Anti-Exfil Functions

int wally_ae_host_commit_from_bytes(const unsigned char *entropy, size_t entropy_len, uint32_t flags, unsigned char *bytes_out, size_t len)

Create the initial commitment to host randomness.

Parameters:
  • entropy – Randomness to commit to. It must come from a cryptographically secure RNG. As per the protocol, this value must not be revealed to the client until after the host has received the client commitment.
  • entropy_len – The length of entropy in bytes. Must be WALLY_S2C_DATA_LEN.
  • flags – Must be EC_FLAG_ECDSA.
  • bytes_out – Destination for the resulting compact signature.
  • len – The length of bytes_out in bytes. Must be WALLY_HOST_COMMITMENT_LEN.
Returns:

See Error Codes
int wally_ae_signer_commit_from_bytes(const unsigned char *priv_key, size_t priv_key_len, const unsigned char *bytes, size_t bytes_len, const unsigned char *commitment, size_t commitment_len, uint32_t flags, unsigned char *s2c_opening_out, size_t s2c_opening_out_len)

Compute signer’s original nonce.

Parameters:
  • priv_key – The private key used for signing.
  • priv_key_len – The length of priv_key in bytes. Must be EC_PRIVATE_KEY_LEN.
  • bytes – The message hash to be signed.
  • bytes_len – The length of bytes in bytes. Must be EC_MESSAGE_HASH_LEN.
  • commitment – Randomness commitment from the host.
  • commitment_len – The length of commitment in bytes. Must be WALLY_HOST_COMMITMENT_LEN.
  • flags – Must be EC_FLAG_ECDSA.
  • s2c_opening_out – Destination for the resulting opening information.
  • s2c_opening_out_len – The length of s2c_opening_out in bytes. Must be WALLY_S2C_OPENING_LEN.
Returns:

See Error Codes
int wally_ae_sig_from_bytes(const unsigned char *priv_key, size_t priv_key_len, const unsigned char *bytes, size_t bytes_len, const unsigned char *entropy, size_t entropy_len, uint32_t flags, unsigned char *bytes_out, size_t len)

Same as wally_ec_sig_from_bytes, but commits to the host randomness.

Parameters:
  • priv_key – The private key to sign with.
  • priv_key_len – The length of priv_key in bytes. Must be EC_PRIVATE_KEY_LEN.
  • bytes – The message hash to sign.
  • bytes_len – The length of bytes in bytes. Must be EC_MESSAGE_HASH_LEN.
  • entropy – Host provided randomness.
  • entropy_len – The length of entropy in bytes. Must be WALLY_S2C_DATA_LEN.
  • flags – Must be EC_FLAG_ECDSA.
  • bytes_out – Destination for the resulting compact signature.
  • len – The length of bytes_out in bytes. Must be EC_SIGNATURE_LEN.
Returns:

See Error Codes
int wally_ae_verify(const unsigned char *pub_key, size_t pub_key_len, const unsigned char *bytes, size_t bytes_len, const unsigned char *entropy, size_t entropy_len, const unsigned char *s2c_opening, size_t s2c_opening_len, uint32_t flags, const unsigned char *sig, size_t sig_len)

Verify a signature was correctly constructed using the Anti-Exfil Protocol.

Parameters:
  • pub_key – The public key to verify with.
  • pub_key_len – The length of pub_key in bytes. Must be EC_PUBLIC_KEY_LEN.
  • bytes – The message hash to verify.
  • bytes_len – The length of bytes in bytes. Must be EC_MESSAGE_HASH_LEN.
  • entropy – Randomness provided by the host.
  • entropy_len – The length of entropy in bytes. Must be WALLY_S2C_DATA_LEN.
  • s2c_opening – Opening information provided by the signer.
  • s2c_opening_len – The length of s2c_opening in bytes. Must be WALLY_S2C_OPENING_LEN.
  • flags – Must be EC_FLAG_ECDSA.
  • sig – The compact signature of the message in bytes.
  • sig_len – The length of sig in bytes. Must be EC_SIGNATURE_LEN.
Returns:

See Error Codes