private static Context Secp256K1ContextCreate(Options flags)
{
var ret = new Context
{
IllegalCallback = IllegalCallback,
ErrorCallback = ErrorCallback
};
if ((flags & Options.FlagsTypeMask) != Options.FlagsTypeContext)
{
ret.IllegalCallback?.Invoke(null, new Callback("Invalid flags"));
return(null);
}
EcMult.secp256k1_ecmult_context_init(ret.EcMultCtx);
EcMultGen.ContextInit(ret.EcMultGenCtx);
if (flags.HasFlag(Options.FlagsBitContextSign))
{
EcMultGen.ContextBuild(ret.EcMultGenCtx, ret.ErrorCallback);
}
if (flags.HasFlag(Options.FlagsBitContextVerify))
{
EcMult.secp256k1_ecmult_context_build(ret.EcMultCtx, ret.ErrorCallback);
}
return(ret);
}
private static Context Secp256K1ContextCreate(Options flags)
{
Context context1 = new Context();
// ISSUE: reference to a compiler-generated field
context1.IllegalCallback = Secp256K1Manager.IllegalCallback;
// ISSUE: reference to a compiler-generated field
context1.ErrorCallback = Secp256K1Manager.ErrorCallback;
Context context2 = context1;
if ((flags & Options.FlagsTypeMask) != Options.FlagsTypeContext)
{
EventHandler <Callback> illegalCallback = context2.IllegalCallback;
if (illegalCallback != null)
{
illegalCallback((object)null, new Callback("Invalid flags"));
}
return((Context)null);
}
EcMult.secp256k1_ecmult_context_init(context2.EcMultCtx);
EcMultGen.ContextInit(context2.EcMultGenCtx);
if (flags.HasFlag((Enum)Options.FlagsBitContextSign))
{
EcMultGen.ContextBuild(context2.EcMultGenCtx, context2.ErrorCallback);
}
if (flags.HasFlag((Enum)Options.FlagsBitContextVerify))
{
EcMult.secp256k1_ecmult_context_build(context2.EcMultCtx, context2.ErrorCallback);
}
return(context2);
}
private static bool Secp256K1EcdsaSigSign(EcmultGenContext ctx, Scalar sigr, Scalar sigs, Scalar seckey, Scalar message, Scalar nonce, out byte recid)
{
byte[] numArray = new byte[32];
Ge r1 = new Ge();
Scalar scalar = new Scalar();
bool overflow = false;
GeJ r2;
EcMultGen.secp256k1_ecmult_gen(ctx, out r2, nonce);
Group.SetGeJ(r1, r2);
Field.Normalize(r1.X);
Field.Normalize(r1.Y);
Field.GetB32(numArray, r1.X);
Scalar.SetB32(sigr, numArray, ref overflow);
recid = (byte)((overflow ? 2 : 0) | (Field.IsOdd(r1.Y) ? 1 : 0));
Scalar.Mul(scalar, sigr, seckey);
Scalar.Add(scalar, scalar, message);
Scalar.Inverse(sigs, nonce);
Scalar.Mul(sigs, sigs, scalar);
Scalar.Clear(scalar);
Group.secp256k1_gej_clear(r2);
Group.secp256k1_ge_clear(r1);
if (Scalar.IsZero(sigs))
{
return(false);
}
if (Scalar.IsHigh(sigs))
{
Scalar.Negate(sigs, sigs);
recid ^= (byte)1;
}
return(true);
}
private static bool Secp256K1EcdsaSigSign(EcmultGenContext ctx, Scalar sigr, Scalar sigs, Scalar seckey, Scalar message, Scalar nonce, out byte recid)
{
var b = new byte[32];
GeJ rp;
Ge r = new Ge();
Scalar n = new Scalar();
bool overflow = false;
EcMultGen.secp256k1_ecmult_gen(ctx, out rp, nonce);
Group.SetGeJ(r, rp);
Field.Normalize(r.X);
Field.Normalize(r.Y);
Field.GetB32(b, r.X);
Scalar.SetB32(sigr, b, ref overflow);
/* These two conditions should be checked before calling */
Debug.Assert(!Scalar.IsZero(sigr));
Debug.Assert(!overflow);
// The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log
// of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria.
recid = (byte)((overflow ? 2 : 0) | (Field.IsOdd(r.Y) ? 1 : 0));
Scalar.Mul(n, sigr, seckey);
Scalar.Add(n, n, message);
Scalar.Inverse(sigs, nonce);
Scalar.Mul(sigs, sigs, n);
Scalar.Clear(n);
Group.secp256k1_gej_clear(rp);
Group.secp256k1_ge_clear(r);
if (Scalar.IsZero(sigs))
{
return(false);
}
if (Scalar.IsHigh(sigs))
{
Scalar.Negate(sigs, sigs);
recid ^= 1;
}
return(true);
}
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata)
{
if (ctx == null || msg32 == null || signature == null || seckey == null)
{
throw new NullReferenceException();
}
if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx))
{
throw new ArithmeticException();
}
if (noncefp == null)
{
noncefp = Secp256K1T.NonceFunctionDefault;
}
Scalar r, s;
Scalar sec, non, msg;
byte recid = 1;
bool ret = false;
var overflow = false;
sec = new Scalar();
Scalar.SetB32(sec, seckey, ref overflow);
r = new Scalar();
s = new Scalar();
/* Fail if the secret key is invalid. */
if (!overflow && !Scalar.IsZero(sec))
{
var nonce32 = new byte[32];
uint count = 0;
msg = new Scalar();
Scalar.SetB32(msg, msg32);
non = new Scalar();
while (true)
{
ret = noncefp(nonce32, msg32, seckey, null, noncedata, count);
if (!ret)
{
break;
}
Scalar.SetB32(non, nonce32, ref overflow);
if (!Scalar.IsZero(non) && !overflow)
{
if (Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, r, s, sec, msg, non, out recid))
{
break;
}
}
count++;
}
Util.MemSet(nonce32, 0, 32); //memset(nonce32, 0, 32);
Scalar.Clear(msg);
Scalar.Clear(non);
Scalar.Clear(sec);
}
if (ret)
{
Secp256K1EcdsaRecoverableSignatureSave(signature, r, s, recid);
}
else
{
Util.MemSet(signature.Data, 0, EcdsaRecoverableSignature.Size); //memset(signature, 0, sizeof(* signature));
}
return(ret);
}
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata)
{
if (ctx == null || msg32 == null || (signature == null || seckey == null))
{
throw new NullReferenceException();
}
if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx))
{
throw new ArithmeticException();
}
if (noncefp == null)
{
noncefp = Secp256K1T.NonceFunctionDefault;
}
byte recid = 1;
bool flag = false;
bool overflow = false;
Scalar scalar1 = new Scalar();
Scalar.SetB32(scalar1, seckey, ref overflow);
Scalar scalar2 = new Scalar();
Scalar scalar3 = new Scalar();
if (!overflow && !Scalar.IsZero(scalar1))
{
byte[] numArray = new byte[32];
uint attempt = 0;
Scalar scalar4 = new Scalar();
Scalar.SetB32(scalar4, msg32);
Scalar scalar5 = new Scalar();
while (true)
{
flag = noncefp(numArray, msg32, seckey, (byte[])null, noncedata, attempt);
if (flag)
{
Scalar.SetB32(scalar5, numArray, ref overflow);
if (Scalar.IsZero(scalar5) || overflow || !Secp256K1Manager.Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, scalar2, scalar3, scalar1, scalar4, scalar5, out recid))
{
++attempt;
}
else
{
break;
}
}
else
{
break;
}
}
Util.MemSet(numArray, (byte)0, 32);
Scalar.Clear(scalar4);
Scalar.Clear(scalar5);
Scalar.Clear(scalar1);
}
if (flag)
{
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSave(signature, scalar2, scalar3, recid);
}
else
{
Util.MemSet(signature.Data, (byte)0, 65);
}
return(flag);
}
