Bitcoin Core  24.99.0
P2P Digital Currency
pubkey.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2022 The Bitcoin Core developers
2 // Copyright (c) 2017 The Zcash developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <pubkey.h>
7 
8 #include <hash.h>
9 #include <secp256k1.h>
10 #include <secp256k1_extrakeys.h>
11 #include <secp256k1_recovery.h>
12 #include <secp256k1_schnorrsig.h>
13 #include <span.h>
14 #include <uint256.h>
15 
16 #include <algorithm>
17 #include <cassert>
18 
19 namespace {
20 
21 struct Secp256k1SelfTester
22 {
23  Secp256k1SelfTester() {
24  /* Run libsecp256k1 self-test before using the secp256k1_context_static. */
26  }
27 } SECP256K1_SELFTESTER;
28 
29 } // namespace
30 
41 int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
42  size_t rpos, rlen, spos, slen;
43  size_t pos = 0;
44  size_t lenbyte;
45  unsigned char tmpsig[64] = {0};
46  int overflow = 0;
47 
48  /* Hack to initialize sig with a correctly-parsed but invalid signature. */
50 
51  /* Sequence tag byte */
52  if (pos == inputlen || input[pos] != 0x30) {
53  return 0;
54  }
55  pos++;
56 
57  /* Sequence length bytes */
58  if (pos == inputlen) {
59  return 0;
60  }
61  lenbyte = input[pos++];
62  if (lenbyte & 0x80) {
63  lenbyte -= 0x80;
64  if (lenbyte > inputlen - pos) {
65  return 0;
66  }
67  pos += lenbyte;
68  }
69 
70  /* Integer tag byte for R */
71  if (pos == inputlen || input[pos] != 0x02) {
72  return 0;
73  }
74  pos++;
75 
76  /* Integer length for R */
77  if (pos == inputlen) {
78  return 0;
79  }
80  lenbyte = input[pos++];
81  if (lenbyte & 0x80) {
82  lenbyte -= 0x80;
83  if (lenbyte > inputlen - pos) {
84  return 0;
85  }
86  while (lenbyte > 0 && input[pos] == 0) {
87  pos++;
88  lenbyte--;
89  }
90  static_assert(sizeof(size_t) >= 4, "size_t too small");
91  if (lenbyte >= 4) {
92  return 0;
93  }
94  rlen = 0;
95  while (lenbyte > 0) {
96  rlen = (rlen << 8) + input[pos];
97  pos++;
98  lenbyte--;
99  }
100  } else {
101  rlen = lenbyte;
102  }
103  if (rlen > inputlen - pos) {
104  return 0;
105  }
106  rpos = pos;
107  pos += rlen;
108 
109  /* Integer tag byte for S */
110  if (pos == inputlen || input[pos] != 0x02) {
111  return 0;
112  }
113  pos++;
114 
115  /* Integer length for S */
116  if (pos == inputlen) {
117  return 0;
118  }
119  lenbyte = input[pos++];
120  if (lenbyte & 0x80) {
121  lenbyte -= 0x80;
122  if (lenbyte > inputlen - pos) {
123  return 0;
124  }
125  while (lenbyte > 0 && input[pos] == 0) {
126  pos++;
127  lenbyte--;
128  }
129  static_assert(sizeof(size_t) >= 4, "size_t too small");
130  if (lenbyte >= 4) {
131  return 0;
132  }
133  slen = 0;
134  while (lenbyte > 0) {
135  slen = (slen << 8) + input[pos];
136  pos++;
137  lenbyte--;
138  }
139  } else {
140  slen = lenbyte;
141  }
142  if (slen > inputlen - pos) {
143  return 0;
144  }
145  spos = pos;
146 
147  /* Ignore leading zeroes in R */
148  while (rlen > 0 && input[rpos] == 0) {
149  rlen--;
150  rpos++;
151  }
152  /* Copy R value */
153  if (rlen > 32) {
154  overflow = 1;
155  } else {
156  memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
157  }
158 
159  /* Ignore leading zeroes in S */
160  while (slen > 0 && input[spos] == 0) {
161  slen--;
162  spos++;
163  }
164  /* Copy S value */
165  if (slen > 32) {
166  overflow = 1;
167  } else {
168  memcpy(tmpsig + 64 - slen, input + spos, slen);
169  }
170 
171  if (!overflow) {
173  }
174  if (overflow) {
175  /* Overwrite the result again with a correctly-parsed but invalid
176  signature if parsing failed. */
177  memset(tmpsig, 0, 64);
179  }
180  return 1;
181 }
182 
184 {
185  assert(bytes.size() == 32);
186  std::copy(bytes.begin(), bytes.end(), m_keydata.begin());
187 }
188 
189 std::vector<CKeyID> XOnlyPubKey::GetKeyIDs() const
190 {
191  std::vector<CKeyID> out;
192  // For now, use the old full pubkey-based key derivation logic. As it is indexed by
193  // Hash160(full pubkey), we need to return both a version prefixed with 0x02, and one
194  // with 0x03.
195  unsigned char b[33] = {0x02};
196  std::copy(m_keydata.begin(), m_keydata.end(), b + 1);
197  CPubKey fullpubkey;
198  fullpubkey.Set(b, b + 33);
199  out.push_back(fullpubkey.GetID());
200  b[0] = 0x03;
201  fullpubkey.Set(b, b + 33);
202  out.push_back(fullpubkey.GetID());
203  return out;
204 }
205 
207 {
208  secp256k1_xonly_pubkey pubkey;
210 }
211 
213 {
214  assert(sigbytes.size() == 64);
215  secp256k1_xonly_pubkey pubkey;
217  return secp256k1_schnorrsig_verify(secp256k1_context_static, sigbytes.data(), msg.begin(), 32, &pubkey);
218 }
219 
220 static const HashWriter HASHER_TAPTWEAK{TaggedHash("TapTweak")};
221 
223 {
224  if (merkle_root == nullptr) {
225  // We have no scripts. The actual tweak does not matter, but follow BIP341 here to
226  // allow for reproducible tweaking.
227  return (HashWriter{HASHER_TAPTWEAK} << m_keydata).GetSHA256();
228  } else {
229  return (HashWriter{HASHER_TAPTWEAK} << m_keydata << *merkle_root).GetSHA256();
230  }
231 }
232 
233 bool XOnlyPubKey::CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const
234 {
235  secp256k1_xonly_pubkey internal_key;
236  if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &internal_key, internal.data())) return false;
237  uint256 tweak = internal.ComputeTapTweakHash(&merkle_root);
238  return secp256k1_xonly_pubkey_tweak_add_check(secp256k1_context_static, m_keydata.begin(), parity, &internal_key, tweak.begin());
239 }
240 
241 std::optional<std::pair<XOnlyPubKey, bool>> XOnlyPubKey::CreateTapTweak(const uint256* merkle_root) const
242 {
243  secp256k1_xonly_pubkey base_point;
244  if (!secp256k1_xonly_pubkey_parse(secp256k1_context_static, &base_point, data())) return std::nullopt;
245  secp256k1_pubkey out;
246  uint256 tweak = ComputeTapTweakHash(merkle_root);
247  if (!secp256k1_xonly_pubkey_tweak_add(secp256k1_context_static, &out, &base_point, tweak.data())) return std::nullopt;
248  int parity = -1;
249  std::pair<XOnlyPubKey, bool> ret;
250  secp256k1_xonly_pubkey out_xonly;
251  if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_static, &out_xonly, &parity, &out)) return std::nullopt;
253  assert(parity == 0 || parity == 1);
254  ret.second = parity;
255  return ret;
256 }
257 
258 
259 bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
260  if (!IsValid())
261  return false;
262  secp256k1_pubkey pubkey;
265  return false;
266  }
267  if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
268  return false;
269  }
270  /* libsecp256k1's ECDSA verification requires lower-S signatures, which have
271  * not historically been enforced in Bitcoin, so normalize them first. */
273  return secp256k1_ecdsa_verify(secp256k1_context_static, &sig, hash.begin(), &pubkey);
274 }
275 
276 bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
277  if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
278  return false;
279  int recid = (vchSig[0] - 27) & 3;
280  bool fComp = ((vchSig[0] - 27) & 4) != 0;
281  secp256k1_pubkey pubkey;
284  return false;
285  }
286  if (!secp256k1_ecdsa_recover(secp256k1_context_static, &pubkey, &sig, hash.begin())) {
287  return false;
288  }
289  unsigned char pub[SIZE];
290  size_t publen = SIZE;
292  Set(pub, pub + publen);
293  return true;
294 }
295 
296 bool CPubKey::IsFullyValid() const {
297  if (!IsValid())
298  return false;
299  secp256k1_pubkey pubkey;
301 }
302 
304  if (!IsValid())
305  return false;
306  secp256k1_pubkey pubkey;
308  return false;
309  }
310  unsigned char pub[SIZE];
311  size_t publen = SIZE;
313  Set(pub, pub + publen);
314  return true;
315 }
316 
317 bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
318  assert(IsValid());
319  assert((nChild >> 31) == 0);
321  unsigned char out[64];
322  BIP32Hash(cc, nChild, *begin(), begin()+1, out);
323  memcpy(ccChild.begin(), out+32, 32);
324  secp256k1_pubkey pubkey;
326  return false;
327  }
329  return false;
330  }
331  unsigned char pub[COMPRESSED_SIZE];
332  size_t publen = COMPRESSED_SIZE;
334  pubkeyChild.Set(pub, pub + publen);
335  return true;
336 }
337 
338 void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
339  code[0] = nDepth;
340  memcpy(code+1, vchFingerprint, 4);
341  WriteBE32(code+5, nChild);
342  memcpy(code+9, chaincode.begin(), 32);
344  memcpy(code+41, pubkey.begin(), CPubKey::COMPRESSED_SIZE);
345 }
346 
347 void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {
348  nDepth = code[0];
349  memcpy(vchFingerprint, code+1, 4);
350  nChild = ReadBE32(code+5);
351  memcpy(chaincode.begin(), code+9, 32);
352  pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);
353  if ((nDepth == 0 && (nChild != 0 || ReadLE32(vchFingerprint) != 0)) || !pubkey.IsFullyValid()) pubkey = CPubKey();
354 }
355 
357 {
358  memcpy(code, version, 4);
359  Encode(&code[4]);
360 }
361 
363 {
364  memcpy(version, code, 4);
365  Decode(&code[4]);
366 }
367 
368 bool CExtPubKey::Derive(CExtPubKey &out, unsigned int _nChild) const {
369  if (nDepth == std::numeric_limits<unsigned char>::max()) return false;
370  out.nDepth = nDepth + 1;
371  CKeyID id = pubkey.GetID();
372  memcpy(out.vchFingerprint, &id, 4);
373  out.nChild = _nChild;
374  return pubkey.Derive(out.pubkey, out.chaincode, _nChild, chaincode);
375 }
376 
377 /* static */ bool CPubKey::CheckLowS(const std::vector<unsigned char>& vchSig) {
379  if (!ecdsa_signature_parse_der_lax(&sig, vchSig.data(), vchSig.size())) {
380  return false;
381  }
383 }
int ret
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
An encapsulated public key.
Definition: pubkey.h:34
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:276
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:377
bool IsValid() const
Definition: pubkey.h:189
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:303
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:259
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:296
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
const unsigned char * begin() const
Definition: pubkey.h:114
unsigned char vch[SIZE]
see www.keylength.com script supports up to 75 for single byte push
Definition: pubkey.h:49
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:317
static constexpr unsigned int COMPACT_SIGNATURE_SIZE
Definition: pubkey.h:42
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:102
constexpr std::size_t size() const noexcept
Definition: span.h:186
constexpr C * data() const noexcept
Definition: span.h:173
constexpr C * end() const noexcept
Definition: span.h:175
constexpr C * begin() const noexcept
Definition: span.h:174
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:241
bool CheckTapTweak(const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
Verify that this is a Taproot tweaked output point, against a specified internal key,...
Definition: pubkey.cpp:233
uint256 m_keydata
Definition: pubkey.h:227
bool IsFullyValid() const
Determine if this pubkey is fully valid.
Definition: pubkey.cpp:206
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:212
std::vector< CKeyID > GetKeyIDs() const
Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.
Definition: pubkey.cpp:189
uint256 ComputeTapTweakHash(const uint256 *merkle_root) const
Compute the Taproot tweak as specified in BIP341, with *this as internal key:
Definition: pubkey.cpp:222
XOnlyPubKey()=default
Construct an empty x-only pubkey.
const unsigned char * data() const
Definition: pubkey.h:280
const unsigned char * data() const
Definition: uint256.h:58
unsigned char * end()
Definition: uint256.h:66
unsigned char * begin()
Definition: uint256.h:61
256-bit opaque blob.
Definition: uint256.h:119
static uint32_t ReadLE32(const unsigned char *ptr)
Definition: common.h:24
static void WriteBE32(unsigned char *ptr, uint32_t x)
Definition: common.h:77
static uint32_t ReadBE32(const unsigned char *ptr)
Definition: common.h:63
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
Definition: hash.cpp:75
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
Definition: hash.cpp:89
static const HashWriter HASHER_TAPTWEAK
Definition: pubkey.cpp:220
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
Definition: pubkey.cpp:41
const unsigned int BIP32_EXTKEY_WITH_VERSION_SIZE
Definition: pubkey.h:20
const unsigned int BIP32_EXTKEY_SIZE
Definition: pubkey.h:19
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
Definition: secp256k1.c:355
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:266
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:248
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
Definition: secp256k1.c:78
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:213
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:420
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
Definition: secp256k1.c:401
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
Definition: secp256k1.c:662
#define SECP256K1_EC_UNCOMPRESSED
Definition: secp256k1.h:214
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.c:75
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an xonly_pubkey object into a 32-byte sequence.
Definition: main_impl.h:43
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_...
Definition: main_impl.h:134
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey.
Definition: main_impl.h:98
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Tweak an x-only public key by adding the generator multiplied with tweak32 to it.
Definition: main_impl.h:117
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a 32-byte sequence into a xonly_pubkey object.
Definition: main_impl.h:21
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
Definition: main_impl.h:219
unsigned char version[4]
Definition: pubkey.h:295
void Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const
Definition: pubkey.cpp:338
ChainCode chaincode
Definition: pubkey.h:299
bool Derive(CExtPubKey &out, unsigned int nChild) const
Definition: pubkey.cpp:368
void DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE])
Definition: pubkey.cpp:362
void EncodeWithVersion(unsigned char code[BIP32_EXTKEY_WITH_VERSION_SIZE]) const
Definition: pubkey.cpp:356
unsigned char vchFingerprint[4]
Definition: pubkey.h:297
unsigned char nDepth
Definition: pubkey.h:296
void Decode(const unsigned char code[BIP32_EXTKEY_SIZE])
Definition: pubkey.cpp:347
CPubKey pubkey
Definition: pubkey.h:300
unsigned int nChild
Definition: pubkey.h:298
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
unsigned char data[64]
Definition: secp256k1.h:88
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
Opaque data structure that holds a parsed and valid "x-only" public key.
assert(!tx.IsCoinBase())