Remove the internal secp256k1_ecdsa_sig_t type

Author: sipa

src/ecdsa.h

@@ -11,14 +11,10 @@
 #include "group.h"
 #include "ecmult.h"
 
-typedef struct {
-    secp256k1_scalar_t r, s;
-} secp256k1_ecdsa_sig_t;
-
-static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size);
-static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a);
-static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message);
-static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
-static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid);
+static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *r, secp256k1_scalar_t *s, const unsigned char *sig, int size);
+static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_scalar_t *r, const secp256k1_scalar_t *s);
+static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message);
+static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t* r, secp256k1_scalar_t* s, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid);
+static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid);
 
 #endif

src/ecdsa_impl.h

@@ -46,7 +46,7 @@ static const secp256k1_fe_t secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_C
     0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL
 );
 
-static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) {
+static int secp256k1_ecdsa_sig_parse(secp256k1_scalar_t *rr, secp256k1_scalar_t *rs, const unsigned char *sig, int size) {
     unsigned char ra[32] = {0}, sa[32] = {0};
     const unsigned char *rp;
     const unsigned char *sp;
@@ -98,23 +98,23 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch
     memcpy(ra + 32 - lenr, rp, lenr);
     memcpy(sa + 32 - lens, sp, lens);
     overflow = 0;
-    secp256k1_scalar_set_b32(&r->r, ra, &overflow);
+    secp256k1_scalar_set_b32(rr, ra, &overflow);
     if (overflow) {
         return 0;
     }
-    secp256k1_scalar_set_b32(&r->s, sa, &overflow);
+    secp256k1_scalar_set_b32(rs, sa, &overflow);
     if (overflow) {
         return 0;
     }
     return 1;
 }
 
-static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a) {
+static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_scalar_t* ar, const secp256k1_scalar_t* as) {
     unsigned char r[33] = {0}, s[33] = {0};
     unsigned char *rp = r, *sp = s;
     int lenR = 33, lenS = 33;
-    secp256k1_scalar_get_b32(&r[1], &a->r);
-    secp256k1_scalar_get_b32(&s[1], &a->s);
+    secp256k1_scalar_get_b32(&r[1], ar);
+    secp256k1_scalar_get_b32(&s[1], as);
     while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; }
     while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; }
     if (*size < 6+lenS+lenR) {
@@ -133,26 +133,26 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
     return 1;
 }
 
-static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) {
+static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t *sigs, const secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message) {
     unsigned char c[32];
     secp256k1_scalar_t sn, u1, u2;
     secp256k1_fe_t xr;
     secp256k1_gej_t pubkeyj;
     secp256k1_gej_t pr;
 
-    if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
+    if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {
         return 0;
     }
 
-    secp256k1_scalar_inverse_var(&sn, &sig->s);
+    secp256k1_scalar_inverse_var(&sn, sigs);
     secp256k1_scalar_mul(&u1, &sn, message);
-    secp256k1_scalar_mul(&u2, &sn, &sig->r);
+    secp256k1_scalar_mul(&u2, &sn, sigr);
     secp256k1_gej_set_ge(&pubkeyj, pubkey);
     secp256k1_ecmult(ctx, &pr, &pubkeyj, &u2, &u1);
     if (secp256k1_gej_is_infinity(&pr)) {
         return 0;
     }
-    secp256k1_scalar_get_b32(c, &sig->r);
+    secp256k1_scalar_get_b32(c, sigr);
     secp256k1_fe_set_b32(&xr, c);
 
     /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n)
@@ -187,19 +187,19 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context_t *ctx, con
     return 0;
 }
 
-static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_ecdsa_sig_t *sig, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) {
+static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, const secp256k1_scalar_t *sigr, const secp256k1_scalar_t* sigs, secp256k1_ge_t *pubkey, const secp256k1_scalar_t *message, int recid) {
     unsigned char brx[32];
     secp256k1_fe_t fx;
     secp256k1_ge_t x;
     secp256k1_gej_t xj;
     secp256k1_scalar_t rn, u1, u2;
     secp256k1_gej_t qj;
 
-    if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
+    if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) {
         return 0;
     }
 
-    secp256k1_scalar_get_b32(brx, &sig->r);
+    secp256k1_scalar_get_b32(brx, sigr);
     VERIFY_CHECK(secp256k1_fe_set_b32(&fx, brx)); /* brx comes from a scalar, so is less than the order; certainly less than p */
     if (recid & 2) {
         if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) {
@@ -211,16 +211,16 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecmult_context_t *ctx, co
         return 0;
     }
     secp256k1_gej_set_ge(&xj, &x);
-    secp256k1_scalar_inverse_var(&rn, &sig->r);
+    secp256k1_scalar_inverse_var(&rn, sigr);
     secp256k1_scalar_mul(&u1, &rn, message);
     secp256k1_scalar_negate(&u1, &u1);
-    secp256k1_scalar_mul(&u2, &rn, &sig->s);
+    secp256k1_scalar_mul(&u2, &rn, sigs);
     secp256k1_ecmult(ctx, &qj, &xj, &u2, &u1);
     secp256k1_ge_set_gej_var(pubkey, &qj);
     return !secp256k1_gej_is_infinity(&qj);
 }
 
-static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_ecdsa_sig_t *sig, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
+static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, secp256k1_scalar_t *sigr, secp256k1_scalar_t *sigs, const secp256k1_scalar_t *seckey, const secp256k1_scalar_t *message, const secp256k1_scalar_t *nonce, int *recid) {
     unsigned char b[32];
     secp256k1_gej_t rp;
     secp256k1_ge_t r;
@@ -232,8 +232,8 @@ static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, s
     secp256k1_fe_normalize(&r.x);
     secp256k1_fe_normalize(&r.y);
     secp256k1_fe_get_b32(b, &r.x);
-    secp256k1_scalar_set_b32(&sig->r, b, &overflow);
-    if (secp256k1_scalar_is_zero(&sig->r)) {
+    secp256k1_scalar_set_b32(sigr, b, &overflow);
+    if (secp256k1_scalar_is_zero(sigr)) {
         /* P.x = order is on the curve, so technically sig->r could end up zero, which would be an invalid signature. */
         secp256k1_gej_clear(&rp);
         secp256k1_ge_clear(&r);
@@ -242,18 +242,18 @@ static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context_t *ctx, s
     if (recid) {
         *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
     }
-    secp256k1_scalar_mul(&n, &sig->r, seckey);
+    secp256k1_scalar_mul(&n, sigr, seckey);
     secp256k1_scalar_add(&n, &n, message);
-    secp256k1_scalar_inverse(&sig->s, nonce);
-    secp256k1_scalar_mul(&sig->s, &sig->s, &n);
+    secp256k1_scalar_inverse(sigs, nonce);
+    secp256k1_scalar_mul(sigs, sigs, &n);
     secp256k1_scalar_clear(&n);
     secp256k1_gej_clear(&rp);
     secp256k1_ge_clear(&r);
-    if (secp256k1_scalar_is_zero(&sig->s)) {
+    if (secp256k1_scalar_is_zero(sigs)) {
         return 0;
     }
-    if (secp256k1_scalar_is_high(&sig->s)) {
-        secp256k1_scalar_negate(&sig->s, &sig->s);
+    if (secp256k1_scalar_is_high(sigs)) {
+        secp256k1_scalar_negate(sigs, sigs);
         if (recid) {
             *recid ^= 1;
         }

src/secp256k1.c

@@ -108,42 +108,42 @@ int secp256k1_ec_pubkey_serialize(const secp256k1_context_t* ctx, unsigned char
     return secp256k1_eckey_pubkey_serialize(&Q, output, outputlen, compressed);
 }
 
-static void secp256k1_ecdsa_signature_load(secp256k1_ecdsa_sig_t* s, int* recid, const secp256k1_ecdsa_signature_t* sig) {
+static void secp256k1_ecdsa_signature_load(secp256k1_scalar_t* r, secp256k1_scalar_t* s, int* recid, const secp256k1_ecdsa_signature_t* sig) {
     if (sizeof(secp256k1_scalar_t) == 32) {
         /* When the secp256k1_scalar_t type is exactly 32 byte, use its
          * representation inside secp256k1_ecdsa_signature_t, as conversion is very fast.
          * Note that secp256k1_ecdsa_signature_save must use the same representation. */
-        memcpy(&s->r, &sig->data[0], 32);
-        memcpy(&s->s, &sig->data[32], 32);
+        memcpy(r, &sig->data[0], 32);
+        memcpy(s, &sig->data[32], 32);
     } else {
-        secp256k1_scalar_set_b32(&s->r, &sig->data[0], NULL);
-        secp256k1_scalar_set_b32(&s->s, &sig->data[32], NULL);
+        secp256k1_scalar_set_b32(r, &sig->data[0], NULL);
+        secp256k1_scalar_set_b32(s, &sig->data[32], NULL);
     }
     if (recid) {
         *recid = sig->data[64];
     }
 }
 
-static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature_t* sig, const secp256k1_ecdsa_sig_t* s, int recid) {
+static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature_t* sig, const secp256k1_scalar_t* r, const secp256k1_scalar_t* s, int recid) {
     if (sizeof(secp256k1_scalar_t) == 32) {
-        memcpy(&sig->data[0], &s->r, 32);
-        memcpy(&sig->data[32], &s->s, 32);
+        memcpy(&sig->data[0], r, 32);
+        memcpy(&sig->data[32], s, 32);
     } else {
-        secp256k1_scalar_get_b32(&sig->data[0], &s->r);
-        secp256k1_scalar_get_b32(&sig->data[32], &s->s);
+        secp256k1_scalar_get_b32(&sig->data[0], r);
+        secp256k1_scalar_get_b32(&sig->data[32], s);
     }
     sig->data[64] = recid;
 }
 
 int secp256k1_ecdsa_signature_parse_der(const secp256k1_context_t* ctx, secp256k1_ecdsa_signature_t* sig, const unsigned char *input, int inputlen) {
-    secp256k1_ecdsa_sig_t s;
+    secp256k1_scalar_t r, s;
 
     (void)ctx;
     DEBUG_CHECK(sig != NULL);
     DEBUG_CHECK(input != NULL);
 
-    if (secp256k1_ecdsa_sig_parse(&s, input, inputlen)) {
-        secp256k1_ecdsa_signature_save(sig, &s, -1);
+    if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) {
+        secp256k1_ecdsa_signature_save(sig, &r, &s, -1);
         return 1;
     } else {
         memset(sig, 0, sizeof(*sig));
@@ -152,50 +152,50 @@ int secp256k1_ecdsa_signature_parse_der(const secp256k1_context_t* ctx, secp256k
 }
 
 int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context_t* ctx, secp256k1_ecdsa_signature_t* sig, const unsigned char *input64, int recid) {
-    secp256k1_ecdsa_sig_t s;
+    secp256k1_scalar_t r, s;
     int ret = 1;
     int overflow = 0;
 
     (void)ctx;
     DEBUG_CHECK(sig != NULL);
     DEBUG_CHECK(input64 != NULL);
 
-    secp256k1_scalar_set_b32(&s.r, &input64[0], &overflow);
+    secp256k1_scalar_set_b32(&r, &input64[0], &overflow);
     ret &= !overflow;
-    secp256k1_scalar_set_b32(&s.s, &input64[32], &overflow);
+    secp256k1_scalar_set_b32(&s, &input64[32], &overflow);
     ret &= !overflow;
     ret &= (recid == -1 || (recid >= 0 && recid < 4));
     if (ret) {
-        secp256k1_ecdsa_signature_save(sig, &s, recid);
+        secp256k1_ecdsa_signature_save(sig, &r, &s, recid);
     } else {
         memset(sig, 0, sizeof(*sig));
     }
     return ret;
 }
 
 int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context_t* ctx, unsigned char *output, int *outputlen, const secp256k1_ecdsa_signature_t* sig) {
-    secp256k1_ecdsa_sig_t s;
+    secp256k1_scalar_t r, s;
 
     (void)ctx;
     DEBUG_CHECK(output != NULL);
     DEBUG_CHECK(outputlen != NULL);
     DEBUG_CHECK(sig != NULL);
 
-    secp256k1_ecdsa_signature_load(&s, NULL, sig);
-    return secp256k1_ecdsa_sig_serialize(output, outputlen, &s);
+    secp256k1_ecdsa_signature_load(&r, &s, NULL, sig);
+    return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s);
 }
 
 int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context_t* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_signature_t* sig) {
-    secp256k1_ecdsa_sig_t s;
+    secp256k1_scalar_t r, s;
     int rec;
 
     (void)ctx;
     DEBUG_CHECK(output64 != NULL);
     DEBUG_CHECK(sig != NULL);
 
-    secp256k1_ecdsa_signature_load(&s, &rec, sig);
-    secp256k1_scalar_get_b32(&output64[0], &s.r);
-    secp256k1_scalar_get_b32(&output64[32], &s.s);
+    secp256k1_ecdsa_signature_load(&r, &s, &rec, sig);
+    secp256k1_scalar_get_b32(&output64[0], &r);
+    secp256k1_scalar_get_b32(&output64[32], &s);
     if (recid) {
         DEBUG_CHECK(rec >= 0 && rec < 4);
         *recid = rec;
@@ -205,7 +205,7 @@ int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context_t* ctx,
 
 int secp256k1_ecdsa_verify(const secp256k1_context_t* ctx, const unsigned char *msg32, const secp256k1_ecdsa_signature_t *sig, const secp256k1_pubkey_t *pubkey) {
     secp256k1_ge_t q;
-    secp256k1_ecdsa_sig_t s;
+    secp256k1_scalar_t r, s;
     secp256k1_scalar_t m;
     DEBUG_CHECK(ctx != NULL);
     DEBUG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
@@ -215,8 +215,8 @@ int secp256k1_ecdsa_verify(const secp256k1_context_t* ctx, const unsigned char *
 
     secp256k1_scalar_set_b32(&m, msg32, NULL);
     secp256k1_pubkey_load(&q, pubkey);
-    secp256k1_ecdsa_signature_load(&s, NULL, sig);
-    return secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &s, &q, &m);
+    secp256k1_ecdsa_signature_load(&r, &s, NULL, sig);
+    return secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &r, &s, &q, &m);
 }
 
 static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int counter, const void *data) {
@@ -245,7 +245,7 @@ const secp256k1_nonce_function_t secp256k1_nonce_function_rfc6979 = nonce_functi
 const secp256k1_nonce_function_t secp256k1_nonce_function_default = nonce_function_rfc6979;
 
 int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *msg32, secp256k1_ecdsa_signature_t *signature, const unsigned char *seckey, secp256k1_nonce_function_t noncefp, const void* noncedata) {
-    secp256k1_ecdsa_sig_t sig;
+    secp256k1_scalar_t r, s;
     secp256k1_scalar_t sec, non, msg;
     int recid;
     int ret = 0;
@@ -273,7 +273,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms
             secp256k1_scalar_set_b32(&non, nonce32, &overflow);
             memset(nonce32, 0, 32);
             if (!secp256k1_scalar_is_zero(&non) && !overflow) {
-                if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &sig, &sec, &msg, &non, &recid)) {
+                if (secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &r, &s, &sec, &msg, &non, &recid)) {
                     break;
                 }
             }
@@ -284,7 +284,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms
         secp256k1_scalar_clear(&sec);
     }
     if (ret) {
-        secp256k1_ecdsa_signature_save(signature, &sig, recid);
+        secp256k1_ecdsa_signature_save(signature, &r, &s, recid);
     } else {
         memset(signature, 0, sizeof(*signature));
     }
@@ -293,7 +293,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context_t* ctx, const unsigned char *ms
 
 int secp256k1_ecdsa_recover(const secp256k1_context_t* ctx, const unsigned char *msg32, const secp256k1_ecdsa_signature_t *signature, secp256k1_pubkey_t *pubkey) {
     secp256k1_ge_t q;
-    secp256k1_ecdsa_sig_t sig;
+    secp256k1_scalar_t r, s;
     secp256k1_scalar_t m;
     int recid;
     DEBUG_CHECK(ctx != NULL);
@@ -302,10 +302,10 @@ int secp256k1_ecdsa_recover(const secp256k1_context_t* ctx, const unsigned char
     DEBUG_CHECK(signature != NULL);
     DEBUG_CHECK(pubkey != NULL);
 
-    secp256k1_ecdsa_signature_load(&sig, &recid, signature);
+    secp256k1_ecdsa_signature_load(&r, &s, &recid, signature);
     DEBUG_CHECK(recid >= 0 && recid < 4);
     secp256k1_scalar_set_b32(&m, msg32, NULL);
-    if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &sig, &q, &m, recid)) {
+    if (secp256k1_ecdsa_sig_recover(&ctx->ecmult_ctx, &r, &s, &q, &m, recid)) {
         secp256k1_pubkey_save(pubkey, &q);
         return 1;
     } else {