pubkey_8h_source.html

// Copyright (c) 2009-2010 Satoshi Nakamoto

// Copyright (c) 2009-present The Bitcoin Core developers

// Copyright (c) 2017 The Zcash developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#ifndef BITCOIN_PUBKEY_H

#define BITCOIN_PUBKEY_H


#include <hash.h>

#include <serialize.h>

#include <span.h>

#include <uint256.h>


#include <cstring>

#include <optional>

#include <vector>


const unsigned int BIP32_EXTKEY_SIZE = 74;

const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE = 78;


class CKeyID : public uint160

{

public:

    CKeyID() : uint160() {}

    explicit CKeyID(const uint160& in) : uint160(in) {}

};


typedef uint256 ChainCode;


class CPubKey

{

public:

    static constexpr unsigned int SIZE                   = 65;

    static constexpr unsigned int COMPRESSED_SIZE        = 33;

    static constexpr unsigned int SIGNATURE_SIZE         = 72;

    static constexpr unsigned int COMPACT_SIGNATURE_SIZE = 65;

    static_assert(

        SIZE >= COMPRESSED_SIZE,

        "COMPRESSED_SIZE is larger than SIZE");


private:


    unsigned char vch[SIZE];


    unsigned int static GetLen(unsigned char chHeader)

    {

        if (chHeader == 2 || chHeader == 3)

            return COMPRESSED_SIZE;

        if (chHeader == 4 || chHeader == 6 || chHeader == 7)

            return SIZE;

        return 0;

    }


    void Invalidate()

    {

        vch[0] = 0xFF;

    }


public:


    bool static ValidSize(const std::vector<unsigned char> &vch) {

      return vch.size() > 0 && GetLen(vch[0]) == vch.size();

    }


    CPubKey()

    {

        Invalidate();

    }


    template <typename T>

    void Set(const T pbegin, const T pend)

    {

        int len = pend == pbegin ? 0 : GetLen(pbegin[0]);

        if (len && len == (pend - pbegin))

            memcpy(vch, (unsigned char*)&pbegin[0], len);

        else

            Invalidate();

    }


    template <typename T>

    CPubKey(const T pbegin, const T pend)

    {

        Set(pbegin, pend);

    }


    explicit CPubKey(std::span<const uint8_t> _vch)

    {

        Set(_vch.begin(), _vch.end());

    }


    unsigned int size() const { return GetLen(vch[0]); }

    const unsigned char* data() const { return vch; }

    const unsigned char* begin() const { return vch; }

    const unsigned char* end() const { return vch + size(); }

    const unsigned char& operator[](unsigned int pos) const { return vch[pos]; }


    friend bool operator==(const CPubKey& a, const CPubKey& b)

    {

        return a.vch[0] == b.vch[0] &&

               memcmp(a.vch, b.vch, a.size()) == 0;

    }

    friend bool operator<(const CPubKey& a, const CPubKey& b)

    {

        return a.vch[0] < b.vch[0] ||

               (a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) < 0);

    }

    friend bool operator>(const CPubKey& a, const CPubKey& b)

    {

        return a.vch[0] > b.vch[0] ||

               (a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) > 0);

    }


    template <typename Stream>

    void Serialize(Stream& s) const

    {

        unsigned int len = size();

        ::WriteCompactSize(s, len);

        s << std::span{vch, len};

    }

    template <typename Stream>

    void Unserialize(Stream& s)

    {

        const unsigned int len(::ReadCompactSize(s));

        if (len <= SIZE) {

            s >> std::span{vch, len};

            if (len != size()) {

                Invalidate();

            }

        } else {

            // invalid pubkey, skip available data

            s.ignore(len);

            Invalidate();

        }

    }


    CKeyID GetID() const

    {

        return CKeyID(Hash160(std::span{vch}.first(size())));

    }


    uint256 GetHash() const

    {

        return Hash(std::span{vch}.first(size()));

    }


    /*

     * Check syntactic correctness.

     *

     * When setting a pubkey (Set()) or deserializing fails (its header bytes

     * don't match the length of the data), the size is set to 0. Thus,

     * by checking size, one can observe whether Set() or deserialization has

     * failed.

     *

     * This does not check for more than that. In particular, it does not verify

     * that the coordinates correspond to a point on the curve (see IsFullyValid()

     * for that instead).

     *

     * Note that this is consensus critical as CheckECDSASignature() calls it!

     */

    bool IsValid() const

    {

        return size() > 0;

    }


    bool IsValidNonHybrid() const noexcept

    {

        return size() > 0 && (vch[0] == 0x02 || vch[0] == 0x03 || vch[0] == 0x04);

    }


    bool IsFullyValid() const;


    bool IsCompressed() const

    {

        return size() == COMPRESSED_SIZE;

    }


    bool Verify(const uint256& hash, const std::vector<unsigned char>& vchSig) const;


    static bool CheckLowS(const std::vector<unsigned char>& vchSig);


    bool RecoverCompact(const uint256& hash, const std::vector<unsigned char>& vchSig);


    bool Decompress();


    [[nodiscard]] bool Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc, uint256* bip32_tweak_out = nullptr) const;

};


class XOnlyPubKey

{

private:

    uint256 m_keydata;


public:

    static const XOnlyPubKey NUMS_H;


    XOnlyPubKey() = default;


    XOnlyPubKey(const XOnlyPubKey&) = default;

    XOnlyPubKey& operator=(const XOnlyPubKey&) = default;


    bool IsFullyValid() const;


    bool IsNull() const { return m_keydata.IsNull(); }


    constexpr explicit XOnlyPubKey(std::span<const unsigned char> bytes) : m_keydata{bytes} {}


    explicit XOnlyPubKey(const CPubKey& pubkey) : XOnlyPubKey(std::span{pubkey}.subspan(1, 32)) {}


    bool VerifySchnorr(const uint256& msg, std::span<const unsigned char> sigbytes) const;


    uint256 ComputeTapTweakHash(const uint256* merkle_root) const;


    bool CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const;


    std::optional<std::pair<XOnlyPubKey, bool>> CreateTapTweak(const uint256* merkle_root) const;


    std::vector<CKeyID> GetKeyIDs() const;

    std::vector<CPubKey> GetCPubKeys() const;


    CPubKey GetEvenCorrespondingCPubKey() const;


    const unsigned char& operator[](int pos) const { return *(m_keydata.begin() + pos); }

    static constexpr size_t size() { return decltype(m_keydata)::size(); }

    const unsigned char* data() const { return m_keydata.begin(); }

    const unsigned char* begin() const { return m_keydata.begin(); }

    const unsigned char* end() const { return m_keydata.end(); }

    unsigned char* data() { return m_keydata.begin(); }

    unsigned char* begin() { return m_keydata.begin(); }

    unsigned char* end() { return m_keydata.end(); }

    bool operator==(const XOnlyPubKey& other) const { return m_keydata == other.m_keydata; }

    bool operator<(const XOnlyPubKey& other) const { return m_keydata < other.m_keydata; }


    SERIALIZE_METHODS(XOnlyPubKey, obj) { READWRITE(obj.m_keydata); }

};


struct EllSwiftPubKey

{

private:

    static constexpr size_t SIZE = 64;

    std::array<std::byte, SIZE> m_pubkey;


public:

    EllSwiftPubKey() noexcept = default;


    EllSwiftPubKey(std::span<const std::byte> ellswift) noexcept;


    CPubKey Decode() const;


    // Read-only access for serialization.

    const std::byte* data() const { return m_pubkey.data(); }

    static constexpr size_t size() { return SIZE; }

    auto begin() const { return m_pubkey.cbegin(); }

    auto end() const { return m_pubkey.cend(); }


    bool friend operator==(const EllSwiftPubKey& a, const EllSwiftPubKey& b)

    {

        return a.m_pubkey == b.m_pubkey;

    }

};


struct CExtPubKey {

    unsigned char version[4];

    unsigned char nDepth;

    unsigned char vchFingerprint[4];

    unsigned int nChild;

    ChainCode chaincode;

    CPubKey pubkey;


    friend bool operator==(const CExtPubKey &a, const CExtPubKey &b)

    {

        return a.nDepth == b.nDepth &&

            memcmp(a.vchFingerprint, b.vchFingerprint, sizeof(vchFingerprint)) == 0 &&

            a.nChild == b.nChild &&

            a.chaincode == b.chaincode &&

            a.pubkey == b.pubkey;

    }


    friend bool operator<(const CExtPubKey &a, const CExtPubKey &b)

    {

        if (a.pubkey < b.pubkey) {

            return true;

        } else if (a.pubkey > b.pubkey) {

            return false;

        }

        return a.chaincode < b.chaincode;

    }


    void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;

    void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);

    void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const;

    void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]);

    [[nodiscard]] bool Derive(CExtPubKey& out, unsigned int nChild, uint256* bip32_tweak_out = nullptr) const;

};


#endif // BITCOIN_PUBKEY_H

CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24

CKeyID::CKeyID
CKeyID()
Definition: pubkey.h:26

CKeyID::CKeyID
CKeyID(const uint160 &in)
Definition: pubkey.h:27

CPubKey
An encapsulated public key.
Definition: pubkey.h:34

CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:113

CPubKey::RecoverCompact
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:300

CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:200

CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160

CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40

CPubKey::CPubKey
CPubKey()
Construct an invalid public key.
Definition: pubkey.h:82

CPubKey::CheckLowS
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:424

CPubKey::CPubKey
CPubKey(std::span< const uint8_t > _vch)
Construct a public key from a byte vector.
Definition: pubkey.h:106

CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:185

CPubKey::operator>
friend bool operator>(const CPubKey &a, const CPubKey &b)
Definition: pubkey.h:129

CPubKey::Decompress
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:327

CPubKey::end
const unsigned char * end() const
Definition: pubkey.h:115

CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:283

CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39

CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:320

CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112

CPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:114

CPubKey::Derive
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc, uint256 *bip32_tweak_out=nullptr) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:341

CPubKey::ValidSize
static bool ValidSize(const std::vector< unsigned char > &vch)
Definition: pubkey.h:77

CPubKey::GetLen
unsigned static int GetLen(unsigned char chHeader)
Compute the length of a pubkey with a given first byte.
Definition: pubkey.h:60

CPubKey::operator==
friend bool operator==(const CPubKey &a, const CPubKey &b)
Comparator implementation.
Definition: pubkey.h:119

CPubKey::Serialize
void Serialize(Stream &s) const
Implement serialization, as if this was a byte vector.
Definition: pubkey.h:137

CPubKey::vch
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
Definition: pubkey.h:57

CPubKey::CPubKey
CPubKey(const T pbegin, const T pend)
Construct a public key using begin/end iterators to byte data.
Definition: pubkey.h:100

CPubKey::Invalidate
void Invalidate()
Set this key data to be invalid.
Definition: pubkey.h:70

CPubKey::Unserialize
void Unserialize(Stream &s)
Definition: pubkey.h:144

CPubKey::GetHash
uint256 GetHash() const
Get the 256-bit hash of this public key.
Definition: pubkey.h:166

CPubKey::operator[]
const unsigned char & operator[](unsigned int pos) const
Definition: pubkey.h:116

CPubKey::SIGNATURE_SIZE
static constexpr unsigned int SIGNATURE_SIZE
Definition: pubkey.h:41

CPubKey::IsValidNonHybrid
bool IsValidNonHybrid() const noexcept
Check if a public key is a syntactically valid compressed or uncompressed key.
Definition: pubkey.h:191

CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:42

CPubKey::Set
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89

CPubKey::operator<
friend bool operator<(const CPubKey &a, const CPubKey &b)
Definition: pubkey.h:124

XOnlyPubKey
Definition: pubkey.h:227

XOnlyPubKey::end
unsigned char * end()
Definition: pubkey.h:299

XOnlyPubKey::begin
unsigned char * begin()
Definition: pubkey.h:298

XOnlyPubKey::operator=
XOnlyPubKey & operator=(const XOnlyPubKey &)=default

XOnlyPubKey::end
const unsigned char * end() const
Definition: pubkey.h:296

XOnlyPubKey::GetCPubKeys
std::vector< CPubKey > GetCPubKeys() const
Returns this XOnlyPubKey with 0x02 and 0x03 prefixes.
Definition: pubkey.cpp:200

XOnlyPubKey::IsNull
bool IsNull() const
Test whether this is the 0 key (the result of default construction).
Definition: pubkey.h:250

XOnlyPubKey::data
unsigned char * data()
Definition: pubkey.h:297

XOnlyPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:295

XOnlyPubKey::CreateTapTweak
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:265

XOnlyPubKey::CheckTapTweak
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
Definition: pubkey.cpp:257

XOnlyPubKey::NUMS_H
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:235

XOnlyPubKey::size
static constexpr size_t size()
Definition: pubkey.h:293

XOnlyPubKey::XOnlyPubKey
constexpr XOnlyPubKey(std::span< const unsigned char > bytes)
Construct an x-only pubkey from exactly 32 bytes.
Definition: pubkey.h:253

XOnlyPubKey::data
const unsigned char * data() const
Definition: pubkey.h:294

XOnlyPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &msg, std::span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:236

XOnlyPubKey::SERIALIZE_METHODS
SERIALIZE_METHODS(XOnlyPubKey, obj)
Implement serialization without length prefixes since it is a fixed length.
Definition: pubkey.h:304

XOnlyPubKey::GetEvenCorrespondingCPubKey
CPubKey GetEvenCorrespondingCPubKey() const
Definition: pubkey.cpp:223

XOnlyPubKey::m_keydata
uint256 m_keydata
Definition: pubkey.h:229

XOnlyPubKey::XOnlyPubKey
XOnlyPubKey(const XOnlyPubKey &)=default

XOnlyPubKey::XOnlyPubKey
XOnlyPubKey(const CPubKey &pubkey)
Construct an x-only pubkey from a normal pubkey.
Definition: pubkey.h:256

XOnlyPubKey::operator<
bool operator<(const XOnlyPubKey &other) const
Definition: pubkey.h:301

XOnlyPubKey::IsFullyValid
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:230

XOnlyPubKey::GetKeyIDs
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
Definition: pubkey.cpp:214

XOnlyPubKey::ComputeTapTweakHash
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:246

XOnlyPubKey::operator[]
const unsigned char & operator[](int pos) const
Definition: pubkey.h:292

XOnlyPubKey::XOnlyPubKey
XOnlyPubKey()=default
Construct an empty x-only pubkey.

XOnlyPubKey::operator==
bool operator==(const XOnlyPubKey &other) const
Definition: pubkey.h:300

base_blob::IsNull
constexpr bool IsNull() const
Definition: uint256.h:48

base_blob::end
constexpr unsigned char * end()
Definition: uint256.h:101

base_blob::begin
constexpr unsigned char * begin()
Definition: uint256.h:100

uint160
160-bit opaque blob.
Definition: uint256.h:183

uint256
256-bit opaque blob.
Definition: uint256.h:195

Hash160
uint160 Hash160(const T1 &in1)
Compute the 160-bit hash an object.
Definition: hash.h:92

Hash
uint256 Hash(const T &in1)
Compute the 256-bit hash of an object.
Definition: hash.h:75

std
Definition: setup_common.h:265

test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72

tests_wycheproof_generate_ecdsa.msg
msg
Definition: tests_wycheproof_generate_ecdsa.py:52

tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24

BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20

BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19

ChainCode
uint256 ChainCode
Definition: pubkey.h:30

hash.h

serialize.h

WriteCompactSize
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
Definition: serialize.h:1089

ReadCompactSize
uint64_t ReadCompactSize(Stream &is, bool range_check=true)
Decode a CompactSize-encoded variable-length integer.
Definition: serialize.h:330

READWRITE
#define READWRITE(...)
Definition: serialize.h:145

span.h

ByteUnit::T
@ T

CExtPubKey
Definition: pubkey.h:336

CExtPubKey::operator==
friend bool operator==(const CExtPubKey &a, const CExtPubKey &b)
Definition: pubkey.h:344

CExtPubKey::version
unsigned char version[4]
Definition: pubkey.h:337

CExtPubKey::Encode
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
Definition: pubkey.cpp:385

CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:341

CExtPubKey::DecodeWithVersion
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:409

CExtPubKey::EncodeWithVersion
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
Definition: pubkey.cpp:403

CExtPubKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: pubkey.h:339

CExtPubKey::nDepth
unsigned char nDepth
Definition: pubkey.h:338

CExtPubKey::Decode
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
Definition: pubkey.cpp:394

CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:342

CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:340

CExtPubKey::operator<
friend bool operator<(const CExtPubKey &a, const CExtPubKey &b)
Definition: pubkey.h:353

CExtPubKey::Derive
bool Derive(CExtPubKey &out, unsigned int nChild, uint256 *bip32_tweak_out=nullptr) const
Definition: pubkey.cpp:415

EllSwiftPubKey
An ElligatorSwift-encoded public key.
Definition: pubkey.h:309

EllSwiftPubKey::begin
auto begin() const
Definition: pubkey.h:327

EllSwiftPubKey::operator==
bool friend operator==(const EllSwiftPubKey &a, const EllSwiftPubKey &b)
Definition: pubkey.h:330

EllSwiftPubKey::m_pubkey
std::array< std::byte, SIZE > m_pubkey
Definition: pubkey.h:312

EllSwiftPubKey::Decode
CPubKey Decode() const
Decode to normal compressed CPubKey (for debugging purposes).
Definition: pubkey.cpp:371

EllSwiftPubKey::SIZE
static constexpr size_t SIZE
Definition: pubkey.h:311

EllSwiftPubKey::size
static constexpr size_t size()
Definition: pubkey.h:326

EllSwiftPubKey::data
const std::byte * data() const
Definition: pubkey.h:325

EllSwiftPubKey::EllSwiftPubKey
EllSwiftPubKey() noexcept=default
Default constructor creates all-zero pubkey (which is valid).

EllSwiftPubKey::end
auto end() const
Definition: pubkey.h:328

uint256.h