Safe Haskell | None |
---|
This package provides the elliptic curve cryptography required for creating and validating bitcoin transactions. It also provides SHA-256 and RIPEMD-160 hashing functions.
- data PubKey
- = PubKey {
- pubKeyPoint :: !Point
- | PubKeyU {
- pubKeyPoint :: !Point
- = PubKey {
- isValidPubKey :: PubKey -> Bool
- isPubKeyU :: PubKey -> Bool
- derivePubKey :: PrvKey -> PubKey
- pubKeyAddr :: PubKey -> Address
- addPubKeys :: PubKey -> Hash256 -> Maybe PubKey
- data PrvKey
- = PrvKey {
- prvKeyFieldN :: !FieldN
- | PrvKeyU {
- prvKeyFieldN :: !FieldN
- = PrvKey {
- isValidPrvKey :: Integer -> Bool
- makePrvKey :: Integer -> Maybe PrvKey
- makePrvKeyU :: Integer -> Maybe PrvKey
- fromPrvKey :: PrvKey -> Integer
- isPrvKeyU :: PrvKey -> Bool
- addPrvKeys :: PrvKey -> Hash256 -> Maybe PrvKey
- putPrvKey :: PrvKey -> Put
- getPrvKey :: Get PrvKey
- getPrvKeyU :: Get PrvKey
- fromWIF :: String -> Maybe PrvKey
- toWIF :: PrvKey -> String
- type SecretT m a = StateT (SecretState m) m a
- withSource :: Monad m => (Int -> m ByteString) -> SecretT m a -> m a
- devURandom :: Int -> IO ByteString
- devRandom :: Int -> IO ByteString
- genPrvKey :: Monad m => SecretT m PrvKey
- data Signature
- signMsg :: Monad m => Hash256 -> PrvKey -> SecretT m Signature
- detSignMsg :: Hash256 -> PrvKey -> Signature
- verifySig :: Hash256 -> Signature -> PubKey -> Bool
- isCanonicalHalfOrder :: Signature -> Bool
- type Hash512 = Ring Mod512
- type Hash256 = Ring Mod256
- type Hash160 = Ring Mod160
- data CheckSum32
- hash512 :: ByteString -> Hash512
- hash512BS :: ByteString -> ByteString
- hash256 :: ByteString -> Hash256
- hash256BS :: ByteString -> ByteString
- hash160 :: ByteString -> Hash160
- hash160BS :: ByteString -> ByteString
- doubleHash256 :: ByteString -> Hash256
- doubleHash256BS :: ByteString -> ByteString
- chksum32 :: ByteString -> CheckSum32
- hmac512 :: ByteString -> ByteString -> Hash512
- hmac512BS :: ByteString -> ByteString -> ByteString
- hmac256 :: ByteString -> ByteString -> Hash256
- hmac256BS :: ByteString -> ByteString -> ByteString
- split512 :: Hash512 -> (Hash256, Hash256)
- join512 :: (Hash256, Hash256) -> Hash512
- data Address
- = PubKeyAddress { }
- | ScriptAddress { }
- base58ToAddr :: String -> Maybe Address
- addrToBase58 :: Address -> String
- encodeBase58 :: ByteString -> ByteString
- decodeBase58 :: ByteString -> Maybe ByteString
- encodeBase58Check :: ByteString -> ByteString
- decodeBase58Check :: ByteString -> Maybe ByteString
Elliptic Curve Keys
Public Keys
Elliptic curve public key type. Two constructors are provided for creating compressed and uncompressed public keys from a Point. The use of compressed keys is preferred as it produces shorter keys without compromising security. Uncompressed keys are supported for backwards compatibility.
PubKey | Compressed public key |
| |
PubKeyU | Uncompressed public key |
|
isValidPubKey :: PubKey -> BoolSource
Returns True if the public key is valid. This will check if the public key point lies on the curve.
derivePubKey :: PrvKey -> PubKeySource
Derives a public key from a private key. This function will preserve information on key compression (PrvKey becomes PubKey and PrvKeyU becomes PubKeyU)
pubKeyAddr :: PubKey -> AddressSource
Computes an Address value from a public key
addPubKeys :: PubKey -> Hash256 -> Maybe PubKeySource
Add a public key to a private key defined by its Hash256 value. This will transform the private key into a public key and add the respective public key points together. This is provided as a helper for BIP32 wallet implementations. This function fails for uncompressed keys and returns Nothing if the private key value is >= than the order of the curve N.
Private Keys
Elliptic curve private key type. Two constructors are provided for creating compressed or uncompressed private keys. Compression information is stored in private key WIF formats and needs to be preserved to generate the correct addresses from the corresponding public key.
PrvKey | Compressed private key |
| |
PrvKeyU | Uncompressed private key |
|
isValidPrvKey :: Integer -> BoolSource
Returns True if the private key is valid. This will check if the integer value representing the private key is greater than 0 and smaller than the curve order N.
makePrvKey :: Integer -> Maybe PrvKeySource
Builds a compressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.
makePrvKeyU :: Integer -> Maybe PrvKeySource
Builds an uncompressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.
fromPrvKey :: PrvKey -> IntegerSource
Returns the Integer value of a private key
addPrvKeys :: PrvKey -> Hash256 -> Maybe PrvKeySource
Add two private keys together. One of the keys is defined by a Hash256. The functions fails on uncompressed private keys and return Nothing if the Hash256 is smaller than the order of the curve N. This is provided as a helper for implementing BIP32 wallets.
putPrvKey :: PrvKey -> PutSource
Serialize a private key into the Data.Binary.Put monad as a 32 byte big endian ByteString. This is useful when a constant length serialization format for private keys is required
Deserializes a compressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString.
getPrvKeyU :: Get PrvKeySource
Deserializes an uncompressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString
fromWIF :: String -> Maybe PrvKeySource
Decodes a private key from a WIF encoded String. This function can fail if the input string does not decode correctly as a base 58 string or if the checksum fails. http://en.bitcoin.it/wiki/Wallet_import_format
ECDSA
SecretT Monad
The SecretT monad is a monadic wrapper around HMAC DRBG (deterministic
random byte generator) using SHA-256. The implementation is provided in
Hash
and the specification is defined in
http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf. The
SecretT monad is used to generate random private keys and random nonces
for ECDSA signatures.
type SecretT m a = StateT (SecretState m) m aSource
StateT monad stack tracking the internal state of HMAC DRBG
pseudo random number generator using SHA-256. The SecretT
monad is
run with the withSource
function by providing it a source of entropy.
withSource :: Monad m => (Int -> m ByteString) -> SecretT m a -> m aSource
Run a SecretT
monad by providing it a source of entropy. You can
use devURandom
, devRandom
or provide your own entropy source function.
devURandom :: Int -> IO ByteStringSource
/dev/urandom entropy source. This is only available on machines
supporting it. This function is meant to be used together with withSource
.
devRandom :: Int -> IO ByteStringSource
/dev/random entropy source. This is only available on machines
supporting it. This function is meant to be used together with withSource
.
Signatures
Elliptic curve cryptography standards are defined in http://www.secg.org/download/aid-780/sec1-v2.pdf
Data type representing an ECDSA signature.
detSignMsg :: Hash256 -> PrvKey -> SignatureSource
Sign a message using ECDSA deterministic signatures as defined by RFC 6979 http://tools.ietf.org/html/rfc6979
isCanonicalHalfOrder :: Signature -> BoolSource
Returns True if the S component of a Signature is <= order/2. Signatures need to pass this test to be canonical.
Hash functions
type Hash512 = Ring Mod512Source
Data type representing a 512 bit unsigned integer. It is implemented as an Integer modulo 2^512.
type Hash256 = Ring Mod256Source
Data type representing a 256 bit unsigned integer. It is implemented as an Integer modulo 2^256.
type Hash160 = Ring Mod160Source
Data type representing a 160 bit unsigned integer. It is implemented as an Integer modulo 2^160.
data CheckSum32 Source
Data type representing a 32 bit checksum
hash512 :: ByteString -> Hash512Source
Computes SHA-512.
hash512BS :: ByteString -> ByteStringSource
Computes SHA-512 and returns the result as a bytestring.
hash256 :: ByteString -> Hash256Source
Computes SHA-256.
hash256BS :: ByteString -> ByteStringSource
Computes SHA-256 and returns the result as a bytestring.
hash160 :: ByteString -> Hash160Source
Computes RIPEMD-160.
hash160BS :: ByteString -> ByteStringSource
Computes RIPEMD-160 and returns the result as a bytestring.
doubleHash256 :: ByteString -> Hash256Source
Computes two rounds of SHA-256.
doubleHash256BS :: ByteString -> ByteStringSource
Computes two rounds of SHA-256 and returns the result as a bytestring.
chksum32 :: ByteString -> CheckSum32Source
Computes a 32 bit checksum.
hmac512 :: ByteString -> ByteString -> Hash512Source
Computes HMAC over SHA-512.
hmac512BS :: ByteString -> ByteString -> ByteStringSource
Computes HMAC over SHA-512 and return the result as a bytestring.
hmac256 :: ByteString -> ByteString -> Hash256Source
Computes HMAC over SHA-256.
hmac256BS :: ByteString -> ByteString -> ByteStringSource
Computes HMAC over SHA-256 and return the result as a bytestring.
Base58 and Addresses
Data type representing a Bitcoin address
PubKeyAddress | Public Key Hash Address |
ScriptAddress | Script Hash Address |
base58ToAddr :: String -> Maybe AddressSource
Decodes an Address from a base58 encoded String. This function can fail if the String is not properly encoded as base58 or the checksum fails.
addrToBase58 :: Address -> StringSource
Transforms an Address into a base58 encoded String
encodeBase58 :: ByteString -> ByteStringSource
Encode a bytestring to a base 58 representation.
decodeBase58 :: ByteString -> Maybe ByteStringSource
Decode a base 58 encoded bytestring. This can fail if the input bytestring contains invalid base 58 characters such as 0,O,l,I
encodeBase58Check :: ByteString -> ByteStringSource
Computes a checksum for the input bytestring and encodes the input and the checksum to a base 58 representation.
decodeBase58Check :: ByteString -> Maybe ByteStringSource
Decode a base 58 encoded bytestring that contains a checksum. This function returns Nothing if the input bytestring contains invalid base 58 characters or if the checksum fails.