Skip to content
Permalink
Browse files

[Crypto] Add ctx initialisation for bip38

  • Loading branch information...
Warrows committed Jun 10, 2018
1 parent 21234db commit f10439c8784ddf3d02a213e35c19c362bbca2108
Showing with 27 additions and 4 deletions.
  1. +27 −4 src/bip38.cpp
@@ -8,6 +8,7 @@
#include "pubkey.h"
#include "util.h"
#include "utilstrencodings.h"
#include "random.h"

#include <openssl/aes.h>
#include <openssl/sha.h>
@@ -49,14 +50,25 @@ void ComputePassfactor(std::string ownersalt, uint256 prefactor, uint256& passfa
bool ComputePasspoint(uint256 passfactor, CPubKey& passpoint)
{
size_t clen = 65;
secp256k1_context *ctx = NULL;
secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
assert(ctx != nullptr);
{
// Pass in a random blinding seed to the secp256k1 context.
std::vector<unsigned char, secure_allocator<unsigned char>> vseed(32);
GetRandBytes(vseed.data(), 32);
bool ret = secp256k1_context_randomize(ctx, vseed.data());
assert(ret);
}
secp256k1_pubkey pubkey;

//passpoint is the ec_mult of passfactor on secp256k1
if (!secp256k1_ec_pubkey_create(ctx, &pubkey, passfactor.begin()))
if (!secp256k1_ec_pubkey_create(ctx, &pubkey, passfactor.begin())) {
secp256k1_context_destroy(ctx);
return false;
}

secp256k1_ec_pubkey_serialize(ctx, (unsigned char*)passpoint.begin(), &clen, &pubkey, SECP256K1_EC_COMPRESSED);
secp256k1_context_destroy(ctx);

if (passpoint.size() != clen)
return false;
@@ -241,10 +253,21 @@ bool BIP38_Decrypt(std::string strPassphrase, std::string strEncryptedKey, uint2
ComputeFactorB(seedB, factorB);

//multiply passfactor by factorb mod N to yield the priv key
secp256k1_context *ctx = NULL;
secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
assert(ctx != nullptr);
{
// Pass in a random blinding seed to the secp256k1 context.
std::vector<unsigned char, secure_allocator<unsigned char>> vseed(32);
GetRandBytes(vseed.data(), 32);
bool ret = secp256k1_context_randomize(ctx, vseed.data());
assert(ret);
}
privKey = factorB;
if (!secp256k1_ec_privkey_tweak_mul(ctx, privKey.begin(), passfactor.begin()))
if (!secp256k1_ec_privkey_tweak_mul(ctx, privKey.begin(), passfactor.begin())) {
secp256k1_context_destroy(ctx);
return false;
}
secp256k1_context_destroy(ctx);

//double check that the address hash matches our final privkey
CKey k;

0 comments on commit f10439c

Please sign in to comment.
You can’t perform that action at this time.