2016-05-13 22:45:20 +03:00
|
|
|
// Copyright (c) 2016, Monero Research Labs
|
|
|
|
//
|
|
|
|
// Author: Shen Noether <shen.noether@gmx.com>
|
|
|
|
//
|
|
|
|
// All rights reserved.
|
|
|
|
//
|
|
|
|
// Redistribution and use in source and binary forms, with or without modification, are
|
|
|
|
// permitted provided that the following conditions are met:
|
|
|
|
//
|
|
|
|
// 1. Redistributions of source code must retain the above copyright notice, this list of
|
|
|
|
// conditions and the following disclaimer.
|
|
|
|
//
|
|
|
|
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
|
|
|
|
// of conditions and the following disclaimer in the documentation and/or other
|
|
|
|
// materials provided with the distribution.
|
|
|
|
//
|
|
|
|
// 3. Neither the name of the copyright holder nor the names of its contributors may be
|
|
|
|
// used to endorse or promote products derived from this software without specific
|
|
|
|
// prior written permission.
|
|
|
|
//
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
|
|
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
|
|
|
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
|
|
|
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
2016-06-24 19:46:24 +03:00
|
|
|
#include "misc_log_ex.h"
|
2016-05-13 22:45:20 +03:00
|
|
|
#include "rctOps.h"
|
|
|
|
using namespace crypto;
|
|
|
|
using namespace std;
|
|
|
|
|
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-01 18:34:23 +02:00
|
|
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
|
|
|
#define MONERO_DEFAULT_LOG_CATEGORY "ringct"
|
|
|
|
|
2017-03-22 23:26:38 +02:00
|
|
|
#define CHECK_AND_ASSERT_THROW_MES_L1(expr, message) {if(!(expr)) {MWARNING(message); throw std::runtime_error(message);}}
|
|
|
|
|
2016-05-13 22:45:20 +03:00
|
|
|
namespace rct {
|
|
|
|
|
|
|
|
//Various key initialization functions
|
|
|
|
|
|
|
|
//initializes a key matrix;
|
|
|
|
//first parameter is rows,
|
|
|
|
//second is columns
|
2016-10-23 18:10:17 +03:00
|
|
|
keyM keyMInit(size_t rows, size_t cols) {
|
2016-05-13 22:45:20 +03:00
|
|
|
keyM rv(cols);
|
2016-10-23 18:10:17 +03:00
|
|
|
size_t i = 0;
|
2016-05-13 22:45:20 +03:00
|
|
|
for (i = 0 ; i < cols ; i++) {
|
|
|
|
rv[i] = keyV(rows);
|
|
|
|
}
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//Various key generation functions
|
|
|
|
|
|
|
|
//generates a random scalar which can be used as a secret key or mask
|
|
|
|
void skGen(key &sk) {
|
2016-06-02 21:20:54 +03:00
|
|
|
sk = crypto::rand<key>();
|
2016-05-13 22:45:20 +03:00
|
|
|
sc_reduce32(sk.bytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
//generates a random scalar which can be used as a secret key or mask
|
|
|
|
key skGen() {
|
2016-06-02 21:20:54 +03:00
|
|
|
key sk = crypto::rand<key>();
|
2016-05-13 22:45:20 +03:00
|
|
|
sc_reduce32(sk.bytes);
|
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Generates a vector of secret key
|
|
|
|
//Mainly used in testing
|
2016-10-23 18:10:17 +03:00
|
|
|
keyV skvGen(size_t rows ) {
|
2016-05-13 22:45:20 +03:00
|
|
|
keyV rv(rows);
|
2016-10-23 18:10:17 +03:00
|
|
|
size_t i = 0;
|
|
|
|
crypto::rand(rows * sizeof(key), (uint8_t*)&rv[0]);
|
2016-05-13 22:45:20 +03:00
|
|
|
for (i = 0 ; i < rows ; i++) {
|
2016-10-23 18:10:17 +03:00
|
|
|
sc_reduce32(rv[i].bytes);
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
//generates a random curve point (for testing)
|
|
|
|
key pkGen() {
|
|
|
|
key sk = skGen();
|
|
|
|
key pk = scalarmultBase(sk);
|
|
|
|
return pk;
|
|
|
|
}
|
|
|
|
|
|
|
|
//generates a random secret and corresponding public key
|
|
|
|
void skpkGen(key &sk, key &pk) {
|
|
|
|
skGen(sk);
|
|
|
|
scalarmultBase(pk, sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
//generates a random secret and corresponding public key
|
|
|
|
tuple<key, key> skpkGen() {
|
|
|
|
key sk = skGen();
|
|
|
|
key pk = scalarmultBase(sk);
|
|
|
|
return make_tuple(sk, pk);
|
|
|
|
}
|
|
|
|
|
2016-07-09 21:30:28 +03:00
|
|
|
//generates C =aG + bH from b, a is given..
|
|
|
|
void genC(key & C, const key & a, xmr_amount amount) {
|
|
|
|
key bH = scalarmultH(d2h(amount));
|
|
|
|
addKeys1(C, a, bH);
|
|
|
|
}
|
|
|
|
|
2016-05-13 22:45:20 +03:00
|
|
|
//generates a <secret , public> / Pedersen commitment to the amount
|
|
|
|
tuple<ctkey, ctkey> ctskpkGen(xmr_amount amount) {
|
|
|
|
ctkey sk, pk;
|
|
|
|
skpkGen(sk.dest, pk.dest);
|
|
|
|
skpkGen(sk.mask, pk.mask);
|
|
|
|
key am = d2h(amount);
|
2016-06-02 21:03:35 +03:00
|
|
|
key bH = scalarmultH(am);
|
|
|
|
addKeys(pk.mask, pk.mask, bH);
|
2016-05-13 22:45:20 +03:00
|
|
|
return make_tuple(sk, pk);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//generates a <secret , public> / Pedersen commitment but takes bH as input
|
2016-10-23 18:10:17 +03:00
|
|
|
tuple<ctkey, ctkey> ctskpkGen(const key &bH) {
|
2016-05-13 22:45:20 +03:00
|
|
|
ctkey sk, pk;
|
|
|
|
skpkGen(sk.dest, pk.dest);
|
|
|
|
skpkGen(sk.mask, pk.mask);
|
|
|
|
addKeys(pk.mask, pk.mask, bH);
|
|
|
|
return make_tuple(sk, pk);
|
|
|
|
}
|
|
|
|
|
2016-06-16 00:47:09 +03:00
|
|
|
key zeroCommit(xmr_amount amount) {
|
|
|
|
key mask = identity();
|
|
|
|
mask = scalarmultBase(mask);
|
|
|
|
key am = d2h(amount);
|
|
|
|
key bH = scalarmultH(am);
|
|
|
|
addKeys(mask, mask, bH);
|
|
|
|
return mask;
|
|
|
|
}
|
|
|
|
|
2016-10-23 18:10:17 +03:00
|
|
|
key commit(xmr_amount amount, const key &mask) {
|
|
|
|
key c = scalarmultBase(mask);
|
2016-06-16 00:47:09 +03:00
|
|
|
key am = d2h(amount);
|
|
|
|
key bH = scalarmultH(am);
|
2016-10-23 18:10:17 +03:00
|
|
|
addKeys(c, c, bH);
|
|
|
|
return c;
|
2016-06-16 00:47:09 +03:00
|
|
|
}
|
|
|
|
|
2016-06-02 21:03:35 +03:00
|
|
|
//generates a random uint long long (for testing)
|
2016-05-13 22:45:20 +03:00
|
|
|
xmr_amount randXmrAmount(xmr_amount upperlimit) {
|
|
|
|
return h2d(skGen()) % (upperlimit);
|
|
|
|
}
|
|
|
|
|
|
|
|
//Scalar multiplications of curve points
|
|
|
|
|
|
|
|
//does a * G where a is a scalar and G is the curve basepoint
|
|
|
|
void scalarmultBase(key &aG,const key &a) {
|
|
|
|
ge_p3 point;
|
|
|
|
sc_reduce32copy(aG.bytes, a.bytes); //do this beforehand!
|
|
|
|
ge_scalarmult_base(&point, aG.bytes);
|
|
|
|
ge_p3_tobytes(aG.bytes, &point);
|
|
|
|
}
|
|
|
|
|
|
|
|
//does a * G where a is a scalar and G is the curve basepoint
|
|
|
|
key scalarmultBase(const key & a) {
|
|
|
|
ge_p3 point;
|
|
|
|
key aG;
|
|
|
|
sc_reduce32copy(aG.bytes, a.bytes); //do this beforehand
|
|
|
|
ge_scalarmult_base(&point, aG.bytes);
|
|
|
|
ge_p3_tobytes(aG.bytes, &point);
|
|
|
|
return aG;
|
|
|
|
}
|
|
|
|
|
|
|
|
//does a * P where a is a scalar and P is an arbitrary point
|
|
|
|
void scalarmultKey(key & aP, const key &P, const key &a) {
|
|
|
|
ge_p3 A;
|
|
|
|
ge_p2 R;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A, P.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_scalarmult(&R, a.bytes, &A);
|
|
|
|
ge_tobytes(aP.bytes, &R);
|
|
|
|
}
|
|
|
|
|
|
|
|
//does a * P where a is a scalar and P is an arbitrary point
|
|
|
|
key scalarmultKey(const key & P, const key & a) {
|
|
|
|
ge_p3 A;
|
|
|
|
ge_p2 R;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A, P.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_scalarmult(&R, a.bytes, &A);
|
|
|
|
key aP;
|
|
|
|
ge_tobytes(aP.bytes, &R);
|
|
|
|
return aP;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint
|
|
|
|
key scalarmultH(const key & a) {
|
|
|
|
ge_p3 A;
|
|
|
|
ge_p2 R;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A, H.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_scalarmult(&R, a.bytes, &A);
|
|
|
|
key aP;
|
|
|
|
ge_tobytes(aP.bytes, &R);
|
|
|
|
return aP;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Curve addition / subtractions
|
|
|
|
|
|
|
|
//for curve points: AB = A + B
|
|
|
|
void addKeys(key &AB, const key &A, const key &B) {
|
|
|
|
ge_p3 B2, A2;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&B2, B.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A2, A.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_cached tmp2;
|
|
|
|
ge_p3_to_cached(&tmp2, &B2);
|
|
|
|
ge_p1p1 tmp3;
|
|
|
|
ge_add(&tmp3, &A2, &tmp2);
|
|
|
|
ge_p1p1_to_p3(&A2, &tmp3);
|
|
|
|
ge_p3_tobytes(AB.bytes, &A2);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//addKeys1
|
|
|
|
//aGB = aG + B where a is a scalar, G is the basepoint, and B is a point
|
|
|
|
void addKeys1(key &aGB, const key &a, const key & B) {
|
|
|
|
key aG = scalarmultBase(a);
|
|
|
|
addKeys(aGB, aG, B);
|
|
|
|
}
|
|
|
|
|
|
|
|
//addKeys2
|
|
|
|
//aGbB = aG + bB where a, b are scalars, G is the basepoint and B is a point
|
|
|
|
void addKeys2(key &aGbB, const key &a, const key &b, const key & B) {
|
|
|
|
ge_p2 rv;
|
|
|
|
ge_p3 B2;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&B2, B.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_double_scalarmult_base_vartime(&rv, b.bytes, &B2, a.bytes);
|
|
|
|
ge_tobytes(aGbB.bytes, &rv);
|
|
|
|
}
|
|
|
|
|
|
|
|
//Does some precomputation to make addKeys3 more efficient
|
|
|
|
// input B a curve point and output a ge_dsmp which has precomputation applied
|
|
|
|
void precomp(ge_dsmp rv, const key & B) {
|
|
|
|
ge_p3 B2;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&B2, B.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_dsm_precomp(rv, &B2);
|
|
|
|
}
|
|
|
|
|
|
|
|
//addKeys3
|
|
|
|
//aAbB = a*A + b*B where a, b are scalars, A, B are curve points
|
|
|
|
//B must be input after applying "precomp"
|
|
|
|
void addKeys3(key &aAbB, const key &a, const key &A, const key &b, const ge_dsmp B) {
|
|
|
|
ge_p2 rv;
|
|
|
|
ge_p3 A2;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A2, A.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_double_scalarmult_precomp_vartime(&rv, a.bytes, &A2, b.bytes, B);
|
|
|
|
ge_tobytes(aAbB.bytes, &rv);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//subtract Keys (subtracts curve points)
|
|
|
|
//AB = A - B where A, B are curve points
|
|
|
|
void subKeys(key & AB, const key &A, const key &B) {
|
|
|
|
ge_p3 B2, A2;
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&B2, B.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A2, A.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_cached tmp2;
|
|
|
|
ge_p3_to_cached(&tmp2, &B2);
|
|
|
|
ge_p1p1 tmp3;
|
|
|
|
ge_sub(&tmp3, &A2, &tmp2);
|
|
|
|
ge_p1p1_to_p3(&A2, &tmp3);
|
|
|
|
ge_p3_tobytes(AB.bytes, &A2);
|
|
|
|
}
|
|
|
|
|
2016-11-18 01:17:21 +02:00
|
|
|
//checks if A, B are equal in terms of bytes (may say no if one is a non-reduced scalar)
|
2016-05-13 22:45:20 +03:00
|
|
|
//without doing curve operations
|
|
|
|
bool equalKeys(const key & a, const key & b) {
|
2016-06-02 19:24:42 +03:00
|
|
|
bool rv = true;
|
|
|
|
for (int i = 0; i < 32; ++i) {
|
|
|
|
if (a.bytes[i] != b.bytes[i]) {
|
|
|
|
rv = false;
|
|
|
|
}
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
2016-06-02 19:24:42 +03:00
|
|
|
return rv;
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
//Hashing - cn_fast_hash
|
|
|
|
//be careful these are also in crypto namespace
|
|
|
|
//cn_fast_hash for arbitrary multiples of 32 bytes
|
|
|
|
void cn_fast_hash(key &hash, const void * data, const std::size_t l) {
|
2016-10-11 01:36:01 +03:00
|
|
|
keccak((const uint8_t *)data, l, hash.bytes, 32);
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void hash_to_scalar(key &hash, const void * data, const std::size_t l) {
|
|
|
|
cn_fast_hash(hash, data, l);
|
|
|
|
sc_reduce32(hash.bytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
//cn_fast_hash for a 32 byte key
|
|
|
|
void cn_fast_hash(key & hash, const key & in) {
|
2016-10-11 01:36:01 +03:00
|
|
|
keccak((const uint8_t *)in.bytes, 32, hash.bytes, 32);
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void hash_to_scalar(key & hash, const key & in) {
|
|
|
|
cn_fast_hash(hash, in);
|
|
|
|
sc_reduce32(hash.bytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
//cn_fast_hash for a 32 byte key
|
|
|
|
key cn_fast_hash(const key & in) {
|
|
|
|
key hash;
|
2016-10-11 01:36:01 +03:00
|
|
|
keccak((const uint8_t *)in.bytes, 32, hash.bytes, 32);
|
2016-05-13 22:45:20 +03:00
|
|
|
return hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
key hash_to_scalar(const key & in) {
|
|
|
|
key hash = cn_fast_hash(in);
|
|
|
|
sc_reduce32(hash.bytes);
|
|
|
|
return hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
//cn_fast_hash for a 128 byte unsigned char
|
|
|
|
key cn_fast_hash128(const void * in) {
|
|
|
|
key hash;
|
2016-10-11 01:36:01 +03:00
|
|
|
keccak((const uint8_t *)in, 128, hash.bytes, 32);
|
2016-05-13 22:45:20 +03:00
|
|
|
return hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
key hash_to_scalar128(const void * in) {
|
|
|
|
key hash = cn_fast_hash128(in);
|
|
|
|
sc_reduce32(hash.bytes);
|
|
|
|
return hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
//cn_fast_hash for multisig purpose
|
|
|
|
//This takes the outputs and commitments
|
|
|
|
//and hashes them into a 32 byte sized key
|
2016-10-11 01:07:20 +03:00
|
|
|
key cn_fast_hash(const ctkeyV &PC) {
|
2016-10-11 01:37:02 +03:00
|
|
|
key rv;
|
|
|
|
cn_fast_hash(rv, &PC[0], 64*PC.size());
|
2016-05-13 22:45:20 +03:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-10-11 01:07:20 +03:00
|
|
|
key hash_to_scalar(const ctkeyV &PC) {
|
2016-05-13 22:45:20 +03:00
|
|
|
key rv = cn_fast_hash(PC);
|
|
|
|
sc_reduce32(rv.bytes);
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-07-09 22:04:23 +03:00
|
|
|
//cn_fast_hash for a key-vector of arbitrary length
|
|
|
|
//this is useful since you take a number of keys
|
|
|
|
//put them in the key vector and it concatenates them
|
|
|
|
//and then hashes them
|
|
|
|
key cn_fast_hash(const keyV &keys) {
|
|
|
|
key rv;
|
2016-10-11 01:37:02 +03:00
|
|
|
cn_fast_hash(rv, &keys[0], keys.size() * sizeof(keys[0]));
|
2016-07-09 22:04:23 +03:00
|
|
|
//dp(rv);
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
key hash_to_scalar(const keyV &keys) {
|
|
|
|
key rv = cn_fast_hash(keys);
|
|
|
|
sc_reduce32(rv.bytes);
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-11-18 01:17:21 +02:00
|
|
|
key cn_fast_hash(const key64 keys) {
|
|
|
|
key rv;
|
|
|
|
cn_fast_hash(rv, &keys[0], 64 * sizeof(keys[0]));
|
|
|
|
//dp(rv);
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
key hash_to_scalar(const key64 keys) {
|
|
|
|
key rv = cn_fast_hash(keys);
|
|
|
|
sc_reduce32(rv.bytes);
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-05-13 22:45:20 +03:00
|
|
|
key hashToPointSimple(const key & hh) {
|
|
|
|
key pointk;
|
2016-06-02 21:02:54 +03:00
|
|
|
ge_p1p1 point2;
|
|
|
|
ge_p2 point;
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_p3 res;
|
|
|
|
key h = cn_fast_hash(hh);
|
2017-03-22 23:26:38 +02:00
|
|
|
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&res, h.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
2016-06-02 21:02:54 +03:00
|
|
|
ge_p3_to_p2(&point, &res);
|
|
|
|
ge_mul8(&point2, &point);
|
|
|
|
ge_p1p1_to_p3(&res, &point2);
|
2016-05-13 22:45:20 +03:00
|
|
|
ge_p3_tobytes(pointk.bytes, &res);
|
|
|
|
return pointk;
|
|
|
|
}
|
|
|
|
|
|
|
|
key hashToPoint(const key & hh) {
|
|
|
|
key pointk;
|
|
|
|
ge_p2 point;
|
|
|
|
ge_p1p1 point2;
|
|
|
|
ge_p3 res;
|
|
|
|
key h = cn_fast_hash(hh);
|
|
|
|
ge_fromfe_frombytes_vartime(&point, h.bytes);
|
|
|
|
ge_mul8(&point2, &point);
|
|
|
|
ge_p1p1_to_p3(&res, &point2);
|
|
|
|
ge_p3_tobytes(pointk.bytes, &res);
|
|
|
|
return pointk;
|
|
|
|
}
|
|
|
|
|
|
|
|
void hashToPoint(key & pointk, const key & hh) {
|
|
|
|
ge_p2 point;
|
|
|
|
ge_p1p1 point2;
|
|
|
|
ge_p3 res;
|
|
|
|
key h = cn_fast_hash(hh);
|
|
|
|
ge_fromfe_frombytes_vartime(&point, h.bytes);
|
|
|
|
ge_mul8(&point2, &point);
|
|
|
|
ge_p1p1_to_p3(&res, &point2);
|
|
|
|
ge_p3_tobytes(pointk.bytes, &res);
|
|
|
|
}
|
|
|
|
|
|
|
|
//sums a vector of curve points (for scalars use sc_add)
|
|
|
|
void sumKeys(key & Csum, const keyV & Cis) {
|
|
|
|
identity(Csum);
|
|
|
|
size_t i = 0;
|
|
|
|
for (i = 0; i < Cis.size(); i++) {
|
|
|
|
addKeys(Csum, Csum, Cis[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//Elliptic Curve Diffie Helman: encodes and decodes the amount b and mask a
|
|
|
|
// where C= aG + bH
|
2016-08-10 14:48:20 +03:00
|
|
|
void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec) {
|
|
|
|
key sharedSec1 = hash_to_scalar(sharedSec);
|
2016-07-24 19:53:34 +03:00
|
|
|
key sharedSec2 = hash_to_scalar(sharedSec1);
|
|
|
|
//encode
|
|
|
|
sc_add(unmasked.mask.bytes, unmasked.mask.bytes, sharedSec1.bytes);
|
|
|
|
sc_add(unmasked.amount.bytes, unmasked.amount.bytes, sharedSec2.bytes);
|
|
|
|
}
|
2016-08-10 14:48:20 +03:00
|
|
|
void ecdhDecode(ecdhTuple & masked, const key & sharedSec) {
|
|
|
|
key sharedSec1 = hash_to_scalar(sharedSec);
|
2016-05-13 22:45:20 +03:00
|
|
|
key sharedSec2 = hash_to_scalar(sharedSec1);
|
2016-07-24 19:53:34 +03:00
|
|
|
//decode
|
|
|
|
sc_sub(masked.mask.bytes, masked.mask.bytes, sharedSec1.bytes);
|
|
|
|
sc_sub(masked.amount.bytes, masked.amount.bytes, sharedSec2.bytes);
|
2016-05-13 22:45:20 +03:00
|
|
|
}
|
|
|
|
}
|