Browse Source

Specify ECDSA constant sizes as constants

0.16
Jack Grigg 8 years ago
parent
commit
17fa3913ef
No known key found for this signature in database
GPG Key ID: 665DBCD284F7DAFF
  1. 24
      src/key.cpp
  2. 12
      src/key.h
  3. 20
      src/pubkey.cpp
  4. 21
      src/pubkey.h

24
src/key.cpp

@ -87,9 +87,13 @@ static int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *ou
* <http://www.secg.org/sec1-v2.pdf>. The optional parameters and publicKey fields are * <http://www.secg.org/sec1-v2.pdf>. The optional parameters and publicKey fields are
* included. * included.
* *
* privkey must point to an output buffer of length at least PRIVATE_KEY_SIZE bytes.
* privkeylen must initially be set to the size of the privkey buffer. Upon return it
* will be set to the number of bytes used in the buffer.
* key32 must point to a 32-byte raw private key. * key32 must point to a 32-byte raw private key.
*/ */
static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
assert(*privkeylen >= PRIVATE_KEY_SIZE);
secp256k1_pubkey pubkey; secp256k1_pubkey pubkey;
size_t pubkeylen = 0; size_t pubkeylen = 0;
if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) { if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
@ -115,10 +119,11 @@ static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *pr
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, key32, 32); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
pubkeylen = 33; pubkeylen = COMPRESSED_PUBLIC_KEY_SIZE;
secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
ptr += pubkeylen; ptr += pubkeylen;
*privkeylen = ptr - privkey; *privkeylen = ptr - privkey;
assert(*privkeylen == COMPRESSED_PRIVATE_KEY_SIZE);
} else { } else {
static const unsigned char begin[] = { static const unsigned char begin[] = {
0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20
@ -140,10 +145,11 @@ static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *pr
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, key32, 32); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
pubkeylen = 65; pubkeylen = PUBLIC_KEY_SIZE;
secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
ptr += pubkeylen; ptr += pubkeylen;
*privkeylen = ptr - privkey; *privkeylen = ptr - privkey;
assert(*privkeylen == PRIVATE_KEY_SIZE);
} }
return 1; return 1;
} }
@ -165,8 +171,8 @@ CPrivKey CKey::GetPrivKey() const {
CPrivKey privkey; CPrivKey privkey;
int ret; int ret;
size_t privkeylen; size_t privkeylen;
privkey.resize(279); privkey.resize(PRIVATE_KEY_SIZE);
privkeylen = 279; privkeylen = PRIVATE_KEY_SIZE;
ret = ec_privkey_export_der(secp256k1_context_sign, (unsigned char*) privkey.data(), &privkeylen, begin(), fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); ret = ec_privkey_export_der(secp256k1_context_sign, (unsigned char*) privkey.data(), &privkeylen, begin(), fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
assert(ret); assert(ret);
privkey.resize(privkeylen); privkey.resize(privkeylen);
@ -176,7 +182,7 @@ CPrivKey CKey::GetPrivKey() const {
CPubKey CKey::GetPubKey() const { CPubKey CKey::GetPubKey() const {
assert(fValid); assert(fValid);
secp256k1_pubkey pubkey; secp256k1_pubkey pubkey;
size_t clen = 65; size_t clen = PUBLIC_KEY_SIZE;
CPubKey result; CPubKey result;
int ret = secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin()); int ret = secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
assert(ret); assert(ret);
@ -189,8 +195,8 @@ CPubKey CKey::GetPubKey() const {
bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const { bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {
if (!fValid) if (!fValid)
return false; return false;
vchSig.resize(72); vchSig.resize(SIGNATURE_SIZE);
size_t nSigLen = 72; size_t nSigLen = SIGNATURE_SIZE;
unsigned char extra_entropy[32] = {0}; unsigned char extra_entropy[32] = {0};
WriteLE32(extra_entropy, test_case); WriteLE32(extra_entropy, test_case);
secp256k1_ecdsa_signature sig; secp256k1_ecdsa_signature sig;
@ -218,7 +224,7 @@ bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const { bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const {
if (!fValid) if (!fValid)
return false; return false;
vchSig.resize(65); vchSig.resize(COMPACT_SIGNATURE_SIZE);
int rec = -1; int rec = -1;
secp256k1_ecdsa_recoverable_signature sig; secp256k1_ecdsa_recoverable_signature sig;
int ret = secp256k1_ecdsa_sign_recoverable(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, NULL); int ret = secp256k1_ecdsa_sign_recoverable(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, NULL);
@ -248,7 +254,7 @@ bool CKey::Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const
std::vector<unsigned char, secure_allocator<unsigned char>> vout(64); std::vector<unsigned char, secure_allocator<unsigned char>> vout(64);
if ((nChild >> 31) == 0) { if ((nChild >> 31) == 0) {
CPubKey pubkey = GetPubKey(); CPubKey pubkey = GetPubKey();
assert(pubkey.size() == 33); assert(pubkey.size() == COMPRESSED_PUBLIC_KEY_SIZE);
BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin()+1, vout.data()); BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin()+1, vout.data());
} else { } else {
assert(size() == 32); assert(size() == 32);

12
src/key.h

@ -1,5 +1,6 @@
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2016 The Bitcoin Core developers // Copyright (c) 2009-2016 The Bitcoin Core developers
// Copyright (c) 2017 The Zcash developers
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
@ -17,17 +18,18 @@
/** /**
* secp256k1: * secp256k1:
* const unsigned int PRIVATE_KEY_SIZE = 279; */
* const unsigned int PUBLIC_KEY_SIZE = 65; const unsigned int PRIVATE_KEY_SIZE = 279;
* const unsigned int SIGNATURE_SIZE = 72; const unsigned int COMPRESSED_PRIVATE_KEY_SIZE = 214;
* /**
* see www.keylength.com * see www.keylength.com
* script supports up to 75 for single byte push * script supports up to 75 for single byte push
*/ */
/** /**
* secure_allocator is defined in allocators.h * secure_allocator is defined in allocators.h
* CPrivKey is a serialized private key, with all parameters included (279 bytes) * CPrivKey is a serialized private key, with all parameters included
* (PRIVATE_KEY_SIZE bytes)
*/ */
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey; typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;

20
src/pubkey.cpp

@ -185,7 +185,7 @@ bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchS
} }
bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) { bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
if (vchSig.size() != 65) if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
return false; return false;
int recid = (vchSig[0] - 27) & 3; int recid = (vchSig[0] - 27) & 3;
bool fComp = ((vchSig[0] - 27) & 4) != 0; bool fComp = ((vchSig[0] - 27) & 4) != 0;
@ -197,8 +197,8 @@ bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned cha
if (!secp256k1_ecdsa_recover(secp256k1_context_verify, &pubkey, &sig, hash.begin())) { if (!secp256k1_ecdsa_recover(secp256k1_context_verify, &pubkey, &sig, hash.begin())) {
return false; return false;
} }
unsigned char pub[65]; unsigned char pub[PUBLIC_KEY_SIZE];
size_t publen = 65; size_t publen = PUBLIC_KEY_SIZE;
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, fComp ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, fComp ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
Set(pub, pub + publen); Set(pub, pub + publen);
return true; return true;
@ -218,8 +218,8 @@ bool CPubKey::Decompress() {
if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size())) { if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size())) {
return false; return false;
} }
unsigned char pub[65]; unsigned char pub[PUBLIC_KEY_SIZE];
size_t publen = 65; size_t publen = PUBLIC_KEY_SIZE;
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_UNCOMPRESSED); secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
Set(pub, pub + publen); Set(pub, pub + publen);
return true; return true;
@ -228,7 +228,7 @@ bool CPubKey::Decompress() {
bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const { bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
assert(IsValid()); assert(IsValid());
assert((nChild >> 31) == 0); assert((nChild >> 31) == 0);
assert(size() == 33); assert(size() == COMPRESSED_PUBLIC_KEY_SIZE);
unsigned char out[64]; unsigned char out[64];
BIP32Hash(cc, nChild, *begin(), begin()+1, out); BIP32Hash(cc, nChild, *begin(), begin()+1, out);
memcpy(ccChild.begin(), out+32, 32); memcpy(ccChild.begin(), out+32, 32);
@ -239,8 +239,8 @@ bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChi
if (!secp256k1_ec_pubkey_tweak_add(secp256k1_context_verify, &pubkey, out)) { if (!secp256k1_ec_pubkey_tweak_add(secp256k1_context_verify, &pubkey, out)) {
return false; return false;
} }
unsigned char pub[33]; unsigned char pub[COMPRESSED_PUBLIC_KEY_SIZE];
size_t publen = 33; size_t publen = COMPRESSED_PUBLIC_KEY_SIZE;
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_COMPRESSED); secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_COMPRESSED);
pubkeyChild.Set(pub, pub + publen); pubkeyChild.Set(pub, pub + publen);
return true; return true;
@ -252,8 +252,8 @@ void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF; code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF; code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF;
memcpy(code+9, chaincode.begin(), 32); memcpy(code+9, chaincode.begin(), 32);
assert(pubkey.size() == 33); assert(pubkey.size() == COMPRESSED_PUBLIC_KEY_SIZE);
memcpy(code+41, pubkey.begin(), 33); memcpy(code+41, pubkey.begin(), COMPRESSED_PUBLIC_KEY_SIZE);
} }
void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) { void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {

21
src/pubkey.h

@ -1,5 +1,6 @@
// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2016 The Bitcoin Core developers // Copyright (c) 2009-2016 The Bitcoin Core developers
// Copyright (c) 2017 The Zcash developers
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
@ -15,10 +16,12 @@
/** /**
* secp256k1: * secp256k1:
* const unsigned int PRIVATE_KEY_SIZE = 279; */
* const unsigned int PUBLIC_KEY_SIZE = 65; const unsigned int PUBLIC_KEY_SIZE = 65;
* const unsigned int SIGNATURE_SIZE = 72; const unsigned int COMPRESSED_PUBLIC_KEY_SIZE = 33;
* const unsigned int SIGNATURE_SIZE = 72;
const unsigned int COMPACT_SIGNATURE_SIZE = 65;
/**
* see www.keylength.com * see www.keylength.com
* script supports up to 75 for single byte push * script supports up to 75 for single byte push
*/ */
@ -44,15 +47,15 @@ private:
* Just store the serialized data. * Just store the serialized data.
* Its length can very cheaply be computed from the first byte. * Its length can very cheaply be computed from the first byte.
*/ */
unsigned char vch[65]; unsigned char vch[PUBLIC_KEY_SIZE];
//! Compute the length of a pubkey with a given first byte. //! Compute the length of a pubkey with a given first byte.
unsigned int static GetLen(unsigned char chHeader) unsigned int static GetLen(unsigned char chHeader)
{ {
if (chHeader == 2 || chHeader == 3) if (chHeader == 2 || chHeader == 3)
return 33; return COMPRESSED_PUBLIC_KEY_SIZE;
if (chHeader == 4 || chHeader == 6 || chHeader == 7) if (chHeader == 4 || chHeader == 6 || chHeader == 7)
return 65; return PUBLIC_KEY_SIZE;
return 0; return 0;
} }
@ -127,7 +130,7 @@ public:
void Unserialize(Stream& s) void Unserialize(Stream& s)
{ {
unsigned int len = ::ReadCompactSize(s); unsigned int len = ::ReadCompactSize(s);
if (len <= 65) { if (len <= PUBLIC_KEY_SIZE) {
s.read((char*)vch, len); s.read((char*)vch, len);
} else { } else {
// invalid pubkey, skip available data // invalid pubkey, skip available data
@ -166,7 +169,7 @@ public:
//! Check whether this is a compressed public key. //! Check whether this is a compressed public key.
bool IsCompressed() const bool IsCompressed() const
{ {
return size() == 33; return size() == COMPRESSED_PUBLIC_KEY_SIZE;
} }
/** /**

Loading…
Cancel
Save