[VerusCoin.git] / src / key.h

// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2011 The Bitcoin developers
// Distributed under the MIT/X11 software license, see the accompanying
// file license.txt or http://www.opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_KEY_H
#define BITCOIN_KEY_H

#include <stdexcept>
#include <vector>

#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/obj_mac.h>

#include "serialize.h"
#include "uint256.h"

// secp160k1
// const unsigned int PRIVATE_KEY_SIZE = 192;
// const unsigned int PUBLIC_KEY_SIZE  = 41;
// const unsigned int SIGNATURE_SIZE   = 48;
//
// secp192k1
// const unsigned int PRIVATE_KEY_SIZE = 222;
// const unsigned int PUBLIC_KEY_SIZE  = 49;
// const unsigned int SIGNATURE_SIZE   = 57;
//
// secp224k1
// const unsigned int PRIVATE_KEY_SIZE = 250;
// const unsigned int PUBLIC_KEY_SIZE  = 57;
// const unsigned int SIGNATURE_SIZE   = 66;
//
// secp256k1:
// const unsigned int PRIVATE_KEY_SIZE = 279;
// const unsigned int PUBLIC_KEY_SIZE  = 65;
// const unsigned int SIGNATURE_SIZE   = 72;
//
// see www.keylength.com
// script supports up to 75 for single byte push

int extern EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key);
int extern ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check);

class key_error : public std::runtime_error
{
public:
    explicit key_error(const std::string& str) : std::runtime_error(str) {}
};


// secure_allocator is defined in serialize.h
// CPrivKey is a serialized private key, with all parameters included (279 bytes)
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
// CSecret is a serialization of just the secret parameter (32 bytes)
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CSecret;

class CKey
{
protected:
    EC_KEY* pkey;
    bool fSet;

public:
    CKey()
    {
        pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
        if (pkey == NULL)
            throw key_error("CKey::CKey() : EC_KEY_new_by_curve_name failed");
        fSet = false;
    }

    CKey(const CKey& b)
    {
        pkey = EC_KEY_dup(b.pkey);
        if (pkey == NULL)
            throw key_error("CKey::CKey(const CKey&) : EC_KEY_dup failed");
        fSet = b.fSet;
    }

    CKey& operator=(const CKey& b)
    {
        if (!EC_KEY_copy(pkey, b.pkey))
            throw key_error("CKey::operator=(const CKey&) : EC_KEY_copy failed");
        fSet = b.fSet;
        return (*this);
    }

    ~CKey()
    {
        EC_KEY_free(pkey);
    }

    bool IsNull() const
    {
        return !fSet;
    }

    void MakeNewKey()
    {
        if (!EC_KEY_generate_key(pkey))
            throw key_error("CKey::MakeNewKey() : EC_KEY_generate_key failed");
        fSet = true;
    }

    bool SetPrivKey(const CPrivKey& vchPrivKey)
    {
        const unsigned char* pbegin = &vchPrivKey[0];
        if (!d2i_ECPrivateKey(&pkey, &pbegin, vchPrivKey.size()))
            return false;
        fSet = true;
        return true;
    }

    bool SetSecret(const CSecret& vchSecret)
    {
        EC_KEY_free(pkey);
        pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
        if (pkey == NULL)
            throw key_error("CKey::SetSecret() : EC_KEY_new_by_curve_name failed");
        if (vchSecret.size() != 32)
            throw key_error("CKey::SetSecret() : secret must be 32 bytes");
        BIGNUM *bn = BN_bin2bn(&vchSecret[0],32,BN_new());
        if (bn == NULL) 
            throw key_error("CKey::SetSecret() : BN_bin2bn failed");
        if (!EC_KEY_regenerate_key(pkey,bn))
            throw key_error("CKey::SetSecret() : EC_KEY_regenerate_key failed");
        BN_clear_free(bn);
        fSet = true;
        return true;
    }

    CSecret GetSecret() const
    {
        CSecret vchRet;
        vchRet.resize(32);
        const BIGNUM *bn = EC_KEY_get0_private_key(pkey);
        int nBytes = BN_num_bytes(bn);
        if (bn == NULL)
            throw key_error("CKey::GetSecret() : EC_KEY_get0_private_key failed");
        int n=BN_bn2bin(bn,&vchRet[32 - nBytes]);
        if (n != nBytes) 
            throw key_error("CKey::GetSecret(): BN_bn2bin failed");
        return vchRet;
    }

    CPrivKey GetPrivKey() const
    {
        unsigned int nSize = i2d_ECPrivateKey(pkey, NULL);
        if (!nSize)
            throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey failed");
        CPrivKey vchPrivKey(nSize, 0);
        unsigned char* pbegin = &vchPrivKey[0];
        if (i2d_ECPrivateKey(pkey, &pbegin) != nSize)
            throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey returned unexpected size");
        return vchPrivKey;
    }

    bool SetPubKey(const std::vector<unsigned char>& vchPubKey)
    {
        const unsigned char* pbegin = &vchPubKey[0];
        if (!o2i_ECPublicKey(&pkey, &pbegin, vchPubKey.size()))
            return false;
        fSet = true;
        return true;
    }

    std::vector<unsigned char> GetPubKey() const
    {
        unsigned int nSize = i2o_ECPublicKey(pkey, NULL);
        if (!nSize)
            throw key_error("CKey::GetPubKey() : i2o_ECPublicKey failed");
        std::vector<unsigned char> vchPubKey(nSize, 0);
        unsigned char* pbegin = &vchPubKey[0];
        if (i2o_ECPublicKey(pkey, &pbegin) != nSize)
            throw key_error("CKey::GetPubKey() : i2o_ECPublicKey returned unexpected size");
        return vchPubKey;
    }

    bool Sign(uint256 hash, std::vector<unsigned char>& vchSig)
    {
        unsigned int nSize = ECDSA_size(pkey);
        vchSig.resize(nSize); // Make sure it is big enough
        if (!ECDSA_sign(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], &nSize, pkey))
        {
            vchSig.clear();
            return false;
        }
        vchSig.resize(nSize); // Shrink to fit actual size
        return true;
    }

    // create a compact signature (65 bytes), which allows reconstructing the used public key
    // The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
    // The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
    //                  0x1D = second key with even y, 0x1E = second key with odd y
    bool SignCompact(uint256 hash, std::vector<unsigned char>& vchSig)
    {
        bool fOk = false;
        ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);
        if (sig==NULL)
            return false;
        vchSig.clear();
        vchSig.resize(65,0);
        int nBitsR = BN_num_bits(sig->r);
        int nBitsS = BN_num_bits(sig->s);
        if (nBitsR <= 256 && nBitsS <= 256)
        {
            int nRecId = -1;
            for (int i=0; i<4; i++)
            {
                CKey keyRec;
                keyRec.fSet = true;
                if (ECDSA_SIG_recover_key_GFp(keyRec.pkey, sig, (unsigned char*)&hash, sizeof(hash), i, 1) == 1)
                    if (keyRec.GetPubKey() == this->GetPubKey())
                    {
                        nRecId = i;
                        break;
                    }
            }

            if (nRecId == -1)
                throw key_error("CKey::SignCompact() : unable to construct recoverable key");

            vchSig[0] = nRecId+27;
            BN_bn2bin(sig->r,&vchSig[33-(nBitsR+7)/8]);
            BN_bn2bin(sig->s,&vchSig[65-(nBitsS+7)/8]);
            fOk = true;
        }
        ECDSA_SIG_free(sig);
        return fOk;
    }

    // reconstruct public key from a compact signature
    // This is only slightly more CPU intensive than just verifying it.
    // If this function succeeds, the recovered public key is guaranteed to be valid
    // (the signature is a valid signature of the given data for that key)
    bool SetCompactSignature(uint256 hash, const std::vector<unsigned char>& vchSig)
    {
        if (vchSig.size() != 65)
            return false;
        if (vchSig[0]<27 || vchSig[0]>=31)
            return false;
        ECDSA_SIG *sig = ECDSA_SIG_new();
        BN_bin2bn(&vchSig[1],32,sig->r);
        BN_bin2bn(&vchSig[33],32,sig->s);

        EC_KEY_free(pkey);
        pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
        if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), vchSig[0] - 27, 0) == 1)
        {
            fSet = true;
            ECDSA_SIG_free(sig);
            return true;
        }
        return false;
    }

    bool Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
    {
        // -1 = error, 0 = bad sig, 1 = good
        if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
            return false;
        return true;
    }

    // Verify a compact signature
    bool VerifyCompact(uint256 hash, const std::vector<unsigned char>& vchSig)
    {
        CKey key;
        if (!key.SetCompactSignature(hash, vchSig))
            return false;
        if (GetPubKey() != key.GetPubKey())
            return false;
        return true;
    }
};

#endif
Commit	Line	Data
8bd66202	1	// Copyright (c) 2009-2010 Satoshi Nakamoto
b2120e22	2	// Copyright (c) 2011 The Bitcoin developers
8bd66202 GA	3	// Distributed under the MIT/X11 software license, see the accompanying
8bd66202 GA	4	// file license.txt or http://www.opensource.org/licenses/mit-license.php.
223b6f1b WL	5	#ifndef BITCOIN_KEY_H
223b6f1b WL	6	#define BITCOIN_KEY_H
8bd66202	7
fcedd45c VN	8	#include <stdexcept>
	9	#include <vector>
	10
223b6f1b WL	11	#include <openssl/ec.h>
	12	#include <openssl/ecdsa.h>
	13	#include <openssl/obj_mac.h>
8bd66202	14
fcedd45c VN	15	#include "serialize.h"
fcedd45c VN	16	#include "uint256.h"
fcedd45c	17
8bd66202 GA	18	// secp160k1
	19	// const unsigned int PRIVATE_KEY_SIZE = 192;
	20	// const unsigned int PUBLIC_KEY_SIZE = 41;
	21	// const unsigned int SIGNATURE_SIZE = 48;
	22	//
	23	// secp192k1
	24	// const unsigned int PRIVATE_KEY_SIZE = 222;
	25	// const unsigned int PUBLIC_KEY_SIZE = 49;
	26	// const unsigned int SIGNATURE_SIZE = 57;
	27	//
	28	// secp224k1
	29	// const unsigned int PRIVATE_KEY_SIZE = 250;
	30	// const unsigned int PUBLIC_KEY_SIZE = 57;
	31	// const unsigned int SIGNATURE_SIZE = 66;
	32	//
	33	// secp256k1:
	34	// const unsigned int PRIVATE_KEY_SIZE = 279;
	35	// const unsigned int PUBLIC_KEY_SIZE = 65;
	36	// const unsigned int SIGNATURE_SIZE = 72;
	37	//
	38	// see www.keylength.com
	39	// script supports up to 75 for single byte push
	40
93db3fce PW	41	int extern EC_KEY_regenerate_key(EC_KEY eckey, BIGNUM priv_key);
93db3fce PW	42	int extern ECDSA_SIG_recover_key_GFp(EC_KEY eckey, ECDSA_SIG ecsig, const unsigned char *msg, int msglen, int recid, int check);
8bd66202 GA	43
	44	class key_error : public std::runtime_error
	45	{
	46	public:
	47	explicit key_error(const std::string& str) : std::runtime_error(str) {}
	48	};
	49
	50
	51	// secure_allocator is defined in serialize.h
d825e6a3	52	// CPrivKey is a serialized private key, with all parameters included (279 bytes)
223b6f1b	53	typedef std::vector<unsigned char, secure_allocator<unsigned char> > CPrivKey;
d825e6a3	54	// CSecret is a serialization of just the secret parameter (32 bytes)
acd65016	55	typedef std::vector<unsigned char, secure_allocator<unsigned char> > CSecret;
8bd66202 GA	56
	57	class CKey
	58	{
	59	protected:
	60	EC_KEY* pkey;
	61	bool fSet;
	62
	63	public:
	64	CKey()
	65	{
	66	pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
	67	if (pkey == NULL)
	68	throw key_error("CKey::CKey() : EC_KEY_new_by_curve_name failed");
	69	fSet = false;
	70	}
	71
	72	CKey(const CKey& b)
	73	{
	74	pkey = EC_KEY_dup(b.pkey);
	75	if (pkey == NULL)
	76	throw key_error("CKey::CKey(const CKey&) : EC_KEY_dup failed");
	77	fSet = b.fSet;
	78	}
	79
	80	CKey& operator=(const CKey& b)
	81	{
	82	if (!EC_KEY_copy(pkey, b.pkey))
	83	throw key_error("CKey::operator=(const CKey&) : EC_KEY_copy failed");
	84	fSet = b.fSet;
	85	return (*this);
	86	}
	87
	88	~CKey()
	89	{
	90	EC_KEY_free(pkey);
	91	}
	92
	93	bool IsNull() const
	94	{
	95	return !fSet;
	96	}
	97
	98	void MakeNewKey()
	99	{
	100	if (!EC_KEY_generate_key(pkey))
	101	throw key_error("CKey::MakeNewKey() : EC_KEY_generate_key failed");
	102	fSet = true;
	103	}
	104
	105	bool SetPrivKey(const CPrivKey& vchPrivKey)
	106	{
	107	const unsigned char* pbegin = &vchPrivKey[0];
	108	if (!d2i_ECPrivateKey(&pkey, &pbegin, vchPrivKey.size()))
	109	return false;
	110	fSet = true;
	111	return true;
	112	}
	113
acd65016 PW	114	bool SetSecret(const CSecret& vchSecret)
	115	{
	116	EC_KEY_free(pkey);
	117	pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
	118	if (pkey == NULL)
	119	throw key_error("CKey::SetSecret() : EC_KEY_new_by_curve_name failed");
	120	if (vchSecret.size() != 32)
	121	throw key_error("CKey::SetSecret() : secret must be 32 bytes");
	122	BIGNUM *bn = BN_bin2bn(&vchSecret[0],32,BN_new());
	123	if (bn == NULL)
	124	throw key_error("CKey::SetSecret() : BN_bin2bn failed");
	125	if (!EC_KEY_regenerate_key(pkey,bn))
	126	throw key_error("CKey::SetSecret() : EC_KEY_regenerate_key failed");
	127	BN_clear_free(bn);
	128	fSet = true;
	129	return true;
	130	}
	131
	132	CSecret GetSecret() const
	133	{
	134	CSecret vchRet;
	135	vchRet.resize(32);
	136	const BIGNUM *bn = EC_KEY_get0_private_key(pkey);
	137	int nBytes = BN_num_bytes(bn);
	138	if (bn == NULL)
	139	throw key_error("CKey::GetSecret() : EC_KEY_get0_private_key failed");
	140	int n=BN_bn2bin(bn,&vchRet[32 - nBytes]);
	141	if (n != nBytes)
	142	throw key_error("CKey::GetSecret(): BN_bn2bin failed");
	143	return vchRet;
	144	}
	145
8bd66202 GA	146	CPrivKey GetPrivKey() const
	147	{
	148	unsigned int nSize = i2d_ECPrivateKey(pkey, NULL);
	149	if (!nSize)
	150	throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey failed");
	151	CPrivKey vchPrivKey(nSize, 0);
	152	unsigned char* pbegin = &vchPrivKey[0];
	153	if (i2d_ECPrivateKey(pkey, &pbegin) != nSize)
	154	throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey returned unexpected size");
	155	return vchPrivKey;
	156	}
	157
223b6f1b	158	bool SetPubKey(const std::vector<unsigned char>& vchPubKey)
8bd66202 GA	159	{
	160	const unsigned char* pbegin = &vchPubKey[0];
	161	if (!o2i_ECPublicKey(&pkey, &pbegin, vchPubKey.size()))
	162	return false;
	163	fSet = true;
	164	return true;
	165	}
	166
223b6f1b	167	std::vector<unsigned char> GetPubKey() const
8bd66202 GA	168	{
	169	unsigned int nSize = i2o_ECPublicKey(pkey, NULL);
	170	if (!nSize)
	171	throw key_error("CKey::GetPubKey() : i2o_ECPublicKey failed");
223b6f1b	172	std::vector<unsigned char> vchPubKey(nSize, 0);
8bd66202 GA	173	unsigned char* pbegin = &vchPubKey[0];
	174	if (i2o_ECPublicKey(pkey, &pbegin) != nSize)
	175	throw key_error("CKey::GetPubKey() : i2o_ECPublicKey returned unexpected size");
	176	return vchPubKey;
	177	}
	178
223b6f1b	179	bool Sign(uint256 hash, std::vector<unsigned char>& vchSig)
8bd66202	180	{
9ef7fa34 GA	181	unsigned int nSize = ECDSA_size(pkey);
	182	vchSig.resize(nSize); // Make sure it is big enough
	183	if (!ECDSA_sign(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], &nSize, pkey))
	184	{
	185	vchSig.clear();
8bd66202	186	return false;
9ef7fa34 GA	187	}
9ef7fa34 GA	188	vchSig.resize(nSize); // Shrink to fit actual size
8bd66202 GA	189	return true;
	190	}
	191
01cc5263	192	// create a compact signature (65 bytes), which allows reconstructing the used public key
d825e6a3 PW	193	// The format is one header byte, followed by two times 32 bytes for the serialized r and s values.
	194	// The header byte: 0x1B = first key with even y, 0x1C = first key with odd y,
	195	// 0x1D = second key with even y, 0x1E = second key with odd y
01cc5263 PW	196	bool SignCompact(uint256 hash, std::vector<unsigned char>& vchSig)
	197	{
	198	bool fOk = false;
	199	ECDSA_SIG sig = ECDSA_do_sign((unsigned char)&hash, sizeof(hash), pkey);
	200	if (sig==NULL)
	201	return false;
	202	vchSig.clear();
	203	vchSig.resize(65,0);
	204	int nBitsR = BN_num_bits(sig->r);
	205	int nBitsS = BN_num_bits(sig->s);
	206	if (nBitsR <= 256 && nBitsS <= 256)
	207	{
	208	int nRecId = -1;
	209	for (int i=0; i<4; i++)
	210	{
	211	CKey keyRec;
	212	keyRec.fSet = true;
	213	if (ECDSA_SIG_recover_key_GFp(keyRec.pkey, sig, (unsigned char*)&hash, sizeof(hash), i, 1) == 1)
	214	if (keyRec.GetPubKey() == this->GetPubKey())
	215	{
	216	nRecId = i;
	217	break;
	218	}
	219	}
	220
	221	if (nRecId == -1)
d825e6a3	222	throw key_error("CKey::SignCompact() : unable to construct recoverable key");
01cc5263 PW	223
	224	vchSig[0] = nRecId+27;
	225	BN_bn2bin(sig->r,&vchSig[33-(nBitsR+7)/8]);
	226	BN_bn2bin(sig->s,&vchSig[65-(nBitsS+7)/8]);
	227	fOk = true;
	228	}
	229	ECDSA_SIG_free(sig);
	230	return fOk;
	231	}
	232
	233	// reconstruct public key from a compact signature
d825e6a3 PW	234	// This is only slightly more CPU intensive than just verifying it.
	235	// If this function succeeds, the recovered public key is guaranteed to be valid
	236	// (the signature is a valid signature of the given data for that key)
01cc5263 PW	237	bool SetCompactSignature(uint256 hash, const std::vector<unsigned char>& vchSig)
	238	{
	239	if (vchSig.size() != 65)
	240	return false;
	241	if (vchSig[0]<27 \|\| vchSig[0]>=31)
	242	return false;
	243	ECDSA_SIG *sig = ECDSA_SIG_new();
	244	BN_bin2bn(&vchSig[1],32,sig->r);
	245	BN_bin2bn(&vchSig[33],32,sig->s);
	246
	247	EC_KEY_free(pkey);
	248	pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
	249	if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), vchSig[0] - 27, 0) == 1)
	250	{
	251	fSet = true;
	252	ECDSA_SIG_free(sig);
	253	return true;
	254	}
	255	return false;
	256	}
	257
223b6f1b	258	bool Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
8bd66202 GA	259	{
	260	// -1 = error, 0 = bad sig, 1 = good
	261	if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
	262	return false;
	263	return true;
	264	}
2ffba736	265
d825e6a3	266	// Verify a compact signature
01cc5263 PW	267	bool VerifyCompact(uint256 hash, const std::vector<unsigned char>& vchSig)
	268	{
	269	CKey key;
	270	if (!key.SetCompactSignature(hash, vchSig))
	271	return false;
	272	if (GetPubKey() != key.GetPubKey())
	273	return false;
	274	return true;
	275	}
8bd66202	276	};
223b6f1b WL	277
223b6f1b WL	278	#endif