thehub/libs/utils/primitives/PrivateKey.h

/*
 * This file is part of the Flowee project
 * Copyright (C) 2009-2010 Satoshi Nakamoto
 * Copyright (C) 2009-2015 The Bitcoin Core developers
 * Copyright (C) 2022-2024 Tom Zander <tom@flowee.org>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#ifndef FLOWEE_PRIVATEKEY_H
#define FLOWEE_PRIVATEKEY_H

#include "primitives/PublicKey.h"
#include "support/allocators/secure.h"
#include "uint256.h"

#include <vector>


/** 
 * secp256k1:
 * const unsigned int PRIVATE_KEY_SIZE = 279;
 * const unsigned int PUBLIC_KEY_SIZE  = 65;
 * const unsigned int SIGNATURE_SIZE   = 72;
 *
 * see www.keylength.com
 * script supports up to 75 for single byte push
 */

/**
 * secure_allocator is defined in allocators.h
 * CPrivKey is a serialized private key, with all parameters included (279 bytes)
 */
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;

/** An encapsulated private key. */
class PrivateKey
{
private:
    //! Whether this private key is valid. We check for correctness when modifying the key
    //! data, so fValid should always correspond to the actual state.
    bool fValid;

    //! Whether the public key corresponding to this private key is (to be) compressed.
    bool fCompressed;

    //! The actual byte data
    std::vector<uint8_t, secure_allocator<uint8_t>> keydata;

    //! Check whether the 32-byte array pointed to be vch is valid keydata.
    bool static check(const uint8_t *vch);

public:
    //! Construct an invalid private key.
    PrivateKey() : fValid(false), fCompressed(false)
    {
        keydata.resize(32);
    }

    PrivateKey(const PrivateKey &other) = default;

    /// Create a privatekey object from wif-encoded (base58) private key.
    static PrivateKey fromBase58(const std::string &wif);

    friend bool operator==(const PrivateKey& a, const PrivateKey& b)
    {
        return a.fCompressed == b.fCompressed && a.size() == b.size() &&
               memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
    }

    //! Initialize using begin and end iterators to byte data.
    template <typename T>
    void set(const T pbegin, const T pend, bool compressed = true)
    {
        assert(keydata.size() == 32);
        if (pend - pbegin != 32) {
            fValid = false;
        }
        else if (check(&pbegin[0])) {
            memcpy(keydata.data(), (unsigned char*)&pbegin[0], 32);
            fValid = true;
            fCompressed = compressed;
        } else {
            fValid = false;
        }
        if (!fValid) // Be internally consistent, remove the old data
            std::memset(keydata.data(), 0, 32);
    }

    inline void set(const Streaming::ConstBuffer &data) {
        set(reinterpret_cast<const uint8_t*>(data.begin()),
            reinterpret_cast<const uint8_t*>(data.end()), true);
    }

    //! Simple read-only vector-like interface.
    unsigned int size() const { return (fValid ? 32 : 0); }
    const unsigned char* begin() const { return keydata.data(); }
    const unsigned char* end() const { return keydata.data() + size(); }

    //! Check whether this private key is valid.
    bool isValid() const { return fValid; }

    //! Check whether the public key corresponding to this private key is (to be) compressed.
    bool isCompressed() const { return fCompressed; }

    //! Initialize from a CPrivKey (serialized OpenSSL private key data).
    bool setPrivKey(const CPrivKey& vchPrivKey, bool fCompressed);

    //! Generate a new private key using a cryptographic PRNG.
    void makeNewKey(bool fCompressed = true);

    /**
     * Convert the private key to a CPrivKey (serialized OpenSSL private key data).
     * This is expensive.
     */
    CPrivKey getPrivKey() const;

    /**
     * Compute the public key from a private key.
     * This is expensive.
     */
    PublicKey getPubKey() const;

    /**
     * Create a DER-serialized signature.
     * The test_case parameter tweaks the deterministic nonce.
     */
    bool signECDSA(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;

    /**
     * Create a Schnorr signature.
     * The test_case parameter tweaks the deterministic nonce.
     */
    bool signSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig, uint32_t test_case = 0) const;

    /**
     * Create a compact signature (65 bytes), which allows reconstructing the used public key.
     * The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
     * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
     *                  0x1D = second key with even y, 0x1E = second key with odd y,
     *                  add 0x04 for compressed keys.
     */
    bool signCompact(const uint256& hash, std::vector<unsigned char>& vchSig) const;

    //! Derive BIP32 child key.
    bool derive(PrivateKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;

    /**
     * Verify thoroughly whether a private key and a public key match.
     * This is done using a different mechanism than just regenerating it.
     */
    bool verifyPubKey(const PublicKey& vchPubKey) const;

    //! Load private key and check that public key matches.
    bool load(CPrivKey& privkey, PublicKey& vchPubKey, bool fSkipCheck);

    //! Check whether an element of a signature (r or s) is valid.
    static bool checkSignatureElement(const unsigned char* vch, int len, bool half);

    PrivateKey &operator=(const PrivateKey &other);
};

/** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */
void ECC_Start(void);

/** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */
void ECC_Stop(void);

/** Check that required EC support is available at runtime. */
bool ECC_InitSanityCheck(void);

#endif