Bitcoin ABC  0.22.12
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2016 The Bitcoin Core developers
2 // Copyright (c) 2017 The Zcash developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <key.h>
7 
8 #include <crypto/common.h>
9 #include <crypto/hmac_sha512.h>
10 #include <random.h>
11 
12 #include <secp256k1.h>
13 #include <secp256k1_recovery.h>
14 #include <secp256k1_schnorr.h>
15 
16 static secp256k1_context *secp256k1_context_sign = nullptr;
17 
40 static int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32,
41  const uint8_t *privkey, size_t privkeylen) {
42  const uint8_t *end = privkey + privkeylen;
43  memset(out32, 0, 32);
44  /* sequence header */
45  if (end - privkey < 1 || *privkey != 0x30u) {
46  return 0;
47  }
48  privkey++;
49  /* sequence length constructor */
50  if (end - privkey < 1 || !(*privkey & 0x80u)) {
51  return 0;
52  }
53  ptrdiff_t lenb = *privkey & ~0x80u;
54  privkey++;
55  if (lenb < 1 || lenb > 2) {
56  return 0;
57  }
58  if (end - privkey < lenb) {
59  return 0;
60  }
61  /* sequence length */
62  ptrdiff_t len =
63  privkey[lenb - 1] | (lenb > 1 ? privkey[lenb - 2] << 8 : 0u);
64  privkey += lenb;
65  if (end - privkey < len) {
66  return 0;
67  }
68  /* sequence element 0: version number (=1) */
69  if (end - privkey < 3 || privkey[0] != 0x02u || privkey[1] != 0x01u ||
70  privkey[2] != 0x01u) {
71  return 0;
72  }
73  privkey += 3;
74  /* sequence element 1: octet string, up to 32 bytes */
75  if (end - privkey < 2 || privkey[0] != 0x04u) {
76  return 0;
77  }
78  ptrdiff_t oslen = privkey[1];
79  privkey += 2;
80  if (oslen > 32 || end - privkey < oslen) {
81  return 0;
82  }
83  memcpy(out32 + (32 - oslen), privkey, oslen);
84  if (!secp256k1_ec_seckey_verify(ctx, out32)) {
85  memset(out32, 0, 32);
86  return 0;
87  }
88  return 1;
89 }
90 
101 static int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey,
102  size_t *privkeylen, const uint8_t *key32,
103  bool compressed) {
104  assert(*privkeylen >= CKey::SIZE);
105  secp256k1_pubkey pubkey;
106  size_t pubkeylen = 0;
107  if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
108  *privkeylen = 0;
109  return 0;
110  }
111 
112  if (compressed) {
113  static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
114  0x01, 0x01, 0x04, 0x20};
115  static const uint8_t middle[] = {
116  0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
117  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
118  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
120  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
121  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
122  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
123  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
124  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
125  0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
127  0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
128  0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
129  uint8_t *ptr = privkey;
130  memcpy(ptr, begin, sizeof(begin));
131  ptr += sizeof(begin);
132  memcpy(ptr, key32, 32);
133  ptr += 32;
134  memcpy(ptr, middle, sizeof(middle));
135  ptr += sizeof(middle);
136  pubkeylen = CPubKey::COMPRESSED_SIZE;
137  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
138  SECP256K1_EC_COMPRESSED);
139  ptr += pubkeylen;
140  *privkeylen = ptr - privkey;
141  assert(*privkeylen == CKey::COMPRESSED_SIZE);
142  } else {
143  static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
144  0x01, 0x01, 0x04, 0x20};
145  static const uint8_t middle[] = {
146  0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
147  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
148  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
149  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
150  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
151  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
152  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
153  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
154  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
155  0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
156  0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
157  0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
158  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
159  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
160  0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
161  0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
162  uint8_t *ptr = privkey;
163  memcpy(ptr, begin, sizeof(begin));
164  ptr += sizeof(begin);
165  memcpy(ptr, key32, 32);
166  ptr += 32;
167  memcpy(ptr, middle, sizeof(middle));
168  ptr += sizeof(middle);
169  pubkeylen = CPubKey::SIZE;
170  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
171  SECP256K1_EC_UNCOMPRESSED);
172  ptr += pubkeylen;
173  *privkeylen = ptr - privkey;
174  assert(*privkeylen == CKey::SIZE);
175  }
176  return 1;
177 }
178 
179 bool CKey::Check(const uint8_t *vch) {
180  return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
181 }
182 
183 void CKey::MakeNewKey(bool fCompressedIn) {
184  do {
185  GetStrongRandBytes(keydata.data(), keydata.size());
186  } while (!Check(keydata.data()));
187  fValid = true;
188  fCompressed = fCompressedIn;
189 }
190 
191 bool CKey::Negate() {
192  assert(fValid);
193  return secp256k1_ec_privkey_negate(secp256k1_context_sign, keydata.data());
194 }
195 
196 CPrivKey CKey::GetPrivKey() const {
197  assert(fValid);
198  CPrivKey privkey;
199  int ret;
200  size_t privkeylen;
201  privkey.resize(SIZE);
202  privkeylen = SIZE;
203  ret = ec_privkey_export_der(secp256k1_context_sign, privkey.data(),
204  &privkeylen, begin(), fCompressed);
205  assert(ret);
206  privkey.resize(privkeylen);
207  return privkey;
208 }
209 
210 CPubKey CKey::GetPubKey() const {
211  assert(fValid);
212  secp256k1_pubkey pubkey;
213  size_t clen = CPubKey::SIZE;
214  CPubKey result;
215  int ret =
216  secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
217  assert(ret);
218  secp256k1_ec_pubkey_serialize(
219  secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
220  fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
221  assert(result.size() == clen);
222  assert(result.IsValid());
223  return result;
224 }
225 
226 // Check that the sig has a low R value and will be less than 71 bytes
227 static bool SigHasLowR(const secp256k1_ecdsa_signature *sig) {
228  uint8_t compact_sig[64];
229  secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
230  compact_sig, sig);
231 
232  // In DER serialization, all values are interpreted as big-endian, signed
233  // integers. The highest bit in the integer indicates its signed-ness; 0 is
234  // positive, 1 is negative. When the value is interpreted as a negative
235  // integer, it must be converted to a positive value by prepending a 0x00
236  // byte so that the highest bit is 0. We can avoid this prepending by
237  // ensuring that our highest bit is always 0, and thus we must check that
238  // the first byte is less than 0x80.
239  return compact_sig[0] < 0x80;
240 }
241 
242 bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
243  bool grind, uint32_t test_case) const {
244  if (!fValid) {
245  return false;
246  }
247  vchSig.resize(CPubKey::SIGNATURE_SIZE);
248  size_t nSigLen = CPubKey::SIGNATURE_SIZE;
249  uint8_t extra_entropy[32] = {0};
250  WriteLE32(extra_entropy, test_case);
251  secp256k1_ecdsa_signature sig;
252  uint32_t counter = 0;
253  int ret =
254  secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
255  begin(), secp256k1_nonce_function_rfc6979,
256  (!grind && test_case) ? extra_entropy : nullptr);
257 
258  // Grind for low R
259  while (ret && !SigHasLowR(&sig) && grind) {
260  WriteLE32(extra_entropy, ++counter);
261  ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
262  begin(), secp256k1_nonce_function_rfc6979,
263  extra_entropy);
264  }
265  assert(ret);
266  secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
267  vchSig.data(), &nSigLen, &sig);
268  vchSig.resize(nSigLen);
269  return true;
270 }
271 
272 static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf,
273  uint32_t test_case) {
274  if (!key.IsValid()) {
275  return false;
276  }
277 
278  uint8_t extra_entropy[32] = {0};
279  WriteLE32(extra_entropy, test_case);
280 
281  int ret = secp256k1_schnorr_sign(
282  secp256k1_context_sign, buf, hash.begin(), key.begin(),
283  secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
284  assert(ret);
285  return true;
286 }
287 
288 bool CKey::SignSchnorr(const uint256 &hash,
289  std::array<uint8_t, CPubKey::SCHNORR_SIZE> &sig,
290  uint32_t test_case) const {
291  return DoSignSchnorr(*this, hash, sig.data(), test_case);
292 }
293 
294 bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
295  uint32_t test_case) const {
296  if (!fValid) {
297  return false;
298  }
299  vchSig.resize(CPubKey::SCHNORR_SIZE);
300  return DoSignSchnorr(*this, hash, vchSig.data(), test_case);
301 }
302 
303 bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
304  if (pubkey.IsCompressed() != fCompressed) {
305  return false;
306  }
307  uint8_t rnd[8];
308  std::string str = "Bitcoin key verification\n";
309  GetRandBytes(rnd, sizeof(rnd));
310  uint256 hash;
311  CHash256()
312  .Write((uint8_t *)str.data(), str.size())
313  .Write(rnd, sizeof(rnd))
314  .Finalize(hash.begin());
315  std::vector<uint8_t> vchSig;
316  SignECDSA(hash, vchSig);
317  return pubkey.VerifyECDSA(hash, vchSig);
318 }
319 
320 bool CKey::SignCompact(const uint256 &hash,
321  std::vector<uint8_t> &vchSig) const {
322  if (!fValid) {
323  return false;
324  }
325  vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
326  int rec = -1;
327  secp256k1_ecdsa_recoverable_signature sig;
328  int ret = secp256k1_ecdsa_sign_recoverable(
329  secp256k1_context_sign, &sig, hash.begin(), begin(),
330  secp256k1_nonce_function_rfc6979, nullptr);
331  assert(ret);
332  ret = secp256k1_ecdsa_recoverable_signature_serialize_compact(
333  secp256k1_context_sign, &vchSig[1], &rec, &sig);
334  assert(ret);
335  assert(rec != -1);
336  vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
337  return true;
338 }
339 
340 bool CKey::Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
341  bool fSkipCheck = false) {
342  if (!ec_privkey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
343  privkey.data(), privkey.size())) {
344  return false;
345  }
346  fCompressed = vchPubKey.IsCompressed();
347  fValid = true;
348 
349  if (fSkipCheck) {
350  return true;
351  }
352 
353  return VerifyPubKey(vchPubKey);
354 }
355 
356 bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
357  const ChainCode &cc) const {
358  assert(IsValid());
359  assert(IsCompressed());
360  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
361  if ((nChild >> 31) == 0) {
362  CPubKey pubkey = GetPubKey();
363  assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
364  BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
365  } else {
366  assert(size() == 32);
367  BIP32Hash(cc, nChild, 0, begin(), vout.data());
368  }
369  memcpy(ccChild.begin(), vout.data() + 32, 32);
370  memcpy((uint8_t *)keyChild.begin(), begin(), 32);
371  bool ret = secp256k1_ec_privkey_tweak_add(
372  secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
373  keyChild.fCompressed = true;
374  keyChild.fValid = ret;
375  return ret;
376 }
377 
378 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
379  out.nDepth = nDepth + 1;
380  CKeyID id = key.GetPubKey().GetID();
381  memcpy(&out.vchFingerprint[0], &id, 4);
382  out.nChild = _nChild;
383  return key.Derive(out.key, out.chaincode, _nChild, chaincode);
384 }
385 
386 void CExtKey::SetSeed(const uint8_t *seed, unsigned int nSeedLen) {
387  static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
388  'n', ' ', 's', 'e', 'e', 'd'};
389  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
390  CHMAC_SHA512(hashkey, sizeof(hashkey))
391  .Write(seed, nSeedLen)
392  .Finalize(vout.data());
393  key.Set(vout.data(), vout.data() + 32, true);
394  memcpy(chaincode.begin(), vout.data() + 32, 32);
395  nDepth = 0;
396  nChild = 0;
397  memset(vchFingerprint, 0, sizeof(vchFingerprint));
398 }
399 
400 CExtPubKey CExtKey::Neuter() const {
401  CExtPubKey ret;
402  ret.nDepth = nDepth;
403  memcpy(&ret.vchFingerprint[0], &vchFingerprint[0], 4);
404  ret.nChild = nChild;
405  ret.pubkey = key.GetPubKey();
406  ret.chaincode = chaincode;
407  return ret;
408 }
409 
410 void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
411  code[0] = nDepth;
412  memcpy(code + 1, vchFingerprint, 4);
413  code[5] = (nChild >> 24) & 0xFF;
414  code[6] = (nChild >> 16) & 0xFF;
415  code[7] = (nChild >> 8) & 0xFF;
416  code[8] = (nChild >> 0) & 0xFF;
417  memcpy(code + 9, chaincode.begin(), 32);
418  code[41] = 0;
419  assert(key.size() == 32);
420  memcpy(code + 42, key.begin(), 32);
421 }
422 
423 void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
424  nDepth = code[0];
425  memcpy(vchFingerprint, code + 1, 4);
426  nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
427  memcpy(chaincode.begin(), code + 9, 32);
428  key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
429 }
430 
431 bool ECC_InitSanityCheck() {
432  CKey key;
433  key.MakeNewKey(true);
434  CPubKey pubkey = key.GetPubKey();
435  return key.VerifyPubKey(pubkey);
436 }
437 
438 void ECC_Start() {
439  assert(secp256k1_context_sign == nullptr);
440 
441  secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
442  assert(ctx != nullptr);
443 
444  {
445  // Pass in a random blinding seed to the secp256k1 context.
446  std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
447  GetRandBytes(vseed.data(), 32);
448  bool ret = secp256k1_context_randomize(ctx, vseed.data());
449  assert(ret);
450  }
451 
452  secp256k1_context_sign = ctx;
453 }
454 
455 void ECC_Stop() {
456  secp256k1_context *ctx = secp256k1_context_sign;
457  secp256k1_context_sign = nullptr;
458 
459  if (ctx) {
460  secp256k1_context_destroy(ctx);
461  }
462 }
CKey::keydata
std::vector< uint8_t, secure_allocator< uint8_t > > keydata
The actual byte data.
Definition: key.h:50
base_blob::data
uint8_t data[WIDTH]
Definition: uint256.h:19
ECC_Start
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:438
CKey::SignECDSA
bool SignECDSA(const uint256 &hash, std::vector< uint8_t > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized ECDSA signature.
Definition: key.cpp:242
CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:196
sig
std::array< uint8_t, 64 > sig
Definition: processor.cpp:248
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:36
secp256k1_ecdsa_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:393
ec_privkey_import_der
static int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *privkey, size_t privkeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
Definition: key.cpp:40
WriteLE32
static void WriteLE32(uint8_t *ptr, uint32_t x)
Definition: common.h:40
CExtKey::key
CKey key
Definition: key.h:163
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:191
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:731
CExtKey::Derive
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:378
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:303
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:210
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
CExtKey
Definition: key.h:158
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
CPubKey::VerifyECDSA
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
Definition: pubkey.cpp:173
CExtKey::Encode
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
Definition: key.cpp:410
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:297
CHash256
A hasher class for Bitcoin&#39;s 256-bit hash (double SHA-256).
Definition: hash.h:22
secp256k1_context_struct
Definition: secp256k1.c:70
CKey::SIZE
static const unsigned int SIZE
secp256k1:
Definition: key.h:30
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:197
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
secp256k1_ec_privkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:654
CKey::fValid
bool fValid
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:37
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:196
CPubKey::begin
const uint8_t * begin() const
Definition: pubkey.h:100
CPrivKey
std::vector< uint8_t, secure_allocator< uint8_t > > CPrivKey
secure_allocator is defined in allocators.h CPrivKey is a serialized private key, with all parameters...
Definition: key.h:22
secp256k1_ec_privkey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:607
secp256k1_nonce_function_rfc6979
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:477
GetRandBytes
void GetRandBytes(uint8_t *buf, int num) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:625
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:197
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:574
SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:177
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:176
CKey::COMPRESSED_SIZE
static const unsigned int COMPRESSED_SIZE
Definition: key.h:31
hmac_sha512.h
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:37
BIP32Hash
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
Definition: hash.cpp:72
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:551
CExtKey::SetSeed
void SetSeed(const uint8_t *seed, unsigned int nSeedLen)
Definition: key.cpp:386
DoSignSchnorr
static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf, uint32_t test_case)
Definition: key.cpp:272
ECC_Stop
void ECC_Stop()
Deinitialize the elliptic curve support.
Definition: key.cpp:455
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:147
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:536
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CKey::Check
static bool Check(const uint8_t *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:179
ec_privkey_export_der
static int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey, size_t *privkeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www...
Definition: key.cpp:101
CKey::MakeNewKey
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:183
CExtKey::nChild
unsigned int nChild
Definition: key.h:161
CExtKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: key.h:160
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< uint8_t > &vchSig) const
Create a compact ECDSA signature (65 bytes), which allows reconstructing the used public key...
Definition: key.cpp:320
CPubKey::SCHNORR_SIZE
static constexpr unsigned int SCHNORR_SIZE
Definition: pubkey.h:38
CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:82
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:98
base_blob::begin
uint8_t * begin()
Definition: uint256.h:76
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:91
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:40
CExtPubKey::nDepth
uint8_t nDepth
Definition: pubkey.h:194
CExtKey::chaincode
ChainCode chaincode
Definition: key.h:162
CKey::begin
const uint8_t * begin() const
Definition: key.h:83
CExtPubKey::vchFingerprint
uint8_t vchFingerprint[4]
Definition: pubkey.h:195
secp256k1_context_sign
static secp256k1_context * secp256k1_context_sign
Definition: key.cpp:16
CHash256::Write
CHash256 & Write(const uint8_t *data, size_t len)
Definition: hash.h:35
GetStrongRandBytes
void GetStrongRandBytes(uint8_t *buf, int num) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:628
uint256
256-bit opaque blob.
Definition: uint256.h:120
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:381
secp256k1_schnorr.h
CExtKey::Neuter
CExtPubKey Neuter() const
Definition: key.cpp:400
CExtKey::nDepth
uint8_t nDepth
Definition: key.h:159
CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:356
BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
CKey::fCompressed
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:47
secp256k1_recovery.h
CExtKey::Decode
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
Definition: key.cpp:423
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:198
CKey
An encapsulated secp256k1 private key.
Definition: key.h:25
ECC_InitSanityCheck
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:431
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, std::array< uint8_t, CPubKey::SCHNORR_SIZE > &sig, uint32_t test_case=0) const
Create a Schnorr signature.
Definition: key.cpp:288
CPubKey::SIGNATURE_SIZE
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:39
CHMAC_SHA512::Finalize
void Finalize(uint8_t hash[OUTPUT_SIZE])
Definition: hmac_sha512.cpp:30
SigHasLowR
static bool SigHasLowR(const secp256k1_ecdsa_signature *sig)
Definition: key.cpp:227
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:153
CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:340
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:87
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
CHMAC_SHA512::Write
CHMAC_SHA512 & Write(const uint8_t *data, size_t len)
Definition: hmac_sha512.h:23
CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:154
CHMAC_SHA512
A hasher class for HMAC-SHA-512.
Definition: hmac_sha512.h:14
Generated on Fri Jan 15 2021 17:44:45 for Bitcoin ABC by   doxygen 1.8.13