xmr: out_pk_masks changed to out_pk_commitments

src/apps/monero/protocol/signing/state.py

@@ -85,9 +85,7 @@ def __init__(self, ctx):
         self.summary_outs_money = 0
 
         # output commitments
-        # using 'masks' in the name is quite unfortunate because this
-        # actually does not contain any masks, but the whole commitment
-        self.output_pk_masks = []
+        self.output_pk_commitments = []
         # masks used in the output commitment
         self.output_sk_masks = []
 

src/apps/monero/protocol/signing/step_06_set_output.py

@@ -61,7 +61,7 @@ async def set_output(state: State, dst_entr, dst_entr_hmac, rsig_data):
     tx_out_bin, hmac_vouti = await _set_out_tx_out(state, dst_entr, tx_out_key)
     state.mem_trace(11, True)
 
-    out_pk, ecdh_info_bin = _get_ecdh_info_and_out_pk(
+    out_pk_dest, out_pk_commitment, ecdh_info_bin = _get_ecdh_info_and_out_pk(
         state=state,
         tx_out_key=tx_out_key,
         amount=dst_entr.amount,
@@ -77,18 +77,18 @@ async def set_output(state: State, dst_entr, dst_entr_hmac, rsig_data):
     state.full_message_hasher.set_ecdh(ecdh_info_bin)
     state.mem_trace(13, True)
 
-    # Output_pk is stored to the state as it is used during the signature and hashed to the
+    # output_pk_commitment is stored to the state as it is used during the signature and hashed to the
     # RctSigBase later. No need to store amount, it was already stored.
-    state.output_pk_masks.append(out_pk.mask)
+    state.output_pk_commitments.append(out_pk_commitment)
     state.mem_trace(14, True)
 
     from trezor.messages.MoneroTransactionSetOutputAck import (
         MoneroTransactionSetOutputAck,
     )
 
     out_pk_bin = bytearray(64)
-    utils.memcpy(out_pk_bin, 0, out_pk.dest, 0, 32)
-    utils.memcpy(out_pk_bin, 32, out_pk.mask, 0, 32)
+    utils.memcpy(out_pk_bin, 0, out_pk_dest, 0, 32)
+    utils.memcpy(out_pk_bin, 32, out_pk_commitment, 0, 32)
 
     return MoneroTransactionSetOutputAck(
         tx_out=tx_out_bin,
@@ -257,12 +257,9 @@ def _get_ecdh_info_and_out_pk(state: State, tx_out_key, amount, mask, amount_key
     Also encodes the two items - `mask` and `amount` - into ecdh info,
     so the recipient is able to reconstruct the commitment.
     """
-    from apps.monero.xmr.serialize_messages.ct_keys import CtKey
+    out_pk_dest = crypto.encodepoint(tx_out_key)
+    out_pk_commitment = crypto.encodepoint(crypto.gen_commitment(mask, amount))
 
-    out_pk = CtKey(
-        dest=crypto.encodepoint(tx_out_key),
-        mask=crypto.encodepoint(crypto.gen_commitment(mask, amount)),
-    )
     state.sumout = crypto.sc_add(state.sumout, mask)
     state.output_sk_masks.append(mask)
 
@@ -275,7 +272,7 @@ def _get_ecdh_info_and_out_pk(state: State, tx_out_key, amount, mask, amount_key
     utils.memcpy(ecdh_info_bin, 32, ecdh_info.amount, 0, 32)
     gc.collect()
 
-    return out_pk, ecdh_info_bin
+    return out_pk_dest, out_pk_commitment, ecdh_info_bin
 
 
 def _ecdh_encode(mask, amount, amount_key):

src/apps/monero/protocol/signing/step_08_mlsag_done.py

@@ -33,8 +33,8 @@ def _out_pk(state: State):
     """
     Hashes out_pk into the full message.
     """
-    if state.output_count != len(state.output_pk_masks):
+    if state.output_count != len(state.output_pk_commitments):
         raise ValueError("Invalid number of ecdh")
 
-    for out in state.output_pk_masks:
-        state.full_message_hasher.set_out_pk_mask(out)
+    for out in state.output_pk_commitments:
+        state.full_message_hasher.set_out_pk_commitment(out)

src/apps/monero/protocol/signing/step_09_sign_input.py

@@ -153,7 +153,7 @@ async def sign_input(
             mix_ring,
             [input_secret_key],
             state.output_sk_masks,
-            state.output_pk_masks,
+            state.output_pk_commitments,
             kLRki,
             index,
             txn_fee_key,

src/apps/monero/xmr/mlsag2.py

@@ -168,7 +168,7 @@ def gen_mlsag_ext(message, pk, xx, kLRki, index, dsRows):
 
 
 def prove_rct_mg(
-    message, pubs, in_sk, out_sk_mask, out_pk_mask, kLRki, index, txn_fee_key
+    message, pubs, in_sk, out_sk_mask, out_pk_commitments, kLRki, index, txn_fee_key
 ):
     """
     c.f. http://eprint.iacr.org/2015/1098 section 4. definition 10.
@@ -188,7 +188,7 @@ def prove_rct_mg(
 
     if len(in_sk) != rows:
         raise ValueError("Bad inSk size")
-    if len(out_sk_mask) != len(out_pk_mask):
+    if len(out_sk_mask) != len(out_pk_commitments):
         raise ValueError("Bad outsk/putpk size")
 
     sk = key_vector(rows + 1)
@@ -210,15 +210,15 @@ def prove_rct_mg(
         sk[rows] = crypto.sc_add(sk[rows], in_sk[j].mask)  # add masks in last row
 
     for i in range(cols):
-        for j in range(len(out_pk_mask)):
+        for j in range(len(out_pk_commitments)):
             M[i][rows] = crypto.point_sub(
-                M[i][rows], crypto.decodepoint(out_pk_mask[j])
+                M[i][rows], crypto.decodepoint(out_pk_commitments[j])
             )  # subtract output Ci's in last row
 
         # Subtract txn fee output in last row
         M[i][rows] = crypto.point_sub(M[i][rows], txn_fee_key)
 
-    for j in range(len(out_pk_mask)):
+    for j in range(len(out_pk_commitments)):
         sk[rows] = crypto.sc_sub(
             sk[rows], out_sk_mask[j]
         )  # subtract output masks in last row

src/apps/monero/xmr/sub/mlsag_hasher.py

@@ -50,11 +50,11 @@ def set_ecdh(self, ecdh):
         self.state = 4
         self.rtcsig_hasher.buffer(ecdh)
 
-    def set_out_pk_mask(self, out_pk_mask):
+    def set_out_pk_commitment(self, out_pk_commitment):
         if self.state != 4 and self.state != 5:
             raise ValueError("State error")
         self.state = 5
-        self.rtcsig_hasher.buffer(out_pk_mask)  # ECKey
+        self.rtcsig_hasher.buffer(out_pk_commitment)  # ECKey
 
     def rctsig_base_done(self):
         if self.state != 5: