static Secp256k1Manager()
 {
     IllegalCallback += OnIllegalCallback;
     ErrorCallback   += OnErrorCallback;
     Ctx              = new secp256k1_context();
     Ctx              = secp256k1_context_create(Secp256K1Options.ContextSign | Secp256K1Options.ContextVerify);
 }
        private static secp256k1_context secp256k1_context_create(Secp256K1Options flags)
        {
            var ret = new secp256k1_context
            {
                illegal_callback = IllegalCallback,
                error_callback   = ErrorCallback
            };

            if ((flags & Secp256K1Options.FlagsTypeMask) != Secp256K1Options.FlagsTypeContext)
            {
                ret.illegal_callback?.Invoke(null, new secp256k1_callback("Invalid flags"));
                return(null);
            }

            ECMult.secp256k1_ecmult_context_init(ret.ecmult_ctx);
            ECMultGen.secp256k1_ecmult_gen_context_init(ret.ecmult_gen_ctx);

            if (flags.HasFlag(Secp256K1Options.FlagsBitContextSign))
            {
                ECMultGen.secp256k1_ecmult_gen_context_build(ret.ecmult_gen_ctx, ret.error_callback);
            }
            if (flags.HasFlag(Secp256K1Options.FlagsBitContextVerify))
            {
                ECMult.secp256k1_ecmult_context_build(ret.ecmult_ctx, ret.error_callback);
            }

            return(ret);
        }
        private static bool secp256k1_ecdsa_recoverable_signature_serialize_compact(secp256k1_context ctx, byte[] outputxx, int skip, out byte recid, secp256k1_ecdsa_recoverable_signature sig)
        {
            secp256k1_scalar r = new secp256k1_scalar();
            secp256k1_scalar s = new secp256k1_scalar();

            recid = 0;

            if (outputxx == null)
            {
                ctx.illegal_callback?.Invoke(null, new secp256k1_callback("(outputxx != null)"));
                return(false);
            }
            //___________________________________________________________________________________________________________________________________
            if (sig == null)
            {
                ctx.illegal_callback?.Invoke(null, new secp256k1_callback("(sig != null)"));
                return(false);
            }
            //___________________________________________________________________________________________________________________________________

            secp256k1_ecdsa_recoverable_signature_load(ctx, r, s, out recid, sig);
            Scalar.secp256k1_scalar_get_b32(outputxx, skip + 0, r);
            Scalar.secp256k1_scalar_get_b32(outputxx, skip + 32, s);
            return(true);
        }
 private static void secp256k1_ecdsa_recoverable_signature_load(secp256k1_context ctx, secp256k1_scalar r, secp256k1_scalar s, out byte recid, secp256k1_ecdsa_recoverable_signature sig)
 {
     //(void)ctx;
     if (secp256k1_scalar.Size == 32)
     {
         /* When the secp256k1_scalar type is exactly 32 byte, use its
          * representation inside secp256k1_ecdsa_signature, as conversion is very fast.
          * Note that secp256k1_ecdsa_signature_save must use the same representation. */
         Util.Memcpy(sig.data, 0, r.d, 0, 32);  //memcpy(r, &sig->data[0], 32);
         Util.Memcpy(sig.data, 32, s.d, 0, 32); //memcpy(s, &sig->data[32], 32);
     }
     else
     {
         Scalar.secp256k1_scalar_set_b32(r, sig.data, 0);
         Scalar.secp256k1_scalar_set_b32(s, sig.data, 32);
     }
     recid = sig.data[64];
 }
        private static int sign_compact(secp256k1_context ctx, byte[] msg32, byte[] seckey, byte[] output64, out byte recid)
        {
            secp256k1_ecdsa_recoverable_signature sig = new secp256k1_ecdsa_recoverable_signature();
            byte loop  = 0;
            int  index = 0;
            bool rec   = false;
            var  extra = new byte[32];

            do
            {
                extra[index] = loop;
                loop++;
                if (extra[index] == 0xff)
                {
                    index = index + 1;
                }

                rec = secp256k1_ecdsa_sign_recoverable(ctx, sig, msg32, seckey, null, extra);
            } while (!rec);

            secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, output64, out recid, sig);
            return(loop);
        }
 private static bool secp256k1_ecdsa_recoverable_signature_serialize_compact(secp256k1_context ctx, byte[] output64, out byte recid, secp256k1_ecdsa_recoverable_signature sig)
 {
     return(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, output64, 0, out recid, sig));
 }
        private static bool secp256k1_ecdsa_sign_recoverable(secp256k1_context ctx, secp256k1_ecdsa_recoverable_signature signature,
                                                             byte[] msg32, byte[] seckey, secp256k1_nonce_function noncefp, byte[] noncedata)
        {
            if (ctx == null || msg32 == null || signature == null || seckey == null)
            {
                throw new NullReferenceException();
            }

            if (!ECMultGen.secp256k1_ecmult_gen_context_is_built(ctx.ecmult_gen_ctx))
            {
                throw new ArithmeticException();
            }

            if (noncefp == null)
            {
                noncefp = Secp256k1.secp256k1_nonce_function_default;
            }

            secp256k1_scalar r, s;
            secp256k1_scalar sec, non, msg;
            byte             recid = 1;
            bool             ret   = false;
            var overflow           = false;

            sec = new secp256k1_scalar();
            Scalar.secp256k1_scalar_set_b32(sec, seckey, ref overflow);
            r = new secp256k1_scalar();
            s = new secp256k1_scalar();
            /* Fail if the secret key is invalid. */
            if (!overflow && !Scalar.secp256k1_scalar_is_zero(sec))
            {
                var  nonce32 = new byte[32];
                uint count   = 0;
                msg = new secp256k1_scalar();
                Scalar.secp256k1_scalar_set_b32(msg, msg32);
                non = new secp256k1_scalar();

                while (true)
                {
                    ret = noncefp(nonce32, msg32, seckey, null, noncedata, count);
                    if (!ret)
                    {
                        break;
                    }

                    Scalar.secp256k1_scalar_set_b32(non, nonce32, ref overflow);
                    if (!Scalar.secp256k1_scalar_is_zero(non) && !overflow)
                    {
                        if (secp256k1_ecdsa_sig_sign(ctx.ecmult_gen_ctx, r, s, sec, msg, non, out recid))
                        {
                            break;
                        }
                    }
                    count++;
                }
                Util.MemSet(nonce32, 0, 32); //memset(nonce32, 0, 32);
                Scalar.secp256k1_scalar_clear(msg);
                Scalar.secp256k1_scalar_clear(non);
                Scalar.secp256k1_scalar_clear(sec);
            }
            if (ret)
            {
                secp256k1_ecdsa_recoverable_signature_save(signature, r, s, recid);
            }
            else
            {
                Util.MemSet(signature.data, 0, secp256k1_ecdsa_recoverable_signature.Size); //memset(signature, 0, sizeof(* signature));
            }
            return(ret);
        }