Skip to content
This repository has been archived by the owner on May 28, 2019. It is now read-only.

Monero support added [for review] #293

Merged
merged 2 commits into from
Oct 25, 2018
Merged

Conversation

ph4r05
Copy link
Contributor

@ph4r05 ph4r05 commented Jul 27, 2018

The first review attempt for Monero code.

Code can be tested with monero-agent as with the previous PoC:
https://github.com/ph4r05/monero-agent

Documentation for PoC (section "Testing with Trezor"):
https://github.com/ph4r05/monero-agent/blob/master/PoC.md

For testing you may actually need my forks as I use my dependencies with PRs merged (update submodules after clone).
https://github.com/ph4r05/trezor-core/tree/xmr-total-full

Integration docs:
https://github.com/ph4r05/monero-trezor-doc

This PR depends on PRs:


Code review TODO

  • import tests into python-trezor/travis
  • split tx builder steps into seperate files (@tsusanka)
  • rethink how to tie the steps together (@tsusanka, @jpochyla)
  • modify iface to layout based on other coins (@tsusanka)
  • move hmac/enc keys to seperate file (@tsusanka)
  • remove multisig (@ph4r05)
  • simplify (de)serialization code (@jpochyla)
  • remove most of xmr/crypto.py (@ph4r05)
  • review the package structure (@jpochyla)
  • remove the lite protocol (@ph4r05)
  • investigate hashers (keccak_hasher, mlsag_hasher) (@jpochyla)
  • thoroughly review signing steps (@tsusanka)
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
  • state.in_memory?
  • common.ct_equal? (@jpochyla)
  • ring_ct, mlsag2 (@tsusanka)
  • bulletproofs (Ondra + Andrew)
  • batch_size < output_count test (@ph4r05)
  • key image sync (@jpochyla)
  • monero.py (@tsusanka)

from trezor.crypto import hmac, monero as tcry, pbkdf2 as tpbkdf2, random
from trezor.crypto.hashlib import sha3_256

# py constants
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will be removed

@tsusanka
Copy link
Contributor

tsusanka commented Aug 6, 2018

@ph4r05 I'll be doing some sort of preliminary review with @jpochyla doing review of my review later :). Consider it more as questions/suggestions. First, I would like to clarify few things:

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 6, 2018

OK thanks!

  • xmr-total-full branch is basically my development branch with lots of commits and with my custom git submodule forks of trezor-common and trezor-crypto with all required stuff merged in.

  • xmr-total-2 is all monero work done in one squashed commit, rebased on top of the master. It has original git submodules so this branch tests are failing, e.g. there is no monero functionality in trezor-crypto.

  • Regarding the testing - yes. If you fork my xmr-total-full with all my submodules and follow PoC.md@master you should be able to both run trezor-specific tests (16 testing transactions) and sign transactions with agent as you did in the PoC phase of the project.

  • PR merge - if the proposed way is easier for you then I think its OK. I am not sure how github / @prusnak is doing it in xmr: monero crypto functions, tests trezor-crypto#169 but there is also my avatar alongside the modified commits so its fine :)

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 6, 2018

ad PoC: if you had setup the environment for PoC previously just skip to Testing with Trezor section in PoC.md

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 6, 2018

BTW

  • is there a way to set a timer after reception of a message, e.g. for a minute so if no next protocol message is received within the timeout the whole state is wiped out?

  • what is the safest way to wipe out secrets from the memory allocated in the python code? E.g., spending keys for UTXO would be nice to zero out before garbage collecting. Is the currently only way to do it manually?

@tsusanka
Copy link
Contributor

tsusanka commented Aug 6, 2018

@ph4r05 there is no such file trezor-crypto/monero/crypto.c as required in SConscript.firmware. This is probably due to trezor/trezor-crypto#169 (comment). I've modified the line to trezor-crypto/ed25519-donna/ge25519.c, however the build still fails due to "ROTL32" redefined error. Would you like to look into it?

PS: you can use the monero branch to see the error or see travis

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 6, 2018

Hmm I think this PR is not directly usable with trezor/trezor-crypto until all changes are merged. As there are still ongoing changes and review process I decided not to keep it up-to-date with the trezor/trezor-crypto until the merging and review is finished.

For the testing purposes, you may use the branch ph4r05/xmr-total-full with working trezor-crypto changes. It uses my fork of the library with merged monero changes.

That should also fix the "ROTL32" redefined error as it is defined in ed25510-donna.h which did not have include-once ifndef

@tsusanka
Copy link
Contributor

tsusanka commented Aug 6, 2018

Ok fair enough. Let's wait then. @prusnak could you answer @ph4r05's questions above?

@tsusanka
Copy link
Contributor

tsusanka commented Aug 6, 2018

note: the monero branch includes this PR and is rebased on top of the current master

@prusnak
Copy link
Member

prusnak commented Aug 6, 2018

is there a way to set a timer after reception of a message, e.g. for a minute so if no next protocol message is received within the timeout the whole state is wiped out?

No, this is not yet possible.

what is the safest way to wipe out secrets from the memory allocated in the python code? E.g., spending keys for UTXO would be nice to zero out before garbage collecting. Is the currently only way to do it manually?

Your request sparked an idea, which I implemented here: ebf912c

Since our modtrezorcrypto objects implement memzero descructors in __del__, we can use the following syntax to acheive what you want:

from trezor.crypto import SecureContext

with SecureContext() as sc:
    sc.var1 = ...
    sc.var2 = ...

Later we might move this variables to different parts of the CPU memory (CCRAM instead of main RAM) or something even more sofisticated.

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 14, 2018

I've refactored transaction signing so it uses protob serialization where suitable - to avoid cryptonote serialization for complex messages which are not forward compatible.

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 15, 2018

From now I will stop squashing commits after each change. I will squash it to one eventually after the review.

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 15, 2018

@tsusanka Change address is not confirmed by user now, it is verified to match primary account address (i.e., subaddress with index (account, 0)).

@ph4r05
Copy link
Contributor Author

ph4r05 commented Aug 15, 2018

@tsusanka I've added tests for Monero Cryptonote serializer. For that I needed to add support for async test cases, which is also in a separate PR:

#319

EDIT: I've added some basic Monero crypto tests as well.

@ph4r05 ph4r05 force-pushed the xmr-total-2 branch 5 times, most recently from 40ca371 to cf0a710 Compare August 18, 2018 13:23
@ph4r05
Copy link
Contributor Author

ph4r05 commented Sep 17, 2018

Trezor-crypto related: range_proof.{c,h} and the corresponding unit test can be now removed as I deprecated C-implementation of the Borromean range proof due to heap fragmentation problems. Python implementation is almost as fast as the C implementation (using in-place operations).

"""
from apps.monero.xmr.sub.addr import classify_subaddresses

self.gen_r()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to get rid of this function and write it directly, because:

  • it is used only twice and the second instance actually uses the use_r argument
  • the use_r argument is confusing anyway
  • it is called gen_r() but it actually sets the r_pub as well

src/apps/monero/protocol/tsx_sign_builder.py Outdated Show resolved Hide resolved
src/apps/monero/protocol/tsx_sign_builder.py Outdated Show resolved Hide resolved
src/apps/monero/protocol/tsx_sign_builder.py Outdated Show resolved Hide resolved
self.multi_sig = tsx_data.is_multisig
self.state.inp_cnt()
self.check_change(tsx_data.outputs)
self.exp_tx_prefix_hash = common.defval_empty(tsx_data.exp_tx_prefix_hash, None)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only place where common.defval_empty is used, let's remove it.

src/apps/monero/xmr/sub/addr.py Outdated Show resolved Hide resolved
src/apps/monero/protocol/tsx_sign_builder.py Outdated Show resolved Hide resolved
gc.collect()

# Iterative tx_prefix_hash hash computation
self._tprefix_update()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to write it directly, it is unclear what is being hashed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean? You propose to unroll / remove _tprefix_update method?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed.

src/apps/monero/protocol/tsx_sign_builder.py Outdated Show resolved Hide resolved
@ph4r05
Copy link
Contributor Author

ph4r05 commented Sep 18, 2018

Btw just a minor thing, after using the latest trezor-common the src Travis job started failing. Ideas? I thought it may be good to fix it before merging protobuf PR with get_fields, maybe?

1.89s$ test "$GOAL" != "src" || pipenv run make templates_check
./tools/build_templates --check
--- ./tools/../src/apps/common/coininfo.py	2018-09-17 15:11:06.743812764 +0000
+++ /tmp/tmp.CucSLkIfYY	2018-09-17 15:12:11.042755779 +0000
@@ -520,7 +520,7 @@
         address_type_p2sh=5
         maxfee_kb=10000000
         signed_message_header="Namecoin Signed Message:\n"
-        xpub_magic=0x019da462
+        xpub_magic=0x0488b21e
         xpub_magic_segwit_p2sh=None
         xpub_magic_segwit_native=None
         bech32_prefix=None
make: *** [templates_check] Error 1

@tsusanka
Copy link
Contributor

@ph4r05 run ./tools/build_templates

@ph4r05
Copy link
Contributor Author

ph4r05 commented Sep 18, 2018

After pip install mako munch I've got:

Traceback (most recent call last):
  File "./../vendor/trezor-common/tools/cointool.py", line 706, in <module>
    cli()
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "./../vendor/trezor-common/tools/cointool.py", line 702, in render
    do_render(file, dst)
  File "./../vendor/trezor-common/tools/cointool.py", line 675, in do_render
    render_file(src, dst, defs, support_info)
  File "./../vendor/trezor-common/tools/cointool.py", line 131, in render_file
    template = mako.template.Template(filename=src)
  File "/Users/dusanklinec/.pyenv/versions/3.6.5/lib/python3.6/site-packages/mako/template.py", line 283, in __init__
    "of the root path." % self.uri)
mako.exceptions.TemplateLookupException: Template uri "../src/apps/common/coininfo.py.mako" is invalid - it cannot be relative outside of the root path.

@tsusanka
Copy link
Contributor

Mmmm, maybe cd tools; ./build_templates?

@ph4r05
Copy link
Contributor Author

ph4r05 commented Sep 18, 2018

Aah I was originally in the tools/ dir, now I tried ./tools/build_templates and that worked.

@ph4r05
Copy link
Contributor Author

ph4r05 commented Oct 2, 2018

Hmm I think there is a small issue with generated mocks at the moment.
The trezorcrypto mock is one file but maybe it should actually be a package which contains submodules like monero.

Why: A function add256_modm defined in modtrezorcrypto-monero.h is in the generated mock in trezorcrypto.add256_modm, not in trezorcrypto.monero.add256_modm as it should be.

A Quick & dirty hack is to class-scope all packages in modtrezorcrypto:

class monero:

    @staticmethod
    add256_modm(a, b): 
        """Scalar addition"""

    class Ge25519:
        """EC point""""

Now the mock import / typing should work.

@jpochyla jpochyla force-pushed the xmr-total-2 branch 2 times, most recently from 66d8fe0 to 24c5251 Compare October 9, 2018 12:29
@ph4r05
Copy link
Contributor Author

ph4r05 commented Oct 10, 2018

Tests failing due to:

../../../../.local/share/virtualenvs/trezor-core-h18d73Mo/src/trezor/trezorlib/tests/device_tests/test_msg_signtx_decred.py:268: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../../../../.local/share/virtualenvs/trezor-core-h18d73Mo/src/trezor/trezorlib/btc.py:200: in sign_tx
    res = client.call(proto.TxAck(tx=msg))
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
self = <trezorlib.debuglink.TrezorClientDebugLink object at 0x2ac4d3d0d2b0>
msg = <TxAck: {'tx': <TransactionType: {'bin_outputs': [<TxOutputBinType: {'amount': 190000000, 'script_pubkey': b'v\xa9\x14\x81\x9d)\x1a/\x7f\xbfw\x0exK\xfdx\xb5\xce\x92\xc5\x8e\x95\xea\x88\xac', 'decred_script_version': 0}>]}>}>
    @tools.session
    def call(self, msg):
>       resp = self.call_raw(msg)
E       AssertionError: Expected responses:

Maybe rebasing on master?

@jpochyla @tsusanka let me pls know once you are done with the current work in progress so I can squash and rebase on the master.

Thanks!

@tsusanka
Copy link
Contributor

@ph4r05 just pushed smth. So it's a go from my side

@ph4r05
Copy link
Contributor Author

ph4r05 commented Oct 17, 2018

Just to note: the builds are currently failing because of
pypa/pipenv#3026

ph4r05 and others added 2 commits October 25, 2018 14:04
templates: build
style: correct math in comment
[260130c] xmr: show address fix
[abd27e6] xmr: reorganize module structure
[cd9e5a5] xmr: simplify layout code
[a5b56f1] xmr: monero.crypto test fix
[60bc30e] xmr: minor fixes
[f82bd9c] xmr: use trezor.utils.ensure
[adf119a] xmr: get rid of xmr.common module
[3531a42] pipenv: temporary fix attempt for travis

- until pipenv bug is resolved
[d172f86] xmr: protob messages refactored
[e83085e] trezor-common version bump & messages regenerated

xmr: mlsag_hasher simplified
[feb5f1c] xmr: simplify key_image_sync workflow
[d4cb008] xmr: tiny note in README and typo
[62411cd] xmr: readme updates
[ff15b46] xmr: rename and order mlsag functions
[3fb57da] xmr: mlsag notes
[c27ae90] xmr: output index check added in step6
[973c457] xmr: grouping is mandatory
[684c7e1] xmr: range sig grouping check added
[012ca76] xmr: small refactor in borromean range proof
[1ba72b6] xmr: move range signatures to seperate file; rename mlsag2 to mlsag
[a89f3ab] xmr: fix wrong annotation in modtrezorcrypto
[8303b42] xmr: state's use_simple_rct and use_bulletproof modified to enums
[276712a] xmr: re-export most of functions in apps.monero.xmr.crypto
[7416545] xmr: out_pk_masks changed to out_pk_commitments
[1e18672] xmr: state comments
[3c69a2e] xmr: TrezorTxPrefixHashNotMatchingError note removed

only concerns multisig
[5af0fea] xmr: master merging commit

xmr: step 10 review
[d8e9937] xmr: step 09 review
[a510150] travis: workaround form 6a0ea22
[03d2711] mocks: regenerate
[bd24bb3] mocks: add support for entering the global scope
[f75c190] mocks: regenerate
[bce8596] modtrezorcrypto: define mock package
[7c07752] mocks: support package definition
[b3f1017] xmr: step 05 and 06 masks and range proofs review

Masks are now always generated in step 5 and stored in state.

Range proofs were reviewed only in a high-level manner and will be
reviewed later.
[67f391c] xmr: step 08 review
[673bf01] xmr: steps 04, 05, 06 (almost) and 07 review

_range_proof in step 06 is still to be reviewed
[24c5251] xmr: simplify serialization, remove Archive
[896cdeb] xmr: redundant exception removed
[cb3813a] xmr: serializer simplified
[471213b] xmr: serializer flake8 fix
[9d4df17] xmr: aescbc not needed
[52dd8b3] xmr: serializer - erefs kicked out
[9e3be78] xmr: sign cleanup, comments

- state cleanup, comments added, unused code removed
[164a7d6] xmr: sign step 09 - fix in_memory artifact, dead branch
[8fa4066] xmr: sign step 03 - permutation length check added
[55a593a] xmr: multisig removed from protocol and functions
[6470678] xmr: black styling
[0266440] xmr: step 03 review
[daf7b7d] xmr: step 02 review
xmr: adding agent tests to travis
[c752866] xmr: unused imports removed
[85115fd] xmr: serializer test fixed

- removed unsupported messages after serialization simplification
[6087475] xmr: sign step 06 - comment on bulletproof hashing

- hash_bp(bp) != hash(serialize(bp)) because hash does not contain array lengths
[4abb547] xmr: sign protocol - multisig logic removed
[813cb3a] xmr: lite protocol removed

- backup left in xmr-total-full-with-lite branch
[e5f5b5b] xmr: serialization slimming

- base types reduced, not needed for now
- some int serialization methods not used now
[fb515aa] xmr: serialization - archive simplified

- simple parameter passing, no kwargs
- unused methods removed
- reader/writer passing removed for archive methods
[ec4c4ad] xmr: KeccakXmrArchive simplified, no archive used

- getting rid of container_size. We dont use containers with fixed size so this special case can be abandoned.
- KeccakXmrArchive is lighweight without need to touch main serialization
[90065bd] xmr: serialization - serialize_archive removed

- custom serialization routine is not required at this moment
[b98c2f8] xmr: extra serialization refactored, manual serialization

- extra is serialized manually to reduce serialization overhead
- extra contains simple structures now:
  - payment ID = already serialized manually
  - tx pub key = easy to serialize manually
  - tx additional pub keys = serialized manually with little effort, more efficient memory usage
[8ce28a5] xmr: state 6 - provided tx keys removed

- needed only in the multisig scenario which is pruned now
[8d827f4] xmr: PreMlsagHasher pseudo out hashing fix
[49e552d] xmr: redundant import removed
[4199943] xmr: KeccakXmrArchive simplified
[69bbf5f] xmr: PreMlsagHasher - KeyV import removed, comment added
[9a194fa] xmr: step7 - manual hashing of Extra
[d8a0928] xmr: PreMlsagHasher state load/save removed

- not needed, state not serialized anymore
[d5f43fa] xmr: serialize reimport removed

- complex types are not surviving protocol boundary anymore, no need to fix hierarchy problems due to unimporting
[3b04561] xmr: serialize - TupleType removed
[b9a5698] xmr: serialization schemes simplified
[a59dbb8] xmr: HashWrapper removed
[d0d1f05] xmr: step 01 cleanup and comments
[8f7a778] xmr: isort, black, flake8 fixes
[14265eb] xmr: getting rid of CtKey from the state

- only lightweight objects are kept in the state. CtKey is import heavy object. Each set_out call locally imports a new own version of the Ctkey which causes a memory leak.
[c0cfc20] xmr: set_out minor function call fix
[c11c468] xmr: sign_tx unimport optimization to reduce fragmentation
[df0a1df] xmr: range_sig allocation reordering, large chunks first
[63cddd5] xmr: remove misc.StdObj
[8c8e3f3] xmr: proper memory usage in workflow
[9be1e0a] xmr: typos and renames
[87f718b] xmr: back to flat workflow
[6475133] xmr: refactor builder to seperate steps

- lot of work to be done, but the general idea will probably stay
- the messages workflow works, but the signed tx was not accepted by
daemon, so there is a bug somewhere
- additional cleanup/refactoring is defintely needed
[14b0a85] xmr: iface modified to layout
[27d568e] xmr: extmod refactoring

- *_into removed, replaced by generic methods
- point_add, point_sub added
- code cleanup (+1 squashed commit)
Squashed commits:
[fbe3949] monero support added

Squashed commits:
xmr: hmac/enc keys removed from builder
[41028df] xmr: unused function removed
[358573e] xmr: PR comments fixes
[4abf9dc] xmr: test fixes after refactoring
[192785a] template rebuilt
[57a1f25] xmr: wrapper protocol messages removed
[6f40ce1] xmr: trezor-common version bump & sync
[03e71de] xmr: check input permutation
[6fc8b0e] xmr: code cleanup, refactoring
[85ecc15] xmr: crypto code cleanup
[20b4113] xmr: chunked bulletproof vectors

- workaround for the heap fragmentation problems
[66786f9] tools: enable to reset class level indentation for mocks gen
[dc6f84a] xmr: extmod-monero comments added, for mocks
[b1d4ab1] xmr: code cleanup
[447a862] xmr: tsx confirmation raises exception on cancellation
[00dd8f6] xmr: protocol optimizations removed, flow unified

- in_memory optimization stored tx.vin parts in the memory which enabled to skip roundtrips with permutations and hash_vini. Optimizations was removed so the protocol flow is unified among inputs, independent of the tx specs

- many_inputs: optimization stored spending keys for UTXO in memory, now it is offloaded in the encrypted form.
[ea69c7a] vendor: trezor-common version bump & pb sync
[5d81c2a] xmr: manual BP serialization

- more memory effective as the memory is critical in the range proof section
[d64bda7] xmr: range_proof C-impl deprecated

- using now partitioned implementation in Python, which is also quite fast and easier to maintain due to allocations and buffers.
[18604e0] xmr: borromean range sig generated by partitions

- overcomes heap fragmentation problem
[65a5116] xmr: comments removed
[ca2bd0c] xmr: auto-generated intelliJ param comments removed
[a75ef32] xmr: code cleanup, heap fragmentations fixes

Squashed commits:
[d2ac2eb6] xmr: addr cleanup
[7e4c1a9c] xmr: code cleanup, heap fragmentations fixes
[93af8af] xmr: refactoring, typing, comments
[28df866] xmr: comment fix
[8b4f4d9] xmr: serializer test fix (+34 squashed commits)

Squashed commits:
[823ee19] xmr: crypto comment cleanup
[6debfb6] xmr: ring_ct cleanup
[759f52b] xmr: tsx signer code style, hintins
[0b175bc] xmr: tsx builder external state removed
[fee4a5a] xmr: builder state fix
[92736fa] xmr: sign_tx unimport
[a570ecb] xmr: misc code cleanup
[4a496bb] xmr: hash wrapper not needed in writer
[fefdb83] xmr: signer serialization improved
[8fa6eec] xmr: signer mem clean
[66c53fe] xmr: isort
[6996bd9] xmr: black
[59915a8] xmr: tsx input serialization refactored
[326af13] xmr: msg dump with prefix
[6e39801] xmr: manual serialization of tx prefix
[9e5e047] xmr: manual serialization improvements
[d07cee6] xmr: manual serialization of txout elements
[8d56c80] xmr: TxOut custom serialization optimized II
[c19ba12] xmr: TxOut custom serialization optimized
[ce0d9b0] xmr: TxOut manual serialization
[44e3834] xmr: sing_tx unimport
[61ac61b] xmr: lite log trace rename
[176b427] xmr: de-async overhaul
[89ae3ba] xmr: diag style
[5ccb2fb] xmr: wrappers cleanup
[aa86fb1] xmr: py3 only inheritance
[8031b1b] xmr: builder, log_trace -> mem_trace for clarity
[25bf70d] xmr: debugging logging only in debug mode
[c7c8d3c] xmr: iface cleanup
[b037339] xmr: lite debug only
[b1f6ce0] xmr: diag only in debug
[de7d718] xmr: tsx counter removed
[76729be] xmr: tsx_sign removed
[c6e6ffa] Merge commit 'ba500bf4ec1ef9cd953bdf5a47888c5226db8d0b' into xmr
[ee97ef9] xmr: minor code cleanup

xmr: black
xmr: minor code cleanup
[bae3ecac] xmr: bp comments
[5e812e6f] xmr: sign - mem_trace, pydoc
[7216a8c6] xmr: pydoc removed
[e87365f4] xmr: layout cleanup
[8d21d82e] xmr: redundant constructors removed
[9aa82bed] xmr: redundant comments removed
[9b926d6c] xmr: preludes removed
[bc9e77f1] xmr: readme update
[cf62047] xmr: aggregated bulletproofs + rsig offloading

xmr: change idx fix
xmr: iface refactoring, integrated address (+5 squashed commits)
xmr: layout pagination refactoring
xmr: addr - integrated address
pb: sync
vendor: trezor-common version bump
xmr: style fixes
xmr: handle sweep tsx correctly

- handle dummy change address correctly
xmr: integrated address generation
build: fix after trezor-crypto version bump
xmr: new protocol dispatch handlers
xmr: slip0010
[43cf4c3c] xmr: comment fix
xmr: extmod pointer aritm fix
xmr: _into api unified, result is the first parameter
xmr: bp cleanup
xmr: scalar nullity test fix
xmr: msg registration improved

- lite protocol optional
- diag protocol optional
xmr: unused imports (+33 squashed commits)
[b4d045ae] xmr: bp - noqa flake8 false positive
[2c79d4be] xmr: isort
[8b9d2835] xmr: code cleanup
[eb7496e9] xmr: iface - shorter timeouts for faster tests
[59520b63] xmr: ringct comment
[6b16088e] xmr: signer - comment fixes
[a08958e2] xmr: simple and bulletproof condition fix
[4e0289a9] vendor: trezor-common version bump
[de472e5a] xmr: black
[234d2249] xmr: lightening, fixes, KeccakXmrArchive

- builder keys
- unload mods before memory intensive operation
[abdec665] xmr: sign_tx logging
[989d8687] xmr: serialize lightening
[7d61f056] xmr: tsx sign refactoring, lightening

- wake_up state restore
- minimize import weight
[3a0daa8b] xmr: serialize thinning
[65ad1d2e] xmr: serialize thinning
[501221d5] xmr: bp - thinning
[3d980377] xmr: bp - generalization with proof_v8
[10d11d60] xmr: extended rsig - offloading protocol
[a8f5caa2] xmr: crypto - rsig params fix
[f5e130b8] xmr: crypto - inv8
[dbc3f9d8] xmr: rsig pb sync
[5748a13e] xmr: bp - data for bp4 fix (+18 squashed commits)

Squashed commits:
[5bcd54e3] xmr: bp - black
[e93e97dd] xmr: bp refactoring, large memory optimizations

- memoryview in __getitem__ requires new memory allocation so the refactored version uses to(), read() methods that can operate directly on buffers without need to create memory views.
[c30745a] xmr: bp - black
[f5c4069] xmr: bp - tests extended
[8dae75d] xmr: bp - get_exponent optim
[3e59ff8] xmr: bp - precomputations for 4 statements
[d1d2e29] xmr: bp - gc.collect
[1bb6b5b] xmr: bp - optimizations, streamlining
[2a2b0cb] xmr: bp - verification in log(MN) memory for 1 proof

- not allocating MN vectors
- sequential multiexec added for memory efficient verification
- bulletproofs: maintain -z4, -z5, and -y0 to avoid subtractions [8276d25]
- bulletproofs: merge multiexps as per sarang's new python code [acd64d2b]
[75aa7de] xmr: bp - memory optimization
[a10d05a] xmr: bp - deterministic mask generation init
[5060d6a] xmr: bp optimizations
[dd69eb1] xmr: bp - black
[19f0f64] xmr: bp - optimizations, power key vector
[2ba63f8] xmr: bp - minor cleanup, optimizations, scalarmultH
[31c9ca2] xmr: bp - mem clean
[3fc2c79] xmr: bp - memory save
[5b16c9c] bp: black
[f1040c97] xmr: crypto - memory leak fix
[ff863510] xmr: iface - flake
[6ebf69c2] xmr: lite - flake8, black
[eee55d62] xmr: bp - memory diag
[2767009b] xmr: bulletproofs upgrade, mainnet version, cleaning
[be6ebbd5] xmr: lite protocol
[d603e96d] xmr: pb sync
[5da15da9] vendor: trezor-common fix
[0373b97e] xmr: iface - output confirmation split, subaddr fix
[2cf32176] xmr: monero - subaddress fixed for index (0, 0)
[3bb8f08b] xmr: enc.aescbc added - for lite protocol (+1 squashed commit)
Squashed commits:
[011dbaab] TMP: trezor-common on master, crypto on ph4

- trezor-crypto on ph4r04 fork as it has all required stuff
- Lite protocol not merged in master, thus does not work in the PR
[795b34e] xmr: get_address fix
[2d39c90] xmr: bp - import fix (squashed commit)

Squashed commits:
[2d5c6ce] extmod: monero - reduce32 and ge25519_norm removed (squashed commit)

- not needed in trezor-core (+4 squashed commits)

Squashed commits:
[90e6b5c5] xmr: bp optimization
[4fda0d22] xmr: redundant ge_ functions removed
[68903767] xmr: crypto - sc_reduce32 not needed
[c8a6c80] xmr: test for inversion added (+12 squashed commits)

Squashed commits:
[378928db] xmr: adapting to new trezor-crypto
[8f4ff8c1] protob sync
[82dff70a] vendor: trezor-common version bump
[fabc67b3] extmod: monero - inversion mod curve order optimized a bit
[4f29fe4] xmr: import fix
[f6f8e30] xmr: bp - code cleanup
[d54b4f3] xmr: bp - memory cleaning
[1065abc] xmr: tsx_signer - bulletproofs fixes
[9f8a700] xmr: bp key vector iterator fix
[49c2597] xmr.serialize: bulletproof fix
[1ee7737] xmr: monero - format
[cf0a710] xmr: bp last mask fix (+20 squashed commits)

Squashed commits:
[fa1c362] xmr: black
[3f3e31f] xmr: bulletproofs added to signer
[d23d928] xmr: protocol.tsx_sign_builder - logger collects
[a28eb55] xmr: bp - memory optimizations
[d2fcb23] xmr: tests for bulletproofs added
[82eef14] xmr: bp - gc (+14 squashed commits)
Squashed commits:
[4cf70d9] xmr: bp - gc
[42877b0] xmr: bp - minor memory optimization
[2c612e4] xmr: bp - use sc_inv_into
[d7e9dab] xmr: bp - KeyVEval fix
[1523f40] xmr: bp - blacked
[b264a65] xmr: bp - KeyVEval - caching current element, avoid allocations
[83ba7a6] xmr: bp - memory view optimized
[b517906] xmr: bp - gc() during inversion
[92d37c8] xmr: bp - gc.collect() after expensive inversion
[e7fad55] xmr: bp - hashing memory optimization
[4c27815] xmr: bp - deterministic masks optimization, prove_s1 optim
[cbf74a7] xmr: bp - detect which modular inversion is usable
[8ea1ec4] xmr: better memory tracing for bulletproofs
[2f4dd55] xmr: bulletproofs added
[1928e2d] xmr: crypto - sc_inv_into added (+2 squashed commits)
Squashed commits:
[f895fa6] xmr: crypto - hash to existing buffer
[b76c6b0] xmr: crypto - in-place crypto functions added

- required for Bulletproof to minimize the heap fragmentation
[cab4366] extmod: monero - modular inversion mod curve order added (+2 squashed commits)
Squashed commits:
[52a6e48] extmod: monero - hash into buffer added
[695a382] extmod: monero module - muladd256_modm added

- required for Bulletproof
[3f4498d] xmr: crypto tests added

- basic unit tests for crypto, tests monero module and underlying trezor-crypto + basic address manipulation
[820d012] pb sync
[49eeddd] vendor: trezor-common version bump
[3038244] xmr: crypto - point norm not needed
[89701c4] tests: xmr - serializer tests added
[bfee46d] tests: support async unit tests, assertListEqual added
[55c1448] xmr: serialize - serialization logic cleaned, refactored
[4b77163] xmr: simplification, do not ask to confirm change tx output

- change address checked to match main address in the builder
[f334d8a] xmr: protocol: simplification - require change address to equal the main address
[1a3416e] xmr: unpack256_modm_noreduce added

- 32B array to integer mod curve order, without modular reduction after conversion
- required for bulletproofs
[1c94b5d] xmr: readme added
[3cc9f9f] extmod/monero: mul256_modm added, required for BP
[5cf77a4] xmr: monero support added [for review]

depends on PRs:

trezor/trezor-crypto#162
trezor#286
hotfix for pypa/pipenv#3079 (comment)
This is already fixed in master and should be released soon,
therefore this can be removed after the next pipenv version is released.
@tsusanka tsusanka merged commit b4ca93e into trezor:master Oct 25, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants