Branch data Line data Source code
# 1 : : #ifndef SECP256K1_H
# 2 : : #define SECP256K1_H
# 3 : :
# 4 : : #ifdef __cplusplus
# 5 : : extern "C" {
# 6 : : #endif
# 7 : :
# 8 : : #include <stddef.h>
# 9 : :
# 10 : : /* Unless explicitly stated all pointer arguments must not be NULL.
# 11 : : *
# 12 : : * The following rules specify the order of arguments in API calls:
# 13 : : *
# 14 : : * 1. Context pointers go first, followed by output arguments, combined
# 15 : : * output/input arguments, and finally input-only arguments.
# 16 : : * 2. Array lengths always immediately follow the argument whose length
# 17 : : * they describe, even if this violates rule 1.
# 18 : : * 3. Within the OUT/OUTIN/IN groups, pointers to data that is typically generated
# 19 : : * later go first. This means: signatures, public nonces, secret nonces,
# 20 : : * messages, public keys, secret keys, tweaks.
# 21 : : * 4. Arguments that are not data pointers go last, from more complex to less
# 22 : : * complex: function pointers, algorithm names, messages, void pointers,
# 23 : : * counts, flags, booleans.
# 24 : : * 5. Opaque data pointers follow the function pointer they are to be passed to.
# 25 : : */
# 26 : :
# 27 : : /** Opaque data structure that holds context information (precomputed tables etc.).
# 28 : : *
# 29 : : * The purpose of context structures is to cache large precomputed data tables
# 30 : : * that are expensive to construct, and also to maintain the randomization data
# 31 : : * for blinding.
# 32 : : *
# 33 : : * Do not create a new context object for each operation, as construction is
# 34 : : * far slower than all other API calls (~100 times slower than an ECDSA
# 35 : : * verification).
# 36 : : *
# 37 : : * A constructed context can safely be used from multiple threads
# 38 : : * simultaneously, but API calls that take a non-const pointer to a context
# 39 : : * need exclusive access to it. In particular this is the case for
# 40 : : * secp256k1_context_destroy, secp256k1_context_preallocated_destroy,
# 41 : : * and secp256k1_context_randomize.
# 42 : : *
# 43 : : * Regarding randomization, either do it once at creation time (in which case
# 44 : : * you do not need any locking for the other calls), or use a read-write lock.
# 45 : : */
# 46 : : typedef struct secp256k1_context_struct secp256k1_context;
# 47 : :
# 48 : : /** Opaque data structure that holds rewriteable "scratch space"
# 49 : : *
# 50 : : * The purpose of this structure is to replace dynamic memory allocations,
# 51 : : * because we target architectures where this may not be available. It is
# 52 : : * essentially a resizable (within specified parameters) block of bytes,
# 53 : : * which is initially created either by memory allocation or TODO as a pointer
# 54 : : * into some fixed rewritable space.
# 55 : : *
# 56 : : * Unlike the context object, this cannot safely be shared between threads
# 57 : : * without additional synchronization logic.
# 58 : : */
# 59 : : typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space;
# 60 : :
# 61 : : /** Opaque data structure that holds a parsed and valid public key.
# 62 : : *
# 63 : : * The exact representation of data inside is implementation defined and not
# 64 : : * guaranteed to be portable between different platforms or versions. It is
# 65 : : * however guaranteed to be 64 bytes in size, and can be safely copied/moved.
# 66 : : * If you need to convert to a format suitable for storage or transmission,
# 67 : : * use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. To
# 68 : : * compare keys, use secp256k1_ec_pubkey_cmp.
# 69 : : */
# 70 : : typedef struct {
# 71 : : unsigned char data[64];
# 72 : : } secp256k1_pubkey;
# 73 : :
# 74 : : /** Opaque data structured that holds a parsed ECDSA signature.
# 75 : : *
# 76 : : * The exact representation of data inside is implementation defined and not
# 77 : : * guaranteed to be portable between different platforms or versions. It is
# 78 : : * however guaranteed to be 64 bytes in size, and can be safely copied/moved.
# 79 : : * If you need to convert to a format suitable for storage, transmission, or
# 80 : : * comparison, use the secp256k1_ecdsa_signature_serialize_* and
# 81 : : * secp256k1_ecdsa_signature_parse_* functions.
# 82 : : */
# 83 : : typedef struct {
# 84 : : unsigned char data[64];
# 85 : : } secp256k1_ecdsa_signature;
# 86 : :
# 87 : : /** A pointer to a function to deterministically generate a nonce.
# 88 : : *
# 89 : : * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail.
# 90 : : * Out: nonce32: pointer to a 32-byte array to be filled by the function.
# 91 : : * In: msg32: the 32-byte message hash being verified (will not be NULL)
# 92 : : * key32: pointer to a 32-byte secret key (will not be NULL)
# 93 : : * algo16: pointer to a 16-byte array describing the signature
# 94 : : * algorithm (will be NULL for ECDSA for compatibility).
# 95 : : * data: Arbitrary data pointer that is passed through.
# 96 : : * attempt: how many iterations we have tried to find a nonce.
# 97 : : * This will almost always be 0, but different attempt values
# 98 : : * are required to result in a different nonce.
# 99 : : *
# 100 : : * Except for test cases, this function should compute some cryptographic hash of
# 101 : : * the message, the algorithm, the key and the attempt.
# 102 : : */
# 103 : : typedef int (*secp256k1_nonce_function)(
# 104 : : unsigned char *nonce32,
# 105 : : const unsigned char *msg32,
# 106 : : const unsigned char *key32,
# 107 : : const unsigned char *algo16,
# 108 : : void *data,
# 109 : : unsigned int attempt
# 110 : : );
# 111 : :
# 112 : : # if !defined(SECP256K1_GNUC_PREREQ)
# 113 : : # if defined(__GNUC__)&&defined(__GNUC_MINOR__)
# 114 : : # define SECP256K1_GNUC_PREREQ(_maj,_min) \
# 115 : : ((__GNUC__<<16)+__GNUC_MINOR__>=((_maj)<<16)+(_min))
# 116 : : # else
# 117 : : # define SECP256K1_GNUC_PREREQ(_maj,_min) 0
# 118 : : # endif
# 119 : : # endif
# 120 : :
# 121 : : # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
# 122 : : # if SECP256K1_GNUC_PREREQ(2,7)
# 123 : : # define SECP256K1_INLINE __inline__
# 124 : : # elif (defined(_MSC_VER))
# 125 : : # define SECP256K1_INLINE __inline
# 126 : : # else
# 127 : : # define SECP256K1_INLINE
# 128 : : # endif
# 129 : : # else
# 130 : : # define SECP256K1_INLINE inline
# 131 : : # endif
# 132 : :
# 133 : : /** When this header is used at build-time the SECP256K1_BUILD define needs to be set
# 134 : : * to correctly setup export attributes and nullness checks. This is normally done
# 135 : : * by secp256k1.c but to guard against this header being included before secp256k1.c
# 136 : : * has had a chance to set the define (e.g. via test harnesses that just includes
# 137 : : * secp256k1.c) we set SECP256K1_NO_BUILD when this header is processed without the
# 138 : : * BUILD define so this condition can be caught.
# 139 : : */
# 140 : : #ifndef SECP256K1_BUILD
# 141 : : # define SECP256K1_NO_BUILD
# 142 : : #endif
# 143 : :
# 144 : : #ifndef SECP256K1_API
# 145 : : # if defined(_WIN32)
# 146 : : # ifdef SECP256K1_BUILD
# 147 : : # define SECP256K1_API __declspec(dllexport)
# 148 : : # else
# 149 : : # define SECP256K1_API
# 150 : : # endif
# 151 : : # elif defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
# 152 : : # define SECP256K1_API __attribute__ ((visibility ("default")))
# 153 : : # else
# 154 : : # define SECP256K1_API
# 155 : : # endif
# 156 : : #endif
# 157 : :
# 158 : : /**Warning attributes
# 159 : : * NONNULL is not used if SECP256K1_BUILD is set to avoid the compiler optimizing out
# 160 : : * some paranoid null checks. */
# 161 : : # if defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
# 162 : : # define SECP256K1_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__))
# 163 : : # else
# 164 : : # define SECP256K1_WARN_UNUSED_RESULT
# 165 : : # endif
# 166 : : # if !defined(SECP256K1_BUILD) && defined(__GNUC__) && SECP256K1_GNUC_PREREQ(3, 4)
# 167 : : # define SECP256K1_ARG_NONNULL(_x) __attribute__ ((__nonnull__(_x)))
# 168 : : # else
# 169 : : # define SECP256K1_ARG_NONNULL(_x)
# 170 : : # endif
# 171 : :
# 172 : : /** Attribute for marking functions, types, and variables as deprecated */
# 173 : : #if !defined(SECP256K1_BUILD) && defined(__has_attribute)
# 174 : : # if __has_attribute(__deprecated__)
# 175 : : # define SECP256K1_DEPRECATED(_msg) __attribute__ ((__deprecated__(_msg)))
# 176 : : # else
# 177 : : # define SECP256K1_DEPRECATED(_msg)
# 178 : : # endif
# 179 : : #else
# 180 : : # define SECP256K1_DEPRECATED(_msg)
# 181 : : #endif
# 182 : :
# 183 : : /** All flags' lower 8 bits indicate what they're for. Do not use directly. */
# 184 : : #define SECP256K1_FLAGS_TYPE_MASK ((1 << 8) - 1)
# 185 : 2543 : #define SECP256K1_FLAGS_TYPE_CONTEXT (1 << 0)
# 186 : 1889117 : #define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
# 187 : : /** The higher bits contain the actual data. Do not use directly. */
# 188 : 856 : #define SECP256K1_FLAGS_BIT_CONTEXT_VERIFY (1 << 8)
# 189 : 1687 : #define SECP256K1_FLAGS_BIT_CONTEXT_SIGN (1 << 9)
# 190 : : #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10)
# 191 : 1887855 : #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
# 192 : :
# 193 : : /** Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and
# 194 : : * secp256k1_context_preallocated_create. */
# 195 : 856 : #define SECP256K1_CONTEXT_VERIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
# 196 : 1687 : #define SECP256K1_CONTEXT_SIGN (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
# 197 : : #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY)
# 198 : : #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT)
# 199 : :
# 200 : : /** Flag to pass to secp256k1_ec_pubkey_serialize. */
# 201 : 1887855 : #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
# 202 : 1294320 : #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
# 203 : :
# 204 : : /** Prefix byte used to tag various encoded curvepoints for specific purposes */
# 205 : : #define SECP256K1_TAG_PUBKEY_EVEN 0x02
# 206 : : #define SECP256K1_TAG_PUBKEY_ODD 0x03
# 207 : : #define SECP256K1_TAG_PUBKEY_UNCOMPRESSED 0x04
# 208 : : #define SECP256K1_TAG_PUBKEY_HYBRID_EVEN 0x06
# 209 : : #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07
# 210 : :
# 211 : : /** A simple secp256k1 context object with no precomputed tables. These are useful for
# 212 : : * type serialization/parsing functions which require a context object to maintain
# 213 : : * API consistency, but currently do not require expensive precomputations or dynamic
# 214 : : * allocations.
# 215 : : */
# 216 : : SECP256K1_API extern const secp256k1_context *secp256k1_context_no_precomp;
# 217 : :
# 218 : : /** Create a secp256k1 context object (in dynamically allocated memory).
# 219 : : *
# 220 : : * This function uses malloc to allocate memory. It is guaranteed that malloc is
# 221 : : * called at most once for every call of this function. If you need to avoid dynamic
# 222 : : * memory allocation entirely, see the functions in secp256k1_preallocated.h.
# 223 : : *
# 224 : : * Returns: a newly created context object.
# 225 : : * In: flags: which parts of the context to initialize.
# 226 : : *
# 227 : : * See also secp256k1_context_randomize.
# 228 : : */
# 229 : : SECP256K1_API secp256k1_context* secp256k1_context_create(
# 230 : : unsigned int flags
# 231 : : ) SECP256K1_WARN_UNUSED_RESULT;
# 232 : :
# 233 : : /** Copy a secp256k1 context object (into dynamically allocated memory).
# 234 : : *
# 235 : : * This function uses malloc to allocate memory. It is guaranteed that malloc is
# 236 : : * called at most once for every call of this function. If you need to avoid dynamic
# 237 : : * memory allocation entirely, see the functions in secp256k1_preallocated.h.
# 238 : : *
# 239 : : * Returns: a newly created context object.
# 240 : : * Args: ctx: an existing context to copy
# 241 : : */
# 242 : : SECP256K1_API secp256k1_context* secp256k1_context_clone(
# 243 : : const secp256k1_context* ctx
# 244 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT;
# 245 : :
# 246 : : /** Destroy a secp256k1 context object (created in dynamically allocated memory).
# 247 : : *
# 248 : : * The context pointer may not be used afterwards.
# 249 : : *
# 250 : : * The context to destroy must have been created using secp256k1_context_create
# 251 : : * or secp256k1_context_clone. If the context has instead been created using
# 252 : : * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the
# 253 : : * behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must
# 254 : : * be used instead.
# 255 : : *
# 256 : : * Args: ctx: an existing context to destroy, constructed using
# 257 : : * secp256k1_context_create or secp256k1_context_clone
# 258 : : */
# 259 : : SECP256K1_API void secp256k1_context_destroy(
# 260 : : secp256k1_context* ctx
# 261 : : ) SECP256K1_ARG_NONNULL(1);
# 262 : :
# 263 : : /** Set a callback function to be called when an illegal argument is passed to
# 264 : : * an API call. It will only trigger for violations that are mentioned
# 265 : : * explicitly in the header.
# 266 : : *
# 267 : : * The philosophy is that these shouldn't be dealt with through a
# 268 : : * specific return value, as calling code should not have branches to deal with
# 269 : : * the case that this code itself is broken.
# 270 : : *
# 271 : : * On the other hand, during debug stage, one would want to be informed about
# 272 : : * such mistakes, and the default (crashing) may be inadvisable.
# 273 : : * When this callback is triggered, the API function called is guaranteed not
# 274 : : * to cause a crash, though its return value and output arguments are
# 275 : : * undefined.
# 276 : : *
# 277 : : * When this function has not been called (or called with fn==NULL), then the
# 278 : : * default handler will be used. The library provides a default handler which
# 279 : : * writes the message to stderr and calls abort. This default handler can be
# 280 : : * replaced at link time if the preprocessor macro
# 281 : : * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build
# 282 : : * has been configured with --enable-external-default-callbacks. Then the
# 283 : : * following two symbols must be provided to link against:
# 284 : : * - void secp256k1_default_illegal_callback_fn(const char* message, void* data);
# 285 : : * - void secp256k1_default_error_callback_fn(const char* message, void* data);
# 286 : : * The library can call these default handlers even before a proper callback data
# 287 : : * pointer could have been set using secp256k1_context_set_illegal_callback or
# 288 : : * secp256k1_context_set_error_callback, e.g., when the creation of a context
# 289 : : * fails. In this case, the corresponding default handler will be called with
# 290 : : * the data pointer argument set to NULL.
# 291 : : *
# 292 : : * Args: ctx: an existing context object.
# 293 : : * In: fun: a pointer to a function to call when an illegal argument is
# 294 : : * passed to the API, taking a message and an opaque pointer.
# 295 : : * (NULL restores the default handler.)
# 296 : : * data: the opaque pointer to pass to fun above, must be NULL for the default handler.
# 297 : : *
# 298 : : * See also secp256k1_context_set_error_callback.
# 299 : : */
# 300 : : SECP256K1_API void secp256k1_context_set_illegal_callback(
# 301 : : secp256k1_context* ctx,
# 302 : : void (*fun)(const char* message, void* data),
# 303 : : const void* data
# 304 : : ) SECP256K1_ARG_NONNULL(1);
# 305 : :
# 306 : : /** Set a callback function to be called when an internal consistency check
# 307 : : * fails. The default is crashing.
# 308 : : *
# 309 : : * This can only trigger in case of a hardware failure, miscompilation,
# 310 : : * memory corruption, serious bug in the library, or other error would can
# 311 : : * otherwise result in undefined behaviour. It will not trigger due to mere
# 312 : : * incorrect usage of the API (see secp256k1_context_set_illegal_callback
# 313 : : * for that). After this callback returns, anything may happen, including
# 314 : : * crashing.
# 315 : : *
# 316 : : * Args: ctx: an existing context object.
# 317 : : * In: fun: a pointer to a function to call when an internal error occurs,
# 318 : : * taking a message and an opaque pointer (NULL restores the
# 319 : : * default handler, see secp256k1_context_set_illegal_callback
# 320 : : * for details).
# 321 : : * data: the opaque pointer to pass to fun above, must be NULL for the default handler.
# 322 : : *
# 323 : : * See also secp256k1_context_set_illegal_callback.
# 324 : : */
# 325 : : SECP256K1_API void secp256k1_context_set_error_callback(
# 326 : : secp256k1_context* ctx,
# 327 : : void (*fun)(const char* message, void* data),
# 328 : : const void* data
# 329 : : ) SECP256K1_ARG_NONNULL(1);
# 330 : :
# 331 : : /** Create a secp256k1 scratch space object.
# 332 : : *
# 333 : : * Returns: a newly created scratch space.
# 334 : : * Args: ctx: an existing context object.
# 335 : : * In: size: amount of memory to be available as scratch space. Some extra
# 336 : : * (<100 bytes) will be allocated for extra accounting.
# 337 : : */
# 338 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space* secp256k1_scratch_space_create(
# 339 : : const secp256k1_context* ctx,
# 340 : : size_t size
# 341 : : ) SECP256K1_ARG_NONNULL(1);
# 342 : :
# 343 : : /** Destroy a secp256k1 scratch space.
# 344 : : *
# 345 : : * The pointer may not be used afterwards.
# 346 : : * Args: ctx: a secp256k1 context object.
# 347 : : * scratch: space to destroy
# 348 : : */
# 349 : : SECP256K1_API void secp256k1_scratch_space_destroy(
# 350 : : const secp256k1_context* ctx,
# 351 : : secp256k1_scratch_space* scratch
# 352 : : ) SECP256K1_ARG_NONNULL(1);
# 353 : :
# 354 : : /** Parse a variable-length public key into the pubkey object.
# 355 : : *
# 356 : : * Returns: 1 if the public key was fully valid.
# 357 : : * 0 if the public key could not be parsed or is invalid.
# 358 : : * Args: ctx: a secp256k1 context object.
# 359 : : * Out: pubkey: pointer to a pubkey object. If 1 is returned, it is set to a
# 360 : : * parsed version of input. If not, its value is undefined.
# 361 : : * In: input: pointer to a serialized public key
# 362 : : * inputlen: length of the array pointed to by input
# 363 : : *
# 364 : : * This function supports parsing compressed (33 bytes, header byte 0x02 or
# 365 : : * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header
# 366 : : * byte 0x06 or 0x07) format public keys.
# 367 : : */
# 368 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(
# 369 : : const secp256k1_context* ctx,
# 370 : : secp256k1_pubkey* pubkey,
# 371 : : const unsigned char *input,
# 372 : : size_t inputlen
# 373 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 374 : :
# 375 : : /** Serialize a pubkey object into a serialized byte sequence.
# 376 : : *
# 377 : : * Returns: 1 always.
# 378 : : * Args: ctx: a secp256k1 context object.
# 379 : : * Out: output: a pointer to a 65-byte (if compressed==0) or 33-byte (if
# 380 : : * compressed==1) byte array to place the serialized key
# 381 : : * in.
# 382 : : * In/Out: outputlen: a pointer to an integer which is initially set to the
# 383 : : * size of output, and is overwritten with the written
# 384 : : * size.
# 385 : : * In: pubkey: a pointer to a secp256k1_pubkey containing an
# 386 : : * initialized public key.
# 387 : : * flags: SECP256K1_EC_COMPRESSED if serialization should be in
# 388 : : * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED.
# 389 : : */
# 390 : : SECP256K1_API int secp256k1_ec_pubkey_serialize(
# 391 : : const secp256k1_context* ctx,
# 392 : : unsigned char *output,
# 393 : : size_t *outputlen,
# 394 : : const secp256k1_pubkey* pubkey,
# 395 : : unsigned int flags
# 396 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
# 397 : :
# 398 : : /** Compare two public keys using lexicographic (of compressed serialization) order
# 399 : : *
# 400 : : * Returns: <0 if the first public key is less than the second
# 401 : : * >0 if the first public key is greater than the second
# 402 : : * 0 if the two public keys are equal
# 403 : : * Args: ctx: a secp256k1 context object.
# 404 : : * In: pubkey1: first public key to compare
# 405 : : * pubkey2: second public key to compare
# 406 : : */
# 407 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(
# 408 : : const secp256k1_context* ctx,
# 409 : : const secp256k1_pubkey* pubkey1,
# 410 : : const secp256k1_pubkey* pubkey2
# 411 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 412 : :
# 413 : : /** Parse an ECDSA signature in compact (64 bytes) format.
# 414 : : *
# 415 : : * Returns: 1 when the signature could be parsed, 0 otherwise.
# 416 : : * Args: ctx: a secp256k1 context object
# 417 : : * Out: sig: a pointer to a signature object
# 418 : : * In: input64: a pointer to the 64-byte array to parse
# 419 : : *
# 420 : : * The signature must consist of a 32-byte big endian R value, followed by a
# 421 : : * 32-byte big endian S value. If R or S fall outside of [0..order-1], the
# 422 : : * encoding is invalid. R and S with value 0 are allowed in the encoding.
# 423 : : *
# 424 : : * After the call, sig will always be initialized. If parsing failed or R or
# 425 : : * S are zero, the resulting sig value is guaranteed to fail validation for any
# 426 : : * message and public key.
# 427 : : */
# 428 : : SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(
# 429 : : const secp256k1_context* ctx,
# 430 : : secp256k1_ecdsa_signature* sig,
# 431 : : const unsigned char *input64
# 432 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 433 : :
# 434 : : /** Parse a DER ECDSA signature.
# 435 : : *
# 436 : : * Returns: 1 when the signature could be parsed, 0 otherwise.
# 437 : : * Args: ctx: a secp256k1 context object
# 438 : : * Out: sig: a pointer to a signature object
# 439 : : * In: input: a pointer to the signature to be parsed
# 440 : : * inputlen: the length of the array pointed to be input
# 441 : : *
# 442 : : * This function will accept any valid DER encoded signature, even if the
# 443 : : * encoded numbers are out of range.
# 444 : : *
# 445 : : * After the call, sig will always be initialized. If parsing failed or the
# 446 : : * encoded numbers are out of range, signature validation with it is
# 447 : : * guaranteed to fail for every message and public key.
# 448 : : */
# 449 : : SECP256K1_API int secp256k1_ecdsa_signature_parse_der(
# 450 : : const secp256k1_context* ctx,
# 451 : : secp256k1_ecdsa_signature* sig,
# 452 : : const unsigned char *input,
# 453 : : size_t inputlen
# 454 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 455 : :
# 456 : : /** Serialize an ECDSA signature in DER format.
# 457 : : *
# 458 : : * Returns: 1 if enough space was available to serialize, 0 otherwise
# 459 : : * Args: ctx: a secp256k1 context object
# 460 : : * Out: output: a pointer to an array to store the DER serialization
# 461 : : * In/Out: outputlen: a pointer to a length integer. Initially, this integer
# 462 : : * should be set to the length of output. After the call
# 463 : : * it will be set to the length of the serialization (even
# 464 : : * if 0 was returned).
# 465 : : * In: sig: a pointer to an initialized signature object
# 466 : : */
# 467 : : SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(
# 468 : : const secp256k1_context* ctx,
# 469 : : unsigned char *output,
# 470 : : size_t *outputlen,
# 471 : : const secp256k1_ecdsa_signature* sig
# 472 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
# 473 : :
# 474 : : /** Serialize an ECDSA signature in compact (64 byte) format.
# 475 : : *
# 476 : : * Returns: 1
# 477 : : * Args: ctx: a secp256k1 context object
# 478 : : * Out: output64: a pointer to a 64-byte array to store the compact serialization
# 479 : : * In: sig: a pointer to an initialized signature object
# 480 : : *
# 481 : : * See secp256k1_ecdsa_signature_parse_compact for details about the encoding.
# 482 : : */
# 483 : : SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(
# 484 : : const secp256k1_context* ctx,
# 485 : : unsigned char *output64,
# 486 : : const secp256k1_ecdsa_signature* sig
# 487 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 488 : :
# 489 : : /** Verify an ECDSA signature.
# 490 : : *
# 491 : : * Returns: 1: correct signature
# 492 : : * 0: incorrect or unparseable signature
# 493 : : * Args: ctx: a secp256k1 context object, initialized for verification.
# 494 : : * In: sig: the signature being verified.
# 495 : : * msghash32: the 32-byte message hash being verified.
# 496 : : * The verifier must make sure to apply a cryptographic
# 497 : : * hash function to the message by itself and not accept an
# 498 : : * msghash32 value directly. Otherwise, it would be easy to
# 499 : : * create a "valid" signature without knowledge of the
# 500 : : * secret key. See also
# 501 : : * https://bitcoin.stackexchange.com/a/81116/35586 for more
# 502 : : * background on this topic.
# 503 : : * pubkey: pointer to an initialized public key to verify with.
# 504 : : *
# 505 : : * To avoid accepting malleable signatures, only ECDSA signatures in lower-S
# 506 : : * form are accepted.
# 507 : : *
# 508 : : * If you need to accept ECDSA signatures from sources that do not obey this
# 509 : : * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to
# 510 : : * validation, but be aware that doing so results in malleable signatures.
# 511 : : *
# 512 : : * For details, see the comments for that function.
# 513 : : */
# 514 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(
# 515 : : const secp256k1_context* ctx,
# 516 : : const secp256k1_ecdsa_signature *sig,
# 517 : : const unsigned char *msghash32,
# 518 : : const secp256k1_pubkey *pubkey
# 519 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
# 520 : :
# 521 : : /** Convert a signature to a normalized lower-S form.
# 522 : : *
# 523 : : * Returns: 1 if sigin was not normalized, 0 if it already was.
# 524 : : * Args: ctx: a secp256k1 context object
# 525 : : * Out: sigout: a pointer to a signature to fill with the normalized form,
# 526 : : * or copy if the input was already normalized. (can be NULL if
# 527 : : * you're only interested in whether the input was already
# 528 : : * normalized).
# 529 : : * In: sigin: a pointer to a signature to check/normalize (can be identical to sigout)
# 530 : : *
# 531 : : * With ECDSA a third-party can forge a second distinct signature of the same
# 532 : : * message, given a single initial signature, but without knowing the key. This
# 533 : : * is done by negating the S value modulo the order of the curve, 'flipping'
# 534 : : * the sign of the random point R which is not included in the signature.
# 535 : : *
# 536 : : * Forgery of the same message isn't universally problematic, but in systems
# 537 : : * where message malleability or uniqueness of signatures is important this can
# 538 : : * cause issues. This forgery can be blocked by all verifiers forcing signers
# 539 : : * to use a normalized form.
# 540 : : *
# 541 : : * The lower-S form reduces the size of signatures slightly on average when
# 542 : : * variable length encodings (such as DER) are used and is cheap to verify,
# 543 : : * making it a good choice. Security of always using lower-S is assured because
# 544 : : * anyone can trivially modify a signature after the fact to enforce this
# 545 : : * property anyway.
# 546 : : *
# 547 : : * The lower S value is always between 0x1 and
# 548 : : * 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,
# 549 : : * inclusive.
# 550 : : *
# 551 : : * No other forms of ECDSA malleability are known and none seem likely, but
# 552 : : * there is no formal proof that ECDSA, even with this additional restriction,
# 553 : : * is free of other malleability. Commonly used serialization schemes will also
# 554 : : * accept various non-unique encodings, so care should be taken when this
# 555 : : * property is required for an application.
# 556 : : *
# 557 : : * The secp256k1_ecdsa_sign function will by default create signatures in the
# 558 : : * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case
# 559 : : * signatures come from a system that cannot enforce this property,
# 560 : : * secp256k1_ecdsa_signature_normalize must be called before verification.
# 561 : : */
# 562 : : SECP256K1_API int secp256k1_ecdsa_signature_normalize(
# 563 : : const secp256k1_context* ctx,
# 564 : : secp256k1_ecdsa_signature *sigout,
# 565 : : const secp256k1_ecdsa_signature *sigin
# 566 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3);
# 567 : :
# 568 : : /** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
# 569 : : * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of
# 570 : : * extra entropy.
# 571 : : */
# 572 : : SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_rfc6979;
# 573 : :
# 574 : : /** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */
# 575 : : SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_default;
# 576 : :
# 577 : : /** Create an ECDSA signature.
# 578 : : *
# 579 : : * Returns: 1: signature created
# 580 : : * 0: the nonce generation function failed, or the secret key was invalid.
# 581 : : * Args: ctx: pointer to a context object, initialized for signing.
# 582 : : * Out: sig: pointer to an array where the signature will be placed.
# 583 : : * In: msghash32: the 32-byte message hash being signed.
# 584 : : * seckey: pointer to a 32-byte secret key.
# 585 : : * noncefp: pointer to a nonce generation function. If NULL,
# 586 : : * secp256k1_nonce_function_default is used.
# 587 : : * ndata: pointer to arbitrary data used by the nonce generation function
# 588 : : * (can be NULL). If it is non-NULL and
# 589 : : * secp256k1_nonce_function_default is used, then ndata must be a
# 590 : : * pointer to 32-bytes of additional data.
# 591 : : *
# 592 : : * The created signature is always in lower-S form. See
# 593 : : * secp256k1_ecdsa_signature_normalize for more details.
# 594 : : */
# 595 : : SECP256K1_API int secp256k1_ecdsa_sign(
# 596 : : const secp256k1_context* ctx,
# 597 : : secp256k1_ecdsa_signature *sig,
# 598 : : const unsigned char *msghash32,
# 599 : : const unsigned char *seckey,
# 600 : : secp256k1_nonce_function noncefp,
# 601 : : const void *ndata
# 602 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
# 603 : :
# 604 : : /** Verify an ECDSA secret key.
# 605 : : *
# 606 : : * A secret key is valid if it is not 0 and less than the secp256k1 curve order
# 607 : : * when interpreted as an integer (most significant byte first). The
# 608 : : * probability of choosing a 32-byte string uniformly at random which is an
# 609 : : * invalid secret key is negligible.
# 610 : : *
# 611 : : * Returns: 1: secret key is valid
# 612 : : * 0: secret key is invalid
# 613 : : * Args: ctx: pointer to a context object.
# 614 : : * In: seckey: pointer to a 32-byte secret key.
# 615 : : */
# 616 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(
# 617 : : const secp256k1_context* ctx,
# 618 : : const unsigned char *seckey
# 619 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
# 620 : :
# 621 : : /** Compute the public key for a secret key.
# 622 : : *
# 623 : : * Returns: 1: secret was valid, public key stores.
# 624 : : * 0: secret was invalid, try again.
# 625 : : * Args: ctx: pointer to a context object, initialized for signing.
# 626 : : * Out: pubkey: pointer to the created public key.
# 627 : : * In: seckey: pointer to a 32-byte secret key.
# 628 : : */
# 629 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(
# 630 : : const secp256k1_context* ctx,
# 631 : : secp256k1_pubkey *pubkey,
# 632 : : const unsigned char *seckey
# 633 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 634 : :
# 635 : : /** Negates a secret key in place.
# 636 : : *
# 637 : : * Returns: 0 if the given secret key is invalid according to
# 638 : : * secp256k1_ec_seckey_verify. 1 otherwise
# 639 : : * Args: ctx: pointer to a context object
# 640 : : * In/Out: seckey: pointer to the 32-byte secret key to be negated. If the
# 641 : : * secret key is invalid according to
# 642 : : * secp256k1_ec_seckey_verify, this function returns 0 and
# 643 : : * seckey will be set to some unspecified value.
# 644 : : */
# 645 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(
# 646 : : const secp256k1_context* ctx,
# 647 : : unsigned char *seckey
# 648 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
# 649 : :
# 650 : : /** Same as secp256k1_ec_seckey_negate, but DEPRECATED. Will be removed in
# 651 : : * future versions. */
# 652 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(
# 653 : : const secp256k1_context* ctx,
# 654 : : unsigned char *seckey
# 655 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
# 656 : : SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_negate instead");
# 657 : :
# 658 : : /** Negates a public key in place.
# 659 : : *
# 660 : : * Returns: 1 always
# 661 : : * Args: ctx: pointer to a context object
# 662 : : * In/Out: pubkey: pointer to the public key to be negated.
# 663 : : */
# 664 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(
# 665 : : const secp256k1_context* ctx,
# 666 : : secp256k1_pubkey *pubkey
# 667 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2);
# 668 : :
# 669 : : /** Tweak a secret key by adding tweak to it.
# 670 : : *
# 671 : : * Returns: 0 if the arguments are invalid or the resulting secret key would be
# 672 : : * invalid (only when the tweak is the negation of the secret key). 1
# 673 : : * otherwise.
# 674 : : * Args: ctx: pointer to a context object.
# 675 : : * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is
# 676 : : * invalid according to secp256k1_ec_seckey_verify, this
# 677 : : * function returns 0. seckey will be set to some unspecified
# 678 : : * value if this function returns 0.
# 679 : : * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
# 680 : : * secp256k1_ec_seckey_verify, this function returns 0. For
# 681 : : * uniformly random 32-byte arrays the chance of being invalid
# 682 : : * is negligible (around 1 in 2^128).
# 683 : : */
# 684 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(
# 685 : : const secp256k1_context* ctx,
# 686 : : unsigned char *seckey,
# 687 : : const unsigned char *tweak32
# 688 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 689 : :
# 690 : : /** Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED. Will be removed in
# 691 : : * future versions. */
# 692 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(
# 693 : : const secp256k1_context* ctx,
# 694 : : unsigned char *seckey,
# 695 : : const unsigned char *tweak32
# 696 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
# 697 : : SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_add instead");
# 698 : :
# 699 : : /** Tweak a public key by adding tweak times the generator to it.
# 700 : : *
# 701 : : * Returns: 0 if the arguments are invalid or the resulting public key would be
# 702 : : * invalid (only when the tweak is the negation of the corresponding
# 703 : : * secret key). 1 otherwise.
# 704 : : * Args: ctx: pointer to a context object initialized for validation.
# 705 : : * In/Out: pubkey: pointer to a public key object. pubkey will be set to an
# 706 : : * invalid value if this function returns 0.
# 707 : : * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
# 708 : : * secp256k1_ec_seckey_verify, this function returns 0. For
# 709 : : * uniformly random 32-byte arrays the chance of being invalid
# 710 : : * is negligible (around 1 in 2^128).
# 711 : : */
# 712 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(
# 713 : : const secp256k1_context* ctx,
# 714 : : secp256k1_pubkey *pubkey,
# 715 : : const unsigned char *tweak32
# 716 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 717 : :
# 718 : : /** Tweak a secret key by multiplying it by a tweak.
# 719 : : *
# 720 : : * Returns: 0 if the arguments are invalid. 1 otherwise.
# 721 : : * Args: ctx: pointer to a context object.
# 722 : : * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is
# 723 : : * invalid according to secp256k1_ec_seckey_verify, this
# 724 : : * function returns 0. seckey will be set to some unspecified
# 725 : : * value if this function returns 0.
# 726 : : * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
# 727 : : * secp256k1_ec_seckey_verify, this function returns 0. For
# 728 : : * uniformly random 32-byte arrays the chance of being invalid
# 729 : : * is negligible (around 1 in 2^128).
# 730 : : */
# 731 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(
# 732 : : const secp256k1_context* ctx,
# 733 : : unsigned char *seckey,
# 734 : : const unsigned char *tweak32
# 735 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 736 : :
# 737 : : /** Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in
# 738 : : * future versions. */
# 739 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(
# 740 : : const secp256k1_context* ctx,
# 741 : : unsigned char *seckey,
# 742 : : const unsigned char *tweak32
# 743 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
# 744 : : SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_mul instead");
# 745 : :
# 746 : : /** Tweak a public key by multiplying it by a tweak value.
# 747 : : *
# 748 : : * Returns: 0 if the arguments are invalid. 1 otherwise.
# 749 : : * Args: ctx: pointer to a context object initialized for validation.
# 750 : : * In/Out: pubkey: pointer to a public key object. pubkey will be set to an
# 751 : : * invalid value if this function returns 0.
# 752 : : * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to
# 753 : : * secp256k1_ec_seckey_verify, this function returns 0. For
# 754 : : * uniformly random 32-byte arrays the chance of being invalid
# 755 : : * is negligible (around 1 in 2^128).
# 756 : : */
# 757 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(
# 758 : : const secp256k1_context* ctx,
# 759 : : secp256k1_pubkey *pubkey,
# 760 : : const unsigned char *tweak32
# 761 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 762 : :
# 763 : : /** Updates the context randomization to protect against side-channel leakage.
# 764 : : * Returns: 1: randomization successfully updated or nothing to randomize
# 765 : : * 0: error
# 766 : : * Args: ctx: pointer to a context object.
# 767 : : * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)
# 768 : : *
# 769 : : * While secp256k1 code is written to be constant-time no matter what secret
# 770 : : * values are, it's possible that a future compiler may output code which isn't,
# 771 : : * and also that the CPU may not emit the same radio frequencies or draw the same
# 772 : : * amount power for all values.
# 773 : : *
# 774 : : * This function provides a seed which is combined into the blinding value: that
# 775 : : * blinding value is added before each multiplication (and removed afterwards) so
# 776 : : * that it does not affect function results, but shields against attacks which
# 777 : : * rely on any input-dependent behaviour.
# 778 : : *
# 779 : : * This function has currently an effect only on contexts initialized for signing
# 780 : : * because randomization is currently used only for signing. However, this is not
# 781 : : * guaranteed and may change in the future. It is safe to call this function on
# 782 : : * contexts not initialized for signing; then it will have no effect and return 1.
# 783 : : *
# 784 : : * You should call this after secp256k1_context_create or
# 785 : : * secp256k1_context_clone (and secp256k1_context_preallocated_create or
# 786 : : * secp256k1_context_clone, resp.), and you may call this repeatedly afterwards.
# 787 : : */
# 788 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(
# 789 : : secp256k1_context* ctx,
# 790 : : const unsigned char *seed32
# 791 : : ) SECP256K1_ARG_NONNULL(1);
# 792 : :
# 793 : : /** Add a number of public keys together.
# 794 : : *
# 795 : : * Returns: 1: the sum of the public keys is valid.
# 796 : : * 0: the sum of the public keys is not valid.
# 797 : : * Args: ctx: pointer to a context object.
# 798 : : * Out: out: pointer to a public key object for placing the resulting public key.
# 799 : : * In: ins: pointer to array of pointers to public keys.
# 800 : : * n: the number of public keys to add together (must be at least 1).
# 801 : : */
# 802 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(
# 803 : : const secp256k1_context* ctx,
# 804 : : secp256k1_pubkey *out,
# 805 : : const secp256k1_pubkey * const * ins,
# 806 : : size_t n
# 807 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
# 808 : :
# 809 : : /** Compute a tagged hash as defined in BIP-340.
# 810 : : *
# 811 : : * This is useful for creating a message hash and achieving domain separation
# 812 : : * through an application-specific tag. This function returns
# 813 : : * SHA256(SHA256(tag)||SHA256(tag)||msg). Therefore, tagged hash
# 814 : : * implementations optimized for a specific tag can precompute the SHA256 state
# 815 : : * after hashing the tag hashes.
# 816 : : *
# 817 : : * Returns: 1 always.
# 818 : : * Args: ctx: pointer to a context object
# 819 : : * Out: hash32: pointer to a 32-byte array to store the resulting hash
# 820 : : * In: tag: pointer to an array containing the tag
# 821 : : * taglen: length of the tag array
# 822 : : * msg: pointer to an array containing the message
# 823 : : * msglen: length of the message array
# 824 : : */
# 825 : : SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_tagged_sha256(
# 826 : : const secp256k1_context* ctx,
# 827 : : unsigned char *hash32,
# 828 : : const unsigned char *tag,
# 829 : : size_t taglen,
# 830 : : const unsigned char *msg,
# 831 : : size_t msglen
# 832 : : ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5);
# 833 : :
# 834 : : #ifdef __cplusplus
# 835 : : }
# 836 : : #endif
# 837 : :
# 838 : : #endif /* SECP256K1_H */
|