Bitcoin ABC  0.22.12
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2016 The Bitcoin Core developers
2 // Copyright (c) 2017 The Zcash developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <key.h>
7 
8 #include <crypto/common.h>
9 #include <crypto/hmac_sha512.h>
10 #include <random.h>
11 
12 #include <secp256k1.h>
13 #include <secp256k1_recovery.h>
14 #include <secp256k1_schnorr.h>
15 
17 
40 static int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32,
41  const uint8_t *privkey, size_t privkeylen) {
42  const uint8_t *end = privkey + privkeylen;
43  memset(out32, 0, 32);
44  /* sequence header */
45  if (end - privkey < 1 || *privkey != 0x30u) {
46  return 0;
47  }
48  privkey++;
49  /* sequence length constructor */
50  if (end - privkey < 1 || !(*privkey & 0x80u)) {
51  return 0;
52  }
53  ptrdiff_t lenb = *privkey & ~0x80u;
54  privkey++;
55  if (lenb < 1 || lenb > 2) {
56  return 0;
57  }
58  if (end - privkey < lenb) {
59  return 0;
60  }
61  /* sequence length */
62  ptrdiff_t len =
63  privkey[lenb - 1] | (lenb > 1 ? privkey[lenb - 2] << 8 : 0u);
64  privkey += lenb;
65  if (end - privkey < len) {
66  return 0;
67  }
68  /* sequence element 0: version number (=1) */
69  if (end - privkey < 3 || privkey[0] != 0x02u || privkey[1] != 0x01u ||
70  privkey[2] != 0x01u) {
71  return 0;
72  }
73  privkey += 3;
74  /* sequence element 1: octet string, up to 32 bytes */
75  if (end - privkey < 2 || privkey[0] != 0x04u) {
76  return 0;
77  }
78  ptrdiff_t oslen = privkey[1];
79  privkey += 2;
80  if (oslen > 32 || end - privkey < oslen) {
81  return 0;
82  }
83  memcpy(out32 + (32 - oslen), privkey, oslen);
84  if (!secp256k1_ec_seckey_verify(ctx, out32)) {
85  memset(out32, 0, 32);
86  return 0;
87  }
88  return 1;
89 }
90 
101 static int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey,
102  size_t *privkeylen, const uint8_t *key32,
103  bool compressed) {
104  assert(*privkeylen >= CKey::SIZE);
105  secp256k1_pubkey pubkey;
106  size_t pubkeylen = 0;
107  if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
108  *privkeylen = 0;
109  return 0;
110  }
111 
112  if (compressed) {
113  static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
114  0x01, 0x01, 0x04, 0x20};
115  static const uint8_t middle[] = {
116  0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
117  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
118  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
120  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
121  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
122  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
123  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
124  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
125  0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
127  0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
128  0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
129  uint8_t *ptr = privkey;
130  memcpy(ptr, begin, sizeof(begin));
131  ptr += sizeof(begin);
132  memcpy(ptr, key32, 32);
133  ptr += 32;
134  memcpy(ptr, middle, sizeof(middle));
135  ptr += sizeof(middle);
136  pubkeylen = CPubKey::COMPRESSED_SIZE;
137  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
139  ptr += pubkeylen;
140  *privkeylen = ptr - privkey;
141  assert(*privkeylen == CKey::COMPRESSED_SIZE);
142  } else {
143  static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
144  0x01, 0x01, 0x04, 0x20};
145  static const uint8_t middle[] = {
146  0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
147  0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
148  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
149  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
150  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
151  0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
152  0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
153  0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
154  0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
155  0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
156  0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
157  0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
158  0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
159  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
160  0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
161  0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
162  uint8_t *ptr = privkey;
163  memcpy(ptr, begin, sizeof(begin));
164  ptr += sizeof(begin);
165  memcpy(ptr, key32, 32);
166  ptr += 32;
167  memcpy(ptr, middle, sizeof(middle));
168  ptr += sizeof(middle);
169  pubkeylen = CPubKey::SIZE;
170  secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
172  ptr += pubkeylen;
173  *privkeylen = ptr - privkey;
174  assert(*privkeylen == CKey::SIZE);
175  }
176  return 1;
177 }
178 
179 bool CKey::Check(const uint8_t *vch) {
180  return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
181 }
182 
183 void CKey::MakeNewKey(bool fCompressedIn) {
184  do {
185  GetStrongRandBytes(keydata.data(), keydata.size());
186  } while (!Check(keydata.data()));
187  fValid = true;
188  fCompressed = fCompressedIn;
189 }
190 
191 bool CKey::Negate() {
192  assert(fValid);
193  return secp256k1_ec_privkey_negate(secp256k1_context_sign, keydata.data());
194 }
195 
197  assert(fValid);
198  CPrivKey privkey;
199  int ret;
200  size_t privkeylen;
201  privkey.resize(SIZE);
202  privkeylen = SIZE;
203  ret = ec_privkey_export_der(secp256k1_context_sign, privkey.data(),
204  &privkeylen, begin(), fCompressed);
205  assert(ret);
206  privkey.resize(privkeylen);
207  return privkey;
208 }
209 
211  assert(fValid);
212  secp256k1_pubkey pubkey;
213  size_t clen = CPubKey::SIZE;
214  CPubKey result;
215  int ret =
216  secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
217  assert(ret);
219  secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
221  assert(result.size() == clen);
222  assert(result.IsValid());
223  return result;
224 }
225 
226 // Check that the sig has a low R value and will be less than 71 bytes
228  uint8_t compact_sig[64];
229  secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
230  compact_sig, sig);
231 
232  // In DER serialization, all values are interpreted as big-endian, signed
233  // integers. The highest bit in the integer indicates its signed-ness; 0 is
234  // positive, 1 is negative. When the value is interpreted as a negative
235  // integer, it must be converted to a positive value by prepending a 0x00
236  // byte so that the highest bit is 0. We can avoid this prepending by
237  // ensuring that our highest bit is always 0, and thus we must check that
238  // the first byte is less than 0x80.
239  return compact_sig[0] < 0x80;
240 }
241 
242 bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
243  bool grind, uint32_t test_case) const {
244  if (!fValid) {
245  return false;
246  }
247  vchSig.resize(CPubKey::SIGNATURE_SIZE);
248  size_t nSigLen = CPubKey::SIGNATURE_SIZE;
249  uint8_t extra_entropy[32] = {0};
250  WriteLE32(extra_entropy, test_case);
252  uint32_t counter = 0;
253  int ret =
254  secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
256  (!grind && test_case) ? extra_entropy : nullptr);
257 
258  // Grind for low R
259  while (ret && !SigHasLowR(&sig) && grind) {
260  WriteLE32(extra_entropy, ++counter);
261  ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
263  extra_entropy);
264  }
265  assert(ret);
266  secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
267  vchSig.data(), &nSigLen, &sig);
268  vchSig.resize(nSigLen);
269  return true;
270 }
271 
272 static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf,
273  uint32_t test_case) {
274  if (!key.IsValid()) {
275  return false;
276  }
277 
278  uint8_t extra_entropy[32] = {0};
279  WriteLE32(extra_entropy, test_case);
280 
281  int ret = secp256k1_schnorr_sign(
282  secp256k1_context_sign, buf, hash.begin(), key.begin(),
283  secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
284  assert(ret);
285  return true;
286 }
287 
288 bool CKey::SignSchnorr(const uint256 &hash,
289  std::array<uint8_t, CPubKey::SCHNORR_SIZE> &sig,
290  uint32_t test_case) const {
291  return DoSignSchnorr(*this, hash, sig.data(), test_case);
292 }
293 
294 bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
295  uint32_t test_case) const {
296  if (!fValid) {
297  return false;
298  }
299  vchSig.resize(CPubKey::SCHNORR_SIZE);
300  return DoSignSchnorr(*this, hash, vchSig.data(), test_case);
301 }
302 
303 bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
304  if (pubkey.IsCompressed() != fCompressed) {
305  return false;
306  }
307  uint8_t rnd[8];
308  std::string str = "Bitcoin key verification\n";
309  GetRandBytes(rnd, sizeof(rnd));
310  uint256 hash;
311  CHash256()
312  .Write((uint8_t *)str.data(), str.size())
313  .Write(rnd, sizeof(rnd))
314  .Finalize(hash.begin());
315  std::vector<uint8_t> vchSig;
316  SignECDSA(hash, vchSig);
317  return pubkey.VerifyECDSA(hash, vchSig);
318 }
319 
320 bool CKey::SignCompact(const uint256 &hash,
321  std::vector<uint8_t> &vchSig) const {
322  if (!fValid) {
323  return false;
324  }
325  vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
326  int rec = -1;
329  secp256k1_context_sign, &sig, hash.begin(), begin(),
331  assert(ret);
333  secp256k1_context_sign, &vchSig[1], &rec, &sig);
334  assert(ret);
335  assert(rec != -1);
336  vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
337  return true;
338 }
339 
340 bool CKey::Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
341  bool fSkipCheck = false) {
342  if (!ec_privkey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
343  privkey.data(), privkey.size())) {
344  return false;
345  }
346  fCompressed = vchPubKey.IsCompressed();
347  fValid = true;
348 
349  if (fSkipCheck) {
350  return true;
351  }
352 
353  return VerifyPubKey(vchPubKey);
354 }
355 
356 bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
357  const ChainCode &cc) const {
358  assert(IsValid());
359  assert(IsCompressed());
360  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
361  if ((nChild >> 31) == 0) {
362  CPubKey pubkey = GetPubKey();
363  assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
364  BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
365  } else {
366  assert(size() == 32);
367  BIP32Hash(cc, nChild, 0, begin(), vout.data());
368  }
369  memcpy(ccChild.begin(), vout.data() + 32, 32);
370  memcpy((uint8_t *)keyChild.begin(), begin(), 32);
372  secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
373  keyChild.fCompressed = true;
374  keyChild.fValid = ret;
375  return ret;
376 }
377 
378 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
379  out.nDepth = nDepth + 1;
380  CKeyID id = key.GetPubKey().GetID();
381  memcpy(&out.vchFingerprint[0], &id, 4);
382  out.nChild = _nChild;
383  return key.Derive(out.key, out.chaincode, _nChild, chaincode);
384 }
385 
386 void CExtKey::SetSeed(const uint8_t *seed, unsigned int nSeedLen) {
387  static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
388  'n', ' ', 's', 'e', 'e', 'd'};
389  std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
390  CHMAC_SHA512(hashkey, sizeof(hashkey))
391  .Write(seed, nSeedLen)
392  .Finalize(vout.data());
393  key.Set(vout.data(), vout.data() + 32, true);
394  memcpy(chaincode.begin(), vout.data() + 32, 32);
395  nDepth = 0;
396  nChild = 0;
397  memset(vchFingerprint, 0, sizeof(vchFingerprint));
398 }
399 
401  CExtPubKey ret;
402  ret.nDepth = nDepth;
403  memcpy(&ret.vchFingerprint[0], &vchFingerprint[0], 4);
404  ret.nChild = nChild;
405  ret.pubkey = key.GetPubKey();
406  ret.chaincode = chaincode;
407  return ret;
408 }
409 
410 void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
411  code[0] = nDepth;
412  memcpy(code + 1, vchFingerprint, 4);
413  code[5] = (nChild >> 24) & 0xFF;
414  code[6] = (nChild >> 16) & 0xFF;
415  code[7] = (nChild >> 8) & 0xFF;
416  code[8] = (nChild >> 0) & 0xFF;
417  memcpy(code + 9, chaincode.begin(), 32);
418  code[41] = 0;
419  assert(key.size() == 32);
420  memcpy(code + 42, key.begin(), 32);
421 }
422 
423 void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
424  nDepth = code[0];
425  memcpy(vchFingerprint, code + 1, 4);
426  nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
427  memcpy(chaincode.begin(), code + 9, 32);
428  key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
429 }
430 
432  CKey key;
433  key.MakeNewKey(true);
434  CPubKey pubkey = key.GetPubKey();
435  return key.VerifyPubKey(pubkey);
436 }
437 
438 void ECC_Start() {
439  assert(secp256k1_context_sign == nullptr);
440 
442  assert(ctx != nullptr);
443 
444  {
445  // Pass in a random blinding seed to the secp256k1 context.
446  std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
447  GetRandBytes(vseed.data(), 32);
448  bool ret = secp256k1_context_randomize(ctx, vseed.data());
449  assert(ret);
450  }
451 
452  secp256k1_context_sign = ctx;
453 }
454 
455 void ECC_Stop() {
457  secp256k1_context_sign = nullptr;
458 
459  if (ctx) {
461  }
462 }
std::vector< uint8_t, secure_allocator< uint8_t > > keydata
The actual byte data.
Definition: key.h:50
uint8_t data[WIDTH]
Definition: uint256.h:19
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:438
bool SignECDSA(const uint256 &hash, std::vector< uint8_t > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized ECDSA signature.
Definition: key.cpp:242
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:196
std::array< uint8_t, 64 > sig
Definition: processor.cpp:248
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:36
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
Definition: secp256k1.c:393
static int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *privkey, size_t privkeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
Definition: key.cpp:40
static void WriteLE32(uint8_t *ptr, uint32_t x)
Definition: common.h:40
CKey key
Definition: key.h:163
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
bool Negate()
Negate private key.
Definition: key.cpp:191
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:731
bool Derive(CExtKey &out, unsigned int nChild) const
Definition: key.cpp:378
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:303
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:210
secp256k1_context * ctx
Definition: key.h:158
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
Definition: pubkey.cpp:173
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
Definition: key.cpp:410
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:297
A hasher class for Bitcoin&#39;s 256-bit hash (double SHA-256).
Definition: hash.h:22
static const unsigned int SIZE
secp256k1:
Definition: key.h:30
ChainCode chaincode
Definition: pubkey.h:197
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
Definition: secp256k1.c:654
bool fValid
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:37
unsigned int nChild
Definition: pubkey.h:196
const uint8_t * begin() const
Definition: pubkey.h:100
std::vector< uint8_t, secure_allocator< uint8_t > > CPrivKey
secure_allocator is defined in allocators.h CPrivKey is a serialized private key, with all parameters...
Definition: key.h:22
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
Definition: secp256k1.c:607
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
Definition: secp256k1.c:477
void GetRandBytes(uint8_t *buf, int num) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:625
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:197
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:574
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:177
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:176
static const unsigned int COMPRESSED_SIZE
Definition: key.h:31
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:37
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
Definition: hash.cpp:72
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:551
void SetSeed(const uint8_t *seed, unsigned int nSeedLen)
Definition: key.cpp:386
static bool DoSignSchnorr(const CKey &key, const uint256 &hash, uint8_t *buf, uint32_t test_case)
Definition: key.cpp:272
void ECC_Stop()
Deinitialize the elliptic curve support.
Definition: key.cpp:455
bool IsValid() const
Definition: pubkey.h:147
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:536
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
An encapsulated public key.
Definition: pubkey.h:31
static bool Check(const uint8_t *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:179
static int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey, size_t *privkeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www...
Definition: key.cpp:101
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:183
unsigned int nChild
Definition: key.h:161
uint8_t vchFingerprint[4]
Definition: key.h:160
bool SignCompact(const uint256 &hash, std::vector< uint8_t > &vchSig) const
Create a compact ECDSA signature (65 bytes), which allows reconstructing the used public key...
Definition: key.cpp:320
static constexpr unsigned int SCHNORR_SIZE
Definition: pubkey.h:38
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:82
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:98
uint8_t * begin()
Definition: uint256.h:76
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:91
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:40
uint8_t nDepth
Definition: pubkey.h:194
ChainCode chaincode
Definition: key.h:162
const uint8_t * begin() const
Definition: key.h:83
uint8_t vchFingerprint[4]
Definition: pubkey.h:195
static secp256k1_context * secp256k1_context_sign
Definition: key.cpp:16
CHash256 & Write(const uint8_t *data, size_t len)
Definition: hash.h:35
void GetStrongRandBytes(uint8_t *buf, int num) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:628
256-bit opaque blob.
Definition: uint256.h:120
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:381
CExtPubKey Neuter() const
Definition: key.cpp:400
uint8_t nDepth
Definition: key.h:159
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:356
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:47
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
Definition: key.cpp:423
CPubKey pubkey
Definition: pubkey.h:198
An encapsulated secp256k1 private key.
Definition: key.h:25
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:431
bool SignSchnorr(const uint256 &hash, std::array< uint8_t, CPubKey::SCHNORR_SIZE > &sig, uint32_t test_case=0) const
Create a Schnorr signature.
Definition: key.cpp:288
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:39
void Finalize(uint8_t hash[OUTPUT_SIZE])
Definition: hmac_sha512.cpp:30
static bool SigHasLowR(const secp256k1_ecdsa_signature *sig)
Definition: key.cpp:227
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:153
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:340
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:87
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
CHMAC_SHA512 & Write(const uint8_t *data, size_t len)
Definition: hmac_sha512.h:23
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:154
A hasher class for HMAC-SHA-512.
Definition: hmac_sha512.h:14