Skip to content

Commit eb74c36

Browse files
sipasipa
committed
Abstract out tweak logic to secp256k1_eckey_* functions
1 parent ffffc87 commit eb74c36

File tree

3 files changed

+78
-49
lines changed

3 files changed

+78
-49
lines changed

src/eckey.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,13 @@
1010

1111
int static secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size);
1212
void static secp256k1_eckey_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed);
13+
1314
int static secp256k1_eckey_privkey_parse(secp256k1_num_t *key, const unsigned char *privkey, int privkeylen);
1415
int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privkeylen, const secp256k1_num_t *key, int compressed);
1516

17+
int static secp256k1_eckey_privkey_tweak_add(secp256k1_num_t *key, const secp256k1_num_t *tweak);
18+
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
19+
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_num_t *key, const secp256k1_num_t *tweak);
20+
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak);
21+
1622
#endif

src/eckey_impl.h

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,4 +131,59 @@ int static secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke
131131
return 1;
132132
}
133133

134+
int static secp256k1_eckey_privkey_tweak_add(secp256k1_num_t *key, const secp256k1_num_t *tweak) {
135+
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
136+
return 0;
137+
secp256k1_num_add(key, key, tweak);
138+
secp256k1_num_mod(key, &secp256k1_ge_consts->order);
139+
if (secp256k1_num_is_zero(key))
140+
return 0;
141+
return 1;
142+
}
143+
144+
int static secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
145+
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
146+
return 0;
147+
148+
secp256k1_gej_t pt;
149+
secp256k1_gej_set_ge(&pt, key);
150+
secp256k1_num_t one;
151+
secp256k1_num_init(&one);
152+
secp256k1_num_set_int(&one, 1);
153+
secp256k1_ecmult(&pt, &pt, &one, tweak);
154+
secp256k1_num_free(&one);
155+
156+
if (secp256k1_gej_is_infinity(&pt))
157+
return 0;
158+
secp256k1_ge_set_gej(key, &pt);
159+
return 1;
160+
}
161+
162+
int static secp256k1_eckey_privkey_tweak_mul(secp256k1_num_t *key, const secp256k1_num_t *tweak) {
163+
if (secp256k1_num_is_zero(tweak))
164+
return 0;
165+
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
166+
return 0;
167+
168+
secp256k1_num_mod_mul(key, key, tweak, &secp256k1_ge_consts->order);
169+
return 1;
170+
}
171+
172+
int static secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_num_t *tweak) {
173+
if (secp256k1_num_is_zero(tweak))
174+
return 0;
175+
if (secp256k1_num_cmp(tweak, &secp256k1_ge_consts->order) >= 0)
176+
return 0;
177+
178+
secp256k1_num_t zero;
179+
secp256k1_num_init(&zero);
180+
secp256k1_num_set_int(&zero, 0);
181+
secp256k1_gej_t pt;
182+
secp256k1_gej_set_ge(&pt, key);
183+
secp256k1_ecmult(&pt, &pt, tweak, &zero);
184+
secp256k1_num_free(&zero);
185+
secp256k1_ge_set_gej(key, &pt);
186+
return 1;
187+
}
188+
134189
#endif

src/secp256k1.c

Lines changed: 17 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -220,23 +220,18 @@ int secp256k1_ec_privkey_tweak_add(unsigned char *seckey, const unsigned char *t
220220
DEBUG_CHECK(seckey != NULL);
221221
DEBUG_CHECK(tweak != NULL);
222222

223-
int ret = 1;
224223
secp256k1_num_t term;
225224
secp256k1_num_init(&term);
226225
secp256k1_num_set_bin(&term, tweak, 32);
227-
if (secp256k1_num_cmp(&term, &secp256k1_ge_consts->order) >= 0)
228-
ret = 0;
229226
secp256k1_num_t sec;
230227
secp256k1_num_init(&sec);
228+
secp256k1_num_set_bin(&sec, seckey, 32);
229+
230+
int ret = secp256k1_eckey_privkey_tweak_add(&sec, &term);
231231
if (ret) {
232-
secp256k1_num_set_bin(&sec, seckey, 32);
233-
secp256k1_num_add(&sec, &sec, &term);
234-
secp256k1_num_mod(&sec, &secp256k1_ge_consts->order);
235-
if (secp256k1_num_is_zero(&sec))
236-
ret = 0;
237-
}
238-
if (ret)
239232
secp256k1_num_get_bin(seckey, 32, &sec);
233+
}
234+
240235
secp256k1_num_clear(&sec);
241236
secp256k1_num_clear(&term);
242237
secp256k1_num_free(&sec);
@@ -249,32 +244,20 @@ int secp256k1_ec_pubkey_tweak_add(unsigned char *pubkey, int pubkeylen, const un
249244
DEBUG_CHECK(pubkey != NULL);
250245
DEBUG_CHECK(tweak != NULL);
251246

252-
int ret = 1;
253247
secp256k1_num_t term;
254248
secp256k1_num_init(&term);
255249
secp256k1_num_set_bin(&term, tweak, 32);
256-
if (secp256k1_num_cmp(&term, &secp256k1_ge_consts->order) >= 0)
257-
ret = 0;
258250
secp256k1_ge_t p;
251+
int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
259252
if (ret) {
260-
if (!secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen))
261-
ret = 0;
253+
ret = secp256k1_eckey_pubkey_tweak_add(&p, &term);
262254
}
263255
if (ret) {
264-
secp256k1_gej_t pt;
265-
secp256k1_gej_set_ge(&pt, &p);
266-
secp256k1_num_t one;
267-
secp256k1_num_init(&one);
268-
secp256k1_num_set_int(&one, 1);
269-
secp256k1_ecmult(&pt, &pt, &one, &term);
270-
secp256k1_num_free(&one);
271-
if (secp256k1_gej_is_infinity(&pt))
272-
ret = 0;
273-
secp256k1_ge_set_gej(&p, &pt);
274256
int oldlen = pubkeylen;
275257
secp256k1_eckey_pubkey_serialize(&p, pubkey, &pubkeylen, oldlen <= 33);
276258
VERIFY_CHECK(pubkeylen == oldlen);
277259
}
260+
278261
secp256k1_num_free(&term);
279262
return ret;
280263
}
@@ -283,22 +266,19 @@ int secp256k1_ec_privkey_tweak_mul(unsigned char *seckey, const unsigned char *t
283266
DEBUG_CHECK(seckey != NULL);
284267
DEBUG_CHECK(tweak != NULL);
285268

286-
int ret = 1;
287269
secp256k1_num_t factor;
288270
secp256k1_num_init(&factor);
289271
secp256k1_num_set_bin(&factor, tweak, 32);
290-
if (secp256k1_num_is_zero(&factor))
291-
ret = 0;
292-
if (secp256k1_num_cmp(&factor, &secp256k1_ge_consts->order) >= 0)
293-
ret = 0;
294272
secp256k1_num_t sec;
295273
secp256k1_num_init(&sec);
274+
secp256k1_num_set_bin(&sec, seckey, 32);
275+
int ret = secp256k1_eckey_privkey_tweak_mul(&sec, &factor);
296276
if (ret) {
297-
secp256k1_num_set_bin(&sec, seckey, 32);
298-
secp256k1_num_mod_mul(&sec, &sec, &factor, &secp256k1_ge_consts->order);
299-
}
300-
if (ret)
301277
secp256k1_num_get_bin(seckey, 32, &sec);
278+
}
279+
280+
secp256k1_num_clear(&sec);
281+
secp256k1_num_clear(&factor);
302282
secp256k1_num_free(&sec);
303283
secp256k1_num_free(&factor);
304284
return ret;
@@ -309,32 +289,20 @@ int secp256k1_ec_pubkey_tweak_mul(unsigned char *pubkey, int pubkeylen, const un
309289
DEBUG_CHECK(pubkey != NULL);
310290
DEBUG_CHECK(tweak != NULL);
311291

312-
int ret = 1;
313292
secp256k1_num_t factor;
314293
secp256k1_num_init(&factor);
315294
secp256k1_num_set_bin(&factor, tweak, 32);
316-
if (secp256k1_num_is_zero(&factor))
317-
ret = 0;
318-
if (secp256k1_num_cmp(&factor, &secp256k1_ge_consts->order) >= 0)
319-
ret = 0;
320295
secp256k1_ge_t p;
296+
int ret = secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen);
321297
if (ret) {
322-
if (!secp256k1_eckey_pubkey_parse(&p, pubkey, pubkeylen))
323-
ret = 0;
298+
ret = secp256k1_eckey_pubkey_tweak_mul(&p, &factor);
324299
}
325300
if (ret) {
326-
secp256k1_num_t zero;
327-
secp256k1_num_init(&zero);
328-
secp256k1_num_set_int(&zero, 0);
329-
secp256k1_gej_t pt;
330-
secp256k1_gej_set_ge(&pt, &p);
331-
secp256k1_ecmult(&pt, &pt, &factor, &zero);
332-
secp256k1_num_free(&zero);
333-
secp256k1_ge_set_gej(&p, &pt);
334301
int oldlen = pubkeylen;
335302
secp256k1_eckey_pubkey_serialize(&p, pubkey, &pubkeylen, oldlen <= 33);
336303
VERIFY_CHECK(pubkeylen == oldlen);
337304
}
305+
338306
secp256k1_num_free(&factor);
339307
return ret;
340308
}

0 commit comments

Comments
 (0)