lbrycrd/src/key.h

// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2014 The Bitcoin developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#ifndef BITCOIN_KEY_H
#define BITCOIN_KEY_H

#include "allocators.h"
#include "serialize.h"
#include "uint256.h"

#include <stdexcept>
#include <vector>

struct CExtPubKey;
class CPubKey;

/** 
 * secp256k1:
 * const unsigned int PRIVATE_KEY_SIZE = 279;
 * const unsigned int PUBLIC_KEY_SIZE  = 65;
 * const unsigned int SIGNATURE_SIZE   = 72;
 *
 * see www.keylength.com
 * script supports up to 75 for single byte push
 */

/**
 * secure_allocator is defined in allocators.h
 * CPrivKey is a serialized private key, with all parameters included (279 bytes)
 */
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;

/** An encapsulated private key. */
class CKey
{
private:
    //! Whether this private key is valid. We check for correctness when modifying the key
    //! data, so fValid should always correspond to the actual state.
    bool fValid;

    //! Whether the public key corresponding to this private key is (to be) compressed.
    bool fCompressed;

    //! The actual byte data
    unsigned char vch[32];

    //! Check whether the 32-byte array pointed to be vch is valid keydata.
    bool static Check(const unsigned char* vch);

public:
    //! Construct an invalid private key.
    CKey() : fValid(false), fCompressed(false)
    {
        LockObject(vch);
    }

    //! Copy constructor. This is necessary because of memlocking.
    CKey(const CKey& secret) : fValid(secret.fValid), fCompressed(secret.fCompressed)
    {
        LockObject(vch);
        memcpy(vch, secret.vch, sizeof(vch));
    }

    //! Destructor (again necessary because of memlocking).
    ~CKey()
    {
        UnlockObject(vch);
    }

    friend bool operator==(const CKey& a, const CKey& b)
    {
        return a.fCompressed == b.fCompressed && a.size() == b.size() &&
               memcmp(&a.vch[0], &b.vch[0], a.size()) == 0;
    }

    //! Initialize using begin and end iterators to byte data.
    template <typename T>
    void Set(const T pbegin, const T pend, bool fCompressedIn)
    {
        if (pend - pbegin != 32) {
            fValid = false;
            return;
        }
        if (Check(&pbegin[0])) {
            memcpy(vch, (unsigned char*)&pbegin[0], 32);
            fValid = true;
            fCompressed = fCompressedIn;
        } else {
            fValid = false;
        }
    }

    //! Simple read-only vector-like interface.
    unsigned int size() const { return (fValid ? 32 : 0); }
    const unsigned char* begin() const { return vch; }
    const unsigned char* end() const { return vch + size(); }

    //! Check whether this private key is valid.
    bool IsValid() const { return fValid; }

    //! Check whether the public key corresponding to this private key is (to be) compressed.
    bool IsCompressed() const { return fCompressed; }

    //! Initialize from a CPrivKey (serialized OpenSSL private key data).
    bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);

    //! Generate a new private key using a cryptographic PRNG.
    void MakeNewKey(bool fCompressed);

    /**
     * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
     * This is expensive. 
     */
    CPrivKey GetPrivKey() const;

    /**
     * Compute the public key from a private key.
     * This is expensive.
     */
    CPubKey GetPubKey() const;

    //! Create a DER-serialized signature.
    bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig) const;

    /**
     * Create a compact signature (65 bytes), which allows reconstructing the used public key.
     * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
     * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
     *                  0x1D = second key with even y, 0x1E = second key with odd y,
     *                  add 0x04 for compressed keys.
     */
    bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;

    //! Derive BIP32 child key.
    bool Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const;

    //! Load private key and check that public key matches.
    bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);

    //! Check whether an element of a signature (r or s) is valid.
    static bool CheckSignatureElement(const unsigned char* vch, int len, bool half);
};

struct CExtKey {
    unsigned char nDepth;
    unsigned char vchFingerprint[4];
    unsigned int nChild;
    unsigned char vchChainCode[32];
    CKey key;

    friend bool operator==(const CExtKey& a, const CExtKey& b)
    {
        return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], 4) == 0 && a.nChild == b.nChild &&
               memcmp(&a.vchChainCode[0], &b.vchChainCode[0], 32) == 0 && a.key == b.key;
    }

    void Encode(unsigned char code[74]) const;
    void Decode(const unsigned char code[74]);
    bool Derive(CExtKey& out, unsigned int nChild) const;
    CExtPubKey Neuter() const;
    void SetMaster(const unsigned char* seed, unsigned int nSeedLen);
};

/** Check that required EC support is available at runtime */
bool ECC_InitSanityCheck(void);

#endif // BITCOIN_KEY_H
Fix CRLF 2010-07-14 17:54:31 +02:00			`// Copyright (c) 2009-2010 Satoshi Nakamoto`
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`// Copyright (c) 2009-2014 The Bitcoin developers`
			`// Distributed under the MIT software license, see the accompanying`
Update License in File Headers I originally created a pull to replace the "COPYING" in crypter.cpp and crypter.h, but it turned out that COPYING was actually the correct file. 2012-05-18 16:02:28 +02:00			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files. 2013-04-13 07:13:08 +02:00
make bitcoin include files more modular 2011-05-15 09:11:04 +02:00			`#ifndef BITCOIN_KEY_H`
			`#define BITCOIN_KEY_H`
Fix CRLF 2010-07-14 17:54:31 +02:00
Fix tests after recent refactors 2012-04-17 20:37:47 +02:00			`#include "allocators.h"`
Encapsulate public keys in CPubKey 2012-05-14 19:07:52 +02:00			`#include "serialize.h"`
Add missing includes to key.h 2011-06-26 16:11:56 +02:00			`#include "uint256.h"`
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files. 2013-04-13 07:13:08 +02:00
			`#include <stdexcept>`
			`#include <vector>`
Add missing includes to key.h 2011-06-26 16:11:56 +02:00
Fixing warning C4099: 'CExtPubKey' : type name first seen using 'class' now seen using 'struct' 2014-11-06 23:53:25 +01:00			`struct CExtPubKey;`
minor code style cleanup after recent merges - add a missing license header - correct some header orderings etc. 2014-11-04 14:34:04 +01:00			`class CPubKey;`
boost: moveonly: split CPubKey and friends to new files 2014-10-28 22:47:18 +01:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`/**`
			`* secp256k1:`
			`* const unsigned int PRIVATE_KEY_SIZE = 279;`
			`* const unsigned int PUBLIC_KEY_SIZE = 65;`
			`* const unsigned int SIGNATURE_SIZE = 72;`
			`*`
			`* see www.keylength.com`
			`* script supports up to 75 for single byte push`
			`*/`
Fix CRLF 2010-07-14 17:54:31 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`/**`
			`* secure_allocator is defined in allocators.h`
			`* CPrivKey is a serialized private key, with all parameters included (279 bytes)`
			`*/`
make bitcoin include files more modular 2011-05-15 09:11:04 +02:00			`typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;`
Fix CRLF 2010-07-14 17:54:31 +02:00
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`/** An encapsulated private key. */`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`class CKey`
			`{`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`private:`
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Whether this private key is valid. We check for correctness when modifying the key`
			`//! data, so fValid should always correspond to the actual state.`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`bool fValid;`
Compressed pubkeys This patch enabled compressed pubkeys when -compressedpubkeys is passed. These are 33 bytes instead of 65, and require only marginally more CPU power when verifying. Compressed pubkeys have a different corresponding address, so it is determined at generation. When -compressedpubkeys is given, all newly generated addresses will use a compressed key, while older/other addresses keep using normal keys. Unpatched clients will relay and verify these transactions. 2011-11-21 02:46:28 +01:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Whether the public key corresponding to this private key is (to be) compressed.`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`bool fCompressed;`

Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! The actual byte data`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`unsigned char vch[32];`

Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Check whether the 32-byte array pointed to be vch is valid keydata.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`bool static Check(const unsigned char* vch);`
Compressed pubkeys This patch enabled compressed pubkeys when -compressedpubkeys is passed. These are 33 bytes instead of 65, and require only marginally more CPU power when verifying. Compressed pubkeys have a different corresponding address, so it is determined at generation. When -compressedpubkeys is given, all newly generated addresses will use a compressed key, while older/other addresses keep using normal keys. Unpatched clients will relay and verify these transactions. 2011-11-21 02:46:28 +01:00
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`public:`
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Construct an invalid private key.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`CKey() : fValid(false), fCompressed(false)`
			`{`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`LockObject(vch);`
			`}`
Fix CRLF 2010-07-14 17:54:31 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Copy constructor. This is necessary because of memlocking.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`CKey(const CKey& secret) : fValid(secret.fValid), fCompressed(secret.fCompressed)`
			`{`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`LockObject(vch);`
			`memcpy(vch, secret.vch, sizeof(vch));`
			`}`
Compressed pubkeys This patch enabled compressed pubkeys when -compressedpubkeys is passed. These are 33 bytes instead of 65, and require only marginally more CPU power when verifying. Compressed pubkeys have a different corresponding address, so it is determined at generation. When -compressedpubkeys is given, all newly generated addresses will use a compressed key, while older/other addresses keep using normal keys. Unpatched clients will relay and verify these transactions. 2011-11-21 02:46:28 +01:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Destructor (again necessary because of memlocking).`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`~CKey()`
			`{`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`UnlockObject(vch);`
			`}`
Fix CRLF 2010-07-14 17:54:31 +02:00
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`friend bool operator==(const CKey& a, const CKey& b)`
			`{`
fix wrong memcmp() usage in CKey::operator== - add a check for CKey::size() of a and b (size can be 0 or 32) - change the fixed value in memcmp() to use a.size() instead - fixes #3090 2013-10-28 11:20:26 +01:00			`return a.fCompressed == b.fCompressed && a.size() == b.size() &&`
			`memcmp(&a.vch[0], &b.vch[0], a.size()) == 0;`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00			`}`

Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Initialize using begin and end iterators to byte data.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`template <typename T>`
			`void Set(const T pbegin, const T pend, bool fCompressedIn)`
			`{`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`if (pend - pbegin != 32) {`
			`fValid = false;`
			`return;`
			`}`
			`if (Check(&pbegin[0])) {`
			`memcpy(vch, (unsigned char*)&pbegin[0], 32);`
			`fValid = true;`
			`fCompressed = fCompressedIn;`
			`} else {`
			`fValid = false;`
			`}`
			`}`

Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Simple read-only vector-like interface.`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`unsigned int size() const { return (fValid ? 32 : 0); }`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`const unsigned char* begin() const { return vch; }`
			`const unsigned char* end() const { return vch + size(); }`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Check whether this private key is valid.`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`bool IsValid() const { return fValid; }`
Fix CRLF 2010-07-14 17:54:31 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Check whether the public key corresponding to this private key is (to be) compressed.`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00			`bool IsCompressed() const { return fCompressed; }`
Prepare codebase for Encrypted Keys. 2011-06-25 14:57:32 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Initialize from a CPrivKey (serialized OpenSSL private key data).`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Generate a new private key using a cryptographic PRNG.`
Refactor: move code from key.h to key.cpp 2012-05-16 18:36:38 +02:00			`void MakeNewKey(bool fCompressed);`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`/**`
			`* Convert the private key to a CPrivKey (serialized OpenSSL private key data).`
			`* This is expensive.`
			`*/`
Refactor: move code from key.h to key.cpp 2012-05-16 18:36:38 +02:00			`CPrivKey GetPrivKey() const;`
CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-01 06:52:05 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`/**`
			`* Compute the public key from a private key.`
			`* This is expensive.`
			`*/`
Encapsulate public keys in CPubKey 2012-05-14 19:07:52 +02:00			`CPubKey GetPubKey() const;`
Prepare codebase for Encrypted Keys. 2011-06-25 14:57:32 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Create a DER-serialized signature.`
Do signature-s negation inside the tests To avoid the need for libsecp256k1 to expose such functionality. 2014-11-05 19:53:59 +01:00			`bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig) const;`
Fix CRLF 2010-07-14 17:54:31 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`/**`
			`* Create a compact signature (65 bytes), which allows reconstructing the used public key.`
			`* The format is one header byte, followed by two times 32 bytes for the serialized r and s values.`
			`* The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,`
			`* 0x1D = second key with even y, 0x1E = second key with odd y,`
			`* add 0x04 for compressed keys.`
			`*/`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`bool SignCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Derive BIP32 child key.`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00			`bool Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const;`
fix wrong memcmp() usage in CKey::operator== - add a check for CKey::size() of a and b (size can be 0 or 32) - change the fixed value in memcmp() to use a.size() instead - fixes #3090 2013-10-28 11:20:26 +01:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Load private key and check that public key matches.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`bool Load(CPrivKey& privkey, CPubKey& vchPubKey, bool fSkipCheck);`
Also switch the (unused) verification code to low-s instead of even-s. a81cd968 introduced a malleability breaker for signatures (using an even value for S). In e0e14e43 this was changed to the lower of two potential values, rather than the even one. Only the signing code was changed though, the (for now unused) verification code wasn't adapted. 2014-02-07 02:19:48 +01:00
Update comments in key to be doxygen compatible 2014-10-26 09:33:52 +01:00			`//! Check whether an element of a signature (r or s) is valid.`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`static bool CheckSignatureElement(const unsigned char* vch, int len, bool half);`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00			`};`

			`struct CExtKey {`
			`unsigned char nDepth;`
			`unsigned char vchFingerprint[4];`
			`unsigned int nChild;`
			`unsigned char vchChainCode[32];`
			`CKey key;`

Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`friend bool operator==(const CExtKey& a, const CExtKey& b)`
			`{`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00			`return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], 4) == 0 && a.nChild == b.nChild &&`
			`memcmp(&a.vchChainCode[0], &b.vchChainCode[0], 32) == 0 && a.key == b.key;`
			`}`

			`void Encode(unsigned char code[74]) const;`
			`void Decode(const unsigned char code[74]);`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`bool Derive(CExtKey& out, unsigned int nChild) const;`
BIP32 derivation implementation 2013-07-15 01:05:25 +02:00			`CExtPubKey Neuter() const;`
Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00			`void SetMaster(const unsigned char* seed, unsigned int nSeedLen);`
Fix CRLF 2010-07-14 17:54:31 +02:00			`};`
make bitcoin include files more modular 2011-05-15 09:11:04 +02:00
key.cpp: fail with a friendlier message on missing ssl EC support Previously if bitcoind is linked with an OpenSSL which is compiled without EC support, this is seen as an assertion failure "pKey != NULL" at key.cpp:134, which occurs after several seconds. It is an esoteric piece of knowledge to interpret this as "oops, I linked with the wrong OpenSSL", and because of the delay it may not even be noticed. The new output is : OpenSSL appears to lack support for elliptic curve cryptography. For more information, visit https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries : Initialization sanity check failed. Bitcoin Core is shutting down. which occurs immediately after attempted startup. This also blocks in an InitSanityCheck() function which currently only checks for EC support but should eventually do more. See #4081. 2014-06-03 01:21:03 +02:00			`/** Check that required EC support is available at runtime */`
			`bool ECC_InitSanityCheck(void);`

add missing header end comments - ensures a consistent usage in header files - also add a blank line after the copyright header where missing - also remove orphan new-lines at the end of some files 2014-08-28 22:21:03 +02:00			`#endif // BITCOIN_KEY_H`