32 size_t rpos, rlen, spos, slen;
35 uint8_t tmpsig[64] = {0};
42 if (pos == inputlen || input[pos] != 0x30) {
48 if (pos == inputlen) {
51 lenbyte = input[pos++];
54 if (lenbyte > inputlen - pos) {
61 if (pos == inputlen || input[pos] != 0x02) {
67 if (pos == inputlen) {
70 lenbyte = input[pos++];
73 if (lenbyte > inputlen - pos) {
76 while (lenbyte > 0 && input[pos] == 0) {
80 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
86 rlen = (rlen << 8) + input[pos];
93 if (rlen > inputlen - pos) {
100 if (pos == inputlen || input[pos] != 0x02) {
106 if (pos == inputlen) {
109 lenbyte = input[pos++];
110 if (lenbyte & 0x80) {
112 if (lenbyte > inputlen - pos) {
115 while (lenbyte > 0 && input[pos] == 0) {
119 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
124 while (lenbyte > 0) {
125 slen = (slen << 8) + input[pos];
132 if (slen > inputlen - pos) {
138 while (rlen > 0 && input[rpos] == 0) {
146 memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
150 while (slen > 0 && input[spos] == 0) {
158 memcpy(tmpsig + 64 - slen, input + spos, slen);
167 memset(tmpsig, 0, 64);
174 const std::vector<uint8_t> &vchSig)
const {
181 assert(secp256k1_context_verify &&
182 "secp256k1_context_verify must be initialized to use CPubKey.");
188 vchSig.
data(), vchSig.size())) {
201 const uint256 &hash,
const std::array<uint8_t, SCHNORR_SIZE> &
sig)
const {
208 &(*
this)[0],
size())) {
213 hash.
begin(), &pubkey);
217 const std::vector<uint8_t> &vchSig)
const {
222 std::array<uint8_t, SCHNORR_SIZE>
sig;
223 std::copy(vchSig.begin(), vchSig.end(), sig.begin());
229 const std::vector<uint8_t> &vchSig) {
234 int recid = (vchSig[0] - 27) & 3;
235 bool fComp = ((vchSig[0] - 27) & 4) != 0;
238 assert(secp256k1_context_verify &&
239 "secp256k1_context_verify must be initialized to use CPubKey.");
241 secp256k1_context_verify, &sig, &vchSig[1], recid)) {
249 size_t publen =
SIZE;
251 secp256k1_context_verify, pub, &publen, &pubkey,
253 Set(pub, pub + publen);
262 assert(secp256k1_context_verify &&
263 "secp256k1_context_verify must be initialized to use CPubKey.");
273 assert(secp256k1_context_verify &&
274 "secp256k1_context_verify must be initialized to use CPubKey.");
280 size_t publen =
SIZE;
283 Set(pub, pub + publen);
288 unsigned int nChild,
const ChainCode &cc)
const {
290 assert((nChild >> 31) == 0);
294 memcpy(ccChild.
begin(), out + 32, 32);
296 assert(secp256k1_context_verify &&
297 "secp256k1_context_verify must be initialized to use CPubKey.");
310 pubkeyChild.
Set(pub, pub + publen);
316 memcpy(code + 1, vchFingerprint, 4);
317 code[5] = (nChild >> 24) & 0xFF;
318 code[6] = (nChild >> 16) & 0xFF;
319 code[7] = (nChild >> 8) & 0xFF;
320 code[8] = (nChild >> 0) & 0xFF;
321 memcpy(code + 9, chaincode.begin(), 32);
328 memcpy(vchFingerprint, code + 1, 4);
329 nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
330 memcpy(chaincode.begin(), code + 9, 32);
331 pubkey.Set(code + 41, code + BIP32_EXTKEY_SIZE);
336 CKeyID id = pubkey.GetID();
343 const boost::sliced_range<
const std::vector<uint8_t>> &vchSig) {
345 assert(secp256k1_context_verify &&
346 "secp256k1_context_verify must be initialized to use CPubKey.");
348 &vchSig.front(), vchSig.size())) {
359 assert(secp256k1_context_verify ==
nullptr);
360 secp256k1_context_verify =
362 assert(secp256k1_context_verify !=
nullptr);
370 assert(secp256k1_context_verify !=
nullptr);
372 secp256k1_context_verify =
nullptr;
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
std::array< uint8_t, 64 > sig
static constexpr unsigned int SIZE
secp256k1:
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
bool VerifySchnorr(const uint256 &hash, const std::array< uint8_t, SCHNORR_SIZE > &sig) const
Verify a Schnorr signature (=64 bytes).
static bool CheckLowS(const boost::sliced_range< const std::vector< uint8_t >> &vchSig)
Check whether a DER-serialized ECDSA signature is normalized (lower-S).
const uint8_t * begin() const
void Decode(const uint8_t code[BIP32_EXTKEY_SIZE])
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
#define SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
static int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const uint8_t *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
static constexpr unsigned int COMPRESSED_SIZE
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid()) ...
void BIP32Hash(const ChainCode &chainCode, uint32_t nChild, uint8_t header, const uint8_t data[32], uint8_t output[64])
An encapsulated public key.
static constexpr unsigned int SCHNORR_SIZE
bool RecoverCompact(const uint256 &hash, const std::vector< uint8_t > &vchSig)
Recover a public key from a compact ECDSA signature.
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Opaque data structured that holds a parsed ECDSA signature.
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify a signature created by secp256k1_schnorr_sign.
uint8_t vchFingerprint[4]
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
bool Derive(CExtPubKey &out, unsigned int nChild) const
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
const unsigned int BIP32_EXTKEY_SIZE
A reference to a CKey: the Hash160 of its serialized public key.
uint8_t vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
bool Decompress()
Turn this public key into an uncompressed public key.
Opaque data structure that holds a parsed and valid public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.