grin/wallet/src/libtx/proof.rs

// Copyright 2018 The Grin Developers
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Rangeproof library functions

use blake2;
use keychain::{Identifier, Keychain};
use libtx::error::{Error, ErrorKind};
use util::logger::LOGGER;
use util::secp::key::SecretKey;
use util::secp::pedersen::{Commitment, ProofInfo, ProofMessage, RangeProof};
use util::secp::{self, Secp256k1};

fn create_nonce<K>(k: &K, commit: &Commitment) -> Result<SecretKey, Error>
where
	K: Keychain,
{
	// hash(commit|masterkey) as nonce
	let root_key = k.root_key_id();
	let res = blake2::blake2b::blake2b(32, &commit.0, &root_key.to_bytes()[..]);
	let res = res.as_bytes();
	let mut ret_val = [0; 32];
	for i in 0..res.len() {
		ret_val[i] = res[i];
	}
	match SecretKey::from_slice(k.secp(), &ret_val) {
		Ok(sk) => Ok(sk),
		Err(e) => Err(ErrorKind::RangeProof(
			format!("Unable to create nonce: {:?}", e).to_string(),
		))?,
	}
}

/// So we want this to take an opaque structure that can be called
/// back to get the sensitive data

pub fn create<K>(
	k: &K,
	amount: u64,
	key_id: &Identifier,
	_commit: Commitment,
	extra_data: Option<Vec<u8>>,
	msg: ProofMessage,
) -> Result<RangeProof, Error>
where
	K: Keychain,
{
	let commit = k.commit(amount, key_id)?;
	let skey = k.derived_key(key_id)?;
	let nonce = create_nonce(k, &commit)?;
	if msg.len() == 0 {
		return Ok(k.secp().bullet_proof(amount, skey, nonce, extra_data, None));
	} else {
		if msg.len() != 64 {
			error!(LOGGER, "Bullet proof message must be 64 bytes.");
			return Err(ErrorKind::RangeProof(
				"Bullet proof message must be 64 bytes".to_string(),
			))?;
		}
	}
	return Ok(k.secp()
		.bullet_proof(amount, skey, nonce, extra_data, Some(msg)));
}

/// Verify a proof
pub fn verify(
	secp: &Secp256k1,
	commit: Commitment,
	proof: RangeProof,
	extra_data: Option<Vec<u8>>,
) -> Result<(), secp::Error> {
	let result = secp.verify_bullet_proof(commit, proof, extra_data);
	match result {
		Ok(_) => Ok(()),
		Err(e) => Err(e),
	}
}

/// Rewind a rangeproof to retrieve the amount
pub fn rewind<K>(
	k: &K,
	key_id: &Identifier,
	commit: Commitment,
	extra_data: Option<Vec<u8>>,
	proof: RangeProof,
) -> Result<ProofInfo, Error>
where
	K: Keychain,
{
	let skey = k.derived_key(key_id)?;
	let nonce = create_nonce(k, &commit)?;
	let proof_message = k.secp()
		.unwind_bullet_proof(commit, skey, nonce, extra_data, proof);
	let proof_info = match proof_message {
		Ok(p) => ProofInfo {
			success: true,
			value: 0,
			message: p,
			mlen: 0,
			min: 0,
			max: 0,
			exp: 0,
			mantissa: 0,
		},
		Err(_) => ProofInfo {
			success: false,
			value: 0,
			message: ProofMessage::empty(),
			mlen: 0,
			min: 0,
			max: 0,
			exp: 0,
			mantissa: 0,
		},
	};
	return Ok(proof_info);
}
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`// Copyright 2018 The Grin Developers`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`//! Rangeproof library functions`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`use blake2;`
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`use keychain::{Identifier, Keychain};`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`use libtx::error::{Error, ErrorKind};`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`use util::logger::LOGGER;`
			`use util::secp::key::SecretKey;`
			`use util::secp::pedersen::{Commitment, ProofInfo, ProofMessage, RangeProof};`
			`use util::secp::{self, Secp256k1};`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`fn create_nonce<K>(k: &K, commit: &Commitment) -> Result<SecretKey, Error>`
			`where`
			`K: Keychain,`
			`{`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`// hash(commit\|masterkey) as nonce`
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`let root_key = k.root_key_id();`
			`let res = blake2::blake2b::blake2b(32, &commit.0, &root_key.to_bytes()[..]);`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`let res = res.as_bytes();`
			`let mut ret_val = [0; 32];`
			`for i in 0..res.len() {`
			`ret_val[i] = res[i];`
			`}`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`match SecretKey::from_slice(k.secp(), &ret_val) {`
			`Ok(sk) => Ok(sk),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`Err(e) => Err(ErrorKind::RangeProof(`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`format!("Unable to create nonce: {:?}", e).to_string(),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`))?,`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`}`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`}`

			`/// So we want this to take an opaque structure that can be called`
			`/// back to get the sensitive data`

Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`pub fn create<K>(`
			`k: &K,`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`amount: u64,`
			`key_id: &Identifier,`
			`_commit: Commitment,`
			`extra_data: Option<Vec<u8>>,`
			`msg: ProofMessage,`
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`) -> Result<RangeProof, Error>`
			`where`
			`K: Keychain,`
			`{`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`let commit = k.commit(amount, key_id)?;`
			`let skey = k.derived_key(key_id)?;`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`let nonce = create_nonce(k, &commit)?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`if msg.len() == 0 {`
			`return Ok(k.secp().bullet_proof(amount, skey, nonce, extra_data, None));`
			`} else {`
			`if msg.len() != 64 {`
			`error!(LOGGER, "Bullet proof message must be 64 bytes.");`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`return Err(ErrorKind::RangeProof(`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`"Bullet proof message must be 64 bytes".to_string(),`
Libwallet refactoring - Library functions + ErrorTypes (#1113) * move checker and rename to updater * rustfmt * complete checker/updater move * rustfmt * move libwallet error into separate file * rustfmt * starting to sort our error types * updating errors in libtx and libwallet * rustfmt * factor out error type * rustfmt * compiling, errors split into libwallet and wallet errors * rustfmt * changing user error reporting to new format * rustfmt * clean up error types * clean up error types * move restore into libwallet * rustfmt 2018-06-01 17:06:59 +03:00			`))?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`}`
			`}`
			`return Ok(k.secp()`
			`.bullet_proof(amount, skey, nonce, extra_data, Some(msg)));`
			`}`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`/// Verify a proof`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`pub fn verify(`
			`secp: &Secp256k1,`
			`commit: Commitment,`
			`proof: RangeProof,`
			`extra_data: Option<Vec<u8>>,`
			`) -> Result<(), secp::Error> {`
			`let result = secp.verify_bullet_proof(commit, proof, extra_data);`
			`match result {`
			`Ok(_) => Ok(()),`
			`Err(e) => Err(e),`
			`}`
			`}`

libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`/// Rewind a rangeproof to retrieve the amount`
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`pub fn rewind<K>(`
			`k: &K,`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`key_id: &Identifier,`
			`commit: Commitment,`
			`extra_data: Option<Vec<u8>>,`
			`proof: RangeProof,`
Refactor the Keychain to be based on a trait (#1146) * First pass at restructuring the keychain crate and introducing a Keychain trait * Parameterized everything that had to. Stuff compiles. * More stuff compiles, fix most tests * Big merge, pushing down opening the keychain forced adding factory methods on trait * Test fixes for pool and servers crate 2018-06-08 08:21:54 +03:00			`) -> Result<ProofInfo, Error>`
			`where`
			`K: Keychain,`
			`{`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`let skey = k.derived_key(key_id)?;`
libwallet refactor context, aggsig, error handling (#1087) * remove context object from aggsig and transaction libs * fix to aggsig, and remove unnecessary warnings * put tx_fee function into libwallet::transaction * Error cleanup, and creating libwallet error type * remove some unwraps * checker bug * ensure transaction tests checks sender's wallet 2018-05-24 18:27:26 +03:00			`let nonce = create_nonce(k, &commit)?;`
Wallet+Keychain refactoring (#1035) * beginning to refactor keychain into wallet lib * rustfmt * more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now * clean some warnings * clean some warnings * fix wallet send test a bit * fix core tests, move wallet dependent tests into integration tests * repair chain tests * refactor/fix pool tests * fix wallet tests, moved from keychain * add wallet tests 2018-05-09 12:15:58 +03:00			`let proof_message = k.secp()`
			`.unwind_bullet_proof(commit, skey, nonce, extra_data, proof);`
			`let proof_info = match proof_message {`
			`Ok(p) => ProofInfo {`
			`success: true,`
			`value: 0,`
			`message: p,`
			`mlen: 0,`
			`min: 0,`
			`max: 0,`
			`exp: 0,`
			`mantissa: 0,`
			`},`
			`Err(_) => ProofInfo {`
			`success: false,`
			`value: 0,`
			`message: ProofMessage::empty(),`
			`mlen: 0,`
			`min: 0,`
			`max: 0,`
			`exp: 0,`
			`mantissa: 0,`
			`},`
			`};`
			`return Ok(proof_info);`
			`}`