Initialise constants: I think hash_to_p3() working

2025-08-13 08:45:53 -04:00 · 2021-04-20 16:22:25 +10:00 · 2021-04-20 16:22:25 +10:00 · ade9e3eabf
commit ade9e3eabf
parent 181d16156d
9 changed files with 1662 additions and 1773 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.19)
 project(xmr_btc_swap_comit C)
-set(CMAKE_C_STANDARD 11)
+set(CMAKE_CXX_STANDARD 11)
 set(BOOST_ROOT "/usr/local/Cellar/boost/1.75.0_2")
 include_directories(/usr/local/Cellar/boost/1.75.0_2/include)
@ -9,7 +9,6 @@ include_directories(monero-adaptor/depend/hash)
 add_library(xmr_btc_swap_comit
        monero-adaptor/depend/hash/hash.c
        monero-adaptor/depend/hash/include/hash.h
        monero-adaptor/depend/hash/include/int-util.h
        monero-adaptor/depend/hash/crypto-ops.c
        monero-adaptor/depend/hash/include/crypto-ops.h
--- a/monero-adaptor/depend/hash/crypto-ops.c
+++ b/monero-adaptor/depend/hash/crypto-ops.c
--- a/monero-adaptor/depend/hash/hash.c
+++ b/monero-adaptor/depend/hash/hash.c
@ -1,6 +1,5 @@
 #include <stdint.h>
 #include "include/keccak.h"
 #include "include/hash.h"
 #include "include/crypto-ops.h"
 void hash_to_scalar(const uint8_t *in, uint8_t *md) {
--- a/monero-adaptor/depend/hash/include/crypto-ops.h
+++ b/monero-adaptor/depend/hash/include/crypto-ops.h
@ -79,14 +79,13 @@ typedef ge_cached ge_dsmp[8];
 extern const ge_precomp ge_Bi[8];
 void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s);
 void ge_double_scalarmult_base_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *);
-
+void ge_triple_scalarmult_base_vartime(ge_p2 *, const unsigned char *, const unsigned char *, const ge_dsmp, const unsigned char *, const ge_dsmp);
 void ge_triple_scalarmult_base_vartime(ge_p2 *, const unsigned char *, const unsigned char *, const ge_dsmp,
                                       const unsigned char *, const ge_dsmp);
 void ge_double_scalarmult_base_vartime_p3(ge_p3 *, const unsigned char *, const ge_p3 *, const unsigned char *);
 /* From ge_frombytes.c, modified */
 extern const fe fe_sqrtm1;
 extern const fe fe_d;
 int ge_frombytes_vartime(ge_p3 *, const unsigned char *);
 /* From ge_p1p1_to_p2.c */
@ -130,39 +129,28 @@ void sc_reduce(unsigned char *);
 /* New code */
 void ge_scalarmult(ge_p2 *, const unsigned char *, const ge_p3 *);
 void ge_scalarmult_p3(ge_p3 *, const unsigned char *, const ge_p3 *);
-
+void ge_double_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *, const ge_dsmp);
-void ge_double_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *,
+void ge_triple_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_dsmp, const unsigned char *, const ge_dsmp, const unsigned char *, const ge_dsmp);
-                                          const ge_dsmp);
+void ge_double_scalarmult_precomp_vartime2(ge_p2 *, const unsigned char *, const ge_dsmp, const unsigned char *, const ge_dsmp);
-
+void ge_double_scalarmult_precomp_vartime2_p3(ge_p3 *, const unsigned char *, const ge_dsmp, const unsigned char *, const ge_dsmp);
 void ge_triple_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_dsmp, const unsigned char *,
                                          const ge_dsmp, const unsigned char *, const ge_dsmp);
 void ge_double_scalarmult_precomp_vartime2(ge_p2 *, const unsigned char *, const ge_dsmp, const unsigned char *,
                                           const ge_dsmp);
 void ge_double_scalarmult_precomp_vartime2_p3(ge_p3 *, const unsigned char *, const ge_dsmp, const unsigned char *,
                                              const ge_dsmp);
 void ge_mul8(ge_p1p1 *, const ge_p2 *);
-
+extern const fe fe_ma2;
 extern const fe fe_ma;
 extern const fe fe_fffb1;
 extern const fe fe_fffb2;
 extern const fe fe_fffb3;
 extern const fe fe_fffb4;
 extern const ge_p3 ge_p3_identity;
 extern const ge_p3 ge_p3_H;
 void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
 void sc_0(unsigned char *);
 void sc_reduce32(unsigned char *);
 void sc_add(unsigned char *, const unsigned char *, const unsigned char *);
 void sc_sub(unsigned char *, const unsigned char *, const unsigned char *);
 void sc_mulsub(unsigned char *, const unsigned char *, const unsigned char *, const unsigned char *);
 void sc_mul(unsigned char *, const unsigned char *, const unsigned char *);
 void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c);
 int sc_check(const unsigned char *);
 int sc_isnonzero(const unsigned char *); /* Doesn't normalize */
--- a/monero-adaptor/depend/hash/include/hash-ops.h
+++ b/monero-adaptor/depend/hash/include/hash-ops.h
@ -51,7 +51,6 @@ static inline const void *cpadd(const void *p, size_t i) {
 PUSH_WARNINGS
 DISABLE_VS_WARNINGS(4267)
 static_assert(sizeof(size_t) == 4 || sizeof(size_t) == 8, "size_t must be 4 or 8 bytes long");
 static inline void place_length(uint8_t *buffer, size_t bufsize, size_t length) {
    if (sizeof(size_t) == 4) {
        *(uint32_t *) padd(buffer, bufsize - 4) = swap32be(length);
@ -59,7 +58,6 @@ static inline void place_length(uint8_t *buffer, size_t bufsize, size_t length)
        *(uint64_t *) padd(buffer, bufsize - 8) = swap64be(length);
    }
 }
 POP_WARNINGS
 #pragma pack(push, 1)
@ -71,7 +69,6 @@ union hash_state {
 static_assert(sizeof(union hash_state) == 200, "Invalid structure size");
 void hash_permutation(union hash_state *state);
 void hash_process(union hash_state *state, const uint8_t *buf, size_t count);
 #endif
@ -82,43 +79,19 @@ enum {
 };
 void cn_fast_hash(const void *data, size_t length, char *hash);
 void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int prehashed, uint64_t height);
 void hash_extra_blake(const void *data, size_t length, char *hash);
 void hash_extra_groestl(const void *data, size_t length, char *hash);
 void hash_extra_jh(const void *data, size_t length, char *hash);
 void hash_extra_skein(const void *data, size_t length, char *hash);
 void tree_hash(const char (*hashes)[HASH_SIZE], size_t count, char *root_hash);
-bool tree_path(size_t count, size_t idx, uint32_t *path);
+#define RX_BLOCK_VERSION	12
 bool
 tree_branch(const char (*hashes)[HASH_SIZE], size_t count, const char *hash, char (*branch)[HASH_SIZE], size_t *depth,
            uint32_t *path);
 bool tree_branch_hash(const char hash[HASH_SIZE], const char (*branch)[HASH_SIZE], size_t depth, uint32_t path,
                      char root[HASH_SIZE]);
 bool
 is_branch_in_tree(const char hash[HASH_SIZE], const char root[HASH_SIZE], const char (*branch)[HASH_SIZE], size_t depth,
                  uint32_t path);
 #define RX_BLOCK_VERSION    12
 void rx_slow_hash_allocate_state(void);
 void rx_slow_hash_free_state(void);
 uint64_t rx_seedheight(const uint64_t height);
 void rx_seedheights(const uint64_t height, uint64_t *seed_height, uint64_t *next_height);
-
+void rx_slow_hash(const uint64_t mainheight, const uint64_t seedheight, const char *seedhash, const void *data, size_t length, char *hash, int miners, int is_alt);
 void rx_slow_hash(const uint64_t mainheight, const uint64_t seedheight, const char *seedhash, const void *data,
                  size_t length, char *hash, int miners, int is_alt);
 void rx_reorg(const uint64_t split_height);
--- a/monero-adaptor/depend/hash/include/hash.h
+++ b/monero-adaptor/depend/hash/include/hash.h
@ -1,11 +0,0 @@
 //
 // Created by Rishab Sharma on 16/4/21.
 //
 #include <stdint.h>
 #include <stdio.h>
 #ifndef XMR_BTC_SWAP_COMIT_HASH_H
 #define XMR_BTC_SWAP_COMIT_HASH_H
 #endif //XMR_BTC_SWAP_COMIT_HASH_H
--- a/monero-adaptor/depend/hash/include/int-util.h
+++ b/monero-adaptor/depend/hash/include/int-util.h
@ -79,7 +79,7 @@ static inline uint64_t lo_dword(uint64_t val) {
    return val & 0xFFFFFFFF;
 }
-static inline uint64_t mul128(uint64_t multiplier, uint64_t multiplicand, uint64_t *product_hi) {
+static inline uint64_t mul128(uint64_t multiplier, uint64_t multiplicand, uint64_t* product_hi) {
    // multiplier   = ab = a * 2^32 + b
    // multiplicand = cd = c * 2^32 + d
    // ab * cd = a * c * 2^64 + (a * d + b * c) * 2^32 + b * d
@ -105,15 +105,14 @@ static inline uint64_t mul128(uint64_t multiplier, uint64_t multiplicand, uint64
    return product_lo;
 }
-static inline uint64_t div_with_reminder(uint64_t dividend, uint32_t divisor, uint32_t *remainder) {
+static inline uint64_t div_with_reminder(uint64_t dividend, uint32_t divisor, uint32_t* remainder) {
-    dividend |= ((uint64_t) *remainder) << 32;
+    dividend |= ((uint64_t)*remainder) << 32;
    *remainder = dividend % divisor;
    return dividend / divisor;
 }
 // Long division with 2^32 base
-static inline uint32_t
+static inline uint32_t div128_32(uint64_t dividend_hi, uint64_t dividend_lo, uint32_t divisor, uint64_t* quotient_hi, uint64_t* quotient_lo) {
 div128_32(uint64_t dividend_hi, uint64_t dividend_lo, uint32_t divisor, uint64_t *quotient_hi, uint64_t *quotient_lo) {
    uint64_t dividend_dwords[4];
    uint32_t remainder = 0;
@ -122,28 +121,28 @@ div128_32(uint64_t dividend_hi, uint64_t dividend_lo, uint32_t divisor, uint64_t
    dividend_dwords[1] = hi_dword(dividend_lo);
    dividend_dwords[0] = lo_dword(dividend_lo);
-    *quotient_hi = div_with_reminder(dividend_dwords[3], divisor, &remainder) << 32;
+    *quotient_hi  = div_with_reminder(dividend_dwords[3], divisor, &remainder) << 32;
    *quotient_hi |= div_with_reminder(dividend_dwords[2], divisor, &remainder);
-    *quotient_lo = div_with_reminder(dividend_dwords[1], divisor, &remainder) << 32;
+    *quotient_lo  = div_with_reminder(dividend_dwords[1], divisor, &remainder) << 32;
    *quotient_lo |= div_with_reminder(dividend_dwords[0], divisor, &remainder);
    return remainder;
 }
 // Long divisor with 2^64 base
-void
+void div128_64(uint64_t dividend_hi, uint64_t dividend_lo, uint64_t divisor, uint64_t* quotient_hi, uint64_t *quotient_lo, uint64_t *remainder_hi, uint64_t *remainder_lo);
 div128_64(uint64_t dividend_hi, uint64_t dividend_lo, uint64_t divisor, uint64_t *quotient_hi, uint64_t *quotient_lo,
          uint64_t *remainder_hi, uint64_t *remainder_lo);
-static inline void add64clamp(uint64_t *value, uint64_t add) {
+static inline void add64clamp(uint64_t *value, uint64_t add)
-    static const uint64_t maxval = (uint64_t) -1;
+{
    static const uint64_t maxval = (uint64_t)-1;
    if (*value > maxval - add)
        *value = maxval;
    else
        *value += add;
 }
-static inline void sub64clamp(uint64_t *value, uint64_t sub) {
+static inline void sub64clamp(uint64_t *value, uint64_t sub)
 {
    if (*value < sub)
        *value = 0;
    else
@ -193,7 +192,7 @@ static inline uint32_t swap32(uint32_t x) {
 #      define swap64 __swap64
 #  elif !defined(swap64)
 static inline uint64_t swap64(uint64_t x) {
-    x = ((x & 0x00ff00ff00ff00ff) << 8) | ((x & 0xff00ff00ff00ff00) >> 8);
+    x = ((x & 0x00ff00ff00ff00ff) <<  8) | ((x & 0xff00ff00ff00ff00) >>  8);
    x = ((x & 0x0000ffff0000ffff) << 16) | ((x & 0xffff0000ffff0000) >> 16);
    return (x << 32) | (x >> 32);
 }
@ -205,8 +204,7 @@ static inline uint64_t swap64(uint64_t x) {
 #else
 #define UNUSED
 #endif
-
+static inline void mem_inplace_ident(void *mem UNUSED, size_t n UNUSED) { }
 static inline void mem_inplace_ident(void *mem UNUSED, size_t n UNUSED) {}
 #undef UNUSED
 static inline void mem_inplace_swap16(void *mem, size_t n) {
--- a/monero-adaptor/depend/hash/include/keccak.h
+++ b/monero-adaptor/depend/hash/include/keccak.h
@ -16,7 +16,8 @@
 #endif
 // SHA3 Algorithm context.
-typedef struct KECCAK_CTX {
+typedef struct KECCAK_CTX
 {
    // 1600 bits algorithm hashing state
    uint64_t hash[25];
    // 1088-bit buffer for leftovers, block size = 136 B for 256-bit keccak
@ -33,10 +34,7 @@ void keccakf(uint64_t st[25], int norounds);
 void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md);
-void keccak_init(KECCAK_CTX *ctx);
+void keccak_init(KECCAK_CTX * ctx);
-
+void keccak_update(KECCAK_CTX * ctx, const uint8_t *in, size_t inlen);
-void keccak_update(KECCAK_CTX *ctx, const uint8_t *in, size_t inlen);
+void keccak_finish(KECCAK_CTX * ctx, uint8_t *md);
 void keccak_finish(KECCAK_CTX *ctx, uint8_t *md);
 #endif
--- a/monero-adaptor/depend/hash/keccak.c
+++ b/monero-adaptor/depend/hash/keccak.c
@ -9,7 +9,8 @@
 #include "include/hash-ops.h"
 #include "include/keccak.h"
-static void local_abort(const char *msg) {
+static void local_abort(const char *msg)
 {
    fprintf(stderr, "%s\n", msg);
 #ifdef NDEBUG
    _exit(1);
@ -32,19 +33,20 @@ const uint64_t keccakf_rndc[24] =
 const int keccakf_rotc[24] =
        {
-                1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
+                1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,
-                27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
+                27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44
        };
 const int keccakf_piln[24] =
        {
-                10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
+                10, 7,  11, 17, 18, 3, 5,  16, 8,  21, 24, 4,
-                15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
+                15, 23, 19, 13, 12, 2, 20, 14, 22, 9,  6,  1
        };
 // update the state with given number of rounds
-void keccakf(uint64_t st[25], int rounds) {
+void keccakf(uint64_t st[25], int rounds)
 {
    int i, j, round;
    uint64_t t, bc[5];
@ -85,13 +87,15 @@ void keccakf(uint64_t st[25], int rounds) {
 // compute a keccak hash (md) of given byte length from "in"
 typedef uint64_t state_t[25];
-void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen) {
+void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
 {
    state_t st;
    uint8_t temp[144];
    size_t i, rsiz, rsizw;
    static_assert(HASH_DATA_AREA <= sizeof(temp), "Bad keccak preconditions");
-    if (mdlen <= 0 || (mdlen > 100 && sizeof(st) != (size_t) mdlen)) {
+    if (mdlen <= 0 || (mdlen > 100 && sizeof(st) != (size_t)mdlen))
    {
        local_abort("Bad keccak use");
    }
@ -100,7 +104,7 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen) {
    memset(st, 0, sizeof(st));
-    for (; inlen >= rsiz; inlen -= rsiz, in += rsiz) {
+    for ( ; inlen >= rsiz; inlen -= rsiz, in += rsiz) {
        for (i = 0; i < rsizw; i++) {
            uint64_t ina;
            memcpy(&ina, in + i * 8, 8);
@ -110,8 +114,8 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen) {
    }
    // last block and padding
-    if (inlen + 1 >= sizeof(temp) || inlen > rsiz || rsiz - inlen + inlen + 1 >= sizeof(temp) || rsiz == 0 ||
+    if (inlen + 1 >= sizeof(temp) || inlen > rsiz || rsiz - inlen + inlen + 1 >= sizeof(temp) || rsiz == 0 || rsiz - 1 >= sizeof(temp) || rsizw * 8 > sizeof(temp))
-        rsiz - 1 >= sizeof(temp) || rsizw * 8 > sizeof(temp)) {
+    {
        local_abort("Bad keccak use");
    }
@ -126,13 +130,15 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen) {
    keccakf(st, KECCAK_ROUNDS);
-    if (((size_t) mdlen % sizeof(uint64_t)) != 0) {
+    if (((size_t)mdlen % sizeof(uint64_t)) != 0)
    {
        local_abort("Bad keccak use");
    }
-    memcpy_swap64le(md, st, mdlen / sizeof(uint64_t));
+    memcpy_swap64le(md, st, mdlen/sizeof(uint64_t));
 }
-void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md) {
+void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md)
 {
    keccak(in, inlen, md, sizeof(state_t));
 }
@ -147,11 +153,11 @@ void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md) {
    keccakf(st, KECCAK_ROUNDS); }
-void keccak_init(KECCAK_CTX *ctx) {
+void keccak_init(KECCAK_CTX * ctx){
    memset(ctx, 0, sizeof(KECCAK_CTX));
 }
-void keccak_update(KECCAK_CTX *ctx, const uint8_t *in, size_t inlen) {
+void keccak_update(KECCAK_CTX * ctx, const uint8_t *in, size_t inlen){
    if (ctx->rest & KECCAK_FINALIZED) {
        local_abort("Bad keccak use");
    }
@ -162,12 +168,12 @@ void keccak_update(KECCAK_CTX *ctx, const uint8_t *in, size_t inlen) {
    // fill partial block
    if (idx) {
        size_t left = KECCAK_BLOCKLEN - idx;
-        memcpy((char *) ctx->message + idx, in, (inlen < left ? inlen : left));
+        memcpy((char*)ctx->message + idx, in, (inlen < left ? inlen : left));
        if (inlen < left) return;
        KECCAK_PROCESS_BLOCK(ctx->hash, ctx->message);
-        in += left;
+        in  += left;
        inlen -= left;
    }
@ -175,7 +181,7 @@ void keccak_update(KECCAK_CTX *ctx, const uint8_t *in, size_t inlen) {
        memcpy(ctx->message, in, KECCAK_BLOCKLEN);
        KECCAK_PROCESS_BLOCK(ctx->hash, ctx->message);
-        in += KECCAK_BLOCKLEN;
+        in  += KECCAK_BLOCKLEN;
        inlen -= KECCAK_BLOCKLEN;
    }
    if (inlen) {
@ -183,12 +189,13 @@ void keccak_update(KECCAK_CTX *ctx, const uint8_t *in, size_t inlen) {
    }
 }
-void keccak_finish(KECCAK_CTX *ctx, uint8_t *md) {
+void keccak_finish(KECCAK_CTX * ctx, uint8_t *md){
-    if (!(ctx->rest & KECCAK_FINALIZED)) {
+    if (!(ctx->rest & KECCAK_FINALIZED))
    {
        // clear the rest of the data queue
-        memset((char *) ctx->message + ctx->rest, 0, KECCAK_BLOCKLEN - ctx->rest);
+        memset((char*)ctx->message + ctx->rest, 0, KECCAK_BLOCKLEN - ctx->rest);
-        ((char *) ctx->message)[ctx->rest] |= 0x01;
+        ((char*)ctx->message)[ctx->rest] |= 0x01;
-        ((char *) ctx->message)[KECCAK_BLOCKLEN - 1] |= 0x80;
+        ((char*)ctx->message)[KECCAK_BLOCKLEN - 1] |= 0x80;
        // process final block
        KECCAK_PROCESS_BLOCK(ctx->hash, ctx->message);