1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2017 The Bitcoin Core developers
3 // Copyright (c) 2017 The Zcash developers
4 // Distributed under the MIT software license, see the accompanying
5 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
11 #include <serialize.h>
12 #include <support/allocators/secure.h>
20 * secure_allocator is defined in allocators.h
21 * CPrivKey is a serialized private key, with all parameters included
22 * (PRIVATE_KEY_SIZE bytes)
24 typedef std::vector
<unsigned char, secure_allocator
<unsigned char> > CPrivKey
;
26 /** An encapsulated private key. */
33 static const unsigned int PRIVATE_KEY_SIZE
= 279;
34 static const unsigned int COMPRESSED_PRIVATE_KEY_SIZE
= 214;
36 * see www.keylength.com
37 * script supports up to 75 for single byte push
40 PRIVATE_KEY_SIZE
>= COMPRESSED_PRIVATE_KEY_SIZE
,
41 "COMPRESSED_PRIVATE_KEY_SIZE is larger than PRIVATE_KEY_SIZE");
44 //! Whether this private key is valid. We check for correctness when modifying the key
45 //! data, so fValid should always correspond to the actual state.
48 //! Whether the public key corresponding to this private key is (to be) compressed.
51 //! The actual byte data
52 std::vector
<unsigned char, secure_allocator
<unsigned char> > keydata
;
54 //! Check whether the 32-byte array pointed to by vch is valid keydata.
55 bool static Check(const unsigned char* vch
);
58 //! Construct an invalid private key.
59 CKey() : fValid(false), fCompressed(false)
61 // Important: vch must be 32 bytes in length to not break serialization
65 friend bool operator==(const CKey
& a
, const CKey
& b
)
67 return a
.fCompressed
== b
.fCompressed
&&
68 a
.size() == b
.size() &&
69 memcmp(a
.keydata
.data(), b
.keydata
.data(), a
.size()) == 0;
72 //! Initialize using begin and end iterators to byte data.
74 void Set(const T pbegin
, const T pend
, bool fCompressedIn
)
76 if (size_t(pend
- pbegin
) != keydata
.size()) {
78 } else if (Check(&pbegin
[0])) {
79 memcpy(keydata
.data(), (unsigned char*)&pbegin
[0], keydata
.size());
81 fCompressed
= fCompressedIn
;
87 //! Simple read-only vector-like interface.
88 unsigned int size() const { return (fValid
? keydata
.size() : 0); }
89 const unsigned char* begin() const { return keydata
.data(); }
90 const unsigned char* end() const { return keydata
.data() + size(); }
92 //! Check whether this private key is valid.
93 bool IsValid() const { return fValid
; }
95 //! Check whether the public key corresponding to this private key is (to be) compressed.
96 bool IsCompressed() const { return fCompressed
; }
98 //! Generate a new private key using a cryptographic PRNG.
99 void MakeNewKey(bool fCompressed
);
102 * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
105 CPrivKey
GetPrivKey() const;
108 * Compute the public key from a private key.
111 CPubKey
GetPubKey() const;
114 * Create a DER-serialized signature.
115 * The test_case parameter tweaks the deterministic nonce.
117 bool Sign(const uint256
& hash
, std::vector
<unsigned char>& vchSig
, uint32_t test_case
= 0) const;
120 * Create a compact signature (65 bytes), which allows reconstructing the used public key.
121 * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
122 * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
123 * 0x1D = second key with even y, 0x1E = second key with odd y,
124 * add 0x04 for compressed keys.
126 bool SignCompact(const uint256
& hash
, std::vector
<unsigned char>& vchSig
) const;
128 //! Derive BIP32 child key.
129 bool Derive(CKey
& keyChild
, ChainCode
&ccChild
, unsigned int nChild
, const ChainCode
& cc
) const;
132 * Verify thoroughly whether a private key and a public key match.
133 * This is done using a different mechanism than just regenerating it.
135 bool VerifyPubKey(const CPubKey
& vchPubKey
) const;
137 //! Load private key and check that public key matches.
138 bool Load(CPrivKey
& privkey
, CPubKey
& vchPubKey
, bool fSkipCheck
);
142 unsigned char nDepth
;
143 unsigned char vchFingerprint
[4];
148 friend bool operator==(const CExtKey
& a
, const CExtKey
& b
)
150 return a
.nDepth
== b
.nDepth
&&
151 memcmp(&a
.vchFingerprint
[0], &b
.vchFingerprint
[0], sizeof(vchFingerprint
)) == 0 &&
152 a
.nChild
== b
.nChild
&&
153 a
.chaincode
== b
.chaincode
&&
157 void Encode(unsigned char code
[BIP32_EXTKEY_SIZE
]) const;
158 void Decode(const unsigned char code
[BIP32_EXTKEY_SIZE
]);
159 bool Derive(CExtKey
& out
, unsigned int nChild
) const;
160 CExtPubKey
Neuter() const;
161 void SetMaster(const unsigned char* seed
, unsigned int nSeedLen
);
162 template <typename Stream
>
163 void Serialize(Stream
& s
) const
165 unsigned int len
= BIP32_EXTKEY_SIZE
;
166 ::WriteCompactSize(s
, len
);
167 unsigned char code
[BIP32_EXTKEY_SIZE
];
169 s
.write((const char *)&code
[0], len
);
171 template <typename Stream
>
172 void Unserialize(Stream
& s
)
174 unsigned int len
= ::ReadCompactSize(s
);
175 unsigned char code
[BIP32_EXTKEY_SIZE
];
176 if (len
!= BIP32_EXTKEY_SIZE
)
177 throw std::runtime_error("Invalid extended key size\n");
178 s
.read((char *)&code
[0], len
);
183 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
184 void ECC_Start(void);
186 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
189 /** Check that required EC support is available at runtime. */
190 bool ECC_InitSanityCheck(void);
192 #endif // BITCOIN_KEY_H