1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
//! Pure Rust implementation of the [secp256k1] (K-256) elliptic curve, //! including support for the //! [Elliptic Curve Digital Signature Algorithm (ECDSA)][ECDSA], //! [Elliptic Curve Diffie-Hellman (ECDH)][ECDH], and general purpose //! elliptic curve/field arithmetic which can be used to implement //! protocols based on group operations. //! //! ## About secp256k1 (K-256) //! //! secp256k1 is a Koblitz curve commonly used in cryptocurrency applications. //! The "K-256" name follows NIST notation where P = prime fields, //! B = binary fields, and K = Koblitz curves (defined over F₂). //! //! The curve is specified as `secp256k1` by Certicom's SECG in //! "SEC 2: Recommended Elliptic Curve Domain Parameters": //! //! <https://www.secg.org/sec2-v2.pdf> //! //! ## ⚠️ Security Warning //! //! The elliptic curve arithmetic contained in this crate has never been //! independently audited! //! //! This crate has been designed with the goal of ensuring that secret-dependent //! operations are performed in constant time (using the `subtle` crate and //! constant-time formulas). However, it has not been thoroughly assessed to ensure //! that generated assembly is constant time on common CPU architectures. //! //! USE AT YOUR OWN RISK! //! //! ## Minimum Supported Rust Version //! //! Rust **1.44** or higher. //! //! Minimum supported Rust version can be changed in the future, but it will be //! done with a minor version bump. //! //! [secp256k1]: https://en.bitcoin.it/wiki/Secp256k1 //! [ECDSA]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm //! [ECDH]: https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", html_root_url = "https://docs.rs/k256/0.5.4" )] #![forbid(unsafe_code)] #![warn(missing_docs, rust_2018_idioms, unused_qualifications)] #[cfg(feature = "arithmetic")] mod arithmetic; #[cfg(feature = "ecdh")] #[cfg_attr(docsrs, doc(cfg(feature = "ecdh")))] pub mod ecdh; #[cfg(feature = "ecdsa-core")] #[cfg_attr(docsrs, doc(cfg(feature = "ecdsa-core")))] pub mod ecdsa; #[cfg(any(feature = "test-vectors", test))] #[cfg_attr(docsrs, doc(cfg(feature = "test-vectors")))] pub mod test_vectors; pub use elliptic_curve; #[cfg(feature = "arithmetic")] pub use arithmetic::{ affine::AffinePoint, projective::ProjectivePoint, scalar::{NonZeroScalar, Scalar, ScalarBits}, }; #[cfg(feature = "expose-field")] pub use arithmetic::FieldElement; use elliptic_curve::consts::U32; #[cfg(feature = "oid")] use elliptic_curve::oid::ObjectIdentifier; /// K-256 (secp256k1) elliptic curve. /// /// Specified in Certicom's SECG in "SEC 2: Recommended Elliptic Curve Domain Parameters": /// /// <https://www.secg.org/sec2-v2.pdf> /// /// The curve's equation is `y² = x³ + 7` over a ~256-bit prime field. /// /// It's primarily notable for usage in Bitcoin and other cryptocurrencies, /// particularly in conjunction with the Elliptic Curve Digital Signature /// Algorithm (ECDSA). #[derive(Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)] pub struct Secp256k1; impl elliptic_curve::Curve for Secp256k1 { /// 256-bit (32-byte) type FieldSize = U32; } impl elliptic_curve::weierstrass::Curve for Secp256k1 {} impl elliptic_curve::weierstrass::point::Compression for Secp256k1 { /// secp256k1 points are typically compressed. const COMPRESS_POINTS: bool = true; } #[cfg(feature = "oid")] impl elliptic_curve::Identifier for Secp256k1 { const OID: ObjectIdentifier = ObjectIdentifier::new(&[1, 3, 132, 0, 10]); } /// Compressed SEC1-encoded secp256k1 (K-256) point (i.e. public key) pub type CompressedPoint = [u8; 33]; /// secp256k1 (K-256) field element serialized as bytes. /// /// Byte array containing a serialized field element value (base field or scalar). pub type FieldBytes = elliptic_curve::FieldBytes<Secp256k1>; /// SEC1-encoded secp256k1 (K-256) curve point. pub type EncodedPoint = elliptic_curve::sec1::EncodedPoint<Secp256k1>; /// secp256k1 (K-256) secret key. #[cfg(feature = "zeroize")] #[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))] pub type SecretKey = elliptic_curve::SecretKey<Secp256k1>;