Close https://github.com/serai-dex/serai/issues/30.

An extremely minimal subset of Monero is now all that's built, and I'm 
sufficiently happy with it.

coins/monero/src/lib.rs

@@ -1,6 +1,10 @@
+use std::slice;
+
 use lazy_static::lazy_static;
 use rand_core::{RngCore, CryptoRng};
 
+use subtle::ConstantTimeEq;
+
 use tiny_keccak::{Hasher, Keccak};
 
 use curve25519_dalek::{
@@ -32,6 +36,29 @@ lazy_static! {
   static ref H_TABLE: EdwardsBasepointTable = EdwardsBasepointTable::create(&*H);
 }
 
+// Function from libsodium our subsection of Monero relies on. Implementing it here means we don't
+// need to link against libsodium
+#[no_mangle]
+unsafe extern "C" fn crypto_verify_32(a: *const u8, b: *const u8) -> isize {
+  isize::from(
+    slice::from_raw_parts(a, 32).ct_eq(slice::from_raw_parts(b, 32)).unwrap_u8()
+  ) - 1
+}
+
+// Offer a wide reduction to C. Our seeded RNG prevented Monero from defining an unbiased scalar
+// generation function, and in order to not use Monero code (which would require propagating its
+// license), the function was rewritten. It was rewritten with wide reduction, instead of rejection
+// sampling however, hence the need for this function
+#[no_mangle]
+unsafe extern "C" fn monero_wide_reduce(value: *mut u8) {
+  let res = Scalar::from_bytes_mod_order_wide(
+    std::slice::from_raw_parts(value, 64).try_into().unwrap()
+  );
+  for (i, b) in res.to_bytes().iter().enumerate() {
+    value.add(i).write(*b);
+  }
+}
+
 #[allow(non_snake_case)]
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
 pub struct Commitment {