enote_record_utils compiles

jeffro256 · Jun 4, 2024 · fa2947e · fa2947e
1 parent 5ffc4f8
commit fa2947e
Show file tree

Hide file tree

Showing 17 changed files with 506 additions and 427 deletions.
diff --git a/src/seraphis_core/jamtis_account_secrets.h b/src/seraphis_core/jamtis_account_secrets.h
@@ -84,7 +84,7 @@ void make_jamtis_generateimage_key(const crypto::secret_key &s_view_balance,
 * param: s_view_balance - s_vb
 * outparam: d_unlock_received_out - d_ur
 */
-void make_jamtis_unlockreceived_key(const crypto::secret_key &k_view_balance,
+void make_jamtis_unlockreceived_key(const crypto::secret_key &s_view_balance,
     crypto::x25519_secret_key &d_view_received_out);
 /**
  * brief make_jamtis_exchangebase_pubkey - D_base
@@ -100,7 +100,7 @@ void make_jamtis_exchangebase_pubkey(const crypto::x25519_secret_key &d_unlock_r
 * param: s_view_balance - s_vb
 * outparam: d_identify_received_out - d_ir
 */
-void make_jamtis_identifyreceived_key(const crypto::secret_key &k_view_balance,
+void make_jamtis_identifyreceived_key(const crypto::secret_key &s_view_balance,
     crypto::x25519_secret_key &d_identify_received_out);
 /**
 * brief: make_jamtis_identifyreceived_pubkey - D_ir
@@ -148,7 +148,7 @@ void make_jamtis_ciphertag_secret(const crypto::secret_key &s_generate_address,
     crypto::secret_key &s_cipher_tag_out);
 /**
  * brief: make_rct_spendkey - base public spendkey for RingCTv2
- *   K_s = k_gi U + k_ps G
+ *   K_s = k_gi G + k_ps U
  * param: k_generate_image - k_gi
  * param: k_prove_spend - k_ps
  * outparam: spend_pubkey_out - K_s

diff --git a/src/seraphis_core/jamtis_address_utils.cpp b/src/seraphis_core/jamtis_address_utils.cpp
@@ -35,6 +35,7 @@
 #include "cryptonote_config.h"
 #include "jamtis_account_secrets.h"
 #include "jamtis_support_types.h"
+#include "misc_log_ex.h"
 #include "ringct/rctOps.h"
 #include "seraphis_crypto/sp_crypto_utils.h"
 #include "seraphis_crypto/sp_hash_functions.h"
@@ -152,7 +153,7 @@ void make_jamtis_address_privkey(const rct::key &spend_pubkey,
     sp_hash_to_x25519_scalar(transcript.data(), transcript.size(), address_privkey_out.data);
 }
 //-------------------------------------------------------------------------------------------------------------------
-void make_jamtis_address_spend_key(const rct::key &spend_pubkey,
+void make_jamtis_address_spend_key_sp(const rct::key &spend_pubkey,
     const crypto::secret_key &s_generate_address,
     const address_index_t &j,
     rct::key &address_spendkey_out)
@@ -171,6 +172,41 @@ void make_jamtis_address_spend_key(const rct::key &spend_pubkey,
     mask_key(address_extension_key_g, address_spendkey_out, address_spendkey_out);  //k^j_g G + k^j_x X + k^j_u U + K_s
 }
 //-------------------------------------------------------------------------------------------------------------------
+void make_jamtis_address_spend_key_rct(const rct::key &spend_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    rct::key &address_spendkey_out)
+{
+    // K^j_s = k^j_g G + k^j_u U + K_s
+    crypto::secret_key address_extension_key_u;
+    crypto::secret_key address_extension_key_g;
+    make_jamtis_spendkey_extension_u(spend_pubkey, s_generate_address, j, address_extension_key_u);  //k^j_u
+    make_jamtis_spendkey_extension_g(spend_pubkey, s_generate_address, j, address_extension_key_g);  //k^j_g
+
+    address_spendkey_out = spend_pubkey;  //K_s
+    extend_seraphis_spendkey_u(address_extension_key_u, address_spendkey_out);      //k^j_u U + K_s
+    mask_key(address_extension_key_g, address_spendkey_out, address_spendkey_out);  //k^j_g G + k^j_u U + K_s
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_jamtis_address_spend_key(const JamtisOnetimeAddressFormat onetime_address_format,
+    const rct::key &spend_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    rct::key &address_spendkey_out)
+{
+    switch (onetime_address_format)
+    {
+    case JamtisOnetimeAddressFormat::RINGCT_V2:
+        make_jamtis_address_spend_key_rct(spend_pubkey, s_generate_address, j, address_spendkey_out);
+        break;
+    case JamtisOnetimeAddressFormat::SERAPHIS:
+        make_jamtis_address_spend_key_sp(spend_pubkey, s_generate_address, j, address_spendkey_out);
+        break;
+    default:
+        ASSERT_MES_AND_THROW("make jamtis address spend key: unrecognized onetime address format");
+    }
+}
+//-------------------------------------------------------------------------------------------------------------------
 void make_seraphis_key_image_jamtis_style(const rct::key &spend_pubkey,
     const crypto::secret_key &k_view_balance,
     const crypto::secret_key &spendkey_extension_x,

diff --git a/src/seraphis_core/jamtis_address_utils.h b/src/seraphis_core/jamtis_address_utils.h
@@ -128,12 +128,37 @@ void make_jamtis_address_privkey(const rct::key &spend_pubkey,
 /**
 * brief: make_jamtis_address_spend_key - K^j_s
 *   - K^j_s = k^j_g G + k^j_x X + k^j_u U + K_s
-* param: spend_pubkey - K_s = k_vb X + k_m U
+* param: spend_pubkey - K_s = k_gi X + k_ps U
+* param: s_generate_address - s_ga
+* param: j - address index
+* outparam: address_spendkey_out - K^j_s
+*/
+void make_jamtis_address_spend_key_sp(const rct::key &spend_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    rct::key &address_spendkey_out);
+/**
+* brief: make_jamtis_address_spend_key - K^j_s
+*   - K^j_s = k^j_g G + k^j_u U + K_s
+* param: spend_pubkey - K_s = k_gi G + k_ps U
 * param: s_generate_address - s_ga
 * param: j - address index
 * outparam: address_spendkey_out - K^j_s
 */
-void make_jamtis_address_spend_key(const rct::key &spend_pubkey,
+void make_jamtis_address_spend_key_rct(const rct::key &spend_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    rct::key &address_spendkey_out);
+/**
+* brief: make_jamtis_address_spend_key - K^j_s
+*   - K^j_s = ... + K_s
+* param: spend_pubkey - K_s
+* param: s_generate_address - s_ga
+* param: j - address index
+* outparam: address_spendkey_out - K^j_s
+*/
+void make_jamtis_address_spend_key(const JamtisOnetimeAddressFormat onetime_address_format,
+    const rct::key &spend_pubkey,
     const crypto::secret_key &s_generate_address,
     const address_index_t &j,
     rct::key &address_spendkey_out);

diff --git a/src/seraphis_core/jamtis_destination.cpp b/src/seraphis_core/jamtis_destination.cpp
@@ -61,16 +61,53 @@ bool operator==(const JamtisDestinationV1 &a, const JamtisDestinationV1 &b)
            (a.addr_tag   == b.addr_tag);
 }
 //-------------------------------------------------------------------------------------------------------------------
-void make_jamtis_destination_v1(const rct::key &spend_pubkey,
+void make_jamtis_destination_v1_sp(const rct::key &spend_pubkey,
     const crypto::x25519_pubkey &filterassist_pubkey,
     const crypto::x25519_pubkey &identifyreceived_pubkey,
     const crypto::x25519_pubkey &exchangebase_pubkey,
     const crypto::secret_key &s_generate_address,
     const address_index_t &j,
     JamtisDestinationV1 &destination_out)
 {
-    // K^j_s = k^j_g G + k^j_x X + k^j_u U + K_s
-    make_jamtis_address_spend_key(spend_pubkey, s_generate_address, j, destination_out.addr_Ks);
+    make_jamtis_destination_v1(JamtisOnetimeAddressFormat::SERAPHIS,
+        spend_pubkey,
+        filterassist_pubkey,
+        identifyreceived_pubkey,
+        exchangebase_pubkey,
+        s_generate_address,
+        j,
+        destination_out);
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_jamtis_destination_v1_rct(const rct::key &spend_pubkey,
+    const crypto::x25519_pubkey &filterassist_pubkey,
+    const crypto::x25519_pubkey &identifyreceived_pubkey,
+    const crypto::x25519_pubkey &exchangebase_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    JamtisDestinationV1 &destination_out)
+{
+    make_jamtis_destination_v1(JamtisOnetimeAddressFormat::RINGCT_V2,
+        spend_pubkey,
+        filterassist_pubkey,
+        identifyreceived_pubkey,
+        exchangebase_pubkey,
+        s_generate_address,
+        j,
+        destination_out);
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_jamtis_destination_v1(const JamtisOnetimeAddressFormat onetime_address_format,
+    const rct::key &spend_pubkey,
+    const crypto::x25519_pubkey &filterassist_pubkey,
+    const crypto::x25519_pubkey &identifyreceived_pubkey,
+    const crypto::x25519_pubkey &exchangebase_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    JamtisDestinationV1 &destination_out)
+{
+    // K^j_s = ... + K_s
+    make_jamtis_address_spend_key(onetime_address_format, spend_pubkey, s_generate_address, j, destination_out.addr_Ks);
 
     // d^j_a = H_n_x25519(K_s, j, s^j_gen)
     crypto::x25519_secret_key address_privkey;
@@ -93,7 +130,8 @@ void make_jamtis_destination_v1(const rct::key &spend_pubkey,
     destination_out.addr_tag = cipher_address_index(ciphertag_secret, j);
 }
 //-------------------------------------------------------------------------------------------------------------------
-bool try_get_jamtis_index_from_destination_v1(const JamtisDestinationV1 &destination,
+bool try_get_jamtis_index_from_destination_v1(const JamtisOnetimeAddressFormat onetime_address_format,
+    const JamtisDestinationV1 &destination,
     const rct::key &spend_pubkey,
     const crypto::x25519_pubkey &filterassist_pubkey,
     const crypto::x25519_pubkey &identifyreceived_pubkey,
@@ -112,7 +150,8 @@ bool try_get_jamtis_index_from_destination_v1(const JamtisDestinationV1 &destina
     // recreate the destination
     JamtisDestinationV1 test_destination;
 
-    make_jamtis_destination_v1(spend_pubkey,
+    make_jamtis_destination_v1(onetime_address_format,
+        spend_pubkey,
         filterassist_pubkey,
         identifyreceived_pubkey,
         exchangebase_pubkey,

diff --git a/src/seraphis_core/jamtis_destination.h b/src/seraphis_core/jamtis_destination.h
@@ -88,7 +88,7 @@ void make_jamtis_destination_v1_sp(const rct::key &spend_pubkey,
     JamtisDestinationV1 &destination_out);
 /**
 * brief: make_jamtis_destination_v1 - make a destination address for the RingCTv2 protocol
-* param: spend_pubkey - K_s = k_gi U + k_ps G
+* param: spend_pubkey - K_s = k_gi G + k_ps U
 * param: filterassist_pubkey - D_fa = d_fa D_base
 * param: identifyreceived_pubkey - D_ir = d_ir D_base
 * param: exchangebase_pubkey - D_base = d_ur xG
@@ -104,6 +104,24 @@ void make_jamtis_destination_v1_rct(const rct::key &spend_pubkey,
     const address_index_t &j,
     JamtisDestinationV1 &destination_out);
 /**
+* brief: make_jamtis_destination_v1 - make a destination address for the RingCTv2 protocol
+* param: spend_pubkey - K_s = [ringct: k_gi G + k_ps U] = [seraphis: k_gi X + k_ps U]
+* param: filterassist_pubkey - D_fa = d_fa D_base
+* param: identifyreceived_pubkey - D_ir = d_ir D_base
+* param: exchangebase_pubkey - D_base = d_ur xG
+* param: s_generate_address - s_ga
+* param: j - address_index
+* outparam: destination_out - the full address, with address tag
+*/
+void make_jamtis_destination_v1(const JamtisOnetimeAddressFormat onetime_address_format,
+    const rct::key &spend_pubkey,
+    const crypto::x25519_pubkey &filterassist_pubkey,
+    const crypto::x25519_pubkey &identifyreceived_pubkey,
+    const crypto::x25519_pubkey &exchangebase_pubkey,
+    const crypto::secret_key &s_generate_address,
+    const address_index_t &j,
+    JamtisDestinationV1 &destination_out);
+/**
 * brief: try_get_jamtis_index_from_destination_v1 - check if a destination can be recreated, then return its address index
 *   - note: partial-recreation of a destination will return FALSE
 * param: destination - destination address to recreate
@@ -115,7 +133,8 @@ void make_jamtis_destination_v1_rct(const rct::key &spend_pubkey,
 * outparam: j_out - address index (if successful)
 * return: true if the destination can be recreated
 */
-bool try_get_jamtis_index_from_destination_v1(const JamtisDestinationV1 &destination,
+bool try_get_jamtis_index_from_destination_v1(const JamtisOnetimeAddressFormat onetime_address_format,
+    const JamtisDestinationV1 &destination,
     const rct::key &spend_pubkey,
     const crypto::x25519_pubkey &filterassist_pubkey,
     const crypto::x25519_pubkey &identifyreceived_pubkey,

diff --git a/src/seraphis_core/jamtis_enote_utils.cpp b/src/seraphis_core/jamtis_enote_utils.cpp
@@ -225,14 +225,11 @@ void make_jamtis_view_tag(const secret256_ptr_t x_fa,
     view_tag_t naked_secondary_view_tag;
     make_jamtis_naked_secondary_view_tag(x_ir, onetime_address, naked_secondary_view_tag);
 
-    const std::uint32_t primary_mask = (1 << num_primary_view_tag_bits) - 1;
-    const std::uint32_t comp_mask = ~primary_mask;
+    const std::uint32_t primary_mask{(static_cast<std::uint32_t>(1) << num_primary_view_tag_bits) - 1};
 
     // view_tag = naked_primary_view_tag[:npbits] || naked_secondary_view_tag[:ncbits]
-    std::uint32_t combined_view_tag_u32 = (vttou32(naked_primary_view_tag) & primary_mask) |
-        ((vttou32(naked_secondary_view_tag) << num_primary_view_tag_bits) & comp_mask);
-
-    combined_view_tag_u32 = SWAP32LE(combined_view_tag_u32);
+    const std::uint32_t combined_view_tag_u32{SWAP32LE((vttou32(naked_primary_view_tag) & primary_mask) |
+        (vttou32(naked_secondary_view_tag) & ~primary_mask))};
     memcpy(view_tag_out.bytes, &combined_view_tag_u32, VIEW_TAG_BYTES);
 }
 //-------------------------------------------------------------------------------------------------------------------
@@ -512,9 +509,8 @@ bool test_jamtis_primary_view_tag(const secret256_ptr_t x_fa,
         naked_primary_view_tag);
 
     // primary_view_tag' ?= primary_view_tag
-    const std::uint32_t partial_recomputed_view_tag = vttou32(naked_primary_view_tag);
-    const std::uint32_t primary_mask = (1 << num_primary_view_tag_bits) - 1;
-    return 0 == ((partial_recomputed_view_tag ^ vttou32(view_tag)) & primary_mask);
+    const std::uint32_t primary_mask = (static_cast<std::uint32_t>(1) << num_primary_view_tag_bits) - 1;
+    return 0 == ((vttou32(naked_primary_view_tag) ^ vttou32(view_tag)) & primary_mask);
 }
 //-------------------------------------------------------------------------------------------------------------------
 bool test_jamtis_primary_view_tag(const crypto::x25519_secret_key &d_filter_assist,
@@ -536,7 +532,8 @@ bool test_jamtis_primary_view_tag(const crypto::x25519_secret_key &d_filter_assi
 bool test_jamtis_secondary_view_tag(const secret256_ptr_t x_ir,
     const rct::key &onetime_address,
     const view_tag_t view_tag,
-    const std::uint8_t num_primary_view_tag_bits)
+    const std::uint8_t num_primary_view_tag_bits,
+    bool &matched_all_secondary_bits_out)
 {
     // npbits can't be greater than total tag size (duh)
     CHECK_AND_ASSERT_THROW_MES(num_primary_view_tag_bits <= 8 * VIEW_TAG_BYTES,
@@ -547,10 +544,10 @@ bool test_jamtis_secondary_view_tag(const secret256_ptr_t x_ir,
     make_jamtis_naked_secondary_view_tag(x_ir, onetime_address, naked_secondary_view_tag);
 
     // secondary_view_tag' ?= secondary_view_tag
-    const std::uint32_t ncbits = 8 * VIEW_TAG_BYTES - num_primary_view_tag_bits;
-    const std::uint32_t secondary_mask = ((1ul << ncbits) - 1) << num_primary_view_tag_bits;
-    const std::uint32_t partial_recomputed_view_tag = vttou32(naked_secondary_view_tag) << num_primary_view_tag_bits;
-    return 0 == ((partial_recomputed_view_tag ^ vttou32(view_tag)) & secondary_mask);
+    const std::uint32_t secondary_mask{~((static_cast<std::uint32_t>(1) << num_primary_view_tag_bits) - 1)};
+
+    matched_all_secondary_bits_out = naked_secondary_view_tag == view_tag;
+    return 0 == ((vttou32(naked_secondary_view_tag) ^ vttou32(view_tag)) & secondary_mask);
 }
 //-------------------------------------------------------------------------------------------------------------------
 bool try_get_jamtis_amount(const rct::key &sender_receiver_secret,

diff --git a/src/seraphis_core/jamtis_enote_utils.h b/src/seraphis_core/jamtis_enote_utils.h
@@ -348,12 +348,14 @@ bool test_jamtis_primary_view_tag(const crypto::x25519_secret_key &d_filter_assi
 * param: onetime_address - Ko
 * param: view_tag - view_tag
 * param: num_primary_view_tag_bits - npbits
+* outparam: matched_all_secondary_bits_out - true if all secondary view tag bits match for the entire view tag
 * return: true if successfully recomputed the secondary view tag
 */
 bool test_jamtis_secondary_view_tag(const secret256_ptr_t x_ir,
     const rct::key &onetime_address,
     const view_tag_t view_tag,
-    const std::uint8_t num_primary_view_tag_bits);
+    const std::uint8_t num_primary_view_tag_bits,
+    bool &matched_all_secondary_bits_out);
 /**
 * brief: try_get_jamtis_amount - test recreating the amount commitment; if it is recreate-able, return the amount
 * param: sender_receiver_secret - q

diff --git a/src/seraphis_core/jamtis_support_types.h b/src/seraphis_core/jamtis_support_types.h
@@ -79,7 +79,8 @@ enum class JamtisEnoteType : unsigned char
 {
     SELF_SPEND = 0,
     CHANGE     = 1,
-    PLAIN      = 2
+    PLAIN      = 2,
+    MAX        = PLAIN
 };
 
 /// jamtis self-send types, used to define enote-construction procedure for self-sends

diff --git a/src/seraphis_main/enote_record_types.h b/src/seraphis_main/enote_record_types.h
@@ -141,9 +141,9 @@ struct SpBasicEnoteRecordV1 final
     std::uint8_t num_primary_view_tag_bits;
     /// context of the tx input(s) associated with this enote
     rct::key input_context;
-    /// indicates if this enote passed the exclusive-enote view tag check
-    /// - If it did not pass, then it *might* be an auxiliary enote.
-    bool passed_exclusive_check;
+    /// indicates if this enote passed the primary view tag check
+    /// - If it did not pass, then we only have to check for a 'hidden' self-send enote.
+    bool primary_vt_matches;
 };
 
 ////