Raven Core  3.0.0
P2P Digital Currency
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Modules Pages
main_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2015 Andrew Poelstra *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_ECDH_MAIN_H
8 #define SECP256K1_MODULE_ECDH_MAIN_H
9 
10 #include "include/secp256k1_ecdh.h"
11 #include "ecmult_const_impl.h"
12 
13 int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar) {
14  int ret = 0;
15  int overflow = 0;
16  secp256k1_gej res;
17  secp256k1_ge pt;
18  secp256k1_scalar s;
19  VERIFY_CHECK(ctx != NULL);
20  ARG_CHECK(result != NULL);
21  ARG_CHECK(point != NULL);
22  ARG_CHECK(scalar != NULL);
23 
24  secp256k1_pubkey_load(ctx, &pt, point);
25  secp256k1_scalar_set_b32(&s, scalar, &overflow);
26  if (overflow || secp256k1_scalar_is_zero(&s)) {
27  ret = 0;
28  } else {
29  unsigned char x[32];
30  unsigned char y[1];
31  secp256k1_sha256_t sha;
32 
33  secp256k1_ecmult_const(&res, &pt, &s);
34  secp256k1_ge_set_gej(&pt, &res);
35  /* Compute a hash of the point in compressed form
36  * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not
37  * expect its output to be secret and has a timing sidechannel. */
38  secp256k1_fe_normalize(&pt.x);
39  secp256k1_fe_normalize(&pt.y);
40  secp256k1_fe_get_b32(x, &pt.x);
41  y[0] = 0x02 | secp256k1_fe_is_odd(&pt.y);
42 
43  secp256k1_sha256_initialize(&sha);
44  secp256k1_sha256_write(&sha, y, sizeof(y));
45  secp256k1_sha256_write(&sha, x, sizeof(x));
46  secp256k1_sha256_finalize(&sha, result);
47  ret = 1;
48  }
49 
50  secp256k1_scalar_clear(&s);
51  return ret;
52 }
53 
54 #endif /* SECP256K1_MODULE_ECDH_MAIN_H */
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:67
secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:24
secp256k1_context_struct
Definition: secp256k1.c:51
ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1.c:21
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:14
secp256k1_ge::x
secp256k1_fe x
Definition: group.h:15
secp256k1_ecdh
int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar)
Compute an EC Diffie-Hellman secret in constant time Returns: 1: exponentiation was successful 0: sca...
Definition: main_impl.h:13
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
secp256k1_sha256_t
Definition: hash.h:13
ecmult_const_impl.h
secp256k1_ecdh.h
secp256k1_ge::y
secp256k1_fe y
Definition: group.h:16
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:53
Generated on Mon Jul 29 2019 02:32:20 for Raven Core by   doxygen 1.8.13