src/key.h

   1 // Copyright (c) 2009-2010 Satoshi Nakamoto
   2 // Copyright (c) 2009-2015 The Bitcoin Core developers
   3 // Distributed under the MIT software license, see the accompanying
   4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5
   6 #ifndef BITCOIN_KEY_H
   7 #define BITCOIN_KEY_H
   8
   9 #include "pubkey.h"
  10 #include "serialize.h"
  11 #include "support/allocators/secure.h"
  12 #include "uint256.h"
  13
  14 #include <stdexcept>
  15 #include <vector>
  16
  17
  18 /**
  19  * secp256k1:
  20  * const unsigned int PRIVATE_KEY_SIZE = 279;
  21  * const unsigned int PUBLIC_KEY_SIZE  = 65;
  22  * const unsigned int SIGNATURE_SIZE   = 72;
  23  *
  24  * see www.keylength.com
  25  * script supports up to 75 for single byte push
  26  */
  27
  28 /**
  29  * secure_allocator is defined in allocators.h
  30  * CPrivKey is a serialized private key, with all parameters included (279 bytes)
  31  */
  32 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  33
  34 /** An encapsulated private key. */
  35 class CKey
  36 {
  37 private:
  38     //! Whether this private key is valid. We check for correctness when modifying the key
  39     //! data, so fValid should always correspond to the actual state.
  40     bool fValid;
  41
  42     //! Whether the public key corresponding to this private key is (to be) compressed.
  43     bool fCompressed;
  44
  45     //! The actual byte data
  46     std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
  47
  48     //! Check whether the 32-byte array pointed to be vch is valid keydata.
  49     bool static Check(const unsigned char* vch);
  50
  51 public:
  52     //! Construct an invalid private key.
  53     CKey() : fValid(false), fCompressed(false)
  54     {
  55         // Important: vch must be 32 bytes in length to not break serialization
  56         keydata.resize(32);
  57     }
  58
  59     //! Destructor (again necessary because of memlocking).
  60     ~CKey()
  61     {
  62     }
  63
  64     friend bool operator==(const CKey& a, const CKey& b)
  65     {
  66         return a.fCompressed == b.fCompressed &&
  67             a.size() == b.size() &&
  68             memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
  69     }
  70
  71     //! Initialize using begin and end iterators to byte data.
  72     template <typename T>
  73     void Set(const T pbegin, const T pend, bool fCompressedIn)
  74     {
  75         if (size_t(pend - pbegin) != keydata.size()) {
  76             fValid = false;
  77         } else if (Check(&pbegin[0])) {
  78             memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
  79             fValid = true;
  80             fCompressed = fCompressedIn;
  81         } else {
  82             fValid = false;
  83         }
  84     }
  85
  86     //! Simple read-only vector-like interface.
  87     unsigned int size() const { return (fValid ? keydata.size() : 0); }
  88     const unsigned char* begin() const { return keydata.data(); }
  89     const unsigned char* end() const { return keydata.data() + size(); }
  90
  91     //! Check whether this private key is valid.
  92     bool IsValid() const { return fValid; }
  93
  94     //! Check whether the public key corresponding to this private key is (to be) compressed.
  95     bool IsCompressed() const { return fCompressed; }
  96
  97     //! Initialize from a CPrivKey (serialized OpenSSL private key data).
  98     bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);
  99
 100     //! Generate a new private key using a cryptographic PRNG.
 101     void MakeNewKey(bool fCompressed);
 102
 103     /**
 104      * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
 105      * This is expensive.
 106      */
 107     CPrivKey GetPrivKey() const;
 108
 109     /**
 110      * Compute the public key from a private key.
 111      * This is expensive.
 112      */
 113     CPubKey GetPubKey() const;
 114
 115     /**
 116      * Create a DER-serialized signature.
 117      * The test_case parameter tweaks the deterministic nonce.
 118      */
 119     bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
 120
 121     /**
 122      * Create a compact signature (65 bytes), which allows reconstructing the used public key.
 123      * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
 124      * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
 125      *                  0x1D = second key with even y, 0x1E = second key with odd y,
 126      *                  add 0x04 for compressed keys.
 127      */
 128     bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
 129
 130     //! Derive BIP32 child key.
 131     bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
 132
 133     /**
 134      * Verify thoroughly whether a private key and a public key match.
 135      * This is done using a different mechanism than just regenerating it.
 136      */
 137     bool VerifyPubKey(const CPubKey& vchPubKey) const;
 138
 139     //! Load private key and check that public key matches.
 140     bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
 141 };
 142
 143 struct CExtKey {
 144     unsigned char nDepth;
 145     unsigned char vchFingerprint[4];
 146     unsigned int nChild;
 147     ChainCode chaincode;
 148     CKey key;
 149
 150     friend bool operator==(const CExtKey& a, const CExtKey& b)
 151     {
 152         return a.nDepth == b.nDepth &&
 153             memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 &&
 154             a.nChild == b.nChild &&
 155             a.chaincode == b.chaincode &&
 156             a.key == b.key;
 157     }
 158
 159     void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
 160     void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
 161     bool Derive(CExtKey& out, unsigned int nChild) const;
 162     CExtPubKey Neuter() const;
 163     void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
 164     template <typename Stream>
 165     void Serialize(Stream& s) const
 166     {
 167         unsigned int len = BIP32_EXTKEY_SIZE;
 168         ::WriteCompactSize(s, len);
 169         unsigned char code[BIP32_EXTKEY_SIZE];
 170         Encode(code);
 171         s.write((const char *)&code[0], len);
 172     }
 173     template <typename Stream>
 174     void Unserialize(Stream& s)
 175     {
 176         unsigned int len = ::ReadCompactSize(s);
 177         unsigned char code[BIP32_EXTKEY_SIZE];
 178         s.read((char *)&code[0], len);
 179         Decode(code);
 180     }
 181 };
 182
 183 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
 184 void ECC_Start(void);
 185
 186 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
 187 void ECC_Stop(void);
 188
 189 /** Check that required EC support is available at runtime. */
 190 bool ECC_InitSanityCheck(void);
 191
 192 #endif // BITCOIN_KEY_H