Clean the Monero lib for auditing (#577)
* Remove unsafe creation of dalek_ff_group::EdwardsPoint in BP+
* Rename Bulletproofs to Bulletproof, since they are a single Bulletproof
Also bifurcates prove with prove_plus, and adds a few documentation items.
* Make CLSAG signing private
Also adds a bit more documentation and does a bit more tidying.
* Remove the distribution cache
It's a notable bandwidth/performance improvement, yet it's not ready. We need a
dedicated Distribution struct which is managed by the wallet and passed in.
While we can do that now, it's not currently worth the effort.
* Tidy Borromean/MLSAG a tad
* Remove experimental feature from monero-serai
* Move amount_decryption into EncryptedAmount::decrypt
* Various RingCT doc comments
* Begin crate smashing
* Further documentation, start shoring up API boundaries of existing crates
* Document and clean clsag
* Add a dedicated send/recv CLSAG mask struct
Abstracts the types used internally.
Also moves the tests from monero-serai to monero-clsag.
* Smash out monero-bulletproofs
Removes usage of dalek-ff-group/multiexp for curve25519-dalek.
Makes compiling in the generators an optional feature.
Adds a structured batch verifier which should be notably more performant.
Documentation and clean up still necessary.
* Correct no-std builds for monero-clsag and monero-bulletproofs
* Tidy and document monero-bulletproofs
I still don't like the impl of the original Bulletproofs...
* Error if missing documentation
* Smash out MLSAG
* Smash out Borromean
* Tidy up monero-serai as a meta crate
* Smash out RPC, wallet
* Document the RPC
* Improve docs a bit
* Move Protocol to monero-wallet
* Incomplete work on using Option to remove panic cases
* Finish documenting monero-serai
* Remove TODO on reading pseudo_outs for AggregateMlsagBorromean
* Only read transactions with one Input::Gen or all Input::ToKey
Also adds a helper to fetch a transaction's prefix.
* Smash out polyseed
* Smash out seed
* Get the repo to compile again
* Smash out Monero addresses
* Document cargo features
Credit to @hinto-janai for adding such sections to their work on documenting
monero-serai in #568.
* Fix deserializing v2 miner transactions
* Rewrite monero-wallet's send code
I have yet to redo the multisig code and the builder. This should be much
cleaner, albeit slower due to redoing work.
This compiles with clippy --all-features. I have to finish the multisig/builder
for --all-targets to work (and start updating the rest of Serai).
* Add SignableTransaction Read/Write
* Restore Monero multisig TX code
* Correct invalid RPC type def in monero-rpc
* Update monero-wallet tests to compile
Some are _consistently_ failing due to the inputs we attempt to spend being too
young. I'm unsure what's up with that. Most seem to pass _consistently_,
implying it's not a random issue yet some configuration/env aspect.
* Clean and document monero-address
* Sync rest of repo with monero-serai changes
* Represent height/block number as a u32
* Diversify ViewPair/Scanner into ViewPair/GuaranteedViewPair and Scanner/GuaranteedScanner
Also cleans the Scanner impl.
* Remove non-small-order view key bound
Guaranteed addresses are in fact guaranteed even with this due to prefixing key
images causing zeroing the ECDH to not zero the shared key.
* Finish documenting monero-serai
* Correct imports for no-std
* Remove possible panic in monero-serai on systems < 32 bits
This was done by requiring the system's usize can represent a certain number.
* Restore the reserialize chain binary
* fmt, machete, GH CI
* Correct misc TODOs in monero-serai
* Have Monero test runner evaluate an Eventuality for all signed TXs
* Fix a pair of bugs in the decoy tests
Unfortunately, this test is still failing.
* Fix remaining bugs in monero-wallet tests
* Reject torsioned spend keys to ensure we can spend the outputs we scan
* Tidy inlined epee code in the RPC
* Correct the accidental swap of stagenet/testnet address bytes
* Remove unused dep from processor
* Handle Monero fee logic properly in the processor
* Document v2 TX/RCT output relation assumed when scanning
* Adjust how we mine the initial blocks due to some CI test failures
* Fix weight estimation for RctType::ClsagBulletproof TXs
* Again increase the amount of blocks we mine prior to running tests
* Correct the if check about when to mine blocks on start
Finally fixes the lack of decoy candidates failures in CI.
* Run Monero on Debian, even for internal testnets
Change made due to a segfault incurred when locally testing.
https://github.com/monero-project/monero/issues/9141 for the upstream.
* Don't attempt running tests on the verify-chain binary
Adds a minimum XMR fee to the processor and runs fmt.
* Increase minimum Monero fee in processor
I'm truly unsure why this is required right now.
* Distinguish fee from necessary_fee in monero-wallet
If there's no change, the fee is difference of the inputs to the outputs. The
prior code wouldn't check that amount is greater than or equal to the necessary
fee, and returning the would-be change amount as the fee isn't necessarily
helpful.
Now the fee is validated in such cases and the necessary fee is returned,
enabling operating off of that.
* Restore minimum Monero fee from develop
2024-07-07 10:57:18 +00:00
|
|
|
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
|
|
|
|
#![doc = include_str!("../README.md")]
|
|
|
|
#![deny(missing_docs)]
|
|
|
|
#![cfg_attr(not(feature = "std"), no_std)]
|
|
|
|
|
|
|
|
use core::fmt::{self, Write};
|
|
|
|
use std_shims::{
|
|
|
|
vec,
|
|
|
|
string::{String, ToString},
|
|
|
|
};
|
|
|
|
|
|
|
|
use zeroize::Zeroize;
|
|
|
|
|
|
|
|
use curve25519_dalek::EdwardsPoint;
|
|
|
|
|
|
|
|
use monero_io::*;
|
|
|
|
|
|
|
|
mod base58check;
|
|
|
|
use base58check::{encode_check, decode_check};
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests;
|
|
|
|
|
|
|
|
/// The address type.
|
|
|
|
///
|
|
|
|
/// The officially specified addresses are supported, along with
|
|
|
|
/// [Featured Addresses](https://gist.github.com/kayabaNerve/01c50bbc35441e0bbdcee63a9d823789).
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
|
|
pub enum AddressType {
|
|
|
|
/// A legacy address type.
|
|
|
|
Legacy,
|
|
|
|
/// A legacy address with a payment ID embedded.
|
|
|
|
LegacyIntegrated([u8; 8]),
|
|
|
|
/// A subaddress.
|
|
|
|
///
|
|
|
|
/// This is what SHOULD be used if specific functionality isn't needed.
|
|
|
|
Subaddress,
|
|
|
|
/// A featured address.
|
|
|
|
///
|
|
|
|
/// Featured Addresses are an unofficial address specification which is meant to be extensible
|
|
|
|
/// and support a variety of functionality. This functionality includes being a subaddresses AND
|
|
|
|
/// having a payment ID, along with being immune to the burning bug.
|
|
|
|
///
|
|
|
|
/// At this time, support for featured addresses is limited to this crate. There should be no
|
|
|
|
/// expectation of interoperability.
|
|
|
|
Featured {
|
|
|
|
/// If this address is a subaddress.
|
|
|
|
subaddress: bool,
|
|
|
|
/// The payment ID associated with this address.
|
|
|
|
payment_id: Option<[u8; 8]>,
|
|
|
|
/// If this address is guaranteed.
|
|
|
|
///
|
|
|
|
/// A guaranteed address is one where any outputs scanned to it are guaranteed to be spendable
|
|
|
|
/// under the hardness of various cryptographic problems (which are assumed hard). This is via
|
|
|
|
/// a modified shared-key derivation which eliminates the burning bug.
|
|
|
|
guaranteed: bool,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
impl AddressType {
|
|
|
|
/// If this address is a subaddress.
|
|
|
|
pub fn is_subaddress(&self) -> bool {
|
|
|
|
matches!(self, AddressType::Subaddress) ||
|
|
|
|
matches!(self, AddressType::Featured { subaddress: true, .. })
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The payment ID within this address.
|
|
|
|
pub fn payment_id(&self) -> Option<[u8; 8]> {
|
|
|
|
if let AddressType::LegacyIntegrated(id) = self {
|
|
|
|
Some(*id)
|
|
|
|
} else if let AddressType::Featured { payment_id, .. } = self {
|
|
|
|
*payment_id
|
|
|
|
} else {
|
|
|
|
None
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// If this address is guaranteed.
|
|
|
|
///
|
|
|
|
/// A guaranteed address is one where any outputs scanned to it are guaranteed to be spendable
|
|
|
|
/// under the hardness of various cryptographic problems (which are assumed hard). This is via
|
|
|
|
/// a modified shared-key derivation which eliminates the burning bug.
|
|
|
|
pub fn is_guaranteed(&self) -> bool {
|
|
|
|
matches!(self, AddressType::Featured { guaranteed: true, .. })
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// A subaddress index.
|
|
|
|
///
|
|
|
|
/// Subaddresses are derived from a root using a `(account, address)` tuple as an index.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
|
|
pub struct SubaddressIndex {
|
|
|
|
account: u32,
|
|
|
|
address: u32,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl SubaddressIndex {
|
|
|
|
/// Create a new SubaddressIndex.
|
|
|
|
pub const fn new(account: u32, address: u32) -> Option<SubaddressIndex> {
|
|
|
|
if (account == 0) && (address == 0) {
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
Some(SubaddressIndex { account, address })
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Get the account this subaddress index is under.
|
|
|
|
pub const fn account(&self) -> u32 {
|
|
|
|
self.account
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Get the address this subaddress index is for, within its account.
|
|
|
|
pub const fn address(&self) -> u32 {
|
|
|
|
self.address
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Bytes used as prefixes when encoding addresses.
|
|
|
|
///
|
|
|
|
/// These distinguish the address's type.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
|
|
pub struct AddressBytes {
|
|
|
|
legacy: u8,
|
|
|
|
legacy_integrated: u8,
|
|
|
|
subaddress: u8,
|
|
|
|
featured: u8,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl AddressBytes {
|
|
|
|
/// Create a new set of address bytes, one for each address type.
|
|
|
|
pub const fn new(
|
|
|
|
legacy: u8,
|
|
|
|
legacy_integrated: u8,
|
|
|
|
subaddress: u8,
|
|
|
|
featured: u8,
|
|
|
|
) -> Option<Self> {
|
|
|
|
if (legacy == legacy_integrated) || (legacy == subaddress) || (legacy == featured) {
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
if (legacy_integrated == subaddress) || (legacy_integrated == featured) {
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
if subaddress == featured {
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
Some(AddressBytes { legacy, legacy_integrated, subaddress, featured })
|
|
|
|
}
|
|
|
|
|
|
|
|
const fn to_const_generic(self) -> u32 {
|
|
|
|
((self.legacy as u32) << 24) +
|
|
|
|
((self.legacy_integrated as u32) << 16) +
|
|
|
|
((self.subaddress as u32) << 8) +
|
|
|
|
(self.featured as u32)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[allow(clippy::cast_possible_truncation)]
|
|
|
|
const fn from_const_generic(const_generic: u32) -> Self {
|
|
|
|
let legacy = (const_generic >> 24) as u8;
|
|
|
|
let legacy_integrated = ((const_generic >> 16) & (u8::MAX as u32)) as u8;
|
|
|
|
let subaddress = ((const_generic >> 8) & (u8::MAX as u32)) as u8;
|
|
|
|
let featured = (const_generic & (u8::MAX as u32)) as u8;
|
|
|
|
|
|
|
|
AddressBytes { legacy, legacy_integrated, subaddress, featured }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-07-12 06:19:21 +00:00
|
|
|
// https://github.com/monero-project/monero/blob/cc73fe71162d564ffda8e549b79a350bca53c454
|
|
|
|
// /src/cryptonote_config.h#L216-L225
|
|
|
|
// https://gist.github.com/kayabaNerve/01c50bbc35441e0bbdcee63a9d823789 for featured
|
Clean the Monero lib for auditing (#577)
* Remove unsafe creation of dalek_ff_group::EdwardsPoint in BP+
* Rename Bulletproofs to Bulletproof, since they are a single Bulletproof
Also bifurcates prove with prove_plus, and adds a few documentation items.
* Make CLSAG signing private
Also adds a bit more documentation and does a bit more tidying.
* Remove the distribution cache
It's a notable bandwidth/performance improvement, yet it's not ready. We need a
dedicated Distribution struct which is managed by the wallet and passed in.
While we can do that now, it's not currently worth the effort.
* Tidy Borromean/MLSAG a tad
* Remove experimental feature from monero-serai
* Move amount_decryption into EncryptedAmount::decrypt
* Various RingCT doc comments
* Begin crate smashing
* Further documentation, start shoring up API boundaries of existing crates
* Document and clean clsag
* Add a dedicated send/recv CLSAG mask struct
Abstracts the types used internally.
Also moves the tests from monero-serai to monero-clsag.
* Smash out monero-bulletproofs
Removes usage of dalek-ff-group/multiexp for curve25519-dalek.
Makes compiling in the generators an optional feature.
Adds a structured batch verifier which should be notably more performant.
Documentation and clean up still necessary.
* Correct no-std builds for monero-clsag and monero-bulletproofs
* Tidy and document monero-bulletproofs
I still don't like the impl of the original Bulletproofs...
* Error if missing documentation
* Smash out MLSAG
* Smash out Borromean
* Tidy up monero-serai as a meta crate
* Smash out RPC, wallet
* Document the RPC
* Improve docs a bit
* Move Protocol to monero-wallet
* Incomplete work on using Option to remove panic cases
* Finish documenting monero-serai
* Remove TODO on reading pseudo_outs for AggregateMlsagBorromean
* Only read transactions with one Input::Gen or all Input::ToKey
Also adds a helper to fetch a transaction's prefix.
* Smash out polyseed
* Smash out seed
* Get the repo to compile again
* Smash out Monero addresses
* Document cargo features
Credit to @hinto-janai for adding such sections to their work on documenting
monero-serai in #568.
* Fix deserializing v2 miner transactions
* Rewrite monero-wallet's send code
I have yet to redo the multisig code and the builder. This should be much
cleaner, albeit slower due to redoing work.
This compiles with clippy --all-features. I have to finish the multisig/builder
for --all-targets to work (and start updating the rest of Serai).
* Add SignableTransaction Read/Write
* Restore Monero multisig TX code
* Correct invalid RPC type def in monero-rpc
* Update monero-wallet tests to compile
Some are _consistently_ failing due to the inputs we attempt to spend being too
young. I'm unsure what's up with that. Most seem to pass _consistently_,
implying it's not a random issue yet some configuration/env aspect.
* Clean and document monero-address
* Sync rest of repo with monero-serai changes
* Represent height/block number as a u32
* Diversify ViewPair/Scanner into ViewPair/GuaranteedViewPair and Scanner/GuaranteedScanner
Also cleans the Scanner impl.
* Remove non-small-order view key bound
Guaranteed addresses are in fact guaranteed even with this due to prefixing key
images causing zeroing the ECDH to not zero the shared key.
* Finish documenting monero-serai
* Correct imports for no-std
* Remove possible panic in monero-serai on systems < 32 bits
This was done by requiring the system's usize can represent a certain number.
* Restore the reserialize chain binary
* fmt, machete, GH CI
* Correct misc TODOs in monero-serai
* Have Monero test runner evaluate an Eventuality for all signed TXs
* Fix a pair of bugs in the decoy tests
Unfortunately, this test is still failing.
* Fix remaining bugs in monero-wallet tests
* Reject torsioned spend keys to ensure we can spend the outputs we scan
* Tidy inlined epee code in the RPC
* Correct the accidental swap of stagenet/testnet address bytes
* Remove unused dep from processor
* Handle Monero fee logic properly in the processor
* Document v2 TX/RCT output relation assumed when scanning
* Adjust how we mine the initial blocks due to some CI test failures
* Fix weight estimation for RctType::ClsagBulletproof TXs
* Again increase the amount of blocks we mine prior to running tests
* Correct the if check about when to mine blocks on start
Finally fixes the lack of decoy candidates failures in CI.
* Run Monero on Debian, even for internal testnets
Change made due to a segfault incurred when locally testing.
https://github.com/monero-project/monero/issues/9141 for the upstream.
* Don't attempt running tests on the verify-chain binary
Adds a minimum XMR fee to the processor and runs fmt.
* Increase minimum Monero fee in processor
I'm truly unsure why this is required right now.
* Distinguish fee from necessary_fee in monero-wallet
If there's no change, the fee is difference of the inputs to the outputs. The
prior code wouldn't check that amount is greater than or equal to the necessary
fee, and returning the would-be change amount as the fee isn't necessarily
helpful.
Now the fee is validated in such cases and the necessary fee is returned,
enabling operating off of that.
* Restore minimum Monero fee from develop
2024-07-07 10:57:18 +00:00
|
|
|
const MONERO_MAINNET_BYTES: AddressBytes = match AddressBytes::new(18, 19, 42, 70) {
|
|
|
|
Some(bytes) => bytes,
|
|
|
|
None => panic!("mainnet byte constants conflicted"),
|
|
|
|
};
|
2024-07-12 06:19:21 +00:00
|
|
|
// https://github.com/monero-project/monero/blob/master/src/cryptonote_config.h#L277-L281
|
Clean the Monero lib for auditing (#577)
* Remove unsafe creation of dalek_ff_group::EdwardsPoint in BP+
* Rename Bulletproofs to Bulletproof, since they are a single Bulletproof
Also bifurcates prove with prove_plus, and adds a few documentation items.
* Make CLSAG signing private
Also adds a bit more documentation and does a bit more tidying.
* Remove the distribution cache
It's a notable bandwidth/performance improvement, yet it's not ready. We need a
dedicated Distribution struct which is managed by the wallet and passed in.
While we can do that now, it's not currently worth the effort.
* Tidy Borromean/MLSAG a tad
* Remove experimental feature from monero-serai
* Move amount_decryption into EncryptedAmount::decrypt
* Various RingCT doc comments
* Begin crate smashing
* Further documentation, start shoring up API boundaries of existing crates
* Document and clean clsag
* Add a dedicated send/recv CLSAG mask struct
Abstracts the types used internally.
Also moves the tests from monero-serai to monero-clsag.
* Smash out monero-bulletproofs
Removes usage of dalek-ff-group/multiexp for curve25519-dalek.
Makes compiling in the generators an optional feature.
Adds a structured batch verifier which should be notably more performant.
Documentation and clean up still necessary.
* Correct no-std builds for monero-clsag and monero-bulletproofs
* Tidy and document monero-bulletproofs
I still don't like the impl of the original Bulletproofs...
* Error if missing documentation
* Smash out MLSAG
* Smash out Borromean
* Tidy up monero-serai as a meta crate
* Smash out RPC, wallet
* Document the RPC
* Improve docs a bit
* Move Protocol to monero-wallet
* Incomplete work on using Option to remove panic cases
* Finish documenting monero-serai
* Remove TODO on reading pseudo_outs for AggregateMlsagBorromean
* Only read transactions with one Input::Gen or all Input::ToKey
Also adds a helper to fetch a transaction's prefix.
* Smash out polyseed
* Smash out seed
* Get the repo to compile again
* Smash out Monero addresses
* Document cargo features
Credit to @hinto-janai for adding such sections to their work on documenting
monero-serai in #568.
* Fix deserializing v2 miner transactions
* Rewrite monero-wallet's send code
I have yet to redo the multisig code and the builder. This should be much
cleaner, albeit slower due to redoing work.
This compiles with clippy --all-features. I have to finish the multisig/builder
for --all-targets to work (and start updating the rest of Serai).
* Add SignableTransaction Read/Write
* Restore Monero multisig TX code
* Correct invalid RPC type def in monero-rpc
* Update monero-wallet tests to compile
Some are _consistently_ failing due to the inputs we attempt to spend being too
young. I'm unsure what's up with that. Most seem to pass _consistently_,
implying it's not a random issue yet some configuration/env aspect.
* Clean and document monero-address
* Sync rest of repo with monero-serai changes
* Represent height/block number as a u32
* Diversify ViewPair/Scanner into ViewPair/GuaranteedViewPair and Scanner/GuaranteedScanner
Also cleans the Scanner impl.
* Remove non-small-order view key bound
Guaranteed addresses are in fact guaranteed even with this due to prefixing key
images causing zeroing the ECDH to not zero the shared key.
* Finish documenting monero-serai
* Correct imports for no-std
* Remove possible panic in monero-serai on systems < 32 bits
This was done by requiring the system's usize can represent a certain number.
* Restore the reserialize chain binary
* fmt, machete, GH CI
* Correct misc TODOs in monero-serai
* Have Monero test runner evaluate an Eventuality for all signed TXs
* Fix a pair of bugs in the decoy tests
Unfortunately, this test is still failing.
* Fix remaining bugs in monero-wallet tests
* Reject torsioned spend keys to ensure we can spend the outputs we scan
* Tidy inlined epee code in the RPC
* Correct the accidental swap of stagenet/testnet address bytes
* Remove unused dep from processor
* Handle Monero fee logic properly in the processor
* Document v2 TX/RCT output relation assumed when scanning
* Adjust how we mine the initial blocks due to some CI test failures
* Fix weight estimation for RctType::ClsagBulletproof TXs
* Again increase the amount of blocks we mine prior to running tests
* Correct the if check about when to mine blocks on start
Finally fixes the lack of decoy candidates failures in CI.
* Run Monero on Debian, even for internal testnets
Change made due to a segfault incurred when locally testing.
https://github.com/monero-project/monero/issues/9141 for the upstream.
* Don't attempt running tests on the verify-chain binary
Adds a minimum XMR fee to the processor and runs fmt.
* Increase minimum Monero fee in processor
I'm truly unsure why this is required right now.
* Distinguish fee from necessary_fee in monero-wallet
If there's no change, the fee is difference of the inputs to the outputs. The
prior code wouldn't check that amount is greater than or equal to the necessary
fee, and returning the would-be change amount as the fee isn't necessarily
helpful.
Now the fee is validated in such cases and the necessary fee is returned,
enabling operating off of that.
* Restore minimum Monero fee from develop
2024-07-07 10:57:18 +00:00
|
|
|
const MONERO_STAGENET_BYTES: AddressBytes = match AddressBytes::new(24, 25, 36, 86) {
|
|
|
|
Some(bytes) => bytes,
|
|
|
|
None => panic!("stagenet byte constants conflicted"),
|
|
|
|
};
|
2024-07-12 06:19:21 +00:00
|
|
|
// https://github.com/monero-project/monero/blob/master/src/cryptonote_config.h#L262-L266
|
Clean the Monero lib for auditing (#577)
* Remove unsafe creation of dalek_ff_group::EdwardsPoint in BP+
* Rename Bulletproofs to Bulletproof, since they are a single Bulletproof
Also bifurcates prove with prove_plus, and adds a few documentation items.
* Make CLSAG signing private
Also adds a bit more documentation and does a bit more tidying.
* Remove the distribution cache
It's a notable bandwidth/performance improvement, yet it's not ready. We need a
dedicated Distribution struct which is managed by the wallet and passed in.
While we can do that now, it's not currently worth the effort.
* Tidy Borromean/MLSAG a tad
* Remove experimental feature from monero-serai
* Move amount_decryption into EncryptedAmount::decrypt
* Various RingCT doc comments
* Begin crate smashing
* Further documentation, start shoring up API boundaries of existing crates
* Document and clean clsag
* Add a dedicated send/recv CLSAG mask struct
Abstracts the types used internally.
Also moves the tests from monero-serai to monero-clsag.
* Smash out monero-bulletproofs
Removes usage of dalek-ff-group/multiexp for curve25519-dalek.
Makes compiling in the generators an optional feature.
Adds a structured batch verifier which should be notably more performant.
Documentation and clean up still necessary.
* Correct no-std builds for monero-clsag and monero-bulletproofs
* Tidy and document monero-bulletproofs
I still don't like the impl of the original Bulletproofs...
* Error if missing documentation
* Smash out MLSAG
* Smash out Borromean
* Tidy up monero-serai as a meta crate
* Smash out RPC, wallet
* Document the RPC
* Improve docs a bit
* Move Protocol to monero-wallet
* Incomplete work on using Option to remove panic cases
* Finish documenting monero-serai
* Remove TODO on reading pseudo_outs for AggregateMlsagBorromean
* Only read transactions with one Input::Gen or all Input::ToKey
Also adds a helper to fetch a transaction's prefix.
* Smash out polyseed
* Smash out seed
* Get the repo to compile again
* Smash out Monero addresses
* Document cargo features
Credit to @hinto-janai for adding such sections to their work on documenting
monero-serai in #568.
* Fix deserializing v2 miner transactions
* Rewrite monero-wallet's send code
I have yet to redo the multisig code and the builder. This should be much
cleaner, albeit slower due to redoing work.
This compiles with clippy --all-features. I have to finish the multisig/builder
for --all-targets to work (and start updating the rest of Serai).
* Add SignableTransaction Read/Write
* Restore Monero multisig TX code
* Correct invalid RPC type def in monero-rpc
* Update monero-wallet tests to compile
Some are _consistently_ failing due to the inputs we attempt to spend being too
young. I'm unsure what's up with that. Most seem to pass _consistently_,
implying it's not a random issue yet some configuration/env aspect.
* Clean and document monero-address
* Sync rest of repo with monero-serai changes
* Represent height/block number as a u32
* Diversify ViewPair/Scanner into ViewPair/GuaranteedViewPair and Scanner/GuaranteedScanner
Also cleans the Scanner impl.
* Remove non-small-order view key bound
Guaranteed addresses are in fact guaranteed even with this due to prefixing key
images causing zeroing the ECDH to not zero the shared key.
* Finish documenting monero-serai
* Correct imports for no-std
* Remove possible panic in monero-serai on systems < 32 bits
This was done by requiring the system's usize can represent a certain number.
* Restore the reserialize chain binary
* fmt, machete, GH CI
* Correct misc TODOs in monero-serai
* Have Monero test runner evaluate an Eventuality for all signed TXs
* Fix a pair of bugs in the decoy tests
Unfortunately, this test is still failing.
* Fix remaining bugs in monero-wallet tests
* Reject torsioned spend keys to ensure we can spend the outputs we scan
* Tidy inlined epee code in the RPC
* Correct the accidental swap of stagenet/testnet address bytes
* Remove unused dep from processor
* Handle Monero fee logic properly in the processor
* Document v2 TX/RCT output relation assumed when scanning
* Adjust how we mine the initial blocks due to some CI test failures
* Fix weight estimation for RctType::ClsagBulletproof TXs
* Again increase the amount of blocks we mine prior to running tests
* Correct the if check about when to mine blocks on start
Finally fixes the lack of decoy candidates failures in CI.
* Run Monero on Debian, even for internal testnets
Change made due to a segfault incurred when locally testing.
https://github.com/monero-project/monero/issues/9141 for the upstream.
* Don't attempt running tests on the verify-chain binary
Adds a minimum XMR fee to the processor and runs fmt.
* Increase minimum Monero fee in processor
I'm truly unsure why this is required right now.
* Distinguish fee from necessary_fee in monero-wallet
If there's no change, the fee is difference of the inputs to the outputs. The
prior code wouldn't check that amount is greater than or equal to the necessary
fee, and returning the would-be change amount as the fee isn't necessarily
helpful.
Now the fee is validated in such cases and the necessary fee is returned,
enabling operating off of that.
* Restore minimum Monero fee from develop
2024-07-07 10:57:18 +00:00
|
|
|
const MONERO_TESTNET_BYTES: AddressBytes = match AddressBytes::new(53, 54, 63, 111) {
|
|
|
|
Some(bytes) => bytes,
|
|
|
|
None => panic!("testnet byte constants conflicted"),
|
|
|
|
};
|
|
|
|
|
|
|
|
/// The network this address is for.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
|
|
pub enum Network {
|
|
|
|
/// A mainnet address.
|
|
|
|
Mainnet,
|
|
|
|
/// A stagenet address.
|
|
|
|
///
|
|
|
|
/// Stagenet maintains parity with mainnet and is useful for testing integrations accordingly.
|
|
|
|
Stagenet,
|
|
|
|
/// A testnet address.
|
|
|
|
///
|
|
|
|
/// Testnet is used to test new consensus rules and functionality.
|
|
|
|
Testnet,
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Errors when decoding an address.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
|
|
|
|
#[cfg_attr(feature = "std", derive(thiserror::Error))]
|
|
|
|
pub enum AddressError {
|
|
|
|
/// The address had an invalid (network, type) byte.
|
|
|
|
#[cfg_attr(feature = "std", error("invalid byte for the address's network/type ({0})"))]
|
|
|
|
InvalidTypeByte(u8),
|
|
|
|
/// The address wasn't a valid Base58Check (as defined by Monero) string.
|
|
|
|
#[cfg_attr(feature = "std", error("invalid address encoding"))]
|
|
|
|
InvalidEncoding,
|
|
|
|
/// The data encoded wasn't the proper length.
|
|
|
|
#[cfg_attr(feature = "std", error("invalid length"))]
|
|
|
|
InvalidLength,
|
|
|
|
/// The address had an invalid key.
|
|
|
|
#[cfg_attr(feature = "std", error("invalid key"))]
|
|
|
|
InvalidKey,
|
|
|
|
/// The address was featured with unrecognized features.
|
|
|
|
#[cfg_attr(feature = "std", error("unknown features"))]
|
|
|
|
UnknownFeatures(u64),
|
|
|
|
/// The network was for a different network than expected.
|
|
|
|
#[cfg_attr(
|
|
|
|
feature = "std",
|
|
|
|
error("different network ({actual:?}) than expected ({expected:?})")
|
|
|
|
)]
|
|
|
|
DifferentNetwork {
|
|
|
|
/// The Network expected.
|
|
|
|
expected: Network,
|
|
|
|
/// The Network embedded within the Address.
|
|
|
|
actual: Network,
|
|
|
|
},
|
|
|
|
/// The view key was of small order despite being in a guaranteed address.
|
|
|
|
#[cfg_attr(feature = "std", error("small-order view key in guaranteed address"))]
|
|
|
|
SmallOrderView,
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Bytes used as prefixes when encoding addresses, variable to the network instance.
|
|
|
|
///
|
|
|
|
/// These distinguish the address's network and type.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
|
|
pub struct NetworkedAddressBytes {
|
|
|
|
mainnet: AddressBytes,
|
|
|
|
stagenet: AddressBytes,
|
|
|
|
testnet: AddressBytes,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl NetworkedAddressBytes {
|
|
|
|
/// Create a new set of address bytes, one for each network.
|
|
|
|
pub const fn new(
|
|
|
|
mainnet: AddressBytes,
|
|
|
|
stagenet: AddressBytes,
|
|
|
|
testnet: AddressBytes,
|
|
|
|
) -> Option<Self> {
|
|
|
|
let res = NetworkedAddressBytes { mainnet, stagenet, testnet };
|
|
|
|
let all_bytes = res.to_const_generic();
|
|
|
|
|
|
|
|
let mut i = 0;
|
|
|
|
while i < 12 {
|
|
|
|
let this_byte = (all_bytes >> (32 + (i * 8))) & (u8::MAX as u128);
|
|
|
|
|
|
|
|
let mut j = 0;
|
|
|
|
while j < 12 {
|
|
|
|
if i == j {
|
|
|
|
j += 1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
let other_byte = (all_bytes >> (32 + (j * 8))) & (u8::MAX as u128);
|
|
|
|
if this_byte == other_byte {
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
|
|
|
|
j += 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
i += 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
Some(res)
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Convert this set of address bytes to its representation as a u128.
|
|
|
|
///
|
|
|
|
/// We cannot use this struct directly as a const generic unfortunately.
|
|
|
|
pub const fn to_const_generic(self) -> u128 {
|
|
|
|
((self.mainnet.to_const_generic() as u128) << 96) +
|
|
|
|
((self.stagenet.to_const_generic() as u128) << 64) +
|
|
|
|
((self.testnet.to_const_generic() as u128) << 32)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[allow(clippy::cast_possible_truncation)]
|
|
|
|
const fn from_const_generic(const_generic: u128) -> Self {
|
|
|
|
let mainnet = AddressBytes::from_const_generic((const_generic >> 96) as u32);
|
|
|
|
let stagenet =
|
|
|
|
AddressBytes::from_const_generic(((const_generic >> 64) & (u32::MAX as u128)) as u32);
|
|
|
|
let testnet =
|
|
|
|
AddressBytes::from_const_generic(((const_generic >> 32) & (u32::MAX as u128)) as u32);
|
|
|
|
|
|
|
|
NetworkedAddressBytes { mainnet, stagenet, testnet }
|
|
|
|
}
|
|
|
|
|
|
|
|
fn network(&self, network: Network) -> &AddressBytes {
|
|
|
|
match network {
|
|
|
|
Network::Mainnet => &self.mainnet,
|
|
|
|
Network::Stagenet => &self.stagenet,
|
|
|
|
Network::Testnet => &self.testnet,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn byte(&self, network: Network, kind: AddressType) -> u8 {
|
|
|
|
let address_bytes = self.network(network);
|
|
|
|
|
|
|
|
match kind {
|
|
|
|
AddressType::Legacy => address_bytes.legacy,
|
|
|
|
AddressType::LegacyIntegrated(_) => address_bytes.legacy_integrated,
|
|
|
|
AddressType::Subaddress => address_bytes.subaddress,
|
|
|
|
AddressType::Featured { .. } => address_bytes.featured,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// This will return an incomplete AddressType for LegacyIntegrated/Featured.
|
|
|
|
fn metadata_from_byte(&self, byte: u8) -> Result<(Network, AddressType), AddressError> {
|
|
|
|
let mut meta = None;
|
|
|
|
for network in [Network::Mainnet, Network::Testnet, Network::Stagenet] {
|
|
|
|
let address_bytes = self.network(network);
|
|
|
|
if let Some(kind) = match byte {
|
|
|
|
_ if byte == address_bytes.legacy => Some(AddressType::Legacy),
|
|
|
|
_ if byte == address_bytes.legacy_integrated => Some(AddressType::LegacyIntegrated([0; 8])),
|
|
|
|
_ if byte == address_bytes.subaddress => Some(AddressType::Subaddress),
|
|
|
|
_ if byte == address_bytes.featured => {
|
|
|
|
Some(AddressType::Featured { subaddress: false, payment_id: None, guaranteed: false })
|
|
|
|
}
|
|
|
|
_ => None,
|
|
|
|
} {
|
|
|
|
meta = Some((network, kind));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
meta.ok_or(AddressError::InvalidTypeByte(byte))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The bytes used for distinguishing Monero addresses.
|
|
|
|
pub const MONERO_BYTES: NetworkedAddressBytes = match NetworkedAddressBytes::new(
|
|
|
|
MONERO_MAINNET_BYTES,
|
|
|
|
MONERO_STAGENET_BYTES,
|
|
|
|
MONERO_TESTNET_BYTES,
|
|
|
|
) {
|
|
|
|
Some(bytes) => bytes,
|
|
|
|
None => panic!("Monero network byte constants conflicted"),
|
|
|
|
};
|
|
|
|
|
|
|
|
/// A Monero address.
|
|
|
|
#[derive(Clone, Copy, PartialEq, Eq, Zeroize)]
|
|
|
|
pub struct Address<const ADDRESS_BYTES: u128> {
|
|
|
|
network: Network,
|
|
|
|
kind: AddressType,
|
|
|
|
spend: EdwardsPoint,
|
|
|
|
view: EdwardsPoint,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<const ADDRESS_BYTES: u128> fmt::Debug for Address<ADDRESS_BYTES> {
|
|
|
|
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
|
|
|
|
let hex = |bytes: &[u8]| -> String {
|
|
|
|
let mut res = String::with_capacity(2 + (2 * bytes.len()));
|
|
|
|
res.push_str("0x");
|
|
|
|
for b in bytes {
|
|
|
|
write!(&mut res, "{b:02x}").unwrap();
|
|
|
|
}
|
|
|
|
res
|
|
|
|
};
|
|
|
|
|
|
|
|
fmt
|
|
|
|
.debug_struct("Address")
|
|
|
|
.field("network", &self.network)
|
|
|
|
.field("kind", &self.kind)
|
|
|
|
.field("spend", &hex(&self.spend.compress().to_bytes()))
|
|
|
|
.field("view", &hex(&self.view.compress().to_bytes()))
|
|
|
|
// This is not a real field yet is the most valuable thing to know when debugging
|
|
|
|
.field("(address)", &self.to_string())
|
|
|
|
.finish()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<const ADDRESS_BYTES: u128> fmt::Display for Address<ADDRESS_BYTES> {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
let address_bytes: NetworkedAddressBytes =
|
|
|
|
NetworkedAddressBytes::from_const_generic(ADDRESS_BYTES);
|
|
|
|
|
|
|
|
let mut data = vec![address_bytes.byte(self.network, self.kind)];
|
|
|
|
data.extend(self.spend.compress().to_bytes());
|
|
|
|
data.extend(self.view.compress().to_bytes());
|
|
|
|
if let AddressType::Featured { subaddress, payment_id, guaranteed } = self.kind {
|
|
|
|
let features_uint =
|
|
|
|
(u8::from(guaranteed) << 2) + (u8::from(payment_id.is_some()) << 1) + u8::from(subaddress);
|
|
|
|
write_varint(&features_uint, &mut data).unwrap();
|
|
|
|
}
|
|
|
|
if let Some(id) = self.kind.payment_id() {
|
|
|
|
data.extend(id);
|
|
|
|
}
|
|
|
|
write!(f, "{}", encode_check(data))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<const ADDRESS_BYTES: u128> Address<ADDRESS_BYTES> {
|
|
|
|
/// Create a new address.
|
|
|
|
pub fn new(network: Network, kind: AddressType, spend: EdwardsPoint, view: EdwardsPoint) -> Self {
|
|
|
|
Address { network, kind, spend, view }
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Parse an address from a String, accepting any network it is.
|
|
|
|
pub fn from_str_with_unchecked_network(s: &str) -> Result<Self, AddressError> {
|
|
|
|
let raw = decode_check(s).ok_or(AddressError::InvalidEncoding)?;
|
|
|
|
let mut raw = raw.as_slice();
|
|
|
|
|
|
|
|
let address_bytes: NetworkedAddressBytes =
|
|
|
|
NetworkedAddressBytes::from_const_generic(ADDRESS_BYTES);
|
|
|
|
let (network, mut kind) = address_bytes
|
|
|
|
.metadata_from_byte(read_byte(&mut raw).map_err(|_| AddressError::InvalidLength)?)?;
|
|
|
|
let spend = read_point(&mut raw).map_err(|_| AddressError::InvalidKey)?;
|
|
|
|
let view = read_point(&mut raw).map_err(|_| AddressError::InvalidKey)?;
|
|
|
|
|
|
|
|
if matches!(kind, AddressType::Featured { .. }) {
|
|
|
|
let features = read_varint::<_, u64>(&mut raw).map_err(|_| AddressError::InvalidLength)?;
|
|
|
|
if (features >> 3) != 0 {
|
|
|
|
Err(AddressError::UnknownFeatures(features))?;
|
|
|
|
}
|
|
|
|
|
|
|
|
let subaddress = (features & 1) == 1;
|
|
|
|
let integrated = ((features >> 1) & 1) == 1;
|
|
|
|
let guaranteed = ((features >> 2) & 1) == 1;
|
|
|
|
|
|
|
|
kind =
|
|
|
|
AddressType::Featured { subaddress, payment_id: integrated.then_some([0; 8]), guaranteed };
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read the payment ID, if there should be one
|
|
|
|
match kind {
|
|
|
|
AddressType::LegacyIntegrated(ref mut id) |
|
|
|
|
AddressType::Featured { payment_id: Some(ref mut id), .. } => {
|
|
|
|
*id = read_bytes(&mut raw).map_err(|_| AddressError::InvalidLength)?;
|
|
|
|
}
|
|
|
|
_ => {}
|
|
|
|
};
|
|
|
|
|
|
|
|
if !raw.is_empty() {
|
|
|
|
Err(AddressError::InvalidLength)?;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(Address { network, kind, spend, view })
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Create a new address from a `&str`.
|
|
|
|
///
|
|
|
|
/// This takes in an argument for the expected network, erroring if a distinct network was used.
|
|
|
|
/// It also errors if the address is invalid (as expected).
|
|
|
|
pub fn from_str(network: Network, s: &str) -> Result<Self, AddressError> {
|
|
|
|
Self::from_str_with_unchecked_network(s).and_then(|addr| {
|
|
|
|
if addr.network == network {
|
|
|
|
Ok(addr)
|
|
|
|
} else {
|
|
|
|
Err(AddressError::DifferentNetwork { actual: addr.network, expected: network })?
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The network this address is intended for use on.
|
|
|
|
pub fn network(&self) -> Network {
|
|
|
|
self.network
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The type of address this is.
|
|
|
|
pub fn kind(&self) -> &AddressType {
|
|
|
|
&self.kind
|
|
|
|
}
|
|
|
|
|
|
|
|
/// If this is a subaddress.
|
|
|
|
pub fn is_subaddress(&self) -> bool {
|
|
|
|
self.kind.is_subaddress()
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The payment ID for this address.
|
|
|
|
pub fn payment_id(&self) -> Option<[u8; 8]> {
|
|
|
|
self.kind.payment_id()
|
|
|
|
}
|
|
|
|
|
|
|
|
/// If this address is guaranteed.
|
|
|
|
///
|
|
|
|
/// A guaranteed address is one where any outputs scanned to it are guaranteed to be spendable
|
|
|
|
/// under the hardness of various cryptographic problems (which are assumed hard). This is via
|
|
|
|
/// a modified shared-key derivation which eliminates the burning bug.
|
|
|
|
pub fn is_guaranteed(&self) -> bool {
|
|
|
|
self.kind.is_guaranteed()
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The public spend key for this address.
|
|
|
|
pub fn spend(&self) -> EdwardsPoint {
|
|
|
|
self.spend
|
|
|
|
}
|
|
|
|
|
|
|
|
/// The public view key for this address.
|
|
|
|
pub fn view(&self) -> EdwardsPoint {
|
|
|
|
self.view
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Instantiation of the Address type with Monero's network bytes.
|
|
|
|
pub type MoneroAddress = Address<{ MONERO_BYTES.to_const_generic() }>;
|