aboutsummaryrefslogtreecommitdiff
path: root/src/crypto
AgeCommit message (Collapse)Author
2019-10-28Fix occurences of c_str() used with size() to data()Wladimir J. van der Laan
Using `data()` better communicates the intent here. Also, depending on how `c_str()` is implemented, this fixes undefined behavior: The part of the string after the first NULL character might have undefined contents.
2019-10-15Remove unused includespracticalswift
2019-06-25Add ChaCha20Poly1305@Bitcoin AEAD implementationJonas Schnelli
2019-06-02Make reasoning about dependencies easier by not including unused dependenciespracticalswift
2019-05-16Merge #14047: Add HKDF_HMAC256_L32 and method to negate a private keyWladimir J. van der Laan
8794a4b3ae4d34a4cd21a7dee9f694eef7726a4f QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli) 551d489416339dae8f9d896013cd060a21406e2b Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli) 3b64f852e400c552f031697d6a86829dc6e74bd6 QA: add test for CKey::Negate() (Jonas Schnelli) 463921bb649d644f79f9d7f0f96f10aa0d165f76 CKey: add method to negate the key (Jonas Schnelli) Pull request description: This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256 and length output of 32 bytes (will be required for v2 transport protocol). This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`. Including tests. This is a subset of #14032 and a pre-requirement for the v2 transport protocol. ACKs for commit 8794a4: Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
2019-05-16Merge #15950: Do not construct out-of-bound pointers in SHA2 codeWladimir J. van der Laan
c01c065b9ded3399a6a480f15543827dd5e8eb4d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille) Pull request description: This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers). I discovered this while investigating #14580. Sadly, it does not fix it. ACKs for commit c01c06: practicalswift: utACK c01c065b9ded3399a6a480f15543827dd5e8eb4d Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
2019-05-11Add HKDF HMAC_SHA256 L=32 implementationsJonas Schnelli
2019-05-10Merge #15512: Add ChaCha20 encryption option (XOR)Jonas Schnelli
2dfe27517 Add ChaCha20 bench (Jonas Schnelli) 2bc2b8b49 Add ChaCha20 encryption option (XOR) (Jonas Schnelli) Pull request description: The current ChaCha20 implementation does not support message encryption (it can only output the keystream which is sufficient for the RNG). This PR adds the actual XORing of the `plaintext` with the `keystream` in order to return the desired `ciphertext`. Required for v2 message transport protocol. ACKs for commit 2dfe27: jnewbery: Looks good. utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00. jnewbery: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00 sipa: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00 ryanofsky: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00. Changes since last review are just renaming the Crypt method, adding comments, and simplifying the benchmark. Tree-SHA512: 84bb234da2ca9fdc44bc29a786d9dd215520f81245270c1aef801ef66b6091b7793e2eb38ad6dbb084925245065c5dce9e5582f2d0fa220ab3e182d43412d5b5
2019-05-06Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 codePieter Wuille
2019-05-03Add ChaCha20 encryption option (XOR)Jonas Schnelli
2019-03-29Merge #15663: crypto: Remove unused AES-128 codeJonas Schnelli
f6ee177f7 Remove unused AES-128 code (practicalswift) Pull request description: Remove unused AES-128 code. As far as I can tell this AES-128 code has never been in use in the project (outside of testing/benchmarking). The AES-256 code is used in `CCrypter::Encrypt`/`CCrypter::Decrypt` (`src/wallet/crypter.cpp`). Trivia: 0.15% of the project's C++ LOC count (excluding dependencies) is trimmed off: ``` $ LOC_BEFORE=$(git grep -I "" HEAD~1 -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l) $ LOC_AFTER=$(git grep -I "" -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l) $ bc <<< "scale=4; ${LOC_AFTER}/${LOC_BEFORE}" .9985 ``` :-) Tree-SHA512: 9588a3cd795a89ef658b8ee7323865f57723cb4ed9560c21de793f82d35e2835059e7d6d0705e99e3d16bf6b2a444b4bf19568d50174ff3776caf8a3168f5c85
2019-03-26Add Poly1305 implementationJonas Schnelli
2019-03-25Remove unused AES-128 codepracticalswift
2019-01-16Abstract out seeding/extracting entropy into RNGState::MixExtractPieter Wuille
2018-11-05Extract CSipHasher to it's own file in crypto/ directory.Jim Posen
This is a move-only commit with the exception of changes to includes.
2018-07-27Update copyright headers to 2018DrahtBot
2018-07-09Merge #13386: SHA256 implementations based on Intel SHA ExtensionsWladimir J. van der Laan
66b2cf1ccfad545a8ec3f2a854e23f647322bf30 Use immintrin.h everywhere for intrinsics (Pieter Wuille) 4c935e2eee456ff66cdfb908b0edffdd1e8a6c04 Add SHA256 implementation using using Intel SHA intrinsics (Pieter Wuille) 268400d3188200c9e3dcd3482c4853354388a721 [Refactor] CPU feature detection logic for SHA256 (Pieter Wuille) Pull request description: Based on #13191. This adds SHA256 implementations that use Intel's SHA Extension instructions (using intrinsics). This needs GCC 4.9 or Clang 3.4. In addition to #13191, two extra implementations are provided: * (a) A variable-length SHA256 implementation using SHA extensions. * (b) A 2-way 64-byte input double-SHA256 implementation using SHA extensions. Benchmarks for 9001-element Merkle tree root computation on an AMD Ryzen 1800X system: * Using generic C++ code (pre-#10821): 6.1ms * Using SSE4 (master, #10821): 4.6ms * Using 4-way SSE4 specialized for 64-byte inputs (#13191): 2.8ms * Using 8-way AVX2 specialized for 64-byte inputs (#13191): 2.1ms * Using 2-way SHA-NI specialized for 64-byte inputs (this PR): 0.56ms Benchmarks for 32-byte SHA256 on the same system: * Using SSE4 (master, #10821): 190ns * Using SHA-NI (this PR): 53ns Benchmarks for 1000000-byte SHA256 on the same system: * Using SSE4 (master, #10821): 2.5ms * Using SHA-NI (this PR): 0.51ms Tree-SHA512: 2b319e33b22579f815d91f9daf7994a5e1e799c4f73c13e15070dd54ba71f3f6438ccf77ae9cbd1ce76f972d9cbeb5f0edfea3d86f101bbc1055db70e42743b7
2018-07-07Use __cpuid_count for gnu C to avoid gitian build fail.Chun Kuan Lee
2018-06-26Use immintrin.h everywhere for intrinsicsPieter Wuille
2018-06-26Add SHA256 implementation using using Intel SHA intrinsicsPieter Wuille
2018-06-24[Refactor] CPU feature detection logic for SHA256Pieter Wuille
2018-06-24Merge #13471: For AVX2 code, also check for AVX, XSAVE, and OS supportWladimir J. van der Laan
32d153fa360f73b4999701b97d55b12318fd2659 For AVX2 code, also check for AVX, XSAVE, and OS support (Pieter Wuille) Pull request description: Fixes #12903. Tree-SHA512: 01e71efb5d3a43c49a145a5b1dc4fe7d0a491e1e78479e7df830a2aaac57c3dcfc316e28984c695206c76f93b68e4350fc037ca36756ca579b7070e39c835da2
2018-06-18For AVX2 code, also check for AVX, XSAVE, and OS supportPieter Wuille
2018-06-12Improve coverage of SHA256 SelfTest codePieter Wuille
2018-06-12Merge #13393: Enable double-SHA256-for-64-byte code on 32-bit x86Wladimir J. van der Laan
57ba401abcfe564a2c4d259e0f758401ed74616d Enable double-SHA256-for-64-byte code on 32-bit x86 (Pieter Wuille) Pull request description: The SSE4 and AVX2 double-SHA256-for-64-byte input code from #13191 compiles fine on 32-bit x86 systems, but the autodetection logic in sha256.cpp doesn't enable it. Fix this. Note that these instruction sets are only available on CPUs that support 64-bit mode as well, so it is only beneficial in the (perhaps unlikely) scenario where a 64-bit CPU is running a 32-bit Bitcoin Core binary. Tree-SHA512: 39d5963c1ba8c33932549d5fe98bd184932689a40aeba95043eca31dd6824f566197c546b60905555eccaf407408a5f0f200247bb0907450d309b0a70b245102
2018-06-06Use bracket syntax includes ("#include <foo.h>")practicalswift
2018-06-04Enable double-SHA256-for-64-byte code on 32-bit x86Pieter Wuille
2018-05-298-way AVX2 implementation for double SHA256 on 64-byte inputsPieter Wuille
2018-05-294-way SSE4.1 implementation for double SHA256 on 64-byte inputsPieter Wuille
2018-05-29Specialized double sha256 for 64 byte inputsPieter Wuille
2018-05-08Refactor SHA256 codePieter Wuille
2018-03-01Consensus: Fix bug when compiler do not support __builtin_clz*532479301
#ifdef is not correct since defination is defined to 0 or 1. Should change to #if
2018-01-03Increment MIT Licence copyright header year on files modified in 2017Akira Takizawa
2017-11-16scripted-diff: Replace #include "" with #include <> (ryanofsky)MeshCollider
-BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT-
2017-09-05Merge #11143: Fix include path for bitcoin-config.hWladimir J. van der Laan
5abb93f0e Fix include path for bitcoin-config.h in crypto/common.h (danra) Pull request description: All the other files in the repo which include bitcoin-config.h do so with the appropriate subfolder prefixed: config/bitcoin-config.h The header should be included with the appropriate subfolder here as well. Tree-SHA512: abda23a9cf251553f90afe0ee1866de46ed579471f4139737239a4f9334ca817d985deac6336740898718775d1264c0b80cb348668b10a9cae970895f2de37b8
2017-09-05Merge #11176: build: Rename --enable-experimental-asm to --enable-asm and ↵Wladimir J. van der Laan
enable by default 538cc0ca8 build: Mention use of asm in summary (Wladimir J. van der Laan) ce5381e7f build: Rename --enable-experimental-asm to --enable-asm and enable by default (Wladimir J. van der Laan) Pull request description: Now that 0.15 is branched off, enable assembler SHA256 optimizations by default, but still allow disabling them, for example if something goes wrong with auto-detection on a platform. Also add mention of the use of asm in the configure summary. Tree-SHA512: cd20c497f65edd6b1e8b2cc3dfe82be11fcf4777543c830ccdec6c10f25eab4576b0f2953f3957736d7e04deaa4efca777aa84b12bb1cecb40c258e86c120ec8
2017-09-02Update hmac_sha256.hUtsav Gupta
Fixed a typo
2017-08-31Fix include path for bitcoin-config.h in crypto/common.hdanra
All the other files in the repo which include bitcoin-config.h do so with the appropriate subfolder prefixed: config/bitcoin-config.h The header should be included with the appropriate subfolder here as well. This canonicalization also allows getting rid of a bit of extra configuration in Makefile.am.
2017-08-28build: Rename --enable-experimental-asm to --enable-asm and enable by defaultWladimir J. van der Laan
Now that 0.15 is branched off, enable assembler SHA256 optimizations by default.
2017-08-16Declare single-argument (non-converting) constructors "explicit"practicalswift
In order to avoid unintended implicit conversions.
2017-08-07scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal ↵practicalswift
instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT-
2017-07-20Protect SSE4 code behind a compile-time flagPieter Wuille
2017-07-20Add selftest for SHA256 transformPieter Wuille
2017-07-20Add SSE4 based SHA256Pieter Wuille
2017-07-20Add SHA256 dispatcherPieter Wuille
2017-07-20Support multi-block SHA256 transformsPieter Wuille
Extracted from a patch by Wladimir van der Laan.
2017-06-05Limit variable scopepracticalswift
2017-03-29Add a FastRandomContext::randrange and use itPieter Wuille
2017-03-29Add ChaCha20Pieter Wuille
2017-01-12Avoid unaligned access in crypto i/oPieter Wuille