rct amount key modified as per luigi1111's recommendations

This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.

2 files changed, 17 insertions, 16 deletions

diff --git a/tests/core_tests/rct.cpp b/tests/core_tests/rct.cpp
index d03e208b6..b358ce8b2 100644
--- a/tests/core_tests/rct.cpp
+++ b/tests/core_tests/rct.cpp
@@ -116,20 +116,22 @@ bool gen_rct_tx_validation_base::generate_with(std::vector<test_event_entry>& ev
     destinations.push_back(td); // 30 -> 7.39 * 4
 
     crypto::secret_key tx_key;
-    std::vector<crypto::secret_key> amount_keys;
-    bool r = construct_tx_and_get_tx_keys(miner_accounts[n].get_keys(), sources, destinations, std::vector<uint8_t>(), rct_txes[n], 0, tx_key, amount_keys, true);
+    bool r = construct_tx_and_get_tx_key(miner_accounts[n].get_keys(), sources, destinations, std::vector<uint8_t>(), rct_txes[n], 0, tx_key, true);
     CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction");
     events.push_back(rct_txes[n]);
     starting_rct_tx_hashes.push_back(get_transaction_hash(rct_txes[n]));
 
-    crypto::public_key tx_pub_key = get_tx_pub_key_from_extra(rct_txes[n]);
     for (size_t o = 0; o < 4; ++o)
     {
-      rct::key amount_key = rct::hash_to_scalar(rct::scalarmultKey(rct::pk2rct(tx_pub_key), rct::sk2rct(miner_accounts[n].get_keys().m_view_secret_key)));
+      crypto::key_derivation derivation;
+      bool r = crypto::generate_key_derivation(destinations[o].addr.m_view_public_key, tx_key, derivation);
+      CHECK_AND_ASSERT_MES(r, false, "Failed to generate key derivation");
+      crypto::secret_key amount_key;
+      crypto::derivation_to_scalar(derivation, o, amount_key);
       if (rct_txes[n].rct_signatures.type == rct::RCTTypeSimple)
-        rct::decodeRctSimpleFromSharedSecret(rct_txes[n].rct_signatures, amount_key, o, rct_tx_masks[o+n*4]);
+        rct::decodeRctSimple(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4]);
       else
-        rct::decodeRctFromSharedSecret(rct_txes[n].rct_signatures, amount_key, o, rct_tx_masks[o+n*4]);
+        rct::decodeRct(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4]);
     }
 
     CHECK_AND_ASSERT_MES(generator.construct_block_manually(blk_txes[n], blk_last, miner_account,
@@ -205,8 +207,7 @@ bool gen_rct_tx_validation_base::generate_with(std::vector<test_event_entry>& ev
 
   transaction tx;
   crypto::secret_key tx_key;
-  std::vector<crypto::secret_key> amount_keys;
-  bool r = construct_tx_and_get_tx_keys(miner_accounts[0].get_keys(), sources, destinations, std::vector<uint8_t>(), tx, 0, tx_key, amount_keys, true);
+  bool r = construct_tx_and_get_tx_key(miner_accounts[0].get_keys(), sources, destinations, std::vector<uint8_t>(), tx, 0, tx_key, true);
   CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction");
 
   if (post_tx)
diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp
index 16234ce52..224e32e61 100644
--- a/tests/unit_tests/ringct.cpp
+++ b/tests/unit_tests/ringct.cpp
@@ -196,7 +196,7 @@ TEST(ringct, range_proofs)
         ASSERT_TRUE(verRct(s));
 
         //decode received amount
-        ASSERT_TRUE(decodeRctFromSharedSecret(s, amount_keys[1], 1, mask));
+        ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask));
 
         // Ring CT with failing MG sig part should not verify!
         // Since sum of inputs != outputs
@@ -213,7 +213,7 @@ TEST(ringct, range_proofs)
         ASSERT_FALSE(verRct(s));
 
         //decode received amount
-        ASSERT_TRUE(decodeRctFromSharedSecret(s, amount_keys[1], 1, mask));
+        ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask));
 }
 
 TEST(ringct, range_proofs_with_fee)
@@ -261,7 +261,7 @@ TEST(ringct, range_proofs_with_fee)
         ASSERT_TRUE(verRct(s));
 
         //decode received amount
-        ASSERT_TRUE(decodeRctFromSharedSecret(s, amount_keys[1], 1, mask));
+        ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask));
 
         // Ring CT with failing MG sig part should not verify!
         // Since sum of inputs != outputs
@@ -278,7 +278,7 @@ TEST(ringct, range_proofs_with_fee)
         ASSERT_FALSE(verRct(s));
 
         //decode received amount
-        ASSERT_TRUE(decodeRctFromSharedSecret(s, amount_keys[1], 1, mask));
+        ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask));
 }
 
 TEST(ringct, simple)
@@ -336,7 +336,7 @@ TEST(ringct, simple)
         ASSERT_TRUE(verRctSimple(s));
 
         //decode received amount corresponding to output pubkey index 1
-        ASSERT_TRUE(decodeRctSimpleFromSharedSecret(s, amount_keys[1], 1, mask));
+        ASSERT_TRUE(decodeRctSimple(s, amount_keys[1], 1, mask));
 }
 
 static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee)
@@ -843,17 +843,17 @@ static const xmr_amount test_amounts[]={0, 1, 2, 3, 4, 5, 10000, 100000000000000
 
 TEST(ringct, ecdh_roundtrip)
 {
-  key k, P1;
+  key k;
   ecdhTuple t0, t1;
 
   for (auto amount: test_amounts) {
-    skpkGen(k, P1);
+    skGen(k);
 
     t0.mask = skGen();
     t0.amount = d2h(amount);
 
     t1 = t0;
-    ecdhEncode(t1, P1);
+    ecdhEncode(t1, k);
     ecdhDecode(t1, k);
     ASSERT_TRUE(t0.mask == t1.mask);
     ASSERT_TRUE(equalKeys(t0.mask, t1.mask));