public static byte[] SignCompact(byte[] data, byte[] seckey, out int recoveryId)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.Length == 0)
{
throw new ArgumentOutOfRangeException(nameof(data));
}
if (seckey == null)
{
throw new ArgumentNullException(nameof(seckey));
}
if (seckey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(seckey));
}
recoveryId = 0;
EcdsaRecoverableSignature recoverableSignature = new EcdsaRecoverableSignature();
if (!Secp256K1Manager.Secp256K1EcdsaSignRecoverable(Secp256K1Manager.Ctx, recoverableSignature, data, seckey, (NonceFunction)null, (byte[])null))
{
return((byte[])null);
}
byte[] output64 = new byte[64];
byte recid;
if (!Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSerializeCompact(Secp256K1Manager.Ctx, output64, out recid, recoverableSignature))
{
return((byte[])null);
}
recoveryId = (int)recid;
return(output64);
}
private static byte[] SignCompact(byte[] data, byte[] seckey, out byte recoveryId)
{
EcdsaRecoverableSignature sig = new EcdsaRecoverableSignature();
byte loop = 0;
int index = 0;
bool rec;
var extra = new byte[32];
do
{
extra[index] = loop++;
if (loop == 0xff)
{
index = index + 1;
loop = 0;
}
rec = Secp256K1EcdsaSignRecoverable(Ctx, sig, data, seckey, null, extra);
} while (!rec);
var output64 = new byte[64];
Secp256K1EcdsaRecoverableSignatureSerializeCompact(Ctx, output64, out recoveryId, sig);
return(output64);
}
/// <summary>
/// Get compressed and compact signature (possible in not canonical form)
/// </summary>
/// <param name="data">Hashed data</param>
/// <param name="seckey">Private key (32 bytes)</param>
/// <returns> 65 bytes compressed / compact</returns>
public static byte[] SignCompressedCompact(byte[] data, byte[] seckey)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.Length == 0)
{
throw new ArgumentOutOfRangeException(nameof(data));
}
if (seckey == null)
{
throw new ArgumentNullException(nameof(seckey));
}
if (seckey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(seckey));
}
byte recoveryId = 0;
EcdsaRecoverableSignature sig = new EcdsaRecoverableSignature();
byte loop = 0;
int index = 0;
bool rec;
byte[] extra = null;
var r = RandomNumberGenerator.Create();
do
{
if (loop == 0xff)
{
index = index + 1;
loop = 0;
}
if (loop > 0)
{
extra = new byte[32];
r.GetBytes(extra);
}
loop++;
rec = Secp256K1EcdsaSignRecoverable(Ctx, sig, data, seckey, null, extra);
} while (!(rec && IsCanonical(sig.Data)));
var output65 = new byte[65];
Secp256K1EcdsaRecoverableSignatureSerializeCompact(Ctx, output65, 1, out recoveryId, sig);
//4 - compressed | 27 - compact
output65[0] = (byte)(recoveryId + 4 + 27);
return(output65);
}
public static byte[] SignCompressedCompact(byte[] data, byte[] seckey)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.Length == 0)
{
throw new ArgumentOutOfRangeException(nameof(data));
}
if (seckey == null)
{
throw new ArgumentNullException(nameof(seckey));
}
if (seckey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(seckey));
}
byte recid = 0;
EcdsaRecoverableSignature recoverableSignature = new EcdsaRecoverableSignature();
byte num1 = 0;
int num2 = 0;
byte[] numArray = (byte[])null;
RandomNumberGenerator randomNumberGenerator = RandomNumberGenerator.Create();
do
{
if (num1 == byte.MaxValue)
{
++num2;
num1 = (byte)0;
}
if (num1 > (byte)0)
{
numArray = new byte[32];
randomNumberGenerator.GetBytes(numArray);
}
++num1;
}while (!Secp256K1Manager.Secp256K1EcdsaSignRecoverable(Secp256K1Manager.Ctx, recoverableSignature, data, seckey, (NonceFunction)null, numArray) || !Secp256K1Manager.IsCanonical(recoverableSignature.Data));
byte[] outputxx = new byte[65];
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSerializeCompact(Secp256K1Manager.Ctx, outputxx, 1, out recid, recoverableSignature);
outputxx[0] = (byte)((int)recid + 4 + 27);
return(outputxx);
}
private static int SignCompact(Context ctx, byte[] msg32, byte[] seckey, byte[] output64, out byte recid)
{
EcdsaRecoverableSignature recoverableSignature = new EcdsaRecoverableSignature();
byte num = 0;
int index = 0;
byte[] noncedata = new byte[32];
do
{
noncedata[index] = num;
++num;
if (noncedata[index] == byte.MaxValue)
{
++index;
}
}while (!Secp256K1Manager.Secp256K1EcdsaSignRecoverable(ctx, recoverableSignature, msg32, seckey, (NonceFunction)null, noncedata));
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSerializeCompact(ctx, output64, out recid, recoverableSignature);
return((int)num);
}
private static byte[] SignCompact(byte[] data, byte[] seckey, out byte recoveryId)
{
EcdsaRecoverableSignature recoverableSignature = new EcdsaRecoverableSignature();
byte num = 0;
int index = 0;
byte[] noncedata = new byte[32];
do
{
noncedata[index] = num++;
if (num == byte.MaxValue)
{
++index;
num = (byte)0;
}
}while (!Secp256K1Manager.Secp256K1EcdsaSignRecoverable(Secp256K1Manager.Ctx, recoverableSignature, data, seckey, (NonceFunction)null, noncedata));
byte[] output64 = new byte[64];
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSerializeCompact(Secp256K1Manager.Ctx, output64, out recoveryId, recoverableSignature);
return(output64);
}
/// <summary>Signs a data and returns the signature in compact form. Returns null on failure.</summary>
/// <param name="data">The data to sign. This data is not hashed. For use with bitcoins, you probably want to double-SHA256 hash this before calling this method.</param>
/// <param name="seckey">The private key to use to sign the data.</param>
/// <param name="recoveryId">This will contain the recovery ID needed to retrieve the key from the compact signature using the RecoverKeyFromCompact method.</param>
public static byte[] SignCompact(byte[] data, byte[] seckey, out int recoveryId)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.Length == 0)
{
throw new ArgumentOutOfRangeException(nameof(data));
}
if (seckey == null)
{
throw new ArgumentNullException(nameof(seckey));
}
if (seckey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(seckey));
}
recoveryId = 0;
EcdsaRecoverableSignature sig = new EcdsaRecoverableSignature();
{
if (!Secp256K1EcdsaSignRecoverable(Ctx, sig, data, seckey, null, null))
{
return(null);
}
}
var sigbytes = new byte[64];
byte recid;
{
if (!Secp256K1EcdsaRecoverableSignatureSerializeCompact(Ctx, sigbytes, out recid, sig))
{
return(null);
}
}
recoveryId = recid;
return(sigbytes);
}
private static int SignCompact(Context ctx, byte[] msg32, byte[] seckey, byte[] output64, out byte recid)
{
EcdsaRecoverableSignature sig = new EcdsaRecoverableSignature();
byte loop = 0;
int index = 0;
bool rec = false;
var extra = new byte[32];
do
{
extra[index] = loop;
loop++;
if (extra[index] == 0xff)
{
index = index + 1;
}
rec = Secp256K1EcdsaSignRecoverable(ctx, sig, msg32, seckey, null, extra);
} while (!rec);
Secp256K1EcdsaRecoverableSignatureSerializeCompact(ctx, output64, out recid, sig);
return(loop);
}
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata)
{
if (ctx == null || msg32 == null || signature == null || seckey == null)
{
throw new NullReferenceException();
}
if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx))
{
throw new ArithmeticException();
}
if (noncefp == null)
{
noncefp = Secp256K1T.NonceFunctionDefault;
}
Scalar r, s;
Scalar sec, non, msg;
byte recid = 1;
bool ret = false;
var overflow = false;
sec = new Scalar();
Scalar.SetB32(sec, seckey, ref overflow);
r = new Scalar();
s = new Scalar();
/* Fail if the secret key is invalid. */
if (!overflow && !Scalar.IsZero(sec))
{
var nonce32 = new byte[32];
uint count = 0;
msg = new Scalar();
Scalar.SetB32(msg, msg32);
non = new Scalar();
while (true)
{
ret = noncefp(nonce32, msg32, seckey, null, noncedata, count);
if (!ret)
{
break;
}
Scalar.SetB32(non, nonce32, ref overflow);
if (!Scalar.IsZero(non) && !overflow)
{
if (Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, r, s, sec, msg, non, out recid))
{
break;
}
}
count++;
}
Util.MemSet(nonce32, 0, 32); //memset(nonce32, 0, 32);
Scalar.Clear(msg);
Scalar.Clear(non);
Scalar.Clear(sec);
}
if (ret)
{
Secp256K1EcdsaRecoverableSignatureSave(signature, r, s, recid);
}
else
{
Util.MemSet(signature.Data, 0, EcdsaRecoverableSignature.Size); //memset(signature, 0, sizeof(* signature));
}
return(ret);
}
private static void Secp256K1EcdsaRecoverableSignatureLoad(Scalar r, Scalar s, out byte recid, EcdsaRecoverableSignature sig)
{
Buffer.BlockCopy(sig.Data, 0, r.D, 0, 32);
Buffer.BlockCopy(sig.Data, 32, s.D, 0, 32);
recid = sig.Data[64];
}
private static bool Secp256K1EcdsaRecoverableSignatureSerializeCompact(Context ctx, byte[] outputxx, int skip, out byte recid, EcdsaRecoverableSignature sig)
{
Scalar r = new Scalar();
Scalar s = new Scalar();
recid = 0;
if (outputxx == null)
{
ctx.IllegalCallback?.Invoke(null, new Callback("(outputxx != null)"));
return(false);
}
//___________________________________________________________________________________________________________________________________
if (sig == null)
{
ctx.IllegalCallback?.Invoke(null, new Callback("(sig != null)"));
return(false);
}
//___________________________________________________________________________________________________________________________________
Secp256K1EcdsaRecoverableSignatureLoad(r, s, out recid, sig);
Scalar.GetB32(outputxx, skip + 0, r);
Scalar.GetB32(outputxx, skip + 32, s);
return(true);
}
private static bool Secp256K1EcdsaRecoverableSignatureSerializeCompact(Context ctx, byte[] output64, out byte recid, EcdsaRecoverableSignature sig)
{
return(Secp256K1EcdsaRecoverableSignatureSerializeCompact(ctx, output64, 0, out recid, sig));
}
private static void Secp256K1EcdsaRecoverableSignatureSave(EcdsaRecoverableSignature sig, Scalar r, Scalar s, byte recid)
{
Buffer.BlockCopy(r.D, 0, sig.Data, 0, 32);
Buffer.BlockCopy(s.D, 0, sig.Data, 32, 32);
sig.Data[64] = recid;
}
private static bool Secp256K1EcdsaSignRecoverable(Context ctx, EcdsaRecoverableSignature signature, byte[] msg32, byte[] seckey, NonceFunction noncefp, byte[] noncedata)
{
if (ctx == null || msg32 == null || (signature == null || seckey == null))
{
throw new NullReferenceException();
}
if (!EcMultGen.ContextIsBuilt(ctx.EcMultGenCtx))
{
throw new ArithmeticException();
}
if (noncefp == null)
{
noncefp = Secp256K1T.NonceFunctionDefault;
}
byte recid = 1;
bool flag = false;
bool overflow = false;
Scalar scalar1 = new Scalar();
Scalar.SetB32(scalar1, seckey, ref overflow);
Scalar scalar2 = new Scalar();
Scalar scalar3 = new Scalar();
if (!overflow && !Scalar.IsZero(scalar1))
{
byte[] numArray = new byte[32];
uint attempt = 0;
Scalar scalar4 = new Scalar();
Scalar.SetB32(scalar4, msg32);
Scalar scalar5 = new Scalar();
while (true)
{
flag = noncefp(numArray, msg32, seckey, (byte[])null, noncedata, attempt);
if (flag)
{
Scalar.SetB32(scalar5, numArray, ref overflow);
if (Scalar.IsZero(scalar5) || overflow || !Secp256K1Manager.Secp256K1EcdsaSigSign(ctx.EcMultGenCtx, scalar2, scalar3, scalar1, scalar4, scalar5, out recid))
{
++attempt;
}
else
{
break;
}
}
else
{
break;
}
}
Util.MemSet(numArray, (byte)0, 32);
Scalar.Clear(scalar4);
Scalar.Clear(scalar5);
Scalar.Clear(scalar1);
}
if (flag)
{
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureSave(signature, scalar2, scalar3, recid);
}
else
{
Util.MemSet(signature.Data, (byte)0, 65);
}
return(flag);
}
private static bool Secp256K1EcdsaRecoverableSignatureSerializeCompact(Context ctx, byte[] outputxx, int skip, out byte recid, EcdsaRecoverableSignature sig)
{
Scalar scalar1 = new Scalar();
Scalar scalar2 = new Scalar();
recid = (byte)0;
if (outputxx == null)
{
EventHandler <Callback> illegalCallback = ctx.IllegalCallback;
if (illegalCallback != null)
{
illegalCallback((object)null, new Callback("(outputxx != null)"));
}
return(false);
}
if (sig == null)
{
EventHandler <Callback> illegalCallback = ctx.IllegalCallback;
if (illegalCallback != null)
{
illegalCallback((object)null, new Callback("(sig != null)"));
}
return(false);
}
Secp256K1Manager.Secp256K1EcdsaRecoverableSignatureLoad(scalar1, scalar2, out recid, sig);
Scalar.GetB32(outputxx, skip, scalar1);
Scalar.GetB32(outputxx, skip + 32, scalar2);
return(true);
}
