d0s3t3ch/wownero
1
0
Fork 0
mirror of https://git.wownero.com/wownero/wownero.git synced 2024-08-15 01:03:23 +00:00
Code Issues Projects Releases Wiki Activity

Add support for V11 protocol with BulletProofV2 and short amount.

Browse source 
New scheme key destination contrfol
Fix dummy decryption in debug mode
This commit is contained in:
cslashm 2018-12-11 10:20:21 +01:00
parent 3a981a3313
commit 98fdcb2aa5
8 changed files with 101 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/cryptonote_core/cryptonote_tx_utils.h
View file

@ -104,6 +104,13 @@ namespace cryptonote
std::vector<rct::key> &amount_keys, std::vector<rct::key> &amount_keys,
crypto::public_key &out_eph_public_key) ; crypto::public_key &out_eph_public_key) ;
bool generate_output_ephemeral_keys(const size_t tx_version, const cryptonote::account_keys &sender_account_keys, const crypto::public_key &txkey_pub, const crypto::secret_key &tx_key,
const cryptonote::tx_destination_entry &dst_entr, const boost::optional<cryptonote::account_public_address> &change_addr, const size_t output_index,
const bool &need_additional_txkeys, const std::vector<crypto::secret_key> &additional_tx_keys,
std::vector<crypto::public_key> &additional_tx_public_keys,
std::vector<rct::key> &amount_keys,
crypto::public_key &out_eph_public_key) ;
bool generate_genesis_block( bool generate_genesis_block(
block& bl block& bl
, std::string const & genesis_tx , std::string const & genesis_tx

2
src/device/CMakeLists.txt
View file

@ -75,4 +75,6 @@ target_link_libraries(device
${OPENSSL_CRYPTO_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARIES}
${Boost_SERIALIZATION_LIBRARY} ${Boost_SERIALIZATION_LIBRARY}
PRIVATE PRIVATE
version
${Blocks}
${EXTRA_LIBRARIES}) ${EXTRA_LIBRARIES})

2
src/device/device.hpp
View file

@ -220,6 +220,8 @@ namespace hw {
return encrypt_payment_id(payment_id, public_key, secret_key); return encrypt_payment_id(payment_id, public_key, secret_key);
} }
virtual rct::key genCommitmentMask(const rct::key &amount_key) = 0;
virtual bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) = 0; virtual bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) = 0;
virtual bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) = 0; virtual bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) = 0;

4
src/device/device_default.cpp
View file

@ -349,6 +349,10 @@ namespace hw {
return true; return true;
} }
rct::key device_default::genCommitmentMask(const rct::key &amount_key) {
return rct::genCommitmentMask(amount_key);
}
bool device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) { bool device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) {
rct::ecdhEncode(unmasked, sharedSec, short_amount); rct::ecdhEncode(unmasked, sharedSec, short_amount);
return true; return true;

2
src/device/device_default.hpp
View file

@ -111,6 +111,8 @@ namespace hw {
bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override; bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override;
rct::key genCommitmentMask(const rct::key &amount_key) override;
bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) override; bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_amount) override;
bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) override; bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_amount) override;

121
src/device/device_ledger.cpp
View file

@ -27,6 +27,7 @@
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// //
#include "version.h"
#include "device_ledger.hpp" #include "device_ledger.hpp"
#include "log.hpp" #include "log.hpp"
#include "ringct/rctOps.h" #include "ringct/rctOps.h"
@ -173,6 +174,7 @@ namespace hw {
#define INS_SET_SIGNATURE_MODE 0x72 #define INS_SET_SIGNATURE_MODE 0x72
#define INS_GET_ADDITIONAL_KEY 0x74 #define INS_GET_ADDITIONAL_KEY 0x74
#define INS_STEALTH 0x76 #define INS_STEALTH 0x76
#define INS_GEN_COMMITMENT_MASK 0x77
#define INS_BLIND 0x78 #define INS_BLIND 0x78
#define INS_UNBLIND 0x7A #define INS_UNBLIND 0x7A
#define INS_GEN_TXOUT_KEYS 0x7B #define INS_GEN_TXOUT_KEYS 0x7B
@ -330,9 +332,9 @@ namespace hw {
this->length_recv -= 2; this->length_recv -= 2;
this->sw = (this->buffer_recv[length_recv]<<8) | this->buffer_recv[length_recv+1]; this->sw = (this->buffer_recv[length_recv]<<8) | this->buffer_recv[length_recv+1];
logRESP();
ASSERT_SW(this->sw,ok,msk); ASSERT_SW(this->sw,ok,msk);
logRESP();
return this->sw; return this->sw;
} }
@ -1197,13 +1199,19 @@ namespace hw {
const cryptonote::account_keys sender_account_keys_x = sender_account_keys; const cryptonote::account_keys sender_account_keys_x = sender_account_keys;
memmove((void*)sender_account_keys_x.m_view_secret_key.data, dbg_viewkey.data, 32); memmove((void*)sender_account_keys_x.m_view_secret_key.data, dbg_viewkey.data, 32);
const crypto::public_key &txkey_pub_x = txkey_pub;
const crypto::secret_key &tx_key_x = tx_key; const crypto::public_key txkey_pub_x = txkey_pub;
const cryptonote::tx_destination_entry &dst_entr_x = dst_entr; const crypto::secret_key tx_key_x = hw::ledger::decrypt(tx_key);
const boost::optional<cryptonote::account_public_address> &change_addr_x = change_addr; const cryptonote::tx_destination_entry dst_entr_x = dst_entr;
const size_t &output_index_x = output_index; const boost::optional<cryptonote::account_public_address> change_addr_x = change_addr;
const bool &need_additional_txkeys_x = need_additional_txkeys; const size_t output_index_x = output_index;
const std::vector<crypto::secret_key> &additional_tx_keys_x = additional_tx_keys; const bool need_additional_txkeys_x = need_additional_txkeys;
std::vector<crypto::secret_key> additional_tx_keys_x;
for (const auto k: additional_tx_keys) {
additional_tx_keys_x.push_back(hw::ledger::decrypt(k));
}
std::vector<crypto::public_key> additional_tx_public_keys_x; std::vector<crypto::public_key> additional_tx_public_keys_x;
std::vector<rct::key> amount_keys_x; std::vector<rct::key> amount_keys_x;
crypto::public_key out_eph_public_key_x; crypto::public_key out_eph_public_key_x;
@ -1211,32 +1219,16 @@ namespace hw {
additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x); additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x);
#endif #endif
ASSERT_X(tx_version > 1, "TX version not supported"<<tx_version);
// make additional tx pubkey if necessary // make additional tx pubkey if necessary
cryptonote::keypair additional_txkey; cryptonote::keypair additional_txkey;
if (need_additional_txkeys) { if (need_additional_txkeys) {
additional_txkey.sec = additional_tx_keys[output_index]; additional_txkey.sec = additional_tx_keys[output_index];
} }
//compute derivation, out_eph_public_key, and amount key in one shot on device, to ensure checkable link
const crypto::secret_key *sec;
bool is_change;
if (change_addr && dst_entr.addr == *change_addr)
{
// sending change to yourself; derivation = a*R
is_change = true;
sec = &sender_account_keys.m_view_secret_key;
}
else
{
is_change = false;
if (dst_entr.is_subaddress && need_additional_txkeys) {
sec = &additional_txkey.sec;
} else {
sec = &tx_key;
}
}
int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS); int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS);
//tx_version //tx_version
this->buffer_send[offset+0] = tx_version>>24; this->buffer_send[offset+0] = tx_version>>24;
@ -1244,8 +1236,12 @@ namespace hw {
this->buffer_send[offset+2] = tx_version>>8; this->buffer_send[offset+2] = tx_version>>8;
this->buffer_send[offset+3] = tx_version>>0; this->buffer_send[offset+3] = tx_version>>0;
offset += 4; offset += 4;
//tx_sec
memmove(&this->buffer_send[offset], sec->data, 32); //tx_key
memmove(&this->buffer_send[offset], tx_key.data, 32);
offset += 32;
//txkey_pub
memmove(&this->buffer_send[offset], txkey_pub.data, 32);
offset += 32; offset += 32;
//Aout //Aout
memmove(&this->buffer_send[offset], dst_entr.addr.m_view_public_key.data, 32); memmove(&this->buffer_send[offset], dst_entr.addr.m_view_public_key.data, 32);
@ -1260,6 +1256,7 @@ namespace hw {
this->buffer_send[offset+3] = output_index>>0; this->buffer_send[offset+3] = output_index>>0;
offset += 4; offset += 4;
//is_change, //is_change,
bool is_change = (change_addr && dst_entr.addr == *change_addr);
this->buffer_send[offset] = is_change; this->buffer_send[offset] = is_change;
offset++; offset++;
//is_subaddress //is_subaddress
@ -1268,23 +1265,22 @@ namespace hw {
//need_additional_key //need_additional_key
this->buffer_send[offset] = need_additional_txkeys; this->buffer_send[offset] = need_additional_txkeys;
offset++; offset++;
//additional_tx_key
if (need_additional_txkeys) {
memmove(&this->buffer_send[offset], additional_txkey.sec.data, 32);
} else {
memset(&this->buffer_send[offset], 0, 32);
}
offset += 32;
this->buffer_send[4] = offset-5; this->buffer_send[4] = offset-5;
this->length_send = offset; this->length_send = offset;
this->exchange(); this->exchange();
offset = 0; offset = 0;
unsigned int recv_len = this->length_recv; unsigned int recv_len = this->length_recv;
if (need_additional_txkeys)
{ //if (tx_version > 1)
ASSERT_X(recv_len>=32, "Not enought data from device"); {
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
if (tx_version > 1)
{
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
crypto::secret_key scalar1; crypto::secret_key scalar1;
memmove(scalar1.data, &this->buffer_recv[offset],32); memmove(scalar1.data, &this->buffer_recv[offset],32);
@ -1295,6 +1291,16 @@ namespace hw {
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32); memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32);
recv_len -= 32; recv_len -= 32;
offset += 32;
if (need_additional_txkeys)
{
ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
// add ABPkeys // add ABPkeys
this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change, this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change,
@ -1302,10 +1308,11 @@ namespace hw {
amount_keys.back(), out_eph_public_key); amount_keys.back(), out_eph_public_key);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
log_hexbuffer("generate_output_ephemeral_keys: clear amount_key", (const char*)hw::ledger::decrypt(amount_keys.back()).bytes, 32);
hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes); hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes);
if (need_additional_txkeys) { if (need_additional_txkeys) {
hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_keys_x.back().data, additional_tx_keys.back().data); hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_public_keys_x.back().data, additional_tx_public_keys.back().data);
} }
hw::ledger::check32("generate_output_ephemeral_keys", "out_eph_public_key", out_eph_public_key_x.data, out_eph_public_key.data); hw::ledger::check32("generate_output_ephemeral_keys", "out_eph_public_key", out_eph_public_key_x.data, out_eph_public_key.data);
#endif #endif
@ -1319,6 +1326,32 @@ namespace hw {
return true; return true;
} }
rct::key device_ledger::genCommitmentMask(const rct::key &AKout) {
#ifdef DEBUG_HWDEVICE
const rct::key AKout_x = hw::ledger::decrypt(AKout);
rct::key mask_x;
mask_x = this->controle_device->genCommitmentMask(AKout_x);
#endif
rct::key mask;
int offset = set_command_header_noopt(INS_GEN_COMMITMENT_MASK);
// AKout
memmove(this->buffer_send+offset, AKout.bytes, 32);
offset += 32;
this->buffer_send[4] = offset-5;
this->length_send = offset;
this->exchange();
memmove(mask.bytes, &this->buffer_recv[0], 32);
#ifdef DEBUG_HWDEVICE
hw::ledger::check32("genCommitmentMask", "mask", (const char*)mask_x.bytes, (const char*)mask.bytes);
#endif
return mask;
}
bool device_ledger::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & AKout, bool short_amount) { bool device_ledger::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & AKout, bool short_amount) {
AUTO_LOCK_CMD(); AUTO_LOCK_CMD();
@ -1350,6 +1383,7 @@ namespace hw {
memmove(unmasked.mask.bytes, &this->buffer_recv[32], 32); memmove(unmasked.mask.bytes, &this->buffer_recv[32], 32);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
MDEBUG("ecdhEncode: Akout: "<<AKout_x);
hw::ledger::check32("ecdhEncode", "amount", (char*)unmasked_x.amount.bytes, (char*)unmasked.amount.bytes); hw::ledger::check32("ecdhEncode", "amount", (char*)unmasked_x.amount.bytes, (char*)unmasked.amount.bytes);
hw::ledger::check32("ecdhEncode", "mask", (char*)unmasked_x.mask.bytes, (char*)unmasked.mask.bytes); hw::ledger::check32("ecdhEncode", "mask", (char*)unmasked_x.mask.bytes, (char*)unmasked.mask.bytes);
@ -1390,6 +1424,7 @@ namespace hw {
memmove(masked.mask.bytes, &this->buffer_recv[32], 32); memmove(masked.mask.bytes, &this->buffer_recv[32], 32);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
MDEBUG("ecdhEncode: Akout: "<<AKout_x);
hw::ledger::check32("ecdhDecode", "amount", (char*)masked_x.amount.bytes, (char*)masked.amount.bytes); hw::ledger::check32("ecdhDecode", "amount", (char*)masked_x.amount.bytes, (char*)masked.amount.bytes);
hw::ledger::check32("ecdhDecode", "mask", (char*)masked_x.mask.bytes,(char*) masked.mask.bytes); hw::ledger::check32("ecdhDecode", "mask", (char*)masked_x.mask.bytes,(char*) masked.mask.bytes);
#endif #endif

2
src/device/device_ledger.hpp
View file

@ -207,6 +207,8 @@ namespace hw {
bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override; bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override;
rct::key genCommitmentMask(const rct::key &amount_key) override;
bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_format) override; bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_format) override;
bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_format) override; bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_format) override;

8
src/ringct/rctSigs.cpp
View file

@ -79,12 +79,12 @@ namespace
} }
namespace rct { namespace rct {
Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector<uint64_t> &amounts, epee::span<const key> sk) Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector<uint64_t> &amounts, epee::span<const key> sk, hw::device &hwdev)
{ {
CHECK_AND_ASSERT_THROW_MES(amounts.size() == sk.size(), "Invalid amounts/sk sizes"); CHECK_AND_ASSERT_THROW_MES(amounts.size() == sk.size(), "Invalid amounts/sk sizes");
masks.resize(amounts.size()); masks.resize(amounts.size());
for (size_t i = 0; i < masks.size(); ++i) for (size_t i = 0; i < masks.size(); ++i)
masks[i] = genCommitmentMask(sk[i]); masks[i] = hwdev.genCommitmentMask(sk[i]);
Bulletproof proof = bulletproof_PROVE(amounts, masks); Bulletproof proof = bulletproof_PROVE(amounts, masks);
CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size"); CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size");
C = proof.V; C = proof.V;
@ -804,7 +804,7 @@ namespace rct {
else else
{ {
const epee::span<const key> keys{&amount_keys[0], amount_keys.size()}; const epee::span<const key> keys{&amount_keys[0], amount_keys.size()};
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys)); rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts, keys, hwdev));
#ifdef DBG #ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif #endif
@ -833,7 +833,7 @@ namespace rct {
else else
{ {
const epee::span<const key> keys{&amount_keys[amounts_proved], batch_size}; const epee::span<const key> keys{&amount_keys[amounts_proved], batch_size};
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys)); rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts, keys, hwdev));
#ifdef DBG #ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof"); CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif #endif