mirror of
https://github.com/monero-project/monero.git
synced 2024-09-22 21:15:42 +00:00
27a196b126
When #3303 was merged, a cyclic dependency chain was generated: libdevice <- libcncrypto <- libringct <- libdevice This was because libdevice needs access to a set of basic crypto operations implemented in libringct such as scalarmultBase(), while libringct also needs access to abstracted crypto operations implemented in libdevice such as ecdhEncode(). To untangle this cyclic dependency chain, this patch splits libringct into libringct_basic and libringct, where the basic crypto ops previously in libringct are moved into libringct_basic. The cyclic dependency is now resolved thanks to this separation: libcncrypto <- libringct_basic <- libdevice <- libcryptonote_basic <- libringct This eliminates the need for crypto_device.cpp and rctOps_device.cpp. Also, many abstracted interfaces of hw::device such as encrypt_payment_id() and get_subaddress_secret_key() were previously implemented in libcryptonote_basic (cryptonote_format_utils.cpp) and were then called from hw::core::device_default, which is odd because libdevice is supposed to be independent of libcryptonote_basic. Therefore, those functions were moved to device_default.cpp.
139 lines
7.9 KiB
C++
139 lines
7.9 KiB
C++
// Copyright (c) 2016, Monero Research Labs
|
|
//
|
|
// Author: Shen Noether <shen.noether@gmx.com>
|
|
//
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without modification, are
|
|
// permitted provided that the following conditions are met:
|
|
//
|
|
// 1. Redistributions of source code must retain the above copyright notice, this list of
|
|
// conditions and the following disclaimer.
|
|
//
|
|
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
|
|
// of conditions and the following disclaimer in the documentation and/or other
|
|
// materials provided with the distribution.
|
|
//
|
|
// 3. Neither the name of the copyright holder nor the names of its contributors may be
|
|
// used to endorse or promote products derived from this software without specific
|
|
// prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
|
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
|
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
#pragma once
|
|
|
|
//#define DBG
|
|
|
|
#ifndef RCTSIGS_H
|
|
#define RCTSIGS_H
|
|
|
|
#include <cstddef>
|
|
#include <vector>
|
|
#include <tuple>
|
|
|
|
#include "crypto/generic-ops.h"
|
|
|
|
extern "C" {
|
|
#include "crypto/random.h"
|
|
#include "crypto/keccak.h"
|
|
}
|
|
#include "crypto/crypto.h"
|
|
|
|
|
|
#include "rctTypes.h"
|
|
#include "rctOps.h"
|
|
|
|
//Define this flag when debugging to get additional info on the console
|
|
#ifdef DBG
|
|
#define DP(x) dp(x)
|
|
#else
|
|
#define DP(x)
|
|
#endif
|
|
|
|
namespace hw {
|
|
class device;
|
|
}
|
|
|
|
|
|
namespace rct {
|
|
|
|
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices);
|
|
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2);
|
|
|
|
//Multilayered Spontaneous Anonymous Group Signatures (MLSAG signatures)
|
|
//These are aka MG signatutes in earlier drafts of the ring ct paper
|
|
// c.f. http://eprint.iacr.org/2015/1098 section 2.
|
|
// Gen creates a signature which proves that for some column in the keymatrix "pk"
|
|
// the signer knows a secret key for each row in that column
|
|
// Ver verifies that the MG sig was created correctly
|
|
mgSig MLSAG_Gen(const key &message, const keyM & pk, const keyV & xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev);
|
|
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &sig, size_t dsRows);
|
|
//mgSig MLSAG_Gen_Old(const keyM & pk, const keyV & xx, const int index);
|
|
|
|
//proveRange and verRange
|
|
//proveRange gives C, and mask such that \sumCi = C
|
|
// c.f. http://eprint.iacr.org/2015/1098 section 5.1
|
|
// and Ci is a commitment to either 0 or 2^i, i=0,...,63
|
|
// thus this proves that "amount" is in [0, 2^64]
|
|
// mask is a such that C = aG + bH, and b = amount
|
|
//verRange verifies that \sum Ci = C and that each Ci is a commitment to 0 or 2^i
|
|
rangeSig proveRange(key & C, key & mask, const xmr_amount & amount);
|
|
bool verRange(const key & C, const rangeSig & as);
|
|
|
|
//Ring-ct MG sigs
|
|
//Prove:
|
|
// c.f. http://eprint.iacr.org/2015/1098 section 4. definition 10.
|
|
// This does the MG sig on the "dest" part of the given key matrix, and
|
|
// the last row is the sum of input commitments from that column - sum output commitments
|
|
// this shows that sum inputs = sum outputs
|
|
//Ver:
|
|
// verifies the above sig is created corretly
|
|
mgSig proveRctMG(const ctkeyM & pubs, const ctkeyV & inSk, const keyV &outMasks, const ctkeyV & outPk, const multisig_kLRki *kLRki, key *mscout, unsigned int index, key txnFee, const key &message, hw::device &hwdev);
|
|
mgSig proveRctMGSimple(const key & message, const ctkeyV & pubs, const ctkey & inSk, const key &a , const key &Cout, const multisig_kLRki *kLRki, key *mscout, unsigned int index, hw::device &hwdev);
|
|
bool verRctMG(const mgSig &mg, const ctkeyM & pubs, const ctkeyV & outPk, key txnFee, const key &message);
|
|
bool verRctMGSimple(const key &message, const mgSig &mg, const ctkeyV & pubs, const key & C);
|
|
|
|
//These functions get keys from blockchain
|
|
//replace these when connecting blockchain
|
|
//getKeyFromBlockchain grabs a key from the blockchain at "reference_index" to mix with
|
|
//populateFromBlockchain creates a keymatrix with "mixin" columns and one of the columns is inPk
|
|
// the return value are the key matrix, and the index where inPk was put (random).
|
|
void getKeyFromBlockchain(ctkey & a, size_t reference_index);
|
|
std::tuple<ctkeyM, xmr_amount> populateFromBlockchain(ctkeyV inPk, int mixin);
|
|
|
|
//RingCT protocol
|
|
//genRct:
|
|
// creates an rctSig with all data necessary to verify the rangeProofs and that the signer owns one of the
|
|
// columns that are claimed as inputs, and that the sum of inputs = sum of outputs.
|
|
// Also contains masked "amount" and "mask" so the receiver can see how much they received
|
|
//verRct:
|
|
// verifies that all signatures (rangeProogs, MG sig, sum inputs = outputs) are correct
|
|
//decodeRct: (c.f. http://eprint.iacr.org/2015/1098 section 5.1.1)
|
|
// uses the attached ecdh info to find the amounts represented by each output commitment
|
|
// must know the destination private key to find the correct amount, else will return a random number
|
|
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev);
|
|
rctSig genRct(const key &message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, const int mixin, hw::device &hwdev);
|
|
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, xmr_amount txnFee, unsigned int mixin, hw::device &hwdev);
|
|
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, xmr_amount txnFee, const ctkeyM & mixRing, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, const std::vector<unsigned int> & index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev);
|
|
bool verRct(const rctSig & rv, bool semantics);
|
|
static inline bool verRct(const rctSig & rv) { return verRct(rv, true) && verRct(rv, false); }
|
|
bool verRctSimple(const rctSig & rv, bool semantics);
|
|
static inline bool verRctSimple(const rctSig & rv) { return verRctSimple(rv, true) && verRctSimple(rv, false); }
|
|
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);
|
|
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev);
|
|
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);
|
|
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev);
|
|
|
|
bool signMultisig(rctSig &rv, const std::vector<unsigned int> &indices, const keyV &k, const multisig_out &msout, const key &secret_key);
|
|
}
|
|
#endif /* RCTSIGS_H */
|
|
|