diff options
Diffstat (limited to 'src/ringct')
-rw-r--r-- | src/ringct/CMakeLists.txt | 30 | ||||
-rw-r--r-- | src/ringct/rctOps.h | 6 | ||||
-rw-r--r-- | src/ringct/rctOps_device.cpp | 66 | ||||
-rw-r--r-- | src/ringct/rctSigs.cpp | 56 | ||||
-rw-r--r-- | src/ringct/rctSigs.h | 5 |
5 files changed, 67 insertions, 96 deletions
diff --git a/src/ringct/CMakeLists.txt b/src/ringct/CMakeLists.txt index 2d3ea5cf4..c8dcdca26 100644 --- a/src/ringct/CMakeLists.txt +++ b/src/ringct/CMakeLists.txt @@ -26,21 +26,39 @@ # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -set(ringct_sources +set(ringct_basic_sources rctOps.cpp - rctOps_device.cpp - rctSigs.cpp rctTypes.cpp rctCryptoOps.c bulletproofs.cc) +set(ringct_basic_private_headers + rctOps.h + rctTypes.h + bulletproofs.h) + +monero_private_headers(ringct_basic + ${crypto_private_headers}) +monero_add_library(ringct_basic + ${ringct_basic_sources} + ${ringct_basic_private_headers}) +target_link_libraries(ringct_basic + PUBLIC + common + cncrypto + PRIVATE + ${OPENSSL_LIBRARIES} + ${EXTRA_LIBRARIES}) + +set(ringct_sources + rctSigs.cpp +) + set(ringct_headers) set(ringct_private_headers - rctOps.h rctSigs.h - rctTypes.h - bulletproofs.h) +) monero_private_headers(ringct ${crypto_private_headers}) diff --git a/src/ringct/rctOps.h b/src/ringct/rctOps.h index c9f2e7a43..3f8f6955c 100644 --- a/src/ringct/rctOps.h +++ b/src/ringct/rctOps.h @@ -112,14 +112,10 @@ namespace rct { //does a * G where a is a scalar and G is the curve basepoint void scalarmultBase(key & aG, const key &a); - void scalarmultBase(key & aG, const key &a, hw::device &hwdev); key scalarmultBase(const key & a); - key scalarmultBase(const key & a, hw::device &hwdev); //does a * P where a is a scalar and P is an arbitrary point void scalarmultKey(key &aP, const key &P, const key &a); - void scalarmultKey(key &aP, const key &P, const key &a, hw::device &hwdev); key scalarmultKey(const key &P, const key &a); - key scalarmultKey(const key &P, const key &a, hw::device &hwdev); //Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint key scalarmultH(const key & a); @@ -178,8 +174,6 @@ namespace rct { //Elliptic Curve Diffie Helman: encodes and decodes the amount b and mask a // where C= aG + bH void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec); - void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec, hw::device &hwdev); void ecdhDecode(ecdhTuple & masked, const key & sharedSec); - void ecdhDecode(ecdhTuple & masked, const key & sharedSec, hw::device &hwdev); } #endif /* RCTOPS_H */ diff --git a/src/ringct/rctOps_device.cpp b/src/ringct/rctOps_device.cpp deleted file mode 100644 index fbfe8e9cf..000000000 --- a/src/ringct/rctOps_device.cpp +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) 2017-2018, The Monero Project -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are -// permitted provided that the following conditions are met: -// -// 1. Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright notice, this list -// of conditions and the following disclaimer in the documentation and/or other -// materials provided with the distribution. -// -// 3. Neither the name of the copyright holder nor the names of its contributors may be -// used to endorse or promote products derived from this software without specific -// prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// - -#include "misc_log_ex.h" -#include "rctOps.h" -#include "device/device.hpp" -using namespace crypto; -using namespace std; - - -namespace rct -{ - void scalarmultKey(key & aP, const key &P, const key &a, hw::device &hwdev) { - hwdev.scalarmultKey(aP, P, a); - } - - key scalarmultKey(const key & P, const key & a, hw::device &hwdev) { - key aP; - hwdev.scalarmultKey(aP, P, a); - return aP; - } - - void scalarmultBase(key &aG, const key &a, hw::device &hwdev) { - hwdev.scalarmultBase(aG, a); - } - - key scalarmultBase(const key & a, hw::device &hwdev) { - key aG; - hwdev.scalarmultBase(aG, a); - return aG; - } - - void ecdhDecode(ecdhTuple & masked, const key & sharedSec, hw::device &hwdev) { - hwdev.ecdhDecode(masked, sharedSec); - } - - void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec, hw::device &hwdev) { - hwdev.ecdhEncode(unmasked, sharedSec); - } -}
\ No newline at end of file diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp index ae0ee21c8..4ecf62cec 100644 --- a/src/ringct/rctSigs.cpp +++ b/src/ringct/rctSigs.cpp @@ -35,9 +35,6 @@ #include "rctSigs.h" #include "bulletproofs.h" #include "cryptonote_basic/cryptonote_format_utils.h" -#include "cryptonote_basic/cryptonote_basic.h" -#include "cryptonote_basic/subaddress_index.h" -#include "device/device.hpp" using namespace crypto; using namespace std; @@ -118,19 +115,32 @@ namespace rct { } //see above. - bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2) { + bool verifyBorromean(const boroSig &bb, const ge_p3 P1[64], const ge_p3 P2[64]) { key64 Lv1; key chash, LL; int ii = 0; + ge_p2 p2; for (ii = 0 ; ii < 64 ; ii++) { - addKeys2(LL, bb.s0[ii], bb.ee, P1[ii]); + // equivalent of: addKeys2(LL, bb.s0[ii], bb.ee, P1[ii]); + ge_double_scalarmult_base_vartime(&p2, bb.ee.bytes, &P1[ii], bb.s0[ii].bytes); + ge_tobytes(LL.bytes, &p2); chash = hash_to_scalar(LL); - addKeys2(Lv1[ii], bb.s1[ii], chash, P2[ii]); + // equivalent of: addKeys2(Lv1[ii], bb.s1[ii], chash, P2[ii]); + ge_double_scalarmult_base_vartime(&p2, chash.bytes, &P2[ii], bb.s1[ii].bytes); + ge_tobytes(Lv1[ii].bytes, &p2); } key eeComputed = hash_to_scalar(Lv1); //hash function fine return equalKeys(eeComputed, bb.ee); } - + bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2) { + ge_p3 P1_p3[64], P2_p3[64]; + for (size_t i = 0 ; i < 64 ; ++i) { + CHECK_AND_ASSERT_MES(ge_frombytes_vartime(&P1_p3[i], P1[i].bytes) == 0, false, "point conv failed"); + CHECK_AND_ASSERT_MES(ge_frombytes_vartime(&P2_p3[i], P2[i].bytes) == 0, false, "point conv failed"); + } + return verifyBorromean(bb, P1_p3, P2_p3); + } + //Multilayered Spontaneous Anonymous Group Signatures (MLSAG signatures) //This is a just slghtly more efficient version than the ones described below //(will be explained in more detail in Ring Multisig paper @@ -336,16 +346,30 @@ namespace rct { try { PERF_TIMER(verRange); - key64 CiH; + ge_p3 CiH[64], asCi[64]; int i = 0; - key Ctmp = identity(); + ge_p3 Ctmp_p3 = ge_p3_identity; for (i = 0; i < 64; i++) { - subKeys(CiH[i], as.Ci[i], H2[i]); - addKeys(Ctmp, Ctmp, as.Ci[i]); + // faster equivalent of: + // subKeys(CiH[i], as.Ci[i], H2[i]); + // addKeys(Ctmp, Ctmp, as.Ci[i]); + ge_cached cached; + ge_p3 p3; + ge_p1p1 p1; + CHECK_AND_ASSERT_MES(ge_frombytes_vartime(&p3, H2[i].bytes) == 0, false, "point conv failed"); + ge_p3_to_cached(&cached, &p3); + CHECK_AND_ASSERT_MES(ge_frombytes_vartime(&asCi[i], as.Ci[i].bytes) == 0, false, "point conv failed"); + ge_sub(&p1, &asCi[i], &cached); + ge_p3_to_cached(&cached, &asCi[i]); + ge_p1p1_to_p3(&CiH[i], &p1); + ge_add(&p1, &Ctmp_p3, &cached); + ge_p1p1_to_p3(&Ctmp_p3, &p1); } + key Ctmp; + ge_p3_tobytes(Ctmp.bytes, &Ctmp_p3); if (!equalKeys(C, Ctmp)) return false; - if (!verifyBorromean(as.asig, as.Ci, CiH)) + if (!verifyBorromean(as.asig, asCi, CiH)) return false; return true; } @@ -669,7 +693,7 @@ namespace rct { //mask amount and mask rv.ecdhInfo[i].mask = copy(outSk[i].mask); rv.ecdhInfo[i].amount = d2h(amounts[i]); - ecdhEncode(rv.ecdhInfo[i], amount_keys[i], hwdev); + hwdev.ecdhEncode(rv.ecdhInfo[i], amount_keys[i]); } //set txn fee @@ -750,7 +774,7 @@ namespace rct { //mask amount and mask rv.ecdhInfo[i].mask = copy(outSk[i].mask); rv.ecdhInfo[i].amount = d2h(outamounts[i]); - ecdhEncode(rv.ecdhInfo[i], amount_keys[i],hwdev); + hwdev.ecdhEncode(rv.ecdhInfo[i], amount_keys[i]); } //set txn fee @@ -1007,7 +1031,7 @@ namespace rct { //mask amount and mask ecdhTuple ecdh_info = rv.ecdhInfo[i]; - ecdhDecode(ecdh_info, sk, hwdev); + hwdev.ecdhDecode(ecdh_info, sk); mask = ecdh_info.mask; key amount = ecdh_info.amount; key C = rv.outPk[i].mask; @@ -1035,7 +1059,7 @@ namespace rct { //mask amount and mask ecdhTuple ecdh_info = rv.ecdhInfo[i]; - ecdhDecode(ecdh_info, sk, hwdev); + hwdev.ecdhDecode(ecdh_info, sk); mask = ecdh_info.mask; key amount = ecdh_info.amount; key C = rv.outPk[i].mask; diff --git a/src/ringct/rctSigs.h b/src/ringct/rctSigs.h index 7485938ee..b8aab0f11 100644 --- a/src/ringct/rctSigs.h +++ b/src/ringct/rctSigs.h @@ -50,8 +50,6 @@ extern "C" { #include "rctTypes.h" #include "rctOps.h" -#include "cryptonote_basic/cryptonote_basic.h" -#include "device/device_declare.hpp" //Define this flag when debugging to get additional info on the console #ifdef DBG @@ -60,6 +58,9 @@ extern "C" { #define DP(x) #endif +namespace hw { + class device; +} namespace rct { |