4rkal/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2024-12-04 23:51:08 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

better assertions of crypto assumptions

Browse Source
This commit is contained in:
jeffro256 2024-12-02 11:28:18 -06:00
parent 965a5d88c9
commit 2a638842a4
No known key found for this signature in database
GPG Key ID: 6F79797A6E392442
3 changed files with 146 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/carrot_core/enote_utils.cpp
View File

@ -125,16 +125,29 @@ bool make_carrot_uncontextualized_shared_key_receiver(const crypto::secret_key &
// @TODO: this is slower than a turtle on morphine, and will cripple scan speed, but should be correct // @TODO: this is slower than a turtle on morphine, and will cripple scan speed, but should be correct
// K_e = ConvertPointM(D_e) // K_e = ConvertPointM(D_e)
ge_p3 D_e_in_ed25519_p3; ge_p3 p3_tmp;
if (ge_fromx25519_vartime(&D_e_in_ed25519_p3, enote_ephemeral_pubkey.data) != 0) if (ge_fromx25519_vartime(&p3_tmp, enote_ephemeral_pubkey.data) != 0)
return false;
// serialize K_e
crypto::public_key K_e;
ge_p3_tobytes(to_bytes(K_e), &p3_tmp);
// [ed25519] s_sr = 8 d_e K^j_v
crypto::key_derivation s_sr_in_ed25519;
if (!crypto::wallet::generate_key_derivation(K_e, k_view, s_sr_in_ed25519))
return false;
else if (memcmp(&s_sr_in_ed25519, &rct::I, sizeof(rct::key)) == 0)
return false; return false;
// serialize K_e // deserialize s_sr
crypto::public_key D_e_in_ed25519; ge_p3 s_sr_in_ed25519_p3;
ge_p3_tobytes(to_bytes(D_e_in_ed25519), &D_e_in_ed25519_p3); ge_frombytes_vartime(&s_sr_in_ed25519_p3, to_bytes(s_sr_in_ed25519));
// do ECDH exchange 8 k_v D_e // ConvertPointE(s_sr)
return make_carrot_uncontextualized_shared_key_sender(k_view, D_e_in_ed25519, s_sender_receiver_unctx_out); ge_p3_to_x25519(s_sender_receiver_unctx_out.data, &s_sr_in_ed25519_p3);
return true;
} }
//------------------------------------------------------------------------------------------------------------------- //-------------------------------------------------------------------------------------------------------------------
bool make_carrot_uncontextualized_shared_key_sender(const crypto::secret_key &enote_ephemeral_privkey, bool make_carrot_uncontextualized_shared_key_sender(const crypto::secret_key &enote_ephemeral_privkey,

16
src/carrot_core/output_set_finalization.cpp
View File

@ -171,6 +171,22 @@ void get_output_enote_proposals(std::vector<CarrotPaymentProposalV1> &&normal_pa
CHECK_AND_ASSERT_THROW_MES(num_integrated <= 1, CHECK_AND_ASSERT_THROW_MES(num_integrated <= 1,
"get output enote proposals: only one integrated address is allowed per tx output set"); "get output enote proposals: only one integrated address is allowed per tx output set");
// assert anchor_norm != 0 for payments
for (const CarrotPaymentProposalV1 &normal_payment_proposal : normal_payment_proposals)
CHECK_AND_ASSERT_THROW_MES(normal_payment_proposal.randomness != janus_anchor_t{},
"get output enote proposals: normal payment proposal has unset anchor_norm AKA randomness");
// sort normal payment proposals by anchor_norm and assert uniqueness of randomness for each payment
const auto sort_by_randomness = [](const CarrotPaymentProposalV1 &a, const CarrotPaymentProposalV1 &b) -> bool
{
return memcmp(&a.randomness, &b.randomness, JANUS_ANCHOR_BYTES) < 0;
};
std::sort(normal_payment_proposals.begin(), normal_payment_proposals.end(), sort_by_randomness);
const bool has_unique_randomness = tools::is_sorted_and_unique(normal_payment_proposals,
sort_by_randomness);
CHECK_AND_ASSERT_THROW_MES(has_unique_randomness,
"get output enote proposals: normal payment proposals contain duplicate anchor_norm AKA randomness");
// input_context = "R" || KI_1 // input_context = "R" || KI_1
input_context_t input_context; input_context_t input_context;
make_carrot_input_context(tx_first_key_image, input_context); make_carrot_input_context(tx_first_key_image, input_context);

110
tests/unit_tests/carrot_core.cpp
View File

@ -146,6 +146,27 @@ TEST(carrot_core, ECDH_subaddress_completeness)
EXPECT_EQ(s_sr_sender, s_sr_receiver); EXPECT_EQ(s_sr_sender, s_sr_receiver);
} }
//---------------------------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------------------------
TEST(carrot_core, ECDH_mx25519_convergence)
{
const crypto::x25519_pubkey P = crypto::x25519_pubkey_gen();
const crypto::x25519_secret_key a = crypto::x25519_secret_key_gen();
const crypto::x25519_secret_key eight = crypto::x25519_scalar{{8}};
// do Q = 8 * a * P using mx25519
crypto::x25519_pubkey Q_mx25519;
crypto::x25519_scmul_key(eight, P, Q_mx25519);
crypto::x25519_scmul_key(a, Q_mx25519, Q_mx25519);
// do Q = 8 * a * P using make_carrot_uncontextualized_shared_key_receiver()
crypto::secret_key a_sk;
memcpy(&a_sk, &a, sizeof(a_sk));
crypto::x25519_pubkey Q_carrot;
ASSERT_TRUE(make_carrot_uncontextualized_shared_key_receiver(a_sk, P, Q_carrot));
// check equal
EXPECT_EQ(Q_mx25519, Q_carrot);
}
//----------------------------------------------------------------------------------------------------------------------
TEST(carrot_core, main_address_normal_scan_completeness) TEST(carrot_core, main_address_normal_scan_completeness)
{ {
const mock_carrot_keys keys = mock_carrot_keys::generate(); const mock_carrot_keys keys = mock_carrot_keys::generate();
@ -751,3 +772,92 @@ TEST(carrot_core, main_address_coinbase_scan_completeness)
enote.onetime_address)); enote.onetime_address));
} }
//---------------------------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------------------------
/*
TEST(carrot_core, subaddress_transfer_2out_completeness)
{
const mock_carrot_keys alice = mock_carrot_keys::generate();
const mock_carrot_keys bob = mock_carrot_keys::generate();
const uint32_t alice_j_major = crypto::rand<uint32_t>();
const uint32_t alice_j_minor = crypto::rand<uint32_t>();
CarrotDestinationV1 alice_address;
make_carrot_subaddress_v1(alice.account_spend_pubkey,
alice.main_address_view_pubkey,
alice.s_generate_address,
alice_j_major,
alice_j_minor,
alice_address);
const uint32_t bob_j_major = crypto::rand<uint32_t>();
const uint32_t bob_j_minor = crypto::rand<uint32_t>();
CarrotDestinationV1 bob_address;
make_carrot_subaddress_v1(bob.account_spend_pubkey,
bob.main_address_view_pubkey,
bob.s_generate_address,
bob_j_major,
bob_j_minor,
bob_address);
const CarrotPaymentProposalV1 proposal = CarrotPaymentProposalV1{
.destination = main_address,
.amount = crypto::rand<rct::xmr_amount>(),
.randomness = gen_janus_anchor()
};
const crypto::key_image tx_first_key_image = rct::rct2ki(rct::pkGen());
RCTOutputEnoteProposal enote_proposal;
encrypted_payment_id_t encrypted_payment_id;
get_output_proposal_normal_v1(proposal,
tx_first_key_image,
enote_proposal,
encrypted_payment_id);
ASSERT_EQ(proposal.amount, enote_proposal.amount);
const rct::key recomputed_amount_commitment = rct::commit(enote_proposal.amount, rct::sk2rct(enote_proposal.amount_blinding_factor));
ASSERT_EQ(enote_proposal.enote.amount_commitment, recomputed_amount_commitment);
crypto::x25519_pubkey s_sender_receiver_unctx;
make_carrot_uncontextualized_shared_key_receiver(keys.k_view,
enote_proposal.enote.enote_ephemeral_pubkey,
s_sender_receiver_unctx);
crypto::secret_key recovered_sender_extension_g;
crypto::secret_key recovered_sender_extension_t;
crypto::public_key recovered_address_spend_pubkey;
rct::xmr_amount recovered_amount;
crypto::secret_key recovered_amount_blinding_factor;
encrypted_payment_id_t recovered_payment_id;
CarrotEnoteType recovered_enote_type;
const bool scan_success = try_scan_carrot_enote_external(enote_proposal.enote,
encrypted_payment_id,
s_sender_receiver_unctx,
keys.k_view_dev,
keys.account_spend_pubkey,
recovered_sender_extension_g,
recovered_sender_extension_t,
recovered_address_spend_pubkey,
recovered_amount,
recovered_amount_blinding_factor,
recovered_payment_id,
recovered_enote_type);
ASSERT_TRUE(scan_success);
// check recovered data
EXPECT_EQ(proposal.destination.address_spend_pubkey, recovered_address_spend_pubkey);
EXPECT_EQ(proposal.amount, recovered_amount);
EXPECT_EQ(enote_proposal.amount_blinding_factor, recovered_amount_blinding_factor);
EXPECT_EQ(null_payment_id, recovered_payment_id);
EXPECT_EQ(CarrotEnoteType::PAYMENT, recovered_enote_type);
// check spendability
EXPECT_TRUE(can_open_fcmp_onetime_address(keys.k_prove_spend,
keys.k_generate_image,
rct::rct2sk(rct::I),
recovered_sender_extension_g,
recovered_sender_extension_t,
enote_proposal.enote.onetime_address));
}*/
//----------------------------------------------------------------------------------------------------------------------