def test_range_proof2_back(self):
proof = ring_ct.prove_range(123456789, backend_impl=True)
res = ring_ct.ver_range(proof[0], proof[2])
self.assertTrue(res)
res = ring_ct.ver_range(
crypto.point_add(proof[0], crypto.scalarmult_base(crypto.sc_init(4))),
proof[2],
)
self.assertFalse(res)
async def _out_proc_range_proof(self, rsig):
if self._is_req_bulletproof():
rsig.V = []
batch_size = self.ct.rsig_batches[self.ct.cur_batch_idx]
for i in range(batch_size):
commitment = self.ct.tx_out_pk[1 + self.ct.cur_output_idx -
batch_size + i].mask
commitment = crypto.scalarmult(crypto.decodepoint(commitment),
crypto.sc_inv_eight())
rsig.V.append(crypto.encodepoint(commitment))
self.ct.tx_out_rsigs.append(rsig)
# Rsig verification
try:
if not ring_ct.ver_range(
C=crypto.decodepoint(self.ct.tx_out_pk[-1].mask),
rsig=rsig,
use_bulletproof=self._is_req_bulletproof(),
):
logger.warning("Rsing not valid")
except Exception as e:
logger.error("Exception rsig: %s" % e)
traceback.print_exc()
def test_range_proof3(self):
proof = ring_ct.prove_range(123456789)
rsig = proof[2]
monero.recode_rangesig(rsig, encode=False)
monero.recode_rangesig(rsig, encode=True)
res = ring_ct.ver_range(proof[0], rsig)
self.assertTrue(res)
def test_range_proof2_old(self):
proof = ring_ct.prove_range(123456789,
use_asnl=True,
mem_opt=False,
decode=True)
res = ring_ct.ver_range(proof[0],
proof[2],
use_asnl=True,
decode=False)
self.assertTrue(res)
res = ring_ct.ver_range(
crypto.point_add(proof[0],
crypto.scalarmult_base(crypto.sc_init(4))),
proof[2],
use_asnl=True,
decode=False,
)
self.assertFalse(res)
def test_range_proof_old(self):
proof = ring_ct.prove_range(0,
use_asnl=True,
mem_opt=False,
decode=True)
res = ring_ct.ver_range(proof[0],
proof[2],
use_asnl=True,
decode=False)
self.assertTrue(res)
def test_range_proof(self):
proof = ring_ct.prove_range(0)
res = ring_ct.ver_range(proof[0], proof[2])
self.assertTrue(res)
self.assertTrue(
crypto.point_eq(
proof[0],
crypto.point_add(crypto.scalarmult_base(proof[1]),
crypto.scalarmult_h(0)),
))
proof = ring_ct.prove_range(0, mem_opt=False)
res = ring_ct.ver_range(proof[0], proof[2])
self.assertTrue(res)
self.assertTrue(
crypto.point_eq(
proof[0],
crypto.point_add(crypto.scalarmult_base(proof[1]),
crypto.scalarmult_h(0)),
))
async def _on_set_outputs_ack(self, t_res):
self.ct.tx.vout.append(await tmisc.parse_msg(t_res.tx_out,
xmrtypes.TxOut()))
self.ct.tx_out_hmacs.append(t_res.vouti_hmac)
self.ct.tx_out_pk.append(await tmisc.parse_msg(t_res.out_pk,
xmrtypes.CtKey()))
self.ct.tx_out_ecdh.append(await
tmisc.parse_msg(t_res.ecdh_info,
xmrtypes.EcdhTuple()))
rsig_buff = None
if t_res.rsig_data:
tsig_data = t_res.rsig_data
if tsig_data.rsig and len(tsig_data.rsig) > 0:
rsig_buff = tsig_data.rsig
elif tsig_data.rsig_parts and len(tsig_data.rsig_parts) > 0:
rsig_buff = b"".join(tsig_data.rsig_parts)
if rsig_buff and not self._is_req_bulletproof():
rsig = await tmisc.parse_msg(rsig_buff, xmrtypes.RangeSig())
elif rsig_buff:
rsig = await tmisc.parse_msg(rsig_buff, xmrtypes.Bulletproof())
else:
return
if self._is_req_bulletproof():
rsig.V = []
batch_size = self.ct.rsig_batches[self.ct.cur_batch_idx]
for i in range(batch_size):
commitment = self.ct.tx_out_pk[1 + self.ct.cur_output_idx -
batch_size + i].mask
commitment = crypto.scalarmult(crypto.decodepoint(commitment),
crypto.sc_inv_eight())
rsig.V.append(crypto.encodepoint(commitment))
self.ct.tx_out_rsigs.append(rsig)
# Rsig verification
try:
if not ring_ct.ver_range(
C=crypto.decodepoint(self.ct.tx_out_pk[-1].mask),
rsig=rsig,
use_bulletproof=self._is_req_bulletproof(),
):
logger.warning("Rsing not valid")
except Exception as e:
logger.error("Exception rsig: %s" % e)
traceback.print_exc()
self.ct.cur_batch_idx += 1
self.ct.cur_output_in_batch_idx = 0
def test_range_proof2(self):
amount = 17 + (1 << 60)
proof = ring_ct.prove_range(amount)
res = ring_ct.ver_range(proof[0], proof[2])
self.assertTrue(res)
self.assertTrue(
crypto.point_eq(
proof[0],
crypto.point_add(crypto.scalarmult_base(proof[1]),
crypto.scalarmult_h(amount)),
))
proof = ring_ct.prove_range(amount, mem_opt=False, decode=True)
res = ring_ct.ver_range(proof[0], proof[2], decode=False)
self.assertTrue(res)
res = ring_ct.ver_range(
crypto.point_add(proof[0],
crypto.scalarmult_base(crypto.sc_init(4))),
proof[2],
decode=False,
)
self.assertFalse(res)
def test_range_proof_back(self):
proof = ring_ct.prove_range(0, backend_impl=True)
res = ring_ct.ver_range(proof[0], proof[2])
self.assertTrue(res)
async def gen_rct_header(self, destinations, outamounts):
"""
Initializes RV RctSig structure, processes outputs, computes range proofs, ecdh info masking.
Common to gen_rct and gen_rct_simple.
:param destinations:
:param outamounts:
:return:
"""
rv = xmrtypes.RctSig()
rv.p = xmrtypes.RctSigPrunable()
rv.message = self.tx_prefix_hash
rv.outPk = [None] * len(destinations)
if self.use_bulletproof:
rv.p.bulletproofs = [None] * len(destinations)
else:
rv.p.rangeSigs = [None] * len(destinations)
rv.ecdhInfo = [None] * len(destinations)
# Output processing
sumout = crypto.sc_0()
out_sk = [None] * len(destinations)
for idx in range(len(destinations)):
rv.outPk[idx] = xmrtypes.CtKey(dest=crypto.encodepoint(destinations[idx]))
C, mask, rsig = None, 0, None
# Rangeproof
if self.use_bulletproof:
raise ValueError("Bulletproof not yet supported")
else:
C, mask, rsig = ring_ct.prove_range(outamounts[idx])
rv.p.rangeSigs[idx] = rsig
if __debug__:
assert ring_ct.ver_range(C, rsig)
assert crypto.point_eq(
C,
crypto.point_add(
crypto.scalarmult_base(mask),
crypto.scalarmult_h(outamounts[idx]),
),
)
# Mask sum
rv.outPk[idx].mask = crypto.encodepoint(C)
sumout = crypto.sc_add(sumout, mask)
out_sk[idx] = xmrtypes.CtKey(mask=mask)
# ECDH masking
amount_key = crypto.encodeint(self.output_secrets[idx][0])
rv.ecdhInfo[idx] = xmrtypes.EcdhTuple(
mask=mask, amount=crypto.sc_init(outamounts[idx])
)
rv.ecdhInfo[idx] = ring_ct.ecdh_encode(
rv.ecdhInfo[idx], derivation=amount_key
)
monero.recode_ecdh(rv.ecdhInfo[idx], encode=True)
return rv, sumout, out_sk
async def verify(self, tx, con_data=None, creds=None):
"""
Transaction verification
:param tx:
:param con_data:
:param creds:
:return:
"""
# Unserialize the transaction
tx_obj = xmrtypes.Transaction()
reader = xmrserialize.MemoryReaderWriter(bytearray(tx))
ar1 = xmrserialize.Archive(reader, False)
await ar1.message(tx_obj, msg_type=xmrtypes.Transaction)
extras = await monero.parse_extra_fields(tx_obj.extra)
monero.expand_transaction(tx_obj)
tx_pub = crypto.decodepoint(monero.find_tx_extra_field_by_type(
extras, xmrtypes.TxExtraPubKey
).pub_key)
additional_pub_keys = monero.find_tx_extra_field_by_type(
extras, xmrtypes.TxExtraAdditionalPubKeys
)
additional_pub_keys = [crypto.decodepoint(x) for x in additional_pub_keys.data] if additional_pub_keys is not None else None
# Verify range proofs
out_idx = 0
is_bp = tx_obj.rct_signatures.type in [RctType.SimpleBulletproof, RctType.FullBulletproof]
if not is_bp:
for idx, rsig in enumerate(tx_obj.rct_signatures.p.rangeSigs):
out_pk = tx_obj.rct_signatures.outPk[idx]
C = crypto.decodepoint(out_pk.mask)
rsig = tx_obj.rct_signatures.p.rangeSigs[idx]
res = ring_ct.ver_range(C, rsig, use_bulletproof=is_bp)
self.assertTrue(res)
else:
for idx, rsig in enumerate(tx_obj.rct_signatures.p.bulletproofs):
rsig_num_outs = min(len(tx_obj.rct_signatures.outPk), 1 << (len(rsig.L) - 6))
outs = tx_obj.rct_signatures.outPk[out_idx : out_idx + rsig_num_outs]
rsig.V = [crypto.encodepoint(ring_ct.bp_comm_to_v(crypto.decodepoint(xx.mask))) for xx in outs]
res = ring_ct.ver_range(None, rsig, use_bulletproof=is_bp)
self.assertTrue(res)
# Prefix hash
prefix_hash = await monero.get_transaction_prefix_hash(tx_obj)
is_simple = len(tx_obj.vin) > 1 or is_bp
self.assertEqual(prefix_hash, con_data.tx_prefix_hash)
tx_obj.rct_signatures.message = prefix_hash
# MLSAG hash
mlsag_hash = await monero.get_pre_mlsag_hash(tx_obj.rct_signatures)
# Decrypt transaction key
tx_key = misc.compute_tx_key(creds.spend_key_private, prefix_hash, salt=con_data.enc_salt1, rand_mult=con_data.enc_salt2)[0]
key_buff = chacha_poly.decrypt_pack(tx_key, con_data.enc_keys)
tx_priv_keys = [crypto.decodeint(x) for x in common.chunk(key_buff, 32) if x]
tx_priv = tx_priv_keys[0]
tx_additional_priv = tx_priv_keys[1:]
# Verify mlsag signature
monero.recode_msg(tx_obj.rct_signatures.p.MGs, encode=False)
for idx in range(len(tx_obj.vin)):
if is_simple:
mix_ring = [MoneroRctKeyPublic(dest=x[1].dest, commitment=x[1].mask) for x in con_data.tx_data.sources[idx].outputs]
if is_bp:
pseudo_out = crypto.decodepoint(bytes(tx_obj.rct_signatures.p.pseudoOuts[idx]))
else:
pseudo_out = crypto.decodepoint(bytes(tx_obj.rct_signatures.pseudoOuts[idx]))
self.assertTrue(mlsag2.ver_rct_mg_simple(
mlsag_hash, tx_obj.rct_signatures.p.MGs[idx], mix_ring, pseudo_out
))
else:
txn_fee_key = crypto.scalarmult_h(tx_obj.rct_signatures.txnFee)
mix_ring = [[MoneroRctKeyPublic(dest=x[1].dest, commitment=x[1].mask)] for x in con_data.tx_data.sources[idx].outputs]
self.assertTrue(mlsag2.ver_rct_mg(
tx_obj.rct_signatures.p.MGs[idx], mix_ring, tx_obj.rct_signatures.outPk, txn_fee_key, mlsag_hash
))
async def range_proof(self, idx, dest_pub_key, amount, amount_key):
"""
Computes rangeproof and related information - out_sk, out_pk, ecdh_info.
In order to optimize incremental transaction build, the mask computation is changed compared
to the official Monero code. In the official code, the input pedersen commitments are computed
after range proof in such a way summed masks for commitments (alpha) and rangeproofs (ai) are equal.
In order to save roundtrips we compute commitments randomly and then for the last rangeproof
a[63] = (\\sum_{i=0}^{num_inp}alpha_i - \\sum_{i=0}^{num_outs-1} amasks_i) - \\sum_{i=0}^{62}a_i
The range proof is incrementally hashed to the final_message.
:param idx:
:param dest_pub_key:
:param amount:
:param amount_key:
:return:
"""
from monero_glue.xmr import ring_ct
rsig = bytearray(32 * (64 + 64 + 64 + 1))
rsig_mv = memoryview(rsig)
out_pk = misc.StdObj(dest=dest_pub_key, mask=None)
is_last = idx + 1 == self.num_dests()
last_mask = (
None
if not is_last or not self.use_simple_rct
else crypto.sc_sub(self.sumpouts_alphas, self.sumout)
)
# Pedersen commitment on the value, mask from the commitment, range signature.
C, mask, rsig = None, 0, None
# Rangeproof
gc.collect()
if self.use_bulletproof:
raise ValueError("Bulletproof not yet supported")
else:
C, mask, rsig = ring_ct.prove_range(
amount, last_mask, backend_impl=True, byte_enc=True, rsig=rsig_mv
)
rsig = memoryview(rsig)
if __debug__:
rsig_bytes = monero.inflate_rsig(rsig)
self.assrt(ring_ct.ver_range(C, rsig_bytes))
self.assrt(
crypto.point_eq(
C,
crypto.point_add(
crypto.scalarmult_base(mask), crypto.scalarmult_h(amount)
),
),
"rproof",
)
# Incremental hashing
await self.full_message_hasher.rsig_val(
rsig, self.use_bulletproof, raw=True
)
gc.collect()
self._log_trace("rproof")
# Mask sum
out_pk.mask = crypto.encodepoint(C)
self.sumout = crypto.sc_add(self.sumout, mask)
self.output_sk.append(misc.StdObj(mask=mask))
# ECDH masking
from monero_glue.xmr.sub.recode import recode_ecdh
from monero_serialize.xmrtypes import EcdhTuple
ecdh_info = EcdhTuple(mask=mask, amount=crypto.sc_init(amount))
ecdh_info = ring_ct.ecdh_encode(
ecdh_info, derivation=crypto.encodeint(amount_key)
)
recode_ecdh(ecdh_info, encode=True)
gc.collect()
return rsig, out_pk, ecdh_info
async def test_node_transaction(self):
tx_j = pkg_resources.resource_string(
__name__, os.path.join("data", "tsx_01.json"))
tx_c = pkg_resources.resource_string(
__name__, os.path.join("data", "tsx_01_plain.txt"))
tx_u_c = pkg_resources.resource_string(
__name__, os.path.join("data", "tsx_01_uns.txt"))
tx_js = json.loads(tx_j.decode("utf8"))
reader = xmrserialize.MemoryReaderWriter(
bytearray(binascii.unhexlify(tx_c)))
ar = xmrserialize.Archive(reader, False, self._get_bc_ver())
tx = xmrtypes.Transaction()
await ar.message(tx)
reader = xmrserialize.MemoryReaderWriter(
bytearray(binascii.unhexlify(tx_u_c)))
ar = xmrserialize.Archive(reader, False, self._get_bc_ver())
uns = xmrtypes.UnsignedTxSet()
await ar.message(uns)
# Test message hash computation
tx_prefix_hash = await monero.get_transaction_prefix_hash(tx)
message = binascii.unhexlify(tx_js["tx_prefix_hash"])
self.assertEqual(tx_prefix_hash, message)
# RingCT, range sigs, hash
rv = tx.rct_signatures
rv.message = message
rv.mixRing = self.mixring(tx_js)
digest = await monero.get_pre_mlsag_hash(rv)
full_message = binascii.unhexlify(tx_js["pre_mlsag_hash"])
self.assertEqual(digest, full_message)
# Recompute missing data
monero.expand_transaction(tx)
# Unmask ECDH data, check range proofs
for i in range(len(tx_js["amount_keys"])):
ecdh = monero.copy_ecdh(rv.ecdhInfo[i])
monero.recode_ecdh(ecdh, encode=False)
ecdh = ring_ct.ecdh_decode(ecdh,
derivation=binascii.unhexlify(
tx_js["amount_keys"][i]))
self.assertEqual(crypto.sc_get64(ecdh.amount),
tx_js["outamounts"][i])
self.assertTrue(
crypto.sc_eq(
ecdh.mask,
crypto.decodeint(
binascii.unhexlify(tx_js["outSk"][i])[32:]),
))
C = crypto.decodepoint(rv.outPk[i].mask)
rsig = rv.p.rangeSigs[i]
res = ring_ct.ver_range(C, rsig)
self.assertTrue(res)
res = ring_ct.ver_range(
crypto.point_add(C, crypto.scalarmult_base(crypto.sc_init(3))),
rsig)
self.assertFalse(res)
is_simple = len(tx.vin) > 1
monero.recode_rct(rv, encode=False)
if is_simple:
for index in range(len(rv.p.MGs)):
pseudo_out = crypto.decodepoint(
binascii.unhexlify(
tx_js["tx"]["rct_signatures"]["pseudoOuts"][index]))
r = mlsag2.ver_rct_mg_simple(full_message, rv.p.MGs[index],
rv.mixRing[index], pseudo_out)
self.assertTrue(r)
r = mlsag2.ver_rct_mg_simple(full_message, rv.p.MGs[index],
rv.mixRing[index - 1], pseudo_out)
self.assertFalse(r)
else:
txn_fee_key = crypto.scalarmult_h(rv.txnFee)
r = mlsag2.ver_rct_mg(rv.p.MGs[0], rv.mixRing, rv.outPk,
txn_fee_key, digest)
self.assertTrue(r)
r = mlsag2.ver_rct_mg(
rv.p.MGs[0],
rv.mixRing,
rv.outPk,
crypto.scalarmult_h(rv.txnFee - 100),
digest,
)
self.assertFalse(r)
async def sign_transaction_data(self,
tx,
multisig=False,
exp_tx_prefix_hash=None,
use_tx_keys=None):
"""
Uses Trezor to sign the transaction
:param tx:
:type tx: xmrtypes.TxConstructionData
:param multisig:
:param exp_tx_prefix_hash:
:param use_tx_keys:
:return:
"""
self.ct = TData()
self.ct.tx_data = tx
payment_id = []
extras = await monero.parse_extra_fields(tx.extra)
extra_nonce = monero.find_tx_extra_field_by_type(
extras, xmrtypes.TxExtraNonce)
if extra_nonce and monero.has_encrypted_payment_id(extra_nonce.nonce):
payment_id = monero.get_encrypted_payment_id_from_tx_extra_nonce(
extra_nonce.nonce)
elif extra_nonce and monero.has_payment_id(extra_nonce.nonce):
payment_id = monero.get_payment_id_from_tx_extra_nonce(
extra_nonce.nonce)
# Init transaction
tsx_data = TsxData()
tsx_data.version = 1
tsx_data.payment_id = payment_id
tsx_data.unlock_time = tx.unlock_time
tsx_data.outputs = tx.splitted_dsts
tsx_data.change_dts = tx.change_dts
tsx_data.num_inputs = len(tx.sources)
tsx_data.mixin = len(tx.sources[0].outputs)
tsx_data.fee = sum([x.amount for x in tx.sources]) - sum(
[x.amount for x in tx.splitted_dsts])
tsx_data.account = tx.subaddr_account
tsx_data.minor_indices = tx.subaddr_indices
tsx_data.is_multisig = multisig
tsx_data.is_bulletproof = False
tsx_data.exp_tx_prefix_hash = common.defval(exp_tx_prefix_hash, b"")
tsx_data.use_tx_keys = common.defval(use_tx_keys, [])
self.ct.tx.unlock_time = tx.unlock_time
self.ct.tsx_data = tsx_data
tsx_data_pb = await tmisc.translate_tsx_data_pb(tsx_data)
init_msg = MoneroTransactionInitRequest(
version=0,
address_n=self.address_n,
network_type=self.network_type,
tsx_data=tsx_data_pb,
)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(init=init_msg)
) # type: MoneroTransactionInitAck
self.handle_error(t_res)
in_memory = t_res.in_memory
self.ct.tx_out_entr_hmacs = t_res.hmacs
# Set transaction inputs
for idx, src in enumerate(tx.sources):
src_bin = await tmisc.dump_msg(src)
msg = MoneroTransactionSetInputRequest(src_entr=src_bin)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(set_input=msg)
) # type: MoneroTransactionSetInputAck
self.handle_error(t_res)
vini = await tmisc.parse_msg(t_res.vini, xmrtypes.TxinToKey())
self.ct.tx.vin.append(vini)
self.ct.tx_in_hmacs.append(t_res.vini_hmac)
self.ct.pseudo_outs.append(
(t_res.pseudo_out, t_res.pseudo_out_hmac))
self.ct.alphas.append(t_res.alpha_enc)
self.ct.spend_encs.append(t_res.spend_enc)
# Sort key image
self.ct.source_permutation = list(range(len(tx.sources)))
self.ct.source_permutation.sort(
key=lambda x: self.ct.tx.vin[x].k_image, reverse=True)
def swapper(x, y):
self.ct.tx.vin[x], self.ct.tx.vin[y] = self.ct.tx.vin[
y], self.ct.tx.vin[x]
self.ct.tx_in_hmacs[x], self.ct.tx_in_hmacs[y] = (
self.ct.tx_in_hmacs[y],
self.ct.tx_in_hmacs[x],
)
self.ct.pseudo_outs[x], self.ct.pseudo_outs[y] = (
self.ct.pseudo_outs[y],
self.ct.pseudo_outs[x],
)
self.ct.alphas[x], self.ct.alphas[y] = self.ct.alphas[
y], self.ct.alphas[x]
self.ct.spend_encs[x], self.ct.spend_encs[y] = (
self.ct.spend_encs[y],
self.ct.spend_encs[x],
)
tx.sources[x], tx.sources[y] = tx.sources[y], tx.sources[x]
common.apply_permutation(self.ct.source_permutation, swapper)
if not in_memory:
msg = MoneroTransactionInputsPermutationRequest(
perm=self.ct.source_permutation)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(input_permutation=msg))
self.handle_error(t_res)
# Set vin_i back - tx prefix hashing
# Done only if not in-memory.
if not in_memory:
for idx in range(len(self.ct.tx.vin)):
msg = MoneroTransactionInputViniRequest(
src_entr=await tmisc.dump_msg(tx.sources[idx]),
vini=await tmisc.dump_msg(self.ct.tx.vin[idx]),
vini_hmac=self.ct.tx_in_hmacs[idx],
pseudo_out=self.ct.pseudo_outs[idx][0]
if not in_memory else None,
pseudo_out_hmac=self.ct.pseudo_outs[idx][1]
if not in_memory else None,
)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(input_vini=msg))
self.handle_error(t_res)
# Set transaction outputs
for idx, dst in enumerate(tx.splitted_dsts):
msg = MoneroTransactionSetOutputRequest(
dst_entr=await tmisc.dump_msg(dst),
dst_entr_hmac=self.ct.tx_out_entr_hmacs[idx],
)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(set_output=msg)
) # type: MoneroTransactionSetOutputAck
self.handle_error(t_res)
self.ct.tx.vout.append(await
tmisc.parse_msg(t_res.tx_out,
xmrtypes.TxOut()))
self.ct.tx_out_hmacs.append(t_res.vouti_hmac)
self.ct.tx_out_rsigs.append(await tmisc.parse_msg(
t_res.rsig, xmrtypes.RangeSig()))
self.ct.tx_out_pk.append(await
tmisc.parse_msg(t_res.out_pk,
xmrtypes.CtKey()))
self.ct.tx_out_ecdh.append(await
tmisc.parse_msg(t_res.ecdh_info,
xmrtypes.EcdhTuple()))
# Rsig verification
try:
rsig = self.ct.tx_out_rsigs[-1]
if not ring_ct.ver_range(C=None, rsig=rsig):
logger.warning("Rsing not valid")
except Exception as e:
logger.error("Exception rsig: %s" % e)
traceback.print_exc()
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(
all_out_set=MoneroTransactionAllOutSetRequest())
) # type: MoneroTransactionAllOutSetAck
self.handle_error(t_res)
rv = xmrtypes.RctSig()
rv.p = xmrtypes.RctSigPrunable()
rv.txnFee = t_res.rv.txn_fee
rv.message = t_res.rv.message
rv.type = t_res.rv.rv_type
self.ct.tx.extra = list(bytearray(t_res.extra))
# Verify transaction prefix hash correctness, tx hash in one pass
self.ct.tx_prefix_hash = await monero.get_transaction_prefix_hash(
self.ct.tx)
if not common.ct_equal(t_res.tx_prefix_hash, self.ct.tx_prefix_hash):
raise ValueError("Transaction prefix has does not match")
# RctSig
if self.is_simple(rv):
if self.is_bulletproof(rv):
rv.p.pseudoOuts = [x[0] for x in self.ct.pseudo_outs]
else:
rv.pseudoOuts = [x[0] for x in self.ct.pseudo_outs]
# Range proof
rv.p.rangeSigs = []
rv.outPk = []
rv.ecdhInfo = []
for idx in range(len(self.ct.tx_out_rsigs)):
rv.p.rangeSigs.append(self.ct.tx_out_rsigs[idx])
rv.outPk.append(self.ct.tx_out_pk[idx])
rv.ecdhInfo.append(self.ct.tx_out_ecdh[idx])
# MLSAG message check
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(
mlsag_done=MoneroTransactionMlsagDoneRequest())
) # type: MoneroTransactionMlsagDoneAck
self.handle_error(t_res)
mlsag_hash = t_res.full_message_hash
mlsag_hash_computed = await monero.get_pre_mlsag_hash(rv)
if not common.ct_equal(mlsag_hash, mlsag_hash_computed):
raise ValueError("Pre MLSAG hash has does not match")
# Sign each input
couts = []
rv.p.MGs = []
for idx, src in enumerate(tx.sources):
msg = MoneroTransactionSignInputRequest(
await tmisc.dump_msg(src),
await tmisc.dump_msg(self.ct.tx.vin[idx]),
self.ct.tx_in_hmacs[idx],
self.ct.pseudo_outs[idx][0] if not in_memory else None,
self.ct.pseudo_outs[idx][1] if not in_memory else None,
self.ct.alphas[idx],
self.ct.spend_encs[idx],
)
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(sign_input=msg)
) # type: MoneroTransactionSignInputAck
self.handle_error(t_res)
mg = await tmisc.parse_msg(t_res.signature, xmrtypes.MgSig())
rv.p.MGs.append(mg)
couts.append(t_res.cout)
self.ct.tx.signatures = []
self.ct.tx.rct_signatures = rv
t_res = await self.trezor.tsx_sign(
MoneroTransactionSignRequest(
final_msg=MoneroTransactionFinalRequest())
) # type: MoneroTransactionFinalAck
self.handle_error(t_res)
if multisig:
cout_key = t_res.cout_key
for ccout in couts:
self.ct.couts.append(
chacha_poly.decrypt(cout_key, ccout[0], ccout[1],
ccout[2]))
self.ct.enc_salt1, self.ct.enc_salt2 = t_res.salt, t_res.rand_mult
self.ct.enc_keys = t_res.tx_enc_keys
return self.ct.tx