mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-04 10:07:27 -05:00
b2135359b3
7a49cacMerge #410: Add string.h include to ecmult_impl0bbd5d4Add string.h include to ecmult_implc5b32e1Merge #405: Make secp256k1_fe_sqrt constant time926836aMake secp256k1_fe_sqrt constant timee2a8e92Merge #404: Replace 3M + 4S doubling formula with 2M + 5S one8ec49d8Add note about 2M + 5S doubling formula5a91bd7Merge #400: A couple minor cleanupsac01378build: add -DSECP256K1_BUILD to benchmark_internal build flagsa6c6f99Remove a bunch of unused stdlib #includes65285a6Merge #403: configure: add flag to disable OpenSSL testsa9b2a5dconfigure: add flag to disable OpenSSL testsb340123Merge #402: Add support for testing quadratic residuese6e9805Add function for testing quadratic residue field/group elements.efd953aAdd Jacobi symbol test via GMPfa36a0dMerge #401: ecmult_const: unify endomorphism and non-endomorphism skew casesc6191fdecmult_const: unify endomorphism and non-endomorphism skew cases0b3e618Merge #378: .gitignore build-aux cleanup6042217Merge #384: JNI: align shared files copyright/comments to bitcoinj's24ad20fMerge #399: build: verify that the native compiler works for static precompb3be852Merge #398: Test whether ECDH and Schnorr are enabled for JNIaa0b1fdbuild: verify that the native compiler works for static precompeee808dTest whether ECDH and Schnorr are enabled for JNI7b0fb18Merge #366: ARM assembly implementation of field_10x26 inner (rebase of #173)001f176ARM assembly implementation of field_10x26 inner0172be9Merge #397: Small fixes for sha2563f8b78eFix undefs in hash_impl.h2ab4695Fix state size in sha256 struct6875b01Merge #386: Add some missing `VERIFY_CHECK(ctx != NULL)`2c52b5dMerge #389: Cast pointers through uintptr_t under JNI43097a4Merge #390: Update bitcoin-core GitHub links31c9c12Merge #391: JNI: Only call ecdsa_verify if its inputs parsed correctly1cb2302Merge #392: Add testcase which hits additional branch in secp256k1_scalar_sqrd2ee340Merge #388: bench_ecdh: fix call to secp256k1_context_create093a497Add testcase which hits additional branch in secp256k1_scalar_sqra40c701JNI: Only call ecdsa_verify if its inputs parsed correctlyfaa2a11Update bitcoin-core GitHub links47b9e78Cast pointers through uintptr_t under JNIf36f9c6bench_ecdh: fix call to secp256k1_context_createbcc4881Add some missing `VERIFY_CHECK(ctx != NULL)` for functions that use `ARG_CHECK`6ceea2calign shared files copyright/comments to bitcoinj's70141a8Update .gitignore7b549b1Merge #373: build: fix x86_64 asm detection for some compilersbc7c93cMerge #374: Add note about y=0 being possible on one of the sextic twistse457018Merge #364: JNI rebased86e2d07JNI library: cleanup, removed unimplemented code3093576aJNI librarybd2895fMerge pull request #371e72e93aAdd note about y=0 being possible on one of the sextic twists3f8fdfbbuild: fix x86_64 asm detection for some compilerse5a9047[Trivial] Remove double semicolonsc18b869Merge pull request #3603026daaMerge pull request #30203d4611Add sage verification script for the group lawsa965937Merge pull request #36183221ecAdd experimental features to configure5d4c5a3Prevent damage_array in the signature test from going out of bounds.419bf7fMerge pull request #35603d84a4Benchmark against OpenSSL verification git-subtree-dir: src/secp256k1 git-subtree-split:7a49cacd39
208 lines
6.3 KiB
C++
208 lines
6.3 KiB
C++
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
|
// Copyright (c) 2009-2015 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#ifndef BITCOIN_HASH_H
|
|
#define BITCOIN_HASH_H
|
|
|
|
#include "crypto/ripemd160.h"
|
|
#include "crypto/sha256.h"
|
|
#include "prevector.h"
|
|
#include "serialize.h"
|
|
#include "uint256.h"
|
|
#include "version.h"
|
|
|
|
#include <vector>
|
|
|
|
typedef uint256 ChainCode;
|
|
|
|
/** A hasher class for Bitcoin's 256-bit hash (double SHA-256). */
|
|
class CHash256 {
|
|
private:
|
|
CSHA256 sha;
|
|
public:
|
|
static const size_t OUTPUT_SIZE = CSHA256::OUTPUT_SIZE;
|
|
|
|
void Finalize(unsigned char hash[OUTPUT_SIZE]) {
|
|
unsigned char buf[sha.OUTPUT_SIZE];
|
|
sha.Finalize(buf);
|
|
sha.Reset().Write(buf, sha.OUTPUT_SIZE).Finalize(hash);
|
|
}
|
|
|
|
CHash256& Write(const unsigned char *data, size_t len) {
|
|
sha.Write(data, len);
|
|
return *this;
|
|
}
|
|
|
|
CHash256& Reset() {
|
|
sha.Reset();
|
|
return *this;
|
|
}
|
|
};
|
|
|
|
/** A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160). */
|
|
class CHash160 {
|
|
private:
|
|
CSHA256 sha;
|
|
public:
|
|
static const size_t OUTPUT_SIZE = CRIPEMD160::OUTPUT_SIZE;
|
|
|
|
void Finalize(unsigned char hash[OUTPUT_SIZE]) {
|
|
unsigned char buf[sha.OUTPUT_SIZE];
|
|
sha.Finalize(buf);
|
|
CRIPEMD160().Write(buf, sha.OUTPUT_SIZE).Finalize(hash);
|
|
}
|
|
|
|
CHash160& Write(const unsigned char *data, size_t len) {
|
|
sha.Write(data, len);
|
|
return *this;
|
|
}
|
|
|
|
CHash160& Reset() {
|
|
sha.Reset();
|
|
return *this;
|
|
}
|
|
};
|
|
|
|
/** Compute the 256-bit hash of an object. */
|
|
template<typename T1>
|
|
inline uint256 Hash(const T1 pbegin, const T1 pend)
|
|
{
|
|
static const unsigned char pblank[1] = {};
|
|
uint256 result;
|
|
CHash256().Write(pbegin == pend ? pblank : (const unsigned char*)&pbegin[0], (pend - pbegin) * sizeof(pbegin[0]))
|
|
.Finalize((unsigned char*)&result);
|
|
return result;
|
|
}
|
|
|
|
/** Compute the 256-bit hash of the concatenation of two objects. */
|
|
template<typename T1, typename T2>
|
|
inline uint256 Hash(const T1 p1begin, const T1 p1end,
|
|
const T2 p2begin, const T2 p2end) {
|
|
static const unsigned char pblank[1] = {};
|
|
uint256 result;
|
|
CHash256().Write(p1begin == p1end ? pblank : (const unsigned char*)&p1begin[0], (p1end - p1begin) * sizeof(p1begin[0]))
|
|
.Write(p2begin == p2end ? pblank : (const unsigned char*)&p2begin[0], (p2end - p2begin) * sizeof(p2begin[0]))
|
|
.Finalize((unsigned char*)&result);
|
|
return result;
|
|
}
|
|
|
|
/** Compute the 256-bit hash of the concatenation of three objects. */
|
|
template<typename T1, typename T2, typename T3>
|
|
inline uint256 Hash(const T1 p1begin, const T1 p1end,
|
|
const T2 p2begin, const T2 p2end,
|
|
const T3 p3begin, const T3 p3end) {
|
|
static const unsigned char pblank[1] = {};
|
|
uint256 result;
|
|
CHash256().Write(p1begin == p1end ? pblank : (const unsigned char*)&p1begin[0], (p1end - p1begin) * sizeof(p1begin[0]))
|
|
.Write(p2begin == p2end ? pblank : (const unsigned char*)&p2begin[0], (p2end - p2begin) * sizeof(p2begin[0]))
|
|
.Write(p3begin == p3end ? pblank : (const unsigned char*)&p3begin[0], (p3end - p3begin) * sizeof(p3begin[0]))
|
|
.Finalize((unsigned char*)&result);
|
|
return result;
|
|
}
|
|
|
|
/** Compute the 160-bit hash an object. */
|
|
template<typename T1>
|
|
inline uint160 Hash160(const T1 pbegin, const T1 pend)
|
|
{
|
|
static unsigned char pblank[1] = {};
|
|
uint160 result;
|
|
CHash160().Write(pbegin == pend ? pblank : (const unsigned char*)&pbegin[0], (pend - pbegin) * sizeof(pbegin[0]))
|
|
.Finalize((unsigned char*)&result);
|
|
return result;
|
|
}
|
|
|
|
/** Compute the 160-bit hash of a vector. */
|
|
inline uint160 Hash160(const std::vector<unsigned char>& vch)
|
|
{
|
|
return Hash160(vch.begin(), vch.end());
|
|
}
|
|
|
|
/** Compute the 160-bit hash of a vector. */
|
|
template<unsigned int N>
|
|
inline uint160 Hash160(const prevector<N, unsigned char>& vch)
|
|
{
|
|
return Hash160(vch.begin(), vch.end());
|
|
}
|
|
|
|
/** A writer stream (for serialization) that computes a 256-bit hash. */
|
|
class CHashWriter
|
|
{
|
|
private:
|
|
CHash256 ctx;
|
|
|
|
public:
|
|
int nType;
|
|
int nVersion;
|
|
|
|
CHashWriter(int nTypeIn, int nVersionIn) : nType(nTypeIn), nVersion(nVersionIn) {}
|
|
|
|
CHashWriter& write(const char *pch, size_t size) {
|
|
ctx.Write((const unsigned char*)pch, size);
|
|
return (*this);
|
|
}
|
|
|
|
// invalidates the object
|
|
uint256 GetHash() {
|
|
uint256 result;
|
|
ctx.Finalize((unsigned char*)&result);
|
|
return result;
|
|
}
|
|
|
|
template<typename T>
|
|
CHashWriter& operator<<(const T& obj) {
|
|
// Serialize to this stream
|
|
::Serialize(*this, obj, nType, nVersion);
|
|
return (*this);
|
|
}
|
|
};
|
|
|
|
/** Compute the 256-bit hash of an object's serialization. */
|
|
template<typename T>
|
|
uint256 SerializeHash(const T& obj, int nType=SER_GETHASH, int nVersion=PROTOCOL_VERSION)
|
|
{
|
|
CHashWriter ss(nType, nVersion);
|
|
ss << obj;
|
|
return ss.GetHash();
|
|
}
|
|
|
|
unsigned int MurmurHash3(unsigned int nHashSeed, const std::vector<unsigned char>& vDataToHash);
|
|
|
|
void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64]);
|
|
|
|
/** SipHash-2-4 */
|
|
class CSipHasher
|
|
{
|
|
private:
|
|
uint64_t v[4];
|
|
uint64_t tmp;
|
|
int count;
|
|
|
|
public:
|
|
/** Construct a SipHash calculator initialized with 128-bit key (k0, k1) */
|
|
CSipHasher(uint64_t k0, uint64_t k1);
|
|
/** Hash a 64-bit integer worth of data
|
|
* It is treated as if this was the little-endian interpretation of 8 bytes.
|
|
* This function can only be used when a multiple of 8 bytes have been written so far.
|
|
*/
|
|
CSipHasher& Write(uint64_t data);
|
|
/** Hash arbitrary bytes. */
|
|
CSipHasher& Write(const unsigned char* data, size_t size);
|
|
/** Compute the 64-bit SipHash-2-4 of the data written so far. The object remains untouched. */
|
|
uint64_t Finalize() const;
|
|
};
|
|
|
|
/** Optimized SipHash-2-4 implementation for uint256.
|
|
*
|
|
* It is identical to:
|
|
* SipHasher(k0, k1)
|
|
* .Write(val.GetUint64(0))
|
|
* .Write(val.GetUint64(1))
|
|
* .Write(val.GetUint64(2))
|
|
* .Write(val.GetUint64(3))
|
|
* .Finalize()
|
|
*/
|
|
uint64_t SipHashUint256(uint64_t k0, uint64_t k1, const uint256& val);
|
|
|
|
#endif // BITCOIN_HASH_H
|