Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/hash_impl.h
| Show All 27 Lines | |||||
| } while(0) | } while(0) | ||||
| #ifdef WORDS_BIGENDIAN | #ifdef WORDS_BIGENDIAN | ||||
| #define BE32(x) (x) | #define BE32(x) (x) | ||||
| #else | #else | ||||
| #define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) | #define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24)) | ||||
| #endif | #endif | ||||
| static void secp256k1_sha256_initialize(secp256k1_sha256_t *hash) { | static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { | ||||
| hash->s[0] = 0x6a09e667ul; | hash->s[0] = 0x6a09e667ul; | ||||
| hash->s[1] = 0xbb67ae85ul; | hash->s[1] = 0xbb67ae85ul; | ||||
| hash->s[2] = 0x3c6ef372ul; | hash->s[2] = 0x3c6ef372ul; | ||||
| hash->s[3] = 0xa54ff53aul; | hash->s[3] = 0xa54ff53aul; | ||||
| hash->s[4] = 0x510e527ful; | hash->s[4] = 0x510e527ful; | ||||
| hash->s[5] = 0x9b05688cul; | hash->s[5] = 0x9b05688cul; | ||||
| hash->s[6] = 0x1f83d9abul; | hash->s[6] = 0x1f83d9abul; | ||||
| hash->s[7] = 0x5be0cd19ul; | hash->s[7] = 0x5be0cd19ul; | ||||
| ▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | static void secp256k1_sha256_transform(uint32_t* s, const uint32_t* chunk) { | ||||
| s[2] += c; | s[2] += c; | ||||
| s[3] += d; | s[3] += d; | ||||
| s[4] += e; | s[4] += e; | ||||
| s[5] += f; | s[5] += f; | ||||
| s[6] += g; | s[6] += g; | ||||
| s[7] += h; | s[7] += h; | ||||
| } | } | ||||
| static void secp256k1_sha256_write(secp256k1_sha256_t *hash, const unsigned char *data, size_t len) { | static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t len) { | ||||
| size_t bufsize = hash->bytes & 0x3F; | size_t bufsize = hash->bytes & 0x3F; | ||||
| hash->bytes += len; | hash->bytes += len; | ||||
| while (bufsize + len >= 64) { | while (bufsize + len >= 64) { | ||||
| /* Fill the buffer, and process it. */ | /* Fill the buffer, and process it. */ | ||||
| memcpy(((unsigned char*)hash->buf) + bufsize, data, 64 - bufsize); | memcpy(((unsigned char*)hash->buf) + bufsize, data, 64 - bufsize); | ||||
| data += 64 - bufsize; | data += 64 - bufsize; | ||||
| len -= 64 - bufsize; | len -= 64 - bufsize; | ||||
| secp256k1_sha256_transform(hash->s, hash->buf); | secp256k1_sha256_transform(hash->s, hash->buf); | ||||
| bufsize = 0; | bufsize = 0; | ||||
| } | } | ||||
| if (len) { | if (len) { | ||||
| /* Fill the buffer with what remains. */ | /* Fill the buffer with what remains. */ | ||||
| memcpy(((unsigned char*)hash->buf) + bufsize, data, len); | memcpy(((unsigned char*)hash->buf) + bufsize, data, len); | ||||
| } | } | ||||
| } | } | ||||
| static void secp256k1_sha256_finalize(secp256k1_sha256_t *hash, unsigned char *out32) { | static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32) { | ||||
| static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | ||||
| uint32_t sizedesc[2]; | uint32_t sizedesc[2]; | ||||
| uint32_t out[8]; | uint32_t out[8]; | ||||
| int i = 0; | int i = 0; | ||||
| sizedesc[0] = BE32(hash->bytes >> 29); | sizedesc[0] = BE32(hash->bytes >> 29); | ||||
| sizedesc[1] = BE32(hash->bytes << 3); | sizedesc[1] = BE32(hash->bytes << 3); | ||||
| secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); | secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); | ||||
| secp256k1_sha256_write(hash, (const unsigned char*)sizedesc, 8); | secp256k1_sha256_write(hash, (const unsigned char*)sizedesc, 8); | ||||
| for (i = 0; i < 8; i++) { | for (i = 0; i < 8; i++) { | ||||
| out[i] = BE32(hash->s[i]); | out[i] = BE32(hash->s[i]); | ||||
| hash->s[i] = 0; | hash->s[i] = 0; | ||||
| } | } | ||||
| memcpy(out32, (const unsigned char*)out, 32); | memcpy(out32, (const unsigned char*)out, 32); | ||||
| } | } | ||||
| static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256_t *hash, const unsigned char *key, size_t keylen) { | static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { | ||||
| int n; | int n; | ||||
| unsigned char rkey[64]; | unsigned char rkey[64]; | ||||
| if (keylen <= 64) { | if (keylen <= 64) { | ||||
| memcpy(rkey, key, keylen); | memcpy(rkey, key, keylen); | ||||
| memset(rkey + keylen, 0, 64 - keylen); | memset(rkey + keylen, 0, 64 - keylen); | ||||
| } else { | } else { | ||||
| secp256k1_sha256_t sha256; | secp256k1_sha256 sha256; | ||||
| secp256k1_sha256_initialize(&sha256); | secp256k1_sha256_initialize(&sha256); | ||||
| secp256k1_sha256_write(&sha256, key, keylen); | secp256k1_sha256_write(&sha256, key, keylen); | ||||
| secp256k1_sha256_finalize(&sha256, rkey); | secp256k1_sha256_finalize(&sha256, rkey); | ||||
| memset(rkey + 32, 0, 32); | memset(rkey + 32, 0, 32); | ||||
| } | } | ||||
| secp256k1_sha256_initialize(&hash->outer); | secp256k1_sha256_initialize(&hash->outer); | ||||
| for (n = 0; n < 64; n++) { | for (n = 0; n < 64; n++) { | ||||
| rkey[n] ^= 0x5c; | rkey[n] ^= 0x5c; | ||||
| } | } | ||||
| secp256k1_sha256_write(&hash->outer, rkey, 64); | secp256k1_sha256_write(&hash->outer, rkey, 64); | ||||
| secp256k1_sha256_initialize(&hash->inner); | secp256k1_sha256_initialize(&hash->inner); | ||||
| for (n = 0; n < 64; n++) { | for (n = 0; n < 64; n++) { | ||||
| rkey[n] ^= 0x5c ^ 0x36; | rkey[n] ^= 0x5c ^ 0x36; | ||||
| } | } | ||||
| secp256k1_sha256_write(&hash->inner, rkey, 64); | secp256k1_sha256_write(&hash->inner, rkey, 64); | ||||
| memset(rkey, 0, 64); | memset(rkey, 0, 64); | ||||
| } | } | ||||
| static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256_t *hash, const unsigned char *data, size_t size) { | static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size) { | ||||
| secp256k1_sha256_write(&hash->inner, data, size); | secp256k1_sha256_write(&hash->inner, data, size); | ||||
| } | } | ||||
| static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256_t *hash, unsigned char *out32) { | static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32) { | ||||
| unsigned char temp[32]; | unsigned char temp[32]; | ||||
| secp256k1_sha256_finalize(&hash->inner, temp); | secp256k1_sha256_finalize(&hash->inner, temp); | ||||
| secp256k1_sha256_write(&hash->outer, temp, 32); | secp256k1_sha256_write(&hash->outer, temp, 32); | ||||
| memset(temp, 0, 32); | memset(temp, 0, 32); | ||||
| secp256k1_sha256_finalize(&hash->outer, out32); | secp256k1_sha256_finalize(&hash->outer, out32); | ||||
| } | } | ||||
| static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256_t *rng, const unsigned char *key, size_t keylen) { | static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { | ||||
| secp256k1_hmac_sha256_t hmac; | secp256k1_hmac_sha256 hmac; | ||||
| static const unsigned char zero[1] = {0x00}; | static const unsigned char zero[1] = {0x00}; | ||||
| static const unsigned char one[1] = {0x01}; | static const unsigned char one[1] = {0x01}; | ||||
| memset(rng->v, 0x01, 32); /* RFC6979 3.2.b. */ | memset(rng->v, 0x01, 32); /* RFC6979 3.2.b. */ | ||||
| memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ | memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ | ||||
| /* RFC6979 3.2.d. */ | /* RFC6979 3.2.d. */ | ||||
| secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | ||||
| Show All 12 Lines | static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { | ||||
| secp256k1_hmac_sha256_write(&hmac, key, keylen); | secp256k1_hmac_sha256_write(&hmac, key, keylen); | ||||
| secp256k1_hmac_sha256_finalize(&hmac, rng->k); | secp256k1_hmac_sha256_finalize(&hmac, rng->k); | ||||
| secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | ||||
| secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | ||||
| secp256k1_hmac_sha256_finalize(&hmac, rng->v); | secp256k1_hmac_sha256_finalize(&hmac, rng->v); | ||||
| rng->retry = 0; | rng->retry = 0; | ||||
| } | } | ||||
| static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256_t *rng, unsigned char *out, size_t outlen) { | static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { | ||||
| /* RFC6979 3.2.h. */ | /* RFC6979 3.2.h. */ | ||||
| static const unsigned char zero[1] = {0x00}; | static const unsigned char zero[1] = {0x00}; | ||||
| if (rng->retry) { | if (rng->retry) { | ||||
| secp256k1_hmac_sha256_t hmac; | secp256k1_hmac_sha256 hmac; | ||||
| secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | ||||
| secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | ||||
| secp256k1_hmac_sha256_write(&hmac, zero, 1); | secp256k1_hmac_sha256_write(&hmac, zero, 1); | ||||
| secp256k1_hmac_sha256_finalize(&hmac, rng->k); | secp256k1_hmac_sha256_finalize(&hmac, rng->k); | ||||
| secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | ||||
| secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | ||||
| secp256k1_hmac_sha256_finalize(&hmac, rng->v); | secp256k1_hmac_sha256_finalize(&hmac, rng->v); | ||||
| } | } | ||||
| while (outlen > 0) { | while (outlen > 0) { | ||||
| secp256k1_hmac_sha256_t hmac; | secp256k1_hmac_sha256 hmac; | ||||
| int now = outlen; | int now = outlen; | ||||
| secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); | ||||
| secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | secp256k1_hmac_sha256_write(&hmac, rng->v, 32); | ||||
| secp256k1_hmac_sha256_finalize(&hmac, rng->v); | secp256k1_hmac_sha256_finalize(&hmac, rng->v); | ||||
| if (now > 32) { | if (now > 32) { | ||||
| now = 32; | now = 32; | ||||
| } | } | ||||
| memcpy(out, rng->v, now); | memcpy(out, rng->v, now); | ||||
| out += now; | out += now; | ||||
| outlen -= now; | outlen -= now; | ||||
| } | } | ||||
| rng->retry = 1; | rng->retry = 1; | ||||
| } | } | ||||
| static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256_t *rng) { | static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng) { | ||||
| memset(rng->k, 0, 32); | memset(rng->k, 0, 32); | ||||
| memset(rng->v, 0, 32); | memset(rng->v, 0, 32); | ||||
| rng->retry = 0; | rng->retry = 0; | ||||
| } | } | ||||
| #undef BE32 | #undef BE32 | ||||
| #undef Round | #undef Round | ||||
| #undef sigma1 | #undef sigma1 | ||||
| #undef sigma0 | #undef sigma0 | ||||
| #undef Sigma1 | #undef Sigma1 | ||||
| #undef Sigma0 | #undef Sigma0 | ||||
| #undef Maj | #undef Maj | ||||
| #undef Ch | #undef Ch | ||||
| #endif /* SECP256K1_HASH_IMPL_H */ | #endif /* SECP256K1_HASH_IMPL_H */ | ||||