leveldb::Slice slice_block_hash(const hash_digest& block_hash)
{
// Cut first 16 bytes of block hash
BITCOIN_ASSERT(block_hash.size() == 32);
return leveldb::Slice(
reinterpret_cast<const char*>(block_hash.data() + 16), 16);
}
stealth_bitfield calculate_bitfield(const data_chunk& stealth_data)
{
// Calculate stealth bitfield
const hash_digest index = generate_sha256_hash(stealth_data);
auto deserial = make_deserializer(
index.begin(), index.begin() + bitfield_size);
stealth_bitfield bitfield = deserial.read_uint_auto<stealth_bitfield>();
return bitfield;
}
bool verify_signature(const ec_point& public_key, hash_digest hash,
const endorsement& signature)
{
init.init();
return 1 == secp256k1_ecdsa_verify(hash.data(), hash.size(),
signature.data(), signature.size(), public_key.data(),
public_key.size()
);
}
bool read_hash(hash_digest& hash, const data_chunk& raw_hash)
{
if (raw_hash.size() != hash.size())
{
log_warning(LOG_SUBSCRIBER) << "Wrong size for hash. Dropping.";
return false;
}
std::copy(raw_hash.begin(), raw_hash.end(), hash.begin());
return true;
}
bool verify_signature(const ec_point& public_key, hash_digest hash,
const data_chunk& signature)
{
std::reverse(hash.begin(), hash.end());
init.init();
return 1 == secp256k1_ecdsa_verify(
hash.data(), hash.size(),
signature.data(), signature.size(),
public_key.data(), public_key.size()
);
}
bool elliptic_curve_key::verify(hash_digest hash, const data_chunk& signature)
{
BITCOIN_ASSERT(key_ != nullptr);
// SSL likes a reversed hash
std::reverse(hash.begin(), hash.end());
// -1 = error, 0 = bad sig, 1 = good
if (ECDSA_verify(0, hash.data(), hash.size(),
signature.data(), signature.size(), key_) == 1)
return true;
return false;
}
int get_block_hash(Db*, const Dbt*, const Dbt* data, Dbt* second_key)
{
std::stringstream ss(std::string(
reinterpret_cast<const char*>(data->get_data()), data->get_size()));
protobuf::Block proto_block;
proto_block.ParseFromIstream(&ss);
message::block serial_block = protobuf_to_block_header(proto_block);
second_hash = hash_block_header(serial_block);
second_key->set_data(second_hash.data());
second_key->set_size(second_hash.size());
return 0;
}
data_chunk elliptic_curve_key::sign(hash_digest hash) const
{
BITCOIN_ASSERT(key_ != nullptr);
// SSL likes a reversed hash
std::reverse(hash.begin(), hash.end());
data_chunk signature(ECDSA_size(key_));
unsigned int signature_length = signature.size();
if (!ECDSA_sign(0, hash.data(), hash.size(),
signature.data(), &signature_length, key_))
return data_chunk();
signature.resize(signature_length);
return signature;
}
compact_signature sign_compact(ec_secret secret, hash_digest hash,
ec_secret nonce)
{
init.init();
compact_signature out;
if (0 < secp256k1_ecdsa_sign_compact(hash.data(), hash.size(),
out.signature.data(), secret.data(), nonce.data(), &out.recid))
{
return out;
}
// Error case:
return compact_signature{{{0}}, 0};
}
compact_signature sign_compact(ec_secret secret, hash_digest hash)
{
init.init();
compact_signature out;
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign_compact(hash.data(), hash.size(),
out.signature.data(), secret.data(), nonce.data(), &out.recid) <= 0);
return out;
}
endorsement sign(ec_secret secret, hash_digest hash, ec_secret nonce)
{
init.init();
int out_size = max_endorsement_size;
endorsement signature(out_size);
if (0 < secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(),
&out_size, secret.data(), nonce.data()))
{
signature.resize(out_size);
return signature;
}
// Error case:
return endorsement();
}
/**
* Copy `binary` data from protobuf's storage format (std::string)
* to libbitcoin's storage format (hash_digest).
*/
static bool unpack_hash(hash_digest& out, const std::string& in)
{
if (in.size() != hash_size)
return false;
std::copy(in.begin(), in.end(), out.begin());
return true;
}
data_chunk sign(ec_secret secret, hash_digest hash, ec_secret nonce)
{
std::reverse(hash.begin(), hash.end());
init.init();
int out_size = 72;
data_chunk signature(out_size);
if (!verify_private_key(nonce)) // Needed because of upstream bug
return data_chunk();
bool valid = secp256k1_ecdsa_sign(hash.data(), hash.size(),
signature.data(), &out_size, secret.data(), nonce.data()) == 1;
if (!valid)
return data_chunk();
signature.resize(out_size);
return signature;
}
endorsement sign(ec_secret secret, hash_digest hash)
{
init.init();
int out_size = max_endorsement_size;
endorsement signature(out_size);
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(),
&out_size, secret.data(), nonce.data()) <= 0);
signature.resize(out_size);
return signature;
}
static one_byte point_sign(uint8_t byte, const hash_digest& hash)
{
static constexpr uint8_t low_bit_mask = 0x01;
const uint8_t last_byte = hash.back();
const uint8_t last_byte_odd_field = last_byte & low_bit_mask;
const uint8_t sign_byte = byte ^ last_byte_odd_field;
return to_array(sign_byte);
}
bool extract_ephemeral_key(hash_digest& out_unsigned_ephemeral_key,
const script& script)
{
if (!is_stealth_script(script))
return false;
const auto& data = script.operations[1].data;
std::copy(data.begin(), data.begin() + hash_size,
out_unsigned_ephemeral_key.begin());
return true;
}
bool sign(ec_signature& out, const ec_secret& secret, const hash_digest& hash)
{
secp256k1_ecdsa_signature signature;
const auto context = signing.context();
if (secp256k1_ecdsa_sign(context, &signature, hash.data(), secret.data(),
secp256k1_nonce_function_rfc6979, nullptr) != 1)
return false;
std::copy_n(std::begin(signature.data), out.size(), out.begin());
return true;
}
bool recover_public(const secp256k1_context* context, byte_array<Size>& out,
const recoverable_signature& recoverable, const hash_digest& hash)
{
secp256k1_pubkey pubkey;
secp256k1_ecdsa_recoverable_signature sign;
const auto recovery_id = static_cast<int>(recoverable.recovery_id);
return
secp256k1_ecdsa_recoverable_signature_parse_compact(context,
&sign, recoverable.signature.data(), recovery_id) == 1 &&
secp256k1_ecdsa_recover(context, &pubkey, &sign, hash.data()) == 1 &&
serialize(context, out, pubkey);
}
ec_point recover_compact(compact_signature signature,
hash_digest hash, bool compressed)
{
init.init();
size_t public_key_size = ec_uncompressed_size;
if (compressed)
public_key_size = ec_compressed_size;
ec_point out(public_key_size);
int out_size;
if (0 < secp256k1_ecdsa_recover_compact(hash.data(), hash.size(),
signature.signature.data(), out.data(), &out_size, compressed,
signature.recid))
{
BITCOIN_ASSERT(public_key_size == static_cast<size_t>(out_size));
return out;
}
// Error case:
return ec_point();
}
bool decode_hash(hash_digest& out, const std::string& in)
{
if (in.size() != 2 * hash_size)
return false;
hash_digest result;
if (!decode_base16_private(result.data(), result.size(), in.data()))
return false;
// Reverse:
std::reverse_copy(result.begin(), result.end(), out.begin());
return true;
}
bool verify_signature(const secp256k1_context* context,
const secp256k1_pubkey point, const hash_digest& hash,
const ec_signature& signature)
{
// Copy to avoid exposing external types.
secp256k1_ecdsa_signature parsed;
std::copy(signature.begin(), signature.end(), std::begin(parsed.data));
// secp256k1_ecdsa_verify rejects non-normalized (low-s) signatures, but
// bitcoin does not have such a limitation, so we always normalize.
secp256k1_ecdsa_signature normal;
secp256k1_ecdsa_signature_normalize(context, &normal, &parsed);
return secp256k1_ecdsa_verify(context, &normal, hash.data(), &point) == 1;
}
BC_API ec_secret create_nonce(ec_secret secret, hash_digest hash)
{
std::reverse(hash.begin(), hash.end());
init.init();
hash_digest K
{{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}};
hash_digest V
{{
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
}};
K = hmac_sha256_hash(V + byte_array<1>{{0x00}} + secret + hash, K);
V = hmac_sha256_hash(V, K);
K = hmac_sha256_hash(V + byte_array<1>{{0x01}} + secret + hash, K);
V = hmac_sha256_hash(V, K);
while (true)
{
V = hmac_sha256_hash(V, K);
if (verify_private_key(V))
return V;
K = hmac_sha256_hash(V + byte_array<1>{{0x00}}, K);
V = hmac_sha256_hash(V, K);
}
}
bool sign_recoverable(recoverable_signature& out, const ec_secret& secret,
const hash_digest& hash)
{
int recovery_id;
const auto context = signing.context();
secp256k1_ecdsa_recoverable_signature signature;
const auto result =
secp256k1_ecdsa_sign_recoverable(context, &signature, hash.data(),
secret.data(), secp256k1_nonce_function_rfc6979, nullptr) == 1 &&
secp256k1_ecdsa_recoverable_signature_serialize_compact(context,
out.signature.data(), &recovery_id, &signature) == 1;
BITCOIN_ASSERT(recovery_id >= 0 && recovery_id <= 3);
out.recovery_id = static_cast<uint8_t>(recovery_id);
return result;
}
bool message::dequeue(hash_digest& value)
{
if (queue_.empty())
return false;
const auto& front = queue_.front();
if (front.size() == hash_size)
{
std::copy(front.begin(), front.end(), value.begin());
queue_.pop();
return true;
}
queue_.pop();
return false;
}
void hashtable_database_writer::store(const hash_digest& key_hash,
size_t value_size, write_value_function write)
{
// Calculate the end of the last record.
const uint64_t header_size = 24 + buckets_ * 8;
const uint64_t records_end_offset = header_size + total_records_size_;
// [ tx hash ] 32
// [ varuint value size ]
// [ ... value data ... ]
// [ next tx in bucket ] 8
const size_t record_size =
32 + variable_uint_size(value_size) + value_size + 8;
// If a record crosses a page boundary then we align it with
// the beginning of the next page.
const size_t record_begin =
align_if_crossing_page(page_size_, records_end_offset, record_size);
BITCOIN_ASSERT(file_.size() >= record_begin + record_size);
// We will insert new transactions at the beginning of the bucket's list.
// I assume that more recent transactions in the blockchain are used
// more often than older ones.
// We lookup the existing value in the bucket first.
const uint64_t bucket_index = remainder(key_hash.data(), buckets_);
BITCOIN_ASSERT(bucket_index < buckets_);
const uint64_t previous_bucket_value = read_bucket_value(bucket_index);
// Now begin writing the record itself.
uint8_t* entry = file_.data() + record_begin;
auto serial = make_serializer(entry);
serial.write_hash(key_hash);
serial.write_variable_uint(value_size);
// Call the supplied callback to serialize the data.
write(serial.iterator());
serial.set_iterator(serial.iterator() + value_size);
serial.write_8_bytes(previous_bucket_value);
BITCOIN_ASSERT(serial.iterator() == entry + record_size);
// Change file size value at file start.
// This must be done first so any subsequent writes don't
// overwrite this record in case of a crash or interruption.
BITCOIN_ASSERT(record_begin >= header_size);
const uint64_t alignment_padding =
record_begin - header_size - total_records_size_;
BITCOIN_ASSERT(alignment_padding <= page_size_);
total_records_size_ += record_size + alignment_padding;
// Now add record to bucket.
const uint64_t record_begin_offset = record_begin - header_size;
link_record(bucket_index, record_begin_offset);
}
bool verify_signature(data_slice point, const hash_digest& hash,
const ec_signature& signature)
{
// Copy to avoid exposing external types.
secp256k1_ecdsa_signature parsed;
std::copy(signature.begin(), signature.end(), std::begin(parsed.data));
// secp256k1_ecdsa_verify rejects non-normalized (low-s) signatures, but
// bitcoin does not have such a limitation, so we always normalize.
secp256k1_ecdsa_signature normal;
const auto context = verification.context();
secp256k1_ecdsa_signature_normalize(context, &normal, &parsed);
// This uses a data slice and calls secp256k1_ec_pubkey_parse() in place of
// parse() so that we can support the der_verify data_chunk optimization.
secp256k1_pubkey pubkey;
const auto size = point.size();
return
secp256k1_ec_pubkey_parse(context, &pubkey, point.data(), size) == 1 &&
secp256k1_ecdsa_verify(context, &normal, hash.data(), &pubkey) == 1;
}
const hashtable_database_reader::get_result hashtable_database_reader::get(
const hash_digest& key_hash) const
{
uint64_t bucket_index = remainder(key_hash.data(), writer_.buckets());
BITCOIN_ASSERT(bucket_index < writer_.buckets());
uint64_t record_offset = read_record_offset(file_.data(), bucket_index);
const uint64_t header_size = 24 + writer_.buckets() * 8;
const uint8_t* all_records_begin = file_.data() + header_size;
const uint8_t* all_records_end =
all_records_begin + writer_.records_size();
const uint8_t* record_begin = all_records_begin + record_offset;
// We don't know the end of a record, so we use the end of all records
// for the deserializer.
// We will be jumping around the records since it's a chained
// list per bucket.
// Begin iterating the list.
while (true)
{
auto deserial = make_deserializer(record_begin, all_records_end);
const hash_digest current_hash = deserial.read_hash();
uint64_t value_size = deserial.read_variable_uint();
if (current_hash != key_hash)
{
// Move to next record in bucket.
// Skip the transaction data.
deserial.set_iterator(deserial.iterator() + value_size);
uint64_t next_record = deserial.read_8_bytes();
if (next_record == record_doesnt_exist)
return {nullptr, nullptr};
record_begin = all_records_begin + next_record;
continue;
}
// We have the record!
return {deserial.iterator(), deserial.iterator() + value_size};
}
BITCOIN_ASSERT_MSG(false, "Broke out of unbreakable loop!");
return {nullptr, nullptr};
}
static std::string pack_hash(hash_digest in)
{
return std::string(in.begin(), in.end());
}
void hash_number::set_hash(const hash_digest& hash)
{
std::copy(hash.begin(), hash.end(), hash_.begin());
}
void append_hash(czmqpp::message& message, const hash_digest& hash)
{
message.append(data_chunk(hash.begin(), hash.end()));
}
