6 #include <chainparams.h>
34 if (!init_key.
IsValid())
return;
40 if (!resp_key.
IsValid())
return;
74 bool ignore = mode & 1;
75 bool from_init = mode & 2;
76 bool damage = mode & 4;
77 unsigned aad_length_bits = 4 * ((mode >> 3) & 3);
79 unsigned length_bits = 2 * ((mode >> 5) & 7);
82 std::vector<std::byte> aad(aad_length);
83 for (
auto& val : aad) val = std::byte{(uint8_t)rng()};
84 std::vector<std::byte> contents(length);
85 for (
auto& val : contents) val = std::byte{(uint8_t)rng()};
88 auto& sender{from_init ? initiator : responder};
89 auto& receiver{from_init ? responder : initiator};
92 std::vector<std::byte> ciphertext(length + initiator.
EXPANSION);
93 sender.Encrypt(contents, aad, ignore, ciphertext);
99 (ciphertext.size() + aad.size()) * 8U - 1U);
100 unsigned damage_pos = damage_bit >> 3;
101 std::byte damage_val{(uint8_t)(1U << (damage_bit & 7))};
102 if (damage_pos >= ciphertext.size()) {
103 aad[damage_pos - ciphertext.size()] ^= damage_val;
105 ciphertext[damage_pos] ^= damage_val;
110 uint32_t dec_length = receiver.DecryptLength(
Span{ciphertext}.
first(initiator.
LENGTH_LEN));
112 assert(dec_length == length);
115 if (dec_length > 16384 + length)
break;
117 ciphertext.resize(dec_length + initiator.
EXPANSION);
121 std::vector<std::byte> decrypt(dec_length);
122 bool dec_ignore{
false};
123 bool ok = receiver.Decrypt(
Span{ciphertext}.
subspan(initiator.
LENGTH_LEN), aad, dec_ignore, decrypt);
127 assert(ignore == dec_ignore);
128 assert(decrypt == contents);
void SelectParams(const ChainType chain)
Sets the params returned by Params() to those for the given chain type.
The BIP324 packet cipher, encapsulating its key derivation, stream cipher, and AEAD.
Span< const std::byte > GetSendGarbageTerminator() const noexcept
Get the Garbage Terminator to send.
Span< const std::byte > GetSessionID() const noexcept
Get the Session ID.
const EllSwiftPubKey & GetOurPubKey() const noexcept
Retrieve our public key.
static constexpr unsigned LENGTH_LEN
static constexpr unsigned EXPANSION
void Initialize(const EllSwiftPubKey &their_pubkey, bool initiator, bool self_decrypt=false) noexcept
Initialize when the other side's public key is received.
Span< const std::byte > GetReceiveGarbageTerminator() const noexcept
Get the expected Garbage Terminator to receive.
An encapsulated private key.
bool IsValid() const
Check whether this private key is valid.
RAII class initializing and deinitializing global state for elliptic curve support.
std::vector< T > ConsumeBytes(size_t num_bytes)
T ConsumeIntegralInRange(T min, T max)
A Span is an object that can refer to a contiguous sequence of objects.
CONSTEXPR_IF_NOT_DEBUG Span< C > first(std::size_t count) const noexcept
CONSTEXPR_IF_NOT_DEBUG Span< C > subspan(std::size_t offset) const noexcept
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
FUZZ_TARGET(bip324_cipher_roundtrip,.init=Initialize)
CKey ConsumePrivateKey(FuzzedDataProvider &fuzzed_data_provider, std::optional< bool > compressed) noexcept