This is the secp256k1 Reference Manual, version 0.1.0, generated automatically by Declt version 4.0 beta 2 "William Riker" on Mon Feb 26 15:42:00 2024 GMT+0.
The main system appears first, followed by any subsystem dependency.
secp256k1FFI findings for secp256k1 library
Vitaly Drogan <vitaly@dvush.net>
MIT
0.1.0
cffi (system).
src (module).
Modules are listed depth-first from the system components tree.
secp256k1/srcsecp256k1 (system).
package.lisp (file).
secp256k1-ffi.lisp (file).
utils.lisp (file).
secp256k1.lisp (file).
Files are sorted by type and then listed depth-first from the systems components trees.
secp256k1/secp256k1.asdsecp256k1/src/package.lispsecp256k1/src/secp256k1-ffi.lispsecp256k1/src/utils.lispsecp256k1/src/secp256k1.lispsecp256k1/src/secp256k1-ffi.lispsrc (module).
*secp256k1-context-no-precomp* (symbol macro).
*secp256k1-ecdh-hash-function-default* (symbol macro).
*secp256k1-ecdh-hash-function-sha256* (symbol macro).
*secp256k1-nonce-function-default* (symbol macro).
*secp256k1-nonce-function-rfc6979* (symbol macro).
+secp256k1-context-declassify+ (constant).
+secp256k1-context-none+ (constant).
+secp256k1-context-sign+ (constant).
+secp256k1-context-verify+ (constant).
+secp256k1-ec-compressed+ (constant).
+secp256k1-ec-uncompressed+ (constant).
+secp256k1-flags-bit-compression+ (constant).
+secp256k1-flags-bit-context-declassify+ (constant).
+secp256k1-flags-bit-context-sign+ (constant).
+secp256k1-flags-bit-context-verify+ (constant).
+secp256k1-flags-type-compression+ (constant).
+secp256k1-flags-type-context+ (constant).
+secp256k1-flags-type-mask+ (constant).
+secp256k1-tag-pubkey-even+ (constant).
+secp256k1-tag-pubkey-hybrid-even+ (constant).
+secp256k1-tag-pubkey-hybrid-odd+ (constant).
+secp256k1-tag-pubkey-odd+ (constant).
+secp256k1-tag-pubkey-uncompressed+ (constant).
secp256k1-context-clone (function).
secp256k1-context-create (function).
secp256k1-context-destroy (function).
secp256k1-context-preallocated-clone (function).
secp256k1-context-preallocated-clone-size (function).
secp256k1-context-preallocated-create (function).
secp256k1-context-preallocated-destroy (function).
secp256k1-context-preallocated-size (function).
secp256k1-context-randomize (function).
secp256k1-context-set-error-callback (function).
secp256k1-context-set-illegal-callback (function).
secp256k1-ec-pubkey-cmp (function).
secp256k1-ec-pubkey-combine (function).
secp256k1-ec-pubkey-create (function).
secp256k1-ec-pubkey-negate (function).
secp256k1-ec-pubkey-parse (function).
secp256k1-ec-pubkey-serialize (function).
secp256k1-ec-pubkey-tweak-add (function).
secp256k1-ec-pubkey-tweak-mul (function).
secp256k1-ec-seckey-negate (function).
secp256k1-ec-seckey-tweak-add (function).
secp256k1-ec-seckey-tweak-mul (function).
secp256k1-ec-seckey-verify (function).
secp256k1-ecdh (function).
secp256k1-ecdsa-recover (function).
secp256k1-ecdsa-recoverable-signature-convert (function).
secp256k1-ecdsa-recoverable-signature-parse-compact (function).
secp256k1-ecdsa-recoverable-signature-serialize-compact (function).
secp256k1-ecdsa-sign (function).
secp256k1-ecdsa-sign-recoverable (function).
secp256k1-ecdsa-signature-normalize (function).
secp256k1-ecdsa-signature-parse-compact (function).
secp256k1-ecdsa-signature-parse-der (function).
secp256k1-ecdsa-signature-serialize-compact (function).
secp256k1-ecdsa-signature-serialize-der (function).
secp256k1-ecdsa-verify (function).
secp256k1-keypair-create (function).
secp256k1-keypair-pub (function).
secp256k1-keypair-sec (function).
secp256k1-keypair-xonly-pub (function).
secp256k1-keypair-xonly-tweak-add (function).
secp256k1-schnorrsig-sign (function).
secp256k1-schnorrsig-sign-custom (function).
secp256k1-schnorrsig-verify (function).
secp256k1-scratch-space-create (function).
secp256k1-scratch-space-destroy (function).
secp256k1-tagged-sha256 (function).
secp256k1-xonly-pubkey-cmp (function).
secp256k1-xonly-pubkey-from-pubkey (function).
secp256k1-xonly-pubkey-parse (function).
secp256k1-xonly-pubkey-serialize (function).
secp256k1-xonly-pubkey-tweak-add (function).
secp256k1-xonly-pubkey-tweak-add-check (function).
%var-accessor-*secp256k1-context-no-precomp* (function).
(setf %var-accessor-*secp256k1-context-no-precomp*) (function).
%var-accessor-*secp256k1-ecdh-hash-function-default* (function).
(setf %var-accessor-*secp256k1-ecdh-hash-function-default*) (function).
%var-accessor-*secp256k1-ecdh-hash-function-sha256* (function).
(setf %var-accessor-*secp256k1-ecdh-hash-function-sha256*) (function).
%var-accessor-*secp256k1-nonce-function-bip340* (function).
(setf %var-accessor-*secp256k1-nonce-function-bip340*) (function).
%var-accessor-*secp256k1-nonce-function-default* (function).
(setf %var-accessor-*secp256k1-nonce-function-default*) (function).
%var-accessor-*secp256k1-nonce-function-rfc6979* (function).
(setf %var-accessor-*secp256k1-nonce-function-rfc6979*) (function).
*secp256k1-nonce-function-bip340* (symbol macro).
secp256k1-context-tclass (class).
secp256k1-ecdsa-recoverable-signature-tclass (class).
secp256k1-ecdsa-signature-tclass (class).
secp256k1-keypair-tclass (class).
secp256k1-pubkey-tclass (class).
secp256k1-schnorrsig-extraparams-tclass (class).
secp256k1-scratch-space-tclass (class).
secp256k1-xonly-pubkey-tclass (class).
secp256k1/src/utils.lispsrc (module).
sharable-byte-array-from-array (function).
with-foreign-byte-array (macro).
with-pointer-to-vector-data-slot (macro).
secp256k1/src/secp256k1.lispsrc (module).
incorrect-secret-key-error (condition).
make-secret-key (function).
public-key-compare (method).
public-key-create (method).
public-key-destructure (method).
public-key-eq (method).
public-key-from-components (function).
public-key-parse (function).
public-key-parse-error (condition).
public-key-serialize (method).
recov-signature-destructure (method).
recov-signature-destructure* (method).
recov-signature-failure-error (condition).
recov-signature-from-components (function).
recov-signature-parse (function).
recov-signature-parse-error (condition).
recov-signature-recover (method).
recov-signature-serialize (method).
recov-signature-sign (method).
secret-key-verify (method).
signature-destructure (method).
signature-failure-error (condition).
signature-from-components (function).
signature-normalize (method).
signature-parse (function).
signature-parse-error (condition).
signature-serialize (method).
signature-sign (method).
signature-verify (method).
*ctx* (special variable).
ensure-context (function).
make-public-key (function).
make-recov-signature (function).
make-signature (function).
public-key (class).
recov-signature (class).
secret-key (class).
signature (class).
Packages are listed by definition order.
secp256k1common-lisp.
secp256k1-ffi.
incorrect-secret-key-error (condition).
make-secret-key (function).
public-key-compare (generic function).
public-key-create (generic function).
public-key-destructure (generic function).
public-key-eq (generic function).
public-key-from-components (function).
public-key-parse (function).
public-key-parse-error (condition).
public-key-serialize (generic function).
recov-signature-destructure (generic function).
recov-signature-destructure* (generic function).
recov-signature-failure-error (condition).
recov-signature-from-components (function).
recov-signature-parse (function).
recov-signature-parse-error (condition).
recov-signature-recover (generic function).
recov-signature-serialize (generic function).
recov-signature-sign (generic function).
secret-key-verify (generic function).
signature-destructure (generic function).
signature-failure-error (condition).
signature-from-components (function).
signature-normalize (generic function).
signature-parse (function).
signature-parse-error (condition).
signature-serialize (generic function).
signature-sign (generic function).
signature-verify (generic function).
*ctx* (special variable).
ensure-context (function).
make-public-key (function).
make-recov-signature (function).
make-signature (function).
public-key (class).
recov-signature (class).
secret-key (class).
sharable-byte-array-from-array (function).
signature (class).
with-foreign-byte-array (macro).
with-pointer-to-vector-data-slot (macro).
secp256k1-fficffi.
common-lisp.
*secp256k1-context-no-precomp* (symbol macro).
*secp256k1-ecdh-hash-function-default* (symbol macro).
*secp256k1-ecdh-hash-function-sha256* (symbol macro).
*secp256k1-nonce-function-default* (symbol macro).
*secp256k1-nonce-function-rfc6979* (symbol macro).
+secp256k1-context-declassify+ (constant).
+secp256k1-context-none+ (constant).
+secp256k1-context-sign+ (constant).
+secp256k1-context-verify+ (constant).
+secp256k1-ec-compressed+ (constant).
+secp256k1-ec-uncompressed+ (constant).
+secp256k1-flags-bit-compression+ (constant).
+secp256k1-flags-bit-context-declassify+ (constant).
+secp256k1-flags-bit-context-sign+ (constant).
+secp256k1-flags-bit-context-verify+ (constant).
+secp256k1-flags-type-compression+ (constant).
+secp256k1-flags-type-context+ (constant).
+secp256k1-flags-type-mask+ (constant).
+secp256k1-tag-pubkey-even+ (constant).
+secp256k1-tag-pubkey-hybrid-even+ (constant).
+secp256k1-tag-pubkey-hybrid-odd+ (constant).
+secp256k1-tag-pubkey-odd+ (constant).
+secp256k1-tag-pubkey-uncompressed+ (constant).
secp256k1-context-clone (function).
secp256k1-context-create (function).
secp256k1-context-destroy (function).
secp256k1-context-preallocated-clone (function).
secp256k1-context-preallocated-clone-size (function).
secp256k1-context-preallocated-create (function).
secp256k1-context-preallocated-destroy (function).
secp256k1-context-preallocated-size (function).
secp256k1-context-randomize (function).
secp256k1-context-set-error-callback (function).
secp256k1-context-set-illegal-callback (function).
secp256k1-ec-pubkey-cmp (function).
secp256k1-ec-pubkey-combine (function).
secp256k1-ec-pubkey-create (function).
secp256k1-ec-pubkey-negate (function).
secp256k1-ec-pubkey-parse (function).
secp256k1-ec-pubkey-serialize (function).
secp256k1-ec-pubkey-tweak-add (function).
secp256k1-ec-pubkey-tweak-mul (function).
secp256k1-ec-seckey-negate (function).
secp256k1-ec-seckey-tweak-add (function).
secp256k1-ec-seckey-tweak-mul (function).
secp256k1-ec-seckey-verify (function).
secp256k1-ecdh (function).
secp256k1-ecdsa-recover (function).
secp256k1-ecdsa-recoverable-signature-convert (function).
secp256k1-ecdsa-recoverable-signature-parse-compact (function).
secp256k1-ecdsa-recoverable-signature-serialize-compact (function).
secp256k1-ecdsa-sign (function).
secp256k1-ecdsa-sign-recoverable (function).
secp256k1-ecdsa-signature-normalize (function).
secp256k1-ecdsa-signature-parse-compact (function).
secp256k1-ecdsa-signature-parse-der (function).
secp256k1-ecdsa-signature-serialize-compact (function).
secp256k1-ecdsa-signature-serialize-der (function).
secp256k1-ecdsa-verify (function).
secp256k1-keypair-create (function).
secp256k1-keypair-pub (function).
secp256k1-keypair-sec (function).
secp256k1-keypair-xonly-pub (function).
secp256k1-keypair-xonly-tweak-add (function).
secp256k1-schnorrsig-sign (function).
secp256k1-schnorrsig-sign-custom (function).
secp256k1-schnorrsig-verify (function).
secp256k1-scratch-space-create (function).
secp256k1-scratch-space-destroy (function).
secp256k1-tagged-sha256 (function).
secp256k1-xonly-pubkey-cmp (function).
secp256k1-xonly-pubkey-from-pubkey (function).
secp256k1-xonly-pubkey-parse (function).
secp256k1-xonly-pubkey-serialize (function).
secp256k1-xonly-pubkey-tweak-add (function).
secp256k1-xonly-pubkey-tweak-add-check (function).
%var-accessor-*secp256k1-context-no-precomp* (function).
(setf %var-accessor-*secp256k1-context-no-precomp*) (function).
%var-accessor-*secp256k1-ecdh-hash-function-default* (function).
(setf %var-accessor-*secp256k1-ecdh-hash-function-default*) (function).
%var-accessor-*secp256k1-ecdh-hash-function-sha256* (function).
(setf %var-accessor-*secp256k1-ecdh-hash-function-sha256*) (function).
%var-accessor-*secp256k1-nonce-function-bip340* (function).
(setf %var-accessor-*secp256k1-nonce-function-bip340*) (function).
%var-accessor-*secp256k1-nonce-function-default* (function).
(setf %var-accessor-*secp256k1-nonce-function-default*) (function).
%var-accessor-*secp256k1-nonce-function-rfc6979* (function).
(setf %var-accessor-*secp256k1-nonce-function-rfc6979*) (function).
*secp256k1-nonce-function-bip340* (symbol macro).
secp256k1-context-tclass (class).
secp256k1-ecdsa-recoverable-signature-tclass (class).
secp256k1-ecdsa-signature-tclass (class).
secp256k1-keypair-tclass (class).
secp256k1-pubkey-tclass (class).
secp256k1-schnorrsig-extraparams-tclass (class).
secp256k1-scratch-space-tclass (class).
secp256k1-xonly-pubkey-tclass (class).
Definitions are sorted by export status, category, package, and then by lexicographic order.
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context_preallocated_create.
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context_preallocated_create.
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context_preallocated_create.
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context_preallocated_create.
Flag to pass to secp256k1_ec_pubkey_serialize.
Flag to pass to secp256k1_ec_pubkey_serialize.
The higher bits contain the actual data. Do not use directly.
The higher bits contain the actual data. Do not use directly.
The higher bits contain the actual data. Do not use directly.
The higher bits contain the actual data. Do not use directly.
All flags’ lower 8 bits indicate what they’re for. Do not use directly.
All flags’ lower 8 bits indicate what they’re for. Do not use directly.
All flags’ lower 8 bits indicate what they’re for. Do not use directly.
Prefix byte used to tag various encoded curvepoints for specific purposes
Prefix byte used to tag various encoded curvepoints for specific purposes
Prefix byte used to tag various encoded curvepoints for specific purposes
Prefix byte used to tag various encoded curvepoints for specific purposes
Prefix byte used to tag various encoded curvepoints for specific purposes
Creates secret key from 32 byte array, if verify is true key will be checked for validity
Create public key from X and Y components. Components are 32 byte arrays.
Parse Public Key from octet array, raises ‘public-key-parse-error’ if parsing is impossible.
Input should be 32 bytes for compressed representation or 65 for uncompressed one.
see ‘public-key-serialize’ for reverse function.
Uncompressed format is (0x04 ++ x ++ y)
Creates recoverable signature from components :r (32 bytes) :s (32 bytes) :v (0-3)
Parse recoverable signature from portable octet representation and recovery id (0, 1, 2, 3). raises ‘recov-signature-parse-error’ if signature can’t be parsed
Copy a secp256k1 context object (into dynamically allocated memory).
This function uses malloc to allocate memory. It is guaranteed that malloc is
called at most once for every call of this function. If you need to avoid dynamic
memory allocation entirely, see the functions in secp256k1_preallocated.h.
Returns: a newly created context object.
Args: ctx: an existing context to copy
Create a secp256k1 context object (in dynamically allocated memory).
This function uses malloc to allocate memory. It is guaranteed that malloc is
called at most once for every call of this function. If you need to avoid dynamic
memory allocation entirely, see the functions in secp256k1_preallocated.h.
Returns: a newly created context object.
In: flags: which parts of the context to initialize.
See also secp256k1_context_randomize.
Destroy a secp256k1 context object (created in dynamically allocated memory).
The context pointer may not be used afterwards.
The context to destroy must have been created using secp256k1_context_create
or secp256k1_context_clone. If the context has instead been created using
secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the
behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must
be used instead.
Args: ctx: an existing context to destroy, constructed using secp256k1_context_create or secp256k1_context_clone
Copy a secp256k1 context object into caller-provided memory.
The caller must provide a pointer to a rewritable contiguous block of memory
of size at least secp256k1_context_preallocated_size(flags) bytes, suitably
aligned to hold an object of any type.
The block of memory is exclusively owned by the created context object during
the lifetime of this context object, see the description of
secp256k1_context_preallocated_create for details.
Returns: a newly created context object.
Args: ctx: an existing context to copy.
In: prealloc: a pointer to a rewritable contiguous block of memory of
size at least secp256k1_context_preallocated_size(flags)
bytes, as detailed above.
Determine the memory size of a secp256k1 context object to be copied into
caller-provided memory.
Returns: the required size of the caller-provided memory block.
In: ctx: an existing context to copy.
Create a secp256k1 context object in caller-provided memory.
The caller must provide a pointer to a rewritable contiguous block of memory
of size at least secp256k1_context_preallocated_size(flags) bytes, suitably
aligned to hold an object of any type.
The block of memory is exclusively owned by the created context object during
the lifetime of this context object, which begins with the call to this
function and ends when a call to secp256k1_context_preallocated_destroy
(which destroys the context object again) returns. During the lifetime of the
context object, the caller is obligated not to access this block of memory,
i.e., the caller may not read or write the memory, e.g., by copying the memory
contents to a different location or trying to create a second context object
in the memory. In simpler words, the prealloc pointer (or any pointer derived
from it) should not be used during the lifetime of the context object.
Returns: a newly created context object.
In: prealloc: a pointer to a rewritable contiguous block of memory of
size at least secp256k1_context_preallocated_size(flags)
bytes, as detailed above.
flags: which parts of the context to initialize.
See also secp256k1_context_randomize (in secp256k1.h)
and secp256k1_context_preallocated_destroy.
Destroy a secp256k1 context object that has been created in
caller-provided memory.
The context pointer may not be used afterwards.
The context to destroy must have been created using
secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone.
If the context has instead been created using secp256k1_context_create or
secp256k1_context_clone, the behaviour is undefined. In that case,
secp256k1_context_destroy must be used instead.
If required, it is the responsibility of the caller to deallocate the block
of memory properly after this function returns, e.g., by calling free on the
preallocated pointer given to secp256k1_context_preallocated_create or
secp256k1_context_preallocated_clone.
Args: ctx: an existing context to destroy, constructed using secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone.
Determine the memory size of a secp256k1 context object to be created in
caller-provided memory.
The purpose of this function is to determine how much memory must be provided
to secp256k1_context_preallocated_create.
Returns: the required size of the caller-provided memory block
In: flags: which parts of the context to initialize.
Updates the context randomization to protect against side-channel leakage.
Returns: 1: randomization successfully updated or nothing to randomize
0: error
Args: ctx: pointer to a context object.
In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)
While secp256k1 code is written to be constant-time no matter what secret
values are, it’s possible that a future compiler may output code which isn’t,
and also that the CPU may not emit the same radio frequencies or draw the same
amount power for all values.
This function provides a seed which is combined into the blinding value: that
blinding value is added before each multiplication (and removed afterwards) so
that it does not affect function results, but shields against attacks which
rely on any input-dependent behaviour.
This function has currently an effect only on contexts initialized for signing because randomization is currently used only for signing. However, this is not guaranteed and may change in the future. It is safe to call this function on contexts not initialized for signing; then it will have no effect and return 1.
You should call this after secp256k1_context_create or
secp256k1_context_clone (and secp256k1_context_preallocated_create or
secp256k1_context_clone, resp.), and you may call this repeatedly afterwards.
Set a callback function to be called when an internal consistency check
fails. The default is crashing.
This can only trigger in case of a hardware failure, miscompilation,
memory corruption, serious bug in the library, or other error would can
otherwise result in undefined behaviour. It will not trigger due to mere
incorrect usage of the API (see secp256k1_context_set_illegal_callback
for that). After this callback returns, anything may happen, including
crashing.
Args: ctx: an existing context object.
In: fun: a pointer to a function to call when an internal error occurs,
taking a message and an opaque pointer (NULL restores the
default handler, see secp256k1_context_set_illegal_callback
for details).
data: the opaque pointer to pass to fun above, must be NULL for the default handler.
See also secp256k1_context_set_illegal_callback.
Set a callback function to be called when an illegal argument is passed to
an API call. It will only trigger for violations that are mentioned
explicitly in the header.
The philosophy is that these shouldn’t be dealt with through a
specific return value, as calling code should not have branches to deal with
the case that this code itself is broken.
On the other hand, during debug stage, one would want to be informed about
such mistakes, and the default (crashing) may be inadvisable.
When this callback is triggered, the API function called is guaranteed not
to cause a crash, though its return value and output arguments are
undefined.
When this function has not been called (or called with fn==NULL), then the
default handler will be used. The library provides a default handler which
writes the message to stderr and calls abort. This default handler can be
replaced at link time if the preprocessor macro
USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build
has been configured with –enable-external-default-callbacks. Then the
following two symbols must be provided to link against:
- void secp256k1_default_illegal_callback_fn(const char* message, void* data);
- void secp256k1_default_error_callback_fn(const char* message, void* data);
The library can call these default handlers even before a proper callback data
pointer could have been set using secp256k1_context_set_illegal_callback or
secp256k1_context_set_error_callback, e.g., when the creation of a context
fails. In this case, the corresponding default handler will be called with
the data pointer argument set to NULL.
Args: ctx: an existing context object.
In: fun: a pointer to a function to call when an illegal argument is
passed to the API, taking a message and an opaque pointer.
(NULL restores the default handler.)
data: the opaque pointer to pass to fun above, must be NULL for the default handler.
See also secp256k1_context_set_error_callback.
Compare two public keys using lexicographic (of compressed serialization) order
Returns: <0 if the first public key is less than the second
>0 if the first public key is greater than the second
0 if the two public keys are equal
Args: ctx: a secp256k1 context object.
In: pubkey1: first public key to compare
pubkey2: second public key to compare
Add a number of public keys together.
Returns: 1: the sum of the public keys is valid.
0: the sum of the public keys is not valid.
Args: ctx: pointer to a context object.
Out: out: pointer to a public key object for placing the resulting public key.
In: ins: pointer to array of pointers to public keys.
n: the number of public keys to add together (must be at least 1).
Compute the public key for a secret key.
Returns: 1: secret was valid, public key stores.
0: secret was invalid, try again.
Args: ctx: pointer to a context object, initialized for signing.
Out: pubkey: pointer to the created public key.
In: seckey: pointer to a 32-byte secret key.
Negates a public key in place.
Returns: 1 always
Args: ctx: pointer to a context object
In/Out: pubkey: pointer to the public key to be negated.
Parse a variable-length public key into the pubkey object.
Returns: 1 if the public key was fully valid.
0 if the public key could not be parsed or is invalid.
Args: ctx: a secp256k1 context object.
Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
parsed version of input. If not, its value is undefined.
In: input: pointer to a serialized public key
inputlen: length of the array pointed to by input
This function supports parsing compressed (33 bytes, header byte 0x02 or 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header byte 0x06 or 0x07) format public keys.
Serialize a pubkey object into a serialized byte sequence.
Returns: 1 always.
Args: ctx: a secp256k1 context object.
Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if
compressed==1) byte array to place the serialized key
in.
In/Out: outputlen: a pointer to an integer which is initially set to the
size of output, and is overwritten with the written
size.
In: pubkey: a pointer to a secp256k1_pubkey containing an
initialized public key.
flags: SECP256K1_EC_COMPRESSED if serialization should be in
compressed format, otherwise SECP256K1_EC_UNCOMPRESSED.
Tweak a public key by adding tweak times the generator to it.
Returns: 0 if the arguments are invalid or the resulting public key would be
invalid (only when the tweak is the negation of the corresponding
secret key). 1 otherwise.
Args: ctx: pointer to a context object initialized for validation.
In/Out: pubkey: pointer to a public key object. pubkey will be set to an
invalid value if this function returns 0.
In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
secp256k1_ec_seckey_verify, this function returns 0. For
uniformly random 32-byte arrays the chance of being invalid
is negligible (around 1 in 2^128).
Tweak a public key by multiplying it by a tweak value.
Returns: 0 if the arguments are invalid. 1 otherwise.
Args: ctx: pointer to a context object initialized for validation.
In/Out: pubkey: pointer to a public key object. pubkey will be set to an
invalid value if this function returns 0.
In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
secp256k1_ec_seckey_verify, this function returns 0. For
uniformly random 32-byte arrays the chance of being invalid
is negligible (around 1 in 2^128).
Negates a secret key in place.
Returns: 0 if the given secret key is invalid according to
secp256k1_ec_seckey_verify. 1 otherwise
Args: ctx: pointer to a context object
In/Out: seckey: pointer to the 32-byte secret key to be negated. If the
secret key is invalid according to
secp256k1_ec_seckey_verify, this function returns 0 and
seckey will be set to some unspecified value.
Tweak a secret key by adding tweak to it.
Returns: 0 if the arguments are invalid or the resulting secret key would be
invalid (only when the tweak is the negation of the secret key). 1
otherwise.
Args: ctx: pointer to a context object.
In/Out: seckey: pointer to a 32-byte secret key. If the secret key is
invalid according to secp256k1_ec_seckey_verify, this
function returns 0. seckey will be set to some unspecified
value if this function returns 0.
In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
secp256k1_ec_seckey_verify, this function returns 0. For
uniformly random 32-byte arrays the chance of being invalid
is negligible (around 1 in 2^128).
Tweak a secret key by multiplying it by a tweak.
Returns: 0 if the arguments are invalid. 1 otherwise.
Args: ctx: pointer to a context object.
In/Out: seckey: pointer to a 32-byte secret key. If the secret key is
invalid according to secp256k1_ec_seckey_verify, this
function returns 0. seckey will be set to some unspecified
value if this function returns 0.
In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
secp256k1_ec_seckey_verify, this function returns 0. For
uniformly random 32-byte arrays the chance of being invalid
is negligible (around 1 in 2^128).
Verify an ECDSA secret key.
A secret key is valid if it is not 0 and less than the secp256k1 curve order
when interpreted as an integer (most significant byte first). The
probability of choosing a 32-byte string uniformly at random which is an
invalid secret key is negligible.
Returns: 1: secret key is valid
0: secret key is invalid
Args: ctx: pointer to a context object.
In: seckey: pointer to a 32-byte secret key.
Compute an EC Diffie-Hellman secret in constant time
Returns: 1: exponentiation was successful
0: scalar was invalid (zero or overflow) or hashfp returned 0
Args: ctx: pointer to a context object.
Out: output: pointer to an array to be filled by hashfp.
In: pubkey: a pointer to a secp256k1_pubkey containing an initialized public key.
seckey: a 32-byte scalar with which to multiply the point.
hashfp: pointer to a hash function. If NULL,
secp256k1_ecdh_hash_function_sha256 is used
(in which case, 32 bytes will be written to output).
data: arbitrary data pointer that is passed through to hashfp
(can be NULL for secp256k1_ecdh_hash_function_sha256).
Recover an ECDSA public key from a signature.
Returns: 1: public key successfully recovered (which guarantees a correct signature).
0: otherwise.
Args: ctx: pointer to a context object, initialized for verification.
Out: pubkey: pointer to the recovered public key.
In: sig: pointer to initialized signature that supports pubkey recovery.
msghash32: the 32-byte message hash assumed to be signed.
Convert a recoverable signature into a normal signature.
Returns: 1
Args: ctx: a secp256k1 context object.
Out: sig: a pointer to a normal signature.
In: sigin: a pointer to a recoverable signature.
Parse a compact ECDSA signature (64 bytes + recovery id).
Returns: 1 when the signature could be parsed, 0 otherwise
Args: ctx: a secp256k1 context object
Out: sig: a pointer to a signature object
In: input64: a pointer to a 64-byte compact signature
recid: the recovery id (0, 1, 2 or 3)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Returns: 1
Args: ctx: a secp256k1 context object.
Out: output64: a pointer to a 64-byte array of the compact signature.
recid: a pointer to an integer to hold the recovery id.
In: sig: a pointer to an initialized signature object.
Create an ECDSA signature.
Returns: 1: signature created
0: the nonce generation function failed, or the secret key was invalid.
Args: ctx: pointer to a context object, initialized for signing.
Out: sig: pointer to an array where the signature will be placed.
In: msghash32: the 32-byte message hash being signed.
seckey: pointer to a 32-byte secret key.
noncefp: pointer to a nonce generation function. If NULL,
secp256k1_nonce_function_default is used.
ndata: pointer to arbitrary data used by the nonce generation function
(can be NULL). If it is non-NULL and
secp256k1_nonce_function_default is used, then ndata must be a
pointer to 32-bytes of additional data.
The created signature is always in lower-S form. See secp256k1_ecdsa_signature_normalize for more details.
Create a recoverable ECDSA signature.
Returns: 1: signature created
0: the nonce generation function failed, or the secret key was invalid.
Args: ctx: pointer to a context object, initialized for signing.
Out: sig: pointer to an array where the signature will be placed.
In: msghash32: the 32-byte message hash being signed.
seckey: pointer to a 32-byte secret key.
noncefp: pointer to a nonce generation function. If NULL,
secp256k1_nonce_function_default is used.
ndata: pointer to arbitrary data used by the nonce generation function
(can be NULL for secp256k1_nonce_function_default).
Convert a signature to a normalized lower-S form.
Returns: 1 if sigin was not normalized, 0 if it already was.
Args: ctx: a secp256k1 context object
Out: sigout: a pointer to a signature to fill with the normalized form,
or copy if the input was already normalized. (can be NULL if
you’re only interested in whether the input was already
normalized).
In: sigin: a pointer to a signature to check/normalize (can be identical to sigout)
With ECDSA a third-party can forge a second distinct signature of the same
message, given a single initial signature, but without knowing the key. This
is done by negating the S value modulo the order of the curve, ’flipping’
the sign of the random point R which is not included in the signature.
Forgery of the same message isn’t universally problematic, but in systems
where message malleability or uniqueness of signatures is important this can
cause issues. This forgery can be blocked by all verifiers forcing signers
to use a normalized form.
The lower-S form reduces the size of signatures slightly on average when
variable length encodings (such as DER) are used and is cheap to verify,
making it a good choice. Security of always using lower-S is assured because
anyone can trivially modify a signature after the fact to enforce this
property anyway.
The lower S value is always between 0x1 and
0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,
inclusive.
No other forms of ECDSA malleability are known and none seem likely, but
there is no formal proof that ECDSA, even with this additional restriction,
is free of other malleability. Commonly used serialization schemes will also
accept various non-unique encodings, so care should be taken when this
property is required for an application.
The secp256k1_ecdsa_sign function will by default create signatures in the
lower-S form, and secp256k1_ecdsa_verify will not accept others. In case
signatures come from a system that cannot enforce this property,
secp256k1_ecdsa_signature_normalize must be called before verification.
Parse an ECDSA signature in compact (64 bytes) format.
Returns: 1 when the signature could be parsed, 0 otherwise.
Args: ctx: a secp256k1 context object
Out: sig: a pointer to a signature object
In: input64: a pointer to the 64-byte array to parse
The signature must consist of a 32-byte big endian R value, followed by a
32-byte big endian S value. If R or S fall outside of [0..order-1], the
encoding is invalid. R and S with value 0 are allowed in the encoding.
After the call, sig will always be initialized. If parsing failed or R or S are zero, the resulting sig value is guaranteed to fail validation for any message and public key.
Parse a DER ECDSA signature.
Returns: 1 when the signature could be parsed, 0 otherwise.
Args: ctx: a secp256k1 context object
Out: sig: a pointer to a signature object
In: input: a pointer to the signature to be parsed
inputlen: the length of the array pointed to be input
This function will accept any valid DER encoded signature, even if the
encoded numbers are out of range.
After the call, sig will always be initialized. If parsing failed or the encoded numbers are out of range, signature validation with it is guaranteed to fail for every message and public key.
Serialize an ECDSA signature in compact (64 byte) format.
Returns: 1
Args: ctx: a secp256k1 context object
Out: output64: a pointer to a 64-byte array to store the compact serialization
In: sig: a pointer to an initialized signature object
See secp256k1_ecdsa_signature_parse_compact for details about the encoding.
Serialize an ECDSA signature in DER format.
Returns: 1 if enough space was available to serialize, 0 otherwise
Args: ctx: a secp256k1 context object
Out: output: a pointer to an array to store the DER serialization
In/Out: outputlen: a pointer to a length integer. Initially, this integer
should be set to the length of output. After the call
it will be set to the length of the serialization (even
if 0 was returned).
In: sig: a pointer to an initialized signature object
Verify an ECDSA signature.
Returns: 1: correct signature
0: incorrect or unparseable signature
Args: ctx: a secp256k1 context object, initialized for verification.
In: sig: the signature being verified.
msghash32: the 32-byte message hash being verified.
The verifier must make sure to apply a cryptographic
hash function to the message by itself and not accept an
msghash32 value directly. Otherwise, it would be easy to
create a "valid" signature without knowledge of the
secret key. See also
https://bitcoin.stackexchange.com/a/81116/35586 for more
background on this topic.
pubkey: pointer to an initialized public key to verify with.
To avoid accepting malleable signatures, only ECDSA signatures in lower-S
form are accepted.
If you need to accept ECDSA signatures from sources that do not obey this
rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to
validation, but be aware that doing so results in malleable signatures.
For details, see the comments for that function.
Compute the keypair for a secret key.
Returns: 1: secret was valid, keypair is ready to use
0: secret was invalid, try again with a different secret
Args: ctx: pointer to a context object, initialized for signing.
Out: keypair: pointer to the created keypair.
In: seckey: pointer to a 32-byte secret key.
Get the public key from a keypair.
Returns: 0 if the arguments are invalid. 1 otherwise.
Args: ctx: pointer to a context object.
Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to
the keypair public key. If not, it’s set to an invalid value.
In: keypair: pointer to a keypair.
Get the secret key from a keypair.
Returns: 0 if the arguments are invalid. 1 otherwise.
Args: ctx: pointer to a context object.
Out: seckey: pointer to a 32-byte buffer for the secret key.
In: keypair: pointer to a keypair.
Get the x-only public key from a keypair.
This is the same as calling secp256k1_keypair_pub and then
secp256k1_xonly_pubkey_from_pubkey.
Returns: 0 if the arguments are invalid. 1 otherwise.
Args: ctx: pointer to a context object.
Out: pubkey: pointer to an xonly_pubkey object. If 1 is returned, it is set
to the keypair public key after converting it to an
xonly_pubkey. If not, it’s set to an invalid value.
pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the
pk_parity argument of secp256k1_xonly_pubkey_from_pubkey.
In: keypair: pointer to a keypair.
Tweak a keypair by adding tweak32 to the secret key and updating the public
key accordingly.
Calling this function and then secp256k1_keypair_pub results in the same
public key as calling secp256k1_keypair_xonly_pub and then
secp256k1_xonly_pubkey_tweak_add.
Returns: 0 if the arguments are invalid or the resulting keypair would be
invalid (only when the tweak is the negation of the keypair’s
secret key). 1 otherwise.
Args: ctx: pointer to a context object initialized for verification.
In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to
an invalid value if this function returns 0.
In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according
to secp256k1_ec_seckey_verify, this function returns 0. For
uniformly random 32-byte arrays the chance of being invalid
is negligible (around 1 in 2^128).
Create a Schnorr signature.
Does _not_ strictly follow BIP-340 because it does not verify the resulting
signature. Instead, you can manually use secp256k1_schnorrsig_verify and
abort if it fails.
This function only signs 32-byte messages. If you have messages of a
different size (or the same size but without a context-specific tag
prefix), it is recommended to create a 32-byte message hash with
secp256k1_tagged_sha256 and then sign the hash. Tagged hashing allows
providing an context-specific tag for domain separation. This prevents
signatures from being valid in multiple contexts by accident.
Returns 1 on success, 0 on failure.
Args: ctx: pointer to a context object, initialized for signing.
Out: sig64: pointer to a 64-byte array to store the serialized signature.
In: msg32: the 32-byte message being signed.
keypair: pointer to an initialized keypair.
aux_rand32: 32 bytes of fresh randomness. While recommended to provide
this, it is only supplemental to security and can be NULL. A
NULL argument is treated the same as an all-zero one. See
BIP-340 "Default Signing" for a full explanation of this
argument and for guidance if randomness is expensive.
Create a Schnorr signature with a more flexible API.
Same arguments as secp256k1_schnorrsig_sign except that it allows signing
variable length messages and accepts a pointer to an extraparams object that
allows customizing signing by passing additional arguments.
Creates the same signatures as schnorrsig_sign if msglen is 32 and the
extraparams.ndata is the same as aux_rand32.
In: msg: the message being signed. Can only be NULL if msglen is 0.
msglen: length of the message
extraparams: pointer to a extraparams object (can be NULL)
Verify a Schnorr signature.
Returns: 1: correct signature
0: incorrect signature
Args: ctx: a secp256k1 context object, initialized for verification.
In: sig64: pointer to the 64-byte signature to verify.
msg: the message being verified. Can only be NULL if msglen is 0.
msglen: length of the message
pubkey: pointer to an x-only public key to verify with (cannot be NULL)
Create a secp256k1 scratch space object.
Returns: a newly created scratch space.
Args: ctx: an existing context object.
In: size: amount of memory to be available as scratch space. Some extra
(<100 bytes) will be allocated for extra accounting.
Destroy a secp256k1 scratch space.
The pointer may not be used afterwards. Args: ctx: a secp256k1 context object. scratch: space to destroy
Compute a tagged hash as defined in BIP-340.
This is useful for creating a message hash and achieving domain separation
through an application-specific tag. This function returns
SHA256(SHA256(tag)||SHA256(tag)||msg). Therefore, tagged hash
implementations optimized for a specific tag can precompute the SHA256 state
after hashing the tag hashes.
Returns 0 if the arguments are invalid and 1 otherwise.
Args: ctx: pointer to a context object
Out: hash32: pointer to a 32-byte array to store the resulting hash
In: tag: pointer to an array containing the tag
taglen: length of the tag array
msg: pointer to an array containing the message
msglen: length of the message array
Compare two x-only public keys using lexicographic order
Returns: <0 if the first public key is less than the second
>0 if the first public key is greater than the second
0 if the two public keys are equal
Args: ctx: a secp256k1 context object.
In: pubkey1: first public key to compare
pubkey2: second public key to compare
Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
Returns: 1 if the public key was successfully converted
0 otherwise
Args: ctx: pointer to a context object.
Out: xonly_pubkey: pointer to an x-only public key object for placing the converted public key.
pk_parity: Ignored if NULL. Otherwise, pointer to an integer that
will be set to 1 if the point encoded by xonly_pubkey is
the negation of the pubkey and set to 0 otherwise.
In: pubkey: pointer to a public key that is converted.
Parse a 32-byte sequence into a xonly_pubkey object.
Returns: 1 if the public key was fully valid.
0 if the public key could not be parsed or is invalid.
Args: ctx: a secp256k1 context object.
Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
parsed version of input. If not, it’s set to an invalid value.
In: input32: pointer to a serialized xonly_pubkey.
Serialize an xonly_pubkey object into a 32-byte sequence.
Returns: 1 always.
Args: ctx: a secp256k1 context object.
Out: output32: a pointer to a 32-byte array to place the serialized key in.
In: pubkey: a pointer to a secp256k1_xonly_pubkey containing an initialized public key.
Tweak an x-only public key by adding the generator multiplied with tweak32
to it.
Note that the resulting point can not in general be represented by an x-only
pubkey because it may have an odd Y coordinate. Instead, the output_pubkey
is a normal secp256k1_pubkey.
Returns: 0 if the arguments are invalid or the resulting public key would be
invalid (only when the tweak is the negation of the corresponding
secret key). 1 otherwise.
Args: ctx: pointer to a context object initialized for verification.
Out: output_pubkey: pointer to a public key to store the result. Will be set
to an invalid value if this function returns 0.
In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to.
tweak32: pointer to a 32-byte tweak. If the tweak is invalid
according to secp256k1_ec_seckey_verify, this function
returns 0. For uniformly random 32-byte arrays the
chance of being invalid is negligible (around 1 in 2^128).
Checks that a tweaked pubkey is the result of calling
secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32.
The tweaked pubkey is represented by its 32-byte x-only serialization and
its pk_parity, which can both be obtained by converting the result of
tweak_add to a secp256k1_xonly_pubkey.
Note that this alone does _not_ verify that the tweaked pubkey is a
commitment. If the tweak is not chosen in a specific way, the tweaked pubkey
can easily be the result of a different internal_pubkey and tweak.
Returns: 0 if the arguments are invalid or the tweaked pubkey is not the
result of tweaking the internal_pubkey with tweak32. 1 otherwise.
Args: ctx: pointer to a context object initialized for verification.
In: tweaked_pubkey32: pointer to a serialized xonly_pubkey.
tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization
is passed in as tweaked_pubkey32). This must match the
pk_parity value that is returned when calling
secp256k1_xonly_pubkey with the tweaked pubkey, or
this function will fail.
internal_pubkey: pointer to an x-only public key object to apply the tweak to.
tweak32: pointer to a 32-byte tweak.
Creates signature from components :r (32 bytes) :s (32 bytes)
Parse signature from portable octet representation, raises ‘signature-parse-error’ if signature cannot be parsed.
Possible formats are :compact (64 bytes - r ++ s),
:der (up to 71 bytes, see DER format for details)
public-key) (public-key-2 public-key)) ¶Compares public key, returns one of the following: :eq (1 = 2), :lt (1 < 2), :gt (1 > 2)
secret-key)) ¶Creates public key from corresponding secret key
public-key)) ¶Returns plist wish :x and :y components of public key. Components are 32 byte arrays.
public-key) (public-key-2 public-key)) ¶Checks if two Public Keyr are equal
public-key) &key compressed) ¶Serialize Public Key to octet array. If compressed is true output is 32 bytes otherwise its 65
see ‘public-key-parse’ for reverse function
Uncompressed format is (0x04 ++ x ++ y).
recov-signature)) ¶Returns plist with :r (32 bytes) :s (32 bytes) :v (0-3)
recov-signature)) ¶Returns r s v as multiple values
recov-signature) message-hash32) ¶Returns public key used for signature of the given message hash or nil if public key can’t be recovered or signature is incorrect. Message should be hashed separatly and 32-byte octet array os hash is passed to this function.
recov-signature)) ¶Serialize recoverable signature to portable octet representation. Returns 64 byte array and integer recovery id (0, 1, 2, 3)
secret-key)) ¶Creates recoverable signature from message hash using secret key, raises ‘recov-signature-failure-error’ if message can’t be signed (e.g. invalid secret key). Message should be hashed separatly and 32-byte octet array os hash is passed to this function.
secret-key)) ¶Checks if secret key is valid
signature)) ¶Returns signature normalize to cannonical lower-S form original signature is not modified.
Signatures created by this library are always normalized. Signatures that are not normalized would not be verified.
Second value indicates if signature was already normalized.
secret-key)) ¶Signs message hash using secret key, raises ‘signature-failure-error’ if message can’t be signed (e.g. invalid secret key). Message should be hashed separatly and 32-byte octet array os hash is passed to this function.
signature) message-hash32 (public-key public-key)) ¶Verifies message signature of given message hash and public key.
Message should be hashed separatly and 32-byte octet array os hash is passed to this function.
error.
error.
error.
error.
error.
error.
common-lisp.
:format
internal representation as cffi-shareable 64 byte array
Use ‘public-key-serialize’ and ‘public-key-parse’ to work with portable byte representation
(vector (unsigned-byte 8))
:data
internal representation as cffi-shareable 65 byte array
Use ‘recov-signature-serialize’ and ‘recov-signature-parse’ to work with portable byte representation
(vector (unsigned-byte 8))
:data
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
foreign-struct-type.
translatable-foreign-type.
cffi-shareable 32 byte array can be used as a portable representation
(vector (unsigned-byte 8))
:data
internal representation as cffi-shareable 64 byte array
Use ‘signature-serialize’ and ‘signature-parse’ to work with portable byte representation
(vector (unsigned-byte 8))
:data
| Jump to: | %
(
E F G M P R S W |
|---|
| Jump to: | %
(
E F G M P R S W |
|---|
| Jump to: | *
+
C D F S |
|---|
| Jump to: | *
+
C D F S |
|---|
| Jump to: | C F I M P R S U |
|---|
| Jump to: | C F I M P R S U |
|---|