Bitcoin ABC 0.32.8
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-2016 The Bitcoin Core developers
2// Copyright (c) 2017 The Zcash developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6#include <key.h>
7
8#include <crypto/common.h>
9#include <crypto/hmac_sha512.h>
10#include <random.h>
11
12#include <secp256k1.h>
13#include <secp256k1_recovery.h>
14#include <secp256k1_schnorr.h>
15
16static secp256k1_context *secp256k1_context_sign = nullptr;
17
40int ec_seckey_import_der(const secp256k1_context *ctx, uint8_t *out32,
41 const uint8_t *seckey, size_t seckeylen) {
42 const uint8_t *end = seckey + seckeylen;
43 memset(out32, 0, 32);
44 /* sequence header */
45 if (end - seckey < 1 || *seckey != 0x30u) {
46 return 0;
47 }
48 seckey++;
49 /* sequence length constructor */
50 if (end - seckey < 1 || !(*seckey & 0x80u)) {
51 return 0;
52 }
53 ptrdiff_t lenb = *seckey & ~0x80u;
54 seckey++;
55 if (lenb < 1 || lenb > 2) {
56 return 0;
57 }
58 if (end - seckey < lenb) {
59 return 0;
60 }
61 /* sequence length */
62 ptrdiff_t len = seckey[lenb - 1] | (lenb > 1 ? seckey[lenb - 2] << 8 : 0u);
63 seckey += lenb;
64 if (end - seckey < len) {
65 return 0;
66 }
67 /* sequence element 0: version number (=1) */
68 if (end - seckey < 3 || seckey[0] != 0x02u || seckey[1] != 0x01u ||
69 seckey[2] != 0x01u) {
70 return 0;
71 }
72 seckey += 3;
73 /* sequence element 1: octet string, up to 32 bytes */
74 if (end - seckey < 2 || seckey[0] != 0x04u) {
75 return 0;
76 }
77 ptrdiff_t oslen = seckey[1];
78 seckey += 2;
79 if (oslen > 32 || end - seckey < oslen) {
80 return 0;
81 }
82 memcpy(out32 + (32 - oslen), seckey, oslen);
83 if (!secp256k1_ec_seckey_verify(ctx, out32)) {
84 memset(out32, 0, 32);
85 return 0;
86 }
87 return 1;
88}
89
100int ec_seckey_export_der(const secp256k1_context *ctx, uint8_t *seckey,
101 size_t *seckeylen, const uint8_t *key32,
102 bool compressed) {
103 assert(*seckeylen >= CKey::SIZE);
104 secp256k1_pubkey pubkey;
105 size_t pubkeylen = 0;
106 if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
107 *seckeylen = 0;
108 return 0;
109 }
110
111 if (compressed) {
112 static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
113 0x01, 0x01, 0x04, 0x20};
114 static const uint8_t middle[] = {
115 0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
116 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
117 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
118 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
120 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
121 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
122 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
123 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
124 0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
126 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
127 0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
128 uint8_t *ptr = seckey;
129 memcpy(ptr, begin, sizeof(begin));
130 ptr += sizeof(begin);
131 memcpy(ptr, key32, 32);
132 ptr += 32;
133 memcpy(ptr, middle, sizeof(middle));
134 ptr += sizeof(middle);
135 pubkeylen = CPubKey::COMPRESSED_SIZE;
136 secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
137 SECP256K1_EC_COMPRESSED);
138 ptr += pubkeylen;
139 *seckeylen = ptr - seckey;
140 assert(*seckeylen == CKey::COMPRESSED_SIZE);
141 } else {
142 static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
143 0x01, 0x01, 0x04, 0x20};
144 static const uint8_t middle[] = {
145 0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
146 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
147 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
148 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
149 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
150 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
151 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
152 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
153 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
154 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
155 0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
156 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
157 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
158 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
159 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
160 0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
161 uint8_t *ptr = seckey;
162 memcpy(ptr, begin, sizeof(begin));
163 ptr += sizeof(begin);
164 memcpy(ptr, key32, 32);
165 ptr += 32;
166 memcpy(ptr, middle, sizeof(middle));
167 ptr += sizeof(middle);
168 pubkeylen = CPubKey::SIZE;
169 secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
170 SECP256K1_EC_UNCOMPRESSED);
171 ptr += pubkeylen;
172 *seckeylen = ptr - seckey;
173 assert(*seckeylen == CKey::SIZE);
174 }
175 return 1;
176}
177
178bool CKey::Check(const uint8_t *vch) {
179 return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
180}
181
182void CKey::MakeNewKey(bool fCompressedIn) {
183 do {
184 GetStrongRandBytes(keydata);
185 } while (!Check(keydata.data()));
186 fValid = true;
187 fCompressed = fCompressedIn;
188}
189
190bool CKey::Negate() {
191 assert(fValid);
192 return secp256k1_ec_seckey_negate(secp256k1_context_sign, keydata.data());
193}
194
195CPrivKey CKey::GetPrivKey() const {
196 assert(fValid);
197 CPrivKey seckey;
198 int ret;
199 size_t seckeylen;
200 seckey.resize(SIZE);
201 seckeylen = SIZE;
202 ret = ec_seckey_export_der(secp256k1_context_sign, seckey.data(),
203 &seckeylen, begin(), fCompressed);
204 assert(ret);
205 seckey.resize(seckeylen);
206 return seckey;
207}
208
209CPubKey CKey::GetPubKey() const {
210 assert(fValid);
211 secp256k1_pubkey pubkey;
212 size_t clen = CPubKey::SIZE;
213 CPubKey result;
214 int ret =
215 secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
216 assert(ret);
217 secp256k1_ec_pubkey_serialize(
218 secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
219 fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
220 assert(result.size() == clen);
221 assert(result.IsValid());
222 return result;
223}
224
225// Check that the sig has a low R value and will be less than 71 bytes
226bool SigHasLowR(const secp256k1_ecdsa_signature *sig) {
227 uint8_t compact_sig[64];
228 secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
229 compact_sig, sig);
230
231 // In DER serialization, all values are interpreted as big-endian, signed
232 // integers. The highest bit in the integer indicates its signed-ness; 0 is
233 // positive, 1 is negative. When the value is interpreted as a negative
234 // integer, it must be converted to a positive value by prepending a 0x00
235 // byte so that the highest bit is 0. We can avoid this prepending by
236 // ensuring that our highest bit is always 0, and thus we must check that
237 // the first byte is less than 0x80.
238 return compact_sig[0] < 0x80;
239}
240
241bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
242 bool grind, uint32_t test_case) const {
243 if (!fValid) {
244 return false;
245 }
246 vchSig.resize(CPubKey::SIGNATURE_SIZE);
247 size_t nSigLen = CPubKey::SIGNATURE_SIZE;
248 uint8_t extra_entropy[32] = {0};
249 WriteLE32(extra_entropy, test_case);
250 secp256k1_ecdsa_signature sig;
251 uint32_t counter = 0;
252 int ret =
253 secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
254 begin(), secp256k1_nonce_function_rfc6979,
255 (!grind && test_case) ? extra_entropy : nullptr);
256
257 // Grind for low R
258 while (ret && !SigHasLowR(&sig) && grind) {
259 WriteLE32(extra_entropy, ++counter);
260 ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
261 begin(), secp256k1_nonce_function_rfc6979,
262 extra_entropy);
263 }
264 assert(ret);
265 secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
266 vchSig.data(), &nSigLen, &sig);
267 vchSig.resize(nSigLen);
268 return true;
269}
270
271static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf,
272 uint32_t test_case) {
273 if (!key.IsValid()) {
274 return false;
275 }
276
277 uint8_t extra_entropy[32] = {0};
278 WriteLE32(extra_entropy, test_case);
279
280 int ret = secp256k1_schnorr_sign(
281 secp256k1_context_sign, buf, hash.begin(), key.begin(),
282 secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
283 assert(ret);
284 return true;
285}
286
287bool CKey::SignSchnorr(const uint256 &hash, SchnorrSig &sig,
288 uint32_t test_case) const {
289 return DoSignSchnorr(*this, hash, sig.data(), test_case);
290}
291
292bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
293 uint32_t test_case) const {
294 if (!fValid) {
295 return false;
296 }
297 vchSig.resize(CPubKey::SCHNORR_SIZE);
298 return DoSignSchnorr(*this, hash, vchSig.data(), test_case);
299}
300
301bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
302 if (pubkey.IsCompressed() != fCompressed) {
303 return false;
304 }
305 uint8_t rnd[8];
306 std::string str = "Bitcoin key verification\n";
307 GetRandBytes(rnd);
308 uint256 hash;
309 CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
310 std::vector<uint8_t> vchSig;
311 SignECDSA(hash, vchSig);
312 return pubkey.VerifyECDSA(hash, vchSig);
313}
314
315bool CKey::SignCompact(const uint256 &hash,
316 std::vector<uint8_t> &vchSig) const {
317 if (!fValid) {
318 return false;
319 }
320 vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
321 int rec = -1;
322 secp256k1_ecdsa_recoverable_signature sig;
323 int ret = secp256k1_ecdsa_sign_recoverable(
324 secp256k1_context_sign, &sig, hash.begin(), begin(),
325 secp256k1_nonce_function_rfc6979, nullptr);
326 assert(ret);
327 ret = secp256k1_ecdsa_recoverable_signature_serialize_compact(
328 secp256k1_context_sign, &vchSig[1], &rec, &sig);
329 assert(ret);
330 assert(rec != -1);
331 vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
332 return true;
333}
334
335bool CKey::Load(const CPrivKey &seckey, const CPubKey &vchPubKey,
336 bool fSkipCheck = false) {
337 if (!ec_seckey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
338 seckey.data(), seckey.size())) {
339 return false;
340 }
341 fCompressed = vchPubKey.IsCompressed();
342 fValid = true;
343
344 if (fSkipCheck) {
345 return true;
346 }
347
348 return VerifyPubKey(vchPubKey);
349}
350
351bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
352 const ChainCode &cc) const {
353 assert(IsValid());
354 assert(IsCompressed());
355 std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
356 if ((nChild >> 31) == 0) {
357 CPubKey pubkey = GetPubKey();
358 assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
359 BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
360 } else {
361 assert(size() == 32);
362 BIP32Hash(cc, nChild, 0, begin(), vout.data());
363 }
364 memcpy(ccChild.begin(), vout.data() + 32, 32);
365 memcpy((uint8_t *)keyChild.begin(), begin(), 32);
366 bool ret = secp256k1_ec_seckey_tweak_add(
367 secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
368 keyChild.fCompressed = true;
369 keyChild.fValid = ret;
370 return ret;
371}
372
373bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
374 out.nDepth = nDepth + 1;
375 CKeyID id = key.GetPubKey().GetID();
376 memcpy(out.vchFingerprint, &id, 4);
377 out.nChild = _nChild;
378 return key.Derive(out.key, out.chaincode, _nChild, chaincode);
379}
380
381void CExtKey::SetSeed(Span<const std::byte> seed) {
382 static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
383 'n', ' ', 's', 'e', 'e', 'd'};
384 std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
385 CHMAC_SHA512{hashkey, sizeof(hashkey)}
386 .Write(UCharCast(seed.data()), seed.size())
387 .Finalize(vout.data());
388 key.Set(vout.data(), vout.data() + 32, true);
389 memcpy(chaincode.begin(), vout.data() + 32, 32);
390 nDepth = 0;
391 nChild = 0;
392 memset(vchFingerprint, 0, sizeof(vchFingerprint));
393}
394
395CExtPubKey CExtKey::Neuter() const {
396 CExtPubKey ret;
397 ret.nDepth = nDepth;
398 memcpy(ret.vchFingerprint, vchFingerprint, 4);
399 ret.nChild = nChild;
400 ret.pubkey = key.GetPubKey();
401 ret.chaincode = chaincode;
402 return ret;
403}
404
405void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
406 code[0] = nDepth;
407 memcpy(code + 1, vchFingerprint, 4);
408 code[5] = (nChild >> 24) & 0xFF;
409 code[6] = (nChild >> 16) & 0xFF;
410 code[7] = (nChild >> 8) & 0xFF;
411 code[8] = (nChild >> 0) & 0xFF;
412 memcpy(code + 9, chaincode.begin(), 32);
413 code[41] = 0;
414 assert(key.size() == 32);
415 memcpy(code + 42, key.begin(), 32);
416}
417
418void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
419 nDepth = code[0];
420 memcpy(vchFingerprint, code + 1, 4);
421 nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
422 memcpy(chaincode.begin(), code + 9, 32);
423 key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
424}
425
426bool ECC_InitSanityCheck() {
427 CKey key;
428 key.MakeNewKey(true);
429 CPubKey pubkey = key.GetPubKey();
430 return key.VerifyPubKey(pubkey);
431}
432
433void ECC_Start() {
434 assert(secp256k1_context_sign == nullptr);
435
436 secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
437 assert(ctx != nullptr);
438
439 {
440 // Pass in a random blinding seed to the secp256k1 context.
441 std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
442 GetRandBytes(vseed);
443 bool ret = secp256k1_context_randomize(ctx, vseed.data());
444 assert(ret);
445 }
446
447 secp256k1_context_sign = ctx;
448}
449
450void ECC_Stop() {
451 secp256k1_context *ctx = secp256k1_context_sign;
452 secp256k1_context_sign = nullptr;
453
454 if (ctx) {
455 secp256k1_context_destroy(ctx);
456 }
457}
458
459static CKey validKey(bool compressed) {
460 CKey ret;
461 ret.MakeNewKey(compressed);
462 return ret;
463}
464
465CKey CKey::MakeCompressedKey() {
466 return validKey(true);
467}
468
469CKey CKey::MakeUncompressedKey() {
470 return validKey(false);
471}
CHMAC_SHA512
A hasher class for HMAC-SHA-512.
Definition: hmac_sha512.h:14
CHMAC_SHA512::Write
CHMAC_SHA512 & Write(const uint8_t *data, size_t len)
Definition: hmac_sha512.h:23
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:22
CHash256::Write
CHash256 & Write(Span< const uint8_t > input)
Definition: hash.h:36
CHash256::Finalize
void Finalize(Span< uint8_t > output)
Definition: hash.h:29
CKey
An encapsulated secp256k1 private key.
Definition: key.h:28
CKey::Check
static bool Check(const uint8_t *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:178
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:190
CKey::SIZE
static const unsigned int SIZE
secp256k1:
Definition: key.h:33
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< uint8_t > &vchSig) const
Create a compact ECDSA signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:315
CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:89
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:97
CKey::MakeCompressedKey
static CKey MakeCompressedKey()
Produce a valid compressed key.
Definition: key.cpp:465
CKey::SignECDSA
bool SignECDSA(const uint256 &hash, std::vector< uint8_t > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized ECDSA signature.
Definition: key.cpp:241
CKey::fValid
bool fValid
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:46
CKey::MakeUncompressedKey
static CKey MakeUncompressedKey()
Produce a valid uncompressed key.
Definition: key.cpp:469
CKey::begin
const uint8_t * begin() const
Definition: key.h:93
CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:195
CKey::COMPRESSED_SIZE
static const unsigned int COMPRESSED_SIZE
Definition: key.h:34
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:101
CKey::MakeNewKey
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:182
CKey::fCompressed
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:50
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:209
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:76
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, SchnorrSig &sig, uint32_t test_case=0) const
Create a Schnorr signature.
Definition: key.cpp:287
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:301
CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:335
CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:351
CKey::keydata
std::vector< uint8_t, secure_allocator< uint8_t > > keydata
The actual byte data.
Definition: key.h:53
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:154
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:137
CPubKey::SCHNORR_SIZE
static constexpr unsigned int SCHNORR_SIZE
Definition: pubkey.h:38
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:37
CPubKey::VerifyECDSA
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
Definition: pubkey.cpp:172
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:147
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:36
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:98
CPubKey::begin
const uint8_t * begin() const
Definition: pubkey.h:100
CPubKey::SIGNATURE_SIZE
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:39
CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:40
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:94
Span::size
constexpr std::size_t size() const noexcept
Definition: span.h:210
Span::data
constexpr C * data() const noexcept
Definition: span.h:199
base_blob::begin
uint8_t * begin()
Definition: uint256.h:85
base_blob::data
const uint8_t * data() const
Definition: uint256.h:82
uint256
256-bit opaque blob.
Definition: uint256.h:129
WriteLE32
static void WriteLE32(uint8_t *ptr, uint32_t x)
Definition: common.h:36
BIP32Hash
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
Definition: hash.cpp:72
hmac_sha512.h
ec_seckey_import_der
int ec_seckey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *seckey, size_t seckeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
Definition: key.cpp:40
DoSignSchnorr
static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf, uint32_t test_case)
Definition: key.cpp:271
secp256k1_context_sign
static secp256k1_context * secp256k1_context_sign
Definition: key.cpp:16
validKey
static CKey validKey(bool compressed)
Definition: key.cpp:459
SigHasLowR
bool SigHasLowR(const secp256k1_ecdsa_signature *sig)
Definition: key.cpp:226
ECC_InitSanityCheck
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:426
ECC_Start
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:433
ec_seckey_export_der
int ec_seckey_export_der(const secp256k1_context *ctx, uint8_t *seckey, size_t *seckeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www....
Definition: key.cpp:100
ECC_Stop
void ECC_Stop()
Deinitialize the elliptic curve support.
Definition: key.cpp:450
SchnorrSig
std::array< uint8_t, CPubKey::SCHNORR_SIZE > SchnorrSig
a Schnorr signature
Definition: key.h:25
CPrivKey
std::vector< uint8_t, secure_allocator< uint8_t > > CPrivKey
secure_allocator is defined in allocators.h CPrivKey is a serialized private key, with all parameters...
Definition: key.h:22
ctx
secp256k1_context * ctx
Definition: bench_impl.h:13
sig
SchnorrSig sig
Definition: processor.cpp:523
BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
GetRandBytes
void GetRandBytes(Span< uint8_t > bytes) noexcept
================== BASE RANDOMNESS GENERATION FUNCTIONS ====================
Definition: random.cpp:690
GetStrongRandBytes
void GetStrongRandBytes(Span< uint8_t > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:695
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:157
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:200
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:718
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:581
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:257
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:540
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:118
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:525
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:563
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:205
SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:206
secp256k1_nonce_function_rfc6979
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:466
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:367
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:627
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:379
secp256k1_recovery.h
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorr.h
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:32
UCharCast
uint8_t * UCharCast(char *c)
Definition: span.h:310
MakeUCharSpan
constexpr auto MakeUCharSpan(V &&v) -> decltype(UCharSpanCast(Span{std::forward< V >(v)}))
Like the Span constructor, but for (const) uint8_t member types only.
Definition: span.h:350
CExtKey
Definition: key.h:167
CExtKey::Encode
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
Definition: key.cpp:405
CExtKey::Neuter
CExtPubKey Neuter() const
Definition: key.cpp:395
CExtKey::Derive
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:373
CExtKey::nDepth
uint8_t nDepth
Definition: key.h:168
CExtKey::key
CKey key
Definition: key.h:172
CExtKey::Decode
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
Definition: key.cpp:418
CExtKey::chaincode
ChainCode chaincode
Definition: key.h:171
CExtKey::nChild
unsigned int nChild
Definition: key.h:170
CExtKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: key.h:169
CExtKey::SetSeed
void SetSeed(Span< const std::byte > seed)
Definition: key.cpp:381
CExtPubKey::nDepth
uint8_t nDepth
Definition: pubkey.h:194
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:197
CExtPubKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: pubkey.h:195
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:198
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:196
secp256k1_context_struct
Definition: secp256k1.c:58
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
assert
assert(!tx.IsCoinBase())
Generated on Fri Feb 13 2026 20:17:43 for Bitcoin ABC by doxygen 1.9.4