22 struct Secp256k1SelfTester
24 Secp256k1SelfTester() {
28 } SECP256K1_SELFTESTER;
43 size_t rpos, rlen, spos, slen;
46 unsigned char tmpsig[64] = {0};
53 if (pos == inputlen || input[pos] != 0x30) {
59 if (pos == inputlen) {
62 lenbyte = input[pos++];
65 if (lenbyte > inputlen - pos) {
72 if (pos == inputlen || input[pos] != 0x02) {
78 if (pos == inputlen) {
81 lenbyte = input[pos++];
84 if (lenbyte > inputlen - pos) {
87 while (lenbyte > 0 && input[pos] == 0) {
91 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
97 rlen = (rlen << 8) + input[pos];
104 if (rlen > inputlen - pos) {
111 if (pos == inputlen || input[pos] != 0x02) {
117 if (pos == inputlen) {
120 lenbyte = input[pos++];
121 if (lenbyte & 0x80) {
123 if (lenbyte > inputlen - pos) {
126 while (lenbyte > 0 && input[pos] == 0) {
130 static_assert(
sizeof(
size_t) >= 4,
"size_t too small");
135 while (lenbyte > 0) {
136 slen = (slen << 8) + input[pos];
143 if (slen > inputlen - pos) {
149 while (rlen > 0 && input[rpos] == 0) {
157 memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
161 while (slen > 0 && input[spos] == 0) {
169 memcpy(tmpsig + 64 - slen, input + spos, slen);
178 memset(tmpsig, 0, 64);
192 std::vector<CKeyID>
out;
196 unsigned char b[33] = {0x02};
199 fullpubkey.
Set(b, b + 33);
202 fullpubkey.
Set(b, b + 33);
210 std::copy(
begin(),
end(), full_key + 1);
232 if (merkle_root ==
nullptr) {
245 uint256 tweak =
internal.ComputeTapTweakHash(&merkle_root);
257 std::pair<XOnlyPubKey, bool>
ret;
261 assert(parity == 0 || parity == 1);
287 int recid = (vchSig[0] - 27) & 3;
288 bool fComp = ((vchSig[0] - 27) & 4) != 0;
297 unsigned char pub[
SIZE];
298 size_t publen =
SIZE;
300 Set(pub, pub + publen);
318 unsigned char pub[
SIZE];
319 size_t publen =
SIZE;
321 Set(pub, pub + publen);
327 assert((nChild >> 31) == 0);
329 unsigned char out[64];
331 memcpy(ccChild.
begin(),
out+32, 32);
342 pubkeyChild.
Set(pub, pub + publen);
348 assert(ellswift.size() == SIZE);
349 std::copy(ellswift.begin(), ellswift.end(), m_pubkey.begin());
358 std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
361 assert(sz == vch_bytes.size());
397 if (
nDepth == std::numeric_limits<unsigned char>::max())
return false;
400 memcpy(
out.vchFingerprint, &
id, 4);
401 out.nChild = _nChild;
A reference to a CKey: the Hash160 of its serialized public key.
An encapsulated public key.
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
static constexpr unsigned int COMPRESSED_SIZE
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
bool Decompress()
Turn this public key into an uncompressed public key.
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
static constexpr unsigned int SIZE
secp256k1:
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
const unsigned char * begin() const
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
A writer stream (for serialization) that computes a 256-bit hash.
constexpr std::size_t size() const noexcept
constexpr C * data() const noexcept
constexpr C * end() const noexcept
constexpr C * begin() const noexcept
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
const unsigned char * begin() const
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
CPubKey GetEvenCorrespondingCPubKey() const
bool IsFullyValid() const
Determine if this pubkey is fully valid.
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
XOnlyPubKey()=default
Construct an empty x-only pubkey.
const unsigned char * data() const
const unsigned char * end() const
constexpr unsigned char * end()
constexpr const unsigned char * data() const
constexpr unsigned char * begin()
static uint32_t ReadLE32(const unsigned char *ptr)
static void WriteBE32(unsigned char *ptr, uint32_t x)
static uint32_t ReadBE32(const unsigned char *ptr)
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
static const HashWriter HASHER_TAPTWEAK
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
const unsigned int BIP32_EXTKEY_SIZE
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
unsigned char * UCharCast(char *c)
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
bool Derive(CExtPubKey &out, unsigned int nChild) const
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
unsigned char vchFingerprint[4]
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
std::array< std::byte, SIZE > m_pubkey
CPubKey Decode() const
Decode to normal compressed CPubKey (for debugging purposes).
EllSwiftPubKey() noexcept=default
Default constructor creates all-zero pubkey (which is valid).
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Opaque data structure that holds a parsed and valid public key.
Opaque data structure that holds a parsed and valid "x-only" public key.