Add support for V11 protocol with BulletProofV2 and short amount.

New scheme key destination contrfol
Fix dummy decryption in debug mode
This commit is contained in:
cslashm 2018-12-11 10:20:21 +01:00
parent 3a981a3313
commit 98fdcb2aa5
8 changed files with 101 additions and 47 deletions

View file

@ -104,6 +104,13 @@ namespace cryptonote
std::vector<rct::key> &amount_keys, std::vector<rct::key> &amount_keys,
crypto::public_key &out_eph_public_key) ; crypto::public_key &out_eph_public_key) ;
bool generate_output_ephemeral_keys(const size_t tx_version, const cryptonote::account_keys &sender_account_keys, const crypto::public_key &txkey_pub, const crypto::secret_key &tx_key,
const cryptonote::tx_destination_entry &dst_entr, const boost::optional<cryptonote::account_public_address> &change_addr, const size_t output_index,
const bool &need_additional_txkeys, const std::vector<crypto::secret_key> &additional_tx_keys,
std::vector<crypto::public_key> &additional_tx_public_keys,
std::vector<rct::key> &amount_keys,
crypto::public_key &out_eph_public_key) ;
bool generate_genesis_block( bool generate_genesis_block(
block& bl block& bl
, std::string const & genesis_tx , std::string const & genesis_tx

View file

@ -75,4 +75,6 @@ target_link_libraries(device
${OPENSSL_CRYPTO_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARIES}
${Boost_SERIALIZATION_LIBRARY} ${Boost_SERIALIZATION_LIBRARY}
PRIVATE PRIVATE
version
${Blocks}
${EXTRA_LIBRARIES}) ${EXTRA_LIBRARIES})

View file

@ -220,6 +220,8 @@ namespace hw {
return encrypt_payment_id(payment_id, public_key, secret_key); return encrypt_payment_id(payment_id, public_key, secret_key);
} }
virtual rct::key genCommitmentMask(const rct::key &amount_key) = 0;
virtual bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) = 0; virtual bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) = 0;
virtual bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) = 0; virtual bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) = 0;

View file

@ -349,6 +349,10 @@ namespace hw {
return true; return true;
} }
rct::key device_default::genCommitmentMask(const rct::key &amount_key) {
return rct::genCommitmentMask(amount_key);
}
bool device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) { bool device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) {
rct::ecdhEncode(unmasked, sharedSec, short_amount); rct::ecdhEncode(unmasked, sharedSec, short_amount);
return true; return true;

View file

@ -111,6 +111,8 @@ namespace hw {
bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override; bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override;
rct::key genCommitmentMask(const rct::key &amount_key) override;
bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) override; bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) override;
bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) override; bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) override;

View file

@ -27,6 +27,7 @@
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// //
#include "version.h"
#include "device_ledger.hpp" #include "device_ledger.hpp"
#include "log.hpp" #include "log.hpp"
#include "ringct/rctOps.h" #include "ringct/rctOps.h"
@ -173,6 +174,7 @@ namespace hw {
#define INS_SET_SIGNATURE_MODE 0x72 #define INS_SET_SIGNATURE_MODE 0x72
#define INS_GET_ADDITIONAL_KEY 0x74 #define INS_GET_ADDITIONAL_KEY 0x74
#define INS_STEALTH 0x76 #define INS_STEALTH 0x76
#define INS_GEN_COMMITMENT_MASK 0x77
#define INS_BLIND 0x78 #define INS_BLIND 0x78
#define INS_UNBLIND 0x7A #define INS_UNBLIND 0x7A
#define INS_GEN_TXOUT_KEYS 0x7B #define INS_GEN_TXOUT_KEYS 0x7B
@ -330,9 +332,9 @@ namespace hw {
this->length_recv -= 2; this->length_recv -= 2;
this->sw = (this->buffer_recv[length_recv]<<8) | this->buffer_recv[length_recv+1]; this->sw = (this->buffer_recv[length_recv]<<8) | this->buffer_recv[length_recv+1];
logRESP();
ASSERT_SW(this->sw,ok,msk); ASSERT_SW(this->sw,ok,msk);
logRESP();
return this->sw; return this->sw;
} }
@ -1197,13 +1199,19 @@ namespace hw {
const cryptonote::account_keys sender_account_keys_x = sender_account_keys; const cryptonote::account_keys sender_account_keys_x = sender_account_keys;
memmove((void*)sender_account_keys_x.m_view_secret_key.data, dbg_viewkey.data, 32); memmove((void*)sender_account_keys_x.m_view_secret_key.data, dbg_viewkey.data, 32);
const crypto::public_key &txkey_pub_x = txkey_pub;
const crypto::secret_key &tx_key_x = tx_key; const crypto::public_key txkey_pub_x = txkey_pub;
const cryptonote::tx_destination_entry &dst_entr_x = dst_entr; const crypto::secret_key tx_key_x = hw::ledger::decrypt(tx_key);
const boost::optional<cryptonote::account_public_address> &change_addr_x = change_addr; const cryptonote::tx_destination_entry dst_entr_x = dst_entr;
const size_t &output_index_x = output_index; const boost::optional<cryptonote::account_public_address> change_addr_x = change_addr;
const bool &need_additional_txkeys_x = need_additional_txkeys; const size_t output_index_x = output_index;
const std::vector<crypto::secret_key> &additional_tx_keys_x = additional_tx_keys; const bool need_additional_txkeys_x = need_additional_txkeys;
std::vector<crypto::secret_key> additional_tx_keys_x;
for (const auto k: additional_tx_keys) {
additional_tx_keys_x.push_back(hw::ledger::decrypt(k));
}
std::vector<crypto::public_key> additional_tx_public_keys_x; std::vector<crypto::public_key> additional_tx_public_keys_x;
std::vector<rct::key> amount_keys_x; std::vector<rct::key> amount_keys_x;
crypto::public_key out_eph_public_key_x; crypto::public_key out_eph_public_key_x;
@ -1211,32 +1219,16 @@ namespace hw {
additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x); additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x);
#endif #endif
ASSERT_X(tx_version > 1, "TX version not supported"<<tx_version);
// make additional tx pubkey if necessary // make additional tx pubkey if necessary
cryptonote::keypair additional_txkey; cryptonote::keypair additional_txkey;
if (need_additional_txkeys) { if (need_additional_txkeys) {
additional_txkey.sec = additional_tx_keys[output_index]; additional_txkey.sec = additional_tx_keys[output_index];
} }
//compute derivation, out_eph_public_key, and amount key in one shot on device, to ensure checkable link
const crypto::secret_key *sec;
bool is_change;
if (change_addr && dst_entr.addr == *change_addr)
{
// sending change to yourself; derivation = a*R
is_change = true;
sec = &sender_account_keys.m_view_secret_key;
}
else
{
is_change = false;
if (dst_entr.is_subaddress && need_additional_txkeys) {
sec = &additional_txkey.sec;
} else {
sec = &tx_key;
}
}
int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS); int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS);
//tx_version //tx_version
this->buffer_send[offset+0] = tx_version>>24; this->buffer_send[offset+0] = tx_version>>24;
@ -1244,8 +1236,12 @@ namespace hw {
this->buffer_send[offset+2] = tx_version>>8; this->buffer_send[offset+2] = tx_version>>8;
this->buffer_send[offset+3] = tx_version>>0; this->buffer_send[offset+3] = tx_version>>0;
offset += 4; offset += 4;
//tx_sec
memmove(&this->buffer_send[offset], sec->data, 32); //tx_key
memmove(&this->buffer_send[offset], tx_key.data, 32);
offset += 32;
//txkey_pub
memmove(&this->buffer_send[offset], txkey_pub.data, 32);
offset += 32; offset += 32;
//Aout //Aout
memmove(&this->buffer_send[offset], dst_entr.addr.m_view_public_key.data, 32); memmove(&this->buffer_send[offset], dst_entr.addr.m_view_public_key.data, 32);
@ -1260,6 +1256,7 @@ namespace hw {
this->buffer_send[offset+3] = output_index>>0; this->buffer_send[offset+3] = output_index>>0;
offset += 4; offset += 4;
//is_change, //is_change,
bool is_change = (change_addr && dst_entr.addr == *change_addr);
this->buffer_send[offset] = is_change; this->buffer_send[offset] = is_change;
offset++; offset++;
//is_subaddress //is_subaddress
@ -1268,23 +1265,22 @@ namespace hw {
//need_additional_key //need_additional_key
this->buffer_send[offset] = need_additional_txkeys; this->buffer_send[offset] = need_additional_txkeys;
offset++; offset++;
//additional_tx_key
if (need_additional_txkeys) {
memmove(&this->buffer_send[offset], additional_txkey.sec.data, 32);
} else {
memset(&this->buffer_send[offset], 0, 32);
}
offset += 32;
this->buffer_send[4] = offset-5; this->buffer_send[4] = offset-5;
this->length_send = offset; this->length_send = offset;
this->exchange(); this->exchange();
offset = 0; offset = 0;
unsigned int recv_len = this->length_recv; unsigned int recv_len = this->length_recv;
if (need_additional_txkeys)
{ //if (tx_version > 1)
ASSERT_X(recv_len>=32, "Not enought data from device"); {
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
if (tx_version > 1)
{
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
crypto::secret_key scalar1; crypto::secret_key scalar1;
memmove(scalar1.data, &this->buffer_recv[offset],32); memmove(scalar1.data, &this->buffer_recv[offset],32);
@ -1295,6 +1291,16 @@ namespace hw {
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32); memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32);
recv_len -= 32; recv_len -= 32;
offset += 32;
if (need_additional_txkeys)
{
ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
// add ABPkeys // add ABPkeys
this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change, this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change,
@ -1302,10 +1308,11 @@ namespace hw {
amount_keys.back(), out_eph_public_key); amount_keys.back(), out_eph_public_key);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
log_hexbuffer("generate_output_ephemeral_keys: clear amount_key", (const char*)hw::ledger::decrypt(amount_keys.back()).bytes, 32);
hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes); hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes);
if (need_additional_txkeys) { if (need_additional_txkeys) {
hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_keys_x.back().data, additional_tx_keys.back().data); hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_public_keys_x.back().data, additional_tx_public_keys.back().data);
} }
hw::ledger::check32("generate_output_ephemeral_keys", "out_eph_public_key", out_eph_public_key_x.data, out_eph_public_key.data); hw::ledger::check32("generate_output_ephemeral_keys", "out_eph_public_key", out_eph_public_key_x.data, out_eph_public_key.data);
#endif #endif
@ -1319,6 +1326,32 @@ namespace hw {
return true; return true;
} }
rct::key device_ledger::genCommitmentMask(const rct::key &AKout) {
#ifdef DEBUG_HWDEVICE
const rct::key AKout_x = hw::ledger::decrypt(AKout);
rct::key mask_x;
mask_x = this->controle_device->genCommitmentMask(AKout_x);
#endif
rct::key mask;
int offset = set_command_header_noopt(INS_GEN_COMMITMENT_MASK);
// AKout
memmove(this->buffer_send+offset, AKout.bytes, 32);
offset += 32;
this->buffer_send[4] = offset-5;
this->length_send = offset;
this->exchange();
memmove(mask.bytes, &this->buffer_recv[0], 32);
#ifdef DEBUG_HWDEVICE
hw::ledger::check32("genCommitmentMask", "mask", (const char*)mask_x.bytes, (const char*)mask.bytes);
#endif
return mask;
}
bool device_ledger::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & AKout, bool short_amount) { bool device_ledger::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & AKout, bool short_amount) {
AUTO_LOCK_CMD(); AUTO_LOCK_CMD();
@ -1350,6 +1383,7 @@ namespace hw {
memmove(unmasked.mask.bytes, &this->buffer_recv[32], 32); memmove(unmasked.mask.bytes, &this->buffer_recv[32], 32);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
MDEBUG("ecdhEncode: Akout: "<<AKout_x);
hw::ledger::check32("ecdhEncode", "amount", (char*)unmasked_x.amount.bytes, (char*)unmasked.amount.bytes); hw::ledger::check32("ecdhEncode", "amount", (char*)unmasked_x.amount.bytes, (char*)unmasked.amount.bytes);
hw::ledger::check32("ecdhEncode", "mask", (char*)unmasked_x.mask.bytes, (char*)unmasked.mask.bytes); hw::ledger::check32("ecdhEncode", "mask", (char*)unmasked_x.mask.bytes, (char*)unmasked.mask.bytes);
@ -1390,6 +1424,7 @@ namespace hw {
memmove(masked.mask.bytes, &this->buffer_recv[32], 32); memmove(masked.mask.bytes, &this->buffer_recv[32], 32);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
MDEBUG("ecdhEncode: Akout: "<<AKout_x);
hw::ledger::check32("ecdhDecode", "amount", (char*)masked_x.amount.bytes, (char*)masked.amount.bytes); hw::ledger::check32("ecdhDecode", "amount", (char*)masked_x.amount.bytes, (char*)masked.amount.bytes);
hw::ledger::check32("ecdhDecode", "mask", (char*)masked_x.mask.bytes,(char*) masked.mask.bytes); hw::ledger::check32("ecdhDecode", "mask", (char*)masked_x.mask.bytes,(char*) masked.mask.bytes);
#endif #endif

View file

@ -207,6 +207,8 @@ namespace hw {
bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override; bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override;
rct::key genCommitmentMask(const rct::key &amount_key) override;
bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_format) override; bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_format) override;
bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_format) override; bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_format) override;

View file

@ -79,12 +79,12 @@ namespace
} }
namespace rct { namespace rct {
Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector<uint64_t> &amounts, epee::span<const key> sk) Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector<uint64_t> &amounts, epee::span<const key> sk, hw::device &hwdev)
{ {
CHECK_AND_ASSERT_THROW_MES(amounts.size() == sk.size(), "Invalid amounts/sk sizes"); CHECK_AND_ASSERT_THROW_MES(amounts.size() == sk.size(), "Invalid amounts/sk sizes");
masks.resize(amounts.size()); masks.resize(amounts.size());
for (size_t i = 0; i < masks.size(); ++i) for (size_t i = 0; i < masks.size(); ++i)
masks[i] = genCommitmentMask(sk[i]); masks[i] = hwdev.genCommitmentMask(sk[i]);
Bulletproof proof = bulletproof_PROVE(amounts, masks); Bulletproof proof = bulletproof_PROVE(amounts, masks);
CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size"); CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size");
C = proof.V; C = proof.V;
@ -804,7 +804,7 @@ namespace rct {
else else
{ {
const epee::span<const key> keys{&amount_keys[0], amount_keys.size()}; const epee::span<const key> keys{&amount_keys[0], amount_keys.size()};
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys)); rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys, hwdev));
#ifdef DBG #ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif #endif
@ -833,7 +833,7 @@ namespace rct {
else else
{ {
const epee::span<const key> keys{&amount_keys[amounts_proved], batch_size}; const epee::span<const key> keys{&amount_keys[amounts_proved], batch_size};
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys)); rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys, hwdev));
#ifdef DBG #ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif #endif