Browse Source
0.10d2e74c5
boost: moveonly: split CPubKey and friends to new files (Cory Fields)78c228c
boost: moveonly: move BIP32Hash to hash.h (Cory Fields)900078a
boost: moveonly: create eccryptoverify.h|cpp and move helper functions there (Cory Fields)
Wladimir J. van der Laan
10 years ago
21 changed files with 458 additions and 369 deletions
@ -0,0 +1,63 @@
@@ -0,0 +1,63 @@
|
||||
#include "eccryptoverify.h" |
||||
|
||||
namespace { |
||||
|
||||
int CompareBigEndian(const unsigned char *c1, size_t c1len, const unsigned char *c2, size_t c2len) { |
||||
while (c1len > c2len) { |
||||
if (*c1) |
||||
return 1; |
||||
c1++; |
||||
c1len--; |
||||
} |
||||
while (c2len > c1len) { |
||||
if (*c2) |
||||
return -1; |
||||
c2++; |
||||
c2len--; |
||||
} |
||||
while (c1len > 0) { |
||||
if (*c1 > *c2) |
||||
return 1; |
||||
if (*c2 > *c1) |
||||
return -1; |
||||
c1++; |
||||
c2++; |
||||
c1len--; |
||||
} |
||||
return 0; |
||||
} |
||||
|
||||
/** Order of secp256k1's generator minus 1. */ |
||||
const unsigned char vchMaxModOrder[32] = { |
||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, |
||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, |
||||
0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, |
||||
0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40 |
||||
}; |
||||
|
||||
/** Half of the order of secp256k1's generator minus 1. */ |
||||
const unsigned char vchMaxModHalfOrder[32] = { |
||||
0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, |
||||
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, |
||||
0x5D,0x57,0x6E,0x73,0x57,0xA4,0x50,0x1D, |
||||
0xDF,0xE9,0x2F,0x46,0x68,0x1B,0x20,0xA0 |
||||
}; |
||||
|
||||
const unsigned char vchZero[1] = {0}; |
||||
} // anon namespace
|
||||
|
||||
namespace eccrypto { |
||||
|
||||
bool Check(const unsigned char *vch) { |
||||
return vch && |
||||
CompareBigEndian(vch, 32, vchZero, 0) > 0 && |
||||
CompareBigEndian(vch, 32, vchMaxModOrder, 32) <= 0; |
||||
} |
||||
|
||||
bool CheckSignatureElement(const unsigned char *vch, int len, bool half) { |
||||
return vch && |
||||
CompareBigEndian(vch, len, vchZero, 0) > 0 && |
||||
CompareBigEndian(vch, len, half ? vchMaxModHalfOrder : vchMaxModOrder, 32) <= 0; |
||||
} |
||||
|
||||
} // namespace eccrypto
|
@ -0,0 +1,19 @@
@@ -0,0 +1,19 @@
|
||||
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
||||
// Copyright (c) 2009-2013 The Bitcoin developers
|
||||
// Distributed under the MIT/X11 software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#ifndef BITCOIN_EC_CRYPTO_VERIFY_H |
||||
#define BITCOIN_EC_CRYPTO_VERIFY_H |
||||
|
||||
#include <vector> |
||||
#include <cstdlib> |
||||
class uint256; |
||||
|
||||
namespace eccrypto { |
||||
|
||||
bool Check(const unsigned char *vch); |
||||
bool CheckSignatureElement(const unsigned char *vch, int len, bool half); |
||||
|
||||
} // eccrypto namespace
|
||||
#endif |
@ -0,0 +1,131 @@
@@ -0,0 +1,131 @@
|
||||
// Copyright (c) 2009-2014 The Bitcoin developers
|
||||
// Distributed under the MIT/X11 software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include "pubkey.h" |
||||
|
||||
#include "crypto/sha2.h" |
||||
#include "eccryptoverify.h" |
||||
|
||||
#ifdef USE_SECP256K1 |
||||
#include <secp256k1.h> |
||||
#else |
||||
#include "ecwrapper.h" |
||||
#endif |
||||
|
||||
bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const { |
||||
if (!IsValid()) |
||||
return false; |
||||
#ifdef USE_SECP256K1 |
||||
if (secp256k1_ecdsa_verify((const unsigned char*)&hash, 32, &vchSig[0], vchSig.size(), begin(), size()) != 1) |
||||
return false; |
||||
#else |
||||
CECKey key; |
||||
if (!key.SetPubKey(begin(), size())) |
||||
return false; |
||||
if (!key.Verify(hash, vchSig)) |
||||
return false; |
||||
#endif |
||||
return true; |
||||
} |
||||
|
||||
bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) { |
||||
if (vchSig.size() != 65) |
||||
return false; |
||||
int recid = (vchSig[0] - 27) & 3; |
||||
bool fComp = ((vchSig[0] - 27) & 4) != 0; |
||||
#ifdef USE_SECP256K1 |
||||
int pubkeylen = 65; |
||||
if (!secp256k1_ecdsa_recover_compact((const unsigned char*)&hash, 32, &vchSig[1], (unsigned char*)begin(), &pubkeylen, fComp, recid)) |
||||
return false; |
||||
assert((int)size() == pubkeylen); |
||||
#else |
||||
CECKey key; |
||||
if (!key.Recover(hash, &vchSig[1], recid)) |
||||
return false; |
||||
std::vector<unsigned char> pubkey; |
||||
key.GetPubKey(pubkey, fComp); |
||||
Set(pubkey.begin(), pubkey.end()); |
||||
#endif |
||||
return true; |
||||
} |
||||
|
||||
bool CPubKey::IsFullyValid() const { |
||||
if (!IsValid()) |
||||
return false; |
||||
#ifdef USE_SECP256K1 |
||||
if (!secp256k1_ecdsa_pubkey_verify(begin(), size())) |
||||
return false; |
||||
#else |
||||
CECKey key; |
||||
if (!key.SetPubKey(begin(), size())) |
||||
return false; |
||||
#endif |
||||
return true; |
||||
} |
||||
|
||||
bool CPubKey::Decompress() { |
||||
if (!IsValid()) |
||||
return false; |
||||
#ifdef USE_SECP256K1 |
||||
int clen = size(); |
||||
int ret = secp256k1_ecdsa_pubkey_decompress((unsigned char*)begin(), &clen); |
||||
assert(ret); |
||||
assert(clen == (int)size()); |
||||
#else |
||||
CECKey key; |
||||
if (!key.SetPubKey(begin(), size())) |
||||
return false; |
||||
std::vector<unsigned char> pubkey; |
||||
key.GetPubKey(pubkey, false); |
||||
Set(pubkey.begin(), pubkey.end()); |
||||
#endif |
||||
return true; |
||||
} |
||||
|
||||
bool CPubKey::Derive(CPubKey& pubkeyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const { |
||||
assert(IsValid()); |
||||
assert((nChild >> 31) == 0); |
||||
assert(begin() + 33 == end()); |
||||
unsigned char out[64]; |
||||
BIP32Hash(cc, nChild, *begin(), begin()+1, out); |
||||
memcpy(ccChild, out+32, 32); |
||||
#ifdef USE_SECP256K1 |
||||
pubkeyChild = *this; |
||||
bool ret = secp256k1_ecdsa_pubkey_tweak_add((unsigned char*)pubkeyChild.begin(), pubkeyChild.size(), out); |
||||
#else |
||||
CECKey key; |
||||
bool ret = key.SetPubKey(begin(), size()); |
||||
ret &= key.TweakPublic(out); |
||||
std::vector<unsigned char> pubkey; |
||||
key.GetPubKey(pubkey, true); |
||||
pubkeyChild.Set(pubkey.begin(), pubkey.end()); |
||||
#endif |
||||
return ret; |
||||
} |
||||
|
||||
void CExtPubKey::Encode(unsigned char code[74]) const { |
||||
code[0] = nDepth; |
||||
memcpy(code+1, vchFingerprint, 4); |
||||
code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF; |
||||
code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF; |
||||
memcpy(code+9, vchChainCode, 32); |
||||
assert(pubkey.size() == 33); |
||||
memcpy(code+41, pubkey.begin(), 33); |
||||
} |
||||
|
||||
void CExtPubKey::Decode(const unsigned char code[74]) { |
||||
nDepth = code[0]; |
||||
memcpy(vchFingerprint, code+1, 4); |
||||
nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8]; |
||||
memcpy(vchChainCode, code+9, 32); |
||||
pubkey.Set(code+41, code+74); |
||||
} |
||||
|
||||
bool CExtPubKey::Derive(CExtPubKey &out, unsigned int nChild) const { |
||||
out.nDepth = nDepth + 1; |
||||
CKeyID id = pubkey.GetID(); |
||||
memcpy(&out.vchFingerprint[0], &id, 4); |
||||
out.nChild = nChild; |
||||
return pubkey.Derive(out.pubkey, out.vchChainCode, nChild, vchChainCode); |
||||
} |
@ -0,0 +1,206 @@
@@ -0,0 +1,206 @@
|
||||
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
||||
// Copyright (c) 2009-2013 The Bitcoin developers
|
||||
// Distributed under the MIT/X11 software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#ifndef BITCOIN_PUBKEY_H |
||||
#define BITCOIN_PUBKEY_H |
||||
|
||||
#include "hash.h" |
||||
#include "serialize.h" |
||||
#include "uint256.h" |
||||
|
||||
#include <stdexcept> |
||||
#include <vector> |
||||
|
||||
/**
|
||||
* secp256k1: |
||||
* const unsigned int PRIVATE_KEY_SIZE = 279; |
||||
* const unsigned int PUBLIC_KEY_SIZE = 65; |
||||
* const unsigned int SIGNATURE_SIZE = 72; |
||||
* |
||||
* see www.keylength.com |
||||
* script supports up to 75 for single byte push |
||||
*/ |
||||
|
||||
/** A reference to a CKey: the Hash160 of its serialized public key */ |
||||
class CKeyID : public uint160 |
||||
{ |
||||
public: |
||||
CKeyID() : uint160(0) {} |
||||
CKeyID(const uint160& in) : uint160(in) {} |
||||
}; |
||||
|
||||
/** An encapsulated public key. */ |
||||
class CPubKey |
||||
{ |
||||
private: |
||||
|
||||
/**
|
||||
* Just store the serialized data. |
||||
* Its length can very cheaply be computed from the first byte. |
||||
*/ |
||||
unsigned char vch[65]; |
||||
|
||||
//! Compute the length of a pubkey with a given first byte.
|
||||
unsigned int static GetLen(unsigned char chHeader) |
||||
{ |
||||
if (chHeader == 2 || chHeader == 3) |
||||
return 33; |
||||
if (chHeader == 4 || chHeader == 6 || chHeader == 7) |
||||
return 65; |
||||
return 0; |
||||
} |
||||
|
||||
//! Set this key data to be invalid
|
||||
void Invalidate() |
||||
{ |
||||
vch[0] = 0xFF; |
||||
} |
||||
|
||||
public: |
||||
//! Construct an invalid public key.
|
||||
CPubKey() |
||||
{ |
||||
Invalidate(); |
||||
} |
||||
|
||||
//! Initialize a public key using begin/end iterators to byte data.
|
||||
template <typename T> |
||||
void Set(const T pbegin, const T pend) |
||||
{ |
||||
int len = pend == pbegin ? 0 : GetLen(pbegin[0]); |
||||
if (len && len == (pend - pbegin)) |
||||
memcpy(vch, (unsigned char*)&pbegin[0], len); |
||||
else |
||||
Invalidate(); |
||||
} |
||||
|
||||
//! Construct a public key using begin/end iterators to byte data.
|
||||
template <typename T> |
||||
CPubKey(const T pbegin, const T pend) |
||||
{ |
||||
Set(pbegin, pend); |
||||
} |
||||
|
||||
//! Construct a public key from a byte vector.
|
||||
CPubKey(const std::vector<unsigned char>& vch) |
||||
{ |
||||
Set(vch.begin(), vch.end()); |
||||
} |
||||
|
||||
//! Simple read-only vector-like interface to the pubkey data.
|
||||
unsigned int size() const { return GetLen(vch[0]); } |
||||
const unsigned char* begin() const { return vch; } |
||||
const unsigned char* end() const { return vch + size(); } |
||||
const unsigned char& operator[](unsigned int pos) const { return vch[pos]; } |
||||
|
||||
//! Comparator implementation.
|
||||
friend bool operator==(const CPubKey& a, const CPubKey& b) |
||||
{ |
||||
return a.vch[0] == b.vch[0] && |
||||
memcmp(a.vch, b.vch, a.size()) == 0; |
||||
} |
||||
friend bool operator!=(const CPubKey& a, const CPubKey& b) |
||||
{ |
||||
return !(a == b); |
||||
} |
||||
friend bool operator<(const CPubKey& a, const CPubKey& b) |
||||
{ |
||||
return a.vch[0] < b.vch[0] || |
||||
(a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) < 0); |
||||
} |
||||
|
||||
//! Implement serialization, as if this was a byte vector.
|
||||
unsigned int GetSerializeSize(int nType, int nVersion) const |
||||
{ |
||||
return size() + 1; |
||||
} |
||||
template <typename Stream> |
||||
void Serialize(Stream& s, int nType, int nVersion) const |
||||
{ |
||||
unsigned int len = size(); |
||||
::WriteCompactSize(s, len); |
||||
s.write((char*)vch, len); |
||||
} |
||||
template <typename Stream> |
||||
void Unserialize(Stream& s, int nType, int nVersion) |
||||
{ |
||||
unsigned int len = ::ReadCompactSize(s); |
||||
if (len <= 65) { |
||||
s.read((char*)vch, len); |
||||
} else { |
||||
// invalid pubkey, skip available data
|
||||
char dummy; |
||||
while (len--) |
||||
s.read(&dummy, 1); |
||||
Invalidate(); |
||||
} |
||||
} |
||||
|
||||
//! Get the KeyID of this public key (hash of its serialization)
|
||||
CKeyID GetID() const |
||||
{ |
||||
return CKeyID(Hash160(vch, vch + size())); |
||||
} |
||||
|
||||
//! Get the 256-bit hash of this public key.
|
||||
uint256 GetHash() const |
||||
{ |
||||
return Hash(vch, vch + size()); |
||||
} |
||||
|
||||
/*
|
||||
* Check syntactic correctness. |
||||
* |
||||
* Note that this is consensus critical as CheckSig() calls it! |
||||
*/ |
||||
bool IsValid() const |
||||
{ |
||||
return size() > 0; |
||||
} |
||||
|
||||
//! fully validate whether this is a valid public key (more expensive than IsValid())
|
||||
bool IsFullyValid() const; |
||||
|
||||
//! Check whether this is a compressed public key.
|
||||
bool IsCompressed() const |
||||
{ |
||||
return size() == 33; |
||||
} |
||||
|
||||
/**
|
||||
* Verify a DER signature (~72 bytes). |
||||
* If this public key is not fully valid, the return value will be false. |
||||
*/ |
||||
bool Verify(const uint256& hash, const std::vector<unsigned char>& vchSig) const; |
||||
|
||||
//! Recover a public key from a compact signature.
|
||||
bool RecoverCompact(const uint256& hash, const std::vector<unsigned char>& vchSig); |
||||
|
||||
//! Turn this public key into an uncompressed public key.
|
||||
bool Decompress(); |
||||
|
||||
//! Derive BIP32 child pubkey.
|
||||
bool Derive(CPubKey& pubkeyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const; |
||||
}; |
||||
|
||||
struct CExtPubKey { |
||||
unsigned char nDepth; |
||||
unsigned char vchFingerprint[4]; |
||||
unsigned int nChild; |
||||
unsigned char vchChainCode[32]; |
||||
CPubKey pubkey; |
||||
|
||||
friend bool operator==(const CExtPubKey& a, const CExtPubKey& b) |
||||
{ |
||||
return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], 4) == 0 && a.nChild == b.nChild && |
||||
memcmp(&a.vchChainCode[0], &b.vchChainCode[0], 32) == 0 && a.pubkey == b.pubkey; |
||||
} |
||||
|
||||
void Encode(unsigned char code[74]) const; |
||||
void Decode(const unsigned char code[74]); |
||||
bool Derive(CExtPubKey& out, unsigned int nChild) const; |
||||
}; |
||||
|
||||
#endif // BITCOIN_PUBKEY_H
|
Loading…
Reference in new issue