Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-01-24 23:16:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

carrot_impl 1/23/25 [WIP]

Browse Source
This commit is contained in:
jeffro256 2025-01-10 14:59:27 -06:00
parent 81317b36cd
commit ccd7e2b394
No known key found for this signature in database
GPG Key ID: 6F79797A6E392442
14 changed files with 1320 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/CMakeLists.txt
View File

@ -84,6 +84,7 @@ include(Version)
monero_add_library(version SOURCES ${CMAKE_BINARY_DIR}/version.cpp DEPENDS genversion)
add_subdirectory(carrot_core)
add_subdirectory(carrot_impl)
add_subdirectory(common)
add_subdirectory(crypto)
add_subdirectory(ringct)

50
src/carrot_impl/CMakeLists.txt Normal file
View File

@ -0,0 +1,50 @@
# Copyright (c) 2024, The Monero Project
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are
# permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this list of
# conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice, this list
# of conditions and the following disclaimer in the documentation and/or other
# materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its contributors may be
# used to endorse or promote products derived from this software without specific
# prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set(carrot_impl_sources
carrot_tx_format_utils.cpp
)
monero_find_all_headers(carrot_impl_headers, "${CMAKE_CURRENT_SOURCE_DIR}")
monero_add_library(carrot_impl
${carrot_impl_sources}
${carrot_impl_headers})
target_link_libraries(carrot_impl
PUBLIC
carrot_core
cryptonote_basic
PRIVATE
${EXTRA_LIBRARIES})
target_include_directories(carrot_impl
PUBLIC
"${CMAKE_CURRENT_SOURCE_DIR}"
PRIVATE
${Boost_INCLUDE_DIRS})

61
src/carrot_impl/carrot_boost_serialization.h Normal file
View File

@ -0,0 +1,61 @@
// Copyright (c) 2024, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#pragma once
//local headers
#include "carrot_core/core_types.h"
//third party headers
#include <boost/serialization/utility.hpp>
//standard headers
//forward declarations
namespace boost
{
namespace serialization
{
//---------------------------------------------------
template <class Archive>
inline void serialize(Archive &a, carrot::view_tag_t &x, const boost::serialization::version_type ver)
{
a & x.bytes;
}
//---------------------------------------------------
template <class Archive>
inline void serialize(Archive &a, carrot::encrypted_janus_anchor_t &x, const boost::serialization::version_type ver)
{
a & x.bytes;
}
//---------------------------------------------------
} //namespace serialization
} //namespace boot

42
src/carrot_impl/carrot_chain_serialization.h Normal file
View File

@ -0,0 +1,42 @@
// Copyright (c) 2024, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
//local headers
#include "carrot_core/core_types.h"
#include "serialization/serialization.h"
//third party headers
//standard headers
//forward declarations
BLOB_SERIALIZER(carrot::view_tag_t);
BLOB_SERIALIZER(carrot::encrypted_janus_anchor_t);

356
src/carrot_impl/carrot_tx_format_utils.cpp Normal file
View File

@ -0,0 +1,356 @@
// Copyright (c) 2024, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//paired header
#include "carrot_tx_format_utils.h"
//local headers
#include "common/container_helpers.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "cryptonote_config.h"
//third party headers
//standard headers
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "carrot_impl"
static_assert(sizeof(mx25519_pubkey) == sizeof(crypto::public_key),
"cannot use crypto::public_key as storage for X25519 keys since size is different");
namespace carrot
{
//-------------------------------------------------------------------------------------------------------------------
//-------------------------------------------------------------------------------------------------------------------
static constexpr const std::uint8_t carrot_rct_type = rct::RCTTypeBulletproof2; // @TODO: WRONG version
//-------------------------------------------------------------------------------------------------------------------
//-------------------------------------------------------------------------------------------------------------------
template <bool is_coinbase, class EnoteContainer>
static void store_carrot_ephemeral_pubkeys_to_extra(const EnoteContainer &enotes, std::vector<uint8_t> &extra_inout)
{
const size_t nouts = enotes.size();
const bool use_shared_ephemeral_pubkey = nouts == 2 && !is_coinbase;
bool success = true;
if (use_shared_ephemeral_pubkey)
{
crypto::public_key tx_pubkey;
const mx25519_pubkey &enote_ephemeral_pubkey = enotes.at(0).enote_ephemeral_pubkey;
memcpy(tx_pubkey.data, enote_ephemeral_pubkey.data, sizeof(tx_pubkey));
success = success && cryptonote::add_tx_pub_key_to_extra(extra_inout, tx_pubkey);
}
else // nouts != 2 or coinbase
{
std::vector<crypto::public_key> tx_pubkeys(nouts);
for (size_t i = 0; i < nouts; ++i)
{
const mx25519_pubkey &enote_ephemeral_pubkey = enotes.at(i).enote_ephemeral_pubkey;
memcpy(tx_pubkeys[i].data, enote_ephemeral_pubkey.data, sizeof(tx_pubkeys[i]));
}
success = success && cryptonote::add_additional_tx_pub_keys_to_extra(extra_inout, tx_pubkeys);
}
CHECK_AND_ASSERT_THROW_MES(success, "add carrot ephemeral pubkeys to extra: failed to add tx_extra fields");
}
//-------------------------------------------------------------------------------------------------------------------
//-------------------------------------------------------------------------------------------------------------------
template <bool is_coinbase, class EnoteContainer>
static bool try_load_carrot_ephemeral_pubkeys_from_extra(const std::vector<cryptonote::tx_extra_field> &extra_fields,
EnoteContainer &enotes_inout)
{
const size_t nouts = enotes_inout.size();
const bool use_shared_ephemeral_pubkey = nouts == 2 && !is_coinbase;
if (use_shared_ephemeral_pubkey)
{
cryptonote::tx_extra_pub_key tx_pubkey;
if (!cryptonote::find_tx_extra_field_by_type(extra_fields, tx_pubkey))
return false;
memcpy(enotes_inout.front().enote_ephemeral_pubkey.data, tx_pubkey.pub_key.data, sizeof(mx25519_pubkey));
memcpy(enotes_inout.back().enote_ephemeral_pubkey.data, tx_pubkey.pub_key.data, sizeof(mx25519_pubkey));
}
else // nouts != 2
{
cryptonote::tx_extra_additional_pub_keys tx_pubkeys;
if (!cryptonote::find_tx_extra_field_by_type(extra_fields, tx_pubkeys))
return false;
else if (tx_pubkeys.data.size() != nouts)
return false;
for (size_t i = 0; i < nouts; ++i)
memcpy(enotes_inout[i].enote_ephemeral_pubkey.data, tx_pubkeys.data.at(i).data, sizeof(mx25519_pubkey));
}
return true;
}
//-------------------------------------------------------------------------------------------------------------------
//-------------------------------------------------------------------------------------------------------------------
cryptonote::transaction store_carrot_to_transaction_v1(const std::vector<CarrotEnoteV1> &enotes,
const std::vector<crypto::key_image> &key_images,
const rct::xmr_amount fee,
const encrypted_payment_id_t encrypted_payment_id)
{
const size_t nins = key_images.size();
const size_t nouts = enotes.size();
cryptonote::transaction tx;
tx.pruned = true;
tx.version = 2;
tx.unlock_time = 0;
tx.vin.reserve(nins);
tx.vout.reserve(nouts);
tx.extra.reserve(MAX_TX_EXTRA_SIZE);
tx.rct_signatures.type = carrot_rct_type;
tx.rct_signatures.txnFee = fee;
tx.rct_signatures.ecdhInfo.reserve(nouts);
tx.rct_signatures.outPk.reserve(nouts);
//inputs
for (const crypto::key_image &ki : key_images)
{
//L
tx.vin.emplace_back(cryptonote::txin_to_key{ //@TODO: can save 2 bytes by using slim input type
.amount = 0,
.key_offsets = {},
.k_image = ki
});
}
//outputs
for (const CarrotEnoteV1 &enote : enotes)
{
//K_o,vt,anchor_enc
tx.vout.push_back(cryptonote::tx_out{0, cryptonote::txout_to_carrot_v1{
.key = enote.onetime_address,
.view_tag = enote.view_tag,
.encrypted_janus_anchor = enote.anchor_enc
}});
//a_enc
rct::ecdhTuple &ecdh_tuple = tools::add_element(tx.rct_signatures.ecdhInfo);
memcpy(ecdh_tuple.amount.bytes, enote.amount_enc.bytes, sizeof(ecdh_tuple.amount));
//C_a
tx.rct_signatures.outPk.push_back(rct::ctkey{rct::key{}, enote.amount_commitment});
}
//ephemeral pubkeys: D_e
store_carrot_ephemeral_pubkeys_to_extra</*is_coinbase=*/false>(enotes, tx.extra);
//encrypted payment id: pid_enc
crypto::hash8 pid_enc_8;
memcpy(pid_enc_8.data, encrypted_payment_id.bytes, sizeof(pid_enc_8));
cryptonote::blobdata extra_nonce;
cryptonote::set_encrypted_payment_id_to_tx_extra_nonce(extra_nonce, pid_enc_8);
CHECK_AND_ASSERT_THROW_MES(cryptonote::add_extra_nonce_to_tx_extra(tx.extra, extra_nonce),
"store carrot to transaction v1: failed to add encrypted payment ID to tx_extra");
//finalize tx_extra
CHECK_AND_ASSERT_THROW_MES(cryptonote::sort_tx_extra(tx.extra, tx.extra, /*allow_partial=*/false),
"store carrot to transaction v1: failed to sort tx_extra");
return tx;
}
//-------------------------------------------------------------------------------------------------------------------
bool try_load_carrot_from_transaction_v1(const cryptonote::transaction &tx,
std::vector<CarrotEnoteV1> &enotes_out,
std::vector<crypto::key_image> &key_images_out,
rct::xmr_amount &fee_out,
std::optional<encrypted_payment_id_t> &encrypted_payment_id_out)
{
const rct::rctSigBase &rv = tx.rct_signatures;
fee_out = rv.txnFee;
const size_t nins = tx.vin.size();
const size_t nouts = tx.vout.size();
if (0 == nins)
return false; // no input_context
else if (nouts != rv.ecdhInfo.size())
return false; // incorrect # of encrypted amounts
else if (nouts != rv.outPk.size())
return false; // incorrect # of amount commitments
//inputs
key_images_out.resize(nins);
for (size_t i = 0; i < nins; ++i)
{
const cryptonote::txin_to_key * const k = boost::strict_get<cryptonote::txin_to_key>(&tx.vin.at(i));
if (nullptr == k)
return false;
//L
key_images_out[i] = k->k_image;
}
//outputs
enotes_out.resize(nouts);
for (size_t i = 0; i < nouts; ++i)
{
const cryptonote::txout_target_v &t = tx.vout.at(i).target;
const cryptonote::txout_to_carrot_v1 * const c = boost::strict_get<cryptonote::txout_to_carrot_v1>(&t);
if (nullptr == c)
return false;
//K_o
enotes_out[i].onetime_address = c->key;
//vt
enotes_out[i].view_tag = c->view_tag;
//anchor_enc
enotes_out[i].anchor_enc = c->encrypted_janus_anchor;
//L_1
enotes_out[i].tx_first_key_image = key_images_out.at(0);
//a_enc
memcpy(enotes_out[i].amount_enc.bytes, rv.ecdhInfo.at(i).amount.bytes, sizeof(encrypted_amount_t));
//C_a
enotes_out[i].amount_commitment = rv.outPk.at(i).mask;
}
//parse tx_extra
std::vector<cryptonote::tx_extra_field> extra_fields;
if (!cryptonote::parse_tx_extra(tx.extra, extra_fields))
return false;
//ephemeral pubkeys: D_e
if (!try_load_carrot_ephemeral_pubkeys_from_extra</*is_coinbase=*/false>(extra_fields, enotes_out))
return false;
//encrypted payment ID: pid_enc
encrypted_payment_id_out = std::nullopt;
cryptonote::tx_extra_nonce extra_nonce;
if (cryptonote::find_tx_extra_field_by_type(extra_fields, extra_nonce))
{
crypto::hash8 pid_enc_8;
if (cryptonote::get_encrypted_payment_id_from_tx_extra_nonce(extra_nonce.nonce, pid_enc_8))
{
encrypted_payment_id_t &pid_enc = encrypted_payment_id_out.emplace();
memcpy(pid_enc.bytes, pid_enc_8.data, sizeof(pid_enc));
}
}
return true;
}
//-------------------------------------------------------------------------------------------------------------------
cryptonote::transaction store_carrot_to_coinbase_transaction_v1(
const std::vector<CarrotCoinbaseEnoteV1> &enotes,
const std::uint64_t block_index)
{
const size_t nouts = enotes.size();
cryptonote::transaction tx;
tx.pruned = false;
tx.version = 2;
tx.unlock_time = block_index + CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW;
tx.vin.reserve(1);
tx.vout.reserve(nouts);
tx.extra.reserve(MAX_TX_EXTRA_SIZE);
tx.rct_signatures.type = rct::RCTTypeNull;
//input
tx.vin.emplace_back(cryptonote::txin_gen{.height = block_index});
//outputs
for (const CarrotCoinbaseEnoteV1 &enote : enotes)
{
//K_o,vt,anchor_enc,a
tx.vout.push_back(cryptonote::tx_out{enote.amount,
cryptonote::txout_to_carrot_v1{
.key = enote.onetime_address,
.view_tag = enote.view_tag,
.encrypted_janus_anchor = enote.anchor_enc
}
});
}
//ephemeral pubkeys: D_e
store_carrot_ephemeral_pubkeys_to_extra</*is_coinbase=*/true>(enotes, tx.extra);
//we don't need to sort tx_extra since we only added one field
//if you add more tx_extra fields here in the future, then please sort <3
return tx;
}
//-------------------------------------------------------------------------------------------------------------------
bool try_load_carrot_from_coinbase_transaction_v1(const cryptonote::transaction &tx,
std::vector<CarrotCoinbaseEnoteV1> &enotes_out,
std::uint64_t &block_index_out)
{
const size_t nins = tx.vin.size();
const size_t nouts = tx.vout.size();
if (1 == nins)
return false; // not coinbase
//input
const cryptonote::txin_gen * const h = boost::strict_get<cryptonote::txin_gen>(&tx.vin.front());
if (nullptr == h)
return false;
block_index_out = h->height;
//outputs
enotes_out.resize(nouts);
for (size_t i = 0; i < nouts; ++i)
{
//a
enotes_out[i].amount = tx.vout.at(i).amount;
const cryptonote::txout_target_v &t = tx.vout.at(i).target;
const cryptonote::txout_to_carrot_v1 * const c = boost::strict_get<cryptonote::txout_to_carrot_v1>(&t);
if (nullptr == c)
return false;
//K_o
enotes_out[i].onetime_address = c->key;
//vt
enotes_out[i].view_tag = c->view_tag;
//anchor_enc
enotes_out[i].anchor_enc = c->encrypted_janus_anchor;
//block_index
enotes_out[i].block_index = block_index_out;
}
//parse tx_extra
std::vector<cryptonote::tx_extra_field> extra_fields;
if (!cryptonote::parse_tx_extra(tx.extra, extra_fields))
return false;
//ephemeral pubkeys: D_e
if (!try_load_carrot_ephemeral_pubkeys_from_extra</*is_coinbase=*/true>(extra_fields, enotes_out))
return false;
return true;
}
//-------------------------------------------------------------------------------------------------------------------
} //namespace carrot

92
src/carrot_impl/carrot_tx_format_utils.h Normal file
View File

@ -0,0 +1,92 @@
// Copyright (c) 2024, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
//local headers
#include "carrot_core/carrot_enote_types.h"
#include "cryptonote_basic/cryptonote_basic.h"
//third party headers
//standard headers
#include <cstdint>
#include <optional>
//forward declarations
namespace carrot
{
/**
* brief: store_carrot_to_transaction_v1 - store non-coinbase Carrot info to a cryptonote::transaction
* param: enotes -
* param: key_images -
* param: fee -
* param: encrypted_payment_id - pid_enc
* return: a fully populated, pruned, non-coinbase transaction containing given Carrot information
*/
cryptonote::transaction store_carrot_to_transaction_v1(const std::vector<CarrotEnoteV1> &enotes,
const std::vector<crypto::key_image> &key_images,
const rct::xmr_amount fee,
const encrypted_payment_id_t encrypted_payment_id);
/**
* brief: load_carrot_from_transaction_v1 - load non-coinbase Carrot info from a cryptonote::transaction
* param: tx -
* outparam: enotes_out -
* outparam: key_images_out -
* outparam: fee_out -
* outparam: encrypted_payment_id_out -
* return: Carrot enotes, key images, fee, and encrypted pid contained within a non-coinbase transaction
*/
bool try_load_carrot_from_transaction_v1(const cryptonote::transaction &tx,
std::vector<CarrotEnoteV1> &enotes_out,
std::vector<crypto::key_image> &key_images_out,
rct::xmr_amount &fee_out,
std::optional<encrypted_payment_id_t> &encrypted_payment_id_out);
/**
* brief: store_carrot_to_coinbase_transaction_v1 - store coinbase Carrot info to a cryptonote::transaction
* param: enotes -
* param: block_index -
* return: a full coinbase transaction containing given Carrot information
*/
cryptonote::transaction store_carrot_to_coinbase_transaction_v1(
const std::vector<CarrotCoinbaseEnoteV1> &enotes,
const std::uint64_t block_index);
/**
* brief: try_load_carrot_from_coinbase_transaction_v1 - load coinbase Carrot info from a cryptonote::transaction
* param: tx -
* outparam: enotes_out -
* outparam: block_index_out -
* return: Carrot coinbase enotes and block index contained within a coinbase transaction
*/
bool try_load_carrot_from_coinbase_transaction_v1(const cryptonote::transaction &tx,
std::vector<CarrotCoinbaseEnoteV1> &enotes_out,
std::uint64_t &block_index_out);
} //namespace carrot

34
src/cryptonote_basic/cryptonote_basic.h
View File

@ -43,6 +43,8 @@
#include "serialization/debug_archive.h"
#include "serialization/crypto.h"
#include "serialization/keyvalue_serialization.h" // eepe named serialization
#include "carrot_core/core_types.h"
#include "carrot_impl/carrot_chain_serialization.h"
#include "cryptonote_config.h"
#include "crypto/crypto.h"
#include "crypto/hash.h"
@ -58,14 +60,19 @@ namespace cryptonote
/* outputs */
struct txout_to_script
struct txout_to_carrot_v1
{
std::vector<crypto::public_key> keys;
std::vector<uint8_t> script;
crypto::public_key key; // K_o
carrot::view_tag_t view_tag; // vt
carrot::encrypted_janus_anchor_t encrypted_janus_anchor; // anchor_enc
// Encrypted amount a_enc and amount commitment C_a are stored in rct::rctSigBase
// This allows for reuse of this output type between coinbase and non-coinbase txs
BEGIN_SERIALIZE_OBJECT()
FIELD(keys)
FIELD(script)
FIELD(key)
FIELD(view_tag)
FIELD(encrypted_janus_anchor)
END_SERIALIZE()
};
@ -122,16 +129,7 @@ namespace cryptonote
struct txin_to_scripthash
{
crypto::hash prev;
size_t prevout;
txout_to_script script;
std::vector<uint8_t> sigset;
BEGIN_SERIALIZE_OBJECT()
FIELD(prev)
VARINT_FIELD(prevout)
FIELD(script)
FIELD(sigset)
END_SERIALIZE()
};
@ -151,7 +149,7 @@ namespace cryptonote
typedef boost::variant<txin_gen, txin_to_script, txin_to_scripthash, txin_to_key> txin_v;
typedef boost::variant<txout_to_script, txout_to_scripthash, txout_to_key, txout_to_tagged_key> txout_target_v;
typedef boost::variant<txout_to_carrot_v1, txout_to_scripthash, txout_to_key, txout_to_tagged_key> txout_target_v;
//typedef std::pair<uint64_t, txout> out_t;
struct tx_out
@ -573,7 +571,7 @@ VARIANT_TAG(binary_archive, cryptonote::txin_gen, 0xff);
VARIANT_TAG(binary_archive, cryptonote::txin_to_script, 0x0);
VARIANT_TAG(binary_archive, cryptonote::txin_to_scripthash, 0x1);
VARIANT_TAG(binary_archive, cryptonote::txin_to_key, 0x2);
VARIANT_TAG(binary_archive, cryptonote::txout_to_script, 0x0);
VARIANT_TAG(binary_archive, cryptonote::txout_to_carrot_v1, 0x0);
VARIANT_TAG(binary_archive, cryptonote::txout_to_scripthash, 0x1);
VARIANT_TAG(binary_archive, cryptonote::txout_to_key, 0x2);
VARIANT_TAG(binary_archive, cryptonote::txout_to_tagged_key, 0x3);
@ -584,7 +582,7 @@ VARIANT_TAG(json_archive, cryptonote::txin_gen, "gen");
VARIANT_TAG(json_archive, cryptonote::txin_to_script, "script");
VARIANT_TAG(json_archive, cryptonote::txin_to_scripthash, "scripthash");
VARIANT_TAG(json_archive, cryptonote::txin_to_key, "key");
VARIANT_TAG(json_archive, cryptonote::txout_to_script, "script");
VARIANT_TAG(json_archive, cryptonote::txout_to_carrot_v1, "carrot_v1");
VARIANT_TAG(json_archive, cryptonote::txout_to_scripthash, "scripthash");
VARIANT_TAG(json_archive, cryptonote::txout_to_key, "key");
VARIANT_TAG(json_archive, cryptonote::txout_to_tagged_key, "tagged_key");
@ -595,7 +593,7 @@ VARIANT_TAG(debug_archive, cryptonote::txin_gen, "gen");
VARIANT_TAG(debug_archive, cryptonote::txin_to_script, "script");
VARIANT_TAG(debug_archive, cryptonote::txin_to_scripthash, "scripthash");
VARIANT_TAG(debug_archive, cryptonote::txin_to_key, "key");
VARIANT_TAG(debug_archive, cryptonote::txout_to_script, "script");
VARIANT_TAG(debug_archive, cryptonote::txout_to_carrot_v1, "carrot_v1");
VARIANT_TAG(debug_archive, cryptonote::txout_to_scripthash, "scripthash");
VARIANT_TAG(debug_archive, cryptonote::txout_to_key, "key");
VARIANT_TAG(debug_archive, cryptonote::txout_to_tagged_key, "tagged_key");

12
src/cryptonote_basic/cryptonote_boost_serialization.h
View File

@ -38,6 +38,7 @@
#include <boost/serialization/is_bitwise_serializable.hpp>
#include <boost/archive/portable_binary_iarchive.hpp>
#include <boost/archive/portable_binary_oarchive.hpp>
#include "carrot_impl/carrot_boost_serialization.h"
#include "cryptonote_basic.h"
#include "difficulty.h"
#include "common/unordered_containers_boost_serialization.h"
@ -93,10 +94,11 @@ namespace boost
}
template <class Archive>
inline void serialize(Archive &a, cryptonote::txout_to_script &x, const boost::serialization::version_type ver)
inline void serialize(Archive &a, cryptonote::txout_to_carrot_v1 &x, const boost::serialization::version_type ver)
{
a & x.keys;
a & x.script;
a & x.key;
a & x.view_tag;
a & x.encrypted_janus_anchor;
}
@ -136,10 +138,6 @@ namespace boost
template <class Archive>
inline void serialize(Archive &a, cryptonote::txin_to_scripthash &x, const boost::serialization::version_type ver)
{
a & x.prev;
a & x.prevout;
a & x.script;
a & x.sigset;
}
template <class Archive>

2
src/cryptonote_basic/tx_extra.h
View File

@ -91,6 +91,7 @@ namespace cryptonote
struct tx_extra_pub_key
{
// while marked `crypto::public_key`, which usually means Ed25519, this will hold an X25519 pubkey in Carrot txs
crypto::public_key pub_key;
BEGIN_SERIALIZE()
@ -158,6 +159,7 @@ namespace cryptonote
// per-output additional tx pubkey for multi-destination transfers involving at least one subaddress
struct tx_extra_additional_pub_keys
{
// same as tx_extra_pub_key, this is a vector of X25519 pubkeys in Carrot txs
std::vector<crypto::public_key> data;
BEGIN_SERIALIZE()

33
src/serialization/json_object.cpp
View File

@ -458,12 +458,6 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_script& txin
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txin_to_scripthash& txin)
{
dest.StartObject();
INSERT_INTO_JSON_OBJECT(dest, prev, txin.prev);
INSERT_INTO_JSON_OBJECT(dest, prevout, txin.prevout);
INSERT_INTO_JSON_OBJECT(dest, script, txin.script);
INSERT_INTO_JSON_OBJECT(dest, sigset, txin.sigset);
dest.EndObject();
}
@ -474,11 +468,6 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_scripthash&
{
throw WRONG_TYPE("json object");
}
GET_FROM_JSON_OBJECT(val, txin.prev, prev);
GET_FROM_JSON_OBJECT(val, txin.prevout, prevout);
GET_FROM_JSON_OBJECT(val, txin.script, script);
GET_FROM_JSON_OBJECT(val, txin.sigset, sigset);
}
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txin_to_key& txin)
@ -505,25 +494,27 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_key& txin)
}
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_to_script& txout)
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_to_carrot_v1& txout)
{
dest.StartObject();
INSERT_INTO_JSON_OBJECT(dest, keys, txout.keys);
INSERT_INTO_JSON_OBJECT(dest, script, txout.script);
INSERT_INTO_JSON_OBJECT(dest, key, txout.key);
INSERT_INTO_JSON_OBJECT(dest, view_tag, txout.view_tag);
INSERT_INTO_JSON_OBJECT(dest, encrypted_janus_anchor, txout.encrypted_janus_anchor);
dest.EndObject();
}
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_script& txout)
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_carrot_v1& txout)
{
if (!val.IsObject())
{
throw WRONG_TYPE("json object");
}
GET_FROM_JSON_OBJECT(val, txout.keys, keys);
GET_FROM_JSON_OBJECT(val, txout.script, script);
GET_FROM_JSON_OBJECT(val, txout.key, key);
GET_FROM_JSON_OBJECT(val, txout.view_tag, view_tag);
GET_FROM_JSON_OBJECT(val, txout.encrypted_janus_anchor, encrypted_janus_anchor);
}
@ -606,9 +597,9 @@ void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::t
{
INSERT_INTO_JSON_OBJECT(dest, to_tagged_key, output);
}
void operator()(cryptonote::txout_to_script const& output) const
void operator()(cryptonote::txout_to_carrot_v1 const& output) const
{
INSERT_INTO_JSON_OBJECT(dest, to_script, output);
INSERT_INTO_JSON_OBJECT(dest, to_carrot_v1, output);
}
void operator()(cryptonote::txout_to_scripthash const& output) const
{
@ -650,9 +641,9 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::tx_out& txout)
fromJsonValue(elem.value, tmpVal);
txout.target = std::move(tmpVal);
}
else if (elem.name == "to_script")
else if (elem.name == "to_carrot_v1")
{
cryptonote::txout_to_script tmpVal;
cryptonote::txout_to_carrot_v1 tmpVal;
fromJsonValue(elem.value, tmpVal);
txout.target = std::move(tmpVal);
}

4
src/serialization/json_object.h
View File

@ -221,8 +221,8 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_key& txin);
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_target_v& txout);
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_target_v& txout);
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_to_script& txout);
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_script& txout);
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_to_carrot_v1& txout);
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_carrot_v1& txout);
void toJsonValue(rapidjson::Writer<epee::byte_stream>& dest, const cryptonote::txout_to_scripthash& txout);
void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_scripthash& txout);

13
tests/core_tests/tx_validation.cpp
View File

@ -731,19 +731,6 @@ bool gen_tx_output_is_not_txout_to_key::generate(std::vector<test_event_entry>&
builder.step1_init();
builder.step2_fill_inputs(miner_account.get_keys(), sources);
builder.m_tx.vout.push_back(tx_out());
builder.m_tx.vout.back().amount = 1;
builder.m_tx.vout.back().target = txout_to_script();
builder.step4_calc_hash();
builder.step5_sign(sources);
DO_CALLBACK(events, "mark_invalid_tx");
events.push_back(builder.m_tx);
builder.step1_init();
builder.step2_fill_inputs(miner_account.get_keys(), sources);
builder.m_tx.vout.push_back(tx_out());
builder.m_tx.vout.back().amount = 1;
builder.m_tx.vout.back().target = txout_to_scripthash();

2
tests/unit_tests/CMakeLists.txt
View File

@ -39,6 +39,7 @@ set(unit_tests_sources
bulletproofs_plus.cpp
canonical_amounts.cpp
carrot_core.cpp
carrot_impl.cpp
carrot_legacy.cpp
carrot_transcript_fixed.cpp
chacha.cpp
@ -118,6 +119,7 @@ target_link_libraries(unit_tests
PRIVATE
ringct
carrot_core
carrot_impl
cryptonote_protocol
cryptonote_core
daemon_messages

679
tests/unit_tests/carrot_impl.cpp Normal file
View File

@ -0,0 +1,679 @@
// Copyright (c) 2024, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "gtest/gtest.h"
#include <boost/multiprecision/cpp_int.hpp>
#include "carrot_core/account_secrets.h"
#include "carrot_core/address_utils.h"
#include "carrot_core/carrot_enote_scan.h"
#include "carrot_core/destination.h"
#include "carrot_core/device_ram_borrowed.h"
#include "carrot_core/enote_utils.h"
#include "carrot_core/output_set_finalization.h"
#include "carrot_core/payment_proposal.h"
#include "carrot_impl/carrot_tx_format_utils.h"
#include "common/container_helpers.h"
#include "crypto/generators.h"
#include "cryptonote_basic/account.h"
#include "cryptonote_basic/subaddress_index.h"
#include "ringct/rctOps.h"
using namespace carrot;
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
namespace
{
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static constexpr std::uint32_t MAX_SUBADDRESS_MAJOR_INDEX = 50;
static constexpr std::uint32_t MAX_SUBADDRESS_MINOR_INDEX = 200;
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
struct mock_carrot_or_legacy_keys
{
bool is_carrot;
crypto::secret_key s_master;
crypto::secret_key k_prove_spend;
crypto::secret_key s_view_balance;
crypto::secret_key k_generate_image;
crypto::secret_key k_view;
crypto::secret_key s_generate_address;
crypto::public_key account_spend_pubkey;
crypto::public_key account_view_pubkey;
crypto::public_key main_address_view_pubkey;
cryptonote::account_base legacy_acb;
view_incoming_key_ram_borrowed_device k_view_dev;
view_balance_secret_ram_borrowed_device s_view_balance_dev;
mock_carrot_or_legacy_keys(): k_view_dev(k_view), s_view_balance_dev(s_view_balance) {}
void generate_carrot()
{
is_carrot = true;
crypto::generate_random_bytes_thread_safe(sizeof(crypto::secret_key), to_bytes(s_master));
make_carrot_provespend_key(s_master, k_prove_spend);
make_carrot_viewbalance_secret(s_master, s_view_balance);
make_carrot_generateimage_key(s_view_balance, k_generate_image);
make_carrot_viewincoming_key(s_view_balance, k_view);
make_carrot_generateaddress_secret(s_view_balance, s_generate_address);
make_carrot_spend_pubkey(k_generate_image, k_prove_spend, account_spend_pubkey);
account_view_pubkey = rct::rct2pk(rct::scalarmultKey(rct::pk2rct(account_spend_pubkey),
rct::sk2rct(k_view)));
main_address_view_pubkey = rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k_view)));
}
void generate_legacy()
{
is_carrot = false;
legacy_acb.generate();
k_view = legacy_acb.get_keys().m_view_secret_key;
}
CarrotDestinationV1 cryptonote_address(const payment_id_t payment_id = null_payment_id) const
{
CarrotDestinationV1 addr;
if (is_carrot)
{
make_carrot_integrated_address_v1(account_spend_pubkey,
main_address_view_pubkey,
payment_id,
addr);
}
else
{
make_carrot_integrated_address_v1(legacy_acb.get_keys().m_account_address.m_spend_public_key,
legacy_acb.get_keys().m_account_address.m_view_public_key,
payment_id,
addr);
}
return addr;
}
CarrotDestinationV1 subaddress(const uint32_t major_index, const uint32_t minor_index) const
{
if (!major_index && !minor_index)
return cryptonote_address();
CarrotDestinationV1 addr;
if (is_carrot)
{
make_carrot_subaddress_v1(account_spend_pubkey,
account_view_pubkey,
s_generate_address,
major_index,
minor_index,
addr);
}
else
{
const cryptonote::account_keys &ks = legacy_acb.get_keys();
const cryptonote::account_public_address cnaddr =
ks.m_device->get_subaddress(ks, {major_index, minor_index});
addr = CarrotDestinationV1{
.address_spend_pubkey = cnaddr.m_spend_public_key,
.address_view_pubkey = cnaddr.m_view_public_key,
.is_subaddress = true,
.payment_id = null_payment_id
};
}
return addr;
}
void get_output_enote_proposals_as_self_sender(std::vector<CarrotPaymentProposalV1> &&normal_payment_proposals,
std::vector<CarrotPaymentProposalSelfSendV1> &&selfsend_payment_proposals,
const crypto::key_image &tx_first_key_image,
std::vector<RCTOutputEnoteProposal> &output_enote_proposals_out,
encrypted_payment_id_t &encrypted_payment_id_out) const
{
const crypto::public_key &account_spend_pubkey = is_carrot
? this->account_spend_pubkey : legacy_acb.get_keys().m_account_address.m_spend_public_key;
get_output_enote_proposals(std::forward<std::vector<CarrotPaymentProposalV1>>(normal_payment_proposals),
std::forward<std::vector<CarrotPaymentProposalSelfSendV1>>(selfsend_payment_proposals),
is_carrot ? &s_view_balance_dev : nullptr,
is_carrot ? nullptr : &k_view_dev,
account_spend_pubkey,
tx_first_key_image,
output_enote_proposals_out,
encrypted_payment_id_out);
}
// brief: opening_for_subaddress - return (k^g_a, k^t_a) for j s.t. K^j_s = (k^g_a * G + k^t_a * T)
void opening_for_subaddress(const uint32_t major_index,
const uint32_t minor_index,
crypto::secret_key &address_privkey_g_out,
crypto::secret_key &address_privkey_t_out,
crypto::public_key &address_spend_pubkey_out) const
{
const bool is_subaddress = major_index || minor_index;
if (is_carrot)
{
// s^j_gen = H_32[s_ga](j_major, j_minor)
crypto::secret_key address_index_generator;
make_carrot_index_extension_generator(s_generate_address, minor_index, minor_index, address_index_generator);
crypto::secret_key subaddress_scalar;
if (is_subaddress)
{
// k^j_subscal = H_n(K_s, j_major, j_minor, s^j_gen)
make_carrot_subaddress_scalar(account_spend_pubkey, address_index_generator, major_index, minor_index, subaddress_scalar);
}
else
{
subaddress_scalar.data[0] = 1;
}
// k^g_a = k_gi * k^j_subscal
sc_mul(to_bytes(address_privkey_g_out), to_bytes(k_generate_image), to_bytes(subaddress_scalar));
// k^t_a = k_ps * k^j_subscal
sc_mul(to_bytes(address_privkey_t_out), to_bytes(k_prove_spend), to_bytes(subaddress_scalar));
}
else // legacy keys
{
// m = Hn(k_v || j_major || j_minor)
const cryptonote::account_keys &ks = legacy_acb.get_keys();
const crypto::secret_key subaddress_extension =
ks.get_device().get_subaddress_secret_key(ks.m_view_secret_key, {major_index, minor_index});
// k^g_a = k_s + m
sc_add(to_bytes(address_privkey_g_out), to_bytes(ks.m_spend_secret_key), to_bytes(subaddress_extension));
// k^t_a = 0
memset(address_privkey_t_out.data, 0, sizeof(address_privkey_t_out));
}
// perform sanity check
const CarrotDestinationV1 addr = subaddress(major_index, minor_index);
rct::key recomputed_address_spend_pubkey;
rct::addKeys2(recomputed_address_spend_pubkey,
rct::sk2rct(address_privkey_g_out),
rct::sk2rct(address_privkey_t_out),
rct::pk2rct(crypto::get_T()));
CHECK_AND_ASSERT_THROW_MES(rct::rct2pk(recomputed_address_spend_pubkey) == addr.address_spend_pubkey,
"mock carrot or legacy keys: opening for subaddress: failed sanity check");
address_spend_pubkey_out = addr.address_spend_pubkey;
}
bool try_searching_for_opening_for_subaddress(const crypto::public_key &address_spend_pubkey,
const uint32_t max_major_index,
const uint32_t max_minor_index,
uint32_t major_index_out,
uint32_t minor_index_out,
crypto::secret_key &address_privkey_g_out,
crypto::secret_key &address_privkey_t_out) const
{
// shittier version of a subaddress lookahead table
for (major_index_out = 0; major_index_out < max_major_index; ++major_index_out)
{
for (minor_index_out = 0; minor_index_out < max_minor_index; ++minor_index_out)
{
crypto::public_key recomputed_address_spend_pubkey;
opening_for_subaddress(major_index_out,
minor_index_out,
address_privkey_g_out,
address_privkey_t_out,
recomputed_address_spend_pubkey);
if (address_spend_pubkey == recomputed_address_spend_pubkey)
return true;
}
}
return false;
}
};
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static bool can_open_fcmp_onetime_address(const crypto::secret_key &address_privkey_g,
const crypto::secret_key &address_privkey_t,
const crypto::secret_key &sender_extension_g,
const crypto::secret_key &sender_extension_t,
const crypto::public_key &onetime_address)
{
rct::key combined_g;
sc_add(combined_g.bytes, to_bytes(address_privkey_g), to_bytes(sender_extension_g));
rct::key combined_t;
sc_add(combined_t.bytes, to_bytes(address_privkey_t), to_bytes(sender_extension_t));
// Ko' = combined_g G + combined_t T
rct::key recomputed_onetime_address;
rct::addKeys2(recomputed_onetime_address, combined_g, combined_t, rct::pk2rct(crypto::get_T()));
// Ko' ?= Ko
return recomputed_onetime_address == onetime_address;
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
struct unittest_carrot_scan_result_t
{
crypto::public_key address_spend_pubkey = rct::rct2pk(rct::I);
crypto::secret_key sender_extension_g = rct::rct2sk(rct::I);
crypto::secret_key sender_extension_t = rct::rct2sk(rct::I);
rct::xmr_amount amount = 0;
crypto::secret_key amount_blinding_factor = rct::rct2sk(rct::I);
CarrotEnoteType enote_type = CarrotEnoteType::PAYMENT;
payment_id_t payment_id = null_payment_id;
janus_anchor_t internal_message = janus_anchor_t{};
size_t output_index = 0;
};
static void unittest_scan_enote_set(const std::vector<CarrotEnoteV1> &enotes,
const encrypted_payment_id_t encrypted_payment_id,
const mock_carrot_or_legacy_keys keys,
std::vector<unittest_carrot_scan_result_t> &res)
{
res.clear();
// for each enote...
for (size_t output_index = 0; output_index < enotes.size(); ++output_index)
{
const CarrotEnoteV1 &enote = enotes.at(output_index);
// s_sr = k_v D_e
mx25519_pubkey s_sr;
make_carrot_uncontextualized_shared_key_receiver(keys.k_view, enote.enote_ephemeral_pubkey, s_sr);
// external scan
unittest_carrot_scan_result_t scan_result{};
bool r = try_scan_carrot_enote_external(enote,
encrypted_payment_id,
s_sr,
keys.k_view_dev,
keys.account_spend_pubkey,
scan_result.sender_extension_g,
scan_result.sender_extension_t,
scan_result.address_spend_pubkey,
scan_result.amount,
scan_result.amount_blinding_factor,
scan_result.payment_id,
scan_result.enote_type);
// internal scan
r = r || try_scan_carrot_enote_internal(enote,
keys.s_view_balance_dev,
scan_result.sender_extension_g,
scan_result.sender_extension_t,
scan_result.address_spend_pubkey,
scan_result.amount,
scan_result.amount_blinding_factor,
scan_result.enote_type,
scan_result.internal_message);
scan_result.output_index = output_index;
if (r)
res.push_back(scan_result);
}
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static void unittest_scan_enote_set_multi_account(const std::vector<CarrotEnoteV1> &enotes,
const encrypted_payment_id_t encrypted_payment_id,
const epee::span<const mock_carrot_or_legacy_keys * const> accounts,
std::vector<std::vector<unittest_carrot_scan_result_t>> &res)
{
res.clear();
res.reserve(accounts.size());
for (const mock_carrot_or_legacy_keys *account : accounts)
unittest_scan_enote_set(enotes, encrypted_payment_id, *account, tools::add_element(res));
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static bool compare_scan_result(const unittest_carrot_scan_result_t &scan_res,
const CarrotPaymentProposalV1 &normal_payment_proposal)
{
if (scan_res.address_spend_pubkey != normal_payment_proposal.destination.address_spend_pubkey)
return false;
if (scan_res.amount != normal_payment_proposal.amount)
return false;
if (scan_res.enote_type != CarrotEnoteType::PAYMENT)
return false;
if (scan_res.payment_id != normal_payment_proposal.destination.payment_id)
return false;
if (scan_res.internal_message != janus_anchor_t{})
return false;
return true;
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static bool compare_scan_result(const unittest_carrot_scan_result_t &scan_res,
const CarrotPaymentProposalSelfSendV1 &selfsend_payment_proposal)
{
if (scan_res.address_spend_pubkey != selfsend_payment_proposal.destination_address_spend_pubkey)
return false;
if (scan_res.amount != selfsend_payment_proposal.amount)
return false;
if (scan_res.enote_type != selfsend_payment_proposal.enote_type)
return false;
if (scan_res.payment_id != null_payment_id)
return false;
if (scan_res.internal_message != selfsend_payment_proposal.internal_message.value_or(janus_anchor_t{}))
return false;
return true;
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
struct unittest_transaction_proposal
{
using per_account = std::pair<mock_carrot_or_legacy_keys, std::vector<CarrotPaymentProposalV1>>;
using per_input = std::pair<crypto::key_image, rct::xmr_amount>;
std::vector<per_account> per_account_payments;
std::vector<CarrotPaymentProposalSelfSendV1> explicit_selfsend_proposals;
size_t self_sender_index{0};
rct::xmr_amount fee;
std::vector<per_input> inputs;
tools::optional_variant<CarrotPaymentProposalV1, CarrotPaymentProposalSelfSendV1>
get_additional_output_proposal() const
{
boost::multiprecision::uint128_t input_sum = 0;
for (const per_input &input : inputs)
input_sum += input.second;
CHECK_AND_ASSERT_THROW_MES(inputs.size(), "we need at least one input");
CHECK_AND_ASSERT_THROW_MES(per_account_payments.at(self_sender_index).second.empty(),
"self-sender shouldn't contain any normal payment proposals in their own tx");
input_context_t input_context;
make_carrot_input_context(inputs.front().first, input_context);
size_t num_payment_proposals = 0;
boost::multiprecision::uint128_t output_sum = fee;
bool has_payment_selfsend = false;
for (const per_account &per_acc : per_account_payments)
{
for (const CarrotPaymentProposalV1 &payment_proposal : per_acc.second)
{
output_sum += payment_proposal.amount;
num_payment_proposals++;
}
}
for (const CarrotPaymentProposalSelfSendV1 &selfsend_proposal : explicit_selfsend_proposals)
{
output_sum += selfsend_proposal.amount;
if (selfsend_proposal.enote_type == CarrotEnoteType::PAYMENT)
has_payment_selfsend = true;
}
CHECK_AND_ASSERT_THROW_MES(input_sum >= output_sum, "not enough funds");
const rct::xmr_amount remaining_change = boost::numeric_cast<rct::xmr_amount>(input_sum - output_sum);
return carrot::get_additional_output_proposal(num_payment_proposals,
explicit_selfsend_proposals.size(),
remaining_change,
has_payment_selfsend,
per_account_payments.at(self_sender_index).first.cryptonote_address().address_spend_pubkey);
}
void finalize_payment_proposals(std::vector<CarrotPaymentProposalV1> &normal_payment_proposals_out,
std::vector<CarrotPaymentProposalSelfSendV1> &selfsend_payment_proposals_out) const
{
for (const per_account &pa : per_account_payments)
{
normal_payment_proposals_out.insert(normal_payment_proposals_out.end(),
pa.second.cbegin(),
pa.second.cend());
}
selfsend_payment_proposals_out = explicit_selfsend_proposals;
const auto additional_proposal = get_additional_output_proposal();
struct additional_proposal_visitor
{
void operator()(boost::blank) {}
void operator()(const CarrotPaymentProposalV1 &p) { normal_payment_proposals_out.push_back(p); }
void operator()(const CarrotPaymentProposalSelfSendV1 &p) { selfsend_payment_proposals_out.push_back(p); }
std::vector<CarrotPaymentProposalV1> &normal_payment_proposals_out;
std::vector<CarrotPaymentProposalSelfSendV1> &selfsend_payment_proposals_out;
};
additional_proposal.visit(additional_proposal_visitor{normal_payment_proposals_out, selfsend_payment_proposals_out});
}
};
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
} // namespace
static inline bool operator==(const mx25519_pubkey &a, const mx25519_pubkey &b)
{
return 0 == memcmp(&a, &b, sizeof(mx25519_pubkey));
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
static void subtest_multi_account_transfer_over_transaction(const unittest_transaction_proposal &tx_proposal)
{
// finalize payment proposals
std::vector<CarrotPaymentProposalV1> normal_payment_proposals;
std::vector<CarrotPaymentProposalSelfSendV1> selfsend_payment_proposals;
tx_proposal.finalize_payment_proposals(normal_payment_proposals, selfsend_payment_proposals);
// convert to enotes and pid_enc
std::vector<RCTOutputEnoteProposal> enote_output_proposals;
encrypted_payment_id_t encrypted_payment_id;
tx_proposal.per_account_payments.at(tx_proposal.self_sender_index).first.get_output_enote_proposals_as_self_sender(
std::move(normal_payment_proposals), // move
std::vector<CarrotPaymentProposalSelfSendV1>(selfsend_payment_proposals), // copy (tested later)
tx_proposal.inputs.at(0).first,
enote_output_proposals,
encrypted_payment_id);
// collect enotes
std::vector<CarrotEnoteV1> enotes;
for (const RCTOutputEnoteProposal &oep : enote_output_proposals)
enotes.push_back(oep.enote);
// collect key images
std::vector<crypto::key_image> key_images;
for (const auto &i : tx_proposal.inputs)
key_images.push_back(i.first);
// stuff carrot info into tx
const cryptonote::transaction tx = store_carrot_to_transaction_v1(enotes,
key_images,
tx_proposal.fee,
encrypted_payment_id);
// load carrot stuff from tx
std::vector<CarrotEnoteV1> parsed_enotes;
std::vector<crypto::key_image> parsed_key_images;
rct::xmr_amount parsed_fee;
std::optional<encrypted_payment_id_t> parsed_encrypted_payment_id;
ASSERT_TRUE(try_load_carrot_from_transaction_v1(tx,
parsed_enotes,
parsed_key_images,
parsed_fee,
parsed_encrypted_payment_id));
// check loaded carrot stuff == stored carrot stuff
EXPECT_EQ(enotes, parsed_enotes);
EXPECT_EQ(key_images, parsed_key_images);
EXPECT_EQ(tx_proposal.fee, parsed_fee);
ASSERT_TRUE(parsed_encrypted_payment_id);
EXPECT_EQ(encrypted_payment_id, *parsed_encrypted_payment_id);
// collect accounts
std::vector<const mock_carrot_or_legacy_keys*> accounts;
for (const auto &pa : tx_proposal.per_account_payments)
accounts.push_back(&pa.first);
// do scanning of all accounts on every enotes
std::vector<std::vector<unittest_carrot_scan_result_t>> scan_results;
unittest_scan_enote_set_multi_account(parsed_enotes,
*parsed_encrypted_payment_id,
epee::to_span(accounts),
scan_results);
// assert properties of finalized selfsend payment proposals as compared to explicit selfsend payment proposals
ASSERT_GE(selfsend_payment_proposals.size(), tx_proposal.explicit_selfsend_proposals.size());
for (size_t i = 0; i < tx_proposal.explicit_selfsend_proposals.size(); ++i)
{
EXPECT_EQ(tx_proposal.explicit_selfsend_proposals.at(i), selfsend_payment_proposals.at(i));
}
// check that the scan results for each account match the corresponding payment proposals for each account
// also check that the accounts can each open their corresponding onetime outut pubkeys
ASSERT_EQ(scan_results.size(), accounts.size());
for (size_t account_idx = 0; account_idx < accounts.size(); ++account_idx)
{
const std::vector<unittest_carrot_scan_result_t> &account_scan_results = scan_results.at(account_idx);
if (account_idx == tx_proposal.self_sender_index)
{
ASSERT_EQ(selfsend_payment_proposals.size(), account_scan_results.size());
for (const unittest_carrot_scan_result_t &single_scan_res : account_scan_results)
{
bool matched_payment = false;
for (const CarrotPaymentProposalSelfSendV1 &account_payment_proposal : selfsend_payment_proposals)
{
if (compare_scan_result(single_scan_res, account_payment_proposal))
{
crypto::secret_key address_privkey_g;
crypto::secret_key address_privkey_t;
uint32_t _1{}, _2{};
EXPECT_TRUE(accounts.at(account_idx)->try_searching_for_opening_for_subaddress(
single_scan_res.address_spend_pubkey,
MAX_SUBADDRESS_MAJOR_INDEX,
MAX_SUBADDRESS_MINOR_INDEX,
_1,
_2,
address_privkey_g,
address_privkey_t));
EXPECT_TRUE(can_open_fcmp_onetime_address(address_privkey_g,
address_privkey_t,
single_scan_res.sender_extension_g,
single_scan_res.sender_extension_t,
parsed_enotes.at(single_scan_res.output_index).onetime_address));
matched_payment = true;
break;
}
}
EXPECT_TRUE(matched_payment);
}
}
else
{
const std::vector<CarrotPaymentProposalV1> &account_payment_proposals = tx_proposal.per_account_payments.at(account_idx).second;
ASSERT_EQ(account_payment_proposals.size(), account_scan_results.size());
for (const unittest_carrot_scan_result_t &single_scan_res : account_scan_results)
{
bool matched_payment = false;
for (const CarrotPaymentProposalV1 &account_payment_proposal : account_payment_proposals)
{
if (compare_scan_result(single_scan_res, account_payment_proposal))
{
crypto::secret_key address_privkey_g;
crypto::secret_key address_privkey_t;
uint32_t _1{}, _2{};
EXPECT_TRUE(accounts.at(account_idx)->try_searching_for_opening_for_subaddress(
single_scan_res.address_spend_pubkey,
MAX_SUBADDRESS_MAJOR_INDEX,
MAX_SUBADDRESS_MINOR_INDEX,
_1,
_2,
address_privkey_g,
address_privkey_t));
EXPECT_TRUE(can_open_fcmp_onetime_address(address_privkey_g,
address_privkey_t,
single_scan_res.sender_extension_g,
single_scan_res.sender_extension_t,
parsed_enotes.at(single_scan_res.output_index).onetime_address));
matched_payment = true;
break;
}
}
EXPECT_TRUE(matched_payment);
}
}
}
}
//----------------------------------------------------------------------------------------------------------------------
//----------------------------------------------------------------------------------------------------------------------
TEST(carrot_impl, multi_account_transfer_over_transaction_1)
{
// two accounts, both carrot
// 1/2 tx
// 1 normal payment to main address
// 0 explicit selfsend payments
unittest_transaction_proposal tx_proposal;
tx_proposal.per_account_payments.resize(2);
mock_carrot_or_legacy_keys &acc0 = tx_proposal.per_account_payments[0].first;
mock_carrot_or_legacy_keys &acc1 = tx_proposal.per_account_payments[1].first;
acc0.generate_carrot();
acc1.generate_carrot();
// 1 normal payment
CarrotPaymentProposalV1 &normal_payment_proposal = tools::add_element( tx_proposal.per_account_payments[0].second);
normal_payment_proposal = CarrotPaymentProposalV1{
.destination = acc0.cryptonote_address(),
.amount = crypto::rand_idx((rct::xmr_amount) 1ull << 63),
.randomness = gen_janus_anchor()
};
// specify self-sender
tx_proposal.self_sender_index = 1;
// specify input
tx_proposal.inputs.emplace_back(rct::rct2ki(rct::pkGen()), normal_payment_proposal.amount | (1ull << 63));
// specify fee
tx_proposal.fee = 3853481201;
// test
subtest_multi_account_transfer_over_transaction(tx_proposal);
}
//----------------------------------------------------------------------------------------------------------------------