fix for the jokester that added unreduced scalars

to the borromean signature of 2368d846e671bf79a1f84c6d3af9f0bfe296f043f50cf17ae5e485384a53707b
2025-12-10 13:09:24 +00:00 · 2023-05-31 23:06:06 +01:00
parent 4a2f512b8d
commit 71ffcc8ef7
5 changed files with 19 additions and 17 deletions
--- a/coins/monero/src/block/merkle_root.rs
+++ b/coins/monero/src/block/merkle_root.rs
@@ -29,7 +29,7 @@ fn tree_hash_cnt(count: usize) -> usize {
 }

 fn hash_concat(a: [u8; 32], b: [u8; 32]) -> [u8; 32] {
-  let mut v = [a, b].concat();
+  let v = [a, b].concat();
  hash(&v)
 }

--- a/coins/monero/src/ringct/borromean.rs
+++ b/coins/monero/src/ringct/borromean.rs
@@ -17,23 +17,27 @@ fn read_64_array<R: Read, T: Debug, F: Fn(&mut R) -> io::Result<T>>(

 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct BorroSig {
-  pub s0: [Scalar; 64],
-  pub s1: [Scalar; 64],
-  pub ee: Scalar,
+  pub s0: [[u8; 32]; 64],
+  pub s1: [[u8; 32]; 64],
+  pub ee: [u8; 32],
 }

 impl BorroSig {
  pub fn read<R: Read>(r: &mut R) -> io::Result<BorroSig> {
    Ok(BorroSig {
-      s0: read_64_array(read_scalar, r)?,
-      s1: read_64_array(read_scalar, r)?,
-      ee: read_scalar(r)?,
+      s0: read_64_array(read_bytes, r)?,
+      s1: read_64_array(read_bytes, r)?,
+      ee: read_bytes(r)?,
    })
  }
  pub fn write<W: Write>(&self, w: &mut W) -> io::Result<()> {
-    write_raw_vec(write_scalar, &self.s0, w)?;
-    write_raw_vec(write_scalar, &self.s1, w)?;
-    write_scalar(&self.ee, w)
+    for s0 in self.s0.iter() {
+      w.write_all(s0)?;
+    }
+    for s1 in self.s1.iter() {
+      w.write_all(s1)?;
+    }
+    w.write_all(&self.ee)
  }
 }

--- a/coins/monero/src/ringct/mlsag/mod.rs
+++ b/coins/monero/src/ringct/mlsag/mod.rs
@@ -1,11 +1,10 @@
 use std::io;
 use std::io::{Read, Write};

-use curve25519_dalek::edwards::EdwardsPoint;
+
 use curve25519_dalek::scalar::Scalar;

 use crate::{
-  Commitment, random_scalar, hash_to_scalar, wallet::decoys::Decoys, ringct::hash_to_point,
  serialize::*,
 };

--- a/coins/monero/src/ringct/mod.rs
+++ b/coins/monero/src/ringct/mod.rs
@@ -35,7 +35,7 @@ pub enum EcdhInfo {
 }

 impl EcdhInfo {
-  pub fn read<R: Read>(rct_type: u8, r: &mut R) -> io::Result<(EcdhInfo)> {
+  pub fn read<R: Read>(rct_type: u8, r: &mut R) -> io::Result<EcdhInfo> {
    Ok(match rct_type {
      0 ..= 3 => EcdhInfo::Standard { mask: read_scalar(r)?, amount: read_scalar(r)? },
      _ => EcdhInfo::Bulletproof { amount: read_bytes(r)? },
@@ -80,7 +80,6 @@ impl RctBase {
        }
        write_raw_vec(write_point, &self.commitments, w)
      }
-      _ => panic!("Serializing unknown RctType's Base"),
    }
  }

--- a/coins/monero/src/wallet/mod.rs
+++ b/coins/monero/src/wallet/mod.rs
@@ -98,14 +98,14 @@ fn amount_decryption(amount: &EcdhInfo, key: Scalar) -> u64 {
    EcdhInfo::Standard { mask, amount } => {
      let shared_sec1 = hash(key.as_bytes());
      let shared_sec2 = hash(&shared_sec1);
-      let mask_scalar = mask - Scalar::from_bytes_mod_order(shared_sec1);
+      let _mask_scalar = mask - Scalar::from_bytes_mod_order(shared_sec1);

      let amount_scalar = amount - Scalar::from_bytes_mod_order(shared_sec2);
      // get first 64 bits (d2b in rctTypes.cpp)
      let amount_significant_bytes =
        amount_scalar.to_bytes()[0 .. 8].try_into().expect("Can't fail");
-      let amount = u64::from_le_bytes(amount_significant_bytes);
-      amount
+      
+      u64::from_le_bytes(amount_significant_bytes)
    }
    EcdhInfo::Bulletproof { amount } => {
      u64::from_le_bytes(amount_encryption(u64::from_le_bytes(*amount), key))