Bitcoin ABC  0.29.2
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2016 The Bitcoin Core developers
2 // Copyright (c) 2017 The Zcash developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <key.h>
7 
8 #include <crypto/common.h>
9 #include <crypto/hmac_sha512.h>
10 #include <random.h>
11 
12 #include <secp256k1.h>
13 #include <secp256k1_recovery.h>
14 #include <secp256k1_schnorr.h>
15 
16 static secp256k1_context *secp256k1_context_sign = nullptr;
17 
40 int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32,
41  const uint8_t *privkey, size_t privkeylen) {
42  const uint8_t *end = privkey + privkeylen;
43  memset(out32, 0, 32);
44  /* sequence header */
45  if (end - privkey < 1 || *privkey != 0x30u) {
46  return 0;
47  }
48  privkey++;
49  /* sequence length constructor */
50  if (end - privkey < 1 || !(*privkey & 0x80u)) {
51  return 0;
52  }
53  ptrdiff_t lenb = *privkey & ~0x80u;
54  privkey++;
55  if (lenb < 1 || lenb > 2) {
56  return 0;
57  }
58  if (end - privkey < lenb) {
59  return 0;
60  }
61  /* sequence length */
62  ptrdiff_t len =
63  privkey[lenb - 1] | (lenb > 1 ? privkey[lenb - 2] << 8 : 0u);
64  privkey += lenb;
65  if (end - privkey < len) {
66  return 0;
67  }
68  /* sequence element 0: version number (=1) */
69  if (end - privkey < 3 || privkey[0] != 0x02u || privkey[1] != 0x01u ||
70  privkey[2] != 0x01u) {
71  return 0;
72  }
73  privkey += 3;
74  /* sequence element 1: octet string, up to 32 bytes */
75  if (end - privkey < 2 || privkey[0] != 0x04u) {
76  return 0;
77  }
78  ptrdiff_t oslen = privkey[1];
79  privkey += 2;
80  if (oslen > 32 || end - privkey < oslen) {
81  return 0;
82  }
83  memcpy(out32 + (32 - oslen), privkey, oslen);
84  if (!secp256k1_ec_seckey_verify(ctx, out32)) {
85  memset(out32, 0, 32);
86  return 0;
87  }
88  return 1;
89 }
90 
101 int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey,
102  size_t *privkeylen, const uint8_t *key32,
103  bool compressed) {
104  assert(*privkeylen >= CKey::SIZE);
105  secp256k1_pubkey pubkey;
106  size_t pubkeylen = 0;
107  if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
108  *privkeylen = 0;
109  return 0;
110  }
111 
112  if (compressed) {
113  static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
114  0x01, 0x01, 0x04, 0x20};
115  static const uint8_t middle[] = {
116  0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
117  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
118  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
120  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
121  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
122  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
123  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
124  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
125  0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
127  0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
128  0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
129  uint8_t *ptr = privkey;
130  memcpy(ptr, begin, sizeof(begin));
131  ptr += sizeof(begin);
132  memcpy(ptr, key32, 32);
133  ptr += 32;
134  memcpy(ptr, middle, sizeof(middle));
135  ptr += sizeof(middle);
136  pubkeylen = CPubKey::COMPRESSED_SIZE;
137  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
138  SECP256K1_EC_COMPRESSED);
139  ptr += pubkeylen;
140  *privkeylen = ptr - privkey;
141  assert(*privkeylen == CKey::COMPRESSED_SIZE);
142  } else {
143  static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
144  0x01, 0x01, 0x04, 0x20};
145  static const uint8_t middle[] = {
146  0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
147  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
148  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
149  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
150  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
151  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
152  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
153  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
154  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
155  0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
156  0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
157  0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
158  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
159  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
160  0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
161  0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
162  uint8_t *ptr = privkey;
163  memcpy(ptr, begin, sizeof(begin));
164  ptr += sizeof(begin);
165  memcpy(ptr, key32, 32);
166  ptr += 32;
167  memcpy(ptr, middle, sizeof(middle));
168  ptr += sizeof(middle);
169  pubkeylen = CPubKey::SIZE;
170  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
171  SECP256K1_EC_UNCOMPRESSED);
172  ptr += pubkeylen;
173  *privkeylen = ptr - privkey;
174  assert(*privkeylen == CKey::SIZE);
175  }
176  return 1;
177 }
178 
179 bool CKey::Check(const uint8_t *vch) {
180  return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
181 }
182 
183 void CKey::MakeNewKey(bool fCompressedIn) {
184  do {
185  GetStrongRandBytes(keydata);
186  } while (!Check(keydata.data()));
187  fValid = true;
188  fCompressed = fCompressedIn;
189 }
190 
191 bool CKey::Negate() {
192  assert(fValid);
193  return secp256k1_ec_privkey_negate(secp256k1_context_sign, keydata.data());
194 }
195 
196 CPrivKey CKey::GetPrivKey() const {
197  assert(fValid);
198  CPrivKey privkey;
199  int ret;
200  size_t privkeylen;
201  privkey.resize(SIZE);
202  privkeylen = SIZE;
203  ret = ec_privkey_export_der(secp256k1_context_sign, privkey.data(),
204  &privkeylen, begin(), fCompressed);
205  assert(ret);
206  privkey.resize(privkeylen);
207  return privkey;
208 }
209 
210 CPubKey CKey::GetPubKey() const {
211  assert(fValid);
212  secp256k1_pubkey pubkey;
213  size_t clen = CPubKey::SIZE;
214  CPubKey result;
215  int ret =
216  secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
217  assert(ret);
218  secp256k1_ec_pubkey_serialize(
219  secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
220  fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
221  assert(result.size() == clen);
222  assert(result.IsValid());
223  return result;
224 }
225 
226 // Check that the sig has a low R value and will be less than 71 bytes
227 bool SigHasLowR(const secp256k1_ecdsa_signature *sig) {
228  uint8_t compact_sig[64];
229  secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
230  compact_sig, sig);
231 
232  // In DER serialization, all values are interpreted as big-endian, signed
233  // integers. The highest bit in the integer indicates its signed-ness; 0 is
234  // positive, 1 is negative. When the value is interpreted as a negative
235  // integer, it must be converted to a positive value by prepending a 0x00
236  // byte so that the highest bit is 0. We can avoid this prepending by
237  // ensuring that our highest bit is always 0, and thus we must check that
238  // the first byte is less than 0x80.
239  return compact_sig[0] < 0x80;
240 }
241 
242 bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
243  bool grind, uint32_t test_case) const {
244  if (!fValid) {
245  return false;
246  }
247  vchSig.resize(CPubKey::SIGNATURE_SIZE);
248  size_t nSigLen = CPubKey::SIGNATURE_SIZE;
249  uint8_t extra_entropy[32] = {0};
250  WriteLE32(extra_entropy, test_case);
251  secp256k1_ecdsa_signature sig;
252  uint32_t counter = 0;
253  int ret =
254  secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
255  begin(), secp256k1_nonce_function_rfc6979,
256  (!grind && test_case) ? extra_entropy : nullptr);
257 
258  // Grind for low R
259  while (ret && !SigHasLowR(&sig) && grind) {
260  WriteLE32(extra_entropy, ++counter);
261  ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
262  begin(), secp256k1_nonce_function_rfc6979,
263  extra_entropy);
264  }
265  assert(ret);
266  secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
267  vchSig.data(), &nSigLen, &sig);
268  vchSig.resize(nSigLen);
269  return true;
270 }
271 
272 static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf,
273  uint32_t test_case) {
274  if (!key.IsValid()) {
275  return false;
276  }
277 
278  uint8_t extra_entropy[32] = {0};
279  WriteLE32(extra_entropy, test_case);
280 
281  int ret = secp256k1_schnorr_sign(
282  secp256k1_context_sign, buf, hash.begin(), key.begin(),
283  secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
284  assert(ret);
285  return true;
286 }
287 
288 bool CKey::SignSchnorr(const uint256 &hash, SchnorrSig &sig,
289  uint32_t test_case) const {
290  return DoSignSchnorr(*this, hash, sig.data(), test_case);
291 }
292 
293 bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
294  uint32_t test_case) const {
295  if (!fValid) {
296  return false;
297  }
298  vchSig.resize(CPubKey::SCHNORR_SIZE);
299  return DoSignSchnorr(*this, hash, vchSig.data(), test_case);
300 }
301 
302 bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
303  if (pubkey.IsCompressed() != fCompressed) {
304  return false;
305  }
306  uint8_t rnd[8];
307  std::string str = "Bitcoin key verification\n";
308  GetRandBytes(rnd);
309  uint256 hash;
310  CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
311  std::vector<uint8_t> vchSig;
312  SignECDSA(hash, vchSig);
313  return pubkey.VerifyECDSA(hash, vchSig);
314 }
315 
316 bool CKey::SignCompact(const uint256 &hash,
317  std::vector<uint8_t> &vchSig) const {
318  if (!fValid) {
319  return false;
320  }
321  vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
322  int rec = -1;
323  secp256k1_ecdsa_recoverable_signature sig;
324  int ret = secp256k1_ecdsa_sign_recoverable(
325  secp256k1_context_sign, &sig, hash.begin(), begin(),
326  secp256k1_nonce_function_rfc6979, nullptr);
327  assert(ret);
328  ret = secp256k1_ecdsa_recoverable_signature_serialize_compact(
329  secp256k1_context_sign, &vchSig[1], &rec, &sig);
330  assert(ret);
331  assert(rec != -1);
332  vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
333  return true;
334 }
335 
336 bool CKey::Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
337  bool fSkipCheck = false) {
338  if (!ec_privkey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
339  privkey.data(), privkey.size())) {
340  return false;
341  }
342  fCompressed = vchPubKey.IsCompressed();
343  fValid = true;
344 
345  if (fSkipCheck) {
346  return true;
347  }
348 
349  return VerifyPubKey(vchPubKey);
350 }
351 
352 bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
353  const ChainCode &cc) const {
354  assert(IsValid());
355  assert(IsCompressed());
356  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
357  if ((nChild >> 31) == 0) {
358  CPubKey pubkey = GetPubKey();
359  assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
360  BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
361  } else {
362  assert(size() == 32);
363  BIP32Hash(cc, nChild, 0, begin(), vout.data());
364  }
365  memcpy(ccChild.begin(), vout.data() + 32, 32);
366  memcpy((uint8_t *)keyChild.begin(), begin(), 32);
367  bool ret = secp256k1_ec_privkey_tweak_add(
368  secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
369  keyChild.fCompressed = true;
370  keyChild.fValid = ret;
371  return ret;
372 }
373 
374 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
375  out.nDepth = nDepth + 1;
376  CKeyID id = key.GetPubKey().GetID();
377  memcpy(out.vchFingerprint, &id, 4);
378  out.nChild = _nChild;
379  return key.Derive(out.key, out.chaincode, _nChild, chaincode);
380 }
381 
382 void CExtKey::SetSeed(const uint8_t *seed, unsigned int nSeedLen) {
383  static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
384  'n', ' ', 's', 'e', 'e', 'd'};
385  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
386  CHMAC_SHA512(hashkey, sizeof(hashkey))
387  .Write(seed, nSeedLen)
388  .Finalize(vout.data());
389  key.Set(vout.data(), vout.data() + 32, true);
390  memcpy(chaincode.begin(), vout.data() + 32, 32);
391  nDepth = 0;
392  nChild = 0;
393  memset(vchFingerprint, 0, sizeof(vchFingerprint));
394 }
395 
396 CExtPubKey CExtKey::Neuter() const {
397  CExtPubKey ret;
398  ret.nDepth = nDepth;
399  memcpy(ret.vchFingerprint, vchFingerprint, 4);
400  ret.nChild = nChild;
401  ret.pubkey = key.GetPubKey();
402  ret.chaincode = chaincode;
403  return ret;
404 }
405 
406 void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
407  code[0] = nDepth;
408  memcpy(code + 1, vchFingerprint, 4);
409  code[5] = (nChild >> 24) & 0xFF;
410  code[6] = (nChild >> 16) & 0xFF;
411  code[7] = (nChild >> 8) & 0xFF;
412  code[8] = (nChild >> 0) & 0xFF;
413  memcpy(code + 9, chaincode.begin(), 32);
414  code[41] = 0;
415  assert(key.size() == 32);
416  memcpy(code + 42, key.begin(), 32);
417 }
418 
419 void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
420  nDepth = code[0];
421  memcpy(vchFingerprint, code + 1, 4);
422  nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
423  memcpy(chaincode.begin(), code + 9, 32);
424  key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
425 }
426 
427 bool ECC_InitSanityCheck() {
428  CKey key;
429  key.MakeNewKey(true);
430  CPubKey pubkey = key.GetPubKey();
431  return key.VerifyPubKey(pubkey);
432 }
433 
434 void ECC_Start() {
435  assert(secp256k1_context_sign == nullptr);
436 
437  secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
438  assert(ctx != nullptr);
439 
440  {
441  // Pass in a random blinding seed to the secp256k1 context.
442  std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
443  GetRandBytes(vseed);
444  bool ret = secp256k1_context_randomize(ctx, vseed.data());
445  assert(ret);
446  }
447 
448  secp256k1_context_sign = ctx;
449 }
450 
451 void ECC_Stop() {
452  secp256k1_context *ctx = secp256k1_context_sign;
453  secp256k1_context_sign = nullptr;
454 
455  if (ctx) {
456  secp256k1_context_destroy(ctx);
457  }
458 }
459 
460 static CKey validKey(bool compressed) {
461  CKey ret;
462  ret.MakeNewKey(compressed);
463  return ret;
464 }
465 
466 CKey CKey::MakeCompressedKey() {
467  return validKey(true);
468 }
469 
470 CKey CKey::MakeUncompressedKey() {
471  return validKey(false);
472 }
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
CHMAC_SHA512
A hasher class for HMAC-SHA-512.
Definition: hmac_sha512.h:14
CHMAC_SHA512::Write
CHMAC_SHA512 & Write(const uint8_t *data, size_t len)
Definition: hmac_sha512.h:23
CHMAC_SHA512::Finalize
void Finalize(uint8_t hash[OUTPUT_SIZE])
Definition: hmac_sha512.cpp:30
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:22
CHash256::Finalize
void Finalize(Span< uint8_t > output)
Definition: hash.h:29
CHash256::Write
CHash256 & Write(Span< const uint8_t > input)
Definition: hash.h:36
CKey
An encapsulated secp256k1 private key.
Definition: key.h:28
CKey::Check
static bool Check(const uint8_t *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:179
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:191
CKey::SIZE
static const unsigned int SIZE
secp256k1:
Definition: key.h:33
CKey::begin
const uint8_t * begin() const
Definition: key.h:90
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< uint8_t > &vchSig) const
Create a compact ECDSA signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:316
CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:89
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:94
CKey::MakeCompressedKey
static CKey MakeCompressedKey()
Produce a valid compressed key.
Definition: key.cpp:466
CKey::SignECDSA
bool SignECDSA(const uint256 &hash, std::vector< uint8_t > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized ECDSA signature.
Definition: key.cpp:242
CKey::fValid
bool fValid
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:40
CKey::MakeUncompressedKey
static CKey MakeUncompressedKey()
Produce a valid uncompressed key.
Definition: key.cpp:470
CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:196
CKey::COMPRESSED_SIZE
static const unsigned int COMPRESSED_SIZE
Definition: key.h:34
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:98
CKey::MakeNewKey
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:183
CKey::fCompressed
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:50
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:210
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:76
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, SchnorrSig &sig, uint32_t test_case=0) const
Create a Schnorr signature.
Definition: key.cpp:288
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:302
CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:336
CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:352
CKey::keydata
std::vector< uint8_t, secure_allocator< uint8_t > > keydata
The actual byte data.
Definition: key.h:53
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CPubKey::begin
const uint8_t * begin() const
Definition: pubkey.h:100
CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:154
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:137
CPubKey::SCHNORR_SIZE
static constexpr unsigned int SCHNORR_SIZE
Definition: pubkey.h:38
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:37
CPubKey::VerifyECDSA
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
Definition: pubkey.cpp:172
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:147
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:36
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:98
CPubKey::SIGNATURE_SIZE
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:39
CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:40
base_blob::data
const uint8_t * data() const
Definition: uint256.h:82
base_blob::begin
uint8_t * begin()
Definition: uint256.h:85
uint256
256-bit opaque blob.
Definition: uint256.h:129
WriteLE32
static void WriteLE32(uint8_t *ptr, uint32_t x)
Definition: common.h:40
BIP32Hash
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
Definition: hash.cpp:72
hmac_sha512.h
ec_privkey_export_der
int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey, size_t *privkeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www....
Definition: key.cpp:101
DoSignSchnorr
static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf, uint32_t test_case)
Definition: key.cpp:272
ec_privkey_import_der
int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *privkey, size_t privkeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
Definition: key.cpp:40
secp256k1_context_sign
static secp256k1_context * secp256k1_context_sign
Definition: key.cpp:16
validKey
static CKey validKey(bool compressed)
Definition: key.cpp:460
SigHasLowR
bool SigHasLowR(const secp256k1_ecdsa_signature *sig)
Definition: key.cpp:227
ECC_InitSanityCheck
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:427
ECC_Start
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:434
ECC_Stop
void ECC_Stop()
Deinitialize the elliptic curve support.
Definition: key.cpp:451
SchnorrSig
std::array< uint8_t, CPubKey::SCHNORR_SIZE > SchnorrSig
a Schnorr signature
Definition: key.h:25
CPrivKey
std::vector< uint8_t, secure_allocator< uint8_t > > CPrivKey
secure_allocator is defined in allocators.h CPrivKey is a serialized private key, with all parameters...
Definition: key.h:22
sig
SchnorrSig sig
Definition: processor.cpp:491
BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
GetRandBytes
void GetRandBytes(Span< uint8_t > bytes) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:639
GetStrongRandBytes
void GetStrongRandBytes(Span< uint8_t > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:642
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:730
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:296
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:550
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:535
secp256k1_ec_privkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:606
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:573
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:152
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:176
secp256k1_ec_privkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:653
SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:177
secp256k1_nonce_function_rfc6979
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:476
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:380
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:196
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:392
secp256k1_recovery.h
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorr.h
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
MakeUCharSpan
constexpr auto MakeUCharSpan(V &&v) -> decltype(UCharSpanCast(Span{std::forward< V >(v)}))
Like the Span constructor, but for (const) uint8_t member types only.
Definition: span.h:337
CExtKey
Definition: key.h:164
CExtKey::Encode
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
Definition: key.cpp:406
CExtKey::Neuter
CExtPubKey Neuter() const
Definition: key.cpp:396
CExtKey::Derive
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:374
CExtKey::nDepth
uint8_t nDepth
Definition: key.h:165
CExtKey::key
CKey key
Definition: key.h:169
CExtKey::Decode
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
Definition: key.cpp:419
CExtKey::chaincode
ChainCode chaincode
Definition: key.h:168
CExtKey::SetSeed
void SetSeed(const uint8_t *seed, unsigned int nSeedLen)
Definition: key.cpp:382
CExtKey::nChild
unsigned int nChild
Definition: key.h:167
CExtKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: key.h:166
CExtPubKey::nDepth
uint8_t nDepth
Definition: pubkey.h:194
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:197
CExtPubKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: pubkey.h:195
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:198
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:196
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
assert
assert(!tx.IsCoinBase())
Generated on Wed Apr 24 2024 17:01:22 for Bitcoin ABC by doxygen 1.9.1