Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-01-22 10:44:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move ecdh derivation up to prevent Scalar::one() * ecdh

Browse source
This commit is contained in:
Luke Parker 2023-03-11 10:51:40 -05:00
parent 5e62072a0f
commit 36034c2f72
No known key found for this signature in database
3 changed files with 10 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
coins/monero/src/wallet/mod.rs
View file

@ -59,12 +59,11 @@ pub(crate) fn uniqueness(inputs: &[Input]) -> [u8; 32] {
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub(crate) fn shared_key( pub(crate) fn shared_key(
uniqueness: Option<[u8; 32]>, uniqueness: Option<[u8; 32]>,
s: &Zeroizing<Scalar>, ecdh: EdwardsPoint,
P: &EdwardsPoint,
o: usize, o: usize,
) -> (u8, Scalar, [u8; 8]) { ) -> (u8, Scalar, [u8; 8]) {
// 8Ra // 8Ra
let mut output_derivation = (s.deref() * P).mul_by_cofactor().compress().to_bytes().to_vec(); let mut output_derivation = ecdh.mul_by_cofactor().compress().to_bytes().to_vec();
let mut payment_id_xor = [0; 8]; let mut payment_id_xor = [0; 8];
payment_id_xor payment_id_xor

4
coins/monero/src/wallet/scan.rs
View file

@ -1,3 +1,4 @@
use core::ops::Deref;
use std::io::{self, Read, Write}; use std::io::{self, Read, Write};
use zeroize::{Zeroize, ZeroizeOnDrop}; use zeroize::{Zeroize, ZeroizeOnDrop};
@ -316,8 +317,7 @@ impl Scanner {
}; };
let (view_tag, shared_key, payment_id_xor) = shared_key( let (view_tag, shared_key, payment_id_xor) = shared_key(
if self.burning_bug.is_none() { Some(uniqueness(&tx.prefix.inputs)) } else { None }, if self.burning_bug.is_none() { Some(uniqueness(&tx.prefix.inputs)) } else { None },
&self.pair.view, self.pair.view.deref() * key,
key,
o, o,
); );

20
coins/monero/src/wallet/send/mod.rs
View file

@ -59,15 +59,14 @@ impl SendOutput {
fn internal( fn internal(
unique: [u8; 32], unique: [u8; 32],
output: (usize, (MoneroAddress, u64)), output: (usize, (MoneroAddress, u64)),
ecdh_left: &Zeroizing<Scalar>, ecdh: EdwardsPoint,
ecdh_right: &EdwardsPoint,
R: EdwardsPoint, R: EdwardsPoint,
) -> (SendOutput, Option<[u8; 8]>) { ) -> (SendOutput, Option<[u8; 8]>) {
let o = output.0; let o = output.0;
let output = output.1; let output = output.1;
let (view_tag, shared_key, payment_id_xor) = let (view_tag, shared_key, payment_id_xor) =
shared_key(Some(unique).filter(|_| output.0.is_guaranteed()), ecdh_left, ecdh_right, o); shared_key(Some(unique).filter(|_| output.0.is_guaranteed()), ecdh, o);
( (
SendOutput { SendOutput {
@ -93,8 +92,7 @@ impl SendOutput {
SendOutput::internal( SendOutput::internal(
unique, unique,
output, output,
r, r.deref() * address.view,
&address.view,
if !address.is_subaddress() { if !address.is_subaddress() {
r.deref() * &ED25519_BASEPOINT_TABLE r.deref() * &ED25519_BASEPOINT_TABLE
} else { } else {
@ -104,17 +102,11 @@ impl SendOutput {
} }
fn change( fn change(
ecdh: &EdwardsPoint, ecdh: EdwardsPoint,
unique: [u8; 32], unique: [u8; 32],
output: (usize, (MoneroAddress, u64)), output: (usize, (MoneroAddress, u64)),
) -> (SendOutput, Option<[u8; 8]>) { ) -> (SendOutput, Option<[u8; 8]>) {
SendOutput::internal( SendOutput::internal(unique, output, ecdh, ED25519_BASEPOINT_POINT)
unique,
output,
&Zeroizing::new(Scalar::one()),
ecdh,
ED25519_BASEPOINT_POINT,
)
} }
} }
@ -440,7 +432,7 @@ impl SignableTransaction {
// Instead of rA, use Ra, where R is r * subaddress_spend_key // Instead of rA, use Ra, where R is r * subaddress_spend_key
// change.view must be Some as if it's None, this payment would've been downcast // change.view must be Some as if it's None, this payment would've been downcast
let ecdh = tx_public_key * change.view.unwrap().deref(); let ecdh = tx_public_key * change.view.unwrap().deref();
SendOutput::change(&ecdh, uniqueness, (o, (change.address, amount))) SendOutput::change(ecdh, uniqueness, (o, (change.address, amount)))
} }
}; };