From 36034c2f72e595c14a6103dfcdb9d80c34451a9a Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sat, 11 Mar 2023 10:51:40 -0500 Subject: [PATCH] Move ecdh derivation up to prevent Scalar::one() * ecdh --- coins/monero/src/wallet/mod.rs | 5 ++--- coins/monero/src/wallet/scan.rs | 4 ++-- coins/monero/src/wallet/send/mod.rs | 20 ++++++-------------- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/coins/monero/src/wallet/mod.rs b/coins/monero/src/wallet/mod.rs index 1f23406b..72f098ba 100644 --- a/coins/monero/src/wallet/mod.rs +++ b/coins/monero/src/wallet/mod.rs @@ -59,12 +59,11 @@ pub(crate) fn uniqueness(inputs: &[Input]) -> [u8; 32] { #[allow(non_snake_case)] pub(crate) fn shared_key( uniqueness: Option<[u8; 32]>, - s: &Zeroizing, - P: &EdwardsPoint, + ecdh: EdwardsPoint, o: usize, ) -> (u8, Scalar, [u8; 8]) { // 8Ra - let mut output_derivation = (s.deref() * P).mul_by_cofactor().compress().to_bytes().to_vec(); + let mut output_derivation = ecdh.mul_by_cofactor().compress().to_bytes().to_vec(); let mut payment_id_xor = [0; 8]; payment_id_xor diff --git a/coins/monero/src/wallet/scan.rs b/coins/monero/src/wallet/scan.rs index f4a1f580..3deb080f 100644 --- a/coins/monero/src/wallet/scan.rs +++ b/coins/monero/src/wallet/scan.rs @@ -1,3 +1,4 @@ +use core::ops::Deref; use std::io::{self, Read, Write}; use zeroize::{Zeroize, ZeroizeOnDrop}; @@ -316,8 +317,7 @@ impl Scanner { }; let (view_tag, shared_key, payment_id_xor) = shared_key( if self.burning_bug.is_none() { Some(uniqueness(&tx.prefix.inputs)) } else { None }, - &self.pair.view, - key, + self.pair.view.deref() * key, o, ); diff --git a/coins/monero/src/wallet/send/mod.rs b/coins/monero/src/wallet/send/mod.rs index f8eec1e6..10704ec6 100644 --- a/coins/monero/src/wallet/send/mod.rs +++ b/coins/monero/src/wallet/send/mod.rs @@ -59,15 +59,14 @@ impl SendOutput { fn internal( unique: [u8; 32], output: (usize, (MoneroAddress, u64)), - ecdh_left: &Zeroizing, - ecdh_right: &EdwardsPoint, + ecdh: EdwardsPoint, R: EdwardsPoint, ) -> (SendOutput, Option<[u8; 8]>) { let o = output.0; let output = output.1; let (view_tag, shared_key, payment_id_xor) = - shared_key(Some(unique).filter(|_| output.0.is_guaranteed()), ecdh_left, ecdh_right, o); + shared_key(Some(unique).filter(|_| output.0.is_guaranteed()), ecdh, o); ( SendOutput { @@ -93,8 +92,7 @@ impl SendOutput { SendOutput::internal( unique, output, - r, - &address.view, + r.deref() * address.view, if !address.is_subaddress() { r.deref() * &ED25519_BASEPOINT_TABLE } else { @@ -104,17 +102,11 @@ impl SendOutput { } fn change( - ecdh: &EdwardsPoint, + ecdh: EdwardsPoint, unique: [u8; 32], output: (usize, (MoneroAddress, u64)), ) -> (SendOutput, Option<[u8; 8]>) { - SendOutput::internal( - unique, - output, - &Zeroizing::new(Scalar::one()), - ecdh, - ED25519_BASEPOINT_POINT, - ) + SendOutput::internal(unique, output, ecdh, ED25519_BASEPOINT_POINT) } } @@ -440,7 +432,7 @@ impl SignableTransaction { // Instead of rA, use Ra, where R is r * subaddress_spend_key // change.view must be Some as if it's None, this payment would've been downcast let ecdh = tx_public_key * change.view.unwrap().deref(); - SendOutput::change(&ecdh, uniqueness, (o, (change.address, amount))) + SendOutput::change(ecdh, uniqueness, (o, (change.address, amount))) } };