X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Futil%2Fcrypto.rs;h=cdd00d92af9c5f3cd0a2fe3a61c3447310a0bba2;hb=643623229311f461abf1dc64890f78378d0d4a83;hp=300ddacb020566dac6fc77ac537077918b76e925;hpb=03f655003d4a70aeb0dc79c4007cba1a7195350a;p=rust-lightning

diff --git a/lightning/src/util/crypto.rs b/lightning/src/util/crypto.rs
index 300ddacb..cdd00d92 100644
--- a/lightning/src/util/crypto.rs
+++ b/lightning/src/util/crypto.rs
@@ -1,7 +1,11 @@
 use bitcoin::hashes::{Hash, HashEngine};
 use bitcoin::hashes::hmac::{Hmac, HmacEngine};
 use bitcoin::hashes::sha256::Hash as Sha256;
-use bitcoin::secp256k1::{Message, Secp256k1, SecretKey, Signature, Signing};
+use bitcoin::secp256k1::{Message, Secp256k1, SecretKey, ecdsa::Signature, Signing};
+
+use crate::sign::EntropySource;
+
+use core::ops::Deref;
 
 macro_rules! hkdf_extract_expand {
 	($salt: expr, $ikm: expr) => {{
@@ -20,13 +24,25 @@ macro_rules! hkdf_extract_expand {
 		let (k1, k2, _) = hkdf_extract_expand!($salt, $ikm);
 		(k1, k2)
 	}};
-	($salt: expr, $ikm: expr, 3) => {{
+	($salt: expr, $ikm: expr, 5) => {{
 		let (k1, k2, prk) = hkdf_extract_expand!($salt, $ikm);
 
 		let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
 		hmac.input(&k2);
 		hmac.input(&[3; 1]);
-		(k1, k2, Hmac::from_engine(hmac).into_inner())
+		let k3 = Hmac::from_engine(hmac).into_inner();
+
+		let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
+		hmac.input(&k3);
+		hmac.input(&[4; 1]);
+		let k4 = Hmac::from_engine(hmac).into_inner();
+
+		let mut hmac = HmacEngine::<Sha256>::new(&prk[..]);
+		hmac.input(&k4);
+		hmac.input(&[5; 1]);
+		let k5 = Hmac::from_engine(hmac).into_inner();
+
+		(k1, k2, k3, k4, k5)
 	}}
 }
 
@@ -34,15 +50,33 @@ pub fn hkdf_extract_expand_twice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32]
 	hkdf_extract_expand!(salt, ikm, 2)
 }
 
-pub fn hkdf_extract_expand_thrice(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32], [u8; 32]) {
-	hkdf_extract_expand!(salt, ikm, 3)
+pub fn hkdf_extract_expand_5x(salt: &[u8], ikm: &[u8]) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
+	hkdf_extract_expand!(salt, ikm, 5)
 }
 
 #[inline]
 pub fn sign<C: Signing>(ctx: &Secp256k1<C>, msg: &Message, sk: &SecretKey) -> Signature {
 	#[cfg(feature = "grind_signatures")]
-	let sig = ctx.sign_low_r(msg, sk);
+	let sig = ctx.sign_ecdsa_low_r(msg, sk);
 	#[cfg(not(feature = "grind_signatures"))]
-	let sig = ctx.sign(msg, sk);
+	let sig = ctx.sign_ecdsa(msg, sk);
+	sig
+}
+
+#[inline]
+pub fn sign_with_aux_rand<C: Signing, ES: Deref>(
+	ctx: &Secp256k1<C>, msg: &Message, sk: &SecretKey, entropy_source: &ES
+) -> Signature where ES::Target: EntropySource {
+	#[cfg(feature = "grind_signatures")]
+	let sig = loop {
+		let sig = ctx.sign_ecdsa_with_noncedata(msg, sk, &entropy_source.get_secure_random_bytes());
+		if sig.serialize_compact()[0] < 0x80 {
+			break sig;
+		}
+	};
+	#[cfg(all(not(feature = "grind_signatures"), not(feature = "_test_vectors")))]
+	let sig = ctx.sign_ecdsa_with_noncedata(msg, sk, &entropy_source.get_secure_random_bytes());
+	#[cfg(all(not(feature = "grind_signatures"), feature = "_test_vectors"))]
+	let sig = sign(ctx, msg, sk);
 	sig
 }