forked from ElementsProject/lightning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
signature.h
153 lines (134 loc) · 4.81 KB
/
signature.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#ifndef LIGHTNING_BITCOIN_SIGNATURE_H
#define LIGHTNING_BITCOIN_SIGNATURE_H
#include "config.h"
#include <ccan/short_types/short_types.h>
#include <ccan/tal/tal.h>
#include <secp256k1.h>
struct sha256_double;
struct sha256_ctx;
struct bitcoin_tx;
struct pubkey;
struct privkey;
struct bitcoin_tx_output;
enum sighash_type {
SIGHASH_ALL = 1,
SIGHASH_NONE = 2,
SIGHASH_SINGLE = 3,
SIGHASH_ANYONECANPAY = 0x80
};
#define SIGHASH_MASK 0x7F
static inline bool sighash_single(enum sighash_type sighash_type)
{
return (sighash_type & SIGHASH_MASK) == SIGHASH_SINGLE;
}
static inline bool sighash_anyonecanpay(enum sighash_type sighash_type)
{
return (sighash_type & SIGHASH_ANYONECANPAY) == SIGHASH_ANYONECANPAY;
}
/* We only support a limited range of sighash_type */
static inline bool sighash_type_valid(const enum sighash_type sighash_type)
{
return sighash_type == SIGHASH_ALL
|| sighash_type == (SIGHASH_SINGLE|SIGHASH_ANYONECANPAY);
}
/**
* bitcoin_signature - signature with a sighash type.
*
* sighash_type is SIGHASH_ALL unless you're being tricky. */
struct bitcoin_signature {
secp256k1_ecdsa_signature s;
enum sighash_type sighash_type;
};
/**
* bitcoin_tx_hash_for_sig - produce hash for a transaction
*
* @tx - tx to hash
* @in - index that this 'hash' is for
* @script - script for the index that's being 'hashed for'
* @sighash_type - sighash_type to hash for
* @dest - hash result
*/
void bitcoin_tx_hash_for_sig(const struct bitcoin_tx *tx, unsigned int in,
const u8 *script,
enum sighash_type sighash_type,
struct sha256_double *dest);
/**
* sign_hash - produce a raw secp256k1 signature (with low R value).
* @p: secret key
* @h: hash to sign.
* @sig: signature to fill in and return.
*/
void sign_hash(const struct privkey *p,
const struct sha256_double *h,
secp256k1_ecdsa_signature *sig);
/**
* check_signed_hash - check a raw secp256k1 signature.
* @h: hash which was signed.
* @signature: signature.
* @key: public key corresponding to private key used to sign.
*
* Returns true if the key, hash and signature are correct. Changing any
* one of these will make it fail.
*/
bool check_signed_hash(const struct sha256_double *hash,
const secp256k1_ecdsa_signature *signature,
const struct pubkey *key);
/**
* sign_tx_input - produce a bitcoin signature for a transaction input
* @tx: the bitcoin transaction we're signing.
* @in: the input number to sign.
* @subscript: NULL (pure segwit) or a tal_arr of the signing subscript
* @witness: NULL (non-segwit) or the witness script.
* @privkey: the secret key to use for signing.
* @pubkey: the public key corresonding to @privkey.
* @sighash_type: a valid sighash type.
* @sig: (in) sighash_type indicates what type of signature make in (out) s.
*/
void sign_tx_input(const struct bitcoin_tx *tx,
unsigned int in,
const u8 *subscript,
const u8 *witness,
const struct privkey *privkey, const struct pubkey *pubkey,
enum sighash_type sighash_type,
struct bitcoin_signature *sig);
/**
* check_tx_sig - produce a bitcoin signature for a transaction input
* @tx: the bitcoin transaction which has been signed.
* @in: the input number to which @sig should apply.
* @subscript: NULL (pure segwit) or a tal_arr of the signing subscript
* @witness: NULL (non-segwit) or the witness script.
* @pubkey: the public key corresonding to @privkey used for signing.
* @sig: the signature to check.
*
* Returns true if this signature was created by @privkey and this tx
* and sighash_type, otherwise false.
*/
bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num,
const u8 *subscript,
const u8 *witness,
const struct pubkey *key,
const struct bitcoin_signature *sig);
/* Give DER encoding of signature: returns length used (<= 73). */
size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig);
/* Parse DER encoding into signature sig */
bool signature_from_der(const u8 *der, size_t len, struct bitcoin_signature *sig);
/* Wire marshalling and unmarshalling */
void towire_bitcoin_signature(u8 **pptr, const struct bitcoin_signature *sig);
void fromwire_bitcoin_signature(const u8 **cursor, size_t *max,
struct bitcoin_signature *sig);
/* Schnorr */
struct bip340sig {
u8 u8[64];
};
void towire_bip340sig(u8 **pptr, const struct bip340sig *bip340sig);
void fromwire_bip340sig(const u8 **cursor, size_t *max,
struct bip340sig *bip340sig);
/* Get a hex string sig */
char *fmt_signature(const tal_t *ctx, const secp256k1_ecdsa_signature *sig);
char *fmt_bip340sig(const tal_t *ctx, const struct bip340sig *bip340sig);
/* For caller convenience, we hand in tag in parts (any can be "") */
void bip340_sighash_init(struct sha256_ctx *sctx,
const char *tag1,
const char *tag2,
const char *tag3);
#endif /* LIGHTNING_BITCOIN_SIGNATURE_H */