Bitcoin Core  27.99.0
P2P Digital Currency
pubkey.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2022 The Bitcoin Core developers
2 // Copyright (c) 2017 The Zcash developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <pubkey.h>
7 
8 #include <hash.h>
9 #include <secp256k1.h>
10 #include <secp256k1_ellswift.h>
11 #include <secp256k1_extrakeys.h>
12 #include <secp256k1_recovery.h>
13 #include <secp256k1_schnorrsig.h>
14 #include <span.h>
15 #include <uint256.h>
16 
17 #include <algorithm>
18 #include <cassert>
19 
20 namespace {
21 
22 struct Secp256k1SelfTester
23 {
24  Secp256k1SelfTester() {
25  /* Run libsecp256k1 self-test before using the secp256k1_context_static. */
27  }
28 } SECP256K1_SELFTESTER;
29 
30 } // namespace
31 
42 int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
43  size_t rpos, rlen, spos, slen;
44  size_t pos = 0;
45  size_t lenbyte;
46  unsigned char tmpsig[64] = {0};
47  int overflow = 0;
48 
49  /* Hack to initialize sig with a correctly-parsed but invalid signature. */
51 
52  /* Sequence tag byte */
53  if (pos == inputlen || input[pos] != 0x30) {
54  return 0;
55  }
56  pos++;
57 
58  /* Sequence length bytes */
59  if (pos == inputlen) {
60  return 0;
61  }
62  lenbyte = input[pos++];
63  if (lenbyte & 0x80) {
64  lenbyte -= 0x80;
65  if (lenbyte > inputlen - pos) {
66  return 0;
67  }
68  pos += lenbyte;
69  }
70 
71  /* Integer tag byte for R */
72  if (pos == inputlen || input[pos] != 0x02) {
73  return 0;
74  }
75  pos++;
76 
77  /* Integer length for R */
78  if (pos == inputlen) {
79  return 0;
80  }
81  lenbyte = input[pos++];
82  if (lenbyte & 0x80) {
83  lenbyte -= 0x80;
84  if (lenbyte > inputlen - pos) {
85  return 0;
86  }
87  while (lenbyte > 0 && input[pos] == 0) {
88  pos++;
89  lenbyte--;
90  }
91  static_assert(sizeof(size_t) >= 4, "size_t too small");
92  if (lenbyte >= 4) {
93  return 0;
94  }
95  rlen = 0;
96  while (lenbyte > 0) {
97  rlen = (rlen << 8) + input[pos];
98  pos++;
99  lenbyte--;
100  }
101  } else {
102  rlen = lenbyte;
103  }
104  if (rlen > inputlen - pos) {
105  return 0;
106  }
107  rpos = pos;
108  pos += rlen;
109 
110  /* Integer tag byte for S */
111  if (pos == inputlen || input[pos] != 0x02) {
112  return 0;
113  }
114  pos++;
115 
116  /* Integer length for S */
117  if (pos == inputlen) {
118  return 0;
119  }
120  lenbyte = input[pos++];
121  if (lenbyte & 0x80) {
122  lenbyte -= 0x80;
123  if (lenbyte > inputlen - pos) {
124  return 0;
125  }
126  while (lenbyte > 0 && input[pos] == 0) {
127  pos++;
128  lenbyte--;
129  }
130  static_assert(sizeof(size_t) >= 4, "size_t too small");
131  if (lenbyte >= 4) {
132  return 0;
133  }
134  slen = 0;
135  while (lenbyte > 0) {
136  slen = (slen << 8) + input[pos];
137  pos++;
138  lenbyte--;
139  }
140  } else {
141  slen = lenbyte;
142  }
143  if (slen > inputlen - pos) {
144  return 0;
145  }
146  spos = pos;
147 
148  /* Ignore leading zeroes in R */
149  while (rlen > 0 && input[rpos] == 0) {
150  rlen--;
151  rpos++;
152  }
153  /* Copy R value */
154  if (rlen > 32) {
155  overflow = 1;
156  } else {
157  memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
158  }
159 
160  /* Ignore leading zeroes in S */
161  while (slen > 0 && input[spos] == 0) {
162  slen--;
163  spos++;
164  }
165  /* Copy S value */
166  if (slen > 32) {
167  overflow = 1;
168  } else {
169  memcpy(tmpsig + 64 - slen, input + spos, slen);
170  }
171 
172  if (!overflow) {
174  }
175  if (overflow) {
176  /* Overwrite the result again with a correctly-parsed but invalid
177  signature if parsing failed. */
178  memset(tmpsig, 0, 64);
180  }
181  return 1;
182 }
183 
185 {
186  assert(bytes.size() == 32);
187  std::copy(bytes.begin(), bytes.end(), m_keydata.begin());
188 }
189 
190 std::vector<CKeyID> XOnlyPubKey::GetKeyIDs() const
191 {
192  std::vector<CKeyID> out;
193  // For now, use the old full pubkey-based key derivation logic. As it is indexed by
194  // Hash160(full pubkey), we need to return both a version prefixed with 0x02, and one
195  // with 0x03.
196  unsigned char b[33] = {0x02};
197  std::copy(m_keydata.begin(), m_keydata.end(), b + 1);
198  CPubKey fullpubkey;
199  fullpubkey.Set(b, b + 33);
200  out.push_back(fullpubkey.GetID());
201  b[0] = 0x03;
202  fullpubkey.Set(b, b + 33);
203  out.push_back(fullpubkey.GetID());
204  return out;
205 }
206 
208 {
209  unsigned char full_key[CPubKey::COMPRESSED_SIZE] = {0x02};
210  std::copy(begin(), end(), full_key + 1);
211  return CPubKey{full_key};
212 }
213 
215 {
216  secp256k1_xonly_pubkey pubkey;
218 }
219 
221 {
222  assert(sigbytes.size() == 64);
223  secp256k1_xonly_pubkey pubkey;
225  return secp256k1_schnorrsig_verify(secp256k1_context_static, sigbytes.data(), msg.begin(), 32, &pubkey);
226 }
227 
228 static const HashWriter HASHER_TAPTWEAK{TaggedHash("TapTweak")};
229 
231 {
232  if (merkle_root == nullptr) {
233  // We have no scripts. The actual tweak does not matter, but follow BIP341 here to
234  // allow for reproducible tweaking.
235  return (HashWriter{HASHER_TAPTWEAK} << m_keydata).GetSHA256();
236  } else {
237  return (HashWriter{HASHER_TAPTWEAK} << m_keydata << *merkle_root).GetSHA256();
238  }
239 }
240 
241 bool XOnlyPubKey::CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const
242 {
243  secp256k1_xonly_pubkey internal_key;
244  if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &internal_key, internal.data())) return false;
245  uint256 tweak = internal.ComputeTapTweakHash(&merkle_root);
246  return secp256k1_xonly_pubkey_tweak_add_check(secp256k1_context_static, m_keydata.begin(), parity, &internal_key, tweak.begin());
247 }
248 
249 std::optional<std::pair<XOnlyPubKey, bool>> XOnlyPubKey::CreateTapTweak(const uint256* merkle_root) const
250 {
251  secp256k1_xonly_pubkey base_point;
252  if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &base_point, data())) return std::nullopt;
254  uint256 tweak = ComputeTapTweakHash(merkle_root);
255  if (!secp256k1_xonly_pubkey_tweak_add(secp256k1_context_static, &out, &base_point, tweak.data())) return std::nullopt;
256  int parity = -1;
257  std::pair<XOnlyPubKey, bool> ret;
258  secp256k1_xonly_pubkey out_xonly;
259  if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_static, &out_xonly, &parity, &out)) return std::nullopt;
261  assert(parity == 0 || parity == 1);
262  ret.second = parity;
263  return ret;
264 }
265 
266 
267 bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
268  if (!IsValid())
269  return false;
270  secp256k1_pubkey pubkey;
273  return false;
274  }
275  if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
276  return false;
277  }
278  /* libsecp256k1's ECDSA verification requires lower-S signatures, which have
279  * not historically been enforced in Bitcoin, so normalize them first. */
281  return secp256k1_ecdsa_verify(secp256k1_context_static, &sig, hash.begin(), &pubkey);
282 }
283 
284 bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
285  if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
286  return false;
287  int recid = (vchSig[0] - 27) & 3;
288  bool fComp = ((vchSig[0] - 27) & 4) != 0;
289  secp256k1_pubkey pubkey;
292  return false;
293  }
294  if (!secp256k1_ecdsa_recover(secp256k1_context_static, &pubkey, &sig, hash.begin())) {
295  return false;
296  }
297  unsigned char pub[SIZE];
298  size_t publen = SIZE;
300  Set(pub, pub + publen);
301  return true;
302 }
303 
304 bool CPubKey::IsFullyValid() const {
305  if (!IsValid())
306  return false;
307  secp256k1_pubkey pubkey;
309 }
310 
312  if (!IsValid())
313  return false;
314  secp256k1_pubkey pubkey;
316  return false;
317  }
318  unsigned char pub[SIZE];
319  size_t publen = SIZE;
321  Set(pub, pub + publen);
322  return true;
323 }
324 
325 bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
326  assert(IsValid());
327  assert((nChild >> 31) == 0);
329  unsigned char out[64];
330  BIP32Hash(cc, nChild, *begin(), begin()+1, out);
331  memcpy(ccChild.begin(), out+32, 32);
332  secp256k1_pubkey pubkey;
334  return false;
335  }
337  return false;
338  }
339  unsigned char pub[COMPRESSED_SIZE];
340  size_t publen = COMPRESSED_SIZE;
342  pubkeyChild.Set(pub, pub + publen);
343  return true;
344 }
345 
347 {
348  assert(ellswift.size() == SIZE);
349  std::copy(ellswift.begin(), ellswift.end(), m_pubkey.begin());
350 }
351 
353 {
354  secp256k1_pubkey pubkey;
356 
357  size_t sz = CPubKey::COMPRESSED_SIZE;
358  std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
359 
361  assert(sz == vch_bytes.size());
362 
363  return CPubKey{vch_bytes.begin(), vch_bytes.end()};
364 }
365 
366 void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
367  code[0] = nDepth;
368  memcpy(code+1, vchFingerprint, 4);
369  WriteBE32(code+5, nChild);
370  memcpy(code+9, chaincode.begin(), 32);
372  memcpy(code+41, pubkey.begin(), CPubKey::COMPRESSED_SIZE);
373 }
374 
375 void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {
376  nDepth = code[0];
377  memcpy(vchFingerprint, code+1, 4);
378  nChild = ReadBE32(code+5);
379  memcpy(chaincode.begin(), code+9, 32);
380  pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);
381  if ((nDepth == 0 && (nChild != 0 || ReadLE32(vchFingerprint) != 0)) || !pubkey.IsFullyValid()) pubkey = CPubKey();
382 }
383 
385 {
386  memcpy(code, version, 4);
387  Encode(&code[4]);
388 }
389 
391 {
392  memcpy(version, code, 4);
393  Decode(&code[4]);
394 }
395 
396 bool CExtPubKey::Derive(CExtPubKey &out, unsigned int _nChild) const {
397  if (nDepth == std::numeric_limits<unsigned char>::max()) return false;
398  out.nDepth = nDepth + 1;
399  CKeyID id = pubkey.GetID();
400  memcpy(out.vchFingerprint, &id, 4);
401  out.nChild = _nChild;
402  return pubkey.Derive(out.pubkey, out.chaincode, _nChild, chaincode);
403 }
404 
405 /* static */ bool CPubKey::CheckLowS(const std::vector<unsigned char>& vchSig) {
407  if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
408  return false;
409  }
411 }
int ret
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
An encapsulated public key.
Definition: pubkey.h:34
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:284
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:405
bool IsValid() const
Definition: pubkey.h:189
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:311
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:267
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:304
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
const unsigned char * begin() const
Definition: pubkey.h:114
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
Definition: pubkey.h:49
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:325
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:42
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101
constexpr std::size_t size() const noexcept
Definition: span.h:187
constexpr C * data() const noexcept
Definition: span.h:174
constexpr C * end() const noexcept
Definition: span.h:176
constexpr C * begin() const noexcept
Definition: span.h:175
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:249
const unsigned char * begin() const
Definition: pubkey.h:290
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
Definition: pubkey.cpp:241
CPubKey GetEvenCorrespondingCPubKey() const
Definition: pubkey.cpp:207
uint256 m_keydata
Definition: pubkey.h:233
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:214
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:220
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
Definition: pubkey.cpp:190
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:230
XOnlyPubKey()=default
Construct an empty x-only pubkey.
const unsigned char * data() const
Definition: pubkey.h:289
const unsigned char * end() const
Definition: pubkey.h:291
constexpr unsigned char * end()
Definition: uint256.h:69
constexpr const unsigned char * data() const
Definition: uint256.h:65
constexpr unsigned char * begin()
Definition: uint256.h:68
256-bit opaque blob.
Definition: uint256.h:106
static uint32_t ReadLE32(const unsigned char *ptr)
Definition: common.h:20
static void WriteBE32(unsigned char *ptr, uint32_t x)
Definition: common.h:73
static uint32_t ReadBE32(const unsigned char *ptr)
Definition: common.h:59
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
Definition: hash.cpp:71
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
Definition: hash.cpp:85
static const HashWriter HASHER_TAPTWEAK
Definition: pubkey.cpp:228
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
Definition: pubkey.cpp:42
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:379
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:290
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:272
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
Definition: secp256k1.c:85
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:215
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:444
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:425
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:686
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:216
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:236
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
Definition: main_impl.h:489
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an xonly_pubkey object into a 32-byte sequence.
Definition: main_impl.h:44
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_...
Definition: main_impl.h:135
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
Definition: main_impl.h:99
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Tweak an x-only public key by adding the generator multiplied with tweak32 to it.
Definition: main_impl.h:118
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a 32-byte sequence into a xonly_pubkey object.
Definition: main_impl.h:22
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
Definition: main_impl.h:219
unsigned char * UCharCast(char *c)
Definition: span.h:288
unsigned char version[4]
Definition: pubkey.h:338
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
Definition: pubkey.cpp:366
ChainCode chaincode
Definition: pubkey.h:342
bool Derive(CExtPubKey &out, unsigned int nChild) const
Definition: pubkey.cpp:396
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:390
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
Definition: pubkey.cpp:384
unsigned char vchFingerprint[4]
Definition: pubkey.h:340
unsigned char nDepth
Definition: pubkey.h:339
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
Definition: pubkey.cpp:375
CPubKey pubkey
Definition: pubkey.h:343
unsigned int nChild
Definition: pubkey.h:341
std::array< std::byte, SIZE > m_pubkey
Definition: pubkey.h:308
CPubKey Decode() const
Decode to normal compressed CPubKey (for debugging purposes).
Definition: pubkey.cpp:352
EllSwiftPubKey() noexcept=default
Default constructor creates all-zero pubkey (which is valid).
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
unsigned char data[64]
Definition: secp256k1.h:88
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
Opaque data structure that holds a parsed and valid "x-only" public key.
assert(!tx.IsCoinBase())