From 8f95a7165ec6aca792ab6a2603ddadb96684b730 Mon Sep 17 00:00:00 2001 From: jeffro256 Date: Fri, 10 Jan 2025 14:59:27 -0600 Subject: [PATCH] carrot_impl 1/23/25 [WIP] --- src/CMakeLists.txt | 1 + src/carrot_impl/CMakeLists.txt | 50 ++ src/carrot_impl/carrot_boost_serialization.h | 61 ++ src/carrot_impl/carrot_chain_serialization.h | 42 ++ src/carrot_impl/carrot_tx_format_utils.cpp | 356 +++++++++ src/carrot_impl/carrot_tx_format_utils.h | 92 +++ src/cryptonote_basic/cryptonote_basic.h | 34 +- .../cryptonote_boost_serialization.h | 12 +- src/cryptonote_basic/tx_extra.h | 2 + src/serialization/json_object.cpp | 33 +- src/serialization/json_object.h | 4 +- tests/core_tests/tx_validation.cpp | 13 - tests/unit_tests/CMakeLists.txt | 2 + tests/unit_tests/carrot_impl.cpp | 683 ++++++++++++++++++ 14 files changed, 1324 insertions(+), 61 deletions(-) create mode 100644 src/carrot_impl/CMakeLists.txt create mode 100644 src/carrot_impl/carrot_boost_serialization.h create mode 100644 src/carrot_impl/carrot_chain_serialization.h create mode 100644 src/carrot_impl/carrot_tx_format_utils.cpp create mode 100644 src/carrot_impl/carrot_tx_format_utils.h create mode 100644 tests/unit_tests/carrot_impl.cpp diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6c53b115d6f..eaec90928f8 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -84,6 +84,7 @@ include(Version) monero_add_library(version SOURCES ${CMAKE_BINARY_DIR}/version.cpp DEPENDS genversion) add_subdirectory(carrot_core) +add_subdirectory(carrot_impl) add_subdirectory(common) add_subdirectory(crypto) add_subdirectory(ringct) diff --git a/src/carrot_impl/CMakeLists.txt b/src/carrot_impl/CMakeLists.txt new file mode 100644 index 00000000000..1c22f6958df --- /dev/null +++ b/src/carrot_impl/CMakeLists.txt @@ -0,0 +1,50 @@ +# Copyright (c) 2024, The Monero Project +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, are +# permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, this list +# of conditions and the following disclaimer in the documentation and/or other +# materials provided with the distribution. +# +# 3. Neither the name of the copyright holder nor the names of its contributors may be +# used to endorse or promote products derived from this software without specific +# prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +set(carrot_impl_sources + carrot_tx_format_utils.cpp +) + +monero_find_all_headers(carrot_impl_headers, "${CMAKE_CURRENT_SOURCE_DIR}") + +monero_add_library(carrot_impl + ${carrot_impl_sources} + ${carrot_impl_headers}) + +target_link_libraries(carrot_impl + PUBLIC + carrot_core + cryptonote_basic + PRIVATE + ${EXTRA_LIBRARIES}) + +target_include_directories(carrot_impl + PUBLIC + "${CMAKE_CURRENT_SOURCE_DIR}" + PRIVATE + ${Boost_INCLUDE_DIRS}) diff --git a/src/carrot_impl/carrot_boost_serialization.h b/src/carrot_impl/carrot_boost_serialization.h new file mode 100644 index 00000000000..8b066b376d5 --- /dev/null +++ b/src/carrot_impl/carrot_boost_serialization.h @@ -0,0 +1,61 @@ +// Copyright (c) 2024, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#pragma once + +//local headers +#include "carrot_core/core_types.h" + +//third party headers +#include + +//standard headers + +//forward declarations + +namespace boost +{ +namespace serialization +{ +//--------------------------------------------------- +template +inline void serialize(Archive &a, carrot::view_tag_t &x, const boost::serialization::version_type ver) +{ + a & x.bytes; +} +//--------------------------------------------------- +template +inline void serialize(Archive &a, carrot::encrypted_janus_anchor_t &x, const boost::serialization::version_type ver) +{ + a & x.bytes; +} +//--------------------------------------------------- +} //namespace serialization +} //namespace boot diff --git a/src/carrot_impl/carrot_chain_serialization.h b/src/carrot_impl/carrot_chain_serialization.h new file mode 100644 index 00000000000..8a3139fa6ab --- /dev/null +++ b/src/carrot_impl/carrot_chain_serialization.h @@ -0,0 +1,42 @@ +// Copyright (c) 2024, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#pragma once + +//local headers +#include "carrot_core/core_types.h" +#include "serialization/serialization.h" + +//third party headers + +//standard headers + +//forward declarations + +BLOB_SERIALIZER(carrot::view_tag_t); +BLOB_SERIALIZER(carrot::encrypted_janus_anchor_t); diff --git a/src/carrot_impl/carrot_tx_format_utils.cpp b/src/carrot_impl/carrot_tx_format_utils.cpp new file mode 100644 index 00000000000..5c6fd7bbc34 --- /dev/null +++ b/src/carrot_impl/carrot_tx_format_utils.cpp @@ -0,0 +1,356 @@ +// Copyright (c) 2024, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +//paired header +#include "carrot_tx_format_utils.h" + +//local headers +#include "common/container_helpers.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "cryptonote_config.h" + +//third party headers + +//standard headers + +#undef MONERO_DEFAULT_LOG_CATEGORY +#define MONERO_DEFAULT_LOG_CATEGORY "carrot_impl" + +static_assert(sizeof(mx25519_pubkey) == sizeof(crypto::public_key), + "cannot use crypto::public_key as storage for X25519 keys since size is different"); + +namespace carrot +{ +//------------------------------------------------------------------------------------------------------------------- +//------------------------------------------------------------------------------------------------------------------- +static constexpr const std::uint8_t carrot_rct_type = rct::RCTTypeBulletproof2; // @TODO: WRONG version +//------------------------------------------------------------------------------------------------------------------- +//------------------------------------------------------------------------------------------------------------------- +template +static void store_carrot_ephemeral_pubkeys_to_extra(const EnoteContainer &enotes, std::vector &extra_inout) +{ + const size_t nouts = enotes.size(); + const bool use_shared_ephemeral_pubkey = nouts == 2 && !is_coinbase; + bool success = true; + if (use_shared_ephemeral_pubkey) + { + crypto::public_key tx_pubkey; + const mx25519_pubkey &enote_ephemeral_pubkey = enotes.at(0).enote_ephemeral_pubkey; + memcpy(tx_pubkey.data, enote_ephemeral_pubkey.data, sizeof(tx_pubkey)); + success = success && cryptonote::add_tx_pub_key_to_extra(extra_inout, tx_pubkey); + } + else // nouts != 2 or coinbase + { + std::vector tx_pubkeys(nouts); + for (size_t i = 0; i < nouts; ++i) + { + const mx25519_pubkey &enote_ephemeral_pubkey = enotes.at(i).enote_ephemeral_pubkey; + memcpy(tx_pubkeys[i].data, enote_ephemeral_pubkey.data, sizeof(tx_pubkeys[i])); + } + success = success && cryptonote::add_additional_tx_pub_keys_to_extra(extra_inout, tx_pubkeys); + } + CHECK_AND_ASSERT_THROW_MES(success, "add carrot ephemeral pubkeys to extra: failed to add tx_extra fields"); +} +//------------------------------------------------------------------------------------------------------------------- +//------------------------------------------------------------------------------------------------------------------- +template +static bool try_load_carrot_ephemeral_pubkeys_from_extra(const std::vector &extra_fields, + EnoteContainer &enotes_inout) +{ + const size_t nouts = enotes_inout.size(); + const bool use_shared_ephemeral_pubkey = nouts == 2 && !is_coinbase; + if (use_shared_ephemeral_pubkey) + { + cryptonote::tx_extra_pub_key tx_pubkey; + if (!cryptonote::find_tx_extra_field_by_type(extra_fields, tx_pubkey)) + return false; + + memcpy(enotes_inout.front().enote_ephemeral_pubkey.data, tx_pubkey.pub_key.data, sizeof(mx25519_pubkey)); + memcpy(enotes_inout.back().enote_ephemeral_pubkey.data, tx_pubkey.pub_key.data, sizeof(mx25519_pubkey)); + } + else // nouts != 2 + { + cryptonote::tx_extra_additional_pub_keys tx_pubkeys; + if (!cryptonote::find_tx_extra_field_by_type(extra_fields, tx_pubkeys)) + return false; + else if (tx_pubkeys.data.size() != nouts) + return false; + + for (size_t i = 0; i < nouts; ++i) + memcpy(enotes_inout[i].enote_ephemeral_pubkey.data, tx_pubkeys.data.at(i).data, sizeof(mx25519_pubkey)); + } + + return true; +} +//------------------------------------------------------------------------------------------------------------------- +//------------------------------------------------------------------------------------------------------------------- +cryptonote::transaction store_carrot_to_transaction_v1(const std::vector &enotes, + const std::vector &key_images, + const rct::xmr_amount fee, + const encrypted_payment_id_t encrypted_payment_id) +{ + const size_t nins = key_images.size(); + const size_t nouts = enotes.size(); + + cryptonote::transaction tx; + tx.pruned = true; + tx.version = 2; + tx.unlock_time = 0; + tx.vin.reserve(nins); + tx.vout.reserve(nouts); + tx.extra.reserve(MAX_TX_EXTRA_SIZE); + tx.rct_signatures.type = carrot_rct_type; + tx.rct_signatures.txnFee = fee; + tx.rct_signatures.ecdhInfo.reserve(nouts); + tx.rct_signatures.outPk.reserve(nouts); + + //inputs + for (const crypto::key_image &ki : key_images) + { + //L + tx.vin.emplace_back(cryptonote::txin_to_key{ //@TODO: can save 2 bytes by using slim input type + .amount = 0, + .key_offsets = {}, + .k_image = ki + }); + } + + //outputs + for (const CarrotEnoteV1 &enote : enotes) + { + //K_o,vt,anchor_enc + tx.vout.push_back(cryptonote::tx_out{0, cryptonote::txout_to_carrot_v1{ + .key = enote.onetime_address, + .view_tag = enote.view_tag, + .encrypted_janus_anchor = enote.anchor_enc + }}); + + //a_enc + rct::ecdhTuple &ecdh_tuple = tools::add_element(tx.rct_signatures.ecdhInfo); + memcpy(ecdh_tuple.amount.bytes, enote.amount_enc.bytes, sizeof(ecdh_tuple.amount)); + + //C_a + tx.rct_signatures.outPk.push_back(rct::ctkey{rct::key{}, enote.amount_commitment}); + } + + //ephemeral pubkeys: D_e + store_carrot_ephemeral_pubkeys_to_extra(enotes, tx.extra); + + //encrypted payment id: pid_enc + crypto::hash8 pid_enc_8; + memcpy(pid_enc_8.data, encrypted_payment_id.bytes, sizeof(pid_enc_8)); + cryptonote::blobdata extra_nonce; + cryptonote::set_encrypted_payment_id_to_tx_extra_nonce(extra_nonce, pid_enc_8); + CHECK_AND_ASSERT_THROW_MES(cryptonote::add_extra_nonce_to_tx_extra(tx.extra, extra_nonce), + "store carrot to transaction v1: failed to add encrypted payment ID to tx_extra"); + + //finalize tx_extra + CHECK_AND_ASSERT_THROW_MES(cryptonote::sort_tx_extra(tx.extra, tx.extra, /*allow_partial=*/false), + "store carrot to transaction v1: failed to sort tx_extra"); + + return tx; +} +//------------------------------------------------------------------------------------------------------------------- +bool try_load_carrot_from_transaction_v1(const cryptonote::transaction &tx, + std::vector &enotes_out, + std::vector &key_images_out, + rct::xmr_amount &fee_out, + std::optional &encrypted_payment_id_out) +{ + const rct::rctSigBase &rv = tx.rct_signatures; + fee_out = rv.txnFee; + + const size_t nins = tx.vin.size(); + const size_t nouts = tx.vout.size(); + + if (0 == nins) + return false; // no input_context + else if (nouts != rv.ecdhInfo.size()) + return false; // incorrect # of encrypted amounts + else if (nouts != rv.outPk.size()) + return false; // incorrect # of amount commitments + + //inputs + key_images_out.resize(nins); + for (size_t i = 0; i < nins; ++i) + { + const cryptonote::txin_to_key * const k = boost::strict_get(&tx.vin.at(i)); + if (nullptr == k) + return false; + + //L + key_images_out[i] = k->k_image; + } + + //outputs + enotes_out.resize(nouts); + for (size_t i = 0; i < nouts; ++i) + { + const cryptonote::txout_target_v &t = tx.vout.at(i).target; + const cryptonote::txout_to_carrot_v1 * const c = boost::strict_get(&t); + if (nullptr == c) + return false; + + //K_o + enotes_out[i].onetime_address = c->key; + + //vt + enotes_out[i].view_tag = c->view_tag; + + //anchor_enc + enotes_out[i].anchor_enc = c->encrypted_janus_anchor; + + //L_1 + enotes_out[i].tx_first_key_image = key_images_out.at(0); + + //a_enc + memcpy(enotes_out[i].amount_enc.bytes, rv.ecdhInfo.at(i).amount.bytes, sizeof(encrypted_amount_t)); + + //C_a + enotes_out[i].amount_commitment = rv.outPk.at(i).mask; + } + + //parse tx_extra + std::vector extra_fields; + if (!cryptonote::parse_tx_extra(tx.extra, extra_fields)) + return false; + + //ephemeral pubkeys: D_e + if (!try_load_carrot_ephemeral_pubkeys_from_extra(extra_fields, enotes_out)) + return false; + + //encrypted payment ID: pid_enc + encrypted_payment_id_out = std::nullopt; + cryptonote::tx_extra_nonce extra_nonce; + if (cryptonote::find_tx_extra_field_by_type(extra_fields, extra_nonce)) + { + crypto::hash8 pid_enc_8; + if (cryptonote::get_encrypted_payment_id_from_tx_extra_nonce(extra_nonce.nonce, pid_enc_8)) + { + encrypted_payment_id_t &pid_enc = encrypted_payment_id_out.emplace(); + memcpy(pid_enc.bytes, pid_enc_8.data, sizeof(pid_enc)); + } + } + + return true; +} +//------------------------------------------------------------------------------------------------------------------- +cryptonote::transaction store_carrot_to_coinbase_transaction_v1( + const std::vector &enotes, + const std::uint64_t block_index) +{ + const size_t nouts = enotes.size(); + + cryptonote::transaction tx; + tx.pruned = false; + tx.version = 2; + tx.unlock_time = block_index + CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW; + tx.vin.reserve(1); + tx.vout.reserve(nouts); + tx.extra.reserve(MAX_TX_EXTRA_SIZE); + tx.rct_signatures.type = rct::RCTTypeNull; + + //input + tx.vin.emplace_back(cryptonote::txin_gen{.height = block_index}); + + //outputs + for (const CarrotCoinbaseEnoteV1 &enote : enotes) + { + //K_o,vt,anchor_enc,a + tx.vout.push_back(cryptonote::tx_out{enote.amount, + cryptonote::txout_to_carrot_v1{ + .key = enote.onetime_address, + .view_tag = enote.view_tag, + .encrypted_janus_anchor = enote.anchor_enc + } + }); + } + + //ephemeral pubkeys: D_e + store_carrot_ephemeral_pubkeys_to_extra(enotes, tx.extra); + + //we don't need to sort tx_extra since we only added one field + //if you add more tx_extra fields here in the future, then please sort <3 + + return tx; +} +//------------------------------------------------------------------------------------------------------------------- +bool try_load_carrot_from_coinbase_transaction_v1(const cryptonote::transaction &tx, + std::vector &enotes_out, + std::uint64_t &block_index_out) +{ + const size_t nins = tx.vin.size(); + const size_t nouts = tx.vout.size(); + + if (1 == nins) + return false; // not coinbase + + //input + const cryptonote::txin_gen * const h = boost::strict_get(&tx.vin.front()); + if (nullptr == h) + return false; + block_index_out = h->height; + + //outputs + enotes_out.resize(nouts); + for (size_t i = 0; i < nouts; ++i) + { + //a + enotes_out[i].amount = tx.vout.at(i).amount; + + const cryptonote::txout_target_v &t = tx.vout.at(i).target; + const cryptonote::txout_to_carrot_v1 * const c = boost::strict_get(&t); + if (nullptr == c) + return false; + + //K_o + enotes_out[i].onetime_address = c->key; + + //vt + enotes_out[i].view_tag = c->view_tag; + + //anchor_enc + enotes_out[i].anchor_enc = c->encrypted_janus_anchor; + + //block_index + enotes_out[i].block_index = block_index_out; + } + + //parse tx_extra + std::vector extra_fields; + if (!cryptonote::parse_tx_extra(tx.extra, extra_fields)) + return false; + + //ephemeral pubkeys: D_e + if (!try_load_carrot_ephemeral_pubkeys_from_extra(extra_fields, enotes_out)) + return false; + + return true; +} +//------------------------------------------------------------------------------------------------------------------- +} //namespace carrot diff --git a/src/carrot_impl/carrot_tx_format_utils.h b/src/carrot_impl/carrot_tx_format_utils.h new file mode 100644 index 00000000000..904e7f179c2 --- /dev/null +++ b/src/carrot_impl/carrot_tx_format_utils.h @@ -0,0 +1,92 @@ +// Copyright (c) 2024, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#pragma once + +//local headers +#include "carrot_core/carrot_enote_types.h" +#include "cryptonote_basic/cryptonote_basic.h" + +//third party headers + +//standard headers +#include +#include + +//forward declarations + +namespace carrot +{ + +/** + * brief: store_carrot_to_transaction_v1 - store non-coinbase Carrot info to a cryptonote::transaction + * param: enotes - + * param: key_images - + * param: fee - + * param: encrypted_payment_id - pid_enc + * return: a fully populated, pruned, non-coinbase transaction containing given Carrot information + */ +cryptonote::transaction store_carrot_to_transaction_v1(const std::vector &enotes, + const std::vector &key_images, + const rct::xmr_amount fee, + const encrypted_payment_id_t encrypted_payment_id); +/** + * brief: load_carrot_from_transaction_v1 - load non-coinbase Carrot info from a cryptonote::transaction + * param: tx - + * outparam: enotes_out - + * outparam: key_images_out - + * outparam: fee_out - + * outparam: encrypted_payment_id_out - + * return: Carrot enotes, key images, fee, and encrypted pid contained within a non-coinbase transaction + */ +bool try_load_carrot_from_transaction_v1(const cryptonote::transaction &tx, + std::vector &enotes_out, + std::vector &key_images_out, + rct::xmr_amount &fee_out, + std::optional &encrypted_payment_id_out); +/** + * brief: store_carrot_to_coinbase_transaction_v1 - store coinbase Carrot info to a cryptonote::transaction + * param: enotes - + * param: block_index - + * return: a full coinbase transaction containing given Carrot information + */ +cryptonote::transaction store_carrot_to_coinbase_transaction_v1( + const std::vector &enotes, + const std::uint64_t block_index); +/** + * brief: try_load_carrot_from_coinbase_transaction_v1 - load coinbase Carrot info from a cryptonote::transaction + * param: tx - + * outparam: enotes_out - + * outparam: block_index_out - + * return: Carrot coinbase enotes and block index contained within a coinbase transaction + */ +bool try_load_carrot_from_coinbase_transaction_v1(const cryptonote::transaction &tx, + std::vector &enotes_out, + std::uint64_t &block_index_out); + +} //namespace carrot diff --git a/src/cryptonote_basic/cryptonote_basic.h b/src/cryptonote_basic/cryptonote_basic.h index a50ae9c32d8..97b5f61af00 100644 --- a/src/cryptonote_basic/cryptonote_basic.h +++ b/src/cryptonote_basic/cryptonote_basic.h @@ -43,6 +43,8 @@ #include "serialization/debug_archive.h" #include "serialization/crypto.h" #include "serialization/keyvalue_serialization.h" // eepe named serialization +#include "carrot_core/core_types.h" +#include "carrot_impl/carrot_chain_serialization.h" #include "cryptonote_config.h" #include "crypto/crypto.h" #include "crypto/hash.h" @@ -58,14 +60,19 @@ namespace cryptonote /* outputs */ - struct txout_to_script + struct txout_to_carrot_v1 { - std::vector keys; - std::vector script; + crypto::public_key key; // K_o + carrot::view_tag_t view_tag; // vt + carrot::encrypted_janus_anchor_t encrypted_janus_anchor; // anchor_enc + + // Encrypted amount a_enc and amount commitment C_a are stored in rct::rctSigBase + // This allows for reuse of this output type between coinbase and non-coinbase txs BEGIN_SERIALIZE_OBJECT() - FIELD(keys) - FIELD(script) + FIELD(key) + FIELD(view_tag) + FIELD(encrypted_janus_anchor) END_SERIALIZE() }; @@ -122,16 +129,7 @@ namespace cryptonote struct txin_to_scripthash { - crypto::hash prev; - size_t prevout; - txout_to_script script; - std::vector sigset; - BEGIN_SERIALIZE_OBJECT() - FIELD(prev) - VARINT_FIELD(prevout) - FIELD(script) - FIELD(sigset) END_SERIALIZE() }; @@ -151,7 +149,7 @@ namespace cryptonote typedef boost::variant txin_v; - typedef boost::variant txout_target_v; + typedef boost::variant txout_target_v; //typedef std::pair out_t; struct tx_out @@ -573,7 +571,7 @@ VARIANT_TAG(binary_archive, cryptonote::txin_gen, 0xff); VARIANT_TAG(binary_archive, cryptonote::txin_to_script, 0x0); VARIANT_TAG(binary_archive, cryptonote::txin_to_scripthash, 0x1); VARIANT_TAG(binary_archive, cryptonote::txin_to_key, 0x2); -VARIANT_TAG(binary_archive, cryptonote::txout_to_script, 0x0); +VARIANT_TAG(binary_archive, cryptonote::txout_to_carrot_v1, 0x0); VARIANT_TAG(binary_archive, cryptonote::txout_to_scripthash, 0x1); VARIANT_TAG(binary_archive, cryptonote::txout_to_key, 0x2); VARIANT_TAG(binary_archive, cryptonote::txout_to_tagged_key, 0x3); @@ -584,7 +582,7 @@ VARIANT_TAG(json_archive, cryptonote::txin_gen, "gen"); VARIANT_TAG(json_archive, cryptonote::txin_to_script, "script"); VARIANT_TAG(json_archive, cryptonote::txin_to_scripthash, "scripthash"); VARIANT_TAG(json_archive, cryptonote::txin_to_key, "key"); -VARIANT_TAG(json_archive, cryptonote::txout_to_script, "script"); +VARIANT_TAG(json_archive, cryptonote::txout_to_carrot_v1, "carrot_v1"); VARIANT_TAG(json_archive, cryptonote::txout_to_scripthash, "scripthash"); VARIANT_TAG(json_archive, cryptonote::txout_to_key, "key"); VARIANT_TAG(json_archive, cryptonote::txout_to_tagged_key, "tagged_key"); @@ -595,7 +593,7 @@ VARIANT_TAG(debug_archive, cryptonote::txin_gen, "gen"); VARIANT_TAG(debug_archive, cryptonote::txin_to_script, "script"); VARIANT_TAG(debug_archive, cryptonote::txin_to_scripthash, "scripthash"); VARIANT_TAG(debug_archive, cryptonote::txin_to_key, "key"); -VARIANT_TAG(debug_archive, cryptonote::txout_to_script, "script"); +VARIANT_TAG(debug_archive, cryptonote::txout_to_carrot_v1, "carrot_v1"); VARIANT_TAG(debug_archive, cryptonote::txout_to_scripthash, "scripthash"); VARIANT_TAG(debug_archive, cryptonote::txout_to_key, "key"); VARIANT_TAG(debug_archive, cryptonote::txout_to_tagged_key, "tagged_key"); diff --git a/src/cryptonote_basic/cryptonote_boost_serialization.h b/src/cryptonote_basic/cryptonote_boost_serialization.h index 8948c650cd4..3aea707e52c 100644 --- a/src/cryptonote_basic/cryptonote_boost_serialization.h +++ b/src/cryptonote_basic/cryptonote_boost_serialization.h @@ -38,6 +38,7 @@ #include #include #include +#include "carrot_impl/carrot_boost_serialization.h" #include "cryptonote_basic.h" #include "difficulty.h" #include "common/unordered_containers_boost_serialization.h" @@ -93,10 +94,11 @@ namespace boost } template - inline void serialize(Archive &a, cryptonote::txout_to_script &x, const boost::serialization::version_type ver) + inline void serialize(Archive &a, cryptonote::txout_to_carrot_v1 &x, const boost::serialization::version_type ver) { - a & x.keys; - a & x.script; + a & x.key; + a & x.view_tag; + a & x.encrypted_janus_anchor; } @@ -136,10 +138,6 @@ namespace boost template inline void serialize(Archive &a, cryptonote::txin_to_scripthash &x, const boost::serialization::version_type ver) { - a & x.prev; - a & x.prevout; - a & x.script; - a & x.sigset; } template diff --git a/src/cryptonote_basic/tx_extra.h b/src/cryptonote_basic/tx_extra.h index 74c319ec3b8..266e0c48837 100644 --- a/src/cryptonote_basic/tx_extra.h +++ b/src/cryptonote_basic/tx_extra.h @@ -91,6 +91,7 @@ namespace cryptonote struct tx_extra_pub_key { + // while marked `crypto::public_key`, which usually means Ed25519, this will hold an X25519 pubkey in Carrot txs crypto::public_key pub_key; BEGIN_SERIALIZE() @@ -158,6 +159,7 @@ namespace cryptonote // per-output additional tx pubkey for multi-destination transfers involving at least one subaddress struct tx_extra_additional_pub_keys { + // same as tx_extra_pub_key, this is a vector of X25519 pubkeys in Carrot txs std::vector data; BEGIN_SERIALIZE() diff --git a/src/serialization/json_object.cpp b/src/serialization/json_object.cpp index 134bf1c69be..905378065be 100644 --- a/src/serialization/json_object.cpp +++ b/src/serialization/json_object.cpp @@ -458,12 +458,6 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_script& txin void toJsonValue(rapidjson::Writer& dest, const cryptonote::txin_to_scripthash& txin) { dest.StartObject(); - - INSERT_INTO_JSON_OBJECT(dest, prev, txin.prev); - INSERT_INTO_JSON_OBJECT(dest, prevout, txin.prevout); - INSERT_INTO_JSON_OBJECT(dest, script, txin.script); - INSERT_INTO_JSON_OBJECT(dest, sigset, txin.sigset); - dest.EndObject(); } @@ -474,11 +468,6 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_scripthash& { throw WRONG_TYPE("json object"); } - - GET_FROM_JSON_OBJECT(val, txin.prev, prev); - GET_FROM_JSON_OBJECT(val, txin.prevout, prevout); - GET_FROM_JSON_OBJECT(val, txin.script, script); - GET_FROM_JSON_OBJECT(val, txin.sigset, sigset); } void toJsonValue(rapidjson::Writer& dest, const cryptonote::txin_to_key& txin) @@ -505,25 +494,27 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_key& txin) } -void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_to_script& txout) +void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_to_carrot_v1& txout) { dest.StartObject(); - INSERT_INTO_JSON_OBJECT(dest, keys, txout.keys); - INSERT_INTO_JSON_OBJECT(dest, script, txout.script); + INSERT_INTO_JSON_OBJECT(dest, key, txout.key); + INSERT_INTO_JSON_OBJECT(dest, view_tag, txout.view_tag); + INSERT_INTO_JSON_OBJECT(dest, encrypted_janus_anchor, txout.encrypted_janus_anchor); dest.EndObject(); } -void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_script& txout) +void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_carrot_v1& txout) { if (!val.IsObject()) { throw WRONG_TYPE("json object"); } - GET_FROM_JSON_OBJECT(val, txout.keys, keys); - GET_FROM_JSON_OBJECT(val, txout.script, script); + GET_FROM_JSON_OBJECT(val, txout.key, key); + GET_FROM_JSON_OBJECT(val, txout.view_tag, view_tag); + GET_FROM_JSON_OBJECT(val, txout.encrypted_janus_anchor, encrypted_janus_anchor); } @@ -606,9 +597,9 @@ void toJsonValue(rapidjson::Writer& dest, const cryptonote::t { INSERT_INTO_JSON_OBJECT(dest, to_tagged_key, output); } - void operator()(cryptonote::txout_to_script const& output) const + void operator()(cryptonote::txout_to_carrot_v1 const& output) const { - INSERT_INTO_JSON_OBJECT(dest, to_script, output); + INSERT_INTO_JSON_OBJECT(dest, to_carrot_v1, output); } void operator()(cryptonote::txout_to_scripthash const& output) const { @@ -650,9 +641,9 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::tx_out& txout) fromJsonValue(elem.value, tmpVal); txout.target = std::move(tmpVal); } - else if (elem.name == "to_script") + else if (elem.name == "to_carrot_v1") { - cryptonote::txout_to_script tmpVal; + cryptonote::txout_to_carrot_v1 tmpVal; fromJsonValue(elem.value, tmpVal); txout.target = std::move(tmpVal); } diff --git a/src/serialization/json_object.h b/src/serialization/json_object.h index 3dfff3336c4..4a9dff563ed 100644 --- a/src/serialization/json_object.h +++ b/src/serialization/json_object.h @@ -221,8 +221,8 @@ void fromJsonValue(const rapidjson::Value& val, cryptonote::txin_to_key& txin); void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_target_v& txout); void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_target_v& txout); -void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_to_script& txout); -void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_script& txout); +void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_to_carrot_v1& txout); +void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_carrot_v1& txout); void toJsonValue(rapidjson::Writer& dest, const cryptonote::txout_to_scripthash& txout); void fromJsonValue(const rapidjson::Value& val, cryptonote::txout_to_scripthash& txout); diff --git a/tests/core_tests/tx_validation.cpp b/tests/core_tests/tx_validation.cpp index 48f2064b05b..10c506deb9d 100644 --- a/tests/core_tests/tx_validation.cpp +++ b/tests/core_tests/tx_validation.cpp @@ -731,19 +731,6 @@ bool gen_tx_output_is_not_txout_to_key::generate(std::vector& builder.step1_init(); builder.step2_fill_inputs(miner_account.get_keys(), sources); - builder.m_tx.vout.push_back(tx_out()); - builder.m_tx.vout.back().amount = 1; - builder.m_tx.vout.back().target = txout_to_script(); - - builder.step4_calc_hash(); - builder.step5_sign(sources); - - DO_CALLBACK(events, "mark_invalid_tx"); - events.push_back(builder.m_tx); - - builder.step1_init(); - builder.step2_fill_inputs(miner_account.get_keys(), sources); - builder.m_tx.vout.push_back(tx_out()); builder.m_tx.vout.back().amount = 1; builder.m_tx.vout.back().target = txout_to_scripthash(); diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt index 93aba5a237f..df90e67ea46 100644 --- a/tests/unit_tests/CMakeLists.txt +++ b/tests/unit_tests/CMakeLists.txt @@ -39,6 +39,7 @@ set(unit_tests_sources bulletproofs_plus.cpp canonical_amounts.cpp carrot_core.cpp + carrot_impl.cpp carrot_legacy.cpp carrot_transcript_fixed.cpp chacha.cpp @@ -118,6 +119,7 @@ target_link_libraries(unit_tests PRIVATE ringct carrot_core + carrot_impl cryptonote_protocol cryptonote_core daemon_messages diff --git a/tests/unit_tests/carrot_impl.cpp b/tests/unit_tests/carrot_impl.cpp new file mode 100644 index 00000000000..b9cfc5b81f4 --- /dev/null +++ b/tests/unit_tests/carrot_impl.cpp @@ -0,0 +1,683 @@ +// Copyright (c) 2024, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include "gtest/gtest.h" + +#include + +#include "carrot_core/account_secrets.h" +#include "carrot_core/address_utils.h" +#include "carrot_core/carrot_enote_scan.h" +#include "carrot_core/destination.h" +#include "carrot_core/device_ram_borrowed.h" +#include "carrot_core/enote_utils.h" +#include "carrot_core/output_set_finalization.h" +#include "carrot_core/payment_proposal.h" +#include "carrot_impl/carrot_tx_format_utils.h" +#include "common/container_helpers.h" +#include "crypto/generators.h" +#include "cryptonote_basic/account.h" +#include "cryptonote_basic/subaddress_index.h" +#include "ringct/rctOps.h" + +using namespace carrot; + +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +namespace +{ +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static constexpr std::uint32_t MAX_SUBADDRESS_MAJOR_INDEX = 50; +static constexpr std::uint32_t MAX_SUBADDRESS_MINOR_INDEX = 200; +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +struct mock_carrot_or_legacy_keys +{ + bool is_carrot; + + crypto::secret_key s_master; + crypto::secret_key k_prove_spend; + crypto::secret_key s_view_balance; + crypto::secret_key k_generate_image; + crypto::secret_key k_view; + crypto::secret_key s_generate_address; + crypto::public_key account_spend_pubkey; + crypto::public_key account_view_pubkey; + crypto::public_key main_address_view_pubkey; + + cryptonote::account_base legacy_acb; + + view_incoming_key_ram_borrowed_device k_view_dev; + view_balance_secret_ram_borrowed_device s_view_balance_dev; + + mock_carrot_or_legacy_keys(): k_view_dev(k_view), s_view_balance_dev(s_view_balance) {} + + void generate_carrot() + { + is_carrot = true; + crypto::generate_random_bytes_thread_safe(sizeof(crypto::secret_key), to_bytes(s_master)); + make_carrot_provespend_key(s_master, k_prove_spend); + make_carrot_viewbalance_secret(s_master, s_view_balance); + make_carrot_generateimage_key(s_view_balance, k_generate_image); + make_carrot_viewincoming_key(s_view_balance, k_view); + make_carrot_generateaddress_secret(s_view_balance, s_generate_address); + make_carrot_spend_pubkey(k_generate_image, k_prove_spend, account_spend_pubkey); + account_view_pubkey = rct::rct2pk(rct::scalarmultKey(rct::pk2rct(account_spend_pubkey), + rct::sk2rct(k_view))); + main_address_view_pubkey = rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k_view))); + } + + void generate_legacy() + { + is_carrot = false; + legacy_acb.generate(); + k_view = legacy_acb.get_keys().m_view_secret_key; + } + + CarrotDestinationV1 cryptonote_address(const payment_id_t payment_id = null_payment_id) const + { + CarrotDestinationV1 addr; + if (is_carrot) + { + make_carrot_integrated_address_v1(account_spend_pubkey, + main_address_view_pubkey, + payment_id, + addr); + } + else + { + make_carrot_integrated_address_v1(legacy_acb.get_keys().m_account_address.m_spend_public_key, + legacy_acb.get_keys().m_account_address.m_view_public_key, + payment_id, + addr); + } + return addr; + } + + CarrotDestinationV1 subaddress(const uint32_t major_index, const uint32_t minor_index) const + { + if (!major_index && !minor_index) + return cryptonote_address(); + + CarrotDestinationV1 addr; + if (is_carrot) + { + make_carrot_subaddress_v1(account_spend_pubkey, + account_view_pubkey, + s_generate_address, + major_index, + minor_index, + addr); + } + else + { + const cryptonote::account_keys &ks = legacy_acb.get_keys(); + const cryptonote::account_public_address cnaddr = + ks.m_device->get_subaddress(ks, {major_index, minor_index}); + addr = CarrotDestinationV1{ + .address_spend_pubkey = cnaddr.m_spend_public_key, + .address_view_pubkey = cnaddr.m_view_public_key, + .is_subaddress = true, + .payment_id = null_payment_id + }; + } + return addr; + } + + void get_output_enote_proposals_as_self_sender(std::vector &&normal_payment_proposals, + std::vector &&selfsend_payment_proposals, + const crypto::key_image &tx_first_key_image, + std::vector &output_enote_proposals_out, + encrypted_payment_id_t &encrypted_payment_id_out) const + { + const crypto::public_key &account_spend_pubkey = is_carrot + ? this->account_spend_pubkey : legacy_acb.get_keys().m_account_address.m_spend_public_key; + + get_output_enote_proposals(std::forward>(normal_payment_proposals), + std::forward>(selfsend_payment_proposals), + is_carrot ? &s_view_balance_dev : nullptr, + is_carrot ? nullptr : &k_view_dev, + account_spend_pubkey, + tx_first_key_image, + output_enote_proposals_out, + encrypted_payment_id_out); + } + + // brief: opening_for_subaddress - return (k^g_a, k^t_a) for j s.t. K^j_s = (k^g_a * G + k^t_a * T) + void opening_for_subaddress(const uint32_t major_index, + const uint32_t minor_index, + crypto::secret_key &address_privkey_g_out, + crypto::secret_key &address_privkey_t_out, + crypto::public_key &address_spend_pubkey_out) const + { + const bool is_subaddress = major_index || minor_index; + + if (is_carrot) + { + // s^j_gen = H_32[s_ga](j_major, j_minor) + crypto::secret_key address_index_generator; + make_carrot_index_extension_generator(s_generate_address, minor_index, minor_index, address_index_generator); + + crypto::secret_key subaddress_scalar; + if (is_subaddress) + { + // k^j_subscal = H_n(K_s, j_major, j_minor, s^j_gen) + make_carrot_subaddress_scalar(account_spend_pubkey, address_index_generator, major_index, minor_index, subaddress_scalar); + } + else + { + subaddress_scalar.data[0] = 1; + } + + // k^g_a = k_gi * k^j_subscal + sc_mul(to_bytes(address_privkey_g_out), to_bytes(k_generate_image), to_bytes(subaddress_scalar)); + + // k^t_a = k_ps * k^j_subscal + sc_mul(to_bytes(address_privkey_t_out), to_bytes(k_prove_spend), to_bytes(subaddress_scalar)); + } + else // legacy keys + { + // m = Hn(k_v || j_major || j_minor) + const cryptonote::account_keys &ks = legacy_acb.get_keys(); + const crypto::secret_key subaddress_extension = + ks.get_device().get_subaddress_secret_key(ks.m_view_secret_key, {major_index, minor_index}); + + // k^g_a = k_s + m + sc_add(to_bytes(address_privkey_g_out), to_bytes(ks.m_spend_secret_key), to_bytes(subaddress_extension)); + + // k^t_a = 0 + memset(address_privkey_t_out.data, 0, sizeof(address_privkey_t_out)); + } + + // perform sanity check + const CarrotDestinationV1 addr = subaddress(major_index, minor_index); + rct::key recomputed_address_spend_pubkey; + rct::addKeys2(recomputed_address_spend_pubkey, + rct::sk2rct(address_privkey_g_out), + rct::sk2rct(address_privkey_t_out), + rct::pk2rct(crypto::get_T())); + CHECK_AND_ASSERT_THROW_MES(rct::rct2pk(recomputed_address_spend_pubkey) == addr.address_spend_pubkey, + "mock carrot or legacy keys: opening for subaddress: failed sanity check"); + address_spend_pubkey_out = addr.address_spend_pubkey; + } + + bool try_searching_for_opening_for_subaddress(const crypto::public_key &address_spend_pubkey, + const uint32_t max_major_index, + const uint32_t max_minor_index, + uint32_t major_index_out, + uint32_t minor_index_out, + crypto::secret_key &address_privkey_g_out, + crypto::secret_key &address_privkey_t_out) const + { + // shittier version of a subaddress lookahead table + + for (major_index_out = 0; major_index_out < max_major_index; ++major_index_out) + { + for (minor_index_out = 0; minor_index_out < max_minor_index; ++minor_index_out) + { + crypto::public_key recomputed_address_spend_pubkey; + opening_for_subaddress(major_index_out, + minor_index_out, + address_privkey_g_out, + address_privkey_t_out, + recomputed_address_spend_pubkey); + if (address_spend_pubkey == recomputed_address_spend_pubkey) + return true; + } + } + + return false; + } +}; +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static bool can_open_fcmp_onetime_address(const crypto::secret_key &address_privkey_g, + const crypto::secret_key &address_privkey_t, + const crypto::secret_key &sender_extension_g, + const crypto::secret_key &sender_extension_t, + const crypto::public_key &onetime_address) +{ + rct::key combined_g; + sc_add(combined_g.bytes, to_bytes(address_privkey_g), to_bytes(sender_extension_g)); + + rct::key combined_t; + sc_add(combined_t.bytes, to_bytes(address_privkey_t), to_bytes(sender_extension_t)); + + // Ko' = combined_g G + combined_t T + rct::key recomputed_onetime_address; + rct::addKeys2(recomputed_onetime_address, combined_g, combined_t, rct::pk2rct(crypto::get_T())); + + // Ko' ?= Ko + return recomputed_onetime_address == onetime_address; +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +struct unittest_carrot_scan_result_t +{ + crypto::public_key address_spend_pubkey = rct::rct2pk(rct::I); + crypto::secret_key sender_extension_g = rct::rct2sk(rct::I); + crypto::secret_key sender_extension_t = rct::rct2sk(rct::I); + + rct::xmr_amount amount = 0; + crypto::secret_key amount_blinding_factor = rct::rct2sk(rct::I); + + CarrotEnoteType enote_type = CarrotEnoteType::PAYMENT; + + payment_id_t payment_id = null_payment_id; + + janus_anchor_t internal_message = janus_anchor_t{}; + + size_t output_index = 0; +}; +static void unittest_scan_enote_set(const std::vector &enotes, + const encrypted_payment_id_t encrypted_payment_id, + const mock_carrot_or_legacy_keys keys, + std::vector &res) +{ + res.clear(); + + // for each enote... + for (size_t output_index = 0; output_index < enotes.size(); ++output_index) + { + const CarrotEnoteV1 &enote = enotes.at(output_index); + + // s_sr = k_v D_e + mx25519_pubkey s_sr; + make_carrot_uncontextualized_shared_key_receiver(keys.k_view, enote.enote_ephemeral_pubkey, s_sr); + + // external scan + unittest_carrot_scan_result_t scan_result{}; + bool r = try_scan_carrot_enote_external(enote, + encrypted_payment_id, + s_sr, + keys.k_view_dev, + keys.account_spend_pubkey, + scan_result.sender_extension_g, + scan_result.sender_extension_t, + scan_result.address_spend_pubkey, + scan_result.amount, + scan_result.amount_blinding_factor, + scan_result.payment_id, + scan_result.enote_type); + + // internal scan + r = r || try_scan_carrot_enote_internal(enote, + keys.s_view_balance_dev, + scan_result.sender_extension_g, + scan_result.sender_extension_t, + scan_result.address_spend_pubkey, + scan_result.amount, + scan_result.amount_blinding_factor, + scan_result.enote_type, + scan_result.internal_message); + + scan_result.output_index = output_index; + + if (r) + res.push_back(scan_result); + } +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static void unittest_scan_enote_set_multi_account(const std::vector &enotes, + const encrypted_payment_id_t encrypted_payment_id, + const epee::span accounts, + std::vector> &res) +{ + res.clear(); + res.reserve(accounts.size()); + + for (const mock_carrot_or_legacy_keys *account : accounts) + unittest_scan_enote_set(enotes, encrypted_payment_id, *account, tools::add_element(res)); +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static bool compare_scan_result(const unittest_carrot_scan_result_t &scan_res, + const CarrotPaymentProposalV1 &normal_payment_proposal) +{ + if (scan_res.address_spend_pubkey != normal_payment_proposal.destination.address_spend_pubkey) + return false; + + if (scan_res.amount != normal_payment_proposal.amount) + return false; + + if (scan_res.enote_type != CarrotEnoteType::PAYMENT) + return false; + + if (scan_res.payment_id != normal_payment_proposal.destination.payment_id) + return false; + + if (scan_res.internal_message != janus_anchor_t{}) + return false; + + return true; +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static bool compare_scan_result(const unittest_carrot_scan_result_t &scan_res, + const CarrotPaymentProposalSelfSendV1 &selfsend_payment_proposal) +{ + if (scan_res.address_spend_pubkey != selfsend_payment_proposal.destination_address_spend_pubkey) + return false; + + if (scan_res.amount != selfsend_payment_proposal.amount) + return false; + + if (scan_res.enote_type != selfsend_payment_proposal.enote_type) + return false; + + if (scan_res.payment_id != null_payment_id) + return false; + + if (scan_res.internal_message != selfsend_payment_proposal.internal_message.value_or(janus_anchor_t{})) + return false; + + return true; +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +struct unittest_transaction_proposal +{ + using per_account = std::pair>; + using per_input = std::pair; + + std::vector per_account_payments; + std::vector explicit_selfsend_proposals; + size_t self_sender_index{0}; + rct::xmr_amount fee; + std::vector inputs; + + tools::optional_variant + get_additional_output_proposal() const + { + boost::multiprecision::uint128_t input_sum = 0; + for (const per_input &input : inputs) + input_sum += input.second; + + CHECK_AND_ASSERT_THROW_MES(inputs.size(), "we need at least one input"); + CHECK_AND_ASSERT_THROW_MES(per_account_payments.at(self_sender_index).second.empty(), + "self-sender shouldn't contain any normal payment proposals in their own tx"); + + input_context_t input_context; + make_carrot_input_context(inputs.front().first, input_context); + + size_t num_payment_proposals = 0; + boost::multiprecision::uint128_t output_sum = fee; + bool has_payment_selfsend = false; + mx25519_pubkey other_enote_ephemeral_pubkey; + for (const per_account &per_acc : per_account_payments) + { + for (const CarrotPaymentProposalV1 &payment_proposal : per_acc.second) + { + output_sum += payment_proposal.amount; + other_enote_ephemeral_pubkey = get_enote_ephemeral_pubkey(payment_proposal, input_context); + num_payment_proposals++; + } + } + for (const CarrotPaymentProposalSelfSendV1 &selfsend_proposal : explicit_selfsend_proposals) + { + output_sum += selfsend_proposal.amount; + other_enote_ephemeral_pubkey = selfsend_proposal.enote_ephemeral_pubkey; + if (selfsend_proposal.enote_type == CarrotEnoteType::PAYMENT) + has_payment_selfsend = true; + } + + CHECK_AND_ASSERT_THROW_MES(input_sum >= output_sum, "not enough funds"); + + const rct::xmr_amount remaining_change = boost::numeric_cast(input_sum - output_sum); + + return carrot::get_additional_output_proposal(num_payment_proposals, + explicit_selfsend_proposals.size(), + remaining_change, + has_payment_selfsend, + per_account_payments.at(self_sender_index).first.cryptonote_address().address_spend_pubkey, + other_enote_ephemeral_pubkey); + } + + void finalize_payment_proposals(std::vector &normal_payment_proposals_out, + std::vector &selfsend_payment_proposals_out) const + { + for (const per_account &pa : per_account_payments) + { + normal_payment_proposals_out.insert(normal_payment_proposals_out.end(), + pa.second.cbegin(), + pa.second.cend()); + } + + selfsend_payment_proposals_out = explicit_selfsend_proposals; + + const auto additional_proposal = get_additional_output_proposal(); + struct additional_proposal_visitor + { + void operator()(boost::blank) {} + void operator()(const CarrotPaymentProposalV1 &p) { normal_payment_proposals_out.push_back(p); } + void operator()(const CarrotPaymentProposalSelfSendV1 &p) { selfsend_payment_proposals_out.push_back(p); } + + std::vector &normal_payment_proposals_out; + std::vector &selfsend_payment_proposals_out; + }; + + additional_proposal.visit(additional_proposal_visitor{normal_payment_proposals_out, selfsend_payment_proposals_out}); + } +}; +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +} // namespace +static inline bool operator==(const mx25519_pubkey &a, const mx25519_pubkey &b) +{ + return 0 == memcmp(&a, &b, sizeof(mx25519_pubkey)); +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +static void subtest_multi_account_transfer_over_transaction(const unittest_transaction_proposal &tx_proposal) +{ + // finalize payment proposals + std::vector normal_payment_proposals; + std::vector selfsend_payment_proposals; + tx_proposal.finalize_payment_proposals(normal_payment_proposals, selfsend_payment_proposals); + + // convert to enotes and pid_enc + std::vector enote_output_proposals; + encrypted_payment_id_t encrypted_payment_id; + tx_proposal.per_account_payments.at(tx_proposal.self_sender_index).first.get_output_enote_proposals_as_self_sender( + std::move(normal_payment_proposals), // move + std::vector(selfsend_payment_proposals), // copy (tested later) + tx_proposal.inputs.at(0).first, + enote_output_proposals, + encrypted_payment_id); + + // collect enotes + std::vector enotes; + for (const RCTOutputEnoteProposal &oep : enote_output_proposals) + enotes.push_back(oep.enote); + + // collect key images + std::vector key_images; + for (const auto &i : tx_proposal.inputs) + key_images.push_back(i.first); + + // stuff carrot info into tx + const cryptonote::transaction tx = store_carrot_to_transaction_v1(enotes, + key_images, + tx_proposal.fee, + encrypted_payment_id); + + // load carrot stuff from tx + std::vector parsed_enotes; + std::vector parsed_key_images; + rct::xmr_amount parsed_fee; + std::optional parsed_encrypted_payment_id; + ASSERT_TRUE(try_load_carrot_from_transaction_v1(tx, + parsed_enotes, + parsed_key_images, + parsed_fee, + parsed_encrypted_payment_id)); + + // check loaded carrot stuff == stored carrot stuff + EXPECT_EQ(enotes, parsed_enotes); + EXPECT_EQ(key_images, parsed_key_images); + EXPECT_EQ(tx_proposal.fee, parsed_fee); + ASSERT_TRUE(parsed_encrypted_payment_id); + EXPECT_EQ(encrypted_payment_id, *parsed_encrypted_payment_id); + + // collect accounts + std::vector accounts; + for (const auto &pa : tx_proposal.per_account_payments) + accounts.push_back(&pa.first); + + // do scanning of all accounts on every enotes + std::vector> scan_results; + unittest_scan_enote_set_multi_account(parsed_enotes, + *parsed_encrypted_payment_id, + epee::to_span(accounts), + scan_results); + + // assert properties of finalized selfsend payment proposals as compared to explicit selfsend payment proposals + ASSERT_GE(selfsend_payment_proposals.size(), tx_proposal.explicit_selfsend_proposals.size()); + for (size_t i = 0; i < tx_proposal.explicit_selfsend_proposals.size(); ++i) + { + EXPECT_EQ(tx_proposal.explicit_selfsend_proposals.at(i), selfsend_payment_proposals.at(i)); + } + + // check that the scan results for each account match the corresponding payment proposals for each account + // also check that the accounts can each open their corresponding onetime outut pubkeys + ASSERT_EQ(scan_results.size(), accounts.size()); + for (size_t account_idx = 0; account_idx < accounts.size(); ++account_idx) + { + const std::vector &account_scan_results = scan_results.at(account_idx); + if (account_idx == tx_proposal.self_sender_index) + { + ASSERT_EQ(selfsend_payment_proposals.size(), account_scan_results.size()); + for (const unittest_carrot_scan_result_t &single_scan_res : account_scan_results) + { + bool matched_payment = false; + for (const CarrotPaymentProposalSelfSendV1 &account_payment_proposal : selfsend_payment_proposals) + { + if (compare_scan_result(single_scan_res, account_payment_proposal)) + { + crypto::secret_key address_privkey_g; + crypto::secret_key address_privkey_t; + uint32_t _1{}, _2{}; + EXPECT_TRUE(accounts.at(account_idx)->try_searching_for_opening_for_subaddress( + single_scan_res.address_spend_pubkey, + MAX_SUBADDRESS_MAJOR_INDEX, + MAX_SUBADDRESS_MINOR_INDEX, + _1, + _2, + address_privkey_g, + address_privkey_t)); + + EXPECT_TRUE(can_open_fcmp_onetime_address(address_privkey_g, + address_privkey_t, + single_scan_res.sender_extension_g, + single_scan_res.sender_extension_t, + parsed_enotes.at(single_scan_res.output_index).onetime_address)); + + matched_payment = true; + break; + } + } + EXPECT_TRUE(matched_payment); + } + } + else + { + const std::vector &account_payment_proposals = tx_proposal.per_account_payments.at(account_idx).second; + ASSERT_EQ(account_payment_proposals.size(), account_scan_results.size()); + for (const unittest_carrot_scan_result_t &single_scan_res : account_scan_results) + { + bool matched_payment = false; + for (const CarrotPaymentProposalV1 &account_payment_proposal : account_payment_proposals) + { + if (compare_scan_result(single_scan_res, account_payment_proposal)) + { + crypto::secret_key address_privkey_g; + crypto::secret_key address_privkey_t; + uint32_t _1{}, _2{}; + EXPECT_TRUE(accounts.at(account_idx)->try_searching_for_opening_for_subaddress( + single_scan_res.address_spend_pubkey, + MAX_SUBADDRESS_MAJOR_INDEX, + MAX_SUBADDRESS_MINOR_INDEX, + _1, + _2, + address_privkey_g, + address_privkey_t)); + + EXPECT_TRUE(can_open_fcmp_onetime_address(address_privkey_g, + address_privkey_t, + single_scan_res.sender_extension_g, + single_scan_res.sender_extension_t, + parsed_enotes.at(single_scan_res.output_index).onetime_address)); + + matched_payment = true; + break; + } + } + EXPECT_TRUE(matched_payment); + } + } + } +} +//---------------------------------------------------------------------------------------------------------------------- +//---------------------------------------------------------------------------------------------------------------------- +TEST(carrot_impl, multi_account_transfer_over_transaction_1) +{ + // two accounts, both carrot + // 1/2 tx + // 1 normal payment to main address + // 0 explicit selfsend payments + + unittest_transaction_proposal tx_proposal; + tx_proposal.per_account_payments.resize(2); + mock_carrot_or_legacy_keys &acc0 = tx_proposal.per_account_payments[0].first; + mock_carrot_or_legacy_keys &acc1 = tx_proposal.per_account_payments[1].first; + acc0.generate_carrot(); + acc1.generate_carrot(); + + // 1 normal payment + CarrotPaymentProposalV1 &normal_payment_proposal = tools::add_element( tx_proposal.per_account_payments[0].second); + normal_payment_proposal = CarrotPaymentProposalV1{ + .destination = acc0.cryptonote_address(), + .amount = crypto::rand_idx((rct::xmr_amount) 1ull << 63), + .randomness = gen_janus_anchor() + }; + + // specify self-sender + tx_proposal.self_sender_index = 1; + + // specify input + tx_proposal.inputs.emplace_back(rct::rct2ki(rct::pkGen()), normal_payment_proposal.amount | (1ull << 63)); + + // specify fee + tx_proposal.fee = 3853481201; + + // test + subtest_multi_account_transfer_over_transaction(tx_proposal); +} +//----------------------------------------------------------------------------------------------------------------------