25struct Secp256k1SelfTester
27 Secp256k1SelfTester() {
31} SECP256K1_SELFTESTER;
46 size_t rpos, rlen, spos, slen;
49 unsigned char tmpsig[64] = {0};
56 if (pos == inputlen || input[pos] != 0x30) {
62 if (pos == inputlen) {
65 lenbyte = input[pos++];
68 if (lenbyte > inputlen - pos) {
75 if (pos == inputlen || input[pos] != 0x02) {
81 if (pos == inputlen) {
84 lenbyte = input[pos++];
87 if (lenbyte > inputlen - pos) {
90 while (lenbyte > 0 && input[pos] == 0) {
94 static_assert(
sizeof(size_t) >= 4,
"size_t too small");
100 rlen = (rlen << 8) + input[pos];
107 if (rlen > inputlen - pos) {
114 if (pos == inputlen || input[pos] != 0x02) {
120 if (pos == inputlen) {
123 lenbyte = input[pos++];
124 if (lenbyte & 0x80) {
126 if (lenbyte > inputlen - pos) {
129 while (lenbyte > 0 && input[pos] == 0) {
133 static_assert(
sizeof(size_t) >= 4,
"size_t too small");
138 while (lenbyte > 0) {
139 slen = (slen << 8) + input[pos];
146 if (slen > inputlen - pos) {
152 while (rlen > 0 && input[rpos] == 0) {
160 memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
164 while (slen > 0 && input[spos] == 0) {
172 memcpy(tmpsig + 64 - slen, input + spos, slen);
181 memset(tmpsig, 0, 64);
199 std::vector<CKeyID>
out;
203 unsigned char b[33] = {0x02};
206 fullpubkey.
Set(b, b + 33);
209 fullpubkey.
Set(b, b + 33);
217 std::copy(
begin(),
end(), full_key + 1);
239 if (merkle_root ==
nullptr) {
264 std::pair<XOnlyPubKey, bool>
ret;
268 assert(parity == 0 || parity == 1);
294 int recid = (vchSig[0] - 27) & 3;
295 bool fComp = ((vchSig[0] - 27) & 4) != 0;
304 unsigned char pub[
SIZE];
305 size_t publen =
SIZE;
307 Set(pub, pub + publen);
325 unsigned char pub[
SIZE];
326 size_t publen =
SIZE;
328 Set(pub, pub + publen);
334 assert((nChild >> 31) == 0);
336 unsigned char out[64];
338 memcpy(ccChild.
begin(),
out+32, 32);
349 pubkeyChild.
Set(pub, pub + publen);
355 assert(ellswift.size() == SIZE);
356 std::copy(ellswift.begin(), ellswift.end(), m_pubkey.begin());
365 std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
368 assert(sz == vch_bytes.size());
404 if (
nDepth == std::numeric_limits<unsigned char>::max())
return false;
407 memcpy(
out.vchFingerprint, &
id, 4);
408 out.nChild = _nChild;
A reference to a CKey: the Hash160 of its serialized public key.
An encapsulated public key.
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
static constexpr unsigned int COMPRESSED_SIZE
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
bool Decompress()
Turn this public key into an uncompressed public key.
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
static constexpr unsigned int SIZE
secp256k1:
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
const unsigned char * begin() const
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
A writer stream (for serialization) that computes a 256-bit hash.
constexpr std::size_t size() const noexcept
constexpr C * data() const noexcept
const unsigned char * end() const
const unsigned char * begin() const
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
const unsigned char * data() const
CPubKey GetEvenCorrespondingCPubKey() const
bool IsFullyValid() const
Determine if this pubkey is fully valid.
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
constexpr unsigned char * end()
constexpr unsigned char * begin()
constexpr const unsigned char * data() const
static uint32_t ReadLE32(const unsigned char *ptr)
static void WriteBE32(unsigned char *ptr, uint32_t x)
static uint32_t ReadBE32(const unsigned char *ptr)
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
static const HashWriter HASHER_TAPTWEAK
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_SIZE
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
unsigned char * UCharCast(char *c)
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
bool Derive(CExtPubKey &out, unsigned int nChild) const
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
unsigned char vchFingerprint[4]
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
std::array< std::byte, SIZE > m_pubkey
CPubKey Decode() const
Decode to normal compressed CPubKey (for debugging purposes).
EllSwiftPubKey() noexcept=default
Default constructor creates all-zero pubkey (which is valid).
Opaque data structure that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structure that holds a parsed ECDSA signature.
Opaque data structure that holds a parsed and valid public key.
Opaque data structure that holds a parsed and valid "x-only" public key.