Skip to content

Commit

Permalink
xmr: test for inversion added (+12 squashed commits)
Browse files Browse the repository at this point in the history 
Squashed commits:
[378928db] xmr: adapting to new trezor-crypto
[8f4ff8c1] protob sync
[82dff70a] vendor: trezor-common version bump
[fabc67b3] extmod: monero - inversion mod curve order optimized a bit
[4f29fe4] xmr: import fix
[f6f8e30] xmr: bp - code cleanup
[d54b4f3] xmr: bp - memory cleaning
[1065abc] xmr: tsx_signer - bulletproofs fixes
[9f8a700] xmr: bp key vector iterator fix
[49c2597] xmr.serialize: bulletproof fix
[1ee7737] xmr: monero - format
[cf0a710] xmr: bp last mask fix (+20 squashed commits)

Squashed commits:
[fa1c362] xmr: black
[3f3e31f] xmr: bulletproofs added to signer
[d23d928] xmr: protocol.tsx_sign_builder - logger collects
[a28eb55] xmr: bp - memory optimizations
[d2fcb23] xmr: tests for bulletproofs added
[82eef14] xmr: bp - gc (+14 squashed commits)
Squashed commits:
[4cf70d9] xmr: bp - gc
[42877b0] xmr: bp - minor memory optimization
[2c612e4] xmr: bp - use sc_inv_into
[d7e9dab] xmr: bp - KeyVEval fix
[1523f40] xmr: bp - blacked
[b264a65] xmr: bp - KeyVEval - caching current element, avoid allocations
[83ba7a6] xmr: bp - memory view optimized
[b517906] xmr: bp - gc() during inversion
[92d37c8] xmr: bp - gc.collect() after expensive inversion
[e7fad55] xmr: bp - hashing memory optimization
[4c27815] xmr: bp - deterministic masks optimization, prove_s1 optim
[cbf74a7] xmr: bp - detect which modular inversion is usable
[8ea1ec4] xmr: better memory tracing for bulletproofs
[2f4dd55] xmr: bulletproofs added
[1928e2d] xmr: crypto - sc_inv_into added (+2 squashed commits)
Squashed commits:
[f895fa6] xmr: crypto - hash to existing buffer
[b76c6b0] xmr: crypto - in-place crypto functions added

- required for Bulletproof to minimize the heap fragmentation
[cab4366] extmod: monero - modular inversion mod curve order added (+2 squashed commits)
Squashed commits:
[52a6e48] extmod: monero - hash into buffer added
[695a382] extmod: monero module - muladd256_modm added

- required for Bulletproof
[3f4498d] xmr: crypto tests added

- basic unit tests for crypto, tests monero module and underlying trezor-crypto + basic address manipulation
[820d012] pb sync
[49eeddd] vendor: trezor-common version bump
[3038244] xmr: crypto - point norm not needed
[89701c4] tests: xmr - serializer tests added
[bfee46d] tests: support async unit tests, assertListEqual added
[55c1448] xmr: serialize - serialization logic cleaned, refactored
[4b77163] xmr: simplification, do not ask to confirm change tx output

- change address checked to match main address in the builder
[f334d8a] xmr: protocol: simplification - require change address to equal the main address
[1a3416e] xmr: unpack256_modm_noreduce added

- 32B array to integer mod curve order, without modular reduction after conversion
- required for bulletproofs
[1c94b5d] xmr: readme added
[3cc9f9f] extmod/monero: mul256_modm added, required for BP
  • Loading branch information
@ph4r05
ph4r05 committed Aug 21, 2018
1 parent b545b8a commit c8a6c80
Show file tree
Hide file tree
Showing 19 changed files with 2,803 additions and 423 deletions.
2 changes: 1 addition & 1 deletion SConscript.firmware
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,9 @@ SOURCE_MOD += [
'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-keccak.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-sha3.c',
'vendor/trezor-crypto/ed25519-donna/ge25519.c',
'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c',
'vendor/trezor-crypto/monero/base58.c',
'vendor/trezor-crypto/monero/crypto.c',
'vendor/trezor-crypto/monero/serialize.c',
'vendor/trezor-crypto/monero/range_proof.c',
'vendor/trezor-crypto/monero/xmr.c',
Expand Down
2 changes: 1 addition & 1 deletion SConscript.unix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ SOURCE_MOD += [
'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-keccak.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-sha3.c',
'vendor/trezor-crypto/ed25519-donna/ge25519.c',
'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c',
'vendor/trezor-crypto/monero/base58.c',
'vendor/trezor-crypto/monero/crypto.c',
'vendor/trezor-crypto/monero/serialize.c',
'vendor/trezor-crypto/monero/range_proof.c',
'vendor/trezor-crypto/monero/xmr.c',
Expand Down
97 changes: 89 additions & 8 deletions embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
#include "py/mpz.h"

#include "monero/monero.h"
#include "bignum.h"

#define RSIG_SIZE 6176

typedef struct _mp_obj_hasher_t {
Expand Down Expand Up @@ -368,6 +370,19 @@ STATIC mp_obj_t mod_trezorcrypto_monero_sub256_modm(size_t n_args, const mp_obj_
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_sub256_modm_obj, 2, 3, mod_trezorcrypto_monero_sub256_modm);

//void sub256_modm
STATIC mp_obj_t mod_trezorcrypto_monero_mul256_modm(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 3 ? args[0] : mp_obj_new_scalar();
const int off = n_args == 3 ? 0 : -1;

assert_scalar(res);
assert_scalar(args[1+off]);
assert_scalar(args[2+off]);
mul256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
return res;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_mul256_modm_obj, 2, 3, mod_trezorcrypto_monero_mul256_modm);

//void mulsub256_modm
STATIC mp_obj_t mod_trezorcrypto_monero_mulsub256_modm(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 4 ? args[0] : mp_obj_new_scalar();
Expand All @@ -382,6 +397,40 @@ STATIC mp_obj_t mod_trezorcrypto_monero_mulsub256_modm(size_t n_args, const mp_o
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_mulsub256_modm_obj, 3, 4, mod_trezorcrypto_monero_mulsub256_modm);

//void muladd256_modm
STATIC mp_obj_t mod_trezorcrypto_monero_muladd256_modm(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 4 ? args[0] : mp_obj_new_scalar();
const int off = n_args == 4 ? 0 : -1;

assert_scalar(res);
assert_scalar(args[1+off]);
assert_scalar(args[2+off]);
assert_scalar(args[3+off]);
muladd256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
return res;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_muladd256_modm_obj, 3, 4, mod_trezorcrypto_monero_muladd256_modm);

//void inv256_modm
STATIC mp_obj_t mod_trezorcrypto_monero_inv256_modm(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 2 ? args[0] : mp_obj_new_scalar();
const int off = n_args == 2 ? 0 : -1;

assert_scalar(res);
assert_scalar(args[1+off]);

// bn_prime = curve order, little endian encoded
bignum256 bn_prime = {.val={0x1cf5d3ed, 0x20498c69, 0x2f79cd65, 0x37be77a8, 0x14, 0x0, 0x0, 0x0, 0x1000}};
bignum256 bn_x;

memcpy(&bn_x.val, MP_OBJ_C_SCALAR(args[1+off]), sizeof(bignum256modm));
bn_inverse(&bn_x, &bn_prime);
memcpy(MP_OBJ_SCALAR(res), bn_x.val, sizeof(bignum256modm));

return res;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_inv256_modm_obj, 1, 2, mod_trezorcrypto_monero_inv256_modm);

//void contract256_modm_r
STATIC mp_obj_t mod_trezorcrypto_monero_pack256_modm(const mp_obj_t arg){
assert_scalar(arg);
Expand Down Expand Up @@ -415,6 +464,23 @@ STATIC mp_obj_t mod_trezorcrypto_monero_unpack256_modm(size_t n_args, const mp_o
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_unpack256_modm_obj, 1, 2, mod_trezorcrypto_monero_unpack256_modm);

//expand256_modm_r
STATIC mp_obj_t mod_trezorcrypto_monero_unpack256_modm_noreduce(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 2 ? args[0] : mp_obj_new_scalar();
const int off = n_args == 2 ? 0 : -1;
assert_scalar(res);

mp_buffer_info_t buff;
mp_get_buffer_raise(args[1+off], &buff, MP_BUFFER_READ);
if (buff.len != 32) {
mp_raise_ValueError("Invalid length of secret key");
}

expand_raw256_modm(MP_OBJ_SCALAR(res), buff.buf);
return res;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_unpack256_modm_noreduce_obj, 1, 2, mod_trezorcrypto_monero_unpack256_modm_noreduce);

//
// GE25519 Defs
//
Expand Down Expand Up @@ -575,19 +641,19 @@ STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_scalarmult_base(size_t n_args, c
}
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_scalarmult_base_obj, 1, 2, mod_trezorcrypto_monero_ge25519_scalarmult_base);

//void ge25519_scalarmult_wrapper(ge25519 *r, const ge25519 *P, const bignum256modm a);
//void ge25519_scalarmult(ge25519 *r, const ge25519 *P, const bignum256modm a);
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_scalarmult(size_t n_args, const mp_obj_t *args){
mp_obj_t res = n_args == 3 ? args[0] : mp_obj_new_ge25519();
const int off = n_args == 3 ? 0 : -1;
assert_ge25519(res);
assert_ge25519(args[1+off]);

if (MP_OBJ_IS_SCALAR(args[2+off])){
ge25519_scalarmult_wrapper(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
ge25519_scalarmult(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
} else if (mp_obj_is_integer(args[2+off])){
bignum256modm mlt;
set256_modm(mlt, mp_obj_get_int(args[2+off]));
ge25519_scalarmult_wrapper(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), mlt);
ge25519_scalarmult(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), mlt);
} else {
mp_raise_ValueError("unknown mult type");
}
Expand Down Expand Up @@ -679,14 +745,25 @@ STATIC mp_obj_t mod_trezorcrypto_monero_xmr_random_scalar(size_t n_args, const m
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_random_scalar_obj, 0, 1, mod_trezorcrypto_monero_xmr_random_scalar);

//xmr_fast_hash
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(const mp_obj_t arg){
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args, const mp_obj_t *args){
const int off = n_args == 2 ? 0 : -1;
uint8_t buff[32];
uint8_t * buff_use = buff;
if (n_args > 1){
mp_buffer_info_t odata;
mp_get_buffer_raise(args[0], &odata, MP_BUFFER_WRITE);
if (odata.len < 32){
mp_raise_ValueError("Output buffer too small");
}
buff_use = odata.buf;
}

mp_buffer_info_t data;
mp_get_buffer_raise(arg, &data, MP_BUFFER_READ);
xmr_fast_hash(buff, data.buf, data.len);
return mp_obj_new_bytes(buff, 32);
mp_get_buffer_raise(args[1+off], &data, MP_BUFFER_READ);
xmr_fast_hash(buff_use, data.buf, data.len);
return n_args == 2 ? args[0] : mp_obj_new_bytes(buff, 32);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_xmr_fast_hash_obj, mod_trezorcrypto_monero_xmr_fast_hash);
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_fast_hash_obj, 1, 2, mod_trezorcrypto_monero_xmr_fast_hash);

//xmr_hash_to_ec
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_hash_to_ec(size_t n_args, const mp_obj_t *args){
Expand Down Expand Up @@ -991,10 +1068,14 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_monero_globals_table[] = {
{ MP_ROM_QSTR(MP_QSTR_reduce256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_reduce256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_add256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_add256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_sub256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_sub256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_mul256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_mul256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_mulsub256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_mulsub256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_muladd256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_muladd256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_inv256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_inv256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_pack256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_pack256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_pack256_modm_into), MP_ROM_PTR(&mod_trezorcrypto_monero_pack256_modm_into_obj) },
{ MP_ROM_QSTR(MP_QSTR_unpack256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_unpack256_modm_obj) },
{ MP_ROM_QSTR(MP_QSTR_unpack256_modm_noreduce), MP_ROM_PTR(&mod_trezorcrypto_monero_unpack256_modm_noreduce_obj) },
{ MP_ROM_QSTR(MP_QSTR_ge25519_set_neutral), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_set_neutral_obj) },
{ MP_ROM_QSTR(MP_QSTR_ge25519_set_h), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_set_xmr_h_obj) },
{ MP_ROM_QSTR(MP_QSTR_ge25519_pack), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_pack_obj) },
Expand Down
Loading

0 comments on commit c8a6c80

Please sign in to comment.