aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/crypto.cpp
diff options
context:
space:
mode:
authorAntonio Juarez <antonio.maria.juarez@live.com>2014-03-03 22:07:58 +0000
committerAntonio Juarez <antonio.maria.juarez@live.com>2014-03-03 22:07:58 +0000
commit296ae46ed8f8f6e5f986f978febad302e3df231a (patch)
tree1629164454a239308f33c9e12afb22e7f3cd8eeb /src/crypto/crypto.cpp
parentchanged name (diff)
downloadmonero-296ae46ed8f8f6e5f986f978febad302e3df231a.tar.xz
moved all stuff to github
Diffstat (limited to '')
-rw-r--r--src/crypto/crypto.cpp107
1 files changed, 95 insertions, 12 deletions
diff --git a/src/crypto/crypto.cpp b/src/crypto/crypto.cpp
index 020e413e9..f5f525700 100644
--- a/src/crypto/crypto.cpp
+++ b/src/crypto/crypto.cpp
@@ -1,3 +1,7 @@
+// Copyright (c) 2012-2013 The Cryptonote developers
+// Distributed under the MIT/X11 software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
#include <alloca.h>
#include <cassert>
#include <cstddef>
@@ -5,23 +9,31 @@
#include <cstdlib>
#include <cstring>
#include <memory>
+#include <mutex>
+#include "common/varint.h"
+#include "warnings.h"
#include "crypto.h"
-#include "random.h"
+#include "hash.h"
namespace crypto {
using std::abort;
using std::int32_t;
using std::int64_t;
+ using std::lock_guard;
+ using std::mutex;
using std::size_t;
using std::uint32_t;
using std::uint64_t;
extern "C" {
#include "crypto-ops.h"
+#include "random.h"
}
+ mutex random_lock;
+
static inline unsigned char *operator &(ec_point &point) {
return &reinterpret_cast<unsigned char &>(point);
}
@@ -46,11 +58,12 @@ namespace crypto {
}
static inline void hash_to_scalar(const void *data, size_t length, ec_scalar &res) {
- keccak(data, length, reinterpret_cast<hash &>(res));
+ cn_fast_hash(data, length, reinterpret_cast<hash &>(res));
sc_reduce32(&res);
}
void crypto_ops::generate_keys(public_key &pub, secret_key &sec) {
+ lock_guard<mutex> lock(random_lock);
ge_p3 point;
random_scalar(sec);
ge_scalarmult_base(&point, &sec);
@@ -62,13 +75,79 @@ namespace crypto {
return ge_frombytes_vartime(&point, &key) == 0;
}
+ bool crypto_ops::secret_key_to_public_key(const secret_key &sec, public_key &pub) {
+ ge_p3 point;
+ if (sc_check(&sec) != 0) {
+ return false;
+ }
+ ge_scalarmult_base(&point, &sec);
+ ge_p3_tobytes(&pub, &point);
+ return true;
+ }
+
+ bool crypto_ops::generate_key_derivation(const public_key &key1, const secret_key &key2, key_derivation &derivation) {
+ ge_p3 point;
+ ge_p2 point2;
+ ge_p1p1 point3;
+ assert(sc_check(&key2) == 0);
+ if (ge_frombytes_vartime(&point, &key1) != 0) {
+ return false;
+ }
+ ge_scalarmult(&point2, &key2, &point);
+ ge_mul8(&point3, &point2);
+ ge_p1p1_to_p2(&point2, &point3);
+ ge_tobytes(&derivation, &point2);
+ return true;
+ }
+
+ static void derivation_to_scalar(const key_derivation &derivation, size_t output_index, ec_scalar &res) {
+ struct {
+ key_derivation derivation;
+ char output_index[(sizeof(size_t) * 8 + 6) / 7];
+ } buf;
+ char *end = buf.output_index;
+ buf.derivation = derivation;
+ tools::write_varint(end, output_index);
+ assert(end <= buf.output_index + sizeof buf.output_index);
+ hash_to_scalar(&buf, end - reinterpret_cast<char *>(&buf), res);
+ }
+
+ bool crypto_ops::derive_public_key(const key_derivation &derivation, size_t output_index,
+ const public_key &base, public_key &derived_key) {
+ ec_scalar scalar;
+ ge_p3 point1;
+ ge_p3 point2;
+ ge_cached point3;
+ ge_p1p1 point4;
+ ge_p2 point5;
+ if (ge_frombytes_vartime(&point1, &base) != 0) {
+ return false;
+ }
+ derivation_to_scalar(derivation, output_index, scalar);
+ ge_scalarmult_base(&point2, &scalar);
+ ge_p3_to_cached(&point3, &point2);
+ ge_add(&point4, &point1, &point3);
+ ge_p1p1_to_p2(&point5, &point4);
+ ge_tobytes(&derived_key, &point5);
+ return true;
+ }
+
+ void crypto_ops::derive_secret_key(const key_derivation &derivation, size_t output_index,
+ const secret_key &base, secret_key &derived_key) {
+ ec_scalar scalar;
+ assert(sc_check(&base) == 0);
+ derivation_to_scalar(derivation, output_index, scalar);
+ sc_add(&derived_key, &base, &scalar);
+ }
+
struct s_comm {
hash h;
ec_point key;
ec_point comm;
};
- void crypto_ops::generate_signature(const hash &message_hash, const public_key &pub, const secret_key &sec, signature &sig) {
+ void crypto_ops::generate_signature(const hash &prefix_hash, const public_key &pub, const secret_key &sec, signature &sig) {
+ lock_guard<mutex> lock(random_lock);
ge_p3 tmp3;
ec_scalar k;
s_comm buf;
@@ -82,7 +161,7 @@ namespace crypto {
assert(pub == t2);
}
#endif
- buf.h = message_hash;
+ buf.h = prefix_hash;
buf.key = pub;
random_scalar(k);
ge_scalarmult_base(&tmp3, &k);
@@ -91,13 +170,13 @@ namespace crypto {
sc_mulsub(&sig.r, &sig.c, &sec, &k);
}
- bool crypto_ops::check_signature(const hash &message_hash, const public_key &pub, const signature &sig) {
+ bool crypto_ops::check_signature(const hash &prefix_hash, const public_key &pub, const signature &sig) {
ge_p2 tmp2;
ge_p3 tmp3;
ec_scalar c;
s_comm buf;
assert(check_key(pub));
- buf.h = message_hash;
+ buf.h = prefix_hash;
buf.key = pub;
if (ge_frombytes_vartime(&tmp3, &pub) != 0) {
abort();
@@ -116,7 +195,7 @@ namespace crypto {
hash h;
ge_p2 point;
ge_p1p1 point2;
- keccak(std::addressof(key), sizeof(public_key), h);
+ cn_fast_hash(std::addressof(key), sizeof(public_key), h);
ge_fromfe_frombytes_vartime(&point, reinterpret_cast<const unsigned char *>(&h));
ge_mul8(&point2, &point);
ge_p1p1_to_p3(&res, &point2);
@@ -131,21 +210,25 @@ namespace crypto {
ge_tobytes(&image, &point2);
}
+PUSH_WARNINGS
+DISABLE_VS_WARNINGS(4200)
struct rs_comm {
hash h;
struct {
ec_point a, b;
} ab[];
};
+POP_WARNINGS
static inline size_t rs_comm_size(size_t pubs_count) {
return sizeof(rs_comm) + pubs_count * sizeof(rs_comm().ab[0]);
}
- void crypto_ops::generate_ring_signature(const hash &message_hash, const key_image &image,
+ void crypto_ops::generate_ring_signature(const hash &prefix_hash, const key_image &image,
const public_key *const *pubs, size_t pubs_count,
const secret_key &sec, size_t sec_index,
signature *sig) {
+ lock_guard<mutex> lock(random_lock);
size_t i;
ge_p3 image_unp;
ge_dsmp image_pre;
@@ -173,7 +256,7 @@ namespace crypto {
}
ge_dsm_precomp(image_pre, &image_unp);
sc_0(&sum);
- buf->h = message_hash;
+ buf->h = prefix_hash;
for (i = 0; i < pubs_count; i++) {
ge_p2 tmp2;
ge_p3 tmp3;
@@ -203,7 +286,7 @@ namespace crypto {
sc_mulsub(&sig[sec_index].r, &sig[sec_index].c, &sec, &k);
}
- bool crypto_ops::check_ring_signature(const hash &message_hash, const key_image &image,
+ bool crypto_ops::check_ring_signature(const hash &prefix_hash, const key_image &image,
const public_key *const *pubs, size_t pubs_count,
const signature *sig) {
size_t i;
@@ -221,7 +304,7 @@ namespace crypto {
}
ge_dsm_precomp(image_pre, &image_unp);
sc_0(&sum);
- buf->h = message_hash;
+ buf->h = prefix_hash;
for (i = 0; i < pubs_count; i++) {
ge_p2 tmp2;
ge_p3 tmp3;
@@ -242,4 +325,4 @@ namespace crypto {
sc_sub(&h, &h, &sum);
return sc_isnonzero(&h) == 0;
}
-} \ No newline at end of file
+}