core: test key images against validity domain

3 files changed, 32 insertions, 0 deletions

diff --git a/src/cryptonote_core/cryptonote_core.cpp b/src/cryptonote_core/cryptonote_core.cpp
index 8c3db4c06..7ed01ca1d 100644
--- a/src/cryptonote_core/cryptonote_core.cpp
+++ b/src/cryptonote_core/cryptonote_core.cpp
@@ -616,6 +616,12 @@ namespace cryptonote
       return false;
     }
 
+    if (!check_tx_inputs_keyimages_domain(tx))
+    {
+      MERROR_VER("tx uses key image not in the valid domain");
+      return false;
+    }
+
     if (tx.version >= 2)
     {
       const rct::rctSig &rv = tx.rct_signatures;
@@ -699,6 +705,18 @@ namespace cryptonote
     return true;
   }
   //-----------------------------------------------------------------------------------------------
+  bool core::check_tx_inputs_keyimages_domain(const transaction& tx) const
+  {
+    std::unordered_set<crypto::key_image> ki;
+    for(const auto& in: tx.vin)
+    {
+      CHECKED_GET_SPECIFIC_VARIANT(in, const txin_to_key, tokey_in, false);
+      if (!(rct::scalarmultKey(rct::ki2rct(tokey_in.k_image), rct::curveOrder()) == rct::identity()))
+        return false;
+    }
+    return true;
+  }
+  //-----------------------------------------------------------------------------------------------
   bool core::add_new_tx(const transaction& tx, tx_verification_context& tvc, bool keeped_by_block, bool relayed, bool do_not_relay)
   {
     crypto::hash tx_hash = get_transaction_hash(tx);
diff --git a/src/cryptonote_core/cryptonote_core.h b/src/cryptonote_core/cryptonote_core.h
index d82466fe3..43435b0c3 100644
--- a/src/cryptonote_core/cryptonote_core.h
+++ b/src/cryptonote_core/cryptonote_core.h
@@ -745,6 +745,16 @@ namespace cryptonote
      bool check_tx_inputs_keyimages_diff(const transaction& tx) const;
 
      /**
+      * @brief verify that each input key image in a transaction is in
+      * the valid domain
+      *
+      * @param tx the transaction to check
+      *
+      * @return false if any key image is not in the valid domain, otherwise true
+      */
+     bool check_tx_inputs_keyimages_domain(const transaction& tx) const;
+
+     /**
       * @brief checks HardFork status and prints messages about it
       *
       * Checks the status of HardFork and logs/prints if an update to
diff --git a/src/ringct/rctOps.h b/src/ringct/rctOps.h
index 90f54b050..cb19bbbd6 100644
--- a/src/ringct/rctOps.h
+++ b/src/ringct/rctOps.h
@@ -66,6 +66,7 @@ namespace rct {
 
     static const key Z = { {0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00  } };
     static const key I = { {0x01, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00  } };
+    static const key L = { {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 } };
 
     //Creates a zero scalar
     inline key zero() { return Z; }
@@ -73,6 +74,9 @@ namespace rct {
     //Creates a zero elliptic curve point
     inline key identity() { return I; }
     inline void identity(key &Id) { memcpy(&Id, &I, 32); }
+    //Creates a key equal to the curve order
+    inline key curveOrder() { return L; }
+    inline void curveOrder(key &l) { l = L; }
     //copies a scalar or point
     inline void copy(key &AA, const key &A) { memcpy(&AA, &A, 32); }
     inline key copy(const key & A) { key AA; memcpy(&AA, &A, 32); return AA; }