From 69d69634fc5782e66b7a936bcb254635a7269bf7 Mon Sep 17 00:00:00 2001
From: Paul Shapiro <paulshapiro@users.noreply.github.com>
Date: Wed, 17 Oct 2018 16:59:04 -0500
Subject: [PATCH] updated to 0.13.0.3

---
 CMakeLists.txt                |  8 ++++++
 contrib/monero-core-custom    |  2 +-
 src/monero_fork_rules.cpp     |  4 +--
 src/monero_transfer_utils.cpp |  5 ++--
 src/monero_wallet_utils.cpp   | 22 +++++++--------
 src/monero_wallet_utils.hpp   | 50 ++++++++++++++++++++++++++---------
 src/serial_bridge_index.cpp   | 16 ++++++-----
 test/test_all.cpp             |  9 ++++---
 8 files changed, 79 insertions(+), 37 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1456477..84c0a2a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -53,6 +53,8 @@ include_directories("${MONERO_SRC}/cryptonote_protocol")
 include_directories("${MONERO_SRC}/wallet")
 include_directories("${MONERO_SRC}/rpc")
 include_directories("${MONERO_SRC}/mnemonics")
+include_directories("${MONERO_SRC}/contrib/libsodium/include") # support sodium/… paths
+include_directories("${MONERO_SRC}/contrib/libsodium/include/sodium")
 include_directories("test")
 
 # keeping test files in a separate source directory 
@@ -88,6 +90,7 @@ set(
     ${MONERO_SRC}/crypto/crypto-ops.c
     ${MONERO_SRC}/crypto/crypto-ops-data.c
     ${MONERO_SRC}/crypto/keccak.c
+    ${MONERO_SRC}/crypto/chacha.c
     ${MONERO_SRC}/crypto/random.c
     ${MONERO_SRC}/crypto/aesb.c
     ${MONERO_SRC}/crypto/tree-hash.c
@@ -102,9 +105,12 @@ set(
     ${MONERO_SRC}/cryptonote_core/cryptonote_tx_utils.cpp
     ${MONERO_SRC}/common/base58.cpp
     ${MONERO_SRC}/common/threadpool.cpp
+    ${MONERO_SRC}/common/aligned.c
+    ${MONERO_SRC}/common/util.cpp
     ${MONERO_SRC}/epee/src/hex.cpp
     ${MONERO_SRC}/epee/src/string_tools.cpp
     ${MONERO_SRC}/epee/src/memwipe.c
+    ${MONERO_SRC}/epee/src/mlocker.cpp
     ${MONERO_SRC}/epee/src/wipeable_string.cpp
     ${MONERO_SRC}/device/device.cpp
     ${MONERO_SRC}/device/device_default.cpp
@@ -113,8 +119,10 @@ set(
     ${MONERO_SRC}/ringct/rctCryptoOps.c
     ${MONERO_SRC}/ringct/rctSigs.cpp
     ${MONERO_SRC}/ringct/bulletproofs.cc
+    ${MONERO_SRC}/ringct/multiexp.cc
     ${MONERO_SRC}/mnemonics/electrum-words.cpp
     ${MONERO_SRC}/vtlogger/logger.cpp
+    ${MONERO_SRC}/contrib/libsodium/src/crypto_verify/verify.c
 )
 # needed for slow-hash
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes")
diff --git a/contrib/monero-core-custom b/contrib/monero-core-custom
index e089dec..29439de 160000
--- a/contrib/monero-core-custom
+++ b/contrib/monero-core-custom
@@ -1 +1 @@
-Subproject commit e089dec813e7c9b51b8ded08bf8017e0395c4155
+Subproject commit 29439de96e8781fbc112bff4a63aecb84c301f10
diff --git a/src/monero_fork_rules.cpp b/src/monero_fork_rules.cpp
index 8fc4c12..be2670f 100644
--- a/src/monero_fork_rules.cpp
+++ b/src/monero_fork_rules.cpp
@@ -38,12 +38,12 @@
 using namespace monero_fork_rules;
 //
 uint8_t monero_fork_rules::get_bulletproof_fork()
-{
+{ // the fork at which bulletproofs became optional
 	return 8;
 }
 bool monero_fork_rules::lightwallet_hardeded__use_bulletproofs()
 {
-	return false; // This is temporary (and true only because it's not time for the fork yet) until we have the fork rules supplied by the server
+	return true; // This is temporary until we have the fork rules supplied by the server
 }
 //
 bool monero_fork_rules::lightwallet_hardcoded__use_fork_rules(uint8_t version, int64_t early_blocks)
diff --git a/src/monero_transfer_utils.cpp b/src/monero_transfer_utils.cpp
index c5c09e9..e5d05f6 100644
--- a/src/monero_transfer_utils.cpp
+++ b/src/monero_transfer_utils.cpp
@@ -67,7 +67,7 @@ uint64_t monero_transfer_utils::estimated_tx_network_fee(
 	uint32_t priority,
 	use_fork_rules_fn_type use_fork_rules_fn
 ) {
-	bool bulletproof = use_fork_rules_fn(get_bulletproof_fork(), 0);
+	bool bulletproof = use_fork_rules_fn(get_bulletproof_fork(), 0); // eventually just hardcode this to true (?)
 	uint64_t fee_multiplier = get_fee_multiplier(priority, default_priority(), get_fee_algorithm(use_fork_rules_fn), use_fork_rules_fn);
 	std::vector<uint8_t> extra; // blank extra
 	size_t est_tx_size = estimate_rct_tx_size(2, fixed_mixinsize(), 2, extra.size(), bulletproof); // typically ~14kb post-rct, pre-bulletproofs
@@ -322,6 +322,7 @@ void monero_transfer_utils::create_transaction(
 	//
 	uint32_t fake_outputs_count = fixed_mixinsize();
 	bool bulletproof = use_fork_rules_fn(get_bulletproof_fork(), 0);
+	const rct::RangeProofType range_proof_type = bulletproof ? rct::RangeProofPaddedBulletproof : rct::RangeProofBorromean;
 	//
 	if (mix_outs.size() != outputs.size() && fake_outputs_count != 0) {
 		retVals.errCode = wrongNumberOfMixOutsProvided;
@@ -521,7 +522,7 @@ void monero_transfer_utils::create_transaction(
 		sender_account_keys, subaddresses,
 		sources, splitted_dsts, change_dst.addr, extra,
 		tx, unlock_time, tx_key, additional_tx_keys,
-		true, bulletproof,
+		true, range_proof_type,
 		/*m_multisig ? &msout : */NULL
 	);
 	LOG_PRINT_L2("constructed tx, r="<<r);
diff --git a/src/monero_wallet_utils.cpp b/src/monero_wallet_utils.cpp
index e2569f7..9a6c351 100644
--- a/src/monero_wallet_utils.cpp
+++ b/src/monero_wallet_utils.cpp
@@ -67,11 +67,11 @@ void monero_wallet_utils::coerce_valid_sec_key_from(
 						(uint8_t *)&dst__sec_seed, sizeof(secret_key));
 }
 bool monero_wallet_utils::words_to_bytes(
-	std::string words, 
-	legacy16B_secret_key& dst, 
+	const epee::wipeable_string &words,
+	legacy16B_secret_key &dst,
 	std::string &language_name
 ) {
-	std::string s;
+	epee::wipeable_string s;
 	if (!crypto::ElectrumWords::words_to_bytes(words, s, sizeof(dst), true, language_name)) {
 		return false;
 	}
@@ -82,8 +82,8 @@ bool monero_wallet_utils::words_to_bytes(
 	return true;
 }
 bool monero_wallet_utils::bytes_to_words(
-	const legacy16B_secret_key& src, 
-	std::string& words, 
+	const legacy16B_secret_key &src,
+	epee::wipeable_string &words,
 	const std::string &language_name
 ) {
 	return crypto::ElectrumWords::bytes_to_words(
@@ -119,7 +119,7 @@ bool monero_wallet_utils::new_wallet(
 	const cryptonote::account_keys& keys = account.get_keys();
 	std::string address_string = account.get_public_address_str(nettype); // getting the string here instead of leaving it to the consumer b/c get_public_address_str could potentially change in implementation (see TODO) so it's not right to duplicate that here
 	//
-	std::string mnemonic_string;
+	epee::wipeable_string mnemonic_string;
 	bool r = crypto::ElectrumWords::bytes_to_words(nonLegacy32B_sec_seed, mnemonic_string, mnemonic_language);
 	// ^-- it's OK to directly call ElectrumWords w/ crypto::secret_key as we are generating new wallet, not reading
 	if (!r) {
@@ -164,7 +164,7 @@ const uint32_t stable_32B_seed_mnemonic_word_count = 25;
 const uint32_t legacy_16B_seed_mnemonic_word_count = 13;
 
 bool monero_wallet_utils::decoded_seed(
-	const string &mnemonic_string__ref,
+	const epee::wipeable_string &mnemonic_string__ref,
 	MnemonicDecodedSeed_RetVals &retVals
 ) {
 	retVals = {};
@@ -176,7 +176,7 @@ bool monero_wallet_utils::decoded_seed(
 		//
 		return false;
 	}
-	string mnemonic_string = mnemonic_string__ref; // just going to take a copy rather than require people to pass mutable string in.
+	string mnemonic_string = string(mnemonic_string__ref.data(), mnemonic_string__ref.size()); // just going to take a copy rather than require people to pass mutable string in.
 	boost::algorithm::to_lower(mnemonic_string); // critical
 	// TODO: strip wrapping whitespace? anything else?
 	//
@@ -190,7 +190,7 @@ bool monero_wallet_utils::decoded_seed(
 	bool from_legacy16B_lw_seed = false;
 	if (word_count == stable_32B_seed_mnemonic_word_count) {
 		from_legacy16B_lw_seed = false; // to be clear
-		bool r = crypto::ElectrumWords::words_to_bytes(mnemonic_string, sec_seed, mnemonic_language);
+		bool r = crypto::ElectrumWords::words_to_bytes(mnemonic_string__ref, sec_seed, mnemonic_language);
 		if (!r) {
 			retVals.did_error = true;
 			retVals.err_string = "Invalid 25-word mnemonic";
@@ -201,7 +201,7 @@ bool monero_wallet_utils::decoded_seed(
 	} else if (word_count == legacy_16B_seed_mnemonic_word_count) {
 		from_legacy16B_lw_seed = true;
 		legacy16B_secret_key legacy16B_sec_seed;
-		bool r = words_to_bytes(mnemonic_string, legacy16B_sec_seed, mnemonic_language); // special 16 byte function
+		bool r = words_to_bytes(mnemonic_string__ref, legacy16B_sec_seed, mnemonic_language); // special 16 byte function
 		if (!r) {
 			retVals.did_error = true;
 			retVals.err_string = "Invalid 13-word mnemonic";
@@ -231,7 +231,7 @@ SeedDecodedMnemonic_RetVals monero_wallet_utils::mnemonic_string_from_seed_hex_s
 ) {
 	SeedDecodedMnemonic_RetVals retVals = {};
 	//
-	std::string mnemonic_string;
+	epee::wipeable_string mnemonic_string;
 	uint32_t sec_hexString_length = sec_hexString.size();
 	//
 	bool r = false;
diff --git a/src/monero_wallet_utils.hpp b/src/monero_wallet_utils.hpp
index 45e2245..2a75bfa 100644
--- a/src/monero_wallet_utils.hpp
+++ b/src/monero_wallet_utils.hpp
@@ -42,7 +42,14 @@
 #include "mnemonics/singleton.h"
 #include "mnemonics/english.h"
 //
-using namespace tools;
+#include "generic-ops.h" // mostly to get its includes
+//
+#include "misc_log_ex.h"
+#include "wipeable_string.h"
+#include "string_tools.h"
+using namespace epee;
+//
+using namespace tools; // intentionally first
 #include "tools__ret_vals.hpp"
 //
 namespace monero_wallet_utils
@@ -71,8 +78,8 @@ namespace monero_wallet_utils
 	const static unsigned long sec_seed_hex_string_length = sizeof(secret_key) * 2;
 	const static unsigned long legacy16B__sec_seed_hex_string_length = sizeof(legacy16B_secret_key) * 2;
 	//
-	bool words_to_bytes(std::string words, legacy16B_secret_key& dst, std::string &language_name);
-	bool bytes_to_words(const legacy16B_secret_key& src, std::string& words, const std::string &language_name);
+	bool words_to_bytes(const epee::wipeable_string &words, legacy16B_secret_key &dst, std::string &language_name);
+	bool bytes_to_words(const legacy16B_secret_key& src, epee::wipeable_string &words, const std::string &language_name);
 	//
 	bool are_equal_mnemonics(const string &words_a, const string &words_b);
  	//
@@ -87,14 +94,14 @@ namespace monero_wallet_utils
 		bool from_legacy16B_lw_seed = false;
 	};
 	bool decoded_seed(
-		const string &mnemonic_string,
+		const epee::wipeable_string &mnemonic_string,
 		//
 		MnemonicDecodedSeed_RetVals &retVals
 	);
 	//
 	struct SeedDecodedMnemonic_RetVals: RetVals_base
 	{
-		optional<string> mnemonic_string = none;
+		optional<epee::wipeable_string> mnemonic_string = none;
 	};
 	SeedDecodedMnemonic_RetVals mnemonic_string_from_seed_hex_string(
 		const string &seed_string,
@@ -113,7 +120,7 @@ namespace monero_wallet_utils
 		public_key pub_spendKey;
 		public_key pub_viewKey;
 		//
-		string mnemonic_string;
+		epee::wipeable_string mnemonic_string;
 		string mnemonic_language;
 	};
 	struct WalletDescriptionRetVals: RetVals_base
@@ -209,18 +216,28 @@ namespace monero_wallet_utils
 }
 
 
-#define MONEROWALLETUTILS_MAKE_COMPARABLE(type) \
+#define MWU__MAKE_COMPARABLE(type) \
 namespace monero_wallet_utils { \
 inline bool operator==(const type &_v1, const type &_v2) { \
-return std::memcmp(&_v1, &_v2, sizeof(type)) == 0; \
+return !memcmp(&_v1, &_v2, sizeof(_v1)); \
 } \
 inline bool operator!=(const type &_v1, const type &_v2) { \
-return std::memcmp(&_v1, &_v2, sizeof(type)) != 0; \
+return !operator==(_v1, _v2); \
 } \
 }
 
-#define MONEROWALLETUTILS_MAKE_HASHABLE(type) \
-MONEROWALLETUTILS_MAKE_COMPARABLE(type) \
+#define MWU__MAKE_COMPARABLE_CONSTANT_TIME(type) \
+namespace monero_wallet_utils { \
+inline bool operator==(const type &_v1, const type &_v2) { \
+static_assert(sizeof(_v1) == 32, "constant time comparison is only implenmted for 32 bytes"); \
+return crypto_verify_32((const unsigned char*)&_v1, (const unsigned char*)&_v2) == 0; \
+} \
+inline bool operator!=(const type &_v1, const type &_v2) { \
+return !operator==(_v1, _v2); \
+} \
+}
+
+#define MWU__DEFINE_HASH_FUNCTIONS(type) \
 namespace monero_wallet_utils { \
 static_assert(sizeof(std::size_t) <= sizeof(type), "Size of " #type " must be at least that of size_t"); \
 inline std::size_t hash_value(const type &_v) { \
@@ -236,6 +253,15 @@ return reinterpret_cast<const std::size_t &>(_v); \
 }; \
 }
 
-MONEROWALLETUTILS_MAKE_HASHABLE(legacy16B_secret_key)
+#define MWU__MAKE_HASHABLE(type) \
+MWU__MAKE_COMPARABLE(type) \
+MWU__DEFINE_HASH_FUNCTIONS(type)
+
+#define MWU__MAKE_HASHABLE_CONSTANT_TIME(type) \
+MWU__MAKE_COMPARABLE_CONSTANT_TIME(type) \
+MWU__DEFINE_HASH_FUNCTIONS(type)
+
+
+MWU__MAKE_HASHABLE(legacy16B_secret_key) // "constant time comparison is only implenmted for 32 bytes"
 
 #endif /* monero_wallet_utils_hpp */
diff --git a/src/serial_bridge_index.cpp b/src/serial_bridge_index.cpp
index 1b37452..496d62d 100644
--- a/src/serial_bridge_index.cpp
+++ b/src/serial_bridge_index.cpp
@@ -233,7 +233,10 @@ string serial_bridge::newly_created_wallet(const string &args_string)
 	THROW_WALLET_EXCEPTION_IF(did_error, error::wallet_internal_error, "Illegal success flag but did_error");
 	//
 	boost::property_tree::ptree root;
-	root.put(ret_json_key__mnemonic_string(), (*(retVals.optl__desc)).mnemonic_string);
+	root.put(
+		ret_json_key__mnemonic_string(),
+		std::string((*(retVals.optl__desc)).mnemonic_string.data(), (*(retVals.optl__desc)).mnemonic_string.size())
+	);
 	root.put(ret_json_key__mnemonic_language(), (*(retVals.optl__desc)).mnemonic_language);
 	root.put(ret_json_key__sec_seed_string(), (*(retVals.optl__desc)).sec_seed_string);
 	root.put(ret_json_key__address_string(), (*(retVals.optl__desc)).address_string);
@@ -308,7 +311,10 @@ string serial_bridge::mnemonic_from_seed(const string &args_string)
 	if (retVals.err_string != none) {
 		return error_ret_json_from_message(*(retVals.err_string));
 	}
-	root.put(ret_json_key__generic_retVal(), *(retVals.mnemonic_string));
+	root.put(
+		ret_json_key__generic_retVal(),
+		std::string((*(retVals.mnemonic_string)).data(), (*(retVals.mnemonic_string)).size())
+	);
 	//
 	return ret_json_from_root(root);
 }
@@ -577,10 +583,8 @@ string serial_bridge::decodeRct(const string &args_string)
 		rv.type = rct::RCTTypeSimple;
 	} else if (rv_type_int == rct::RCTTypeFull) {
 		rv.type = rct::RCTTypeFull;
-	} else if (rv_type_int == rct::RCTTypeSimpleBulletproof) {
-		rv.type = rct::RCTTypeSimpleBulletproof;
-	} else if (rv_type_int == rct::RCTTypeFullBulletproof) {
-		rv.type = rct::RCTTypeFullBulletproof;
+	} else if (rv_type_int == rct::RCTTypeBulletproof) {
+		rv.type = rct::RCTTypeBulletproof;
 	} else {
 		return error_ret_json_from_message("Invalid 'rv.type'");
 	}
diff --git a/test/test_all.cpp b/test/test_all.cpp
index 48eebe4..3859611 100644
--- a/test/test_all.cpp
+++ b/test/test_all.cpp
@@ -973,7 +973,7 @@ BOOST_AUTO_TEST_CASE(bridged__estimated_tx_network_fee)
 	BOOST_REQUIRE(fee_string != none);
 	BOOST_REQUIRE((*fee_string).size() > 0);
 	uint64_t fee = stoull(*fee_string);
-	BOOST_REQUIRE(fee == 504000000);
+	BOOST_REQUIRE(fee == 144000000); // with bulletproofs on
 	cout << "bridged__estimated_tx_network_fee: " << fee << endl;
 }
 
@@ -981,13 +981,15 @@ BOOST_AUTO_TEST_CASE(bridged__estimate_rct_tx_size)
 {
 	using namespace serial_bridge;
 	//
+	bool use_bulletproofs = monero_fork_rules::lightwallet_hardeded__use_bulletproofs();
+	//
 	boost::property_tree::ptree root;
 	root.put("n_inputs", 2);
 	root.put("mixin", monero_transfer_utils::fixed_mixinsize());
 	root.put("n_outputs", 2);
 	std::vector<uint8_t> extra; // blank extra
 	root.put("extra_size", extra.size());
-	root.put("bulletproof", monero_fork_rules::lightwallet_hardeded__use_bulletproofs());
+	root.put("bulletproof", use_bulletproofs);
 	//
 	auto ret_string = serial_bridge::estimate_rct_tx_size(args_string_from_root(root));
 	stringstream ret_stream;
@@ -1002,7 +1004,8 @@ BOOST_AUTO_TEST_CASE(bridged__estimate_rct_tx_size)
 	BOOST_REQUIRE(size_string != none);
 	BOOST_REQUIRE((*size_string).size() > 0);
 	uint64_t size = stoull(*size_string);
-	BOOST_REQUIRE(size == 14290);
+	BOOST_REQUIRE(use_bulletproofs == true);
+	BOOST_REQUIRE(size == 3288);
 	cout << "bridged__estimate_rct_tx_size: " << size << endl;
 }