grin/wallet/src/libtx/proof.rs

// Copyright 2018 The Grin Developers
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Rangeproof library functions

use blake2;
use keychain::Keychain;
use keychain::extkey::Identifier;
use libtx::error::{Error, ErrorKind};
use util::logger::LOGGER;
use util::secp::key::SecretKey;
use util::secp::pedersen::{Commitment, ProofInfo, ProofMessage, RangeProof};
use util::secp::{self, Secp256k1};

fn create_nonce(k: &Keychain, commit: &Commitment) -> Result<SecretKey, Error> {
	// hash(commit|masterkey) as nonce
	let root_key = k.root_key_id().to_bytes();
	let res = blake2::blake2b::blake2b(32, &commit.0, &root_key);
	let res = res.as_bytes();
	let mut ret_val = [0; 32];
	for i in 0..res.len() {
		ret_val[i] = res[i];
	}
	match SecretKey::from_slice(k.secp(), &ret_val) {
		Ok(sk) => Ok(sk),
		Err(e) => Err(ErrorKind::RangeProof(
			format!("Unable to create nonce: {:?}", e).to_string(),
		))?,
	}
}

/// So we want this to take an opaque structure that can be called
/// back to get the sensitive data

pub fn create(
	k: &Keychain,
	amount: u64,
	key_id: &Identifier,
	_commit: Commitment,
	extra_data: Option<Vec<u8>>,
	msg: ProofMessage,
) -> Result<RangeProof, Error> {
	let commit = k.commit(amount, key_id)?;
	let skey = k.derived_key(key_id)?;
	let nonce = create_nonce(k, &commit)?;
	if msg.len() == 0 {
		return Ok(k.secp().bullet_proof(amount, skey, nonce, extra_data, None));
	} else {
		if msg.len() != 64 {
			error!(LOGGER, "Bullet proof message must be 64 bytes.");
			return Err(ErrorKind::RangeProof(
				"Bullet proof message must be 64 bytes".to_string(),
			))?;
		}
	}
	return Ok(k.secp()
		.bullet_proof(amount, skey, nonce, extra_data, Some(msg)));
}

/// Verify a proof
pub fn verify(
	secp: &Secp256k1,
	commit: Commitment,
	proof: RangeProof,
	extra_data: Option<Vec<u8>>,
) -> Result<(), secp::Error> {
	let result = secp.verify_bullet_proof(commit, proof, extra_data);
	match result {
		Ok(_) => Ok(()),
		Err(e) => Err(e),
	}
}

/// Rewind a rangeproof to retrieve the amount
pub fn rewind(
	k: &Keychain,
	key_id: &Identifier,
	commit: Commitment,
	extra_data: Option<Vec<u8>>,
	proof: RangeProof,
) -> Result<ProofInfo, Error> {
	let skey = k.derived_key(key_id)?;
	let nonce = create_nonce(k, &commit)?;
	let proof_message = k.secp()
		.unwind_bullet_proof(commit, skey, nonce, extra_data, proof);
	let proof_info = match proof_message {
		Ok(p) => ProofInfo {
			success: true,
			value: 0,
			message: p,
			mlen: 0,
			min: 0,
			max: 0,
			exp: 0,
			mantissa: 0,
		},
		Err(_) => ProofInfo {
			success: false,
			value: 0,
			message: ProofMessage::empty(),
			mlen: 0,
			min: 0,
			max: 0,
			exp: 0,
			mantissa: 0,
		},
	};
	return Ok(proof_info);
}
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`// Copyright 2018 The Grin Developers`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`//! Rangeproof library functions`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`use blake2;`
Minimal Transaction Pool (#1067) * verify a tx like we verify a block (experimental) * first minimal_pool test up and running but not testing what we need to * rework tx_pool validation to use txhashset extension * minimal tx pool wired up but rough * works locally (rough statew though) delete "legacy" pool and graph code * rework the new pool into TransactionPool and Pool impls * rework pool to store pool entries with associated timer and source etc. * all_transactions * extra_txs so we can validate stempool against existing txpool * rework reconcile_block * txhashset apply_raw_tx can now rewind to a checkpoint (prev raw tx) * wip - txhashset tx tests * more flexible rewind on MMRs * add tests to cover apply_raw_txs on txhashset extension * add_to_stempool and add_to_txpool * deaggregate multi kernel tx when adding to txpoool * handle freshness in stempool handle propagation of stempool txs via dandelion monitor * patience timer and fluff if we cannot propagate to next relay * aggregate and fluff stempool is we have no relay * refactor coinbase maturity * rewrote basic tx pool tests to use a real txhashset via chain adapter * rework dandelion monitor to reflect recent discussion works locally but needs a cleanup * refactor dandelion_monitor - split out phases * more pool test coverage * remove old test code from pool (still wip) * block_building and block_reconciliation tests * tracked down chain test failure... * fix test_coinbase_maturity * dandelion_monitor now runs... * refactor dandelion config, shared across p2p and pool components * fix pool tests with new config * fix p2p tests * rework tx pool to deal with duplicate commitments (testnet2 limitation) * cleanup and address some PR feedback * add big comment about pre_tx... 2018-05-30 23:57:13 +03:00			`use keychain::Keychain;`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`use keychain::extkey::Identifier;`
			`use libtx::error::{Error, ErrorKind};`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`use util::logger::LOGGER;`
			`use util::secp::key::SecretKey;`
			`use util::secp::pedersen::{Commitment, ProofInfo, ProofMessage, RangeProof};`
			`use util::secp::{self, Secp256k1};`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`fn create_nonce(k: &Keychain, commit: &Commitment) -> Result<SecretKey, Error> {`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`// hash(commit\|masterkey) as nonce`
			`let root_key = k.root_key_id().to_bytes();`
			`let res = blake2::blake2b::blake2b(32, &commit.0, &root_key);`
			`let res = res.as_bytes();`
			`let mut ret_val = [0; 32];`
			`for i in 0..res.len() {`
			`ret_val[i] = res[i];`
			`}`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`match SecretKey::from_slice(k.secp(), &ret_val) {`
			`Ok(sk) => Ok(sk),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`Err(e) => Err(ErrorKind::RangeProof(`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`format!("Unable to create nonce: {:?}", e).to_string(),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`))?,`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`}`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`}`

			`/// So we want this to take an opaque structure that can be called`
			`/// back to get the sensitive data`

			`pub fn create(`
			`k: &Keychain,`
			`amount: u64,`
			`key_id: &Identifier,`
			`_commit: Commitment,`
			`extra_data: Option<Vec<u8>>,`
			`msg: ProofMessage,`
			`) -> Result<RangeProof, Error> {`
			`let commit = k.commit(amount, key_id)?;`
			`let skey = k.derived_key(key_id)?;`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`let nonce = create_nonce(k, &commit)?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`if msg.len() == 0 {`
			`return Ok(k.secp().bullet_proof(amount, skey, nonce, extra_data, None));`
			`} else {`
			`if msg.len() != 64 {`
			`error!(LOGGER, "Bullet proof message must be 64 bytes.");`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`return Err(ErrorKind::RangeProof(`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`"Bullet proof message must be 64 bytes".to_string(),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`))?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`}`
			`}`
			`return Ok(k.secp()`
			`.bullet_proof(amount, skey, nonce, extra_data, Some(msg)));`
			`}`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`/// Verify a proof`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`pub fn verify(`
			`secp: &Secp256k1,`
			`commit: Commitment,`
			`proof: RangeProof,`
			`extra_data: Option<Vec<u8>>,`
			`) -> Result<(), secp::Error> {`
			`let result = secp.verify_bullet_proof(commit, proof, extra_data);`
			`match result {`
			`Ok(_) => Ok(()),`
			`Err(e) => Err(e),`
			`}`
			`}`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`/// Rewind a rangeproof to retrieve the amount`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`pub fn rewind(`
			`k: &Keychain,`
			`key_id: &Identifier,`
			`commit: Commitment,`
			`extra_data: Option<Vec<u8>>,`
			`proof: RangeProof,`
			`) -> Result<ProofInfo, Error> {`
			`let skey = k.derived_key(key_id)?;`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`let nonce = create_nonce(k, &commit)?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`let proof_message = k.secp()`
			`.unwind_bullet_proof(commit, skey, nonce, extra_data, proof);`
			`let proof_info = match proof_message {`
			`Ok(p) => ProofInfo {`
			`success: true,`
			`value: 0,`
			`message: p,`
			`mlen: 0,`
			`min: 0,`
			`max: 0,`
			`exp: 0,`
			`mantissa: 0,`
			`},`
			`Err(_) => ProofInfo {`
			`success: false,`
			`value: 0,`
			`message: ProofMessage::empty(),`
			`mlen: 0,`
			`min: 0,`
			`max: 0,`
			`exp: 0,`
			`mantissa: 0,`
			`},`
			`};`
			`return Ok(proof_info);`
			`}`