Merge pull request #42 from Zondax/refactoring

Simplifying crypto.c
Zondax · Mar 25, 2022 · fb8d515 · fb8d515
2 parents ec1bdcf + 8dceded
commit fb8d515
Show file tree

Hide file tree

Showing 158 changed files with 1,010 additions and 510 deletions.
diff --git a/app/Makefile.version b/app/Makefile.version
@@ -1,3 +1,3 @@
 APPVERSION_M=3
 APPVERSION_N=0
-APPVERSION_P=1
+APPVERSION_P=3
diff --git a/app/rust/include/rslib.h b/app/rust/include/rslib.h
@@ -13,9 +13,7 @@ void ask_to_ak(const uint8_t *ask_ptr, uint8_t *ak_ptr);
 
 void nsk_to_nk(const uint8_t *nsk_ptr, uint8_t *nk_ptr);
 
-void get_ivk(const uint8_t *ak_ptr, const uint8_t *nk_ptr, uint8_t *ivk_ptr);
-
-void get_pkd(const uint8_t *ivk_ptr, const uint8_t *diversifier_ptr, uint8_t *pkd);
+void get_pkd(const uint8_t *seed_ptr, const uint32_t pos, const uint8_t *diversifier_ptr, uint8_t *pkd);
 
 void group_hash_from_div(const uint8_t *diversifier_ptr, uint8_t *gd);
 
@@ -25,37 +23,29 @@ void get_diversifier_fromlist(const uint8_t *diversifier_list, uint8_t *diversif
 
 bool is_valid_diversifier(const uint8_t *diversifier);
 
-void get_diversifier_list_withstartindex(const uint8_t *sk_ptr, const uint8_t *startindex, uint8_t *diversifier_list);
+void get_diversifier_list_withstartindex(const uint8_t *seed_ptr, const uint32_t pos, const uint8_t *startindex, uint8_t *diversifier_list);
 
-void get_default_diversifier_list_withstartindex(const uint8_t *sk_ptr, uint8_t *startindex, uint8_t *diversifier_list);
+void get_default_diversifier_list_withstartindex(const uint8_t *seed_ptr, const uint32_t pos, uint8_t *startindex, uint8_t *diversifier_list);
 
 void zip32_master(const uint8_t *seed_ptr, uint8_t *sk_ptr, uint8_t *dk_ptr);
 
-void zip32_child(const uint8_t *seed_ptr, uint8_t *dk, uint8_t *ask, uint8_t *nsk, const uint32_t pos);
-
-void zip32_child_ida(const uint8_t *seed_ptr, uint8_t *dk, uint8_t *ak, uint8_t *nk, const uint32_t pos);
-
 void zip32_child_ask_nsk(const uint8_t *seed_ptr, uint8_t *ask, uint8_t *nsk, const uint32_t pos);
 
+void zip32_ivk(const uint8_t *ak_ptr, uint8_t *ivk_ptr, const uint32_t pos);
+
 void zip32_ovk(const uint8_t *seed_ptr, uint8_t *ovk, const uint32_t pos);
 
-void zip32_child_proof_key(const uint8_t *seed_ptr, uint8_t *dk_ptr, uint8_t *ak_ptr, uint8_t *nsk_ptr,
-                           const uint32_t pos);
+void zip32_child_proof_key(const uint8_t *seed_ptr, uint8_t *ak_ptr, uint8_t *nsk_ptr, const uint32_t pos);
 
 //Rseed
-void rseed_get_esk(const uint8_t *input, uint8_t *output_ptr);
+void rseed_get_esk_epk(const uint8_t *seed_ptr, uint8_t *d_ptr, uint8_t *output_esk_ptr, uint8_t *output_epk_ptr);
 
 void rseed_get_rcm(const uint8_t *input, uint8_t *output_ptr);
 
-//Pedersen hash
-void pedersen_hash_73bytes(const uint8_t *input, uint8_t *output_ptr);
-
 //Commitments
-void prepare_input_notecmt(const uint64_t value, const uint8_t *gd, const uint8_t *pkd, uint8_t *output);
-
-void compute_note_commitment(uint8_t *inputptr, const uint8_t *rcmptr);
+void compute_note_commitment(uint8_t *inputptr, const uint8_t *rcmptr,const uint64_t value,const uint8_t *gd, const uint8_t *pkd);
 
-void compute_note_commitment_fullpoint(uint8_t *inputptr, const uint8_t *rcmptr);
+void compute_note_commitment_fullpoint(uint8_t *inputptr, const uint8_t *rcmptr,const uint64_t value,const uint8_t *gd, const uint8_t *pkd);
 
 void compute_value_commitment(const uint64_t value, const uint8_t *rcmptr, uint8_t *output);
 
@@ -66,15 +56,15 @@ void compute_valueBalance_commitment(const uint64_t u64, uint8_t *output);
 //Note encryption
 void blake2b_prf(uint8_t *inputptr, uint8_t *outptr);
 
-void get_epk(uint8_t *esk_ptr, uint8_t *d_ptr, uint8_t *output_ptr);
-
 void ka_to_key(uint8_t *esk_ptr, uint8_t *pkd_ptr, uint8_t *epk_ptr, uint8_t *output_ptr);
 
 void prepare_enccompact_input(uint8_t *d, uint64_t value, uint8_t *rcm, uint8_t memotype, uint8_t *output);
 
 //RedJubjub
 void random_fr(uint8_t *alpha_ptr);
 
+void randomized_secret_from_seed(uint8_t *seed_ptr, uint32_t pos, uint8_t *alpha_ptr, uint8_t *output_ptr);
+
 void randomized_secret(uint8_t *sk_ptr, uint8_t *alpha_ptr, uint8_t *output_ptr);
 
 void sk_to_pk(uint8_t *sk_ptr, uint8_t *pk_ptr);

diff --git a/app/rust/src/commitments.rs b/app/rust/src/commitments.rs
@@ -175,6 +175,35 @@ fn u64_to_bytes(value: u64) -> [u8; 32] {
     scalar
 }
 
+#[inline(never)]
+pub fn prepare_and_hash_input_commitment(
+    value: u64,
+    g_d_ptr: *const [u8; 32],
+    pkd_ptr: *const [u8; 32],
+    output_ptr: *mut [u8; 32],
+)  {
+    c_zemu_log_stack(b"prepare_and_hash_intput_for_notecommit\x00".as_ref());
+    let gd = unsafe { &*g_d_ptr };
+    let pkd = unsafe { &*pkd_ptr };
+
+    let mut prepared_msg =  [0u8; 73];
+    let mut input_hash = [0u8; 73];
+    let output_msg = unsafe { &mut *output_ptr };
+
+
+    let vbytes = write_u64_tobytes(value);
+    input_hash[0..8].copy_from_slice(&vbytes);
+
+    revert(gd, &mut input_hash[8..40]);
+    revert(pkd, &mut input_hash[40..72]);
+
+    shiftsixbits(&mut input_hash);
+    prepared_msg.copy_from_slice(&input_hash);
+
+    let h = pedersen_hash_pointbytes(&mut prepared_msg, 582);
+    output_msg.copy_from_slice(&h);
+}
+
 #[inline(never)]
 pub fn value_commitment_step1(value: u64) -> ExtendedPoint {
     c_zemu_log_stack(b"insidevaluecommitment\x00".as_ref());
@@ -254,30 +283,52 @@ pub extern "C" fn compute_nullifier(
 }
 
 #[no_mangle]
-pub extern "C" fn compute_note_commitment(input_ptr: *mut [u8; 32], rcm_ptr: *const [u8; 32]) {
+pub extern "C" fn compute_note_commitment(input_ptr: *mut [u8; 32],
+                                              rcm_ptr: *const [u8; 32],
+                                              value: u64,
+                                              g_d_ptr: *const [u8; 32],
+                                              pkd_ptr: *const [u8; 32]) {
+
+    c_zemu_log_stack(b"entry_preparenotecommit\x00".as_ref());
+
+    let gd = unsafe { &*g_d_ptr };
+    let pkd = unsafe { &*pkd_ptr };
+    let out = unsafe { &mut *input_ptr };
+
+    prepare_and_hash_input_commitment(value, gd, pkd, out);
+
     c_zemu_log_stack(b"inside_notecmt\x00".as_ref());
-    let inputhash = unsafe { &mut *input_ptr };
     let rc = unsafe { &*rcm_ptr };
-    let mut e = bytes_to_extended(*inputhash);
+    let mut e = bytes_to_extended(*out);
     let s = multiply_with_pedersenbase(rc);
     add_to_point(&mut e, &s);
 
-    inputhash.copy_from_slice(&extended_to_u_bytes(&e));
+    out.copy_from_slice(&extended_to_u_bytes(&e));
 }
 
+
 #[no_mangle]
 pub extern "C" fn compute_note_commitment_fullpoint(
     input_ptr: *mut [u8; 32],
     rcm_ptr: *const [u8; 32],
-) {
+    value: u64,
+    g_d_ptr: *const [u8; 32],
+    pkd_ptr: *const [u8; 32]) {
+    c_zemu_log_stack(b"entry_preparenotecommit_full\x00".as_ref());
+    let gd = unsafe { &*g_d_ptr };
+    let pkd = unsafe { &*pkd_ptr };
+
+    let out = unsafe { &mut *input_ptr };
+
+    prepare_and_hash_input_commitment(value, gd, pkd, out);
+
     c_zemu_log_stack(b"inside_notecmt\x00".as_ref());
-    let inputhash = unsafe { &mut *input_ptr };
     let rc = unsafe { &*rcm_ptr };
-    let mut e = bytes_to_extended(*inputhash);
+    let mut e = bytes_to_extended(*out);
     let s = multiply_with_pedersenbase(rc);
     add_to_point(&mut e, &s);
 
-    inputhash.copy_from_slice(&extended_to_bytes(&e));
+    out.copy_from_slice(&extended_to_bytes(&e));
 }
 
 #[no_mangle]
@@ -299,30 +350,6 @@ pub extern "C" fn compute_value_commitment(
     output_msg.copy_from_slice(&vcm);
 }
 
-#[no_mangle]
-pub extern "C" fn prepare_input_notecmt(
-    value: u64,
-    g_d_ptr: *const [u8; 32],
-    pkd_ptr: *const [u8; 32],
-    output_ptr: *mut [u8; 73],
-) {
-    c_zemu_log_stack(b"entry_preparenotecommit\x00".as_ref());
-    let gd = unsafe { &*g_d_ptr };
-    let pkd = unsafe { &*pkd_ptr };
-
-    let output_msg = unsafe { &mut *output_ptr };
-    let mut input_hash = [0u8; 73];
-
-    let vbytes = write_u64_tobytes(value);
-    input_hash[0..8].copy_from_slice(&vbytes);
-
-    revert(gd, &mut input_hash[8..40]);
-    revert(pkd, &mut input_hash[40..72]);
-
-    shiftsixbits(&mut input_hash);
-    output_msg.copy_from_slice(&input_hash);
-}
-
 pub fn verify_bindingsig_keys(rcmsum: &[u8; 32], valuecommitsum: &[u8; 32]) -> bool {
     let v = bytes_to_extended(*valuecommitsum);
     let r = VALUE_COMMITMENT_RANDOM_BASE.multiply_bits(rcmsum);
@@ -341,21 +368,19 @@ mod tests {
         let rcm = [0u8; 32];
         let output = [0u8; 32];
 
-        let inputhash = [0u8; 73];
-
-        prepare_input_notecmt(
+        prepare_and_hash_input_commitment(
             v,
             gd.as_ptr() as *const [u8; 32],
             pkd.as_ptr() as *const [u8; 32],
-            inputhash.as_ptr() as *mut [u8; 73],
-        );
-        pedersen_hash_73bytes(
-            inputhash.as_ptr() as *const [u8; 73],
             output.as_ptr() as *mut [u8; 32],
         );
+
         compute_note_commitment(
             output.as_ptr() as *mut [u8; 32],
             rcm.as_ptr() as *const [u8; 32],
+            v,
+            gd.as_ptr() as *const [u8; 32],
+            pkd.as_ptr() as *const [u8; 32]
         );
 
         assert_eq!(

diff --git a/app/rust/src/note_encryption.rs b/app/rust/src/note_encryption.rs
@@ -23,7 +23,7 @@ pub extern "C" fn blake2b_prf(input_ptr: *const [u8; 128], out_ptr: *mut [u8; 32
 }
 
 #[no_mangle]
-pub extern "C" fn get_epk(
+pub fn get_epk(
     esk_ptr: *const [u8; 32],
     d_ptr: *const [u8; 11],
     output_ptr: *mut [u8; 32],
@@ -36,6 +36,22 @@ pub extern "C" fn get_epk(
     output.copy_from_slice(&epk);
 }
 
+#[no_mangle]
+pub extern "C" fn rseed_get_esk_epk(rseed_ptr: *const [u8; 32],
+                                    d_ptr: *const [u8; 11],
+                                    output_esk_ptr: *mut [u8; 32],
+                                    output_epk_ptr: *mut [u8; 32]) {
+    let rseed = unsafe { &*rseed_ptr };
+//    let d = unsafe { &*d_ptr };
+    let output_esk = unsafe { &mut *output_esk_ptr };
+    let output_epk = unsafe { &mut *output_epk_ptr };
+    rseed_get_esk(rseed, output_esk);
+
+    //let epk = multwithgd(output_esk, d);
+    get_epk(output_esk,d_ptr,output_epk);
+    //output_epk.copy_from_slice(&epk);
+}
+
 #[no_mangle]
 pub extern "C" fn ka_to_key(
     esk_ptr: *const [u8; 32],

diff --git a/app/rust/src/pedersen.rs b/app/rust/src/pedersen.rs
@@ -267,15 +267,6 @@ pub fn pedersen_hash_pointbytes(m: &[u8], bitsize: u32) -> [u8; 32] {
     extended_to_bytes(&result_point)
 }
 
-//assumption here that ceil(bitsize / 8) == m.len(), so appended with zero bits to fill the bytes
-#[no_mangle]
-pub extern "C" fn pedersen_hash_73bytes(input: *const [u8; 73], output_ptr: *mut [u8; 32]) {
-    let input_msg = unsafe { &*input };
-    let output_msg = unsafe { &mut *output_ptr };
-
-    let h = pedersen_hash_pointbytes(input_msg, 582);
-    output_msg.copy_from_slice(&h);
-}
 
 #[cfg(test)]
 mod tests {
@@ -314,11 +305,10 @@ mod tests {
     #[test]
     fn test_pedersen_ledger2() {
         let msg = [0u8; 73];
-        let output = [0u8; 32];
-        pedersen_hash_73bytes(
-            msg.as_ptr() as *const [u8; 73],
-            output.as_ptr() as *mut [u8; 32],
-        );
+        let mut output = [0u8; 32];
+
+        let h = pedersen_hash_pointbytes(&msg, 582);
+        output.copy_from_slice(&h);
         assert_eq!(
             output,
             [

diff --git a/app/rust/src/redjubjub.rs b/app/rust/src/redjubjub.rs
@@ -9,6 +9,7 @@ use crate::commitments::bytes_to_extended;
 use crate::constants;
 use crate::constants::*;
 use crate::pedersen::extended_to_bytes;
+use crate::zip32::zip32_child_ask_nsk;
 
 #[inline(never)]
 pub fn h_star(a: &[u8], b: &[u8]) -> Fr {
@@ -95,6 +96,27 @@ pub extern "C" fn random_fr(alpha_ptr: *mut [u8; 32]) {
     alpha.copy_from_slice(&fr.to_bytes());
 }
 
+#[no_mangle]
+pub extern "C" fn randomized_secret_from_seed(
+    seed_ptr: *const [u8; 32],
+    pos: u32,
+    alpha_ptr: *const [u8; 32],
+    output_ptr: *mut [u8; 32],
+) {
+    c_zemu_log_stack(b"random_sk\x00".as_ref());
+    let mut ask = [0u8;32];
+    let mut nsk = [0u8;32];
+    let alpha = unsafe { &*alpha_ptr };
+    let output = unsafe { &mut *output_ptr };
+
+    zip32_child_ask_nsk(seed_ptr,&mut ask, &mut nsk, pos);
+
+    let mut skfr = Fr::from_bytes(&ask).unwrap();
+    let alphafr = Fr::from_bytes(&alpha).unwrap();
+    skfr += alphafr;
+    output.copy_from_slice(&skfr.to_bytes());
+}
+
 #[no_mangle]
 pub extern "C" fn randomized_secret(
     sk_ptr: *const [u8; 32],

diff --git a/app/rust/src/zeccrypto.rs b/app/rust/src/zeccrypto.rs
@@ -88,7 +88,7 @@ pub extern "C" fn rseed_get_rcm(rseed_ptr: *const [u8; 32], output_ptr: *mut [u8
 }
 
 #[no_mangle]
-pub extern "C" fn rseed_get_esk(rseed_ptr: *const [u8; 32], output_ptr: *mut [u8; 32]) {
+pub fn rseed_get_esk(rseed_ptr: *const [u8; 32], output_ptr: *mut [u8; 32]) {
     let rseed = unsafe { &*rseed_ptr };
     let output = unsafe { &mut *output_ptr };
     let p = rseed_generate_esk(rseed);