Bitcoin ABC 0.30.5
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-2016 The Bitcoin Core developers
2// Copyright (c) 2017 The Zcash developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6#include <key.h>
7
8#include <crypto/common.h>
9#include <crypto/hmac_sha512.h>
10#include <random.h>
11
12#include <secp256k1.h>
13#include <secp256k1_recovery.h>
14#include <secp256k1_schnorr.h>
15
16static secp256k1_context *secp256k1_context_sign = nullptr;
17
40int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32,
41 const uint8_t *privkey, size_t privkeylen) {
42 const uint8_t *end = privkey + privkeylen;
43 memset(out32, 0, 32);
44 /* sequence header */
45 if (end - privkey < 1 || *privkey != 0x30u) {
46 return 0;
47 }
48 privkey++;
49 /* sequence length constructor */
50 if (end - privkey < 1 || !(*privkey & 0x80u)) {
51 return 0;
52 }
53 ptrdiff_t lenb = *privkey & ~0x80u;
54 privkey++;
55 if (lenb < 1 || lenb > 2) {
56 return 0;
57 }
58 if (end - privkey < lenb) {
59 return 0;
60 }
61 /* sequence length */
62 ptrdiff_t len =
63 privkey[lenb - 1] | (lenb > 1 ? privkey[lenb - 2] << 8 : 0u);
64 privkey += lenb;
65 if (end - privkey < len) {
66 return 0;
67 }
68 /* sequence element 0: version number (=1) */
69 if (end - privkey < 3 || privkey[0] != 0x02u || privkey[1] != 0x01u ||
70 privkey[2] != 0x01u) {
71 return 0;
72 }
73 privkey += 3;
74 /* sequence element 1: octet string, up to 32 bytes */
75 if (end - privkey < 2 || privkey[0] != 0x04u) {
76 return 0;
77 }
78 ptrdiff_t oslen = privkey[1];
79 privkey += 2;
80 if (oslen > 32 || end - privkey < oslen) {
81 return 0;
82 }
83 memcpy(out32 + (32 - oslen), privkey, oslen);
84 if (!secp256k1_ec_seckey_verify(ctx, out32)) {
85 memset(out32, 0, 32);
86 return 0;
87 }
88 return 1;
89}
90
101int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey,
102 size_t *privkeylen, const uint8_t *key32,
103 bool compressed) {
104 assert(*privkeylen >= CKey::SIZE);
105 secp256k1_pubkey pubkey;
106 size_t pubkeylen = 0;
107 if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
108 *privkeylen = 0;
109 return 0;
110 }
111
112 if (compressed) {
113 static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
114 0x01, 0x01, 0x04, 0x20};
115 static const uint8_t middle[] = {
116 0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
117 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
118 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
120 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
121 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
122 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
123 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
124 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
125 0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
127 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
128 0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
129 uint8_t *ptr = privkey;
130 memcpy(ptr, begin, sizeof(begin));
131 ptr += sizeof(begin);
132 memcpy(ptr, key32, 32);
133 ptr += 32;
134 memcpy(ptr, middle, sizeof(middle));
135 ptr += sizeof(middle);
136 pubkeylen = CPubKey::COMPRESSED_SIZE;
137 secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
138 SECP256K1_EC_COMPRESSED);
139 ptr += pubkeylen;
140 *privkeylen = ptr - privkey;
141 assert(*privkeylen == CKey::COMPRESSED_SIZE);
142 } else {
143 static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
144 0x01, 0x01, 0x04, 0x20};
145 static const uint8_t middle[] = {
146 0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
147 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
148 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
149 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
150 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
151 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
152 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
153 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
154 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
155 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
156 0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
157 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
158 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
159 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
160 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
161 0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
162 uint8_t *ptr = privkey;
163 memcpy(ptr, begin, sizeof(begin));
164 ptr += sizeof(begin);
165 memcpy(ptr, key32, 32);
166 ptr += 32;
167 memcpy(ptr, middle, sizeof(middle));
168 ptr += sizeof(middle);
169 pubkeylen = CPubKey::SIZE;
170 secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
171 SECP256K1_EC_UNCOMPRESSED);
172 ptr += pubkeylen;
173 *privkeylen = ptr - privkey;
174 assert(*privkeylen == CKey::SIZE);
175 }
176 return 1;
177}
178
179bool CKey::Check(const uint8_t *vch) {
180 return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
181}
182
183void CKey::MakeNewKey(bool fCompressedIn) {
184 do {
185 GetStrongRandBytes(keydata);
186 } while (!Check(keydata.data()));
187 fValid = true;
188 fCompressed = fCompressedIn;
189}
190
191bool CKey::Negate() {
192 assert(fValid);
193 return secp256k1_ec_privkey_negate(secp256k1_context_sign, keydata.data());
194}
195
196CPrivKey CKey::GetPrivKey() const {
197 assert(fValid);
198 CPrivKey privkey;
199 int ret;
200 size_t privkeylen;
201 privkey.resize(SIZE);
202 privkeylen = SIZE;
203 ret = ec_privkey_export_der(secp256k1_context_sign, privkey.data(),
204 &privkeylen, begin(), fCompressed);
205 assert(ret);
206 privkey.resize(privkeylen);
207 return privkey;
208}
209
210CPubKey CKey::GetPubKey() const {
211 assert(fValid);
212 secp256k1_pubkey pubkey;
213 size_t clen = CPubKey::SIZE;
214 CPubKey result;
215 int ret =
216 secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
217 assert(ret);
218 secp256k1_ec_pubkey_serialize(
219 secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
220 fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
221 assert(result.size() == clen);
222 assert(result.IsValid());
223 return result;
224}
225
226// Check that the sig has a low R value and will be less than 71 bytes
227bool SigHasLowR(const secp256k1_ecdsa_signature *sig) {
228 uint8_t compact_sig[64];
229 secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
230 compact_sig, sig);
231
232 // In DER serialization, all values are interpreted as big-endian, signed
233 // integers. The highest bit in the integer indicates its signed-ness; 0 is
234 // positive, 1 is negative. When the value is interpreted as a negative
235 // integer, it must be converted to a positive value by prepending a 0x00
236 // byte so that the highest bit is 0. We can avoid this prepending by
237 // ensuring that our highest bit is always 0, and thus we must check that
238 // the first byte is less than 0x80.
239 return compact_sig[0] < 0x80;
240}
241
242bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
243 bool grind, uint32_t test_case) const {
244 if (!fValid) {
245 return false;
246 }
247 vchSig.resize(CPubKey::SIGNATURE_SIZE);
248 size_t nSigLen = CPubKey::SIGNATURE_SIZE;
249 uint8_t extra_entropy[32] = {0};
250 WriteLE32(extra_entropy, test_case);
251 secp256k1_ecdsa_signature sig;
252 uint32_t counter = 0;
253 int ret =
254 secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
255 begin(), secp256k1_nonce_function_rfc6979,
256 (!grind && test_case) ? extra_entropy : nullptr);
257
258 // Grind for low R
259 while (ret && !SigHasLowR(&sig) && grind) {
260 WriteLE32(extra_entropy, ++counter);
261 ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
262 begin(), secp256k1_nonce_function_rfc6979,
263 extra_entropy);
264 }
265 assert(ret);
266 secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
267 vchSig.data(), &nSigLen, &sig);
268 vchSig.resize(nSigLen);
269 return true;
270}
271
272static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf,
273 uint32_t test_case) {
274 if (!key.IsValid()) {
275 return false;
276 }
277
278 uint8_t extra_entropy[32] = {0};
279 WriteLE32(extra_entropy, test_case);
280
281 int ret = secp256k1_schnorr_sign(
282 secp256k1_context_sign, buf, hash.begin(), key.begin(),
283 secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
284 assert(ret);
285 return true;
286}
287
288bool CKey::SignSchnorr(const uint256 &hash, SchnorrSig &sig,
289 uint32_t test_case) const {
290 return DoSignSchnorr(*this, hash, sig.data(), test_case);
291}
292
293bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
294 uint32_t test_case) const {
295 if (!fValid) {
296 return false;
297 }
298 vchSig.resize(CPubKey::SCHNORR_SIZE);
299 return DoSignSchnorr(*this, hash, vchSig.data(), test_case);
300}
301
302bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
303 if (pubkey.IsCompressed() != fCompressed) {
304 return false;
305 }
306 uint8_t rnd[8];
307 std::string str = "Bitcoin key verification\n";
308 GetRandBytes(rnd);
309 uint256 hash;
310 CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
311 std::vector<uint8_t> vchSig;
312 SignECDSA(hash, vchSig);
313 return pubkey.VerifyECDSA(hash, vchSig);
314}
315
316bool CKey::SignCompact(const uint256 &hash,
317 std::vector<uint8_t> &vchSig) const {
318 if (!fValid) {
319 return false;
320 }
321 vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
322 int rec = -1;
323 secp256k1_ecdsa_recoverable_signature sig;
324 int ret = secp256k1_ecdsa_sign_recoverable(
325 secp256k1_context_sign, &sig, hash.begin(), begin(),
326 secp256k1_nonce_function_rfc6979, nullptr);
327 assert(ret);
328 ret = secp256k1_ecdsa_recoverable_signature_serialize_compact(
329 secp256k1_context_sign, &vchSig[1], &rec, &sig);
330 assert(ret);
331 assert(rec != -1);
332 vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
333 return true;
334}
335
336bool CKey::Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
337 bool fSkipCheck = false) {
338 if (!ec_privkey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
339 privkey.data(), privkey.size())) {
340 return false;
341 }
342 fCompressed = vchPubKey.IsCompressed();
343 fValid = true;
344
345 if (fSkipCheck) {
346 return true;
347 }
348
349 return VerifyPubKey(vchPubKey);
350}
351
352bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
353 const ChainCode &cc) const {
354 assert(IsValid());
355 assert(IsCompressed());
356 std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
357 if ((nChild >> 31) == 0) {
358 CPubKey pubkey = GetPubKey();
359 assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
360 BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
361 } else {
362 assert(size() == 32);
363 BIP32Hash(cc, nChild, 0, begin(), vout.data());
364 }
365 memcpy(ccChild.begin(), vout.data() + 32, 32);
366 memcpy((uint8_t *)keyChild.begin(), begin(), 32);
367 bool ret = secp256k1_ec_privkey_tweak_add(
368 secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
369 keyChild.fCompressed = true;
370 keyChild.fValid = ret;
371 return ret;
372}
373
374bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
375 out.nDepth = nDepth + 1;
376 CKeyID id = key.GetPubKey().GetID();
377 memcpy(out.vchFingerprint, &id, 4);
378 out.nChild = _nChild;
379 return key.Derive(out.key, out.chaincode, _nChild, chaincode);
380}
381
382void CExtKey::SetSeed(Span<const std::byte> seed) {
383 static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
384 'n', ' ', 's', 'e', 'e', 'd'};
385 std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
386 CHMAC_SHA512{hashkey, sizeof(hashkey)}
387 .Write(UCharCast(seed.data()), seed.size())
388 .Finalize(vout.data());
389 key.Set(vout.data(), vout.data() + 32, true);
390 memcpy(chaincode.begin(), vout.data() + 32, 32);
391 nDepth = 0;
392 nChild = 0;
393 memset(vchFingerprint, 0, sizeof(vchFingerprint));
394}
395
396CExtPubKey CExtKey::Neuter() const {
397 CExtPubKey ret;
398 ret.nDepth = nDepth;
399 memcpy(ret.vchFingerprint, vchFingerprint, 4);
400 ret.nChild = nChild;
401 ret.pubkey = key.GetPubKey();
402 ret.chaincode = chaincode;
403 return ret;
404}
405
406void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
407 code[0] = nDepth;
408 memcpy(code + 1, vchFingerprint, 4);
409 code[5] = (nChild >> 24) & 0xFF;
410 code[6] = (nChild >> 16) & 0xFF;
411 code[7] = (nChild >> 8) & 0xFF;
412 code[8] = (nChild >> 0) & 0xFF;
413 memcpy(code + 9, chaincode.begin(), 32);
414 code[41] = 0;
415 assert(key.size() == 32);
416 memcpy(code + 42, key.begin(), 32);
417}
418
419void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
420 nDepth = code[0];
421 memcpy(vchFingerprint, code + 1, 4);
422 nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
423 memcpy(chaincode.begin(), code + 9, 32);
424 key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
425}
426
427bool ECC_InitSanityCheck() {
428 CKey key;
429 key.MakeNewKey(true);
430 CPubKey pubkey = key.GetPubKey();
431 return key.VerifyPubKey(pubkey);
432}
433
434void ECC_Start() {
435 assert(secp256k1_context_sign == nullptr);
436
437 secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
438 assert(ctx != nullptr);
439
440 {
441 // Pass in a random blinding seed to the secp256k1 context.
442 std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
443 GetRandBytes(vseed);
444 bool ret = secp256k1_context_randomize(ctx, vseed.data());
445 assert(ret);
446 }
447
448 secp256k1_context_sign = ctx;
449}
450
451void ECC_Stop() {
452 secp256k1_context *ctx = secp256k1_context_sign;
453 secp256k1_context_sign = nullptr;
454
455 if (ctx) {
456 secp256k1_context_destroy(ctx);
457 }
458}
459
460static CKey validKey(bool compressed) {
461 CKey ret;
462 ret.MakeNewKey(compressed);
463 return ret;
464}
465
466CKey CKey::MakeCompressedKey() {
467 return validKey(true);
468}
469
470CKey CKey::MakeUncompressedKey() {
471 return validKey(false);
472}
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
CHMAC_SHA512
A hasher class for HMAC-SHA-512.
Definition: hmac_sha512.h:14
CHMAC_SHA512::Write
CHMAC_SHA512 & Write(const uint8_t *data, size_t len)
Definition: hmac_sha512.h:23
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:22
CHash256::Write
CHash256 & Write(Span< const uint8_t > input)
Definition: hash.h:36
CHash256::Finalize
void Finalize(Span< uint8_t > output)
Definition: hash.h:29
CKey
An encapsulated secp256k1 private key.
Definition: key.h:28
CKey::Check
static bool Check(const uint8_t *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:179
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:191
CKey::SIZE
static const unsigned int SIZE
secp256k1:
Definition: key.h:33
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< uint8_t > &vchSig) const
Create a compact ECDSA signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:316
CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:89
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:97
CKey::MakeCompressedKey
static CKey MakeCompressedKey()
Produce a valid compressed key.
Definition: key.cpp:466
CKey::SignECDSA
bool SignECDSA(const uint256 &hash, std::vector< uint8_t > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized ECDSA signature.
Definition: key.cpp:242
CKey::fValid
bool fValid
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:46
CKey::MakeUncompressedKey
static CKey MakeUncompressedKey()
Produce a valid uncompressed key.
Definition: key.cpp:470
CKey::begin
const uint8_t * begin() const
Definition: key.h:93
CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:196
CKey::COMPRESSED_SIZE
static const unsigned int COMPRESSED_SIZE
Definition: key.h:34
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:101
CKey::MakeNewKey
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:183
CKey::fCompressed
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:50
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:210
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:76
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, SchnorrSig &sig, uint32_t test_case=0) const
Create a Schnorr signature.
Definition: key.cpp:288
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:302
CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:336
CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:352
CKey::keydata
std::vector< uint8_t, secure_allocator< uint8_t > > keydata
The actual byte data.
Definition: key.h:53
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:154
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:137
CPubKey::SCHNORR_SIZE
static constexpr unsigned int SCHNORR_SIZE
Definition: pubkey.h:38
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:37
CPubKey::VerifyECDSA
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
Definition: pubkey.cpp:172
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:147
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:36
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:98
CPubKey::begin
const uint8_t * begin() const
Definition: pubkey.h:100
CPubKey::SIGNATURE_SIZE
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:39
CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:40
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:93
Span::size
constexpr std::size_t size() const noexcept
Definition: span.h:209
Span::data
constexpr C * data() const noexcept
Definition: span.h:198
base_blob::begin
uint8_t * begin()
Definition: uint256.h:85
base_blob::data
const uint8_t * data() const
Definition: uint256.h:82
uint256
256-bit opaque blob.
Definition: uint256.h:129
WriteLE32
static void WriteLE32(uint8_t *ptr, uint32_t x)
Definition: common.h:40
BIP32Hash
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
Definition: hash.cpp:72
hmac_sha512.h
ec_privkey_export_der
int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey, size_t *privkeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www....
Definition: key.cpp:101
DoSignSchnorr
static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf, uint32_t test_case)
Definition: key.cpp:272
ec_privkey_import_der
int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *privkey, size_t privkeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
Definition: key.cpp:40
secp256k1_context_sign
static secp256k1_context * secp256k1_context_sign
Definition: key.cpp:16
validKey
static CKey validKey(bool compressed)
Definition: key.cpp:460
SigHasLowR
bool SigHasLowR(const secp256k1_ecdsa_signature *sig)
Definition: key.cpp:227
ECC_InitSanityCheck
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:427
ECC_Start
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:434
ECC_Stop
void ECC_Stop()
Deinitialize the elliptic curve support.
Definition: key.cpp:451
SchnorrSig
std::array< uint8_t, CPubKey::SCHNORR_SIZE > SchnorrSig
a Schnorr signature
Definition: key.h:25
CPrivKey
std::vector< uint8_t, secure_allocator< uint8_t > > CPrivKey
secure_allocator is defined in allocators.h CPrivKey is a serialized private key, with all parameters...
Definition: key.h:22
sig
SchnorrSig sig
Definition: processor.cpp:498
BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
GetRandBytes
void GetRandBytes(Span< uint8_t > bytes) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:639
GetStrongRandBytes
void GetStrongRandBytes(Span< uint8_t > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:642
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:174
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:756
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:296
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:576
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:152
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:561
secp256k1_ec_privkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:632
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:599
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:179
secp256k1_ec_privkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:679
SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:180
secp256k1_nonce_function_rfc6979
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:502
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:406
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:196
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:418
secp256k1_recovery.h
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorr.h
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
UCharCast
uint8_t * UCharCast(char *c)
Definition: span.h:309
MakeUCharSpan
constexpr auto MakeUCharSpan(V &&v) -> decltype(UCharSpanCast(Span{std::forward< V >(v)}))
Like the Span constructor, but for (const) uint8_t member types only.
Definition: span.h:337
CExtKey
Definition: key.h:167
CExtKey::Encode
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
Definition: key.cpp:406
CExtKey::Neuter
CExtPubKey Neuter() const
Definition: key.cpp:396
CExtKey::Derive
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:374
CExtKey::nDepth
uint8_t nDepth
Definition: key.h:168
CExtKey::key
CKey key
Definition: key.h:172
CExtKey::Decode
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
Definition: key.cpp:419
CExtKey::chaincode
ChainCode chaincode
Definition: key.h:171
CExtKey::nChild
unsigned int nChild
Definition: key.h:170
CExtKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: key.h:169
CExtKey::SetSeed
void SetSeed(Span< const std::byte > seed)
Definition: key.cpp:382
CExtPubKey::nDepth
uint8_t nDepth
Definition: pubkey.h:194
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:197
CExtPubKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: pubkey.h:195
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:198
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:196
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
assert
assert(!tx.IsCoinBase())
Generated on Wed Nov 20 2024 17:55:58 for Bitcoin ABC by doxygen 1.9.4