// secrets is called after the handshake is completed. // It extracts the connection secrets from the handshake values. func (h *encHandshake) secrets(auth, authResp []byte) (secrets, error) { ecdheSecret, err := h.randomPrivKey.GenerateShared(h.remoteRandomPub, sskLen, sskLen) if err != nil { return secrets{}, err } // derive base secrets from ephemeral key agreement sharedSecret := crypto.Sha3(ecdheSecret, crypto.Sha3(h.respNonce, h.initNonce)) aesSecret := crypto.Sha3(ecdheSecret, sharedSecret) s := secrets{ RemoteID: h.remoteID, AES: aesSecret, MAC: crypto.Sha3(ecdheSecret, aesSecret), Token: crypto.Sha3(sharedSecret), } // setup sha3 instances for the MACs mac1 := sha3.NewKeccak256() mac1.Write(xor(s.MAC, h.respNonce)) mac1.Write(auth) mac2 := sha3.NewKeccak256() mac2.Write(xor(s.MAC, h.initNonce)) mac2.Write(authResp) if h.initiator { s.EgressMAC, s.IngressMAC = mac1, mac2 } else { s.EgressMAC, s.IngressMAC = mac2, mac1 } return s, nil }
func (dag *Dagger) Eval(N *big.Int) *big.Int { pow := common.BigPow(2, 26) dag.xn = pow.Div(N, pow) sha := sha3.NewKeccak256() sha.Reset() ret := new(big.Int) for k := 0; k < 4; k++ { d := sha3.NewKeccak256() b := new(big.Int) d.Reset() d.Write(dag.hash.Bytes()) d.Write(dag.xn.Bytes()) d.Write(N.Bytes()) d.Write(big.NewInt(int64(k)).Bytes()) b.SetBytes(Sum(d)) pk := (b.Uint64() & 0x1ffffff) sha.Write(dag.Node(9, pk).Bytes()) } return ret.SetBytes(Sum(sha)) }
func (dag *Dagger) Node(L uint64, i uint64) *big.Int { if L == i { return dag.hash } var m *big.Int if L == 9 { m = big.NewInt(16) } else { m = big.NewInt(3) } sha := sha3.NewKeccak256() sha.Reset() d := sha3.NewKeccak256() b := new(big.Int) ret := new(big.Int) for k := 0; k < int(m.Uint64()); k++ { d.Reset() d.Write(dag.hash.Bytes()) d.Write(dag.xn.Bytes()) d.Write(big.NewInt(int64(L)).Bytes()) d.Write(big.NewInt(int64(i)).Bytes()) d.Write(big.NewInt(int64(k)).Bytes()) b.SetBytes(Sum(d)) pk := b.Uint64() & ((1 << ((L - 1) * 3)) - 1) sha.Write(dag.Node(L-1, pk).Bytes()) } ret.SetBytes(Sum(sha)) return ret }
func Sha3(data ...[]byte) []byte { d := sha3.NewKeccak256() for _, b := range data { d.Write(b) } return d.Sum(nil) }
// VerifyProof checks merkle proofs. The given proof must contain the // value for key in a trie with the given root hash. VerifyProof // returns an error if the proof contains invalid trie nodes or the // wrong value. func VerifyProof(rootHash common.Hash, key []byte, proof []rlp.RawValue) (value []byte, err error) { key = compactHexDecode(key) sha := sha3.NewKeccak256() wantHash := rootHash.Bytes() for i, buf := range proof { sha.Reset() sha.Write(buf) if !bytes.Equal(sha.Sum(nil), wantHash) { return nil, fmt.Errorf("bad proof node %d: hash mismatch", i) } n, err := decodeNode(buf) if err != nil { return nil, fmt.Errorf("bad proof node %d: %v", i, err) } keyrest, cld := get(n, key) switch cld := cld.(type) { case nil: if i != len(proof)-1 { return nil, fmt.Errorf("key mismatch at proof node %d", i) } else { // The trie doesn't contain the key. return nil, nil } case hashNode: key = keyrest wantHash = cld case valueNode: if i != len(proof)-1 { return nil, errors.New("additional nodes at end of proof") } return cld, nil } } return nil, errors.New("unexpected end of proof") }
func Sha3Hash(data ...[]byte) (h common.Hash) { d := sha3.NewKeccak256() for _, b := range data { d.Write(b) } d.Sum(h[:0]) return h }
func verify(hash common.Hash, diff *big.Int, nonce uint64) bool { sha := sha3.NewKeccak256() n := make([]byte, 8) binary.PutUvarint(n, nonce) sha.Write(n) sha.Write(hash[:]) verification := new(big.Int).Div(common.BigPow(2, 256), diff) res := common.BigD(sha.Sum(nil)) return res.Cmp(verification) <= 0 }
func (t *SecureTrie) hashKey(key []byte) []byte { if t.hash == nil { t.hash = sha3.NewKeccak256() t.hashKeyBuf = make([]byte, 32) } t.hash.Reset() t.hash.Write(key) t.hashKeyBuf = t.hash.Sum(t.hashKeyBuf[:0]) return t.hashKeyBuf }
func newHasher() *hasher { return &hasher{tmp: new(bytes.Buffer), sha: sha3.NewKeccak256()} }
func rlpHash(x interface{}) (h common.Hash) { hw := sha3.NewKeccak256() rlp.Encode(hw, x) hw.Sum(h[:0]) return h }
// TODO: copied from crypto.go , move to sha3 package? func Sha3(data []byte) []byte { d := sha3.NewKeccak256() d.Write(data) return d.Sum(nil) }