Switch to Ed25519 for cryptographic binding of joinsplits to transactions.

2016-05-30 10:59:20 -06:00
parent b48122b57b
commit 320f2cc7e0
9 changed files with 566 additions and 626 deletions
--- a/src/wallet/rpcwallet.cpp
+++ b/src/wallet/rpcwallet.cpp
@@ -18,9 +18,10 @@
 #include "walletdb.h"
 #include "primitives/transaction.h"
 #include "zcbenchmarks.h"
-#include "key.h"
 #include "script/interpreter.h"

+#include "sodium.h"
+
 #include <stdint.h>

 #include <boost/assign/list_of.hpp>
@@ -2652,22 +2653,23 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
        throw runtime_error("unsupported pour input/output counts");
    }

-    CKey joinSplitPrivKey;
-    joinSplitPrivKey.MakeNewKey(true);
-    CCompressedPubKey joinSplitPubKey(joinSplitPrivKey.GetPubKey());
+    uint256 joinSplitPubKey;
+    unsigned char joinSplitPrivKey[crypto_sign_SECRETKEYBYTES];
+    crypto_sign_keypair(joinSplitPubKey.begin(), joinSplitPrivKey);

    CMutableTransaction mtx(tx);
    mtx.nVersion = 2;
    mtx.joinSplitPubKey = joinSplitPubKey;

    CPourTx pourtx(*pzcashParams,
-                   joinSplitPubKey.GetZcashHash(),
+                   joinSplitPubKey,
                   anchor,
                   {vpourin[0], vpourin[1]},
                   {vpourout[0], vpourout[1]},
                   vpub_old,
                   vpub_new);
-    assert(pourtx.Verify(*pzcashParams, joinSplitPubKey.GetZcashHash()));
+
+    assert(pourtx.Verify(*pzcashParams, joinSplitPubKey));

    mtx.vpour.push_back(pourtx);

@@ -2682,7 +2684,16 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
    }

    // Add the signature
-    joinSplitPrivKey.Sign(dataToBeSigned, mtx.joinSplitSig);
+    assert(crypto_sign_detached(&mtx.joinSplitSig[0], NULL,
+                         dataToBeSigned.begin(), 32,
+                         joinSplitPrivKey
+                        ) == 0);
+
+    // Sanity check
+    assert(crypto_sign_verify_detached(&mtx.joinSplitSig[0],
+                                       dataToBeSigned.begin(), 32,
+                                       mtx.joinSplitPubKey.begin()
+                                      ) == 0);

    CTransaction rawTx(mtx);

@@ -2696,7 +2707,7 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
        ss2 << ((unsigned char) 0x00);
        ss2 << pourtx.ephemeralKey;
        ss2 << pourtx.ciphertexts[0];
-        ss2 << pourtx.h_sig(*pzcashParams, joinSplitPubKey.GetZcashHash());
+        ss2 << pourtx.h_sig(*pzcashParams, joinSplitPubKey);

        encryptedBucket1 = HexStr(ss2.begin(), ss2.end());
    }
@@ -2705,7 +2716,7 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
        ss2 << ((unsigned char) 0x01);
        ss2 << pourtx.ephemeralKey;
        ss2 << pourtx.ciphertexts[1];
-        ss2 << pourtx.h_sig(*pzcashParams, joinSplitPubKey.GetZcashHash());
+        ss2 << pourtx.h_sig(*pzcashParams, joinSplitPubKey);

        encryptedBucket2 = HexStr(ss2.begin(), ss2.end());
    }