From ce4c899422b0e72f6497248b6026c92bfe2f0f0c Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Mon, 30 May 2022 02:14:34 -0400 Subject: [PATCH] Remove "as", except for floats as needed Also updates Bulletproofs from C to not be length prefixed, yet rather have Rust calculate their length. Corrects an error in key_gen where self was blamed, instead of the faulty participant. --- coins/monero/c/wrapper.cpp | 6 ++---- coins/monero/src/frost.rs | 2 +- coins/monero/src/ringct/bulletproofs.rs | 23 ++++++++++++++++----- coins/monero/src/ringct/clsag/mod.rs | 16 +++++++------- coins/monero/src/serialize.rs | 2 +- coins/monero/src/wallet/send/mod.rs | 2 +- crypto/frost/src/key_gen.rs | 3 ++- crypto/frost/src/sign.rs | 2 +- crypto/frost/src/tests/literal/secp256k1.rs | 2 +- crypto/multiexp/src/lib.rs | 4 ++-- 10 files changed, 38 insertions(+), 24 deletions(-) diff --git a/coins/monero/c/wrapper.cpp b/coins/monero/c/wrapper.cpp index 8040e5e2..e99a363a 100644 --- a/coins/monero/c/wrapper.cpp +++ b/coins/monero/c/wrapper.cpp @@ -62,10 +62,8 @@ extern "C" { std::stringstream ss; binary_archive ba(ss); ::serialization::serialize(ba, bp); - uint8_t* res = (uint8_t*) calloc(2 + ss.str().size(), 1); // malloc would also work - memcpy(res + 2, ss.str().data(), ss.str().size()); - res[0] = ss.str().size() >> 8; - res[1] = ss.str().size() & 255; + uint8_t* res = (uint8_t*) calloc(ss.str().size(), 1); // malloc would also work + memcpy(res, ss.str().data(), ss.str().size()); return res; } diff --git a/coins/monero/src/frost.rs b/coins/monero/src/frost.rs index ad31c193..dfe24ad6 100644 --- a/coins/monero/src/frost.rs +++ b/coins/monero/src/frost.rs @@ -44,7 +44,7 @@ impl Curve for Ed25519 { } fn id_len() -> u8 { - Self::id().len() as u8 + u8::try_from(Self::id().len()).unwrap() } fn generator() -> Self::G { diff --git a/coins/monero/src/ringct/bulletproofs.rs b/coins/monero/src/ringct/bulletproofs.rs index 7d63758a..6a5866b2 100644 --- a/coins/monero/src/ringct/bulletproofs.rs +++ b/coins/monero/src/ringct/bulletproofs.rs @@ -41,11 +41,18 @@ impl Bulletproofs { fn c_generate_bp(seed: *const u8, len: u8, amounts: *const u64, masks: *const [u8; 32]) -> *const u8; } - let ptr = c_generate_bp(seed.as_ptr(), outputs.len() as u8, amounts.as_ptr(), masks.as_ptr()); - let len = ((ptr.read() as usize) << 8) + (ptr.add(1).read() as usize); + let ptr = c_generate_bp( + seed.as_ptr(), + u8::try_from(outputs.len()).unwrap(), + amounts.as_ptr(), + masks.as_ptr() + ); + + let mut len = 6 * 32; + len += (2 * (1 + (usize::from(ptr.add(len).read()) * 32))) + (3 * 32); res = Bulletproofs::deserialize( // Wrap in a cursor to provide a mutable Reader - &mut std::io::Cursor::new(std::slice::from_raw_parts(ptr.add(2), len)) + &mut std::io::Cursor::new(std::slice::from_raw_parts(ptr, len)) ).expect("Couldn't deserialize Bulletproofs from Monero"); free(ptr); }; @@ -64,7 +71,7 @@ impl Bulletproofs { let mut serialized = Vec::with_capacity((9 + (2 * self.L.len())) * 32); self.serialize(&mut serialized).unwrap(); let commitments: Vec<[u8; 32]> = commitments.iter().map( - |commitment| (commitment * Scalar::from(8 as u8).invert()).compress().to_bytes() + |commitment| (commitment * Scalar::from(8u8).invert()).compress().to_bytes() ).collect(); unsafe { @@ -79,7 +86,13 @@ impl Bulletproofs { ) -> bool; } - c_verify_bp(seed.as_ptr(), serialized.len(), serialized.as_ptr(), commitments.len() as u8, commitments.as_ptr()) + c_verify_bp( + seed.as_ptr(), + serialized.len(), + serialized.as_ptr(), + u8::try_from(commitments.len()).unwrap(), + commitments.as_ptr() + ) } } diff --git a/coins/monero/src/ringct/clsag/mod.rs b/coins/monero/src/ringct/clsag/mod.rs index 51d9718b..215f08e4 100644 --- a/coins/monero/src/ringct/clsag/mod.rs +++ b/coins/monero/src/ringct/clsag/mod.rs @@ -24,7 +24,7 @@ mod multisig; pub use multisig::{ClsagDetails, ClsagMultisig}; lazy_static! { - static ref INV_EIGHT: Scalar = Scalar::from(8 as u8).invert(); + static ref INV_EIGHT: Scalar = Scalar::from(8u8).invert(); } #[derive(Clone, Error, Debug)] @@ -60,8 +60,9 @@ impl ClsagInput { if n > u8::MAX.into() { Err(ClsagError::InternalError("max ring size in this library is u8 max".to_string()))?; } - if decoys.i >= (n as u8) { - Err(ClsagError::InvalidRingMember(decoys.i, n as u8))?; + let n = u8::try_from(n).unwrap(); + if decoys.i >= n { + Err(ClsagError::InvalidRingMember(decoys.i, n))?; } // Validate the commitment matches @@ -123,13 +124,13 @@ fn core( // mu_P with agg_0 let mu_P = hash_to_scalar(&to_hash); // mu_C with agg_1 - to_hash[AGG_0.len() - 1] = '1' as u8; + to_hash[AGG_0.len() - 1] = b'1'; let mu_C = hash_to_scalar(&to_hash); // Truncate it for the round transcript, altering the DST as needed to_hash.truncate(((2 * n) + 1) * 32); for i in 0 .. ROUND.len() { - to_hash[PREFIX.len() + i] = ROUND[i] as u8; + to_hash[PREFIX.len() + i] = ROUND[i]; } // Unfortunately, it's I D pseudo_out instead of pseudo_out I D, meaning this needs to be // truncated just to add it back @@ -254,7 +255,7 @@ impl Clsag { &nonce * &ED25519_BASEPOINT_TABLE, nonce * hash_to_point(&inputs[i].2.decoys.ring[usize::from(inputs[i].2.decoys.i)][0]) ); - clsag.s[inputs[i].2.decoys.i as usize] = nonce - ((p * inputs[i].0) + c); + clsag.s[usize::from(inputs[i].2.decoys.i)] = nonce - ((p * inputs[i].0) + c); res.push((clsag, pseudo_out)); } @@ -341,7 +342,8 @@ impl Clsag { if c_verify_clsag( serialized.len(), serialized.as_ptr(), - ring.len() as u8, ring_bytes.as_ptr(), + u8::try_from(ring.len()).map_err(|_| ClsagError::InternalError("too large ring".to_string()))?, + ring_bytes.as_ptr(), I_bytes.as_ptr(), pseudo_out_bytes.as_ptr(), msg.as_ptr() ) { Ok(()) diff --git a/coins/monero/src/serialize.rs b/coins/monero/src/serialize.rs index 5a8eb0f0..1303d43e 100644 --- a/coins/monero/src/serialize.rs +++ b/coins/monero/src/serialize.rs @@ -7,7 +7,7 @@ pub const VARINT_CONTINUATION_MASK: u8 = 0b1000_0000; pub fn write_varint(varint: &u64, w: &mut W) -> io::Result<()> { let mut varint = *varint; while { - let mut b = (varint & u64::from(!VARINT_CONTINUATION_MASK)) as u8; + let mut b = u8::try_from(varint & u64::from(!VARINT_CONTINUATION_MASK)).unwrap(); varint >>= 7; if varint != 0 { b |= VARINT_CONTINUATION_MASK; diff --git a/coins/monero/src/wallet/send/mod.rs b/coins/monero/src/wallet/send/mod.rs index 8d307a38..a7274b70 100644 --- a/coins/monero/src/wallet/send/mod.rs +++ b/coins/monero/src/wallet/send/mod.rs @@ -237,7 +237,7 @@ impl SignableTransaction { PublicKey { point: self.outputs[0].R.compress() } ).consensus_encode(&mut extra).unwrap(); SubField::AdditionalPublickKey( - self.outputs[1 .. self.outputs.len()].iter().map(|output| PublicKey { point: output.R.compress() }).collect() + self.outputs[1 ..].iter().map(|output| PublicKey { point: output.R.compress() }).collect() ).consensus_encode(&mut extra).unwrap(); // Format it for monero-rs diff --git a/crypto/frost/src/key_gen.rs b/crypto/frost/src/key_gen.rs index b2ce6a16..67e32a76 100644 --- a/crypto/frost/src/key_gen.rs +++ b/crypto/frost/src/key_gen.rs @@ -200,7 +200,7 @@ fn complete_r2( // Step 2. Verify each share let mut shares = HashMap::new(); for (l, share) in serialized { - shares.insert(l, C::F_from_slice(&share).map_err(|_| FrostError::InvalidShare(params.i()))?); + shares.insert(l, C::F_from_slice(&share).map_err(|_| FrostError::InvalidShare(l))?); } // Calculate the exponent for a given participant and apply it to a series of commitments @@ -240,6 +240,7 @@ fn complete_r2( // Stripe commitments per t and sum them in advance. Calculating verification shares relies on // these sums so preprocessing them is a massive speedup // If these weren't just sums, yet the tables used in multiexp, this would be further optimized + // As of right now, each multiexp will regenerate them let mut stripes = Vec::with_capacity(usize::from(params.t())); for t in 0 .. usize::from(params.t()) { stripes.push(commitments.values().map(|commitments| commitments[t]).sum()); diff --git a/crypto/frost/src/sign.rs b/crypto/frost/src/sign.rs index 1c652b12..23a63f50 100644 --- a/crypto/frost/src/sign.rs +++ b/crypto/frost/src/sign.rs @@ -143,7 +143,7 @@ fn sign_with_share>( let commitments = commitments.remove(l).unwrap(); let mut read_commitment = |c, label| { - let commitment = &commitments[c .. c + C::G_len()]; + let commitment = &commitments[c .. (c + C::G_len())]; transcript.append_message(label, commitment); C::G_from_slice(commitment).map_err(|_| FrostError::InvalidCommitment(*l)) }; diff --git a/crypto/frost/src/tests/literal/secp256k1.rs b/crypto/frost/src/tests/literal/secp256k1.rs index 36ccb833..e10bee07 100644 --- a/crypto/frost/src/tests/literal/secp256k1.rs +++ b/crypto/frost/src/tests/literal/secp256k1.rs @@ -27,7 +27,7 @@ impl Curve for Secp256k1 { } fn id_len() -> u8 { - Self::id().len() as u8 + u8::try_from(Self::id().len()).unwrap() } fn generator() -> Self::G { diff --git a/crypto/multiexp/src/lib.rs b/crypto/multiexp/src/lib.rs index a89a8125..0d145f16 100644 --- a/crypto/multiexp/src/lib.rs +++ b/crypto/multiexp/src/lib.rs @@ -55,7 +55,7 @@ pub fn multiexp< } for s in 0 .. tables.len() { - res += tables[s][nibbles[s][b] as usize]; + res += tables[s][usize::from(nibbles[s][b])]; } } res @@ -75,7 +75,7 @@ pub fn multiexp_vartime< for s in 0 .. tables.len() { if nibbles[s][b] != 0 { - res += tables[s][nibbles[s][b] as usize]; + res += tables[s][usize::from(nibbles[s][b])]; } } }