1 files changed, 109 insertions, 23 deletions

diff --git a/src/device/device_default.cpp b/src/device/device_default.cpp
index c3ba42000..d63dafe9e 100644
--- a/src/device/device_default.cpp
+++ b/src/device/device_default.cpp
@@ -31,10 +31,13 @@
 
 
 #include "device_default.hpp"
-
-#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "cryptonote_basic/account.h"
+#include "cryptonote_basic/subaddress_index.h"
 #include "ringct/rctOps.h"
 
+#define ENCRYPTED_PAYMENT_ID_TAIL 0x8d
+#define CHACHA8_KEY_TAIL 0x8c
+
 namespace hw {
 
     namespace core {
@@ -83,7 +86,14 @@ namespace hw {
         /* ======================================================================= */
 
         bool  device_default::generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key) {
-            return cryptonote::generate_chacha_key_from_secret_keys(keys, key);
+            const crypto::secret_key &view_key = keys.m_view_secret_key;
+            const crypto::secret_key &spend_key = keys.m_spend_secret_key;
+            tools::scrubbed_arr<char, sizeof(view_key) + sizeof(spend_key) + 1> data;
+            memcpy(data.data(), &view_key, sizeof(view_key));
+            memcpy(data.data() + sizeof(view_key), &spend_key, sizeof(spend_key));
+            data[sizeof(data) - 1] = CHACHA8_KEY_TAIL;
+            crypto::generate_chacha_key(data.data(), sizeof(data), key);
+            return true;
         }
         bool  device_default::get_public_address(cryptonote::account_public_address &pubkey) {
              dfns();
@@ -99,24 +109,85 @@ namespace hw {
             return crypto::derive_subaddress_public_key(out_key, derivation, output_index,derived_key);
         }
 
-        bool device_default::get_subaddress_spend_public_key(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index, crypto::public_key &D) {
-            D = cryptonote::get_subaddress_spend_public_key(keys,index);
-            return true;
+        crypto::public_key device_default::get_subaddress_spend_public_key(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) {
+            if (index.is_zero())
+              return keys.m_account_address.m_spend_public_key;
+
+            // m = Hs(a || index_major || index_minor)
+            crypto::secret_key m = get_subaddress_secret_key(keys.m_view_secret_key, index);
+
+            // M = m*G
+            crypto::public_key M;
+            crypto::secret_key_to_public_key(m, M);
+
+            // D = B + M
+            crypto::public_key D = rct::rct2pk(rct::addKeys(rct::pk2rct(keys.m_account_address.m_spend_public_key), rct::pk2rct(M)));
+            return D;
         }
 
-        bool  device_default::get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end, std::vector<crypto::public_key> &pkeys) {
-            pkeys = cryptonote::get_subaddress_spend_public_keys(keys, account, begin, end);
-            return true;
+        std::vector<crypto::public_key>  device_default::get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) {
+            CHECK_AND_ASSERT_THROW_MES(begin <= end, "begin > end");
+
+            std::vector<crypto::public_key> pkeys;
+            pkeys.reserve(end - begin);
+            cryptonote::subaddress_index index = {account, begin};
+
+            ge_p3 p3;
+            ge_cached cached;
+            CHECK_AND_ASSERT_THROW_MES(ge_frombytes_vartime(&p3, (const unsigned char*)keys.m_account_address.m_spend_public_key.data) == 0,
+                "ge_frombytes_vartime failed to convert spend public key");
+            ge_p3_to_cached(&cached, &p3);
+
+            for (uint32_t idx = begin; idx < end; ++idx)
+            {
+                index.minor = idx;
+                if (index.is_zero())
+                {
+                    pkeys.push_back(keys.m_account_address.m_spend_public_key);
+                    continue;
+                }
+                crypto::secret_key m = get_subaddress_secret_key(keys.m_view_secret_key, index);
+
+                // M = m*G
+                ge_scalarmult_base(&p3, (const unsigned char*)m.data);
+
+                // D = B + M
+                crypto::public_key D;
+                ge_p1p1 p1p1;
+                ge_add(&p1p1, &p3, &cached);
+                ge_p1p1_to_p3(&p3, &p1p1);
+                ge_p3_tobytes((unsigned char*)D.data, &p3);
+
+                pkeys.push_back(D);
+            }
+            return pkeys;
         }
 
-        bool device_default::get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index, cryptonote::account_public_address &address) {
-            address = cryptonote::get_subaddress(keys,index);
-            return true;
+        cryptonote::account_public_address device_default::get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) {
+            if (index.is_zero())
+              return keys.m_account_address;
+
+            crypto::public_key D = get_subaddress_spend_public_key(keys, index);
+
+            // C = a*D
+            crypto::public_key C = rct::rct2pk(rct::scalarmultKey(rct::pk2rct(D), rct::sk2rct(keys.m_view_secret_key)));
+
+            // result: (C, D)
+            cryptonote::account_public_address address;
+            address.m_view_public_key  = C;
+            address.m_spend_public_key = D;
+            return address;
         }
 
-        bool  device_default::get_subaddress_secret_key(const crypto::secret_key &a, const cryptonote::subaddress_index &index, crypto::secret_key &m) {
-            m = cryptonote::get_subaddress_secret_key(a,index);
-            return true;
+        crypto::secret_key  device_default::get_subaddress_secret_key(const crypto::secret_key &a, const cryptonote::subaddress_index &index) {
+            const char prefix[] = "SubAddr";
+            char data[sizeof(prefix) + sizeof(crypto::secret_key) + sizeof(cryptonote::subaddress_index)];
+            memcpy(data, prefix, sizeof(prefix));
+            memcpy(data + sizeof(prefix), &a, sizeof(crypto::secret_key));
+            memcpy(data + sizeof(prefix) + sizeof(crypto::secret_key), &index, sizeof(cryptonote::subaddress_index));
+            crypto::secret_key m;
+            crypto::hash_to_scalar(data, sizeof(data), m);
+            return m;
         }
 
         /* ======================================================================= */
@@ -124,7 +195,9 @@ namespace hw {
         /* ======================================================================= */
 
         bool  device_default::verify_keys(const crypto::secret_key &secret_key, const crypto::public_key &public_key) {
-            return cryptonote::verify_keys(secret_key, public_key);
+            crypto::public_key calculated_pub;
+            bool r = crypto::secret_key_to_public_key(secret_key, calculated_pub);
+            return r && public_key == calculated_pub;
         }
 
         bool device_default::scalarmultKey(rct::key & aP, const rct::key &P, const rct::key &a) {
@@ -142,9 +215,8 @@ namespace hw {
             return true;
         }
 
-        bool  device_default::generate_keys(crypto::public_key &pub, crypto::secret_key &sec, const crypto::secret_key& recovery_key, bool recover, crypto::secret_key &rng) {
-            rng = crypto::generate_keys(pub, sec, recovery_key, recover);
-            return true;
+        crypto::secret_key  device_default::generate_keys(crypto::public_key &pub, crypto::secret_key &sec, const crypto::secret_key& recovery_key, bool recover) {
+            return crypto::generate_keys(pub, sec, recovery_key, recover);
         }
 
         bool device_default::generate_key_derivation(const crypto::public_key &key1, const crypto::secret_key &key2, crypto::key_derivation &derivation) {
@@ -179,13 +251,13 @@ namespace hw {
         /* ======================================================================= */
 
         bool device_default::open_tx(crypto::secret_key &tx_key) {
-            cryptonote::keypair txkey = cryptonote::keypair::generate();
+            cryptonote::keypair txkey = cryptonote::keypair::generate(*this);
             tx_key = txkey.sec;
             return true;
         }
 
 
-        bool device_default::add_output_key_mapping(const crypto::public_key &Aout, const crypto::public_key &Bout, size_t real_output_index,
+        bool device_default::add_output_key_mapping(const crypto::public_key &Aout, const crypto::public_key &Bout, const bool is_subaddress, const size_t real_output_index,
                                                   const rct::key &amount_key,  const crypto::public_key &out_eph_public_key)  {
             return true;
         }
@@ -194,8 +266,22 @@ namespace hw {
             return true;
         }
 
-        bool  device_default::encrypt_payment_id(const crypto::public_key &public_key, const crypto::secret_key &secret_key, crypto::hash8 &payment_id ) {
-            return cryptonote::encrypt_payment_id(payment_id, public_key, secret_key);
+        bool  device_default::encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) {
+            crypto::key_derivation derivation;
+            crypto::hash hash;
+            char data[33]; /* A hash, and an extra byte */
+
+            if (!generate_key_derivation(public_key, secret_key, derivation))
+                return false;
+
+            memcpy(data, &derivation, 32);
+            data[32] = ENCRYPTED_PAYMENT_ID_TAIL;
+            cn_fast_hash(data, 33, hash);
+
+            for (size_t b = 0; b < 8; ++b)
+                payment_id.data[b] ^= hash.data[b];
+
+            return true;
         }
 
         bool  device_default::ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec) {