carrot+fcmp: fix subaddress openings in KI devices and SAL code

Author: jeffro256

src/carrot_impl/key_image_device_composed.cpp

@@ -106,16 +106,19 @@ crypto::key_image key_image_device_composed::derive_key_image(const OutputOpenin
         case AddressDeriveType::Carrot:
             // K_s
             main_address_spend_pubkey = m_addr_dev.access_carrot_hierarchy_device().get_carrot_account_spend_pubkey();
-            // L_partial *= k^j_subscal
-            m_addr_dev.access_carrot_hierarchy_device().make_index_extension_generator(subaddr_index.index.major,
-                subaddr_index.index.minor,
-                carrot_address_index_extension_generator);
-            make_carrot_subaddress_scalar(main_address_spend_pubkey, 
-                carrot_address_index_extension_generator,
-                subaddr_index.index.major,
-                subaddr_index.index.minor,
-                carrot_subaddr_scalar);
-            partial_key_image = rct::scalarmultKey(partial_key_image, rct::sk2rct(carrot_subaddr_scalar));
+            if (subaddr_index.index.is_subaddress())
+            {
+                // L_partial *= k^j_subscal
+                m_addr_dev.access_carrot_hierarchy_device().make_index_extension_generator(subaddr_index.index.major,
+                    subaddr_index.index.minor,
+                    carrot_address_index_extension_generator);
+                make_carrot_subaddress_scalar(main_address_spend_pubkey,
+                    carrot_address_index_extension_generator,
+                    subaddr_index.index.major,
+                    subaddr_index.index.minor,
+                    carrot_subaddr_scalar);
+                partial_key_image = rct::scalarmultKey(partial_key_image, rct::sk2rct(carrot_subaddr_scalar));
+            }
             break;
         default:
             throw make_local_device_error{-2}("unrecognized address derive type");

src/carrot_impl/tx_builder_inputs.cpp

@@ -232,11 +232,18 @@ void make_sal_proof_any_to_carrot_v1(const crypto::hash &signable_tx_hash,
 
     // k^j_subscal = H_n(K_s, j_major, j_minor, s^j_gen)
     crypto::secret_key subaddress_scalar;
-    carrot::make_carrot_subaddress_scalar(main_address_spend_pubkey,
-        address_index_extension_generator,
-        subaddr_index.index.major,
-        subaddr_index.index.minor,
-        subaddress_scalar);
+    if (subaddr_index.index.is_subaddress())
+    {
+        carrot::make_carrot_subaddress_scalar(main_address_spend_pubkey,
+            address_index_extension_generator,
+            subaddr_index.index.major,
+            subaddr_index.index.minor,
+            subaddress_scalar);
+    }
+    else // main address
+    {
+        sc_1(to_bytes(subaddress_scalar));
+    }
 
     // k^j_g = k_gi * k^j_subscal
     crypto::secret_key address_privkey_g;

tests/core_tests/fcmp_pp.cpp

@@ -155,7 +155,7 @@ bool gen_fcmp_pp_tx_validation_base::generate_with(std::vector<test_event_entry>
   CHECK_AND_ASSERT_MES(r, false, "Failed to generate key image");
 
   // Source
-  const tools::wallet2::transfer_details wallet2_td{
+  const wallet2_basic::transfer_details wallet2_td{
       .m_block_height = 0,
       .m_tx = blocks[0].miner_tx,
       .m_txid = blocks[0].hash,

tests/unit_tests/carrot_fcmp.cpp

@@ -374,7 +374,7 @@ TEST(carrot_fcmp, receive_scan_spend_and_verify_serialized_carrot_tx)
     // derive input key images
     std::vector<crypto::key_image> sorted_input_key_images;
     carrot::get_sorted_input_key_images_from_proposal_v1(tx_proposal,
-        alice.key_image_dev,
+        alice.carrot_key_image_dev,
         sorted_input_key_images);
 
     // derive output enote set

tests/unit_tests/carrot_mock_helpers.h

@@ -79,11 +79,13 @@ struct mock_carrot_and_legacy_keys
     view_incoming_key_ram_borrowed_device k_view_incoming_dev;
     view_balance_secret_ram_borrowed_device s_view_balance_dev;
     generate_image_key_ram_borrowed_device k_generate_image_dev;
+    generate_image_key_ram_borrowed_device k_spend_generate_image_dev;
     generate_address_secret_ram_borrowed_device s_generate_address_dev;
     cryptonote_hierarchy_address_device_ram_borrowed cn_addr_dev;
     carrot_hierarchy_address_device_ram_borrowed carrot_addr_dev;
     hybrid_hierarchy_address_device_composed hybrid_addr_dev;
-    key_image_device_composed key_image_dev;
+    key_image_device_composed legacy_key_image_dev;
+    key_image_device_composed carrot_key_image_dev;
 
     std::unordered_map<crypto::public_key, subaddress_index_extended> subaddress_map;
 
@@ -93,22 +95,26 @@ struct mock_carrot_and_legacy_keys
         k_view_incoming_dev(legacy_acb.get_keys().m_view_secret_key),
         s_view_balance_dev(s_view_balance),
         k_generate_image_dev(k_generate_image),
+        k_spend_generate_image_dev(legacy_acb.get_keys().m_spend_secret_key),
         s_generate_address_dev(s_generate_address),
         cn_addr_dev(legacy_acb.get_keys().m_account_address.m_spend_public_key, legacy_acb.get_keys().m_view_secret_key),
         carrot_addr_dev(carrot_account_spend_pubkey, carrot_account_view_pubkey, legacy_acb.get_keys().m_account_address.m_view_public_key, s_generate_address),
         hybrid_addr_dev(&cn_addr_dev, &carrot_addr_dev),
-        key_image_dev(k_generate_image_dev, hybrid_addr_dev, &s_view_balance_dev, &k_view_incoming_dev)
+        legacy_key_image_dev(k_spend_generate_image_dev, hybrid_addr_dev, nullptr, &k_view_incoming_dev),
+        carrot_key_image_dev(k_generate_image_dev, hybrid_addr_dev, &s_view_balance_dev, &k_view_incoming_dev)
     {}
 
     mock_carrot_and_legacy_keys(const mock_carrot_and_legacy_keys &k):
         k_view_incoming_dev(legacy_acb.get_keys().m_view_secret_key),
         s_view_balance_dev(s_view_balance),
         k_generate_image_dev(k_generate_image),
+        k_spend_generate_image_dev(legacy_acb.get_keys().m_spend_secret_key),
         s_generate_address_dev(s_generate_address),
         cn_addr_dev(legacy_acb.get_keys().m_account_address.m_spend_public_key, legacy_acb.get_keys().m_view_secret_key),
         carrot_addr_dev(carrot_account_spend_pubkey, carrot_account_view_pubkey, legacy_acb.get_keys().m_account_address.m_view_public_key, s_generate_address),
         hybrid_addr_dev(&cn_addr_dev, &carrot_addr_dev),
-        key_image_dev(k_generate_image_dev, hybrid_addr_dev, &s_view_balance_dev, &k_view_incoming_dev)
+        legacy_key_image_dev(k_spend_generate_image_dev, hybrid_addr_dev, nullptr, &k_view_incoming_dev),
+        carrot_key_image_dev(k_generate_image_dev, hybrid_addr_dev, &s_view_balance_dev, &k_view_incoming_dev)
     {
         *this = k;
     }

tests/unit_tests/carrot_tx_builder.cpp

@@ -81,7 +81,7 @@ TEST(carrot_tx_builder, make_sal_proof_legacy_to_legacy_v1_mainaddr)
         .local_output_index = local_output_index
     };
 
-    const crypto::key_image expected_key_image = keys.key_image_dev.derive_key_image(opening_hint);
+    const crypto::key_image expected_key_image = keys.legacy_key_image_dev.derive_key_image(opening_hint);
 
     // fake output amount blinding factor in a hypothetical tx where we spent the aforementioned output
     const rct::key output_amount_blinding_factor = rct::skGen();
@@ -168,7 +168,7 @@ TEST(carrot_tx_builder, make_sal_proof_legacy_to_legacy_v1_subaddr)
         .local_output_index = local_output_index
     };
 
-    const crypto::key_image expected_key_image = keys.key_image_dev.derive_key_image(opening_hint);
+    const crypto::key_image expected_key_image = keys.legacy_key_image_dev.derive_key_image(opening_hint);
 
     // fake output amount blinding factor in a hypothetical tx where we spent the aforementioned output
     const rct::key output_amount_blinding_factor = rct::skGen();