Schnorr signature support.

This variation is used by alpha. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
9 years ago · faae91f3fc
2 changed files with 30 additions and 9 deletions
--- a/4
+++ b/4
@ -3,8 +3,8 @@
 # Needs to have oneof support: Ubuntu vivid's is too old :(
 PROTOCC:=protoc-c

-# Alpha has segregated witness, checksequenceverify
-#FEATURES := -DHAS_CSV=1 -DALPHA_TXSTYLE=1
+# Alpha has checksequenceverify, segregated witness+input-amount-in-sig+confidentual-transactions, schnorr
+#FEATURES := -DHAS_CSV=1 -DALPHA_TXSTYLE=1 -DUSE_SCHNORR=1

 PROGRAMS := test-cli/open-channel test-cli/open-anchor-scriptsigs test-cli/leak-anchor-sigs test-cli/open-commit-sig test-cli/check-commit-sig test-cli/check-anchor-scriptsigs test-cli/get-anchor-depth test-cli/create-steal-tx test-cli/create-commit-spend-tx test-cli/close-channel test-cli/create-close-tx test-cli/update-channel test-cli/update-channel-accept test-cli/update-channel-signature test-cli/update-channel-complete test-cli/create-commit-tx

--- a/bitcoin/signature.c
+++ b/bitcoin/signature.c
@ -75,9 +75,15 @@ bool sign_hash(const tal_t *ctx, const struct privkey *privkey,
 	if (!secpctx)
 		return false;

+#ifdef USE_SCHNORR
+	ok = secp256k1_schnorr_sign(secpctx, h->sha.u.u8,
+				    (unsigned char *)s,
+				    privkey->secret, NULL, NULL);
+#else
 	ok = secp256k1_ecdsa_sign_compact(secpctx, h->sha.u.u8,
 					  (unsigned char *)s,
 					  privkey->secret, NULL, NULL, NULL);
+#endif

 	secp256k1_context_destroy(secpctx);
 	return ok;
@ -132,18 +138,28 @@ static bool check_signed_hash(const struct sha256_double *hash,
 {
 	int ret;
 	secp256k1_context_t *secpctx;
-	u8 der[72];
-	size_t der_len;
-
-	/* FIXME: secp256k1 missing secp256k1_ecdsa_verify_compact */
-	der_len = signature_to_der(der, signature);

 	secpctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
 	if (!secpctx)
 		return false;

-	ret = secp256k1_ecdsa_verify(secpctx, hash->sha.u.u8, der, der_len,
-				     key->key, pubkey_len(key));
+#ifdef USE_SCHNORR
+	ret = secp256k1_schnorr_verify(secpctx, hash->sha.u.u8,
+				       (unsigned char *)signature,
+				       key->key, pubkey_len(key));
+#else
+	{
+		u8 der[72];
+		size_t der_len;
+
+		/* FIXME: secp256k1 missing secp256k1_ecdsa_verify_compact */
+		der_len = signature_to_der(der, signature);
+
+		ret = secp256k1_ecdsa_verify(secpctx, hash->sha.u.u8,
+					     der, der_len,
+					     key->key, pubkey_len(key));
+	}
+#endif

 	secp256k1_context_destroy(secpctx);
 	return ret == 1;
@ -310,5 +326,10 @@ size_t signature_to_der(u8 der[72], const struct signature *sig)
 /* Signature must have low S value. */
 bool sig_valid(const struct signature *sig)
 {
+#ifdef USE_SCHNORR
+	/* FIXME: Is there some sanity check we can do here? */
+	return true;
+#else
 	return (sig->s[0] & 0x80) == 0;
+#endif
 }