Add support for carrot (legacy and view-balance keys). WIP

Author: vtnerd

CMakeLists.txt

@@ -69,6 +69,7 @@ set(MONERO_LIBRARIES
   serialization
   lmdb_lib
   net
+  carrot_core
   cryptonote_core
   cryptonote_basic
   cryptonote_format_utils_basic
@@ -87,6 +88,9 @@ set(MONERO_LIBRARIES
   easylogging
   version
   wallet-crypto
+  fcmp_pp
+  mx25519
+  wallet
 )
 
 set(MONERO_OPTIONAL wallet-crypto)
@@ -280,6 +284,7 @@ set_property(TARGET monero::libraries PROPERTY
     "${MONERO_SOURCE_DIR}/external/easylogging++"
     "${MONERO_SOURCE_DIR}/external/rapidjson/include"
     "${MONERO_SOURCE_DIR}/external/supercop/include"
+    "${MONERO_SOURCE_DIR}/external/mx25519/include"
     "${MONERO_SOURCE_DIR}/src"
 )
 

src/db/account.cpp

@@ -29,12 +29,16 @@
 #include <algorithm>
 #include <cstring>
 
+#include "carrot_core/account_secrets.h"
 #include "common/error.h"
 #include "common/expect.h"
 #include "db/data.h"
 #include "db/string.h"
+#include "error.h"
+#include "util/transactions.h"
 #include "wire/adapted/crypto.h"
 #include "wire/adapted/pair.h"
+#include "wire/adapted/tuple.h"
 #include "wire/msgpack.h"
 #include "wire/vector.h"
 #include "wire/wrapper/trusted_array.h"
@@ -51,28 +55,53 @@ namespace lws
         return std::memcmp(std::addressof(lhs), std::addressof(rhs), sizeof(lhs)) < 0;
       }
     };
+
+    account::key_type get_type(const db::account_flags flags) noexcept
+    {
+      if (flags & db::account_flags::view_balance_key)
+        return account::key_type::balance;
+      return account::key_type::legacy;
+    }
   }
 
+  WIRE_AS_INTEGER(account::key_type);
+
   struct account::internal
   {
     internal()
-      : address(), id(db::account_id::invalid), pubs{}, view_key{}
+      : address(),
+        id(db::account_id::invalid),
+        pubs{},
+        view_key{},
+        balance_key{},
+        type(account::key_type::legacy)
     {}
 
     explicit internal(db::account const& source)
-      : address(db::address_string(source.address)), id(source.id), pubs(source.address), view_key()
+      : address(db::address_string(source.address)),
+        id(source.id),
+        pubs(source.address),
+        view_key(),
+        balance_key{},
+        type(get_type(source.flags))
     {
       using inner_type =
         std::remove_reference<decltype(tools::unwrap(view_key))>::type;
 
+      crypto::secret_key& target = type == account::key_type::balance ?
+        balance_key : view_key; 
+
       static_assert(std::is_standard_layout<db::view_key>(), "need standard layout source");
       static_assert(std::is_pod<inner_type>(), "need pod target");
-      static_assert(sizeof(view_key) == sizeof(source.key), "different size keys");
+      static_assert(sizeof(target) == sizeof(source.key), "different size keys");
       std::memcpy(
-        std::addressof(tools::unwrap(view_key)),
+        std::addressof(tools::unwrap(target)),
         std::addressof(source.key),
         sizeof(source.key)
       );
+
+      if (type == account::key_type::balance)
+        carrot::make_carrot_viewincoming_key(balance_key, view_key);
     }
 
     void read_bytes(wire::msgpack_reader& source)
@@ -88,19 +117,24 @@ namespace lws
         WIRE_FIELD_ID(0, address),
         WIRE_FIELD_ID(1, id),
         WIRE_FIELD_ID(2, pubs),
-        WIRE_FIELD_ID(3, view_key)
+        WIRE_FIELD_ID(3, view_key),
+        WIRE_FIELD_ID(4, balance_key),
+        WIRE_FIELD_ID(5, type)
       );
     }
 
     std::string address;
     db::account_id id;
     db::account_address pubs;
     crypto::secret_key view_key;
+    crypto::secret_key balance_key;
+    account::key_type type;
   };
 
-  account::account(std::shared_ptr<const internal> immutable, db::block_id height, std::vector<std::pair<db::output_id, db::address_index>> spendable, std::vector<crypto::public_key> pubs) noexcept
+  account::account(std::shared_ptr<const internal> immutable, db::block_id height, std::vector<spendable_t> spendable, std::vector<balance_t> balance, std::vector<crypto::public_key> pubs) noexcept
     : immutable_(std::move(immutable))
     , spendable_(std::move(spendable))
+    , balance_(std::move(balance))
     , pubs_(std::move(pubs))
     , spends_()
     , outputs_()
@@ -122,18 +156,20 @@ namespace lws
       wire::optional_field<2>("pubs_", wire::trusted_array(std::ref(self.pubs_))),
       wire::optional_field<3>("spends_", wire::trusted_array(std::ref(self.spends_))),
       wire::optional_field<4>("outputs_", wire::trusted_array(std::ref(self.outputs_))),
-      WIRE_FIELD_ID(5, height_)
+      WIRE_FIELD_ID(5, height_),
+      wire::optional_field<6>("balance_", wire::trusted_array(std::ref(self.balance_)))
     );
   }
 
   account::account() noexcept
-    : immutable_(nullptr), spendable_(), pubs_(), spends_(), outputs_(), height_(db::block_id(0))
+    : immutable_(nullptr), spendable_(), balance_(), pubs_(), spends_(), outputs_(), height_(db::block_id(0))
   {}
 
-  account::account(db::account const& source, std::vector<std::pair<db::output_id, db::address_index>> spendable, std::vector<crypto::public_key> pubs)
-    : account(std::make_shared<internal>(source), source.scan_height, std::move(spendable), std::move(pubs))
+  account::account(db::account const& source, std::vector<spendable_t> spendable, std::vector<balance_t> balance, std::vector<crypto::public_key> pubs)
+    : account(std::make_shared<internal>(source), source.scan_height, std::move(spendable), std::move(balance), std::move(pubs))
   {
     std::sort(spendable_.begin(), spendable_.end());
+    std::sort(balance_.begin(), balance_.end());
     std::sort(pubs_.begin(), pubs_.end(), sort_pubs{});
   }
 
@@ -146,6 +182,7 @@ namespace lws
     map(source, *this, *immutable);
     immutable_ = std::move(immutable);
     std::sort(spendable_.begin(), spendable_.end());
+    std::sort(balance_.begin(), balance_.end());
     std::sort(pubs_.begin(), pubs_.end(), sort_pubs{});
   }
 
@@ -157,7 +194,7 @@ namespace lws
 
   account account::clone() const
   {
-    account result{immutable_, height_, spendable_, pubs_};
+    account result{immutable_, height_, spendable_, balance_, pubs_};
     result.outputs_ = outputs_;
     result.spends_ = spends_;
     return result;
@@ -179,6 +216,13 @@ namespace lws
     return db::account_id::invalid;
   }
 
+  account::key_type account::type() const noexcept
+  {
+    if (immutable_)
+      return immutable_->type;
+    return key_type::legacy;
+  }
+
   std::string const& account::address() const
   {
     null_check();
@@ -209,29 +253,61 @@ namespace lws
     return immutable_->view_key;
   }
 
-  boost::optional<db::address_index> account::get_spendable(db::output_id const& id) const noexcept
+  crypto::secret_key const& account::balance_key() const
+  {
+    null_check();
+    return immutable_->balance_key;
+  }
+ 
+  std::optional<db::address_index> account::get_spendable(db::output_id const& id) const noexcept
   {
     const auto searchable = 
-      std::make_pair(id, db::address_index{db::major_index::primary, db::minor_index::primary});
+      std::make_pair(id, db::address_index::primary());
     const auto account =
       std::lower_bound(spendable_.begin(), spendable_.end(), searchable);
     if (account == spendable_.end() || account->first != id)
-      return boost::none;
+      return std::nullopt;
     return account->second;
   }
 
+  std::optional<std::pair<db::output_id, db::address_index>> account::get_spendable(crypto::key_image const& image) const noexcept
+  {
+    const auto searchable =
+      std::make_tuple(image, std::uint64_t(0), db::address_index::primary());
+    const auto account =
+      std::lower_bound(balance_.begin(), balance_.end(), searchable);
+    if (account == balance_.end() || std::get<0>(*account) != image)
+      return std::nullopt;
+    return std::make_pair(db::output_id{0, std::get<1>(*account)}, std::get<2>(*account));
+  }
+
   bool account::add_out(db::output const& out)
   {
     auto existing_pub = std::lower_bound(pubs_.begin(), pubs_.end(), out.pub, sort_pubs{});
     if (existing_pub != pubs_.end() && *existing_pub == out.pub)
       return false;
 
     pubs_.insert(existing_pub, out.pub);
-    auto spendable_value = std::make_pair(out.spend_meta.id, out.recipient);
-    spendable_.insert(
-      std::lower_bound(spendable_.begin(), spendable_.end(), spendable_value),
-      spendable_value
-    );
+
+    if (type() == key_type::balance)
+    {
+      const std::optional<crypto::key_image> image = get_image(out);
+      if (!image)
+        MONERO_THROW(error::crypto_failure, "Failed to generate carrot key image");
+      auto elem = std::make_tuple(*image, out.spend_meta.id.low, out.recipient);
+      balance_.insert(
+        std::lower_bound(balance_.begin(), balance_.end(), elem),
+        elem
+      );
+    }
+    else if (!out.is_carrot())
+    {
+      auto spendable_value = std::make_pair(out.spend_meta.id, out.recipient);
+      spendable_.insert(
+        std::lower_bound(spendable_.begin(), spendable_.end(), spendable_value),
+        spendable_value
+      );
+    }
     outputs_.push_back(out);
     return true;
   }
@@ -240,6 +316,12 @@ namespace lws
   {
     spends_.push_back(spend);
   }
-} // lws
 
+  std::optional<crypto::key_image> account::get_image(db::output const& out) const
+  {
+    if (!immutable_ || type() != key_type::balance)
+      return std::nullopt;
+    return ::lws::get_image(out, immutable_->pubs, immutable_->balance_key);
+  }
+} // lws
 

src/db/account.h

@@ -26,10 +26,12 @@
 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #pragma once
 
-#include <boost/optional/optional.hpp>
 #include <cstdint>
 #include <memory>
+#include <optional>
 #include <string>
+#include <tuple>
+#include <utility>
 #include <vector>
 
 #include "crypto/crypto.h"
@@ -46,26 +48,32 @@ namespace lws
   {
     struct internal;
 
+    using balance_t = std::tuple<crypto::key_image, std::uint64_t, db::address_index>;
+    using spendable_t = std::pair<db::output_id, db::address_index>;
+
     std::shared_ptr<const internal> immutable_;
     std::vector<std::pair<db::output_id, db::address_index>> spendable_;
+    std::vector<balance_t> balance_;
     std::vector<crypto::public_key> pubs_;
     std::vector<db::spend> spends_;
     std::vector<db::output> outputs_;
     db::block_id height_;
 
-    explicit account(std::shared_ptr<const internal> immutable, db::block_id height, std::vector<std::pair<db::output_id, db::address_index>> spendable, std::vector<crypto::public_key> pubs) noexcept;
+    explicit account(std::shared_ptr<const internal> immutable, db::block_id height, std::vector<spendable_t> spendable, std::vector<balance_t> balance, std::vector<crypto::public_key> pubs) noexcept;
     void null_check() const;
 
     template<typename F, typename T, typename U>
     static void map(F& format, T& self, U& immutable);
 
   public:
+    //! `view_key()` can be one of several different "types"
+    enum class key_type : std::uint8_t { balance = 0, incoming, legacy };
 
     //! Construct an "invalid" account (for de-serialization)
     account() noexcept;
 
     //! Construct an account from `source` and current `spendable` outputs.
-    explicit account(db::account const& source, std::vector<std::pair<db::output_id, db::address_index>> spendable, std::vector<crypto::public_key> pubs);
+    explicit account(db::account const& source, std::vector<spendable_t> spendable, std::vector<balance_t> balance, std::vector<crypto::public_key> pubs);
 
     /*!
       \return False if this is a "moved-from" account (i.e. the internal memory
@@ -94,6 +102,9 @@ namespace lws
     //! \return Unique ID from the account database, possibly `db::account_id::kInvalid`.
     db::account_id id() const noexcept;
 
+    //! \return Key-type
+    key_type type() const noexcept;
+
     //! \return Monero base58 string for account.
     std::string const& address() const;
 
@@ -106,14 +117,20 @@ namespace lws
     //! \return Extracted spend public key from `address()`.
     crypto::public_key const& spend_public() const;
 
-    //! \return Secret view key for the account.
+    //! \return Secret legacy or carrot incoming key for the account.
     crypto::secret_key const& view_key() const;
 
+    //! \return Secret balance view key, iff `type() == key_type::balance`.
+    crypto::secret_key const& balance_key() const;
+
     //! \return Current scan height of `this`.
     db::block_id scan_height() const noexcept { return height_; }
 
     //! \return Subaddress index iff `id` is spendable by `this`.
-    boost::optional<db::address_index> get_spendable(db::output_id const& id) const noexcept;
+    std::optional<db::address_index> get_spendable(db::output_id const& id) const noexcept;
+
+    //! \return Output index + subaddress index iff `image` is spendable by `this`.
+    std::optional<std::pair<db::output_id, db::address_index>> get_spendable(crypto::key_image const& image) const noexcept;
 
     //! \return Outputs matched during the latest scan.
     std::vector<db::output> const& outputs() const noexcept { return outputs_; }
@@ -126,6 +143,9 @@ namespace lws
 
     //! Track a possible `spend`.
     void add_spend(db::spend const& spend);
+
+    //! \return Key image for `out` iff `type() == key_type::balance`.
+    std::optional<crypto::key_image> get_image(db::output const& out) const;
   };
 
   struct by_height

src/db/data.cpp

@@ -29,11 +29,14 @@
 #include <cstring>
 #include <memory>
 
+#include "carrot_core/destination.h"         // monero/src
+#include "carrot_core/device_ram_borrowed.h" // monero/src
 #include "cryptonote_config.h" // monero/src
 #include "db/string.h"
 #include "int-util.h"          // monero/contribe/epee/include
 #include "ringct/rctOps.h"     // monero/src
 #include "ringct/rctTypes.h"   // monero/src
+#include "util/account.h"
 #include "wire.h"
 #include "wire/adapted/array.h"
 #include "wire/adapted/crypto.h"
@@ -163,6 +166,19 @@ namespace db
     return rct::rct2pk(rct::addKeys(rct::pk2rct(base.spend_public), rct::pk2rct(M)));
   }
 
+  crypto::public_key address_index::get_spend_public(carrot_account const& base, crypto::secret_key const& address) const
+  {
+    if (is_zero())
+      return base.spend;
+
+    carrot::CarrotDestinationV1 out{};
+    const carrot::generate_address_secret_ram_borrowed_device address_device{address};
+    carrot::make_carrot_subaddress_v1(
+      base.spend, base.view, address_device, std::uint32_t(maj_i), std::uint32_t(min_i), out
+    );
+    return out.address_spend_pubkey; 
+  }
+
   namespace
   {
     template<typename F, typename T>