Update algorithm to X16R

configure.ac

@@ -308,6 +308,7 @@ if test "x$CXXFLAGS_overridden" = "xno"; then
   AX_CHECK_COMPILE_FLAG([-Wformat-security],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wformat-security"],,[[$CXXFLAG_WERROR]])
   AX_CHECK_COMPILE_FLAG([-Wthread-safety-analysis],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wthread-safety-analysis"],,[[$CXXFLAG_WERROR]])
   AX_CHECK_COMPILE_FLAG([-Wrange-loop-analysis],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wrange-loop-analysis"],,[[$CXXFLAG_WERROR]])
+  AX_CHECK_COMPILE_FLAG([-Wno-strict-aliasing],[WARN_CXXFLAGS="$WARN_CXXFLAGS -Wno-strict-aliasing"],,[[$CXXFLAG_WERROR]])
 
   ## Some compilers (gcc) ignore unknown -Wno-* options, but warn about all
   ## unknown options if any other warning is produced. Test the -Wfoo case, and

src/Makefile.am

@@ -327,6 +327,54 @@ crypto_libbitcoin_crypto_base_a_SOURCES = \
   crypto/sha256.h \
   crypto/sha512.cpp \
   crypto/sha512.h \
+  crypto/x16r/aes_helper.c \
+  crypto/x16r/blake.c \
+  crypto/x16r/bmw.c \
+  crypto/x16r/cubehash.c \
+  crypto/x16r/echo.c \
+  crypto/x16r/groestl.c \
+  crypto/x16r/jh.c \
+  crypto/x16r/keccak.c \
+  crypto/x16r/luffa.c \
+  crypto/x16r/shavite.c \
+  crypto/x16r/simd.c \
+  crypto/x16r/skein.c \
+  crypto/x16r/sph_hamsi.c \
+  crypto/x16r/sph_hamsi_helper.c \
+  crypto/x16r/sph_fugue.c \
+  crypto/x16r/sph_shabal.c \
+  crypto/x16r/sph_whirlpool.c \
+  crypto/x16r/sph_sha2.c \
+  crypto/x16r/sph_sha512.c \
+  crypto/x16r/sph_blake.h \
+  crypto/x16r/sph_bmw.h \
+  crypto/x16r/sph_cubehash.h \
+  crypto/x16r/sph_echo.h \
+  crypto/x16r/sph_groestl.h \
+  crypto/x16r/sph_jh.h \
+  crypto/x16r/sph_keccak.h \
+  crypto/x16r/sph_luffa.h \
+  crypto/x16r/sph_shavite.h \
+  crypto/x16r/sph_simd.h \
+  crypto/x16r/sph_skein.h \
+  crypto/x16r/sph_hamsi.h \
+  crypto/x16r/sph_fugue.h \
+  crypto/x16r/sph_shabal.h \
+  crypto/x16r/sph_whirlpool.h \
+  crypto/x16r/sph_sha2.h \
+  crypto/x16r/sph_types.h \
+  crypto/external/hmac_sha256.c \
+  crypto/external/hmac_sha256.h \
+  crypto/external/hmac_sha512.c \
+  crypto/external/hmac_sha512.h \
+  crypto/external/pkcs5_pbkdf2.c \
+  crypto/external/pkcs5_pbkdf2.h \
+  crypto/external/sha256.c \
+  crypto/external/sha256.h \
+  crypto/external/sha512.c \
+  crypto/external/sha512.h \
+  crypto/external/zeroize.c \
+  crypto/external/zeroize.h \
   cpp-ethereum/utils/libscrypt/b64.c \
   cpp-ethereum/utils/libscrypt/b64.h \
   cpp-ethereum/utils/libscrypt/crypto-mcf.c \

src/chain.cpp

@@ -4,6 +4,8 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <chain.h>
+#include <validation.h>
+#include <hash.h>
 
 /**
  * CChain implementation
@@ -112,12 +114,81 @@ CBlockIndex* CBlockIndex::GetAncestor(int height)
     return const_cast<CBlockIndex*>(static_cast<const CBlockIndex*>(this)->GetAncestor(height));
 }
 
+const CBlockIndex* CBlockIndex::GetBestPoWAncestor() const
+{
+    const CBlockIndex* pindexBestPoW = nullptr;
+    if (this->IsProofOfWork()) {
+        pindexBestPoW = this;
+    } else {
+        const CBlockIndex* pprev = this;
+        while (pprev->pprev) {
+            pprev = pprev->pprev;
+            if (pprev->IsProofOfWork()) {
+                pindexBestPoW = pprev;
+                break;
+            }
+        }
+    }
+    return pindexBestPoW;
+}
+
 void CBlockIndex::BuildSkip()
 {
     if (pprev)
         pskip = pprev->GetAncestor(GetSkipHeight(nHeight));
 }
 
+int64_t CBlockIndex::GetBlockWork() const
+{
+    int64_t nTimeSpan = 0;
+    if (pprev && pprev->pprev)
+        nTimeSpan = pprev->GetBlockTime() - pprev->pprev->GetBlockTime();
+    int64_t nBlockWork = 1000 - nTimeSpan;
+
+    //PoS blocks have the final decision on consensus, if it is between a PoW block and PoS block
+    // PoS blocks are also the only type of block that has the scoring of the block directly based on the elapsed time
+    // of this block and the prev. PoW is not bound by timestamps the same way PoS is, so it is not as safe to do with PoW
+    if (IsProofOfStake()) {
+        nTimeSpan = GetBlockTime() - pprev->GetBlockTime();
+        if (nTimeSpan < 0)
+            nTimeSpan = 1;
+        nBlockWork += (1000 - nTimeSpan);
+    }
+    if (nBlockWork <= 0)
+        nBlockWork = 1;
+    return nBlockWork;
+}
+
+int64_t CBlockIndex::GetBlockPoW() const
+{
+    if (!IsProofOfWork())
+        return 0;
+
+    int64_t nBlockPoW = 0;
+    if (pprev) {
+        int64_t nTimeSpan = 0;
+        const CBlockIndex* pindexWalk = pprev;
+        while (pindexWalk->pprev) {
+            if (pindexWalk->IsProofOfWork()) {
+                nTimeSpan = GetBlockTime() - pindexWalk->GetBlockTime();
+                break;
+            }
+            pindexWalk = pindexWalk->pprev;
+        }
+        nBlockPoW = 1000 - nTimeSpan;
+    }
+    if (nBlockPoW < 1)
+        nBlockPoW = 1;
+    return nBlockPoW;
+}
+
+arith_uint256 CBlockIndex::GetChainPoW() const
+{
+    if (!pprev)
+        return 0;
+    return pprev->nChainPoW + (IsProofOfWork() ? GetBlockPoW() : 0);
+}
+
 arith_uint256 GetBlockProof(const CBlockIndex& block)
 {
     arith_uint256 bnTarget;

src/chain.h

@@ -13,6 +13,7 @@
 #include <uint256.h>
 
 #include <vector>
+#include <map>
 
 /**
  * Maximum amount of time that a block timestamp is allowed to exceed the
@@ -162,6 +163,11 @@ enum BlockStatus: uint32_t {
     BLOCK_OPT_WITNESS       =   128, //!< block data in blk*.data was received with a witness-enforcing client
 };
 
+enum BlockMemFlags: uint32_t {
+    POS_BADWEIGHT = (1 << 0),
+};
+
+
 /** The block chain is a tree shaped structure starting with the
  * genesis block at the root, with each block potentially having multiple
  * candidates to be the next block. A blockindex may have multiple pprev pointing
@@ -197,6 +203,9 @@ class CBlockIndex
     //! (memory only) Total amount of work (expected number of hashes) in the chain up to and including this block
     arith_uint256 nChainWork;
 
+    //! (memory only) Total amount of work (only looking at PoW) in the chain up to and including this block
+    arith_uint256 nChainPoW;
+
     //! Number of transactions in this block.
     //! Note: in a potential headers-first mode, this number cannot be relied upon
     unsigned int nTx;
@@ -231,22 +240,28 @@ class CBlockIndex
     //! (memory only) Maximum nTime in the chain up to and including this block.
     unsigned int nTimeMax;
 
+    //! (memory only) Maximum nTime in the chain up to and including this block.
+    uint32_t nMemFlags;
+
     void SetNull()
     {
         phashBlock = nullptr;
         pprev = nullptr;
         pnext = nullptr;
         pskip = nullptr;
         nHeight = 0;
+	nMoneySupply = 0;
         nFile = 0;
         nDataPos = 0;
         nUndoPos = 0;
         nChainWork = arith_uint256();
+	nChainPoW = arith_uint256();
         nTx = 0;
         nChainTx = 0;
         nStatus = 0;
         nSequenceId = 0;
         nTimeMax = 0;
+        nMemFlags = 0;
 
         nVersion       = 0;
         hashMerkleRoot = uint256();
@@ -283,6 +298,7 @@ class CBlockIndex
         hashProof = uint256(); 
         prevoutStake   = block.prevoutStake; // qtum
         vchBlockSig    = block.vchBlockSig; // qtum
+//        hashProof = uint256(); // activate perhaps?
     }
 
     CDiskBlockPos GetBlockPos() const {
@@ -308,7 +324,7 @@ class CBlockIndex
         CBlockHeader block;
         block.nVersion       = nVersion;
         if (pprev)
-            block.hashPrevBlock = pprev->GetBlockHash();
+        block.hashPrevBlock  = pprev->GetBlockHash();
         block.hashMerkleRoot = hashMerkleRoot;
         block.nTime          = nTime;
         block.nBits          = nBits;
@@ -325,6 +341,11 @@ class CBlockIndex
         return *phashBlock;
     }
 
+    uint256 GetBlockPoWHash() const
+    {
+        return GetBlockHeader().GetPoWHash();
+    }
+
     int64_t GetBlockTime() const
     {
         return (int64_t)nTime;
@@ -335,6 +356,10 @@ class CBlockIndex
         return (int64_t)nTimeMax;
     }
 
+    int64_t GetBlockWork() const;
+    int64_t GetBlockPoW() const;
+    arith_uint256 GetChainPoW() const;
+
     static constexpr int nMedianTimeSpan = 11;
 
     int64_t GetMedianTimePast() const
@@ -398,6 +423,7 @@ class CBlockIndex
     //! Efficiently find an ancestor of this block.
     CBlockIndex* GetAncestor(int height);
     const CBlockIndex* GetAncestor(int height) const;
+    const CBlockIndex* GetBestPoWAncestor() const;
 };
 
 arith_uint256 GetBlockProof(const CBlockIndex& block);
@@ -430,6 +456,7 @@ class CDiskBlockIndex : public CBlockIndex
             READWRITE(VARINT(_nVersion, VarIntMode::NONNEGATIVE_SIGNED));
 
         READWRITE(VARINT(nHeight, VarIntMode::NONNEGATIVE_SIGNED));
+        READWRITE(nMoneySupply);
         READWRITE(VARINT(nStatus));
         READWRITE(VARINT(nTx));
         if (nStatus & (BLOCK_HAVE_DATA | BLOCK_HAVE_UNDO))

src/crypto/aes.cpp

@@ -1,4 +1,4 @@
-// Copyright (c) 2016-2018 The Bitcoin Core developers
+// Copyright (c) 2016-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

src/crypto/aes.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2015-2018 The Bitcoin Core developers
+// Copyright (c) 2015-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 //

src/crypto/chacha20.cpp

@@ -1,4 +1,4 @@
-// Copyright (c) 2017 The Bitcoin Core developers
+// Copyright (c) 2017-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

src/crypto/chacha20.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2017 The Bitcoin Core developers
+// Copyright (c) 2017-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

src/crypto/common.h

@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2018 The Bitcoin Core developers
+// Copyright (c) 2014-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

src/crypto/external/hmac_sha256.c

@@ -0,0 +1,91 @@
+/* libsodium: hmac_hmacsha256.c, v0.4.5 2014/04/16 */
+/**
+ * Copyright 2005,2007,2009 Colin Percival. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "hmac_sha256.h"
+
+#include <stdint.h>
+#include <string.h>
+#include "sha256.h"
+#include "zeroize.h"
+
+void HMACSHA256(const uint8_t* input, size_t length, const uint8_t* key,
+    size_t key_length, uint8_t digest[HMACSHA256_DIGEST_LENGTH])
+{
+    HMACSHA256CTX context;
+    HMACSHA256Init(&context, key, key_length);
+    HMACSHA256Update(&context, input, length);
+    HMACSHA256Final(&context, digest);
+}
+
+void HMACSHA256Final(HMACSHA256CTX* context, 
+    uint8_t digest[HMACSHA256_DIGEST_LENGTH])
+{
+    uint8_t hash[HMACSHA256_DIGEST_LENGTH];
+
+    SHA256Final(&context->ictx, hash);
+    SHA256Update(&context->octx, hash, HMACSHA256_DIGEST_LENGTH);
+    SHA256Final(&context->octx, digest);
+
+    zeroize((void*)hash, sizeof hash);
+}
+
+void HMACSHA256Init(HMACSHA256CTX* context, const uint8_t* key, 
+    size_t key_length)
+{
+    size_t i;
+    uint8_t pad[SHA256_BLOCK_LENGTH];
+    uint8_t key_hash[SHA256_DIGEST_LENGTH];
+
+    if (key_length > SHA256_BLOCK_LENGTH)
+    {
+        SHA256Init(&context->ictx);
+        SHA256Update(&context->ictx, key, key_length);
+        SHA256Final(&context->ictx, key_hash);
+        key = key_hash;
+        key_length = SHA256_DIGEST_LENGTH;
+    }
+
+    SHA256Init(&context->ictx);
+    memset(pad, 0x36, SHA256_BLOCK_LENGTH);
+
+    for (i = 0; i < key_length; i++) 
+        pad[i] ^= key[i];
+
+    SHA256Update(&context->ictx, pad, SHA256_BLOCK_LENGTH);
+    SHA256Init(&context->octx);
+    memset(pad, 0x5c, SHA256_BLOCK_LENGTH);
+
+    for (i = 0; i < key_length; i++) 
+        pad[i] ^= key[i];
+
+    SHA256Update(&context->octx, pad, SHA256_BLOCK_LENGTH);
+    zeroize((void*)key_hash, sizeof key_hash);
+}
+
+void HMACSHA256Update(HMACSHA256CTX* context, const uint8_t* input,
+    size_t length)
+{
+    SHA256Update(&context->ictx, input, length);
+}