Merge pull request #5162

d2e74c5 boost: moveonly: split CPubKey and friends to new files (Cory Fields)
78c228c boost: moveonly: move BIP32Hash to hash.h (Cory Fields)
900078a boost: moveonly: create eccryptoverify.h|cpp and move helper functions there (Cory Fields)

Author: laanwj

src/Makefile.am

@@ -86,6 +86,7 @@ BITCOIN_CORE_H = \
   core_io.h \
   crypter.h \
   db.h \
+  eccryptoverify.h \
   ecwrapper.h \
   hash.h \
   init.h \
@@ -101,6 +102,7 @@ BITCOIN_CORE_H = \
   noui.h \
   pow.h \
   protocol.h \
+  pubkey.h \
   random.h \
   rpcclient.h \
   rpcprotocol.h \
@@ -220,12 +222,14 @@ libbitcoin_common_a_SOURCES = \
   core/transaction.cpp \
   core_read.cpp \
   core_write.cpp \
+  eccryptoverify.cpp \
   ecwrapper.cpp \
   hash.cpp \
   key.cpp \
   keystore.cpp \
   netbase.cpp \
   protocol.cpp \
+  pubkey.cpp \
   script/interpreter.cpp \
   script/script.cpp \
   script/sigcache.cpp \

src/alert.cpp

@@ -7,7 +7,7 @@
 
 #include "chainparams.h"
 #include "clientversion.h"
-#include "key.h"
+#include "pubkey.h"
 #include "net.h"
 #include "timedata.h"
 #include "ui_interface.h"

src/base58.h

@@ -16,6 +16,7 @@
 
 #include "chainparams.h"
 #include "key.h"
+#include "pubkey.h"
 #include "script/script.h"
 #include "script/standard.h"
 

src/bloom.cpp

@@ -5,6 +5,7 @@
 #include "bloom.h"
 
 #include "core/transaction.h"
+#include "hash.h"
 #include "script/script.h"
 #include "script/standard.h"
 #include "streams.h"

src/compressor.cpp

@@ -6,7 +6,7 @@
 #include "compressor.h"
 
 #include "hash.h"
-#include "key.h"
+#include "pubkey.h"
 #include "script/standard.h"
 
 bool CScriptCompressor::IsToKeyID(CKeyID &hash) const

src/eccryptoverify.cpp

@@ -0,0 +1,63 @@
+#include "eccryptoverify.h"
+
+namespace {
+
+int CompareBigEndian(const unsigned char *c1, size_t c1len, const unsigned char *c2, size_t c2len) {
+    while (c1len > c2len) {
+        if (*c1)
+            return 1;
+        c1++;
+        c1len--;
+    }
+    while (c2len > c1len) {
+        if (*c2)
+            return -1;
+        c2++;
+        c2len--;
+    }
+    while (c1len > 0) {
+        if (*c1 > *c2)
+            return 1;
+        if (*c2 > *c1)
+            return -1;
+        c1++;
+        c2++;
+        c1len--;
+    }
+    return 0;
+}
+
+/** Order of secp256k1's generator minus 1. */
+const unsigned char vchMaxModOrder[32] = {
+    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
+    0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
+    0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40
+};
+
+/** Half of the order of secp256k1's generator minus 1. */
+const unsigned char vchMaxModHalfOrder[32] = {
+    0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+    0x5D,0x57,0x6E,0x73,0x57,0xA4,0x50,0x1D,
+    0xDF,0xE9,0x2F,0x46,0x68,0x1B,0x20,0xA0
+};
+
+const unsigned char vchZero[1] = {0};
+} // anon namespace
+
+namespace eccrypto {
+
+bool Check(const unsigned char *vch) {
+    return vch &&
+           CompareBigEndian(vch, 32, vchZero, 0) > 0 &&
+           CompareBigEndian(vch, 32, vchMaxModOrder, 32) <= 0;
+}
+
+bool CheckSignatureElement(const unsigned char *vch, int len, bool half) {
+    return vch &&
+           CompareBigEndian(vch, len, vchZero, 0) > 0 &&
+           CompareBigEndian(vch, len, half ? vchMaxModHalfOrder : vchMaxModOrder, 32) <= 0;
+}
+
+} // namespace eccrypto

src/eccryptoverify.h

@@ -0,0 +1,19 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2013 The Bitcoin developers
+// Distributed under the MIT/X11 software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_EC_CRYPTO_VERIFY_H
+#define BITCOIN_EC_CRYPTO_VERIFY_H
+
+#include <vector>
+#include <cstdlib>
+class uint256;
+
+namespace eccrypto {
+
+bool Check(const unsigned char *vch);
+bool CheckSignatureElement(const unsigned char *vch, int len, bool half);
+
+} // eccrypto namespace
+#endif

src/hash.cpp

@@ -63,3 +63,16 @@ unsigned int MurmurHash3(unsigned int nHashSeed, const std::vector<unsigned char
 
     return h1;
 }
+
+void BIP32Hash(const unsigned char chainCode[32], unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64])
+{
+    unsigned char num[4];
+    num[0] = (nChild >> 24) & 0xFF;
+    num[1] = (nChild >> 16) & 0xFF;
+    num[2] = (nChild >>  8) & 0xFF;
+    num[3] = (nChild >>  0) & 0xFF;
+    CHMAC_SHA512(chainCode, 32).Write(&header, 1)
+                               .Write(data, 32)
+                               .Write(num, 4)
+                               .Finalize(output);
+}

src/hash.h

@@ -159,4 +159,5 @@ uint256 SerializeHash(const T& obj, int nType=SER_GETHASH, int nVersion=PROTOCOL
 
 unsigned int MurmurHash3(unsigned int nHashSeed, const std::vector<unsigned char>& vDataToHash);
 
+void BIP32Hash(const unsigned char chainCode[32], unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64]);
 #endif // BITCOIN_HASH_H

src/key.cpp

@@ -5,6 +5,8 @@
 #include "key.h"
 
 #include "crypto/sha2.h"
+#include "eccryptoverify.h"
+#include "pubkey.h"
 #include "random.h"
 
 #ifdef USE_SECP256K1
@@ -30,60 +32,10 @@ class CSecp256k1Init {
 static CSecp256k1Init instance_of_csecp256k1;
 
 #endif
-
-int CompareBigEndian(const unsigned char *c1, size_t c1len, const unsigned char *c2, size_t c2len) {
-    while (c1len > c2len) {
-        if (*c1)
-            return 1;
-        c1++;
-        c1len--;
-    }
-    while (c2len > c1len) {
-        if (*c2)
-            return -1;
-        c2++;
-        c2len--;
-    }
-    while (c1len > 0) {
-        if (*c1 > *c2)
-            return 1;
-        if (*c2 > *c1)
-            return -1;
-        c1++;
-        c2++;
-        c1len--;
-    }
-    return 0;
-}
-
-/** Order of secp256k1's generator minus 1. */
-const unsigned char vchMaxModOrder[32] = {
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-    0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
-    0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40
-};
-
-/** Half of the order of secp256k1's generator minus 1. */
-const unsigned char vchMaxModHalfOrder[32] = {
-    0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0x5D,0x57,0x6E,0x73,0x57,0xA4,0x50,0x1D,
-    0xDF,0xE9,0x2F,0x46,0x68,0x1B,0x20,0xA0
-};
-
-const unsigned char vchZero[1] = {0};
-
 } // anon namespace
 
 bool CKey::Check(const unsigned char *vch) {
-    return CompareBigEndian(vch, 32, vchZero, 0) > 0 &&
-           CompareBigEndian(vch, 32, vchMaxModOrder, 32) <= 0;
-}
-
-bool CKey::CheckSignatureElement(const unsigned char *vch, int len, bool half) {
-    return CompareBigEndian(vch, len, vchZero, 0) > 0 &&
-           CompareBigEndian(vch, len, half ? vchMaxModHalfOrder : vchMaxModOrder, 32) <= 0;
+    return eccrypto::Check(vch);
 }
 
 void CKey::MakeNewKey(bool fCompressedIn) {
@@ -216,88 +168,6 @@ bool CKey::Load(CPrivKey &privkey, CPubKey &vchPubKey, bool fSkipCheck=false) {
     return true;
 }
 
-bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const {
-    if (!IsValid())
-        return false;
-#ifdef USE_SECP256K1
-    if (secp256k1_ecdsa_verify((const unsigned char*)&hash, 32, &vchSig[0], vchSig.size(), begin(), size()) != 1)
-        return false;
-#else
-    CECKey key;
-    if (!key.SetPubKey(begin(), size()))
-        return false;
-    if (!key.Verify(hash, vchSig))
-        return false;
-#endif
-    return true;
-}
-
-bool CPubKey::RecoverCompact(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
-    if (vchSig.size() != 65)
-        return false;
-    int recid = (vchSig[0] - 27) & 3;
-    bool fComp = ((vchSig[0] - 27) & 4) != 0;
-#ifdef USE_SECP256K1
-    int pubkeylen = 65;
-    if (!secp256k1_ecdsa_recover_compact((const unsigned char*)&hash, 32, &vchSig[1], (unsigned char*)begin(), &pubkeylen, fComp, recid))
-        return false;
-    assert((int)size() == pubkeylen);
-#else
-    CECKey key;
-    if (!key.Recover(hash, &vchSig[1], recid))
-        return false;
-    std::vector<unsigned char> pubkey;
-    key.GetPubKey(pubkey, fComp);
-    Set(pubkey.begin(), pubkey.end());
-#endif
-    return true;
-}
-
-bool CPubKey::IsFullyValid() const {
-    if (!IsValid())
-        return false;
-#ifdef USE_SECP256K1
-    if (!secp256k1_ecdsa_pubkey_verify(begin(), size()))
-        return false;
-#else
-    CECKey key;
-    if (!key.SetPubKey(begin(), size()))
-        return false;
-#endif
-    return true;
-}
-
-bool CPubKey::Decompress() {
-    if (!IsValid())
-        return false;
-#ifdef USE_SECP256K1
-    int clen = size();
-    int ret = secp256k1_ecdsa_pubkey_decompress((unsigned char*)begin(), &clen);
-    assert(ret);
-    assert(clen == (int)size());
-#else
-    CECKey key;
-    if (!key.SetPubKey(begin(), size()))
-        return false;
-    std::vector<unsigned char> pubkey;
-    key.GetPubKey(pubkey, false);
-    Set(pubkey.begin(), pubkey.end());
-#endif
-    return true;
-}
-
-void static BIP32Hash(const unsigned char chainCode[32], unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64]) {
-    unsigned char num[4];
-    num[0] = (nChild >> 24) & 0xFF;
-    num[1] = (nChild >> 16) & 0xFF;
-    num[2] = (nChild >>  8) & 0xFF;
-    num[3] = (nChild >>  0) & 0xFF;
-    CHMAC_SHA512(chainCode, 32).Write(&header, 1)
-                               .Write(data, 32)
-                               .Write(num, 4)
-                               .Finalize(output);
-}
-
 bool CKey::Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const {
     assert(IsValid());
     assert(IsCompressed());
@@ -324,27 +194,6 @@ bool CKey::Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild
     return ret;
 }
 
-bool CPubKey::Derive(CPubKey& pubkeyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const {
-    assert(IsValid());
-    assert((nChild >> 31) == 0);
-    assert(begin() + 33 == end());
-    unsigned char out[64];
-    BIP32Hash(cc, nChild, *begin(), begin()+1, out);
-    memcpy(ccChild, out+32, 32);
-#ifdef USE_SECP256K1
-    pubkeyChild = *this;
-    bool ret = secp256k1_ecdsa_pubkey_tweak_add((unsigned char*)pubkeyChild.begin(), pubkeyChild.size(), out);
-#else
-    CECKey key;
-    bool ret = key.SetPubKey(begin(), size());
-    ret &= key.TweakPublic(out);
-    std::vector<unsigned char> pubkey;
-    key.GetPubKey(pubkey, true);
-    pubkeyChild.Set(pubkey.begin(), pubkey.end());
-#endif
-    return ret;
-}
-
 bool CExtKey::Derive(CExtKey &out, unsigned int nChild) const {
     out.nDepth = nDepth + 1;
     CKeyID id = key.GetPubKey().GetID();
@@ -395,32 +244,6 @@ void CExtKey::Decode(const unsigned char code[74]) {
     key.Set(code+42, code+74, true);
 }
 
-void CExtPubKey::Encode(unsigned char code[74]) const {
-    code[0] = nDepth;
-    memcpy(code+1, vchFingerprint, 4);
-    code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
-    code[7] = (nChild >>  8) & 0xFF; code[8] = (nChild >>  0) & 0xFF;
-    memcpy(code+9, vchChainCode, 32);
-    assert(pubkey.size() == 33);
-    memcpy(code+41, pubkey.begin(), 33);
-}
-
-void CExtPubKey::Decode(const unsigned char code[74]) {
-    nDepth = code[0];
-    memcpy(vchFingerprint, code+1, 4);
-    nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
-    memcpy(vchChainCode, code+9, 32);
-    pubkey.Set(code+41, code+74);
-}
-
-bool CExtPubKey::Derive(CExtPubKey &out, unsigned int nChild) const {
-    out.nDepth = nDepth + 1;
-    CKeyID id = pubkey.GetID();
-    memcpy(&out.vchFingerprint[0], &id, 4);
-    out.nChild = nChild;
-    return pubkey.Derive(out.pubkey, out.vchChainCode, nChild, vchChainCode);
-}
-
 bool ECC_InitSanityCheck() {
 #ifdef USE_SECP256K1
     return true;