From e52e2b21a324903d1482bc4f0607b15e9b94fa5e Mon Sep 17 00:00:00 2001
From: sowle <crypto.sowle@gmail.com>
Date: Fri, 22 Jul 2022 05:39:54 +0200
Subject: [PATCH] ZC_sig

---
 src/currency_core/blockchain_storage.cpp    |  2 +-
 src/currency_core/currency_basic.h          |  9 +++++----
 src/currency_core/currency_format_utils.cpp | 18 +++++++++++-------
 src/currency_core/currency_format_utils.h   |  2 +-
 src/wallet/wallet2_escrow.cpp               |  4 ++--
 tests/functional_tests/crypto_tests.cpp     |  1 -
 6 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/src/currency_core/blockchain_storage.cpp b/src/currency_core/blockchain_storage.cpp
index 50df812a..d807ede5 100644
--- a/src/currency_core/blockchain_storage.cpp
+++ b/src/currency_core/blockchain_storage.cpp
@@ -4698,7 +4698,7 @@ bool blockchain_storage::check_ms_input(const transaction& tx, size_t in_index,
       LOC_CHK(r, "failed to check extra signature for last out with TX_FLAG_SIGNATURE_MODE_SEPARATE");
     }
   }
-  VARIANT_CASE_CONST(zarcanum_sig, s);
+  VARIANT_CASE_CONST(ZC_sig, s);
   //@#@
   //TODO: don't forget about need_to_check_extra_sign
   VARIANT_SWITCH_END();
diff --git a/src/currency_core/currency_basic.h b/src/currency_core/currency_basic.h
index 9bda6c62..662c4ad1 100644
--- a/src/currency_core/currency_basic.h
+++ b/src/currency_core/currency_basic.h
@@ -323,7 +323,7 @@ namespace currency
     END_BOOST_SERIALIZATION()
   };
 
-  // txin_zarcanum_inputs contains several zarcanum_input instances and corresponds to one zarcanum_sig
+  // txin_zarcanum_inputs contains several zarcanum_input instances and corresponds to one ZC_sig
   struct txin_zarcanum_inputs
   {
     txin_zarcanum_inputs() {}
@@ -409,7 +409,8 @@ namespace currency
     END_BOOST_SERIALIZATION()
   };
 
-  struct zarcanum_sig
+  // Zarcanum-aware CLSAG signature
+  struct ZC_sig
   {
     struct input_proofs_t
     {
@@ -760,7 +761,7 @@ namespace currency
   };
 
 
-  typedef boost::variant<NLSAG_sig, void_sig, zarcanum_sig> signature_v;
+  typedef boost::variant<NLSAG_sig, void_sig, ZC_sig> signature_v;
 
 
 
@@ -1024,7 +1025,7 @@ SET_VARIANT_TAGS(currency::zarcanum_tx_data_v1, 39, "zarcanum_tx_data_v1");
 SET_VARIANT_TAGS(crypto::bpp_signature_serialized, 40, "bpp_signature_serialized");
 SET_VARIANT_TAGS(crypto::bppe_signature_serialized, 41, "bppe_signature_serialized");
 SET_VARIANT_TAGS(currency::NLSAG_sig, 42, "NLSAG_sig");
-SET_VARIANT_TAGS(currency::zarcanum_sig, 43, "zarcanum_sig");
+SET_VARIANT_TAGS(currency::ZC_sig, 43, "ZC_sig");
 SET_VARIANT_TAGS(currency::void_sig, 44, "void_sig");
 SET_VARIANT_TAGS(currency::zarcanum_outs_range_proof, 45, "zarcanum_outs_range_proof");
 
diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp
index 4e5180eb..c1e82236 100644
--- a/src/currency_core/currency_format_utils.cpp
+++ b/src/currency_core/currency_format_utils.cpp
@@ -1320,15 +1320,16 @@ namespace currency
     //std::vector<keypair> participants_derived_keys;
   };
   //--------------------------------------------------------------------------------
-  bool generate_zc_sig(const crypto::hash& tx_prefix_hash, const std::vector<const tx_source_entry*>& sources, const account_keys& sender_account_keys,
+  bool generate_ZC_sig(const crypto::hash& tx_prefix_hash, const std::vector<const tx_source_entry*>& sources, const account_keys& sender_account_keys,
     const std::vector<input_generation_context_data>& in_contexts, const crypto::scalar_t& blinding_masks_sum, const uint64_t tx_flags, transaction& tx)
   {
+    bool watch_only_mode = sender_account_keys.spend_secret_key == null_skey;
     CHECK_AND_ASSERT_MES(tx.vin.back().type() == typeid(txin_zarcanum_inputs), false, "Unexpected input type");
     txin_zarcanum_inputs& zarcanum_inputs = boost::get<txin_zarcanum_inputs>(tx.vin.back());
     CHECK_AND_ASSERT_MES(zarcanum_inputs.elements.size() == sources.size(), false, "sources size differs from zarcanum_inputs.elements size");
     CHECK_AND_ASSERT_MES(zarcanum_inputs.elements.size() == in_contexts.size(), false, "in_contexts size differs from zarcanum_inputs.elements size");
-    tx.signatures.push_back(zarcanum_sig());
-    zarcanum_sig& sig = boost::get<zarcanum_sig>(tx.signatures.back());
+    tx.signatures.push_back(ZC_sig());
+    ZC_sig& sig = boost::get<ZC_sig>(tx.signatures.back());
 
     crypto::hash tx_hash_for_signature = prepare_prefix_hash_for_sign(tx, tx.vin.size() - 1, tx_prefix_hash);
     CHECK_AND_ASSERT_MES(tx_hash_for_signature != null_hash, false, "prepare_prefix_hash_for_sign failed");
@@ -1343,10 +1344,13 @@ namespace currency
       CHECK_AND_ASSERT_MES(se.is_zarcanum(), false, "sources[" << i << "] contains a non-zarcanum input");
       zarcanum_input& in = zarcanum_inputs.elements[i];
       sig.input_proofs.emplace_back();
-      zarcanum_sig::input_proofs_t zsip = sig.input_proofs.back();
+      ZC_sig::input_proofs_t zsip = sig.input_proofs.back();
       sig.clsags_gg.emplace_back();
       crypto::CLSAG_GG_signature& clsag_gg = sig.clsags_gg.back();
 
+      if (watch_only_mode)
+        return true; // in this mode just append empty signatures
+
       if (ring_size == 0)
         ring_size = se.outputs.size();
       else
@@ -1392,7 +1396,7 @@ namespace currency
       for(size_t j = 0; j < ring_size; ++j)
         ring.emplace_back(se.outputs[j].stealth_address, se.outputs[j].amount_commitment);
 
-      bool r = crypto::generate_CLSAG_GG(tx_prefix_hash, ring, pseudo_out_amount_commitment, in.k_image, in_contexts[i].in_ephemeral.sec, se.real_out_amount_blinding_mask - blinding_mask, clsag_gg);
+      bool r = crypto::generate_CLSAG_GG(tx_prefix_hash, ring, pseudo_out_amount_commitment, in.k_image, in_contexts[i].in_ephemeral.sec, se.real_out_amount_blinding_mask - blinding_mask, se.real_output, clsag_gg);
       CHECK_AND_ASSERT_MES(r, false, "generate_CLSAG_GG failed for item " << i);
     }
 
@@ -1782,7 +1786,7 @@ namespace currency
     if (zc_sources.size())
     {
       // blinding_masks_sum is supposed to be sum(mask of all tx output) - sum(masks of all pseudo out commitments) 
-      generate_zc_sig(tx_prefix_hash, zc_sources, sender_account_keys, in_contexts, blinding_masks_sum, flags, tx);
+      generate_ZC_sig(tx_prefix_hash, zc_sources, sender_account_keys, in_contexts, blinding_masks_sum, flags, tx);
     }
 
 
@@ -3596,7 +3600,7 @@ namespace currency
     return false;
   }
   //--------------------------------------------------------------------------------
-  bool operator ==(const currency::zarcanum_sig& a, const currency::zarcanum_sig& b)
+  bool operator ==(const currency::ZC_sig& a, const currency::ZC_sig& b)
   {
     //@#@ TODO
     return false;
diff --git a/src/currency_core/currency_format_utils.h b/src/currency_core/currency_format_utils.h
index 8e488ba1..0182322f 100644
--- a/src/currency_core/currency_format_utils.h
+++ b/src/currency_core/currency_format_utils.h
@@ -58,7 +58,7 @@ namespace currency
   bool operator ==(const currency::extra_attachment_info& a, const currency::extra_attachment_info& b);
   bool operator ==(const currency::NLSAG_sig& a, const currency::NLSAG_sig& b);
   bool operator ==(const currency::void_sig& a, const currency::void_sig& b);
-  bool operator ==(const currency::zarcanum_sig& a, const currency::zarcanum_sig& b);
+  bool operator ==(const currency::ZC_sig& a, const currency::ZC_sig& b);
 
   typedef boost::multiprecision::uint128_t uint128_tl;
 
diff --git a/src/wallet/wallet2_escrow.cpp b/src/wallet/wallet2_escrow.cpp
index f59f828e..da42dfc0 100644
--- a/src/wallet/wallet2_escrow.cpp
+++ b/src/wallet/wallet2_escrow.cpp
@@ -261,7 +261,7 @@ bool wallet2::validate_escrow_release(const transaction& tx, bool release_type_n
     r = crypto::check_signature(tx_hash_for_signature, source_ms_out.keys[ms_out_key_b_index], signature[ms_out_key_b_index]);
     LOC_CHK(r, "B signature for multisig input is invalid");
   }
-  VARIANT_CASE_CONST(zarcanum_sig, s);
+  VARIANT_CASE_CONST(ZC_sig, s);
   //@#@
   VARIANT_CASE_THROW_ON_OTHER();
   VARIANT_SWITCH_END();
@@ -433,7 +433,7 @@ bool wallet2::validate_escrow_cancel_release(const currency::transaction& tx, co
     r = crypto::check_signature(tx_hash_for_signature, source_ms_out.keys[a_sign_index], signature[a_sign_index]);
     LOC_CHK(r, "A signature for multisig input is invalid");
   }
-  VARIANT_CASE_CONST(zarcanum_sig, s);
+  VARIANT_CASE_CONST(ZC_sig, s);
   //@#@
   VARIANT_CASE_THROW_ON_OTHER();
   VARIANT_SWITCH_END();
diff --git a/tests/functional_tests/crypto_tests.cpp b/tests/functional_tests/crypto_tests.cpp
index 716dc770..2a08499c 100644
--- a/tests/functional_tests/crypto_tests.cpp
+++ b/tests/functional_tests/crypto_tests.cpp
@@ -502,7 +502,6 @@ struct test_keeper_t
 
 #include "crypto_tests_performance.h"
 
-
 TEST(crypto, ge_scalarmult_vartime_p3)
 {
   // make sure that my ge_scalarmult_vartime_p3 gives the same result as ge_scalarmul_p3