grin/wallet/src/sender.rs

// Copyright 2018 The Grin Developers
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use api;
use client;
use checker;
use core::core::{build, Transaction, amount_to_hr_string};
use core::ser;
use keychain::{BlindingFactor, Identifier, Keychain};
use receiver::TxWrapper;
use types::*;
use util::LOGGER;
use util;

/// Issue a new transaction to the provided sender by spending some of our
/// wallet
/// UTXOs. The destination can be "stdout" (for command line) (currently disabled) or a URL to the
/// recipients wallet receiver (to be implemented).

pub fn issue_send_tx(
	config: &WalletConfig,
	keychain: &Keychain,
	amount: u64,
	minimum_confirmations: u64,
	dest: String,
	max_outputs: usize,
	selection_strategy_is_use_all: bool,
) -> Result<(), Error> {
	checker::refresh_outputs(config, keychain)?;

	let chain_tip = checker::get_tip_from_node(config)?;
	let current_height = chain_tip.height;

	// proof of concept - set lock_height on the tx
	let lock_height = chain_tip.height;

	let (tx, blind_sum, coins, change_key) = build_send_tx(
		config,
		keychain,
		amount,
		current_height,
		minimum_confirmations,
		lock_height,
		max_outputs,
		selection_strategy_is_use_all,
	)?;
	/*
	 * -Sender picks random blinding factors for all outputs it participates in, computes total blinding excess xS
	 * -Sender picks random nonce kS
	 * -Sender posts inputs, outputs, Message M=fee, xS * G and kS * G to Receiver
	*/

// Create a new aggsig context
	keychain.aggsig_create_context(blind_sum.secret_key());

	let partial_tx = build_partial_tx(keychain, amount, None, tx);

	// Closure to acquire wallet lock and lock the coins being spent
	// so we avoid accidental double spend attempt.
	let update_wallet = || WalletData::with_wallet(&config.data_file_dir, |wallet_data| {
		for coin in coins {
			wallet_data.lock_output(&coin);
		}
	});

	// Closure to acquire wallet lock and delete the change output in case of tx failure.
	let rollback_wallet = || WalletData::with_wallet(&config.data_file_dir, |wallet_data| {
		info!(LOGGER, "cleaning up unused change output from wallet");
		wallet_data.delete_output(&change_key);
	});

	// TODO: stdout option removed for now, as it won't work very will with this version of
	// aggsig exchange

	/*if dest == "stdout" {
		let json_tx = serde_json::to_string_pretty(&partial_tx).unwrap();
		update_wallet()?;
		println!("{}", json_tx);
	} else */

	if &dest[..4] != "http" {
		panic!("dest formatted as {} but send -d expected stdout or http://IP:port", dest);
	}

	let url = format!("{}/v1/receive/transaction", &dest);
	debug!(LOGGER, "Posting partial transaction to {}", url);
	let res = client::send_partial_tx(&url, &partial_tx);
	if let Err(e) = res {
		match e {
			Error::FeeExceedsAmount {sender_amount, recipient_fee} => 
				error!(
					LOGGER, 
					"Recipient rejected the transfer because transaction fee ({}) exceeded amount ({}).",
					amount_to_hr_string(recipient_fee),
					amount_to_hr_string(sender_amount)
				),
			_ => error!(LOGGER, "Communication with receiver failed on SenderInitiation send. Aborting transaction"),
		}
		rollback_wallet()?;
		return Err(e);
	}

	/* -Sender receives xR * G, kR * G, sR
	 * -Sender computes Schnorr challenge e = H(M | kR * G + kS * G)
	 * -Sender verifies receivers sig, by verifying that kR * G + e * xR * G = sR * G·
	 * -Sender computes their part of signature, sS = kS + e * xS
	 * -Sender posts sS to receiver
	*/
	let (_amount, recp_pub_blinding, recp_pub_nonce, sig, tx) = read_partial_tx(keychain, &res.unwrap())?;
	let res = keychain.aggsig_verify_partial_sig(&sig.unwrap(), &recp_pub_nonce, &recp_pub_blinding, tx.fee, lock_height);
	if !res {
		error!(LOGGER, "Partial Sig from recipient invalid.");
		return Err(Error::Signature(String::from("Partial Sig from recipient invalid.")));
	}

	let sig_part=keychain.aggsig_calculate_partial_sig(&recp_pub_nonce, tx.fee, tx.lock_height).unwrap();

	// Build the next stage, containing sS (and our pubkeys again, for the recipient's convenience) 
	let mut partial_tx = build_partial_tx(keychain, amount, Some(sig_part), tx);
	partial_tx.phase = PartialTxPhase::SenderConfirmation;

	// And send again
	let res = client::send_partial_tx(&url, &partial_tx);
	if let Err(e) = res {
		match e {
			Error::FeeExceedsAmount {sender_amount, recipient_fee} => 
				error!(
					LOGGER, 
					"Recipient rejected the transfer because transaction fee ({}) exceeded amount ({}).",
					amount_to_hr_string(recipient_fee),
					amount_to_hr_string(sender_amount)
				),
			_ => error!(LOGGER, "Communication with receiver failed on SenderConfirmation send. Aborting transaction"),
		}
		rollback_wallet()?;
		return Err(e);
	}
	//All good so
	update_wallet()?;
	Ok(())
}

/// Builds a transaction to send to someone from the HD seed associated with the
/// wallet and the amount to send. Handles reading through the wallet data file,
/// selecting outputs to spend and building the change.
fn build_send_tx(
	config: &WalletConfig,
	keychain: &Keychain,
	amount: u64,
	current_height: u64,
	minimum_confirmations: u64,
	lock_height: u64,
	max_outputs: usize,
	selection_strategy_is_use_all: bool,
) -> Result<(Transaction, BlindingFactor, Vec<OutputData>, Identifier), Error> {
	let key_id = keychain.clone().root_key_id();

	// select some spendable coins from the wallet
	let coins = WalletData::read_wallet(&config.data_file_dir, |wallet_data| {
		wallet_data.select_coins(
			key_id.clone(),
			amount,
			current_height,
			minimum_confirmations,
			max_outputs,
			selection_strategy_is_use_all,
		)
	})?;

	// build transaction skeleton with inputs and change
	let (mut parts, change_key) = inputs_and_change(&coins, config, keychain, amount)?;

	// This is more proof of concept than anything but here we set lock_height
	// on tx being sent (based on current chain height via api).
	parts.push(build::with_lock_height(lock_height));

	let (tx, blind) = build::transaction(parts, &keychain)?;

	Ok((tx, blind, coins, change_key))
}

pub fn issue_burn_tx(
	config: &WalletConfig,
	keychain: &Keychain,
	amount: u64,
	minimum_confirmations: u64,
	max_outputs: usize,
) -> Result<(), Error> {
	let keychain = &Keychain::burn_enabled(keychain, &Identifier::zero());

	let chain_tip = checker::get_tip_from_node(config)?;
	let current_height = chain_tip.height;

	let _ = checker::refresh_outputs(config, keychain);

	let key_id = keychain.root_key_id();

	// select some spendable coins from the wallet
	let coins = WalletData::read_wallet(&config.data_file_dir, |wallet_data| {
		wallet_data.select_coins(
			key_id.clone(),
			amount,
			current_height,
			minimum_confirmations,
			max_outputs,
			false,
		)
	})?;

	debug!(LOGGER, "selected some coins - {}", coins.len());

	let (mut parts, _) = inputs_and_change(&coins, config, keychain, amount)?;

	// add burn output and fees
	let fee = tx_fee(coins.len(), 2, None);
	parts.push(build::output(amount - fee, Identifier::zero()));

	// finalize the burn transaction and send
	let (tx_burn, _) = build::transaction(parts, &keychain)?;
	tx_burn.validate()?;

	let tx_hex = util::to_hex(ser::ser_vec(&tx_burn).unwrap());
	let url = format!("{}/v1/pool/push", config.check_node_api_http_addr.as_str());
	let _: () =
		api::client::post(url.as_str(), &TxWrapper { tx_hex: tx_hex }).map_err(|e| Error::Node(e))?;
	Ok(())
}

fn inputs_and_change(
	coins: &Vec<OutputData>,
	config: &WalletConfig,
	keychain: &Keychain,
	amount: u64,
) -> Result<(Vec<Box<build::Append>>, Identifier), Error> {
	let mut parts = vec![];

	// calculate the total across all inputs, and how much is left
	let total: u64 = coins.iter().map(|c| c.value).sum();
	if total < amount {
		return Err(Error::NotEnoughFunds(total as u64));
	}

	// sender is responsible for setting the fee on the partial tx
	// recipient should double check the fee calculation and not blindly trust the
	// sender
	let fee = tx_fee(coins.len(), 2, None);
	parts.push(build::with_fee(fee));

	// if we are spending 10,000 coins to send 1,000 then our change will be 9,000
	// the fee will come out of the amount itself
	// if the fee is 80 then the recipient will only receive 920
	// but our change will still be 9,000
	let change = total - amount;

	// build inputs using the appropriate derived key_ids
	for coin in coins {
		let key_id = keychain.derive_key_id(coin.n_child)?;
		parts.push(build::input(coin.value, key_id));
	}

	// track the output representing our change
	let change_key = WalletData::with_wallet(&config.data_file_dir, |wallet_data| {
		let root_key_id = keychain.root_key_id();
		let change_derivation = wallet_data.next_child(root_key_id.clone());
		let change_key = keychain.derive_key_id(change_derivation).unwrap();

		wallet_data.add_output(OutputData {
			root_key_id: root_key_id.clone(),
			key_id: change_key.clone(),
			n_child: change_derivation,
			value: change as u64,
			status: OutputStatus::Unconfirmed,
			height: 0,
			lock_height: 0,
			is_coinbase: false,
		});

		change_key
	})?;

	parts.push(build::output(change, change_key.clone()));

	Ok((parts, change_key))
}

#[cfg(test)]
mod test {
	use core::core::build::{input, output, transaction};
	use keychain::Keychain;

	#[test]
	// demonstrate that input.commitment == referenced output.commitment
	// based on the public key and amount begin spent
	fn output_commitment_equals_input_commitment_on_spend() {
		let keychain = Keychain::from_random_seed().unwrap();
		let key_id1 = keychain.derive_key_id(1).unwrap();

		let (tx1, _) = transaction(vec![output(105, key_id1.clone())], &keychain).unwrap();
		let (tx2, _) = transaction(vec![input(105, key_id1.clone())], &keychain).unwrap();

		assert_eq!(tx1.outputs[0].commitment(), tx2.inputs[0].commitment());
	}
}