mirror of
https://git.wownero.com/wownero/wownero.git
synced 2024-08-15 01:03:23 +00:00
multisig: fix critical vulnerabilities in signing
This commit is contained in:
anon
koe
parent
9750e1fa10
commit
c7b2944f89
24 changed files with 1857 additions and 387 deletions
|
|
@ -132,7 +132,8 @@ TEST(bulletproofs, multi_splitting)
|
|||
|
||||
rct::ctkeyV outSk;
|
||||
rct::RCTConfig rct_config { rct::RangeProofPaddedBulletproof, 4 };
|
||||
rct::rctSig s = rct::genRctSimple(rct::zero(), sc, destinations, inamounts, outamounts, available, mixRing, amount_keys, NULL, NULL, index, outSk, rct_config, hw::get_device("default"));
|
||||
|
||||
rct::rctSig s = rct::genRctSimple(rct::zero(), sc, destinations, inamounts, outamounts, available, mixRing, amount_keys, index, outSk, rct_config, hw::get_device("default"));
|
||||
ASSERT_TRUE(rct::verRctSimple(s));
|
||||
for (size_t i = 0; i < n_outputs; ++i)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ TEST(ringct, MG_sigs)
|
|||
sk[j] = xm[ind][j];
|
||||
}
|
||||
key message = identity();
|
||||
mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
|
||||
mgSig IIccss = MLSAG_Gen(message, P, sk, ind, R, hw::get_device("default"));
|
||||
ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R));
|
||||
|
||||
//#MG sig: false one
|
||||
|
|
@ -134,7 +134,7 @@ TEST(ringct, MG_sigs)
|
|||
sk[j] = xx[ind][j];
|
||||
}
|
||||
sk[2] = skGen();//assume we don't know one of the private keys..
|
||||
IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
|
||||
IIccss = MLSAG_Gen(message, P, sk, ind, R, hw::get_device("default"));
|
||||
ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R));
|
||||
}
|
||||
|
||||
|
|
@ -178,13 +178,13 @@ TEST(ringct, CLSAG)
|
|||
insk.mask = t;
|
||||
|
||||
// bad message
|
||||
clsag = rct::proveRctCLSAGSimple(zero(),pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(zero(),pubs,insk,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
|
||||
// bad index at creation
|
||||
try
|
||||
{
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,(idx + 1) % N,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,(idx + 1) % N,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
}
|
||||
catch (...) { /* either exception, or failure to verify above */ }
|
||||
|
|
@ -195,7 +195,7 @@ TEST(ringct, CLSAG)
|
|||
ctkey insk2;
|
||||
insk2.dest = insk.dest;
|
||||
insk2.mask = skGen();
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
}
|
||||
catch (...) { /* either exception, or failure to verify above */ }
|
||||
|
|
@ -205,7 +205,7 @@ TEST(ringct, CLSAG)
|
|||
pubs[idx].mask = scalarmultBase(skGen());
|
||||
try
|
||||
{
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
}
|
||||
catch (...) { /* either exception, or failure to verify above */ }
|
||||
|
|
@ -217,7 +217,7 @@ TEST(ringct, CLSAG)
|
|||
ctkey insk2;
|
||||
insk2.dest = skGen();
|
||||
insk2.mask = insk.mask;
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
}
|
||||
catch (...) { /* either exception, or failure to verify above */ }
|
||||
|
|
@ -227,14 +227,14 @@ TEST(ringct, CLSAG)
|
|||
pubs[idx].dest = scalarmultBase(skGen());
|
||||
try
|
||||
{
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
}
|
||||
catch (...) { /* either exception, or failure to verify above */ }
|
||||
pubs[idx] = backup;
|
||||
|
||||
// Test correct signature
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
|
||||
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
|
||||
ASSERT_TRUE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
|
||||
|
||||
// empty s
|
||||
|
|
@ -340,12 +340,12 @@ TEST(ringct, range_proofs)
|
|||
|
||||
//compute rct data with mixin 3 - should fail since full type with > 1 input
|
||||
bool ok = false;
|
||||
try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default")); }
|
||||
try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3, rct_config, hw::get_device("default")); }
|
||||
catch(...) { ok = true; }
|
||||
ASSERT_TRUE(ok);
|
||||
|
||||
//compute rct data with mixin 3
|
||||
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
|
||||
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config, hw::get_device("default"));
|
||||
|
||||
//verify rct data
|
||||
ASSERT_TRUE(verRctSimple(s));
|
||||
|
|
@ -362,7 +362,7 @@ TEST(ringct, range_proofs)
|
|||
|
||||
|
||||
//compute rct data with mixin 3
|
||||
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
|
||||
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config, hw::get_device("default"));
|
||||
|
||||
//verify rct data
|
||||
ASSERT_FALSE(verRctSimple(s));
|
||||
|
|
@ -410,7 +410,7 @@ TEST(ringct, range_proofs_with_fee)
|
|||
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
|
||||
|
||||
//compute rct data with mixin 3
|
||||
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 1, 3, rct_config, hw::get_device("default"));
|
||||
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 1, 3, rct_config, hw::get_device("default"));
|
||||
|
||||
//verify rct data
|
||||
ASSERT_TRUE(verRctSimple(s));
|
||||
|
|
@ -427,7 +427,7 @@ TEST(ringct, range_proofs_with_fee)
|
|||
|
||||
|
||||
//compute rct data with mixin 3
|
||||
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 500, 3, rct_config, hw::get_device("default"));
|
||||
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 500, 3, rct_config, hw::get_device("default"));
|
||||
|
||||
//verify rct data
|
||||
ASSERT_FALSE(verRctSimple(s));
|
||||
|
|
@ -486,7 +486,7 @@ TEST(ringct, simple)
|
|||
xmr_amount txnfee = 1;
|
||||
|
||||
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
|
||||
rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2, rct_config, hw::get_device("default"));
|
||||
rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, txnfee, 2, rct_config, hw::get_device("default"));
|
||||
|
||||
//verify ring ct signature
|
||||
ASSERT_TRUE(verRctSimple(s));
|
||||
|
|
@ -521,7 +521,7 @@ static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amount
|
|||
}
|
||||
|
||||
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
|
||||
return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default"));
|
||||
return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3, rct_config, hw::get_device("default"));
|
||||
}
|
||||
|
||||
static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee)
|
||||
|
|
@ -548,7 +548,7 @@ static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input
|
|||
}
|
||||
|
||||
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
|
||||
return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3, rct_config, hw::get_device("default"));
|
||||
return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, fee, 3, rct_config, hw::get_device("default"));
|
||||
}
|
||||
|
||||
static bool range_proof_test(bool expected_valid,
|
||||
|
|
|
|||
|
|
@ -594,7 +594,7 @@ TEST(Serialization, serializes_ringct_types)
|
|||
destinations.push_back(Pk);
|
||||
//compute rct data with mixin 3
|
||||
const rct::RCTConfig rct_config{ rct::RangeProofPaddedBulletproof, 2 };
|
||||
s0 = rct::genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
|
||||
s0 = rct::genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config, hw::get_device("default"));
|
||||
|
||||
ASSERT_FALSE(s0.p.MGs.empty());
|
||||
ASSERT_TRUE(s0.p.CLSAGs.empty());
|
||||
|
|
@ -619,7 +619,7 @@ TEST(Serialization, serializes_ringct_types)
|
|||
ASSERT_EQ(bp0, bp1);
|
||||
|
||||
const rct::RCTConfig rct_config_clsag{ rct::RangeProofPaddedBulletproof, 3 };
|
||||
s0 = rct::genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config_clsag, hw::get_device("default"));
|
||||
s0 = rct::genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config_clsag, hw::get_device("default"));
|
||||
|
||||
ASSERT_FALSE(s0.p.CLSAGs.empty());
|
||||
ASSERT_TRUE(s0.p.MGs.empty());
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue