ilyakooo0/urbit
1
0
Fork 0
mirror of https://github.com/ilyakooo0/urbit.git synced 2024-12-29 18:06:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

start scrypt porting

Browse Source
This commit is contained in:
Paul Driver 2020-10-10 15:01:31 -07:00
parent c862a59484
commit 915880a4ab
17 changed files with 1164 additions and 1050 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/urbit/jets/e/scr.c
View File

@ -139,6 +139,31 @@ static int _crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t,
return u3qes_pbl(p, pl, s, sl, c, d);
}
static u3_atom
_cqes_pbk(u3_atom p, u3_atom s, u3_atom c, u3_atom d)
{
if ( (c > (1 << 28)) ||
(d > (1 << 30)) ) {
// max key length 1gb
// max iterations 2^28
return u3m_bail(c3__exit);
}
else {
u3_noun pro;
c3_w pwd_w, sal_w, out_w;
c3_y *pwd_y = u3r_bytes_all(&pwd_w, p),
*sal_y = u3r_bytes_all(&sal_w, s),
*out_y = u3r_malloc(d);
urcrypt_scrypt_pbk(pwd_y, pwd_w, sal_y, sal_w, c, d);
pro = u3i_bytes(d, out_y);
u3a_free(pwd_y);
u3a_free(sal_y);
u3a_free(out_y);
return pro;
}
}
u3_noun
u3qes_pbk(u3_atom p, u3_atom s, u3_atom c, u3_atom d)
{
@ -169,7 +194,15 @@ static int _crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t,
u3x_qual(u3r_at(u3x_sam, cor), &p, &s, &c, &d);
return u3qes_pbk(p, s, c, d);
if ( !(_(u3a_is_atom(p)) && _(u3a_is_atom(s)) &&
_(u3a_is_atom(c)) && _(u3a_is_atom(d))) ) {
return u3m_bail(c3__exit);
}
else {
u3l_log("scrypt-pbk\r\n");
return _cqes_pbk(p, s, c, d);
//return u3qes_pbk(p, s, c, d);
}
}
/**

49
pkg/urcrypt/Makefile.am
View File

@ -5,14 +5,18 @@ AM_CFLAGS = -Wall
lib_LTLIBRARIES = liburcrypt.la
noinst_LTLIBRARIES = libed25519.la \
libge_additions.la \
libargon2.la
libargon2.la \
libscrypt.la
include_HEADERS = urcrypt.h
noinst_HEADERS = ed25519/src/ed25519.h \
include_HEADERS = urcrypt/urcrypt.h
noinst_HEADERS = urcrypt/util.h \
ed25519/src/ed25519.h \
ed25519/src/ge.h \
ge-additions/ge-additions.h \
argon2/include/argon2.h \
argon2/src/blake2/blake2.h
argon2/src/blake2/blake2.h \
scrypt/sha256.h \
scrypt/libscrypt.h
# main library
pkgconfig_DATA = liburcrypt.pc
@ -20,21 +24,35 @@ pkgconfig_DATA = liburcrypt.pc
liburcrypt_la_CPPFLAGS = -I$(srcdir)/ed25519/src \
-I$(srcdir)/ge-additions \
-I$(srcdir)/argon2/include \
-I$(srcdir)/argon2/src/blake2
-I$(srcdir)/argon2/src/blake2 \
-I$(srcdir)/scrypt
liburcrypt_la_LIBADD = $(libcrypto_LIBS) \
$(libsecp256k1_LIBS) \
$(libaes_siv_LIBS) \
libed25519.la \
libge_additions.la \
libargon2.la
libargon2.la \
libscrypt.la
liburcrypt_la_CFLAGS = $(libcrypto_CFLAGS) \
$(libsecp256k1_CFLAGS) \
$(libaes_siv_CFLAGS)
# urcrypt_ is used for public symbols, urcrypt__ for internal.
liburcrypt_la_LDFLAGS = -export-symbols-regex '^urcrypt_[^_]'
liburcrypt_la_SOURCES = urcrypt.c
liburcrypt_la_SOURCES = urcrypt/aes_cbc.c \
urcrypt/aes_ecb.c \
urcrypt/aes_siv.c \
urcrypt/argon.c \
urcrypt/ed25519.c \
urcrypt/ge_additions.c \
urcrypt/ripemd.c \
urcrypt/scrypt.c \
urcrypt/secp256k1.c \
urcrypt/sha.c \
urcrypt/util.c \
urcrypt/util.h
# ed25519
libed25519_la_CFLAGS = -Wno-unused-result
libed25519_la_SOURCES = ed25519/src/fixedint.h \
ed25519/src/sha512.h \
ed25519/src/fe.h \
@ -71,3 +89,20 @@ libargon2_la_SOURCES = argon2/src/core.h \
argon2/src/thread.c \
argon2/src/encoding.c \
argon2/src/opt.c
# scrypt
libscrypt_la_CPPFLAGS = -D_FORTIFY_SOURCE=2
libscrypt_la_SOURCES = scrypt/b64.c \
scrypt/crypto-mcf.c \
scrypt/crypto-scrypt-saltgen.c \
scrypt/crypto_scrypt-check.c \
scrypt/crypto_scrypt-hash.c \
scrypt/crypto_scrypt-hexconvert.c \
scrypt/crypto_scrypt-nosse.c \
scrypt/main.c \
scrypt/sha256.c \
scrypt/slowequals.c \
scrypt/b64.h \
scrypt/crypto_scrypt-hexconvert.h \
scrypt/slowequals.h \
scrypt/sysendian.h

2
pkg/urcrypt/configure.ac
View File

@ -4,7 +4,7 @@
# Initialize autoconf
AC_PREREQ([2.69])
AC_INIT([urcrypt], [1.0])
AC_CONFIG_SRCDIR([urcrypt.c])
AC_CONFIG_SRCDIR([urcrypt/util.c])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([build-aux/m4])

1035
pkg/urcrypt/urcrypt.c
View File

File diff suppressed because it is too large Load Diff

181
pkg/urcrypt/urcrypt/aes_cbc.c Normal file
View File

@ -0,0 +1,181 @@
#include "urcrypt.h"
#include "util.h"
#include <string.h>
#include <openssl/aes.h>
static int
urcrypt__cbc_pad(uint8_t **message_ptr,
size_t *length_ptr,
urcrypt_realloc_t realloc_ptr)
{
size_t length = *length_ptr,
remain = length % 16;
if ( 0 == remain ) {
// no padding needed
return 0;
}
else {
size_t padding = 16 - remain,
padded = length + padding;
if ( padded < length ) {
// size_t overflow
return -1;
}
else {
uint8_t *out = (*realloc_ptr)(*message_ptr, padded);
if ( NULL == out ) {
return -2;
}
else {
memset(out + length, 0, padding);
*message_ptr = out;
*length_ptr = padded;
return 0;
}
}
}
}
static int
urcrypt__cbc_help(uint8_t **message_ptr,
size_t *length_ptr,
const AES_KEY *key,
uint8_t ivec[16],
const int enc,
urcrypt_realloc_t realloc_ptr)
{
if ( 0 != urcrypt__cbc_pad(message_ptr, length_ptr, realloc_ptr) ) {
return -1;
}
else {
uint8_t *out = *message_ptr;
size_t length = *length_ptr;
urcrypt__reverse(16, ivec);
urcrypt__reverse(length, out);
AES_cbc_encrypt(out, out, length, key, ivec, enc);
urcrypt__reverse(length, out);
return 0;
}
}
int
urcrypt_aes_cbca_en(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[16],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(16, key);
if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_ENCRYPT, realloc_ptr);
}
}
int
urcrypt_aes_cbca_de(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[16],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(16, key);
if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_DECRYPT, realloc_ptr);
}
}
int
urcrypt_aes_cbcb_en(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[24],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(24, key);
if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_ENCRYPT, realloc_ptr);
}
}
int
urcrypt_aes_cbcb_de(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[24],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(24, key);
if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_DECRYPT, realloc_ptr);
}
}
int
urcrypt_aes_cbcc_en(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[32],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(32, key);
if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_ENCRYPT, realloc_ptr);
}
}
int
urcrypt_aes_cbcc_de(uint8_t **message_ptr,
size_t *length_ptr,
uint8_t key[32],
uint8_t ivec[16],
urcrypt_realloc_t realloc_ptr)
{
AES_KEY aes_key;
urcrypt__reverse(32, key);
if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) {
return -1;
}
else {
return urcrypt__cbc_help(message_ptr, length_ptr,
&aes_key, ivec, AES_DECRYPT, realloc_ptr);
}
}

111
pkg/urcrypt/urcrypt/aes_ecb.c Normal file
View File

@ -0,0 +1,111 @@
#include "urcrypt.h"
#include "util.h"
#include <openssl/aes.h>
int
urcrypt_aes_ecba_en(uint8_t key[16], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(16, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT);
urcrypt__reverse(16, out);
return 0;
}
}
int
urcrypt_aes_ecba_de(uint8_t key[16], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(16, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT);
urcrypt__reverse(16, out);
return 0;
}
}
int
urcrypt_aes_ecbb_en(uint8_t key[24], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(24, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT);
urcrypt__reverse(16, out);
return 0;
}
}
int
urcrypt_aes_ecbb_de(uint8_t key[24], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(24, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT);
urcrypt__reverse(16, out);
return 0;
}
}
int
urcrypt_aes_ecbc_en(uint8_t key[32], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(32, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT);
urcrypt__reverse(16, out);
return 0;
}
}
int
urcrypt_aes_ecbc_de(uint8_t key[32], uint8_t block[16], uint8_t out[16])
{
AES_KEY aes_key;
urcrypt__reverse(32, key);
urcrypt__reverse(16, block);
if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) {
return -1;
}
else {
AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT);
urcrypt__reverse(16, out);
return 0;
}
}

181
pkg/urcrypt/urcrypt/aes_siv.c Normal file
View File

@ -0,0 +1,181 @@
#include "urcrypt.h"
#include "util.h"
#include <aes_siv.h>
static AES_SIV_CTX*
urcrypt__aes_siv_init(uint8_t *key,
size_t key_length,
urcrypt_aes_siv_data *data,
size_t data_length)
{
AES_SIV_CTX *ctx = AES_SIV_CTX_new();
if ( NULL == ctx ) {
return NULL;
}
else {
urcrypt__reverse(key_length, key);
if ( 0 == AES_SIV_Init(ctx, key, key_length) ) {
AES_SIV_CTX_free(ctx);
return NULL;
}
else {
size_t i, len;
uint8_t *dat;
for ( i = 0; i < data_length; ++i ) {
len = data[i].length;
dat = data[i].bytes;
urcrypt__reverse(len, dat);
if ( 0 == AES_SIV_AssociateData(ctx, dat, len) ) {
AES_SIV_CTX_free(ctx);
return NULL;
}
}
return ctx;
}
}
}
static int
urcrypt__aes_siv_en(uint8_t *key,
size_t key_length,
uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t iv[16],
uint8_t *out)
{
AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length);
if ( NULL == ctx ) {
return -1;
}
else {
int ret;
urcrypt__reverse(message_length, message);
ret = AES_SIV_EncryptFinal(ctx, iv, out, message, message_length);
AES_SIV_CTX_free(ctx);
if ( 0 == ret ) {
return -2;
}
else {
urcrypt__reverse(16, iv);
urcrypt__reverse(message_length, out);
return 0;
}
}
}
static int
urcrypt__aes_siv_de(uint8_t *key,
size_t key_length,
uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t iv[16],
uint8_t *out)
{
AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length);
if ( NULL == ctx ) {
return -1;
}
else {
int ret;
urcrypt__reverse(message_length, message);
urcrypt__reverse(16, iv);
ret = AES_SIV_DecryptFinal(ctx, out, iv, message, message_length);
AES_SIV_CTX_free(ctx);
if ( 0 == ret ) {
return -2;
}
else {
urcrypt__reverse(message_length, out);
return 0;
}
}
}
int
urcrypt_aes_siva_en(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[32],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_en(key, 32,
message, message_length, data, data_length, iv, out);
}
int
urcrypt_aes_siva_de(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[32],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_de(key, 32,
message, message_length, data, data_length, iv, out);
}
int
urcrypt_aes_sivb_en(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[48],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_en(key, 48,
message, message_length, data, data_length, iv, out);
}
int
urcrypt_aes_sivb_de(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[48],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_de(key, 48,
message, message_length, data, data_length, iv, out);
}
int
urcrypt_aes_sivc_en(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[64],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_en(key, 64,
message, message_length, data, data_length, iv, out);
}
int
urcrypt_aes_sivc_de(uint8_t *message,
size_t message_length,
urcrypt_aes_siv_data *data,
size_t data_length,
uint8_t key[64],
uint8_t iv[16],
uint8_t *out)
{
return urcrypt__aes_siv_de(key, 64,
message, message_length, data, data_length, iv, out);
}

120
pkg/urcrypt/urcrypt/argon.c Normal file
View File

@ -0,0 +1,120 @@
#include "urcrypt.h"
#include "util.h"
#include <argon2.h>
#include <blake2.h>
// library convention is to have sizes in size_t, but argon2 wants them
// in uint32_t, so here's a helper macro for ensuring equivalence.
#define SZ_32(s) ( sizeof(size_t) <= sizeof(uint32_t) || s <= 0xFFFFFFFF )
const char*
urcrypt_argon2(uint8_t type,
uint32_t version,
uint32_t threads,
uint32_t memory_cost,
uint32_t time_cost,
size_t secret_length,
uint8_t *secret,
size_t associated_length,
uint8_t *associated,
size_t password_length,
uint8_t *password,
size_t salt_length,
uint8_t *salt,
size_t out_length,
uint8_t *out,
urcrypt_argon2_alloc_t alloc_ptr,
urcrypt_argon2_free_t free_ptr)
{
if ( !( SZ_32(secret_length) &&
SZ_32(associated_length) &&
SZ_32(password_length) &&
SZ_32(salt_length) &&
SZ_32(out_length) ) ) {
return "length > 32 bits";
}
else {
int (*f)(argon2_context*);
int result;
switch ( type ) {
default:
return "unknown type";
case urcrypt_argon2_d:
f = &argon2d_ctx;
break;
case urcrypt_argon2_i:
f = &argon2i_ctx;
break;
case urcrypt_argon2_id:
f = &argon2id_ctx;
break;
case urcrypt_argon2_u:
f = &argon2u_ctx;
break;
}
urcrypt__reverse(secret_length, secret);
urcrypt__reverse(associated_length, associated);
urcrypt__reverse(password_length, password);
urcrypt__reverse(salt_length, salt);
argon2_context context = {
out, // output array, at least [digest length] in size
out_length, // digest length
password, // password array
password_length, // password length
salt, // salt array
salt_length, // salt length
secret, // optional secret data
secret_length,
associated, // optional associated data
associated_length,
time_cost, // performance cost configuration
memory_cost,
threads,
threads,
version, // algorithm version
alloc_ptr, // custom memory allocation function
free_ptr, // custom memory deallocation function
ARGON2_DEFAULT_FLAGS // by default only internal memory is cleared
};
result = (*f)(&context);
if ( ARGON2_OK != result ) {
return argon2_error_message(result);
}
else {
urcrypt__reverse(out_length, out);
return NULL;
}
}
}
int
urcrypt_blake2(size_t message_length,
uint8_t *message,
size_t key_length,
uint8_t key[64],
size_t out_length,
uint8_t *out)
{
if ( key_length > 64 ) {
return -1;
}
else {
urcrypt__reverse(message_length, message);
urcrypt__reverse(key_length, key);
if ( 0 != blake2b(out, out_length,
message, message_length,
key, key_length)) {
return -1;
}
else {
urcrypt__reverse(out_length, out);
return 0;
}
}
}

53
pkg/urcrypt/urcrypt/ed25519.c Normal file
View File

@ -0,0 +1,53 @@
#include "urcrypt.h"
#include <string.h>
#include <ed25519.h>
void
urcrypt_ed_puck(const uint8_t seed[32],
uint8_t out[32])
{
uint8_t secret[64];
ed25519_create_keypair(out, secret, seed);
}
void
urcrypt_ed_shar(const uint8_t public[32],
const uint8_t seed[32],
uint8_t out[32])
{
uint8_t self[32], exp[64];
memset(self, 0, 32);
memset(exp, 0, 64);
memset(out, 0, 32);
ed25519_create_keypair(self, exp, seed);
ed25519_key_exchange(out, public, exp);
}
void
urcrypt_ed_sign(const uint8_t *message,
size_t length,
const uint8_t seed[32],
uint8_t out[64])
{
uint8_t public[64], secret[64];
memset(public, 0, 64);
memset(secret, 0, 64);
memset(out, 0, 64);
ed25519_create_keypair(public, secret, seed);
ed25519_sign(out, message, length, public, secret);
}
bool
urcrypt_ed_veri(const uint8_t *message,
size_t length,
const uint8_t public[32],
const uint8_t signature[64])
{
return ( ed25519_verify(signature, message, length, public) == 1 )
? true
: false;
}

126
pkg/urcrypt/urcrypt/ge_additions.c Normal file
View File

@ -0,0 +1,126 @@
#include "urcrypt.h"
#include <ge-additions.h>
int
urcrypt_ed_point_add(const uint8_t a[32],
const uint8_t b[32],
uint8_t out[32])
{
ge_p3 A, B;
ge_cached b_cached;
ge_p1p1 sum;
ge_p3 result;
if ( ge_frombytes_negate_vartime(&A, a) != 0 ) {
return -1;
}
if ( ge_frombytes_negate_vartime(&B, b) != 0 ) {
return -1;
}
// Undo the negation from above. See add_scalar.c in the ed25519 distro.
fe_neg(A.X, A.X);
fe_neg(A.T, A.T);
fe_neg(B.X, B.X);
fe_neg(B.T, B.T);
ge_p3_to_cached(&b_cached, &B);
ge_add(&sum, &A, &b_cached);
ge_p1p1_to_p3(&result, &sum);
ge_p3_tobytes(out, &result);
return 0;
}
int
urcrypt_ed_scalarmult(const uint8_t a[32],
const uint8_t b[32],
uint8_t out[32])
{
ge_p3 B, result;
if ( ge_frombytes_negate_vartime(&B, b) != 0 ) {
return -1;
}
// Undo the negation from above. See add_scalar.c in the ed25519 distro.
fe_neg(B.X, B.X);
fe_neg(B.T, B.T);
ge_scalarmult(&result, a, &B);
ge_p3_tobytes(out, &result);
return 0;
}
void
urcrypt_ed_scalarmult_base(const uint8_t a[32],
uint8_t out[32])
{
ge_p3 R;
ge_scalarmult_base(&R, a);
ge_p3_tobytes(out, &R);
}
int
urcrypt_ed_add_scalarmult_scalarmult_base(const uint8_t a[32],
const uint8_t a_point[32],
const uint8_t b[32],
uint8_t out[32])
{
ge_p2 r;
ge_p3 A;
if (ge_frombytes_negate_vartime(&A, a_point) != 0) {
return -1;
}
// Undo the negation from above. See add_scalar.c in the ed25519 distro.
fe_neg(A.X, A.X);
fe_neg(A.T, A.T);
ge_double_scalarmult_vartime(&r, a, &A, b);
ge_tobytes(out, &r);
return 0;
}
int
urcrypt_ed_add_double_scalarmult(const uint8_t a[32],
const uint8_t a_point[32],
const uint8_t b[32],
const uint8_t b_point[32],
uint8_t out[32])
{
ge_p3 A, B, a_result, b_result, final_result;
ge_cached b_result_cached;
ge_p1p1 sum;
if ( ge_frombytes_negate_vartime(&A, a_point) != 0 ) {
return -1;
}
if ( ge_frombytes_negate_vartime(&B, b_point) != 0 ) {
return -1;
}
// Undo the negation from above. See add_scalar.c in the ed25519 distro.
fe_neg(A.X, A.X);
fe_neg(A.T, A.T);
fe_neg(B.X, B.X);
fe_neg(B.T, B.T);
// Perform the multiplications of a*A and b*B
ge_scalarmult(&a_result, a, &A);
ge_scalarmult(&b_result, b, &B);
// Sum those two points
ge_p3_to_cached(&b_result_cached, &b_result);
ge_add(&sum, &a_result, &b_result_cached);
ge_p1p1_to_p3(&final_result, &sum);
ge_p3_tobytes(out, &final_result);
return 0;
}

20
pkg/urcrypt/urcrypt/ripemd.c Normal file
View File

@ -0,0 +1,20 @@
#include "urcrypt.h"
#include "util.h"
#include <openssl/ripemd.h>
int
urcrypt_ripemd160(uint8_t *message, size_t length, uint8_t out[20])
{
unsigned long n = length;
if ( length != n ) {
return -1;
}
else {
urcrypt__reverse(length, message);
RIPEMD160(message, n, out);
urcrypt__reverse(20, out);
return 0;
}
}

16
pkg/urcrypt/urcrypt/scrypt.c Normal file
View File

@ -0,0 +1,16 @@
#include "urcrypt.h"
#include <libscrypt.h>
#include <sha256.h>
void
urcrypt_scrypt_pbk(const uint8_t *passwd,
size_t passwdlen,
const uint8_t *salt,
size_t saltlen,
uint64_t count,
size_t outlen, // must be at most 32*(2^32-1)
uint8_t *out)
{
libscrypt_PBKDF2_SHA256(
passwd, passwdlen, salt, saltlen, count, out, outlen);
}

198
pkg/urcrypt/urcrypt/secp256k1.c Normal file
View File

@ -0,0 +1,198 @@
#include "urcrypt.h"
#include "util.h"
#include <string.h>
#include <secp256k1.h>
#include <secp256k1_recovery.h>
#include <secp256k1_preallocated.h>
#define SECP_FLAGS SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN
struct urcrypt_secp_context_struct {
secp256k1_context* secp;
uint8_t prealloc[];
};
size_t
urcrypt_secp_prealloc_size()
{
return sizeof(urcrypt_secp_context) +
secp256k1_context_preallocated_size(SECP_FLAGS);
}
int
urcrypt_secp_init(urcrypt_secp_context *context,
uint8_t entropy[32])
{
secp256k1_context* secp =
secp256k1_context_preallocated_create(context->prealloc, SECP_FLAGS);
if ( 1 == secp256k1_context_randomize(secp, entropy) ) {
context->secp = secp;
return 0;
}
else {
secp256k1_context_preallocated_destroy(secp);
return -1;
}
}
void
urcrypt_secp_destroy(urcrypt_secp_context *context)
{
secp256k1_context_preallocated_destroy(context->secp);
}
int
urcrypt_secp_make(uint8_t hash[32], uint8_t key[32], uint8_t out[32])
{
urcrypt__reverse(32, hash);
urcrypt__reverse(32, key);
if ( 1 != secp256k1_nonce_function_rfc6979(
out, // OUT: return arg for nonce
hash, // IN: message / hash */
key, // IN: key32
NULL, // IN: algorithm (NULL == ECDSA)
NULL, // IN: arbitrary data pointer (unused)
0) ) { // IN: attempt number (0 == normal)
return -1;
}
else {
urcrypt__reverse(32, out);
return 0;
}
}
int
urcrypt_secp_sign(urcrypt_secp_context* context,
uint8_t hash[32],
uint8_t key[32],
uint8_t* out_v,
uint8_t out_r[32],
uint8_t out_s[32])
{
secp256k1_ecdsa_recoverable_signature signature;
urcrypt__reverse(32, hash);
urcrypt__reverse(32, key);
/* sign
N.B. if we want the 'v' field we can't use default secp256k1_ecdsa_sign(),
but must use secp256k1_ecdsa_sign_recoverable() */
if ( 1 != secp256k1_ecdsa_sign_recoverable(
context->secp, /* IN: context object */
&signature, /* OUT: signature */
hash, /* IN: 32 byte hash to be signed */
key, /* IN: 32 byte secret key */
NULL, /* IN: nonce-function ptr ; NULL = default */
NULL) ) { /* IN: data for nonce function; not used */
return -1;
}
else {
uint8_t sigbytes[64];
int recid;
if ( 1 != secp256k1_ecdsa_recoverable_signature_serialize_compact(
context->secp, /* IN: context object */
sigbytes, /* OUT: 64 byte sig (r,s) */
&recid, /* OUT: v */
&signature) ) { /* IN: 65 byte sig */
return -2;
}
else {
/* read sigbytes into r and s
convert endianness while we're at it */
uint8_t i, j;
for ( j = 31, i = 0; i < 32; ++i, --j) {
out_r[j] = sigbytes[i];
}
for ( j = 31; i < 64; ++i, --j ) {
out_s[j] = sigbytes[i];
}
*out_v = (uint8_t) recid;
return 0;
}
}
}
int
urcrypt_secp_reco(urcrypt_secp_context* context,
uint8_t hash[32],
uint8_t key_v,
const uint8_t key_r[32],
const uint8_t key_s[32],
uint8_t out_x[32],
uint8_t out_y[32])
{
if ( (NULL == hash) ||
(NULL == key_r) ||
(NULL == key_s) ) {
return -1;
}
else if ( key_v > 3 ) {
return -2;
}
else {
secp256k1_ecdsa_recoverable_signature signature;
uint8_t private[64];
uint8_t i, j;
// make big private key out of two smaller parts, reversing endianness
for ( j = 31, i = 0; i < 32; ++i, --j) {
private[i] = key_r[j];
}
for ( j = 31; i < 64; ++i, --j ) {
private[i] = key_s[j];
}
memset(&signature, 0, sizeof(secp256k1_ecdsa_recoverable_signature));
if ( 1 != secp256k1_ecdsa_recoverable_signature_parse_compact(
context->secp, /* IN: context */
&signature, /* OUT: sig */
private, /* IN: r/s */
key_v) ) { /* IN: v */
return -3;
}
else {
secp256k1_pubkey public;
memset(&public, 0, sizeof(secp256k1_pubkey));
urcrypt__reverse(32, hash);
if ( 1 != secp256k1_ecdsa_recover(
context->secp, /* IN: context */
&public, /* OUT: pub key */
&signature, /* IN: signature */
hash) ) { /* IN: message hash */
return -4;
}
else {
/* convert pub into serialized form that we can get x, y out of */
uint8_t serialized[65];
size_t outputlen = 65;
memset(serialized, 0, outputlen);
if ( 1 != secp256k1_ec_pubkey_serialize(
context->secp, /* IN: context */
serialized, /* OUT: output */
&outputlen, /* IN/OUT: outputlen */
&public, /* IN: pubkey*/
SECP256K1_EC_UNCOMPRESSED) ) { /* IN: flags */
return -5;
}
else {
/* in file
subprojects/secp256k1/src/eckey_impl.h
func
secp256k1_eckey_pubkey_parse()
we can see
byte 0: signal bits (???)
bytes 1-32: x
bytes 33-64: y
convert endianness while we're at it */
for (j = 32, i = 0; i < 32; ++i, --j) {
out_x[i] = serialized[j];
}
for (j = 64, i = 0; i < 32; ++i, --j) {
out_y[i] = serialized[j];
}
return 0;
}
}
}
}
}

49
pkg/urcrypt/urcrypt/sha.c Normal file
View File

@ -0,0 +1,49 @@
#include "urcrypt.h"
#include "util.h"
#include <openssl/sha.h>
void
urcrypt_sha1(uint8_t *message, size_t length, uint8_t out[20])
{
urcrypt__reverse(length, message);
SHA1(message, length, out);
urcrypt__reverse(20, out);
}
void
urcrypt_shay(const uint8_t *message, size_t length, uint8_t out[32])
{
SHA256(message, length, out);
}
void
urcrypt_shal(const uint8_t *message, size_t length, uint8_t out[64])
{
SHA512(message, length, out);
}
void
urcrypt_shas(uint8_t *salt, size_t salt_length,
const uint8_t *message, size_t message_length,
uint8_t out[32])
{
size_t i;
uint8_t mid[32];
// docs don't say what happens if msg overlaps with out
urcrypt_shay(message, message_length, mid);
if ( salt_length > 32 ) {
for ( i = 0; i < 32; i++ ) {
salt[i] ^= mid[i];
}
urcrypt_shay(salt, salt_length, out);
}
else {
for ( i = 0; i < salt_length; i++ ) {
mid[i] ^= salt[i];
}
urcrypt_shay(mid, 32, out);
}
}

18
pkg/urcrypt/urcrypt.h → pkg/urcrypt/urcrypt/urcrypt.h
View File

@ -1,13 +1,8 @@
#ifndef URCRYPT_H
#define URCRYPT_H
#include <stdint.h>
#include <stdbool.h>
#include <stdlib.h>
typedef int (*urcrypt_argon2_alloc_t)(uint8_t**, size_t);
typedef void (*urcrypt_argon2_free_t)(uint8_t*, size_t);
#include <stddef.h>
// const arguments are not written to, non-const arguments may be
// all arrays are in little-endian byte order.
// array sizes[64] are purely documentary
@ -146,6 +141,9 @@ void urcrypt_shas(uint8_t *salt, size_t salt_length,
const uint8_t *message, size_t message_length,
uint8_t out[32]);
typedef int (*urcrypt_argon2_alloc_t)(uint8_t**, size_t);
typedef void (*urcrypt_argon2_free_t)(uint8_t*, size_t);
#define urcrypt_argon2_d 0
#define urcrypt_argon2_i 1
#define urcrypt_argon2_id 2
@ -211,4 +209,12 @@ int urcrypt_secp_reco(urcrypt_secp_context* context,
uint8_t out_x[32],
uint8_t out_y[32]);
void
urcrypt_scrypt_pbk(const uint8_t *passwd,
size_t passwdlen,
const uint8_t *salt,
size_t saltlen,
uint64_t count,
size_t outlen, // must be at most 32*(2^32-1)
uint8_t *out);
#endif

14
pkg/urcrypt/urcrypt/util.c Normal file
View File

@ -0,0 +1,14 @@
#include "urcrypt.h"
void
urcrypt__reverse(size_t size, uint8_t *ptr) {
if ( size > 0 ) {
size_t i, j;
uint8_t tmp;
for ( i = 0, j = size - 1; i < j; i++, j-- ) {
tmp = ptr[i];
ptr[i] = ptr[j];
ptr[j] = tmp;
}
}
}

6
pkg/urcrypt/urcrypt/util.h Normal file
View File

@ -0,0 +1,6 @@
#ifndef URCRYPT_UTIL_H
#define URCRYPT_UTIL_H
void urcrypt__reverse(size_t size, uint8_t *ptr);
#endif