Move pubkey recovery code to separate module

bitcoin-core · Aug 27, 2015 · c1edf1e · c1edf1e
1 parent ab08d65
commit c1edf1e
Show file tree

Hide file tree

Showing 10 changed files with 555 additions and 480 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -51,13 +51,10 @@ libsecp256k1_la_LIBADD = $(SECP_LIBS)
 
 noinst_PROGRAMS =
 if USE_BENCHMARK
-noinst_PROGRAMS += bench_verify bench_recover bench_sign bench_internal
+noinst_PROGRAMS += bench_verify bench_sign bench_internal
 bench_verify_SOURCES = src/bench_verify.c
 bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS)
 bench_verify_LDFLAGS = -static
-bench_recover_SOURCES = src/bench_recover.c
-bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS)
-bench_recover_LDFLAGS = -static
 bench_sign_SOURCES = src/bench_sign.c
 bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS)
 bench_sign_LDFLAGS = -static
@@ -106,3 +103,7 @@ endif
 if ENABLE_MODULE_SCHNORR
 include src/modules/schnorr/Makefile.am.include
 endif
+
+if ENABLE_MODULE_RECOVERY
+include src/modules/recovery/Makefile.am.include
+endif
diff --git a/configure.ac b/configure.ac
@@ -114,6 +114,11 @@ AC_ARG_ENABLE(module_schnorr,
     [enable_module_schnorr=$enableval],
     [enable_module_schnorr=no])
 
+AC_ARG_ENABLE(module_recovery,
+    AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module (default is no)]),
+    [enable_module_recovery=$enableval],
+    [enable_module_recovery=no])
+
 AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto],
 [Specify Field Implementation. Default is auto])],[req_field=$withval], [req_field=auto])
 
@@ -335,6 +340,10 @@ if test x"$enable_module_schnorr" = x"yes"; then
   AC_DEFINE(ENABLE_MODULE_SCHNORR, 1, [Define this symbol to enable the Schnorr signature module])
 fi
 
+if test x"$enable_module_recovery" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
+fi
+
 AC_C_BIGENDIAN()
 
 AC_MSG_NOTICE([Using assembly optimizations: $set_asm])
@@ -345,6 +354,7 @@ AC_MSG_NOTICE([Using endomorphism optimizations: $use_endomorphism])
 AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
 
 AC_MSG_NOTICE([Building Schnorr signatures module: $enable_module_schnorr])
+AC_MSG_NOTICE([Building ECDSA pubkey recovery module: $enable_module_recovery])
 
 AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
 AC_CONFIG_FILES([Makefile libsecp256k1.pc])
@@ -357,6 +367,7 @@ AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"])
 AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$use_ecmult_static_precomputation" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_SCHNORR], [test x"$enable_module_schnorr" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
 
 dnl make sure nothing new is exported so that we don't break the cache
 PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"

diff --git a/include/secp256k1.h b/include/secp256k1.h
@@ -56,24 +56,6 @@ typedef struct {
     unsigned char data[64];
 } secp256k1_ecdsa_signature_t;
 
-/** Opaque data structured that holds a parsed ECDSA signature,
- *  supporting pubkey recovery.
- *
- *  The exact representation of data inside is implementation defined and not
- *  guaranteed to be portable between different platforms or versions. It is
- *  however guaranteed to be 65 bytes in size, and can be safely copied/moved.
- *  If you need to convert to a format suitable for storage or transmission, use
- *  the secp256k1_ecdsa_signature_serialize_* and
- *  secp256k1_ecdsa_signature_serialize_* functions.
- *
- *  Furthermore, it is guaranteed to identical signatures (including their
- *  recoverability) will have identical representation, so they can be
- *  memcmp'ed.
- */
-typedef struct {
-    unsigned char data[65];
-} secp256k1_ecdsa_recoverable_signature_t;
-
 /** A pointer to a function to deterministically generate a nonce.
  *
  * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail.
@@ -270,33 +252,6 @@ int secp256k1_ecdsa_signature_parse_der(
     int inputlen
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Parse a compact ECDSA signature (64 bytes + recovery id).
- *
- *  Returns: 1 when the signature could be parsed, 0 otherwise
- *  In:  ctx:     a secp256k1 context object
- *       input64: a pointer to a 64-byte compact signature
- *       recid:   the recovery id (0, 1, 2 or 3)
- *  Out: sig:     a pointer to a signature object
- */
-int secp256k1_ecdsa_recoverable_signature_parse_compact(
-    const secp256k1_context_t* ctx,
-    secp256k1_ecdsa_recoverable_signature_t* sig,
-    const unsigned char *input64,
-    int recid
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
-
-/** Convert a recoverable signature into a normal signature.
- *
- *  Returns: 1
- *  In:  sigin:  a pointer to a recoverable signature (cannot be NULL).
- *  Out: sig:    a pointer to a normal signature (cannot be NULL).
- */
-int secp256k1_ecdsa_recoverable_signature_convert(
-    const secp256k1_context_t* ctx,
-    secp256k1_ecdsa_signature_t* sig,
-    const secp256k1_ecdsa_recoverable_signature_t* sigin
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
-
 /** Serialize an ECDSA signature in DER format.
  *
  *  Returns: 1 if enough space was available to serialize, 0 otherwise
@@ -315,21 +270,6 @@ int secp256k1_ecdsa_signature_serialize_der(
     const secp256k1_ecdsa_signature_t* sig
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
-/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
- *
- *  Returns: 1
- *  In: ctx:       a secp256k1 context object
- *      sig:       a pointer to an initialized signature object (cannot be NULL)
- *  Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL)
- *       recid:    a pointer to an integer to hold the recovery id (can be NULL).
- */
-int secp256k1_ecdsa_recoverable_signature_serialize_compact(
-    const secp256k1_context_t* ctx,
-    unsigned char *output64,
-    int *recid,
-    const secp256k1_ecdsa_recoverable_signature_t* sig
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
-
 /** Verify an ECDSA signature.
  *
  *  Returns: 1: correct signature
@@ -366,8 +306,6 @@ extern const secp256k1_nonce_function_t secp256k1_nonce_function_default;
  *           ndata:  pointer to arbitrary data used by the nonce generation function (can be NULL)
  *  Out:     sig:    pointer to an array where the signature will be placed (cannot be NULL)
  *
- * The resulting signature will support pubkey recovery.
- *
  * The sig always has an s value in the lower half of the range (From 0x1
  * to 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,
  * inclusive), unlike many other implementations.
@@ -404,42 +342,6 @@ int secp256k1_ecdsa_sign(
     const void *ndata
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
-/** Create a recoverable ECDSA signature.
- *
- *  Returns: 1: signature created
- *           0: the nonce generation function failed, or the private key was invalid.
- *  In:      ctx:    pointer to a context object, initialized for signing (cannot be NULL)
- *           msg32:  the 32-byte message hash being signed (cannot be NULL)
- *           seckey: pointer to a 32-byte secret key (cannot be NULL)
- *           noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
- *           ndata:  pointer to arbitrary data used by the nonce generation function (can be NULL)
- *  Out:     sig:    pointer to an array where the signature will be placed (cannot be NULL)
- */
-int secp256k1_ecdsa_sign_recoverable(
-    const secp256k1_context_t* ctx,
-    const unsigned char *msg32,
-    secp256k1_ecdsa_recoverable_signature_t *sig,
-    const unsigned char *seckey,
-    secp256k1_nonce_function_t noncefp,
-    const void *ndata
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
-
-/** Recover an ECDSA public key from a signature.
- *
- *  Returns: 1: public key successfully recovered (which guarantees a correct signature).
- *           0: otherwise.
- *  In:      ctx:        pointer to a context object, initialized for verification (cannot be NULL)
- *           msg32:      the 32-byte message hash assumed to be signed (cannot be NULL)
- *           sig:        pointer to initialized signature that supports pubkey recovery (cannot be NULL)
- *  Out:     pubkey:     pointer to the recoved public key (cannot be NULL)
- */
-SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
-    const secp256k1_context_t* ctx,
-    const unsigned char *msg32,
-    const secp256k1_ecdsa_recoverable_signature_t *sig,
-    secp256k1_pubkey_t *pubkey
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
-
 /** Verify an ECDSA secret key.
  *
  *  Returns: 1: secret key is valid

diff --git a/include/secp256k1_recovery.h b/include/secp256k1_recovery.h
@@ -0,0 +1,110 @@
+#ifndef _SECP256K1_RECOVERY_
+# define _SECP256K1_RECOVERY_
+
+# include "secp256k1.h"
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/** Opaque data structured that holds a parsed ECDSA signature,
+ *  supporting pubkey recovery.
+ *
+ *  The exact representation of data inside is implementation defined and not
+ *  guaranteed to be portable between different platforms or versions. It is
+ *  however guaranteed to be 65 bytes in size, and can be safely copied/moved.
+ *  If you need to convert to a format suitable for storage or transmission, use
+ *  the secp256k1_ecdsa_signature_serialize_* and
+ *  secp256k1_ecdsa_signature_serialize_* functions.
+ *
+ *  Furthermore, it is guaranteed to identical signatures (including their
+ *  recoverability) will have identical representation, so they can be
+ *  memcmp'ed.
+ */
+typedef struct {
+    unsigned char data[65];
+} secp256k1_ecdsa_recoverable_signature_t;
+
+/** Parse a compact ECDSA signature (64 bytes + recovery id).
+ *
+ *  Returns: 1 when the signature could be parsed, 0 otherwise
+ *  In:  ctx:     a secp256k1 context object
+ *       input64: a pointer to a 64-byte compact signature
+ *       recid:   the recovery id (0, 1, 2 or 3)
+ *  Out: sig:     a pointer to a signature object
+ */
+int secp256k1_ecdsa_recoverable_signature_parse_compact(
+    const secp256k1_context_t* ctx,
+    secp256k1_ecdsa_recoverable_signature_t* sig,
+    const unsigned char *input64,
+    int recid
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Convert a recoverable signature into a normal signature.
+ *
+ *  Returns: 1
+ *  In:  sigin:  a pointer to a recoverable signature (cannot be NULL).
+ *  Out: sig:    a pointer to a normal signature (cannot be NULL).
+ */
+int secp256k1_ecdsa_recoverable_signature_convert(
+    const secp256k1_context_t* ctx,
+    secp256k1_ecdsa_signature_t* sig,
+    const secp256k1_ecdsa_recoverable_signature_t* sigin
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
+ *
+ *  Returns: 1
+ *  In: ctx:       a secp256k1 context object
+ *      sig:       a pointer to an initialized signature object (cannot be NULL)
+ *  Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL)
+ *       recid:    a pointer to an integer to hold the recovery id (can be NULL).
+ */
+int secp256k1_ecdsa_recoverable_signature_serialize_compact(
+    const secp256k1_context_t* ctx,
+    unsigned char *output64,
+    int *recid,
+    const secp256k1_ecdsa_recoverable_signature_t* sig
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
+
+/** Create a recoverable ECDSA signature.
+ *
+ *  Returns: 1: signature created
+ *           0: the nonce generation function failed, or the private key was invalid.
+ *  In:      ctx:    pointer to a context object, initialized for signing (cannot be NULL)
+ *           msg32:  the 32-byte message hash being signed (cannot be NULL)
+ *           seckey: pointer to a 32-byte secret key (cannot be NULL)
+ *           noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
+ *           ndata:  pointer to arbitrary data used by the nonce generation function (can be NULL)
+ *  Out:     sig:    pointer to an array where the signature will be placed (cannot be NULL)
+ */
+int secp256k1_ecdsa_sign_recoverable(
+    const secp256k1_context_t* ctx,
+    const unsigned char *msg32,
+    secp256k1_ecdsa_recoverable_signature_t *sig,
+    const unsigned char *seckey,
+    secp256k1_nonce_function_t noncefp,
+    const void *ndata
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
+/** Recover an ECDSA public key from a signature.
+ *
+ *  Returns: 1: public key successfully recovered (which guarantees a correct signature).
+ *           0: otherwise.
+ *  In:      ctx:        pointer to a context object, initialized for verification (cannot be NULL)
+ *           msg32:      the 32-byte message hash assumed to be signed (cannot be NULL)
+ *           sig:        pointer to initialized signature that supports pubkey recovery (cannot be NULL)
+ *  Out:     pubkey:     pointer to the recoved public key (cannot be NULL)
+ */
+SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
+    const secp256k1_context_t* ctx,
+    const unsigned char *msg32,
+    const secp256k1_ecdsa_recoverable_signature_t *sig,
+    secp256k1_pubkey_t *pubkey
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/src/bench_recover.c b/src/bench_recover.c
@@ -1,10 +1,11 @@
 /**********************************************************************
- * Copyright (c) 2014 Pieter Wuille                                   *
+ * Copyright (c) 2014-2015 Pieter Wuille                              *
  * Distributed under the MIT software license, see the accompanying   *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  **********************************************************************/
 
 #include "include/secp256k1.h"
+#include "include/secp256k1_recovery.h"
 #include "util.h"
 #include "bench.h"
 

diff --git a/src/modules/recovery/Makefile.am.include b/src/modules/recovery/Makefile.am.include
@@ -0,0 +1,9 @@
+include_HEADERS += include/secp256k1_recovery.h
+noinst_HEADERS += src/modules/recovery/main_impl.h
+noinst_HEADERS += src/modules/recovery/tests_impl.h
+if USE_BENCHMARK
+noinst_PROGRAMS += bench_recover
+bench_recover_SOURCES = src/bench_recover.c
+bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS)
+bench_recover_LDFLAGS = -static
+endif