/* * This file is part of the Flowee project * Copyright (C) 2009-2010 Satoshi Nakamoto * Copyright (C) 2009-2015 The Bitcoin Core developers * Copyright (C) 2022-2024 Tom Zander * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef FLOWEE_PRIVATEKEY_H #define FLOWEE_PRIVATEKEY_H #include "primitives/PublicKey.h" #include "support/allocators/secure.h" #include "uint256.h" #include /** * secp256k1: * const unsigned int PRIVATE_KEY_SIZE = 279; * const unsigned int PUBLIC_KEY_SIZE = 65; * const unsigned int SIGNATURE_SIZE = 72; * * see www.keylength.com * script supports up to 75 for single byte push */ /** * secure_allocator is defined in allocators.h * CPrivKey is a serialized private key, with all parameters included (279 bytes) */ typedef std::vector > CPrivKey; /** An encapsulated private key. */ class PrivateKey { private: //! Whether this private key is valid. We check for correctness when modifying the key //! data, so fValid should always correspond to the actual state. bool fValid; //! Whether the public key corresponding to this private key is (to be) compressed. bool fCompressed; //! The actual byte data std::vector> keydata; //! Check whether the 32-byte array pointed to be vch is valid keydata. bool static check(const uint8_t *vch); public: //! Construct an invalid private key. PrivateKey() : fValid(false), fCompressed(false) { keydata.resize(32); } PrivateKey(const PrivateKey &other) = default; /// Create a privatekey object from wif-encoded (base58) private key. static PrivateKey fromBase58(const std::string &wif); friend bool operator==(const PrivateKey& a, const PrivateKey& b) { return a.fCompressed == b.fCompressed && a.size() == b.size() && memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0; } //! Initialize using begin and end iterators to byte data. template void set(const T pbegin, const T pend, bool compressed = true) { assert(keydata.size() == 32); if (pend - pbegin != 32) { fValid = false; } else if (check(&pbegin[0])) { memcpy(keydata.data(), (unsigned char*)&pbegin[0], 32); fValid = true; fCompressed = compressed; } else { fValid = false; } if (!fValid) // Be internally consistent, remove the old data std::memset(keydata.data(), 0, 32); } inline void set(const Streaming::ConstBuffer &data) { set(reinterpret_cast(data.begin()), reinterpret_cast(data.end()), true); } //! Simple read-only vector-like interface. unsigned int size() const { return (fValid ? 32 : 0); } const unsigned char* begin() const { return keydata.data(); } const unsigned char* end() const { return keydata.data() + size(); } //! Check whether this private key is valid. bool isValid() const { return fValid; } //! Check whether the public key corresponding to this private key is (to be) compressed. bool isCompressed() const { return fCompressed; } //! Initialize from a CPrivKey (serialized OpenSSL private key data). bool setPrivKey(const CPrivKey& vchPrivKey, bool fCompressed); //! Generate a new private key using a cryptographic PRNG. void makeNewKey(bool fCompressed = true); /** * Convert the private key to a CPrivKey (serialized OpenSSL private key data). * This is expensive. */ CPrivKey getPrivKey() const; /** * Compute the public key from a private key. * This is expensive. */ PublicKey getPubKey() const; /** * Create a DER-serialized signature. * The test_case parameter tweaks the deterministic nonce. */ bool signECDSA(const uint256& hash, std::vector& vchSig, uint32_t test_case = 0) const; /** * Create a Schnorr signature. * The test_case parameter tweaks the deterministic nonce. */ bool signSchnorr(const uint256 &hash, std::vector &vchSig, uint32_t test_case = 0) const; /** * Create a compact signature (65 bytes), which allows reconstructing the used public key. * The format is one header byte, followed by two times 32 bytes for the serialized r and s values. * The header byte: 0x1B = first key with even y, 0x1C = first key with odd y, * 0x1D = second key with even y, 0x1E = second key with odd y, * add 0x04 for compressed keys. */ bool signCompact(const uint256& hash, std::vector& vchSig) const; //! Derive BIP32 child key. bool derive(PrivateKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const; /** * Verify thoroughly whether a private key and a public key match. * This is done using a different mechanism than just regenerating it. */ bool verifyPubKey(const PublicKey& vchPubKey) const; //! Load private key and check that public key matches. bool load(CPrivKey& privkey, PublicKey& vchPubKey, bool fSkipCheck); //! Check whether an element of a signature (r or s) is valid. static bool checkSignatureElement(const unsigned char* vch, int len, bool half); PrivateKey &operator=(const PrivateKey &other); }; /** Initialize the elliptic curve support. May not be called twice without calling ECC_Stop first. */ void ECC_Start(void); /** Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called first. */ void ECC_Stop(void); /** Check that required EC support is available at runtime. */ bool ECC_InitSanityCheck(void); #endif