mirror of
https://github.com/mimblewimble/grin.git
synced 2025-01-21 19:41:08 +03:00
9234e3c251
* Fix secondary scaling bugs; rename is_testnet -> is_floonet (#2215) * add global::is_mainnet() * use it to change pre-genesis pow type * rename is_testnet -> is_floonet * Support multiple chain configurations (#2217) * Support multiple chain configurations Supports generating the proper configuration for each chain type (mainnet, floonet, usernet). Will run them by default under their respective root directory (~/.grin/main, ~/.grin/floo, etc). Assigned default ports for mainnet, overriding them to keep Floonet ports unchanged. For now, starting on mainnet will abort. * Fixed usernet command line help message. Fixes #2217 * Differing magic numbers for each chain type (#2208) * stick to e=H(R|P|m) when use schnorr signature (#2200) * stick to e=H(R|P|m) when use schnorr signature * (1)add verify_slate_messages for wallet receive (2)log the message content * remove debug log on verify_slate_messages * verify the sender's message signature when receive_tx in wallet listen * Revert "remove debug log on verify_slate_messages" This reverts commit65ea32a407. * Revert "rustfmt" This reverts commitc380ab9185. * Revert "(1)add verify_slate_messages for wallet receive (2)log the message content" This reverts commit9584ca7a89. * [re-floonet] Keychain Floonet BIP32 version/network option (#2235) * add 'is_floonet' property to keychain * fix hex encoding and tests * Fix couple floonet loose ends (#2230) * Fix couple floonet loose ends. Fixes #2216 * Doc fix for sig message * Refuse unkown kernel features (#2244) * Minor: magic number change for re-floonet * Set pre genesis is_secondary to true (#2247) * Minor: tx validation error display underlying * New floonet genesis * genesis rustfmt * Use chain-specific config for wallet toml gen * Fix default wallet_listener_url * New more reasonable genesis block, bumped version * genesis rustfmt * Couple minor fixes to genesis generation script
255 lines
7.4 KiB
Rust
255 lines
7.4 KiB
Rust
// Copyright 2018 The Grin Developers
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
/// Implementation of the Keychain trait based on an extended key derivation
|
|
/// scheme.
|
|
use rand::distributions::Alphanumeric;
|
|
use rand::{thread_rng, Rng};
|
|
|
|
use crate::blake2;
|
|
|
|
use crate::extkey_bip32::{BIP32GrinHasher, ExtendedPrivKey};
|
|
use crate::types::{BlindSum, BlindingFactor, Error, ExtKeychainPath, Identifier, Keychain};
|
|
use crate::util::secp::key::SecretKey;
|
|
use crate::util::secp::pedersen::Commitment;
|
|
use crate::util::secp::{self, Message, Secp256k1, Signature};
|
|
|
|
#[derive(Clone, Debug)]
|
|
pub struct ExtKeychain {
|
|
secp: Secp256k1,
|
|
master: ExtendedPrivKey,
|
|
use_switch_commits: bool,
|
|
hasher: BIP32GrinHasher,
|
|
}
|
|
|
|
impl Keychain for ExtKeychain {
|
|
fn from_seed(seed: &[u8], is_floo: bool) -> Result<ExtKeychain, Error> {
|
|
let mut h = BIP32GrinHasher::new(is_floo);
|
|
let secp = secp::Secp256k1::with_caps(secp::ContextFlag::Commit);
|
|
let master = ExtendedPrivKey::new_master(&secp, &mut h, seed)?;
|
|
let keychain = ExtKeychain {
|
|
secp: secp,
|
|
master: master,
|
|
use_switch_commits: true,
|
|
hasher: h,
|
|
};
|
|
Ok(keychain)
|
|
}
|
|
|
|
fn from_mnemonic(word_list: &str, extension_word: &str, is_floo: bool) -> Result<Self, Error> {
|
|
let secp = secp::Secp256k1::with_caps(secp::ContextFlag::Commit);
|
|
let h = BIP32GrinHasher::new(is_floo);
|
|
let master = ExtendedPrivKey::from_mnemonic(&secp, word_list, extension_word, is_floo)?;
|
|
let keychain = ExtKeychain {
|
|
secp: secp,
|
|
master: master,
|
|
use_switch_commits: true,
|
|
hasher: h,
|
|
};
|
|
Ok(keychain)
|
|
}
|
|
|
|
/// For testing - probably not a good idea to use outside of tests.
|
|
fn from_random_seed(is_floo: bool) -> Result<ExtKeychain, Error> {
|
|
let seed: String = thread_rng().sample_iter(&Alphanumeric).take(16).collect();
|
|
let seed = blake2::blake2b::blake2b(32, &[], seed.as_bytes());
|
|
ExtKeychain::from_seed(seed.as_bytes(), is_floo)
|
|
}
|
|
|
|
fn root_key_id() -> Identifier {
|
|
ExtKeychainPath::new(0, 0, 0, 0, 0).to_identifier()
|
|
}
|
|
|
|
fn derive_key_id(depth: u8, d1: u32, d2: u32, d3: u32, d4: u32) -> Identifier {
|
|
ExtKeychainPath::new(depth, d1, d2, d3, d4).to_identifier()
|
|
}
|
|
|
|
fn derive_key(&self, amount: u64, id: &Identifier) -> Result<SecretKey, Error> {
|
|
let mut h = self.hasher.clone();
|
|
let p = id.to_path();
|
|
let mut ext_key = self.master;
|
|
for i in 0..p.depth {
|
|
ext_key = ext_key.ckd_priv(&self.secp, &mut h, p.path[i as usize])?;
|
|
}
|
|
|
|
match self.use_switch_commits {
|
|
true => Ok(self.secp.blind_switch(amount, ext_key.secret_key)?),
|
|
false => Ok(ext_key.secret_key),
|
|
}
|
|
}
|
|
|
|
fn commit(&self, amount: u64, id: &Identifier) -> Result<Commitment, Error> {
|
|
let key = self.derive_key(amount, id)?;
|
|
let commit = self.secp.commit(amount, key)?;
|
|
Ok(commit)
|
|
}
|
|
|
|
fn blind_sum(&self, blind_sum: &BlindSum) -> Result<BlindingFactor, Error> {
|
|
let mut pos_keys: Vec<SecretKey> = blind_sum
|
|
.positive_key_ids
|
|
.iter()
|
|
.filter_map(|k| {
|
|
let res = self.derive_key(k.value, &Identifier::from_path(&k.ext_keychain_path));
|
|
if let Ok(s) = res {
|
|
Some(s)
|
|
} else {
|
|
None
|
|
}
|
|
})
|
|
.collect();
|
|
|
|
let mut neg_keys: Vec<SecretKey> = blind_sum
|
|
.negative_key_ids
|
|
.iter()
|
|
.filter_map(|k| {
|
|
let res = self.derive_key(k.value, &Identifier::from_path(&k.ext_keychain_path));
|
|
if let Ok(s) = res {
|
|
Some(s)
|
|
} else {
|
|
None
|
|
}
|
|
})
|
|
.collect();
|
|
|
|
pos_keys.extend(
|
|
&blind_sum
|
|
.positive_blinding_factors
|
|
.iter()
|
|
.filter_map(|b| b.secret_key(&self.secp).ok())
|
|
.collect::<Vec<SecretKey>>(),
|
|
);
|
|
|
|
neg_keys.extend(
|
|
&blind_sum
|
|
.negative_blinding_factors
|
|
.iter()
|
|
.filter_map(|b| b.secret_key(&self.secp).ok())
|
|
.collect::<Vec<SecretKey>>(),
|
|
);
|
|
|
|
let sum = self.secp.blind_sum(pos_keys, neg_keys)?;
|
|
Ok(BlindingFactor::from_secret_key(sum))
|
|
}
|
|
|
|
fn sign(&self, msg: &Message, amount: u64, id: &Identifier) -> Result<Signature, Error> {
|
|
let skey = self.derive_key(amount, id)?;
|
|
let sig = self.secp.sign(msg, &skey)?;
|
|
Ok(sig)
|
|
}
|
|
|
|
fn sign_with_blinding(
|
|
&self,
|
|
msg: &Message,
|
|
blinding: &BlindingFactor,
|
|
) -> Result<Signature, Error> {
|
|
let skey = &blinding.secret_key(&self.secp)?;
|
|
let sig = self.secp.sign(msg, &skey)?;
|
|
Ok(sig)
|
|
}
|
|
|
|
fn set_use_switch_commits(&mut self, value: bool) {
|
|
self.use_switch_commits = value;
|
|
}
|
|
|
|
fn secp(&self) -> &Secp256k1 {
|
|
&self.secp
|
|
}
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod test {
|
|
use crate::keychain::ExtKeychain;
|
|
use crate::types::{BlindSum, BlindingFactor, ExtKeychainPath, Keychain};
|
|
use crate::util::secp;
|
|
use crate::util::secp::key::SecretKey;
|
|
|
|
#[test]
|
|
fn test_key_derivation() {
|
|
let keychain = ExtKeychain::from_random_seed(false).unwrap();
|
|
let secp = keychain.secp();
|
|
|
|
let path = ExtKeychainPath::new(1, 1, 0, 0, 0);
|
|
let key_id = path.to_identifier();
|
|
|
|
let msg_bytes = [0; 32];
|
|
let msg = secp::Message::from_slice(&msg_bytes[..]).unwrap();
|
|
|
|
// now create a zero commitment using the key on the keychain associated with
|
|
// the key_id
|
|
let commit = keychain.commit(0, &key_id).unwrap();
|
|
|
|
// now check we can use our key to verify a signature from this zero commitment
|
|
let sig = keychain.sign(&msg, 0, &key_id).unwrap();
|
|
secp.verify_from_commit(&msg, &sig, &commit).unwrap();
|
|
}
|
|
|
|
// We plan to "offset" the key used in the kernel commitment
|
|
// so we are going to be doing some key addition/subtraction.
|
|
// This test is mainly to demonstrate that idea that summing commitments
|
|
// and summing the keys used to commit to 0 have the same result.
|
|
#[test]
|
|
fn secret_key_addition() {
|
|
let keychain = ExtKeychain::from_random_seed(false).unwrap();
|
|
|
|
let skey1 = SecretKey::from_slice(
|
|
&keychain.secp,
|
|
&[
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 1,
|
|
],
|
|
)
|
|
.unwrap();
|
|
|
|
let skey2 = SecretKey::from_slice(
|
|
&keychain.secp,
|
|
&[
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 2,
|
|
],
|
|
)
|
|
.unwrap();
|
|
|
|
// adding secret keys 1 and 2 to give secret key 3
|
|
let mut skey3 = skey1.clone();
|
|
let _ = skey3.add_assign(&keychain.secp, &skey2).unwrap();
|
|
|
|
// create commitments for secret keys 1, 2 and 3
|
|
// all committing to the value 0 (which is what we do for tx_kernels)
|
|
let commit_1 = keychain.secp.commit(0, skey1).unwrap();
|
|
let commit_2 = keychain.secp.commit(0, skey2).unwrap();
|
|
let commit_3 = keychain.secp.commit(0, skey3).unwrap();
|
|
|
|
// now sum commitments for keys 1 and 2
|
|
let sum = keychain
|
|
.secp
|
|
.commit_sum(vec![commit_1.clone(), commit_2.clone()], vec![])
|
|
.unwrap();
|
|
|
|
// confirm the commitment for key 3 matches the sum of the commitments 1 and 2
|
|
assert_eq!(sum, commit_3);
|
|
|
|
// now check we can sum keys up using keychain.blind_sum()
|
|
// in the same way (convenience function)
|
|
assert_eq!(
|
|
keychain
|
|
.blind_sum(
|
|
&BlindSum::new()
|
|
.add_blinding_factor(BlindingFactor::from_secret_key(skey1))
|
|
.add_blinding_factor(BlindingFactor::from_secret_key(skey2))
|
|
)
|
|
.unwrap(),
|
|
BlindingFactor::from_secret_key(skey3),
|
|
);
|
|
}
|
|
}
|