @@ -129,43 +129,37 @@ static int rustsecp256k1_v0_3_1_wnaf_const(int *wnaf, const rustsecp256k1_v0_3_1 } while (word * w < size); wnaf[word] = u * global_sign; - VERIFY_CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&s)); + VERIFY_CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&s)); VERIFY_CHECK(word == WNAF_SIZE_BITS(size, w)); return skew; } -static void rustsecp256k1_v0_3_1_ecmult_const(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_scalar *scalar, int size) { - rustsecp256k1_v0_3_1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; - rustsecp256k1_v0_3_1_ge tmpa; - rustsecp256k1_v0_3_1_fe Z; +static void rustsecp256k1_v0_4_0_ecmult_const(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_scalar *scalar, int size) { + rustsecp256k1_v0_4_0_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + rustsecp256k1_v0_4_0_ge tmpa; + rustsecp256k1_v0_4_0_fe Z; int skew_1; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; + rustsecp256k1_v0_4_0_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; int wnaf_lam[1 + WNAF_SIZE(WINDOW_A - 1)]; int skew_lam; - rustsecp256k1_v0_3_1_scalar q_1, q_lam; -#endif + rustsecp256k1_v0_4_0_scalar q_1, q_lam; int wnaf_1[1 + WNAF_SIZE(WINDOW_A - 1)]; int i; /* build wnaf representation for q. */ int rsize = size; -#ifdef USE_ENDOMORPHISM if (size > 128) { rsize = 128; /* split q into q_1 and q_lam (where q = q_1 + q_lam*lambda, and q_1 and q_lam are ~128 bit) */ - rustsecp256k1_v0_3_1_scalar_split_lambda(&q_1, &q_lam, scalar); - skew_1 = rustsecp256k1_v0_3_1_wnaf_const(wnaf_1, &q_1, WINDOW_A - 1, 128); - skew_lam = rustsecp256k1_v0_3_1_wnaf_const(wnaf_lam, &q_lam, WINDOW_A - 1, 128); + rustsecp256k1_v0_4_0_scalar_split_lambda(&q_1, &q_lam, scalar); + skew_1 = rustsecp256k1_v0_4_0_wnaf_const(wnaf_1, &q_1, WINDOW_A - 1, 128); + skew_lam = rustsecp256k1_v0_4_0_wnaf_const(wnaf_lam, &q_lam, WINDOW_A - 1, 128); } else -#endif { - skew_1 = rustsecp256k1_v0_3_1_wnaf_const(wnaf_1, scalar, WINDOW_A - 1, size); -#ifdef USE_ENDOMORPHISM + skew_1 = rustsecp256k1_v0_4_0_wnaf_const(wnaf_1, scalar, WINDOW_A - 1, size); skew_lam = 0; -#endif } /* Calculate odd multiples of a. @@ -174,19 +168,17 @@ static void rustsecp256k1_v0_3_1_ecmult_const(rustsecp256k1_v0_3_1_gej *r, const * that the Z coordinate was 1, use affine addition formulae, and correct * the Z coordinate of the result once at the end. */ - rustsecp256k1_v0_3_1_gej_set_ge(r, a); - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r); + rustsecp256k1_v0_4_0_gej_set_ge(r, a); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r); for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - rustsecp256k1_v0_3_1_fe_normalize_weak(&pre_a[i].y); + rustsecp256k1_v0_4_0_fe_normalize_weak(&pre_a[i].y); } -#ifdef USE_ENDOMORPHISM if (size > 128) { for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - rustsecp256k1_v0_3_1_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); + rustsecp256k1_v0_4_0_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); } } -#endif /* first loop iteration (separated out so we can directly set r, rather * than having it start at infinity, get doubled several times, then have @@ -194,80 +186,68 @@ static void rustsecp256k1_v0_3_1_ecmult_const(rustsecp256k1_v0_3_1_gej *r, const i = wnaf_1[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; VERIFY_CHECK(i != 0); ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, i, WINDOW_A); - rustsecp256k1_v0_3_1_gej_set_ge(r, &tmpa); -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_gej_set_ge(r, &tmpa); if (size > 128) { i = wnaf_lam[WNAF_SIZE_BITS(rsize, WINDOW_A - 1)]; VERIFY_CHECK(i != 0); ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, i, WINDOW_A); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &tmpa); + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &tmpa); } -#endif /* remaining loop iterations */ for (i = WNAF_SIZE_BITS(rsize, WINDOW_A - 1) - 1; i >= 0; i--) { int n; int j; for (j = 0; j < WINDOW_A - 1; ++j) { - rustsecp256k1_v0_3_1_gej_double(r, r); + rustsecp256k1_v0_4_0_gej_double(r, r); } n = wnaf_1[i]; ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a, n, WINDOW_A); VERIFY_CHECK(n != 0); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &tmpa); -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &tmpa); if (size > 128) { n = wnaf_lam[i]; ECMULT_CONST_TABLE_GET_GE(&tmpa, pre_a_lam, n, WINDOW_A); VERIFY_CHECK(n != 0); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &tmpa); + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &tmpa); } -#endif } - rustsecp256k1_v0_3_1_fe_mul(&r->z, &r->z, &Z); + rustsecp256k1_v0_4_0_fe_mul(&r->z, &r->z, &Z); { /* Correct for wNAF skew */ - rustsecp256k1_v0_3_1_ge correction = *a; - rustsecp256k1_v0_3_1_ge_storage correction_1_stor; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ge_storage correction_lam_stor; -#endif - rustsecp256k1_v0_3_1_ge_storage a2_stor; - rustsecp256k1_v0_3_1_gej tmpj; - rustsecp256k1_v0_3_1_gej_set_ge(&tmpj, &correction); - rustsecp256k1_v0_3_1_gej_double_var(&tmpj, &tmpj, NULL); - rustsecp256k1_v0_3_1_ge_set_gej(&correction, &tmpj); - rustsecp256k1_v0_3_1_ge_to_storage(&correction_1_stor, a); -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_ge correction = *a; + rustsecp256k1_v0_4_0_ge_storage correction_1_stor; + rustsecp256k1_v0_4_0_ge_storage correction_lam_stor; + rustsecp256k1_v0_4_0_ge_storage a2_stor; + rustsecp256k1_v0_4_0_gej tmpj; + rustsecp256k1_v0_4_0_gej_set_ge(&tmpj, &correction); + rustsecp256k1_v0_4_0_gej_double_var(&tmpj, &tmpj, NULL); + rustsecp256k1_v0_4_0_ge_set_gej(&correction, &tmpj); + rustsecp256k1_v0_4_0_ge_to_storage(&correction_1_stor, a); if (size > 128) { - rustsecp256k1_v0_3_1_ge_to_storage(&correction_lam_stor, a); + rustsecp256k1_v0_4_0_ge_to_storage(&correction_lam_stor, a); } -#endif - rustsecp256k1_v0_3_1_ge_to_storage(&a2_stor, &correction); + rustsecp256k1_v0_4_0_ge_to_storage(&a2_stor, &correction); /* For odd numbers this is 2a (so replace it), for even ones a (so no-op) */ - rustsecp256k1_v0_3_1_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2); -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2); if (size > 128) { - rustsecp256k1_v0_3_1_ge_storage_cmov(&correction_lam_stor, &a2_stor, skew_lam == 2); + rustsecp256k1_v0_4_0_ge_storage_cmov(&correction_lam_stor, &a2_stor, skew_lam == 2); } -#endif /* Apply the correction */ - rustsecp256k1_v0_3_1_ge_from_storage(&correction, &correction_1_stor); - rustsecp256k1_v0_3_1_ge_neg(&correction, &correction); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &correction); + rustsecp256k1_v0_4_0_ge_from_storage(&correction, &correction_1_stor); + rustsecp256k1_v0_4_0_ge_neg(&correction, &correction); + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &correction); -#ifdef USE_ENDOMORPHISM if (size > 128) { - rustsecp256k1_v0_3_1_ge_from_storage(&correction, &correction_lam_stor); - rustsecp256k1_v0_3_1_ge_neg(&correction, &correction); - rustsecp256k1_v0_3_1_ge_mul_lambda(&correction, &correction); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &correction); + rustsecp256k1_v0_4_0_ge_from_storage(&correction, &correction_lam_stor); + rustsecp256k1_v0_4_0_ge_neg(&correction, &correction); + rustsecp256k1_v0_4_0_ge_mul_lambda(&correction, &correction); + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &correction); } -#endif } } diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h index 0d1a2b725..036a0bd75 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECMULT_GEN_H #define SECP256K1_ECMULT_GEN_H @@ -30,21 +30,21 @@ typedef struct { * None of the resulting prec group elements have a known scalar, and neither do any of * the intermediate sums while computing a*G. */ - rustsecp256k1_v0_3_1_ge_storage (*prec)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G]; /* prec[j][i] = (PREC_G)^j * i * G + U_i */ - rustsecp256k1_v0_3_1_scalar blind; - rustsecp256k1_v0_3_1_gej initial; -} rustsecp256k1_v0_3_1_ecmult_gen_context; + rustsecp256k1_v0_4_0_ge_storage (*prec)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G]; /* prec[j][i] = (PREC_G)^j * i * G + U_i */ + rustsecp256k1_v0_4_0_scalar blind; + rustsecp256k1_v0_4_0_gej initial; +} rustsecp256k1_v0_4_0_ecmult_gen_context; static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; -static void rustsecp256k1_v0_3_1_ecmult_gen_context_init(rustsecp256k1_v0_3_1_ecmult_gen_context* ctx); -static void rustsecp256k1_v0_3_1_ecmult_gen_context_build(rustsecp256k1_v0_3_1_ecmult_gen_context* ctx, void **prealloc); -static void rustsecp256k1_v0_3_1_ecmult_gen_context_finalize_memcpy(rustsecp256k1_v0_3_1_ecmult_gen_context *dst, const rustsecp256k1_v0_3_1_ecmult_gen_context* src); -static void rustsecp256k1_v0_3_1_ecmult_gen_context_clear(rustsecp256k1_v0_3_1_ecmult_gen_context* ctx); -static int rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(const rustsecp256k1_v0_3_1_ecmult_gen_context* ctx); +static void rustsecp256k1_v0_4_0_ecmult_gen_context_init(rustsecp256k1_v0_4_0_ecmult_gen_context* ctx); +static void rustsecp256k1_v0_4_0_ecmult_gen_context_build(rustsecp256k1_v0_4_0_ecmult_gen_context* ctx, void **prealloc); +static void rustsecp256k1_v0_4_0_ecmult_gen_context_finalize_memcpy(rustsecp256k1_v0_4_0_ecmult_gen_context *dst, const rustsecp256k1_v0_4_0_ecmult_gen_context* src); +static void rustsecp256k1_v0_4_0_ecmult_gen_context_clear(rustsecp256k1_v0_4_0_ecmult_gen_context* ctx); +static int rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(const rustsecp256k1_v0_4_0_ecmult_gen_context* ctx); /** Multiply with the generator: R = a*G */ -static void rustsecp256k1_v0_3_1_ecmult_gen(const rustsecp256k1_v0_3_1_ecmult_gen_context* ctx, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_ecmult_gen(const rustsecp256k1_v0_4_0_ecmult_gen_context* ctx, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *a); -static void rustsecp256k1_v0_3_1_ecmult_gen_blind(rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, const unsigned char *seed32); +static void rustsecp256k1_v0_4_0_ecmult_gen_blind(rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, const unsigned char *seed32); #endif /* SECP256K1_ECMULT_GEN_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h index 3e5427b90..5e658a31e 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_ECMULT_GEN_IMPL_H #define SECP256K1_ECMULT_GEN_IMPL_H @@ -17,20 +17,20 @@ #endif #ifndef USE_ECMULT_STATIC_PRECOMPUTATION - static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((rustsecp256k1_v0_3_1_ecmult_gen_context*) NULL)->prec)); + static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((rustsecp256k1_v0_4_0_ecmult_gen_context*) NULL)->prec)); #else static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = 0; #endif -static void rustsecp256k1_v0_3_1_ecmult_gen_context_init(rustsecp256k1_v0_3_1_ecmult_gen_context *ctx) { +static void rustsecp256k1_v0_4_0_ecmult_gen_context_init(rustsecp256k1_v0_4_0_ecmult_gen_context *ctx) { ctx->prec = NULL; } -static void rustsecp256k1_v0_3_1_ecmult_gen_context_build(rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, void **prealloc) { +static void rustsecp256k1_v0_4_0_ecmult_gen_context_build(rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, void **prealloc) { #ifndef USE_ECMULT_STATIC_PRECOMPUTATION - rustsecp256k1_v0_3_1_ge prec[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; - rustsecp256k1_v0_3_1_gej gj; - rustsecp256k1_v0_3_1_gej nums_gej; + rustsecp256k1_v0_4_0_ge prec[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; + rustsecp256k1_v0_4_0_gej gj; + rustsecp256k1_v0_4_0_gej nums_gej; int i, j; size_t const prealloc_size = SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; void* const base = *prealloc; @@ -40,101 +40,101 @@ static void rustsecp256k1_v0_3_1_ecmult_gen_context_build(rustsecp256k1_v0_3_1_e return; } #ifndef USE_ECMULT_STATIC_PRECOMPUTATION - ctx->prec = (rustsecp256k1_v0_3_1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])manual_alloc(prealloc, prealloc_size, base, prealloc_size); + ctx->prec = (rustsecp256k1_v0_4_0_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])manual_alloc(prealloc, prealloc_size, base, prealloc_size); /* get the generator */ - rustsecp256k1_v0_3_1_gej_set_ge(&gj, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_gej_set_ge(&gj, &rustsecp256k1_v0_4_0_ge_const_g); /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */ { static const unsigned char nums_b32[33] = "The scalar for this x is unknown"; - rustsecp256k1_v0_3_1_fe nums_x; - rustsecp256k1_v0_3_1_ge nums_ge; + rustsecp256k1_v0_4_0_fe nums_x; + rustsecp256k1_v0_4_0_ge nums_ge; int r; - r = rustsecp256k1_v0_3_1_fe_set_b32(&nums_x, nums_b32); + r = rustsecp256k1_v0_4_0_fe_set_b32(&nums_x, nums_b32); (void)r; VERIFY_CHECK(r); - r = rustsecp256k1_v0_3_1_ge_set_xo_var(&nums_ge, &nums_x, 0); + r = rustsecp256k1_v0_4_0_ge_set_xo_var(&nums_ge, &nums_x, 0); (void)r; VERIFY_CHECK(r); - rustsecp256k1_v0_3_1_gej_set_ge(&nums_gej, &nums_ge); + rustsecp256k1_v0_4_0_gej_set_ge(&nums_gej, &nums_ge); /* Add G to make the bits in x uniformly distributed. */ - rustsecp256k1_v0_3_1_gej_add_ge_var(&nums_gej, &nums_gej, &rustsecp256k1_v0_3_1_ge_const_g, NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&nums_gej, &nums_gej, &rustsecp256k1_v0_4_0_ge_const_g, NULL); } /* compute prec. */ { - rustsecp256k1_v0_3_1_gej precj[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; /* Jacobian versions of prec. */ - rustsecp256k1_v0_3_1_gej gbase; - rustsecp256k1_v0_3_1_gej numsbase; + rustsecp256k1_v0_4_0_gej precj[ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G]; /* Jacobian versions of prec. */ + rustsecp256k1_v0_4_0_gej gbase; + rustsecp256k1_v0_4_0_gej numsbase; gbase = gj; /* PREC_G^j * G */ numsbase = nums_gej; /* 2^j * nums. */ for (j = 0; j < ECMULT_GEN_PREC_N; j++) { /* Set precj[j*PREC_G .. j*PREC_G+(PREC_G-1)] to (numsbase, numsbase + gbase, ..., numsbase + (PREC_G-1)*gbase). */ precj[j*ECMULT_GEN_PREC_G] = numsbase; for (i = 1; i < ECMULT_GEN_PREC_G; i++) { - rustsecp256k1_v0_3_1_gej_add_var(&precj[j*ECMULT_GEN_PREC_G + i], &precj[j*ECMULT_GEN_PREC_G + i - 1], &gbase, NULL); + rustsecp256k1_v0_4_0_gej_add_var(&precj[j*ECMULT_GEN_PREC_G + i], &precj[j*ECMULT_GEN_PREC_G + i - 1], &gbase, NULL); } /* Multiply gbase by PREC_G. */ for (i = 0; i < ECMULT_GEN_PREC_B; i++) { - rustsecp256k1_v0_3_1_gej_double_var(&gbase, &gbase, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&gbase, &gbase, NULL); } /* Multiply numbase by 2. */ - rustsecp256k1_v0_3_1_gej_double_var(&numsbase, &numsbase, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&numsbase, &numsbase, NULL); if (j == ECMULT_GEN_PREC_N - 2) { /* In the last iteration, numsbase is (1 - 2^j) * nums instead. */ - rustsecp256k1_v0_3_1_gej_neg(&numsbase, &numsbase); - rustsecp256k1_v0_3_1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL); + rustsecp256k1_v0_4_0_gej_neg(&numsbase, &numsbase); + rustsecp256k1_v0_4_0_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL); } } - rustsecp256k1_v0_3_1_ge_set_all_gej_var(prec, precj, ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G); + rustsecp256k1_v0_4_0_ge_set_all_gej_var(prec, precj, ECMULT_GEN_PREC_N * ECMULT_GEN_PREC_G); } for (j = 0; j < ECMULT_GEN_PREC_N; j++) { for (i = 0; i < ECMULT_GEN_PREC_G; i++) { - rustsecp256k1_v0_3_1_ge_to_storage(&(*ctx->prec)[j][i], &prec[j*ECMULT_GEN_PREC_G + i]); + rustsecp256k1_v0_4_0_ge_to_storage(&(*ctx->prec)[j][i], &prec[j*ECMULT_GEN_PREC_G + i]); } } #else (void)prealloc; - ctx->prec = (rustsecp256k1_v0_3_1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])rustsecp256k1_v0_3_1_ecmult_static_context; + ctx->prec = (rustsecp256k1_v0_4_0_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])rustsecp256k1_v0_4_0_ecmult_static_context; #endif - rustsecp256k1_v0_3_1_ecmult_gen_blind(ctx, NULL); + rustsecp256k1_v0_4_0_ecmult_gen_blind(ctx, NULL); } -static int rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(const rustsecp256k1_v0_3_1_ecmult_gen_context* ctx) { +static int rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(const rustsecp256k1_v0_4_0_ecmult_gen_context* ctx) { return ctx->prec != NULL; } -static void rustsecp256k1_v0_3_1_ecmult_gen_context_finalize_memcpy(rustsecp256k1_v0_3_1_ecmult_gen_context *dst, const rustsecp256k1_v0_3_1_ecmult_gen_context *src) { +static void rustsecp256k1_v0_4_0_ecmult_gen_context_finalize_memcpy(rustsecp256k1_v0_4_0_ecmult_gen_context *dst, const rustsecp256k1_v0_4_0_ecmult_gen_context *src) { #ifndef USE_ECMULT_STATIC_PRECOMPUTATION if (src->prec != NULL) { /* We cast to void* first to suppress a -Wcast-align warning. */ - dst->prec = (rustsecp256k1_v0_3_1_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])(void*)((unsigned char*)dst + ((unsigned char*)src->prec - (unsigned char*)src)); + dst->prec = (rustsecp256k1_v0_4_0_ge_storage (*)[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G])(void*)((unsigned char*)dst + ((unsigned char*)src->prec - (unsigned char*)src)); } #else (void)dst, (void)src; #endif } -static void rustsecp256k1_v0_3_1_ecmult_gen_context_clear(rustsecp256k1_v0_3_1_ecmult_gen_context *ctx) { - rustsecp256k1_v0_3_1_scalar_clear(&ctx->blind); - rustsecp256k1_v0_3_1_gej_clear(&ctx->initial); +static void rustsecp256k1_v0_4_0_ecmult_gen_context_clear(rustsecp256k1_v0_4_0_ecmult_gen_context *ctx) { + rustsecp256k1_v0_4_0_scalar_clear(&ctx->blind); + rustsecp256k1_v0_4_0_gej_clear(&ctx->initial); ctx->prec = NULL; } -static void rustsecp256k1_v0_3_1_ecmult_gen(const rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *gn) { - rustsecp256k1_v0_3_1_ge add; - rustsecp256k1_v0_3_1_ge_storage adds; - rustsecp256k1_v0_3_1_scalar gnb; +static void rustsecp256k1_v0_4_0_ecmult_gen(const rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *gn) { + rustsecp256k1_v0_4_0_ge add; + rustsecp256k1_v0_4_0_ge_storage adds; + rustsecp256k1_v0_4_0_scalar gnb; int bits; int i, j; memset(&adds, 0, sizeof(adds)); *r = ctx->initial; /* Blind scalar/point multiplication by computing (n-b)G + bG instead of nG. */ - rustsecp256k1_v0_3_1_scalar_add(&gnb, gn, &ctx->blind); + rustsecp256k1_v0_4_0_scalar_add(&gnb, gn, &ctx->blind); add.infinity = 0; for (j = 0; j < ECMULT_GEN_PREC_N; j++) { - bits = rustsecp256k1_v0_3_1_scalar_get_bits(&gnb, j * ECMULT_GEN_PREC_B, ECMULT_GEN_PREC_B); + bits = rustsecp256k1_v0_4_0_scalar_get_bits(&gnb, j * ECMULT_GEN_PREC_B, ECMULT_GEN_PREC_B); for (i = 0; i < ECMULT_GEN_PREC_G; i++) { /** This uses a conditional move to avoid any secret data in array indexes. * _Any_ use of secret indexes has been demonstrated to result in timing @@ -144,35 +144,35 @@ static void rustsecp256k1_v0_3_1_ecmult_gen(const rustsecp256k1_v0_3_1_ecmult_ge * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, * by Dag Arne Osvik, Adi Shamir, and Eran Tromer - * (http://www.tau.ac.il/~tromer/papers/cache.pdf) + * (https://www.tau.ac.il/~tromer/papers/cache.pdf) */ - rustsecp256k1_v0_3_1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); + rustsecp256k1_v0_4_0_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); } - rustsecp256k1_v0_3_1_ge_from_storage(&add, &adds); - rustsecp256k1_v0_3_1_gej_add_ge(r, r, &add); + rustsecp256k1_v0_4_0_ge_from_storage(&add, &adds); + rustsecp256k1_v0_4_0_gej_add_ge(r, r, &add); } bits = 0; - rustsecp256k1_v0_3_1_ge_clear(&add); - rustsecp256k1_v0_3_1_scalar_clear(&gnb); + rustsecp256k1_v0_4_0_ge_clear(&add); + rustsecp256k1_v0_4_0_scalar_clear(&gnb); } -/* Setup blinding values for rustsecp256k1_v0_3_1_ecmult_gen. */ -static void rustsecp256k1_v0_3_1_ecmult_gen_blind(rustsecp256k1_v0_3_1_ecmult_gen_context *ctx, const unsigned char *seed32) { - rustsecp256k1_v0_3_1_scalar b; - rustsecp256k1_v0_3_1_gej gb; - rustsecp256k1_v0_3_1_fe s; +/* Setup blinding values for rustsecp256k1_v0_4_0_ecmult_gen. */ +static void rustsecp256k1_v0_4_0_ecmult_gen_blind(rustsecp256k1_v0_4_0_ecmult_gen_context *ctx, const unsigned char *seed32) { + rustsecp256k1_v0_4_0_scalar b; + rustsecp256k1_v0_4_0_gej gb; + rustsecp256k1_v0_4_0_fe s; unsigned char nonce32[32]; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rng; + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rng; int overflow; unsigned char keydata[64] = {0}; if (seed32 == NULL) { /* When seed is NULL, reset the initial point and blinding value. */ - rustsecp256k1_v0_3_1_gej_set_ge(&ctx->initial, &rustsecp256k1_v0_3_1_ge_const_g); - rustsecp256k1_v0_3_1_gej_neg(&ctx->initial, &ctx->initial); - rustsecp256k1_v0_3_1_scalar_set_int(&ctx->blind, 1); + rustsecp256k1_v0_4_0_gej_set_ge(&ctx->initial, &rustsecp256k1_v0_4_0_ge_const_g); + rustsecp256k1_v0_4_0_gej_neg(&ctx->initial, &ctx->initial); + rustsecp256k1_v0_4_0_scalar_set_int(&ctx->blind, 1); } /* The prior blinding value (if not reset) is chained forward by including it in the hash. */ - rustsecp256k1_v0_3_1_scalar_get_b32(nonce32, &ctx->blind); + rustsecp256k1_v0_4_0_scalar_get_b32(nonce32, &ctx->blind); /** Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, * and guards against weak or adversarial seeds. This is a simpler and safer interface than * asking the caller for blinding values directly and expecting them to retry on failure. @@ -181,28 +181,28 @@ static void rustsecp256k1_v0_3_1_ecmult_gen_blind(rustsecp256k1_v0_3_1_ecmult_ge if (seed32 != NULL) { memcpy(keydata + 32, seed32, 32); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); memset(keydata, 0, sizeof(keydata)); /* Accept unobservably small non-uniformity. */ - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - overflow = !rustsecp256k1_v0_3_1_fe_set_b32(&s, nonce32); - overflow |= rustsecp256k1_v0_3_1_fe_is_zero(&s); - rustsecp256k1_v0_3_1_fe_cmov(&s, &rustsecp256k1_v0_3_1_fe_one, overflow); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + overflow = !rustsecp256k1_v0_4_0_fe_set_b32(&s, nonce32); + overflow |= rustsecp256k1_v0_4_0_fe_is_zero(&s); + rustsecp256k1_v0_4_0_fe_cmov(&s, &rustsecp256k1_v0_4_0_fe_one, overflow); /* Randomize the projection to defend against multiplier sidechannels. */ - rustsecp256k1_v0_3_1_gej_rescale(&ctx->initial, &s); - rustsecp256k1_v0_3_1_fe_clear(&s); - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - rustsecp256k1_v0_3_1_scalar_set_b32(&b, nonce32, NULL); + rustsecp256k1_v0_4_0_gej_rescale(&ctx->initial, &s); + rustsecp256k1_v0_4_0_fe_clear(&s); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + rustsecp256k1_v0_4_0_scalar_set_b32(&b, nonce32, NULL); /* A blinding value of 0 works, but would undermine the projection hardening. */ - rustsecp256k1_v0_3_1_scalar_cmov(&b, &rustsecp256k1_v0_3_1_scalar_one, rustsecp256k1_v0_3_1_scalar_is_zero(&b)); - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_scalar_cmov(&b, &rustsecp256k1_v0_4_0_scalar_one, rustsecp256k1_v0_4_0_scalar_is_zero(&b)); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); memset(nonce32, 0, 32); - rustsecp256k1_v0_3_1_ecmult_gen(ctx, &gb, &b); - rustsecp256k1_v0_3_1_scalar_negate(&b, &b); + rustsecp256k1_v0_4_0_ecmult_gen(ctx, &gb, &b); + rustsecp256k1_v0_4_0_scalar_negate(&b, &b); ctx->blind = b; ctx->initial = gb; - rustsecp256k1_v0_3_1_scalar_clear(&b); - rustsecp256k1_v0_3_1_gej_clear(&gb); + rustsecp256k1_v0_4_0_scalar_clear(&b); + rustsecp256k1_v0_4_0_gej_clear(&gb); } #endif /* SECP256K1_ECMULT_GEN_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h index 5a1e24102..3cdbcd2b0 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h @@ -1,8 +1,8 @@ -/***************************************************************************** - * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php. * - *****************************************************************************/ +/****************************************************************************** + * Copyright (c) 2013, 2014, 2017 Pieter Wuille, Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php. * + ******************************************************************************/ #ifndef SECP256K1_ECMULT_IMPL_H #define SECP256K1_ECMULT_IMPL_H @@ -35,11 +35,11 @@ /** Larger values for ECMULT_WINDOW_SIZE result in possibly better * performance at the cost of an exponentially larger precomputed * table. The exact table size is - * (1 << (WINDOW_G - 2)) * sizeof(rustsecp256k1_v0_3_1_ge_storage) bytes, - * where sizeof(rustsecp256k1_v0_3_1_ge_storage) is typically 64 bytes but can + * (1 << (WINDOW_G - 2)) * sizeof(rustsecp256k1_v0_4_0_ge_storage) bytes, + * where sizeof(rustsecp256k1_v0_4_0_ge_storage) is typically 64 bytes but can * be larger due to platform-specific padding and alignment. - * If the endomorphism optimization is enabled (USE_ENDOMORMPHSIM) - * two tables of this size are used instead of only one. + * Two tables of this size are used (due to the endomorphism + * optimization). */ # define WINDOW_G ECMULT_WINDOW_SIZE #endif @@ -59,11 +59,7 @@ # error Set ECMULT_WINDOW_SIZE to an integer in range [2..24]. #endif -#ifdef USE_ENDOMORPHISM - #define WNAF_BITS 128 -#else - #define WNAF_BITS 256 -#endif +#define WNAF_BITS 128 #define WNAF_SIZE_BITS(bits, w) (((bits) + (w) - 1) / (w)) #define WNAF_SIZE(w) WNAF_SIZE_BITS(WNAF_BITS, w) @@ -77,31 +73,23 @@ #define PIPPENGER_MAX_BUCKET_WINDOW 12 /* Minimum number of points for which pippenger_wnaf is faster than strauss wnaf */ -#ifdef USE_ENDOMORPHISM - #define ECMULT_PIPPENGER_THRESHOLD 88 -#else - #define ECMULT_PIPPENGER_THRESHOLD 160 -#endif +#define ECMULT_PIPPENGER_THRESHOLD 88 -#ifdef USE_ENDOMORPHISM - #define ECMULT_MAX_POINTS_PER_BATCH 5000000 -#else - #define ECMULT_MAX_POINTS_PER_BATCH 10000000 -#endif +#define ECMULT_MAX_POINTS_PER_BATCH 5000000 /** Fill a table 'prej' with precomputed odd multiples of a. Prej will contain * the values [1*a,3*a,...,(2*n-1)*a], so it space for n values. zr[0] will * contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z. * Prej's Z values are undefined, except for the last value. */ -static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(int n, rustsecp256k1_v0_3_1_gej *prej, rustsecp256k1_v0_3_1_fe *zr, const rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_gej d; - rustsecp256k1_v0_3_1_ge a_ge, d_ge; +static void rustsecp256k1_v0_4_0_ecmult_odd_multiples_table(int n, rustsecp256k1_v0_4_0_gej *prej, rustsecp256k1_v0_4_0_fe *zr, const rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_gej d; + rustsecp256k1_v0_4_0_ge a_ge, d_ge; int i; VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_3_1_gej_double_var(&d, a, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&d, a, NULL); /* * Perform the additions on an isomorphism where 'd' is affine: drop the z coordinate @@ -111,7 +99,7 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(int n, rustsecp256k1 d_ge.y = d.y; d_ge.infinity = 0; - rustsecp256k1_v0_3_1_ge_set_gej_zinv(&a_ge, a, &d.z); + rustsecp256k1_v0_4_0_ge_set_gej_zinv(&a_ge, a, &d.z); prej[0].x = a_ge.x; prej[0].y = a_ge.y; prej[0].z = a->z; @@ -119,24 +107,24 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(int n, rustsecp256k1 zr[0] = d.z; for (i = 1; i < n; i++) { - rustsecp256k1_v0_3_1_gej_add_ge_var(&prej[i], &prej[i-1], &d_ge, &zr[i]); + rustsecp256k1_v0_4_0_gej_add_ge_var(&prej[i], &prej[i-1], &d_ge, &zr[i]); } /* * Each point in 'prej' has a z coordinate too small by a factor of 'd.z'. Only * the final point's z coordinate is actually used though, so just update that. */ - rustsecp256k1_v0_3_1_fe_mul(&prej[n-1].z, &prej[n-1].z, &d.z); + rustsecp256k1_v0_4_0_fe_mul(&prej[n-1].z, &prej[n-1].z, &d.z); } /** Fill a table 'pre' with precomputed odd multiples of a. * * There are two versions of this function: - * - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_globalz_windowa which brings its + * - rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_globalz_windowa which brings its * resulting point set to a single constant Z denominator, stores the X and Y * coordinates as ge_storage points in pre, and stores the global Z in rz. * It only operates on tables sized for WINDOW_A wnaf multiples. - * - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var, which converts its + * - rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_storage_var, which converts its * resulting point set to actually affine points, and stores those in pre. * It operates on tables of any size. * @@ -144,32 +132,32 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(int n, rustsecp256k1 * and for G using the second (which requires an inverse, but it only needs to * happen once). */ -static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_globalz_windowa(rustsecp256k1_v0_3_1_ge *pre, rustsecp256k1_v0_3_1_fe *globalz, const rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; - rustsecp256k1_v0_3_1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; +static void rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_globalz_windowa(rustsecp256k1_v0_4_0_ge *pre, rustsecp256k1_v0_4_0_fe *globalz, const rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + rustsecp256k1_v0_4_0_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; /* Compute the odd multiples in Jacobian form. */ - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), prej, zr, a); /* Bring them to the same Z denominator. */ - rustsecp256k1_v0_3_1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr); + rustsecp256k1_v0_4_0_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A), pre, globalz, prej, zr); } -static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const int n, rustsecp256k1_v0_3_1_ge_storage *pre, const rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_gej d; - rustsecp256k1_v0_3_1_ge d_ge, p_ge; - rustsecp256k1_v0_3_1_gej pj; - rustsecp256k1_v0_3_1_fe zi; - rustsecp256k1_v0_3_1_fe zr; - rustsecp256k1_v0_3_1_fe dx_over_dz_squared; +static void rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_storage_var(const int n, rustsecp256k1_v0_4_0_ge_storage *pre, const rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_gej d; + rustsecp256k1_v0_4_0_ge d_ge, p_ge; + rustsecp256k1_v0_4_0_gej pj; + rustsecp256k1_v0_4_0_fe zi; + rustsecp256k1_v0_4_0_fe zr; + rustsecp256k1_v0_4_0_fe dx_over_dz_squared; int i; VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_3_1_gej_double_var(&d, a, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&d, a, NULL); /* First, we perform all the additions in an isomorphic curve obtained by multiplying * all `z` coordinates by 1/`d.z`. In these coordinates `d` is affine so we can use - * `rustsecp256k1_v0_3_1_gej_add_ge_var` to perform the additions. For each addition, we store + * `rustsecp256k1_v0_4_0_gej_add_ge_var` to perform the additions. For each addition, we store * the resulting y-coordinate and the z-ratio, since we only have enough memory to * store two field elements. These are sufficient to efficiently undo the isomorphism * and recompute all the `x`s. @@ -178,34 +166,34 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const in d_ge.y = d.y; d_ge.infinity = 0; - rustsecp256k1_v0_3_1_ge_set_gej_zinv(&p_ge, a, &d.z); + rustsecp256k1_v0_4_0_ge_set_gej_zinv(&p_ge, a, &d.z); pj.x = p_ge.x; pj.y = p_ge.y; pj.z = a->z; pj.infinity = 0; for (i = 0; i < (n - 1); i++) { - rustsecp256k1_v0_3_1_fe_normalize_var(&pj.y); - rustsecp256k1_v0_3_1_fe_to_storage(&pre[i].y, &pj.y); - rustsecp256k1_v0_3_1_gej_add_ge_var(&pj, &pj, &d_ge, &zr); - rustsecp256k1_v0_3_1_fe_normalize_var(&zr); - rustsecp256k1_v0_3_1_fe_to_storage(&pre[i].x, &zr); + rustsecp256k1_v0_4_0_fe_normalize_var(&pj.y); + rustsecp256k1_v0_4_0_fe_to_storage(&pre[i].y, &pj.y); + rustsecp256k1_v0_4_0_gej_add_ge_var(&pj, &pj, &d_ge, &zr); + rustsecp256k1_v0_4_0_fe_normalize_var(&zr); + rustsecp256k1_v0_4_0_fe_to_storage(&pre[i].x, &zr); } /* Invert d.z in the same batch, preserving pj.z so we can extract 1/d.z */ - rustsecp256k1_v0_3_1_fe_mul(&zi, &pj.z, &d.z); - rustsecp256k1_v0_3_1_fe_inv_var(&zi, &zi); + rustsecp256k1_v0_4_0_fe_mul(&zi, &pj.z, &d.z); + rustsecp256k1_v0_4_0_fe_inv_var(&zi, &zi); /* Directly set `pre[n - 1]` to `pj`, saving the inverted z-coordinate so * that we can combine it with the saved z-ratios to compute the other zs * without any more inversions. */ - rustsecp256k1_v0_3_1_ge_set_gej_zinv(&p_ge, &pj, &zi); - rustsecp256k1_v0_3_1_ge_to_storage(&pre[n - 1], &p_ge); + rustsecp256k1_v0_4_0_ge_set_gej_zinv(&p_ge, &pj, &zi); + rustsecp256k1_v0_4_0_ge_to_storage(&pre[n - 1], &p_ge); /* Compute the actual x-coordinate of D, which will be needed below. */ - rustsecp256k1_v0_3_1_fe_mul(&d.z, &zi, &pj.z); /* d.z = 1/d.z */ - rustsecp256k1_v0_3_1_fe_sqr(&dx_over_dz_squared, &d.z); - rustsecp256k1_v0_3_1_fe_mul(&dx_over_dz_squared, &dx_over_dz_squared, &d.x); + rustsecp256k1_v0_4_0_fe_mul(&d.z, &zi, &pj.z); /* d.z = 1/d.z */ + rustsecp256k1_v0_4_0_fe_sqr(&dx_over_dz_squared, &d.z); + rustsecp256k1_v0_4_0_fe_mul(&dx_over_dz_squared, &dx_over_dz_squared, &d.x); /* Going into the second loop, we have set `pre[n-1]` to its final affine * form, but still need to set `pre[i]` for `i` in 0 through `n-2`. We @@ -229,21 +217,21 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const in */ i = n - 1; while (i > 0) { - rustsecp256k1_v0_3_1_fe zi2, zi3; - const rustsecp256k1_v0_3_1_fe *rzr; + rustsecp256k1_v0_4_0_fe zi2, zi3; + const rustsecp256k1_v0_4_0_fe *rzr; i--; - rustsecp256k1_v0_3_1_ge_from_storage(&p_ge, &pre[i]); + rustsecp256k1_v0_4_0_ge_from_storage(&p_ge, &pre[i]); /* For each remaining point, we extract the z-ratio from the stored * x-coordinate, compute its z^-1 from that, and compute the full * point from that. */ rzr = &p_ge.x; - rustsecp256k1_v0_3_1_fe_mul(&zi, &zi, rzr); - rustsecp256k1_v0_3_1_fe_sqr(&zi2, &zi); - rustsecp256k1_v0_3_1_fe_mul(&zi3, &zi2, &zi); + rustsecp256k1_v0_4_0_fe_mul(&zi, &zi, rzr); + rustsecp256k1_v0_4_0_fe_sqr(&zi2, &zi); + rustsecp256k1_v0_4_0_fe_mul(&zi3, &zi2, &zi); /* To compute the actual x-coordinate, we use the stored z ratio and - * y-coordinate, which we obtained from `rustsecp256k1_v0_3_1_gej_add_ge_var` + * y-coordinate, which we obtained from `rustsecp256k1_v0_4_0_gej_add_ge_var` * in the loop above, as well as the inverse of the square of its * z-coordinate. We store the latter in the `zi2` variable, which is * computed iteratively starting from the overall Z inverse then @@ -275,13 +263,13 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const in * X = d_x / d_z^2 - rzr / z^2 * = dx_over_dz_squared - rzr * zi2 */ - rustsecp256k1_v0_3_1_fe_mul(&p_ge.x, rzr, &zi2); - rustsecp256k1_v0_3_1_fe_negate(&p_ge.x, &p_ge.x, 1); - rustsecp256k1_v0_3_1_fe_add(&p_ge.x, &dx_over_dz_squared); + rustsecp256k1_v0_4_0_fe_mul(&p_ge.x, rzr, &zi2); + rustsecp256k1_v0_4_0_fe_negate(&p_ge.x, &p_ge.x, 1); + rustsecp256k1_v0_4_0_fe_add(&p_ge.x, &dx_over_dz_squared); /* y is stored_y/z^3, as we expect */ - rustsecp256k1_v0_3_1_fe_mul(&p_ge.y, &p_ge.y, &zi3); + rustsecp256k1_v0_4_0_fe_mul(&p_ge.y, &p_ge.y, &zi3); /* Store */ - rustsecp256k1_v0_3_1_ge_to_storage(&pre[i], &p_ge); + rustsecp256k1_v0_4_0_ge_to_storage(&pre[i], &p_ge); } } @@ -295,7 +283,7 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const in *(r) = (pre)[((n)-1)/2]; \ } else { \ *(r) = (pre)[(-(n)-1)/2]; \ - rustsecp256k1_v0_3_1_fe_negate(&((r)->y), &((r)->y), 1); \ + rustsecp256k1_v0_4_0_fe_negate(&((r)->y), &((r)->y), 1); \ } \ } while(0) @@ -304,29 +292,25 @@ static void rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(const in VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \ VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \ if ((n) > 0) { \ - rustsecp256k1_v0_3_1_ge_from_storage((r), &(pre)[((n)-1)/2]); \ + rustsecp256k1_v0_4_0_ge_from_storage((r), &(pre)[((n)-1)/2]); \ } else { \ - rustsecp256k1_v0_3_1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \ - rustsecp256k1_v0_3_1_fe_negate(&((r)->y), &((r)->y), 1); \ + rustsecp256k1_v0_4_0_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \ + rustsecp256k1_v0_4_0_fe_negate(&((r)->y), &((r)->y), 1); \ } \ } while(0) static const size_t SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE = - ROUND_TO_ALIGN(sizeof((*((rustsecp256k1_v0_3_1_ecmult_context*) NULL)->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) -#ifdef USE_ENDOMORPHISM - + ROUND_TO_ALIGN(sizeof((*((rustsecp256k1_v0_3_1_ecmult_context*) NULL)->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) -#endif + ROUND_TO_ALIGN(sizeof((*((rustsecp256k1_v0_4_0_ecmult_context*) NULL)->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) + + ROUND_TO_ALIGN(sizeof((*((rustsecp256k1_v0_4_0_ecmult_context*) NULL)->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G)) ; -static void rustsecp256k1_v0_3_1_ecmult_context_init(rustsecp256k1_v0_3_1_ecmult_context *ctx) { +static void rustsecp256k1_v0_4_0_ecmult_context_init(rustsecp256k1_v0_4_0_ecmult_context *ctx) { ctx->pre_g = NULL; -#ifdef USE_ENDOMORPHISM ctx->pre_g_128 = NULL; -#endif } -static void rustsecp256k1_v0_3_1_ecmult_context_build(rustsecp256k1_v0_3_1_ecmult_context *ctx, void **prealloc) { - rustsecp256k1_v0_3_1_gej gj; +static void rustsecp256k1_v0_4_0_ecmult_context_build(rustsecp256k1_v0_4_0_ecmult_context *ctx, void **prealloc) { + rustsecp256k1_v0_4_0_gej gj; void* const base = *prealloc; size_t const prealloc_size = SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; @@ -335,56 +319,52 @@ static void rustsecp256k1_v0_3_1_ecmult_context_build(rustsecp256k1_v0_3_1_ecmul } /* get the generator */ - rustsecp256k1_v0_3_1_gej_set_ge(&gj, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_gej_set_ge(&gj, &rustsecp256k1_v0_4_0_ge_const_g); { size_t size = sizeof((*ctx->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)); /* check for overflow */ VERIFY_CHECK(size / sizeof((*ctx->pre_g)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); - ctx->pre_g = (rustsecp256k1_v0_3_1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + ctx->pre_g = (rustsecp256k1_v0_4_0_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); } /* precompute the tables with odd multiples */ - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj); -#ifdef USE_ENDOMORPHISM { - rustsecp256k1_v0_3_1_gej g_128j; + rustsecp256k1_v0_4_0_gej g_128j; int i; size_t size = sizeof((*ctx->pre_g_128)[0]) * ((size_t) ECMULT_TABLE_SIZE(WINDOW_G)); /* check for overflow */ VERIFY_CHECK(size / sizeof((*ctx->pre_g_128)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G))); - ctx->pre_g_128 = (rustsecp256k1_v0_3_1_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); + ctx->pre_g_128 = (rustsecp256k1_v0_4_0_ge_storage (*)[])manual_alloc(prealloc, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G), base, prealloc_size); /* calculate 2^128*generator */ g_128j = gj; for (i = 0; i < 128; i++) { - rustsecp256k1_v0_3_1_gej_double_var(&g_128j, &g_128j, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&g_128j, &g_128j, NULL); } - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g_128, &g_128j); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g_128, &g_128j); } -#endif } -static void rustsecp256k1_v0_3_1_ecmult_context_finalize_memcpy(rustsecp256k1_v0_3_1_ecmult_context *dst, const rustsecp256k1_v0_3_1_ecmult_context *src) { +static void rustsecp256k1_v0_4_0_ecmult_context_finalize_memcpy(rustsecp256k1_v0_4_0_ecmult_context *dst, const rustsecp256k1_v0_4_0_ecmult_context *src) { if (src->pre_g != NULL) { /* We cast to void* first to suppress a -Wcast-align warning. */ - dst->pre_g = (rustsecp256k1_v0_3_1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g) - (unsigned char*)src)); + dst->pre_g = (rustsecp256k1_v0_4_0_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g) - (unsigned char*)src)); } -#ifdef USE_ENDOMORPHISM if (src->pre_g_128 != NULL) { - dst->pre_g_128 = (rustsecp256k1_v0_3_1_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g_128) - (unsigned char*)src)); + dst->pre_g_128 = (rustsecp256k1_v0_4_0_ge_storage (*)[])(void*)((unsigned char*)dst + ((unsigned char*)(src->pre_g_128) - (unsigned char*)src)); } -#endif } -static int rustsecp256k1_v0_3_1_ecmult_context_is_built(const rustsecp256k1_v0_3_1_ecmult_context *ctx) { +static int rustsecp256k1_v0_4_0_ecmult_context_is_built(const rustsecp256k1_v0_4_0_ecmult_context *ctx) { return ctx->pre_g != NULL; } -static void rustsecp256k1_v0_3_1_ecmult_context_clear(rustsecp256k1_v0_3_1_ecmult_context *ctx) { - rustsecp256k1_v0_3_1_ecmult_context_init(ctx); +static void rustsecp256k1_v0_4_0_ecmult_context_clear(rustsecp256k1_v0_4_0_ecmult_context *ctx) { + rustsecp256k1_v0_4_0_ecmult_context_init(ctx); } /** Convert a number to WNAF notation. The number becomes represented by sum(2^i * wnaf[i], i=0..bits), @@ -394,8 +374,8 @@ static void rustsecp256k1_v0_3_1_ecmult_context_clear(rustsecp256k1_v0_3_1_ecmul * - the number of set values in wnaf is returned. This number is at most 256, and at most one more * than the number of bits in the (absolute value) of the input. */ -static int rustsecp256k1_v0_3_1_ecmult_wnaf(int *wnaf, int len, const rustsecp256k1_v0_3_1_scalar *a, int w) { - rustsecp256k1_v0_3_1_scalar s; +static int rustsecp256k1_v0_4_0_ecmult_wnaf(int *wnaf, int len, const rustsecp256k1_v0_4_0_scalar *a, int w) { + rustsecp256k1_v0_4_0_scalar s; int last_set_bit = -1; int bit = 0; int sign = 1; @@ -409,15 +389,15 @@ static int rustsecp256k1_v0_3_1_ecmult_wnaf(int *wnaf, int len, const rustsecp25 memset(wnaf, 0, len * sizeof(wnaf[0])); s = *a; - if (rustsecp256k1_v0_3_1_scalar_get_bits(&s, 255, 1)) { - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); + if (rustsecp256k1_v0_4_0_scalar_get_bits(&s, 255, 1)) { + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); sign = -1; } while (bit < len) { int now; int word; - if (rustsecp256k1_v0_3_1_scalar_get_bits(&s, bit, 1) == (unsigned int)carry) { + if (rustsecp256k1_v0_4_0_scalar_get_bits(&s, bit, 1) == (unsigned int)carry) { bit++; continue; } @@ -427,7 +407,7 @@ static int rustsecp256k1_v0_3_1_ecmult_wnaf(int *wnaf, int len, const rustsecp25 now = len - bit; } - word = rustsecp256k1_v0_3_1_scalar_get_bits_var(&s, bit, now) + carry; + word = rustsecp256k1_v0_4_0_scalar_get_bits_var(&s, bit, now) + carry; carry = (word >> (w-1)) & 1; word -= carry << w; @@ -440,82 +420,62 @@ static int rustsecp256k1_v0_3_1_ecmult_wnaf(int *wnaf, int len, const rustsecp25 #ifdef VERIFY CHECK(carry == 0); while (bit < 256) { - CHECK(rustsecp256k1_v0_3_1_scalar_get_bits(&s, bit++, 1) == 0); + CHECK(rustsecp256k1_v0_4_0_scalar_get_bits(&s, bit++, 1) == 0); } #endif return last_set_bit + 1; } -struct rustsecp256k1_v0_3_1_strauss_point_state { -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_scalar na_1, na_lam; - int wnaf_na_1[130]; - int wnaf_na_lam[130]; +struct rustsecp256k1_v0_4_0_strauss_point_state { + rustsecp256k1_v0_4_0_scalar na_1, na_lam; + int wnaf_na_1[129]; + int wnaf_na_lam[129]; int bits_na_1; int bits_na_lam; -#else - int wnaf_na[256]; - int bits_na; -#endif size_t input_pos; }; -struct rustsecp256k1_v0_3_1_strauss_state { - rustsecp256k1_v0_3_1_gej* prej; - rustsecp256k1_v0_3_1_fe* zr; - rustsecp256k1_v0_3_1_ge* pre_a; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ge* pre_a_lam; -#endif - struct rustsecp256k1_v0_3_1_strauss_point_state* ps; +struct rustsecp256k1_v0_4_0_strauss_state { + rustsecp256k1_v0_4_0_gej* prej; + rustsecp256k1_v0_4_0_fe* zr; + rustsecp256k1_v0_4_0_ge* pre_a; + rustsecp256k1_v0_4_0_ge* pre_a_lam; + struct rustsecp256k1_v0_4_0_strauss_point_state* ps; }; -static void rustsecp256k1_v0_3_1_ecmult_strauss_wnaf(const rustsecp256k1_v0_3_1_ecmult_context *ctx, const struct rustsecp256k1_v0_3_1_strauss_state *state, rustsecp256k1_v0_3_1_gej *r, int num, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_scalar *na, const rustsecp256k1_v0_3_1_scalar *ng) { - rustsecp256k1_v0_3_1_ge tmpa; - rustsecp256k1_v0_3_1_fe Z; -#ifdef USE_ENDOMORPHISM +static void rustsecp256k1_v0_4_0_ecmult_strauss_wnaf(const rustsecp256k1_v0_4_0_ecmult_context *ctx, const struct rustsecp256k1_v0_4_0_strauss_state *state, rustsecp256k1_v0_4_0_gej *r, size_t num, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_scalar *na, const rustsecp256k1_v0_4_0_scalar *ng) { + rustsecp256k1_v0_4_0_ge tmpa; + rustsecp256k1_v0_4_0_fe Z; /* Splitted G factors. */ - rustsecp256k1_v0_3_1_scalar ng_1, ng_128; + rustsecp256k1_v0_4_0_scalar ng_1, ng_128; int wnaf_ng_1[129]; int bits_ng_1 = 0; int wnaf_ng_128[129]; int bits_ng_128 = 0; -#else - int wnaf_ng[256]; - int bits_ng = 0; -#endif int i; int bits = 0; - int np; - int no = 0; + size_t np; + size_t no = 0; for (np = 0; np < num; ++np) { - if (rustsecp256k1_v0_3_1_scalar_is_zero(&na[np]) || rustsecp256k1_v0_3_1_gej_is_infinity(&a[np])) { + if (rustsecp256k1_v0_4_0_scalar_is_zero(&na[np]) || rustsecp256k1_v0_4_0_gej_is_infinity(&a[np])) { continue; } state->ps[no].input_pos = np; -#ifdef USE_ENDOMORPHISM /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ - rustsecp256k1_v0_3_1_scalar_split_lambda(&state->ps[no].na_1, &state->ps[no].na_lam, &na[np]); + rustsecp256k1_v0_4_0_scalar_split_lambda(&state->ps[no].na_1, &state->ps[no].na_lam, &na[np]); /* build wnaf representation for na_1 and na_lam. */ - state->ps[no].bits_na_1 = rustsecp256k1_v0_3_1_ecmult_wnaf(state->ps[no].wnaf_na_1, 130, &state->ps[no].na_1, WINDOW_A); - state->ps[no].bits_na_lam = rustsecp256k1_v0_3_1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 130, &state->ps[no].na_lam, WINDOW_A); - VERIFY_CHECK(state->ps[no].bits_na_1 <= 130); - VERIFY_CHECK(state->ps[no].bits_na_lam <= 130); + state->ps[no].bits_na_1 = rustsecp256k1_v0_4_0_ecmult_wnaf(state->ps[no].wnaf_na_1, 129, &state->ps[no].na_1, WINDOW_A); + state->ps[no].bits_na_lam = rustsecp256k1_v0_4_0_ecmult_wnaf(state->ps[no].wnaf_na_lam, 129, &state->ps[no].na_lam, WINDOW_A); + VERIFY_CHECK(state->ps[no].bits_na_1 <= 129); + VERIFY_CHECK(state->ps[no].bits_na_lam <= 129); if (state->ps[no].bits_na_1 > bits) { bits = state->ps[no].bits_na_1; } if (state->ps[no].bits_na_lam > bits) { bits = state->ps[no].bits_na_lam; } -#else - /* build wnaf representation for na. */ - state->ps[no].bits_na = rustsecp256k1_v0_3_1_ecmult_wnaf(state->ps[no].wnaf_na, 256, &na[np], WINDOW_A); - if (state->ps[no].bits_na > bits) { - bits = state->ps[no].bits_na; - } -#endif ++no; } @@ -526,41 +486,40 @@ static void rustsecp256k1_v0_3_1_ecmult_strauss_wnaf(const rustsecp256k1_v0_3_1_ * the Z coordinate of the result once at the end. * The exception is the precomputed G table points, which are actually * affine. Compared to the base used for other points, they have a Z ratio - * of 1/Z, so we can use rustsecp256k1_v0_3_1_gej_add_zinv_var, which uses the same + * of 1/Z, so we can use rustsecp256k1_v0_4_0_gej_add_zinv_var, which uses the same * isomorphism to efficiently add with a known Z inverse. */ if (no > 0) { /* Compute the odd multiples in Jacobian form. */ - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej, state->zr, &a[state->ps[0].input_pos]); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej, state->zr, &a[state->ps[0].input_pos]); for (np = 1; np < no; ++np) { - rustsecp256k1_v0_3_1_gej tmp = a[state->ps[np].input_pos]; + rustsecp256k1_v0_4_0_gej tmp = a[state->ps[np].input_pos]; #ifdef VERIFY - rustsecp256k1_v0_3_1_fe_normalize_var(&(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); + rustsecp256k1_v0_4_0_fe_normalize_var(&(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); #endif - rustsecp256k1_v0_3_1_gej_rescale(&tmp, &(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); - rustsecp256k1_v0_3_1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &tmp); - rustsecp256k1_v0_3_1_fe_mul(state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &(a[state->ps[np].input_pos].z)); + rustsecp256k1_v0_4_0_gej_rescale(&tmp, &(state->prej[(np - 1) * ECMULT_TABLE_SIZE(WINDOW_A) + ECMULT_TABLE_SIZE(WINDOW_A) - 1].z)); + rustsecp256k1_v0_4_0_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->prej + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &tmp); + rustsecp256k1_v0_4_0_fe_mul(state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), state->zr + np * ECMULT_TABLE_SIZE(WINDOW_A), &(a[state->ps[np].input_pos].z)); } /* Bring them to the same Z denominator. */ - rustsecp256k1_v0_3_1_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, &Z, state->prej, state->zr); + rustsecp256k1_v0_4_0_ge_globalz_set_table_gej(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, &Z, state->prej, state->zr); } else { - rustsecp256k1_v0_3_1_fe_set_int(&Z, 1); + rustsecp256k1_v0_4_0_fe_set_int(&Z, 1); } -#ifdef USE_ENDOMORPHISM for (np = 0; np < no; ++np) { for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - rustsecp256k1_v0_3_1_ge_mul_lambda(&state->pre_a_lam[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i]); + rustsecp256k1_v0_4_0_ge_mul_lambda(&state->pre_a_lam[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i]); } } if (ng) { /* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */ - rustsecp256k1_v0_3_1_scalar_split_128(&ng_1, &ng_128, ng); + rustsecp256k1_v0_4_0_scalar_split_128(&ng_1, &ng_128, ng); /* Build wnaf representation for ng_1 and ng_128 */ - bits_ng_1 = rustsecp256k1_v0_3_1_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); - bits_ng_128 = rustsecp256k1_v0_3_1_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); + bits_ng_1 = rustsecp256k1_v0_4_0_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); + bits_ng_128 = rustsecp256k1_v0_4_0_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); if (bits_ng_1 > bits) { bits = bits_ng_1; } @@ -568,136 +527,103 @@ static void rustsecp256k1_v0_3_1_ecmult_strauss_wnaf(const rustsecp256k1_v0_3_1_ bits = bits_ng_128; } } -#else - if (ng) { - bits_ng = rustsecp256k1_v0_3_1_ecmult_wnaf(wnaf_ng, 256, ng, WINDOW_G); - if (bits_ng > bits) { - bits = bits_ng; - } - } -#endif - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); for (i = bits - 1; i >= 0; i--) { int n; - rustsecp256k1_v0_3_1_gej_double_var(r, r, NULL); -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_gej_double_var(r, r, NULL); for (np = 0; np < no; ++np) { if (i < state->ps[np].bits_na_1 && (n = state->ps[np].wnaf_na_1[i])) { ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - rustsecp256k1_v0_3_1_gej_add_ge_var(r, r, &tmpa, NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(r, r, &tmpa, NULL); } if (i < state->ps[np].bits_na_lam && (n = state->ps[np].wnaf_na_lam[i])) { ECMULT_TABLE_GET_GE(&tmpa, state->pre_a_lam + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - rustsecp256k1_v0_3_1_gej_add_ge_var(r, r, &tmpa, NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(r, r, &tmpa, NULL); } } if (i < bits_ng_1 && (n = wnaf_ng_1[i])) { ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); - rustsecp256k1_v0_3_1_gej_add_zinv_var(r, r, &tmpa, &Z); + rustsecp256k1_v0_4_0_gej_add_zinv_var(r, r, &tmpa, &Z); } if (i < bits_ng_128 && (n = wnaf_ng_128[i])) { ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g_128, n, WINDOW_G); - rustsecp256k1_v0_3_1_gej_add_zinv_var(r, r, &tmpa, &Z); + rustsecp256k1_v0_4_0_gej_add_zinv_var(r, r, &tmpa, &Z); } -#else - for (np = 0; np < no; ++np) { - if (i < state->ps[np].bits_na && (n = state->ps[np].wnaf_na[i])) { - ECMULT_TABLE_GET_GE(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - rustsecp256k1_v0_3_1_gej_add_ge_var(r, r, &tmpa, NULL); - } - } - if (i < bits_ng && (n = wnaf_ng[i])) { - ECMULT_TABLE_GET_GE_STORAGE(&tmpa, *ctx->pre_g, n, WINDOW_G); - rustsecp256k1_v0_3_1_gej_add_zinv_var(r, r, &tmpa, &Z); - } -#endif } if (!r->infinity) { - rustsecp256k1_v0_3_1_fe_mul(&r->z, &r->z, &Z); + rustsecp256k1_v0_4_0_fe_mul(&r->z, &r->z, &Z); } } -static void rustsecp256k1_v0_3_1_ecmult(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_scalar *na, const rustsecp256k1_v0_3_1_scalar *ng) { - rustsecp256k1_v0_3_1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; - rustsecp256k1_v0_3_1_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; - rustsecp256k1_v0_3_1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; - struct rustsecp256k1_v0_3_1_strauss_point_state ps[1]; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; -#endif - struct rustsecp256k1_v0_3_1_strauss_state state; +static void rustsecp256k1_v0_4_0_ecmult(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_scalar *na, const rustsecp256k1_v0_4_0_scalar *ng) { + rustsecp256k1_v0_4_0_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)]; + rustsecp256k1_v0_4_0_fe zr[ECMULT_TABLE_SIZE(WINDOW_A)]; + rustsecp256k1_v0_4_0_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + struct rustsecp256k1_v0_4_0_strauss_point_state ps[1]; + rustsecp256k1_v0_4_0_ge pre_a_lam[ECMULT_TABLE_SIZE(WINDOW_A)]; + struct rustsecp256k1_v0_4_0_strauss_state state; state.prej = prej; state.zr = zr; state.pre_a = pre_a; -#ifdef USE_ENDOMORPHISM state.pre_a_lam = pre_a_lam; -#endif state.ps = ps; - rustsecp256k1_v0_3_1_ecmult_strauss_wnaf(ctx, &state, r, 1, a, na, ng); + rustsecp256k1_v0_4_0_ecmult_strauss_wnaf(ctx, &state, r, 1, a, na, ng); } -static size_t rustsecp256k1_v0_3_1_strauss_scratch_size(size_t n_points) { -#ifdef USE_ENDOMORPHISM - static const size_t point_size = (2 * sizeof(rustsecp256k1_v0_3_1_ge) + sizeof(rustsecp256k1_v0_3_1_gej) + sizeof(rustsecp256k1_v0_3_1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct rustsecp256k1_v0_3_1_strauss_point_state) + sizeof(rustsecp256k1_v0_3_1_gej) + sizeof(rustsecp256k1_v0_3_1_scalar); -#else - static const size_t point_size = (sizeof(rustsecp256k1_v0_3_1_ge) + sizeof(rustsecp256k1_v0_3_1_gej) + sizeof(rustsecp256k1_v0_3_1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct rustsecp256k1_v0_3_1_strauss_point_state) + sizeof(rustsecp256k1_v0_3_1_gej) + sizeof(rustsecp256k1_v0_3_1_scalar); -#endif +static size_t rustsecp256k1_v0_4_0_strauss_scratch_size(size_t n_points) { + static const size_t point_size = (2 * sizeof(rustsecp256k1_v0_4_0_ge) + sizeof(rustsecp256k1_v0_4_0_gej) + sizeof(rustsecp256k1_v0_4_0_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct rustsecp256k1_v0_4_0_strauss_point_state) + sizeof(rustsecp256k1_v0_4_0_gej) + sizeof(rustsecp256k1_v0_4_0_scalar); return n_points*point_size; } -static int rustsecp256k1_v0_3_1_ecmult_strauss_batch(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - rustsecp256k1_v0_3_1_gej* points; - rustsecp256k1_v0_3_1_scalar* scalars; - struct rustsecp256k1_v0_3_1_strauss_state state; +static int rustsecp256k1_v0_4_0_ecmult_strauss_batch(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + rustsecp256k1_v0_4_0_gej* points; + rustsecp256k1_v0_4_0_scalar* scalars; + struct rustsecp256k1_v0_4_0_strauss_state state; size_t i; - const size_t scratch_checkpoint = rustsecp256k1_v0_3_1_scratch_checkpoint(error_callback, scratch); + const size_t scratch_checkpoint = rustsecp256k1_v0_4_0_scratch_checkpoint(error_callback, scratch); - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); if (inp_g_sc == NULL && n_points == 0) { return 1; } - points = (rustsecp256k1_v0_3_1_gej*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_3_1_gej)); - scalars = (rustsecp256k1_v0_3_1_scalar*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_3_1_scalar)); - state.prej = (rustsecp256k1_v0_3_1_gej*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_3_1_gej)); - state.zr = (rustsecp256k1_v0_3_1_fe*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_3_1_fe)); -#ifdef USE_ENDOMORPHISM - state.pre_a = (rustsecp256k1_v0_3_1_ge*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * 2 * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_3_1_ge)); - state.pre_a_lam = state.pre_a + n_points * ECMULT_TABLE_SIZE(WINDOW_A); -#else - state.pre_a = (rustsecp256k1_v0_3_1_ge*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_3_1_ge)); -#endif - state.ps = (struct rustsecp256k1_v0_3_1_strauss_point_state*)rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct rustsecp256k1_v0_3_1_strauss_point_state)); + points = (rustsecp256k1_v0_4_0_gej*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_4_0_gej)); + scalars = (rustsecp256k1_v0_4_0_scalar*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_4_0_scalar)); + state.prej = (rustsecp256k1_v0_4_0_gej*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_4_0_gej)); + state.zr = (rustsecp256k1_v0_4_0_fe*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_4_0_fe)); + state.pre_a = (rustsecp256k1_v0_4_0_ge*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_4_0_ge)); + state.pre_a_lam = (rustsecp256k1_v0_4_0_ge*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_4_0_ge)); + state.ps = (struct rustsecp256k1_v0_4_0_strauss_point_state*)rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, n_points * sizeof(struct rustsecp256k1_v0_4_0_strauss_point_state)); - if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL) { - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + if (points == NULL || scalars == NULL || state.prej == NULL || state.zr == NULL || state.pre_a == NULL || state.pre_a_lam == NULL || state.ps == NULL) { + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } for (i = 0; i < n_points; i++) { - rustsecp256k1_v0_3_1_ge point; + rustsecp256k1_v0_4_0_ge point; if (!cb(&scalars[i], &point, i+cb_offset, cbdata)) { - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } - rustsecp256k1_v0_3_1_gej_set_ge(&points[i], &point); + rustsecp256k1_v0_4_0_gej_set_ge(&points[i], &point); } - rustsecp256k1_v0_3_1_ecmult_strauss_wnaf(ctx, &state, r, n_points, points, scalars, inp_g_sc); - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + rustsecp256k1_v0_4_0_ecmult_strauss_wnaf(ctx, &state, r, n_points, points, scalars, inp_g_sc); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 1; } -/* Wrapper for rustsecp256k1_v0_3_1_ecmult_multi_func interface */ -static int rustsecp256k1_v0_3_1_ecmult_strauss_batch_single(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context *actx, rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n) { - return rustsecp256k1_v0_3_1_ecmult_strauss_batch(error_callback, actx, scratch, r, inp_g_sc, cb, cbdata, n, 0); +/* Wrapper for rustsecp256k1_v0_4_0_ecmult_multi_func interface */ +static int rustsecp256k1_v0_4_0_ecmult_strauss_batch_single(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context *actx, rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n) { + return rustsecp256k1_v0_4_0_ecmult_strauss_batch(error_callback, actx, scratch, r, inp_g_sc, cb, cbdata, n, 0); } -static size_t rustsecp256k1_v0_3_1_strauss_max_points(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch *scratch) { - return rustsecp256k1_v0_3_1_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / rustsecp256k1_v0_3_1_strauss_scratch_size(1); +static size_t rustsecp256k1_v0_4_0_strauss_max_points(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch *scratch) { + return rustsecp256k1_v0_4_0_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / rustsecp256k1_v0_4_0_strauss_scratch_size(1); } /** Convert a number to WNAF notation. @@ -707,25 +633,25 @@ static size_t rustsecp256k1_v0_3_1_strauss_max_points(const rustsecp256k1_v0_3_1 * - the number of words set is always WNAF_SIZE(w) * - the returned skew is 0 or 1 */ -static int rustsecp256k1_v0_3_1_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_3_1_scalar *s, int w) { +static int rustsecp256k1_v0_4_0_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_4_0_scalar *s, int w) { int skew = 0; int pos; int max_pos; int last_w; - const rustsecp256k1_v0_3_1_scalar *work = s; + const rustsecp256k1_v0_4_0_scalar *work = s; - if (rustsecp256k1_v0_3_1_scalar_is_zero(s)) { + if (rustsecp256k1_v0_4_0_scalar_is_zero(s)) { for (pos = 0; pos < WNAF_SIZE(w); pos++) { wnaf[pos] = 0; } return 0; } - if (rustsecp256k1_v0_3_1_scalar_is_even(s)) { + if (rustsecp256k1_v0_4_0_scalar_is_even(s)) { skew = 1; } - wnaf[0] = rustsecp256k1_v0_3_1_scalar_get_bits_var(work, 0, w) + skew; + wnaf[0] = rustsecp256k1_v0_4_0_scalar_get_bits_var(work, 0, w) + skew; /* Compute last window size. Relevant when window size doesn't divide the * number of bits in the scalar */ last_w = WNAF_BITS - (WNAF_SIZE(w) - 1) * w; @@ -733,7 +659,7 @@ static int rustsecp256k1_v0_3_1_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_3_1 /* Store the position of the first nonzero word in max_pos to allow * skipping leading zeros when calculating the wnaf. */ for (pos = WNAF_SIZE(w) - 1; pos > 0; pos--) { - int val = rustsecp256k1_v0_3_1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + int val = rustsecp256k1_v0_4_0_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); if(val != 0) { break; } @@ -743,7 +669,7 @@ static int rustsecp256k1_v0_3_1_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_3_1 pos = 1; while (pos <= max_pos) { - int val = rustsecp256k1_v0_3_1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + int val = rustsecp256k1_v0_4_0_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); if ((val & 1) == 0) { wnaf[pos - 1] -= (1 << w); wnaf[pos] = (val + 1); @@ -769,14 +695,14 @@ static int rustsecp256k1_v0_3_1_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_3_1 return skew; } -struct rustsecp256k1_v0_3_1_pippenger_point_state { +struct rustsecp256k1_v0_4_0_pippenger_point_state { int skew_na; size_t input_pos; }; -struct rustsecp256k1_v0_3_1_pippenger_state { +struct rustsecp256k1_v0_4_0_pippenger_state { int *wnaf_na; - struct rustsecp256k1_v0_3_1_pippenger_point_state* ps; + struct rustsecp256k1_v0_4_0_pippenger_point_state* ps; }; /* @@ -786,7 +712,7 @@ struct rustsecp256k1_v0_3_1_pippenger_state { * to the point's wnaf[i]. Second, the buckets are added together such that * r += 1*bucket[0] + 3*bucket[1] + 5*bucket[2] + ... */ -static int rustsecp256k1_v0_3_1_ecmult_pippenger_wnaf(rustsecp256k1_v0_3_1_gej *buckets, int bucket_window, struct rustsecp256k1_v0_3_1_pippenger_state *state, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *sc, const rustsecp256k1_v0_3_1_ge *pt, size_t num) { +static int rustsecp256k1_v0_4_0_ecmult_pippenger_wnaf(rustsecp256k1_v0_4_0_gej *buckets, int bucket_window, struct rustsecp256k1_v0_4_0_pippenger_state *state, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *sc, const rustsecp256k1_v0_4_0_ge *pt, size_t num) { size_t n_wnaf = WNAF_SIZE(bucket_window+1); size_t np; size_t no = 0; @@ -794,55 +720,55 @@ static int rustsecp256k1_v0_3_1_ecmult_pippenger_wnaf(rustsecp256k1_v0_3_1_gej * int j; for (np = 0; np < num; ++np) { - if (rustsecp256k1_v0_3_1_scalar_is_zero(&sc[np]) || rustsecp256k1_v0_3_1_ge_is_infinity(&pt[np])) { + if (rustsecp256k1_v0_4_0_scalar_is_zero(&sc[np]) || rustsecp256k1_v0_4_0_ge_is_infinity(&pt[np])) { continue; } state->ps[no].input_pos = np; - state->ps[no].skew_na = rustsecp256k1_v0_3_1_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); + state->ps[no].skew_na = rustsecp256k1_v0_4_0_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); no++; } - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); if (no == 0) { return 1; } for (i = n_wnaf - 1; i >= 0; i--) { - rustsecp256k1_v0_3_1_gej running_sum; + rustsecp256k1_v0_4_0_gej running_sum; for(j = 0; j < ECMULT_TABLE_SIZE(bucket_window+2); j++) { - rustsecp256k1_v0_3_1_gej_set_infinity(&buckets[j]); + rustsecp256k1_v0_4_0_gej_set_infinity(&buckets[j]); } for (np = 0; np < no; ++np) { int n = state->wnaf_na[np*n_wnaf + i]; - struct rustsecp256k1_v0_3_1_pippenger_point_state point_state = state->ps[np]; - rustsecp256k1_v0_3_1_ge tmp; + struct rustsecp256k1_v0_4_0_pippenger_point_state point_state = state->ps[np]; + rustsecp256k1_v0_4_0_ge tmp; int idx; if (i == 0) { /* correct for wnaf skew */ int skew = point_state.skew_na; if (skew) { - rustsecp256k1_v0_3_1_ge_neg(&tmp, &pt[point_state.input_pos]); - rustsecp256k1_v0_3_1_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); + rustsecp256k1_v0_4_0_ge_neg(&tmp, &pt[point_state.input_pos]); + rustsecp256k1_v0_4_0_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); } } if (n > 0) { idx = (n - 1)/2; - rustsecp256k1_v0_3_1_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); } else if (n < 0) { idx = -(n + 1)/2; - rustsecp256k1_v0_3_1_ge_neg(&tmp, &pt[point_state.input_pos]); - rustsecp256k1_v0_3_1_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); + rustsecp256k1_v0_4_0_ge_neg(&tmp, &pt[point_state.input_pos]); + rustsecp256k1_v0_4_0_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); } } for(j = 0; j < bucket_window; j++) { - rustsecp256k1_v0_3_1_gej_double_var(r, r, NULL); + rustsecp256k1_v0_4_0_gej_double_var(r, r, NULL); } - rustsecp256k1_v0_3_1_gej_set_infinity(&running_sum); + rustsecp256k1_v0_4_0_gej_set_infinity(&running_sum); /* Accumulate the sum: bucket[0] + 3*bucket[1] + 5*bucket[2] + 7*bucket[3] + ... * = bucket[0] + bucket[1] + bucket[2] + bucket[3] + ... * + 2 * (bucket[1] + 2*bucket[2] + 3*bucket[3] + ...) @@ -852,13 +778,13 @@ static int rustsecp256k1_v0_3_1_ecmult_pippenger_wnaf(rustsecp256k1_v0_3_1_gej * * The doubling is done implicitly by deferring the final window doubling (of 'r'). */ for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) { - rustsecp256k1_v0_3_1_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); - rustsecp256k1_v0_3_1_gej_add_var(r, r, &running_sum, NULL); + rustsecp256k1_v0_4_0_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); + rustsecp256k1_v0_4_0_gej_add_var(r, r, &running_sum, NULL); } - rustsecp256k1_v0_3_1_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); - rustsecp256k1_v0_3_1_gej_double_var(r, r, NULL); - rustsecp256k1_v0_3_1_gej_add_var(r, r, &running_sum, NULL); + rustsecp256k1_v0_4_0_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); + rustsecp256k1_v0_4_0_gej_double_var(r, r, NULL); + rustsecp256k1_v0_4_0_gej_add_var(r, r, &running_sum, NULL); } return 1; } @@ -867,8 +793,7 @@ static int rustsecp256k1_v0_3_1_ecmult_pippenger_wnaf(rustsecp256k1_v0_3_1_gej * * Returns optimal bucket_window (number of bits of a scalar represented by a * set of buckets) for a given number of points. */ -static int rustsecp256k1_v0_3_1_pippenger_bucket_window(size_t n) { -#ifdef USE_ENDOMORPHISM +static int rustsecp256k1_v0_4_0_pippenger_bucket_window(size_t n) { if (n <= 1) { return 1; } else if (n <= 4) { @@ -892,41 +817,13 @@ static int rustsecp256k1_v0_3_1_pippenger_bucket_window(size_t n) { } else { return PIPPENGER_MAX_BUCKET_WINDOW; } -#else - if (n <= 1) { - return 1; - } else if (n <= 11) { - return 2; - } else if (n <= 45) { - return 3; - } else if (n <= 100) { - return 4; - } else if (n <= 275) { - return 5; - } else if (n <= 625) { - return 6; - } else if (n <= 1850) { - return 7; - } else if (n <= 3400) { - return 8; - } else if (n <= 9630) { - return 9; - } else if (n <= 17900) { - return 10; - } else if (n <= 32800) { - return 11; - } else { - return PIPPENGER_MAX_BUCKET_WINDOW; - } -#endif } /** * Returns the maximum optimal number of points for a bucket_window. */ -static size_t rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(int bucket_window) { +static size_t rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(int bucket_window) { switch(bucket_window) { -#ifdef USE_ENDOMORPHISM case 1: return 1; case 2: return 4; case 3: return 20; @@ -939,141 +836,113 @@ static size_t rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(int bucket_window case 10: return 7880; case 11: return 16050; case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; -#else - case 1: return 1; - case 2: return 11; - case 3: return 45; - case 4: return 100; - case 5: return 275; - case 6: return 625; - case 7: return 1850; - case 8: return 3400; - case 9: return 9630; - case 10: return 17900; - case 11: return 32800; - case PIPPENGER_MAX_BUCKET_WINDOW: return SIZE_MAX; -#endif } return 0; } -#ifdef USE_ENDOMORPHISM -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_ecmult_endo_split(rustsecp256k1_v0_3_1_scalar *s1, rustsecp256k1_v0_3_1_scalar *s2, rustsecp256k1_v0_3_1_ge *p1, rustsecp256k1_v0_3_1_ge *p2) { - rustsecp256k1_v0_3_1_scalar tmp = *s1; - rustsecp256k1_v0_3_1_scalar_split_lambda(s1, s2, &tmp); - rustsecp256k1_v0_3_1_ge_mul_lambda(p2, p1); +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_ecmult_endo_split(rustsecp256k1_v0_4_0_scalar *s1, rustsecp256k1_v0_4_0_scalar *s2, rustsecp256k1_v0_4_0_ge *p1, rustsecp256k1_v0_4_0_ge *p2) { + rustsecp256k1_v0_4_0_scalar tmp = *s1; + rustsecp256k1_v0_4_0_scalar_split_lambda(s1, s2, &tmp); + rustsecp256k1_v0_4_0_ge_mul_lambda(p2, p1); - if (rustsecp256k1_v0_3_1_scalar_is_high(s1)) { - rustsecp256k1_v0_3_1_scalar_negate(s1, s1); - rustsecp256k1_v0_3_1_ge_neg(p1, p1); + if (rustsecp256k1_v0_4_0_scalar_is_high(s1)) { + rustsecp256k1_v0_4_0_scalar_negate(s1, s1); + rustsecp256k1_v0_4_0_ge_neg(p1, p1); } - if (rustsecp256k1_v0_3_1_scalar_is_high(s2)) { - rustsecp256k1_v0_3_1_scalar_negate(s2, s2); - rustsecp256k1_v0_3_1_ge_neg(p2, p2); + if (rustsecp256k1_v0_4_0_scalar_is_high(s2)) { + rustsecp256k1_v0_4_0_scalar_negate(s2, s2); + rustsecp256k1_v0_4_0_ge_neg(p2, p2); } } -#endif /** * Returns the scratch size required for a given number of points (excluding * base point G) without considering alignment. */ -static size_t rustsecp256k1_v0_3_1_pippenger_scratch_size(size_t n_points, int bucket_window) { -#ifdef USE_ENDOMORPHISM +static size_t rustsecp256k1_v0_4_0_pippenger_scratch_size(size_t n_points, int bucket_window) { size_t entries = 2*n_points + 2; -#else - size_t entries = n_points + 1; -#endif - size_t entry_size = sizeof(rustsecp256k1_v0_3_1_ge) + sizeof(rustsecp256k1_v0_3_1_scalar) + sizeof(struct rustsecp256k1_v0_3_1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); - return (sizeof(rustsecp256k1_v0_3_1_gej) << bucket_window) + sizeof(struct rustsecp256k1_v0_3_1_pippenger_state) + entries * entry_size; + size_t entry_size = sizeof(rustsecp256k1_v0_4_0_ge) + sizeof(rustsecp256k1_v0_4_0_scalar) + sizeof(struct rustsecp256k1_v0_4_0_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); + return (sizeof(rustsecp256k1_v0_4_0_gej) << bucket_window) + sizeof(struct rustsecp256k1_v0_4_0_pippenger_state) + entries * entry_size; } -static int rustsecp256k1_v0_3_1_ecmult_pippenger_batch(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - const size_t scratch_checkpoint = rustsecp256k1_v0_3_1_scratch_checkpoint(error_callback, scratch); - /* Use 2(n+1) with the endomorphism, n+1 without, when calculating batch +static int rustsecp256k1_v0_4_0_ecmult_pippenger_batch(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + const size_t scratch_checkpoint = rustsecp256k1_v0_4_0_scratch_checkpoint(error_callback, scratch); + /* Use 2(n+1) with the endomorphism, when calculating batch * sizes. The reason for +1 is that we add the G scalar to the list of * other scalars. */ -#ifdef USE_ENDOMORPHISM size_t entries = 2*n_points + 2; -#else - size_t entries = n_points + 1; -#endif - rustsecp256k1_v0_3_1_ge *points; - rustsecp256k1_v0_3_1_scalar *scalars; - rustsecp256k1_v0_3_1_gej *buckets; - struct rustsecp256k1_v0_3_1_pippenger_state *state_space; + rustsecp256k1_v0_4_0_ge *points; + rustsecp256k1_v0_4_0_scalar *scalars; + rustsecp256k1_v0_4_0_gej *buckets; + struct rustsecp256k1_v0_4_0_pippenger_state *state_space; size_t idx = 0; size_t point_idx = 0; int i, j; int bucket_window; (void)ctx; - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); if (inp_g_sc == NULL && n_points == 0) { return 1; } - bucket_window = rustsecp256k1_v0_3_1_pippenger_bucket_window(n_points); - points = (rustsecp256k1_v0_3_1_ge *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); - scalars = (rustsecp256k1_v0_3_1_scalar *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); - state_space = (struct rustsecp256k1_v0_3_1_pippenger_state *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, sizeof(*state_space)); + bucket_window = rustsecp256k1_v0_4_0_pippenger_bucket_window(n_points); + points = (rustsecp256k1_v0_4_0_ge *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); + scalars = (rustsecp256k1_v0_4_0_scalar *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); + state_space = (struct rustsecp256k1_v0_4_0_pippenger_state *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, sizeof(*state_space)); if (points == NULL || scalars == NULL || state_space == NULL) { - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } - state_space->ps = (struct rustsecp256k1_v0_3_1_pippenger_point_state *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); - state_space->wnaf_na = (int *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); - buckets = (rustsecp256k1_v0_3_1_gej *) rustsecp256k1_v0_3_1_scratch_alloc(error_callback, scratch, (1<ps = (struct rustsecp256k1_v0_4_0_pippenger_point_state *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); + state_space->wnaf_na = (int *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); + buckets = (rustsecp256k1_v0_4_0_gej *) rustsecp256k1_v0_4_0_scratch_alloc(error_callback, scratch, (1<ps == NULL || state_space->wnaf_na == NULL || buckets == NULL) { - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } if (inp_g_sc != NULL) { scalars[0] = *inp_g_sc; - points[0] = rustsecp256k1_v0_3_1_ge_const_g; + points[0] = rustsecp256k1_v0_4_0_ge_const_g; idx++; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); + rustsecp256k1_v0_4_0_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); idx++; -#endif } while (point_idx < n_points) { if (!cb(&scalars[idx], &points[idx], point_idx + cb_offset, cbdata)) { - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } idx++; -#ifdef USE_ENDOMORPHISM - rustsecp256k1_v0_3_1_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); + rustsecp256k1_v0_4_0_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); idx++; -#endif point_idx++; } - rustsecp256k1_v0_3_1_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); + rustsecp256k1_v0_4_0_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); /* Clear data */ for(i = 0; (size_t)i < idx; i++) { - rustsecp256k1_v0_3_1_scalar_clear(&scalars[i]); + rustsecp256k1_v0_4_0_scalar_clear(&scalars[i]); state_space->ps[i].skew_na = 0; for(j = 0; j < WNAF_SIZE(bucket_window+1); j++) { state_space->wnaf_na[i * WNAF_SIZE(bucket_window+1) + j] = 0; } } for(i = 0; i < 1< max_alloc) { break; } @@ -1119,34 +986,34 @@ static size_t rustsecp256k1_v0_3_1_pippenger_max_points(const rustsecp256k1_v0_3 /* Computes ecmult_multi by simply multiplying and adding each point. Does not * require a scratch space */ -static int rustsecp256k1_v0_3_1_ecmult_multi_simple_var(const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n_points) { +static int rustsecp256k1_v0_4_0_ecmult_multi_simple_var(const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n_points) { size_t point_idx; - rustsecp256k1_v0_3_1_scalar szero; - rustsecp256k1_v0_3_1_gej tmpj; + rustsecp256k1_v0_4_0_scalar szero; + rustsecp256k1_v0_4_0_gej tmpj; - rustsecp256k1_v0_3_1_scalar_set_int(&szero, 0); - rustsecp256k1_v0_3_1_gej_set_infinity(r); - rustsecp256k1_v0_3_1_gej_set_infinity(&tmpj); + rustsecp256k1_v0_4_0_scalar_set_int(&szero, 0); + rustsecp256k1_v0_4_0_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(&tmpj); /* r = inp_g_sc*G */ - rustsecp256k1_v0_3_1_ecmult(ctx, r, &tmpj, &szero, inp_g_sc); + rustsecp256k1_v0_4_0_ecmult(ctx, r, &tmpj, &szero, inp_g_sc); for (point_idx = 0; point_idx < n_points; point_idx++) { - rustsecp256k1_v0_3_1_ge point; - rustsecp256k1_v0_3_1_gej pointj; - rustsecp256k1_v0_3_1_scalar scalar; + rustsecp256k1_v0_4_0_ge point; + rustsecp256k1_v0_4_0_gej pointj; + rustsecp256k1_v0_4_0_scalar scalar; if (!cb(&scalar, &point, point_idx, cbdata)) { return 0; } /* r += scalar*point */ - rustsecp256k1_v0_3_1_gej_set_ge(&pointj, &point); - rustsecp256k1_v0_3_1_ecmult(ctx, &tmpj, &pointj, &scalar, NULL); - rustsecp256k1_v0_3_1_gej_add_var(r, r, &tmpj, NULL); + rustsecp256k1_v0_4_0_gej_set_ge(&pointj, &point); + rustsecp256k1_v0_4_0_ecmult(ctx, &tmpj, &pointj, &scalar, NULL); + rustsecp256k1_v0_4_0_gej_add_var(r, r, &tmpj, NULL); } return 1; } /* Compute the number of batches and the batch size given the maximum batch size and the * total number of points */ -static int rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { +static int rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { if (max_n_batch_points == 0) { return 0; } @@ -1164,50 +1031,50 @@ static int rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(size_t *n_batches return 1; } -typedef int (*rustsecp256k1_v0_3_1_ecmult_multi_func)(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context*, rustsecp256k1_v0_3_1_scratch*, rustsecp256k1_v0_3_1_gej*, const rustsecp256k1_v0_3_1_scalar*, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void*, size_t); -static int rustsecp256k1_v0_3_1_ecmult_multi_var(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context *ctx, rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_scalar *inp_g_sc, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void *cbdata, size_t n) { +typedef int (*rustsecp256k1_v0_4_0_ecmult_multi_func)(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context*, rustsecp256k1_v0_4_0_scratch*, rustsecp256k1_v0_4_0_gej*, const rustsecp256k1_v0_4_0_scalar*, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void*, size_t); +static int rustsecp256k1_v0_4_0_ecmult_multi_var(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context *ctx, rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_scalar *inp_g_sc, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void *cbdata, size_t n) { size_t i; - int (*f)(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_ecmult_context*, rustsecp256k1_v0_3_1_scratch*, rustsecp256k1_v0_3_1_gej*, const rustsecp256k1_v0_3_1_scalar*, rustsecp256k1_v0_3_1_ecmult_multi_callback cb, void*, size_t, size_t); + int (*f)(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_ecmult_context*, rustsecp256k1_v0_4_0_scratch*, rustsecp256k1_v0_4_0_gej*, const rustsecp256k1_v0_4_0_scalar*, rustsecp256k1_v0_4_0_ecmult_multi_callback cb, void*, size_t, size_t); size_t n_batches; size_t n_batch_points; - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); if (inp_g_sc == NULL && n == 0) { return 1; } else if (n == 0) { - rustsecp256k1_v0_3_1_scalar szero; - rustsecp256k1_v0_3_1_scalar_set_int(&szero, 0); - rustsecp256k1_v0_3_1_ecmult(ctx, r, r, &szero, inp_g_sc); + rustsecp256k1_v0_4_0_scalar szero; + rustsecp256k1_v0_4_0_scalar_set_int(&szero, 0); + rustsecp256k1_v0_4_0_ecmult(ctx, r, r, &szero, inp_g_sc); return 1; } if (scratch == NULL) { - return rustsecp256k1_v0_3_1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + return rustsecp256k1_v0_4_0_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); } /* Compute the batch sizes for Pippenger's algorithm given a scratch space. If it's greater than * a threshold use Pippenger's algorithm. Otherwise use Strauss' algorithm. * As a first step check if there's enough space for Pippenger's algo (which requires less space * than Strauss' algo) and if not, use the simple algorithm. */ - if (!rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_3_1_pippenger_max_points(error_callback, scratch), n)) { - return rustsecp256k1_v0_3_1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + if (!rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_4_0_pippenger_max_points(error_callback, scratch), n)) { + return rustsecp256k1_v0_4_0_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); } if (n_batch_points >= ECMULT_PIPPENGER_THRESHOLD) { - f = rustsecp256k1_v0_3_1_ecmult_pippenger_batch; + f = rustsecp256k1_v0_4_0_ecmult_pippenger_batch; } else { - if (!rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_3_1_strauss_max_points(error_callback, scratch), n)) { - return rustsecp256k1_v0_3_1_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); + if (!rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_4_0_strauss_max_points(error_callback, scratch), n)) { + return rustsecp256k1_v0_4_0_ecmult_multi_simple_var(ctx, r, inp_g_sc, cb, cbdata, n); } - f = rustsecp256k1_v0_3_1_ecmult_strauss_batch; + f = rustsecp256k1_v0_4_0_ecmult_strauss_batch; } for(i = 0; i < n_batches; i++) { size_t nbp = n < n_batch_points ? n : n_batch_points; size_t offset = n_batch_points*i; - rustsecp256k1_v0_3_1_gej tmp; + rustsecp256k1_v0_4_0_gej tmp; if (!f(error_callback, ctx, scratch, &tmp, i == 0 ? inp_g_sc : NULL, cb, cbdata, nbp, offset)) { return 0; } - rustsecp256k1_v0_3_1_gej_add_var(r, r, &tmp, NULL); + rustsecp256k1_v0_4_0_gej_add_var(r, r, &tmp, NULL); n -= nbp; } return 1; diff --git a/secp256k1-sys/depend/secp256k1/src/field.h b/secp256k1-sys/depend/secp256k1/src/field.h index ed84b3003..0fd980b42 100644 --- a/secp256k1-sys/depend/secp256k1/src/field.h +++ b/secp256k1-sys/depend/secp256k1/src/field.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_H #define SECP256K1_FIELD_H @@ -35,100 +35,100 @@ /** Normalize a field element. This brings the field element to a canonical representation, reduces * its magnitude to 1, and reduces it modulo field size `p`. */ -static void rustsecp256k1_v0_3_1_fe_normalize(rustsecp256k1_v0_3_1_fe *r); +static void rustsecp256k1_v0_4_0_fe_normalize(rustsecp256k1_v0_4_0_fe *r); /** Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize. */ -static void rustsecp256k1_v0_3_1_fe_normalize_weak(rustsecp256k1_v0_3_1_fe *r); +static void rustsecp256k1_v0_4_0_fe_normalize_weak(rustsecp256k1_v0_4_0_fe *r); /** Normalize a field element, without constant-time guarantee. */ -static void rustsecp256k1_v0_3_1_fe_normalize_var(rustsecp256k1_v0_3_1_fe *r); +static void rustsecp256k1_v0_4_0_fe_normalize_var(rustsecp256k1_v0_4_0_fe *r); /** Verify whether a field element represents zero i.e. would normalize to a zero value. The field * implementation may optionally normalize the input, but this should not be relied upon. */ -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero(rustsecp256k1_v0_3_1_fe *r); +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero(rustsecp256k1_v0_4_0_fe *r); /** Verify whether a field element represents zero i.e. would normalize to a zero value. The field * implementation may optionally normalize the input, but this should not be relied upon. */ -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(rustsecp256k1_v0_3_1_fe *r); +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(rustsecp256k1_v0_4_0_fe *r); /** Set a field element equal to a small integer. Resulting field element is normalized. */ -static void rustsecp256k1_v0_3_1_fe_set_int(rustsecp256k1_v0_3_1_fe *r, int a); +static void rustsecp256k1_v0_4_0_fe_set_int(rustsecp256k1_v0_4_0_fe *r, int a); /** Sets a field element equal to zero, initializing all fields. */ -static void rustsecp256k1_v0_3_1_fe_clear(rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_clear(rustsecp256k1_v0_4_0_fe *a); /** Verify whether a field element is zero. Requires the input to be normalized. */ -static int rustsecp256k1_v0_3_1_fe_is_zero(const rustsecp256k1_v0_3_1_fe *a); +static int rustsecp256k1_v0_4_0_fe_is_zero(const rustsecp256k1_v0_4_0_fe *a); /** Check the "oddness" of a field element. Requires the input to be normalized. */ -static int rustsecp256k1_v0_3_1_fe_is_odd(const rustsecp256k1_v0_3_1_fe *a); +static int rustsecp256k1_v0_4_0_fe_is_odd(const rustsecp256k1_v0_4_0_fe *a); /** Compare two field elements. Requires magnitude-1 inputs. */ -static int rustsecp256k1_v0_3_1_fe_equal(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b); +static int rustsecp256k1_v0_4_0_fe_equal(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b); -/** Same as rustsecp256k1_v0_3_1_fe_equal, but may be variable time. */ -static int rustsecp256k1_v0_3_1_fe_equal_var(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b); +/** Same as rustsecp256k1_v0_4_0_fe_equal, but may be variable time. */ +static int rustsecp256k1_v0_4_0_fe_equal_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b); /** Compare two field elements. Requires both inputs to be normalized */ -static int rustsecp256k1_v0_3_1_fe_cmp_var(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b); +static int rustsecp256k1_v0_4_0_fe_cmp_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b); /** Set a field element equal to 32-byte big endian value. If successful, the resulting field element is normalized. */ -static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const unsigned char *a); +static int rustsecp256k1_v0_4_0_fe_set_b32(rustsecp256k1_v0_4_0_fe *r, const unsigned char *a); /** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void rustsecp256k1_v0_3_1_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_4_0_fe *a); /** Set a field element equal to the additive inverse of another. Takes a maximum magnitude of the input * as an argument. The magnitude of the output is one higher. */ -static void rustsecp256k1_v0_3_1_fe_negate(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int m); +static void rustsecp256k1_v0_4_0_fe_negate(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int m); /** Multiplies the passed field element with a small integer constant. Multiplies the magnitude by that * small integer. */ -static void rustsecp256k1_v0_3_1_fe_mul_int(rustsecp256k1_v0_3_1_fe *r, int a); +static void rustsecp256k1_v0_4_0_fe_mul_int(rustsecp256k1_v0_4_0_fe *r, int a); /** Adds a field element to another. The result has the sum of the inputs' magnitudes as magnitude. */ -static void rustsecp256k1_v0_3_1_fe_add(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_add(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a); /** Sets a field element to be the product of two others. Requires the inputs' magnitudes to be at most 8. * The output magnitude is 1 (but not guaranteed to be normalized). */ -static void rustsecp256k1_v0_3_1_fe_mul(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe * SECP256K1_RESTRICT b); +static void rustsecp256k1_v0_4_0_fe_mul(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe * SECP256K1_RESTRICT b); /** Sets a field element to be the square of another. Requires the input's magnitude to be at most 8. * The output magnitude is 1 (but not guaranteed to be normalized). */ -static void rustsecp256k1_v0_3_1_fe_sqr(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_sqr(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a); /** If a has a square root, it is computed in r and 1 is returned. If a does not * have a square root, the root of its negation is computed and 0 is returned. * The input's magnitude can be at most 8. The output magnitude is 1 (but not * guaranteed to be normalized). The result in r will always be a square * itself. */ -static int rustsecp256k1_v0_3_1_fe_sqrt(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a); +static int rustsecp256k1_v0_4_0_fe_sqrt(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a); /** Checks whether a field element is a quadratic residue. */ -static int rustsecp256k1_v0_3_1_fe_is_quad_var(const rustsecp256k1_v0_3_1_fe *a); +static int rustsecp256k1_v0_4_0_fe_is_quad_var(const rustsecp256k1_v0_4_0_fe *a); /** Sets a field element to be the (modular) inverse of another. Requires the input's magnitude to be * at most 8. The output magnitude is 1 (but not guaranteed to be normalized). */ -static void rustsecp256k1_v0_3_1_fe_inv(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_inv(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a); -/** Potentially faster version of rustsecp256k1_v0_3_1_fe_inv, without constant-time guarantee. */ -static void rustsecp256k1_v0_3_1_fe_inv_var(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a); +/** Potentially faster version of rustsecp256k1_v0_4_0_fe_inv, without constant-time guarantee. */ +static void rustsecp256k1_v0_4_0_fe_inv_var(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a); /** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be * at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and * outputs must not overlap in memory. */ -static void rustsecp256k1_v0_3_1_fe_inv_all_var(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, size_t len); +static void rustsecp256k1_v0_4_0_fe_inv_all_var(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, size_t len); /** Convert a field element to the storage type. */ -static void rustsecp256k1_v0_3_1_fe_to_storage(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe *a); +static void rustsecp256k1_v0_4_0_fe_to_storage(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe *a); /** Convert a field element back from the storage type. */ -static void rustsecp256k1_v0_3_1_fe_from_storage(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe_storage *a); +static void rustsecp256k1_v0_4_0_fe_from_storage(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe_storage *a); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_3_1_fe_storage_cmov(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe_storage *a, int flag); +static void rustsecp256k1_v0_4_0_fe_storage_cmov(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe_storage *a, int flag); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_3_1_fe_cmov(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int flag); +static void rustsecp256k1_v0_4_0_fe_cmov(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int flag); #endif /* SECP256K1_FIELD_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/field_10x26.h b/secp256k1-sys/depend/secp256k1/src/field_10x26.h index 54e31a9a9..9a6aea503 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_10x26.h +++ b/secp256k1-sys/depend/secp256k1/src/field_10x26.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_REPR_H #define SECP256K1_FIELD_REPR_H @@ -18,7 +18,7 @@ typedef struct { int magnitude; int normalized; #endif -} rustsecp256k1_v0_3_1_fe; +} rustsecp256k1_v0_4_0_fe; /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ @@ -42,7 +42,7 @@ typedef struct { typedef struct { uint32_t n[8]; -} rustsecp256k1_v0_3_1_fe_storage; +} rustsecp256k1_v0_4_0_fe_storage; #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }} #define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0] diff --git a/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h b/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h index 31b51d3bf..b98e17a7e 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_REPR_IMPL_H #define SECP256K1_FIELD_REPR_IMPL_H @@ -11,7 +11,7 @@ #include "field.h" #ifdef VERIFY -static void rustsecp256k1_v0_3_1_fe_verify(const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_verify(const rustsecp256k1_v0_4_0_fe *a) { const uint32_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; r &= (d[0] <= 0x3FFFFFFUL * m); @@ -39,7 +39,7 @@ static void rustsecp256k1_v0_3_1_fe_verify(const rustsecp256k1_v0_3_1_fe *a) { } #endif -static void rustsecp256k1_v0_3_1_fe_normalize(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize(rustsecp256k1_v0_4_0_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -90,11 +90,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_normalize_weak(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize_weak(rustsecp256k1_v0_4_0_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -121,11 +121,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize_weak(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_normalize_var(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize_var(rustsecp256k1_v0_4_0_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -177,11 +177,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize_var(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero(rustsecp256k1_v0_3_1_fe *r) { +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero(rustsecp256k1_v0_4_0_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -210,7 +210,7 @@ static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero(rustsecp256k1_v0_3_1_fe *r return (z0 == 0) | (z1 == 0x3FFFFFFUL); } -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(rustsecp256k1_v0_3_1_fe *r) { +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(rustsecp256k1_v0_4_0_fe *r) { uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; uint32_t z0, z1; uint32_t x; @@ -262,34 +262,34 @@ static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(rustsecp256k1_v0_3_1_f return (z0 == 0) | (z1 == 0x3FFFFFFUL); } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_set_int(rustsecp256k1_v0_3_1_fe *r, int a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_set_int(rustsecp256k1_v0_4_0_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_is_zero(const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_is_zero(const rustsecp256k1_v0_4_0_fe *a) { const uint32_t *t = a->n; #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_is_odd(const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_is_odd(const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif return a->n[0] & 1; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_clear(rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_clear(rustsecp256k1_v0_4_0_fe *a) { int i; #ifdef VERIFY a->magnitude = 0; @@ -300,13 +300,13 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_clear(rustsecp256k1_v0_3_1_ } } -static int rustsecp256k1_v0_3_1_fe_cmp_var(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { +static int rustsecp256k1_v0_4_0_fe_cmp_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { int i; #ifdef VERIFY VERIFY_CHECK(a->normalized); VERIFY_CHECK(b->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); - rustsecp256k1_v0_3_1_fe_verify(b); + rustsecp256k1_v0_4_0_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(b); #endif for (i = 9; i >= 0; i--) { if (a->n[i] > b->n[i]) { @@ -319,7 +319,7 @@ static int rustsecp256k1_v0_3_1_fe_cmp_var(const rustsecp256k1_v0_3_1_fe *a, con return 0; } -static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const unsigned char *a) { +static int rustsecp256k1_v0_4_0_fe_set_b32(rustsecp256k1_v0_4_0_fe *r, const unsigned char *a) { int ret; r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24); r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22); @@ -337,7 +337,7 @@ static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const uns r->magnitude = 1; if (ret) { r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); } else { r->normalized = 0; } @@ -346,10 +346,10 @@ static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const uns } /** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void rustsecp256k1_v0_3_1_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r[0] = (a->n[9] >> 14) & 0xff; r[1] = (a->n[9] >> 6) & 0xff; @@ -385,10 +385,10 @@ static void rustsecp256k1_v0_3_1_fe_get_b32(unsigned char *r, const rustsecp256k r[31] = a->n[0] & 0xff; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_negate(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int m) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_negate(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int m) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= m); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r->n[0] = 0x3FFFC2FUL * 2 * (m + 1) - a->n[0]; r->n[1] = 0x3FFFFBFUL * 2 * (m + 1) - a->n[1]; @@ -403,11 +403,11 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_negate(rustsecp256k1_v0_3_1 #ifdef VERIFY r->magnitude = m + 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_int(rustsecp256k1_v0_3_1_fe *r, int a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_mul_int(rustsecp256k1_v0_4_0_fe *r, int a) { r->n[0] *= a; r->n[1] *= a; r->n[2] *= a; @@ -421,13 +421,13 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_int(rustsecp256k1_v0_3_ #ifdef VERIFY r->magnitude *= a; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_add(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_add(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r->n[0] += a->n[0]; r->n[1] += a->n[1]; @@ -442,15 +442,15 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_add(rustsecp256k1_v0_3_1_fe #ifdef VERIFY r->magnitude += a->magnitude; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } #if defined(USE_EXTERNAL_ASM) /* External assembler implementation */ -void rustsecp256k1_v0_3_1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); -void rustsecp256k1_v0_3_1_fe_sqr_inner(uint32_t *r, const uint32_t *a); +void rustsecp256k1_v0_4_0_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); +void rustsecp256k1_v0_4_0_fe_sqr_inner(uint32_t *r, const uint32_t *a); #else @@ -460,7 +460,7 @@ void rustsecp256k1_v0_3_1_fe_sqr_inner(uint32_t *r, const uint32_t *a); #define VERIFY_BITS(x, n) do { } while(0) #endif -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; @@ -790,7 +790,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_inner(uint32_t *r, cons /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_sqr_inner(uint32_t *r, const uint32_t *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_sqr_inner(uint32_t *r, const uint32_t *a) { uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; @@ -1065,37 +1065,37 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_sqr_inner(uint32_t *r, cons } #endif -static void rustsecp256k1_v0_3_1_fe_mul(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe * SECP256K1_RESTRICT b) { +static void rustsecp256k1_v0_4_0_fe_mul(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe * SECP256K1_RESTRICT b) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= 8); VERIFY_CHECK(b->magnitude <= 8); - rustsecp256k1_v0_3_1_fe_verify(a); - rustsecp256k1_v0_3_1_fe_verify(b); + rustsecp256k1_v0_4_0_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(b); VERIFY_CHECK(r != b); VERIFY_CHECK(a != b); #endif - rustsecp256k1_v0_3_1_fe_mul_inner(r->n, a->n, b->n); + rustsecp256k1_v0_4_0_fe_mul_inner(r->n, a->n, b->n); #ifdef VERIFY r->magnitude = 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_sqr(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_sqr(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= 8); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif - rustsecp256k1_v0_3_1_fe_sqr_inner(r->n, a->n); + rustsecp256k1_v0_4_0_fe_sqr_inner(r->n, a->n); #ifdef VERIFY r->magnitude = 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_cmov(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_cmov(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int flag) { uint32_t mask0, mask1; VG_CHECK_VERIFY(r->n, sizeof(r->n)); mask0 = flag + ~((uint32_t)0); @@ -1118,7 +1118,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_cmov(rustsecp256k1_v0_3_1_f #endif } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_storage_cmov(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe_storage *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_storage_cmov(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe_storage *a, int flag) { uint32_t mask0, mask1; VG_CHECK_VERIFY(r->n, sizeof(r->n)); mask0 = flag + ~((uint32_t)0); @@ -1133,7 +1133,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_storage_cmov(rustsecp256k1_ r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); } -static void rustsecp256k1_v0_3_1_fe_to_storage(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_to_storage(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); #endif @@ -1147,7 +1147,7 @@ static void rustsecp256k1_v0_3_1_fe_to_storage(rustsecp256k1_v0_3_1_fe_storage * r->n[7] = a->n[8] >> 16 | a->n[9] << 10; } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_from_storage(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe_storage *a) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_from_storage(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe_storage *a) { r->n[0] = a->n[0] & 0x3FFFFFFUL; r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52.h b/secp256k1-sys/depend/secp256k1/src/field_5x52.h index c43b8909c..6a2243e57 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_REPR_H #define SECP256K1_FIELD_REPR_H @@ -18,7 +18,7 @@ typedef struct { int magnitude; int normalized; #endif -} rustsecp256k1_v0_3_1_fe; +} rustsecp256k1_v0_4_0_fe; /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ @@ -37,7 +37,7 @@ typedef struct { typedef struct { uint64_t n[4]; -} rustsecp256k1_v0_3_1_fe_storage; +} rustsecp256k1_v0_4_0_fe_storage; #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \ (d0) | (((uint64_t)(d1)) << 32), \ diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52_asm_impl.h b/secp256k1-sys/depend/secp256k1/src/field_5x52_asm_impl.h index 0a6ec3ea0..750487b7a 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52_asm_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52_asm_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2014 Diederik Huys, Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ /** * Changelog: @@ -14,7 +14,7 @@ #ifndef SECP256K1_FIELD_INNER5X52_IMPL_H #define SECP256K1_FIELD_INNER5X52_IMPL_H -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { /** * Registers: rdx:rax = multiplication accumulator * r9:r8 = c @@ -284,7 +284,7 @@ __asm__ __volatile__( ); } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_sqr_inner(uint64_t *r, const uint64_t *a) { /** * Registers: rdx:rax = multiplication accumulator * r9:r8 = c diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h b/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h index 9347b537e..ae698bccb 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_REPR_IMPL_H #define SECP256K1_FIELD_REPR_IMPL_H @@ -29,7 +29,7 @@ */ #ifdef VERIFY -static void rustsecp256k1_v0_3_1_fe_verify(const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_verify(const rustsecp256k1_v0_4_0_fe *a) { const uint64_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ @@ -50,7 +50,7 @@ static void rustsecp256k1_v0_3_1_fe_verify(const rustsecp256k1_v0_3_1_fe *a) { } #endif -static void rustsecp256k1_v0_3_1_fe_normalize(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize(rustsecp256k1_v0_4_0_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -89,11 +89,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_normalize_weak(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize_weak(rustsecp256k1_v0_4_0_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -113,11 +113,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize_weak(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_normalize_var(rustsecp256k1_v0_3_1_fe *r) { +static void rustsecp256k1_v0_4_0_fe_normalize_var(rustsecp256k1_v0_4_0_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -157,11 +157,11 @@ static void rustsecp256k1_v0_3_1_fe_normalize_var(rustsecp256k1_v0_3_1_fe *r) { #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero(rustsecp256k1_v0_3_1_fe *r) { +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero(rustsecp256k1_v0_4_0_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ @@ -184,7 +184,7 @@ static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero(rustsecp256k1_v0_3_1_fe *r return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); } -static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(rustsecp256k1_v0_3_1_fe *r) { +static int rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(rustsecp256k1_v0_4_0_fe *r) { uint64_t t0, t1, t2, t3, t4; uint64_t z0, z1; uint64_t x; @@ -225,34 +225,34 @@ static int rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(rustsecp256k1_v0_3_1_f return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_set_int(rustsecp256k1_v0_3_1_fe *r, int a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_set_int(rustsecp256k1_v0_4_0_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; #ifdef VERIFY r->magnitude = 1; r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_is_zero(const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_is_zero(const rustsecp256k1_v0_4_0_fe *a) { const uint64_t *t = a->n; #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_is_odd(const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_is_odd(const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif return a->n[0] & 1; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_clear(rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_clear(rustsecp256k1_v0_4_0_fe *a) { int i; #ifdef VERIFY a->magnitude = 0; @@ -263,13 +263,13 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_clear(rustsecp256k1_v0_3_1_ } } -static int rustsecp256k1_v0_3_1_fe_cmp_var(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { +static int rustsecp256k1_v0_4_0_fe_cmp_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { int i; #ifdef VERIFY VERIFY_CHECK(a->normalized); VERIFY_CHECK(b->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); - rustsecp256k1_v0_3_1_fe_verify(b); + rustsecp256k1_v0_4_0_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(b); #endif for (i = 4; i >= 0; i--) { if (a->n[i] > b->n[i]) { @@ -282,7 +282,7 @@ static int rustsecp256k1_v0_3_1_fe_cmp_var(const rustsecp256k1_v0_3_1_fe *a, con return 0; } -static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const unsigned char *a) { +static int rustsecp256k1_v0_4_0_fe_set_b32(rustsecp256k1_v0_4_0_fe *r, const unsigned char *a) { int ret; r->n[0] = (uint64_t)a[31] | ((uint64_t)a[30] << 8) @@ -323,7 +323,7 @@ static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const uns r->magnitude = 1; if (ret) { r->normalized = 1; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); } else { r->normalized = 0; } @@ -332,10 +332,10 @@ static int rustsecp256k1_v0_3_1_fe_set_b32(rustsecp256k1_v0_3_1_fe *r, const uns } /** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void rustsecp256k1_v0_3_1_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r[0] = (a->n[4] >> 40) & 0xFF; r[1] = (a->n[4] >> 32) & 0xFF; @@ -371,10 +371,10 @@ static void rustsecp256k1_v0_3_1_fe_get_b32(unsigned char *r, const rustsecp256k r[31] = a->n[0] & 0xFF; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_negate(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int m) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_negate(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int m) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= m); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0]; r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1]; @@ -384,11 +384,11 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_negate(rustsecp256k1_v0_3_1 #ifdef VERIFY r->magnitude = m + 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_int(rustsecp256k1_v0_3_1_fe *r, int a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_mul_int(rustsecp256k1_v0_4_0_fe *r, int a) { r->n[0] *= a; r->n[1] *= a; r->n[2] *= a; @@ -397,13 +397,13 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_int(rustsecp256k1_v0_3_ #ifdef VERIFY r->magnitude *= a; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_add(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_add(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif r->n[0] += a->n[0]; r->n[1] += a->n[1]; @@ -413,41 +413,41 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_add(rustsecp256k1_v0_3_1_fe #ifdef VERIFY r->magnitude += a->magnitude; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_mul(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe * SECP256K1_RESTRICT b) { +static void rustsecp256k1_v0_4_0_fe_mul(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe * SECP256K1_RESTRICT b) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= 8); VERIFY_CHECK(b->magnitude <= 8); - rustsecp256k1_v0_3_1_fe_verify(a); - rustsecp256k1_v0_3_1_fe_verify(b); + rustsecp256k1_v0_4_0_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(b); VERIFY_CHECK(r != b); VERIFY_CHECK(a != b); #endif - rustsecp256k1_v0_3_1_fe_mul_inner(r->n, a->n, b->n); + rustsecp256k1_v0_4_0_fe_mul_inner(r->n, a->n, b->n); #ifdef VERIFY r->magnitude = 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static void rustsecp256k1_v0_3_1_fe_sqr(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_sqr(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->magnitude <= 8); - rustsecp256k1_v0_3_1_fe_verify(a); + rustsecp256k1_v0_4_0_fe_verify(a); #endif - rustsecp256k1_v0_3_1_fe_sqr_inner(r->n, a->n); + rustsecp256k1_v0_4_0_fe_sqr_inner(r->n, a->n); #ifdef VERIFY r->magnitude = 1; r->normalized = 0; - rustsecp256k1_v0_3_1_fe_verify(r); + rustsecp256k1_v0_4_0_fe_verify(r); #endif } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_cmov(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_cmov(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, int flag) { uint64_t mask0, mask1; VG_CHECK_VERIFY(r->n, sizeof(r->n)); mask0 = flag + ~((uint64_t)0); @@ -465,7 +465,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_cmov(rustsecp256k1_v0_3_1_f #endif } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_storage_cmov(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe_storage *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_storage_cmov(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe_storage *a, int flag) { uint64_t mask0, mask1; VG_CHECK_VERIFY(r->n, sizeof(r->n)); mask0 = flag + ~((uint64_t)0); @@ -476,7 +476,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_storage_cmov(rustsecp256k1_ r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); } -static void rustsecp256k1_v0_3_1_fe_to_storage(rustsecp256k1_v0_3_1_fe_storage *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_to_storage(rustsecp256k1_v0_4_0_fe_storage *r, const rustsecp256k1_v0_4_0_fe *a) { #ifdef VERIFY VERIFY_CHECK(a->normalized); #endif @@ -486,7 +486,7 @@ static void rustsecp256k1_v0_3_1_fe_to_storage(rustsecp256k1_v0_3_1_fe_storage * r->n[3] = a->n[3] >> 36 | a->n[4] << 16; } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_fe_from_storage(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe_storage *a) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_fe_from_storage(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe_storage *a) { r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h b/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h index 5217a4475..7dcdce154 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_INNER5X52_IMPL_H #define SECP256K1_FIELD_INNER5X52_IMPL_H @@ -15,7 +15,7 @@ #define VERIFY_BITS(x, n) do { } while(0) #endif -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { uint128_t c, d; uint64_t t3, t4, tx, u0; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; @@ -154,7 +154,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_mul_inner(uint64_t *r, cons /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_fe_sqr_inner(uint64_t *r, const uint64_t *a) { uint128_t c, d; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; int64_t t3, t4, tx, u0; diff --git a/secp256k1-sys/depend/secp256k1/src/field_impl.h b/secp256k1-sys/depend/secp256k1/src/field_impl.h index b18792748..614656817 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_FIELD_IMPL_H #define SECP256K1_FIELD_IMPL_H @@ -22,21 +22,21 @@ #error "Please select wide multiplication implementation" #endif -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_equal(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { - rustsecp256k1_v0_3_1_fe na; - rustsecp256k1_v0_3_1_fe_negate(&na, a, 1); - rustsecp256k1_v0_3_1_fe_add(&na, b); - return rustsecp256k1_v0_3_1_fe_normalizes_to_zero(&na); +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_equal(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { + rustsecp256k1_v0_4_0_fe na; + rustsecp256k1_v0_4_0_fe_negate(&na, a, 1); + rustsecp256k1_v0_4_0_fe_add(&na, b); + return rustsecp256k1_v0_4_0_fe_normalizes_to_zero(&na); } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_fe_equal_var(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { - rustsecp256k1_v0_3_1_fe na; - rustsecp256k1_v0_3_1_fe_negate(&na, a, 1); - rustsecp256k1_v0_3_1_fe_add(&na, b); - return rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&na); +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_fe_equal_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { + rustsecp256k1_v0_4_0_fe na; + rustsecp256k1_v0_4_0_fe_negate(&na, a, 1); + rustsecp256k1_v0_4_0_fe_add(&na, b); + return rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&na); } -static int rustsecp256k1_v0_3_1_fe_sqrt(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +static int rustsecp256k1_v0_4_0_fe_sqrt(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { /** Given that p is congruent to 3 mod 4, we can compute the square root of * a mod p as the (p+1)/4'th power of a. * @@ -46,7 +46,7 @@ static int rustsecp256k1_v0_3_1_fe_sqrt(rustsecp256k1_v0_3_1_fe *r, const rustse * Also because (p+1)/4 is an even number, the computed square root is * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). */ - rustsecp256k1_v0_3_1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + rustsecp256k1_v0_4_0_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; int j; VERIFY_CHECK(r != a); @@ -56,88 +56,88 @@ static int rustsecp256k1_v0_3_1_fe_sqrt(rustsecp256k1_v0_3_1_fe *r, const rustse * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] */ - rustsecp256k1_v0_3_1_fe_sqr(&x2, a); - rustsecp256k1_v0_3_1_fe_mul(&x2, &x2, a); + rustsecp256k1_v0_4_0_fe_sqr(&x2, a); + rustsecp256k1_v0_4_0_fe_mul(&x2, &x2, a); - rustsecp256k1_v0_3_1_fe_sqr(&x3, &x2); - rustsecp256k1_v0_3_1_fe_mul(&x3, &x3, a); + rustsecp256k1_v0_4_0_fe_sqr(&x3, &x2); + rustsecp256k1_v0_4_0_fe_mul(&x3, &x3, a); x6 = x3; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x6, &x6); + rustsecp256k1_v0_4_0_fe_sqr(&x6, &x6); } - rustsecp256k1_v0_3_1_fe_mul(&x6, &x6, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x6, &x6, &x3); x9 = x6; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x9, &x9); + rustsecp256k1_v0_4_0_fe_sqr(&x9, &x9); } - rustsecp256k1_v0_3_1_fe_mul(&x9, &x9, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x9, &x9, &x3); x11 = x9; for (j=0; j<2; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x11, &x11); + rustsecp256k1_v0_4_0_fe_sqr(&x11, &x11); } - rustsecp256k1_v0_3_1_fe_mul(&x11, &x11, &x2); + rustsecp256k1_v0_4_0_fe_mul(&x11, &x11, &x2); x22 = x11; for (j=0; j<11; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x22, &x22); + rustsecp256k1_v0_4_0_fe_sqr(&x22, &x22); } - rustsecp256k1_v0_3_1_fe_mul(&x22, &x22, &x11); + rustsecp256k1_v0_4_0_fe_mul(&x22, &x22, &x11); x44 = x22; for (j=0; j<22; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x44, &x44); + rustsecp256k1_v0_4_0_fe_sqr(&x44, &x44); } - rustsecp256k1_v0_3_1_fe_mul(&x44, &x44, &x22); + rustsecp256k1_v0_4_0_fe_mul(&x44, &x44, &x22); x88 = x44; for (j=0; j<44; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x88, &x88); + rustsecp256k1_v0_4_0_fe_sqr(&x88, &x88); } - rustsecp256k1_v0_3_1_fe_mul(&x88, &x88, &x44); + rustsecp256k1_v0_4_0_fe_mul(&x88, &x88, &x44); x176 = x88; for (j=0; j<88; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x176, &x176); + rustsecp256k1_v0_4_0_fe_sqr(&x176, &x176); } - rustsecp256k1_v0_3_1_fe_mul(&x176, &x176, &x88); + rustsecp256k1_v0_4_0_fe_mul(&x176, &x176, &x88); x220 = x176; for (j=0; j<44; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x220, &x220); + rustsecp256k1_v0_4_0_fe_sqr(&x220, &x220); } - rustsecp256k1_v0_3_1_fe_mul(&x220, &x220, &x44); + rustsecp256k1_v0_4_0_fe_mul(&x220, &x220, &x44); x223 = x220; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x223, &x223); + rustsecp256k1_v0_4_0_fe_sqr(&x223, &x223); } - rustsecp256k1_v0_3_1_fe_mul(&x223, &x223, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x223, &x223, &x3); /* The final result is then assembled using a sliding window over the blocks. */ t1 = x223; for (j=0; j<23; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(&t1, &t1, &x22); + rustsecp256k1_v0_4_0_fe_mul(&t1, &t1, &x22); for (j=0; j<6; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(&t1, &t1, &x2); - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); - rustsecp256k1_v0_3_1_fe_sqr(r, &t1); + rustsecp256k1_v0_4_0_fe_mul(&t1, &t1, &x2); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(r, &t1); /* Check that a square root was actually calculated */ - rustsecp256k1_v0_3_1_fe_sqr(&t1, r); - return rustsecp256k1_v0_3_1_fe_equal(&t1, a); + rustsecp256k1_v0_4_0_fe_sqr(&t1, r); + return rustsecp256k1_v0_4_0_fe_equal(&t1, a); } -static void rustsecp256k1_v0_3_1_fe_inv(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { - rustsecp256k1_v0_3_1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; +static void rustsecp256k1_v0_4_0_fe_inv(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { + rustsecp256k1_v0_4_0_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; int j; /** The binary representation of (p - 2) has 5 blocks of 1s, with lengths in @@ -145,93 +145,93 @@ static void rustsecp256k1_v0_3_1_fe_inv(rustsecp256k1_v0_3_1_fe *r, const rustse * [1], [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] */ - rustsecp256k1_v0_3_1_fe_sqr(&x2, a); - rustsecp256k1_v0_3_1_fe_mul(&x2, &x2, a); + rustsecp256k1_v0_4_0_fe_sqr(&x2, a); + rustsecp256k1_v0_4_0_fe_mul(&x2, &x2, a); - rustsecp256k1_v0_3_1_fe_sqr(&x3, &x2); - rustsecp256k1_v0_3_1_fe_mul(&x3, &x3, a); + rustsecp256k1_v0_4_0_fe_sqr(&x3, &x2); + rustsecp256k1_v0_4_0_fe_mul(&x3, &x3, a); x6 = x3; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x6, &x6); + rustsecp256k1_v0_4_0_fe_sqr(&x6, &x6); } - rustsecp256k1_v0_3_1_fe_mul(&x6, &x6, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x6, &x6, &x3); x9 = x6; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x9, &x9); + rustsecp256k1_v0_4_0_fe_sqr(&x9, &x9); } - rustsecp256k1_v0_3_1_fe_mul(&x9, &x9, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x9, &x9, &x3); x11 = x9; for (j=0; j<2; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x11, &x11); + rustsecp256k1_v0_4_0_fe_sqr(&x11, &x11); } - rustsecp256k1_v0_3_1_fe_mul(&x11, &x11, &x2); + rustsecp256k1_v0_4_0_fe_mul(&x11, &x11, &x2); x22 = x11; for (j=0; j<11; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x22, &x22); + rustsecp256k1_v0_4_0_fe_sqr(&x22, &x22); } - rustsecp256k1_v0_3_1_fe_mul(&x22, &x22, &x11); + rustsecp256k1_v0_4_0_fe_mul(&x22, &x22, &x11); x44 = x22; for (j=0; j<22; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x44, &x44); + rustsecp256k1_v0_4_0_fe_sqr(&x44, &x44); } - rustsecp256k1_v0_3_1_fe_mul(&x44, &x44, &x22); + rustsecp256k1_v0_4_0_fe_mul(&x44, &x44, &x22); x88 = x44; for (j=0; j<44; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x88, &x88); + rustsecp256k1_v0_4_0_fe_sqr(&x88, &x88); } - rustsecp256k1_v0_3_1_fe_mul(&x88, &x88, &x44); + rustsecp256k1_v0_4_0_fe_mul(&x88, &x88, &x44); x176 = x88; for (j=0; j<88; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x176, &x176); + rustsecp256k1_v0_4_0_fe_sqr(&x176, &x176); } - rustsecp256k1_v0_3_1_fe_mul(&x176, &x176, &x88); + rustsecp256k1_v0_4_0_fe_mul(&x176, &x176, &x88); x220 = x176; for (j=0; j<44; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x220, &x220); + rustsecp256k1_v0_4_0_fe_sqr(&x220, &x220); } - rustsecp256k1_v0_3_1_fe_mul(&x220, &x220, &x44); + rustsecp256k1_v0_4_0_fe_mul(&x220, &x220, &x44); x223 = x220; for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&x223, &x223); + rustsecp256k1_v0_4_0_fe_sqr(&x223, &x223); } - rustsecp256k1_v0_3_1_fe_mul(&x223, &x223, &x3); + rustsecp256k1_v0_4_0_fe_mul(&x223, &x223, &x3); /* The final result is then assembled using a sliding window over the blocks. */ t1 = x223; for (j=0; j<23; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(&t1, &t1, &x22); + rustsecp256k1_v0_4_0_fe_mul(&t1, &t1, &x22); for (j=0; j<5; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(&t1, &t1, a); + rustsecp256k1_v0_4_0_fe_mul(&t1, &t1, a); for (j=0; j<3; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(&t1, &t1, &x2); + rustsecp256k1_v0_4_0_fe_mul(&t1, &t1, &x2); for (j=0; j<2; j++) { - rustsecp256k1_v0_3_1_fe_sqr(&t1, &t1); + rustsecp256k1_v0_4_0_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_3_1_fe_mul(r, a, &t1); + rustsecp256k1_v0_4_0_fe_mul(r, a, &t1); } -static void rustsecp256k1_v0_3_1_fe_inv_var(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a) { +static void rustsecp256k1_v0_4_0_fe_inv_var(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a) { #if defined(USE_FIELD_INV_BUILTIN) - rustsecp256k1_v0_3_1_fe_inv(r, a); + rustsecp256k1_v0_4_0_fe_inv(r, a); #elif defined(USE_FIELD_INV_NUM) - rustsecp256k1_v0_3_1_num n, m; - static const rustsecp256k1_v0_3_1_fe negone = SECP256K1_FE_CONST( + rustsecp256k1_v0_4_0_num n, m; + static const rustsecp256k1_v0_4_0_fe negone = SECP256K1_FE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL ); @@ -244,27 +244,27 @@ static void rustsecp256k1_v0_3_1_fe_inv_var(rustsecp256k1_v0_3_1_fe *r, const ru }; unsigned char b[32]; int res; - rustsecp256k1_v0_3_1_fe c = *a; - rustsecp256k1_v0_3_1_fe_normalize_var(&c); - rustsecp256k1_v0_3_1_fe_get_b32(b, &c); - rustsecp256k1_v0_3_1_num_set_bin(&n, b, 32); - rustsecp256k1_v0_3_1_num_set_bin(&m, prime, 32); - rustsecp256k1_v0_3_1_num_mod_inverse(&n, &n, &m); - rustsecp256k1_v0_3_1_num_get_bin(b, 32, &n); - res = rustsecp256k1_v0_3_1_fe_set_b32(r, b); + rustsecp256k1_v0_4_0_fe c = *a; + rustsecp256k1_v0_4_0_fe_normalize_var(&c); + rustsecp256k1_v0_4_0_fe_get_b32(b, &c); + rustsecp256k1_v0_4_0_num_set_bin(&n, b, 32); + rustsecp256k1_v0_4_0_num_set_bin(&m, prime, 32); + rustsecp256k1_v0_4_0_num_mod_inverse(&n, &n, &m); + rustsecp256k1_v0_4_0_num_get_bin(b, 32, &n); + res = rustsecp256k1_v0_4_0_fe_set_b32(r, b); (void)res; VERIFY_CHECK(res); /* Verify the result is the (unique) valid inverse using non-GMP code. */ - rustsecp256k1_v0_3_1_fe_mul(&c, &c, r); - rustsecp256k1_v0_3_1_fe_add(&c, &negone); - CHECK(rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&c)); + rustsecp256k1_v0_4_0_fe_mul(&c, &c, r); + rustsecp256k1_v0_4_0_fe_add(&c, &negone); + CHECK(rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&c)); #else #error "Please select field inverse implementation" #endif } -static void rustsecp256k1_v0_3_1_fe_inv_all_var(rustsecp256k1_v0_3_1_fe *r, const rustsecp256k1_v0_3_1_fe *a, size_t len) { - rustsecp256k1_v0_3_1_fe u; +static void rustsecp256k1_v0_4_0_fe_inv_all_var(rustsecp256k1_v0_4_0_fe *r, const rustsecp256k1_v0_4_0_fe *a, size_t len) { + rustsecp256k1_v0_4_0_fe u; size_t i; if (len < 1) { return; @@ -276,25 +276,25 @@ static void rustsecp256k1_v0_3_1_fe_inv_all_var(rustsecp256k1_v0_3_1_fe *r, cons i = 0; while (++i < len) { - rustsecp256k1_v0_3_1_fe_mul(&r[i], &r[i - 1], &a[i]); + rustsecp256k1_v0_4_0_fe_mul(&r[i], &r[i - 1], &a[i]); } - rustsecp256k1_v0_3_1_fe_inv_var(&u, &r[--i]); + rustsecp256k1_v0_4_0_fe_inv_var(&u, &r[--i]); while (i > 0) { size_t j = i--; - rustsecp256k1_v0_3_1_fe_mul(&r[j], &r[i], &u); - rustsecp256k1_v0_3_1_fe_mul(&u, &u, &a[j]); + rustsecp256k1_v0_4_0_fe_mul(&r[j], &r[i], &u); + rustsecp256k1_v0_4_0_fe_mul(&u, &u, &a[j]); } r[0] = u; } -static int rustsecp256k1_v0_3_1_fe_is_quad_var(const rustsecp256k1_v0_3_1_fe *a) { +static int rustsecp256k1_v0_4_0_fe_is_quad_var(const rustsecp256k1_v0_4_0_fe *a) { #ifndef USE_NUM_NONE unsigned char b[32]; - rustsecp256k1_v0_3_1_num n; - rustsecp256k1_v0_3_1_num m; + rustsecp256k1_v0_4_0_num n; + rustsecp256k1_v0_4_0_num m; /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ static const unsigned char prime[32] = { 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, @@ -303,18 +303,18 @@ static int rustsecp256k1_v0_3_1_fe_is_quad_var(const rustsecp256k1_v0_3_1_fe *a) 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F }; - rustsecp256k1_v0_3_1_fe c = *a; - rustsecp256k1_v0_3_1_fe_normalize_var(&c); - rustsecp256k1_v0_3_1_fe_get_b32(b, &c); - rustsecp256k1_v0_3_1_num_set_bin(&n, b, 32); - rustsecp256k1_v0_3_1_num_set_bin(&m, prime, 32); - return rustsecp256k1_v0_3_1_num_jacobi(&n, &m) >= 0; + rustsecp256k1_v0_4_0_fe c = *a; + rustsecp256k1_v0_4_0_fe_normalize_var(&c); + rustsecp256k1_v0_4_0_fe_get_b32(b, &c); + rustsecp256k1_v0_4_0_num_set_bin(&n, b, 32); + rustsecp256k1_v0_4_0_num_set_bin(&m, prime, 32); + return rustsecp256k1_v0_4_0_num_jacobi(&n, &m) >= 0; #else - rustsecp256k1_v0_3_1_fe r; - return rustsecp256k1_v0_3_1_fe_sqrt(&r, a); + rustsecp256k1_v0_4_0_fe r; + return rustsecp256k1_v0_4_0_fe_sqrt(&r, a); #endif } -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); #endif /* SECP256K1_FIELD_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/gen_context.c b/secp256k1-sys/depend/secp256k1/src/gen_context.c index ece139618..39fd4edc4 100644 --- a/secp256k1-sys/depend/secp256k1/src/gen_context.c +++ b/secp256k1-sys/depend/secp256k1/src/gen_context.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ // Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. // ifndef guard so downstream users can define their own if they do not use autotools. @@ -26,13 +26,13 @@ static void default_error_callback_fn(const char* str, void* data) { abort(); } -static const rustsecp256k1_v0_3_1_callback default_error_callback = { +static const rustsecp256k1_v0_4_0_callback default_error_callback = { default_error_callback_fn, NULL }; int main(int argc, char **argv) { - rustsecp256k1_v0_3_1_ecmult_gen_context ctx; + rustsecp256k1_v0_4_0_ecmult_gen_context ctx; void *prealloc, *base; int inner; int outer; @@ -54,12 +54,12 @@ int main(int argc, char **argv) { fprintf(fp, "#if ECMULT_GEN_PREC_N != %d || ECMULT_GEN_PREC_G != %d\n", ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G); fprintf(fp, " #error configuration mismatch, invalid ECMULT_GEN_PREC_N, ECMULT_GEN_PREC_G. Try deleting ecmult_static_context.h before the build.\n"); fprintf(fp, "#endif\n"); - fprintf(fp, "static const rustsecp256k1_v0_3_1_ge_storage rustsecp256k1_v0_3_1_ecmult_static_context[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G] = {\n"); + fprintf(fp, "static const rustsecp256k1_v0_4_0_ge_storage rustsecp256k1_v0_4_0_ecmult_static_context[ECMULT_GEN_PREC_N][ECMULT_GEN_PREC_G] = {\n"); base = checked_malloc(&default_error_callback, SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE); prealloc = base; - rustsecp256k1_v0_3_1_ecmult_gen_context_init(&ctx); - rustsecp256k1_v0_3_1_ecmult_gen_context_build(&ctx, &prealloc); + rustsecp256k1_v0_4_0_ecmult_gen_context_init(&ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_build(&ctx, &prealloc); for(outer = 0; outer != ECMULT_GEN_PREC_N; outer++) { fprintf(fp,"{\n"); for(inner = 0; inner != ECMULT_GEN_PREC_G; inner++) { @@ -77,7 +77,7 @@ int main(int argc, char **argv) { } } fprintf(fp,"};\n"); - rustsecp256k1_v0_3_1_ecmult_gen_context_clear(&ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_clear(&ctx); free(base); fprintf(fp, "#undef SC\n"); diff --git a/secp256k1-sys/depend/secp256k1/src/group.h b/secp256k1-sys/depend/secp256k1/src/group.h index e8ef5d8ea..2553dbee9 100644 --- a/secp256k1-sys/depend/secp256k1/src/group.h +++ b/secp256k1-sys/depend/secp256k1/src/group.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_GROUP_H #define SECP256K1_GROUP_H @@ -12,132 +12,130 @@ /** A group element of the secp256k1 curve, in affine coordinates. */ typedef struct { - rustsecp256k1_v0_3_1_fe x; - rustsecp256k1_v0_3_1_fe y; + rustsecp256k1_v0_4_0_fe x; + rustsecp256k1_v0_4_0_fe y; int infinity; /* whether this represents the point at infinity */ -} rustsecp256k1_v0_3_1_ge; +} rustsecp256k1_v0_4_0_ge; #define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} #define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} /** A group element of the secp256k1 curve, in jacobian coordinates. */ typedef struct { - rustsecp256k1_v0_3_1_fe x; /* actual X: x/z^2 */ - rustsecp256k1_v0_3_1_fe y; /* actual Y: y/z^3 */ - rustsecp256k1_v0_3_1_fe z; + rustsecp256k1_v0_4_0_fe x; /* actual X: x/z^2 */ + rustsecp256k1_v0_4_0_fe y; /* actual Y: y/z^3 */ + rustsecp256k1_v0_4_0_fe z; int infinity; /* whether this represents the point at infinity */ -} rustsecp256k1_v0_3_1_gej; +} rustsecp256k1_v0_4_0_gej; #define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} #define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} typedef struct { - rustsecp256k1_v0_3_1_fe_storage x; - rustsecp256k1_v0_3_1_fe_storage y; -} rustsecp256k1_v0_3_1_ge_storage; + rustsecp256k1_v0_4_0_fe_storage x; + rustsecp256k1_v0_4_0_fe_storage y; +} rustsecp256k1_v0_4_0_ge_storage; #define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} #define SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y) /** Set a group element equal to the point with given X and Y coordinates */ -static void rustsecp256k1_v0_3_1_ge_set_xy(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x, const rustsecp256k1_v0_3_1_fe *y); +static void rustsecp256k1_v0_4_0_ge_set_xy(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x, const rustsecp256k1_v0_4_0_fe *y); /** Set a group element (affine) equal to the point with the given X coordinate * and a Y coordinate that is a quadratic residue modulo p. The return value * is true iff a coordinate with the given X coordinate exists. */ -static int rustsecp256k1_v0_3_1_ge_set_xquad(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x); +static int rustsecp256k1_v0_4_0_ge_set_xquad(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x); /** Set a group element (affine) equal to the point with the given X coordinate, and given oddness * for Y. Return value indicates whether the result is valid. */ -static int rustsecp256k1_v0_3_1_ge_set_xo_var(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x, int odd); +static int rustsecp256k1_v0_4_0_ge_set_xo_var(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x, int odd); /** Check whether a group element is the point at infinity. */ -static int rustsecp256k1_v0_3_1_ge_is_infinity(const rustsecp256k1_v0_3_1_ge *a); +static int rustsecp256k1_v0_4_0_ge_is_infinity(const rustsecp256k1_v0_4_0_ge *a); /** Check whether a group element is valid (i.e., on the curve). */ -static int rustsecp256k1_v0_3_1_ge_is_valid_var(const rustsecp256k1_v0_3_1_ge *a); +static int rustsecp256k1_v0_4_0_ge_is_valid_var(const rustsecp256k1_v0_4_0_ge *a); /** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ -static void rustsecp256k1_v0_3_1_ge_neg(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge *a); +static void rustsecp256k1_v0_4_0_ge_neg(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge *a); /** Set a group element equal to another which is given in jacobian coordinates */ -static void rustsecp256k1_v0_3_1_ge_set_gej(rustsecp256k1_v0_3_1_ge *r, rustsecp256k1_v0_3_1_gej *a); +static void rustsecp256k1_v0_4_0_ge_set_gej(rustsecp256k1_v0_4_0_ge *r, rustsecp256k1_v0_4_0_gej *a); /** Set a batch of group elements equal to the inputs given in jacobian coordinates */ -static void rustsecp256k1_v0_3_1_ge_set_all_gej_var(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_gej *a, size_t len); +static void rustsecp256k1_v0_4_0_ge_set_all_gej_var(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_gej *a, size_t len); /** Bring a batch inputs given in jacobian coordinates (with known z-ratios) to * the same global z "denominator". zr must contain the known z-ratios such * that mul(a[i].z, zr[i+1]) == a[i+1].z. zr[0] is ignored. The x and y * coordinates of the result are stored in r, the common z coordinate is * stored in globalz. */ -static void rustsecp256k1_v0_3_1_ge_globalz_set_table_gej(size_t len, rustsecp256k1_v0_3_1_ge *r, rustsecp256k1_v0_3_1_fe *globalz, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_fe *zr); +static void rustsecp256k1_v0_4_0_ge_globalz_set_table_gej(size_t len, rustsecp256k1_v0_4_0_ge *r, rustsecp256k1_v0_4_0_fe *globalz, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_fe *zr); /** Set a group element (affine) equal to the point at infinity. */ -static void rustsecp256k1_v0_3_1_ge_set_infinity(rustsecp256k1_v0_3_1_ge *r); +static void rustsecp256k1_v0_4_0_ge_set_infinity(rustsecp256k1_v0_4_0_ge *r); /** Set a group element (jacobian) equal to the point at infinity. */ -static void rustsecp256k1_v0_3_1_gej_set_infinity(rustsecp256k1_v0_3_1_gej *r); +static void rustsecp256k1_v0_4_0_gej_set_infinity(rustsecp256k1_v0_4_0_gej *r); /** Set a group element (jacobian) equal to another which is given in affine coordinates. */ -static void rustsecp256k1_v0_3_1_gej_set_ge(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_ge *a); +static void rustsecp256k1_v0_4_0_gej_set_ge(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_ge *a); /** Compare the X coordinate of a group element (jacobian). */ -static int rustsecp256k1_v0_3_1_gej_eq_x_var(const rustsecp256k1_v0_3_1_fe *x, const rustsecp256k1_v0_3_1_gej *a); +static int rustsecp256k1_v0_4_0_gej_eq_x_var(const rustsecp256k1_v0_4_0_fe *x, const rustsecp256k1_v0_4_0_gej *a); /** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ -static void rustsecp256k1_v0_3_1_gej_neg(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a); +static void rustsecp256k1_v0_4_0_gej_neg(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a); /** Check whether a group element is the point at infinity. */ -static int rustsecp256k1_v0_3_1_gej_is_infinity(const rustsecp256k1_v0_3_1_gej *a); +static int rustsecp256k1_v0_4_0_gej_is_infinity(const rustsecp256k1_v0_4_0_gej *a); /** Check whether a group element's y coordinate is a quadratic residue. */ -static int rustsecp256k1_v0_3_1_gej_has_quad_y_var(const rustsecp256k1_v0_3_1_gej *a); +static int rustsecp256k1_v0_4_0_gej_has_quad_y_var(const rustsecp256k1_v0_4_0_gej *a); /** Set r equal to the double of a. Constant time. */ -static void rustsecp256k1_v0_3_1_gej_double(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a); +static void rustsecp256k1_v0_4_0_gej_double(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a); /** Set r equal to the double of a. If rzr is not-NULL this sets *rzr such that r->z == a->z * *rzr (where infinity means an implicit z = 0). */ -static void rustsecp256k1_v0_3_1_gej_double_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, rustsecp256k1_v0_3_1_fe *rzr); +static void rustsecp256k1_v0_4_0_gej_double_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, rustsecp256k1_v0_4_0_fe *rzr); /** Set r equal to the sum of a and b. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ -static void rustsecp256k1_v0_3_1_gej_add_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_gej *b, rustsecp256k1_v0_3_1_fe *rzr); +static void rustsecp256k1_v0_4_0_gej_add_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_gej *b, rustsecp256k1_v0_4_0_fe *rzr); /** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */ -static void rustsecp256k1_v0_3_1_gej_add_ge(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b); +static void rustsecp256k1_v0_4_0_gej_add_ge(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b); /** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient - than rustsecp256k1_v0_3_1_gej_add_var. It is identical to rustsecp256k1_v0_3_1_gej_add_ge but without constant-time + than rustsecp256k1_v0_4_0_gej_add_var. It is identical to rustsecp256k1_v0_4_0_gej_add_ge but without constant-time guarantee, and b is allowed to be infinity. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ -static void rustsecp256k1_v0_3_1_gej_add_ge_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b, rustsecp256k1_v0_3_1_fe *rzr); +static void rustsecp256k1_v0_4_0_gej_add_ge_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b, rustsecp256k1_v0_4_0_fe *rzr); /** Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). */ -static void rustsecp256k1_v0_3_1_gej_add_zinv_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b, const rustsecp256k1_v0_3_1_fe *bzinv); +static void rustsecp256k1_v0_4_0_gej_add_zinv_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b, const rustsecp256k1_v0_4_0_fe *bzinv); -#ifdef USE_ENDOMORPHISM /** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ -static void rustsecp256k1_v0_3_1_ge_mul_lambda(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge *a); -#endif +static void rustsecp256k1_v0_4_0_ge_mul_lambda(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge *a); -/** Clear a rustsecp256k1_v0_3_1_gej to prevent leaking sensitive information. */ -static void rustsecp256k1_v0_3_1_gej_clear(rustsecp256k1_v0_3_1_gej *r); +/** Clear a rustsecp256k1_v0_4_0_gej to prevent leaking sensitive information. */ +static void rustsecp256k1_v0_4_0_gej_clear(rustsecp256k1_v0_4_0_gej *r); -/** Clear a rustsecp256k1_v0_3_1_ge to prevent leaking sensitive information. */ -static void rustsecp256k1_v0_3_1_ge_clear(rustsecp256k1_v0_3_1_ge *r); +/** Clear a rustsecp256k1_v0_4_0_ge to prevent leaking sensitive information. */ +static void rustsecp256k1_v0_4_0_ge_clear(rustsecp256k1_v0_4_0_ge *r); /** Convert a group element to the storage type. */ -static void rustsecp256k1_v0_3_1_ge_to_storage(rustsecp256k1_v0_3_1_ge_storage *r, const rustsecp256k1_v0_3_1_ge *a); +static void rustsecp256k1_v0_4_0_ge_to_storage(rustsecp256k1_v0_4_0_ge_storage *r, const rustsecp256k1_v0_4_0_ge *a); /** Convert a group element back from the storage type. */ -static void rustsecp256k1_v0_3_1_ge_from_storage(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge_storage *a); +static void rustsecp256k1_v0_4_0_ge_from_storage(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge_storage *a); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_3_1_ge_storage_cmov(rustsecp256k1_v0_3_1_ge_storage *r, const rustsecp256k1_v0_3_1_ge_storage *a, int flag); +static void rustsecp256k1_v0_4_0_ge_storage_cmov(rustsecp256k1_v0_4_0_ge_storage *r, const rustsecp256k1_v0_4_0_ge_storage *a, int flag); /** Rescale a jacobian point by b which must be non-zero. Constant-time. */ -static void rustsecp256k1_v0_3_1_gej_rescale(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_fe *b); +static void rustsecp256k1_v0_4_0_gej_rescale(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_fe *b); /** Determine if a point (which is assumed to be on the curve) is in the correct (sub)group of the curve. * @@ -148,6 +146,6 @@ static void rustsecp256k1_v0_3_1_gej_rescale(rustsecp256k1_v0_3_1_gej *r, const * (very) small subgroup, and that subgroup is what is used for all cryptographic operations. In that mode, this * function checks whether a point that is on the curve is in fact also in that subgroup. */ -static int rustsecp256k1_v0_3_1_ge_is_in_correct_subgroup(const rustsecp256k1_v0_3_1_ge* ge); +static int rustsecp256k1_v0_4_0_ge_is_in_correct_subgroup(const rustsecp256k1_v0_4_0_ge* ge); #endif /* SECP256K1_GROUP_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/group_impl.h b/secp256k1-sys/depend/secp256k1/src/group_impl.h index 8e5a12892..fbf909daa 100644 --- a/secp256k1-sys/depend/secp256k1/src/group_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/group_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_GROUP_IMPL_H #define SECP256K1_GROUP_IMPL_H @@ -22,24 +22,24 @@ */ #if defined(EXHAUSTIVE_TEST_ORDER) # if EXHAUSTIVE_TEST_ORDER == 13 -static const rustsecp256k1_v0_3_1_ge rustsecp256k1_v0_3_1_ge_const_g = SECP256K1_GE_CONST( +static const rustsecp256k1_v0_4_0_ge rustsecp256k1_v0_4_0_ge_const_g = SECP256K1_GE_CONST( 0xc3459c3d, 0x35326167, 0xcd86cce8, 0x07a2417f, 0x5b8bd567, 0xde8538ee, 0x0d507b0c, 0xd128f5bb, 0x8e467fec, 0xcd30000a, 0x6cc1184e, 0x25d382c2, 0xa2f4494e, 0x2fbe9abc, 0x8b64abac, 0xd005fb24 ); -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_const_b = SECP256K1_FE_CONST( +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_fe_const_b = SECP256K1_FE_CONST( 0x3d3486b2, 0x159a9ca5, 0xc75638be, 0xb23a69bc, 0x946a45ab, 0x24801247, 0xb4ed2b8e, 0x26b6a417 ); # elif EXHAUSTIVE_TEST_ORDER == 199 -static const rustsecp256k1_v0_3_1_ge rustsecp256k1_v0_3_1_ge_const_g = SECP256K1_GE_CONST( +static const rustsecp256k1_v0_4_0_ge rustsecp256k1_v0_4_0_ge_const_g = SECP256K1_GE_CONST( 0x226e653f, 0xc8df7744, 0x9bacbf12, 0x7d1dcbf9, 0x87f05b2a, 0xe7edbd28, 0x1f564575, 0xc48dcf18, 0xa13872c2, 0xe933bb17, 0x5d9ffd5b, 0xb5b6e10c, 0x57fe3c00, 0xbaaaa15a, 0xe003ec3e, 0x9c269bae ); -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_const_b = SECP256K1_FE_CONST( +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_fe_const_b = SECP256K1_FE_CONST( 0x2cca28fa, 0xfc614b80, 0x2a3db42b, 0x00ba00b1, 0xbea8d943, 0xdace9ab2, 0x9536daea, 0x0074defb ); @@ -50,73 +50,73 @@ static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_const_b = SECP256K1 /** Generator for secp256k1, value 'g' defined in * "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ -static const rustsecp256k1_v0_3_1_ge rustsecp256k1_v0_3_1_ge_const_g = SECP256K1_GE_CONST( +static const rustsecp256k1_v0_4_0_ge rustsecp256k1_v0_4_0_ge_const_g = SECP256K1_GE_CONST( 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL ); -static const rustsecp256k1_v0_3_1_fe rustsecp256k1_v0_3_1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 7); +static const rustsecp256k1_v0_4_0_fe rustsecp256k1_v0_4_0_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 7); #endif -static void rustsecp256k1_v0_3_1_ge_set_gej_zinv(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_fe *zi) { - rustsecp256k1_v0_3_1_fe zi2; - rustsecp256k1_v0_3_1_fe zi3; - rustsecp256k1_v0_3_1_fe_sqr(&zi2, zi); - rustsecp256k1_v0_3_1_fe_mul(&zi3, &zi2, zi); - rustsecp256k1_v0_3_1_fe_mul(&r->x, &a->x, &zi2); - rustsecp256k1_v0_3_1_fe_mul(&r->y, &a->y, &zi3); +static void rustsecp256k1_v0_4_0_ge_set_gej_zinv(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_fe *zi) { + rustsecp256k1_v0_4_0_fe zi2; + rustsecp256k1_v0_4_0_fe zi3; + rustsecp256k1_v0_4_0_fe_sqr(&zi2, zi); + rustsecp256k1_v0_4_0_fe_mul(&zi3, &zi2, zi); + rustsecp256k1_v0_4_0_fe_mul(&r->x, &a->x, &zi2); + rustsecp256k1_v0_4_0_fe_mul(&r->y, &a->y, &zi3); r->infinity = a->infinity; } -static void rustsecp256k1_v0_3_1_ge_set_xy(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x, const rustsecp256k1_v0_3_1_fe *y) { +static void rustsecp256k1_v0_4_0_ge_set_xy(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x, const rustsecp256k1_v0_4_0_fe *y) { r->infinity = 0; r->x = *x; r->y = *y; } -static int rustsecp256k1_v0_3_1_ge_is_infinity(const rustsecp256k1_v0_3_1_ge *a) { +static int rustsecp256k1_v0_4_0_ge_is_infinity(const rustsecp256k1_v0_4_0_ge *a) { return a->infinity; } -static void rustsecp256k1_v0_3_1_ge_neg(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge *a) { +static void rustsecp256k1_v0_4_0_ge_neg(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge *a) { *r = *a; - rustsecp256k1_v0_3_1_fe_normalize_weak(&r->y); - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->y, 1); + rustsecp256k1_v0_4_0_fe_normalize_weak(&r->y); + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->y, 1); } -static void rustsecp256k1_v0_3_1_ge_set_gej(rustsecp256k1_v0_3_1_ge *r, rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_fe z2, z3; +static void rustsecp256k1_v0_4_0_ge_set_gej(rustsecp256k1_v0_4_0_ge *r, rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_fe z2, z3; r->infinity = a->infinity; - rustsecp256k1_v0_3_1_fe_inv(&a->z, &a->z); - rustsecp256k1_v0_3_1_fe_sqr(&z2, &a->z); - rustsecp256k1_v0_3_1_fe_mul(&z3, &a->z, &z2); - rustsecp256k1_v0_3_1_fe_mul(&a->x, &a->x, &z2); - rustsecp256k1_v0_3_1_fe_mul(&a->y, &a->y, &z3); - rustsecp256k1_v0_3_1_fe_set_int(&a->z, 1); + rustsecp256k1_v0_4_0_fe_inv(&a->z, &a->z); + rustsecp256k1_v0_4_0_fe_sqr(&z2, &a->z); + rustsecp256k1_v0_4_0_fe_mul(&z3, &a->z, &z2); + rustsecp256k1_v0_4_0_fe_mul(&a->x, &a->x, &z2); + rustsecp256k1_v0_4_0_fe_mul(&a->y, &a->y, &z3); + rustsecp256k1_v0_4_0_fe_set_int(&a->z, 1); r->x = a->x; r->y = a->y; } -static void rustsecp256k1_v0_3_1_ge_set_gej_var(rustsecp256k1_v0_3_1_ge *r, rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_fe z2, z3; +static void rustsecp256k1_v0_4_0_ge_set_gej_var(rustsecp256k1_v0_4_0_ge *r, rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_fe z2, z3; r->infinity = a->infinity; if (a->infinity) { return; } - rustsecp256k1_v0_3_1_fe_inv_var(&a->z, &a->z); - rustsecp256k1_v0_3_1_fe_sqr(&z2, &a->z); - rustsecp256k1_v0_3_1_fe_mul(&z3, &a->z, &z2); - rustsecp256k1_v0_3_1_fe_mul(&a->x, &a->x, &z2); - rustsecp256k1_v0_3_1_fe_mul(&a->y, &a->y, &z3); - rustsecp256k1_v0_3_1_fe_set_int(&a->z, 1); + rustsecp256k1_v0_4_0_fe_inv_var(&a->z, &a->z); + rustsecp256k1_v0_4_0_fe_sqr(&z2, &a->z); + rustsecp256k1_v0_4_0_fe_mul(&z3, &a->z, &z2); + rustsecp256k1_v0_4_0_fe_mul(&a->x, &a->x, &z2); + rustsecp256k1_v0_4_0_fe_mul(&a->y, &a->y, &z3); + rustsecp256k1_v0_4_0_fe_set_int(&a->z, 1); r->x = a->x; r->y = a->y; } -static void rustsecp256k1_v0_3_1_ge_set_all_gej_var(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_gej *a, size_t len) { - rustsecp256k1_v0_3_1_fe u; +static void rustsecp256k1_v0_4_0_ge_set_all_gej_var(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_gej *a, size_t len) { + rustsecp256k1_v0_4_0_fe u; size_t i; size_t last_i = SIZE_MAX; @@ -126,7 +126,7 @@ static void rustsecp256k1_v0_3_1_ge_set_all_gej_var(rustsecp256k1_v0_3_1_ge *r, if (last_i == SIZE_MAX) { r[i].x = a[i].z; } else { - rustsecp256k1_v0_3_1_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); + rustsecp256k1_v0_4_0_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); } last_i = i; } @@ -134,14 +134,14 @@ static void rustsecp256k1_v0_3_1_ge_set_all_gej_var(rustsecp256k1_v0_3_1_ge *r, if (last_i == SIZE_MAX) { return; } - rustsecp256k1_v0_3_1_fe_inv_var(&u, &r[last_i].x); + rustsecp256k1_v0_4_0_fe_inv_var(&u, &r[last_i].x); i = last_i; while (i > 0) { i--; if (!a[i].infinity) { - rustsecp256k1_v0_3_1_fe_mul(&r[last_i].x, &r[i].x, &u); - rustsecp256k1_v0_3_1_fe_mul(&u, &u, &a[last_i].z); + rustsecp256k1_v0_4_0_fe_mul(&r[last_i].x, &r[i].x, &u); + rustsecp256k1_v0_4_0_fe_mul(&u, &u, &a[last_i].z); last_i = i; } } @@ -151,21 +151,21 @@ static void rustsecp256k1_v0_3_1_ge_set_all_gej_var(rustsecp256k1_v0_3_1_ge *r, for (i = 0; i < len; i++) { r[i].infinity = a[i].infinity; if (!a[i].infinity) { - rustsecp256k1_v0_3_1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); + rustsecp256k1_v0_4_0_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); } } } -static void rustsecp256k1_v0_3_1_ge_globalz_set_table_gej(size_t len, rustsecp256k1_v0_3_1_ge *r, rustsecp256k1_v0_3_1_fe *globalz, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_fe *zr) { +static void rustsecp256k1_v0_4_0_ge_globalz_set_table_gej(size_t len, rustsecp256k1_v0_4_0_ge *r, rustsecp256k1_v0_4_0_fe *globalz, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_fe *zr) { size_t i = len - 1; - rustsecp256k1_v0_3_1_fe zs; + rustsecp256k1_v0_4_0_fe zs; if (len > 0) { /* The z of the final point gives us the "global Z" for the table. */ r[i].x = a[i].x; r[i].y = a[i].y; /* Ensure all y values are in weak normal form for fast negation of points */ - rustsecp256k1_v0_3_1_fe_normalize_weak(&r[i].y); + rustsecp256k1_v0_4_0_fe_normalize_weak(&r[i].y); *globalz = a[i].z; r[i].infinity = 0; zs = zr[i]; @@ -173,104 +173,104 @@ static void rustsecp256k1_v0_3_1_ge_globalz_set_table_gej(size_t len, rustsecp25 /* Work our way backwards, using the z-ratios to scale the x/y values. */ while (i > 0) { if (i != len - 1) { - rustsecp256k1_v0_3_1_fe_mul(&zs, &zs, &zr[i]); + rustsecp256k1_v0_4_0_fe_mul(&zs, &zs, &zr[i]); } i--; - rustsecp256k1_v0_3_1_ge_set_gej_zinv(&r[i], &a[i], &zs); + rustsecp256k1_v0_4_0_ge_set_gej_zinv(&r[i], &a[i], &zs); } } } -static void rustsecp256k1_v0_3_1_gej_set_infinity(rustsecp256k1_v0_3_1_gej *r) { +static void rustsecp256k1_v0_4_0_gej_set_infinity(rustsecp256k1_v0_4_0_gej *r) { r->infinity = 1; - rustsecp256k1_v0_3_1_fe_clear(&r->x); - rustsecp256k1_v0_3_1_fe_clear(&r->y); - rustsecp256k1_v0_3_1_fe_clear(&r->z); + rustsecp256k1_v0_4_0_fe_clear(&r->x); + rustsecp256k1_v0_4_0_fe_clear(&r->y); + rustsecp256k1_v0_4_0_fe_clear(&r->z); } -static void rustsecp256k1_v0_3_1_ge_set_infinity(rustsecp256k1_v0_3_1_ge *r) { +static void rustsecp256k1_v0_4_0_ge_set_infinity(rustsecp256k1_v0_4_0_ge *r) { r->infinity = 1; - rustsecp256k1_v0_3_1_fe_clear(&r->x); - rustsecp256k1_v0_3_1_fe_clear(&r->y); + rustsecp256k1_v0_4_0_fe_clear(&r->x); + rustsecp256k1_v0_4_0_fe_clear(&r->y); } -static void rustsecp256k1_v0_3_1_gej_clear(rustsecp256k1_v0_3_1_gej *r) { +static void rustsecp256k1_v0_4_0_gej_clear(rustsecp256k1_v0_4_0_gej *r) { r->infinity = 0; - rustsecp256k1_v0_3_1_fe_clear(&r->x); - rustsecp256k1_v0_3_1_fe_clear(&r->y); - rustsecp256k1_v0_3_1_fe_clear(&r->z); + rustsecp256k1_v0_4_0_fe_clear(&r->x); + rustsecp256k1_v0_4_0_fe_clear(&r->y); + rustsecp256k1_v0_4_0_fe_clear(&r->z); } -static void rustsecp256k1_v0_3_1_ge_clear(rustsecp256k1_v0_3_1_ge *r) { +static void rustsecp256k1_v0_4_0_ge_clear(rustsecp256k1_v0_4_0_ge *r) { r->infinity = 0; - rustsecp256k1_v0_3_1_fe_clear(&r->x); - rustsecp256k1_v0_3_1_fe_clear(&r->y); + rustsecp256k1_v0_4_0_fe_clear(&r->x); + rustsecp256k1_v0_4_0_fe_clear(&r->y); } -static int rustsecp256k1_v0_3_1_ge_set_xquad(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x) { - rustsecp256k1_v0_3_1_fe x2, x3; +static int rustsecp256k1_v0_4_0_ge_set_xquad(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x) { + rustsecp256k1_v0_4_0_fe x2, x3; r->x = *x; - rustsecp256k1_v0_3_1_fe_sqr(&x2, x); - rustsecp256k1_v0_3_1_fe_mul(&x3, x, &x2); + rustsecp256k1_v0_4_0_fe_sqr(&x2, x); + rustsecp256k1_v0_4_0_fe_mul(&x3, x, &x2); r->infinity = 0; - rustsecp256k1_v0_3_1_fe_add(&x3, &rustsecp256k1_v0_3_1_fe_const_b); - return rustsecp256k1_v0_3_1_fe_sqrt(&r->y, &x3); + rustsecp256k1_v0_4_0_fe_add(&x3, &rustsecp256k1_v0_4_0_fe_const_b); + return rustsecp256k1_v0_4_0_fe_sqrt(&r->y, &x3); } -static int rustsecp256k1_v0_3_1_ge_set_xo_var(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_fe *x, int odd) { - if (!rustsecp256k1_v0_3_1_ge_set_xquad(r, x)) { +static int rustsecp256k1_v0_4_0_ge_set_xo_var(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_fe *x, int odd) { + if (!rustsecp256k1_v0_4_0_ge_set_xquad(r, x)) { return 0; } - rustsecp256k1_v0_3_1_fe_normalize_var(&r->y); - if (rustsecp256k1_v0_3_1_fe_is_odd(&r->y) != odd) { - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->y, 1); + rustsecp256k1_v0_4_0_fe_normalize_var(&r->y); + if (rustsecp256k1_v0_4_0_fe_is_odd(&r->y) != odd) { + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->y, 1); } return 1; } -static void rustsecp256k1_v0_3_1_gej_set_ge(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_ge *a) { +static void rustsecp256k1_v0_4_0_gej_set_ge(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_ge *a) { r->infinity = a->infinity; r->x = a->x; r->y = a->y; - rustsecp256k1_v0_3_1_fe_set_int(&r->z, 1); + rustsecp256k1_v0_4_0_fe_set_int(&r->z, 1); } -static int rustsecp256k1_v0_3_1_gej_eq_x_var(const rustsecp256k1_v0_3_1_fe *x, const rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_fe r, r2; +static int rustsecp256k1_v0_4_0_gej_eq_x_var(const rustsecp256k1_v0_4_0_fe *x, const rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_fe r, r2; VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_3_1_fe_sqr(&r, &a->z); rustsecp256k1_v0_3_1_fe_mul(&r, &r, x); - r2 = a->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&r2); - return rustsecp256k1_v0_3_1_fe_equal_var(&r, &r2); + rustsecp256k1_v0_4_0_fe_sqr(&r, &a->z); rustsecp256k1_v0_4_0_fe_mul(&r, &r, x); + r2 = a->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&r2); + return rustsecp256k1_v0_4_0_fe_equal_var(&r, &r2); } -static void rustsecp256k1_v0_3_1_gej_neg(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a) { +static void rustsecp256k1_v0_4_0_gej_neg(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a) { r->infinity = a->infinity; r->x = a->x; r->y = a->y; r->z = a->z; - rustsecp256k1_v0_3_1_fe_normalize_weak(&r->y); - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->y, 1); + rustsecp256k1_v0_4_0_fe_normalize_weak(&r->y); + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->y, 1); } -static int rustsecp256k1_v0_3_1_gej_is_infinity(const rustsecp256k1_v0_3_1_gej *a) { +static int rustsecp256k1_v0_4_0_gej_is_infinity(const rustsecp256k1_v0_4_0_gej *a) { return a->infinity; } -static int rustsecp256k1_v0_3_1_ge_is_valid_var(const rustsecp256k1_v0_3_1_ge *a) { - rustsecp256k1_v0_3_1_fe y2, x3; +static int rustsecp256k1_v0_4_0_ge_is_valid_var(const rustsecp256k1_v0_4_0_ge *a) { + rustsecp256k1_v0_4_0_fe y2, x3; if (a->infinity) { return 0; } /* y^2 = x^3 + 7 */ - rustsecp256k1_v0_3_1_fe_sqr(&y2, &a->y); - rustsecp256k1_v0_3_1_fe_sqr(&x3, &a->x); rustsecp256k1_v0_3_1_fe_mul(&x3, &x3, &a->x); - rustsecp256k1_v0_3_1_fe_add(&x3, &rustsecp256k1_v0_3_1_fe_const_b); - rustsecp256k1_v0_3_1_fe_normalize_weak(&x3); - return rustsecp256k1_v0_3_1_fe_equal_var(&y2, &x3); + rustsecp256k1_v0_4_0_fe_sqr(&y2, &a->y); + rustsecp256k1_v0_4_0_fe_sqr(&x3, &a->x); rustsecp256k1_v0_4_0_fe_mul(&x3, &x3, &a->x); + rustsecp256k1_v0_4_0_fe_add(&x3, &rustsecp256k1_v0_4_0_fe_const_b); + rustsecp256k1_v0_4_0_fe_normalize_weak(&x3); + return rustsecp256k1_v0_4_0_fe_equal_var(&y2, &x3); } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_gej_double(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_gej_double(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a) { /* Operations: 3 mul, 4 sqr, 0 normalize, 12 mul_int/add/negate. * * Note that there is an implementation described at @@ -278,33 +278,33 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_gej_double(rustsecp256k1_v0_3_ * which trades a multiply for a square, but in practice this is actually slower, * mainly because it requires more normalizations. */ - rustsecp256k1_v0_3_1_fe t1,t2,t3,t4; + rustsecp256k1_v0_4_0_fe t1,t2,t3,t4; r->infinity = a->infinity; - rustsecp256k1_v0_3_1_fe_mul(&r->z, &a->z, &a->y); - rustsecp256k1_v0_3_1_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ - rustsecp256k1_v0_3_1_fe_sqr(&t1, &a->x); - rustsecp256k1_v0_3_1_fe_mul_int(&t1, 3); /* T1 = 3*X^2 (3) */ - rustsecp256k1_v0_3_1_fe_sqr(&t2, &t1); /* T2 = 9*X^4 (1) */ - rustsecp256k1_v0_3_1_fe_sqr(&t3, &a->y); - rustsecp256k1_v0_3_1_fe_mul_int(&t3, 2); /* T3 = 2*Y^2 (2) */ - rustsecp256k1_v0_3_1_fe_sqr(&t4, &t3); - rustsecp256k1_v0_3_1_fe_mul_int(&t4, 2); /* T4 = 8*Y^4 (2) */ - rustsecp256k1_v0_3_1_fe_mul(&t3, &t3, &a->x); /* T3 = 2*X*Y^2 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&r->z, &a->z, &a->y); + rustsecp256k1_v0_4_0_fe_mul_int(&r->z, 2); /* Z' = 2*Y*Z (2) */ + rustsecp256k1_v0_4_0_fe_sqr(&t1, &a->x); + rustsecp256k1_v0_4_0_fe_mul_int(&t1, 3); /* T1 = 3*X^2 (3) */ + rustsecp256k1_v0_4_0_fe_sqr(&t2, &t1); /* T2 = 9*X^4 (1) */ + rustsecp256k1_v0_4_0_fe_sqr(&t3, &a->y); + rustsecp256k1_v0_4_0_fe_mul_int(&t3, 2); /* T3 = 2*Y^2 (2) */ + rustsecp256k1_v0_4_0_fe_sqr(&t4, &t3); + rustsecp256k1_v0_4_0_fe_mul_int(&t4, 2); /* T4 = 8*Y^4 (2) */ + rustsecp256k1_v0_4_0_fe_mul(&t3, &t3, &a->x); /* T3 = 2*X*Y^2 (1) */ r->x = t3; - rustsecp256k1_v0_3_1_fe_mul_int(&r->x, 4); /* X' = 8*X*Y^2 (4) */ - rustsecp256k1_v0_3_1_fe_negate(&r->x, &r->x, 4); /* X' = -8*X*Y^2 (5) */ - rustsecp256k1_v0_3_1_fe_add(&r->x, &t2); /* X' = 9*X^4 - 8*X*Y^2 (6) */ - rustsecp256k1_v0_3_1_fe_negate(&t2, &t2, 1); /* T2 = -9*X^4 (2) */ - rustsecp256k1_v0_3_1_fe_mul_int(&t3, 6); /* T3 = 12*X*Y^2 (6) */ - rustsecp256k1_v0_3_1_fe_add(&t3, &t2); /* T3 = 12*X*Y^2 - 9*X^4 (8) */ - rustsecp256k1_v0_3_1_fe_mul(&r->y, &t1, &t3); /* Y' = 36*X^3*Y^2 - 27*X^6 (1) */ - rustsecp256k1_v0_3_1_fe_negate(&t2, &t4, 2); /* T2 = -8*Y^4 (3) */ - rustsecp256k1_v0_3_1_fe_add(&r->y, &t2); /* Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) */ -} - -static void rustsecp256k1_v0_3_1_gej_double_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, rustsecp256k1_v0_3_1_fe *rzr) { + rustsecp256k1_v0_4_0_fe_mul_int(&r->x, 4); /* X' = 8*X*Y^2 (4) */ + rustsecp256k1_v0_4_0_fe_negate(&r->x, &r->x, 4); /* X' = -8*X*Y^2 (5) */ + rustsecp256k1_v0_4_0_fe_add(&r->x, &t2); /* X' = 9*X^4 - 8*X*Y^2 (6) */ + rustsecp256k1_v0_4_0_fe_negate(&t2, &t2, 1); /* T2 = -9*X^4 (2) */ + rustsecp256k1_v0_4_0_fe_mul_int(&t3, 6); /* T3 = 12*X*Y^2 (6) */ + rustsecp256k1_v0_4_0_fe_add(&t3, &t2); /* T3 = 12*X*Y^2 - 9*X^4 (8) */ + rustsecp256k1_v0_4_0_fe_mul(&r->y, &t1, &t3); /* Y' = 36*X^3*Y^2 - 27*X^6 (1) */ + rustsecp256k1_v0_4_0_fe_negate(&t2, &t4, 2); /* T2 = -8*Y^4 (3) */ + rustsecp256k1_v0_4_0_fe_add(&r->y, &t2); /* Y' = 36*X^3*Y^2 - 27*X^6 - 8*Y^4 (4) */ +} + +static void rustsecp256k1_v0_4_0_gej_double_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, rustsecp256k1_v0_4_0_fe *rzr) { /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. @@ -318,23 +318,23 @@ static void rustsecp256k1_v0_3_1_gej_double_var(rustsecp256k1_v0_3_1_gej *r, con if (a->infinity) { r->infinity = 1; if (rzr != NULL) { - rustsecp256k1_v0_3_1_fe_set_int(rzr, 1); + rustsecp256k1_v0_4_0_fe_set_int(rzr, 1); } return; } if (rzr != NULL) { *rzr = a->y; - rustsecp256k1_v0_3_1_fe_normalize_weak(rzr); - rustsecp256k1_v0_3_1_fe_mul_int(rzr, 2); + rustsecp256k1_v0_4_0_fe_normalize_weak(rzr); + rustsecp256k1_v0_4_0_fe_mul_int(rzr, 2); } - rustsecp256k1_v0_3_1_gej_double(r, a); + rustsecp256k1_v0_4_0_gej_double(r, a); } -static void rustsecp256k1_v0_3_1_gej_add_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_gej *b, rustsecp256k1_v0_3_1_fe *rzr) { +static void rustsecp256k1_v0_4_0_gej_add_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_gej *b, rustsecp256k1_v0_4_0_fe *rzr) { /* Operations: 12 mul, 4 sqr, 2 normalize, 12 mul_int/add/negate */ - rustsecp256k1_v0_3_1_fe z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + rustsecp256k1_v0_4_0_fe z22, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; if (a->infinity) { VERIFY_CHECK(rzr == NULL); @@ -344,112 +344,112 @@ static void rustsecp256k1_v0_3_1_gej_add_var(rustsecp256k1_v0_3_1_gej *r, const if (b->infinity) { if (rzr != NULL) { - rustsecp256k1_v0_3_1_fe_set_int(rzr, 1); + rustsecp256k1_v0_4_0_fe_set_int(rzr, 1); } *r = *a; return; } r->infinity = 0; - rustsecp256k1_v0_3_1_fe_sqr(&z22, &b->z); - rustsecp256k1_v0_3_1_fe_sqr(&z12, &a->z); - rustsecp256k1_v0_3_1_fe_mul(&u1, &a->x, &z22); - rustsecp256k1_v0_3_1_fe_mul(&u2, &b->x, &z12); - rustsecp256k1_v0_3_1_fe_mul(&s1, &a->y, &z22); rustsecp256k1_v0_3_1_fe_mul(&s1, &s1, &b->z); - rustsecp256k1_v0_3_1_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_3_1_fe_mul(&s2, &s2, &a->z); - rustsecp256k1_v0_3_1_fe_negate(&h, &u1, 1); rustsecp256k1_v0_3_1_fe_add(&h, &u2); - rustsecp256k1_v0_3_1_fe_negate(&i, &s1, 1); rustsecp256k1_v0_3_1_fe_add(&i, &s2); - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_3_1_gej_double_var(r, a, rzr); + rustsecp256k1_v0_4_0_fe_sqr(&z22, &b->z); + rustsecp256k1_v0_4_0_fe_sqr(&z12, &a->z); + rustsecp256k1_v0_4_0_fe_mul(&u1, &a->x, &z22); + rustsecp256k1_v0_4_0_fe_mul(&u2, &b->x, &z12); + rustsecp256k1_v0_4_0_fe_mul(&s1, &a->y, &z22); rustsecp256k1_v0_4_0_fe_mul(&s1, &s1, &b->z); + rustsecp256k1_v0_4_0_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_4_0_fe_mul(&s2, &s2, &a->z); + rustsecp256k1_v0_4_0_fe_negate(&h, &u1, 1); rustsecp256k1_v0_4_0_fe_add(&h, &u2); + rustsecp256k1_v0_4_0_fe_negate(&i, &s1, 1); rustsecp256k1_v0_4_0_fe_add(&i, &s2); + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&h)) { + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&i)) { + rustsecp256k1_v0_4_0_gej_double_var(r, a, rzr); } else { if (rzr != NULL) { - rustsecp256k1_v0_3_1_fe_set_int(rzr, 0); + rustsecp256k1_v0_4_0_fe_set_int(rzr, 0); } - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); } return; } - rustsecp256k1_v0_3_1_fe_sqr(&i2, &i); - rustsecp256k1_v0_3_1_fe_sqr(&h2, &h); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h, &h2); - rustsecp256k1_v0_3_1_fe_mul(&h, &h, &b->z); + rustsecp256k1_v0_4_0_fe_sqr(&i2, &i); + rustsecp256k1_v0_4_0_fe_sqr(&h2, &h); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h, &h2); + rustsecp256k1_v0_4_0_fe_mul(&h, &h, &b->z); if (rzr != NULL) { *rzr = h; } - rustsecp256k1_v0_3_1_fe_mul(&r->z, &a->z, &h); - rustsecp256k1_v0_3_1_fe_mul(&t, &u1, &h2); - r->x = t; rustsecp256k1_v0_3_1_fe_mul_int(&r->x, 2); rustsecp256k1_v0_3_1_fe_add(&r->x, &h3); rustsecp256k1_v0_3_1_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_3_1_fe_add(&r->x, &i2); - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_3_1_fe_add(&r->y, &t); rustsecp256k1_v0_3_1_fe_mul(&r->y, &r->y, &i); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_3_1_fe_negate(&h3, &h3, 1); - rustsecp256k1_v0_3_1_fe_add(&r->y, &h3); + rustsecp256k1_v0_4_0_fe_mul(&r->z, &a->z, &h); + rustsecp256k1_v0_4_0_fe_mul(&t, &u1, &h2); + r->x = t; rustsecp256k1_v0_4_0_fe_mul_int(&r->x, 2); rustsecp256k1_v0_4_0_fe_add(&r->x, &h3); rustsecp256k1_v0_4_0_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_4_0_fe_add(&r->x, &i2); + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_4_0_fe_add(&r->y, &t); rustsecp256k1_v0_4_0_fe_mul(&r->y, &r->y, &i); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_4_0_fe_negate(&h3, &h3, 1); + rustsecp256k1_v0_4_0_fe_add(&r->y, &h3); } -static void rustsecp256k1_v0_3_1_gej_add_ge_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b, rustsecp256k1_v0_3_1_fe *rzr) { +static void rustsecp256k1_v0_4_0_gej_add_ge_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b, rustsecp256k1_v0_4_0_fe *rzr) { /* 8 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ - rustsecp256k1_v0_3_1_fe z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + rustsecp256k1_v0_4_0_fe z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; if (a->infinity) { VERIFY_CHECK(rzr == NULL); - rustsecp256k1_v0_3_1_gej_set_ge(r, b); + rustsecp256k1_v0_4_0_gej_set_ge(r, b); return; } if (b->infinity) { if (rzr != NULL) { - rustsecp256k1_v0_3_1_fe_set_int(rzr, 1); + rustsecp256k1_v0_4_0_fe_set_int(rzr, 1); } *r = *a; return; } r->infinity = 0; - rustsecp256k1_v0_3_1_fe_sqr(&z12, &a->z); - u1 = a->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&u1); - rustsecp256k1_v0_3_1_fe_mul(&u2, &b->x, &z12); - s1 = a->y; rustsecp256k1_v0_3_1_fe_normalize_weak(&s1); - rustsecp256k1_v0_3_1_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_3_1_fe_mul(&s2, &s2, &a->z); - rustsecp256k1_v0_3_1_fe_negate(&h, &u1, 1); rustsecp256k1_v0_3_1_fe_add(&h, &u2); - rustsecp256k1_v0_3_1_fe_negate(&i, &s1, 1); rustsecp256k1_v0_3_1_fe_add(&i, &s2); - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_3_1_gej_double_var(r, a, rzr); + rustsecp256k1_v0_4_0_fe_sqr(&z12, &a->z); + u1 = a->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&u1); + rustsecp256k1_v0_4_0_fe_mul(&u2, &b->x, &z12); + s1 = a->y; rustsecp256k1_v0_4_0_fe_normalize_weak(&s1); + rustsecp256k1_v0_4_0_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_4_0_fe_mul(&s2, &s2, &a->z); + rustsecp256k1_v0_4_0_fe_negate(&h, &u1, 1); rustsecp256k1_v0_4_0_fe_add(&h, &u2); + rustsecp256k1_v0_4_0_fe_negate(&i, &s1, 1); rustsecp256k1_v0_4_0_fe_add(&i, &s2); + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&h)) { + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&i)) { + rustsecp256k1_v0_4_0_gej_double_var(r, a, rzr); } else { if (rzr != NULL) { - rustsecp256k1_v0_3_1_fe_set_int(rzr, 0); + rustsecp256k1_v0_4_0_fe_set_int(rzr, 0); } - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); } return; } - rustsecp256k1_v0_3_1_fe_sqr(&i2, &i); - rustsecp256k1_v0_3_1_fe_sqr(&h2, &h); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h, &h2); + rustsecp256k1_v0_4_0_fe_sqr(&i2, &i); + rustsecp256k1_v0_4_0_fe_sqr(&h2, &h); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h, &h2); if (rzr != NULL) { *rzr = h; } - rustsecp256k1_v0_3_1_fe_mul(&r->z, &a->z, &h); - rustsecp256k1_v0_3_1_fe_mul(&t, &u1, &h2); - r->x = t; rustsecp256k1_v0_3_1_fe_mul_int(&r->x, 2); rustsecp256k1_v0_3_1_fe_add(&r->x, &h3); rustsecp256k1_v0_3_1_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_3_1_fe_add(&r->x, &i2); - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_3_1_fe_add(&r->y, &t); rustsecp256k1_v0_3_1_fe_mul(&r->y, &r->y, &i); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_3_1_fe_negate(&h3, &h3, 1); - rustsecp256k1_v0_3_1_fe_add(&r->y, &h3); + rustsecp256k1_v0_4_0_fe_mul(&r->z, &a->z, &h); + rustsecp256k1_v0_4_0_fe_mul(&t, &u1, &h2); + r->x = t; rustsecp256k1_v0_4_0_fe_mul_int(&r->x, 2); rustsecp256k1_v0_4_0_fe_add(&r->x, &h3); rustsecp256k1_v0_4_0_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_4_0_fe_add(&r->x, &i2); + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_4_0_fe_add(&r->y, &t); rustsecp256k1_v0_4_0_fe_mul(&r->y, &r->y, &i); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_4_0_fe_negate(&h3, &h3, 1); + rustsecp256k1_v0_4_0_fe_add(&r->y, &h3); } -static void rustsecp256k1_v0_3_1_gej_add_zinv_var(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b, const rustsecp256k1_v0_3_1_fe *bzinv) { +static void rustsecp256k1_v0_4_0_gej_add_zinv_var(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b, const rustsecp256k1_v0_4_0_fe *bzinv) { /* 9 mul, 3 sqr, 4 normalize, 12 mul_int/add/negate */ - rustsecp256k1_v0_3_1_fe az, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; + rustsecp256k1_v0_4_0_fe az, z12, u1, u2, s1, s2, h, i, i2, h2, h3, t; if (b->infinity) { *r = *a; return; } if (a->infinity) { - rustsecp256k1_v0_3_1_fe bzinv2, bzinv3; + rustsecp256k1_v0_4_0_fe bzinv2, bzinv3; r->infinity = b->infinity; - rustsecp256k1_v0_3_1_fe_sqr(&bzinv2, bzinv); - rustsecp256k1_v0_3_1_fe_mul(&bzinv3, &bzinv2, bzinv); - rustsecp256k1_v0_3_1_fe_mul(&r->x, &b->x, &bzinv2); - rustsecp256k1_v0_3_1_fe_mul(&r->y, &b->y, &bzinv3); - rustsecp256k1_v0_3_1_fe_set_int(&r->z, 1); + rustsecp256k1_v0_4_0_fe_sqr(&bzinv2, bzinv); + rustsecp256k1_v0_4_0_fe_mul(&bzinv3, &bzinv2, bzinv); + rustsecp256k1_v0_4_0_fe_mul(&r->x, &b->x, &bzinv2); + rustsecp256k1_v0_4_0_fe_mul(&r->y, &b->y, &bzinv3); + rustsecp256k1_v0_4_0_fe_set_int(&r->z, 1); return; } r->infinity = 0; @@ -462,40 +462,40 @@ static void rustsecp256k1_v0_3_1_gej_add_zinv_var(rustsecp256k1_v0_3_1_gej *r, c * The variable az below holds the modified Z coordinate for a, which is used * for the computation of rx and ry, but not for rz. */ - rustsecp256k1_v0_3_1_fe_mul(&az, &a->z, bzinv); - - rustsecp256k1_v0_3_1_fe_sqr(&z12, &az); - u1 = a->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&u1); - rustsecp256k1_v0_3_1_fe_mul(&u2, &b->x, &z12); - s1 = a->y; rustsecp256k1_v0_3_1_fe_normalize_weak(&s1); - rustsecp256k1_v0_3_1_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_3_1_fe_mul(&s2, &s2, &az); - rustsecp256k1_v0_3_1_fe_negate(&h, &u1, 1); rustsecp256k1_v0_3_1_fe_add(&h, &u2); - rustsecp256k1_v0_3_1_fe_negate(&i, &s1, 1); rustsecp256k1_v0_3_1_fe_add(&i, &s2); - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_3_1_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_3_1_gej_double_var(r, a, NULL); + rustsecp256k1_v0_4_0_fe_mul(&az, &a->z, bzinv); + + rustsecp256k1_v0_4_0_fe_sqr(&z12, &az); + u1 = a->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&u1); + rustsecp256k1_v0_4_0_fe_mul(&u2, &b->x, &z12); + s1 = a->y; rustsecp256k1_v0_4_0_fe_normalize_weak(&s1); + rustsecp256k1_v0_4_0_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_4_0_fe_mul(&s2, &s2, &az); + rustsecp256k1_v0_4_0_fe_negate(&h, &u1, 1); rustsecp256k1_v0_4_0_fe_add(&h, &u2); + rustsecp256k1_v0_4_0_fe_negate(&i, &s1, 1); rustsecp256k1_v0_4_0_fe_add(&i, &s2); + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&h)) { + if (rustsecp256k1_v0_4_0_fe_normalizes_to_zero_var(&i)) { + rustsecp256k1_v0_4_0_gej_double_var(r, a, NULL); } else { - rustsecp256k1_v0_3_1_gej_set_infinity(r); + rustsecp256k1_v0_4_0_gej_set_infinity(r); } return; } - rustsecp256k1_v0_3_1_fe_sqr(&i2, &i); - rustsecp256k1_v0_3_1_fe_sqr(&h2, &h); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h, &h2); - r->z = a->z; rustsecp256k1_v0_3_1_fe_mul(&r->z, &r->z, &h); - rustsecp256k1_v0_3_1_fe_mul(&t, &u1, &h2); - r->x = t; rustsecp256k1_v0_3_1_fe_mul_int(&r->x, 2); rustsecp256k1_v0_3_1_fe_add(&r->x, &h3); rustsecp256k1_v0_3_1_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_3_1_fe_add(&r->x, &i2); - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_3_1_fe_add(&r->y, &t); rustsecp256k1_v0_3_1_fe_mul(&r->y, &r->y, &i); - rustsecp256k1_v0_3_1_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_3_1_fe_negate(&h3, &h3, 1); - rustsecp256k1_v0_3_1_fe_add(&r->y, &h3); + rustsecp256k1_v0_4_0_fe_sqr(&i2, &i); + rustsecp256k1_v0_4_0_fe_sqr(&h2, &h); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h, &h2); + r->z = a->z; rustsecp256k1_v0_4_0_fe_mul(&r->z, &r->z, &h); + rustsecp256k1_v0_4_0_fe_mul(&t, &u1, &h2); + r->x = t; rustsecp256k1_v0_4_0_fe_mul_int(&r->x, 2); rustsecp256k1_v0_4_0_fe_add(&r->x, &h3); rustsecp256k1_v0_4_0_fe_negate(&r->x, &r->x, 3); rustsecp256k1_v0_4_0_fe_add(&r->x, &i2); + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->x, 5); rustsecp256k1_v0_4_0_fe_add(&r->y, &t); rustsecp256k1_v0_4_0_fe_mul(&r->y, &r->y, &i); + rustsecp256k1_v0_4_0_fe_mul(&h3, &h3, &s1); rustsecp256k1_v0_4_0_fe_negate(&h3, &h3, 1); + rustsecp256k1_v0_4_0_fe_add(&r->y, &h3); } -static void rustsecp256k1_v0_3_1_gej_add_ge(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_ge *b) { +static void rustsecp256k1_v0_4_0_gej_add_ge(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_ge *b) { /* Operations: 7 mul, 5 sqr, 4 normalize, 21 mul_int/add/negate/cmov */ - static const rustsecp256k1_v0_3_1_fe fe_1 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - rustsecp256k1_v0_3_1_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; - rustsecp256k1_v0_3_1_fe m_alt, rr_alt; + static const rustsecp256k1_v0_4_0_fe fe_1 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + rustsecp256k1_v0_4_0_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; + rustsecp256k1_v0_4_0_fe m_alt, rr_alt; int infinity, degenerate; VERIFY_CHECK(!b->infinity); VERIFY_CHECK(a->infinity == 0 || a->infinity == 1); @@ -550,115 +550,113 @@ static void rustsecp256k1_v0_3_1_gej_add_ge(rustsecp256k1_v0_3_1_gej *r, const r * so this covers everything. */ - rustsecp256k1_v0_3_1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ - u1 = a->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ - rustsecp256k1_v0_3_1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ - s1 = a->y; rustsecp256k1_v0_3_1_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ - rustsecp256k1_v0_3_1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ - rustsecp256k1_v0_3_1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ - t = u1; rustsecp256k1_v0_3_1_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ - m = s1; rustsecp256k1_v0_3_1_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ - rustsecp256k1_v0_3_1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ - rustsecp256k1_v0_3_1_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 */ - rustsecp256k1_v0_3_1_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (2) */ - rustsecp256k1_v0_3_1_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (3) */ + rustsecp256k1_v0_4_0_fe_sqr(&zz, &a->z); /* z = Z1^2 */ + u1 = a->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&u1); /* u1 = U1 = X1*Z2^2 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ + s1 = a->y; rustsecp256k1_v0_4_0_fe_normalize_weak(&s1); /* s1 = S1 = Y1*Z2^3 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ + t = u1; rustsecp256k1_v0_4_0_fe_add(&t, &u2); /* t = T = U1+U2 (2) */ + m = s1; rustsecp256k1_v0_4_0_fe_add(&m, &s2); /* m = M = S1+S2 (2) */ + rustsecp256k1_v0_4_0_fe_sqr(&rr, &t); /* rr = T^2 (1) */ + rustsecp256k1_v0_4_0_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 */ + rustsecp256k1_v0_4_0_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (2) */ + rustsecp256k1_v0_4_0_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (3) */ /** If lambda = R/M = 0/0 we have a problem (except in the "trivial" * case that Z = z1z2 = 0, and this is special-cased later on). */ - degenerate = rustsecp256k1_v0_3_1_fe_normalizes_to_zero(&m) & - rustsecp256k1_v0_3_1_fe_normalizes_to_zero(&rr); + degenerate = rustsecp256k1_v0_4_0_fe_normalizes_to_zero(&m) & + rustsecp256k1_v0_4_0_fe_normalizes_to_zero(&rr); /* This only occurs when y1 == -y2 and x1^3 == x2^3, but x1 != x2. * This means either x1 == beta*x2 or beta*x1 == x2, where beta is * a nontrivial cube root of one. In either case, an alternate * non-indeterminate expression for lambda is (y1 - y2)/(x1 - x2), * so we set R/M equal to this. */ rr_alt = s1; - rustsecp256k1_v0_3_1_fe_mul_int(&rr_alt, 2); /* rr = Y1*Z2^3 - Y2*Z1^3 (2) */ - rustsecp256k1_v0_3_1_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 */ + rustsecp256k1_v0_4_0_fe_mul_int(&rr_alt, 2); /* rr = Y1*Z2^3 - Y2*Z1^3 (2) */ + rustsecp256k1_v0_4_0_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 */ - rustsecp256k1_v0_3_1_fe_cmov(&rr_alt, &rr, !degenerate); - rustsecp256k1_v0_3_1_fe_cmov(&m_alt, &m, !degenerate); + rustsecp256k1_v0_4_0_fe_cmov(&rr_alt, &rr, !degenerate); + rustsecp256k1_v0_4_0_fe_cmov(&m_alt, &m, !degenerate); /* Now Ralt / Malt = lambda and is guaranteed not to be 0/0. * From here on out Ralt and Malt represent the numerator * and denominator of lambda; R and M represent the explicit * expressions x1^2 + x2^2 + x1x2 and y1 + y2. */ - rustsecp256k1_v0_3_1_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ - rustsecp256k1_v0_3_1_fe_mul(&q, &n, &t); /* q = Q = T*Malt^2 (1) */ + rustsecp256k1_v0_4_0_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&q, &n, &t); /* q = Q = T*Malt^2 (1) */ /* These two lines use the observation that either M == Malt or M == 0, * so M^3 * Malt is either Malt^4 (which is computed by squaring), or * zero (which is "computed" by cmov). So the cost is one squaring * versus two multiplications. */ - rustsecp256k1_v0_3_1_fe_sqr(&n, &n); - rustsecp256k1_v0_3_1_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (2) */ - rustsecp256k1_v0_3_1_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ - rustsecp256k1_v0_3_1_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Malt*Z (1) */ - infinity = rustsecp256k1_v0_3_1_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); - rustsecp256k1_v0_3_1_fe_mul_int(&r->z, 2); /* r->z = Z3 = 2*Malt*Z (2) */ - rustsecp256k1_v0_3_1_fe_negate(&q, &q, 1); /* q = -Q (2) */ - rustsecp256k1_v0_3_1_fe_add(&t, &q); /* t = Ralt^2-Q (3) */ - rustsecp256k1_v0_3_1_fe_normalize_weak(&t); + rustsecp256k1_v0_4_0_fe_sqr(&n, &n); + rustsecp256k1_v0_4_0_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (2) */ + rustsecp256k1_v0_4_0_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ + rustsecp256k1_v0_4_0_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Malt*Z (1) */ + infinity = rustsecp256k1_v0_4_0_fe_normalizes_to_zero(&r->z) * (1 - a->infinity); + rustsecp256k1_v0_4_0_fe_mul_int(&r->z, 2); /* r->z = Z3 = 2*Malt*Z (2) */ + rustsecp256k1_v0_4_0_fe_negate(&q, &q, 1); /* q = -Q (2) */ + rustsecp256k1_v0_4_0_fe_add(&t, &q); /* t = Ralt^2-Q (3) */ + rustsecp256k1_v0_4_0_fe_normalize_weak(&t); r->x = t; /* r->x = Ralt^2-Q (1) */ - rustsecp256k1_v0_3_1_fe_mul_int(&t, 2); /* t = 2*x3 (2) */ - rustsecp256k1_v0_3_1_fe_add(&t, &q); /* t = 2*x3 - Q: (4) */ - rustsecp256k1_v0_3_1_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*x3 - Q) (1) */ - rustsecp256k1_v0_3_1_fe_add(&t, &n); /* t = Ralt*(2*x3 - Q) + M^3*Malt (3) */ - rustsecp256k1_v0_3_1_fe_negate(&r->y, &t, 3); /* r->y = Ralt*(Q - 2x3) - M^3*Malt (4) */ - rustsecp256k1_v0_3_1_fe_normalize_weak(&r->y); - rustsecp256k1_v0_3_1_fe_mul_int(&r->x, 4); /* r->x = X3 = 4*(Ralt^2-Q) */ - rustsecp256k1_v0_3_1_fe_mul_int(&r->y, 4); /* r->y = Y3 = 4*Ralt*(Q - 2x3) - 4*M^3*Malt (4) */ + rustsecp256k1_v0_4_0_fe_mul_int(&t, 2); /* t = 2*x3 (2) */ + rustsecp256k1_v0_4_0_fe_add(&t, &q); /* t = 2*x3 - Q: (4) */ + rustsecp256k1_v0_4_0_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*x3 - Q) (1) */ + rustsecp256k1_v0_4_0_fe_add(&t, &n); /* t = Ralt*(2*x3 - Q) + M^3*Malt (3) */ + rustsecp256k1_v0_4_0_fe_negate(&r->y, &t, 3); /* r->y = Ralt*(Q - 2x3) - M^3*Malt (4) */ + rustsecp256k1_v0_4_0_fe_normalize_weak(&r->y); + rustsecp256k1_v0_4_0_fe_mul_int(&r->x, 4); /* r->x = X3 = 4*(Ralt^2-Q) */ + rustsecp256k1_v0_4_0_fe_mul_int(&r->y, 4); /* r->y = Y3 = 4*Ralt*(Q - 2x3) - 4*M^3*Malt (4) */ /** In case a->infinity == 1, replace r with (b->x, b->y, 1). */ - rustsecp256k1_v0_3_1_fe_cmov(&r->x, &b->x, a->infinity); - rustsecp256k1_v0_3_1_fe_cmov(&r->y, &b->y, a->infinity); - rustsecp256k1_v0_3_1_fe_cmov(&r->z, &fe_1, a->infinity); + rustsecp256k1_v0_4_0_fe_cmov(&r->x, &b->x, a->infinity); + rustsecp256k1_v0_4_0_fe_cmov(&r->y, &b->y, a->infinity); + rustsecp256k1_v0_4_0_fe_cmov(&r->z, &fe_1, a->infinity); r->infinity = infinity; } -static void rustsecp256k1_v0_3_1_gej_rescale(rustsecp256k1_v0_3_1_gej *r, const rustsecp256k1_v0_3_1_fe *s) { +static void rustsecp256k1_v0_4_0_gej_rescale(rustsecp256k1_v0_4_0_gej *r, const rustsecp256k1_v0_4_0_fe *s) { /* Operations: 4 mul, 1 sqr */ - rustsecp256k1_v0_3_1_fe zz; - VERIFY_CHECK(!rustsecp256k1_v0_3_1_fe_is_zero(s)); - rustsecp256k1_v0_3_1_fe_sqr(&zz, s); - rustsecp256k1_v0_3_1_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ - rustsecp256k1_v0_3_1_fe_mul(&r->y, &r->y, &zz); - rustsecp256k1_v0_3_1_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ - rustsecp256k1_v0_3_1_fe_mul(&r->z, &r->z, s); /* r->z *= s */ + rustsecp256k1_v0_4_0_fe zz; + VERIFY_CHECK(!rustsecp256k1_v0_4_0_fe_is_zero(s)); + rustsecp256k1_v0_4_0_fe_sqr(&zz, s); + rustsecp256k1_v0_4_0_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ + rustsecp256k1_v0_4_0_fe_mul(&r->y, &r->y, &zz); + rustsecp256k1_v0_4_0_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ + rustsecp256k1_v0_4_0_fe_mul(&r->z, &r->z, s); /* r->z *= s */ } -static void rustsecp256k1_v0_3_1_ge_to_storage(rustsecp256k1_v0_3_1_ge_storage *r, const rustsecp256k1_v0_3_1_ge *a) { - rustsecp256k1_v0_3_1_fe x, y; +static void rustsecp256k1_v0_4_0_ge_to_storage(rustsecp256k1_v0_4_0_ge_storage *r, const rustsecp256k1_v0_4_0_ge *a) { + rustsecp256k1_v0_4_0_fe x, y; VERIFY_CHECK(!a->infinity); x = a->x; - rustsecp256k1_v0_3_1_fe_normalize(&x); + rustsecp256k1_v0_4_0_fe_normalize(&x); y = a->y; - rustsecp256k1_v0_3_1_fe_normalize(&y); - rustsecp256k1_v0_3_1_fe_to_storage(&r->x, &x); - rustsecp256k1_v0_3_1_fe_to_storage(&r->y, &y); + rustsecp256k1_v0_4_0_fe_normalize(&y); + rustsecp256k1_v0_4_0_fe_to_storage(&r->x, &x); + rustsecp256k1_v0_4_0_fe_to_storage(&r->y, &y); } -static void rustsecp256k1_v0_3_1_ge_from_storage(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge_storage *a) { - rustsecp256k1_v0_3_1_fe_from_storage(&r->x, &a->x); - rustsecp256k1_v0_3_1_fe_from_storage(&r->y, &a->y); +static void rustsecp256k1_v0_4_0_ge_from_storage(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge_storage *a) { + rustsecp256k1_v0_4_0_fe_from_storage(&r->x, &a->x); + rustsecp256k1_v0_4_0_fe_from_storage(&r->y, &a->y); r->infinity = 0; } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_ge_storage_cmov(rustsecp256k1_v0_3_1_ge_storage *r, const rustsecp256k1_v0_3_1_ge_storage *a, int flag) { - rustsecp256k1_v0_3_1_fe_storage_cmov(&r->x, &a->x, flag); - rustsecp256k1_v0_3_1_fe_storage_cmov(&r->y, &a->y, flag); +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_ge_storage_cmov(rustsecp256k1_v0_4_0_ge_storage *r, const rustsecp256k1_v0_4_0_ge_storage *a, int flag) { + rustsecp256k1_v0_4_0_fe_storage_cmov(&r->x, &a->x, flag); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r->y, &a->y, flag); } -#ifdef USE_ENDOMORPHISM -static void rustsecp256k1_v0_3_1_ge_mul_lambda(rustsecp256k1_v0_3_1_ge *r, const rustsecp256k1_v0_3_1_ge *a) { - static const rustsecp256k1_v0_3_1_fe beta = SECP256K1_FE_CONST( +static void rustsecp256k1_v0_4_0_ge_mul_lambda(rustsecp256k1_v0_4_0_ge *r, const rustsecp256k1_v0_4_0_ge *a) { + static const rustsecp256k1_v0_4_0_fe beta = SECP256K1_FE_CONST( 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul ); *r = *a; - rustsecp256k1_v0_3_1_fe_mul(&r->x, &r->x, &beta); + rustsecp256k1_v0_4_0_fe_mul(&r->x, &r->x, &beta); } -#endif -static int rustsecp256k1_v0_3_1_gej_has_quad_y_var(const rustsecp256k1_v0_3_1_gej *a) { - rustsecp256k1_v0_3_1_fe yz; +static int rustsecp256k1_v0_4_0_gej_has_quad_y_var(const rustsecp256k1_v0_4_0_gej *a) { + rustsecp256k1_v0_4_0_fe yz; if (a->infinity) { return 0; @@ -667,24 +665,24 @@ static int rustsecp256k1_v0_3_1_gej_has_quad_y_var(const rustsecp256k1_v0_3_1_ge /* We rely on the fact that the Jacobi symbol of 1 / a->z^3 is the same as * that of a->z. Thus a->y / a->z^3 is a quadratic residue iff a->y * a->z is */ - rustsecp256k1_v0_3_1_fe_mul(&yz, &a->y, &a->z); - return rustsecp256k1_v0_3_1_fe_is_quad_var(&yz); + rustsecp256k1_v0_4_0_fe_mul(&yz, &a->y, &a->z); + return rustsecp256k1_v0_4_0_fe_is_quad_var(&yz); } -static int rustsecp256k1_v0_3_1_ge_is_in_correct_subgroup(const rustsecp256k1_v0_3_1_ge* ge) { +static int rustsecp256k1_v0_4_0_ge_is_in_correct_subgroup(const rustsecp256k1_v0_4_0_ge* ge) { #ifdef EXHAUSTIVE_TEST_ORDER - rustsecp256k1_v0_3_1_gej out; + rustsecp256k1_v0_4_0_gej out; int i; - /* A very simple EC multiplication ladder that avoids a dependecy on ecmult. */ - rustsecp256k1_v0_3_1_gej_set_infinity(&out); + /* A very simple EC multiplication ladder that avoids a dependency on ecmult. */ + rustsecp256k1_v0_4_0_gej_set_infinity(&out); for (i = 0; i < 32; ++i) { - rustsecp256k1_v0_3_1_gej_double_var(&out, &out, NULL); + rustsecp256k1_v0_4_0_gej_double_var(&out, &out, NULL); if ((((uint32_t)EXHAUSTIVE_TEST_ORDER) >> (31 - i)) & 1) { - rustsecp256k1_v0_3_1_gej_add_ge_var(&out, &out, ge, NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&out, &out, ge, NULL); } } - return rustsecp256k1_v0_3_1_gej_is_infinity(&out); + return rustsecp256k1_v0_4_0_gej_is_infinity(&out); #else (void)ge; /* The real secp256k1 group has cofactor 1, so the subgroup is the entire curve. */ diff --git a/secp256k1-sys/depend/secp256k1/src/hash.h b/secp256k1-sys/depend/secp256k1/src/hash.h index 0f041b5b4..4d018c259 100644 --- a/secp256k1-sys/depend/secp256k1/src/hash.h +++ b/secp256k1-sys/depend/secp256k1/src/hash.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_HASH_H #define SECP256K1_HASH_H @@ -14,28 +14,28 @@ typedef struct { uint32_t s[8]; uint32_t buf[16]; /* In big endian */ size_t bytes; -} rustsecp256k1_v0_3_1_sha256; +} rustsecp256k1_v0_4_0_sha256; -static void rustsecp256k1_v0_3_1_sha256_initialize(rustsecp256k1_v0_3_1_sha256 *hash); -static void rustsecp256k1_v0_3_1_sha256_write(rustsecp256k1_v0_3_1_sha256 *hash, const unsigned char *data, size_t size); -static void rustsecp256k1_v0_3_1_sha256_finalize(rustsecp256k1_v0_3_1_sha256 *hash, unsigned char *out32); +static void rustsecp256k1_v0_4_0_sha256_initialize(rustsecp256k1_v0_4_0_sha256 *hash); +static void rustsecp256k1_v0_4_0_sha256_write(rustsecp256k1_v0_4_0_sha256 *hash, const unsigned char *data, size_t size); +static void rustsecp256k1_v0_4_0_sha256_finalize(rustsecp256k1_v0_4_0_sha256 *hash, unsigned char *out32); typedef struct { - rustsecp256k1_v0_3_1_sha256 inner, outer; -} rustsecp256k1_v0_3_1_hmac_sha256; + rustsecp256k1_v0_4_0_sha256 inner, outer; +} rustsecp256k1_v0_4_0_hmac_sha256; -static void rustsecp256k1_v0_3_1_hmac_sha256_initialize(rustsecp256k1_v0_3_1_hmac_sha256 *hash, const unsigned char *key, size_t size); -static void rustsecp256k1_v0_3_1_hmac_sha256_write(rustsecp256k1_v0_3_1_hmac_sha256 *hash, const unsigned char *data, size_t size); -static void rustsecp256k1_v0_3_1_hmac_sha256_finalize(rustsecp256k1_v0_3_1_hmac_sha256 *hash, unsigned char *out32); +static void rustsecp256k1_v0_4_0_hmac_sha256_initialize(rustsecp256k1_v0_4_0_hmac_sha256 *hash, const unsigned char *key, size_t size); +static void rustsecp256k1_v0_4_0_hmac_sha256_write(rustsecp256k1_v0_4_0_hmac_sha256 *hash, const unsigned char *data, size_t size); +static void rustsecp256k1_v0_4_0_hmac_sha256_finalize(rustsecp256k1_v0_4_0_hmac_sha256 *hash, unsigned char *out32); typedef struct { unsigned char v[32]; unsigned char k[32]; int retry; -} rustsecp256k1_v0_3_1_rfc6979_hmac_sha256; +} rustsecp256k1_v0_4_0_rfc6979_hmac_sha256; -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng); +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng); #endif /* SECP256K1_HASH_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/hash_impl.h b/secp256k1-sys/depend/secp256k1/src/hash_impl.h index 25f838077..44069928c 100644 --- a/secp256k1-sys/depend/secp256k1/src/hash_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/hash_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_HASH_IMPL_H #define SECP256K1_HASH_IMPL_H @@ -34,7 +34,7 @@ #define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) #endif -static void rustsecp256k1_v0_3_1_sha256_initialize(rustsecp256k1_v0_3_1_sha256 *hash) { +static void rustsecp256k1_v0_4_0_sha256_initialize(rustsecp256k1_v0_4_0_sha256 *hash) { hash->s[0] = 0x6a09e667ul; hash->s[1] = 0xbb67ae85ul; hash->s[2] = 0x3c6ef372ul; @@ -47,7 +47,7 @@ static void rustsecp256k1_v0_3_1_sha256_initialize(rustsecp256k1_v0_3_1_sha256 * } /** Perform one SHA-256 transformation, processing 16 big endian 32-bit words. */ -static void rustsecp256k1_v0_3_1_sha256_transform(uint32_t* s, const uint32_t* chunk) { +static void rustsecp256k1_v0_4_0_sha256_transform(uint32_t* s, const uint32_t* chunk) { uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; @@ -129,7 +129,7 @@ static void rustsecp256k1_v0_3_1_sha256_transform(uint32_t* s, const uint32_t* c s[7] += h; } -static void rustsecp256k1_v0_3_1_sha256_write(rustsecp256k1_v0_3_1_sha256 *hash, const unsigned char *data, size_t len) { +static void rustsecp256k1_v0_4_0_sha256_write(rustsecp256k1_v0_4_0_sha256 *hash, const unsigned char *data, size_t len) { size_t bufsize = hash->bytes & 0x3F; hash->bytes += len; VERIFY_CHECK(hash->bytes >= len); @@ -139,7 +139,7 @@ static void rustsecp256k1_v0_3_1_sha256_write(rustsecp256k1_v0_3_1_sha256 *hash, memcpy(((unsigned char*)hash->buf) + bufsize, data, chunk_len); data += chunk_len; len -= chunk_len; - rustsecp256k1_v0_3_1_sha256_transform(hash->s, hash->buf); + rustsecp256k1_v0_4_0_sha256_transform(hash->s, hash->buf); bufsize = 0; } if (len) { @@ -148,15 +148,15 @@ static void rustsecp256k1_v0_3_1_sha256_write(rustsecp256k1_v0_3_1_sha256 *hash, } } -static void rustsecp256k1_v0_3_1_sha256_finalize(rustsecp256k1_v0_3_1_sha256 *hash, unsigned char *out32) { +static void rustsecp256k1_v0_4_0_sha256_finalize(rustsecp256k1_v0_4_0_sha256 *hash, unsigned char *out32) { static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; uint32_t sizedesc[2]; uint32_t out[8]; int i = 0; sizedesc[0] = BE32(hash->bytes >> 29); sizedesc[1] = BE32(hash->bytes << 3); - rustsecp256k1_v0_3_1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); - rustsecp256k1_v0_3_1_sha256_write(hash, (const unsigned char*)sizedesc, 8); + rustsecp256k1_v0_4_0_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); + rustsecp256k1_v0_4_0_sha256_write(hash, (const unsigned char*)sizedesc, 8); for (i = 0; i < 8; i++) { out[i] = BE32(hash->s[i]); hash->s[i] = 0; @@ -166,60 +166,60 @@ static void rustsecp256k1_v0_3_1_sha256_finalize(rustsecp256k1_v0_3_1_sha256 *ha /* Initializes a sha256 struct and writes the 64 byte string * SHA256(tag)||SHA256(tag) into it. */ -static void rustsecp256k1_v0_3_1_sha256_initialize_tagged(rustsecp256k1_v0_3_1_sha256 *hash, const unsigned char *tag, size_t taglen) { +static void rustsecp256k1_v0_4_0_sha256_initialize_tagged(rustsecp256k1_v0_4_0_sha256 *hash, const unsigned char *tag, size_t taglen) { unsigned char buf[32]; - rustsecp256k1_v0_3_1_sha256_initialize(hash); - rustsecp256k1_v0_3_1_sha256_write(hash, tag, taglen); - rustsecp256k1_v0_3_1_sha256_finalize(hash, buf); + rustsecp256k1_v0_4_0_sha256_initialize(hash); + rustsecp256k1_v0_4_0_sha256_write(hash, tag, taglen); + rustsecp256k1_v0_4_0_sha256_finalize(hash, buf); - rustsecp256k1_v0_3_1_sha256_initialize(hash); - rustsecp256k1_v0_3_1_sha256_write(hash, buf, 32); - rustsecp256k1_v0_3_1_sha256_write(hash, buf, 32); + rustsecp256k1_v0_4_0_sha256_initialize(hash); + rustsecp256k1_v0_4_0_sha256_write(hash, buf, 32); + rustsecp256k1_v0_4_0_sha256_write(hash, buf, 32); } -static void rustsecp256k1_v0_3_1_hmac_sha256_initialize(rustsecp256k1_v0_3_1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { +static void rustsecp256k1_v0_4_0_hmac_sha256_initialize(rustsecp256k1_v0_4_0_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { size_t n; unsigned char rkey[64]; if (keylen <= sizeof(rkey)) { memcpy(rkey, key, keylen); memset(rkey + keylen, 0, sizeof(rkey) - keylen); } else { - rustsecp256k1_v0_3_1_sha256 sha256; - rustsecp256k1_v0_3_1_sha256_initialize(&sha256); - rustsecp256k1_v0_3_1_sha256_write(&sha256, key, keylen); - rustsecp256k1_v0_3_1_sha256_finalize(&sha256, rkey); + rustsecp256k1_v0_4_0_sha256 sha256; + rustsecp256k1_v0_4_0_sha256_initialize(&sha256); + rustsecp256k1_v0_4_0_sha256_write(&sha256, key, keylen); + rustsecp256k1_v0_4_0_sha256_finalize(&sha256, rkey); memset(rkey + 32, 0, 32); } - rustsecp256k1_v0_3_1_sha256_initialize(&hash->outer); + rustsecp256k1_v0_4_0_sha256_initialize(&hash->outer); for (n = 0; n < sizeof(rkey); n++) { rkey[n] ^= 0x5c; } - rustsecp256k1_v0_3_1_sha256_write(&hash->outer, rkey, sizeof(rkey)); + rustsecp256k1_v0_4_0_sha256_write(&hash->outer, rkey, sizeof(rkey)); - rustsecp256k1_v0_3_1_sha256_initialize(&hash->inner); + rustsecp256k1_v0_4_0_sha256_initialize(&hash->inner); for (n = 0; n < sizeof(rkey); n++) { rkey[n] ^= 0x5c ^ 0x36; } - rustsecp256k1_v0_3_1_sha256_write(&hash->inner, rkey, sizeof(rkey)); + rustsecp256k1_v0_4_0_sha256_write(&hash->inner, rkey, sizeof(rkey)); memset(rkey, 0, sizeof(rkey)); } -static void rustsecp256k1_v0_3_1_hmac_sha256_write(rustsecp256k1_v0_3_1_hmac_sha256 *hash, const unsigned char *data, size_t size) { - rustsecp256k1_v0_3_1_sha256_write(&hash->inner, data, size); +static void rustsecp256k1_v0_4_0_hmac_sha256_write(rustsecp256k1_v0_4_0_hmac_sha256 *hash, const unsigned char *data, size_t size) { + rustsecp256k1_v0_4_0_sha256_write(&hash->inner, data, size); } -static void rustsecp256k1_v0_3_1_hmac_sha256_finalize(rustsecp256k1_v0_3_1_hmac_sha256 *hash, unsigned char *out32) { +static void rustsecp256k1_v0_4_0_hmac_sha256_finalize(rustsecp256k1_v0_4_0_hmac_sha256 *hash, unsigned char *out32) { unsigned char temp[32]; - rustsecp256k1_v0_3_1_sha256_finalize(&hash->inner, temp); - rustsecp256k1_v0_3_1_sha256_write(&hash->outer, temp, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&hash->inner, temp); + rustsecp256k1_v0_4_0_sha256_write(&hash->outer, temp, 32); memset(temp, 0, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&hash->outer, out32); + rustsecp256k1_v0_4_0_sha256_finalize(&hash->outer, out32); } -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { - rustsecp256k1_v0_3_1_hmac_sha256 hmac; +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { + rustsecp256k1_v0_4_0_hmac_sha256 hmac; static const unsigned char zero[1] = {0x00}; static const unsigned char one[1] = {0x01}; @@ -227,47 +227,47 @@ static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0 memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ /* RFC6979 3.2.d. */ - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, zero, 1); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, key, keylen); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->v); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, zero, 1); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, key, keylen); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->k); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->v); /* RFC6979 3.2.f. */ - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, one, 1); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, key, keylen); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->v); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, one, 1); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, key, keylen); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->k); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->v); rng->retry = 0; } -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { /* RFC6979 3.2.h. */ static const unsigned char zero[1] = {0x00}; if (rng->retry) { - rustsecp256k1_v0_3_1_hmac_sha256 hmac; - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, zero, 1); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->v); + rustsecp256k1_v0_4_0_hmac_sha256 hmac; + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, zero, 1); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->k); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->v); } while (outlen > 0) { - rustsecp256k1_v0_3_1_hmac_sha256 hmac; + rustsecp256k1_v0_4_0_hmac_sha256 hmac; int now = outlen; - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hmac, rng->v); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hmac, rng->k, 32); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hmac, rng->v, 32); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hmac, rng->v); if (now > 32) { now = 32; } @@ -279,7 +279,7 @@ static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_3 rng->retry = 1; } -static void rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 *rng) { +static void rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 *rng) { memset(rng->k, 0, 32); memset(rng->v, 0, 32); rng->retry = 0; diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include index 9292ce135..84a6ba63d 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_3_1_ecdh.h +include_HEADERS += include/rustsecp256k1_v0_4_0_ecdh.h noinst_HEADERS += src/modules/ecdh/main_impl.h noinst_HEADERS += src/modules/ecdh/tests_impl.h if USE_BENCHMARK diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h index 22c8e2e94..39ff5dfe1 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_MODULE_ECDH_MAIN_H #define SECP256K1_MODULE_ECDH_MAIN_H @@ -12,26 +12,26 @@ static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x32, const unsigned char *y32, void *data) { unsigned char version = (y32[31] & 0x01) | 0x02; - rustsecp256k1_v0_3_1_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha; (void)data; - rustsecp256k1_v0_3_1_sha256_initialize(&sha); - rustsecp256k1_v0_3_1_sha256_write(&sha, &version, 1); - rustsecp256k1_v0_3_1_sha256_write(&sha, x32, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, output); + rustsecp256k1_v0_4_0_sha256_initialize(&sha); + rustsecp256k1_v0_4_0_sha256_write(&sha, &version, 1); + rustsecp256k1_v0_4_0_sha256_write(&sha, x32, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, output); return 1; } -const rustsecp256k1_v0_3_1_ecdh_hash_function rustsecp256k1_v0_3_1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; -const rustsecp256k1_v0_3_1_ecdh_hash_function rustsecp256k1_v0_3_1_ecdh_hash_function_default = ecdh_hash_function_sha256; +const rustsecp256k1_v0_4_0_ecdh_hash_function rustsecp256k1_v0_4_0_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; +const rustsecp256k1_v0_4_0_ecdh_hash_function rustsecp256k1_v0_4_0_ecdh_hash_function_default = ecdh_hash_function_sha256; -int rustsecp256k1_v0_3_1_ecdh(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output, const rustsecp256k1_v0_3_1_pubkey *point, const unsigned char *scalar, rustsecp256k1_v0_3_1_ecdh_hash_function hashfp, void *data) { +int rustsecp256k1_v0_4_0_ecdh(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, const rustsecp256k1_v0_4_0_pubkey *point, const unsigned char *scalar, rustsecp256k1_v0_4_0_ecdh_hash_function hashfp, void *data) { int ret = 0; int overflow = 0; - rustsecp256k1_v0_3_1_gej res; - rustsecp256k1_v0_3_1_ge pt; - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_gej res; + rustsecp256k1_v0_4_0_ge pt; + rustsecp256k1_v0_4_0_scalar s; unsigned char x[32]; unsigned char y[32]; @@ -41,29 +41,29 @@ int rustsecp256k1_v0_3_1_ecdh(const rustsecp256k1_v0_3_1_context* ctx, unsigned ARG_CHECK(scalar != NULL); if (hashfp == NULL) { - hashfp = rustsecp256k1_v0_3_1_ecdh_hash_function_default; + hashfp = rustsecp256k1_v0_4_0_ecdh_hash_function_default; } - rustsecp256k1_v0_3_1_pubkey_load(ctx, &pt, point); - rustsecp256k1_v0_3_1_scalar_set_b32(&s, scalar, &overflow); + rustsecp256k1_v0_4_0_pubkey_load(ctx, &pt, point); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, scalar, &overflow); - overflow |= rustsecp256k1_v0_3_1_scalar_is_zero(&s); - rustsecp256k1_v0_3_1_scalar_cmov(&s, &rustsecp256k1_v0_3_1_scalar_one, overflow); + overflow |= rustsecp256k1_v0_4_0_scalar_is_zero(&s); + rustsecp256k1_v0_4_0_scalar_cmov(&s, &rustsecp256k1_v0_4_0_scalar_one, overflow); - rustsecp256k1_v0_3_1_ecmult_const(&res, &pt, &s, 256); - rustsecp256k1_v0_3_1_ge_set_gej(&pt, &res); + rustsecp256k1_v0_4_0_ecmult_const(&res, &pt, &s, 256); + rustsecp256k1_v0_4_0_ge_set_gej(&pt, &res); /* Compute a hash of the point */ - rustsecp256k1_v0_3_1_fe_normalize(&pt.x); - rustsecp256k1_v0_3_1_fe_normalize(&pt.y); - rustsecp256k1_v0_3_1_fe_get_b32(x, &pt.x); - rustsecp256k1_v0_3_1_fe_get_b32(y, &pt.y); + rustsecp256k1_v0_4_0_fe_normalize(&pt.x); + rustsecp256k1_v0_4_0_fe_normalize(&pt.y); + rustsecp256k1_v0_4_0_fe_get_b32(x, &pt.x); + rustsecp256k1_v0_4_0_fe_get_b32(y, &pt.y); ret = hashfp(output, x, y, data); memset(x, 0, 32); memset(y, 0, 32); - rustsecp256k1_v0_3_1_scalar_clear(&s); + rustsecp256k1_v0_4_0_scalar_clear(&s); return !!ret & !overflow; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h index f41c1d658..b33d9d278 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_MODULE_ECDH_TESTS_H #define SECP256K1_MODULE_ECDH_TESTS_H @@ -26,71 +26,71 @@ int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, con void test_ecdh_api(void) { /* Setup context that just counts errors */ - rustsecp256k1_v0_3_1_context *tctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN); - rustsecp256k1_v0_3_1_pubkey point; + rustsecp256k1_v0_4_0_context *tctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN); + rustsecp256k1_v0_4_0_pubkey point; unsigned char res[32]; unsigned char s_one[32] = { 0 }; int32_t ecount = 0; s_one[31] = 1; - rustsecp256k1_v0_3_1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(tctx, &point, s_one) == 1); + rustsecp256k1_v0_4_0_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(tctx, &point, s_one) == 1); /* Check all NULLs are detected */ - CHECK(rustsecp256k1_v0_3_1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1); CHECK(ecount == 3); /* Cleanup */ - rustsecp256k1_v0_3_1_context_destroy(tctx); + rustsecp256k1_v0_4_0_context_destroy(tctx); } void test_ecdh_generator_basepoint(void) { unsigned char s_one[32] = { 0 }; - rustsecp256k1_v0_3_1_pubkey point[2]; + rustsecp256k1_v0_4_0_pubkey point[2]; int i; s_one[31] = 1; /* Check against pubkey creation when the basepoint is the generator */ for (i = 0; i < 100; ++i) { - rustsecp256k1_v0_3_1_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha; unsigned char s_b32[32]; unsigned char output_ecdh[65]; unsigned char output_ser[32]; unsigned char point_ser[65]; size_t point_ser_len = sizeof(point_ser); - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_scalar s; random_scalar_order(&s); - rustsecp256k1_v0_3_1_scalar_get_b32(s_b32, &s); + rustsecp256k1_v0_4_0_scalar_get_b32(s_b32, &s); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &point[0], s_one) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &point[0], s_one) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &point[1], s_b32) == 1); /* compute using ECDH function with custom hash function */ - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); /* compute "explicitly" */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); /* compare */ - CHECK(memcmp(output_ecdh, point_ser, 65) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(output_ecdh, point_ser, 65) == 0); /* compute using ECDH function with default hash function */ - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); /* compute "explicitly" */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); - rustsecp256k1_v0_3_1_sha256_initialize(&sha); - rustsecp256k1_v0_3_1_sha256_write(&sha, point_ser, point_ser_len); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, output_ser); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); + rustsecp256k1_v0_4_0_sha256_initialize(&sha); + rustsecp256k1_v0_4_0_sha256_write(&sha, point_ser, point_ser_len); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, output_ser); /* compare */ - CHECK(memcmp(output_ecdh, output_ser, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(output_ecdh, output_ser, 32) == 0); } } @@ -104,23 +104,23 @@ void test_bad_scalar(void) { }; unsigned char s_rand[32] = { 0 }; unsigned char output[32]; - rustsecp256k1_v0_3_1_scalar rand; - rustsecp256k1_v0_3_1_pubkey point; + rustsecp256k1_v0_4_0_scalar rand; + rustsecp256k1_v0_4_0_pubkey point; /* Create random point */ random_scalar_order(&rand); - rustsecp256k1_v0_3_1_scalar_get_b32(s_rand, &rand); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &point, s_rand) == 1); + rustsecp256k1_v0_4_0_scalar_get_b32(s_rand, &rand); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &point, s_rand) == 1); /* Try to multiply it by bad values */ - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); /* ...and a good one */ s_overflow[31] -= 1; - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); /* Hash function failure results in ecdh failure */ - CHECK(rustsecp256k1_v0_3_1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); } void run_ecdh_tests(void) { diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include index a8dd438fd..be2dbec51 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_3_1_extrakeys.h +include_HEADERS += include/rustsecp256k1_v0_4_0_extrakeys.h noinst_HEADERS += src/modules/extrakeys/tests_impl.h noinst_HEADERS += src/modules/extrakeys/tests_exhaustive_impl.h noinst_HEADERS += src/modules/extrakeys/main_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h index 824423c6e..80a718408 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_EXTRAKEYS_MAIN_ #define _SECP256K1_MODULE_EXTRAKEYS_MAIN_ @@ -10,137 +10,137 @@ #include "include/secp256k1.h" #include "include/secp256k1_extrakeys.h" -static SECP256K1_INLINE int rustsecp256k1_v0_3_1_xonly_pubkey_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ge *ge, const rustsecp256k1_v0_3_1_xonly_pubkey *pubkey) { - return rustsecp256k1_v0_3_1_pubkey_load(ctx, ge, (const rustsecp256k1_v0_3_1_pubkey *) pubkey); +static SECP256K1_INLINE int rustsecp256k1_v0_4_0_xonly_pubkey_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ge *ge, const rustsecp256k1_v0_4_0_xonly_pubkey *pubkey) { + return rustsecp256k1_v0_4_0_pubkey_load(ctx, ge, (const rustsecp256k1_v0_4_0_pubkey *) pubkey); } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_xonly_pubkey_save(rustsecp256k1_v0_3_1_xonly_pubkey *pubkey, rustsecp256k1_v0_3_1_ge *ge) { - rustsecp256k1_v0_3_1_pubkey_save((rustsecp256k1_v0_3_1_pubkey *) pubkey, ge); +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_xonly_pubkey_save(rustsecp256k1_v0_4_0_xonly_pubkey *pubkey, rustsecp256k1_v0_4_0_ge *ge) { + rustsecp256k1_v0_4_0_pubkey_save((rustsecp256k1_v0_4_0_pubkey *) pubkey, ge); } -int rustsecp256k1_v0_3_1_xonly_pubkey_parse(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_xonly_pubkey *pubkey, const unsigned char *input32) { - rustsecp256k1_v0_3_1_ge pk; - rustsecp256k1_v0_3_1_fe x; +int rustsecp256k1_v0_4_0_xonly_pubkey_parse(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_xonly_pubkey *pubkey, const unsigned char *input32) { + rustsecp256k1_v0_4_0_ge pk; + rustsecp256k1_v0_4_0_fe x; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(input32 != NULL); - if (!rustsecp256k1_v0_3_1_fe_set_b32(&x, input32)) { + if (!rustsecp256k1_v0_4_0_fe_set_b32(&x, input32)) { return 0; } - if (!rustsecp256k1_v0_3_1_ge_set_xo_var(&pk, &x, 0)) { + if (!rustsecp256k1_v0_4_0_ge_set_xo_var(&pk, &x, 0)) { return 0; } - if (!rustsecp256k1_v0_3_1_ge_is_in_correct_subgroup(&pk)) { + if (!rustsecp256k1_v0_4_0_ge_is_in_correct_subgroup(&pk)) { return 0; } - rustsecp256k1_v0_3_1_xonly_pubkey_save(pubkey, &pk); + rustsecp256k1_v0_4_0_xonly_pubkey_save(pubkey, &pk); return 1; } -int rustsecp256k1_v0_3_1_xonly_pubkey_serialize(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output32, const rustsecp256k1_v0_3_1_xonly_pubkey *pubkey) { - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_xonly_pubkey_serialize(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output32, const rustsecp256k1_v0_4_0_xonly_pubkey *pubkey) { + rustsecp256k1_v0_4_0_ge pk; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output32 != NULL); memset(output32, 0, 32); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_3_1_xonly_pubkey_load(ctx, &pk, pubkey)) { + if (!rustsecp256k1_v0_4_0_xonly_pubkey_load(ctx, &pk, pubkey)) { return 0; } - rustsecp256k1_v0_3_1_fe_get_b32(output32, &pk.x); + rustsecp256k1_v0_4_0_fe_get_b32(output32, &pk.x); return 1; } /** Keeps a group element as is if it has an even Y and otherwise negates it. * y_parity is set to 0 in the former case and to 1 in the latter case. * Requires that the coordinates of r are normalized. */ -static int rustsecp256k1_v0_3_1_extrakeys_ge_even_y(rustsecp256k1_v0_3_1_ge *r) { +static int rustsecp256k1_v0_4_0_extrakeys_ge_even_y(rustsecp256k1_v0_4_0_ge *r) { int y_parity = 0; - VERIFY_CHECK(!rustsecp256k1_v0_3_1_ge_is_infinity(r)); + VERIFY_CHECK(!rustsecp256k1_v0_4_0_ge_is_infinity(r)); - if (rustsecp256k1_v0_3_1_fe_is_odd(&r->y)) { - rustsecp256k1_v0_3_1_fe_negate(&r->y, &r->y, 1); + if (rustsecp256k1_v0_4_0_fe_is_odd(&r->y)) { + rustsecp256k1_v0_4_0_fe_negate(&r->y, &r->y, 1); y_parity = 1; } return y_parity; } -int rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_xonly_pubkey *xonly_pubkey, int *pk_parity, const rustsecp256k1_v0_3_1_pubkey *pubkey) { - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_xonly_pubkey *xonly_pubkey, int *pk_parity, const rustsecp256k1_v0_4_0_pubkey *pubkey) { + rustsecp256k1_v0_4_0_ge pk; int tmp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(xonly_pubkey != NULL); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_3_1_pubkey_load(ctx, &pk, pubkey)) { + if (!rustsecp256k1_v0_4_0_pubkey_load(ctx, &pk, pubkey)) { return 0; } - tmp = rustsecp256k1_v0_3_1_extrakeys_ge_even_y(&pk); + tmp = rustsecp256k1_v0_4_0_extrakeys_ge_even_y(&pk); if (pk_parity != NULL) { *pk_parity = tmp; } - rustsecp256k1_v0_3_1_xonly_pubkey_save(xonly_pubkey, &pk); + rustsecp256k1_v0_4_0_xonly_pubkey_save(xonly_pubkey, &pk); return 1; } -int rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *output_pubkey, const rustsecp256k1_v0_3_1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *output_pubkey, const rustsecp256k1_v0_4_0_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge pk; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output_pubkey != NULL); memset(output_pubkey, 0, sizeof(*output_pubkey)); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(internal_pubkey != NULL); ARG_CHECK(tweak32 != NULL); - if (!rustsecp256k1_v0_3_1_xonly_pubkey_load(ctx, &pk, internal_pubkey) - || !rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32)) { + if (!rustsecp256k1_v0_4_0_xonly_pubkey_load(ctx, &pk, internal_pubkey) + || !rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32)) { return 0; } - rustsecp256k1_v0_3_1_pubkey_save(output_pubkey, &pk); + rustsecp256k1_v0_4_0_pubkey_save(output_pubkey, &pk); return 1; } -int rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(const rustsecp256k1_v0_3_1_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const rustsecp256k1_v0_3_1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const rustsecp256k1_v0_4_0_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge pk; unsigned char pk_expected32[32]; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(internal_pubkey != NULL); ARG_CHECK(tweaked_pubkey32 != NULL); ARG_CHECK(tweak32 != NULL); - if (!rustsecp256k1_v0_3_1_xonly_pubkey_load(ctx, &pk, internal_pubkey) - || !rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32)) { + if (!rustsecp256k1_v0_4_0_xonly_pubkey_load(ctx, &pk, internal_pubkey) + || !rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32)) { return 0; } - rustsecp256k1_v0_3_1_fe_normalize_var(&pk.x); - rustsecp256k1_v0_3_1_fe_normalize_var(&pk.y); - rustsecp256k1_v0_3_1_fe_get_b32(pk_expected32, &pk.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&pk.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&pk.y); + rustsecp256k1_v0_4_0_fe_get_b32(pk_expected32, &pk.x); - return memcmp(&pk_expected32, tweaked_pubkey32, 32) == 0 - && rustsecp256k1_v0_3_1_fe_is_odd(&pk.y) == tweaked_pk_parity; + return rustsecp256k1_v0_4_0_memcmp_var(&pk_expected32, tweaked_pubkey32, 32) == 0 + && rustsecp256k1_v0_4_0_fe_is_odd(&pk.y) == tweaked_pk_parity; } -static void rustsecp256k1_v0_3_1_keypair_save(rustsecp256k1_v0_3_1_keypair *keypair, const rustsecp256k1_v0_3_1_scalar *sk, rustsecp256k1_v0_3_1_ge *pk) { - rustsecp256k1_v0_3_1_scalar_get_b32(&keypair->data[0], sk); - rustsecp256k1_v0_3_1_pubkey_save((rustsecp256k1_v0_3_1_pubkey *)&keypair->data[32], pk); +static void rustsecp256k1_v0_4_0_keypair_save(rustsecp256k1_v0_4_0_keypair *keypair, const rustsecp256k1_v0_4_0_scalar *sk, rustsecp256k1_v0_4_0_ge *pk) { + rustsecp256k1_v0_4_0_scalar_get_b32(&keypair->data[0], sk); + rustsecp256k1_v0_4_0_pubkey_save((rustsecp256k1_v0_4_0_pubkey *)&keypair->data[32], pk); } -static int rustsecp256k1_v0_3_1_keypair_seckey_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar *sk, const rustsecp256k1_v0_3_1_keypair *keypair) { +static int rustsecp256k1_v0_4_0_keypair_seckey_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar *sk, const rustsecp256k1_v0_4_0_keypair *keypair) { int ret; - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(sk, &keypair->data[0]); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(sk, &keypair->data[0]); /* We can declassify ret here because sk is only zero if a keypair function * failed (which zeroes the keypair) and its return value is ignored. */ - rustsecp256k1_v0_3_1_declassify(ctx, &ret, sizeof(ret)); + rustsecp256k1_v0_4_0_declassify(ctx, &ret, sizeof(ret)); ARG_CHECK(ret); return ret; } @@ -148,45 +148,45 @@ static int rustsecp256k1_v0_3_1_keypair_seckey_load(const rustsecp256k1_v0_3_1_c /* Load a keypair into pk and sk (if non-NULL). This function declassifies pk * and ARG_CHECKs that the keypair is not invalid. It always initializes sk and * pk with dummy values. */ -static int rustsecp256k1_v0_3_1_keypair_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar *sk, rustsecp256k1_v0_3_1_ge *pk, const rustsecp256k1_v0_3_1_keypair *keypair) { +static int rustsecp256k1_v0_4_0_keypair_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar *sk, rustsecp256k1_v0_4_0_ge *pk, const rustsecp256k1_v0_4_0_keypair *keypair) { int ret; - const rustsecp256k1_v0_3_1_pubkey *pubkey = (const rustsecp256k1_v0_3_1_pubkey *)&keypair->data[32]; + const rustsecp256k1_v0_4_0_pubkey *pubkey = (const rustsecp256k1_v0_4_0_pubkey *)&keypair->data[32]; /* Need to declassify the pubkey because pubkey_load ARG_CHECKs if it's * invalid. */ - rustsecp256k1_v0_3_1_declassify(ctx, pubkey, sizeof(*pubkey)); - ret = rustsecp256k1_v0_3_1_pubkey_load(ctx, pk, pubkey); + rustsecp256k1_v0_4_0_declassify(ctx, pubkey, sizeof(*pubkey)); + ret = rustsecp256k1_v0_4_0_pubkey_load(ctx, pk, pubkey); if (sk != NULL) { - ret = ret && rustsecp256k1_v0_3_1_keypair_seckey_load(ctx, sk, keypair); + ret = ret && rustsecp256k1_v0_4_0_keypair_seckey_load(ctx, sk, keypair); } if (!ret) { - *pk = rustsecp256k1_v0_3_1_ge_const_g; + *pk = rustsecp256k1_v0_4_0_ge_const_g; if (sk != NULL) { - *sk = rustsecp256k1_v0_3_1_scalar_one; + *sk = rustsecp256k1_v0_4_0_scalar_one; } } return ret; } -int rustsecp256k1_v0_3_1_keypair_create(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_keypair *keypair, const unsigned char *seckey32) { - rustsecp256k1_v0_3_1_scalar sk; - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_keypair_create(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_keypair *keypair, const unsigned char *seckey32) { + rustsecp256k1_v0_4_0_scalar sk; + rustsecp256k1_v0_4_0_ge pk; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(keypair != NULL); memset(keypair, 0, sizeof(*keypair)); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey32 != NULL); - ret = rustsecp256k1_v0_3_1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32); - rustsecp256k1_v0_3_1_keypair_save(keypair, &sk, &pk); - memczero(keypair, sizeof(*keypair), !ret); + ret = rustsecp256k1_v0_4_0_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32); + rustsecp256k1_v0_4_0_keypair_save(keypair, &sk, &pk); + rustsecp256k1_v0_4_0_memczero(keypair, sizeof(*keypair), !ret); - rustsecp256k1_v0_3_1_scalar_clear(&sk); + rustsecp256k1_v0_4_0_scalar_clear(&sk); return ret; } -int rustsecp256k1_v0_3_1_keypair_pub(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const rustsecp256k1_v0_3_1_keypair *keypair) { +int rustsecp256k1_v0_4_0_keypair_pub(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const rustsecp256k1_v0_4_0_keypair *keypair) { VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); @@ -196,8 +196,8 @@ int rustsecp256k1_v0_3_1_keypair_pub(const rustsecp256k1_v0_3_1_context* ctx, ru return 1; } -int rustsecp256k1_v0_3_1_keypair_xonly_pub(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_xonly_pubkey *pubkey, int *pk_parity, const rustsecp256k1_v0_3_1_keypair *keypair) { - rustsecp256k1_v0_3_1_ge pk; +int rustsecp256k1_v0_4_0_keypair_xonly_pub(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_xonly_pubkey *pubkey, int *pk_parity, const rustsecp256k1_v0_4_0_keypair *keypair) { + rustsecp256k1_v0_4_0_ge pk; int tmp; VERIFY_CHECK(ctx != NULL); @@ -205,46 +205,46 @@ int rustsecp256k1_v0_3_1_keypair_xonly_pub(const rustsecp256k1_v0_3_1_context* c memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(keypair != NULL); - if (!rustsecp256k1_v0_3_1_keypair_load(ctx, NULL, &pk, keypair)) { + if (!rustsecp256k1_v0_4_0_keypair_load(ctx, NULL, &pk, keypair)) { return 0; } - tmp = rustsecp256k1_v0_3_1_extrakeys_ge_even_y(&pk); + tmp = rustsecp256k1_v0_4_0_extrakeys_ge_even_y(&pk); if (pk_parity != NULL) { *pk_parity = tmp; } - rustsecp256k1_v0_3_1_xonly_pubkey_save(pubkey, &pk); + rustsecp256k1_v0_4_0_xonly_pubkey_save(pubkey, &pk); return 1; } -int rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_keypair *keypair, const unsigned char *tweak32) { - rustsecp256k1_v0_3_1_ge pk; - rustsecp256k1_v0_3_1_scalar sk; +int rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_keypair *keypair, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge pk; + rustsecp256k1_v0_4_0_scalar sk; int y_parity; int ret; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(keypair != NULL); ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_3_1_keypair_load(ctx, &sk, &pk, keypair); + ret = rustsecp256k1_v0_4_0_keypair_load(ctx, &sk, &pk, keypair); memset(keypair, 0, sizeof(*keypair)); - y_parity = rustsecp256k1_v0_3_1_extrakeys_ge_even_y(&pk); + y_parity = rustsecp256k1_v0_4_0_extrakeys_ge_even_y(&pk); if (y_parity == 1) { - rustsecp256k1_v0_3_1_scalar_negate(&sk, &sk); + rustsecp256k1_v0_4_0_scalar_negate(&sk, &sk); } - ret &= rustsecp256k1_v0_3_1_ec_seckey_tweak_add_helper(&sk, tweak32); - ret &= rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32); + ret &= rustsecp256k1_v0_4_0_ec_seckey_tweak_add_helper(&sk, tweak32); + ret &= rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &pk, tweak32); - rustsecp256k1_v0_3_1_declassify(ctx, &ret, sizeof(ret)); + rustsecp256k1_v0_4_0_declassify(ctx, &ret, sizeof(ret)); if (ret) { - rustsecp256k1_v0_3_1_keypair_save(keypair, &sk, &pk); + rustsecp256k1_v0_4_0_keypair_save(keypair, &sk, &pk); } - rustsecp256k1_v0_3_1_scalar_clear(&sk); + rustsecp256k1_v0_4_0_scalar_clear(&sk); return ret; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h index 727a8ae5a..f137086c3 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_ #define _SECP256K1_MODULE_EXTRAKEYS_TESTS_EXHAUSTIVE_ @@ -10,54 +10,54 @@ #include "src/modules/extrakeys/main_impl.h" #include "include/secp256k1_extrakeys.h" -static void test_exhaustive_extrakeys(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge* group) { - rustsecp256k1_v0_3_1_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_3_1_pubkey pubkey[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; +static void test_exhaustive_extrakeys(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge* group) { + rustsecp256k1_v0_4_0_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; + rustsecp256k1_v0_4_0_pubkey pubkey[EXHAUSTIVE_TEST_ORDER - 1]; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; int parities[EXHAUSTIVE_TEST_ORDER - 1]; unsigned char xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - 1][32]; int i; for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_fe fe; - rustsecp256k1_v0_3_1_scalar scalar_i; + rustsecp256k1_v0_4_0_fe fe; + rustsecp256k1_v0_4_0_scalar scalar_i; unsigned char buf[33]; int parity; - rustsecp256k1_v0_3_1_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_3_1_scalar_get_b32(buf, &scalar_i); + rustsecp256k1_v0_4_0_scalar_set_int(&scalar_i, i); + rustsecp256k1_v0_4_0_scalar_get_b32(buf, &scalar_i); /* Construct pubkey and keypair. */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair[i - 1], buf)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey[i - 1], buf)); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair[i - 1], buf)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey[i - 1], buf)); /* Construct serialized xonly_pubkey from keypair. */ - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parities[i - 1], &keypair[i - 1])); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parities[i - 1], &keypair[i - 1])); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); /* Parse the xonly_pubkey back and verify it matches the previously serialized value. */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &xonly_pubkey[i - 1], xonly_pubkey_bytes[i - 1])); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); - CHECK(memcmp(xonly_pubkey_bytes[i - 1], buf, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &xonly_pubkey[i - 1], xonly_pubkey_bytes[i - 1])); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); /* Construct the xonly_pubkey from the pubkey, and verify it matches the same. */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pubkey[i - 1], &parity, &pubkey[i - 1])); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pubkey[i - 1], &parity, &pubkey[i - 1])); CHECK(parity == parities[i - 1]); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); - CHECK(memcmp(xonly_pubkey_bytes[i - 1], buf, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); /* Compare the xonly_pubkey bytes against the precomputed group. */ - rustsecp256k1_v0_3_1_fe_set_b32(&fe, xonly_pubkey_bytes[i - 1]); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&fe, &group[i].x)); + rustsecp256k1_v0_4_0_fe_set_b32(&fe, xonly_pubkey_bytes[i - 1]); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&fe, &group[i].x)); /* Check the parity against the precomputed group. */ fe = group[i].y; - rustsecp256k1_v0_3_1_fe_normalize_var(&fe); - CHECK(rustsecp256k1_v0_3_1_fe_is_odd(&fe) == parities[i - 1]); + rustsecp256k1_v0_4_0_fe_normalize_var(&fe); + CHECK(rustsecp256k1_v0_4_0_fe_is_odd(&fe) == parities[i - 1]); /* Verify that the higher half is identical to the lower half mirrored. */ if (i > EXHAUSTIVE_TEST_ORDER / 2) { - CHECK(memcmp(xonly_pubkey_bytes[i - 1], xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - i - 1], 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(xonly_pubkey_bytes[i - 1], xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - i - 1], 32) == 0); CHECK(parities[i - 1] == 1 - parities[EXHAUSTIVE_TEST_ORDER - i - 1]); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h index 089dcbcce..ddbe5e3e4 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h @@ -1,27 +1,27 @@ -/********************************************************************** - * Copyright (c) 2020 Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_EXTRAKEYS_TESTS_ #define _SECP256K1_MODULE_EXTRAKEYS_TESTS_ #include "secp256k1_extrakeys.h" -static rustsecp256k1_v0_3_1_context* api_test_context(int flags, int *ecount) { - rustsecp256k1_v0_3_1_context *ctx0 = rustsecp256k1_v0_3_1_context_create(flags); - rustsecp256k1_v0_3_1_context_set_error_callback(ctx0, counting_illegal_callback_fn, ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx0, counting_illegal_callback_fn, ecount); +static rustsecp256k1_v0_4_0_context* api_test_context(int flags, int *ecount) { + rustsecp256k1_v0_4_0_context *ctx0 = rustsecp256k1_v0_4_0_context_create(flags); + rustsecp256k1_v0_4_0_context_set_error_callback(ctx0, counting_illegal_callback_fn, ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx0, counting_illegal_callback_fn, ecount); return ctx0; } void test_xonly_pubkey(void) { - rustsecp256k1_v0_3_1_pubkey pk; - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pk, xonly_pk_tmp; - rustsecp256k1_v0_3_1_ge pk1; - rustsecp256k1_v0_3_1_ge pk2; - rustsecp256k1_v0_3_1_fe y; + rustsecp256k1_v0_4_0_pubkey pk; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pk, xonly_pk_tmp; + rustsecp256k1_v0_4_0_ge pk1; + rustsecp256k1_v0_4_0_ge pk2; + rustsecp256k1_v0_4_0_fe y; unsigned char sk[32]; unsigned char xy_sk[32]; unsigned char buf32[32]; @@ -31,249 +31,249 @@ void test_xonly_pubkey(void) { int i; int ecount; - rustsecp256k1_v0_3_1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); - rustsecp256k1_v0_3_1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); - rustsecp256k1_v0_3_1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); + rustsecp256k1_v0_4_0_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); + rustsecp256k1_v0_4_0_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); + rustsecp256k1_v0_4_0_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); - rustsecp256k1_v0_3_1_testrand256(sk); + rustsecp256k1_v0_4_0_testrand256(sk); memset(ones32, 0xFF, 32); - rustsecp256k1_v0_3_1_testrand256(xy_sk); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(sign, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); + rustsecp256k1_v0_4_0_testrand256(xy_sk); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(sign, &pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); /* Test xonly_pubkey_from_pubkey */ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(sign, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(verify, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, NULL, &pk_parity, &pk) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(sign, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(verify, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, NULL, &pk_parity, &pk) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, NULL) == 0); CHECK(ecount == 2); memset(&pk, 0, sizeof(pk)); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 0); CHECK(ecount == 3); /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */ memset(sk, 0, sizeof(sk)); sk[0] = 1; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(memcmp(&pk, &xonly_pk, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); CHECK(pk_parity == 0); /* Choose a secret key such that pubkey and xonly_pubkey are each others * negation. */ sk[0] = 2; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(memcmp(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); CHECK(pk_parity == 1); - rustsecp256k1_v0_3_1_pubkey_load(ctx, &pk1, &pk); - rustsecp256k1_v0_3_1_pubkey_load(ctx, &pk2, (rustsecp256k1_v0_3_1_pubkey *) &xonly_pk); - CHECK(rustsecp256k1_v0_3_1_fe_equal(&pk1.x, &pk2.x) == 1); - rustsecp256k1_v0_3_1_fe_negate(&y, &pk2.y, 1); - CHECK(rustsecp256k1_v0_3_1_fe_equal(&pk1.y, &y) == 1); + rustsecp256k1_v0_4_0_pubkey_load(ctx, &pk1, &pk); + rustsecp256k1_v0_4_0_pubkey_load(ctx, &pk2, (rustsecp256k1_v0_4_0_pubkey *) &xonly_pk); + CHECK(rustsecp256k1_v0_4_0_fe_equal(&pk1.x, &pk2.x) == 1); + rustsecp256k1_v0_4_0_fe_negate(&y, &pk2.y, 1); + CHECK(rustsecp256k1_v0_4_0_fe_equal(&pk1.y, &y) == 1); /* Test xonly_pubkey_serialize and xonly_pubkey_parse */ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(none, NULL, &xonly_pk) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(none, NULL, &xonly_pk) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(none, buf32, NULL) == 0); - CHECK(memcmp(buf32, zeros64, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(none, buf32, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(buf32, zeros64, 32) == 0); CHECK(ecount == 2); { /* A pubkey filled with 0s will fail to serialize due to pubkey_load * special casing. */ - rustsecp256k1_v0_3_1_xonly_pubkey pk_tmp; + rustsecp256k1_v0_4_0_xonly_pubkey pk_tmp; memset(&pk_tmp, 0, sizeof(pk_tmp)); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(none, buf32, &pk_tmp) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(none, buf32, &pk_tmp) == 0); } /* pubkey_load called illegal callback */ CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(none, buf32, &xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(none, buf32, &xonly_pk) == 1); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(none, NULL, buf32) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(none, NULL, buf32) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(none, &xonly_pk, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(none, &xonly_pk, NULL) == 0); CHECK(ecount == 2); /* Serialization and parse roundtrip */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &xonly_pk_tmp, buf32) == 1); - CHECK(memcmp(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &xonly_pk_tmp, buf32) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); /* Test parsing invalid field elements */ memset(&xonly_pk, 1, sizeof(xonly_pk)); /* Overflowing field element */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(none, &xonly_pk, ones32) == 0); - CHECK(memcmp(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(none, &xonly_pk, ones32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); memset(&xonly_pk, 1, sizeof(xonly_pk)); /* There's no point with x-coordinate 0 on secp256k1 */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(none, &xonly_pk, zeros64) == 0); - CHECK(memcmp(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(none, &xonly_pk, zeros64) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); /* If a random 32-byte string can not be parsed with ec_pubkey_parse * (because interpreted as X coordinate it does not correspond to a point on * the curve) then xonly_pubkey_parse should fail as well. */ for (i = 0; i < count; i++) { unsigned char rand33[33]; - rustsecp256k1_v0_3_1_testrand256(&rand33[1]); + rustsecp256k1_v0_4_0_testrand256(&rand33[1]); rand33[0] = SECP256K1_TAG_PUBKEY_EVEN; - if (!rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pk, rand33, 33)) { + if (!rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pk, rand33, 33)) { memset(&xonly_pk, 1, sizeof(xonly_pk)); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 0); - CHECK(memcmp(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); } else { - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 1); } } CHECK(ecount == 2); - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(verify); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(verify); } void test_xonly_pubkey_tweak(void) { unsigned char zeros64[64] = { 0 }; unsigned char overflows[32]; unsigned char sk[32]; - rustsecp256k1_v0_3_1_pubkey internal_pk; - rustsecp256k1_v0_3_1_xonly_pubkey internal_xonly_pk; - rustsecp256k1_v0_3_1_pubkey output_pk; + rustsecp256k1_v0_4_0_pubkey internal_pk; + rustsecp256k1_v0_4_0_xonly_pubkey internal_xonly_pk; + rustsecp256k1_v0_4_0_pubkey output_pk; int pk_parity; unsigned char tweak[32]; int i; int ecount; - rustsecp256k1_v0_3_1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); - rustsecp256k1_v0_3_1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); - rustsecp256k1_v0_3_1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); + rustsecp256k1_v0_4_0_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); + rustsecp256k1_v0_4_0_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); + rustsecp256k1_v0_4_0_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); memset(overflows, 0xff, sizeof(overflows)); - rustsecp256k1_v0_3_1_testrand256(tweak); - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + rustsecp256k1_v0_4_0_testrand256(tweak); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &internal_pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(none, &output_pk, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(none, &output_pk, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(sign, &output_pk, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(sign, &output_pk, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, NULL, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, NULL, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, NULL, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, NULL, tweak) == 0); CHECK(ecount == 4); /* NULL internal_xonly_pk zeroes the output_pk */ - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, NULL) == 0); CHECK(ecount == 5); /* NULL tweak zeroes the output_pk */ - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* Invalid tweak zeroes the output_pk */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, overflows) == 0); - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* A zero tweak is fine */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, zeros64) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, zeros64) == 1); /* Fails if the resulting key was infinity */ for (i = 0; i < count; i++) { - rustsecp256k1_v0_3_1_scalar scalar_tweak; + rustsecp256k1_v0_4_0_scalar scalar_tweak; /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar_tweak, sk, NULL); - rustsecp256k1_v0_3_1_scalar_negate(&scalar_tweak, &scalar_tweak); - rustsecp256k1_v0_3_1_scalar_get_b32(tweak, &scalar_tweak); - CHECK((rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, sk) == 0) - || (rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0)); - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar_tweak, sk, NULL); + rustsecp256k1_v0_4_0_scalar_negate(&scalar_tweak, &scalar_tweak); + rustsecp256k1_v0_4_0_scalar_get_b32(tweak, &scalar_tweak); + CHECK((rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, sk) == 0) + || (rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } /* Invalid pk with a valid tweak */ memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk)); - rustsecp256k1_v0_3_1_testrand256(tweak); + rustsecp256k1_v0_4_0_testrand256(tweak); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(verify); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(verify); } void test_xonly_pubkey_tweak_check(void) { unsigned char zeros64[64] = { 0 }; unsigned char overflows[32]; unsigned char sk[32]; - rustsecp256k1_v0_3_1_pubkey internal_pk; - rustsecp256k1_v0_3_1_xonly_pubkey internal_xonly_pk; - rustsecp256k1_v0_3_1_pubkey output_pk; - rustsecp256k1_v0_3_1_xonly_pubkey output_xonly_pk; + rustsecp256k1_v0_4_0_pubkey internal_pk; + rustsecp256k1_v0_4_0_xonly_pubkey internal_xonly_pk; + rustsecp256k1_v0_4_0_pubkey output_pk; + rustsecp256k1_v0_4_0_xonly_pubkey output_xonly_pk; unsigned char output_pk32[32]; unsigned char buf32[32]; int pk_parity; unsigned char tweak[32]; int ecount; - rustsecp256k1_v0_3_1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); - rustsecp256k1_v0_3_1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); - rustsecp256k1_v0_3_1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); + rustsecp256k1_v0_4_0_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); + rustsecp256k1_v0_4_0_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); + rustsecp256k1_v0_4_0_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); memset(overflows, 0xff, sizeof(overflows)); - rustsecp256k1_v0_3_1_testrand256(tweak); - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + rustsecp256k1_v0_4_0_testrand256(tweak); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &internal_pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(verify, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, buf32, &output_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(none, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(verify, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, buf32, &output_xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(none, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(sign, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(sign, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(verify, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(verify, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 3); /* invalid pk_parity value */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(verify, buf32, 2, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(verify, buf32, 2, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, NULL, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, NULL, tweak) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); CHECK(ecount == 5); memset(tweak, 1, sizeof(tweak)); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, NULL, &internal_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, output_pk32, &output_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, NULL, &internal_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, output_pk32, &output_xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); /* Wrong pk_parity */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); /* Wrong public key */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, buf32, &internal_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, buf32, &internal_xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); /* Overflowing tweak not allowed */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); - CHECK(memcmp(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); CHECK(ecount == 5); - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(verify); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(verify); } /* Starts with an initial pubkey and recursively creates N_PUBKEYS - 1 @@ -282,29 +282,29 @@ void test_xonly_pubkey_tweak_check(void) { #define N_PUBKEYS 32 void test_xonly_pubkey_tweak_recursive(void) { unsigned char sk[32]; - rustsecp256k1_v0_3_1_pubkey pk[N_PUBKEYS]; + rustsecp256k1_v0_4_0_pubkey pk[N_PUBKEYS]; unsigned char pk_serialized[32]; unsigned char tweak[N_PUBKEYS - 1][32]; int i; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pk[0], sk) == 1); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pk[0], sk) == 1); /* Add tweaks */ for (i = 0; i < N_PUBKEYS - 1; i++) { - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pk; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pk; memset(tweak[i], i + 1, sizeof(tweak[i])); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i]) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(ctx, &pk[i + 1], &xonly_pk, tweak[i]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(ctx, &pk[i + 1], &xonly_pk, tweak[i]) == 1); } /* Verify tweaks */ for (i = N_PUBKEYS - 1; i > 0; i--) { - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pk; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pk; int pk_parity; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk[i]) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, pk_serialized, &xonly_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i - 1]) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk[i]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, pk_serialized, &xonly_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i - 1]) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); } } #undef N_PUBKEYS @@ -313,200 +313,200 @@ void test_keypair(void) { unsigned char sk[32]; unsigned char zeros96[96] = { 0 }; unsigned char overflows[32]; - rustsecp256k1_v0_3_1_keypair keypair; - rustsecp256k1_v0_3_1_pubkey pk, pk_tmp; - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pk, xonly_pk_tmp; + rustsecp256k1_v0_4_0_keypair keypair; + rustsecp256k1_v0_4_0_pubkey pk, pk_tmp; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pk, xonly_pk_tmp; int pk_parity, pk_parity_tmp; int ecount; - rustsecp256k1_v0_3_1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); - rustsecp256k1_v0_3_1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); - rustsecp256k1_v0_3_1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); + rustsecp256k1_v0_4_0_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); + rustsecp256k1_v0_4_0_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); + rustsecp256k1_v0_4_0_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); CHECK(sizeof(zeros96) == sizeof(keypair)); memset(overflows, 0xFF, sizeof(overflows)); /* Test keypair_create */ ecount = 0; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(none, &keypair, sk) == 0); - CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(none, &keypair, sk) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(verify, &keypair, sk) == 0); - CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(verify, &keypair, sk) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, NULL, sk) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, NULL, sk) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, NULL) == 0); - CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); CHECK(ecount == 4); /* Invalid secret key */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, zeros96) == 0); - CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, overflows) == 0); - CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, zeros96) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, overflows) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); /* Test keypair_pub */ ecount = 0; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_pub(none, &pk, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_pub(none, NULL, &keypair) == 0); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(none, &pk, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(none, NULL, &keypair) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_pub(none, &pk, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(none, &pk, NULL) == 0); CHECK(ecount == 2); - CHECK(memcmp(zeros96, &pk, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* Using an invalid keypair is fine for keypair_pub */ memset(&keypair, 0, sizeof(keypair)); - CHECK(rustsecp256k1_v0_3_1_keypair_pub(none, &pk, &keypair) == 1); - CHECK(memcmp(zeros96, &pk, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(none, &pk, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* keypair holds the same pubkey as pubkey_create */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(sign, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_pub(none, &pk_tmp, &keypair) == 1); - CHECK(memcmp(&pk, &pk_tmp, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(sign, &pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(none, &pk_tmp, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); /** Test keypair_xonly_pub **/ ecount = 0; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, NULL, &pk_parity, &keypair) == 0); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, NULL, &pk_parity, &keypair) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk, NULL, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk, NULL, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk, &pk_parity, NULL) == 0); CHECK(ecount == 2); - CHECK(memcmp(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); /* Using an invalid keypair will set the xonly_pk to 0 (first reset * xonly_pk). */ - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1); memset(&keypair, 0, sizeof(keypair)); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 0); - CHECK(memcmp(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); CHECK(ecount == 3); /** keypair holds the same xonly pubkey as pubkey_create **/ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(sign, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(sign, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(none, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); - CHECK(memcmp(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(sign, &pk, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(sign, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(none, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); CHECK(pk_parity == pk_parity_tmp); - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(verify); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(verify); } void test_keypair_add(void) { unsigned char sk[32]; - rustsecp256k1_v0_3_1_keypair keypair; + rustsecp256k1_v0_4_0_keypair keypair; unsigned char overflows[32]; unsigned char zeros96[96] = { 0 }; unsigned char tweak[32]; int i; int ecount = 0; - rustsecp256k1_v0_3_1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); - rustsecp256k1_v0_3_1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); - rustsecp256k1_v0_3_1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); + rustsecp256k1_v0_4_0_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount); + rustsecp256k1_v0_4_0_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount); + rustsecp256k1_v0_4_0_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount); CHECK(sizeof(zeros96) == sizeof(keypair)); - rustsecp256k1_v0_3_1_testrand256(sk); - rustsecp256k1_v0_3_1_testrand256(tweak); + rustsecp256k1_v0_4_0_testrand256(sk); + rustsecp256k1_v0_4_0_testrand256(tweak); memset(overflows, 0xFF, 32); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(none, &keypair, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(none, &keypair, tweak) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(sign, &keypair, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(sign, &keypair, tweak) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, NULL, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, &keypair, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, NULL, tweak) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, &keypair, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, &keypair, NULL) == 0); CHECK(ecount == 4); /* This does not set the keypair to zeroes */ - CHECK(memcmp(&keypair, zeros96, sizeof(keypair)) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); /* Invalid tweak zeroes the keypair */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, overflows) == 0); - CHECK(memcmp(&keypair, zeros96, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, overflows) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* A zero tweak is fine */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, zeros96) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, zeros96) == 1); /* Fails if the resulting keypair was (sk=0, pk=infinity) */ for (i = 0; i < count; i++) { - rustsecp256k1_v0_3_1_scalar scalar_tweak; - rustsecp256k1_v0_3_1_keypair keypair_tmp; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); + rustsecp256k1_v0_4_0_scalar scalar_tweak; + rustsecp256k1_v0_4_0_keypair keypair_tmp; + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); memcpy(&keypair_tmp, &keypair, sizeof(keypair)); /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar_tweak, sk, NULL); - rustsecp256k1_v0_3_1_scalar_negate(&scalar_tweak, &scalar_tweak); - rustsecp256k1_v0_3_1_scalar_get_b32(tweak, &scalar_tweak); - CHECK((rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, sk) == 0) - || (rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair_tmp, tweak) == 0)); - CHECK(memcmp(&keypair, zeros96, sizeof(keypair)) == 0 - || memcmp(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar_tweak, sk, NULL); + rustsecp256k1_v0_4_0_scalar_negate(&scalar_tweak, &scalar_tweak); + rustsecp256k1_v0_4_0_scalar_get_b32(tweak, &scalar_tweak); + CHECK((rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, sk) == 0) + || (rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair_tmp, tweak) == 0)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 + || rustsecp256k1_v0_4_0_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); } /* Invalid keypair with a valid tweak */ memset(&keypair, 0, sizeof(keypair)); - rustsecp256k1_v0_3_1_testrand256(tweak); + rustsecp256k1_v0_4_0_testrand256(tweak); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); CHECK(ecount == 1); - CHECK(memcmp(&keypair, zeros96, sizeof(keypair)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* Only seckey part of keypair invalid */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); memset(&keypair, 0, 32); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); CHECK(ecount == 2); /* Only pubkey part of keypair invalid */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); memset(&keypair.data[32], 0, 64); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0); CHECK(ecount == 3); /* Check that the keypair_tweak_add implementation is correct */ - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); for (i = 0; i < count; i++) { - rustsecp256k1_v0_3_1_xonly_pubkey internal_pk; - rustsecp256k1_v0_3_1_xonly_pubkey output_pk; - rustsecp256k1_v0_3_1_pubkey output_pk_xy; - rustsecp256k1_v0_3_1_pubkey output_pk_expected; + rustsecp256k1_v0_4_0_xonly_pubkey internal_pk; + rustsecp256k1_v0_4_0_xonly_pubkey output_pk; + rustsecp256k1_v0_4_0_pubkey output_pk_xy; + rustsecp256k1_v0_4_0_pubkey output_pk_expected; unsigned char pk32[32]; int pk_parity; - rustsecp256k1_v0_3_1_testrand256(tweak); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); + rustsecp256k1_v0_4_0_testrand256(tweak); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); /* Check that it passes xonly_pubkey_tweak_add_check */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, pk32, &output_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, pk32, pk_parity, &internal_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, pk32, &output_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, pk32, pk_parity, &internal_pk, tweak) == 1); /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */ - CHECK(rustsecp256k1_v0_3_1_keypair_pub(ctx, &output_pk_xy, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add(ctx, &output_pk_expected, &internal_pk, tweak) == 1); - CHECK(memcmp(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_pub(ctx, &output_pk_xy, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add(ctx, &output_pk_expected, &internal_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); /* Check that the secret key in the keypair is tweaked correctly */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &output_pk_expected, &keypair.data[0]) == 1); - CHECK(memcmp(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &output_pk_expected, &keypair.data[0]) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); } - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(verify); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(verify); } void run_extrakeys_tests(void) { diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include index 45a10c18d..6af734ca4 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_3_1_recovery.h +include_HEADERS += include/rustsecp256k1_v0_4_0_recovery.h noinst_HEADERS += src/modules/recovery/main_impl.h noinst_HEADERS += src/modules/recovery/tests_impl.h noinst_HEADERS += src/modules/recovery/tests_exhaustive_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h index 122dd4759..6ef74bca3 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h @@ -1,42 +1,42 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_MODULE_RECOVERY_MAIN_H #define SECP256K1_MODULE_RECOVERY_MAIN_H #include "include/secp256k1_recovery.h" -static void rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, int* recid, const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig) { +static void rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, int* recid, const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig) { (void)ctx; - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { - /* When the rustsecp256k1_v0_3_1_scalar type is exactly 32 byte, use its - * representation inside rustsecp256k1_v0_3_1_ecdsa_signature, as conversion is very fast. - * Note that rustsecp256k1_v0_3_1_ecdsa_signature_save must use the same representation. */ + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { + /* When the rustsecp256k1_v0_4_0_scalar type is exactly 32 byte, use its + * representation inside rustsecp256k1_v0_4_0_ecdsa_signature, as conversion is very fast. + * Note that rustsecp256k1_v0_4_0_ecdsa_signature_save must use the same representation. */ memcpy(r, &sig->data[0], 32); memcpy(s, &sig->data[32], 32); } else { - rustsecp256k1_v0_3_1_scalar_set_b32(r, &sig->data[0], NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(s, &sig->data[32], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(r, &sig->data[0], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(s, &sig->data[32], NULL); } *recid = sig->data[64]; } -static void rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_save(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig, const rustsecp256k1_v0_3_1_scalar* r, const rustsecp256k1_v0_3_1_scalar* s, int recid) { - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { +static void rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_save(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig, const rustsecp256k1_v0_4_0_scalar* r, const rustsecp256k1_v0_4_0_scalar* s, int recid) { + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { memcpy(&sig->data[0], r, 32); memcpy(&sig->data[32], s, 32); } else { - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[0], r); - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[32], s); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[0], r); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[32], s); } sig->data[64] = recid; } -int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { + rustsecp256k1_v0_4_0_scalar r, s; int ret = 1; int overflow = 0; @@ -45,111 +45,111 @@ int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(const rustsec ARG_CHECK(input64 != NULL); ARG_CHECK(recid >= 0 && recid <= 3); - rustsecp256k1_v0_3_1_scalar_set_b32(&r, &input64[0], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - rustsecp256k1_v0_3_1_scalar_set_b32(&s, &input64[32], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; if (ret) { - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_save(sig, &r, &s, recid); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_save(sig, &r, &s, recid); } else { memset(sig, 0, sizeof(*sig)); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output64, int *recid, const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sig) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, int *recid, const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sig) { + rustsecp256k1_v0_4_0_scalar r, s; (void)ctx; ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(recid != NULL); - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[0], &r); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[32], &s); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[0], &r); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[32], &s); return 1; } -int rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature* sigin) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature* sigin) { + rustsecp256k1_v0_4_0_scalar r, s; int recid; (void)ctx; ARG_CHECK(sig != NULL); ARG_CHECK(sigin != NULL); - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); - rustsecp256k1_v0_3_1_ecdsa_signature_save(sig, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); + rustsecp256k1_v0_4_0_ecdsa_signature_save(sig, &r, &s); return 1; } -static int rustsecp256k1_v0_3_1_ecdsa_sig_recover(const rustsecp256k1_v0_3_1_ecmult_context *ctx, const rustsecp256k1_v0_3_1_scalar *sigr, const rustsecp256k1_v0_3_1_scalar* sigs, rustsecp256k1_v0_3_1_ge *pubkey, const rustsecp256k1_v0_3_1_scalar *message, int recid) { +static int rustsecp256k1_v0_4_0_ecdsa_sig_recover(const rustsecp256k1_v0_4_0_ecmult_context *ctx, const rustsecp256k1_v0_4_0_scalar *sigr, const rustsecp256k1_v0_4_0_scalar* sigs, rustsecp256k1_v0_4_0_ge *pubkey, const rustsecp256k1_v0_4_0_scalar *message, int recid) { unsigned char brx[32]; - rustsecp256k1_v0_3_1_fe fx; - rustsecp256k1_v0_3_1_ge x; - rustsecp256k1_v0_3_1_gej xj; - rustsecp256k1_v0_3_1_scalar rn, u1, u2; - rustsecp256k1_v0_3_1_gej qj; + rustsecp256k1_v0_4_0_fe fx; + rustsecp256k1_v0_4_0_ge x; + rustsecp256k1_v0_4_0_gej xj; + rustsecp256k1_v0_4_0_scalar rn, u1, u2; + rustsecp256k1_v0_4_0_gej qj; int r; - if (rustsecp256k1_v0_3_1_scalar_is_zero(sigr) || rustsecp256k1_v0_3_1_scalar_is_zero(sigs)) { + if (rustsecp256k1_v0_4_0_scalar_is_zero(sigr) || rustsecp256k1_v0_4_0_scalar_is_zero(sigs)) { return 0; } - rustsecp256k1_v0_3_1_scalar_get_b32(brx, sigr); - r = rustsecp256k1_v0_3_1_fe_set_b32(&fx, brx); + rustsecp256k1_v0_4_0_scalar_get_b32(brx, sigr); + r = rustsecp256k1_v0_4_0_fe_set_b32(&fx, brx); (void)r; VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */ if (recid & 2) { - if (rustsecp256k1_v0_3_1_fe_cmp_var(&fx, &rustsecp256k1_v0_3_1_ecdsa_const_p_minus_order) >= 0) { + if (rustsecp256k1_v0_4_0_fe_cmp_var(&fx, &rustsecp256k1_v0_4_0_ecdsa_const_p_minus_order) >= 0) { return 0; } - rustsecp256k1_v0_3_1_fe_add(&fx, &rustsecp256k1_v0_3_1_ecdsa_const_order_as_fe); + rustsecp256k1_v0_4_0_fe_add(&fx, &rustsecp256k1_v0_4_0_ecdsa_const_order_as_fe); } - if (!rustsecp256k1_v0_3_1_ge_set_xo_var(&x, &fx, recid & 1)) { + if (!rustsecp256k1_v0_4_0_ge_set_xo_var(&x, &fx, recid & 1)) { return 0; } - rustsecp256k1_v0_3_1_gej_set_ge(&xj, &x); - rustsecp256k1_v0_3_1_scalar_inverse_var(&rn, sigr); - rustsecp256k1_v0_3_1_scalar_mul(&u1, &rn, message); - rustsecp256k1_v0_3_1_scalar_negate(&u1, &u1); - rustsecp256k1_v0_3_1_scalar_mul(&u2, &rn, sigs); - rustsecp256k1_v0_3_1_ecmult(ctx, &qj, &xj, &u2, &u1); - rustsecp256k1_v0_3_1_ge_set_gej_var(pubkey, &qj); - return !rustsecp256k1_v0_3_1_gej_is_infinity(&qj); + rustsecp256k1_v0_4_0_gej_set_ge(&xj, &x); + rustsecp256k1_v0_4_0_scalar_inverse_var(&rn, sigr); + rustsecp256k1_v0_4_0_scalar_mul(&u1, &rn, message); + rustsecp256k1_v0_4_0_scalar_negate(&u1, &u1); + rustsecp256k1_v0_4_0_scalar_mul(&u2, &rn, sigs); + rustsecp256k1_v0_4_0_ecmult(ctx, &qj, &xj, &u2, &u1); + rustsecp256k1_v0_4_0_ge_set_gej_var(pubkey, &qj); + return !rustsecp256k1_v0_4_0_gej_is_infinity(&qj); } -int rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_recoverable_signature *signature, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_3_1_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, rustsecp256k1_v0_4_0_nonce_function noncefp, const void* noncedata) { + rustsecp256k1_v0_4_0_scalar r, s; int ret, recid; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_ecdsa_sign_inner(ctx, &r, &s, &recid, msg32, seckey, noncefp, noncedata); - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); + ret = rustsecp256k1_v0_4_0_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_save(signature, &r, &s, recid); return ret; } -int rustsecp256k1_v0_3_1_ecdsa_recover(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const rustsecp256k1_v0_3_1_ecdsa_recoverable_signature *signature, const unsigned char *msg32) { - rustsecp256k1_v0_3_1_ge q; - rustsecp256k1_v0_3_1_scalar r, s; - rustsecp256k1_v0_3_1_scalar m; +int rustsecp256k1_v0_4_0_ecdsa_recover(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const rustsecp256k1_v0_4_0_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) { + rustsecp256k1_v0_4_0_ge q; + rustsecp256k1_v0_4_0_scalar r, s; + rustsecp256k1_v0_4_0_scalar m; int recid; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(pubkey != NULL); - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */ - rustsecp256k1_v0_3_1_scalar_set_b32(&m, msg32, NULL); - if (rustsecp256k1_v0_3_1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &q); + rustsecp256k1_v0_4_0_scalar_set_b32(&m, msghash32, NULL); + if (rustsecp256k1_v0_4_0_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) { + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &q); return 1; } else { memset(pubkey, 0, sizeof(*pubkey)); diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h index f2530adcb..ab599738e 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2016 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2016 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H #define SECP256K1_MODULE_RECOVERY_EXHAUSTIVE_TESTS_H @@ -10,7 +10,7 @@ #include "src/modules/recovery/main_impl.h" #include "include/secp256k1_recovery.h" -void test_exhaustive_recovery_sign(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_recovery_sign(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { int i, j, k; uint64_t iter = 0; @@ -20,23 +20,23 @@ void test_exhaustive_recovery_sign(const rustsecp256k1_v0_3_1_context *ctx, cons if (skip_section(&iter)) continue; for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) { /* nonce */ const int starting_k = k; - rustsecp256k1_v0_3_1_fe r_dot_y_normalized; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_3_1_ecdsa_signature sig; - rustsecp256k1_v0_3_1_scalar sk, msg, r, s, expected_r; + rustsecp256k1_v0_4_0_fe r_dot_y_normalized; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature rsig; + rustsecp256k1_v0_4_0_ecdsa_signature sig; + rustsecp256k1_v0_4_0_scalar sk, msg, r, s, expected_r; unsigned char sk32[32], msg32[32]; int expected_recid; int recid; int overflow; - rustsecp256k1_v0_3_1_scalar_set_int(&msg, i); - rustsecp256k1_v0_3_1_scalar_set_int(&sk, j); - rustsecp256k1_v0_3_1_scalar_get_b32(sk32, &sk); - rustsecp256k1_v0_3_1_scalar_get_b32(msg32, &msg); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, i); + rustsecp256k1_v0_4_0_scalar_set_int(&sk, j); + rustsecp256k1_v0_4_0_scalar_get_b32(sk32, &sk); + rustsecp256k1_v0_4_0_scalar_get_b32(msg32, &msg); - rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, rustsecp256k1_v0_3_1_nonce_function_smallint, &k); + rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, rustsecp256k1_v0_4_0_nonce_function_smallint, &k); /* Check directly */ - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); r_from_k(&expected_r, group, k, &overflow); CHECK(r == expected_r); CHECK((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER || @@ -50,18 +50,18 @@ void test_exhaustive_recovery_sign(const rustsecp256k1_v0_3_1_context *ctx, cons * in the real group. */ expected_recid = overflow ? 2 : 0; r_dot_y_normalized = group[k].y; - rustsecp256k1_v0_3_1_fe_normalize(&r_dot_y_normalized); + rustsecp256k1_v0_4_0_fe_normalize(&r_dot_y_normalized); /* Also the recovery id is flipped depending if we hit the low-s branch */ if ((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER) { - expected_recid |= rustsecp256k1_v0_3_1_fe_is_odd(&r_dot_y_normalized); + expected_recid |= rustsecp256k1_v0_4_0_fe_is_odd(&r_dot_y_normalized); } else { - expected_recid |= !rustsecp256k1_v0_3_1_fe_is_odd(&r_dot_y_normalized); + expected_recid |= !rustsecp256k1_v0_4_0_fe_is_odd(&r_dot_y_normalized); } CHECK(recid == expected_recid); /* Convert to a standard sig then check */ - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, &sig); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, &sig); /* Note that we compute expected_r *after* signing -- this is important * because our nonce-computing function function might change k during * signing. */ @@ -79,7 +79,7 @@ void test_exhaustive_recovery_sign(const rustsecp256k1_v0_3_1_context *ctx, cons } } -void test_exhaustive_recovery_verify(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_recovery_verify(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { /* This is essentially a copy of test_exhaustive_verify, with recovery added */ int s, r, msg, key; uint64_t iter = 0; @@ -87,41 +87,41 @@ void test_exhaustive_recovery_verify(const rustsecp256k1_v0_3_1_context *ctx, co for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { - rustsecp256k1_v0_3_1_ge nonconst_ge; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_3_1_ecdsa_signature sig; - rustsecp256k1_v0_3_1_pubkey pk; - rustsecp256k1_v0_3_1_scalar sk_s, msg_s, r_s, s_s; - rustsecp256k1_v0_3_1_scalar s_times_k_s, msg_plus_r_times_sk_s; + rustsecp256k1_v0_4_0_ge nonconst_ge; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature rsig; + rustsecp256k1_v0_4_0_ecdsa_signature sig; + rustsecp256k1_v0_4_0_pubkey pk; + rustsecp256k1_v0_4_0_scalar sk_s, msg_s, r_s, s_s; + rustsecp256k1_v0_4_0_scalar s_times_k_s, msg_plus_r_times_sk_s; int recid = 0; int k, should_verify; unsigned char msg32[32]; if (skip_section(&iter)) continue; - rustsecp256k1_v0_3_1_scalar_set_int(&s_s, s); - rustsecp256k1_v0_3_1_scalar_set_int(&r_s, r); - rustsecp256k1_v0_3_1_scalar_set_int(&msg_s, msg); - rustsecp256k1_v0_3_1_scalar_set_int(&sk_s, key); - rustsecp256k1_v0_3_1_scalar_get_b32(msg32, &msg_s); + rustsecp256k1_v0_4_0_scalar_set_int(&s_s, s); + rustsecp256k1_v0_4_0_scalar_set_int(&r_s, r); + rustsecp256k1_v0_4_0_scalar_set_int(&msg_s, msg); + rustsecp256k1_v0_4_0_scalar_set_int(&sk_s, key); + rustsecp256k1_v0_4_0_scalar_get_b32(msg32, &msg_s); /* Verify by hand */ /* Run through every k value that gives us this r and check that *one* works. * Note there could be none, there could be multiple, ECDSA is weird. */ should_verify = 0; for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { - rustsecp256k1_v0_3_1_scalar check_x_s; + rustsecp256k1_v0_4_0_scalar check_x_s; r_from_k(&check_x_s, group, k, NULL); if (r_s == check_x_s) { - rustsecp256k1_v0_3_1_scalar_set_int(&s_times_k_s, k); - rustsecp256k1_v0_3_1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - rustsecp256k1_v0_3_1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - rustsecp256k1_v0_3_1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= rustsecp256k1_v0_3_1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + rustsecp256k1_v0_4_0_scalar_set_int(&s_times_k_s, k); + rustsecp256k1_v0_4_0_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + rustsecp256k1_v0_4_0_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + rustsecp256k1_v0_4_0_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= rustsecp256k1_v0_4_0_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); } } /* nb we have a "high s" rule */ - should_verify &= !rustsecp256k1_v0_3_1_scalar_is_high(&s_s); + should_verify &= !rustsecp256k1_v0_4_0_scalar_is_high(&s_s); /* We would like to try recovering the pubkey and checking that it matches, * but pubkey recovery is impossible in the exhaustive tests (the reason @@ -129,19 +129,19 @@ void test_exhaustive_recovery_verify(const rustsecp256k1_v0_3_1_context *ctx, co * overlap between the sets, so there are no valid signatures). */ /* Verify by converting to a standard signature and calling verify */ - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - rustsecp256k1_v0_3_1_pubkey_save(&pk, &nonconst_ge); + rustsecp256k1_v0_4_0_pubkey_save(&pk, &nonconst_ge); CHECK(should_verify == - rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pk)); + rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pk)); } } } } } -static void test_exhaustive_recovery(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +static void test_exhaustive_recovery(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { test_exhaustive_recovery_sign(ctx, group); test_exhaustive_recovery_verify(ctx, group); } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h index a5e3c73b1..37f367bbb 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_MODULE_RECOVERY_TESTS_H #define SECP256K1_MODULE_RECOVERY_TESTS_H @@ -25,19 +25,19 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c } /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */ memset(nonce32, 1, 32); - return rustsecp256k1_v0_3_1_testrand_bits(1); + return rustsecp256k1_v0_4_0_testrand_bits(1); } void test_ecdsa_recovery_api(void) { /* Setup contexts that just count errors */ - rustsecp256k1_v0_3_1_context *none = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_NONE); - rustsecp256k1_v0_3_1_context *sign = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN); - rustsecp256k1_v0_3_1_context *vrfy = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY); - rustsecp256k1_v0_3_1_context *both = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_pubkey recpubkey; - rustsecp256k1_v0_3_1_ecdsa_signature normal_sig; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature recsig; + rustsecp256k1_v0_4_0_context *none = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_NONE); + rustsecp256k1_v0_4_0_context *sign = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN); + rustsecp256k1_v0_4_0_context *vrfy = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY); + rustsecp256k1_v0_4_0_context *both = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey recpubkey; + rustsecp256k1_v0_4_0_ecdsa_signature normal_sig; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature recsig; unsigned char privkey[32] = { 1 }; unsigned char message[32] = { 2 }; int32_t ecount = 0; @@ -49,160 +49,160 @@ void test_ecdsa_recovery_api(void) { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; - rustsecp256k1_v0_3_1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, privkey) == 1); /* Check bad contexts and NULLs for signing */ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0); CHECK(ecount == 5); /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ - rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL); + rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL); CHECK(ecount == 5); /* These will all fail, but not in ARG_CHECK way */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0); /* This one will succeed. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); CHECK(ecount == 5); /* Check signing with a goofy nonce function */ /* Check bad contexts and NULLs for recovery */ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(none, &recpubkey, &recsig, message) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(none, &recpubkey, &recsig, message) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(both, &recpubkey, &recsig, message) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(both, &recpubkey, &recsig, message) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(both, NULL, &recsig, message) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(both, NULL, &recsig, message) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(both, &recpubkey, NULL, message) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(both, &recpubkey, NULL, message) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0); CHECK(ecount == 5); /* Check NULLs for conversion */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1); /* Check NULLs for de/serialization */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0); CHECK(ecount == 5); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0); CHECK(ecount == 6); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0); CHECK(ecount == 7); /* overflow in signature will fail but not affect ecount */ memcpy(sig, over_privkey, 32); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0); CHECK(ecount == 7); /* cleanup */ - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(vrfy); - rustsecp256k1_v0_3_1_context_destroy(both); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(vrfy); + rustsecp256k1_v0_4_0_context_destroy(both); } void test_ecdsa_recovery_end_to_end(void) { unsigned char extra[32] = {0x00}; unsigned char privkey[32]; unsigned char message[32]; - rustsecp256k1_v0_3_1_ecdsa_signature signature[5]; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature rsignature[5]; + rustsecp256k1_v0_4_0_ecdsa_signature signature[5]; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature rsignature[5]; unsigned char sig[74]; - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_pubkey recpubkey; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey recpubkey; int recid = 0; /* Generate a random key and message. */ { - rustsecp256k1_v0_3_1_scalar msg, key; + rustsecp256k1_v0_4_0_scalar msg, key; random_scalar_order_test(&msg); random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_scalar_get_b32(privkey, &key); - rustsecp256k1_v0_3_1_scalar_get_b32(message, &msg); + rustsecp256k1_v0_4_0_scalar_get_b32(privkey, &key); + rustsecp256k1_v0_4_0_scalar_get_b32(message, &msg); } /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, privkey) == 1); /* Serialize/parse compact and verify/recover. */ extra[0] = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(memcmp(&signature[4], &signature[0], 64) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[4], &signature[0], 64) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); memset(&rsignature[4], 0, sizeof(rsignature[4])); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); /* Parse compact (with recovery id) and recover. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); - CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); /* Serialize/destroy/parse signature and verify again. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); - sig[rustsecp256k1_v0_3_1_testrand_bits(6)] += 1 + rustsecp256k1_v0_3_1_testrand_int(255); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + sig[rustsecp256k1_v0_4_0_testrand_bits(6)] += 1 + rustsecp256k1_v0_4_0_testrand_int(255); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); /* Recover again */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || - memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || + rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); } /* Tests several edge cases. */ @@ -225,7 +225,7 @@ void test_ecdsa_recovery_edge_cases(void) { 0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86, 0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57 }; - rustsecp256k1_v0_3_1_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey pubkey; /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ const unsigned char sigb64[64] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -237,19 +237,19 @@ void test_ecdsa_recovery_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, }; - rustsecp256k1_v0_3_1_pubkey pubkeyb; - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_3_1_ecdsa_signature sig; + rustsecp256k1_v0_4_0_pubkey pubkeyb; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature rsig; + rustsecp256k1_v0_4_0_ecdsa_signature sig; int recid; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); for (recid = 0; recid < 4; recid++) { int i; @@ -294,40 +294,40 @@ void test_ecdsa_recovery_edge_cases(void) { 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 }; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); for (recid2 = 0; recid2 < 4; recid2++) { - rustsecp256k1_v0_3_1_pubkey pubkey2b; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); + rustsecp256k1_v0_4_0_pubkey pubkey2b; + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); /* Verifying with (order + r,4) should always fail. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); } /* DER parsing tests. */ /* Zero length r/s. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); /* Leading zeros. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); sigbderalt3[4] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); sigbderalt4[7] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); /* Damage signature. */ sigbder[7]++; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); sigbder[7]--; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); for(i = 0; i < 8; i++) { int c; unsigned char orig = sigbder[i]; @@ -337,7 +337,7 @@ void test_ecdsa_recovery_edge_cases(void) { continue; } sigbder[i] = c; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); } sigbder[i] = orig; } @@ -357,25 +357,25 @@ void test_ecdsa_recovery_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, }; - rustsecp256k1_v0_3_1_pubkey pubkeyc; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); + rustsecp256k1_v0_4_0_pubkey pubkeyc; + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); sigcder[4] = 0; sigc64[31] = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); sigcder[4] = 1; sigcder[7] = 0; sigc64[31] = 1; sigc64[63] = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include index 46c5390af..aaa62d55b 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_3_1_schnorrsig.h +include_HEADERS += include/rustsecp256k1_v0_4_0_schnorrsig.h noinst_HEADERS += src/modules/schnorrsig/main_impl.h noinst_HEADERS += src/modules/schnorrsig/tests_impl.h noinst_HEADERS += src/modules/schnorrsig/tests_exhaustive_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h index 7e89e61de..4c1a5df38 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_SCHNORRSIG_MAIN_ #define _SECP256K1_MODULE_SCHNORRSIG_MAIN_ @@ -13,8 +13,8 @@ /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/nonce")||SHA256("BIP0340/nonce"). */ -static void rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged(rustsecp256k1_v0_3_1_sha256 *sha) { - rustsecp256k1_v0_3_1_sha256_initialize(sha); +static void rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged(rustsecp256k1_v0_4_0_sha256 *sha) { + rustsecp256k1_v0_4_0_sha256_initialize(sha); sha->s[0] = 0x46615b35ul; sha->s[1] = 0xf4bfbff7ul; sha->s[2] = 0x9f8dc671ul; @@ -29,8 +29,8 @@ static void rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged(rustsecp256 /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/aux")||SHA256("BIP0340/aux"). */ -static void rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged_aux(rustsecp256k1_v0_3_1_sha256 *sha) { - rustsecp256k1_v0_3_1_sha256_initialize(sha); +static void rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged_aux(rustsecp256k1_v0_4_0_sha256 *sha) { + rustsecp256k1_v0_4_0_sha256_initialize(sha); sha->s[0] = 0x24dd3219ul; sha->s[1] = 0x4eba7e70ul; sha->s[2] = 0xca0fabb9ul; @@ -48,7 +48,7 @@ static void rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged_aux(rustsec static const unsigned char bip340_algo16[16] = "BIP0340/nonce\0\0\0"; static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo16, void *data) { - rustsecp256k1_v0_3_1_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha; unsigned char masked_key[32]; int i; @@ -57,9 +57,9 @@ static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *ms } if (data != NULL) { - rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged_aux(&sha); - rustsecp256k1_v0_3_1_sha256_write(&sha, data, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, masked_key); + rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged_aux(&sha); + rustsecp256k1_v0_4_0_sha256_write(&sha, data, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, masked_key); for (i = 0; i < 32; i++) { masked_key[i] ^= key32[i]; } @@ -68,35 +68,35 @@ static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *ms /* Tag the hash with algo16 which is important to avoid nonce reuse across * algorithms. If this nonce function is used in BIP-340 signing as defined * in the spec, an optimized tagging implementation is used. */ - if (memcmp(algo16, bip340_algo16, 16) == 0) { - rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged(&sha); + if (rustsecp256k1_v0_4_0_memcmp_var(algo16, bip340_algo16, 16) == 0) { + rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged(&sha); } else { int algo16_len = 16; /* Remove terminating null bytes */ while (algo16_len > 0 && !algo16[algo16_len - 1]) { algo16_len--; } - rustsecp256k1_v0_3_1_sha256_initialize_tagged(&sha, algo16, algo16_len); + rustsecp256k1_v0_4_0_sha256_initialize_tagged(&sha, algo16, algo16_len); } /* Hash (masked-)key||pk||msg using the tagged hash as per the spec */ if (data != NULL) { - rustsecp256k1_v0_3_1_sha256_write(&sha, masked_key, 32); + rustsecp256k1_v0_4_0_sha256_write(&sha, masked_key, 32); } else { - rustsecp256k1_v0_3_1_sha256_write(&sha, key32, 32); + rustsecp256k1_v0_4_0_sha256_write(&sha, key32, 32); } - rustsecp256k1_v0_3_1_sha256_write(&sha, xonly_pk32, 32); - rustsecp256k1_v0_3_1_sha256_write(&sha, msg32, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, nonce32); + rustsecp256k1_v0_4_0_sha256_write(&sha, xonly_pk32, 32); + rustsecp256k1_v0_4_0_sha256_write(&sha, msg32, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, nonce32); return 1; } -const rustsecp256k1_v0_3_1_nonce_function_hardened rustsecp256k1_v0_3_1_nonce_function_bip340 = nonce_function_bip340; +const rustsecp256k1_v0_4_0_nonce_function_hardened rustsecp256k1_v0_4_0_nonce_function_bip340 = nonce_function_bip340; /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/challenge")||SHA256("BIP0340/challenge"). */ -static void rustsecp256k1_v0_3_1_schnorrsig_sha256_tagged(rustsecp256k1_v0_3_1_sha256 *sha) { - rustsecp256k1_v0_3_1_sha256_initialize(sha); +static void rustsecp256k1_v0_4_0_schnorrsig_sha256_tagged(rustsecp256k1_v0_4_0_sha256 *sha) { + rustsecp256k1_v0_4_0_sha256_initialize(sha); sha->s[0] = 0x9cecba11ul; sha->s[1] = 0x23925381ul; sha->s[2] = 0x11679112ul; @@ -108,132 +108,132 @@ static void rustsecp256k1_v0_3_1_schnorrsig_sha256_tagged(rustsecp256k1_v0_3_1_s sha->bytes = 64; } -static void rustsecp256k1_v0_3_1_schnorrsig_challenge(rustsecp256k1_v0_3_1_scalar* e, const unsigned char *r32, const unsigned char *msg32, const unsigned char *pubkey32) +static void rustsecp256k1_v0_4_0_schnorrsig_challenge(rustsecp256k1_v0_4_0_scalar* e, const unsigned char *r32, const unsigned char *msg32, const unsigned char *pubkey32) { unsigned char buf[32]; - rustsecp256k1_v0_3_1_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha; /* tagged hash(r.x, pk.x, msg32) */ - rustsecp256k1_v0_3_1_schnorrsig_sha256_tagged(&sha); - rustsecp256k1_v0_3_1_sha256_write(&sha, r32, 32); - rustsecp256k1_v0_3_1_sha256_write(&sha, pubkey32, 32); - rustsecp256k1_v0_3_1_sha256_write(&sha, msg32, 32); - rustsecp256k1_v0_3_1_sha256_finalize(&sha, buf); + rustsecp256k1_v0_4_0_schnorrsig_sha256_tagged(&sha); + rustsecp256k1_v0_4_0_sha256_write(&sha, r32, 32); + rustsecp256k1_v0_4_0_sha256_write(&sha, pubkey32, 32); + rustsecp256k1_v0_4_0_sha256_write(&sha, msg32, 32); + rustsecp256k1_v0_4_0_sha256_finalize(&sha, buf); /* Set scalar e to the challenge hash modulo the curve order as per * BIP340. */ - rustsecp256k1_v0_3_1_scalar_set_b32(e, buf, NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(e, buf, NULL); } -int rustsecp256k1_v0_3_1_schnorrsig_sign(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_3_1_keypair *keypair, rustsecp256k1_v0_3_1_nonce_function_hardened noncefp, void *ndata) { - rustsecp256k1_v0_3_1_scalar sk; - rustsecp256k1_v0_3_1_scalar e; - rustsecp256k1_v0_3_1_scalar k; - rustsecp256k1_v0_3_1_gej rj; - rustsecp256k1_v0_3_1_ge pk; - rustsecp256k1_v0_3_1_ge r; +int rustsecp256k1_v0_4_0_schnorrsig_sign(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_4_0_keypair *keypair, rustsecp256k1_v0_4_0_nonce_function_hardened noncefp, void *ndata) { + rustsecp256k1_v0_4_0_scalar sk; + rustsecp256k1_v0_4_0_scalar e; + rustsecp256k1_v0_4_0_scalar k; + rustsecp256k1_v0_4_0_gej rj; + rustsecp256k1_v0_4_0_ge pk; + rustsecp256k1_v0_4_0_ge r; unsigned char buf[32] = { 0 }; unsigned char pk_buf[32]; unsigned char seckey[32]; int ret = 1; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(sig64 != NULL); ARG_CHECK(msg32 != NULL); ARG_CHECK(keypair != NULL); if (noncefp == NULL) { - noncefp = rustsecp256k1_v0_3_1_nonce_function_bip340; + noncefp = rustsecp256k1_v0_4_0_nonce_function_bip340; } - ret &= rustsecp256k1_v0_3_1_keypair_load(ctx, &sk, &pk, keypair); + ret &= rustsecp256k1_v0_4_0_keypair_load(ctx, &sk, &pk, keypair); /* Because we are signing for a x-only pubkey, the secret key is negated * before signing if the point corresponding to the secret key does not * have an even Y. */ - if (rustsecp256k1_v0_3_1_fe_is_odd(&pk.y)) { - rustsecp256k1_v0_3_1_scalar_negate(&sk, &sk); + if (rustsecp256k1_v0_4_0_fe_is_odd(&pk.y)) { + rustsecp256k1_v0_4_0_scalar_negate(&sk, &sk); } - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sk); - rustsecp256k1_v0_3_1_fe_get_b32(pk_buf, &pk.x); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sk); + rustsecp256k1_v0_4_0_fe_get_b32(pk_buf, &pk.x); ret &= !!noncefp(buf, msg32, seckey, pk_buf, bip340_algo16, ndata); - rustsecp256k1_v0_3_1_scalar_set_b32(&k, buf, NULL); - ret &= !rustsecp256k1_v0_3_1_scalar_is_zero(&k); - rustsecp256k1_v0_3_1_scalar_cmov(&k, &rustsecp256k1_v0_3_1_scalar_one, !ret); + rustsecp256k1_v0_4_0_scalar_set_b32(&k, buf, NULL); + ret &= !rustsecp256k1_v0_4_0_scalar_is_zero(&k); + rustsecp256k1_v0_4_0_scalar_cmov(&k, &rustsecp256k1_v0_4_0_scalar_one, !ret); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &k); - rustsecp256k1_v0_3_1_ge_set_gej(&r, &rj); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &k); + rustsecp256k1_v0_4_0_ge_set_gej(&r, &rj); /* We declassify r to allow using it as a branch point. This is fine * because r is not a secret. */ - rustsecp256k1_v0_3_1_declassify(ctx, &r, sizeof(r)); - rustsecp256k1_v0_3_1_fe_normalize_var(&r.y); - if (rustsecp256k1_v0_3_1_fe_is_odd(&r.y)) { - rustsecp256k1_v0_3_1_scalar_negate(&k, &k); + rustsecp256k1_v0_4_0_declassify(ctx, &r, sizeof(r)); + rustsecp256k1_v0_4_0_fe_normalize_var(&r.y); + if (rustsecp256k1_v0_4_0_fe_is_odd(&r.y)) { + rustsecp256k1_v0_4_0_scalar_negate(&k, &k); } - rustsecp256k1_v0_3_1_fe_normalize_var(&r.x); - rustsecp256k1_v0_3_1_fe_get_b32(&sig64[0], &r.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&r.x); + rustsecp256k1_v0_4_0_fe_get_b32(&sig64[0], &r.x); - rustsecp256k1_v0_3_1_schnorrsig_challenge(&e, &sig64[0], msg32, pk_buf); - rustsecp256k1_v0_3_1_scalar_mul(&e, &e, &sk); - rustsecp256k1_v0_3_1_scalar_add(&e, &e, &k); - rustsecp256k1_v0_3_1_scalar_get_b32(&sig64[32], &e); + rustsecp256k1_v0_4_0_schnorrsig_challenge(&e, &sig64[0], msg32, pk_buf); + rustsecp256k1_v0_4_0_scalar_mul(&e, &e, &sk); + rustsecp256k1_v0_4_0_scalar_add(&e, &e, &k); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig64[32], &e); - memczero(sig64, 64, !ret); - rustsecp256k1_v0_3_1_scalar_clear(&k); - rustsecp256k1_v0_3_1_scalar_clear(&sk); + rustsecp256k1_v0_4_0_memczero(sig64, 64, !ret); + rustsecp256k1_v0_4_0_scalar_clear(&k); + rustsecp256k1_v0_4_0_scalar_clear(&sk); memset(seckey, 0, sizeof(seckey)); return ret; } -int rustsecp256k1_v0_3_1_schnorrsig_verify(const rustsecp256k1_v0_3_1_context* ctx, const unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_3_1_xonly_pubkey *pubkey) { - rustsecp256k1_v0_3_1_scalar s; - rustsecp256k1_v0_3_1_scalar e; - rustsecp256k1_v0_3_1_gej rj; - rustsecp256k1_v0_3_1_ge pk; - rustsecp256k1_v0_3_1_gej pkj; - rustsecp256k1_v0_3_1_fe rx; - rustsecp256k1_v0_3_1_ge r; +int rustsecp256k1_v0_4_0_schnorrsig_verify(const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_4_0_xonly_pubkey *pubkey) { + rustsecp256k1_v0_4_0_scalar s; + rustsecp256k1_v0_4_0_scalar e; + rustsecp256k1_v0_4_0_gej rj; + rustsecp256k1_v0_4_0_ge pk; + rustsecp256k1_v0_4_0_gej pkj; + rustsecp256k1_v0_4_0_fe rx; + rustsecp256k1_v0_4_0_ge r; unsigned char buf[32]; int overflow; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(sig64 != NULL); ARG_CHECK(msg32 != NULL); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_3_1_fe_set_b32(&rx, &sig64[0])) { + if (!rustsecp256k1_v0_4_0_fe_set_b32(&rx, &sig64[0])) { return 0; } - rustsecp256k1_v0_3_1_scalar_set_b32(&s, &sig64[32], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, &sig64[32], &overflow); if (overflow) { return 0; } - if (!rustsecp256k1_v0_3_1_xonly_pubkey_load(ctx, &pk, pubkey)) { + if (!rustsecp256k1_v0_4_0_xonly_pubkey_load(ctx, &pk, pubkey)) { return 0; } /* Compute e. */ - rustsecp256k1_v0_3_1_fe_get_b32(buf, &pk.x); - rustsecp256k1_v0_3_1_schnorrsig_challenge(&e, &sig64[0], msg32, buf); + rustsecp256k1_v0_4_0_fe_get_b32(buf, &pk.x); + rustsecp256k1_v0_4_0_schnorrsig_challenge(&e, &sig64[0], msg32, buf); /* Compute rj = s*G + (-e)*pkj */ - rustsecp256k1_v0_3_1_scalar_negate(&e, &e); - rustsecp256k1_v0_3_1_gej_set_ge(&pkj, &pk); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &rj, &pkj, &e, &s); + rustsecp256k1_v0_4_0_scalar_negate(&e, &e); + rustsecp256k1_v0_4_0_gej_set_ge(&pkj, &pk); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &rj, &pkj, &e, &s); - rustsecp256k1_v0_3_1_ge_set_gej_var(&r, &rj); - if (rustsecp256k1_v0_3_1_ge_is_infinity(&r)) { + rustsecp256k1_v0_4_0_ge_set_gej_var(&r, &rj); + if (rustsecp256k1_v0_4_0_ge_is_infinity(&r)) { return 0; } - rustsecp256k1_v0_3_1_fe_normalize_var(&r.y); - return !rustsecp256k1_v0_3_1_fe_is_odd(&r.y) && - rustsecp256k1_v0_3_1_fe_equal_var(&rx, &r.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&r.y); + return !rustsecp256k1_v0_4_0_fe_is_odd(&r.y) && + rustsecp256k1_v0_4_0_fe_equal_var(&rx, &r.x); } #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h index 6d401eb40..6f799c2ed 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_ #define _SECP256K1_MODULE_SCHNORRSIG_TESTS_EXHAUSTIVE_ @@ -58,21 +58,21 @@ static const unsigned char invalid_pubkey_bytes[][32] = { #define NUM_INVALID_KEYS (sizeof(invalid_pubkey_bytes) / sizeof(invalid_pubkey_bytes[0])) -static int rustsecp256k1_v0_3_1_hardened_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, +static int rustsecp256k1_v0_4_0_hardened_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo16, void* data) { - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_scalar s; int *idata = data; (void)msg32; (void)key32; (void)xonly_pk32; (void)algo16; - rustsecp256k1_v0_3_1_scalar_set_int(&s, *idata); - rustsecp256k1_v0_3_1_scalar_get_b32(nonce32, &s); + rustsecp256k1_v0_4_0_scalar_set_int(&s, *idata); + rustsecp256k1_v0_4_0_scalar_get_b32(nonce32, &s); return 1; } -static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_xonly_pubkey* pubkeys, unsigned char (*xonly_pubkey_bytes)[32], const int* parities) { +static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_xonly_pubkey* pubkeys, unsigned char (*xonly_pubkey_bytes)[32], const int* parities) { int d; uint64_t iter = 0; /* Iterate over the possible public keys to verify against (through their corresponding DL d). */ @@ -98,10 +98,10 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_3_1_context } /* Randomly generate messages until all challenges have been hit. */ while (e_count_done < EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_3_1_scalar e; + rustsecp256k1_v0_4_0_scalar e; unsigned char msg32[32]; - rustsecp256k1_v0_3_1_testrand256(msg32); - rustsecp256k1_v0_3_1_schnorrsig_challenge(&e, sig64, msg32, pk32); + rustsecp256k1_v0_4_0_testrand256(msg32); + rustsecp256k1_v0_4_0_schnorrsig_challenge(&e, sig64, msg32, pk32); /* Only do work if we hit a challenge we haven't tried before. */ if (!e_done[e]) { /* Iterate over the possible valid last 32 bytes in the signature. @@ -110,16 +110,16 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_3_1_context for (s = 0; s <= EXHAUSTIVE_TEST_ORDER + 1; ++s) { int expect_valid, valid; if (s <= EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_3_1_scalar s_s; - rustsecp256k1_v0_3_1_scalar_set_int(&s_s, s); - rustsecp256k1_v0_3_1_scalar_get_b32(sig64 + 32, &s_s); + rustsecp256k1_v0_4_0_scalar s_s; + rustsecp256k1_v0_4_0_scalar_set_int(&s_s, s); + rustsecp256k1_v0_4_0_scalar_get_b32(sig64 + 32, &s_s); expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER && (s_s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER); } else { - rustsecp256k1_v0_3_1_testrand256(sig64 + 32); + rustsecp256k1_v0_4_0_testrand256(sig64 + 32); expect_valid = 0; } - valid = rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig64, msg32, &pubkeys[d - 1]); + valid = rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig64, msg32, &pubkeys[d - 1]); CHECK(valid == expect_valid); count_valid += valid; } @@ -134,7 +134,7 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_3_1_context } } -static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_3_1_context *ctx, unsigned char (*xonly_pubkey_bytes)[32], const rustsecp256k1_v0_3_1_keypair* keypairs, const int* parities) { +static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_4_0_context *ctx, unsigned char (*xonly_pubkey_bytes)[32], const rustsecp256k1_v0_4_0_keypair* keypairs, const int* parities) { int d, k; uint64_t iter = 0; /* Loop over keys. */ @@ -152,20 +152,20 @@ static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_3_1_context * if (parities[k - 1]) actual_k = EXHAUSTIVE_TEST_ORDER - k; /* Generate random messages until all challenges have been tried. */ while (e_count_done < EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_3_1_scalar e; - rustsecp256k1_v0_3_1_testrand256(msg32); - rustsecp256k1_v0_3_1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, xonly_pubkey_bytes[d - 1]); + rustsecp256k1_v0_4_0_scalar e; + rustsecp256k1_v0_4_0_testrand256(msg32); + rustsecp256k1_v0_4_0_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, xonly_pubkey_bytes[d - 1]); /* Only do work if we hit a challenge we haven't tried before. */ if (!e_done[e]) { - rustsecp256k1_v0_3_1_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; + rustsecp256k1_v0_4_0_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; unsigned char expected_s_bytes[32]; - rustsecp256k1_v0_3_1_scalar_get_b32(expected_s_bytes, &expected_s); + rustsecp256k1_v0_4_0_scalar_get_b32(expected_s_bytes, &expected_s); /* Invoke the real function to construct a signature. */ - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig64, msg32, &keypairs[d - 1], rustsecp256k1_v0_3_1_hardened_nonce_function_smallint, &k)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig64, msg32, &keypairs[d - 1], rustsecp256k1_v0_4_0_hardened_nonce_function_smallint, &k)); /* The first 32 bytes must match the xonly pubkey for the specified k. */ - CHECK(memcmp(sig64, xonly_pubkey_bytes[k - 1], 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig64, xonly_pubkey_bytes[k - 1], 32) == 0); /* The last 32 bytes must match the expected s value. */ - CHECK(memcmp(sig64 + 32, expected_s_bytes, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig64 + 32, expected_s_bytes, 32) == 0); /* Don't retry other messages that result in the same challenge. */ e_done[e] = 1; ++e_count_done; @@ -175,28 +175,28 @@ static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_3_1_context * } } -static void test_exhaustive_schnorrsig(const rustsecp256k1_v0_3_1_context *ctx) { - rustsecp256k1_v0_3_1_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_3_1_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; +static void test_exhaustive_schnorrsig(const rustsecp256k1_v0_4_0_context *ctx) { + rustsecp256k1_v0_4_0_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; + rustsecp256k1_v0_4_0_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; int parity[EXHAUSTIVE_TEST_ORDER - 1]; unsigned char xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - 1][32]; unsigned i; /* Verify that all invalid_pubkey_bytes are actually invalid. */ for (i = 0; i < NUM_INVALID_KEYS; ++i) { - rustsecp256k1_v0_3_1_xonly_pubkey pk; - CHECK(!rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &pk, invalid_pubkey_bytes[i])); + rustsecp256k1_v0_4_0_xonly_pubkey pk; + CHECK(!rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &pk, invalid_pubkey_bytes[i])); } /* Construct keypairs and xonly-pubkeys for the entire group. */ for (i = 1; i < EXHAUSTIVE_TEST_ORDER; ++i) { - rustsecp256k1_v0_3_1_scalar scalar_i; + rustsecp256k1_v0_4_0_scalar scalar_i; unsigned char buf[32]; - rustsecp256k1_v0_3_1_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_3_1_scalar_get_b32(buf, &scalar_i); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair[i - 1], buf)); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parity[i - 1], &keypair[i - 1])); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); + rustsecp256k1_v0_4_0_scalar_set_int(&scalar_i, i); + rustsecp256k1_v0_4_0_scalar_get_b32(buf, &scalar_i); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair[i - 1], buf)); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parity[i - 1], &keypair[i - 1])); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); } test_exhaustive_schnorrsig_sign(ctx, xonly_pubkey_bytes, keypair, parity); diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h index 3d5d94b83..0fabecfcb 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_ #define _SECP256K1_MODULE_SCHNORRSIG_TESTS_ @@ -15,28 +15,28 @@ void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { unsigned char nonces[2][32]; CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1); - rustsecp256k1_v0_3_1_testrand_flip(args[n_flip], n_bytes); + rustsecp256k1_v0_4_0_testrand_flip(args[n_flip], n_bytes); CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1); - CHECK(memcmp(nonces[0], nonces[1], 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonces[0], nonces[1], 32) != 0); } /* Tests for the equality of two sha256 structs. This function only produces a * correct result if an integer multiple of 64 many bytes have been written * into the hash functions. */ -void test_sha256_eq(const rustsecp256k1_v0_3_1_sha256 *sha1, const rustsecp256k1_v0_3_1_sha256 *sha2) { +void test_sha256_eq(const rustsecp256k1_v0_4_0_sha256 *sha1, const rustsecp256k1_v0_4_0_sha256 *sha2) { /* Is buffer fully consumed? */ CHECK((sha1->bytes & 0x3F) == 0); CHECK(sha1->bytes == sha2->bytes); - CHECK(memcmp(sha1->s, sha2->s, sizeof(sha1->s)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sha1->s, sha2->s, sizeof(sha1->s)) == 0); } void run_nonce_function_bip340_tests(void) { unsigned char tag[13] = "BIP0340/nonce"; unsigned char aux_tag[11] = "BIP0340/aux"; unsigned char algo16[16] = "BIP0340/nonce\0\0\0"; - rustsecp256k1_v0_3_1_sha256 sha; - rustsecp256k1_v0_3_1_sha256 sha_optimized; + rustsecp256k1_v0_4_0_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha_optimized; unsigned char nonce[32]; unsigned char msg[32]; unsigned char key[32]; @@ -46,23 +46,23 @@ void run_nonce_function_bip340_tests(void) { int i; /* Check that hash initialized by - * rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged has the expected + * rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged has the expected * state. */ - rustsecp256k1_v0_3_1_sha256_initialize_tagged(&sha, tag, sizeof(tag)); - rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged(&sha_optimized); + rustsecp256k1_v0_4_0_sha256_initialize_tagged(&sha, tag, sizeof(tag)); + rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged(&sha_optimized); test_sha256_eq(&sha, &sha_optimized); /* Check that hash initialized by - * rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged_aux has the expected + * rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged_aux has the expected * state. */ - rustsecp256k1_v0_3_1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); - rustsecp256k1_v0_3_1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); + rustsecp256k1_v0_4_0_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); + rustsecp256k1_v0_4_0_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); test_sha256_eq(&sha, &sha_optimized); - rustsecp256k1_v0_3_1_testrand256(msg); - rustsecp256k1_v0_3_1_testrand256(key); - rustsecp256k1_v0_3_1_testrand256(pk); - rustsecp256k1_v0_3_1_testrand256(aux_rand); + rustsecp256k1_v0_4_0_testrand256(msg); + rustsecp256k1_v0_4_0_testrand256(key); + rustsecp256k1_v0_4_0_testrand256(pk); + rustsecp256k1_v0_4_0_testrand256(aux_rand); /* Check that a bitflip in an argument results in different nonces. */ args[0] = msg; @@ -102,89 +102,89 @@ void test_schnorrsig_api(void) { unsigned char sk2[32]; unsigned char sk3[32]; unsigned char msg[32]; - rustsecp256k1_v0_3_1_keypair keypairs[3]; - rustsecp256k1_v0_3_1_keypair invalid_keypair = { 0 }; - rustsecp256k1_v0_3_1_xonly_pubkey pk[3]; - rustsecp256k1_v0_3_1_xonly_pubkey zero_pk; + rustsecp256k1_v0_4_0_keypair keypairs[3]; + rustsecp256k1_v0_4_0_keypair invalid_keypair = { 0 }; + rustsecp256k1_v0_4_0_xonly_pubkey pk[3]; + rustsecp256k1_v0_4_0_xonly_pubkey zero_pk; unsigned char sig[64]; /** setup **/ - rustsecp256k1_v0_3_1_context *none = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_NONE); - rustsecp256k1_v0_3_1_context *sign = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN); - rustsecp256k1_v0_3_1_context *vrfy = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY); - rustsecp256k1_v0_3_1_context *both = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + rustsecp256k1_v0_4_0_context *none = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_NONE); + rustsecp256k1_v0_4_0_context *sign = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN); + rustsecp256k1_v0_4_0_context *vrfy = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY); + rustsecp256k1_v0_4_0_context *both = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); int ecount; - rustsecp256k1_v0_3_1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); - - rustsecp256k1_v0_3_1_testrand256(sk1); - rustsecp256k1_v0_3_1_testrand256(sk2); - rustsecp256k1_v0_3_1_testrand256(sk3); - rustsecp256k1_v0_3_1_testrand256(msg); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypairs[0], sk1) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypairs[1], sk2) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypairs[2], sk3) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); + rustsecp256k1_v0_4_0_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); + + rustsecp256k1_v0_4_0_testrand256(sk1); + rustsecp256k1_v0_4_0_testrand256(sk2); + rustsecp256k1_v0_4_0_testrand256(sk3); + rustsecp256k1_v0_4_0_testrand256(msg); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypairs[0], sk1) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypairs[1], sk2) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypairs[2], sk3) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); memset(&zero_pk, 0, sizeof(zero_pk)); /** main test body **/ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(none, sig, msg, &keypairs[0], NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(none, sig, msg, &keypairs[0], NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(vrfy, sig, msg, &keypairs[0], NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(vrfy, sig, msg, &keypairs[0], NULL, NULL) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL, NULL) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, NULL, msg, &keypairs[0], NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, NULL, msg, &keypairs[0], NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, sig, NULL, &keypairs[0], NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, sig, NULL, &keypairs[0], NULL, NULL) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, sig, msg, NULL, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, sig, msg, NULL, NULL, NULL) == 0); CHECK(ecount == 5); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, sig, msg, &invalid_keypair, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, sig, msg, &invalid_keypair, NULL, NULL) == 0); CHECK(ecount == 6); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(none, sig, msg, &pk[0]) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(none, sig, msg, &pk[0]) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(sign, sig, msg, &pk[0]) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(sign, sig, msg, &pk[0]) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(vrfy, sig, msg, &pk[0]) == 1); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(vrfy, sig, msg, &pk[0]) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(vrfy, NULL, msg, &pk[0]) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(vrfy, NULL, msg, &pk[0]) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(vrfy, sig, NULL, &pk[0]) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(vrfy, sig, NULL, &pk[0]) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(vrfy, sig, msg, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(vrfy, sig, msg, NULL) == 0); CHECK(ecount == 5); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(vrfy, sig, msg, &zero_pk) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(vrfy, sig, msg, &zero_pk) == 0); CHECK(ecount == 6); - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(vrfy); - rustsecp256k1_v0_3_1_context_destroy(both); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(vrfy); + rustsecp256k1_v0_4_0_context_destroy(both); } -/* Checks that hash initialized by rustsecp256k1_v0_3_1_schnorrsig_sha256_tagged has the +/* Checks that hash initialized by rustsecp256k1_v0_4_0_schnorrsig_sha256_tagged has the * expected state. */ void test_schnorrsig_sha256_tagged(void) { char tag[17] = "BIP0340/challenge"; - rustsecp256k1_v0_3_1_sha256 sha; - rustsecp256k1_v0_3_1_sha256 sha_optimized; + rustsecp256k1_v0_4_0_sha256 sha; + rustsecp256k1_v0_4_0_sha256 sha_optimized; - rustsecp256k1_v0_3_1_sha256_initialize_tagged(&sha, (unsigned char *) tag, sizeof(tag)); - rustsecp256k1_v0_3_1_schnorrsig_sha256_tagged(&sha_optimized); + rustsecp256k1_v0_4_0_sha256_initialize_tagged(&sha, (unsigned char *) tag, sizeof(tag)); + rustsecp256k1_v0_4_0_schnorrsig_sha256_tagged(&sha_optimized); test_sha256_eq(&sha, &sha_optimized); } @@ -192,26 +192,26 @@ void test_schnorrsig_sha256_tagged(void) { * Signs the message and checks that it's the same as expected_sig. */ void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const unsigned char *pk_serialized, unsigned char *aux_rand, const unsigned char *msg, const unsigned char *expected_sig) { unsigned char sig[64]; - rustsecp256k1_v0_3_1_keypair keypair; - rustsecp256k1_v0_3_1_xonly_pubkey pk, pk_expected; + rustsecp256k1_v0_4_0_keypair keypair; + rustsecp256k1_v0_4_0_xonly_pubkey pk, pk_expected; - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, aux_rand)); - CHECK(memcmp(sig, expected_sig, 64) == 0); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, aux_rand)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig, expected_sig, 64) == 0); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &pk_expected, pk_serialized)); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); - CHECK(memcmp(&pk, &pk_expected, sizeof(pk)) == 0); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig, msg, &pk)); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &pk_expected, pk_serialized)); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig, msg, &pk)); } /* Helper function for schnorrsig_bip_vectors * Checks that both verify and verify_batch (TODO) return the same value as expected. */ void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected) { - rustsecp256k1_v0_3_1_xonly_pubkey pk; + rustsecp256k1_v0_4_0_xonly_pubkey pk; - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &pk, pk_serialized)); - CHECK(expected == rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig, msg32, &pk)); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &pk, pk_serialized)); + CHECK(expected == rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig, msg32, &pk)); } /* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See @@ -407,9 +407,9 @@ void test_schnorrsig_bip_vectors(void) { 0xEB, 0x98, 0x98, 0xAE, 0x79, 0xB9, 0x76, 0x87, 0x66, 0xE4, 0xFA, 0xA0, 0x4A, 0x2D, 0x4A, 0x34 }; - rustsecp256k1_v0_3_1_xonly_pubkey pk_parsed; + rustsecp256k1_v0_4_0_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); + CHECK(!rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &pk_parsed, pk)); } { /* Test vector 6 */ @@ -627,9 +627,9 @@ void test_schnorrsig_bip_vectors(void) { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x30 }; - rustsecp256k1_v0_3_1_xonly_pubkey pk_parsed; + rustsecp256k1_v0_4_0_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); + CHECK(!rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &pk_parsed, pk)); } } @@ -670,24 +670,24 @@ static int nonce_function_overflowing(unsigned char *nonce32, const unsigned cha void test_schnorrsig_sign(void) { unsigned char sk[32]; - rustsecp256k1_v0_3_1_keypair keypair; + rustsecp256k1_v0_4_0_keypair keypair; const unsigned char msg[32] = "this is a msg for a schnorrsig.."; unsigned char sig[64]; unsigned char zeros64[64] = { 0 }; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); /* Test different nonce functions */ memset(sig, 1, sizeof(sig)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0); - CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig, zeros64, sizeof(sig)) == 0); memset(&sig, 1, sizeof(sig)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_0, NULL) == 0); - CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_overflowing, NULL) == 1); - CHECK(memcmp(sig, zeros64, sizeof(sig)) != 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_0, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig, zeros64, sizeof(sig)) == 0); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_overflowing, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(sig, zeros64, sizeof(sig)) != 0); } #define N_SIGS 3 @@ -699,66 +699,66 @@ void test_schnorrsig_sign_verify(void) { unsigned char msg[N_SIGS][32]; unsigned char sig[N_SIGS][64]; size_t i; - rustsecp256k1_v0_3_1_keypair keypair; - rustsecp256k1_v0_3_1_xonly_pubkey pk; - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_keypair keypair; + rustsecp256k1_v0_4_0_xonly_pubkey pk; + rustsecp256k1_v0_4_0_scalar s; - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk)); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk)); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); for (i = 0; i < N_SIGS; i++) { - rustsecp256k1_v0_3_1_testrand256(msg[i]); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[i], msg[i], &pk)); + rustsecp256k1_v0_4_0_testrand256(msg[i]); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[i], msg[i], &pk)); } { /* Flip a few bits in the signature and in the message and check that * verify and verify_batch (TODO) fail */ - size_t sig_idx = rustsecp256k1_v0_3_1_testrand_int(N_SIGS); - size_t byte_idx = rustsecp256k1_v0_3_1_testrand_int(32); - unsigned char xorbyte = rustsecp256k1_v0_3_1_testrand_int(254)+1; + size_t sig_idx = rustsecp256k1_v0_4_0_testrand_int(N_SIGS); + size_t byte_idx = rustsecp256k1_v0_4_0_testrand_int(32); + unsigned char xorbyte = rustsecp256k1_v0_4_0_testrand_int(254)+1; sig[sig_idx][byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); + CHECK(!rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); sig[sig_idx][byte_idx] ^= xorbyte; - byte_idx = rustsecp256k1_v0_3_1_testrand_int(32); + byte_idx = rustsecp256k1_v0_4_0_testrand_int(32); sig[sig_idx][32+byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); + CHECK(!rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); sig[sig_idx][32+byte_idx] ^= xorbyte; - byte_idx = rustsecp256k1_v0_3_1_testrand_int(32); + byte_idx = rustsecp256k1_v0_4_0_testrand_int(32); msg[sig_idx][byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); + CHECK(!rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); msg[sig_idx][byte_idx] ^= xorbyte; /* Check that above bitflips have been reversed correctly */ - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); } /* Test overflowing s */ - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); memset(&sig[0][32], 0xFF, 32); - CHECK(!rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); + CHECK(!rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); /* Test negative s */ - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL, NULL)); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); - rustsecp256k1_v0_3_1_scalar_set_b32(&s, &sig[0][32], NULL); - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); - rustsecp256k1_v0_3_1_scalar_get_b32(&sig[0][32], &s); - CHECK(!rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL, NULL)); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, &sig[0][32], NULL); + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig[0][32], &s); + CHECK(!rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig[0], msg[0], &pk)); } #undef N_SIGS void test_schnorrsig_taproot(void) { unsigned char sk[32]; - rustsecp256k1_v0_3_1_keypair keypair; - rustsecp256k1_v0_3_1_xonly_pubkey internal_pk; + rustsecp256k1_v0_4_0_keypair keypair; + rustsecp256k1_v0_4_0_xonly_pubkey internal_pk; unsigned char internal_pk_bytes[32]; - rustsecp256k1_v0_3_1_xonly_pubkey output_pk; + rustsecp256k1_v0_4_0_xonly_pubkey output_pk; unsigned char output_pk_bytes[32]; unsigned char tweak[32]; int pk_parity; @@ -766,27 +766,27 @@ void test_schnorrsig_taproot(void) { unsigned char sig[64]; /* Create output key */ - rustsecp256k1_v0_3_1_testrand256(sk); - CHECK(rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); + rustsecp256k1_v0_4_0_testrand256(sk); + CHECK(rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, sk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); /* In actual taproot the tweak would be hash of internal_pk */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_3_1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); /* Key spend */ - rustsecp256k1_v0_3_1_testrand256(msg); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); + rustsecp256k1_v0_4_0_testrand256(msg); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); /* Verify key spend */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); - CHECK(rustsecp256k1_v0_3_1_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); + CHECK(rustsecp256k1_v0_4_0_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1); /* Script spend */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); /* Verify script spend */ - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_parse(ctx, &internal_pk, internal_pk_bytes) == 1); - CHECK(rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check(ctx, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_parse(ctx, &internal_pk, internal_pk_bytes) == 1); + CHECK(rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check(ctx, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); } void run_schnorrsig_tests(void) { diff --git a/secp256k1-sys/depend/secp256k1/src/num.h b/secp256k1-sys/depend/secp256k1/src/num.h index 1c1a40781..b0bb88ee4 100644 --- a/secp256k1-sys/depend/secp256k1/src/num.h +++ b/secp256k1-sys/depend/secp256k1/src/num.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_NUM_H #define SECP256K1_NUM_H @@ -20,54 +20,54 @@ #endif /** Copy a number. */ -static void rustsecp256k1_v0_3_1_num_copy(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a); +static void rustsecp256k1_v0_4_0_num_copy(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a); /** Convert a number's absolute value to a binary big-endian string. * There must be enough place. */ -static void rustsecp256k1_v0_3_1_num_get_bin(unsigned char *r, unsigned int rlen, const rustsecp256k1_v0_3_1_num *a); +static void rustsecp256k1_v0_4_0_num_get_bin(unsigned char *r, unsigned int rlen, const rustsecp256k1_v0_4_0_num *a); /** Set a number to the value of a binary big-endian string. */ -static void rustsecp256k1_v0_3_1_num_set_bin(rustsecp256k1_v0_3_1_num *r, const unsigned char *a, unsigned int alen); +static void rustsecp256k1_v0_4_0_num_set_bin(rustsecp256k1_v0_4_0_num *r, const unsigned char *a, unsigned int alen); /** Compute a modular inverse. The input must be less than the modulus. */ -static void rustsecp256k1_v0_3_1_num_mod_inverse(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *m); +static void rustsecp256k1_v0_4_0_num_mod_inverse(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *m); /** Compute the jacobi symbol (a|b). b must be positive and odd. */ -static int rustsecp256k1_v0_3_1_num_jacobi(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static int rustsecp256k1_v0_4_0_num_jacobi(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Compare the absolute value of two numbers. */ -static int rustsecp256k1_v0_3_1_num_cmp(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static int rustsecp256k1_v0_4_0_num_cmp(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Test whether two number are equal (including sign). */ -static int rustsecp256k1_v0_3_1_num_eq(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static int rustsecp256k1_v0_4_0_num_eq(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Add two (signed) numbers. */ -static void rustsecp256k1_v0_3_1_num_add(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static void rustsecp256k1_v0_4_0_num_add(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Subtract two (signed) numbers. */ -static void rustsecp256k1_v0_3_1_num_sub(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static void rustsecp256k1_v0_4_0_num_sub(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Multiply two (signed) numbers. */ -static void rustsecp256k1_v0_3_1_num_mul(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b); +static void rustsecp256k1_v0_4_0_num_mul(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b); /** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1, even if r was negative. */ -static void rustsecp256k1_v0_3_1_num_mod(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *m); +static void rustsecp256k1_v0_4_0_num_mod(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *m); /** Right-shift the passed number by bits bits. */ -static void rustsecp256k1_v0_3_1_num_shift(rustsecp256k1_v0_3_1_num *r, int bits); +static void rustsecp256k1_v0_4_0_num_shift(rustsecp256k1_v0_4_0_num *r, int bits); /** Check whether a number is zero. */ -static int rustsecp256k1_v0_3_1_num_is_zero(const rustsecp256k1_v0_3_1_num *a); +static int rustsecp256k1_v0_4_0_num_is_zero(const rustsecp256k1_v0_4_0_num *a); /** Check whether a number is one. */ -static int rustsecp256k1_v0_3_1_num_is_one(const rustsecp256k1_v0_3_1_num *a); +static int rustsecp256k1_v0_4_0_num_is_one(const rustsecp256k1_v0_4_0_num *a); /** Check whether a number is strictly negative. */ -static int rustsecp256k1_v0_3_1_num_is_neg(const rustsecp256k1_v0_3_1_num *a); +static int rustsecp256k1_v0_4_0_num_is_neg(const rustsecp256k1_v0_4_0_num *a); /** Change a number's sign. */ -static void rustsecp256k1_v0_3_1_num_negate(rustsecp256k1_v0_3_1_num *r); +static void rustsecp256k1_v0_4_0_num_negate(rustsecp256k1_v0_4_0_num *r); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/num_gmp.h b/secp256k1-sys/depend/secp256k1/src/num_gmp.h index daea74dd4..a42bef135 100644 --- a/secp256k1-sys/depend/secp256k1/src/num_gmp.h +++ b/secp256k1-sys/depend/secp256k1/src/num_gmp.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_NUM_REPR_H #define SECP256K1_NUM_REPR_H @@ -15,6 +15,6 @@ typedef struct { mp_limb_t data[2*NUM_LIMBS]; int neg; int limbs; -} rustsecp256k1_v0_3_1_num; +} rustsecp256k1_v0_4_0_num; #endif /* SECP256K1_NUM_REPR_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/num_gmp_impl.h b/secp256k1-sys/depend/secp256k1/src/num_gmp_impl.h index 25c8128d0..cef48dd4f 100644 --- a/secp256k1-sys/depend/secp256k1/src/num_gmp_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/num_gmp_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_NUM_REPR_IMPL_H #define SECP256K1_NUM_REPR_IMPL_H @@ -15,18 +15,18 @@ #include "num.h" #ifdef VERIFY -static void rustsecp256k1_v0_3_1_num_sanity(const rustsecp256k1_v0_3_1_num *a) { +static void rustsecp256k1_v0_4_0_num_sanity(const rustsecp256k1_v0_4_0_num *a) { VERIFY_CHECK(a->limbs == 1 || (a->limbs > 1 && a->data[a->limbs-1] != 0)); } #else -#define rustsecp256k1_v0_3_1_num_sanity(a) do { } while(0) +#define rustsecp256k1_v0_4_0_num_sanity(a) do { } while(0) #endif -static void rustsecp256k1_v0_3_1_num_copy(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a) { +static void rustsecp256k1_v0_4_0_num_copy(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a) { *r = *a; } -static void rustsecp256k1_v0_3_1_num_get_bin(unsigned char *r, unsigned int rlen, const rustsecp256k1_v0_3_1_num *a) { +static void rustsecp256k1_v0_4_0_num_get_bin(unsigned char *r, unsigned int rlen, const rustsecp256k1_v0_4_0_num *a) { unsigned char tmp[65]; int len = 0; int shift = 0; @@ -42,7 +42,7 @@ static void rustsecp256k1_v0_3_1_num_get_bin(unsigned char *r, unsigned int rlen memset(tmp, 0, sizeof(tmp)); } -static void rustsecp256k1_v0_3_1_num_set_bin(rustsecp256k1_v0_3_1_num *r, const unsigned char *a, unsigned int alen) { +static void rustsecp256k1_v0_4_0_num_set_bin(rustsecp256k1_v0_4_0_num *r, const unsigned char *a, unsigned int alen) { int len; VERIFY_CHECK(alen > 0); VERIFY_CHECK(alen <= 64); @@ -59,7 +59,7 @@ static void rustsecp256k1_v0_3_1_num_set_bin(rustsecp256k1_v0_3_1_num *r, const } } -static void rustsecp256k1_v0_3_1_num_add_abs(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static void rustsecp256k1_v0_4_0_num_add_abs(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { mp_limb_t c = mpn_add(r->data, a->data, a->limbs, b->data, b->limbs); r->limbs = a->limbs; if (c != 0) { @@ -68,7 +68,7 @@ static void rustsecp256k1_v0_3_1_num_add_abs(rustsecp256k1_v0_3_1_num *r, const } } -static void rustsecp256k1_v0_3_1_num_sub_abs(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static void rustsecp256k1_v0_4_0_num_sub_abs(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { mp_limb_t c = mpn_sub(r->data, a->data, a->limbs, b->data, b->limbs); (void)c; VERIFY_CHECK(c == 0); @@ -78,9 +78,9 @@ static void rustsecp256k1_v0_3_1_num_sub_abs(rustsecp256k1_v0_3_1_num *r, const } } -static void rustsecp256k1_v0_3_1_num_mod(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *m) { - rustsecp256k1_v0_3_1_num_sanity(r); - rustsecp256k1_v0_3_1_num_sanity(m); +static void rustsecp256k1_v0_4_0_num_mod(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *m) { + rustsecp256k1_v0_4_0_num_sanity(r); + rustsecp256k1_v0_4_0_num_sanity(m); if (r->limbs >= m->limbs) { mp_limb_t t[2*NUM_LIMBS]; @@ -93,20 +93,20 @@ static void rustsecp256k1_v0_3_1_num_mod(rustsecp256k1_v0_3_1_num *r, const rust } if (r->neg && (r->limbs > 1 || r->data[0] != 0)) { - rustsecp256k1_v0_3_1_num_sub_abs(r, m, r); + rustsecp256k1_v0_4_0_num_sub_abs(r, m, r); r->neg = 0; } } -static void rustsecp256k1_v0_3_1_num_mod_inverse(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *m) { +static void rustsecp256k1_v0_4_0_num_mod_inverse(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *m) { int i; mp_limb_t g[NUM_LIMBS+1]; mp_limb_t u[NUM_LIMBS+1]; mp_limb_t v[NUM_LIMBS+1]; mp_size_t sn; mp_size_t gn; - rustsecp256k1_v0_3_1_num_sanity(a); - rustsecp256k1_v0_3_1_num_sanity(m); + rustsecp256k1_v0_4_0_num_sanity(a); + rustsecp256k1_v0_4_0_num_sanity(m); /** mpn_gcdext computes: (G,S) = gcdext(U,V), where * * G = gcd(U,V) @@ -144,11 +144,11 @@ static void rustsecp256k1_v0_3_1_num_mod_inverse(rustsecp256k1_v0_3_1_num *r, co memset(v, 0, sizeof(v)); } -static int rustsecp256k1_v0_3_1_num_jacobi(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static int rustsecp256k1_v0_4_0_num_jacobi(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { int ret; mpz_t ga, gb; - rustsecp256k1_v0_3_1_num_sanity(a); - rustsecp256k1_v0_3_1_num_sanity(b); + rustsecp256k1_v0_4_0_num_sanity(a); + rustsecp256k1_v0_4_0_num_sanity(b); VERIFY_CHECK(!b->neg && (b->limbs > 0) && (b->data[0] & 1)); mpz_inits(ga, gb, NULL); @@ -166,19 +166,19 @@ static int rustsecp256k1_v0_3_1_num_jacobi(const rustsecp256k1_v0_3_1_num *a, co return ret; } -static int rustsecp256k1_v0_3_1_num_is_one(const rustsecp256k1_v0_3_1_num *a) { +static int rustsecp256k1_v0_4_0_num_is_one(const rustsecp256k1_v0_4_0_num *a) { return (a->limbs == 1 && a->data[0] == 1); } -static int rustsecp256k1_v0_3_1_num_is_zero(const rustsecp256k1_v0_3_1_num *a) { +static int rustsecp256k1_v0_4_0_num_is_zero(const rustsecp256k1_v0_4_0_num *a) { return (a->limbs == 1 && a->data[0] == 0); } -static int rustsecp256k1_v0_3_1_num_is_neg(const rustsecp256k1_v0_3_1_num *a) { +static int rustsecp256k1_v0_4_0_num_is_neg(const rustsecp256k1_v0_4_0_num *a) { return (a->limbs > 1 || a->data[0] != 0) && a->neg; } -static int rustsecp256k1_v0_3_1_num_cmp(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static int rustsecp256k1_v0_4_0_num_cmp(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { if (a->limbs > b->limbs) { return 1; } @@ -188,54 +188,54 @@ static int rustsecp256k1_v0_3_1_num_cmp(const rustsecp256k1_v0_3_1_num *a, const return mpn_cmp(a->data, b->data, a->limbs); } -static int rustsecp256k1_v0_3_1_num_eq(const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static int rustsecp256k1_v0_4_0_num_eq(const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { if (a->limbs > b->limbs) { return 0; } if (a->limbs < b->limbs) { return 0; } - if ((a->neg && !rustsecp256k1_v0_3_1_num_is_zero(a)) != (b->neg && !rustsecp256k1_v0_3_1_num_is_zero(b))) { + if ((a->neg && !rustsecp256k1_v0_4_0_num_is_zero(a)) != (b->neg && !rustsecp256k1_v0_4_0_num_is_zero(b))) { return 0; } return mpn_cmp(a->data, b->data, a->limbs) == 0; } -static void rustsecp256k1_v0_3_1_num_subadd(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b, int bneg) { +static void rustsecp256k1_v0_4_0_num_subadd(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b, int bneg) { if (!(b->neg ^ bneg ^ a->neg)) { /* a and b have the same sign */ r->neg = a->neg; if (a->limbs >= b->limbs) { - rustsecp256k1_v0_3_1_num_add_abs(r, a, b); + rustsecp256k1_v0_4_0_num_add_abs(r, a, b); } else { - rustsecp256k1_v0_3_1_num_add_abs(r, b, a); + rustsecp256k1_v0_4_0_num_add_abs(r, b, a); } } else { - if (rustsecp256k1_v0_3_1_num_cmp(a, b) > 0) { + if (rustsecp256k1_v0_4_0_num_cmp(a, b) > 0) { r->neg = a->neg; - rustsecp256k1_v0_3_1_num_sub_abs(r, a, b); + rustsecp256k1_v0_4_0_num_sub_abs(r, a, b); } else { r->neg = b->neg ^ bneg; - rustsecp256k1_v0_3_1_num_sub_abs(r, b, a); + rustsecp256k1_v0_4_0_num_sub_abs(r, b, a); } } } -static void rustsecp256k1_v0_3_1_num_add(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { - rustsecp256k1_v0_3_1_num_sanity(a); - rustsecp256k1_v0_3_1_num_sanity(b); - rustsecp256k1_v0_3_1_num_subadd(r, a, b, 0); +static void rustsecp256k1_v0_4_0_num_add(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { + rustsecp256k1_v0_4_0_num_sanity(a); + rustsecp256k1_v0_4_0_num_sanity(b); + rustsecp256k1_v0_4_0_num_subadd(r, a, b, 0); } -static void rustsecp256k1_v0_3_1_num_sub(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { - rustsecp256k1_v0_3_1_num_sanity(a); - rustsecp256k1_v0_3_1_num_sanity(b); - rustsecp256k1_v0_3_1_num_subadd(r, a, b, 1); +static void rustsecp256k1_v0_4_0_num_sub(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { + rustsecp256k1_v0_4_0_num_sanity(a); + rustsecp256k1_v0_4_0_num_sanity(b); + rustsecp256k1_v0_4_0_num_subadd(r, a, b, 1); } -static void rustsecp256k1_v0_3_1_num_mul(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_num *a, const rustsecp256k1_v0_3_1_num *b) { +static void rustsecp256k1_v0_4_0_num_mul(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_num *a, const rustsecp256k1_v0_4_0_num *b) { mp_limb_t tmp[2*NUM_LIMBS+1]; - rustsecp256k1_v0_3_1_num_sanity(a); - rustsecp256k1_v0_3_1_num_sanity(b); + rustsecp256k1_v0_4_0_num_sanity(a); + rustsecp256k1_v0_4_0_num_sanity(b); VERIFY_CHECK(a->limbs + b->limbs <= 2*NUM_LIMBS+1); if ((a->limbs==1 && a->data[0]==0) || (b->limbs==1 && b->data[0]==0)) { @@ -259,7 +259,7 @@ static void rustsecp256k1_v0_3_1_num_mul(rustsecp256k1_v0_3_1_num *r, const rust memset(tmp, 0, sizeof(tmp)); } -static void rustsecp256k1_v0_3_1_num_shift(rustsecp256k1_v0_3_1_num *r, int bits) { +static void rustsecp256k1_v0_4_0_num_shift(rustsecp256k1_v0_4_0_num *r, int bits) { if (bits % GMP_NUMB_BITS) { /* Shift within limbs. */ mpn_rshift(r->data, r->data, r->limbs, bits % GMP_NUMB_BITS); @@ -281,7 +281,7 @@ static void rustsecp256k1_v0_3_1_num_shift(rustsecp256k1_v0_3_1_num *r, int bits } } -static void rustsecp256k1_v0_3_1_num_negate(rustsecp256k1_v0_3_1_num *r) { +static void rustsecp256k1_v0_4_0_num_negate(rustsecp256k1_v0_4_0_num *r) { r->neg ^= 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/num_impl.h b/secp256k1-sys/depend/secp256k1/src/num_impl.h index c45193b03..880598efe 100644 --- a/secp256k1-sys/depend/secp256k1/src/num_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/num_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_NUM_IMPL_H #define SECP256K1_NUM_IMPL_H diff --git a/secp256k1-sys/depend/secp256k1/src/scalar.h b/secp256k1-sys/depend/secp256k1/src/scalar.h index e7f87c500..a1f2c3a96 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_H #define SECP256K1_SCALAR_H @@ -25,94 +25,93 @@ #endif /** Clear a scalar to prevent the leak of sensitive data. */ -static void rustsecp256k1_v0_3_1_scalar_clear(rustsecp256k1_v0_3_1_scalar *r); +static void rustsecp256k1_v0_4_0_scalar_clear(rustsecp256k1_v0_4_0_scalar *r); /** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */ -static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count); +static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count); /** Access bits from a scalar. Not constant time. */ -static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits_var(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count); +static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits_var(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count); /** Set a scalar from a big endian byte array. The scalar will be reduced modulo group order `n`. * In: bin: pointer to a 32-byte array. * Out: r: scalar to be set. * overflow: non-zero if the scalar was bigger or equal to `n` before reduction, zero otherwise (can be NULL). */ -static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *bin, int *overflow); +static void rustsecp256k1_v0_4_0_scalar_set_b32(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *bin, int *overflow); /** Set a scalar from a big endian byte array and returns 1 if it is a valid * seckey and 0 otherwise. */ -static int rustsecp256k1_v0_3_1_scalar_set_b32_seckey(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *bin); +static int rustsecp256k1_v0_4_0_scalar_set_b32_seckey(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *bin); /** Set a scalar to an unsigned integer. */ -static void rustsecp256k1_v0_3_1_scalar_set_int(rustsecp256k1_v0_3_1_scalar *r, unsigned int v); +static void rustsecp256k1_v0_4_0_scalar_set_int(rustsecp256k1_v0_4_0_scalar *r, unsigned int v); /** Convert a scalar to a byte array. */ -static void rustsecp256k1_v0_3_1_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_3_1_scalar* a); +static void rustsecp256k1_v0_4_0_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_4_0_scalar* a); /** Add two scalars together (modulo the group order). Returns whether it overflowed. */ -static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b); +static int rustsecp256k1_v0_4_0_scalar_add(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b); /** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */ -static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, unsigned int bit, int flag); +static void rustsecp256k1_v0_4_0_scalar_cadd_bit(rustsecp256k1_v0_4_0_scalar *r, unsigned int bit, int flag); /** Multiply two scalars (modulo the group order). */ -static void rustsecp256k1_v0_3_1_scalar_mul(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b); +static void rustsecp256k1_v0_4_0_scalar_mul(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b); /** Shift a scalar right by some amount strictly between 0 and 16, returning * the low bits that were shifted off */ -static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, int n); +static int rustsecp256k1_v0_4_0_scalar_shr_int(rustsecp256k1_v0_4_0_scalar *r, int n); /** Compute the square of a scalar (modulo the group order). */ -static void rustsecp256k1_v0_3_1_scalar_sqr(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_scalar_sqr(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a); /** Compute the inverse of a scalar (modulo the group order). */ -static void rustsecp256k1_v0_3_1_scalar_inverse(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_scalar_inverse(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a); /** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */ -static void rustsecp256k1_v0_3_1_scalar_inverse_var(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_scalar_inverse_var(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a); /** Compute the complement of a scalar (modulo the group order). */ -static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_scalar_negate(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a); /** Check whether a scalar equals zero. */ -static int rustsecp256k1_v0_3_1_scalar_is_zero(const rustsecp256k1_v0_3_1_scalar *a); +static int rustsecp256k1_v0_4_0_scalar_is_zero(const rustsecp256k1_v0_4_0_scalar *a); /** Check whether a scalar equals one. */ -static int rustsecp256k1_v0_3_1_scalar_is_one(const rustsecp256k1_v0_3_1_scalar *a); +static int rustsecp256k1_v0_4_0_scalar_is_one(const rustsecp256k1_v0_4_0_scalar *a); /** Check whether a scalar, considered as an nonnegative integer, is even. */ -static int rustsecp256k1_v0_3_1_scalar_is_even(const rustsecp256k1_v0_3_1_scalar *a); +static int rustsecp256k1_v0_4_0_scalar_is_even(const rustsecp256k1_v0_4_0_scalar *a); /** Check whether a scalar is higher than the group order divided by 2. */ -static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar *a); +static int rustsecp256k1_v0_4_0_scalar_is_high(const rustsecp256k1_v0_4_0_scalar *a); /** Conditionally negate a number, in constant time. * Returns -1 if the number was negated, 1 otherwise */ -static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar *a, int flag); +static int rustsecp256k1_v0_4_0_scalar_cond_negate(rustsecp256k1_v0_4_0_scalar *a, int flag); #ifndef USE_NUM_NONE /** Convert a scalar to a number. */ -static void rustsecp256k1_v0_3_1_scalar_get_num(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_scalar *a); +static void rustsecp256k1_v0_4_0_scalar_get_num(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_scalar *a); /** Get the order of the group as a number. */ -static void rustsecp256k1_v0_3_1_scalar_order_get_num(rustsecp256k1_v0_3_1_num *r); +static void rustsecp256k1_v0_4_0_scalar_order_get_num(rustsecp256k1_v0_4_0_num *r); #endif /** Compare two scalars. */ -static int rustsecp256k1_v0_3_1_scalar_eq(const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b); +static int rustsecp256k1_v0_4_0_scalar_eq(const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b); -#ifdef USE_ENDOMORPHISM -/** Find r1 and r2 such that r1+r2*2^128 = a. */ -static void rustsecp256k1_v0_3_1_scalar_split_128(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a); -/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see rustsecp256k1_v0_3_1_gej_mul_lambda). */ -static void rustsecp256k1_v0_3_1_scalar_split_lambda(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a); -#endif +/** Find r1 and r2 such that r1+r2*2^128 = k. */ +static void rustsecp256k1_v0_4_0_scalar_split_128(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k); +/** Find r1 and r2 such that r1+r2*lambda = k, + * where r1 and r2 or their negations are maximum 128 bits long (see rustsecp256k1_v0_4_0_ge_mul_lambda). */ +static void rustsecp256k1_v0_4_0_scalar_split_lambda(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k); /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ -static void rustsecp256k1_v0_3_1_scalar_mul_shift_var(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b, unsigned int shift); +static void rustsecp256k1_v0_4_0_scalar_mul_shift_var(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b, unsigned int shift); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_3_1_scalar_cmov(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, int flag); +static void rustsecp256k1_v0_4_0_scalar_cmov(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, int flag); #endif /* SECP256K1_SCALAR_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h b/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h index 54220782e..1d5b49e81 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_H #define SECP256K1_SCALAR_REPR_H @@ -12,7 +12,7 @@ /** A scalar modulo the group order of the secp256k1 curve. */ typedef struct { uint64_t d[4]; -} rustsecp256k1_v0_3_1_scalar; +} rustsecp256k1_v0_4_0_scalar; #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}} diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h index 9f1787f81..47d328b5e 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_IMPL_H #define SECP256K1_SCALAR_REPR_IMPL_H @@ -24,37 +24,37 @@ #define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) #define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_clear(rustsecp256k1_v0_3_1_scalar *r) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_clear(rustsecp256k1_v0_4_0_scalar *r) { r->d[0] = 0; r->d[1] = 0; r->d[2] = 0; r->d[3] = 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_set_int(rustsecp256k1_v0_3_1_scalar *r, unsigned int v) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_set_int(rustsecp256k1_v0_4_0_scalar *r, unsigned int v) { r->d[0] = v; r->d[1] = 0; r->d[2] = 0; r->d[3] = 0; } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { VERIFY_CHECK((offset + count - 1) >> 6 == offset >> 6); return (a->d[offset >> 6] >> (offset & 0x3F)) & ((((uint64_t)1) << count) - 1); } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits_var(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits_var(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { VERIFY_CHECK(count < 32); VERIFY_CHECK(offset + count <= 256); if ((offset + count - 1) >> 6 == offset >> 6) { - return rustsecp256k1_v0_3_1_scalar_get_bits(a, offset, count); + return rustsecp256k1_v0_4_0_scalar_get_bits(a, offset, count); } else { VERIFY_CHECK((offset >> 6) + 1 < 4); return ((a->d[offset >> 6] >> (offset & 0x3F)) | (a->d[(offset >> 6) + 1] << (64 - (offset & 0x3F)))) & ((((uint64_t)1) << count) - 1); } } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_check_overflow(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_check_overflow(const rustsecp256k1_v0_4_0_scalar *a) { int yes = 0; int no = 0; no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */ @@ -66,7 +66,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_check_overflow(const rus return yes; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_reduce(rustsecp256k1_v0_3_1_scalar *r, unsigned int overflow) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_reduce(rustsecp256k1_v0_4_0_scalar *r, unsigned int overflow) { uint128_t t; VERIFY_CHECK(overflow <= 1); t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0; @@ -80,7 +80,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_reduce(rustsecp256k1_v0_ return overflow; } -static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static int rustsecp256k1_v0_4_0_scalar_add(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { int overflow; uint128_t t = (uint128_t)a->d[0] + b->d[0]; r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; @@ -90,13 +90,13 @@ static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; t += (uint128_t)a->d[3] + b->d[3]; r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; - overflow = t + rustsecp256k1_v0_3_1_scalar_check_overflow(r); + overflow = t + rustsecp256k1_v0_4_0_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); - rustsecp256k1_v0_3_1_scalar_reduce(r, overflow); + rustsecp256k1_v0_4_0_scalar_reduce(r, overflow); return overflow; } -static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, unsigned int bit, int flag) { +static void rustsecp256k1_v0_4_0_scalar_cadd_bit(rustsecp256k1_v0_4_0_scalar *r, unsigned int bit, int flag) { uint128_t t; VERIFY_CHECK(bit < 256); bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ @@ -110,35 +110,35 @@ static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; #ifdef VERIFY VERIFY_CHECK((t >> 64) == 0); - VERIFY_CHECK(rustsecp256k1_v0_3_1_scalar_check_overflow(r) == 0); + VERIFY_CHECK(rustsecp256k1_v0_4_0_scalar_check_overflow(r) == 0); #endif } -static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *b32, int *overflow) { +static void rustsecp256k1_v0_4_0_scalar_set_b32(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *b32, int *overflow) { int over; r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56; r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56; r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56; r->d[3] = (uint64_t)b32[7] | (uint64_t)b32[6] << 8 | (uint64_t)b32[5] << 16 | (uint64_t)b32[4] << 24 | (uint64_t)b32[3] << 32 | (uint64_t)b32[2] << 40 | (uint64_t)b32[1] << 48 | (uint64_t)b32[0] << 56; - over = rustsecp256k1_v0_3_1_scalar_reduce(r, rustsecp256k1_v0_3_1_scalar_check_overflow(r)); + over = rustsecp256k1_v0_4_0_scalar_reduce(r, rustsecp256k1_v0_4_0_scalar_check_overflow(r)); if (overflow) { *overflow = over; } } -static void rustsecp256k1_v0_3_1_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_3_1_scalar* a) { +static void rustsecp256k1_v0_4_0_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_4_0_scalar* a) { bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3]; bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2]; bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1]; bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_zero(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_zero(const rustsecp256k1_v0_4_0_scalar *a) { return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0; } -static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { - uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (rustsecp256k1_v0_3_1_scalar_is_zero(a) == 0); +static void rustsecp256k1_v0_4_0_scalar_negate(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { + uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (rustsecp256k1_v0_4_0_scalar_is_zero(a) == 0); uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1; r->d[0] = t & nonzero; t >>= 64; t += (uint128_t)(~a->d[1]) + SECP256K1_N_1; @@ -149,11 +149,11 @@ static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, c r->d[3] = t & nonzero; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_one(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_one(const rustsecp256k1_v0_4_0_scalar *a) { return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0; } -static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar *a) { +static int rustsecp256k1_v0_4_0_scalar_is_high(const rustsecp256k1_v0_4_0_scalar *a) { int yes = 0; int no = 0; no |= (a->d[3] < SECP256K1_N_H_3); @@ -165,11 +165,11 @@ static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar return yes; } -static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar *r, int flag) { +static int rustsecp256k1_v0_4_0_scalar_cond_negate(rustsecp256k1_v0_4_0_scalar *r, int flag) { /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_3_1_scalar_negate */ + * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_4_0_scalar_negate */ uint64_t mask = !flag - 1; - uint64_t nonzero = (rustsecp256k1_v0_3_1_scalar_is_zero(r) != 0) - 1; + uint64_t nonzero = (rustsecp256k1_v0_4_0_scalar_is_zero(r) != 0) - 1; uint128_t t = (uint128_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); r->d[0] = t & nonzero; t >>= 64; t += (uint128_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); @@ -267,7 +267,7 @@ static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar * VERIFY_CHECK(c2 == 0); \ } -static void rustsecp256k1_v0_3_1_scalar_reduce_512(rustsecp256k1_v0_3_1_scalar *r, const uint64_t *l) { +static void rustsecp256k1_v0_4_0_scalar_reduce_512(rustsecp256k1_v0_4_0_scalar *r, const uint64_t *l) { #ifdef USE_ASM_X86_64 /* Reduce 512 bits into 385. */ uint64_t m0, m1, m2, m3, m4, m5, m6; @@ -573,10 +573,10 @@ static void rustsecp256k1_v0_3_1_scalar_reduce_512(rustsecp256k1_v0_3_1_scalar * #endif /* Final reduction of r. */ - rustsecp256k1_v0_3_1_scalar_reduce(r, c + rustsecp256k1_v0_3_1_scalar_check_overflow(r)); + rustsecp256k1_v0_4_0_scalar_reduce(r, c + rustsecp256k1_v0_4_0_scalar_check_overflow(r)); } -static void rustsecp256k1_v0_3_1_scalar_mul_512(uint64_t l[8], const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static void rustsecp256k1_v0_4_0_scalar_mul_512(uint64_t l[8], const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { #ifdef USE_ASM_X86_64 const uint64_t *pb = b->d; __asm__ __volatile__( @@ -743,7 +743,7 @@ static void rustsecp256k1_v0_3_1_scalar_mul_512(uint64_t l[8], const rustsecp256 #endif } -static void rustsecp256k1_v0_3_1_scalar_sqr_512(uint64_t l[8], const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_sqr_512(uint64_t l[8], const rustsecp256k1_v0_4_0_scalar *a) { #ifdef USE_ASM_X86_64 __asm__ __volatile__( /* Preload */ @@ -888,13 +888,13 @@ static void rustsecp256k1_v0_3_1_scalar_sqr_512(uint64_t l[8], const rustsecp256 #undef extract #undef extract_fast -static void rustsecp256k1_v0_3_1_scalar_mul(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static void rustsecp256k1_v0_4_0_scalar_mul(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { uint64_t l[8]; - rustsecp256k1_v0_3_1_scalar_mul_512(l, a, b); - rustsecp256k1_v0_3_1_scalar_reduce_512(r, l); + rustsecp256k1_v0_4_0_scalar_mul_512(l, a, b); + rustsecp256k1_v0_4_0_scalar_reduce_512(r, l); } -static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, int n) { +static int rustsecp256k1_v0_4_0_scalar_shr_int(rustsecp256k1_v0_4_0_scalar *r, int n) { int ret; VERIFY_CHECK(n > 0); VERIFY_CHECK(n < 16); @@ -906,36 +906,34 @@ static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, i return ret; } -static void rustsecp256k1_v0_3_1_scalar_sqr(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_sqr(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { uint64_t l[8]; - rustsecp256k1_v0_3_1_scalar_sqr_512(l, a); - rustsecp256k1_v0_3_1_scalar_reduce_512(r, l); + rustsecp256k1_v0_4_0_scalar_sqr_512(l, a); + rustsecp256k1_v0_4_0_scalar_reduce_512(r, l); } -#ifdef USE_ENDOMORPHISM -static void rustsecp256k1_v0_3_1_scalar_split_128(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a) { - r1->d[0] = a->d[0]; - r1->d[1] = a->d[1]; +static void rustsecp256k1_v0_4_0_scalar_split_128(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k) { + r1->d[0] = k->d[0]; + r1->d[1] = k->d[1]; r1->d[2] = 0; r1->d[3] = 0; - r2->d[0] = a->d[2]; - r2->d[1] = a->d[3]; + r2->d[0] = k->d[2]; + r2->d[1] = k->d[3]; r2->d[2] = 0; r2->d[3] = 0; } -#endif -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_eq(const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_eq(const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3])) == 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_mul_shift_var(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b, unsigned int shift) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_mul_shift_var(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b, unsigned int shift) { uint64_t l[8]; unsigned int shiftlimbs; unsigned int shiftlow; unsigned int shifthigh; VERIFY_CHECK(shift >= 256); - rustsecp256k1_v0_3_1_scalar_mul_512(l, a, b); + rustsecp256k1_v0_4_0_scalar_mul_512(l, a, b); shiftlimbs = shift >> 6; shiftlow = shift & 0x3F; shifthigh = 64 - shiftlow; @@ -943,10 +941,10 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_mul_shift_var(rustsecp2 r->d[1] = shift < 448 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[2] = shift < 384 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[3] = shift < 320 ? (l[3 + shiftlimbs] >> shiftlow) : 0; - rustsecp256k1_v0_3_1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); + rustsecp256k1_v0_4_0_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_scalar_cmov(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_scalar_cmov(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, int flag) { uint64_t mask0, mask1; VG_CHECK_VERIFY(r->d, sizeof(r->d)); mask0 = flag + ~((uint64_t)0); diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h b/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h index fdfe5d305..35f754935 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_H #define SECP256K1_SCALAR_REPR_H @@ -12,7 +12,7 @@ /** A scalar modulo the group order of the secp256k1 curve. */ typedef struct { uint32_t d[8]; -} rustsecp256k1_v0_3_1_scalar; +} rustsecp256k1_v0_4_0_scalar; #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}} diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h index 80264bf72..44e380953 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_IMPL_H #define SECP256K1_SCALAR_REPR_IMPL_H @@ -34,7 +34,7 @@ #define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) #define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_clear(rustsecp256k1_v0_3_1_scalar *r) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_clear(rustsecp256k1_v0_4_0_scalar *r) { r->d[0] = 0; r->d[1] = 0; r->d[2] = 0; @@ -45,7 +45,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_clear(rustsecp256k1_v0_ r->d[7] = 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_set_int(rustsecp256k1_v0_3_1_scalar *r, unsigned int v) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_set_int(rustsecp256k1_v0_4_0_scalar *r, unsigned int v) { r->d[0] = v; r->d[1] = 0; r->d[2] = 0; @@ -56,23 +56,23 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_set_int(rustsecp256k1_v r->d[7] = 0; } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { VERIFY_CHECK((offset + count - 1) >> 5 == offset >> 5); return (a->d[offset >> 5] >> (offset & 0x1F)) & ((1 << count) - 1); } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits_var(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits_var(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { VERIFY_CHECK(count < 32); VERIFY_CHECK(offset + count <= 256); if ((offset + count - 1) >> 5 == offset >> 5) { - return rustsecp256k1_v0_3_1_scalar_get_bits(a, offset, count); + return rustsecp256k1_v0_4_0_scalar_get_bits(a, offset, count); } else { VERIFY_CHECK((offset >> 5) + 1 < 8); return ((a->d[offset >> 5] >> (offset & 0x1F)) | (a->d[(offset >> 5) + 1] << (32 - (offset & 0x1F)))) & ((((uint32_t)1) << count) - 1); } } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_check_overflow(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_check_overflow(const rustsecp256k1_v0_4_0_scalar *a) { int yes = 0; int no = 0; no |= (a->d[7] < SECP256K1_N_7); /* No need for a > check. */ @@ -90,7 +90,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_check_overflow(const rus return yes; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_reduce(rustsecp256k1_v0_3_1_scalar *r, uint32_t overflow) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_reduce(rustsecp256k1_v0_4_0_scalar *r, uint32_t overflow) { uint64_t t; VERIFY_CHECK(overflow <= 1); t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0; @@ -112,7 +112,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_reduce(rustsecp256k1_v0_ return overflow; } -static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static int rustsecp256k1_v0_4_0_scalar_add(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { int overflow; uint64_t t = (uint64_t)a->d[0] + b->d[0]; r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; @@ -130,13 +130,13 @@ static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; t += (uint64_t)a->d[7] + b->d[7]; r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; - overflow = t + rustsecp256k1_v0_3_1_scalar_check_overflow(r); + overflow = t + rustsecp256k1_v0_4_0_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); - rustsecp256k1_v0_3_1_scalar_reduce(r, overflow); + rustsecp256k1_v0_4_0_scalar_reduce(r, overflow); return overflow; } -static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, unsigned int bit, int flag) { +static void rustsecp256k1_v0_4_0_scalar_cadd_bit(rustsecp256k1_v0_4_0_scalar *r, unsigned int bit, int flag) { uint64_t t; VERIFY_CHECK(bit < 256); bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 5) > 7 makes this a noop */ @@ -158,11 +158,11 @@ static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, r->d[7] = t & 0xFFFFFFFFULL; #ifdef VERIFY VERIFY_CHECK((t >> 32) == 0); - VERIFY_CHECK(rustsecp256k1_v0_3_1_scalar_check_overflow(r) == 0); + VERIFY_CHECK(rustsecp256k1_v0_4_0_scalar_check_overflow(r) == 0); #endif } -static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *b32, int *overflow) { +static void rustsecp256k1_v0_4_0_scalar_set_b32(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *b32, int *overflow) { int over; r->d[0] = (uint32_t)b32[31] | (uint32_t)b32[30] << 8 | (uint32_t)b32[29] << 16 | (uint32_t)b32[28] << 24; r->d[1] = (uint32_t)b32[27] | (uint32_t)b32[26] << 8 | (uint32_t)b32[25] << 16 | (uint32_t)b32[24] << 24; @@ -172,13 +172,13 @@ static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, r->d[5] = (uint32_t)b32[11] | (uint32_t)b32[10] << 8 | (uint32_t)b32[9] << 16 | (uint32_t)b32[8] << 24; r->d[6] = (uint32_t)b32[7] | (uint32_t)b32[6] << 8 | (uint32_t)b32[5] << 16 | (uint32_t)b32[4] << 24; r->d[7] = (uint32_t)b32[3] | (uint32_t)b32[2] << 8 | (uint32_t)b32[1] << 16 | (uint32_t)b32[0] << 24; - over = rustsecp256k1_v0_3_1_scalar_reduce(r, rustsecp256k1_v0_3_1_scalar_check_overflow(r)); + over = rustsecp256k1_v0_4_0_scalar_reduce(r, rustsecp256k1_v0_4_0_scalar_check_overflow(r)); if (overflow) { *overflow = over; } } -static void rustsecp256k1_v0_3_1_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_3_1_scalar* a) { +static void rustsecp256k1_v0_4_0_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_4_0_scalar* a) { bin[0] = a->d[7] >> 24; bin[1] = a->d[7] >> 16; bin[2] = a->d[7] >> 8; bin[3] = a->d[7]; bin[4] = a->d[6] >> 24; bin[5] = a->d[6] >> 16; bin[6] = a->d[6] >> 8; bin[7] = a->d[6]; bin[8] = a->d[5] >> 24; bin[9] = a->d[5] >> 16; bin[10] = a->d[5] >> 8; bin[11] = a->d[5]; @@ -189,12 +189,12 @@ static void rustsecp256k1_v0_3_1_scalar_get_b32(unsigned char *bin, const rustse bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0]; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_zero(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_zero(const rustsecp256k1_v0_4_0_scalar *a) { return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; } -static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { - uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_3_1_scalar_is_zero(a) == 0); +static void rustsecp256k1_v0_4_0_scalar_negate(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { + uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_4_0_scalar_is_zero(a) == 0); uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; r->d[0] = t & nonzero; t >>= 32; t += (uint64_t)(~a->d[1]) + SECP256K1_N_1; @@ -213,11 +213,11 @@ static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, c r->d[7] = t & nonzero; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_one(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_one(const rustsecp256k1_v0_4_0_scalar *a) { return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; } -static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar *a) { +static int rustsecp256k1_v0_4_0_scalar_is_high(const rustsecp256k1_v0_4_0_scalar *a) { int yes = 0; int no = 0; no |= (a->d[7] < SECP256K1_N_H_7); @@ -235,11 +235,11 @@ static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar return yes; } -static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar *r, int flag) { +static int rustsecp256k1_v0_4_0_scalar_cond_negate(rustsecp256k1_v0_4_0_scalar *r, int flag) { /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_3_1_scalar_negate */ + * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_4_0_scalar_negate */ uint32_t mask = !flag - 1; - uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_3_1_scalar_is_zero(r) == 0); + uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_4_0_scalar_is_zero(r) == 0); uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); r->d[0] = t & nonzero; t >>= 32; t += (uint64_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); @@ -346,7 +346,7 @@ static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar * VERIFY_CHECK(c2 == 0); \ } -static void rustsecp256k1_v0_3_1_scalar_reduce_512(rustsecp256k1_v0_3_1_scalar *r, const uint32_t *l) { +static void rustsecp256k1_v0_4_0_scalar_reduce_512(rustsecp256k1_v0_4_0_scalar *r, const uint32_t *l) { uint64_t c; uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15]; uint32_t m0, m1, m2, m3, m4, m5, m6, m7, m8, m9, m10, m11, m12; @@ -485,10 +485,10 @@ static void rustsecp256k1_v0_3_1_scalar_reduce_512(rustsecp256k1_v0_3_1_scalar * r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; /* Final reduction of r. */ - rustsecp256k1_v0_3_1_scalar_reduce(r, c + rustsecp256k1_v0_3_1_scalar_check_overflow(r)); + rustsecp256k1_v0_4_0_scalar_reduce(r, c + rustsecp256k1_v0_4_0_scalar_check_overflow(r)); } -static void rustsecp256k1_v0_3_1_scalar_mul_512(uint32_t *l, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static void rustsecp256k1_v0_4_0_scalar_mul_512(uint32_t *l, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { /* 96 bit accumulator. */ uint32_t c0 = 0, c1 = 0, c2 = 0; @@ -576,7 +576,7 @@ static void rustsecp256k1_v0_3_1_scalar_mul_512(uint32_t *l, const rustsecp256k1 l[15] = c0; } -static void rustsecp256k1_v0_3_1_scalar_sqr_512(uint32_t *l, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_sqr_512(uint32_t *l, const rustsecp256k1_v0_4_0_scalar *a) { /* 96 bit accumulator. */ uint32_t c0 = 0, c1 = 0, c2 = 0; @@ -644,13 +644,13 @@ static void rustsecp256k1_v0_3_1_scalar_sqr_512(uint32_t *l, const rustsecp256k1 #undef extract #undef extract_fast -static void rustsecp256k1_v0_3_1_scalar_mul(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static void rustsecp256k1_v0_4_0_scalar_mul(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { uint32_t l[16]; - rustsecp256k1_v0_3_1_scalar_mul_512(l, a, b); - rustsecp256k1_v0_3_1_scalar_reduce_512(r, l); + rustsecp256k1_v0_4_0_scalar_mul_512(l, a, b); + rustsecp256k1_v0_4_0_scalar_reduce_512(r, l); } -static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, int n) { +static int rustsecp256k1_v0_4_0_scalar_shr_int(rustsecp256k1_v0_4_0_scalar *r, int n) { int ret; VERIFY_CHECK(n > 0); VERIFY_CHECK(n < 16); @@ -666,44 +666,42 @@ static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, i return ret; } -static void rustsecp256k1_v0_3_1_scalar_sqr(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_sqr(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { uint32_t l[16]; - rustsecp256k1_v0_3_1_scalar_sqr_512(l, a); - rustsecp256k1_v0_3_1_scalar_reduce_512(r, l); + rustsecp256k1_v0_4_0_scalar_sqr_512(l, a); + rustsecp256k1_v0_4_0_scalar_reduce_512(r, l); } -#ifdef USE_ENDOMORPHISM -static void rustsecp256k1_v0_3_1_scalar_split_128(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a) { - r1->d[0] = a->d[0]; - r1->d[1] = a->d[1]; - r1->d[2] = a->d[2]; - r1->d[3] = a->d[3]; +static void rustsecp256k1_v0_4_0_scalar_split_128(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k) { + r1->d[0] = k->d[0]; + r1->d[1] = k->d[1]; + r1->d[2] = k->d[2]; + r1->d[3] = k->d[3]; r1->d[4] = 0; r1->d[5] = 0; r1->d[6] = 0; r1->d[7] = 0; - r2->d[0] = a->d[4]; - r2->d[1] = a->d[5]; - r2->d[2] = a->d[6]; - r2->d[3] = a->d[7]; + r2->d[0] = k->d[4]; + r2->d[1] = k->d[5]; + r2->d[2] = k->d[6]; + r2->d[3] = k->d[7]; r2->d[4] = 0; r2->d[5] = 0; r2->d[6] = 0; r2->d[7] = 0; } -#endif -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_eq(const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_eq(const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_mul_shift_var(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b, unsigned int shift) { +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_mul_shift_var(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b, unsigned int shift) { uint32_t l[16]; unsigned int shiftlimbs; unsigned int shiftlow; unsigned int shifthigh; VERIFY_CHECK(shift >= 256); - rustsecp256k1_v0_3_1_scalar_mul_512(l, a, b); + rustsecp256k1_v0_4_0_scalar_mul_512(l, a, b); shiftlimbs = shift >> 5; shiftlow = shift & 0x1F; shifthigh = 32 - shiftlow; @@ -715,10 +713,10 @@ SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_mul_shift_var(rustsecp2 r->d[5] = shift < 352 ? (l[5 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[6 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[6] = shift < 320 ? (l[6 + shiftlimbs] >> shiftlow | (shift < 288 && shiftlow ? (l[7 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[7] = shift < 288 ? (l[7 + shiftlimbs] >> shiftlow) : 0; - rustsecp256k1_v0_3_1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); + rustsecp256k1_v0_4_0_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_scalar_cmov(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_scalar_cmov(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, int flag) { uint32_t mask0, mask1; VG_CHECK_VERIFY(r->d, sizeof(r->d)); mask0 = flag + ~((uint32_t)0); diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_impl.h index 1d06d6b35..ca80ef17b 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_impl.h @@ -1,12 +1,16 @@ -/********************************************************************** - * Copyright (c) 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_IMPL_H #define SECP256K1_SCALAR_IMPL_H +#ifdef VERIFY +#include +#endif + #include "scalar.h" #include "util.h" @@ -24,18 +28,18 @@ #error "Please select wide multiplication implementation" #endif -static const rustsecp256k1_v0_3_1_scalar rustsecp256k1_v0_3_1_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); -static const rustsecp256k1_v0_3_1_scalar rustsecp256k1_v0_3_1_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); +static const rustsecp256k1_v0_4_0_scalar rustsecp256k1_v0_4_0_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); +static const rustsecp256k1_v0_4_0_scalar rustsecp256k1_v0_4_0_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); #ifndef USE_NUM_NONE -static void rustsecp256k1_v0_3_1_scalar_get_num(rustsecp256k1_v0_3_1_num *r, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_get_num(rustsecp256k1_v0_4_0_num *r, const rustsecp256k1_v0_4_0_scalar *a) { unsigned char c[32]; - rustsecp256k1_v0_3_1_scalar_get_b32(c, a); - rustsecp256k1_v0_3_1_num_set_bin(r, c, 32); + rustsecp256k1_v0_4_0_scalar_get_b32(c, a); + rustsecp256k1_v0_4_0_num_set_bin(r, c, 32); } -/** secp256k1 curve order, see rustsecp256k1_v0_3_1_ecdsa_const_order_as_fe in ecdsa_impl.h */ -static void rustsecp256k1_v0_3_1_scalar_order_get_num(rustsecp256k1_v0_3_1_num *r) { +/** secp256k1 curve order, see rustsecp256k1_v0_4_0_ecdsa_const_order_as_fe in ecdsa_impl.h */ +static void rustsecp256k1_v0_4_0_scalar_order_get_num(rustsecp256k1_v0_4_0_num *r) { #if defined(EXHAUSTIVE_TEST_ORDER) static const unsigned char order[32] = { 0,0,0,0,0,0,0,0, @@ -51,17 +55,17 @@ static void rustsecp256k1_v0_3_1_scalar_order_get_num(rustsecp256k1_v0_3_1_num * 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 }; #endif - rustsecp256k1_v0_3_1_num_set_bin(r, order, 32); + rustsecp256k1_v0_4_0_num_set_bin(r, order, 32); } #endif -static int rustsecp256k1_v0_3_1_scalar_set_b32_seckey(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *bin) { +static int rustsecp256k1_v0_4_0_scalar_set_b32_seckey(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *bin) { int overflow; - rustsecp256k1_v0_3_1_scalar_set_b32(r, bin, &overflow); - return (!overflow) & (!rustsecp256k1_v0_3_1_scalar_is_zero(r)); + rustsecp256k1_v0_4_0_scalar_set_b32(r, bin, &overflow); + return (!overflow) & (!rustsecp256k1_v0_4_0_scalar_is_zero(r)); } -static void rustsecp256k1_v0_3_1_scalar_inverse(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *x) { +static void rustsecp256k1_v0_4_0_scalar_inverse(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *x) { #if defined(EXHAUSTIVE_TEST_ORDER) int i; *r = 0; @@ -73,186 +77,185 @@ static void rustsecp256k1_v0_3_1_scalar_inverse(rustsecp256k1_v0_3_1_scalar *r, VERIFY_CHECK(*r != 0); } #else - rustsecp256k1_v0_3_1_scalar *t; + rustsecp256k1_v0_4_0_scalar *t; int i; /* First compute xN as x ^ (2^N - 1) for some values of N, * and uM as x ^ M for some values of M. */ - rustsecp256k1_v0_3_1_scalar x2, x3, x6, x8, x14, x28, x56, x112, x126; - rustsecp256k1_v0_3_1_scalar u2, u5, u9, u11, u13; - - rustsecp256k1_v0_3_1_scalar_sqr(&u2, x); - rustsecp256k1_v0_3_1_scalar_mul(&x2, &u2, x); - rustsecp256k1_v0_3_1_scalar_mul(&u5, &u2, &x2); - rustsecp256k1_v0_3_1_scalar_mul(&x3, &u5, &u2); - rustsecp256k1_v0_3_1_scalar_mul(&u9, &x3, &u2); - rustsecp256k1_v0_3_1_scalar_mul(&u11, &u9, &u2); - rustsecp256k1_v0_3_1_scalar_mul(&u13, &u11, &u2); - - rustsecp256k1_v0_3_1_scalar_sqr(&x6, &u13); - rustsecp256k1_v0_3_1_scalar_sqr(&x6, &x6); - rustsecp256k1_v0_3_1_scalar_mul(&x6, &x6, &u11); - - rustsecp256k1_v0_3_1_scalar_sqr(&x8, &x6); - rustsecp256k1_v0_3_1_scalar_sqr(&x8, &x8); - rustsecp256k1_v0_3_1_scalar_mul(&x8, &x8, &x2); - - rustsecp256k1_v0_3_1_scalar_sqr(&x14, &x8); + rustsecp256k1_v0_4_0_scalar x2, x3, x6, x8, x14, x28, x56, x112, x126; + rustsecp256k1_v0_4_0_scalar u2, u5, u9, u11, u13; + + rustsecp256k1_v0_4_0_scalar_sqr(&u2, x); + rustsecp256k1_v0_4_0_scalar_mul(&x2, &u2, x); + rustsecp256k1_v0_4_0_scalar_mul(&u5, &u2, &x2); + rustsecp256k1_v0_4_0_scalar_mul(&x3, &u5, &u2); + rustsecp256k1_v0_4_0_scalar_mul(&u9, &x3, &u2); + rustsecp256k1_v0_4_0_scalar_mul(&u11, &u9, &u2); + rustsecp256k1_v0_4_0_scalar_mul(&u13, &u11, &u2); + + rustsecp256k1_v0_4_0_scalar_sqr(&x6, &u13); + rustsecp256k1_v0_4_0_scalar_sqr(&x6, &x6); + rustsecp256k1_v0_4_0_scalar_mul(&x6, &x6, &u11); + + rustsecp256k1_v0_4_0_scalar_sqr(&x8, &x6); + rustsecp256k1_v0_4_0_scalar_sqr(&x8, &x8); + rustsecp256k1_v0_4_0_scalar_mul(&x8, &x8, &x2); + + rustsecp256k1_v0_4_0_scalar_sqr(&x14, &x8); for (i = 0; i < 5; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&x14, &x14); + rustsecp256k1_v0_4_0_scalar_sqr(&x14, &x14); } - rustsecp256k1_v0_3_1_scalar_mul(&x14, &x14, &x6); + rustsecp256k1_v0_4_0_scalar_mul(&x14, &x14, &x6); - rustsecp256k1_v0_3_1_scalar_sqr(&x28, &x14); + rustsecp256k1_v0_4_0_scalar_sqr(&x28, &x14); for (i = 0; i < 13; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&x28, &x28); + rustsecp256k1_v0_4_0_scalar_sqr(&x28, &x28); } - rustsecp256k1_v0_3_1_scalar_mul(&x28, &x28, &x14); + rustsecp256k1_v0_4_0_scalar_mul(&x28, &x28, &x14); - rustsecp256k1_v0_3_1_scalar_sqr(&x56, &x28); + rustsecp256k1_v0_4_0_scalar_sqr(&x56, &x28); for (i = 0; i < 27; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&x56, &x56); + rustsecp256k1_v0_4_0_scalar_sqr(&x56, &x56); } - rustsecp256k1_v0_3_1_scalar_mul(&x56, &x56, &x28); + rustsecp256k1_v0_4_0_scalar_mul(&x56, &x56, &x28); - rustsecp256k1_v0_3_1_scalar_sqr(&x112, &x56); + rustsecp256k1_v0_4_0_scalar_sqr(&x112, &x56); for (i = 0; i < 55; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&x112, &x112); + rustsecp256k1_v0_4_0_scalar_sqr(&x112, &x112); } - rustsecp256k1_v0_3_1_scalar_mul(&x112, &x112, &x56); + rustsecp256k1_v0_4_0_scalar_mul(&x112, &x112, &x56); - rustsecp256k1_v0_3_1_scalar_sqr(&x126, &x112); + rustsecp256k1_v0_4_0_scalar_sqr(&x126, &x112); for (i = 0; i < 13; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(&x126, &x126); + rustsecp256k1_v0_4_0_scalar_sqr(&x126, &x126); } - rustsecp256k1_v0_3_1_scalar_mul(&x126, &x126, &x14); + rustsecp256k1_v0_4_0_scalar_mul(&x126, &x126, &x14); /* Then accumulate the final result (t starts at x126). */ t = &x126; for (i = 0; i < 3; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u5); /* 101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u5); /* 101 */ for (i = 0; i < 4; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 4; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u5); /* 101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u5); /* 101 */ for (i = 0; i < 5; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u11); /* 1011 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u11); /* 1011 */ for (i = 0; i < 4; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u11); /* 1011 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u11); /* 1011 */ for (i = 0; i < 4; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 5; i++) { /* 00 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 6; i++) { /* 00 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u13); /* 1101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u13); /* 1101 */ for (i = 0; i < 4; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u5); /* 101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u5); /* 101 */ for (i = 0; i < 3; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 5; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u9); /* 1001 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u9); /* 1001 */ for (i = 0; i < 6; i++) { /* 000 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u5); /* 101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u5); /* 101 */ for (i = 0; i < 10; i++) { /* 0000000 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 4; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x3); /* 111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x3); /* 111 */ for (i = 0; i < 9; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x8); /* 11111111 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x8); /* 11111111 */ for (i = 0; i < 5; i++) { /* 0 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u9); /* 1001 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u9); /* 1001 */ for (i = 0; i < 6; i++) { /* 00 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u11); /* 1011 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u11); /* 1011 */ for (i = 0; i < 4; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u13); /* 1101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u13); /* 1101 */ for (i = 0; i < 5; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &x2); /* 11 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &x2); /* 11 */ for (i = 0; i < 6; i++) { /* 00 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u13); /* 1101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u13); /* 1101 */ for (i = 0; i < 10; i++) { /* 000000 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u13); /* 1101 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u13); /* 1101 */ for (i = 0; i < 4; i++) { - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, &u9); /* 1001 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, &u9); /* 1001 */ for (i = 0; i < 6; i++) { /* 00000 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(t, t, x); /* 1 */ + rustsecp256k1_v0_4_0_scalar_mul(t, t, x); /* 1 */ for (i = 0; i < 8; i++) { /* 00 */ - rustsecp256k1_v0_3_1_scalar_sqr(t, t); + rustsecp256k1_v0_4_0_scalar_sqr(t, t); } - rustsecp256k1_v0_3_1_scalar_mul(r, t, &x6); /* 111111 */ + rustsecp256k1_v0_4_0_scalar_mul(r, t, &x6); /* 111111 */ } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_even(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_even(const rustsecp256k1_v0_4_0_scalar *a) { return !(a->d[0] & 1); } #endif -static void rustsecp256k1_v0_3_1_scalar_inverse_var(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *x) { +static void rustsecp256k1_v0_4_0_scalar_inverse_var(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *x) { #if defined(USE_SCALAR_INV_BUILTIN) - rustsecp256k1_v0_3_1_scalar_inverse(r, x); + rustsecp256k1_v0_4_0_scalar_inverse(r, x); #elif defined(USE_SCALAR_INV_NUM) unsigned char b[32]; - rustsecp256k1_v0_3_1_num n, m; - rustsecp256k1_v0_3_1_scalar t = *x; - rustsecp256k1_v0_3_1_scalar_get_b32(b, &t); - rustsecp256k1_v0_3_1_num_set_bin(&n, b, 32); - rustsecp256k1_v0_3_1_scalar_order_get_num(&m); - rustsecp256k1_v0_3_1_num_mod_inverse(&n, &n, &m); - rustsecp256k1_v0_3_1_num_get_bin(b, 32, &n); - rustsecp256k1_v0_3_1_scalar_set_b32(r, b, NULL); + rustsecp256k1_v0_4_0_num n, m; + rustsecp256k1_v0_4_0_scalar t = *x; + rustsecp256k1_v0_4_0_scalar_get_b32(b, &t); + rustsecp256k1_v0_4_0_num_set_bin(&n, b, 32); + rustsecp256k1_v0_4_0_scalar_order_get_num(&m); + rustsecp256k1_v0_4_0_num_mod_inverse(&n, &n, &m); + rustsecp256k1_v0_4_0_num_get_bin(b, 32, &n); + rustsecp256k1_v0_4_0_scalar_set_b32(r, b, NULL); /* Verify that the inverse was computed correctly, without GMP code. */ - rustsecp256k1_v0_3_1_scalar_mul(&t, &t, r); - CHECK(rustsecp256k1_v0_3_1_scalar_is_one(&t)); + rustsecp256k1_v0_4_0_scalar_mul(&t, &t, r); + CHECK(rustsecp256k1_v0_4_0_scalar_is_one(&t)); #else #error "Please select scalar inverse implementation" #endif } -#ifdef USE_ENDOMORPHISM /* These parameters are generated using sage/gen_exhaustive_groups.sage. */ #if defined(EXHAUSTIVE_TEST_ORDER) # if EXHAUSTIVE_TEST_ORDER == 13 @@ -264,34 +267,54 @@ static void rustsecp256k1_v0_3_1_scalar_inverse_var(rustsecp256k1_v0_3_1_scalar # endif /** - * Find k1 and k2 given k, such that k1 + k2 * lambda == k mod n; unlike in the - * full case we don't bother making k1 and k2 be small, we just want them to be + * Find r1 and r2 given k, such that r1 + r2 * lambda == k mod n; unlike in the + * full case we don't bother making r1 and r2 be small, we just want them to be * nontrivial to get full test coverage for the exhaustive tests. We therefore - * (arbitrarily) set k2 = k + 5 and k1 = k - k2 * lambda. + * (arbitrarily) set r2 = k + 5 (mod n) and r1 = k - r2 * lambda (mod n). */ -static void rustsecp256k1_v0_3_1_scalar_split_lambda(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a) { - *r2 = (*a + 5) % EXHAUSTIVE_TEST_ORDER; - *r1 = (*a + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER; +static void rustsecp256k1_v0_4_0_scalar_split_lambda(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k) { + *r2 = (*k + 5) % EXHAUSTIVE_TEST_ORDER; + *r1 = (*k + (EXHAUSTIVE_TEST_ORDER - *r2) * EXHAUSTIVE_TEST_LAMBDA) % EXHAUSTIVE_TEST_ORDER; } #else /** * The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where - * lambda is {0x53,0x63,0xad,0x4c,0xc0,0x5c,0x30,0xe0,0xa5,0x26,0x1c,0x02,0x88,0x12,0x64,0x5a, - * 0x12,0x2e,0x22,0xea,0x20,0x81,0x66,0x78,0xdf,0x02,0x96,0x7c,0x1b,0x23,0xbd,0x72} + * lambda is: */ +static const rustsecp256k1_v0_4_0_scalar rustsecp256k1_v0_4_0_const_lambda = SECP256K1_SCALAR_CONST( + 0x5363AD4CUL, 0xC05C30E0UL, 0xA5261C02UL, 0x8812645AUL, + 0x122E22EAUL, 0x20816678UL, 0xDF02967CUL, 0x1B23BD72UL +); + +#ifdef VERIFY +static void rustsecp256k1_v0_4_0_scalar_split_lambda_verify(const rustsecp256k1_v0_4_0_scalar *r1, const rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k); +#endif + +/* + * Both lambda and beta are primitive cube roots of unity. That is lamba^3 == 1 mod n and + * beta^3 == 1 mod p, where n is the curve order and p is the field order. * - * "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) gives an algorithm - * (algorithm 3.74) to find k1 and k2 given k, such that k1 + k2 * lambda == k mod n, and k1 - * and k2 have a small size. - * It relies on constants a1, b1, a2, b2. These constants for the value of lambda above are: + * Futhermore, because (X^3 - 1) = (X - 1)(X^2 + X + 1), the primitive cube roots of unity are + * roots of X^2 + X + 1. Therefore lambda^2 + lamba == -1 mod n and beta^2 + beta == -1 mod p. + * (The other primitive cube roots of unity are lambda^2 and beta^2 respectively.) + * + * Let l = -1/2 + i*sqrt(3)/2, the complex root of X^2 + X + 1. We can define a ring + * homomorphism phi : Z[l] -> Z_n where phi(a + b*l) == a + b*lambda mod n. The kernel of phi + * is a lattice over Z[l] (considering Z[l] as a Z-module). This lattice is generated by a + * reduced basis {a1 + b1*l, a2 + b2*l} where * * - a1 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} * - b1 = -{0xe4,0x43,0x7e,0xd6,0x01,0x0e,0x88,0x28,0x6f,0x54,0x7f,0xa9,0x0a,0xbf,0xe4,0xc3} * - a2 = {0x01,0x14,0xca,0x50,0xf7,0xa8,0xe2,0xf3,0xf6,0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8} * - b2 = {0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15} * - * The algorithm then computes c1 = round(b1 * k / n) and c2 = round(b2 * k / n), and gives + * "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) gives an algorithm + * (algorithm 3.74) to find k1 and k2 given k, such that k1 + k2 * lambda == k mod n, and k1 + * and k2 are small in absolute value. + * + * The algorithm computes c1 = round(b2 * k / n) and c2 = round((-b1) * k / n), and gives * k1 = k - (c1*a1 + c2*a2) and k2 = -(c1*b1 + c2*b2). Instead, we use modular arithmetic, and - * compute k1 as k - k2 * lambda, avoiding the need for constants a1 and a2. + * compute r2 = k2 mod n, and r1 = k1 mod n = (k - r2 * lambda) mod n, avoiding the need for + * the constants a1 and a2. * * g1, g2 are precomputed constants used to replace division with a rounded multiplication * when decomposing the scalar for an endomorphism-based point multiplication. @@ -303,49 +326,191 @@ static void rustsecp256k1_v0_3_1_scalar_split_lambda(rustsecp256k1_v0_3_1_scalar * Cryptography on Sensor Networks Using the MSP430X Microcontroller" (Gouvea, Oliveira, Lopez), * Section 4.3 (here we use a somewhat higher-precision estimate): * d = a1*b2 - b1*a2 - * g1 = round((2^272)*b2/d) - * g2 = round((2^272)*b1/d) + * g1 = round(2^384 * b2/d) + * g2 = round(2^384 * (-b1)/d) + * + * (Note that d is also equal to the curve order, n, here because [a1,b1] and [a2,b2] + * can be found as outputs of the Extended Euclidean Algorithm on inputs n and lambda). * - * (Note that 'd' is also equal to the curve order here because [a1,b1] and [a2,b2] are found - * as outputs of the Extended Euclidean Algorithm on inputs 'order' and 'lambda'). + * The function below splits k into r1 and r2, such that + * - r1 + lambda * r2 == k (mod n) + * - either r1 < 2^128 or -r1 mod n < 2^128 + * - either r2 < 2^128 or -r2 mod n < 2^128 * - * The function below splits a in r1 and r2, such that r1 + lambda * r2 == a (mod order). + * See proof below. */ - -static void rustsecp256k1_v0_3_1_scalar_split_lambda(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a) { - rustsecp256k1_v0_3_1_scalar c1, c2; - static const rustsecp256k1_v0_3_1_scalar minus_lambda = SECP256K1_SCALAR_CONST( - 0xAC9C52B3UL, 0x3FA3CF1FUL, 0x5AD9E3FDUL, 0x77ED9BA4UL, - 0xA880B9FCUL, 0x8EC739C2UL, 0xE0CFC810UL, 0xB51283CFUL - ); - static const rustsecp256k1_v0_3_1_scalar minus_b1 = SECP256K1_SCALAR_CONST( +static void rustsecp256k1_v0_4_0_scalar_split_lambda(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k) { + rustsecp256k1_v0_4_0_scalar c1, c2; + static const rustsecp256k1_v0_4_0_scalar minus_b1 = SECP256K1_SCALAR_CONST( 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL ); - static const rustsecp256k1_v0_3_1_scalar minus_b2 = SECP256K1_SCALAR_CONST( + static const rustsecp256k1_v0_4_0_scalar minus_b2 = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL ); - static const rustsecp256k1_v0_3_1_scalar g1 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00003086UL, - 0xD221A7D4UL, 0x6BCDE86CUL, 0x90E49284UL, 0xEB153DABUL + static const rustsecp256k1_v0_4_0_scalar g1 = SECP256K1_SCALAR_CONST( + 0x3086D221UL, 0xA7D46BCDUL, 0xE86C90E4UL, 0x9284EB15UL, + 0x3DAA8A14UL, 0x71E8CA7FUL, 0xE893209AUL, 0x45DBB031UL ); - static const rustsecp256k1_v0_3_1_scalar g2 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x0000E443UL, - 0x7ED6010EUL, 0x88286F54UL, 0x7FA90ABFUL, 0xE4C42212UL + static const rustsecp256k1_v0_4_0_scalar g2 = SECP256K1_SCALAR_CONST( + 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C4UL, + 0x221208ACUL, 0x9DF506C6UL, 0x1571B4AEUL, 0x8AC47F71UL ); - VERIFY_CHECK(r1 != a); - VERIFY_CHECK(r2 != a); + VERIFY_CHECK(r1 != k); + VERIFY_CHECK(r2 != k); /* these _var calls are constant time since the shift amount is constant */ - rustsecp256k1_v0_3_1_scalar_mul_shift_var(&c1, a, &g1, 272); - rustsecp256k1_v0_3_1_scalar_mul_shift_var(&c2, a, &g2, 272); - rustsecp256k1_v0_3_1_scalar_mul(&c1, &c1, &minus_b1); - rustsecp256k1_v0_3_1_scalar_mul(&c2, &c2, &minus_b2); - rustsecp256k1_v0_3_1_scalar_add(r2, &c1, &c2); - rustsecp256k1_v0_3_1_scalar_mul(r1, r2, &minus_lambda); - rustsecp256k1_v0_3_1_scalar_add(r1, r1, a); -} -#endif + rustsecp256k1_v0_4_0_scalar_mul_shift_var(&c1, k, &g1, 384); + rustsecp256k1_v0_4_0_scalar_mul_shift_var(&c2, k, &g2, 384); + rustsecp256k1_v0_4_0_scalar_mul(&c1, &c1, &minus_b1); + rustsecp256k1_v0_4_0_scalar_mul(&c2, &c2, &minus_b2); + rustsecp256k1_v0_4_0_scalar_add(r2, &c1, &c2); + rustsecp256k1_v0_4_0_scalar_mul(r1, r2, &rustsecp256k1_v0_4_0_const_lambda); + rustsecp256k1_v0_4_0_scalar_negate(r1, r1); + rustsecp256k1_v0_4_0_scalar_add(r1, r1, k); + +#ifdef VERIFY + rustsecp256k1_v0_4_0_scalar_split_lambda_verify(r1, r2, k); #endif +} + +#ifdef VERIFY +/* + * Proof for rustsecp256k1_v0_4_0_scalar_split_lambda's bounds. + * + * Let + * - epsilon1 = 2^256 * |g1/2^384 - b2/d| + * - epsilon2 = 2^256 * |g2/2^384 - (-b1)/d| + * - c1 = round(k*g1/2^384) + * - c2 = round(k*g2/2^384) + * + * Lemma 1: |c1 - k*b2/d| < 2^-1 + epsilon1 + * + * |c1 - k*b2/d| + * = + * |c1 - k*g1/2^384 + k*g1/2^384 - k*b2/d| + * <= {triangle inequality} + * |c1 - k*g1/2^384| + |k*g1/2^384 - k*b2/d| + * = + * |c1 - k*g1/2^384| + k*|g1/2^384 - b2/d| + * < {rounding in c1 and 0 <= k < 2^256} + * 2^-1 + 2^256 * |g1/2^384 - b2/d| + * = {definition of epsilon1} + * 2^-1 + epsilon1 + * + * Lemma 2: |c2 - k*(-b1)/d| < 2^-1 + epsilon2 + * + * |c2 - k*(-b1)/d| + * = + * |c2 - k*g2/2^384 + k*g2/2^384 - k*(-b1)/d| + * <= {triangle inequality} + * |c2 - k*g2/2^384| + |k*g2/2^384 - k*(-b1)/d| + * = + * |c2 - k*g2/2^384| + k*|g2/2^384 - (-b1)/d| + * < {rounding in c2 and 0 <= k < 2^256} + * 2^-1 + 2^256 * |g2/2^384 - (-b1)/d| + * = {definition of epsilon2} + * 2^-1 + epsilon2 + * + * Let + * - k1 = k - c1*a1 - c2*a2 + * - k2 = - c1*b1 - c2*b2 + * + * Lemma 3: |k1| < (a1 + a2 + 1)/2 < 2^128 + * + * |k1| + * = {definition of k1} + * |k - c1*a1 - c2*a2| + * = {(a1*b2 - b1*a2)/n = 1} + * |k*(a1*b2 - b1*a2)/n - c1*a1 - c2*a2| + * = + * |a1*(k*b2/n - c1) + a2*(k*(-b1)/n - c2)| + * <= {triangle inequality} + * a1*|k*b2/n - c1| + a2*|k*(-b1)/n - c2| + * < {Lemma 1 and Lemma 2} + * a1*(2^-1 + epslion1) + a2*(2^-1 + epsilon2) + * < {rounding up to an integer} + * (a1 + a2 + 1)/2 + * < {rounding up to a power of 2} + * 2^128 + * + * Lemma 4: |k2| < (-b1 + b2)/2 + 1 < 2^128 + * + * |k2| + * = {definition of k2} + * |- c1*a1 - c2*a2| + * = {(b1*b2 - b1*b2)/n = 0} + * |k*(b1*b2 - b1*b2)/n - c1*b1 - c2*b2| + * = + * |b1*(k*b2/n - c1) + b2*(k*(-b1)/n - c2)| + * <= {triangle inequality} + * (-b1)*|k*b2/n - c1| + b2*|k*(-b1)/n - c2| + * < {Lemma 1 and Lemma 2} + * (-b1)*(2^-1 + epslion1) + b2*(2^-1 + epsilon2) + * < {rounding up to an integer} + * (-b1 + b2)/2 + 1 + * < {rounding up to a power of 2} + * 2^128 + * + * Let + * - r2 = k2 mod n + * - r1 = k - r2*lambda mod n. + * + * Notice that r1 is defined such that r1 + r2 * lambda == k (mod n). + * + * Lemma 5: r1 == k1 mod n. + * + * r1 + * == {definition of r1 and r2} + * k - k2*lambda + * == {definition of k2} + * k - (- c1*b1 - c2*b2)*lambda + * == + * k + c1*b1*lambda + c2*b2*lambda + * == {a1 + b1*lambda == 0 mod n and a2 + b2*lambda == 0 mod n} + * k - c1*a1 - c2*a2 + * == {definition of k1} + * k1 + * + * From Lemma 3, Lemma 4, Lemma 5 and the definition of r2, we can conclude that + * + * - either r1 < 2^128 or -r1 mod n < 2^128 + * - either r2 < 2^128 or -r2 mod n < 2^128. + * + * Q.E.D. + */ +static void rustsecp256k1_v0_4_0_scalar_split_lambda_verify(const rustsecp256k1_v0_4_0_scalar *r1, const rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *k) { + rustsecp256k1_v0_4_0_scalar s; + unsigned char buf1[32]; + unsigned char buf2[32]; + + /* (a1 + a2 + 1)/2 is 0xa2a8918ca85bafe22016d0b917e4dd77 */ + static const unsigned char k1_bound[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xa2, 0xa8, 0x91, 0x8c, 0xa8, 0x5b, 0xaf, 0xe2, 0x20, 0x16, 0xd0, 0xb9, 0x17, 0xe4, 0xdd, 0x77 + }; + + /* (-b1 + b2)/2 + 1 is 0x8a65287bd47179fb2be08846cea267ed */ + static const unsigned char k2_bound[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xed + }; + + rustsecp256k1_v0_4_0_scalar_mul(&s, &rustsecp256k1_v0_4_0_const_lambda, r2); + rustsecp256k1_v0_4_0_scalar_add(&s, &s, r1); + VERIFY_CHECK(rustsecp256k1_v0_4_0_scalar_eq(&s, k)); + + rustsecp256k1_v0_4_0_scalar_negate(&s, r1); + rustsecp256k1_v0_4_0_scalar_get_b32(buf1, r1); + rustsecp256k1_v0_4_0_scalar_get_b32(buf2, &s); + VERIFY_CHECK(rustsecp256k1_v0_4_0_memcmp_var(buf1, k1_bound, 32) < 0 || rustsecp256k1_v0_4_0_memcmp_var(buf2, k1_bound, 32) < 0); + + rustsecp256k1_v0_4_0_scalar_negate(&s, r2); + rustsecp256k1_v0_4_0_scalar_get_b32(buf1, r2); + rustsecp256k1_v0_4_0_scalar_get_b32(buf2, &s); + VERIFY_CHECK(rustsecp256k1_v0_4_0_memcmp_var(buf1, k2_bound, 32) < 0 || rustsecp256k1_v0_4_0_memcmp_var(buf2, k2_bound, 32) < 0); +} +#endif /* VERIFY */ +#endif /* !defined(EXHAUSTIVE_TEST_ORDER) */ #endif /* SECP256K1_SCALAR_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_low.h b/secp256k1-sys/depend/secp256k1/src/scalar_low.h index 91f2161c6..18df09420 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_low.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_low.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_H #define SECP256K1_SCALAR_REPR_H @@ -10,7 +10,7 @@ #include /** A scalar modulo the group order of the secp256k1 curve. */ -typedef uint32_t rustsecp256k1_v0_3_1_scalar; +typedef uint32_t rustsecp256k1_v0_4_0_scalar; #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) (d0) diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h index c17d953f5..0cf2c57a4 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2015 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2015 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SCALAR_REPR_IMPL_H #define SECP256K1_SCALAR_REPR_IMPL_H @@ -11,43 +11,43 @@ #include -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_even(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_even(const rustsecp256k1_v0_4_0_scalar *a) { return !(*a & 1); } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_clear(rustsecp256k1_v0_3_1_scalar *r) { *r = 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_scalar_set_int(rustsecp256k1_v0_3_1_scalar *r, unsigned int v) { *r = v; } +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_clear(rustsecp256k1_v0_4_0_scalar *r) { *r = 0; } +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_scalar_set_int(rustsecp256k1_v0_4_0_scalar *r, unsigned int v) { *r = v; } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { if (offset < 32) return ((*a >> offset) & ((((uint32_t)1) << count) - 1)); else return 0; } -SECP256K1_INLINE static unsigned int rustsecp256k1_v0_3_1_scalar_get_bits_var(const rustsecp256k1_v0_3_1_scalar *a, unsigned int offset, unsigned int count) { - return rustsecp256k1_v0_3_1_scalar_get_bits(a, offset, count); +SECP256K1_INLINE static unsigned int rustsecp256k1_v0_4_0_scalar_get_bits_var(const rustsecp256k1_v0_4_0_scalar *a, unsigned int offset, unsigned int count) { + return rustsecp256k1_v0_4_0_scalar_get_bits(a, offset, count); } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_check_overflow(const rustsecp256k1_v0_3_1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_check_overflow(const rustsecp256k1_v0_4_0_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } -static int rustsecp256k1_v0_3_1_scalar_add(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static int rustsecp256k1_v0_4_0_scalar_add(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER; return *r < *b; } -static void rustsecp256k1_v0_3_1_scalar_cadd_bit(rustsecp256k1_v0_3_1_scalar *r, unsigned int bit, int flag) { +static void rustsecp256k1_v0_4_0_scalar_cadd_bit(rustsecp256k1_v0_4_0_scalar *r, unsigned int bit, int flag) { if (flag && bit < 32) *r += ((uint32_t)1 << bit); #ifdef VERIFY VERIFY_CHECK(bit < 32); /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */ VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER); - VERIFY_CHECK(rustsecp256k1_v0_3_1_scalar_check_overflow(r) == 0); + VERIFY_CHECK(rustsecp256k1_v0_4_0_scalar_check_overflow(r) == 0); #endif } -static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, const unsigned char *b32, int *overflow) { +static void rustsecp256k1_v0_4_0_scalar_set_b32(rustsecp256k1_v0_4_0_scalar *r, const unsigned char *b32, int *overflow) { int i; int over = 0; *r = 0; @@ -61,16 +61,16 @@ static void rustsecp256k1_v0_3_1_scalar_set_b32(rustsecp256k1_v0_3_1_scalar *r, if (overflow) *overflow = over; } -static void rustsecp256k1_v0_3_1_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_3_1_scalar* a) { +static void rustsecp256k1_v0_4_0_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_4_0_scalar* a) { memset(bin, 0, 32); bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_zero(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_zero(const rustsecp256k1_v0_4_0_scalar *a) { return *a == 0; } -static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_negate(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { if (*a == 0) { *r = 0; } else { @@ -78,24 +78,24 @@ static void rustsecp256k1_v0_3_1_scalar_negate(rustsecp256k1_v0_3_1_scalar *r, c } } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_is_one(const rustsecp256k1_v0_3_1_scalar *a) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_is_one(const rustsecp256k1_v0_4_0_scalar *a) { return *a == 1; } -static int rustsecp256k1_v0_3_1_scalar_is_high(const rustsecp256k1_v0_3_1_scalar *a) { +static int rustsecp256k1_v0_4_0_scalar_is_high(const rustsecp256k1_v0_4_0_scalar *a) { return *a > EXHAUSTIVE_TEST_ORDER / 2; } -static int rustsecp256k1_v0_3_1_scalar_cond_negate(rustsecp256k1_v0_3_1_scalar *r, int flag) { - if (flag) rustsecp256k1_v0_3_1_scalar_negate(r, r); +static int rustsecp256k1_v0_4_0_scalar_cond_negate(rustsecp256k1_v0_4_0_scalar *r, int flag) { + if (flag) rustsecp256k1_v0_4_0_scalar_negate(r, r); return flag ? -1 : 1; } -static void rustsecp256k1_v0_3_1_scalar_mul(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +static void rustsecp256k1_v0_4_0_scalar_mul(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER; } -static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, int n) { +static int rustsecp256k1_v0_4_0_scalar_shr_int(rustsecp256k1_v0_4_0_scalar *r, int n) { int ret; VERIFY_CHECK(n > 0); VERIFY_CHECK(n < 16); @@ -104,20 +104,20 @@ static int rustsecp256k1_v0_3_1_scalar_shr_int(rustsecp256k1_v0_3_1_scalar *r, i return ret; } -static void rustsecp256k1_v0_3_1_scalar_sqr(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_sqr(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a) { *r = (*a * *a) % EXHAUSTIVE_TEST_ORDER; } -static void rustsecp256k1_v0_3_1_scalar_split_128(rustsecp256k1_v0_3_1_scalar *r1, rustsecp256k1_v0_3_1_scalar *r2, const rustsecp256k1_v0_3_1_scalar *a) { +static void rustsecp256k1_v0_4_0_scalar_split_128(rustsecp256k1_v0_4_0_scalar *r1, rustsecp256k1_v0_4_0_scalar *r2, const rustsecp256k1_v0_4_0_scalar *a) { *r1 = *a; *r2 = 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_3_1_scalar_eq(const rustsecp256k1_v0_3_1_scalar *a, const rustsecp256k1_v0_3_1_scalar *b) { +SECP256K1_INLINE static int rustsecp256k1_v0_4_0_scalar_eq(const rustsecp256k1_v0_4_0_scalar *a, const rustsecp256k1_v0_4_0_scalar *b) { return *a == *b; } -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_scalar_cmov(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_scalar *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_scalar_cmov(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_scalar *a, int flag) { uint32_t mask0, mask1; VG_CHECK_VERIFY(r, sizeof(*r)); mask0 = flag + ~((uint32_t)0); diff --git a/secp256k1-sys/depend/secp256k1/src/scratch.h b/secp256k1-sys/depend/secp256k1/src/scratch.h index 6c8f2f452..e5148b781 100644 --- a/secp256k1-sys/depend/secp256k1/src/scratch.h +++ b/secp256k1-sys/depend/secp256k1/src/scratch.h @@ -1,15 +1,15 @@ -/********************************************************************** - * Copyright (c) 2017 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_SCRATCH_ #define _SECP256K1_SCRATCH_ /* The typedef is used internally; the struct name is used in the public API * (where it is exposed as a different typedef) */ -typedef struct rustsecp256k1_v0_3_1_scratch_space_struct { +typedef struct rustsecp256k1_v0_4_0_scratch_space_struct { /** guard against interpreting this object as other types */ unsigned char magic[8]; /** actual allocated data */ @@ -19,24 +19,24 @@ typedef struct rustsecp256k1_v0_3_1_scratch_space_struct { size_t alloc_size; /** maximum size available to allocate */ size_t max_size; -} rustsecp256k1_v0_3_1_scratch; +} rustsecp256k1_v0_4_0_scratch; -static rustsecp256k1_v0_3_1_scratch* rustsecp256k1_v0_3_1_scratch_create(const rustsecp256k1_v0_3_1_callback* error_callback, size_t max_size); +static rustsecp256k1_v0_4_0_scratch* rustsecp256k1_v0_4_0_scratch_create(const rustsecp256k1_v0_4_0_callback* error_callback, size_t max_size); -static void rustsecp256k1_v0_3_1_scratch_destroy(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch* scratch); +static void rustsecp256k1_v0_4_0_scratch_destroy(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch* scratch); /** Returns an opaque object used to "checkpoint" a scratch space. Used - * with `rustsecp256k1_v0_3_1_scratch_apply_checkpoint` to undo allocations. */ -static size_t rustsecp256k1_v0_3_1_scratch_checkpoint(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_scratch* scratch); + * with `rustsecp256k1_v0_4_0_scratch_apply_checkpoint` to undo allocations. */ +static size_t rustsecp256k1_v0_4_0_scratch_checkpoint(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_scratch* scratch); -/** Applies a check point received from `rustsecp256k1_v0_3_1_scratch_checkpoint`, +/** Applies a check point received from `rustsecp256k1_v0_4_0_scratch_checkpoint`, * undoing all allocations since that point. */ -static void rustsecp256k1_v0_3_1_scratch_apply_checkpoint(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch* scratch, size_t checkpoint); +static void rustsecp256k1_v0_4_0_scratch_apply_checkpoint(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch* scratch, size_t checkpoint); /** Returns the maximum allocation the scratch space will allow */ -static size_t rustsecp256k1_v0_3_1_scratch_max_allocation(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_scratch* scratch, size_t n_objects); +static size_t rustsecp256k1_v0_4_0_scratch_max_allocation(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_scratch* scratch, size_t n_objects); /** Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available space */ -static void *rustsecp256k1_v0_3_1_scratch_alloc(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch* scratch, size_t n); +static void *rustsecp256k1_v0_4_0_scratch_alloc(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch* scratch, size_t n); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/scratch_impl.h b/secp256k1-sys/depend/secp256k1/src/scratch_impl.h index 2b01cf199..3f97e0e9f 100644 --- a/secp256k1-sys/depend/secp256k1/src/scratch_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scratch_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2017 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2017 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef _SECP256K1_SCRATCH_IMPL_H_ #define _SECP256K1_SCRATCH_IMPL_H_ @@ -10,29 +10,29 @@ #include "util.h" #include "scratch.h" -static size_t rustsecp256k1_v0_3_1_scratch_checkpoint(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_scratch* scratch) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_3_1_callback_call(error_callback, "invalid scratch space"); +static size_t rustsecp256k1_v0_4_0_scratch_checkpoint(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_scratch* scratch) { + if (rustsecp256k1_v0_4_0_memcmp_var(scratch->magic, "scratch", 8) != 0) { + rustsecp256k1_v0_4_0_callback_call(error_callback, "invalid scratch space"); return 0; } return scratch->alloc_size; } -static void rustsecp256k1_v0_3_1_scratch_apply_checkpoint(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch* scratch, size_t checkpoint) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_3_1_callback_call(error_callback, "invalid scratch space"); +static void rustsecp256k1_v0_4_0_scratch_apply_checkpoint(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch* scratch, size_t checkpoint) { + if (rustsecp256k1_v0_4_0_memcmp_var(scratch->magic, "scratch", 8) != 0) { + rustsecp256k1_v0_4_0_callback_call(error_callback, "invalid scratch space"); return; } if (checkpoint > scratch->alloc_size) { - rustsecp256k1_v0_3_1_callback_call(error_callback, "invalid checkpoint"); + rustsecp256k1_v0_4_0_callback_call(error_callback, "invalid checkpoint"); return; } scratch->alloc_size = checkpoint; } -static size_t rustsecp256k1_v0_3_1_scratch_max_allocation(const rustsecp256k1_v0_3_1_callback* error_callback, const rustsecp256k1_v0_3_1_scratch* scratch, size_t objects) { - if (memcmp(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_3_1_callback_call(error_callback, "invalid scratch space"); +static size_t rustsecp256k1_v0_4_0_scratch_max_allocation(const rustsecp256k1_v0_4_0_callback* error_callback, const rustsecp256k1_v0_4_0_scratch* scratch, size_t objects) { + if (rustsecp256k1_v0_4_0_memcmp_var(scratch->magic, "scratch", 8) != 0) { + rustsecp256k1_v0_4_0_callback_call(error_callback, "invalid scratch space"); return 0; } /* Ensure that multiplication will not wrap around */ @@ -45,7 +45,7 @@ static size_t rustsecp256k1_v0_3_1_scratch_max_allocation(const rustsecp256k1_v0 return scratch->max_size - scratch->alloc_size - objects * (ALIGNMENT - 1); } -static void *rustsecp256k1_v0_3_1_scratch_alloc(const rustsecp256k1_v0_3_1_callback* error_callback, rustsecp256k1_v0_3_1_scratch* scratch, size_t size) { +static void *rustsecp256k1_v0_4_0_scratch_alloc(const rustsecp256k1_v0_4_0_callback* error_callback, rustsecp256k1_v0_4_0_scratch* scratch, size_t size) { void *ret; size_t rounded_size; @@ -56,8 +56,8 @@ static void *rustsecp256k1_v0_3_1_scratch_alloc(const rustsecp256k1_v0_3_1_callb } size = rounded_size; - if (memcmp(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_3_1_callback_call(error_callback, "invalid scratch space"); + if (rustsecp256k1_v0_4_0_memcmp_var(scratch->magic, "scratch", 8) != 0) { + rustsecp256k1_v0_4_0_callback_call(error_callback, "invalid scratch space"); return NULL; } diff --git a/secp256k1-sys/depend/secp256k1/src/secp256k1.c b/secp256k1-sys/depend/secp256k1/src/secp256k1.c index e3f65c91e..d0d3f85b9 100644 --- a/secp256k1-sys/depend/secp256k1/src/secp256k1.c +++ b/secp256k1-sys/depend/secp256k1/src/secp256k1.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include "include/secp256k1.h" #include "include/secp256k1_preallocated.h" @@ -28,67 +28,69 @@ #define ARG_CHECK(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_3_1_callback_call(&ctx->illegal_callback, #cond); \ + rustsecp256k1_v0_4_0_callback_call(&ctx->illegal_callback, #cond); \ return 0; \ } \ } while(0) #define ARG_CHECK_NO_RETURN(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_3_1_callback_call(&ctx->illegal_callback, #cond); \ + rustsecp256k1_v0_4_0_callback_call(&ctx->illegal_callback, #cond); \ } \ } while(0) #ifndef USE_EXTERNAL_DEFAULT_CALLBACKS #include #include -static void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* str, void* data) { +static void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); abort(); } -static void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* str, void* data) { +static void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); abort(); } #else -void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* str, void* data); -void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* str, void* data); +void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* str, void* data); +void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* str, void* data); #endif -static const rustsecp256k1_v0_3_1_callback default_illegal_callback = { - rustsecp256k1_v0_3_1_default_illegal_callback_fn, +static const rustsecp256k1_v0_4_0_callback default_illegal_callback = { + rustsecp256k1_v0_4_0_default_illegal_callback_fn, NULL }; -static const rustsecp256k1_v0_3_1_callback default_error_callback = { - rustsecp256k1_v0_3_1_default_error_callback_fn, +static const rustsecp256k1_v0_4_0_callback default_error_callback = { + rustsecp256k1_v0_4_0_default_error_callback_fn, NULL }; -struct rustsecp256k1_v0_3_1_context_struct { - rustsecp256k1_v0_3_1_ecmult_context ecmult_ctx; - rustsecp256k1_v0_3_1_ecmult_gen_context ecmult_gen_ctx; - rustsecp256k1_v0_3_1_callback illegal_callback; - rustsecp256k1_v0_3_1_callback error_callback; +struct rustsecp256k1_v0_4_0_context_struct { + rustsecp256k1_v0_4_0_ecmult_context ecmult_ctx; + rustsecp256k1_v0_4_0_ecmult_gen_context ecmult_gen_ctx; + rustsecp256k1_v0_4_0_callback illegal_callback; + rustsecp256k1_v0_4_0_callback error_callback; int declassify; }; -static const rustsecp256k1_v0_3_1_context rustsecp256k1_v0_3_1_context_no_precomp_ = { +static const rustsecp256k1_v0_4_0_context rustsecp256k1_v0_4_0_context_no_precomp_ = { { 0 }, { 0 }, - { rustsecp256k1_v0_3_1_default_illegal_callback_fn, 0 }, - { rustsecp256k1_v0_3_1_default_error_callback_fn, 0 }, + { rustsecp256k1_v0_4_0_default_illegal_callback_fn, 0 }, + { rustsecp256k1_v0_4_0_default_error_callback_fn, 0 }, 0 }; -const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_context_no_precomp = &rustsecp256k1_v0_3_1_context_no_precomp_; +const rustsecp256k1_v0_4_0_context *rustsecp256k1_v0_4_0_context_no_precomp = &rustsecp256k1_v0_4_0_context_no_precomp_; -size_t rustsecp256k1_v0_3_1_context_preallocated_size(unsigned int flags) { - size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_3_1_context)); +size_t rustsecp256k1_v0_4_0_context_preallocated_size(unsigned int flags) { + size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_4_0_context)); + /* A return value of 0 is reserved as an indicator for errors when we call this function internally. */ + VERIFY_CHECK(ret != 0); if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - rustsecp256k1_v0_3_1_callback_call(&default_illegal_callback, + rustsecp256k1_v0_4_0_callback_call(&default_illegal_callback, "Invalid flags"); return 0; } @@ -102,87 +104,87 @@ size_t rustsecp256k1_v0_3_1_context_preallocated_size(unsigned int flags) { return ret; } -size_t rustsecp256k1_v0_3_1_context_preallocated_clone_size(const rustsecp256k1_v0_3_1_context* ctx) { - size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_3_1_context)); +size_t rustsecp256k1_v0_4_0_context_preallocated_clone_size(const rustsecp256k1_v0_4_0_context* ctx) { + size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_4_0_context)); VERIFY_CHECK(ctx != NULL); - if (rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + if (rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; } - if (rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)) { + if (rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)) { ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; } return ret; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_create(void* prealloc, unsigned int flags) { +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_create(void* prealloc, unsigned int flags) { void* const base = prealloc; size_t prealloc_size; - rustsecp256k1_v0_3_1_context* ret; + rustsecp256k1_v0_4_0_context* ret; - if (!rustsecp256k1_v0_3_1_selftest()) { - rustsecp256k1_v0_3_1_callback_call(&default_error_callback, "self test failed"); + if (!rustsecp256k1_v0_4_0_selftest()) { + rustsecp256k1_v0_4_0_callback_call(&default_error_callback, "self test failed"); + } + + prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_size(flags); + if (prealloc_size == 0) { + return NULL; } VERIFY_CHECK(prealloc != NULL); - prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_size(flags); - ret = (rustsecp256k1_v0_3_1_context*)manual_alloc(&prealloc, sizeof(rustsecp256k1_v0_3_1_context), base, prealloc_size); + ret = (rustsecp256k1_v0_4_0_context*)manual_alloc(&prealloc, sizeof(rustsecp256k1_v0_4_0_context), base, prealloc_size); ret->illegal_callback = default_illegal_callback; ret->error_callback = default_error_callback; - if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - rustsecp256k1_v0_3_1_callback_call(&ret->illegal_callback, - "Invalid flags"); - return NULL; - } - - rustsecp256k1_v0_3_1_ecmult_context_init(&ret->ecmult_ctx); - rustsecp256k1_v0_3_1_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_init(&ret->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + /* Flags have been checked by rustsecp256k1_v0_4_0_context_preallocated_size. */ + VERIFY_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_CONTEXT); if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { - rustsecp256k1_v0_3_1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); + rustsecp256k1_v0_4_0_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); } if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { - rustsecp256k1_v0_3_1_ecmult_context_build(&ret->ecmult_ctx, &prealloc); + rustsecp256k1_v0_4_0_ecmult_context_build(&ret->ecmult_ctx, &prealloc); } ret->declassify = !!(flags & SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY); - return (rustsecp256k1_v0_3_1_context*) ret; + return (rustsecp256k1_v0_4_0_context*) ret; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_clone(const rustsecp256k1_v0_3_1_context* ctx, void* prealloc) { +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_clone(const rustsecp256k1_v0_4_0_context* ctx, void* prealloc) { size_t prealloc_size; - rustsecp256k1_v0_3_1_context* ret; + rustsecp256k1_v0_4_0_context* ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(prealloc != NULL); - prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_clone_size(ctx); - ret = (rustsecp256k1_v0_3_1_context*)prealloc; + prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_clone_size(ctx); + ret = (rustsecp256k1_v0_4_0_context*)prealloc; memcpy(ret, ctx, prealloc_size); - rustsecp256k1_v0_3_1_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); - rustsecp256k1_v0_3_1_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); return ret; } -void rustsecp256k1_v0_3_1_context_preallocated_destroy(rustsecp256k1_v0_3_1_context* ctx) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_preallocated_destroy(rustsecp256k1_v0_4_0_context* ctx) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (ctx != NULL) { - rustsecp256k1_v0_3_1_ecmult_context_clear(&ctx->ecmult_ctx); - rustsecp256k1_v0_3_1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_clear(&ctx->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); } } -void rustsecp256k1_v0_3_1_context_set_illegal_callback(rustsecp256k1_v0_3_1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_set_illegal_callback(rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (fun == NULL) { - fun = rustsecp256k1_v0_3_1_default_illegal_callback_fn; + fun = rustsecp256k1_v0_4_0_default_illegal_callback_fn; } ctx->illegal_callback.fn = fun; ctx->illegal_callback.data = data; } -void rustsecp256k1_v0_3_1_context_set_error_callback(rustsecp256k1_v0_3_1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_set_error_callback(rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (fun == NULL) { - fun = rustsecp256k1_v0_3_1_default_error_callback_fn; + fun = rustsecp256k1_v0_4_0_default_error_callback_fn; } ctx->error_callback.fn = fun; ctx->error_callback.data = data; @@ -192,7 +194,7 @@ void rustsecp256k1_v0_3_1_context_set_error_callback(rustsecp256k1_v0_3_1_contex * of the software. This is setup for use with valgrind but could be substituted with * the appropriate instrumentation for other analysis tools. */ -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_declassify(const rustsecp256k1_v0_3_1_context* ctx, const void *p, size_t len) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_declassify(const rustsecp256k1_v0_4_0_context* ctx, const void *p, size_t len) { #if defined(VALGRIND) if (EXPECT(ctx->declassify,0)) VALGRIND_MAKE_MEM_DEFINED(p, len); #else @@ -202,59 +204,59 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_declassify(const rustsecp256k1 #endif } -static int rustsecp256k1_v0_3_1_pubkey_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ge* ge, const rustsecp256k1_v0_3_1_pubkey* pubkey) { - if (sizeof(rustsecp256k1_v0_3_1_ge_storage) == 64) { - /* When the rustsecp256k1_v0_3_1_ge_storage type is exactly 64 byte, use its - * representation inside rustsecp256k1_v0_3_1_pubkey, as conversion is very fast. - * Note that rustsecp256k1_v0_3_1_pubkey_save must use the same representation. */ - rustsecp256k1_v0_3_1_ge_storage s; +static int rustsecp256k1_v0_4_0_pubkey_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ge* ge, const rustsecp256k1_v0_4_0_pubkey* pubkey) { + if (sizeof(rustsecp256k1_v0_4_0_ge_storage) == 64) { + /* When the rustsecp256k1_v0_4_0_ge_storage type is exactly 64 byte, use its + * representation inside rustsecp256k1_v0_4_0_pubkey, as conversion is very fast. + * Note that rustsecp256k1_v0_4_0_pubkey_save must use the same representation. */ + rustsecp256k1_v0_4_0_ge_storage s; memcpy(&s, &pubkey->data[0], sizeof(s)); - rustsecp256k1_v0_3_1_ge_from_storage(ge, &s); + rustsecp256k1_v0_4_0_ge_from_storage(ge, &s); } else { /* Otherwise, fall back to 32-byte big endian for X and Y. */ - rustsecp256k1_v0_3_1_fe x, y; - rustsecp256k1_v0_3_1_fe_set_b32(&x, pubkey->data); - rustsecp256k1_v0_3_1_fe_set_b32(&y, pubkey->data + 32); - rustsecp256k1_v0_3_1_ge_set_xy(ge, &x, &y); + rustsecp256k1_v0_4_0_fe x, y; + rustsecp256k1_v0_4_0_fe_set_b32(&x, pubkey->data); + rustsecp256k1_v0_4_0_fe_set_b32(&y, pubkey->data + 32); + rustsecp256k1_v0_4_0_ge_set_xy(ge, &x, &y); } - ARG_CHECK(!rustsecp256k1_v0_3_1_fe_is_zero(&ge->x)); + ARG_CHECK(!rustsecp256k1_v0_4_0_fe_is_zero(&ge->x)); return 1; } -static void rustsecp256k1_v0_3_1_pubkey_save(rustsecp256k1_v0_3_1_pubkey* pubkey, rustsecp256k1_v0_3_1_ge* ge) { - if (sizeof(rustsecp256k1_v0_3_1_ge_storage) == 64) { - rustsecp256k1_v0_3_1_ge_storage s; - rustsecp256k1_v0_3_1_ge_to_storage(&s, ge); +static void rustsecp256k1_v0_4_0_pubkey_save(rustsecp256k1_v0_4_0_pubkey* pubkey, rustsecp256k1_v0_4_0_ge* ge) { + if (sizeof(rustsecp256k1_v0_4_0_ge_storage) == 64) { + rustsecp256k1_v0_4_0_ge_storage s; + rustsecp256k1_v0_4_0_ge_to_storage(&s, ge); memcpy(&pubkey->data[0], &s, sizeof(s)); } else { - VERIFY_CHECK(!rustsecp256k1_v0_3_1_ge_is_infinity(ge)); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge->x); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge->y); - rustsecp256k1_v0_3_1_fe_get_b32(pubkey->data, &ge->x); - rustsecp256k1_v0_3_1_fe_get_b32(pubkey->data + 32, &ge->y); + VERIFY_CHECK(!rustsecp256k1_v0_4_0_ge_is_infinity(ge)); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge->x); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge->y); + rustsecp256k1_v0_4_0_fe_get_b32(pubkey->data, &ge->x); + rustsecp256k1_v0_4_0_fe_get_b32(pubkey->data + 32, &ge->y); } } -int rustsecp256k1_v0_3_1_ec_pubkey_parse(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_3_1_ge Q; +int rustsecp256k1_v0_4_0_ec_pubkey_parse(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey* pubkey, const unsigned char *input, size_t inputlen) { + rustsecp256k1_v0_4_0_ge Q; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(input != NULL); - if (!rustsecp256k1_v0_3_1_eckey_pubkey_parse(&Q, input, inputlen)) { + if (!rustsecp256k1_v0_4_0_eckey_pubkey_parse(&Q, input, inputlen)) { return 0; } - if (!rustsecp256k1_v0_3_1_ge_is_in_correct_subgroup(&Q)) { + if (!rustsecp256k1_v0_4_0_ge_is_in_correct_subgroup(&Q)) { return 0; } - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &Q); - rustsecp256k1_v0_3_1_ge_clear(&Q); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &Q); + rustsecp256k1_v0_4_0_ge_clear(&Q); return 1; } -int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_3_1_pubkey* pubkey, unsigned int flags) { - rustsecp256k1_v0_3_1_ge Q; +int rustsecp256k1_v0_4_0_ec_pubkey_serialize(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_4_0_pubkey* pubkey, unsigned int flags) { + rustsecp256k1_v0_4_0_ge Q; size_t len; int ret = 0; @@ -267,8 +269,8 @@ int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* memset(output, 0, len); ARG_CHECK(pubkey != NULL); ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); - if (rustsecp256k1_v0_3_1_pubkey_load(ctx, &Q, pubkey)) { - ret = rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); + if (rustsecp256k1_v0_4_0_pubkey_load(ctx, &Q, pubkey)) { + ret = rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); if (ret) { *outputlen = len; } @@ -276,39 +278,39 @@ int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* return ret; } -static void rustsecp256k1_v0_3_1_ecdsa_signature_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { +static void rustsecp256k1_v0_4_0_ecdsa_signature_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { (void)ctx; - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { - /* When the rustsecp256k1_v0_3_1_scalar type is exactly 32 byte, use its - * representation inside rustsecp256k1_v0_3_1_ecdsa_signature, as conversion is very fast. - * Note that rustsecp256k1_v0_3_1_ecdsa_signature_save must use the same representation. */ + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { + /* When the rustsecp256k1_v0_4_0_scalar type is exactly 32 byte, use its + * representation inside rustsecp256k1_v0_4_0_ecdsa_signature, as conversion is very fast. + * Note that rustsecp256k1_v0_4_0_ecdsa_signature_save must use the same representation. */ memcpy(r, &sig->data[0], 32); memcpy(s, &sig->data[32], 32); } else { - rustsecp256k1_v0_3_1_scalar_set_b32(r, &sig->data[0], NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(s, &sig->data[32], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(r, &sig->data[0], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(s, &sig->data[32], NULL); } } -static void rustsecp256k1_v0_3_1_ecdsa_signature_save(rustsecp256k1_v0_3_1_ecdsa_signature* sig, const rustsecp256k1_v0_3_1_scalar* r, const rustsecp256k1_v0_3_1_scalar* s) { - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { +static void rustsecp256k1_v0_4_0_ecdsa_signature_save(rustsecp256k1_v0_4_0_ecdsa_signature* sig, const rustsecp256k1_v0_4_0_scalar* r, const rustsecp256k1_v0_4_0_scalar* s) { + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { memcpy(&sig->data[0], r, 32); memcpy(&sig->data[32], s, 32); } else { - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[0], r); - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[32], s); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[0], r); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[32], s); } } -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(input != NULL); - if (rustsecp256k1_v0_3_1_ecdsa_sig_parse(&r, &s, input, inputlen)) { - rustsecp256k1_v0_3_1_ecdsa_signature_save(sig, &r, &s); + if (rustsecp256k1_v0_4_0_ecdsa_sig_parse(&r, &s, input, inputlen)) { + rustsecp256k1_v0_4_0_ecdsa_signature_save(sig, &r, &s); return 1; } else { memset(sig, 0, sizeof(*sig)); @@ -316,8 +318,8 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(const rustsecp256k1_v0_3_1_co } } -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const unsigned char *input64) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input64) { + rustsecp256k1_v0_4_0_scalar r, s; int ret = 1; int overflow = 0; @@ -325,77 +327,77 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(const rustsecp256k1_v0_3_ ARG_CHECK(sig != NULL); ARG_CHECK(input64 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&r, &input64[0], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - rustsecp256k1_v0_3_1_scalar_set_b32(&s, &input64[32], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; if (ret) { - rustsecp256k1_v0_3_1_ecdsa_signature_save(sig, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(sig, &r, &s); } else { memset(sig, 0, sizeof(*sig)); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output != NULL); ARG_CHECK(outputlen != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - return rustsecp256k1_v0_3_1_ecdsa_sig_serialize(output, outputlen, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + return rustsecp256k1_v0_4_0_ecdsa_sig_serialize(output, outputlen, &r, &s); } -int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output64, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[0], &r); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[32], &s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[0], &r); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[32], &s); return 1; } -int rustsecp256k1_v0_3_1_ecdsa_signature_normalize(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature *sigout, const rustsecp256k1_v0_3_1_ecdsa_signature *sigin) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_normalize(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature *sigout, const rustsecp256k1_v0_4_0_ecdsa_signature *sigin) { + rustsecp256k1_v0_4_0_scalar r, s; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sigin != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sigin); - ret = rustsecp256k1_v0_3_1_scalar_is_high(&s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sigin); + ret = rustsecp256k1_v0_4_0_scalar_is_high(&s); if (sigout != NULL) { if (ret) { - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); } - rustsecp256k1_v0_3_1_ecdsa_signature_save(sigout, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(sigout, &r, &s); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_verify(const rustsecp256k1_v0_3_1_context* ctx, const rustsecp256k1_v0_3_1_ecdsa_signature *sig, const unsigned char *msg32, const rustsecp256k1_v0_3_1_pubkey *pubkey) { - rustsecp256k1_v0_3_1_ge q; - rustsecp256k1_v0_3_1_scalar r, s; - rustsecp256k1_v0_3_1_scalar m; +int rustsecp256k1_v0_4_0_ecdsa_verify(const rustsecp256k1_v0_4_0_context* ctx, const rustsecp256k1_v0_4_0_ecdsa_signature *sig, const unsigned char *msghash32, const rustsecp256k1_v0_4_0_pubkey *pubkey) { + rustsecp256k1_v0_4_0_ge q; + rustsecp256k1_v0_4_0_scalar r, s; + rustsecp256k1_v0_4_0_scalar m; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(pubkey != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&m, msg32, NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - return (!rustsecp256k1_v0_3_1_scalar_is_high(&s) && - rustsecp256k1_v0_3_1_pubkey_load(ctx, &q, pubkey) && - rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); + rustsecp256k1_v0_4_0_scalar_set_b32(&m, msghash32, NULL); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + return (!rustsecp256k1_v0_4_0_scalar_is_high(&s) && + rustsecp256k1_v0_4_0_pubkey_load(ctx, &q, pubkey) && + rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); } static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { @@ -406,7 +408,7 @@ static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *off static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { unsigned char keydata[112]; unsigned int offset = 0; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rng; + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rng; unsigned int i; /* We feed a byte array to the PRNG as input, consisting of: * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. @@ -424,51 +426,51 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m if (algo16 != NULL) { buffer_append(keydata, &offset, algo16, 16); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); memset(keydata, 0, sizeof(keydata)); for (i = 0; i <= counter; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); return 1; } -const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_rfc6979 = nonce_function_rfc6979; -const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_default = nonce_function_rfc6979; +const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_rfc6979 = nonce_function_rfc6979; +const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_default = nonce_function_rfc6979; -static int rustsecp256k1_v0_3_1_ecdsa_sign_inner(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_3_1_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_3_1_scalar sec, non, msg; +static int rustsecp256k1_v0_4_0_ecdsa_sign_inner(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_4_0_nonce_function noncefp, const void* noncedata) { + rustsecp256k1_v0_4_0_scalar sec, non, msg; int ret = 0; int is_sec_valid; unsigned char nonce32[32]; unsigned int count = 0; /* Default initialization here is important so we won't pass uninit values to the cmov in the end */ - *r = rustsecp256k1_v0_3_1_scalar_zero; - *s = rustsecp256k1_v0_3_1_scalar_zero; + *r = rustsecp256k1_v0_4_0_scalar_zero; + *s = rustsecp256k1_v0_4_0_scalar_zero; if (recid) { *recid = 0; } if (noncefp == NULL) { - noncefp = rustsecp256k1_v0_3_1_nonce_function_default; + noncefp = rustsecp256k1_v0_4_0_nonce_function_default; } /* Fail if the secret key is invalid. */ - is_sec_valid = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_one, !is_sec_valid); - rustsecp256k1_v0_3_1_scalar_set_b32(&msg, msg32, NULL); + is_sec_valid = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_one, !is_sec_valid); + rustsecp256k1_v0_4_0_scalar_set_b32(&msg, msg32, NULL); while (1) { int is_nonce_valid; ret = !!noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); if (!ret) { break; } - is_nonce_valid = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&non, nonce32); + is_nonce_valid = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&non, nonce32); /* The nonce is still secret here, but it being invalid is is less likely than 1:2^255. */ - rustsecp256k1_v0_3_1_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); + rustsecp256k1_v0_4_0_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); if (is_nonce_valid) { - ret = rustsecp256k1_v0_3_1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); + ret = rustsecp256k1_v0_4_0_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); /* The final signature is no longer a secret, nor is the fact that we were successful or not. */ - rustsecp256k1_v0_3_1_declassify(ctx, &ret, sizeof(ret)); + rustsecp256k1_v0_4_0_declassify(ctx, &ret, sizeof(ret)); if (ret) { break; } @@ -480,204 +482,204 @@ static int rustsecp256k1_v0_3_1_ecdsa_sign_inner(const rustsecp256k1_v0_3_1_cont * used as a branching variable. */ ret &= is_sec_valid; memset(nonce32, 0, 32); - rustsecp256k1_v0_3_1_scalar_clear(&msg); - rustsecp256k1_v0_3_1_scalar_clear(&non); - rustsecp256k1_v0_3_1_scalar_clear(&sec); - rustsecp256k1_v0_3_1_scalar_cmov(r, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_cmov(s, &rustsecp256k1_v0_3_1_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_clear(&msg); + rustsecp256k1_v0_4_0_scalar_clear(&non); + rustsecp256k1_v0_4_0_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_cmov(r, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_cmov(s, &rustsecp256k1_v0_4_0_scalar_zero, !ret); if (recid) { const int zero = 0; - rustsecp256k1_v0_3_1_int_cmov(recid, &zero, !ret); + rustsecp256k1_v0_4_0_int_cmov(recid, &zero, !ret); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_sign(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_3_1_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_sign(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, rustsecp256k1_v0_4_0_nonce_function noncefp, const void* noncedata) { + rustsecp256k1_v0_4_0_scalar r, s; int ret; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, noncedata); - rustsecp256k1_v0_3_1_ecdsa_signature_save(signature, &r, &s); + ret = rustsecp256k1_v0_4_0_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, noncedata); + rustsecp256k1_v0_4_0_ecdsa_signature_save(signature, &r, &s); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_verify(const rustsecp256k1_v0_3_1_context* ctx, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_verify(const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_scalar sec; int ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -static int rustsecp256k1_v0_3_1_ec_pubkey_create_helper(const rustsecp256k1_v0_3_1_ecmult_gen_context *ecmult_gen_ctx, rustsecp256k1_v0_3_1_scalar *seckey_scalar, rustsecp256k1_v0_3_1_ge *p, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_gej pj; +static int rustsecp256k1_v0_4_0_ec_pubkey_create_helper(const rustsecp256k1_v0_4_0_ecmult_gen_context *ecmult_gen_ctx, rustsecp256k1_v0_4_0_scalar *seckey_scalar, rustsecp256k1_v0_4_0_ge *p, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_gej pj; int ret; - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(seckey_scalar, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(seckey_scalar, &rustsecp256k1_v0_3_1_scalar_one, !ret); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(seckey_scalar, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(seckey_scalar, &rustsecp256k1_v0_4_0_scalar_one, !ret); - rustsecp256k1_v0_3_1_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); - rustsecp256k1_v0_3_1_ge_set_gej(p, &pj); + rustsecp256k1_v0_4_0_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); + rustsecp256k1_v0_4_0_ge_set_gej(p, &pj); return ret; } -int rustsecp256k1_v0_3_1_ec_pubkey_create(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_ge p; - rustsecp256k1_v0_3_1_scalar seckey_scalar; +int rustsecp256k1_v0_4_0_ec_pubkey_create(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_scalar seckey_scalar; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); - memczero(pubkey, sizeof(*pubkey), !ret); + ret = rustsecp256k1_v0_4_0_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_memczero(pubkey, sizeof(*pubkey), !ret); - rustsecp256k1_v0_3_1_scalar_clear(&seckey_scalar); + rustsecp256k1_v0_4_0_scalar_clear(&seckey_scalar); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_negate(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_negate(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey) { + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_negate(&sec, &sec); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_negate(&sec, &sec); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_negate(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey) { - return rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey); +int rustsecp256k1_v0_4_0_ec_privkey_negate(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey) { + return rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey); } -int rustsecp256k1_v0_3_1_ec_pubkey_negate(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey) { +int rustsecp256k1_v0_4_0_ec_pubkey_negate(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey) { int ret = 0; - rustsecp256k1_v0_3_1_ge p; + rustsecp256k1_v0_4_0_ge p; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); - ret = rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + ret = rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - rustsecp256k1_v0_3_1_ge_neg(&p, &p); - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_ge_neg(&p, &p); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } return ret; } -static int rustsecp256k1_v0_3_1_ec_seckey_tweak_add_helper(rustsecp256k1_v0_3_1_scalar *sec, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar term; +static int rustsecp256k1_v0_4_0_ec_seckey_tweak_add_helper(rustsecp256k1_v0_4_0_scalar *sec, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar term; int overflow = 0; int ret = 0; - rustsecp256k1_v0_3_1_scalar_set_b32(&term, tweak, &overflow); - ret = (!overflow) & rustsecp256k1_v0_3_1_eckey_privkey_tweak_add(sec, &term); - rustsecp256k1_v0_3_1_scalar_clear(&term); + rustsecp256k1_v0_4_0_scalar_set_b32(&term, tweak32, &overflow); + ret = (!overflow) & rustsecp256k1_v0_4_0_eckey_privkey_tweak_add(sec, &term); + rustsecp256k1_v0_4_0_scalar_clear(&term); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - ret &= rustsecp256k1_v0_3_1_ec_seckey_tweak_add_helper(&sec, tweak); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + ret &= rustsecp256k1_v0_4_0_ec_seckey_tweak_add_helper(&sec, tweak32); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - return rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, seckey, tweak); +int rustsecp256k1_v0_4_0_ec_privkey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + return rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, seckey, tweak32); } -static int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(const rustsecp256k1_v0_3_1_ecmult_context* ecmult_ctx, rustsecp256k1_v0_3_1_ge *p, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar term; +static int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(const rustsecp256k1_v0_4_0_ecmult_context* ecmult_ctx, rustsecp256k1_v0_4_0_ge *p, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar term; int overflow = 0; - rustsecp256k1_v0_3_1_scalar_set_b32(&term, tweak, &overflow); - return !overflow && rustsecp256k1_v0_3_1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); + rustsecp256k1_v0_4_0_scalar_set_b32(&term, tweak32, &overflow); + return !overflow && rustsecp256k1_v0_4_0_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); } -int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_ge p; +int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge p; int ret = 0; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + ret = rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); - ret = ret && rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak); + ret = ret && rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak32); if (ret) { - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar factor; - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar factor; + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&factor, tweak, &overflow); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - ret &= (!overflow) & rustsecp256k1_v0_3_1_eckey_privkey_tweak_mul(&sec, &factor); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + rustsecp256k1_v0_4_0_scalar_set_b32(&factor, tweak32, &overflow); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + ret &= (!overflow) & rustsecp256k1_v0_4_0_eckey_privkey_tweak_mul(&sec, &factor); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); - rustsecp256k1_v0_3_1_scalar_clear(&factor); + rustsecp256k1_v0_4_0_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&factor); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - return rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, seckey, tweak); +int rustsecp256k1_v0_4_0_ec_privkey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + return rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, seckey, tweak32); } -int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_ge p; - rustsecp256k1_v0_3_1_scalar factor; +int rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_scalar factor; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&factor, tweak, &overflow); - ret = !overflow && rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + rustsecp256k1_v0_4_0_scalar_set_b32(&factor, tweak32, &overflow); + ret = !overflow && rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - if (rustsecp256k1_v0_3_1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + if (rustsecp256k1_v0_4_0_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } else { ret = 0; } @@ -686,35 +688,35 @@ int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_context* return ret; } -int rustsecp256k1_v0_3_1_context_randomize(rustsecp256k1_v0_3_1_context* ctx, const unsigned char *seed32) { +int rustsecp256k1_v0_4_0_context_randomize(rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seed32) { VERIFY_CHECK(ctx != NULL); - if (rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { - rustsecp256k1_v0_3_1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + if (rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + rustsecp256k1_v0_4_0_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); } return 1; } -int rustsecp256k1_v0_3_1_ec_pubkey_combine(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubnonce, const rustsecp256k1_v0_3_1_pubkey * const *pubnonces, size_t n) { +int rustsecp256k1_v0_4_0_ec_pubkey_combine(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubnonce, const rustsecp256k1_v0_4_0_pubkey * const *pubnonces, size_t n) { size_t i; - rustsecp256k1_v0_3_1_gej Qj; - rustsecp256k1_v0_3_1_ge Q; + rustsecp256k1_v0_4_0_gej Qj; + rustsecp256k1_v0_4_0_ge Q; ARG_CHECK(pubnonce != NULL); memset(pubnonce, 0, sizeof(*pubnonce)); ARG_CHECK(n >= 1); ARG_CHECK(pubnonces != NULL); - rustsecp256k1_v0_3_1_gej_set_infinity(&Qj); + rustsecp256k1_v0_4_0_gej_set_infinity(&Qj); for (i = 0; i < n; i++) { - rustsecp256k1_v0_3_1_pubkey_load(ctx, &Q, pubnonces[i]); - rustsecp256k1_v0_3_1_gej_add_ge(&Qj, &Qj, &Q); + rustsecp256k1_v0_4_0_pubkey_load(ctx, &Q, pubnonces[i]); + rustsecp256k1_v0_4_0_gej_add_ge(&Qj, &Qj, &Q); } - if (rustsecp256k1_v0_3_1_gej_is_infinity(&Qj)) { + if (rustsecp256k1_v0_4_0_gej_is_infinity(&Qj)) { return 0; } - rustsecp256k1_v0_3_1_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_3_1_pubkey_save(pubnonce, &Q); + rustsecp256k1_v0_4_0_ge_set_gej(&Q, &Qj); + rustsecp256k1_v0_4_0_pubkey_save(pubnonce, &Q); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/secp256k1.c.orig b/secp256k1-sys/depend/secp256k1/src/secp256k1.c.orig index dd15de7fa..dcd6a0dee 100644 --- a/secp256k1-sys/depend/secp256k1/src/secp256k1.c.orig +++ b/secp256k1-sys/depend/secp256k1/src/secp256k1.c.orig @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include "include/secp256k1.h" #include "include/secp256k1_preallocated.h" @@ -28,67 +28,69 @@ #define ARG_CHECK(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_3_1_callback_call(&ctx->illegal_callback, #cond); \ + rustsecp256k1_v0_4_0_callback_call(&ctx->illegal_callback, #cond); \ return 0; \ } \ } while(0) #define ARG_CHECK_NO_RETURN(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_3_1_callback_call(&ctx->illegal_callback, #cond); \ + rustsecp256k1_v0_4_0_callback_call(&ctx->illegal_callback, #cond); \ } \ } while(0) #ifndef USE_EXTERNAL_DEFAULT_CALLBACKS #include #include -static void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* str, void* data) { +static void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); abort(); } -static void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* str, void* data) { +static void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); abort(); } #else -void rustsecp256k1_v0_3_1_default_illegal_callback_fn(const char* str, void* data); -void rustsecp256k1_v0_3_1_default_error_callback_fn(const char* str, void* data); +void rustsecp256k1_v0_4_0_default_illegal_callback_fn(const char* str, void* data); +void rustsecp256k1_v0_4_0_default_error_callback_fn(const char* str, void* data); #endif -static const rustsecp256k1_v0_3_1_callback default_illegal_callback = { - rustsecp256k1_v0_3_1_default_illegal_callback_fn, +static const rustsecp256k1_v0_4_0_callback default_illegal_callback = { + rustsecp256k1_v0_4_0_default_illegal_callback_fn, NULL }; -static const rustsecp256k1_v0_3_1_callback default_error_callback = { - rustsecp256k1_v0_3_1_default_error_callback_fn, +static const rustsecp256k1_v0_4_0_callback default_error_callback = { + rustsecp256k1_v0_4_0_default_error_callback_fn, NULL }; -struct rustsecp256k1_v0_3_1_context_struct { - rustsecp256k1_v0_3_1_ecmult_context ecmult_ctx; - rustsecp256k1_v0_3_1_ecmult_gen_context ecmult_gen_ctx; - rustsecp256k1_v0_3_1_callback illegal_callback; - rustsecp256k1_v0_3_1_callback error_callback; +struct rustsecp256k1_v0_4_0_context_struct { + rustsecp256k1_v0_4_0_ecmult_context ecmult_ctx; + rustsecp256k1_v0_4_0_ecmult_gen_context ecmult_gen_ctx; + rustsecp256k1_v0_4_0_callback illegal_callback; + rustsecp256k1_v0_4_0_callback error_callback; int declassify; }; -static const rustsecp256k1_v0_3_1_context rustsecp256k1_v0_3_1_context_no_precomp_ = { +static const rustsecp256k1_v0_4_0_context rustsecp256k1_v0_4_0_context_no_precomp_ = { { 0 }, { 0 }, - { rustsecp256k1_v0_3_1_default_illegal_callback_fn, 0 }, - { rustsecp256k1_v0_3_1_default_error_callback_fn, 0 }, + { rustsecp256k1_v0_4_0_default_illegal_callback_fn, 0 }, + { rustsecp256k1_v0_4_0_default_error_callback_fn, 0 }, 0 }; -const rustsecp256k1_v0_3_1_context *rustsecp256k1_v0_3_1_context_no_precomp = &rustsecp256k1_v0_3_1_context_no_precomp_; +const rustsecp256k1_v0_4_0_context *rustsecp256k1_v0_4_0_context_no_precomp = &rustsecp256k1_v0_4_0_context_no_precomp_; -size_t rustsecp256k1_v0_3_1_context_preallocated_size(unsigned int flags) { - size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_3_1_context)); +size_t rustsecp256k1_v0_4_0_context_preallocated_size(unsigned int flags) { + size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_4_0_context)); + /* A return value of 0 is reserved as an indicator for errors when we call this function internally. */ + VERIFY_CHECK(ret != 0); if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - rustsecp256k1_v0_3_1_callback_call(&default_illegal_callback, + rustsecp256k1_v0_4_0_callback_call(&default_illegal_callback, "Invalid flags"); return 0; } @@ -102,56 +104,56 @@ size_t rustsecp256k1_v0_3_1_context_preallocated_size(unsigned int flags) { return ret; } -size_t rustsecp256k1_v0_3_1_context_preallocated_clone_size(const rustsecp256k1_v0_3_1_context* ctx) { - size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_3_1_context)); +size_t rustsecp256k1_v0_4_0_context_preallocated_clone_size(const rustsecp256k1_v0_4_0_context* ctx) { + size_t ret = ROUND_TO_ALIGN(sizeof(rustsecp256k1_v0_4_0_context)); VERIFY_CHECK(ctx != NULL); - if (rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + if (rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { ret += SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE; } - if (rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)) { + if (rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)) { ret += SECP256K1_ECMULT_CONTEXT_PREALLOCATED_SIZE; } return ret; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_create(void* prealloc, unsigned int flags) { +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_create(void* prealloc, unsigned int flags) { void* const base = prealloc; size_t prealloc_size; - rustsecp256k1_v0_3_1_context* ret; + rustsecp256k1_v0_4_0_context* ret; - if (!rustsecp256k1_v0_3_1_selftest()) { - rustsecp256k1_v0_3_1_callback_call(&default_error_callback, "self test failed"); + if (!rustsecp256k1_v0_4_0_selftest()) { + rustsecp256k1_v0_4_0_callback_call(&default_error_callback, "self test failed"); + } + + prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_size(flags); + if (prealloc_size == 0) { + return NULL; } VERIFY_CHECK(prealloc != NULL); - prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_size(flags); - ret = (rustsecp256k1_v0_3_1_context*)manual_alloc(&prealloc, sizeof(rustsecp256k1_v0_3_1_context), base, prealloc_size); + ret = (rustsecp256k1_v0_4_0_context*)manual_alloc(&prealloc, sizeof(rustsecp256k1_v0_4_0_context), base, prealloc_size); ret->illegal_callback = default_illegal_callback; ret->error_callback = default_error_callback; - if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - rustsecp256k1_v0_3_1_callback_call(&ret->illegal_callback, - "Invalid flags"); - return NULL; - } - - rustsecp256k1_v0_3_1_ecmult_context_init(&ret->ecmult_ctx); - rustsecp256k1_v0_3_1_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_init(&ret->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_init(&ret->ecmult_gen_ctx); + /* Flags have been checked by rustsecp256k1_v0_4_0_context_preallocated_size. */ + VERIFY_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_CONTEXT); if (flags & SECP256K1_FLAGS_BIT_CONTEXT_SIGN) { - rustsecp256k1_v0_3_1_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); + rustsecp256k1_v0_4_0_ecmult_gen_context_build(&ret->ecmult_gen_ctx, &prealloc); } if (flags & SECP256K1_FLAGS_BIT_CONTEXT_VERIFY) { - rustsecp256k1_v0_3_1_ecmult_context_build(&ret->ecmult_ctx, &prealloc); + rustsecp256k1_v0_4_0_ecmult_context_build(&ret->ecmult_ctx, &prealloc); } ret->declassify = !!(flags & SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY); - return (rustsecp256k1_v0_3_1_context*) ret; + return (rustsecp256k1_v0_4_0_context*) ret; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_create(unsigned int flags) { - size_t const prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_size(flags); - rustsecp256k1_v0_3_1_context* ctx = (rustsecp256k1_v0_3_1_context*)checked_malloc(&default_error_callback, prealloc_size); - if (EXPECT(rustsecp256k1_v0_3_1_context_preallocated_create(ctx, flags) == NULL, 0)) { +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_create(unsigned int flags) { + size_t const prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_size(flags); + rustsecp256k1_v0_4_0_context* ctx = (rustsecp256k1_v0_4_0_context*)checked_malloc(&default_error_callback, prealloc_size); + if (EXPECT(rustsecp256k1_v0_4_0_context_preallocated_create(ctx, flags) == NULL, 0)) { free(ctx); return NULL; } @@ -159,79 +161,79 @@ rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_create(unsigned int f return ctx; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_preallocated_clone(const rustsecp256k1_v0_3_1_context* ctx, void* prealloc) { +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_preallocated_clone(const rustsecp256k1_v0_4_0_context* ctx, void* prealloc) { size_t prealloc_size; - rustsecp256k1_v0_3_1_context* ret; + rustsecp256k1_v0_4_0_context* ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(prealloc != NULL); - prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_clone_size(ctx); - ret = (rustsecp256k1_v0_3_1_context*)prealloc; + prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_clone_size(ctx); + ret = (rustsecp256k1_v0_4_0_context*)prealloc; memcpy(ret, ctx, prealloc_size); - rustsecp256k1_v0_3_1_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); - rustsecp256k1_v0_3_1_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_finalize_memcpy(&ret->ecmult_gen_ctx, &ctx->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_finalize_memcpy(&ret->ecmult_ctx, &ctx->ecmult_ctx); return ret; } -rustsecp256k1_v0_3_1_context* rustsecp256k1_v0_3_1_context_clone(const rustsecp256k1_v0_3_1_context* ctx) { - rustsecp256k1_v0_3_1_context* ret; +rustsecp256k1_v0_4_0_context* rustsecp256k1_v0_4_0_context_clone(const rustsecp256k1_v0_4_0_context* ctx) { + rustsecp256k1_v0_4_0_context* ret; size_t prealloc_size; VERIFY_CHECK(ctx != NULL); - prealloc_size = rustsecp256k1_v0_3_1_context_preallocated_clone_size(ctx); - ret = (rustsecp256k1_v0_3_1_context*)checked_malloc(&ctx->error_callback, prealloc_size); - ret = rustsecp256k1_v0_3_1_context_preallocated_clone(ctx, ret); + prealloc_size = rustsecp256k1_v0_4_0_context_preallocated_clone_size(ctx); + ret = (rustsecp256k1_v0_4_0_context*)checked_malloc(&ctx->error_callback, prealloc_size); + ret = rustsecp256k1_v0_4_0_context_preallocated_clone(ctx, ret); return ret; } -void rustsecp256k1_v0_3_1_context_preallocated_destroy(rustsecp256k1_v0_3_1_context* ctx) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_preallocated_destroy(rustsecp256k1_v0_4_0_context* ctx) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (ctx != NULL) { - rustsecp256k1_v0_3_1_ecmult_context_clear(&ctx->ecmult_ctx); - rustsecp256k1_v0_3_1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); + rustsecp256k1_v0_4_0_ecmult_context_clear(&ctx->ecmult_ctx); + rustsecp256k1_v0_4_0_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); } } -void rustsecp256k1_v0_3_1_context_destroy(rustsecp256k1_v0_3_1_context* ctx) { +void rustsecp256k1_v0_4_0_context_destroy(rustsecp256k1_v0_4_0_context* ctx) { if (ctx != NULL) { - rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx); + rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx); free(ctx); } } -void rustsecp256k1_v0_3_1_context_set_illegal_callback(rustsecp256k1_v0_3_1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_set_illegal_callback(rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (fun == NULL) { - fun = rustsecp256k1_v0_3_1_default_illegal_callback_fn; + fun = rustsecp256k1_v0_4_0_default_illegal_callback_fn; } ctx->illegal_callback.fn = fun; ctx->illegal_callback.data = data; } -void rustsecp256k1_v0_3_1_context_set_error_callback(rustsecp256k1_v0_3_1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_3_1_context_no_precomp); +void rustsecp256k1_v0_4_0_context_set_error_callback(rustsecp256k1_v0_4_0_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + ARG_CHECK_NO_RETURN(ctx != rustsecp256k1_v0_4_0_context_no_precomp); if (fun == NULL) { - fun = rustsecp256k1_v0_3_1_default_error_callback_fn; + fun = rustsecp256k1_v0_4_0_default_error_callback_fn; } ctx->error_callback.fn = fun; ctx->error_callback.data = data; } -rustsecp256k1_v0_3_1_scratch_space* rustsecp256k1_v0_3_1_scratch_space_create(const rustsecp256k1_v0_3_1_context* ctx, size_t max_size) { +rustsecp256k1_v0_4_0_scratch_space* rustsecp256k1_v0_4_0_scratch_space_create(const rustsecp256k1_v0_4_0_context* ctx, size_t max_size) { VERIFY_CHECK(ctx != NULL); - return rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, max_size); + return rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, max_size); } -void rustsecp256k1_v0_3_1_scratch_space_destroy(const rustsecp256k1_v0_3_1_context *ctx, rustsecp256k1_v0_3_1_scratch_space* scratch) { +void rustsecp256k1_v0_4_0_scratch_space_destroy(const rustsecp256k1_v0_4_0_context *ctx, rustsecp256k1_v0_4_0_scratch_space* scratch) { VERIFY_CHECK(ctx != NULL); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); } /* Mark memory as no-longer-secret for the purpose of analysing constant-time behaviour * of the software. This is setup for use with valgrind but could be substituted with * the appropriate instrumentation for other analysis tools. */ -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_declassify(const rustsecp256k1_v0_3_1_context* ctx, const void *p, size_t len) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_declassify(const rustsecp256k1_v0_4_0_context* ctx, const void *p, size_t len) { #if defined(VALGRIND) if (EXPECT(ctx->declassify,0)) VALGRIND_MAKE_MEM_DEFINED(p, len); #else @@ -241,59 +243,59 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_declassify(const rustsecp256k1 #endif } -static int rustsecp256k1_v0_3_1_pubkey_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ge* ge, const rustsecp256k1_v0_3_1_pubkey* pubkey) { - if (sizeof(rustsecp256k1_v0_3_1_ge_storage) == 64) { - /* When the rustsecp256k1_v0_3_1_ge_storage type is exactly 64 byte, use its - * representation inside rustsecp256k1_v0_3_1_pubkey, as conversion is very fast. - * Note that rustsecp256k1_v0_3_1_pubkey_save must use the same representation. */ - rustsecp256k1_v0_3_1_ge_storage s; +static int rustsecp256k1_v0_4_0_pubkey_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ge* ge, const rustsecp256k1_v0_4_0_pubkey* pubkey) { + if (sizeof(rustsecp256k1_v0_4_0_ge_storage) == 64) { + /* When the rustsecp256k1_v0_4_0_ge_storage type is exactly 64 byte, use its + * representation inside rustsecp256k1_v0_4_0_pubkey, as conversion is very fast. + * Note that rustsecp256k1_v0_4_0_pubkey_save must use the same representation. */ + rustsecp256k1_v0_4_0_ge_storage s; memcpy(&s, &pubkey->data[0], sizeof(s)); - rustsecp256k1_v0_3_1_ge_from_storage(ge, &s); + rustsecp256k1_v0_4_0_ge_from_storage(ge, &s); } else { /* Otherwise, fall back to 32-byte big endian for X and Y. */ - rustsecp256k1_v0_3_1_fe x, y; - rustsecp256k1_v0_3_1_fe_set_b32(&x, pubkey->data); - rustsecp256k1_v0_3_1_fe_set_b32(&y, pubkey->data + 32); - rustsecp256k1_v0_3_1_ge_set_xy(ge, &x, &y); + rustsecp256k1_v0_4_0_fe x, y; + rustsecp256k1_v0_4_0_fe_set_b32(&x, pubkey->data); + rustsecp256k1_v0_4_0_fe_set_b32(&y, pubkey->data + 32); + rustsecp256k1_v0_4_0_ge_set_xy(ge, &x, &y); } - ARG_CHECK(!rustsecp256k1_v0_3_1_fe_is_zero(&ge->x)); + ARG_CHECK(!rustsecp256k1_v0_4_0_fe_is_zero(&ge->x)); return 1; } -static void rustsecp256k1_v0_3_1_pubkey_save(rustsecp256k1_v0_3_1_pubkey* pubkey, rustsecp256k1_v0_3_1_ge* ge) { - if (sizeof(rustsecp256k1_v0_3_1_ge_storage) == 64) { - rustsecp256k1_v0_3_1_ge_storage s; - rustsecp256k1_v0_3_1_ge_to_storage(&s, ge); +static void rustsecp256k1_v0_4_0_pubkey_save(rustsecp256k1_v0_4_0_pubkey* pubkey, rustsecp256k1_v0_4_0_ge* ge) { + if (sizeof(rustsecp256k1_v0_4_0_ge_storage) == 64) { + rustsecp256k1_v0_4_0_ge_storage s; + rustsecp256k1_v0_4_0_ge_to_storage(&s, ge); memcpy(&pubkey->data[0], &s, sizeof(s)); } else { - VERIFY_CHECK(!rustsecp256k1_v0_3_1_ge_is_infinity(ge)); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge->x); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge->y); - rustsecp256k1_v0_3_1_fe_get_b32(pubkey->data, &ge->x); - rustsecp256k1_v0_3_1_fe_get_b32(pubkey->data + 32, &ge->y); + VERIFY_CHECK(!rustsecp256k1_v0_4_0_ge_is_infinity(ge)); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge->x); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge->y); + rustsecp256k1_v0_4_0_fe_get_b32(pubkey->data, &ge->x); + rustsecp256k1_v0_4_0_fe_get_b32(pubkey->data + 32, &ge->y); } } -int rustsecp256k1_v0_3_1_ec_pubkey_parse(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_3_1_ge Q; +int rustsecp256k1_v0_4_0_ec_pubkey_parse(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey* pubkey, const unsigned char *input, size_t inputlen) { + rustsecp256k1_v0_4_0_ge Q; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(input != NULL); - if (!rustsecp256k1_v0_3_1_eckey_pubkey_parse(&Q, input, inputlen)) { + if (!rustsecp256k1_v0_4_0_eckey_pubkey_parse(&Q, input, inputlen)) { return 0; } - if (!rustsecp256k1_v0_3_1_ge_is_in_correct_subgroup(&Q)) { + if (!rustsecp256k1_v0_4_0_ge_is_in_correct_subgroup(&Q)) { return 0; } - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &Q); - rustsecp256k1_v0_3_1_ge_clear(&Q); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &Q); + rustsecp256k1_v0_4_0_ge_clear(&Q); return 1; } -int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_3_1_pubkey* pubkey, unsigned int flags) { - rustsecp256k1_v0_3_1_ge Q; +int rustsecp256k1_v0_4_0_ec_pubkey_serialize(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_4_0_pubkey* pubkey, unsigned int flags) { + rustsecp256k1_v0_4_0_ge Q; size_t len; int ret = 0; @@ -306,8 +308,8 @@ int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* memset(output, 0, len); ARG_CHECK(pubkey != NULL); ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); - if (rustsecp256k1_v0_3_1_pubkey_load(ctx, &Q, pubkey)) { - ret = rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); + if (rustsecp256k1_v0_4_0_pubkey_load(ctx, &Q, pubkey)) { + ret = rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); if (ret) { *outputlen = len; } @@ -315,39 +317,39 @@ int rustsecp256k1_v0_3_1_ec_pubkey_serialize(const rustsecp256k1_v0_3_1_context* return ret; } -static void rustsecp256k1_v0_3_1_ecdsa_signature_load(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { +static void rustsecp256k1_v0_4_0_ecdsa_signature_load(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { (void)ctx; - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { - /* When the rustsecp256k1_v0_3_1_scalar type is exactly 32 byte, use its - * representation inside rustsecp256k1_v0_3_1_ecdsa_signature, as conversion is very fast. - * Note that rustsecp256k1_v0_3_1_ecdsa_signature_save must use the same representation. */ + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { + /* When the rustsecp256k1_v0_4_0_scalar type is exactly 32 byte, use its + * representation inside rustsecp256k1_v0_4_0_ecdsa_signature, as conversion is very fast. + * Note that rustsecp256k1_v0_4_0_ecdsa_signature_save must use the same representation. */ memcpy(r, &sig->data[0], 32); memcpy(s, &sig->data[32], 32); } else { - rustsecp256k1_v0_3_1_scalar_set_b32(r, &sig->data[0], NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(s, &sig->data[32], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(r, &sig->data[0], NULL); + rustsecp256k1_v0_4_0_scalar_set_b32(s, &sig->data[32], NULL); } } -static void rustsecp256k1_v0_3_1_ecdsa_signature_save(rustsecp256k1_v0_3_1_ecdsa_signature* sig, const rustsecp256k1_v0_3_1_scalar* r, const rustsecp256k1_v0_3_1_scalar* s) { - if (sizeof(rustsecp256k1_v0_3_1_scalar) == 32) { +static void rustsecp256k1_v0_4_0_ecdsa_signature_save(rustsecp256k1_v0_4_0_ecdsa_signature* sig, const rustsecp256k1_v0_4_0_scalar* r, const rustsecp256k1_v0_4_0_scalar* s) { + if (sizeof(rustsecp256k1_v0_4_0_scalar) == 32) { memcpy(&sig->data[0], r, 32); memcpy(&sig->data[32], s, 32); } else { - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[0], r); - rustsecp256k1_v0_3_1_scalar_get_b32(&sig->data[32], s); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[0], r); + rustsecp256k1_v0_4_0_scalar_get_b32(&sig->data[32], s); } } -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(input != NULL); - if (rustsecp256k1_v0_3_1_ecdsa_sig_parse(&r, &s, input, inputlen)) { - rustsecp256k1_v0_3_1_ecdsa_signature_save(sig, &r, &s); + if (rustsecp256k1_v0_4_0_ecdsa_sig_parse(&r, &s, input, inputlen)) { + rustsecp256k1_v0_4_0_ecdsa_signature_save(sig, &r, &s); return 1; } else { memset(sig, 0, sizeof(*sig)); @@ -355,8 +357,8 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(const rustsecp256k1_v0_3_1_co } } -int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature* sig, const unsigned char *input64) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature* sig, const unsigned char *input64) { + rustsecp256k1_v0_4_0_scalar r, s; int ret = 1; int overflow = 0; @@ -364,77 +366,77 @@ int rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(const rustsecp256k1_v0_3_ ARG_CHECK(sig != NULL); ARG_CHECK(input64 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&r, &input64[0], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - rustsecp256k1_v0_3_1_scalar_set_b32(&s, &input64[32], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; if (ret) { - rustsecp256k1_v0_3_1_ecdsa_signature_save(sig, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(sig, &r, &s); } else { memset(sig, 0, sizeof(*sig)); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output != NULL); ARG_CHECK(outputlen != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - return rustsecp256k1_v0_3_1_ecdsa_sig_serialize(output, outputlen, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + return rustsecp256k1_v0_4_0_ecdsa_sig_serialize(output, outputlen, &r, &s); } -int rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *output64, const rustsecp256k1_v0_3_1_ecdsa_signature* sig) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *output64, const rustsecp256k1_v0_4_0_ecdsa_signature* sig) { + rustsecp256k1_v0_4_0_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[0], &r); - rustsecp256k1_v0_3_1_scalar_get_b32(&output64[32], &s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[0], &r); + rustsecp256k1_v0_4_0_scalar_get_b32(&output64[32], &s); return 1; } -int rustsecp256k1_v0_3_1_ecdsa_signature_normalize(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature *sigout, const rustsecp256k1_v0_3_1_ecdsa_signature *sigin) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_signature_normalize(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature *sigout, const rustsecp256k1_v0_4_0_ecdsa_signature *sigin) { + rustsecp256k1_v0_4_0_scalar r, s; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sigin != NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sigin); - ret = rustsecp256k1_v0_3_1_scalar_is_high(&s); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sigin); + ret = rustsecp256k1_v0_4_0_scalar_is_high(&s); if (sigout != NULL) { if (ret) { - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); } - rustsecp256k1_v0_3_1_ecdsa_signature_save(sigout, &r, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(sigout, &r, &s); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_verify(const rustsecp256k1_v0_3_1_context* ctx, const rustsecp256k1_v0_3_1_ecdsa_signature *sig, const unsigned char *msg32, const rustsecp256k1_v0_3_1_pubkey *pubkey) { - rustsecp256k1_v0_3_1_ge q; - rustsecp256k1_v0_3_1_scalar r, s; - rustsecp256k1_v0_3_1_scalar m; +int rustsecp256k1_v0_4_0_ecdsa_verify(const rustsecp256k1_v0_4_0_context* ctx, const rustsecp256k1_v0_4_0_ecdsa_signature *sig, const unsigned char *msghash32, const rustsecp256k1_v0_4_0_pubkey *pubkey) { + rustsecp256k1_v0_4_0_ge q; + rustsecp256k1_v0_4_0_scalar r, s; + rustsecp256k1_v0_4_0_scalar m; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(pubkey != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&m, msg32, NULL); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, sig); - return (!rustsecp256k1_v0_3_1_scalar_is_high(&s) && - rustsecp256k1_v0_3_1_pubkey_load(ctx, &q, pubkey) && - rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); + rustsecp256k1_v0_4_0_scalar_set_b32(&m, msghash32, NULL); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, sig); + return (!rustsecp256k1_v0_4_0_scalar_is_high(&s) && + rustsecp256k1_v0_4_0_pubkey_load(ctx, &q, pubkey) && + rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m)); } static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { @@ -445,7 +447,7 @@ static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *off static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { unsigned char keydata[112]; unsigned int offset = 0; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rng; + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rng; unsigned int i; /* We feed a byte array to the PRNG as input, consisting of: * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. @@ -463,51 +465,51 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m if (algo16 != NULL) { buffer_append(keydata, &offset, algo16, 16); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); memset(keydata, 0, sizeof(keydata)); for (i = 0; i <= counter; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); return 1; } -const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_rfc6979 = nonce_function_rfc6979; -const rustsecp256k1_v0_3_1_nonce_function rustsecp256k1_v0_3_1_nonce_function_default = nonce_function_rfc6979; +const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_rfc6979 = nonce_function_rfc6979; +const rustsecp256k1_v0_4_0_nonce_function rustsecp256k1_v0_4_0_nonce_function_default = nonce_function_rfc6979; -static int rustsecp256k1_v0_3_1_ecdsa_sign_inner(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_scalar* r, rustsecp256k1_v0_3_1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_3_1_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_3_1_scalar sec, non, msg; +static int rustsecp256k1_v0_4_0_ecdsa_sign_inner(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_scalar* r, rustsecp256k1_v0_4_0_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_4_0_nonce_function noncefp, const void* noncedata) { + rustsecp256k1_v0_4_0_scalar sec, non, msg; int ret = 0; int is_sec_valid; unsigned char nonce32[32]; unsigned int count = 0; /* Default initialization here is important so we won't pass uninit values to the cmov in the end */ - *r = rustsecp256k1_v0_3_1_scalar_zero; - *s = rustsecp256k1_v0_3_1_scalar_zero; + *r = rustsecp256k1_v0_4_0_scalar_zero; + *s = rustsecp256k1_v0_4_0_scalar_zero; if (recid) { *recid = 0; } if (noncefp == NULL) { - noncefp = rustsecp256k1_v0_3_1_nonce_function_default; + noncefp = rustsecp256k1_v0_4_0_nonce_function_default; } /* Fail if the secret key is invalid. */ - is_sec_valid = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_one, !is_sec_valid); - rustsecp256k1_v0_3_1_scalar_set_b32(&msg, msg32, NULL); + is_sec_valid = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_one, !is_sec_valid); + rustsecp256k1_v0_4_0_scalar_set_b32(&msg, msg32, NULL); while (1) { int is_nonce_valid; ret = !!noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); if (!ret) { break; } - is_nonce_valid = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&non, nonce32); + is_nonce_valid = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&non, nonce32); /* The nonce is still secret here, but it being invalid is is less likely than 1:2^255. */ - rustsecp256k1_v0_3_1_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); + rustsecp256k1_v0_4_0_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); if (is_nonce_valid) { - ret = rustsecp256k1_v0_3_1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); + ret = rustsecp256k1_v0_4_0_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); /* The final signature is no longer a secret, nor is the fact that we were successful or not. */ - rustsecp256k1_v0_3_1_declassify(ctx, &ret, sizeof(ret)); + rustsecp256k1_v0_4_0_declassify(ctx, &ret, sizeof(ret)); if (ret) { break; } @@ -519,204 +521,204 @@ static int rustsecp256k1_v0_3_1_ecdsa_sign_inner(const rustsecp256k1_v0_3_1_cont * used as a branching variable. */ ret &= is_sec_valid; memset(nonce32, 0, 32); - rustsecp256k1_v0_3_1_scalar_clear(&msg); - rustsecp256k1_v0_3_1_scalar_clear(&non); - rustsecp256k1_v0_3_1_scalar_clear(&sec); - rustsecp256k1_v0_3_1_scalar_cmov(r, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_cmov(s, &rustsecp256k1_v0_3_1_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_clear(&msg); + rustsecp256k1_v0_4_0_scalar_clear(&non); + rustsecp256k1_v0_4_0_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_cmov(r, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_cmov(s, &rustsecp256k1_v0_4_0_scalar_zero, !ret); if (recid) { const int zero = 0; - rustsecp256k1_v0_3_1_int_cmov(recid, &zero, !ret); + rustsecp256k1_v0_4_0_int_cmov(recid, &zero, !ret); } return ret; } -int rustsecp256k1_v0_3_1_ecdsa_sign(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_ecdsa_signature *signature, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_3_1_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_3_1_scalar r, s; +int rustsecp256k1_v0_4_0_ecdsa_sign(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, rustsecp256k1_v0_4_0_nonce_function noncefp, const void* noncedata) { + rustsecp256k1_v0_4_0_scalar r, s; int ret; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); - ARG_CHECK(msg32 != NULL); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_ecdsa_sign_inner(ctx, &r, &s, NULL, msg32, seckey, noncefp, noncedata); - rustsecp256k1_v0_3_1_ecdsa_signature_save(signature, &r, &s); + ret = rustsecp256k1_v0_4_0_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, noncedata); + rustsecp256k1_v0_4_0_ecdsa_signature_save(signature, &r, &s); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_verify(const rustsecp256k1_v0_3_1_context* ctx, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_verify(const rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_scalar sec; int ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -static int rustsecp256k1_v0_3_1_ec_pubkey_create_helper(const rustsecp256k1_v0_3_1_ecmult_gen_context *ecmult_gen_ctx, rustsecp256k1_v0_3_1_scalar *seckey_scalar, rustsecp256k1_v0_3_1_ge *p, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_gej pj; +static int rustsecp256k1_v0_4_0_ec_pubkey_create_helper(const rustsecp256k1_v0_4_0_ecmult_gen_context *ecmult_gen_ctx, rustsecp256k1_v0_4_0_scalar *seckey_scalar, rustsecp256k1_v0_4_0_ge *p, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_gej pj; int ret; - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(seckey_scalar, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(seckey_scalar, &rustsecp256k1_v0_3_1_scalar_one, !ret); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(seckey_scalar, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(seckey_scalar, &rustsecp256k1_v0_4_0_scalar_one, !ret); - rustsecp256k1_v0_3_1_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); - rustsecp256k1_v0_3_1_ge_set_gej(p, &pj); + rustsecp256k1_v0_4_0_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); + rustsecp256k1_v0_4_0_ge_set_gej(p, &pj); return ret; } -int rustsecp256k1_v0_3_1_ec_pubkey_create(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *seckey) { - rustsecp256k1_v0_3_1_ge p; - rustsecp256k1_v0_3_1_scalar seckey_scalar; +int rustsecp256k1_v0_4_0_ec_pubkey_create(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *seckey) { + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_scalar seckey_scalar; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); - memczero(pubkey, sizeof(*pubkey), !ret); + ret = rustsecp256k1_v0_4_0_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_memczero(pubkey, sizeof(*pubkey), !ret); - rustsecp256k1_v0_3_1_scalar_clear(&seckey_scalar); + rustsecp256k1_v0_4_0_scalar_clear(&seckey_scalar); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_negate(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_negate(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey) { + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_negate(&sec, &sec); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_negate(&sec, &sec); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_negate(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey) { - return rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey); +int rustsecp256k1_v0_4_0_ec_privkey_negate(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey) { + return rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey); } -int rustsecp256k1_v0_3_1_ec_pubkey_negate(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey) { +int rustsecp256k1_v0_4_0_ec_pubkey_negate(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey) { int ret = 0; - rustsecp256k1_v0_3_1_ge p; + rustsecp256k1_v0_4_0_ge p; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); - ret = rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + ret = rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - rustsecp256k1_v0_3_1_ge_neg(&p, &p); - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_ge_neg(&p, &p); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } return ret; } -static int rustsecp256k1_v0_3_1_ec_seckey_tweak_add_helper(rustsecp256k1_v0_3_1_scalar *sec, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar term; +static int rustsecp256k1_v0_4_0_ec_seckey_tweak_add_helper(rustsecp256k1_v0_4_0_scalar *sec, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar term; int overflow = 0; int ret = 0; - rustsecp256k1_v0_3_1_scalar_set_b32(&term, tweak, &overflow); - ret = (!overflow) & rustsecp256k1_v0_3_1_eckey_privkey_tweak_add(sec, &term); - rustsecp256k1_v0_3_1_scalar_clear(&term); + rustsecp256k1_v0_4_0_scalar_set_b32(&term, tweak32, &overflow); + ret = (!overflow) & rustsecp256k1_v0_4_0_eckey_privkey_tweak_add(sec, &term); + rustsecp256k1_v0_4_0_scalar_clear(&term); return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - ret &= rustsecp256k1_v0_3_1_ec_seckey_tweak_add_helper(&sec, tweak); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + ret &= rustsecp256k1_v0_4_0_ec_seckey_tweak_add_helper(&sec, tweak32); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - return rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, seckey, tweak); +int rustsecp256k1_v0_4_0_ec_privkey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + return rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, seckey, tweak32); } -static int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(const rustsecp256k1_v0_3_1_ecmult_context* ecmult_ctx, rustsecp256k1_v0_3_1_ge *p, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar term; +static int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(const rustsecp256k1_v0_4_0_ecmult_context* ecmult_ctx, rustsecp256k1_v0_4_0_ge *p, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar term; int overflow = 0; - rustsecp256k1_v0_3_1_scalar_set_b32(&term, tweak, &overflow); - return !overflow && rustsecp256k1_v0_3_1_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); + rustsecp256k1_v0_4_0_scalar_set_b32(&term, tweak32, &overflow); + return !overflow && rustsecp256k1_v0_4_0_eckey_pubkey_tweak_add(ecmult_ctx, p, &term); } -int rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_ge p; +int rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge p; int ret = 0; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + ret = rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); - ret = ret && rustsecp256k1_v0_3_1_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak); + ret = ret && rustsecp256k1_v0_4_0_ec_pubkey_tweak_add_helper(&ctx->ecmult_ctx, &p, tweak32); if (ret) { - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } return ret; } -int rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_scalar factor; - rustsecp256k1_v0_3_1_scalar sec; +int rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_scalar factor; + rustsecp256k1_v0_4_0_scalar sec; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&factor, tweak, &overflow); - ret = rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&sec, seckey); - ret &= (!overflow) & rustsecp256k1_v0_3_1_eckey_privkey_tweak_mul(&sec, &factor); - rustsecp256k1_v0_3_1_scalar_cmov(&sec, &rustsecp256k1_v0_3_1_scalar_zero, !ret); - rustsecp256k1_v0_3_1_scalar_get_b32(seckey, &sec); + rustsecp256k1_v0_4_0_scalar_set_b32(&factor, tweak32, &overflow); + ret = rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&sec, seckey); + ret &= (!overflow) & rustsecp256k1_v0_4_0_eckey_privkey_tweak_mul(&sec, &factor); + rustsecp256k1_v0_4_0_scalar_cmov(&sec, &rustsecp256k1_v0_4_0_scalar_zero, !ret); + rustsecp256k1_v0_4_0_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_3_1_scalar_clear(&sec); - rustsecp256k1_v0_3_1_scalar_clear(&factor); + rustsecp256k1_v0_4_0_scalar_clear(&sec); + rustsecp256k1_v0_4_0_scalar_clear(&factor); return ret; } -int rustsecp256k1_v0_3_1_ec_privkey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, unsigned char *seckey, const unsigned char *tweak) { - return rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, seckey, tweak); +int rustsecp256k1_v0_4_0_ec_privkey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + return rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, seckey, tweak32); } -int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubkey, const unsigned char *tweak) { - rustsecp256k1_v0_3_1_ge p; - rustsecp256k1_v0_3_1_scalar factor; +int rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubkey, const unsigned char *tweak32) { + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_scalar factor; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_3_1_ecmult_context_is_built(&ctx->ecmult_ctx)); + ARG_CHECK(rustsecp256k1_v0_4_0_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(pubkey != NULL); - ARG_CHECK(tweak != NULL); + ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_3_1_scalar_set_b32(&factor, tweak, &overflow); - ret = !overflow && rustsecp256k1_v0_3_1_pubkey_load(ctx, &p, pubkey); + rustsecp256k1_v0_4_0_scalar_set_b32(&factor, tweak32, &overflow); + ret = !overflow && rustsecp256k1_v0_4_0_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - if (rustsecp256k1_v0_3_1_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { - rustsecp256k1_v0_3_1_pubkey_save(pubkey, &p); + if (rustsecp256k1_v0_4_0_eckey_pubkey_tweak_mul(&ctx->ecmult_ctx, &p, &factor)) { + rustsecp256k1_v0_4_0_pubkey_save(pubkey, &p); } else { ret = 0; } @@ -725,35 +727,35 @@ int rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(const rustsecp256k1_v0_3_1_context* return ret; } -int rustsecp256k1_v0_3_1_context_randomize(rustsecp256k1_v0_3_1_context* ctx, const unsigned char *seed32) { +int rustsecp256k1_v0_4_0_context_randomize(rustsecp256k1_v0_4_0_context* ctx, const unsigned char *seed32) { VERIFY_CHECK(ctx != NULL); - if (rustsecp256k1_v0_3_1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { - rustsecp256k1_v0_3_1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + if (rustsecp256k1_v0_4_0_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + rustsecp256k1_v0_4_0_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); } return 1; } -int rustsecp256k1_v0_3_1_ec_pubkey_combine(const rustsecp256k1_v0_3_1_context* ctx, rustsecp256k1_v0_3_1_pubkey *pubnonce, const rustsecp256k1_v0_3_1_pubkey * const *pubnonces, size_t n) { +int rustsecp256k1_v0_4_0_ec_pubkey_combine(const rustsecp256k1_v0_4_0_context* ctx, rustsecp256k1_v0_4_0_pubkey *pubnonce, const rustsecp256k1_v0_4_0_pubkey * const *pubnonces, size_t n) { size_t i; - rustsecp256k1_v0_3_1_gej Qj; - rustsecp256k1_v0_3_1_ge Q; + rustsecp256k1_v0_4_0_gej Qj; + rustsecp256k1_v0_4_0_ge Q; ARG_CHECK(pubnonce != NULL); memset(pubnonce, 0, sizeof(*pubnonce)); ARG_CHECK(n >= 1); ARG_CHECK(pubnonces != NULL); - rustsecp256k1_v0_3_1_gej_set_infinity(&Qj); + rustsecp256k1_v0_4_0_gej_set_infinity(&Qj); for (i = 0; i < n; i++) { - rustsecp256k1_v0_3_1_pubkey_load(ctx, &Q, pubnonces[i]); - rustsecp256k1_v0_3_1_gej_add_ge(&Qj, &Qj, &Q); + rustsecp256k1_v0_4_0_pubkey_load(ctx, &Q, pubnonces[i]); + rustsecp256k1_v0_4_0_gej_add_ge(&Qj, &Qj, &Q); } - if (rustsecp256k1_v0_3_1_gej_is_infinity(&Qj)) { + if (rustsecp256k1_v0_4_0_gej_is_infinity(&Qj)) { return 0; } - rustsecp256k1_v0_3_1_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_3_1_pubkey_save(pubnonce, &Q); + rustsecp256k1_v0_4_0_ge_set_gej(&Q, &Qj); + rustsecp256k1_v0_4_0_pubkey_save(pubnonce, &Q); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/selftest.h b/secp256k1-sys/depend/secp256k1/src/selftest.h index a50dd4031..1ba337d4f 100644 --- a/secp256k1-sys/depend/secp256k1/src/selftest.h +++ b/secp256k1-sys/depend/secp256k1/src/selftest.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_SELFTEST_H #define SECP256K1_SELFTEST_H @@ -11,22 +11,22 @@ #include -static int rustsecp256k1_v0_3_1_selftest_sha256(void) { +static int rustsecp256k1_v0_4_0_selftest_sha256(void) { static const char *input63 = "For this sample, this 63-byte string will be used as input data"; static const unsigned char output32[32] = { 0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42, }; unsigned char out[32]; - rustsecp256k1_v0_3_1_sha256 hasher; - rustsecp256k1_v0_3_1_sha256_initialize(&hasher); - rustsecp256k1_v0_3_1_sha256_write(&hasher, (const unsigned char*)input63, 63); - rustsecp256k1_v0_3_1_sha256_finalize(&hasher, out); - return memcmp(out, output32, 32) == 0; + rustsecp256k1_v0_4_0_sha256 hasher; + rustsecp256k1_v0_4_0_sha256_initialize(&hasher); + rustsecp256k1_v0_4_0_sha256_write(&hasher, (const unsigned char*)input63, 63); + rustsecp256k1_v0_4_0_sha256_finalize(&hasher, out); + return rustsecp256k1_v0_4_0_memcmp_var(out, output32, 32) == 0; } -static int rustsecp256k1_v0_3_1_selftest(void) { - return rustsecp256k1_v0_3_1_selftest_sha256(); +static int rustsecp256k1_v0_4_0_selftest(void) { + return rustsecp256k1_v0_4_0_selftest_sha256(); } #endif /* SECP256K1_SELFTEST_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/testrand.h b/secp256k1-sys/depend/secp256k1/src/testrand.h index 55263fd57..59fa2896a 100644 --- a/secp256k1-sys/depend/secp256k1/src/testrand.h +++ b/secp256k1-sys/depend/secp256k1/src/testrand.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_TESTRAND_H #define SECP256K1_TESTRAND_H @@ -14,34 +14,34 @@ /* A non-cryptographic RNG used only for test infrastructure. */ /** Seed the pseudorandom number generator for testing. */ -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_testrand_seed(const unsigned char *seed16); +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_testrand_seed(const unsigned char *seed16); /** Generate a pseudorandom number in the range [0..2**32-1]. */ -static uint32_t rustsecp256k1_v0_3_1_testrand32(void); +static uint32_t rustsecp256k1_v0_4_0_testrand32(void); /** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or * more. */ -static uint32_t rustsecp256k1_v0_3_1_testrand_bits(int bits); +static uint32_t rustsecp256k1_v0_4_0_testrand_bits(int bits); /** Generate a pseudorandom number in the range [0..range-1]. */ -static uint32_t rustsecp256k1_v0_3_1_testrand_int(uint32_t range); +static uint32_t rustsecp256k1_v0_4_0_testrand_int(uint32_t range); /** Generate a pseudorandom 32-byte array. */ -static void rustsecp256k1_v0_3_1_testrand256(unsigned char *b32); +static void rustsecp256k1_v0_4_0_testrand256(unsigned char *b32); /** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */ -static void rustsecp256k1_v0_3_1_testrand256_test(unsigned char *b32); +static void rustsecp256k1_v0_4_0_testrand256_test(unsigned char *b32); /** Generate pseudorandom bytes with long sequences of zero and one bits. */ -static void rustsecp256k1_v0_3_1_testrand_bytes_test(unsigned char *bytes, size_t len); +static void rustsecp256k1_v0_4_0_testrand_bytes_test(unsigned char *bytes, size_t len); /** Flip a single random bit in a byte array */ -static void rustsecp256k1_v0_3_1_testrand_flip(unsigned char *b, size_t len); +static void rustsecp256k1_v0_4_0_testrand_flip(unsigned char *b, size_t len); /** Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL. */ -static void rustsecp256k1_v0_3_1_testrand_init(const char* hexseed); +static void rustsecp256k1_v0_4_0_testrand_init(const char* hexseed); /** Print final test information. */ -static void rustsecp256k1_v0_3_1_testrand_finish(void); +static void rustsecp256k1_v0_4_0_testrand_finish(void); #endif /* SECP256K1_TESTRAND_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/testrand_impl.h b/secp256k1-sys/depend/secp256k1/src/testrand_impl.h index 46b89612d..2159f2f01 100644 --- a/secp256k1-sys/depend/secp256k1/src/testrand_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/testrand_impl.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013-2015 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013-2015 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_TESTRAND_IMPL_H #define SECP256K1_TESTRAND_IMPL_H @@ -14,38 +14,38 @@ #include "testrand.h" #include "hash.h" -static rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rustsecp256k1_v0_3_1_test_rng; -static uint32_t rustsecp256k1_v0_3_1_test_rng_precomputed[8]; -static int rustsecp256k1_v0_3_1_test_rng_precomputed_used = 8; -static uint64_t rustsecp256k1_v0_3_1_test_rng_integer; -static int rustsecp256k1_v0_3_1_test_rng_integer_bits_left = 0; +static rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rustsecp256k1_v0_4_0_test_rng; +static uint32_t rustsecp256k1_v0_4_0_test_rng_precomputed[8]; +static int rustsecp256k1_v0_4_0_test_rng_precomputed_used = 8; +static uint64_t rustsecp256k1_v0_4_0_test_rng_integer; +static int rustsecp256k1_v0_4_0_test_rng_integer_bits_left = 0; -SECP256K1_INLINE static void rustsecp256k1_v0_3_1_testrand_seed(const unsigned char *seed16) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rustsecp256k1_v0_3_1_test_rng, seed16, 16); +SECP256K1_INLINE static void rustsecp256k1_v0_4_0_testrand_seed(const unsigned char *seed16) { + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rustsecp256k1_v0_4_0_test_rng, seed16, 16); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_3_1_testrand32(void) { - if (rustsecp256k1_v0_3_1_test_rng_precomputed_used == 8) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_3_1_test_rng, (unsigned char*)(&rustsecp256k1_v0_3_1_test_rng_precomputed[0]), sizeof(rustsecp256k1_v0_3_1_test_rng_precomputed)); - rustsecp256k1_v0_3_1_test_rng_precomputed_used = 0; +SECP256K1_INLINE static uint32_t rustsecp256k1_v0_4_0_testrand32(void) { + if (rustsecp256k1_v0_4_0_test_rng_precomputed_used == 8) { + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_4_0_test_rng, (unsigned char*)(&rustsecp256k1_v0_4_0_test_rng_precomputed[0]), sizeof(rustsecp256k1_v0_4_0_test_rng_precomputed)); + rustsecp256k1_v0_4_0_test_rng_precomputed_used = 0; } - return rustsecp256k1_v0_3_1_test_rng_precomputed[rustsecp256k1_v0_3_1_test_rng_precomputed_used++]; + return rustsecp256k1_v0_4_0_test_rng_precomputed[rustsecp256k1_v0_4_0_test_rng_precomputed_used++]; } -static uint32_t rustsecp256k1_v0_3_1_testrand_bits(int bits) { +static uint32_t rustsecp256k1_v0_4_0_testrand_bits(int bits) { uint32_t ret; - if (rustsecp256k1_v0_3_1_test_rng_integer_bits_left < bits) { - rustsecp256k1_v0_3_1_test_rng_integer |= (((uint64_t)rustsecp256k1_v0_3_1_testrand32()) << rustsecp256k1_v0_3_1_test_rng_integer_bits_left); - rustsecp256k1_v0_3_1_test_rng_integer_bits_left += 32; + if (rustsecp256k1_v0_4_0_test_rng_integer_bits_left < bits) { + rustsecp256k1_v0_4_0_test_rng_integer |= (((uint64_t)rustsecp256k1_v0_4_0_testrand32()) << rustsecp256k1_v0_4_0_test_rng_integer_bits_left); + rustsecp256k1_v0_4_0_test_rng_integer_bits_left += 32; } - ret = rustsecp256k1_v0_3_1_test_rng_integer; - rustsecp256k1_v0_3_1_test_rng_integer >>= bits; - rustsecp256k1_v0_3_1_test_rng_integer_bits_left -= bits; + ret = rustsecp256k1_v0_4_0_test_rng_integer; + rustsecp256k1_v0_4_0_test_rng_integer >>= bits; + rustsecp256k1_v0_4_0_test_rng_integer_bits_left -= bits; ret &= ((~((uint32_t)0)) >> (32 - bits)); return ret; } -static uint32_t rustsecp256k1_v0_3_1_testrand_int(uint32_t range) { +static uint32_t rustsecp256k1_v0_4_0_testrand_int(uint32_t range) { /* We want a uniform integer between 0 and range-1, inclusive. * B is the smallest number such that range <= 2**B. * two mechanisms implemented here: @@ -77,25 +77,25 @@ static uint32_t rustsecp256k1_v0_3_1_testrand_int(uint32_t range) { mult = 1; } while(1) { - uint32_t x = rustsecp256k1_v0_3_1_testrand_bits(bits); + uint32_t x = rustsecp256k1_v0_4_0_testrand_bits(bits); if (x < trange) { return (mult == 1) ? x : (x % range); } } } -static void rustsecp256k1_v0_3_1_testrand256(unsigned char *b32) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_3_1_test_rng, b32, 32); +static void rustsecp256k1_v0_4_0_testrand256(unsigned char *b32) { + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_4_0_test_rng, b32, 32); } -static void rustsecp256k1_v0_3_1_testrand_bytes_test(unsigned char *bytes, size_t len) { +static void rustsecp256k1_v0_4_0_testrand_bytes_test(unsigned char *bytes, size_t len) { size_t bits = 0; memset(bytes, 0, len); while (bits < len * 8) { int now; uint32_t val; - now = 1 + (rustsecp256k1_v0_3_1_testrand_bits(6) * rustsecp256k1_v0_3_1_testrand_bits(5) + 16) / 31; - val = rustsecp256k1_v0_3_1_testrand_bits(1); + now = 1 + (rustsecp256k1_v0_4_0_testrand_bits(6) * rustsecp256k1_v0_4_0_testrand_bits(5) + 16) / 31; + val = rustsecp256k1_v0_4_0_testrand_bits(1); while (now > 0 && bits < len * 8) { bytes[bits / 8] |= val << (bits % 8); now--; @@ -104,15 +104,15 @@ static void rustsecp256k1_v0_3_1_testrand_bytes_test(unsigned char *bytes, size_ } } -static void rustsecp256k1_v0_3_1_testrand256_test(unsigned char *b32) { - rustsecp256k1_v0_3_1_testrand_bytes_test(b32, 32); +static void rustsecp256k1_v0_4_0_testrand256_test(unsigned char *b32) { + rustsecp256k1_v0_4_0_testrand_bytes_test(b32, 32); } -static void rustsecp256k1_v0_3_1_testrand_flip(unsigned char *b, size_t len) { - b[rustsecp256k1_v0_3_1_testrand_int(len)] ^= (1 << rustsecp256k1_v0_3_1_testrand_int(8)); +static void rustsecp256k1_v0_4_0_testrand_flip(unsigned char *b, size_t len) { + b[rustsecp256k1_v0_4_0_testrand_int(len)] ^= (1 << rustsecp256k1_v0_4_0_testrand_int(8)); } -static void rustsecp256k1_v0_3_1_testrand_init(const char* hexseed) { +static void rustsecp256k1_v0_4_0_testrand_init(const char* hexseed) { unsigned char seed16[16] = {0}; if (hexseed && strlen(hexseed) != 0) { int pos = 0; @@ -146,12 +146,12 @@ static void rustsecp256k1_v0_3_1_testrand_init(const char* hexseed) { } printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]); - rustsecp256k1_v0_3_1_testrand_seed(seed16); + rustsecp256k1_v0_4_0_testrand_seed(seed16); } -static void rustsecp256k1_v0_3_1_testrand_finish(void) { +static void rustsecp256k1_v0_4_0_testrand_finish(void) { unsigned char run32[32]; - rustsecp256k1_v0_3_1_testrand256(run32); + rustsecp256k1_v0_4_0_testrand256(run32); printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]); } diff --git a/secp256k1-sys/depend/secp256k1/src/tests.c b/secp256k1-sys/depend/secp256k1/src/tests.c index e09330a82..cb7b16870 100644 --- a/secp256k1-sys/depend/secp256k1/src/tests.c +++ b/secp256k1-sys/depend/secp256k1/src/tests.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #if defined HAVE_CONFIG_H #include "libsecp256k1-config.h" @@ -33,7 +33,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) #include "contrib/lax_der_privatekey_parsing.c" static int count = 64; -static rustsecp256k1_v0_3_1_context *ctx = NULL; +static rustsecp256k1_v0_4_0_context *ctx = NULL; static void counting_illegal_callback_fn(const char* str, void* data) { /* Dummy callback function that just counts. */ @@ -51,79 +51,79 @@ static void uncounting_illegal_callback_fn(const char* str, void* data) { (*p)--; } -void random_field_element_test(rustsecp256k1_v0_3_1_fe *fe) { +void random_field_element_test(rustsecp256k1_v0_4_0_fe *fe) { do { unsigned char b32[32]; - rustsecp256k1_v0_3_1_testrand256_test(b32); - if (rustsecp256k1_v0_3_1_fe_set_b32(fe, b32)) { + rustsecp256k1_v0_4_0_testrand256_test(b32); + if (rustsecp256k1_v0_4_0_fe_set_b32(fe, b32)) { break; } } while(1); } -void random_field_element_magnitude(rustsecp256k1_v0_3_1_fe *fe) { - rustsecp256k1_v0_3_1_fe zero; - int n = rustsecp256k1_v0_3_1_testrand_int(9); - rustsecp256k1_v0_3_1_fe_normalize(fe); +void random_field_element_magnitude(rustsecp256k1_v0_4_0_fe *fe) { + rustsecp256k1_v0_4_0_fe zero; + int n = rustsecp256k1_v0_4_0_testrand_int(9); + rustsecp256k1_v0_4_0_fe_normalize(fe); if (n == 0) { return; } - rustsecp256k1_v0_3_1_fe_clear(&zero); - rustsecp256k1_v0_3_1_fe_negate(&zero, &zero, 0); - rustsecp256k1_v0_3_1_fe_mul_int(&zero, n - 1); - rustsecp256k1_v0_3_1_fe_add(fe, &zero); + rustsecp256k1_v0_4_0_fe_clear(&zero); + rustsecp256k1_v0_4_0_fe_negate(&zero, &zero, 0); + rustsecp256k1_v0_4_0_fe_mul_int(&zero, n - 1); + rustsecp256k1_v0_4_0_fe_add(fe, &zero); #ifdef VERIFY CHECK(fe->magnitude == n); #endif } -void random_group_element_test(rustsecp256k1_v0_3_1_ge *ge) { - rustsecp256k1_v0_3_1_fe fe; +void random_group_element_test(rustsecp256k1_v0_4_0_ge *ge) { + rustsecp256k1_v0_4_0_fe fe; do { random_field_element_test(&fe); - if (rustsecp256k1_v0_3_1_ge_set_xo_var(ge, &fe, rustsecp256k1_v0_3_1_testrand_bits(1))) { - rustsecp256k1_v0_3_1_fe_normalize(&ge->y); + if (rustsecp256k1_v0_4_0_ge_set_xo_var(ge, &fe, rustsecp256k1_v0_4_0_testrand_bits(1))) { + rustsecp256k1_v0_4_0_fe_normalize(&ge->y); break; } } while(1); ge->infinity = 0; } -void random_group_element_jacobian_test(rustsecp256k1_v0_3_1_gej *gej, const rustsecp256k1_v0_3_1_ge *ge) { - rustsecp256k1_v0_3_1_fe z2, z3; +void random_group_element_jacobian_test(rustsecp256k1_v0_4_0_gej *gej, const rustsecp256k1_v0_4_0_ge *ge) { + rustsecp256k1_v0_4_0_fe z2, z3; do { random_field_element_test(&gej->z); - if (!rustsecp256k1_v0_3_1_fe_is_zero(&gej->z)) { + if (!rustsecp256k1_v0_4_0_fe_is_zero(&gej->z)) { break; } } while(1); - rustsecp256k1_v0_3_1_fe_sqr(&z2, &gej->z); - rustsecp256k1_v0_3_1_fe_mul(&z3, &z2, &gej->z); - rustsecp256k1_v0_3_1_fe_mul(&gej->x, &ge->x, &z2); - rustsecp256k1_v0_3_1_fe_mul(&gej->y, &ge->y, &z3); + rustsecp256k1_v0_4_0_fe_sqr(&z2, &gej->z); + rustsecp256k1_v0_4_0_fe_mul(&z3, &z2, &gej->z); + rustsecp256k1_v0_4_0_fe_mul(&gej->x, &ge->x, &z2); + rustsecp256k1_v0_4_0_fe_mul(&gej->y, &ge->y, &z3); gej->infinity = ge->infinity; } -void random_scalar_order_test(rustsecp256k1_v0_3_1_scalar *num) { +void random_scalar_order_test(rustsecp256k1_v0_4_0_scalar *num) { do { unsigned char b32[32]; int overflow = 0; - rustsecp256k1_v0_3_1_testrand256_test(b32); - rustsecp256k1_v0_3_1_scalar_set_b32(num, b32, &overflow); - if (overflow || rustsecp256k1_v0_3_1_scalar_is_zero(num)) { + rustsecp256k1_v0_4_0_testrand256_test(b32); + rustsecp256k1_v0_4_0_scalar_set_b32(num, b32, &overflow); + if (overflow || rustsecp256k1_v0_4_0_scalar_is_zero(num)) { continue; } break; } while(1); } -void random_scalar_order(rustsecp256k1_v0_3_1_scalar *num) { +void random_scalar_order(rustsecp256k1_v0_4_0_scalar *num) { do { unsigned char b32[32]; int overflow = 0; - rustsecp256k1_v0_3_1_testrand256(b32); - rustsecp256k1_v0_3_1_scalar_set_b32(num, b32, &overflow); - if (overflow || rustsecp256k1_v0_3_1_scalar_is_zero(num)) { + rustsecp256k1_v0_4_0_testrand256(b32); + rustsecp256k1_v0_4_0_scalar_set_b32(num, b32, &overflow); + if (overflow || rustsecp256k1_v0_4_0_scalar_is_zero(num)) { continue; } break; @@ -131,205 +131,205 @@ void random_scalar_order(rustsecp256k1_v0_3_1_scalar *num) { } void random_scalar_order_b32(unsigned char *b32) { - rustsecp256k1_v0_3_1_scalar num; + rustsecp256k1_v0_4_0_scalar num; random_scalar_order(&num); - rustsecp256k1_v0_3_1_scalar_get_b32(b32, &num); + rustsecp256k1_v0_4_0_scalar_get_b32(b32, &num); } void run_context_tests(int use_prealloc) { - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_pubkey zero_pubkey; - rustsecp256k1_v0_3_1_ecdsa_signature sig; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey zero_pubkey; + rustsecp256k1_v0_4_0_ecdsa_signature sig; unsigned char ctmp[32]; int32_t ecount; int32_t ecount2; - rustsecp256k1_v0_3_1_context *none; - rustsecp256k1_v0_3_1_context *sign; - rustsecp256k1_v0_3_1_context *vrfy; - rustsecp256k1_v0_3_1_context *both; + rustsecp256k1_v0_4_0_context *none; + rustsecp256k1_v0_4_0_context *sign; + rustsecp256k1_v0_4_0_context *vrfy; + rustsecp256k1_v0_4_0_context *both; void *none_prealloc = NULL; void *sign_prealloc = NULL; void *vrfy_prealloc = NULL; void *both_prealloc = NULL; - rustsecp256k1_v0_3_1_gej pubj; - rustsecp256k1_v0_3_1_ge pub; - rustsecp256k1_v0_3_1_scalar msg, key, nonce; - rustsecp256k1_v0_3_1_scalar sigr, sigs; + rustsecp256k1_v0_4_0_gej pubj; + rustsecp256k1_v0_4_0_ge pub; + rustsecp256k1_v0_4_0_scalar msg, key, nonce; + rustsecp256k1_v0_4_0_scalar sigr, sigs; if (use_prealloc) { - none_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - sign_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); - vrfy_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); - both_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + none_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + sign_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + vrfy_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + both_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(none_prealloc != NULL); CHECK(sign_prealloc != NULL); CHECK(vrfy_prealloc != NULL); CHECK(both_prealloc != NULL); - none = rustsecp256k1_v0_3_1_context_preallocated_create(none_prealloc, SECP256K1_CONTEXT_NONE); - sign = rustsecp256k1_v0_3_1_context_preallocated_create(sign_prealloc, SECP256K1_CONTEXT_SIGN); - vrfy = rustsecp256k1_v0_3_1_context_preallocated_create(vrfy_prealloc, SECP256K1_CONTEXT_VERIFY); - both = rustsecp256k1_v0_3_1_context_preallocated_create(both_prealloc, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + none = rustsecp256k1_v0_4_0_context_preallocated_create(none_prealloc, SECP256K1_CONTEXT_NONE); + sign = rustsecp256k1_v0_4_0_context_preallocated_create(sign_prealloc, SECP256K1_CONTEXT_SIGN); + vrfy = rustsecp256k1_v0_4_0_context_preallocated_create(vrfy_prealloc, SECP256K1_CONTEXT_VERIFY); + both = rustsecp256k1_v0_4_0_context_preallocated_create(both_prealloc, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); } else { - none = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_NONE); - sign = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN); - vrfy = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_VERIFY); - both = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + none = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_NONE); + sign = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN); + vrfy = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_VERIFY); + both = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); } memset(&zero_pubkey, 0, sizeof(zero_pubkey)); ecount = 0; ecount2 = 10; - rustsecp256k1_v0_3_1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount2); - /* set error callback (to a function that still aborts in case malloc() fails in rustsecp256k1_v0_3_1_context_clone() below) */ - rustsecp256k1_v0_3_1_context_set_error_callback(sign, rustsecp256k1_v0_3_1_default_illegal_callback_fn, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount2); + /* set error callback (to a function that still aborts in case malloc() fails in rustsecp256k1_v0_4_0_context_clone() below) */ + rustsecp256k1_v0_4_0_context_set_error_callback(sign, rustsecp256k1_v0_4_0_default_illegal_callback_fn, NULL); CHECK(sign->error_callback.fn != vrfy->error_callback.fn); - CHECK(sign->error_callback.fn == rustsecp256k1_v0_3_1_default_illegal_callback_fn); + CHECK(sign->error_callback.fn == rustsecp256k1_v0_4_0_default_illegal_callback_fn); /* check if sizes for cloning are consistent */ - CHECK(rustsecp256k1_v0_3_1_context_preallocated_clone_size(none) == rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - CHECK(rustsecp256k1_v0_3_1_context_preallocated_clone_size(sign) == rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); - CHECK(rustsecp256k1_v0_3_1_context_preallocated_clone_size(vrfy) == rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); - CHECK(rustsecp256k1_v0_3_1_context_preallocated_clone_size(both) == rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); + CHECK(rustsecp256k1_v0_4_0_context_preallocated_clone_size(none) == rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + CHECK(rustsecp256k1_v0_4_0_context_preallocated_clone_size(sign) == rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); + CHECK(rustsecp256k1_v0_4_0_context_preallocated_clone_size(vrfy) == rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); + CHECK(rustsecp256k1_v0_4_0_context_preallocated_clone_size(both) == rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); /*** clone and destroy all of them to make sure cloning was complete ***/ { - rustsecp256k1_v0_3_1_context *ctx_tmp; + rustsecp256k1_v0_4_0_context *ctx_tmp; if (use_prealloc) { /* clone into a non-preallocated context and then again into a new preallocated one. */ - ctx_tmp = none; none = rustsecp256k1_v0_3_1_context_clone(none); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); - free(none_prealloc); none_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(none_prealloc != NULL); - ctx_tmp = none; none = rustsecp256k1_v0_3_1_context_preallocated_clone(none, none_prealloc); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); + ctx_tmp = none; none = rustsecp256k1_v0_4_0_context_clone(none); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); + free(none_prealloc); none_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(none_prealloc != NULL); + ctx_tmp = none; none = rustsecp256k1_v0_4_0_context_preallocated_clone(none, none_prealloc); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); - ctx_tmp = sign; sign = rustsecp256k1_v0_3_1_context_clone(sign); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); - free(sign_prealloc); sign_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(sign_prealloc != NULL); - ctx_tmp = sign; sign = rustsecp256k1_v0_3_1_context_preallocated_clone(sign, sign_prealloc); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); + ctx_tmp = sign; sign = rustsecp256k1_v0_4_0_context_clone(sign); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); + free(sign_prealloc); sign_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(sign_prealloc != NULL); + ctx_tmp = sign; sign = rustsecp256k1_v0_4_0_context_preallocated_clone(sign, sign_prealloc); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); - ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_3_1_context_clone(vrfy); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); - free(vrfy_prealloc); vrfy_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(vrfy_prealloc != NULL); - ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_3_1_context_preallocated_clone(vrfy, vrfy_prealloc); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); + ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_4_0_context_clone(vrfy); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); + free(vrfy_prealloc); vrfy_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(vrfy_prealloc != NULL); + ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_4_0_context_preallocated_clone(vrfy, vrfy_prealloc); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); - ctx_tmp = both; both = rustsecp256k1_v0_3_1_context_clone(both); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); - free(both_prealloc); both_prealloc = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(both_prealloc != NULL); - ctx_tmp = both; both = rustsecp256k1_v0_3_1_context_preallocated_clone(both, both_prealloc); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); + ctx_tmp = both; both = rustsecp256k1_v0_4_0_context_clone(both); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); + free(both_prealloc); both_prealloc = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(both_prealloc != NULL); + ctx_tmp = both; both = rustsecp256k1_v0_4_0_context_preallocated_clone(both, both_prealloc); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); } else { /* clone into a preallocated context and then again into a new non-preallocated one. */ void *prealloc_tmp; - prealloc_tmp = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); - ctx_tmp = none; none = rustsecp256k1_v0_3_1_context_preallocated_clone(none, prealloc_tmp); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); - ctx_tmp = none; none = rustsecp256k1_v0_3_1_context_clone(none); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); + prealloc_tmp = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); + ctx_tmp = none; none = rustsecp256k1_v0_4_0_context_preallocated_clone(none, prealloc_tmp); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); + ctx_tmp = none; none = rustsecp256k1_v0_4_0_context_clone(none); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); - prealloc_tmp = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(prealloc_tmp != NULL); - ctx_tmp = sign; sign = rustsecp256k1_v0_3_1_context_preallocated_clone(sign, prealloc_tmp); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); - ctx_tmp = sign; sign = rustsecp256k1_v0_3_1_context_clone(sign); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); + prealloc_tmp = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN)); CHECK(prealloc_tmp != NULL); + ctx_tmp = sign; sign = rustsecp256k1_v0_4_0_context_preallocated_clone(sign, prealloc_tmp); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); + ctx_tmp = sign; sign = rustsecp256k1_v0_4_0_context_clone(sign); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); - prealloc_tmp = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); - ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_3_1_context_preallocated_clone(vrfy, prealloc_tmp); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); - ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_3_1_context_clone(vrfy); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); + prealloc_tmp = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_4_0_context_preallocated_clone(vrfy, prealloc_tmp); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); + ctx_tmp = vrfy; vrfy = rustsecp256k1_v0_4_0_context_clone(vrfy); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); - prealloc_tmp = malloc(rustsecp256k1_v0_3_1_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); - ctx_tmp = both; both = rustsecp256k1_v0_3_1_context_preallocated_clone(both, prealloc_tmp); rustsecp256k1_v0_3_1_context_destroy(ctx_tmp); - ctx_tmp = both; both = rustsecp256k1_v0_3_1_context_clone(both); rustsecp256k1_v0_3_1_context_preallocated_destroy(ctx_tmp); + prealloc_tmp = malloc(rustsecp256k1_v0_4_0_context_preallocated_size(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY)); CHECK(prealloc_tmp != NULL); + ctx_tmp = both; both = rustsecp256k1_v0_4_0_context_preallocated_clone(both, prealloc_tmp); rustsecp256k1_v0_4_0_context_destroy(ctx_tmp); + ctx_tmp = both; both = rustsecp256k1_v0_4_0_context_clone(both); rustsecp256k1_v0_4_0_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); } } /* Verify that the error callback makes it across the clone. */ CHECK(sign->error_callback.fn != vrfy->error_callback.fn); - CHECK(sign->error_callback.fn == rustsecp256k1_v0_3_1_default_illegal_callback_fn); + CHECK(sign->error_callback.fn == rustsecp256k1_v0_4_0_default_illegal_callback_fn); /* And that it resets back to default. */ - rustsecp256k1_v0_3_1_context_set_error_callback(sign, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_error_callback(sign, NULL, NULL); CHECK(vrfy->error_callback.fn == sign->error_callback.fn); /*** attempt to use them ***/ random_scalar_order_test(&msg); random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_ecmult_gen(&both->ecmult_gen_ctx, &pubj, &key); - rustsecp256k1_v0_3_1_ge_set_gej(&pub, &pubj); + rustsecp256k1_v0_4_0_ecmult_gen(&both->ecmult_gen_ctx, &pubj, &key); + rustsecp256k1_v0_4_0_ge_set_gej(&pub, &pubj); /* Verify context-type checking illegal-argument errors. */ memset(ctmp, 1, 32); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(vrfy, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(vrfy, &pubkey, ctmp) == 0); CHECK(ecount == 1); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(sign, &pubkey, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(sign, &pubkey, ctmp) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(vrfy, &sig, ctmp, ctmp, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(vrfy, &sig, ctmp, ctmp, NULL, NULL) == 0); CHECK(ecount == 2); VG_UNDEF(&sig, sizeof(sig)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(sign, &sig, ctmp, ctmp, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(sign, &sig, ctmp, ctmp, NULL, NULL) == 1); VG_CHECK(&sig, sizeof(sig)); CHECK(ecount2 == 10); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(sign, &sig, ctmp, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(sign, &sig, ctmp, &pubkey) == 0); CHECK(ecount2 == 11); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(vrfy, &sig, ctmp, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(vrfy, &sig, ctmp, &pubkey) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(sign, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(sign, &pubkey, ctmp) == 0); CHECK(ecount2 == 12); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(vrfy, &pubkey, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(vrfy, &pubkey, ctmp) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(sign, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(sign, &pubkey, ctmp) == 0); CHECK(ecount2 == 13); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(vrfy, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(vrfy, &pubkey) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(sign, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(sign, &pubkey) == 1); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(sign, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(sign, NULL) == 0); CHECK(ecount2 == 14); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(vrfy, &zero_pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(vrfy, &zero_pubkey) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_context_randomize(vrfy, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_context_randomize(vrfy, ctmp) == 1); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_context_randomize(vrfy, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_context_randomize(vrfy, NULL) == 1); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_context_randomize(sign, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_context_randomize(sign, ctmp) == 1); CHECK(ecount2 == 14); - CHECK(rustsecp256k1_v0_3_1_context_randomize(sign, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_context_randomize(sign, NULL) == 1); CHECK(ecount2 == 14); - rustsecp256k1_v0_3_1_context_set_illegal_callback(vrfy, NULL, NULL); - rustsecp256k1_v0_3_1_context_set_illegal_callback(sign, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(vrfy, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(sign, NULL, NULL); /* obtain a working nonce */ do { random_scalar_order_test(&nonce); - } while(!rustsecp256k1_v0_3_1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + } while(!rustsecp256k1_v0_4_0_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try signing */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_sign(&sign->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_sign(&both->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try verifying */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&vrfy->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&both->ecmult_ctx, &sigr, &sigs, &pub, &msg)); /* cleanup */ if (use_prealloc) { - rustsecp256k1_v0_3_1_context_preallocated_destroy(none); - rustsecp256k1_v0_3_1_context_preallocated_destroy(sign); - rustsecp256k1_v0_3_1_context_preallocated_destroy(vrfy); - rustsecp256k1_v0_3_1_context_preallocated_destroy(both); + rustsecp256k1_v0_4_0_context_preallocated_destroy(none); + rustsecp256k1_v0_4_0_context_preallocated_destroy(sign); + rustsecp256k1_v0_4_0_context_preallocated_destroy(vrfy); + rustsecp256k1_v0_4_0_context_preallocated_destroy(both); free(none_prealloc); free(sign_prealloc); free(vrfy_prealloc); free(both_prealloc); } else { - rustsecp256k1_v0_3_1_context_destroy(none); - rustsecp256k1_v0_3_1_context_destroy(sign); - rustsecp256k1_v0_3_1_context_destroy(vrfy); - rustsecp256k1_v0_3_1_context_destroy(both); + rustsecp256k1_v0_4_0_context_destroy(none); + rustsecp256k1_v0_4_0_context_destroy(sign); + rustsecp256k1_v0_4_0_context_destroy(vrfy); + rustsecp256k1_v0_4_0_context_destroy(both); } /* Defined as no-op. */ - rustsecp256k1_v0_3_1_context_destroy(NULL); - rustsecp256k1_v0_3_1_context_preallocated_destroy(NULL); + rustsecp256k1_v0_4_0_context_destroy(NULL); + rustsecp256k1_v0_4_0_context_preallocated_destroy(NULL); } @@ -339,81 +339,81 @@ void run_scratch_tests(void) { int32_t ecount = 0; size_t checkpoint; size_t checkpoint_2; - rustsecp256k1_v0_3_1_context *none = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_NONE); - rustsecp256k1_v0_3_1_scratch_space *scratch; - rustsecp256k1_v0_3_1_scratch_space local_scratch; + rustsecp256k1_v0_4_0_context *none = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_NONE); + rustsecp256k1_v0_4_0_scratch_space *scratch; + rustsecp256k1_v0_4_0_scratch_space local_scratch; /* Test public API */ - rustsecp256k1_v0_3_1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - rustsecp256k1_v0_3_1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - scratch = rustsecp256k1_v0_3_1_scratch_space_create(none, 1000); + scratch = rustsecp256k1_v0_4_0_scratch_space_create(none, 1000); CHECK(scratch != NULL); CHECK(ecount == 0); /* Test internal API */ - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); CHECK(scratch->alloc_size == 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating 500 bytes succeeds */ - checkpoint = rustsecp256k1_v0_3_1_scratch_checkpoint(&none->error_callback, scratch); - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + checkpoint = rustsecp256k1_v0_4_0_scratch_checkpoint(&none->error_callback, scratch); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating another 501 bytes fails */ - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&none->error_callback, scratch, 501) == NULL); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&none->error_callback, scratch, 501) == NULL); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* ...but it succeeds once we apply the checkpoint to undo it */ - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); CHECK(scratch->alloc_size == 0); - CHECK(rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&none->error_callback, scratch, 500) != NULL); + CHECK(rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 0) == 1000); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&none->error_callback, scratch, 500) != NULL); CHECK(scratch->alloc_size != 0); /* try to apply a bad checkpoint */ - checkpoint_2 = rustsecp256k1_v0_3_1_scratch_checkpoint(&none->error_callback, scratch); - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); + checkpoint_2 = rustsecp256k1_v0_4_0_scratch_checkpoint(&none->error_callback, scratch); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint); CHECK(ecount == 0); - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(&none->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ CHECK(ecount == 1); - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(&none->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(&none->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ CHECK(ecount == 2); /* try to use badly initialized scratch space */ - rustsecp256k1_v0_3_1_scratch_space_destroy(none, scratch); + rustsecp256k1_v0_4_0_scratch_space_destroy(none, scratch); memset(&local_scratch, 0, sizeof(local_scratch)); scratch = &local_scratch; - CHECK(!rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, 0)); + CHECK(!rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, 0)); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&none->error_callback, scratch, 500) == NULL); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&none->error_callback, scratch, 500) == NULL); CHECK(ecount == 4); - rustsecp256k1_v0_3_1_scratch_space_destroy(none, scratch); + rustsecp256k1_v0_4_0_scratch_space_destroy(none, scratch); CHECK(ecount == 5); /* Test that large integers do not wrap around in a bad way */ - scratch = rustsecp256k1_v0_3_1_scratch_space_create(none, 1000); + scratch = rustsecp256k1_v0_4_0_scratch_space_create(none, 1000); /* Try max allocation with a large number of objects. Only makes sense if * ALIGNMENT is greater than 1 because otherwise the objects take no extra * space. */ - CHECK(ALIGNMENT <= 1 || !rustsecp256k1_v0_3_1_scratch_max_allocation(&none->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); + CHECK(ALIGNMENT <= 1 || !rustsecp256k1_v0_4_0_scratch_max_allocation(&none->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); /* Try allocating SIZE_MAX to test wrap around which only happens if * ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch * space is too small. */ - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&none->error_callback, scratch, SIZE_MAX) == NULL); - rustsecp256k1_v0_3_1_scratch_space_destroy(none, scratch); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&none->error_callback, scratch, SIZE_MAX) == NULL); + rustsecp256k1_v0_4_0_scratch_space_destroy(none, scratch); /* cleanup */ - rustsecp256k1_v0_3_1_scratch_space_destroy(none, NULL); /* no-op */ - rustsecp256k1_v0_3_1_context_destroy(none); + rustsecp256k1_v0_4_0_scratch_space_destroy(none, NULL); /* no-op */ + rustsecp256k1_v0_4_0_context_destroy(none); } /***** HASH TESTS *****/ @@ -438,18 +438,18 @@ void run_sha256_tests(void) { int i; for (i = 0; i < 8; i++) { unsigned char out[32]; - rustsecp256k1_v0_3_1_sha256 hasher; - rustsecp256k1_v0_3_1_sha256_initialize(&hasher); - rustsecp256k1_v0_3_1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); - rustsecp256k1_v0_3_1_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); + rustsecp256k1_v0_4_0_sha256 hasher; + rustsecp256k1_v0_4_0_sha256_initialize(&hasher); + rustsecp256k1_v0_4_0_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + rustsecp256k1_v0_4_0_sha256_finalize(&hasher, out); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, outputs[i], 32) == 0); if (strlen(inputs[i]) > 0) { - int split = rustsecp256k1_v0_3_1_testrand_int(strlen(inputs[i])); - rustsecp256k1_v0_3_1_sha256_initialize(&hasher); - rustsecp256k1_v0_3_1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - rustsecp256k1_v0_3_1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); - rustsecp256k1_v0_3_1_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); + int split = rustsecp256k1_v0_4_0_testrand_int(strlen(inputs[i])); + rustsecp256k1_v0_4_0_sha256_initialize(&hasher); + rustsecp256k1_v0_4_0_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + rustsecp256k1_v0_4_0_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + rustsecp256k1_v0_4_0_sha256_finalize(&hasher, out); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, outputs[i], 32) == 0); } } } @@ -481,19 +481,19 @@ void run_hmac_sha256_tests(void) { }; int i; for (i = 0; i < 6; i++) { - rustsecp256k1_v0_3_1_hmac_sha256 hasher; + rustsecp256k1_v0_4_0_hmac_sha256 hasher; unsigned char out[32]; - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hasher, out); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, outputs[i], 32) == 0); if (strlen(inputs[i]) > 0) { - int split = rustsecp256k1_v0_3_1_testrand_int(strlen(inputs[i])); - rustsecp256k1_v0_3_1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - rustsecp256k1_v0_3_1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); - rustsecp256k1_v0_3_1_hmac_sha256_finalize(&hasher, out); - CHECK(memcmp(out, outputs[i], 32) == 0); + int split = rustsecp256k1_v0_4_0_testrand_int(strlen(inputs[i])); + rustsecp256k1_v0_4_0_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + rustsecp256k1_v0_4_0_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + rustsecp256k1_v0_4_0_hmac_sha256_finalize(&hasher, out); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, outputs[i], 32) == 0); } } } @@ -513,30 +513,30 @@ void run_rfc6979_hmac_sha256_tests(void) { {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94} }; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256 rng; + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256 rng; unsigned char out[32]; int i; - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, key1, 64); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out1[i], 32) == 0); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, out1[i], 32) == 0); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, key1, 65); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out1[i], 32) != 0); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, out1[i], 32) != 0); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_initialize(&rng, key2, 64); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(memcmp(out, out2[i], 32) == 0); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(out, out2[i], 32) == 0); } - rustsecp256k1_v0_3_1_rfc6979_hmac_sha256_finalize(&rng); + rustsecp256k1_v0_4_0_rfc6979_hmac_sha256_finalize(&rng); } /***** RANDOM TESTS *****/ @@ -558,7 +558,7 @@ void test_rand_bits(int rand32, int bits) { /* Multiply the output of all rand calls with the odd number m, which should not change the uniformity of its distribution. */ for (i = 0; i < rounds[usebits]; i++) { - uint32_t r = (rand32 ? rustsecp256k1_v0_3_1_testrand32() : rustsecp256k1_v0_3_1_testrand_bits(bits)); + uint32_t r = (rand32 ? rustsecp256k1_v0_4_0_testrand32() : rustsecp256k1_v0_4_0_testrand_bits(bits)); CHECK((((uint64_t)r) >> bits) == 0); for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { uint32_t rm = r * mults[m]; @@ -583,7 +583,7 @@ void test_rand_int(uint32_t range, uint32_t subrange) { uint64_t x = 0; CHECK((range % subrange) == 0); for (i = 0; i < rounds; i++) { - uint32_t r = rustsecp256k1_v0_3_1_testrand_int(range); + uint32_t r = rustsecp256k1_v0_4_0_testrand_int(range); CHECK(r < range); r = r % subrange; x |= (((uint64_t)1) << r); @@ -614,176 +614,176 @@ void run_rand_int(void) { /***** NUM TESTS *****/ #ifndef USE_NUM_NONE -void random_num_negate(rustsecp256k1_v0_3_1_num *num) { - if (rustsecp256k1_v0_3_1_testrand_bits(1)) { - rustsecp256k1_v0_3_1_num_negate(num); +void random_num_negate(rustsecp256k1_v0_4_0_num *num) { + if (rustsecp256k1_v0_4_0_testrand_bits(1)) { + rustsecp256k1_v0_4_0_num_negate(num); } } -void random_num_order_test(rustsecp256k1_v0_3_1_num *num) { - rustsecp256k1_v0_3_1_scalar sc; +void random_num_order_test(rustsecp256k1_v0_4_0_num *num) { + rustsecp256k1_v0_4_0_scalar sc; random_scalar_order_test(&sc); - rustsecp256k1_v0_3_1_scalar_get_num(num, &sc); + rustsecp256k1_v0_4_0_scalar_get_num(num, &sc); } -void random_num_order(rustsecp256k1_v0_3_1_num *num) { - rustsecp256k1_v0_3_1_scalar sc; +void random_num_order(rustsecp256k1_v0_4_0_num *num) { + rustsecp256k1_v0_4_0_scalar sc; random_scalar_order(&sc); - rustsecp256k1_v0_3_1_scalar_get_num(num, &sc); + rustsecp256k1_v0_4_0_scalar_get_num(num, &sc); } void test_num_negate(void) { - rustsecp256k1_v0_3_1_num n1; - rustsecp256k1_v0_3_1_num n2; + rustsecp256k1_v0_4_0_num n1; + rustsecp256k1_v0_4_0_num n2; random_num_order_test(&n1); /* n1 = R */ random_num_negate(&n1); - rustsecp256k1_v0_3_1_num_copy(&n2, &n1); /* n2 = R */ - rustsecp256k1_v0_3_1_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&n1)); - rustsecp256k1_v0_3_1_num_copy(&n1, &n2); /* n1 = R */ - rustsecp256k1_v0_3_1_num_negate(&n1); /* n1 = -R */ - CHECK(!rustsecp256k1_v0_3_1_num_is_zero(&n1)); - rustsecp256k1_v0_3_1_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&n1)); - rustsecp256k1_v0_3_1_num_copy(&n1, &n2); /* n1 = R */ - rustsecp256k1_v0_3_1_num_negate(&n1); /* n1 = -R */ - CHECK(rustsecp256k1_v0_3_1_num_is_neg(&n1) != rustsecp256k1_v0_3_1_num_is_neg(&n2)); - rustsecp256k1_v0_3_1_num_negate(&n1); /* n1 = R */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&n1, &n2)); + rustsecp256k1_v0_4_0_num_copy(&n2, &n1); /* n2 = R */ + rustsecp256k1_v0_4_0_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&n1)); + rustsecp256k1_v0_4_0_num_copy(&n1, &n2); /* n1 = R */ + rustsecp256k1_v0_4_0_num_negate(&n1); /* n1 = -R */ + CHECK(!rustsecp256k1_v0_4_0_num_is_zero(&n1)); + rustsecp256k1_v0_4_0_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&n1)); + rustsecp256k1_v0_4_0_num_copy(&n1, &n2); /* n1 = R */ + rustsecp256k1_v0_4_0_num_negate(&n1); /* n1 = -R */ + CHECK(rustsecp256k1_v0_4_0_num_is_neg(&n1) != rustsecp256k1_v0_4_0_num_is_neg(&n2)); + rustsecp256k1_v0_4_0_num_negate(&n1); /* n1 = R */ + CHECK(rustsecp256k1_v0_4_0_num_eq(&n1, &n2)); } void test_num_add_sub(void) { int i; - rustsecp256k1_v0_3_1_scalar s; - rustsecp256k1_v0_3_1_num n1; - rustsecp256k1_v0_3_1_num n2; - rustsecp256k1_v0_3_1_num n1p2, n2p1, n1m2, n2m1; + rustsecp256k1_v0_4_0_scalar s; + rustsecp256k1_v0_4_0_num n1; + rustsecp256k1_v0_4_0_num n2; + rustsecp256k1_v0_4_0_num n1p2, n2p1, n1m2, n2m1; random_num_order_test(&n1); /* n1 = R1 */ - if (rustsecp256k1_v0_3_1_testrand_bits(1)) { + if (rustsecp256k1_v0_4_0_testrand_bits(1)) { random_num_negate(&n1); } random_num_order_test(&n2); /* n2 = R2 */ - if (rustsecp256k1_v0_3_1_testrand_bits(1)) { + if (rustsecp256k1_v0_4_0_testrand_bits(1)) { random_num_negate(&n2); } - rustsecp256k1_v0_3_1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ - rustsecp256k1_v0_3_1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ - rustsecp256k1_v0_3_1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ - rustsecp256k1_v0_3_1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&n1p2, &n2p1)); - CHECK(!rustsecp256k1_v0_3_1_num_eq(&n1p2, &n1m2)); - rustsecp256k1_v0_3_1_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&n2m1, &n1m2)); - CHECK(!rustsecp256k1_v0_3_1_num_eq(&n2m1, &n1)); - rustsecp256k1_v0_3_1_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&n2m1, &n1)); - CHECK(!rustsecp256k1_v0_3_1_num_eq(&n2p1, &n1)); - rustsecp256k1_v0_3_1_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&n2p1, &n1)); + rustsecp256k1_v0_4_0_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ + rustsecp256k1_v0_4_0_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ + rustsecp256k1_v0_4_0_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ + rustsecp256k1_v0_4_0_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ + CHECK(rustsecp256k1_v0_4_0_num_eq(&n1p2, &n2p1)); + CHECK(!rustsecp256k1_v0_4_0_num_eq(&n1p2, &n1m2)); + rustsecp256k1_v0_4_0_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ + CHECK(rustsecp256k1_v0_4_0_num_eq(&n2m1, &n1m2)); + CHECK(!rustsecp256k1_v0_4_0_num_eq(&n2m1, &n1)); + rustsecp256k1_v0_4_0_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ + CHECK(rustsecp256k1_v0_4_0_num_eq(&n2m1, &n1)); + CHECK(!rustsecp256k1_v0_4_0_num_eq(&n2p1, &n1)); + rustsecp256k1_v0_4_0_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ + CHECK(rustsecp256k1_v0_4_0_num_eq(&n2p1, &n1)); /* check is_one */ - rustsecp256k1_v0_3_1_scalar_set_int(&s, 1); - rustsecp256k1_v0_3_1_scalar_get_num(&n1, &s); - CHECK(rustsecp256k1_v0_3_1_num_is_one(&n1)); + rustsecp256k1_v0_4_0_scalar_set_int(&s, 1); + rustsecp256k1_v0_4_0_scalar_get_num(&n1, &s); + CHECK(rustsecp256k1_v0_4_0_num_is_one(&n1)); /* check that 2^n + 1 is never 1 */ - rustsecp256k1_v0_3_1_scalar_get_num(&n2, &s); + rustsecp256k1_v0_4_0_scalar_get_num(&n2, &s); for (i = 0; i < 250; ++i) { - rustsecp256k1_v0_3_1_num_add(&n1, &n1, &n1); /* n1 *= 2 */ - rustsecp256k1_v0_3_1_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ - CHECK(!rustsecp256k1_v0_3_1_num_is_one(&n1p2)); + rustsecp256k1_v0_4_0_num_add(&n1, &n1, &n1); /* n1 *= 2 */ + rustsecp256k1_v0_4_0_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ + CHECK(!rustsecp256k1_v0_4_0_num_is_one(&n1p2)); } } void test_num_mod(void) { int i; - rustsecp256k1_v0_3_1_scalar s; - rustsecp256k1_v0_3_1_num order, n; + rustsecp256k1_v0_4_0_scalar s; + rustsecp256k1_v0_4_0_num order, n; /* check that 0 mod anything is 0 */ random_scalar_order_test(&s); - rustsecp256k1_v0_3_1_scalar_get_num(&order, &s); - rustsecp256k1_v0_3_1_scalar_set_int(&s, 0); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &s); - rustsecp256k1_v0_3_1_num_mod(&n, &order); - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&n)); + rustsecp256k1_v0_4_0_scalar_get_num(&order, &s); + rustsecp256k1_v0_4_0_scalar_set_int(&s, 0); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &s); + rustsecp256k1_v0_4_0_num_mod(&n, &order); + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&n)); /* check that anything mod 1 is 0 */ - rustsecp256k1_v0_3_1_scalar_set_int(&s, 1); - rustsecp256k1_v0_3_1_scalar_get_num(&order, &s); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &s); - rustsecp256k1_v0_3_1_num_mod(&n, &order); - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&n)); + rustsecp256k1_v0_4_0_scalar_set_int(&s, 1); + rustsecp256k1_v0_4_0_scalar_get_num(&order, &s); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &s); + rustsecp256k1_v0_4_0_num_mod(&n, &order); + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&n)); /* check that increasing the number past 2^256 does not break this */ random_scalar_order_test(&s); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &s); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &s); /* multiply by 2^8, which'll test this case with high probability */ for (i = 0; i < 8; ++i) { - rustsecp256k1_v0_3_1_num_add(&n, &n, &n); + rustsecp256k1_v0_4_0_num_add(&n, &n, &n); } - rustsecp256k1_v0_3_1_num_mod(&n, &order); - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&n)); + rustsecp256k1_v0_4_0_num_mod(&n, &order); + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&n)); } void test_num_jacobi(void) { - rustsecp256k1_v0_3_1_scalar sqr; - rustsecp256k1_v0_3_1_scalar small; - rustsecp256k1_v0_3_1_scalar five; /* five is not a quadratic residue */ - rustsecp256k1_v0_3_1_num order, n; + rustsecp256k1_v0_4_0_scalar sqr; + rustsecp256k1_v0_4_0_scalar small; + rustsecp256k1_v0_4_0_scalar five; /* five is not a quadratic residue */ + rustsecp256k1_v0_4_0_num order, n; int i; /* squares mod 5 are 1, 4 */ const int jacobi5[10] = { 0, 1, -1, -1, 1, 0, 1, -1, -1, 1 }; /* check some small values with 5 as the order */ - rustsecp256k1_v0_3_1_scalar_set_int(&five, 5); - rustsecp256k1_v0_3_1_scalar_get_num(&order, &five); + rustsecp256k1_v0_4_0_scalar_set_int(&five, 5); + rustsecp256k1_v0_4_0_scalar_get_num(&order, &five); for (i = 0; i < 10; ++i) { - rustsecp256k1_v0_3_1_scalar_set_int(&small, i); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &small); - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == jacobi5[i]); + rustsecp256k1_v0_4_0_scalar_set_int(&small, i); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &small); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == jacobi5[i]); } /** test large values with 5 as group order */ - rustsecp256k1_v0_3_1_scalar_get_num(&order, &five); + rustsecp256k1_v0_4_0_scalar_get_num(&order, &five); /* we first need a scalar which is not a multiple of 5 */ do { - rustsecp256k1_v0_3_1_num fiven; + rustsecp256k1_v0_4_0_num fiven; random_scalar_order_test(&sqr); - rustsecp256k1_v0_3_1_scalar_get_num(&fiven, &five); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &sqr); - rustsecp256k1_v0_3_1_num_mod(&n, &fiven); - } while (rustsecp256k1_v0_3_1_num_is_zero(&n)); + rustsecp256k1_v0_4_0_scalar_get_num(&fiven, &five); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &sqr); + rustsecp256k1_v0_4_0_num_mod(&n, &fiven); + } while (rustsecp256k1_v0_4_0_num_is_zero(&n)); /* next force it to be a residue. 2 is a nonresidue mod 5 so we can * just multiply by two, i.e. add the number to itself */ - if (rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == -1) { - rustsecp256k1_v0_3_1_num_add(&n, &n, &n); + if (rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == -1) { + rustsecp256k1_v0_4_0_num_add(&n, &n, &n); } /* test residue */ - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == 1); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == 1); /* test nonresidue */ - rustsecp256k1_v0_3_1_num_add(&n, &n, &n); - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == -1); + rustsecp256k1_v0_4_0_num_add(&n, &n, &n); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == -1); /** test with secp group order as order */ - rustsecp256k1_v0_3_1_scalar_order_get_num(&order); + rustsecp256k1_v0_4_0_scalar_order_get_num(&order); random_scalar_order_test(&sqr); - rustsecp256k1_v0_3_1_scalar_sqr(&sqr, &sqr); + rustsecp256k1_v0_4_0_scalar_sqr(&sqr, &sqr); /* test residue */ - rustsecp256k1_v0_3_1_scalar_get_num(&n, &sqr); - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == 1); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &sqr); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == 1); /* test nonresidue */ - rustsecp256k1_v0_3_1_scalar_mul(&sqr, &sqr, &five); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &sqr); - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == -1); + rustsecp256k1_v0_4_0_scalar_mul(&sqr, &sqr, &five); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &sqr); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == -1); /* test multiple of the order*/ - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&order, &order) == 0); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&order, &order) == 0); /* check one less than the order */ - rustsecp256k1_v0_3_1_scalar_set_int(&small, 1); - rustsecp256k1_v0_3_1_scalar_get_num(&n, &small); - rustsecp256k1_v0_3_1_num_sub(&n, &order, &n); - CHECK(rustsecp256k1_v0_3_1_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ + rustsecp256k1_v0_4_0_scalar_set_int(&small, 1); + rustsecp256k1_v0_4_0_scalar_get_num(&n, &small); + rustsecp256k1_v0_4_0_num_sub(&n, &order, &n); + CHECK(rustsecp256k1_v0_4_0_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ } void run_num_smalltests(void) { @@ -800,12 +800,12 @@ void run_num_smalltests(void) { /***** SCALAR TESTS *****/ void scalar_test(void) { - rustsecp256k1_v0_3_1_scalar s; - rustsecp256k1_v0_3_1_scalar s1; - rustsecp256k1_v0_3_1_scalar s2; + rustsecp256k1_v0_4_0_scalar s; + rustsecp256k1_v0_4_0_scalar s1; + rustsecp256k1_v0_4_0_scalar s2; #ifndef USE_NUM_NONE - rustsecp256k1_v0_3_1_num snum, s1num, s2num; - rustsecp256k1_v0_3_1_num order, half_order; + rustsecp256k1_v0_4_0_num snum, s1num, s2num; + rustsecp256k1_v0_4_0_num order, half_order; #endif unsigned char c[32]; @@ -817,141 +817,141 @@ void scalar_test(void) { /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ random_scalar_order_test(&s2); - rustsecp256k1_v0_3_1_scalar_get_b32(c, &s2); + rustsecp256k1_v0_4_0_scalar_get_b32(c, &s2); #ifndef USE_NUM_NONE - rustsecp256k1_v0_3_1_scalar_get_num(&snum, &s); - rustsecp256k1_v0_3_1_scalar_get_num(&s1num, &s1); - rustsecp256k1_v0_3_1_scalar_get_num(&s2num, &s2); + rustsecp256k1_v0_4_0_scalar_get_num(&snum, &s); + rustsecp256k1_v0_4_0_scalar_get_num(&s1num, &s1); + rustsecp256k1_v0_4_0_scalar_get_num(&s2num, &s2); - rustsecp256k1_v0_3_1_scalar_order_get_num(&order); + rustsecp256k1_v0_4_0_scalar_order_get_num(&order); half_order = order; - rustsecp256k1_v0_3_1_num_shift(&half_order, 1); + rustsecp256k1_v0_4_0_num_shift(&half_order, 1); #endif { int i; /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ - rustsecp256k1_v0_3_1_scalar n; - rustsecp256k1_v0_3_1_scalar_set_int(&n, 0); + rustsecp256k1_v0_4_0_scalar n; + rustsecp256k1_v0_4_0_scalar_set_int(&n, 0); for (i = 0; i < 256; i += 4) { - rustsecp256k1_v0_3_1_scalar t; + rustsecp256k1_v0_4_0_scalar t; int j; - rustsecp256k1_v0_3_1_scalar_set_int(&t, rustsecp256k1_v0_3_1_scalar_get_bits(&s, 256 - 4 - i, 4)); + rustsecp256k1_v0_4_0_scalar_set_int(&t, rustsecp256k1_v0_4_0_scalar_get_bits(&s, 256 - 4 - i, 4)); for (j = 0; j < 4; j++) { - rustsecp256k1_v0_3_1_scalar_add(&n, &n, &n); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, &n); } - rustsecp256k1_v0_3_1_scalar_add(&n, &n, &t); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, &t); } - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&n, &s)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&n, &s)); } { /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ - rustsecp256k1_v0_3_1_scalar n; + rustsecp256k1_v0_4_0_scalar n; int i = 0; - rustsecp256k1_v0_3_1_scalar_set_int(&n, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&n, 0); while (i < 256) { - rustsecp256k1_v0_3_1_scalar t; + rustsecp256k1_v0_4_0_scalar t; int j; - int now = rustsecp256k1_v0_3_1_testrand_int(15) + 1; + int now = rustsecp256k1_v0_4_0_testrand_int(15) + 1; if (now + i > 256) { now = 256 - i; } - rustsecp256k1_v0_3_1_scalar_set_int(&t, rustsecp256k1_v0_3_1_scalar_get_bits_var(&s, 256 - now - i, now)); + rustsecp256k1_v0_4_0_scalar_set_int(&t, rustsecp256k1_v0_4_0_scalar_get_bits_var(&s, 256 - now - i, now)); for (j = 0; j < now; j++) { - rustsecp256k1_v0_3_1_scalar_add(&n, &n, &n); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, &n); } - rustsecp256k1_v0_3_1_scalar_add(&n, &n, &t); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, &t); i += now; } - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&n, &s)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&n, &s)); } #ifndef USE_NUM_NONE { /* Test that adding the scalars together is equal to adding their numbers together modulo the order. */ - rustsecp256k1_v0_3_1_num rnum; - rustsecp256k1_v0_3_1_num r2num; - rustsecp256k1_v0_3_1_scalar r; - rustsecp256k1_v0_3_1_num_add(&rnum, &snum, &s2num); - rustsecp256k1_v0_3_1_num_mod(&rnum, &order); - rustsecp256k1_v0_3_1_scalar_add(&r, &s, &s2); - rustsecp256k1_v0_3_1_scalar_get_num(&r2num, &r); - CHECK(rustsecp256k1_v0_3_1_num_eq(&rnum, &r2num)); + rustsecp256k1_v0_4_0_num rnum; + rustsecp256k1_v0_4_0_num r2num; + rustsecp256k1_v0_4_0_scalar r; + rustsecp256k1_v0_4_0_num_add(&rnum, &snum, &s2num); + rustsecp256k1_v0_4_0_num_mod(&rnum, &order); + rustsecp256k1_v0_4_0_scalar_add(&r, &s, &s2); + rustsecp256k1_v0_4_0_scalar_get_num(&r2num, &r); + CHECK(rustsecp256k1_v0_4_0_num_eq(&rnum, &r2num)); } { /* Test that multiplying the scalars is equal to multiplying their numbers modulo the order. */ - rustsecp256k1_v0_3_1_scalar r; - rustsecp256k1_v0_3_1_num r2num; - rustsecp256k1_v0_3_1_num rnum; - rustsecp256k1_v0_3_1_num_mul(&rnum, &snum, &s2num); - rustsecp256k1_v0_3_1_num_mod(&rnum, &order); - rustsecp256k1_v0_3_1_scalar_mul(&r, &s, &s2); - rustsecp256k1_v0_3_1_scalar_get_num(&r2num, &r); - CHECK(rustsecp256k1_v0_3_1_num_eq(&rnum, &r2num)); + rustsecp256k1_v0_4_0_scalar r; + rustsecp256k1_v0_4_0_num r2num; + rustsecp256k1_v0_4_0_num rnum; + rustsecp256k1_v0_4_0_num_mul(&rnum, &snum, &s2num); + rustsecp256k1_v0_4_0_num_mod(&rnum, &order); + rustsecp256k1_v0_4_0_scalar_mul(&r, &s, &s2); + rustsecp256k1_v0_4_0_scalar_get_num(&r2num, &r); + CHECK(rustsecp256k1_v0_4_0_num_eq(&rnum, &r2num)); /* The result can only be zero if at least one of the factors was zero. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&r) == (rustsecp256k1_v0_3_1_scalar_is_zero(&s) || rustsecp256k1_v0_3_1_scalar_is_zero(&s2))); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&r) == (rustsecp256k1_v0_4_0_scalar_is_zero(&s) || rustsecp256k1_v0_4_0_scalar_is_zero(&s2))); /* The results can only be equal to one of the factors if that factor was zero, or the other factor was one. */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&rnum, &snum) == (rustsecp256k1_v0_3_1_scalar_is_zero(&s) || rustsecp256k1_v0_3_1_scalar_is_one(&s2))); - CHECK(rustsecp256k1_v0_3_1_num_eq(&rnum, &s2num) == (rustsecp256k1_v0_3_1_scalar_is_zero(&s2) || rustsecp256k1_v0_3_1_scalar_is_one(&s))); + CHECK(rustsecp256k1_v0_4_0_num_eq(&rnum, &snum) == (rustsecp256k1_v0_4_0_scalar_is_zero(&s) || rustsecp256k1_v0_4_0_scalar_is_one(&s2))); + CHECK(rustsecp256k1_v0_4_0_num_eq(&rnum, &s2num) == (rustsecp256k1_v0_4_0_scalar_is_zero(&s2) || rustsecp256k1_v0_4_0_scalar_is_one(&s))); } { - rustsecp256k1_v0_3_1_scalar neg; - rustsecp256k1_v0_3_1_num negnum; - rustsecp256k1_v0_3_1_num negnum2; + rustsecp256k1_v0_4_0_scalar neg; + rustsecp256k1_v0_4_0_num negnum; + rustsecp256k1_v0_4_0_num negnum2; /* Check that comparison with zero matches comparison with zero on the number. */ - CHECK(rustsecp256k1_v0_3_1_num_is_zero(&snum) == rustsecp256k1_v0_3_1_scalar_is_zero(&s)); + CHECK(rustsecp256k1_v0_4_0_num_is_zero(&snum) == rustsecp256k1_v0_4_0_scalar_is_zero(&s)); /* Check that comparison with the half order is equal to testing for high scalar. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_high(&s) == (rustsecp256k1_v0_3_1_num_cmp(&snum, &half_order) > 0)); - rustsecp256k1_v0_3_1_scalar_negate(&neg, &s); - rustsecp256k1_v0_3_1_num_sub(&negnum, &order, &snum); - rustsecp256k1_v0_3_1_num_mod(&negnum, &order); + CHECK(rustsecp256k1_v0_4_0_scalar_is_high(&s) == (rustsecp256k1_v0_4_0_num_cmp(&snum, &half_order) > 0)); + rustsecp256k1_v0_4_0_scalar_negate(&neg, &s); + rustsecp256k1_v0_4_0_num_sub(&negnum, &order, &snum); + rustsecp256k1_v0_4_0_num_mod(&negnum, &order); /* Check that comparison with the half order is equal to testing for high scalar after negation. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_high(&neg) == (rustsecp256k1_v0_3_1_num_cmp(&negnum, &half_order) > 0)); + CHECK(rustsecp256k1_v0_4_0_scalar_is_high(&neg) == (rustsecp256k1_v0_4_0_num_cmp(&negnum, &half_order) > 0)); /* Negating should change the high property, unless the value was already zero. */ - CHECK((rustsecp256k1_v0_3_1_scalar_is_high(&s) == rustsecp256k1_v0_3_1_scalar_is_high(&neg)) == rustsecp256k1_v0_3_1_scalar_is_zero(&s)); - rustsecp256k1_v0_3_1_scalar_get_num(&negnum2, &neg); + CHECK((rustsecp256k1_v0_4_0_scalar_is_high(&s) == rustsecp256k1_v0_4_0_scalar_is_high(&neg)) == rustsecp256k1_v0_4_0_scalar_is_zero(&s)); + rustsecp256k1_v0_4_0_scalar_get_num(&negnum2, &neg); /* Negating a scalar should be equal to (order - n) mod order on the number. */ - CHECK(rustsecp256k1_v0_3_1_num_eq(&negnum, &negnum2)); - rustsecp256k1_v0_3_1_scalar_add(&neg, &neg, &s); + CHECK(rustsecp256k1_v0_4_0_num_eq(&negnum, &negnum2)); + rustsecp256k1_v0_4_0_scalar_add(&neg, &neg, &s); /* Adding a number to its negation should result in zero. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&neg)); - rustsecp256k1_v0_3_1_scalar_negate(&neg, &neg); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&neg)); + rustsecp256k1_v0_4_0_scalar_negate(&neg, &neg); /* Negating zero should still result in zero. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&neg)); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&neg)); } { - /* Test rustsecp256k1_v0_3_1_scalar_mul_shift_var. */ - rustsecp256k1_v0_3_1_scalar r; - rustsecp256k1_v0_3_1_num one; - rustsecp256k1_v0_3_1_num rnum; - rustsecp256k1_v0_3_1_num rnum2; + /* Test rustsecp256k1_v0_4_0_scalar_mul_shift_var. */ + rustsecp256k1_v0_4_0_scalar r; + rustsecp256k1_v0_4_0_num one; + rustsecp256k1_v0_4_0_num rnum; + rustsecp256k1_v0_4_0_num rnum2; unsigned char cone[1] = {0x01}; - unsigned int shift = 256 + rustsecp256k1_v0_3_1_testrand_int(257); - rustsecp256k1_v0_3_1_scalar_mul_shift_var(&r, &s1, &s2, shift); - rustsecp256k1_v0_3_1_num_mul(&rnum, &s1num, &s2num); - rustsecp256k1_v0_3_1_num_shift(&rnum, shift - 1); - rustsecp256k1_v0_3_1_num_set_bin(&one, cone, 1); - rustsecp256k1_v0_3_1_num_add(&rnum, &rnum, &one); - rustsecp256k1_v0_3_1_num_shift(&rnum, 1); - rustsecp256k1_v0_3_1_scalar_get_num(&rnum2, &r); - CHECK(rustsecp256k1_v0_3_1_num_eq(&rnum, &rnum2)); + unsigned int shift = 256 + rustsecp256k1_v0_4_0_testrand_int(257); + rustsecp256k1_v0_4_0_scalar_mul_shift_var(&r, &s1, &s2, shift); + rustsecp256k1_v0_4_0_num_mul(&rnum, &s1num, &s2num); + rustsecp256k1_v0_4_0_num_shift(&rnum, shift - 1); + rustsecp256k1_v0_4_0_num_set_bin(&one, cone, 1); + rustsecp256k1_v0_4_0_num_add(&rnum, &rnum, &one); + rustsecp256k1_v0_4_0_num_shift(&rnum, 1); + rustsecp256k1_v0_4_0_scalar_get_num(&rnum2, &r); + CHECK(rustsecp256k1_v0_4_0_num_eq(&rnum, &rnum2)); } { - /* test rustsecp256k1_v0_3_1_scalar_shr_int */ - rustsecp256k1_v0_3_1_scalar r; + /* test rustsecp256k1_v0_4_0_scalar_shr_int */ + rustsecp256k1_v0_4_0_scalar r; int i; random_scalar_order_test(&r); for (i = 0; i < 100; ++i) { int low; - int shift = 1 + rustsecp256k1_v0_3_1_testrand_int(15); + int shift = 1 + rustsecp256k1_v0_4_0_testrand_int(15); int expected = r.d[0] % (1 << shift); - low = rustsecp256k1_v0_3_1_scalar_shr_int(&r, shift); + low = rustsecp256k1_v0_4_0_scalar_shr_int(&r, shift); CHECK(expected == low); } } @@ -959,150 +959,150 @@ void scalar_test(void) { { /* Test that scalar inverses are equal to the inverse of their number modulo the order. */ - if (!rustsecp256k1_v0_3_1_scalar_is_zero(&s)) { - rustsecp256k1_v0_3_1_scalar inv; + if (!rustsecp256k1_v0_4_0_scalar_is_zero(&s)) { + rustsecp256k1_v0_4_0_scalar inv; #ifndef USE_NUM_NONE - rustsecp256k1_v0_3_1_num invnum; - rustsecp256k1_v0_3_1_num invnum2; + rustsecp256k1_v0_4_0_num invnum; + rustsecp256k1_v0_4_0_num invnum2; #endif - rustsecp256k1_v0_3_1_scalar_inverse(&inv, &s); + rustsecp256k1_v0_4_0_scalar_inverse(&inv, &s); #ifndef USE_NUM_NONE - rustsecp256k1_v0_3_1_num_mod_inverse(&invnum, &snum, &order); - rustsecp256k1_v0_3_1_scalar_get_num(&invnum2, &inv); - CHECK(rustsecp256k1_v0_3_1_num_eq(&invnum, &invnum2)); + rustsecp256k1_v0_4_0_num_mod_inverse(&invnum, &snum, &order); + rustsecp256k1_v0_4_0_scalar_get_num(&invnum2, &inv); + CHECK(rustsecp256k1_v0_4_0_num_eq(&invnum, &invnum2)); #endif - rustsecp256k1_v0_3_1_scalar_mul(&inv, &inv, &s); + rustsecp256k1_v0_4_0_scalar_mul(&inv, &inv, &s); /* Multiplying a scalar with its inverse must result in one. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_one(&inv)); - rustsecp256k1_v0_3_1_scalar_inverse(&inv, &inv); + CHECK(rustsecp256k1_v0_4_0_scalar_is_one(&inv)); + rustsecp256k1_v0_4_0_scalar_inverse(&inv, &inv); /* Inverting one must result in one. */ - CHECK(rustsecp256k1_v0_3_1_scalar_is_one(&inv)); + CHECK(rustsecp256k1_v0_4_0_scalar_is_one(&inv)); #ifndef USE_NUM_NONE - rustsecp256k1_v0_3_1_scalar_get_num(&invnum, &inv); - CHECK(rustsecp256k1_v0_3_1_num_is_one(&invnum)); + rustsecp256k1_v0_4_0_scalar_get_num(&invnum, &inv); + CHECK(rustsecp256k1_v0_4_0_num_is_one(&invnum)); #endif } } { /* Test commutativity of add. */ - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_3_1_scalar_add(&r2, &s2, &s1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar_add(&r1, &s1, &s2); + rustsecp256k1_v0_4_0_scalar_add(&r2, &s2, &s1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar b; + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar b; int i; /* Test add_bit. */ - int bit = rustsecp256k1_v0_3_1_testrand_bits(8); - rustsecp256k1_v0_3_1_scalar_set_int(&b, 1); - CHECK(rustsecp256k1_v0_3_1_scalar_is_one(&b)); + int bit = rustsecp256k1_v0_4_0_testrand_bits(8); + rustsecp256k1_v0_4_0_scalar_set_int(&b, 1); + CHECK(rustsecp256k1_v0_4_0_scalar_is_one(&b)); for (i = 0; i < bit; i++) { - rustsecp256k1_v0_3_1_scalar_add(&b, &b, &b); + rustsecp256k1_v0_4_0_scalar_add(&b, &b, &b); } r1 = s1; r2 = s1; - if (!rustsecp256k1_v0_3_1_scalar_add(&r1, &r1, &b)) { + if (!rustsecp256k1_v0_4_0_scalar_add(&r1, &r1, &b)) { /* No overflow happened. */ - rustsecp256k1_v0_3_1_scalar_cadd_bit(&r2, bit, 1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar_cadd_bit(&r2, bit, 1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); /* cadd is a noop when flag is zero */ - rustsecp256k1_v0_3_1_scalar_cadd_bit(&r2, bit, 0); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar_cadd_bit(&r2, bit, 0); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } } { /* Test commutativity of mul. */ - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar_mul(&r1, &s1, &s2); - rustsecp256k1_v0_3_1_scalar_mul(&r2, &s2, &s1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar_mul(&r1, &s1, &s2); + rustsecp256k1_v0_4_0_scalar_mul(&r2, &s2, &s1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { /* Test associativity of add. */ - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_3_1_scalar_add(&r1, &r1, &s); - rustsecp256k1_v0_3_1_scalar_add(&r2, &s2, &s); - rustsecp256k1_v0_3_1_scalar_add(&r2, &s1, &r2); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar_add(&r1, &s1, &s2); + rustsecp256k1_v0_4_0_scalar_add(&r1, &r1, &s); + rustsecp256k1_v0_4_0_scalar_add(&r2, &s2, &s); + rustsecp256k1_v0_4_0_scalar_add(&r2, &s1, &r2); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { /* Test associativity of mul. */ - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar_mul(&r1, &s1, &s2); - rustsecp256k1_v0_3_1_scalar_mul(&r1, &r1, &s); - rustsecp256k1_v0_3_1_scalar_mul(&r2, &s2, &s); - rustsecp256k1_v0_3_1_scalar_mul(&r2, &s1, &r2); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar_mul(&r1, &s1, &s2); + rustsecp256k1_v0_4_0_scalar_mul(&r1, &r1, &s); + rustsecp256k1_v0_4_0_scalar_mul(&r2, &s2, &s); + rustsecp256k1_v0_4_0_scalar_mul(&r2, &s1, &r2); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { /* Test distributitivity of mul over add. */ - rustsecp256k1_v0_3_1_scalar r1, r2, t; - rustsecp256k1_v0_3_1_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_3_1_scalar_mul(&r1, &r1, &s); - rustsecp256k1_v0_3_1_scalar_mul(&r2, &s1, &s); - rustsecp256k1_v0_3_1_scalar_mul(&t, &s2, &s); - rustsecp256k1_v0_3_1_scalar_add(&r2, &r2, &t); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2, t; + rustsecp256k1_v0_4_0_scalar_add(&r1, &s1, &s2); + rustsecp256k1_v0_4_0_scalar_mul(&r1, &r1, &s); + rustsecp256k1_v0_4_0_scalar_mul(&r2, &s1, &s); + rustsecp256k1_v0_4_0_scalar_mul(&t, &s2, &s); + rustsecp256k1_v0_4_0_scalar_add(&r2, &r2, &t); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { /* Test square. */ - rustsecp256k1_v0_3_1_scalar r1, r2; - rustsecp256k1_v0_3_1_scalar_sqr(&r1, &s1); - rustsecp256k1_v0_3_1_scalar_mul(&r2, &s1, &s1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &r2)); + rustsecp256k1_v0_4_0_scalar r1, r2; + rustsecp256k1_v0_4_0_scalar_sqr(&r1, &s1); + rustsecp256k1_v0_4_0_scalar_mul(&r2, &s1, &s1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &r2)); } { /* Test multiplicative identity. */ - rustsecp256k1_v0_3_1_scalar r1, v1; - rustsecp256k1_v0_3_1_scalar_set_int(&v1,1); - rustsecp256k1_v0_3_1_scalar_mul(&r1, &s1, &v1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &s1)); + rustsecp256k1_v0_4_0_scalar r1, v1; + rustsecp256k1_v0_4_0_scalar_set_int(&v1,1); + rustsecp256k1_v0_4_0_scalar_mul(&r1, &s1, &v1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &s1)); } { /* Test additive identity. */ - rustsecp256k1_v0_3_1_scalar r1, v0; - rustsecp256k1_v0_3_1_scalar_set_int(&v0,0); - rustsecp256k1_v0_3_1_scalar_add(&r1, &s1, &v0); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &s1)); + rustsecp256k1_v0_4_0_scalar r1, v0; + rustsecp256k1_v0_4_0_scalar_set_int(&v0,0); + rustsecp256k1_v0_4_0_scalar_add(&r1, &s1, &v0); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &s1)); } { /* Test zero product property. */ - rustsecp256k1_v0_3_1_scalar r1, v0; - rustsecp256k1_v0_3_1_scalar_set_int(&v0,0); - rustsecp256k1_v0_3_1_scalar_mul(&r1, &s1, &v0); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &v0)); + rustsecp256k1_v0_4_0_scalar r1, v0; + rustsecp256k1_v0_4_0_scalar_set_int(&v0,0); + rustsecp256k1_v0_4_0_scalar_mul(&r1, &s1, &v0); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &v0)); } } void run_scalar_set_b32_seckey_tests(void) { unsigned char b32[32]; - rustsecp256k1_v0_3_1_scalar s1; - rustsecp256k1_v0_3_1_scalar s2; + rustsecp256k1_v0_4_0_scalar s1; + rustsecp256k1_v0_4_0_scalar s2; /* Usually set_b32 and set_b32_seckey give the same result */ random_scalar_order_b32(b32); - rustsecp256k1_v0_3_1_scalar_set_b32(&s1, b32, NULL); - CHECK(rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&s2, b32) == 1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&s1, &s2) == 1); + rustsecp256k1_v0_4_0_scalar_set_b32(&s1, b32, NULL); + CHECK(rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&s2, b32) == 1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&s1, &s2) == 1); memset(b32, 0, sizeof(b32)); - CHECK(rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&s2, b32) == 0); + CHECK(rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&s2, b32) == 0); memset(b32, 0xFF, sizeof(b32)); - CHECK(rustsecp256k1_v0_3_1_scalar_set_b32_seckey(&s2, b32) == 0); + CHECK(rustsecp256k1_v0_4_0_scalar_set_b32_seckey(&s2, b32) == 0); } void run_scalar_tests(void) { @@ -1116,65 +1116,65 @@ void run_scalar_tests(void) { { /* (-1)+1 should be zero. */ - rustsecp256k1_v0_3_1_scalar s, o; - rustsecp256k1_v0_3_1_scalar_set_int(&s, 1); - CHECK(rustsecp256k1_v0_3_1_scalar_is_one(&s)); - rustsecp256k1_v0_3_1_scalar_negate(&o, &s); - rustsecp256k1_v0_3_1_scalar_add(&o, &o, &s); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&o)); - rustsecp256k1_v0_3_1_scalar_negate(&o, &o); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&o)); + rustsecp256k1_v0_4_0_scalar s, o; + rustsecp256k1_v0_4_0_scalar_set_int(&s, 1); + CHECK(rustsecp256k1_v0_4_0_scalar_is_one(&s)); + rustsecp256k1_v0_4_0_scalar_negate(&o, &s); + rustsecp256k1_v0_4_0_scalar_add(&o, &o, &s); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&o)); + rustsecp256k1_v0_4_0_scalar_negate(&o, &o); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&o)); } #ifndef USE_NUM_NONE { - /* Test rustsecp256k1_v0_3_1_scalar_set_b32 boundary conditions */ - rustsecp256k1_v0_3_1_num order; - rustsecp256k1_v0_3_1_scalar scalar; + /* Test rustsecp256k1_v0_4_0_scalar_set_b32 boundary conditions */ + rustsecp256k1_v0_4_0_num order; + rustsecp256k1_v0_4_0_scalar scalar; unsigned char bin[32]; unsigned char bin_tmp[32]; int overflow = 0; /* 2^256-1 - order */ - static const rustsecp256k1_v0_3_1_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST( + static const rustsecp256k1_v0_4_0_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST( 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000001UL, 0x45512319UL, 0x50B75FC4UL, 0x402DA173UL, 0x2FC9BEBEUL ); /* A scalar set to 0s should be 0. */ memset(bin, 0, 32); - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar, bin, &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar, bin, &overflow); CHECK(overflow == 0); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&scalar)); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&scalar)); /* A scalar with value of the curve order should be 0. */ - rustsecp256k1_v0_3_1_scalar_order_get_num(&order); - rustsecp256k1_v0_3_1_num_get_bin(bin, 32, &order); - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar, bin, &overflow); + rustsecp256k1_v0_4_0_scalar_order_get_num(&order); + rustsecp256k1_v0_4_0_num_get_bin(bin, 32, &order); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar, bin, &overflow); CHECK(overflow == 1); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&scalar)); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&scalar)); /* A scalar with value of the curve order minus one should not overflow. */ bin[31] -= 1; - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar, bin, &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar, bin, &overflow); CHECK(overflow == 0); - rustsecp256k1_v0_3_1_scalar_get_b32(bin_tmp, &scalar); - CHECK(memcmp(bin, bin_tmp, 32) == 0); + rustsecp256k1_v0_4_0_scalar_get_b32(bin_tmp, &scalar); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(bin, bin_tmp, 32) == 0); /* A scalar set to all 1s should overflow. */ memset(bin, 0xFF, 32); - rustsecp256k1_v0_3_1_scalar_set_b32(&scalar, bin, &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&scalar, bin, &overflow); CHECK(overflow == 1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&scalar, &all_ones_minus_order)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&scalar, &all_ones_minus_order)); } #endif { /* Does check_overflow check catch all ones? */ - static const rustsecp256k1_v0_3_1_scalar overflowed = SECP256K1_SCALAR_CONST( + static const rustsecp256k1_v0_4_0_scalar overflowed = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - CHECK(rustsecp256k1_v0_3_1_scalar_check_overflow(&overflowed)); + CHECK(rustsecp256k1_v0_4_0_scalar_check_overflow(&overflowed)); } { @@ -1183,15 +1183,15 @@ void run_scalar_tests(void) { * and edge-case coverage on 32-bit and 64-bit implementations. * The responses were generated with Sage 5.9. */ - rustsecp256k1_v0_3_1_scalar x; - rustsecp256k1_v0_3_1_scalar y; - rustsecp256k1_v0_3_1_scalar z; - rustsecp256k1_v0_3_1_scalar zz; - rustsecp256k1_v0_3_1_scalar one; - rustsecp256k1_v0_3_1_scalar r1; - rustsecp256k1_v0_3_1_scalar r2; + rustsecp256k1_v0_4_0_scalar x; + rustsecp256k1_v0_4_0_scalar y; + rustsecp256k1_v0_4_0_scalar z; + rustsecp256k1_v0_4_0_scalar zz; + rustsecp256k1_v0_4_0_scalar one; + rustsecp256k1_v0_4_0_scalar r1; + rustsecp256k1_v0_4_0_scalar r2; #if defined(USE_SCALAR_INV_NUM) - rustsecp256k1_v0_3_1_scalar zzv; + rustsecp256k1_v0_4_0_scalar zzv; #endif int overflow; unsigned char chal[33][2][32] = { @@ -1726,71 +1726,71 @@ void run_scalar_tests(void) { 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46, 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}} }; - rustsecp256k1_v0_3_1_scalar_set_int(&one, 1); + rustsecp256k1_v0_4_0_scalar_set_int(&one, 1); for (i = 0; i < 33; i++) { - rustsecp256k1_v0_3_1_scalar_set_b32(&x, chal[i][0], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&x, chal[i][0], &overflow); CHECK(!overflow); - rustsecp256k1_v0_3_1_scalar_set_b32(&y, chal[i][1], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&y, chal[i][1], &overflow); CHECK(!overflow); - rustsecp256k1_v0_3_1_scalar_set_b32(&r1, res[i][0], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&r1, res[i][0], &overflow); CHECK(!overflow); - rustsecp256k1_v0_3_1_scalar_set_b32(&r2, res[i][1], &overflow); + rustsecp256k1_v0_4_0_scalar_set_b32(&r2, res[i][1], &overflow); CHECK(!overflow); - rustsecp256k1_v0_3_1_scalar_mul(&z, &x, &y); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&z)); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r1, &z)); - if (!rustsecp256k1_v0_3_1_scalar_is_zero(&y)) { - rustsecp256k1_v0_3_1_scalar_inverse(&zz, &y); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&zz)); + rustsecp256k1_v0_4_0_scalar_mul(&z, &x, &y); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&z)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r1, &z)); + if (!rustsecp256k1_v0_4_0_scalar_is_zero(&y)) { + rustsecp256k1_v0_4_0_scalar_inverse(&zz, &y); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&zz)); #if defined(USE_SCALAR_INV_NUM) - rustsecp256k1_v0_3_1_scalar_inverse_var(&zzv, &y); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&zzv, &zz)); + rustsecp256k1_v0_4_0_scalar_inverse_var(&zzv, &y); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&zzv, &zz)); #endif - rustsecp256k1_v0_3_1_scalar_mul(&z, &z, &zz); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&z)); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&x, &z)); - rustsecp256k1_v0_3_1_scalar_mul(&zz, &zz, &y); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&zz)); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&one, &zz)); + rustsecp256k1_v0_4_0_scalar_mul(&z, &z, &zz); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&z)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&x, &z)); + rustsecp256k1_v0_4_0_scalar_mul(&zz, &zz, &y); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&zz)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&one, &zz)); } - rustsecp256k1_v0_3_1_scalar_mul(&z, &x, &x); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&z)); - rustsecp256k1_v0_3_1_scalar_sqr(&zz, &x); - CHECK(!rustsecp256k1_v0_3_1_scalar_check_overflow(&zz)); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&zz, &z)); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&r2, &zz)); + rustsecp256k1_v0_4_0_scalar_mul(&z, &x, &x); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&z)); + rustsecp256k1_v0_4_0_scalar_sqr(&zz, &x); + CHECK(!rustsecp256k1_v0_4_0_scalar_check_overflow(&zz)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&zz, &z)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&r2, &zz)); } } } /***** FIELD TESTS *****/ -void random_fe(rustsecp256k1_v0_3_1_fe *x) { +void random_fe(rustsecp256k1_v0_4_0_fe *x) { unsigned char bin[32]; do { - rustsecp256k1_v0_3_1_testrand256(bin); - if (rustsecp256k1_v0_3_1_fe_set_b32(x, bin)) { + rustsecp256k1_v0_4_0_testrand256(bin); + if (rustsecp256k1_v0_4_0_fe_set_b32(x, bin)) { return; } } while(1); } -void random_fe_test(rustsecp256k1_v0_3_1_fe *x) { +void random_fe_test(rustsecp256k1_v0_4_0_fe *x) { unsigned char bin[32]; do { - rustsecp256k1_v0_3_1_testrand256_test(bin); - if (rustsecp256k1_v0_3_1_fe_set_b32(x, bin)) { + rustsecp256k1_v0_4_0_testrand256_test(bin); + if (rustsecp256k1_v0_4_0_fe_set_b32(x, bin)) { return; } } while(1); } -void random_fe_non_zero(rustsecp256k1_v0_3_1_fe *nz) { +void random_fe_non_zero(rustsecp256k1_v0_4_0_fe *nz) { int tries = 10; while (--tries >= 0) { random_fe(nz); - rustsecp256k1_v0_3_1_fe_normalize(nz); - if (!rustsecp256k1_v0_3_1_fe_is_zero(nz)) { + rustsecp256k1_v0_4_0_fe_normalize(nz); + if (!rustsecp256k1_v0_4_0_fe_is_zero(nz)) { break; } } @@ -1798,26 +1798,26 @@ void random_fe_non_zero(rustsecp256k1_v0_3_1_fe *nz) { CHECK(tries >= 0); } -void random_fe_non_square(rustsecp256k1_v0_3_1_fe *ns) { - rustsecp256k1_v0_3_1_fe r; +void random_fe_non_square(rustsecp256k1_v0_4_0_fe *ns) { + rustsecp256k1_v0_4_0_fe r; random_fe_non_zero(ns); - if (rustsecp256k1_v0_3_1_fe_sqrt(&r, ns)) { - rustsecp256k1_v0_3_1_fe_negate(ns, ns, 1); + if (rustsecp256k1_v0_4_0_fe_sqrt(&r, ns)) { + rustsecp256k1_v0_4_0_fe_negate(ns, ns, 1); } } -int check_fe_equal(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { - rustsecp256k1_v0_3_1_fe an = *a; - rustsecp256k1_v0_3_1_fe bn = *b; - rustsecp256k1_v0_3_1_fe_normalize_weak(&an); - rustsecp256k1_v0_3_1_fe_normalize_var(&bn); - return rustsecp256k1_v0_3_1_fe_equal_var(&an, &bn); +int check_fe_equal(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { + rustsecp256k1_v0_4_0_fe an = *a; + rustsecp256k1_v0_4_0_fe bn = *b; + rustsecp256k1_v0_4_0_fe_normalize_weak(&an); + rustsecp256k1_v0_4_0_fe_normalize_var(&bn); + return rustsecp256k1_v0_4_0_fe_equal_var(&an, &bn); } -int check_fe_inverse(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *ai) { - rustsecp256k1_v0_3_1_fe x; - rustsecp256k1_v0_3_1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - rustsecp256k1_v0_3_1_fe_mul(&x, a, ai); +int check_fe_inverse(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *ai) { + rustsecp256k1_v0_4_0_fe x; + rustsecp256k1_v0_4_0_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + rustsecp256k1_v0_4_0_fe_mul(&x, a, ai); return check_fe_equal(&x, &one); } @@ -1828,158 +1828,158 @@ void run_field_convert(void) { 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 }; - static const rustsecp256k1_v0_3_1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( + static const rustsecp256k1_v0_4_0_fe_storage fes = SECP256K1_FE_STORAGE_CONST( 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL ); - static const rustsecp256k1_v0_3_1_fe fe = SECP256K1_FE_CONST( + static const rustsecp256k1_v0_4_0_fe fe = SECP256K1_FE_CONST( 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL ); - rustsecp256k1_v0_3_1_fe fe2; + rustsecp256k1_v0_4_0_fe fe2; unsigned char b322[32]; - rustsecp256k1_v0_3_1_fe_storage fes2; + rustsecp256k1_v0_4_0_fe_storage fes2; /* Check conversions to fe. */ - CHECK(rustsecp256k1_v0_3_1_fe_set_b32(&fe2, b32)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&fe, &fe2)); - rustsecp256k1_v0_3_1_fe_from_storage(&fe2, &fes); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&fe, &fe2)); + CHECK(rustsecp256k1_v0_4_0_fe_set_b32(&fe2, b32)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&fe, &fe2)); + rustsecp256k1_v0_4_0_fe_from_storage(&fe2, &fes); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&fe, &fe2)); /* Check conversion from fe. */ - rustsecp256k1_v0_3_1_fe_get_b32(b322, &fe); - CHECK(memcmp(b322, b32, 32) == 0); - rustsecp256k1_v0_3_1_fe_to_storage(&fes2, &fe); - CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); + rustsecp256k1_v0_4_0_fe_get_b32(b322, &fe); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(b322, b32, 32) == 0); + rustsecp256k1_v0_4_0_fe_to_storage(&fes2, &fe); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&fes2, &fes, sizeof(fes)) == 0); } -int fe_memcmp(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *b) { - rustsecp256k1_v0_3_1_fe t = *b; +int fe_rustsecp256k1_v0_4_0_memcmp_var(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *b) { + rustsecp256k1_v0_4_0_fe t = *b; #ifdef VERIFY t.magnitude = a->magnitude; t.normalized = a->normalized; #endif - return memcmp(a, &t, sizeof(rustsecp256k1_v0_3_1_fe)); + return rustsecp256k1_v0_4_0_memcmp_var(a, &t, sizeof(rustsecp256k1_v0_4_0_fe)); } void run_field_misc(void) { - rustsecp256k1_v0_3_1_fe x; - rustsecp256k1_v0_3_1_fe y; - rustsecp256k1_v0_3_1_fe z; - rustsecp256k1_v0_3_1_fe q; - rustsecp256k1_v0_3_1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); + rustsecp256k1_v0_4_0_fe x; + rustsecp256k1_v0_4_0_fe y; + rustsecp256k1_v0_4_0_fe z; + rustsecp256k1_v0_4_0_fe q; + rustsecp256k1_v0_4_0_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); int i, j; for (i = 0; i < 5*count; i++) { - rustsecp256k1_v0_3_1_fe_storage xs, ys, zs; + rustsecp256k1_v0_4_0_fe_storage xs, ys, zs; random_fe(&x); random_fe_non_zero(&y); /* Test the fe equality and comparison operations. */ - CHECK(rustsecp256k1_v0_3_1_fe_cmp_var(&x, &x) == 0); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&x, &x)); + CHECK(rustsecp256k1_v0_4_0_fe_cmp_var(&x, &x) == 0); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&x, &x)); z = x; - rustsecp256k1_v0_3_1_fe_add(&z,&y); + rustsecp256k1_v0_4_0_fe_add(&z,&y); /* Test fe conditional move; z is not normalized here. */ q = x; - rustsecp256k1_v0_3_1_fe_cmov(&x, &z, 0); + rustsecp256k1_v0_4_0_fe_cmov(&x, &z, 0); #ifdef VERIFY CHECK(x.normalized && x.magnitude == 1); #endif - rustsecp256k1_v0_3_1_fe_cmov(&x, &x, 1); - CHECK(fe_memcmp(&x, &z) != 0); - CHECK(fe_memcmp(&x, &q) == 0); - rustsecp256k1_v0_3_1_fe_cmov(&q, &z, 1); + rustsecp256k1_v0_4_0_fe_cmov(&x, &x, 1); + CHECK(fe_rustsecp256k1_v0_4_0_memcmp_var(&x, &z) != 0); + CHECK(fe_rustsecp256k1_v0_4_0_memcmp_var(&x, &q) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&q, &z, 1); #ifdef VERIFY CHECK(!q.normalized && q.magnitude == z.magnitude); #endif - CHECK(fe_memcmp(&q, &z) == 0); - rustsecp256k1_v0_3_1_fe_normalize_var(&x); - rustsecp256k1_v0_3_1_fe_normalize_var(&z); - CHECK(!rustsecp256k1_v0_3_1_fe_equal_var(&x, &z)); - rustsecp256k1_v0_3_1_fe_normalize_var(&q); - rustsecp256k1_v0_3_1_fe_cmov(&q, &z, (i&1)); + CHECK(fe_rustsecp256k1_v0_4_0_memcmp_var(&q, &z) == 0); + rustsecp256k1_v0_4_0_fe_normalize_var(&x); + rustsecp256k1_v0_4_0_fe_normalize_var(&z); + CHECK(!rustsecp256k1_v0_4_0_fe_equal_var(&x, &z)); + rustsecp256k1_v0_4_0_fe_normalize_var(&q); + rustsecp256k1_v0_4_0_fe_cmov(&q, &z, (i&1)); #ifdef VERIFY CHECK(q.normalized && q.magnitude == 1); #endif for (j = 0; j < 6; j++) { - rustsecp256k1_v0_3_1_fe_negate(&z, &z, j+1); - rustsecp256k1_v0_3_1_fe_normalize_var(&q); - rustsecp256k1_v0_3_1_fe_cmov(&q, &z, (j&1)); + rustsecp256k1_v0_4_0_fe_negate(&z, &z, j+1); + rustsecp256k1_v0_4_0_fe_normalize_var(&q); + rustsecp256k1_v0_4_0_fe_cmov(&q, &z, (j&1)); #ifdef VERIFY CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1)); #endif } - rustsecp256k1_v0_3_1_fe_normalize_var(&z); + rustsecp256k1_v0_4_0_fe_normalize_var(&z); /* Test storage conversion and conditional moves. */ - rustsecp256k1_v0_3_1_fe_to_storage(&xs, &x); - rustsecp256k1_v0_3_1_fe_to_storage(&ys, &y); - rustsecp256k1_v0_3_1_fe_to_storage(&zs, &z); - rustsecp256k1_v0_3_1_fe_storage_cmov(&zs, &xs, 0); - rustsecp256k1_v0_3_1_fe_storage_cmov(&zs, &zs, 1); - CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); - rustsecp256k1_v0_3_1_fe_storage_cmov(&ys, &xs, 1); - CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); - rustsecp256k1_v0_3_1_fe_from_storage(&x, &xs); - rustsecp256k1_v0_3_1_fe_from_storage(&y, &ys); - rustsecp256k1_v0_3_1_fe_from_storage(&z, &zs); + rustsecp256k1_v0_4_0_fe_to_storage(&xs, &x); + rustsecp256k1_v0_4_0_fe_to_storage(&ys, &y); + rustsecp256k1_v0_4_0_fe_to_storage(&zs, &z); + rustsecp256k1_v0_4_0_fe_storage_cmov(&zs, &xs, 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&zs, &zs, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xs, &zs, sizeof(xs)) != 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&ys, &xs, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&xs, &ys, sizeof(xs)) == 0); + rustsecp256k1_v0_4_0_fe_from_storage(&x, &xs); + rustsecp256k1_v0_4_0_fe_from_storage(&y, &ys); + rustsecp256k1_v0_4_0_fe_from_storage(&z, &zs); /* Test that mul_int, mul, and add agree. */ - rustsecp256k1_v0_3_1_fe_add(&y, &x); - rustsecp256k1_v0_3_1_fe_add(&y, &x); + rustsecp256k1_v0_4_0_fe_add(&y, &x); + rustsecp256k1_v0_4_0_fe_add(&y, &x); z = x; - rustsecp256k1_v0_3_1_fe_mul_int(&z, 3); + rustsecp256k1_v0_4_0_fe_mul_int(&z, 3); CHECK(check_fe_equal(&y, &z)); - rustsecp256k1_v0_3_1_fe_add(&y, &x); - rustsecp256k1_v0_3_1_fe_add(&z, &x); + rustsecp256k1_v0_4_0_fe_add(&y, &x); + rustsecp256k1_v0_4_0_fe_add(&z, &x); CHECK(check_fe_equal(&z, &y)); z = x; - rustsecp256k1_v0_3_1_fe_mul_int(&z, 5); - rustsecp256k1_v0_3_1_fe_mul(&q, &x, &fe5); + rustsecp256k1_v0_4_0_fe_mul_int(&z, 5); + rustsecp256k1_v0_4_0_fe_mul(&q, &x, &fe5); CHECK(check_fe_equal(&z, &q)); - rustsecp256k1_v0_3_1_fe_negate(&x, &x, 1); - rustsecp256k1_v0_3_1_fe_add(&z, &x); - rustsecp256k1_v0_3_1_fe_add(&q, &x); + rustsecp256k1_v0_4_0_fe_negate(&x, &x, 1); + rustsecp256k1_v0_4_0_fe_add(&z, &x); + rustsecp256k1_v0_4_0_fe_add(&q, &x); CHECK(check_fe_equal(&y, &z)); CHECK(check_fe_equal(&q, &y)); } } void run_field_inv(void) { - rustsecp256k1_v0_3_1_fe x, xi, xii; + rustsecp256k1_v0_4_0_fe x, xi, xii; int i; for (i = 0; i < 10*count; i++) { random_fe_non_zero(&x); - rustsecp256k1_v0_3_1_fe_inv(&xi, &x); + rustsecp256k1_v0_4_0_fe_inv(&xi, &x); CHECK(check_fe_inverse(&x, &xi)); - rustsecp256k1_v0_3_1_fe_inv(&xii, &xi); + rustsecp256k1_v0_4_0_fe_inv(&xii, &xi); CHECK(check_fe_equal(&x, &xii)); } } void run_field_inv_var(void) { - rustsecp256k1_v0_3_1_fe x, xi, xii; + rustsecp256k1_v0_4_0_fe x, xi, xii; int i; for (i = 0; i < 10*count; i++) { random_fe_non_zero(&x); - rustsecp256k1_v0_3_1_fe_inv_var(&xi, &x); + rustsecp256k1_v0_4_0_fe_inv_var(&xi, &x); CHECK(check_fe_inverse(&x, &xi)); - rustsecp256k1_v0_3_1_fe_inv_var(&xii, &xi); + rustsecp256k1_v0_4_0_fe_inv_var(&xii, &xi); CHECK(check_fe_equal(&x, &xii)); } } void run_field_inv_all_var(void) { - rustsecp256k1_v0_3_1_fe x[16], xi[16], xii[16]; + rustsecp256k1_v0_4_0_fe x[16], xi[16], xii[16]; int i; /* Check it's safe to call for 0 elements */ - rustsecp256k1_v0_3_1_fe_inv_all_var(xi, x, 0); + rustsecp256k1_v0_4_0_fe_inv_all_var(xi, x, 0); for (i = 0; i < count; i++) { size_t j; - size_t len = rustsecp256k1_v0_3_1_testrand_int(15) + 1; + size_t len = rustsecp256k1_v0_4_0_testrand_int(15) + 1; for (j = 0; j < len; j++) { random_fe_non_zero(&x[j]); } - rustsecp256k1_v0_3_1_fe_inv_all_var(xi, x, len); + rustsecp256k1_v0_4_0_fe_inv_all_var(xi, x, len); for (j = 0; j < len; j++) { CHECK(check_fe_inverse(&x[j], &xi[j])); } - rustsecp256k1_v0_3_1_fe_inv_all_var(xii, xi, len); + rustsecp256k1_v0_4_0_fe_inv_all_var(xii, xi, len); for (j = 0; j < len; j++) { CHECK(check_fe_equal(&x[j], &xii[j])); } @@ -1987,50 +1987,50 @@ void run_field_inv_all_var(void) { } void run_sqr(void) { - rustsecp256k1_v0_3_1_fe x, s; + rustsecp256k1_v0_4_0_fe x, s; { int i; - rustsecp256k1_v0_3_1_fe_set_int(&x, 1); - rustsecp256k1_v0_3_1_fe_negate(&x, &x, 1); + rustsecp256k1_v0_4_0_fe_set_int(&x, 1); + rustsecp256k1_v0_4_0_fe_negate(&x, &x, 1); for (i = 1; i <= 512; ++i) { - rustsecp256k1_v0_3_1_fe_mul_int(&x, 2); - rustsecp256k1_v0_3_1_fe_normalize(&x); - rustsecp256k1_v0_3_1_fe_sqr(&s, &x); + rustsecp256k1_v0_4_0_fe_mul_int(&x, 2); + rustsecp256k1_v0_4_0_fe_normalize(&x); + rustsecp256k1_v0_4_0_fe_sqr(&s, &x); } } } -void test_sqrt(const rustsecp256k1_v0_3_1_fe *a, const rustsecp256k1_v0_3_1_fe *k) { - rustsecp256k1_v0_3_1_fe r1, r2; - int v = rustsecp256k1_v0_3_1_fe_sqrt(&r1, a); +void test_sqrt(const rustsecp256k1_v0_4_0_fe *a, const rustsecp256k1_v0_4_0_fe *k) { + rustsecp256k1_v0_4_0_fe r1, r2; + int v = rustsecp256k1_v0_4_0_fe_sqrt(&r1, a); CHECK((v == 0) == (k == NULL)); if (k != NULL) { /* Check that the returned root is +/- the given known answer */ - rustsecp256k1_v0_3_1_fe_negate(&r2, &r1, 1); - rustsecp256k1_v0_3_1_fe_add(&r1, k); rustsecp256k1_v0_3_1_fe_add(&r2, k); - rustsecp256k1_v0_3_1_fe_normalize(&r1); rustsecp256k1_v0_3_1_fe_normalize(&r2); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&r1) || rustsecp256k1_v0_3_1_fe_is_zero(&r2)); + rustsecp256k1_v0_4_0_fe_negate(&r2, &r1, 1); + rustsecp256k1_v0_4_0_fe_add(&r1, k); rustsecp256k1_v0_4_0_fe_add(&r2, k); + rustsecp256k1_v0_4_0_fe_normalize(&r1); rustsecp256k1_v0_4_0_fe_normalize(&r2); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&r1) || rustsecp256k1_v0_4_0_fe_is_zero(&r2)); } } void run_sqrt(void) { - rustsecp256k1_v0_3_1_fe ns, x, s, t; + rustsecp256k1_v0_4_0_fe ns, x, s, t; int i; /* Check sqrt(0) is 0 */ - rustsecp256k1_v0_3_1_fe_set_int(&x, 0); - rustsecp256k1_v0_3_1_fe_sqr(&s, &x); + rustsecp256k1_v0_4_0_fe_set_int(&x, 0); + rustsecp256k1_v0_4_0_fe_sqr(&s, &x); test_sqrt(&s, &x); /* Check sqrt of small squares (and their negatives) */ for (i = 1; i <= 100; i++) { - rustsecp256k1_v0_3_1_fe_set_int(&x, i); - rustsecp256k1_v0_3_1_fe_sqr(&s, &x); + rustsecp256k1_v0_4_0_fe_set_int(&x, i); + rustsecp256k1_v0_4_0_fe_sqr(&s, &x); test_sqrt(&s, &x); - rustsecp256k1_v0_3_1_fe_negate(&t, &s, 1); + rustsecp256k1_v0_4_0_fe_negate(&t, &s, 1); test_sqrt(&t, NULL); } @@ -2040,11 +2040,11 @@ void run_sqrt(void) { random_fe_non_square(&ns); for (j = 0; j < count; j++) { random_fe(&x); - rustsecp256k1_v0_3_1_fe_sqr(&s, &x); + rustsecp256k1_v0_4_0_fe_sqr(&s, &x); test_sqrt(&s, &x); - rustsecp256k1_v0_3_1_fe_negate(&t, &s, 1); + rustsecp256k1_v0_4_0_fe_negate(&t, &s, 1); test_sqrt(&t, NULL); - rustsecp256k1_v0_3_1_fe_mul(&t, &s, &ns); + rustsecp256k1_v0_4_0_fe_mul(&t, &s, &ns); test_sqrt(&t, NULL); } } @@ -2052,96 +2052,89 @@ void run_sqrt(void) { /***** GROUP TESTS *****/ -void ge_equals_ge(const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_ge *b) { +void ge_equals_ge(const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_ge *b) { CHECK(a->infinity == b->infinity); if (a->infinity) { return; } - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&a->x, &b->x)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&a->y, &b->y)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&a->x, &b->x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&a->y, &b->y)); } /* This compares jacobian points including their Z, not just their geometric meaning. */ -int gej_xyz_equals_gej(const rustsecp256k1_v0_3_1_gej *a, const rustsecp256k1_v0_3_1_gej *b) { - rustsecp256k1_v0_3_1_gej a2; - rustsecp256k1_v0_3_1_gej b2; +int gej_xyz_equals_gej(const rustsecp256k1_v0_4_0_gej *a, const rustsecp256k1_v0_4_0_gej *b) { + rustsecp256k1_v0_4_0_gej a2; + rustsecp256k1_v0_4_0_gej b2; int ret = 1; ret &= a->infinity == b->infinity; if (ret && !a->infinity) { a2 = *a; b2 = *b; - rustsecp256k1_v0_3_1_fe_normalize(&a2.x); - rustsecp256k1_v0_3_1_fe_normalize(&a2.y); - rustsecp256k1_v0_3_1_fe_normalize(&a2.z); - rustsecp256k1_v0_3_1_fe_normalize(&b2.x); - rustsecp256k1_v0_3_1_fe_normalize(&b2.y); - rustsecp256k1_v0_3_1_fe_normalize(&b2.z); - ret &= rustsecp256k1_v0_3_1_fe_cmp_var(&a2.x, &b2.x) == 0; - ret &= rustsecp256k1_v0_3_1_fe_cmp_var(&a2.y, &b2.y) == 0; - ret &= rustsecp256k1_v0_3_1_fe_cmp_var(&a2.z, &b2.z) == 0; + rustsecp256k1_v0_4_0_fe_normalize(&a2.x); + rustsecp256k1_v0_4_0_fe_normalize(&a2.y); + rustsecp256k1_v0_4_0_fe_normalize(&a2.z); + rustsecp256k1_v0_4_0_fe_normalize(&b2.x); + rustsecp256k1_v0_4_0_fe_normalize(&b2.y); + rustsecp256k1_v0_4_0_fe_normalize(&b2.z); + ret &= rustsecp256k1_v0_4_0_fe_cmp_var(&a2.x, &b2.x) == 0; + ret &= rustsecp256k1_v0_4_0_fe_cmp_var(&a2.y, &b2.y) == 0; + ret &= rustsecp256k1_v0_4_0_fe_cmp_var(&a2.z, &b2.z) == 0; } return ret; } -void ge_equals_gej(const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_gej *b) { - rustsecp256k1_v0_3_1_fe z2s; - rustsecp256k1_v0_3_1_fe u1, u2, s1, s2; +void ge_equals_gej(const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_gej *b) { + rustsecp256k1_v0_4_0_fe z2s; + rustsecp256k1_v0_4_0_fe u1, u2, s1, s2; CHECK(a->infinity == b->infinity); if (a->infinity) { return; } /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ - rustsecp256k1_v0_3_1_fe_sqr(&z2s, &b->z); - rustsecp256k1_v0_3_1_fe_mul(&u1, &a->x, &z2s); - u2 = b->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&u2); - rustsecp256k1_v0_3_1_fe_mul(&s1, &a->y, &z2s); rustsecp256k1_v0_3_1_fe_mul(&s1, &s1, &b->z); - s2 = b->y; rustsecp256k1_v0_3_1_fe_normalize_weak(&s2); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&u1, &u2)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&s1, &s2)); + rustsecp256k1_v0_4_0_fe_sqr(&z2s, &b->z); + rustsecp256k1_v0_4_0_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&u2); + rustsecp256k1_v0_4_0_fe_mul(&s1, &a->y, &z2s); rustsecp256k1_v0_4_0_fe_mul(&s1, &s1, &b->z); + s2 = b->y; rustsecp256k1_v0_4_0_fe_normalize_weak(&s2); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&u1, &u2)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&s1, &s2)); } void test_ge(void) { int i, i1; -#ifdef USE_ENDOMORPHISM int runs = 6; -#else - int runs = 4; -#endif - /* Points: (infinity, p1, p1, -p1, -p1, p2, p2, -p2, -p2, p3, p3, -p3, -p3, p4, p4, -p4, -p4). - * The second in each pair of identical points uses a random Z coordinate in the Jacobian form. - * All magnitudes are randomized. - * All 17*17 combinations of points are added to each other, using all applicable methods. - * - * When the endomorphism code is compiled in, p5 = lambda*p1 and p6 = lambda^2*p1 are added as well. + /* 25 points are used: + * - infinity + * - for each of four random points p1 p2 p3 p4, we add the point, its + * negation, and then those two again but with randomized Z coordinate. + * - The same is then done for lambda*p1 and lambda^2*p1. */ - rustsecp256k1_v0_3_1_ge *ge = (rustsecp256k1_v0_3_1_ge *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_ge) * (1 + 4 * runs)); - rustsecp256k1_v0_3_1_gej *gej = (rustsecp256k1_v0_3_1_gej *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_gej) * (1 + 4 * runs)); - rustsecp256k1_v0_3_1_fe *zinv = (rustsecp256k1_v0_3_1_fe *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_fe) * (1 + 4 * runs)); - rustsecp256k1_v0_3_1_fe zf; - rustsecp256k1_v0_3_1_fe zfi2, zfi3; - - rustsecp256k1_v0_3_1_gej_set_infinity(&gej[0]); - rustsecp256k1_v0_3_1_ge_clear(&ge[0]); - rustsecp256k1_v0_3_1_ge_set_gej_var(&ge[0], &gej[0]); + rustsecp256k1_v0_4_0_ge *ge = (rustsecp256k1_v0_4_0_ge *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_ge) * (1 + 4 * runs)); + rustsecp256k1_v0_4_0_gej *gej = (rustsecp256k1_v0_4_0_gej *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_gej) * (1 + 4 * runs)); + rustsecp256k1_v0_4_0_fe *zinv = (rustsecp256k1_v0_4_0_fe *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_fe) * (1 + 4 * runs)); + rustsecp256k1_v0_4_0_fe zf; + rustsecp256k1_v0_4_0_fe zfi2, zfi3; + + rustsecp256k1_v0_4_0_gej_set_infinity(&gej[0]); + rustsecp256k1_v0_4_0_ge_clear(&ge[0]); + rustsecp256k1_v0_4_0_ge_set_gej_var(&ge[0], &gej[0]); for (i = 0; i < runs; i++) { int j; - rustsecp256k1_v0_3_1_ge g; + rustsecp256k1_v0_4_0_ge g; random_group_element_test(&g); -#ifdef USE_ENDOMORPHISM if (i >= runs - 2) { - rustsecp256k1_v0_3_1_ge_mul_lambda(&g, &ge[1]); + rustsecp256k1_v0_4_0_ge_mul_lambda(&g, &ge[1]); } if (i >= runs - 1) { - rustsecp256k1_v0_3_1_ge_mul_lambda(&g, &g); + rustsecp256k1_v0_4_0_ge_mul_lambda(&g, &g); } -#endif ge[1 + 4 * i] = g; ge[2 + 4 * i] = g; - rustsecp256k1_v0_3_1_ge_neg(&ge[3 + 4 * i], &g); - rustsecp256k1_v0_3_1_ge_neg(&ge[4 + 4 * i], &g); - rustsecp256k1_v0_3_1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); + rustsecp256k1_v0_4_0_ge_neg(&ge[3 + 4 * i], &g); + rustsecp256k1_v0_4_0_ge_neg(&ge[4 + 4 * i], &g); + rustsecp256k1_v0_4_0_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); - rustsecp256k1_v0_3_1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); + rustsecp256k1_v0_4_0_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); for (j = 0; j < 4; j++) { random_field_element_magnitude(&ge[1 + j + 4 * i].x); @@ -2154,102 +2147,102 @@ void test_ge(void) { /* Compute z inverses. */ { - rustsecp256k1_v0_3_1_fe *zs = checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_fe) * (1 + 4 * runs)); + rustsecp256k1_v0_4_0_fe *zs = checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_fe) * (1 + 4 * runs)); for (i = 0; i < 4 * runs + 1; i++) { if (i == 0) { /* The point at infinity does not have a meaningful z inverse. Any should do. */ do { random_field_element_test(&zs[i]); - } while(rustsecp256k1_v0_3_1_fe_is_zero(&zs[i])); + } while(rustsecp256k1_v0_4_0_fe_is_zero(&zs[i])); } else { zs[i] = gej[i].z; } } - rustsecp256k1_v0_3_1_fe_inv_all_var(zinv, zs, 4 * runs + 1); + rustsecp256k1_v0_4_0_fe_inv_all_var(zinv, zs, 4 * runs + 1); free(zs); } /* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */ do { random_field_element_test(&zf); - } while(rustsecp256k1_v0_3_1_fe_is_zero(&zf)); + } while(rustsecp256k1_v0_4_0_fe_is_zero(&zf)); random_field_element_magnitude(&zf); - rustsecp256k1_v0_3_1_fe_inv_var(&zfi3, &zf); - rustsecp256k1_v0_3_1_fe_sqr(&zfi2, &zfi3); - rustsecp256k1_v0_3_1_fe_mul(&zfi3, &zfi3, &zfi2); + rustsecp256k1_v0_4_0_fe_inv_var(&zfi3, &zf); + rustsecp256k1_v0_4_0_fe_sqr(&zfi2, &zfi3); + rustsecp256k1_v0_4_0_fe_mul(&zfi3, &zfi3, &zfi2); for (i1 = 0; i1 < 1 + 4 * runs; i1++) { int i2; for (i2 = 0; i2 < 1 + 4 * runs; i2++) { /* Compute reference result using gej + gej (var). */ - rustsecp256k1_v0_3_1_gej refj, resj; - rustsecp256k1_v0_3_1_ge ref; - rustsecp256k1_v0_3_1_fe zr; - rustsecp256k1_v0_3_1_gej_add_var(&refj, &gej[i1], &gej[i2], rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + rustsecp256k1_v0_4_0_gej refj, resj; + rustsecp256k1_v0_4_0_ge ref; + rustsecp256k1_v0_4_0_fe zr; + rustsecp256k1_v0_4_0_gej_add_var(&refj, &gej[i1], &gej[i2], rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i1]) ? NULL : &zr); /* Check Z ratio. */ - if (!rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_3_1_gej_is_infinity(&refj)) { - rustsecp256k1_v0_3_1_fe zrz; rustsecp256k1_v0_3_1_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&zrz, &refj.z)); + if (!rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_4_0_gej_is_infinity(&refj)) { + rustsecp256k1_v0_4_0_fe zrz; rustsecp256k1_v0_4_0_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&zrz, &refj.z)); } - rustsecp256k1_v0_3_1_ge_set_gej_var(&ref, &refj); + rustsecp256k1_v0_4_0_ge_set_gej_var(&ref, &refj); /* Test gej + ge with Z ratio result (var). */ - rustsecp256k1_v0_3_1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + rustsecp256k1_v0_4_0_gej_add_ge_var(&resj, &gej[i1], &ge[i2], rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i1]) ? NULL : &zr); ge_equals_gej(&ref, &resj); - if (!rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_3_1_gej_is_infinity(&resj)) { - rustsecp256k1_v0_3_1_fe zrz; rustsecp256k1_v0_3_1_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&zrz, &resj.z)); + if (!rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_4_0_gej_is_infinity(&resj)) { + rustsecp256k1_v0_4_0_fe zrz; rustsecp256k1_v0_4_0_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&zrz, &resj.z)); } /* Test gej + ge (var, with additional Z factor). */ { - rustsecp256k1_v0_3_1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ - rustsecp256k1_v0_3_1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); - rustsecp256k1_v0_3_1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); + rustsecp256k1_v0_4_0_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ + rustsecp256k1_v0_4_0_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); + rustsecp256k1_v0_4_0_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); random_field_element_magnitude(&ge2_zfi.x); random_field_element_magnitude(&ge2_zfi.y); - rustsecp256k1_v0_3_1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); + rustsecp256k1_v0_4_0_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); ge_equals_gej(&ref, &resj); } /* Test gej + ge (const). */ if (i2 != 0) { - /* rustsecp256k1_v0_3_1_gej_add_ge does not support its second argument being infinity. */ - rustsecp256k1_v0_3_1_gej_add_ge(&resj, &gej[i1], &ge[i2]); + /* rustsecp256k1_v0_4_0_gej_add_ge does not support its second argument being infinity. */ + rustsecp256k1_v0_4_0_gej_add_ge(&resj, &gej[i1], &ge[i2]); ge_equals_gej(&ref, &resj); } /* Test doubling (var). */ if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) { - rustsecp256k1_v0_3_1_fe zr2; + rustsecp256k1_v0_4_0_fe zr2; /* Normal doubling with Z ratio result. */ - rustsecp256k1_v0_3_1_gej_double_var(&resj, &gej[i1], &zr2); + rustsecp256k1_v0_4_0_gej_double_var(&resj, &gej[i1], &zr2); ge_equals_gej(&ref, &resj); /* Check Z ratio. */ - rustsecp256k1_v0_3_1_fe_mul(&zr2, &zr2, &gej[i1].z); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&zr2, &resj.z)); + rustsecp256k1_v0_4_0_fe_mul(&zr2, &zr2, &gej[i1].z); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&zr2, &resj.z)); /* Normal doubling. */ - rustsecp256k1_v0_3_1_gej_double_var(&resj, &gej[i2], NULL); + rustsecp256k1_v0_4_0_gej_double_var(&resj, &gej[i2], NULL); ge_equals_gej(&ref, &resj); /* Constant-time doubling. */ - rustsecp256k1_v0_3_1_gej_double(&resj, &gej[i2]); + rustsecp256k1_v0_4_0_gej_double(&resj, &gej[i2]); ge_equals_gej(&ref, &resj); } /* Test adding opposites. */ if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) { - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&ref)); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&ref)); } /* Test adding infinity. */ if (i1 == 0) { - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&ge[i1])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i1])); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&ge[i1])); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i1])); ge_equals_gej(&ref, &gej[i2]); } if (i2 == 0) { - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&ge[i2])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&gej[i2])); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&ge[i2])); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&gej[i2])); ge_equals_gej(&ref, &gej[i1]); } } @@ -2257,41 +2250,41 @@ void test_ge(void) { /* Test adding all points together in random order equals infinity. */ { - rustsecp256k1_v0_3_1_gej sum = SECP256K1_GEJ_CONST_INFINITY; - rustsecp256k1_v0_3_1_gej *gej_shuffled = (rustsecp256k1_v0_3_1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_3_1_gej)); + rustsecp256k1_v0_4_0_gej sum = SECP256K1_GEJ_CONST_INFINITY; + rustsecp256k1_v0_4_0_gej *gej_shuffled = (rustsecp256k1_v0_4_0_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_4_0_gej)); for (i = 0; i < 4 * runs + 1; i++) { gej_shuffled[i] = gej[i]; } for (i = 0; i < 4 * runs + 1; i++) { - int swap = i + rustsecp256k1_v0_3_1_testrand_int(4 * runs + 1 - i); + int swap = i + rustsecp256k1_v0_4_0_testrand_int(4 * runs + 1 - i); if (swap != i) { - rustsecp256k1_v0_3_1_gej t = gej_shuffled[i]; + rustsecp256k1_v0_4_0_gej t = gej_shuffled[i]; gej_shuffled[i] = gej_shuffled[swap]; gej_shuffled[swap] = t; } } for (i = 0; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_3_1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); + rustsecp256k1_v0_4_0_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); } - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&sum)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&sum)); free(gej_shuffled); } /* Test batch gej -> ge conversion with and without known z ratios. */ { - rustsecp256k1_v0_3_1_fe *zr = (rustsecp256k1_v0_3_1_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_3_1_fe)); - rustsecp256k1_v0_3_1_ge *ge_set_all = (rustsecp256k1_v0_3_1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_3_1_ge)); + rustsecp256k1_v0_4_0_fe *zr = (rustsecp256k1_v0_4_0_fe *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_4_0_fe)); + rustsecp256k1_v0_4_0_ge *ge_set_all = (rustsecp256k1_v0_4_0_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_4_0_ge)); for (i = 0; i < 4 * runs + 1; i++) { /* Compute gej[i + 1].z / gez[i].z (with gej[n].z taken to be 1). */ if (i < 4 * runs) { - rustsecp256k1_v0_3_1_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z); + rustsecp256k1_v0_4_0_fe_mul(&zr[i + 1], &zinv[i], &gej[i + 1].z); } } - rustsecp256k1_v0_3_1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); + rustsecp256k1_v0_4_0_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); for (i = 0; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_3_1_fe s; + rustsecp256k1_v0_4_0_fe s; random_fe_non_zero(&s); - rustsecp256k1_v0_3_1_gej_rescale(&gej[i], &s); + rustsecp256k1_v0_4_0_gej_rescale(&gej[i], &s); ge_equals_gej(&ge_set_all[i], &gej[i]); } free(ge_set_all); @@ -2302,13 +2295,13 @@ void test_ge(void) { for (i = 0; i < 4 * runs + 1; i++) { random_group_element_test(&ge[i]); /* randomly set half the points to infinity */ - if(rustsecp256k1_v0_3_1_fe_is_odd(&ge[i].x)) { - rustsecp256k1_v0_3_1_ge_set_infinity(&ge[i]); + if(rustsecp256k1_v0_4_0_fe_is_odd(&ge[i].x)) { + rustsecp256k1_v0_4_0_ge_set_infinity(&ge[i]); } - rustsecp256k1_v0_3_1_gej_set_ge(&gej[i], &ge[i]); + rustsecp256k1_v0_4_0_gej_set_ge(&gej[i], &ge[i]); } /* batch invert */ - rustsecp256k1_v0_3_1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); + rustsecp256k1_v0_4_0_ge_set_all_gej_var(ge, gej, 4 * runs + 1); /* check result */ for (i = 0; i < 4 * runs + 1; i++) { ge_equals_gej(&ge[i], &gej[i]); @@ -2321,33 +2314,33 @@ void test_ge(void) { void test_intialized_inf(void) { - rustsecp256k1_v0_3_1_ge p; - rustsecp256k1_v0_3_1_gej pj, npj, infj1, infj2, infj3; - rustsecp256k1_v0_3_1_fe zinv; + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_gej pj, npj, infj1, infj2, infj3; + rustsecp256k1_v0_4_0_fe zinv; /* Test that adding P+(-P) results in a fully initalized infinity*/ random_group_element_test(&p); - rustsecp256k1_v0_3_1_gej_set_ge(&pj, &p); - rustsecp256k1_v0_3_1_gej_neg(&npj, &pj); + rustsecp256k1_v0_4_0_gej_set_ge(&pj, &p); + rustsecp256k1_v0_4_0_gej_neg(&npj, &pj); - rustsecp256k1_v0_3_1_gej_add_var(&infj1, &pj, &npj, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&infj1)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj1.x)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj1.y)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj1.z)); + rustsecp256k1_v0_4_0_gej_add_var(&infj1, &pj, &npj, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&infj1)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj1.x)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj1.y)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj1.z)); - rustsecp256k1_v0_3_1_gej_add_ge_var(&infj2, &npj, &p, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&infj2)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj2.x)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj2.y)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj2.z)); + rustsecp256k1_v0_4_0_gej_add_ge_var(&infj2, &npj, &p, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&infj2)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj2.x)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj2.y)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj2.z)); - rustsecp256k1_v0_3_1_fe_set_int(&zinv, 1); - rustsecp256k1_v0_3_1_gej_add_zinv_var(&infj3, &npj, &p, &zinv); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&infj3)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj3.x)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj3.y)); - CHECK(rustsecp256k1_v0_3_1_fe_is_zero(&infj3.z)); + rustsecp256k1_v0_4_0_fe_set_int(&zinv, 1); + rustsecp256k1_v0_4_0_gej_add_zinv_var(&infj3, &npj, &p, &zinv); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&infj3)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj3.x)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj3.y)); + CHECK(rustsecp256k1_v0_4_0_fe_is_zero(&infj3.z)); } @@ -2383,39 +2376,39 @@ void test_add_neg_y_diff_x(void) { * print " Q: %x %x" % Q.xy() * print "P + Q: %x %x" % (P + Q).xy() */ - rustsecp256k1_v0_3_1_gej aj = SECP256K1_GEJ_CONST( + rustsecp256k1_v0_4_0_gej aj = SECP256K1_GEJ_CONST( 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30, 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb, 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8, 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d ); - rustsecp256k1_v0_3_1_gej bj = SECP256K1_GEJ_CONST( + rustsecp256k1_v0_4_0_gej bj = SECP256K1_GEJ_CONST( 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86, 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7, 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57, 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2 ); - rustsecp256k1_v0_3_1_gej sumj = SECP256K1_GEJ_CONST( + rustsecp256k1_v0_4_0_gej sumj = SECP256K1_GEJ_CONST( 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027, 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a, 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08, 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe ); - rustsecp256k1_v0_3_1_ge b; - rustsecp256k1_v0_3_1_gej resj; - rustsecp256k1_v0_3_1_ge res; - rustsecp256k1_v0_3_1_ge_set_gej(&b, &bj); + rustsecp256k1_v0_4_0_ge b; + rustsecp256k1_v0_4_0_gej resj; + rustsecp256k1_v0_4_0_ge res; + rustsecp256k1_v0_4_0_ge_set_gej(&b, &bj); - rustsecp256k1_v0_3_1_gej_add_var(&resj, &aj, &bj, NULL); - rustsecp256k1_v0_3_1_ge_set_gej(&res, &resj); + rustsecp256k1_v0_4_0_gej_add_var(&resj, &aj, &bj, NULL); + rustsecp256k1_v0_4_0_ge_set_gej(&res, &resj); ge_equals_gej(&res, &sumj); - rustsecp256k1_v0_3_1_gej_add_ge(&resj, &aj, &b); - rustsecp256k1_v0_3_1_ge_set_gej(&res, &resj); + rustsecp256k1_v0_4_0_gej_add_ge(&resj, &aj, &b); + rustsecp256k1_v0_4_0_ge_set_gej(&res, &resj); ge_equals_gej(&res, &sumj); - rustsecp256k1_v0_3_1_gej_add_ge_var(&resj, &aj, &b, NULL); - rustsecp256k1_v0_3_1_ge_set_gej(&res, &resj); + rustsecp256k1_v0_4_0_gej_add_ge_var(&resj, &aj, &b, NULL); + rustsecp256k1_v0_4_0_ge_set_gej(&res, &resj); ge_equals_gej(&res, &sumj); } @@ -2429,27 +2422,27 @@ void run_ge(void) { } void test_ec_combine(void) { - rustsecp256k1_v0_3_1_scalar sum = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - rustsecp256k1_v0_3_1_pubkey data[6]; - const rustsecp256k1_v0_3_1_pubkey* d[6]; - rustsecp256k1_v0_3_1_pubkey sd; - rustsecp256k1_v0_3_1_pubkey sd2; - rustsecp256k1_v0_3_1_gej Qj; - rustsecp256k1_v0_3_1_ge Q; + rustsecp256k1_v0_4_0_scalar sum = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + rustsecp256k1_v0_4_0_pubkey data[6]; + const rustsecp256k1_v0_4_0_pubkey* d[6]; + rustsecp256k1_v0_4_0_pubkey sd; + rustsecp256k1_v0_4_0_pubkey sd2; + rustsecp256k1_v0_4_0_gej Qj; + rustsecp256k1_v0_4_0_ge Q; int i; for (i = 1; i <= 6; i++) { - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_scalar s; random_scalar_order_test(&s); - rustsecp256k1_v0_3_1_scalar_add(&sum, &sum, &s); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); - rustsecp256k1_v0_3_1_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_3_1_pubkey_save(&data[i - 1], &Q); + rustsecp256k1_v0_4_0_scalar_add(&sum, &sum, &s); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); + rustsecp256k1_v0_4_0_ge_set_gej(&Q, &Qj); + rustsecp256k1_v0_4_0_pubkey_save(&data[i - 1], &Q); d[i - 1] = &data[i - 1]; - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); - rustsecp256k1_v0_3_1_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_3_1_pubkey_save(&sd, &Q); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); - CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); + rustsecp256k1_v0_4_0_ge_set_gej(&Q, &Qj); + rustsecp256k1_v0_4_0_pubkey_save(&sd, &Q); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &sd2, d, i) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&sd, &sd2, sizeof(sd)) == 0); } } @@ -2460,32 +2453,32 @@ void run_ec_combine(void) { } } -void test_group_decompress(const rustsecp256k1_v0_3_1_fe* x) { +void test_group_decompress(const rustsecp256k1_v0_4_0_fe* x) { /* The input itself, normalized. */ - rustsecp256k1_v0_3_1_fe fex = *x; - rustsecp256k1_v0_3_1_fe fez; + rustsecp256k1_v0_4_0_fe fex = *x; + rustsecp256k1_v0_4_0_fe fez; /* Results of set_xquad_var, set_xo_var(..., 0), set_xo_var(..., 1). */ - rustsecp256k1_v0_3_1_ge ge_quad, ge_even, ge_odd; - rustsecp256k1_v0_3_1_gej gej_quad; + rustsecp256k1_v0_4_0_ge ge_quad, ge_even, ge_odd; + rustsecp256k1_v0_4_0_gej gej_quad; /* Return values of the above calls. */ int res_quad, res_even, res_odd; - rustsecp256k1_v0_3_1_fe_normalize_var(&fex); + rustsecp256k1_v0_4_0_fe_normalize_var(&fex); - res_quad = rustsecp256k1_v0_3_1_ge_set_xquad(&ge_quad, &fex); - res_even = rustsecp256k1_v0_3_1_ge_set_xo_var(&ge_even, &fex, 0); - res_odd = rustsecp256k1_v0_3_1_ge_set_xo_var(&ge_odd, &fex, 1); + res_quad = rustsecp256k1_v0_4_0_ge_set_xquad(&ge_quad, &fex); + res_even = rustsecp256k1_v0_4_0_ge_set_xo_var(&ge_even, &fex, 0); + res_odd = rustsecp256k1_v0_4_0_ge_set_xo_var(&ge_odd, &fex, 1); CHECK(res_quad == res_even); CHECK(res_quad == res_odd); if (res_quad) { - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_quad.x); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_odd.x); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_even.x); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_quad.y); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_odd.y); - rustsecp256k1_v0_3_1_fe_normalize_var(&ge_even.y); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_quad.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_odd.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_even.x); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_quad.y); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_odd.y); + rustsecp256k1_v0_4_0_fe_normalize_var(&ge_even.y); /* No infinity allowed. */ CHECK(!ge_quad.infinity); @@ -2493,41 +2486,41 @@ void test_group_decompress(const rustsecp256k1_v0_3_1_fe* x) { CHECK(!ge_odd.infinity); /* Check that the x coordinates check out. */ - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&ge_quad.x, x)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&ge_even.x, x)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&ge_odd.x, x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&ge_quad.x, x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&ge_even.x, x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&ge_odd.x, x)); /* Check that the Y coordinate result in ge_quad is a square. */ - CHECK(rustsecp256k1_v0_3_1_fe_is_quad_var(&ge_quad.y)); + CHECK(rustsecp256k1_v0_4_0_fe_is_quad_var(&ge_quad.y)); /* Check odd/even Y in ge_odd, ge_even. */ - CHECK(rustsecp256k1_v0_3_1_fe_is_odd(&ge_odd.y)); - CHECK(!rustsecp256k1_v0_3_1_fe_is_odd(&ge_even.y)); + CHECK(rustsecp256k1_v0_4_0_fe_is_odd(&ge_odd.y)); + CHECK(!rustsecp256k1_v0_4_0_fe_is_odd(&ge_even.y)); - /* Check rustsecp256k1_v0_3_1_gej_has_quad_y_var. */ - rustsecp256k1_v0_3_1_gej_set_ge(&gej_quad, &ge_quad); - CHECK(rustsecp256k1_v0_3_1_gej_has_quad_y_var(&gej_quad)); + /* Check rustsecp256k1_v0_4_0_gej_has_quad_y_var. */ + rustsecp256k1_v0_4_0_gej_set_ge(&gej_quad, &ge_quad); + CHECK(rustsecp256k1_v0_4_0_gej_has_quad_y_var(&gej_quad)); do { random_fe_test(&fez); - } while (rustsecp256k1_v0_3_1_fe_is_zero(&fez)); - rustsecp256k1_v0_3_1_gej_rescale(&gej_quad, &fez); - CHECK(rustsecp256k1_v0_3_1_gej_has_quad_y_var(&gej_quad)); - rustsecp256k1_v0_3_1_gej_neg(&gej_quad, &gej_quad); - CHECK(!rustsecp256k1_v0_3_1_gej_has_quad_y_var(&gej_quad)); + } while (rustsecp256k1_v0_4_0_fe_is_zero(&fez)); + rustsecp256k1_v0_4_0_gej_rescale(&gej_quad, &fez); + CHECK(rustsecp256k1_v0_4_0_gej_has_quad_y_var(&gej_quad)); + rustsecp256k1_v0_4_0_gej_neg(&gej_quad, &gej_quad); + CHECK(!rustsecp256k1_v0_4_0_gej_has_quad_y_var(&gej_quad)); do { random_fe_test(&fez); - } while (rustsecp256k1_v0_3_1_fe_is_zero(&fez)); - rustsecp256k1_v0_3_1_gej_rescale(&gej_quad, &fez); - CHECK(!rustsecp256k1_v0_3_1_gej_has_quad_y_var(&gej_quad)); - rustsecp256k1_v0_3_1_gej_neg(&gej_quad, &gej_quad); - CHECK(rustsecp256k1_v0_3_1_gej_has_quad_y_var(&gej_quad)); + } while (rustsecp256k1_v0_4_0_fe_is_zero(&fez)); + rustsecp256k1_v0_4_0_gej_rescale(&gej_quad, &fez); + CHECK(!rustsecp256k1_v0_4_0_gej_has_quad_y_var(&gej_quad)); + rustsecp256k1_v0_4_0_gej_neg(&gej_quad, &gej_quad); + CHECK(rustsecp256k1_v0_4_0_gej_has_quad_y_var(&gej_quad)); } } void run_group_decompress(void) { int i; for (i = 0; i < count * 4; i++) { - rustsecp256k1_v0_3_1_fe fe; + rustsecp256k1_v0_4_0_fe fe; random_fe_test(&fe); test_group_decompress(&fe); } @@ -2537,216 +2530,297 @@ void run_group_decompress(void) { void run_ecmult_chain(void) { /* random starting point A (on the curve) */ - rustsecp256k1_v0_3_1_gej a = SECP256K1_GEJ_CONST( + rustsecp256k1_v0_4_0_gej a = SECP256K1_GEJ_CONST( 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f ); /* two random initial factors xn and gn */ - rustsecp256k1_v0_3_1_scalar xn = SECP256K1_SCALAR_CONST( + rustsecp256k1_v0_4_0_scalar xn = SECP256K1_SCALAR_CONST( 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 ); - rustsecp256k1_v0_3_1_scalar gn = SECP256K1_SCALAR_CONST( + rustsecp256k1_v0_4_0_scalar gn = SECP256K1_SCALAR_CONST( 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de ); /* two small multipliers to be applied to xn and gn in every iteration: */ - static const rustsecp256k1_v0_3_1_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); - static const rustsecp256k1_v0_3_1_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); + static const rustsecp256k1_v0_4_0_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); + static const rustsecp256k1_v0_4_0_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); /* accumulators with the resulting coefficients to A and G */ - rustsecp256k1_v0_3_1_scalar ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - rustsecp256k1_v0_3_1_scalar ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + rustsecp256k1_v0_4_0_scalar ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + rustsecp256k1_v0_4_0_scalar ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); /* actual points */ - rustsecp256k1_v0_3_1_gej x; - rustsecp256k1_v0_3_1_gej x2; + rustsecp256k1_v0_4_0_gej x; + rustsecp256k1_v0_4_0_gej x2; int i; /* the point being computed */ x = a; for (i = 0; i < 200*count; i++) { /* in each iteration, compute X = xn*X + gn*G; */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &x, &x, &xn, &gn); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &x, &x, &xn, &gn); /* also compute ae and ge: the actual accumulated factors for A and G */ /* if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G) */ - rustsecp256k1_v0_3_1_scalar_mul(&ae, &ae, &xn); - rustsecp256k1_v0_3_1_scalar_mul(&ge, &ge, &xn); - rustsecp256k1_v0_3_1_scalar_add(&ge, &ge, &gn); + rustsecp256k1_v0_4_0_scalar_mul(&ae, &ae, &xn); + rustsecp256k1_v0_4_0_scalar_mul(&ge, &ge, &xn); + rustsecp256k1_v0_4_0_scalar_add(&ge, &ge, &gn); /* modify xn and gn */ - rustsecp256k1_v0_3_1_scalar_mul(&xn, &xn, &xf); - rustsecp256k1_v0_3_1_scalar_mul(&gn, &gn, &gf); + rustsecp256k1_v0_4_0_scalar_mul(&xn, &xn, &xf); + rustsecp256k1_v0_4_0_scalar_mul(&gn, &gn, &gf); /* verify */ if (i == 19999) { /* expected result after 19999 iterations */ - rustsecp256k1_v0_3_1_gej rp = SECP256K1_GEJ_CONST( + rustsecp256k1_v0_4_0_gej rp = SECP256K1_GEJ_CONST( 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 ); - rustsecp256k1_v0_3_1_gej_neg(&rp, &rp); - rustsecp256k1_v0_3_1_gej_add_var(&rp, &rp, &x, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&rp)); + rustsecp256k1_v0_4_0_gej_neg(&rp, &rp); + rustsecp256k1_v0_4_0_gej_add_var(&rp, &rp, &x, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&rp)); } } /* redo the computation, but directly with the resulting ae and ge coefficients: */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &x2, &a, &ae, &ge); - rustsecp256k1_v0_3_1_gej_neg(&x2, &x2); - rustsecp256k1_v0_3_1_gej_add_var(&x2, &x2, &x, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&x2)); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &x2, &a, &ae, &ge); + rustsecp256k1_v0_4_0_gej_neg(&x2, &x2); + rustsecp256k1_v0_4_0_gej_add_var(&x2, &x2, &x, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&x2)); } -void test_point_times_order(const rustsecp256k1_v0_3_1_gej *point) { +void test_point_times_order(const rustsecp256k1_v0_4_0_gej *point) { /* X * (point + G) + (order-X) * (pointer + G) = 0 */ - rustsecp256k1_v0_3_1_scalar x; - rustsecp256k1_v0_3_1_scalar nx; - rustsecp256k1_v0_3_1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - rustsecp256k1_v0_3_1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - rustsecp256k1_v0_3_1_gej res1, res2; - rustsecp256k1_v0_3_1_ge res3; + rustsecp256k1_v0_4_0_scalar x; + rustsecp256k1_v0_4_0_scalar nx; + rustsecp256k1_v0_4_0_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + rustsecp256k1_v0_4_0_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + rustsecp256k1_v0_4_0_gej res1, res2; + rustsecp256k1_v0_4_0_ge res3; unsigned char pub[65]; size_t psize = 65; random_scalar_order_test(&x); - rustsecp256k1_v0_3_1_scalar_negate(&nx, &x); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &res1, point, &x, &x); /* calc res1 = x * point + x * G; */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ - rustsecp256k1_v0_3_1_gej_add_var(&res1, &res1, &res2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&res1)); - rustsecp256k1_v0_3_1_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&res3)); - CHECK(rustsecp256k1_v0_3_1_ge_is_valid_var(&res3) == 0); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); + rustsecp256k1_v0_4_0_scalar_negate(&nx, &x); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &res1, point, &x, &x); /* calc res1 = x * point + x * G; */ + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ + rustsecp256k1_v0_4_0_gej_add_var(&res1, &res1, &res2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&res1)); + rustsecp256k1_v0_4_0_ge_set_gej(&res3, &res1); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&res3)); + CHECK(rustsecp256k1_v0_4_0_ge_is_valid_var(&res3) == 0); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); psize = 65; - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); /* check zero/one edge cases */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &zero); - rustsecp256k1_v0_3_1_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&res3)); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &res1, point, &one, &zero); - rustsecp256k1_v0_3_1_ge_set_gej(&res3, &res1); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &zero); + rustsecp256k1_v0_4_0_ge_set_gej(&res3, &res1); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&res3)); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &res1, point, &one, &zero); + rustsecp256k1_v0_4_0_ge_set_gej(&res3, &res1); ge_equals_gej(&res3, point); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &one); - rustsecp256k1_v0_3_1_ge_set_gej(&res3, &res1); - ge_equals_ge(&res3, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &res1, point, &zero, &one); + rustsecp256k1_v0_4_0_ge_set_gej(&res3, &res1); + ge_equals_ge(&res3, &rustsecp256k1_v0_4_0_ge_const_g); +} + +/* These scalars reach large (in absolute value) outputs when fed to rustsecp256k1_v0_4_0_scalar_split_lambda. + * + * They are computed as: + * - For a in [-2, -1, 0, 1, 2]: + * - For b in [-3, -1, 1, 3]: + * - Output (a*LAMBDA + (ORDER+b)/2) % ORDER + */ +static const rustsecp256k1_v0_4_0_scalar scalars_near_split_bounds[20] = { + SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fc), + SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fd), + SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fe), + SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6ff), + SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632d), + SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632e), + SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632f), + SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf76330), + SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b209f), + SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a0), + SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a1), + SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a2), + SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede11), + SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede12), + SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede13), + SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede14), + SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a42), + SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a43), + SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a44), + SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a45) +}; + +void test_ecmult_target(const rustsecp256k1_v0_4_0_scalar* target, int mode) { + /* Mode: 0=ecmult_gen, 1=ecmult, 2=ecmult_const */ + rustsecp256k1_v0_4_0_scalar n1, n2; + rustsecp256k1_v0_4_0_ge p; + rustsecp256k1_v0_4_0_gej pj, p1j, p2j, ptj; + static const rustsecp256k1_v0_4_0_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + + /* Generate random n1,n2 such that n1+n2 = -target. */ + random_scalar_order_test(&n1); + rustsecp256k1_v0_4_0_scalar_add(&n2, &n1, target); + rustsecp256k1_v0_4_0_scalar_negate(&n2, &n2); + + /* Generate a random input point. */ + if (mode != 0) { + random_group_element_test(&p); + rustsecp256k1_v0_4_0_gej_set_ge(&pj, &p); + } + + /* EC multiplications */ + if (mode == 0) { + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &p1j, &n1); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &p2j, &n2); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &ptj, target); + } else if (mode == 1) { + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &p1j, &pj, &n1, &zero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &p2j, &pj, &n2, &zero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &ptj, &pj, target, &zero); + } else { + rustsecp256k1_v0_4_0_ecmult_const(&p1j, &p, &n1, 256); + rustsecp256k1_v0_4_0_ecmult_const(&p2j, &p, &n2, 256); + rustsecp256k1_v0_4_0_ecmult_const(&ptj, &p, target, 256); + } + + /* Add them all up: n1*P + n2*P + target*P = (n1+n2+target)*P = (n1+n1-n1-n2)*P = 0. */ + rustsecp256k1_v0_4_0_gej_add_var(&ptj, &ptj, &p1j, NULL); + rustsecp256k1_v0_4_0_gej_add_var(&ptj, &ptj, &p2j, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&ptj)); +} + +void run_ecmult_near_split_bound(void) { + int i; + unsigned j; + for (i = 0; i < 4*count; ++i) { + for (j = 0; j < sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); ++j) { + test_ecmult_target(&scalars_near_split_bounds[j], 0); + test_ecmult_target(&scalars_near_split_bounds[j], 1); + test_ecmult_target(&scalars_near_split_bounds[j], 2); + } + } } void run_point_times_order(void) { int i; - rustsecp256k1_v0_3_1_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); - static const rustsecp256k1_v0_3_1_fe xr = SECP256K1_FE_CONST( + rustsecp256k1_v0_4_0_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); + static const rustsecp256k1_v0_4_0_fe xr = SECP256K1_FE_CONST( 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 ); for (i = 0; i < 500; i++) { - rustsecp256k1_v0_3_1_ge p; - if (rustsecp256k1_v0_3_1_ge_set_xo_var(&p, &x, 1)) { - rustsecp256k1_v0_3_1_gej j; - CHECK(rustsecp256k1_v0_3_1_ge_is_valid_var(&p)); - rustsecp256k1_v0_3_1_gej_set_ge(&j, &p); + rustsecp256k1_v0_4_0_ge p; + if (rustsecp256k1_v0_4_0_ge_set_xo_var(&p, &x, 1)) { + rustsecp256k1_v0_4_0_gej j; + CHECK(rustsecp256k1_v0_4_0_ge_is_valid_var(&p)); + rustsecp256k1_v0_4_0_gej_set_ge(&j, &p); test_point_times_order(&j); } - rustsecp256k1_v0_3_1_fe_sqr(&x, &x); + rustsecp256k1_v0_4_0_fe_sqr(&x, &x); } - rustsecp256k1_v0_3_1_fe_normalize_var(&x); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&x, &xr)); + rustsecp256k1_v0_4_0_fe_normalize_var(&x); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&x, &xr)); } void ecmult_const_random_mult(void) { /* random starting point A (on the curve) */ - rustsecp256k1_v0_3_1_ge a = SECP256K1_GE_CONST( + rustsecp256k1_v0_4_0_ge a = SECP256K1_GE_CONST( 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b, 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a, 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c, 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d ); /* random initial factor xn */ - rustsecp256k1_v0_3_1_scalar xn = SECP256K1_SCALAR_CONST( + rustsecp256k1_v0_4_0_scalar xn = SECP256K1_SCALAR_CONST( 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327, 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b ); /* expected xn * A (from sage) */ - rustsecp256k1_v0_3_1_ge expected_b = SECP256K1_GE_CONST( + rustsecp256k1_v0_4_0_ge expected_b = SECP256K1_GE_CONST( 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 ); - rustsecp256k1_v0_3_1_gej b; - rustsecp256k1_v0_3_1_ecmult_const(&b, &a, &xn, 256); + rustsecp256k1_v0_4_0_gej b; + rustsecp256k1_v0_4_0_ecmult_const(&b, &a, &xn, 256); - CHECK(rustsecp256k1_v0_3_1_ge_is_valid_var(&a)); + CHECK(rustsecp256k1_v0_4_0_ge_is_valid_var(&a)); ge_equals_gej(&expected_b, &b); } void ecmult_const_commutativity(void) { - rustsecp256k1_v0_3_1_scalar a; - rustsecp256k1_v0_3_1_scalar b; - rustsecp256k1_v0_3_1_gej res1; - rustsecp256k1_v0_3_1_gej res2; - rustsecp256k1_v0_3_1_ge mid1; - rustsecp256k1_v0_3_1_ge mid2; + rustsecp256k1_v0_4_0_scalar a; + rustsecp256k1_v0_4_0_scalar b; + rustsecp256k1_v0_4_0_gej res1; + rustsecp256k1_v0_4_0_gej res2; + rustsecp256k1_v0_4_0_ge mid1; + rustsecp256k1_v0_4_0_ge mid2; random_scalar_order_test(&a); random_scalar_order_test(&b); - rustsecp256k1_v0_3_1_ecmult_const(&res1, &rustsecp256k1_v0_3_1_ge_const_g, &a, 256); - rustsecp256k1_v0_3_1_ecmult_const(&res2, &rustsecp256k1_v0_3_1_ge_const_g, &b, 256); - rustsecp256k1_v0_3_1_ge_set_gej(&mid1, &res1); - rustsecp256k1_v0_3_1_ge_set_gej(&mid2, &res2); - rustsecp256k1_v0_3_1_ecmult_const(&res1, &mid1, &b, 256); - rustsecp256k1_v0_3_1_ecmult_const(&res2, &mid2, &a, 256); - rustsecp256k1_v0_3_1_ge_set_gej(&mid1, &res1); - rustsecp256k1_v0_3_1_ge_set_gej(&mid2, &res2); + rustsecp256k1_v0_4_0_ecmult_const(&res1, &rustsecp256k1_v0_4_0_ge_const_g, &a, 256); + rustsecp256k1_v0_4_0_ecmult_const(&res2, &rustsecp256k1_v0_4_0_ge_const_g, &b, 256); + rustsecp256k1_v0_4_0_ge_set_gej(&mid1, &res1); + rustsecp256k1_v0_4_0_ge_set_gej(&mid2, &res2); + rustsecp256k1_v0_4_0_ecmult_const(&res1, &mid1, &b, 256); + rustsecp256k1_v0_4_0_ecmult_const(&res2, &mid2, &a, 256); + rustsecp256k1_v0_4_0_ge_set_gej(&mid1, &res1); + rustsecp256k1_v0_4_0_ge_set_gej(&mid2, &res2); ge_equals_ge(&mid1, &mid2); } void ecmult_const_mult_zero_one(void) { - rustsecp256k1_v0_3_1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - rustsecp256k1_v0_3_1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - rustsecp256k1_v0_3_1_scalar negone; - rustsecp256k1_v0_3_1_gej res1; - rustsecp256k1_v0_3_1_ge res2; - rustsecp256k1_v0_3_1_ge point; - rustsecp256k1_v0_3_1_scalar_negate(&negone, &one); + rustsecp256k1_v0_4_0_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + rustsecp256k1_v0_4_0_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + rustsecp256k1_v0_4_0_scalar negone; + rustsecp256k1_v0_4_0_gej res1; + rustsecp256k1_v0_4_0_ge res2; + rustsecp256k1_v0_4_0_ge point; + rustsecp256k1_v0_4_0_scalar_negate(&negone, &one); random_group_element_test(&point); - rustsecp256k1_v0_3_1_ecmult_const(&res1, &point, &zero, 3); - rustsecp256k1_v0_3_1_ge_set_gej(&res2, &res1); - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&res2)); - rustsecp256k1_v0_3_1_ecmult_const(&res1, &point, &one, 2); - rustsecp256k1_v0_3_1_ge_set_gej(&res2, &res1); + rustsecp256k1_v0_4_0_ecmult_const(&res1, &point, &zero, 3); + rustsecp256k1_v0_4_0_ge_set_gej(&res2, &res1); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&res2)); + rustsecp256k1_v0_4_0_ecmult_const(&res1, &point, &one, 2); + rustsecp256k1_v0_4_0_ge_set_gej(&res2, &res1); ge_equals_ge(&res2, &point); - rustsecp256k1_v0_3_1_ecmult_const(&res1, &point, &negone, 256); - rustsecp256k1_v0_3_1_gej_neg(&res1, &res1); - rustsecp256k1_v0_3_1_ge_set_gej(&res2, &res1); + rustsecp256k1_v0_4_0_ecmult_const(&res1, &point, &negone, 256); + rustsecp256k1_v0_4_0_gej_neg(&res1, &res1); + rustsecp256k1_v0_4_0_ge_set_gej(&res2, &res1); ge_equals_ge(&res2, &point); } void ecmult_const_chain_multiply(void) { /* Check known result (randomly generated test problem from sage) */ - const rustsecp256k1_v0_3_1_scalar scalar = SECP256K1_SCALAR_CONST( + const rustsecp256k1_v0_4_0_scalar scalar = SECP256K1_SCALAR_CONST( 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d, 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b ); - const rustsecp256k1_v0_3_1_gej expected_point = SECP256K1_GEJ_CONST( + const rustsecp256k1_v0_4_0_gej expected_point = SECP256K1_GEJ_CONST( 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd, 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f, 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196, 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435 ); - rustsecp256k1_v0_3_1_gej point; - rustsecp256k1_v0_3_1_ge res; + rustsecp256k1_v0_4_0_gej point; + rustsecp256k1_v0_4_0_ge res; int i; - rustsecp256k1_v0_3_1_gej_set_ge(&point, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_gej_set_ge(&point, &rustsecp256k1_v0_4_0_ge_const_g); for (i = 0; i < 100; ++i) { - rustsecp256k1_v0_3_1_ge tmp; - rustsecp256k1_v0_3_1_ge_set_gej(&tmp, &point); - rustsecp256k1_v0_3_1_ecmult_const(&point, &tmp, &scalar, 256); + rustsecp256k1_v0_4_0_ge tmp; + rustsecp256k1_v0_4_0_ge_set_gej(&tmp, &point); + rustsecp256k1_v0_4_0_ecmult_const(&point, &tmp, &scalar, 256); } - rustsecp256k1_v0_3_1_ge_set_gej(&res, &point); + rustsecp256k1_v0_4_0_ge_set_gej(&res, &point); ge_equals_gej(&res, &expected_point); } @@ -2758,18 +2832,18 @@ void run_ecmult_const_tests(void) { } typedef struct { - rustsecp256k1_v0_3_1_scalar *sc; - rustsecp256k1_v0_3_1_ge *pt; + rustsecp256k1_v0_4_0_scalar *sc; + rustsecp256k1_v0_4_0_ge *pt; } ecmult_multi_data; -static int ecmult_multi_callback(rustsecp256k1_v0_3_1_scalar *sc, rustsecp256k1_v0_3_1_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_callback(rustsecp256k1_v0_4_0_scalar *sc, rustsecp256k1_v0_4_0_ge *pt, size_t idx, void *cbdata) { ecmult_multi_data *data = (ecmult_multi_data*) cbdata; *sc = data->sc[idx]; *pt = data->pt[idx]; return 1; } -static int ecmult_multi_false_callback(rustsecp256k1_v0_3_1_scalar *sc, rustsecp256k1_v0_3_1_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_false_callback(rustsecp256k1_v0_4_0_scalar *sc, rustsecp256k1_v0_4_0_ge *pt, size_t idx, void *cbdata) { (void)sc; (void)pt; (void)idx; @@ -2777,102 +2851,102 @@ static int ecmult_multi_false_callback(rustsecp256k1_v0_3_1_scalar *sc, rustsecp return 0; } -void test_ecmult_multi(rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3_1_ecmult_multi_func ecmult_multi) { +void test_ecmult_multi(rustsecp256k1_v0_4_0_scratch *scratch, rustsecp256k1_v0_4_0_ecmult_multi_func ecmult_multi) { int ncount; - rustsecp256k1_v0_3_1_scalar szero; - rustsecp256k1_v0_3_1_scalar sc[32]; - rustsecp256k1_v0_3_1_ge pt[32]; - rustsecp256k1_v0_3_1_gej r; - rustsecp256k1_v0_3_1_gej r2; + rustsecp256k1_v0_4_0_scalar szero; + rustsecp256k1_v0_4_0_scalar sc[32]; + rustsecp256k1_v0_4_0_ge pt[32]; + rustsecp256k1_v0_4_0_gej r; + rustsecp256k1_v0_4_0_gej r2; ecmult_multi_data data; data.sc = sc; data.pt = pt; - rustsecp256k1_v0_3_1_scalar_set_int(&szero, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&szero, 0); /* No points to multiply */ CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); /* Check 1- and 2-point multiplies against ecmult */ for (ncount = 0; ncount < count; ncount++) { - rustsecp256k1_v0_3_1_ge ptg; - rustsecp256k1_v0_3_1_gej ptgj; + rustsecp256k1_v0_4_0_ge ptg; + rustsecp256k1_v0_4_0_gej ptgj; random_scalar_order(&sc[0]); random_scalar_order(&sc[1]); random_group_element_test(&ptg); - rustsecp256k1_v0_3_1_gej_set_ge(&ptgj, &ptg); + rustsecp256k1_v0_4_0_gej_set_ge(&ptgj, &ptg); pt[0] = ptg; - pt[1] = rustsecp256k1_v0_3_1_ge_const_g; + pt[1] = rustsecp256k1_v0_4_0_ge_const_g; /* only G scalar */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &szero, &sc[0]); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &szero, &sc[0]); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); /* 1-point */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &szero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &szero); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); /* Try to multiply 1 point, but callback returns false */ CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); /* 2-point */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); /* 2-point with G scalar */ - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &ptgj, &sc[0], &sc[1]); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } /* Check infinite outputs of various forms */ for (ncount = 0; ncount < count; ncount++) { - rustsecp256k1_v0_3_1_ge ptg; + rustsecp256k1_v0_4_0_ge ptg; size_t i, j; size_t sizes[] = { 2, 10, 32 }; for (j = 0; j < 3; j++) { for (i = 0; i < 32; i++) { random_scalar_order(&sc[i]); - rustsecp256k1_v0_3_1_ge_set_infinity(&pt[i]); + rustsecp256k1_v0_4_0_ge_set_infinity(&pt[i]); } CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } for (j = 0; j < 3; j++) { for (i = 0; i < 32; i++) { random_group_element_test(&ptg); pt[i] = ptg; - rustsecp256k1_v0_3_1_scalar_set_int(&sc[i], 0); + rustsecp256k1_v0_4_0_scalar_set_int(&sc[i], 0); } CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } for (j = 0; j < 3; j++) { random_group_element_test(&ptg); for (i = 0; i < 16; i++) { random_scalar_order(&sc[2*i]); - rustsecp256k1_v0_3_1_scalar_negate(&sc[2*i + 1], &sc[2*i]); + rustsecp256k1_v0_4_0_scalar_negate(&sc[2*i + 1], &sc[2*i]); pt[2 * i] = ptg; pt[2 * i + 1] = ptg; } CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); random_scalar_order(&sc[0]); for (i = 0; i < 16; i++) { @@ -2881,70 +2955,70 @@ void test_ecmult_multi(rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3 sc[2*i] = sc[0]; sc[2*i+1] = sc[0]; pt[2 * i] = ptg; - rustsecp256k1_v0_3_1_ge_neg(&pt[2*i+1], &pt[2*i]); + rustsecp256k1_v0_4_0_ge_neg(&pt[2*i+1], &pt[2*i]); } CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } random_group_element_test(&ptg); - rustsecp256k1_v0_3_1_scalar_set_int(&sc[0], 0); + rustsecp256k1_v0_4_0_scalar_set_int(&sc[0], 0); pt[0] = ptg; for (i = 1; i < 32; i++) { pt[i] = ptg; random_scalar_order(&sc[i]); - rustsecp256k1_v0_3_1_scalar_add(&sc[0], &sc[0], &sc[i]); - rustsecp256k1_v0_3_1_scalar_negate(&sc[i], &sc[i]); + rustsecp256k1_v0_4_0_scalar_add(&sc[0], &sc[0], &sc[i]); + rustsecp256k1_v0_4_0_scalar_negate(&sc[i], &sc[i]); } CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } /* Check random points, constant scalar */ for (ncount = 0; ncount < count; ncount++) { size_t i; - rustsecp256k1_v0_3_1_gej_set_infinity(&r); + rustsecp256k1_v0_4_0_gej_set_infinity(&r); random_scalar_order(&sc[0]); for (i = 0; i < 20; i++) { - rustsecp256k1_v0_3_1_ge ptg; + rustsecp256k1_v0_4_0_ge ptg; sc[i] = sc[0]; random_group_element_test(&ptg); pt[i] = ptg; - rustsecp256k1_v0_3_1_gej_add_ge_var(&r, &r, &pt[i], NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&r, &r, &pt[i], NULL); } - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &r, &sc[0], &szero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &r, &sc[0], &szero); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } /* Check random scalars, constant point */ for (ncount = 0; ncount < count; ncount++) { size_t i; - rustsecp256k1_v0_3_1_ge ptg; - rustsecp256k1_v0_3_1_gej p0j; - rustsecp256k1_v0_3_1_scalar rs; - rustsecp256k1_v0_3_1_scalar_set_int(&rs, 0); + rustsecp256k1_v0_4_0_ge ptg; + rustsecp256k1_v0_4_0_gej p0j; + rustsecp256k1_v0_4_0_scalar rs; + rustsecp256k1_v0_4_0_scalar_set_int(&rs, 0); random_group_element_test(&ptg); for (i = 0; i < 20; i++) { random_scalar_order(&sc[i]); pt[i] = ptg; - rustsecp256k1_v0_3_1_scalar_add(&rs, &rs, &sc[i]); + rustsecp256k1_v0_4_0_scalar_add(&rs, &rs, &sc[i]); } - rustsecp256k1_v0_3_1_gej_set_ge(&p0j, &pt[0]); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &p0j, &rs, &szero); + rustsecp256k1_v0_4_0_gej_set_ge(&p0j, &pt[0]); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &p0j, &rs, &szero); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } /* Sanity check that zero scalars don't cause problems */ @@ -2953,62 +3027,62 @@ void test_ecmult_multi(rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3 random_group_element_test(&pt[ncount]); } - rustsecp256k1_v0_3_1_scalar_clear(&sc[0]); + rustsecp256k1_v0_4_0_scalar_clear(&sc[0]); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); - rustsecp256k1_v0_3_1_scalar_clear(&sc[1]); - rustsecp256k1_v0_3_1_scalar_clear(&sc[2]); - rustsecp256k1_v0_3_1_scalar_clear(&sc[3]); - rustsecp256k1_v0_3_1_scalar_clear(&sc[4]); + rustsecp256k1_v0_4_0_scalar_clear(&sc[1]); + rustsecp256k1_v0_4_0_scalar_clear(&sc[2]); + rustsecp256k1_v0_4_0_scalar_clear(&sc[3]); + rustsecp256k1_v0_4_0_scalar_clear(&sc[4]); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ { const size_t TOP = 8; size_t s0i, s1i; size_t t0i, t1i; - rustsecp256k1_v0_3_1_ge ptg; - rustsecp256k1_v0_3_1_gej ptgj; + rustsecp256k1_v0_4_0_ge ptg; + rustsecp256k1_v0_4_0_gej ptgj; random_group_element_test(&ptg); - rustsecp256k1_v0_3_1_gej_set_ge(&ptgj, &ptg); + rustsecp256k1_v0_4_0_gej_set_ge(&ptgj, &ptg); for(t0i = 0; t0i < TOP; t0i++) { for(t1i = 0; t1i < TOP; t1i++) { - rustsecp256k1_v0_3_1_gej t0p, t1p; - rustsecp256k1_v0_3_1_scalar t0, t1; + rustsecp256k1_v0_4_0_gej t0p, t1p; + rustsecp256k1_v0_4_0_scalar t0, t1; - rustsecp256k1_v0_3_1_scalar_set_int(&t0, (t0i + 1) / 2); - rustsecp256k1_v0_3_1_scalar_cond_negate(&t0, t0i & 1); - rustsecp256k1_v0_3_1_scalar_set_int(&t1, (t1i + 1) / 2); - rustsecp256k1_v0_3_1_scalar_cond_negate(&t1, t1i & 1); + rustsecp256k1_v0_4_0_scalar_set_int(&t0, (t0i + 1) / 2); + rustsecp256k1_v0_4_0_scalar_cond_negate(&t0, t0i & 1); + rustsecp256k1_v0_4_0_scalar_set_int(&t1, (t1i + 1) / 2); + rustsecp256k1_v0_4_0_scalar_cond_negate(&t1, t1i & 1); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &t0p, &ptgj, &t0, &szero); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &t1p, &ptgj, &t1, &szero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &t0p, &ptgj, &t0, &szero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &t1p, &ptgj, &t1, &szero); for(s0i = 0; s0i < TOP; s0i++) { for(s1i = 0; s1i < TOP; s1i++) { - rustsecp256k1_v0_3_1_scalar tmp1, tmp2; - rustsecp256k1_v0_3_1_gej expected, actual; + rustsecp256k1_v0_4_0_scalar tmp1, tmp2; + rustsecp256k1_v0_4_0_gej expected, actual; - rustsecp256k1_v0_3_1_ge_set_gej(&pt[0], &t0p); - rustsecp256k1_v0_3_1_ge_set_gej(&pt[1], &t1p); + rustsecp256k1_v0_4_0_ge_set_gej(&pt[0], &t0p); + rustsecp256k1_v0_4_0_ge_set_gej(&pt[1], &t1p); - rustsecp256k1_v0_3_1_scalar_set_int(&sc[0], (s0i + 1) / 2); - rustsecp256k1_v0_3_1_scalar_cond_negate(&sc[0], s0i & 1); - rustsecp256k1_v0_3_1_scalar_set_int(&sc[1], (s1i + 1) / 2); - rustsecp256k1_v0_3_1_scalar_cond_negate(&sc[1], s1i & 1); + rustsecp256k1_v0_4_0_scalar_set_int(&sc[0], (s0i + 1) / 2); + rustsecp256k1_v0_4_0_scalar_cond_negate(&sc[0], s0i & 1); + rustsecp256k1_v0_4_0_scalar_set_int(&sc[1], (s1i + 1) / 2); + rustsecp256k1_v0_4_0_scalar_cond_negate(&sc[1], s1i & 1); - rustsecp256k1_v0_3_1_scalar_mul(&tmp1, &t0, &sc[0]); - rustsecp256k1_v0_3_1_scalar_mul(&tmp2, &t1, &sc[1]); - rustsecp256k1_v0_3_1_scalar_add(&tmp1, &tmp1, &tmp2); + rustsecp256k1_v0_4_0_scalar_mul(&tmp1, &t0, &sc[0]); + rustsecp256k1_v0_4_0_scalar_mul(&tmp2, &t1, &sc[1]); + rustsecp256k1_v0_4_0_scalar_add(&tmp1, &tmp1, &tmp2); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &expected, &ptgj, &tmp1, &szero); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &expected, &ptgj, &tmp1, &szero); CHECK(ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); - rustsecp256k1_v0_3_1_gej_neg(&expected, &expected); - rustsecp256k1_v0_3_1_gej_add_var(&actual, &actual, &expected, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&actual)); + rustsecp256k1_v0_4_0_gej_neg(&expected, &expected); + rustsecp256k1_v0_4_0_gej_add_var(&actual, &actual, &expected, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&actual)); } } } @@ -3016,40 +3090,38 @@ void test_ecmult_multi(rustsecp256k1_v0_3_1_scratch *scratch, rustsecp256k1_v0_3 } } -void test_ecmult_multi_batch_single(rustsecp256k1_v0_3_1_ecmult_multi_func ecmult_multi) { - rustsecp256k1_v0_3_1_scalar szero; - rustsecp256k1_v0_3_1_scalar sc; - rustsecp256k1_v0_3_1_ge pt; - rustsecp256k1_v0_3_1_gej r; +void test_ecmult_multi_batch_single(rustsecp256k1_v0_4_0_ecmult_multi_func ecmult_multi) { + rustsecp256k1_v0_4_0_scalar szero; + rustsecp256k1_v0_4_0_scalar sc; + rustsecp256k1_v0_4_0_ge pt; + rustsecp256k1_v0_4_0_gej r; ecmult_multi_data data; - rustsecp256k1_v0_3_1_scratch *scratch_empty; + rustsecp256k1_v0_4_0_scratch *scratch_empty; random_group_element_test(&pt); random_scalar_order(&sc); data.sc = ≻ data.pt = &pt; - rustsecp256k1_v0_3_1_scalar_set_int(&szero, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&szero, 0); /* Try to multiply 1 point, but scratch space is empty.*/ - scratch_empty = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, 0); + scratch_empty = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, 0); CHECK(!ecmult_multi(&ctx->error_callback, &ctx->ecmult_ctx, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch_empty); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch_empty); } -void test_rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(void) { +void test_rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(void) { int i; - CHECK(rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(0) == 0); + CHECK(rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(0) == 0); for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { -#ifdef USE_ENDOMORPHISM /* Bucket_window of 8 is not used with endo */ if (i == 8) { continue; } -#endif - CHECK(rustsecp256k1_v0_3_1_pippenger_bucket_window(rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(i)) == i); + CHECK(rustsecp256k1_v0_4_0_pippenger_bucket_window(rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(i)) == i); if (i != PIPPENGER_MAX_BUCKET_WINDOW) { - CHECK(rustsecp256k1_v0_3_1_pippenger_bucket_window(rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(i)+1) > i); + CHECK(rustsecp256k1_v0_4_0_pippenger_bucket_window(rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(i)+1) > i); } } } @@ -3059,9 +3131,9 @@ void test_rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(void) { * for a given scratch space. */ void test_ecmult_multi_pippenger_max_points(void) { - size_t scratch_size = rustsecp256k1_v0_3_1_testrand_int(256); - size_t max_size = rustsecp256k1_v0_3_1_pippenger_scratch_size(rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); - rustsecp256k1_v0_3_1_scratch *scratch; + size_t scratch_size = rustsecp256k1_v0_4_0_testrand_int(256); + size_t max_size = rustsecp256k1_v0_4_0_pippenger_scratch_size(rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); + rustsecp256k1_v0_4_0_scratch *scratch; size_t n_points_supported; int bucket_window = 0; @@ -3069,24 +3141,24 @@ void test_ecmult_multi_pippenger_max_points(void) { size_t i; size_t total_alloc; size_t checkpoint; - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, scratch_size); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, scratch_size); CHECK(scratch != NULL); - checkpoint = rustsecp256k1_v0_3_1_scratch_checkpoint(&ctx->error_callback, scratch); - n_points_supported = rustsecp256k1_v0_3_1_pippenger_max_points(&ctx->error_callback, scratch); + checkpoint = rustsecp256k1_v0_4_0_scratch_checkpoint(&ctx->error_callback, scratch); + n_points_supported = rustsecp256k1_v0_4_0_pippenger_max_points(&ctx->error_callback, scratch); if (n_points_supported == 0) { - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); continue; } - bucket_window = rustsecp256k1_v0_3_1_pippenger_bucket_window(n_points_supported); + bucket_window = rustsecp256k1_v0_4_0_pippenger_bucket_window(n_points_supported); /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ - total_alloc = rustsecp256k1_v0_3_1_pippenger_scratch_size(n_points_supported, bucket_window); + total_alloc = rustsecp256k1_v0_4_0_pippenger_scratch_size(n_points_supported, bucket_window); for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&ctx->error_callback, scratch, 1)); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&ctx->error_callback, scratch, 1)); total_alloc--; } - CHECK(rustsecp256k1_v0_3_1_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); - rustsecp256k1_v0_3_1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + CHECK(rustsecp256k1_v0_4_0_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); + rustsecp256k1_v0_4_0_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); } CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); } @@ -3096,152 +3168,152 @@ void test_ecmult_multi_batch_size_helper(void) { max_n_batch_points = 0; n = 1; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); max_n_batch_points = 1; n = 0; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 0); CHECK(n_batch_points == 0); max_n_batch_points = 2; n = 5; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 3); CHECK(n_batch_points == 2); max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; n = ECMULT_MAX_POINTS_PER_BATCH; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 1); CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH); max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH + 1; n = ECMULT_MAX_POINTS_PER_BATCH + 1; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 2); CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH/2 + 1); max_n_batch_points = 1; n = SIZE_MAX; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == SIZE_MAX); CHECK(n_batch_points == 1); max_n_batch_points = 2; n = SIZE_MAX; - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == SIZE_MAX/2 + 1); CHECK(n_batch_points == 2); } /** - * Run rustsecp256k1_v0_3_1_ecmult_multi_var with num points and a scratch space restricted to + * Run rustsecp256k1_v0_4_0_ecmult_multi_var with num points and a scratch space restricted to * 1 <= i <= num points. */ void test_ecmult_multi_batching(void) { static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; - rustsecp256k1_v0_3_1_scalar scG; - rustsecp256k1_v0_3_1_scalar szero; - rustsecp256k1_v0_3_1_scalar *sc = (rustsecp256k1_v0_3_1_scalar *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_scalar) * n_points); - rustsecp256k1_v0_3_1_ge *pt = (rustsecp256k1_v0_3_1_ge *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_3_1_ge) * n_points); - rustsecp256k1_v0_3_1_gej r; - rustsecp256k1_v0_3_1_gej r2; + rustsecp256k1_v0_4_0_scalar scG; + rustsecp256k1_v0_4_0_scalar szero; + rustsecp256k1_v0_4_0_scalar *sc = (rustsecp256k1_v0_4_0_scalar *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_scalar) * n_points); + rustsecp256k1_v0_4_0_ge *pt = (rustsecp256k1_v0_4_0_ge *)checked_malloc(&ctx->error_callback, sizeof(rustsecp256k1_v0_4_0_ge) * n_points); + rustsecp256k1_v0_4_0_gej r; + rustsecp256k1_v0_4_0_gej r2; ecmult_multi_data data; int i; - rustsecp256k1_v0_3_1_scratch *scratch; + rustsecp256k1_v0_4_0_scratch *scratch; - rustsecp256k1_v0_3_1_gej_set_infinity(&r2); - rustsecp256k1_v0_3_1_scalar_set_int(&szero, 0); + rustsecp256k1_v0_4_0_gej_set_infinity(&r2); + rustsecp256k1_v0_4_0_scalar_set_int(&szero, 0); /* Get random scalars and group elements and compute result */ random_scalar_order(&scG); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &r2, &r2, &szero, &scG); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &r2, &r2, &szero, &scG); for(i = 0; i < n_points; i++) { - rustsecp256k1_v0_3_1_ge ptg; - rustsecp256k1_v0_3_1_gej ptgj; + rustsecp256k1_v0_4_0_ge ptg; + rustsecp256k1_v0_4_0_gej ptgj; random_group_element_test(&ptg); - rustsecp256k1_v0_3_1_gej_set_ge(&ptgj, &ptg); + rustsecp256k1_v0_4_0_gej_set_ge(&ptgj, &ptg); pt[i] = ptg; random_scalar_order(&sc[i]); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &ptgj, &ptgj, &sc[i], NULL); - rustsecp256k1_v0_3_1_gej_add_var(&r2, &r2, &ptgj, NULL); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &ptgj, &ptgj, &sc[i], NULL); + rustsecp256k1_v0_4_0_gej_add_var(&r2, &r2, &ptgj, NULL); } data.sc = sc; data.pt = pt; - rustsecp256k1_v0_3_1_gej_neg(&r2, &r2); + rustsecp256k1_v0_4_0_gej_neg(&r2, &r2); /* Test with empty scratch space. It should compute the correct result using * ecmult_mult_simple algorithm which doesn't require a scratch space. */ - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, 0); - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, 0); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); /* Test with space for 1 point in pippenger. That's not enough because * ecmult_multi selects strauss which requires more memory. It should * therefore select the simple algorithm. */ - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, rustsecp256k1_v0_3_1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, rustsecp256k1_v0_4_0_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); for(i = 1; i <= n_points; i++) { if (i > ECMULT_PIPPENGER_THRESHOLD) { - int bucket_window = rustsecp256k1_v0_3_1_pippenger_bucket_window(i); - size_t scratch_size = rustsecp256k1_v0_3_1_pippenger_scratch_size(i, bucket_window); - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + int bucket_window = rustsecp256k1_v0_4_0_pippenger_bucket_window(i); + size_t scratch_size = rustsecp256k1_v0_4_0_pippenger_scratch_size(i, bucket_window); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); } else { - size_t scratch_size = rustsecp256k1_v0_3_1_strauss_scratch_size(i); - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + size_t scratch_size = rustsecp256k1_v0_4_0_strauss_scratch_size(i); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); } - CHECK(rustsecp256k1_v0_3_1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_3_1_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + CHECK(rustsecp256k1_v0_4_0_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + rustsecp256k1_v0_4_0_gej_add_var(&r, &r, &r2, NULL); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); } free(sc); free(pt); } void run_ecmult_multi_tests(void) { - rustsecp256k1_v0_3_1_scratch *scratch; + rustsecp256k1_v0_4_0_scratch *scratch; - test_rustsecp256k1_v0_3_1_pippenger_bucket_window_inv(); + test_rustsecp256k1_v0_4_0_pippenger_bucket_window_inv(); test_ecmult_multi_pippenger_max_points(); - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, 819200); - test_ecmult_multi(scratch, rustsecp256k1_v0_3_1_ecmult_multi_var); - test_ecmult_multi(NULL, rustsecp256k1_v0_3_1_ecmult_multi_var); - test_ecmult_multi(scratch, rustsecp256k1_v0_3_1_ecmult_pippenger_batch_single); - test_ecmult_multi_batch_single(rustsecp256k1_v0_3_1_ecmult_pippenger_batch_single); - test_ecmult_multi(scratch, rustsecp256k1_v0_3_1_ecmult_strauss_batch_single); - test_ecmult_multi_batch_single(rustsecp256k1_v0_3_1_ecmult_strauss_batch_single); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, 819200); + test_ecmult_multi(scratch, rustsecp256k1_v0_4_0_ecmult_multi_var); + test_ecmult_multi(NULL, rustsecp256k1_v0_4_0_ecmult_multi_var); + test_ecmult_multi(scratch, rustsecp256k1_v0_4_0_ecmult_pippenger_batch_single); + test_ecmult_multi_batch_single(rustsecp256k1_v0_4_0_ecmult_pippenger_batch_single); + test_ecmult_multi(scratch, rustsecp256k1_v0_4_0_ecmult_strauss_batch_single); + test_ecmult_multi_batch_single(rustsecp256k1_v0_4_0_ecmult_strauss_batch_single); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); /* Run test_ecmult_multi with space for exactly one point */ - scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, rustsecp256k1_v0_3_1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); - test_ecmult_multi(scratch, rustsecp256k1_v0_3_1_ecmult_multi_var); - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, rustsecp256k1_v0_4_0_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + test_ecmult_multi(scratch, rustsecp256k1_v0_4_0_ecmult_multi_var); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); test_ecmult_multi_batch_size_helper(); test_ecmult_multi_batching(); } -void test_wnaf(const rustsecp256k1_v0_3_1_scalar *number, int w) { - rustsecp256k1_v0_3_1_scalar x, two, t; +void test_wnaf(const rustsecp256k1_v0_4_0_scalar *number, int w) { + rustsecp256k1_v0_4_0_scalar x, two, t; int wnaf[256]; int zeroes = -1; int i; int bits; - rustsecp256k1_v0_3_1_scalar_set_int(&x, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&two, 2); - bits = rustsecp256k1_v0_3_1_ecmult_wnaf(wnaf, 256, number, w); + rustsecp256k1_v0_4_0_scalar_set_int(&x, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&two, 2); + bits = rustsecp256k1_v0_4_0_ecmult_wnaf(wnaf, 256, number, w); CHECK(bits <= 256); for (i = bits-1; i >= 0; i--) { int v = wnaf[i]; - rustsecp256k1_v0_3_1_scalar_mul(&x, &x, &two); + rustsecp256k1_v0_4_0_scalar_mul(&x, &x, &two); if (v) { CHECK(zeroes == -1 || zeroes >= w-1); /* check that distance between non-zero elements is at least w-1 */ zeroes=0; @@ -3253,110 +3325,104 @@ void test_wnaf(const rustsecp256k1_v0_3_1_scalar *number, int w) { zeroes++; } if (v >= 0) { - rustsecp256k1_v0_3_1_scalar_set_int(&t, v); + rustsecp256k1_v0_4_0_scalar_set_int(&t, v); } else { - rustsecp256k1_v0_3_1_scalar_set_int(&t, -v); - rustsecp256k1_v0_3_1_scalar_negate(&t, &t); + rustsecp256k1_v0_4_0_scalar_set_int(&t, -v); + rustsecp256k1_v0_4_0_scalar_negate(&t, &t); } - rustsecp256k1_v0_3_1_scalar_add(&x, &x, &t); + rustsecp256k1_v0_4_0_scalar_add(&x, &x, &t); } - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&x, number)); /* check that wnaf represents number */ + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&x, number)); /* check that wnaf represents number */ } -void test_constant_wnaf_negate(const rustsecp256k1_v0_3_1_scalar *number) { - rustsecp256k1_v0_3_1_scalar neg1 = *number; - rustsecp256k1_v0_3_1_scalar neg2 = *number; +void test_constant_wnaf_negate(const rustsecp256k1_v0_4_0_scalar *number) { + rustsecp256k1_v0_4_0_scalar neg1 = *number; + rustsecp256k1_v0_4_0_scalar neg2 = *number; int sign1 = 1; int sign2 = 1; - if (!rustsecp256k1_v0_3_1_scalar_get_bits(&neg1, 0, 1)) { - rustsecp256k1_v0_3_1_scalar_negate(&neg1, &neg1); + if (!rustsecp256k1_v0_4_0_scalar_get_bits(&neg1, 0, 1)) { + rustsecp256k1_v0_4_0_scalar_negate(&neg1, &neg1); sign1 = -1; } - sign2 = rustsecp256k1_v0_3_1_scalar_cond_negate(&neg2, rustsecp256k1_v0_3_1_scalar_is_even(&neg2)); + sign2 = rustsecp256k1_v0_4_0_scalar_cond_negate(&neg2, rustsecp256k1_v0_4_0_scalar_is_even(&neg2)); CHECK(sign1 == sign2); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&neg1, &neg2)); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&neg1, &neg2)); } -void test_constant_wnaf(const rustsecp256k1_v0_3_1_scalar *number, int w) { - rustsecp256k1_v0_3_1_scalar x, shift; +void test_constant_wnaf(const rustsecp256k1_v0_4_0_scalar *number, int w) { + rustsecp256k1_v0_4_0_scalar x, shift; int wnaf[256] = {0}; int i; int skew; int bits = 256; - rustsecp256k1_v0_3_1_scalar num = *number; - rustsecp256k1_v0_3_1_scalar scalar_skew; + rustsecp256k1_v0_4_0_scalar num = *number; + rustsecp256k1_v0_4_0_scalar scalar_skew; - rustsecp256k1_v0_3_1_scalar_set_int(&x, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&shift, 1 << w); - /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_scalar_set_int(&x, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&shift, 1 << w); for (i = 0; i < 16; ++i) { - rustsecp256k1_v0_3_1_scalar_shr_int(&num, 8); + rustsecp256k1_v0_4_0_scalar_shr_int(&num, 8); } bits = 128; -#endif - skew = rustsecp256k1_v0_3_1_wnaf_const(wnaf, &num, w, bits); + skew = rustsecp256k1_v0_4_0_wnaf_const(wnaf, &num, w, bits); for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { - rustsecp256k1_v0_3_1_scalar t; + rustsecp256k1_v0_4_0_scalar t; int v = wnaf[i]; CHECK(v != 0); /* check nonzero */ CHECK(v & 1); /* check parity */ CHECK(v > -(1 << w)); /* check range above */ CHECK(v < (1 << w)); /* check range below */ - rustsecp256k1_v0_3_1_scalar_mul(&x, &x, &shift); + rustsecp256k1_v0_4_0_scalar_mul(&x, &x, &shift); if (v >= 0) { - rustsecp256k1_v0_3_1_scalar_set_int(&t, v); + rustsecp256k1_v0_4_0_scalar_set_int(&t, v); } else { - rustsecp256k1_v0_3_1_scalar_set_int(&t, -v); - rustsecp256k1_v0_3_1_scalar_negate(&t, &t); + rustsecp256k1_v0_4_0_scalar_set_int(&t, -v); + rustsecp256k1_v0_4_0_scalar_negate(&t, &t); } - rustsecp256k1_v0_3_1_scalar_add(&x, &x, &t); + rustsecp256k1_v0_4_0_scalar_add(&x, &x, &t); } /* Skew num because when encoding numbers as odd we use an offset */ - rustsecp256k1_v0_3_1_scalar_set_int(&scalar_skew, 1 << (skew == 2)); - rustsecp256k1_v0_3_1_scalar_add(&num, &num, &scalar_skew); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&x, &num)); + rustsecp256k1_v0_4_0_scalar_set_int(&scalar_skew, 1 << (skew == 2)); + rustsecp256k1_v0_4_0_scalar_add(&num, &num, &scalar_skew); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&x, &num)); } -void test_fixed_wnaf(const rustsecp256k1_v0_3_1_scalar *number, int w) { - rustsecp256k1_v0_3_1_scalar x, shift; +void test_fixed_wnaf(const rustsecp256k1_v0_4_0_scalar *number, int w) { + rustsecp256k1_v0_4_0_scalar x, shift; int wnaf[256] = {0}; int i; int skew; - rustsecp256k1_v0_3_1_scalar num = *number; + rustsecp256k1_v0_4_0_scalar num = *number; - rustsecp256k1_v0_3_1_scalar_set_int(&x, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&shift, 1 << w); - /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ -#ifdef USE_ENDOMORPHISM + rustsecp256k1_v0_4_0_scalar_set_int(&x, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&shift, 1 << w); for (i = 0; i < 16; ++i) { - rustsecp256k1_v0_3_1_scalar_shr_int(&num, 8); + rustsecp256k1_v0_4_0_scalar_shr_int(&num, 8); } -#endif - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 0; --i) { - rustsecp256k1_v0_3_1_scalar t; + rustsecp256k1_v0_4_0_scalar t; int v = wnaf[i]; CHECK(v == 0 || v & 1); /* check parity */ CHECK(v > -(1 << w)); /* check range above */ CHECK(v < (1 << w)); /* check range below */ - rustsecp256k1_v0_3_1_scalar_mul(&x, &x, &shift); + rustsecp256k1_v0_4_0_scalar_mul(&x, &x, &shift); if (v >= 0) { - rustsecp256k1_v0_3_1_scalar_set_int(&t, v); + rustsecp256k1_v0_4_0_scalar_set_int(&t, v); } else { - rustsecp256k1_v0_3_1_scalar_set_int(&t, -v); - rustsecp256k1_v0_3_1_scalar_negate(&t, &t); + rustsecp256k1_v0_4_0_scalar_set_int(&t, -v); + rustsecp256k1_v0_4_0_scalar_negate(&t, &t); } - rustsecp256k1_v0_3_1_scalar_add(&x, &x, &t); + rustsecp256k1_v0_4_0_scalar_add(&x, &x, &t); } /* If skew is 1 then add 1 to num */ - rustsecp256k1_v0_3_1_scalar_cadd_bit(&num, 0, skew == 1); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&x, &num)); + rustsecp256k1_v0_4_0_scalar_cadd_bit(&num, 0, skew == 1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&x, &num)); } /* Checks that the first 8 elements of wnaf are equal to wnaf_expected and the @@ -3376,18 +3442,18 @@ void test_fixed_wnaf_small(void) { int wnaf[256] = {0}; int i; int skew; - rustsecp256k1_v0_3_1_scalar num; + rustsecp256k1_v0_4_0_scalar num; - rustsecp256k1_v0_3_1_scalar_set_int(&num, 0); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 0); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 0; --i) { int v = wnaf[i]; CHECK(v == 0); } CHECK(skew == 0); - rustsecp256k1_v0_3_1_scalar_set_int(&num, 1); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 1); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 1; --i) { int v = wnaf[i]; CHECK(v == 0); @@ -3397,29 +3463,29 @@ void test_fixed_wnaf_small(void) { { int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf }; - rustsecp256k1_v0_3_1_scalar_set_int(&num, 0xffffffff); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 0xffffffff); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } { int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf }; - rustsecp256k1_v0_3_1_scalar_set_int(&num, 0xeeeeeeee); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 0xeeeeeeee); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 1); } { int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 }; - rustsecp256k1_v0_3_1_scalar_set_int(&num, 0x01010101); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 0x01010101); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } { int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 }; - rustsecp256k1_v0_3_1_scalar_set_int(&num, 0x01ef1ef1); - skew = rustsecp256k1_v0_3_1_wnaf_fixed(wnaf, &num, w); + rustsecp256k1_v0_4_0_scalar_set_int(&num, 0x01ef1ef1); + skew = rustsecp256k1_v0_4_0_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } @@ -3427,7 +3493,7 @@ void test_fixed_wnaf_small(void) { void run_wnaf(void) { int i; - rustsecp256k1_v0_3_1_scalar n = {{0}}; + rustsecp256k1_v0_4_0_scalar n = {{0}}; test_constant_wnaf(&n, 4); /* Sanity check: 1 and 2 are the smallest odd and even numbers and should @@ -3437,21 +3503,21 @@ void run_wnaf(void) { n.d[0] = 2; test_constant_wnaf(&n, 4); /* Test -1, because it's a special case in wnaf_const */ - n = rustsecp256k1_v0_3_1_scalar_one; - rustsecp256k1_v0_3_1_scalar_negate(&n, &n); + n = rustsecp256k1_v0_4_0_scalar_one; + rustsecp256k1_v0_4_0_scalar_negate(&n, &n); test_constant_wnaf(&n, 4); /* Test -2, which may not lead to overflows in wnaf_const */ - rustsecp256k1_v0_3_1_scalar_add(&n, &rustsecp256k1_v0_3_1_scalar_one, &rustsecp256k1_v0_3_1_scalar_one); - rustsecp256k1_v0_3_1_scalar_negate(&n, &n); + rustsecp256k1_v0_4_0_scalar_add(&n, &rustsecp256k1_v0_4_0_scalar_one, &rustsecp256k1_v0_4_0_scalar_one); + rustsecp256k1_v0_4_0_scalar_negate(&n, &n); test_constant_wnaf(&n, 4); /* Test (1/2) - 1 = 1/-2 and 1/2 = (1/-2) + 1 as corner cases of negation handling in wnaf_const */ - rustsecp256k1_v0_3_1_scalar_inverse(&n, &n); + rustsecp256k1_v0_4_0_scalar_inverse(&n, &n); test_constant_wnaf(&n, 4); - rustsecp256k1_v0_3_1_scalar_add(&n, &n, &rustsecp256k1_v0_3_1_scalar_one); + rustsecp256k1_v0_4_0_scalar_add(&n, &n, &rustsecp256k1_v0_4_0_scalar_one); test_constant_wnaf(&n, 4); /* Test 0 for fixed wnaf */ @@ -3464,43 +3530,43 @@ void run_wnaf(void) { test_constant_wnaf(&n, 4 + (i % 10)); test_fixed_wnaf(&n, 4 + (i % 10)); } - rustsecp256k1_v0_3_1_scalar_set_int(&n, 0); - CHECK(rustsecp256k1_v0_3_1_scalar_cond_negate(&n, 1) == -1); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&n)); - CHECK(rustsecp256k1_v0_3_1_scalar_cond_negate(&n, 0) == 1); - CHECK(rustsecp256k1_v0_3_1_scalar_is_zero(&n)); + rustsecp256k1_v0_4_0_scalar_set_int(&n, 0); + CHECK(rustsecp256k1_v0_4_0_scalar_cond_negate(&n, 1) == -1); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&n)); + CHECK(rustsecp256k1_v0_4_0_scalar_cond_negate(&n, 0) == 1); + CHECK(rustsecp256k1_v0_4_0_scalar_is_zero(&n)); } void test_ecmult_constants(void) { /* Test ecmult_gen() for [0..36) and [order-36..0). */ - rustsecp256k1_v0_3_1_scalar x; - rustsecp256k1_v0_3_1_gej r; - rustsecp256k1_v0_3_1_ge ng; + rustsecp256k1_v0_4_0_scalar x; + rustsecp256k1_v0_4_0_gej r; + rustsecp256k1_v0_4_0_ge ng; int i; int j; - rustsecp256k1_v0_3_1_ge_neg(&ng, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_ge_neg(&ng, &rustsecp256k1_v0_4_0_ge_const_g); for (i = 0; i < 36; i++ ) { - rustsecp256k1_v0_3_1_scalar_set_int(&x, i); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + rustsecp256k1_v0_4_0_scalar_set_int(&x, i); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); for (j = 0; j < i; j++) { if (j == i - 1) { - ge_equals_gej(&rustsecp256k1_v0_3_1_ge_const_g, &r); + ge_equals_gej(&rustsecp256k1_v0_4_0_ge_const_g, &r); } - rustsecp256k1_v0_3_1_gej_add_ge(&r, &r, &ng); + rustsecp256k1_v0_4_0_gej_add_ge(&r, &r, &ng); } - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } for (i = 1; i <= 36; i++ ) { - rustsecp256k1_v0_3_1_scalar_set_int(&x, i); - rustsecp256k1_v0_3_1_scalar_negate(&x, &x); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); + rustsecp256k1_v0_4_0_scalar_set_int(&x, i); + rustsecp256k1_v0_4_0_scalar_negate(&x, &x); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &r, &x); for (j = 0; j < i; j++) { if (j == i - 1) { ge_equals_gej(&ng, &r); } - rustsecp256k1_v0_3_1_gej_add_ge(&r, &r, &rustsecp256k1_v0_3_1_ge_const_g); + rustsecp256k1_v0_4_0_gej_add_ge(&r, &r, &rustsecp256k1_v0_4_0_ge_const_g); } - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&r)); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&r)); } } @@ -3510,36 +3576,36 @@ void run_ecmult_constants(void) { void test_ecmult_gen_blind(void) { /* Test ecmult_gen() blinding and confirm that the blinding changes, the affine points match, and the z's don't match. */ - rustsecp256k1_v0_3_1_scalar key; - rustsecp256k1_v0_3_1_scalar b; + rustsecp256k1_v0_4_0_scalar key; + rustsecp256k1_v0_4_0_scalar b; unsigned char seed32[32]; - rustsecp256k1_v0_3_1_gej pgej; - rustsecp256k1_v0_3_1_gej pgej2; - rustsecp256k1_v0_3_1_gej i; - rustsecp256k1_v0_3_1_ge pge; + rustsecp256k1_v0_4_0_gej pgej; + rustsecp256k1_v0_4_0_gej pgej2; + rustsecp256k1_v0_4_0_gej i; + rustsecp256k1_v0_4_0_ge pge; random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); - rustsecp256k1_v0_3_1_testrand256(seed32); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); + rustsecp256k1_v0_4_0_testrand256(seed32); b = ctx->ecmult_gen_ctx.blind; i = ctx->ecmult_gen_ctx.initial; - rustsecp256k1_v0_3_1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); - CHECK(!rustsecp256k1_v0_3_1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); + rustsecp256k1_v0_4_0_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + CHECK(!rustsecp256k1_v0_4_0_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); - rustsecp256k1_v0_3_1_ge_set_gej(&pge, &pgej); + rustsecp256k1_v0_4_0_ge_set_gej(&pge, &pgej); ge_equals_gej(&pge, &pgej2); } void test_ecmult_gen_blind_reset(void) { /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ - rustsecp256k1_v0_3_1_scalar b; - rustsecp256k1_v0_3_1_gej initial; - rustsecp256k1_v0_3_1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + rustsecp256k1_v0_4_0_scalar b; + rustsecp256k1_v0_4_0_gej initial; + rustsecp256k1_v0_4_0_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); b = ctx->ecmult_gen_ctx.blind; initial = ctx->ecmult_gen_ctx.initial; - rustsecp256k1_v0_3_1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); - CHECK(rustsecp256k1_v0_3_1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); + rustsecp256k1_v0_4_0_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); CHECK(gej_xyz_equals_gej(&initial, &ctx->ecmult_gen_ctx.initial)); } @@ -3551,44 +3617,63 @@ void run_ecmult_gen_blind(void) { } } -#ifdef USE_ENDOMORPHISM /***** ENDOMORPHISH TESTS *****/ -void test_scalar_split(void) { - rustsecp256k1_v0_3_1_scalar full; - rustsecp256k1_v0_3_1_scalar s1, slam; +void test_scalar_split(const rustsecp256k1_v0_4_0_scalar* full) { + rustsecp256k1_v0_4_0_scalar s, s1, slam; const unsigned char zero[32] = {0}; unsigned char tmp[32]; - random_scalar_order_test(&full); - rustsecp256k1_v0_3_1_scalar_split_lambda(&s1, &slam, &full); + rustsecp256k1_v0_4_0_scalar_split_lambda(&s1, &slam, full); + + /* check slam*lambda + s1 == full */ + rustsecp256k1_v0_4_0_scalar_mul(&s, &rustsecp256k1_v0_4_0_const_lambda, &slam); + rustsecp256k1_v0_4_0_scalar_add(&s, &s, &s1); + CHECK(rustsecp256k1_v0_4_0_scalar_eq(&s, full)); /* check that both are <= 128 bits in size */ - if (rustsecp256k1_v0_3_1_scalar_is_high(&s1)) { - rustsecp256k1_v0_3_1_scalar_negate(&s1, &s1); + if (rustsecp256k1_v0_4_0_scalar_is_high(&s1)) { + rustsecp256k1_v0_4_0_scalar_negate(&s1, &s1); } - if (rustsecp256k1_v0_3_1_scalar_is_high(&slam)) { - rustsecp256k1_v0_3_1_scalar_negate(&slam, &slam); + if (rustsecp256k1_v0_4_0_scalar_is_high(&slam)) { + rustsecp256k1_v0_4_0_scalar_negate(&slam, &slam); } - rustsecp256k1_v0_3_1_scalar_get_b32(tmp, &s1); - CHECK(memcmp(zero, tmp, 16) == 0); - rustsecp256k1_v0_3_1_scalar_get_b32(tmp, &slam); - CHECK(memcmp(zero, tmp, 16) == 0); + rustsecp256k1_v0_4_0_scalar_get_b32(tmp, &s1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zero, tmp, 16) == 0); + rustsecp256k1_v0_4_0_scalar_get_b32(tmp, &slam); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zero, tmp, 16) == 0); } + void run_endomorphism_tests(void) { - test_scalar_split(); + unsigned i; + static rustsecp256k1_v0_4_0_scalar s; + test_scalar_split(&rustsecp256k1_v0_4_0_scalar_zero); + test_scalar_split(&rustsecp256k1_v0_4_0_scalar_one); + rustsecp256k1_v0_4_0_scalar_negate(&s,&rustsecp256k1_v0_4_0_scalar_one); + test_scalar_split(&s); + test_scalar_split(&rustsecp256k1_v0_4_0_const_lambda); + rustsecp256k1_v0_4_0_scalar_add(&s, &rustsecp256k1_v0_4_0_const_lambda, &rustsecp256k1_v0_4_0_scalar_one); + test_scalar_split(&s); + + for (i = 0; i < 100U * count; ++i) { + rustsecp256k1_v0_4_0_scalar full; + random_scalar_order_test(&full); + test_scalar_split(&full); + } + for (i = 0; i < sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); ++i) { + test_scalar_split(&scalars_near_split_bounds[i]); + } } -#endif void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { unsigned char pubkeyc[65]; - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_ge ge; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_ge ge; size_t pubkeyclen; int32_t ecount; ecount = 0; - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { /* Smaller sizes are tested exhaustively elsewhere. */ int32_t i; @@ -3614,30 +3699,30 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); outl = 65; VG_UNDEF(pubkeyo, 65); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); VG_CHECK(pubkeyo, outl); CHECK(outl == 33); - CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0); CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); if (ypass) { /* This test isn't always done because we decode with alternative signs, so the y won't match. */ CHECK(pubkeyo[0] == ysign); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - rustsecp256k1_v0_3_1_pubkey_save(&pubkey, &ge); + rustsecp256k1_v0_4_0_pubkey_save(&pubkey, &ge); VG_CHECK(&pubkey, sizeof(pubkey)); outl = 65; VG_UNDEF(pubkeyo, 65); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); VG_CHECK(pubkeyo, outl); CHECK(outl == 65); CHECK(pubkeyo[0] == 4); - CHECK(memcmp(&pubkeyo[1], input, 64) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkeyo[1], input, 64) == 0); } CHECK(ecount == 0); } else { @@ -3645,15 +3730,15 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); } } } - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, NULL, NULL); } void run_ec_pubkey_parse_test(void) { @@ -3837,8 +3922,8 @@ void run_ec_pubkey_parse_test(void) { }; unsigned char sout[65]; unsigned char shortkey[2]; - rustsecp256k1_v0_3_1_ge ge; - rustsecp256k1_v0_3_1_pubkey pubkey; + rustsecp256k1_v0_4_0_ge ge; + rustsecp256k1_v0_4_0_pubkey pubkey; size_t len; int32_t i; int32_t ecount; @@ -3846,16 +3931,16 @@ void run_ec_pubkey_parse_test(void) { ecount = 0; /* Nothing should be reading this far into pubkeyc. */ VG_UNDEF(&pubkeyc[65], 1); - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); /* Zero length claimed, fail, zeroize, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(shortkey, 2); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); /* Length one claimed, fail, zeroize, no illegal arg error. */ for (i = 0; i < 256 ; i++) { @@ -3864,10 +3949,10 @@ void run_ec_pubkey_parse_test(void) { shortkey[0] = i; VG_UNDEF(&shortkey[1], 1); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); } /* Length two claimed, fail, zeroize, no illegal arg error. */ @@ -3877,101 +3962,101 @@ void run_ec_pubkey_parse_test(void) { shortkey[0] = i & 255; shortkey[1] = i >> 8; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); } memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); CHECK(ecount == 2); /* NULL input string. Illegal arg and zeroize output. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 2); /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 0); CHECK(ecount == 1); /* Valid parse. */ memset(&pubkey, 0, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(rustsecp256k1_v0_3_1_context_no_precomp, &pubkey, pubkeyc, 65) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(rustsecp256k1_v0_4_0_context_no_precomp, &pubkey, pubkeyc, 65) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); VG_UNDEF(&ge, sizeof(ge)); - CHECK(rustsecp256k1_v0_3_1_pubkey_load(ctx, &ge, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_pubkey_load(ctx, &ge, &pubkey) == 1); VG_CHECK(&ge.x, sizeof(ge.x)); VG_CHECK(&ge.y, sizeof(ge.y)); VG_CHECK(&ge.infinity, sizeof(ge.infinity)); - ge_equals_ge(&rustsecp256k1_v0_3_1_ge_const_g, &ge); + ge_equals_ge(&rustsecp256k1_v0_4_0_ge_const_g, &ge); CHECK(ecount == 0); - /* rustsecp256k1_v0_3_1_ec_pubkey_serialize illegal args. */ + /* rustsecp256k1_v0_4_0_ec_pubkey_serialize illegal args. */ ecount = 0; len = 65; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); CHECK(ecount == 1); CHECK(len == 0); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); CHECK(ecount == 2); len = 65; VG_UNDEF(sout, 65); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); VG_CHECK(sout, 65); CHECK(ecount == 3); CHECK(len == 0); len = 65; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); CHECK(ecount == 4); CHECK(len == 0); len = 65; VG_UNDEF(sout, 65); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); VG_CHECK(sout, 65); CHECK(ecount == 4); CHECK(len == 65); /* Multiple illegal args. Should still set arg error only once. */ ecount = 0; ecount2 = 11; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); CHECK(ecount == 1); /* Does the illegal arg callback actually change the behavior? */ - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); CHECK(ecount == 1); CHECK(ecount2 == 10); - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, NULL, NULL); /* Try a bunch of prefabbed points with all possible encodings. */ for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { ec_pubkey_parse_pointtest(valid[i], 1, 1); @@ -3991,253 +4076,253 @@ void run_eckey_edge_case_test(void) { 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 }; - const unsigned char zeros[sizeof(rustsecp256k1_v0_3_1_pubkey)] = {0x00}; + const unsigned char zeros[sizeof(rustsecp256k1_v0_4_0_pubkey)] = {0x00}; unsigned char ctmp[33]; unsigned char ctmp2[33]; - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_pubkey pubkey2; - rustsecp256k1_v0_3_1_pubkey pubkey_one; - rustsecp256k1_v0_3_1_pubkey pubkey_negone; - const rustsecp256k1_v0_3_1_pubkey *pubkeys[3]; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey pubkey2; + rustsecp256k1_v0_4_0_pubkey pubkey_one; + rustsecp256k1_v0_4_0_pubkey pubkey_negone; + const rustsecp256k1_v0_4_0_pubkey *pubkeys[3]; size_t len; int32_t ecount; /* Group order is too large, reject. */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, orderc) == 0); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, orderc) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); /* Maximum value is too large, reject. */ memset(ctmp, 255, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); /* Zero is too small, reject. */ memset(ctmp, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); /* One must be accepted. */ ctmp[31] = 0x01; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) > 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) > 0); pubkey_one = pubkey; /* Group order + 1 is too large, reject. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x42; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); /* -1 must be accepted. */ ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) > 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) > 0); pubkey_negone = pubkey; /* Tweak of zero leaves the value unchanged. */ memset(ctmp2, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); - CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); memcpy(&pubkey2, &pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Multiply tweak of zero zeroizes the output. */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing seckey, the seckey is zeroized. */ memcpy(ctmp, orderc, 32); memset(ctmp2, 0, 32); ctmp2[31] = 0x01; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp2) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 0); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp, 32) == 0); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing tweak, the seckey is zeroized. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); - CHECK(memcmp(zeros, ctmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing tweak, the pubkey is zeroized. */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - /* If the resulting key in rustsecp256k1_v0_3_1_ec_seckey_tweak_add and - * rustsecp256k1_v0_3_1_ec_pubkey_tweak_add is 0 the functions fail and in the latter + /* If the resulting key in rustsecp256k1_v0_4_0_ec_seckey_tweak_add and + * rustsecp256k1_v0_4_0_ec_pubkey_tweak_add is 0 the functions fail and in the latter * case the pubkey is zeroized. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); - CHECK(memcmp(zeros, ctmp2, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(zeros, ctmp2, 32) == 0); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* Tweak computation wraps and results in a key of 1. */ ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); - CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Tweak mul * 2 = 1+1. */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Test argument errors. */ ecount = 0; - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); CHECK(ecount == 0); /* Zeroize pubkey on parse error. */ memset(&pubkey, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); CHECK(ecount == 1); - CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memset(&pubkey2, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); CHECK(ecount == 2); - CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0); /* Plain argument errors. */ ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, ctmp) == 1); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, NULL) == 0); CHECK(ecount == 1); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); CHECK(ecount == 2); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, NULL, ctmp) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, NULL, ctmp) == 0); CHECK(ecount == 1); memset(&pubkey, 1, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, NULL) == 0); CHECK(ecount == 2); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); - /* rustsecp256k1_v0_3_1_ec_pubkey_combine tests. */ + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); + /* rustsecp256k1_v0_4_0_ec_pubkey_combine tests. */ ecount = 0; pubkeys[0] = &pubkey_one; - VG_UNDEF(&pubkeys[0], sizeof(rustsecp256k1_v0_3_1_pubkey *)); - VG_UNDEF(&pubkeys[1], sizeof(rustsecp256k1_v0_3_1_pubkey *)); - VG_UNDEF(&pubkeys[2], sizeof(rustsecp256k1_v0_3_1_pubkey *)); - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + VG_UNDEF(&pubkeys[0], sizeof(rustsecp256k1_v0_4_0_pubkey *)); + VG_UNDEF(&pubkeys[1], sizeof(rustsecp256k1_v0_4_0_pubkey *)); + VG_UNDEF(&pubkeys[2], sizeof(rustsecp256k1_v0_4_0_pubkey *)); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); CHECK(ecount == 2); - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); CHECK(ecount == 3); pubkeys[0] = &pubkey_negone; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) > 0); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) > 0); CHECK(ecount == 3); len = 33; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); - CHECK(memcmp(ctmp, ctmp2, 33) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(ctmp, ctmp2, 33) == 0); /* Result is infinity. */ pubkeys[0] = &pubkey_one; pubkeys[1] = &pubkey_negone; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) == 0); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) == 0); CHECK(ecount == 3); /* Passes through infinity but comes out one. */ pubkeys[2] = &pubkey_one; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) > 0); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) > 0); CHECK(ecount == 3); len = 33; - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); - CHECK(memcmp(ctmp, ctmp2, 33) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(ctmp, ctmp2, 33) == 0); /* Adds to two. */ pubkeys[1] = &pubkey_one; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_3_1_pubkey)); - VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); - VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); - CHECK(memcmp(&pubkey, zeros, sizeof(rustsecp256k1_v0_3_1_pubkey)) > 0); + memset(&pubkey, 255, sizeof(rustsecp256k1_v0_4_0_pubkey)); + VG_UNDEF(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); + VG_CHECK(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_4_0_pubkey)) > 0); CHECK(ecount == 3); - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, NULL, NULL); } void run_eckey_negate_test(void) { @@ -4248,22 +4333,22 @@ void run_eckey_negate_test(void) { memcpy(seckey_tmp, seckey, 32); /* Verify negation changes the key and changes it back */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey) == 1); - CHECK(memcmp(seckey, seckey_tmp, 32) != 0); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey) == 1); - CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(seckey, seckey_tmp, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Check that privkey alias gives same result */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_privkey_negate(ctx, seckey_tmp) == 1); - CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_privkey_negate(ctx, seckey_tmp) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Negating all 0s fails */ memset(seckey, 0, 32); memset(seckey_tmp, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey) == 0); /* Check that seckey is not modified */ - CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Negating an overflowing seckey fails and the seckey is zeroed. In this * test, the seckey has 16 random bytes to ensure that ec_seckey_negate @@ -4271,38 +4356,38 @@ void run_eckey_negate_test(void) { random_scalar_order_b32(seckey); memset(seckey, 0xFF, 16); memset(seckey_tmp, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, seckey) == 0); - CHECK(memcmp(seckey, seckey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, seckey) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(seckey, seckey_tmp, 32) == 0); } -void random_sign(rustsecp256k1_v0_3_1_scalar *sigr, rustsecp256k1_v0_3_1_scalar *sigs, const rustsecp256k1_v0_3_1_scalar *key, const rustsecp256k1_v0_3_1_scalar *msg, int *recid) { - rustsecp256k1_v0_3_1_scalar nonce; +void random_sign(rustsecp256k1_v0_4_0_scalar *sigr, rustsecp256k1_v0_4_0_scalar *sigs, const rustsecp256k1_v0_4_0_scalar *key, const rustsecp256k1_v0_4_0_scalar *msg, int *recid) { + rustsecp256k1_v0_4_0_scalar nonce; do { random_scalar_order_test(&nonce); - } while(!rustsecp256k1_v0_3_1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); + } while(!rustsecp256k1_v0_4_0_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); } void test_ecdsa_sign_verify(void) { - rustsecp256k1_v0_3_1_gej pubj; - rustsecp256k1_v0_3_1_ge pub; - rustsecp256k1_v0_3_1_scalar one; - rustsecp256k1_v0_3_1_scalar msg, key; - rustsecp256k1_v0_3_1_scalar sigr, sigs; + rustsecp256k1_v0_4_0_gej pubj; + rustsecp256k1_v0_4_0_ge pub; + rustsecp256k1_v0_4_0_scalar one; + rustsecp256k1_v0_4_0_scalar msg, key; + rustsecp256k1_v0_4_0_scalar sigr, sigs; int recid; int getrec; random_scalar_order_test(&msg); random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); - rustsecp256k1_v0_3_1_ge_set_gej(&pub, &pubj); - getrec = rustsecp256k1_v0_3_1_testrand_bits(1); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); + rustsecp256k1_v0_4_0_ge_set_gej(&pub, &pubj); + getrec = rustsecp256k1_v0_4_0_testrand_bits(1); random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); if (getrec) { CHECK(recid >= 0 && recid < 4); } - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); - rustsecp256k1_v0_3_1_scalar_set_int(&one, 1); - rustsecp256k1_v0_3_1_scalar_add(&msg, &msg, &one); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); + rustsecp256k1_v0_4_0_scalar_set_int(&one, 1); + rustsecp256k1_v0_4_0_scalar_add(&msg, &msg, &one); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); } void run_ecdsa_sign_verify(void) { @@ -4359,9 +4444,9 @@ static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); } -int is_empty_signature(const rustsecp256k1_v0_3_1_ecdsa_signature *sig) { - static const unsigned char res[sizeof(rustsecp256k1_v0_3_1_ecdsa_signature)] = {0}; - return memcmp(sig, res, sizeof(rustsecp256k1_v0_3_1_ecdsa_signature)) == 0; +int is_empty_signature(const rustsecp256k1_v0_4_0_ecdsa_signature *sig) { + static const unsigned char res[sizeof(rustsecp256k1_v0_4_0_ecdsa_signature)] = {0}; + return rustsecp256k1_v0_4_0_memcmp_var(sig, res, sizeof(rustsecp256k1_v0_4_0_ecdsa_signature)) == 0; } void test_ecdsa_end_to_end(void) { @@ -4369,191 +4454,191 @@ void test_ecdsa_end_to_end(void) { unsigned char privkey[32]; unsigned char message[32]; unsigned char privkey2[32]; - rustsecp256k1_v0_3_1_ecdsa_signature signature[6]; - rustsecp256k1_v0_3_1_scalar r, s; + rustsecp256k1_v0_4_0_ecdsa_signature signature[6]; + rustsecp256k1_v0_4_0_scalar r, s; unsigned char sig[74]; size_t siglen = 74; unsigned char pubkeyc[65]; size_t pubkeyclen = 65; - rustsecp256k1_v0_3_1_pubkey pubkey; - rustsecp256k1_v0_3_1_pubkey pubkey_tmp; + rustsecp256k1_v0_4_0_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey pubkey_tmp; unsigned char seckey[300]; size_t seckeylen = 300; /* Generate a random key and message. */ { - rustsecp256k1_v0_3_1_scalar msg, key; + rustsecp256k1_v0_4_0_scalar msg, key; random_scalar_order_test(&msg); random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_scalar_get_b32(privkey, &key); - rustsecp256k1_v0_3_1_scalar_get_b32(message, &msg); + rustsecp256k1_v0_4_0_scalar_get_b32(privkey, &key); + rustsecp256k1_v0_4_0_scalar_get_b32(message, &msg); } /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, privkey) == 1); /* Verify exporting and importing public key. */ - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, rustsecp256k1_v0_3_1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, rustsecp256k1_v0_4_0_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); memset(&pubkey, 0, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); /* Verify negation changes the key and changes it back */ memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); - CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); - CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); /* Verify private key import and export. */ - CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, rustsecp256k1_v0_3_1_testrand_bits(1) == 1)); + CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, rustsecp256k1_v0_4_0_testrand_bits(1) == 1)); CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); - CHECK(memcmp(privkey, privkey2, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(privkey, privkey2, 32) == 0); /* Optionally tweak the keys using addition. */ - if (rustsecp256k1_v0_3_1_testrand_int(3) == 0) { + if (rustsecp256k1_v0_4_0_testrand_int(3) == 0) { int ret1; int ret2; int ret3; unsigned char rnd[32]; unsigned char privkey_tmp[32]; - rustsecp256k1_v0_3_1_pubkey pubkey2; - rustsecp256k1_v0_3_1_testrand256_test(rnd); + rustsecp256k1_v0_4_0_pubkey pubkey2; + rustsecp256k1_v0_4_0_testrand256_test(rnd); memcpy(privkey_tmp, privkey, 32); - ret1 = rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, privkey, rnd); - ret2 = rustsecp256k1_v0_3_1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); + ret1 = rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, privkey, rnd); + ret2 = rustsecp256k1_v0_4_0_ec_pubkey_tweak_add(ctx, &pubkey, rnd); /* Check that privkey alias gives same result */ - ret3 = rustsecp256k1_v0_3_1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); + ret3 = rustsecp256k1_v0_4_0_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); CHECK(ret1 == ret2); CHECK(ret2 == ret3); if (ret1 == 0) { return; } - CHECK(memcmp(privkey, privkey_tmp, 32) == 0); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(privkey, privkey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } /* Optionally tweak the keys using multiplication. */ - if (rustsecp256k1_v0_3_1_testrand_int(3) == 0) { + if (rustsecp256k1_v0_4_0_testrand_int(3) == 0) { int ret1; int ret2; int ret3; unsigned char rnd[32]; unsigned char privkey_tmp[32]; - rustsecp256k1_v0_3_1_pubkey pubkey2; - rustsecp256k1_v0_3_1_testrand256_test(rnd); + rustsecp256k1_v0_4_0_pubkey pubkey2; + rustsecp256k1_v0_4_0_testrand256_test(rnd); memcpy(privkey_tmp, privkey, 32); - ret1 = rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, privkey, rnd); - ret2 = rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); + ret1 = rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, privkey, rnd); + ret2 = rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); /* Check that privkey alias gives same result */ - ret3 = rustsecp256k1_v0_3_1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); + ret3 = rustsecp256k1_v0_4_0_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); CHECK(ret1 == ret2); CHECK(ret2 == ret3); if (ret1 == 0) { return; } - CHECK(memcmp(privkey, privkey_tmp, 32) == 0); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); - CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(privkey, privkey_tmp, 32) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } /* Sign. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); - CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); - CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); - CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[0], &signature[3], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[1], &signature[2], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0); /* Verify. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); /* Test lower-S form, malleate, verify and fail, test again, malleate again */ - CHECK(!rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); - rustsecp256k1_v0_3_1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); - rustsecp256k1_v0_3_1_scalar_negate(&s, &s); - rustsecp256k1_v0_3_1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); - CHECK(memcmp(&signature[5], &signature[0], 64) == 0); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, NULL, &signature[0])); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, &signature[0]); + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + rustsecp256k1_v0_4_0_scalar_negate(&s, &s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, NULL, &signature[5])); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&signature[5], &signature[0], 64) == 0); /* Serialize/parse DER and verify again */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); memset(&signature[0], 0, sizeof(signature[0])); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); /* Serialize/destroy/parse DER and verify again. */ siglen = 74; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); - sig[rustsecp256k1_v0_3_1_testrand_int(siglen)] += 1 + rustsecp256k1_v0_3_1_testrand_int(255); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || - rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + sig[rustsecp256k1_v0_4_0_testrand_int(siglen)] += 1 + rustsecp256k1_v0_4_0_testrand_int(255); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || + rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); } void test_random_pubkeys(void) { - rustsecp256k1_v0_3_1_ge elem; - rustsecp256k1_v0_3_1_ge elem2; + rustsecp256k1_v0_4_0_ge elem; + rustsecp256k1_v0_4_0_ge elem2; unsigned char in[65]; /* Generate some randomly sized pubkeys. */ - size_t len = rustsecp256k1_v0_3_1_testrand_bits(2) == 0 ? 65 : 33; - if (rustsecp256k1_v0_3_1_testrand_bits(2) == 0) { - len = rustsecp256k1_v0_3_1_testrand_bits(6); + size_t len = rustsecp256k1_v0_4_0_testrand_bits(2) == 0 ? 65 : 33; + if (rustsecp256k1_v0_4_0_testrand_bits(2) == 0) { + len = rustsecp256k1_v0_4_0_testrand_bits(6); } if (len == 65) { - in[0] = rustsecp256k1_v0_3_1_testrand_bits(1) ? 4 : (rustsecp256k1_v0_3_1_testrand_bits(1) ? 6 : 7); + in[0] = rustsecp256k1_v0_4_0_testrand_bits(1) ? 4 : (rustsecp256k1_v0_4_0_testrand_bits(1) ? 6 : 7); } else { - in[0] = rustsecp256k1_v0_3_1_testrand_bits(1) ? 2 : 3; + in[0] = rustsecp256k1_v0_4_0_testrand_bits(1) ? 2 : 3; } - if (rustsecp256k1_v0_3_1_testrand_bits(3) == 0) { - in[0] = rustsecp256k1_v0_3_1_testrand_bits(8); + if (rustsecp256k1_v0_4_0_testrand_bits(3) == 0) { + in[0] = rustsecp256k1_v0_4_0_testrand_bits(8); } if (len > 1) { - rustsecp256k1_v0_3_1_testrand256(&in[1]); + rustsecp256k1_v0_4_0_testrand256(&in[1]); } if (len > 33) { - rustsecp256k1_v0_3_1_testrand256(&in[33]); + rustsecp256k1_v0_4_0_testrand256(&in[33]); } - if (rustsecp256k1_v0_3_1_eckey_pubkey_parse(&elem, in, len)) { + if (rustsecp256k1_v0_4_0_eckey_pubkey_parse(&elem, in, len)) { unsigned char out[65]; unsigned char firstb; int res; size_t size = len; firstb = in[0]; /* If the pubkey can be parsed, it should round-trip... */ - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&elem, out, &size, len == 33)); CHECK(size == len); - CHECK(memcmp(&in[1], &out[1], len-1) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&in[1], &out[1], len-1) == 0); /* ... except for the type of hybrid inputs. */ if ((in[0] != 6) && (in[0] != 7)) { CHECK(in[0] == out[0]); } size = 65; - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&elem, in, &size, 0)); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&elem, in, &size, 0)); CHECK(size == 65); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&elem2, in, size)); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&elem2, in, size)); ge_equals_ge(&elem,&elem2); /* Check that the X9.62 hybrid type is checked. */ - in[0] = rustsecp256k1_v0_3_1_testrand_bits(1) ? 6 : 7; - res = rustsecp256k1_v0_3_1_eckey_pubkey_parse(&elem2, in, size); + in[0] = rustsecp256k1_v0_4_0_testrand_bits(1) ? 6 : 7; + res = rustsecp256k1_v0_4_0_eckey_pubkey_parse(&elem2, in, size); if (firstb == 2 || firstb == 3) { if (in[0] == firstb + 4) { CHECK(res); @@ -4563,8 +4648,8 @@ void test_random_pubkeys(void) { } if (res) { ge_equals_ge(&elem,&elem2); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_serialize(&elem, out, &size, 0)); - CHECK(memcmp(&in[1], &out[1], 64) == 0); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_serialize(&elem, out, &size, 0)); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&in[1], &out[1], 64) == 0); } } } @@ -4596,13 +4681,13 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ int ret = 0; - rustsecp256k1_v0_3_1_ecdsa_signature sig_der; + rustsecp256k1_v0_4_0_ecdsa_signature sig_der; unsigned char roundtrip_der[2048]; unsigned char compact_der[64]; size_t len_der = 2048; int parsed_der = 0, valid_der = 0, roundtrips_der = 0; - rustsecp256k1_v0_3_1_ecdsa_signature sig_der_lax; + rustsecp256k1_v0_4_0_ecdsa_signature sig_der_lax; unsigned char roundtrip_der_lax[2048]; unsigned char compact_der_lax[64]; size_t len_der_lax = 2048; @@ -4617,24 +4702,24 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; #endif - parsed_der = rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); + parsed_der = rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); if (parsed_der) { - ret |= (!rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; - valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); + ret |= (!rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; + valid_der = (rustsecp256k1_v0_4_0_memcmp_var(compact_der, zeroes, 32) != 0) && (rustsecp256k1_v0_4_0_memcmp_var(compact_der + 32, zeroes, 32) != 0); } if (valid_der) { - ret |= (!rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; - roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; + ret |= (!rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; + roundtrips_der = (len_der == siglen) && rustsecp256k1_v0_4_0_memcmp_var(roundtrip_der, sig, siglen) == 0; } - parsed_der_lax = rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); + parsed_der_lax = rustsecp256k1_v0_4_0_ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); if (parsed_der_lax) { - ret |= (!rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; - valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); + ret |= (!rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; + valid_der_lax = (rustsecp256k1_v0_4_0_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (rustsecp256k1_v0_4_0_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0); } if (valid_der_lax) { - ret |= (!rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; - roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; + ret |= (!rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; + roundtrips_der_lax = (len_der_lax == siglen) && rustsecp256k1_v0_4_0_memcmp_var(roundtrip_der_lax, sig, siglen) == 0; } if (certainly_der) { @@ -4650,7 +4735,7 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ if (valid_der) { ret |= (!roundtrips_der_lax) << 12; ret |= (len_der != len_der_lax) << 13; - ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; + ret |= ((len_der != len_der_lax) || (rustsecp256k1_v0_4_0_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; } ret |= (roundtrips_der != roundtrips_der_lax) << 15; if (parsed_der) { @@ -4667,19 +4752,19 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ if (valid_openssl) { unsigned char tmp[32] = {0}; BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); - valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + valid_openssl = rustsecp256k1_v0_4_0_memcmp_var(tmp, max_scalar, 32) < 0; } if (valid_openssl) { unsigned char tmp[32] = {0}; BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); - valid_openssl = memcmp(tmp, max_scalar, 32) < 0; + valid_openssl = rustsecp256k1_v0_4_0_memcmp_var(tmp, max_scalar, 32) < 0; } } len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); if (len_openssl <= 2048) { unsigned char *ptr = roundtrip_openssl; CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); - roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); + roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (rustsecp256k1_v0_4_0_memcmp_var(roundtrip_openssl, sig, siglen) == 0); } else { len_openssl = 0; } @@ -4691,7 +4776,7 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ ret |= (roundtrips_der != roundtrips_openssl) << 7; if (roundtrips_openssl) { ret |= (len_der != (size_t)len_openssl) << 8; - ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; + ret |= ((len_der != (size_t)len_openssl) || (rustsecp256k1_v0_4_0_memcmp_var(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; } #endif return ret; @@ -4711,27 +4796,27 @@ static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { static void damage_array(unsigned char *sig, size_t *len) { int pos; - int action = rustsecp256k1_v0_3_1_testrand_bits(3); + int action = rustsecp256k1_v0_4_0_testrand_bits(3); if (action < 1 && *len > 3) { /* Delete a byte. */ - pos = rustsecp256k1_v0_3_1_testrand_int(*len); + pos = rustsecp256k1_v0_4_0_testrand_int(*len); memmove(sig + pos, sig + pos + 1, *len - pos - 1); (*len)--; return; } else if (action < 2 && *len < 2048) { /* Insert a byte. */ - pos = rustsecp256k1_v0_3_1_testrand_int(1 + *len); + pos = rustsecp256k1_v0_4_0_testrand_int(1 + *len); memmove(sig + pos + 1, sig + pos, *len - pos); - sig[pos] = rustsecp256k1_v0_3_1_testrand_bits(8); + sig[pos] = rustsecp256k1_v0_4_0_testrand_bits(8); (*len)++; return; } else if (action < 4) { /* Modify a byte. */ - sig[rustsecp256k1_v0_3_1_testrand_int(*len)] += 1 + rustsecp256k1_v0_3_1_testrand_int(255); + sig[rustsecp256k1_v0_4_0_testrand_int(*len)] += 1 + rustsecp256k1_v0_4_0_testrand_int(255); return; } else { /* action < 8 */ /* Modify a bit. */ - sig[rustsecp256k1_v0_3_1_testrand_int(*len)] ^= 1 << rustsecp256k1_v0_3_1_testrand_bits(3); + sig[rustsecp256k1_v0_4_0_testrand_int(*len)] ^= 1 << rustsecp256k1_v0_4_0_testrand_bits(3); return; } } @@ -4744,23 +4829,23 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly int n; *len = 0; - der = rustsecp256k1_v0_3_1_testrand_bits(2) == 0; + der = rustsecp256k1_v0_4_0_testrand_bits(2) == 0; *certainly_der = der; *certainly_not_der = 0; - indet = der ? 0 : rustsecp256k1_v0_3_1_testrand_int(10) == 0; + indet = der ? 0 : rustsecp256k1_v0_4_0_testrand_int(10) == 0; for (n = 0; n < 2; n++) { /* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ - nlow[n] = der ? 1 : (rustsecp256k1_v0_3_1_testrand_bits(3) != 0); + nlow[n] = der ? 1 : (rustsecp256k1_v0_4_0_testrand_bits(3) != 0); /* The length of the number in bytes (the first byte of which will always be nonzero) */ - nlen[n] = nlow[n] ? rustsecp256k1_v0_3_1_testrand_int(33) : 32 + rustsecp256k1_v0_3_1_testrand_int(200) * rustsecp256k1_v0_3_1_testrand_int(8) / 8; + nlen[n] = nlow[n] ? rustsecp256k1_v0_4_0_testrand_int(33) : 32 + rustsecp256k1_v0_4_0_testrand_int(200) * rustsecp256k1_v0_4_0_testrand_int(8) / 8; CHECK(nlen[n] <= 232); /* The top bit of the number. */ - nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : rustsecp256k1_v0_3_1_testrand_bits(1)); + nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : rustsecp256k1_v0_4_0_testrand_bits(1)); /* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ - nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + rustsecp256k1_v0_3_1_testrand_bits(7) : 1 + rustsecp256k1_v0_3_1_testrand_int(127)); + nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + rustsecp256k1_v0_4_0_testrand_bits(7) : 1 + rustsecp256k1_v0_4_0_testrand_int(127)); /* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ - nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? rustsecp256k1_v0_3_1_testrand_int(3) : rustsecp256k1_v0_3_1_testrand_int(300 - nlen[n]) * rustsecp256k1_v0_3_1_testrand_int(8) / 8); + nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? rustsecp256k1_v0_4_0_testrand_int(3) : rustsecp256k1_v0_4_0_testrand_int(300 - nlen[n]) * rustsecp256k1_v0_4_0_testrand_int(8) / 8); if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { *certainly_not_der = 1; } @@ -4769,7 +4854,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); if (!der) { /* nlenlen[n] max 127 bytes */ - int add = rustsecp256k1_v0_3_1_testrand_int(127 - nlenlen[n]) * rustsecp256k1_v0_3_1_testrand_int(16) * rustsecp256k1_v0_3_1_testrand_int(16) / 256; + int add = rustsecp256k1_v0_4_0_testrand_int(127 - nlenlen[n]) * rustsecp256k1_v0_4_0_testrand_int(16) * rustsecp256k1_v0_4_0_testrand_int(16) / 256; nlenlen[n] += add; if (add != 0) { *certainly_not_der = 1; @@ -4783,7 +4868,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly CHECK(tlen <= 856); /* The length of the garbage inside the tuple. */ - elen = (der || indet) ? 0 : rustsecp256k1_v0_3_1_testrand_int(980 - tlen) * rustsecp256k1_v0_3_1_testrand_int(8) / 8; + elen = (der || indet) ? 0 : rustsecp256k1_v0_4_0_testrand_int(980 - tlen) * rustsecp256k1_v0_4_0_testrand_int(8) / 8; if (elen != 0) { *certainly_not_der = 1; } @@ -4791,7 +4876,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly CHECK(tlen <= 980); /* The length of the garbage after the end of the tuple. */ - glen = der ? 0 : rustsecp256k1_v0_3_1_testrand_int(990 - tlen) * rustsecp256k1_v0_3_1_testrand_int(8) / 8; + glen = der ? 0 : rustsecp256k1_v0_4_0_testrand_int(990 - tlen) * rustsecp256k1_v0_4_0_testrand_int(8) / 8; if (glen != 0) { *certainly_not_der = 1; } @@ -4806,7 +4891,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly } else { int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); if (!der) { - int add = rustsecp256k1_v0_3_1_testrand_int(127 - tlenlen) * rustsecp256k1_v0_3_1_testrand_int(16) * rustsecp256k1_v0_3_1_testrand_int(16) / 256; + int add = rustsecp256k1_v0_4_0_testrand_int(127 - tlenlen) * rustsecp256k1_v0_4_0_testrand_int(16) * rustsecp256k1_v0_4_0_testrand_int(16) / 256; tlenlen += add; if (add != 0) { *certainly_not_der = 1; @@ -4857,13 +4942,13 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly nlen[n]--; } /* Generate remaining random bytes of number */ - rustsecp256k1_v0_3_1_testrand_bytes_test(sig + *len, nlen[n]); + rustsecp256k1_v0_4_0_testrand_bytes_test(sig + *len, nlen[n]); *len += nlen[n]; nlen[n] = 0; } /* Generate random garbage inside tuple. */ - rustsecp256k1_v0_3_1_testrand_bytes_test(sig + *len, elen); + rustsecp256k1_v0_4_0_testrand_bytes_test(sig + *len, elen); *len += elen; /* Generate end-of-contents bytes. */ @@ -4875,7 +4960,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly CHECK(tlen + glen <= 1121); /* Generate random garbage outside tuple. */ - rustsecp256k1_v0_3_1_testrand_bytes_test(sig + *len, glen); + rustsecp256k1_v0_4_0_testrand_bytes_test(sig + *len, glen); *len += glen; tlen += glen; CHECK(tlen <= 1121); @@ -4916,22 +5001,22 @@ void run_ecdsa_der_parse(void) { /* Tests several edge cases. */ void test_ecdsa_edge_cases(void) { int t; - rustsecp256k1_v0_3_1_ecdsa_signature sig; + rustsecp256k1_v0_4_0_ecdsa_signature sig; /* Test the case where ECDSA recomputes a point that is infinity. */ { - rustsecp256k1_v0_3_1_gej keyj; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 1); - rustsecp256k1_v0_3_1_scalar_negate(&ss, &ss); - rustsecp256k1_v0_3_1_scalar_inverse(&ss, &ss); - rustsecp256k1_v0_3_1_scalar_set_int(&sr, 1); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); - rustsecp256k1_v0_3_1_ge_set_gej(&key, &keyj); + rustsecp256k1_v0_4_0_gej keyj; + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 1); + rustsecp256k1_v0_4_0_scalar_negate(&ss, &ss); + rustsecp256k1_v0_4_0_scalar_inverse(&ss, &ss); + rustsecp256k1_v0_4_0_scalar_set_int(&sr, 1); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); + rustsecp256k1_v0_4_0_ge_set_gej(&key, &keyj); msg = ss; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); } /* Verify signature with r of zero fails. */ @@ -4943,14 +5028,14 @@ void test_ecdsa_edge_cases(void) { 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 }; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 1); - rustsecp256k1_v0_3_1_scalar_set_int(&msg, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&sr, 0); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 1); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&sr, 0); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); } /* Verify signature with s of zero fails. */ @@ -4962,14 +5047,14 @@ void test_ecdsa_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&msg, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&sr, 1); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&sr, 1); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); } /* Verify signature with message 0 passes. */ @@ -4988,23 +5073,23 @@ void test_ecdsa_edge_cases(void) { 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x43 }; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_ge key2; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 2); - rustsecp256k1_v0_3_1_scalar_set_int(&msg, 0); - rustsecp256k1_v0_3_1_scalar_set_int(&sr, 2); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_ge key2; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 2); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, 0); + rustsecp256k1_v0_4_0_scalar_set_int(&sr, 2); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_negate(&ss, &ss); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); } /* Verify signature with message 1 passes. */ @@ -5029,24 +5114,24 @@ void test_ecdsa_edge_cases(void) { 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb }; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_ge key2; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 1); - rustsecp256k1_v0_3_1_scalar_set_int(&msg, 1); - rustsecp256k1_v0_3_1_scalar_set_b32(&sr, csr, NULL); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 2); - rustsecp256k1_v0_3_1_scalar_inverse_var(&ss, &ss); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_ge key2; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 1); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, 1); + rustsecp256k1_v0_4_0_scalar_set_b32(&sr, csr, NULL); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_negate(&ss, &ss); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 2); + rustsecp256k1_v0_4_0_scalar_inverse_var(&ss, &ss); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key2, &msg) == 0); } /* Verify signature with message -1 passes. */ @@ -5064,25 +5149,25 @@ void test_ecdsa_edge_cases(void) { 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee }; - rustsecp256k1_v0_3_1_ge key; - rustsecp256k1_v0_3_1_scalar msg; - rustsecp256k1_v0_3_1_scalar sr, ss; - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 1); - rustsecp256k1_v0_3_1_scalar_set_int(&msg, 1); - rustsecp256k1_v0_3_1_scalar_negate(&msg, &msg); - rustsecp256k1_v0_3_1_scalar_set_b32(&sr, csr, NULL); - CHECK(rustsecp256k1_v0_3_1_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); - rustsecp256k1_v0_3_1_scalar_set_int(&ss, 3); - rustsecp256k1_v0_3_1_scalar_inverse_var(&ss, &ss); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); + rustsecp256k1_v0_4_0_ge key; + rustsecp256k1_v0_4_0_scalar msg; + rustsecp256k1_v0_4_0_scalar sr, ss; + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 1); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, 1); + rustsecp256k1_v0_4_0_scalar_negate(&msg, &msg); + rustsecp256k1_v0_4_0_scalar_set_b32(&sr, csr, NULL); + CHECK(rustsecp256k1_v0_4_0_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_negate(&ss, &ss); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 1); + rustsecp256k1_v0_4_0_scalar_set_int(&ss, 3); + rustsecp256k1_v0_4_0_scalar_inverse_var(&ss, &ss); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sr, &ss, &key, &msg) == 0); } /* Signature where s would be zero. */ { - rustsecp256k1_v0_3_1_pubkey pubkey; + rustsecp256k1_v0_4_0_pubkey pubkey; size_t siglen; int32_t ecount; unsigned char signature[72]; @@ -5111,71 +5196,71 @@ void test_ecdsa_edge_cases(void) { 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, }; ecount = 0; - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); msg[31] = 0xaa; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); CHECK(ecount == 0); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, key) == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, key) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); CHECK(ecount == 5); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg, NULL) == 0); CHECK(ecount == 6); - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); CHECK(ecount == 6); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, NULL) == 0); CHECK(ecount == 7); /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); CHECK(ecount == 8); siglen = 72; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); CHECK(ecount == 9); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); CHECK(ecount == 10); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); CHECK(ecount == 11); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); CHECK(ecount == 11); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); CHECK(ecount == 12); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); CHECK(ecount == 13); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); CHECK(ecount == 13); siglen = 10; /* Too little room for a signature does not fail via ARGCHECK. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); CHECK(ecount == 13); ecount = 0; - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); CHECK(ecount == 2); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); CHECK(ecount == 3); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); CHECK(ecount == 4); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); CHECK(ecount == 5); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); CHECK(ecount == 5); memset(signature, 255, 64); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); CHECK(ecount == 5); - rustsecp256k1_v0_3_1_context_set_illegal_callback(ctx, NULL, NULL); + rustsecp256k1_v0_4_0_context_set_illegal_callback(ctx, NULL, NULL); } /* Nonce function corner cases. */ @@ -5184,43 +5269,43 @@ void test_ecdsa_edge_cases(void) { int i; unsigned char key[32]; unsigned char msg[32]; - rustsecp256k1_v0_3_1_ecdsa_signature sig2; - rustsecp256k1_v0_3_1_scalar sr[512], ss; + rustsecp256k1_v0_4_0_ecdsa_signature sig2; + rustsecp256k1_v0_4_0_scalar sr[512], ss; const unsigned char *extra; extra = t == 0 ? NULL : zero; memset(msg, 0, 32); msg[31] = 1; /* High key results in signature failure. */ memset(key, 0xFF, 32); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Zero key results in signature failure. */ memset(key, 0, 32); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Nonce function failure results in signature failure. */ key[31] = 1; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); CHECK(is_empty_signature(&sig)); /* The retry loop successfully makes its way to the first good value. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); CHECK(!is_empty_signature(&sig)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); CHECK(!is_empty_signature(&sig2)); - CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function is deterministic. */ - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function changes output with different messages. */ for(i = 0; i < 256; i++) { int j; msg[0] = i; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { - CHECK(!rustsecp256k1_v0_3_1_scalar_eq(&sr[i], &sr[j])); + CHECK(!rustsecp256k1_v0_4_0_scalar_eq(&sr[i], &sr[j])); } } msg[0] = 0; @@ -5229,11 +5314,11 @@ void test_ecdsa_edge_cases(void) { for(i = 256; i < 512; i++) { int j; key[0] = i - 256; - CHECK(rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { - CHECK(!rustsecp256k1_v0_3_1_scalar_eq(&sr[i], &sr[j])); + CHECK(!rustsecp256k1_v0_4_0_scalar_eq(&sr[i], &sr[j])); } } key[0] = 0; @@ -5258,12 +5343,12 @@ void test_ecdsa_edge_cases(void) { VG_CHECK(nonce3,32); CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); VG_CHECK(nonce4,32); - CHECK(memcmp(nonce, nonce2, 32) != 0); - CHECK(memcmp(nonce, nonce3, 32) != 0); - CHECK(memcmp(nonce, nonce4, 32) != 0); - CHECK(memcmp(nonce2, nonce3, 32) != 0); - CHECK(memcmp(nonce2, nonce4, 32) != 0); - CHECK(memcmp(nonce3, nonce4, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce, nonce2, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce, nonce3, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce, nonce4, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce2, nonce3, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce2, nonce4, 32) != 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(nonce3, nonce4, 32) != 0); } @@ -5292,7 +5377,7 @@ EC_KEY *get_openssl_key(const unsigned char *key32) { unsigned char privkey[300]; size_t privkeylen; const unsigned char* pbegin = privkey; - int compr = rustsecp256k1_v0_3_1_testrand_bits(1); + int compr = rustsecp256k1_v0_4_0_testrand_bits(1); EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); @@ -5301,35 +5386,35 @@ EC_KEY *get_openssl_key(const unsigned char *key32) { } void test_ecdsa_openssl(void) { - rustsecp256k1_v0_3_1_gej qj; - rustsecp256k1_v0_3_1_ge q; - rustsecp256k1_v0_3_1_scalar sigr, sigs; - rustsecp256k1_v0_3_1_scalar one; - rustsecp256k1_v0_3_1_scalar msg2; - rustsecp256k1_v0_3_1_scalar key, msg; + rustsecp256k1_v0_4_0_gej qj; + rustsecp256k1_v0_4_0_ge q; + rustsecp256k1_v0_4_0_scalar sigr, sigs; + rustsecp256k1_v0_4_0_scalar one; + rustsecp256k1_v0_4_0_scalar msg2; + rustsecp256k1_v0_4_0_scalar key, msg; EC_KEY *ec_key; unsigned int sigsize = 80; size_t secp_sigsize = 80; unsigned char message[32]; unsigned char signature[80]; unsigned char key32[32]; - rustsecp256k1_v0_3_1_testrand256_test(message); - rustsecp256k1_v0_3_1_scalar_set_b32(&msg, message, NULL); + rustsecp256k1_v0_4_0_testrand256_test(message); + rustsecp256k1_v0_4_0_scalar_set_b32(&msg, message, NULL); random_scalar_order_test(&key); - rustsecp256k1_v0_3_1_scalar_get_b32(key32, &key); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); - rustsecp256k1_v0_3_1_ge_set_gej(&q, &qj); + rustsecp256k1_v0_4_0_scalar_get_b32(key32, &key); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); + rustsecp256k1_v0_4_0_ge_set_gej(&q, &qj); ec_key = get_openssl_key(key32); CHECK(ec_key != NULL); CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); - rustsecp256k1_v0_3_1_scalar_set_int(&one, 1); - rustsecp256k1_v0_3_1_scalar_add(&msg2, &msg, &one); - CHECK(!rustsecp256k1_v0_3_1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg)); + rustsecp256k1_v0_4_0_scalar_set_int(&one, 1); + rustsecp256k1_v0_4_0_scalar_add(&msg2, &msg, &one); + CHECK(!rustsecp256k1_v0_4_0_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &q, &msg2)); random_sign(&sigr, &sigs, &key, &msg, NULL); - CHECK(rustsecp256k1_v0_3_1_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_sig_serialize(signature, &secp_sigsize, &sigr, &sigs)); CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); EC_KEY_free(ec_key); @@ -5359,166 +5444,166 @@ void run_ecdsa_openssl(void) { # include "modules/schnorrsig/tests_impl.h" #endif -void run_memczero_test(void) { +void run_rustsecp256k1_v0_4_0_memczero_test(void) { unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; unsigned char buf2[sizeof(buf1)]; - /* memczero(..., ..., 0) is a noop. */ + /* rustsecp256k1_v0_4_0_memczero(..., ..., 0) is a noop. */ memcpy(buf2, buf1, sizeof(buf1)); - memczero(buf1, sizeof(buf1), 0); - CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); + rustsecp256k1_v0_4_0_memczero(buf1, sizeof(buf1), 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); - /* memczero(..., ..., 1) zeros the buffer. */ + /* rustsecp256k1_v0_4_0_memczero(..., ..., 1) zeros the buffer. */ memset(buf2, 0, sizeof(buf2)); - memczero(buf1, sizeof(buf1) , 1); - CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); + rustsecp256k1_v0_4_0_memczero(buf1, sizeof(buf1) , 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); } void int_cmov_test(void) { int r = INT_MAX; int a = 0; - rustsecp256k1_v0_3_1_int_cmov(&r, &a, 0); + rustsecp256k1_v0_4_0_int_cmov(&r, &a, 0); CHECK(r == INT_MAX); r = 0; a = INT_MAX; - rustsecp256k1_v0_3_1_int_cmov(&r, &a, 1); + rustsecp256k1_v0_4_0_int_cmov(&r, &a, 1); CHECK(r == INT_MAX); a = 0; - rustsecp256k1_v0_3_1_int_cmov(&r, &a, 1); + rustsecp256k1_v0_4_0_int_cmov(&r, &a, 1); CHECK(r == 0); a = 1; - rustsecp256k1_v0_3_1_int_cmov(&r, &a, 1); + rustsecp256k1_v0_4_0_int_cmov(&r, &a, 1); CHECK(r == 1); r = 1; a = 0; - rustsecp256k1_v0_3_1_int_cmov(&r, &a, 0); + rustsecp256k1_v0_4_0_int_cmov(&r, &a, 0); CHECK(r == 1); } void fe_cmov_test(void) { - static const rustsecp256k1_v0_3_1_fe zero = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_3_1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_3_1_fe max = SECP256K1_FE_CONST( + static const rustsecp256k1_v0_4_0_fe zero = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const rustsecp256k1_v0_4_0_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const rustsecp256k1_v0_4_0_fe max = SECP256K1_FE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_3_1_fe r = max; - rustsecp256k1_v0_3_1_fe a = zero; + rustsecp256k1_v0_4_0_fe r = max; + rustsecp256k1_v0_4_0_fe a = zero; - rustsecp256k1_v0_3_1_fe_cmov(&r, &a, 0); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_3_1_fe_cmov(&r, &a, 1); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_3_1_fe_cmov(&r, &a, 1); - CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_3_1_fe_cmov(&r, &a, 1); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_3_1_fe_cmov(&r, &a, 0); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); } void fe_storage_cmov_test(void) { - static const rustsecp256k1_v0_3_1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_3_1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_3_1_fe_storage max = SECP256K1_FE_STORAGE_CONST( + static const rustsecp256k1_v0_4_0_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const rustsecp256k1_v0_4_0_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const rustsecp256k1_v0_4_0_fe_storage max = SECP256K1_FE_STORAGE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_3_1_fe_storage r = max; - rustsecp256k1_v0_3_1_fe_storage a = zero; + rustsecp256k1_v0_4_0_fe_storage r = max; + rustsecp256k1_v0_4_0_fe_storage a = zero; - rustsecp256k1_v0_3_1_fe_storage_cmov(&r, &a, 0); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_3_1_fe_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_3_1_fe_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_3_1_fe_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_3_1_fe_storage_cmov(&r, &a, 0); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_fe_storage_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); } void scalar_cmov_test(void) { - static const rustsecp256k1_v0_3_1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_3_1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_3_1_scalar max = SECP256K1_SCALAR_CONST( + static const rustsecp256k1_v0_4_0_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const rustsecp256k1_v0_4_0_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const rustsecp256k1_v0_4_0_scalar max = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_3_1_scalar r = max; - rustsecp256k1_v0_3_1_scalar a = zero; + rustsecp256k1_v0_4_0_scalar r = max; + rustsecp256k1_v0_4_0_scalar a = zero; - rustsecp256k1_v0_3_1_scalar_cmov(&r, &a, 0); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_scalar_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_3_1_scalar_cmov(&r, &a, 1); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_scalar_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_3_1_scalar_cmov(&r, &a, 1); - CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_scalar_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_3_1_scalar_cmov(&r, &a, 1); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_scalar_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_3_1_scalar_cmov(&r, &a, 0); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_scalar_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); } void ge_storage_cmov_test(void) { - static const rustsecp256k1_v0_3_1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_3_1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_3_1_ge_storage max = SECP256K1_GE_STORAGE_CONST( + static const rustsecp256k1_v0_4_0_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + static const rustsecp256k1_v0_4_0_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); + static const rustsecp256k1_v0_4_0_ge_storage max = SECP256K1_GE_STORAGE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_3_1_ge_storage r = max; - rustsecp256k1_v0_3_1_ge_storage a = zero; + rustsecp256k1_v0_4_0_ge_storage r = max; + rustsecp256k1_v0_4_0_ge_storage a = zero; - rustsecp256k1_v0_3_1_ge_storage_cmov(&r, &a, 0); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_ge_storage_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_3_1_ge_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &max, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_ge_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_3_1_ge_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &zero, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_ge_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_3_1_ge_storage_cmov(&r, &a, 1); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_ge_storage_cmov(&r, &a, 1); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_3_1_ge_storage_cmov(&r, &a, 0); - CHECK(memcmp(&r, &one, sizeof(r)) == 0); + rustsecp256k1_v0_4_0_ge_storage_cmov(&r, &a, 0); + CHECK(rustsecp256k1_v0_4_0_memcmp_var(&r, &one, sizeof(r)) == 0); } void run_cmov_tests(void) { @@ -5541,21 +5626,30 @@ int main(int argc, char **argv) { /* find iteration count */ if (argc > 1) { count = strtol(argv[1], NULL, 0); + } else { + const char* env = getenv("SECP256K1_TEST_ITERS"); + if (env) { + count = strtol(env, NULL, 0); + } + } + if (count <= 0) { + fputs("An iteration count of 0 or less is not allowed.\n", stderr); + return EXIT_FAILURE; } printf("test count = %i\n", count); /* find random seed */ - rustsecp256k1_v0_3_1_testrand_init(argc > 2 ? argv[2] : NULL); + rustsecp256k1_v0_4_0_testrand_init(argc > 2 ? argv[2] : NULL); /* initialize */ run_context_tests(0); run_context_tests(1); run_scratch_tests(); - ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - if (rustsecp256k1_v0_3_1_testrand_bits(1)) { + ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + if (rustsecp256k1_v0_4_0_testrand_bits(1)) { unsigned char rand32[32]; - rustsecp256k1_v0_3_1_testrand256(rand32); - CHECK(rustsecp256k1_v0_3_1_context_randomize(ctx, rustsecp256k1_v0_3_1_testrand_bits(1) ? rand32 : NULL)); + rustsecp256k1_v0_4_0_testrand256(rand32); + CHECK(rustsecp256k1_v0_4_0_context_randomize(ctx, rustsecp256k1_v0_4_0_testrand_bits(1) ? rand32 : NULL)); } run_rand_bits(); @@ -5589,6 +5683,7 @@ int main(int argc, char **argv) { /* ecmult tests */ run_wnaf(); run_point_times_order(); + run_ecmult_near_split_bound(); run_ecmult_chain(); run_ecmult_constants(); run_ecmult_gen_blind(); @@ -5597,9 +5692,7 @@ int main(int argc, char **argv) { run_ec_combine(); /* endomorphism tests */ -#ifdef USE_ENDOMORPHISM run_endomorphism_tests(); -#endif /* EC point parser test */ run_ec_pubkey_parse_test(); @@ -5639,14 +5732,14 @@ int main(int argc, char **argv) { #endif /* util tests */ - run_memczero_test(); + run_rustsecp256k1_v0_4_0_memczero_test(); run_cmov_tests(); - rustsecp256k1_v0_3_1_testrand_finish(); + rustsecp256k1_v0_4_0_testrand_finish(); /* shutdown */ - rustsecp256k1_v0_3_1_context_destroy(ctx); + rustsecp256k1_v0_4_0_context_destroy(ctx); printf("no problems found\n"); return 0; diff --git a/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c b/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c index 8d4757a80..8030b7d49 100644 --- a/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c +++ b/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c @@ -1,8 +1,8 @@ /*********************************************************************** - * Copyright (c) 2016 Andrew Poelstra * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ + * Copyright (c) 2016 Andrew Poelstra * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #if defined HAVE_CONFIG_H #include "libsecp256k1-config.h" @@ -29,37 +29,37 @@ static int count = 2; /** stolen from tests.c */ -void ge_equals_ge(const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_ge *b) { +void ge_equals_ge(const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_ge *b) { CHECK(a->infinity == b->infinity); if (a->infinity) { return; } - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&a->x, &b->x)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&a->y, &b->y)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&a->x, &b->x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&a->y, &b->y)); } -void ge_equals_gej(const rustsecp256k1_v0_3_1_ge *a, const rustsecp256k1_v0_3_1_gej *b) { - rustsecp256k1_v0_3_1_fe z2s; - rustsecp256k1_v0_3_1_fe u1, u2, s1, s2; +void ge_equals_gej(const rustsecp256k1_v0_4_0_ge *a, const rustsecp256k1_v0_4_0_gej *b) { + rustsecp256k1_v0_4_0_fe z2s; + rustsecp256k1_v0_4_0_fe u1, u2, s1, s2; CHECK(a->infinity == b->infinity); if (a->infinity) { return; } /* Check a.x * b.z^2 == b.x && a.y * b.z^3 == b.y, to avoid inverses. */ - rustsecp256k1_v0_3_1_fe_sqr(&z2s, &b->z); - rustsecp256k1_v0_3_1_fe_mul(&u1, &a->x, &z2s); - u2 = b->x; rustsecp256k1_v0_3_1_fe_normalize_weak(&u2); - rustsecp256k1_v0_3_1_fe_mul(&s1, &a->y, &z2s); rustsecp256k1_v0_3_1_fe_mul(&s1, &s1, &b->z); - s2 = b->y; rustsecp256k1_v0_3_1_fe_normalize_weak(&s2); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&u1, &u2)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&s1, &s2)); + rustsecp256k1_v0_4_0_fe_sqr(&z2s, &b->z); + rustsecp256k1_v0_4_0_fe_mul(&u1, &a->x, &z2s); + u2 = b->x; rustsecp256k1_v0_4_0_fe_normalize_weak(&u2); + rustsecp256k1_v0_4_0_fe_mul(&s1, &a->y, &z2s); rustsecp256k1_v0_4_0_fe_mul(&s1, &s1, &b->z); + s2 = b->y; rustsecp256k1_v0_4_0_fe_normalize_weak(&s2); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&u1, &u2)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&s1, &s2)); } -void random_fe(rustsecp256k1_v0_3_1_fe *x) { +void random_fe(rustsecp256k1_v0_4_0_fe *x) { unsigned char bin[32]; do { - rustsecp256k1_v0_3_1_testrand256(bin); - if (rustsecp256k1_v0_3_1_fe_set_b32(x, bin)) { + rustsecp256k1_v0_4_0_testrand256(bin); + if (rustsecp256k1_v0_4_0_fe_set_b32(x, bin)) { return; } } while(1); @@ -75,10 +75,10 @@ SECP256K1_INLINE static int skip_section(uint64_t* iter) { return ((((uint32_t)*iter ^ (*iter >> 32)) * num_cores) >> 32) != this_core; } -int rustsecp256k1_v0_3_1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, +int rustsecp256k1_v0_4_0_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt) { - rustsecp256k1_v0_3_1_scalar s; + rustsecp256k1_v0_4_0_scalar s; int *idata = data; (void)msg32; (void)key32; @@ -90,99 +90,97 @@ int rustsecp256k1_v0_3_1_nonce_function_smallint(unsigned char *nonce32, const u if (attempt > 0) { *idata = (*idata + 1) % EXHAUSTIVE_TEST_ORDER; } - rustsecp256k1_v0_3_1_scalar_set_int(&s, *idata); - rustsecp256k1_v0_3_1_scalar_get_b32(nonce32, &s); + rustsecp256k1_v0_4_0_scalar_set_int(&s, *idata); + rustsecp256k1_v0_4_0_scalar_get_b32(nonce32, &s); return 1; } -#ifdef USE_ENDOMORPHISM -void test_exhaustive_endomorphism(const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_endomorphism(const rustsecp256k1_v0_4_0_ge *group) { int i; for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_ge res; - rustsecp256k1_v0_3_1_ge_mul_lambda(&res, &group[i]); + rustsecp256k1_v0_4_0_ge res; + rustsecp256k1_v0_4_0_ge_mul_lambda(&res, &group[i]); ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); } } -#endif -void test_exhaustive_addition(const rustsecp256k1_v0_3_1_ge *group, const rustsecp256k1_v0_3_1_gej *groupj) { +void test_exhaustive_addition(const rustsecp256k1_v0_4_0_ge *group, const rustsecp256k1_v0_4_0_gej *groupj) { int i, j; uint64_t iter = 0; /* Sanity-check (and check infinity functions) */ - CHECK(rustsecp256k1_v0_3_1_ge_is_infinity(&group[0])); - CHECK(rustsecp256k1_v0_3_1_gej_is_infinity(&groupj[0])); + CHECK(rustsecp256k1_v0_4_0_ge_is_infinity(&group[0])); + CHECK(rustsecp256k1_v0_4_0_gej_is_infinity(&groupj[0])); for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - CHECK(!rustsecp256k1_v0_3_1_ge_is_infinity(&group[i])); - CHECK(!rustsecp256k1_v0_3_1_gej_is_infinity(&groupj[i])); + CHECK(!rustsecp256k1_v0_4_0_ge_is_infinity(&group[i])); + CHECK(!rustsecp256k1_v0_4_0_gej_is_infinity(&groupj[i])); } /* Check all addition formulae */ for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { - rustsecp256k1_v0_3_1_fe fe_inv; + rustsecp256k1_v0_4_0_fe fe_inv; if (skip_section(&iter)) continue; - rustsecp256k1_v0_3_1_fe_inv(&fe_inv, &groupj[j].z); + rustsecp256k1_v0_4_0_fe_inv(&fe_inv, &groupj[j].z); for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_ge zless_gej; - rustsecp256k1_v0_3_1_gej tmp; + rustsecp256k1_v0_4_0_ge zless_gej; + rustsecp256k1_v0_4_0_gej tmp; /* add_var */ - rustsecp256k1_v0_3_1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); + rustsecp256k1_v0_4_0_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); /* add_ge */ if (j > 0) { - rustsecp256k1_v0_3_1_gej_add_ge(&tmp, &groupj[i], &group[j]); + rustsecp256k1_v0_4_0_gej_add_ge(&tmp, &groupj[i], &group[j]); ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); } /* add_ge_var */ - rustsecp256k1_v0_3_1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); + rustsecp256k1_v0_4_0_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); /* add_zinv_var */ zless_gej.infinity = groupj[j].infinity; zless_gej.x = groupj[j].x; zless_gej.y = groupj[j].y; - rustsecp256k1_v0_3_1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); + rustsecp256k1_v0_4_0_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); } } /* Check doubling */ for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_gej tmp; - rustsecp256k1_v0_3_1_gej_double(&tmp, &groupj[i]); + rustsecp256k1_v0_4_0_gej tmp; + rustsecp256k1_v0_4_0_gej_double(&tmp, &groupj[i]); ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp); - rustsecp256k1_v0_3_1_gej_double_var(&tmp, &groupj[i], NULL); + rustsecp256k1_v0_4_0_gej_double_var(&tmp, &groupj[i], NULL); ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp); } /* Check negation */ for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_ge tmp; - rustsecp256k1_v0_3_1_gej tmpj; - rustsecp256k1_v0_3_1_ge_neg(&tmp, &group[i]); + rustsecp256k1_v0_4_0_ge tmp; + rustsecp256k1_v0_4_0_gej tmpj; + rustsecp256k1_v0_4_0_ge_neg(&tmp, &group[i]); ge_equals_ge(&group[EXHAUSTIVE_TEST_ORDER - i], &tmp); - rustsecp256k1_v0_3_1_gej_neg(&tmpj, &groupj[i]); + rustsecp256k1_v0_4_0_gej_neg(&tmpj, &groupj[i]); ge_equals_gej(&group[EXHAUSTIVE_TEST_ORDER - i], &tmpj); } } -void test_exhaustive_ecmult(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group, const rustsecp256k1_v0_3_1_gej *groupj) { +void test_exhaustive_ecmult(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group, const rustsecp256k1_v0_4_0_gej *groupj) { int i, j, r_log; uint64_t iter = 0; for (r_log = 1; r_log < EXHAUSTIVE_TEST_ORDER; r_log++) { for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { if (skip_section(&iter)) continue; for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_gej tmp; - rustsecp256k1_v0_3_1_scalar na, ng; - rustsecp256k1_v0_3_1_scalar_set_int(&na, i); - rustsecp256k1_v0_3_1_scalar_set_int(&ng, j); + rustsecp256k1_v0_4_0_gej tmp; + rustsecp256k1_v0_4_0_scalar na, ng; + rustsecp256k1_v0_4_0_scalar_set_int(&na, i); + rustsecp256k1_v0_4_0_scalar_set_int(&ng, j); - rustsecp256k1_v0_3_1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); + rustsecp256k1_v0_4_0_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); ge_equals_gej(&group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER], &tmp); if (i > 0) { - rustsecp256k1_v0_3_1_ecmult_const(&tmp, &group[i], &ng, 256); + rustsecp256k1_v0_4_0_ecmult_const(&tmp, &group[i], &ng, 256); ge_equals_gej(&group[(i * j) % EXHAUSTIVE_TEST_ORDER], &tmp); } } @@ -191,111 +189,111 @@ void test_exhaustive_ecmult(const rustsecp256k1_v0_3_1_context *ctx, const rusts } typedef struct { - rustsecp256k1_v0_3_1_scalar sc[2]; - rustsecp256k1_v0_3_1_ge pt[2]; + rustsecp256k1_v0_4_0_scalar sc[2]; + rustsecp256k1_v0_4_0_ge pt[2]; } ecmult_multi_data; -static int ecmult_multi_callback(rustsecp256k1_v0_3_1_scalar *sc, rustsecp256k1_v0_3_1_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_callback(rustsecp256k1_v0_4_0_scalar *sc, rustsecp256k1_v0_4_0_ge *pt, size_t idx, void *cbdata) { ecmult_multi_data *data = (ecmult_multi_data*) cbdata; *sc = data->sc[idx]; *pt = data->pt[idx]; return 1; } -void test_exhaustive_ecmult_multi(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_ecmult_multi(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { int i, j, k, x, y; uint64_t iter = 0; - rustsecp256k1_v0_3_1_scratch *scratch = rustsecp256k1_v0_3_1_scratch_create(&ctx->error_callback, 4096); + rustsecp256k1_v0_4_0_scratch *scratch = rustsecp256k1_v0_4_0_scratch_create(&ctx->error_callback, 4096); for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { for (x = 0; x < EXHAUSTIVE_TEST_ORDER; x++) { if (skip_section(&iter)) continue; for (y = 0; y < EXHAUSTIVE_TEST_ORDER; y++) { - rustsecp256k1_v0_3_1_gej tmp; - rustsecp256k1_v0_3_1_scalar g_sc; + rustsecp256k1_v0_4_0_gej tmp; + rustsecp256k1_v0_4_0_scalar g_sc; ecmult_multi_data data; - rustsecp256k1_v0_3_1_scalar_set_int(&data.sc[0], i); - rustsecp256k1_v0_3_1_scalar_set_int(&data.sc[1], j); - rustsecp256k1_v0_3_1_scalar_set_int(&g_sc, k); + rustsecp256k1_v0_4_0_scalar_set_int(&data.sc[0], i); + rustsecp256k1_v0_4_0_scalar_set_int(&data.sc[1], j); + rustsecp256k1_v0_4_0_scalar_set_int(&g_sc, k); data.pt[0] = group[x]; data.pt[1] = group[y]; - rustsecp256k1_v0_3_1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); + rustsecp256k1_v0_4_0_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); ge_equals_gej(&group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER], &tmp); } } } } } - rustsecp256k1_v0_3_1_scratch_destroy(&ctx->error_callback, scratch); + rustsecp256k1_v0_4_0_scratch_destroy(&ctx->error_callback, scratch); } -void r_from_k(rustsecp256k1_v0_3_1_scalar *r, const rustsecp256k1_v0_3_1_ge *group, int k, int* overflow) { - rustsecp256k1_v0_3_1_fe x; +void r_from_k(rustsecp256k1_v0_4_0_scalar *r, const rustsecp256k1_v0_4_0_ge *group, int k, int* overflow) { + rustsecp256k1_v0_4_0_fe x; unsigned char x_bin[32]; k %= EXHAUSTIVE_TEST_ORDER; x = group[k].x; - rustsecp256k1_v0_3_1_fe_normalize(&x); - rustsecp256k1_v0_3_1_fe_get_b32(x_bin, &x); - rustsecp256k1_v0_3_1_scalar_set_b32(r, x_bin, overflow); + rustsecp256k1_v0_4_0_fe_normalize(&x); + rustsecp256k1_v0_4_0_fe_get_b32(x_bin, &x); + rustsecp256k1_v0_4_0_scalar_set_b32(r, x_bin, overflow); } -void test_exhaustive_verify(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_verify(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { int s, r, msg, key; uint64_t iter = 0; for (s = 1; s < EXHAUSTIVE_TEST_ORDER; s++) { for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { - rustsecp256k1_v0_3_1_ge nonconst_ge; - rustsecp256k1_v0_3_1_ecdsa_signature sig; - rustsecp256k1_v0_3_1_pubkey pk; - rustsecp256k1_v0_3_1_scalar sk_s, msg_s, r_s, s_s; - rustsecp256k1_v0_3_1_scalar s_times_k_s, msg_plus_r_times_sk_s; + rustsecp256k1_v0_4_0_ge nonconst_ge; + rustsecp256k1_v0_4_0_ecdsa_signature sig; + rustsecp256k1_v0_4_0_pubkey pk; + rustsecp256k1_v0_4_0_scalar sk_s, msg_s, r_s, s_s; + rustsecp256k1_v0_4_0_scalar s_times_k_s, msg_plus_r_times_sk_s; int k, should_verify; unsigned char msg32[32]; if (skip_section(&iter)) continue; - rustsecp256k1_v0_3_1_scalar_set_int(&s_s, s); - rustsecp256k1_v0_3_1_scalar_set_int(&r_s, r); - rustsecp256k1_v0_3_1_scalar_set_int(&msg_s, msg); - rustsecp256k1_v0_3_1_scalar_set_int(&sk_s, key); + rustsecp256k1_v0_4_0_scalar_set_int(&s_s, s); + rustsecp256k1_v0_4_0_scalar_set_int(&r_s, r); + rustsecp256k1_v0_4_0_scalar_set_int(&msg_s, msg); + rustsecp256k1_v0_4_0_scalar_set_int(&sk_s, key); /* Verify by hand */ /* Run through every k value that gives us this r and check that *one* works. * Note there could be none, there could be multiple, ECDSA is weird. */ should_verify = 0; for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { - rustsecp256k1_v0_3_1_scalar check_x_s; + rustsecp256k1_v0_4_0_scalar check_x_s; r_from_k(&check_x_s, group, k, NULL); if (r_s == check_x_s) { - rustsecp256k1_v0_3_1_scalar_set_int(&s_times_k_s, k); - rustsecp256k1_v0_3_1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - rustsecp256k1_v0_3_1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - rustsecp256k1_v0_3_1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= rustsecp256k1_v0_3_1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + rustsecp256k1_v0_4_0_scalar_set_int(&s_times_k_s, k); + rustsecp256k1_v0_4_0_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + rustsecp256k1_v0_4_0_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + rustsecp256k1_v0_4_0_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= rustsecp256k1_v0_4_0_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); } } /* nb we have a "high s" rule */ - should_verify &= !rustsecp256k1_v0_3_1_scalar_is_high(&s_s); + should_verify &= !rustsecp256k1_v0_4_0_scalar_is_high(&s_s); /* Verify by calling verify */ - rustsecp256k1_v0_3_1_ecdsa_signature_save(&sig, &r_s, &s_s); + rustsecp256k1_v0_4_0_ecdsa_signature_save(&sig, &r_s, &s_s); memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - rustsecp256k1_v0_3_1_pubkey_save(&pk, &nonconst_ge); - rustsecp256k1_v0_3_1_scalar_get_b32(msg32, &msg_s); + rustsecp256k1_v0_4_0_pubkey_save(&pk, &nonconst_ge); + rustsecp256k1_v0_4_0_scalar_get_b32(msg32, &msg_s); CHECK(should_verify == - rustsecp256k1_v0_3_1_ecdsa_verify(ctx, &sig, msg32, &pk)); + rustsecp256k1_v0_4_0_ecdsa_verify(ctx, &sig, msg32, &pk)); } } } } } -void test_exhaustive_sign(const rustsecp256k1_v0_3_1_context *ctx, const rustsecp256k1_v0_3_1_ge *group) { +void test_exhaustive_sign(const rustsecp256k1_v0_4_0_context *ctx, const rustsecp256k1_v0_4_0_ge *group) { int i, j, k; uint64_t iter = 0; @@ -305,17 +303,17 @@ void test_exhaustive_sign(const rustsecp256k1_v0_3_1_context *ctx, const rustsec if (skip_section(&iter)) continue; for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) { /* nonce */ const int starting_k = k; - rustsecp256k1_v0_3_1_ecdsa_signature sig; - rustsecp256k1_v0_3_1_scalar sk, msg, r, s, expected_r; + rustsecp256k1_v0_4_0_ecdsa_signature sig; + rustsecp256k1_v0_4_0_scalar sk, msg, r, s, expected_r; unsigned char sk32[32], msg32[32]; - rustsecp256k1_v0_3_1_scalar_set_int(&msg, i); - rustsecp256k1_v0_3_1_scalar_set_int(&sk, j); - rustsecp256k1_v0_3_1_scalar_get_b32(sk32, &sk); - rustsecp256k1_v0_3_1_scalar_get_b32(msg32, &msg); + rustsecp256k1_v0_4_0_scalar_set_int(&msg, i); + rustsecp256k1_v0_4_0_scalar_set_int(&sk, j); + rustsecp256k1_v0_4_0_scalar_get_b32(sk32, &sk); + rustsecp256k1_v0_4_0_scalar_get_b32(msg32, &msg); - rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &sig, msg32, sk32, rustsecp256k1_v0_3_1_nonce_function_smallint, &k); + rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &sig, msg32, sk32, rustsecp256k1_v0_4_0_nonce_function_smallint, &k); - rustsecp256k1_v0_3_1_ecdsa_signature_load(ctx, &r, &s, &sig); + rustsecp256k1_v0_4_0_ecdsa_signature_load(ctx, &r, &s, &sig); /* Note that we compute expected_r *after* signing -- this is important * because our nonce-computing function function might change k during * signing. */ @@ -356,10 +354,10 @@ void test_exhaustive_sign(const rustsecp256k1_v0_3_1_context *ctx, const rustsec int main(int argc, char** argv) { int i; - rustsecp256k1_v0_3_1_gej groupj[EXHAUSTIVE_TEST_ORDER]; - rustsecp256k1_v0_3_1_ge group[EXHAUSTIVE_TEST_ORDER]; + rustsecp256k1_v0_4_0_gej groupj[EXHAUSTIVE_TEST_ORDER]; + rustsecp256k1_v0_4_0_ge group[EXHAUSTIVE_TEST_ORDER]; unsigned char rand32[32]; - rustsecp256k1_v0_3_1_context *ctx; + rustsecp256k1_v0_4_0_context *ctx; /* Disable buffering for stdout to improve reliability of getting * diagnostic information. Happens right at the start of main because @@ -378,7 +376,7 @@ int main(int argc, char** argv) { printf("test count = %i\n", count); /* find random seed */ - rustsecp256k1_v0_3_1_testrand_init(argc > 2 ? argv[2] : NULL); + rustsecp256k1_v0_4_0_testrand_init(argc > 2 ? argv[2] : NULL); /* set up split processing */ if (argc > 4) { @@ -393,45 +391,43 @@ int main(int argc, char** argv) { while (count--) { /* Build context */ - ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - rustsecp256k1_v0_3_1_testrand256(rand32); - CHECK(rustsecp256k1_v0_3_1_context_randomize(ctx, rand32)); + ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); + rustsecp256k1_v0_4_0_testrand256(rand32); + CHECK(rustsecp256k1_v0_4_0_context_randomize(ctx, rand32)); /* Generate the entire group */ - rustsecp256k1_v0_3_1_gej_set_infinity(&groupj[0]); - rustsecp256k1_v0_3_1_ge_set_gej(&group[0], &groupj[0]); + rustsecp256k1_v0_4_0_gej_set_infinity(&groupj[0]); + rustsecp256k1_v0_4_0_ge_set_gej(&group[0], &groupj[0]); for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_3_1_gej_add_ge(&groupj[i], &groupj[i - 1], &rustsecp256k1_v0_3_1_ge_const_g); - rustsecp256k1_v0_3_1_ge_set_gej(&group[i], &groupj[i]); + rustsecp256k1_v0_4_0_gej_add_ge(&groupj[i], &groupj[i - 1], &rustsecp256k1_v0_4_0_ge_const_g); + rustsecp256k1_v0_4_0_ge_set_gej(&group[i], &groupj[i]); if (count != 0) { /* Set a different random z-value for each Jacobian point, except z=1 is used in the last iteration. */ - rustsecp256k1_v0_3_1_fe z; + rustsecp256k1_v0_4_0_fe z; random_fe(&z); - rustsecp256k1_v0_3_1_gej_rescale(&groupj[i], &z); + rustsecp256k1_v0_4_0_gej_rescale(&groupj[i], &z); } /* Verify against ecmult_gen */ { - rustsecp256k1_v0_3_1_scalar scalar_i; - rustsecp256k1_v0_3_1_gej generatedj; - rustsecp256k1_v0_3_1_ge generated; + rustsecp256k1_v0_4_0_scalar scalar_i; + rustsecp256k1_v0_4_0_gej generatedj; + rustsecp256k1_v0_4_0_ge generated; - rustsecp256k1_v0_3_1_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_3_1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); - rustsecp256k1_v0_3_1_ge_set_gej(&generated, &generatedj); + rustsecp256k1_v0_4_0_scalar_set_int(&scalar_i, i); + rustsecp256k1_v0_4_0_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); + rustsecp256k1_v0_4_0_ge_set_gej(&generated, &generatedj); CHECK(group[i].infinity == 0); CHECK(generated.infinity == 0); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&generated.x, &group[i].x)); - CHECK(rustsecp256k1_v0_3_1_fe_equal_var(&generated.y, &group[i].y)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&generated.x, &group[i].x)); + CHECK(rustsecp256k1_v0_4_0_fe_equal_var(&generated.y, &group[i].y)); } } /* Run the tests */ -#ifdef USE_ENDOMORPHISM test_exhaustive_endomorphism(group); -#endif test_exhaustive_addition(group, groupj); test_exhaustive_ecmult(ctx, group, groupj); test_exhaustive_ecmult_multi(ctx, group); @@ -448,10 +444,10 @@ int main(int argc, char** argv) { test_exhaustive_schnorrsig(ctx); #endif - rustsecp256k1_v0_3_1_context_destroy(ctx); + rustsecp256k1_v0_4_0_context_destroy(ctx); } - rustsecp256k1_v0_3_1_testrand_finish(); + rustsecp256k1_v0_4_0_testrand_finish(); printf("no problems found\n"); return 0; diff --git a/secp256k1-sys/depend/secp256k1/src/util.h b/secp256k1-sys/depend/secp256k1/src/util.h index 2ea2cfda4..05c6df7e6 100644 --- a/secp256k1-sys/depend/secp256k1/src/util.h +++ b/secp256k1-sys/depend/secp256k1/src/util.h @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_UTIL_H #define SECP256K1_UTIL_H @@ -19,9 +19,9 @@ typedef struct { void (*fn)(const char *text, void* data); const void* data; -} rustsecp256k1_v0_3_1_callback; +} rustsecp256k1_v0_4_0_callback; -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_callback_call(const rustsecp256k1_v0_3_1_callback * const cb, const char * const text) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_callback_call(const rustsecp256k1_v0_4_0_callback * const cb, const char * const text) { cb->fn(text, (void*)cb->data); } @@ -186,7 +186,7 @@ static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_siz #endif /* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */ -static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_memczero(void *s, size_t len, int flag) { unsigned char *p = (unsigned char *)s; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -200,8 +200,26 @@ static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) { } } +/** Semantics like memcmp. Variable-time. + * + * We use this to avoid possible compiler bugs with memcmp, e.g. + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 + */ +static SECP256K1_INLINE int rustsecp256k1_v0_4_0_memcmp_var(const void *s1, const void *s2, size_t n) { + const unsigned char *p1 = s1, *p2 = s2; + size_t i; + + for (i = 0; i < n; i++) { + int diff = p1[i] - p2[i]; + if (diff != 0) { + return diff; + } + } + return 0; +} + /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized and non-negative.*/ -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_int_cmov(int *r, const int *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_int_cmov(int *r, const int *a, int flag) { unsigned int mask0, mask1, r_masked, a_masked; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -226,14 +244,20 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_int_cmov(int *r, const int *a, # define SECP256K1_WIDEMUL_INT128 1 #elif defined(USE_FORCE_WIDEMUL_INT64) # define SECP256K1_WIDEMUL_INT64 1 -#elif defined(__SIZEOF_INT128__) +#elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__) # define SECP256K1_WIDEMUL_INT128 1 #else # define SECP256K1_WIDEMUL_INT64 1 #endif #if defined(SECP256K1_WIDEMUL_INT128) +# if !defined(UINT128_MAX) && defined(__SIZEOF_INT128__) SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; SECP256K1_GNUC_EXT typedef __int128 int128_t; +#define UINT128_MAX ((uint128_t)(-1)) +#define INT128_MAX ((int128_t)(UINT128_MAX >> 1)) +#define INT128_MIN (-INT128_MAX - 1) +/* No (U)INT128_C macros because compilers providing __int128 do not support 128-bit literals. */ +# endif #endif #endif /* SECP256K1_UTIL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/util.h.orig b/secp256k1-sys/depend/secp256k1/src/util.h.orig index 6c724c3d9..dc16cf767 100644 --- a/secp256k1-sys/depend/secp256k1/src/util.h.orig +++ b/secp256k1-sys/depend/secp256k1/src/util.h.orig @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2013, 2014 Pieter Wuille * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2013, 2014 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #ifndef SECP256K1_UTIL_H #define SECP256K1_UTIL_H @@ -19,9 +19,9 @@ typedef struct { void (*fn)(const char *text, void* data); const void* data; -} rustsecp256k1_v0_3_1_callback; +} rustsecp256k1_v0_4_0_callback; -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_callback_call(const rustsecp256k1_v0_3_1_callback * const cb, const char * const text) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_callback_call(const rustsecp256k1_v0_4_0_callback * const cb, const char * const text) { cb->fn(text, (void*)cb->data); } @@ -88,18 +88,18 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_callback_call(const rustsecp25 #define VG_CHECK_VERIFY(x,y) #endif -static SECP256K1_INLINE void *checked_malloc(const rustsecp256k1_v0_3_1_callback* cb, size_t size) { +static SECP256K1_INLINE void *checked_malloc(const rustsecp256k1_v0_4_0_callback* cb, size_t size) { void *ret = malloc(size); if (ret == NULL) { - rustsecp256k1_v0_3_1_callback_call(cb, "Out of memory"); + rustsecp256k1_v0_4_0_callback_call(cb, "Out of memory"); } return ret; } -static SECP256K1_INLINE void *checked_realloc(const rustsecp256k1_v0_3_1_callback* cb, void *ptr, size_t size) { +static SECP256K1_INLINE void *checked_realloc(const rustsecp256k1_v0_4_0_callback* cb, void *ptr, size_t size) { void *ret = realloc(ptr, size); if (ret == NULL) { - rustsecp256k1_v0_3_1_callback_call(cb, "Out of memory"); + rustsecp256k1_v0_4_0_callback_call(cb, "Out of memory"); } return ret; } @@ -202,7 +202,7 @@ static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_siz #endif /* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */ -static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_memczero(void *s, size_t len, int flag) { unsigned char *p = (unsigned char *)s; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -216,8 +216,26 @@ static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) { } } +/** Semantics like memcmp. Variable-time. + * + * We use this to avoid possible compiler bugs with memcmp, e.g. + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 + */ +static SECP256K1_INLINE int rustsecp256k1_v0_4_0_memcmp_var(const void *s1, const void *s2, size_t n) { + const unsigned char *p1 = s1, *p2 = s2; + size_t i; + + for (i = 0; i < n; i++) { + int diff = p1[i] - p2[i]; + if (diff != 0) { + return diff; + } + } + return 0; +} + /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized and non-negative.*/ -static SECP256K1_INLINE void rustsecp256k1_v0_3_1_int_cmov(int *r, const int *a, int flag) { +static SECP256K1_INLINE void rustsecp256k1_v0_4_0_int_cmov(int *r, const int *a, int flag) { unsigned int mask0, mask1, r_masked, a_masked; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -242,14 +260,20 @@ static SECP256K1_INLINE void rustsecp256k1_v0_3_1_int_cmov(int *r, const int *a, # define SECP256K1_WIDEMUL_INT128 1 #elif defined(USE_FORCE_WIDEMUL_INT64) # define SECP256K1_WIDEMUL_INT64 1 -#elif defined(__SIZEOF_INT128__) +#elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__) # define SECP256K1_WIDEMUL_INT128 1 #else # define SECP256K1_WIDEMUL_INT64 1 #endif #if defined(SECP256K1_WIDEMUL_INT128) +# if !defined(UINT128_MAX) && defined(__SIZEOF_INT128__) SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t; SECP256K1_GNUC_EXT typedef __int128 int128_t; +#define UINT128_MAX ((uint128_t)(-1)) +#define INT128_MAX ((int128_t)(UINT128_MAX >> 1)) +#define INT128_MIN (-INT128_MAX - 1) +/* No (U)INT128_C macros because compilers providing __int128 do not support 128-bit literals. */ +# endif #endif #endif /* SECP256K1_UTIL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/valgrind_ctime_test.c b/secp256k1-sys/depend/secp256k1/src/valgrind_ctime_test.c index bfd72f741..394c5f569 100644 --- a/secp256k1-sys/depend/secp256k1/src/valgrind_ctime_test.c +++ b/secp256k1-sys/depend/secp256k1/src/valgrind_ctime_test.c @@ -1,8 +1,8 @@ -/********************************************************************** - * Copyright (c) 2020 Gregory Maxwell * - * Distributed under the MIT software license, see the accompanying * - * file COPYING or http://www.opensource.org/licenses/mit-license.php.* - **********************************************************************/ +/*********************************************************************** + * Copyright (c) 2020 Gregory Maxwell * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ #include #include "include/secp256k1.h" @@ -10,15 +10,15 @@ #include "util.h" #ifdef ENABLE_MODULE_ECDH -# include "include/rustsecp256k1_v0_3_1_ecdh.h" +# include "include/rustsecp256k1_v0_4_0_ecdh.h" #endif #ifdef ENABLE_MODULE_RECOVERY -# include "include/rustsecp256k1_v0_3_1_recovery.h" +# include "include/rustsecp256k1_v0_4_0_recovery.h" #endif #ifdef ENABLE_MODULE_EXTRAKEYS -# include "include/rustsecp256k1_v0_3_1_extrakeys.h" +# include "include/rustsecp256k1_v0_4_0_extrakeys.h" #endif #ifdef ENABLE_MODULE_SCHNORRSIG @@ -26,9 +26,9 @@ #endif int main(void) { - rustsecp256k1_v0_3_1_context* ctx; - rustsecp256k1_v0_3_1_ecdsa_signature signature; - rustsecp256k1_v0_3_1_pubkey pubkey; + rustsecp256k1_v0_4_0_context* ctx; + rustsecp256k1_v0_4_0_ecdsa_signature signature; + rustsecp256k1_v0_4_0_pubkey pubkey; size_t siglen = 74; size_t outputlen = 33; int i; @@ -38,11 +38,11 @@ int main(void) { unsigned char sig[74]; unsigned char spubkey[33]; #ifdef ENABLE_MODULE_RECOVERY - rustsecp256k1_v0_3_1_ecdsa_recoverable_signature recoverable_signature; + rustsecp256k1_v0_4_0_ecdsa_recoverable_signature recoverable_signature; int recid; #endif #ifdef ENABLE_MODULE_EXTRAKEYS - rustsecp256k1_v0_3_1_keypair keypair; + rustsecp256k1_v0_4_0_keypair keypair; #endif if (!RUNNING_ON_VALGRIND) { @@ -61,30 +61,30 @@ int main(void) { msg[i] = i + 1; } - ctx = rustsecp256k1_v0_3_1_context_create(SECP256K1_CONTEXT_SIGN + ctx = rustsecp256k1_v0_4_0_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_DECLASSIFY); /* Test keygen. */ VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ec_pubkey_create(ctx, &pubkey, key); - VALGRIND_MAKE_MEM_DEFINED(&pubkey, sizeof(rustsecp256k1_v0_3_1_pubkey)); + ret = rustsecp256k1_v0_4_0_ec_pubkey_create(ctx, &pubkey, key); + VALGRIND_MAKE_MEM_DEFINED(&pubkey, sizeof(rustsecp256k1_v0_4_0_pubkey)); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_3_1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(rustsecp256k1_v0_4_0_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); /* Test signing. */ VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL); - VALGRIND_MAKE_MEM_DEFINED(&signature, sizeof(rustsecp256k1_v0_3_1_ecdsa_signature)); + ret = rustsecp256k1_v0_4_0_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL); + VALGRIND_MAKE_MEM_DEFINED(&signature, sizeof(rustsecp256k1_v0_4_0_ecdsa_signature)); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature)); #ifdef ENABLE_MODULE_ECDH /* Test ECDH. */ VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ecdh(ctx, msg, &pubkey, key, NULL, NULL); + ret = rustsecp256k1_v0_4_0_ecdh(ctx, msg, &pubkey, key, NULL, NULL); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); #endif @@ -92,66 +92,66 @@ int main(void) { #ifdef ENABLE_MODULE_RECOVERY /* Test signing a recoverable signature. */ VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL); + ret = rustsecp256k1_v0_4_0_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL); VALGRIND_MAKE_MEM_DEFINED(&recoverable_signature, sizeof(recoverable_signature)); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature)); + CHECK(rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature)); CHECK(recid >= 0 && recid <= 3); #endif VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ec_seckey_verify(ctx, key); + ret = rustsecp256k1_v0_4_0_ec_seckey_verify(ctx, key); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_ec_seckey_negate(ctx, key); + ret = rustsecp256k1_v0_4_0_ec_seckey_negate(ctx, key); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); VALGRIND_MAKE_MEM_UNDEFINED(key, 32); VALGRIND_MAKE_MEM_UNDEFINED(msg, 32); - ret = rustsecp256k1_v0_3_1_ec_seckey_tweak_add(ctx, key, msg); + ret = rustsecp256k1_v0_4_0_ec_seckey_tweak_add(ctx, key, msg); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); VALGRIND_MAKE_MEM_UNDEFINED(key, 32); VALGRIND_MAKE_MEM_UNDEFINED(msg, 32); - ret = rustsecp256k1_v0_3_1_ec_seckey_tweak_mul(ctx, key, msg); + ret = rustsecp256k1_v0_4_0_ec_seckey_tweak_mul(ctx, key, msg); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); /* Test context randomisation. Do this last because it leaves the context tainted. */ VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_context_randomize(ctx, key); + ret = rustsecp256k1_v0_4_0_context_randomize(ctx, key); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret); /* Test keypair_create and keypair_xonly_tweak_add. */ #ifdef ENABLE_MODULE_EXTRAKEYS VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, key); + ret = rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, key); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); /* The tweak is not treated as a secret in keypair_tweak_add */ VALGRIND_MAKE_MEM_DEFINED(msg, 32); - ret = rustsecp256k1_v0_3_1_keypair_xonly_tweak_add(ctx, &keypair, msg); + ret = rustsecp256k1_v0_4_0_keypair_xonly_tweak_add(ctx, &keypair, msg); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); #endif #ifdef ENABLE_MODULE_SCHNORRSIG VALGRIND_MAKE_MEM_UNDEFINED(key, 32); - ret = rustsecp256k1_v0_3_1_keypair_create(ctx, &keypair, key); + ret = rustsecp256k1_v0_4_0_keypair_create(ctx, &keypair, key); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); - ret = rustsecp256k1_v0_3_1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL); + ret = rustsecp256k1_v0_4_0_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL); VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret)); CHECK(ret == 1); #endif - rustsecp256k1_v0_3_1_context_destroy(ctx); + rustsecp256k1_v0_4_0_context_destroy(ctx); return 0; } diff --git a/secp256k1-sys/src/lib.rs b/secp256k1-sys/src/lib.rs index 4edd56487..7253a8328 100644 --- a/secp256k1-sys/src/lib.rs +++ b/secp256k1-sys/src/lib.rs @@ -259,155 +259,155 @@ impl hash::Hash for KeyPair { extern "C" { /// Default ECDH hash function - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdh_hash_function_default")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdh_hash_function_default")] pub static secp256k1_ecdh_hash_function_default: EcdhHashFn; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_nonce_function_rfc6979")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_nonce_function_rfc6979")] pub static secp256k1_nonce_function_rfc6979: NonceFn; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_nonce_function_default")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_nonce_function_default")] pub static secp256k1_nonce_function_default: NonceFn; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_nonce_function_bip340")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_nonce_function_bip340")] pub static secp256k1_nonce_function_bip340: SchnorrNonceFn; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_no_precomp")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_no_precomp")] pub static secp256k1_context_no_precomp: *const Context; // Contexts - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_preallocated_size")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_preallocated_size")] pub fn secp256k1_context_preallocated_size(flags: c_uint) -> size_t; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_preallocated_create")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_preallocated_create")] pub fn secp256k1_context_preallocated_create(prealloc: *mut c_void, flags: c_uint) -> *mut Context; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_preallocated_destroy")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_preallocated_destroy")] pub fn secp256k1_context_preallocated_destroy(cx: *mut Context); - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_preallocated_clone_size")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_preallocated_clone_size")] pub fn secp256k1_context_preallocated_clone_size(cx: *const Context) -> size_t; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_preallocated_clone")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_preallocated_clone")] pub fn secp256k1_context_preallocated_clone(cx: *const Context, prealloc: *mut c_void) -> *mut Context; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_context_randomize")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_context_randomize")] pub fn secp256k1_context_randomize(cx: *mut Context, seed32: *const c_uchar) -> c_int; // Pubkeys - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_parse")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_parse")] pub fn secp256k1_ec_pubkey_parse(cx: *const Context, pk: *mut PublicKey, input: *const c_uchar, in_len: size_t) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_serialize")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_serialize")] pub fn secp256k1_ec_pubkey_serialize(cx: *const Context, output: *mut c_uchar, out_len: *mut size_t, pk: *const PublicKey, compressed: c_uint) -> c_int; // Signatures - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_parse_der")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_parse_der")] pub fn secp256k1_ecdsa_signature_parse_der(cx: *const Context, sig: *mut Signature, input: *const c_uchar, in_len: size_t) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_parse_compact")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_parse_compact")] pub fn secp256k1_ecdsa_signature_parse_compact(cx: *const Context, sig: *mut Signature, input64: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_parse_der_lax")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_parse_der_lax")] pub fn ecdsa_signature_parse_der_lax(cx: *const Context, sig: *mut Signature, input: *const c_uchar, in_len: size_t) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_serialize_der")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_serialize_der")] pub fn secp256k1_ecdsa_signature_serialize_der(cx: *const Context, output: *mut c_uchar, out_len: *mut size_t, sig: *const Signature) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_serialize_compact")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_serialize_compact")] pub fn secp256k1_ecdsa_signature_serialize_compact(cx: *const Context, output64: *mut c_uchar, sig: *const Signature) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_signature_normalize")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_signature_normalize")] pub fn secp256k1_ecdsa_signature_normalize(cx: *const Context, out_sig: *mut Signature, in_sig: *const Signature) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_seckey_verify")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_seckey_verify")] pub fn secp256k1_ec_seckey_verify(cx: *const Context, sk: *const c_uchar) -> c_int; #[deprecated(since = "0.2.0",note = "Please use the secp256k1_ec_seckey_tweak_add function instead")] - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_privkey_negate")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_privkey_negate")] pub fn secp256k1_ec_privkey_negate(cx: *const Context, sk: *mut c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_seckey_negate")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_seckey_negate")] pub fn secp256k1_ec_seckey_negate(cx: *const Context, sk: *mut c_uchar) -> c_int; #[deprecated(since = "0.2.0",note = "Please use the secp256k1_ec_seckey_tweak_add function instead")] - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_privkey_tweak_add")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_privkey_tweak_add")] pub fn secp256k1_ec_privkey_tweak_add(cx: *const Context, sk: *mut c_uchar, tweak: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_seckey_tweak_add")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_seckey_tweak_add")] pub fn secp256k1_ec_seckey_tweak_add(cx: *const Context, sk: *mut c_uchar, tweak: *const c_uchar) -> c_int; #[deprecated(since = "0.2.0",note = "Please use the secp256k1_ec_seckey_tweak_mul function instead")] - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_privkey_tweak_mul")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_privkey_tweak_mul")] pub fn secp256k1_ec_privkey_tweak_mul(cx: *const Context, sk: *mut c_uchar, tweak: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_seckey_tweak_mul")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_seckey_tweak_mul")] pub fn secp256k1_ec_seckey_tweak_mul(cx: *const Context, sk: *mut c_uchar, tweak: *const c_uchar) -> c_int; // EC - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_create")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_create")] pub fn secp256k1_ec_pubkey_create(cx: *const Context, pk: *mut PublicKey, sk: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_negate")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_negate")] pub fn secp256k1_ec_pubkey_negate(cx: *const Context, pk: *mut PublicKey) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_tweak_add")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_tweak_add")] pub fn secp256k1_ec_pubkey_tweak_add(cx: *const Context, pk: *mut PublicKey, tweak: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_tweak_mul")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_tweak_mul")] pub fn secp256k1_ec_pubkey_tweak_mul(cx: *const Context, pk: *mut PublicKey, tweak: *const c_uchar) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ec_pubkey_combine")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ec_pubkey_combine")] pub fn secp256k1_ec_pubkey_combine(cx: *const Context, out: *mut PublicKey, ins: *const *const PublicKey, n: c_int) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdh")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdh")] pub fn secp256k1_ecdh( cx: *const Context, output: *mut c_uchar, @@ -418,28 +418,28 @@ extern "C" { ) -> c_int; // Extra keys - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_keypair_create")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_create")] pub fn secp256k1_keypair_create( cx: *const Context, keypair: *mut KeyPair, seckey: *const c_uchar, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_xonly_pubkey_parse")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_parse")] pub fn secp256k1_xonly_pubkey_parse( cx: *const Context, pubkey: *mut XOnlyPublicKey, input32: *const c_uchar, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_xonly_pubkey_serialize")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_serialize")] pub fn secp256k1_xonly_pubkey_serialize( cx: *const Context, output32: *mut c_uchar, pubkey: *const XOnlyPublicKey, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_xonly_pubkey_from_pubkey")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey")] pub fn secp256k1_xonly_pubkey_from_pubkey( cx: *const Context, xonly_pubkey: *mut XOnlyPublicKey, @@ -447,7 +447,7 @@ extern "C" { pubkey: *const PublicKey, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add")] pub fn secp256k1_xonly_pubkey_tweak_add( cx: *const Context, output_pubkey: *mut PublicKey, @@ -455,7 +455,7 @@ extern "C" { tweak32: *const c_uchar, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_keypair_xonly_pub")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_xonly_pub")] pub fn secp256k1_keypair_xonly_pub( cx: *const Context, pubkey: *mut XOnlyPublicKey, @@ -463,14 +463,14 @@ extern "C" { keypair: *const KeyPair ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_keypair_xonly_tweak_add")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_xonly_tweak_add")] pub fn secp256k1_keypair_xonly_tweak_add( cx: *const Context, keypair: *mut KeyPair, tweak32: *const c_uchar, ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_xonly_pubkey_tweak_add_check")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check")] pub fn secp256k1_xonly_pubkey_tweak_add_check( cx: *const Context, tweaked_pubkey32: *const c_uchar, @@ -483,14 +483,14 @@ extern "C" { #[cfg(not(rust_secp_fuzz))] extern "C" { // ECDSA - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_verify")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_verify")] pub fn secp256k1_ecdsa_verify(cx: *const Context, sig: *const Signature, msg32: *const c_uchar, pk: *const PublicKey) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_sign")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_sign")] pub fn secp256k1_ecdsa_sign(cx: *const Context, sig: *mut Signature, msg32: *const c_uchar, @@ -500,7 +500,7 @@ extern "C" { -> c_int; // Schnorr Signatures - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_schnorrsig_sign")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_schnorrsig_sign")] pub fn secp256k1_schnorrsig_sign( cx: *const Context, sig: *mut c_uchar, @@ -510,7 +510,7 @@ extern "C" { noncedata: *const c_void ) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_schnorrsig_verify")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_schnorrsig_verify")] pub fn secp256k1_schnorrsig_verify( cx: *const Context, sig64: *const c_uchar, @@ -530,7 +530,7 @@ extern "C" { // In: flags: which parts of the context to initialize. #[no_mangle] #[cfg(all(feature = "std", not(rust_secp_no_symbol_renaming)))] -pub unsafe extern "C" fn rustsecp256k1_v0_3_1_context_create(flags: c_uint) -> *mut Context { +pub unsafe extern "C" fn rustsecp256k1_v0_4_0_context_create(flags: c_uint) -> *mut Context { use core::mem; use std::alloc; assert!(ALIGN_TO >= mem::align_of::()); @@ -550,7 +550,7 @@ pub unsafe extern "C" fn rustsecp256k1_v0_3_1_context_create(flags: c_uint) -> * #[cfg(all(feature = "std", not(rust_secp_no_symbol_renaming)))] pub unsafe fn secp256k1_context_create(flags: c_uint) -> *mut Context { - rustsecp256k1_v0_3_1_context_create(flags) + rustsecp256k1_v0_4_0_context_create(flags) } /// A reimplementation of the C function `secp256k1_context_destroy` in rust. @@ -561,7 +561,7 @@ pub unsafe fn secp256k1_context_create(flags: c_uint) -> *mut Context { /// #[no_mangle] #[cfg(all(feature = "std", not(rust_secp_no_symbol_renaming)))] -pub unsafe extern "C" fn rustsecp256k1_v0_3_1_context_destroy(ctx: *mut Context) { +pub unsafe extern "C" fn rustsecp256k1_v0_4_0_context_destroy(ctx: *mut Context) { use std::alloc; secp256k1_context_preallocated_destroy(ctx); let ptr = (ctx as *mut u8).sub(ALIGN_TO); @@ -572,7 +572,7 @@ pub unsafe extern "C" fn rustsecp256k1_v0_3_1_context_destroy(ctx: *mut Context) #[cfg(all(feature = "std", not(rust_secp_no_symbol_renaming)))] pub unsafe fn secp256k1_context_destroy(ctx: *mut Context) { - rustsecp256k1_v0_3_1_context_destroy(ctx) + rustsecp256k1_v0_4_0_context_destroy(ctx) } @@ -596,7 +596,7 @@ pub unsafe fn secp256k1_context_destroy(ctx: *mut Context) { /// #[no_mangle] #[cfg(not(rust_secp_no_symbol_renaming))] -pub unsafe extern "C" fn rustsecp256k1_v0_3_1_default_illegal_callback_fn(message: *const c_char, _data: *mut c_void) { +pub unsafe extern "C" fn rustsecp256k1_v0_4_0_default_illegal_callback_fn(message: *const c_char, _data: *mut c_void) { use core::str; let msg_slice = slice::from_raw_parts(message as *const u8, strlen(message)); let msg = str::from_utf8_unchecked(msg_slice); @@ -619,7 +619,7 @@ pub unsafe extern "C" fn rustsecp256k1_v0_3_1_default_illegal_callback_fn(messag /// #[no_mangle] #[cfg(not(rust_secp_no_symbol_renaming))] -pub unsafe extern "C" fn rustsecp256k1_v0_3_1_default_error_callback_fn(message: *const c_char, _data: *mut c_void) { +pub unsafe extern "C" fn rustsecp256k1_v0_4_0_default_error_callback_fn(message: *const c_char, _data: *mut c_void) { use core::str; let msg_slice = slice::from_raw_parts(message as *const u8, strlen(message)); let msg = str::from_utf8_unchecked(msg_slice); diff --git a/secp256k1-sys/src/recovery.rs b/secp256k1-sys/src/recovery.rs index dec4f7393..90f39936f 100644 --- a/secp256k1-sys/src/recovery.rs +++ b/secp256k1-sys/src/recovery.rs @@ -36,17 +36,17 @@ impl Default for RecoverableSignature { } extern "C" { - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_parse_compact")] pub fn secp256k1_ecdsa_recoverable_signature_parse_compact(cx: *const Context, sig: *mut RecoverableSignature, input64: *const c_uchar, recid: c_int) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_serialize_compact")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_serialize_compact")] pub fn secp256k1_ecdsa_recoverable_signature_serialize_compact(cx: *const Context, output64: *mut c_uchar, recid: *mut c_int, sig: *const RecoverableSignature) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_convert")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_recoverable_signature_convert")] pub fn secp256k1_ecdsa_recoverable_signature_convert(cx: *const Context, sig: *mut Signature, input: *const RecoverableSignature) -> c_int; @@ -54,7 +54,7 @@ extern "C" { #[cfg(not(rust_secp_fuzz))] extern "C" { - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_sign_recoverable")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_sign_recoverable")] pub fn secp256k1_ecdsa_sign_recoverable(cx: *const Context, sig: *mut RecoverableSignature, msg32: *const c_uchar, @@ -63,7 +63,7 @@ extern "C" { noncedata: *const c_void) -> c_int; - #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_recover")] + #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdsa_recover")] pub fn secp256k1_ecdsa_recover(cx: *const Context, pk: *mut PublicKey, sig: *const RecoverableSignature, From e687622a81c668e75308a357a8037ed4b84ad336 Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Mon, 21 Dec 2020 22:00:04 +0000 Subject: [PATCH 3/6] bump secp-sys version; drop endomorphism flag --- Cargo.toml | 5 ++--- contrib/test.sh | 2 +- no_std_test/src/main.rs | 2 +- secp256k1-sys/Cargo.toml | 5 ++--- secp256k1-sys/build.rs | 2 -- 5 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 287572b25..1c08d5430 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ autoexamples = false # Remove when edition 2018 https://github.com/rust-lang/car # Should make docs.rs show all functions, even those behind non-default features [package.metadata.docs.rs] -features = [ "rand", "rand-std", "serde", "recovery", "endomorphism" ] +features = [ "rand", "rand-std", "serde", "recovery" ] [features] unstable = ["recovery", "rand-std"] @@ -22,12 +22,11 @@ default = ["std"] std = ["secp256k1-sys/std"] rand-std = ["rand/std"] recovery = ["secp256k1-sys/recovery"] -endomorphism = ["secp256k1-sys/endomorphism"] lowmemory = ["secp256k1-sys/lowmemory"] global-context = ["std", "rand-std"] [dependencies] -secp256k1-sys = { version = "0.3.1", default-features = false, path = "./secp256k1-sys" } +secp256k1-sys = { version = "0.4.0", default-features = false, path = "./secp256k1-sys" } bitcoin_hashes = { version = "0.9", optional = true } rand = { version = "0.6", default-features = false, optional = true } serde = { version = "1.0", default-features = false, optional = true } diff --git a/contrib/test.sh b/contrib/test.sh index dd8430eef..17b411521 100755 --- a/contrib/test.sh +++ b/contrib/test.sh @@ -1,6 +1,6 @@ #!/bin/sh -ex -FEATURES="bitcoin_hashes endomorphism global-context lowmemory rand rand-std recovery serde" +FEATURES="bitcoin_hashes global-context lowmemory rand rand-std recovery serde" # Use toolchain if explicitly specified if [ -n "$TOOLCHAIN" ] diff --git a/no_std_test/src/main.rs b/no_std_test/src/main.rs index 58e5c9ca4..0c49d06ec 100644 --- a/no_std_test/src/main.rs +++ b/no_std_test/src/main.rs @@ -83,7 +83,7 @@ impl RngCore for FakeRng { #[start] fn start(_argc: isize, _argv: *const *const u8) -> isize { - let mut buf = [AlignedType::zeroed(); 37_000]; + let mut buf = [AlignedType::zeroed(); 70_000]; let size = Secp256k1::preallocate_size(); unsafe { libc::printf("needed size: %d\n\0".as_ptr() as _, size) }; diff --git a/secp256k1-sys/Cargo.toml b/secp256k1-sys/Cargo.toml index 79e39e0ba..c602e80d1 100644 --- a/secp256k1-sys/Cargo.toml +++ b/secp256k1-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "secp256k1-sys" -version = "0.3.1" +version = "0.4.0" authors = [ "Dawid Ciężarkiewicz ", "Andrew Poelstra ", "Steven Roose " ] @@ -16,7 +16,7 @@ links = "rustsecp256k1_v0_4_0" # Should make docs.rs show all functions, even those behind non-default features [package.metadata.docs.rs] -features = [ "recovery", "endomorphism", "lowmemory" ] +features = [ "recovery", "lowmemory" ] [build-dependencies] cc = "1.0.28" @@ -27,7 +27,6 @@ libc = "0.2" [features] default = ["std"] recovery = [] -endomorphism = [] lowmemory = [] std = [] diff --git a/secp256k1-sys/build.rs b/secp256k1-sys/build.rs index 434dcad3b..4e280023d 100644 --- a/secp256k1-sys/build.rs +++ b/secp256k1-sys/build.rs @@ -48,8 +48,6 @@ fn main() { base_config.define("ECMULT_WINDOW_SIZE", Some("15")); // This is the default in the configure file (`auto`) } base_config.define("USE_EXTERNAL_DEFAULT_CALLBACKS", Some("1")); - #[cfg(feature = "endomorphism")] - base_config.define("USE_ENDOMORPHISM", Some("1")); #[cfg(feature = "recovery")] base_config.define("ENABLE_MODULE_RECOVERY", Some("1")); From 58f946fcc888de33c54e710a3adbd92ceb80b5e4 Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Tue, 29 Dec 2020 17:04:42 +0000 Subject: [PATCH 4/6] secp-sys: remove now-unneeded endianness check from build.rs --- secp256k1-sys/build.rs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/secp256k1-sys/build.rs b/secp256k1-sys/build.rs index 4e280023d..1bb869d8f 100644 --- a/secp256k1-sys/build.rs +++ b/secp256k1-sys/build.rs @@ -51,12 +51,6 @@ fn main() { #[cfg(feature = "recovery")] base_config.define("ENABLE_MODULE_RECOVERY", Some("1")); - if let Ok(target_endian) = env::var("CARGO_CFG_TARGET_ENDIAN") { - if target_endian == "big" { - base_config.define("WORDS_BIGENDIAN", Some("1")); - } - } - match &env::var("TARGET").unwrap() as &str { "wasm32-unknown-unknown"|"wasm32-wasi" => { base_config.include("wasm-sysroot"); }, From d12be7966c709353da5f0969046294f661b31aea Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Tue, 29 Dec 2020 19:28:53 +0000 Subject: [PATCH 5/6] drop unnecessary no_mangle annotations on non-exported functions --- secp256k1-sys/src/lib.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/secp256k1-sys/src/lib.rs b/secp256k1-sys/src/lib.rs index 7253a8328..53c0674a5 100644 --- a/secp256k1-sys/src/lib.rs +++ b/secp256k1-sys/src/lib.rs @@ -626,7 +626,6 @@ pub unsafe extern "C" fn rustsecp256k1_v0_4_0_default_error_callback_fn(message: panic!("[libsecp256k1] internal consistency check failed {}", msg); } -#[no_mangle] #[cfg(not(rust_secp_no_symbol_renaming))] unsafe fn strlen(mut str_ptr: *const c_char) -> usize { let mut ctr = 0; @@ -761,7 +760,6 @@ pub use self::fuzz_dummy::*; #[cfg(test)] mod tests { - #[no_mangle] #[cfg(not(rust_secp_no_symbol_renaming))] #[test] fn test_strlen() { From c4d2fefa709221f42a808d6c09f579c244d0d68c Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Mon, 21 Dec 2020 22:16:23 +0000 Subject: [PATCH 6/6] rust-secp 0.20.0 --- CHANGELOG.md | 13 +++++++++++++ Cargo.toml | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d08c8b1c2..7bfa370fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,17 @@ +# 0.20.0 - 2020-12-21 + +* [remove `ffi::PublicKey::blank`](https://github.com/rust-bitcoin/rust-secp256k1/pull/232) and replace with unsafe [`ffi::PublicKey::new` and `ffi::PublicKey::from_array_unchecked`](https://github.com/rust-bitcoin/rust-secp256k1/pull/253/); similar for all other FFI types +* [support wasm32-wasi target](https://github.com/rust-bitcoin/rust-secp256k1/pull/242) +* [make the global-context feature depend on the rand-std feature](https://github.com/rust-bitcoin/rust-secp256k1/pull/246) +* [add a lexicographic ordering to `PublicKey`](https://github.com/rust-bitcoin/rust-secp256k1/pull/248) which does **not** match the ordering used by Bitcoin Core (matching this would be impossible as it requires tracking a compressedness flag, which libsecp256k1 does not have) +* [implement BIP340 Schnorr signatures](https://github.com/rust-bitcoin/rust-secp256k1/pull/237) +* [require use of new `AlignedType` in preallocated-context API to enforce alignment requirements](https://github.com/rust-bitcoin/rust-secp256k1/pull/233); previously it was possible to get UB by using misaligned memory stores +* [enforce correct alignment when using preallocated context API](https://github.com/rust-bitcoin/rust-secp256k1/pull/233) +* [stop using cargo features for dangerous build-breaking options, require setting `RUSTFLAGS` instead](https://github.com/rust-bitcoin/rust-secp256k1/pull/263) +* [implement low-R signing and function to grind even smaller signatures](https://github.com/rust-bitcoin/rust-secp256k1/pull/259) +* [remove endomorphism feature, following upstream in enabling it by default](https://github.com/rust-bitcoin/rust-secp256k1/pull/257) + # 0.19.0 - 2020-08-27 * **Update MSRV to 1.29.0** diff --git a/Cargo.toml b/Cargo.toml index 1c08d5430..0e49df778 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "secp256k1" -version = "0.19.0" +version = "0.20.0" authors = [ "Dawid Ciężarkiewicz ", "Andrew Poelstra " ] license = "CC0-1.0"