aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaweł Bylica <pawel.bylica@imapp.pl>2014-11-17 16:48:34 +0800
committerPaweł Bylica <pawel.bylica@imapp.pl>2014-11-17 16:48:34 +0800
commit9cb0f56af27feea30e4452122be767f28e3cbdb4 (patch)
tree09b349eb4a3552b050132527466de1b524d99c78
parent72fa55410eff980e36101d773d592f7da42db8cb (diff)
parent578a0391cd9fee49429389fd39043cea8ae21570 (diff)
downloaddexon-solidity-9cb0f56af27feea30e4452122be767f28e3cbdb4.tar.gz
dexon-solidity-9cb0f56af27feea30e4452122be767f28e3cbdb4.tar.zst
dexon-solidity-9cb0f56af27feea30e4452122be767f28e3cbdb4.zip
Merge branch 'develop-evmcc' into pr-jit
-rw-r--r--TestHelperCrypto.h51
-rw-r--r--crypto.cpp277
2 files changed, 129 insertions, 199 deletions
diff --git a/TestHelperCrypto.h b/TestHelperCrypto.h
deleted file mode 100644
index 01e97c21..00000000
--- a/TestHelperCrypto.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- This file is part of cpp-ethereum.
-
- cpp-ethereum is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- cpp-ethereum is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>.
- */
-/** @file TestHelperCrypto.h
- * @author Alex Leverington <nessence@gmail.com>
- * @date 2014
- */
-
-#pragma once
-
-#include <libdevcrypto/CryptoPP.h>
-
-using namespace std;
-using namespace CryptoPP;
-
-void SavePrivateKey(const PrivateKey& key, const string& file = "ecies.private.key")
-{
- FileSink sink(file.c_str());
- key.Save(sink);
-}
-
-void SavePublicKey(const PublicKey& key, const string& file = "ecies.public.key")
-{
- FileSink sink(file.c_str());
- key.Save(sink);
-}
-
-void LoadPrivateKey(PrivateKey& key, const string& file = "ecies.private.key")
-{
- FileSource source(file.c_str(), true);
- key.Load(source);
-}
-
-void LoadPublicKey(PublicKey& key, const string& file = "ecies.public.key")
-{
- FileSource source(file.c_str(), true);
- key.Load(source);
-}
diff --git a/crypto.cpp b/crypto.cpp
index 06e55658..08236135 100644
--- a/crypto.cpp
+++ b/crypto.cpp
@@ -27,9 +27,9 @@
#include <libdevcore/Log.h>
#include <libethereum/Transaction.h>
#include <boost/test/unit_test.hpp>
-#include <libdevcrypto/EC.h>
-#include <libdevcrypto/SHA3MAC.h>
-#include "TestHelperCrypto.h"
+#include <libdevcrypto/SHA3.h>
+#include <libdevcrypto/ECDHE.h>
+#include <libdevcrypto/CryptoPP.h>
using namespace std;
using namespace dev;
@@ -38,9 +38,24 @@ using namespace CryptoPP;
BOOST_AUTO_TEST_SUITE(devcrypto)
+static Secp256k1 s_secp256k1;
+static CryptoPP::AutoSeededRandomPool s_rng;
+static CryptoPP::OID s_curveOID(CryptoPP::ASN1::secp256k1());
+static CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> s_params(s_curveOID);
+static CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::EllipticCurve s_curve(s_params.GetCurve());
+
+BOOST_AUTO_TEST_CASE(verify_secert)
+{
+ h256 empty;
+ KeyPair kNot(empty);
+ BOOST_REQUIRE(!kNot.address());
+ KeyPair k(sha3(empty));
+ BOOST_REQUIRE(k.address());
+}
+
BOOST_AUTO_TEST_CASE(common_encrypt_decrypt)
{
- string message("Now is the time for all good persons to come to the aide of humanity.");
+ string message("Now is the time for all good persons to come to the aid of humanity.");
bytes m = asBytes(message);
bytesConstRef bcr(&m);
@@ -56,103 +71,50 @@ BOOST_AUTO_TEST_CASE(common_encrypt_decrypt)
BOOST_REQUIRE(plain == asBytes(message));
}
-BOOST_AUTO_TEST_CASE(cryptopp_vs_secp256k1)
-{
- ECIES<ECP>::Decryptor d(pp::PRNG, pp::secp256k1Curve);
- ECIES<ECP>::Encryptor e(d.GetKey());
-
- Secret s;
- pp::exportPrivateKey(d.GetKey(), s);
-
- Public p;
- pp::exportPublicKey(e.GetKey(), p);
-
- BOOST_REQUIRE(dev::toAddress(s) == right160(dev::sha3(p.ref())));
-
- Secret previous = s;
- for (auto i = 0; i < 2; i++)
- {
- ECIES<ECP>::Decryptor d(pp::PRNG, pp::secp256k1Curve);
- ECIES<ECP>::Encryptor e(d.GetKey());
-
- Secret s;
- pp::exportPrivateKey(d.GetKey(), s);
- BOOST_REQUIRE(s != previous);
-
- Public p;
- pp::exportPublicKey(e.GetKey(), p);
-
- h160 secp256k1Addr = dev::toAddress(s);
- h160 cryptoppAddr = right160(dev::sha3(p.ref()));
- if (secp256k1Addr != cryptoppAddr)
- {
- BOOST_REQUIRE(secp256k1Addr == cryptoppAddr);
- break;
- }
- }
-}
-
BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_secp256k1libport)
{
- // cryptopp implementation of secp256k1lib sign_compact w/recid parameter and recovery of public key from signature
-
+ secp256k1_start();
+
// base secret
Secret secret(sha3("privacy"));
// we get ec params from signer
- const CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> params = pp::secp256k1Params;
ECDSA<ECP, SHA3_256>::Signer signer;
// e := sha3(msg)
bytes e(fromHex("0x01"));
e.resize(32);
- int tests = 2; // Oct 29: successful @ 1500
+ int tests = 2;
while (sha3(&e, &e), secret = sha3(secret.asBytes()), tests--)
{
KeyPair key(secret);
Public pkey = key.pub();
- pp::initializeDLScheme(secret, signer);
+ signer.AccessKey().Initialize(s_params, secretToExponent(secret));
h256 he(sha3(e));
Integer heInt(he.asBytes().data(), 32);
h256 k(crypto::kdf(secret, he));
Integer kInt(k.asBytes().data(), 32);
- kInt %= params.GetSubgroupOrder()-1;
+ kInt %= s_params.GetSubgroupOrder()-1;
- ECP::Point rp = params.ExponentiateBase(kInt);
- Integer const& q = params.GetGroupOrder();
- Integer r = params.ConvertElementToInteger(rp);
- int recid = ((r >= q) ? 2 : 0) | (rp.y.IsOdd() ? 1 : 0);
+ ECP::Point rp = s_params.ExponentiateBase(kInt);
+ Integer const& q = s_params.GetGroupOrder();
+ Integer r = s_params.ConvertElementToInteger(rp);
Integer kInv = kInt.InverseMod(q);
Integer s = (kInv * (Integer(secret.asBytes().data(), 32)*r + heInt)) % q;
BOOST_REQUIRE(!!r && !!s);
-
-/*
- // For future reference:
- // According to maths, this codepath can't be reached, however, it's in secp256k1.
- // Commenting this out diverges from codebase implementation.
- // To be removed after upstream PR and proof are evaulated.
-
- if (s > params.GetSubgroupOrder())
- {
- // note: this rarely happens
- s = params.GetGroupOrder() - s;
- if (recid)
- recid ^= 1;
- }
- */
Signature sig;
+ sig[64] = rp.y.IsOdd() ? 1 : 0;
r.Encode(sig.data(), 32);
s.Encode(sig.data() + 32, 32);
- sig[64] = recid;
Public p = dev::recover(sig, he);
BOOST_REQUIRE(p == pkey);
// verify w/cryptopp
- BOOST_REQUIRE(crypto::verify(pkey, sig, bytesConstRef(&e)));
+ BOOST_REQUIRE(s_secp256k1.verify(pkey, sig, bytesConstRef(&e)));
// verify with secp256k1lib
byte encpub[65] = {0x04};
@@ -166,16 +128,18 @@ BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_secp256k1libport)
BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
{
+ secp256k1_start();
+
// cryptopp integer encoding
Integer nHex("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2H");
Integer nB(fromHex("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2").data(), 32);
BOOST_REQUIRE(nHex == nB);
- bytes sbytes(fromHex("0x01"));
- Secret secret(sha3(sbytes)); // 5fe7f977e71dba2ea1a68e21057beebb9be2ac30c6410aa38d4f3fbe41dcffd2
+ bytes sbytes(fromHex("0xFFFF"));
+ Secret secret(sha3(sbytes));
KeyPair key(secret);
- bytes m(fromHex("0x01"));
+ bytes m(1, 0xff);
int tests = 2;
while (m[0]++, tests--)
{
@@ -183,45 +147,45 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
Integer hInt(hm.asBytes().data(), 32);
h256 k(hm ^ key.sec());
Integer kInt(k.asBytes().data(), 32);
-
+
// raw sign w/cryptopp (doesn't pass through cryptopp hash filter)
ECDSA<ECP, SHA3_256>::Signer signer;
- pp::initializeDLScheme(key.sec(), signer);
+ signer.AccessKey().Initialize(s_params, secretToExponent(key.sec()));
Integer r, s;
signer.RawSign(kInt, hInt, r, s);
// verify cryptopp raw-signature w/cryptopp
ECDSA<ECP, SHA3_256>::Verifier verifier;
- pp::initializeDLScheme(key.pub(), verifier);
+ verifier.AccessKey().Initialize(s_params, publicToPoint(key.pub()));
Signature sigppraw;
r.Encode(sigppraw.data(), 32);
s.Encode(sigppraw.data() + 32, 32);
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppraw.data(), 64));
- BOOST_REQUIRE(crypto::verify(key.pub(), sigppraw, bytesConstRef(&m)));
+// BOOST_REQUIRE(crypto::verify(key.pub(), sigppraw, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), sigppraw, hm));
// sign with cryptopp, verify, recover w/sec256lib
Signature seclibsig(dev::sign(key.sec(), hm));
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), seclibsig.data(), 64));
- BOOST_REQUIRE(crypto::verify(key.pub(), seclibsig, bytesConstRef(&m)));
+// BOOST_REQUIRE(crypto::verify(key.pub(), seclibsig, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), seclibsig, hm));
BOOST_REQUIRE(dev::recover(seclibsig, hm) == key.pub());
// sign with cryptopp (w/hash filter?), verify with cryptopp
bytes sigppb(signer.MaxSignatureLength());
- size_t ssz = signer.SignMessage(pp::PRNG, m.data(), m.size(), sigppb.data());
+ size_t ssz = signer.SignMessage(s_rng, m.data(), m.size(), sigppb.data());
Signature sigpp;
memcpy(sigpp.data(), sigppb.data(), 64);
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppb.data(), ssz));
- BOOST_REQUIRE(crypto::verify(key.pub(), sigpp, bytesConstRef(&m)));
+// BOOST_REQUIRE(crypto::verify(key.pub(), sigpp, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), sigpp, hm));
// sign with cryptopp and stringsource hash filter
string sigstr;
- StringSource ssrc(asString(m), true, new SignerFilter(pp::PRNG, signer, new StringSink(sigstr)));
+ StringSource ssrc(asString(m), true, new SignerFilter(s_rng, signer, new StringSink(sigstr)));
FixedHash<sizeof(Signature)> retsig((byte const*)sigstr.data(), Signature::ConstructFromPointer);
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), retsig.data(), 64));
- BOOST_REQUIRE(crypto::verify(key.pub(), retsig, bytesConstRef(&m)));
+// BOOST_REQUIRE(crypto::verify(key.pub(), retsig, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), retsig, hm));
/// verification w/sec256lib
@@ -247,92 +211,102 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
}
}
-BOOST_AUTO_TEST_CASE(cryptopp_public_export_import)
-{
- ECIES<ECP>::Decryptor d(pp::PRNG, pp::secp256k1Curve);
- ECIES<ECP>::Encryptor e(d.GetKey());
-
- Secret s;
- pp::exportPrivateKey(d.GetKey(), s);
- Public p;
- pp::exportPublicKey(e.GetKey(), p);
- Address addr = right160(dev::sha3(p.ref()));
- BOOST_REQUIRE(toAddress(s) == addr);
-
- KeyPair l(s);
- BOOST_REQUIRE(l.address() == addr);
-}
-
BOOST_AUTO_TEST_CASE(ecies_eckeypair)
{
KeyPair k = KeyPair::create();
- string message("Now is the time for all good persons to come to the aide of humanity.");
+ string message("Now is the time for all good persons to come to the aid of humanity.");
string original = message;
bytes b = asBytes(message);
- encrypt(k.pub(), b);
+ s_secp256k1.encrypt(k.pub(), b);
BOOST_REQUIRE(b != asBytes(original));
- decrypt(k.sec(), b);
+ s_secp256k1.decrypt(k.sec(), b);
BOOST_REQUIRE(b == asBytes(original));
}
-BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac)
+BOOST_AUTO_TEST_CASE(ecdh)
{
- // New connections require new ECDH keypairs
- // Every new connection requires a new EC keypair
- // Every new trust requires a new EC keypair
- // All connections should share seed for PRF (or PRNG) for nonces
+ cnote << "Testing ecdh...";
+
+ ECDH<ECP>::Domain dhLocal(s_curveOID);
+ SecByteBlock privLocal(dhLocal.PrivateKeyLength());
+ SecByteBlock pubLocal(dhLocal.PublicKeyLength());
+ dhLocal.GenerateKeyPair(s_rng, privLocal, pubLocal);
+
+ ECDH<ECP>::Domain dhRemote(s_curveOID);
+ SecByteBlock privRemote(dhRemote.PrivateKeyLength());
+ SecByteBlock pubRemote(dhRemote.PublicKeyLength());
+ dhRemote.GenerateKeyPair(s_rng, privRemote, pubRemote);
+
+ assert(dhLocal.AgreedValueLength() == dhRemote.AgreedValueLength());
+
+ // local: send public to remote; remote: send public to local
+ // Local
+ SecByteBlock sharedLocal(dhLocal.AgreedValueLength());
+ assert(dhLocal.Agree(sharedLocal, privLocal, pubRemote));
+ // Remote
+ SecByteBlock sharedRemote(dhRemote.AgreedValueLength());
+ assert(dhRemote.Agree(sharedRemote, privRemote, pubLocal));
+
+ // Test
+ Integer ssLocal, ssRemote;
+ ssLocal.Decode(sharedLocal.BytePtr(), sharedLocal.SizeInBytes());
+ ssRemote.Decode(sharedRemote.BytePtr(), sharedRemote.SizeInBytes());
+
+ assert(ssLocal != 0);
+ assert(ssLocal == ssRemote);
+
+
+ // Now use our keys
+ KeyPair a = KeyPair::create();
+ byte puba[65] = {0x04};
+ memcpy(&puba[1], a.pub().data(), 64);
+
+ KeyPair b = KeyPair::create();
+ byte pubb[65] = {0x04};
+ memcpy(&pubb[1], b.pub().data(), 64);
+
+ ECDH<ECP>::Domain dhA(s_curveOID);
+ Secret shared;
+ BOOST_REQUIRE(dhA.Agree(shared.data(), a.sec().data(), pubb));
+ BOOST_REQUIRE(shared);
}
-BOOST_AUTO_TEST_CASE(cryptopp_ecies_message)
+BOOST_AUTO_TEST_CASE(ecdhe)
{
- cnote << "Testing cryptopp_ecies_message...";
-
- string const message("Now is the time for all good persons to come to the aide of humanity.");
-
- ECIES<ECP>::Decryptor localDecryptor(pp::PRNG, pp::secp256k1Curve);
- SavePrivateKey(localDecryptor.GetPrivateKey());
+ cnote << "Testing ecdhe...";
- ECIES<ECP>::Encryptor localEncryptor(localDecryptor);
- SavePublicKey(localEncryptor.GetPublicKey());
-
- ECIES<ECP>::Decryptor futureDecryptor;
- LoadPrivateKey(futureDecryptor.AccessPrivateKey());
- futureDecryptor.GetPrivateKey().ThrowIfInvalid(pp::PRNG, 3);
+ ECDHE a, b;
+ BOOST_CHECK_NE(a.pubkey(), b.pubkey());
- ECIES<ECP>::Encryptor futureEncryptor;
- LoadPublicKey(futureEncryptor.AccessPublicKey());
- futureEncryptor.GetPublicKey().ThrowIfInvalid(pp::PRNG, 3);
-
- // encrypt/decrypt with local
- string cipherLocal;
- StringSource ss1 (message, true, new PK_EncryptorFilter(pp::PRNG, localEncryptor, new StringSink(cipherLocal) ) );
- string plainLocal;
- StringSource ss2 (cipherLocal, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocal) ) );
-
- // encrypt/decrypt with future
- string cipherFuture;
- StringSource ss3 (message, true, new PK_EncryptorFilter(pp::PRNG, futureEncryptor, new StringSink(cipherFuture) ) );
- string plainFuture;
- StringSource ss4 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, futureDecryptor, new StringSink(plainFuture) ) );
+ ECDHE local;
+ ECDHE remote;
- // decrypt local w/future
- string plainFutureFromLocal;
- StringSource ss5 (cipherLocal, true, new PK_DecryptorFilter(pp::PRNG, futureDecryptor, new StringSink(plainFutureFromLocal) ) );
+ // local tx pubkey -> remote
+ Secret sremote;
+ remote.agree(local.pubkey(), sremote);
- // decrypt future w/local
- string plainLocalFromFuture;
- StringSource ss6 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocalFromFuture) ) );
+ // remote tx pbukey -> local
+ Secret slocal;
+ local.agree(remote.pubkey(), slocal);
+
+ BOOST_REQUIRE(sremote);
+ BOOST_REQUIRE(slocal);
+ BOOST_REQUIRE_EQUAL(sremote, slocal);
+}
+
+BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac)
+{
+ // New connections require new ECDH keypairs
+ // Every new connection requires a new EC keypair
+ // Every new trust requires a new EC keypair
+ // All connections should share seed for PRF (or PRNG) for nonces
- BOOST_REQUIRE(plainLocal == message);
- BOOST_REQUIRE(plainFuture == plainLocal);
- BOOST_REQUIRE(plainFutureFromLocal == plainLocal);
- BOOST_REQUIRE(plainLocalFromFuture == plainLocal);
}
BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
@@ -346,21 +320,28 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
rng.GenerateBlock(key, key.size());
// cryptopp uses IV as nonce/counter which is same as using nonce w/0 ctr
- byte ctr[AES::BLOCKSIZE];
- rng.GenerateBlock(ctr, sizeof(ctr));
+ FixedHash<AES::BLOCKSIZE> ctr;
+ rng.GenerateBlock(ctr.data(), sizeof(ctr));
+
+ // used for decrypt
+ FixedHash<AES::BLOCKSIZE> ctrcopy(ctr);
- string text = "Now is the time for all good persons to come to the aide of humanity.";
- // c++11 ftw
+ string text = "Now is the time for all good persons to come to the aid of humanity.";
unsigned char const* in = (unsigned char*)&text[0];
unsigned char* out = (unsigned char*)&text[0];
string original = text;
+ string doublespeak = text + text;
string cipherCopy;
try
{
CTR_Mode<AES>::Encryption e;
- e.SetKeyWithIV(key, key.size(), ctr);
+ e.SetKeyWithIV(key, key.size(), ctr.data());
+
+ // 68 % 255 should be difference of counter
e.ProcessData(out, in, text.size());
+ ctr = h128(u128(ctr) + text.size() % 16);
+
BOOST_REQUIRE(text != original);
cipherCopy = text;
}
@@ -372,7 +353,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
try
{
CTR_Mode< AES >::Decryption d;
- d.SetKeyWithIV(key, key.size(), ctr);
+ d.SetKeyWithIV(key, key.size(), ctrcopy.data());
d.ProcessData(out, in, text.size());
BOOST_REQUIRE(text == original);
}
@@ -390,7 +371,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
out = (unsigned char*)&cipherCopy[0];
CTR_Mode<AES>::Encryption e;
- e.SetKeyWithIV(key, key.size(), ctr);
+ e.SetKeyWithIV(key, key.size(), ctrcopy.data());
e.ProcessData(out, in, text.size());
// yep, ctr mode.