If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
Conflicts
Reviewers, this pull request conflicts with the following ones:
#27385 (net: extract Network and BIP155Network logic to node/network by jonatack)
#27294 (refactor: Move chain names to the util library by TheCharlatan)
#27254 (refactor: Extract util/fs from util/system by TheCharlatan)
#26684 (bench: add readblock benchmark by andrewtoth)
#25572 (refactor: Introduce EvictionManager and use it for the inbound eviction logic by dergoegge)
#25390 (sync: introduce a thread-safe generic container and use it to remove a bunch of “GlobalMutex"es by vasild)
#25268 (refactor: Introduce EvictionManager by dergoegge)
#23432 (BIP324: CKey encode/decode to elligator-swift by dhruv)
#23233 (BIP324: Add encrypted p2p transport {de}serializer by dhruv)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
naumenkogs
commented at 7:14 am on November 22, 2021:
member
Concept ACK.
Moving forward with BIP324 is a good idea, and this code seems to not have any negative/unexpected side-effects.
dhruv renamed this:
BIP324 handshake prerequisites
BIP324: Handshake prerequisites
on Nov 23, 2021
The case of secp256k1_ecdh returning 0 corresponds to invalid input. That won’t happen here; I think you can assert instead and avoid the std::optional in the return type.
You could do a much stronger test: take two private keys as input fuzz data, compute the corresponding public keys, and compute the ecdh secrets from (sec1,pub2) and (sec2,pub1), and check that they match.
It’s cryptographic data (hashes and EC operations), so this is very unlikely to actually uncover any bugs unless they’re very apparent, but this way the fuzz test actually verifies the full behavior we desire from these functions.
I moved this into net.{h|cpp} as that’s where it will be used. I didn’t particularly want to increase the length of those files, so please let me know if the right thing to do is to have it in src/bip324.{h|cpp}
Not sure if a class for this is desirable in the first place. These keys shouldn’t be long-lived in any case (they’re only used to initialize the stream ciphers, and then destroyed). That can just as well be done with a simple function call?
:) I am working on re-structuring it. It’s close. Will keep you updated here.
alirezaayande referenced this in commit
0c85dc30e6
on Dec 7, 2021
dhruv force-pushed
on Dec 8, 2021
dhruv
commented at 3:02 am on December 9, 2021:
contributor
Addressed comments; Rebased with master to incorporate #23413. I am still investigating CI failures which seem like a timeout on Cirrus CI but re-running hasn’t helped (other recent open PRs seem to be seeing this error as well). Meanwhile, ready for further review.
DrahtBot added the label
Needs rebase
on Dec 18, 2021
dhruv force-pushed
on Jan 21, 2022
DrahtBot removed the label
Needs rebase
on Jan 21, 2022
dhruv
commented at 2:27 am on January 22, 2022:
contributor
This is unnecessary, as it’s already using secure_allocator, which wipes memory on deallocation.
That said, using a vector with secure_allocator is overkill here; you can just use an array (which doesn’t need allocation) - and then you do need the cleanse call.
You can also use const CHashWriter HASHER_BIP324_ECDH = TaggedHash("secp256k1_ellsq_xonly_ecdh");, and then do the rest of the hashing using (HashWriter(HASHER_BIP324_ECDH) << [rest of stuff] << [to hash]).GetSHA256(). That precomputes the entire midstate after the tag.
You can make the arguments here take Span<const uint8_t> - or even Span<const std::byte>. I don’t think this function needs to be able to mutate the passed in hdata.
0 auto initiator_hdata_vec = ParseHex("2deb41da6887640dda029ae41c9c9958881d0bb8e28f6bb9039ee9b7bb11091d62f4cbe65cc418df7aefd738f4d3e926c66365b4d38eefd0a883be64112f4495");
DrahtBot added the label
Needs rebase
on May 13, 2022
theStack
commented at 11:23 am on June 2, 2022:
contributor
Concept ACK
nit: Considering that ECDHSecret always has a fixed size, do we really need to use a std::vector? An alternative would be to use std::array and remove the .resize() calls. The following diff on the top-commit seems to work fine:
nit: These checks obviously don’t hurt, but now that ECDHSecret uses std::array and has it’s size fixed at compile-time, they are not that useful anymore.
The new ellswift API has a function secp256k1_ellswift_create which goes directly from private key + randomness to ellswift encoding, bypassing the need for encoding the public key in the traditional form.
@stratospher Upon further thought after our conversation, I think unsigned char makes sense here as that’s exactly what all the functions it is used with require. So I’m going with that when I update.
DrahtBot added the label
Needs rebase
on Sep 25, 2022
dhruv force-pushed
on Oct 1, 2022
dhruv
commented at 9:17 pm on October 1, 2022:
contributor
DrahtBot added the label
Needs rebase
on Nov 19, 2022
DrahtBot removed the label
Needs rebase
on Nov 21, 2022
dhruv force-pushed
on Nov 23, 2022
dhruv
commented at 5:12 am on November 23, 2022:
contributor
Bringing in upstream rebase (#26153)
DrahtBot added the label
Needs rebase
on Nov 30, 2022
dhruv force-pushed
on Dec 15, 2022
dhruv
commented at 4:53 pm on December 15, 2022:
contributor
Latest push:
Rebased upstream changes
Upstream changes include a new rekey ratchet mechanism (forward security) based on ChaCha20 instead of SHA256. This also means we no longer need the rekey salt in the session derivation process. BIP changes are WIP and coming soon.
DrahtBot removed the label
Needs rebase
on Dec 15, 2022
DrahtBot added the label
Needs rebase
on Dec 25, 2022
dhruv force-pushed
on Jan 12, 2023
dhruv
commented at 7:10 pm on January 12, 2023:
contributor
Rebased
DrahtBot removed the label
Needs rebase
on Jan 12, 2023
DrahtBot added the label
Needs rebase
on Jan 13, 2023
dhruv force-pushed
on Jan 14, 2023
dhruv
commented at 5:54 am on January 14, 2023:
contributor
Rebased
DrahtBot removed the label
Needs rebase
on Jan 14, 2023
dhruv force-pushed
on Jan 23, 2023
dhruv
commented at 10:14 pm on January 23, 2023:
contributor
DrahtBot added the label
Needs rebase
on Mar 12, 2023
BIP324 Cipher Suite187761fc8a
Allow for RFC8439 AD in cipher suite interface8405856ed9
Merge branch 'bip324-cipher-suite' into bip324-handshakeea3e911558
Squashed 'src/secp256k1/' changes from bdf39000b9..8034c67a48
8034c67a48 Add doc/ellswift.md with ElligatorSwift explanation
e90aa4e62e Add ellswift testing to CI
131faedd8a Add ElligatorSwift ctime tests
198a04c058 Add tests for ElligatorSwift
9984bfe476 Add ElligatorSwift benchmarks
f053da3ab7 Add ellswift module implementing ElligatorSwift
76c64be237 Add functions to test if X coordinate is valid
aff948fca2 Add benchmark for key generation
5ed9314d6d Add exhaustive tests for ecmult_const_xonly
b69fe88d5e Add x-only ecmult_const version for x=n/d
427bc3cdcf Merge bitcoin-core/secp256k1#1236: Update comment for secp256k1_modinv32_inv256
647f0a5cb1 Update comment for secp256k1_modinv32_inv256
5658209459 Merge bitcoin-core/secp256k1#1228: release cleanup: bump version after 0.3.0
28e63f7ea7 release cleanup: bump version after 0.3.0
git-subtree-dir: src/secp256k1
git-subtree-split: 8034c67a48dc1334bc74ee4ba239111a23d9789e
984b3d0a1f
Merge commit '984b3d0a1faabc1657e0dd33432fdadfd78335a9' into bip324-handshake007a92ed80
Enable ECDH computation on secp256k1 keys3d1b276949
Bench test for ECDH4b7be855dd
Fuzz test for ECDH6ffa68f4db
HKDF key derivation from ECDH secret for BIP324dc2527fb2f
Fuzz test for BIP324 key derivation178ef757ba
dhruv force-pushed
on Mar 21, 2023
dhruv
commented at 4:03 am on March 21, 2023:
contributor
Rebased.
DrahtBot removed the label
Needs rebase
on Mar 21, 2023
DrahtBot added the label
Needs rebase
on Apr 3, 2023
DrahtBot
commented at 2:09 pm on April 3, 2023:
contributor
🐙 This pull request conflicts with the target branch and needs rebase.
fanquake
commented at 8:50 am on April 18, 2023:
member
Closing this for now, as it’s partly included in #27479.
fanquake closed this
on Apr 18, 2023
achow101 referenced this in commit
679f825ba3
on Jun 26, 2023
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2024-12-19 00:12 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me