pubkey_8cpp_source.html

// Copyright (c) 2009-2020 The Bitcoin Core developers

// Copyright (c) 2017 The Zcash developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <pubkey.h>


#include <hash.h>

#include <secp256k1.h>

#include <secp256k1_extrakeys.h>

#include <secp256k1_recovery.h>

#include <secp256k1_schnorrsig.h>

#include <span.h>

#include <uint256.h>


#include <algorithm>

#include <cassert>


namespace

{

/* Global secp256k1_context object used for verification. */

secp256k1_context* secp256k1_context_verify = nullptr;

} // namespace


int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {

    size_t rpos, rlen, spos, slen;

    size_t pos = 0;

    size_t lenbyte;

    unsigned char tmpsig[64] = {0};

    int overflow = 0;


    /* Hack to initialize sig with a correctly-parsed but invalid signature. */

    secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);


    /* Sequence tag byte */

    if (pos == inputlen || input[pos] != 0x30) {

        return 0;

    }

    pos++;


    /* Sequence length bytes */

    if (pos == inputlen) {

        return 0;

    }

    lenbyte = input[pos++];

    if (lenbyte & 0x80) {

        lenbyte -= 0x80;

        if (lenbyte > inputlen - pos) {

            return 0;

        }

        pos += lenbyte;

    }


    /* Integer tag byte for R */

    if (pos == inputlen || input[pos] != 0x02) {

        return 0;

    }

    pos++;


    /* Integer length for R */

    if (pos == inputlen) {

        return 0;

    }

    lenbyte = input[pos++];

    if (lenbyte & 0x80) {

        lenbyte -= 0x80;

        if (lenbyte > inputlen - pos) {

            return 0;

        }

        while (lenbyte > 0 && input[pos] == 0) {

            pos++;

            lenbyte--;

        }

        static_assert(sizeof(size_t) >= 4, "size_t too small");

        if (lenbyte >= 4) {

            return 0;

        }

        rlen = 0;

        while (lenbyte > 0) {

            rlen = (rlen << 8) + input[pos];

            pos++;

            lenbyte--;

        }

    } else {

        rlen = lenbyte;

    }

    if (rlen > inputlen - pos) {

        return 0;

    }

    rpos = pos;

    pos += rlen;


    /* Integer tag byte for S */

    if (pos == inputlen || input[pos] != 0x02) {

        return 0;

    }

    pos++;


    /* Integer length for S */

    if (pos == inputlen) {

        return 0;

    }

    lenbyte = input[pos++];

    if (lenbyte & 0x80) {

        lenbyte -= 0x80;

        if (lenbyte > inputlen - pos) {

            return 0;

        }

        while (lenbyte > 0 && input[pos] == 0) {

            pos++;

            lenbyte--;

        }

        static_assert(sizeof(size_t) >= 4, "size_t too small");

        if (lenbyte >= 4) {

            return 0;

        }

        slen = 0;

        while (lenbyte > 0) {

            slen = (slen << 8) + input[pos];

            pos++;

            lenbyte--;

        }

    } else {

        slen = lenbyte;

    }

    if (slen > inputlen - pos) {

        return 0;

    }

    spos = pos;


    /* Ignore leading zeroes in R */

    while (rlen > 0 && input[rpos] == 0) {

        rlen--;

        rpos++;

    }

    /* Copy R value */

    if (rlen > 32) {

        overflow = 1;

    } else {

        memcpy(tmpsig + 32 - rlen, input + rpos, rlen);

    }


    /* Ignore leading zeroes in S */

    while (slen > 0 && input[spos] == 0) {

        slen--;

        spos++;

    }

    /* Copy S value */

    if (slen > 32) {

        overflow = 1;

    } else {

        memcpy(tmpsig + 64 - slen, input + spos, slen);

    }


    if (!overflow) {

        overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);

    }

    if (overflow) {

        /* Overwrite the result again with a correctly-parsed but invalid

           signature if parsing failed. */

        memset(tmpsig, 0, 64);

        secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);

    }

    return 1;

}


XOnlyPubKey::XOnlyPubKey(Span<const unsigned char> bytes)

{

    assert(bytes.size() == 32);

    std::copy(bytes.begin(), bytes.end(), m_keydata.begin());

}


std::vector<CKeyID> XOnlyPubKey::GetKeyIDs() const

{

    std::vector<CKeyID> out;

    // For now, use the old full pubkey-based key derivation logic. As it is indexed by

    // Hash160(full pubkey), we need to return both a version prefixed with 0x02, and one

    // with 0x03.

    unsigned char b[33] = {0x02};

    std::copy(m_keydata.begin(), m_keydata.end(), b + 1);

    CPubKey fullpubkey;

    fullpubkey.Set(b, b + 33);

    out.push_back(fullpubkey.GetID());

    b[0] = 0x03;

    fullpubkey.Set(b, b + 33);

    out.push_back(fullpubkey.GetID());

    return out;

}


bool XOnlyPubKey::IsFullyValid() const

{

    secp256k1_xonly_pubkey pubkey;

    return secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &pubkey, m_keydata.data());

}


bool XOnlyPubKey::VerifySchnorr(const uint256& msg, Span<const unsigned char> sigbytes) const

{

    assert(sigbytes.size() == 64);

    secp256k1_xonly_pubkey pubkey;

    if (!secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &pubkey, m_keydata.data())) return false;

    return secp256k1_schnorrsig_verify(secp256k1_context_verify, sigbytes.data(), msg.begin(), 32, &pubkey);

}


static const CHashWriter HASHER_TAPTWEAK = TaggedHash("TapTweak");


uint256 XOnlyPubKey::ComputeTapTweakHash(const uint256* merkle_root) const

{

    if (merkle_root == nullptr) {

        // We have no scripts. The actual tweak does not matter, but follow BIP341 here to

        // allow for reproducible tweaking.

        return (CHashWriter(HASHER_TAPTWEAK) << m_keydata).GetSHA256();

    } else {

        return (CHashWriter(HASHER_TAPTWEAK) << m_keydata << *merkle_root).GetSHA256();

    }

}


bool XOnlyPubKey::CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const

{

    secp256k1_xonly_pubkey internal_key;

    if (!secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &internal_key, internal.data())) return false;

    uint256 tweak = internal.ComputeTapTweakHash(&merkle_root);

    return secp256k1_xonly_pubkey_tweak_add_check(secp256k1_context_verify, m_keydata.begin(), parity, &internal_key, tweak.begin());

}


std::optional<std::pair<XOnlyPubKey, bool>> XOnlyPubKey::CreateTapTweak(const uint256* merkle_root) const

{

    secp256k1_xonly_pubkey base_point;

    if (!secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &base_point, data())) return std::nullopt;

    secp256k1_pubkey out;

    uint256 tweak = ComputeTapTweakHash(merkle_root);

    if (!secp256k1_xonly_pubkey_tweak_add(secp256k1_context_verify, &out, &base_point, tweak.data())) return std::nullopt;

    int parity = -1;

    std::pair<XOnlyPubKey, bool> ret;

    secp256k1_xonly_pubkey out_xonly;

    if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_verify, &out_xonly, &parity, &out)) return std::nullopt;

    secp256k1_xonly_pubkey_serialize(secp256k1_context_verify, ret.first.begin(), &out_xonly);

    assert(parity == 0 || parity == 1);

    ret.second = parity;

    return ret;

}


bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {

    if (!IsValid())

        return false;

    secp256k1_pubkey pubkey;

    secp256k1_ecdsa_signature sig;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, vch, size())) {

        return false;

    }

    if (!ecdsa_signature_parse_der_lax(secp256k1_context_verify, &sig, vchSig.data(), vchSig.size())) {

        return false;

    }

    /* libsecp256k1's ECDSA verification requires lower-S signatures, which have

     * not historically been enforced in Bitcoin, so normalize them first. */

    secp256k1_ecdsa_signature_normalize(secp256k1_context_verify, &sig, &sig);

    return secp256k1_ecdsa_verify(secp256k1_context_verify, &sig, hash.begin(), &pubkey);

}


bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {

    if (vchSig.size() != COMPACT_SIGNATURE_SIZE)

        return false;

    int recid = (vchSig[0] - 27) & 3;

    bool fComp = ((vchSig[0] - 27) & 4) != 0;

    secp256k1_pubkey pubkey;

    secp256k1_ecdsa_recoverable_signature sig;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    if (!secp256k1_ecdsa_recoverable_signature_parse_compact(secp256k1_context_verify, &sig, &vchSig[1], recid)) {

        return false;

    }

    if (!secp256k1_ecdsa_recover(secp256k1_context_verify, &pubkey, &sig, hash.begin())) {

        return false;

    }

    unsigned char pub[SIZE];

    size_t publen = SIZE;

    secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, fComp ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);

    Set(pub, pub + publen);

    return true;

}


bool CPubKey::IsFullyValid() const {

    if (!IsValid())

        return false;

    secp256k1_pubkey pubkey;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    return secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, vch, size());

}


bool CPubKey::Decompress() {

    if (!IsValid())

        return false;

    secp256k1_pubkey pubkey;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, vch, size())) {

        return false;

    }

    unsigned char pub[SIZE];

    size_t publen = SIZE;

    secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_UNCOMPRESSED);

    Set(pub, pub + publen);

    return true;

}


bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {

    assert(IsValid());

    assert((nChild >> 31) == 0);

    assert(size() == COMPRESSED_SIZE);

    unsigned char out[64];

    BIP32Hash(cc, nChild, *begin(), begin()+1, out);

    memcpy(ccChild.begin(), out+32, 32);

    secp256k1_pubkey pubkey;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, vch, size())) {

        return false;

    }

    if (!secp256k1_ec_pubkey_tweak_add(secp256k1_context_verify, &pubkey, out)) {

        return false;

    }

    unsigned char pub[COMPRESSED_SIZE];

    size_t publen = COMPRESSED_SIZE;

    secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_COMPRESSED);

    pubkeyChild.Set(pub, pub + publen);

    return true;

}


void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {

    code[0] = nDepth;

    memcpy(code+1, vchFingerprint, 4);

    WriteBE32(code+5, nChild);

    memcpy(code+9, chaincode.begin(), 32);

    assert(pubkey.size() == CPubKey::COMPRESSED_SIZE);

    memcpy(code+41, pubkey.begin(), CPubKey::COMPRESSED_SIZE);

}


void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {

    nDepth = code[0];

    memcpy(vchFingerprint, code+1, 4);

    nChild = ReadBE32(code+5);

    memcpy(chaincode.begin(), code+9, 32);

    pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);

    if ((nDepth == 0 && (nChild != 0 || ReadLE32(vchFingerprint) != 0)) || !pubkey.IsFullyValid()) pubkey = CPubKey();

}


bool CExtPubKey::Derive(CExtPubKey &out, unsigned int _nChild) const {

    out.nDepth = nDepth + 1;

    CKeyID id = pubkey.GetID();

    memcpy(out.vchFingerprint, &id, 4);

    out.nChild = _nChild;

    return pubkey.Derive(out.pubkey, out.chaincode, _nChild, chaincode);

}


/* static */ bool CPubKey::CheckLowS(const std::vector<unsigned char>& vchSig) {

    secp256k1_ecdsa_signature sig;

    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");

    if (!ecdsa_signature_parse_der_lax(secp256k1_context_verify, &sig, vchSig.data(), vchSig.size())) {

        return false;

    }

    return (!secp256k1_ecdsa_signature_normalize(secp256k1_context_verify, nullptr, &sig));

}


/* static */ int ECCVerifyHandle::refcount = 0;


ECCVerifyHandle::ECCVerifyHandle()

{

    if (refcount == 0) {

        assert(secp256k1_context_verify == nullptr);

        secp256k1_context_verify = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);

        assert(secp256k1_context_verify != nullptr);

    }

    refcount++;

}


ECCVerifyHandle::~ECCVerifyHandle()

{

    refcount--;

    if (refcount == 0) {

        assert(secp256k1_context_verify != nullptr);

        secp256k1_context_destroy(secp256k1_context_verify);

        secp256k1_context_verify = nullptr;

    }

}


const secp256k1_context* GetVerifyContext() {

    return secp256k1_context_verify;

}

CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101

CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:23

CPubKey
An encapsulated public key.
Definition: pubkey.h:33

CPubKey::RecoverCompact
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:271

CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160

CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:39

CPubKey::CheckLowS
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:363

CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:185

CPubKey::Decompress
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:300

CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:253

CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:38

CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:292

CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:111

CPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:113

CPubKey::vch
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
Definition: pubkey.h:48

CPubKey::Derive
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:315

CPubKey::COMPACT_SIGNATURE_SIZE
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:41

CPubKey::Set
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:88

ECCVerifyHandle::ECCVerifyHandle
ECCVerifyHandle()
Definition: pubkey.cpp:374

ECCVerifyHandle::~ECCVerifyHandle
~ECCVerifyHandle()
Definition: pubkey.cpp:384

ECCVerifyHandle::refcount
static int refcount
Definition: pubkey.h:317

Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:93

Span::size
constexpr std::size_t size() const noexcept
Definition: span.h:182

Span::data
constexpr C * data() const noexcept
Definition: span.h:169

Span::begin
constexpr C * begin() const noexcept
Definition: span.h:170

Span::end
constexpr C * end() const noexcept
Definition: span.h:171

XOnlyPubKey
Definition: pubkey.h:221

XOnlyPubKey::CreateTapTweak
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:235

XOnlyPubKey::CheckTapTweak
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
Definition: pubkey.cpp:227

XOnlyPubKey::data
const unsigned char * data() const
Definition: pubkey.h:276

XOnlyPubKey::m_keydata
uint256 m_keydata
Definition: pubkey.h:223

XOnlyPubKey::IsFullyValid
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:200

XOnlyPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:206

XOnlyPubKey::GetKeyIDs
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
Definition: pubkey.cpp:183

XOnlyPubKey::ComputeTapTweakHash
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:216

XOnlyPubKey::XOnlyPubKey
XOnlyPubKey()=default
Construct an empty x-only pubkey.

base_blob::data
const unsigned char * data() const
Definition: uint256.h:55

base_blob::end
unsigned char * end()
Definition: uint256.h:63

base_blob::begin
unsigned char * begin()
Definition: uint256.h:58

uint256
256-bit opaque blob.
Definition: uint256.h:124

ReadLE32
static uint32_t ReadLE32(const unsigned char *ptr)
Definition: common.h:24

WriteBE32
static void WriteBE32(unsigned char *ptr, uint32_t x)
Definition: common.h:77

ReadBE32
static uint32_t ReadBE32(const unsigned char *ptr)
Definition: common.h:63

BIP32Hash
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
Definition: hash.cpp:75

TaggedHash
CHashWriter TaggedHash(const std::string &tag)
Return a CHashWriter primed for tagged hashes (as specified in BIP 340).
Definition: hash.cpp:89

HASHER_TAPTWEAK
static const CHashWriter HASHER_TAPTWEAK
Definition: pubkey.cpp:214

GetVerifyContext
const secp256k1_context * GetVerifyContext()
Access to the internal secp256k1 context used for verification.
Definition: pubkey.cpp:394

ecdsa_signature_parse_der_lax
int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
Definition: pubkey.cpp:35

pubkey.h

BIP32_EXTKEY_SIZE
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19

hash.h

secp256k1.h

secp256k1_ecdsa_signature_parse_compact
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:391

secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:302

secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:158

secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:284

SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:190

secp256k1_ecdsa_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:456

secp256k1_ecdsa_signature_normalize
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:437

secp256k1_ec_pubkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:695

SECP256K1_EC_UNCOMPRESSED
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:191

SECP256K1_CONTEXT_VERIFY
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:184

secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:202

secp256k1_extrakeys.h

secp256k1_xonly_pubkey_serialize
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an xonly_pubkey object into a 32-byte sequence.
Definition: main_impl.h:43

secp256k1_xonly_pubkey_tweak_add_check
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_...
Definition: main_impl.h:135

secp256k1_xonly_pubkey_from_pubkey
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
Definition: main_impl.h:98

secp256k1_xonly_pubkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Tweak an x-only public key by adding the generator multiplied with tweak32 to it.
Definition: main_impl.h:117

secp256k1_xonly_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a 32-byte sequence into a xonly_pubkey object.
Definition: main_impl.h:21

secp256k1_recovery.h

secp256k1_ecdsa_recoverable_signature_parse_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38

secp256k1_ecdsa_recover
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137

secp256k1_schnorrsig.h

secp256k1_schnorrsig_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
Definition: main_impl.h:207

span.h

CExtPubKey
Definition: pubkey.h:287

CExtPubKey::Encode
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
Definition: pubkey.cpp:337

CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:291

CExtPubKey::Derive
bool Derive(CExtPubKey &out, unsigned int nChild) const
Definition: pubkey.cpp:355

CExtPubKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: pubkey.h:289

CExtPubKey::nDepth
unsigned char nDepth
Definition: pubkey.h:288

CExtPubKey::Decode
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
Definition: pubkey.cpp:346

CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:292

CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:290

secp256k1_context_struct
Definition: secp256k1.c:75

secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24

secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83

secp256k1_ecdsa_signature::data
unsigned char data[64]
Definition: secp256k1.h:84

secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70

secp256k1_xonly_pubkey
Opaque data structure that holds a parsed and valid "x-only" public key.
Definition: secp256k1_extrakeys.h:22

ctx
static secp256k1_context * ctx
Definition: tests.c:42

uint256.h

assert
assert(!tx.IsCoinBase())