1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2016 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
10 #include "serialize.h"
11 #include "support/allocators/secure.h"
20 * const unsigned int PRIVATE_KEY_SIZE = 279;
21 * const unsigned int PUBLIC_KEY_SIZE = 65;
22 * const unsigned int SIGNATURE_SIZE = 72;
24 * see www.keylength.com
25 * script supports up to 75 for single byte push
29 * secure_allocator is defined in allocators.h
30 * CPrivKey is a serialized private key, with all parameters included (279 bytes)
32 typedef std::vector
<unsigned char, secure_allocator
<unsigned char> > CPrivKey
;
34 /** An encapsulated private key. */
38 //! Whether this private key is valid. We check for correctness when modifying the key
39 //! data, so fValid should always correspond to the actual state.
42 //! Whether the public key corresponding to this private key is (to be) compressed.
45 //! The actual byte data
46 std::vector
<unsigned char, secure_allocator
<unsigned char> > keydata
;
48 //! Check whether the 32-byte array pointed to by vch is valid keydata.
49 bool static Check(const unsigned char* vch
);
52 //! Construct an invalid private key.
53 CKey() : fValid(false), fCompressed(false)
55 // Important: vch must be 32 bytes in length to not break serialization
59 friend bool operator==(const CKey
& a
, const CKey
& b
)
61 return a
.fCompressed
== b
.fCompressed
&&
62 a
.size() == b
.size() &&
63 memcmp(a
.keydata
.data(), b
.keydata
.data(), a
.size()) == 0;
66 //! Initialize using begin and end iterators to byte data.
68 void Set(const T pbegin
, const T pend
, bool fCompressedIn
)
70 if (size_t(pend
- pbegin
) != keydata
.size()) {
72 } else if (Check(&pbegin
[0])) {
73 memcpy(keydata
.data(), (unsigned char*)&pbegin
[0], keydata
.size());
75 fCompressed
= fCompressedIn
;
81 //! Simple read-only vector-like interface.
82 unsigned int size() const { return (fValid
? keydata
.size() : 0); }
83 const unsigned char* begin() const { return keydata
.data(); }
84 const unsigned char* end() const { return keydata
.data() + size(); }
86 //! Check whether this private key is valid.
87 bool IsValid() const { return fValid
; }
89 //! Check whether the public key corresponding to this private key is (to be) compressed.
90 bool IsCompressed() const { return fCompressed
; }
92 //! Generate a new private key using a cryptographic PRNG.
93 void MakeNewKey(bool fCompressed
);
96 * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
99 CPrivKey
GetPrivKey() const;
102 * Compute the public key from a private key.
105 CPubKey
GetPubKey() const;
108 * Create a DER-serialized signature.
109 * The test_case parameter tweaks the deterministic nonce.
111 bool Sign(const uint256
& hash
, std::vector
<unsigned char>& vchSig
, uint32_t test_case
= 0) const;
114 * Create a compact signature (65 bytes), which allows reconstructing the used public key.
115 * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
116 * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
117 * 0x1D = second key with even y, 0x1E = second key with odd y,
118 * add 0x04 for compressed keys.
120 bool SignCompact(const uint256
& hash
, std::vector
<unsigned char>& vchSig
) const;
122 //! Derive BIP32 child key.
123 bool Derive(CKey
& keyChild
, ChainCode
&ccChild
, unsigned int nChild
, const ChainCode
& cc
) const;
126 * Verify thoroughly whether a private key and a public key match.
127 * This is done using a different mechanism than just regenerating it.
129 bool VerifyPubKey(const CPubKey
& vchPubKey
) const;
131 //! Load private key and check that public key matches.
132 bool Load(CPrivKey
& privkey
, CPubKey
& vchPubKey
, bool fSkipCheck
);
136 unsigned char nDepth
;
137 unsigned char vchFingerprint
[4];
142 friend bool operator==(const CExtKey
& a
, const CExtKey
& b
)
144 return a
.nDepth
== b
.nDepth
&&
145 memcmp(&a
.vchFingerprint
[0], &b
.vchFingerprint
[0], sizeof(vchFingerprint
)) == 0 &&
146 a
.nChild
== b
.nChild
&&
147 a
.chaincode
== b
.chaincode
&&
151 void Encode(unsigned char code
[BIP32_EXTKEY_SIZE
]) const;
152 void Decode(const unsigned char code
[BIP32_EXTKEY_SIZE
]);
153 bool Derive(CExtKey
& out
, unsigned int nChild
) const;
154 CExtPubKey
Neuter() const;
155 void SetMaster(const unsigned char* seed
, unsigned int nSeedLen
);
156 template <typename Stream
>
157 void Serialize(Stream
& s
) const
159 unsigned int len
= BIP32_EXTKEY_SIZE
;
160 ::WriteCompactSize(s
, len
);
161 unsigned char code
[BIP32_EXTKEY_SIZE
];
163 s
.write((const char *)&code
[0], len
);
165 template <typename Stream
>
166 void Unserialize(Stream
& s
)
168 unsigned int len
= ::ReadCompactSize(s
);
169 unsigned char code
[BIP32_EXTKEY_SIZE
];
170 if (len
!= BIP32_EXTKEY_SIZE
)
171 throw std::runtime_error("Invalid extended key size\n");
172 s
.read((char *)&code
[0], len
);
177 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
178 void ECC_Start(void);
180 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
183 /** Check that required EC support is available at runtime. */
184 bool ECC_InitSanityCheck(void);
186 #endif // BITCOIN_KEY_H