d0s3t3ch/wownero
1
0
Fork 0
mirror of https://git.wownero.com/wownero/wownero.git synced 2024-08-15 01:03:23 +00:00
Code Issues Projects Releases Wiki Activity

multisig: fix critical vulnerabilities in signing

Browse source
This commit is contained in:
anon 2021-12-06 10:25:01 +00:00 committed by koe
parent 9750e1fa10
commit c7b2944f89
24 changed files with 1857 additions and 387 deletions
Download patch file Download diff file Expand all files Collapse all files

34
tests/unit_tests/ringct.cpp
View file

@ -113,7 +113,7 @@ TEST(ringct, MG_sigs)
sk[j] = xm[ind][j];
}
key message = identity();
mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
mgSig IIccss = MLSAG_Gen(message, P, sk, ind, R, hw::get_device("default"));
ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R));
//#MG sig: false one
@ -134,7 +134,7 @@ TEST(ringct, MG_sigs)
sk[j] = xx[ind][j];
}
sk[2] = skGen();//assume we don't know one of the private keys..
IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
IIccss = MLSAG_Gen(message, P, sk, ind, R, hw::get_device("default"));
ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R));
}
@ -178,13 +178,13 @@ TEST(ringct, CLSAG)
insk.mask = t;
// bad message
clsag = rct::proveRctCLSAGSimple(zero(),pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(zero(),pubs,insk,t2,Cout,idx,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
// bad index at creation
try
{
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,(idx + 1) % N,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,(idx + 1) % N,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
}
catch (...) { /* either exception, or failure to verify above */ }
@ -195,7 +195,7 @@ TEST(ringct, CLSAG)
ctkey insk2;
insk2.dest = insk.dest;
insk2.mask = skGen();
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,idx,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
}
catch (...) { /* either exception, or failure to verify above */ }
@ -205,7 +205,7 @@ TEST(ringct, CLSAG)
pubs[idx].mask = scalarmultBase(skGen());
try
{
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
}
catch (...) { /* either exception, or failure to verify above */ }
@ -217,7 +217,7 @@ TEST(ringct, CLSAG)
ctkey insk2;
insk2.dest = skGen();
insk2.mask = insk.mask;
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk2,t2,Cout,idx,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
}
catch (...) { /* either exception, or failure to verify above */ }
@ -227,14 +227,14 @@ TEST(ringct, CLSAG)
pubs[idx].dest = scalarmultBase(skGen());
try
{
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
ASSERT_FALSE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
}
catch (...) { /* either exception, or failure to verify above */ }
pubs[idx] = backup;
// Test correct signature
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,NULL,NULL,NULL,idx,hw::get_device("default"));
clsag = rct::proveRctCLSAGSimple(message,pubs,insk,t2,Cout,idx,hw::get_device("default"));
ASSERT_TRUE(rct::verRctCLSAGSimple(message,clsag,pubs,Cout));
// empty s
@ -340,12 +340,12 @@ TEST(ringct, range_proofs)
//compute rct data with mixin 3 - should fail since full type with > 1 input
bool ok = false;
try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default")); }
try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3, rct_config, hw::get_device("default")); }
catch(...) { ok = true; }
ASSERT_TRUE(ok);
//compute rct data with mixin 3
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config, hw::get_device("default"));
//verify rct data
ASSERT_TRUE(verRctSimple(s));
@ -362,7 +362,7 @@ TEST(ringct, range_proofs)
//compute rct data with mixin 3
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 0, 3, rct_config, hw::get_device("default"));
//verify rct data
ASSERT_FALSE(verRctSimple(s));
@ -410,7 +410,7 @@ TEST(ringct, range_proofs_with_fee)
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
//compute rct data with mixin 3
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 1, 3, rct_config, hw::get_device("default"));
rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 1, 3, rct_config, hw::get_device("default"));
//verify rct data
ASSERT_TRUE(verRctSimple(s));
@ -427,7 +427,7 @@ TEST(ringct, range_proofs_with_fee)
//compute rct data with mixin 3
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 500, 3, rct_config, hw::get_device("default"));
s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, 500, 3, rct_config, hw::get_device("default"));
//verify rct data
ASSERT_FALSE(verRctSimple(s));
@ -486,7 +486,7 @@ TEST(ringct, simple)
xmr_amount txnfee = 1;
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2, rct_config, hw::get_device("default"));
rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, txnfee, 2, rct_config, hw::get_device("default"));
//verify ring ct signature
ASSERT_TRUE(verRctSimple(s));
@ -521,7 +521,7 @@ static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amount
}
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default"));
return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3, rct_config, hw::get_device("default"));
}
static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee)
@ -548,7 +548,7 @@ static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input
}
const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3, rct_config, hw::get_device("default"));
return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, fee, 3, rct_config, hw::get_device("default"));
}
static bool range_proof_test(bool expected_valid,