be16f80abc
Any projects which want to use Hush code from now on will need to be licensed as GPLv3 or we will send the lawyers: https://www.softwarefreedom.org/ Notably, Komodo (KMD) is licensed as GPLv2 and is no longer compatible to receive code changes, without causing legal issues. MIT projects, such as Zcash, also cannot pull in changes from the Hush Full Node without permission from The Hush Developers, which may in some circumstances grant an MIT license on a case-by-case basis.
174 lines
6.8 KiB
C++
174 lines
6.8 KiB
C++
// Copyright (c) 2009-2014 The Bitcoin Core developers
|
|
// Copyright (c) 2017 The Zcash developers
|
|
// Copyright (c) 2019-2020 The Hush developers
|
|
// Distributed under the GPLv3 software license, see the accompanying
|
|
// file COPYING or https://www.gnu.org/licenses/gpl-3.0.en.html
|
|
|
|
/******************************************************************************
|
|
* Copyright © 2014-2019 The SuperNET Developers. *
|
|
* *
|
|
* See the AUTHORS, DEVELOPER-AGREEMENT and LICENSE files at *
|
|
* the top-level directory of this distribution for the individual copyright *
|
|
* holder information and the developer policies on copyright and licensing. *
|
|
* *
|
|
* Unless otherwise agreed in a custom licensing agreement, no part of the *
|
|
* SuperNET software, including this file may be copied, modified, propagated *
|
|
* or distributed except according to the terms contained in the LICENSE file *
|
|
* *
|
|
* Removal or modification of this copyright notice is prohibited. *
|
|
* *
|
|
******************************************************************************/
|
|
|
|
#include "pubkey.h"
|
|
|
|
#include <secp256k1.h>
|
|
#include <secp256k1_recovery.h>
|
|
|
|
namespace
|
|
{
|
|
/* Global secp256k1_context object used for verification. */
|
|
secp256k1_context* secp256k1_context_verify = NULL;
|
|
}
|
|
|
|
|
|
bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
|
|
if (!IsValid())
|
|
return false;
|
|
secp256k1_pubkey pubkey;
|
|
secp256k1_ecdsa_signature sig;
|
|
if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size())) {
|
|
return false;
|
|
}
|
|
if (vchSig.size() == 0) {
|
|
return false;
|
|
}
|
|
/* Hush, unlike Bitcoin, has always enforced strict DER signatures. */
|
|
if (!secp256k1_ecdsa_signature_parse_der(secp256k1_context_verify, &sig, &vchSig[0], vchSig.size())) {
|
|
return false;
|
|
}
|
|
/* libsecp256k1's ECDSA verification requires lower-S signatures, which have
|
|
* not historically been enforced in Bitcoin or Hush, so normalize them first. */
|
|
secp256k1_ecdsa_signature_normalize(secp256k1_context_verify, &sig, &sig);
|
|
return secp256k1_ecdsa_verify(secp256k1_context_verify, &sig, hash.begin(), &pubkey);
|
|
}
|
|
|
|
bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
|
|
if (vchSig.size() != COMPACT_SIGNATURE_SIZE)
|
|
return false;
|
|
int recid = (vchSig[0] - 27) & 3;
|
|
bool fComp = ((vchSig[0] - 27) & 4) != 0;
|
|
secp256k1_pubkey pubkey;
|
|
secp256k1_ecdsa_recoverable_signature sig;
|
|
if (!secp256k1_ecdsa_recoverable_signature_parse_compact(secp256k1_context_verify, &sig, &vchSig[1], recid)) {
|
|
return false;
|
|
}
|
|
if (!secp256k1_ecdsa_recover(secp256k1_context_verify, &pubkey, &sig, hash.begin())) {
|
|
return false;
|
|
}
|
|
unsigned char pub[PUBLIC_KEY_SIZE];
|
|
size_t publen = PUBLIC_KEY_SIZE;
|
|
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, fComp ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
|
|
Set(pub, pub + publen);
|
|
return true;
|
|
}
|
|
|
|
bool CPubKey::IsFullyValid() const {
|
|
if (!IsValid())
|
|
return false;
|
|
secp256k1_pubkey pubkey;
|
|
return secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size());
|
|
}
|
|
|
|
bool CPubKey::Decompress() {
|
|
if (!IsValid())
|
|
return false;
|
|
secp256k1_pubkey pubkey;
|
|
if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size())) {
|
|
return false;
|
|
}
|
|
unsigned char pub[PUBLIC_KEY_SIZE];
|
|
size_t publen = PUBLIC_KEY_SIZE;
|
|
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
|
|
Set(pub, pub + publen);
|
|
return true;
|
|
}
|
|
|
|
bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const {
|
|
assert(IsValid());
|
|
assert((nChild >> 31) == 0);
|
|
assert(size() == COMPRESSED_PUBLIC_KEY_SIZE);
|
|
unsigned char out[64];
|
|
BIP32Hash(cc, nChild, *begin(), begin()+1, out);
|
|
memcpy(ccChild.begin(), out+32, 32);
|
|
secp256k1_pubkey pubkey;
|
|
if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, &(*this)[0], size())) {
|
|
return false;
|
|
}
|
|
if (!secp256k1_ec_pubkey_tweak_add(secp256k1_context_verify, &pubkey, out)) {
|
|
return false;
|
|
}
|
|
unsigned char pub[COMPRESSED_PUBLIC_KEY_SIZE];
|
|
size_t publen = COMPRESSED_PUBLIC_KEY_SIZE;
|
|
secp256k1_ec_pubkey_serialize(secp256k1_context_verify, pub, &publen, &pubkey, SECP256K1_EC_COMPRESSED);
|
|
pubkeyChild.Set(pub, pub + publen);
|
|
return true;
|
|
}
|
|
|
|
void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
|
|
code[0] = nDepth;
|
|
memcpy(code+1, vchFingerprint, 4);
|
|
code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
|
|
code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF;
|
|
memcpy(code+9, chaincode.begin(), 32);
|
|
assert(pubkey.size() == CPubKey::COMPRESSED_PUBLIC_KEY_SIZE);
|
|
memcpy(code+41, pubkey.begin(), CPubKey::COMPRESSED_PUBLIC_KEY_SIZE);
|
|
}
|
|
|
|
void CExtPubKey::Decode(const unsigned char code[BIP32_EXTKEY_SIZE]) {
|
|
nDepth = code[0];
|
|
memcpy(vchFingerprint, code+1, 4);
|
|
nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
|
|
memcpy(chaincode.begin(), code+9, 32);
|
|
pubkey.Set(code+41, code+BIP32_EXTKEY_SIZE);
|
|
}
|
|
|
|
bool CExtPubKey::Derive(CExtPubKey &out, unsigned int nChild) const {
|
|
out.nDepth = nDepth + 1;
|
|
CKeyID id = pubkey.GetID();
|
|
memcpy(&out.vchFingerprint[0], &id, 4);
|
|
out.nChild = nChild;
|
|
return pubkey.Derive(out.pubkey, out.chaincode, nChild, chaincode);
|
|
}
|
|
|
|
/* static */ bool CPubKey::CheckLowS(const std::vector<unsigned char>& vchSig) {
|
|
secp256k1_ecdsa_signature sig;
|
|
|
|
/* Hush, unlike Bitcoin, has always enforced strict DER signatures. */
|
|
if (!secp256k1_ecdsa_signature_parse_der(secp256k1_context_verify, &sig, &vchSig[0], vchSig.size())) {
|
|
return false;
|
|
}
|
|
return (!secp256k1_ecdsa_signature_normalize(secp256k1_context_verify, NULL, &sig));
|
|
}
|
|
|
|
/* static */ int ECCVerifyHandle::refcount = 0;
|
|
|
|
ECCVerifyHandle::ECCVerifyHandle()
|
|
{
|
|
if (refcount == 0) {
|
|
assert(secp256k1_context_verify == NULL);
|
|
secp256k1_context_verify = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
|
|
assert(secp256k1_context_verify != NULL);
|
|
}
|
|
refcount++;
|
|
}
|
|
|
|
ECCVerifyHandle::~ECCVerifyHandle()
|
|
{
|
|
refcount--;
|
|
if (refcount == 0) {
|
|
assert(secp256k1_context_verify != NULL);
|
|
secp256k1_context_destroy(secp256k1_context_verify);
|
|
secp256k1_context_verify = NULL;
|
|
}
|
|
}
|