coins/monero/src/wallet/scan.rs

use std::convert::TryFrom;

use curve25519_dalek::{
  constants::ED25519_BASEPOINT_TABLE,
  scalar::Scalar,
  edwards::EdwardsPoint
};

use monero::{consensus::deserialize, blockdata::transaction::ExtraField};

use crate::{
  Commitment,
  serialize::write_varint,
  transaction::Transaction,
  wallet::{uniqueness, shared_key, amount_decryption, commitment_mask}
};

#[derive(Clone, Debug)]
pub struct SpendableOutput {
  pub tx: [u8; 32],
  pub o: usize,
  pub key: EdwardsPoint,
  pub key_offset: Scalar,
  pub commitment: Commitment
}

impl Transaction {
  pub fn scan(
    &self,
    view: Scalar,
    spend: EdwardsPoint
  ) -> Vec<SpendableOutput> {
    let mut extra = vec![];
    write_varint(&u64::try_from(self.prefix.extra.len()).unwrap(), &mut extra).unwrap();
    extra.extend(&self.prefix.extra);
    let extra = deserialize::<ExtraField>(&extra);

    let pubkeys: Vec<EdwardsPoint>;
    if let Ok(extra) = extra {
      let mut m_pubkeys = vec![];
      if let Some(key) = extra.tx_pubkey() {
        m_pubkeys.push(key);
      }
      if let Some(keys) = extra.tx_additional_pubkeys() {
        m_pubkeys.extend(&keys);
      }

      pubkeys = m_pubkeys.iter().map(|key| key.point.decompress()).filter_map(|key| key).collect();
    } else {
      return vec![];
    };

    let mut res = vec![];
    for (o, output) in self.prefix.outputs.iter().enumerate() {
      // TODO: This may be replaceable by pubkeys[o]
      for pubkey in &pubkeys {
        let mut commitment = Commitment::zero();

        // P - shared == spend
        let matches = |shared_key| (output.key - (&shared_key * &ED25519_BASEPOINT_TABLE)) == spend;
        let test = |shared_key| Some(shared_key).filter(|shared_key| matches(*shared_key));

        // Get the traditional shared key and unique shared key, testing if either matches for this output
        let traditional = test(shared_key(None, view, pubkey, o));
        let unique = test(shared_key(Some(uniqueness(&self.prefix.inputs)), view, pubkey, o));

        // If either matches, grab it and decode the amount
        if let Some(key_offset) = traditional.or(unique) {
          // Miner transaction
          if output.amount != 0 {
            commitment.amount = output.amount;
          // Regular transaction
          } else {
            let amount = match self.rct_signatures.base.ecdh_info.get(o) {
              Some(amount) => amount_decryption(*amount, key_offset),
              // This should never happen, yet it may be possible with miner transactions?
              // Using get just decreases the possibility of a panic and lets us move on in that case
              None => continue
            };

            // Rebuild the commitment to verify it
            commitment = Commitment::new(commitment_mask(key_offset), amount);
            // If this is a malicious commitment, move to the next output
            // Any other R value will calculate to a different spend key and are therefore ignorable
            if Some(&commitment.calculate()) != self.rct_signatures.base.commitments.get(o) {
              break;
            }
          }

          if commitment.amount != 0 {
            res.push(SpendableOutput { tx: self.hash(), o, key: output.key, key_offset, commitment });
          }
          // Break to prevent public keys from being included multiple times, triggering multiple
          // inclusions of the same output
          break;
        }
      }
    }
    res
  }
}
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`use std::convert::TryFrom;`

			`use curve25519_dalek::{`
			`constants::ED25519_BASEPOINT_TABLE,`
			`scalar::Scalar,`
			`edwards::EdwardsPoint`
			`};`

			`use monero::{consensus::deserialize, blockdata::transaction::ExtraField};`

			`use crate::{`
			`Commitment,`
			`serialize::write_varint,`
			`transaction::Transaction,`
			`wallet::{uniqueness, shared_key, amount_decryption, commitment_mask}`
			`};`

			`#[derive(Clone, Debug)]`
			`pub struct SpendableOutput {`
			`pub tx: [u8; 32],`
			`pub o: usize,`
			`pub key: EdwardsPoint,`
			`pub key_offset: Scalar,`
			`pub commitment: Commitment`
			`}`

			`impl Transaction {`
			`pub fn scan(`
			`&self,`
			`view: Scalar,`
			`spend: EdwardsPoint`
			`) -> Vec<SpendableOutput> {`
			`let mut extra = vec![];`
			`write_varint(&u64::try_from(self.prefix.extra.len()).unwrap(), &mut extra).unwrap();`
			`extra.extend(&self.prefix.extra);`
			`let extra = deserialize::<ExtraField>(&extra);`

			`let pubkeys: Vec<EdwardsPoint>;`
			`if let Ok(extra) = extra {`
			`let mut m_pubkeys = vec![];`
			`if let Some(key) = extra.tx_pubkey() {`
			`m_pubkeys.push(key);`
			`}`
			`if let Some(keys) = extra.tx_additional_pubkeys() {`
			`m_pubkeys.extend(&keys);`
			`}`

			`pubkeys = m_pubkeys.iter().map(\|key\| key.point.decompress()).filter_map(\|key\| key).collect();`
			`} else {`
			`return vec![];`
			`};`

			`let mut res = vec![];`
			`for (o, output) in self.prefix.outputs.iter().enumerate() {`
			`// TODO: This may be replaceable by pubkeys[o]`
			`for pubkey in &pubkeys {`
			`let mut commitment = Commitment::zero();`

			`// P - shared == spend`
			`let matches = \|shared_key\| (output.key - (&shared_key * &ED25519_BASEPOINT_TABLE)) == spend;`
			`let test = \|shared_key\| Some(shared_key).filter(\|shared_key\| matches(*shared_key));`

			`// Get the traditional shared key and unique shared key, testing if either matches for this output`
			`let traditional = test(shared_key(None, view, pubkey, o));`
			`let unique = test(shared_key(Some(uniqueness(&self.prefix.inputs)), view, pubkey, o));`

			`// If either matches, grab it and decode the amount`
			`if let Some(key_offset) = traditional.or(unique) {`
			`// Miner transaction`
			`if output.amount != 0 {`
			`commitment.amount = output.amount;`
			`// Regular transaction`
			`} else {`
			`let amount = match self.rct_signatures.base.ecdh_info.get(o) {`
			`Some(amount) => amount_decryption(*amount, key_offset),`
			`// This should never happen, yet it may be possible with miner transactions?`
			`// Using get just decreases the possibility of a panic and lets us move on in that case`
			`None => continue`
			`};`

			`// Rebuild the commitment to verify it`
			`commitment = Commitment::new(commitment_mask(key_offset), amount);`
			`// If this is a malicious commitment, move to the next output`
			`// Any other R value will calculate to a different spend key and are therefore ignorable`
			`if Some(&commitment.calculate()) != self.rct_signatures.base.commitments.get(o) {`
			`break;`
			`}`
			`}`

			`if commitment.amount != 0 {`
			`res.push(SpendableOutput { tx: self.hash(), o, key: output.key, key_offset, commitment });`
			`}`
			`// Break to prevent public keys from being included multiple times, triggering multiple`
			`// inclusions of the same output`
			`break;`
			`}`
			`}`
			`}`
			`res`
			`}`
			`}`