Commit graph

75 commits

Author SHA1 Message Date
Pieter Wuille
d1c02775aa Report amount of data gathered from environment 2019-11-12 15:35:26 -08:00
Pieter Wuille
723c796667 [MOVEONLY] Move cpuid code from random & sha256 to compat/cpuid 2019-11-12 14:50:44 -08:00
Wladimir J. van der Laan
f3b51eb935 Fix occurences of c_str() used with size() to data()
Using `data()` better communicates the intent here.

Also, depending on how `c_str()` is implemented, this fixes undefined
behavior: The part of the string after the first NULL character might
have undefined contents.
2019-10-28 13:41:45 +01:00
practicalswift
084e17cebd Remove unused includes 2019-10-15 22:56:43 +00:00
Jonas Schnelli
af5d1b5f4a
Add ChaCha20Poly1305@Bitcoin AEAD implementation 2019-06-25 15:13:02 +02:00
practicalswift
eca9767673 Make reasoning about dependencies easier by not including unused dependencies 2019-06-02 17:15:23 +02:00
Wladimir J. van der Laan
376638afcf
Merge #14047: Add HKDF_HMAC256_L32 and method to negate a private key
8794a4b3ae QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489416 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f852e4 QA: add test for CKey::Negate() (Jonas Schnelli)
463921bb64 CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of #14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
2019-05-16 19:24:52 +02:00
Wladimir J. van der Laan
fd61b9fc22
Merge #15950: Do not construct out-of-bound pointers in SHA2 code
c01c065b9d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille)

Pull request description:

  This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers).

  I discovered this while investigating #14580. Sadly, it does not fix it.

ACKs for commit c01c06:
  practicalswift:
    utACK c01c065b9d

Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
2019-05-16 16:23:38 +02:00
Jonas Schnelli
551d489416
Add HKDF HMAC_SHA256 L=32 implementations 2019-05-11 09:14:07 +02:00
Jonas Schnelli
695141bf7a
Merge #15512: Add ChaCha20 encryption option (XOR)
2dfe27517 Add ChaCha20 bench (Jonas Schnelli)
2bc2b8b49 Add ChaCha20 encryption option (XOR) (Jonas Schnelli)

Pull request description:

  The current ChaCha20 implementation does not support message encryption (it can only output the keystream which is sufficient for the RNG).

  This PR adds the actual XORing of the `plaintext` with the `keystream` in order to return the desired `ciphertext`.

  Required for v2 message transport protocol.

ACKs for commit 2dfe27:
  jnewbery:
    Looks good. utACK 2dfe275171.
  jnewbery:
    utACK 2dfe275171
  sipa:
    utACK 2dfe275171
  ryanofsky:
    utACK 2dfe275171. Changes since last review are just renaming the Crypt method, adding comments, and simplifying the benchmark.

Tree-SHA512: 84bb234da2ca9fdc44bc29a786d9dd215520f81245270c1aef801ef66b6091b7793e2eb38ad6dbb084925245065c5dce9e5582f2d0fa220ab3e182d43412d5b5
2019-05-10 09:26:23 +02:00
Pieter Wuille
c01c065b9d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code 2019-05-06 15:11:10 -07:00
Jonas Schnelli
2bc2b8b49a
Add ChaCha20 encryption option (XOR) 2019-05-03 20:31:18 +02:00
Jonas Schnelli
edc68d40e9
Merge #15663: crypto: Remove unused AES-128 code
f6ee177f7 Remove unused AES-128 code (practicalswift)

Pull request description:

  Remove unused AES-128 code.

  As far as I can tell this AES-128 code has never been in use in the project (outside of testing/benchmarking).

  The AES-256 code is used in `CCrypter::Encrypt`/`CCrypter::Decrypt` (`src/wallet/crypter.cpp`).

  Trivia: 0.15% of the project's C++ LOC count (excluding dependencies) is trimmed off:

  ```
  $ LOC_BEFORE=$(git grep -I "" HEAD~1 -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l)
  $ LOC_AFTER=$(git grep -I "" -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l)
  $ bc <<< "scale=4; ${LOC_AFTER}/${LOC_BEFORE}"
  .9985
  ```

  :-)

Tree-SHA512: 9588a3cd795a89ef658b8ee7323865f57723cb4ed9560c21de793f82d35e2835059e7d6d0705e99e3d16bf6b2a444b4bf19568d50174ff3776caf8a3168f5c85
2019-03-29 10:22:24 +01:00
Jonas Schnelli
03be7f48fa
Add Poly1305 implementation 2019-03-26 18:12:29 +01:00
practicalswift
f6ee177f7d Remove unused AES-128 code 2019-03-25 14:46:30 +01:00
Pieter Wuille
2ccc3d3aa3 Abstract out seeding/extracting entropy into RNGState::MixExtract 2019-01-16 16:31:37 -08:00
Jim Posen
4fb789e9b2 Extract CSipHasher to it's own file in crypto/ directory.
This is a move-only commit with the exception of changes to includes.
2018-11-05 09:25:15 -08:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Wladimir J. van der Laan
3a3eabef40
Merge #13386: SHA256 implementations based on Intel SHA Extensions
66b2cf1ccf Use immintrin.h everywhere for intrinsics (Pieter Wuille)
4c935e2eee Add SHA256 implementation using using Intel SHA intrinsics (Pieter Wuille)
268400d318 [Refactor] CPU feature detection logic for SHA256 (Pieter Wuille)

Pull request description:

  Based on #13191.

  This adds SHA256 implementations that use Intel's SHA Extension instructions (using intrinsics). This needs GCC 4.9 or Clang 3.4.

  In addition to #13191, two extra implementations are provided:
  * (a) A variable-length SHA256 implementation using SHA extensions.
  * (b) A 2-way 64-byte input double-SHA256 implementation using SHA extensions.

  Benchmarks for 9001-element Merkle tree root computation on an AMD Ryzen 1800X system:
  * Using generic C++ code (pre-#10821): 6.1ms
  * Using SSE4 (master, #10821): 4.6ms
  * Using 4-way SSE4 specialized for 64-byte inputs (#13191): 2.8ms
  * Using 8-way AVX2 specialized for 64-byte inputs (#13191): 2.1ms
  * Using 2-way SHA-NI specialized for 64-byte inputs (this PR): 0.56ms

  Benchmarks for 32-byte SHA256 on the same system:
  * Using SSE4 (master, #10821): 190ns
  * Using SHA-NI (this PR): 53ns

  Benchmarks for 1000000-byte SHA256 on the same system:
  * Using SSE4 (master, #10821): 2.5ms
  * Using SHA-NI (this PR): 0.51ms

Tree-SHA512: 2b319e33b22579f815d91f9daf7994a5e1e799c4f73c13e15070dd54ba71f3f6438ccf77ae9cbd1ce76f972d9cbeb5f0edfea3d86f101bbc1055db70e42743b7
2018-07-09 21:17:18 +02:00
Chun Kuan Lee
63c16ed507 Use __cpuid_count for gnu C to avoid gitian build fail. 2018-07-07 16:01:43 +00:00
Pieter Wuille
66b2cf1ccf Use immintrin.h everywhere for intrinsics 2018-06-26 10:11:08 -07:00
Pieter Wuille
4c935e2eee Add SHA256 implementation using using Intel SHA intrinsics 2018-06-26 10:11:08 -07:00
Pieter Wuille
268400d318 [Refactor] CPU feature detection logic for SHA256 2018-06-24 10:51:07 -07:00
Wladimir J. van der Laan
5eca4e86d4
Merge #13471: For AVX2 code, also check for AVX, XSAVE, and OS support
32d153fa36 For AVX2 code, also check for AVX, XSAVE, and OS support (Pieter Wuille)

Pull request description:

  Fixes #12903.

Tree-SHA512: 01e71efb5d3a43c49a145a5b1dc4fe7d0a491e1e78479e7df830a2aaac57c3dcfc316e28984c695206c76f93b68e4350fc037ca36756ca579b7070e39c835da2
2018-06-24 15:31:33 +02:00
Pieter Wuille
32d153fa36 For AVX2 code, also check for AVX, XSAVE, and OS support 2018-06-18 14:55:54 -07:00
Pieter Wuille
1e1eb6367f Improve coverage of SHA256 SelfTest code 2018-06-12 12:10:13 -07:00
Wladimir J. van der Laan
a607d23ae8
Merge #13393: Enable double-SHA256-for-64-byte code on 32-bit x86
57ba401abc Enable double-SHA256-for-64-byte code on 32-bit x86 (Pieter Wuille)

Pull request description:

  The SSE4 and AVX2 double-SHA256-for-64-byte input code from #13191 compiles fine on 32-bit x86 systems, but the autodetection logic in sha256.cpp doesn't enable it. Fix this.

  Note that these instruction sets are only available on CPUs that support 64-bit mode as well, so it is only beneficial in the (perhaps unlikely) scenario where a 64-bit CPU is running a 32-bit Bitcoin Core binary.

Tree-SHA512: 39d5963c1ba8c33932549d5fe98bd184932689a40aeba95043eca31dd6824f566197c546b60905555eccaf407408a5f0f200247bb0907450d309b0a70b245102
2018-06-12 18:52:26 +02:00
practicalswift
906bee8e5f Use bracket syntax includes ("#include <foo.h>") 2018-06-06 11:09:05 +02:00
Pieter Wuille
57ba401abc Enable double-SHA256-for-64-byte code on 32-bit x86 2018-06-04 11:30:34 -07:00
Pieter Wuille
4437d6e1f3 8-way AVX2 implementation for double SHA256 on 64-byte inputs 2018-05-29 14:18:05 -07:00
Pieter Wuille
230294bf5f 4-way SSE4.1 implementation for double SHA256 on 64-byte inputs 2018-05-29 14:18:05 -07:00
Pieter Wuille
d0c9632883 Specialized double sha256 for 64 byte inputs 2018-05-29 14:05:00 -07:00
Pieter Wuille
57f34630fb Refactor SHA256 code 2018-05-08 07:44:21 -07:00
532479301
18307849b4 Consensus: Fix bug when compiler do not support __builtin_clz*
#ifdef is not correct since defination is defined to 0 or 1. Should change to #if
2018-03-01 17:20:27 +08:00
Akira Takizawa
595a7bab23 Increment MIT Licence copyright header year on files modified in 2017 2018-01-03 02:26:56 +09:00
MeshCollider
1a445343f6 scripted-diff: Replace #include "" with #include <> (ryanofsky)
-BEGIN VERIFY SCRIPT-
for f in \
  src/*.cpp \
  src/*.h \
  src/bench/*.cpp \
  src/bench/*.h \
  src/compat/*.cpp \
  src/compat/*.h \
  src/consensus/*.cpp \
  src/consensus/*.h \
  src/crypto/*.cpp \
  src/crypto/*.h \
  src/crypto/ctaes/*.h \
  src/policy/*.cpp \
  src/policy/*.h \
  src/primitives/*.cpp \
  src/primitives/*.h \
  src/qt/*.cpp \
  src/qt/*.h \
  src/qt/test/*.cpp \
  src/qt/test/*.h \
  src/rpc/*.cpp \
  src/rpc/*.h \
  src/script/*.cpp \
  src/script/*.h \
  src/support/*.cpp \
  src/support/*.h \
  src/support/allocators/*.h \
  src/test/*.cpp \
  src/test/*.h \
  src/wallet/*.cpp \
  src/wallet/*.h \
  src/wallet/test/*.cpp \
  src/wallet/test/*.h \
  src/zmq/*.cpp \
  src/zmq/*.h
do
  base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f
done
-END VERIFY SCRIPT-
2017-11-16 08:23:01 +13:00
Wladimir J. van der Laan
3aa60b7ff9
Merge #11143: Fix include path for bitcoin-config.h
5abb93f0e Fix include path for bitcoin-config.h in crypto/common.h (danra)

Pull request description:

  All the other files in the repo which include bitcoin-config.h do so with the appropriate subfolder prefixed: config/bitcoin-config.h
  The header should be included with the appropriate subfolder here as well.

Tree-SHA512: abda23a9cf251553f90afe0ee1866de46ed579471f4139737239a4f9334ca817d985deac6336740898718775d1264c0b80cb348668b10a9cae970895f2de37b8
2017-09-05 23:15:55 +02:00
Wladimir J. van der Laan
df8c72237a
Merge #11176: build: Rename --enable-experimental-asm to --enable-asm and enable by default
538cc0ca8 build: Mention use of asm in summary (Wladimir J. van der Laan)
ce5381e7f build: Rename --enable-experimental-asm to --enable-asm and enable by default (Wladimir J. van der Laan)

Pull request description:

  Now that 0.15 is branched off, enable assembler SHA256 optimizations by default, but still allow disabling them, for example if something goes wrong with auto-detection on a platform.

  Also add mention of the use of asm in the configure summary.

Tree-SHA512: cd20c497f65edd6b1e8b2cc3dfe82be11fcf4777543c830ccdec6c10f25eab4576b0f2953f3957736d7e04deaa4efca777aa84b12bb1cecb40c258e86c120ec8
2017-09-05 22:14:16 +02:00
Utsav Gupta
dc334fe749 Update hmac_sha256.h
Fixed a typo
2017-09-02 09:59:48 +05:30
danra
5abb93f0ee Fix include path for bitcoin-config.h in crypto/common.h
All the other files in the repo which include bitcoin-config.h do so with the appropriate subfolder prefixed: config/bitcoin-config.h
The header should be included with the appropriate subfolder here as well.

This canonicalization also allows getting rid of a bit of extra configuration in Makefile.am.
2017-08-31 21:30:41 +03:00
Wladimir J. van der Laan
ce5381e7fe build: Rename --enable-experimental-asm to --enable-asm and enable by default
Now that 0.15 is branched off, enable assembler SHA256 optimizations by default.
2017-08-28 11:06:11 +02:00
practicalswift
64fb0ac016 Declare single-argument (non-converting) constructors "explicit"
In order to avoid unintended implicit conversions.
2017-08-16 16:33:25 +02:00
practicalswift
90d4d89230 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
-BEGIN VERIFY SCRIPT-
sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h
sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp
sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp
sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp
sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp
sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp
-END VERIFY SCRIPT-
2017-08-07 07:36:37 +02:00
Pieter Wuille
6b8d872e5e Protect SSE4 code behind a compile-time flag 2017-07-20 09:03:53 -07:00
Pieter Wuille
fa9be909c9 Add selftest for SHA256 transform 2017-07-20 09:03:53 -07:00
Pieter Wuille
c1ccb15b0e Add SSE4 based SHA256 2017-07-20 09:03:53 -07:00
Pieter Wuille
2991c91d88 Add SHA256 dispatcher 2017-07-20 09:03:53 -07:00
Pieter Wuille
4d50f38fe0 Support multi-block SHA256 transforms
Extracted from a patch by Wladimir van der Laan.
2017-07-20 09:03:53 -07:00
practicalswift
90593ed92c Limit variable scope 2017-06-05 00:52:36 +02:00
Pieter Wuille
4fd2d2fc97 Add a FastRandomContext::randrange and use it 2017-03-29 11:26:08 -07:00