util: move util/message to common/signmessage

Move util/message to common/signmessage so it is named more clearly, and
because the util library is not supposed to depend on other libraries besides
the crypto library. The signmessage functions use CKey, CPubKey, PKHash, and
DecodeDestination functions in the consensus and common libraries.

src/common/signmessage.cpp

@@ -0,0 +1,93 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2022 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <common/signmessage.h>
+#include <hash.h>
+#include <key.h>
+#include <key_io.h>
+#include <pubkey.h>
+#include <uint256.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <optional>
+#include <string>
+#include <variant>
+#include <vector>
+
+/**
+ * Text used to signify that a signed message follows and to prevent
+ * inadvertently signing a transaction.
+ */
+const std::string MESSAGE_MAGIC = "Bitcoin Signed Message:\n";
+
+MessageVerificationResult MessageVerify(
+    const std::string& address,
+    const std::string& signature,
+    const std::string& message)
+{
+    CTxDestination destination = DecodeDestination(address);
+    if (!IsValidDestination(destination)) {
+        return MessageVerificationResult::ERR_INVALID_ADDRESS;
+    }
+
+    if (std::get_if<PKHash>(&destination) == nullptr) {
+        return MessageVerificationResult::ERR_ADDRESS_NO_KEY;
+    }
+
+    auto signature_bytes = DecodeBase64(signature);
+    if (!signature_bytes) {
+        return MessageVerificationResult::ERR_MALFORMED_SIGNATURE;
+    }
+
+    CPubKey pubkey;
+    if (!pubkey.RecoverCompact(MessageHash(message), *signature_bytes)) {
+        return MessageVerificationResult::ERR_PUBKEY_NOT_RECOVERED;
+    }
+
+    if (!(PKHash(pubkey) == *std::get_if<PKHash>(&destination))) {
+        return MessageVerificationResult::ERR_NOT_SIGNED;
+    }
+
+    return MessageVerificationResult::OK;
+}
+
+bool MessageSign(
+    const CKey& privkey,
+    const std::string& message,
+    std::string& signature)
+{
+    std::vector<unsigned char> signature_bytes;
+
+    if (!privkey.SignCompact(MessageHash(message), signature_bytes)) {
+        return false;
+    }
+
+    signature = EncodeBase64(signature_bytes);
+
+    return true;
+}
+
+uint256 MessageHash(const std::string& message)
+{
+    HashWriter hasher{};
+    hasher << MESSAGE_MAGIC << message;
+
+    return hasher.GetHash();
+}
+
+std::string SigningResultString(const SigningResult res)
+{
+    switch (res) {
+        case SigningResult::OK:
+            return "No error";
+        case SigningResult::PRIVATE_KEY_NOT_AVAILABLE:
+            return "Private key not available";
+        case SigningResult::SIGNING_FAILED:
+            return "Sign failed";
+        // no default case, so the compiler can warn about missing cases
+    }
+    assert(false);
+}

src/common/signmessage.h

@@ -0,0 +1,77 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2022 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_COMMON_SIGNMESSAGE_H
+#define BITCOIN_COMMON_SIGNMESSAGE_H
+
+#include <uint256.h>
+
+#include <string>
+
+class CKey;
+
+extern const std::string MESSAGE_MAGIC;
+
+/** The result of a signed message verification.
+ * Message verification takes as an input:
+ * - address (with whose private key the message is supposed to have been signed)
+ * - signature
+ * - message
+ */
+enum class MessageVerificationResult {
+    //! The provided address is invalid.
+    ERR_INVALID_ADDRESS,
+
+    //! The provided address is valid but does not refer to a public key.
+    ERR_ADDRESS_NO_KEY,
+
+    //! The provided signature couldn't be parsed (maybe invalid base64).
+    ERR_MALFORMED_SIGNATURE,
+
+    //! A public key could not be recovered from the provided signature and message.
+    ERR_PUBKEY_NOT_RECOVERED,
+
+    //! The message was not signed with the private key of the provided address.
+    ERR_NOT_SIGNED,
+
+    //! The message verification was successful.
+    OK
+};
+
+enum class SigningResult {
+    OK, //!< No error
+    PRIVATE_KEY_NOT_AVAILABLE,
+    SIGNING_FAILED,
+};
+
+/** Verify a signed message.
+ * @param[in] address Signer's bitcoin address, it must refer to a public key.
+ * @param[in] signature The signature in base64 format.
+ * @param[in] message The message that was signed.
+ * @return result code */
+MessageVerificationResult MessageVerify(
+    const std::string& address,
+    const std::string& signature,
+    const std::string& message);
+
+/** Sign a message.
+ * @param[in] privkey Private key to sign with.
+ * @param[in] message The message to sign.
+ * @param[out] signature Signature, base64 encoded, only set if true is returned.
+ * @return true if signing was successful. */
+bool MessageSign(
+    const CKey& privkey,
+    const std::string& message,
+    std::string& signature);
+
+/**
+ * Hashes a message for signing and verification in a manner that prevents
+ * inadvertently signing a transaction.
+ */
+uint256 MessageHash(const std::string& message);
+
+std::string SigningResultString(const SigningResult res);
+
+#endif // BITCOIN_COMMON_SIGNMESSAGE_H