private static Context Secp256K1ContextCreate(Options flags) { var ret = new Context { IllegalCallback = IllegalCallback, ErrorCallback = ErrorCallback }; if ((flags & Options.FlagsTypeMask) != Options.FlagsTypeContext) { ret.IllegalCallback?.Invoke(null, new Callback("Invalid flags")); return(null); } EcMult.secp256k1_ecmult_context_init(ret.EcMultCtx); EcMultGen.ContextInit(ret.EcMultGenCtx); if (flags.HasFlag(Options.FlagsBitContextSign)) { EcMultGen.ContextBuild(ret.EcMultGenCtx, ret.ErrorCallback); } if (flags.HasFlag(Options.FlagsBitContextVerify)) { EcMult.secp256k1_ecmult_context_build(ret.EcMultCtx, ret.ErrorCallback); } return(ret); }
private static Context Secp256K1ContextCreate(Options flags) { Context context1 = new Context(); // ISSUE: reference to a compiler-generated field context1.IllegalCallback = Secp256K1Manager.IllegalCallback; // ISSUE: reference to a compiler-generated field context1.ErrorCallback = Secp256K1Manager.ErrorCallback; Context context2 = context1; if ((flags & Options.FlagsTypeMask) != Options.FlagsTypeContext) { EventHandler <Callback> illegalCallback = context2.IllegalCallback; if (illegalCallback != null) { illegalCallback((object)null, new Callback("Invalid flags")); } return((Context)null); } EcMult.secp256k1_ecmult_context_init(context2.EcMultCtx); EcMultGen.ContextInit(context2.EcMultGenCtx); if (flags.HasFlag((Enum)Options.FlagsBitContextSign)) { EcMultGen.ContextBuild(context2.EcMultGenCtx, context2.ErrorCallback); } if (flags.HasFlag((Enum)Options.FlagsBitContextVerify)) { EcMult.secp256k1_ecmult_context_build(context2.EcMultCtx, context2.ErrorCallback); } return(context2); }
private static bool Secp256K1EcdsaSigSign(EcmultGenContext ctx, Scalar sigr, Scalar sigs, Scalar seckey, Scalar message, Scalar nonce, out byte recid) { byte[] numArray = new byte[32]; Ge r1 = new Ge(); Scalar scalar = new Scalar(); bool overflow = false; GeJ r2; EcMultGen.secp256k1_ecmult_gen(ctx, out r2, nonce); Group.SetGeJ(r1, r2); Field.Normalize(r1.X); Field.Normalize(r1.Y); Field.GetB32(numArray, r1.X); Scalar.SetB32(sigr, numArray, ref overflow); recid = (byte)((overflow ? 2 : 0) | (Field.IsOdd(r1.Y) ? 1 : 0)); Scalar.Mul(scalar, sigr, seckey); Scalar.Add(scalar, scalar, message); Scalar.Inverse(sigs, nonce); Scalar.Mul(sigs, sigs, scalar); Scalar.Clear(scalar); Group.secp256k1_gej_clear(r2); Group.secp256k1_ge_clear(r1); if (Scalar.IsZero(sigs)) { return(false); } if (Scalar.IsHigh(sigs)) { Scalar.Negate(sigs, sigs); recid ^= (byte)1; } return(true); }
private static bool Secp256K1EcdsaSigSign(EcmultGenContext ctx, Scalar sigr, Scalar sigs, Scalar seckey, Scalar message, Scalar nonce, out byte recid) { var b = new byte[32]; GeJ rp; Ge r = new Ge(); Scalar n = new Scalar(); bool overflow = false; EcMultGen.secp256k1_ecmult_gen(ctx, out rp, nonce); Group.SetGeJ(r, rp); Field.Normalize(r.X); Field.Normalize(r.Y); Field.GetB32(b, r.X); Scalar.SetB32(sigr, b, ref overflow); /* These two conditions should be checked before calling */ Debug.Assert(!Scalar.IsZero(sigr)); Debug.Assert(!overflow); // The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log // of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. recid = (byte)((overflow ? 2 : 0) | (Field.IsOdd(r.Y) ? 1 : 0)); Scalar.Mul(n, sigr, seckey); Scalar.Add(n, n, message); Scalar.Inverse(sigs, nonce); Scalar.Mul(sigs, sigs, n); Scalar.Clear(n); Group.secp256k1_gej_clear(rp); Group.secp256k1_ge_clear(r); if (Scalar.IsZero(sigs)) { return(false); } if (Scalar.IsHigh(sigs)) { Scalar.Negate(sigs, sigs); recid ^= 1; } return(true); }
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata) { if (ctx == null || msg32 == null || signature == null || seckey == null) { throw new NullReferenceException(); } if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx)) { throw new ArithmeticException(); } if (noncefp == null) { noncefp = Secp256K1T.NonceFunctionDefault; } Scalar r, s; Scalar sec, non, msg; byte recid = 1; bool ret = false; var overflow = false; sec = new Scalar(); Scalar.SetB32(sec, seckey, ref overflow); r = new Scalar(); s = new Scalar(); /* Fail if the secret key is invalid. */ if (!overflow && !Scalar.IsZero(sec)) { var nonce32 = new byte[32]; uint count = 0; msg = new Scalar(); Scalar.SetB32(msg, msg32); non = new Scalar(); while (true) { ret = noncefp(nonce32, msg32, seckey, null, noncedata, count); if (!ret) { break; } Scalar.SetB32(non, nonce32, ref overflow); if (!Scalar.IsZero(non) && !overflow) { if (Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, r, s, sec, msg, non, out recid)) { break; } } count++; } Util.MemSet(nonce32, 0, 32); //memset(nonce32, 0, 32); Scalar.Clear(msg); Scalar.Clear(non); Scalar.Clear(sec); } if (ret) { Secp256K1EcdsaRecoverableSignatureSave(signature, r, s, recid); } else { Util.MemSet(signature.Data, 0, EcdsaRecoverableSignature.Size); //memset(signature, 0, sizeof(* signature)); } return(ret); }
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata) { if (ctx == null || msg32 == null || (signature == null || seckey == null)) { throw new NullReferenceException(); } if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx)) { throw new ArithmeticException(); } if (noncefp == null) { noncefp = Secp256K1T.NonceFunctionDefault; } byte recid = 1; bool flag = false; bool overflow = false; Scalar scalar1 = new Scalar(); Scalar.SetB32(scalar1, seckey, ref overflow); Scalar scalar2 = new Scalar(); Scalar scalar3 = new Scalar(); if (!overflow && !Scalar.IsZero(scalar1)) { byte[] numArray = new byte[32]; uint attempt = 0; Scalar scalar4 = new Scalar(); Scalar.SetB32(scalar4, msg32); Scalar scalar5 = new Scalar(); while (true) { flag = noncefp(numArray, msg32, seckey, (byte[])null, noncedata, attempt); if (flag) { Scalar.SetB32(scalar5, numArray, ref overflow); if (Scalar.IsZero(scalar5) || overflow || !Secp256K1Manager.Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, scalar2, scalar3, scalar1, scalar4, scalar5, out recid)) { ++attempt; } else { break; } } else { break; } } Util.MemSet(numArray, (byte)0, 32); Scalar.Clear(scalar4); Scalar.Clear(scalar5); Scalar.Clear(scalar1); } if (flag) { Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSave(signature, scalar2, scalar3, recid); } else { Util.MemSet(signature.Data, (byte)0, 65); } return(flag); }