add multisig core test and factor multisig building blocks

This commit is contained in:
moneromooo-monero 2017-09-26 23:16:25 +01:00
parent f4eda44ce3
commit 66e34e85b1
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3
17 changed files with 1019 additions and 127 deletions

View File

@ -114,6 +114,7 @@ add_subdirectory(ringct)
add_subdirectory(checkpoints)
add_subdirectory(cryptonote_basic)
add_subdirectory(cryptonote_core)
add_subdirectory(multisig)
if(NOT IOS)
add_subdirectory(blockchain_db)
endif()

View File

@ -59,6 +59,7 @@ target_link_libraries(cryptonote_core
common
cncrypto
blockchain_db
multisig
ringct
${Boost_DATE_TIME_LIBRARY}
${Boost_PROGRAM_OPTIONS_LIBRARY}

View File

@ -40,6 +40,7 @@ using namespace epee;
#include "crypto/crypto.h"
#include "crypto/hash.h"
#include "ringct/rctSigs.h"
#include "multisig/multisig.h"
using namespace crypto;
@ -72,21 +73,6 @@ namespace cryptonote
LOG_PRINT_L2("destinations include " << num_stdaddresses << " standard addresses and " << num_subaddresses << " subaddresses");
}
//---------------------------------------------------------------
bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki)
{
crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")");
crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec);
crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki);
return true;
}
//---------------------------------------------------------------
bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) {
tx.vin.clear();
tx.vout.clear();

View File

@ -0,0 +1,52 @@
# Copyright (c) 2017, The Monero Project
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are
# permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this list of
# conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice, this list
# of conditions and the following disclaimer in the documentation and/or other
# materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its contributors may be
# used to endorse or promote products derived from this software without specific
# prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set(multisig_sources
multisig.cpp)
set(multisig_headers)
set(multisig_private_headers
multisig.h)
monero_private_headers(multisig
${multisig_private_headers})
monero_add_library(multisig
${multisig_sources}
${multisig_headers}
${multisig_private_headers})
target_link_libraries(multisig
PUBLIC
ringct
cryptonote_basic
common
cncrypto
PRIVATE
${EXTRA_LIBRARIES})

152
src/multisig/multisig.cpp Normal file
View File

@ -0,0 +1,152 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <unordered_set>
#include "include_base_utils.h"
#include "crypto/crypto.h"
#include "ringct/rctOps.h"
#include "cryptonote_basic/account.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "multisig.h"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "multisig"
using namespace std;
namespace cryptonote
{
//-----------------------------------------------------------------
bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki)
{
crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")");
crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec);
crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki);
return true;
}
//-----------------------------------------------------------------
void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
{
// the multisig spend public key is the sum of all spend public keys
multisig_keys.clear();
spend_pkey = rct::pk2rct(keys.m_account_address.m_spend_public_key);
for (const auto &k: spend_keys)
rct::addKeys(spend_pkey, spend_pkey, rct::pk2rct(k));
multisig_keys.push_back(keys.m_spend_secret_key);
spend_skey = rct::sk2rct(keys.m_spend_secret_key);
}
//-----------------------------------------------------------------
void generate_multisig_N1_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
{
multisig_keys.clear();
spend_pkey = rct::identity();
spend_skey = rct::zero();
// create all our composite private keys
for (const auto &k: spend_keys)
{
rct::keyV data;
data.push_back(rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(keys.m_spend_secret_key)));
static const rct::key salt = { {'M', 'u', 'l', 't' , 'i', 's', 'i', 'g' , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } };
data.push_back(salt);
rct::key msk = rct::hash_to_scalar(data);
multisig_keys.push_back(rct::rct2sk(msk));
sc_add(spend_skey.bytes, spend_skey.bytes, msk.bytes);
}
}
//-----------------------------------------------------------------
crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys)
{
crypto::hash hash;
crypto::cn_fast_hash(&skey, sizeof(crypto::hash), hash);
rct::key view_skey = rct::hash2rct(hash);
for (const auto &k: skeys)
sc_add(view_skey.bytes, view_skey.bytes, rct::sk2rct(k).bytes);
return rct::rct2sk(view_skey);
}
//-----------------------------------------------------------------
crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys)
{
rct::key spend_public_key = rct::identity();
for (const auto &pk: pkeys)
{
rct::addKeys(spend_public_key, spend_public_key, rct::pk2rct(pk));
}
return rct::rct2pk(spend_public_key);
}
//-----------------------------------------------------------------
bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index)
{
if (multisig_key_index >= keys.m_multisig_keys.size())
return false;
if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki))
return false;
// we got the ephemeral keypair, but the key image isn't right as it's done as per our private spend key, which is multisig
crypto::generate_key_image(in_ephemeral.pub, keys.m_multisig_keys[multisig_key_index], ki);
return true;
}
//-----------------------------------------------------------------
void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R)
{
rct::scalarmultBase((rct::key&)L, rct::sk2rct(k));
crypto::generate_key_image(pkey, k, (crypto::key_image&)R);
}
//-----------------------------------------------------------------
bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector<crypto::key_image> &pkis, crypto::key_image &ki)
{
cryptonote::keypair in_ephemeral;
if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki))
return false;
std::unordered_set<crypto::key_image> used;
for (size_t m = 0; m < keys.m_multisig_keys.size(); ++m)
{
crypto::key_image pki;
bool r = cryptonote::generate_multisig_key_image(keys, tx_public_key, real_output_index, in_ephemeral, pki, m);
if (!r)
return false;
used.insert(pki);
}
for (const auto &pki: pkis)
{
if (used.find(pki) == used.end())
{
used.insert(pki);
rct::addKeys((rct::key&)ki, rct::ki2rct(ki), rct::ki2rct(pki));
}
}
return true;
}
//-----------------------------------------------------------------
}

50
src/multisig/multisig.h Normal file
View File

@ -0,0 +1,50 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#pragma once
#include <vector>
#include <unordered_map>
#include "crypto/crypto.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "ringct/rctTypes.h"
namespace cryptonote
{
struct account_keys;
bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki);
void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
void generate_multisig_N1_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys);
crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys);
bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index);
void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R);
bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector<crypto::key_image> &pkis, crypto::key_image &ki);
}

View File

@ -868,22 +868,9 @@ bool simple_wallet::finalize_multisig(const std::vector<std::string> &args)
return true;
}
// parse all multisig info
std::unordered_set<crypto::public_key> public_keys;
std::vector<crypto::public_key> signers(args.size(), crypto::null_pkey);
for (size_t i = 0; i < args.size(); ++i)
{
if (!tools::wallet2::verify_extra_multisig_info(args[i], public_keys, signers[i]))
{
fail_msg_writer() << tr("Bad multisig info: ") << args[i];
return true;
}
}
// we have all pubkeys now
try
{
if (!m_wallet->finalize_multisig(orig_pwd_container->password(), public_keys, signers))
if (!m_wallet->finalize_multisig(orig_pwd_container->password(), args))
{
fail_msg_writer() << tr("Failed to finalize multisig");
return true;

View File

@ -51,6 +51,7 @@ monero_add_library(wallet
${wallet_private_headers})
target_link_libraries(wallet
PUBLIC
multisig
common
cryptonote_core
mnemonics
@ -104,6 +105,7 @@ if (BUILD_GUI_DEPS)
set(libs_to_merge
wallet_api
wallet
multisig
cryptonote_core
cryptonote_basic
mnemonics

View File

@ -46,6 +46,7 @@ using namespace epee;
#include "rpc/core_rpc_server_commands_defs.h"
#include "misc_language.h"
#include "cryptonote_basic/cryptonote_basic_impl.h"
#include "multisig/multisig.h"
#include "common/boost_serialization_helper.h"
#include "common/command_line.h"
#include "common/threadpool.h"
@ -526,24 +527,9 @@ uint8_t get_bulletproof_fork(bool testnet)
return 255; // TODO
}
bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki)
{
crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub);
CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")");
crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec);
crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki);
return true;
}
bool wallet_generate_key_image_helper_old(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, bool multisig_export = false)
{
if (!generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki))
if (!cryptonote::generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki))
return false;
if (multisig_export)
{
@ -909,6 +895,12 @@ static uint64_t decodeRct(const rct::rctSig & rv, const crypto::key_derivation &
}
}
//----------------------------------------------------------------------------------------------------
bool wallet2::wallet_generate_key_image_helper_export(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index) const
{
THROW_WALLET_EXCEPTION_IF(multisig_key_index >= ack.m_multisig_keys.size(), error::wallet_internal_error, "Bad multisig_key_index");
return cryptonote::generate_multisig_key_image(ack, tx_public_key, real_output_index, in_ephemeral, ki, multisig_key_index);
}
//----------------------------------------------------------------------------------------------------
void wallet2::scan_output(const cryptonote::account_keys &keys, const cryptonote::transaction &tx, const crypto::public_key &tx_pub_key, size_t i, tx_scan_info_t &tx_scan_info, int &num_vouts_received, std::unordered_map<cryptonote::subaddress_index, uint64_t> &tx_money_got_in_outs, std::vector<size_t> &outs)
{
bool r;
@ -2804,29 +2796,11 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password,
rct::key spend_pkey, spend_skey;
if (threshold == spend_keys.size() + 1)
{
// the multisig spend public key is the sum of all spend public keys
spend_pkey = rct::pk2rct(get_account().get_keys().m_account_address.m_spend_public_key);
for (const auto &k: spend_keys)
rct::addKeys(spend_pkey, spend_pkey, rct::pk2rct(k));
multisig_keys.push_back(get_account().get_keys().m_spend_secret_key);
spend_skey = rct::sk2rct(get_account().get_keys().m_spend_secret_key);
cryptonote::generate_multisig_N_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey);
}
else if (threshold == spend_keys.size())
{
spend_pkey = rct::identity();
spend_skey = rct::zero();
// create all our composite private keys
for (const auto &k: spend_keys)
{
rct::keyV data;
data.push_back(rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(get_account().get_keys().m_spend_secret_key)));
static const rct::key salt = { {'M', 'u', 'l', 't' , 'i', 's', 'i', 'g' , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } };
data.push_back(salt);
rct::key msk = rct::hash_to_scalar(data);
multisig_keys.push_back(rct::rct2sk(msk));
sc_add(spend_skey.bytes, spend_skey.bytes, msk.bytes);
}
cryptonote::generate_multisig_N1_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey);
// We need an extra step, so we package all the composite public keys
// we know about, and make a signed string out of them
@ -2856,13 +2830,10 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password,
// the multisig view key is shared by all, make one all can derive
MINFO("Creating view key...");
crypto::cn_fast_hash(&get_account().get_keys().m_view_secret_key, sizeof(crypto::secret_key), hash);
rct::key view_skey = rct::hash2rct(hash);
for (const auto &k: view_keys)
sc_add(view_skey.bytes, view_skey.bytes, rct::sk2rct(k).bytes);
crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(get_account().get_keys().m_view_secret_key, view_keys);
MINFO("Creating multisig address...");
CHECK_AND_ASSERT_THROW_MES(m_account.make_multisig(rct::rct2sk(view_skey), rct::rct2sk(spend_skey), rct::rct2pk(spend_pkey), multisig_keys),
CHECK_AND_ASSERT_THROW_MES(m_account.make_multisig(view_skey, rct::rct2sk(spend_skey), rct::rct2pk(spend_pkey), multisig_keys),
"Failed to create multisig wallet due to bad keys");
m_account_public_address = m_account.get_keys().m_account_address;
@ -2916,15 +2887,12 @@ bool wallet2::finalize_multisig(const epee::wipeable_string &password, std::unor
CHECK_AND_ASSERT_THROW_MES(signers.size() == m_multisig_signers.size(), "Bad signers size");
rct::key spend_public_key = rct::identity();
for (const auto &pk: pkeys)
{
rct::addKeys(spend_public_key, spend_public_key, rct::pk2rct(pk));
}
crypto::public_key spend_public_key = cryptonote::generate_multisig_N1_N_spend_public_key(std::vector<crypto::public_key>(pkeys.begin(), pkeys.end()));
m_account_public_address.m_spend_public_key = spend_public_key;
m_account.finalize_multisig(spend_public_key);
m_multisig_signers = signers;
std::sort(m_multisig_signers.begin(), m_multisig_signers.end(), [](const crypto::public_key &e0, const crypto::public_key &e1){ return memcmp(&e0, &e1, sizeof(e0)); });
m_account_public_address.m_spend_public_key = rct::rct2pk(spend_public_key);
m_account.finalize_multisig(m_account_public_address.m_spend_public_key);
if (!m_wallet_file.empty())
{
@ -2946,14 +2914,20 @@ bool wallet2::finalize_multisig(const epee::wipeable_string &password, std::unor
return true;
}
bool wallet2::wallet_generate_key_image_helper_export(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index) const
bool wallet2::finalize_multisig(const epee::wipeable_string &password, const std::vector<std::string> &info)
{
THROW_WALLET_EXCEPTION_IF(multisig_key_index >= ack.m_multisig_keys.size(), error::wallet_internal_error, "Bad multisig_key_index");
if (!generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki))
return false;
// we got the ephemeral keypair, but the key image isn't right as it's done as per our private spend key, which is multisig
crypto::generate_key_image(in_ephemeral.pub, ack.m_multisig_keys[multisig_key_index], ki);
return true;
// parse all multisig info
std::unordered_set<crypto::public_key> public_keys;
std::vector<crypto::public_key> signers(info.size(), crypto::null_pkey);
for (size_t i = 0; i < info.size(); ++i)
{
if (!verify_extra_multisig_info(info[i], public_keys, signers[i]))
{
MERROR("Bad multisig info");
return false;
}
}
return finalize_multisig(password, public_keys, signers);
}
std::string wallet2::get_multisig_info() const
@ -4657,7 +4631,7 @@ bool wallet2::sign_multisig_tx(multisig_tx_set &exported_txs, std::vector<crypto
return true;
}
//----------------------------------------------------------------------------------------------------
bool wallet2::sign_multisig_tx_from_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector<crypto::hash> &txids)
bool wallet2::sign_multisig_tx_to_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector<crypto::hash> &txids)
{
bool r = sign_multisig_tx(exported_txs, txids);
if (!r)
@ -4684,7 +4658,7 @@ bool wallet2::sign_multisig_tx_from_file(const std::string &filename, std::vecto
LOG_PRINT_L1("Transactions rejected by callback");
return false;
}
return sign_multisig_tx_from_file(exported_txs, filename, txids);
return sign_multisig_tx_to_file(exported_txs, filename, txids);
}
//----------------------------------------------------------------------------------------------------
uint64_t wallet2::get_fee_multiplier(uint32_t priority, int fee_algorithm)
@ -5591,7 +5565,7 @@ void wallet2::transfer_selected_rct(std::vector<cryptonote::tx_destination_entry
LOG_PRINT_L2("Creating supplementary multisig transaction");
cryptonote::transaction ms_tx;
auto sources_copy_copy = sources_copy;
bool r = cryptonote::construct_tx_with_tx_key(m_account.get_keys(), m_subaddresses, sources_copy_copy, splitted_dsts, change_dts.addr, extra, ms_tx, unlock_time,tx_key, additional_tx_keys, true, &msout);
bool r = cryptonote::construct_tx_with_tx_key(m_account.get_keys(), m_subaddresses, sources_copy_copy, splitted_dsts, change_dts.addr, extra, ms_tx, unlock_time,tx_key, additional_tx_keys, true, bulletproof, &msout);
LOG_PRINT_L2("constructed tx, r="<<r);
THROW_WALLET_EXCEPTION_IF(!r, error::tx_not_constructed, sources, splitted_dsts, unlock_time, m_testnet);
THROW_WALLET_EXCEPTION_IF(upper_transaction_size_limit <= get_object_blobsize(tx), error::tx_too_big, tx, upper_transaction_size_limit);
@ -8357,8 +8331,7 @@ rct::multisig_kLRki wallet2::get_multisig_kLRki(size_t n, const rct::key &k) con
CHECK_AND_ASSERT_THROW_MES(n < m_transfers.size(), "Bad m_transfers index");
rct::multisig_kLRki kLRki;
kLRki.k = k;
rct::scalarmultBase(kLRki.L, kLRki.k);
crypto::generate_key_image(m_transfers[n].get_public_key(), rct::rct2sk(kLRki.k), (crypto::key_image&)kLRki.R);
cryptonote::generate_multisig_LR(m_transfers[n].get_public_key(), rct::rct2sk(kLRki.k), (crypto::public_key&)kLRki.L, (crypto::public_key&)kLRki.R);
kLRki.ki = rct::ki2rct(m_transfers[n].m_key_image);
return kLRki;
}
@ -8399,32 +8372,13 @@ crypto::key_image wallet2::get_multisig_composite_key_image(size_t n) const
const transfer_details &td = m_transfers[n];
crypto::public_key tx_key = get_tx_pub_key_from_received_outs(td);
cryptonote::keypair in_ephemeral;
crypto::key_image ki;
bool r = wallet_generate_key_image_helper_old(get_account().get_keys(), tx_key, td.m_internal_output_index, in_ephemeral, ki);
CHECK_AND_ASSERT_THROW_MES(r, "Failed to generate key image");
std::unordered_set<crypto::key_image> used;
// insert the ones we start from
for (size_t m = 0; m < get_account().get_multisig_keys().size(); ++m)
{
crypto::key_image pki;
wallet_generate_key_image_helper_export(get_account().get_keys(), tx_key, td.m_internal_output_index, in_ephemeral, pki, m);
used.insert(pki);
}
std::vector<crypto::key_image> pkis;
for (const auto &info: td.m_multisig_info)
{
for (const auto &pki: info.m_partial_key_images)
{
// don't add duplicates again
if (used.find(pki) != used.end())
continue;
used.insert(pki);
rct::addKeys((rct::key&)ki, rct::ki2rct(ki), rct::ki2rct(pki));
}
}
pkis.push_back(pki);
bool r = cryptonote::generate_multisig_composite_key_image(get_account().get_keys(), tx_key, td.m_internal_output_index, pkis, ki);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "Failed to generate key image");
return ki;
}
//----------------------------------------------------------------------------------------------------

View File

@ -474,6 +474,10 @@ namespace tools
const std::vector<crypto::secret_key> &view_keys,
const std::vector<crypto::public_key> &spend_keys,
uint32_t threshold);
/*!
* \brief Finalizes creation of a multisig wallet
*/
bool finalize_multisig(const epee::wipeable_string &password, const std::vector<std::string> &info);
/*!
* \brief Finalizes creation of a multisig wallet
*/
@ -642,7 +646,7 @@ namespace tools
bool load_multisig_tx_from_file(const std::string &filename, multisig_tx_set &exported_txs, std::function<bool(const multisig_tx_set&)> accept_func = NULL);
bool sign_multisig_tx_from_file(const std::string &filename, std::vector<crypto::hash> &txids, std::function<bool(const multisig_tx_set&)> accept_func);
bool sign_multisig_tx(multisig_tx_set &exported_txs, std::vector<crypto::hash> &txids);
bool sign_multisig_tx_from_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector<crypto::hash> &txids);
bool sign_multisig_tx_to_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector<crypto::hash> &txids);
std::vector<pending_tx> create_unmixable_sweep_transactions(bool trusted_daemon);
bool check_connection(uint32_t *version = NULL, uint32_t timeout = 200000);
void get_transfers(wallet2::transfer_container& incoming_transfers) const;

View File

@ -2622,22 +2622,9 @@ namespace tools
return false;
}
// parse all multisig info
std::unordered_set<crypto::public_key> public_keys;
std::vector<crypto::public_key> signers(req.multisig_info.size(), crypto::null_pkey);
for (size_t i = 0; i < req.multisig_info.size(); ++i)
{
if (!m_wallet->verify_extra_multisig_info(req.multisig_info[i], public_keys, signers[i]))
{
er.code = WALLET_RPC_ERROR_CODE_BAD_MULTISIG_INFO;
er.message = std::string("Bad multisig_info info: ") + req.multisig_info[i];
return false;
}
}
try
{
if (!m_wallet->finalize_multisig(req.password, public_keys, signers))
if (!m_wallet->finalize_multisig(req.password, req.multisig_info))
{
er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR;
er.message = "Error calling finalize_multisig";

View File

@ -36,6 +36,7 @@ set(core_tests_sources
chaingen_main.cpp
double_spend.cpp
integer_overflow.cpp
multisig.cpp
ring_signature_1.cpp
transaction_tests.cpp
tx_validation.cpp
@ -52,6 +53,7 @@ set(core_tests_headers
double_spend.h
double_spend.inl
integer_overflow.h
multisig.h
ring_signature_1.h
transaction_tests.h
tx_validation.h
@ -63,6 +65,7 @@ add_executable(core_tests
${core_tests_headers})
target_link_libraries(core_tests
PRIVATE
multisig
cryptonote_core
p2p
version

View File

@ -505,6 +505,54 @@ inline bool do_replay_file(const std::string& filename)
cryptonote::account_base account; \
account.generate();
#define GENERATE_MULTISIG_ACCOUNT(account, threshold, total) \
CHECK_AND_ASSERT_MES(threshold >= 2 && threshold <= total, false, "Invalid multisig scheme"); \
std::vector<cryptonote::account_base> account(total); \
do \
{ \
for (size_t msidx = 0; msidx < total; ++msidx) \
account[msidx].generate(); \
std::unordered_set<crypto::public_key> all_multisig_keys; \
std::vector<std::vector<crypto::secret_key>> view_keys(total); \
std::vector<std::vector<crypto::public_key>> spend_keys(total); \
for (size_t msidx = 0; msidx < total; ++msidx) \
{ \
for (size_t msidx_inner = 0; msidx_inner < total; ++msidx_inner) \
{ \
if (msidx_inner != msidx) \
{ \
crypto::hash vkh; \
crypto::cn_fast_hash(&account[msidx_inner].get_keys().m_view_secret_key, sizeof(crypto::secret_key), vkh); \
view_keys[msidx].push_back((const crypto::secret_key&)vkh); \
spend_keys[msidx].push_back(account[msidx_inner].get_keys().m_account_address.m_spend_public_key); \
} \
} \
} \
for (size_t msidx = 0; msidx < total; ++msidx) \
{ \
std::vector<crypto::secret_key> multisig_keys; \
crypto::secret_key spend_skey; \
crypto::public_key spend_pkey; \
if (threshold == total) \
cryptonote::generate_multisig_N_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \
else \
cryptonote::generate_multisig_N1_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \
crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(account[msidx].get_keys().m_view_secret_key, view_keys[msidx]); \
account[msidx].make_multisig(view_skey, spend_skey, spend_pkey, multisig_keys); \
for (const auto &k: multisig_keys) \
all_multisig_keys.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k)))); \
} \
if (threshold < total) \
{ \
std::vector<crypto::public_key> spend_public_keys; \
for (const auto &k: all_multisig_keys) \
spend_public_keys.push_back(k); \
crypto::public_key spend_pkey = cryptonote::generate_multisig_N1_N_spend_public_key(spend_public_keys); \
for (size_t msidx = 0; msidx < total; ++msidx) \
account[msidx].finalize_multisig(spend_pkey); \
} \
} while(0)
#define MAKE_ACCOUNT(VEC_EVENTS, account) \
cryptonote::account_base account; \
account.generate(); \

View File

@ -199,6 +199,23 @@ int main(int argc, char* argv[])
GENERATE_AND_PLAY(gen_rct_tx_pre_rct_altered_extra);
GENERATE_AND_PLAY(gen_rct_tx_rct_altered_extra);
GENERATE_AND_PLAY(gen_multisig_tx_valid_22_1_2);
GENERATE_AND_PLAY(gen_multisig_tx_valid_22_2_1);
GENERATE_AND_PLAY(gen_multisig_tx_valid_33_1_23);
GENERATE_AND_PLAY(gen_multisig_tx_valid_33_3_21);
GENERATE_AND_PLAY(gen_multisig_tx_valid_23_1_2);
GENERATE_AND_PLAY(gen_multisig_tx_valid_23_1_3);
GENERATE_AND_PLAY(gen_multisig_tx_valid_23_2_1);
GENERATE_AND_PLAY(gen_multisig_tx_valid_23_2_3);
GENERATE_AND_PLAY(gen_multisig_tx_valid_45_1_234);
GENERATE_AND_PLAY(gen_multisig_tx_valid_89_3_1245789);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_23_1__no_threshold);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_45_5_23_no_threshold);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_22_1__no_threshold);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1__no_threshold);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_2_no_threshold);
GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_3_no_threshold);
el::Level level = (failed_tests.empty() ? el::Level::Info : el::Level::Error);
MLOG(level, "\nREPORT:");
MLOG(level, " Test run: " << tests_count);

View File

@ -41,6 +41,7 @@
#include "tx_validation.h"
#include "v2_tests.h"
#include "rct.h"
#include "multisig.h"
/************************************************************************/
/* */
/************************************************************************/

View File

@ -0,0 +1,460 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include "ringct/rctSigs.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "multisig/multisig.h"
#include "chaingen.h"
#include "multisig.h"
using namespace epee;
using namespace crypto;
using namespace cryptonote;
//#define NO_MULTISIG
//----------------------------------------------------------------------------------------------------------------------
// Tests
bool gen_multisig_tx_validation_base::generate_with(std::vector<test_event_entry>& events,
int mixin, uint64_t amount_paid, bool valid,
size_t threshold, size_t total, size_t creator, std::vector<size_t> signers,
const std::function<void(std::vector<tx_source_entry> &sources, std::vector<tx_destination_entry> &destinations)> &pre_tx,
const std::function<void(transaction &tx)> &post_tx) const
{
uint64_t ts_start = 1338224400;
bool r;
CHECK_AND_ASSERT_MES(total >= 2, false, "Bad scheme");
CHECK_AND_ASSERT_MES(threshold <= total, false, "Bad scheme");
CHECK_AND_ASSERT_MES(threshold >= total - 1, false, "Unsupported scheme");
#ifdef NO_MULTISIG
CHECK_AND_ASSERT_MES(total <= 5, false, "Unsupported scheme");
#endif
// given as 1 based for clarity
--creator;
for (size_t &signer: signers)
--signer;
CHECK_AND_ASSERT_MES(creator < total, false, "invalid creator");
for (size_t signer: signers)
CHECK_AND_ASSERT_MES(signer < total, false, "invalid signer");
#ifdef NO_MULTISIG
GENERATE_ACCOUNT(acc0);
GENERATE_ACCOUNT(acc1);
GENERATE_ACCOUNT(acc2);
GENERATE_ACCOUNT(acc3);
GENERATE_ACCOUNT(acc4);
account_base miner_account[5] = {acc0, acc1, acc2, acc3, acc4};
#else
GENERATE_MULTISIG_ACCOUNT(miner_account, threshold, total);
#endif
MAKE_GENESIS_BLOCK(events, blk_0, miner_account[creator], ts_start);
// create 8 miner accounts, and have them mine the next 8 blocks
// they will have a coinbase with a single out that's pseudo rct
const size_t n_coinbases = 8;
cryptonote::account_base miner_accounts[n_coinbases];
const cryptonote::block *prev_block = &blk_0;
cryptonote::block blocks[n_coinbases];
for (size_t n = 0; n < n_coinbases; ++n) {
// the first block goes to the multisig account
miner_accounts[n].generate();
account_base &account = n == 0 ? miner_account[creator] : miner_accounts[n];
CHECK_AND_ASSERT_MES(generator.construct_block_manually(blocks[n], *prev_block, account,
test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs,
4, 4, prev_block->timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long
crypto::hash(), 0, transaction(), std::vector<crypto::hash>(), 0, 1, 4),
false, "Failed to generate block");
events.push_back(blocks[n]);
prev_block = blocks + n;
LOG_PRINT_L0("Initial miner tx " << n << ": " << obj_to_json_str(blocks[n].miner_tx));
LOG_PRINT_L0("in block: " << obj_to_json_str(blocks[n]));
}
// rewind
cryptonote::block blk_r, blk_last;
{
blk_last = blocks[n_coinbases - 1];
for (size_t i = 0; i < CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW; ++i)
{
cryptonote::block blk;
CHECK_AND_ASSERT_MES(generator.construct_block_manually(blk, blk_last, miner_accounts[0],
test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs,
4, 4, blk_last.timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long
crypto::hash(), 0, transaction(), std::vector<crypto::hash>(), 0, 1, 4),
false, "Failed to generate block");
events.push_back(blk);
blk_last = blk;
}
blk_r = blk_last;
}
const crypto::public_key tx_pub_key = get_tx_pub_key_from_extra(blocks[0].miner_tx);
MDEBUG("tx_pub_key: " << tx_pub_key);
const crypto::public_key output_pub_key = boost::get<txout_to_key>(blocks[0].miner_tx.vout[0].target).key;
MDEBUG("output_pub_key: " << output_pub_key);
cryptonote::keypair in_ephemeral;
#ifndef NO_MULTISIG
// create k/L/R/ki for that output we're going to spend
std::vector<std::vector<crypto::secret_key>> account_k(total);
std::vector<std::vector<crypto::public_key>> account_L(total);
std::vector<std::vector<crypto::public_key>> account_R(total);
std::vector<std::vector<crypto::key_image>> account_ki(total);
for (size_t msidx = 0; msidx < total; ++msidx)
{
size_t nlr = threshold < total ? threshold - 1 : 1;
account_L[msidx].resize(nlr);
account_R[msidx].resize(nlr);
for (size_t n = 0; n < nlr; ++n)
{
account_k[msidx].push_back(rct::rct2sk(rct::skGen()));
cryptonote::generate_multisig_LR(output_pub_key, account_k[msidx][n], account_L[msidx][n], account_R[msidx][n]);
}
size_t numki = miner_account[msidx].get_multisig_keys().size();
account_ki[msidx].resize(numki);
for (size_t kiidx = 0; kiidx < numki; ++kiidx)
{
r = cryptonote::generate_multisig_key_image(miner_account[msidx].get_keys(), tx_pub_key, 0, in_ephemeral, account_ki[msidx][kiidx], kiidx);
CHECK_AND_ASSERT_MES(r, false, "Failed to generate multisig export key image");
}
MDEBUG("Party " << msidx << ":");
MDEBUG("spend: sec " << miner_account[msidx].get_keys().m_spend_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_spend_public_key);
MDEBUG("view: sec " << miner_account[msidx].get_keys().m_view_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_view_public_key);
for (const auto &k: miner_account[msidx].get_multisig_keys())
MDEBUG("msk: " << k);
for (size_t n = 0; n < account_k[msidx].size(); ++n)
{
MDEBUG("k: " << account_k[msidx][n]);
MDEBUG("L: " << account_L[msidx][n]);
MDEBUG("R: " << account_R[msidx][n]);
}
for (const auto &ki: account_ki[msidx])
MDEBUG("ki: " << ki);
}
#endif
// create kLRki
rct::multisig_kLRki kLRki;
#ifdef NO_MULTISIG
kLRki = {rct::zero(), rct::zero(), rct::zero(), rct::zero()};
#else
kLRki.k = rct::sk2rct(account_k[creator][0]);
kLRki.L = rct::pk2rct(account_L[creator][0]);
kLRki.R = rct::pk2rct(account_R[creator][0]);
MDEBUG("Starting with k " << kLRki.k);
MDEBUG("Starting with L " << kLRki.L);
MDEBUG("Starting with R " << kLRki.R);
std::unordered_set<crypto::public_key> used_L;
for (size_t msidx = 0; msidx < total; ++msidx)
{
if (msidx == creator)
continue;
if (std::find(signers.begin(), signers.end(), msidx) == signers.end())
continue;
for (size_t lr = 0; lr < account_L[msidx].size(); ++lr)
{
if (used_L.find(account_L[msidx][lr]) == used_L.end())
{
used_L.insert(account_L[msidx][lr]);
MDEBUG("Adding L " << account_L[msidx][lr] << " (for k " << account_k[msidx][lr] << ")");
MDEBUG("Adding R " << account_R[msidx][lr]);
rct::addKeys((rct::key&)kLRki.L, kLRki.L, rct::pk2rct(account_L[msidx][lr]));
rct::addKeys((rct::key&)kLRki.R, kLRki.R, rct::pk2rct(account_R[msidx][lr]));
break;
}
}
}
std::vector<crypto::key_image> pkis;
for (size_t msidx = 0; msidx < total; ++msidx)
for (size_t n = 0; n < account_ki[msidx].size(); ++n)
pkis.push_back(account_ki[msidx][n]);
r = cryptonote::generate_multisig_composite_key_image(miner_account[0].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)kLRki.ki);
CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image");
MDEBUG("composite ki: " << kLRki.ki);
MDEBUG("L: " << kLRki.L);
MDEBUG("R: " << kLRki.R);
for (size_t n = 1; n < total; ++n)
{
rct::key ki;
r = cryptonote::generate_multisig_composite_key_image(miner_account[n].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)ki);
CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image");
CHECK_AND_ASSERT_MES(kLRki.ki == ki, false, "Composite key images do not match");
}
#endif
// create a tx: we have 8 outputs, all from coinbase, so "fake" rct
std::vector<tx_source_entry> sources;
sources.resize(1);
tx_source_entry& src = sources.back();
src.real_output = 0;
src.amount = blocks[0].miner_tx.vout[0].amount;
src.real_out_tx_key = tx_pub_key;
src.real_output_in_tx_index = 0;
src.mask = rct::identity();
src.rct = true;
src.multisig_kLRki = kLRki;
for (int m = 0; m <= mixin; ++m)
{
rct::ctkey ctkey;
ctkey.dest = rct::pk2rct(boost::get<txout_to_key>(blocks[m].miner_tx.vout[0].target).key);
MDEBUG("using " << (m == 0 ? "real" : "fake") << " input " << ctkey.dest);
ctkey.mask = rct::commit(blocks[m].miner_tx.vout[0].amount, rct::identity()); // since those are coinbases, the masks are known
src.outputs.push_back(std::make_pair(m, ctkey));
}
//fill outputs entry
tx_destination_entry td;
td.addr = miner_account[creator].get_keys().m_account_address;
td.amount = amount_paid;
std::vector<tx_destination_entry> destinations;
destinations.push_back(td);
if (pre_tx)
pre_tx(sources, destinations);
transaction tx;
crypto::secret_key tx_key;
#ifdef NO_MULTISIG
rct::multisig_out *msoutp = NULL;
#else
rct::multisig_out msout;
rct::multisig_out *msoutp = &msout;
#endif
std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
subaddresses[miner_account[creator].get_keys().m_account_address.m_spend_public_key] = {0,0};
std::vector<crypto::secret_key> additional_tx_keys;
r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_keys, true, false, msoutp);
CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction");
#ifndef NO_MULTISIG
// sign
std::unordered_set<crypto::secret_key> used_keys;
const std::vector<crypto::secret_key> &msk0 = miner_account[creator].get_multisig_keys();
for (const auto &sk: msk0)
used_keys.insert(sk);
for (size_t signer: signers)
{
rct::key skey = rct::zero();
const std::vector<crypto::secret_key> &msk1 = miner_account[signer].get_multisig_keys();
for (size_t n = 0; n < msk1.size(); ++n)
{
const crypto::secret_key &sk1 = msk1[n];
if (used_keys.find(sk1) == used_keys.end())
{
used_keys.insert(sk1);
sc_add(skey.bytes, skey.bytes, rct::sk2rct(sk1).bytes);
}
}
CHECK_AND_ASSERT_MES(!(skey == rct::zero()), false, "failed to find secret multisig key to sign transaction");
std::vector<unsigned int> indices;
for (const auto &src: sources)
indices.push_back(src.real_output);
rct::keyV k;
k.push_back(rct::zero());
for (size_t n = 0; n < account_k[signer].size(); ++n)
{
crypto::public_key L;
rct::scalarmultBase((rct::key&)L, rct::sk2rct(account_k[signer][n]));
if (used_L.find(L) != used_L.end())
{
sc_add(k.back().bytes, k.back().bytes, rct::sk2rct(account_k[signer][n]).bytes);
}
}
CHECK_AND_ASSERT_MES(!(k.back() == rct::zero()), false, "failed to find k to sign transaction");
MDEBUG("signing with k size " << k.size());
MDEBUG("signing with k " << k.back());
MDEBUG("signing with sk " << skey);
for (const auto &sk: used_keys)
MDEBUG(" created with sk " << sk);
MDEBUG("signing with c size " << msout.c.size());
MDEBUG("signing with c " << msout.c.back());
r = rct::signMultisig(tx.rct_signatures, indices, k, msout, skey);
CHECK_AND_ASSERT_MES(r, false, "failed to sign transaction");
}
#endif
// verify this tx is really to the expected address
const crypto::public_key tx_pub_key2 = get_tx_pub_key_from_extra(tx, 0);
crypto::key_derivation derivation;
r = crypto::generate_key_derivation(tx_pub_key2, miner_account[creator].get_keys().m_view_secret_key, derivation);
CHECK_AND_ASSERT_MES(r, false, "Failed to generate derivation");
uint64_t n_outs = 0, amount = 0;
std::vector<crypto::key_derivation> additional_derivations;
for (size_t n = 0; n < tx.vout.size(); ++n)
{
CHECK_AND_ASSERT_MES(typeid(txout_to_key) == tx.vout[n].target.type(), false, "Unexpected tx out type");
if (is_out_to_acc_precomp(subaddresses, boost::get<txout_to_key>(tx.vout[n].target).key, derivation, additional_derivations, n))
{
++n_outs;
CHECK_AND_ASSERT_MES(tx.vout[n].amount == 0, false, "Destination amount is not zero");
rct::key Ctmp;
crypto::secret_key scalar1;
crypto::derivation_to_scalar(derivation, n, scalar1);
rct::ecdhTuple ecdh_info = tx.rct_signatures.ecdhInfo[n];
rct::ecdhDecode(ecdh_info, rct::sk2rct(scalar1));
rct::key C = tx.rct_signatures.outPk[n].mask;
rct::addKeys2(Ctmp, ecdh_info.mask, ecdh_info.amount, rct::H);
CHECK_AND_ASSERT_MES(rct::equalKeys(C, Ctmp), false, "Failed to decode amount");
amount += rct::h2d(ecdh_info.amount);
}
}
CHECK_AND_ASSERT_MES(n_outs == 1, false, "Not exactly 1 output was received");
CHECK_AND_ASSERT_MES(amount == amount_paid, false, "Amount paid was not the expected amount");
if (post_tx)
post_tx(tx);
if (!valid)
DO_CALLBACK(events, "mark_invalid_tx");
events.push_back(tx);
LOG_PRINT_L0("Test tx: " << obj_to_json_str(tx));
return true;
}
bool gen_multisig_tx_valid_22_1_2::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 2, 1, {2}, NULL, NULL);
}
bool gen_multisig_tx_valid_22_2_1::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 2, 2, {1}, NULL, NULL);
}
bool gen_multisig_tx_valid_33_1_23::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 3, 3, 1, {2, 3}, NULL, NULL);
}
bool gen_multisig_tx_valid_33_3_21::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 3, 3, 3, {2, 1}, NULL, NULL);
}
bool gen_multisig_tx_valid_23_1_2::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {2}, NULL, NULL);
}
bool gen_multisig_tx_valid_23_1_3::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {3}, NULL, NULL);
}
bool gen_multisig_tx_valid_23_2_1::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {1}, NULL, NULL);
}
bool gen_multisig_tx_valid_23_2_3::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {3}, NULL, NULL);
}
bool gen_multisig_tx_valid_45_1_234::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 4, 5, 1, {2, 3, 4}, NULL, NULL);
}
bool gen_multisig_tx_valid_89_3_1245789::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, true, 8, 9, 3, {1, 2, 4, 5, 7, 8, 9}, NULL, NULL);
}
bool gen_multisig_tx_invalid_22_1__no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 2, 2, 1, {}, NULL, NULL);
}
bool gen_multisig_tx_invalid_33_1__no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {}, NULL, NULL);
}
bool gen_multisig_tx_invalid_33_1_2_no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {2}, NULL, NULL);
}
bool gen_multisig_tx_invalid_33_1_3_no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {3}, NULL, NULL);
}
bool gen_multisig_tx_invalid_23_1__no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 2, 3, 1, {}, NULL, NULL);
}
bool gen_multisig_tx_invalid_45_5_23_no_threshold::generate(std::vector<test_event_entry>& events) const
{
const int mixin = 4;
const uint64_t amount_paid = 10000;
return generate_with(events, mixin, amount_paid, false, 4, 5, 5, {2, 3}, NULL, NULL);
}

187
tests/core_tests/multisig.h Normal file
View File

@ -0,0 +1,187 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#pragma once
#include "chaingen.h"
struct gen_multisig_tx_validation_base : public test_chain_unit_base
{
gen_multisig_tx_validation_base()
: m_invalid_tx_index(0)
, m_invalid_block_index(0)
{
REGISTER_CALLBACK_METHOD(gen_multisig_tx_validation_base, mark_invalid_tx);
REGISTER_CALLBACK_METHOD(gen_multisig_tx_validation_base, mark_invalid_block);
}
bool check_tx_verification_context(const cryptonote::tx_verification_context& tvc, bool tx_added, size_t event_idx, const cryptonote::transaction& /*tx*/)
{
if (m_invalid_tx_index == event_idx)
return tvc.m_verifivation_failed;
else
return !tvc.m_verifivation_failed && tx_added;
}
bool check_block_verification_context(const cryptonote::block_verification_context& bvc, size_t event_idx, const cryptonote::block& /*block*/)
{
if (m_invalid_block_index == event_idx)
return bvc.m_verifivation_failed;
else
return !bvc.m_verifivation_failed;
}
bool mark_invalid_block(cryptonote::core& /*c*/, size_t ev_index, const std::vector<test_event_entry>& /*events*/)
{
m_invalid_block_index = ev_index + 1;
return true;
}
bool mark_invalid_tx(cryptonote::core& /*c*/, size_t ev_index, const std::vector<test_event_entry>& /*events*/)
{
m_invalid_tx_index = ev_index + 1;
return true;
}
bool generate_with(std::vector<test_event_entry>& events, int mixin,
uint64_t amount_paid, bool valid,
size_t threshold, size_t total, size_t creator, std::vector<size_t> signers,
const std::function<void(std::vector<cryptonote::tx_source_entry> &sources, std::vector<cryptonote::tx_destination_entry> &destinations)> &pre_tx,
const std::function<void(cryptonote::transaction &tx)> &post_tx) const;
private:
size_t m_invalid_tx_index;
size_t m_invalid_block_index;
};
template<>
struct get_test_options<gen_multisig_tx_validation_base> {
const std::pair<uint8_t, uint64_t> hard_forks[3] = {std::make_pair(1, 0), std::make_pair(4, 1), std::make_pair(0, 0)};
const cryptonote::test_options test_options = {
hard_forks
};
};
// valid
struct gen_multisig_tx_valid_22_1_2: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_22_1_2>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_22_2_1: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_22_2_1>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_33_1_23: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_33_1_23>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_33_3_21: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_33_3_21>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_23_1_2: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_23_1_2>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_23_1_3: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_23_1_3>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_23_2_1: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_23_2_1>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_23_2_3: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_23_2_3>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_45_1_234: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_45_1_234>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_valid_89_3_1245789: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_valid_89_3_1245789>: public get_test_options<gen_multisig_tx_validation_base> {};
// invalid
struct gen_multisig_tx_invalid_22_1__no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_22_1__no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_invalid_33_1__no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_33_1__no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_invalid_33_1_2_no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_33_1_2_no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_invalid_33_1_3_no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_33_1_3_no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_invalid_23_1__no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_23_1__no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};
struct gen_multisig_tx_invalid_45_5_23_no_threshold: public gen_multisig_tx_validation_base
{
bool generate(std::vector<test_event_entry>& events) const;
};
template<> struct get_test_options<gen_multisig_tx_invalid_45_5_23_no_threshold>: public get_test_options<gen_multisig_tx_validation_base> {};