xmr: master merging commit
templates: build
style: correct math in comment
[260130c1] xmr: show address fix
[abd27e6c] xmr: reorganize module structure
[cd9e5a5d] xmr: simplify layout code
[a5b56f17] xmr: monero.crypto test fix
[60bc30ec] xmr: minor fixes
[f82bd9c0] xmr: use trezor.utils.ensure
[adf119ac] xmr: get rid of xmr.common module
[3531a42f] pipenv: temporary fix attempt for travis
- until pipenv bug is resolved
[d172f86f] xmr: protob messages refactored
[e83085ea] trezor-common version bump & messages regenerated
xmr: mlsag_hasher simplified
[feb5f1c6] xmr: simplify key_image_sync workflow
[d4cb0084] xmr: tiny note in README and typo
[62411cde] xmr: readme updates
[ff15b46e] xmr: rename and order mlsag functions
[3fb57dab] xmr: mlsag notes
[c27ae90b] xmr: output index check added in step6
[973c457b] xmr: grouping is mandatory
[684c7e19] xmr: range sig grouping check added
[012ca766] xmr: small refactor in borromean range proof
[1ba72b65] xmr: move range signatures to seperate file; rename mlsag2 to mlsag
[a89f3ab0] xmr: fix wrong annotation in modtrezorcrypto
[8303b42f] xmr: state's use_simple_rct and use_bulletproof modified to enums
[276712a9] xmr: re-export most of functions in apps.monero.xmr.crypto
[74165457] xmr: out_pk_masks changed to out_pk_commitments
[1e186727] xmr: state comments
[3c69a2e1] xmr: TrezorTxPrefixHashNotMatchingError note removed
only concerns multisig
[5af0feae] xmr: master merging commit
xmr: step 10 review
[d8e99375] xmr: step 09 review
[a510150d] travis: workaround form 6a0ea22b6eb3bdc9bce62d7c88fb8841ef8fdb0c
[03d27115] mocks: regenerate
[bd24bb35] mocks: add support for entering the global scope
[f75c1902] mocks: regenerate
[bce85968] modtrezorcrypto: define mock package
[7c077521] mocks: support package definition
[b3f1017b] xmr: step 05 and 06 masks and range proofs review
Masks are now always generated in step 5 and stored in state.
Range proofs were reviewed only in a high-level manner and will be
reviewed later.
[67f391cd] xmr: step 08 review
[673bf01f] xmr: steps 04, 05, 06 (almost) and 07 review
_range_proof in step 06 is still to be reviewed
[24c52517] xmr: simplify serialization, remove Archive
[896cdebf] xmr: redundant exception removed
[cb3813aa] xmr: serializer simplified
[471213b4] xmr: serializer flake8 fix
[9d4df17f] xmr: aescbc not needed
[52dd8b3b] xmr: serializer - erefs kicked out
[9e3be78f] xmr: sign cleanup, comments
- state cleanup, comments added, unused code removed
[164a7d6a] xmr: sign step 09 - fix in_memory artifact, dead branch
[8fa4066d] xmr: sign step 03 - permutation length check added
[55a593aa] xmr: multisig removed from protocol and functions
[6470678d] xmr: black styling
[02664401] xmr: step 03 review
[daf7b7d6] xmr: step 02 review
xmr: adding agent tests to travis
[c752866f] xmr: unused imports removed
[85115fd9] xmr: serializer test fixed
- removed unsupported messages after serialization simplification
[60874751] xmr: sign step 06 - comment on bulletproof hashing
- hash_bp(bp) != hash(serialize(bp)) because hash does not contain array lengths
[4abb5473] xmr: sign protocol - multisig logic removed
[813cb3a0] xmr: lite protocol removed
- backup left in xmr-total-full-with-lite branch
[e5f5b5bd] xmr: serialization slimming
- base types reduced, not needed for now
- some int serialization methods not used now
[fb515aaf] xmr: serialization - archive simplified
- simple parameter passing, no kwargs
- unused methods removed
- reader/writer passing removed for archive methods
[ec4c4adb] xmr: KeccakXmrArchive simplified, no archive used
- getting rid of container_size. We dont use containers with fixed size so this special case can be abandoned.
- KeccakXmrArchive is lighweight without need to touch main serialization
[90065bd4] xmr: serialization - serialize_archive removed
- custom serialization routine is not required at this moment
[b98c2f89] xmr: extra serialization refactored, manual serialization
- extra is serialized manually to reduce serialization overhead
- extra contains simple structures now:
- payment ID = already serialized manually
- tx pub key = easy to serialize manually
- tx additional pub keys = serialized manually with little effort, more efficient memory usage
[8ce28a54] xmr: state 6 - provided tx keys removed
- needed only in the multisig scenario which is pruned now
[8d827f46] xmr: PreMlsagHasher pseudo out hashing fix
[49e552da] xmr: redundant import removed
[4199943d] xmr: KeccakXmrArchive simplified
[69bbf5fa] xmr: PreMlsagHasher - KeyV import removed, comment added
[9a194fa2] xmr: step7 - manual hashing of Extra
[d8a09283] xmr: PreMlsagHasher state load/save removed
- not needed, state not serialized anymore
[d5f43fa4] xmr: serialize reimport removed
- complex types are not surviving protocol boundary anymore, no need to fix hierarchy problems due to unimporting
[3b045612] xmr: serialize - TupleType removed
[b9a56981] xmr: serialization schemes simplified
[a59dbb8d] xmr: HashWrapper removed
[d0d1f05b] xmr: step 01 cleanup and comments
[8f7a7782] xmr: isort, black, flake8 fixes
[14265eb2] xmr: getting rid of CtKey from the state
- only lightweight objects are kept in the state. CtKey is import heavy object. Each set_out call locally imports a new own version of the Ctkey which causes a memory leak.
[c0cfc203] xmr: set_out minor function call fix
[c11c4686] xmr: sign_tx unimport optimization to reduce fragmentation
[df0a1dfc] xmr: range_sig allocation reordering, large chunks first
[63cddd5f] xmr: remove misc.StdObj
[8c8e3f33] xmr: proper memory usage in workflow
[9be1e0ac] xmr: typos and renames
[87f718b5] xmr: back to flat workflow
[64751339] xmr: refactor builder to seperate steps
- lot of work to be done, but the general idea will probably stay
- the messages workflow works, but the signed tx was not accepted by
daemon, so there is a bug somewhere
- additional cleanup/refactoring is defintely needed
[14b0a851] xmr: iface modified to layout
[27d568e1] xmr: extmod refactoring
- *_into removed, replaced by generic methods
- point_add, point_sub added
- code cleanup (+1 squashed commit)
Squashed commits:
[fbe39496] monero support added
Squashed commits:
xmr: hmac/enc keys removed from builder
[41028dff] xmr: unused function removed
[358573e3] xmr: PR comments fixes
[4abf9dc9] xmr: test fixes after refactoring
[192785ad] template rebuilt
[57a1f25e] xmr: wrapper protocol messages removed
[6f40ce17] xmr: trezor-common version bump & sync
[03e71de2] xmr: check input permutation
[6fc8b0ec] xmr: code cleanup, refactoring
[85ecc151] xmr: crypto code cleanup
[20b4113c] xmr: chunked bulletproof vectors
- workaround for the heap fragmentation problems
[66786f9d] tools: enable to reset class level indentation for mocks gen
[dc6f84a9] xmr: extmod-monero comments added, for mocks
[b1d4ab11] xmr: code cleanup
[447a8625] xmr: tsx confirmation raises exception on cancellation
[00dd8f6c] xmr: protocol optimizations removed, flow unified
- in_memory optimization stored tx.vin parts in the memory which enabled to skip roundtrips with permutations and hash_vini. Optimizations was removed so the protocol flow is unified among inputs, independent of the tx specs
- many_inputs: optimization stored spending keys for UTXO in memory, now it is offloaded in the encrypted form.
[ea69c7ad] vendor: trezor-common version bump & pb sync
[5d81c2a8] xmr: manual BP serialization
- more memory effective as the memory is critical in the range proof section
[d64bda7c] xmr: range_proof C-impl deprecated
- using now partitioned implementation in Python, which is also quite fast and easier to maintain due to allocations and buffers.
[18604e0f] xmr: borromean range sig generated by partitions
- overcomes heap fragmentation problem
[65a5116b] xmr: comments removed
[ca2bd0cc] xmr: auto-generated intelliJ param comments removed
[a75ef32e] xmr: code cleanup, heap fragmentations fixes
Squashed commits:
[d2ac2eb6] xmr: addr cleanup
[7e4c1a9c] xmr: code cleanup, heap fragmentations fixes
[93af8afb] xmr: refactoring, typing, comments
[28df8662] xmr: comment fix
[8b4f4d9c] xmr: serializer test fix (+34 squashed commits)
Squashed commits:
[823ee192] xmr: crypto comment cleanup
[6debfb6b] xmr: ring_ct cleanup
[759f52bf] xmr: tsx signer code style, hintins
[0b175bc9] xmr: tsx builder external state removed
[fee4a5ad] xmr: builder state fix
[92736fa7] xmr: sign_tx unimport
[a570ecb9] xmr: misc code cleanup
[4a496bb7] xmr: hash wrapper not needed in writer
[fefdb834] xmr: signer serialization improved
[8fa6eec9] xmr: signer mem clean
[66c53fe5] xmr: isort
[6996bd90] xmr: black
[59915a85] xmr: tsx input serialization refactored
[326af131] xmr: msg dump with prefix
[6e39801d] xmr: manual serialization of tx prefix
[9e5e047a] xmr: manual serialization improvements
[d07cee60] xmr: manual serialization of txout elements
[8d56c80e] xmr: TxOut custom serialization optimized II
[c19ba122] xmr: TxOut custom serialization optimized
[ce0d9b0b] xmr: TxOut manual serialization
[44e38342] xmr: sing_tx unimport
[61ac61be] xmr: lite log trace rename
[176b4275] xmr: de-async overhaul
[89ae3bad] xmr: diag style
[5ccb2fbb] xmr: wrappers cleanup
[aa86fb19] xmr: py3 only inheritance
[8031b1b0] xmr: builder, log_trace -> mem_trace for clarity
[25bf70d7] xmr: debugging logging only in debug mode
[c7c8d3c8] xmr: iface cleanup
[b0373396] xmr: lite debug only
[b1f6ce04] xmr: diag only in debug
[de7d718b] xmr: tsx counter removed
[76729beb] xmr: tsx_sign removed
[c6e6ffa8] Merge commit 'ba500bf4ec1ef9cd953bdf5a47888c5226db8d0b' into xmr
[ee97ef9f] xmr: minor code cleanup
xmr: black
xmr: minor code cleanup
[bae3ecac] xmr: bp comments
[5e812e6f] xmr: sign - mem_trace, pydoc
[7216a8c6] xmr: pydoc removed
[e87365f4] xmr: layout cleanup
[8d21d82e] xmr: redundant constructors removed
[9aa82bed] xmr: redundant comments removed
[9b926d6c] xmr: preludes removed
[bc9e77f1] xmr: readme update
[cf62047a] xmr: aggregated bulletproofs + rsig offloading
xmr: change idx fix
xmr: iface refactoring, integrated address (+5 squashed commits)
xmr: layout pagination refactoring
xmr: addr - integrated address
pb: sync
vendor: trezor-common version bump
xmr: style fixes
xmr: handle sweep tsx correctly
- handle dummy change address correctly
xmr: integrated address generation
build: fix after trezor-crypto version bump
xmr: new protocol dispatch handlers
xmr: slip0010
[43cf4c3c] xmr: comment fix
xmr: extmod pointer aritm fix
xmr: _into api unified, result is the first parameter
xmr: bp cleanup
xmr: scalar nullity test fix
xmr: msg registration improved
- lite protocol optional
- diag protocol optional
xmr: unused imports (+33 squashed commits)
[b4d045ae] xmr: bp - noqa flake8 false positive
[2c79d4be] xmr: isort
[8b9d2835] xmr: code cleanup
[eb7496e9] xmr: iface - shorter timeouts for faster tests
[59520b63] xmr: ringct comment
[6b16088e] xmr: signer - comment fixes
[a08958e2] xmr: simple and bulletproof condition fix
[4e0289a9] vendor: trezor-common version bump
[de472e5a] xmr: black
[234d2249] xmr: lightening, fixes, KeccakXmrArchive
- builder keys
- unload mods before memory intensive operation
[abdec665] xmr: sign_tx logging
[989d8687] xmr: serialize lightening
[7d61f056] xmr: tsx sign refactoring, lightening
- wake_up state restore
- minimize import weight
[3a0daa8b] xmr: serialize thinning
[65ad1d2e] xmr: serialize thinning
[501221d5] xmr: bp - thinning
[3d980377] xmr: bp - generalization with proof_v8
[10d11d60] xmr: extended rsig - offloading protocol
[a8f5caa2] xmr: crypto - rsig params fix
[f5e130b8] xmr: crypto - inv8
[dbc3f9d8] xmr: rsig pb sync
[5748a13e] xmr: bp - data for bp4 fix (+18 squashed commits)
Squashed commits:
[5bcd54e3] xmr: bp - black
[e93e97dd] xmr: bp refactoring, large memory optimizations
- memoryview in __getitem__ requires new memory allocation so the refactored version uses to(), read() methods that can operate directly on buffers without need to create memory views.
[c30745ae] xmr: bp - black
[f5c40699] xmr: bp - tests extended
[8dae75de] xmr: bp - get_exponent optim
[3e59ff80] xmr: bp - precomputations for 4 statements
[d1d2e29c] xmr: bp - gc.collect
[1bb6b5ba] xmr: bp - optimizations, streamlining
[2a2b0cb7] xmr: bp - verification in log(MN) memory for 1 proof
- not allocating MN vectors
- sequential multiexec added for memory efficient verification
- bulletproofs: maintain -z4, -z5, and -y0 to avoid subtractions [8276d25]
- bulletproofs: merge multiexps as per sarang's new python code [acd64d2b]
[75aa7dee] xmr: bp - memory optimization
[a10d05a9] xmr: bp - deterministic mask generation init
[5060d6a7] xmr: bp optimizations
[dd69eb1b] xmr: bp - black
[19f0f64b] xmr: bp - optimizations, power key vector
[2ba63f8c] xmr: bp - minor cleanup, optimizations, scalarmultH
[31c9ca2d] xmr: bp - mem clean
[3fc2c793] xmr: bp - memory save
[5b16c9cc] bp: black
[f1040c97] xmr: crypto - memory leak fix
[ff863510] xmr: iface - flake
[6ebf69c2] xmr: lite - flake8, black
[eee55d62] xmr: bp - memory diag
[2767009b] xmr: bulletproofs upgrade, mainnet version, cleaning
[be6ebbd5] xmr: lite protocol
[d603e96d] xmr: pb sync
[5da15da9] vendor: trezor-common fix
[0373b97e] xmr: iface - output confirmation split, subaddr fix
[2cf32176] xmr: monero - subaddress fixed for index (0, 0)
[3bb8f08b] xmr: enc.aescbc added - for lite protocol (+1 squashed commit)
Squashed commits:
[011dbaab] TMP: trezor-common on master, crypto on ph4
- trezor-crypto on ph4r04 fork as it has all required stuff
- Lite protocol not merged in master, thus does not work in the PR
[795b34e1] xmr: get_address fix
[2d39c90c] xmr: bp - import fix (squashed commit)
Squashed commits:
[2d5c6cee] extmod: monero - reduce32 and ge25519_norm removed (squashed commit)
- not needed in trezor-core (+4 squashed commits)
Squashed commits:
[90e6b5c5] xmr: bp optimization
[4fda0d22] xmr: redundant ge_ functions removed
[68903767] xmr: crypto - sc_reduce32 not needed
[c8a6c807] xmr: test for inversion added (+12 squashed commits)
Squashed commits:
[378928db] xmr: adapting to new trezor-crypto
[8f4ff8c1] protob sync
[82dff70a] vendor: trezor-common version bump
[fabc67b3] extmod: monero - inversion mod curve order optimized a bit
[4f29fe4c] xmr: import fix
[f6f8e300] xmr: bp - code cleanup
[d54b4f3b] xmr: bp - memory cleaning
[1065abc3] xmr: tsx_signer - bulletproofs fixes
[9f8a700f] xmr: bp key vector iterator fix
[49c25977] xmr.serialize: bulletproof fix
[1ee77378] xmr: monero - format
[cf0a7104] xmr: bp last mask fix (+20 squashed commits)
Squashed commits:
[fa1c3623] xmr: black
[3f3e31f3] xmr: bulletproofs added to signer
[d23d9284] xmr: protocol.tsx_sign_builder - logger collects
[a28eb55f] xmr: bp - memory optimizations
[d2fcb23a] xmr: tests for bulletproofs added
[82eef146] xmr: bp - gc (+14 squashed commits)
Squashed commits:
[4cf70d97] xmr: bp - gc
[42877b05] xmr: bp - minor memory optimization
[2c612e45] xmr: bp - use sc_inv_into
[d7e9dab4] xmr: bp - KeyVEval fix
[1523f400] xmr: bp - blacked
[b264a65b] xmr: bp - KeyVEval - caching current element, avoid allocations
[83ba7a65] xmr: bp - memory view optimized
[b517906c] xmr: bp - gc() during inversion
[92d37c88] xmr: bp - gc.collect() after expensive inversion
[e7fad558] xmr: bp - hashing memory optimization
[4c278152] xmr: bp - deterministic masks optimization, prove_s1 optim
[cbf74a70] xmr: bp - detect which modular inversion is usable
[8ea1ec43] xmr: better memory tracing for bulletproofs
[2f4dd552] xmr: bulletproofs added
[1928e2d3] xmr: crypto - sc_inv_into added (+2 squashed commits)
Squashed commits:
[f895fa6e] xmr: crypto - hash to existing buffer
[b76c6b09] xmr: crypto - in-place crypto functions added
- required for Bulletproof to minimize the heap fragmentation
[cab4366e] extmod: monero - modular inversion mod curve order added (+2 squashed commits)
Squashed commits:
[52a6e487] extmod: monero - hash into buffer added
[695a3827] extmod: monero module - muladd256_modm added
- required for Bulletproof
[3f4498d7] xmr: crypto tests added
- basic unit tests for crypto, tests monero module and underlying trezor-crypto + basic address manipulation
[820d012d] pb sync
[49eeddd1] vendor: trezor-common version bump
[30382440] xmr: crypto - point norm not needed
[89701c41] tests: xmr - serializer tests added
[bfee46db] tests: support async unit tests, assertListEqual added
[55c14487] xmr: serialize - serialization logic cleaned, refactored
[4b771638] xmr: simplification, do not ask to confirm change tx output
- change address checked to match main address in the builder
[f334d8ad] xmr: protocol: simplification - require change address to equal the main address
[1a3416eb] xmr: unpack256_modm_noreduce added
- 32B array to integer mod curve order, without modular reduction after conversion
- required for bulletproofs
[1c94b5d4] xmr: readme added
[3cc9f9fa] extmod/monero: mul256_modm added, required for BP
[5cf77a4c] xmr: monero support added [for review]
depends on PRs:
https://github.com/trezor/trezor-crypto/pull/162
https://github.com/trezor/trezor-core/pull/286
2018-08-06 12:07:14 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the TREZOR project, https://trezor.io/
|
|
|
|
*
|
|
|
|
* Copyright (c) SatoshiLabs
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "py/objstr.h"
|
|
|
|
#include "py/objint.h"
|
|
|
|
#include "py/mpz.h"
|
|
|
|
|
|
|
|
#include "monero/monero.h"
|
|
|
|
#include "bignum.h"
|
2019-01-23 16:16:46 +00:00
|
|
|
#include "memzero.h"
|
xmr: master merging commit
templates: build
style: correct math in comment
[260130c1] xmr: show address fix
[abd27e6c] xmr: reorganize module structure
[cd9e5a5d] xmr: simplify layout code
[a5b56f17] xmr: monero.crypto test fix
[60bc30ec] xmr: minor fixes
[f82bd9c0] xmr: use trezor.utils.ensure
[adf119ac] xmr: get rid of xmr.common module
[3531a42f] pipenv: temporary fix attempt for travis
- until pipenv bug is resolved
[d172f86f] xmr: protob messages refactored
[e83085ea] trezor-common version bump & messages regenerated
xmr: mlsag_hasher simplified
[feb5f1c6] xmr: simplify key_image_sync workflow
[d4cb0084] xmr: tiny note in README and typo
[62411cde] xmr: readme updates
[ff15b46e] xmr: rename and order mlsag functions
[3fb57dab] xmr: mlsag notes
[c27ae90b] xmr: output index check added in step6
[973c457b] xmr: grouping is mandatory
[684c7e19] xmr: range sig grouping check added
[012ca766] xmr: small refactor in borromean range proof
[1ba72b65] xmr: move range signatures to seperate file; rename mlsag2 to mlsag
[a89f3ab0] xmr: fix wrong annotation in modtrezorcrypto
[8303b42f] xmr: state's use_simple_rct and use_bulletproof modified to enums
[276712a9] xmr: re-export most of functions in apps.monero.xmr.crypto
[74165457] xmr: out_pk_masks changed to out_pk_commitments
[1e186727] xmr: state comments
[3c69a2e1] xmr: TrezorTxPrefixHashNotMatchingError note removed
only concerns multisig
[5af0feae] xmr: master merging commit
xmr: step 10 review
[d8e99375] xmr: step 09 review
[a510150d] travis: workaround form 6a0ea22b6eb3bdc9bce62d7c88fb8841ef8fdb0c
[03d27115] mocks: regenerate
[bd24bb35] mocks: add support for entering the global scope
[f75c1902] mocks: regenerate
[bce85968] modtrezorcrypto: define mock package
[7c077521] mocks: support package definition
[b3f1017b] xmr: step 05 and 06 masks and range proofs review
Masks are now always generated in step 5 and stored in state.
Range proofs were reviewed only in a high-level manner and will be
reviewed later.
[67f391cd] xmr: step 08 review
[673bf01f] xmr: steps 04, 05, 06 (almost) and 07 review
_range_proof in step 06 is still to be reviewed
[24c52517] xmr: simplify serialization, remove Archive
[896cdebf] xmr: redundant exception removed
[cb3813aa] xmr: serializer simplified
[471213b4] xmr: serializer flake8 fix
[9d4df17f] xmr: aescbc not needed
[52dd8b3b] xmr: serializer - erefs kicked out
[9e3be78f] xmr: sign cleanup, comments
- state cleanup, comments added, unused code removed
[164a7d6a] xmr: sign step 09 - fix in_memory artifact, dead branch
[8fa4066d] xmr: sign step 03 - permutation length check added
[55a593aa] xmr: multisig removed from protocol and functions
[6470678d] xmr: black styling
[02664401] xmr: step 03 review
[daf7b7d6] xmr: step 02 review
xmr: adding agent tests to travis
[c752866f] xmr: unused imports removed
[85115fd9] xmr: serializer test fixed
- removed unsupported messages after serialization simplification
[60874751] xmr: sign step 06 - comment on bulletproof hashing
- hash_bp(bp) != hash(serialize(bp)) because hash does not contain array lengths
[4abb5473] xmr: sign protocol - multisig logic removed
[813cb3a0] xmr: lite protocol removed
- backup left in xmr-total-full-with-lite branch
[e5f5b5bd] xmr: serialization slimming
- base types reduced, not needed for now
- some int serialization methods not used now
[fb515aaf] xmr: serialization - archive simplified
- simple parameter passing, no kwargs
- unused methods removed
- reader/writer passing removed for archive methods
[ec4c4adb] xmr: KeccakXmrArchive simplified, no archive used
- getting rid of container_size. We dont use containers with fixed size so this special case can be abandoned.
- KeccakXmrArchive is lighweight without need to touch main serialization
[90065bd4] xmr: serialization - serialize_archive removed
- custom serialization routine is not required at this moment
[b98c2f89] xmr: extra serialization refactored, manual serialization
- extra is serialized manually to reduce serialization overhead
- extra contains simple structures now:
- payment ID = already serialized manually
- tx pub key = easy to serialize manually
- tx additional pub keys = serialized manually with little effort, more efficient memory usage
[8ce28a54] xmr: state 6 - provided tx keys removed
- needed only in the multisig scenario which is pruned now
[8d827f46] xmr: PreMlsagHasher pseudo out hashing fix
[49e552da] xmr: redundant import removed
[4199943d] xmr: KeccakXmrArchive simplified
[69bbf5fa] xmr: PreMlsagHasher - KeyV import removed, comment added
[9a194fa2] xmr: step7 - manual hashing of Extra
[d8a09283] xmr: PreMlsagHasher state load/save removed
- not needed, state not serialized anymore
[d5f43fa4] xmr: serialize reimport removed
- complex types are not surviving protocol boundary anymore, no need to fix hierarchy problems due to unimporting
[3b045612] xmr: serialize - TupleType removed
[b9a56981] xmr: serialization schemes simplified
[a59dbb8d] xmr: HashWrapper removed
[d0d1f05b] xmr: step 01 cleanup and comments
[8f7a7782] xmr: isort, black, flake8 fixes
[14265eb2] xmr: getting rid of CtKey from the state
- only lightweight objects are kept in the state. CtKey is import heavy object. Each set_out call locally imports a new own version of the Ctkey which causes a memory leak.
[c0cfc203] xmr: set_out minor function call fix
[c11c4686] xmr: sign_tx unimport optimization to reduce fragmentation
[df0a1dfc] xmr: range_sig allocation reordering, large chunks first
[63cddd5f] xmr: remove misc.StdObj
[8c8e3f33] xmr: proper memory usage in workflow
[9be1e0ac] xmr: typos and renames
[87f718b5] xmr: back to flat workflow
[64751339] xmr: refactor builder to seperate steps
- lot of work to be done, but the general idea will probably stay
- the messages workflow works, but the signed tx was not accepted by
daemon, so there is a bug somewhere
- additional cleanup/refactoring is defintely needed
[14b0a851] xmr: iface modified to layout
[27d568e1] xmr: extmod refactoring
- *_into removed, replaced by generic methods
- point_add, point_sub added
- code cleanup (+1 squashed commit)
Squashed commits:
[fbe39496] monero support added
Squashed commits:
xmr: hmac/enc keys removed from builder
[41028dff] xmr: unused function removed
[358573e3] xmr: PR comments fixes
[4abf9dc9] xmr: test fixes after refactoring
[192785ad] template rebuilt
[57a1f25e] xmr: wrapper protocol messages removed
[6f40ce17] xmr: trezor-common version bump & sync
[03e71de2] xmr: check input permutation
[6fc8b0ec] xmr: code cleanup, refactoring
[85ecc151] xmr: crypto code cleanup
[20b4113c] xmr: chunked bulletproof vectors
- workaround for the heap fragmentation problems
[66786f9d] tools: enable to reset class level indentation for mocks gen
[dc6f84a9] xmr: extmod-monero comments added, for mocks
[b1d4ab11] xmr: code cleanup
[447a8625] xmr: tsx confirmation raises exception on cancellation
[00dd8f6c] xmr: protocol optimizations removed, flow unified
- in_memory optimization stored tx.vin parts in the memory which enabled to skip roundtrips with permutations and hash_vini. Optimizations was removed so the protocol flow is unified among inputs, independent of the tx specs
- many_inputs: optimization stored spending keys for UTXO in memory, now it is offloaded in the encrypted form.
[ea69c7ad] vendor: trezor-common version bump & pb sync
[5d81c2a8] xmr: manual BP serialization
- more memory effective as the memory is critical in the range proof section
[d64bda7c] xmr: range_proof C-impl deprecated
- using now partitioned implementation in Python, which is also quite fast and easier to maintain due to allocations and buffers.
[18604e0f] xmr: borromean range sig generated by partitions
- overcomes heap fragmentation problem
[65a5116b] xmr: comments removed
[ca2bd0cc] xmr: auto-generated intelliJ param comments removed
[a75ef32e] xmr: code cleanup, heap fragmentations fixes
Squashed commits:
[d2ac2eb6] xmr: addr cleanup
[7e4c1a9c] xmr: code cleanup, heap fragmentations fixes
[93af8afb] xmr: refactoring, typing, comments
[28df8662] xmr: comment fix
[8b4f4d9c] xmr: serializer test fix (+34 squashed commits)
Squashed commits:
[823ee192] xmr: crypto comment cleanup
[6debfb6b] xmr: ring_ct cleanup
[759f52bf] xmr: tsx signer code style, hintins
[0b175bc9] xmr: tsx builder external state removed
[fee4a5ad] xmr: builder state fix
[92736fa7] xmr: sign_tx unimport
[a570ecb9] xmr: misc code cleanup
[4a496bb7] xmr: hash wrapper not needed in writer
[fefdb834] xmr: signer serialization improved
[8fa6eec9] xmr: signer mem clean
[66c53fe5] xmr: isort
[6996bd90] xmr: black
[59915a85] xmr: tsx input serialization refactored
[326af131] xmr: msg dump with prefix
[6e39801d] xmr: manual serialization of tx prefix
[9e5e047a] xmr: manual serialization improvements
[d07cee60] xmr: manual serialization of txout elements
[8d56c80e] xmr: TxOut custom serialization optimized II
[c19ba122] xmr: TxOut custom serialization optimized
[ce0d9b0b] xmr: TxOut manual serialization
[44e38342] xmr: sing_tx unimport
[61ac61be] xmr: lite log trace rename
[176b4275] xmr: de-async overhaul
[89ae3bad] xmr: diag style
[5ccb2fbb] xmr: wrappers cleanup
[aa86fb19] xmr: py3 only inheritance
[8031b1b0] xmr: builder, log_trace -> mem_trace for clarity
[25bf70d7] xmr: debugging logging only in debug mode
[c7c8d3c8] xmr: iface cleanup
[b0373396] xmr: lite debug only
[b1f6ce04] xmr: diag only in debug
[de7d718b] xmr: tsx counter removed
[76729beb] xmr: tsx_sign removed
[c6e6ffa8] Merge commit 'ba500bf4ec1ef9cd953bdf5a47888c5226db8d0b' into xmr
[ee97ef9f] xmr: minor code cleanup
xmr: black
xmr: minor code cleanup
[bae3ecac] xmr: bp comments
[5e812e6f] xmr: sign - mem_trace, pydoc
[7216a8c6] xmr: pydoc removed
[e87365f4] xmr: layout cleanup
[8d21d82e] xmr: redundant constructors removed
[9aa82bed] xmr: redundant comments removed
[9b926d6c] xmr: preludes removed
[bc9e77f1] xmr: readme update
[cf62047a] xmr: aggregated bulletproofs + rsig offloading
xmr: change idx fix
xmr: iface refactoring, integrated address (+5 squashed commits)
xmr: layout pagination refactoring
xmr: addr - integrated address
pb: sync
vendor: trezor-common version bump
xmr: style fixes
xmr: handle sweep tsx correctly
- handle dummy change address correctly
xmr: integrated address generation
build: fix after trezor-crypto version bump
xmr: new protocol dispatch handlers
xmr: slip0010
[43cf4c3c] xmr: comment fix
xmr: extmod pointer aritm fix
xmr: _into api unified, result is the first parameter
xmr: bp cleanup
xmr: scalar nullity test fix
xmr: msg registration improved
- lite protocol optional
- diag protocol optional
xmr: unused imports (+33 squashed commits)
[b4d045ae] xmr: bp - noqa flake8 false positive
[2c79d4be] xmr: isort
[8b9d2835] xmr: code cleanup
[eb7496e9] xmr: iface - shorter timeouts for faster tests
[59520b63] xmr: ringct comment
[6b16088e] xmr: signer - comment fixes
[a08958e2] xmr: simple and bulletproof condition fix
[4e0289a9] vendor: trezor-common version bump
[de472e5a] xmr: black
[234d2249] xmr: lightening, fixes, KeccakXmrArchive
- builder keys
- unload mods before memory intensive operation
[abdec665] xmr: sign_tx logging
[989d8687] xmr: serialize lightening
[7d61f056] xmr: tsx sign refactoring, lightening
- wake_up state restore
- minimize import weight
[3a0daa8b] xmr: serialize thinning
[65ad1d2e] xmr: serialize thinning
[501221d5] xmr: bp - thinning
[3d980377] xmr: bp - generalization with proof_v8
[10d11d60] xmr: extended rsig - offloading protocol
[a8f5caa2] xmr: crypto - rsig params fix
[f5e130b8] xmr: crypto - inv8
[dbc3f9d8] xmr: rsig pb sync
[5748a13e] xmr: bp - data for bp4 fix (+18 squashed commits)
Squashed commits:
[5bcd54e3] xmr: bp - black
[e93e97dd] xmr: bp refactoring, large memory optimizations
- memoryview in __getitem__ requires new memory allocation so the refactored version uses to(), read() methods that can operate directly on buffers without need to create memory views.
[c30745ae] xmr: bp - black
[f5c40699] xmr: bp - tests extended
[8dae75de] xmr: bp - get_exponent optim
[3e59ff80] xmr: bp - precomputations for 4 statements
[d1d2e29c] xmr: bp - gc.collect
[1bb6b5ba] xmr: bp - optimizations, streamlining
[2a2b0cb7] xmr: bp - verification in log(MN) memory for 1 proof
- not allocating MN vectors
- sequential multiexec added for memory efficient verification
- bulletproofs: maintain -z4, -z5, and -y0 to avoid subtractions [8276d25]
- bulletproofs: merge multiexps as per sarang's new python code [acd64d2b]
[75aa7dee] xmr: bp - memory optimization
[a10d05a9] xmr: bp - deterministic mask generation init
[5060d6a7] xmr: bp optimizations
[dd69eb1b] xmr: bp - black
[19f0f64b] xmr: bp - optimizations, power key vector
[2ba63f8c] xmr: bp - minor cleanup, optimizations, scalarmultH
[31c9ca2d] xmr: bp - mem clean
[3fc2c793] xmr: bp - memory save
[5b16c9cc] bp: black
[f1040c97] xmr: crypto - memory leak fix
[ff863510] xmr: iface - flake
[6ebf69c2] xmr: lite - flake8, black
[eee55d62] xmr: bp - memory diag
[2767009b] xmr: bulletproofs upgrade, mainnet version, cleaning
[be6ebbd5] xmr: lite protocol
[d603e96d] xmr: pb sync
[5da15da9] vendor: trezor-common fix
[0373b97e] xmr: iface - output confirmation split, subaddr fix
[2cf32176] xmr: monero - subaddress fixed for index (0, 0)
[3bb8f08b] xmr: enc.aescbc added - for lite protocol (+1 squashed commit)
Squashed commits:
[011dbaab] TMP: trezor-common on master, crypto on ph4
- trezor-crypto on ph4r04 fork as it has all required stuff
- Lite protocol not merged in master, thus does not work in the PR
[795b34e1] xmr: get_address fix
[2d39c90c] xmr: bp - import fix (squashed commit)
Squashed commits:
[2d5c6cee] extmod: monero - reduce32 and ge25519_norm removed (squashed commit)
- not needed in trezor-core (+4 squashed commits)
Squashed commits:
[90e6b5c5] xmr: bp optimization
[4fda0d22] xmr: redundant ge_ functions removed
[68903767] xmr: crypto - sc_reduce32 not needed
[c8a6c807] xmr: test for inversion added (+12 squashed commits)
Squashed commits:
[378928db] xmr: adapting to new trezor-crypto
[8f4ff8c1] protob sync
[82dff70a] vendor: trezor-common version bump
[fabc67b3] extmod: monero - inversion mod curve order optimized a bit
[4f29fe4c] xmr: import fix
[f6f8e300] xmr: bp - code cleanup
[d54b4f3b] xmr: bp - memory cleaning
[1065abc3] xmr: tsx_signer - bulletproofs fixes
[9f8a700f] xmr: bp key vector iterator fix
[49c25977] xmr.serialize: bulletproof fix
[1ee77378] xmr: monero - format
[cf0a7104] xmr: bp last mask fix (+20 squashed commits)
Squashed commits:
[fa1c3623] xmr: black
[3f3e31f3] xmr: bulletproofs added to signer
[d23d9284] xmr: protocol.tsx_sign_builder - logger collects
[a28eb55f] xmr: bp - memory optimizations
[d2fcb23a] xmr: tests for bulletproofs added
[82eef146] xmr: bp - gc (+14 squashed commits)
Squashed commits:
[4cf70d97] xmr: bp - gc
[42877b05] xmr: bp - minor memory optimization
[2c612e45] xmr: bp - use sc_inv_into
[d7e9dab4] xmr: bp - KeyVEval fix
[1523f400] xmr: bp - blacked
[b264a65b] xmr: bp - KeyVEval - caching current element, avoid allocations
[83ba7a65] xmr: bp - memory view optimized
[b517906c] xmr: bp - gc() during inversion
[92d37c88] xmr: bp - gc.collect() after expensive inversion
[e7fad558] xmr: bp - hashing memory optimization
[4c278152] xmr: bp - deterministic masks optimization, prove_s1 optim
[cbf74a70] xmr: bp - detect which modular inversion is usable
[8ea1ec43] xmr: better memory tracing for bulletproofs
[2f4dd552] xmr: bulletproofs added
[1928e2d3] xmr: crypto - sc_inv_into added (+2 squashed commits)
Squashed commits:
[f895fa6e] xmr: crypto - hash to existing buffer
[b76c6b09] xmr: crypto - in-place crypto functions added
- required for Bulletproof to minimize the heap fragmentation
[cab4366e] extmod: monero - modular inversion mod curve order added (+2 squashed commits)
Squashed commits:
[52a6e487] extmod: monero - hash into buffer added
[695a3827] extmod: monero module - muladd256_modm added
- required for Bulletproof
[3f4498d7] xmr: crypto tests added
- basic unit tests for crypto, tests monero module and underlying trezor-crypto + basic address manipulation
[820d012d] pb sync
[49eeddd1] vendor: trezor-common version bump
[30382440] xmr: crypto - point norm not needed
[89701c41] tests: xmr - serializer tests added
[bfee46db] tests: support async unit tests, assertListEqual added
[55c14487] xmr: serialize - serialization logic cleaned, refactored
[4b771638] xmr: simplification, do not ask to confirm change tx output
- change address checked to match main address in the builder
[f334d8ad] xmr: protocol: simplification - require change address to equal the main address
[1a3416eb] xmr: unpack256_modm_noreduce added
- 32B array to integer mod curve order, without modular reduction after conversion
- required for bulletproofs
[1c94b5d4] xmr: readme added
[3cc9f9fa] extmod/monero: mul256_modm added, required for BP
[5cf77a4c] xmr: monero support added [for review]
depends on PRs:
https://github.com/trezor/trezor-crypto/pull/162
https://github.com/trezor/trezor-core/pull/286
2018-08-06 12:07:14 +00:00
|
|
|
|
|
|
|
/// package: trezorcrypto.monero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct _mp_obj_hasher_t {
|
|
|
|
mp_obj_base_t base;
|
|
|
|
Hasher h;
|
|
|
|
} mp_obj_hasher_t;
|
|
|
|
|
|
|
|
typedef struct _mp_obj_ge25519_t {
|
|
|
|
mp_obj_base_t base;
|
|
|
|
ge25519 p;
|
|
|
|
} mp_obj_ge25519_t;
|
|
|
|
|
|
|
|
typedef struct _mp_obj_bignum256modm_t {
|
|
|
|
mp_obj_base_t base;
|
|
|
|
bignum256modm p;
|
|
|
|
} mp_obj_bignum256modm_t;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Helpers
|
|
|
|
//
|
|
|
|
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_ge25519_type;
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_bignum256modm_type;
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_hasher_type;
|
|
|
|
|
|
|
|
#define MP_OBJ_IS_GE25519(o) MP_OBJ_IS_TYPE((o), &mod_trezorcrypto_monero_ge25519_type)
|
|
|
|
#define MP_OBJ_IS_SCALAR(o) MP_OBJ_IS_TYPE((o), &mod_trezorcrypto_monero_bignum256modm_type)
|
|
|
|
#define MP_OBJ_PTR_MPC_GE25519(o) ((const mp_obj_ge25519_t*) (o))
|
|
|
|
#define MP_OBJ_PTR_MPC_SCALAR(o) ((const mp_obj_bignum256modm_t*) (o))
|
|
|
|
#define MP_OBJ_PTR_MP_GE25519(o) ((mp_obj_ge25519_t*) (o))
|
|
|
|
#define MP_OBJ_PTR_MP_SCALAR(o) ((mp_obj_bignum256modm_t*) (o))
|
|
|
|
#define MP_OBJ_C_GE25519(o) (MP_OBJ_PTR_MPC_GE25519(o)->p)
|
|
|
|
#define MP_OBJ_GE25519(o) (MP_OBJ_PTR_MP_GE25519(o)->p)
|
|
|
|
#define MP_OBJ_C_SCALAR(o) (MP_OBJ_PTR_MPC_SCALAR(o)->p)
|
|
|
|
#define MP_OBJ_SCALAR(o) (MP_OBJ_PTR_MP_SCALAR(o)->p)
|
|
|
|
|
|
|
|
STATIC inline void assert_ge25519(const mp_obj_t o){
|
|
|
|
if (!MP_OBJ_IS_GE25519(o)){
|
|
|
|
mp_raise_ValueError("ge25519 expected");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC inline void assert_scalar(const mp_obj_t o){
|
|
|
|
if (!MP_OBJ_IS_SCALAR(o)){
|
|
|
|
mp_raise_ValueError("scalar expected");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static uint64_t mp_obj_uint64_get_checked(mp_const_obj_t self_in) {
|
|
|
|
#if MICROPY_LONGINT_IMPL != MICROPY_LONGINT_IMPL_MPZ
|
|
|
|
# error "MPZ supported only"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (MP_OBJ_IS_SMALL_INT(self_in)) {
|
|
|
|
return MP_OBJ_SMALL_INT_VALUE(self_in);
|
|
|
|
} else {
|
|
|
|
byte buff[8];
|
|
|
|
uint64_t res = 0;
|
|
|
|
mp_obj_t * o = MP_OBJ_TO_PTR(self_in);
|
|
|
|
|
|
|
|
mp_obj_int_to_bytes_impl(o, true, 8, buff);
|
|
|
|
for (int i = 0; i<8; i++){
|
|
|
|
res <<= i > 0 ? 8 : 0;
|
|
|
|
res |= (uint64_t)(buff[i] & 0xff);
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static uint64_t mp_obj_get_uint64(mp_const_obj_t arg) {
|
|
|
|
if (arg == mp_const_false) {
|
|
|
|
return 0;
|
|
|
|
} else if (arg == mp_const_true) {
|
|
|
|
return 1;
|
|
|
|
} else if (MP_OBJ_IS_SMALL_INT(arg)) {
|
|
|
|
return MP_OBJ_SMALL_INT_VALUE(arg);
|
|
|
|
} else if (MP_OBJ_IS_TYPE(arg, &mp_type_int)) {
|
|
|
|
return mp_obj_uint64_get_checked(arg);
|
|
|
|
} else {
|
|
|
|
if (MICROPY_ERROR_REPORTING == MICROPY_ERROR_REPORTING_TERSE) {
|
|
|
|
mp_raise_TypeError("can't convert to int");
|
|
|
|
} else {
|
|
|
|
nlr_raise(mp_obj_new_exception_msg_varg(&mp_type_TypeError,
|
|
|
|
"can't convert %s to int", mp_obj_get_type_str(arg)));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mp_obj_new_scalar(){
|
|
|
|
mp_obj_bignum256modm_t *o = m_new_obj(mp_obj_bignum256modm_t);
|
|
|
|
o->base.type = &mod_trezorcrypto_monero_bignum256modm_type;
|
|
|
|
set256_modm(o->p, 0);
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mp_obj_new_scalar_r(mp_obj_t r){
|
|
|
|
if (r == mp_const_none){
|
|
|
|
return mp_obj_new_scalar();
|
|
|
|
}
|
|
|
|
|
|
|
|
assert_scalar(r);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mp_obj_new_ge25519(){
|
|
|
|
mp_obj_ge25519_t *o = m_new_obj(mp_obj_ge25519_t);
|
|
|
|
o->base.type = &mod_trezorcrypto_monero_ge25519_type;
|
|
|
|
ge25519_set_neutral(&o->p);
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mp_obj_new_ge25519_r(mp_obj_t r){
|
|
|
|
if (r == mp_const_none){
|
|
|
|
return mp_obj_new_ge25519();
|
|
|
|
}
|
|
|
|
|
|
|
|
assert_ge25519(r);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC void mp_unpack_ge25519(ge25519 * r, const mp_obj_t arg, mp_int_t offset){
|
|
|
|
mp_buffer_info_t buff;
|
|
|
|
mp_get_buffer_raise(arg, &buff, MP_BUFFER_READ);
|
|
|
|
if (buff.len < 32 + offset) {
|
|
|
|
mp_raise_ValueError("Invalid length of the EC point");
|
|
|
|
}
|
|
|
|
|
|
|
|
const int res = ge25519_unpack_vartime(r, ((uint8_t*)buff.buf) + offset);
|
|
|
|
if (res != 1){
|
|
|
|
mp_raise_ValueError("Point decoding error");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC void mp_unpack_scalar(bignum256modm r, const mp_obj_t arg, mp_int_t offset){
|
|
|
|
mp_buffer_info_t buff;
|
|
|
|
mp_get_buffer_raise(arg, &buff, MP_BUFFER_READ);
|
|
|
|
if (buff.len < 32 + offset) {
|
|
|
|
mp_raise_ValueError("Invalid length of secret key");
|
|
|
|
}
|
|
|
|
expand256_modm(r, ((uint8_t*)buff.buf) + offset, 32);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Constructors
|
|
|
|
//
|
|
|
|
|
|
|
|
/// class Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// EC point on ED25519
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def __init__(x: Optional[Union[Ge25519, bytes]] = None):
|
|
|
|
/// '''
|
|
|
|
/// Constructor
|
|
|
|
/// '''
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
|
|
|
|
mp_arg_check_num(n_args, n_kw, 0, 1, false);
|
|
|
|
mp_obj_ge25519_t *o = m_new_obj(mp_obj_ge25519_t);
|
|
|
|
o->base.type = type;
|
|
|
|
|
|
|
|
if (n_args == 0 || args[0] == mp_const_none) {
|
|
|
|
ge25519_set_neutral(&o->p);
|
|
|
|
} else if (n_args == 1 && MP_OBJ_IS_GE25519(args[0])) {
|
|
|
|
ge25519_copy(&o->p, &MP_OBJ_C_GE25519(args[0]));
|
|
|
|
} else if (n_args == 1 && MP_OBJ_IS_STR_OR_BYTES(args[0])) {
|
|
|
|
mp_unpack_ge25519(&o->p, args[0], 0);
|
|
|
|
} else {
|
|
|
|
mp_raise_ValueError("Invalid ge25519 constructor");
|
|
|
|
}
|
|
|
|
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519___del__(mp_obj_t self) {
|
|
|
|
mp_obj_ge25519_t *o = MP_OBJ_TO_PTR(self);
|
|
|
|
memzero(&(o->p), sizeof(ge25519));
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_ge25519___del___obj, mod_trezorcrypto_monero_ge25519___del__);
|
|
|
|
|
|
|
|
|
|
|
|
/// class Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// EC scalar on SC25519
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def __init__(x: Optional[Union[Sc25519, bytes, int]] = None):
|
|
|
|
/// '''
|
|
|
|
/// Constructor
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
///
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_bignum256modm_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
|
|
|
|
mp_arg_check_num(n_args, n_kw, 0, 1, false);
|
|
|
|
mp_obj_bignum256modm_t *o = m_new_obj(mp_obj_bignum256modm_t);
|
|
|
|
o->base.type = type;
|
|
|
|
|
|
|
|
if (n_args == 0 || args[0] == mp_const_none) {
|
|
|
|
set256_modm(o->p, 0);
|
|
|
|
} else if (n_args == 1 && MP_OBJ_IS_SCALAR(args[0])) {
|
|
|
|
copy256_modm(o->p, MP_OBJ_C_SCALAR(args[0]));
|
|
|
|
} else if (n_args == 1 && MP_OBJ_IS_STR_OR_BYTES(args[0])) {
|
|
|
|
mp_unpack_scalar(o->p, args[0], 0);
|
|
|
|
} else if (n_args == 1 && mp_obj_is_integer(args[0])) {
|
|
|
|
uint64_t v = mp_obj_get_uint64(args[0]);
|
|
|
|
set256_modm(o->p, v);
|
|
|
|
} else {
|
|
|
|
mp_raise_ValueError("Invalid scalar constructor");
|
|
|
|
}
|
|
|
|
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_bignum256modm___del__(mp_obj_t self) {
|
|
|
|
mp_obj_bignum256modm_t *o = MP_OBJ_TO_PTR(self);
|
|
|
|
memzero(o->p, sizeof(bignum256modm));
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_bignum256modm___del___obj, mod_trezorcrypto_monero_bignum256modm___del__);
|
|
|
|
|
|
|
|
|
|
|
|
/// class Hasher:
|
|
|
|
/// '''
|
|
|
|
/// XMR hasher
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def __init__(x: Optional[bytes] = None):
|
|
|
|
/// '''
|
|
|
|
/// Constructor
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def update(buffer: bytes):
|
|
|
|
/// '''
|
|
|
|
/// Update hasher
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def digest() -> bytes:
|
|
|
|
/// '''
|
|
|
|
/// Computes digest
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
/// def copy() -> Hasher:
|
|
|
|
/// '''
|
|
|
|
/// Creates copy of the hasher, preserving the state
|
|
|
|
/// '''
|
|
|
|
///
|
|
|
|
///
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_hasher_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
|
|
|
|
mp_arg_check_num(n_args, n_kw, 0, 1, false);
|
|
|
|
mp_obj_hasher_t *o = m_new_obj(mp_obj_hasher_t);
|
|
|
|
o->base.type = type;
|
|
|
|
xmr_hasher_init(&(o->h));
|
|
|
|
|
|
|
|
if (n_args == 1 && MP_OBJ_IS_STR_OR_BYTES(args[0])) {
|
|
|
|
mp_buffer_info_t buff;
|
|
|
|
mp_get_buffer_raise(args[0], &buff, MP_BUFFER_READ);
|
|
|
|
xmr_hasher_update(&o->h, buff.buf, buff.len);
|
|
|
|
}
|
|
|
|
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_hasher___del__(mp_obj_t self) {
|
|
|
|
mp_obj_hasher_t *o = MP_OBJ_TO_PTR(self);
|
|
|
|
memzero(&(o->h), sizeof(Hasher));
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_hasher___del___obj, mod_trezorcrypto_monero_hasher___del__);
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Scalar defs
|
|
|
|
//
|
|
|
|
|
|
|
|
/// mock:global
|
|
|
|
|
|
|
|
/// def init256_modm(dst: Optional[Sc25519], val: Union[int, bytes, Sc25519]) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Initializes Sc25519 scalar
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_init256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
if (n_args == 0 || args[0] == mp_const_none) {
|
|
|
|
set256_modm(MP_OBJ_SCALAR(res), 0);
|
|
|
|
} else if (n_args > 0 && MP_OBJ_IS_SCALAR(args[1+off])) {
|
|
|
|
copy256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]));
|
|
|
|
} else if (n_args > 0 && MP_OBJ_IS_STR_OR_BYTES(args[1+off])) {
|
|
|
|
mp_unpack_scalar(MP_OBJ_SCALAR(res), args[1+off], 0);
|
|
|
|
} else if (n_args > 0 && mp_obj_is_integer(args[1+off])) {
|
|
|
|
uint64_t v = mp_obj_get_uint64(args[1+off]);
|
|
|
|
set256_modm(MP_OBJ_SCALAR(res), v);
|
|
|
|
} else {
|
|
|
|
mp_raise_ValueError("Invalid scalar def");
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_init256_modm_obj, 0, 2, mod_trezorcrypto_monero_init256_modm);
|
|
|
|
|
|
|
|
/// def check256_modm(val: Sc25519):
|
|
|
|
/// '''
|
|
|
|
/// Throws exception if scalar is invalid
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_check256_modm(const mp_obj_t arg){
|
|
|
|
assert_scalar(arg);
|
|
|
|
if (check256_modm(MP_OBJ_C_SCALAR(arg)) != 1){
|
|
|
|
mp_raise_ValueError("Ed25519 scalar invalid");
|
|
|
|
}
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_check256_modm_obj, mod_trezorcrypto_monero_check256_modm);
|
|
|
|
|
|
|
|
/// def iszero256_modm(val: Sc25519) -> bool:
|
|
|
|
/// '''
|
|
|
|
/// Returns False if the scalar is zero
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_iszero256_modm(const mp_obj_t arg){
|
|
|
|
assert_scalar(arg);
|
|
|
|
const int r = iszero256_modm(MP_OBJ_C_SCALAR(arg));
|
|
|
|
return mp_obj_new_int(r);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_iszero256_modm_obj, mod_trezorcrypto_monero_iszero256_modm);
|
|
|
|
|
|
|
|
/// def eq256_modm(a: Sc25519, b: Sc25519) -> int:
|
|
|
|
/// '''
|
|
|
|
/// Compares scalars, returns 1 on the same value
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_eq256_modm(const mp_obj_t a, const mp_obj_t b){
|
|
|
|
assert_scalar(a);
|
|
|
|
assert_scalar(b);
|
|
|
|
int r = eq256_modm(MP_OBJ_C_SCALAR(a), MP_OBJ_C_SCALAR(b));
|
|
|
|
return MP_OBJ_NEW_SMALL_INT(r);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_monero_eq256_modm_obj, mod_trezorcrypto_monero_eq256_modm);
|
|
|
|
|
|
|
|
|
|
|
|
/// def get256_modm(a: Sc25519) -> int:
|
|
|
|
/// '''
|
|
|
|
/// Extracts 64bit integer from the scalar. Raises exception if scalar is bigger than 2^64
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_get256_modm(const mp_obj_t arg){
|
|
|
|
assert_scalar(arg);
|
|
|
|
uint64_t v;
|
|
|
|
if (!get256_modm(&v, MP_OBJ_C_SCALAR(arg))){
|
|
|
|
mp_raise_ValueError("Ed25519 scalar too big");
|
|
|
|
}
|
|
|
|
return mp_obj_new_int_from_ull(v);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_get256_modm_obj, mod_trezorcrypto_monero_get256_modm);
|
|
|
|
|
|
|
|
|
|
|
|
/// def add256_modm(r: Optional[Sc25519], a: Sc25519, b: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar addition
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_add256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
add256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_add256_modm_obj, 2, 3, mod_trezorcrypto_monero_add256_modm);
|
|
|
|
|
|
|
|
/// def sub256_modm(r: Optional[Sc25519], a: Sc25519, b: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar subtraction
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_sub256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
sub256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_sub256_modm_obj, 2, 3, mod_trezorcrypto_monero_sub256_modm);
|
|
|
|
|
|
|
|
/// def mul256_modm(r: Optional[Sc25519], a: Sc25519, b: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar multiplication
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_mul256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
mul256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_mul256_modm_obj, 2, 3, mod_trezorcrypto_monero_mul256_modm);
|
|
|
|
|
|
|
|
/// def mulsub256_modm(r: Optional[Sc25519], a: Sc25519, b: Sc25519, c: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// c - a*b
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_mulsub256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
mulsub256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_mulsub256_modm_obj, 3, 4, mod_trezorcrypto_monero_mulsub256_modm);
|
|
|
|
|
|
|
|
/// def muladd256_modm(r: Optional[Sc25519], a: Sc25519, b: Sc25519, c: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// c + a*b
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_muladd256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
muladd256_modm(MP_OBJ_SCALAR(res), MP_OBJ_C_SCALAR(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_muladd256_modm_obj, 3, 4, mod_trezorcrypto_monero_muladd256_modm);
|
|
|
|
|
|
|
|
/// def inv256_modm(r: Optional[Sc25519], a: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar modular inversion
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_inv256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
|
|
|
|
// bn_prime = curve order, little endian encoded
|
|
|
|
bignum256 bn_prime = {.val={0x1cf5d3ed, 0x20498c69, 0x2f79cd65, 0x37be77a8, 0x14, 0x0, 0x0, 0x0, 0x1000}};
|
|
|
|
bignum256 bn_x;
|
|
|
|
|
|
|
|
memcpy(&bn_x.val, MP_OBJ_C_SCALAR(args[1+off]), sizeof(bignum256modm));
|
|
|
|
bn_inverse(&bn_x, &bn_prime);
|
|
|
|
memcpy(MP_OBJ_SCALAR(res), bn_x.val, sizeof(bignum256modm));
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_inv256_modm_obj, 1, 2, mod_trezorcrypto_monero_inv256_modm);
|
|
|
|
|
|
|
|
/// def pack256_modm(r: Optional[bytes], a: Sc25519, offset: Optional[int] = 0) -> bytes:
|
|
|
|
/// '''
|
|
|
|
/// Scalar compression
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_pack256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
if (n_args == 1 || args[0] == mp_const_none){
|
|
|
|
assert_scalar(args[0]);
|
|
|
|
uint8_t buff[32];
|
|
|
|
contract256_modm(buff, MP_OBJ_C_SCALAR(args[0]));
|
|
|
|
return mp_obj_new_bytes(buff, 32);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
mp_buffer_info_t bufm;
|
|
|
|
mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
if (bufm.len < 32 + offset) {
|
|
|
|
mp_raise_ValueError("Buffer too small");
|
|
|
|
}
|
|
|
|
|
|
|
|
contract256_modm(((uint8_t*)bufm.buf) + offset, MP_OBJ_C_SCALAR(args[1]));
|
|
|
|
return args[0];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_pack256_modm_obj, 1, 3, mod_trezorcrypto_monero_pack256_modm);
|
|
|
|
|
|
|
|
/// def unpack256_modm(r: Optional[Sc25519], a: bytes, offset: int = 0) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar decompression
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_unpack256_modm(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args >= 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
mp_unpack_scalar(MP_OBJ_SCALAR(res), args[1+off], offset);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_unpack256_modm_obj, 1, 3, mod_trezorcrypto_monero_unpack256_modm);
|
|
|
|
|
|
|
|
/// def unpack256_modm_noreduce(r: Optional[Sc25519], a: bytes, offset: int = 0) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Scalar decompression, raw, without modular reduction
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_unpack256_modm_noreduce(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args >= 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
|
|
|
|
mp_buffer_info_t buff;
|
|
|
|
mp_get_buffer_raise(args[1+off], &buff, MP_BUFFER_READ);
|
|
|
|
if (buff.len != 32 + offset) {
|
|
|
|
mp_raise_ValueError("Invalid length of secret key");
|
|
|
|
}
|
|
|
|
|
|
|
|
expand_raw256_modm(MP_OBJ_SCALAR(res), ((uint8_t*)buff.buf) + offset);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_unpack256_modm_noreduce_obj, 1, 3, mod_trezorcrypto_monero_unpack256_modm_noreduce);
|
|
|
|
|
|
|
|
//
|
|
|
|
// GE25519 Defs
|
|
|
|
//
|
|
|
|
|
|
|
|
/// def ge25519_set_neutral(r: Optional[Ge25519]) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// Sets neutral point
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_set_neutral(size_t n_args, const mp_obj_t *args){
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(n_args == 1 ? args[0] : mp_const_none);
|
|
|
|
ge25519_set_neutral(&MP_OBJ_GE25519(res));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_set_neutral_obj, 0, 1, mod_trezorcrypto_monero_ge25519_set_neutral);
|
|
|
|
|
|
|
|
/// def ge25519_set_xmr_h(r: Optional[Ge25519]) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// Sets H point
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_set_xmr_h(size_t n_args, const mp_obj_t *args){
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(n_args == 1 ? args[0] : mp_const_none);
|
|
|
|
ge25519_set_xmr_h(&MP_OBJ_GE25519(res));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_set_xmr_h_obj, 0, 1, mod_trezorcrypto_monero_ge25519_set_xmr_h);
|
|
|
|
|
|
|
|
/// def ge25519_check(r: Ge25519):
|
|
|
|
/// '''
|
|
|
|
/// Checks point, throws if not on curve
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_check(const mp_obj_t arg){
|
|
|
|
assert_ge25519(arg);
|
|
|
|
if (ge25519_check(&MP_OBJ_C_GE25519(arg)) != 1){
|
|
|
|
mp_raise_ValueError("Ed25519 point not on curve");
|
|
|
|
}
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_ge25519_check_obj, mod_trezorcrypto_monero_ge25519_check);
|
|
|
|
|
|
|
|
/// def ge25519_eq(a: Ge25519, b: Ge25519) -> bool:
|
|
|
|
/// '''
|
|
|
|
/// Compares EC points
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_eq(const mp_obj_t a, const mp_obj_t b){
|
|
|
|
assert_ge25519(a);
|
|
|
|
assert_ge25519(b);
|
|
|
|
int r = ge25519_eq(&MP_OBJ_C_GE25519(a), &MP_OBJ_C_GE25519(b));
|
|
|
|
return MP_OBJ_NEW_SMALL_INT(r);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_monero_ge25519_eq_obj, mod_trezorcrypto_monero_ge25519_eq);
|
|
|
|
|
|
|
|
/// def ge25519_add(r: Optional[Ge25519], a: Ge25519, b: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// Adds EC points
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_add(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_ge25519(args[2+off]);
|
|
|
|
ge25519_add(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), &MP_OBJ_C_GE25519(args[2+off]), 0);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_add_obj, 2, 3, mod_trezorcrypto_monero_ge25519_add);
|
|
|
|
|
|
|
|
/// def ge25519_sub(r: Optional[Ge25519], a: Ge25519, b: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// Subtracts EC points
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_sub(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_ge25519(args[2+off]);
|
|
|
|
ge25519_add(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), &MP_OBJ_C_GE25519(args[2+off]), 1);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_sub_obj, 2, 3, mod_trezorcrypto_monero_ge25519_sub);
|
|
|
|
|
|
|
|
/// def ge25519_double(r: Optional[Ge25519], p: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// EC point doubling
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_double(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
mp_obj_t src = res_arg ? args[1] : args[0];
|
|
|
|
assert_ge25519(src);
|
|
|
|
ge25519_double(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(src));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_double_obj, 1, 2, mod_trezorcrypto_monero_ge25519_double);
|
|
|
|
|
|
|
|
/// def ge25519_mul8(r: Optional[Ge25519], p: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// EC point * 8
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_mul8(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
mp_obj_t src = res_arg ? args[1] : args[0];
|
|
|
|
assert_ge25519(src);
|
|
|
|
ge25519_mul8(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(src));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_mul8_obj, 1, 2, mod_trezorcrypto_monero_ge25519_mul8);
|
|
|
|
|
|
|
|
/// def ge25519_double_scalarmult_vartime(r: Optional[Ge25519], p1: Ge25519, s1: Sc25519, s2: Sc25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// s1 * G + s2 * p1
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
|
|
|
|
ge25519_double_scalarmult_vartime(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]),
|
|
|
|
MP_OBJ_C_SCALAR(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime_obj, 3, 4, mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime);
|
|
|
|
|
|
|
|
/// def ge25519_double_scalarmult_vartime2(r: Optional[Ge25519], p1: Ge25519, s1: Sc25519, p2: Ge25519, s2: Sc25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// s1 * p1 + s2 * p2
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime2(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 5;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_ge25519(args[3+off]);
|
|
|
|
assert_scalar(args[4+off]);
|
|
|
|
|
|
|
|
ge25519_double_scalarmult_vartime2(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]),
|
|
|
|
&MP_OBJ_C_GE25519(args[3+off]), MP_OBJ_C_SCALAR(args[4+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime2_obj, 4, 5, mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime2);
|
|
|
|
|
|
|
|
/// def ge25519_scalarmult_base(r: Optional[Ge25519], s: Union[Sc25519, int]) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// s * G
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_scalarmult_base(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
|
|
|
|
if (MP_OBJ_IS_SCALAR(args[1+off])){
|
|
|
|
ge25519_scalarmult_base_wrapper(&MP_OBJ_GE25519(res), MP_OBJ_C_SCALAR(args[1+off]));
|
|
|
|
} else if (mp_obj_is_integer(args[1+off])){
|
|
|
|
bignum256modm mlt;
|
|
|
|
set256_modm(mlt, mp_obj_get_int(args[1+off]));
|
|
|
|
ge25519_scalarmult_base_wrapper(&MP_OBJ_GE25519(res), mlt);
|
|
|
|
} else {
|
|
|
|
mp_raise_ValueError("unknown base mult type");
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_scalarmult_base_obj, 1, 2, mod_trezorcrypto_monero_ge25519_scalarmult_base);
|
|
|
|
|
|
|
|
/// def ge25519_scalarmult(r: Optional[Ge25519], p: Ge25519, s: Union[Sc25519, int]) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// s * p
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_scalarmult(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
|
|
|
|
if (MP_OBJ_IS_SCALAR(args[2+off])){
|
|
|
|
ge25519_scalarmult(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
|
|
|
|
} else if (mp_obj_is_integer(args[2+off])){
|
|
|
|
bignum256modm mlt;
|
|
|
|
set256_modm(mlt, mp_obj_get_int(args[2+off]));
|
|
|
|
ge25519_scalarmult(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), mlt);
|
|
|
|
} else {
|
|
|
|
mp_raise_ValueError("unknown mult type");
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_scalarmult_obj, 2, 3, mod_trezorcrypto_monero_ge25519_scalarmult);
|
|
|
|
|
|
|
|
/// def ge25519_pack(r: bytes, p: Ge25519, offset: int = 0) -> bytes:
|
|
|
|
/// '''
|
|
|
|
/// Point compression
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_pack(size_t n_args, const mp_obj_t *args){
|
|
|
|
if (n_args == 1 || args[0] == mp_const_none){
|
|
|
|
assert_ge25519(args[0]);
|
|
|
|
uint8_t buff[32];
|
|
|
|
ge25519_pack(buff, &MP_OBJ_C_GE25519(args[0]));
|
|
|
|
return mp_obj_new_bytes(buff, 32);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
mp_buffer_info_t bufm;
|
|
|
|
mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
if (bufm.len < 32 + offset) {
|
|
|
|
mp_raise_ValueError("Buffer too small");
|
|
|
|
}
|
|
|
|
|
|
|
|
ge25519_pack(((uint8_t*)bufm.buf) + offset, &MP_OBJ_C_GE25519(args[1]));
|
|
|
|
return args[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_pack_obj, 1, 3, mod_trezorcrypto_monero_ge25519_pack);
|
|
|
|
|
|
|
|
/// def ge25519_unpack_vartime(r: Optional[Ge25519], buff: bytes, offset: int = 0) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// Point decompression
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_unpack_vartime(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args >= 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
mp_unpack_ge25519(&MP_OBJ_GE25519(res), args[1+off], offset);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_ge25519_unpack_vartime_obj, 1, 3, mod_trezorcrypto_monero_ge25519_unpack_vartime);
|
|
|
|
|
|
|
|
//
|
|
|
|
// XMR defs
|
|
|
|
//
|
|
|
|
|
|
|
|
/// def base58_addr_encode_check(tag: int, buff: bytes) -> bytes:
|
|
|
|
/// '''
|
|
|
|
/// Monero block base 58 encoding
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_encode_check(size_t n_args, const mp_obj_t *args){
|
|
|
|
uint8_t out[128];
|
|
|
|
mp_buffer_info_t data;
|
|
|
|
mp_get_buffer_raise(args[1], &data, MP_BUFFER_READ);
|
|
|
|
|
|
|
|
int sz = xmr_base58_addr_encode_check(mp_obj_get_int(args[0]), data.buf, data.len, (char *)out, sizeof(out));
|
|
|
|
if (sz == 0){
|
|
|
|
mp_raise_ValueError("b58 encoding error");
|
|
|
|
}
|
|
|
|
|
|
|
|
return mp_obj_new_bytes(out, sz);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_base58_addr_encode_check_obj, 2, 2, mod_trezorcrypto_monero_xmr_base58_addr_encode_check);
|
|
|
|
|
|
|
|
/// def base58_addr_decode_check(buff: bytes) -> Tuple[bytes, int]:
|
|
|
|
/// '''
|
|
|
|
/// Monero block base 58 decoding, returning (decoded, tag) or raising on error.
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_decode_check(size_t n_args, const mp_obj_t *args){
|
|
|
|
uint8_t out[128];
|
|
|
|
uint64_t tag;
|
|
|
|
|
|
|
|
mp_buffer_info_t data;
|
|
|
|
mp_get_buffer_raise(args[0], &data, MP_BUFFER_READ);
|
|
|
|
|
|
|
|
int sz = xmr_base58_addr_decode_check(data.buf, data.len, &tag, out, sizeof(out));
|
|
|
|
if (sz == 0){
|
|
|
|
mp_raise_ValueError("b58 decoding error");
|
|
|
|
}
|
|
|
|
|
|
|
|
mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(2, NULL));
|
|
|
|
tuple->items[0] = mp_obj_new_bytes(out, sz);
|
|
|
|
tuple->items[1] = mp_obj_new_int_from_ull(tag);
|
|
|
|
return MP_OBJ_FROM_PTR(tuple);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_base58_addr_decode_check_obj, 1, 1, mod_trezorcrypto_monero_xmr_base58_addr_decode_check);
|
|
|
|
|
|
|
|
/// def xmr_random_scalar(r: Optional[Sc25519] = None) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Generates a random scalar
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_random_scalar(size_t n_args, const mp_obj_t *args){
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(n_args == 1 ? args[0] : mp_const_none);
|
|
|
|
xmr_random_scalar(MP_OBJ_SCALAR(res));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_random_scalar_obj, 0, 1, mod_trezorcrypto_monero_xmr_random_scalar);
|
|
|
|
|
|
|
|
/// def xmr_fast_hash(r: Optional[bytes], buff: bytes) -> bytes:
|
|
|
|
/// '''
|
|
|
|
/// XMR fast hash
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args, const mp_obj_t *args){
|
|
|
|
const int off = n_args == 2 ? 0 : -1;
|
|
|
|
uint8_t buff[32];
|
|
|
|
uint8_t * buff_use = buff;
|
|
|
|
if (n_args > 1){
|
|
|
|
mp_buffer_info_t odata;
|
|
|
|
mp_get_buffer_raise(args[0], &odata, MP_BUFFER_WRITE);
|
|
|
|
if (odata.len < 32){
|
|
|
|
mp_raise_ValueError("Output buffer too small");
|
|
|
|
}
|
|
|
|
buff_use = odata.buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
mp_buffer_info_t data;
|
|
|
|
mp_get_buffer_raise(args[1+off], &data, MP_BUFFER_READ);
|
|
|
|
xmr_fast_hash(buff_use, data.buf, data.len);
|
|
|
|
return n_args == 2 ? args[0] : mp_obj_new_bytes(buff, 32);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_fast_hash_obj, 1, 2, mod_trezorcrypto_monero_xmr_fast_hash);
|
|
|
|
|
|
|
|
/// def xmr_hash_to_ec(r: Optional[Ge25519], buff: bytes) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// XMR hashing to EC point
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_hash_to_ec(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
mp_buffer_info_t data;
|
|
|
|
mp_get_buffer_raise(args[1+off], &data, MP_BUFFER_READ);
|
|
|
|
xmr_hash_to_ec(&MP_OBJ_GE25519(res), data.buf, data.len);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_hash_to_ec_obj, 1, 2, mod_trezorcrypto_monero_xmr_hash_to_ec);
|
|
|
|
|
|
|
|
/// def xmr_hash_to_scalar(r: Optional[Sc25519], buff: bytes) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// XMR hashing to EC scalar
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_hash_to_scalar(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 2;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
mp_buffer_info_t data;
|
|
|
|
mp_get_buffer_raise(args[1+off], &data, MP_BUFFER_READ);
|
|
|
|
xmr_hash_to_scalar(MP_OBJ_SCALAR(res), data.buf, data.len);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_hash_to_scalar_obj, 1, 2, mod_trezorcrypto_monero_xmr_hash_to_scalar);
|
|
|
|
|
|
|
|
/// def xmr_derivation_to_scalar(r: Optional[Sc25519], p: Ge25519, output_index: int) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// H_s(derivation || varint(output_index))
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_derivation_to_scalar(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
xmr_derivation_to_scalar(MP_OBJ_SCALAR(res), &MP_OBJ_C_GE25519(args[1+off]), mp_obj_get_int(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_derivation_to_scalar_obj, 2, 3, mod_trezorcrypto_monero_xmr_derivation_to_scalar);
|
|
|
|
|
|
|
|
/// def xmr_generate_key_derivation(r: Optional[Ge25519], A: Ge25519, b: Sc25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// 8*(key2*key1)
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_generate_key_derivation(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
xmr_generate_key_derivation(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), MP_OBJ_C_SCALAR(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_generate_key_derivation_obj, 2, 3, mod_trezorcrypto_monero_xmr_generate_key_derivation);
|
|
|
|
|
|
|
|
/// def xmr_derive_private_key(r: Optional[Sc25519], deriv: Ge25519, idx: int, base: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// base + H_s(derivation || varint(output_index))
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_derive_private_key(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
xmr_derive_private_key(MP_OBJ_SCALAR(res), &MP_OBJ_C_GE25519(args[1+off]), mp_obj_get_int(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_derive_private_key_obj, 3, 4, mod_trezorcrypto_monero_xmr_derive_private_key);
|
|
|
|
|
|
|
|
/// def xmr_derive_public_key(r: Optional[Ge25519], deriv: Ge25519, idx: int, base: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// H_s(derivation || varint(output_index))G + base
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_derive_public_key(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_ge25519(args[1+off]);
|
|
|
|
assert_ge25519(args[3+off]);
|
|
|
|
xmr_derive_public_key(&MP_OBJ_GE25519(res), &MP_OBJ_C_GE25519(args[1+off]), mp_obj_get_int(args[2+off]), &MP_OBJ_C_GE25519(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_derive_public_key_obj, 3, 4, mod_trezorcrypto_monero_xmr_derive_public_key);
|
|
|
|
|
|
|
|
/// def xmr_add_keys2(r: Optional[Ge25519], a: Sc25519, b: Sc25519, B: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// aG + bB, G is basepoint
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_add_keys2(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_ge25519(args[3+off]);
|
|
|
|
xmr_add_keys2(&MP_OBJ_GE25519(res), MP_OBJ_SCALAR(args[1+off]), MP_OBJ_SCALAR(args[2+off]), &MP_OBJ_C_GE25519(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_add_keys2_obj, 3, 4, mod_trezorcrypto_monero_xmr_add_keys2);
|
|
|
|
|
|
|
|
/// def xmr_add_keys2_vartime(r: Optional[Ge25519], a: Sc25519, b: Sc25519, B: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// aG + bB, G is basepoint
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_add_keys2_vartime(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_scalar(args[2+off]);
|
|
|
|
assert_ge25519(args[3+off]);
|
|
|
|
xmr_add_keys2_vartime(&MP_OBJ_GE25519(res), MP_OBJ_SCALAR(args[1+off]), MP_OBJ_SCALAR(args[2+off]), &MP_OBJ_C_GE25519(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_add_keys2_vartime_obj, 3, 4, mod_trezorcrypto_monero_xmr_add_keys2_vartime);
|
|
|
|
|
|
|
|
/// def xmr_add_keys3(r: Optional[Ge25519], a: Sc25519, A: Ge25519, b: Sc25519, B: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// aA + bB
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_add_keys3(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 5;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_ge25519(args[2+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
assert_ge25519(args[4+off]);
|
|
|
|
xmr_add_keys3(&MP_OBJ_GE25519(res),
|
|
|
|
MP_OBJ_SCALAR(args[1+off]), &MP_OBJ_C_GE25519(args[2+off]),
|
|
|
|
MP_OBJ_SCALAR(args[3+off]), &MP_OBJ_C_GE25519(args[4+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_add_keys3_obj, 4, 5, mod_trezorcrypto_monero_xmr_add_keys3);
|
|
|
|
|
|
|
|
/// def xmr_add_keys3_vartime(r: Optional[Ge25519], a: Sc25519, A: Ge25519, b: Sc25519, B: Ge25519) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// aA + bB
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_add_keys3_vartime(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 5;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
assert_ge25519(args[2+off]);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
assert_ge25519(args[4+off]);
|
|
|
|
xmr_add_keys3_vartime(&MP_OBJ_GE25519(res),
|
|
|
|
MP_OBJ_SCALAR(args[1+off]), &MP_OBJ_C_GE25519(args[2+off]),
|
|
|
|
MP_OBJ_SCALAR(args[3+off]), &MP_OBJ_C_GE25519(args[4+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_add_keys3_vartime_obj, 4, 5, mod_trezorcrypto_monero_xmr_add_keys3_vartime);
|
|
|
|
|
|
|
|
/// def xmr_get_subaddress_secret_key(r: Optional[Sc25519], major: int, minor: int, m: Sc25519) -> Sc25519:
|
|
|
|
/// '''
|
|
|
|
/// Hs(SubAddr || a || index_major || index_minor)
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_get_subaddress_secret_key(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 4;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_scalar_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[3+off]);
|
|
|
|
xmr_get_subaddress_secret_key(MP_OBJ_SCALAR(res), mp_obj_get_int(args[1+off]), mp_obj_get_int(args[2+off]), MP_OBJ_C_SCALAR(args[3+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_get_subaddress_secret_key_obj, 3, 4, mod_trezorcrypto_monero_xmr_get_subaddress_secret_key);
|
|
|
|
|
|
|
|
/// def xmr_gen_c(r: Optional[Ge25519], a: Sc25519, amount: int) -> Ge25519:
|
|
|
|
/// '''
|
|
|
|
/// aG + amount * H
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_gen_c(size_t n_args, const mp_obj_t *args){
|
|
|
|
const bool res_arg = n_args == 3;
|
|
|
|
const int off = res_arg ? 0 : -1;
|
|
|
|
mp_obj_t res = mp_obj_new_ge25519_r(res_arg ? args[0] : mp_const_none);
|
|
|
|
assert_scalar(args[1+off]);
|
|
|
|
xmr_gen_c(&MP_OBJ_GE25519(res), MP_OBJ_C_SCALAR(args[1+off]), mp_obj_get_uint64(args[2+off]));
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_xmr_gen_c_obj, 2, 3, mod_trezorcrypto_monero_xmr_gen_c);
|
|
|
|
|
|
|
|
/// def ct_equals(a: bytes, b: bytes) -> bool:
|
|
|
|
/// '''
|
|
|
|
/// Constant time buffer comparison
|
|
|
|
/// '''
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_ct_equals(const mp_obj_t a, const mp_obj_t b){
|
|
|
|
mp_buffer_info_t buff_a, buff_b;
|
|
|
|
mp_get_buffer_raise(a, &buff_a, MP_BUFFER_READ);
|
|
|
|
mp_get_buffer_raise(b, &buff_b, MP_BUFFER_READ);
|
|
|
|
|
|
|
|
if (buff_a.len != buff_b.len) {
|
|
|
|
return MP_OBJ_NEW_SMALL_INT(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int r = ed25519_verify(buff_a.buf, buff_b.buf, buff_a.len);
|
|
|
|
return MP_OBJ_NEW_SMALL_INT(r);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ct_equals_obj, mod_trezorcrypto_ct_equals);
|
|
|
|
|
|
|
|
// Hasher
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_hasher_update(mp_obj_t self, const mp_obj_t arg){
|
|
|
|
mp_obj_hasher_t *o = MP_OBJ_TO_PTR(self);
|
|
|
|
mp_buffer_info_t buff;
|
|
|
|
mp_get_buffer_raise(arg, &buff, MP_BUFFER_READ);
|
|
|
|
if (buff.len > 0) {
|
|
|
|
xmr_hasher_update(&o->h, buff.buf, buff.len);
|
|
|
|
}
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_monero_hasher_update_obj, mod_trezorcrypto_monero_hasher_update);
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_hasher_digest(size_t n_args, const mp_obj_t *args){
|
|
|
|
mp_obj_hasher_t *o = MP_OBJ_TO_PTR(args[0]);
|
|
|
|
|
|
|
|
Hasher ctx;
|
|
|
|
memcpy(&ctx, &(o->h), sizeof(Hasher));
|
|
|
|
|
|
|
|
uint8_t out[SHA3_256_DIGEST_LENGTH];
|
|
|
|
xmr_hasher_final(&ctx, out);
|
2019-01-23 16:16:46 +00:00
|
|
|
memzero(&ctx, sizeof(SHA3_CTX));
|
xmr: master merging commit
templates: build
style: correct math in comment
[260130c1] xmr: show address fix
[abd27e6c] xmr: reorganize module structure
[cd9e5a5d] xmr: simplify layout code
[a5b56f17] xmr: monero.crypto test fix
[60bc30ec] xmr: minor fixes
[f82bd9c0] xmr: use trezor.utils.ensure
[adf119ac] xmr: get rid of xmr.common module
[3531a42f] pipenv: temporary fix attempt for travis
- until pipenv bug is resolved
[d172f86f] xmr: protob messages refactored
[e83085ea] trezor-common version bump & messages regenerated
xmr: mlsag_hasher simplified
[feb5f1c6] xmr: simplify key_image_sync workflow
[d4cb0084] xmr: tiny note in README and typo
[62411cde] xmr: readme updates
[ff15b46e] xmr: rename and order mlsag functions
[3fb57dab] xmr: mlsag notes
[c27ae90b] xmr: output index check added in step6
[973c457b] xmr: grouping is mandatory
[684c7e19] xmr: range sig grouping check added
[012ca766] xmr: small refactor in borromean range proof
[1ba72b65] xmr: move range signatures to seperate file; rename mlsag2 to mlsag
[a89f3ab0] xmr: fix wrong annotation in modtrezorcrypto
[8303b42f] xmr: state's use_simple_rct and use_bulletproof modified to enums
[276712a9] xmr: re-export most of functions in apps.monero.xmr.crypto
[74165457] xmr: out_pk_masks changed to out_pk_commitments
[1e186727] xmr: state comments
[3c69a2e1] xmr: TrezorTxPrefixHashNotMatchingError note removed
only concerns multisig
[5af0feae] xmr: master merging commit
xmr: step 10 review
[d8e99375] xmr: step 09 review
[a510150d] travis: workaround form 6a0ea22b6eb3bdc9bce62d7c88fb8841ef8fdb0c
[03d27115] mocks: regenerate
[bd24bb35] mocks: add support for entering the global scope
[f75c1902] mocks: regenerate
[bce85968] modtrezorcrypto: define mock package
[7c077521] mocks: support package definition
[b3f1017b] xmr: step 05 and 06 masks and range proofs review
Masks are now always generated in step 5 and stored in state.
Range proofs were reviewed only in a high-level manner and will be
reviewed later.
[67f391cd] xmr: step 08 review
[673bf01f] xmr: steps 04, 05, 06 (almost) and 07 review
_range_proof in step 06 is still to be reviewed
[24c52517] xmr: simplify serialization, remove Archive
[896cdebf] xmr: redundant exception removed
[cb3813aa] xmr: serializer simplified
[471213b4] xmr: serializer flake8 fix
[9d4df17f] xmr: aescbc not needed
[52dd8b3b] xmr: serializer - erefs kicked out
[9e3be78f] xmr: sign cleanup, comments
- state cleanup, comments added, unused code removed
[164a7d6a] xmr: sign step 09 - fix in_memory artifact, dead branch
[8fa4066d] xmr: sign step 03 - permutation length check added
[55a593aa] xmr: multisig removed from protocol and functions
[6470678d] xmr: black styling
[02664401] xmr: step 03 review
[daf7b7d6] xmr: step 02 review
xmr: adding agent tests to travis
[c752866f] xmr: unused imports removed
[85115fd9] xmr: serializer test fixed
- removed unsupported messages after serialization simplification
[60874751] xmr: sign step 06 - comment on bulletproof hashing
- hash_bp(bp) != hash(serialize(bp)) because hash does not contain array lengths
[4abb5473] xmr: sign protocol - multisig logic removed
[813cb3a0] xmr: lite protocol removed
- backup left in xmr-total-full-with-lite branch
[e5f5b5bd] xmr: serialization slimming
- base types reduced, not needed for now
- some int serialization methods not used now
[fb515aaf] xmr: serialization - archive simplified
- simple parameter passing, no kwargs
- unused methods removed
- reader/writer passing removed for archive methods
[ec4c4adb] xmr: KeccakXmrArchive simplified, no archive used
- getting rid of container_size. We dont use containers with fixed size so this special case can be abandoned.
- KeccakXmrArchive is lighweight without need to touch main serialization
[90065bd4] xmr: serialization - serialize_archive removed
- custom serialization routine is not required at this moment
[b98c2f89] xmr: extra serialization refactored, manual serialization
- extra is serialized manually to reduce serialization overhead
- extra contains simple structures now:
- payment ID = already serialized manually
- tx pub key = easy to serialize manually
- tx additional pub keys = serialized manually with little effort, more efficient memory usage
[8ce28a54] xmr: state 6 - provided tx keys removed
- needed only in the multisig scenario which is pruned now
[8d827f46] xmr: PreMlsagHasher pseudo out hashing fix
[49e552da] xmr: redundant import removed
[4199943d] xmr: KeccakXmrArchive simplified
[69bbf5fa] xmr: PreMlsagHasher - KeyV import removed, comment added
[9a194fa2] xmr: step7 - manual hashing of Extra
[d8a09283] xmr: PreMlsagHasher state load/save removed
- not needed, state not serialized anymore
[d5f43fa4] xmr: serialize reimport removed
- complex types are not surviving protocol boundary anymore, no need to fix hierarchy problems due to unimporting
[3b045612] xmr: serialize - TupleType removed
[b9a56981] xmr: serialization schemes simplified
[a59dbb8d] xmr: HashWrapper removed
[d0d1f05b] xmr: step 01 cleanup and comments
[8f7a7782] xmr: isort, black, flake8 fixes
[14265eb2] xmr: getting rid of CtKey from the state
- only lightweight objects are kept in the state. CtKey is import heavy object. Each set_out call locally imports a new own version of the Ctkey which causes a memory leak.
[c0cfc203] xmr: set_out minor function call fix
[c11c4686] xmr: sign_tx unimport optimization to reduce fragmentation
[df0a1dfc] xmr: range_sig allocation reordering, large chunks first
[63cddd5f] xmr: remove misc.StdObj
[8c8e3f33] xmr: proper memory usage in workflow
[9be1e0ac] xmr: typos and renames
[87f718b5] xmr: back to flat workflow
[64751339] xmr: refactor builder to seperate steps
- lot of work to be done, but the general idea will probably stay
- the messages workflow works, but the signed tx was not accepted by
daemon, so there is a bug somewhere
- additional cleanup/refactoring is defintely needed
[14b0a851] xmr: iface modified to layout
[27d568e1] xmr: extmod refactoring
- *_into removed, replaced by generic methods
- point_add, point_sub added
- code cleanup (+1 squashed commit)
Squashed commits:
[fbe39496] monero support added
Squashed commits:
xmr: hmac/enc keys removed from builder
[41028dff] xmr: unused function removed
[358573e3] xmr: PR comments fixes
[4abf9dc9] xmr: test fixes after refactoring
[192785ad] template rebuilt
[57a1f25e] xmr: wrapper protocol messages removed
[6f40ce17] xmr: trezor-common version bump & sync
[03e71de2] xmr: check input permutation
[6fc8b0ec] xmr: code cleanup, refactoring
[85ecc151] xmr: crypto code cleanup
[20b4113c] xmr: chunked bulletproof vectors
- workaround for the heap fragmentation problems
[66786f9d] tools: enable to reset class level indentation for mocks gen
[dc6f84a9] xmr: extmod-monero comments added, for mocks
[b1d4ab11] xmr: code cleanup
[447a8625] xmr: tsx confirmation raises exception on cancellation
[00dd8f6c] xmr: protocol optimizations removed, flow unified
- in_memory optimization stored tx.vin parts in the memory which enabled to skip roundtrips with permutations and hash_vini. Optimizations was removed so the protocol flow is unified among inputs, independent of the tx specs
- many_inputs: optimization stored spending keys for UTXO in memory, now it is offloaded in the encrypted form.
[ea69c7ad] vendor: trezor-common version bump & pb sync
[5d81c2a8] xmr: manual BP serialization
- more memory effective as the memory is critical in the range proof section
[d64bda7c] xmr: range_proof C-impl deprecated
- using now partitioned implementation in Python, which is also quite fast and easier to maintain due to allocations and buffers.
[18604e0f] xmr: borromean range sig generated by partitions
- overcomes heap fragmentation problem
[65a5116b] xmr: comments removed
[ca2bd0cc] xmr: auto-generated intelliJ param comments removed
[a75ef32e] xmr: code cleanup, heap fragmentations fixes
Squashed commits:
[d2ac2eb6] xmr: addr cleanup
[7e4c1a9c] xmr: code cleanup, heap fragmentations fixes
[93af8afb] xmr: refactoring, typing, comments
[28df8662] xmr: comment fix
[8b4f4d9c] xmr: serializer test fix (+34 squashed commits)
Squashed commits:
[823ee192] xmr: crypto comment cleanup
[6debfb6b] xmr: ring_ct cleanup
[759f52bf] xmr: tsx signer code style, hintins
[0b175bc9] xmr: tsx builder external state removed
[fee4a5ad] xmr: builder state fix
[92736fa7] xmr: sign_tx unimport
[a570ecb9] xmr: misc code cleanup
[4a496bb7] xmr: hash wrapper not needed in writer
[fefdb834] xmr: signer serialization improved
[8fa6eec9] xmr: signer mem clean
[66c53fe5] xmr: isort
[6996bd90] xmr: black
[59915a85] xmr: tsx input serialization refactored
[326af131] xmr: msg dump with prefix
[6e39801d] xmr: manual serialization of tx prefix
[9e5e047a] xmr: manual serialization improvements
[d07cee60] xmr: manual serialization of txout elements
[8d56c80e] xmr: TxOut custom serialization optimized II
[c19ba122] xmr: TxOut custom serialization optimized
[ce0d9b0b] xmr: TxOut manual serialization
[44e38342] xmr: sing_tx unimport
[61ac61be] xmr: lite log trace rename
[176b4275] xmr: de-async overhaul
[89ae3bad] xmr: diag style
[5ccb2fbb] xmr: wrappers cleanup
[aa86fb19] xmr: py3 only inheritance
[8031b1b0] xmr: builder, log_trace -> mem_trace for clarity
[25bf70d7] xmr: debugging logging only in debug mode
[c7c8d3c8] xmr: iface cleanup
[b0373396] xmr: lite debug only
[b1f6ce04] xmr: diag only in debug
[de7d718b] xmr: tsx counter removed
[76729beb] xmr: tsx_sign removed
[c6e6ffa8] Merge commit 'ba500bf4ec1ef9cd953bdf5a47888c5226db8d0b' into xmr
[ee97ef9f] xmr: minor code cleanup
xmr: black
xmr: minor code cleanup
[bae3ecac] xmr: bp comments
[5e812e6f] xmr: sign - mem_trace, pydoc
[7216a8c6] xmr: pydoc removed
[e87365f4] xmr: layout cleanup
[8d21d82e] xmr: redundant constructors removed
[9aa82bed] xmr: redundant comments removed
[9b926d6c] xmr: preludes removed
[bc9e77f1] xmr: readme update
[cf62047a] xmr: aggregated bulletproofs + rsig offloading
xmr: change idx fix
xmr: iface refactoring, integrated address (+5 squashed commits)
xmr: layout pagination refactoring
xmr: addr - integrated address
pb: sync
vendor: trezor-common version bump
xmr: style fixes
xmr: handle sweep tsx correctly
- handle dummy change address correctly
xmr: integrated address generation
build: fix after trezor-crypto version bump
xmr: new protocol dispatch handlers
xmr: slip0010
[43cf4c3c] xmr: comment fix
xmr: extmod pointer aritm fix
xmr: _into api unified, result is the first parameter
xmr: bp cleanup
xmr: scalar nullity test fix
xmr: msg registration improved
- lite protocol optional
- diag protocol optional
xmr: unused imports (+33 squashed commits)
[b4d045ae] xmr: bp - noqa flake8 false positive
[2c79d4be] xmr: isort
[8b9d2835] xmr: code cleanup
[eb7496e9] xmr: iface - shorter timeouts for faster tests
[59520b63] xmr: ringct comment
[6b16088e] xmr: signer - comment fixes
[a08958e2] xmr: simple and bulletproof condition fix
[4e0289a9] vendor: trezor-common version bump
[de472e5a] xmr: black
[234d2249] xmr: lightening, fixes, KeccakXmrArchive
- builder keys
- unload mods before memory intensive operation
[abdec665] xmr: sign_tx logging
[989d8687] xmr: serialize lightening
[7d61f056] xmr: tsx sign refactoring, lightening
- wake_up state restore
- minimize import weight
[3a0daa8b] xmr: serialize thinning
[65ad1d2e] xmr: serialize thinning
[501221d5] xmr: bp - thinning
[3d980377] xmr: bp - generalization with proof_v8
[10d11d60] xmr: extended rsig - offloading protocol
[a8f5caa2] xmr: crypto - rsig params fix
[f5e130b8] xmr: crypto - inv8
[dbc3f9d8] xmr: rsig pb sync
[5748a13e] xmr: bp - data for bp4 fix (+18 squashed commits)
Squashed commits:
[5bcd54e3] xmr: bp - black
[e93e97dd] xmr: bp refactoring, large memory optimizations
- memoryview in __getitem__ requires new memory allocation so the refactored version uses to(), read() methods that can operate directly on buffers without need to create memory views.
[c30745ae] xmr: bp - black
[f5c40699] xmr: bp - tests extended
[8dae75de] xmr: bp - get_exponent optim
[3e59ff80] xmr: bp - precomputations for 4 statements
[d1d2e29c] xmr: bp - gc.collect
[1bb6b5ba] xmr: bp - optimizations, streamlining
[2a2b0cb7] xmr: bp - verification in log(MN) memory for 1 proof
- not allocating MN vectors
- sequential multiexec added for memory efficient verification
- bulletproofs: maintain -z4, -z5, and -y0 to avoid subtractions [8276d25]
- bulletproofs: merge multiexps as per sarang's new python code [acd64d2b]
[75aa7dee] xmr: bp - memory optimization
[a10d05a9] xmr: bp - deterministic mask generation init
[5060d6a7] xmr: bp optimizations
[dd69eb1b] xmr: bp - black
[19f0f64b] xmr: bp - optimizations, power key vector
[2ba63f8c] xmr: bp - minor cleanup, optimizations, scalarmultH
[31c9ca2d] xmr: bp - mem clean
[3fc2c793] xmr: bp - memory save
[5b16c9cc] bp: black
[f1040c97] xmr: crypto - memory leak fix
[ff863510] xmr: iface - flake
[6ebf69c2] xmr: lite - flake8, black
[eee55d62] xmr: bp - memory diag
[2767009b] xmr: bulletproofs upgrade, mainnet version, cleaning
[be6ebbd5] xmr: lite protocol
[d603e96d] xmr: pb sync
[5da15da9] vendor: trezor-common fix
[0373b97e] xmr: iface - output confirmation split, subaddr fix
[2cf32176] xmr: monero - subaddress fixed for index (0, 0)
[3bb8f08b] xmr: enc.aescbc added - for lite protocol (+1 squashed commit)
Squashed commits:
[011dbaab] TMP: trezor-common on master, crypto on ph4
- trezor-crypto on ph4r04 fork as it has all required stuff
- Lite protocol not merged in master, thus does not work in the PR
[795b34e1] xmr: get_address fix
[2d39c90c] xmr: bp - import fix (squashed commit)
Squashed commits:
[2d5c6cee] extmod: monero - reduce32 and ge25519_norm removed (squashed commit)
- not needed in trezor-core (+4 squashed commits)
Squashed commits:
[90e6b5c5] xmr: bp optimization
[4fda0d22] xmr: redundant ge_ functions removed
[68903767] xmr: crypto - sc_reduce32 not needed
[c8a6c807] xmr: test for inversion added (+12 squashed commits)
Squashed commits:
[378928db] xmr: adapting to new trezor-crypto
[8f4ff8c1] protob sync
[82dff70a] vendor: trezor-common version bump
[fabc67b3] extmod: monero - inversion mod curve order optimized a bit
[4f29fe4c] xmr: import fix
[f6f8e300] xmr: bp - code cleanup
[d54b4f3b] xmr: bp - memory cleaning
[1065abc3] xmr: tsx_signer - bulletproofs fixes
[9f8a700f] xmr: bp key vector iterator fix
[49c25977] xmr.serialize: bulletproof fix
[1ee77378] xmr: monero - format
[cf0a7104] xmr: bp last mask fix (+20 squashed commits)
Squashed commits:
[fa1c3623] xmr: black
[3f3e31f3] xmr: bulletproofs added to signer
[d23d9284] xmr: protocol.tsx_sign_builder - logger collects
[a28eb55f] xmr: bp - memory optimizations
[d2fcb23a] xmr: tests for bulletproofs added
[82eef146] xmr: bp - gc (+14 squashed commits)
Squashed commits:
[4cf70d97] xmr: bp - gc
[42877b05] xmr: bp - minor memory optimization
[2c612e45] xmr: bp - use sc_inv_into
[d7e9dab4] xmr: bp - KeyVEval fix
[1523f400] xmr: bp - blacked
[b264a65b] xmr: bp - KeyVEval - caching current element, avoid allocations
[83ba7a65] xmr: bp - memory view optimized
[b517906c] xmr: bp - gc() during inversion
[92d37c88] xmr: bp - gc.collect() after expensive inversion
[e7fad558] xmr: bp - hashing memory optimization
[4c278152] xmr: bp - deterministic masks optimization, prove_s1 optim
[cbf74a70] xmr: bp - detect which modular inversion is usable
[8ea1ec43] xmr: better memory tracing for bulletproofs
[2f4dd552] xmr: bulletproofs added
[1928e2d3] xmr: crypto - sc_inv_into added (+2 squashed commits)
Squashed commits:
[f895fa6e] xmr: crypto - hash to existing buffer
[b76c6b09] xmr: crypto - in-place crypto functions added
- required for Bulletproof to minimize the heap fragmentation
[cab4366e] extmod: monero - modular inversion mod curve order added (+2 squashed commits)
Squashed commits:
[52a6e487] extmod: monero - hash into buffer added
[695a3827] extmod: monero module - muladd256_modm added
- required for Bulletproof
[3f4498d7] xmr: crypto tests added
- basic unit tests for crypto, tests monero module and underlying trezor-crypto + basic address manipulation
[820d012d] pb sync
[49eeddd1] vendor: trezor-common version bump
[30382440] xmr: crypto - point norm not needed
[89701c41] tests: xmr - serializer tests added
[bfee46db] tests: support async unit tests, assertListEqual added
[55c14487] xmr: serialize - serialization logic cleaned, refactored
[4b771638] xmr: simplification, do not ask to confirm change tx output
- change address checked to match main address in the builder
[f334d8ad] xmr: protocol: simplification - require change address to equal the main address
[1a3416eb] xmr: unpack256_modm_noreduce added
- 32B array to integer mod curve order, without modular reduction after conversion
- required for bulletproofs
[1c94b5d4] xmr: readme added
[3cc9f9fa] extmod/monero: mul256_modm added, required for BP
[5cf77a4c] xmr: monero support added [for review]
depends on PRs:
https://github.com/trezor/trezor-crypto/pull/162
https://github.com/trezor/trezor-core/pull/286
2018-08-06 12:07:14 +00:00
|
|
|
|
|
|
|
if (n_args == 1 || args[1] == mp_const_none){
|
|
|
|
return mp_obj_new_bytes(out, sizeof(out));
|
|
|
|
|
|
|
|
} else {
|
|
|
|
mp_buffer_info_t bufm;
|
|
|
|
mp_get_buffer_raise(args[1], &bufm, MP_BUFFER_WRITE);
|
|
|
|
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
|
|
|
if (bufm.len < 32 + offset) {
|
|
|
|
mp_raise_ValueError("Buffer too small");
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy((uint8_t*)bufm.buf + offset, out, SHA3_256_DIGEST_LENGTH);
|
|
|
|
return args[1];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_monero_hasher_digest_obj, 1, 3, mod_trezorcrypto_monero_hasher_digest);
|
|
|
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_monero_hasher_copy(mp_obj_t self){
|
|
|
|
mp_obj_hasher_t *o = MP_OBJ_TO_PTR(self);
|
|
|
|
mp_obj_hasher_t *cp = m_new_obj(mp_obj_hasher_t);
|
|
|
|
cp->base.type = o->base.type;
|
|
|
|
memcpy(&(cp->h), &(o->h), sizeof(Hasher));
|
|
|
|
return MP_OBJ_FROM_PTR(o);
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_monero_hasher_copy_obj, mod_trezorcrypto_monero_hasher_copy);
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Type defs
|
|
|
|
//
|
|
|
|
|
|
|
|
STATIC const mp_rom_map_elem_t mod_trezorcrypto_monero_ge25519_locals_dict_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR___del__), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519___del___obj) },
|
|
|
|
};
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_monero_ge25519_locals_dict, mod_trezorcrypto_monero_ge25519_locals_dict_table);
|
|
|
|
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_ge25519_type = {
|
|
|
|
{ &mp_type_type },
|
|
|
|
.name = MP_QSTR_Ge25519,
|
|
|
|
.make_new = mod_trezorcrypto_monero_ge25519_make_new,
|
|
|
|
.locals_dict = (void*)&mod_trezorcrypto_monero_ge25519_locals_dict,
|
|
|
|
};
|
|
|
|
|
|
|
|
STATIC const mp_rom_map_elem_t mod_trezorcrypto_monero_bignum256modm_locals_dict_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR___del__), MP_ROM_PTR(&mod_trezorcrypto_monero_bignum256modm___del___obj) },
|
|
|
|
};
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_monero_bignum256modm_locals_dict, mod_trezorcrypto_monero_bignum256modm_locals_dict_table);
|
|
|
|
|
|
|
|
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_bignum256modm_type = {
|
|
|
|
{ &mp_type_type },
|
|
|
|
.name = MP_QSTR_Sc25519,
|
|
|
|
.make_new = mod_trezorcrypto_monero_bignum256modm_make_new,
|
|
|
|
.locals_dict = (void*)&mod_trezorcrypto_monero_bignum256modm_locals_dict,
|
|
|
|
};
|
|
|
|
|
|
|
|
STATIC const mp_rom_map_elem_t mod_trezorcrypto_monero_hasher_locals_dict_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_update), MP_ROM_PTR(&mod_trezorcrypto_monero_hasher_update_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_digest), MP_ROM_PTR(&mod_trezorcrypto_monero_hasher_digest_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_copy), MP_ROM_PTR(&mod_trezorcrypto_monero_hasher_copy_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR___del__), MP_ROM_PTR(&mod_trezorcrypto_monero_hasher___del___obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_block_size), MP_OBJ_NEW_SMALL_INT(SHA3_256_BLOCK_LENGTH) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_digest_size), MP_OBJ_NEW_SMALL_INT(SHA3_256_DIGEST_LENGTH) },
|
|
|
|
};
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_monero_hasher_locals_dict, mod_trezorcrypto_monero_hasher_locals_dict_table);
|
|
|
|
|
|
|
|
|
|
|
|
STATIC const mp_obj_type_t mod_trezorcrypto_monero_hasher_type = {
|
|
|
|
{ &mp_type_type },
|
|
|
|
.name = MP_QSTR_hasher,
|
|
|
|
.make_new = mod_trezorcrypto_monero_hasher_make_new,
|
|
|
|
.locals_dict = (void*)&mod_trezorcrypto_monero_hasher_locals_dict,
|
|
|
|
};
|
|
|
|
|
|
|
|
STATIC const mp_rom_map_elem_t mod_trezorcrypto_monero_globals_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_monero) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_init256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_init256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_check256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_check256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_iszero256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_iszero256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_eq256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_eq256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_get256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_get256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_add256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_add256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_sub256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_sub256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_mul256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_mul256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_mulsub256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_mulsub256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_muladd256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_muladd256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_inv256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_inv256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_pack256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_pack256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_unpack256_modm), MP_ROM_PTR(&mod_trezorcrypto_monero_unpack256_modm_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_unpack256_modm_noreduce), MP_ROM_PTR(&mod_trezorcrypto_monero_unpack256_modm_noreduce_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_set_neutral), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_set_neutral_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_set_h), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_set_xmr_h_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_pack), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_pack_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_unpack_vartime), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_unpack_vartime_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_check), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_check_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_eq), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_eq_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_add), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_add_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_sub), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_sub_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_double), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_double_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_mul8), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_mul8_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_double_scalarmult_vartime), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_double_scalarmult_vartime2), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_double_scalarmult_vartime2_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_scalarmult_base), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_scalarmult_base_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ge25519_scalarmult), MP_ROM_PTR(&mod_trezorcrypto_monero_ge25519_scalarmult_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_base58_addr_encode_check), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_base58_addr_encode_check_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_base58_addr_decode_check), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_base58_addr_decode_check_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_random_scalar), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_random_scalar_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_fast_hash), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_fast_hash_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_hash_to_ec), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_hash_to_ec_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_hash_to_scalar), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_hash_to_scalar_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_derivation_to_scalar), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_derivation_to_scalar_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_generate_key_derivation), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_generate_key_derivation_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_derive_private_key), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_derive_private_key_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_derive_public_key), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_derive_public_key_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_add_keys2), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_add_keys2_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_add_keys2_vartime), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_add_keys2_vartime_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_add_keys3), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_add_keys3_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_add_keys3_vartime), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_add_keys3_vartime_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_get_subaddress_secret_key), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_get_subaddress_secret_key_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_xmr_gen_c), MP_ROM_PTR(&mod_trezorcrypto_monero_xmr_gen_c_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_ct_equals), MP_ROM_PTR(&mod_trezorcrypto_ct_equals_obj) },
|
|
|
|
};
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_monero_globals, mod_trezorcrypto_monero_globals_table);
|
|
|
|
|
|
|
|
STATIC const mp_obj_module_t mod_trezorcrypto_monero_module = {
|
|
|
|
.base = { &mp_type_module },
|
|
|
|
.globals = (mp_obj_dict_t*)&mod_trezorcrypto_monero_globals,
|
|
|
|
};
|