Replace HMAC_SHA256 with Bitcoin's version (#1438)

author: Ross Nicoll <[email protected]> 2018-01-20 17:51:39 +0000
committer: Ross Nicoll <[email protected]> 2018-09-19 22:11:47 +0100
commit: 57dae15a77410684126a9dfbcc6a72faff827906 (patch)
tree: 7f0b74341d773682b64e14487795a0fb7250cb1d /src/crypto/scrypt.cpp
parent: Update payment protocol to match Dogecoin (#1433) (diff)
download: discoin-57dae15a77410684126a9dfbcc6a72faff827906.tar.xz
discoin-57dae15a77410684126a9dfbcc6a72faff827906.zip
1 files changed, 20 insertions, 90 deletions
diff --git a/src/crypto/scrypt.cpp b/src/crypto/scrypt.cpp
index 887f58770..900154a39 100644
--- a/src/crypto/scrypt.cpp
+++ b/src/crypto/scrypt.cpp
@@ -28,7 +28,7 @@
  */
 
 #include "crypto/scrypt.h"
-//#include "util.h"
+#include "crypto/hmac_sha256.h"
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
@@ -60,74 +60,6 @@ static inline void be32enc(void *pp, uint32_t x)
 	p[0] = (x >> 24) & 0xff;
 }
 
-typedef struct HMAC_SHA256Context {
-	SHA256_CTX ictx;
-	SHA256_CTX octx;
-} HMAC_SHA256_CTX;
-
-/* Initialize an HMAC-SHA256 operation with the given key. */
-static void
-HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const void *_K, size_t Klen)
-{
-	unsigned char pad[64];
-	unsigned char khash[32];
-	const unsigned char *K = (const unsigned char *)_K;
-	size_t i;
-
-	/* If Klen > 64, the key is really SHA256(K). */
-	if (Klen > 64) {
-		SHA256_Init(&ctx->ictx);
-		SHA256_Update(&ctx->ictx, K, Klen);
-		SHA256_Final(khash, &ctx->ictx);
-		K = khash;
-		Klen = 32;
-	}
-
-	/* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */
-	SHA256_Init(&ctx->ictx);
-	memset(pad, 0x36, 64);
-	for (i = 0; i < Klen; i++)
-		pad[i] ^= K[i];
-	SHA256_Update(&ctx->ictx, pad, 64);
-
-	/* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */
-	SHA256_Init(&ctx->octx);
-	memset(pad, 0x5c, 64);
-	for (i = 0; i < Klen; i++)
-		pad[i] ^= K[i];
-	SHA256_Update(&ctx->octx, pad, 64);
-
-	/* Clean the stack. */
-	memset(khash, 0, 32);
-}
-
-/* Add bytes to the HMAC-SHA256 operation. */
-static void
-HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const void *in, size_t len)
-{
-	/* Feed data to the inner SHA256 operation. */
-	SHA256_Update(&ctx->ictx, in, len);
-}
-
-/* Finish an HMAC-SHA256 operation. */
-static void
-HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX *ctx)
-{
-	unsigned char ihash[32];
-
-	/* Finish the inner SHA256 operation. */
-	SHA256_Final(ihash, &ctx->ictx);
-
-	/* Feed the inner hash to the outer SHA256 operation. */
-	SHA256_Update(&ctx->octx, ihash, 32);
-
-	/* Finish the outer SHA256 operation. */
-	SHA256_Final(digest, &ctx->octx);
-
-	/* Clean the stack. */
-	memset(ihash, 0, 32);
-}
-
 /**
  * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
  * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
@@ -137,18 +69,19 @@ void
 PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
     size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen)
 {
-	HMAC_SHA256_CTX PShctx, hctx;
+	CHMAC_SHA256 baseCtx = CHMAC_SHA256(passwd, passwdlen);
+	CHMAC_SHA256 PShctx = CHMAC_SHA256(passwd, passwdlen);
+	CHMAC_SHA256 hctx = CHMAC_SHA256(passwd, passwdlen);
 	size_t i;
 	uint8_t ivec[4];
-	uint8_t U[32];
-	uint8_t T[32];
+	uint8_t U[CHMAC_SHA256::OUTPUT_SIZE];
+	uint8_t T[CHMAC_SHA256::OUTPUT_SIZE];
 	uint64_t j;
-	int k;
+	unsigned int k;
 	size_t clen;
 
 	/* Compute HMAC state after processing P and S. */
-	HMAC_SHA256_Init(&PShctx, passwd, passwdlen);
-	HMAC_SHA256_Update(&PShctx, salt, saltlen);
+	PShctx.Write(salt, saltlen);
 
 	/* Iterate through the blocks. */
 	for (i = 0; i * 32 < dkLen; i++) {
@@ -156,33 +89,30 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
 		be32enc(ivec, (uint32_t)(i + 1));
 
 		/* Compute U_1 = PRF(P, S || INT(i)). */
-		memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX));
-		HMAC_SHA256_Update(&hctx, ivec, 4);
-		HMAC_SHA256_Final(U, &hctx);
+		PShctx.Copy(&hctx);
+		hctx.Write(ivec, 4);
+		hctx.Finalize(U);
 
 		/* T_i = U_1 ... */
-		memcpy(T, U, 32);
+		memcpy(T, U, CHMAC_SHA256::OUTPUT_SIZE);
 
 		for (j = 2; j <= c; j++) {
 			/* Compute U_j. */
-			HMAC_SHA256_Init(&hctx, passwd, passwdlen);
-			HMAC_SHA256_Update(&hctx, U, 32);
-			HMAC_SHA256_Final(U, &hctx);
+			baseCtx.Copy(&hctx);
+			hctx.Write(U, CHMAC_SHA256::OUTPUT_SIZE);
+			hctx.Finalize(U);
 
 			/* ... xor U_j ... */
-			for (k = 0; k < 32; k++)
+			for (k = 0; k < CHMAC_SHA256::OUTPUT_SIZE; k++)
 				T[k] ^= U[k];
 		}
 
 		/* Copy as many bytes as necessary into buf. */
-		clen = dkLen - i * 32;
-		if (clen > 32)
-			clen = 32;
-		memcpy(&buf[i * 32], T, clen);
+		clen = dkLen - i * CHMAC_SHA256::OUTPUT_SIZE;
+		if (clen > CHMAC_SHA256::OUTPUT_SIZE)
+			clen = CHMAC_SHA256::OUTPUT_SIZE;
+		memcpy(&buf[i * CHMAC_SHA256::OUTPUT_SIZE], T, clen);
 	}
-
-	/* Clean PShctx, since we never called _Final on it. */
-	memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX));
 }
 
 #define ROTL(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
author	Ross Nicoll <[email protected]>	2018-01-20 17:51:39 +0000
committer	Ross Nicoll <[email protected]>	2018-09-19 22:11:47 +0100
commit	57dae15a77410684126a9dfbcc6a72faff827906 (patch)
tree	7f0b74341d773682b64e14487795a0fb7250cb1d /src/crypto/scrypt.cpp
parent	Update payment protocol to match Dogecoin (#1433) (diff)
download	discoin-57dae15a77410684126a9dfbcc6a72faff827906.tar.xz discoin-57dae15a77410684126a9dfbcc6a72faff827906.zip