1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2014 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_KEY_H
#define BITCOIN_KEY_H
#include "allocators.h"
#include "serialize.h"
#include "uint256.h"
#include <stdexcept>
#include <vector>
class CPubKey;
struct CExtPubKey;
/**
* secp256k1:
* const unsigned int PRIVATE_KEY_SIZE = 279;
* const unsigned int PUBLIC_KEY_SIZE = 65;
* const unsigned int SIGNATURE_SIZE = 72;
*
* see www.keylength.com
* script supports up to 75 for single byte push
*/
/**
* secure_allocator is defined in allocators.h
* CPrivKey is a serialized private key, with all parameters included (279 bytes)
*/
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
/** An encapsulated private key. */
class CKey
{
private:
//! Whether this private key is valid. We check for correctness when modifying the key
//! data, so fValid should always correspond to the actual state.
bool fValid;
//! Whether the public key corresponding to this private key is (to be) compressed.
bool fCompressed;
//! The actual byte data
unsigned char vch[32];
//! Check whether the 32-byte array pointed to be vch is valid keydata.
bool static Check(const unsigned char* vch);
public:
//! Construct an invalid private key.
CKey() : fValid(false), fCompressed(false)
{
LockObject(vch);
}
//! Copy constructor. This is necessary because of memlocking.
CKey(const CKey& secret) : fValid(secret.fValid), fCompressed(secret.fCompressed)
{
LockObject(vch);
memcpy(vch, secret.vch, sizeof(vch));
}
//! Destructor (again necessary because of memlocking).
~CKey()
{
UnlockObject(vch);
}
friend bool operator==(const CKey& a, const CKey& b)
{
return a.fCompressed == b.fCompressed && a.size() == b.size() &&
memcmp(&a.vch[0], &b.vch[0], a.size()) == 0;
}
//! Initialize using begin and end iterators to byte data.
template <typename T>
void Set(const T pbegin, const T pend, bool fCompressedIn)
{
if (pend - pbegin != 32) {
fValid = false;
return;
}
if (Check(&pbegin[0])) {
memcpy(vch, (unsigned char*)&pbegin[0], 32);
fValid = true;
fCompressed = fCompressedIn;
} else {
fValid = false;
}
}
//! Simple read-only vector-like interface.
unsigned int size() const { return (fValid ? 32 : 0); }
const unsigned char* begin() const { return vch; }
const unsigned char* end() const { return vch + size(); }
//! Check whether this private key is valid.
bool IsValid() const { return fValid; }
//! Check whether the public key corresponding to this private key is (to be) compressed.
bool IsCompressed() const { return fCompressed; }
//! Initialize from a CPrivKey (serialized OpenSSL private key data).
bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);
//! Generate a new private key using a cryptographic PRNG.
void MakeNewKey(bool fCompressed);
/**
* Convert the private key to a CPrivKey (serialized OpenSSL private key data).
* This is expensive.
*/
CPrivKey GetPrivKey() const;
/**
* Compute the public key from a private key.
* This is expensive.
*/
CPubKey GetPubKey() const;
/**
* Create a DER-serialized signature.
* The test_case parameter tweaks the deterministic nonce, and is only for
* testing. It should be zero for normal use.
*/
bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
/**
* Create a compact signature (65 bytes), which allows reconstructing the used public key.
* The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
* The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
* 0x1D = second key with even y, 0x1E = second key with odd y,
* add 0x04 for compressed keys.
*/
bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
//! Derive BIP32 child key.
bool Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const;
/**
* Verify thoroughly whether a private key and a public key match.
* This is done using a different mechanism than just regenerating it.
*/
bool VerifyPubKey(const CPubKey& vchPubKey) const;
//! Load private key and check that public key matches.
bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
//! Check whether an element of a signature (r or s) is valid.
static bool CheckSignatureElement(const unsigned char* vch, int len, bool half);
};
struct CExtKey {
unsigned char nDepth;
unsigned char vchFingerprint[4];
unsigned int nChild;
unsigned char vchChainCode[32];
CKey key;
friend bool operator==(const CExtKey& a, const CExtKey& b)
{
return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], 4) == 0 && a.nChild == b.nChild &&
memcmp(&a.vchChainCode[0], &b.vchChainCode[0], 32) == 0 && a.key == b.key;
}
void Encode(unsigned char code[74]) const;
void Decode(const unsigned char code[74]);
bool Derive(CExtKey& out, unsigned int nChild) const;
CExtPubKey Neuter() const;
void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
};
/** Check that required EC support is available at runtime */
bool ECC_InitSanityCheck(void);
#endif // BITCOIN_KEY_H
|