Separate recoverable and normal signatures

include/secp256k1.h

@@ -40,7 +40,23 @@ typedef struct {
     unsigned char data[64];
 } secp256k1_pubkey_t;
 
-/** Opaque data structured that holds a parsed ECDSA signature, optionally
+/** Opaque data structured that holds a parsed ECDSA signature.
+ *
+ *  The exact representation of data inside is implementation defined and not
+ *  guaranteed to be portable between different platforms or versions. It is
+ *  however guaranteed to be 64 bytes in size, and can be safely copied/moved.
+ *  If you need to convert to a format suitable for storage or transmission, use
+ *  the secp256k1_ecdsa_signature_serialize_* and
+ *  secp256k1_ecdsa_signature_serialize_* functions.
+ *
+ *  Furthermore, it is guaranteed to identical signatures will have identical
+ *  representation, so they can be memcmp'ed.
+ */
+typedef struct {
+    unsigned char data[64];
+} secp256k1_ecdsa_signature_t;
+
+/** Opaque data structured that holds a parsed ECDSA signature,
  *  supporting pubkey recovery.
  *
  *  The exact representation of data inside is implementation defined and not
@@ -56,7 +72,7 @@ typedef struct {
  */
 typedef struct {
     unsigned char data[65];
-} secp256k1_ecdsa_signature_t;
+} secp256k1_ecdsa_recoverable_signature_t;
 
 /** A pointer to a function to deterministically generate a nonce.
  *
@@ -246,8 +262,6 @@ int secp256k1_ec_pubkey_serialize(
  *  Out: sig:      a pointer to a signature object
  *
  *  Note that this function also supports some violations of DER and even BER.
- *
- *  The resulting signature object will not support pubkey recovery.
  */
 int secp256k1_ecdsa_signature_parse_der(
     const secp256k1_context_t* ctx,
@@ -261,19 +275,28 @@ int secp256k1_ecdsa_signature_parse_der(
  *  Returns: 1 when the signature could be parsed, 0 otherwise
  *  In:  ctx:     a secp256k1 context object
  *       input64: a pointer to a 64-byte compact signature
- *       recid:   the recovery id (0, 1, 2 or 3, or -1 for unknown)
+ *       recid:   the recovery id (0, 1, 2 or 3)
  *  Out: sig:     a pointer to a signature object
- *
- *  If recid is not -1, the resulting signature object will support pubkey
- *  recovery.
  */
-int secp256k1_ecdsa_signature_parse_compact(
+int secp256k1_ecdsa_recoverable_signature_parse_compact(
     const secp256k1_context_t* ctx,
-    secp256k1_ecdsa_signature_t* sig,
+    secp256k1_ecdsa_recoverable_signature_t* sig,
     const unsigned char *input64,
     int recid
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
+/** Convert a recoverable signature into a normal signature.
+ *
+ *  Returns: 1
+ *  In:  sigin:  a pointer to a recoverable signature (cannot be NULL).
+ *  Out: sig:    a pointer to a normal signature (cannot be NULL).
+ */
+int secp256k1_ecdsa_recoverable_signature_convert(
+    const secp256k1_context_t* ctx,
+    secp256k1_ecdsa_signature_t* sig,
+    const secp256k1_ecdsa_recoverable_signature_t* sigin
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
 /** Serialize an ECDSA signature in DER format.
  *
  *  Returns: 1 if enough space was available to serialize, 0 otherwise
@@ -299,14 +322,12 @@ int secp256k1_ecdsa_signature_serialize_der(
  *      sig:       a pointer to an initialized signature object (cannot be NULL)
  *  Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL)
  *       recid:    a pointer to an integer to hold the recovery id (can be NULL).
- *
- *  If recid is not NULL, the signature must support pubkey recovery.
  */
-int secp256k1_ecdsa_signature_serialize_compact(
+int secp256k1_ecdsa_recoverable_signature_serialize_compact(
     const secp256k1_context_t* ctx,
     unsigned char *output64,
     int *recid,
-    const secp256k1_ecdsa_signature_t* sig
+    const secp256k1_ecdsa_recoverable_signature_t* sig
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4);
 
 /** Verify an ECDSA signature.
@@ -383,6 +404,26 @@ int secp256k1_ecdsa_sign(
     const void *ndata
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
+/** Create a recoverable ECDSA signature.
+ *
+ *  Returns: 1: signature created
+ *           0: the nonce generation function failed, or the private key was invalid.
+ *  In:      ctx:    pointer to a context object, initialized for signing (cannot be NULL)
+ *           msg32:  the 32-byte message hash being signed (cannot be NULL)
+ *           seckey: pointer to a 32-byte secret key (cannot be NULL)
+ *           noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
+ *           ndata:  pointer to arbitrary data used by the nonce generation function (can be NULL)
+ *  Out:     sig:    pointer to an array where the signature will be placed (cannot be NULL)
+ */
+int secp256k1_ecdsa_sign_recoverable(
+    const secp256k1_context_t* ctx,
+    const unsigned char *msg32,
+    secp256k1_ecdsa_recoverable_signature_t *sig,
+    const unsigned char *seckey,
+    secp256k1_nonce_function_t noncefp,
+    const void *ndata
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
 /** Recover an ECDSA public key from a signature.
  *
  *  Returns: 1: public key successfully recovered (which guarantees a correct signature).
@@ -395,7 +436,7 @@ int secp256k1_ecdsa_sign(
 SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
     const secp256k1_context_t* ctx,
     const unsigned char *msg32,
-    const secp256k1_ecdsa_signature_t *sig,
+    const secp256k1_ecdsa_recoverable_signature_t *sig,
     secp256k1_pubkey_t *pubkey
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);