Branch data Line data Source code
# 1 : : // Copyright (c) 2009-2010 Satoshi Nakamoto
# 2 : : // Copyright (c) 2009-2021 The Bitcoin Core developers
# 3 : : // Copyright (c) 2017 The Zcash developers
# 4 : : // Distributed under the MIT software license, see the accompanying
# 5 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
# 6 : :
# 7 : : #ifndef BITCOIN_KEY_H
# 8 : : #define BITCOIN_KEY_H
# 9 : :
# 10 : : #include <pubkey.h>
# 11 : : #include <serialize.h>
# 12 : : #include <support/allocators/secure.h>
# 13 : : #include <uint256.h>
# 14 : :
# 15 : : #include <stdexcept>
# 16 : : #include <vector>
# 17 : :
# 18 : :
# 19 : : /**
# 20 : : * CPrivKey is a serialized private key, with all parameters included
# 21 : : * (SIZE bytes)
# 22 : : */
# 23 : : typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
# 24 : :
# 25 : : /** An encapsulated private key. */
# 26 : : class CKey
# 27 : : {
# 28 : : public:
# 29 : : /**
# 30 : : * secp256k1:
# 31 : : */
# 32 : : static const unsigned int SIZE = 279;
# 33 : : static const unsigned int COMPRESSED_SIZE = 214;
# 34 : : /**
# 35 : : * see www.keylength.com
# 36 : : * script supports up to 75 for single byte push
# 37 : : */
# 38 : : static_assert(
# 39 : : SIZE >= COMPRESSED_SIZE,
# 40 : : "COMPRESSED_SIZE is larger than SIZE");
# 41 : :
# 42 : : private:
# 43 : : //! Whether this private key is valid. We check for correctness when modifying the key
# 44 : : //! data, so fValid should always correspond to the actual state.
# 45 : : bool fValid;
# 46 : :
# 47 : : //! Whether the public key corresponding to this private key is (to be) compressed.
# 48 : : bool fCompressed;
# 49 : :
# 50 : : //! The actual byte data
# 51 : : std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
# 52 : :
# 53 : : //! Check whether the 32-byte array pointed to by vch is valid keydata.
# 54 : : bool static Check(const unsigned char* vch);
# 55 : :
# 56 : : public:
# 57 : : //! Construct an invalid private key.
# 58 : : CKey() : fValid(false), fCompressed(false)
# 59 : 1408411 : {
# 60 : : // Important: vch must be 32 bytes in length to not break serialization
# 61 : 1408411 : keydata.resize(32);
# 62 : 1408411 : }
# 63 : :
# 64 : : friend bool operator==(const CKey& a, const CKey& b)
# 65 : 34 : {
# 66 [ + - ]: 34 : return a.fCompressed == b.fCompressed &&
# 67 [ + - ]: 34 : a.size() == b.size() &&
# 68 [ + - ]: 34 : memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
# 69 : 34 : }
# 70 : :
# 71 : : //! Initialize using begin and end iterators to byte data.
# 72 : : template <typename T>
# 73 : : void Set(const T pbegin, const T pend, bool fCompressedIn)
# 74 : 28436 : {
# 75 [ - + ][ - + ]: 28436 : if (size_t(pend - pbegin) != keydata.size()) {
# [ - + ]
# 76 : 0 : fValid = false;
# 77 [ + - ][ + - ]: 28436 : } else if (Check(&pbegin[0])) {
# [ + + ]
# 78 : 28432 : memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
# 79 : 28432 : fValid = true;
# 80 : 28432 : fCompressed = fCompressedIn;
# 81 : 28432 : } else {
# 82 : 4 : fValid = false;
# 83 : 4 : }
# 84 : 28436 : }
# 85 : :
# 86 : : //! Simple read-only vector-like interface.
# 87 [ + - ]: 121389 : unsigned int size() const { return (fValid ? keydata.size() : 0); }
# 88 : 20039 : const unsigned char* data() const { return keydata.data(); }
# 89 : 1981233 : const unsigned char* begin() const { return keydata.data(); }
# 90 : 3330 : const unsigned char* end() const { return keydata.data() + size(); }
# 91 : :
# 92 : : //! Check whether this private key is valid.
# 93 : 144588 : bool IsValid() const { return fValid; }
# 94 : :
# 95 : : //! Check whether the public key corresponding to this private key is (to be) compressed.
# 96 : 143160 : bool IsCompressed() const { return fCompressed; }
# 97 : :
# 98 : : //! Generate a new private key using a cryptographic PRNG.
# 99 : : void MakeNewKey(bool fCompressed);
# 100 : :
# 101 : : //! Negate private key
# 102 : : bool Negate();
# 103 : :
# 104 : : /**
# 105 : : * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
# 106 : : * This is expensive.
# 107 : : */
# 108 : : CPrivKey GetPrivKey() const;
# 109 : :
# 110 : : /**
# 111 : : * Compute the public key from a private key.
# 112 : : * This is expensive.
# 113 : : */
# 114 : : CPubKey GetPubKey() const;
# 115 : :
# 116 : : /**
# 117 : : * Create a DER-serialized signature.
# 118 : : * The test_case parameter tweaks the deterministic nonce.
# 119 : : */
# 120 : : bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, bool grind = true, uint32_t test_case = 0) const;
# 121 : :
# 122 : : /**
# 123 : : * Create a compact signature (65 bytes), which allows reconstructing the used public key.
# 124 : : * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
# 125 : : * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
# 126 : : * 0x1D = second key with even y, 0x1E = second key with odd y,
# 127 : : * add 0x04 for compressed keys.
# 128 : : */
# 129 : : bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
# 130 : :
# 131 : : /**
# 132 : : * Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this,
# 133 : : * optionally tweaked by *merkle_root. Additional nonce entropy is provided through
# 134 : : * aux.
# 135 : : *
# 136 : : * merkle_root is used to optionally perform tweaking of the private key, as specified
# 137 : : * in BIP341:
# 138 : : * - If merkle_root == nullptr: no tweaking is done, sign with key directly (this is
# 139 : : * used for signatures in BIP342 script).
# 140 : : * - If merkle_root->IsNull(): sign with key + H_TapTweak(pubkey) (this is used for
# 141 : : * key path spending when no scripts are present).
# 142 : : * - Otherwise: sign with key + H_TapTweak(pubkey || *merkle_root)
# 143 : : * (this is used for key path spending, with specific
# 144 : : * Merkle root of the script tree).
# 145 : : */
# 146 : : bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256* merkle_root, const uint256& aux) const;
# 147 : :
# 148 : : //! Derive BIP32 child key.
# 149 : : bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
# 150 : :
# 151 : : /**
# 152 : : * Verify thoroughly whether a private key and a public key match.
# 153 : : * This is done using a different mechanism than just regenerating it.
# 154 : : */
# 155 : : bool VerifyPubKey(const CPubKey& vchPubKey) const;
# 156 : :
# 157 : : //! Load private key and check that public key matches.
# 158 : : bool Load(const CPrivKey& privkey, const CPubKey& vchPubKey, bool fSkipCheck);
# 159 : : };
# 160 : :
# 161 : : struct CExtKey {
# 162 : : unsigned char nDepth;
# 163 : : unsigned char vchFingerprint[4];
# 164 : : unsigned int nChild;
# 165 : : ChainCode chaincode;
# 166 : : CKey key;
# 167 : :
# 168 : : friend bool operator==(const CExtKey& a, const CExtKey& b)
# 169 : 34 : {
# 170 [ + - ]: 34 : return a.nDepth == b.nDepth &&
# 171 [ + - ]: 34 : memcmp(a.vchFingerprint, b.vchFingerprint, sizeof(vchFingerprint)) == 0 &&
# 172 [ + - ]: 34 : a.nChild == b.nChild &&
# 173 [ + - ]: 34 : a.chaincode == b.chaincode &&
# 174 [ + - ]: 34 : a.key == b.key;
# 175 : 34 : }
# 176 : :
# 177 : : void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
# 178 : : void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
# 179 : : bool Derive(CExtKey& out, unsigned int nChild) const;
# 180 : : CExtPubKey Neuter() const;
# 181 : : void SetSeed(Span<const uint8_t> seed);
# 182 : : };
# 183 : :
# 184 : : /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
# 185 : : void ECC_Start();
# 186 : :
# 187 : : /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
# 188 : : void ECC_Stop();
# 189 : :
# 190 : : /** Check that required EC support is available at runtime. */
# 191 : : bool ECC_InitSanityCheck();
# 192 : :
# 193 : : #endif // BITCOIN_KEY_H
|
