diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index d8b0bf211..79d2a232d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -114,6 +114,7 @@ add_subdirectory(ringct) add_subdirectory(checkpoints) add_subdirectory(cryptonote_basic) add_subdirectory(cryptonote_core) +add_subdirectory(multisig) if(NOT IOS) add_subdirectory(blockchain_db) endif() diff --git a/src/cryptonote_core/CMakeLists.txt b/src/cryptonote_core/CMakeLists.txt index 169a38f0a..eeed881da 100644 --- a/src/cryptonote_core/CMakeLists.txt +++ b/src/cryptonote_core/CMakeLists.txt @@ -59,6 +59,7 @@ target_link_libraries(cryptonote_core common cncrypto blockchain_db + multisig ringct ${Boost_DATE_TIME_LIBRARY} ${Boost_PROGRAM_OPTIONS_LIBRARY} diff --git a/src/cryptonote_core/cryptonote_tx_utils.cpp b/src/cryptonote_core/cryptonote_tx_utils.cpp index 799c27e06..fb1f972b3 100644 --- a/src/cryptonote_core/cryptonote_tx_utils.cpp +++ b/src/cryptonote_core/cryptonote_tx_utils.cpp @@ -40,6 +40,7 @@ using namespace epee; #include "crypto/crypto.h" #include "crypto/hash.h" #include "ringct/rctSigs.h" +#include "multisig/multisig.h" using namespace crypto; @@ -72,21 +73,6 @@ namespace cryptonote LOG_PRINT_L2("destinations include " << num_stdaddresses << " standard addresses and " << num_subaddresses << " subaddresses"); } //--------------------------------------------------------------- - bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki) - { - crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation); - bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation); - CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")"); - - r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub); - CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")"); - - crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec); - - crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki); - return true; - } - //--------------------------------------------------------------- bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) { tx.vin.clear(); tx.vout.clear(); diff --git a/src/multisig/CMakeLists.txt b/src/multisig/CMakeLists.txt new file mode 100644 index 000000000..432865ad3 --- /dev/null +++ b/src/multisig/CMakeLists.txt @@ -0,0 +1,52 @@ +# Copyright (c) 2017, The Monero Project +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, are +# permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, this list +# of conditions and the following disclaimer in the documentation and/or other +# materials provided with the distribution. +# +# 3. Neither the name of the copyright holder nor the names of its contributors may be +# used to endorse or promote products derived from this software without specific +# prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +set(multisig_sources + multisig.cpp) + +set(multisig_headers) + +set(multisig_private_headers + multisig.h) + +monero_private_headers(multisig + ${multisig_private_headers}) + +monero_add_library(multisig + ${multisig_sources} + ${multisig_headers} + ${multisig_private_headers}) + +target_link_libraries(multisig + PUBLIC + ringct + cryptonote_basic + common + cncrypto + PRIVATE + ${EXTRA_LIBRARIES}) diff --git a/src/multisig/multisig.cpp b/src/multisig/multisig.cpp new file mode 100644 index 000000000..0a9933b13 --- /dev/null +++ b/src/multisig/multisig.cpp @@ -0,0 +1,152 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include +#include "include_base_utils.h" +#include "crypto/crypto.h" +#include "ringct/rctOps.h" +#include "cryptonote_basic/account.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "multisig.h" + +#undef MONERO_DEFAULT_LOG_CATEGORY +#define MONERO_DEFAULT_LOG_CATEGORY "multisig" + +using namespace std; + +namespace cryptonote +{ + //----------------------------------------------------------------- + bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki) + { + crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation); + bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation); + CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")"); + + r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub); + CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")"); + + crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec); + + crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki); + return true; + } + //----------------------------------------------------------------- + void generate_multisig_N_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey) + { + // the multisig spend public key is the sum of all spend public keys + multisig_keys.clear(); + spend_pkey = rct::pk2rct(keys.m_account_address.m_spend_public_key); + for (const auto &k: spend_keys) + rct::addKeys(spend_pkey, spend_pkey, rct::pk2rct(k)); + multisig_keys.push_back(keys.m_spend_secret_key); + spend_skey = rct::sk2rct(keys.m_spend_secret_key); + } + //----------------------------------------------------------------- + void generate_multisig_N1_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey) + { + multisig_keys.clear(); + spend_pkey = rct::identity(); + spend_skey = rct::zero(); + + // create all our composite private keys + for (const auto &k: spend_keys) + { + rct::keyV data; + data.push_back(rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(keys.m_spend_secret_key))); + static const rct::key salt = { {'M', 'u', 'l', 't' , 'i', 's', 'i', 'g' , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } }; + data.push_back(salt); + rct::key msk = rct::hash_to_scalar(data); + multisig_keys.push_back(rct::rct2sk(msk)); + sc_add(spend_skey.bytes, spend_skey.bytes, msk.bytes); + } + } + //----------------------------------------------------------------- + crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector &skeys) + { + crypto::hash hash; + crypto::cn_fast_hash(&skey, sizeof(crypto::hash), hash); + rct::key view_skey = rct::hash2rct(hash); + for (const auto &k: skeys) + sc_add(view_skey.bytes, view_skey.bytes, rct::sk2rct(k).bytes); + return rct::rct2sk(view_skey); + } + //----------------------------------------------------------------- + crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector &pkeys) + { + rct::key spend_public_key = rct::identity(); + for (const auto &pk: pkeys) + { + rct::addKeys(spend_public_key, spend_public_key, rct::pk2rct(pk)); + } + return rct::rct2pk(spend_public_key); + } + //----------------------------------------------------------------- + bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index) + { + if (multisig_key_index >= keys.m_multisig_keys.size()) + return false; + if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki)) + return false; + // we got the ephemeral keypair, but the key image isn't right as it's done as per our private spend key, which is multisig + crypto::generate_key_image(in_ephemeral.pub, keys.m_multisig_keys[multisig_key_index], ki); + return true; + } + //----------------------------------------------------------------- + void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R) + { + rct::scalarmultBase((rct::key&)L, rct::sk2rct(k)); + crypto::generate_key_image(pkey, k, (crypto::key_image&)R); + } + //----------------------------------------------------------------- + bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector &pkis, crypto::key_image &ki) + { + cryptonote::keypair in_ephemeral; + if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki)) + return false; + std::unordered_set used; + for (size_t m = 0; m < keys.m_multisig_keys.size(); ++m) + { + crypto::key_image pki; + bool r = cryptonote::generate_multisig_key_image(keys, tx_public_key, real_output_index, in_ephemeral, pki, m); + if (!r) + return false; + used.insert(pki); + } + for (const auto &pki: pkis) + { + if (used.find(pki) == used.end()) + { + used.insert(pki); + rct::addKeys((rct::key&)ki, rct::ki2rct(ki), rct::ki2rct(pki)); + } + } + return true; + } + //----------------------------------------------------------------- +} diff --git a/src/multisig/multisig.h b/src/multisig/multisig.h new file mode 100644 index 000000000..c5312182b --- /dev/null +++ b/src/multisig/multisig.h @@ -0,0 +1,50 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#pragma once + +#include +#include +#include "crypto/crypto.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "ringct/rctTypes.h" + +namespace cryptonote +{ + struct account_keys; + + bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki); + + void generate_multisig_N_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey); + void generate_multisig_N1_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey); + crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector &skeys); + crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector &pkeys); + bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index); + void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R); + bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector &pkis, crypto::key_image &ki); +} diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index ab09ace91..b0aec186c 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -868,22 +868,9 @@ bool simple_wallet::finalize_multisig(const std::vector &args) return true; } - // parse all multisig info - std::unordered_set public_keys; - std::vector signers(args.size(), crypto::null_pkey); - for (size_t i = 0; i < args.size(); ++i) - { - if (!tools::wallet2::verify_extra_multisig_info(args[i], public_keys, signers[i])) - { - fail_msg_writer() << tr("Bad multisig info: ") << args[i]; - return true; - } - } - - // we have all pubkeys now try { - if (!m_wallet->finalize_multisig(orig_pwd_container->password(), public_keys, signers)) + if (!m_wallet->finalize_multisig(orig_pwd_container->password(), args)) { fail_msg_writer() << tr("Failed to finalize multisig"); return true; diff --git a/src/wallet/CMakeLists.txt b/src/wallet/CMakeLists.txt index ab48bd7a2..2d664ba15 100644 --- a/src/wallet/CMakeLists.txt +++ b/src/wallet/CMakeLists.txt @@ -51,6 +51,7 @@ monero_add_library(wallet ${wallet_private_headers}) target_link_libraries(wallet PUBLIC + multisig common cryptonote_core mnemonics @@ -104,6 +105,7 @@ if (BUILD_GUI_DEPS) set(libs_to_merge wallet_api wallet + multisig cryptonote_core cryptonote_basic mnemonics diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 807248860..2bba6f9e1 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -46,6 +46,7 @@ using namespace epee; #include "rpc/core_rpc_server_commands_defs.h" #include "misc_language.h" #include "cryptonote_basic/cryptonote_basic_impl.h" +#include "multisig/multisig.h" #include "common/boost_serialization_helper.h" #include "common/command_line.h" #include "common/threadpool.h" @@ -526,24 +527,9 @@ uint8_t get_bulletproof_fork(bool testnet) return 255; // TODO } -bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki) -{ - crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation); - bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation); - CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")"); - - r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub); - CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index << ", " << ack.m_account_address.m_spend_public_key << ")"); - - crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec); - - crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki); - return true; -} - bool wallet_generate_key_image_helper_old(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, bool multisig_export = false) { - if (!generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki)) + if (!cryptonote::generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki)) return false; if (multisig_export) { @@ -909,6 +895,12 @@ static uint64_t decodeRct(const rct::rctSig & rv, const crypto::key_derivation & } } //---------------------------------------------------------------------------------------------------- +bool wallet2::wallet_generate_key_image_helper_export(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index) const +{ + THROW_WALLET_EXCEPTION_IF(multisig_key_index >= ack.m_multisig_keys.size(), error::wallet_internal_error, "Bad multisig_key_index"); + return cryptonote::generate_multisig_key_image(ack, tx_public_key, real_output_index, in_ephemeral, ki, multisig_key_index); +} +//---------------------------------------------------------------------------------------------------- void wallet2::scan_output(const cryptonote::account_keys &keys, const cryptonote::transaction &tx, const crypto::public_key &tx_pub_key, size_t i, tx_scan_info_t &tx_scan_info, int &num_vouts_received, std::unordered_map &tx_money_got_in_outs, std::vector &outs) { bool r; @@ -2804,29 +2796,11 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, rct::key spend_pkey, spend_skey; if (threshold == spend_keys.size() + 1) { - // the multisig spend public key is the sum of all spend public keys - spend_pkey = rct::pk2rct(get_account().get_keys().m_account_address.m_spend_public_key); - for (const auto &k: spend_keys) - rct::addKeys(spend_pkey, spend_pkey, rct::pk2rct(k)); - multisig_keys.push_back(get_account().get_keys().m_spend_secret_key); - spend_skey = rct::sk2rct(get_account().get_keys().m_spend_secret_key); + cryptonote::generate_multisig_N_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey); } else if (threshold == spend_keys.size()) { - spend_pkey = rct::identity(); - spend_skey = rct::zero(); - - // create all our composite private keys - for (const auto &k: spend_keys) - { - rct::keyV data; - data.push_back(rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(get_account().get_keys().m_spend_secret_key))); - static const rct::key salt = { {'M', 'u', 'l', 't' , 'i', 's', 'i', 'g' , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 } }; - data.push_back(salt); - rct::key msk = rct::hash_to_scalar(data); - multisig_keys.push_back(rct::rct2sk(msk)); - sc_add(spend_skey.bytes, spend_skey.bytes, msk.bytes); - } + cryptonote::generate_multisig_N1_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey); // We need an extra step, so we package all the composite public keys // we know about, and make a signed string out of them @@ -2856,13 +2830,10 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, // the multisig view key is shared by all, make one all can derive MINFO("Creating view key..."); - crypto::cn_fast_hash(&get_account().get_keys().m_view_secret_key, sizeof(crypto::secret_key), hash); - rct::key view_skey = rct::hash2rct(hash); - for (const auto &k: view_keys) - sc_add(view_skey.bytes, view_skey.bytes, rct::sk2rct(k).bytes); + crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(get_account().get_keys().m_view_secret_key, view_keys); MINFO("Creating multisig address..."); - CHECK_AND_ASSERT_THROW_MES(m_account.make_multisig(rct::rct2sk(view_skey), rct::rct2sk(spend_skey), rct::rct2pk(spend_pkey), multisig_keys), + CHECK_AND_ASSERT_THROW_MES(m_account.make_multisig(view_skey, rct::rct2sk(spend_skey), rct::rct2pk(spend_pkey), multisig_keys), "Failed to create multisig wallet due to bad keys"); m_account_public_address = m_account.get_keys().m_account_address; @@ -2916,15 +2887,12 @@ bool wallet2::finalize_multisig(const epee::wipeable_string &password, std::unor CHECK_AND_ASSERT_THROW_MES(signers.size() == m_multisig_signers.size(), "Bad signers size"); - rct::key spend_public_key = rct::identity(); - for (const auto &pk: pkeys) - { - rct::addKeys(spend_public_key, spend_public_key, rct::pk2rct(pk)); - } + crypto::public_key spend_public_key = cryptonote::generate_multisig_N1_N_spend_public_key(std::vector(pkeys.begin(), pkeys.end())); + m_account_public_address.m_spend_public_key = spend_public_key; + m_account.finalize_multisig(spend_public_key); + m_multisig_signers = signers; std::sort(m_multisig_signers.begin(), m_multisig_signers.end(), [](const crypto::public_key &e0, const crypto::public_key &e1){ return memcmp(&e0, &e1, sizeof(e0)); }); - m_account_public_address.m_spend_public_key = rct::rct2pk(spend_public_key); - m_account.finalize_multisig(m_account_public_address.m_spend_public_key); if (!m_wallet_file.empty()) { @@ -2946,14 +2914,20 @@ bool wallet2::finalize_multisig(const epee::wipeable_string &password, std::unor return true; } -bool wallet2::wallet_generate_key_image_helper_export(const cryptonote::account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index) const +bool wallet2::finalize_multisig(const epee::wipeable_string &password, const std::vector &info) { - THROW_WALLET_EXCEPTION_IF(multisig_key_index >= ack.m_multisig_keys.size(), error::wallet_internal_error, "Bad multisig_key_index"); - if (!generate_key_image_helper_old(ack, tx_public_key, real_output_index, in_ephemeral, ki)) - return false; - // we got the ephemeral keypair, but the key image isn't right as it's done as per our private spend key, which is multisig - crypto::generate_key_image(in_ephemeral.pub, ack.m_multisig_keys[multisig_key_index], ki); - return true; + // parse all multisig info + std::unordered_set public_keys; + std::vector signers(info.size(), crypto::null_pkey); + for (size_t i = 0; i < info.size(); ++i) + { + if (!verify_extra_multisig_info(info[i], public_keys, signers[i])) + { + MERROR("Bad multisig info"); + return false; + } + } + return finalize_multisig(password, public_keys, signers); } std::string wallet2::get_multisig_info() const @@ -4657,7 +4631,7 @@ bool wallet2::sign_multisig_tx(multisig_tx_set &exported_txs, std::vector &txids) +bool wallet2::sign_multisig_tx_to_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector &txids) { bool r = sign_multisig_tx(exported_txs, txids); if (!r) @@ -4684,7 +4658,7 @@ bool wallet2::sign_multisig_tx_from_file(const std::string &filename, std::vecto LOG_PRINT_L1("Transactions rejected by callback"); return false; } - return sign_multisig_tx_from_file(exported_txs, filename, txids); + return sign_multisig_tx_to_file(exported_txs, filename, txids); } //---------------------------------------------------------------------------------------------------- uint64_t wallet2::get_fee_multiplier(uint32_t priority, int fee_algorithm) @@ -5591,7 +5565,7 @@ void wallet2::transfer_selected_rct(std::vector used; - - // insert the ones we start from - for (size_t m = 0; m < get_account().get_multisig_keys().size(); ++m) - { - crypto::key_image pki; - wallet_generate_key_image_helper_export(get_account().get_keys(), tx_key, td.m_internal_output_index, in_ephemeral, pki, m); - used.insert(pki); - } - + std::vector pkis; for (const auto &info: td.m_multisig_info) - { for (const auto &pki: info.m_partial_key_images) - { - // don't add duplicates again - if (used.find(pki) != used.end()) - continue; - used.insert(pki); - - rct::addKeys((rct::key&)ki, rct::ki2rct(ki), rct::ki2rct(pki)); - } - } + pkis.push_back(pki); + bool r = cryptonote::generate_multisig_composite_key_image(get_account().get_keys(), tx_key, td.m_internal_output_index, pkis, ki); + THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "Failed to generate key image"); return ki; } //---------------------------------------------------------------------------------------------------- diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 5f973fef5..8abc42ff3 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -474,6 +474,10 @@ namespace tools const std::vector &view_keys, const std::vector &spend_keys, uint32_t threshold); + /*! + * \brief Finalizes creation of a multisig wallet + */ + bool finalize_multisig(const epee::wipeable_string &password, const std::vector &info); /*! * \brief Finalizes creation of a multisig wallet */ @@ -642,7 +646,7 @@ namespace tools bool load_multisig_tx_from_file(const std::string &filename, multisig_tx_set &exported_txs, std::function accept_func = NULL); bool sign_multisig_tx_from_file(const std::string &filename, std::vector &txids, std::function accept_func); bool sign_multisig_tx(multisig_tx_set &exported_txs, std::vector &txids); - bool sign_multisig_tx_from_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector &txids); + bool sign_multisig_tx_to_file(multisig_tx_set &exported_txs, const std::string &filename, std::vector &txids); std::vector create_unmixable_sweep_transactions(bool trusted_daemon); bool check_connection(uint32_t *version = NULL, uint32_t timeout = 200000); void get_transfers(wallet2::transfer_container& incoming_transfers) const; diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 472302a94..ac991d861 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -2622,22 +2622,9 @@ namespace tools return false; } - // parse all multisig info - std::unordered_set public_keys; - std::vector signers(req.multisig_info.size(), crypto::null_pkey); - for (size_t i = 0; i < req.multisig_info.size(); ++i) - { - if (!m_wallet->verify_extra_multisig_info(req.multisig_info[i], public_keys, signers[i])) - { - er.code = WALLET_RPC_ERROR_CODE_BAD_MULTISIG_INFO; - er.message = std::string("Bad multisig_info info: ") + req.multisig_info[i]; - return false; - } - } - try { - if (!m_wallet->finalize_multisig(req.password, public_keys, signers)) + if (!m_wallet->finalize_multisig(req.password, req.multisig_info)) { er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR; er.message = "Error calling finalize_multisig"; diff --git a/tests/core_tests/CMakeLists.txt b/tests/core_tests/CMakeLists.txt index 68f2e9816..d80d62135 100644 --- a/tests/core_tests/CMakeLists.txt +++ b/tests/core_tests/CMakeLists.txt @@ -36,6 +36,7 @@ set(core_tests_sources chaingen_main.cpp double_spend.cpp integer_overflow.cpp + multisig.cpp ring_signature_1.cpp transaction_tests.cpp tx_validation.cpp @@ -52,6 +53,7 @@ set(core_tests_headers double_spend.h double_spend.inl integer_overflow.h + multisig.h ring_signature_1.h transaction_tests.h tx_validation.h @@ -63,6 +65,7 @@ add_executable(core_tests ${core_tests_headers}) target_link_libraries(core_tests PRIVATE + multisig cryptonote_core p2p version diff --git a/tests/core_tests/chaingen.h b/tests/core_tests/chaingen.h index 0dcbc7f0c..939b88109 100644 --- a/tests/core_tests/chaingen.h +++ b/tests/core_tests/chaingen.h @@ -505,6 +505,54 @@ inline bool do_replay_file(const std::string& filename) cryptonote::account_base account; \ account.generate(); +#define GENERATE_MULTISIG_ACCOUNT(account, threshold, total) \ + CHECK_AND_ASSERT_MES(threshold >= 2 && threshold <= total, false, "Invalid multisig scheme"); \ + std::vector account(total); \ + do \ + { \ + for (size_t msidx = 0; msidx < total; ++msidx) \ + account[msidx].generate(); \ + std::unordered_set all_multisig_keys; \ + std::vector> view_keys(total); \ + std::vector> spend_keys(total); \ + for (size_t msidx = 0; msidx < total; ++msidx) \ + { \ + for (size_t msidx_inner = 0; msidx_inner < total; ++msidx_inner) \ + { \ + if (msidx_inner != msidx) \ + { \ + crypto::hash vkh; \ + crypto::cn_fast_hash(&account[msidx_inner].get_keys().m_view_secret_key, sizeof(crypto::secret_key), vkh); \ + view_keys[msidx].push_back((const crypto::secret_key&)vkh); \ + spend_keys[msidx].push_back(account[msidx_inner].get_keys().m_account_address.m_spend_public_key); \ + } \ + } \ + } \ + for (size_t msidx = 0; msidx < total; ++msidx) \ + { \ + std::vector multisig_keys; \ + crypto::secret_key spend_skey; \ + crypto::public_key spend_pkey; \ + if (threshold == total) \ + cryptonote::generate_multisig_N_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \ + else \ + cryptonote::generate_multisig_N1_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \ + crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(account[msidx].get_keys().m_view_secret_key, view_keys[msidx]); \ + account[msidx].make_multisig(view_skey, spend_skey, spend_pkey, multisig_keys); \ + for (const auto &k: multisig_keys) \ + all_multisig_keys.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k)))); \ + } \ + if (threshold < total) \ + { \ + std::vector spend_public_keys; \ + for (const auto &k: all_multisig_keys) \ + spend_public_keys.push_back(k); \ + crypto::public_key spend_pkey = cryptonote::generate_multisig_N1_N_spend_public_key(spend_public_keys); \ + for (size_t msidx = 0; msidx < total; ++msidx) \ + account[msidx].finalize_multisig(spend_pkey); \ + } \ + } while(0) + #define MAKE_ACCOUNT(VEC_EVENTS, account) \ cryptonote::account_base account; \ account.generate(); \ diff --git a/tests/core_tests/chaingen_main.cpp b/tests/core_tests/chaingen_main.cpp index 9eba347cd..a7643292b 100644 --- a/tests/core_tests/chaingen_main.cpp +++ b/tests/core_tests/chaingen_main.cpp @@ -199,6 +199,23 @@ int main(int argc, char* argv[]) GENERATE_AND_PLAY(gen_rct_tx_pre_rct_altered_extra); GENERATE_AND_PLAY(gen_rct_tx_rct_altered_extra); + GENERATE_AND_PLAY(gen_multisig_tx_valid_22_1_2); + GENERATE_AND_PLAY(gen_multisig_tx_valid_22_2_1); + GENERATE_AND_PLAY(gen_multisig_tx_valid_33_1_23); + GENERATE_AND_PLAY(gen_multisig_tx_valid_33_3_21); + GENERATE_AND_PLAY(gen_multisig_tx_valid_23_1_2); + GENERATE_AND_PLAY(gen_multisig_tx_valid_23_1_3); + GENERATE_AND_PLAY(gen_multisig_tx_valid_23_2_1); + GENERATE_AND_PLAY(gen_multisig_tx_valid_23_2_3); + GENERATE_AND_PLAY(gen_multisig_tx_valid_45_1_234); + GENERATE_AND_PLAY(gen_multisig_tx_valid_89_3_1245789); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_23_1__no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_45_5_23_no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_22_1__no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1__no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_2_no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_3_no_threshold); + el::Level level = (failed_tests.empty() ? el::Level::Info : el::Level::Error); MLOG(level, "\nREPORT:"); MLOG(level, " Test run: " << tests_count); diff --git a/tests/core_tests/chaingen_tests_list.h b/tests/core_tests/chaingen_tests_list.h index 26f88dddb..b9bbf03b4 100644 --- a/tests/core_tests/chaingen_tests_list.h +++ b/tests/core_tests/chaingen_tests_list.h @@ -41,6 +41,7 @@ #include "tx_validation.h" #include "v2_tests.h" #include "rct.h" +#include "multisig.h" /************************************************************************/ /* */ /************************************************************************/ diff --git a/tests/core_tests/multisig.cpp b/tests/core_tests/multisig.cpp new file mode 100644 index 000000000..484b8b7ab --- /dev/null +++ b/tests/core_tests/multisig.cpp @@ -0,0 +1,460 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#include "ringct/rctSigs.h" +#include "cryptonote_basic/cryptonote_basic.h" +#include "multisig/multisig.h" +#include "chaingen.h" +#include "multisig.h" + +using namespace epee; +using namespace crypto; +using namespace cryptonote; + +//#define NO_MULTISIG + +//---------------------------------------------------------------------------------------------------------------------- +// Tests + +bool gen_multisig_tx_validation_base::generate_with(std::vector& events, + int mixin, uint64_t amount_paid, bool valid, + size_t threshold, size_t total, size_t creator, std::vector signers, + const std::function &sources, std::vector &destinations)> &pre_tx, + const std::function &post_tx) const +{ + uint64_t ts_start = 1338224400; + bool r; + + CHECK_AND_ASSERT_MES(total >= 2, false, "Bad scheme"); + CHECK_AND_ASSERT_MES(threshold <= total, false, "Bad scheme"); + CHECK_AND_ASSERT_MES(threshold >= total - 1, false, "Unsupported scheme"); +#ifdef NO_MULTISIG + CHECK_AND_ASSERT_MES(total <= 5, false, "Unsupported scheme"); +#endif + + // given as 1 based for clarity + --creator; + for (size_t &signer: signers) + --signer; + + CHECK_AND_ASSERT_MES(creator < total, false, "invalid creator"); + for (size_t signer: signers) + CHECK_AND_ASSERT_MES(signer < total, false, "invalid signer"); + +#ifdef NO_MULTISIG + GENERATE_ACCOUNT(acc0); + GENERATE_ACCOUNT(acc1); + GENERATE_ACCOUNT(acc2); + GENERATE_ACCOUNT(acc3); + GENERATE_ACCOUNT(acc4); + account_base miner_account[5] = {acc0, acc1, acc2, acc3, acc4}; +#else + GENERATE_MULTISIG_ACCOUNT(miner_account, threshold, total); +#endif + + MAKE_GENESIS_BLOCK(events, blk_0, miner_account[creator], ts_start); + + // create 8 miner accounts, and have them mine the next 8 blocks + // they will have a coinbase with a single out that's pseudo rct + const size_t n_coinbases = 8; + cryptonote::account_base miner_accounts[n_coinbases]; + const cryptonote::block *prev_block = &blk_0; + cryptonote::block blocks[n_coinbases]; + for (size_t n = 0; n < n_coinbases; ++n) { + // the first block goes to the multisig account + miner_accounts[n].generate(); + account_base &account = n == 0 ? miner_account[creator] : miner_accounts[n]; + CHECK_AND_ASSERT_MES(generator.construct_block_manually(blocks[n], *prev_block, account, + test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs, + 4, 4, prev_block->timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long + crypto::hash(), 0, transaction(), std::vector(), 0, 1, 4), + false, "Failed to generate block"); + events.push_back(blocks[n]); + prev_block = blocks + n; + LOG_PRINT_L0("Initial miner tx " << n << ": " << obj_to_json_str(blocks[n].miner_tx)); + LOG_PRINT_L0("in block: " << obj_to_json_str(blocks[n])); + } + + // rewind + cryptonote::block blk_r, blk_last; + { + blk_last = blocks[n_coinbases - 1]; + for (size_t i = 0; i < CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW; ++i) + { + cryptonote::block blk; + CHECK_AND_ASSERT_MES(generator.construct_block_manually(blk, blk_last, miner_accounts[0], + test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs, + 4, 4, blk_last.timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long + crypto::hash(), 0, transaction(), std::vector(), 0, 1, 4), + false, "Failed to generate block"); + events.push_back(blk); + blk_last = blk; + } + blk_r = blk_last; + } + + const crypto::public_key tx_pub_key = get_tx_pub_key_from_extra(blocks[0].miner_tx); + MDEBUG("tx_pub_key: " << tx_pub_key); + const crypto::public_key output_pub_key = boost::get(blocks[0].miner_tx.vout[0].target).key; + MDEBUG("output_pub_key: " << output_pub_key); + cryptonote::keypair in_ephemeral; + +#ifndef NO_MULTISIG + // create k/L/R/ki for that output we're going to spend + std::vector> account_k(total); + std::vector> account_L(total); + std::vector> account_R(total); + std::vector> account_ki(total); + for (size_t msidx = 0; msidx < total; ++msidx) + { + size_t nlr = threshold < total ? threshold - 1 : 1; + account_L[msidx].resize(nlr); + account_R[msidx].resize(nlr); + for (size_t n = 0; n < nlr; ++n) + { + account_k[msidx].push_back(rct::rct2sk(rct::skGen())); + cryptonote::generate_multisig_LR(output_pub_key, account_k[msidx][n], account_L[msidx][n], account_R[msidx][n]); + } + size_t numki = miner_account[msidx].get_multisig_keys().size(); + account_ki[msidx].resize(numki); + for (size_t kiidx = 0; kiidx < numki; ++kiidx) + { + r = cryptonote::generate_multisig_key_image(miner_account[msidx].get_keys(), tx_pub_key, 0, in_ephemeral, account_ki[msidx][kiidx], kiidx); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate multisig export key image"); + } + MDEBUG("Party " << msidx << ":"); + MDEBUG("spend: sec " << miner_account[msidx].get_keys().m_spend_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_spend_public_key); + MDEBUG("view: sec " << miner_account[msidx].get_keys().m_view_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_view_public_key); + for (const auto &k: miner_account[msidx].get_multisig_keys()) + MDEBUG("msk: " << k); + for (size_t n = 0; n < account_k[msidx].size(); ++n) + { + MDEBUG("k: " << account_k[msidx][n]); + MDEBUG("L: " << account_L[msidx][n]); + MDEBUG("R: " << account_R[msidx][n]); + } + for (const auto &ki: account_ki[msidx]) + MDEBUG("ki: " << ki); + } +#endif + + // create kLRki + rct::multisig_kLRki kLRki; +#ifdef NO_MULTISIG + kLRki = {rct::zero(), rct::zero(), rct::zero(), rct::zero()}; +#else + kLRki.k = rct::sk2rct(account_k[creator][0]); + kLRki.L = rct::pk2rct(account_L[creator][0]); + kLRki.R = rct::pk2rct(account_R[creator][0]); + MDEBUG("Starting with k " << kLRki.k); + MDEBUG("Starting with L " << kLRki.L); + MDEBUG("Starting with R " << kLRki.R); + std::unordered_set used_L; + for (size_t msidx = 0; msidx < total; ++msidx) + { + if (msidx == creator) + continue; + if (std::find(signers.begin(), signers.end(), msidx) == signers.end()) + continue; + for (size_t lr = 0; lr < account_L[msidx].size(); ++lr) + { + if (used_L.find(account_L[msidx][lr]) == used_L.end()) + { + used_L.insert(account_L[msidx][lr]); + MDEBUG("Adding L " << account_L[msidx][lr] << " (for k " << account_k[msidx][lr] << ")"); + MDEBUG("Adding R " << account_R[msidx][lr]); + rct::addKeys((rct::key&)kLRki.L, kLRki.L, rct::pk2rct(account_L[msidx][lr])); + rct::addKeys((rct::key&)kLRki.R, kLRki.R, rct::pk2rct(account_R[msidx][lr])); + break; + } + } + } + std::vector pkis; + for (size_t msidx = 0; msidx < total; ++msidx) + for (size_t n = 0; n < account_ki[msidx].size(); ++n) + pkis.push_back(account_ki[msidx][n]); + r = cryptonote::generate_multisig_composite_key_image(miner_account[0].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)kLRki.ki); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image"); + MDEBUG("composite ki: " << kLRki.ki); + MDEBUG("L: " << kLRki.L); + MDEBUG("R: " << kLRki.R); + for (size_t n = 1; n < total; ++n) + { + rct::key ki; + r = cryptonote::generate_multisig_composite_key_image(miner_account[n].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)ki); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image"); + CHECK_AND_ASSERT_MES(kLRki.ki == ki, false, "Composite key images do not match"); + } +#endif + + // create a tx: we have 8 outputs, all from coinbase, so "fake" rct + std::vector sources; + sources.resize(1); + tx_source_entry& src = sources.back(); + + src.real_output = 0; + src.amount = blocks[0].miner_tx.vout[0].amount; + src.real_out_tx_key = tx_pub_key; + src.real_output_in_tx_index = 0; + src.mask = rct::identity(); + src.rct = true; + src.multisig_kLRki = kLRki; + + for (int m = 0; m <= mixin; ++m) + { + rct::ctkey ctkey; + ctkey.dest = rct::pk2rct(boost::get(blocks[m].miner_tx.vout[0].target).key); + MDEBUG("using " << (m == 0 ? "real" : "fake") << " input " << ctkey.dest); + ctkey.mask = rct::commit(blocks[m].miner_tx.vout[0].amount, rct::identity()); // since those are coinbases, the masks are known + src.outputs.push_back(std::make_pair(m, ctkey)); + } + + //fill outputs entry + tx_destination_entry td; + td.addr = miner_account[creator].get_keys().m_account_address; + td.amount = amount_paid; + std::vector destinations; + destinations.push_back(td); + + if (pre_tx) + pre_tx(sources, destinations); + + transaction tx; + crypto::secret_key tx_key; +#ifdef NO_MULTISIG + rct::multisig_out *msoutp = NULL; +#else + rct::multisig_out msout; + rct::multisig_out *msoutp = &msout; +#endif + std::unordered_map subaddresses; + subaddresses[miner_account[creator].get_keys().m_account_address.m_spend_public_key] = {0,0}; + std::vector additional_tx_keys; + r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector(), tx, 0, tx_key, additional_tx_keys, true, false, msoutp); + CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction"); + +#ifndef NO_MULTISIG + // sign + std::unordered_set used_keys; + const std::vector &msk0 = miner_account[creator].get_multisig_keys(); + for (const auto &sk: msk0) + used_keys.insert(sk); + for (size_t signer: signers) + { + rct::key skey = rct::zero(); + const std::vector &msk1 = miner_account[signer].get_multisig_keys(); + for (size_t n = 0; n < msk1.size(); ++n) + { + const crypto::secret_key &sk1 = msk1[n]; + if (used_keys.find(sk1) == used_keys.end()) + { + used_keys.insert(sk1); + sc_add(skey.bytes, skey.bytes, rct::sk2rct(sk1).bytes); + } + } + CHECK_AND_ASSERT_MES(!(skey == rct::zero()), false, "failed to find secret multisig key to sign transaction"); + std::vector indices; + for (const auto &src: sources) + indices.push_back(src.real_output); + rct::keyV k; + k.push_back(rct::zero()); + for (size_t n = 0; n < account_k[signer].size(); ++n) + { + crypto::public_key L; + rct::scalarmultBase((rct::key&)L, rct::sk2rct(account_k[signer][n])); + if (used_L.find(L) != used_L.end()) + { + sc_add(k.back().bytes, k.back().bytes, rct::sk2rct(account_k[signer][n]).bytes); + } + } + CHECK_AND_ASSERT_MES(!(k.back() == rct::zero()), false, "failed to find k to sign transaction"); + + MDEBUG("signing with k size " << k.size()); + MDEBUG("signing with k " << k.back()); + MDEBUG("signing with sk " << skey); + for (const auto &sk: used_keys) + MDEBUG(" created with sk " << sk); + MDEBUG("signing with c size " << msout.c.size()); + MDEBUG("signing with c " << msout.c.back()); + r = rct::signMultisig(tx.rct_signatures, indices, k, msout, skey); + CHECK_AND_ASSERT_MES(r, false, "failed to sign transaction"); + } +#endif + + // verify this tx is really to the expected address + const crypto::public_key tx_pub_key2 = get_tx_pub_key_from_extra(tx, 0); + crypto::key_derivation derivation; + r = crypto::generate_key_derivation(tx_pub_key2, miner_account[creator].get_keys().m_view_secret_key, derivation); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate derivation"); + uint64_t n_outs = 0, amount = 0; + std::vector additional_derivations; + for (size_t n = 0; n < tx.vout.size(); ++n) + { + CHECK_AND_ASSERT_MES(typeid(txout_to_key) == tx.vout[n].target.type(), false, "Unexpected tx out type"); + if (is_out_to_acc_precomp(subaddresses, boost::get(tx.vout[n].target).key, derivation, additional_derivations, n)) + { + ++n_outs; + CHECK_AND_ASSERT_MES(tx.vout[n].amount == 0, false, "Destination amount is not zero"); + rct::key Ctmp; + crypto::secret_key scalar1; + crypto::derivation_to_scalar(derivation, n, scalar1); + rct::ecdhTuple ecdh_info = tx.rct_signatures.ecdhInfo[n]; + rct::ecdhDecode(ecdh_info, rct::sk2rct(scalar1)); + rct::key C = tx.rct_signatures.outPk[n].mask; + rct::addKeys2(Ctmp, ecdh_info.mask, ecdh_info.amount, rct::H); + CHECK_AND_ASSERT_MES(rct::equalKeys(C, Ctmp), false, "Failed to decode amount"); + amount += rct::h2d(ecdh_info.amount); + } + } + CHECK_AND_ASSERT_MES(n_outs == 1, false, "Not exactly 1 output was received"); + CHECK_AND_ASSERT_MES(amount == amount_paid, false, "Amount paid was not the expected amount"); + + if (post_tx) + post_tx(tx); + + if (!valid) + DO_CALLBACK(events, "mark_invalid_tx"); + events.push_back(tx); + LOG_PRINT_L0("Test tx: " << obj_to_json_str(tx)); + + return true; +} + +bool gen_multisig_tx_valid_22_1_2::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 2, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_22_2_1::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 2, 2, {1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_33_1_23::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 3, 3, 1, {2, 3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_33_3_21::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 3, 3, 3, {2, 1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_1_2::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_1_3::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_2_1::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_2_3::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_45_1_234::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 4, 5, 1, {2, 3, 4}, NULL, NULL); +} + +bool gen_multisig_tx_valid_89_3_1245789::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 8, 9, 3, {1, 2, 4, 5, 7, 8, 9}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_22_1__no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 2, 2, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1__no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1_2_no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1_3_no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {3}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_23_1__no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 2, 3, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_45_5_23_no_threshold::generate(std::vector& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 4, 5, 5, {2, 3}, NULL, NULL); +} diff --git a/tests/core_tests/multisig.h b/tests/core_tests/multisig.h new file mode 100644 index 000000000..735c3b73d --- /dev/null +++ b/tests/core_tests/multisig.h @@ -0,0 +1,187 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#pragma once +#include "chaingen.h" + +struct gen_multisig_tx_validation_base : public test_chain_unit_base +{ + gen_multisig_tx_validation_base() + : m_invalid_tx_index(0) + , m_invalid_block_index(0) + { + REGISTER_CALLBACK_METHOD(gen_multisig_tx_validation_base, mark_invalid_tx); + REGISTER_CALLBACK_METHOD(gen_multisig_tx_validation_base, mark_invalid_block); + } + + bool check_tx_verification_context(const cryptonote::tx_verification_context& tvc, bool tx_added, size_t event_idx, const cryptonote::transaction& /*tx*/) + { + if (m_invalid_tx_index == event_idx) + return tvc.m_verifivation_failed; + else + return !tvc.m_verifivation_failed && tx_added; + } + + bool check_block_verification_context(const cryptonote::block_verification_context& bvc, size_t event_idx, const cryptonote::block& /*block*/) + { + if (m_invalid_block_index == event_idx) + return bvc.m_verifivation_failed; + else + return !bvc.m_verifivation_failed; + } + + bool mark_invalid_block(cryptonote::core& /*c*/, size_t ev_index, const std::vector& /*events*/) + { + m_invalid_block_index = ev_index + 1; + return true; + } + + bool mark_invalid_tx(cryptonote::core& /*c*/, size_t ev_index, const std::vector& /*events*/) + { + m_invalid_tx_index = ev_index + 1; + return true; + } + + bool generate_with(std::vector& events, int mixin, + uint64_t amount_paid, bool valid, + size_t threshold, size_t total, size_t creator, std::vector signers, + const std::function &sources, std::vector &destinations)> &pre_tx, + const std::function &post_tx) const; + +private: + size_t m_invalid_tx_index; + size_t m_invalid_block_index; +}; + +template<> +struct get_test_options { + const std::pair hard_forks[3] = {std::make_pair(1, 0), std::make_pair(4, 1), std::make_pair(0, 0)}; + const cryptonote::test_options test_options = { + hard_forks + }; +}; + +// valid +struct gen_multisig_tx_valid_22_1_2: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_22_2_1: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_33_1_23: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_33_3_21: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_23_1_2: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_23_1_3: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_23_2_1: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_23_2_3: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_45_1_234: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; + +template<> struct get_test_options: public get_test_options {}; +struct gen_multisig_tx_valid_89_3_1245789: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +// invalid +struct gen_multisig_tx_invalid_22_1__no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_invalid_33_1__no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_invalid_33_1_2_no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_invalid_33_1_3_no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_invalid_23_1__no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_invalid_45_5_23_no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {};