19 static int ec_privkey_import_der(
const secp256k1_context* ctx,
unsigned char *out32,
const unsigned char *privkey,
size_t privkeylen) {
20 const unsigned char *end = privkey + privkeylen;
25 if (end < privkey+1 || *privkey != 0x30) {
30 if (end < privkey+1 || !(*privkey & 0x80)) {
33 lenb = *privkey & ~0x80; privkey++;
34 if (lenb < 1 || lenb > 2) {
37 if (end < privkey+lenb) {
41 len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0);
43 if (end < privkey+len) {
47 if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) {
52 if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) {
55 memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
63 static int ec_privkey_export_der(
const secp256k1_context *ctx,
unsigned char *privkey,
size_t *privkeylen,
const unsigned char *key32,
int compressed) {
71 static const unsigned char begin[] = {
72 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20
74 static const unsigned char middle[] = {
75 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
76 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
77 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
78 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
79 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
80 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
81 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
82 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
83 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00
85 unsigned char *ptr = privkey;
86 memcpy(ptr, begin,
sizeof(begin)); ptr +=
sizeof(begin);
87 memcpy(ptr, key32, 32); ptr += 32;
88 memcpy(ptr, middle,
sizeof(middle)); ptr +=
sizeof(middle);
92 *privkeylen = ptr - privkey;
94 static const unsigned char begin[] = {
95 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20
97 static const unsigned char middle[] = {
98 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
99 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
100 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
101 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
102 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
103 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
104 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11,
105 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10,
106 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
107 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
108 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00
110 unsigned char *ptr = privkey;
111 memcpy(ptr, begin,
sizeof(begin)); ptr +=
sizeof(begin);
112 memcpy(ptr, key32, 32); ptr += 32;
113 memcpy(ptr, middle,
sizeof(middle)); ptr +=
sizeof(middle);
117 *privkeylen = ptr - privkey;
143 privkey.resize(privkeylen);
160 bool CKey::Sign(
const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case)
const {
165 unsigned char extra_entropy[32] = {0};
166 WriteLE32(extra_entropy, test_case);
171 vchSig.resize(nSigLen);
179 unsigned char rnd[8];
180 std::string str =
"Bitcoin key verification\n";
183 CHash256().
Write((
unsigned char*)str.data(), str.size()).Write(rnd,
sizeof(rnd)).Finalize(hash.
begin());
184 std::vector<unsigned char> vchSig;
186 return pubkey.
Verify(hash, vchSig);
205 if (!ec_privkey_import_der(secp256k1_context_sign, (
unsigned char*)
begin(), privkey.data(), privkey.size()))
219 std::vector<unsigned char, secure_allocator<unsigned char>> vout(64);
220 if ((nChild >> 31) == 0) {
238 CKeyID id = key.GetPubKey().GetID();
241 return key.Derive(out.
key, out.
chaincode, _nChild, chaincode);
245 static const unsigned char hashkey[] = {
'B',
'i',
't',
'c',
'o',
'i',
'n',
' ',
's',
'e',
'e',
'd'};
246 std::vector<unsigned char, secure_allocator<unsigned char>> vout(64);
248 key.Set(vout.data(), vout.data() + 32,
true);
249 memcpy(chaincode.begin(), vout.data() + 32, 32);
252 memset(vchFingerprint, 0,
sizeof(vchFingerprint));
260 ret.
pubkey = key.GetPubKey();
268 code[5] = (nChild >> 24) & 0xFF;
code[6] = (nChild >> 16) & 0xFF;
269 code[7] = (nChild >> 8) & 0xFF;
code[8] = (nChild >> 0) & 0xFF;
273 memcpy(code+42, key.begin(), 32);
281 key.Set(
code+42,
code+BIP32_EXTKEY_SIZE,
true);
292 assert(secp256k1_context_sign ==
nullptr);
299 std::vector<unsigned char, secure_allocator<unsigned char>> vseed(32);
305 secp256k1_context_sign = ctx;
310 secp256k1_context_sign =
nullptr;
void Finalize(unsigned char hash[OUTPUT_SIZE])
CHMAC_SHA512 & Write(const unsigned char *data, size_t len)
void ECC_Start()
Initialize the elliptic curve support.
unsigned char vchFingerprint[4]
const unsigned char * begin() const
CExtPubKey Neuter() const
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
CHash256 & Write(const unsigned char *data, size_t len)
const unsigned char * end() const
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
unsigned char vchFingerprint[4]
void GetStrongRandBytes(unsigned char *out, int num)
Function to gather random data from multiple sources, failing whenever any of those source fail to pr...
assert(len-trim+(2 *lenIndices)<=WIDTH)
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
A hasher class for Fabcoin's 256-bit hash (double SHA-256).
#define SECP256K1_CONTEXT_SIGN
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a private key by adding tweak to it.
bool fValid
Whether this private key is valid.
bool Derive(CExtKey &out, unsigned int nChild) const
SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979
An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function.
bool IsValid() const
Check whether this private key is valid.
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
std::vector< unsigned char, secure_allocator< unsigned char > > CPrivKey
secp256k1: const unsigned int PRIVATE_KEY_SIZE = 279; const unsigned int PUBLIC_KEY_SIZE = 65; const ...
#define SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export.
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
CPubKey GetPubKey() const
Compute the public key from a private key.
void ECC_Stop()
Deinitialize the elliptic curve support.
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
An encapsulated public key.
void MakeNewKey(bool fCompressed)
Generate a new private key using a cryptographic PRNG.
Opaque data structured that holds a parsed ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
const unsigned char * begin() const
bool Load(CPrivKey &privkey, CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
bool IsCompressed() const
Check whether this is a compressed public key.
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key...
void * memcpy(void *a, const void *b, size_t c)
const unsigned int BIP32_EXTKEY_SIZE
secp256k1: const unsigned int PRIVATE_KEY_SIZE = 279; const unsigned int PUBLIC_KEY_SIZE = 65; const ...
A reference to a CKey: the Hash160 of its serialized public key.
bool fCompressed
Whether the public key corresponding to this private key is (to be) compressed.
void GetRandBytes(unsigned char *buf, int num)
Functions to gather random data via the OpenSSL PRNG.
void SetMaster(const unsigned char *seed, unsigned int nSeedLen)
std::vector< unsigned char, secure_allocator< unsigned char > > keydata
The actual byte data.
static bool Check(const unsigned char *vch)
Check whether the 32-byte array pointed to by vch is valid keydata.
An encapsulated private key.
bool ECC_InitSanityCheck()
Check that required EC support is available at runtime.
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object.
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, uint32_t test_case=0) const
Create a DER-serialized signature.
const unsigned char * end() const
Opaque data structure that holds a parsed and valid public key.
A hasher class for HMAC-SHA-512.