Branch data Line data Source code
# 1 : : // Copyright (c) 2009-2020 The Bitcoin Core developers
# 2 : : // Copyright (c) 2017 The Zcash developers
# 3 : : // Distributed under the MIT software license, see the accompanying
# 4 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
# 5 : :
# 6 : : #include <key.h>
# 7 : :
# 8 : : #include <crypto/common.h>
# 9 : : #include <crypto/hmac_sha512.h>
# 10 : : #include <random.h>
# 11 : :
# 12 : : #include <secp256k1.h>
# 13 : : #include <secp256k1_recovery.h>
# 14 : :
# 15 : : static secp256k1_context* secp256k1_context_sign = nullptr;
# 16 : :
# 17 : : /** These functions are taken from the libsecp256k1 distribution and are very ugly. */
# 18 : :
# 19 : : /**
# 20 : : * This parses a format loosely based on a DER encoding of the ECPrivateKey type from
# 21 : : * section C.4 of SEC 1 <https://www.secg.org/sec1-v2.pdf>, with the following caveats:
# 22 : : *
# 23 : : * * The octet-length of the SEQUENCE must be encoded as 1 or 2 octets. It is not
# 24 : : * required to be encoded as one octet if it is less than 256, as DER would require.
# 25 : : * * The octet-length of the SEQUENCE must not be greater than the remaining
# 26 : : * length of the key encoding, but need not match it (i.e. the encoding may contain
# 27 : : * junk after the encoded SEQUENCE).
# 28 : : * * The privateKey OCTET STRING is zero-filled on the left to 32 octets.
# 29 : : * * Anything after the encoding of the privateKey OCTET STRING is ignored, whether
# 30 : : * or not it is validly encoded DER.
# 31 : : *
# 32 : : * out32 must point to an output buffer of length at least 32 bytes.
# 33 : : */
# 34 : 11188 : int ec_seckey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *seckey, size_t seckeylen) {
# 35 : 11188 : const unsigned char *end = seckey + seckeylen;
# 36 : 11188 : memset(out32, 0, 32);
# 37 : : /* sequence header */
# 38 [ - + ][ - + ]: 11188 : if (end - seckey < 1 || *seckey != 0x30u) {
# 39 : 0 : return 0;
# 40 : 0 : }
# 41 : 11188 : seckey++;
# 42 : : /* sequence length constructor */
# 43 [ - + ][ - + ]: 11188 : if (end - seckey < 1 || !(*seckey & 0x80u)) {
# 44 : 0 : return 0;
# 45 : 0 : }
# 46 : 11188 : ptrdiff_t lenb = *seckey & ~0x80u; seckey++;
# 47 [ - + ][ - + ]: 11188 : if (lenb < 1 || lenb > 2) {
# 48 : 0 : return 0;
# 49 : 0 : }
# 50 [ - + ]: 11188 : if (end - seckey < lenb) {
# 51 : 0 : return 0;
# 52 : 0 : }
# 53 : : /* sequence length */
# 54 [ - + ]: 11188 : ptrdiff_t len = seckey[lenb-1] | (lenb > 1 ? seckey[lenb-2] << 8 : 0u);
# 55 : 11188 : seckey += lenb;
# 56 [ - + ]: 11188 : if (end - seckey < len) {
# 57 : 0 : return 0;
# 58 : 0 : }
# 59 : : /* sequence element 0: version number (=1) */
# 60 [ - + ][ - + ]: 11188 : if (end - seckey < 3 || seckey[0] != 0x02u || seckey[1] != 0x01u || seckey[2] != 0x01u) {
# [ - + ][ - + ]
# 61 : 0 : return 0;
# 62 : 0 : }
# 63 : 11188 : seckey += 3;
# 64 : : /* sequence element 1: octet string, up to 32 bytes */
# 65 [ - + ][ - + ]: 11188 : if (end - seckey < 2 || seckey[0] != 0x04u) {
# 66 : 0 : return 0;
# 67 : 0 : }
# 68 : 11188 : ptrdiff_t oslen = seckey[1];
# 69 : 11188 : seckey += 2;
# 70 [ - + ][ - + ]: 11188 : if (oslen > 32 || end - seckey < oslen) {
# 71 : 0 : return 0;
# 72 : 0 : }
# 73 : 11188 : memcpy(out32 + (32 - oslen), seckey, oslen);
# 74 [ - + ]: 11188 : if (!secp256k1_ec_seckey_verify(ctx, out32)) {
# 75 : 0 : memset(out32, 0, 32);
# 76 : 0 : return 0;
# 77 : 0 : }
# 78 : 11188 : return 1;
# 79 : 11188 : }
# 80 : :
# 81 : : /**
# 82 : : * This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1
# 83 : : * <https://www.secg.org/sec1-v2.pdf>. The optional parameters and publicKey fields are
# 84 : : * included.
# 85 : : *
# 86 : : * seckey must point to an output buffer of length at least CKey::SIZE bytes.
# 87 : : * seckeylen must initially be set to the size of the seckey buffer. Upon return it
# 88 : : * will be set to the number of bytes used in the buffer.
# 89 : : * key32 must point to a 32-byte raw private key.
# 90 : : */
# 91 : 27951 : int ec_seckey_export_der(const secp256k1_context *ctx, unsigned char *seckey, size_t *seckeylen, const unsigned char *key32, bool compressed) {
# 92 : 27951 : assert(*seckeylen >= CKey::SIZE);
# 93 : 27951 : secp256k1_pubkey pubkey;
# 94 : 27951 : size_t pubkeylen = 0;
# 95 [ - + ]: 27951 : if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
# 96 : 0 : *seckeylen = 0;
# 97 : 0 : return 0;
# 98 : 0 : }
# 99 [ + + ]: 27951 : if (compressed) {
# 100 : 25939 : static const unsigned char begin[] = {
# 101 : 25939 : 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20
# 102 : 25939 : };
# 103 : 25939 : static const unsigned char middle[] = {
# 104 : 25939 : 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
# 105 : 25939 : 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 106 : 25939 : 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 107 : 25939 : 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
# 108 : 25939 : 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
# 109 : 25939 : 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
# 110 : 25939 : 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 111 : 25939 : 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
# 112 : 25939 : 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00
# 113 : 25939 : };
# 114 : 25939 : unsigned char *ptr = seckey;
# 115 : 25939 : memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
# 116 : 25939 : memcpy(ptr, key32, 32); ptr += 32;
# 117 : 25939 : memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
# 118 : 25939 : pubkeylen = CPubKey::COMPRESSED_SIZE;
# 119 : 25939 : secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
# 120 : 25939 : ptr += pubkeylen;
# 121 : 25939 : *seckeylen = ptr - seckey;
# 122 : 25939 : assert(*seckeylen == CKey::COMPRESSED_SIZE);
# 123 : 25939 : } else {
# 124 : 2012 : static const unsigned char begin[] = {
# 125 : 2012 : 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20
# 126 : 2012 : };
# 127 : 2012 : static const unsigned char middle[] = {
# 128 : 2012 : 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
# 129 : 2012 : 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 130 : 2012 : 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 131 : 2012 : 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
# 132 : 2012 : 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
# 133 : 2012 : 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
# 134 : 2012 : 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11,
# 135 : 2012 : 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10,
# 136 : 2012 : 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
# 137 : 2012 : 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
# 138 : 2012 : 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00
# 139 : 2012 : };
# 140 : 2012 : unsigned char *ptr = seckey;
# 141 : 2012 : memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
# 142 : 2012 : memcpy(ptr, key32, 32); ptr += 32;
# 143 : 2012 : memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
# 144 : 2012 : pubkeylen = CPubKey::SIZE;
# 145 : 2012 : secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
# 146 : 2012 : ptr += pubkeylen;
# 147 : 2012 : *seckeylen = ptr - seckey;
# 148 : 2012 : assert(*seckeylen == CKey::SIZE);
# 149 : 2012 : }
# 150 : 27951 : return 1;
# 151 : 27951 : }
# 152 : :
# 153 : 35890 : bool CKey::Check(const unsigned char *vch) {
# 154 : 35890 : return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
# 155 : 35890 : }
# 156 : :
# 157 : 3219 : void CKey::MakeNewKey(bool fCompressedIn) {
# 158 : 3219 : do {
# 159 : 3219 : GetStrongRandBytes(keydata.data(), keydata.size());
# 160 [ - + ]: 3219 : } while (!Check(keydata.data()));
# 161 : 3219 : fValid = true;
# 162 : 3219 : fCompressed = fCompressedIn;
# 163 : 3219 : }
# 164 : :
# 165 : : bool CKey::Negate()
# 166 : 4 : {
# 167 : 4 : assert(fValid);
# 168 : 4 : return secp256k1_ec_seckey_negate(secp256k1_context_sign, keydata.data());
# 169 : 4 : }
# 170 : :
# 171 : 27951 : CPrivKey CKey::GetPrivKey() const {
# 172 : 27951 : assert(fValid);
# 173 : 27951 : CPrivKey seckey;
# 174 : 27951 : int ret;
# 175 : 27951 : size_t seckeylen;
# 176 : 27951 : seckey.resize(SIZE);
# 177 : 27951 : seckeylen = SIZE;
# 178 : 27951 : ret = ec_seckey_export_der(secp256k1_context_sign, seckey.data(), &seckeylen, begin(), fCompressed);
# 179 : 27951 : assert(ret);
# 180 : 27951 : seckey.resize(seckeylen);
# 181 : 27951 : return seckey;
# 182 : 27951 : }
# 183 : :
# 184 : 1443023 : CPubKey CKey::GetPubKey() const {
# 185 : 1443023 : assert(fValid);
# 186 : 1443023 : secp256k1_pubkey pubkey;
# 187 : 1443023 : size_t clen = CPubKey::SIZE;
# 188 : 1443023 : CPubKey result;
# 189 : 1443023 : int ret = secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
# 190 : 1443023 : assert(ret);
# 191 [ + + ]: 1443023 : secp256k1_ec_pubkey_serialize(secp256k1_context_sign, (unsigned char*)result.begin(), &clen, &pubkey, fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
# 192 : 1443023 : assert(result.size() == clen);
# 193 : 1443023 : assert(result.IsValid());
# 194 : 1443023 : return result;
# 195 : 1443023 : }
# 196 : :
# 197 : : // Check that the sig has a low R value and will be less than 71 bytes
# 198 : : bool SigHasLowR(const secp256k1_ecdsa_signature* sig)
# 199 : 157112 : {
# 200 : 157112 : unsigned char compact_sig[64];
# 201 : 157112 : secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign, compact_sig, sig);
# 202 : :
# 203 : : // In DER serialization, all values are interpreted as big-endian, signed integers. The highest bit in the integer indicates
# 204 : : // its signed-ness; 0 is positive, 1 is negative. When the value is interpreted as a negative integer, it must be converted
# 205 : : // to a positive value by prepending a 0x00 byte so that the highest bit is 0. We can avoid this prepending by ensuring that
# 206 : : // our highest bit is always 0, and thus we must check that the first byte is less than 0x80.
# 207 : 157112 : return compact_sig[0] < 0x80;
# 208 : 157112 : }
# 209 : :
# 210 : 79782 : bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, bool grind, uint32_t test_case) const {
# 211 [ - + ]: 79782 : if (!fValid)
# 212 : 0 : return false;
# 213 : 79782 : vchSig.resize(CPubKey::SIGNATURE_SIZE);
# 214 : 79782 : size_t nSigLen = CPubKey::SIGNATURE_SIZE;
# 215 : 79782 : unsigned char extra_entropy[32] = {0};
# 216 : 79782 : WriteLE32(extra_entropy, test_case);
# 217 : 79782 : secp256k1_ecdsa_signature sig;
# 218 : 79782 : uint32_t counter = 0;
# 219 [ + + ][ + + ]: 79782 : int ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, (!grind && test_case) ? extra_entropy : nullptr);
# 220 : :
# 221 : : // Grind for low R
# 222 [ + - ][ + + ]: 157112 : while (ret && !SigHasLowR(&sig) && grind) {
# [ + + ]
# 223 : 77330 : WriteLE32(extra_entropy, ++counter);
# 224 : 77330 : ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, extra_entropy);
# 225 : 77330 : }
# 226 : 79782 : assert(ret);
# 227 : 79782 : secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign, vchSig.data(), &nSigLen, &sig);
# 228 : 79782 : vchSig.resize(nSigLen);
# 229 : 79782 : return true;
# 230 : 79782 : }
# 231 : :
# 232 : 35516 : bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
# 233 [ + + ]: 35516 : if (pubkey.IsCompressed() != fCompressed) {
# 234 : 16 : return false;
# 235 : 16 : }
# 236 : 35500 : unsigned char rnd[8];
# 237 : 35500 : std::string str = "Bitcoin key verification\n";
# 238 : 35500 : GetRandBytes(rnd, sizeof(rnd));
# 239 : 35500 : uint256 hash;
# 240 : 35500 : CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
# 241 : 35500 : std::vector<unsigned char> vchSig;
# 242 : 35500 : Sign(hash, vchSig);
# 243 : 35500 : return pubkey.Verify(hash, vchSig);
# 244 : 35500 : }
# 245 : :
# 246 : 152 : bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const {
# 247 [ + + ]: 152 : if (!fValid)
# 248 : 1 : return false;
# 249 : 151 : vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
# 250 : 151 : int rec = -1;
# 251 : 151 : secp256k1_ecdsa_recoverable_signature sig;
# 252 : 151 : int ret = secp256k1_ecdsa_sign_recoverable(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, nullptr);
# 253 : 151 : assert(ret);
# 254 : 151 : ret = secp256k1_ecdsa_recoverable_signature_serialize_compact(secp256k1_context_sign, &vchSig[1], &rec, &sig);
# 255 : 151 : assert(ret);
# 256 : 151 : assert(rec != -1);
# 257 [ + + ]: 151 : vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
# 258 : 151 : return true;
# 259 : 151 : }
# 260 : :
# 261 : 11188 : bool CKey::Load(const CPrivKey &seckey, const CPubKey &vchPubKey, bool fSkipCheck=false) {
# 262 [ - + ]: 11188 : if (!ec_seckey_import_der(secp256k1_context_sign, (unsigned char*)begin(), seckey.data(), seckey.size()))
# 263 : 0 : return false;
# 264 : 11188 : fCompressed = vchPubKey.IsCompressed();
# 265 : 11188 : fValid = true;
# 266 : :
# 267 [ + - ]: 11188 : if (fSkipCheck)
# 268 : 11188 : return true;
# 269 : :
# 270 : 0 : return VerifyPubKey(vchPubKey);
# 271 : 0 : }
# 272 : :
# 273 : 109892 : bool CKey::Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
# 274 : 109892 : assert(IsValid());
# 275 : 109892 : assert(IsCompressed());
# 276 : 109892 : std::vector<unsigned char, secure_allocator<unsigned char>> vout(64);
# 277 [ + + ]: 109892 : if ((nChild >> 31) == 0) {
# 278 : 12871 : CPubKey pubkey = GetPubKey();
# 279 : 12871 : assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);
# 280 : 12871 : BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin()+1, vout.data());
# 281 : 97021 : } else {
# 282 : 97021 : assert(size() == 32);
# 283 : 97021 : BIP32Hash(cc, nChild, 0, begin(), vout.data());
# 284 : 97021 : }
# 285 : 109892 : memcpy(ccChild.begin(), vout.data()+32, 32);
# 286 : 109892 : memcpy((unsigned char*)keyChild.begin(), begin(), 32);
# 287 : 109892 : bool ret = secp256k1_ec_seckey_tweak_add(secp256k1_context_sign, (unsigned char*)keyChild.begin(), vout.data());
# 288 : 109892 : keyChild.fCompressed = true;
# 289 : 109892 : keyChild.fValid = ret;
# 290 : 109892 : return ret;
# 291 : 109892 : }
# 292 : :
# 293 : 109892 : bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
# 294 : 109892 : out.nDepth = nDepth + 1;
# 295 : 109892 : CKeyID id = key.GetPubKey().GetID();
# 296 : 109892 : memcpy(out.vchFingerprint, &id, 4);
# 297 : 109892 : out.nChild = _nChild;
# 298 : 109892 : return key.Derive(out.key, out.chaincode, _nChild, chaincode);
# 299 : 109892 : }
# 300 : :
# 301 : 24405 : void CExtKey::SetSeed(const unsigned char *seed, unsigned int nSeedLen) {
# 302 : 24405 : static const unsigned char hashkey[] = {'B','i','t','c','o','i','n',' ','s','e','e','d'};
# 303 : 24405 : std::vector<unsigned char, secure_allocator<unsigned char>> vout(64);
# 304 : 24405 : CHMAC_SHA512(hashkey, sizeof(hashkey)).Write(seed, nSeedLen).Finalize(vout.data());
# 305 : 24405 : key.Set(vout.data(), vout.data() + 32, true);
# 306 : 24405 : memcpy(chaincode.begin(), vout.data() + 32, 32);
# 307 : 24405 : nDepth = 0;
# 308 : 24405 : nChild = 0;
# 309 : 24405 : memset(vchFingerprint, 0, sizeof(vchFingerprint));
# 310 : 24405 : }
# 311 : :
# 312 : 16806 : CExtPubKey CExtKey::Neuter() const {
# 313 : 16806 : CExtPubKey ret;
# 314 : 16806 : ret.nDepth = nDepth;
# 315 : 16806 : memcpy(ret.vchFingerprint, vchFingerprint, 4);
# 316 : 16806 : ret.nChild = nChild;
# 317 : 16806 : ret.pubkey = key.GetPubKey();
# 318 : 16806 : ret.chaincode = chaincode;
# 319 : 16806 : return ret;
# 320 : 16806 : }
# 321 : :
# 322 : 529 : void CExtKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
# 323 : 529 : code[0] = nDepth;
# 324 : 529 : memcpy(code+1, vchFingerprint, 4);
# 325 : 529 : code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
# 326 : 529 : code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF;
# 327 : 529 : memcpy(code+9, chaincode.begin(), 32);
# 328 : 529 : code[41] = 0;
# 329 : 529 : assert(key.size() == 32);
# 330 : 529 : memcpy(code+42, key.begin(), 32);
# 331 : 529 : }
# 332 : :
# 333 : 303 : void CExtKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {
# 334 : 303 : nDepth = code[0];
# 335 : 303 : memcpy(vchFingerprint, code+1, 4);
# 336 : 303 : nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
# 337 : 303 : memcpy(chaincode.begin(), code+9, 32);
# 338 : 303 : key.Set(code+42, code+BIP32_EXTKEY_SIZE, true);
# 339 : 303 : }
# 340 : :
# 341 : 666 : bool ECC_InitSanityCheck() {
# 342 : 666 : CKey key;
# 343 : 666 : key.MakeNewKey(true);
# 344 : 666 : CPubKey pubkey = key.GetPubKey();
# 345 : 666 : return key.VerifyPubKey(pubkey);
# 346 : 666 : }
# 347 : :
# 348 : 1565 : void ECC_Start() {
# 349 : 1565 : assert(secp256k1_context_sign == nullptr);
# 350 : :
# 351 : 1565 : secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
# 352 : 1565 : assert(ctx != nullptr);
# 353 : :
# 354 : 1565 : {
# 355 : : // Pass in a random blinding seed to the secp256k1 context.
# 356 : 1565 : std::vector<unsigned char, secure_allocator<unsigned char>> vseed(32);
# 357 : 1565 : GetRandBytes(vseed.data(), 32);
# 358 : 1565 : bool ret = secp256k1_context_randomize(ctx, vseed.data());
# 359 : 1565 : assert(ret);
# 360 : 1565 : }
# 361 : :
# 362 : 1565 : secp256k1_context_sign = ctx;
# 363 : 1565 : }
# 364 : :
# 365 : 1531 : void ECC_Stop() {
# 366 : 1531 : secp256k1_context *ctx = secp256k1_context_sign;
# 367 : 1531 : secp256k1_context_sign = nullptr;
# 368 : :
# 369 [ + - ]: 1531 : if (ctx) {
# 370 : 1531 : secp256k1_context_destroy(ctx);
# 371 : 1531 : }
# 372 : 1531 : }
|