// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2013 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_KEY_H #define BITCOIN_KEY_H #include #include "allocators.h" #include "serialize.h" #include "uint256.h" #include "hash.h" // secp256k1: // const unsigned int PRIVATE_KEY_SIZE = 279; // const unsigned int PUBLIC_KEY_SIZE = 65; // const unsigned int SIGNATURE_SIZE = 72; // // see www.keylength.com // script supports up to 75 for single byte push /** A reference to a CKey: the Hash160 of its serialized public key */ class CKeyID : public uint160 { public: CKeyID() : uint160(0) { } CKeyID(const uint160 &in) : uint160(in) { } }; /** A reference to a CScript: the Hash160 of its serialization (see script.h) */ class CScriptID : public uint160 { public: CScriptID() : uint160(0) { } CScriptID(const uint160 &in) : uint160(in) { } }; struct ecies_secure_t; /** An encapsulated public key. */ class CPubKey { private: // Just store the serialized data. // Its length can very cheaply be computed from the first byte. unsigned char vch[65]; // Compute the length of a pubkey with a given first byte. unsigned int static GetLen(unsigned char chHeader) { if (chHeader == 2 || chHeader == 3) return 33; if (chHeader == 4 || chHeader == 6 || chHeader == 7) return 65; return 0; } // Set this key data to be invalid void Invalidate() { vch[0] = 0xFF; } public: // Construct an invalid public key. CPubKey() { Invalidate(); } // Initialize a public key using begin/end iterators to byte data. template void Set(const T pbegin, const T pend) { int len = pend == pbegin ? 0 : GetLen(pbegin[0]); if (len && len == (pend-pbegin)) memcpy(vch, (unsigned char*)&pbegin[0], len); else Invalidate(); } // Construct a public key using begin/end iterators to byte data. template CPubKey(const T pbegin, const T pend) { Set(pbegin, pend); } // Construct a public key from a byte vector. CPubKey(const std::vector &vch) { Set(vch.begin(), vch.end()); } // Simple read-only vector-like interface to the pubkey data. unsigned int size() const { return GetLen(vch[0]); } const unsigned char *begin() const { return vch; } const unsigned char *end() const { return vch+size(); } const unsigned char &operator[](unsigned int pos) const { return vch[pos]; } // Comparator implementation. friend bool operator==(const CPubKey &a, const CPubKey &b) { return a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) == 0; } friend bool operator!=(const CPubKey &a, const CPubKey &b) { return !(a == b); } friend bool operator<(const CPubKey &a, const CPubKey &b) { return a.vch[0] < b.vch[0] || (a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) < 0); } // Implement serialization, as if this was a byte vector. unsigned int GetSerializeSize(int nType, int nVersion) const { return size() + 1; } template void Serialize(Stream &s, int nType, int nVersion) const { unsigned int len = size(); ::WriteCompactSize(s, len); s.write((char*)vch, len); } template void Unserialize(Stream &s, int nType, int nVersion) { unsigned int len = ::ReadCompactSize(s); if (len <= 65) { s.read((char*)vch, len); } else { // invalid pubkey, skip available data char dummy; while (len--) s.read(&dummy, 1); Invalidate(); } } // Get the KeyID of this public key (hash of its serialization) CKeyID GetID() const { return CKeyID(Hash160(vch, vch+size())); } // Get the 256-bit hash of this public key. uint256 GetHash() const { return Hash(vch, vch+size()); } // just check syntactic correctness. bool IsValid() const { return size() > 0; } // fully validate whether this is a valid public key (more expensive than IsValid()) bool IsFullyValid() const; // Check whether this is a compressed public key. bool IsCompressed() const { return size() == 33; } // Verify a DER signature (~72 bytes). // If this public key is not fully valid, the return value will be false. bool Verify(const uint256 &hash, const std::vector& vchSig) const; // Verify a compact signature (~65 bytes). // See CKey::SignCompact. bool VerifyCompact(const uint256 &hash, const std::vector& vchSig) const; // Recover a public key from a compact signature. bool RecoverCompact(const uint256 &hash, const std::vector& vchSig); // Turn this public key into an uncompressed public key. bool Decompress(); // Encrypt with public key bool Encrypt(std::string const &vchText, ecies_secure_t &cryptex); }; // secure_allocator is defined in allocators.h // CPrivKey is a serialized private key, with all parameters included (279 bytes) typedef std::vector > CPrivKey; /** An encapsulated private key. */ class CKey { private: // Whether this private key is valid. We check for correctness when modifying the key // data, so fValid should always correspond to the actual state. bool fValid; // Whether the public key corresponding to this private key is (to be) compressed. bool fCompressed; // The actual byte data unsigned char vch[32]; // Check whether the 32-byte array pointed to be vch is valid keydata. bool static Check(const unsigned char *vch); public: // Construct an invalid private key. CKey() : fValid(false) { LockObject(vch); } // Copy constructor. This is necessary because of memlocking. CKey(const CKey &secret) : fValid(secret.fValid), fCompressed(secret.fCompressed) { LockObject(vch); memcpy(vch, secret.vch, sizeof(vch)); } // Destructor (again necessary because of memlocking). ~CKey() { UnlockObject(vch); } // Initialize using begin and end iterators to byte data. template void Set(const T pbegin, const T pend, bool fCompressedIn) { if (pend - pbegin != 32) { fValid = false; return; } if (Check(&pbegin[0])) { memcpy(vch, (unsigned char*)&pbegin[0], 32); fValid = true; fCompressed = fCompressedIn; } else { fValid = false; } } // Simple read-only vector-like interface. unsigned int size() const { return (fValid ? 32 : 0); } const unsigned char *begin() const { return vch; } const unsigned char *end() const { return vch + size(); } // Check whether this private key is valid. bool IsValid() const { return fValid; } // Check whether the public key corresponding to this private key is (to be) compressed. bool IsCompressed() const { return fCompressed; } // Initialize from a CPrivKey (serialized OpenSSL private key data). bool SetPrivKey(const CPrivKey &vchPrivKey, bool fCompressed); // Generate a new private key using a cryptographic PRNG. void MakeNewKey(bool fCompressed); // Convert the private key to a CPrivKey (serialized OpenSSL private key data). // This is expensive. CPrivKey GetPrivKey() const; // Compute the public key from a private key. // This is expensive. CPubKey GetPubKey() const; // Create a DER-serialized signature. bool Sign(const uint256 &hash, std::vector& vchSig) const; // Create a compact signature (65 bytes), which allows reconstructing the used public key. // The format is one header byte, followed by two times 32 bytes for the serialized r and s values. // The header byte: 0x1B = first key with even y, 0x1C = first key with odd y, // 0x1D = second key with even y, 0x1E = second key with odd y, // add 0x04 for compressed keys. bool SignCompact(const uint256 &hash, std::vector& vchSig) const; bool Decrypt(ecies_secure_t const &cryptex, std::string &vchText ); }; /** * @file /cryptron/ecies.h * * @brief ECIES module functions. * * $Author: Ladar Levison $ * $Website: http://lavabit.com $ * $Date: 2010/08/06 06:02:03 $ * $Revision: a51931d0f81f6abe29ca91470931d41a374508a7 $ * */ #define ECIES_CIPHER EVP_aes_256_cbc() #define ECIES_HASHER EVP_sha512() struct ecies_secure_t { std::string key; std::string mac; size_t orig; std::string body; }; #endif