29 size_t rpos, rlen, spos, slen;
32 unsigned char tmpsig[64] = {0};
39 if (pos == inputlen || input[pos] != 0x30) {
45 if (pos == inputlen) {
48 lenbyte = input[pos++];
51 if (lenbyte > inputlen - pos) {
58 if (pos == inputlen || input[pos] != 0x02) {
64 if (pos == inputlen) {
67 lenbyte = input[pos++];
70 if (lenbyte > inputlen - pos) {
73 while (lenbyte > 0 && input[pos] == 0) {
77 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
83 rlen = (rlen << 8) + input[pos];
90 if (rlen > inputlen - pos) {
97 if (pos == inputlen || input[pos] != 0x02) {
103 if (pos == inputlen) {
106 lenbyte = input[pos++];
107 if (lenbyte & 0x80) {
109 if (lenbyte > inputlen - pos) {
112 while (lenbyte > 0 && input[pos] == 0) {
116 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
121 while (lenbyte > 0) {
122 slen = (slen << 8) + input[pos];
129 if (slen > inputlen - pos) {
135 while (rlen > 0 && input[rpos] == 0) {
143 memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
147 while (slen > 0 && input[spos] == 0) {
155 memcpy(tmpsig + 64 - slen, input + spos, slen);
164 memset(tmpsig, 0, 64);
196 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
210 if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
212 int recid = (vchSig[0] - 27) & 3;
213 bool fComp = ((vchSig[0] - 27) & 4) != 0;
216 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
223 unsigned char pub[SIZE];
224 size_t publen = SIZE;
226 Set(pub, pub + publen);
234 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
242 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
246 unsigned char pub[SIZE];
247 size_t publen = SIZE;
249 Set(pub, pub + publen);
255 assert((nChild >> 31) == 0);
257 unsigned char out[64];
258 BIP32Hash(cc, nChild, *begin(), begin()+1, out);
261 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
268 unsigned char pub[COMPRESSED_SIZE];
269 size_t publen = COMPRESSED_SIZE;
271 pubkeyChild.
Set(pub, pub + publen);
277 memcpy(code+1, vchFingerprint, 4);
278 code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
279 code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF;
280 memcpy(code+9, chaincode.begin(), 32);
287 memcpy(vchFingerprint, code+1, 4);
288 nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
289 memcpy(chaincode.begin(), code+9, 32);
290 pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);
295 CKeyID id = pubkey.GetID();
303 assert(secp256k1_context_verify &&
"secp256k1_context_verify must be initialized to use CPubKey.");
315 assert(secp256k1_context_verify ==
nullptr);
317 assert(secp256k1_context_verify !=
nullptr);
326 assert(secp256k1_context_verify !=
nullptr);
328 secp256k1_context_verify =
nullptr;
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
unsigned char vchFingerprint[4]
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
constexpr C * end() const noexcept
int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
constexpr std::size_t size() const noexcept
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
bool CheckPayToContract(const XOnlyPubKey &base, const uint256 &hash, bool parity) const
const unsigned char * data() const
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
#define SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
static constexpr unsigned int COMPRESSED_SIZE
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid()) ...
Opaque data structure that holds a parsed and valid "x-only" public key.
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
static secp256k1_context * ctx
An encapsulated public key.
XOnlyPubKey(Span< const unsigned char > bytes)
Construct an x-only pubkey from exactly 32 bytes.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Opaque data structured that holds a parsed ECDSA signature.
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
constexpr C * begin() const noexcept
bool Derive(CExtPubKey &out, unsigned int nChild) const
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
constexpr C * data() const noexcept
void * memcpy(void *a, const void *b, size_t c)
const unsigned int BIP32_EXTKEY_SIZE
A reference to a CKey: the Hash160 of its serialized public key.
A Span is an object that can refer to a contiguous sequence of objects.
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
bool Decompress()
Turn this public key into an uncompressed public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify a Schnorr signature.
Opaque data structure that holds a parsed and valid public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
const unsigned char * data() const