You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

key.h 5.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. // Copyright (c) 2009-2010 Satoshi Nakamoto
  2. // Copyright (c) 2009-2015 The Bitcoin Core developers
  3. // Distributed under the MIT software license, see the accompanying
  4. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
  5. #ifndef BITCOIN_KEY_H
  6. #define BITCOIN_KEY_H
  7. #include "pubkey.h"
  8. #include "serialize.h"
  9. #include "support/allocators/secure.h"
  10. #include "uint256.h"
  11. #include <stdexcept>
  12. #include <vector>
  13. /**
  14. * secp256k1:
  15. * const unsigned int PRIVATE_KEY_SIZE = 279;
  16. * const unsigned int PUBLIC_KEY_SIZE = 65;
  17. * const unsigned int SIGNATURE_SIZE = 72;
  18. *
  19. * see www.keylength.com
  20. * script supports up to 75 for single byte push
  21. */
  22. /**
  23. * secure_allocator is defined in allocators.h
  24. * CPrivKey is a serialized private key, with all parameters included (279 bytes)
  25. */
  26. typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  27. /** An encapsulated private key. */
  28. class CKey
  29. {
  30. private:
  31. //! Whether this private key is valid. We check for correctness when modifying the key
  32. //! data, so fValid should always correspond to the actual state.
  33. bool fValid;
  34. //! Whether the public key corresponding to this private key is (to be) compressed.
  35. bool fCompressed;
  36. //! The actual byte data
  37. unsigned char vch[32];
  38. //! Check whether the 32-byte array pointed to be vch is valid keydata.
  39. bool static Check(const unsigned char* vch);
  40. public:
  41. //! Construct an invalid private key.
  42. CKey() : fValid(false), fCompressed(false)
  43. {
  44. LockObject(vch);
  45. }
  46. //! Copy constructor. This is necessary because of memlocking.
  47. CKey(const CKey& secret) : fValid(secret.fValid), fCompressed(secret.fCompressed)
  48. {
  49. LockObject(vch);
  50. memcpy(vch, secret.vch, sizeof(vch));
  51. }
  52. //! Destructor (again necessary because of memlocking).
  53. ~CKey()
  54. {
  55. UnlockObject(vch);
  56. }
  57. friend bool operator==(const CKey& a, const CKey& b)
  58. {
  59. return a.fCompressed == b.fCompressed && a.size() == b.size() &&
  60. memcmp(&a.vch[0], &b.vch[0], a.size()) == 0;
  61. }
  62. //! Initialize using begin and end iterators to byte data.
  63. template <typename T>
  64. void Set(const T pbegin, const T pend, bool fCompressedIn)
  65. {
  66. if (pend - pbegin != 32) {
  67. fValid = false;
  68. return;
  69. }
  70. if (Check(&pbegin[0])) {
  71. memcpy(vch, (unsigned char*)&pbegin[0], 32);
  72. fValid = true;
  73. fCompressed = fCompressedIn;
  74. } else {
  75. fValid = false;
  76. }
  77. }
  78. //! Simple read-only vector-like interface.
  79. unsigned int size() const { return (fValid ? 32 : 0); }
  80. const unsigned char* begin() const { return vch; }
  81. const unsigned char* end() const { return vch + size(); }
  82. //! Check whether this private key is valid.
  83. bool IsValid() const { return fValid; }
  84. //! Check whether the public key corresponding to this private key is (to be) compressed.
  85. bool IsCompressed() const { return fCompressed; }
  86. //! Initialize from a CPrivKey (serialized OpenSSL private key data).
  87. bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);
  88. //! Generate a new private key using a cryptographic PRNG.
  89. void MakeNewKey(bool fCompressed);
  90. /**
  91. * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
  92. * This is expensive.
  93. */
  94. CPrivKey GetPrivKey() const;
  95. /**
  96. * Compute the public key from a private key.
  97. * This is expensive.
  98. */
  99. CPubKey GetPubKey() const;
  100. /**
  101. * Create a DER-serialized signature.
  102. * The test_case parameter tweaks the deterministic nonce.
  103. */
  104. bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
  105. /**
  106. * Create a compact signature (65 bytes), which allows reconstructing the used public key.
  107. * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
  108. * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
  109. * 0x1D = second key with even y, 0x1E = second key with odd y,
  110. * add 0x04 for compressed keys.
  111. */
  112. bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
  113. //! Derive BIP32 child key.
  114. bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
  115. /**
  116. * Verify thoroughly whether a private key and a public key match.
  117. * This is done using a different mechanism than just regenerating it.
  118. */
  119. bool VerifyPubKey(const CPubKey& vchPubKey) const;
  120. //! Load private key and check that public key matches.
  121. bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
  122. //! Check whether an element of a signature (r or s) is valid.
  123. static bool CheckSignatureElement(const unsigned char* vch, int len, bool half);
  124. };
  125. struct CExtKey {
  126. unsigned char nDepth;
  127. unsigned char vchFingerprint[4];
  128. unsigned int nChild;
  129. ChainCode chaincode;
  130. CKey key;
  131. friend bool operator==(const CExtKey& a, const CExtKey& b)
  132. {
  133. return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], 4) == 0 && a.nChild == b.nChild &&
  134. a.chaincode == b.chaincode && a.key == b.key;
  135. }
  136. void Encode(unsigned char code[74]) const;
  137. void Decode(const unsigned char code[74]);
  138. bool Derive(CExtKey& out, unsigned int nChild) const;
  139. CExtPubKey Neuter() const;
  140. void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
  141. };
  142. /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
  143. void ECC_Start(void);
  144. /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
  145. void ECC_Stop(void);
  146. /** Check that required EC support is available at runtime. */
  147. bool ECC_InitSanityCheck(void);
  148. #endif // BITCOIN_KEY_H