asymptotically
/
monero-core-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated source to 0.13.0.3

Browse Source
pull/2/head
Paul Shapiro 6 years ago
parent e089dec813
commit 29439de96e
88 changed files with 4700 additions and 1235 deletions
Show Stats Download Patch File Download Diff File

224
changes when upgrading monero src.txt
Unescape View File

@ -0,0 +1,224 @@
1. vendor libsodium crypto_verify to contrib/libsodium
2. this should be compatible with "#include <sodium/crypto_verify_32.h>"
=================
diff -r src/common/base58.cpp /Users/paulshapiro/Documents/Repos/monero-core-custom/common/base58.cpp
38,39c38,39
< #include "int-util.h"
< #include "util.h"
---
> #include "common/int-util.h"
> //#include "util.h"
// ^----- this doesn't need to be done anymore
===================
util.h and util.cpp are heavily modified to include (almost only)
#include <boost/thread/thread.hpp>
and support only
void set_max_concurrency(unsigned n)
{
if (n < 1)
n = boost::thread::hardware_concurrency();
unsigned hwc = boost::thread::hardware_concurrency();
if (n > hwc)
n = hwc;
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
max_concurrency = n;
}
unsigned get_max_concurrency()
{
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
return max_concurrency;
}
====================
account.cpp:
< crypto::secret_key account_base::generate(const crypto::secret_key& recovery_key, bool recover, bool two_random)
---
> crypto::secret_key account_base::generate(const crypto::secret_key& recovery_key, bool recover, bool two_random, bool from_legacy16B_lw_seed)
153c87
< keccak((uint8_t *)&m_keys.m_spend_secret_key, sizeof(crypto::secret_key), (uint8_t *)&second, sizeof(crypto::secret_key));
---
> keccak((uint8_t *)&(from_legacy16B_lw_seed ? first : m_keys.m_spend_secret_key), sizeof(crypto::secret_key), (uint8_t *)&second, sizeof(crypto::secret_key));
====================
< crypto::secret_key generate(const crypto::secret_key& recovery_key = crypto::secret_key(), bool recover = false, bool two_random = false);
< void create_from_device(const std::string &device_name);
< void create_from_device(hw::device &hwdev);
---
> crypto::secret_key generate(const crypto::secret_key& recovery_key = crypto::secret_key(), bool recover = false, bool two_random = false, bool from_legacy16B_lw_seed = false);
> void create_from_device(const std::string &device_name) ;
102,106d89
====================
diff -r src/cryptonote_basic/cryptonote_basic_impl.cpp /Users/paulshapiro/Documents/Repos/monero-core-custom/cryptonote_basic/cryptonote_basic_impl.cpp
44c44
< #include "common/dns_utils.h"
---
> // #include "common/dns_utils.h"
================
cryptonote_basic_impl
< bool get_account_address_from_str_or_url(
< address_parse_info& info
< , network_type nettype
< , const std::string& str_or_url
< , std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm
< )
< {
< if (get_account_address_from_str(info, nettype, str_or_url))
< return true;
< bool dnssec_valid;
< std::string address_str = tools::dns_utils::get_account_address_as_str_from_url(str_or_url, dnssec_valid, dns_confirm);
< return !address_str.empty() &&
< get_account_address_from_str(info, nettype, address_str);
< }
---
> // //--------------------------------------------------------------------------------
> // bool get_account_address_from_str_or_url(
> // address_parse_info& info
> // , network_type nettype
> // , const std::string& str_or_url
> // , std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm
> // )
> // {
> // if (get_account_address_from_str(info, nettype, str_or_url))
> // return true;
> // bool dnssec_valid;
> // std::string address_str = tools::dns_utils::get_account_address_as_str_from_url(str_or_url, dnssec_valid, dns_confirm);
> // return !address_str.empty() &&
> // get_account_address_from_str(info, nettype, address_str);
> // }
=======================
diff -r src/cryptonote_core/cryptonote_tx_utils.cpp /Users/paulshapiro/Documents/Repos/monero-core-custom/cryptonote_core/cryptonote_tx_utils.cpp
40c40
< #include "cryptonote_basic/miner.h"
---
> //#include "cryptonote_basic/miner.h"
...... and comment functions like construct_miner_tx
< bool construct_miner_tx(size_t height, size_t median_weight, uint64_t already_generated_coins, size_t current_block_weight
, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, ui
nt8_t hard_fork_version) {
> // bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) {
--- and ---
> // bool generate_genesis_block(
> // block& bl
> // , std::string const & genesis_tx
> // , uint32_t nonce
> // )
> // {
=============
diff -r src/cryptonote_core/cryptonote_tx_utils.h /Users/paulshapiro/Documents/Repos/monero-core-custom/cryptonote_core/cryptonote_tx_utils.h
> // bool construct_miner_tx(size_t height, size_t median_weight, uint64_t already_generated_coins, size_t current_block_weight, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce = blobdata(), size_t max_outs = 999, uint8_t hard_fork_version = 1);
-and-
> // bool generate_genesis_block(
> // block& bl
> // , std::string const & genesis_tx
> // , uint32_t nonce
> // );
============
diff -r src/ringct/bulletproofs.cc /Users/paulshapiro/Documents/Repos/monero-core-custom/ringct/bulletproofs.cc
32,33d31
< #include <openssl/ssl.h>
< #include <openssl/bn.h>
36,37c34
< #include "common/perf_timer.h"
< #include "cryptonote_config.h"
---
> // #include "common/perf_timer.h"
* comment calls to PERF_TIMER_UNIT / PERF_TIMER_START_BP / PERF_TIMER_STOP
* replace invert with:
/* Compute the inverse of a scalar, the naive way */
static rct::key invert(const rct::key &x)
{
static const rct::key l_minus_2 = { {0xeb, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 } };
rct::key inv = rct::identity();
rct::key tmp = x;
for (int n = 0; n < 256; ++n)
{
if (l_minus_2[n>>3] & (1<<(n&7)))
sc_mul(inv.bytes, inv.bytes, tmp.bytes);
sc_mul(tmp.bytes, tmp.bytes, tmp.bytes);
}
return inv;
}
* probably can remove bulletproof_VERIFY
==============
diff -r src/ringct/rctSigs.cpp /Users/paulshapiro/Documents/Repos/monero-core-custom/ringct/rctSigs.cpp
32c32
< #include "common/perf_timer.h"
---
> // #include "common/perf_timer.h"
and comment PERF_TIMER(verRange); etc
==============
edit multiexp.cc to comment out perf timer include and MULTIEXP_PERF( …
============
epee/include/misc_log_ex.h, and logger.h/cpp are heavily customized - don't overwrite -- update them from code shared with back-end
* add `#include <sstream>` to misc_log_ex.h

139
common/aligned.c
Unescape View File

@ -0,0 +1,139 @@
// Copyright (c) 2017-2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include "aligned.h"
static inline int is_power_of_2(size_t n) { return n && (n & (n-1)) == 0; }
#define MAGIC 0xaa0817161500ff81
#define MAGIC_FREED 0xaa0817161500ff82
static void local_abort(const char *msg)
{
fprintf(stderr, "%s\n", msg);
#ifdef NDEBUG
_exit(1);
#else
abort();
#endif
}
typedef struct
{
uint64_t magic;
void *raw;
size_t bytes;
size_t align;
} control;
void *aligned_malloc(size_t bytes, size_t align)
{
void *raw, *ptr;
control *ctrl;
if (!is_power_of_2(align))
return NULL;
if (bytes > (size_t)-1 - align)
return NULL;
if (bytes + align > (size_t)-1 - sizeof(control))
return NULL;
raw = malloc(bytes + sizeof(control) + align);
if (!raw)
return NULL;
ptr = (void*)(((uintptr_t)raw + align + sizeof(control) - 1) & ~(align-1));
ctrl = ((control*)ptr) - 1;
ctrl->magic = MAGIC;
ctrl->raw = raw;
ctrl->bytes = bytes;
ctrl->align = align;
return ptr;
}
void *aligned_realloc(void *ptr, size_t bytes, size_t align)
{
void *raw, *ptr2;
control *ctrl, *ctrl2;
if (!ptr)
return aligned_malloc(bytes, align);
if (!bytes)
{
aligned_free(ptr);
return NULL;
}
if (!is_power_of_2(align))
return NULL;
ctrl = ((control*)ptr) - 1;
if (ctrl->magic == MAGIC_FREED)
local_abort("Double free detected");
if (ctrl->magic != MAGIC)
local_abort("Freeing unallocated memory");
if (ctrl->align != align)
return NULL;
if (ctrl->bytes >= bytes)
return ptr;
if (ctrl->bytes > (size_t)-1 - ctrl->align)
return NULL;
if (ctrl->bytes + ctrl->align > (size_t)-1 - sizeof(control))
return NULL;
raw = malloc(bytes + sizeof(control) + ctrl->align);
if (!raw)
return NULL;
ptr2 = (void*)(((uintptr_t)raw + ctrl->align + sizeof(control) - 1) & ~(ctrl->align-1));
memcpy(ptr2, ptr, ctrl->bytes);
ctrl2 = ((control*)ptr2) - 1;
ctrl2->magic = MAGIC;
ctrl2->raw = raw;
ctrl2->bytes = bytes;
ctrl2->align = ctrl->align;
ctrl->magic = MAGIC_FREED;
free(ctrl->raw);
return ptr2;
}
void aligned_free(void *ptr)
{
if (!ptr)
return;
control *ctrl = ((control*)ptr) - 1;
if (ctrl->magic == MAGIC_FREED)
local_abort("Double free detected");
if (ctrl->magic != MAGIC)
local_abort("Freeing unallocated memory");
ctrl->magic = MAGIC_FREED;
free(ctrl->raw);
}

41
common/aligned.h
Unescape View File

@ -0,0 +1,41 @@
// Copyright (c) 2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
void *aligned_malloc(size_t bytes, size_t align);
void *aligned_realloc(void *ptr, size_t bytes, size_t align);
void aligned_free(void *ptr);
#ifdef __cplusplus
}
#endif

39
common/threadpool.cpp
Unescape View File

@ -40,32 +40,6 @@ static __thread bool is_leaf = false;
namespace tools
{
namespace
{
boost::mutex max_concurrency_lock;
unsigned max_concurrency = boost::thread::hardware_concurrency();
}
void set_max_concurrency(unsigned n)
{
if (n < 1)
n = boost::thread::hardware_concurrency();
unsigned hwc = boost::thread::hardware_concurrency();
if (n > hwc)
n = hwc;
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
max_concurrency = n;
}
unsigned get_max_concurrency()
{
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
return max_concurrency;
}
threadpool::threadpool(unsigned int max_threads) : running(true), active(0) {
boost::thread::attributes attrs;
attrs.set_stack_size(THREAD_STACK_SIZE);
@ -77,13 +51,22 @@ threadpool::threadpool(unsigned int max_threads) : running(true), active(0) {
}
threadpool::~threadpool() {
try
{
const boost::unique_lock<boost::mutex> lock(mutex);
running = false;
has_work.notify_all();
}
catch (...)
{
// if the lock throws, we're just do it without a lock and hope,
// since the alternative is terminate
running = false;
has_work.notify_all();
}
for (size_t i = 0; i<threads.size(); i++) {
threads[i].join();
try { threads[i].join(); }
catch (...) { /* ignore */ }
}
}
@ -116,11 +99,13 @@ unsigned int threadpool::get_max_concurrency() const {
threadpool::waiter::~waiter()
{
try
{
boost::unique_lock<boost::mutex> lock(mt);
if (num)
MERROR("wait should have been called before waiter dtor - waiting now");
}
catch (...) { /* ignore */ }
try
{
wait(NULL);

68
common/util.cpp
Unescape View File

@ -0,0 +1,68 @@
// Copyright (c) 2014-2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include <cstdio>
#include "include_base_utils.h"
#include "util.h"
#include <boost/thread/thread.hpp>
namespace tools
{
namespace
{
boost::mutex max_concurrency_lock;
unsigned max_concurrency = boost::thread::hardware_concurrency();
}
void set_max_concurrency(unsigned n)
{
if (n < 1)
n = boost::thread::hardware_concurrency();
unsigned hwc = boost::thread::hardware_concurrency();
if (n > hwc)
n = hwc;
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
max_concurrency = n;
}
unsigned get_max_concurrency()
{
boost::lock_guard<boost::mutex> lock(max_concurrency_lock);
return max_concurrency;
}
}

187
common/util.h
Unescape View File

@ -40,195 +40,10 @@
#include <memory>
#include <string>
#ifdef _WIN32
#include "windows.h"
#include "misc_log_ex.h"
#endif
#include "crypto/hash.h"
/*! \brief Various Tools
*
*
*
*/
namespace tools
{
//! Functional class for closing C file handles.
struct close_file
{
void operator()(std::FILE* handle) const noexcept
{
if (handle)
{
std::fclose(handle);
}
}
};
//! A file restricted to process owner AND process. Deletes file on destruction.
class private_file {
std::unique_ptr<std::FILE, close_file> m_handle;
std::string m_filename;
private_file(std::FILE* handle, std::string&& filename) noexcept;
public:
//! `handle() == nullptr && filename.empty()`.
private_file() noexcept;
/*! \return File only readable by owner and only used by this process
OR `private_file{}` on error. */
static private_file create(std::string filename);
private_file(private_file&&) = default;
private_file& operator=(private_file&&) = default;
//! Deletes `filename()` and closes `handle()`.
~private_file() noexcept;
std::FILE* handle() const noexcept { return m_handle.get(); }
const std::string& filename() const noexcept { return m_filename; }
};
class file_locker
{
public:
file_locker(const std::string &filename);
~file_locker();
bool locked() const;
private:
#ifdef WIN32
HANDLE m_fd;
#else
int m_fd;
#endif
};
/*! \brief Returns the default data directory.
*
* \details Windows < Vista: C:\\Documents and Settings\\Username\\Application Data\\CRYPTONOTE_NAME
*
* Windows >= Vista: C:\\Users\\Username\\AppData\\Roaming\\CRYPTONOTE_NAME
*
* Mac: ~/Library/Application Support/CRYPTONOTE_NAME
*
* Unix: ~/.CRYPTONOTE_NAME
*/
std::string get_default_data_dir();
#ifdef WIN32
/**
* @brief
*
* @param nfolder
* @param iscreate
*
* @return
*/
std::string get_special_folder_path(int nfolder, bool iscreate);
#endif
/*! \brief Returns the OS version string
*
* \details This is a wrapper around the primitives
* get_windows_version_display_string() and
* get_nix_version_display_string()
*/
std::string get_os_version_string();
/*! \brief creates directories for a path
*
* wrapper around boost::filesyste::create_directories.
* (ensure-directory-exists): greenspun's tenth rule in action!
*/
bool create_directories_if_necessary(const std::string& path);
/*! \brief std::rename wrapper for nix and something strange for windows.
*/
std::error_code replace_file(const std::string& replacement_name, const std::string& replaced_name);
bool sanitize_locale();
bool on_startup();
/*! \brief Defines a signal handler for win32 and *nix
*/
class signal_handler
{
public:
/*! \brief installs a signal handler */
template<typename T>
static bool install(T t)
{
#if defined(WIN32)
bool r = TRUE == ::SetConsoleCtrlHandler(&win_handler, TRUE);
if (r)
{
m_handler = t;
}
return r;
#else
static struct sigaction sa;
memset(&sa, 0, sizeof(struct sigaction));
sa.sa_handler = posix_handler;
sa.sa_flags = 0;
/* Only blocks SIGINT, SIGTERM and SIGPIPE */
sigaction(SIGINT, &sa, NULL);
signal(SIGTERM, posix_handler);
signal(SIGPIPE, SIG_IGN);
m_handler = t;
return true;
#endif
}
private:
#if defined(WIN32)
/*! \brief Handler for win */
static BOOL WINAPI win_handler(DWORD type)
{
if (CTRL_C_EVENT == type || CTRL_BREAK_EVENT == type)
{
handle_signal(type);
}
else
{
MGINFO_RED("Got control signal " << type << ". Exiting without saving...");
return FALSE;
}
return TRUE;
}
#else
/*! \brief handler for NIX */
static void posix_handler(int type)
{
handle_signal(type);
}
#endif
/*! \brief calles m_handler */
static void handle_signal(int type)
{
static boost::mutex m_mutex;
boost::unique_lock<boost::mutex> lock(m_mutex);
m_handler(type);
}
/*! \brief where the installed handler is stored */
static std::function<void(int)> m_handler;
};
void set_strict_default_file_permissions(bool strict);
void set_max_concurrency(unsigned n);
void set_max_concurrency(unsigned n);
unsigned get_max_concurrency();
bool is_local_address(const std::string &address);
int vercmp(const char *v0, const char *v1); // returns < 0, 0, > 0, similar to strcmp, but more human friendly than lexical - does not attempt to validate
bool sha256sum(const uint8_t *data, size_t len, crypto::hash &hash);
bool sha256sum(const std::string &filename, crypto::hash &hash);
bool is_hdd(const char *path);
boost::optional<std::pair<uint32_t, uint32_t>> parse_subaddress_lookahead(const std::string& str);
}

23
contrib/libsodium/include/sodium/crypto_verify_16.h
Unescape View File

@ -0,0 +1,23 @@
#ifndef crypto_verify_16_H
#define crypto_verify_16_H
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
extern "C" {
#endif
#define crypto_verify_16_BYTES 16U
SODIUM_EXPORT
size_t crypto_verify_16_bytes(void);
SODIUM_EXPORT
int crypto_verify_16(const unsigned char *x, const unsigned char *y)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus
}
#endif
#endif

23
contrib/libsodium/include/sodium/crypto_verify_32.h
Unescape View File

@ -0,0 +1,23 @@
#ifndef crypto_verify_32_H
#define crypto_verify_32_H
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
extern "C" {
#endif
#define crypto_verify_32_BYTES 32U
SODIUM_EXPORT
size_t crypto_verify_32_bytes(void);
SODIUM_EXPORT
int crypto_verify_32(const unsigned char *x, const unsigned char *y)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus
}
#endif
#endif

23
contrib/libsodium/include/sodium/crypto_verify_64.h
Unescape View File

@ -0,0 +1,23 @@
#ifndef crypto_verify_64_H
#define crypto_verify_64_H
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
extern "C" {
#endif
#define crypto_verify_64_BYTES 64U
SODIUM_EXPORT
size_t crypto_verify_64_bytes(void);
SODIUM_EXPORT
int crypto_verify_64(const unsigned char *x, const unsigned char *y)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus
}
#endif
#endif

57
contrib/libsodium/include/sodium/export.h
Unescape View File

@ -0,0 +1,57 @@
#ifndef sodium_export_H
#define sodium_export_H
#include <stddef.h>
#include <stdint.h>
#include <limits.h>
#if !defined(__clang__) && !defined(__GNUC__)
# ifdef __attribute__
# undef __attribute__
# endif
# define __attribute__(a)
#endif
#ifdef SODIUM_STATIC
# define SODIUM_EXPORT
# define SODIUM_EXPORT_WEAK
#else
# if defined(_MSC_VER)
# ifdef SODIUM_DLL_EXPORT
# define SODIUM_EXPORT __declspec(dllexport)
# else
# define SODIUM_EXPORT __declspec(dllimport)
# endif
# else
# if defined(__SUNPRO_C)
# ifndef __GNU_C__
# define SODIUM_EXPORT __attribute__ (visibility(__global))
# else
# define SODIUM_EXPORT __attribute__ __global
# endif
# elif defined(_MSG_VER)
# define SODIUM_EXPORT extern __declspec(dllexport)
# else
# define SODIUM_EXPORT __attribute__ ((visibility ("default")))
# endif
# endif
# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
# define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
# else
# define SODIUM_EXPORT_WEAK SODIUM_EXPORT
# endif
#endif
#ifndef CRYPTO_ALIGN
# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
# define CRYPTO_ALIGN(x) __declspec(align(x))
# else
# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
# endif
#endif
#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
#endif

98
contrib/libsodium/src/crypto_verify/verify.c
Unescape View File

@ -0,0 +1,98 @@
#include <stddef.h>
#include <stdint.h>
#include "crypto_verify_16.h"
#include "crypto_verify_32.h"
#include "crypto_verify_64.h"
size_t
crypto_verify_16_bytes(void)
{
return crypto_verify_16_BYTES;
}
size_t
crypto_verify_32_bytes(void)
{
return crypto_verify_32_BYTES;
}
size_t
crypto_verify_64_bytes(void)
{
return crypto_verify_64_BYTES;
}
#if defined(HAVE_EMMINTRIN_H) && defined(__SSE2__)
# ifdef __GNUC__
# pragma GCC target("sse2")
# endif
# include <emmintrin.h>
static inline int
crypto_verify_n(const unsigned char *x_, const unsigned char *y_,
const int n)
{
const __m128i zero = _mm_setzero_si128();
volatile __m128i v1, v2, z;
volatile int m;
int i;
const volatile __m128i *volatile x =
(const volatile __m128i *volatile) (const void *) x_;
const volatile __m128i *volatile y =
(const volatile __m128i *volatile) (const void *) y_;
v1 = _mm_loadu_si128((const __m128i *) &x[0]);
v2 = _mm_loadu_si128((const __m128i *) &y[0]);
z = _mm_xor_si128(v1, v2);
for (i = 1; i < n / 16; i++) {
v1 = _mm_loadu_si128((const __m128i *) &x[i]);
v2 = _mm_loadu_si128((const __m128i *) &y[i]);
z = _mm_or_si128(z, _mm_xor_si128(v1, v2));
}
m = _mm_movemask_epi8(_mm_cmpeq_epi32(z, zero));
v1 = zero; v2 = zero; z = zero;
return (int) (((uint32_t) m + 1U) >> 16) - 1;
}
#else
static inline int
crypto_verify_n(const unsigned char *x_, const unsigned char *y_,
const int n)
{
const volatile unsigned char *volatile x =
(const volatile unsigned char *volatile) x_;
const volatile unsigned char *volatile y =
(const volatile unsigned char *volatile) y_;
volatile uint_fast16_t d = 0U;
int i;
for (i = 0; i < n; i++) {
d |= x[i] ^ y[i];
}
return (1 & ((d - 1) >> 8)) - 1;
}
#endif
int
crypto_verify_16(const unsigned char *x, const unsigned char *y)
{
return crypto_verify_n(x, y, crypto_verify_16_BYTES);
}
int
crypto_verify_32(const unsigned char *x, const unsigned char *y)
{
return crypto_verify_n(x, y, crypto_verify_32_BYTES);
}
int
crypto_verify_64(const unsigned char *x, const unsigned char *y)
{
return crypto_verify_n(x, y, crypto_verify_64_BYTES);
}

23
crypto/chacha.h
Unescape View File

@ -40,6 +40,7 @@
#include <memory.h>
#include "memwipe.h"
#include "mlocker.h"
#include "hash.h"
namespace crypto {
@ -50,7 +51,7 @@ namespace crypto {
#if defined(__cplusplus)
}
using chacha_key = tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>;
using chacha_key = epee::mlocked<tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>>;
#pragma pack(push, 1)
// MS VC 2012 doesn't interpret `class chacha_iv` as POD in spite of [9.0.10], so it is a struct
@ -69,22 +70,26 @@ namespace crypto {
chacha20(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
}
inline void generate_chacha_key(const void *data, size_t size, chacha_key& key) {
inline void generate_chacha_key(const void *data, size_t size, chacha_key& key, uint64_t kdf_rounds) {
static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
epee::mlocked<tools::scrubbed_arr<char, HASH_SIZE>> pwd_hash;
crypto::cn_slow_hash(data, size, pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
memcpy(&unwrap(key), pwd_hash.data(), sizeof(key));
for (uint64_t n = 1; n < kdf_rounds; ++n)
crypto::cn_slow_hash(pwd_hash.data(), pwd_hash.size(), pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
memcpy(&unwrap(unwrap(key)), pwd_hash.data(), sizeof(key));
}
inline void generate_chacha_key_prehashed(const void *data, size_t size, chacha_key& key) {
inline void generate_chacha_key_prehashed(const void *data, size_t size, chacha_key& key, uint64_t kdf_rounds) {
static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
epee::mlocked<tools::scrubbed_arr<char, HASH_SIZE>> pwd_hash;
crypto::cn_slow_hash(data, size, pwd_hash.data(), 0/*variant*/, 1/*prehashed*/);
memcpy(&unwrap(key), pwd_hash.data(), sizeof(key));
for (uint64_t n = 1; n < kdf_rounds; ++n)
crypto::cn_slow_hash(pwd_hash.data(), pwd_hash.size(), pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
memcpy(&unwrap(unwrap(key)), pwd_hash.data(), sizeof(key));
}
inline void generate_chacha_key(std::string password, chacha_key& key) {
return generate_chacha_key(password.data(), password.size(), key);
inline void generate_chacha_key(std::string password, chacha_key& key, uint64_t kdf_rounds) {
return generate_chacha_key(password.data(), password.size(), key, kdf_rounds);
}
}

6
crypto/crypto-ops-data.c
Unescape View File

@ -871,3 +871,9 @@ const fe fe_fffb2 = {8166131, -6741800, -17040804, 3154616, 21461005, 1466302, -
const fe fe_fffb3 = {-13620103, 14639558, 4532995, 7679154, 16815101, -15883539, -22863840, -14813421, 13716513, -6477756}; /* sqrt(-sqrt(-1) * A * (A + 2)) */
const fe fe_fffb4 = {-21786234, -12173074, 21573800, 4524538, -4645904, 16204591, 8012863, -8444712, 3212926, 6885324}; /* sqrt(sqrt(-1) * A * (A + 2)) */
const ge_p3 ge_p3_identity = { {0}, {1, 0}, {1, 0}, {0} };
const ge_p3 ge_p3_H = {
{7329926, -15101362, 31411471, 7614783, 27996851, -3197071, -11157635, -6878293, 466949, -7986503},
{5858699, 5096796, 21321203, -7536921, -5553480, -11439507, -5627669, 15045946, 19977121, 5275251},
{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{23443568, -5110398, -8776029, -4345135, 6889568, -14710814, 7474843, 3279062, 14550766, -7453428}
};

16
crypto/crypto-ops.c
Unescape View File

@ -3707,9 +3707,8 @@ void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b,
s[31] = s11 >> 17;
}
/* Assumes that a != INT64_MIN */
static int64_t signum(int64_t a) {
return (a >> 63) - ((-a) >> 63);
return a > 0 ? 1 : a < 0 ? -1 : 0;
}
int sc_check(const unsigned char *s) {
@ -3730,3 +3729,16 @@ int sc_isnonzero(const unsigned char *s) {
s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
}
int ge_p3_is_point_at_infinity(const ge_p3 *p) {
// X = 0 and Y == Z
int n;
for (n = 0; n < 10; ++n)
{
if (p->X[n] | p->T[n])
return 0;
if (p->Y[n] != p->Z[n])
return 0;
}
return 1;
}

3
crypto/crypto-ops.h
Unescape View File

@ -140,6 +140,7 @@ extern const fe fe_fffb2;
extern const fe fe_fffb3;
extern const fe fe_fffb4;
extern const ge_p3 ge_p3_identity;
extern const ge_p3 ge_p3_H;
void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
void sc_0(unsigned char *);
void sc_reduce32(unsigned char *);
@ -158,3 +159,5 @@ void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
void fe_add(fe h, const fe f, const fe g);
void fe_tobytes(unsigned char *, const fe);
void fe_invert(fe out, const fe z);
int ge_p3_is_point_at_infinity(const ge_p3 *p);

43
crypto/crypto.cpp
Unescape View File

@ -70,6 +70,9 @@ namespace crypto {
#include "random.h"
}
const crypto::public_key null_pkey = crypto::public_key{};
const crypto::secret_key null_skey = crypto::secret_key{};
static inline unsigned char *operator &(ec_point &point) {
return &reinterpret_cast<unsigned char &>(point);
}
@ -93,12 +96,32 @@ namespace crypto {
generate_random_bytes_not_thread_safe(N, bytes);
}
static inline bool less32(const unsigned char *k0, const unsigned char *k1)
{
for (int n = 31; n >= 0; --n)
{
if (k0[n] < k1[n])
return true;
if (k0[n] > k1[n])
return false;
}
return false;
}
void random32_unbiased(unsigned char *bytes)
{
// l = 2^252 + 27742317777372353535851937790883648493.
// it fits 15 in 32 bytes
static const unsigned char limit[32] = { 0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0 };
do
{
generate_random_bytes_thread_safe(32, bytes);
} while (!sc_isnonzero(bytes) && !less32(bytes, limit)); // should be good about 15/16 of the time
sc_reduce32(bytes);
}
/* generate a random 32-byte (256-bit) integer and copy it to res */
static inline void random_scalar(ec_scalar &res) {
unsigned char tmp[64];
generate_random_bytes_thread_safe(64, tmp);
sc_reduce(tmp);
memcpy(&res, tmp, 32);
random32_unbiased((unsigned char*)res.data);
}
void hash_to_scalar(const void *data, size_t length, ec_scalar &res) {
@ -251,11 +274,18 @@ namespace crypto {
#endif
buf.h = prefix_hash;
buf.key = pub;
try_again:
random_scalar(k);
if (((const uint32_t*)(&k))[7] == 0) // we don't want tiny numbers here
goto try_again;
ge_scalarmult_base(&tmp3, &k);
ge_p3_tobytes(&buf.comm, &tmp3);
hash_to_scalar(&buf, sizeof(s_comm), sig.c);
if (!sc_isnonzero((const unsigned char*)sig.c.data))
goto try_again;
sc_mulsub(&sig.r, &sig.c, &unwrap(sec), &k);
if (!sc_isnonzero((const unsigned char*)sig.r.data))
goto try_again;
}
bool crypto_ops::check_signature(const hash &prefix_hash, const public_key &pub, const signature &sig) {
@ -269,11 +299,14 @@ namespace crypto {
if (ge_frombytes_vartime(&tmp3, &pub) != 0) {
return false;
}
if (sc_check(&sig.c) != 0 || sc_check(&sig.r) != 0) {
if (sc_check(&sig.c) != 0 || sc_check(&sig.r) != 0 || !sc_isnonzero(&sig.c)) {
return false;
}
ge_double_scalarmult_base_vartime(&tmp2, &sig.c, &tmp3, &sig.r);
ge_tobytes(&buf.comm, &tmp2);
static const ec_point infinity = {{ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}};
if (memcmp(&buf.comm, &infinity, 32) == 0)
return false;
hash_to_scalar(&buf, sizeof(s_comm), c);
sc_sub(&c, &c, &sig.c);
return sc_isnonzero(&c) == 0;

11
crypto/crypto.h
Unescape View File

@ -34,7 +34,6 @@
#include <iostream>
#include <boost/thread/mutex.hpp>
#include <boost/thread/lock_guard.hpp>
#include <boost/utility/value_init.hpp>
#include <boost/optional.hpp>
#include <type_traits>
#include <vector>
@ -42,6 +41,7 @@
#include "common/pod-class.h"
#include "common/util.h"
#include "memwipe.h"
#include "mlocker.h"
#include "generic-ops.h"
#include "hex.h"
#include "span.h"
@ -66,7 +66,7 @@ namespace crypto {
friend class crypto_ops;
};
using secret_key = tools::scrubbed<ec_scalar>;
using secret_key = epee::mlocked<tools::scrubbed<ec_scalar>>;
POD_CLASS public_keyV {
std::vector<public_key> keys;
@ -99,6 +99,7 @@ namespace crypto {
#pragma pack(pop)
void hash_to_scalar(const void *data, size_t length, ec_scalar &res);
void random32_unbiased(unsigned char *bytes);
static_assert(sizeof(ec_point) == 32 && sizeof(ec_scalar) == 32 &&
sizeof(public_key) == 32 && sizeof(secret_key) == 32 &&
@ -277,11 +278,11 @@ namespace crypto {
epee::to_hex::formatted(o, epee::as_byte_span(v)); return o;
}
const static crypto::public_key null_pkey = boost::value_initialized<crypto::public_key>();
const static crypto::secret_key null_skey = boost::value_initialized<crypto::secret_key>();
const extern crypto::public_key null_pkey;
const extern crypto::secret_key null_skey;
}
CRYPTO_MAKE_HASHABLE(public_key)
CRYPTO_MAKE_HASHABLE(secret_key)
CRYPTO_MAKE_HASHABLE_CONSTANT_TIME(secret_key)
CRYPTO_MAKE_HASHABLE(key_image)
CRYPTO_MAKE_COMPARABLE(signature)

28
crypto/generic-ops.h
Unescape View File

@ -33,19 +33,30 @@
#include <cstddef>
#include <cstring>
#include <functional>
#include <sodium/crypto_verify_32.h>
#define CRYPTO_MAKE_COMPARABLE(type) \
namespace crypto { \
inline bool operator==(const type &_v1, const type &_v2) { \
return std::memcmp(&_v1, &_v2, sizeof(type)) == 0; \
return !memcmp(&_v1, &_v2, sizeof(_v1)); \
} \
inline bool operator!=(const type &_v1, const type &_v2) { \
return std::memcmp(&_v1, &_v2, sizeof(type)) != 0; \
return !operator==(_v1, _v2); \
} \
}
#define CRYPTO_MAKE_HASHABLE(type) \
CRYPTO_MAKE_COMPARABLE(type) \
#define CRYPTO_MAKE_COMPARABLE_CONSTANT_TIME(type) \
namespace crypto { \
inline bool operator==(const type &_v1, const type &_v2) { \
static_assert(sizeof(_v1) == 32, "constant time comparison is only implenmted for 32 bytes"); \
return crypto_verify_32((const unsigned char*)&_v1, (const unsigned char*)&_v2) == 0; \
} \
inline bool operator!=(const type &_v1, const type &_v2) { \
return !operator==(_v1, _v2); \
} \
}
#define CRYPTO_DEFINE_HASH_FUNCTIONS(type) \
namespace crypto { \
static_assert(sizeof(std::size_t) <= sizeof(type), "Size of " #type " must be at least that of size_t"); \
inline std::size_t hash_value(const type &_v) { \
@ -60,3 +71,12 @@ namespace std { \
} \
}; \
}
#define CRYPTO_MAKE_HASHABLE(type) \
CRYPTO_MAKE_COMPARABLE(type) \
CRYPTO_DEFINE_HASH_FUNCTIONS(type)
#define CRYPTO_MAKE_HASHABLE_CONSTANT_TIME(type) \
CRYPTO_MAKE_COMPARABLE_CONSTANT_TIME(type) \
CRYPTO_DEFINE_HASH_FUNCTIONS(type)

85
crypto/keccak.c
Unescape View File

@ -5,6 +5,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "common/int-util.h"
#include "hash-ops.h"
#include "keccak.h"
@ -105,7 +106,7 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
for ( ; inlen >= rsiz; inlen -= rsiz, in += rsiz) {
for (i = 0; i < rsizw; i++)
st[i] ^= ((uint64_t *) in)[i];
st[i] ^= swap64le(((uint64_t *) in)[i]);
keccakf(st, KECCAK_ROUNDS);
}
@ -121,14 +122,92 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
temp[rsiz - 1] |= 0x80;
for (i = 0; i < rsizw; i++)
st[i] ^= ((uint64_t *) temp)[i];
st[i] ^= swap64le(((uint64_t *) temp)[i]);
keccakf(st, KECCAK_ROUNDS);
memcpy(md, st, mdlen);
if (((size_t)mdlen % sizeof(uint64_t)) != 0)
{
local_abort("Bad keccak use");
}
memcpy_swap64le(md, st, mdlen/sizeof(uint64_t));
}
void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md)
{
keccak(in, inlen, md, sizeof(state_t));
}
#define KECCAK_FINALIZED 0x80000000
#define KECCAK_BLOCKLEN 136
#define KECCAK_WORDS 17
#define KECCAK_DIGESTSIZE 32
#define IS_ALIGNED_64(p) (0 == (7 & ((const char*)(p) - (const char*)0)))
#define KECCAK_PROCESS_BLOCK(st, block) { \
for (int i_ = 0; i_ < KECCAK_WORDS; i_++){ \
((st))[i_] ^= ((block))[i_]; \
}; \
keccakf(st, KECCAK_ROUNDS); }
void keccak_init(KECCAK_CTX * ctx){
memset(ctx, 0, sizeof(KECCAK_CTX));
}
void keccak_update(KECCAK_CTX * ctx, const uint8_t *in, size_t inlen){
if (ctx->rest & KECCAK_FINALIZED) {
local_abort("Bad keccak use");
}
const size_t idx = ctx->rest;
ctx->rest = (ctx->rest + inlen) % KECCAK_BLOCKLEN;
// fill partial block
if (idx) {
size_t left = KECCAK_BLOCKLEN - idx;
memcpy((char*)ctx->message + idx, in, (inlen < left ? inlen : left));
if (inlen < left) return;
KECCAK_PROCESS_BLOCK(ctx->hash, ctx->message);
in += left;
inlen -= left;
}
const bool is_aligned = IS_ALIGNED_64(in);
while (inlen >= KECCAK_BLOCKLEN) {
const uint64_t* aligned_message_block;
if (is_aligned) {
aligned_message_block = (uint64_t*)in;
} else {
memcpy(ctx->message, in, KECCAK_BLOCKLEN);
aligned_message_block = ctx->message;
}
KECCAK_PROCESS_BLOCK(ctx->hash, aligned_message_block);
in += KECCAK_BLOCKLEN;
inlen -= KECCAK_BLOCKLEN;
}
if (inlen) {
memcpy(ctx->message, in, inlen);
}
}
void keccak_finish(KECCAK_CTX * ctx, uint8_t *md){
if (!(ctx->rest & KECCAK_FINALIZED))
{
// clear the rest of the data queue
memset((char*)ctx->message + ctx->rest, 0, KECCAK_BLOCKLEN - ctx->rest);
((char*)ctx->message)[ctx->rest] |= 0x01;
((char*)ctx->message)[KECCAK_BLOCKLEN - 1] |= 0x80;
// process final block
KECCAK_PROCESS_BLOCK(ctx->hash, ctx->message);
ctx->rest = KECCAK_FINALIZED; // mark context as finalized
}
static_assert(KECCAK_BLOCKLEN > KECCAK_DIGESTSIZE, "");
if (md) {
memcpy(md, ctx->hash, KECCAK_DIGESTSIZE);
}
}

14
crypto/keccak.h
Unescape View File

@ -15,6 +15,17 @@
#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
#endif
// SHA3 Algorithm context.
typedef struct KECCAK_CTX
{
// 1600 bits algorithm hashing state
uint64_t hash[25];
// 1088-bit buffer for leftovers, block size = 136 B for 256-bit keccak
uint64_t message[17];
// count of bytes in the message[] buffer
size_t rest;
} KECCAK_CTX;
// compute a keccak hash (md) of given byte length from "in"
void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen);
@ -23,4 +34,7 @@ void keccakf(uint64_t st[25], int norounds);
void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md);
void keccak_init(KECCAK_CTX * ctx);
void keccak_update(KECCAK_CTX * ctx, const uint8_t *in, size_t inlen);
void keccak_finish(KECCAK_CTX * ctx, uint8_t *md);
#endif

13
crypto/oaes_lib.c
Unescape View File

@ -33,14 +33,15 @@
#include <stdlib.h>
#include <stdio.h>
// OS X, FreeBSD, and OpenBSD don't need malloc.h
// OS X, FreeBSD, OpenBSD and NetBSD don't need malloc.h
#if !defined(__APPLE__) && !defined(__FreeBSD__) && !defined(__OpenBSD__) \
&& !defined(__DragonFly__)
&& !defined(__DragonFly__) && !defined(__NetBSD__)
#include <malloc.h>
#endif
// ANDROID, FreeBSD, and OpenBSD also don't need timeb.h
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
// ANDROID, FreeBSD, OpenBSD and NetBSD also don't need timeb.h
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__) \
&& !defined(__NetBSD__)
#include <sys/timeb.h>
#else
#include <sys/time.h>
@ -473,7 +474,7 @@ OAES_RET oaes_sprintf(
#ifdef OAES_HAVE_ISAAC
static void oaes_get_seed( char buf[RANDSIZ + 1] )
{
#if !defined(__FreeBSD__) && !defined(__OpenBSD__)
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__)
struct timeb timer;
struct tm *gmTimer;
char * _test = NULL;
@ -505,7 +506,7 @@ static void oaes_get_seed( char buf[RANDSIZ + 1] )
#else
static uint32_t oaes_get_seed(void)
{
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__) && !defined(__NetBSD__)
struct timeb timer;
struct tm *gmTimer;
char * _test = NULL;

317
crypto/slow-hash.c
Unescape View File

@ -38,6 +38,7 @@
#include "common/int-util.h"
#include "hash-ops.h"
#include "oaes_lib.h"
#include "variant2_int_sqrt.h"
#define MEMORY (1 << 21) // 2MB scratchpad
#define ITER (1 << 20)
@ -50,7 +51,7 @@ extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expa
extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
#define VARIANT1_1(p) \
do if (variant > 0) \
do if (variant == 1) \
{ \
const uint8_t tmp = ((const uint8_t*)(p))[11]; \
static const uint32_t table = 0x75310; \
@ -59,7 +60,7 @@ extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *exp
} while(0)
#define VARIANT1_2(p) \
do if (variant > 0) \
do if (variant == 1) \
{ \
xor64(p, tweak1_2); \
} while(0)
@ -67,7 +68,7 @@ extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *exp
#define VARIANT1_CHECK() \
do if (length < 43) \
{ \
fprintf(stderr, "Cryptonight variants need at least 43 bytes of data"); \
fprintf(stderr, "Cryptonight variant 1 needs at least 43 bytes of data"); \
_exit(1); \
} while(0)
@ -75,7 +76,7 @@ extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *exp
#define VARIANT1_PORTABLE_INIT() \
uint8_t tweak1_2[8]; \
do if (variant > 0) \
do if (variant == 1) \
{ \
VARIANT1_CHECK(); \
memcpy(&tweak1_2, &state.hs.b[192], sizeof(tweak1_2)); \
@ -83,11 +84,135 @@ extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *exp
} while(0)
#define VARIANT1_INIT64() \
if (variant > 0) \
if (variant == 1) \
{ \
VARIANT1_CHECK(); \
} \
const uint64_t tweak1_2 = variant > 0 ? (state.hs.w[24] ^ (*((const uint64_t*)NONCE_POINTER))) : 0
const uint64_t tweak1_2 = (variant == 1) ? (state.hs.w[24] ^ (*((const uint64_t*)NONCE_POINTER))) : 0
#define VARIANT2_INIT64() \
uint64_t division_result = 0; \
uint64_t sqrt_result = 0; \
do if (variant >= 2) \
{ \
U64(b)[2] = state.hs.w[8] ^ state.hs.w[10]; \
U64(b)[3] = state.hs.w[9] ^ state.hs.w[11]; \
division_result = state.hs.w[12]; \
sqrt_result = state.hs.w[13]; \
} while (0)
#define VARIANT2_PORTABLE_INIT() \
uint64_t division_result = 0; \
uint64_t sqrt_result = 0; \
do if (variant >= 2) \
{ \
memcpy(b + AES_BLOCK_SIZE, state.hs.b + 64, AES_BLOCK_SIZE); \
xor64(b + AES_BLOCK_SIZE, state.hs.b + 80); \
xor64(b + AES_BLOCK_SIZE + 8, state.hs.b + 88); \
division_result = state.hs.w[12]; \
sqrt_result = state.hs.w[13]; \
} while (0)
#define VARIANT2_SHUFFLE_ADD_SSE2(base_ptr, offset) \
do if (variant >= 2) \
{ \
const __m128i chunk1 = _mm_load_si128((__m128i *)((base_ptr) + ((offset) ^ 0x10))); \
const __m128i chunk2 = _mm_load_si128((__m128i *)((base_ptr) + ((offset) ^ 0x20))); \
const __m128i chunk3 = _mm_load_si128((__m128i *)((base_ptr) + ((offset) ^ 0x30))); \
_mm_store_si128((__m128i *)((base_ptr) + ((offset) ^ 0x10)), _mm_add_epi64(chunk3, _b1)); \
_mm_store_si128((__m128i *)((base_ptr) + ((offset) ^ 0x20)), _mm_add_epi64(chunk1, _b)); \
_mm_store_si128((__m128i *)((base_ptr) + ((offset) ^ 0x30)), _mm_add_epi64(chunk2, _a)); \
} while (0)
#define VARIANT2_SHUFFLE_ADD_NEON(base_ptr, offset) \
do if (variant >= 2) \
{ \
const uint64x2_t chunk1 = vld1q_u64(U64((base_ptr) + ((offset) ^ 0x10))); \
const uint64x2_t chunk2 = vld1q_u64(U64((base_ptr) + ((offset) ^ 0x20))); \
const uint64x2_t chunk3 = vld1q_u64(U64((base_ptr) + ((offset) ^ 0x30))); \
vst1q_u64(U64((base_ptr) + ((offset) ^ 0x10)), vaddq_u64(chunk3, vreinterpretq_u64_u8(_b1))); \
vst1q_u64(U64((base_ptr) + ((offset) ^ 0x20)), vaddq_u64(chunk1, vreinterpretq_u64_u8(_b))); \
vst1q_u64(U64((base_ptr) + ((offset) ^ 0x30)), vaddq_u64(chunk2, vreinterpretq_u64_u8(_a))); \
} while (0)
#define VARIANT2_PORTABLE_SHUFFLE_ADD(base_ptr, offset) \
do if (variant >= 2) \
{ \
uint64_t* chunk1 = U64((base_ptr) + ((offset) ^ 0x10)); \
uint64_t* chunk2 = U64((base_ptr) + ((offset) ^ 0x20)); \
uint64_t* chunk3 = U64((base_ptr) + ((offset) ^ 0x30)); \
\
const uint64_t chunk1_old[2] = { chunk1[0], chunk1[1] }; \
\
uint64_t b1[2]; \
memcpy(b1, b + 16, 16); \
chunk1[0] = chunk3[0] + b1[0]; \
chunk1[1] = chunk3[1] + b1[1]; \
\
uint64_t a0[2]; \
memcpy(a0, a, 16); \
chunk3[0] = chunk2[0] + a0[0]; \
chunk3[1] = chunk2[1] + a0[1]; \
\
uint64_t b0[2]; \
memcpy(b0, b, 16); \
chunk2[0] = chunk1_old[0] + b0[0]; \
chunk2[1] = chunk1_old[1] + b0[1]; \
} while (0)
#define VARIANT2_INTEGER_MATH_DIVISION_STEP(b, ptr) \
((uint64_t*)(b))[0] ^= division_result ^ (sqrt_result << 32); \
{ \
const uint64_t dividend = ((uint64_t*)(ptr))[1]; \
const uint32_t divisor = (((uint64_t*)(ptr))[0] + (uint32_t)(sqrt_result << 1)) | 0x80000001UL; \
division_result = ((uint32_t)(dividend / divisor)) + \
(((uint64_t)(dividend % divisor)) << 32); \
} \
const uint64_t sqrt_input = ((uint64_t*)(ptr))[0] + division_result
#define VARIANT2_INTEGER_MATH_SSE2(b, ptr) \
do if (variant >= 2) \
{ \
VARIANT2_INTEGER_MATH_DIVISION_STEP(b, ptr); \
VARIANT2_INTEGER_MATH_SQRT_STEP_SSE2(); \
VARIANT2_INTEGER_MATH_SQRT_FIXUP(sqrt_result); \
} while(0)
#if defined DBL_MANT_DIG && (DBL_MANT_DIG >= 50)
// double precision floating point type has enough bits of precision on current platform
#define VARIANT2_PORTABLE_INTEGER_MATH(b, ptr) \
do if (variant >= 2) \
{ \
VARIANT2_INTEGER_MATH_DIVISION_STEP(b, ptr); \
VARIANT2_INTEGER_MATH_SQRT_STEP_FP64(); \
VARIANT2_INTEGER_MATH_SQRT_FIXUP(sqrt_result); \
} while (0)
#else
// double precision floating point type is not good enough on current platform
// fall back to the reference code (integer only)
#define VARIANT2_PORTABLE_INTEGER_MATH(b, ptr) \
do if (variant >= 2) \
{ \
VARIANT2_INTEGER_MATH_DIVISION_STEP(b, ptr); \
VARIANT2_INTEGER_MATH_SQRT_STEP_REF(); \
} while (0)
#endif
#define VARIANT2_2_PORTABLE() \
if (variant >= 2) { \
xor_blocks(long_state + (j ^ 0x10), d); \
xor_blocks(d, long_state + (j ^ 0x20)); \
}
#define VARIANT2_2() \
do if (variant >= 2) \
{ \
*U64(hp_state + (j ^ 0x10)) ^= hi; \
*(U64(hp_state + (j ^ 0x10)) + 1) ^= lo; \
hi ^= *U64(hp_state + (j ^ 0x20)); \
lo ^= *(U64(hp_state + (j ^ 0x20)) + 1); \
} while (0)
#if !defined NO_AES && (defined(__x86_64__) || (defined(_MSC_VER) && defined(_WIN64)))
// Optimised code below, uses x86-specific intrinsics, SSE2, AES-NI
@ -164,19 +289,23 @@ extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *exp
* This code is based upon an optimized implementation by dga.
*/
#define post_aes() \
VARIANT2_SHUFFLE_ADD_SSE2(hp_state, j); \
_mm_store_si128(R128(c), _c); \
_b = _mm_xor_si128(_b, _c); \
_mm_store_si128(R128(&hp_state[j]), _b); \
_mm_store_si128(R128(&hp_state[j]), _mm_xor_si128(_b, _c)); \
VARIANT1_1(&hp_state[j]); \
j = state_index(c); \
p = U64(&hp_state[j]); \
b[0] = p[0]; b[1] = p[1]; \
VARIANT2_INTEGER_MATH_SSE2(b, c); \
__mul(); \
VARIANT2_2(); \
VARIANT2_SHUFFLE_ADD_SSE2(hp_state, j); \
a[0] += hi; a[1] += lo; \
p = U64(&hp_state[j]); \
p[0] = a[0]; p[1] = a[1]; \
a[0] ^= b[0]; a[1] ^= b[1]; \
VARIANT1_2(p + 1); \
_b1 = _b; \
_b = _c; \
#if defined(_MSC_VER)
@ -492,7 +621,7 @@ void slow_hash_allocate_state(void)
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
#else
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
defined(__DragonFly__) || defined(__NetBSD__)
hp_state = mmap(0, MEMORY, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANON, 0, 0);
#else
@ -570,10 +699,10 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
uint8_t text[INIT_SIZE_BYTE];
RDATA_ALIGN16 uint64_t a[2];
RDATA_ALIGN16 uint64_t b[2];
RDATA_ALIGN16 uint64_t b[4];
RDATA_ALIGN16 uint64_t c[2];
union cn_slow_hash_state state;
__m128i _a, _b, _c;
__m128i _a, _b, _b1, _c;
uint64_t hi, lo;
size_t i, j;
@ -599,6 +728,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
memcpy(text, state.init, INIT_SIZE_BYTE);
VARIANT1_INIT64();
VARIANT2_INIT64();
/* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
* the 2MB large random access buffer.
@ -637,6 +767,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
*/
_b = _mm_load_si128(R128(b));
_b1 = _mm_load_si128(R128(b) + 1);
// Two independent versions, one with AES, one without, to ensure that
// the useAes test is only performed once, not every iteration.
if(useAes)
@ -761,19 +892,23 @@ union cn_slow_hash_state
_a = vld1q_u8((const uint8_t *)a); \
#define post_aes() \
VARIANT2_SHUFFLE_ADD_NEON(hp_state, j); \
vst1q_u8((uint8_t *)c, _c); \
_b = veorq_u8(_b, _c); \
vst1q_u8(&hp_state[j], _b); \
vst1q_u8(&hp_state[j], veorq_u8(_b, _c)); \
VARIANT1_1(&hp_state[j]); \
j = state_index(c); \
p = U64(&hp_state[j]); \
b[0] = p[0]; b[1] = p[1]; \
VARIANT2_PORTABLE_INTEGER_MATH(b, c); \
__mul(); \
VARIANT2_2(); \
VARIANT2_SHUFFLE_ADD_NEON(hp_state, j); \
a[0] += hi; a[1] += lo; \
p = U64(&hp_state[j]); \
p[0] = a[0]; p[1] = a[1]; \
a[0] ^= b[0]; a[1] ^= b[1]; \
VARIANT1_2(p + 1); \
_b1 = _b; \
_b = _c; \
@ -905,17 +1040,44 @@ STATIC INLINE void aes_pseudo_round_xor(const uint8_t *in, uint8_t *out, const u
}
}
#ifdef FORCE_USE_HEAP
STATIC INLINE void* aligned_malloc(size_t size, size_t align)
{
void *result;
#ifdef _MSC_VER
result = _aligned_malloc(size, align);
#else
if (posix_memalign(&result, align, size)) result = NULL;
#endif
return result;
}
STATIC INLINE void aligned_free(void *ptr)
{
#ifdef _MSC_VER
_aligned_free(ptr);
#else
free(ptr);
#endif
}
#endif /* FORCE_USE_HEAP */
void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int prehashed)
{
RDATA_ALIGN16 uint8_t expandedKey[240];
#ifndef FORCE_USE_HEAP
RDATA_ALIGN16 uint8_t hp_state[MEMORY];
#else
uint8_t *hp_state = (uint8_t *)aligned_malloc(MEMORY,16);
#endif
uint8_t text[INIT_SIZE_BYTE];
RDATA_ALIGN16 uint64_t a[2];
RDATA_ALIGN16 uint64_t b[2];
RDATA_ALIGN16 uint64_t b[4];
RDATA_ALIGN16 uint64_t c[2];
union cn_slow_hash_state state;
uint8x16_t _a, _b, _c, zero = {0};
uint8x16_t _a, _b, _b1, _c, zero = {0};
uint64_t hi, lo;
size_t i, j;
@ -936,6 +1098,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
memcpy(text, state.init, INIT_SIZE_BYTE);
VARIANT1_INIT64();
VARIANT2_INIT64();
/* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
* the 2MB large random access buffer.
@ -959,7 +1122,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
*/
_b = vld1q_u8((const uint8_t *)b);
_b1 = vld1q_u8(((const uint8_t *)b) + AES_BLOCK_SIZE);
for(i = 0; i < ITER / 2; i++)
{
@ -993,6 +1156,10 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
memcpy(state.init, text, INIT_SIZE_BYTE);
hash_permutation(&state.hs);
extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
#ifdef FORCE_USE_HEAP
aligned_free(hp_state);
#endif
}
#else /* aarch64 && crypto */
@ -1075,6 +1242,11 @@ __asm__ __volatile__(
#endif /* !aarch64 */
#endif // NO_OPTIMIZED_MULTIPLY_ON_ARM
STATIC INLINE void copy_block(uint8_t* dst, const uint8_t* src)
{
memcpy(dst, src, AES_BLOCK_SIZE);
}
STATIC INLINE void sum_half_blocks(uint8_t* a, const uint8_t* b)
{
uint64_t a0, a1, b0, b1;
@ -1109,7 +1281,9 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
{
uint8_t text[INIT_SIZE_BYTE];
uint8_t a[AES_BLOCK_SIZE];
uint8_t b[AES_BLOCK_SIZE];
uint8_t b[AES_BLOCK_SIZE * 2];
uint8_t c[AES_BLOCK_SIZE];
uint8_t c1[AES_BLOCK_SIZE];
uint8_t d[AES_BLOCK_SIZE];
uint8_t aes_key[AES_KEY_SIZE];
RDATA_ALIGN16 uint8_t expandedKey[256];
@ -1127,8 +1301,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
#ifndef FORCE_USE_HEAP
uint8_t long_state[MEMORY];
#else
uint8_t *long_state = NULL;
long_state = (uint8_t *)malloc(MEMORY);
uint8_t *long_state = (uint8_t *)malloc(MEMORY);
#endif
if (prehashed) {
@ -1138,11 +1311,12 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
}
memcpy(text, state.init, INIT_SIZE_BYTE);
VARIANT1_INIT64();
aes_ctx = (oaes_ctx *) oaes_alloc();
oaes_key_import_data(aes_ctx, state.hs.b, AES_KEY_SIZE);
VARIANT1_INIT64();
VARIANT2_INIT64();
// use aligned data
memcpy(expandedKey, aes_ctx->key->exp_data, aes_ctx->key->exp_data_len);
for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
@ -1163,23 +1337,34 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
#define state_index(x) ((*(uint32_t *) x) & MASK)
// Iteration 1
p = &long_state[state_index(a)];
j = state_index(a);
p = &long_state[j];
aesb_single_round(p, p, a);
copy_block(c1, p);
xor_blocks(b, p);
swap_blocks(b, p);
swap_blocks(a, b);
VARIANT2_PORTABLE_SHUFFLE_ADD(long_state, j);
xor_blocks(p, b);
VARIANT1_1(p);
// Iteration 2
p = &long_state[state_index(a)];
mul(a, p, d);
sum_half_blocks(b, d);
swap_blocks(b, p);
xor_blocks(b, p);
swap_blocks(a, b);
VARIANT1_2(U64(p) + 1);
j = state_index(c1);
p = &long_state[j];
copy_block(c, p);
VARIANT2_PORTABLE_INTEGER_MATH(c, c1);
mul(c1, c, d);
VARIANT2_2_PORTABLE();
VARIANT2_PORTABLE_SHUFFLE_ADD(long_state, j);
sum_half_blocks(a, d);
swap_blocks(a, c);
xor_blocks(a, c);
VARIANT1_2(U64(c) + 1);
copy_block(p, c);
if (variant >= 2) {
copy_block(b + AES_BLOCK_SIZE, b);
}
copy_block(b, c1);
}
memcpy(text, state.init, INIT_SIZE_BYTE);
@ -1294,12 +1479,18 @@ union cn_slow_hash_state {
#pragma pack(pop)
void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int prehashed) {
#ifndef FORCE_USE_HEAP
uint8_t long_state[MEMORY];
#else
uint8_t *long_state = (uint8_t *)malloc(MEMORY);
#endif
union cn_slow_hash_state state;
uint8_t text[INIT_SIZE_BYTE];
uint8_t a[AES_BLOCK_SIZE];
uint8_t b[AES_BLOCK_SIZE];
uint8_t c[AES_BLOCK_SIZE];
uint8_t b[AES_BLOCK_SIZE * 2];
uint8_t c1[AES_BLOCK_SIZE];
uint8_t c2[AES_BLOCK_SIZE];
uint8_t d[AES_BLOCK_SIZE];
size_t i, j;
uint8_t aes_key[AES_KEY_SIZE];
@ -1315,6 +1506,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
aes_ctx = (oaes_ctx *) oaes_alloc();
VARIANT1_PORTABLE_INIT();
VARIANT2_PORTABLE_INIT();
oaes_key_import_data(aes_ctx, aes_key, AES_KEY_SIZE);
for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
@ -1324,9 +1516,9 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
memcpy(&long_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
}
for (i = 0; i < 16; i++) {
a[i] = state.k[ i] ^ state.k[32 + i];
b[i] = state.k[16 + i] ^ state.k[48 + i];
for (i = 0; i < AES_BLOCK_SIZE; i++) {
a[i] = state.k[ i] ^ state.k[AES_BLOCK_SIZE * 2 + i];
b[i] = state.k[AES_BLOCK_SIZE + i] ^ state.k[AES_BLOCK_SIZE * 3 + i];
}
for (i = 0; i < ITER / 2; i++) {
@ -1335,26 +1527,33 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
* next address <-+
*/
/* Iteration 1 */
j = e2i(a, MEMORY / AES_BLOCK_SIZE);
copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
aesb_single_round(c, c, a);
xor_blocks(b, c);
swap_blocks(b, c);
copy_block(&long_state[j * AES_BLOCK_SIZE], c);
assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
swap_blocks(a, b);
VARIANT1_1(&long_state[j * AES_BLOCK_SIZE]);
j = e2i(a, MEMORY / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
copy_block(c1, &long_state[j]);
aesb_single_round(c1, c1, a);
VARIANT2_PORTABLE_SHUFFLE_ADD(long_state, j);
copy_block(&long_state[j], c1);
xor_blocks(&long_state[j], b);
assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
VARIANT1_1(&long_state[j]);
/* Iteration 2 */
j = e2i(a, MEMORY / AES_BLOCK_SIZE);
copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
mul(a, c, d);
sum_half_blocks(b, d);
swap_blocks(b, c);
xor_blocks(b, c);
VARIANT1_2(c + 8);
copy_block(&long_state[j * AES_BLOCK_SIZE], c);
assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
swap_blocks(a, b);
j = e2i(c1, MEMORY / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
copy_block(c2, &long_state[j]);
VARIANT2_PORTABLE_INTEGER_MATH(c2, c1);
mul(c1, c2, d);
VARIANT2_2_PORTABLE();
VARIANT2_PORTABLE_SHUFFLE_ADD(long_state, j);
swap_blocks(a, c1);
sum_half_blocks(c1, d);
swap_blocks(c1, c2);
xor_blocks(c1, c2);
VARIANT1_2(c2 + 8);
copy_block(&long_state[j], c2);
assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
if (variant >= 2) {
copy_block(b + AES_BLOCK_SIZE, b);
}
copy_block(b, a);
copy_block(a, c1);
}
memcpy(text, state.init, INIT_SIZE_BYTE);
@ -1370,6 +1569,10 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int variant, int
/*memcpy(hash, &state, 32);*/
extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
oaes_free((OAES_CTX **) &aes_ctx);
#ifdef FORCE_USE_HEAP
free(long_state);
#endif
}
#endif

3
crypto/tree-hash.c
Unescape View File

@ -36,7 +36,8 @@
#ifdef _MSC_VER
#include <malloc.h>
#elif !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__DragonFly__)
#elif !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__DragonFly__) \
&& !defined(__NetBSD__)
#include <alloca.h>
#else
#include <stdlib.h>

163
crypto/variant2_int_sqrt.h
Unescape View File

@ -0,0 +1,163 @@
#ifndef VARIANT2_INT_SQRT_H
#define VARIANT2_INT_SQRT_H
#include <math.h>
#include <float.h>
#define VARIANT2_INTEGER_MATH_SQRT_STEP_SSE2() \
do { \
const __m128i exp_double_bias = _mm_set_epi64x(0, 1023ULL << 52); \
__m128d x = _mm_castsi128_pd(_mm_add_epi64(_mm_cvtsi64_si128(sqrt_input >> 12), exp_double_bias)); \
x = _mm_sqrt_sd(_mm_setzero_pd(), x); \
sqrt_result = (uint64_t)(_mm_cvtsi128_si64(_mm_sub_epi64(_mm_castpd_si128(x), exp_double_bias))) >> 19; \
} while(0)
#define VARIANT2_INTEGER_MATH_SQRT_STEP_FP64() \
do { \
sqrt_result = sqrt(sqrt_input + 18446744073709551616.0) * 2.0 - 8589934592.0; \
} while(0)
#define VARIANT2_INTEGER_MATH_SQRT_STEP_REF() \
sqrt_result = integer_square_root_v2(sqrt_input)
// Reference implementation of the integer square root for Cryptonight variant 2
// Computes integer part of "sqrt(2^64 + n) * 2 - 2^33"
//
// In other words, given 64-bit unsigned integer n:
// 1) Write it as x = 1.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN000... in binary (1 <= x < 2, all 64 bits of n are used)
// 2) Calculate sqrt(x) = 1.0RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR... (1 <= sqrt(x) < sqrt(2), so it will always start with "1.0" in binary)
// 3) Take 32 bits that come after "1.0" and return them as a 32-bit unsigned integer, discard all remaining bits
//
// Some sample inputs and outputs:
//
// Input | Output | Exact value of "sqrt(2^64 + n) * 2 - 2^33"
// -----------------|------------|-------------------------------------------
// 0 | 0 | 0
// 2^32 | 0 | 0.99999999994179233909330885695244...
// 2^32 + 1 | 1 | 1.0000000001746229827200734316305...
// 2^50 | 262140 | 262140.00012206565608606978175873...
// 2^55 + 20963331 | 8384515 | 8384515.9999999997673963974959744...
// 2^55 + 20963332 | 8384516 | 8384516
// 2^62 + 26599786 | 1013904242 | 1013904242.9999999999479374853545...
// 2^62 + 26599787 | 1013904243 | 1013904243.0000000001561875439364...
// 2^64 - 1 | 3558067407 | 3558067407.9041987696409179931096...
// The reference implementation as it is now uses only unsigned int64 arithmetic, so it can't have undefined behavior
// It was tested once for all edge cases and confirmed correct
static inline uint32_t integer_square_root_v2(uint64_t n)
{
uint64_t r = 1ULL << 63;
for (uint64_t bit = 1ULL << 60; bit; bit >>= 2)
{
const bool b = (n < r + bit);
const uint64_t n_next = n - (r + bit);
const uint64_t r_next = r + bit * 2;
n = b ? n : n_next;
r = b ? r : r_next;
r >>= 1;
}
return r * 2 + ((n > r) ? 1 : 0);
}
/*
VARIANT2_INTEGER_MATH_SQRT_FIXUP checks that "r" is an integer part of "sqrt(2^64 + sqrt_input) * 2 - 2^33" and adds or subtracts 1 if needed
It's hard to understand how it works, so here is a full calculation of formulas used in VARIANT2_INTEGER_MATH_SQRT_FIXUP
The following inequalities must hold for r if it's an integer part of "sqrt(2^64 + sqrt_input) * 2 - 2^33":
1) r <= sqrt(2^64 + sqrt_input) * 2 - 2^33
2) r + 1 > sqrt(2^64 + sqrt_input) * 2 - 2^33
We need to check them using only unsigned integer arithmetic to avoid rounding errors and undefined behavior
First inequality: r <= sqrt(2^64 + sqrt_input) * 2 - 2^33
-----------------------------------------------------------------------------------
r <= sqrt(2^64 + sqrt_input) * 2 - 2^33
r + 2^33 <= sqrt(2^64 + sqrt_input) * 2
r/2 + 2^32 <= sqrt(2^64 + sqrt_input)
(r/2 + 2^32)^2 <= 2^64 + sqrt_input
Rewrite r as r = s * 2 + b (s = trunc(r/2), b is 0 or 1)
((s*2+b)/2 + 2^32)^2 <= 2^64 + sqrt_input
(s*2+b)^2/4 + 2*2^32*(s*2+b)/2 + 2^64 <= 2^64 + sqrt_input
(s*2+b)^2/4 + 2*2^32*(s*2+b)/2 <= sqrt_input
(s*2+b)^2/4 + 2^32*r <= sqrt_input
(s^2*4+2*s*2*b+b^2)/4 + 2^32*r <= sqrt_input
s^2+s*b+b^2/4 + 2^32*r <= sqrt_input
s*(s+b) + b^2/4 + 2^32*r <= sqrt_input
Let r2 = s*(s+b) + r*2^32
r2 + b^2/4 <= sqrt_input
If this inequality doesn't hold, then we must decrement r: IF "r2 + b^2/4 > sqrt_input" THEN r = r - 1
b can be 0 or 1
If b is 0 then we need to compare "r2 > sqrt_input"
If b is 1 then b^2/4 = 0.25, so we need to compare "r2 + 0.25 > sqrt_input"
Since both r2 and sqrt_input are integers, we can safely replace it with "r2 + 1 > sqrt_input"
-----------------------------------------------------------------------------------
Both cases can be merged to a single expression "r2 + b > sqrt_input"
-----------------------------------------------------------------------------------
There will be no overflow when calculating "r2 + b", so it's safe to compare with sqrt_input:
r2 + b = s*(s+b) + r*2^32 + b
The largest value s, b and r can have is s = 1779033703, b = 1, r = 3558067407 when sqrt_input = 2^64 - 1
r2 + b <= 1779033703*1779033704 + 3558067407*2^32 + 1 = 18446744068217447385 < 2^64
Second inequality: r + 1 > sqrt(2^64 + sqrt_input) * 2 - 2^33
-----------------------------------------------------------------------------------
r + 1 > sqrt(2^64 + sqrt_input) * 2 - 2^33
r + 1 + 2^33 > sqrt(2^64 + sqrt_input) * 2
((r+1)/2 + 2^32)^2 > 2^64 + sqrt_input
Rewrite r as r = s * 2 + b (s = trunc(r/2), b is 0 or 1)
((s*2+b+1)/2 + 2^32)^2 > 2^64 + sqrt_input
(s*2+b+1)^2/4 + 2*(s*2+b+1)/2*2^32 + 2^64 > 2^64 + sqrt_input
(s*2+b+1)^2/4 + (s*2+b+1)*2^32 > sqrt_input
(s*2+b+1)^2/4 + (r+1)*2^32 > sqrt_input
(s*2+(b+1))^2/4 + r*2^32 + 2^32 > sqrt_input
(s^2*4+2*s*2*(b+1)+(b+1)^2)/4 + r*2^32 + 2^32 > sqrt_input
s^2+s*(b+1)+(b+1)^2/4 + r*2^32 + 2^32 > sqrt_input
s*(s+b) + s + (b+1)^2/4 + r*2^32 + 2^32 > sqrt_input
Let r2 = s*(s+b) + r*2^32
r2 + s + (b+1)^2/4 + 2^32 > sqrt_input
r2 + 2^32 + (b+1)^2/4 > sqrt_input - s
If this inequality doesn't hold, then we must decrement r: IF "r2 + 2^32 + (b+1)^2/4 <= sqrt_input - s" THEN r = r - 1
b can be 0 or 1
If b is 0 then we need to compare "r2 + 2^32 + 1/4 <= sqrt_input - s" which is equal to "r2 + 2^32 < sqrt_input - s" because all numbers here are integers
If b is 1 then (b+1)^2/4 = 1, so we need to compare "r2 + 2^32 + 1 <= sqrt_input - s" which is also equal to "r2 + 2^32 < sqrt_input - s"
-----------------------------------------------------------------------------------
Both cases can be merged to a single expression "r2 + 2^32 < sqrt_input - s"
-----------------------------------------------------------------------------------
There will be no overflow when calculating "r2 + 2^32":
r2 + 2^32 = s*(s+b) + r*2^32 + 2^32 = s*(s+b) + (r+1)*2^32
The largest value s, b and r can have is s = 1779033703, b = 1, r = 3558067407 when sqrt_input = 2^64 - 1
r2 + b <= 1779033703*1779033704 + 3558067408*2^32 = 18446744072512414680 < 2^64
There will be no integer overflow when calculating "sqrt_input - s", i.e. "sqrt_input >= s" at all times:
s = trunc(r/2) = trunc(sqrt(2^64 + sqrt_input) - 2^32) < sqrt(2^64 + sqrt_input) - 2^32 + 1
sqrt_input > sqrt(2^64 + sqrt_input) - 2^32 + 1
sqrt_input + 2^32 - 1 > sqrt(2^64 + sqrt_input)
(sqrt_input + 2^32 - 1)^2 > sqrt_input + 2^64
sqrt_input^2 + 2*sqrt_input*(2^32 - 1) + (2^32-1)^2 > sqrt_input + 2^64
sqrt_input^2 + sqrt_input*(2^33 - 2) + (2^32-1)^2 > sqrt_input + 2^64
sqrt_input^2 + sqrt_input*(2^33 - 3) + (2^32-1)^2 > 2^64
sqrt_input^2 + sqrt_input*(2^33 - 3) + 2^64-2^33+1 > 2^64
sqrt_input^2 + sqrt_input*(2^33 - 3) - 2^33 + 1 > 0
This inequality is true if sqrt_input > 1 and it's easy to check that s = 0 if sqrt_input is 0 or 1, so there will be no integer overflow
*/
#define VARIANT2_INTEGER_MATH_SQRT_FIXUP(r) \
do { \
const uint64_t s = r >> 1; \
const uint64_t b = r & 1; \
const uint64_t r2 = (uint64_t)(s) * (s + b) + (r << 32); \
r += ((r2 + b > sqrt_input) ? -1 : 0) + ((r2 + (1ULL << 32) < sqrt_input - s) ? 1 : 0); \
} while(0)
#endif

76
cryptonote_basic/account.cpp
Unescape View File

@ -44,6 +44,9 @@ extern "C"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "account"
#define KEYS_ENCRYPTION_SALT 'k'
using namespace std;
DISABLE_VS_WARNINGS(4244 4345)
@ -60,7 +63,70 @@ DISABLE_VS_WARNINGS(4244 4345)
m_device = &hwdev;
MCDEBUG("device", "account_keys::set_device device type: "<<typeid(hwdev).name());
}
//-----------------------------------------------------------------
static void derive_key(const crypto::chacha_key &base_key, crypto::chacha_key &key)
{
static_assert(sizeof(base_key) == sizeof(crypto::hash), "chacha key and hash should be the same size");
epee::mlocked<tools::scrubbed_arr<char, sizeof(base_key)+1>> data;
memcpy(data.data(), &base_key, sizeof(base_key));
data[sizeof(base_key)] = KEYS_ENCRYPTION_SALT;
crypto::generate_chacha_key(data.data(), sizeof(data), key, 1);
}
//-----------------------------------------------------------------
static epee::wipeable_string get_key_stream(const crypto::chacha_key &base_key, const crypto::chacha_iv &iv, size_t bytes)
{
// derive a new key
crypto::chacha_key key;
derive_key(base_key, key);
// chacha
epee::wipeable_string buffer0(std::string(bytes, '\0'));
epee::wipeable_string buffer1 = buffer0;
crypto::chacha20(buffer0.data(), buffer0.size(), key, iv, buffer1.data());
return buffer1;
}
//-----------------------------------------------------------------
void account_keys::xor_with_key_stream(const crypto::chacha_key &key)
{
// encrypt a large enough byte stream with chacha20
epee::wipeable_string key_stream = get_key_stream(key, m_encryption_iv, sizeof(crypto::secret_key) * (2 + m_multisig_keys.size()));
const char *ptr = key_stream.data();
for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
m_spend_secret_key.data[i] ^= *ptr++;
for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
m_view_secret_key.data[i] ^= *ptr++;
for (crypto::secret_key &k: m_multisig_keys)
{
for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
k.data[i] ^= *ptr++;
}
}
//-----------------------------------------------------------------
void account_keys::encrypt(const crypto::chacha_key &key)
{
m_encryption_iv = crypto::rand<crypto::chacha_iv>();
xor_with_key_stream(key);
}
//-----------------------------------------------------------------
void account_keys::decrypt(const crypto::chacha_key &key)
{
xor_with_key_stream(key);
}
//-----------------------------------------------------------------
void account_keys::encrypt_viewkey(const crypto::chacha_key &key)
{
// encrypt a large enough byte stream with chacha20
epee::wipeable_string key_stream = get_key_stream(key, m_encryption_iv, sizeof(crypto::secret_key) * 2);
const char *ptr = key_stream.data();
ptr += sizeof(crypto::secret_key);
for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
m_view_secret_key.data[i] ^= *ptr++;
}
//-----------------------------------------------------------------
void account_keys::decrypt_viewkey(const crypto::chacha_key &key)
{
encrypt_viewkey(key);
}
//-----------------------------------------------------------------
account_base::account_base()
{
@ -131,10 +197,14 @@ DISABLE_VS_WARNINGS(4244 4345)
//-----------------------------------------------------------------
void account_base::create_from_device(const std::string &device_name)
{
hw::device &hwdev = hw::get_device(device_name);
m_keys.set_device(hwdev);
hwdev.set_name(device_name);
create_from_device(hwdev);
}
void account_base::create_from_device(hw::device &hwdev)
{
m_keys.set_device(hwdev);
MCDEBUG("ledger", "device type: "<<typeid(hwdev).name());
hwdev.init();
hwdev.connect();
@ -157,7 +227,7 @@ DISABLE_VS_WARNINGS(4244 4345)
void account_base::create_from_viewkey(const cryptonote::account_public_address& address, const crypto::secret_key& viewkey)
{
crypto::secret_key fake;
memset(&unwrap(fake), 0, sizeof(fake));
memset(&unwrap(unwrap(fake)), 0, sizeof(fake));
create_from_keys(address, fake, viewkey);
}
//-----------------------------------------------------------------

19
cryptonote_basic/account.h
Unescape View File

@ -44,18 +44,29 @@ namespace cryptonote
crypto::secret_key m_view_secret_key;
std::vector<crypto::secret_key> m_multisig_keys;
hw::device *m_device = &hw::get_device("default");
crypto::chacha_iv m_encryption_iv;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(m_account_address)
KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE(m_spend_secret_key)
KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE(m_view_secret_key)
KV_SERIALIZE_CONTAINER_POD_AS_BLOB(m_multisig_keys)
const crypto::chacha_iv default_iv{{0, 0, 0, 0, 0, 0, 0, 0}};
KV_SERIALIZE_VAL_POD_AS_BLOB_OPT(m_encryption_iv, default_iv)
END_KV_SERIALIZE_MAP()
account_keys& operator=(account_keys const&) = default;
void encrypt(const crypto::chacha_key &key);
void decrypt(const crypto::chacha_key &key);
void encrypt_viewkey(const crypto::chacha_key &key);
void decrypt_viewkey(const crypto::chacha_key &key);
hw::device& get_device() const ;
void set_device( hw::device &hwdev) ;
private:
void xor_with_key_stream(const crypto::chacha_key &key);
};
/************************************************************************/
@ -66,7 +77,8 @@ namespace cryptonote
public:
account_base();
crypto::secret_key generate(const crypto::secret_key& recovery_key = crypto::secret_key(), bool recover = false, bool two_random = false, bool from_legacy16B_lw_seed = false);
void create_from_device(const std::string &device_name) ;
void create_from_device(const std::string &device_name);
void create_from_device(hw::device &hwdev);
void create_from_keys(const cryptonote::account_public_address& address, const crypto::secret_key& spendkey, const crypto::secret_key& viewkey);
void create_from_viewkey(const cryptonote::account_public_address& address, const crypto::secret_key& viewkey);
bool make_multisig(const crypto::secret_key &view_secret_key, const crypto::secret_key &spend_secret_key, const crypto::public_key &spend_public_key, const std::vector<crypto::secret_key> &multisig_keys);
@ -87,6 +99,11 @@ namespace cryptonote
void forget_spend_key();
const std::vector<crypto::secret_key> &get_multisig_keys() const { return m_keys.m_multisig_keys; }
void encrypt_keys(const crypto::chacha_key &key) { m_keys.encrypt(key); }
void decrypt_keys(const crypto::chacha_key &key) { m_keys.decrypt(key); }
void encrypt_viewkey(const crypto::chacha_key &key) { m_keys.encrypt_viewkey(key); }
void decrypt_viewkey(const crypto::chacha_key &key) { m_keys.decrypt_viewkey(key); }
template <class t_archive>
inline void serialize(t_archive &a, const unsigned int /*ver*/)
{

76
cryptonote_basic/cryptonote_basic_impl.cpp
Unescape View File

@ -67,7 +67,7 @@ namespace cryptonote {
/* Cryptonote helper functions */
/************************************************************************/
//-----------------------------------------------------------------------------------------------
size_t get_min_block_size(uint8_t version)
size_t get_min_block_weight(uint8_t version)
{
if (version < 2)
return CRYPTONOTE_BLOCK_GRANTED_FULL_REWARD_ZONE_V1;
@ -86,7 +86,7 @@ namespace cryptonote {
return CRYPTONOTE_MAX_TX_SIZE;
}
//-----------------------------------------------------------------------------------------------
bool get_block_reward(size_t median_size, size_t current_block_size, uint64_t already_generated_coins, uint64_t &reward, uint8_t version) {
bool get_block_reward(size_t median_weight, size_t current_block_weight, uint64_t already_generated_coins, uint64_t &reward, uint8_t version) {
static_assert(DIFFICULTY_TARGET_V2%60==0&&DIFFICULTY_TARGET_V1%60==0,"difficulty targets must be a multiple of 60");
const int target = version < 2 ? DIFFICULTY_TARGET_V1 : DIFFICULTY_TARGET_V2;
const int target_minutes = target / 60;
@ -98,37 +98,37 @@ namespace cryptonote {
base_reward = FINAL_SUBSIDY_PER_MINUTE*target_minutes;
}
uint64_t full_reward_zone = get_min_block_size(version);
uint64_t full_reward_zone = get_min_block_weight(version);
//make it soft
if (median_size < full_reward_zone) {
median_size = full_reward_zone;
if (median_weight < full_reward_zone) {
median_weight = full_reward_zone;
}
if (current_block_size <= median_size) {
if (current_block_weight <= median_weight) {
reward = base_reward;
return true;
}
if(current_block_size > 2 * median_size) {
MERROR("Block cumulative size is too big: " << current_block_size << ", expected less than " << 2 * median_size);
if(current_block_weight > 2 * median_weight) {
MERROR("Block cumulative weight is too big: " << current_block_weight << ", expected less than " << 2 * median_weight);
return false;
}
assert(median_size < std::numeric_limits<uint32_t>::max());
assert(current_block_size < std::numeric_limits<uint32_t>::max());
assert(median_weight < std::numeric_limits<uint32_t>::max());
assert(current_block_weight < std::numeric_limits<uint32_t>::max());
uint64_t product_hi;
// BUGFIX: 32-bit saturation bug (e.g. ARM7), the result was being
// treated as 32-bit by default.
uint64_t multiplicand = 2 * median_size - current_block_size;
multiplicand *= current_block_size;
uint64_t multiplicand = 2 * median_weight - current_block_weight;
multiplicand *= current_block_weight;
uint64_t product_lo = mul128(base_reward, multiplicand, &product_hi);
uint64_t reward_hi;
uint64_t reward_lo;
div128_32(product_hi, product_lo, static_cast<uint32_t>(median_size), &reward_hi, &reward_lo);
div128_32(reward_hi, reward_lo, static_cast<uint32_t>(median_size), &reward_hi, &reward_lo);
div128_32(product_hi, product_lo, static_cast<uint32_t>(median_weight), &reward_hi, &reward_lo);
div128_32(reward_hi, reward_lo, static_cast<uint32_t>(median_weight), &reward_hi, &reward_lo);
assert(0 == reward_hi);
assert(reward_lo < base_reward);
@ -296,30 +296,30 @@ namespace cryptonote {
return true;
}
// //--------------------------------------------------------------------------------
// bool get_account_address_from_str_or_url(
// address_parse_info& info
// , network_type nettype
// , const std::string& str_or_url
// , std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm
// )
// {
// if (get_account_address_from_str(info, nettype, str_or_url))
// return true;
// bool dnssec_valid;
// std::string address_str = tools::dns_utils::get_account_address_as_str_from_url(str_or_url, dnssec_valid, dns_confirm);
// return !address_str.empty() &&
// get_account_address_from_str(info, nettype, address_str);
// }
//--------------------------------------------------------------------------------
bool operator ==(const cryptonote::transaction& a, const cryptonote::transaction& b) {
return cryptonote::get_transaction_hash(a) == cryptonote::get_transaction_hash(b);
}
bool operator ==(const cryptonote::block& a, const cryptonote::block& b) {
return cryptonote::get_block_hash(a) == cryptonote::get_block_hash(b);
}
}
// //--------------------------------------------------------------------------------
// bool get_account_address_from_str_or_url(
// address_parse_info& info
// , network_type nettype
// , const std::string& str_or_url
// , std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm
// )
// {
// if (get_account_address_from_str(info, nettype, str_or_url))
// return true;
// bool dnssec_valid;
// std::string address_str = tools::dns_utils::get_account_address_as_str_from_url(str_or_url, dnssec_valid, dns_confirm);
// return !address_str.empty() &&
// get_account_address_from_str(info, nettype, address_str);
// }
// //--------------------------------------------------------------------------------
// bool operator ==(const cryptonote::transaction& a, const cryptonote::transaction& b) {
// return cryptonote::get_transaction_hash(a) == cryptonote::get_transaction_hash(b);
// }
// bool operator ==(const cryptonote::block& a, const cryptonote::block& b) {
// return cryptonote::get_block_hash(a) == cryptonote::get_block_hash(b);
// }
}
//--------------------------------------------------------------------------------
bool parse_hash256(const std::string str_hash, crypto::hash& hash)

16
cryptonote_basic/cryptonote_basic_impl.h
Unescape View File

@ -86,10 +86,10 @@ namespace cryptonote {
/************************************************************************/
/* Cryptonote helper functions */
/************************************************************************/
size_t get_min_block_size(uint8_t version);
size_t get_min_block_weight(uint8_t version);
size_t get_max_block_size();
size_t get_max_tx_size();
bool get_block_reward(size_t median_size, size_t current_block_size, uint64_t already_generated_coins, uint64_t &reward, uint8_t version);
bool get_block_reward(size_t median_weight, size_t current_block_weight, uint64_t already_generated_coins, uint64_t &reward, uint8_t version);
uint8_t get_account_address_checksum(const public_address_outer_blob& bl);
uint8_t get_account_integrated_address_checksum(const public_integrated_address_outer_blob& bl);
@ -111,12 +111,12 @@ namespace cryptonote {
, const std::string& str
);
bool get_account_address_from_str_or_url(
address_parse_info& info
, network_type nettype
, const std::string& str_or_url
, std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm = return_first_address
);
// bool get_account_address_from_str_or_url(
// address_parse_info& info
// , network_type nettype
// , const std::string& str_or_url
// , std::function<std::string(const std::string&, const std::vector<std::string>&, bool)> dns_confirm = return_first_address
// );
bool is_coinbase(const transaction& tx);

85
cryptonote_basic/cryptonote_format_utils.cpp
Unescape View File

@ -135,23 +135,41 @@ namespace cryptonote
return false;
}
for (size_t n = 0; n < tx.rct_signatures.outPk.size(); ++n)
{
if (tx.vout[n].target.type() != typeid(txout_to_key))
{
LOG_PRINT_L1("Unsupported output type in tx " << get_transaction_hash(tx));
return false;
}
rv.outPk[n].dest = rct::pk2rct(boost::get<txout_to_key>(tx.vout[n].target).key);
}
if (!base_only)
{
const bool bulletproof = rv.type == rct::RCTTypeFullBulletproof || rv.type == rct::RCTTypeSimpleBulletproof;
const bool bulletproof = rct::is_rct_bulletproof(rv.type);
if (bulletproof)
{
if (rv.p.bulletproofs.size() != tx.vout.size())
if (rv.p.bulletproofs.size() != 1)
{
LOG_PRINT_L1("Failed to parse transaction from blob, bad bulletproofs size in tx " << get_transaction_hash(tx));
return false;
}
for (size_t n = 0; n < rv.outPk.size(); ++n)
if (rv.p.bulletproofs[0].L.size() < 6)
{
rv.p.bulletproofs[n].V.resize(1);
rv.p.bulletproofs[n].V[0] = rv.outPk[n].mask;
LOG_PRINT_L1("Failed to parse transaction from blob, bad bulletproofs L size in tx " << get_transaction_hash(tx));
return false;
}
const size_t max_outputs = 1 << (rv.p.bulletproofs[0].L.size() - 6);
if (max_outputs < tx.vout.size())
{
LOG_PRINT_L1("Failed to parse transaction from blob, bad bulletproofs max outputs in tx " << get_transaction_hash(tx));
return false;
}
const size_t n_amounts = tx.vout.size();
CHECK_AND_ASSERT_MES(n_amounts == rv.outPk.size(), false, "Internal error filling out V");
rv.p.bulletproofs[0].V.resize(n_amounts);
for (size_t i = 0; i < n_amounts; ++i)
rv.p.bulletproofs[0].V[i] = rct::scalarmultKey(rv.outPk[i].mask, rct::INV_EIGHT);
}
}
}
@ -181,6 +199,16 @@ namespace cryptonote
return true;
}
//---------------------------------------------------------------
bool parse_and_validate_tx_prefix_from_blob(const blobdata& tx_blob, transaction_prefix& tx)
{
std::stringstream ss;
ss << tx_blob;
binary_archive<false> ba(ss);
bool r = ::serialization::serialize_noeof(ba, tx);
CHECK_AND_ASSERT_MES(r, false, "Failed to parse transaction prefix from blob");
return true;
}
//---------------------------------------------------------------
bool parse_and_validate_tx_from_blob(const blobdata& tx_blob, transaction& tx, crypto::hash& tx_hash, crypto::hash& tx_prefix_hash)
{
std::stringstream ss;
@ -201,15 +229,25 @@ namespace cryptonote
{
crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
bool r = hwdev.generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
if (!r)
{
MWARNING("key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
memcpy(&recv_derivation, rct::identity().bytes, sizeof(recv_derivation));
}
std::vector<crypto::key_derivation> additional_recv_derivations;
for (size_t i = 0; i < additional_tx_public_keys.size(); ++i)
{
crypto::key_derivation additional_recv_derivation = AUTO_VAL_INIT(additional_recv_derivation);
r = hwdev.generate_key_derivation(additional_tx_public_keys[i], ack.m_view_secret_key, additional_recv_derivation);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << additional_tx_public_keys[i] << ", " << ack.m_view_secret_key << ")");
additional_recv_derivations.push_back(additional_recv_derivation);
if (!r)
{
MWARNING("key image helper: failed to generate_key_derivation(" << additional_tx_public_keys[i] << ", " << ack.m_view_secret_key << ")");
}
else
{
additional_recv_derivations.push_back(additional_recv_derivation);
}
}
boost::optional<subaddress_receive_info> subaddr_recv_info = is_out_to_acc_precomp(subaddresses, out_key, recv_derivation, additional_recv_derivations, real_output_index,hwdev);
@ -318,6 +356,37 @@ namespace cryptonote
return string_tools::get_xtype_from_string(amount, str_amount);
}
//---------------------------------------------------------------
uint64_t get_transaction_weight(const transaction &tx, size_t blob_size)
{
if (tx.version < 2)
return blob_size;
const rct::rctSig &rv = tx.rct_signatures;
if (!rct::is_rct_bulletproof(rv.type))
return blob_size;
const size_t n_outputs = tx.vout.size();
if (n_outputs <= 2)
return blob_size;
const uint64_t bp_base = 368;
const size_t n_padded_outputs = rct::n_bulletproof_max_amounts(rv.p.bulletproofs);
size_t nlr = 0;
for (const auto &bp: rv.p.bulletproofs)
nlr += bp.L.size() * 2;
const size_t bp_size = 32 * (9 + nlr);
CHECK_AND_ASSERT_THROW_MES_L1(bp_base * n_padded_outputs >= bp_size, "Invalid bulletproof clawback");
const uint64_t bp_clawback = (bp_base * n_padded_outputs - bp_size) * 4 / 5;
CHECK_AND_ASSERT_THROW_MES_L1(bp_clawback <= std::numeric_limits<uint64_t>::max() - blob_size, "Weight overflow");
return blob_size + bp_clawback;
}
//---------------------------------------------------------------
uint64_t get_transaction_weight(const transaction &tx)
{
std::ostringstream s;
binary_archive<true> a(s);
::serialization::serialize(a, const_cast<transaction&>(tx));
const cryptonote::blobdata blob = s.str();
return get_transaction_weight(tx, blob.size());
}
//---------------------------------------------------------------
bool get_tx_fee(const transaction& tx, uint64_t & fee)
{
if (tx.version > 1)

3
cryptonote_basic/cryptonote_format_utils.h
Unescape View File

@ -48,6 +48,7 @@ namespace cryptonote
//---------------------------------------------------------------
void get_transaction_prefix_hash(const transaction_prefix& tx, crypto::hash& h);
crypto::hash get_transaction_prefix_hash(const transaction_prefix& tx);
bool parse_and_validate_tx_prefix_from_blob(const blobdata& tx_blob, transaction_prefix& tx);
bool parse_and_validate_tx_from_blob(const blobdata& tx_blob, transaction& tx, crypto::hash& tx_hash, crypto::hash& tx_prefix_hash);
bool parse_and_validate_tx_from_blob(const blobdata& tx_blob, transaction& tx);
bool parse_and_validate_tx_base_from_blob(const blobdata& tx_blob, transaction& tx);
@ -117,6 +118,8 @@ namespace cryptonote
bool check_inputs_types_supported(const transaction& tx);
bool check_outs_valid(const transaction& tx);
bool parse_amount(uint64_t& amount, const std::string& str_amount);
uint64_t get_transaction_weight(const transaction &tx);
uint64_t get_transaction_weight(const transaction &tx, size_t blob_size);
bool check_money_overflow(const transaction& tx);
bool check_outs_overflow(const transaction& tx);

8
cryptonote_config.h
Unescape View File

@ -65,9 +65,11 @@
#define FEE_PER_KB_OLD ((uint64_t)10000000000) // pow(10, 10)
#define FEE_PER_KB ((uint64_t)2000000000) // 2 * pow(10, 9)
#define FEE_PER_BYTE ((uint64_t)300000)
#define DYNAMIC_FEE_PER_KB_BASE_FEE ((uint64_t)2000000000) // 2 * pow(10,9)
#define DYNAMIC_FEE_PER_KB_BASE_BLOCK_REWARD ((uint64_t)10000000000000) // 10 * pow(10,12)
#define DYNAMIC_FEE_PER_KB_BASE_FEE_V5 ((uint64_t)2000000000 * (uint64_t)CRYPTONOTE_BLOCK_GRANTED_FULL_REWARD_ZONE_V2 / CRYPTONOTE_BLOCK_GRANTED_FULL_REWARD_ZONE_V5)
#define DYNAMIC_FEE_REFERENCE_TRANSACTION_WEIGHT ((uint64_t)3000)
#define ORPHANED_BLOCKS_MAX_COUNT 100
@ -133,13 +135,17 @@
#define HF_VERSION_DYNAMIC_FEE 4
#define HF_VERSION_MIN_MIXIN_4 6
#define HF_VERSION_MIN_MIXIN_6 7
#define HF_VERSION_MIN_MIXIN_10 8
#define HF_VERSION_ENFORCE_RCT 6
#define HF_VERSION_PER_BYTE_FEE 8
#define PER_KB_FEE_QUANTIZATION_DECIMALS 8
#define HASH_OF_HASHES_STEP 256
#define DEFAULT_TXPOOL_MAX_SIZE 648000000ull // 3 days at 300000, in bytes
#define DEFAULT_TXPOOL_MAX_WEIGHT 648000000ull // 3 days at 300000, in bytes
#define BULLETPROOF_MAX_OUTPUTS 16
// New constants are intended to go here
namespace config

259
cryptonote_core/cryptonote_tx_utils.cpp
Unescape View File

@ -37,7 +37,7 @@ using namespace epee;
#include "common/apply_permutation.h"
#include "cryptonote_tx_utils.h"
#include "cryptonote_config.h"
//#include "cryptonote_basic/miner.h"
// #include "cryptonote_basic/miner.h"
#include "crypto/crypto.h"
#include "crypto/hash.h"
#include "ringct/rctSigs.h"
@ -74,104 +74,104 @@ namespace cryptonote
LOG_PRINT_L2("destinations include " << num_stdaddresses << " standard addresses and " << num_subaddresses << " subaddresses");
}
//---------------------------------------------------------------
// bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) {
// tx.vin.clear();
// tx.vout.clear();
// tx.extra.clear();
//
// keypair txkey = keypair::generate(hw::get_device("default"));
// add_tx_pub_key_to_extra(tx, txkey.pub);
// if(!extra_nonce.empty())
// if(!add_extra_nonce_to_tx_extra(tx.extra, extra_nonce))
// return false;
//
// txin_gen in;
// in.height = height;
//
// uint64_t block_reward;
// if(!get_block_reward(median_size, current_block_size, already_generated_coins, block_reward, hard_fork_version))
// {
// LOG_PRINT_L0("Block is too big");
// return false;
// }
//
//#if defined(DEBUG_CREATE_BLOCK_TEMPLATE)
// LOG_PRINT_L1("Creating block template: reward " << block_reward <<
// ", fee " << fee);
//#endif
// block_reward += fee;
//
// // from hard fork 2, we cut out the low significant digits. This makes the tx smaller, and
// // keeps the paid amount almost the same. The unpaid remainder gets pushed back to the
// // emission schedule
// // from hard fork 4, we use a single "dusty" output. This makes the tx even smaller,
// // and avoids the quantization. These outputs will be added as rct outputs with identity
// // masks, to they can be used as rct inputs.
// if (hard_fork_version >= 2 && hard_fork_version < 4) {
// block_reward = block_reward - block_reward % ::config::BASE_REWARD_CLAMP_THRESHOLD;
// }
//
// std::vector<uint64_t> out_amounts;
// decompose_amount_into_digits(block_reward, hard_fork_version >= 2 ? 0 : ::config::DEFAULT_DUST_THRESHOLD,
// [&out_amounts](uint64_t a_chunk) { out_amounts.push_back(a_chunk); },
// [&out_amounts](uint64_t a_dust) { out_amounts.push_back(a_dust); });
//
// CHECK_AND_ASSERT_MES(1 <= max_outs, false, "max_out must be non-zero");
// if (height == 0 || hard_fork_version >= 4)
// {
// // the genesis block was not decomposed, for unknown reasons
// while (max_outs < out_amounts.size())
// {
// //out_amounts[out_amounts.size() - 2] += out_amounts.back();
// //out_amounts.resize(out_amounts.size() - 1);
// out_amounts[1] += out_amounts[0];
// for (size_t n = 1; n < out_amounts.size(); ++n)
// out_amounts[n - 1] = out_amounts[n];
// out_amounts.resize(out_amounts.size() - 1);
// }
// }
// else
// {
// CHECK_AND_ASSERT_MES(max_outs >= out_amounts.size(), false, "max_out exceeded");
// }
//
// uint64_t summary_amounts = 0;
// for (size_t no = 0; no < out_amounts.size(); no++)
// {
// crypto::key_derivation derivation = AUTO_VAL_INIT(derivation);;
// crypto::public_key out_eph_public_key = AUTO_VAL_INIT(out_eph_public_key);
// bool r = crypto::generate_key_derivation(miner_address.m_view_public_key, txkey.sec, derivation);
// CHECK_AND_ASSERT_MES(r, false, "while creating outs: failed to generate_key_derivation(" << miner_address.m_view_public_key << ", " << txkey.sec << ")");
//
// r = crypto::derive_public_key(derivation, no, miner_address.m_spend_public_key, out_eph_public_key);
// CHECK_AND_ASSERT_MES(r, false, "while creating outs: failed to derive_public_key(" << derivation << ", " << no << ", "<< miner_address.m_spend_public_key << ")");
//
// txout_to_key tk;
// tk.key = out_eph_public_key;
//
// tx_out out;
// summary_amounts += out.amount = out_amounts[no];
// out.target = tk;
// tx.vout.push_back(out);
// }
//
// CHECK_AND_ASSERT_MES(summary_amounts == block_reward, false, "Failed to construct miner tx, summary_amounts = " << summary_amounts << " not equal block_reward = " << block_reward);
//
// if (hard_fork_version >= 4)
// tx.version = 2;
// else
// tx.version = 1;
//
// //lock
// tx.unlock_time = height + CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW;
// tx.vin.push_back(in);
//
// tx.invalidate_hashes();
//
// //LOG_PRINT("MINER_TX generated ok, block_reward=" << print_money(block_reward) << "(" << print_money(block_reward - fee) << "+" << print_money(fee)
// // << "), current_block_size=" << current_block_size << ", already_generated_coins=" << already_generated_coins << ", tx_id=" << get_transaction_hash(tx), LOG_LEVEL_2);
// return true;
// }
// bool construct_miner_tx(size_t height, size_t median_weight, uint64_t already_generated_coins, size_t current_block_weight, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) {
// tx.vin.clear();
// tx.vout.clear();
// tx.extra.clear();
// keypair txkey = keypair::generate(hw::get_device("default"));
// add_tx_pub_key_to_extra(tx, txkey.pub);
// if(!extra_nonce.empty())
// if(!add_extra_nonce_to_tx_extra(tx.extra, extra_nonce))
// return false;
// txin_gen in;
// in.height = height;
// uint64_t block_reward;
// if(!get_block_reward(median_weight, current_block_weight, already_generated_coins, block_reward, hard_fork_version))
// {
// LOG_PRINT_L0("Block is too big");
// return false;
// }
// #if defined(DEBUG_CREATE_BLOCK_TEMPLATE)
// LOG_PRINT_L1("Creating block template: reward " << block_reward <<
// ", fee " << fee);
// #endif
// block_reward += fee;
// // from hard fork 2, we cut out the low significant digits. This makes the tx smaller, and
// // keeps the paid amount almost the same. The unpaid remainder gets pushed back to the
// // emission schedule
// // from hard fork 4, we use a single "dusty" output. This makes the tx even smaller,
// // and avoids the quantization. These outputs will be added as rct outputs with identity
// // masks, to they can be used as rct inputs.
// if (hard_fork_version >= 2 && hard_fork_version < 4) {
// block_reward = block_reward - block_reward % ::config::BASE_REWARD_CLAMP_THRESHOLD;
// }
// std::vector<uint64_t> out_amounts;
// decompose_amount_into_digits(block_reward, hard_fork_version >= 2 ? 0 : ::config::DEFAULT_DUST_THRESHOLD,
// [&out_amounts](uint64_t a_chunk) { out_amounts.push_back(a_chunk); },
// [&out_amounts](uint64_t a_dust) { out_amounts.push_back(a_dust); });
// CHECK_AND_ASSERT_MES(1 <= max_outs, false, "max_out must be non-zero");
// if (height == 0 || hard_fork_version >= 4)
// {
// // the genesis block was not decomposed, for unknown reasons
// while (max_outs < out_amounts.size())
// {
// //out_amounts[out_amounts.size() - 2] += out_amounts.back();
// //out_amounts.resize(out_amounts.size() - 1);
// out_amounts[1] += out_amounts[0];
// for (size_t n = 1; n < out_amounts.size(); ++n)
// out_amounts[n - 1] = out_amounts[n];
// out_amounts.pop_back();
// }
// }
// else
// {
// CHECK_AND_ASSERT_MES(max_outs >= out_amounts.size(), false, "max_out exceeded");
// }
// uint64_t summary_amounts = 0;
// for (size_t no = 0; no < out_amounts.size(); no++)
// {
// crypto::key_derivation derivation = AUTO_VAL_INIT(derivation);;
// crypto::public_key out_eph_public_key = AUTO_VAL_INIT(out_eph_public_key);
// bool r = crypto::generate_key_derivation(miner_address.m_view_public_key, txkey.sec, derivation);
// CHECK_AND_ASSERT_MES(r, false, "while creating outs: failed to generate_key_derivation(" << miner_address.m_view_public_key << ", " << txkey.sec << ")");
// r = crypto::derive_public_key(derivation, no, miner_address.m_spend_public_key, out_eph_public_key);
// CHECK_AND_ASSERT_MES(r, false, "while creating outs: failed to derive_public_key(" << derivation << ", " << no << ", "<< miner_address.m_spend_public_key << ")");
// txout_to_key tk;
// tk.key = out_eph_public_key;
// tx_out out;
// summary_amounts += out.amount = out_amounts[no];
// out.target = tk;
// tx.vout.push_back(out);
// }
// CHECK_AND_ASSERT_MES(summary_amounts == block_reward, false, "Failed to construct miner tx, summary_amounts = " << summary_amounts << " not equal block_reward = " << block_reward);
// if (hard_fork_version >= 4)
// tx.version = 2;
// else
// tx.version = 1;
// //lock
// tx.unlock_time = height + CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW;
// tx.vin.push_back(in);
// tx.invalidate_hashes();
// //LOG_PRINT("MINER_TX generated ok, block_reward=" << print_money(block_reward) << "(" << print_money(block_reward - fee) << "+" << print_money(fee)
// // << "), current_block_size=" << current_block_size << ", already_generated_coins=" << already_generated_coins << ", tx_id=" << get_transaction_hash(tx), LOG_LEVEL_2);
// return true;
// }
//---------------------------------------------------------------
crypto::public_key get_destination_view_key_pub(const std::vector<tx_destination_entry> &destinations, const boost::optional<cryptonote::account_public_address>& change_addr)
{
@ -195,7 +195,7 @@ namespace cryptonote
return addr.m_view_public_key;
}
//---------------------------------------------------------------
bool construct_tx_with_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, const crypto::secret_key &tx_key, const std::vector<crypto::secret_key> &additional_tx_keys, bool rct, bool bulletproof, rct::multisig_out *msout, bool shuffle_outs)
bool construct_tx_with_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, const crypto::secret_key &tx_key, const std::vector<crypto::secret_key> &additional_tx_keys, bool rct, rct::RangeProofType range_proof_type, rct::multisig_out *msout, bool shuffle_outs)
{
hw::device &hwdev = sender_account_keys.get_device();
@ -491,7 +491,7 @@ namespace cryptonote
// the non-simple version is slightly smaller, but assumes all real inputs
// are on the same index, so can only be used if there just one ring.
bool use_simple_rct = sources.size() > 1;
bool use_simple_rct = sources.size() > 1 || range_proof_type != rct::RangeProofBorromean;
if (!use_simple_rct)
{
@ -516,6 +516,7 @@ namespace cryptonote
uint64_t amount_in = 0, amount_out = 0;
rct::ctkeyV inSk;
inSk.reserve(sources.size());
// mixRing indexing is done the other way round for simple
rct::ctkeyM mixRing(use_simple_rct ? sources.size() : n_total_outs);
rct::keyV destinations;
@ -532,6 +533,7 @@ namespace cryptonote
ctkey.dest = rct::sk2rct(in_contexts[i].in_ephemeral.sec);
ctkey.mask = sources[i].mask;
inSk.push_back(ctkey);
memwipe(&ctkey, sizeof(rct::ctkey));
// inPk: (public key, commitment)
// will be done when filling in mixRing
if (msout)
@ -587,9 +589,10 @@ namespace cryptonote
get_transaction_prefix_hash(tx, tx_prefix_hash);
rct::ctkeyV outSk;
if (use_simple_rct)
tx.rct_signatures = rct::genRctSimple(rct::hash2rct(tx_prefix_hash), inSk, destinations, inamounts, outamounts, amount_in - amount_out, mixRing, amount_keys, msout ? &kLRki : NULL, msout, index, outSk, bulletproof, hwdev);
tx.rct_signatures = rct::genRctSimple(rct::hash2rct(tx_prefix_hash), inSk, destinations, inamounts, outamounts, amount_in - amount_out, mixRing, amount_keys, msout ? &kLRki : NULL, msout, index, outSk, range_proof_type, hwdev);
else
tx.rct_signatures = rct::genRct(rct::hash2rct(tx_prefix_hash), inSk, destinations, outamounts, mixRing, amount_keys, msout ? &kLRki[0] : NULL, msout, sources[0].real_output, outSk, bulletproof, hwdev); // same index assumption
tx.rct_signatures = rct::genRct(rct::hash2rct(tx_prefix_hash), inSk, destinations, outamounts, mixRing, amount_keys, msout ? &kLRki[0] : NULL, msout, sources[0].real_output, outSk, hwdev); // same index assumption
memwipe(inSk.data(), inSk.size() * sizeof(rct::ctkey));
CHECK_AND_ASSERT_MES(tx.vout.size() == outSk.size(), false, "outSk size does not match vout");
@ -601,7 +604,7 @@ namespace cryptonote
return true;
}
//---------------------------------------------------------------
bool construct_tx_and_get_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, crypto::secret_key &tx_key, std::vector<crypto::secret_key> &additional_tx_keys, bool rct, bool bulletproof, rct::multisig_out *msout)
bool construct_tx_and_get_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, crypto::secret_key &tx_key, std::vector<crypto::secret_key> &additional_tx_keys, bool rct, rct::RangeProofType range_proof_type, rct::multisig_out *msout)
{
hw::device &hwdev = sender_account_keys.get_device();
hwdev.open_tx(tx_key);
@ -619,7 +622,7 @@ namespace cryptonote
additional_tx_keys.push_back(keypair::generate(sender_account_keys.get_device()).sec);
}
bool r = construct_tx_with_tx_key(sender_account_keys, subaddresses, sources, destinations, change_addr, extra, tx, unlock_time, tx_key, additional_tx_keys, rct, bulletproof, msout);
bool r = construct_tx_with_tx_key(sender_account_keys, subaddresses, sources, destinations, change_addr, extra, tx, unlock_time, tx_key, additional_tx_keys, rct, range_proof_type, msout);
hwdev.close_tx();
return r;
}
@ -631,30 +634,30 @@ namespace cryptonote
crypto::secret_key tx_key;
std::vector<crypto::secret_key> additional_tx_keys;
std::vector<tx_destination_entry> destinations_copy = destinations;
return construct_tx_and_get_tx_key(sender_account_keys, subaddresses, sources, destinations_copy, change_addr, extra, tx, unlock_time, tx_key, additional_tx_keys, false, false, NULL);
return construct_tx_and_get_tx_key(sender_account_keys, subaddresses, sources, destinations_copy, change_addr, extra, tx, unlock_time, tx_key, additional_tx_keys, false, rct::RangeProofBorromean, NULL);
}
//---------------------------------------------------------------
// bool generate_genesis_block(
// block& bl
// , std::string const & genesis_tx
// , uint32_t nonce
// )
// {
// //genesis block
// bl = boost::value_initialized<block>();
//
// blobdata tx_bl;
// bool r = string_tools::parse_hexstr_to_binbuff(genesis_tx, tx_bl);
// CHECK_AND_ASSERT_MES(r, false, "failed to parse coinbase tx from hard coded blob");
// r = parse_and_validate_tx_from_blob(tx_bl, bl.miner_tx);
// CHECK_AND_ASSERT_MES(r, false, "failed to parse coinbase tx from hard coded blob");
// bl.major_version = CURRENT_BLOCK_MAJOR_VERSION;
// bl.minor_version = CURRENT_BLOCK_MINOR_VERSION;
// bl.timestamp = 0;
// bl.nonce = nonce;
// miner::find_nonce_for_given_block(bl, 1, 0);
// bl.invalidate_hashes();
// return true;
// }
// bool generate_genesis_block(
// block& bl
// , std::string const & genesis_tx
// , uint32_t nonce
// )
// {
// //genesis block
// bl = boost::value_initialized<block>();
// blobdata tx_bl;
// bool r = string_tools::parse_hexstr_to_binbuff(genesis_tx, tx_bl);
// CHECK_AND_ASSERT_MES(r, false, "failed to parse coinbase tx from hard coded blob");
// r = parse_and_validate_tx_from_blob(tx_bl, bl.miner_tx);
// CHECK_AND_ASSERT_MES(r, false, "failed to parse coinbase tx from hard coded blob");
// bl.major_version = CURRENT_BLOCK_MAJOR_VERSION;
// bl.minor_version = CURRENT_BLOCK_MINOR_VERSION;
// bl.timestamp = 0;
// bl.nonce = nonce;
// miner::find_nonce_for_given_block(bl, 1, 0);
// bl.invalidate_hashes();
// return true;
// }
//---------------------------------------------------------------
}

6
cryptonote_core/cryptonote_tx_utils.h
Unescape View File

@ -37,7 +37,7 @@
namespace cryptonote
{
//---------------------------------------------------------------
// bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce = blobdata(), size_t max_outs = 999, uint8_t hard_fork_version = 1);
// bool construct_miner_tx(size_t height, size_t median_weight, uint64_t already_generated_coins, size_t current_block_weight, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce = blobdata(), size_t max_outs = 999, uint8_t hard_fork_version = 1);
struct tx_source_entry
{
@ -90,8 +90,8 @@ namespace cryptonote
//---------------------------------------------------------------
crypto::public_key get_destination_view_key_pub(const std::vector<tx_destination_entry> &destinations, const boost::optional<cryptonote::account_public_address>& change_addr);
bool construct_tx(const account_keys& sender_account_keys, std::vector<tx_source_entry> &sources, const std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time);
bool construct_tx_with_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, const crypto::secret_key &tx_key, const std::vector<crypto::secret_key> &additional_tx_keys, bool rct = false, bool bulletproof = false, rct::multisig_out *msout = NULL, bool shuffle_outs = true);
bool construct_tx_and_get_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, crypto::secret_key &tx_key, std::vector<crypto::secret_key> &additional_tx_keys, bool rct = false, bool bulletproof = false, rct::multisig_out *msout = NULL);
bool construct_tx_with_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, const crypto::secret_key &tx_key, const std::vector<crypto::secret_key> &additional_tx_keys, bool rct = false, rct::RangeProofType range_proof_type = rct::RangeProofBorromean, rct::multisig_out *msout = NULL, bool shuffle_outs = true);
bool construct_tx_and_get_tx_key(const account_keys& sender_account_keys, const std::unordered_map<crypto::public_key, subaddress_index>& subaddresses, std::vector<tx_source_entry>& sources, std::vector<tx_destination_entry>& destinations, const boost::optional<cryptonote::account_public_address>& change_addr, std::vector<uint8_t> extra, transaction& tx, uint64_t unlock_time, crypto::secret_key &tx_key, std::vector<crypto::secret_key> &additional_tx_keys, bool rct = false, rct::RangeProofType range_proof_type = rct::RangeProofBorromean, rct::multisig_out *msout = NULL);
// bool generate_genesis_block(
// block& bl

79
device/device.cpp
Unescape View File

@ -29,7 +29,7 @@
#include "device.hpp"
#include "device_default.hpp"
#ifdef HAVE_PCSC
#ifdef WITH_DEVICE_LEDGER
#include "device_ledger.hpp"
#endif
#include "misc_log_ex.h"
@ -39,32 +39,67 @@ namespace hw {
/* ======================================================================= */
/* SETUP */
/* ======================================================================= */
device& get_device(const std::string device_descriptor) {
struct s_devices {
std::map<std::string, std::unique_ptr<device>> registry;
s_devices() : registry() {
hw::core::register_all(registry);
#ifdef HAVE_PCSC
hw::ledger::register_all(registry);
#endif
};
};
static const s_devices devices;
/* ======================================================================= */
static device_registry *get_device_registry(bool clear = false){
static device_registry *registry = new device_registry();
if (clear)
{
delete registry;
registry = NULL;
}
return registry;
}
static void clear_device_registry(){
get_device_registry(true);
}
device_registry::device_registry(){
hw::core::register_all(registry);
#ifdef WITH_DEVICE_LEDGER
hw::ledger::register_all(registry);
#endif
atexit(clear_device_registry);
}
bool device_registry::register_device(const std::string & device_name, device * hw_device){
auto search = registry.find(device_name);
if (search != registry.end()){
return false;
}
auto device = devices.registry.find(device_descriptor);
if (device == devices.registry.end()) {
MERROR("device not found in registry: '" << device_descriptor << "'\n" <<
"known devices:");
for( const auto& sm_pair : devices.registry ) {
registry.insert(std::make_pair(device_name, std::unique_ptr<device>(hw_device)));
return true;
}
device& device_registry::get_device(const std::string & device_descriptor){
// Device descriptor can contain further specs after first :
auto delim = device_descriptor.find(':');
auto device_descriptor_lookup = device_descriptor;
if (delim != std::string::npos) {
device_descriptor_lookup = device_descriptor.substr(0, delim);
}
auto device = registry.find(device_descriptor_lookup);
if (device == registry.end()) {
MERROR("Device not found in registry: '" << device_descriptor << "'. Known devices: ");
for( const auto& sm_pair : registry ) {
MERROR(" - " << sm_pair.first);
}
throw std::runtime_error("device not found: "+ device_descriptor);
throw std::runtime_error("device not found: " + device_descriptor);
}
return *device->second;
}
device& get_device(const std::string & device_descriptor) {
device_registry *registry = get_device_registry();
return registry->get_device(device_descriptor);
}
bool register_device(const std::string & device_name, device * hw_device){
device_registry *registry = get_device_registry();
return registry->register_device(device_name, hw_device);
}
}

29
device/device.hpp
Unescape View File

@ -48,11 +48,12 @@
#include "crypto/chacha.h"
#include "ringct/rctTypes.h"
#ifndef USE_DEVICE_LEDGER
#define USE_DEVICE_LEDGER 1
#endif
#if !defined(HAVE_PCSC)
#if !defined(HAVE_HIDAPI)
#undef USE_DEVICE_LEDGER
#define USE_DEVICE_LEDGER 0
#endif
@ -78,7 +79,6 @@ namespace hw {
return false;
}
class device {
protected:
std::string name;
@ -96,6 +96,12 @@ namespace hw {
TRANSACTION_CREATE_FAKE,
TRANSACTION_PARSE
};
enum device_type
{
SOFTWARE = 0,
LEDGER = 1
};
/* ======================================================================= */
/* SETUP/TEARDOWN */
@ -109,7 +115,9 @@ namespace hw {
virtual bool connect(void) = 0;
virtual bool disconnect(void) = 0;
virtual bool set_mode(device_mode mode) = 0;
virtual bool set_mode(device_mode mode) = 0;
virtual device_type get_type() const = 0;
/* ======================================================================= */
@ -125,7 +133,7 @@ namespace hw {
/* ======================================================================= */
virtual bool get_public_address(cryptonote::account_public_address &pubkey) = 0;
virtual bool get_secret_keys(crypto::secret_key &viewkey , crypto::secret_key &spendkey) = 0;
virtual bool generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key) = 0;
virtual bool generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key, uint64_t kdf_rounds) = 0;
/* ======================================================================= */
/* SUB ADDRESS */
@ -202,6 +210,17 @@ namespace hw {
~reset_mode() { hwref.set_mode(hw::device::NONE);}
};
device& get_device(const std::string device_descriptor) ;
class device_registry {
private:
std::map<std::string, std::unique_ptr<device>> registry;
public:
device_registry();
bool register_device(const std::string & device_name, device * hw_device);
device& get_device(const std::string & device_descriptor);
};
device& get_device(const std::string & device_descriptor);
bool register_device(const std::string & device_name, device * hw_device);
}

6
device/device_default.cpp
Unescape View File

@ -100,14 +100,14 @@ namespace hw {
/* WALLET & ADDRESS */
/* ======================================================================= */
bool device_default::generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key) {
bool device_default::generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key, uint64_t kdf_rounds) {
const crypto::secret_key &view_key = keys.m_view_secret_key;
const crypto::secret_key &spend_key = keys.m_spend_secret_key;
tools::scrubbed_arr<char, sizeof(view_key) + sizeof(spend_key) + 1> data;
epee::mlocked<tools::scrubbed_arr<char, sizeof(view_key) + sizeof(spend_key) + 1>> data;
memcpy(data.data(), &view_key, sizeof(view_key));
memcpy(data.data() + sizeof(view_key), &spend_key, sizeof(spend_key));
data[sizeof(data) - 1] = CHACHA8_KEY_TAIL;
crypto::generate_chacha_key(data.data(), sizeof(data), key);
crypto::generate_chacha_key(data.data(), sizeof(data), key, kdf_rounds);
return true;
}
bool device_default::get_public_address(cryptonote::account_public_address &pubkey) {

4
device/device_default.hpp
Unescape View File

@ -61,6 +61,8 @@ namespace hw {
bool set_mode(device_mode mode) override;
device_type get_type() const override {return device_type::SOFTWARE;};
/* ======================================================================= */
/* LOCKER */
/* ======================================================================= */
@ -73,7 +75,7 @@ namespace hw {
/* ======================================================================= */
bool get_public_address(cryptonote::account_public_address &pubkey) override;
bool get_secret_keys(crypto::secret_key &viewkey , crypto::secret_key &spendkey) override;
bool generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key) override;
bool generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key, uint64_t kdf_rounds) override;
/* ======================================================================= */
/* SUB ADDRESS */

41
device/log.cpp
Unescape View File

@ -32,29 +32,34 @@
namespace hw {
#ifdef WITH_DEVICE_LEDGER
namespace ledger {
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "device.ledger"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "device"
void buffer_to_str(char *to_buff, size_t to_len, const char *buff, size_t len) {
CHECK_AND_ASSERT_THROW_MES(to_len > (len*2), "destination buffer too short. At least" << (len*2+1) << " bytes required");
for (size_t i=0; i<len; i++) {
sprintf(to_buff+2*i, "%.02x", (unsigned char)buff[i]);
}
void buffer_to_str(char *to_buff, size_t to_len, const char *buff, size_t len) {
CHECK_AND_ASSERT_THROW_MES(to_len > (len*2), "destination buffer too short. At least" << (len*2+1) << " bytes required");
for (size_t i=0; i<len; i++) {
sprintf(to_buff+2*i, "%.02x", (unsigned char)buff[i]);
}
}
void log_hexbuffer(const std::string &msg, const char* buff, size_t len) {
char logstr[1025];
buffer_to_str(logstr, sizeof(logstr), buff, len);
MDEBUG(msg<< ": " << logstr);
}
void log_hexbuffer(const std::string &msg, const char* buff, size_t len) {
char logstr[1025];
buffer_to_str(logstr, sizeof(logstr), buff, len);
MDEBUG(msg<< ": " << logstr);
}
void log_message(const std::string &msg, const std::string &info ) {
MDEBUG(msg << ": " << info);
}
void log_message(const std::string &msg, const std::string &info ) {
MDEBUG(msg << ": " << info);
}
#ifdef WITH_DEVICE_LEDGER
namespace ledger {
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "device.ledger"
#ifdef DEBUG_HWDEVICE
extern crypto::secret_key dbg_viewkey;
extern crypto::secret_key dbg_spendkey;

7
device/log.hpp
Unescape View File

@ -40,12 +40,13 @@
namespace hw {
void buffer_to_str(char *to_buff, size_t to_len, const char *buff, size_t len) ;
void log_hexbuffer(const std::string &msg, const char* buff, size_t len);
void log_message(const std::string &msg, const std::string &info );
#ifdef WITH_DEVICE_LEDGER
namespace ledger {
void buffer_to_str(char *to_buff, size_t to_len, const char *buff, size_t len) ;
void log_hexbuffer(const std::string &msg, const char* buff, size_t len);
void log_message(const std::string &msg, const std::string &info );
#ifdef DEBUG_HWDEVICE
#define TRACK printf("file %s:%d\n",__FILE__, __LINE__)
//#define TRACK MCDEBUG("ledger"," At file " << __FILE__ << ":" << __LINE__)

45
epee/include/fnv1.h
Unescape View File

@ -0,0 +1,45 @@
// Copyright (c) 2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
namespace epee
{
namespace fnv
{
inline uint64_t FNV1a(const char *ptr, size_t sz)
{
uint64_t h = 0xcbf29ce484222325;
for (size_t i = 0; i < sz; ++i)
h = (h ^ *(const uint8_t*)ptr++) * 0x100000001b3;
return h;
}
}
}

6
epee/include/hex.h
Unescape View File

@ -33,6 +33,7 @@
#include <iosfwd>
#include <string>
#include "wipeable_string.h"
#include "span.h"
namespace epee
@ -41,6 +42,9 @@ namespace epee
{
//! \return A std::string containing hex of `src`.
static std::string string(const span<const std::uint8_t> src);
//! \return A epee::wipeable_string containing hex of `src`.
static epee::wipeable_string wipeable_string(const span<const std::uint8_t> src);
template<typename T> static epee::wipeable_string wipeable_string(const T &pod) { return wipeable_string(span<const uint8_t>((const uint8_t*)&pod, sizeof(pod))); }
//! \return An array containing hex of `src`.
template<std::size_t N>
@ -59,6 +63,8 @@ namespace epee
static void formatted(std::ostream& out, const span<const std::uint8_t> src);
private:
template<typename T> T static convert(const span<const std::uint8_t> src);
//! Write `src` bytes as hex to `out`. `out` must be twice the length
static void buffer_unchecked(char* out, const span<const std::uint8_t> src) noexcept;
};

3
epee/include/misc_language.h
Unescape View File

@ -147,7 +147,8 @@ namespace misc_utils
{}
~call_befor_die()
{
m_func();
try { m_func(); }
catch (...) { /* ignore */ }
}
};

26
epee/include/misc_log_ex.h
Unescape View File

@ -29,22 +29,7 @@
#define _MISC_LOG_EX_H_
#include "logger.h"
#include "static_initializer.h"
#include "string_tools.h"
#include "time_helper.h"
#include "misc_os_dependent.h"
#include "syncobj.h"
#define ELPP_THREAD_SAFE
#define ELPP_DEFAULT_LOG_FILE ""
#if !defined __GNUC__ || defined __MINGW32__ || defined __MINGW64__ || defined __ANDROID__
#else
#define ELPP_STACKTRACE_ON_CRASH 1
#endif
#define ELPP_DISABLE_DEFAULT_CRASH_HANDLING
#define ELPP_FEATURE_CRASH_LOG 1
#define ELPP_DISABLE_CHECK_MACROS
#include <sstream>
#define MONERO_DEFAULT_LOG_CATEGORY "default"
@ -55,6 +40,7 @@
#define MCDEBUG(cat,x) LOGGER_DEBUG() << x
#define MCTRACE(cat,x) LOGGER_DEBUG() << x
#define MCLOG(level,cat,x) LOGGER_LOG(level) << x
#define MCLOG_FILE(level,cat,x) MCLOG(level,cat,x)
#define MCLOG_COLOR(level,cat,color,x) MCLOG(level,cat,"\033[1;" color "m" << x << "\033[0m")
#define MCLOG_RED(level,cat,x) MCLOG_COLOR(level,cat,"31",x)
@ -98,9 +84,9 @@
#define _dbg2(x) MDEBUG(x)
#define _dbg1(x) MDEBUG(x)
#define _info(x) MINFO(x)
#define _note(x) MINFO(x)
#define _fact(x) MINFO(x)
#define _mark(x) MINFO(x)
#define _note(x) MDEBUG(x)
#define _fact(x) MDEBUG(x)
#define _mark(x) MDEBUG(x)
#define _warn(x) MWARNING(x)
#define _erro(x) MERROR(x)
@ -155,7 +141,7 @@ namespace debug
#define ASSERT_MES_AND_THROW(message) {LOG_ERROR(message); std::stringstream ss; ss << message; throw std::runtime_error(ss.str());}
#define CHECK_AND_ASSERT_THROW_MES(expr, message) {if(!(expr)) ASSERT_MES_AND_THROW(message);}
#define CHECK_AND_ASSERT_THROW_MES(expr, message) do {if(!(expr)) ASSERT_MES_AND_THROW(message);} while(0)
#ifndef CHECK_AND_ASSERT

2
epee/include/misc_os_dependent.h
Unescape View File

@ -24,7 +24,7 @@
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
#ifdef _WIN32
#include <Winsock2.h>
#include <winsock2.h>
#endif
#ifdef WIN32

87
epee/include/mlocker.h
Unescape View File

@ -0,0 +1,87 @@
// Copyright (c) 2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
#include <map>
#include <boost/thread/mutex.hpp>
namespace epee
{
class mlocker
{
public:
mlocker(void *ptr, size_t len);
~mlocker();
static size_t get_page_size();
static size_t get_num_locked_pages();
static size_t get_num_locked_objects();
static void lock(void *ptr, size_t len);
static void unlock(void *ptr, size_t len);
private:
static size_t page_size;
static size_t num_locked_objects;
static boost::mutex &mutex();
static std::map<size_t, unsigned int> &map();
static void lock_page(size_t page);
static void unlock_page(size_t page);
void *ptr;
size_t len;
};
/// Locks memory while in scope
///
/// Primarily useful for making sure that private keys don't get swapped out
// to disk
template <class T>
struct mlocked : public T {
using type = T;
mlocked(): T() { mlocker::lock(this, sizeof(T)); }
mlocked(const T &t): T(t) { mlocker::lock(this, sizeof(T)); }
mlocked(const mlocked<T> &mt): T(mt) { mlocker::lock(this, sizeof(T)); }
mlocked(const T &&t): T(t) { mlocker::lock(this, sizeof(T)); }
mlocked(const mlocked<T> &&mt): T(mt) { mlocker::lock(this, sizeof(T)); }
mlocked<T> &operator=(const mlocked<T> &mt) { T::operator=(mt); return *this; }
~mlocked() { mlocker::unlock(this, sizeof(T)); }
};
template<typename T>
T& unwrap(mlocked<T>& src) { return src; }
template<typename T>
const T& unwrap(mlocked<T> const& src) { return src; }
template <class T, size_t N>
using mlocked_arr = mlocked<std::array<T, N>>;
}

9
epee/include/serialization/keyvalue_serialization.h
Unescape View File

@ -85,6 +85,14 @@ public: \
static_assert(std::is_pod<decltype(this_ref.varialble)>::value, "t_type must be a POD type."); \
KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, val_name)
#define KV_SERIALIZE_VAL_POD_AS_BLOB_OPT_N(varialble, val_name, default_value) \
do { \
static_assert(std::is_pod<decltype(this_ref.varialble)>::value, "t_type must be a POD type."); \
bool ret = KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, val_name); \
if (!ret) \
epee::serialize_default(this_ref.varialble, default_value); \
} while(0);
#define KV_SERIALIZE_CONTAINER_POD_AS_BLOB_N(varialble, val_name) \
epee::serialization::selector<is_store>::serialize_stl_container_pod_val_as_blob(this_ref.varialble, stg, hparent_section, val_name);
@ -92,6 +100,7 @@ public: \
#define KV_SERIALIZE(varialble) KV_SERIALIZE_N(varialble, #varialble)
#define KV_SERIALIZE_VAL_POD_AS_BLOB(varialble) KV_SERIALIZE_VAL_POD_AS_BLOB_N(varialble, #varialble)
#define KV_SERIALIZE_VAL_POD_AS_BLOB_OPT(varialble, def) KV_SERIALIZE_VAL_POD_AS_BLOB_OPT_N(varialble, #varialble, def)
#define KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE(varialble) KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, #varialble) //skip is_pod compile time check
#define KV_SERIALIZE_CONTAINER_POD_AS_BLOB(varialble) KV_SERIALIZE_CONTAINER_POD_AS_BLOB_N(varialble, #varialble)
#define KV_SERIALIZE_OPT(variable,default_value) KV_SERIALIZE_OPT_N(variable, #variable, default_value)

8
epee/include/serialization/keyvalue_serialization_overloads.h
Unescape View File

@ -35,6 +35,11 @@
namespace epee
{
namespace
{
template<class C> void hint_resize(C &container, size_t size) {}
template<class C> void hint_resize(std::vector<C> &container, size_t size) { container.reserve(size); }
}
namespace serialization
{
@ -156,8 +161,9 @@ namespace epee
typename stl_container::value_type* pelem = (typename stl_container::value_type*)buff.data();
CHECK_AND_ASSERT_MES(!(loaded_size%sizeof(typename stl_container::value_type)),
false,
"size in blob " << loaded_size << " not have not zero modulo for sizeof(value_type) = " << sizeof(typename stl_container::value_type));
"size in blob " << loaded_size << " not have not zero modulo for sizeof(value_type) = " << sizeof(typename stl_container::value_type) << ", type " << typeid(typename stl_container::value_type).name());
size_t count = (loaded_size/sizeof(typename stl_container::value_type));
hint_resize(container, count);
for(size_t i = 0; i < count; i++)
container.insert(container.end(), *(pelem++));
}

46
epee/include/span.h
Unescape View File

@ -28,6 +28,7 @@
#pragma once
#include <algorithm>
#include <cstdint>
#include <memory>
#include <type_traits>
@ -52,11 +53,15 @@ namespace epee
template<typename T>
class span
{
/* Supporting class types is tricky - the {ptr,len} constructor will allow
derived-to-base conversions. This is NOT desireable because an array of
derived types is not an array of base types. It is possible to handle
this case, implement when/if needed. */
static_assert(!std::is_class<T>(), "no class types are currently allowed");
template<typename U>
static constexpr bool safe_conversion() noexcept
{
// Allow exact matches or `T*` -> `const T*`.
using with_const = typename std::add_const<U>::type;
return std::is_same<T, U>() ||
(std::is_const<T>() && std::is_same<T, with_const>());
}
public:
using value_type = T;
using size_type = std::size_t;
@ -71,7 +76,9 @@ namespace epee
constexpr span() noexcept : ptr(nullptr), len(0) {}
constexpr span(std::nullptr_t) noexcept : span() {}
constexpr span(T* const src_ptr, const std::size_t count) noexcept
//! Prevent derived-to-base conversions; invalid in this context.
template<typename U, typename = typename std::enable_if<safe_conversion<U>()>::type>
constexpr span(U* const src_ptr, const std::size_t count) noexcept
: ptr(src_ptr), len(count) {}
//! Conversion from C-array. Prevents common bugs with sizeof + arrays.
@ -81,6 +88,16 @@ namespace epee
constexpr span(const span&) noexcept = default;
span& operator=(const span&) noexcept = default;
/*! Try to remove `amount` elements from beginning of span.
\return Number of elements removed. */
std::size_t remove_prefix(std::size_t amount) noexcept
{
amount = std::min(len, amount);
ptr += amount;
len -= amount;
return amount;
}
constexpr iterator begin() const noexcept { return ptr; }
constexpr const_iterator cbegin() const noexcept { return ptr; }
@ -105,6 +122,14 @@ namespace epee
return {src.data(), src.size()};
}
//! \return `span<T::value_type>` from a STL compatible `src`.
template<typename T>
constexpr span<typename T::value_type> to_mut_span(T& src)
{
// compiler provides diagnostic if size() is not size_t.
return {src.data(), src.size()};
}
template<typename T>
constexpr bool has_padding() noexcept
{
@ -127,4 +152,13 @@ namespace epee
static_assert(!has_padding<T>(), "source type may have padding");
return {reinterpret_cast<const std::uint8_t*>(std::addressof(src)), sizeof(T)};
}
//! \return `span<std::uint8_t>` which represents the bytes at `&src`.
template<typename T>
span<std::uint8_t> as_mut_byte_span(T& src) noexcept
{
static_assert(!std::is_empty<T>(), "empty types will not work -> sizeof == 1");
static_assert(!has_padding<T>(), "source type may have padding");
return {reinterpret_cast<std::uint8_t*>(std::addressof(src)), sizeof(T)};
}
}

7
epee/include/string_tools.h
Unescape View File

@ -46,6 +46,7 @@
#include <boost/algorithm/string/predicate.hpp>
#include "hex.h"
#include "memwipe.h"
#include "mlocker.h"
#include "span.h"
#include "warnings.h"
@ -358,6 +359,12 @@ POP_WARNINGS
return hex_to_pod(hex_str, unwrap(s));
}
//----------------------------------------------------------------------------
template<class t_pod_type>
bool hex_to_pod(const std::string& hex_str, epee::mlocked<t_pod_type>& s)
{
return hex_to_pod(hex_str, unwrap(s));
}
//----------------------------------------------------------------------------
bool validate_hex(uint64_t length, const std::string& str);
//----------------------------------------------------------------------------
inline std::string get_extension(const std::string& str)

45
epee/include/wipeable_string.h
Unescape View File

@ -28,28 +28,46 @@
#pragma once
#include <boost/optional/optional.hpp>
#include <stddef.h>
#include <vector>
#include <string>
#include "memwipe.h"
#include "fnv1.h"
namespace epee
{
class wipeable_string
{
public:
typedef char value_type;
wipeable_string() {}
wipeable_string(const wipeable_string &other);
wipeable_string(wipeable_string &&other);
wipeable_string(const std::string &other);
wipeable_string(std::string &&other);
wipeable_string(const char *s);
wipeable_string(const char *s, size_t len);
~wipeable_string();
void wipe();
void push_back(char c);
void pop_back();
void operator+=(char c);
void operator+=(const std::string &s);
void operator+=(const epee::wipeable_string &s);
void operator+=(const char *s);
void append(const char *ptr, size_t len);
char pop_back();
const char *data() const noexcept { return buffer.data(); }
char *data() noexcept { return buffer.data(); }
size_t size() const noexcept { return buffer.size(); }
size_t length() const noexcept { return buffer.size(); }
bool empty() const noexcept { return buffer.empty(); }
void trim();
void split(std::vector<wipeable_string> &fields) const;
boost::optional<wipeable_string> parse_hexstr() const;
template<typename T> inline bool hex_to_pod(T &pod) const;
template<typename T> inline bool hex_to_pod(tools::scrubbed<T> &pod) const { return hex_to_pod(unwrap(pod)); }
void resize(size_t sz);
void reserve(size_t sz);
void clear();
@ -64,4 +82,29 @@ namespace epee
private:
std::vector<char> buffer;
};
template<typename T> inline bool wipeable_string::hex_to_pod(T &pod) const
{
static_assert(std::is_pod<T>::value, "expected pod type");
if (size() != sizeof(T) * 2)
return false;
boost::optional<epee::wipeable_string> blob = parse_hexstr();
if (!blob)
return false;
if (blob->size() != sizeof(T))
return false;
pod = *(const T*)blob->data();
return true;
}
}
namespace std
{
template<> struct hash<epee::wipeable_string>
{
size_t operator()(const epee::wipeable_string &s) const
{
return epee::fnv::FNV1a(s.data(), s.size());
}
};
}

7
epee/src/connection_basic.cpp
Unescape View File

@ -250,22 +250,15 @@ void connection_basic::sleep_before_packet(size_t packet_size, int phase, int q
}
}
void connection_basic::set_start_time() {
CRITICAL_REGION_LOCAL( network_throttle_manager::m_lock_get_global_throttle_out );
m_start_time = network_throttle_manager::get_global_throttle_out().get_time_seconds();
}
void connection_basic::do_send_handler_write(const void* ptr , size_t cb ) {
// No sleeping here; sleeping is done once and for all in connection<t_protocol_handler>::handle_write
MTRACE("handler_write (direct) - before ASIO write, for packet="<<cb<<" B (after sleep)");
set_start_time();
}
void connection_basic::do_send_handler_write_from_queue( const boost::system::error_code& e, size_t cb, int q_len ) {
// No sleeping here; sleeping is done once and for all in connection<t_protocol_handler>::handle_write
MTRACE("handler_write (after write, from queue="<<q_len<<") - before ASIO write, for packet="<<cb<<" B (after sleep)");
set_start_time();
}
void connection_basic::logger_handle_net_read(size_t size) { // network data read

10
epee/src/hex.cpp
Unescape View File

@ -52,17 +52,21 @@ namespace epee
}
}
std::string to_hex::string(const span<const std::uint8_t> src)
template<typename T>
T to_hex::convert(const span<const std::uint8_t> src)
{
if (std::numeric_limits<std::size_t>::max() / 2 < src.size())
throw std::range_error("hex_view::to_string exceeded maximum size");
std::string out{};
T out{};
out.resize(src.size() * 2);
buffer_unchecked(std::addressof(out[0]), src);
to_hex::buffer_unchecked((char*)out.data(), src); // can't see the non const version in wipeable_string??
return out;
}
std::string to_hex::string(const span<const std::uint8_t> src) { return convert<std::string>(src); }
epee::wipeable_string to_hex::wipeable_string(const span<const std::uint8_t> src) { return convert<epee::wipeable_string>(src); }
void to_hex::buffer(std::ostream& out, const span<const std::uint8_t> src)
{
write_hex(std::ostreambuf_iterator<char>{out}, src);

8
epee/src/memwipe.c
Unescape View File

@ -50,7 +50,7 @@
void *memwipe(void *ptr, size_t n)
{
if (memset_s(ptr, n, 0, n))
if (n > 0 && memset_s(ptr, n, 0, n))
{
#ifdef NDEBUG
fprintf(stderr, "Error: memset_s failed\n");
@ -67,7 +67,8 @@ void *memwipe(void *ptr, size_t n)
void *memwipe(void *ptr, size_t n)
{
explicit_bzero(ptr, n);
if (n > 0)
explicit_bzero(ptr, n);
SCARECROW
return ptr;
}
@ -105,7 +106,8 @@ static void memory_cleanse(void *ptr, size_t len)
void *memwipe(void *ptr, size_t n)
{
memory_cleanse(ptr, n);
if (n > 0)
memory_cleanse(ptr, n);
SCARECROW
return ptr;
}

182
epee/src/mlocker.cpp
Unescape View File

@ -0,0 +1,182 @@
// Copyright (c) 2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#if defined __GNUC__ && !defined _WIN32
#define HAVE_MLOCK 1
#endif
#include <unistd.h>
#if defined HAVE_MLOCK
#include <sys/mman.h>
#endif
#include "misc_log_ex.h"
#include "syncobj.h"
#include "mlocker.h"
static size_t query_page_size()
{
#if defined HAVE_MLOCK
long ret = sysconf(_SC_PAGESIZE);
if (ret <= 0)
{
MERROR("Failed to determine page size");
return 0;
}
MINFO("Page size: " << ret);
return ret;
#else
#warning Missing query_page_size implementation
#endif
return 0;
}
static void do_lock(void *ptr, size_t len)
{
#if defined HAVE_MLOCK
int ret = mlock(ptr, len);
if (ret < 0)
MERROR("Error locking page at " << ptr << ": " << strerror(errno));
#else
#warning Missing do_lock implementation
#endif
}
static void do_unlock(void *ptr, size_t len)
{
#if defined HAVE_MLOCK
int ret = munlock(ptr, len);
if (ret < 0)
MERROR("Error unlocking page at " << ptr << ": " << strerror(errno));
#else
#warning Missing implementation of page size detection
#endif
}
namespace epee
{
size_t mlocker::page_size = 0;
size_t mlocker::num_locked_objects = 0;
boost::mutex &mlocker::mutex()
{
static boost::mutex vmutex;
return vmutex;
}
std::map<size_t, unsigned int> &mlocker::map()
{
static std::map<size_t, unsigned int> vmap;
return vmap;
}
size_t mlocker::get_page_size()
{
CRITICAL_REGION_LOCAL(mutex());
if (page_size == 0)
page_size = query_page_size();
return page_size;
}
mlocker::mlocker(void *ptr, size_t len): ptr(ptr), len(len)
{
lock(ptr, len);
}
mlocker::~mlocker()
{
unlock(ptr, len);
}
void mlocker::lock(void *ptr, size_t len)
{
size_t page_size = get_page_size();
if (page_size == 0)
return;
CRITICAL_REGION_LOCAL(mutex());
const size_t first = ((uintptr_t)ptr) / page_size;
const size_t last = (((uintptr_t)ptr) + len - 1) / page_size;
for (size_t page = first; page <= last; ++page)
lock_page(page);
++num_locked_objects;
}
void mlocker::unlock(void *ptr, size_t len)
{
size_t page_size = get_page_size();
if (page_size == 0)
return;
CRITICAL_REGION_LOCAL(mutex());
const size_t first = ((uintptr_t)ptr) / page_size;
const size_t last = (((uintptr_t)ptr) + len - 1) / page_size;
for (size_t page = first; page <= last; ++page)
unlock_page(page);
--num_locked_objects;
}
size_t mlocker::get_num_locked_pages()
{
CRITICAL_REGION_LOCAL(mutex());
return map().size();
}
size_t mlocker::get_num_locked_objects()
{
CRITICAL_REGION_LOCAL(mutex());
return num_locked_objects;
}
void mlocker::lock_page(size_t page)
{
std::pair<std::map<size_t, unsigned int>::iterator, bool> p = map().insert(std::make_pair(page, 1));
if (p.second)
{
do_lock((void*)(page * page_size), page_size);
}
else
{
++p.first->second;
}
}
void mlocker::unlock_page(size_t page)
{
std::map<size_t, unsigned int>::iterator i = map().find(page);
if (i == map().end())
{
MERROR("Attempt to unlock unlocked page at " << (void*)(page * page_size));
}
else
{
if (!--i->second)
{
map().erase(i);
do_unlock((void*)(page * page_size), page_size);
}
}
}
}

113
epee/src/wipeable_string.cpp
Unescape View File

@ -26,11 +26,24 @@
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <boost/optional/optional.hpp>
#include <string.h>
#include "memwipe.h"
#include "misc_log_ex.h"
#include "wipeable_string.h"
static constexpr const char hex[] = u8"0123456789abcdef";
namespace
{
int atolower(int c)
{
if (c >= 'A' && c <= 'Z')
c |= 32;
return c;
}
}
namespace epee
{
@ -69,6 +82,12 @@ wipeable_string::wipeable_string(const char *s)
memcpy(buffer.data(), s, size());
}
wipeable_string::wipeable_string(const char *s, size_t len)
{
grow(len);
memcpy(buffer.data(), s, len);
}
wipeable_string::~wipeable_string()
{
wipe();
@ -109,9 +128,99 @@ void wipeable_string::push_back(char c)
buffer.back() = c;
}
void wipeable_string::pop_back()
void wipeable_string::operator+=(char c)
{
push_back(c);
}
void wipeable_string::append(const char *ptr, size_t len)
{
const size_t orgsz = size();
CHECK_AND_ASSERT_THROW_MES(orgsz < std::numeric_limits<size_t>::max() - len, "Appended data too large");
grow(orgsz + len);
if (len > 0)
memcpy(data() + orgsz, ptr, len);
}
void wipeable_string::operator+=(const char *s)
{
append(s, strlen(s));
}
void wipeable_string::operator+=(const epee::wipeable_string &s)
{
append(s.data(), s.size());
}
void wipeable_string::operator+=(const std::string &s)
{
append(s.c_str(), s.size());
}
void wipeable_string::trim()
{
size_t prefix = 0;
while (prefix < size() && data()[prefix] == ' ')
++prefix;
if (prefix > 0)
memmove(buffer.data(), buffer.data() + prefix, size() - prefix);
size_t suffix = 0;
while (suffix < size()-prefix && data()[size() - 1 - prefix - suffix] == ' ')
++suffix;
resize(size() - prefix - suffix);
}
void wipeable_string::split(std::vector<wipeable_string> &fields) const
{
fields.clear();
size_t len = size();
const char *ptr = data();
bool space = true;
while (len--)
{
const char c = *ptr++;
if (c != ' ')
{
if (space)
fields.push_back({});
fields.back().push_back(c);
}
space = c == ' ';
}
}
boost::optional<epee::wipeable_string> wipeable_string::parse_hexstr() const
{
if (size() % 2 != 0)
return boost::none;
boost::optional<epee::wipeable_string> res = epee::wipeable_string("");
const size_t len = size();
const char *d = data();
res->grow(0, len / 2);
for (size_t i = 0; i < len; i += 2)
{
char c = atolower(d[i]);
const char *ptr0 = strchr(hex, c);
if (!ptr0)
return boost::none;
c = atolower(d[i+1]);
const char *ptr1 = strchr(hex, c);
if (!ptr1)
return boost::none;
res->push_back(((ptr0-hex)<<4) | (ptr1-hex));
}
return res;
}
char wipeable_string::pop_back()
{
resize(size() - 1);
const size_t sz = size();
CHECK_AND_ASSERT_THROW_MES(sz > 0, "Popping from an empty string");
const char c = buffer.back();
resize(sz - 1);
return c;
}
void wipeable_string::resize(size_t sz)

9
mnemonics/chinese_simplified.h
Unescape View File

@ -72,7 +72,10 @@ namespace Language
class Chinese_Simplified: public Base
{
public:
Chinese_Simplified(): Base("简体中文 (中国)", "Chinese (simplified)", std::vector<std::string>({
Chinese_Simplified(): Base("简体中文 (中国)", "Chinese (simplified)", {}, 1)
{
static constexpr const char * const words[NWORDS] =
{
"",
"",
"",
@ -1699,8 +1702,8 @@ namespace Language
"",
"",
""
}), 1)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/dutch.h
Unescape View File

@ -49,7 +49,10 @@ namespace Language
class Dutch: public Base
{
public:
Dutch(): Base("Nederlands", "Dutch", std::vector<std::string>({
Dutch(): Base("Nederlands", "Dutch", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"aalglad",
"aalscholver",
"aambeeld",
@ -1676,8 +1679,8 @@ namespace Language
"zwiep",
"zwijmel",
"zworen"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

187
mnemonics/electrum-words.cpp
Unescape View File

@ -43,8 +43,11 @@
#include <vector>
#include <unordered_map>
#include <boost/algorithm/string.hpp>
#include "wipeable_string.h"
#include "misc_language.h"
#include "crypto/crypto.h" // for declaration of crypto::secret_key
#include <fstream>
#include "common/int-util.h"
#include "mnemonics/electrum-words.h"
#include <stdexcept>
#include <boost/filesystem.hpp>
@ -70,11 +73,19 @@
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "mnemonic"
namespace crypto
{
namespace ElectrumWords
{
std::vector<const Language::Base*> get_language_list();
}
}
namespace
{
uint32_t create_checksum_index(const std::vector<std::string> &word_list,
uint32_t create_checksum_index(const std::vector<epee::wipeable_string> &word_list,
uint32_t unique_prefix_length);
bool checksum_test(std::vector<std::string> seed, uint32_t unique_prefix_length);
bool checksum_test(std::vector<epee::wipeable_string> seed, uint32_t unique_prefix_length);
/*!
* \brief Finds the word list that contains the seed words and puts the indices
@ -85,7 +96,7 @@ namespace
* \param language Language instance pointer to write to after it is found.
* \return true if all the words were present in some language false if not.
*/
bool find_seed_language(const std::vector<std::string> &seed,
bool find_seed_language(const std::vector<epee::wipeable_string> &seed,
bool has_checksum, std::vector<uint32_t> &matched_indices, Language::Base **language)
{
// If there's a new language added, add an instance of it here.
@ -106,17 +117,19 @@ namespace
});
Language::Base *fallback = NULL;
std::vector<epee::wipeable_string>::const_iterator it2;
matched_indices.reserve(seed.size());
// Iterate through all the languages and find a match
for (std::vector<Language::Base*>::iterator it1 = language_instances.begin();
it1 != language_instances.end(); it1++)
{
const std::unordered_map<std::string, uint32_t> &word_map = (*it1)->get_word_map();
const std::unordered_map<std::string, uint32_t> &trimmed_word_map = (*it1)->get_trimmed_word_map();
const std::unordered_map<epee::wipeable_string, uint32_t> &word_map = (*it1)->get_word_map();
const std::unordered_map<epee::wipeable_string, uint32_t> &trimmed_word_map = (*it1)->get_trimmed_word_map();
// To iterate through seed words
std::vector<std::string>::const_iterator it2;
bool full_match = true;
std::string trimmed_word;
epee::wipeable_string trimmed_word;
// Iterate through all the words and see if they're all present
for (it2 = seed.begin(); it2 != seed.end(); it2++)
{
@ -159,6 +172,7 @@ namespace
return true;
}
// Some didn't match. Clear the index array.
memwipe(matched_indices.data(), matched_indices.size() * sizeof(matched_indices[0]));
matched_indices.clear();
}
@ -173,6 +187,7 @@ namespace
}
MINFO("No match found");
memwipe(matched_indices.data(), matched_indices.size() * sizeof(matched_indices[0]));
return false;
}
@ -182,12 +197,12 @@ namespace
* \param unique_prefix_length the prefix length of each word to use for checksum
* \return Checksum index
*/
uint32_t create_checksum_index(const std::vector<std::string> &word_list,
uint32_t create_checksum_index(const std::vector<epee::wipeable_string> &word_list,
uint32_t unique_prefix_length)
{
std::string trimmed_words = "";
epee::wipeable_string trimmed_words = "";
for (std::vector<std::string>::const_iterator it = word_list.begin(); it != word_list.end(); it++)
for (std::vector<epee::wipeable_string>::const_iterator it = word_list.begin(); it != word_list.end(); it++)
{
if (it->length() > unique_prefix_length)
{
@ -200,7 +215,7 @@ namespace
}
boost::crc_32_type result;
result.process_bytes(trimmed_words.data(), trimmed_words.length());
return result.checksum() % word_list.size();
return result.checksum() % crypto::ElectrumWords::seed_length;
}
/*!
@ -209,22 +224,22 @@ namespace
* \param unique_prefix_length the prefix length of each word to use for checksum
* \return True if the test passed false if not.
*/
bool checksum_test(std::vector<std::string> seed, uint32_t unique_prefix_length)
bool checksum_test(std::vector<epee::wipeable_string> seed, uint32_t unique_prefix_length)
{
if (seed.empty())
return false;
// The last word is the checksum.
std::string last_word = seed.back();
epee::wipeable_string last_word = seed.back();
seed.pop_back();
std::string checksum = seed[create_checksum_index(seed, unique_prefix_length)];
epee::wipeable_string checksum = seed[create_checksum_index(seed, unique_prefix_length)];
std::string trimmed_checksum = checksum.length() > unique_prefix_length ? Language::utf8prefix(checksum, unique_prefix_length) :
epee::wipeable_string trimmed_checksum = checksum.length() > unique_prefix_length ? Language::utf8prefix(checksum, unique_prefix_length) :
checksum;
std::string trimmed_last_word = last_word.length() > unique_prefix_length ? Language::utf8prefix(last_word, unique_prefix_length) :
epee::wipeable_string trimmed_last_word = last_word.length() > unique_prefix_length ? Language::utf8prefix(last_word, unique_prefix_length) :
last_word;
bool ret = trimmed_checksum == trimmed_last_word;
MINFO("Checksum is %s" << (ret ? "valid" : "invalid"));
MINFO("Checksum is " << (ret ? "valid" : "invalid"));
return ret;
}
}
@ -252,13 +267,12 @@ namespace crypto
* \param language_name Language of the seed as found gets written here.
* \return false if not a multiple of 3 words, or if word is not in the words list
*/
bool words_to_bytes(std::string words, std::string& dst, size_t len, bool duplicate,
bool words_to_bytes(const epee::wipeable_string &words, epee::wipeable_string& dst, size_t len, bool duplicate,
std::string &language_name)
{
std::vector<std::string> seed;
std::vector<epee::wipeable_string> seed;
boost::algorithm::trim(words);
boost::split(seed, words, boost::is_any_of(" "), boost::token_compress_on);
words.split(seed);
if (len % 4)
{
@ -283,6 +297,7 @@ namespace crypto
}
std::vector<uint32_t> matched_indices;
auto wiper = epee::misc_utils::create_scope_leave_handler([&](){memwipe(matched_indices.data(), matched_indices.size() * sizeof(matched_indices[0]));});
Language::Base *language;
if (!find_seed_language(seed, has_checksum, matched_indices, &language))
{
@ -305,33 +320,33 @@ namespace crypto
for (unsigned int i=0; i < seed.size() / 3; i++)
{
uint32_t val;
uint32_t w1, w2, w3;
w1 = matched_indices[i*3];
w2 = matched_indices[i*3 + 1];
w3 = matched_indices[i*3 + 2];
uint32_t w[4];
w[1] = matched_indices[i*3];
w[2] = matched_indices[i*3 + 1];
w[3] = matched_indices[i*3 + 2];
val = w1 + word_list_length * (((word_list_length - w1) + w2) % word_list_length) +
word_list_length * word_list_length * (((word_list_length - w2) + w3) % word_list_length);
w[0]= w[1] + word_list_length * (((word_list_length - w[1]) + w[2]) % word_list_length) +
word_list_length * word_list_length * (((word_list_length - w[2]) + w[3]) % word_list_length);
if (!(val % word_list_length == w1))
if (!(w[0]% word_list_length == w[1]))
{
memwipe(w, sizeof(w));
MERROR("Invalid seed: mumble mumble");
return false;
}
dst.append((const char*)&val, 4); // copy 4 bytes to position
dst.append((const char*)&w[0], 4); // copy 4 bytes to position
memwipe(w, sizeof(w));
}
if (len > 0 && duplicate)
{
const size_t expected = len * 3 / 32;
std::string wlist_copy = words;
if (seed.size() == expected/2)
{
dst.append(dst); // if electrum 12-word seed, duplicate
wlist_copy += ' ';
wlist_copy += words;
dst += ' '; // if electrum 12-word seed, duplicate
dst += dst; // if electrum 12-word seed, duplicate
dst.pop_back(); // trailing space
}
}
@ -345,10 +360,10 @@ namespace crypto
* \param language_name Language of the seed as found gets written here.
* \return false if not a multiple of 3 words, or if word is not in the words list
*/
bool words_to_bytes(std::string words, crypto::secret_key& dst,
bool words_to_bytes(const epee::wipeable_string &words, crypto::secret_key& dst,
std::string &language_name)
{
std::string s;
epee::wipeable_string s;
if (!words_to_bytes(words, s, sizeof(dst), true, language_name))
{
MERROR("Invalid seed: failed to convert words to bytes");
@ -359,7 +374,7 @@ namespace crypto
MERROR("Invalid seed: wrong output size");
return false;
}
memcpy(dst.data, s.data(), sizeof(dst.data));
dst = *(const crypto::secret_key*)s.data();
return true;
}
@ -370,100 +385,57 @@ namespace crypto
* \param language_name Seed language name
* \return true if successful false if not. Unsuccessful if wrong key size.
*/
bool bytes_to_words(const char *src, size_t len, std::string& words,
bool bytes_to_words(const char *src, size_t len, epee::wipeable_string& words,
const std::string &language_name)
{
if (len % 4 != 0 || len == 0) return false;
Language::Base *language;
if (language_name == "English")
{
language = Language::Singleton<Language::English>::instance();
}
else if (language_name == "Nederlands")
{
language = Language::Singleton<Language::Dutch>::instance();
}
else if (language_name == "Français")
{
language = Language::Singleton<Language::French>::instance();
}
else if (language_name == "Español")
{
language = Language::Singleton<Language::Spanish>::instance();
}
else if (language_name == "Português")
const Language::Base *language = NULL;
const std::vector<const Language::Base*> language_list = crypto::ElectrumWords::get_language_list();
for (const Language::Base *l: language_list)
{
language = Language::Singleton<Language::Portuguese>::instance();
if (language_name == l->get_language_name() || language_name == l->get_english_language_name())
language = l;
}
else if (language_name == "日本語")
{
language = Language::Singleton<Language::Japanese>::instance();
}
else if (language_name == "Italiano")
{
language = Language::Singleton<Language::Italian>::instance();
}
else if (language_name == "Deutsch")
{
language = Language::Singleton<Language::German>::instance();
}
else if (language_name == "русский язык")
{
language = Language::Singleton<Language::Russian>::instance();
}
else if (language_name == "简体中文 (中国)")
{
language = Language::Singleton<Language::Chinese_Simplified>::instance();
}
else if (language_name == "Esperanto")
{
language = Language::Singleton<Language::Esperanto>::instance();
}
else if (language_name == "Lojban")
{
language = Language::Singleton<Language::Lojban>::instance();
}
else
if (!language)
{
return false;
}
const std::vector<std::string> &word_list = language->get_word_list();
// To store the words for random access to add the checksum word later.
std::vector<std::string> words_store;
std::vector<epee::wipeable_string> words_store;
uint32_t word_list_length = word_list.size();
// 4 bytes -> 3 words. 8 digits base 16 -> 3 digits base 1626
for (unsigned int i=0; i < len/4; i++, words += ' ')
for (unsigned int i=0; i < len/4; i++, words.push_back(' '))
{
uint32_t w1, w2, w3;
uint32_t val;
uint32_t w[4];
memcpy(&val, src + (i * 4), 4);
w[0] = SWAP32LE(*(const uint32_t*)(src + (i * 4)));
w1 = val % word_list_length;
w2 = ((val / word_list_length) + w1) % word_list_length;
w3 = (((val / word_list_length) / word_list_length) + w2) % word_list_length;
w[1] = w[0] % word_list_length;
w[2] = ((w[0] / word_list_length) + w[1]) % word_list_length;
w[3] = (((w[0] / word_list_length) / word_list_length) + w[2]) % word_list_length;
words += word_list[w1];
words += word_list[w[1]];
words += ' ';
words += word_list[w2];
words += word_list[w[2]];
words += ' ';
words += word_list[w3];
words += word_list[w[3]];
words_store.push_back(word_list[w[1]]);
words_store.push_back(word_list[w[2]]);
words_store.push_back(word_list[w[3]]);
words_store.push_back(word_list[w1]);
words_store.push_back(word_list[w2]);
words_store.push_back(word_list[w3]);
memwipe(w, sizeof(w));
}
words.pop_back();
words += (' ' + words_store[create_checksum_index(words_store, language->get_unique_prefix_length())]);
words += words_store[create_checksum_index(words_store, language->get_unique_prefix_length())];
return true;
}
bool bytes_to_words(const crypto::secret_key& src, std::string& words,
bool bytes_to_words(const crypto::secret_key& src, epee::wipeable_string& words,
const std::string &language_name)
{
return bytes_to_words(src.data, sizeof(src), words, language_name);
@ -507,11 +479,10 @@ namespace crypto
* \param seed The seed to check (a space delimited concatenated word list)
* \return true if the seed passed is a old style seed false if not.
*/
bool get_is_old_style_seed(std::string seed)
bool get_is_old_style_seed(const epee::wipeable_string &seed)
{
std::vector<std::string> word_list;
boost::algorithm::trim(seed);
boost::split(word_list, seed, boost::is_any_of(" "), boost::token_compress_on);
std::vector<epee::wipeable_string> word_list;
seed.split(word_list);
return word_list.size() != (seed_length + 1);
}

12
mnemonics/electrum-words.h
Unescape View File

@ -44,6 +44,8 @@
#include <map>
#include "crypto/crypto.h" // for declaration of crypto::secret_key
namespace epee { class wipeable_string; }
/*!
* \namespace crypto
*
@ -70,7 +72,7 @@ namespace crypto
* \param language_name Language of the seed as found gets written here.
* \return false if not a multiple of 3 words, or if word is not in the words list
*/
bool words_to_bytes(std::string words, std::string& dst, size_t len, bool duplicate,
bool words_to_bytes(const epee::wipeable_string &words, epee::wipeable_string& dst, size_t len, bool duplicate,
std::string &language_name);
/*!
* \brief Converts seed words to bytes (secret key).
@ -79,7 +81,7 @@ namespace crypto
* \param language_name Language of the seed as found gets written here.
* \return false if not a multiple of 3 words, or if word is not in the words list
*/
bool words_to_bytes(std::string words, crypto::secret_key& dst,
bool words_to_bytes(const epee::wipeable_string &words, crypto::secret_key& dst,
std::string &language_name);
/*!
@ -90,7 +92,7 @@ namespace crypto
* \param language_name Seed language name
* \return true if successful false if not. Unsuccessful if wrong key size.
*/
bool bytes_to_words(const char *src, size_t len, std::string& words,
bool bytes_to_words(const char *src, size_t len, epee::wipeable_string& words,
const std::string &language_name);
/*!
@ -100,7 +102,7 @@ namespace crypto
* \param language_name Seed language name
* \return true if successful false if not. Unsuccessful if wrong key size.
*/
bool bytes_to_words(const crypto::secret_key& src, std::string& words,
bool bytes_to_words(const crypto::secret_key& src, epee::wipeable_string& words,
const std::string &language_name);
/*!
@ -115,7 +117,7 @@ namespace crypto
* \param seed The seed to check (a space delimited concatenated word list)
* \return true if the seed passed is a old style seed false if not.
*/
bool get_is_old_style_seed(std::string seed);
bool get_is_old_style_seed(const epee::wipeable_string &seed);
/*!
* \brief Returns the name of a language in English

9
mnemonics/english.h
Unescape View File

@ -49,7 +49,10 @@ namespace Language
class English: public Base
{
public:
English(): Base("English", "English", std::vector<std::string>({
English(): Base("English", "English", {}, 3)
{
static constexpr const char * const words[NWORDS] =
{
"abbey",
"abducts",
"ability",
@ -1676,8 +1679,8 @@ namespace Language
"zombie",
"zones",
"zoom"
}), 3)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/english_old.h
Unescape View File

@ -51,7 +51,10 @@ namespace Language
class EnglishOld: public Base
{
public:
EnglishOld(): Base("EnglishOld", "English (old)", std::vector<std::string>({
EnglishOld(): Base("EnglishOld", "English (old)", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"like",
"just",
"love",
@ -1678,8 +1681,8 @@ namespace Language
"unseen",
"weapon",
"weary"
}), 4)
{
};
set_words(words);
populate_maps(ALLOW_DUPLICATE_PREFIXES | ALLOW_SHORT_WORDS);
}
};

9
mnemonics/esperanto.h
Unescape View File

@ -58,7 +58,10 @@ namespace Language
class Esperanto: public Base
{
public:
Esperanto(): Base("Esperanto", "Esperanto", std::vector<std::string>({
Esperanto(): Base("Esperanto", "Esperanto", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"abako",
"abdiki",
"abelo",
@ -1685,8 +1688,8 @@ namespace Language
"zorgi",
"zukino",
"zumilo",
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/french.h
Unescape View File

@ -49,7 +49,10 @@ namespace Language
class French: public Base
{
public:
French(): Base("Français", "French", std::vector<std::string>({
French(): Base("Français", "French", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"abandon",
"abattre",
"aboi",
@ -1676,8 +1679,8 @@ namespace Language
"zinc",
"zone",
"zoom"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/german.h
Unescape View File

@ -51,7 +51,10 @@ namespace Language
class German: public Base
{
public:
German(): Base("Deutsch", "German", std::vector<std::string>({
German(): Base("Deutsch", "German", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"Abakus",
"Abart",
"abbilden",
@ -1678,8 +1681,8 @@ namespace Language
"Zündung",
"Zweck",
"Zyklop"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/italian.h
Unescape View File

@ -51,7 +51,10 @@ namespace Language
class Italian: public Base
{
public:
Italian(): Base("Italiano", "Italian", std::vector<std::string>({
Italian(): Base("Italiano", "Italian", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"abbinare",
"abbonato",
"abisso",
@ -1678,8 +1681,8 @@ namespace Language
"zolfo",
"zombie",
"zucchero"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/japanese.h
Unescape View File

@ -71,7 +71,10 @@ namespace Language
class Japanese: public Base
{
public:
Japanese(): Base("日本語", "Japanese", std::vector<std::string>({
Japanese(): Base("日本語", "Japanese", {}, 3)
{
static constexpr const char * const words[NWORDS] =
{
"あいこくしん",
"あいさつ",
"あいだ",
@ -1698,8 +1701,8 @@ namespace Language
"ひさん",
"びじゅつかん",
"ひしょ"
}), 3)
{
};
set_words(words);
populate_maps();
}
};

42
mnemonics/language_base.h
Unescape View File

@ -53,15 +53,20 @@ namespace Language
* \param count How many characters to return.
* \return A string consisting of the first count characters in s.
*/
inline std::string utf8prefix(const std::string &s, size_t count)
template<typename T>
inline T utf8prefix(const T &s, size_t count)
{
std::string prefix = "";
const char *ptr = s.c_str();
while (count-- && *ptr)
T prefix = "";
size_t avail = s.size();
const char *ptr = s.data();
while (count-- && avail--)
{
prefix += *ptr++;
while (((*ptr) & 0xc0) == 0x80)
while (avail && ((*ptr) & 0xc0) == 0x80)
{
prefix += *ptr++;
--avail;
}
}
return prefix;
}
@ -78,9 +83,12 @@ namespace Language
ALLOW_SHORT_WORDS = 1<<0,
ALLOW_DUPLICATE_PREFIXES = 1<<1,
};
const std::vector<std::string> word_list; /*!< A pointer to the array of words */
std::unordered_map<std::string, uint32_t> word_map; /*!< hash table to find word's index */
std::unordered_map<std::string, uint32_t> trimmed_word_map; /*!< hash table to find word's trimmed index */
enum {
NWORDS = 1626
};
std::vector<std::string> word_list; /*!< A pointer to the array of words */
std::unordered_map<epee::wipeable_string, uint32_t> word_map; /*!< hash table to find word's index */
std::unordered_map<epee::wipeable_string, uint32_t> trimmed_word_map; /*!< hash table to find word's trimmed index */
std::string language_name; /*!< Name of language */
std::string english_language_name; /*!< Name of language */
uint32_t unique_prefix_length; /*!< Number of unique starting characters to trim the wordlist to when matching */
@ -91,7 +99,7 @@ namespace Language
{
int ii;
std::vector<std::string>::const_iterator it;
if (word_list.size () != 1626)
if (word_list.size () != NWORDS)
throw std::runtime_error("Wrong word list length for " + language_name);
for (it = word_list.begin(), ii = 0; it != word_list.end(); it++, ii++)
{
@ -103,7 +111,7 @@ namespace Language
else
throw std::runtime_error("Too short word in " + language_name + " word list: " + *it);
}
std::string trimmed;
epee::wipeable_string trimmed;
if (it->length() > unique_prefix_length)
{
trimmed = utf8prefix(*it, unique_prefix_length);
@ -115,9 +123,9 @@ namespace Language
if (trimmed_word_map.find(trimmed) != trimmed_word_map.end())
{
if (flags & ALLOW_DUPLICATE_PREFIXES)
MWARNING("Duplicate prefix in " << language_name << " word list: " << trimmed);
MWARNING("Duplicate prefix in " << language_name << " word list: " << std::string(trimmed.data(), trimmed.size()));
else
throw std::runtime_error("Duplicate prefix in " + language_name + " word list: " + trimmed);
throw std::runtime_error("Duplicate prefix in " + language_name + " word list: " + std::string(trimmed.data(), trimmed.size()));
}
trimmed_word_map[trimmed] = ii;
}
@ -133,6 +141,12 @@ namespace Language
virtual ~Base()
{
}
void set_words(const char * const words[])
{
word_list.resize(NWORDS);
for (size_t i = 0; i < NWORDS; ++i)
word_list[i] = words[i];
}
/*!
* \brief Returns a pointer to the word list.
* \return A pointer to the word list.
@ -145,7 +159,7 @@ namespace Language
* \brief Returns a pointer to the word map.
* \return A pointer to the word map.
*/
const std::unordered_map<std::string, uint32_t>& get_word_map() const
const std::unordered_map<epee::wipeable_string, uint32_t>& get_word_map() const
{
return word_map;
}
@ -153,7 +167,7 @@ namespace Language
* \brief Returns a pointer to the trimmed word map.
* \return A pointer to the trimmed word map.
*/
const std::unordered_map<std::string, uint32_t>& get_trimmed_word_map() const
const std::unordered_map<epee::wipeable_string, uint32_t>& get_trimmed_word_map() const
{
return trimmed_word_map;
}

9
mnemonics/lojban.h
Unescape View File

@ -56,7 +56,10 @@ namespace Language
class Lojban: public Base
{
public:
Lojban(): Base("Lojban", "Lojban", std::vector<std::string>({
Lojban(): Base("Lojban", "Lojban", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"backi",
"bacru",
"badna",
@ -1683,8 +1686,8 @@ namespace Language
"noltruti'u",
"samtci",
"snaxa'a",
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/portuguese.h
Unescape View File

@ -72,7 +72,10 @@ namespace Language
class Portuguese: public Base
{
public:
Portuguese(): Base("Português", "Portuguese", std::vector<std::string>({
Portuguese(): Base("Português", "Portuguese", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"abaular",
"abdominal",
"abeto",
@ -1699,8 +1702,8 @@ namespace Language
"zeloso",
"zenite",
"zumbi"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/russian.h
Unescape View File

@ -51,7 +51,10 @@ namespace Language
class Russian: public Base
{
public:
Russian(): Base("русский язык", "Russian", std::vector<std::string>({
Russian(): Base("русский язык", "Russian", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"абажур",
"абзац",
"абонент",
@ -1678,8 +1681,8 @@ namespace Language
"яхта",
"ячейка",
"ящик"
}), 4)
{
};
set_words(words);
populate_maps();
}
};

9
mnemonics/spanish.h
Unescape View File

@ -72,7 +72,10 @@ namespace Language
class Spanish: public Base
{
public:
Spanish(): Base("Español", "Spanish", std::vector<std::string>({
Spanish(): Base("Español", "Spanish", {}, 4)
{
static constexpr const char * const words[NWORDS] =
{
"ábaco",
"abdomen",
"abeja",
@ -1699,8 +1702,8 @@ namespace Language
"risa",
"ritmo",
"rito"
}), 4)
{
};
set_words(words);
populate_maps(ALLOW_SHORT_WORDS);
}
};

49
multisig/multisig.cpp
Unescape View File

@ -47,9 +47,12 @@ namespace cryptonote
crypto::secret_key get_multisig_blinded_secret_key(const crypto::secret_key &key)
{
rct::keyV data;
data.reserve(2);
data.push_back(rct::sk2rct(key));
data.push_back(multisig_salt);
return rct::rct2sk(rct::hash_to_scalar(data));
crypto::secret_key result = rct::rct2sk(rct::hash_to_scalar(data));
memwipe(&data[0], sizeof(rct::key));
return result;
}
//-----------------------------------------------------------------
void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
@ -81,6 +84,43 @@ namespace cryptonote
}
}
//-----------------------------------------------------------------
std::vector<crypto::public_key> generate_multisig_derivations(const account_keys &keys, const std::vector<crypto::public_key> &derivations)
{
std::vector<crypto::public_key> multisig_keys;
crypto::secret_key blinded_skey = get_multisig_blinded_secret_key(keys.m_spend_secret_key);
for (const auto &k: derivations)
{
rct::key d = rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(blinded_skey));
multisig_keys.push_back(rct::rct2pk(d));
}
return multisig_keys;
}
//-----------------------------------------------------------------
crypto::secret_key calculate_multisig_signer_key(const std::vector<crypto::secret_key>& multisig_keys)
{
rct::key secret_key = rct::zero();
for (const auto &k: multisig_keys)
{
sc_add(secret_key.bytes, secret_key.bytes, (const unsigned char*)k.data);
}
return rct::rct2sk(secret_key);
}
//-----------------------------------------------------------------
std::vector<crypto::secret_key> calculate_multisig_keys(const std::vector<crypto::public_key>& derivations)
{
std::vector<crypto::secret_key> multisig_keys;
multisig_keys.reserve(derivations.size());
for (const auto &k: derivations)
{
multisig_keys.emplace_back(get_multisig_blinded_secret_key(rct::rct2sk(rct::pk2rct(k))));
}
return multisig_keys;
}
//-----------------------------------------------------------------
crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys)
{
rct::key view_skey = rct::sk2rct(get_multisig_blinded_secret_key(skey));
@ -89,7 +129,7 @@ namespace cryptonote
return rct::rct2sk(view_skey);
}
//-----------------------------------------------------------------
crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys)
crypto::public_key generate_multisig_M_N_spend_public_key(const std::vector<crypto::public_key> &pkeys)
{
rct::key spend_public_key = rct::identity();
for (const auto &pk: pkeys)
@ -138,4 +178,9 @@ namespace cryptonote
return true;
}
//-----------------------------------------------------------------
uint32_t multisig_rounds_required(uint32_t participants, uint32_t threshold)
{
CHECK_AND_ASSERT_THROW_MES(participants >= threshold, "participants must be greater or equal than threshold");
return participants - threshold + 1;
}
}

24
multisig/multisig.h
Unescape View File

@ -41,9 +41,31 @@ namespace cryptonote
crypto::secret_key get_multisig_blinded_secret_key(const crypto::secret_key &key);
void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
void generate_multisig_N1_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
/**
* @brief generate_multisig_derivations performs common DH key derivation.
* Each middle round in M/N scheme is DH exchange of public multisig keys of other participants multiplied by secret spend key of current participant.
* this functions does the following: new multisig key = secret spend * public multisig key
* @param keys - current wallet's keys
* @param derivations - public multisig keys of other participants
* @return new public multisig keys derived from previous round. This data needs to be exchange with other participants
*/
std::vector<crypto::public_key> generate_multisig_derivations(const account_keys &keys, const std::vector<crypto::public_key> &derivations);
crypto::secret_key calculate_multisig_signer_key(const std::vector<crypto::secret_key>& derivations);
/**
* @brief calculate_multisig_keys. Calculates secret multisig keys from others' participants ones as follows: mi = H(Mi)
* @param derivations - others' participants public multisig keys.
* @return vector of current wallet's multisig secret keys
*/
std::vector<crypto::secret_key> calculate_multisig_keys(const std::vector<crypto::public_key>& derivations);
crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys);
crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys);
/**
* @brief generate_multisig_M_N_spend_public_key calculates multisig wallet's spend public key by summing all of public multisig keys
* @param pkeys unique public multisig keys
* @return multisig wallet's spend public key
*/
crypto::public_key generate_multisig_M_N_spend_public_key(const std::vector<crypto::public_key> &pkeys);
bool generate_multisig_key_image(const account_keys &keys, size_t multisig_key_index, const crypto::public_key& out_key, crypto::key_image& ki);
void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R);
bool generate_multisig_composite_key_image(const account_keys &keys, const std::unordered_map<crypto::public_key, cryptonote::subaddress_index>& subaddresses, const crypto::public_key& out_key, const crypto::public_key &tx_public_key, const std::vector<crypto::public_key>& additional_tx_public_keys, size_t real_output_index, const std::vector<crypto::key_image> &pkis, crypto::key_image &ki);
uint32_t multisig_rounds_required(uint32_t participants, uint32_t threshold);
}

921
ringct/bulletproofs.cc
View File

File diff suppressed because it is too large Load Diff

4
ringct/bulletproofs.h
Unescape View File

@ -40,7 +40,11 @@ namespace rct
Bulletproof bulletproof_PROVE(const rct::key &v, const rct::key &gamma);
Bulletproof bulletproof_PROVE(uint64_t v, const rct::key &gamma);
Bulletproof bulletproof_PROVE(const rct::keyV &v, const rct::keyV &gamma);
Bulletproof bulletproof_PROVE(const std::vector<uint64_t> &v, const rct::keyV &gamma);
bool bulletproof_VERIFY(const Bulletproof &proof);
bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs);
bool bulletproof_VERIFY(const std::vector<Bulletproof> &proofs);
}

665
ringct/multiexp.cc
Unescape View File

@ -0,0 +1,665 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Adapted from Python code by Sarang Noether
#include "misc_log_ex.h"
// #include "common/perf_timer.h"
extern "C"
{
#include "crypto/crypto-ops.h"
}
#include "common/aligned.h"
#include "rctOps.h"
#include "multiexp.h"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "multiexp"
// #define MULTIEXP_PERF(x) x
// #define MULTIEXP_PERF(x)
#define RAW_MEMORY_BLOCK
//#define ALTERNATE_LAYOUT
//#define TRACK_STRAUS_ZERO_IDENTITY
// per points us for N/B points (B point bands)
// raw alt 128/192 4096/192 4096/4096
// 0 0 52.6 71 71.2
// 0 1 53.2 72.2 72.4
// 1 0 52.7 67 67.1
// 1 1 52.8 70.4 70.2
// Pippenger:
// 1 2 3 4 5 6 7 8 9 bestN
// 2 555 598 621 804 1038 1733 2486 5020 8304 1
// 4 783 747 800 1006 1428 2132 3285 5185 9806 2
// 8 1174 1071 1095 1286 1640 2398 3869 6378 12080 2
// 16 2279 1874 1745 1739 2144 2831 4209 6964 12007 4
// 32 3910 3706 2588 2477 2782 3467 4856 7489 12618 4
// 64 7184 5429 4710 4368 4010 4672 6027 8559 13684 5
// 128 14097 10574 8452 7297 6841 6718 8615 10580 15641 6
// 256 27715 20800 16000 13550 11875 11400 11505 14090 18460 6
// 512 55100 41250 31740 26570 22030 19830 20760 21380 25215 6
// 1024 111520 79000 61080 49720 43080 38320 37600 35040 36750 8
// 2048 219480 162680 122120 102080 83760 70360 66600 63920 66160 8
// 4096 453320 323080 247240 210200 180040 150240 132440 114920 110560 9
// 2 4 8 16 32 64 128 256 512 1024 2048 4096
// Bos Coster 858 994 1316 1949 3183 5512 9865 17830 33485 63160 124280 246320
// Straus 226 341 548 980 1870 3538 7039 14490 29020 57200 118640 233640
// Straus/cached 226 315 485 785 1514 2858 5753 11065 22970 45120 98880 194840
// Pippenger 555 747 1071 1739 2477 4010 6718 11400 19830 35040 63920 110560
// Best/cached Straus Straus Straus Straus Straus Straus Straus Straus Pip Pip Pip Pip
// Best/uncached Straus Straus Straus Straus Straus Straus Pip Pip Pip Pip Pip Pip
namespace rct
{
static inline bool operator<(const rct::key &k0, const rct::key&k1)
{
for (int n = 31; n >= 0; --n)
{
if (k0.bytes[n] < k1.bytes[n])
return true;
if (k0.bytes[n] > k1.bytes[n])
return false;
}
return false;
}
static inline rct::key div2(const rct::key &k)
{
rct::key res;
int carry = 0;
for (int n = 31; n >= 0; --n)
{
int new_carry = (k.bytes[n] & 1) << 7;
res.bytes[n] = k.bytes[n] / 2 + carry;
carry = new_carry;
}
return res;
}
static inline rct::key pow2(size_t n)
{
CHECK_AND_ASSERT_THROW_MES(n < 256, "Invalid pow2 argument");
rct::key res = rct::zero();
res[n >> 3] |= 1<<(n&7);
return res;
}
static inline int test(const rct::key &k, size_t n)
{
if (n >= 256) return 0;
return k[n >> 3] & (1 << (n & 7));
}
static inline void add(ge_p3 &p3, const ge_cached &other)
{
ge_p1p1 p1;
ge_add(&p1, &p3, &other);
ge_p1p1_to_p3(&p3, &p1);
}
static inline void add(ge_p3 &p3, const ge_p3 &other)
{
ge_cached cached;
ge_p3_to_cached(&cached, &other);
add(p3, cached);
}
rct::key bos_coster_heap_conv(std::vector<MultiexpData> data)
{
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(bos_coster, 1000000));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(setup, 1000000));
size_t points = data.size();
CHECK_AND_ASSERT_THROW_MES(points > 1, "Not enough points");
std::vector<size_t> heap(points);
for (size_t n = 0; n < points; ++n)
heap[n] = n;
auto Comp = [&](size_t e0, size_t e1) { return data[e0].scalar < data[e1].scalar; };
std::make_heap(heap.begin(), heap.end(), Comp);
// MULTIEXP_PERF(PERF_TIMER_STOP(setup));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(loop, 1000000));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(pop, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(pop));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(add, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(add));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(sub, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(sub));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(push, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(push));
while (heap.size() > 1)
{
// MULTIEXP_PERF(PERF_TIMER_RESUME(pop));
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index1 = heap.back();
heap.pop_back();
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index2 = heap.back();
heap.pop_back();
// MULTIEXP_PERF(PERF_TIMER_PAUSE(pop));
// MULTIEXP_PERF(PERF_TIMER_RESUME(add));
ge_cached cached;
ge_p3_to_cached(&cached, &data[index1].point);
ge_p1p1 p1;
ge_add(&p1, &data[index2].point, &cached);
ge_p1p1_to_p3(&data[index2].point, &p1);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(add));
// MULTIEXP_PERF(PERF_TIMER_RESUME(sub));
sc_sub(data[index1].scalar.bytes, data[index1].scalar.bytes, data[index2].scalar.bytes);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(sub));
// MULTIEXP_PERF(PERF_TIMER_RESUME(push));
if (!(data[index1].scalar == rct::zero()))
{
heap.push_back(index1);
std::push_heap(heap.begin(), heap.end(), Comp);
}
heap.push_back(index2);
std::push_heap(heap.begin(), heap.end(), Comp);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(push));
}
// MULTIEXP_PERF(PERF_TIMER_STOP(push));
// MULTIEXP_PERF(PERF_TIMER_STOP(sub));
// MULTIEXP_PERF(PERF_TIMER_STOP(add));
// MULTIEXP_PERF(PERF_TIMER_STOP(pop));
// MULTIEXP_PERF(PERF_TIMER_STOP(loop));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(end, 1000000));
//return rct::scalarmultKey(data[index1].point, data[index1].scalar);
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index1 = heap.back();
heap.pop_back();
ge_p2 p2;
ge_scalarmult(&p2, data[index1].scalar.bytes, &data[index1].point);
rct::key res;
ge_tobytes(res.bytes, &p2);
return res;
}
rct::key bos_coster_heap_conv_robust(std::vector<MultiexpData> data)
{
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(bos_coster, 1000000));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(setup, 1000000));
size_t points = data.size();
CHECK_AND_ASSERT_THROW_MES(points > 0, "Not enough points");
std::vector<size_t> heap;
heap.reserve(points);
for (size_t n = 0; n < points; ++n)
{
if (!(data[n].scalar == rct::zero()) && !ge_p3_is_point_at_infinity(&data[n].point))
heap.push_back(n);
}
points = heap.size();
if (points == 0)
return rct::identity();
auto Comp = [&](size_t e0, size_t e1) { return data[e0].scalar < data[e1].scalar; };
std::make_heap(heap.begin(), heap.end(), Comp);
if (points < 2)
{
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index1 = heap.back();
ge_p2 p2;
ge_scalarmult(&p2, data[index1].scalar.bytes, &data[index1].point);
rct::key res;
ge_tobytes(res.bytes, &p2);
return res;
}
// MULTIEXP_PERF(PERF_TIMER_STOP(setup));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(loop, 1000000));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(pop, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(pop));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(div, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(div));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(add, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(add));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(sub, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(sub));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(push, 1000000)); MULTIEXP_PERF(PERF_TIMER_PAUSE(push));
while (heap.size() > 1)
{
// MULTIEXP_PERF(PERF_TIMER_RESUME(pop));
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index1 = heap.back();
heap.pop_back();
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index2 = heap.back();
heap.pop_back();
// MULTIEXP_PERF(PERF_TIMER_PAUSE(pop));
ge_cached cached;
ge_p1p1 p1;
ge_p2 p2;
// MULTIEXP_PERF(PERF_TIMER_RESUME(div));
while (1)
{
rct::key s1_2 = div2(data[index1].scalar);
if (!(data[index2].scalar < s1_2))
break;
if (data[index1].scalar.bytes[0] & 1)
{
data.resize(data.size()+1);
data.back().scalar = rct::identity();
data.back().point = data[index1].point;
heap.push_back(data.size() - 1);
std::push_heap(heap.begin(), heap.end(), Comp);
}
data[index1].scalar = div2(data[index1].scalar);
ge_p3_to_p2(&p2, &data[index1].point);
ge_p2_dbl(&p1, &p2);
ge_p1p1_to_p3(&data[index1].point, &p1);
}
// MULTIEXP_PERF(PERF_TIMER_PAUSE(div));
// MULTIEXP_PERF(PERF_TIMER_RESUME(add));
ge_p3_to_cached(&cached, &data[index1].point);
ge_add(&p1, &data[index2].point, &cached);
ge_p1p1_to_p3(&data[index2].point, &p1);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(add));
// MULTIEXP_PERF(PERF_TIMER_RESUME(sub));
sc_sub(data[index1].scalar.bytes, data[index1].scalar.bytes, data[index2].scalar.bytes);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(sub));
// MULTIEXP_PERF(PERF_TIMER_RESUME(push));
if (!(data[index1].scalar == rct::zero()))
{
heap.push_back(index1);
std::push_heap(heap.begin(), heap.end(), Comp);
}
heap.push_back(index2);
std::push_heap(heap.begin(), heap.end(), Comp);
// MULTIEXP_PERF(PERF_TIMER_PAUSE(push));
}
// MULTIEXP_PERF(PERF_TIMER_STOP(push));
// MULTIEXP_PERF(PERF_TIMER_STOP(sub));
// MULTIEXP_PERF(PERF_TIMER_STOP(add));
// MULTIEXP_PERF(PERF_TIMER_STOP(pop));
// MULTIEXP_PERF(PERF_TIMER_STOP(loop));
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(end, 1000000));
//return rct::scalarmultKey(data[index1].point, data[index1].scalar);
std::pop_heap(heap.begin(), heap.end(), Comp);
size_t index1 = heap.back();
heap.pop_back();
ge_p2 p2;
ge_scalarmult(&p2, data[index1].scalar.bytes, &data[index1].point);
rct::key res;
ge_tobytes(res.bytes, &p2);
return res;
}
static constexpr unsigned int STRAUS_C = 4;
struct straus_cached_data
{
#ifdef RAW_MEMORY_BLOCK
size_t size;
ge_cached *multiples;
straus_cached_data(): size(0), multiples(NULL) {}
~straus_cached_data() { aligned_free(multiples); }
#else
std::vector<std::vector<ge_cached>> multiples;
#endif
};
#ifdef RAW_MEMORY_BLOCK
#ifdef ALTERNATE_LAYOUT
#define CACHE_OFFSET(cache,point,digit) cache->multiples[(point)*((1<<STRAUS_C)-1)+((digit)-1)]
#else
#define CACHE_OFFSET(cache,point,digit) cache->multiples[(point)+cache->size*((digit)-1)]
#endif
#else
#ifdef ALTERNATE_LAYOUT
#define CACHE_OFFSET(cache,point,digit) local_cache->multiples[j][digit-1]
#else
#define CACHE_OFFSET(cache,point,digit) local_cache->multiples[digit][j]
#endif
#endif
std::shared_ptr<straus_cached_data> straus_init_cache(const std::vector<MultiexpData> &data, size_t N)
{
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(multiples, 1000000));
if (N == 0)
N = data.size();
CHECK_AND_ASSERT_THROW_MES(N <= data.size(), "Bad cache base data");
ge_cached cached;
ge_p1p1 p1;
ge_p3 p3;
std::shared_ptr<straus_cached_data> cache(new straus_cached_data());
#ifdef RAW_MEMORY_BLOCK
const size_t offset = cache->size;
cache->multiples = (ge_cached*)aligned_realloc(cache->multiples, sizeof(ge_cached) * ((1<<STRAUS_C)-1) * std::max(offset, N), 4096);
CHECK_AND_ASSERT_THROW_MES(cache->multiples, "Out of memory");
cache->size = N;
for (size_t j=offset;j<N;++j)
{
ge_p3_to_cached(&CACHE_OFFSET(cache, j, 1), &data[j].point);
for (size_t i=2;i<1<<STRAUS_C;++i)
{
ge_add(&p1, &data[j].point, &CACHE_OFFSET(cache, j, i-1));
ge_p1p1_to_p3(&p3, &p1);
ge_p3_to_cached(&CACHE_OFFSET(cache, j, i), &p3);
}
}
#else
#ifdef ALTERNATE_LAYOUT
const size_t offset = cache->multiples.size();
cache->multiples.resize(std::max(offset, N));
for (size_t i = offset; i < N; ++i)
{
cache->multiples[i].resize((1<<STRAUS_C)-1);
ge_p3_to_cached(&cache->multiples[i][0], &data[i].point);
for (size_t j=2;j<1<<STRAUS_C;++j)
{
ge_add(&p1, &data[i].point, &cache->multiples[i][j-2]);
ge_p1p1_to_p3(&p3, &p1);
ge_p3_to_cached(&cache->multiples[i][j-1], &p3);
}
}
#else
cache->multiples.resize(1<<STRAUS_C);
size_t offset = cache->multiples[1].size();
cache->multiples[1].resize(std::max(offset, N));
for (size_t i = offset; i < N; ++i)
ge_p3_to_cached(&cache->multiples[1][i], &data[i].point);
for (size_t i=2;i<1<<STRAUS_C;++i)
cache->multiples[i].resize(std::max(offset, N));
for (size_t j=offset;j<N;++j)
{
for (size_t i=2;i<1<<STRAUS_C;++i)
{
ge_add(&p1, &data[j].point, &cache->multiples[i-1][j]);
ge_p1p1_to_p3(&p3, &p1);
ge_p3_to_cached(&cache->multiples[i][j], &p3);
}
}
#endif
#endif
// MULTIEXP_PERF(PERF_TIMER_STOP(multiples));
return cache;
}
size_t straus_get_cache_size(const std::shared_ptr<straus_cached_data> &cache)
{
size_t sz = 0;
#ifdef RAW_MEMORY_BLOCK
sz += cache->size * sizeof(ge_cached) * ((1<<STRAUS_C)-1);
#else
for (const auto &e0: cache->multiples)
sz += e0.size() * sizeof(ge_cached);
#endif
return sz;
}
rct::key straus(const std::vector<MultiexpData> &data, const std::shared_ptr<straus_cached_data> &cache, size_t STEP)
{
CHECK_AND_ASSERT_THROW_MES(cache == NULL || cache->size >= data.size(), "Cache is too small");
// MULTIEXP_PERF(PERF_TIMER_UNIT(straus, 1000000));
bool HiGi = cache != NULL;
STEP = STEP ? STEP : 192;
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(setup, 1000000));
static constexpr unsigned int mask = (1<<STRAUS_C)-1;
std::shared_ptr<straus_cached_data> local_cache = cache == NULL ? straus_init_cache(data) : cache;
ge_cached cached;
ge_p1p1 p1;
ge_p3 p3;
#ifdef TRACK_STRAUS_ZERO_IDENTITY
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(skip, 1000000));
std::vector<uint8_t> skip(data.size());
for (size_t i = 0; i < data.size(); ++i)
skip[i] = data[i].scalar == rct::zero() || ge_p3_is_point_at_infinity(&data[i].point);
// MULTIEXP_PERF(PERF_TIMER_STOP(skip));
#endif
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(digits, 1000000));
std::unique_ptr<uint8_t[]> digits{new uint8_t[256 * data.size()]};
for (size_t j = 0; j < data.size(); ++j)
{
unsigned char bytes33[33];
memcpy(bytes33, data[j].scalar.bytes, 32);
bytes33[32] = 0;
const unsigned char *bytes = bytes33;
#if 1
static_assert(STRAUS_C == 4, "optimized version needs STRAUS_C == 4");
unsigned int i;
for (i = 0; i < 256; i += 8, bytes++)
{
digits[j*256+i] = bytes[0] & 0xf;
digits[j*256+i+1] = (bytes[0] >> 1) & 0xf;
digits[j*256+i+2] = (bytes[0] >> 2) & 0xf;
digits[j*256+i+3] = (bytes[0] >> 3) & 0xf;
digits[j*256+i+4] = ((bytes[0] >> 4) | (bytes[1]<<4)) & 0xf;
digits[j*256+i+5] = ((bytes[0] >> 5) | (bytes[1]<<3)) & 0xf;
digits[j*256+i+6] = ((bytes[0] >> 6) | (bytes[1]<<2)) & 0xf;
digits[j*256+i+7] = ((bytes[0] >> 7) | (bytes[1]<<1)) & 0xf;
}
#elif 1
for (size_t i = 0; i < 256; ++i)
digits[j*256+i] = ((bytes[i>>3] | (bytes[(i>>3)+1]<<8)) >> (i&7)) & mask;
#else
rct::key shifted = data[j].scalar;
for (size_t i = 0; i < 256; ++i)
{
digits[j*256+i] = shifted.bytes[0] & 0xf;
shifted = div2(shifted, (256-i)>>3);
}
#endif
}
// MULTIEXP_PERF(PERF_TIMER_STOP(digits));
rct::key maxscalar = rct::zero();
for (size_t i = 0; i < data.size(); ++i)
if (maxscalar < data[i].scalar)
maxscalar = data[i].scalar;
size_t start_i = 0;
while (start_i < 256 && !(maxscalar < pow2(start_i)))
start_i += STRAUS_C;
// MULTIEXP_PERF(PERF_TIMER_STOP(setup));
ge_p3 res_p3 = ge_p3_identity;
for (size_t start_offset = 0; start_offset < data.size(); start_offset += STEP)
{
const size_t num_points = std::min(data.size() - start_offset, STEP);
ge_p3 band_p3 = ge_p3_identity;
size_t i = start_i;
if (!(i < STRAUS_C))
goto skipfirst;
while (!(i < STRAUS_C))
{
ge_p2 p2;
ge_p3_to_p2(&p2, &band_p3);
for (size_t j = 0; j < STRAUS_C; ++j)
{
ge_p2_dbl(&p1, &p2);
if (j == STRAUS_C - 1)
ge_p1p1_to_p3(&band_p3, &p1);
else
ge_p1p1_to_p2(&p2, &p1);
}
skipfirst:
i -= STRAUS_C;
for (size_t j = start_offset; j < start_offset + num_points; ++j)
{
#ifdef TRACK_STRAUS_ZERO_IDENTITY
if (skip[j])
continue;
#endif
const uint8_t digit = digits[j*256+i];
if (digit)
{
ge_add(&p1, &band_p3, &CACHE_OFFSET(local_cache, j, digit));
ge_p1p1_to_p3(&band_p3, &p1);
}
}
}
ge_p3_to_cached(&cached, &band_p3);
ge_add(&p1, &res_p3, &cached);
ge_p1p1_to_p3(&res_p3, &p1);
}
rct::key res;
ge_p3_tobytes(res.bytes, &res_p3);
return res;
}
size_t get_pippenger_c(size_t N)
{
// uncached: 2:1, 4:2, 8:2, 16:3, 32:4, 64:4, 128:5, 256:6, 512:7, 1024:7, 2048:8, 4096:9
// cached: 2:1, 4:2, 8:2, 16:3, 32:4, 64:4, 128:5, 256:6, 512:7, 1024:7, 2048:8, 4096:9
if (N <= 2) return 1;
if (N <= 8) return 2;
if (N <= 16) return 3;
if (N <= 64) return 4;
if (N <= 128) return 5;
if (N <= 256) return 6;
if (N <= 1024) return 7;
if (N <= 2048) return 8;
return 9;
}
struct pippenger_cached_data
{
size_t size;
ge_cached *cached;
pippenger_cached_data(): size(0), cached(NULL) {}
~pippenger_cached_data() { aligned_free(cached); }
};
std::shared_ptr<pippenger_cached_data> pippenger_init_cache(const std::vector<MultiexpData> &data, size_t N)
{
// MULTIEXP_PERF(PERF_TIMER_START_UNIT(pippenger_init_cache, 1000000));
if (N == 0)
N = data.size();
CHECK_AND_ASSERT_THROW_MES(N <= data.size(), "Bad cache base data");
ge_cached cached;
std::shared_ptr<pippenger_cached_data> cache(new pippenger_cached_data());
cache->size = N;
cache->cached = (ge_cached*)aligned_realloc(cache->cached, N * sizeof(ge_cached), 4096);
CHECK_AND_ASSERT_THROW_MES(cache->cached, "Out of memory");
for (size_t i = 0; i < N; ++i)
ge_p3_to_cached(&cache->cached[i], &data[i].point);
// MULTIEXP_PERF(PERF_TIMER_STOP(pippenger_init_cache));
return cache;
}
size_t pippenger_get_cache_size(const std::shared_ptr<pippenger_cached_data> &cache)
{
return cache->size * sizeof(*cache->cached);
}
rct::key pippenger(const std::vector<MultiexpData> &data, const std::shared_ptr<pippenger_cached_data> &cache, size_t c)
{
CHECK_AND_ASSERT_THROW_MES(cache == NULL || cache->size >= data.size(), "Cache is too small");
if (c == 0)
c = get_pippenger_c(data.size());
CHECK_AND_ASSERT_THROW_MES(c <= 9, "c is too large");
ge_p3 result = ge_p3_identity;
std::unique_ptr<ge_p3[]> buckets{new ge_p3[1<<c]};
std::shared_ptr<pippenger_cached_data> local_cache = cache == NULL ? pippenger_init_cache(data) : cache;
rct::key maxscalar = rct::zero();
for (size_t i = 0; i < data.size(); ++i)
{
if (maxscalar < data[i].scalar)
maxscalar = data[i].scalar;
}
size_t groups = 0;
while (groups < 256 && !(maxscalar < pow2(groups)))
++groups;
groups = (groups + c - 1) / c;
for (size_t k = groups; k-- > 0; )
{
if (!ge_p3_is_point_at_infinity(&result))
{
ge_p2 p2;
ge_p3_to_p2(&p2, &result);
for (size_t i = 0; i < c; ++i)
{
ge_p1p1 p1;
ge_p2_dbl(&p1, &p2);
if (i == c - 1)
ge_p1p1_to_p3(&result, &p1);
else
ge_p1p1_to_p2(&p2, &p1);
}
}
for (size_t i = 0; i < (1u<<c); ++i)
buckets[i] = ge_p3_identity;
// partition scalars into buckets
for (size_t i = 0; i < data.size(); ++i)
{
unsigned int bucket = 0;
for (size_t j = 0; j < c; ++j)
if (test(data[i].scalar, k*c+j))
bucket |= 1<<j;
if (bucket == 0)
continue;
CHECK_AND_ASSERT_THROW_MES(bucket < (1u<<c), "bucket overflow");
if (!ge_p3_is_point_at_infinity(&buckets[bucket]))
{
add(buckets[bucket], local_cache->cached[i]);
}
else
buckets[bucket] = data[i].point;
}
// sum the buckets
ge_p3 pail = ge_p3_identity;
for (size_t i = (1<<c)-1; i > 0; --i)
{
if (!ge_p3_is_point_at_infinity(&buckets[i]))
add(pail, buckets[i]);
if (!ge_p3_is_point_at_infinity(&pail))
add(result, pail);
}
}
rct::key res;
ge_p3_tobytes(res.bytes, &result);
return res;
}
}

71
ringct/multiexp.h
Unescape View File

@ -0,0 +1,71 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Adapted from Python code by Sarang Noether
#pragma once
#ifndef MULTIEXP_H
#define MULTIEXP_H
#include <vector>
#include "crypto/crypto.h"
#include "rctTypes.h"
#include "misc_log_ex.h"
namespace rct
{
struct MultiexpData {
rct::key scalar;
ge_p3 point;
MultiexpData() {}
MultiexpData(const rct::key &s, const ge_p3 &p): scalar(s), point(p) {}
MultiexpData(const rct::key &s, const rct::key &p): scalar(s)
{
CHECK_AND_ASSERT_THROW_MES(ge_frombytes_vartime(&point, p.bytes) == 0, "ge_frombytes_vartime failed");
}
};
struct straus_cached_data;
struct pippenger_cached_data;
rct::key bos_coster_heap_conv(std::vector<MultiexpData> data);
rct::key bos_coster_heap_conv_robust(std::vector<MultiexpData> data);
std::shared_ptr<straus_cached_data> straus_init_cache(const std::vector<MultiexpData> &data, size_t N =0);
size_t straus_get_cache_size(const std::shared_ptr<straus_cached_data> &cache);
rct::key straus(const std::vector<MultiexpData> &data, const std::shared_ptr<straus_cached_data> &cache = NULL, size_t STEP = 0);
std::shared_ptr<pippenger_cached_data> pippenger_init_cache(const std::vector<MultiexpData> &data, size_t N =0);
size_t pippenger_get_cache_size(const std::shared_ptr<pippenger_cached_data> &cache);
size_t get_pippenger_c(size_t N);
rct::key pippenger(const std::vector<MultiexpData> &data, const std::shared_ptr<pippenger_cached_data> &cache = NULL, size_t c = 0);
}
#endif

64
ringct/rctOps.cpp
Unescape View File

@ -60,16 +60,26 @@ namespace rct {
//Various key generation functions
bool toPointCheckOrder(ge_p3 *P, const unsigned char *data)
{
if (ge_frombytes_vartime(P, data))
return false;
ge_p2 R;
ge_scalarmult(&R, curveOrder().bytes, P);
key tmp;
ge_tobytes(tmp.bytes, &R);
return tmp == identity();
}
//generates a random scalar which can be used as a secret key or mask
void skGen(key &sk) {
sk = crypto::rand<key>();
sc_reduce32(sk.bytes);
random32_unbiased(sk.bytes);
}
//generates a random scalar which can be used as a secret key or mask
key skGen() {
key sk = crypto::rand<key>();
sc_reduce32(sk.bytes);
key sk;
skGen(sk);
return sk;
}
@ -79,9 +89,8 @@ namespace rct {
CHECK_AND_ASSERT_THROW_MES(rows > 0, "0 keys requested");
keyV rv(rows);
size_t i = 0;
crypto::rand(rows * sizeof(key), (uint8_t*)&rv[0]);
for (i = 0 ; i < rows ; i++) {
sc_reduce32(rv[i].bytes);
skGen(rv[i]);
}
return rv;
}
@ -195,15 +204,33 @@ namespace rct {
//Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint
key scalarmultH(const key & a) {
ge_p3 A;
ge_p2 R;
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A, H.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
ge_scalarmult(&R, a.bytes, &A);
ge_scalarmult(&R, a.bytes, &ge_p3_H);
key aP;
ge_tobytes(aP.bytes, &R);
return aP;
}
//Computes 8P
key scalarmult8(const key & P) {
ge_p3 p3;
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&p3, P.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
ge_p2 p2;
ge_p3_to_p2(&p2, &p3);
ge_p1p1 p1;
ge_mul8(&p1, &p2);
ge_p1p1_to_p2(&p2, &p1);
rct::key res;
ge_tobytes(res.bytes, &p2);
return res;
}
//Computes aL where L is the curve order
bool isInMainSubgroup(const key & a) {
ge_p3 p3;
return toPointCheckOrder(&p3, a.bytes);
}
//Curve addition / subtractions
//for curve points: AB = A + B
@ -225,6 +252,25 @@ namespace rct {
return k;
}
rct::key addKeys(const keyV &A) {
if (A.empty())
return rct::identity();
ge_p3 p3, tmp;
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&p3, A[0].bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
for (size_t i = 1; i < A.size(); ++i)
{
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&tmp, A[i].bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
ge_cached p2;
ge_p3_to_cached(&p2, &tmp);
ge_p1p1 p1;
ge_add(&p1, &p3, &p2);
ge_p1p1_to_p3(&p3, &p1);
}
rct::key res;
ge_p3_tobytes(res.bytes, &p3);
return res;
}
//addKeys1
//aGB = aG + B where a is a scalar, G is the basepoint, and B is a point
void addKeys1(key &aGB, const key &a, const key & B) {

8
ringct/rctOps.h
Unescape View File

@ -63,6 +63,8 @@ namespace rct {
static const key I = { {0x01, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } };
static const key L = { {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 } };
static const key G = { {0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66 } };
static const key EIGHT = { {0x08, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } };
static const key INV_EIGHT = { { 0x79, 0x2f, 0xdc, 0xe2, 0x29, 0xe5, 0x06, 0x61, 0xd0, 0xda, 0x1c, 0x7d, 0xb3, 0x9d, 0xd3, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06 } };
//Creates a zero scalar
inline key zero() { return Z; }
@ -83,6 +85,7 @@ namespace rct {
keyM keyMInit(size_t rows, size_t cols);
//Various key generation functions
bool toPointCheckOrder(ge_p3 *P, const unsigned char *data);
//generates a random scalar which can be used as a secret key or mask
key skGen();
@ -119,12 +122,17 @@ namespace rct {
key scalarmultKey(const key &P, const key &a);
//Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint
key scalarmultH(const key & a);
// multiplies a point by 8
key scalarmult8(const key & P);
// checks a is in the main subgroup (ie, not a small one)
bool isInMainSubgroup(const key & a);
//Curve addition / subtractions
//for curve points: AB = A + B
void addKeys(key &AB, const key &A, const key &B);
rct::key addKeys(const key &A, const key &B);
rct::key addKeys(const keyV &A);
//aGB = aG + B where a is a scalar, G is the basepoint, and B is a point
void addKeys1(key &aGB, const key &a, const key & B);
//aGbB = aG + bB where a, b are scalars, G is the basepoint and B is a point

351
ringct/rctSigs.cpp
Unescape View File

@ -45,30 +45,6 @@ using namespace std;
#define CHECK_AND_ASSERT_MES_L1(expr, ret, message) {if(!(expr)) {MCERROR("verify", message); return ret;}}
namespace rct {
bool is_simple(int type)
{
switch (type)
{
case RCTTypeSimple:
case RCTTypeSimpleBulletproof:
return true;
default:
return false;
}
}
bool is_bulletproof(int type)
{
switch (type)
{
case RCTTypeSimpleBulletproof:
case RCTTypeFullBulletproof:
return true;
default:
return false;
}
}
Bulletproof proveRangeBulletproof(key &C, key &mask, uint64_t amount)
{
mask = rct::skGen();
@ -78,6 +54,15 @@ namespace rct {
return proof;
}
Bulletproof proveRangeBulletproof(keyV &C, keyV &masks, const std::vector<uint64_t> &amounts)
{
masks = rct::skvGen(amounts.size());
Bulletproof proof = bulletproof_PROVE(amounts, masks);
CHECK_AND_ASSERT_THROW_MES(proof.V.size() == amounts.size(), "V does not have the expected size");
C = proof.V;
return proof;
}
bool verBulletproof(const Bulletproof &proof)
{
try { return bulletproof_VERIFY(proof); }
@ -85,6 +70,13 @@ namespace rct {
catch (...) { return false; }
}
bool verBulletproof(const std::vector<const Bulletproof*> &proofs)
{
try { return bulletproof_VERIFY(proofs); }
// we can get deep throws from ge_frombytes_vartime if input isn't valid
catch (...) { return false; }
}
//Borromean (c.f. gmax/andytoshi's paper)
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
key64 L[2], alpha;
@ -285,6 +277,7 @@ namespace rct {
for (j = 0; j < dsRows; j++) {
addKeys2(L, rv.ss[i][j], c_old, pk[i][j]);
hashToPoint(Hi, pk[i][j]);
CHECK_AND_ASSERT_MES(!(Hi == rct::identity()), false, "Data hashed to point at infinity");
addKeys3(R, rv.ss[i][j], Hi, c_old, Ip[j].k);
toHash[3 * j + 1] = pk[i][j];
toHash[3 * j + 2] = L;
@ -389,7 +382,7 @@ namespace rct {
std::stringstream ss;
binary_archive<true> ba(ss);
CHECK_AND_ASSERT_THROW_MES(!rv.mixRing.empty(), "Empty mixRing");
const size_t inputs = is_simple(rv.type) ? rv.mixRing.size() : rv.mixRing[0].size();
const size_t inputs = is_rct_simple(rv.type) ? rv.mixRing.size() : rv.mixRing[0].size();
const size_t outputs = rv.ecdhInfo.size();
key prehash;
CHECK_AND_ASSERT_THROW_MES(const_cast<rctSig&>(rv).serialize_rctsig_base(ba, inputs, outputs),
@ -398,7 +391,7 @@ namespace rct {
hashes.push_back(hash2rct(h));
keyV kv;
if (rv.type == RCTTypeSimpleBulletproof || rv.type == RCTTypeFullBulletproof)
if (rv.type == RCTTypeBulletproof)
{
kv.reserve((6*2+9) * rv.p.bulletproofs.size());
for (const auto &p: rv.p.bulletproofs)
@ -492,7 +485,9 @@ namespace rct {
for (size_t j = 0; j < outPk.size(); j++) {
sc_sub(sk[rows].bytes, sk[rows].bytes, outSk[j].mask.bytes); //subtract output masks in last row..
}
return MLSAG_Gen(message, M, sk, kLRki, mscout, index, rows, hwdev);
mgSig result = MLSAG_Gen(message, M, sk, kLRki, mscout, index, rows, hwdev);
memwipe(sk.data(), sk.size() * sizeof(key));
return result;
}
@ -521,7 +516,9 @@ namespace rct {
M[i][0] = pubs[i].dest;
subKeys(M[i][1], pubs[i].mask, Cout);
}
return MLSAG_Gen(message, M, sk, kLRki, mscout, index, rows, hwdev);
mgSig result = MLSAG_Gen(message, M, sk, kLRki, mscout, index, rows, hwdev);
memwipe(&sk[0], sizeof(key));
return result;
}
@ -655,7 +652,7 @@ namespace rct {
// must know the destination private key to find the correct amount, else will return a random number
// Note: For txn fees, the last index in the amounts vector should contain that
// Thus the amounts vector will be "one" longer than the destinations vectort
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev) {
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, hw::device &hwdev) {
CHECK_AND_ASSERT_THROW_MES(amounts.size() == destinations.size() || amounts.size() == destinations.size() + 1, "Different number of amounts/destinations");
CHECK_AND_ASSERT_THROW_MES(amount_keys.size() == destinations.size(), "Different number of amount_keys/destinations");
CHECK_AND_ASSERT_THROW_MES(index < mixRing.size(), "Bad index into mixRing");
@ -665,13 +662,10 @@ namespace rct {
CHECK_AND_ASSERT_THROW_MES((kLRki && msout) || (!kLRki && !msout), "Only one of kLRki/msout is present");
rctSig rv;
rv.type = bulletproof ? RCTTypeFullBulletproof : RCTTypeFull;
rv.type = RCTTypeFull;
rv.message = message;
rv.outPk.resize(destinations.size());
if (bulletproof)
rv.p.bulletproofs.resize(destinations.size());
else
rv.p.rangeSigs.resize(destinations.size());
rv.p.rangeSigs.resize(destinations.size());
rv.ecdhInfo.resize(destinations.size());
size_t i = 0;
@ -681,17 +675,10 @@ namespace rct {
//add destination to sig
rv.outPk[i].dest = copy(destinations[i]);
//compute range proof
if (bulletproof)
rv.p.bulletproofs[i] = proveRangeBulletproof(rv.outPk[i].mask, outSk[i].mask, amounts[i]);
else
rv.p.rangeSigs[i] = proveRange(rv.outPk[i].mask, outSk[i].mask, amounts[i]);
rv.p.rangeSigs[i] = proveRange(rv.outPk[i].mask, outSk[i].mask, amounts[i]);
#ifdef DBG
if (bulletproof)
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs[i]), "verBulletproof failed on newly created proof");
else
CHECK_AND_ASSERT_THROW_MES(verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]), "verRange failed on newly created proof");
CHECK_AND_ASSERT_THROW_MES(verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]), "verRange failed on newly created proof");
#endif
//mask amount and mask
rv.ecdhInfo[i].mask = copy(outSk[i].mask);
rv.ecdhInfo[i].amount = d2h(amounts[i]);
@ -721,12 +708,13 @@ namespace rct {
ctkeyM mixRing;
ctkeyV outSk;
tie(mixRing, index) = populateFromBlockchain(inPk, mixin);
return genRct(message, inSk, destinations, amounts, mixRing, amount_keys, kLRki, msout, index, outSk, false, hwdev);
return genRct(message, inSk, destinations, amounts, mixRing, amount_keys, kLRki, msout, index, outSk, hwdev);
}
//RCT simple
//for post-rct only
rctSig genRctSimple(const key &message, const ctkeyV & inSk, const keyV & destinations, const vector<xmr_amount> &inamounts, const vector<xmr_amount> &outamounts, xmr_amount txnFee, const ctkeyM & mixRing, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, const std::vector<unsigned int> & index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev) {
rctSig genRctSimple(const key &message, const ctkeyV & inSk, const keyV & destinations, const vector<xmr_amount> &inamounts, const vector<xmr_amount> &outamounts, xmr_amount txnFee, const ctkeyM & mixRing, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, const std::vector<unsigned int> & index, ctkeyV &outSk, RangeProofType range_proof_type, hw::device &hwdev) {
const bool bulletproof = range_proof_type != RangeProofBorromean;
CHECK_AND_ASSERT_THROW_MES(inamounts.size() > 0, "Empty inamounts");
CHECK_AND_ASSERT_THROW_MES(inamounts.size() == inSk.size(), "Different number of inamounts/inSk");
CHECK_AND_ASSERT_THROW_MES(outamounts.size() == destinations.size(), "Different number of amounts/destinations");
@ -742,35 +730,74 @@ namespace rct {
}
rctSig rv;
rv.type = bulletproof ? RCTTypeSimpleBulletproof : RCTTypeSimple;
rv.type = bulletproof ? RCTTypeBulletproof : RCTTypeSimple;
rv.message = message;
rv.outPk.resize(destinations.size());
if (bulletproof)
rv.p.bulletproofs.resize(destinations.size());
else
if (!bulletproof)
rv.p.rangeSigs.resize(destinations.size());
rv.ecdhInfo.resize(destinations.size());
size_t i;
keyV masks(destinations.size()); //sk mask..
outSk.resize(destinations.size());
key sumout = zero();
for (i = 0; i < destinations.size(); i++) {
//add destination to sig
rv.outPk[i].dest = copy(destinations[i]);
//compute range proof
if (bulletproof)
rv.p.bulletproofs[i] = proveRangeBulletproof(rv.outPk[i].mask, outSk[i].mask, outamounts[i]);
else
if (!bulletproof)
rv.p.rangeSigs[i] = proveRange(rv.outPk[i].mask, outSk[i].mask, outamounts[i]);
#ifdef DBG
if (bulletproof)
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs[i]), "verBulletproof failed on newly created proof");
else
if (!bulletproof)
CHECK_AND_ASSERT_THROW_MES(verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]), "verRange failed on newly created proof");
#endif
}
rv.p.bulletproofs.clear();
if (bulletproof)
{
std::vector<uint64_t> proof_amounts;
size_t n_amounts = outamounts.size();
size_t amounts_proved = 0;
if (range_proof_type == RangeProofPaddedBulletproof)
{
rct::keyV C, masks;
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts));
#ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif
for (i = 0; i < outamounts.size(); ++i)
{
rv.outPk[i].mask = rct::scalarmult8(C[i]);
outSk[i].mask = masks[i];
}
}
else while (amounts_proved < n_amounts)
{
size_t batch_size = 1;
if (range_proof_type == RangeProofMultiOutputBulletproof)
while (batch_size * 2 + amounts_proved <= n_amounts && batch_size * 2 <= BULLETPROOF_MAX_OUTPUTS)
batch_size *= 2;
rct::keyV C, masks;
std::vector<uint64_t> batch_amounts(batch_size);
for (i = 0; i < batch_size; ++i)
batch_amounts[i] = outamounts[i + amounts_proved];
rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, batch_amounts));
#ifdef DBG
CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
#endif
for (i = 0; i < batch_size; ++i)
{
rv.outPk[i + amounts_proved].mask = rct::scalarmult8(C[i]);
outSk[i + amounts_proved].mask = masks[i];
}
amounts_proved += batch_size;
}
}
key sumout = zero();
for (i = 0; i < outSk.size(); ++i)
{
sc_add(sumout.bytes, outSk[i].mask.bytes, sumout.bytes);
//mask amount and mask
@ -818,7 +845,7 @@ namespace rct {
mixRing[i].resize(mixin+1);
index[i] = populateFromBlockchainSimple(mixRing[i], inPk[i], mixin);
}
return genRctSimple(message, inSk, destinations, inamounts, outamounts, txnFee, mixRing, amount_keys, kLRki, msout, index, outSk, false, hwdev);
return genRctSimple(message, inSk, destinations, inamounts, outamounts, txnFee, mixRing, amount_keys, kLRki, msout, index, outSk, RangeProofBorromean, hwdev);
}
//RingCT protocol
@ -833,13 +860,10 @@ namespace rct {
// must know the destination private key to find the correct amount, else will return a random number
bool verRct(const rctSig & rv, bool semantics) {
// PERF_TIMER(verRct);
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull || rv.type == RCTTypeFullBulletproof, false, "verRct called on non-full rctSig");
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull, false, "verRct called on non-full rctSig");
if (semantics)
{
if (rv.type == RCTTypeFullBulletproof)
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.p.bulletproofs.size(), false, "Mismatched sizes of outPk and rv.p.bulletproofs");
else
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.p.rangeSigs.size(), false, "Mismatched sizes of outPk and rv.p.rangeSigs");
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.p.rangeSigs.size(), false, "Mismatched sizes of outPk and rv.p.rangeSigs");
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.ecdhInfo.size(), false, "Mismatched sizes of outPk and rv.ecdhInfo");
CHECK_AND_ASSERT_MES(rv.p.MGs.size() == 1, false, "full rctSig has not one MG");
}
@ -856,19 +880,13 @@ namespace rct {
tools::threadpool::waiter waiter;
std::deque<bool> results(rv.outPk.size(), false);
DP("range proofs verified?");
for (size_t i = 0; i < rv.outPk.size(); i++) {
tpool.submit(&waiter, [&, i] {
if (rv.p.rangeSigs.empty())
results[i] = verBulletproof(rv.p.bulletproofs[i]);
else
results[i] = verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]);
}, true);
}
for (size_t i = 0; i < rv.outPk.size(); i++)
tpool.submit(&waiter, [&, i] { results[i] = verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]); });
waiter.wait(&tpool);
for (size_t i = 0; i < rv.outPk.size(); ++i) {
for (size_t i = 0; i < results.size(); ++i) {
if (!results[i]) {
LOG_PRINT_L1("Range proof verified failed for output " << i);
LOG_PRINT_L1("Range proof verified failed for proof " << i);
return false;
}
}
@ -902,17 +920,26 @@ namespace rct {
//ver RingCT simple
//assumes only post-rct style inputs (at least for max anonymity)
bool verRctSimple(const rctSig & rv, bool semantics) {
bool verRctSemanticsSimple(const std::vector<const rctSig*> & rvv) {
try
{
// PERF_TIMER(verRctSimple);
// PERF_TIMER(verRctSemanticsSimple);
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeSimpleBulletproof, false, "verRctSimple called on non simple rctSig");
if (semantics)
tools::threadpool& tpool = tools::threadpool::getInstance();
tools::threadpool::waiter waiter;
std::deque<bool> results;
std::vector<const Bulletproof*> proofs;
size_t max_non_bp_proofs = 0, offset = 0;
for (const rctSig *rvp: rvv)
{
if (rv.type == RCTTypeSimpleBulletproof)
CHECK_AND_ASSERT_MES(rvp, false, "rctSig pointer is NULL");
const rctSig &rv = *rvp;
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeBulletproof, false, "verRctSemanticsSimple called on non simple rctSig");
const bool bulletproof = is_rct_bulletproof(rv.type);
if (bulletproof)
{
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.p.bulletproofs.size(), false, "Mismatched sizes of outPk and rv.p.bulletproofs");
CHECK_AND_ASSERT_MES(rv.outPk.size() == n_bulletproof_amounts(rv.p.bulletproofs), false, "Mismatched sizes of outPk and bulletproofs");
CHECK_AND_ASSERT_MES(rv.p.pseudoOuts.size() == rv.p.MGs.size(), false, "Mismatched sizes of rv.p.pseudoOuts and rv.p.MGs");
CHECK_AND_ASSERT_MES(rv.pseudoOuts.empty(), false, "rv.pseudoOuts is not empty");
}
@ -923,81 +950,121 @@ namespace rct {
CHECK_AND_ASSERT_MES(rv.p.pseudoOuts.empty(), false, "rv.p.pseudoOuts is not empty");
}
CHECK_AND_ASSERT_MES(rv.outPk.size() == rv.ecdhInfo.size(), false, "Mismatched sizes of outPk and rv.ecdhInfo");
}
else
{
// semantics check is early, and mixRing/MGs aren't resolved yet
if (rv.type == RCTTypeSimpleBulletproof)
CHECK_AND_ASSERT_MES(rv.p.pseudoOuts.size() == rv.mixRing.size(), false, "Mismatched sizes of rv.p.pseudoOuts and mixRing");
else
CHECK_AND_ASSERT_MES(rv.pseudoOuts.size() == rv.mixRing.size(), false, "Mismatched sizes of rv.pseudoOuts and mixRing");
}
const size_t threads = std::max(rv.outPk.size(), rv.mixRing.size());
if (!bulletproof)
max_non_bp_proofs += rv.p.rangeSigs.size();
}
std::deque<bool> results(threads);
tools::threadpool& tpool = tools::threadpool::getInstance();
tools::threadpool::waiter waiter;
results.resize(max_non_bp_proofs);
for (const rctSig *rvp: rvv)
{
const rctSig &rv = *rvp;
const keyV &pseudoOuts = is_bulletproof(rv.type) ? rv.p.pseudoOuts : rv.pseudoOuts;
const bool bulletproof = is_rct_bulletproof(rv.type);
const keyV &pseudoOuts = bulletproof ? rv.p.pseudoOuts : rv.pseudoOuts;
if (semantics) {
key sumOutpks = identity();
rct::keyV masks(rv.outPk.size());
for (size_t i = 0; i < rv.outPk.size(); i++) {
addKeys(sumOutpks, sumOutpks, rv.outPk[i].mask);
masks[i] = rv.outPk[i].mask;
}
key sumOutpks = addKeys(masks);
DP(sumOutpks);
key txnFeeKey = scalarmultH(d2h(rv.txnFee));
const key txnFeeKey = scalarmultH(d2h(rv.txnFee));
addKeys(sumOutpks, txnFeeKey, sumOutpks);
key sumPseudoOuts = identity();
for (size_t i = 0 ; i < pseudoOuts.size() ; i++) {
addKeys(sumPseudoOuts, sumPseudoOuts, pseudoOuts[i]);
}
key sumPseudoOuts = addKeys(pseudoOuts);
DP(sumPseudoOuts);
//check pseudoOuts vs Outs..
if (!equalKeys(sumPseudoOuts, sumOutpks)) {
LOG_PRINT_L1("Sum check failed");
return false;
LOG_PRINT_L1("Sum check failed");
return false;
}
results.clear();
results.resize(rv.outPk.size());
for (size_t i = 0; i < rv.outPk.size(); i++) {
tpool.submit(&waiter, [&, i] {
if (rv.p.rangeSigs.empty())
results[i] = verBulletproof(rv.p.bulletproofs[i]);
else
results[i] = verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]);
}, true);
if (bulletproof)
{
for (size_t i = 0; i < rv.p.bulletproofs.size(); i++)
proofs.push_back(&rv.p.bulletproofs[i]);
}
waiter.wait(&tpool);
for (size_t i = 0; i < results.size(); ++i) {
if (!results[i]) {
LOG_PRINT_L1("Range proof verified failed for output " << i);
return false;
}
else
{
for (size_t i = 0; i < rv.p.rangeSigs.size(); i++)
tpool.submit(&waiter, [&, i, offset] { results[i+offset] = verRange(rv.outPk[i].mask, rv.p.rangeSigs[i]); });
offset += rv.p.rangeSigs.size();
}
}
else {
const key message = get_pre_mlsag_hash(rv, hw::get_device("default"));
results.clear();
results.resize(rv.mixRing.size());
for (size_t i = 0 ; i < rv.mixRing.size() ; i++) {
tpool.submit(&waiter, [&, i] {
results[i] = verRctMGSimple(message, rv.p.MGs[i], rv.mixRing[i], pseudoOuts[i]);
}, true);
if (!proofs.empty() && !verBulletproof(proofs))
{
LOG_PRINT_L1("Aggregate range proof verified failed");
return false;
}
waiter.wait(&tpool);
for (size_t i = 0; i < results.size(); ++i) {
if (!results[i]) {
LOG_PRINT_L1("Range proof verified failed for proof " << i);
return false;
}
waiter.wait(&tpool);
}
for (size_t i = 0; i < results.size(); ++i) {
if (!results[i]) {
LOG_PRINT_L1("verRctMGSimple failed for input " << i);
return false;
}
return true;
}
// we can get deep throws from ge_frombytes_vartime if input isn't valid
catch (const std::exception &e)
{
LOG_PRINT_L1("Error in verRctSemanticsSimple: " << e.what());
return false;
}
catch (...)
{
LOG_PRINT_L1("Error in verRctSemanticsSimple, but not an actual exception");
return false;
}
}
bool verRctSemanticsSimple(const rctSig & rv)
{
return verRctSemanticsSimple(std::vector<const rctSig*>(1, &rv));
}
//ver RingCT simple
//assumes only post-rct style inputs (at least for max anonymity)
bool verRctNonSemanticsSimple(const rctSig & rv) {
try
{
// PERF_TIMER(verRctNonSemanticsSimple);
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeBulletproof, false, "verRctNonSemanticsSimple called on non simple rctSig");
const bool bulletproof = is_rct_bulletproof(rv.type);
// semantics check is early, and mixRing/MGs aren't resolved yet
if (bulletproof)
CHECK_AND_ASSERT_MES(rv.p.pseudoOuts.size() == rv.mixRing.size(), false, "Mismatched sizes of rv.p.pseudoOuts and mixRing");
else
CHECK_AND_ASSERT_MES(rv.pseudoOuts.size() == rv.mixRing.size(), false, "Mismatched sizes of rv.pseudoOuts and mixRing");
const size_t threads = std::max(rv.outPk.size(), rv.mixRing.size());
std::deque<bool> results(threads);
tools::threadpool& tpool = tools::threadpool::getInstance();
tools::threadpool::waiter waiter;
const keyV &pseudoOuts = bulletproof ? rv.p.pseudoOuts : rv.pseudoOuts;
const key message = get_pre_mlsag_hash(rv, hw::get_device("default"));
results.clear();
results.resize(rv.mixRing.size());
for (size_t i = 0 ; i < rv.mixRing.size() ; i++) {
tpool.submit(&waiter, [&, i] {
results[i] = verRctMGSimple(message, rv.p.MGs[i], rv.mixRing[i], pseudoOuts[i]);
});
}
waiter.wait(&tpool);
for (size_t i = 0; i < results.size(); ++i) {
if (!results[i]) {
LOG_PRINT_L1("verRctMGSimple failed for input " << i);
return false;
}
}
@ -1006,12 +1073,12 @@ namespace rct {
// we can get deep throws from ge_frombytes_vartime if input isn't valid
catch (const std::exception &e)
{
LOG_PRINT_L1("Error in verRct: " << e.what());
LOG_PRINT_L1("Error in verRctNonSemanticsSimple: " << e.what());
return false;
}
catch (...)
{
LOG_PRINT_L1("Error in verRct, but not an actual exception");
LOG_PRINT_L1("Error in verRctNonSemanticsSimple, but not an actual exception");
return false;
}
}
@ -1027,7 +1094,7 @@ namespace rct {
// uses the attached ecdh info to find the amounts represented by each output commitment
// must know the destination private key to find the correct amount, else will return a random number
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev) {
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull || rv.type == RCTTypeFullBulletproof, false, "decodeRct called on non-full rctSig");
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull, false, "decodeRct called on non-full rctSig");
CHECK_AND_ASSERT_THROW_MES(i < rv.ecdhInfo.size(), "Bad index");
CHECK_AND_ASSERT_THROW_MES(rv.outPk.size() == rv.ecdhInfo.size(), "Mismatched sizes of rv.outPk and rv.ecdhInfo");
@ -1040,6 +1107,8 @@ namespace rct {
DP("C");
DP(C);
key Ctmp;
CHECK_AND_ASSERT_THROW_MES(sc_check(mask.bytes) == 0, "warning, bad ECDH mask");
CHECK_AND_ASSERT_THROW_MES(sc_check(amount.bytes) == 0, "warning, bad ECDH amount");
addKeys2(Ctmp, mask, amount, H);
DP("Ctmp");
DP(Ctmp);
@ -1055,7 +1124,7 @@ namespace rct {
}
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, key &mask, hw::device &hwdev) {
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeSimpleBulletproof, false, "decodeRct called on non simple rctSig");
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeBulletproof, false, "decodeRct called on non simple rctSig");
CHECK_AND_ASSERT_THROW_MES(i < rv.ecdhInfo.size(), "Bad index");
CHECK_AND_ASSERT_THROW_MES(rv.outPk.size() == rv.ecdhInfo.size(), "Mismatched sizes of rv.outPk and rv.ecdhInfo");
@ -1068,6 +1137,8 @@ namespace rct {
DP("C");
DP(C);
key Ctmp;
CHECK_AND_ASSERT_THROW_MES(sc_check(mask.bytes) == 0, "warning, bad ECDH mask");
CHECK_AND_ASSERT_THROW_MES(sc_check(amount.bytes) == 0, "warning, bad ECDH amount");
addKeys2(Ctmp, mask, amount, H);
DP("Ctmp");
DP(Ctmp);
@ -1083,12 +1154,12 @@ namespace rct {
}
bool signMultisig(rctSig &rv, const std::vector<unsigned int> &indices, const keyV &k, const multisig_out &msout, const key &secret_key) {
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull || rv.type == RCTTypeSimple || rv.type == RCTTypeFullBulletproof || rv.type == RCTTypeSimpleBulletproof,
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull || rv.type == RCTTypeSimple || rv.type == RCTTypeBulletproof,
false, "unsupported rct type");
CHECK_AND_ASSERT_MES(indices.size() == k.size(), false, "Mismatched k/indices sizes");
CHECK_AND_ASSERT_MES(k.size() == rv.p.MGs.size(), false, "Mismatched k/MGs size");
CHECK_AND_ASSERT_MES(k.size() == msout.c.size(), false, "Mismatched k/msout.c size");
if (rv.type == RCTTypeFull || rv.type == RCTTypeFullBulletproof)
if (rv.type == RCTTypeFull)
{
CHECK_AND_ASSERT_MES(rv.p.MGs.size() == 1, false, "MGs not a single element");
}

10
ringct/rctSigs.h
Unescape View File

@ -119,14 +119,16 @@ namespace rct {
//decodeRct: (c.f. https://eprint.iacr.org/2015/1098 section 5.1.1)
// uses the attached ecdh info to find the amounts represented by each output commitment
// must know the destination private key to find the correct amount, else will return a random number
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev);
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, hw::device &hwdev);
rctSig genRct(const key &message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, const int mixin, hw::device &hwdev);
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, xmr_amount txnFee, unsigned int mixin, hw::device &hwdev);
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, xmr_amount txnFee, const ctkeyM & mixRing, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, const std::vector<unsigned int> & index, ctkeyV &outSk, bool bulletproof, hw::device &hwdev);
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, xmr_amount txnFee, const ctkeyM & mixRing, const keyV &amount_keys, const std::vector<multisig_kLRki> *kLRki, multisig_out *msout, const std::vector<unsigned int> & index, ctkeyV &outSk, RangeProofType range_proof_type, hw::device &hwdev);
bool verRct(const rctSig & rv, bool semantics);
static inline bool verRct(const rctSig & rv) { return verRct(rv, true) && verRct(rv, false); }
bool verRctSimple(const rctSig & rv, bool semantics);
static inline bool verRctSimple(const rctSig & rv) { return verRctSimple(rv, true) && verRctSimple(rv, false); }
bool verRctSemanticsSimple(const rctSig & rv);
bool verRctSemanticsSimple(const std::vector<const rctSig*> & rv);
bool verRctNonSemanticsSimple(const rctSig & rv);
static inline bool verRctSimple(const rctSig & rv) { return verRctSemanticsSimple(rv) && verRctNonSemanticsSimple(rv); }
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev);
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);

88
ringct/rctTypes.cpp
Unescape View File

@ -28,6 +28,8 @@
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "misc_log_ex.h"
#include "cryptonote_config.h"
#include "rctTypes.h"
using namespace crypto;
using namespace std;
@ -209,4 +211,90 @@ namespace rct {
return vali;
}
bool is_rct_simple(int type)
{
switch (type)
{
case RCTTypeSimple:
case RCTTypeBulletproof:
return true;
default:
return false;
}
}
bool is_rct_bulletproof(int type)
{
switch (type)
{
case RCTTypeBulletproof:
return true;
default:
return false;
}
}
bool is_rct_borromean(int type)
{
switch (type)
{
case RCTTypeSimple:
case RCTTypeFull:
return true;
default:
return false;
}
}
size_t n_bulletproof_amounts(const Bulletproof &proof)
{
CHECK_AND_ASSERT_MES(proof.L.size() >= 6, 0, "Invalid bulletproof L size");
CHECK_AND_ASSERT_MES(proof.L.size() == proof.R.size(), 0, "Mismatched bulletproof L/R size");
static const size_t extra_bits = 4;
static_assert((1 << extra_bits) == BULLETPROOF_MAX_OUTPUTS, "log2(BULLETPROOF_MAX_OUTPUTS) is out of date");
CHECK_AND_ASSERT_MES(proof.L.size() <= 6 + extra_bits, 0, "Invalid bulletproof L size");
CHECK_AND_ASSERT_MES(proof.V.size() <= (1u<<(proof.L.size()-6)), 0, "Invalid bulletproof V/L");
CHECK_AND_ASSERT_MES(proof.V.size() * 2 > (1u<<(proof.L.size()-6)), 0, "Invalid bulletproof V/L");
CHECK_AND_ASSERT_MES(proof.V.size() > 0, 0, "Empty bulletproof");
return proof.V.size();
}
size_t n_bulletproof_amounts(const std::vector<Bulletproof> &proofs)
{
size_t n = 0;
for (const Bulletproof &proof: proofs)
{
size_t n2 = n_bulletproof_amounts(proof);
CHECK_AND_ASSERT_MES(n2 < std::numeric_limits<uint32_t>::max() - n, 0, "Invalid number of bulletproofs");
if (n2 == 0)
return 0;
n += n2;
}
return n;
}
size_t n_bulletproof_max_amounts(const Bulletproof &proof)
{
CHECK_AND_ASSERT_MES(proof.L.size() >= 6, 0, "Invalid bulletproof L size");
CHECK_AND_ASSERT_MES(proof.L.size() == proof.R.size(), 0, "Mismatched bulletproof L/R size");
static const size_t extra_bits = 4;
static_assert((1 << extra_bits) == BULLETPROOF_MAX_OUTPUTS, "log2(BULLETPROOF_MAX_OUTPUTS) is out of date");
CHECK_AND_ASSERT_MES(proof.L.size() <= 6 + extra_bits, 0, "Invalid bulletproof L size");
return 1 << (proof.L.size() - 6);
}
size_t n_bulletproof_max_amounts(const std::vector<Bulletproof> &proofs)
{
size_t n = 0;
for (const Bulletproof &proof: proofs)
{
size_t n2 = n_bulletproof_max_amounts(proof);
CHECK_AND_ASSERT_MES(n2 < std::numeric_limits<uint32_t>::max() - n, 0, "Invalid number of bulletproofs");
if (n2 == 0)
return 0;
n += n2;
}
return n;
}
}

80
ringct/rctTypes.h
Unescape View File

@ -36,6 +36,7 @@
#include <vector>
#include <iostream>
#include <cinttypes>
#include <sodium/crypto_verify_32.h>
extern "C" {
#include "crypto/crypto-ops.h"
@ -81,7 +82,7 @@ namespace rct {
unsigned char operator[](int i) const {
return bytes[i];
}
bool operator==(const key &k) const { return !memcmp(bytes, k.bytes, sizeof(bytes)); }
bool operator==(const key &k) const { return !crypto_verify_32(bytes, k.bytes); }
unsigned char bytes[32];
};
typedef std::vector<key> keyV; //vector of keys
@ -189,6 +190,8 @@ namespace rct {
Bulletproof() {}
Bulletproof(const rct::key &V, const rct::key &A, const rct::key &S, const rct::key &T1, const rct::key &T2, const rct::key &taux, const rct::key &mu, const rct::keyV &L, const rct::keyV &R, const rct::key &a, const rct::key &b, const rct::key &t):
V({V}), A(A), S(S), T1(T1), T2(T2), taux(taux), mu(mu), L(L), R(R), a(a), b(b), t(t) {}
Bulletproof(const rct::keyV &V, const rct::key &A, const rct::key &S, const rct::key &T1, const rct::key &T2, const rct::key &taux, const rct::key &mu, const rct::keyV &L, const rct::keyV &R, const rct::key &a, const rct::key &b, const rct::key &t):
V(V), A(A), S(S), T1(T1), T2(T2), taux(taux), mu(mu), L(L), R(R), a(a), b(b), t(t) {}
BEGIN_SERIALIZE_OBJECT()
// Commitments aren't saved, they're restored via outPk
@ -210,6 +213,11 @@ namespace rct {
END_SERIALIZE()
};
size_t n_bulletproof_amounts(const Bulletproof &proof);
size_t n_bulletproof_max_amounts(const Bulletproof &proof);
size_t n_bulletproof_amounts(const std::vector<Bulletproof> &proofs);
size_t n_bulletproof_max_amounts(const std::vector<Bulletproof> &proofs);
//A container to hold all signatures necessary for RingCT
// rangeSigs holds all the rangeproof data of a transaction
// MG holds the MLSAG signature of a transaction
@ -221,9 +229,9 @@ namespace rct {
RCTTypeNull = 0,
RCTTypeFull = 1,
RCTTypeSimple = 2,
RCTTypeFullBulletproof = 3,
RCTTypeSimpleBulletproof = 4,
RCTTypeBulletproof = 3,
};
enum RangeProofType { RangeProofBorromean, RangeProofBulletproof, RangeProofMultiOutputBulletproof, RangeProofPaddedBulletproof };
struct rctSigBase {
uint8_t type;
key message;
@ -240,7 +248,7 @@ namespace rct {
FIELD(type)
if (type == RCTTypeNull)
return true;
if (type != RCTTypeFull && type != RCTTypeFullBulletproof && type != RCTTypeSimple && type != RCTTypeSimpleBulletproof)
if (type != RCTTypeFull && type != RCTTypeSimple && type != RCTTypeBulletproof)
return false;
VARINT_FIELD(txnFee)
// inputs/outputs not saved, only here for serialization help
@ -301,21 +309,25 @@ namespace rct {
{
if (type == RCTTypeNull)
return true;
if (type != RCTTypeFull && type != RCTTypeFullBulletproof && type != RCTTypeSimple && type != RCTTypeSimpleBulletproof)
if (type != RCTTypeFull && type != RCTTypeSimple && type != RCTTypeBulletproof)
return false;
if (type == RCTTypeSimpleBulletproof || type == RCTTypeFullBulletproof)
if (type == RCTTypeBulletproof)
{
uint32_t nbp = bulletproofs.size();
FIELD(nbp)
ar.tag("bp");
ar.begin_array();
PREPARE_CUSTOM_VECTOR_SERIALIZATION(outputs, bulletproofs);
if (bulletproofs.size() != outputs)
if (nbp > outputs)
return false;
for (size_t i = 0; i < outputs; ++i)
PREPARE_CUSTOM_VECTOR_SERIALIZATION(nbp, bulletproofs);
for (size_t i = 0; i < nbp; ++i)
{
FIELDS(bulletproofs[i])
if (outputs - i > 1)
if (nbp - i > 1)
ar.delimit_array();
}
if (n_bulletproof_max_amounts(bulletproofs) < outputs)
return false;
ar.end_array();
}
else
@ -338,7 +350,7 @@ namespace rct {
ar.begin_array();
// we keep a byte for size of MGs, because we don't know whether this is
// a simple or full rct signature, and it's starting to annoy the hell out of me
size_t mg_elements = (type == RCTTypeSimple || type == RCTTypeSimpleBulletproof) ? inputs : 1;
size_t mg_elements = (type == RCTTypeSimple || type == RCTTypeBulletproof) ? inputs : 1;
PREPARE_CUSTOM_VECTOR_SERIALIZATION(mg_elements, MGs);
if (MGs.size() != mg_elements)
return false;
@ -356,7 +368,7 @@ namespace rct {
for (size_t j = 0; j < mixin + 1; ++j)
{
ar.begin_array();
size_t mg_ss2_elements = ((type == RCTTypeSimple || type == RCTTypeSimpleBulletproof) ? 1 : inputs) + 1;
size_t mg_ss2_elements = ((type == RCTTypeSimple || type == RCTTypeBulletproof) ? 1 : inputs) + 1;
PREPARE_CUSTOM_VECTOR_SERIALIZATION(mg_ss2_elements, MGs[i].ss[j]);
if (MGs[i].ss[j].size() != mg_ss2_elements)
return false;
@ -382,7 +394,7 @@ namespace rct {
ar.delimit_array();
}
ar.end_array();
if (type == RCTTypeSimpleBulletproof)
if (type == RCTTypeBulletproof)
{
ar.tag("pseudoOuts");
ar.begin_array();
@ -403,6 +415,16 @@ namespace rct {
};
struct rctSig: public rctSigBase {
rctSigPrunable p;
keyV& get_pseudo_outs()
{
return type == RCTTypeBulletproof ? p.pseudoOuts : pseudoOuts;
}
keyV const& get_pseudo_outs() const
{
return type == RCTTypeBulletproof ? p.pseudoOuts : pseudoOuts;
}
};
//other basepoint H = toPoint(cn_fast_hash(G)), G the basepoint
@ -506,24 +528,28 @@ namespace rct {
//int[64] to uint long long
xmr_amount b2d(bits amountb);
static inline const rct::key pk2rct(const crypto::public_key &pk) { return (const rct::key&)pk; }
static inline const rct::key sk2rct(const crypto::secret_key &sk) { return (const rct::key&)sk; }
static inline const rct::key ki2rct(const crypto::key_image &ki) { return (const rct::key&)ki; }
static inline const rct::key hash2rct(const crypto::hash &h) { return (const rct::key&)h; }
static inline const crypto::public_key rct2pk(const rct::key &k) { return (const crypto::public_key&)k; }
static inline const crypto::secret_key rct2sk(const rct::key &k) { return (const crypto::secret_key&)k; }
static inline const crypto::key_image rct2ki(const rct::key &k) { return (const crypto::key_image&)k; }
static inline const crypto::hash rct2hash(const rct::key &k) { return (const crypto::hash&)k; }
static inline bool operator==(const rct::key &k0, const crypto::public_key &k1) { return !memcmp(&k0, &k1, 32); }
static inline bool operator!=(const rct::key &k0, const crypto::public_key &k1) { return memcmp(&k0, &k1, 32); }
bool is_rct_simple(int type);
bool is_rct_bulletproof(int type);
bool is_rct_borromean(int type);
static inline const rct::key &pk2rct(const crypto::public_key &pk) { return (const rct::key&)pk; }
static inline const rct::key &sk2rct(const crypto::secret_key &sk) { return (const rct::key&)sk; }
static inline const rct::key &ki2rct(const crypto::key_image &ki) { return (const rct::key&)ki; }
static inline const rct::key &hash2rct(const crypto::hash &h) { return (const rct::key&)h; }
static inline const crypto::public_key &rct2pk(const rct::key &k) { return (const crypto::public_key&)k; }
static inline const crypto::secret_key &rct2sk(const rct::key &k) { return (const crypto::secret_key&)k; }
static inline const crypto::key_image &rct2ki(const rct::key &k) { return (const crypto::key_image&)k; }
static inline const crypto::hash &rct2hash(const rct::key &k) { return (const crypto::hash&)k; }
static inline bool operator==(const rct::key &k0, const crypto::public_key &k1) { return !crypto_verify_32(k0.bytes, (const unsigned char*)&k1); }
static inline bool operator!=(const rct::key &k0, const crypto::public_key &k1) { return crypto_verify_32(k0.bytes, (const unsigned char*)&k1); }
}
namespace cryptonote {
static inline bool operator==(const crypto::public_key &k0, const rct::key &k1) { return !memcmp(&k0, &k1, 32); }
static inline bool operator!=(const crypto::public_key &k0, const rct::key &k1) { return memcmp(&k0, &k1, 32); }
static inline bool operator==(const crypto::secret_key &k0, const rct::key &k1) { return !memcmp(&k0, &k1, 32); }
static inline bool operator!=(const crypto::secret_key &k0, const rct::key &k1) { return memcmp(&k0, &k1, 32); }
static inline bool operator==(const crypto::public_key &k0, const rct::key &k1) { return !crypto_verify_32((const unsigned char*)&k0, k1.bytes); }
static inline bool operator!=(const crypto::public_key &k0, const rct::key &k1) { return crypto_verify_32((const unsigned char*)&k0, k1.bytes); }
static inline bool operator==(const crypto::secret_key &k0, const rct::key &k1) { return !crypto_verify_32((const unsigned char*)&k0, k1.bytes); }
static inline bool operator!=(const crypto::secret_key &k0, const rct::key &k1) { return crypto_verify_32((const unsigned char*)&k0, k1.bytes); }
}
namespace rct {

99
rpc/core_rpc_server_commands_defs.h
Unescape View File

@ -48,8 +48,8 @@ namespace cryptonote
// whether they can talk to a given daemon without having to know in
// advance which version they will stop working with
// Don't go over 32767 for any of these
#define CORE_RPC_VERSION_MAJOR 1
#define CORE_RPC_VERSION_MINOR 21
#define CORE_RPC_VERSION_MAJOR 2
#define CORE_RPC_VERSION_MINOR 1
#define MAKE_CORE_RPC_VERSION(major,minor) (((major)<<16)|(minor))
#define CORE_RPC_VERSION MAKE_CORE_RPC_VERSION(CORE_RPC_VERSION_MAJOR, CORE_RPC_VERSION_MINOR)
@ -680,50 +680,6 @@ namespace cryptonote
};
};
//-----------------------------------------------
struct COMMAND_RPC_GET_RANDOM_OUTPUTS_FOR_AMOUNTS
{
struct request
{
std::vector<uint64_t> amounts;
uint64_t outs_count;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(amounts)
KV_SERIALIZE(outs_count)
END_KV_SERIALIZE_MAP()
};
#pragma pack (push, 1)
struct out_entry
{
uint64_t global_amount_index;
crypto::public_key out_key;
};
#pragma pack(pop)
struct outs_for_amount
{
uint64_t amount;
std::list<out_entry> outs;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(amount)
KV_SERIALIZE_CONTAINER_POD_AS_BLOB(outs)
END_KV_SERIALIZE_MAP()
};
struct response
{
std::vector<outs_for_amount> outs;
std::string status;
bool untrusted;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(outs)
KV_SERIALIZE(status)
KV_SERIALIZE(untrusted)
END_KV_SERIALIZE_MAP()
};
};
//-----------------------------------------------
struct get_outputs_out
{
uint64_t amount;
@ -818,39 +774,6 @@ namespace cryptonote
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_GET_RANDOM_RCT_OUTPUTS
{
struct request
{
uint64_t outs_count;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(outs_count)
END_KV_SERIALIZE_MAP()
};
#pragma pack (push, 1)
struct out_entry
{
uint64_t amount;
uint64_t global_amount_index;
crypto::public_key out_key;
rct::key commitment;
};
#pragma pack(pop)
struct response
{
std::list<out_entry> outs;
std::string status;
bool untrusted;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_CONTAINER_POD_AS_BLOB(outs)
KV_SERIALIZE(status)
KV_SERIALIZE(untrusted)
END_KV_SERIALIZE_MAP()
};
};
//-----------------------------------------------
struct COMMAND_RPC_SEND_RAW_TX
{
@ -959,7 +882,9 @@ namespace cryptonote
std::string top_block_hash;
uint64_t cumulative_difficulty;
uint64_t block_size_limit;
uint64_t block_weight_limit;
uint64_t block_size_median;
uint64_t block_weight_median;
uint64_t start_time;
uint64_t free_space;
bool offline;
@ -968,6 +893,7 @@ namespace cryptonote
uint64_t height_without_bootstrap;
bool was_bootstrap_ever_used;
uint64_t database_size;
bool update_available;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(status)
@ -990,7 +916,9 @@ namespace cryptonote
KV_SERIALIZE(top_block_hash)
KV_SERIALIZE(cumulative_difficulty)
KV_SERIALIZE(block_size_limit)
KV_SERIALIZE_OPT(block_weight_limit, (uint64_t)0)
KV_SERIALIZE(block_size_median)
KV_SERIALIZE_OPT(block_weight_median, (uint64_t)0)
KV_SERIALIZE(start_time)
KV_SERIALIZE(free_space)
KV_SERIALIZE(offline)
@ -999,6 +927,7 @@ namespace cryptonote
KV_SERIALIZE(height_without_bootstrap)
KV_SERIALIZE(was_bootstrap_ever_used)
KV_SERIALIZE(database_size)
KV_SERIALIZE(update_available)
END_KV_SERIALIZE_MAP()
};
};
@ -1193,8 +1122,10 @@ namespace cryptonote
uint64_t depth;
std::string hash;
difficulty_type difficulty;
difficulty_type cumulative_difficulty;
uint64_t reward;
uint64_t block_size;
uint64_t block_weight;
uint64_t num_txes;
std::string pow_hash;
@ -1209,8 +1140,10 @@ namespace cryptonote
KV_SERIALIZE(depth)
KV_SERIALIZE(hash)
KV_SERIALIZE(difficulty)
KV_SERIALIZE(cumulative_difficulty)
KV_SERIALIZE(reward)
KV_SERIALIZE(block_size)
KV_SERIALIZE_OPT(block_weight, (uint64_t)0)
KV_SERIALIZE(num_txes)
KV_SERIALIZE(pow_hash)
END_KV_SERIALIZE_MAP()
@ -1451,6 +1384,7 @@ namespace cryptonote
std::string id_hash;
std::string tx_json; // TODO - expose this data directly
uint64_t blob_size;
uint64_t weight;
uint64_t fee;
std::string max_used_block_id_hash;
uint64_t max_used_block_height;
@ -1468,6 +1402,7 @@ namespace cryptonote
KV_SERIALIZE(id_hash)
KV_SERIALIZE(tx_json)
KV_SERIALIZE(blob_size)
KV_SERIALIZE_OPT(weight, (uint64_t)0)
KV_SERIALIZE(fee)
KV_SERIALIZE(max_used_block_id_hash)
KV_SERIALIZE(max_used_block_height)
@ -1564,7 +1499,7 @@ namespace cryptonote
struct tx_backlog_entry
{
uint64_t blob_size;
uint64_t weight;
uint64_t fee;
uint64_t time_in_pool;
};
@ -2102,7 +2037,7 @@ namespace cryptonote
};
};
struct COMMAND_RPC_GET_PER_KB_FEE_ESTIMATE
struct COMMAND_RPC_GET_BASE_FEE_ESTIMATE
{
struct request
{
@ -2117,11 +2052,13 @@ namespace cryptonote
{
std::string status;
uint64_t fee;
uint64_t quantization_mask;
bool untrusted;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(status)
KV_SERIALIZE(fee)
KV_SERIALIZE_OPT(quantization_mask, (uint64_t)1)
KV_SERIALIZE(untrusted)
END_KV_SERIALIZE_MAP()
};

1
serialization/container.h
Unescape View File

@ -31,7 +31,6 @@
#pragma once
#include "serialization.h"
#include "vector.h" // needed for detail::do_add
namespace serialization
{

23
serialization/serialization.h
Unescape View File

@ -318,7 +318,7 @@ namespace serialization {
* \brief self explanatory
*/
template<class Stream>
bool do_check_stream_state(Stream& s, boost::mpl::bool_<true>)
bool do_check_stream_state(Stream& s, boost::mpl::bool_<true>, bool noeof)
{
return s.good();
}
@ -329,13 +329,13 @@ namespace serialization {
* \detailed Also checks to make sure that the stream is not at EOF
*/
template<class Stream>
bool do_check_stream_state(Stream& s, boost::mpl::bool_<false>)
bool do_check_stream_state(Stream& s, boost::mpl::bool_<false>, bool noeof)
{
bool result = false;
if (s.good())
{
std::ios_base::iostate state = s.rdstate();
result = EOF == s.peek();
result = noeof || EOF == s.peek();
s.clear(state);
}
return result;
@ -347,9 +347,9 @@ namespace serialization {
* \brief calls detail::do_check_stream_state for ar
*/
template<class Archive>
bool check_stream_state(Archive& ar)
bool check_stream_state(Archive& ar, bool noeof = false)
{
return detail::do_check_stream_state(ar.stream(), typename Archive::is_saving());
return detail::do_check_stream_state(ar.stream(), typename Archive::is_saving(), noeof);
}
/*! \fn serialize
@ -360,6 +360,17 @@ namespace serialization {
inline bool serialize(Archive &ar, T &v)
{
bool r = do_serialize(ar, v);
return r && check_stream_state(ar);
return r && check_stream_state(ar, false);
}
/*! \fn serialize
*
* \brief serializes \a v into \a ar
*/
template <class Archive, class T>
inline bool serialize_noeof(Archive &ar, T &v)
{
bool r = do_serialize(ar, v);
return r && check_stream_state(ar, true);
}
}

27
wallet/wallet_errors.h
Unescape View File

@ -53,6 +53,7 @@ namespace tools
// wallet_not_initialized
// multisig_export_needed
// multisig_import_needed
// password_needed
// std::logic_error
// wallet_logic_error *
// file_exists
@ -72,7 +73,7 @@ namespace tools
// get_tx_pool_error
// out_of_hashchain_bounds_error
// transfer_error *
// get_random_outs_general_error
// get_outs_general_error
// not_enough_unlocked_money
// not_enough_money
// tx_not_possible
@ -127,7 +128,7 @@ namespace tools
get_blocks_error_message_index,
get_hashes_error_message_index,
get_out_indices_error_message_index,
get_random_outs_error_message_index
get_outs_error_message_index
};
template<typename Base, int msg_index>
@ -209,6 +210,14 @@ namespace tools
}
};
//----------------------------------------------------------------------------------------------------
struct password_needed : public wallet_runtime_error
{
explicit password_needed(std::string&& loc, const std::string &msg = "Password needed")
: wallet_runtime_error(std::move(loc), msg)
{
}
};
//----------------------------------------------------------------------------------------------------
const char* const file_error_messages[] = {
"file already exists",
"file not found",
@ -418,7 +427,7 @@ namespace tools
}
};
//----------------------------------------------------------------------------------------------------
typedef failed_rpc_request<transfer_error, get_random_outs_error_message_index> get_random_outs_error;
typedef failed_rpc_request<transfer_error, get_outs_error_message_index> get_outs_error;
//----------------------------------------------------------------------------------------------------
struct not_enough_unlocked_money : public transfer_error
{
@ -670,30 +679,30 @@ namespace tools
//----------------------------------------------------------------------------------------------------
struct tx_too_big : public transfer_error
{
explicit tx_too_big(std::string&& loc, const cryptonote::transaction& tx, uint64_t tx_size_limit)
explicit tx_too_big(std::string&& loc, const cryptonote::transaction& tx, uint64_t tx_weight_limit)
: transfer_error(std::move(loc), "transaction is too big")
, m_tx(tx)
, m_tx_size_limit(tx_size_limit)
, m_tx_weight_limit(tx_weight_limit)
{
}
const cryptonote::transaction& tx() const { return m_tx; }
uint64_t tx_size_limit() const { return m_tx_size_limit; }
uint64_t tx_weight_limit() const { return m_tx_weight_limit; }
std::string to_string() const
{
std::ostringstream ss;
cryptonote::transaction tx = m_tx;
ss << transfer_error::to_string() <<
", tx_size_limit = " << m_tx_size_limit <<
", tx size = " << get_object_blobsize(m_tx) <<
", tx_weight_limit = " << m_tx_weight_limit <<
", tx weight = " << get_transaction_weight(m_tx) <<
", tx:\n" << cryptonote::obj_to_json_str(tx);
return ss.str();
}
private:
cryptonote::transaction m_tx;
uint64_t m_tx_size_limit;
uint64_t m_tx_weight_limit;
};
//----------------------------------------------------------------------------------------------------
struct zero_destination : public transfer_error

127
wallet/wallet_rpc_server_commands_defs.h
Unescape View File

@ -47,7 +47,7 @@
// advance which version they will stop working with
// Don't go over 32767 for any of these
#define WALLET_RPC_VERSION_MAJOR 1
#define WALLET_RPC_VERSION_MINOR 1
#define WALLET_RPC_VERSION_MINOR 4
#define MAKE_WALLET_RPC_VERSION(major,minor) (((major)<<16)|(minor))
#define WALLET_RPC_VERSION MAKE_WALLET_RPC_VERSION(WALLET_RPC_VERSION_MAJOR, WALLET_RPC_VERSION_MINOR)
namespace tools
@ -62,8 +62,10 @@ namespace wallet_rpc
struct request
{
uint32_t account_index;
std::set<uint32_t> address_indices;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(account_index)
KV_SERIALIZE(address_indices)
END_KV_SERIALIZE_MAP()
};
@ -141,6 +143,25 @@ namespace wallet_rpc
};
};
struct COMMAND_RPC_GET_ADDRESS_INDEX
{
struct request
{
std::string address;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(address)
END_KV_SERIALIZE_MAP()
};
struct response
{
cryptonote::subaddress_index index;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(index)
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_CREATE_ADDRESS
{
struct request
@ -424,7 +445,6 @@ namespace wallet_rpc
{
std::string tx_hash;
std::string tx_key;
std::list<std::string> amount_keys;
uint64_t amount;
uint64_t fee;
std::string tx_blob;
@ -435,7 +455,6 @@ namespace wallet_rpc
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(tx_hash)
KV_SERIALIZE(tx_key)
KV_SERIALIZE(amount_keys)
KV_SERIALIZE(amount)
KV_SERIALIZE(fee)
KV_SERIALIZE(tx_blob)
@ -620,6 +639,7 @@ namespace wallet_rpc
uint32_t priority;
uint64_t mixin;
uint64_t ring_size;
uint64_t outputs;
uint64_t unlock_time;
std::string payment_id;
bool get_tx_keys;
@ -635,6 +655,7 @@ namespace wallet_rpc
KV_SERIALIZE(priority)
KV_SERIALIZE_OPT(mixin, (uint64_t)0)
KV_SERIALIZE_OPT(ring_size, (uint64_t)0)
KV_SERIALIZE_OPT(outputs, (uint64_t)1)
KV_SERIALIZE(unlock_time)
KV_SERIALIZE(payment_id)
KV_SERIALIZE(get_tx_keys)
@ -686,6 +707,7 @@ namespace wallet_rpc
uint32_t priority;
uint64_t mixin;
uint64_t ring_size;
uint64_t outputs;
uint64_t unlock_time;
std::string payment_id;
bool get_tx_key;
@ -699,6 +721,7 @@ namespace wallet_rpc
KV_SERIALIZE(priority)
KV_SERIALIZE_OPT(mixin, (uint64_t)0)
KV_SERIALIZE_OPT(ring_size, (uint64_t)0)
KV_SERIALIZE_OPT(outputs, (uint64_t)1)
KV_SERIALIZE(unlock_time)
KV_SERIALIZE(payment_id)
KV_SERIALIZE(get_tx_key)
@ -747,15 +770,9 @@ namespace wallet_rpc
struct response
{
std::string tx_hash;
std::string tx_key;
uint64_t fee;
std::string tx_blob;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(tx_hash)
KV_SERIALIZE(tx_key)
KV_SERIALIZE(fee)
KV_SERIALIZE(tx_blob)
END_KV_SERIALIZE_MAP()
};
};
@ -846,8 +863,7 @@ namespace wallet_rpc
bool spent;
uint64_t global_index;
std::string tx_hash;
uint64_t tx_size;
uint32_t subaddr_index;
cryptonote::subaddress_index subaddr_index;
std::string key_image;
BEGIN_KV_SERIALIZE_MAP()
@ -855,7 +871,6 @@ namespace wallet_rpc
KV_SERIALIZE(spent)
KV_SERIALIZE(global_index)
KV_SERIALIZE(tx_hash)
KV_SERIALIZE(tx_size)
KV_SERIALIZE(subaddr_index)
KV_SERIALIZE(key_image)
END_KV_SERIALIZE_MAP()
@ -868,13 +883,11 @@ namespace wallet_rpc
std::string transfer_type;
uint32_t account_index;
std::set<uint32_t> subaddr_indices;
bool verbose;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(transfer_type)
KV_SERIALIZE(account_index)
KV_SERIALIZE(subaddr_indices)
KV_SERIALIZE(verbose)
END_KV_SERIALIZE_MAP()
};
@ -914,9 +927,11 @@ namespace wallet_rpc
{
struct request
{
std::string standard_address;
std::string payment_id;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(standard_address)
KV_SERIALIZE(payment_id)
END_KV_SERIALIZE_MAP()
};
@ -1384,9 +1399,11 @@ namespace wallet_rpc
struct response
{
transfer_entry transfer;
std::list<transfer_entry> transfers;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(transfer);
KV_SERIALIZE(transfers);
END_KV_SERIALIZE_MAP()
};
};
@ -1691,6 +1708,29 @@ namespace wallet_rpc
};
};
struct COMMAND_RPC_REFRESH
{
struct request
{
uint64_t start_height;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE_OPT(start_height, (uint64_t) 0)
END_KV_SERIALIZE_MAP()
};
struct response
{
uint64_t blocks_fetched;
bool received_money;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(blocks_fetched);
KV_SERIALIZE(received_money);
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_START_MINING
{
struct request
@ -1785,6 +1825,40 @@ namespace wallet_rpc
};
};
struct COMMAND_RPC_CLOSE_WALLET
{
struct request
{
BEGIN_KV_SERIALIZE_MAP()
END_KV_SERIALIZE_MAP()
};
struct response
{
BEGIN_KV_SERIALIZE_MAP()
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_CHANGE_WALLET_PASSWORD
{
struct request
{
std::string old_password;
std::string new_password;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(old_password)
KV_SERIALIZE(new_password)
END_KV_SERIALIZE_MAP()
};
struct response
{
BEGIN_KV_SERIALIZE_MAP()
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_IS_MULTISIG
{
struct request
@ -1916,6 +1990,31 @@ namespace wallet_rpc
};
};
struct COMMAND_RPC_EXCHANGE_MULTISIG_KEYS
{
struct request
{
std::string password;
std::vector<std::string> multisig_info;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(password)
KV_SERIALIZE(multisig_info)
END_KV_SERIALIZE_MAP()
};
struct response
{
std::string address;
std::string multisig_info;
BEGIN_KV_SERIALIZE_MAP()
KV_SERIALIZE(address)
KV_SERIALIZE(multisig_info)
END_KV_SERIALIZE_MAP()
};
};
struct COMMAND_RPC_SIGN_MULTISIG
{
struct request

Write Preview
Loading…
Cancel
Save