Bitcoin Core  24.1.0
P2P Digital Currency
key.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2021 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <chainparams.h>
6 #include <chainparamsbase.h>
7 #include <key.h>
8 #include <key_io.h>
9 #include <outputtype.h>
10 #include <policy/policy.h>
11 #include <pubkey.h>
12 #include <rpc/util.h>
13 #include <script/keyorigin.h>
14 #include <script/script.h>
15 #include <script/sign.h>
16 #include <script/signingprovider.h>
17 #include <script/standard.h>
18 #include <streams.h>
19 #include <test/fuzz/fuzz.h>
20 #include <util/strencodings.h>
21 
22 #include <cassert>
23 #include <cstdint>
24 #include <numeric>
25 #include <string>
26 #include <vector>
27 
28 void initialize_key()
29 {
30  static const ECCVerifyHandle ecc_verify_handle;
31  ECC_Start();
32  SelectParams(CBaseChainParams::REGTEST);
33 }
34 
35 FUZZ_TARGET_INIT(key, initialize_key)
36 {
37  const CKey key = [&] {
38  CKey k;
39  k.Set(buffer.begin(), buffer.end(), true);
40  return k;
41  }();
42  if (!key.IsValid()) {
43  return;
44  }
45 
46  {
47  assert(key.begin() + key.size() == key.end());
48  assert(key.IsCompressed());
49  assert(key.size() == 32);
50  assert(DecodeSecret(EncodeSecret(key)) == key);
51  }
52 
53  {
54  CKey invalid_key;
55  assert(!(invalid_key == key));
56  assert(!invalid_key.IsCompressed());
57  assert(!invalid_key.IsValid());
58  assert(invalid_key.size() == 0);
59  }
60 
61  {
62  CKey uncompressed_key;
63  uncompressed_key.Set(buffer.begin(), buffer.end(), false);
64  assert(!(uncompressed_key == key));
65  assert(!uncompressed_key.IsCompressed());
66  assert(key.size() == 32);
67  assert(uncompressed_key.begin() + uncompressed_key.size() == uncompressed_key.end());
68  assert(uncompressed_key.IsValid());
69  }
70 
71  {
72  CKey copied_key;
73  copied_key.Set(key.begin(), key.end(), key.IsCompressed());
74  assert(copied_key == key);
75  }
76 
77  {
78  CKey negated_key = key;
79  negated_key.Negate();
80  assert(negated_key.IsValid());
81  assert(!(negated_key == key));
82 
83  negated_key.Negate();
84  assert(negated_key == key);
85  }
86 
87  const uint256 random_uint256 = Hash(buffer);
88 
89  {
90  CKey child_key;
91  ChainCode child_chaincode;
92  const bool ok = key.Derive(child_key, child_chaincode, 0, random_uint256);
93  assert(ok);
94  assert(child_key.IsValid());
95  assert(!(child_key == key));
96  assert(child_chaincode != random_uint256);
97  }
98 
99  const CPubKey pubkey = key.GetPubKey();
100 
101  {
102  assert(pubkey.size() == 33);
103  assert(key.VerifyPubKey(pubkey));
104  assert(pubkey.GetHash() != random_uint256);
105  assert(pubkey.begin() + pubkey.size() == pubkey.end());
106  assert(pubkey.data() == pubkey.begin());
107  assert(pubkey.IsCompressed());
108  assert(pubkey.IsValid());
109  assert(pubkey.IsFullyValid());
110  assert(HexToPubKey(HexStr(pubkey)) == pubkey);
111  assert(GetAllDestinationsForKey(pubkey).size() == 3);
112  }
113 
114  {
115  CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
116  pubkey.Serialize(data_stream);
117 
118  CPubKey pubkey_deserialized;
119  pubkey_deserialized.Unserialize(data_stream);
120  assert(pubkey_deserialized == pubkey);
121  }
122 
123  {
124  const CScript tx_pubkey_script = GetScriptForRawPubKey(pubkey);
125  assert(!tx_pubkey_script.IsPayToScriptHash());
126  assert(!tx_pubkey_script.IsPayToWitnessScriptHash());
127  assert(!tx_pubkey_script.IsPushOnly());
128  assert(!tx_pubkey_script.IsUnspendable());
129  assert(tx_pubkey_script.HasValidOps());
130  assert(tx_pubkey_script.size() == 35);
131 
132  const CScript tx_multisig_script = GetScriptForMultisig(1, {pubkey});
133  assert(!tx_multisig_script.IsPayToScriptHash());
134  assert(!tx_multisig_script.IsPayToWitnessScriptHash());
135  assert(!tx_multisig_script.IsPushOnly());
136  assert(!tx_multisig_script.IsUnspendable());
137  assert(tx_multisig_script.HasValidOps());
138  assert(tx_multisig_script.size() == 37);
139 
140  FillableSigningProvider fillable_signing_provider;
141  assert(!IsSegWitOutput(fillable_signing_provider, tx_pubkey_script));
142  assert(!IsSegWitOutput(fillable_signing_provider, tx_multisig_script));
143  assert(fillable_signing_provider.GetKeys().size() == 0);
144  assert(!fillable_signing_provider.HaveKey(pubkey.GetID()));
145 
146  const bool ok_add_key = fillable_signing_provider.AddKey(key);
147  assert(ok_add_key);
148  assert(fillable_signing_provider.HaveKey(pubkey.GetID()));
149 
150  FillableSigningProvider fillable_signing_provider_pub;
151  assert(!fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
152 
153  const bool ok_add_key_pubkey = fillable_signing_provider_pub.AddKeyPubKey(key, pubkey);
154  assert(ok_add_key_pubkey);
155  assert(fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
156 
157  TxoutType which_type_tx_pubkey;
158  const bool is_standard_tx_pubkey = IsStandard(tx_pubkey_script, std::nullopt, which_type_tx_pubkey);
159  assert(is_standard_tx_pubkey);
160  assert(which_type_tx_pubkey == TxoutType::PUBKEY);
161 
162  TxoutType which_type_tx_multisig;
163  const bool is_standard_tx_multisig = IsStandard(tx_multisig_script, std::nullopt, which_type_tx_multisig);
164  assert(is_standard_tx_multisig);
165  assert(which_type_tx_multisig == TxoutType::MULTISIG);
166 
167  std::vector<std::vector<unsigned char>> v_solutions_ret_tx_pubkey;
168  const TxoutType outtype_tx_pubkey = Solver(tx_pubkey_script, v_solutions_ret_tx_pubkey);
169  assert(outtype_tx_pubkey == TxoutType::PUBKEY);
170  assert(v_solutions_ret_tx_pubkey.size() == 1);
171  assert(v_solutions_ret_tx_pubkey[0].size() == 33);
172 
173  std::vector<std::vector<unsigned char>> v_solutions_ret_tx_multisig;
174  const TxoutType outtype_tx_multisig = Solver(tx_multisig_script, v_solutions_ret_tx_multisig);
175  assert(outtype_tx_multisig == TxoutType::MULTISIG);
176  assert(v_solutions_ret_tx_multisig.size() == 3);
177  assert(v_solutions_ret_tx_multisig[0].size() == 1);
178  assert(v_solutions_ret_tx_multisig[1].size() == 33);
179  assert(v_solutions_ret_tx_multisig[2].size() == 1);
180 
181  OutputType output_type{};
182  const CTxDestination tx_destination = GetDestinationForKey(pubkey, output_type);
183  assert(output_type == OutputType::LEGACY);
184  assert(IsValidDestination(tx_destination));
185  assert(CTxDestination{PKHash{pubkey}} == tx_destination);
186 
187  const CScript script_for_destination = GetScriptForDestination(tx_destination);
188  assert(script_for_destination.size() == 25);
189 
190  const std::string destination_address = EncodeDestination(tx_destination);
191  assert(DecodeDestination(destination_address) == tx_destination);
192 
193  const CPubKey pubkey_from_address_string = AddrToPubKey(fillable_signing_provider, destination_address);
194  assert(pubkey_from_address_string == pubkey);
195 
196  CKeyID key_id = pubkey.GetID();
197  assert(!key_id.IsNull());
198  assert(key_id == CKeyID{key_id});
199  assert(key_id == GetKeyForDestination(fillable_signing_provider, tx_destination));
200 
201  CPubKey pubkey_out;
202  const bool ok_get_pubkey = fillable_signing_provider.GetPubKey(key_id, pubkey_out);
203  assert(ok_get_pubkey);
204 
205  CKey key_out;
206  const bool ok_get_key = fillable_signing_provider.GetKey(key_id, key_out);
207  assert(ok_get_key);
208  assert(fillable_signing_provider.GetKeys().size() == 1);
209  assert(fillable_signing_provider.HaveKey(key_id));
210 
211  KeyOriginInfo key_origin_info;
212  const bool ok_get_key_origin = fillable_signing_provider.GetKeyOrigin(key_id, key_origin_info);
213  assert(!ok_get_key_origin);
214  }
215 
216  {
217  const std::vector<unsigned char> vch_pubkey{pubkey.begin(), pubkey.end()};
218  assert(CPubKey::ValidSize(vch_pubkey));
219  assert(!CPubKey::ValidSize({pubkey.begin(), pubkey.begin() + pubkey.size() - 1}));
220 
221  const CPubKey pubkey_ctor_1{vch_pubkey};
222  assert(pubkey == pubkey_ctor_1);
223 
224  const CPubKey pubkey_ctor_2{vch_pubkey.begin(), vch_pubkey.end()};
225  assert(pubkey == pubkey_ctor_2);
226 
227  CPubKey pubkey_set;
228  pubkey_set.Set(vch_pubkey.begin(), vch_pubkey.end());
229  assert(pubkey == pubkey_set);
230  }
231 
232  {
233  const CPubKey invalid_pubkey{};
234  assert(!invalid_pubkey.IsValid());
235  assert(!invalid_pubkey.IsFullyValid());
236  assert(!(pubkey == invalid_pubkey));
237  assert(pubkey != invalid_pubkey);
238  assert(pubkey < invalid_pubkey);
239  }
240 
241  {
242  // Cover CPubKey's operator[](unsigned int pos)
243  unsigned int sum = 0;
244  for (size_t i = 0; i < pubkey.size(); ++i) {
245  sum += pubkey[i];
246  }
247  assert(std::accumulate(pubkey.begin(), pubkey.end(), 0U) == sum);
248  }
249 
250  {
251  CPubKey decompressed_pubkey = pubkey;
252  assert(decompressed_pubkey.IsCompressed());
253 
254  const bool ok = decompressed_pubkey.Decompress();
255  assert(ok);
256  assert(!decompressed_pubkey.IsCompressed());
257  assert(decompressed_pubkey.size() == 65);
258  }
259 
260  {
261  std::vector<unsigned char> vch_sig;
262  const bool ok = key.Sign(random_uint256, vch_sig, false);
263  assert(ok);
264  assert(pubkey.Verify(random_uint256, vch_sig));
265  assert(CPubKey::CheckLowS(vch_sig));
266 
267  const std::vector<unsigned char> vch_invalid_sig{vch_sig.begin(), vch_sig.begin() + vch_sig.size() - 1};
268  assert(!pubkey.Verify(random_uint256, vch_invalid_sig));
269  assert(!CPubKey::CheckLowS(vch_invalid_sig));
270  }
271 
272  {
273  std::vector<unsigned char> vch_compact_sig;
274  const bool ok_sign_compact = key.SignCompact(random_uint256, vch_compact_sig);
275  assert(ok_sign_compact);
276 
277  CPubKey recover_pubkey;
278  const bool ok_recover_compact = recover_pubkey.RecoverCompact(random_uint256, vch_compact_sig);
279  assert(ok_recover_compact);
280  assert(recover_pubkey == pubkey);
281  }
282 
283  {
284  CPubKey child_pubkey;
285  ChainCode child_chaincode;
286  const bool ok = pubkey.Derive(child_pubkey, child_chaincode, 0, random_uint256);
287  assert(ok);
288  assert(child_pubkey != pubkey);
289  assert(child_pubkey.IsCompressed());
290  assert(child_pubkey.IsFullyValid());
291  assert(child_pubkey.IsValid());
292  assert(child_pubkey.size() == 33);
293  assert(child_chaincode != random_uint256);
294  }
295 
296  const CPrivKey priv_key = key.GetPrivKey();
297 
298  {
299  for (const bool skip_check : {true, false}) {
300  CKey loaded_key;
301  const bool ok = loaded_key.Load(priv_key, pubkey, skip_check);
302  assert(ok);
303  assert(key == loaded_key);
304  }
305  }
306 }
ECC_Start
void ECC_Start()
Initialize the elliptic curve support.
Definition: key.cpp:392
CKey::GetPrivKey
CPrivKey GetPrivKey() const
Convert the private key to a CPrivKey (serialized OpenSSL private key data).
Definition: key.cpp:174
assert
assert(!tx.IsCoinBase())
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:168
CBaseChainParams::REGTEST
static const std::string REGTEST
Definition: chainparamsbase.h:25
CScript::IsPayToScriptHash
bool IsPayToScriptHash() const
Definition: script.cpp:201
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:241
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:187
CPubKey::Set
void Set(const T pbegin, const T pend)
Initialize a public key using begin/end iterators to byte data.
Definition: pubkey.h:89
IsValidDestination
bool IsValidDestination(const CTxDestination &dest)
Check whether a CTxDestination is a CNoDestination.
Definition: standard.cpp:356
GetScriptForRawPubKey
CScript GetScriptForRawPubKey(const CPubKey &pubKey)
Generate a P2PK script for the given pubkey.
Definition: standard.cpp:339
CPubKey::GetHash
uint256 GetHash() const
Get the 256-bit hash of this public key.
Definition: pubkey.h:170
HexToPubKey
CPubKey HexToPubKey(const std::string &hex_in)
Definition: util.cpp:202
CPubKey::CheckLowS
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:376
GetKeyForDestination
CKeyID GetKeyForDestination(const SigningProvider &store, const CTxDestination &dest)
Return the CKeyID of the key involved in a script (if there is a unique one).
Definition: signingprovider.cpp:196
CPubKey::Derive
bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child pubkey.
Definition: pubkey.cpp:315
CPubKey::Unserialize
void Unserialize(Stream &s)
Definition: pubkey.h:148
CScript::HasValidOps
bool HasValidOps() const
Check if the script contains valid OP_CODES.
Definition: script.cpp:270
CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:185
IsStandard
bool IsStandard(const CScript &scriptPubKey, const std::optional< unsigned > &max_datacarrier_bytes, TxoutType &whichType)
Definition: policy.cpp:70
CKey::begin
const unsigned char * begin() const
Definition: key.h:89
IsSegWitOutput
bool IsSegWitOutput(const SigningProvider &provider, const CScript &script)
Check whether a scriptPubKey is known to be segwit.
Definition: sign.cpp:637
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
base_blob::IsNull
bool IsNull() const
Definition: uint256.h:34
CPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:114
OutputType
OutputType
Definition: outputtype.h:17
GetAllDestinationsForKey
std::vector< CTxDestination > GetAllDestinationsForKey(const CPubKey &key)
Get all destinations (potentially) supported by the wallet for the given key.
Definition: outputtype.cpp:72
CScript::IsUnspendable
bool IsUnspendable() const
Returns whether the script is guaranteed to fail at execution, regardless of the initial stack...
Definition: script.h:549
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key...
Definition: key.cpp:255
initialize_key
void initialize_key()
Definition: key.cpp:28
sum
volatile double sum
Definition: examples.cpp:10
CPubKey::Serialize
void Serialize(Stream &s) const
Implement serialization, as if this was a byte vector.
Definition: pubkey.h:141
CPrivKey
std::vector< unsigned char, secure_allocator< unsigned char > > CPrivKey
CPrivKey is a serialized private key, with all parameters included (SIZE bytes)
Definition: key.h:23
CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:213
CPubKey::ValidSize
static bool ValidSize(const std::vector< unsigned char > &vch)
Definition: pubkey.h:77
key_io.h
FUZZ_TARGET_INIT
FUZZ_TARGET_INIT(key, initialize_key)
Definition: key.cpp:35
ECCVerifyHandle
Users of this module must hold an ECCVerifyHandle.
Definition: pubkey.h:335
CPubKey::IsFullyValid
bool IsFullyValid() const
fully validate whether this is a valid public key (more expensive than IsValid()) ...
Definition: pubkey.cpp:292
CPubKey::end
const unsigned char * end() const
Definition: pubkey.h:115
HexStr
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: strencodings.cpp:476
CScript::IsPushOnly
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
Definition: script.cpp:236
SelectParams
void SelectParams(const std::string &network)
Sets the params returned by Params() to those for the given chain name.
Definition: chainparams.cpp:580
CPubKey::RecoverCompact
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:271
TxoutType
TxoutType
Definition: standard.h:51
INIT_PROTO_VERSION
static const int INIT_PROTO_VERSION
initial proto version, to be increased after version/verack negotiation
Definition: version.h:15
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:189
CPubKey
An encapsulated public key.
Definition: pubkey.h:33
FillableSigningProvider
Fillable signing provider that keeps keys in an address->secret map.
Definition: signingprovider.h:94
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:149
CKey::size
unsigned int size() const
Simple read-only vector-like interface.
Definition: key.h:87
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:96
GetScriptForDestination
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition: standard.cpp:334
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:73
uint256
256-bit opaque blob.
Definition: uint256.h:119
CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:253
CKey::Derive
bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const
Derive BIP32 child key.
Definition: key.cpp:315
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:410
CKey::end
const unsigned char * end() const
Definition: key.h:90
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:23
Solver
TxoutType Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char >> &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: standard.cpp:168
GetDestinationForKey
CTxDestination GetDestinationForKey(const CPubKey &key, OutputType type)
Get a destination of the requested type (if possible) to the specified key.
Definition: outputtype.cpp:51
EncodeDestination
std::string EncodeDestination(const CTxDestination &dest)
Definition: key_io.cpp:276
prevector::size
size_type size() const
Definition: prevector.h:284
FillableSigningProvider::AddKeyPubKey
virtual bool AddKeyPubKey(const CKey &key, const CPubKey &pubkey)
Definition: signingprovider.cpp:123
GetScriptForMultisig
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
Definition: standard.cpp:344
CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:113
CKey
An encapsulated private key.
Definition: key.h:26
Hash
uint256 Hash(const T &in1)
Compute the 256-bit hash of an object.
Definition: hash.h:75
DecodeSecret
CKey DecodeSecret(const std::string &str)
Definition: key_io.cpp:198
DecodeDestination
CTxDestination DecodeDestination(const std::string &str, std::string &error_msg, std::vector< int > *error_locations)
Definition: key_io.cpp:281
EncodeSecret
std::string EncodeSecret(const CKey &key)
Definition: key_io.cpp:216
AddrToPubKey
CPubKey AddrToPubKey(const FillableSigningProvider &keystore, const std::string &addr_in)
Definition: util.cpp:215
CPubKey::Decompress
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:300
CScript::IsPayToWitnessScriptHash
bool IsPayToWitnessScriptHash() const
Definition: script.cpp:210
CKey::Load
bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey, bool fSkipCheck)
Load private key and check that public key matches.
Definition: key.cpp:303
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:93
CPubKey::IsCompressed
bool IsCompressed() const
Check whether this is a compressed public key.
Definition: pubkey.h:198
FillableSigningProvider::HaveKey
virtual bool HaveKey(const CKeyID &address) const override
Definition: signingprovider.cpp:131
Generated on Tue May 16 2023 12:00:00 for Bitcoin Core by   doxygen 1.8.14