mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-25 00:48:19 +00:00
crypto: explicitly initialize variables
This commit is contained in:
parent
fa9d349bc9
commit
fdad317d8c
@ -66,11 +66,11 @@ void ethereum_address_checksum(const uint8_t *addr, char *address, bool rskip60,
|
|||||||
}
|
}
|
||||||
address[40] = 0;
|
address[40] = 0;
|
||||||
|
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
uint8_t hash[32];
|
uint8_t hash[32] = {0};
|
||||||
keccak_256_Init(&ctx);
|
keccak_256_Init(&ctx);
|
||||||
if (rskip60) {
|
if (rskip60) {
|
||||||
char prefix[16];
|
char prefix[16] = {0};
|
||||||
int prefix_size = bn_format_uint64(chain_id, NULL, "0x", 0, 0, false,
|
int prefix_size = bn_format_uint64(chain_id, NULL, "0x", 0, 0, false,
|
||||||
prefix, sizeof(prefix));
|
prefix, sizeof(prefix));
|
||||||
keccak_Update(&ctx, (const uint8_t *)prefix, prefix_size);
|
keccak_Update(&ctx, (const uint8_t *)prefix, prefix_size);
|
||||||
|
@ -108,7 +108,7 @@ aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
|
|||||||
|
|
||||||
AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */
|
AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */
|
||||||
{ uint8_t p[16];
|
{ uint8_t p[16];
|
||||||
uint32_t i, count_eq = 0, count_neq = 0;
|
uint32_t i = 0, count_eq = 0, count_neq = 0;
|
||||||
|
|
||||||
if(n < 4 || n > 16)
|
if(n < 4 || n > 16)
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
@ -156,7 +156,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -218,7 +218,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -287,7 +287,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -385,7 +385,7 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -497,7 +497,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else /* input, output or both are unaligned */
|
else /* input, output or both are unaligned */
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -625,7 +625,7 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else /* input, output or both are unaligned */
|
else /* input, output or both are unaligned */
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -763,7 +763,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
}
|
}
|
||||||
else /* input, output or both are unaligned */
|
else /* input, output or both are unaligned */
|
||||||
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
{ aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
|
||||||
uint8_t *ip, *op;
|
uint8_t *ip = NULL, *op = NULL;
|
||||||
|
|
||||||
while(nb)
|
while(nb)
|
||||||
{
|
{
|
||||||
@ -850,14 +850,14 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
|
|||||||
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
|
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
|
||||||
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
|
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
|
||||||
{ unsigned char *ip;
|
{ unsigned char *ip;
|
||||||
int i, blen, b_pos = (int)(ctx->inf.b[2]);
|
int i = 0, blen = 0, b_pos = (int)(ctx->inf.b[2]);
|
||||||
|
|
||||||
#if defined( USE_VIA_ACE_IF_PRESENT )
|
#if defined( USE_VIA_ACE_IF_PRESENT )
|
||||||
aligned_auto(uint8_t, buf, BFR_LENGTH, 16);
|
aligned_auto(uint8_t, buf, BFR_LENGTH, 16);
|
||||||
if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 ))
|
if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 ))
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
#else
|
#else
|
||||||
uint8_t buf[BFR_LENGTH];
|
uint8_t buf[BFR_LENGTH] = {0};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(b_pos)
|
if(b_pos)
|
||||||
|
@ -96,7 +96,7 @@ extern "C"
|
|||||||
|
|
||||||
AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
|
AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
|
||||||
{ uint32_t locals(b0, b1);
|
{ uint32_t locals(b0, b1);
|
||||||
const uint32_t *kp;
|
const uint32_t *kp = NULL;
|
||||||
#if defined( dec_fmvars )
|
#if defined( dec_fmvars )
|
||||||
dec_fmvars; /* declare variables for fwd_mcol() if needed */
|
dec_fmvars; /* declare variables for fwd_mcol() if needed */
|
||||||
#endif
|
#endif
|
||||||
@ -234,7 +234,7 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
|
|||||||
#if defined( dec_imvars )
|
#if defined( dec_imvars )
|
||||||
dec_imvars; /* declare variables for inv_mcol() if needed */
|
dec_imvars; /* declare variables for inv_mcol() if needed */
|
||||||
#endif
|
#endif
|
||||||
const uint32_t *kp;
|
const uint32_t *kp = NULL;
|
||||||
|
|
||||||
if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
|
if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
|
@ -272,7 +272,7 @@ AES_RETURN aes_init(void)
|
|||||||
|
|
||||||
#if defined(FF_TABLES)
|
#if defined(FF_TABLES)
|
||||||
|
|
||||||
uint8_t pow[512], log[256];
|
uint8_t pow[512] = {0}, log[256] = {0};
|
||||||
|
|
||||||
if(init)
|
if(init)
|
||||||
return EXIT_SUCCESS;
|
return EXIT_SUCCESS;
|
||||||
|
@ -77,7 +77,7 @@ void base32_encode_unsafe(const uint8_t *in, size_t inlen, uint8_t *out) {
|
|||||||
uint8_t remainder = inlen % 5;
|
uint8_t remainder = inlen % 5;
|
||||||
size_t limit = inlen - remainder;
|
size_t limit = inlen - remainder;
|
||||||
|
|
||||||
size_t i, j;
|
size_t i = 0, j = 0;
|
||||||
for (i = 0, j = 0; i < limit; i += 5, j += 8) {
|
for (i = 0, j = 0; i < limit; i += 5, j += 8) {
|
||||||
base32_5to8(&in[i], 5, &out[j]);
|
base32_5to8(&in[i], 5, &out[j]);
|
||||||
}
|
}
|
||||||
@ -90,7 +90,7 @@ bool base32_decode_unsafe(const uint8_t *in, size_t inlen, uint8_t *out,
|
|||||||
uint8_t remainder = inlen % 8;
|
uint8_t remainder = inlen % 8;
|
||||||
size_t limit = inlen - remainder;
|
size_t limit = inlen - remainder;
|
||||||
|
|
||||||
size_t i, j;
|
size_t i = 0, j = 0;
|
||||||
for (i = 0, j = 0; i < limit; i += 8, j += 5) {
|
for (i = 0, j = 0; i < limit; i += 8, j += 5) {
|
||||||
if (!base32_8to5(&in[i], 8, &out[j], alphabet)) {
|
if (!base32_8to5(&in[i], 8, &out[j], alphabet)) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -58,9 +58,9 @@ bool b58tobin(void *bin, size_t *binszp, const char *b58) {
|
|||||||
size_t outisz =
|
size_t outisz =
|
||||||
(binsz + sizeof(b58_almostmaxint_t) - 1) / sizeof(b58_almostmaxint_t);
|
(binsz + sizeof(b58_almostmaxint_t) - 1) / sizeof(b58_almostmaxint_t);
|
||||||
b58_almostmaxint_t outi[outisz];
|
b58_almostmaxint_t outi[outisz];
|
||||||
b58_maxint_t t;
|
b58_maxint_t t = 0;
|
||||||
b58_almostmaxint_t c;
|
b58_almostmaxint_t c = 0;
|
||||||
size_t i, j;
|
size_t i = 0, j = 0;
|
||||||
uint8_t bytesleft = binsz % sizeof(b58_almostmaxint_t);
|
uint8_t bytesleft = binsz % sizeof(b58_almostmaxint_t);
|
||||||
b58_almostmaxint_t zeromask =
|
b58_almostmaxint_t zeromask =
|
||||||
bytesleft ? (b58_almostmaxint_mask << (bytesleft * 8)) : 0;
|
bytesleft ? (b58_almostmaxint_mask << (bytesleft * 8)) : 0;
|
||||||
@ -128,9 +128,9 @@ bool b58tobin(void *bin, size_t *binszp, const char *b58) {
|
|||||||
|
|
||||||
int b58check(const void *bin, size_t binsz, HasherType hasher_type,
|
int b58check(const void *bin, size_t binsz, HasherType hasher_type,
|
||||||
const char *base58str) {
|
const char *base58str) {
|
||||||
unsigned char buf[32];
|
unsigned char buf[32] = {0};
|
||||||
const uint8_t *binc = bin;
|
const uint8_t *binc = bin;
|
||||||
unsigned i;
|
unsigned i = 0;
|
||||||
if (binsz < 4) return -4;
|
if (binsz < 4) return -4;
|
||||||
hasher_Raw(hasher_type, bin, binsz - 4, buf);
|
hasher_Raw(hasher_type, bin, binsz - 4, buf);
|
||||||
if (memcmp(&binc[binsz - 4], buf, 4)) return -1;
|
if (memcmp(&binc[binsz - 4], buf, 4)) return -1;
|
||||||
@ -146,9 +146,9 @@ int b58check(const void *bin, size_t binsz, HasherType hasher_type,
|
|||||||
|
|
||||||
bool b58enc(char *b58, size_t *b58sz, const void *data, size_t binsz) {
|
bool b58enc(char *b58, size_t *b58sz, const void *data, size_t binsz) {
|
||||||
const uint8_t *bin = data;
|
const uint8_t *bin = data;
|
||||||
int carry;
|
int carry = 0;
|
||||||
size_t i, j, high, zcount = 0;
|
size_t i = 0, j = 0, high = 0, zcount = 0;
|
||||||
size_t size;
|
size_t size = 0;
|
||||||
|
|
||||||
while (zcount < binsz && !bin[zcount]) ++zcount;
|
while (zcount < binsz && !bin[zcount]) ++zcount;
|
||||||
|
|
||||||
@ -219,9 +219,9 @@ int base58_decode_check(const char *str, HasherType hasher_type, uint8_t *data,
|
|||||||
|
|
||||||
#if USE_GRAPHENE
|
#if USE_GRAPHENE
|
||||||
int b58gphcheck(const void *bin, size_t binsz, const char *base58str) {
|
int b58gphcheck(const void *bin, size_t binsz, const char *base58str) {
|
||||||
unsigned char buf[32];
|
unsigned char buf[32] = {0};
|
||||||
const uint8_t *binc = bin;
|
const uint8_t *binc = bin;
|
||||||
unsigned i;
|
unsigned i = 0;
|
||||||
if (binsz < 4) return -4;
|
if (binsz < 4) return -4;
|
||||||
ripemd160(bin, binsz - 4, buf); // No double SHA256, but a single RIPEMD160
|
ripemd160(bin, binsz - 4, buf); // No double SHA256, but a single RIPEMD160
|
||||||
if (memcmp(&binc[binsz - 4], buf, 4)) return -1;
|
if (memcmp(&binc[binsz - 4], buf, 4)) return -1;
|
||||||
|
@ -127,7 +127,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num,
|
|||||||
if (info == 0) {
|
if (info == 0) {
|
||||||
failed = true;
|
failed = true;
|
||||||
} else if (info->params) {
|
} else if (info->params) {
|
||||||
bignum256 a;
|
bignum256 a = {0};
|
||||||
bn_read_be(private_key, &a);
|
bn_read_be(private_key, &a);
|
||||||
if (bn_is_zero(&a)) { // == 0
|
if (bn_is_zero(&a)) { // == 0
|
||||||
failed = true;
|
failed = true;
|
||||||
@ -170,7 +170,7 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char *curve,
|
|||||||
hmac_sha512_Final(&ctx, I);
|
hmac_sha512_Final(&ctx, I);
|
||||||
|
|
||||||
if (out->curve->params) {
|
if (out->curve->params) {
|
||||||
bignum256 a;
|
bignum256 a = {0};
|
||||||
while (true) {
|
while (true) {
|
||||||
bn_read_be(I, &a);
|
bn_read_be(I, &a);
|
||||||
if (!bn_is_zero(&a) // != 0
|
if (!bn_is_zero(&a) // != 0
|
||||||
@ -192,8 +192,8 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char *curve,
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint32_t hdnode_fingerprint(HDNode *node) {
|
uint32_t hdnode_fingerprint(HDNode *node) {
|
||||||
uint8_t digest[32];
|
uint8_t digest[32] = {0};
|
||||||
uint32_t fingerprint;
|
uint32_t fingerprint = 0;
|
||||||
|
|
||||||
hdnode_fill_public_key(node);
|
hdnode_fill_public_key(node);
|
||||||
hasher_Raw(node->curve->hasher_pubkey, node->public_key, 33, digest);
|
hasher_Raw(node->curve->hasher_pubkey, node->public_key, 33, digest);
|
||||||
@ -422,9 +422,9 @@ int hdnode_from_entropy_cardano_icarus(const uint8_t *pass, int pass_len,
|
|||||||
int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent,
|
int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent,
|
||||||
const uint8_t *parent_chain_code, uint32_t i,
|
const uint8_t *parent_chain_code, uint32_t i,
|
||||||
curve_point *child, uint8_t *child_chain_code) {
|
curve_point *child, uint8_t *child_chain_code) {
|
||||||
uint8_t data[1 + 32 + 4];
|
uint8_t data[(1 + 32) + 4] = {0};
|
||||||
uint8_t I[32 + 32];
|
uint8_t I[32 + 32] = {0};
|
||||||
bignum256 c;
|
bignum256 c = {0};
|
||||||
|
|
||||||
if (i & 0x80000000) { // private derivation
|
if (i & 0x80000000) { // private derivation
|
||||||
return 0;
|
return 0;
|
||||||
@ -459,7 +459,7 @@ int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int hdnode_public_ckd(HDNode *inout, uint32_t i) {
|
int hdnode_public_ckd(HDNode *inout, uint32_t i) {
|
||||||
curve_point parent, child;
|
curve_point parent = {0}, child = {0};
|
||||||
|
|
||||||
if (!ecdsa_read_pubkey(inout->curve->params, inout->public_key, &parent)) {
|
if (!ecdsa_read_pubkey(inout->curve->params, inout->public_key, &parent)) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -487,8 +487,8 @@ void hdnode_public_ckd_address_optimized(const curve_point *pub,
|
|||||||
HasherType hasher_pubkey,
|
HasherType hasher_pubkey,
|
||||||
HasherType hasher_base58, char *addr,
|
HasherType hasher_base58, char *addr,
|
||||||
int addrsize, int addrformat) {
|
int addrsize, int addrformat) {
|
||||||
uint8_t child_pubkey[33];
|
uint8_t child_pubkey[33] = {0};
|
||||||
curve_point b;
|
curve_point b = {0};
|
||||||
|
|
||||||
hdnode_public_ckd_cp(&secp256k1, pub, chain_code, i, &b, NULL);
|
hdnode_public_ckd_cp(&secp256k1, pub, chain_code, i, &b, NULL);
|
||||||
child_pubkey[0] = 0x02 | (b.y.val[0] & 0x01);
|
child_pubkey[0] = 0x02 | (b.y.val[0] & 0x01);
|
||||||
@ -544,7 +544,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
|
|||||||
private_ckd_cache_root_set = true;
|
private_ckd_cache_root_set = true;
|
||||||
} else {
|
} else {
|
||||||
// try to find parent
|
// try to find parent
|
||||||
int j;
|
int j = 0;
|
||||||
for (j = 0; j < BIP32_CACHE_SIZE; j++) {
|
for (j = 0; j < BIP32_CACHE_SIZE; j++) {
|
||||||
if (private_ckd_cache[j].set &&
|
if (private_ckd_cache[j].set &&
|
||||||
private_ckd_cache[j].depth == i_count - 1 &&
|
private_ckd_cache[j].depth == i_count - 1 &&
|
||||||
@ -560,7 +560,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
|
|||||||
|
|
||||||
// else derive parent
|
// else derive parent
|
||||||
if (!found) {
|
if (!found) {
|
||||||
size_t k;
|
size_t k = 0;
|
||||||
for (k = 0; k < i_count - 1; k++) {
|
for (k = 0; k < i_count - 1; k++) {
|
||||||
if (hdnode_private_ckd(inout, i[k]) == 0) return 0;
|
if (hdnode_private_ckd(inout, i[k]) == 0) return 0;
|
||||||
}
|
}
|
||||||
@ -633,8 +633,8 @@ void hdnode_fill_public_key(HDNode *node) {
|
|||||||
|
|
||||||
#if USE_ETHEREUM
|
#if USE_ETHEREUM
|
||||||
int hdnode_get_ethereum_pubkeyhash(const HDNode *node, uint8_t *pubkeyhash) {
|
int hdnode_get_ethereum_pubkeyhash(const HDNode *node, uint8_t *pubkeyhash) {
|
||||||
uint8_t buf[65];
|
uint8_t buf[65] = {0};
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
|
|
||||||
/* get uncompressed public key */
|
/* get uncompressed public key */
|
||||||
ecdsa_get_public_key65(node->curve->params, node->private_key, buf);
|
ecdsa_get_public_key65(node->curve->params, node->private_key, buf);
|
||||||
@ -687,7 +687,7 @@ int hdnode_get_nem_shared_key(const HDNode *node,
|
|||||||
int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
|
int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
|
||||||
const uint8_t *iv_immut, const uint8_t *salt,
|
const uint8_t *iv_immut, const uint8_t *salt,
|
||||||
const uint8_t *payload, size_t size, uint8_t *buffer) {
|
const uint8_t *payload, size_t size, uint8_t *buffer) {
|
||||||
uint8_t last_block[AES_BLOCK_SIZE];
|
uint8_t last_block[AES_BLOCK_SIZE] = {0};
|
||||||
uint8_t remainder = size % AES_BLOCK_SIZE;
|
uint8_t remainder = size % AES_BLOCK_SIZE;
|
||||||
|
|
||||||
// Round down to last whole block
|
// Round down to last whole block
|
||||||
@ -699,15 +699,15 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
|
|||||||
AES_BLOCK_SIZE - remainder);
|
AES_BLOCK_SIZE - remainder);
|
||||||
|
|
||||||
// the IV gets mutated, so we make a copy not to touch the original
|
// the IV gets mutated, so we make a copy not to touch the original
|
||||||
uint8_t iv[AES_BLOCK_SIZE];
|
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
memcpy(iv, iv_immut, AES_BLOCK_SIZE);
|
memcpy(iv, iv_immut, AES_BLOCK_SIZE);
|
||||||
|
|
||||||
uint8_t shared_key[SHA3_256_DIGEST_LENGTH];
|
uint8_t shared_key[SHA3_256_DIGEST_LENGTH] = {0};
|
||||||
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
|
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
aes_encrypt_ctx ctx;
|
aes_encrypt_ctx ctx = {0};
|
||||||
|
|
||||||
int ret = aes_encrypt_key256(shared_key, &ctx);
|
int ret = aes_encrypt_key256(shared_key, &ctx);
|
||||||
memzero(shared_key, sizeof(shared_key));
|
memzero(shared_key, sizeof(shared_key));
|
||||||
@ -731,13 +731,13 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
|
|||||||
int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key,
|
int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key,
|
||||||
uint8_t *iv, const uint8_t *salt, const uint8_t *payload,
|
uint8_t *iv, const uint8_t *salt, const uint8_t *payload,
|
||||||
size_t size, uint8_t *buffer) {
|
size_t size, uint8_t *buffer) {
|
||||||
uint8_t shared_key[SHA3_256_DIGEST_LENGTH];
|
uint8_t shared_key[SHA3_256_DIGEST_LENGTH] = {0};
|
||||||
|
|
||||||
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
|
if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
aes_decrypt_ctx ctx;
|
aes_decrypt_ctx ctx = {0};
|
||||||
|
|
||||||
int ret = aes_decrypt_key256(shared_key, &ctx);
|
int ret = aes_decrypt_key256(shared_key, &ctx);
|
||||||
memzero(shared_key, sizeof(shared_key));
|
memzero(shared_key, sizeof(shared_key));
|
||||||
@ -822,7 +822,7 @@ int hdnode_get_shared_key(const HDNode *node, const uint8_t *peer_public_key,
|
|||||||
static int hdnode_serialize(const HDNode *node, uint32_t fingerprint,
|
static int hdnode_serialize(const HDNode *node, uint32_t fingerprint,
|
||||||
uint32_t version, char use_public, char *str,
|
uint32_t version, char use_public, char *str,
|
||||||
int strsize) {
|
int strsize) {
|
||||||
uint8_t node_data[78];
|
uint8_t node_data[78] = {0};
|
||||||
write_be(node_data, version);
|
write_be(node_data, version);
|
||||||
node_data[4] = node->depth;
|
node_data[4] = node->depth;
|
||||||
write_be(node_data + 5, fingerprint);
|
write_be(node_data + 5, fingerprint);
|
||||||
@ -854,7 +854,7 @@ int hdnode_serialize_private(const HDNode *node, uint32_t fingerprint,
|
|||||||
int hdnode_deserialize(const char *str, uint32_t version_public,
|
int hdnode_deserialize(const char *str, uint32_t version_public,
|
||||||
uint32_t version_private, const char *curve,
|
uint32_t version_private, const char *curve,
|
||||||
HDNode *node, uint32_t *fingerprint) {
|
HDNode *node, uint32_t *fingerprint) {
|
||||||
uint8_t node_data[78];
|
uint8_t node_data[78] = {0};
|
||||||
memzero(node, sizeof(HDNode));
|
memzero(node, sizeof(HDNode));
|
||||||
node->curve = get_curve_by_name(curve);
|
node->curve = get_curve_by_name(curve);
|
||||||
if (base58_decode_check(str, node->curve->hasher_base58, node_data,
|
if (base58_decode_check(str, node->curve->hasher_base58, node_data,
|
||||||
|
@ -50,7 +50,7 @@ const char *mnemonic_generate(int strength) {
|
|||||||
if (strength % 32 || strength < 128 || strength > 256) {
|
if (strength % 32 || strength < 128 || strength > 256) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
uint8_t data[32];
|
uint8_t data[32] = {0};
|
||||||
random_buffer(data, 32);
|
random_buffer(data, 32);
|
||||||
const char *r = mnemonic_from_data(data, strength / 8);
|
const char *r = mnemonic_from_data(data, strength / 8);
|
||||||
memzero(data, sizeof(data));
|
memzero(data, sizeof(data));
|
||||||
@ -64,7 +64,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t bits[32 + 1];
|
uint8_t bits[32 + 1] = {0};
|
||||||
|
|
||||||
sha256_Raw(data, len, bits);
|
sha256_Raw(data, len, bits);
|
||||||
// checksum
|
// checksum
|
||||||
@ -74,7 +74,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len) {
|
|||||||
|
|
||||||
int mlen = len * 3 / 4;
|
int mlen = len * 3 / 4;
|
||||||
|
|
||||||
int i, j, idx;
|
int i = 0, j = 0, idx = 0;
|
||||||
char *p = mnemo;
|
char *p = mnemo;
|
||||||
for (i = 0; i < mlen; i++) {
|
for (i = 0; i < mlen; i++) {
|
||||||
idx = 0;
|
idx = 0;
|
||||||
@ -114,9 +114,9 @@ int mnemonic_to_entropy(const char *mnemonic, uint8_t *entropy) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
char current_word[10];
|
char current_word[10] = {0};
|
||||||
uint32_t j, k, ki, bi = 0;
|
uint32_t j = 0, k = 0, ki = 0, bi = 0;
|
||||||
uint8_t bits[32 + 1];
|
uint8_t bits[32 + 1] = {0};
|
||||||
|
|
||||||
memzero(bits, sizeof(bits));
|
memzero(bits, sizeof(bits));
|
||||||
i = 0;
|
i = 0;
|
||||||
@ -159,7 +159,7 @@ int mnemonic_to_entropy(const char *mnemonic, uint8_t *entropy) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int mnemonic_check(const char *mnemonic) {
|
int mnemonic_check(const char *mnemonic) {
|
||||||
uint8_t bits[32 + 1];
|
uint8_t bits[32 + 1] = {0};
|
||||||
int seed_len = mnemonic_to_entropy(mnemonic, bits);
|
int seed_len = mnemonic_to_entropy(mnemonic, bits);
|
||||||
if (seed_len != (12 * 11) && seed_len != (18 * 11) && seed_len != (24 * 11)) {
|
if (seed_len != (12 * 11) && seed_len != (18 * 11) && seed_len != (24 * 11)) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -198,7 +198,7 @@ void mnemonic_to_seed(const char *mnemonic, const char *passphrase,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
uint8_t salt[8 + 256];
|
uint8_t salt[8 + 256] = {0};
|
||||||
memcpy(salt, "mnemonic", 8);
|
memcpy(salt, "mnemonic", 8);
|
||||||
memcpy(salt + 8, passphrase, passphraselen);
|
memcpy(salt + 8, passphrase, passphraselen);
|
||||||
static CONFIDENTIAL PBKDF2_HMAC_SHA512_CTX pctx;
|
static CONFIDENTIAL PBKDF2_HMAC_SHA512_CTX pctx;
|
||||||
|
@ -64,7 +64,7 @@ static const uint8_t padding[129] =
|
|||||||
|
|
||||||
static void blake256_compress( BLAKE256_CTX *S, const uint8_t *block )
|
static void blake256_compress( BLAKE256_CTX *S, const uint8_t *block )
|
||||||
{
|
{
|
||||||
uint32_t v[16], m[16], i;
|
uint32_t v[16] = {0}, m[16] = {0}, i = 0;
|
||||||
#define ROT(x,n) (((x)<<(32-n))|( (x)>>(n)))
|
#define ROT(x,n) (((x)<<(32-n))|( (x)>>(n)))
|
||||||
#define G(a,b,c,d,e) \
|
#define G(a,b,c,d,e) \
|
||||||
v[a] += (m[sigma[i][e]] ^ u256[sigma[i][e+1]]) + v[b]; \
|
v[a] += (m[sigma[i][e]] ^ u256[sigma[i][e+1]]) + v[b]; \
|
||||||
@ -177,7 +177,7 @@ void blake256_Update( BLAKE256_CTX *S, const uint8_t *in, size_t inlen )
|
|||||||
|
|
||||||
void blake256_Final( BLAKE256_CTX *S, uint8_t *out )
|
void blake256_Final( BLAKE256_CTX *S, uint8_t *out )
|
||||||
{
|
{
|
||||||
uint8_t msglen[8], zo = 0x01, oo = 0x81;
|
uint8_t msglen[8] = {0}, zo = 0x01, oo = 0x81;
|
||||||
uint32_t lo = S->t[0] + ( S->buflen << 3 ), hi = S->t[1];
|
uint32_t lo = S->t[0] + ( S->buflen << 3 ), hi = S->t[1];
|
||||||
|
|
||||||
/* support for hashing more than 2^32 bits */
|
/* support for hashing more than 2^32 bits */
|
||||||
@ -228,7 +228,7 @@ void blake256_Final( BLAKE256_CTX *S, uint8_t *out )
|
|||||||
|
|
||||||
void blake256( const uint8_t *in, size_t inlen, uint8_t *out )
|
void blake256( const uint8_t *in, size_t inlen, uint8_t *out )
|
||||||
{
|
{
|
||||||
BLAKE256_CTX S;
|
BLAKE256_CTX S = {0};
|
||||||
blake256_Init( &S );
|
blake256_Init( &S );
|
||||||
blake256_Update( &S, in, inlen );
|
blake256_Update( &S, in, inlen );
|
||||||
blake256_Final( &S, out );
|
blake256_Final( &S, out );
|
||||||
|
@ -86,7 +86,7 @@ static void blake2b_increment_counter( blake2b_state *S, const uint64_t inc )
|
|||||||
|
|
||||||
static void blake2b_init0( blake2b_state *S )
|
static void blake2b_init0( blake2b_state *S )
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
memzero( S, sizeof( blake2b_state ) );
|
memzero( S, sizeof( blake2b_state ) );
|
||||||
|
|
||||||
for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
|
for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
|
||||||
@ -96,7 +96,7 @@ static void blake2b_init0( blake2b_state *S )
|
|||||||
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
||||||
{
|
{
|
||||||
const uint8_t *p = ( const uint8_t * )( P );
|
const uint8_t *p = ( const uint8_t * )( P );
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
blake2b_init0( S );
|
blake2b_init0( S );
|
||||||
|
|
||||||
@ -112,7 +112,7 @@ int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
|||||||
/* Sequential blake2b initialization */
|
/* Sequential blake2b initialization */
|
||||||
int blake2b_Init( blake2b_state *S, size_t outlen )
|
int blake2b_Init( blake2b_state *S, size_t outlen )
|
||||||
{
|
{
|
||||||
blake2b_param P[1];
|
blake2b_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
||||||
|
|
||||||
@ -133,7 +133,7 @@ int blake2b_Init( blake2b_state *S, size_t outlen )
|
|||||||
|
|
||||||
int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal, size_t personal_len)
|
int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal, size_t personal_len)
|
||||||
{
|
{
|
||||||
blake2b_param P[1];
|
blake2b_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
||||||
if ( ( !personal ) || ( personal_len != BLAKE2B_PERSONALBYTES ) ) return -1;
|
if ( ( !personal ) || ( personal_len != BLAKE2B_PERSONALBYTES ) ) return -1;
|
||||||
@ -155,7 +155,7 @@ int blake2b_InitPersonal( blake2b_state *S, size_t outlen, const void *personal,
|
|||||||
|
|
||||||
int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
|
int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
|
||||||
{
|
{
|
||||||
blake2b_param P[1];
|
blake2b_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
|
||||||
|
|
||||||
@ -177,7 +177,7 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
|
|||||||
if( blake2b_init_param( S, P ) < 0 ) return -1;
|
if( blake2b_init_param( S, P ) < 0 ) return -1;
|
||||||
|
|
||||||
{
|
{
|
||||||
uint8_t block[BLAKE2B_BLOCKBYTES];
|
uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
|
||||||
memzero( block, BLAKE2B_BLOCKBYTES );
|
memzero( block, BLAKE2B_BLOCKBYTES );
|
||||||
memcpy( block, key, keylen );
|
memcpy( block, key, keylen );
|
||||||
blake2b_Update( S, block, BLAKE2B_BLOCKBYTES );
|
blake2b_Update( S, block, BLAKE2B_BLOCKBYTES );
|
||||||
@ -212,9 +212,9 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
|
|||||||
|
|
||||||
static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] )
|
static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] )
|
||||||
{
|
{
|
||||||
uint64_t m[16];
|
uint64_t m[16] = {0};
|
||||||
uint64_t v[16];
|
uint64_t v[16] = {0};
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
for( i = 0; i < 16; ++i ) {
|
for( i = 0; i < 16; ++i ) {
|
||||||
m[i] = load64( block + i * sizeof( m[i] ) );
|
m[i] = load64( block + i * sizeof( m[i] ) );
|
||||||
@ -284,7 +284,7 @@ int blake2b_Update( blake2b_state *S, const void *pin, size_t inlen )
|
|||||||
int blake2b_Final( blake2b_state *S, void *out, size_t outlen )
|
int blake2b_Final( blake2b_state *S, void *out, size_t outlen )
|
||||||
{
|
{
|
||||||
uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
|
uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
if( out == NULL || outlen < S->outlen )
|
if( out == NULL || outlen < S->outlen )
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -81,7 +81,7 @@ static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
|
|||||||
|
|
||||||
static void blake2s_init0( blake2s_state *S )
|
static void blake2s_init0( blake2s_state *S )
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
memzero( S, sizeof( blake2s_state ) );
|
memzero( S, sizeof( blake2s_state ) );
|
||||||
|
|
||||||
for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
|
for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
|
||||||
@ -91,7 +91,7 @@ static void blake2s_init0( blake2s_state *S )
|
|||||||
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
|
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
|
||||||
{
|
{
|
||||||
const unsigned char *p = ( const unsigned char * )( P );
|
const unsigned char *p = ( const unsigned char * )( P );
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
blake2s_init0( S );
|
blake2s_init0( S );
|
||||||
|
|
||||||
@ -107,7 +107,7 @@ int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
|
|||||||
/* Sequential blake2s initialization */
|
/* Sequential blake2s initialization */
|
||||||
int blake2s_Init( blake2s_state *S, size_t outlen )
|
int blake2s_Init( blake2s_state *S, size_t outlen )
|
||||||
{
|
{
|
||||||
blake2s_param P[1];
|
blake2s_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
||||||
|
|
||||||
@ -128,7 +128,7 @@ int blake2s_Init( blake2s_state *S, size_t outlen )
|
|||||||
|
|
||||||
int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal, size_t personal_len)
|
int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal, size_t personal_len)
|
||||||
{
|
{
|
||||||
blake2s_param P[1];
|
blake2s_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
||||||
if ( ( !personal ) || ( personal_len != BLAKE2S_PERSONALBYTES ) ) return -1;
|
if ( ( !personal ) || ( personal_len != BLAKE2S_PERSONALBYTES ) ) return -1;
|
||||||
@ -151,7 +151,7 @@ int blake2s_InitPersonal( blake2s_state *S, size_t outlen, const void *personal,
|
|||||||
|
|
||||||
int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
|
int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
|
||||||
{
|
{
|
||||||
blake2s_param P[1];
|
blake2s_param P[1] = {0};
|
||||||
|
|
||||||
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
|
||||||
|
|
||||||
@ -173,7 +173,7 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
|
|||||||
if( blake2s_init_param( S, P ) < 0 ) return -1;
|
if( blake2s_init_param( S, P ) < 0 ) return -1;
|
||||||
|
|
||||||
{
|
{
|
||||||
uint8_t block[BLAKE2S_BLOCKBYTES];
|
uint8_t block[BLAKE2S_BLOCKBYTES] = {0};
|
||||||
memzero( block, BLAKE2S_BLOCKBYTES );
|
memzero( block, BLAKE2S_BLOCKBYTES );
|
||||||
memcpy( block, key, keylen );
|
memcpy( block, key, keylen );
|
||||||
blake2s_Update( S, block, BLAKE2S_BLOCKBYTES );
|
blake2s_Update( S, block, BLAKE2S_BLOCKBYTES );
|
||||||
@ -208,9 +208,9 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
|
|||||||
|
|
||||||
static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )
|
static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )
|
||||||
{
|
{
|
||||||
uint32_t m[16];
|
uint32_t m[16] = {0};
|
||||||
uint32_t v[16];
|
uint32_t v[16] = {0};
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
for( i = 0; i < 16; ++i ) {
|
for( i = 0; i < 16; ++i ) {
|
||||||
m[i] = load32( in + i * sizeof( m[i] ) );
|
m[i] = load32( in + i * sizeof( m[i] ) );
|
||||||
@ -278,7 +278,7 @@ int blake2s_Update( blake2s_state *S, const void *pin, size_t inlen )
|
|||||||
int blake2s_Final( blake2s_state *S, void *out, size_t outlen )
|
int blake2s_Final( blake2s_state *S, void *out, size_t outlen )
|
||||||
{
|
{
|
||||||
uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
|
uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
if( out == NULL || outlen < S->outlen )
|
if( out == NULL || outlen < S->outlen )
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -87,9 +87,9 @@ int cash_encode(char* output, const char* hrp, const uint8_t* data,
|
|||||||
|
|
||||||
int cash_decode(char* hrp, uint8_t* data, size_t* data_len, const char* input) {
|
int cash_decode(char* hrp, uint8_t* data, size_t* data_len, const char* input) {
|
||||||
uint64_t chk = 1;
|
uint64_t chk = 1;
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
size_t input_len = strlen(input);
|
size_t input_len = strlen(input);
|
||||||
size_t hrp_len;
|
size_t hrp_len = 0;
|
||||||
int have_lower = 0, have_upper = 0;
|
int have_lower = 0, have_upper = 0;
|
||||||
if (input_len < CHECKSUM_SIZE || input_len > MAX_CASHADDR_SIZE) {
|
if (input_len < CHECKSUM_SIZE || input_len > MAX_CASHADDR_SIZE) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -167,7 +167,7 @@ static int convert_bits(uint8_t* out, size_t* outlen, int outbits,
|
|||||||
|
|
||||||
int cash_addr_encode(char* output, const char* hrp, const uint8_t* data,
|
int cash_addr_encode(char* output, const char* hrp, const uint8_t* data,
|
||||||
size_t data_len) {
|
size_t data_len) {
|
||||||
uint8_t base32[MAX_BASE32_SIZE];
|
uint8_t base32[MAX_BASE32_SIZE] = {0};
|
||||||
size_t base32len = 0;
|
size_t base32len = 0;
|
||||||
if (data_len < 2 || data_len > MAX_DATA_SIZE) return 0;
|
if (data_len < 2 || data_len > MAX_DATA_SIZE) return 0;
|
||||||
convert_bits(base32, &base32len, 5, data, data_len, 8, 1);
|
convert_bits(base32, &base32len, 5, data, data_len, 8, 1);
|
||||||
@ -176,9 +176,9 @@ int cash_addr_encode(char* output, const char* hrp, const uint8_t* data,
|
|||||||
|
|
||||||
int cash_addr_decode(uint8_t* witdata, size_t* witdata_len, const char* hrp,
|
int cash_addr_decode(uint8_t* witdata, size_t* witdata_len, const char* hrp,
|
||||||
const char* addr) {
|
const char* addr) {
|
||||||
uint8_t data[MAX_BASE32_SIZE];
|
uint8_t data[MAX_BASE32_SIZE] = {0};
|
||||||
char hrp_actual[MAX_HRP_SIZE + 1];
|
char hrp_actual[MAX_HRP_SIZE + 1] = {0};
|
||||||
size_t data_len;
|
size_t data_len = 0;
|
||||||
if (!cash_decode(hrp_actual, data, &data_len, addr)) return 0;
|
if (!cash_decode(hrp_actual, data, &data_len, addr)) return 0;
|
||||||
if (data_len == 0 || data_len > MAX_BASE32_SIZE) return 0;
|
if (data_len == 0 || data_len > MAX_BASE32_SIZE) return 0;
|
||||||
if (strncmp(hrp, hrp_actual, MAX_HRP_SIZE + 1) != 0) return 0;
|
if (strncmp(hrp, hrp_actual, MAX_HRP_SIZE + 1) != 0) return 0;
|
||||||
|
@ -13,7 +13,7 @@ void hchacha20(ECRYPT_ctx *x,u8 *c);
|
|||||||
void xchacha20poly1305_init(chacha20poly1305_ctx *ctx, const uint8_t key[32], const uint8_t nonce[24]) {
|
void xchacha20poly1305_init(chacha20poly1305_ctx *ctx, const uint8_t key[32], const uint8_t nonce[24]) {
|
||||||
unsigned char subkey[32] = {0};
|
unsigned char subkey[32] = {0};
|
||||||
unsigned char block0[64] = {0};
|
unsigned char block0[64] = {0};
|
||||||
ECRYPT_ctx tmp;
|
ECRYPT_ctx tmp = {0};
|
||||||
|
|
||||||
// Generate the Chacha20 key by applying HChaCha20 to the
|
// Generate the Chacha20 key by applying HChaCha20 to the
|
||||||
// original key and the first 16 bytes of the nonce.
|
// original key and the first 16 bytes of the nonce.
|
||||||
|
@ -29,7 +29,7 @@ static const char tau[16] = "expand 16-byte k";
|
|||||||
void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
|
void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
|
||||||
{
|
{
|
||||||
(void)ivbits;
|
(void)ivbits;
|
||||||
const char *constants;
|
const char *constants = NULL;
|
||||||
|
|
||||||
x->input[4] = U8TO32_LITTLE(k + 0);
|
x->input[4] = U8TO32_LITTLE(k + 0);
|
||||||
x->input[5] = U8TO32_LITTLE(k + 4);
|
x->input[5] = U8TO32_LITTLE(k + 4);
|
||||||
@ -61,11 +61,11 @@ void ECRYPT_ivsetup(ECRYPT_ctx *x,const u8 *iv)
|
|||||||
|
|
||||||
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
|
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
|
||||||
{
|
{
|
||||||
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
|
u32 x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0, x10 = 0, x11 = 0, x12 = 0, x13 = 0, x14 = 0, x15 = 0;
|
||||||
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
|
u32 j0 = 0, j1 = 0, j2 = 0, j3 = 0, j4 = 0, j5 = 0, j6 = 0, j7 = 0, j8 = 0, j9 = 0, j10 = 0, j11 = 0, j12 = 0, j13 = 0, j14 = 0, j15 = 0;
|
||||||
u8 *ctarget = 0;
|
u8 *ctarget = 0;
|
||||||
u8 tmp[64];
|
u8 tmp[64] = {0};
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
if (!bytes) return;
|
if (!bytes) return;
|
||||||
|
|
||||||
@ -197,15 +197,15 @@ void ECRYPT_decrypt_bytes(ECRYPT_ctx *x,const u8 *c,u8 *m,u32 bytes)
|
|||||||
|
|
||||||
void ECRYPT_keystream_bytes(ECRYPT_ctx *x,u8 *stream,u32 bytes)
|
void ECRYPT_keystream_bytes(ECRYPT_ctx *x,u8 *stream,u32 bytes)
|
||||||
{
|
{
|
||||||
u32 i;
|
u32 i = 0;
|
||||||
for (i = 0;i < bytes;++i) stream[i] = 0;
|
for (i = 0;i < bytes;++i) stream[i] = 0;
|
||||||
ECRYPT_encrypt_bytes(x,stream,stream,bytes);
|
ECRYPT_encrypt_bytes(x,stream,stream,bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
void hchacha20(ECRYPT_ctx *x,u8 *c)
|
void hchacha20(ECRYPT_ctx *x,u8 *c)
|
||||||
{
|
{
|
||||||
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
|
u32 x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0, x10 = 0, x11 = 0, x12 = 0, x13 = 0, x14 = 0, x15 = 0;
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
x0 = x->input[0];
|
x0 = x->input[0];
|
||||||
x1 = x->input[1];
|
x1 = x->input[1];
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
void
|
void
|
||||||
poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
|
poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
|
||||||
poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
|
poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
/* handle leftover */
|
/* handle leftover */
|
||||||
if (st->leftover) {
|
if (st->leftover) {
|
||||||
@ -40,7 +40,7 @@ poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
|
|||||||
|
|
||||||
void
|
void
|
||||||
poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) {
|
poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) {
|
||||||
poly1305_context ctx;
|
poly1305_context ctx = {0};
|
||||||
poly1305_init(&ctx, key);
|
poly1305_init(&ctx, key);
|
||||||
poly1305_update(&ctx, m, bytes);
|
poly1305_update(&ctx, m, bytes);
|
||||||
poly1305_finish(&ctx, mac);
|
poly1305_finish(&ctx, mac);
|
||||||
@ -48,7 +48,7 @@ poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const
|
|||||||
|
|
||||||
int
|
int
|
||||||
poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]) {
|
poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]) {
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
unsigned int dif = 0;
|
unsigned int dif = 0;
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
dif |= (mac1[i] ^ mac2[i]);
|
dif |= (mac1[i] ^ mac2[i]);
|
||||||
@ -127,12 +127,12 @@ poly1305_power_on_self_test(void) {
|
|||||||
0xd2,0x87,0xf9,0x7c,0x44,0x62,0x3d,0x39
|
0xd2,0x87,0xf9,0x7c,0x44,0x62,0x3d,0x39
|
||||||
};
|
};
|
||||||
|
|
||||||
poly1305_context ctx;
|
poly1305_context ctx = {0};
|
||||||
poly1305_context total_ctx;
|
poly1305_context total_ctx = {0};
|
||||||
unsigned char all_key[32];
|
unsigned char all_key[32] = {0};
|
||||||
unsigned char all_msg[256];
|
unsigned char all_msg[256] = {0};
|
||||||
unsigned char mac[16];
|
unsigned char mac[16] = {0};
|
||||||
size_t i, j;
|
size_t i = 0, j = 0;
|
||||||
int result = 1;
|
int result = 1;
|
||||||
|
|
||||||
for (i = 0; i < sizeof(mac); i++)
|
for (i = 0; i < sizeof(mac); i++)
|
||||||
|
@ -43,7 +43,7 @@ void point_copy(const curve_point *cp1, curve_point *cp2) { *cp2 = *cp1; }
|
|||||||
// cp2 = cp1 + cp2
|
// cp2 = cp1 + cp2
|
||||||
void point_add(const ecdsa_curve *curve, const curve_point *cp1,
|
void point_add(const ecdsa_curve *curve, const curve_point *cp1,
|
||||||
curve_point *cp2) {
|
curve_point *cp2) {
|
||||||
bignum256 lambda, inv, xr, yr;
|
bignum256 lambda = {0}, inv = {0}, xr = {0}, yr = {0};
|
||||||
|
|
||||||
if (point_is_infinity(cp1)) {
|
if (point_is_infinity(cp1)) {
|
||||||
return;
|
return;
|
||||||
@ -88,7 +88,7 @@ void point_add(const ecdsa_curve *curve, const curve_point *cp1,
|
|||||||
|
|
||||||
// cp = cp + cp
|
// cp = cp + cp
|
||||||
void point_double(const ecdsa_curve *curve, curve_point *cp) {
|
void point_double(const ecdsa_curve *curve, curve_point *cp) {
|
||||||
bignum256 lambda, xr, yr;
|
bignum256 lambda = {0}, xr = {0}, yr = {0};
|
||||||
|
|
||||||
if (point_is_infinity(cp)) {
|
if (point_is_infinity(cp)) {
|
||||||
return;
|
return;
|
||||||
@ -165,7 +165,7 @@ int point_is_negative_of(const curve_point *p, const curve_point *q) {
|
|||||||
// Negate a (modulo prime) if cond is 0xffffffff, keep it if cond is 0.
|
// Negate a (modulo prime) if cond is 0xffffffff, keep it if cond is 0.
|
||||||
// The timing of this function does not depend on cond.
|
// The timing of this function does not depend on cond.
|
||||||
void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime) {
|
void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime) {
|
||||||
int j;
|
int j = 0;
|
||||||
uint32_t tmp = 1;
|
uint32_t tmp = 1;
|
||||||
assert(a->val[8] < 0x20000);
|
assert(a->val[8] < 0x20000);
|
||||||
for (j = 0; j < 8; j++) {
|
for (j = 0; j < 8; j++) {
|
||||||
@ -185,7 +185,7 @@ typedef struct jacobian_curve_point {
|
|||||||
// generate random K for signing/side-channel noise
|
// generate random K for signing/side-channel noise
|
||||||
static void generate_k_random(bignum256 *k, const bignum256 *prime) {
|
static void generate_k_random(bignum256 *k, const bignum256 *prime) {
|
||||||
do {
|
do {
|
||||||
int i;
|
int i = 0;
|
||||||
for (i = 0; i < 8; i++) {
|
for (i = 0; i < 8; i++) {
|
||||||
k->val[i] = random32() & 0x3FFFFFFF;
|
k->val[i] = random32() & 0x3FFFFFFF;
|
||||||
}
|
}
|
||||||
@ -230,10 +230,10 @@ void jacobian_to_curve(const jacobian_curve_point *jp, curve_point *p,
|
|||||||
|
|
||||||
void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2,
|
void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2,
|
||||||
const ecdsa_curve *curve) {
|
const ecdsa_curve *curve) {
|
||||||
bignum256 r, h, r2;
|
bignum256 r = {0}, h = {0}, r2 = {0};
|
||||||
bignum256 hcby, hsqx;
|
bignum256 hcby = {0}, hsqx = {0};
|
||||||
bignum256 xz, yz, az;
|
bignum256 xz = {0}, yz = {0}, az = {0};
|
||||||
int is_doubling;
|
int is_doubling = 0;
|
||||||
const bignum256 *prime = &curve->prime;
|
const bignum256 *prime = &curve->prime;
|
||||||
int a = curve->a;
|
int a = curve->a;
|
||||||
|
|
||||||
@ -348,7 +348,7 @@ void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2,
|
|||||||
}
|
}
|
||||||
|
|
||||||
void point_jacobian_double(jacobian_curve_point *p, const ecdsa_curve *curve) {
|
void point_jacobian_double(jacobian_curve_point *p, const ecdsa_curve *curve) {
|
||||||
bignum256 az4, m, msq, ysq, xysq;
|
bignum256 az4 = {0}, m = {0}, msq = {0}, ysq = {0}, xysq = {0};
|
||||||
const bignum256 *prime = &curve->prime;
|
const bignum256 *prime = &curve->prime;
|
||||||
|
|
||||||
assert(-3 <= curve->a && curve->a <= 0);
|
assert(-3 <= curve->a && curve->a <= 0);
|
||||||
@ -424,15 +424,15 @@ void point_multiply(const ecdsa_curve *curve, const bignum256 *k,
|
|||||||
// Side Channel Attacks.
|
// Side Channel Attacks.
|
||||||
assert(bn_is_less(k, &curve->order));
|
assert(bn_is_less(k, &curve->order));
|
||||||
|
|
||||||
int i, j;
|
int i = 0, j = 0;
|
||||||
static CONFIDENTIAL bignum256 a;
|
static CONFIDENTIAL bignum256 a;
|
||||||
uint32_t *aptr;
|
uint32_t *aptr = NULL;
|
||||||
uint32_t abits;
|
uint32_t abits = 0;
|
||||||
int ashift;
|
int ashift = 0;
|
||||||
uint32_t is_even = (k->val[0] & 1) - 1;
|
uint32_t is_even = (k->val[0] & 1) - 1;
|
||||||
uint32_t bits, sign, nsign;
|
uint32_t bits = {0}, sign = {0}, nsign = {0};
|
||||||
static CONFIDENTIAL jacobian_curve_point jres;
|
static CONFIDENTIAL jacobian_curve_point jres;
|
||||||
curve_point pmult[8];
|
curve_point pmult[8] = {0};
|
||||||
const bignum256 *prime = &curve->prime;
|
const bignum256 *prime = &curve->prime;
|
||||||
|
|
||||||
// is_even = 0xffffffff if k is even, 0 otherwise.
|
// is_even = 0xffffffff if k is even, 0 otherwise.
|
||||||
@ -545,10 +545,10 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k,
|
|||||||
curve_point *res) {
|
curve_point *res) {
|
||||||
assert(bn_is_less(k, &curve->order));
|
assert(bn_is_less(k, &curve->order));
|
||||||
|
|
||||||
int i, j;
|
int i = {0}, j = {0};
|
||||||
static CONFIDENTIAL bignum256 a;
|
static CONFIDENTIAL bignum256 a;
|
||||||
uint32_t is_even = (k->val[0] & 1) - 1;
|
uint32_t is_even = (k->val[0] & 1) - 1;
|
||||||
uint32_t lowbits;
|
uint32_t lowbits = 0;
|
||||||
static CONFIDENTIAL jacobian_curve_point jres;
|
static CONFIDENTIAL jacobian_curve_point jres;
|
||||||
const bignum256 *prime = &curve->prime;
|
const bignum256 *prime = &curve->prime;
|
||||||
|
|
||||||
@ -636,12 +636,12 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k,
|
|||||||
|
|
||||||
int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key,
|
int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key,
|
||||||
const uint8_t *pub_key, uint8_t *session_key) {
|
const uint8_t *pub_key, uint8_t *session_key) {
|
||||||
curve_point point;
|
curve_point point = {0};
|
||||||
if (!ecdsa_read_pubkey(curve, pub_key, &point)) {
|
if (!ecdsa_read_pubkey(curve, pub_key, &point)) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
bignum256 k;
|
bignum256 k = {0};
|
||||||
bn_read_be(priv_key, &k);
|
bn_read_be(priv_key, &k);
|
||||||
point_multiply(curve, &k, &point, &point);
|
point_multiply(curve, &k, &point, &point);
|
||||||
memzero(&k, sizeof(k));
|
memzero(&k, sizeof(k));
|
||||||
@ -660,7 +660,7 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,
|
|||||||
const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len,
|
const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len,
|
||||||
uint8_t *sig, uint8_t *pby,
|
uint8_t *sig, uint8_t *pby,
|
||||||
int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
|
int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
|
||||||
uint8_t hash[32];
|
uint8_t hash[32] = {0};
|
||||||
hasher_Raw(hasher_sign, msg, msg_len, hash);
|
hasher_Raw(hasher_sign, msg, msg_len, hash);
|
||||||
int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
|
int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
|
||||||
memzero(hash, sizeof(hash));
|
memzero(hash, sizeof(hash));
|
||||||
@ -676,14 +676,14 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,
|
|||||||
int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key,
|
int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key,
|
||||||
const uint8_t *digest, uint8_t *sig, uint8_t *pby,
|
const uint8_t *digest, uint8_t *sig, uint8_t *pby,
|
||||||
int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
|
int (*is_canonical)(uint8_t by, uint8_t sig[64])) {
|
||||||
int i;
|
int i = 0;
|
||||||
curve_point R;
|
curve_point R = {0};
|
||||||
bignum256 k, z, randk;
|
bignum256 k = {0}, z = {0}, randk = {0};
|
||||||
bignum256 *s = &R.y;
|
bignum256 *s = &R.y;
|
||||||
uint8_t by; // signature recovery byte
|
uint8_t by; // signature recovery byte
|
||||||
|
|
||||||
#if USE_RFC6979
|
#if USE_RFC6979
|
||||||
rfc6979_state rng;
|
rfc6979_state rng = {0};
|
||||||
init_rfc6979(priv_key, digest, &rng);
|
init_rfc6979(priv_key, digest, &rng);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -768,8 +768,8 @@ int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key,
|
|||||||
|
|
||||||
void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key,
|
void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key,
|
||||||
uint8_t *pub_key) {
|
uint8_t *pub_key) {
|
||||||
curve_point R;
|
curve_point R = {0};
|
||||||
bignum256 k;
|
bignum256 k = {0};
|
||||||
|
|
||||||
bn_read_be(priv_key, &k);
|
bn_read_be(priv_key, &k);
|
||||||
// compute k*G
|
// compute k*G
|
||||||
@ -782,8 +782,8 @@ void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key,
|
|||||||
|
|
||||||
void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key,
|
void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key,
|
||||||
uint8_t *pub_key) {
|
uint8_t *pub_key) {
|
||||||
curve_point R;
|
curve_point R = {0};
|
||||||
bignum256 k;
|
bignum256 k = {0};
|
||||||
|
|
||||||
bn_read_be(priv_key, &k);
|
bn_read_be(priv_key, &k);
|
||||||
// compute k*G
|
// compute k*G
|
||||||
@ -797,7 +797,7 @@ void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key,
|
|||||||
|
|
||||||
int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
|
int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
|
||||||
uint8_t *uncompressed) {
|
uint8_t *uncompressed) {
|
||||||
curve_point pub;
|
curve_point pub = {0};
|
||||||
|
|
||||||
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
|
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -812,7 +812,7 @@ int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
|
|||||||
|
|
||||||
void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_pubkey,
|
void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_pubkey,
|
||||||
uint8_t *pubkeyhash) {
|
uint8_t *pubkeyhash) {
|
||||||
uint8_t h[HASHER_DIGEST_LENGTH];
|
uint8_t h[HASHER_DIGEST_LENGTH] = {0};
|
||||||
if (pub_key[0] == 0x04) { // uncompressed format
|
if (pub_key[0] == 0x04) { // uncompressed format
|
||||||
hasher_Raw(hasher_pubkey, pub_key, 65, h);
|
hasher_Raw(hasher_pubkey, pub_key, 65, h);
|
||||||
} else if (pub_key[0] == 0x00) { // point at infinity
|
} else if (pub_key[0] == 0x00) { // point at infinity
|
||||||
@ -834,7 +834,7 @@ void ecdsa_get_address_raw(const uint8_t *pub_key, uint32_t version,
|
|||||||
void ecdsa_get_address(const uint8_t *pub_key, uint32_t version,
|
void ecdsa_get_address(const uint8_t *pub_key, uint32_t version,
|
||||||
HasherType hasher_pubkey, HasherType hasher_base58,
|
HasherType hasher_pubkey, HasherType hasher_base58,
|
||||||
char *addr, int addrsize) {
|
char *addr, int addrsize) {
|
||||||
uint8_t raw[MAX_ADDR_RAW_SIZE];
|
uint8_t raw[MAX_ADDR_RAW_SIZE] = {0};
|
||||||
size_t prefix_len = address_prefix_bytes_len(version);
|
size_t prefix_len = address_prefix_bytes_len(version);
|
||||||
ecdsa_get_address_raw(pub_key, version, hasher_pubkey, raw);
|
ecdsa_get_address_raw(pub_key, version, hasher_pubkey, raw);
|
||||||
base58_encode_check(raw, 20 + prefix_len, hasher_base58, addr, addrsize);
|
base58_encode_check(raw, 20 + prefix_len, hasher_base58, addr, addrsize);
|
||||||
@ -845,7 +845,7 @@ void ecdsa_get_address(const uint8_t *pub_key, uint32_t version,
|
|||||||
void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version,
|
void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version,
|
||||||
HasherType hasher_pubkey,
|
HasherType hasher_pubkey,
|
||||||
uint8_t *addr_raw) {
|
uint8_t *addr_raw) {
|
||||||
uint8_t buf[32 + 2];
|
uint8_t buf[32 + 2] = {0};
|
||||||
buf[0] = 0; // version byte
|
buf[0] = 0; // version byte
|
||||||
buf[1] = 20; // push 20 bytes
|
buf[1] = 20; // push 20 bytes
|
||||||
ecdsa_get_pubkeyhash(pub_key, hasher_pubkey, buf + 2);
|
ecdsa_get_pubkeyhash(pub_key, hasher_pubkey, buf + 2);
|
||||||
@ -858,7 +858,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version,
|
|||||||
HasherType hasher_pubkey,
|
HasherType hasher_pubkey,
|
||||||
HasherType hasher_base58, char *addr,
|
HasherType hasher_base58, char *addr,
|
||||||
int addrsize) {
|
int addrsize) {
|
||||||
uint8_t raw[MAX_ADDR_RAW_SIZE];
|
uint8_t raw[MAX_ADDR_RAW_SIZE] = {0};
|
||||||
size_t prefix_len = address_prefix_bytes_len(version);
|
size_t prefix_len = address_prefix_bytes_len(version);
|
||||||
ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_pubkey, raw);
|
ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_pubkey, raw);
|
||||||
base58_encode_check(raw, prefix_len + 20, hasher_base58, addr, addrsize);
|
base58_encode_check(raw, prefix_len + 20, hasher_base58, addr, addrsize);
|
||||||
@ -867,7 +867,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version,
|
|||||||
|
|
||||||
void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version,
|
void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version,
|
||||||
HasherType hasher_base58, char *wif, int wifsize) {
|
HasherType hasher_base58, char *wif, int wifsize) {
|
||||||
uint8_t wif_raw[MAX_WIF_RAW_SIZE];
|
uint8_t wif_raw[MAX_WIF_RAW_SIZE] = {0};
|
||||||
size_t prefix_len = address_prefix_bytes_len(version);
|
size_t prefix_len = address_prefix_bytes_len(version);
|
||||||
address_write_prefix_bytes(version, wif_raw);
|
address_write_prefix_bytes(version, wif_raw);
|
||||||
memcpy(wif_raw + prefix_len, priv_key, 32);
|
memcpy(wif_raw + prefix_len, priv_key, 32);
|
||||||
@ -931,7 +931,7 @@ int ecdsa_read_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key,
|
|||||||
// - pub is on the curve.
|
// - pub is on the curve.
|
||||||
|
|
||||||
int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) {
|
int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) {
|
||||||
bignum256 y_2, x3_ax_b;
|
bignum256 y_2 = {0}, x3_ax_b = {0};
|
||||||
|
|
||||||
if (point_is_infinity(pub)) {
|
if (point_is_infinity(pub)) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -972,7 +972,7 @@ int ecdsa_validate_pubkey(const ecdsa_curve *curve, const curve_point *pub) {
|
|||||||
int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign,
|
int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign,
|
||||||
const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
|
const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
|
||||||
uint32_t msg_len) {
|
uint32_t msg_len) {
|
||||||
uint8_t hash[32];
|
uint8_t hash[32] = {0};
|
||||||
hasher_Raw(hasher_sign, msg, msg_len, hash);
|
hasher_Raw(hasher_sign, msg, msg_len, hash);
|
||||||
int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
|
int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
|
||||||
memzero(hash, sizeof(hash));
|
memzero(hash, sizeof(hash));
|
||||||
@ -984,8 +984,8 @@ int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_sign,
|
|||||||
int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
|
int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
|
||||||
const uint8_t *sig, const uint8_t *digest,
|
const uint8_t *sig, const uint8_t *digest,
|
||||||
int recid) {
|
int recid) {
|
||||||
bignum256 r, s, e;
|
bignum256 r = {0}, s = {0}, e = {0};
|
||||||
curve_point cp, cp2;
|
curve_point cp = {0}, cp2 = {0};
|
||||||
|
|
||||||
// read r and s
|
// read r and s
|
||||||
bn_read_be(sig, &r);
|
bn_read_be(sig, &r);
|
||||||
@ -1033,8 +1033,8 @@ int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
|
|||||||
// returns 0 if verification succeeded
|
// returns 0 if verification succeeded
|
||||||
int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key,
|
int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key,
|
||||||
const uint8_t *sig, const uint8_t *digest) {
|
const uint8_t *sig, const uint8_t *digest) {
|
||||||
curve_point pub, res;
|
curve_point pub = {0}, res = {0};
|
||||||
bignum256 r, s, z;
|
bignum256 r = {0}, s = {0}, z = {0};
|
||||||
|
|
||||||
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
|
if (!ecdsa_read_pubkey(curve, pub_key, &pub)) {
|
||||||
return 1;
|
return 1;
|
||||||
@ -1087,8 +1087,8 @@ int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
|
int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
|
||||||
int i;
|
int i = 0;
|
||||||
uint8_t *p = der, *len, *len1, *len2;
|
uint8_t *p = der, *len = NULL, *len1 = NULL, *len2 = NULL;
|
||||||
*p = 0x30;
|
*p = 0x30;
|
||||||
p++; // sequence
|
p++; // sequence
|
||||||
*p = 0x00;
|
*p = 0x00;
|
||||||
|
@ -39,7 +39,7 @@ void curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -54,7 +54,7 @@ void curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bign
|
|||||||
}
|
}
|
||||||
|
|
||||||
void curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -78,7 +78,7 @@ static const uint32_t fourP2468 = 0x0ffffffc;
|
|||||||
|
|
||||||
/* out = a - b */
|
/* out = a - b */
|
||||||
void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = twoP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = twoP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = twoP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = twoP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -93,8 +93,8 @@ void curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
|||||||
|
|
||||||
/* out = in * scalar */
|
/* out = in * scalar */
|
||||||
void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint32_t scalar) {
|
void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint32_t scalar) {
|
||||||
uint64_t a;
|
uint64_t a = 0;
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
a = mul32x32_64(in[0], scalar); out[0] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
|
a = mul32x32_64(in[0], scalar); out[0] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
|
||||||
a = mul32x32_64(in[1], scalar) + c; out[1] = (uint32_t)a & reduce_mask_25; c = (uint32_t)(a >> 25);
|
a = mul32x32_64(in[1], scalar) + c; out[1] = (uint32_t)a & reduce_mask_25; c = (uint32_t)(a >> 25);
|
||||||
a = mul32x32_64(in[2], scalar) + c; out[2] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
|
a = mul32x32_64(in[2], scalar) + c; out[2] = (uint32_t)a & reduce_mask_26; c = (uint32_t)(a >> 26);
|
||||||
@ -110,7 +110,7 @@ void curve25519_scalar_product(bignum25519 out, const bignum25519 in, const uint
|
|||||||
|
|
||||||
/* out = a - b, where a is the result of a basic op (add,sub) */
|
/* out = a - b, where a is the result of a basic op (add,sub) */
|
||||||
void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -125,7 +125,7 @@ void curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bign
|
|||||||
}
|
}
|
||||||
|
|
||||||
void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -141,7 +141,7 @@ void curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum255
|
|||||||
|
|
||||||
/* out = -a */
|
/* out = -a */
|
||||||
void curve25519_neg(bignum25519 out, const bignum25519 a) {
|
void curve25519_neg(bignum25519 out, const bignum25519 a) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = twoP0 - a[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = twoP0 - a[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = twoP2468 - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = twoP2468 - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -158,10 +158,10 @@ void curve25519_neg(bignum25519 out, const bignum25519 a) {
|
|||||||
/* out = a * b */
|
/* out = a * b */
|
||||||
#define curve25519_mul_noinline curve25519_mul
|
#define curve25519_mul_noinline curve25519_mul
|
||||||
void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
||||||
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
|
uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
|
||||||
uint32_t s0,s1,s2,s3,s4,s5,s6,s7,s8,s9;
|
uint32_t s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0;
|
||||||
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
|
uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
|
||||||
uint32_t p;
|
uint32_t p = 0;
|
||||||
|
|
||||||
r0 = b[0];
|
r0 = b[0];
|
||||||
r1 = b[1];
|
r1 = b[1];
|
||||||
@ -255,10 +255,10 @@ void curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
|
|||||||
|
|
||||||
/* out = in * in */
|
/* out = in * in */
|
||||||
void curve25519_square(bignum25519 out, const bignum25519 in) {
|
void curve25519_square(bignum25519 out, const bignum25519 in) {
|
||||||
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
|
uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
|
||||||
uint32_t d6,d7,d8,d9;
|
uint32_t d6 = 0, d7 = 0, d8 = 0, d9 = 0;
|
||||||
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
|
uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
|
||||||
uint32_t p;
|
uint32_t p = 0;
|
||||||
|
|
||||||
r0 = in[0];
|
r0 = in[0];
|
||||||
r1 = in[1];
|
r1 = in[1];
|
||||||
@ -328,10 +328,10 @@ void curve25519_square(bignum25519 out, const bignum25519 in) {
|
|||||||
|
|
||||||
/* out = in ^ (2 * count) */
|
/* out = in ^ (2 * count) */
|
||||||
void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
|
void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
|
||||||
uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
|
uint32_t r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0, r6 = 0, r7 = 0, r8 = 0, r9 = 0;
|
||||||
uint32_t d6,d7,d8,d9;
|
uint32_t d6 = 0, d7 = 0, d8 = 0, d9 = 0;
|
||||||
uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
|
uint64_t m0 = 0, m1 = 0, m2 = 0, m3 = 0, m4 = 0, m5 = 0, m6 = 0, m7 = 0, m8 = 0, m9 = 0, c = 0;
|
||||||
uint32_t p;
|
uint32_t p = 0;
|
||||||
|
|
||||||
r0 = in[0];
|
r0 = in[0];
|
||||||
r1 = in[1];
|
r1 = in[1];
|
||||||
@ -403,7 +403,7 @@ void curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
|
|||||||
|
|
||||||
/* Take a little-endian, 32-byte number and expand it into polynomial form */
|
/* Take a little-endian, 32-byte number and expand it into polynomial form */
|
||||||
void curve25519_expand(bignum25519 out, const unsigned char in[32]) {
|
void curve25519_expand(bignum25519 out, const unsigned char in[32]) {
|
||||||
uint32_t x0,x1,x2,x3,x4,x5,x6,x7;
|
uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0;
|
||||||
#define F(s) \
|
#define F(s) \
|
||||||
((((uint32_t)in[s + 0]) ) | \
|
((((uint32_t)in[s + 0]) ) | \
|
||||||
(((uint32_t)in[s + 1]) << 8) | \
|
(((uint32_t)in[s + 1]) << 8) | \
|
||||||
@ -435,7 +435,7 @@ void curve25519_expand(bignum25519 out, const unsigned char in[32]) {
|
|||||||
* little-endian, 32-byte array
|
* little-endian, 32-byte array
|
||||||
*/
|
*/
|
||||||
void curve25519_contract(unsigned char out[32], const bignum25519 in) {
|
void curve25519_contract(unsigned char out[32], const bignum25519 in) {
|
||||||
bignum25519 f;
|
bignum25519 f = {0};
|
||||||
curve25519_copy(f, in);
|
curve25519_copy(f, in);
|
||||||
|
|
||||||
#define carry_pass() \
|
#define carry_pass() \
|
||||||
@ -517,7 +517,7 @@ void curve25519_contract(unsigned char out[32], const bignum25519 in) {
|
|||||||
/* if (iswap) swap(a, b) */
|
/* if (iswap) swap(a, b) */
|
||||||
void curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
|
void curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
|
||||||
const uint32_t swap = (uint32_t)(-(int32_t)iswap);
|
const uint32_t swap = (uint32_t)(-(int32_t)iswap);
|
||||||
uint32_t x0,x1,x2,x3,x4,x5,x6,x7,x8,x9;
|
uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0, x8 = 0, x9 = 0;
|
||||||
|
|
||||||
x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0;
|
x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0;
|
||||||
x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1;
|
x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1;
|
||||||
@ -557,13 +557,13 @@ void curve25519_set_sqrtneg1(bignum25519 r){
|
|||||||
}
|
}
|
||||||
|
|
||||||
int curve25519_isnegative(const bignum25519 f) {
|
int curve25519_isnegative(const bignum25519 f) {
|
||||||
unsigned char s[32];
|
unsigned char s[32] = {0};
|
||||||
curve25519_contract(s, f);
|
curve25519_contract(s, f);
|
||||||
return s[0] & 1;
|
return s[0] & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int curve25519_isnonzero(const bignum25519 f) {
|
int curve25519_isnonzero(const bignum25519 f) {
|
||||||
unsigned char s[32];
|
unsigned char s[32] = {0};
|
||||||
curve25519_contract(s, f);
|
curve25519_contract(s, f);
|
||||||
return ((((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
|
return ((((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
|
||||||
s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
|
s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
|
||||||
@ -572,7 +572,7 @@ int curve25519_isnonzero(const bignum25519 f) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void curve25519_reduce(bignum25519 out, const bignum25519 in) {
|
void curve25519_reduce(bignum25519 out, const bignum25519 in) {
|
||||||
uint32_t c;
|
uint32_t c = 0;
|
||||||
out[0] = in[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
out[0] = in[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
|
||||||
out[1] = in[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
out[1] = in[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
|
||||||
out[2] = in[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
out[2] = in[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
|
||||||
@ -588,7 +588,7 @@ void curve25519_reduce(bignum25519 out, const bignum25519 in) {
|
|||||||
|
|
||||||
void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v) {
|
void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v) {
|
||||||
bignum25519 v3={0}, uv7={0}, t0={0}, t1={0}, t2={0};
|
bignum25519 v3={0}, uv7={0}, t0={0}, t1={0}, t2={0};
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
curve25519_square(v3, v);
|
curve25519_square(v3, v);
|
||||||
curve25519_mul(v3, v3, v); /* v3 = v^3 */
|
curve25519_mul(v3, v3, v); /* v3 = v^3 */
|
||||||
@ -650,7 +650,7 @@ void curve25519_divpowm1(bignum25519 r, const bignum25519 u, const bignum25519 v
|
|||||||
}
|
}
|
||||||
|
|
||||||
void curve25519_expand_reduce(bignum25519 out, const unsigned char in[32]) {
|
void curve25519_expand_reduce(bignum25519 out, const unsigned char in[32]) {
|
||||||
uint32_t x0,x1,x2,x3,x4,x5,x6,x7;
|
uint32_t x0 = 0, x1 = 0, x2 = 0, x3 = 0, x4 = 0, x5 = 0, x6 = 0, x7 = 0;
|
||||||
#define F(s) \
|
#define F(s) \
|
||||||
((((uint32_t)in[s + 0]) ) | \
|
((((uint32_t)in[s + 0]) ) | \
|
||||||
(((uint32_t)in[s + 1]) << 8) | \
|
(((uint32_t)in[s + 1]) << 8) | \
|
||||||
|
@ -9,10 +9,10 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
void curve25519_scalarmult_donna(curve25519_key mypublic, const curve25519_key n, const curve25519_key basepoint) {
|
void curve25519_scalarmult_donna(curve25519_key mypublic, const curve25519_key n, const curve25519_key basepoint) {
|
||||||
bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx;
|
bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx = {0};
|
||||||
bignum25519 q, qx, qpqx, qqx, zzz, zmone;
|
bignum25519 q = {0}, qx = {0}, qpqx = {0}, qqx = {0}, zzz = {0}, zmone = {0};
|
||||||
size_t bit, lastbit;
|
size_t bit = 0, lastbit = 0;
|
||||||
int32_t i;
|
int32_t i = 0;
|
||||||
|
|
||||||
curve25519_expand(q, basepoint);
|
curve25519_expand(q, basepoint);
|
||||||
curve25519_copy(nqx, q);
|
curve25519_copy(nqx, q);
|
||||||
|
@ -67,7 +67,7 @@ void ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
|
void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
|
||||||
bignum25519 a,b,c;
|
bignum25519 a = {0}, b = {0}, c = {0};
|
||||||
|
|
||||||
curve25519_square(a, p->x);
|
curve25519_square(a, p->x);
|
||||||
curve25519_square(b, p->y);
|
curve25519_square(b, p->y);
|
||||||
@ -85,7 +85,7 @@ void ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
|
|||||||
void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
|
void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
|
||||||
const bignum25519 *qb = (const bignum25519 *)q;
|
const bignum25519 *qb = (const bignum25519 *)q;
|
||||||
bignum25519 *rb = (bignum25519 *)r;
|
bignum25519 *rb = (bignum25519 *)r;
|
||||||
bignum25519 a,b,c;
|
bignum25519 a = {0}, b = {0}, c = {0};
|
||||||
|
|
||||||
curve25519_sub(a, p->y, p->x);
|
curve25519_sub(a, p->y, p->x);
|
||||||
curve25519_add(b, p->y, p->x);
|
curve25519_add(b, p->y, p->x);
|
||||||
@ -104,7 +104,7 @@ void ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_nie
|
|||||||
void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
|
void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
|
||||||
const bignum25519 *qb = (const bignum25519 *)q;
|
const bignum25519 *qb = (const bignum25519 *)q;
|
||||||
bignum25519 *rb = (bignum25519 *)r;
|
bignum25519 *rb = (bignum25519 *)r;
|
||||||
bignum25519 a,b,c;
|
bignum25519 a = {0}, b = {0}, c = {0};
|
||||||
|
|
||||||
curve25519_sub(a, p->y, p->x);
|
curve25519_sub(a, p->y, p->x);
|
||||||
curve25519_add(b, p->y, p->x);
|
curve25519_add(b, p->y, p->x);
|
||||||
@ -121,19 +121,19 @@ void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pni
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_double_partial(ge25519 *r, const ge25519 *p) {
|
void ge25519_double_partial(ge25519 *r, const ge25519 *p) {
|
||||||
ge25519_p1p1 t;
|
ge25519_p1p1 t = {0};
|
||||||
ge25519_double_p1p1(&t, p);
|
ge25519_double_p1p1(&t, p);
|
||||||
ge25519_p1p1_to_partial(r, &t);
|
ge25519_p1p1_to_partial(r, &t);
|
||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_double(ge25519 *r, const ge25519 *p) {
|
void ge25519_double(ge25519 *r, const ge25519 *p) {
|
||||||
ge25519_p1p1 t;
|
ge25519_p1p1 t = {0};
|
||||||
ge25519_double_p1p1(&t, p);
|
ge25519_double_p1p1(&t, p);
|
||||||
ge25519_p1p1_to_full(r, &t);
|
ge25519_p1p1_to_full(r, &t);
|
||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
|
void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
|
||||||
bignum25519 a,b,c,e,f,g,h;
|
bignum25519 a = {0}, b = {0}, c = {0}, e = {0}, f = {0}, g = {0}, h = {0};
|
||||||
|
|
||||||
curve25519_sub(a, r->y, r->x);
|
curve25519_sub(a, r->y, r->x);
|
||||||
curve25519_add(b, r->y, r->x);
|
curve25519_add(b, r->y, r->x);
|
||||||
@ -152,7 +152,7 @@ void ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
|
void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
|
||||||
bignum25519 a,b,c,x,y,z,t;
|
bignum25519 a = {0}, b = {0}, c = {0}, x = {0}, y = {0}, z = {0}, t = {0};
|
||||||
|
|
||||||
curve25519_sub(a, p->y, p->x);
|
curve25519_sub(a, p->y, p->x);
|
||||||
curve25519_add(b, p->y, p->x);
|
curve25519_add(b, p->y, p->x);
|
||||||
@ -181,8 +181,8 @@ void ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
void ge25519_pack(unsigned char r[32], const ge25519 *p) {
|
void ge25519_pack(unsigned char r[32], const ge25519 *p) {
|
||||||
bignum25519 tx, ty, zi;
|
bignum25519 tx = {0}, ty = {0}, zi = {0};
|
||||||
unsigned char parity[32];
|
unsigned char parity[32] = {0};
|
||||||
curve25519_recip(zi, p->z);
|
curve25519_recip(zi, p->z);
|
||||||
curve25519_mul(tx, p->x, zi);
|
curve25519_mul(tx, p->x, zi);
|
||||||
curve25519_mul(ty, p->y, zi);
|
curve25519_mul(ty, p->y, zi);
|
||||||
@ -195,8 +195,8 @@ int ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
|
|||||||
const unsigned char zero[32] = {0};
|
const unsigned char zero[32] = {0};
|
||||||
const bignum25519 one = {1};
|
const bignum25519 one = {1};
|
||||||
unsigned char parity = p[31] >> 7;
|
unsigned char parity = p[31] >> 7;
|
||||||
unsigned char check[32];
|
unsigned char check[32] = {0};
|
||||||
bignum25519 t, root, num, den, d3;
|
bignum25519 t = {0}, root = {0}, num = {0}, den = {0}, d3 = {0};
|
||||||
|
|
||||||
curve25519_expand(r->y, p);
|
curve25519_expand(r->y, p);
|
||||||
curve25519_copy(r->z, one);
|
curve25519_copy(r->z, one);
|
||||||
@ -262,14 +262,14 @@ void ge25519_set_neutral(ge25519 *r)
|
|||||||
|
|
||||||
/* computes [s1]p1 + [s2]base */
|
/* computes [s1]p1 + [s2]base */
|
||||||
void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
|
void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
|
||||||
signed char slide1[256], slide2[256];
|
signed char slide1[256] = {0}, slide2[256] = {0};
|
||||||
ge25519_pniels pre1[S1_TABLE_SIZE];
|
ge25519_pniels pre1[S1_TABLE_SIZE] = {0};
|
||||||
#ifdef ED25519_NO_PRECOMP
|
#ifdef ED25519_NO_PRECOMP
|
||||||
ge25519_pniels pre2[S2_TABLE_SIZE];
|
ge25519_pniels pre2[S2_TABLE_SIZE] = {0};
|
||||||
#endif
|
#endif
|
||||||
ge25519 dp;
|
ge25519 dp = {0};
|
||||||
ge25519_p1p1 t;
|
ge25519_p1p1 t = {0};
|
||||||
int32_t i;
|
int32_t i = 0;
|
||||||
|
|
||||||
memzero(&t, sizeof(ge25519_p1p1));
|
memzero(&t, sizeof(ge25519_p1p1));
|
||||||
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
|
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
|
||||||
@ -320,12 +320,12 @@ void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bign
|
|||||||
/* computes [s1]p1 + [s2]p2 */
|
/* computes [s1]p1 + [s2]p2 */
|
||||||
#if USE_MONERO
|
#if USE_MONERO
|
||||||
void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const ge25519 *p2, const bignum256modm s2) {
|
void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const ge25519 *p2, const bignum256modm s2) {
|
||||||
signed char slide1[256], slide2[256];
|
signed char slide1[256] = {0}, slide2[256] = {0};
|
||||||
ge25519_pniels pre1[S1_TABLE_SIZE];
|
ge25519_pniels pre1[S1_TABLE_SIZE] = {0};
|
||||||
ge25519_pniels pre2[S1_TABLE_SIZE];
|
ge25519_pniels pre2[S1_TABLE_SIZE] = {0};
|
||||||
ge25519 dp;
|
ge25519 dp = {0};
|
||||||
ge25519_p1p1 t;
|
ge25519_p1p1 t = {0};
|
||||||
int32_t i;
|
int32_t i = 0;
|
||||||
|
|
||||||
memzero(&t, sizeof(ge25519_p1p1));
|
memzero(&t, sizeof(ge25519_p1p1));
|
||||||
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
|
contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
|
||||||
@ -378,7 +378,7 @@ void ge25519_double_scalarmult_vartime2(ge25519 *r, const ge25519 *p1, const big
|
|||||||
* with less than i686 on x86
|
* with less than i686 on x86
|
||||||
*/
|
*/
|
||||||
static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int stride) {
|
static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int stride) {
|
||||||
long x0=r[0], x1=r[1], x2=r[2], x3=r[3], y0, y1, y2, y3;
|
long x0=r[0], x1=r[1], x2=r[2], x3=r[3], y0 = 0, y1 = 0, y2 = 0, y3 = 0;
|
||||||
for(; p<n; p+=stride) {
|
for(; p<n; p+=stride) {
|
||||||
volatile int flag=(p==pos);
|
volatile int flag=(p==pos);
|
||||||
y0 = p[0];
|
y0 = p[0];
|
||||||
@ -398,7 +398,7 @@ static void ge25519_cmove_stride4(long * r, long * p, long * pos, long * n, int
|
|||||||
#define HAS_CMOVE_STRIDE4
|
#define HAS_CMOVE_STRIDE4
|
||||||
|
|
||||||
static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int stride) {
|
static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int stride) {
|
||||||
long x0=p[0], x1=p[1], x2=p[2], x3=p[3], y0, y1, y2, y3;
|
long x0=p[0], x1=p[1], x2=p[2], x3=p[3], y0 = 0, y1 = 0, y2 = 0, y3 = 0;
|
||||||
for(p+=stride; p<n; p+=stride) {
|
for(p+=stride; p<n; p+=stride) {
|
||||||
volatile int flag=(p==pos);
|
volatile int flag=(p==pos);
|
||||||
y0 = p[0];
|
y0 = p[0];
|
||||||
@ -419,7 +419,7 @@ static void ge25519_cmove_stride4b(long * r, long * p, long * pos, long * n, int
|
|||||||
|
|
||||||
void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) {
|
void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pniels * p, int pos, int n) {
|
||||||
#ifdef HAS_CMOVE_STRIDE4B
|
#ifdef HAS_CMOVE_STRIDE4B
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
for(i=0; i<sizeof(ge25519_pniels)/sizeof(long); i+=4) {
|
for(i=0; i<sizeof(ge25519_pniels)/sizeof(long); i+=4) {
|
||||||
ge25519_cmove_stride4b(((long*)r)+i,
|
ge25519_cmove_stride4b(((long*)r)+i,
|
||||||
((long*)p)+i,
|
((long*)p)+i,
|
||||||
@ -428,7 +428,7 @@ void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pni
|
|||||||
sizeof(ge25519_pniels)/sizeof(long));
|
sizeof(ge25519_pniels)/sizeof(long));
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
for(i=0; i<n; i++) {
|
for(i=0; i<n; i++) {
|
||||||
ge25519_move_conditional_pniels(r, p+i, pos==i);
|
ge25519_move_conditional_pniels(r, p+i, pos==i);
|
||||||
}
|
}
|
||||||
@ -436,7 +436,7 @@ void ge25519_move_conditional_pniels_array(ge25519_pniels * r, const ge25519_pni
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) {
|
void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][96], int pos, int n) {
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
for(i=0; i<96/sizeof(long); i+=4) {
|
for(i=0; i<96/sizeof(long); i+=4) {
|
||||||
ge25519_cmove_stride4(((long*)r)+i,
|
ge25519_cmove_stride4(((long*)r)+i,
|
||||||
((long*)p)+i,
|
((long*)p)+i,
|
||||||
@ -448,12 +448,12 @@ void ge25519_move_conditional_niels_array(ge25519_niels * r, const uint8_t p[8][
|
|||||||
|
|
||||||
/* computes [s1]p1, constant time */
|
/* computes [s1]p1, constant time */
|
||||||
void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
|
void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
|
||||||
signed char slide1[64];
|
signed char slide1[64] = {0};
|
||||||
ge25519_pniels pre1[9];
|
ge25519_pniels pre1[9] = {0};
|
||||||
ge25519_pniels pre;
|
ge25519_pniels pre = {0};
|
||||||
ge25519 d1;
|
ge25519 d1 = {0};
|
||||||
ge25519_p1p1 t;
|
ge25519_p1p1 t = {0};
|
||||||
int32_t i;
|
int32_t i = 0;
|
||||||
|
|
||||||
contract256_window4_modm(slide1, s1);
|
contract256_window4_modm(slide1, s1);
|
||||||
|
|
||||||
@ -484,7 +484,7 @@ void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
|
void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
|
||||||
bignum25519 neg;
|
bignum25519 neg = {0};
|
||||||
uint32_t sign = (uint32_t)((unsigned char)b >> 7);
|
uint32_t sign = (uint32_t)((unsigned char)b >> 7);
|
||||||
uint32_t mask = ~(sign - 1);
|
uint32_t mask = ~(sign - 1);
|
||||||
uint32_t u = (b + mask) ^ mask;
|
uint32_t u = (b + mask) ^ mask;
|
||||||
@ -509,9 +509,9 @@ void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[
|
|||||||
|
|
||||||
/* computes [s]basepoint */
|
/* computes [s]basepoint */
|
||||||
void ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) {
|
void ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) {
|
||||||
signed char b[64];
|
signed char b[64] = {0};
|
||||||
uint32_t i;
|
uint32_t i = 0;
|
||||||
ge25519_niels t;
|
ge25519_niels t = {0};
|
||||||
|
|
||||||
contract256_window4_modm(b, s);
|
contract256_window4_modm(b, s);
|
||||||
|
|
||||||
@ -620,7 +620,7 @@ void ge25519_reduce(ge25519 *r, const ge25519 *t){
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_norm(ge25519 *r, const ge25519 * t){
|
void ge25519_norm(ge25519 *r, const ge25519 * t){
|
||||||
bignum25519 zinv;
|
bignum25519 zinv = {0};
|
||||||
curve25519_recip(zinv, t->z);
|
curve25519_recip(zinv, t->z);
|
||||||
curve25519_mul(r->x, t->x, zinv);
|
curve25519_mul(r->x, t->x, zinv);
|
||||||
curve25519_mul(r->y, t->y, zinv);
|
curve25519_mul(r->y, t->y, zinv);
|
||||||
@ -629,8 +629,8 @@ void ge25519_norm(ge25519 *r, const ge25519 * t){
|
|||||||
}
|
}
|
||||||
|
|
||||||
void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char signbit) {
|
void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char signbit) {
|
||||||
ge25519_pniels P_ni;
|
ge25519_pniels P_ni = {0};
|
||||||
ge25519_p1p1 P_11;
|
ge25519_p1p1 P_11 = {0};
|
||||||
|
|
||||||
ge25519_full_to_pniels(&P_ni, q);
|
ge25519_full_to_pniels(&P_ni, q);
|
||||||
ge25519_pnielsadd_p1p1(&P_11, p, &P_ni, signbit);
|
ge25519_pnielsadd_p1p1(&P_11, p, &P_ni, signbit);
|
||||||
@ -639,7 +639,7 @@ void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q, unsigned char s
|
|||||||
|
|
||||||
void ge25519_fromfe_frombytes_vartime(ge25519 *r, const unsigned char *s){
|
void ge25519_fromfe_frombytes_vartime(ge25519 *r, const unsigned char *s){
|
||||||
bignum25519 u={0}, v={0}, w={0}, x={0}, y={0}, z={0};
|
bignum25519 u={0}, v={0}, w={0}, x={0}, y={0}, z={0};
|
||||||
unsigned char sign;
|
unsigned char sign = 0;
|
||||||
|
|
||||||
curve25519_expand_reduce(u, s);
|
curve25519_expand_reduce(u, s);
|
||||||
|
|
||||||
|
@ -42,9 +42,9 @@ ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public
|
|||||||
|
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
||||||
bignum256modm a;
|
bignum256modm a = {0};
|
||||||
ge25519 ALIGN(16) A;
|
ge25519 ALIGN(16) A;
|
||||||
hash_512bits extsk;
|
hash_512bits extsk = {0};
|
||||||
|
|
||||||
/* A = aB */
|
/* A = aB */
|
||||||
ed25519_extsk(extsk, sk);
|
ed25519_extsk(extsk, sk);
|
||||||
@ -57,9 +57,9 @@ ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key p
|
|||||||
#if USE_CARDANO
|
#if USE_CARDANO
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_public_key pk) {
|
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_public_key pk) {
|
||||||
bignum256modm a;
|
bignum256modm a = {0};
|
||||||
ge25519 ALIGN(16) A;
|
ge25519 ALIGN(16) A;
|
||||||
hash_512bits extsk;
|
hash_512bits extsk = {0};
|
||||||
|
|
||||||
/* we don't stretch the key through hashing first since its already 64 bytes */
|
/* we don't stretch the key through hashing first since its already 64 bytes */
|
||||||
|
|
||||||
@ -73,8 +73,8 @@ ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key sk, const ed25519_se
|
|||||||
|
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
||||||
bignum256modm r, S, a;
|
bignum256modm r = {0}, S = {0}, a = {0};
|
||||||
hash_512bits extsk, extnonce, hram;
|
hash_512bits extsk = {0}, extnonce = {0}, hram = {0};
|
||||||
|
|
||||||
ed25519_extsk(extsk, sk);
|
ed25519_extsk(extsk, sk);
|
||||||
ed25519_extsk(extnonce, nonce);
|
ed25519_extsk(extnonce, nonce);
|
||||||
@ -100,9 +100,9 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551
|
|||||||
void
|
void
|
||||||
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
|
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
|
||||||
ed25519_hash_context ctx;
|
ed25519_hash_context ctx;
|
||||||
bignum256modm r, S, a;
|
bignum256modm r = {0}, S = {0}, a = {0};
|
||||||
ge25519 ALIGN(16) R;
|
ge25519 ALIGN(16) R = {0};
|
||||||
hash_512bits extsk, hashr, hram;
|
hash_512bits extsk = {0}, hashr = {0}, hram = {0};
|
||||||
|
|
||||||
ed25519_extsk(extsk, sk);
|
ed25519_extsk(extsk, sk);
|
||||||
|
|
||||||
@ -137,9 +137,9 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
|
|||||||
void
|
void
|
||||||
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, const ed25519_public_key pk, ed25519_signature RS) {
|
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, const ed25519_public_key pk, ed25519_signature RS) {
|
||||||
ed25519_hash_context ctx;
|
ed25519_hash_context ctx;
|
||||||
bignum256modm r, S, a;
|
bignum256modm r = {0}, S = {0}, a = {0};
|
||||||
ge25519 ALIGN(16) R;
|
ge25519 ALIGN(16) R = {0};
|
||||||
hash_512bits extsk, hashr, hram;
|
hash_512bits extsk = {0}, hashr = {0}, hram = {0};
|
||||||
|
|
||||||
/* we don't stretch the key through hashing first since its already 64 bytes */
|
/* we don't stretch the key through hashing first since its already 64 bytes */
|
||||||
|
|
||||||
@ -177,9 +177,9 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519
|
|||||||
int
|
int
|
||||||
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
||||||
ge25519 ALIGN(16) R, A;
|
ge25519 ALIGN(16) R, A;
|
||||||
hash_512bits hash;
|
hash_512bits hash = {0};
|
||||||
bignum256modm hram, S;
|
bignum256modm hram = {0}, S = {0};
|
||||||
unsigned char checkR[32];
|
unsigned char checkR[32] = {0};
|
||||||
|
|
||||||
if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk))
|
if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk))
|
||||||
return -1;
|
return -1;
|
||||||
@ -203,9 +203,9 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
|
|||||||
|
|
||||||
int
|
int
|
||||||
ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
|
ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
|
||||||
bignum256modm a;
|
bignum256modm a = {0};
|
||||||
ge25519 ALIGN(16) A, P;
|
ge25519 ALIGN(16) A, P;
|
||||||
hash_512bits extsk;
|
hash_512bits extsk = {0};
|
||||||
|
|
||||||
ed25519_extsk(extsk, sk);
|
ed25519_extsk(extsk, sk);
|
||||||
expand256_modm(a, extsk, 32);
|
expand256_modm(a, extsk, 32);
|
||||||
@ -228,9 +228,9 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
|
|||||||
int
|
int
|
||||||
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
||||||
size_t i = 0;
|
size_t i = 0;
|
||||||
ge25519 P;
|
ge25519 P = {0};
|
||||||
ge25519_pniels sump;
|
ge25519_pniels sump = {0};
|
||||||
ge25519_p1p1 sump1;
|
ge25519_p1p1 sump1 = {0};
|
||||||
|
|
||||||
if (n == 1) {
|
if (n == 1) {
|
||||||
memcpy(res, pks, sizeof(ed25519_public_key));
|
memcpy(res, pks, sizeof(ed25519_public_key));
|
||||||
@ -258,7 +258,7 @@ ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key
|
|||||||
|
|
||||||
void
|
void
|
||||||
ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key R, CONST ed25519_cosi_signature *sigs, size_t n) {
|
ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key R, CONST ed25519_cosi_signature *sigs, size_t n) {
|
||||||
bignum256modm s, t;
|
bignum256modm s = {0}, t = {0};
|
||||||
size_t i = 0;
|
size_t i = 0;
|
||||||
|
|
||||||
expand256_modm(s, sigs[i++], 32);
|
expand256_modm(s, sigs[i++], 32);
|
||||||
@ -275,11 +275,11 @@ ed25519_cosi_combine_signatures(ed25519_signature res, const ed25519_public_key
|
|||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
|
curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
|
||||||
curve25519_key ec;
|
curve25519_key ec = {0};
|
||||||
bignum256modm s;
|
bignum256modm s = {0};
|
||||||
bignum25519 ALIGN(16) yplusz, zminusy;
|
bignum25519 ALIGN(16) yplusz, zminusy;
|
||||||
ge25519 ALIGN(16) p;
|
ge25519 ALIGN(16) p;
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
/* clamp */
|
/* clamp */
|
||||||
for (i = 0; i < 32; i++) ec[i] = e[i];
|
for (i = 0; i < 32; i++) ec[i] = e[i];
|
||||||
@ -302,8 +302,8 @@ curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
|
|||||||
|
|
||||||
void
|
void
|
||||||
curve25519_scalarmult(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) {
|
curve25519_scalarmult(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint) {
|
||||||
curve25519_key e;
|
curve25519_key e = {0};
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
|
|
||||||
for (i = 0;i < 32;++i) e[i] = secret[i];
|
for (i = 0;i < 32;++i) e[i] = secret[i];
|
||||||
e[0] &= 0xf8;
|
e[0] &= 0xf8;
|
||||||
|
@ -32,8 +32,8 @@ lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) {
|
|||||||
|
|
||||||
/* see HAC, Alg. 14.42 Step 4 */
|
/* see HAC, Alg. 14.42 Step 4 */
|
||||||
void reduce256_modm(bignum256modm r) {
|
void reduce256_modm(bignum256modm r) {
|
||||||
bignum256modm t;
|
bignum256modm t = {0};
|
||||||
bignum256modm_element_t b = 0, pb, mask;
|
bignum256modm_element_t b = 0, pb = 0, mask = 0;
|
||||||
|
|
||||||
/* t = r - m */
|
/* t = r - m */
|
||||||
pb = 0;
|
pb = 0;
|
||||||
@ -66,9 +66,9 @@ void reduce256_modm(bignum256modm r) {
|
|||||||
Instead of passing in x, pre-process in to q1 and r1 for efficiency
|
Instead of passing in x, pre-process in to q1 and r1 for efficiency
|
||||||
*/
|
*/
|
||||||
void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) {
|
void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) {
|
||||||
bignum256modm q3, r2;
|
bignum256modm q3 = {0}, r2 = {0};
|
||||||
uint64_t c;
|
uint64_t c = 0;
|
||||||
bignum256modm_element_t f, b, pb;
|
bignum256modm_element_t f = 0, b = 0, pb = 0;
|
||||||
|
|
||||||
/* q1 = x >> 248 = 264 bits = 9 30 bit elements
|
/* q1 = x >> 248 = 264 bits = 9 30 bit elements
|
||||||
q2 = mu * q1
|
q2 = mu * q1
|
||||||
@ -134,7 +134,7 @@ void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignu
|
|||||||
|
|
||||||
/* addition modulo m */
|
/* addition modulo m */
|
||||||
void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
|
void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
|
||||||
bignum256modm_element_t c;
|
bignum256modm_element_t c = 0;
|
||||||
|
|
||||||
c = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30;
|
c = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30;
|
||||||
c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30;
|
c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30;
|
||||||
@ -151,7 +151,7 @@ void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
|
|||||||
|
|
||||||
/* -x modulo m */
|
/* -x modulo m */
|
||||||
void neg256_modm(bignum256modm r, const bignum256modm x) {
|
void neg256_modm(bignum256modm r, const bignum256modm x) {
|
||||||
bignum256modm_element_t b = 0, pb;
|
bignum256modm_element_t b = 0, pb = 0;
|
||||||
|
|
||||||
/* r = m - x */
|
/* r = m - x */
|
||||||
pb = 0;
|
pb = 0;
|
||||||
@ -191,9 +191,9 @@ void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
|
|||||||
|
|
||||||
/* multiplication modulo m */
|
/* multiplication modulo m */
|
||||||
void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
|
void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
|
||||||
bignum256modm r1, q1;
|
bignum256modm r1 = {0}, q1 = {0};
|
||||||
uint64_t c;
|
uint64_t c = 0;
|
||||||
bignum256modm_element_t f;
|
bignum256modm_element_t f = 0;
|
||||||
|
|
||||||
/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1)
|
/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1)
|
||||||
q1 = x >> 248 = 264 bits = 9 30 bit elements */
|
q1 = x >> 248 = 264 bits = 9 30 bit elements */
|
||||||
@ -237,8 +237,8 @@ void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
|
|||||||
|
|
||||||
void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
|
void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
|
||||||
unsigned char work[64] = {0};
|
unsigned char work[64] = {0};
|
||||||
bignum256modm_element_t x[16];
|
bignum256modm_element_t x[16] = {0};
|
||||||
bignum256modm q1;
|
bignum256modm q1 = {0};
|
||||||
|
|
||||||
memcpy(work, in, len);
|
memcpy(work, in, len);
|
||||||
x[0] = U8TO32_LE(work + 0);
|
x[0] = U8TO32_LE(work + 0);
|
||||||
@ -288,7 +288,7 @@ void expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
|
void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
|
||||||
bignum256modm_element_t x[8];
|
bignum256modm_element_t x[8] = {0};
|
||||||
|
|
||||||
x[0] = U8TO32_LE(in + 0);
|
x[0] = U8TO32_LE(in + 0);
|
||||||
x[1] = U8TO32_LE(in + 4);
|
x[1] = U8TO32_LE(in + 4);
|
||||||
@ -312,7 +312,7 @@ void expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
|
|||||||
|
|
||||||
int is_reduced256_modm(const bignum256modm in)
|
int is_reduced256_modm(const bignum256modm in)
|
||||||
{
|
{
|
||||||
int i;
|
int i = 0;
|
||||||
uint32_t res1 = 0;
|
uint32_t res1 = 0;
|
||||||
uint32_t res2 = 0;
|
uint32_t res2 = 0;
|
||||||
for (i = 8; i >= 0; i--) {
|
for (i = 8; i >= 0; i--) {
|
||||||
@ -334,9 +334,9 @@ void contract256_modm(unsigned char out[32], const bignum256modm in) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void contract256_window4_modm(signed char r[64], const bignum256modm in) {
|
void contract256_window4_modm(signed char r[64], const bignum256modm in) {
|
||||||
char carry;
|
char carry = 0;
|
||||||
signed char *quads = r;
|
signed char *quads = r;
|
||||||
bignum256modm_element_t i, j, v;
|
bignum256modm_element_t i = 0, j = 0, v = 0;
|
||||||
|
|
||||||
for (i = 0; i < 8; i += 2) {
|
for (i = 0; i < 8; i += 2) {
|
||||||
v = in[i];
|
v = in[i];
|
||||||
@ -369,10 +369,10 @@ void contract256_window4_modm(signed char r[64], const bignum256modm in) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
|
void contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
|
||||||
int i,j,k,b;
|
int i = 0, j = 0, k = 0, b = 0;
|
||||||
int m = (1 << (windowsize - 1)) - 1, soplen = 256;
|
int m = (1 << (windowsize - 1)) - 1, soplen = 256;
|
||||||
signed char *bits = r;
|
signed char *bits = r;
|
||||||
bignum256modm_element_t v;
|
bignum256modm_element_t v = 0;
|
||||||
|
|
||||||
/* first put the binary expansion into r */
|
/* first put the binary expansion into r */
|
||||||
for (i = 0; i < 8; i++) {
|
for (i = 0; i < 8; i++) {
|
||||||
|
@ -350,7 +350,7 @@ static const sph_u32 T1dn[] = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
#define DECL_STATE_SMALL \
|
#define DECL_STATE_SMALL \
|
||||||
sph_u32 H[16];
|
sph_u32 H[16] = {0};
|
||||||
|
|
||||||
#define READ_STATE_SMALL(sc) do { \
|
#define READ_STATE_SMALL(sc) do { \
|
||||||
memcpy(H, (sc)->state.narrow, sizeof H); \
|
memcpy(H, (sc)->state.narrow, sizeof H); \
|
||||||
@ -476,7 +476,7 @@ static const sph_u32 T1dn[] = {
|
|||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
#define DECL_STATE_BIG \
|
#define DECL_STATE_BIG \
|
||||||
sph_u32 H[32];
|
sph_u32 H[32] = {0};
|
||||||
|
|
||||||
#define READ_STATE_BIG(sc) do { \
|
#define READ_STATE_BIG(sc) do { \
|
||||||
memcpy(H, (sc)->state.narrow, sizeof H); \
|
memcpy(H, (sc)->state.narrow, sizeof H); \
|
||||||
@ -675,7 +675,7 @@ static const sph_u32 T1dn[] = {
|
|||||||
static void
|
static void
|
||||||
groestl_big_init(sph_groestl_big_context *sc, unsigned out_size)
|
groestl_big_init(sph_groestl_big_context *sc, unsigned out_size)
|
||||||
{
|
{
|
||||||
size_t u;
|
size_t u = 0;
|
||||||
|
|
||||||
sc->ptr = 0;
|
sc->ptr = 0;
|
||||||
for (u = 0; u < 31; u ++)
|
for (u = 0; u < 31; u ++)
|
||||||
@ -688,8 +688,8 @@ groestl_big_init(sph_groestl_big_context *sc, unsigned out_size)
|
|||||||
static void
|
static void
|
||||||
groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len)
|
groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len)
|
||||||
{
|
{
|
||||||
unsigned char *buf;
|
unsigned char *buf = NULL;
|
||||||
size_t ptr;
|
size_t ptr = 0;
|
||||||
DECL_STATE_BIG
|
DECL_STATE_BIG
|
||||||
|
|
||||||
buf = sc->buf;
|
buf = sc->buf;
|
||||||
@ -703,7 +703,7 @@ groestl_big_core(sph_groestl_big_context *sc, const void *data, size_t len)
|
|||||||
|
|
||||||
READ_STATE_BIG(sc);
|
READ_STATE_BIG(sc);
|
||||||
while (len > 0) {
|
while (len > 0) {
|
||||||
size_t clen;
|
size_t clen = 0;
|
||||||
|
|
||||||
clen = (sizeof sc->buf) - ptr;
|
clen = (sizeof sc->buf) - ptr;
|
||||||
if (clen > len)
|
if (clen > len)
|
||||||
@ -726,10 +726,10 @@ static void
|
|||||||
groestl_big_close(sph_groestl_big_context *sc,
|
groestl_big_close(sph_groestl_big_context *sc,
|
||||||
unsigned ub, unsigned n, void *dst, size_t out_len)
|
unsigned ub, unsigned n, void *dst, size_t out_len)
|
||||||
{
|
{
|
||||||
unsigned char pad[136];
|
unsigned char pad[136] = {0};
|
||||||
size_t ptr, pad_len, u2;
|
size_t ptr = 0, pad_len = 0, u2 = 0;
|
||||||
sph_u64 count;
|
sph_u64 count = 0;
|
||||||
unsigned z;
|
unsigned z = 0;
|
||||||
DECL_STATE_BIG
|
DECL_STATE_BIG
|
||||||
|
|
||||||
ptr = sc->ptr;
|
ptr = sc->ptr;
|
||||||
@ -774,7 +774,7 @@ groestl512_Final(void *cc, void *dst)
|
|||||||
void
|
void
|
||||||
groestl512_DoubleTrunc(void *cc, void *dst)
|
groestl512_DoubleTrunc(void *cc, void *dst)
|
||||||
{
|
{
|
||||||
char buf[64];
|
char buf[64] = {0};
|
||||||
|
|
||||||
groestl512_Final(cc, buf);
|
groestl512_Final(cc, buf);
|
||||||
groestl512_Update(cc, buf, sizeof(buf));
|
groestl512_Update(cc, buf, sizeof(buf));
|
||||||
|
@ -139,7 +139,7 @@ void hasher_Final(Hasher *hasher, uint8_t hash[HASHER_DIGEST_LENGTH]) {
|
|||||||
|
|
||||||
void hasher_Raw(HasherType type, const uint8_t *data, size_t length,
|
void hasher_Raw(HasherType type, const uint8_t *data, size_t length,
|
||||||
uint8_t hash[HASHER_DIGEST_LENGTH]) {
|
uint8_t hash[HASHER_DIGEST_LENGTH]) {
|
||||||
Hasher hasher;
|
Hasher hasher = {0};
|
||||||
|
|
||||||
hasher_Init(&hasher, type);
|
hasher_Init(&hasher, type);
|
||||||
hasher_Update(&hasher, data, length);
|
hasher_Update(&hasher, data, length);
|
||||||
|
@ -83,7 +83,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen,
|
|||||||
|
|
||||||
/* compute o_key_pad and its digest */
|
/* compute o_key_pad and its digest */
|
||||||
for (int i = 0; i < SHA256_BLOCK_LENGTH / (int)sizeof(uint32_t); i++) {
|
for (int i = 0; i < SHA256_BLOCK_LENGTH / (int)sizeof(uint32_t); i++) {
|
||||||
uint32_t data;
|
uint32_t data = 0;
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
REVERSE32(key_pad[i], data);
|
REVERSE32(key_pad[i], data);
|
||||||
#else
|
#else
|
||||||
@ -135,7 +135,7 @@ void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac) {
|
|||||||
|
|
||||||
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
||||||
const uint32_t msglen, uint8_t *hmac) {
|
const uint32_t msglen, uint8_t *hmac) {
|
||||||
HMAC_SHA512_CTX hctx;
|
HMAC_SHA512_CTX hctx = {0};
|
||||||
hmac_sha512_Init(&hctx, key, keylen);
|
hmac_sha512_Init(&hctx, key, keylen);
|
||||||
hmac_sha512_Update(&hctx, msg, msglen);
|
hmac_sha512_Update(&hctx, msg, msglen);
|
||||||
hmac_sha512_Final(&hctx, hmac);
|
hmac_sha512_Final(&hctx, hmac);
|
||||||
@ -157,7 +157,7 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen,
|
|||||||
|
|
||||||
/* compute o_key_pad and its digest */
|
/* compute o_key_pad and its digest */
|
||||||
for (int i = 0; i < SHA512_BLOCK_LENGTH / (int)sizeof(uint64_t); i++) {
|
for (int i = 0; i < SHA512_BLOCK_LENGTH / (int)sizeof(uint64_t); i++) {
|
||||||
uint64_t data;
|
uint64_t data = 0;
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
REVERSE64(key_pad[i], data);
|
REVERSE64(key_pad[i], data);
|
||||||
#else
|
#else
|
||||||
|
@ -38,7 +38,7 @@ static void update_k(HMAC_DRBG_CTX *ctx, uint8_t domain, const uint8_t *data1,
|
|||||||
ctx->v[8] = 0x80000000;
|
ctx->v[8] = 0x80000000;
|
||||||
ctx->v[15] = (SHA256_BLOCK_LENGTH + SHA256_DIGEST_LENGTH) * 8;
|
ctx->v[15] = (SHA256_BLOCK_LENGTH + SHA256_DIGEST_LENGTH) * 8;
|
||||||
} else {
|
} else {
|
||||||
SHA256_CTX sha_ctx;
|
SHA256_CTX sha_ctx = {0};
|
||||||
memcpy(sha_ctx.state, ctx->idig, SHA256_DIGEST_LENGTH);
|
memcpy(sha_ctx.state, ctx->idig, SHA256_DIGEST_LENGTH);
|
||||||
for (size_t i = 0; i < SHA256_DIGEST_LENGTH / sizeof(uint32_t); i++) {
|
for (size_t i = 0; i < SHA256_DIGEST_LENGTH / sizeof(uint32_t); i++) {
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
@ -86,7 +86,7 @@ static void update_v(HMAC_DRBG_CTX *ctx) {
|
|||||||
void hmac_drbg_init(HMAC_DRBG_CTX *ctx, const uint8_t *entropy,
|
void hmac_drbg_init(HMAC_DRBG_CTX *ctx, const uint8_t *entropy,
|
||||||
size_t entropy_len, const uint8_t *nonce,
|
size_t entropy_len, const uint8_t *nonce,
|
||||||
size_t nonce_len) {
|
size_t nonce_len) {
|
||||||
uint32_t h[SHA256_BLOCK_LENGTH / sizeof(uint32_t)];
|
uint32_t h[SHA256_BLOCK_LENGTH / sizeof(uint32_t)] = {0};
|
||||||
|
|
||||||
// Precompute the inner digest and outer digest of K = 0x00 ... 0x00.
|
// Precompute the inner digest and outer digest of K = 0x00 ... 0x00.
|
||||||
memset(h, 0x36, sizeof(h));
|
memset(h, 0x36, sizeof(h));
|
||||||
|
@ -106,7 +106,7 @@ bool decode_block(const char* block, size_t size, char* res)
|
|||||||
if (digit < 0)
|
if (digit < 0)
|
||||||
return false; // Invalid symbol
|
return false; // Invalid symbol
|
||||||
|
|
||||||
uint64_t product_hi;
|
uint64_t product_hi = 0;
|
||||||
uint64_t tmp = res_num + mul128(order, (uint64_t) digit, &product_hi);
|
uint64_t tmp = res_num + mul128(order, (uint64_t) digit, &product_hi);
|
||||||
if (tmp < res_num || 0 != product_hi)
|
if (tmp < res_num || 0 != product_hi)
|
||||||
return false; // Overflow
|
return false; // Overflow
|
||||||
@ -199,7 +199,7 @@ int xmr_base58_addr_encode_check(uint64_t tag, const uint8_t *data, size_t binsz
|
|||||||
}
|
}
|
||||||
|
|
||||||
size_t b58size = b58sz;
|
size_t b58size = b58sz;
|
||||||
uint8_t buf[binsz + 1 + HASHER_DIGEST_LENGTH];
|
uint8_t buf[(binsz + 1) + HASHER_DIGEST_LENGTH];
|
||||||
uint8_t *hash = buf + binsz + 1;
|
uint8_t *hash = buf + binsz + 1;
|
||||||
buf[0] = (uint8_t) tag;
|
buf[0] = (uint8_t) tag;
|
||||||
memcpy(buf + 1, data, binsz);
|
memcpy(buf + 1, data, binsz);
|
||||||
@ -213,7 +213,7 @@ int xmr_base58_addr_decode_check(const char *addr, size_t sz, uint64_t *tag, voi
|
|||||||
{
|
{
|
||||||
size_t buflen = 1 + 64 + addr_checksum_size;
|
size_t buflen = 1 + 64 + addr_checksum_size;
|
||||||
uint8_t buf[buflen];
|
uint8_t buf[buflen];
|
||||||
uint8_t hash[HASHER_DIGEST_LENGTH];
|
uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
|
||||||
|
|
||||||
if (!xmr_base58_decode(addr, sz, buf, &buflen)){
|
if (!xmr_base58_decode(addr, sz, buf, &buflen)){
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -5,15 +5,15 @@
|
|||||||
#include "range_proof.h"
|
#include "range_proof.h"
|
||||||
|
|
||||||
static void xmr_hash_ge25519_to_scalar(bignum256modm r, const ge25519 *p) {
|
static void xmr_hash_ge25519_to_scalar(bignum256modm r, const ge25519 *p) {
|
||||||
unsigned char buff[32];
|
unsigned char buff[32] = {0};
|
||||||
ge25519_pack(buff, p);
|
ge25519_pack(buff, p);
|
||||||
xmr_hash_to_scalar(r, buff, sizeof(buff));
|
xmr_hash_to_scalar(r, buff, sizeof(buff));
|
||||||
}
|
}
|
||||||
|
|
||||||
void xmr_gen_range_sig(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask,
|
void xmr_gen_range_sig(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask,
|
||||||
xmr_amount amount, bignum256modm *last_mask) {
|
xmr_amount amount, bignum256modm *last_mask) {
|
||||||
bignum256modm ai[64];
|
bignum256modm ai[64] = {0};
|
||||||
bignum256modm alpha[64];
|
bignum256modm alpha[64] = {0};
|
||||||
xmr_gen_range_sig_ex(sig, C, mask, amount, last_mask, ai, alpha);
|
xmr_gen_range_sig_ex(sig, C, mask, amount, last_mask, ai, alpha);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -25,16 +25,16 @@ void xmr_gen_range_sig_ex(xmr_range_sig_t *sig, ge25519 *C, bignum256modm mask,
|
|||||||
bignum256modm si = {0};
|
bignum256modm si = {0};
|
||||||
bignum256modm c = {0};
|
bignum256modm c = {0};
|
||||||
bignum256modm ee = {0};
|
bignum256modm ee = {0};
|
||||||
unsigned char buff[32];
|
unsigned char buff[32] = {0};
|
||||||
|
|
||||||
Hasher kck;
|
Hasher kck = {0};
|
||||||
xmr_hasher_init(&kck);
|
xmr_hasher_init(&kck);
|
||||||
|
|
||||||
ge25519 C_acc;
|
ge25519 C_acc = {0};
|
||||||
ge25519 C_h;
|
ge25519 C_h = {0};
|
||||||
ge25519 C_tmp;
|
ge25519 C_tmp = {0};
|
||||||
ge25519 L;
|
ge25519 L = {0};
|
||||||
ge25519 Zero;
|
ge25519 Zero = {0};
|
||||||
|
|
||||||
ge25519_set_neutral(&Zero);
|
ge25519_set_neutral(&Zero);
|
||||||
ge25519_set_neutral(&C_acc);
|
ge25519_set_neutral(&C_acc);
|
||||||
|
@ -44,14 +44,14 @@ void xmr_hasher_copy(Hasher *dst, const Hasher *src) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void xmr_hash_to_scalar(bignum256modm r, const void *data, size_t length) {
|
void xmr_hash_to_scalar(bignum256modm r, const void *data, size_t length) {
|
||||||
uint8_t hash[HASHER_DIGEST_LENGTH];
|
uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
|
||||||
hasher_Raw(HASHER_SHA3K, data, length, hash);
|
hasher_Raw(HASHER_SHA3K, data, length, hash);
|
||||||
expand256_modm(r, hash, HASHER_DIGEST_LENGTH);
|
expand256_modm(r, hash, HASHER_DIGEST_LENGTH);
|
||||||
}
|
}
|
||||||
|
|
||||||
void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) {
|
void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) {
|
||||||
ge25519 point2;
|
ge25519 point2 = {0};
|
||||||
uint8_t hash[HASHER_DIGEST_LENGTH];
|
uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
|
||||||
hasher_Raw(HASHER_SHA3K, data, length, hash);
|
hasher_Raw(HASHER_SHA3K, data, length, hash);
|
||||||
|
|
||||||
ge25519_fromfe_frombytes_vartime(&point2, hash);
|
ge25519_fromfe_frombytes_vartime(&point2, hash);
|
||||||
@ -60,7 +60,7 @@ void xmr_hash_to_ec(ge25519 *P, const void *data, size_t length) {
|
|||||||
|
|
||||||
void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p,
|
void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p,
|
||||||
uint32_t output_index) {
|
uint32_t output_index) {
|
||||||
uint8_t buff[32 + 8];
|
uint8_t buff[32 + 8] = {0};
|
||||||
ge25519_pack(buff, p);
|
ge25519_pack(buff, p);
|
||||||
int written = xmr_write_varint(buff + 32, 8, output_index);
|
int written = xmr_write_varint(buff + 32, 8, output_index);
|
||||||
xmr_hash_to_scalar(s, buff, 32u + written);
|
xmr_hash_to_scalar(s, buff, 32u + written);
|
||||||
@ -68,7 +68,7 @@ void xmr_derivation_to_scalar(bignum256modm s, const ge25519 *p,
|
|||||||
|
|
||||||
void xmr_generate_key_derivation(ge25519 *r, const ge25519 *A,
|
void xmr_generate_key_derivation(ge25519 *r, const ge25519 *A,
|
||||||
const bignum256modm b) {
|
const bignum256modm b) {
|
||||||
ge25519 bA;
|
ge25519 bA = {0};
|
||||||
ge25519_scalarmult(&bA, A, b);
|
ge25519_scalarmult(&bA, A, b);
|
||||||
ge25519_mul8(r, &bA);
|
ge25519_mul8(r, &bA);
|
||||||
}
|
}
|
||||||
@ -82,7 +82,7 @@ void xmr_derive_private_key(bignum256modm s, const ge25519 *deriv, uint32_t idx,
|
|||||||
void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx,
|
void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx,
|
||||||
const ge25519 *base) {
|
const ge25519 *base) {
|
||||||
bignum256modm s = {0};
|
bignum256modm s = {0};
|
||||||
ge25519 p2;
|
ge25519 p2 = {0};
|
||||||
|
|
||||||
xmr_derivation_to_scalar(s, deriv, idx);
|
xmr_derivation_to_scalar(s, deriv, idx);
|
||||||
ge25519_scalarmult_base_niels(&p2, ge25519_niels_base_multiples, s);
|
ge25519_scalarmult_base_niels(&p2, ge25519_niels_base_multiples, s);
|
||||||
@ -92,7 +92,7 @@ void xmr_derive_public_key(ge25519 *r, const ge25519 *deriv, uint32_t idx,
|
|||||||
void xmr_add_keys2(ge25519 *r, const bignum256modm a, const bignum256modm b,
|
void xmr_add_keys2(ge25519 *r, const bignum256modm a, const bignum256modm b,
|
||||||
const ge25519 *B) {
|
const ge25519 *B) {
|
||||||
// aG + bB, G is basepoint
|
// aG + bB, G is basepoint
|
||||||
ge25519 aG, bB;
|
ge25519 aG = {0}, bB = {0};
|
||||||
ge25519_scalarmult_base_niels(&aG, ge25519_niels_base_multiples, a);
|
ge25519_scalarmult_base_niels(&aG, ge25519_niels_base_multiples, a);
|
||||||
ge25519_scalarmult(&bB, B, b);
|
ge25519_scalarmult(&bB, B, b);
|
||||||
ge25519_add(r, &aG, &bB, 0);
|
ge25519_add(r, &aG, &bB, 0);
|
||||||
@ -107,7 +107,7 @@ void xmr_add_keys2_vartime(ge25519 *r, const bignum256modm a,
|
|||||||
void xmr_add_keys3(ge25519 *r, const bignum256modm a, const ge25519 *A,
|
void xmr_add_keys3(ge25519 *r, const bignum256modm a, const ge25519 *A,
|
||||||
const bignum256modm b, const ge25519 *B) {
|
const bignum256modm b, const ge25519 *B) {
|
||||||
// aA + bB
|
// aA + bB
|
||||||
ge25519 aA, bB;
|
ge25519 aA = {0}, bB = {0};
|
||||||
ge25519_scalarmult(&aA, A, a);
|
ge25519_scalarmult(&aA, A, a);
|
||||||
ge25519_scalarmult(&bB, B, b);
|
ge25519_scalarmult(&bB, B, b);
|
||||||
ge25519_add(r, &aA, &bB, 0);
|
ge25519_add(r, &aA, &bB, 0);
|
||||||
@ -122,10 +122,10 @@ void xmr_add_keys3_vartime(ge25519 *r, const bignum256modm a, const ge25519 *A,
|
|||||||
void xmr_get_subaddress_secret_key(bignum256modm r, uint32_t major,
|
void xmr_get_subaddress_secret_key(bignum256modm r, uint32_t major,
|
||||||
uint32_t minor, const bignum256modm m) {
|
uint32_t minor, const bignum256modm m) {
|
||||||
const char prefix[] = "SubAddr";
|
const char prefix[] = "SubAddr";
|
||||||
unsigned char buff[32];
|
unsigned char buff[32] = {0};
|
||||||
contract256_modm(buff, m);
|
contract256_modm(buff, m);
|
||||||
|
|
||||||
char data[sizeof(prefix) + sizeof(buff) + 2 * sizeof(uint32_t)];
|
char data[sizeof(prefix) + sizeof(buff) + 2 * sizeof(uint32_t)] = {0};
|
||||||
memcpy(data, prefix, sizeof(prefix));
|
memcpy(data, prefix, sizeof(prefix));
|
||||||
memcpy(data + sizeof(prefix), buff, sizeof(buff));
|
memcpy(data + sizeof(prefix), buff, sizeof(buff));
|
||||||
memcpy(data + sizeof(prefix) + sizeof(buff), &major, sizeof(uint32_t));
|
memcpy(data + sizeof(prefix) + sizeof(buff), &major, sizeof(uint32_t));
|
||||||
|
16
crypto/nem.c
16
crypto/nem.c
@ -116,7 +116,7 @@ static inline bool nem_write_mosaic_bool(nem_transaction_ctx *ctx,
|
|||||||
|
|
||||||
static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx,
|
static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx,
|
||||||
const char *name, uint64_t value) {
|
const char *name, uint64_t value) {
|
||||||
char buffer[21];
|
char buffer[21] = {0};
|
||||||
|
|
||||||
if (bn_format_uint64(value, NULL, NULL, 0, 0, false, buffer,
|
if (bn_format_uint64(value, NULL, NULL, 0, 0, false, buffer,
|
||||||
sizeof(buffer)) == 0) {
|
sizeof(buffer)) == 0) {
|
||||||
@ -128,7 +128,7 @@ static inline bool nem_write_mosaic_u64(nem_transaction_ctx *ctx,
|
|||||||
|
|
||||||
void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version,
|
void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version,
|
||||||
uint8_t *address) {
|
uint8_t *address) {
|
||||||
uint8_t hash[SHA3_256_DIGEST_LENGTH];
|
uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
|
||||||
|
|
||||||
/* 1. Perform 256-bit Sha3 on the public key */
|
/* 1. Perform 256-bit Sha3 on the public key */
|
||||||
keccak_256(public_key, sizeof(ed25519_public_key), hash);
|
keccak_256(public_key, sizeof(ed25519_public_key), hash);
|
||||||
@ -151,7 +151,7 @@ void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version,
|
|||||||
|
|
||||||
bool nem_get_address(const ed25519_public_key public_key, uint8_t version,
|
bool nem_get_address(const ed25519_public_key public_key, uint8_t version,
|
||||||
char *address) {
|
char *address) {
|
||||||
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW];
|
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW] = {0};
|
||||||
|
|
||||||
nem_get_address_raw(public_key, version, pubkeyhash);
|
nem_get_address_raw(public_key, version, pubkeyhash);
|
||||||
|
|
||||||
@ -167,7 +167,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t hash[SHA3_256_DIGEST_LENGTH];
|
uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
|
||||||
|
|
||||||
keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash);
|
keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash);
|
||||||
bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0);
|
bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0);
|
||||||
@ -177,7 +177,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool nem_validate_address(const char *address, uint8_t network) {
|
bool nem_validate_address(const char *address, uint8_t network) {
|
||||||
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW];
|
uint8_t pubkeyhash[NEM_ADDRESS_SIZE_RAW] = {0};
|
||||||
|
|
||||||
if (strlen(address) != NEM_ADDRESS_SIZE) {
|
if (strlen(address) != NEM_ADDRESS_SIZE) {
|
||||||
return false;
|
return false;
|
||||||
@ -314,10 +314,10 @@ bool nem_transaction_create_multisig_signature(
|
|||||||
timestamp, signer, fee, deadline);
|
timestamp, signer, fee, deadline);
|
||||||
if (!ret) return false;
|
if (!ret) return false;
|
||||||
|
|
||||||
char address[NEM_ADDRESS_SIZE + 1];
|
char address[NEM_ADDRESS_SIZE + 1] = {0};
|
||||||
nem_get_address(inner->public_key, network, address);
|
nem_get_address(inner->public_key, network, address);
|
||||||
|
|
||||||
uint8_t hash[SHA3_256_DIGEST_LENGTH];
|
uint8_t hash[SHA3_256_DIGEST_LENGTH] = {0};
|
||||||
keccak_256(inner->buffer, inner->offset, hash);
|
keccak_256(inner->buffer, inner->offset, hash);
|
||||||
|
|
||||||
SERIALIZE_U32(sizeof(uint32_t) + SHA3_256_DIGEST_LENGTH);
|
SERIALIZE_U32(sizeof(uint32_t) + SHA3_256_DIGEST_LENGTH);
|
||||||
@ -379,7 +379,7 @@ bool nem_transaction_create_mosaic_creation(
|
|||||||
sizeof(uint32_t) + namespace_length + sizeof(uint32_t) + mosaic_length;
|
sizeof(uint32_t) + namespace_length + sizeof(uint32_t) + mosaic_length;
|
||||||
|
|
||||||
// This length will be rewritten later on
|
// This length will be rewritten later on
|
||||||
nem_transaction_ctx state;
|
nem_transaction_ctx state = {0};
|
||||||
memcpy(&state, ctx, sizeof(state));
|
memcpy(&state, ctx, sizeof(state));
|
||||||
|
|
||||||
SERIALIZE_U32(0);
|
SERIALIZE_U32(0);
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass,
|
void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass,
|
||||||
int passlen, const uint8_t *salt, int saltlen,
|
int passlen, const uint8_t *salt, int saltlen,
|
||||||
uint32_t blocknr) {
|
uint32_t blocknr) {
|
||||||
SHA256_CTX ctx;
|
SHA256_CTX ctx = {0};
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
REVERSE32(blocknr, blocknr);
|
REVERSE32(blocknr, blocknr);
|
||||||
#endif
|
#endif
|
||||||
@ -88,10 +88,10 @@ void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt,
|
|||||||
last_block_size = SHA256_DIGEST_LENGTH;
|
last_block_size = SHA256_DIGEST_LENGTH;
|
||||||
}
|
}
|
||||||
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
|
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
|
||||||
PBKDF2_HMAC_SHA256_CTX pctx;
|
PBKDF2_HMAC_SHA256_CTX pctx = {0};
|
||||||
pbkdf2_hmac_sha256_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
|
pbkdf2_hmac_sha256_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
|
||||||
pbkdf2_hmac_sha256_Update(&pctx, iterations);
|
pbkdf2_hmac_sha256_Update(&pctx, iterations);
|
||||||
uint8_t digest[SHA256_DIGEST_LENGTH];
|
uint8_t digest[SHA256_DIGEST_LENGTH] = {0};
|
||||||
pbkdf2_hmac_sha256_Final(&pctx, digest);
|
pbkdf2_hmac_sha256_Final(&pctx, digest);
|
||||||
uint32_t key_offset = (blocknr - 1) * SHA256_DIGEST_LENGTH;
|
uint32_t key_offset = (blocknr - 1) * SHA256_DIGEST_LENGTH;
|
||||||
if (blocknr < blocks_count) {
|
if (blocknr < blocks_count) {
|
||||||
@ -105,7 +105,7 @@ void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt,
|
|||||||
void pbkdf2_hmac_sha512_Init(PBKDF2_HMAC_SHA512_CTX *pctx, const uint8_t *pass,
|
void pbkdf2_hmac_sha512_Init(PBKDF2_HMAC_SHA512_CTX *pctx, const uint8_t *pass,
|
||||||
int passlen, const uint8_t *salt, int saltlen,
|
int passlen, const uint8_t *salt, int saltlen,
|
||||||
uint32_t blocknr) {
|
uint32_t blocknr) {
|
||||||
SHA512_CTX ctx;
|
SHA512_CTX ctx = {0};
|
||||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
REVERSE32(blocknr, blocknr);
|
REVERSE32(blocknr, blocknr);
|
||||||
#endif
|
#endif
|
||||||
@ -164,10 +164,10 @@ void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const uint8_t *salt,
|
|||||||
last_block_size = SHA512_DIGEST_LENGTH;
|
last_block_size = SHA512_DIGEST_LENGTH;
|
||||||
}
|
}
|
||||||
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
|
for (uint32_t blocknr = 1; blocknr <= blocks_count; blocknr++) {
|
||||||
PBKDF2_HMAC_SHA512_CTX pctx;
|
PBKDF2_HMAC_SHA512_CTX pctx = {0};
|
||||||
pbkdf2_hmac_sha512_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
|
pbkdf2_hmac_sha512_Init(&pctx, pass, passlen, salt, saltlen, blocknr);
|
||||||
pbkdf2_hmac_sha512_Update(&pctx, iterations);
|
pbkdf2_hmac_sha512_Update(&pctx, iterations);
|
||||||
uint8_t digest[SHA512_DIGEST_LENGTH];
|
uint8_t digest[SHA512_DIGEST_LENGTH] = {0};
|
||||||
pbkdf2_hmac_sha512_Final(&pctx, digest);
|
pbkdf2_hmac_sha512_Final(&pctx, digest);
|
||||||
uint32_t key_offset = (blocknr - 1) * SHA512_DIGEST_LENGTH;
|
uint32_t key_offset = (blocknr - 1) * SHA512_DIGEST_LENGTH;
|
||||||
if (blocknr < blocks_count) {
|
if (blocknr < blocks_count) {
|
||||||
|
@ -65,7 +65,7 @@ void __attribute__((weak)) random_buffer(uint8_t *buf, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint32_t random_uniform(uint32_t n) {
|
uint32_t random_uniform(uint32_t n) {
|
||||||
uint32_t x, max = 0xFFFFFFFF - (0xFFFFFFFF % n);
|
uint32_t x = 0, max = 0xFFFFFFFF - (0xFFFFFFFF % n);
|
||||||
while ((x = random32()) >= max)
|
while ((x = random32()) >= max)
|
||||||
;
|
;
|
||||||
return x / (max / n);
|
return x / (max / n);
|
||||||
|
@ -39,7 +39,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
|
|||||||
// generate K in a deterministic way, according to RFC6979
|
// generate K in a deterministic way, according to RFC6979
|
||||||
// http://tools.ietf.org/html/rfc6979
|
// http://tools.ietf.org/html/rfc6979
|
||||||
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
|
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
|
||||||
uint8_t buf[32];
|
uint8_t buf[32] = {0};
|
||||||
generate_rfc6979(buf, state);
|
generate_rfc6979(buf, state);
|
||||||
bn_read_be(buf, k);
|
bn_read_be(buf, k);
|
||||||
memzero(buf, sizeof(buf));
|
memzero(buf, sizeof(buf));
|
||||||
|
@ -74,7 +74,7 @@ void ripemd160_Init(RIPEMD160_CTX *ctx)
|
|||||||
*/
|
*/
|
||||||
void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_LENGTH] )
|
void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_LENGTH] )
|
||||||
{
|
{
|
||||||
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
|
uint32_t A = 0, B = 0, C = 0, D = 0, E = 0, Ap = 0, Bp = 0, Cp = 0, Dp = 0, Ep = 0, X[16] = {0};
|
||||||
|
|
||||||
GET_UINT32_LE( X[ 0], data, 0 );
|
GET_UINT32_LE( X[ 0], data, 0 );
|
||||||
GET_UINT32_LE( X[ 1], data, 4 );
|
GET_UINT32_LE( X[ 1], data, 4 );
|
||||||
@ -255,8 +255,8 @@ void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_L
|
|||||||
*/
|
*/
|
||||||
void ripemd160_Update( RIPEMD160_CTX *ctx, const uint8_t *input, uint32_t ilen )
|
void ripemd160_Update( RIPEMD160_CTX *ctx, const uint8_t *input, uint32_t ilen )
|
||||||
{
|
{
|
||||||
uint32_t fill;
|
uint32_t fill = 0;
|
||||||
uint32_t left;
|
uint32_t left = 0;
|
||||||
|
|
||||||
if( ilen == 0 )
|
if( ilen == 0 )
|
||||||
return;
|
return;
|
||||||
@ -305,9 +305,9 @@ static const uint8_t ripemd160_padding[RIPEMD160_BLOCK_LENGTH] =
|
|||||||
*/
|
*/
|
||||||
void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH] )
|
void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH] )
|
||||||
{
|
{
|
||||||
uint32_t last, padn;
|
uint32_t last = 0; uint32_t padn = 0;
|
||||||
uint32_t high, low;
|
uint32_t high = 0; uint32_t low = 0;
|
||||||
uint8_t msglen[8];
|
uint8_t msglen[8] = {0};
|
||||||
|
|
||||||
high = ( ctx->total[0] >> 29 )
|
high = ( ctx->total[0] >> 29 )
|
||||||
| ( ctx->total[1] << 3 );
|
| ( ctx->total[1] << 3 );
|
||||||
@ -336,7 +336,7 @@ void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH
|
|||||||
*/
|
*/
|
||||||
void ripemd160(const uint8_t *msg, uint32_t msg_len, uint8_t hash[RIPEMD160_DIGEST_LENGTH])
|
void ripemd160(const uint8_t *msg, uint32_t msg_len, uint8_t hash[RIPEMD160_DIGEST_LENGTH])
|
||||||
{
|
{
|
||||||
RIPEMD160_CTX ctx;
|
RIPEMD160_CTX ctx = {0};
|
||||||
ripemd160_Init( &ctx );
|
ripemd160_Init( &ctx );
|
||||||
ripemd160_Update( &ctx, msg, msg_len );
|
ripemd160_Update( &ctx, msg, msg_len );
|
||||||
ripemd160_Final( &ctx, hash );
|
ripemd160_Final( &ctx, hash );
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
|
|
||||||
int script_output_to_address(const uint8_t *script, int scriptlen, char *addr,
|
int script_output_to_address(const uint8_t *script, int scriptlen, char *addr,
|
||||||
int addrsize) {
|
int addrsize) {
|
||||||
uint8_t raw[35];
|
uint8_t raw[35] = {0};
|
||||||
|
|
||||||
// P2PKH
|
// P2PKH
|
||||||
if (scriptlen == 25 && script[0] == 0x76 && script[1] == 0xA9 &&
|
if (scriptlen == 25 && script[0] == 0x76 && script[1] == 0xA9 &&
|
||||||
|
@ -85,9 +85,9 @@ int bech32_encode(char *output, const char *hrp, const uint8_t *data, size_t dat
|
|||||||
|
|
||||||
int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input) {
|
int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input) {
|
||||||
uint32_t chk = 1;
|
uint32_t chk = 1;
|
||||||
size_t i;
|
size_t i = 0;
|
||||||
size_t input_len = strlen(input);
|
size_t input_len = strlen(input);
|
||||||
size_t hrp_len;
|
size_t hrp_len = 0;
|
||||||
int have_lower = 0, have_upper = 0;
|
int have_lower = 0, have_upper = 0;
|
||||||
if (input_len < 8 || input_len > 90) {
|
if (input_len < 8 || input_len > 90) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -163,7 +163,7 @@ static int convert_bits(uint8_t* out, size_t* outlen, int outbits, const uint8_t
|
|||||||
}
|
}
|
||||||
|
|
||||||
int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len) {
|
int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len) {
|
||||||
uint8_t data[65];
|
uint8_t data[65] = {0};
|
||||||
size_t datalen = 0;
|
size_t datalen = 0;
|
||||||
if (witver > 16) return 0;
|
if (witver > 16) return 0;
|
||||||
if (witver == 0 && witprog_len != 20 && witprog_len != 32) return 0;
|
if (witver == 0 && witprog_len != 20 && witprog_len != 32) return 0;
|
||||||
@ -175,9 +175,9 @@ int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t
|
|||||||
}
|
}
|
||||||
|
|
||||||
int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr) {
|
int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr) {
|
||||||
uint8_t data[84];
|
uint8_t data[84] = {0};
|
||||||
char hrp_actual[84];
|
char hrp_actual[84] = {0};
|
||||||
size_t data_len;
|
size_t data_len = 0;
|
||||||
if (!bech32_decode(hrp_actual, data, &data_len, addr)) return 0;
|
if (!bech32_decode(hrp_actual, data, &data_len, addr)) return 0;
|
||||||
if (data_len == 0 || data_len > 65) return 0;
|
if (data_len == 0 || data_len > 65) return 0;
|
||||||
if (strncmp(hrp, hrp_actual, 84) != 0) return 0;
|
if (strncmp(hrp, hrp_actual, 84) != 0) return 0;
|
||||||
|
@ -321,10 +321,10 @@ void sha1_Init(SHA1_CTX* context) {
|
|||||||
j++;
|
j++;
|
||||||
|
|
||||||
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
||||||
sha2_word32 a, b, c, d, e;
|
sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0;
|
||||||
sha2_word32 T1;
|
sha2_word32 T1 = 0;
|
||||||
sha2_word32 W1[16];
|
sha2_word32 W1[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -439,10 +439,10 @@ void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_w
|
|||||||
#else /* SHA2_UNROLL_TRANSFORM */
|
#else /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
||||||
sha2_word32 a, b, c, d, e;
|
sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0;
|
||||||
sha2_word32 T1;
|
sha2_word32 T1 = 0;
|
||||||
sha2_word32 W1[16];
|
sha2_word32 W1[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -520,7 +520,7 @@ void sha1_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_w
|
|||||||
#endif /* SHA2_UNROLL_TRANSFORM */
|
#endif /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) {
|
void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) {
|
||||||
unsigned int freespace, usedspace;
|
unsigned int freespace = 0, usedspace = 0;
|
||||||
|
|
||||||
if (len == 0) {
|
if (len == 0) {
|
||||||
/* Calling with no data is valid - we do nothing */
|
/* Calling with no data is valid - we do nothing */
|
||||||
@ -578,7 +578,7 @@ void sha1_Update(SHA1_CTX* context, const sha2_byte *data, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
||||||
unsigned int usedspace;
|
unsigned int usedspace = 0;
|
||||||
|
|
||||||
/* If no digest buffer is passed, we don't bother doing this: */
|
/* If no digest buffer is passed, we don't bother doing this: */
|
||||||
if (digest != (sha2_byte*)0) {
|
if (digest != (sha2_byte*)0) {
|
||||||
@ -632,8 +632,8 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *sha1_End(SHA1_CTX* context, char buffer[]) {
|
char *sha1_End(SHA1_CTX* context, char buffer[]) {
|
||||||
sha2_byte digest[SHA1_DIGEST_LENGTH], *d = digest;
|
sha2_byte digest[SHA1_DIGEST_LENGTH] = {0}, *d = digest;
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
if (buffer != (char*)0) {
|
if (buffer != (char*)0) {
|
||||||
sha1_Final(context, digest);
|
sha1_Final(context, digest);
|
||||||
@ -652,14 +652,14 @@ char *sha1_End(SHA1_CTX* context, char buffer[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha1_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) {
|
void sha1_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA1_DIGEST_LENGTH]) {
|
||||||
SHA1_CTX context;
|
SHA1_CTX context = {0};
|
||||||
sha1_Init(&context);
|
sha1_Init(&context);
|
||||||
sha1_Update(&context, data, len);
|
sha1_Update(&context, data, len);
|
||||||
sha1_Final(&context, digest);
|
sha1_Final(&context, digest);
|
||||||
}
|
}
|
||||||
|
|
||||||
char* sha1_Data(const sha2_byte* data, size_t len, char digest[SHA1_DIGEST_STRING_LENGTH]) {
|
char* sha1_Data(const sha2_byte* data, size_t len, char digest[SHA1_DIGEST_STRING_LENGTH]) {
|
||||||
SHA1_CTX context;
|
SHA1_CTX context = {0};
|
||||||
|
|
||||||
sha1_Init(&context);
|
sha1_Init(&context);
|
||||||
sha1_Update(&context, data, len);
|
sha1_Update(&context, data, len);
|
||||||
@ -699,10 +699,10 @@ void sha256_Init(SHA256_CTX* context) {
|
|||||||
j++
|
j++
|
||||||
|
|
||||||
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
||||||
sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
|
||||||
sha2_word32 T1;
|
sha2_word32 T1 = 0;
|
||||||
sha2_word32 W256[16];
|
sha2_word32 W256[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -756,9 +756,9 @@ void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2
|
|||||||
#else /* SHA2_UNROLL_TRANSFORM */
|
#else /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2_word32* state_out) {
|
||||||
sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
sha2_word32 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
|
||||||
sha2_word32 T1, T2, W256[16];
|
sha2_word32 T1 = 0, T2 = 0 , W256[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -827,7 +827,7 @@ void sha256_Transform(const sha2_word32* state_in, const sha2_word32* data, sha2
|
|||||||
#endif /* SHA2_UNROLL_TRANSFORM */
|
#endif /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
||||||
unsigned int freespace, usedspace;
|
unsigned int freespace = 0, usedspace = 0;
|
||||||
|
|
||||||
if (len == 0) {
|
if (len == 0) {
|
||||||
/* Calling with no data is valid - we do nothing */
|
/* Calling with no data is valid - we do nothing */
|
||||||
@ -885,7 +885,7 @@ void sha256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
||||||
unsigned int usedspace;
|
unsigned int usedspace = 0;
|
||||||
|
|
||||||
/* If no digest buffer is passed, we don't bother doing this: */
|
/* If no digest buffer is passed, we don't bother doing this: */
|
||||||
if (digest != (sha2_byte*)0) {
|
if (digest != (sha2_byte*)0) {
|
||||||
@ -939,8 +939,8 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *sha256_End(SHA256_CTX* context, char buffer[]) {
|
char *sha256_End(SHA256_CTX* context, char buffer[]) {
|
||||||
sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
|
sha2_byte digest[SHA256_DIGEST_LENGTH] = {0}, *d = digest;
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
if (buffer != (char*)0) {
|
if (buffer != (char*)0) {
|
||||||
sha256_Final(context, digest);
|
sha256_Final(context, digest);
|
||||||
@ -959,14 +959,14 @@ char *sha256_End(SHA256_CTX* context, char buffer[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha256_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) {
|
void sha256_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH]) {
|
||||||
SHA256_CTX context;
|
SHA256_CTX context = {0};
|
||||||
sha256_Init(&context);
|
sha256_Init(&context);
|
||||||
sha256_Update(&context, data, len);
|
sha256_Update(&context, data, len);
|
||||||
sha256_Final(&context, digest);
|
sha256_Final(&context, digest);
|
||||||
}
|
}
|
||||||
|
|
||||||
char* sha256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
|
char* sha256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
|
||||||
SHA256_CTX context;
|
SHA256_CTX context = {0};
|
||||||
|
|
||||||
sha256_Init(&context);
|
sha256_Init(&context);
|
||||||
sha256_Update(&context, data, len);
|
sha256_Update(&context, data, len);
|
||||||
@ -1006,9 +1006,9 @@ void sha512_Init(SHA512_CTX* context) {
|
|||||||
j++
|
j++
|
||||||
|
|
||||||
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
|
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
|
||||||
sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
|
sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
|
||||||
sha2_word64 T1, W512[16];
|
sha2_word64 T1 = 0, W512[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -1061,9 +1061,9 @@ void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2
|
|||||||
#else /* SHA2_UNROLL_TRANSFORM */
|
#else /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
|
void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2_word64* state_out) {
|
||||||
sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
|
sha2_word64 a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, s0 = 0, s1 = 0;
|
||||||
sha2_word64 T1, T2, W512[16];
|
sha2_word64 T1 = 0, T2 = 0, W512[16] = {0};
|
||||||
int j;
|
int j = 0;
|
||||||
|
|
||||||
/* Initialize registers with the prev. intermediate value */
|
/* Initialize registers with the prev. intermediate value */
|
||||||
a = state_in[0];
|
a = state_in[0];
|
||||||
@ -1132,7 +1132,7 @@ void sha512_Transform(const sha2_word64* state_in, const sha2_word64* data, sha2
|
|||||||
#endif /* SHA2_UNROLL_TRANSFORM */
|
#endif /* SHA2_UNROLL_TRANSFORM */
|
||||||
|
|
||||||
void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
|
void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
|
||||||
unsigned int freespace, usedspace;
|
unsigned int freespace = 0, usedspace = 0;
|
||||||
|
|
||||||
if (len == 0) {
|
if (len == 0) {
|
||||||
/* Calling with no data is valid - we do nothing */
|
/* Calling with no data is valid - we do nothing */
|
||||||
@ -1190,7 +1190,7 @@ void sha512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void sha512_Last(SHA512_CTX* context) {
|
static void sha512_Last(SHA512_CTX* context) {
|
||||||
unsigned int usedspace;
|
unsigned int usedspace = 0;
|
||||||
|
|
||||||
usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
|
usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
|
||||||
/* Begin padding with a 1 bit: */
|
/* Begin padding with a 1 bit: */
|
||||||
@ -1248,8 +1248,8 @@ void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *sha512_End(SHA512_CTX* context, char buffer[]) {
|
char *sha512_End(SHA512_CTX* context, char buffer[]) {
|
||||||
sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
|
sha2_byte digest[SHA512_DIGEST_LENGTH] = {0}, *d = digest;
|
||||||
int i;
|
int i = 0;
|
||||||
|
|
||||||
if (buffer != (char*)0) {
|
if (buffer != (char*)0) {
|
||||||
sha512_Final(context, digest);
|
sha512_Final(context, digest);
|
||||||
@ -1268,14 +1268,14 @@ char *sha512_End(SHA512_CTX* context, char buffer[]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void sha512_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) {
|
void sha512_Raw(const sha2_byte* data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH]) {
|
||||||
SHA512_CTX context;
|
SHA512_CTX context = {0};
|
||||||
sha512_Init(&context);
|
sha512_Init(&context);
|
||||||
sha512_Update(&context, data, len);
|
sha512_Update(&context, data, len);
|
||||||
sha512_Final(&context, digest);
|
sha512_Final(&context, digest);
|
||||||
}
|
}
|
||||||
|
|
||||||
char* sha512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
|
char* sha512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
|
||||||
SHA512_CTX context;
|
SHA512_CTX context = {0};
|
||||||
|
|
||||||
sha512_Init(&context);
|
sha512_Init(&context);
|
||||||
sha512_Update(&context, data, len);
|
sha512_Update(&context, data, len);
|
||||||
|
@ -96,8 +96,8 @@ void sha3_512_Init(SHA3_CTX *ctx)
|
|||||||
/* Keccak theta() transformation */
|
/* Keccak theta() transformation */
|
||||||
static void keccak_theta(uint64_t *A)
|
static void keccak_theta(uint64_t *A)
|
||||||
{
|
{
|
||||||
unsigned int x;
|
unsigned int x = 0;
|
||||||
uint64_t C[5], D[5];
|
uint64_t C[5] = {0}, D[5] = {0};
|
||||||
|
|
||||||
for (x = 0; x < 5; x++) {
|
for (x = 0; x < 5; x++) {
|
||||||
C[x] = A[x] ^ A[x + 5] ^ A[x + 10] ^ A[x + 15] ^ A[x + 20];
|
C[x] = A[x] ^ A[x + 5] ^ A[x + 10] ^ A[x + 15] ^ A[x + 20];
|
||||||
@ -120,7 +120,7 @@ static void keccak_theta(uint64_t *A)
|
|||||||
/* Keccak pi() transformation */
|
/* Keccak pi() transformation */
|
||||||
static void keccak_pi(uint64_t *A)
|
static void keccak_pi(uint64_t *A)
|
||||||
{
|
{
|
||||||
uint64_t A1;
|
uint64_t A1 = 0;
|
||||||
A1 = A[1];
|
A1 = A[1];
|
||||||
A[ 1] = A[ 6];
|
A[ 1] = A[ 6];
|
||||||
A[ 6] = A[ 9];
|
A[ 6] = A[ 9];
|
||||||
@ -152,7 +152,7 @@ static void keccak_pi(uint64_t *A)
|
|||||||
/* Keccak chi() transformation */
|
/* Keccak chi() transformation */
|
||||||
static void keccak_chi(uint64_t *A)
|
static void keccak_chi(uint64_t *A)
|
||||||
{
|
{
|
||||||
int i;
|
int i = 0;
|
||||||
for (i = 0; i < 25; i += 5) {
|
for (i = 0; i < 25; i += 5) {
|
||||||
uint64_t A0 = A[0 + i], A1 = A[1 + i];
|
uint64_t A0 = A[0 + i], A1 = A[1 + i];
|
||||||
A[0 + i] ^= ~A1 & A[2 + i];
|
A[0 + i] ^= ~A1 & A[2 + i];
|
||||||
@ -165,7 +165,7 @@ static void keccak_chi(uint64_t *A)
|
|||||||
|
|
||||||
static void sha3_permutation(uint64_t *state)
|
static void sha3_permutation(uint64_t *state)
|
||||||
{
|
{
|
||||||
int round;
|
int round = 0;
|
||||||
for (round = 0; round < NumberOfRounds; round++)
|
for (round = 0; round < NumberOfRounds; round++)
|
||||||
{
|
{
|
||||||
keccak_theta(state);
|
keccak_theta(state);
|
||||||
@ -287,7 +287,7 @@ void sha3_Update(SHA3_CTX *ctx, const unsigned char *msg, size_t size)
|
|||||||
size -= left;
|
size -= left;
|
||||||
}
|
}
|
||||||
while (size >= block_size) {
|
while (size >= block_size) {
|
||||||
uint64_t* aligned_message_block;
|
uint64_t *aligned_message_block = NULL;
|
||||||
if (IS_ALIGNED_64(msg)) {
|
if (IS_ALIGNED_64(msg)) {
|
||||||
/* the most common case is processing of an already aligned message
|
/* the most common case is processing of an already aligned message
|
||||||
without copying it */
|
without copying it */
|
||||||
@ -365,7 +365,7 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char* result)
|
|||||||
|
|
||||||
void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
|
void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
|
||||||
{
|
{
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
keccak_256_Init(&ctx);
|
keccak_256_Init(&ctx);
|
||||||
keccak_Update(&ctx, data, len);
|
keccak_Update(&ctx, data, len);
|
||||||
keccak_Final(&ctx, digest);
|
keccak_Final(&ctx, digest);
|
||||||
@ -373,7 +373,7 @@ void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
|
|||||||
|
|
||||||
void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
|
void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
|
||||||
{
|
{
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
keccak_512_Init(&ctx);
|
keccak_512_Init(&ctx);
|
||||||
keccak_Update(&ctx, data, len);
|
keccak_Update(&ctx, data, len);
|
||||||
keccak_Final(&ctx, digest);
|
keccak_Final(&ctx, digest);
|
||||||
@ -382,7 +382,7 @@ void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
|
|||||||
|
|
||||||
void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
|
void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
|
||||||
{
|
{
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
sha3_256_Init(&ctx);
|
sha3_256_Init(&ctx);
|
||||||
sha3_Update(&ctx, data, len);
|
sha3_Update(&ctx, data, len);
|
||||||
sha3_Final(&ctx, digest);
|
sha3_Final(&ctx, digest);
|
||||||
@ -390,7 +390,7 @@ void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
|
|||||||
|
|
||||||
void sha3_512(const unsigned char* data, size_t len, unsigned char* digest)
|
void sha3_512(const unsigned char* data, size_t len, unsigned char* digest)
|
||||||
{
|
{
|
||||||
SHA3_CTX ctx;
|
SHA3_CTX ctx = {0};
|
||||||
sha3_512_Init(&ctx);
|
sha3_512_Init(&ctx);
|
||||||
sha3_Update(&ctx, data, len);
|
sha3_Update(&ctx, data, len);
|
||||||
sha3_Final(&ctx, digest);
|
sha3_Final(&ctx, digest);
|
||||||
|
@ -41,8 +41,8 @@
|
|||||||
#include "memzero.h"
|
#include "memzero.h"
|
||||||
|
|
||||||
static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) {
|
static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) {
|
||||||
size_t bit_idx, arr_idx;
|
size_t bit_idx = 0, arr_idx = 0;
|
||||||
uint32_t cur;
|
uint32_t cur = 0;
|
||||||
|
|
||||||
memset(r, 0, sizeof(uint32_t[8]));
|
memset(r, 0, sizeof(uint32_t[8]));
|
||||||
for (arr_idx = 0; arr_idx < len; arr_idx++) {
|
for (arr_idx = 0; arr_idx < len; arr_idx++) {
|
||||||
@ -54,8 +54,8 @@ static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) {
|
static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) {
|
||||||
size_t bit_idx, arr_idx;
|
size_t bit_idx = 0, arr_idx = 0;
|
||||||
uint32_t cur;
|
uint32_t cur = 0;
|
||||||
|
|
||||||
memset(r, 0, sizeof(uint8_t) * len);
|
memset(r, 0, sizeof(uint8_t) * len);
|
||||||
for (bit_idx = 0; bit_idx < 8; bit_idx++) {
|
for (bit_idx = 0; bit_idx < 8; bit_idx++) {
|
||||||
@ -67,7 +67,7 @@ static void unbitslice(uint8_t *r, const uint32_t x[8], size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void bitslice_setall(uint32_t r[8], const uint8_t x) {
|
static void bitslice_setall(uint32_t r[8], const uint8_t x) {
|
||||||
size_t idx;
|
size_t idx = 0;
|
||||||
for (idx = 0; idx < 8; idx++) {
|
for (idx = 0; idx < 8; idx++) {
|
||||||
r[idx] = -((x >> idx) & 1);
|
r[idx] = -((x >> idx) & 1);
|
||||||
}
|
}
|
||||||
@ -77,7 +77,7 @@ static void bitslice_setall(uint32_t r[8], const uint8_t x) {
|
|||||||
* Add (XOR) `r` with `x` and store the result in `r`.
|
* Add (XOR) `r` with `x` and store the result in `r`.
|
||||||
*/
|
*/
|
||||||
static void gf256_add(uint32_t r[8], const uint32_t x[8]) {
|
static void gf256_add(uint32_t r[8], const uint32_t x[8]) {
|
||||||
size_t idx;
|
size_t idx = 0;
|
||||||
for (idx = 0; idx < 8; idx++) r[idx] ^= x[idx];
|
for (idx = 0; idx < 8; idx++) r[idx] ^= x[idx];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ static void gf256_mul(uint32_t r[8], const uint32_t a[8], const uint32_t b[8]) {
|
|||||||
* However, some compilers seem to fail in optimizing these kinds of
|
* However, some compilers seem to fail in optimizing these kinds of
|
||||||
* loops. So we will just have to do this by hand.
|
* loops. So we will just have to do this by hand.
|
||||||
*/
|
*/
|
||||||
uint32_t a2[8];
|
uint32_t a2[8] = {0};
|
||||||
memcpy(a2, a, sizeof(uint32_t[8]));
|
memcpy(a2, a, sizeof(uint32_t[8]));
|
||||||
|
|
||||||
r[0] = a2[0] & b[0]; /* add (assignment, because r is 0) */
|
r[0] = a2[0] & b[0]; /* add (assignment, because r is 0) */
|
||||||
@ -200,7 +200,7 @@ static void gf256_mul(uint32_t r[8], const uint32_t a[8], const uint32_t b[8]) {
|
|||||||
* Square `x` in GF(2^8) and write the result to `r`. `r` and `x` may overlap.
|
* Square `x` in GF(2^8) and write the result to `r`. `r` and `x` may overlap.
|
||||||
*/
|
*/
|
||||||
static void gf256_square(uint32_t r[8], const uint32_t x[8]) {
|
static void gf256_square(uint32_t r[8], const uint32_t x[8]) {
|
||||||
uint32_t r8, r10, r12, r14;
|
uint32_t r8 = 0, r10 = 0, r12 = 0, r14 = 0;
|
||||||
/* Use the Freshman's Dream rule to square the polynomial
|
/* Use the Freshman's Dream rule to square the polynomial
|
||||||
* Assignments are done from 7 downto 0, because this allows the user
|
* Assignments are done from 7 downto 0, because this allows the user
|
||||||
* to execute this function in-place (e.g. `gf256_square(r, r);`).
|
* to execute this function in-place (e.g. `gf256_square(r, r);`).
|
||||||
@ -242,7 +242,7 @@ static void gf256_square(uint32_t r[8], const uint32_t x[8]) {
|
|||||||
* Invert `x` in GF(2^8) and write the result to `r`
|
* Invert `x` in GF(2^8) and write the result to `r`
|
||||||
*/
|
*/
|
||||||
static void gf256_inv(uint32_t r[8], uint32_t x[8]) {
|
static void gf256_inv(uint32_t r[8], uint32_t x[8]) {
|
||||||
uint32_t y[8], z[8];
|
uint32_t y[8] = {0}, z[8] = {0};
|
||||||
|
|
||||||
gf256_square(y, x); // y = x^2
|
gf256_square(y, x); // y = x^2
|
||||||
gf256_square(y, y); // y = x^4
|
gf256_square(y, y); // y = x^4
|
||||||
@ -264,13 +264,13 @@ bool shamir_interpolate(uint8_t *result, uint8_t result_index,
|
|||||||
const uint8_t *share_indices,
|
const uint8_t *share_indices,
|
||||||
const uint8_t **share_values, uint8_t share_count,
|
const uint8_t **share_values, uint8_t share_count,
|
||||||
size_t len) {
|
size_t len) {
|
||||||
size_t i, j;
|
size_t i = 0, j = 0;
|
||||||
uint32_t x[8];
|
uint32_t x[8] = {0};
|
||||||
uint32_t xs[share_count][8];
|
uint32_t xs[share_count][8];
|
||||||
uint32_t ys[share_count][8];
|
uint32_t ys[share_count][8];
|
||||||
uint32_t num[8] = {~0}; /* num is the numerator (=1) */
|
uint32_t num[8] = {~0}; /* num is the numerator (=1) */
|
||||||
uint32_t denom[8];
|
uint32_t denom[8] = {0};
|
||||||
uint32_t tmp[8];
|
uint32_t tmp[8] = {0};
|
||||||
uint32_t secret[8] = {0};
|
uint32_t secret[8] = {0};
|
||||||
bool ret = true;
|
bool ret = true;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user