mirror of
https://github.com/cypherstack/stack_wallet.git
synced 2025-01-27 04:35:53 +00:00
1584 lines
49 KiB
Dart
1584 lines
49 KiB
Dart
|
import 'socketwrapper.dart';
|
|||
|
import 'package:protobuf/protobuf.dart';
|
|||
|
import 'dart:convert';
|
|||
|
import 'dart:math';
|
|||
|
import 'fusion.pb.dart';
|
|||
|
import 'util.dart';
|
|||
|
import 'dart:typed_data';
|
|||
|
import 'package:fixnum/fixnum.dart';
|
|||
|
import 'pedersen.dart';
|
|||
|
import 'dart:io';
|
|||
|
import 'package:crypto/crypto.dart';
|
|||
|
import 'dart:async';
|
|||
|
import 'comms.dart';
|
|||
|
import 'protocol.dart';
|
|||
|
import 'package:fixnum/fixnum.dart'; // so int and intt64 can be combined in some protobuff code
|
|||
|
import 'encrypt.dart';
|
|||
|
import "package:pointycastle/export.dart";
|
|||
|
import 'covert.dart';
|
|||
|
import 'connection.dart';
|
|||
|
import 'package:collection/collection.dart';
|
|||
|
import 'package:convert/convert.dart';
|
|||
|
import 'validation.dart';
|
|||
|
import 'package:stackwallet/models/isar/models/blockchain_data/utxo.dart';
|
|||
|
|
|||
|
|
|||
|
class FusionError implements Exception {
|
|||
|
final String message;
|
|||
|
FusionError(this.message);
|
|||
|
String toString() => "FusionError: $message";
|
|||
|
}
|
|||
|
|
|||
|
class ComponentResult {
|
|||
|
final Uint8List commitment;
|
|||
|
final int counter;
|
|||
|
final Uint8List component;
|
|||
|
final Proof proof;
|
|||
|
final Uint8List privateKey;
|
|||
|
final dynamic pedersenAmount; // replace dynamic with actual type
|
|||
|
final dynamic pedersenNonce; // replace dynamic with actual type
|
|||
|
|
|||
|
ComponentResult(
|
|||
|
this.commitment,
|
|||
|
this.counter,
|
|||
|
this.component,
|
|||
|
this.proof,
|
|||
|
this.privateKey,
|
|||
|
{this.pedersenAmount,
|
|||
|
this.pedersenNonce}
|
|||
|
);
|
|||
|
}
|
|||
|
|
|||
|
class Transaction {
|
|||
|
List<Input> Inputs = [];
|
|||
|
List<Output> Outputs = [];
|
|||
|
|
|||
|
Transaction();
|
|||
|
|
|||
|
|
|||
|
static Tuple txFromComponents(List<dynamic> allComponents, List<dynamic> sessionHash) {
|
|||
|
Transaction tx = Transaction(); // Initialize a new Transaction
|
|||
|
// This should be based on wallet layer... implement the logic of constructing the transaction from components
|
|||
|
// For now, it just initializes Inputs and Outputs as empty lists
|
|||
|
tx.Inputs = [];
|
|||
|
tx.Outputs = [];
|
|||
|
|
|||
|
// For now, just returning an empty list for inputIndices
|
|||
|
List<int> inputIndices = [];
|
|||
|
|
|||
|
return Tuple(tx, inputIndices);
|
|||
|
}
|
|||
|
|
|||
|
List<int> serializePreimage(int index, int hashType, {bool useCache = true}) {
|
|||
|
// Add implementation here
|
|||
|
// For now, returning an empty byte array
|
|||
|
return [];
|
|||
|
}
|
|||
|
|
|||
|
String serialize() {
|
|||
|
// To implement...
|
|||
|
return "";
|
|||
|
}
|
|||
|
|
|||
|
bool isComplete() {
|
|||
|
// implement based on wallet.
|
|||
|
return true;
|
|||
|
}
|
|||
|
|
|||
|
String txid() {
|
|||
|
// To implement...
|
|||
|
return "";
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
class Input {
|
|||
|
List<int> prevTxid;
|
|||
|
int prevIndex;
|
|||
|
List<int> pubKey;
|
|||
|
int amount;
|
|||
|
List<dynamic> signatures =[];
|
|||
|
|
|||
|
Input({required this.prevTxid, required this.prevIndex, required this.pubKey, required this.amount});
|
|||
|
|
|||
|
int sizeOfInput() {
|
|||
|
assert(1 < pubKey.length && pubKey.length < 76); // need to assume regular push opcode
|
|||
|
return 108 + pubKey.length;
|
|||
|
}
|
|||
|
|
|||
|
int get value {
|
|||
|
return amount;
|
|||
|
}
|
|||
|
|
|||
|
String getPubKey(int pubkey_index) {
|
|||
|
// TO BE IMPLEMENTED...
|
|||
|
return "";
|
|||
|
}
|
|||
|
|
|||
|
String getPrivKey(int pubkey_index) {
|
|||
|
// TO BE IMPLEMENTED...
|
|||
|
return "";
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
static Input fromInputComponent(InputComponent inputComponent) {
|
|||
|
return Input(
|
|||
|
prevTxid: inputComponent.prevTxid, // Make sure the types are matching
|
|||
|
prevIndex: inputComponent.prevIndex.toInt(),
|
|||
|
pubKey: inputComponent.pubkey,
|
|||
|
amount: inputComponent.amount.toInt(),
|
|||
|
);
|
|||
|
}
|
|||
|
|
|||
|
static Input fromStackUTXO(UTXO utxo) {
|
|||
|
return Input(
|
|||
|
prevTxid: utf8.encode(utxo.txid), // Convert txid to a List<int>
|
|||
|
prevIndex: utxo.vout,
|
|||
|
pubKey: utf8.encode('0000'), // Placeholder
|
|||
|
amount: utxo.value,
|
|||
|
);
|
|||
|
}
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
class Output {
|
|||
|
int value;
|
|||
|
Address addr;
|
|||
|
|
|||
|
int amount=0;
|
|||
|
|
|||
|
Output({required this.value, required this.addr});
|
|||
|
|
|||
|
int sizeOfOutput() {
|
|||
|
List<int> scriptpubkey = addr.toScript(); // assuming addr.toScript() returns List<int> that represents the scriptpubkey
|
|||
|
assert(scriptpubkey.length < 253);
|
|||
|
return 9 + scriptpubkey.length;
|
|||
|
}
|
|||
|
|
|||
|
static Output fromOutputComponent(OutputComponent outputComponent) {
|
|||
|
Address address = Address.fromScriptPubKey(outputComponent.scriptpubkey);
|
|||
|
return Output(
|
|||
|
value: outputComponent.amount.toInt(),
|
|||
|
addr: address,
|
|||
|
);
|
|||
|
}
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
// Class to handle fusion
|
|||
|
class Fusion {
|
|||
|
|
|||
|
List<Input> coins = []; //"coins" and "inputs" are often synonmous in the original python code.
|
|||
|
List<Output> outputs =[];
|
|||
|
bool server_connected_and_greeted = false;
|
|||
|
bool stopping = false;
|
|||
|
bool stopping_if_not_running = false;
|
|||
|
String stopReason="";
|
|||
|
String tor_host="";
|
|||
|
bool server_ssl= false;
|
|||
|
String server_host ="cashfusion.stackwallet.com";
|
|||
|
int server_port = 8787;
|
|||
|
|
|||
|
//String server_host = "fusion.servo.cash";
|
|||
|
//int server_port = 8789;
|
|||
|
|
|||
|
int tor_port = 0;
|
|||
|
int roundcount = 0;
|
|||
|
String txid="";
|
|||
|
|
|||
|
Tuple<String, String> status = Tuple("", "");
|
|||
|
Connection? connection;
|
|||
|
|
|||
|
int numComponents =0;
|
|||
|
double componentFeeRate=0;
|
|||
|
double minExcessFee=0;
|
|||
|
double maxExcessFee=0;
|
|||
|
List<int> availableTiers =[];
|
|||
|
|
|||
|
int maxOutputs=0;
|
|||
|
int safety_sum_in =0;
|
|||
|
Map<int, int> safety_exess_fees = {};
|
|||
|
Map<int, List<int>> tierOutputs ={}; // not sure if this should be using outputs class.
|
|||
|
|
|||
|
int inactiveTimeLimit = 0;
|
|||
|
int tier = 0;
|
|||
|
int covertPort = 0;
|
|||
|
bool covertSSL = false;
|
|||
|
double beginTime = 0.0; // represent time in seconds.
|
|||
|
List<int> lastHash = <int>[];
|
|||
|
List<Address> reservedAddresses = <Address>[];
|
|||
|
int safetyExcessFee = 0;
|
|||
|
DateTime t_fusionBegin = DateTime.now();
|
|||
|
Uint8List covertDomainB = Uint8List(0);
|
|||
|
|
|||
|
var txInputIndices;
|
|||
|
Transaction tx= Transaction();
|
|||
|
List<int> myComponentIndexes=[];
|
|||
|
List<int> myCommitmentIndexes=[];
|
|||
|
Set<int> badComponents ={};
|
|||
|
|
|||
|
Fusion () {
|
|||
|
//initializeConnection(host, port)
|
|||
|
}
|
|||
|
/*
|
|||
|
Future<void> initializeConnection(String host, int port) async {
|
|||
|
Socket socket = await Socket.connect(host, port);
|
|||
|
connection = Connection()..socket = socket;
|
|||
|
}
|
|||
|
*/
|
|||
|
|
|||
|
Future<void> add_coins_from_wallet(List<UTXO> utxoList) async {
|
|||
|
// Convert each UTXO to an Input and add to 'coins'
|
|||
|
for (UTXO utxo in utxoList) {
|
|||
|
coins.add(Input.fromStackUTXO(utxo));
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
Future<void> fusion_run() async {
|
|||
|
|
|||
|
print ("DEBUG FUSION 223...fusion run....");
|
|||
|
try {
|
|||
|
|
|||
|
try {
|
|||
|
|
|||
|
// Check compatibility - This was done in python version to see if fast libsec installed.
|
|||
|
// For now , in dart, just pass this test.
|
|||
|
;
|
|||
|
} on Exception catch(e) {
|
|||
|
// handle exception, rethrow as a custom FusionError
|
|||
|
throw FusionError("Incompatible: " + e.toString());
|
|||
|
}
|
|||
|
|
|||
|
// Check if can connect to Tor proxy, if not, raise FusionError. Empty String treated as no host.
|
|||
|
if (tor_host.isNotEmpty && tor_port != 0 && !await isTorPort(tor_host, tor_port)) {
|
|||
|
throw FusionError("Can't connect to Tor proxy at $tor_host:$tor_port");
|
|||
|
}
|
|||
|
|
|||
|
try {
|
|||
|
// Check stop condition
|
|||
|
check_stop(running: false);
|
|||
|
}
|
|||
|
catch (e) {
|
|||
|
print (e);
|
|||
|
}
|
|||
|
|
|||
|
try {
|
|||
|
// Check coins
|
|||
|
check_coins();
|
|||
|
}
|
|||
|
catch (e) {
|
|||
|
print (e);
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
// Connect to server
|
|||
|
status = Tuple("connecting", "");
|
|||
|
try {
|
|||
|
connection = await openConnection(server_host, server_port, connTimeout: 5.0, defaultTimeout: 5.0, ssl: server_ssl);
|
|||
|
} catch (e) {
|
|||
|
print("Connect failed: $e");
|
|||
|
String sslstr = server_ssl ? ' SSL ' : '';
|
|||
|
throw FusionError('Could not connect to $sslstr$server_host:$server_port');
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
// Once connection is successful, wrap operations inside this block
|
|||
|
// Within this block, version checks, downloads server params, handles coins and runs rounds
|
|||
|
try {
|
|||
|
|
|||
|
|
|||
|
SocketWrapper socketwrapper = SocketWrapper(server_host, server_port);
|
|||
|
await socketwrapper.connect();
|
|||
|
|
|||
|
// Version check and download server params.
|
|||
|
await greet(socketwrapper);
|
|||
|
|
|||
|
socketwrapper.status();
|
|||
|
server_connected_and_greeted = true;
|
|||
|
notify_server_status(true);
|
|||
|
|
|||
|
// In principle we can hook a pause in here -- user can insert coins after seeing server params.
|
|||
|
|
|||
|
try {
|
|||
|
if (coins.isEmpty) {
|
|||
|
throw FusionError('Started with no coins');
|
|||
|
return;
|
|||
|
}
|
|||
|
}
|
|||
|
catch (e) {
|
|||
|
print(e);
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
await allocateOutputs(socketwrapper);
|
|||
|
// In principle we can hook a pause in here -- user can tweak tier_outputs, perhaps cancelling some unwanted tiers.
|
|||
|
|
|||
|
// Register for tiers, wait for a pool.
|
|||
|
await registerAndWait(socketwrapper);
|
|||
|
|
|||
|
|
|||
|
print ("FUSION DEBUG 273");
|
|||
|
print ("RETURNING early in fusion_run....");
|
|||
|
return;
|
|||
|
|
|||
|
|
|||
|
// launch the covert submitter
|
|||
|
CovertSubmitter covert = await start_covert();
|
|||
|
try {
|
|||
|
// Pool started. Keep running rounds until fail or complete.
|
|||
|
while (true) {
|
|||
|
roundcount += 1;
|
|||
|
if (await run_round(covert)) {
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
} finally {
|
|||
|
covert.stop();
|
|||
|
}
|
|||
|
} finally {
|
|||
|
(await connection)?.close();
|
|||
|
}
|
|||
|
|
|||
|
for (int i = 0; i < 60; i++) {
|
|||
|
if (stopping) {
|
|||
|
break; // not an error
|
|||
|
}
|
|||
|
|
|||
|
if (Util.walletHasTransaction(txid)) {
|
|||
|
break;
|
|||
|
}
|
|||
|
|
|||
|
await Future.delayed(Duration(seconds: 1));
|
|||
|
}
|
|||
|
|
|||
|
// Set status to 'complete' with 'time_wait'
|
|||
|
status = Tuple('complete', 'txid: $txid');
|
|||
|
|
|||
|
// Wait for transaction to show up in wallets
|
|||
|
// Set status to 'complete' with txid
|
|||
|
|
|||
|
} on FusionError catch(err) {
|
|||
|
print('Failed: ${err}');
|
|||
|
status.item1 = "failed";
|
|||
|
status.item2 = err.toString(); // setting the error message
|
|||
|
} catch(exc) {
|
|||
|
print('Exception: ${exc}');
|
|||
|
status.item1 = "failed";
|
|||
|
status.item2= "Exception: ${exc.toString()}"; // setting the exception message
|
|||
|
} finally {
|
|||
|
clear_coins();
|
|||
|
if (status.item1 != 'complete') {
|
|||
|
for (var output in outputs) {
|
|||
|
Util.unreserve_change_address(output.addr);
|
|||
|
}
|
|||
|
if (!server_connected_and_greeted) {
|
|||
|
notify_server_status(false, tup: status);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
} // end fusion_run function.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Future<CovertSubmitter> start_covert() async {
|
|||
|
// Function implementation here...
|
|||
|
|
|||
|
// For now, just return a new instance of CovertSubmitter
|
|||
|
return CovertSubmitter("dummy",0,true,"some_host",0,0,0,0);
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
Future<bool> run_round(CovertSubmitter covert) async {
|
|||
|
// function implementation here...
|
|||
|
|
|||
|
// placeholder return statement
|
|||
|
return Future.value(false);
|
|||
|
}
|
|||
|
|
|||
|
void notify_server_status(bool b, {Tuple? tup}) {
|
|||
|
// Function implementation goes here
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
void stop([String reason = 'stopped', bool notIfRunning = false]) {
|
|||
|
if (stopping) {
|
|||
|
return;
|
|||
|
}
|
|||
|
if (notIfRunning) {
|
|||
|
if (stopping_if_not_running) {
|
|||
|
return;
|
|||
|
}
|
|||
|
stopReason = reason;
|
|||
|
stopping_if_not_running = true;
|
|||
|
} else {
|
|||
|
stopReason = reason;
|
|||
|
stopping = true;
|
|||
|
}
|
|||
|
// note the reason is only overwritten if we were not already stopping this way.
|
|||
|
}
|
|||
|
|
|||
|
void check_stop({bool running = true}) {
|
|||
|
// Gets called occasionally from fusion thread to allow a stop point.
|
|||
|
if (stopping || (!running && stopping_if_not_running)) {
|
|||
|
throw FusionError(stopReason ?? 'Unknown stop reason');
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
void check_coins() {
|
|||
|
// Implement by calling wallet layer to check the coins are ok.
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
static void foo() {
|
|||
|
print ("hello");
|
|||
|
}
|
|||
|
|
|||
|
void clear_coins() {
|
|||
|
coins = [];
|
|||
|
}
|
|||
|
|
|||
|
void addCoins(List<Input> newCoins) {
|
|||
|
coins.addAll(newCoins);
|
|||
|
}
|
|||
|
|
|||
|
void notify_coins_UI() {
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
static bool walletCanFuse() {
|
|||
|
return true;
|
|||
|
|
|||
|
// Implement logic here to return false if the wallet can't fuse. (If its read only or non P2PKH)
|
|||
|
}
|
|||
|
|
|||
|
static double nextDoubleNonZero(Random rng) {
|
|||
|
double value = 0.0;
|
|||
|
while (value == 0.0) {
|
|||
|
value = rng.nextDouble();
|
|||
|
}
|
|||
|
return value;
|
|||
|
}
|
|||
|
|
|||
|
static List<int>? randomOutputsForTier(Random rng, int inputAmount, int scale, int offset, int maxCount) {
|
|||
|
|
|||
|
if (inputAmount < offset) {
|
|||
|
return [];
|
|||
|
}
|
|||
|
double lambd = 1.0 / scale;
|
|||
|
int remaining = inputAmount;
|
|||
|
List<double> values = []; // list of fractional random values without offset
|
|||
|
bool didBreak = false; // Add this flag to detect when a break is encountered
|
|||
|
|
|||
|
for (int i = 0; i < maxCount + 1; i++) {
|
|||
|
double val = -lambd * log(nextDoubleNonZero(rng));
|
|||
|
remaining -= (val.ceil() + offset);
|
|||
|
if (remaining < 0) {
|
|||
|
didBreak = true; // If you break, set this flag to true
|
|||
|
break;
|
|||
|
}
|
|||
|
values.add(val);
|
|||
|
}
|
|||
|
|
|||
|
if (!didBreak && values.length > maxCount) {
|
|||
|
values = values.sublist(0, maxCount);
|
|||
|
}
|
|||
|
|
|||
|
if (values.isEmpty) {
|
|||
|
// Our first try put us over the limit, so we have nothing to work with.
|
|||
|
// (most likely, scale was too large)
|
|||
|
return [];
|
|||
|
}
|
|||
|
|
|||
|
int desiredRandomSum = inputAmount - values.length * offset;
|
|||
|
assert(desiredRandomSum >= 0, 'desiredRandomSum is less than 0');
|
|||
|
|
|||
|
/*Now we need to rescale and round the values so they fill up the desired.
|
|||
|
input amount exactly. We perform rounding in cumulative space so that the
|
|||
|
sum is exact, and the rounding is distributed fairly.
|
|||
|
*/
|
|||
|
|
|||
|
// Dart equivalent of itertools.accumulate
|
|||
|
List<double> cumsum = [];
|
|||
|
double sum = 0;
|
|||
|
for (double value in values) {
|
|||
|
sum += value;
|
|||
|
cumsum.add(sum);
|
|||
|
}
|
|||
|
|
|||
|
double rescale = desiredRandomSum / cumsum[cumsum.length - 1];
|
|||
|
List<int> normedCumsum = cumsum.map((v) => (rescale * v).round()).toList();
|
|||
|
assert(normedCumsum[normedCumsum.length - 1] == desiredRandomSum, 'Last element of normedCumsum is not equal to desiredRandomSum');
|
|||
|
List<int> differences = [];
|
|||
|
differences.add(normedCumsum[0]); // First element
|
|||
|
for (int i = 1; i < normedCumsum.length; i++) {
|
|||
|
differences.add(normedCumsum[i] - normedCumsum[i - 1]);
|
|||
|
}
|
|||
|
|
|||
|
List<int> result = differences.map((d) => offset + d).toList();
|
|||
|
assert(result.reduce((a, b) => a + b) == inputAmount, 'Sum of result is not equal to inputAmount');
|
|||
|
return result;
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
static List<ComponentResult> genComponents(int numBlanks, List<Input> inputs, List<Output> outputs, int feerate) {
|
|||
|
assert(numBlanks >= 0);
|
|||
|
|
|||
|
List<Tuple<Component, int>> components = [];
|
|||
|
|
|||
|
// Set up Pedersen setup instance
|
|||
|
Uint8List HBytes = Uint8List.fromList([0x02] + 'CashFusion gives us fungibility.'.codeUnits);
|
|||
|
ECDomainParameters params = ECDomainParameters('secp256k1');
|
|||
|
ECPoint? HMaybe = params.curve.decodePoint(HBytes);
|
|||
|
if (HMaybe == null) {
|
|||
|
throw Exception('Failed to decode point');
|
|||
|
}
|
|||
|
ECPoint H = HMaybe;
|
|||
|
PedersenSetup setup = PedersenSetup(H);
|
|||
|
|
|||
|
for (Input input in inputs) {
|
|||
|
int fee = Util.componentFee(input.sizeOfInput(), feerate);
|
|||
|
|
|||
|
var comp = Component();
|
|||
|
comp.input = InputComponent(
|
|||
|
prevTxid: Uint8List.fromList(input.prevTxid.reversed.toList()),
|
|||
|
prevIndex: input.prevIndex,
|
|||
|
pubkey: input.pubKey,
|
|||
|
amount: Int64(input.amount)
|
|||
|
);
|
|||
|
components.add(Tuple<Component, int>(comp, input.amount - fee));
|
|||
|
}
|
|||
|
|
|||
|
for (Output output in outputs) {
|
|||
|
var script = output.addr.toScript();
|
|||
|
int fee = Util.componentFee(output.sizeOfOutput(), feerate);
|
|||
|
|
|||
|
var comp = Component();
|
|||
|
comp.output = OutputComponent(
|
|||
|
scriptpubkey: script,
|
|||
|
amount: Int64(output.value)
|
|||
|
);
|
|||
|
components.add(Tuple<Component, int>(comp, -output.value - fee));
|
|||
|
}
|
|||
|
|
|||
|
for (int i = 0; i < numBlanks; i++) {
|
|||
|
var comp = Component();
|
|||
|
comp.blank = BlankComponent();
|
|||
|
components.add(Tuple<Component, int>(comp, 0));
|
|||
|
}
|
|||
|
|
|||
|
List<ComponentResult> resultList = [];
|
|||
|
|
|||
|
components.asMap().forEach((cnum, Tuple<Component, int> componentTuple) {
|
|||
|
Uint8List salt = Util.tokenBytes(32);
|
|||
|
componentTuple.item1.saltCommitment = Util.sha256(salt);
|
|||
|
var compser = componentTuple.item1.writeToBuffer();
|
|||
|
|
|||
|
Tuple<Uint8List, Uint8List> keyPair = Util.genKeypair();
|
|||
|
Uint8List privateKey = keyPair.item1;
|
|||
|
Uint8List pubKey = keyPair.item2;
|
|||
|
|
|||
|
Commitment commitmentInstance = setup.commit(BigInt.from(componentTuple.item2));
|
|||
|
Uint8List amountCommitment = commitmentInstance.PUncompressed;
|
|||
|
|
|||
|
|
|||
|
// Convert BigInt nonce to Uint8List
|
|||
|
Uint8List pedersenNonce = Uint8List.fromList([int.parse(commitmentInstance.nonce.toRadixString(16), radix: 16)]);
|
|||
|
|
|||
|
// Generating initial commitment
|
|||
|
InitialCommitment commitment = InitialCommitment(
|
|||
|
saltedComponentHash: Util.sha256(Uint8List.fromList([...compser, ...salt])),
|
|||
|
amountCommitment: amountCommitment,
|
|||
|
communicationKey: pubKey
|
|||
|
);
|
|||
|
|
|||
|
Uint8List commitser = commitment.writeToBuffer();
|
|||
|
|
|||
|
// Generating proof
|
|||
|
Proof proof = Proof(
|
|||
|
componentIdx: cnum,
|
|||
|
salt: salt,
|
|||
|
pedersenNonce: pedersenNonce
|
|||
|
);
|
|||
|
|
|||
|
// Adding result to list
|
|||
|
resultList.add(ComponentResult(commitser, cnum, compser, proof, privateKey));
|
|||
|
});
|
|||
|
|
|||
|
return resultList;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
Future<GeneratedMessage> recv2(SocketWrapper socketwrapper, List<String> expectedMsgNames, {Duration? timeout}) async {
|
|||
|
if (connection == null) {
|
|||
|
throw FusionError('Connection not initialized');
|
|||
|
}
|
|||
|
|
|||
|
var result = await recvPb2(
|
|||
|
socketwrapper,
|
|||
|
connection!,
|
|||
|
ServerMessage,
|
|||
|
expectedMsgNames,
|
|||
|
timeout: timeout
|
|||
|
);
|
|||
|
|
|||
|
var submsg = result.item1;
|
|||
|
var mtype = result.item2;
|
|||
|
|
|||
|
if (mtype == 'error') {
|
|||
|
throw FusionError('server error: ${submsg.toString()}');
|
|||
|
}
|
|||
|
|
|||
|
return submsg;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Future<GeneratedMessage> recv(List<String> expectedMsgNames, {Duration? timeout}) async {
|
|||
|
// DEPRECATED
|
|||
|
if (connection == null) {
|
|||
|
throw FusionError('Connection not initialized');
|
|||
|
}
|
|||
|
|
|||
|
var result = await recvPb(
|
|||
|
connection!,
|
|||
|
ServerMessage,
|
|||
|
expectedMsgNames,
|
|||
|
timeout: timeout
|
|||
|
);
|
|||
|
|
|||
|
var submsg = result.item1;
|
|||
|
var mtype = result.item2;
|
|||
|
|
|||
|
if (mtype == 'error') {
|
|||
|
throw FusionError('server error: ${submsg.toString()}');
|
|||
|
}
|
|||
|
|
|||
|
return submsg;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
Future<void> send(GeneratedMessage submsg, {Duration? timeout}) async {
|
|||
|
// DEPRECATED
|
|||
|
if (connection != null) {
|
|||
|
await sendPb(connection!, ClientMessage, submsg, timeout: timeout);
|
|||
|
} else {
|
|||
|
print('Connection is null');
|
|||
|
}
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
Future<void> send2(SocketWrapper socketwrapper, GeneratedMessage submsg, {Duration? timeout}) async {
|
|||
|
|
|||
|
if (connection != null) {
|
|||
|
await sendPb2(socketwrapper, connection!, ClientMessage, submsg, timeout: timeout);
|
|||
|
} else {
|
|||
|
print('Connection is null');
|
|||
|
}
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
Future<void> greet(SocketWrapper socketwrapper) async {
|
|||
|
ClientHello clientHello = ClientHello(
|
|||
|
version: Uint8List.fromList(utf8.encode(Protocol.VERSION)),
|
|||
|
genesisHash: Util.get_current_genesis_hash());
|
|||
|
|
|||
|
ClientMessage clientMessage = ClientMessage()
|
|||
|
..clienthello = clientHello;
|
|||
|
|
|||
|
//deprecated
|
|||
|
//Connection greet_connection_1 = Connection.withoutSocket();
|
|||
|
|
|||
|
/*
|
|||
|
lets move this up a level to the fusion_run and pass it in....
|
|||
|
SocketWrapper socketwrapper = SocketWrapper(server_host, server_port);
|
|||
|
await socketwrapper.connect();
|
|||
|
*/
|
|||
|
send2(socketwrapper,clientMessage);
|
|||
|
|
|||
|
|
|||
|
var replyMsg = await recv2(socketwrapper, ['serverhello']);
|
|||
|
if (replyMsg is ServerMessage) {
|
|||
|
ServerHello reply = replyMsg.serverhello;
|
|||
|
|
|||
|
numComponents = reply.numComponents;
|
|||
|
componentFeeRate = reply.componentFeerate.toDouble();
|
|||
|
minExcessFee = reply.minExcessFee.toDouble();
|
|||
|
maxExcessFee = reply.maxExcessFee.toDouble();
|
|||
|
availableTiers = reply.tiers.map((tier) => tier.toInt()).toList();
|
|||
|
|
|||
|
// Enforce some sensible limits, in case server is crazy
|
|||
|
if (componentFeeRate > Protocol.MAX_COMPONENT_FEERATE) {
|
|||
|
throw FusionError('excessive component feerate from server');
|
|||
|
}
|
|||
|
if (minExcessFee > 400) { // note this threshold should be far below MAX_EXCESS_FEE
|
|||
|
throw FusionError('excessive min excess fee from server');
|
|||
|
}
|
|||
|
if (minExcessFee > maxExcessFee) {
|
|||
|
throw FusionError('bad config on server: fees');
|
|||
|
}
|
|||
|
if (numComponents < Protocol.MIN_TX_COMPONENTS * 1.5) {
|
|||
|
throw FusionError('bad config on server: num_components');
|
|||
|
}
|
|||
|
} else {
|
|||
|
throw Exception('Received unexpected message type: ${replyMsg.runtimeType}');
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
Future<void> allocateOutputs(socketwrapper) async {
|
|||
|
print ("DBUG allocateoutputs 746");
|
|||
|
|
|||
|
print ("CHECK socketwrapper 746");
|
|||
|
socketwrapper.status();
|
|||
|
assert(['setup', 'connecting'].contains(status.item1));
|
|||
|
|
|||
|
List<Input> inputs = coins;
|
|||
|
int numInputs = inputs.length;
|
|||
|
|
|||
|
int maxComponents = min(numComponents, Protocol.MAX_COMPONENTS);
|
|||
|
int maxOutputs = maxComponents - numInputs;
|
|||
|
if (maxOutputs < 1) {
|
|||
|
throw FusionError('Too many inputs ($numInputs >= $maxComponents)');
|
|||
|
}
|
|||
|
|
|||
|
if (maxOutputs != null) {
|
|||
|
assert(maxOutputs >= 1);
|
|||
|
maxOutputs = min(maxOutputs, maxOutputs);
|
|||
|
}
|
|||
|
|
|||
|
int numDistinct = inputs.map((e) => e.value).toSet().length;
|
|||
|
int minOutputs = max(Protocol.MIN_TX_COMPONENTS - numDistinct, 1);
|
|||
|
if (maxOutputs < minOutputs) {
|
|||
|
throw FusionError('Too few distinct inputs selected ($numDistinct); cannot satisfy output count constraint (>= $minOutputs, <= $maxOutputs)');
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
int sumInputsValue = inputs.map((e) => e.value).reduce((a, b) => a + b);
|
|||
|
int inputFees = inputs.map((e) => Util.componentFee(e.sizeOfInput(), componentFeeRate.toInt())).reduce((a, b) => a + b);
|
|||
|
int availForOutputs = sumInputsValue - inputFees - minExcessFee.toInt();
|
|||
|
|
|||
|
int feePerOutput = Util.componentFee(34, componentFeeRate.toInt());
|
|||
|
|
|||
|
int offsetPerOutput = Protocol.MIN_OUTPUT + feePerOutput;
|
|||
|
|
|||
|
if (availForOutputs < offsetPerOutput) {
|
|||
|
throw FusionError('Selected inputs had too little value');
|
|||
|
}
|
|||
|
|
|||
|
var rng = Random();
|
|||
|
var seed = List<int>.generate(32, (_) => rng.nextInt(256));
|
|||
|
|
|||
|
print ("DBUG allocateoutputs 785");
|
|||
|
tierOutputs = {};
|
|||
|
var excessFees = <int, int>{};
|
|||
|
for (var scale in availableTiers) {
|
|||
|
int fuzzFeeMax = scale ~/ 1000000;
|
|||
|
int fuzzFeeMaxReduced = min(fuzzFeeMax, min(Protocol.MAX_EXCESS_FEE - minExcessFee.toInt(), maxExcessFee.toInt()));
|
|||
|
|
|||
|
assert(fuzzFeeMaxReduced >= 0);
|
|||
|
int fuzzFee = rng.nextInt(fuzzFeeMaxReduced + 1);
|
|||
|
|
|||
|
int reducedAvailForOutputs = availForOutputs - fuzzFee;
|
|||
|
if (reducedAvailForOutputs < offsetPerOutput) {
|
|||
|
continue;
|
|||
|
}
|
|||
|
|
|||
|
var outputs = randomOutputsForTier(rng, reducedAvailForOutputs, scale, offsetPerOutput, maxOutputs);
|
|||
|
if (outputs != null) {
|
|||
|
print (outputs);
|
|||
|
}
|
|||
|
if (outputs == null || outputs.length < minOutputs) {
|
|||
|
|
|||
|
|
|||
|
continue;
|
|||
|
}
|
|||
|
outputs = outputs.map((o) => o - feePerOutput).toList();
|
|||
|
|
|||
|
assert(inputs.length + (outputs?.length ?? 0) <= Protocol.MAX_COMPONENTS);
|
|||
|
|
|||
|
excessFees[scale] = sumInputsValue - inputFees - reducedAvailForOutputs;
|
|||
|
tierOutputs[scale] = outputs!;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
print('Possible tiers: $tierOutputs');
|
|||
|
|
|||
|
print ("CHECK socketwrapper 839");
|
|||
|
socketwrapper.status();
|
|||
|
safety_sum_in = sumInputsValue;
|
|||
|
safety_exess_fees = excessFees;
|
|||
|
return;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Future<void> registerAndWait(SocketWrapper socketwrapper) async {
|
|||
|
|
|||
|
// msg can be different classes depending on which protobuf msg is sent.
|
|||
|
dynamic? msg;
|
|||
|
|
|||
|
var tierOutputs = this.tierOutputs;
|
|||
|
var tiersSorted = tierOutputs.keys.toList()..sort();
|
|||
|
|
|||
|
if (tierOutputs.isEmpty) {
|
|||
|
throw FusionError('No outputs available at any tier (selected inputs were too small / too large).');
|
|||
|
}
|
|||
|
|
|||
|
print('registering for tiers: $tiersSorted');
|
|||
|
|
|||
|
int self_fuse = 1; // Temporary value for now
|
|||
|
var cashfusionTag = [1];// temp value for now
|
|||
|
|
|||
|
|
|||
|
|
|||
|
check_stop(running: false);
|
|||
|
check_coins();
|
|||
|
|
|||
|
|
|||
|
var tags = [JoinPools_PoolTag(id: cashfusionTag, limit: self_fuse)];
|
|||
|
|
|||
|
// Create JoinPools message
|
|||
|
JoinPools joinPools = JoinPools(
|
|||
|
tiers: tiersSorted.map((i) => Int64(i)).toList(),
|
|||
|
tags: tags
|
|||
|
);
|
|||
|
|
|||
|
// Wrap it in a ClientMessage
|
|||
|
ClientMessage clientMessage = ClientMessage()
|
|||
|
..joinpools = joinPools;
|
|||
|
|
|||
|
send2(socketwrapper, clientMessage);
|
|||
|
|
|||
|
|
|||
|
status = Tuple<String, String>('waiting', 'Registered for tiers');
|
|||
|
|
|||
|
var tiersStrings = {for (var entry in tierOutputs.entries) entry.key: (entry.key * 1e-8).toStringAsFixed(8).replaceAll(RegExp(r'0+$'), '')};
|
|||
|
|
|||
|
while (true) {
|
|||
|
var msg = await recv2(socketwrapper,['tierstatusupdate', 'fusionbegin'], timeout: Duration(seconds: 10));
|
|||
|
|
|||
|
var fieldInfoFusionBegin = msg.info_.byName["fusionbegin"];
|
|||
|
if (fieldInfoFusionBegin != null && msg.hasField(fieldInfoFusionBegin.tagNumber)) {
|
|||
|
break;
|
|||
|
}
|
|||
|
|
|||
|
check_stop(running: false);
|
|||
|
check_coins();
|
|||
|
|
|||
|
// Define the bool variable
|
|||
|
|
|||
|
|
|||
|
|
|||
|
var fieldInfo = msg.info_.byName["tierstatusupdate"];
|
|||
|
if (fieldInfo == null) {
|
|||
|
throw FusionError('Expected field not found in message: tierstatusupdate');
|
|||
|
}
|
|||
|
|
|||
|
bool messageIsTierStatusUpdate = msg.hasField(fieldInfo.tagNumber);
|
|||
|
|
|||
|
|
|||
|
if (!messageIsTierStatusUpdate) {
|
|||
|
throw FusionError('Expected a TierStatusUpdate message');
|
|||
|
}
|
|||
|
|
|||
|
late var statuses;
|
|||
|
if (messageIsTierStatusUpdate) {
|
|||
|
//TierStatusUpdate tierStatusUpdate = msg.tierstatusupdate;
|
|||
|
var tierStatusUpdate = msg.getField(fieldInfo.tagNumber) as TierStatusUpdate;
|
|||
|
statuses = tierStatusUpdate.statuses;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
double maxfraction = 0.0;
|
|||
|
var maxtiers = <int>[];
|
|||
|
int? besttime;
|
|||
|
int? besttimetier;
|
|||
|
for (var entry in statuses.entries) {
|
|||
|
double frac = entry.value.players / entry.value.min_players;
|
|||
|
if (frac >= maxfraction) {
|
|||
|
if (frac > maxfraction) {
|
|||
|
maxfraction = frac;
|
|||
|
maxtiers.clear();
|
|||
|
}
|
|||
|
maxtiers.add(entry.key);
|
|||
|
}
|
|||
|
if (entry.value.hasField('time_remaining')) {
|
|||
|
int tr = entry.value.time_remaining;
|
|||
|
if (besttime == null || tr < besttime) {
|
|||
|
besttime = tr;
|
|||
|
besttimetier = entry.key;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
var displayBest = <String>[];
|
|||
|
var displayMid = <String>[];
|
|||
|
var displayQueued = <String>[];
|
|||
|
for (var tier in tiersSorted) {
|
|||
|
if (statuses.containsKey(tier)) {
|
|||
|
var tierStr = tiersStrings[tier];
|
|||
|
if (tierStr == null) {
|
|||
|
throw FusionError('server reported status on tier we are not registered for');
|
|||
|
}
|
|||
|
if (tier == besttimetier) {
|
|||
|
displayBest.insert(0, '**$tierStr**');
|
|||
|
} else if (maxtiers.contains(tier)) {
|
|||
|
displayBest.add('[$tierStr]');
|
|||
|
} else {
|
|||
|
displayMid.add(tierStr);
|
|||
|
}
|
|||
|
} else {
|
|||
|
displayQueued.add(tiersStrings[tier]!);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
var parts = <String>[];
|
|||
|
if (displayBest.isNotEmpty || displayMid.isNotEmpty) {
|
|||
|
parts.add("Tiers: ${displayBest.join(', ')} ${displayMid.join(', ')}");
|
|||
|
}
|
|||
|
if (displayQueued.isNotEmpty) {
|
|||
|
parts.add("Queued: ${displayQueued.join(', ')}");
|
|||
|
}
|
|||
|
var tiersString = parts.join(' ');
|
|||
|
|
|||
|
if (besttime == null && inactiveTimeLimit != null) {
|
|||
|
if (DateTime.now().millisecondsSinceEpoch > inactiveTimeLimit) {
|
|||
|
throw FusionError('stopping due to inactivity');
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
if (besttime != null) {
|
|||
|
status = Tuple<String, String>('waiting', 'Starting in ${besttime}s. $tiersString');
|
|||
|
} else if (maxfraction >= 1) {
|
|||
|
status = Tuple<String, String>('waiting', 'Starting soon. $tiersString');
|
|||
|
} else if (displayBest.isNotEmpty || displayMid.isNotEmpty) {
|
|||
|
status = Tuple<String, String>('waiting', '${(maxfraction * 100).round()}% full. $tiersString');
|
|||
|
} else {
|
|||
|
status = Tuple<String, String>('waiting', tiersString);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
var fieldInfoFusionBegin = msg.info_.byName["fusionbegin"];
|
|||
|
if (fieldInfoFusionBegin == null) {
|
|||
|
throw FusionError('Expected field not found in message: fusionbegin');
|
|||
|
}
|
|||
|
|
|||
|
bool messageIsFusionBegin = msg.hasField(fieldInfoFusionBegin.tagNumber);
|
|||
|
if (!messageIsFusionBegin) {
|
|||
|
throw FusionError('Expected a FusionBegin message');
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
t_fusionBegin = DateTime.now();
|
|||
|
|
|||
|
|
|||
|
var clockMismatch = msg.serverTime - DateTime.now().millisecondsSinceEpoch / 1000;
|
|||
|
if (clockMismatch.abs() > Protocol.MAX_CLOCK_DISCREPANCY) {
|
|||
|
throw FusionError("Clock mismatch too large: ${clockMismatch.toStringAsFixed(3)}.");
|
|||
|
}
|
|||
|
|
|||
|
tier = msg.tier;
|
|||
|
if (msg is FusionBegin) {
|
|||
|
covertDomainB = Uint8List.fromList(msg.covertDomain);
|
|||
|
}
|
|||
|
|
|||
|
covertPort = msg.covertPort;
|
|||
|
covertSSL = msg.covertSSL;
|
|||
|
beginTime = msg.serverTime;
|
|||
|
|
|||
|
lastHash = Util.calcInitialHash(tier, covertDomainB, covertPort, covertSSL, beginTime);
|
|||
|
|
|||
|
var outAmounts = tierOutputs[tier];
|
|||
|
var outAddrs = Util.reserve_change_addresses(outAmounts?.length ?? 0);
|
|||
|
|
|||
|
reservedAddresses = outAddrs;
|
|||
|
outputs = Util.zip(outAmounts ?? [], outAddrs).map((pair) => Output(value: pair[0], addr: pair[1])).toList();
|
|||
|
|
|||
|
safetyExcessFee = safety_exess_fees[tier] ?? 0;
|
|||
|
|
|||
|
print("starting fusion rounds at tier $tier: ${coins.length} inputs and ${outputs.length} outputs");
|
|||
|
}
|
|||
|
|
|||
|
Future<CovertSubmitter> startCovert() async {
|
|||
|
status = Tuple('running', 'Setting up Tor connections');
|
|||
|
|
|||
|
String covertDomain;
|
|||
|
try {
|
|||
|
covertDomain = utf8.decode(covertDomainB);
|
|||
|
} catch (e) {
|
|||
|
throw FusionError('badly encoded covert domain');
|
|||
|
}
|
|||
|
CovertSubmitter covert = CovertSubmitter(
|
|||
|
covertDomain,
|
|||
|
covertPort,
|
|||
|
covertSSL,
|
|||
|
tor_host,
|
|||
|
tor_port,
|
|||
|
numComponents,
|
|||
|
Protocol.COVERT_SUBMIT_WINDOW,
|
|||
|
Protocol.COVERT_SUBMIT_TIMEOUT
|
|||
|
);
|
|||
|
try {
|
|||
|
covert.scheduleConnections(
|
|||
|
t_fusionBegin,
|
|||
|
Duration(seconds: Protocol.COVERT_CONNECT_WINDOW.toInt()),
|
|||
|
numSpares: Protocol.COVERT_CONNECT_SPARES.toInt(),
|
|||
|
connectTimeout: Protocol.COVERT_CONNECT_TIMEOUT.toInt()
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
// loop until a just a bit before we're expecting startRound, watching for status updates
|
|||
|
final tend = t_fusionBegin.add(Duration(seconds: (Protocol.WARMUP_TIME - Protocol.WARMUP_SLOP - 1).round()));
|
|||
|
|
|||
|
while (DateTime.now().millisecondsSinceEpoch / 1000 < tend.millisecondsSinceEpoch / 1000) {
|
|||
|
|
|||
|
int numConnected = covert.slots.where((s) => s.covConn?.connection != null).length;
|
|||
|
|
|||
|
int numSpareConnected = covert.spareConnections.where((c) => c.connection != null).length;
|
|||
|
|
|||
|
status = Tuple('running', 'Setting up Tor connections ($numConnected+$numSpareConnected out of $numComponents)');
|
|||
|
|
|||
|
await Future.delayed(Duration(seconds: 1));
|
|||
|
|
|||
|
covert.checkOk();
|
|||
|
this.check_stop();
|
|||
|
this.check_coins();
|
|||
|
}
|
|||
|
} catch (e) {
|
|||
|
covert.stop();
|
|||
|
rethrow;
|
|||
|
}
|
|||
|
|
|||
|
return covert;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
void runRound(CovertSubmitter covert) async {
|
|||
|
status = Tuple('running', 'Starting round ${roundcount.toString()}');
|
|||
|
int timeoutInSeconds = (2 * Protocol.WARMUP_SLOP + Protocol.STANDARD_TIMEOUT).toInt();
|
|||
|
var msg = await recv(['startround'], timeout: Duration(seconds: timeoutInSeconds));
|
|||
|
|
|||
|
// Record the time we got this message; it forms the basis time for all covert activities.
|
|||
|
final covertT0 = DateTime.now().millisecondsSinceEpoch / 1000;
|
|||
|
double covertClock() => (DateTime.now().millisecondsSinceEpoch / 1000) - covertT0;
|
|||
|
|
|||
|
final roundTime = (msg as StartRound).serverTime;
|
|||
|
|
|||
|
// Check the server's declared unix time, which will be committed.
|
|||
|
final clockMismatch = (msg as StartRound).serverTime - DateTime.now().millisecondsSinceEpoch / 1000;
|
|||
|
if (clockMismatch.abs() > Protocol.MAX_CLOCK_DISCREPANCY) {
|
|||
|
throw FusionError("Clock mismatch too large: ${clockMismatch.toInt().toStringAsPrecision(3)}.");
|
|||
|
}
|
|||
|
|
|||
|
if (t_fusionBegin != null) {
|
|||
|
// On the first startround message, check that the warmup time was within acceptable bounds.
|
|||
|
final lag = covertT0 - (t_fusionBegin.millisecondsSinceEpoch / 1000) - Protocol.WARMUP_TIME;
|
|||
|
if (lag.abs() > Protocol.WARMUP_SLOP) {
|
|||
|
throw FusionError("Warmup period too different from expectation (|${lag.toStringAsFixed(3)}s| > ${Protocol.WARMUP_SLOP.toStringAsFixed(3)}s).");
|
|||
|
}
|
|||
|
t_fusionBegin = DateTime.now();
|
|||
|
}
|
|||
|
|
|||
|
print("round starting at ${DateTime.now().millisecondsSinceEpoch / 1000}");
|
|||
|
|
|||
|
final inputFees = coins.map((e) => Util.componentFee(e.sizeOfInput(), componentFeeRate.toInt())).reduce((a, b) => a + b);
|
|||
|
final outputFees = outputs.length * Util.componentFee(34, componentFeeRate.toInt());
|
|||
|
|
|||
|
final sumIn = coins.map((e) => e.amount).reduce((a, b) => a + b);
|
|||
|
final sumOut = outputs.map((e) => e.value).reduce((a, b) => a + b);
|
|||
|
|
|||
|
final totalFee = sumIn - sumOut;
|
|||
|
final excessFee = totalFee - inputFees - outputFees;
|
|||
|
final safeties = [
|
|||
|
sumIn == safety_sum_in,
|
|||
|
excessFee == safetyExcessFee,
|
|||
|
excessFee <= Protocol.MAX_EXCESS_FEE,
|
|||
|
totalFee <= Protocol.MAX_FEE,
|
|||
|
];
|
|||
|
|
|||
|
if (!safeties.every((element) => element)) {
|
|||
|
throw Exception("(BUG!) Funds re-check failed -- aborting for safety. ${safeties.toString()}");
|
|||
|
}
|
|||
|
|
|||
|
final roundPubKey = (msg as StartRound).roundPubkey;
|
|||
|
|
|||
|
final blindNoncePoints = (msg as StartRound).blindNoncePoints;
|
|||
|
if (blindNoncePoints.length != numComponents) {
|
|||
|
throw FusionError('blind nonce miscount');
|
|||
|
}
|
|||
|
|
|||
|
final numBlanks = numComponents - coins.length - outputs.length;
|
|||
|
final List<ComponentResult> genComponentsResults = genComponents(numBlanks, coins, outputs, componentFeeRate.toInt());
|
|||
|
|
|||
|
final List<Uint8List> myCommitments = [];
|
|||
|
final List<int> myComponentSlots = [];
|
|||
|
final List<Uint8List> myComponents = [];
|
|||
|
final List<Proof> myProofs = [];
|
|||
|
final List<Uint8List> privKeys = [];
|
|||
|
final List<dynamic> pedersenAmount = []; // replace dynamic with the actual type
|
|||
|
final List<dynamic> pedersenNonce = []; // replace dynamic with the actual type
|
|||
|
|
|||
|
for (var genComponentResult in genComponentsResults) {
|
|||
|
myCommitments.add(genComponentResult.commitment);
|
|||
|
myComponentSlots.add(genComponentResult.counter);
|
|||
|
myComponents.add(genComponentResult.component);
|
|||
|
myProofs.add(genComponentResult.proof);
|
|||
|
privKeys.add(genComponentResult.privateKey);
|
|||
|
pedersenAmount.add(genComponentResult.pedersenAmount);
|
|||
|
pedersenNonce.add(genComponentResult.pedersenNonce);
|
|||
|
}
|
|||
|
assert(excessFee == pedersenAmount.reduce((a, b) => a + b)); // sanity check that we didn't mess up the above
|
|||
|
assert(myComponents.toSet().length == myComponents.length); // no duplicates
|
|||
|
|
|||
|
// Need to implement this! schnorr is from EC schnorr.py
|
|||
|
var blindSigRequests = <dynamic>[];
|
|||
|
|
|||
|
/*
|
|||
|
final blindSigRequests = blindNoncePoints.map((e) => Schnorr.BlindSignatureRequest(roundPubKey, e, sha256(myComponents.elementAt(e)))).toList();
|
|||
|
|
|||
|
*/
|
|||
|
final randomNumber = Util.getRandomBytes(32);
|
|||
|
covert.checkOk();
|
|||
|
check_stop();
|
|||
|
check_coins();
|
|||
|
|
|||
|
|
|||
|
await send(PlayerCommit(
|
|||
|
initialCommitments: myCommitments,
|
|||
|
excessFee: Int64(excessFee),
|
|||
|
pedersenTotalNonce: pedersenNonce.cast<int>(),
|
|||
|
randomNumberCommitment: sha256.convert(randomNumber).bytes,
|
|||
|
blindSigRequests: blindSigRequests.map((r) => r.getRequest() as List<int>).toList(),
|
|||
|
));
|
|||
|
|
|||
|
|
|||
|
msg = await recv(['blindsigresponses'], timeout: Duration(seconds: Protocol.T_START_COMPS.toInt()));
|
|||
|
|
|||
|
|
|||
|
if (msg is BlindSigResponses) {
|
|||
|
var typedMsg = msg as BlindSigResponses;
|
|||
|
assert(typedMsg.scalars.length == blindSigRequests.length);
|
|||
|
} else {
|
|||
|
// Handle the case where msg is not of type BlindSigResponses
|
|||
|
throw Exception('Unexpected message type: ${msg.runtimeType}');
|
|||
|
}
|
|||
|
|
|||
|
final blindSigs = List.generate(
|
|||
|
blindSigRequests.length,
|
|||
|
(index) {
|
|||
|
if (msg is BlindSigResponses) {
|
|||
|
var typedMsg = msg as BlindSigResponses;
|
|||
|
return blindSigRequests[index].finalize(typedMsg.scalars[index], check: true);
|
|||
|
} else {
|
|||
|
// Handle the case where msg is not of type BlindSigResponses
|
|||
|
throw Exception('Unexpected message type: ${msg.runtimeType}');
|
|||
|
}
|
|||
|
},
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
// Sleep until the covert component phase really starts, to catch covert connection failures.
|
|||
|
var remainingTime = Protocol.T_START_COMPS - covertClock();
|
|||
|
if (remainingTime < 0) {
|
|||
|
throw FusionError('Arrived at covert-component phase too slowly.');
|
|||
|
}
|
|||
|
await Future.delayed(Duration(seconds: remainingTime.floor()));
|
|||
|
|
|||
|
// Our final check to leave the fusion pool, before we start telling our
|
|||
|
// components. This is much more annoying since it will cause the round
|
|||
|
// to fail, but since we would end up killing the round anyway then it's
|
|||
|
// best for our privacy if we just leave now.
|
|||
|
// (This also is our first call to check_connected.)
|
|||
|
covert.checkConnected();
|
|||
|
check_coins();
|
|||
|
|
|||
|
// Start covert component submissions
|
|||
|
print("starting covert component submission");
|
|||
|
status = Tuple('running', 'covert submission: components');
|
|||
|
|
|||
|
// If we fail after this point, we want to stop connections gradually and
|
|||
|
// randomly. We don't want to stop them all at once, since if we had already
|
|||
|
// provided our input components then it would be a leak to have them all drop at once.
|
|||
|
covert.setStopTime((covertT0 + Protocol.T_START_CLOSE).toInt());
|
|||
|
|
|||
|
|
|||
|
// Schedule covert submissions.
|
|||
|
List<CovertComponent?> messages = List.filled(myComponents.length, null);
|
|||
|
|
|||
|
for (var i = 0; i < myComponents.length; i++) {
|
|||
|
messages[myComponentSlots[i]] = CovertComponent(
|
|||
|
roundPubkey: roundPubKey,
|
|||
|
signature: blindSigs[i],
|
|||
|
component: myComponents[i]
|
|||
|
);
|
|||
|
}
|
|||
|
if (messages.any((element) => element == null)) {
|
|||
|
throw FusionError('Messages list includes null values.');
|
|||
|
}
|
|||
|
|
|||
|
final targetDateTime = DateTime.fromMillisecondsSinceEpoch(((covertT0 + Protocol.T_START_COMPS) * 1000).toInt());
|
|||
|
covert.scheduleSubmissions(targetDateTime, messages);
|
|||
|
|
|||
|
|
|||
|
// While submitting, we download the (large) full commitment list.
|
|||
|
msg = await recv(['allcommitments'], timeout: Duration(seconds: Protocol.T_START_SIGS.toInt()));
|
|||
|
AllCommitments allCommitmentsMsg = msg as AllCommitments;
|
|||
|
List<InitialCommitment> allCommitments = allCommitmentsMsg.initialCommitments.map((commitmentBytes) {
|
|||
|
return InitialCommitment.fromBuffer(commitmentBytes);
|
|||
|
}).toList();
|
|||
|
|
|||
|
|
|||
|
// Quick check on the commitment list.
|
|||
|
if (allCommitments.toSet().length != allCommitments.length) {
|
|||
|
throw FusionError('Commitments list includes duplicates.');
|
|||
|
}
|
|||
|
try {
|
|||
|
List<Uint8List> allCommitmentsBytes = allCommitments.map((commitment) => commitment.writeToBuffer()).toList();
|
|||
|
myCommitmentIndexes = myCommitments.map((c) => allCommitmentsBytes.indexOf(c)).toList();
|
|||
|
|
|||
|
|
|||
|
} on Exception {
|
|||
|
throw FusionError('One or more of my commitments missing.');
|
|||
|
}
|
|||
|
|
|||
|
remainingTime = Protocol.T_START_SIGS - covertClock();
|
|||
|
if (remainingTime < 0) {
|
|||
|
throw FusionError('took too long to download commitments list');
|
|||
|
}
|
|||
|
|
|||
|
// Once all components are received, the server shares them with us:
|
|||
|
msg = await recv(['sharecovertcomponents'], timeout: Duration(seconds: Protocol.T_START_SIGS.toInt()));
|
|||
|
|
|||
|
ShareCovertComponents shareCovertComponentsMsg = msg as ShareCovertComponents;
|
|||
|
List<List<int>> allComponents = shareCovertComponentsMsg.components;
|
|||
|
bool skipSignatures = msg.getField(2);
|
|||
|
|
|||
|
// Critical check on server's response timing.
|
|||
|
if (covertClock() > Protocol.T_START_SIGS) {
|
|||
|
throw FusionError('Shared components message arrived too slowly.');
|
|||
|
}
|
|||
|
|
|||
|
covert.checkDone();
|
|||
|
|
|||
|
try {
|
|||
|
myComponentIndexes = myComponents.map((c) => allComponents.indexWhere((element) => ListEquality().equals(element, c))).toList();
|
|||
|
if (myComponentIndexes.contains(-1)) {
|
|||
|
throw FusionError('One or more of my components missing.');
|
|||
|
}
|
|||
|
} on StateError {
|
|||
|
throw FusionError('One or more of my components missing.');
|
|||
|
}
|
|||
|
|
|||
|
// Need to implement: check the components list and see if there are enough inputs/outputs
|
|||
|
// for there to be significant privacy.
|
|||
|
|
|||
|
List<List<int>> allCommitmentsBytes = allCommitments.map((commitment) => commitment.writeToBuffer().toList()).toList();
|
|||
|
List<int> sessionHash = Util.calcRoundHash(lastHash, roundPubKey, roundTime.toInt(), allCommitmentsBytes, allComponents);
|
|||
|
|
|||
|
|
|||
|
if (shareCovertComponentsMsg.sessionHash != null && !ListEquality().equals(shareCovertComponentsMsg.sessionHash, sessionHash)) {
|
|||
|
|
|||
|
throw FusionError('Session hash mismatch (bug!)');
|
|||
|
}
|
|||
|
|
|||
|
if (!shareCovertComponentsMsg.skipSignatures) {
|
|||
|
print("starting covert signature submission");
|
|||
|
status = Tuple('running', 'covert submission: signatures');
|
|||
|
|
|||
|
if (allComponents
|
|||
|
.toSet()
|
|||
|
.length != allComponents.length) {
|
|||
|
throw FusionError('Server component list includes duplicates.');
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
var txInputIndices = Transaction.txFromComponents(
|
|||
|
allComponents, sessionHash);
|
|||
|
|
|||
|
|
|||
|
Tuple txData = Transaction.txFromComponents(allComponents, sessionHash);
|
|||
|
tx = txData.item1;
|
|||
|
List<int> inputIndices = txData.item2;
|
|||
|
|
|||
|
|
|||
|
List<
|
|||
|
CovertTransactionSignature?> covertTransactionSignatureMessages = List<
|
|||
|
CovertTransactionSignature?>.filled(myComponents.length, null);
|
|||
|
|
|||
|
var my_combined = List<Tuple<int, Input>>.generate(
|
|||
|
inputIndices.length,
|
|||
|
(index) => Tuple(inputIndices[index], tx.Inputs[index]),
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
|
|||
|
for (var i = 0; i < my_combined.length; i++) {
|
|||
|
int cIdx = my_combined[i].item1;
|
|||
|
Input inp = my_combined[i].item2;
|
|||
|
|
|||
|
int myCompIdx = myComponentIndexes.indexOf(cIdx);
|
|||
|
if (myCompIdx == -1) continue; // not my input
|
|||
|
|
|||
|
var pubKey = inp.getPubKey(0);
|
|||
|
var sec = inp.getPrivKey(0);
|
|||
|
|
|||
|
var preimageBytes = tx.serializePreimage(i, 0x41, useCache: true);
|
|||
|
var sighash = sha256.convert(sha256.convert(preimageBytes).bytes);
|
|||
|
|
|||
|
//var sig = schnorr.sign(sec, sighash); // Needs implementation
|
|||
|
var sig = <int>[0, 1, 2, 3, 4]; // dummy placeholder
|
|||
|
|
|||
|
covertTransactionSignatureMessages[myComponentSlots[myCompIdx]] =
|
|||
|
CovertTransactionSignature(txsignature: sig, whichInput: i);
|
|||
|
}
|
|||
|
|
|||
|
DateTime covertT0DateTime = DateTime.fromMillisecondsSinceEpoch(
|
|||
|
covertT0.toInt() * 1000); // covertT0 is in seconds
|
|||
|
covert.scheduleSubmissions(
|
|||
|
covertT0DateTime.add(
|
|||
|
Duration(milliseconds: Protocol.T_START_SIGS.toInt())),
|
|||
|
covertTransactionSignatureMessages
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
// wait for result
|
|||
|
int timeoutMillis = (Protocol.T_EXPECTING_CONCLUSION -
|
|||
|
Protocol.TS_EXPECTING_COVERT_COMPONENTS).toInt();
|
|||
|
Duration timeout = Duration(milliseconds: timeoutMillis);
|
|||
|
msg = await recv(['fusionresult'], timeout: timeout);
|
|||
|
|
|||
|
|
|||
|
// Critical check on server's response timing.
|
|||
|
if (covertClock() > Protocol.T_EXPECTING_CONCLUSION) {
|
|||
|
throw FusionError('Fusion result message arrived too slowly.');
|
|||
|
}
|
|||
|
|
|||
|
covert.checkDone();
|
|||
|
FusionResult fusionResultMsg = msg as FusionResult;
|
|||
|
if (fusionResultMsg.ok) {
|
|||
|
List<List<int>> allSigs = msg.txsignatures;
|
|||
|
|
|||
|
// assemble the transaction.
|
|||
|
if (allSigs.length != tx.Inputs.length) {
|
|||
|
throw FusionError('Server gave wrong number of signatures.');
|
|||
|
}
|
|||
|
for (var i = 0; i < allSigs.length; i++) {
|
|||
|
List<int> sigBytes = allSigs[i];
|
|||
|
String sig = base64.encode(sigBytes);
|
|||
|
Input inp = tx.Inputs[i];
|
|||
|
if (sig.length != 64) {
|
|||
|
throw FusionError('server relayed bad signature');
|
|||
|
}
|
|||
|
inp.signatures = [sig + '41'];
|
|||
|
}
|
|||
|
|
|||
|
assert(tx.isComplete());
|
|||
|
String txHex = tx.serialize();
|
|||
|
|
|||
|
txid = tx.txid();
|
|||
|
String sumInStr = Util.formatSatoshis(sumIn,
|
|||
|
numZeros: 8);
|
|||
|
String feeStr = totalFee
|
|||
|
.toString();
|
|||
|
String feeLoc = 'fee';
|
|||
|
|
|||
|
String label = "CashFusion ${coins.length}⇢${outputs
|
|||
|
.length}, ${sumInStr} BCH (−${feeStr} sats ${feeLoc})";
|
|||
|
|
|||
|
Util.updateWalletLabel(txid, label);
|
|||
|
}
|
|||
|
|
|||
|
else {
|
|||
|
badComponents = msg.badComponents.toSet();
|
|||
|
if (badComponents.intersection(myComponentIndexes.toSet()).isNotEmpty) {
|
|||
|
print("bad components: ${badComponents.toList()} mine: ${myComponentIndexes.toList()}");
|
|||
|
throw FusionError("server thinks one of my components is bad!");
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
}
|
|||
|
else { // skip_signatures True
|
|||
|
Set<int> badComponents = Set<int>();
|
|||
|
}
|
|||
|
|
|||
|
// ### Blame phase ###
|
|||
|
|
|||
|
|
|||
|
covert.setStopTime((covertT0 + Protocol.T_START_CLOSE_BLAME).floor());
|
|||
|
|
|||
|
print("sending proofs");
|
|||
|
status = Tuple('running', 'round failed - sending proofs');
|
|||
|
|
|||
|
|
|||
|
// create a list of commitment indexes, but leaving out mine.
|
|||
|
List<int> othersCommitmentIdxes = [];
|
|||
|
for(int i=0; i<allCommitments.length; i++) {
|
|||
|
if (!myCommitmentIndexes.contains(i)) {
|
|||
|
othersCommitmentIdxes.add(i);
|
|||
|
}
|
|||
|
}
|
|||
|
int N = othersCommitmentIdxes.length;
|
|||
|
assert(N == allCommitments.length - myCommitments.length);
|
|||
|
if (N == 0) {
|
|||
|
throw FusionError("Fusion failed with only me as player -- I can only blame myself.");
|
|||
|
}
|
|||
|
|
|||
|
// where should I send my proofs?
|
|||
|
List<InitialCommitment> dstCommits = [];
|
|||
|
for(int i=0; i<myCommitments.length; i++) {
|
|||
|
dstCommits.add(allCommitments[othersCommitmentIdxes[Util.randPosition(randomNumber, N, i)]]);
|
|||
|
}
|
|||
|
|
|||
|
// generate the encrypted proofs
|
|||
|
List<String> encproofs = List<String>.filled(myCommitments.length, '');
|
|||
|
|
|||
|
|
|||
|
ECDomainParameters params = ECDomainParameters('secp256k1');
|
|||
|
for (int i=0; i<dstCommits.length; i++) {
|
|||
|
InitialCommitment msg = dstCommits[i];
|
|||
|
Proof proof = myProofs[i];
|
|||
|
proof.componentIdx = myComponentIndexes[i];
|
|||
|
|
|||
|
ECPoint? communicationKeyPointMaybe = params.curve.decodePoint(Uint8List.fromList(msg.communicationKey));
|
|||
|
if (communicationKeyPointMaybe == null) {
|
|||
|
// handle the error case here, e.g., throw an exception or skip this iteration.
|
|||
|
continue;
|
|||
|
}
|
|||
|
ECPoint communicationKeyPoint = communicationKeyPointMaybe;
|
|||
|
|
|||
|
try {
|
|||
|
Uint8List encryptedData = await encrypt(proof.writeToBuffer(), communicationKeyPoint, padToLength: 80);
|
|||
|
encproofs[i] = String.fromCharCodes(encryptedData);
|
|||
|
} catch (EncryptionFailed) {
|
|||
|
// The communication key was bad (probably invalid x coordinate).
|
|||
|
// We will just send a blank. They can't even blame us since there is no private key! :)
|
|||
|
continue;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
List<Uint8List> encodedEncproofs = encproofs.map((e) => Uint8List.fromList(e.codeUnits)).toList();
|
|||
|
this.send(MyProofsList(encryptedProofs: encodedEncproofs, randomNumber: randomNumber));
|
|||
|
|
|||
|
status = Tuple('running', 'round failed - checking proofs');
|
|||
|
|
|||
|
print("receiving proofs");
|
|||
|
msg = await this.recv(['theirproofslist'], timeout: Duration(seconds: (2 * Protocol.STANDARD_TIMEOUT).round()));
|
|||
|
|
|||
|
List<Blames_BlameProof> blames = [];
|
|||
|
|
|||
|
int countInputs = 0;
|
|||
|
|
|||
|
TheirProofsList proofsList = msg as TheirProofsList;
|
|||
|
|
|||
|
var privKey;
|
|||
|
var commitmentBlob;
|
|||
|
for (var i = 0; i < proofsList.proofs.length; i++) {
|
|||
|
var rp = msg.proofs[i];
|
|||
|
try {
|
|||
|
privKey = privKeys[rp.dstKeyIdx];
|
|||
|
commitmentBlob = allCommitments[rp.srcCommitmentIdx];
|
|||
|
} on RangeError catch (e) {
|
|||
|
throw FusionError("Server relayed bad proof indices");
|
|||
|
}
|
|||
|
|
|||
|
var sKey;
|
|||
|
var proofBlob;
|
|||
|
|
|||
|
|
|||
|
|
|||
|
try {
|
|||
|
var result = await decrypt(Uint8List.fromList(rp.encryptedProof), privKey);
|
|||
|
proofBlob = result.item1; // First item is the decrypted data
|
|||
|
sKey = result.item2; // Second item is the symmetric key
|
|||
|
} on Exception catch (e) {
|
|||
|
print("found an undecryptable proof");
|
|||
|
blames.add(Blames_BlameProof(whichProof: i, privkey: privKey, blameReason: 'undecryptable'));
|
|||
|
continue;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
var commitment = InitialCommitment();
|
|||
|
try {
|
|||
|
commitment.mergeFromBuffer(commitmentBlob); // Method to parse protobuf data
|
|||
|
} on FormatException catch (e) {
|
|||
|
throw FusionError("Server relayed bad commitment");
|
|||
|
}
|
|||
|
|
|||
|
var inpComp;
|
|||
|
|
|||
|
try {
|
|||
|
// Convert allComponents to List<Uint8List>
|
|||
|
List<Uint8List> allComponentsUint8 = allComponents.map((component) => Uint8List.fromList(component)).toList();
|
|||
|
// Convert badComponents to List<int>
|
|||
|
List<int> badComponentsList = badComponents.toList();
|
|||
|
// Convert componentFeeRate to int if it's double
|
|||
|
int componentFeerateInt = componentFeeRate.round(); // or use .toInt() if you want to truncate instead of rounding
|
|||
|
|
|||
|
var inpComp = validateProofInternal(proofBlob, commitment, allComponentsUint8, badComponentsList, componentFeerateInt);
|
|||
|
} on Exception catch (e) {
|
|||
|
print("found an erroneous proof: ${e.toString()}");
|
|||
|
var blameProof = Blames_BlameProof();
|
|||
|
blameProof.whichProof = i;
|
|||
|
blameProof.sessionKey = sKey;
|
|||
|
blameProof.blameReason = e.toString();
|
|||
|
blames.add(blameProof);
|
|||
|
continue;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
if (inpComp != null) {
|
|||
|
countInputs++;
|
|||
|
try {
|
|||
|
Util.checkInputElectrumX(inpComp);
|
|||
|
} on Exception catch (e) {
|
|||
|
print("found a bad input [${rp.srcCommitmentIdx}]: $e (${inpComp.prevTxid.reversed.toList().toHex()}:${inpComp.prevIndex})");
|
|||
|
|
|||
|
var blameProof = Blames_BlameProof();
|
|||
|
blameProof.whichProof = i;
|
|||
|
blameProof.sessionKey = sKey;
|
|||
|
blameProof.blameReason = 'input does not match blockchain: ' + e.toString();
|
|||
|
blameProof.needLookupBlockchain = true;
|
|||
|
blames.add(blameProof);
|
|||
|
|
|||
|
} catch (e) {
|
|||
|
print("verified an input internally, but was unable to check it against blockchain: ${e}");
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
}
|
|||
|
print("checked ${msg.proofs.length} proofs, $countInputs of them inputs");
|
|||
|
|
|||
|
print("sending blames");
|
|||
|
send(Blames(blames: blames));
|
|||
|
|
|||
|
status = Tuple('running', 'awaiting restart');
|
|||
|
|
|||
|
// Await the final 'restartround' message. It might take some time
|
|||
|
// to arrive since other players might be slow, and then the server
|
|||
|
// itself needs to check blockchain.
|
|||
|
await recv(['restartround'], timeout: Duration(seconds: 2 * (Protocol.STANDARD_TIMEOUT.round() + Protocol.BLAME_VERIFY_TIME.round())));
|
|||
|
|
|||
|
|
|||
|
} // end of run_round() function.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
} // END OF CLASS
|
|||
|
|