kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use libsecp256k1's RFC6979 implementation

0.13
Pieter Wuille 10 years ago
parent
ec20fd74b8
commit
1a9576de9d
5 changed files with 21 additions and 144 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/Makefile.am
  2. 47
      src/crypto/rfc6979_hmac_sha256.cpp
  3. 36
      src/crypto/rfc6979_hmac_sha256.h
  4. 45
      src/key.cpp
  5. 35
      src/test/crypto_tests.cpp

2
src/Makefile.am
Unescape View File

@ -209,14 +209,12 @@ crypto_libbitcoin_crypto_a_SOURCES = \
crypto/sha256.cpp \ crypto/sha256.cpp \
crypto/sha512.cpp \ crypto/sha512.cpp \
crypto/hmac_sha256.cpp \ crypto/hmac_sha256.cpp \
crypto/rfc6979_hmac_sha256.cpp \
crypto/hmac_sha512.cpp \ crypto/hmac_sha512.cpp \
crypto/ripemd160.cpp \ crypto/ripemd160.cpp \
crypto/common.h \ crypto/common.h \
crypto/sha256.h \ crypto/sha256.h \
crypto/sha512.h \ crypto/sha512.h \
crypto/hmac_sha256.h \ crypto/hmac_sha256.h \
crypto/rfc6979_hmac_sha256.h \
crypto/hmac_sha512.h \ crypto/hmac_sha512.h \
crypto/sha1.h \ crypto/sha1.h \
crypto/ripemd160.h crypto/ripemd160.h

47
src/crypto/rfc6979_hmac_sha256.cpp
Unescape View File

@ -1,47 +0,0 @@
// Copyright (c) 2014 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include "crypto/rfc6979_hmac_sha256.h"
#include <string.h>
#include <algorithm>
static const unsigned char zero[1] = {0x00};
static const unsigned char one[1] = {0x01};
RFC6979_HMAC_SHA256::RFC6979_HMAC_SHA256(const unsigned char* key, size_t keylen, const unsigned char* msg, size_t msglen) : retry(false)
{
memset(V, 0x01, sizeof(V));
memset(K, 0x00, sizeof(K));
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Write(key, keylen).Write(msg, msglen).Finalize(K);
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(one, sizeof(one)).Write(key, keylen).Write(msg, msglen).Finalize(K);
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
}
RFC6979_HMAC_SHA256::~RFC6979_HMAC_SHA256()
{
memset(V, 0x01, sizeof(V));
memset(K, 0x00, sizeof(K));
}
void RFC6979_HMAC_SHA256::Generate(unsigned char* output, size_t outputlen)
{
if (retry) {
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Finalize(K);
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
}
while (outputlen > 0) {
CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
size_t len = std::min(outputlen, sizeof(V));
memcpy(output, V, len);
output += len;
outputlen -= len;
}
retry = true;
}

36
src/crypto/rfc6979_hmac_sha256.h
Unescape View File

@ -1,36 +0,0 @@
// Copyright (c) 2014 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_RFC6979_HMAC_SHA256_H
#define BITCOIN_RFC6979_HMAC_SHA256_H
#include "crypto/hmac_sha256.h"
#include <stdint.h>
#include <stdlib.h>
/** The RFC 6979 PRNG using HMAC-SHA256. */
class RFC6979_HMAC_SHA256
{
private:
unsigned char V[CHMAC_SHA256::OUTPUT_SIZE];
unsigned char K[CHMAC_SHA256::OUTPUT_SIZE];
bool retry;
public:
/**
* Construct a new RFC6979 PRNG, using the given key and message.
* The message is assumed to be already hashed.
*/
RFC6979_HMAC_SHA256(const unsigned char* key, size_t keylen, const unsigned char* msg, size_t msglen);
/**
* Generate a byte array.
*/
void Generate(unsigned char* output, size_t outputlen);
~RFC6979_HMAC_SHA256();
};
#endif // BITCOIN_RFC6979_HMAC_SHA256_H

45
src/key.cpp
Unescape View File

@ -6,7 +6,6 @@
#include "arith_uint256.h" #include "arith_uint256.h"
#include "crypto/hmac_sha512.h" #include "crypto/hmac_sha512.h"
#include "crypto/rfc6979_hmac_sha256.h"
#include "eccryptoverify.h" #include "eccryptoverify.h"
#include "pubkey.h" #include "pubkey.h"
#include "random.h" #include "random.h"
@ -74,23 +73,28 @@ CPubKey CKey::GetPubKey() const {
return result; return result;
} }
extern "C"
{
static int secp256k1_nonce_function_test_case(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int attempt, const void *data)
{
const uint32_t *test_case = static_cast<const uint32_t*>(data);
uint256 nonce;
secp256k1_nonce_function_rfc6979(nonce.begin(), msg32, key32, attempt, NULL);
nonce = ArithToUint256(UintToArith256(nonce) + *test_case);
memcpy(nonce32, nonce.begin(), 32);
return 1;
}
}
bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const { bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {
if (!fValid) if (!fValid)
return false; return false;
vchSig.resize(72); vchSig.resize(72);
RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32); int nSigLen = 72;
do { int ret = secp256k1_ecdsa_sign(hash.begin(), (unsigned char*)&vchSig[0], &nSigLen, begin(), test_case == 0 ? secp256k1_nonce_function_rfc6979 : secp256k1_nonce_function_test_case, test_case == 0 ? NULL : &test_case);
uint256 nonce; assert(ret);
prng.Generate((unsigned char*)&nonce, 32); vchSig.resize(nSigLen);
nonce = ArithToUint256(UintToArith256(nonce) + test_case); return true;
int nSigLen = 72;
int ret = secp256k1_ecdsa_sign((const unsigned char*)&hash, (unsigned char*)&vchSig[0], &nSigLen, begin(), (unsigned char*)&nonce);
nonce = uint256();
if (ret) {
vchSig.resize(nSigLen);
return true;
}
} while(true);
} }
bool CKey::VerifyPubKey(const CPubKey& pubkey) const { bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
@ -101,7 +105,7 @@ bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
std::string str = "Bitcoin key verification\n"; std::string str = "Bitcoin key verification\n";
GetRandBytes(rnd, sizeof(rnd)); GetRandBytes(rnd, sizeof(rnd));
uint256 hash; uint256 hash;
CHash256().Write((unsigned char*)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize((unsigned char*)&hash); CHash256().Write((unsigned char*)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize(hash.begin());
std::vector<unsigned char> vchSig; std::vector<unsigned char> vchSig;
Sign(hash, vchSig); Sign(hash, vchSig);
return pubkey.Verify(hash, vchSig); return pubkey.Verify(hash, vchSig);
@ -112,15 +116,8 @@ bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig)
return false; return false;
vchSig.resize(65); vchSig.resize(65);
int rec = -1; int rec = -1;
RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32); int ret = secp256k1_ecdsa_sign_compact(hash.begin(), &vchSig[1], begin(), secp256k1_nonce_function_rfc6979, NULL, &rec);
do { assert(ret);
uint256 nonce;
prng.Generate((unsigned char*)&nonce, 32);
int ret = secp256k1_ecdsa_sign_compact((const unsigned char*)&hash, &vchSig[1], begin(), (unsigned char*)&nonce, &rec);
nonce = uint256();
if (ret)
break;
} while(true);
assert(rec != -1); assert(rec != -1);
vchSig[0] = 27 + rec + (fCompressed ? 4 : 0); vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
return true; return true;

35
src/test/crypto_tests.cpp
Unescape View File

@ -2,7 +2,6 @@
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include "crypto/rfc6979_hmac_sha256.h"
#include "crypto/ripemd160.h" #include "crypto/ripemd160.h"
#include "crypto/sha1.h" #include "crypto/sha1.h"
#include "crypto/sha256.h" #include "crypto/sha256.h"
@ -248,38 +247,4 @@ BOOST_AUTO_TEST_CASE(hmac_sha512_testvectors) {
"b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"); "b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58");
} }
void TestRFC6979(const std::string& hexkey, const std::string& hexmsg, const std::vector<std::string>& hexout)
{
std::vector<unsigned char> key = ParseHex(hexkey);
std::vector<unsigned char> msg = ParseHex(hexmsg);
RFC6979_HMAC_SHA256 rng(&key[0], key.size(), &msg[0], msg.size());
for (unsigned int i = 0; i < hexout.size(); i++) {
std::vector<unsigned char> out = ParseHex(hexout[i]);
std::vector<unsigned char> gen;
gen.resize(out.size());
rng.Generate(&gen[0], gen.size());
BOOST_CHECK(out == gen);
}
}
BOOST_AUTO_TEST_CASE(rfc6979_hmac_sha256)
{
TestRFC6979(
"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f00",
"4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a",
boost::assign::list_of
("4fe29525b2086809159acdf0506efb86b0ec932c7ba44256ab321e421e67e9fb")
("2bf0fff1d3c378a22dc5de1d856522325c65b504491a0cbd01cb8f3aa67ffd4a")
("f528b410cb541f77000d7afb6c5b53c5c471eab43e466d9ac5190c39c82fd82e"));
TestRFC6979(
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
boost::assign::list_of
("9c236c165b82ae0cd590659e100b6bab3036e7ba8b06749baf6981e16f1a2b95")
("df471061625bc0ea14b682feee2c9c02f235da04204c1d62a1536c6e17aed7a9")
("7597887cbd76321f32e30440679a22cf7f8d9d2eac390e581fea091ce202ba94"));
}
BOOST_AUTO_TEST_SUITE_END() BOOST_AUTO_TEST_SUITE_END()

Write Preview
Loading…
Cancel
Save