xmr: steps 04, 05, 06 (almost) and 07 review

_range_proof in step 06 is still to be reviewed
trezor · Oct 9, 2018 · 673bf01 · 673bf01
1 parent 24c5251
commit 673bf01
Show file tree

Hide file tree

Showing 9 changed files with 233 additions and 204 deletions.
diff --git a/src/apps/monero/protocol/signing/step_04_input_vini.py b/src/apps/monero/protocol/signing/step_04_input_vini.py
@@ -1,7 +1,7 @@
 """
-Set tx.vin[i] for incremental tx prefix hash computation.
-After sorting by key images on host.
-Hashes pseudo_out to the final_message.
+This step successively hashes the inputs in the order
+received in the previous step.
+Also hashes `pseudo_out` to the final_message.
 """
 
 from .state import State
@@ -10,9 +10,19 @@
 from apps.monero.protocol import hmac_encryption_keys
 from apps.monero.xmr import common, crypto
 
+if False:
+    from trezor.messages.MoneroTransactionSourceEntry import (
+        MoneroTransactionSourceEntry,
+    )
+
 
 async def input_vini(
-    state: State, src_entr, vini_bin, hmac, pseudo_out, pseudo_out_hmac
+    state: State,
+    src_entr: MoneroTransactionSourceEntry,
+    vini_bin: bytes,
+    vini_hmac: bytes,
+    pseudo_out: bytes,
+    pseudo_out_hmac: bytes,
 ):
     from trezor.messages.MoneroTransactionInputViniAck import (
         MoneroTransactionInputViniAck,
@@ -21,43 +31,39 @@ async def input_vini(
     await confirms.transaction_step(
         state.ctx, state.STEP_VINI, state.current_input_index + 1, state.input_count
     )
-
     if state.current_input_index >= state.input_count:
         raise ValueError("Too many inputs")
 
     state.current_input_index += 1
 
     # HMAC(T_in,i || vin_i)
-    hmac_vini = await hmac_encryption_keys.gen_hmac_vini(
+    hmac_vini_comp = await hmac_encryption_keys.gen_hmac_vini(
         state.key_hmac,
         src_entr,
         vini_bin,
         state.source_permutation[state.current_input_index],
     )
-    if not common.ct_equal(hmac_vini, hmac):
+    if not common.ct_equal(hmac_vini_comp, vini_hmac):
         raise ValueError("HMAC is not correct")
 
-    hash_vini_pseudo_out(
-        state, vini_bin, state.current_input_index, pseudo_out, pseudo_out_hmac
-    )
+    """
+    Incremental hasing of tx.vin[i]
+    """
+    state.tx_prefix_hasher.buffer(vini_bin)
+
+    # in monero version >= 8 pseudo outs were moved to a different place
+    # use_bulletproofs implies version >= 8
+    if state.use_simple_rct and not state.use_bulletproof:
+        _hash_vini_pseudo_out(state, pseudo_out, pseudo_out_hmac)
 
-    # TODO check input count?
     return MoneroTransactionInputViniAck()
 
 
-def hash_vini_pseudo_out(
-    state: State, vini_bin, inp_idx, pseudo_out=None, pseudo_out_hmac=None
-):
+def _hash_vini_pseudo_out(state: State, pseudo_out: bytes, pseudo_out_hmac: bytes):
     """
-    Incremental hasing of tx.vin[i] and pseudo output
+    Incremental hasing of pseudo output. Only applicable for simple rct.
     """
-    state.tx_prefix_hasher.buffer(vini_bin)
-
-    # Pseudo_out incremental hashing - applicable only in simple rct
-    if not state.use_simple_rct or state.use_bulletproof:
-        return
-
-    idx = state.source_permutation[inp_idx]
+    idx = state.source_permutation[state.current_input_index]
     pseudo_out_hmac_comp = crypto.compute_hmac(
         hmac_encryption_keys.hmac_key_txin_comm(state.key_hmac, idx), pseudo_out
     )

diff --git a/...ro/protocol/signing/step_05_all_in_set.py → ...rotocol/signing/step_05_all_inputs_set.py b/...ro/protocol/signing/step_05_all_in_set.py → ...rotocol/signing/step_05_all_inputs_set.py
@@ -1,5 +1,6 @@
 """
-All inputs set. Defining rsig parameters.
+All inputs set. Defining range signature parameters.
+If in the applicable offloading mode, generate commitment masks.
 """
 
 from trezor import utils
@@ -10,12 +11,9 @@
 from apps.monero.xmr import crypto
 
 
-async def all_in_set(state: State, rsig_data):  # todo: rsig_data not used?
-    """
-    If in the applicable offloading mode, generate commitment masks.
-    """
+async def all_inputs_set(state: State):
     state.mem_trace(0)
-    # state.state.input_all_done() todo check if needed?
+
     await confirms.transaction_step(state.ctx, state.STEP_ALL_IN)
 
     from trezor.messages.MoneroTransactionAllInputsSetAck import (
@@ -31,6 +29,7 @@ async def all_in_set(state: State, rsig_data):  # todo: rsig_data not used?
 
     # Simple range proof offloading
     # Generate random commitment masks that sum to the input mask sum.
+    # TODO review together with step 6
     tmp_buff = bytearray(32)
     rsig_data.mask = bytearray(32 * state.output_count)
     state.sumout = crypto.sc_init(0)