key_8h_source.html

// Copyright (c) 2009-2010 Satoshi Nakamoto

// Copyright (c) 2009-2022 The Bitcoin Core developers

// Copyright (c) 2017 The Zcash developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#ifndef BITCOIN_KEY_H

#define BITCOIN_KEY_H


#include <pubkey.h>

#include <serialize.h>

#include <support/allocators/secure.h>

#include <uint256.h>


#include <stdexcept>

#include <vector>


typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;


constexpr static size_t ECDH_SECRET_SIZE = CSHA256::OUTPUT_SIZE;


// Used to represent ECDH shared secret (ECDH_SECRET_SIZE bytes)

using ECDHSecret = std::array<std::byte, ECDH_SECRET_SIZE>;


class KeyPair;


class CKey

{

public:

    static const unsigned int SIZE            = 279;

    static const unsigned int COMPRESSED_SIZE = 214;

    static_assert(

        SIZE >= COMPRESSED_SIZE,

        "COMPRESSED_SIZE is larger than SIZE");


private:

    using KeyType = std::array<unsigned char, 32>;


    bool fCompressed{false};


    secure_unique_ptr<KeyType> keydata;


    bool static Check(const unsigned char* vch);


    void MakeKeyData()

    {

        if (!keydata) keydata = make_secure_unique<KeyType>();

    }


    void ClearKeyData()

    {

        keydata.reset();

    }


public:

    CKey() noexcept = default;

    CKey(CKey&&) noexcept = default;

    CKey& operator=(CKey&&) noexcept = default;


    CKey& operator=(const CKey& other)

    {

        if (this != &other) {

            if (other.keydata) {

                MakeKeyData();

                *keydata = *other.keydata;

            } else {

                ClearKeyData();

            }

            fCompressed = other.fCompressed;

        }

        return *this;

    }


    CKey(const CKey& other) { *this = other; }


    friend bool operator==(const CKey& a, const CKey& b)

    {

        return a.fCompressed == b.fCompressed &&

            a.size() == b.size() &&

            memcmp(a.data(), b.data(), a.size()) == 0;

    }


    template <typename T>

    void Set(const T pbegin, const T pend, bool fCompressedIn)

    {

        if (size_t(pend - pbegin) != std::tuple_size_v<KeyType>) {

            ClearKeyData();

        } else if (Check(UCharCast(&pbegin[0]))) {

            MakeKeyData();

            memcpy(keydata->data(), (unsigned char*)&pbegin[0], keydata->size());

            fCompressed = fCompressedIn;

        } else {

            ClearKeyData();

        }

    }


    unsigned int size() const { return keydata ? keydata->size() : 0; }

    const std::byte* data() const { return keydata ? reinterpret_cast<const std::byte*>(keydata->data()) : nullptr; }

    const std::byte* begin() const { return data(); }

    const std::byte* end() const { return data() + size(); }


    bool IsValid() const { return !!keydata; }


    bool IsCompressed() const { return fCompressed; }


    void MakeNewKey(bool fCompressed);


    CPrivKey GetPrivKey() const;


    CPubKey GetPubKey() const;


    bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, bool grind = true, uint32_t test_case = 0) const;


    bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;


    bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256* merkle_root, const uint256& aux) const;


    [[nodiscard]] bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;


    bool VerifyPubKey(const CPubKey& vchPubKey) const;


    bool Load(const CPrivKey& privkey, const CPubKey& vchPubKey, bool fSkipCheck);


    EllSwiftPubKey EllSwiftCreate(Span<const std::byte> entropy) const;


    ECDHSecret ComputeBIP324ECDHSecret(const EllSwiftPubKey& their_ellswift,

                                       const EllSwiftPubKey& our_ellswift,

                                       bool initiating) const;

    KeyPair ComputeKeyPair(const uint256* merkle_root) const;

};


CKey GenerateRandomKey(bool compressed = true) noexcept;


struct CExtKey {

    unsigned char nDepth;

    unsigned char vchFingerprint[4];

    unsigned int nChild;

    ChainCode chaincode;

    CKey key;


    friend bool operator==(const CExtKey& a, const CExtKey& b)

    {

        return a.nDepth == b.nDepth &&

            memcmp(a.vchFingerprint, b.vchFingerprint, sizeof(vchFingerprint)) == 0 &&

            a.nChild == b.nChild &&

            a.chaincode == b.chaincode &&

            a.key == b.key;

    }


    CExtKey() = default;

    CExtKey(const CExtPubKey& xpub, const CKey& key_in) : nDepth(xpub.nDepth), nChild(xpub.nChild), chaincode(xpub.chaincode), key(key_in)

    {

        std::copy(xpub.vchFingerprint, xpub.vchFingerprint + sizeof(xpub.vchFingerprint), vchFingerprint);

    }


    void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;

    void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);

    [[nodiscard]] bool Derive(CExtKey& out, unsigned int nChild) const;

    CExtPubKey Neuter() const;

    void SetSeed(Span<const std::byte> seed);

};


class KeyPair

{

public:

    KeyPair() noexcept = default;

    KeyPair(KeyPair&&) noexcept = default;

    KeyPair& operator=(KeyPair&&) noexcept = default;

    KeyPair& operator=(const KeyPair& other)

    {

        if (this != &other) {

            if (other.m_keypair) {

                MakeKeyPairData();

                *m_keypair = *other.m_keypair;

            } else {

                ClearKeyPairData();

            }

        }

        return *this;

    }


    KeyPair(const KeyPair& other) { *this = other; }


    friend KeyPair CKey::ComputeKeyPair(const uint256* merkle_root) const;

    [[nodiscard]] bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256& aux) const;


    bool IsValid() const { return !!m_keypair; }


private:

    KeyPair(const CKey& key, const uint256* merkle_root);


    using KeyType = std::array<unsigned char, 96>;

    secure_unique_ptr<KeyType> m_keypair;


    void MakeKeyPairData()

    {

        if (!m_keypair) m_keypair = make_secure_unique<KeyType>();

    }


    void ClearKeyPairData()

    {

        m_keypair.reset();

    }

};


bool ECC_InitSanityCheck();


class ECC_Context

{

public:

    ECC_Context();

    ~ECC_Context();

};


#endif // BITCOIN_KEY_H

CKey
An encapsulated private key.
Definition: key.h:35

CKey::CKey
CKey() noexcept=default

CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root, const uint256 &aux) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:272

CKey::ComputeKeyPair
KeyPair ComputeKeyPair(const uint256 *merkle_root) const
Compute a KeyPair.
Definition: key.cpp:347

CKey::SIZE
static const unsigned int SIZE
secp256k1:
Definition: key.h:40

CKey::MakeKeyData
void MakeKeyData()
Definition: key.h:63

CKey::operator==
friend bool operator==(const CKey &a, const CKey &b)
Definition: key.h:94

CKey::ClearKeyData
void ClearKeyData()
Definition: key.h:68

CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:117

CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:123

CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:208

CKey::begin
const std::byte * begin() const
Definition: key.h:119

CKey::ComputeBIP324ECDHSecret
ECDHSecret ComputeBIP324ECDHSecret(const EllSwiftPubKey &their_ellswift, const EllSwiftPubKey &our_ellswift, bool initiating) const
Compute a BIP324-style ECDH shared secret.
Definition: key.cpp:327

CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:169

CKey::COMPRESSED_SIZE
static const unsigned int COMPRESSED_SIZE
Definition: key.h:41

CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:126

CKey::MakeNewKey
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Definition: key.cpp:161

CKey::fCompressed
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:55

CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182

CKey::end
const std::byte * end() const
Definition: key.h:120

CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:103

CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:236

CKey::EllSwiftCreate
EllSwiftPubKey EllSwiftCreate(Span< const std::byte > entropy) const
Create an ellswift-encoded public key for this key, with specified entropy.
Definition: key.cpp:311

CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:278

CKey::Check
static bool Check(const unsigned char *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
Definition: key.cpp:157

CKey::KeyType
std::array< unsigned char, 32 > KeyType
see www.keylength.com script supports up to 75 for single byte push
Definition: key.h:52

CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:292

CKey::keydata
secure_unique_ptr< KeyType > keydata
The actual byte data. nullptr for invalid keys.
Definition: key.h:58

CKey::CKey
CKey(const CKey &other)
Definition: key.h:92

CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:249

CKey::data
const std::byte * data() const
Definition: key.h:118

CPubKey
An encapsulated public key.
Definition: pubkey.h:34

CSHA256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: sha256.h:21

ECC_Context
RAII class initializing and deinitializing global state for elliptic curve support.
Definition: key.h:322

ECC_Context::ECC_Context
ECC_Context()
Definition: key.cpp:476

ECC_Context::~ECC_Context
~ECC_Context()
Definition: key.cpp:481

KeyPair
KeyPair.
Definition: key.h:268

KeyPair::KeyPair
KeyPair() noexcept=default

KeyPair::MakeKeyPairData
void MakeKeyPairData()
Definition: key.h:300

KeyPair::KeyType
std::array< unsigned char, 96 > KeyType
Definition: key.h:297

KeyPair::IsValid
bool IsValid() const
Check whether this keypair is valid.
Definition: key.h:292

KeyPair::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 &aux) const
Definition: key.cpp:426

KeyPair::m_keypair
secure_unique_ptr< KeyType > m_keypair
Definition: key.h:298

KeyPair::KeyPair
KeyPair(const KeyPair &other)
Definition: key.h:286

KeyPair::ClearKeyPairData
void ClearKeyPairData()
Definition: key.h:305

Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:98

uint256
256-bit opaque blob.
Definition: uint256.h:190

CPrivKey
std::vector< unsigned char, secure_allocator< unsigned char > > CPrivKey
CPrivKey is a serialized private key, with all parameters included (SIZE bytes)
Definition: key.h:23

ECDH_SECRET_SIZE
static constexpr size_t ECDH_SECRET_SIZE
Size of ECDH shared secrets.
Definition: key.h:26

ECDHSecret
std::array< std::byte, ECDH_SECRET_SIZE > ECDHSecret
Definition: key.h:29

ECC_InitSanityCheck
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
Definition: key.cpp:442

GenerateRandomKey
CKey GenerateRandomKey(bool compressed=true) noexcept
Definition: key.cpp:352

bech32::Decode
DecodeResult Decode(const std::string &str, CharLimit limit)
Decode a Bech32 or Bech32m string.
Definition: bech32.cpp:374

bech32::Encode
std::string Encode(Encoding encoding, const std::string &hrp, const data &values)
Encode a Bech32 or Bech32m string.
Definition: bech32.cpp:358

tests_wycheproof_generate.out
string out
Definition: tests_wycheproof_generate.py:28

pubkey.h

BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19

secure.h

secure_unique_ptr
std::unique_ptr< T, SecureUniqueDeleter< T > > secure_unique_ptr
Definition: secure.h:68

serialize.h

UCharCast
unsigned char * UCharCast(char *c)
Definition: span.h:281

ByteUnit::T
@ T

CExtKey
Definition: key.h:227

CExtKey::CExtKey
CExtKey()=default

CExtKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: key.h:229

CExtKey::CExtKey
CExtKey(const CExtPubKey &xpub, const CKey &key_in)
Definition: key.h:244

CExtKey::key
CKey key
Definition: key.h:232

CExtKey::nDepth
unsigned char nDepth
Definition: key.h:228

CExtKey::chaincode
ChainCode chaincode
Definition: key.h:231

CExtKey::operator==
friend bool operator==(const CExtKey &a, const CExtKey &b)
Definition: key.h:234

CExtKey::nChild
unsigned int nChild
Definition: key.h:230

CExtPubKey
Definition: pubkey.h:342

CExtPubKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: pubkey.h:345

EllSwiftPubKey
An ElligatorSwift-encoded public key.
Definition: pubkey.h:310

uint256.h