Bitcoin Core 29.99.0
P2P Digital Currency
pubkey.cpp
Go to the documentation of this file.
1// Copyright (c) 2009-present The Bitcoin Core developers
2// Copyright (c) 2017 The Zcash developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6#include <pubkey.h>
7
8#include <hash.h>
9#include <secp256k1.h>
10#include <secp256k1_ellswift.h>
11#include <secp256k1_extrakeys.h>
12#include <secp256k1_recovery.h>
14#include <span.h>
15#include <uint256.h>
16#include <util/strencodings.h>
17
18#include <algorithm>
19#include <cassert>
20
21using namespace util::hex_literals;
22
23namespace {
24
25struct Secp256k1SelfTester
26{
27 Secp256k1SelfTester() {
28 /* Run libsecp256k1 self-test before using the secp256k1_context_static. */
30 }
31} SECP256K1_SELFTESTER;
32
33} // namespace
34
45int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
46 size_t rpos, rlen, spos, slen;
47 size_t pos = 0;
48 size_t lenbyte;
49 unsigned char tmpsig[64] = {0};
50 int overflow = 0;
51
52 /* Hack to initialize sig with a correctly-parsed but invalid signature. */
54
55 /* Sequence tag byte */
56 if (pos == inputlen || input[pos] != 0x30) {
57 return 0;
58 }
59 pos++;
60
61 /* Sequence length bytes */
62 if (pos == inputlen) {
63 return 0;
64 }
65 lenbyte = input[pos++];
66 if (lenbyte & 0x80) {
67 lenbyte -= 0x80;
68 if (lenbyte > inputlen - pos) {
69 return 0;
70 }
71 pos += lenbyte;
72 }
73
74 /* Integer tag byte for R */
75 if (pos == inputlen || input[pos] != 0x02) {
76 return 0;
77 }
78 pos++;
79
80 /* Integer length for R */
81 if (pos == inputlen) {
82 return 0;
83 }
84 lenbyte = input[pos++];
85 if (lenbyte & 0x80) {
86 lenbyte -= 0x80;
87 if (lenbyte > inputlen - pos) {
88 return 0;
89 }
90 while (lenbyte > 0 && input[pos] == 0) {
91 pos++;
92 lenbyte--;
93 }
94 static_assert(sizeof(size_t) >= 4, "size_t too small");
95 if (lenbyte >= 4) {
96 return 0;
97 }
98 rlen = 0;
99 while (lenbyte > 0) {
100 rlen = (rlen << 8) + input[pos];
101 pos++;
102 lenbyte--;
103 }
104 } else {
105 rlen = lenbyte;
106 }
107 if (rlen > inputlen - pos) {
108 return 0;
109 }
110 rpos = pos;
111 pos += rlen;
112
113 /* Integer tag byte for S */
114 if (pos == inputlen || input[pos] != 0x02) {
115 return 0;
116 }
117 pos++;
118
119 /* Integer length for S */
120 if (pos == inputlen) {
121 return 0;
122 }
123 lenbyte = input[pos++];
124 if (lenbyte & 0x80) {
125 lenbyte -= 0x80;
126 if (lenbyte > inputlen - pos) {
127 return 0;
128 }
129 while (lenbyte > 0 && input[pos] == 0) {
130 pos++;
131 lenbyte--;
132 }
133 static_assert(sizeof(size_t) >= 4, "size_t too small");
134 if (lenbyte >= 4) {
135 return 0;
136 }
137 slen = 0;
138 while (lenbyte > 0) {
139 slen = (slen << 8) + input[pos];
140 pos++;
141 lenbyte--;
142 }
143 } else {
144 slen = lenbyte;
145 }
146 if (slen > inputlen - pos) {
147 return 0;
148 }
149 spos = pos;
150
151 /* Ignore leading zeroes in R */
152 while (rlen > 0 && input[rpos] == 0) {
153 rlen--;
154 rpos++;
155 }
156 /* Copy R value */
157 if (rlen > 32) {
158 overflow = 1;
159 } else {
160 memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
161 }
162
163 /* Ignore leading zeroes in S */
164 while (slen > 0 && input[spos] == 0) {
165 slen--;
166 spos++;
167 }
168 /* Copy S value */
169 if (slen > 32) {
170 overflow = 1;
171 } else {
172 memcpy(tmpsig + 64 - slen, input + spos, slen);
173 }
174
175 if (!overflow) {
177 }
178 if (overflow) {
179 /* Overwrite the result again with a correctly-parsed but invalid
180 signature if parsing failed. */
181 memset(tmpsig, 0, 64);
183 }
184 return 1;
185}
186
196 // Use immediate lambda to work around GCC-14 bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117966
197 []() consteval { return XOnlyPubKey{"50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0"_hex_u8}; }(),
198};
199
200std::vector<CPubKey> XOnlyPubKey::GetCPubKeys() const
201{
202 std::vector<CPubKey> out;
203 unsigned char b[33] = {0x02};
204 std::copy(m_keydata.begin(), m_keydata.end(), b + 1);
205 CPubKey fullpubkey;
206 fullpubkey.Set(b, b + 33);
207 out.push_back(fullpubkey);
208 b[0] = 0x03;
209 fullpubkey.Set(b, b + 33);
210 out.push_back(fullpubkey);
211 return out;
212}
213
214std::vector<CKeyID> XOnlyPubKey::GetKeyIDs() const
215{
216 std::vector<CKeyID> out;
217 for (const CPubKey& pk : GetCPubKeys()) {
218 out.push_back(pk.GetID());
219 }
220 return out;
221}
222
224{
225 unsigned char full_key[CPubKey::COMPRESSED_SIZE] = {0x02};
226 std::copy(begin(), end(), full_key + 1);
227 return CPubKey{full_key};
228}
229
231{
234}
235
236bool XOnlyPubKey::VerifySchnorr(const uint256& msg, std::span<const unsigned char> sigbytes) const
237{
238 assert(sigbytes.size() == 64);
241 return secp256k1_schnorrsig_verify(secp256k1_context_static, sigbytes.data(), msg.begin(), 32, &pubkey);
242}
243
244static const HashWriter HASHER_TAPTWEAK{TaggedHash("TapTweak")};
245
247{
248 if (merkle_root == nullptr) {
249 // We have no scripts. The actual tweak does not matter, but follow BIP341 here to
250 // allow for reproducible tweaking.
251 return (HashWriter{HASHER_TAPTWEAK} << m_keydata).GetSHA256();
252 } else {
253 return (HashWriter{HASHER_TAPTWEAK} << m_keydata << *merkle_root).GetSHA256();
254 }
255}
256
257bool XOnlyPubKey::CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const
258{
259 secp256k1_xonly_pubkey internal_key;
260 if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &internal_key, internal.data())) return false;
261 uint256 tweak = internal.ComputeTapTweakHash(&merkle_root);
263}
264
265std::optional<std::pair<XOnlyPubKey, bool>> XOnlyPubKey::CreateTapTweak(const uint256* merkle_root) const
266{
267 secp256k1_xonly_pubkey base_point;
268 if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &base_point, data())) return std::nullopt;
270 uint256 tweak = ComputeTapTweakHash(merkle_root);
271 if (!secp256k1_xonly_pubkey_tweak_add(secp256k1_context_static, &out, &base_point, tweak.data())) return std::nullopt;
272 int parity = -1;
273 std::pair<XOnlyPubKey, bool> ret;
274 secp256k1_xonly_pubkey out_xonly;
275 if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_static, &out_xonly, &parity, &out)) return std::nullopt;
277 assert(parity == 0 || parity == 1);
278 ret.second = parity;
279 return ret;
280}
281
282
283bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
284 if (!IsValid())
285 return false;
286 secp256k1_pubkey pubkey;
289 return false;
290 }
291 if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
292 return false;
293 }
294 /* libsecp256k1's ECDSA verification requires lower-S signatures, which have
295 * not historically been enforced in Bitcoin, so normalize them first. */
297 return secp256k1_ecdsa_verify(secp256k1_context_static, &sig, hash.begin(), &pubkey);
298}
299
300bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
301 if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
302 return false;
303 int recid = (vchSig[0] - 27) & 3;
304 bool fComp = ((vchSig[0] - 27) & 4) != 0;
305 secp256k1_pubkey pubkey;
308 return false;
309 }
310 if (!secp256k1_ecdsa_recover(secp256k1_context_static, &pubkey, &sig, hash.begin())) {
311 return false;
312 }
313 unsigned char pub[SIZE];
314 size_t publen = SIZE;
316 Set(pub, pub + publen);
317 return true;
318}
319
321 if (!IsValid())
322 return false;
323 secp256k1_pubkey pubkey;
325}
326
328 if (!IsValid())
329 return false;
330 secp256k1_pubkey pubkey;
332 return false;
333 }
334 unsigned char pub[SIZE];
335 size_t publen = SIZE;
337 Set(pub, pub + publen);
338 return true;
339}
340
341bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
342 assert(IsValid());
343 assert((nChild >> 31) == 0);
345 unsigned char out[64];
346 BIP32Hash(cc, nChild, *begin(), begin()+1, out);
347 memcpy(ccChild.begin(), out+32, 32);
348 secp256k1_pubkey pubkey;
350 return false;
351 }
353 return false;
354 }
355 unsigned char pub[COMPRESSED_SIZE];
356 size_t publen = COMPRESSED_SIZE;
358 pubkeyChild.Set(pub, pub + publen);
359 return true;
360}
361
362EllSwiftPubKey::EllSwiftPubKey(std::span<const std::byte> ellswift) noexcept
363{
364 assert(ellswift.size() == SIZE);
365 std::copy(ellswift.begin(), ellswift.end(), m_pubkey.begin());
366}
367
369{
370 secp256k1_pubkey pubkey;
372
373 size_t sz = CPubKey::COMPRESSED_SIZE;
374 std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
375
377 assert(sz == vch_bytes.size());
378
379 return CPubKey{vch_bytes.begin(), vch_bytes.end()};
380}
381
382void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
383 code[0] = nDepth;
384 memcpy(code+1, vchFingerprint, 4);
385 WriteBE32(code+5, nChild);
386 memcpy(code+9, chaincode.begin(), 32);
388 memcpy(code+41, pubkey.begin(), CPubKey::COMPRESSED_SIZE);
389}
390
391void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {
392 nDepth = code[0];
393 memcpy(vchFingerprint, code+1, 4);
394 nChild = ReadBE32(code+5);
395 memcpy(chaincode.begin(), code+9, 32);
396 pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);
397 if ((nDepth == 0 && (nChild != 0 || ReadLE32(vchFingerprint) != 0)) || !pubkey.IsFullyValid()) pubkey = CPubKey();
398}
399
401{
402 memcpy(code, version, 4);
403 Encode(&code[4]);
404}
405
407{
408 memcpy(version, code, 4);
409 Decode(&code[4]);
410}
411
412bool CExtPubKey::Derive(CExtPubKey &out, unsigned int _nChild) const {
413 if (nDepth == std::numeric_limits<unsigned char>::max()) return false;
414 out.nDepth = nDepth + 1;
415 CKeyID id = pubkey.GetID();
416 memcpy(out.vchFingerprint, &id, 4);
417 out.nChild = _nChild;
418 return pubkey.Derive(out.pubkey, out.chaincode, _nChild, chaincode);
419}
420
421/* static */ bool CPubKey::CheckLowS(const std::vector<unsigned char>& vchSig) {
423 if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
424 return false;
425 }
427}
int ret
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
An encapsulated public key.
Definition: pubkey.h:34
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:300
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:421
bool IsValid() const
Definition: pubkey.h:189
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:327
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:283
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:320
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
const unsigned char * begin() const
Definition: pubkey.h:114
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
Definition: pubkey.h:57
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:341
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:42
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101
const unsigned char * end() const
Definition: pubkey.h:300
std::vector< CPubKey > GetCPubKeys() const
Returns this XOnlyPubKey with 0x02 and 0x03 prefixes.
Definition: pubkey.cpp:200
const unsigned char * begin() const
Definition: pubkey.h:299
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:265
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
Definition: pubkey.cpp:257
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:239
const unsigned char * data() const
Definition: pubkey.h:298
bool VerifySchnorr(const uint256 &msg, std::span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:236
CPubKey GetEvenCorrespondingCPubKey() const
Definition: pubkey.cpp:223
uint256 m_keydata
Definition: pubkey.h:233
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:230
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
Definition: pubkey.cpp:214
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:246
constexpr unsigned char * end()
Definition: uint256.h:102
constexpr unsigned char * begin()
Definition: uint256.h:101
constexpr const unsigned char * data() const
Definition: uint256.h:98
256-bit opaque blob.
Definition: uint256.h:196
uint32_t ReadLE32(const B *ptr)
Definition: common.h:27
void WriteBE32(B *ptr, uint32_t x)
Definition: common.h:95
uint32_t ReadBE32(const B *ptr)
Definition: common.h:72
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
Definition: hash.cpp:71
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
Definition: hash.cpp:85
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
Definition: musig.c:64
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
Definition: strencodings.h:384
static const HashWriter HASHER_TAPTWEAK
Definition: pubkey.cpp:244
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
Definition: pubkey.cpp:45
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:385
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:268
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:250
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
Definition: secp256k1.c:86
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:224
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:450
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:245
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:431
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:687
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:225
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
Definition: main_impl.h:489
SECP256K1_API int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
Definition: main_impl.h:99
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an xonly_pubkey object into a 32-byte sequence.
Definition: main_impl.h:44
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_...
Definition: main_impl.h:135
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Tweak an x-only public key by adding the generator multiplied with tweak32 to it.
Definition: main_impl.h:118
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a 32-byte sequence into a xonly_pubkey object.
Definition: main_impl.h:22
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
Definition: main_impl.h:223
unsigned char * UCharCast(char *c)
Definition: span.h:95
unsigned char version[4]
Definition: pubkey.h:347
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
Definition: pubkey.cpp:382
ChainCode chaincode
Definition: pubkey.h:351
bool Derive(CExtPubKey &out, unsigned int nChild) const
Definition: pubkey.cpp:412
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:406
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
Definition: pubkey.cpp:400
unsigned char vchFingerprint[4]
Definition: pubkey.h:349
unsigned char nDepth
Definition: pubkey.h:348
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
Definition: pubkey.cpp:391
CPubKey pubkey
Definition: pubkey.h:352
unsigned int nChild
Definition: pubkey.h:350
std::array< std::byte, SIZE > m_pubkey
Definition: pubkey.h:317
CPubKey Decode() const
Decode to normal compressed CPubKey (for debugging purposes).
Definition: pubkey.cpp:368
EllSwiftPubKey() noexcept=default
Default constructor creates all-zero pubkey (which is valid).
Opaque data structure that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structure that holds a parsed ECDSA signature.
Definition: secp256k1.h:74
unsigned char data[64]
Definition: secp256k1.h:75
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61
Opaque data structure that holds a parsed and valid "x-only" public key.
assert(!tx.IsCoinBase())