You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

key.h 6.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. // Copyright (c) 2009-2010 Satoshi Nakamoto
  2. // Copyright (c) 2009-2016 The Starwels developers
  3. // Distributed under the MIT software license, see the accompanying
  4. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
  5. #ifndef STARWELS_KEY_H
  6. #define STARWELS_KEY_H
  7. #include "pubkey.h"
  8. #include "serialize.h"
  9. #include "support/allocators/secure.h"
  10. #include "uint256.h"
  11. #include <stdexcept>
  12. #include <vector>
  13. /**
  14. * secp256k1:
  15. * const unsigned int PRIVATE_KEY_SIZE = 279;
  16. * const unsigned int PUBLIC_KEY_SIZE = 65;
  17. * const unsigned int SIGNATURE_SIZE = 72;
  18. *
  19. * see www.keylength.com
  20. * script supports up to 75 for single byte push
  21. */
  22. /**
  23. * secure_allocator is defined in allocators.h
  24. * CPrivKey is a serialized private key, with all parameters included (279 bytes)
  25. */
  26. typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  27. /** An encapsulated private key. */
  28. class CKey
  29. {
  30. private:
  31. //! Whether this private key is valid. We check for correctness when modifying the key
  32. //! data, so fValid should always correspond to the actual state.
  33. bool fValid;
  34. //! Whether the public key corresponding to this private key is (to be) compressed.
  35. bool fCompressed;
  36. //! The actual byte data
  37. std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
  38. //! Check whether the 32-byte array pointed to by vch is valid keydata.
  39. bool static Check(const unsigned char* vch);
  40. public:
  41. //! Construct an invalid private key.
  42. CKey() : fValid(false), fCompressed(false)
  43. {
  44. // Important: vch must be 32 bytes in length to not break serialization
  45. keydata.resize(32);
  46. }
  47. //! Destructor (again necessary because of memlocking).
  48. ~CKey()
  49. {
  50. }
  51. friend bool operator==(const CKey& a, const CKey& b)
  52. {
  53. return a.fCompressed == b.fCompressed &&
  54. a.size() == b.size() &&
  55. memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
  56. }
  57. //! Initialize using begin and end iterators to byte data.
  58. template <typename T>
  59. void Set(const T pbegin, const T pend, bool fCompressedIn)
  60. {
  61. if (size_t(pend - pbegin) != keydata.size()) {
  62. fValid = false;
  63. } else if (Check(&pbegin[0])) {
  64. memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
  65. fValid = true;
  66. fCompressed = fCompressedIn;
  67. } else {
  68. fValid = false;
  69. }
  70. }
  71. //! Simple read-only vector-like interface.
  72. unsigned int size() const { return (fValid ? keydata.size() : 0); }
  73. const unsigned char* begin() const { return keydata.data(); }
  74. const unsigned char* end() const { return keydata.data() + size(); }
  75. //! Check whether this private key is valid.
  76. bool IsValid() const { return fValid; }
  77. //! Check whether the public key corresponding to this private key is (to be) compressed.
  78. bool IsCompressed() const { return fCompressed; }
  79. //! Generate a new private key using a cryptographic PRNG.
  80. void MakeNewKey(bool fCompressed);
  81. /**
  82. * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
  83. * This is expensive.
  84. */
  85. CPrivKey GetPrivKey() const;
  86. /**
  87. * Compute the public key from a private key.
  88. * This is expensive.
  89. */
  90. CPubKey GetPubKey() const;
  91. /**
  92. * Create a DER-serialized signature.
  93. * The test_case parameter tweaks the deterministic nonce.
  94. */
  95. bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
  96. /**
  97. * Create a compact signature (65 bytes), which allows reconstructing the used public key.
  98. * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
  99. * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
  100. * 0x1D = second key with even y, 0x1E = second key with odd y,
  101. * add 0x04 for compressed keys.
  102. */
  103. bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
  104. //! Derive BIP32 child key.
  105. bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
  106. /**
  107. * Verify thoroughly whether a private key and a public key match.
  108. * This is done using a different mechanism than just regenerating it.
  109. */
  110. bool VerifyPubKey(const CPubKey& vchPubKey) const;
  111. //! Load private key and check that public key matches.
  112. bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
  113. };
  114. struct CExtKey {
  115. unsigned char nDepth;
  116. unsigned char vchFingerprint[4];
  117. unsigned int nChild;
  118. ChainCode chaincode;
  119. CKey key;
  120. friend bool operator==(const CExtKey& a, const CExtKey& b)
  121. {
  122. return a.nDepth == b.nDepth &&
  123. memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 &&
  124. a.nChild == b.nChild &&
  125. a.chaincode == b.chaincode &&
  126. a.key == b.key;
  127. }
  128. void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
  129. void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
  130. bool Derive(CExtKey& out, unsigned int nChild) const;
  131. CExtPubKey Neuter() const;
  132. void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
  133. template <typename Stream>
  134. void Serialize(Stream& s) const
  135. {
  136. unsigned int len = BIP32_EXTKEY_SIZE;
  137. ::WriteCompactSize(s, len);
  138. unsigned char code[BIP32_EXTKEY_SIZE];
  139. Encode(code);
  140. s.write((const char *)&code[0], len);
  141. }
  142. template <typename Stream>
  143. void Unserialize(Stream& s)
  144. {
  145. unsigned int len = ::ReadCompactSize(s);
  146. unsigned char code[BIP32_EXTKEY_SIZE];
  147. if (len != BIP32_EXTKEY_SIZE)
  148. throw std::runtime_error("Invalid extended key size\n");
  149. s.read((char *)&code[0], len);
  150. Decode(code);
  151. }
  152. };
  153. /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
  154. void ECC_Start(void);
  155. /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
  156. void ECC_Stop(void);
  157. /** Check that required EC support is available at runtime. */
  158. bool ECC_InitSanityCheck(void);
  159. #endif // STARWELS_KEY_H