Merge pull request #5227

4cdaa95 Resize after succesful result (Pieter Wuille)
9d8604f Header define style cleanups (Pieter Wuille)
a53fd41 Deterministic signing (Pieter Wuille)
3060e36 Add the RFC6979 PRNG (Pieter Wuille)
a8f5087 Add HMAC-SHA256 (Pieter Wuille)
36fa4a7 Split up crypto/sha2 (Pieter Wuille)

Author: laanwj

src/Makefile.am

@@ -203,10 +203,18 @@ libbitcoin_wallet_a_SOURCES = \
 crypto_libbitcoin_crypto_a_CPPFLAGS = $(BITCOIN_CONFIG_INCLUDES)
 crypto_libbitcoin_crypto_a_SOURCES = \
   crypto/sha1.cpp \
-  crypto/sha2.cpp \
+  crypto/sha256.cpp \
+  crypto/sha512.cpp \
+  crypto/hmac_sha256.cpp \
+  crypto/rfc6979_hmac_sha256.cpp \
+  crypto/hmac_sha512.cpp \
   crypto/ripemd160.cpp \
   crypto/common.h \
-  crypto/sha2.h \
+  crypto/sha256.h \
+  crypto/sha512.h \
+  crypto/hmac_sha256.h \
+  crypto/rfc6979_hmac_sha256.h \
+  crypto/hmac_sha512.h \
   crypto/sha1.h \
   crypto/ripemd160.h
 
@@ -343,8 +351,10 @@ if BUILD_BITCOIN_LIBS
 include_HEADERS = script/bitcoinconsensus.h
 libbitcoinconsensus_la_SOURCES = \
   core/transaction.cpp \
+  crypto/hmac_sha512.cpp \
   crypto/sha1.cpp \
-  crypto/sha2.cpp \
+  crypto/sha256.cpp \
+  crypto/sha512.cpp \
   crypto/ripemd160.cpp \
   eccryptoverify.cpp \
   ecwrapper.cpp \

src/crypto/hmac_sha256.cpp

@@ -0,0 +1,34 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include "crypto/hmac_sha256.h"
+
+#include <string.h>
+
+CHMAC_SHA256::CHMAC_SHA256(const unsigned char* key, size_t keylen)
+{
+    unsigned char rkey[64];
+    if (keylen <= 64) {
+        memcpy(rkey, key, keylen);
+        memset(rkey + keylen, 0, 64 - keylen);
+    } else {
+        CSHA256().Write(key, keylen).Finalize(rkey);
+        memset(rkey + 32, 0, 32);
+    }
+
+    for (int n = 0; n < 64; n++)
+        rkey[n] ^= 0x5c;
+    outer.Write(rkey, 64);
+
+    for (int n = 0; n < 64; n++)
+        rkey[n] ^= 0x5c ^ 0x36;
+    inner.Write(rkey, 64);
+}
+
+void CHMAC_SHA256::Finalize(unsigned char hash[OUTPUT_SIZE])
+{
+    unsigned char temp[32];
+    inner.Finalize(temp);
+    outer.Write(temp, 32).Finalize(hash);
+}

src/crypto/hmac_sha256.h

@@ -0,0 +1,32 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_CRYPTO_HMAC_SHA256_H
+#define BITCOIN_CRYPTO_HMAC_SHA256_H
+
+#include "crypto/sha256.h"
+
+#include <stdint.h>
+#include <stdlib.h>
+
+/** A hasher class for HMAC-SHA-512. */
+class CHMAC_SHA256
+{
+private:
+    CSHA256 outer;
+    CSHA256 inner;
+
+public:
+    static const size_t OUTPUT_SIZE = 32;
+
+    CHMAC_SHA256(const unsigned char* key, size_t keylen);
+    CHMAC_SHA256& Write(const unsigned char* data, size_t len)
+    {
+        inner.Write(data, len);
+        return *this;
+    }
+    void Finalize(unsigned char hash[OUTPUT_SIZE]);
+};
+
+#endif // BITCOIN_CRYPTO_HMAC_SHA256_H

src/crypto/hmac_sha512.cpp

@@ -0,0 +1,34 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include "crypto/hmac_sha512.h"
+
+#include <string.h>
+
+CHMAC_SHA512::CHMAC_SHA512(const unsigned char* key, size_t keylen)
+{
+    unsigned char rkey[128];
+    if (keylen <= 128) {
+        memcpy(rkey, key, keylen);
+        memset(rkey + keylen, 0, 128 - keylen);
+    } else {
+        CSHA512().Write(key, keylen).Finalize(rkey);
+        memset(rkey + 64, 0, 64);
+    }
+
+    for (int n = 0; n < 128; n++)
+        rkey[n] ^= 0x5c;
+    outer.Write(rkey, 128);
+
+    for (int n = 0; n < 128; n++)
+        rkey[n] ^= 0x5c ^ 0x36;
+    inner.Write(rkey, 128);
+}
+
+void CHMAC_SHA512::Finalize(unsigned char hash[OUTPUT_SIZE])
+{
+    unsigned char temp[64];
+    inner.Finalize(temp);
+    outer.Write(temp, 64).Finalize(hash);
+}

src/crypto/hmac_sha512.h

@@ -0,0 +1,32 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_CRYPTO_HMAC_SHA512_H
+#define BITCOIN_CRYPTO_HMAC_SHA512_H
+
+#include "crypto/sha512.h"
+
+#include <stdint.h>
+#include <stdlib.h>
+
+/** A hasher class for HMAC-SHA-512. */
+class CHMAC_SHA512
+{
+private:
+    CSHA512 outer;
+    CSHA512 inner;
+
+public:
+    static const size_t OUTPUT_SIZE = 64;
+
+    CHMAC_SHA512(const unsigned char* key, size_t keylen);
+    CHMAC_SHA512& Write(const unsigned char* data, size_t len)
+    {
+        inner.Write(data, len);
+        return *this;
+    }
+    void Finalize(unsigned char hash[OUTPUT_SIZE]);
+};
+
+#endif // BITCOIN_CRYPTO_HMAC_SHA512_H

src/crypto/rfc6979_hmac_sha256.cpp

@@ -0,0 +1,47 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include "crypto/rfc6979_hmac_sha256.h"
+
+#include <string.h>
+
+#include <algorithm>
+
+static const unsigned char zero[1] = {0x00};
+static const unsigned char one[1] = {0x01};
+
+RFC6979_HMAC_SHA256::RFC6979_HMAC_SHA256(const unsigned char* key, size_t keylen, const unsigned char* msg, size_t msglen) : retry(false)
+{
+    memset(V, 0x01, sizeof(V));
+    memset(K, 0x00, sizeof(K));
+
+    CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Write(key, keylen).Write(msg, msglen).Finalize(K);
+    CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
+    CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(one, sizeof(one)).Write(key, keylen).Write(msg, msglen).Finalize(K);
+    CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
+}
+
+RFC6979_HMAC_SHA256::~RFC6979_HMAC_SHA256()
+{
+    memset(V, 0x01, sizeof(V));
+    memset(K, 0x00, sizeof(K));
+}
+
+void RFC6979_HMAC_SHA256::Generate(unsigned char* output, size_t outputlen)
+{
+    if (retry) {
+        CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Finalize(K);
+        CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
+    }
+
+    while (outputlen > 0) {
+        CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V);
+        size_t len = std::min(outputlen, sizeof(V));
+        memcpy(output, V, len);
+        output += len;
+        outputlen -= len;
+    }
+
+    retry = true;
+}

src/crypto/rfc6979_hmac_sha256.h

@@ -0,0 +1,36 @@
+// Copyright (c) 2014 The Bitcoin developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_RFC6979_HMAC_SHA256_H
+#define BITCOIN_RFC6979_HMAC_SHA256_H
+
+#include "crypto/hmac_sha256.h"
+
+#include <stdint.h>
+#include <stdlib.h>
+
+/** The RFC 6979 PRNG using HMAC-SHA256. */
+class RFC6979_HMAC_SHA256
+{
+private:
+    unsigned char V[CHMAC_SHA256::OUTPUT_SIZE];
+    unsigned char K[CHMAC_SHA256::OUTPUT_SIZE];
+    bool retry;
+
+public:
+    /**
+     * Construct a new RFC6979 PRNG, using the given key and message.
+     * The message is assumed to be already hashed.
+     */
+    RFC6979_HMAC_SHA256(const unsigned char* key, size_t keylen, const unsigned char* msg, size_t msglen);
+
+    /**
+     * Generate a byte array.
+     */
+    void Generate(unsigned char* output, size_t outputlen);
+
+    ~RFC6979_HMAC_SHA256();
+};
+
+#endif // BITCOIN_RFC6979_HMAC_SHA256_H