diff options
| author | Pieter Wuille <pieter@wuille.net> | 2023-07-10 10:58:20 -0400 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2023-07-26 17:09:27 -0400 |
| commit | 1c7582ead6e1119899922041c1af2b4169b0bc74 (patch) | |
| tree | 62b62595c6148afa1ef56d0ccd4ba5d1c36a9aa7 /src/bip324.cpp | |
| parent | 990f0f8da92a2d11828a7c05ca93bf0520b2a95e (diff) | |
| download | bitcoin-1c7582ead6e1119899922041c1af2b4169b0bc74.tar.xz | |
tests: add decryption test to bip324_tests
Diffstat (limited to 'src/bip324.cpp')
| -rw-r--r-- | src/bip324.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/bip324.cpp b/src/bip324.cpp index eb223f1f04..7ed99e5585 100644 --- a/src/bip324.cpp +++ b/src/bip324.cpp @@ -33,7 +33,7 @@ BIP324Cipher::BIP324Cipher(const CKey& key, Span<const std::byte> ent32) noexcep BIP324Cipher::BIP324Cipher(const CKey& key, const EllSwiftPubKey& pubkey) noexcept : m_key(key), m_our_pubkey(pubkey) {} -void BIP324Cipher::Initialize(const EllSwiftPubKey& their_pubkey, bool initiator) noexcept +void BIP324Cipher::Initialize(const EllSwiftPubKey& their_pubkey, bool initiator, bool self_decrypt) noexcept { // Determine salt (fixed string + network magic bytes) const auto& message_header = Params().MessageStart(); @@ -43,16 +43,17 @@ void BIP324Cipher::Initialize(const EllSwiftPubKey& their_pubkey, bool initiator ECDHSecret ecdh_secret = m_key.ComputeBIP324ECDHSecret(their_pubkey, m_our_pubkey, initiator); // Derive encryption keys from shared secret, and initialize stream ciphers and AEADs. + bool side = (initiator != self_decrypt); CHKDF_HMAC_SHA256_L32 hkdf(UCharCast(ecdh_secret.data()), ecdh_secret.size(), salt); std::array<std::byte, 32> hkdf_32_okm; hkdf.Expand32("initiator_L", UCharCast(hkdf_32_okm.data())); - (initiator ? m_send_l_cipher : m_recv_l_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); + (side ? m_send_l_cipher : m_recv_l_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); hkdf.Expand32("initiator_P", UCharCast(hkdf_32_okm.data())); - (initiator ? m_send_p_cipher : m_recv_p_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); + (side ? m_send_p_cipher : m_recv_p_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); hkdf.Expand32("responder_L", UCharCast(hkdf_32_okm.data())); - (initiator ? m_recv_l_cipher : m_send_l_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); + (side ? m_recv_l_cipher : m_send_l_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); hkdf.Expand32("responder_P", UCharCast(hkdf_32_okm.data())); - (initiator ? m_recv_p_cipher : m_send_p_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); + (side ? m_recv_p_cipher : m_send_p_cipher).emplace(hkdf_32_okm, REKEY_INTERVAL); // Derive garbage terminators from shared secret. hkdf.Expand32("garbage_terminators", UCharCast(hkdf_32_okm.data())); |