draft support of clsag

This commit is contained in:
cslashm 2020-03-31 17:11:51 +02:00 committed by moneromooo-monero
parent 703944c4d4
commit 1660fe8a25
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
2 changed files with 157 additions and 0 deletions

View file

@ -299,6 +299,7 @@ namespace hw {
#define INS_PREFIX_HASH 0x7D
#define INS_VALIDATE 0x7C
#define INS_MLSAG 0x7E
#define INS_CLSAG 0x7F
#define INS_CLOSE_TX 0x80
#define INS_GET_TX_PROOF 0xA0
@ -2121,6 +2122,157 @@ namespace hw {
return true;
}
bool device_ledger::clsag_prepare(const rct::key &p, const rct::key &z, rct::key &I, rct::key &D, const rct::key &H, rct::key &a, rct::key &aG, rct::key &aH) {
AUTO_LOCK_CMD();
#ifdef DEBUG_HWDEVICE
const rct::key p_x = hw::ledger::decrypt(p);
const rct::key z_x = hw::ledger::decrypt(z);
rct::key I_x;
rct::key D_x;
const rct::key H_x = H;
rct::key a_x;
rct::key aG_x;
rct::key aH_x;
this->controle_device->clsag_prepare(p_x, z_x, I_x, D_x, H_x, a_x, aG_x, aH_x);
#endif
/*
rct::skpkGen(a,aG); // aG = a*G
rct::scalarmultKey(aH,H,a); // aH = a*H
rct::scalarmultKey(I,H,p); // I = p*H
rct::scalarmultKey(D,H,z); // D = z*H
*/
int offset = set_command_header_noopt(INS_CLSAG, 0x01);
//p
this->send_secret(p.bytes, offset);
//z
this->send_secret(z.bytes, offset);
//H
memmove(this->buffer_send+offset, H.bytes, 32);
offset += 32;
this->buffer_send[4] = offset-5;
this->length_send = offset;
this->exchange();
offset = 0;
//a
this->receive_secret(a.bytes, offset);
//aG
memmove(aG.bytes, this->buffer_recv+offset, 32);
offset +=32;
//aH
memmove(aH.bytes, this->buffer_recv+offset, 32);
offset +=32;
//I = pH
memmove(I.bytes, this->buffer_recv+offset, 32);
offset +=32;
//D = zH
memmove(D.bytes, this->buffer_recv+offset, 32);
offset +=32;
#ifdef DEBUG_HWDEVICE
hw::ledger::check32("clsag_prepare", "I", (char*)I_x.bytes, (char*)I.bytes);
hw::ledger::check32("clsag_prepare", "D", (char*)D_x.bytes, (char*)D.bytes);
hw::ledger::check32("clsag_prepare", "a", (char*)a_x.bytes, (char*)a.bytes);
hw::ledger::check32("clsag_prepare", "aG", (char*)aG_x.bytes, (char*)aG.bytes);
hw::ledger::check32("clsag_prepare", "aH", (char*)aH_x.bytes, (char*)aH.bytes);
#endif
return true;
}
bool device_ledger::clsag_hash(const rct::keyV &data, rct::key &hash) {
AUTO_LOCK_CMD();
#ifdef DEBUG_HWDEVICE
const rct::keyV data_x = data;
rct::key hash_x;
this->controle_device->mlsag_hash(data_x, hash_x);
#endif
size_t cnt;
int offset;
cnt = data.size();
for (size_t i = 0; i<cnt; i++) {
offset = set_command_header(INS_CLSAG, 0x02, i+1);
//options
this->buffer_send[offset] = (i==(cnt-1))?0x00:0x80; //last
offset += 1;
//msg part
memmove(this->buffer_send+offset, data[i].bytes, 32);
offset += 32;
this->buffer_send[4] = offset-5;
this->length_send = offset;
this->exchange();
}
//c/hash
memmove(hash.bytes, &this->buffer_recv[0], 32);
#ifdef DEBUG_HWDEVICE
hw::ledger::check32("mlsag_hash", "hash", (char*)hash_x.bytes, (char*)hash.bytes);
#endif
return true;
}
bool device_ledger::clsag_sign(const rct::key &c, const rct::key &a, const rct::key &p, const rct::key &z, const rct::key &mu_P, const rct::key &mu_C, rct::key &s) {
AUTO_LOCK_CMD();
#ifdef DEBUG_HWDEVICE
const rct::key c_x = c;
const rct::key a_x = hw::ledger::decrypt(a);
const rct::key p_x = hw::ledger::decrypt(p);
const rct::key z_x = hw::ledger::decrypt(z);
const rct::key mu_P_x = mu_P;
const rct::key mu_C_x = mu_C;
rct::key s_x;
this->controle_device->clsag_sign(c_x, a_x, p_x, z_x, mu_P_x, mu_C_x, s_x);
#endif
/*
rct::key s0_p_mu_P;
sc_mul(s0_p_mu_P.bytes,mu_P.bytes,p.bytes);
rct::key s0_add_z_mu_C;
sc_muladd(s0_add_z_mu_C.bytes,mu_C.bytes,z.bytes,s0_p_mu_P.bytes);
sc_mulsub(s.bytes,c.bytes,s0_add_z_mu_C.bytes,a.bytes);
*/
int offset = set_command_header_noopt(INS_CLSAG, 0x03);
//c
//discard, unse internal one
//a
this->send_secret(a.bytes, offset);
//p
this->send_secret(p.bytes, offset);
//z
this->send_secret(z.bytes, offset);
//mu_P
memmove(this->buffer_send+offset, mu_P.bytes, 32);
offset += 32;
//mu_C
memmove(this->buffer_send+offset, mu_C.bytes, 32);
offset += 32;
this->buffer_send[4] = offset-5;
this->length_send = offset;
this->exchange();
offset = 0;
//s
memmove(s.bytes, this->buffer_recv+offset, 32);
#ifdef DEBUG_HWDEVICE
hw::ledger::check32("clsag_sign", "s", (char*)s_x.bytes, (char*)s.bytes);
#endif
return true;
}
bool device_ledger::close_tx() {
AUTO_LOCK_CMD();
send_simple(INS_CLOSE_TX);

View file

@ -297,6 +297,11 @@ namespace hw {
bool mlsag_hash(const rct::keyV &long_message, rct::key &c) override;
bool mlsag_sign( const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) override;
bool clsag_prepare(const rct::key &p, const rct::key &z, rct::key &I, rct::key &D, const rct::key &H, rct::key &a, rct::key &aG, rct::key &aH) override;
bool clsag_hash(const rct::keyV &data, rct::key &hash) override;
bool clsag_sign(const rct::key &c, const rct::key &a, const rct::key &p, const rct::key &z, const rct::key &mu_P, const rct::key &mu_C, rct::key &s) override;
bool close_tx(void) override;
};