diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-16 19:10:13 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-16 19:24:52 +0200 |
| commit | 376638afcf945ec43089625d115286594ce0ab16 (patch) | |
| tree | e1eef8d001be93bbdfe0e8eb348da37011794594 /src/crypto | |
| parent | df7addc4c6e990141869c41decaf3ef98c4e45d2 (diff) | |
| parent | 8794a4b3ae4d34a4cd21a7dee9f694eef7726a4f (diff) | |
Merge #14047: Add HKDF_HMAC256_L32 and method to negate a private key
8794a4b3ae4d34a4cd21a7dee9f694eef7726a4f QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489416339dae8f9d896013cd060a21406e2b Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f852e400c552f031697d6a86829dc6e74bd6 QA: add test for CKey::Negate() (Jonas Schnelli)
463921bb649d644f79f9d7f0f96f10aa0d165f76 CKey: add method to negate the key (Jonas Schnelli)
Pull request description:
This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256 and length output of 32 bytes (will be required for v2 transport protocol).
This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.
Including tests.
This is a subset of #14032 and a pre-requirement for the v2 transport protocol.
ACKs for commit 8794a4:
Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/hkdf_sha256_32.cpp | 21 | ||||
| -rw-r--r-- | src/crypto/hkdf_sha256_32.h | 25 |
2 files changed, 46 insertions, 0 deletions
diff --git a/src/crypto/hkdf_sha256_32.cpp b/src/crypto/hkdf_sha256_32.cpp new file mode 100644 index 0000000000..9cea5995ec --- /dev/null +++ b/src/crypto/hkdf_sha256_32.cpp @@ -0,0 +1,21 @@ +// Copyright (c) 2018 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <crypto/hkdf_sha256_32.h> + +#include <assert.h> +#include <string.h> + +CHKDF_HMAC_SHA256_L32::CHKDF_HMAC_SHA256_L32(const unsigned char* ikm, size_t ikmlen, const std::string& salt) +{ + CHMAC_SHA256((const unsigned char*)salt.c_str(), salt.size()).Write(ikm, ikmlen).Finalize(m_prk); +} + +void CHKDF_HMAC_SHA256_L32::Expand32(const std::string& info, unsigned char hash[OUTPUT_SIZE]) +{ + // expand a 32byte key (single round) + assert(info.size() <= 128); + static const unsigned char one[1] = {1}; + CHMAC_SHA256(m_prk, 32).Write((const unsigned char*)info.data(), info.size()).Write(one, 1).Finalize(hash); +} diff --git a/src/crypto/hkdf_sha256_32.h b/src/crypto/hkdf_sha256_32.h new file mode 100644 index 0000000000..fa1e42aec1 --- /dev/null +++ b/src/crypto/hkdf_sha256_32.h @@ -0,0 +1,25 @@ +// Copyright (c) 2018 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_CRYPTO_HKDF_SHA256_32_H +#define BITCOIN_CRYPTO_HKDF_SHA256_32_H + +#include <crypto/hmac_sha256.h> + +#include <stdint.h> +#include <stdlib.h> + +/** A rfc5869 HKDF implementation with HMAC_SHA256 and fixed key output length of 32 bytes (L=32) */ +class CHKDF_HMAC_SHA256_L32 +{ +private: + unsigned char m_prk[32]; + static const size_t OUTPUT_SIZE = 32; + +public: + CHKDF_HMAC_SHA256_L32(const unsigned char* ikm, size_t ikmlen, const std::string& salt); + void Expand32(const std::string& info, unsigned char hash[OUTPUT_SIZE]); +}; + +#endif // BITCOIN_CRYPTO_HKDF_SHA256_32_H |