aboutsummaryrefslogtreecommitdiff
path: root/src/crypto
AgeCommit message (Collapse)Author
2022-10-26Fix typo in comment SHA256->SHA512Elichai Turkel
2022-09-23refactor: use <cstdlib> over stdlib.hfanquake
We currently use both. Consolidate on the former.
2022-07-20Use HashWriter where possibleMacroFake
2022-06-10build: test for timingsafe_bcmpfanquake
Code introduced in #15649 added usage of `timingsafe_bcmp()`, if available, otherwise falling back to our own implementation. However the relevant build system check was never added, so currently, we'll always just use our implementation, as HAVE_TIMINGSAFE_BCMP will never be defined. Add the check for timingsafe_bcmp. Note that as far as I'm aware, it's only available on OpenBSD.
2022-05-04Unroll the ChaCha20 inner loop for performancePieter Wuille
2022-04-05refactor: Use [[maybe_unused]] attributeHennadii Stepanov
2022-04-05refactor: Drop unneeded workarounds aimed to silence unused warningHennadii Stepanov
All of the touched symbols are indeed used regardless of any macros.
2022-02-17doc: Fix typosTaeik Lim
2022-02-14Merge bitcoin/bitcoin#24115: ARMv8 SHA2 Intrinsicslaanwj
aaa1d03d3acebeb44fdd40a302f086aad3d329ce Add optimized sha256d64_arm_shani::Transform_2way (Pieter Wuille) fe0629852aaf3a26f291bfa535e7e455fe7bea06 Implement sha256_arm_shani::Transform (Pavol Rusnak) 48a72fa81f80c8a3c7c6de8339b5feb361dece1c Add sha256_arm_shani to build system (Pavol Rusnak) c2b79342506e24e9b7100fb7a6025dc870375ef6 Rename SHANI to X86_SHANI to allow future implementation of ARM_SHANI (Pavol Rusnak) Pull request description: This PR adds support for ARMv8 SHA2 Intrinsics. Fixes https://github.com/bitcoin/bitcoin/issues/13401 and https://github.com/bitcoin/bitcoin/issues/17414 * Integration part was done by me. * The original SHA2 NI code comes from https://github.com/noloader/SHA-Intrinsics/blob/master/sha256-arm.c * Minor optimizations from https://github.com/rollmeister/bitcoin-armv8/blob/master/src/crypto/sha256.cpp are applied too. * The 2-way transform added by @sipa ACKs for top commit: laanwj: Code review and lightly tested ACK aaa1d03d3acebeb44fdd40a302f086aad3d329ce Tree-SHA512: 9689d6390c004269cb1ee79ed05430d7d35a6efef2554a2b6732f7258a11e7e959b3306c04b4e8637a9623fb4c12d1c1b3592da0ff0dc6d737932db302509669
2022-01-30doc: Fix typos pointed out by lint-spellingbrunoerg
2022-01-28Add optimized sha256d64_arm_shani::Transform_2wayPieter Wuille
2022-01-28Implement sha256_arm_shani::TransformPavol Rusnak
Co-Authored-By: Rauli Kumpulainen <rauliweb@gmail.com> Co-Authored-By: Pieter Wuille <pieter@wuille.net>
2022-01-28Add sha256_arm_shani to build systemPavol Rusnak
Also rename AArch64 intrinsics to ARMv8 intrinsics as these are not necessarily limited to 64-bit
2022-01-28Rename SHANI to X86_SHANI to allow future implementation of ARM_SHANIPavol Rusnak
2021-12-30scripted-diff: Bump copyright headersHennadii Stepanov
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT- Commits of previous years: * 2020: fa0074e2d82928016a43ca408717154a1c70a4db * 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
2021-12-13build: use __SIZEOF_INT128__ for checking __int128 availabilityfanquake
We already use this in the blockfilter code, so not sure we need to maintain two different ways of testing for the same functionality. Consolidate on testing for __SIZEOF_INT128__, which we already use, is supported by the compilers we care about, and is also used by libsecp256k1.
2021-10-20Fix K1/K2 use in the comments in ChaCha20-Poly1305 AEAD=
This is done for the ChaCha20-Poly1305 AEAD test vector and for the K1/K2 ChaCha20 cipher instances in chacha_poly_aead.h
2021-06-23[crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEADDhruv Mehta
BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.
2021-04-19crypto: Make MuHash Remove method efficientFabian Jahr
Division of MuHash objects are very expensive and multiplication relatively cheap. The whole idea of introducing and tracking numerator and denominators seperately as a representation of the internal state was so that divisions would be rare. So using divison in the Remove method did not make any sense and was just a silly mistake which is corrected here.
2021-01-24refactor: Improve encapsulation between MuHash3072 and Num3072Fabian Jahr
Also fixes a typo.
2021-01-07Merge #19055: Add MuHash3072 implementationWladimir J. van der Laan
9815332d5158d69a94abeaf465a2c07bd8e43359 test: Change MuHash Python implementation to match cpp version again (Fabian Jahr) 01297fb3ca57e4b8cbc5a89fc7c6367de33b0bc6 fuzz: Add MuHash consistency fuzz test (Fabian Jahr) b111410914041b72961536c3e4037eba103a8085 test: Add MuHash3072 fuzz test (Fabian Jahr) c1225273857f9fa2e2276396e3f8b3ea48306df3 bench: Add Muhash benchmarks (Fabian Jahr) 7b1242229d1fcc9277238a3aefb3431061c82bfa test: Add MuHash3072 unit tests (Fabian Jahr) adc708c98dbf03b1735edc91f813a36580781a95 crypto: Add MuHash3072 implementation (Fabian Jahr) 0b4d290bf5b0a4d156c523431bf89aaa9ffe92e5 crypto: Add Num3072 implementation (Fabian Jahr) 589f958662a2dcaacdb9a66f1088c74828a39577 build: Check for 128 bit integer support (Fabian Jahr) Pull request description: This is the first split of #18000 which implements the Muhash algorithm and uses it to calculate the UTXO set hash in `gettxoutsetinfo`. ACKs for top commit: laanwj: Code review ACK 9815332d5158d69a94abeaf465a2c07bd8e43359 Tree-SHA512: 4bc090738f0e3d80b74bdd8122e24a8ce80121120fd37c7e4335a73e7ba4fcd7643f2a2d559e2eebf54b8e3a3bd5f12cfb27ba61ded135fda210a07a233eae45
2021-01-04doc: Use https URLs where possibleSawyer Billings
2020-12-31scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-12-21crypto: Add MuHash3072 implementationFabian Jahr
Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
2020-12-20crypto: Add Num3072 implementationFabian Jahr
Num3072 is a specialized bignum implementation used in MuHash3072. Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
2020-09-28Merge #19845: net: CNetAddr: add support to (un)serialize as ADDRv2Pieter Wuille
7be6ff61875a8d5d2335bff5d1f16ba40557adb0 net: recognize TORv3/I2P/CJDNS networks (Vasil Dimov) e0d73573a37bf4b519f6f61e5678572d48a64517 net: CNetAddr: add support to (un)serialize as ADDRv2 (Vasil Dimov) fe42411b4b07b99c591855f5f00ad45dfeec8e30 test: move HasReason so it can be reused (Vasil Dimov) d2bb681f96fb327b4c4d5b2b113692ca22fdffbf util: move HasPrefix() so it can be reused (Vasil Dimov) Pull request description: (chopped off from #19031 to ease review) Add an optional support to serialize/unserialize `CNetAddr` in ADDRv2 format (BIP155). The new serialization is engaged by ORing a flag into the stream version. So far this is only used in tests to ensure the new code works as expected. ACKs for top commit: Sjors: re-tACK 7be6ff61875a8d5d2335bff5d1f16ba40557adb0 sipa: re-utACK 7be6ff61875a8d5d2335bff5d1f16ba40557adb0 eriknylund: ACK 7be6ff61875a8d5d2335bff5d1f16ba40557adb0 I built the PR on macOS Catalina 10.15.6, ran both tests and functional tests. I've reviewed the code and think the changes look good and according to BIP155. I verified that the added Base32 encoding test looks as proposed and working. I've run a node for a week only with Onion addresses `-onlynet=onion` without issues and I can connect to other peer reviewers running TorV3 on their nodes and I can connect both of my test nodes to each other. jonatack: re-ACK 7be6ff61875a8d5d2335bff5d1f16ba40557adb0 per `git diff b9c46e0 7be6ff6`, debug build, ran/running bitcoind with this change and observed the log and `-netinfo` peer connections while connected as a tor v2 service to both tor v2 peers and also five tor v3 peers. hebasto: ACK 7be6ff61875a8d5d2335bff5d1f16ba40557adb0, tested on Linux Mint 20 (x86_64): on top of this pull and #19031 I'm able to connect to onion v3 addresses, and jonatack is able to connect to my created onion v3 address. Tree-SHA512: dc621411ac4393993aa3ccad10991717ec5f9f2643cae46a24a89802df0a33d6042994fc8ff2f0f397a3dbcd1c0e58fe4724305a2f9eb64d9342c3bdf784d9be
2020-09-21net: recognize TORv3/I2P/CJDNS networksVasil Dimov
Recognizing addresses from those networks allows us to accept and gossip them, even though we don't know how to connect to them (yet). Co-authored-by: eriknylund <erik@daychanged.com>
2020-09-14Merge #19931: Change CSipHasher's count variable to uint8_tfanquake
812037cb80f72096738cf2b0c15b39536c6c1e24 Change CSipHasher's count variable to uint8_t (Pieter Wuille) Pull request description: SipHash technically supports arbitrarily long inputs (at least, I couldn't find a limit in the [paper](https://eprint.iacr.org/2012/351.pdf)), but only the low 8 bits of the length matter. Because of that we should use an unsigned type to track the length (as any signed type could overflow, which is UB). `uint8_t` is sufficient, however. Fixes #19930. ACKs for top commit: laanwj: anyhow re-ACK 812037cb80f72096738cf2b0c15b39536c6c1e24 elichai: utACK 812037cb80f72096738cf2b0c15b39536c6c1e24 practicalswift: ACK 812037cb80f72096738cf2b0c15b39536c6c1e24 theStack: ACK 812037cb80f72096738cf2b0c15b39536c6c1e24 Tree-SHA512: 5b1440c9e4591460da198991fb421ad47d2d96def2014e761726ce361aa9575752f2c4085656e7e9badee3660ff005cc76fbd1afe4848faefe4502f3412bd896
2020-09-10Change CSipHasher's count variable to uint8_tPieter Wuille
2020-09-06Unroll Keccak-f implementationPieter Wuille
2020-09-06Implement keccak-f[1600] and SHA3-256Pieter Wuille
2020-06-29build: improve builtin_clz* detectionfanquake
The way we currently test with AC_CHECK_DECLS do not work with Clang: ```bash configure:21492: clang++-10 -std=c++11 -c -g -O2 -DHAVE_BUILD_INFO -D__STDC_FORMAT_MACROS conftest.cpp >&5 conftest.cpp:100:10: error: builtin functions must be directly called (void) __builtin_clz; ^ 1 error generated. ``` This also removes the __builtin_clz() check, as we don't actually use it anywhere, and it's trvial to re-add detection if we do start using it at some point.
2020-04-07Avoid non-trivial global constants in SHA-NI codePieter Wuille
2020-01-16Merge #17691: doc: Add missed copyright headersMarcoFalke
fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916 scripted-diff: Add missed copyright headers (Hennadii Stepanov) 6fde9d5e47fc9a1042b3fb68031eab5bf55e508d script: Update EXLUDE list in copyright_header.py (Hennadii Stepanov) 1998152f15fd2b0e83f5068c375a34feaf73db8c script: Add empty line after C++ copyright (Hennadii Stepanov) 071f2fc204f542c5a287ca8835115a2ee0bf2f50 script: Add ability to insert copyright to *.sh (Hennadii Stepanov) Pull request description: This PR improves `contrib/devtools/copyright_header.py` script and adds copyright headers to the files in `src` and `test` directories with two exceptions: - [`src/reverse_iterator.h`](https://github.com/bitcoin/bitcoin/blob/master/src/reverse_iterator.h) (added to exceptions) - [`src/test/fuzz/FuzzedDataProvider.h`](https://github.com/bitcoin/bitcoin/blob/master/src/test/fuzz/FuzzedDataProvider.h) (added to exceptions) On master 5622d8f3156a293e61d0964c33d4b21d8c9fd5e0: ``` $ ./contrib/devtools/copyright_header.py report . | grep zero 25 with zero copyrights ``` With this PR: ``` $ ./contrib/devtools/copyright_header.py report . | grep zero 2 with zero copyrights ``` ~I am uncertain about our copyright policy with `build_msvc` and `contrib` directories content, so they are out of scope of this PR.~ ACKs for top commit: MarcoFalke: ACK fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916 Tree-SHA512: d7832c4a7a1a3b7806119775b40ec35d7982f49ff0e6199b8cee4c0e0a36e68d51728b6ee9924b1c161df4bc6105bd93391b79d42914357fa522f499cb113fa8
2020-01-04scripted-diff: Add missed copyright headersHennadii Stepanov
-BEGIN VERIFY SCRIPT- s() { contrib/devtools/copyright_header.py insert "$1"; } s build_msvc/bitcoin_config.h s build_msvc/msvc-autogen.py s build_msvc/testconsensus/testconsensus.cpp s contrib/devtools/circular-dependencies.py s contrib/devtools/gen-manpages.sh s contrib/filter-lcov.py s contrib/gitian-build.py s contrib/install_db4.sh s src/crypto/sha256_avx2.cpp s src/crypto/sha256_sse41.cpp s src/fs.cpp s src/qt/test/addressbooktests.cpp s src/qt/test/addressbooktests.h s src/qt/test/util.cpp s src/qt/test/util.h s src/qt/test/wallettests.cpp s src/qt/test/wallettests.h s src/test/blockchain_tests.cpp s test/functional/combine_logs.py s test/lint/lint-locale-dependence.sh sed -i '1G' test/lint/lint-shebang.sh s test/lint/lint-shebang.sh -END VERIFY SCRIPT-
2019-12-30scripted-diff: Bump copyright of files changed in 2019MarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2019-11-12Report amount of data gathered from environmentPieter Wuille
2019-11-12[MOVEONLY] Move cpuid code from random & sha256 to compat/cpuidPieter Wuille
2019-10-28Fix occurences of c_str() used with size() to data()Wladimir J. van der Laan
Using `data()` better communicates the intent here. Also, depending on how `c_str()` is implemented, this fixes undefined behavior: The part of the string after the first NULL character might have undefined contents.
2019-10-15Remove unused includespracticalswift
2019-06-25Add ChaCha20Poly1305@Bitcoin AEAD implementationJonas Schnelli
2019-06-02Make reasoning about dependencies easier by not including unused dependenciespracticalswift
2019-05-16Merge #14047: Add HKDF_HMAC256_L32 and method to negate a private keyWladimir J. van der Laan
8794a4b3ae4d34a4cd21a7dee9f694eef7726a4f QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli) 551d489416339dae8f9d896013cd060a21406e2b Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli) 3b64f852e400c552f031697d6a86829dc6e74bd6 QA: add test for CKey::Negate() (Jonas Schnelli) 463921bb649d644f79f9d7f0f96f10aa0d165f76 CKey: add method to negate the key (Jonas Schnelli) Pull request description: This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256 and length output of 32 bytes (will be required for v2 transport protocol). This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`. Including tests. This is a subset of #14032 and a pre-requirement for the v2 transport protocol. ACKs for commit 8794a4: Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
2019-05-16Merge #15950: Do not construct out-of-bound pointers in SHA2 codeWladimir J. van der Laan
c01c065b9ded3399a6a480f15543827dd5e8eb4d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille) Pull request description: This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers). I discovered this while investigating #14580. Sadly, it does not fix it. ACKs for commit c01c06: practicalswift: utACK c01c065b9ded3399a6a480f15543827dd5e8eb4d Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
2019-05-11Add HKDF HMAC_SHA256 L=32 implementationsJonas Schnelli
2019-05-10Merge #15512: Add ChaCha20 encryption option (XOR)Jonas Schnelli
2dfe27517 Add ChaCha20 bench (Jonas Schnelli) 2bc2b8b49 Add ChaCha20 encryption option (XOR) (Jonas Schnelli) Pull request description: The current ChaCha20 implementation does not support message encryption (it can only output the keystream which is sufficient for the RNG). This PR adds the actual XORing of the `plaintext` with the `keystream` in order to return the desired `ciphertext`. Required for v2 message transport protocol. ACKs for commit 2dfe27: jnewbery: Looks good. utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00. jnewbery: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00 sipa: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00 ryanofsky: utACK 2dfe2751713c814aea53b5a7563eb74ad1baea00. Changes since last review are just renaming the Crypt method, adding comments, and simplifying the benchmark. Tree-SHA512: 84bb234da2ca9fdc44bc29a786d9dd215520f81245270c1aef801ef66b6091b7793e2eb38ad6dbb084925245065c5dce9e5582f2d0fa220ab3e182d43412d5b5
2019-05-06Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 codePieter Wuille
2019-05-03Add ChaCha20 encryption option (XOR)Jonas Schnelli
2019-03-29Merge #15663: crypto: Remove unused AES-128 codeJonas Schnelli
f6ee177f7 Remove unused AES-128 code (practicalswift) Pull request description: Remove unused AES-128 code. As far as I can tell this AES-128 code has never been in use in the project (outside of testing/benchmarking). The AES-256 code is used in `CCrypter::Encrypt`/`CCrypter::Decrypt` (`src/wallet/crypter.cpp`). Trivia: 0.15% of the project's C++ LOC count (excluding dependencies) is trimmed off: ``` $ LOC_BEFORE=$(git grep -I "" HEAD~1 -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l) $ LOC_AFTER=$(git grep -I "" -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l) $ bc <<< "scale=4; ${LOC_AFTER}/${LOC_BEFORE}" .9985 ``` :-) Tree-SHA512: 9588a3cd795a89ef658b8ee7323865f57723cb4ed9560c21de793f82d35e2835059e7d6d0705e99e3d16bf6b2a444b4bf19568d50174ff3776caf8a3168f5c85
2019-03-26Add Poly1305 implementationJonas Schnelli