Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HKDF_HMAC256_L32 and method to negate a private key #14047

Merged
merged 4 commits into from
May 16, 2019
Merged

Add HKDF_HMAC256_L32 and method to negate a private key #14047

merged 4 commits into from
May 16, 2019

Conversation

jonasschnelli
Copy link
Contributor

@jonasschnelli jonasschnelli commented Aug 24, 2018
edited
Loading

This adds a limited implementation of HKDF (defined by rfc5869) that supports only HMAC-SHA256 and length output of 32 bytes (will be required for v2 transport protocol).

This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new CKey::Negate() method is pretty much a wrapper around secp256k1_ec_privkey_negate().

Including tests.

This is a subset of #14032 and a pre-requirement for the v2 transport protocol.

@jonasschnelli jonasschnelli mentioned this pull request Aug 24, 2018
Closed
1 task
@DrahtBot
Copy link
Contributor

DrahtBot commented Aug 24, 2018
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #15649 (Add ChaCha20Poly1305@Bitcoin AEAD by jonasschnelli)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@DrahtBot DrahtBot mentioned this pull request Aug 24, 2018
Closed
sipa
sipa reviewed Aug 26, 2018
View reviewed changes
@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch from 2130c88 to dc02f90 Compare August 27, 2018 11:42
jonasschnelli added a commit to jonasschnelli/bitcoin that referenced this pull request Aug 29, 2018
@jonasschnelli
--- NEW CRYPTO (bitcoin#14047, bitcoin#14049, bitcoin#14050) ---
955ac1d
@DrahtBot DrahtBot mentioned this pull request Aug 30, 2018
Closed
Sjors
Sjors reviewed Sep 2, 2018
View reviewed changes
@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch 2 times, most recently from 75a15a3 to a034ec2 Compare September 18, 2018 07:53
@DrahtBot DrahtBot mentioned this pull request Oct 23, 2018
Merged
@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch from a034ec2 to 32633ff Compare March 5, 2019 14:48
@jonasschnelli
Copy link
Contributor Author

Rebased

sipa
sipa reviewed Mar 25, 2019
View reviewed changes
@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch from 32633ff to acf3deb Compare March 26, 2019 17:07
@sipa
Copy link
Member

sipa commented Mar 26, 2019

utACK acf3deb

@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch from acf3deb to 65948ee Compare March 27, 2019 16:25
@jonasschnelli
Copy link
Contributor Author

rebased

sipa
sipa reviewed May 10, 2019
View reviewed changes
Copy link
Member

@sipa sipa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 65948ee, just some nits.

src/crypto/hkdf_sha256_32.cpp Outdated

CHKDF_HMAC_SHA256_L32::CHKDF_HMAC_SHA256_L32(const unsigned char* ikm, size_t ikmlen, const std::string& salt)
{
CHMAC_SHA256(reinterpret_cast<const unsigned char*>(salt.c_str()), salt.size()).Write(ikm, ikmlen).Finalize(m_prk);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style nit: we don't usually use the C++ cast operators for primitive types (just (const unsigned char*)salt.c_str() works).

src/crypto/hkdf_sha256_32.cpp Outdated
// expand a 32byte key (single round)
assert(info.size() <= 128);
static const unsigned char one[1] = {1};
CHMAC_SHA256(m_prk, 32).Write(reinterpret_cast<const unsigned char*>(info.data()), info.size()).Write(one, 1).Finalize(hash);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

@jonasschnelli jonasschnelli force-pushed the 2018/08/bip151_key_hkdf branch from 65948ee to 8794a4b Compare May 11, 2019 07:14
@jonasschnelli
Copy link
Contributor Author

Thanks for the review. Fixed the C++ cast nit.

@promag
Copy link
Contributor

promag commented May 13, 2019

Restarted failed job.

@promag promag mentioned this pull request May 13, 2019
Closed
promag
promag reviewed May 13, 2019
View reviewed changes
Copy link
Contributor

@promag promag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some nits 👼

src/crypto/hkdf_sha256_32.cpp
@@ -0,0 +1,21 @@
// Copyright (c) 2018 The Bitcoin Core developers
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, 2019?

src/test/crypto_tests.cpp
std::vector<unsigned char> salt = ParseHex(salt_hex);
std::vector<unsigned char> info = ParseHex(info_hex);


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, remove 2nd empty line.

src/test/crypto_tests.cpp
@@ -212,6 +213,22 @@ static void TestPoly1305(const std::string &hexmessage, const std::string &hexke
BOOST_CHECK(tag == tagres);
}

static void TestHKDF_SHA256_32(const std::string &ikm_hex, const std::string &salt_hex, const std::string &info_hex, const std::string &okm_check_hex) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, space after &, not before.

@laanwj
Copy link
Member

laanwj commented May 16, 2019

utACK 8794a4b
Don't want to hold this up on a few last-minute style nits and empty lines.

@laanwj laanwj merged commit 8794a4b into bitcoin:master May 16, 2019
laanwj added a commit that referenced this pull request May 16, 2019
@laanwj
Merge #14047: Add HKDF_HMAC256_L32 and method to negate a private key
376638a 
8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of #14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request May 18, 2019
@laanwj @sidhujag
Merge bitcoin#14047: Add HKDF_HMAC256_L32 and method to negate a priv…
0a01b31 
…ate key

8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of bitcoin#14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jan 25, 2020
@laanwj @PastaPastaPasta
Merge bitcoin#14047: Add HKDF_HMAC256_L32 and method to negate a priv…
e01676c 
…ate key

8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of bitcoin#14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jan 25, 2020
@laanwj @PastaPastaPasta
Merge bitcoin#14047: Add HKDF_HMAC256_L32 and method to negate a priv…
be3eaed 
…ate key

8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of bitcoin#14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
Signed-off-by: Pasta <pasta@dashboost.org>
jasonbcox pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Sep 9, 2020
@jonasschnelli @majcosta
[backport#14047 1/4] CKey: add method to negate the key
983266a 
Summary:
bitcoin/bitcoin@463921b

---

Partial backport of Core [[bitcoin/bitcoin#14047 | PR14047]]

Test Plan:
  ninja

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D7393
jasonbcox pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Sep 9, 2020
@jonasschnelli @majcosta
[backport#14047 2/4] QA: add test for CKey::Negate()
8912da4 
Summary:
bitcoin/bitcoin@3b64f85

---

Depends on D7393

Partial backport of Core [[bitcoin/bitcoin#14047 | PR14047]]

Test Plan:
  ninja check-bitcoin-key_tests

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Subscribers: deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D7394
jasonbcox pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Sep 9, 2020
@jonasschnelli @majcosta
[backport#14047 3/4] Add HKDF HMAC_SHA256 L=32 implementations
5b38c54 
Summary:
bitcoin/bitcoin@551d489

---

Depends on D7394

Partial backport of Core [[bitcoin/bitcoin#14047 | PR14047]]

Test Plan:
  ninja

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Subscribers: deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D7395
jasonbcox pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Sep 9, 2020
@jonasschnelli @majcosta
[backport#14047 4/4] QA: add test for HKDF HMAC_SHA256 L32
ddeda02 
Summary:
bitcoin/bitcoin@8794a4b

---

Depends on D7395

Partial backport of Core [[bitcoin/bitcoin#14047 | PR14047]]

Test Plan:
  ninja check-bitcoin-crypto_tests

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D7396
UdjinM6 pushed a commit to UdjinM6/dash that referenced this pull request Aug 10, 2021
@laanwj @UdjinM6
Merge bitcoin#14047: Add HKDF_HMAC256_L32 and method to negate a priv…
c4f7bb5 
…ate key

8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of bitcoin#14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
5tefan pushed a commit to 5tefan/dash that referenced this pull request Aug 12, 2021
@laanwj @5tefan
Merge bitcoin#14047: Add HKDF_HMAC256_L32 and method to negate a priv…
f7d8279 
…ate key

8794a4b QA: add test for HKDF HMAC_SHA256 L32 (Jonas Schnelli)
551d489 Add HKDF HMAC_SHA256 L=32 implementations (Jonas Schnelli)
3b64f85 QA: add test for CKey::Negate() (Jonas Schnelli)
463921b CKey: add method to negate the key (Jonas Schnelli)

Pull request description:

  This adds a limited implementation of `HKDF` (defined by rfc5869) that supports only HMAC-SHA256  and length output of 32 bytes (will be required for v2 transport protocol).

  This PR also includes a method to negate a private key which is useful to enforce public keys starting with 0x02 (or 0x03) (a requirement for the v2 transport protocol). The new `CKey::Negate()` method is pretty much a wrapper around `secp256k1_ec_privkey_negate()`.

  Including tests.

  This is a subset of bitcoin#14032 and a pre-requirement for the v2 transport protocol.

ACKs for commit 8794a4:

Tree-SHA512: 5341929dfa29f5da766ec3612784baec6a3ad69972f08b5a985a8aafdae4dae36f104a2b888d1f5d1f33561456bd111f960d7e32c2cc4fd18e48358468f26c1a
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Dec 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Sjors Sjors Sjors left review comments

@sipa sipa sipa left review comments

@promag promag promag left review comments

@practicalswift practicalswift practicalswift left review comments

Assignees
No one assigned
Labels
Build system Tests Utils/log/libs
Projects
No open projects
P2P encryption
Status: Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@jonasschnelli @DrahtBot @sipa @promag @laanwj @Sjors @practicalswift