diff options
author | Antonio Juarez <antonio.maria.juarez@live.com> | 2014-03-03 22:07:58 +0000 |
---|---|---|
committer | Antonio Juarez <antonio.maria.juarez@live.com> | 2014-03-03 22:07:58 +0000 |
commit | 296ae46ed8f8f6e5f986f978febad302e3df231a (patch) | |
tree | 1629164454a239308f33c9e12afb22e7f3cd8eeb /src/crypto/crypto.cpp | |
parent | changed name (diff) | |
download | monero-296ae46ed8f8f6e5f986f978febad302e3df231a.tar.xz |
moved all stuff to github
Diffstat (limited to '')
-rw-r--r-- | src/crypto/crypto.cpp | 107 |
1 files changed, 95 insertions, 12 deletions
diff --git a/src/crypto/crypto.cpp b/src/crypto/crypto.cpp index 020e413e9..f5f525700 100644 --- a/src/crypto/crypto.cpp +++ b/src/crypto/crypto.cpp @@ -1,3 +1,7 @@ +// Copyright (c) 2012-2013 The Cryptonote developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + #include <alloca.h> #include <cassert> #include <cstddef> @@ -5,23 +9,31 @@ #include <cstdlib> #include <cstring> #include <memory> +#include <mutex> +#include "common/varint.h" +#include "warnings.h" #include "crypto.h" -#include "random.h" +#include "hash.h" namespace crypto { using std::abort; using std::int32_t; using std::int64_t; + using std::lock_guard; + using std::mutex; using std::size_t; using std::uint32_t; using std::uint64_t; extern "C" { #include "crypto-ops.h" +#include "random.h" } + mutex random_lock; + static inline unsigned char *operator &(ec_point &point) { return &reinterpret_cast<unsigned char &>(point); } @@ -46,11 +58,12 @@ namespace crypto { } static inline void hash_to_scalar(const void *data, size_t length, ec_scalar &res) { - keccak(data, length, reinterpret_cast<hash &>(res)); + cn_fast_hash(data, length, reinterpret_cast<hash &>(res)); sc_reduce32(&res); } void crypto_ops::generate_keys(public_key &pub, secret_key &sec) { + lock_guard<mutex> lock(random_lock); ge_p3 point; random_scalar(sec); ge_scalarmult_base(&point, &sec); @@ -62,13 +75,79 @@ namespace crypto { return ge_frombytes_vartime(&point, &key) == 0; } + bool crypto_ops::secret_key_to_public_key(const secret_key &sec, public_key &pub) { + ge_p3 point; + if (sc_check(&sec) != 0) { + return false; + } + ge_scalarmult_base(&point, &sec); + ge_p3_tobytes(&pub, &point); + return true; + } + + bool crypto_ops::generate_key_derivation(const public_key &key1, const secret_key &key2, key_derivation &derivation) { + ge_p3 point; + ge_p2 point2; + ge_p1p1 point3; + assert(sc_check(&key2) == 0); + if (ge_frombytes_vartime(&point, &key1) != 0) { + return false; + } + ge_scalarmult(&point2, &key2, &point); + ge_mul8(&point3, &point2); + ge_p1p1_to_p2(&point2, &point3); + ge_tobytes(&derivation, &point2); + return true; + } + + static void derivation_to_scalar(const key_derivation &derivation, size_t output_index, ec_scalar &res) { + struct { + key_derivation derivation; + char output_index[(sizeof(size_t) * 8 + 6) / 7]; + } buf; + char *end = buf.output_index; + buf.derivation = derivation; + tools::write_varint(end, output_index); + assert(end <= buf.output_index + sizeof buf.output_index); + hash_to_scalar(&buf, end - reinterpret_cast<char *>(&buf), res); + } + + bool crypto_ops::derive_public_key(const key_derivation &derivation, size_t output_index, + const public_key &base, public_key &derived_key) { + ec_scalar scalar; + ge_p3 point1; + ge_p3 point2; + ge_cached point3; + ge_p1p1 point4; + ge_p2 point5; + if (ge_frombytes_vartime(&point1, &base) != 0) { + return false; + } + derivation_to_scalar(derivation, output_index, scalar); + ge_scalarmult_base(&point2, &scalar); + ge_p3_to_cached(&point3, &point2); + ge_add(&point4, &point1, &point3); + ge_p1p1_to_p2(&point5, &point4); + ge_tobytes(&derived_key, &point5); + return true; + } + + void crypto_ops::derive_secret_key(const key_derivation &derivation, size_t output_index, + const secret_key &base, secret_key &derived_key) { + ec_scalar scalar; + assert(sc_check(&base) == 0); + derivation_to_scalar(derivation, output_index, scalar); + sc_add(&derived_key, &base, &scalar); + } + struct s_comm { hash h; ec_point key; ec_point comm; }; - void crypto_ops::generate_signature(const hash &message_hash, const public_key &pub, const secret_key &sec, signature &sig) { + void crypto_ops::generate_signature(const hash &prefix_hash, const public_key &pub, const secret_key &sec, signature &sig) { + lock_guard<mutex> lock(random_lock); ge_p3 tmp3; ec_scalar k; s_comm buf; @@ -82,7 +161,7 @@ namespace crypto { assert(pub == t2); } #endif - buf.h = message_hash; + buf.h = prefix_hash; buf.key = pub; random_scalar(k); ge_scalarmult_base(&tmp3, &k); @@ -91,13 +170,13 @@ namespace crypto { sc_mulsub(&sig.r, &sig.c, &sec, &k); } - bool crypto_ops::check_signature(const hash &message_hash, const public_key &pub, const signature &sig) { + bool crypto_ops::check_signature(const hash &prefix_hash, const public_key &pub, const signature &sig) { ge_p2 tmp2; ge_p3 tmp3; ec_scalar c; s_comm buf; assert(check_key(pub)); - buf.h = message_hash; + buf.h = prefix_hash; buf.key = pub; if (ge_frombytes_vartime(&tmp3, &pub) != 0) { abort(); @@ -116,7 +195,7 @@ namespace crypto { hash h; ge_p2 point; ge_p1p1 point2; - keccak(std::addressof(key), sizeof(public_key), h); + cn_fast_hash(std::addressof(key), sizeof(public_key), h); ge_fromfe_frombytes_vartime(&point, reinterpret_cast<const unsigned char *>(&h)); ge_mul8(&point2, &point); ge_p1p1_to_p3(&res, &point2); @@ -131,21 +210,25 @@ namespace crypto { ge_tobytes(&image, &point2); } +PUSH_WARNINGS +DISABLE_VS_WARNINGS(4200) struct rs_comm { hash h; struct { ec_point a, b; } ab[]; }; +POP_WARNINGS static inline size_t rs_comm_size(size_t pubs_count) { return sizeof(rs_comm) + pubs_count * sizeof(rs_comm().ab[0]); } - void crypto_ops::generate_ring_signature(const hash &message_hash, const key_image &image, + void crypto_ops::generate_ring_signature(const hash &prefix_hash, const key_image &image, const public_key *const *pubs, size_t pubs_count, const secret_key &sec, size_t sec_index, signature *sig) { + lock_guard<mutex> lock(random_lock); size_t i; ge_p3 image_unp; ge_dsmp image_pre; @@ -173,7 +256,7 @@ namespace crypto { } ge_dsm_precomp(image_pre, &image_unp); sc_0(&sum); - buf->h = message_hash; + buf->h = prefix_hash; for (i = 0; i < pubs_count; i++) { ge_p2 tmp2; ge_p3 tmp3; @@ -203,7 +286,7 @@ namespace crypto { sc_mulsub(&sig[sec_index].r, &sig[sec_index].c, &sec, &k); } - bool crypto_ops::check_ring_signature(const hash &message_hash, const key_image &image, + bool crypto_ops::check_ring_signature(const hash &prefix_hash, const key_image &image, const public_key *const *pubs, size_t pubs_count, const signature *sig) { size_t i; @@ -221,7 +304,7 @@ namespace crypto { } ge_dsm_precomp(image_pre, &image_unp); sc_0(&sum); - buf->h = message_hash; + buf->h = prefix_hash; for (i = 0; i < pubs_count; i++) { ge_p2 tmp2; ge_p3 tmp3; @@ -242,4 +325,4 @@ namespace crypto { sc_sub(&h, &h, &sum); return sc_isnonzero(&h) == 0; } -}
\ No newline at end of file +} |