src/key.h

   1 // Copyright (c) 2009-2010 Satoshi Nakamoto
   2 // Copyright (c) 2009-2017 The Bitcoin Core developers
   3 // Copyright (c) 2017 The Zcash developers
   4 // Distributed under the MIT software license, see the accompanying
   5 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   6
   7 #ifndef BITCOIN_KEY_H
   8 #define BITCOIN_KEY_H
   9
  10 #include <pubkey.h>
  11 #include <serialize.h>
  12 #include <support/allocators/secure.h>
  13 #include <uint256.h>
  14
  15 #include <stdexcept>
  16 #include <vector>
  17
  18
  19 /**
  20  * secure_allocator is defined in allocators.h
  21  * CPrivKey is a serialized private key, with all parameters included
  22  * (PRIVATE_KEY_SIZE bytes)
  23  */
  24 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  25
  26 /** An encapsulated private key. */
  27 class CKey
  28 {
  29 public:
  30     /**
  31      * secp256k1:
  32      */
  33     static const unsigned int PRIVATE_KEY_SIZE            = 279;
  34     static const unsigned int COMPRESSED_PRIVATE_KEY_SIZE = 214;
  35     /**
  36      * see www.keylength.com
  37      * script supports up to 75 for single byte push
  38      */
  39     static_assert(
  40         PRIVATE_KEY_SIZE >= COMPRESSED_PRIVATE_KEY_SIZE,
  41         "COMPRESSED_PRIVATE_KEY_SIZE is larger than PRIVATE_KEY_SIZE");
  42
  43 private:
  44     //! Whether this private key is valid. We check for correctness when modifying the key
  45     //! data, so fValid should always correspond to the actual state.
  46     bool fValid;
  47
  48     //! Whether the public key corresponding to this private key is (to be) compressed.
  49     bool fCompressed;
  50
  51     //! The actual byte data
  52     std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
  53
  54     //! Check whether the 32-byte array pointed to by vch is valid keydata.
  55     bool static Check(const unsigned char* vch);
  56
  57 public:
  58     //! Construct an invalid private key.
  59     CKey() : fValid(false), fCompressed(false)
  60     {
  61         // Important: vch must be 32 bytes in length to not break serialization
  62         keydata.resize(32);
  63     }
  64
  65     friend bool operator==(const CKey& a, const CKey& b)
  66     {
  67         return a.fCompressed == b.fCompressed &&
  68             a.size() == b.size() &&
  69             memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
  70     }
  71
  72     //! Initialize using begin and end iterators to byte data.
  73     template <typename T>
  74     void Set(const T pbegin, const T pend, bool fCompressedIn)
  75     {
  76         if (size_t(pend - pbegin) != keydata.size()) {
  77             fValid = false;
  78         } else if (Check(&pbegin[0])) {
  79             memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
  80             fValid = true;
  81             fCompressed = fCompressedIn;
  82         } else {
  83             fValid = false;
  84         }
  85     }
  86
  87     //! Simple read-only vector-like interface.
  88     unsigned int size() const { return (fValid ? keydata.size() : 0); }
  89     const unsigned char* begin() const { return keydata.data(); }
  90     const unsigned char* end() const { return keydata.data() + size(); }
  91
  92     //! Check whether this private key is valid.
  93     bool IsValid() const { return fValid; }
  94
  95     //! Check whether the public key corresponding to this private key is (to be) compressed.
  96     bool IsCompressed() const { return fCompressed; }
  97
  98     //! Generate a new private key using a cryptographic PRNG.
  99     void MakeNewKey(bool fCompressed);
 100
 101     /**
 102      * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
 103      * This is expensive.
 104      */
 105     CPrivKey GetPrivKey() const;
 106
 107     /**
 108      * Compute the public key from a private key.
 109      * This is expensive.
 110      */
 111     CPubKey GetPubKey() const;
 112
 113     /**
 114      * Create a DER-serialized signature.
 115      * The test_case parameter tweaks the deterministic nonce.
 116      */
 117     bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
 118
 119     /**
 120      * Create a compact signature (65 bytes), which allows reconstructing the used public key.
 121      * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
 122      * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
 123      *                  0x1D = second key with even y, 0x1E = second key with odd y,
 124      *                  add 0x04 for compressed keys.
 125      */
 126     bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
 127
 128     //! Derive BIP32 child key.
 129     bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
 130
 131     /**
 132      * Verify thoroughly whether a private key and a public key match.
 133      * This is done using a different mechanism than just regenerating it.
 134      */
 135     bool VerifyPubKey(const CPubKey& vchPubKey) const;
 136
 137     //! Load private key and check that public key matches.
 138     bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
 139 };
 140
 141 struct CExtKey {
 142     unsigned char nDepth;
 143     unsigned char vchFingerprint[4];
 144     unsigned int nChild;
 145     ChainCode chaincode;
 146     CKey key;
 147
 148     friend bool operator==(const CExtKey& a, const CExtKey& b)
 149     {
 150         return a.nDepth == b.nDepth &&
 151             memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 &&
 152             a.nChild == b.nChild &&
 153             a.chaincode == b.chaincode &&
 154             a.key == b.key;
 155     }
 156
 157     void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
 158     void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
 159     bool Derive(CExtKey& out, unsigned int nChild) const;
 160     CExtPubKey Neuter() const;
 161     void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
 162     template <typename Stream>
 163     void Serialize(Stream& s) const
 164     {
 165         unsigned int len = BIP32_EXTKEY_SIZE;
 166         ::WriteCompactSize(s, len);
 167         unsigned char code[BIP32_EXTKEY_SIZE];
 168         Encode(code);
 169         s.write((const char *)&code[0], len);
 170     }
 171     template <typename Stream>
 172     void Unserialize(Stream& s)
 173     {
 174         unsigned int len = ::ReadCompactSize(s);
 175         unsigned char code[BIP32_EXTKEY_SIZE];
 176         if (len != BIP32_EXTKEY_SIZE)
 177             throw std::runtime_error("Invalid extended key size\n");
 178         s.read((char *)&code[0], len);
 179         Decode(code);
 180     }
 181 };
 182
 183 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
 184 void ECC_Start(void);
 185
 186 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
 187 void ECC_Stop(void);
 188
 189 /** Check that required EC support is available at runtime. */
 190 bool ECC_InitSanityCheck(void);
 191
 192 #endif // BITCOIN_KEY_H