7 #ifndef SECP256K1_HASH_IMPL_H 8 #define SECP256K1_HASH_IMPL_H 17 #define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) 18 #define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) 19 #define Sigma0(x) (((x) >> 2 | (x) << 30) ^ ((x) >> 13 | (x) << 19) ^ ((x) >> 22 | (x) << 10)) 20 #define Sigma1(x) (((x) >> 6 | (x) << 26) ^ ((x) >> 11 | (x) << 21) ^ ((x) >> 25 | (x) << 7)) 21 #define sigma0(x) (((x) >> 7 | (x) << 25) ^ ((x) >> 18 | (x) << 14) ^ ((x) >> 3)) 22 #define sigma1(x) (((x) >> 17 | (x) << 15) ^ ((x) >> 19 | (x) << 13) ^ ((x) >> 10)) 24 #define Round(a,b,c,d,e,f,g,h,k,w) do { \ 25 uint32_t t1 = (h) + Sigma1(e) + Ch((e), (f), (g)) + (k) + (w); \ 26 uint32_t t2 = Sigma0(a) + Maj((a), (b), (c)); \ 32 hash->s[0] = 0x6a09e667ul;
33 hash->s[1] = 0xbb67ae85ul;
34 hash->s[2] = 0x3c6ef372ul;
35 hash->s[3] = 0xa54ff53aul;
36 hash->s[4] = 0x510e527ful;
37 hash->s[5] = 0x9b05688cul;
38 hash->s[6] = 0x1f83d9abul;
39 hash->s[7] = 0x5be0cd19ul;
44 static void secp256k1_sha256_transform(
uint32_t* s,
const unsigned char*
buf) {
45 uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7];
46 uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15;
48 Round(
a, b, c, d, e, f, g, h, 0x428a2f98, w0 = secp256k1_read_be32(&
buf[0]));
49 Round(h,
a, b, c, d, e, f, g, 0x71374491, w1 = secp256k1_read_be32(&
buf[4]));
50 Round(g, h,
a, b, c, d, e, f, 0xb5c0fbcf, w2 = secp256k1_read_be32(&
buf[8]));
51 Round(f, g, h,
a, b, c, d, e, 0xe9b5dba5, w3 = secp256k1_read_be32(&
buf[12]));
52 Round(e, f, g, h,
a, b, c, d, 0x3956c25b, w4 = secp256k1_read_be32(&
buf[16]));
53 Round(d, e, f, g, h,
a, b, c, 0x59f111f1, w5 = secp256k1_read_be32(&
buf[20]));
54 Round(c, d, e, f, g, h,
a, b, 0x923f82a4, w6 = secp256k1_read_be32(&
buf[24]));
55 Round(b, c, d, e, f, g, h,
a, 0xab1c5ed5, w7 = secp256k1_read_be32(&
buf[28]));
56 Round(
a, b, c, d, e, f, g, h, 0xd807aa98, w8 = secp256k1_read_be32(&
buf[32]));
57 Round(h,
a, b, c, d, e, f, g, 0x12835b01, w9 = secp256k1_read_be32(&
buf[36]));
58 Round(g, h,
a, b, c, d, e, f, 0x243185be, w10 = secp256k1_read_be32(&
buf[40]));
59 Round(f, g, h,
a, b, c, d, e, 0x550c7dc3, w11 = secp256k1_read_be32(&
buf[44]));
60 Round(e, f, g, h,
a, b, c, d, 0x72be5d74, w12 = secp256k1_read_be32(&
buf[48]));
61 Round(d, e, f, g, h,
a, b, c, 0x80deb1fe, w13 = secp256k1_read_be32(&
buf[52]));
62 Round(c, d, e, f, g, h,
a, b, 0x9bdc06a7, w14 = secp256k1_read_be32(&
buf[56]));
63 Round(b, c, d, e, f, g, h,
a, 0xc19bf174, w15 = secp256k1_read_be32(&
buf[60]));
126 static void secp256k1_sha256_write(
secp256k1_sha256 *
hash,
const unsigned char *data,
size_t len) {
127 size_t bufsize =
hash->bytes & 0x3F;
130 while (len >= 64 - bufsize) {
132 size_t chunk_len = 64 - bufsize;
136 secp256k1_sha256_transform(
hash->s,
hash->buf);
141 memcpy(((
unsigned char*)
hash->buf) + bufsize, data, len);
146 static const unsigned char pad[64] = {0x80};
147 unsigned char sizedesc[8];
151 secp256k1_write_be32(&sizedesc[0],
hash->bytes >> 29);
152 secp256k1_write_be32(&sizedesc[4],
hash->bytes << 3);
153 secp256k1_sha256_write(
hash, pad, 1 + ((119 - (
hash->bytes % 64)) % 64));
154 secp256k1_sha256_write(
hash, sizedesc, 8);
155 for (i = 0; i < 8; i++) {
156 secp256k1_write_be32(&out32[4*i],
hash->s[i]);
163 static void secp256k1_sha256_initialize_tagged(
secp256k1_sha256 *
hash,
const unsigned char *tag,
size_t taglen) {
164 unsigned char buf[32];
165 secp256k1_sha256_initialize(
hash);
166 secp256k1_sha256_write(
hash, tag, taglen);
167 secp256k1_sha256_finalize(
hash,
buf);
169 secp256k1_sha256_initialize(
hash);
170 secp256k1_sha256_write(
hash,
buf, 32);
171 secp256k1_sha256_write(
hash,
buf, 32);
176 unsigned char rkey[64];
177 if (keylen <=
sizeof(rkey)) {
179 memset(rkey + keylen, 0,
sizeof(rkey) - keylen);
182 secp256k1_sha256_initialize(&sha256);
183 secp256k1_sha256_write(&sha256,
key, keylen);
184 secp256k1_sha256_finalize(&sha256, rkey);
185 memset(rkey + 32, 0, 32);
188 secp256k1_sha256_initialize(&
hash->outer);
189 for (n = 0; n <
sizeof(rkey); n++) {
192 secp256k1_sha256_write(&
hash->outer, rkey,
sizeof(rkey));
194 secp256k1_sha256_initialize(&
hash->inner);
195 for (n = 0; n <
sizeof(rkey); n++) {
196 rkey[n] ^= 0x5c ^ 0x36;
198 secp256k1_sha256_write(&
hash->inner, rkey,
sizeof(rkey));
199 memset(rkey, 0,
sizeof(rkey));
203 secp256k1_sha256_write(&
hash->inner, data, size);
207 unsigned char temp[32];
208 secp256k1_sha256_finalize(&
hash->inner, temp);
209 secp256k1_sha256_write(&
hash->outer, temp, 32);
211 secp256k1_sha256_finalize(&
hash->outer, out32);
217 static const unsigned char zero[1] = {0x00};
218 static const unsigned char one[1] = {0x01};
220 memset(rng->
v, 0x01, 32);
221 memset(rng->
k, 0x00, 32);
224 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
225 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
226 secp256k1_hmac_sha256_write(&hmac,
zero, 1);
227 secp256k1_hmac_sha256_write(&hmac,
key, keylen);
228 secp256k1_hmac_sha256_finalize(&hmac, rng->
k);
229 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
230 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
231 secp256k1_hmac_sha256_finalize(&hmac, rng->
v);
234 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
235 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
236 secp256k1_hmac_sha256_write(&hmac, one, 1);
237 secp256k1_hmac_sha256_write(&hmac,
key, keylen);
238 secp256k1_hmac_sha256_finalize(&hmac, rng->
k);
239 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
240 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
241 secp256k1_hmac_sha256_finalize(&hmac, rng->
v);
247 static const unsigned char zero[1] = {0x00};
250 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
251 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
252 secp256k1_hmac_sha256_write(&hmac,
zero, 1);
253 secp256k1_hmac_sha256_finalize(&hmac, rng->
k);
254 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
255 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
256 secp256k1_hmac_sha256_finalize(&hmac, rng->
v);
262 secp256k1_hmac_sha256_initialize(&hmac, rng->
k, 32);
263 secp256k1_hmac_sha256_write(&hmac, rng->
v, 32);
264 secp256k1_hmac_sha256_finalize(&hmac, rng->
v);
277 memset(rng->
k, 0, 32);
278 memset(rng->
v, 0, 32);
#define VERIFY_CHECK(cond)
#define Round(a, b, c, d, e, f, g, h, k, w)
unsigned __int64 uint64_t
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
void * memcpy(void *a, const void *b, size_t c)