src/key.h

   1 // Copyright (c) 2009-2010 Satoshi Nakamoto
   2 // Copyright (c) 2009-2016 The Bitcoin Core developers
   3 // Distributed under the MIT software license, see the accompanying
   4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5
   6 #ifndef BITCOIN_KEY_H
   7 #define BITCOIN_KEY_H
   8
   9 #include <pubkey.h>
  10 #include <serialize.h>
  11 #include <support/allocators/secure.h>
  12 #include <uint256.h>
  13
  14 #include <stdexcept>
  15 #include <vector>
  16
  17
  18 /**
  19  * secp256k1:
  20  * const unsigned int PRIVATE_KEY_SIZE = 279;
  21  * const unsigned int PUBLIC_KEY_SIZE  = 65;
  22  * const unsigned int SIGNATURE_SIZE   = 72;
  23  *
  24  * see www.keylength.com
  25  * script supports up to 75 for single byte push
  26  */
  27
  28 /**
  29  * secure_allocator is defined in allocators.h
  30  * CPrivKey is a serialized private key, with all parameters included (279 bytes)
  31  */
  32 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
  33
  34 /** An encapsulated private key. */
  35 class CKey
  36 {
  37 private:
  38     //! Whether this private key is valid. We check for correctness when modifying the key
  39     //! data, so fValid should always correspond to the actual state.
  40     bool fValid;
  41
  42     //! Whether the public key corresponding to this private key is (to be) compressed.
  43     bool fCompressed;
  44
  45     //! The actual byte data
  46     std::vector<unsigned char, secure_allocator<unsigned char> > keydata;
  47
  48     //! Check whether the 32-byte array pointed to by vch is valid keydata.
  49     bool static Check(const unsigned char* vch);
  50
  51 public:
  52     //! Construct an invalid private key.
  53     CKey() : fValid(false), fCompressed(false)
  54     {
  55         // Important: vch must be 32 bytes in length to not break serialization
  56         keydata.resize(32);
  57     }
  58
  59     friend bool operator==(const CKey& a, const CKey& b)
  60     {
  61         return a.fCompressed == b.fCompressed &&
  62             a.size() == b.size() &&
  63             memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
  64     }
  65
  66     //! Initialize using begin and end iterators to byte data.
  67     template <typename T>
  68     void Set(const T pbegin, const T pend, bool fCompressedIn)
  69     {
  70         if (size_t(pend - pbegin) != keydata.size()) {
  71             fValid = false;
  72         } else if (Check(&pbegin[0])) {
  73             memcpy(keydata.data(), (unsigned char*)&pbegin[0], keydata.size());
  74             fValid = true;
  75             fCompressed = fCompressedIn;
  76         } else {
  77             fValid = false;
  78         }
  79     }
  80
  81     //! Simple read-only vector-like interface.
  82     unsigned int size() const { return (fValid ? keydata.size() : 0); }
  83     const unsigned char* begin() const { return keydata.data(); }
  84     const unsigned char* end() const { return keydata.data() + size(); }
  85
  86     //! Check whether this private key is valid.
  87     bool IsValid() const { return fValid; }
  88
  89     //! Check whether the public key corresponding to this private key is (to be) compressed.
  90     bool IsCompressed() const { return fCompressed; }
  91
  92     //! Generate a new private key using a cryptographic PRNG.
  93     void MakeNewKey(bool fCompressed);
  94
  95     /**
  96      * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
  97      * This is expensive.
  98      */
  99     CPrivKey GetPrivKey() const;
 100
 101     /**
 102      * Compute the public key from a private key.
 103      * This is expensive.
 104      */
 105     CPubKey GetPubKey() const;
 106
 107     /**
 108      * Create a DER-serialized signature.
 109      * The test_case parameter tweaks the deterministic nonce.
 110      */
 111     bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
 112
 113     /**
 114      * Create a compact signature (65 bytes), which allows reconstructing the used public key.
 115      * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
 116      * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
 117      *                  0x1D = second key with even y, 0x1E = second key with odd y,
 118      *                  add 0x04 for compressed keys.
 119      */
 120     bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;
 121
 122     //! Derive BIP32 child key.
 123     bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
 124
 125     /**
 126      * Verify thoroughly whether a private key and a public key match.
 127      * This is done using a different mechanism than just regenerating it.
 128      */
 129     bool VerifyPubKey(const CPubKey& vchPubKey) const;
 130
 131     //! Load private key and check that public key matches.
 132     bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);
 133 };
 134
 135 struct CExtKey {
 136     unsigned char nDepth;
 137     unsigned char vchFingerprint[4];
 138     unsigned int nChild;
 139     ChainCode chaincode;
 140     CKey key;
 141
 142     friend bool operator==(const CExtKey& a, const CExtKey& b)
 143     {
 144         return a.nDepth == b.nDepth &&
 145             memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 &&
 146             a.nChild == b.nChild &&
 147             a.chaincode == b.chaincode &&
 148             a.key == b.key;
 149     }
 150
 151     void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const;
 152     void Decode(const unsigned char code[BIP32_EXTKEY_SIZE]);
 153     bool Derive(CExtKey& out, unsigned int nChild) const;
 154     CExtPubKey Neuter() const;
 155     void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
 156     template <typename Stream>
 157     void Serialize(Stream& s) const
 158     {
 159         unsigned int len = BIP32_EXTKEY_SIZE;
 160         ::WriteCompactSize(s, len);
 161         unsigned char code[BIP32_EXTKEY_SIZE];
 162         Encode(code);
 163         s.write((const char *)&code[0], len);
 164     }
 165     template <typename Stream>
 166     void Unserialize(Stream& s)
 167     {
 168         unsigned int len = ::ReadCompactSize(s);
 169         unsigned char code[BIP32_EXTKEY_SIZE];
 170         if (len != BIP32_EXTKEY_SIZE)
 171             throw std::runtime_error("Invalid extended key size\n");
 172         s.read((char *)&code[0], len);
 173         Decode(code);
 174     }
 175 };
 176
 177 /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
 178 void ECC_Start(void);
 179
 180 /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
 181 void ECC_Stop(void);
 182
 183 /** Check that required EC support is available at runtime. */
 184 bool ECC_InitSanityCheck(void);
 185
 186 #endif // BITCOIN_KEY_H