2018-03-02 23:47:27 +03:00
|
|
|
// Copyright 2018 The Grin Developers
|
2017-03-21 00:07:00 +03:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
//! Utility functions to build Grin transactions. Handles the blinding of
|
|
|
|
//! inputs and outputs, maintaining the sum of blinding factors, producing
|
|
|
|
//! the excess signature, etc.
|
|
|
|
//!
|
|
|
|
//! Each building function is a combinator that produces a function taking
|
|
|
|
//! a transaction a sum of blinding factors, to return another transaction
|
|
|
|
//! and sum. Combinators can then be chained and executed using the
|
|
|
|
//! _transaction_ function.
|
|
|
|
//!
|
|
|
|
//! Example:
|
|
|
|
//! build::transaction(vec![input_rand(75), output_rand(42), output_rand(32),
|
|
|
|
//! with_fee(1)])
|
|
|
|
|
2018-03-04 03:19:54 +03:00
|
|
|
use util::{kernel_sig_msg, secp};
|
2017-03-21 00:07:00 +03:00
|
|
|
|
2018-05-09 12:15:58 +03:00
|
|
|
use core::core::hash::Hash;
|
|
|
|
use core::core::pmmr::MerkleProof;
|
2018-05-24 18:27:26 +03:00
|
|
|
use core::core::{Input, Output, OutputFeatures, ProofMessageElements, Transaction, TxKernel};
|
2017-10-03 03:02:31 +03:00
|
|
|
use keychain;
|
2018-03-04 03:19:54 +03:00
|
|
|
use keychain::{BlindSum, BlindingFactor, Identifier, Keychain};
|
2018-05-24 18:27:26 +03:00
|
|
|
use libwallet::{aggsig, proof};
|
2018-01-17 06:03:40 +03:00
|
|
|
use util::LOGGER;
|
2017-03-21 00:07:00 +03:00
|
|
|
|
|
|
|
/// Context information available to transaction combinators.
|
2017-10-03 03:02:31 +03:00
|
|
|
pub struct Context<'a> {
|
|
|
|
keychain: &'a Keychain,
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Function type returned by the transaction combinators. Transforms a
|
|
|
|
/// (Transaction, BlindSum) pair into another, provided some context.
|
2018-03-04 03:19:54 +03:00
|
|
|
pub type Append = for<'a> Fn(&'a mut Context, (Transaction, TxKernel, BlindSum))
|
|
|
|
-> (Transaction, TxKernel, BlindSum);
|
2017-03-21 00:07:00 +03:00
|
|
|
|
|
|
|
/// Adds an input with the provided value and blinding key to the transaction
|
|
|
|
/// being built.
|
2018-01-17 06:03:40 +03:00
|
|
|
fn build_input(
|
|
|
|
value: u64,
|
|
|
|
features: OutputFeatures,
|
2018-03-02 23:47:27 +03:00
|
|
|
block_hash: Option<Hash>,
|
|
|
|
merkle_proof: Option<MerkleProof>,
|
2018-01-17 06:03:40 +03:00
|
|
|
key_id: Identifier,
|
|
|
|
) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
let commit = build.keychain.commit(value, &key_id).unwrap();
|
|
|
|
let input = Input::new(features, commit, block_hash.clone(), merkle_proof.clone());
|
|
|
|
(tx.with_input(input), kern, sum.sub_key_id(key_id.clone()))
|
|
|
|
},
|
|
|
|
)
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
2018-01-17 06:03:40 +03:00
|
|
|
/// Adds an input with the provided value and blinding key to the transaction
|
|
|
|
/// being built.
|
2018-03-04 03:19:54 +03:00
|
|
|
pub fn input(value: u64, key_id: Identifier) -> Box<Append> {
|
|
|
|
debug!(
|
|
|
|
LOGGER,
|
|
|
|
"Building input (spending regular output): {}, {}", value, key_id
|
|
|
|
);
|
2018-03-02 23:47:27 +03:00
|
|
|
build_input(value, OutputFeatures::DEFAULT_OUTPUT, None, None, key_id)
|
2018-01-17 06:03:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Adds a coinbase input spending a coinbase output.
|
|
|
|
/// We will use the block hash to verify coinbase maturity.
|
|
|
|
pub fn coinbase_input(
|
|
|
|
value: u64,
|
2018-03-02 23:47:27 +03:00
|
|
|
block_hash: Hash,
|
|
|
|
merkle_proof: MerkleProof,
|
2018-01-17 06:03:40 +03:00
|
|
|
key_id: Identifier,
|
|
|
|
) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
debug!(
|
|
|
|
LOGGER,
|
|
|
|
"Building input (spending coinbase): {}, {}", value, key_id
|
|
|
|
);
|
|
|
|
build_input(
|
|
|
|
value,
|
|
|
|
OutputFeatures::COINBASE_OUTPUT,
|
|
|
|
Some(block_hash),
|
|
|
|
Some(merkle_proof),
|
|
|
|
key_id,
|
|
|
|
)
|
2018-01-17 06:03:40 +03:00
|
|
|
}
|
|
|
|
|
2017-10-12 06:35:40 +03:00
|
|
|
/// Adds an output with the provided value and key identifier from the
|
|
|
|
/// keychain.
|
2017-10-13 07:45:07 +03:00
|
|
|
pub fn output(value: u64, key_id: Identifier) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
debug!(LOGGER, "Building an output: {}, {}", value, key_id,);
|
|
|
|
|
|
|
|
let commit = build.keychain.commit(value, &key_id).unwrap();
|
2018-03-23 13:13:57 +03:00
|
|
|
trace!(LOGGER, "Builder - Pedersen Commit is: {:?}", commit,);
|
|
|
|
|
|
|
|
let msg = ProofMessageElements::new(value, &key_id);
|
2018-03-04 03:19:54 +03:00
|
|
|
|
2018-05-09 12:15:58 +03:00
|
|
|
let rproof = proof::create(
|
|
|
|
build.keychain,
|
|
|
|
value,
|
|
|
|
&key_id,
|
|
|
|
commit,
|
|
|
|
None,
|
|
|
|
msg.to_proof_message(),
|
|
|
|
).unwrap();
|
2018-03-04 03:19:54 +03:00
|
|
|
|
|
|
|
(
|
|
|
|
tx.with_output(Output {
|
|
|
|
features: OutputFeatures::DEFAULT_OUTPUT,
|
|
|
|
commit: commit,
|
|
|
|
proof: rproof,
|
|
|
|
}),
|
|
|
|
kern,
|
|
|
|
sum.add_key_id(key_id.clone()),
|
|
|
|
)
|
|
|
|
},
|
|
|
|
)
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Sets the fee on the transaction being built.
|
|
|
|
pub fn with_fee(fee: u64) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |_build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
(tx, kern.with_fee(fee), sum)
|
|
|
|
},
|
|
|
|
)
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
2017-10-11 21:12:01 +03:00
|
|
|
/// Sets the lock_height on the transaction being built.
|
|
|
|
pub fn with_lock_height(lock_height: u64) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |_build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
(tx, kern.with_lock_height(lock_height), sum)
|
|
|
|
},
|
|
|
|
)
|
2017-10-11 21:12:01 +03:00
|
|
|
}
|
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
/// Adds a known excess value on the transaction being built. Usually used in
|
2017-03-21 00:07:00 +03:00
|
|
|
/// combination with the initial_tx function when a new transaction is built
|
|
|
|
/// by adding to a pre-existing one.
|
2017-10-03 03:02:31 +03:00
|
|
|
pub fn with_excess(excess: BlindingFactor) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |_build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
(tx, kern, sum.add_blinding_factor(excess.clone()))
|
|
|
|
},
|
|
|
|
)
|
2018-02-13 18:35:30 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Sets a known tx "offset". Used in final step of tx construction.
|
|
|
|
pub fn with_offset(offset: BlindingFactor) -> Box<Append> {
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |_build, (tx, kern, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
(tx.with_offset(offset), kern, sum)
|
|
|
|
},
|
|
|
|
)
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Sets an initial transaction to add to when building a new transaction.
|
2018-05-24 18:27:26 +03:00
|
|
|
/// We currently only support building a tx with a single kernel with
|
|
|
|
/// build::transaction()
|
2018-02-13 18:35:30 +03:00
|
|
|
pub fn initial_tx(mut tx: Transaction) -> Box<Append> {
|
|
|
|
assert_eq!(tx.kernels.len(), 1);
|
|
|
|
let kern = tx.kernels.remove(0);
|
2018-03-04 03:19:54 +03:00
|
|
|
Box::new(
|
|
|
|
move |_build, (_, _, sum)| -> (Transaction, TxKernel, BlindSum) {
|
|
|
|
(tx.clone(), kern.clone(), sum)
|
|
|
|
},
|
|
|
|
)
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Builds a new transaction by combining all the combinators provided in a
|
|
|
|
/// Vector. Transactions can either be built "from scratch" with a list of
|
|
|
|
/// inputs or outputs or from a pre-existing transaction that gets added to.
|
|
|
|
///
|
|
|
|
/// Example:
|
|
|
|
/// let (tx1, sum) = build::transaction(vec![input_rand(4), output_rand(1),
|
2017-10-11 21:12:01 +03:00
|
|
|
/// with_fee(1)], keychain).unwrap();
|
2017-03-21 00:07:00 +03:00
|
|
|
/// let (tx2, _) = build::transaction(vec![initial_tx(tx1), with_excess(sum),
|
2017-10-11 21:12:01 +03:00
|
|
|
/// output_rand(2)], keychain).unwrap();
|
2017-03-21 00:07:00 +03:00
|
|
|
///
|
2018-02-13 18:35:30 +03:00
|
|
|
pub fn partial_transaction(
|
2017-10-03 03:02:31 +03:00
|
|
|
elems: Vec<Box<Append>>,
|
|
|
|
keychain: &keychain::Keychain,
|
|
|
|
) -> Result<(Transaction, BlindingFactor), keychain::Error> {
|
|
|
|
let mut ctx = Context { keychain };
|
2018-02-13 18:35:30 +03:00
|
|
|
let (mut tx, kern, sum) = elems.iter().fold(
|
|
|
|
(Transaction::empty(), TxKernel::empty(), BlindSum::new()),
|
2017-11-08 00:20:36 +03:00
|
|
|
|acc, elem| elem(&mut ctx, acc),
|
|
|
|
);
|
2017-10-03 03:02:31 +03:00
|
|
|
let blind_sum = ctx.keychain.blind_sum(&sum)?;
|
2018-02-13 18:35:30 +03:00
|
|
|
|
|
|
|
// we only support building a tx with a single kernel via build::transaction()
|
|
|
|
assert!(tx.kernels.is_empty());
|
|
|
|
tx.kernels.push(kern);
|
|
|
|
|
2017-03-21 00:07:00 +03:00
|
|
|
Ok((tx, blind_sum))
|
|
|
|
}
|
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
/// Builds a complete transaction.
|
|
|
|
pub fn transaction(
|
|
|
|
elems: Vec<Box<Append>>,
|
|
|
|
keychain: &keychain::Keychain,
|
|
|
|
) -> Result<Transaction, keychain::Error> {
|
|
|
|
let (mut tx, blind_sum) = partial_transaction(elems, keychain)?;
|
|
|
|
assert_eq!(tx.kernels.len(), 1);
|
|
|
|
|
|
|
|
let mut kern = tx.kernels.remove(0);
|
|
|
|
let msg = secp::Message::from_slice(&kernel_sig_msg(kern.fee, kern.lock_height))?;
|
|
|
|
|
|
|
|
let skey = blind_sum.secret_key(&keychain.secp())?;
|
|
|
|
kern.excess = keychain.secp().commit(0, skey)?;
|
2018-05-09 12:15:58 +03:00
|
|
|
kern.excess_sig = aggsig::sign_with_blinding(&keychain.secp(), &msg, &blind_sum).unwrap();
|
2018-02-13 18:35:30 +03:00
|
|
|
|
|
|
|
tx.kernels.push(kern);
|
|
|
|
|
|
|
|
Ok(tx)
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Builds a complete transaction, splitting the key and
|
|
|
|
/// setting the excess, excess_sig and tx offset as necessary.
|
|
|
|
pub fn transaction_with_offset(
|
|
|
|
elems: Vec<Box<Append>>,
|
|
|
|
keychain: &keychain::Keychain,
|
|
|
|
) -> Result<Transaction, keychain::Error> {
|
|
|
|
let mut ctx = Context { keychain };
|
|
|
|
let (mut tx, mut kern, sum) = elems.iter().fold(
|
|
|
|
(Transaction::empty(), TxKernel::empty(), BlindSum::new()),
|
|
|
|
|acc, elem| elem(&mut ctx, acc),
|
|
|
|
);
|
|
|
|
let blind_sum = ctx.keychain.blind_sum(&sum)?;
|
|
|
|
|
|
|
|
let split = blind_sum.split(&keychain.secp())?;
|
|
|
|
let k1 = split.blind_1;
|
|
|
|
let k2 = split.blind_2;
|
|
|
|
|
|
|
|
let msg = secp::Message::from_slice(&kernel_sig_msg(kern.fee, kern.lock_height))?;
|
|
|
|
|
|
|
|
// generate kernel excess and excess_sig using the split key k1
|
|
|
|
let skey = k1.secret_key(&keychain.secp())?;
|
|
|
|
kern.excess = ctx.keychain.secp().commit(0, skey)?;
|
2018-05-09 12:15:58 +03:00
|
|
|
kern.excess_sig = aggsig::sign_with_blinding(&keychain.secp(), &msg, &k1).unwrap();
|
2018-02-13 18:35:30 +03:00
|
|
|
|
|
|
|
// store the kernel offset (k2) on the tx itself
|
|
|
|
// commitments will sum correctly when including the offset
|
|
|
|
tx.offset = k2.clone();
|
|
|
|
|
|
|
|
assert!(tx.kernels.is_empty());
|
|
|
|
tx.kernels.push(kern);
|
|
|
|
|
|
|
|
Ok(tx)
|
|
|
|
}
|
|
|
|
|
2017-03-21 00:07:00 +03:00
|
|
|
// Just a simple test, most exhaustive tests in the core mod.rs.
|
|
|
|
#[cfg(test)]
|
|
|
|
mod test {
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn blind_simple_tx() {
|
2017-10-03 03:02:31 +03:00
|
|
|
let keychain = Keychain::from_random_seed().unwrap();
|
2017-10-13 07:45:07 +03:00
|
|
|
let key_id1 = keychain.derive_key_id(1).unwrap();
|
|
|
|
let key_id2 = keychain.derive_key_id(2).unwrap();
|
|
|
|
let key_id3 = keychain.derive_key_id(3).unwrap();
|
2017-10-03 03:02:31 +03:00
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
let tx = transaction(
|
|
|
|
vec![
|
2018-03-02 23:47:27 +03:00
|
|
|
input(10, key_id1),
|
|
|
|
input(12, key_id2),
|
2018-02-13 18:35:30 +03:00
|
|
|
output(20, key_id3),
|
|
|
|
with_fee(2),
|
|
|
|
],
|
|
|
|
&keychain,
|
|
|
|
).unwrap();
|
|
|
|
|
|
|
|
tx.validate().unwrap();
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn blind_simple_tx_with_offset() {
|
|
|
|
let keychain = Keychain::from_random_seed().unwrap();
|
|
|
|
let key_id1 = keychain.derive_key_id(1).unwrap();
|
|
|
|
let key_id2 = keychain.derive_key_id(2).unwrap();
|
|
|
|
let key_id3 = keychain.derive_key_id(3).unwrap();
|
|
|
|
|
|
|
|
let tx = transaction_with_offset(
|
2017-10-17 00:23:10 +03:00
|
|
|
vec![
|
2018-03-02 23:47:27 +03:00
|
|
|
input(10, key_id1),
|
|
|
|
input(12, key_id2),
|
2017-10-17 00:23:10 +03:00
|
|
|
output(20, key_id3),
|
2018-02-13 18:35:30 +03:00
|
|
|
with_fee(2),
|
2017-10-17 00:23:10 +03:00
|
|
|
],
|
2017-10-03 03:02:31 +03:00
|
|
|
&keychain,
|
|
|
|
).unwrap();
|
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
tx.validate().unwrap();
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|
2017-10-03 03:02:31 +03:00
|
|
|
|
2017-05-19 18:22:08 +03:00
|
|
|
#[test]
|
|
|
|
fn blind_simpler_tx() {
|
2017-10-03 03:02:31 +03:00
|
|
|
let keychain = Keychain::from_random_seed().unwrap();
|
2017-10-13 07:45:07 +03:00
|
|
|
let key_id1 = keychain.derive_key_id(1).unwrap();
|
|
|
|
let key_id2 = keychain.derive_key_id(2).unwrap();
|
2017-10-03 03:02:31 +03:00
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
let tx = transaction(
|
2018-03-02 23:47:27 +03:00
|
|
|
vec![input(6, key_id1), output(2, key_id2), with_fee(4)],
|
2017-10-17 00:23:10 +03:00
|
|
|
&keychain,
|
|
|
|
).unwrap();
|
2017-10-03 03:02:31 +03:00
|
|
|
|
2018-02-13 18:35:30 +03:00
|
|
|
tx.validate().unwrap();
|
2017-05-19 18:22:08 +03:00
|
|
|
}
|
2017-03-21 00:07:00 +03:00
|
|
|
}
|