src/key.h

   1 // Copyright (c) 2009-2010 Satoshi Nakamoto
   2 // Copyright (c) 2009-2016 The Bitcoin Core developers
   3 // Distributed under the MIT software license, see the accompanying
   4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5
   6 #ifndef BITCOIN_KEY_H
   7 #define BITCOIN_KEY_H
   8
   9 #include "pubkey.h"
  10 #include "serialize.h"
  11 #include "support/allocators/secure.h"
  12 #include "uint256.h"
  13
  14 #include <stdexcept>
  15 #include <vector>
  16
  17
  18 /**
  19  * secp256k1:
  20  * const unsigned int PRIVATE_KEY_SIZE = 279;
  21  * const unsigned int PUBLIC_KEY_SIZE  = 65;
  22  * const unsigned int SIGNATURE_SIZE   = 72;
  23  *
  24  * see www.keylength.com
  25  * script supports up to 75 for single byte push
  26  */
  27
  28 /**
  29  * secure_allocator is defined in allocators.h
  30  * CPrivKey is a serialized private key, with all parameters included (279 bytes)
  31  */
  32 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  33
  34 /** An encapsulated private key. */
  35 class CKey
  36 {
  37 private:
  38     //! Whether this private key is valid. We check for correctness when modifying the key
  39     //! data, so fValid should always correspond to the actual state.
  40     bool fValid;
  41
  42     //! Whether the public key corresponding to this private key is (to be) compressed.
  43     bool fCompressed;
  44
  45     //! The actual byte data
  46     std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
  47
  48     //! Check whether the 32-byte array pointed to by vch is valid keydata.
  49     bool static Check(const unsigned char* vch);
  50
  51 public:
  52     //! Construct an invalid private key.
  53     CKey() : fValid(false), fCompressed(false)
  54     {
  55         // Important: vch must be 32 bytes in length to not break serialization
  56         keydata.resize(32);
  57     }
  58
  59     //! Destructor (again necessary because of memlocking).
  60     ~CKey()
  61     {
  62     }
  63
  64     friend bool operator==(const CKey& a, const CKey& b)
  65     {
  66         return a.fCompressed == b.fCompressed &&
  67             a.size() == b.size() &&
  68             memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
  69     }
  70
  71     //! Initialize using begin and end iterators to byte data.
  72     template <typename T>
  73     void Set(const T pbegin, const T pend, bool fCompressedIn)
  74     {
  75         if (size_t(pend - pbegin) != keydata.size()) {
  76             fValid = false;
  77         } else if (Check(&pbegin[0])) {
  78             memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
  79             fValid = true;
  80             fCompressed = fCompressedIn;
  81         } else {
  82             fValid = false;
  83         }
  84     }
  85
  86     //! Simple read-only vector-like interface.
  87     unsigned int size() const { return (fValid ? keydata.size() : 0); }
  88     const unsigned char* begin() const { return keydata.data(); }
  89     const unsigned char* end() const { return keydata.data() + size(); }
  90
  91     //! Check whether this private key is valid.
  92     bool IsValid() const { return fValid; }
  93
  94     //! Check whether the public key corresponding to this private key is (to be) compressed.
  95     bool IsCompressed() const { return fCompressed; }
  96
  97     //! Generate a new private key using a cryptographic PRNG.
  98     void MakeNewKey(bool fCompressed);
  99
 100     /**
 101      * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
 102      * This is expensive.
 103      */
 104     CPrivKey GetPrivKey() const;
 105
 106     /**
 107      * Compute the public key from a private key.
 108      * This is expensive.
 109      */
 110     CPubKey GetPubKey() const;
 111
 112     /**
 113      * Create a DER-serialized signature.
 114      * The test_case parameter tweaks the deterministic nonce.
 115      */
 116     bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
 117
 118     /**
 119      * Create a compact signature (65 bytes), which allows reconstructing the used public key.
 120      * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
 121      * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
 122      *                  0x1D = second key with even y, 0x1E = second key with odd y,
 123      *                  add 0x04 for compressed keys.
 124      */
 125     bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
 126
 127     //! Derive BIP32 child key.
 128     bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
 129
 130     /**
 131      * Verify thoroughly whether a private key and a public key match.
 132      * This is done using a different mechanism than just regenerating it.
 133      */
 134     bool VerifyPubKey(const CPubKey& vchPubKey) const;
 135
 136     //! Load private key and check that public key matches.
 137     bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
 138 };
 139
 140 struct CExtKey {
 141     unsigned char nDepth;
 142     unsigned char vchFingerprint[4];
 143     unsigned int nChild;
 144     ChainCode chaincode;
 145     CKey key;
 146
 147     friend bool operator==(const CExtKey& a, const CExtKey& b)
 148     {
 149         return a.nDepth == b.nDepth &&
 150             memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 &&
 151             a.nChild == b.nChild &&
 152             a.chaincode == b.chaincode &&
 153             a.key == b.key;
 154     }
 155
 156     void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
 157     void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
 158     bool Derive(CExtKey& out, unsigned int nChild) const;
 159     CExtPubKey Neuter() const;
 160     void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
 161     template <typename Stream>
 162     void Serialize(Stream& s) const
 163     {
 164         unsigned int len = BIP32_EXTKEY_SIZE;
 165         ::WriteCompactSize(s, len);
 166         unsigned char code[BIP32_EXTKEY_SIZE];
 167         Encode(code);
 168         s.write((const char *)&code[0], len);
 169     }
 170     template <typename Stream>
 171     void Unserialize(Stream& s)
 172     {
 173         unsigned int len = ::ReadCompactSize(s);
 174         unsigned char code[BIP32_EXTKEY_SIZE];
 175         if (len != BIP32_EXTKEY_SIZE)
 176             throw std::runtime_error("Invalid extended key size\n");
 177         s.read((char *)&code[0], len);
 178         Decode(code);
 179     }
 180 };
 181
 182 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
 183 void ECC_Start(void);
 184
 185 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
 186 void ECC_Stop(void);
 187
 188 /** Check that required EC support is available at runtime. */
 189 bool ECC_InitSanityCheck(void);
 190
 191 #endif // BITCOIN_KEY_H