- Generated by
1.9.8
|
UltrafastSecp256k1 3.50.0
Ultra high-performance secp256k1 elliptic curve cryptography library
|
#include "ufsecp.h"#include <cstring>#include <cstdint>#include <cstdlib>#include <algorithm>#include <array>#include <limits>#include <string>#include <new>#include <vector>#include "secp256k1/scalar.hpp"#include "secp256k1/point.hpp"#include "secp256k1/field.hpp"#include "secp256k1/ecdsa.hpp"#include "secp256k1/schnorr.hpp"#include "secp256k1/ecdh.hpp"#include "secp256k1/recovery.hpp"#include "secp256k1/ct/sign.hpp"#include "secp256k1/ct/point.hpp"#include "secp256k1/detail/secure_erase.hpp"#include "secp256k1/detail/arith64.hpp"#include "secp256k1/sha256.hpp"#include "secp256k1/address.hpp"#include "secp256k1/bip32.hpp"#include "secp256k1/taproot.hpp"#include "secp256k1/bip143.hpp"#include "secp256k1/bip144.hpp"#include "secp256k1/segwit.hpp"#include "secp256k1/init.hpp"#include "secp256k1/bip39.hpp"#include "secp256k1/batch_verify.hpp"#include "secp256k1/musig2.hpp"#include "secp256k1/frost.hpp"#include "secp256k1/adaptor.hpp"#include "secp256k1/pedersen.hpp"#include "secp256k1/zk.hpp"#include "secp256k1/sha512.hpp"#include "secp256k1/multiscalar.hpp"#include "secp256k1/coins/coin_params.hpp"#include "secp256k1/coins/coin_address.hpp"#include "secp256k1/ecies.hpp"#include "secp256k1/coins/coin_hd.hpp"#include "secp256k1/coins/message_signing.hpp"Go to the source code of this file.
Classes | |
| struct | ufsecp_ctx |
| class | SecureEraseGuard< T > |
Macros | |
| #define | UFSECP_BUILDING |
| #define | UFSECP_CATCH_RETURN(ctx_ptr) |
Typedefs | |
| using | Scalar = secp256k1::fast::Scalar |
| using | Point = secp256k1::fast::Point |
| using | FE = secp256k1::fast::FieldElement |
Functions | |
| static void | ctx_clear_err (ufsecp_ctx *ctx) |
| static ufsecp_error_t | ctx_set_err (ufsecp_ctx *ctx, ufsecp_error_t err, const char *msg) |
| static bool | scalar_parse_strict_nonzero (const uint8_t b[32], Scalar &out) |
| static bool | scalar_parse_strict (const uint8_t b[32], Scalar &out) |
| static void | scalar_to_bytes (const Scalar &s, uint8_t out[32]) |
| static Point | point_from_compressed (const uint8_t pub[33]) |
| static void | point_to_compressed (const Point &p, uint8_t out[33]) |
| static void | secure_erase_scalar_vector (std::vector< Scalar > &values) |
| static secp256k1::Network | to_network (int n) |
| unsigned int | ufsecp_version (void) |
| unsigned int | ufsecp_abi_version (void) |
| const char * | ufsecp_version_string (void) |
| const char * | ufsecp_error_str (ufsecp_error_t err) |
| ufsecp_error_t | ufsecp_ctx_create (ufsecp_ctx **ctx_out) |
| ufsecp_error_t | ufsecp_ctx_clone (const ufsecp_ctx *src, ufsecp_ctx **ctx_out) |
| void | ufsecp_ctx_destroy (ufsecp_ctx *ctx) |
| ufsecp_error_t | ufsecp_last_error (const ufsecp_ctx *ctx) |
| const char * | ufsecp_last_error_msg (const ufsecp_ctx *ctx) |
| size_t | ufsecp_ctx_size (void) |
| ufsecp_error_t | ufsecp_seckey_verify (const ufsecp_ctx *ctx, const uint8_t privkey[32]) |
| ufsecp_error_t | ufsecp_seckey_negate (ufsecp_ctx *ctx, uint8_t privkey[32]) |
| ufsecp_error_t | ufsecp_seckey_tweak_add (ufsecp_ctx *ctx, uint8_t privkey[32], const uint8_t tweak[32]) |
| ufsecp_error_t | ufsecp_seckey_tweak_mul (ufsecp_ctx *ctx, uint8_t privkey[32], const uint8_t tweak[32]) |
| static ufsecp_error_t | pubkey_create_core (ufsecp_ctx *ctx, const uint8_t privkey[32], Point &pk_out) |
| ufsecp_error_t | ufsecp_pubkey_create (ufsecp_ctx *ctx, const uint8_t privkey[32], uint8_t pubkey33_out[33]) |
| ufsecp_error_t | ufsecp_pubkey_create_uncompressed (ufsecp_ctx *ctx, const uint8_t privkey[32], uint8_t pubkey65_out[65]) |
| ufsecp_error_t | ufsecp_pubkey_parse (ufsecp_ctx *ctx, const uint8_t *input, size_t input_len, uint8_t pubkey33_out[33]) |
| ufsecp_error_t | ufsecp_pubkey_xonly (ufsecp_ctx *ctx, const uint8_t privkey[32], uint8_t xonly32_out[32]) |
| ufsecp_error_t | ufsecp_ecdsa_sign (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t privkey[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_ecdsa_sign_verified (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t privkey[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_ecdsa_verify (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t sig64[64], const uint8_t pubkey33[33]) |
| ufsecp_error_t | ufsecp_ecdsa_sig_to_der (ufsecp_ctx *ctx, const uint8_t sig64[64], uint8_t *der_out, size_t *der_len) |
| ufsecp_error_t | ufsecp_ecdsa_sig_from_der (ufsecp_ctx *ctx, const uint8_t *der, size_t der_len, uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_ecdsa_sign_recoverable (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t privkey[32], uint8_t sig64_out[64], int *recid_out) |
| ufsecp_error_t | ufsecp_ecdsa_recover (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t sig64[64], int recid, uint8_t pubkey33_out[33]) |
| ufsecp_error_t | ufsecp_schnorr_sign (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t privkey[32], const uint8_t aux_rand[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_schnorr_sign_verified (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t privkey[32], const uint8_t aux_rand[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_ecdsa_sign_batch (ufsecp_ctx *ctx, size_t count, const uint8_t *msgs32, const uint8_t *privkeys32, uint8_t *sigs64_out) |
| ufsecp_error_t | ufsecp_schnorr_sign_batch (ufsecp_ctx *ctx, size_t count, const uint8_t *msgs32, const uint8_t *privkeys32, const uint8_t *aux_rands32, uint8_t *sigs64_out) |
| ufsecp_error_t | ufsecp_schnorr_verify (ufsecp_ctx *ctx, const uint8_t msg32[32], const uint8_t sig64[64], const uint8_t pubkey_x[32]) |
| static ufsecp_error_t | ecdh_parse_args (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t pubkey33[33], Scalar &sk, Point &pk) |
| ufsecp_error_t | ufsecp_ecdh (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t pubkey33[33], uint8_t secret32_out[32]) |
| ufsecp_error_t | ufsecp_ecdh_xonly (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t pubkey33[33], uint8_t secret32_out[32]) |
| ufsecp_error_t | ufsecp_ecdh_raw (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t pubkey33[33], uint8_t secret32_out[32]) |
| ufsecp_error_t | ufsecp_sha256 (const uint8_t *data, size_t len, uint8_t digest32_out[32]) |
| ufsecp_error_t | ufsecp_hash160 (const uint8_t *data, size_t len, uint8_t digest20_out[20]) |
| ufsecp_error_t | ufsecp_tagged_hash (const char *tag, const uint8_t *data, size_t len, uint8_t digest32_out[32]) |
| ufsecp_error_t | ufsecp_addr_p2pkh (ufsecp_ctx *ctx, const uint8_t pubkey33[33], int network, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_addr_p2wpkh (ufsecp_ctx *ctx, const uint8_t pubkey33[33], int network, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_addr_p2tr (ufsecp_ctx *ctx, const uint8_t internal_key_x[32], int network, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_addr_p2sh (const uint8_t *redeem_script, size_t redeem_script_len, int network, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_addr_p2sh_p2wpkh (ufsecp_ctx *ctx, const uint8_t pubkey33[33], int network, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_wif_encode (ufsecp_ctx *ctx, const uint8_t privkey[32], int compressed, int network, char *wif_out, size_t *wif_len) |
| ufsecp_error_t | ufsecp_wif_decode (ufsecp_ctx *ctx, const char *wif, uint8_t privkey32_out[32], int *compressed_out, int *network_out) |
| static void | extkey_to_uf (const secp256k1::ExtendedKey &ek, ufsecp_bip32_key *out) |
| static secp256k1::ExtendedKey | extkey_from_uf (const ufsecp_bip32_key *k) |
| static ufsecp_error_t | parse_bip32_key (ufsecp_ctx *ctx, const ufsecp_bip32_key *key, secp256k1::ExtendedKey &out) |
| ufsecp_error_t | ufsecp_bip32_master (ufsecp_ctx *ctx, const uint8_t *seed, size_t seed_len, ufsecp_bip32_key *key_out) |
| ufsecp_error_t | ufsecp_bip32_derive (ufsecp_ctx *ctx, const ufsecp_bip32_key *parent, uint32_t index, ufsecp_bip32_key *child_out) |
| ufsecp_error_t | ufsecp_bip32_derive_path (ufsecp_ctx *ctx, const ufsecp_bip32_key *master, const char *path, ufsecp_bip32_key *key_out) |
| ufsecp_error_t | ufsecp_bip32_privkey (ufsecp_ctx *ctx, const ufsecp_bip32_key *key, uint8_t privkey32_out[32]) |
| ufsecp_error_t | ufsecp_bip32_pubkey (ufsecp_ctx *ctx, const ufsecp_bip32_key *key, uint8_t pubkey33_out[33]) |
| ufsecp_error_t | ufsecp_taproot_output_key (ufsecp_ctx *ctx, const uint8_t internal_x[32], const uint8_t *merkle_root, uint8_t output_x_out[32], int *parity_out) |
| ufsecp_error_t | ufsecp_taproot_tweak_seckey (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t *merkle_root, uint8_t tweaked32_out[32]) |
| ufsecp_error_t | ufsecp_taproot_verify (ufsecp_ctx *ctx, const uint8_t output_x[32], int output_parity, const uint8_t internal_x[32], const uint8_t *merkle_root, size_t merkle_root_len) |
| ufsecp_error_t | ufsecp_bip143_sighash (ufsecp_ctx *ctx, uint32_t version, const uint8_t hash_prevouts[32], const uint8_t hash_sequence[32], const uint8_t outpoint_txid[32], uint32_t outpoint_vout, const uint8_t *script_code, size_t script_code_len, uint64_t value, uint32_t sequence, const uint8_t hash_outputs[32], uint32_t locktime, uint32_t sighash_type, uint8_t sighash_out[32]) |
| ufsecp_error_t | ufsecp_bip143_p2wpkh_script_code (const uint8_t pubkey_hash[20], uint8_t script_code_out[25]) |
| static size_t | read_compact_size (const uint8_t *buf, size_t len, size_t &offset, uint64_t &val) |
| static bool | skip_compact_bytes (const uint8_t *buf, size_t len, size_t &offset) |
| ufsecp_error_t | ufsecp_bip144_txid (ufsecp_ctx *ctx, const uint8_t *raw_tx, size_t raw_tx_len, uint8_t txid_out[32]) |
| ufsecp_error_t | ufsecp_bip144_wtxid (ufsecp_ctx *ctx, const uint8_t *raw_tx, size_t raw_tx_len, uint8_t wtxid_out[32]) |
| ufsecp_error_t | ufsecp_bip144_witness_commitment (const uint8_t witness_root[32], const uint8_t witness_nonce[32], uint8_t commitment_out[32]) |
| int | ufsecp_segwit_is_witness_program (const uint8_t *script, size_t script_len) |
| ufsecp_error_t | ufsecp_segwit_parse_program (const uint8_t *script, size_t script_len, int *version_out, uint8_t *program_out, size_t *program_len_out) |
| ufsecp_error_t | ufsecp_segwit_p2wpkh_spk (const uint8_t pubkey_hash[20], uint8_t spk_out[22]) |
| ufsecp_error_t | ufsecp_segwit_p2wsh_spk (const uint8_t script_hash[32], uint8_t spk_out[34]) |
| ufsecp_error_t | ufsecp_segwit_p2tr_spk (const uint8_t output_key[32], uint8_t spk_out[34]) |
| ufsecp_error_t | ufsecp_segwit_witness_script_hash (const uint8_t *script, size_t script_len, uint8_t hash_out[32]) |
| static secp256k1::TapSighashTxData | build_tap_tx_data (uint32_t version, uint32_t locktime, size_t input_count, const uint8_t *prevout_txids_flat, const uint32_t *prevout_vouts, const uint64_t *input_amounts, const uint32_t *input_sequences, const uint8_t *const *input_spks, const size_t *input_spk_lens, size_t output_count, const uint64_t *output_values, const uint8_t *const *output_spks, const size_t *output_spk_lens, std::vector< std::array< uint8_t, 32 > > &txid_storage) |
| ufsecp_error_t | ufsecp_taproot_keypath_sighash (ufsecp_ctx *ctx, uint32_t version, uint32_t locktime, size_t input_count, const uint8_t *prevout_txids, const uint32_t *prevout_vouts, const uint64_t *input_amounts, const uint32_t *input_sequences, const uint8_t *const *input_spks, const size_t *input_spk_lens, size_t output_count, const uint64_t *output_values, const uint8_t *const *output_spks, const size_t *output_spk_lens, size_t input_index, uint8_t hash_type, const uint8_t *annex, size_t annex_len, uint8_t sighash_out[32]) |
| ufsecp_error_t | ufsecp_tapscript_sighash (ufsecp_ctx *ctx, uint32_t version, uint32_t locktime, size_t input_count, const uint8_t *prevout_txids, const uint32_t *prevout_vouts, const uint64_t *input_amounts, const uint32_t *input_sequences, const uint8_t *const *input_spks, const size_t *input_spk_lens, size_t output_count, const uint64_t *output_values, const uint8_t *const *output_spks, const size_t *output_spk_lens, size_t input_index, uint8_t hash_type, const uint8_t tapleaf_hash[32], uint8_t key_version, uint32_t code_separator_pos, const uint8_t *annex, size_t annex_len, uint8_t sighash_out[32]) |
| ufsecp_error_t | ufsecp_pubkey_add (ufsecp_ctx *ctx, const uint8_t a33[33], const uint8_t b33[33], uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_pubkey_negate (ufsecp_ctx *ctx, const uint8_t pubkey33[33], uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_pubkey_tweak_add (ufsecp_ctx *ctx, const uint8_t pubkey33[33], const uint8_t tweak[32], uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_pubkey_tweak_mul (ufsecp_ctx *ctx, const uint8_t pubkey33[33], const uint8_t tweak[32], uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_pubkey_combine (ufsecp_ctx *ctx, const uint8_t *pubkeys, size_t n, uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_bip39_generate (ufsecp_ctx *ctx, size_t entropy_bytes, const uint8_t *entropy_in, char *mnemonic_out, size_t *mnemonic_len) |
| ufsecp_error_t | ufsecp_bip39_validate (const ufsecp_ctx *ctx, const char *mnemonic) |
| ufsecp_error_t | ufsecp_bip39_to_seed (ufsecp_ctx *ctx, const char *mnemonic, const char *passphrase, uint8_t seed64_out[64]) |
| ufsecp_error_t | ufsecp_bip39_to_entropy (ufsecp_ctx *ctx, const char *mnemonic, uint8_t *entropy_out, size_t *entropy_len) |
| ufsecp_error_t | ufsecp_schnorr_batch_verify (ufsecp_ctx *ctx, const uint8_t *entries, size_t n) |
| ufsecp_error_t | ufsecp_ecdsa_batch_verify (ufsecp_ctx *ctx, const uint8_t *entries, size_t n) |
| ufsecp_error_t | ufsecp_schnorr_batch_identify_invalid (ufsecp_ctx *ctx, const uint8_t *entries, size_t n, size_t *invalid_out, size_t *invalid_count) |
| ufsecp_error_t | ufsecp_ecdsa_batch_identify_invalid (ufsecp_ctx *ctx, const uint8_t *entries, size_t n, size_t *invalid_out, size_t *invalid_count) |
| ufsecp_error_t | ufsecp_sha512 (const uint8_t *data, size_t len, uint8_t digest64_out[64]) |
| ufsecp_error_t | ufsecp_shamir_trick (ufsecp_ctx *ctx, const uint8_t a[32], const uint8_t P33[33], const uint8_t b[32], const uint8_t Q33[33], uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_multi_scalar_mul (ufsecp_ctx *ctx, const uint8_t *scalars, const uint8_t *points, size_t n, uint8_t out33[33]) |
| ufsecp_error_t | ufsecp_musig2_key_agg (ufsecp_ctx *ctx, const uint8_t *pubkeys, size_t n, uint8_t keyagg_out[UFSECP_MUSIG2_KEYAGG_LEN], uint8_t agg_pubkey32_out[32]) |
| ufsecp_error_t | ufsecp_musig2_nonce_gen (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t pubkey32[32], const uint8_t agg_pubkey32[32], const uint8_t msg32[32], const uint8_t extra_in[32], uint8_t secnonce_out[UFSECP_MUSIG2_SECNONCE_LEN], uint8_t pubnonce_out[UFSECP_MUSIG2_PUBNONCE_LEN]) |
| ufsecp_error_t | ufsecp_musig2_nonce_agg (ufsecp_ctx *ctx, const uint8_t *pubnonces, size_t n, uint8_t aggnonce_out[UFSECP_MUSIG2_AGGNONCE_LEN]) |
| ufsecp_error_t | ufsecp_musig2_start_sign_session (ufsecp_ctx *ctx, const uint8_t aggnonce[UFSECP_MUSIG2_AGGNONCE_LEN], const uint8_t keyagg[UFSECP_MUSIG2_KEYAGG_LEN], const uint8_t msg32[32], uint8_t session_out[UFSECP_MUSIG2_SESSION_LEN]) |
| ufsecp_error_t | ufsecp_musig2_partial_sign (ufsecp_ctx *ctx, uint8_t secnonce[UFSECP_MUSIG2_SECNONCE_LEN], const uint8_t privkey[32], const uint8_t keyagg[UFSECP_MUSIG2_KEYAGG_LEN], const uint8_t session[UFSECP_MUSIG2_SESSION_LEN], size_t signer_index, uint8_t partial_sig32_out[32]) |
| ufsecp_error_t | ufsecp_musig2_partial_verify (ufsecp_ctx *ctx, const uint8_t partial_sig32[32], const uint8_t pubnonce[UFSECP_MUSIG2_PUBNONCE_LEN], const uint8_t pubkey32[32], const uint8_t keyagg[UFSECP_MUSIG2_KEYAGG_LEN], const uint8_t session[UFSECP_MUSIG2_SESSION_LEN], size_t signer_index) |
| ufsecp_error_t | ufsecp_musig2_partial_sig_agg (ufsecp_ctx *ctx, const uint8_t *partial_sigs, size_t n, const uint8_t session[UFSECP_MUSIG2_SESSION_LEN], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_frost_keygen_begin (ufsecp_ctx *ctx, uint32_t participant_id, uint32_t threshold, uint32_t num_participants, const uint8_t seed[32], uint8_t *commits_out, size_t *commits_len, uint8_t *shares_out, size_t *shares_len) |
| ufsecp_error_t | ufsecp_frost_keygen_finalize (ufsecp_ctx *ctx, uint32_t participant_id, const uint8_t *all_commits, size_t commits_len, const uint8_t *received_shares, size_t shares_len, uint32_t threshold, uint32_t num_participants, uint8_t keypkg_out[UFSECP_FROST_KEYPKG_LEN]) |
| ufsecp_error_t | ufsecp_frost_sign_nonce_gen (ufsecp_ctx *ctx, uint32_t participant_id, const uint8_t nonce_seed[32], uint8_t nonce_out[UFSECP_FROST_NONCE_LEN], uint8_t nonce_commit_out[UFSECP_FROST_NONCE_COMMIT_LEN]) |
| ufsecp_error_t | ufsecp_frost_sign (ufsecp_ctx *ctx, const uint8_t keypkg[UFSECP_FROST_KEYPKG_LEN], const uint8_t nonce[UFSECP_FROST_NONCE_LEN], const uint8_t msg32[32], const uint8_t *nonce_commits, size_t n_signers, uint8_t partial_sig_out[36]) |
| Sign a FROST round-2 partial signature. | |
| ufsecp_error_t | ufsecp_frost_verify_partial (ufsecp_ctx *ctx, const uint8_t partial_sig[36], const uint8_t verification_share33[33], const uint8_t *nonce_commits, size_t n_signers, const uint8_t msg32[32], const uint8_t group_pubkey33[33]) |
| ufsecp_error_t | ufsecp_frost_aggregate (ufsecp_ctx *ctx, const uint8_t *partial_sigs, size_t n, const uint8_t *nonce_commits, size_t n_signers, const uint8_t group_pubkey33[33], const uint8_t msg32[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_schnorr_adaptor_sign (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t msg32[32], const uint8_t adaptor_point33[33], const uint8_t aux_rand[32], uint8_t pre_sig_out[UFSECP_SCHNORR_ADAPTOR_SIG_LEN]) |
| ufsecp_error_t | ufsecp_schnorr_adaptor_verify (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], const uint8_t pubkey_x[32], const uint8_t msg32[32], const uint8_t adaptor_point33[33]) |
| ufsecp_error_t | ufsecp_schnorr_adaptor_adapt (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], const uint8_t adaptor_secret[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_schnorr_adaptor_extract (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], const uint8_t sig64[64], uint8_t secret32_out[32]) |
| ufsecp_error_t | ufsecp_ecdsa_adaptor_sign (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t msg32[32], const uint8_t adaptor_point33[33], uint8_t pre_sig_out[UFSECP_ECDSA_ADAPTOR_SIG_LEN]) |
| ufsecp_error_t | ufsecp_ecdsa_adaptor_verify (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], const uint8_t pubkey33[33], const uint8_t msg32[32], const uint8_t adaptor_point33[33]) |
| ufsecp_error_t | ufsecp_ecdsa_adaptor_adapt (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], const uint8_t adaptor_secret[32], uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_ecdsa_adaptor_extract (ufsecp_ctx *ctx, const uint8_t pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], const uint8_t sig64[64], uint8_t secret32_out[32]) |
| ufsecp_error_t | ufsecp_pedersen_commit (ufsecp_ctx *ctx, const uint8_t value[32], const uint8_t blinding[32], uint8_t commitment33_out[33]) |
| ufsecp_error_t | ufsecp_pedersen_verify (ufsecp_ctx *ctx, const uint8_t commitment33[33], const uint8_t value[32], const uint8_t blinding[32]) |
| ufsecp_error_t | ufsecp_pedersen_verify_sum (ufsecp_ctx *ctx, const uint8_t *pos, size_t n_pos, const uint8_t *neg, size_t n_neg) |
| ufsecp_error_t | ufsecp_pedersen_blind_sum (ufsecp_ctx *ctx, const uint8_t *blinds_in, size_t n_in, const uint8_t *blinds_out, size_t n_out, uint8_t sum32_out[32]) |
| ufsecp_error_t | ufsecp_pedersen_switch_commit (ufsecp_ctx *ctx, const uint8_t value[32], const uint8_t blinding[32], const uint8_t switch_blind[32], uint8_t commitment33_out[33]) |
| ufsecp_error_t | ufsecp_zk_knowledge_prove (ufsecp_ctx *ctx, const uint8_t secret[32], const uint8_t pubkey33[33], const uint8_t msg32[32], const uint8_t aux_rand[32], uint8_t proof_out[UFSECP_ZK_KNOWLEDGE_PROOF_LEN]) |
| ufsecp_error_t | ufsecp_zk_knowledge_verify (ufsecp_ctx *ctx, const uint8_t proof[UFSECP_ZK_KNOWLEDGE_PROOF_LEN], const uint8_t pubkey33[33], const uint8_t msg32[32]) |
| ufsecp_error_t | ufsecp_zk_dleq_prove (ufsecp_ctx *ctx, const uint8_t secret[32], const uint8_t G33[33], const uint8_t H33[33], const uint8_t P33[33], const uint8_t Q33[33], const uint8_t aux_rand[32], uint8_t proof_out[UFSECP_ZK_DLEQ_PROOF_LEN]) |
| ufsecp_error_t | ufsecp_zk_dleq_verify (ufsecp_ctx *ctx, const uint8_t proof[UFSECP_ZK_DLEQ_PROOF_LEN], const uint8_t G33[33], const uint8_t H33[33], const uint8_t P33[33], const uint8_t Q33[33]) |
| ufsecp_error_t | ufsecp_zk_range_prove (ufsecp_ctx *ctx, uint64_t value, const uint8_t blinding[32], const uint8_t commitment33[33], const uint8_t aux_rand[32], uint8_t *proof_out, size_t *proof_len) |
| ufsecp_error_t | ufsecp_zk_range_verify (ufsecp_ctx *ctx, const uint8_t commitment33[33], const uint8_t *proof, size_t proof_len) |
| static const secp256k1::coins::CoinParams * | find_coin (uint32_t coin_type) |
| ufsecp_error_t | ufsecp_coin_address (ufsecp_ctx *ctx, const uint8_t pubkey33[33], uint32_t coin_type, int testnet, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_coin_derive_from_seed (ufsecp_ctx *ctx, const uint8_t *seed, size_t seed_len, uint32_t coin_type, uint32_t account, int change, uint32_t index, int testnet, uint8_t *privkey32_out, uint8_t *pubkey33_out, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_coin_wif_encode (ufsecp_ctx *ctx, const uint8_t privkey[32], uint32_t coin_type, int testnet, char *wif_out, size_t *wif_len) |
| ufsecp_error_t | ufsecp_btc_message_sign (ufsecp_ctx *ctx, const uint8_t *msg, size_t msg_len, const uint8_t privkey[32], char *base64_out, size_t *base64_len) |
| ufsecp_error_t | ufsecp_btc_message_verify (ufsecp_ctx *ctx, const uint8_t *msg, size_t msg_len, const uint8_t pubkey33[33], const char *base64_sig) |
| ufsecp_error_t | ufsecp_btc_message_hash (const uint8_t *msg, size_t msg_len, uint8_t digest32_out[32]) |
| ufsecp_error_t | ufsecp_silent_payment_address (ufsecp_ctx *ctx, const uint8_t scan_privkey[32], const uint8_t spend_privkey[32], uint8_t scan_pubkey33_out[33], uint8_t spend_pubkey33_out[33], char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_silent_payment_create_output (ufsecp_ctx *ctx, const uint8_t *input_privkeys, size_t n_inputs, const uint8_t scan_pubkey33[33], const uint8_t spend_pubkey33[33], uint32_t k, uint8_t output_pubkey33_out[33], uint8_t *tweak32_out) |
| ufsecp_error_t | ufsecp_silent_payment_scan (ufsecp_ctx *ctx, const uint8_t scan_privkey[32], const uint8_t spend_privkey[32], const uint8_t *input_pubkeys33, size_t n_input_pubkeys, const uint8_t *output_xonly32, size_t n_outputs, uint32_t *found_indices_out, uint8_t *found_privkeys_out, size_t *n_found) |
| ufsecp_error_t | ufsecp_ecies_encrypt (ufsecp_ctx *ctx, const uint8_t recipient_pubkey33[33], const uint8_t *plaintext, size_t plaintext_len, uint8_t *envelope_out, size_t *envelope_len) |
| ufsecp_error_t | ufsecp_ecies_decrypt (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t *envelope, size_t envelope_len, uint8_t *plaintext_out, size_t *plaintext_len) |
| ufsecp_error_t | ufsecp_bip85_entropy (ufsecp_ctx *ctx, const ufsecp_bip32_key *master_xprv, const char *path, uint8_t *entropy_out, size_t entropy_len) |
| ufsecp_error_t | ufsecp_bip85_bip39 (ufsecp_ctx *ctx, const ufsecp_bip32_key *master_xprv, uint32_t words, uint32_t language_index, uint32_t index, char *mnemonic_out, size_t *mnemonic_len) |
| ufsecp_error_t | ufsecp_schnorr_sign_msg (ufsecp_ctx *ctx, const uint8_t privkey[32], const uint8_t *msg, size_t msg_len, const uint8_t *aux_rand32, uint8_t sig64_out[64]) |
| ufsecp_error_t | ufsecp_schnorr_verify_msg (ufsecp_ctx *ctx, const uint8_t pubkey_x[32], const uint8_t *msg, size_t msg_len, const uint8_t sig64[64]) |
| ufsecp_error_t | ufsecp_bip322_sign (ufsecp_ctx *ctx, const uint8_t privkey[32], ufsecp_bip322_addr_type addr_type, const uint8_t *msg, size_t msg_len, uint8_t *sig_out, size_t *sig_len) |
| ufsecp_error_t | ufsecp_bip322_verify (ufsecp_ctx *ctx, const uint8_t *pubkey, size_t pubkey_len, ufsecp_bip322_addr_type addr_type, const uint8_t *msg, size_t msg_len, const uint8_t *sig, size_t sig_len) |
| static bool | gcs_encode (const std::vector< uint64_t > &values, uint8_t *out, size_t *out_len) |
| static bool | gcs_decode (const uint8_t *filter, size_t filter_len, size_t n_items, std::vector< uint64_t > &out) |
| ufsecp_error_t | ufsecp_gcs_build (const uint8_t key[16], const uint8_t **data, const size_t *data_sizes, size_t count, uint8_t *filter_out, size_t *filter_len) |
| ufsecp_error_t | ufsecp_gcs_match (const uint8_t key[16], const uint8_t *filter, size_t filter_len, size_t n_items, const uint8_t *item, size_t item_len) |
| ufsecp_error_t | ufsecp_gcs_match_any (const uint8_t key[16], const uint8_t *filter, size_t filter_len, size_t n_items, const uint8_t **query, const size_t *query_sizes, size_t query_count) |
| ufsecp_error_t | ufsecp_psbt_sign_legacy (ufsecp_ctx *ctx, const uint8_t sighash32[32], const uint8_t privkey[32], uint8_t sighash_type, uint8_t *sig_out, size_t *sig_len) |
| ufsecp_error_t | ufsecp_psbt_sign_segwit (ufsecp_ctx *ctx, const uint8_t sighash32[32], const uint8_t privkey[32], uint8_t sighash_type, uint8_t *sig_out, size_t *sig_len) |
| ufsecp_error_t | ufsecp_psbt_sign_taproot (ufsecp_ctx *ctx, const uint8_t sighash32[32], const uint8_t privkey[32], uint8_t sighash_type, const uint8_t *aux_rand32, uint8_t *sig_out, size_t *sig_len) |
| ufsecp_error_t | ufsecp_psbt_derive_key (ufsecp_ctx *ctx, const ufsecp_bip32_key *master_xprv, const char *key_path, uint8_t privkey_out[32]) |
| ufsecp_error_t | ufsecp_descriptor_parse (ufsecp_ctx *ctx, const char *descriptor, uint32_t index, ufsecp_desc_key *key_out, char *addr_out, size_t *addr_len) |
| ufsecp_error_t | ufsecp_descriptor_address (ufsecp_ctx *ctx, const char *descriptor, uint32_t index, char *addr_out, size_t *addr_len) |
Variables | |
| static constexpr uint64_t | GCS_P = 19 |
| static constexpr uint64_t | GCS_M = 784931ULL |
| #define UFSECP_BUILDING |
Definition at line 12 of file ufsecp_impl.cpp.
| #define UFSECP_CATCH_RETURN | ( | ctx_ptr | ) |
Definition at line 237 of file ufsecp_impl.cpp.
| using FE = secp256k1::fast::FieldElement |
Definition at line 77 of file ufsecp_impl.cpp.
| using Point = secp256k1::fast::Point |
Definition at line 76 of file ufsecp_impl.cpp.
| using Scalar = secp256k1::fast::Scalar |
Definition at line 75 of file ufsecp_impl.cpp.
|
static |
Definition at line 1856 of file ufsecp_impl.cpp.
References secp256k1::TapSighashTxData::version.
Referenced by ufsecp_taproot_keypath_sighash(), and ufsecp_tapscript_sighash().
|
static |
Definition at line 89 of file ufsecp_impl.cpp.
References ufsecp_ctx::last_err, ufsecp_ctx::last_msg, and UFSECP_OK.
Referenced by ufsecp_addr_p2pkh(), ufsecp_addr_p2sh_p2wpkh(), ufsecp_addr_p2tr(), ufsecp_addr_p2wpkh(), ufsecp_bip143_sighash(), ufsecp_bip322_sign(), ufsecp_bip322_verify(), ufsecp_bip32_derive(), ufsecp_bip32_derive_path(), ufsecp_bip32_master(), ufsecp_bip32_privkey(), ufsecp_bip32_pubkey(), ufsecp_bip39_generate(), ufsecp_bip39_to_entropy(), ufsecp_bip39_to_seed(), ufsecp_bip85_bip39(), ufsecp_bip85_entropy(), ufsecp_btc_message_sign(), ufsecp_btc_message_verify(), ufsecp_coin_address(), ufsecp_coin_derive_from_seed(), ufsecp_coin_wif_encode(), ufsecp_ctx_clone(), ufsecp_descriptor_address(), ufsecp_descriptor_parse(), ufsecp_ecdh(), ufsecp_ecdh_raw(), ufsecp_ecdh_xonly(), ufsecp_ecdsa_adaptor_adapt(), ufsecp_ecdsa_adaptor_extract(), ufsecp_ecdsa_adaptor_sign(), ufsecp_ecdsa_adaptor_verify(), ufsecp_ecdsa_batch_identify_invalid(), ufsecp_ecdsa_batch_verify(), ufsecp_ecdsa_recover(), ufsecp_ecdsa_sig_from_der(), ufsecp_ecdsa_sig_to_der(), ufsecp_ecdsa_sign(), ufsecp_ecdsa_sign_batch(), ufsecp_ecdsa_sign_recoverable(), ufsecp_ecdsa_sign_verified(), ufsecp_ecdsa_verify(), ufsecp_ecies_decrypt(), ufsecp_ecies_encrypt(), ufsecp_frost_aggregate(), ufsecp_frost_keygen_begin(), ufsecp_frost_keygen_finalize(), ufsecp_frost_sign(), ufsecp_frost_sign_nonce_gen(), ufsecp_frost_verify_partial(), ufsecp_multi_scalar_mul(), ufsecp_musig2_key_agg(), ufsecp_musig2_nonce_agg(), ufsecp_musig2_nonce_gen(), ufsecp_musig2_partial_sig_agg(), ufsecp_musig2_partial_sign(), ufsecp_musig2_partial_verify(), ufsecp_musig2_start_sign_session(), ufsecp_pedersen_blind_sum(), ufsecp_pedersen_commit(), ufsecp_pedersen_switch_commit(), ufsecp_pedersen_verify(), ufsecp_pedersen_verify_sum(), ufsecp_psbt_derive_key(), ufsecp_psbt_sign_legacy(), ufsecp_psbt_sign_segwit(), ufsecp_psbt_sign_taproot(), ufsecp_pubkey_add(), ufsecp_pubkey_combine(), ufsecp_pubkey_create(), ufsecp_pubkey_create_uncompressed(), ufsecp_pubkey_negate(), ufsecp_pubkey_parse(), ufsecp_pubkey_tweak_add(), ufsecp_pubkey_tweak_mul(), ufsecp_pubkey_xonly(), ufsecp_schnorr_adaptor_adapt(), ufsecp_schnorr_adaptor_extract(), ufsecp_schnorr_adaptor_sign(), ufsecp_schnorr_adaptor_verify(), ufsecp_schnorr_batch_identify_invalid(), ufsecp_schnorr_batch_verify(), ufsecp_schnorr_sign(), ufsecp_schnorr_sign_batch(), ufsecp_schnorr_sign_msg(), ufsecp_schnorr_sign_verified(), ufsecp_schnorr_verify(), ufsecp_schnorr_verify_msg(), ufsecp_seckey_negate(), ufsecp_seckey_tweak_add(), ufsecp_seckey_tweak_mul(), ufsecp_shamir_trick(), ufsecp_silent_payment_address(), ufsecp_silent_payment_create_output(), ufsecp_silent_payment_scan(), ufsecp_taproot_keypath_sighash(), ufsecp_taproot_output_key(), ufsecp_taproot_tweak_seckey(), ufsecp_taproot_verify(), ufsecp_tapscript_sighash(), ufsecp_wif_decode(), ufsecp_wif_encode(), ufsecp_zk_dleq_prove(), ufsecp_zk_dleq_verify(), ufsecp_zk_knowledge_prove(), ufsecp_zk_knowledge_verify(), ufsecp_zk_range_prove(), and ufsecp_zk_range_verify().
|
static |
Definition at line 94 of file ufsecp_impl.cpp.
References ufsecp_ctx::last_err, and ufsecp_ctx::last_msg.
Referenced by ecdh_parse_args(), parse_bip32_key(), pubkey_create_core(), ufsecp_addr_p2pkh(), ufsecp_addr_p2sh_p2wpkh(), ufsecp_addr_p2tr(), ufsecp_addr_p2wpkh(), ufsecp_bip322_sign(), ufsecp_bip322_verify(), ufsecp_bip32_derive(), ufsecp_bip32_derive_path(), ufsecp_bip32_master(), ufsecp_bip32_privkey(), ufsecp_bip32_pubkey(), ufsecp_bip39_generate(), ufsecp_bip39_to_entropy(), ufsecp_bip39_to_seed(), ufsecp_bip85_bip39(), ufsecp_bip85_entropy(), ufsecp_btc_message_sign(), ufsecp_btc_message_verify(), ufsecp_coin_address(), ufsecp_coin_derive_from_seed(), ufsecp_coin_wif_encode(), ufsecp_descriptor_parse(), ufsecp_ecdsa_adaptor_adapt(), ufsecp_ecdsa_adaptor_extract(), ufsecp_ecdsa_adaptor_sign(), ufsecp_ecdsa_adaptor_verify(), ufsecp_ecdsa_batch_identify_invalid(), ufsecp_ecdsa_batch_verify(), ufsecp_ecdsa_recover(), ufsecp_ecdsa_sig_from_der(), ufsecp_ecdsa_sig_to_der(), ufsecp_ecdsa_sign(), ufsecp_ecdsa_sign_batch(), ufsecp_ecdsa_sign_recoverable(), ufsecp_ecdsa_sign_verified(), ufsecp_ecdsa_verify(), ufsecp_ecies_decrypt(), ufsecp_ecies_encrypt(), ufsecp_frost_aggregate(), ufsecp_frost_keygen_begin(), ufsecp_frost_keygen_finalize(), ufsecp_frost_sign(), ufsecp_frost_sign_nonce_gen(), ufsecp_frost_verify_partial(), ufsecp_multi_scalar_mul(), ufsecp_musig2_key_agg(), ufsecp_musig2_nonce_agg(), ufsecp_musig2_nonce_gen(), ufsecp_musig2_partial_sig_agg(), ufsecp_musig2_partial_sign(), ufsecp_musig2_partial_verify(), ufsecp_musig2_start_sign_session(), ufsecp_pedersen_blind_sum(), ufsecp_pedersen_commit(), ufsecp_pedersen_switch_commit(), ufsecp_pedersen_verify(), ufsecp_pedersen_verify_sum(), ufsecp_psbt_sign_legacy(), ufsecp_psbt_sign_segwit(), ufsecp_psbt_sign_taproot(), ufsecp_pubkey_add(), ufsecp_pubkey_combine(), ufsecp_pubkey_negate(), ufsecp_pubkey_parse(), ufsecp_pubkey_tweak_add(), ufsecp_pubkey_tweak_mul(), ufsecp_pubkey_xonly(), ufsecp_schnorr_adaptor_adapt(), ufsecp_schnorr_adaptor_extract(), ufsecp_schnorr_adaptor_sign(), ufsecp_schnorr_adaptor_verify(), ufsecp_schnorr_batch_identify_invalid(), ufsecp_schnorr_batch_verify(), ufsecp_schnorr_sign(), ufsecp_schnorr_sign_batch(), ufsecp_schnorr_sign_verified(), ufsecp_schnorr_verify(), ufsecp_seckey_negate(), ufsecp_seckey_tweak_add(), ufsecp_seckey_tweak_mul(), ufsecp_shamir_trick(), ufsecp_silent_payment_address(), ufsecp_silent_payment_create_output(), ufsecp_silent_payment_scan(), ufsecp_taproot_output_key(), ufsecp_taproot_tweak_seckey(), ufsecp_taproot_verify(), ufsecp_wif_decode(), ufsecp_wif_encode(), ufsecp_zk_dleq_prove(), ufsecp_zk_dleq_verify(), ufsecp_zk_knowledge_prove(), ufsecp_zk_knowledge_verify(), ufsecp_zk_range_prove(), and ufsecp_zk_range_verify().
|
static |
Definition at line 1054 of file ufsecp_impl.cpp.
References ctx_set_err(), secp256k1::fast::Point::is_infinity(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, and UFSECP_OK.
Referenced by ufsecp_ecdh(), ufsecp_ecdh_raw(), and ufsecp_ecdh_xonly().
|
static |
Definition at line 1342 of file ufsecp_impl.cpp.
References ufsecp_bip32_key::data, secp256k1::ExtendedKey::depth, and ufsecp_bip32_key::is_private.
Referenced by parse_bip32_key().
|
static |
Definition at line 1335 of file ufsecp_impl.cpp.
References ufsecp_bip32_key::_pad, ufsecp_bip32_key::data, secp256k1::ExtendedKey::is_private, ufsecp_bip32_key::is_private, and secp256k1::ExtendedKey::serialize().
Referenced by ufsecp_bip32_derive(), ufsecp_bip32_derive_path(), and ufsecp_bip32_master().
|
static |
Definition at line 3843 of file ufsecp_impl.cpp.
References secp256k1::coins::find_by_coin_type().
Referenced by ufsecp_coin_address(), ufsecp_coin_derive_from_seed(), and ufsecp_coin_wif_encode().
|
static |
Definition at line 4972 of file ufsecp_impl.cpp.
References GCS_P.
Referenced by ufsecp_gcs_match(), and ufsecp_gcs_match_any().
|
static |
Definition at line 4936 of file ufsecp_impl.cpp.
References GCS_P.
Referenced by ufsecp_gcs_build().
|
static |
Definition at line 1359 of file ufsecp_impl.cpp.
References ufsecp_bip32_key::_pad, ctx_set_err(), ufsecp_bip32_key::data, extkey_from_uf(), ufsecp_bip32_key::is_private, point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, and UFSECP_OK.
Referenced by ufsecp_bip32_derive(), ufsecp_bip32_derive_path(), ufsecp_bip32_privkey(), ufsecp_bip32_pubkey(), and ufsecp_bip85_entropy().
|
inlinestatic |
Definition at line 248 of file ufsecp_impl.cpp.
References secp256k1::fast::Point::from_affine(), secp256k1::fast::FieldElement::from_uint64(), secp256k1::fast::Point::infinity(), and secp256k1::fast::FieldElement::parse_bytes_strict().
Referenced by ecdh_parse_args(), parse_bip32_key(), ufsecp_addr_p2pkh(), ufsecp_addr_p2sh_p2wpkh(), ufsecp_addr_p2wpkh(), ufsecp_bip322_verify(), ufsecp_btc_message_verify(), ufsecp_coin_address(), ufsecp_ecdsa_adaptor_adapt(), ufsecp_ecdsa_adaptor_extract(), ufsecp_ecdsa_adaptor_sign(), ufsecp_ecdsa_adaptor_verify(), ufsecp_ecdsa_batch_identify_invalid(), ufsecp_ecdsa_batch_verify(), ufsecp_ecdsa_verify(), ufsecp_ecies_encrypt(), ufsecp_frost_aggregate(), ufsecp_frost_keygen_finalize(), ufsecp_frost_sign(), ufsecp_frost_verify_partial(), ufsecp_multi_scalar_mul(), ufsecp_musig2_nonce_agg(), ufsecp_musig2_start_sign_session(), ufsecp_pedersen_verify(), ufsecp_pedersen_verify_sum(), ufsecp_pubkey_add(), ufsecp_pubkey_combine(), ufsecp_pubkey_negate(), ufsecp_pubkey_parse(), ufsecp_pubkey_tweak_add(), ufsecp_pubkey_tweak_mul(), ufsecp_schnorr_adaptor_adapt(), ufsecp_schnorr_adaptor_extract(), ufsecp_schnorr_adaptor_sign(), ufsecp_schnorr_adaptor_verify(), ufsecp_shamir_trick(), ufsecp_silent_payment_create_output(), ufsecp_silent_payment_scan(), ufsecp_zk_dleq_prove(), ufsecp_zk_dleq_verify(), ufsecp_zk_knowledge_prove(), ufsecp_zk_knowledge_verify(), ufsecp_zk_range_prove(), and ufsecp_zk_range_verify().
|
inlinestatic |
Definition at line 302 of file ufsecp_impl.cpp.
References secp256k1::fast::Point::to_compressed().
Referenced by ufsecp_bip32_pubkey(), ufsecp_coin_derive_from_seed(), ufsecp_ecdsa_recover(), ufsecp_frost_keygen_begin(), ufsecp_frost_keygen_finalize(), ufsecp_multi_scalar_mul(), ufsecp_musig2_key_agg(), ufsecp_musig2_start_sign_session(), ufsecp_pubkey_add(), ufsecp_pubkey_combine(), ufsecp_pubkey_create(), ufsecp_pubkey_negate(), ufsecp_pubkey_parse(), ufsecp_pubkey_tweak_add(), ufsecp_pubkey_tweak_mul(), and ufsecp_shamir_trick().
|
static |
Definition at line 508 of file ufsecp_impl.cpp.
References ctx_set_err(), secp256k1::ct::generator_mul(), secp256k1::fast::Point::is_infinity(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, and UFSECP_OK.
Referenced by ufsecp_pubkey_create(), and ufsecp_pubkey_create_uncompressed().
|
static |
Definition at line 1650 of file ufsecp_impl.cpp.
Referenced by skip_compact_bytes(), and ufsecp_bip144_txid().
|
inlinestatic |
Definition at line 125 of file ufsecp_impl.cpp.
References secp256k1::fast::Scalar::parse_bytes_strict().
Referenced by ufsecp_ecdsa_adaptor_adapt(), ufsecp_ecdsa_adaptor_extract(), ufsecp_ecdsa_adaptor_verify(), ufsecp_frost_aggregate(), ufsecp_frost_keygen_finalize(), ufsecp_frost_sign(), ufsecp_frost_verify_partial(), ufsecp_multi_scalar_mul(), ufsecp_musig2_partial_sig_agg(), ufsecp_musig2_partial_verify(), ufsecp_pedersen_blind_sum(), ufsecp_pedersen_commit(), ufsecp_pedersen_switch_commit(), ufsecp_pedersen_verify(), ufsecp_pubkey_tweak_add(), ufsecp_schnorr_adaptor_adapt(), ufsecp_schnorr_adaptor_extract(), ufsecp_schnorr_adaptor_verify(), ufsecp_seckey_tweak_add(), ufsecp_shamir_trick(), ufsecp_zk_range_prove(), and ufsecp_zk_range_verify().
|
inlinestatic |
Definition at line 118 of file ufsecp_impl.cpp.
References secp256k1::fast::Scalar::parse_bytes_strict_nonzero().
Referenced by ecdh_parse_args(), parse_bip32_key(), pubkey_create_core(), ufsecp_bip322_sign(), ufsecp_btc_message_sign(), ufsecp_coin_wif_encode(), ufsecp_ecdsa_adaptor_adapt(), ufsecp_ecdsa_adaptor_sign(), ufsecp_ecdsa_sign(), ufsecp_ecdsa_sign_batch(), ufsecp_ecdsa_sign_recoverable(), ufsecp_ecdsa_sign_verified(), ufsecp_ecies_decrypt(), ufsecp_musig2_nonce_gen(), ufsecp_musig2_partial_sign(), ufsecp_psbt_sign_legacy(), ufsecp_psbt_sign_segwit(), ufsecp_psbt_sign_taproot(), ufsecp_pubkey_tweak_mul(), ufsecp_pubkey_xonly(), ufsecp_schnorr_adaptor_adapt(), ufsecp_schnorr_adaptor_sign(), ufsecp_schnorr_sign(), ufsecp_schnorr_sign_batch(), ufsecp_schnorr_sign_verified(), ufsecp_seckey_negate(), ufsecp_seckey_tweak_add(), ufsecp_seckey_tweak_mul(), ufsecp_silent_payment_address(), ufsecp_silent_payment_create_output(), ufsecp_silent_payment_scan(), ufsecp_taproot_tweak_seckey(), ufsecp_wif_encode(), ufsecp_zk_dleq_prove(), and ufsecp_zk_knowledge_prove().
|
inlinestatic |
Definition at line 131 of file ufsecp_impl.cpp.
References secp256k1::fast::Scalar::to_bytes().
Referenced by ufsecp_bip32_privkey(), ufsecp_coin_derive_from_seed(), ufsecp_ecdsa_adaptor_extract(), ufsecp_frost_keygen_begin(), ufsecp_frost_keygen_finalize(), ufsecp_frost_sign(), ufsecp_musig2_key_agg(), ufsecp_musig2_partial_sign(), ufsecp_musig2_start_sign_session(), ufsecp_pedersen_blind_sum(), ufsecp_schnorr_adaptor_extract(), ufsecp_seckey_negate(), ufsecp_seckey_tweak_add(), ufsecp_seckey_tweak_mul(), ufsecp_taproot_tweak_seckey(), ufsecp_wif_decode(), and ufsecp_zk_range_prove().
|
inlinestatic |
Definition at line 324 of file ufsecp_impl.cpp.
References secp256k1::detail::secure_erase().
|
static |
Definition at line 1674 of file ufsecp_impl.cpp.
References read_compact_size().
Referenced by ufsecp_bip144_txid().
|
static |
Definition at line 330 of file ufsecp_impl.cpp.
References secp256k1::Mainnet, secp256k1::Testnet, and UFSECP_NET_TESTNET.
Referenced by ufsecp_addr_p2pkh(), ufsecp_addr_p2sh_p2wpkh(), ufsecp_addr_p2tr(), ufsecp_addr_p2wpkh(), and ufsecp_wif_encode().
| unsigned int ufsecp_abi_version | ( | void | ) |
Return ABI version at runtime (same as UFSECP_ABI_VERSION).
Definition at line 343 of file ufsecp_impl.cpp.
References UFSECP_ABI_VERSION.
| ufsecp_error_t ufsecp_addr_p2pkh | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| int | network, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
P2PKH address from compressed pubkey. addr_len: in = buffer size, out = strlen (excl. NUL).
Definition at line 1152 of file ufsecp_impl.cpp.
References secp256k1::address_p2pkh(), ctx_clear_err(), ctx_set_err(), point_from_compressed(), to_network(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse().
| ufsecp_error_t ufsecp_addr_p2sh | ( | const uint8_t * | redeem_script, |
| size_t | redeem_script_len, | ||
| int | network, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
P2SH address from arbitrary redeem script. addr_len: in = buffer size (min 36), out = strlen (excl. NUL).
Definition at line 1229 of file ufsecp_impl.cpp.
References secp256k1::address_p2sh(), secp256k1::hash160(), secp256k1::Mainnet, secp256k1::Testnet, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, UFSECP_NET_MAINNET, and UFSECP_OK.
| ufsecp_error_t ufsecp_addr_p2sh_p2wpkh | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| int | network, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
P2SH-P2WPKH (WrappedSegWit) address from compressed pubkey. addr_len: in = buffer size (min 36), out = strlen (excl. NUL).
Definition at line 1250 of file ufsecp_impl.cpp.
References secp256k1::address_p2sh_p2wpkh(), ctx_clear_err(), ctx_set_err(), point_from_compressed(), to_network(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse().
| ufsecp_error_t ufsecp_addr_p2tr | ( | ufsecp_ctx * | ctx, |
| const uint8_t | internal_key_x[32], | ||
| int | network, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
P2TR (Bech32m, Taproot) from x-only internal key.
Definition at line 1200 of file ufsecp_impl.cpp.
References secp256k1::address_p2tr_raw(), ctx_clear_err(), ctx_set_err(), to_network(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse().
| ufsecp_error_t ufsecp_addr_p2wpkh | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| int | network, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
P2WPKH (Bech32, SegWit v0).
Definition at line 1176 of file ufsecp_impl.cpp.
References secp256k1::address_p2wpkh(), ctx_clear_err(), ctx_set_err(), point_from_compressed(), to_network(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse().
| ufsecp_error_t ufsecp_bip143_p2wpkh_script_code | ( | const uint8_t | pubkey_hash[20], |
| uint8_t | script_code_out[25] | ||
| ) |
Build P2WPKH scriptCode (25 bytes) from a 20-byte pubkey hash.
Definition at line 1635 of file ufsecp_impl.cpp.
References secp256k1::bip143_p2wpkh_script_code(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip143_sighash | ( | ufsecp_ctx * | ctx, |
| uint32_t | version, | ||
| const uint8_t | hash_prevouts[32], | ||
| const uint8_t | hash_sequence[32], | ||
| const uint8_t | outpoint_txid[32], | ||
| uint32_t | outpoint_vout, | ||
| const uint8_t * | script_code, | ||
| size_t | script_code_len, | ||
| uint64_t | value, | ||
| uint32_t | sequence, | ||
| const uint8_t | hash_outputs[32], | ||
| uint32_t | locktime, | ||
| uint32_t | sighash_type, | ||
| uint8_t | sighash_out[32] | ||
| ) |
Compute BIP-143 sighash digest for a SegWit v0 input. hash_prevouts, hash_sequence, hash_outputs: precomputed 32-byte hashes. outpoint_txid: 32-byte LE txid of the input being signed. outpoint_vout: output index of the input being signed. script_code / script_code_len: the scriptCode for this input. value: satoshi amount of the output being spent. sequence: nSequence of this input. sighash_type: SIGHASH_ALL etc.
Definition at line 1600 of file ufsecp_impl.cpp.
References secp256k1::bip143_sighash(), ctx_clear_err(), UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::Bip143Preimage::version.
| ufsecp_error_t ufsecp_bip144_txid | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | raw_tx, | ||
| size_t | raw_tx_len, | ||
| uint8_t | txid_out[32] | ||
| ) |
Compute txid (legacy hash, no witness) from raw witness-serialized tx. raw_tx/raw_tx_len: complete witness-format transaction bytes. txid_out: 32-byte LE txid.
Definition at line 1682 of file ufsecp_impl.cpp.
References secp256k1::SHA256::finalize(), secp256k1::SHA256::hash256(), read_compact_size(), skip_compact_bytes(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_bip144_witness_commitment | ( | const uint8_t | witness_root[32], |
| const uint8_t | witness_nonce[32], | ||
| uint8_t | commitment_out[32] | ||
| ) |
Compute witness commitment: SHA256d(witness_root || witness_nonce).
Definition at line 1763 of file ufsecp_impl.cpp.
References UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::witness_commitment().
| ufsecp_error_t ufsecp_bip144_wtxid | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | raw_tx, | ||
| size_t | raw_tx_len, | ||
| uint8_t | wtxid_out[32] | ||
| ) |
Compute wtxid from raw witness-serialized transaction bytes.
Definition at line 1750 of file ufsecp_impl.cpp.
References secp256k1::SHA256::hash256(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip322_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| ufsecp_bip322_addr_type | addr_type, | ||
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| uint8_t * | sig_out, | ||
| size_t * | sig_len | ||
| ) |
Sign a message using BIP-322 "simple" type. privkey: 32-byte private key. addr_type: address type (determines signing scheme and sighash). sig_out: buffer for the witness/signature bytes (min 128 bytes). sig_len: in = buffer size, out = actual bytes written.
Definition at line 4759 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_sign(), secp256k1::SHA256::finalize(), secp256k1::SHA256::hash(), scalar_parse_strict_nonzero(), secp256k1::ct::schnorr_keypair_create(), secp256k1::ct::schnorr_sign(), secp256k1::detail::secure_erase(), UFSECP_BIP322_ADDR_P2TR, UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_bip322_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | pubkey, | ||
| size_t | pubkey_len, | ||
| ufsecp_bip322_addr_type | addr_type, | ||
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| const uint8_t * | sig, | ||
| size_t | sig_len | ||
| ) |
Verify a BIP-322 "simple" signature. pubkey: 33-byte compressed (P2PKH/P2WPKH/P2SH-P2WPKH) or 32-byte x-only (P2TR). pubkey_len: 33 or 32. Returns UFSECP_OK if valid.
Definition at line 4822 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_verify(), secp256k1::SHA256::finalize(), secp256k1::ECDSASignature::from_compact(), secp256k1::SHA256::hash(), secp256k1::fast::Point::is_infinity(), point_from_compressed(), UFSECP_BIP322_ADDR_P2TR, UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, UFSECP_OK, ufsecp_schnorr_verify(), and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_bip32_derive | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | parent, | ||
| uint32_t | index, | ||
| ufsecp_bip32_key * | child_out | ||
| ) |
Normal or hardened child derivation (index >= 0x80000000 = hardened).
Definition at line 1422 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), extkey_to_uf(), parse_bip32_key(), secp256k1::detail::secure_erase(), UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip32_derive_path | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | master, | ||
| const char * | path, | ||
| ufsecp_bip32_key * | key_out | ||
| ) |
Full path derivation, e.g. "m/44'/0'/0'/0/0".
Definition at line 1447 of file ufsecp_impl.cpp.
References secp256k1::bip32_derive_path(), ctx_clear_err(), ctx_set_err(), extkey_to_uf(), parse_bip32_key(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse(), and ufsecp_psbt_derive_key().
| ufsecp_error_t ufsecp_bip32_master | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | seed, | ||
| size_t | seed_len, | ||
| ufsecp_bip32_key * | key_out | ||
| ) |
Master key from seed (16-64 bytes).
Definition at line 1401 of file ufsecp_impl.cpp.
References secp256k1::bip32_master_key(), ctx_clear_err(), ctx_set_err(), extkey_to_uf(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip32_privkey | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | key, | ||
| uint8_t | privkey32_out[32] | ||
| ) |
Extract 32-byte private key (fails if xpub).
Definition at line 1474 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), ufsecp_bip32_key::is_private, parse_bip32_key(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_psbt_derive_key().
| ufsecp_error_t ufsecp_bip32_pubkey | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | key, | ||
| uint8_t | pubkey33_out[33] | ||
| ) |
Extract 33-byte compressed public key.
Definition at line 1497 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), parse_bip32_key(), point_to_compressed(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_descriptor_parse().
| ufsecp_error_t ufsecp_bip39_generate | ( | ufsecp_ctx * | ctx, |
| size_t | entropy_bytes, | ||
| const uint8_t * | entropy_in, | ||
| char * | mnemonic_out, | ||
| size_t * | mnemonic_len | ||
| ) |
Generate BIP-39 mnemonic from entropy. entropy_bytes: 16 (12 words), 20 (15), 24 (18), 28 (21), 32 (24 words). entropy_in: NULL for random, or pointer to entropy bytes. mnemonic_out: buffer for NUL-terminated mnemonic. mnemonic_len: in = buffer size, out = strlen.
Definition at line 2100 of file ufsecp_impl.cpp.
References secp256k1::bip39_generate(), ctx_clear_err(), ctx_set_err(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip39_to_entropy | ( | ufsecp_ctx * | ctx, |
| const char * | mnemonic, | ||
| uint8_t * | entropy_out, | ||
| size_t * | entropy_len | ||
| ) |
Convert mnemonic back to raw entropy bytes. entropy_out: buffer (>=32 bytes). entropy_len: out = actual entropy length.
Definition at line 2154 of file ufsecp_impl.cpp.
References secp256k1::bip39_mnemonic_to_entropy(), ctx_clear_err(), ctx_set_err(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip39_to_seed | ( | ufsecp_ctx * | ctx, |
| const char * | mnemonic, | ||
| const char * | passphrase, | ||
| uint8_t | seed64_out[64] | ||
| ) |
Convert mnemonic to 64-byte seed (PBKDF2-HMAC-SHA512, 2048 rounds). passphrase: optional BIP-39 passphrase (NULL or "" for none).
Definition at line 2136 of file ufsecp_impl.cpp.
References secp256k1::bip39_mnemonic_to_seed(), ctx_clear_err(), ctx_set_err(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip39_validate | ( | const ufsecp_ctx * | ctx, |
| const char * | mnemonic | ||
| ) |
Validate BIP-39 mnemonic (checksum + word list). Returns UFSECP_OK if valid, UFSECP_ERR_BAD_INPUT if invalid.
Definition at line 2125 of file ufsecp_impl.cpp.
References secp256k1::bip39_validate(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip85_bip39 | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | master_xprv, | ||
| uint32_t | words, | ||
| uint32_t | language_index, | ||
| uint32_t | index, | ||
| char * | mnemonic_out, | ||
| size_t * | mnemonic_len | ||
| ) |
Derive a BIP-39 mnemonic using BIP-85. words: 12, 18, or 24. language_index: 0=English. index: child index. mnemonic_out: buffer, min 500 bytes.
Definition at line 4650 of file ufsecp_impl.cpp.
References secp256k1::bip39_generate(), ctx_clear_err(), ctx_set_err(), secp256k1::detail::secure_erase(), ufsecp_bip85_entropy(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_bip85_entropy | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | master_xprv, | ||
| const char * | path, | ||
| uint8_t * | entropy_out, | ||
| size_t | entropy_len | ||
| ) |
Derive application entropy from a BIP-32 master xprv. path: BIP-85 derivation path string, e.g. "m/83696968'/2'/0'" entropy_out: output buffer (caller-supplied, min entropy_len bytes). entropy_len: number of entropy bytes to derive (16, 24, or 32). Internally: HMAC-SHA512(key="bip-85", data=derived_privkey), take first entropy_len bytes.
Definition at line 4606 of file ufsecp_impl.cpp.
References secp256k1::bip32_derive_path(), ctx_clear_err(), ctx_set_err(), secp256k1::hmac_sha512(), ufsecp_bip32_key::is_private, parse_bip32_key(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_bip85_bip39().
| ufsecp_error_t ufsecp_btc_message_hash | ( | const uint8_t * | msg, |
| size_t | msg_len, | ||
| uint8_t | digest32_out[32] | ||
| ) |
Bitcoin message hash (double SHA-256 with prefix).
Definition at line 4017 of file ufsecp_impl.cpp.
References secp256k1::coins::bitcoin_message_hash(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_btc_message_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| const uint8_t | privkey[32], | ||
| char * | base64_out, | ||
| size_t * | base64_len | ||
| ) |
Bitcoin message signing (BIP-137). base64_out: buffer for base64-encoded signature. base64_len: in = buffer size, out = strlen.
Definition at line 3972 of file ufsecp_impl.cpp.
References secp256k1::coins::bitcoin_sig_to_base64(), secp256k1::coins::bitcoin_sign_message(), ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_btc_message_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| const uint8_t | pubkey33[33], | ||
| const char * | base64_sig | ||
| ) |
Bitcoin message verify. Returns UFSECP_OK if signature is valid.
Definition at line 3995 of file ufsecp_impl.cpp.
References secp256k1::coins::bitcoin_sig_from_base64(), secp256k1::coins::bitcoin_verify_message(), ctx_clear_err(), ctx_set_err(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_coin_address | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| uint32_t | coin_type, | ||
| int | testnet, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
Get default address for a coin from a compressed public key. coin_type: BIP-44 coin type index. addr_out: buffer for NUL-terminated address. addr_len: in = buffer size, out = strlen.
Definition at line 3847 of file ufsecp_impl.cpp.
References secp256k1::coins::coin_address(), ctx_clear_err(), ctx_set_err(), find_coin(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_coin_derive_from_seed | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | seed, | ||
| size_t | seed_len, | ||
| uint32_t | coin_type, | ||
| uint32_t | account, | ||
| int | change, | ||
| uint32_t | index, | ||
| int | testnet, | ||
| uint8_t * | privkey32_out, | ||
| uint8_t * | pubkey33_out, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
Derive full key from seed for a specific coin. seed must be 16 to 64 bytes. Derives using best_purpose for the coin. privkey32_out, pubkey33_out: optional (NULL to skip). addr_out and addr_len are optional as a pair and must be both NULL or both non-NULL.
Definition at line 3875 of file ufsecp_impl.cpp.
References secp256k1::bip32_master_key(), secp256k1::coins::coin_address(), secp256k1::coins::coin_derive_key(), ctx_clear_err(), ctx_set_err(), find_coin(), point_to_compressed(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_coin_wif_encode | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| uint32_t | coin_type, | ||
| int | testnet, | ||
| char * | wif_out, | ||
| size_t * | wif_len | ||
| ) |
Encode WIF for any supported coin.
Definition at line 3943 of file ufsecp_impl.cpp.
References secp256k1::coins::coin_wif_encode(), ctx_clear_err(), ctx_set_err(), find_coin(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ctx_clone | ( | const ufsecp_ctx * | src, |
| ufsecp_ctx ** | ctx_out | ||
| ) |
Clone an existing context (deep copy).
Definition at line 393 of file ufsecp_impl.cpp.
References ctx_clear_err(), UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ctx_create | ( | ufsecp_ctx ** | ctx_out | ) |
Create a new context. Runs library self-test on first call (cached globally). Both fast and CT layers are always active – no flags needed.
| ctx_out | receives the new context pointer. |
Definition at line 372 of file ufsecp_impl.cpp.
References secp256k1::fast::ensure_library_integrity(), ufsecp_ctx::last_err, ufsecp_ctx::last_msg, ufsecp_ctx::selftest_ok, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, UFSECP_ERR_SELFTEST, and UFSECP_OK.
| void ufsecp_ctx_destroy | ( | ufsecp_ctx * | ctx | ) |
Destroy context and free resources. NULL is safe.
Definition at line 407 of file ufsecp_impl.cpp.
| size_t ufsecp_ctx_size | ( | void | ) |
Size of the compiled ufsecp_ctx struct (for FFI layout assertions).
Definition at line 420 of file ufsecp_impl.cpp.
| ufsecp_error_t ufsecp_descriptor_address | ( | ufsecp_ctx * | ctx, |
| const char * | descriptor, | ||
| uint32_t | index, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
Derive address directly from a descriptor string. Convenience wrapper around ufsecp_descriptor_parse.
Definition at line 5451 of file ufsecp_impl.cpp.
References ctx_clear_err(), ufsecp_descriptor_parse(), and UFSECP_ERR_NULL_ARG.
| ufsecp_error_t ufsecp_descriptor_parse | ( | ufsecp_ctx * | ctx, |
| const char * | descriptor, | ||
| uint32_t | index, | ||
| ufsecp_desc_key * | key_out, | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
Parse a descriptor string and derive the key + address type. descriptor: e.g. "wpkh(xpub.../<0;1>/[*])" or "tr(xpub.../0/0)" index: child index to resolve (replaces * wildcard). key_out: receives the parsed key information. addr_out: buffer for the derived address (min 128 bytes), or NULL. addr_len: in/out for address buffer.
Definition at line 5253 of file ufsecp_impl.cpp.
References secp256k1::base58check_decode(), ctx_clear_err(), ctx_set_err(), ufsecp_desc_key::network, ufsecp_desc_key::path, ufsecp_desc_key::pubkey, ufsecp_desc_key::pubkey_len, ufsecp_desc_key::type, ufsecp_addr_p2pkh(), ufsecp_addr_p2sh_p2wpkh(), ufsecp_addr_p2tr(), ufsecp_addr_p2wpkh(), ufsecp_bip32_derive_path(), ufsecp_bip32_pubkey(), UFSECP_CATCH_RETURN, UFSECP_DESC_PK, UFSECP_DESC_PKH, UFSECP_DESC_SH_WPKH, UFSECP_DESC_TR, UFSECP_DESC_WPKH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_NET_MAINNET, UFSECP_NET_TESTNET, and UFSECP_OK.
Referenced by ufsecp_descriptor_address().
| ufsecp_error_t ufsecp_ecdh | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | pubkey33[33], | ||
| uint8_t | secret32_out[32] | ||
| ) |
ECDH shared secret: SHA256(compressed shared point).
Definition at line 1069 of file ufsecp_impl.cpp.
References ctx_clear_err(), secp256k1::ecdh_compute(), ecdh_parse_args(), secp256k1::detail::secure_erase(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdh_raw | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | pubkey33[33], | ||
| uint8_t | secret32_out[32] | ||
| ) |
ECDH raw: raw x-coordinate (32 bytes, no hash).
Definition at line 1101 of file ufsecp_impl.cpp.
References ctx_clear_err(), secp256k1::ecdh_compute_raw(), ecdh_parse_args(), secp256k1::detail::secure_erase(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdh_xonly | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | pubkey33[33], | ||
| uint8_t | secret32_out[32] | ||
| ) |
ECDH x-only: SHA256(x-coordinate).
Definition at line 1085 of file ufsecp_impl.cpp.
References ctx_clear_err(), secp256k1::ecdh_compute_xonly(), ecdh_parse_args(), secp256k1::detail::secure_erase(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_adaptor_adapt | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], | ||
| const uint8_t | adaptor_secret[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Adapt ECDSA pre-signature into valid signature.
Definition at line 3422 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_adaptor_adapt(), secp256k1::fast::Point::is_infinity(), point_from_compressed(), secp256k1::ECDSAAdaptorSig::r, secp256k1::ECDSAAdaptorSig::R_hat, secp256k1::ECDSAAdaptorSig::s_hat, scalar_parse_strict(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_adaptor_extract | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], | ||
| const uint8_t | sig64[64], | ||
| uint8_t | secret32_out[32] | ||
| ) |
Extract adaptor secret from ECDSA pre-sig + completed sig.
Definition at line 3453 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_adaptor_extract(), secp256k1::fast::Point::is_infinity(), secp256k1::ECDSASignature::parse_compact_strict(), point_from_compressed(), secp256k1::ECDSAAdaptorSig::r, secp256k1::ECDSAAdaptorSig::R_hat, secp256k1::ECDSAAdaptorSig::s_hat, scalar_parse_strict(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_SIG, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_adaptor_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | adaptor_point33[33], | ||
| uint8_t | pre_sig_out[UFSECP_ECDSA_ADAPTOR_SIG_LEN] | ||
| ) |
ECDSA adaptor pre-sign.
Definition at line 3350 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_adaptor_sign(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ECDSA_ADAPTOR_SIG_LEN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_adaptor_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_ECDSA_ADAPTOR_SIG_LEN], | ||
| const uint8_t | pubkey33[33], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | adaptor_point33[33] | ||
| ) |
Verify ECDSA adaptor pre-signature.
Definition at line 3383 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_adaptor_verify(), secp256k1::fast::Point::is_infinity(), point_from_compressed(), secp256k1::ECDSAAdaptorSig::r, secp256k1::ECDSAAdaptorSig::R_hat, secp256k1::ECDSAAdaptorSig::s_hat, scalar_parse_strict(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_batch_identify_invalid | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | entries, | ||
| size_t | n, | ||
| size_t * | invalid_out, | ||
| size_t * | invalid_count | ||
| ) |
ECDSA batch identify invalid: returns indices of invalid sigs. invalid_out: caller-owned array of size_t. invalid_count: in = invalid_out capacity, out = total number of invalid entries.
Definition at line 2273 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_batch_identify_invalid(), secp256k1::ECDSASignature::parse_compact_strict(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_batch_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | entries, | ||
| size_t | n | ||
| ) |
ECDSA batch verify: verify N signatures in one call. Each entry: [32-byte msg | 33-byte pubkey | 64-byte sig] = 129 bytes. Returns UFSECP_OK if ALL valid.
Definition at line 2210 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_batch_verify(), secp256k1::ECDSASignature::parse_compact_strict(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_recover | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | sig64[64], | ||
| int | recid, | ||
| uint8_t | pubkey33_out[33] | ||
| ) |
Recover public key from an ECDSA recoverable signature.
Definition at line 856 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_recover(), secp256k1::ECDSASignature::parse_compact_strict(), point_to_compressed(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sig_from_der | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | der, | ||
| size_t | der_len, | ||
| uint8_t | sig64_out[64] | ||
| ) |
Decode DER-encoded sig back to compact 64 bytes.
Definition at line 704 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Scalar::parse_bytes_strict_nonzero(), UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sig_to_der | ( | ufsecp_ctx * | ctx, |
| const uint8_t | sig64[64], | ||
| uint8_t * | der_out, | ||
| size_t * | der_len | ||
| ) |
Encode compact sig to DER. der_len: in = buffer size (>=72), out = actual DER length.
Definition at line 680 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ECDSASignature::parse_compact_strict(), secp256k1::ECDSASignature::to_der(), UFSECP_ERR_BAD_SIG, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Sign a 32-byte hash. Output: 64-byte compact R||S (low-S normalised).
Definition at line 609 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ct::ecdsa_sign(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sign_batch | ( | ufsecp_ctx * | ctx, |
| size_t | count, | ||
| const uint8_t * | msgs32, | ||
| const uint8_t * | privkeys32, | ||
| uint8_t * | sigs64_out | ||
| ) |
ECDSA sign a batch of messages. Signs each (msgs32[i], privkeys32[i]) pair in order using the CT sign path. The private key for each entry is immediately erased from memory after use. Returns on the first failure; already-written entries remain valid.
| ctx | CPU context. |
| count | Number of (message, key) pairs. |
| msgs32 | Input: count * 32 bytes (message hashes, contiguous). |
| privkeys32 | Input: count * 32 bytes (private keys, contiguous). |
| sigs64_out | Output: count * 64 bytes (compact R||S per entry). |
Definition at line 947 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ct::ecdsa_sign(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sign_recoverable | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sig64_out[64], | ||
| int * | recid_out | ||
| ) |
Sign with recovery id. recid_out: recovery id (0-3).
Definition at line 824 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_sign_recoverable(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_sign_verified | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Sign + verify (FIPS 186-4 fault attack countermeasure). Verifies the produced signature before returning it. Use this when fault injection resistance is required.
Definition at line 631 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ct::ecdsa_sign_verified(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecdsa_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | sig64[64], | ||
| const uint8_t | pubkey33[33] | ||
| ) |
Verify an ECDSA compact signature. Returns UFSECP_OK if valid, UFSECP_ERR_VERIFY_FAIL if invalid.
Definition at line 652 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_verify(), secp256k1::ECDSASignature::parse_compact_strict(), point_from_compressed(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecies_decrypt | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t * | envelope, | ||
| size_t | envelope_len, | ||
| uint8_t * | plaintext_out, | ||
| size_t * | plaintext_len | ||
| ) |
ECIES decrypt: decrypt an ECIES envelope with a private key. privkey: 32-byte private key. envelope, envelope_len: encrypted envelope. plaintext_out: buffer for decrypted plaintext (min envelope_len - 81). plaintext_len: in = buffer size, out = actual plaintext size.
Definition at line 4263 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecies_decrypt(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ECIES_OVERHEAD, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_ecies_encrypt | ( | ufsecp_ctx * | ctx, |
| const uint8_t | recipient_pubkey33[33], | ||
| const uint8_t * | plaintext, | ||
| size_t | plaintext_len, | ||
| uint8_t * | envelope_out, | ||
| size_t * | envelope_len | ||
| ) |
ECIES encrypt: encrypt plaintext for a recipient's public key. recipient_pubkey33: 33-byte compressed public key. plaintext, plaintext_len: message to encrypt. envelope_out: buffer for encrypted envelope (min plaintext_len + 81). envelope_len: in = buffer size, out = actual envelope size.
Definition at line 4226 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecies_encrypt(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ECIES_OVERHEAD, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| const char * ufsecp_error_str | ( | ufsecp_error_t | err | ) |
Map error code to a short English description (never NULL).
Definition at line 351 of file ufsecp_impl.cpp.
References UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, UFSECP_ERR_SELFTEST, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
Referenced by ufsecp_last_error_msg().
| ufsecp_error_t ufsecp_frost_aggregate | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | partial_sigs, | ||
| size_t | n, | ||
| const uint8_t * | nonce_commits, | ||
| size_t | n_signers, | ||
| const uint8_t | group_pubkey33[33], | ||
| const uint8_t | msg32[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Aggregate FROST partial signatures into final Schnorr signature. partial_sigs must contain exactly n records of 36 bytes. nonce_commits must contain exactly n_signers records of UFSECP_FROST_NONCE_COMMIT_LEN bytes. Both n and n_signers must be non-zero and must describe the same signer set. Partial signature IDs and nonce commitment IDs must be unique, non-zero, and each partial signature signer must appear exactly once in nonce_commits.
Definition at line 3121 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::frost_aggregate(), point_from_compressed(), scalar_parse_strict(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_FROST_NONCE_COMMIT_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_frost_keygen_begin | ( | ufsecp_ctx * | ctx, |
| uint32_t | participant_id, | ||
| uint32_t | threshold, | ||
| uint32_t | num_participants, | ||
| const uint8_t | seed[32], | ||
| uint8_t * | commits_out, | ||
| size_t * | commits_len, | ||
| uint8_t * | shares_out, | ||
| size_t * | shares_len | ||
| ) |
FROST key generation phase 1: produce commitment + shares. participant_id must be in [1, num_participants] and threshold must satisfy 2 <= threshold <= num_participants. commits_out must have room for 8 + threshold * 33 bytes. shares_out must have room for num_participants * UFSECP_FROST_SHARE_LEN bytes. commits_out: commitment blob. shares_out: n shares of UFSECP_FROST_SHARE_LEN each.
Definition at line 2678 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::frost_keygen_begin(), point_to_compressed(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, UFSECP_FROST_SHARE_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_frost_keygen_finalize | ( | ufsecp_ctx * | ctx, |
| uint32_t | participant_id, | ||
| const uint8_t * | all_commits, | ||
| size_t | commits_len, | ||
| const uint8_t * | received_shares, | ||
| size_t | shares_len, | ||
| uint32_t | threshold, | ||
| uint32_t | num_participants, | ||
| uint8_t | keypkg_out[UFSECP_FROST_KEYPKG_LEN] | ||
| ) |
FROST key generation phase 2: finalise key package. participant_id must be in [1, num_participants] and threshold must satisfy 2 <= threshold <= num_participants. all_commits length must equal num_participants * (8 + threshold * 33) and must contain exactly num_participants unique commitment records, each with exactly threshold coefficients. received_shares length must equal num_participants * UFSECP_FROST_SHARE_LEN and must contain exactly num_participants unique share records.
Definition at line 2754 of file ufsecp_impl.cpp.
References secp256k1::FrostCommitment::coeffs, ctx_clear_err(), ctx_set_err(), secp256k1::FrostCommitment::from, secp256k1::frost_keygen_finalize(), point_from_compressed(), point_to_compressed(), scalar_parse_strict(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, UFSECP_FROST_KEYPKG_LEN, UFSECP_FROST_SHARE_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_frost_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | keypkg[UFSECP_FROST_KEYPKG_LEN], | ||
| const uint8_t | nonce[UFSECP_FROST_NONCE_LEN], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t * | nonce_commits, | ||
| size_t | n_signers, | ||
| uint8_t | partial_sig_out[36] | ||
| ) |
Sign a FROST round-2 partial signature.
Bridges the stable C ABI to the internal FROST signing protocol:
| ctx | Library context (must not be null). |
| keypkg | Serialised FROST key package (UFSECP_FROST_KEYPKG_LEN bytes). |
| nonce | Signing nonce generated in round 1 (UFSECP_FROST_NONCE_LEN bytes). |
| msg32 | 32-byte message hash to sign. |
| nonce_commits | Array of n_signers serialised nonce commitments. |
| n_signers | Number of participants in this signing round. |
| partial_sig_out | Output buffer for the 36-byte partial signature. |
Definition at line 2929 of file ufsecp_impl.cpp.
References secp256k1::FrostNonce::binding_nonce, ctx_clear_err(), ctx_set_err(), secp256k1::frost_sign(), secp256k1::FrostKeyPackage::group_public_key, secp256k1::FrostNonce::hiding_nonce, secp256k1::FrostKeyPackage::id, secp256k1::fast::Point::is_infinity(), secp256k1::FrostKeyPackage::num_participants, point_from_compressed(), scalar_parse_strict(), scalar_to_bytes(), secp256k1::detail::secure_erase(), secp256k1::FrostKeyPackage::signing_share, secp256k1::FrostKeyPackage::threshold, UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, UFSECP_FROST_NONCE_COMMIT_LEN, UFSECP_OK, and secp256k1::FrostKeyPackage::verification_share.
| ufsecp_error_t ufsecp_frost_sign_nonce_gen | ( | ufsecp_ctx * | ctx, |
| uint32_t | participant_id, | ||
| const uint8_t | nonce_seed[32], | ||
| uint8_t | nonce_out[UFSECP_FROST_NONCE_LEN], | ||
| uint8_t | nonce_commit_out[UFSECP_FROST_NONCE_COMMIT_LEN] | ||
| ) |
Generate FROST signing nonce. participant_id must be non-zero and use the protocol's 1-based participant numbering.
Definition at line 2883 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::frost_sign_nonce_gen(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_frost_verify_partial | ( | ufsecp_ctx * | ctx, |
| const uint8_t | partial_sig[36], | ||
| const uint8_t | verification_share33[33], | ||
| const uint8_t * | nonce_commits, | ||
| size_t | n_signers, | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | group_pubkey33[33] | ||
| ) |
Verify FROST partial signature. verification_share33: 33-byte compressed signer verification share Y_i. nonce_commits must contain exactly n_signers records of UFSECP_FROST_NONCE_COMMIT_LEN bytes and n_signers must be non-zero. partial_sig[0..3] and all nonce commitment signer IDs must be non-zero and unique, and partial_sig's signer ID must appear exactly once in nonce_commits.
Definition at line 3040 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::frost_verify_partial(), secp256k1::FrostPartialSig::id, point_from_compressed(), scalar_parse_strict(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, UFSECP_FROST_NONCE_COMMIT_LEN, UFSECP_OK, and secp256k1::FrostPartialSig::z_i.
| ufsecp_error_t ufsecp_gcs_build | ( | const uint8_t | key[16], |
| const uint8_t ** | data, | ||
| const size_t * | data_sizes, | ||
| size_t | count, | ||
| uint8_t * | filter_out, | ||
| size_t * | filter_len | ||
| ) |
Build a BIP-158 "basic" GCS filter. key: 16-byte SipHash key (from block hash). data: array of count variable-length items (each a script or txid). data_sizes: array of count sizes for each data item. filter_out: output buffer for encoded filter (caller-supplied). filter_len: in = buffer size, out = actual bytes written. N = count of items, P = 19, M = 784931 (BIP-158 defaults).
Definition at line 5010 of file ufsecp_impl.cpp.
References gcs_encode(), GCS_M, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_gcs_match | ( | const uint8_t | key[16], |
| const uint8_t * | filter, | ||
| size_t | filter_len, | ||
| size_t | n_items, | ||
| const uint8_t * | item, | ||
| size_t | item_len | ||
| ) |
Test if a single item is in the filter. Returns UFSECP_OK if item is in filter, UFSECP_ERR_NOT_FOUND if not.
Definition at line 5036 of file ufsecp_impl.cpp.
References gcs_decode(), GCS_M, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NOT_FOUND, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_gcs_match_any | ( | const uint8_t | key[16], |
| const uint8_t * | filter, | ||
| size_t | filter_len, | ||
| size_t | n_items, | ||
| const uint8_t ** | query, | ||
| const size_t * | query_sizes, | ||
| size_t | query_count | ||
| ) |
Test if any of the query items is in the filter (OR match). Returns UFSECP_OK if any item matches.
Definition at line 5061 of file ufsecp_impl.cpp.
References gcs_decode(), GCS_M, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NOT_FOUND, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_hash160 | ( | const uint8_t * | data, |
| size_t | len, | ||
| uint8_t | digest20_out[20] | ||
| ) |
RIPEMD160(SHA256(data)) = Hash160.
Definition at line 1131 of file ufsecp_impl.cpp.
References secp256k1::hash160(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_last_error | ( | const ufsecp_ctx * | ctx | ) |
Last error code on this context (0 = none).
Definition at line 411 of file ufsecp_impl.cpp.
References ufsecp_ctx::last_err, and UFSECP_ERR_NULL_ARG.
| const char * ufsecp_last_error_msg | ( | const ufsecp_ctx * | ctx | ) |
Last error message on this context (never NULL). The returned pointer is borrowed storage owned by ctx. It remains valid until the next call that mutates the same ctx, or until ufsecp_ctx_destroy(ctx). Copy it if it must outlive the context/call.
Definition at line 415 of file ufsecp_impl.cpp.
References ufsecp_ctx::last_err, ufsecp_ctx::last_msg, and ufsecp_error_str().
| ufsecp_error_t ufsecp_multi_scalar_mul | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | scalars, | ||
| const uint8_t * | points, | ||
| size_t | n, | ||
| uint8_t | out33[33] | ||
| ) |
Multi-scalar multiplication: compute sum(scalars[i] * points[i]). scalars: n * 32 bytes contiguous. points: n * 33 bytes contiguous. Both contiguous byte spans must fit in size_t.
Definition at line 2350 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::multi_scalar_mul(), point_from_compressed(), point_to_compressed(), scalar_parse_strict(), UFSECP_CATCH_RETURN, UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_key_agg | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | pubkeys, | ||
| size_t | n, | ||
| uint8_t | keyagg_out[UFSECP_MUSIG2_KEYAGG_LEN], | ||
| uint8_t | agg_pubkey32_out[32] | ||
| ) |
Aggregate public keys for MuSig2. pubkeys: n * 32 bytes (x-only). keyagg_out: opaque context. The current fixed-size keyagg/session format supports 2 to 3 participants.
Definition at line 2390 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::musig2_key_agg(), point_to_compressed(), scalar_to_bytes(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_MUSIG2_KEYAGG_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_nonce_agg | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | pubnonces, | ||
| size_t | n, | ||
| uint8_t | aggnonce_out[UFSECP_MUSIG2_AGGNONCE_LEN] | ||
| ) |
Aggregate public nonces. pubnonces must contain exactly n records of UFSECP_MUSIG2_PUBNONCE_LEN bytes. Each record must contain two valid 33-byte compressed curve points. n must be at least 2.
Definition at line 2457 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::MuSig2PubNonce::deserialize(), secp256k1::musig2_nonce_agg(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_MUSIG2_AGGNONCE_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_nonce_gen | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | pubkey32[32], | ||
| const uint8_t | agg_pubkey32[32], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | extra_in[32], | ||
| uint8_t | secnonce_out[UFSECP_MUSIG2_SECNONCE_LEN], | ||
| uint8_t | pubnonce_out[UFSECP_MUSIG2_PUBNONCE_LEN] | ||
| ) |
Generate MuSig2 nonce pair.
Definition at line 2422 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::musig2_nonce_gen(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_partial_sig_agg | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | partial_sigs, | ||
| size_t | n, | ||
| const uint8_t | session[UFSECP_MUSIG2_SESSION_LEN], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Aggregate partial signatures into a final BIP-340 Schnorr signature. partial_sigs must contain exactly n records of 32 bytes. n must be non-zero and must match the participant count bound into session.
Definition at line 2636 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::musig2_partial_sig_agg(), scalar_parse_strict(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_partial_sign | ( | ufsecp_ctx * | ctx, |
| uint8_t | secnonce[UFSECP_MUSIG2_SECNONCE_LEN], | ||
| const uint8_t | privkey[32], | ||
| const uint8_t | keyagg[UFSECP_MUSIG2_KEYAGG_LEN], | ||
| const uint8_t | session[UFSECP_MUSIG2_SESSION_LEN], | ||
| size_t | signer_index, | ||
| uint8_t | partial_sig32_out[32] | ||
| ) |
Produce a partial signature. IMPORTANT: secnonce is zeroed after use to prevent nonce reuse. keyagg must be a valid opaque context previously produced by ufsecp_musig2_key_agg. signer_index must be a valid participant index within the aggregated key set. session must carry the same participant count as keyagg.
Definition at line 2532 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::MuSig2SecNonce::k1, secp256k1::MuSig2SecNonce::k2, secp256k1::MuSig2KeyAggCtx::key_coefficients, secp256k1::musig2_partial_sign(), scalar_parse_strict_nonzero(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, UFSECP_MUSIG2_SECNONCE_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_partial_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | partial_sig32[32], | ||
| const uint8_t | pubnonce[UFSECP_MUSIG2_PUBNONCE_LEN], | ||
| const uint8_t | pubkey32[32], | ||
| const uint8_t | keyagg[UFSECP_MUSIG2_KEYAGG_LEN], | ||
| const uint8_t | session[UFSECP_MUSIG2_SESSION_LEN], | ||
| size_t | signer_index | ||
| ) |
Verify a partial signature. keyagg must be a valid opaque context previously produced by ufsecp_musig2_key_agg. signer_index must be a valid participant index within the aggregated key set. session must carry the same participant count as keyagg.
Definition at line 2588 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::MuSig2PubNonce::deserialize(), secp256k1::MuSig2KeyAggCtx::key_coefficients, secp256k1::musig2_partial_verify(), scalar_parse_strict(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_musig2_start_sign_session | ( | ufsecp_ctx * | ctx, |
| const uint8_t | aggnonce[UFSECP_MUSIG2_AGGNONCE_LEN], | ||
| const uint8_t | keyagg[UFSECP_MUSIG2_KEYAGG_LEN], | ||
| const uint8_t | msg32[32], | ||
| uint8_t | session_out[UFSECP_MUSIG2_SESSION_LEN] | ||
| ) |
Start a MuSig2 signing session. keyagg must be a valid opaque context previously produced by ufsecp_musig2_key_agg. session_out binds the participant count from keyagg and must later be paired with exactly the same signer set arity during partial signing, verification, and aggregation.
Definition at line 2491 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::is_infinity(), secp256k1::MuSig2KeyAggCtx::key_coefficients, secp256k1::musig2_start_sign_session(), point_from_compressed(), point_to_compressed(), secp256k1::MuSig2AggNonce::R1, secp256k1::MuSig2AggNonce::R2, scalar_to_bytes(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_MUSIG2_SESSION_LEN, and UFSECP_OK.
| ufsecp_error_t ufsecp_pedersen_blind_sum | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | blinds_in, | ||
| size_t | n_in, | ||
| const uint8_t * | blinds_out, | ||
| size_t | n_out, | ||
| uint8_t | sum32_out[32] | ||
| ) |
Compute blinding sum: sum(in) - sum(out). blinds: all blindings contiguous (32 bytes each), first n_in are inputs.
Definition at line 3568 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::pedersen_blind_sum(), scalar_parse_strict(), scalar_to_bytes(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pedersen_commit | ( | ufsecp_ctx * | ctx, |
| const uint8_t | value[32], | ||
| const uint8_t | blinding[32], | ||
| uint8_t | commitment33_out[33] | ||
| ) |
Pedersen commitment: C = value * H + blinding * G. commitment33_out: 33-byte compressed point.
Definition at line 3492 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::pedersen_commit(), scalar_parse_strict(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pedersen_switch_commit | ( | ufsecp_ctx * | ctx, |
| const uint8_t | value[32], | ||
| const uint8_t | blinding[32], | ||
| const uint8_t | switch_blind[32], | ||
| uint8_t | commitment33_out[33] | ||
| ) |
Switch commitment: C = value*H + blinding*G + switch_blind*J.
Definition at line 3600 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::pedersen_switch_commit(), scalar_parse_strict(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pedersen_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | commitment33[33], | ||
| const uint8_t | value[32], | ||
| const uint8_t | blinding[32] | ||
| ) |
Verify Pedersen commitment.
Definition at line 3511 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::pedersen_verify(), point_from_compressed(), scalar_parse_strict(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_pedersen_verify_sum | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | pos, | ||
| size_t | n_pos, | ||
| const uint8_t * | neg, | ||
| size_t | n_neg | ||
| ) |
Verify that sum of positive commitments equals sum of negative commitments. pos/neg: arrays of 33-byte compressed commitments.
Definition at line 3534 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::pedersen_verify_sum(), point_from_compressed(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_psbt_derive_key | ( | ufsecp_ctx * | ctx, |
| const ufsecp_bip32_key * | master_xprv, | ||
| const char * | key_path, | ||
| uint8_t | privkey_out[32] | ||
| ) |
Derive the signing key from a BIP-32 xprv + key-path record. key_path: e.g. "m/84'/0'/0'/0/0" privkey_out: 32-byte derived private key.
Definition at line 5234 of file ufsecp_impl.cpp.
References ctx_clear_err(), ufsecp_bip32_derive_path(), ufsecp_bip32_privkey(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_psbt_sign_legacy | ( | ufsecp_ctx * | ctx, |
| const uint8_t | sighash32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sighash_type, | ||
| uint8_t * | sig_out, | ||
| size_t * | sig_len | ||
| ) |
Sign a PSBT non-witness input (legacy P2PKH). sighash: 32-byte BIP-143 or BIP-341 sighash pre-image digest. privkey: signing private key. sig_out: DER+sighash_type, min 73 bytes. sig_len: in = buffer size, out = actual bytes.
Definition at line 5093 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_sign(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_psbt_sign_segwit | ( | ufsecp_ctx * | ctx, |
| const uint8_t | sighash32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sighash_type, | ||
| uint8_t * | sig_out, | ||
| size_t * | sig_len | ||
| ) |
Sign a PSBT SegWit v0 input (P2WPKH or P2WSH). Returns compact ECDSA sig (64 bytes) + sighash_type (1 byte) = 65 bytes total.
Definition at line 5159 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::ecdsa_sign(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_psbt_sign_taproot | ( | ufsecp_ctx * | ctx, |
| const uint8_t | sighash32[32], | ||
| const uint8_t | privkey[32], | ||
| uint8_t | sighash_type, | ||
| const uint8_t * | aux_rand32, | ||
| uint8_t * | sig_out, | ||
| size_t * | sig_len | ||
| ) |
Sign a PSBT Taproot key-path input (P2TR). Returns 64-byte Schnorr sig (+ optional sighash_type byte if not SIGHASH_DEFAULT).
Definition at line 5191 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::ct::schnorr_keypair_create(), secp256k1::ct::schnorr_sign(), secp256k1::detail::secure_erase(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, UFSECP_OK, and UFSECP_SIGHASH_DEFAULT.
| ufsecp_error_t ufsecp_pubkey_add | ( | ufsecp_ctx * | ctx, |
| const uint8_t | a33[33], | ||
| const uint8_t | b33[33], | ||
| uint8_t | out33[33] | ||
| ) |
Add two compressed public keys: out = a + b.
Definition at line 1986 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), point_to_compressed(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_combine | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | pubkeys, | ||
| size_t | n, | ||
| uint8_t | out33[33] | ||
| ) |
Combine N compressed public keys: out = sum(pubkeys[i]). pubkeys: array of 33-byte compressed keys, contiguous. The total contiguous byte span n * 33 must fit in size_t.
Definition at line 2067 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), point_to_compressed(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_create | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| uint8_t | pubkey33_out[33] | ||
| ) |
Derive compressed public key (33 bytes) from private key.
Definition at line 523 of file ufsecp_impl.cpp.
References ctx_clear_err(), point_to_compressed(), pubkey_create_core(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_create_uncompressed | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| uint8_t | pubkey65_out[65] | ||
| ) |
Derive uncompressed public key (65 bytes) from private key.
Definition at line 535 of file ufsecp_impl.cpp.
References ctx_clear_err(), pubkey_create_core(), secp256k1::fast::Point::to_uncompressed(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_negate | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| uint8_t | out33[33] | ||
| ) |
Negate a compressed public key: out = -P.
Definition at line 2008 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), point_to_compressed(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_parse | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | input, | ||
| size_t | input_len, | ||
| uint8_t | pubkey33_out[33] | ||
| ) |
Parse any public key (33 compressed or 65 uncompressed). Output is always 33-byte compressed.
Definition at line 548 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::from_affine(), secp256k1::fast::FieldElement::from_uint64(), secp256k1::fast::FieldElement::parse_bytes_strict(), point_from_compressed(), point_to_compressed(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_tweak_add | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| const uint8_t | tweak[32], | ||
| uint8_t | out33[33] | ||
| ) |
Tweak-add a public key: out = P + tweak*G.
Definition at line 2022 of file ufsecp_impl.cpp.
References secp256k1::fast::Point::add(), ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::generator(), point_from_compressed(), point_to_compressed(), secp256k1::fast::Point::scalar_mul(), scalar_parse_strict(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_tweak_mul | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey33[33], | ||
| const uint8_t | tweak[32], | ||
| uint8_t | out33[33] | ||
| ) |
Tweak-mul a public key: out = tweak * P.
Definition at line 2045 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), point_to_compressed(), scalar_parse_strict_nonzero(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_pubkey_xonly | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| uint8_t | xonly32_out[32] | ||
| ) |
Derive x-only (32 bytes, BIP-340) public key from private key.
Definition at line 588 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::schnorr_pubkey(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_adaptor_adapt | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], | ||
| const uint8_t | adaptor_secret[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
Adapt a Schnorr pre-signature into a valid signature.
Definition at line 3290 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::is_infinity(), secp256k1::SchnorrAdaptorSig::needs_negation, point_from_compressed(), secp256k1::SchnorrAdaptorSig::R_hat, secp256k1::SchnorrAdaptorSig::s_hat, scalar_parse_strict(), scalar_parse_strict_nonzero(), secp256k1::schnorr_adaptor_adapt(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_adaptor_extract | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], | ||
| const uint8_t | sig64[64], | ||
| uint8_t | secret32_out[32] | ||
| ) |
Extract adaptor secret from pre-signature + completed signature.
Definition at line 3319 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::is_infinity(), secp256k1::SchnorrAdaptorSig::needs_negation, secp256k1::SchnorrSignature::parse_strict(), point_from_compressed(), secp256k1::SchnorrAdaptorSig::R_hat, secp256k1::SchnorrAdaptorSig::s_hat, scalar_parse_strict(), scalar_to_bytes(), secp256k1::schnorr_adaptor_extract(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_SIG, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_adaptor_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | adaptor_point33[33], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t | pre_sig_out[UFSECP_SCHNORR_ADAPTOR_SIG_LEN] | ||
| ) |
BIP-340 Schnorr adaptor pre-sign. adaptor_point: 33-byte compressed.
Definition at line 3217 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::schnorr_adaptor_sign(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_adaptor_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pre_sig[UFSECP_SCHNORR_ADAPTOR_SIG_LEN], | ||
| const uint8_t | pubkey_x[32], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | adaptor_point33[33] | ||
| ) |
Verify Schnorr adaptor pre-signature.
Definition at line 3251 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::is_infinity(), secp256k1::SchnorrAdaptorSig::needs_negation, secp256k1::fast::FieldElement::parse_bytes_strict(), point_from_compressed(), secp256k1::SchnorrAdaptorSig::R_hat, secp256k1::SchnorrAdaptorSig::s_hat, scalar_parse_strict(), secp256k1::schnorr_adaptor_verify(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_batch_identify_invalid | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | entries, | ||
| size_t | n, | ||
| size_t * | invalid_out, | ||
| size_t * | invalid_count | ||
| ) |
Schnorr batch identify invalid: returns indices of invalid sigs. invalid_out: caller-owned array of size_t. invalid_count: in = invalid_out capacity, out = total number of invalid entries.
Definition at line 2242 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::FieldElement::parse_bytes_strict(), secp256k1::SchnorrSignature::parse_strict(), secp256k1::schnorr_batch_identify_invalid(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_batch_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | entries, | ||
| size_t | n | ||
| ) |
Schnorr batch verify: verify N signatures in one call. Each entry: [32-byte xonly pubkey | 32-byte msg | 64-byte sig] = 128 bytes. Returns UFSECP_OK if ALL valid.
Definition at line 2178 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::FieldElement::parse_bytes_strict(), secp256k1::SchnorrSignature::parse_strict(), secp256k1::schnorr_batch_verify(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_sign | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | privkey[32], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
BIP-340 Schnorr sign. aux_rand: 32 bytes auxiliary randomness (all-zeros for deterministic).
Definition at line 891 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::ct::schnorr_keypair_create(), secp256k1::ct::schnorr_sign(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
Referenced by ufsecp_schnorr_sign_msg().
| ufsecp_error_t ufsecp_schnorr_sign_batch | ( | ufsecp_ctx * | ctx, |
| size_t | count, | ||
| const uint8_t * | msgs32, | ||
| const uint8_t * | privkeys32, | ||
| const uint8_t * | aux_rands32, | ||
| uint8_t * | sigs64_out | ||
| ) |
BIP-340 Schnorr sign a batch of messages. Signs each (msgs32[i], privkeys32[i], aux_rands32[i]) triple in order. The private key for each entry is immediately erased from memory after use. Returns on the first failure; already-written entries remain valid.
| ctx | CPU context. |
| count | Number of (message, key) pairs. |
| msgs32 | Input: count * 32 bytes (message hashes, contiguous). |
| privkeys32 | Input: count * 32 bytes (private keys, contiguous). |
| aux_rands32 | Input: count * 32 bytes (aux randomness); pass NULL to use all-zero aux for every entry. |
| sigs64_out | Output: count * 64 bytes (BIP-340 Schnorr signatures). |
Definition at line 978 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::ct::schnorr_keypair_create(), secp256k1::ct::schnorr_sign(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_sign_msg | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| const uint8_t * | aux_rand32, | ||
| uint8_t | sig64_out[64] | ||
| ) |
Sign an arbitrary-length message with BIP-340 Schnorr. Internally: msg_hash = tagged_hash("BIP0340/msg", msg, msg_len). Use this instead of ufsecp_schnorr_sign when msg is not exactly 32 bytes.
Definition at line 4700 of file ufsecp_impl.cpp.
References ctx_clear_err(), secp256k1::SHA256::finalize(), secp256k1::SHA256::hash(), UFSECP_ERR_NULL_ARG, ufsecp_schnorr_sign(), and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_schnorr_sign_verified | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | privkey[32], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t | sig64_out[64] | ||
| ) |
BIP-340 Schnorr sign + verify (FIPS 186-4 fault attack countermeasure). Verifies the produced signature before returning it.
Definition at line 919 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::ct::schnorr_keypair_create(), secp256k1::ct::schnorr_sign_verified(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_schnorr_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | msg32[32], | ||
| const uint8_t | sig64[64], | ||
| const uint8_t | pubkey_x[32] | ||
| ) |
BIP-340 Schnorr verify. pubkey_x: 32-byte x-only public key.
Definition at line 1020 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::FieldElement::parse_bytes_strict(), secp256k1::SchnorrSignature::parse_strict(), secp256k1::schnorr_verify(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_BAD_SIG, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
Referenced by ufsecp_bip322_verify(), and ufsecp_schnorr_verify_msg().
| ufsecp_error_t ufsecp_schnorr_verify_msg | ( | ufsecp_ctx * | ctx, |
| const uint8_t | pubkey_x[32], | ||
| const uint8_t * | msg, | ||
| size_t | msg_len, | ||
| const uint8_t | sig64[64] | ||
| ) |
Verify Schnorr signature over arbitrary-length message.
Definition at line 4731 of file ufsecp_impl.cpp.
References ctx_clear_err(), secp256k1::SHA256::finalize(), secp256k1::SHA256::hash(), UFSECP_ERR_NULL_ARG, ufsecp_schnorr_verify(), and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_seckey_negate | ( | ufsecp_ctx * | ctx, |
| uint8_t | privkey[32] | ||
| ) |
Negate privkey in-place: key <- -key mod n.
Definition at line 440 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Scalar::negate(), scalar_parse_strict_nonzero(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_seckey_tweak_add | ( | ufsecp_ctx * | ctx, |
| uint8_t | privkey[32], | ||
| const uint8_t | tweak[32] | ||
| ) |
privkey <- (privkey + tweak) mod n.
Definition at line 455 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict(), scalar_parse_strict_nonzero(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_seckey_tweak_mul | ( | ufsecp_ctx * | ctx, |
| uint8_t | privkey[32], | ||
| const uint8_t | tweak[32] | ||
| ) |
privkey <- (privkey x tweak) mod n.
Definition at line 479 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), scalar_to_bytes(), secp256k1::detail::secure_erase(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_seckey_verify | ( | const ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32] | ||
| ) |
Verify that privkey[32] is valid (non-zero, < order). Returns UFSECP_OK if valid, UFSECP_ERR_BAD_KEY otherwise.
Definition at line 428 of file ufsecp_impl.cpp.
References secp256k1::fast::Scalar::parse_bytes_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| int ufsecp_segwit_is_witness_program | ( | const uint8_t * | script, |
| size_t | script_len | ||
| ) |
Check if a scriptPubKey is a witness program. Returns 1 if yes, 0 if no.
Definition at line 1783 of file ufsecp_impl.cpp.
References secp256k1::is_witness_program().
| ufsecp_error_t ufsecp_segwit_p2tr_spk | ( | const uint8_t | output_key[32], |
| uint8_t | spk_out[34] | ||
| ) |
Build P2TR scriptPubKey (34 bytes) from 32-byte x-only output key.
Definition at line 1829 of file ufsecp_impl.cpp.
References secp256k1::segwit_scriptpubkey_p2tr(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_segwit_p2wpkh_spk | ( | const uint8_t | pubkey_hash[20], |
| uint8_t | spk_out[22] | ||
| ) |
Build P2WPKH scriptPubKey (22 bytes) from 20-byte pubkey hash.
Definition at line 1809 of file ufsecp_impl.cpp.
References secp256k1::segwit_scriptpubkey_p2wpkh(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_segwit_p2wsh_spk | ( | const uint8_t | script_hash[32], |
| uint8_t | spk_out[34] | ||
| ) |
Build P2WSH scriptPubKey (34 bytes) from 32-byte script hash.
Definition at line 1819 of file ufsecp_impl.cpp.
References secp256k1::segwit_scriptpubkey_p2wsh(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_segwit_parse_program | ( | const uint8_t * | script, |
| size_t | script_len, | ||
| int * | version_out, | ||
| uint8_t * | program_out, | ||
| size_t * | program_len_out | ||
| ) |
Parse a witness program from a scriptPubKey. version_out: witness version (0-16), or -1 if not a witness program. program_out: buffer for the program (at least 40 bytes). program_len_out: actual program length. Returns UFSECP_OK on success, UFSECP_ERR_BAD_INPUT if not a witness program.
Definition at line 1789 of file ufsecp_impl.cpp.
References secp256k1::parse_witness_program(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_segwit_witness_script_hash | ( | const uint8_t * | script, |
| size_t | script_len, | ||
| uint8_t | hash_out[32] | ||
| ) |
Compute SHA256 of witness script (for P2WSH program).
Definition at line 1839 of file ufsecp_impl.cpp.
References UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::witness_script_hash().
| ufsecp_error_t ufsecp_sha256 | ( | const uint8_t * | data, |
| size_t | len, | ||
| uint8_t | digest32_out[32] | ||
| ) |
SHA-256 (hardware-accelerated when available).
Definition at line 1121 of file ufsecp_impl.cpp.
References secp256k1::SHA256::finalize(), UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::SHA256::update().
| ufsecp_error_t ufsecp_sha512 | ( | const uint8_t * | data, |
| size_t | len, | ||
| uint8_t | digest64_out[64] | ||
| ) |
SHA-512 hash.
Definition at line 2309 of file ufsecp_impl.cpp.
References secp256k1::SHA512::hash(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_shamir_trick | ( | ufsecp_ctx * | ctx, |
| const uint8_t | a[32], | ||
| const uint8_t | P33[33], | ||
| const uint8_t | b[32], | ||
| const uint8_t | Q33[33], | ||
| uint8_t | out33[33] | ||
| ) |
Shamir's trick: compute a*P + b*Q. All scalars are 32-byte big-endian. All points are 33-byte compressed.
Definition at line 2321 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), point_to_compressed(), scalar_parse_strict(), secp256k1::shamir_trick(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_silent_payment_address | ( | ufsecp_ctx * | ctx, |
| const uint8_t | scan_privkey[32], | ||
| const uint8_t | spend_privkey[32], | ||
| uint8_t | scan_pubkey33_out[33], | ||
| uint8_t | spend_pubkey33_out[33], | ||
| char * | addr_out, | ||
| size_t * | addr_len | ||
| ) |
Generate a Silent Payment address from scan and spend private keys. scan_privkey: 32-byte scan private key. spend_privkey: 32-byte spend private key. scan_pubkey33_out: 33-byte compressed scan public key (B_scan). spend_pubkey33_out: 33-byte compressed spend public key (B_spend). addr_out: buffer for bech32m-encoded address (min 128 bytes). addr_len: in = buffer size, out = strlen (excl. NUL).
Definition at line 4029 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), secp256k1::silent_payment_address(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_silent_payment_create_output | ( | ufsecp_ctx * | ctx, |
| const uint8_t * | input_privkeys, | ||
| size_t | n_inputs, | ||
| const uint8_t | scan_pubkey33[33], | ||
| const uint8_t | spend_pubkey33[33], | ||
| uint32_t | k, | ||
| uint8_t | output_pubkey33_out[33], | ||
| uint8_t * | tweak32_out | ||
| ) |
Create a Silent Payment output (sender side). Computes the tweaked output pubkey for the recipient. input_privkeys: array of 32-byte private keys (N keys, one per input). n_inputs: number of input private keys. scan_pubkey33: 33-byte recipient scan pubkey (B_scan). spend_pubkey33: 33-byte recipient spend pubkey (B_spend). k: output index (for multiple outputs to same recipient). output_pubkey33_out: 33-byte compressed tweaked output pubkey. tweak32_out: 32-byte tweak scalar (optional, may be NULL).
Definition at line 4073 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::fast::Point::is_infinity(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::SilentPaymentAddress::scan_pubkey, secp256k1::detail::secure_erase(), secp256k1::silent_payment_create_output(), secp256k1::SilentPaymentAddress::spend_pubkey, UFSECP_CATCH_RETURN, UFSECP_ERR_ARITH, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_silent_payment_scan | ( | ufsecp_ctx * | ctx, |
| const uint8_t | scan_privkey[32], | ||
| const uint8_t | spend_privkey[32], | ||
| const uint8_t * | input_pubkeys33, | ||
| size_t | n_input_pubkeys, | ||
| const uint8_t * | output_xonly32, | ||
| size_t | n_outputs, | ||
| uint32_t * | found_indices_out, | ||
| uint8_t * | found_privkeys_out, | ||
| size_t * | n_found | ||
| ) |
Scan for Silent Payment outputs (receiver side). scan_privkey: 32-byte scan private key. spend_privkey: 32-byte spend private key. input_pubkeys33: array of 33-byte compressed pubkeys (sender inputs). n_input_pubkeys: number of input pubkeys. output_xonly32: array of 32-byte x-only output pubkeys to check. n_outputs: number of output pubkeys. found_indices_out: array to receive indices of matched outputs. found_privkeys_out: array to receive 32-byte spending private keys (one per match). n_found: in = array capacity, out = number of matches found.
Definition at line 4138 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), secp256k1::silent_payment_scan(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_tagged_hash | ( | const char * | tag, |
| const uint8_t * | data, | ||
| size_t | len, | ||
| uint8_t | digest32_out[32] | ||
| ) |
BIP-340 tagged hash.
Definition at line 1139 of file ufsecp_impl.cpp.
References secp256k1::tagged_hash(), UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_taproot_keypath_sighash | ( | ufsecp_ctx * | ctx, |
| uint32_t | version, | ||
| uint32_t | locktime, | ||
| size_t | input_count, | ||
| const uint8_t * | prevout_txids, | ||
| const uint32_t * | prevout_vouts, | ||
| const uint64_t * | input_amounts, | ||
| const uint32_t * | input_sequences, | ||
| const uint8_t *const * | input_spks, | ||
| const size_t * | input_spk_lens, | ||
| size_t | output_count, | ||
| const uint64_t * | output_values, | ||
| const uint8_t *const * | output_spks, | ||
| const size_t * | output_spk_lens, | ||
| size_t | input_index, | ||
| uint8_t | hash_type, | ||
| const uint8_t * | annex, | ||
| size_t | annex_len, | ||
| uint8_t | sighash_out[32] | ||
| ) |
Compute BIP-341 key-path sighash. All input prevout txids, vouts, amounts, sequences, and scriptPubKeys must be provided as flat arrays.
Definition at line 1894 of file ufsecp_impl.cpp.
References build_tap_tx_data(), ctx_clear_err(), secp256k1::taproot_keypath_sighash(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_taproot_output_key | ( | ufsecp_ctx * | ctx, |
| const uint8_t | internal_x[32], | ||
| const uint8_t * | merkle_root, | ||
| uint8_t | output_x_out[32], | ||
| int * | parity_out | ||
| ) |
Derive Taproot output key from internal key. merkle_root: 32 bytes or NULL for key-path-only.
Definition at line 1524 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::taproot_output_key(), UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_taproot_tweak_seckey | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| const uint8_t * | merkle_root, | ||
| uint8_t | tweaked32_out[32] | ||
| ) |
Tweak a private key for Taproot key-path spending.
Definition at line 1551 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), scalar_to_bytes(), secp256k1::detail::secure_erase(), secp256k1::taproot_tweak_privkey(), UFSECP_ERR_ARITH, UFSECP_ERR_BAD_KEY, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_taproot_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | output_x[32], | ||
| int | output_parity, | ||
| const uint8_t | internal_x[32], | ||
| const uint8_t * | merkle_root, | ||
| size_t | merkle_root_len | ||
| ) |
Verify Taproot commitment. Returns UFSECP_OK if valid.
Definition at line 1576 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::taproot_verify_commitment(), UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_tapscript_sighash | ( | ufsecp_ctx * | ctx, |
| uint32_t | version, | ||
| uint32_t | locktime, | ||
| size_t | input_count, | ||
| const uint8_t * | prevout_txids, | ||
| const uint32_t * | prevout_vouts, | ||
| const uint64_t * | input_amounts, | ||
| const uint32_t * | input_sequences, | ||
| const uint8_t *const * | input_spks, | ||
| const size_t * | input_spk_lens, | ||
| size_t | output_count, | ||
| const uint64_t * | output_values, | ||
| const uint8_t *const * | output_spks, | ||
| const size_t * | output_spk_lens, | ||
| size_t | input_index, | ||
| uint8_t | hash_type, | ||
| const uint8_t | tapleaf_hash[32], | ||
| uint8_t | key_version, | ||
| uint32_t | code_separator_pos, | ||
| const uint8_t * | annex, | ||
| size_t | annex_len, | ||
| uint8_t | sighash_out[32] | ||
| ) |
Compute BIP-342 tapscript sighash. Same as key-path + extension data.
Definition at line 1934 of file ufsecp_impl.cpp.
References build_tap_tx_data(), ctx_clear_err(), secp256k1::tapscript_sighash(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| unsigned int ufsecp_version | ( | void | ) |
Return packed version at runtime (same as UFSECP_VERSION_PACKED).
Definition at line 339 of file ufsecp_impl.cpp.
References UFSECP_VERSION_PACKED.
| const char * ufsecp_version_string | ( | void | ) |
Return human-readable version string, e.g. "3.3.0".
Definition at line 347 of file ufsecp_impl.cpp.
References UFSECP_VERSION_STRING.
| ufsecp_error_t ufsecp_wif_decode | ( | ufsecp_ctx * | ctx, |
| const char * | wif, | ||
| uint8_t | privkey32_out[32], | ||
| int * | compressed_out, | ||
| int * | network_out | ||
| ) |
Decode WIF string -> private key.
Definition at line 1306 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_to_bytes(), secp256k1::detail::secure_erase(), secp256k1::Testnet, UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_NET_MAINNET, UFSECP_NET_TESTNET, UFSECP_OK, and secp256k1::wif_decode().
| ufsecp_error_t ufsecp_wif_encode | ( | ufsecp_ctx * | ctx, |
| const uint8_t | privkey[32], | ||
| int | compressed, | ||
| int | network, | ||
| char * | wif_out, | ||
| size_t * | wif_len | ||
| ) |
Encode private key -> WIF string. wif_len: in = buf size, out = strlen.
Definition at line 1280 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), to_network(), UFSECP_CATCH_RETURN, UFSECP_ERR_BAD_KEY, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_INTERNAL, UFSECP_ERR_NULL_ARG, UFSECP_OK, and secp256k1::wif_encode().
| ufsecp_error_t ufsecp_zk_dleq_prove | ( | ufsecp_ctx * | ctx, |
| const uint8_t | secret[32], | ||
| const uint8_t | G33[33], | ||
| const uint8_t | H33[33], | ||
| const uint8_t | P33[33], | ||
| const uint8_t | Q33[33], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t | proof_out[UFSECP_ZK_DLEQ_PROOF_LEN] | ||
| ) |
DLEQ proof: prove that P/G == Q/H (same discrete log). G, H, P, Q: 33-byte compressed points.
Definition at line 3681 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::zk::dleq_prove(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, UFSECP_OK, and UFSECP_ZK_DLEQ_PROOF_LEN.
| ufsecp_error_t ufsecp_zk_dleq_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | proof[UFSECP_ZK_DLEQ_PROOF_LEN], | ||
| const uint8_t | G33[33], | ||
| const uint8_t | H33[33], | ||
| const uint8_t | P33[33], | ||
| const uint8_t | Q33[33] | ||
| ) |
Verify DLEQ proof.
Definition at line 3712 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::zk::DLEQProof::deserialize(), secp256k1::zk::dleq_verify(), point_from_compressed(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_zk_knowledge_prove | ( | ufsecp_ctx * | ctx, |
| const uint8_t | secret[32], | ||
| const uint8_t | pubkey33[33], | ||
| const uint8_t | msg32[32], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t | proof_out[UFSECP_ZK_KNOWLEDGE_PROOF_LEN] | ||
| ) |
Knowledge proof: prove knowledge of discrete log.
Definition at line 3629 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::zk::knowledge_prove(), point_from_compressed(), scalar_parse_strict_nonzero(), secp256k1::detail::secure_erase(), UFSECP_ERR_BAD_KEY, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, UFSECP_OK, and UFSECP_ZK_KNOWLEDGE_PROOF_LEN.
| ufsecp_error_t ufsecp_zk_knowledge_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | proof[UFSECP_ZK_KNOWLEDGE_PROOF_LEN], | ||
| const uint8_t | pubkey33[33], | ||
| const uint8_t | msg32[32] | ||
| ) |
Verify knowledge proof.
Definition at line 3658 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), secp256k1::zk::KnowledgeProof::deserialize(), secp256k1::zk::knowledge_verify(), point_from_compressed(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BAD_PUBKEY, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
| ufsecp_error_t ufsecp_zk_range_prove | ( | ufsecp_ctx * | ctx, |
| uint64_t | value, | ||
| const uint8_t | blinding[32], | ||
| const uint8_t | commitment33[33], | ||
| const uint8_t | aux_rand[32], | ||
| uint8_t * | proof_out, | ||
| size_t * | proof_len | ||
| ) |
Bulletproof range proof: prove commitment hides value in [0, 2^64). proof_len: in = buffer size, out = actual proof size.
Definition at line 3736 of file ufsecp_impl.cpp.
References ctx_clear_err(), ctx_set_err(), point_from_compressed(), secp256k1::zk::range_prove(), scalar_parse_strict(), scalar_to_bytes(), UFSECP_ERR_BAD_INPUT, UFSECP_ERR_BUF_TOO_SMALL, UFSECP_ERR_NULL_ARG, and UFSECP_OK.
| ufsecp_error_t ufsecp_zk_range_verify | ( | ufsecp_ctx * | ctx, |
| const uint8_t | commitment33[33], | ||
| const uint8_t * | proof, | ||
| size_t | proof_len | ||
| ) |
Verify Bulletproof range proof. proof must be exactly one serialized range-proof record.
Definition at line 3784 of file ufsecp_impl.cpp.
References secp256k1::zk::RangeProof::A, secp256k1::zk::RangeProof::a, secp256k1::zk::RangeProof::b, ctx_clear_err(), ctx_set_err(), secp256k1::zk::RangeProof::L, secp256k1::zk::RangeProof::mu, point_from_compressed(), secp256k1::zk::RangeProof::R, secp256k1::zk::range_verify(), secp256k1::zk::RangeProof::S, scalar_parse_strict(), secp256k1::zk::RangeProof::T1, secp256k1::zk::RangeProof::T2, secp256k1::zk::RangeProof::t_hat, secp256k1::zk::RangeProof::tau_x, UFSECP_ERR_BAD_INPUT, UFSECP_ERR_NULL_ARG, UFSECP_ERR_VERIFY_FAIL, and UFSECP_OK.
|
staticconstexpr |
Definition at line 4933 of file ufsecp_impl.cpp.
Referenced by ufsecp_gcs_build(), ufsecp_gcs_match(), and ufsecp_gcs_match_any().
|
staticconstexpr |
Definition at line 4932 of file ufsecp_impl.cpp.
Referenced by gcs_decode(), and gcs_encode().
1.9.8