2014-12-16 17:47:57 -08:00
|
|
|
// Copyright (c) 2014 The Bitcoin Core developers
|
2014-09-27 04:49:21 -07:00
|
|
|
// Distributed under the MIT software license, see the accompanying
|
2014-05-02 16:04:18 -07:00
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
#ifndef BITCOIN_CRYPTO_COMMON_H
|
|
|
|
#define BITCOIN_CRYPTO_COMMON_H
|
|
|
|
|
2014-06-09 12:05:28 -07:00
|
|
|
#if defined(HAVE_CONFIG_H)
|
|
|
|
#include "bitcoin-config.h"
|
|
|
|
#endif
|
2014-09-27 04:49:21 -07:00
|
|
|
|
2014-05-02 16:04:18 -07:00
|
|
|
#include <stdint.h>
|
2016-08-18 15:38:20 -07:00
|
|
|
#include <assert.h>
|
2014-09-27 04:49:21 -07:00
|
|
|
|
2016-08-18 15:38:20 -07:00
|
|
|
#include "sodium.h"
|
2014-12-19 00:53:43 -08:00
|
|
|
#include "compat/endian.h"
|
|
|
|
|
2016-08-18 15:38:20 -07:00
|
|
|
#if defined(NDEBUG)
|
2017-07-21 01:18:09 -07:00
|
|
|
# error "Zcash cannot be compiled without assertions."
|
2016-08-18 15:38:20 -07:00
|
|
|
#endif
|
|
|
|
|
2014-12-19 00:53:43 -08:00
|
|
|
uint16_t static inline ReadLE16(const unsigned char* ptr)
|
|
|
|
{
|
|
|
|
return le16toh(*((uint16_t*)ptr));
|
|
|
|
}
|
2014-06-09 12:05:28 -07:00
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
uint32_t static inline ReadLE32(const unsigned char* ptr)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
return le32toh(*((uint32_t*)ptr));
|
|
|
|
}
|
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
uint64_t static inline ReadLE64(const unsigned char* ptr)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
return le64toh(*((uint64_t*)ptr));
|
2014-12-19 00:53:43 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
void static inline WriteLE16(unsigned char* ptr, uint16_t x)
|
|
|
|
{
|
|
|
|
*((uint16_t*)ptr) = htole16(x);
|
2014-06-09 12:05:28 -07:00
|
|
|
}
|
2014-05-02 16:04:18 -07:00
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
void static inline WriteLE32(unsigned char* ptr, uint32_t x)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
*((uint32_t*)ptr) = htole32(x);
|
|
|
|
}
|
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
void static inline WriteLE64(unsigned char* ptr, uint64_t x)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
*((uint64_t*)ptr) = htole64(x);
|
|
|
|
}
|
2014-05-02 16:04:18 -07:00
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
uint32_t static inline ReadBE32(const unsigned char* ptr)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
return be32toh(*((uint32_t*)ptr));
|
2014-05-02 16:04:18 -07:00
|
|
|
}
|
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
uint64_t static inline ReadBE64(const unsigned char* ptr)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
return be64toh(*((uint64_t*)ptr));
|
2014-05-02 16:04:18 -07:00
|
|
|
}
|
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
void static inline WriteBE32(unsigned char* ptr, uint32_t x)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
*((uint32_t*)ptr) = htobe32(x);
|
2014-05-02 16:04:18 -07:00
|
|
|
}
|
|
|
|
|
2014-09-24 23:23:32 -07:00
|
|
|
void static inline WriteBE64(unsigned char* ptr, uint64_t x)
|
|
|
|
{
|
2014-06-09 12:05:28 -07:00
|
|
|
*((uint64_t*)ptr) = htobe64(x);
|
2014-05-02 16:04:18 -07:00
|
|
|
}
|
|
|
|
|
2016-08-18 15:38:20 -07:00
|
|
|
int inline init_and_check_sodium()
|
|
|
|
{
|
|
|
|
if (sodium_init() == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// What follows is a runtime test that ensures the version of libsodium
|
|
|
|
// we're linked against checks that signatures are canonical (s < L).
|
|
|
|
const unsigned char message[1] = { 0 };
|
|
|
|
|
|
|
|
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
|
|
|
|
unsigned char sk[crypto_sign_SECRETKEYBYTES];
|
|
|
|
unsigned char sig[crypto_sign_BYTES];
|
|
|
|
|
|
|
|
crypto_sign_keypair(pk, sk);
|
|
|
|
crypto_sign_detached(sig, NULL, message, sizeof(message), sk);
|
|
|
|
|
|
|
|
assert(crypto_sign_verify_detached(sig, message, sizeof(message), pk) == 0);
|
|
|
|
|
|
|
|
// Copied from libsodium/crypto_sign/ed25519/ref10/open.c
|
|
|
|
static const unsigned char L[32] =
|
|
|
|
{ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
|
|
|
|
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
|
|
|
|
|
|
|
|
// Add L to S, which starts at sig[32].
|
|
|
|
unsigned int s = 0;
|
|
|
|
for (size_t i = 0; i < 32; i++) {
|
|
|
|
s = sig[32 + i] + L[i] + (s >> 8);
|
|
|
|
sig[32 + i] = s & 0xff;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(crypto_sign_verify_detached(sig, message, sizeof(message), pk) != 0);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-09-27 04:49:21 -07:00
|
|
|
#endif // BITCOIN_CRYPTO_COMMON_H
|