Script Decompress(uint nSize, byte[] data) { switch (nSize) { case 0x00: return(new Script(OpcodeType.OP_DUP, OpcodeType.OP_HASH160, Op.GetPushOp(data.SafeSubarray(0, 20)), OpcodeType.OP_EQUALVERIFY, OpcodeType.OP_CHECKSIG)); case 0x01: return(new Script(OpcodeType.OP_HASH160, Op.GetPushOp(data.SafeSubarray(0, 20)), OpcodeType.OP_EQUAL)); case 0x02: case 0x03: return(new Script(Op.GetPushOp(new byte[] { (byte)nSize }.Concat(data.SafeSubarray(0, 32)).ToArray()), OpcodeType.OP_CHECKSIG)); case 0x04: case 0x05: byte[] vch = new byte[33]; vch[0] = (byte)(nSize - 2); Array.Copy(data, 0, vch, 1, 32); PubKey pubkey = new PubKey(vch); pubkey = pubkey.Decompress(); return(new Script(Op.GetPushOp(pubkey.ToBytes()), OpcodeType.OP_CHECKSIG)); } return(null); }
public bool Check(string passphrase, BitcoinAddress expectedAddress) { //Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint byte[] passfactor = BitcoinEncryptedSecretEC.CalculatePassFactor(passphrase, LotSequence, OwnerEntropy); //Derive decryption key for pointb using scrypt with passpoint, addresshash, and ownerentropy byte[] passpoint = BitcoinEncryptedSecretEC.CalculatePassPoint(passfactor); byte[] derived = BitcoinEncryptedSecretEC.CalculateDecryptionKey(passpoint, AddressHash, OwnerEntropy); //Decrypt encryptedpointb to yield pointb var pointbprefix = EncryptedPointB[0]; pointbprefix = (byte)(pointbprefix ^ (byte)(derived[63] & (byte)0x01)); //Optional since ArithmeticException will catch it, but it saves some times if (pointbprefix != 0x02 && pointbprefix != 0x03) { return(false); } var pointb = BitcoinEncryptedSecret.DecryptKey(EncryptedPointB.Skip(1).ToArray(), derived); pointb = new byte[] { pointbprefix }.Concat(pointb).ToArray(); //4.ECMultiply pointb by passfactor. Use the resulting EC point as a public key #if HAS_SPAN if (!NBitcoinContext.Instance.TryCreatePubKey(pointb, out var pk) || pk is null) { return(false); } PubKey pubkey = new PubKey(pk.TweakMul(passfactor), true); #else var curve = ECKey.Secp256k1; ECPoint pointbec; try { pointbec = curve.Curve.DecodePoint(pointb); } catch (ArgumentException) { return(false); } catch (ArithmeticException) { return(false); } PubKey pubkey = new PubKey(pointbec.Multiply(new BigInteger(1, passfactor)).GetEncoded()); #endif //and hash it into address using either compressed or uncompressed public key methodology as specifid in flagbyte. pubkey = IsCompressed ? pubkey.Compress() : pubkey.Decompress(); var actualhash = BitcoinEncryptedSecretEC.HashAddress(pubkey.GetAddress(ScriptPubKeyType.Legacy, Network)); var expectedhash = BitcoinEncryptedSecretEC.HashAddress(expectedAddress); return(Utils.ArrayEqual(actualhash, expectedhash)); }
public bool Check(string passphrase, BitcoinAddress expectedAddress) { //Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint byte[] passfactor = BitcoinEncryptedSecretEC.CalculatePassFactor(passphrase, this.LotSequence, this.OwnerEntropy); //Derive decryption key for pointb using scrypt with passpoint, addresshash, and ownerentropy byte[] passpoint = BitcoinEncryptedSecretEC.CalculatePassPoint(passfactor); byte[] derived = BitcoinEncryptedSecretEC.CalculateDecryptionKey(passpoint, this.AddressHash, this.OwnerEntropy); //Decrypt encryptedpointb to yield pointb byte pointbprefix = this.EncryptedPointB[0]; pointbprefix = (byte)(pointbprefix ^ (byte)(derived[63] & (byte)0x01)); //Optional since ArithmeticException will catch it, but it saves some times if (pointbprefix != 0x02 && pointbprefix != 0x03) { return(false); } byte[] pointb = BitcoinEncryptedSecret.DecryptKey(this.EncryptedPointB.Skip(1).ToArray(), derived); pointb = new byte[] { pointbprefix }.Concat(pointb).ToArray(); //4.ECMultiply pointb by passfactor. Use the resulting EC point as a public key X9ECParameters curve = ECKey.Secp256k1; ECPoint pointbec; try { pointbec = curve.Curve.DecodePoint(pointb); } catch (ArgumentException) { return(false); } catch (ArithmeticException) { return(false); } var pubkey = new PubKey(pointbec.Multiply(new BigInteger(1, passfactor)).GetEncoded()); //and hash it into address using either compressed or uncompressed public key methodology as specifid in flagbyte. pubkey = this.IsCompressed ? pubkey.Compress() : pubkey.Decompress(); byte[] actualhash = BitcoinEncryptedSecretEC.HashAddress(pubkey.GetAddress(this.Network)); byte[] expectedhash = BitcoinEncryptedSecretEC.HashAddress(expectedAddress); return(Utils.ArrayEqual(actualhash, expectedhash)); }
public EncryptedKeyResult GenerateEncryptedSecret(bool isCompressed = true, byte[] seedb = null) { //Set flagbyte. byte flagByte = 0; //Turn on bit 0x20 if the Bitcoin address will be formed by hashing the compressed public key flagByte |= isCompressed ? (byte)0x20 : (byte)0x00; flagByte |= LotSequence != null ? (byte)0x04 : (byte)0x00; //Generate 24 random bytes, call this seedb. Take SHA256(SHA256(seedb)) to yield 32 bytes, call this factorb. seedb = seedb ?? RandomUtils.GetBytes(24); var factorb = Hashes.Hash256(seedb).ToBytes(); //ECMultiply passpoint by factorb. var curve = ECKey.CreateCurve(); var passpoint = curve.Curve.DecodePoint(Passpoint); var pubPoint = passpoint.Multiply(new BigInteger(1, factorb)); //Use the resulting EC point as a public key var pubKey = new PubKey(pubPoint.GetEncoded()); //and hash it into a Bitcoin address using either compressed or uncompressed public key //This is the generated Bitcoin address, call it generatedaddress. pubKey = isCompressed ? pubKey.Compress() : pubKey.Decompress(); //call it generatedaddress. var generatedaddress = pubKey.GetAddress(Network); //Take the first four bytes of SHA256(SHA256(generatedaddress)) and call it addresshash. var addresshash = BitcoinEncryptedSecretEC.HashAddress(generatedaddress); //Derive a second key from passpoint using scrypt //salt is addresshash + ownerentropy var derived = BitcoinEncryptedSecretEC.CalculateDecryptionKey(Passpoint, addresshash, OwnerEntropy); //Now we will encrypt seedb. var encrypted = BitcoinEncryptedSecret.EncryptSeed (seedb, derived); //0x01 0x43 + flagbyte + addresshash + ownerentropy + encryptedpart1[0...7] + encryptedpart2 which totals 39 bytes var bytes = new[] { flagByte } .Concat(addresshash) .Concat(this.OwnerEntropy) .Concat(encrypted.Take(8).ToArray()) .Concat(encrypted.Skip(16).ToArray()) .ToArray(); var encryptedSecret = new BitcoinEncryptedSecretEC(bytes, Network); return(new EncryptedKeyResult(encryptedSecret, generatedaddress, seedb, () => { //ECMultiply factorb by G, call the result pointb. The result is 33 bytes. var pointb = new Key(factorb).PubKey.ToBytes(); //The first byte is 0x02 or 0x03. XOR it by (derivedhalf2[31] & 0x01), call the resulting byte pointbprefix. var pointbprefix = (byte)(pointb[0] ^ (byte)(derived[63] & 0x01)); var pointbx = BitcoinEncryptedSecret.EncryptKey(pointb.Skip(1).ToArray(), derived); var encryptedpointb = new byte[] { pointbprefix }.Concat(pointbx).ToArray(); var confirmBytes = Network.GetVersionBytes(Base58Type.CONFIRMATION_CODE) .Concat(new[] { flagByte }) .Concat(addresshash) .Concat(OwnerEntropy) .Concat(encryptedpointb) .ToArray(); return new BitcoinConfirmationCode(Encoders.Base58Check.EncodeData(confirmBytes), Network); })); }
Script Decompress(uint nSize, byte[] data) { switch(nSize) { case 0x00: return new Script(OpcodeType.OP_DUP, OpcodeType.OP_HASH160, Op.GetPushOp(data.Take(20).ToArray()), OpcodeType.OP_EQUALVERIFY, OpcodeType.OP_CHECKSIG); case 0x01: return new Script(OpcodeType.OP_HASH160, Op.GetPushOp(data.Take(20).ToArray()), OpcodeType.OP_EQUAL); case 0x02: case 0x03: return new Script(Op.GetPushOp(new byte[] { (byte)nSize }.Concat(data.Take(32)).ToArray()), OpcodeType.OP_CHECKSIG); case 0x04: case 0x05: byte[] vch = new byte[33]; vch[0] = (byte)(nSize - 2); Array.Copy(data, vch, 32); PubKey pubkey = new PubKey(vch); pubkey = pubkey.Decompress(); return new Script(Op.GetPushOp(pubkey.ToBytes()), OpcodeType.OP_CHECKSIG); } return null; }
public bool Check(string passphrase, BitcoinAddress expectedAddress) { //Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint byte[] passfactor = BitcoinEncryptedSecretEC.CalculatePassFactor(passphrase, LotSequence, OwnerEntropy); //Derive decryption key for pointb using scrypt with passpoint, addresshash, and ownerentropy byte[] passpoint = BitcoinEncryptedSecretEC.CalculatePassPoint(passfactor); byte[] derived = BitcoinEncryptedSecretEC.CalculateDecryptionKey(passpoint, AddressHash, OwnerEntropy); //Decrypt encryptedpointb to yield pointb var pointbprefix = EncryptedPointB[0]; pointbprefix = (byte)(pointbprefix ^ (byte)(derived[63] & (byte)0x01)); //Optional since ArithmeticException will catch it, but it saves some times if(pointbprefix != 0x02 && pointbprefix != 0x03) return false; var pointb = BitcoinEncryptedSecret.DecryptKey(EncryptedPointB.Skip(1).ToArray(), derived); pointb = new byte[] { pointbprefix }.Concat(pointb).ToArray(); //4.ECMultiply pointb by passfactor. Use the resulting EC point as a public key var curve = ECKey.CreateCurve(); ECPoint pointbec = null; try { pointbec = curve.Curve.DecodePoint(pointb); } catch(ArithmeticException) { return false; } PubKey pubkey = new PubKey(pointbec.Multiply(new BigInteger(1, passfactor)).GetEncoded()); //and hash it into address using either compressed or uncompressed public key methodology as specifid in flagbyte. pubkey = IsCompressed ? pubkey.Compress() : pubkey.Decompress(); var actualhash = BitcoinEncryptedSecretEC.HashAddress(pubkey.GetAddress(Network)); var expectedhash = BitcoinEncryptedSecretEC.HashAddress(expectedAddress); return Utils.ArrayEqual(actualhash, expectedhash); }
public EncryptedKeyResult GenerateEncryptedSecret(bool isCompressed = true, byte[] seedb = null) { //Set flagbyte. byte flagByte = 0; //Turn on bit 0x20 if the Bitcoin address will be formed by hashing the compressed public key flagByte |= isCompressed ? (byte)0x20 : (byte)0x00; flagByte |= LotSequence != null ? (byte)0x04 : (byte)0x00; //Generate 24 random bytes, call this seedb. Take SHA256(SHA256(seedb)) to yield 32 bytes, call this factorb. seedb = seedb ?? RandomUtils.GetBytes(24); var factorb = Hashes.Hash256(seedb).ToBytes(); //ECMultiply passpoint by factorb. var curve = ECKey.Secp256k1; var passpoint = curve.Curve.DecodePoint(Passpoint); var pubPoint = passpoint.Multiply(new BigInteger(1, factorb)); //Use the resulting EC point as a public key var pubKey = new PubKey(pubPoint.GetEncoded()); //and hash it into a Bitcoin address using either compressed or uncompressed public key //This is the generated Bitcoin address, call it generatedaddress. pubKey = isCompressed ? pubKey.Compress() : pubKey.Decompress(); //call it generatedaddress. var generatedaddress = pubKey.GetAddress(Network); //Take the first four bytes of SHA256(SHA256(generatedaddress)) and call it addresshash. var addresshash = BitcoinEncryptedSecretEC.HashAddress(generatedaddress); //Derive a second key from passpoint using scrypt //salt is addresshash + ownerentropy var derived = BitcoinEncryptedSecretEC.CalculateDecryptionKey(Passpoint, addresshash, OwnerEntropy); //Now we will encrypt seedb. var encrypted = BitcoinEncryptedSecret.EncryptSeed (seedb, derived); //0x01 0x43 + flagbyte + addresshash + ownerentropy + encryptedpart1[0...7] + encryptedpart2 which totals 39 bytes var bytes = new[] { flagByte } .Concat(addresshash) .Concat(this.OwnerEntropy) .Concat(encrypted.Take(8).ToArray()) .Concat(encrypted.Skip(16).ToArray()) .ToArray(); var encryptedSecret = new BitcoinEncryptedSecretEC(bytes, Network); return new EncryptedKeyResult(encryptedSecret, generatedaddress, seedb, () => { //ECMultiply factorb by G, call the result pointb. The result is 33 bytes. var pointb = new Key(factorb).PubKey.ToBytes(); //The first byte is 0x02 or 0x03. XOR it by (derivedhalf2[31] & 0x01), call the resulting byte pointbprefix. var pointbprefix = (byte)(pointb[0] ^ (byte)(derived[63] & 0x01)); var pointbx = BitcoinEncryptedSecret.EncryptKey(pointb.Skip(1).ToArray(), derived); var encryptedpointb = new byte[] { pointbprefix }.Concat(pointbx).ToArray(); var confirmBytes = Network.GetVersionBytes(Base58Type.CONFIRMATION_CODE) .Concat(new[] { flagByte }) .Concat(addresshash) .Concat(OwnerEntropy) .Concat(encryptedpointb) .ToArray(); return new BitcoinConfirmationCode(Encoders.Base58Check.EncodeData(confirmBytes), Network); }); }