From 98fdcb2aa5a1c64bad4080ad00e4bd7eb647dc74 Mon Sep 17 00:00:00 2001 From: cslashm Date: Tue, 11 Dec 2018 10:20:21 +0100 Subject: [PATCH] Add support for V11 protocol with BulletProofV2 and short amount. New scheme key destination contrfol Fix dummy decryption in debug mode --- src/cryptonote_core/cryptonote_tx_utils.h | 7 ++ src/device/CMakeLists.txt | 2 + src/device/device.hpp | 2 + src/device/device_default.cpp | 4 + src/device/device_default.hpp | 2 + src/device/device_ledger.cpp | 121 ++++++++++++++-------- src/device/device_ledger.hpp | 2 + src/ringct/rctSigs.cpp | 8 +- 8 files changed, 101 insertions(+), 47 deletions(-) diff --git a/src/cryptonote_core/cryptonote_tx_utils.h b/src/cryptonote_core/cryptonote_tx_utils.h index cb1561c2d..d38aa7474 100644 --- a/src/cryptonote_core/cryptonote_tx_utils.h +++ b/src/cryptonote_core/cryptonote_tx_utils.h @@ -104,6 +104,13 @@ namespace cryptonote std::vector &amount_keys, crypto::public_key &out_eph_public_key) ; + bool generate_output_ephemeral_keys(const size_t tx_version, const cryptonote::account_keys &sender_account_keys, const crypto::public_key &txkey_pub, const crypto::secret_key &tx_key, + const cryptonote::tx_destination_entry &dst_entr, const boost::optional &change_addr, const size_t output_index, + const bool &need_additional_txkeys, const std::vector &additional_tx_keys, + std::vector &additional_tx_public_keys, + std::vector &amount_keys, + crypto::public_key &out_eph_public_key) ; + bool generate_genesis_block( block& bl , std::string const & genesis_tx diff --git a/src/device/CMakeLists.txt b/src/device/CMakeLists.txt index ffa1458b0..0b0686f61 100644 --- a/src/device/CMakeLists.txt +++ b/src/device/CMakeLists.txt @@ -75,4 +75,6 @@ target_link_libraries(device ${OPENSSL_CRYPTO_LIBRARIES} ${Boost_SERIALIZATION_LIBRARY} PRIVATE + version + ${Blocks} ${EXTRA_LIBRARIES}) diff --git a/src/device/device.hpp b/src/device/device.hpp index 65b38361b..33e1337c4 100644 --- a/src/device/device.hpp +++ b/src/device/device.hpp @@ -220,6 +220,8 @@ namespace hw { return encrypt_payment_id(payment_id, public_key, secret_key); } + virtual rct::key genCommitmentMask(const rct::key &amount_key) = 0; + virtual bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) = 0; virtual bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) = 0; diff --git a/src/device/device_default.cpp b/src/device/device_default.cpp index 999fbc22f..db0827c22 100644 --- a/src/device/device_default.cpp +++ b/src/device/device_default.cpp @@ -349,6 +349,10 @@ namespace hw { return true; } + rct::key device_default::genCommitmentMask(const rct::key &amount_key) { + return rct::genCommitmentMask(amount_key); + } + bool device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) { rct::ecdhEncode(unmasked, sharedSec, short_amount); return true; diff --git a/src/device/device_default.hpp b/src/device/device_default.hpp index 90d39495b..40f06d394 100644 --- a/src/device/device_default.hpp +++ b/src/device/device_default.hpp @@ -111,6 +111,8 @@ namespace hw { bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override; + rct::key genCommitmentMask(const rct::key &amount_key) override; + bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) override; bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) override; diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp index a904d5eab..3a285d674 100644 --- a/src/device/device_ledger.cpp +++ b/src/device/device_ledger.cpp @@ -27,6 +27,7 @@ // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // +#include "version.h" #include "device_ledger.hpp" #include "log.hpp" #include "ringct/rctOps.h" @@ -173,6 +174,7 @@ namespace hw { #define INS_SET_SIGNATURE_MODE 0x72 #define INS_GET_ADDITIONAL_KEY 0x74 #define INS_STEALTH 0x76 + #define INS_GEN_COMMITMENT_MASK 0x77 #define INS_BLIND 0x78 #define INS_UNBLIND 0x7A #define INS_GEN_TXOUT_KEYS 0x7B @@ -330,9 +332,9 @@ namespace hw { this->length_recv -= 2; this->sw = (this->buffer_recv[length_recv]<<8) | this->buffer_recv[length_recv+1]; + logRESP(); ASSERT_SW(this->sw,ok,msk); - logRESP(); return this->sw; } @@ -1197,13 +1199,19 @@ namespace hw { const cryptonote::account_keys sender_account_keys_x = sender_account_keys; memmove((void*)sender_account_keys_x.m_view_secret_key.data, dbg_viewkey.data, 32); - const crypto::public_key &txkey_pub_x = txkey_pub; - const crypto::secret_key &tx_key_x = tx_key; - const cryptonote::tx_destination_entry &dst_entr_x = dst_entr; - const boost::optional &change_addr_x = change_addr; - const size_t &output_index_x = output_index; - const bool &need_additional_txkeys_x = need_additional_txkeys; - const std::vector &additional_tx_keys_x = additional_tx_keys; + + const crypto::public_key txkey_pub_x = txkey_pub; + const crypto::secret_key tx_key_x = hw::ledger::decrypt(tx_key); + const cryptonote::tx_destination_entry dst_entr_x = dst_entr; + const boost::optional change_addr_x = change_addr; + const size_t output_index_x = output_index; + const bool need_additional_txkeys_x = need_additional_txkeys; + + std::vector additional_tx_keys_x; + for (const auto k: additional_tx_keys) { + additional_tx_keys_x.push_back(hw::ledger::decrypt(k)); + } + std::vector additional_tx_public_keys_x; std::vector amount_keys_x; crypto::public_key out_eph_public_key_x; @@ -1211,32 +1219,16 @@ namespace hw { additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x); #endif + + + ASSERT_X(tx_version > 1, "TX version not supported"<buffer_send[offset+0] = tx_version>>24; @@ -1244,8 +1236,12 @@ namespace hw { this->buffer_send[offset+2] = tx_version>>8; this->buffer_send[offset+3] = tx_version>>0; offset += 4; - //tx_sec - memmove(&this->buffer_send[offset], sec->data, 32); + + //tx_key + memmove(&this->buffer_send[offset], tx_key.data, 32); + offset += 32; + //txkey_pub + memmove(&this->buffer_send[offset], txkey_pub.data, 32); offset += 32; //Aout memmove(&this->buffer_send[offset], dst_entr.addr.m_view_public_key.data, 32); @@ -1260,6 +1256,7 @@ namespace hw { this->buffer_send[offset+3] = output_index>>0; offset += 4; //is_change, + bool is_change = (change_addr && dst_entr.addr == *change_addr); this->buffer_send[offset] = is_change; offset++; //is_subaddress @@ -1268,23 +1265,22 @@ namespace hw { //need_additional_key this->buffer_send[offset] = need_additional_txkeys; offset++; - + //additional_tx_key + if (need_additional_txkeys) { + memmove(&this->buffer_send[offset], additional_txkey.sec.data, 32); + } else { + memset(&this->buffer_send[offset], 0, 32); + } + offset += 32; this->buffer_send[4] = offset-5; this->length_send = offset; this->exchange(); offset = 0; unsigned int recv_len = this->length_recv; - if (need_additional_txkeys) - { - ASSERT_X(recv_len>=32, "Not enought data from device"); - memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32); - additional_tx_public_keys.push_back(additional_txkey.pub); - offset += 32; - recv_len -= 32; - } - if (tx_version > 1) - { + + //if (tx_version > 1) + { ASSERT_X(recv_len>=32, "Not enought data from device"); crypto::secret_key scalar1; memmove(scalar1.data, &this->buffer_recv[offset],32); @@ -1295,6 +1291,16 @@ namespace hw { ASSERT_X(recv_len>=32, "Not enought data from device"); memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32); recv_len -= 32; + offset += 32; + + if (need_additional_txkeys) + { + ASSERT_X(recv_len>=32, "Not enought data from device"); + memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32); + additional_tx_public_keys.push_back(additional_txkey.pub); + offset += 32; + recv_len -= 32; + } // add ABPkeys this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change, @@ -1302,10 +1308,11 @@ namespace hw { amount_keys.back(), out_eph_public_key); #ifdef DEBUG_HWDEVICE + log_hexbuffer("generate_output_ephemeral_keys: clear amount_key", (const char*)hw::ledger::decrypt(amount_keys.back()).bytes, 32); hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes); if (need_additional_txkeys) { - hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_keys_x.back().data, additional_tx_keys.back().data); - } + hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_public_keys_x.back().data, additional_tx_public_keys.back().data); + } hw::ledger::check32("generate_output_ephemeral_keys", "out_eph_public_key", out_eph_public_key_x.data, out_eph_public_key.data); #endif @@ -1319,6 +1326,32 @@ namespace hw { return true; } + rct::key device_ledger::genCommitmentMask(const rct::key &AKout) { + #ifdef DEBUG_HWDEVICE + const rct::key AKout_x = hw::ledger::decrypt(AKout); + rct::key mask_x; + mask_x = this->controle_device->genCommitmentMask(AKout_x); + #endif + + rct::key mask; + int offset = set_command_header_noopt(INS_GEN_COMMITMENT_MASK); + // AKout + memmove(this->buffer_send+offset, AKout.bytes, 32); + offset += 32; + + this->buffer_send[4] = offset-5; + this->length_send = offset; + this->exchange(); + + memmove(mask.bytes, &this->buffer_recv[0], 32); + + #ifdef DEBUG_HWDEVICE + hw::ledger::check32("genCommitmentMask", "mask", (const char*)mask_x.bytes, (const char*)mask.bytes); + #endif + + return mask; + } + bool device_ledger::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & AKout, bool short_amount) { AUTO_LOCK_CMD(); @@ -1350,6 +1383,7 @@ namespace hw { memmove(unmasked.mask.bytes, &this->buffer_recv[32], 32); #ifdef DEBUG_HWDEVICE + MDEBUG("ecdhEncode: Akout: "<buffer_recv[32], 32); #ifdef DEBUG_HWDEVICE + MDEBUG("ecdhEncode: Akout: "< &amounts, epee::span sk) + Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector &amounts, epee::span sk, hw::device &hwdev) { CHECK_AND_ASSERT_THROW_MES(amounts.size() == sk.size(), "Invalid amounts/sk sizes"); masks.resize(amounts.size()); for (size_t i = 0; i < masks.size(); ++i) - masks[i] = genCommitmentMask(sk[i]); + masks[i] = hwdev.genCommitmentMask(sk[i]); Bulletproof proof = bulletproof_PROVE(amounts, masks); CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size"); C = proof.V; @@ -804,7 +804,7 @@ namespace rct { else { const epee::span keys{&amount_keys[0], amount_keys.size()}; - rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys)); + rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys, hwdev)); #ifdef DBG CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); #endif @@ -833,7 +833,7 @@ namespace rct { else { const epee::span keys{&amount_keys[amounts_proved], batch_size}; - rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys)); + rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys, hwdev)); #ifdef DBG CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); #endif