diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-09-26 23:16:25 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-12-17 16:12:15 +0000 |
commit | 66e34e85b1ef3e49ea9290bd69cce2974840fc32 (patch) | |
tree | 618a7336e476189da36fb62f0df06e0fdb7b3809 /tests/core_tests/multisig.cpp | |
parent | N-1/N multisig (diff) | |
download | monero-66e34e85b1ef3e49ea9290bd69cce2974840fc32.tar.xz |
add multisig core test and factor multisig building blocks
Diffstat (limited to 'tests/core_tests/multisig.cpp')
-rw-r--r-- | tests/core_tests/multisig.cpp | 460 |
1 files changed, 460 insertions, 0 deletions
diff --git a/tests/core_tests/multisig.cpp b/tests/core_tests/multisig.cpp new file mode 100644 index 000000000..484b8b7ab --- /dev/null +++ b/tests/core_tests/multisig.cpp @@ -0,0 +1,460 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#include "ringct/rctSigs.h" +#include "cryptonote_basic/cryptonote_basic.h" +#include "multisig/multisig.h" +#include "chaingen.h" +#include "multisig.h" + +using namespace epee; +using namespace crypto; +using namespace cryptonote; + +//#define NO_MULTISIG + +//---------------------------------------------------------------------------------------------------------------------- +// Tests + +bool gen_multisig_tx_validation_base::generate_with(std::vector<test_event_entry>& events, + int mixin, uint64_t amount_paid, bool valid, + size_t threshold, size_t total, size_t creator, std::vector<size_t> signers, + const std::function<void(std::vector<tx_source_entry> &sources, std::vector<tx_destination_entry> &destinations)> &pre_tx, + const std::function<void(transaction &tx)> &post_tx) const +{ + uint64_t ts_start = 1338224400; + bool r; + + CHECK_AND_ASSERT_MES(total >= 2, false, "Bad scheme"); + CHECK_AND_ASSERT_MES(threshold <= total, false, "Bad scheme"); + CHECK_AND_ASSERT_MES(threshold >= total - 1, false, "Unsupported scheme"); +#ifdef NO_MULTISIG + CHECK_AND_ASSERT_MES(total <= 5, false, "Unsupported scheme"); +#endif + + // given as 1 based for clarity + --creator; + for (size_t &signer: signers) + --signer; + + CHECK_AND_ASSERT_MES(creator < total, false, "invalid creator"); + for (size_t signer: signers) + CHECK_AND_ASSERT_MES(signer < total, false, "invalid signer"); + +#ifdef NO_MULTISIG + GENERATE_ACCOUNT(acc0); + GENERATE_ACCOUNT(acc1); + GENERATE_ACCOUNT(acc2); + GENERATE_ACCOUNT(acc3); + GENERATE_ACCOUNT(acc4); + account_base miner_account[5] = {acc0, acc1, acc2, acc3, acc4}; +#else + GENERATE_MULTISIG_ACCOUNT(miner_account, threshold, total); +#endif + + MAKE_GENESIS_BLOCK(events, blk_0, miner_account[creator], ts_start); + + // create 8 miner accounts, and have them mine the next 8 blocks + // they will have a coinbase with a single out that's pseudo rct + const size_t n_coinbases = 8; + cryptonote::account_base miner_accounts[n_coinbases]; + const cryptonote::block *prev_block = &blk_0; + cryptonote::block blocks[n_coinbases]; + for (size_t n = 0; n < n_coinbases; ++n) { + // the first block goes to the multisig account + miner_accounts[n].generate(); + account_base &account = n == 0 ? miner_account[creator] : miner_accounts[n]; + CHECK_AND_ASSERT_MES(generator.construct_block_manually(blocks[n], *prev_block, account, + test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs, + 4, 4, prev_block->timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long + crypto::hash(), 0, transaction(), std::vector<crypto::hash>(), 0, 1, 4), + false, "Failed to generate block"); + events.push_back(blocks[n]); + prev_block = blocks + n; + LOG_PRINT_L0("Initial miner tx " << n << ": " << obj_to_json_str(blocks[n].miner_tx)); + LOG_PRINT_L0("in block: " << obj_to_json_str(blocks[n])); + } + + // rewind + cryptonote::block blk_r, blk_last; + { + blk_last = blocks[n_coinbases - 1]; + for (size_t i = 0; i < CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW; ++i) + { + cryptonote::block blk; + CHECK_AND_ASSERT_MES(generator.construct_block_manually(blk, blk_last, miner_accounts[0], + test_generator::bf_major_ver | test_generator::bf_minor_ver | test_generator::bf_timestamp | test_generator::bf_hf_version | test_generator::bf_max_outs, + 4, 4, blk_last.timestamp + DIFFICULTY_BLOCKS_ESTIMATE_TIMESPAN * 2, // v2 has blocks twice as long + crypto::hash(), 0, transaction(), std::vector<crypto::hash>(), 0, 1, 4), + false, "Failed to generate block"); + events.push_back(blk); + blk_last = blk; + } + blk_r = blk_last; + } + + const crypto::public_key tx_pub_key = get_tx_pub_key_from_extra(blocks[0].miner_tx); + MDEBUG("tx_pub_key: " << tx_pub_key); + const crypto::public_key output_pub_key = boost::get<txout_to_key>(blocks[0].miner_tx.vout[0].target).key; + MDEBUG("output_pub_key: " << output_pub_key); + cryptonote::keypair in_ephemeral; + +#ifndef NO_MULTISIG + // create k/L/R/ki for that output we're going to spend + std::vector<std::vector<crypto::secret_key>> account_k(total); + std::vector<std::vector<crypto::public_key>> account_L(total); + std::vector<std::vector<crypto::public_key>> account_R(total); + std::vector<std::vector<crypto::key_image>> account_ki(total); + for (size_t msidx = 0; msidx < total; ++msidx) + { + size_t nlr = threshold < total ? threshold - 1 : 1; + account_L[msidx].resize(nlr); + account_R[msidx].resize(nlr); + for (size_t n = 0; n < nlr; ++n) + { + account_k[msidx].push_back(rct::rct2sk(rct::skGen())); + cryptonote::generate_multisig_LR(output_pub_key, account_k[msidx][n], account_L[msidx][n], account_R[msidx][n]); + } + size_t numki = miner_account[msidx].get_multisig_keys().size(); + account_ki[msidx].resize(numki); + for (size_t kiidx = 0; kiidx < numki; ++kiidx) + { + r = cryptonote::generate_multisig_key_image(miner_account[msidx].get_keys(), tx_pub_key, 0, in_ephemeral, account_ki[msidx][kiidx], kiidx); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate multisig export key image"); + } + MDEBUG("Party " << msidx << ":"); + MDEBUG("spend: sec " << miner_account[msidx].get_keys().m_spend_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_spend_public_key); + MDEBUG("view: sec " << miner_account[msidx].get_keys().m_view_secret_key << ", pub " << miner_account[msidx].get_keys().m_account_address.m_view_public_key); + for (const auto &k: miner_account[msidx].get_multisig_keys()) + MDEBUG("msk: " << k); + for (size_t n = 0; n < account_k[msidx].size(); ++n) + { + MDEBUG("k: " << account_k[msidx][n]); + MDEBUG("L: " << account_L[msidx][n]); + MDEBUG("R: " << account_R[msidx][n]); + } + for (const auto &ki: account_ki[msidx]) + MDEBUG("ki: " << ki); + } +#endif + + // create kLRki + rct::multisig_kLRki kLRki; +#ifdef NO_MULTISIG + kLRki = {rct::zero(), rct::zero(), rct::zero(), rct::zero()}; +#else + kLRki.k = rct::sk2rct(account_k[creator][0]); + kLRki.L = rct::pk2rct(account_L[creator][0]); + kLRki.R = rct::pk2rct(account_R[creator][0]); + MDEBUG("Starting with k " << kLRki.k); + MDEBUG("Starting with L " << kLRki.L); + MDEBUG("Starting with R " << kLRki.R); + std::unordered_set<crypto::public_key> used_L; + for (size_t msidx = 0; msidx < total; ++msidx) + { + if (msidx == creator) + continue; + if (std::find(signers.begin(), signers.end(), msidx) == signers.end()) + continue; + for (size_t lr = 0; lr < account_L[msidx].size(); ++lr) + { + if (used_L.find(account_L[msidx][lr]) == used_L.end()) + { + used_L.insert(account_L[msidx][lr]); + MDEBUG("Adding L " << account_L[msidx][lr] << " (for k " << account_k[msidx][lr] << ")"); + MDEBUG("Adding R " << account_R[msidx][lr]); + rct::addKeys((rct::key&)kLRki.L, kLRki.L, rct::pk2rct(account_L[msidx][lr])); + rct::addKeys((rct::key&)kLRki.R, kLRki.R, rct::pk2rct(account_R[msidx][lr])); + break; + } + } + } + std::vector<crypto::key_image> pkis; + for (size_t msidx = 0; msidx < total; ++msidx) + for (size_t n = 0; n < account_ki[msidx].size(); ++n) + pkis.push_back(account_ki[msidx][n]); + r = cryptonote::generate_multisig_composite_key_image(miner_account[0].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)kLRki.ki); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image"); + MDEBUG("composite ki: " << kLRki.ki); + MDEBUG("L: " << kLRki.L); + MDEBUG("R: " << kLRki.R); + for (size_t n = 1; n < total; ++n) + { + rct::key ki; + r = cryptonote::generate_multisig_composite_key_image(miner_account[n].get_keys(), tx_pub_key, 0, pkis, (crypto::key_image&)ki); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate composite key image"); + CHECK_AND_ASSERT_MES(kLRki.ki == ki, false, "Composite key images do not match"); + } +#endif + + // create a tx: we have 8 outputs, all from coinbase, so "fake" rct + std::vector<tx_source_entry> sources; + sources.resize(1); + tx_source_entry& src = sources.back(); + + src.real_output = 0; + src.amount = blocks[0].miner_tx.vout[0].amount; + src.real_out_tx_key = tx_pub_key; + src.real_output_in_tx_index = 0; + src.mask = rct::identity(); + src.rct = true; + src.multisig_kLRki = kLRki; + + for (int m = 0; m <= mixin; ++m) + { + rct::ctkey ctkey; + ctkey.dest = rct::pk2rct(boost::get<txout_to_key>(blocks[m].miner_tx.vout[0].target).key); + MDEBUG("using " << (m == 0 ? "real" : "fake") << " input " << ctkey.dest); + ctkey.mask = rct::commit(blocks[m].miner_tx.vout[0].amount, rct::identity()); // since those are coinbases, the masks are known + src.outputs.push_back(std::make_pair(m, ctkey)); + } + + //fill outputs entry + tx_destination_entry td; + td.addr = miner_account[creator].get_keys().m_account_address; + td.amount = amount_paid; + std::vector<tx_destination_entry> destinations; + destinations.push_back(td); + + if (pre_tx) + pre_tx(sources, destinations); + + transaction tx; + crypto::secret_key tx_key; +#ifdef NO_MULTISIG + rct::multisig_out *msoutp = NULL; +#else + rct::multisig_out msout; + rct::multisig_out *msoutp = &msout; +#endif + std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses; + subaddresses[miner_account[creator].get_keys().m_account_address.m_spend_public_key] = {0,0}; + std::vector<crypto::secret_key> additional_tx_keys; + r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_keys, true, false, msoutp); + CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction"); + +#ifndef NO_MULTISIG + // sign + std::unordered_set<crypto::secret_key> used_keys; + const std::vector<crypto::secret_key> &msk0 = miner_account[creator].get_multisig_keys(); + for (const auto &sk: msk0) + used_keys.insert(sk); + for (size_t signer: signers) + { + rct::key skey = rct::zero(); + const std::vector<crypto::secret_key> &msk1 = miner_account[signer].get_multisig_keys(); + for (size_t n = 0; n < msk1.size(); ++n) + { + const crypto::secret_key &sk1 = msk1[n]; + if (used_keys.find(sk1) == used_keys.end()) + { + used_keys.insert(sk1); + sc_add(skey.bytes, skey.bytes, rct::sk2rct(sk1).bytes); + } + } + CHECK_AND_ASSERT_MES(!(skey == rct::zero()), false, "failed to find secret multisig key to sign transaction"); + std::vector<unsigned int> indices; + for (const auto &src: sources) + indices.push_back(src.real_output); + rct::keyV k; + k.push_back(rct::zero()); + for (size_t n = 0; n < account_k[signer].size(); ++n) + { + crypto::public_key L; + rct::scalarmultBase((rct::key&)L, rct::sk2rct(account_k[signer][n])); + if (used_L.find(L) != used_L.end()) + { + sc_add(k.back().bytes, k.back().bytes, rct::sk2rct(account_k[signer][n]).bytes); + } + } + CHECK_AND_ASSERT_MES(!(k.back() == rct::zero()), false, "failed to find k to sign transaction"); + + MDEBUG("signing with k size " << k.size()); + MDEBUG("signing with k " << k.back()); + MDEBUG("signing with sk " << skey); + for (const auto &sk: used_keys) + MDEBUG(" created with sk " << sk); + MDEBUG("signing with c size " << msout.c.size()); + MDEBUG("signing with c " << msout.c.back()); + r = rct::signMultisig(tx.rct_signatures, indices, k, msout, skey); + CHECK_AND_ASSERT_MES(r, false, "failed to sign transaction"); + } +#endif + + // verify this tx is really to the expected address + const crypto::public_key tx_pub_key2 = get_tx_pub_key_from_extra(tx, 0); + crypto::key_derivation derivation; + r = crypto::generate_key_derivation(tx_pub_key2, miner_account[creator].get_keys().m_view_secret_key, derivation); + CHECK_AND_ASSERT_MES(r, false, "Failed to generate derivation"); + uint64_t n_outs = 0, amount = 0; + std::vector<crypto::key_derivation> additional_derivations; + for (size_t n = 0; n < tx.vout.size(); ++n) + { + CHECK_AND_ASSERT_MES(typeid(txout_to_key) == tx.vout[n].target.type(), false, "Unexpected tx out type"); + if (is_out_to_acc_precomp(subaddresses, boost::get<txout_to_key>(tx.vout[n].target).key, derivation, additional_derivations, n)) + { + ++n_outs; + CHECK_AND_ASSERT_MES(tx.vout[n].amount == 0, false, "Destination amount is not zero"); + rct::key Ctmp; + crypto::secret_key scalar1; + crypto::derivation_to_scalar(derivation, n, scalar1); + rct::ecdhTuple ecdh_info = tx.rct_signatures.ecdhInfo[n]; + rct::ecdhDecode(ecdh_info, rct::sk2rct(scalar1)); + rct::key C = tx.rct_signatures.outPk[n].mask; + rct::addKeys2(Ctmp, ecdh_info.mask, ecdh_info.amount, rct::H); + CHECK_AND_ASSERT_MES(rct::equalKeys(C, Ctmp), false, "Failed to decode amount"); + amount += rct::h2d(ecdh_info.amount); + } + } + CHECK_AND_ASSERT_MES(n_outs == 1, false, "Not exactly 1 output was received"); + CHECK_AND_ASSERT_MES(amount == amount_paid, false, "Amount paid was not the expected amount"); + + if (post_tx) + post_tx(tx); + + if (!valid) + DO_CALLBACK(events, "mark_invalid_tx"); + events.push_back(tx); + LOG_PRINT_L0("Test tx: " << obj_to_json_str(tx)); + + return true; +} + +bool gen_multisig_tx_valid_22_1_2::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 2, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_22_2_1::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 2, 2, {1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_33_1_23::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 3, 3, 1, {2, 3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_33_3_21::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 3, 3, 3, {2, 1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_1_2::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_1_3::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 1, {3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_2_1::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {1}, NULL, NULL); +} + +bool gen_multisig_tx_valid_23_2_3::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 2, 3, 2, {3}, NULL, NULL); +} + +bool gen_multisig_tx_valid_45_1_234::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 4, 5, 1, {2, 3, 4}, NULL, NULL); +} + +bool gen_multisig_tx_valid_89_3_1245789::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, true, 8, 9, 3, {1, 2, 4, 5, 7, 8, 9}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_22_1__no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 2, 2, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1__no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1_2_no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_33_1_3_no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 3, 3, 1, {3}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_23_1__no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 2, 3, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_invalid_45_5_23_no_threshold::generate(std::vector<test_event_entry>& events) const +{ + const int mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, mixin, amount_paid, false, 4, 5, 5, {2, 3}, NULL, NULL); +} |