Add secp256k1_context argument to secp256k1_nonce_functions

Author: jonasnick

include/secp256k1.h

@@ -83,6 +83,7 @@ typedef struct {
 /** A pointer to a function to deterministically generate a nonce.
  *
  * Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail.
+ * Args:    ctx:       an existing context object
  * Out:     nonce32:   pointer to a 32-byte array to be filled by the function.
  * In:      msg32:     the 32-byte message hash being verified (will not be NULL)
  *          key32:     pointer to a 32-byte secret key (will not be NULL)
@@ -97,6 +98,7 @@ typedef struct {
  * the message, the algorithm, the key and the attempt.
  */
 typedef int (*secp256k1_nonce_function)(
+    const secp256k1_context *ctx,
     unsigned char *nonce32,
     const unsigned char *msg32,
     const unsigned char *key32,

src/modules/schnorrsig/main_impl.h

@@ -61,7 +61,7 @@ int secp256k1_schnorrsig_sign(const secp256k1_context* ctx, secp256k1_schnorrsig
     secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pkj, &x);
     secp256k1_ge_set_gej(&pk, &pkj);
 
-    if (!noncefp(buf, msg32, seckey, NULL, (void*)ndata, 0)) {
+    if (!noncefp(ctx, buf, msg32, seckey, NULL, (void*)ndata, 0)) {
         return 0;
     }
     secp256k1_scalar_set_b32(&k, buf, NULL);

src/modules/schnorrsig/tests_impl.h

@@ -554,7 +554,8 @@ void test_schnorrsig_bip_vectors(secp256k1_scratch_space *scratch) {
 }
 
 /* Nonce function that returns constant 0 */
-static int nonce_function_failing(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int nonce_function_failing(const secp256k1_context *context, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+    (void) context;
     (void) msg32;
     (void) key32;
     (void) algo16;
@@ -565,7 +566,8 @@ static int nonce_function_failing(unsigned char *nonce32, const unsigned char *m
 }
 
 /* Nonce function that sets nonce to 0 */
-static int nonce_function_0(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int nonce_function_0(const secp256k1_context *context, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+    (void) context;
     (void) msg32;
     (void) key32;
     (void) algo16;

src/secp256k1.c

@@ -324,7 +324,7 @@ static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *off
 
 /* This nonce function is described in BIP-schnorr
  * (https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki) */
-static int secp256k1_nonce_function_bipschnorr(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int secp256k1_nonce_function_bipschnorr(const secp256k1_context *ctx, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
     secp256k1_sha256 sha;
     (void) data;
     (void) counter;
@@ -343,11 +343,12 @@ static int secp256k1_nonce_function_bipschnorr(unsigned char *nonce32, const uns
     return 1;
 }
 
-static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int nonce_function_rfc6979(const secp256k1_context *ctx, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
    unsigned char keydata[112];
    unsigned int offset = 0;
    secp256k1_rfc6979_hmac_sha256 rng;
    unsigned int i;
+   (void)ctx;
    /* We feed a byte array to the PRNG as input, consisting of:
     * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d.
     * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data.
@@ -397,7 +398,7 @@ int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature
         unsigned int count = 0;
         secp256k1_scalar_set_b32(&msg, msg32, NULL);
         while (1) {
-            ret = noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count);
+            ret = noncefp(ctx, nonce32, msg32, seckey, NULL, (void*)noncedata, count);
             if (!ret) {
                 break;
             }

src/tests.c

@@ -3987,23 +3987,24 @@ void run_ecdsa_sign_verify(void) {
 }
 
 /** Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted. Use only for testing. */
-static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int precomputed_nonce_function(const secp256k1_context *context, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+    (void)context;
     (void)msg32;
     (void)key32;
     (void)algo16;
     memcpy(nonce32, data, 32);
     return (counter == 0);
 }
 
-static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int nonce_function_test_fail(const secp256k1_context *context, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
    /* Dummy nonce generator that has a fatal error on the first counter value. */
    if (counter == 0) {
        return 0;
    }
-   return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 1);
+   return nonce_function_rfc6979(context, nonce32, msg32, key32, algo16, data, counter - 1);
 }
 
-static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
+static int nonce_function_test_retry(const secp256k1_context *context, unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
    /* Dummy nonce generator that produces unacceptable nonces for the first several counter values. */
    if (counter < 3) {
        memset(nonce32, counter==0 ? 0 : 255, 32);
@@ -4030,7 +4031,7 @@ static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char
    if (counter > 5) {
        return 0;
    }
-   return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5);
+   return nonce_function_rfc6979(context, nonce32, msg32, key32, algo16, data, counter - 5);
 }
 
 int is_empty_signature(const secp256k1_ecdsa_signature *sig) {
@@ -4910,13 +4911,13 @@ void test_ecdsa_edge_cases(void) {
         VG_UNDEF(nonce2,32);
         VG_UNDEF(nonce3,32);
         VG_UNDEF(nonce4,32);
-        CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1);
+        CHECK(nonce_function_rfc6979(ctx, nonce, zeros, zeros, NULL, NULL, 0) == 1);
         VG_CHECK(nonce,32);
-        CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1);
+        CHECK(nonce_function_rfc6979(ctx, nonce2, zeros, zeros, zeros, NULL, 0) == 1);
         VG_CHECK(nonce2,32);
-        CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1);
+        CHECK(nonce_function_rfc6979(ctx, nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1);
         VG_CHECK(nonce3,32);
-        CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1);
+        CHECK(nonce_function_rfc6979(ctx, nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1);
         VG_CHECK(nonce4,32);
         CHECK(memcmp(nonce, nonce2, 32) != 0);
         CHECK(memcmp(nonce, nonce3, 32) != 0);

src/tests_exhaustive.c

@@ -69,11 +69,12 @@ void random_fe(secp256k1_fe *x) {
 }
 /** END stolen from tests.c */
 
-int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32,
+int secp256k1_nonce_function_smallint(const secp256k1_context *ctx, unsigned char *nonce32, const unsigned char *msg32,
                                       const unsigned char *key32, const unsigned char *algo16,
                                       void *data, unsigned int attempt) {
     secp256k1_scalar s;
     int *idata = data;
+    (void)ctx;
     (void)msg32;
     (void)key32;
     (void)algo16;