Bitcoin Core  24.99.0
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <chainparams.h>
6 #include <chainparamsbase.h>
7 #include <key.h>
8 #include <key_io.h>
9 #include <outputtype.h>
10 #include <policy/policy.h>
11 #include <pubkey.h>
12 #include <rpc/util.h>
13 #include <script/keyorigin.h>
14 #include <script/script.h>
15 #include <script/sign.h>
16 #include <script/signingprovider.h>
17 #include <script/standard.h>
18 #include <streams.h>
19 #include <test/fuzz/fuzz.h>
20 #include <util/strencodings.h>
21 
22 #include <cassert>
23 #include <cstdint>
24 #include <numeric>
25 #include <string>
26 #include <vector>
27 
29 {
30  ECC_Start();
32 }
33 
35 {
36  const CKey key = [&] {
37  CKey k;
38  k.Set(buffer.begin(), buffer.end(), true);
39  return k;
40  }();
41  if (!key.IsValid()) {
42  return;
43  }
44 
45  {
46  assert(key.begin() + key.size() == key.end());
47  assert(key.IsCompressed());
48  assert(key.size() == 32);
49  assert(DecodeSecret(EncodeSecret(key)) == key);
50  }
51 
52  {
53  CKey invalid_key;
54  assert(!(invalid_key == key));
55  assert(!invalid_key.IsCompressed());
56  assert(!invalid_key.IsValid());
57  assert(invalid_key.size() == 0);
58  }
59 
60  {
61  CKey uncompressed_key;
62  uncompressed_key.Set(buffer.begin(), buffer.end(), false);
63  assert(!(uncompressed_key == key));
64  assert(!uncompressed_key.IsCompressed());
65  assert(key.size() == 32);
66  assert(uncompressed_key.begin() + uncompressed_key.size() == uncompressed_key.end());
67  assert(uncompressed_key.IsValid());
68  }
69 
70  {
71  CKey copied_key;
72  copied_key.Set(key.begin(), key.end(), key.IsCompressed());
73  assert(copied_key == key);
74  }
75 
76  {
77  CKey negated_key = key;
78  negated_key.Negate();
79  assert(negated_key.IsValid());
80  assert(!(negated_key == key));
81 
82  negated_key.Negate();
83  assert(negated_key == key);
84  }
85 
86  const uint256 random_uint256 = Hash(buffer);
87 
88  {
89  CKey child_key;
90  ChainCode child_chaincode;
91  const bool ok = key.Derive(child_key, child_chaincode, 0, random_uint256);
92  assert(ok);
93  assert(child_key.IsValid());
94  assert(!(child_key == key));
95  assert(child_chaincode != random_uint256);
96  }
97 
98  const CPubKey pubkey = key.GetPubKey();
99 
100  {
101  assert(pubkey.size() == 33);
102  assert(key.VerifyPubKey(pubkey));
103  assert(pubkey.GetHash() != random_uint256);
104  assert(pubkey.begin() + pubkey.size() == pubkey.end());
105  assert(pubkey.data() == pubkey.begin());
106  assert(pubkey.IsCompressed());
107  assert(pubkey.IsValid());
108  assert(pubkey.IsFullyValid());
109  assert(HexToPubKey(HexStr(pubkey)) == pubkey);
110  assert(GetAllDestinationsForKey(pubkey).size() == 3);
111  }
112 
113  {
114  DataStream data_stream{};
115  pubkey.Serialize(data_stream);
116 
117  CPubKey pubkey_deserialized;
118  pubkey_deserialized.Unserialize(data_stream);
119  assert(pubkey_deserialized == pubkey);
120  }
121 
122  {
123  const CScript tx_pubkey_script = GetScriptForRawPubKey(pubkey);
124  assert(!tx_pubkey_script.IsPayToScriptHash());
125  assert(!tx_pubkey_script.IsPayToWitnessScriptHash());
126  assert(!tx_pubkey_script.IsPushOnly());
127  assert(!tx_pubkey_script.IsUnspendable());
128  assert(tx_pubkey_script.HasValidOps());
129  assert(tx_pubkey_script.size() == 35);
130 
131  const CScript tx_multisig_script = GetScriptForMultisig(1, {pubkey});
132  assert(!tx_multisig_script.IsPayToScriptHash());
133  assert(!tx_multisig_script.IsPayToWitnessScriptHash());
134  assert(!tx_multisig_script.IsPushOnly());
135  assert(!tx_multisig_script.IsUnspendable());
136  assert(tx_multisig_script.HasValidOps());
137  assert(tx_multisig_script.size() == 37);
138 
139  FillableSigningProvider fillable_signing_provider;
140  assert(!IsSegWitOutput(fillable_signing_provider, tx_pubkey_script));
141  assert(!IsSegWitOutput(fillable_signing_provider, tx_multisig_script));
142  assert(fillable_signing_provider.GetKeys().size() == 0);
143  assert(!fillable_signing_provider.HaveKey(pubkey.GetID()));
144 
145  const bool ok_add_key = fillable_signing_provider.AddKey(key);
146  assert(ok_add_key);
147  assert(fillable_signing_provider.HaveKey(pubkey.GetID()));
148 
149  FillableSigningProvider fillable_signing_provider_pub;
150  assert(!fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
151 
152  const bool ok_add_key_pubkey = fillable_signing_provider_pub.AddKeyPubKey(key, pubkey);
153  assert(ok_add_key_pubkey);
154  assert(fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
155 
156  TxoutType which_type_tx_pubkey;
157  const bool is_standard_tx_pubkey = IsStandard(tx_pubkey_script, std::nullopt, which_type_tx_pubkey);
158  assert(is_standard_tx_pubkey);
159  assert(which_type_tx_pubkey == TxoutType::PUBKEY);
160 
161  TxoutType which_type_tx_multisig;
162  const bool is_standard_tx_multisig = IsStandard(tx_multisig_script, std::nullopt, which_type_tx_multisig);
163  assert(is_standard_tx_multisig);
164  assert(which_type_tx_multisig == TxoutType::MULTISIG);
165 
166  std::vector<std::vector<unsigned char>> v_solutions_ret_tx_pubkey;
167  const TxoutType outtype_tx_pubkey = Solver(tx_pubkey_script, v_solutions_ret_tx_pubkey);
168  assert(outtype_tx_pubkey == TxoutType::PUBKEY);
169  assert(v_solutions_ret_tx_pubkey.size() == 1);
170  assert(v_solutions_ret_tx_pubkey[0].size() == 33);
171 
172  std::vector<std::vector<unsigned char>> v_solutions_ret_tx_multisig;
173  const TxoutType outtype_tx_multisig = Solver(tx_multisig_script, v_solutions_ret_tx_multisig);
174  assert(outtype_tx_multisig == TxoutType::MULTISIG);
175  assert(v_solutions_ret_tx_multisig.size() == 3);
176  assert(v_solutions_ret_tx_multisig[0].size() == 1);
177  assert(v_solutions_ret_tx_multisig[1].size() == 33);
178  assert(v_solutions_ret_tx_multisig[2].size() == 1);
179 
180  OutputType output_type{};
181  const CTxDestination tx_destination = GetDestinationForKey(pubkey, output_type);
182  assert(output_type == OutputType::LEGACY);
183  assert(IsValidDestination(tx_destination));
184  assert(CTxDestination{PKHash{pubkey}} == tx_destination);
185 
186  const CScript script_for_destination = GetScriptForDestination(tx_destination);
187  assert(script_for_destination.size() == 25);
188 
189  const std::string destination_address = EncodeDestination(tx_destination);
190  assert(DecodeDestination(destination_address) == tx_destination);
191 
192  const CPubKey pubkey_from_address_string = AddrToPubKey(fillable_signing_provider, destination_address);
193  assert(pubkey_from_address_string == pubkey);
194 
195  CKeyID key_id = pubkey.GetID();
196  assert(!key_id.IsNull());
197  assert(key_id == CKeyID{key_id});
198  assert(key_id == GetKeyForDestination(fillable_signing_provider, tx_destination));
199 
200  CPubKey pubkey_out;
201  const bool ok_get_pubkey = fillable_signing_provider.GetPubKey(key_id, pubkey_out);
202  assert(ok_get_pubkey);
203 
204  CKey key_out;
205  const bool ok_get_key = fillable_signing_provider.GetKey(key_id, key_out);
206  assert(ok_get_key);
207  assert(fillable_signing_provider.GetKeys().size() == 1);
208  assert(fillable_signing_provider.HaveKey(key_id));
209 
210  KeyOriginInfo key_origin_info;
211  const bool ok_get_key_origin = fillable_signing_provider.GetKeyOrigin(key_id, key_origin_info);
212  assert(!ok_get_key_origin);
213  }
214 
215  {
216  const std::vector<unsigned char> vch_pubkey{pubkey.begin(), pubkey.end()};
217  assert(CPubKey::ValidSize(vch_pubkey));
218  assert(!CPubKey::ValidSize({pubkey.begin(), pubkey.begin() + pubkey.size() - 1}));
219 
220  const CPubKey pubkey_ctor_1{vch_pubkey};
221  assert(pubkey == pubkey_ctor_1);
222 
223  const CPubKey pubkey_ctor_2{vch_pubkey.begin(), vch_pubkey.end()};
224  assert(pubkey == pubkey_ctor_2);
225 
226  CPubKey pubkey_set;
227  pubkey_set.Set(vch_pubkey.begin(), vch_pubkey.end());
228  assert(pubkey == pubkey_set);
229  }
230 
231  {
232  const CPubKey invalid_pubkey{};
233  assert(!invalid_pubkey.IsValid());
234  assert(!invalid_pubkey.IsFullyValid());
235  assert(!(pubkey == invalid_pubkey));
236  assert(pubkey != invalid_pubkey);
237  assert(pubkey < invalid_pubkey);
238  }
239 
240  {
241  // Cover CPubKey's operator[](unsigned int pos)
242  unsigned int sum = 0;
243  for (size_t i = 0; i < pubkey.size(); ++i) {
244  sum += pubkey[i];
245  }
246  assert(std::accumulate(pubkey.begin(), pubkey.end(), 0U) == sum);
247  }
248 
249  {
250  CPubKey decompressed_pubkey = pubkey;
251  assert(decompressed_pubkey.IsCompressed());
252 
253  const bool ok = decompressed_pubkey.Decompress();
254  assert(ok);
255  assert(!decompressed_pubkey.IsCompressed());
256  assert(decompressed_pubkey.size() == 65);
257  }
258 
259  {
260  std::vector<unsigned char> vch_sig;
261  const bool ok = key.Sign(random_uint256, vch_sig, false);
262  assert(ok);
263  assert(pubkey.Verify(random_uint256, vch_sig));
264  assert(CPubKey::CheckLowS(vch_sig));
265 
266  const std::vector<unsigned char> vch_invalid_sig{vch_sig.begin(), vch_sig.begin() + vch_sig.size() - 1};
267  assert(!pubkey.Verify(random_uint256, vch_invalid_sig));
268  assert(!CPubKey::CheckLowS(vch_invalid_sig));
269  }
270 
271  {
272  std::vector<unsigned char> vch_compact_sig;
273  const bool ok_sign_compact = key.SignCompact(random_uint256, vch_compact_sig);
274  assert(ok_sign_compact);
275 
276  CPubKey recover_pubkey;
277  const bool ok_recover_compact = recover_pubkey.RecoverCompact(random_uint256, vch_compact_sig);
278  assert(ok_recover_compact);
279  assert(recover_pubkey == pubkey);
280  }
281 
282  {
283  CPubKey child_pubkey;
284  ChainCode child_chaincode;
285  const bool ok = pubkey.Derive(child_pubkey, child_chaincode, 0, random_uint256);
286  assert(ok);
287  assert(child_pubkey != pubkey);
288  assert(child_pubkey.IsCompressed());
289  assert(child_pubkey.IsFullyValid());
290  assert(child_pubkey.IsValid());
291  assert(child_pubkey.size() == 33);
292  assert(child_chaincode != random_uint256);
293  }
294 
295  const CPrivKey priv_key = key.GetPrivKey();
296 
297  {
298  for (const bool skip_check : {true, false}) {
299  CKey loaded_key;
300  const bool ok = loaded_key.Load(priv_key, pubkey, skip_check);
301  assert(ok);
302  assert(key == loaded_key);
303  }
304  }
305 }
void SelectParams(const std::string &network)
Sets the params returned by Params() to those for the given chain name.
static const std::string REGTEST
An encapsulated private key.
Definition: key.h:27
bool Negate()
Negate private key.
Definition: key.cpp:168
const unsigned char * end() const
Definition: key.h:90
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:87
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:93
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:213
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:174
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:96
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:187
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:73
const unsigned char * begin() const
Definition: key.h:89
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:241
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:302
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:314
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:254
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
An encapsulated public key.
Definition: pubkey.h:34
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:276
const unsigned char * end() const
Definition: pubkey.h:115
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:198
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:377
bool IsValid() const
Definition: pubkey.h:189
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:303
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:259
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid())
Definition: pubkey.cpp:296
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
static bool ValidSize(const std::vector< unsigned char > &vch)
Definition: pubkey.h:77
const unsigned char * begin() const
Definition: pubkey.h:114
void Serialize(Stream &s) const
Implement serialization, as if this was a byte vector.
Definition: pubkey.h:141
void Unserialize(Stream &s)
Definition: pubkey.h:148
uint256 GetHash() const
Get the 256-bit hash of this public key.
Definition: pubkey.h:170
const unsigned char * data() const
Definition: pubkey.h:113
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:317
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:411
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
Definition: script.cpp:236
bool IsPayToScriptHash() const
Definition: script.cpp:201
bool IsUnspendable() const
Returns whether the script is guaranteed to fail at execution, regardless of the initial stack.
Definition: script.h:549
bool IsPayToWitnessScriptHash() const
Definition: script.cpp:210
bool HasValidOps() const
Check if the script contains valid OP_CODES.
Definition: script.cpp:270
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:186
Fillable signing provider that keeps keys in an address->secret map.
virtual bool AddKeyPubKey(const CKey &key, const CPubKey &pubkey)
virtual bool GetPubKey(const CKeyID &address, CPubKey &vchPubKeyOut) const override
virtual bool GetKey(const CKeyID &address, CKey &keyOut) const override
virtual std::set< CKeyID > GetKeys() const
virtual bool AddKey(const CKey &key)
virtual bool HaveKey(const CKeyID &address) const override
virtual bool GetKeyOrigin(const CKeyID &keyid, KeyOriginInfo &info) const
constexpr bool IsNull() const
Definition: uint256.h:41
size_type size() const
Definition: prevector.h:284
256-bit opaque blob.
Definition: uint256.h:105
volatile double sum
Definition: examples.cpp:10
uint256 Hash(const T &in1)
Compute the 256-bit hash of an object.
Definition: hash.h:76
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:391
std::vector< unsigned char, secure_allocator< unsigned char > > CPrivKey
CPrivKey is a serialized private key, with all parameters included (SIZE bytes)
Definition: key.h:23
CTxDestination DecodeDestination(const std::string &str, std::string &error_msg, std::vector< int > *error_locations)
Definition: key_io.cpp:281
std::string EncodeSecret(const CKey &key)
Definition: key_io.cpp:216
std::string EncodeDestination(const CTxDestination &dest)
Definition: key_io.cpp:276
CKey DecodeSecret(const std::string &str)
Definition: key_io.cpp:198
CTxDestination GetDestinationForKey(const CPubKey &key, OutputType type)
Get a destination of the requested type (if possible) to the specified key.
Definition: outputtype.cpp:53
std::vector< CTxDestination > GetAllDestinationsForKey(const CPubKey &key)
Get all destinations (potentially) supported by the wallet for the given key.
Definition: outputtype.cpp:74
OutputType
Definition: outputtype.h:17
bool IsStandard(const CScript &scriptPubKey, const std::optional< unsigned > &max_datacarrier_bytes, TxoutType &whichType)
Definition: policy.cpp:70
CPubKey HexToPubKey(const std::string &hex_in)
Definition: util.cpp:175
CPubKey AddrToPubKey(const FillableSigningProvider &keystore, const std::string &addr_in)
Definition: util.cpp:188
bool IsSegWitOutput(const SigningProvider &provider, const CScript &script)
Check whether a scriptPubKey is known to be segwit.
Definition: sign.cpp:636
CKeyID GetKeyForDestination(const SigningProvider &store, const CTxDestination &dest)
Return the CKeyID of the key involved in a script (if there is a unique one).
TxoutType Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char >> &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: standard.cpp:168
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
Definition: standard.cpp:344
CScript GetScriptForRawPubKey(const CPubKey &pubKey)
Generate a P2PK script for the given pubkey.
Definition: standard.cpp:339
bool IsValidDestination(const CTxDestination &dest)
Check whether a CTxDestination is a CNoDestination.
Definition: standard.cpp:356
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition: standard.cpp:334
TxoutType
Definition: standard.h:51
std::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:149
void initialize_key()
Definition: key.cpp:28
FUZZ_TARGET_INIT(key, initialize_key)
Definition: key.cpp:34
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
assert(!tx.IsCoinBase())