12 files changed, 168 insertions, 21 deletions

diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt
index 71dcedcab..35c099697 100644
--- a/src/crypto/CMakeLists.txt
+++ b/src/crypto/CMakeLists.txt
@@ -33,6 +33,7 @@ set(crypto_sources
   crypto-ops-data.c
   crypto-ops.c
   crypto.cpp
+  crypto_device.cpp
   groestl.c
   hash-extra-blake.c
   hash-extra-groestl.c
@@ -77,6 +78,7 @@ monero_add_library(cncrypto
 target_link_libraries(cncrypto
   PUBLIC
     epee
+    device
     ${Boost_SYSTEM_LIBRARY}
   PRIVATE
     ${EXTRA_LIBRARIES})
diff --git a/src/crypto/chacha.c b/src/crypto/chacha.c
index f573083be..5d3edb98d 100644
--- a/src/crypto/chacha.c
+++ b/src/crypto/chacha.c
@@ -6,7 +6,9 @@ Public domain.
 
 #include <memory.h>
 #include <stdio.h>
+#ifndef _MSC_VER
 #include <sys/param.h>
+#endif
 
 #include "chacha.h"
 #include "common/int-util.h"
diff --git a/src/crypto/chacha.h b/src/crypto/chacha.h
index f74d0c352..b45c3d7c7 100644
--- a/src/crypto/chacha.h
+++ b/src/crypto/chacha.h
@@ -69,10 +69,10 @@ namespace crypto {
     chacha20(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
   }
 
-  inline void generate_chacha_key(const void *data, size_t size, chacha_key& key) {
+  inline void generate_chacha_key(const void *data, size_t size, chacha_key& key, bool prehashed=false) {
     static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
     tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
-    crypto::cn_slow_hash(data, size, pwd_hash.data());
+    crypto::cn_slow_hash_pre(data, size, pwd_hash.data(), prehashed);
     memcpy(&key, pwd_hash.data(), sizeof(key));
   }
 
diff --git a/src/crypto/crypto.cpp b/src/crypto/crypto.cpp
index b28854a13..0c70b9eeb 100644
--- a/src/crypto/crypto.cpp
+++ b/src/crypto/crypto.cpp
@@ -28,6 +28,7 @@
 // 
 // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
 
+#include <unistd.h>
 #include <cassert>
 #include <cstddef>
 #include <cstdint>
@@ -43,6 +44,18 @@
 #include "crypto.h"
 #include "hash.h"
 
+namespace {
+  static void local_abort(const char *msg)
+  {
+    fprintf(stderr, "%s\n", msg);
+#ifdef NDEBUG
+    _exit(1);
+#else
+    abort();
+#endif
+  }
+}
+
 namespace crypto {
 
   using std::abort;
@@ -94,7 +107,7 @@ namespace crypto {
 
   /* 
    * generate public and secret keys from a random 256-bit integer
-   * TODO: allow specifiying random value (for wallet recovery)
+   * TODO: allow specifying random value (for wallet recovery)
    * 
    */
   secret_key crypto_ops::generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key, bool recover) {
@@ -423,7 +436,7 @@ namespace crypto {
     return sc_isnonzero(&c2) == 0;
   }
 
-  static void hash_to_ec(const public_key &key, ge_p3 &res) {
+  void crypto_ops::hash_to_ec(const public_key &key, ge_p3 &res) {
     hash h;
     ge_p2 point;
     ge_p1p1 point2;
@@ -467,7 +480,7 @@ POP_WARNINGS
     ec_scalar sum, k, h;
     boost::shared_ptr<rs_comm> buf(reinterpret_cast<rs_comm *>(malloc(rs_comm_size(pubs_count))), free);
     if (!buf)
-      abort();
+      local_abort("malloc failure");
     assert(sec_index < pubs_count);
 #if !defined(NDEBUG)
     {
@@ -486,7 +499,7 @@ POP_WARNINGS
     }
 #endif
     if (ge_frombytes_vartime(&image_unp, &image) != 0) {
-      abort();
+      local_abort("invalid key image");
     }
     ge_dsm_precomp(image_pre, &image_unp);
     sc_0(&sum);
@@ -505,7 +518,7 @@ POP_WARNINGS
         random_scalar(sig[i].c);
         random_scalar(sig[i].r);
         if (ge_frombytes_vartime(&tmp3, &*pubs[i]) != 0) {
-          abort();
+          local_abort("invalid pubkey");
         }
         ge_double_scalarmult_base_vartime(&tmp2, &sig[i].c, &tmp3, &sig[i].r);
         ge_tobytes(&buf->ab[i].a, &tmp2);
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 81ebfb9e2..75b333473 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -46,6 +46,10 @@
 #include "hex.h"
 #include "span.h"
 #include "hash.h"
+#include "device/device_declare.hpp"
+extern "C" {
+  #include "crypto-ops.h"
+}
 
 namespace crypto {
 
@@ -113,6 +117,9 @@ namespace crypto {
     void operator=(const crypto_ops &);
     ~crypto_ops();
 
+    static void hash_to_ec(const public_key &key, ge_p3 &res) ;
+    friend void hash_to_ec(const public_key &key, ge_p3 &res) ;
+
     static secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key = secret_key(), bool recover = false);
     friend secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key, bool recover);
     static bool check_key(const public_key &);
@@ -149,6 +156,17 @@ namespace crypto {
       const public_key *const *, std::size_t, const signature *);
   };
 
+  secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key, bool recover, hw::device &hwdev);
+  secret_key generate_keys(public_key &pub, secret_key &sec, hw::device &hwdev);
+  bool secret_key_to_public_key(const secret_key &sec, public_key &pub, hw::device &hwdev);
+  bool generate_key_derivation(const public_key &key1, const secret_key &key2, key_derivation &derivation, hw::device &hwdev);
+  void derivation_to_scalar(const key_derivation &derivation, size_t output_index, ec_scalar &res, hw::device &hwdev) ;
+  bool derive_public_key(const key_derivation &derivation, size_t output_index, const public_key &base, public_key &derived_key, hw::device &hwdev);
+  void derive_secret_key(const key_derivation &derivation, size_t output_index, const secret_key &base, secret_key &derived_key, hw::device &hwdev);
+  bool derive_subaddress_public_key(const public_key &out_key, const key_derivation &derivation, std::size_t output_index, public_key &derived_key, hw::device &hwdev);
+  void generate_key_image(const public_key &pub, const secret_key &sec, key_image &image, hw::device &hwdev);
+
+
   /* Generate N random bytes
    */
   inline void rand(size_t N, uint8_t *bytes) {
@@ -166,6 +184,9 @@ namespace crypto {
     return res;
   }
 
+  inline void hash_to_ec(const public_key &key, ge_p3 &res) {
+    crypto_ops::hash_to_ec(key,res);
+  }
   /* Generate a new key pair
    */
   inline secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key = secret_key(), bool recover = false) {
diff --git a/src/crypto/crypto_device.cpp b/src/crypto/crypto_device.cpp
new file mode 100644
index 000000000..5536857c8
--- /dev/null
+++ b/src/crypto/crypto_device.cpp
@@ -0,0 +1,79 @@
+// Copyright (c) 2014-2018, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+
+
+#include "crypto.h"
+#include "device/device.hpp"
+#include "device/log.hpp"
+
+namespace crypto {
+
+    secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key& recovery_key, bool recover, hw::device &hwdev) {
+        secret_key rng;
+        hwdev.generate_keys(pub, sec, recovery_key, recover, rng);
+        return rng;
+    }
+
+    secret_key generate_keys(public_key &pub, secret_key &sec, hw::device &hwdev) {
+        secret_key rng;
+        hwdev.generate_keys(pub, sec,  secret_key(), false, rng);
+        return rng;
+    }
+
+
+    bool secret_key_to_public_key(const secret_key &sec, public_key &pub, hw::device &hwdev) {
+       return hwdev.secret_key_to_public_key(sec, pub);
+    }
+
+    bool generate_key_derivation(const public_key &key1, const secret_key &key2, key_derivation &derivation, hw::device &hwdev) {
+        return hwdev.generate_key_derivation(key1, key2, derivation);
+    }
+
+    void derivation_to_scalar(const key_derivation &derivation, size_t output_index, ec_scalar &res, hw::device &hwdev) {
+        hwdev.derivation_to_scalar(derivation, output_index, res);
+    }
+
+    bool derive_public_key(const key_derivation &derivation, size_t output_index,
+                           const public_key &base, public_key &derived_key, hw::device &hwdev) {
+        return hwdev.derive_public_key(derivation, output_index, base, derived_key);
+    }
+
+    void derive_secret_key(const key_derivation &derivation, size_t output_index,
+                           const secret_key &base, secret_key &derived_key, hw::device &hwdev) {
+        hwdev.derive_secret_key(derivation, output_index, base, derived_key);
+    }
+
+    bool derive_subaddress_public_key(const public_key &out_key, const key_derivation &derivation, std::size_t output_index, public_key &derived_key, hw::device &hwdev) {
+        return hwdev.derive_subaddress_public_key(out_key, derivation, output_index, derived_key);
+    }
+
+    void generate_key_image(const public_key &pub, const secret_key &sec, key_image &image, hw::device &hwdev) {
+        hwdev.generate_key_image(pub,sec,image);
+    }
+}
\ No newline at end of file
diff --git a/src/crypto/hash-ops.h b/src/crypto/hash-ops.h
index 47c6f6425..130bf02db 100644
--- a/src/crypto/hash-ops.h
+++ b/src/crypto/hash-ops.h
@@ -80,6 +80,7 @@ enum {
 
 void cn_fast_hash(const void *data, size_t length, char *hash);
 void cn_slow_hash(const void *data, size_t length, char *hash);
+void cn_slow_hash_pre(const void *data, size_t length, char *hash, bool pre);
 
 void hash_extra_blake(const void *data, size_t length, char *hash);
 void hash_extra_groestl(const void *data, size_t length, char *hash);
diff --git a/src/crypto/keccak.c b/src/crypto/keccak.c
index fc6d487c2..de8e2a5b3 100644
--- a/src/crypto/keccak.c
+++ b/src/crypto/keccak.c
@@ -4,9 +4,20 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include "hash-ops.h"
 #include "keccak.h"
 
+static void local_abort(const char *msg)
+{
+  fprintf(stderr, "%s\n", msg);
+#ifdef NDEBUG
+  _exit(1);
+#else
+  abort();
+#endif
+}
+
 const uint64_t keccakf_rndc[24] = 
 {
     0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
@@ -81,10 +92,10 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
     uint8_t temp[144];
     size_t i, rsiz, rsizw;
 
-    if (mdlen <= 0 || mdlen > 200 || sizeof(st) != 200)
+    static_assert(HASH_DATA_AREA <= sizeof(temp), "Bad keccak preconditions");
+    if (mdlen <= 0 || (mdlen > 100 && sizeof(st) != (size_t)mdlen))
     {
-      fprintf(stderr, "Bad keccak use");
-      abort();
+      local_abort("Bad keccak use");
     }
 
     rsiz = sizeof(state_t) == mdlen ? HASH_DATA_AREA : 200 - 2 * mdlen;
@@ -99,10 +110,9 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
     }
     
     // last block and padding
-    if (inlen >= sizeof(temp) || inlen > rsiz || rsiz - inlen + inlen + 1 >= sizeof(temp) || rsiz == 0 || rsiz - 1 >= sizeof(temp) || rsizw * 8 > sizeof(temp))
+    if (inlen + 1 >= sizeof(temp) || inlen > rsiz || rsiz - inlen + inlen + 1 >= sizeof(temp) || rsiz == 0 || rsiz - 1 >= sizeof(temp) || rsizw * 8 > sizeof(temp))
     {
-      fprintf(stderr, "Bad keccak use");
-      abort();
+      local_abort("Bad keccak use");
     }
 
     memcpy(temp, in, inlen);
diff --git a/src/crypto/oaes_lib.c b/src/crypto/oaes_lib.c
index 0afec6212..9e31ebf46 100644
--- a/src/crypto/oaes_lib.c
+++ b/src/crypto/oaes_lib.c
@@ -53,6 +53,12 @@
 #include <unistd.h>
 #endif
 
+#ifdef _MSC_VER
+#define GETPID() _getpid()
+#else
+#define GETPID() getpid()
+#endif
+
 #include "oaes_config.h"
 #include "oaes_lib.h"
 
@@ -478,7 +484,7 @@ static void oaes_get_seed( char buf[RANDSIZ + 1] )
 	sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
 		gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
 		gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.millitm,
-		_test + timer.millitm, getpid() );
+		_test + timer.millitm, GETPID() );
 	#else
 	struct timeval timer;
 	struct tm *gmTimer;
@@ -490,7 +496,7 @@ static void oaes_get_seed( char buf[RANDSIZ + 1] )
 	sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
 		gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
 		gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.tv_usec/1000,
-		_test + timer.tv_usec/1000, getpid() );
+		_test + timer.tv_usec/1000, GETPID() );
 	#endif
 		
 	if( _test )
@@ -510,7 +516,7 @@ static uint32_t oaes_get_seed(void)
 	_test = (char *) calloc( sizeof( char ), timer.millitm );
 	_ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
 			gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.millitm +
-			(uintptr_t) ( _test + timer.millitm ) + getpid();
+			(uintptr_t) ( _test + timer.millitm ) + GETPID();
 	#else
 	struct timeval timer;
 	struct tm *gmTimer;
@@ -522,7 +528,7 @@ static uint32_t oaes_get_seed(void)
 	_test = (char *) calloc( sizeof( char ), timer.tv_usec/1000 );
 	_ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
 			gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.tv_usec/1000 +
-			(uintptr_t) ( _test + timer.tv_usec/1000 ) + getpid();
+			(uintptr_t) ( _test + timer.tv_usec/1000 ) + GETPID();
 	#endif
 
 	if( _test )
diff --git a/src/crypto/random.c b/src/crypto/random.c
index cd46a1362..9e1a70a2d 100644
--- a/src/crypto/random.c
+++ b/src/crypto/random.c
@@ -42,10 +42,15 @@ static void generate_system_random_bytes(size_t n, void *result);
 
 #include <windows.h>
 #include <wincrypt.h>
+#include <stdio.h>
 
 static void generate_system_random_bytes(size_t n, void *result) {
   HCRYPTPROV prov;
+#ifdef NDEBUG
+#define must_succeed(x) do if (!(x)) { fprintf(stderr, "Failed: " #x); _exit(1); } while (0)
+#else
 #define must_succeed(x) do if (!(x)) abort(); while (0)
+#endif
   must_succeed(CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT));
   must_succeed(CryptGenRandom(prov, (DWORD)n, result));
   must_succeed(CryptReleaseContext(prov, 0));
diff --git a/src/crypto/slow-hash.c b/src/crypto/slow-hash.c
index f921b2455..36bfba9fd 100644
--- a/src/crypto/slow-hash.c
+++ b/src/crypto/slow-hash.c
@@ -515,8 +515,11 @@ void slow_hash_free_state(void)
  * @param length the length in bytes of the data
  * @param hash a pointer to a buffer in which the final 256 bit hash will be stored
  */
+void cn_slow_hash(const void *data, size_t length, char *hash) {
+    cn_slow_hash_pre(data,length,hash,false);
+}
 
-void cn_slow_hash(const void *data, size_t length, char *hash)
+void cn_slow_hash_pre(const void *data, size_t length, char *hash, bool prehashed)
 {
     RDATA_ALIGN16 uint8_t expandedKey[240];  /* These buffers are aligned to use later with SSE functions */
 
@@ -543,8 +546,11 @@ void cn_slow_hash(const void *data, size_t length, char *hash)
         slow_hash_allocate_state();
 
     /* CryptoNight Step 1:  Use Keccak1600 to initialize the 'state' (and 'text') buffers from the data. */
-
-    hash_process(&state.hs, data, length);
+    if (prehashed) {
+        memcpy(&state.hs, data, length);
+    } else {
+        hash_process(&state.hs, data, length);
+    }
     memcpy(text, state.init, INIT_SIZE_BYTE);
 
     /* CryptoNight Step 2:  Iteratively encrypt the results from Keccak to fill
diff --git a/src/crypto/tree-hash.c b/src/crypto/tree-hash.c
index 59fd20bf9..e6d6a267c 100644
--- a/src/crypto/tree-hash.c
+++ b/src/crypto/tree-hash.c
@@ -34,7 +34,9 @@
 
 #include "hash-ops.h"
 
-#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__DragonFly__)
+#ifdef _MSC_VER
+#include <malloc.h>
+#elif !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__DragonFly__)
  #include <alloca.h>
 #else
  #include <stdlib.h>