diff options
| author | Riccardo Spagni <ric@spagni.net> | 2016-08-28 22:41:11 +0200 |
|---|---|---|
| committer | Riccardo Spagni <ric@spagni.net> | 2016-08-28 22:41:12 +0200 |
| commit | 8a5b766d17761f5fbdd3e30e638daa98a40a4c8a (patch) | |
| tree | ea05e3f0fd47fd1d8728e64d081292d337825cb9 /tests/unit_tests/ringct.cpp | |
| parent | Merge pull request #991 (diff) | |
| parent | blockchain: testnet heights for v3, v4, and v5 (diff) | |
| download | monero-8a5b766d17761f5fbdd3e30e638daa98a40a4c8a.tar.xz | |
Merge pull request #961
887db9f blockchain: testnet heights for v3, v4, and v5 (moneromooo-monero)
f24ab58 ringct: remove unused code (moneromooo-monero)
b38452b ringct: pass structure by const ref, not value (moneromooo-monero)
fd11271 ringct: use memcpy/memset instead of handwritten loop where appropriate (moneromooo-monero)
5d38206 ringct: remove spurious copies (moneromooo-monero)
16732a8 rct: faster Cryptonote/rct conversions (moneromooo-monero)
fbd7c35 wallet: fix some "may be used uninitialized" warnings (moneromooo-monero)
4a41dd4 wallet: do not generate 0 change (moneromooo-monero)
a0925e6 core: use full rct signatures if just one input (moneromooo-monero)
94fd881 rct: early out on failure on verRange (moneromooo-monero)
45349b6 wallet: do not ask for duplicate histograms (moneromooo-monero)
b951bc8 wallet: transfer_selected_rct now also selects fake outs (moneromooo-monero)
4f887de increase minimum mixin to 4 on hard fork 5 (moneromooo-monero)
0815c72 core: allow v1 txes after HF 5 when sweeping unmixable outputs (moneromooo-monero)
f782d45 tests: hard fork list must end with a 0 (moneromooo-monero)
074e602 ringct: use Cryptonote serialization to hash non prunable data (moneromooo-monero)
c3b3260 New "Halfway RingCT" outputs for coinbase transactions (moneromooo-monero)
6f526cd rct: log why verification fails (moneromooo-monero)
d4b8991 rct: serialize txnFee as varint (moneromooo-monero)
d4b62a1 rct amount key modified as per luigi1111's recommendations (moneromooo-monero)
93f5c62 rct: rework v2 txes into prunable and non prunable data (moneromooo-monero)
d93746b rct: rework the verification preparation process (moneromooo-monero)
3ab2ab3 rct: change the simple flag to a type (moneromooo-monero)
c5be4b0 rct: avoid the need for the last II element (Shen Noether)
a47ceee wallet: do not store signatures in the wallet cache (moneromooo-monero)
0263dd2 core: add some locking around pool use (moneromooo-monero)
2c9d951 wallet2: factor m_spent changes (moneromooo-monero)
1303cda wallet: always use new algorithm for RPC transfers (moneromooo-monero)
b337aea rct: do not serialize senderPk - it is not used anymore (moneromooo-monero)
e5a9a47 core_tests: fix a couple pre-rct tests using rct (moneromooo-monero)
230fca2 wallet: use the prefered rct case only when enough rct outs exist (moneromooo-monero)
c27194a wallet: do not try to use rct txes a few blocks before the fork (moneromooo-monero)
1bf0698 tx_pool: log why a transaction was rejected for version checks (moneromooo-monero)
37bdf6e change fork settings to allow pre-rct txes for one more fork cycle (moneromooo-monero)
cc85cc6 simplewallet: better check_tx_key feedback (moneromooo-monero)
9b70856 rct: make the amount key derivable by a third party with the tx key (moneromooo-monero)
cf33e1a rct: do not serialize public keys in outPk (moneromooo-monero)
83ab315 wallet2_api: zero amounts are now allowed with rct (moneromooo-monero)
096ac06 wallet2_api: update on_money_{received,spent} prototypes for rct changes (moneromooo-monero)
3cb2ede rpc: send global indices along with blocks/transacions on refresh (moneromooo-monero)
414b424 core: always use the new simple rct variant (moneromooo-monero)
ce5de8b tests: add tests for wallet output selection (moneromooo-monero)
84c82cd wallet: better tx input selection (moneromooo-monero)
1e21651 rct: use the already defined H where possible (moneromooo-monero)
07d353d wallet: handle 0 change properly (moneromooo-monero)
e81a2b2 port get_tx_key/check_tx_key to rct (moneromooo-monero)
e06faef tests: add basic tests for simple rct api (moneromooo-monero)
a4d4d61 integrate simple rct api (moneromooo-monero)
1e8d37e serialization: add override for serializing bool (moneromooo-monero)
dbb5f2d ringct: optimization/cleanup of hash functions (Shen Noether)
4fd01f2 ringct: "simple" ringct variant (Shen Noether)
37c895e wallet: rct specific output selection (moneromooo-monero)
1181c57 wallet: make sweep_all work with rct txes too (moneromooo-monero)
c2ec6d3 mixable transactions must be rct for v3 (moneromooo-monero)
1017a75 wallet: factor transfer_rct code with transfer code (moneromooo-monero)
f5465d8 Condition v2 txes on v3 hard fork (moneromooo-monero)
59a66e2 move the rct commitments to the output_amounts database (moneromooo-monero)
6d0e471 rct: add the tx prefix hash into the MLSAG (moneromooo-monero)
35dce5c ringct: fix size unit mismatch calling keccak (moneromooo-monero)
20e50ec ringct: do not serialize what can be reconstructed (moneromooo-monero)
106e3dc Add rct core tests (moneromooo-monero)
ada5275 Use the supplied hard fork version in validate_miner_transaction (moneromooo-monero)
acbe06d wallet: update spent status when an accepted tx disappears (moneromooo-monero)
089df4a wallet: reset output spent status on blockchain reorg (moneromooo-monero)
73d59f1 ringct: catch errors from ge_frombytes_vartime (moneromooo-monero)
161551e tests: test for ringct rctSig data sizes (moneromooo-monero)
359f469 ringct: add missing size check for ecdhInfo (moneromooo-monero)
229968e ringct: change asserts to return false for boolean functions (moneromooo-monero)
dc4aad7 add rct to the protocol (moneromooo-monero)
211d1db db_lmdb: update reset for recent db changes (moneromooo-monero)
dee42d6 ringct: add functions to commit to an amount (moneromooo-monero)
cc7f449 make rct tx serialization work (moneromooo-monero)
e70e8a6 crypto: error out where appropriate (moneromooo-monero)
54f7429 ringct: allow no outputs, and add tests for this and fees (moneromooo-monero)
e99904a ringct: make fee optional (moneromooo-monero)
f8c04ad ringct: txn fee stuff (Shen Noether)
66f9626 ringct: new {gen,decode}Rct APIs for convenience (moneromooo-monero)
789b2e2 ringct: add more convenience functions (moneromooo-monero)
9856443 core: link against libringct (moneromooo-monero)
4258dab core: new /getrandom_rctouts.bin binary RPC call (moneromooo-monero)
c3a2e14 ringct: add convenience functions to bridge ringct and cryptonote (moneromooo-monero)
eb56d0f blockchain_db: add functions for adding/removing/getting rct commitments (moneromooo-monero)
82072e7 ringct: restore verRange check in debug mode (moneromooo-monero)
63856ca ringct: add check for destinations/amount size being equal (moneromooo-monero)
e816a09 ringct: fix off by 1 in mixin usage (moneromooo-monero)
09c5ea4 ringct: simplify random key generation (moneromooo-monero)
53cdf4d tests: new ringct test for checking H2 values (Shen Noether)
56f6549 ringct: cosmetic fixes (Shen Noether)
55ff136 ringct: changes to hashToPointSimple to calcualte H2 values (Shen Noether)
63733b1 ringct: compare keys with bitwise equality, not crypto ops (Shen Noether)
98f4c6f ringct: fix size argument to cn_fast_hash (Shen Noether)
720ac85 tests: zero inputs/outputs are in fact supposed to be accepted (moneromooo-monero)
84948ea ringct: add a test for prooveRange being non deterministic (moneromooo-monero)
09fb9f4 Fix sc_0 to skGen in ProveRange (Shen Noether)
d37c1db ringct: add a few consts where appropriate (moneromooo-monero)
700248f tests: more ringct range proof tests (moneromooo-monero)
d02f999 rct: add serialization machinery to rct types (moneromooo-monero)
0ff8305 serialization: declare do_serialize specializations before use (moneromooo-monero)
8b135e7 Added note on generating H2 (Shen Noether)
4d639d9 Fixed missing last index H2 (Shen Noether)
9e82b69 remove original Cryptonote blockchain_storage blockchain format (moneromooo-monero)
86b4426 ringct: lock access to the PRNG (moneromooo-monero)
4d7f073 ringct: add simple input validation (moneromooo-monero)
57779ab tests: add some more ringct building block tests (moneromooo-monero)
b656001 ringct: add convenience operators to key (moneromooo-monero)
2d6303f tests: add Shen Noether's basic ringct tests (moneromooo-monero)
9b1afe5 ringct: import of Shen Noether's ring confidential transactions (moneromooo-monero)
Diffstat (limited to 'tests/unit_tests/ringct.cpp')
| -rw-r--r-- | tests/unit_tests/ringct.cpp | 1070 |
1 files changed, 1070 insertions, 0 deletions
diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp new file mode 100644 index 000000000..224e32e61 --- /dev/null +++ b/tests/unit_tests/ringct.cpp @@ -0,0 +1,1070 @@ +// Copyright (c) 2014-2016, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#include "gtest/gtest.h" + +#include <cstdint> +#include <algorithm> + +#include "ringct/rctTypes.h" +#include "ringct/rctSigs.h" +#include "ringct/rctOps.h" + +using namespace crypto; +using namespace rct; + +TEST(ringct, SNL) +{ + key x, P1; + skpkGen(x, P1); + + key P2 = pkGen(); + key P3 = pkGen(); + + key L1, s1, s2; + GenSchnorrNonLinkable(L1, s1, s2, x, P1, P2, 0); + + // a valid one + // an invalid one + ASSERT_TRUE(VerSchnorrNonLinkable(P1, P2, L1, s1, s2)); + ASSERT_FALSE(VerSchnorrNonLinkable(P1, P3, L1, s1, s2)); +} + +TEST(ringct, ASNL) +{ + int j = 0; + + //Tests for ASNL + //#ASNL true one, false one, C != sum Ci, and one out of the range.. + int N = 64; + key64 xv; + key64 P1v; + key64 P2v; + bits indi; + + for (j = 0 ; j < N ; j++) { + indi[j] = (int)randXmrAmount(2); + + xv[j] = skGen(); + if ( (int)indi[j] == 0 ) { + P1v[j] = scalarmultBase(xv[j]); + P2v[j] = pkGen(); + + } else { + + P2v[j] = scalarmultBase(xv[j]); + P1v[j] = pkGen(); + + } + } + + //#true one + asnlSig L1s2s = GenASNL(xv, P1v, P2v, indi); + ASSERT_TRUE(VerASNL(P1v, P2v, L1s2s)); + + //#false one + indi[3] = (indi[3] + 1) % 2; + L1s2s = GenASNL(xv, P1v, P2v, indi); + ASSERT_FALSE(VerASNL(P1v, P2v, L1s2s)); + + //#true one again + indi[3] = (indi[3] + 1) % 2; + L1s2s = GenASNL(xv, P1v, P2v, indi); + ASSERT_TRUE(VerASNL(P1v, P2v, L1s2s)); + + //#false one + L1s2s = GenASNL(xv, P2v, P1v, indi); + ASSERT_FALSE(VerASNL(P1v, P2v, L1s2s)); +} + +TEST(ringct, MG_sigs) +{ + int j = 0; + int N = 0; + + //Tests for MG Sigs + //#MG sig: true one + N = 3;// #cols + int R = 3;// #rows + keyV xtmp = skvGen(R); + keyM xm = keyMInit(R, N);// = [[None]*N] #just used to generate test public keys + keyV sk = skvGen(R); + keyM P = keyMInit(R, N);// = keyM[[None]*N] #stores the public keys; + int ind = 2; + int i = 0; + for (j = 0 ; j < R ; j++) { + for (i = 0 ; i < N ; i++) + { + xm[i][j] = skGen(); + P[i][j] = scalarmultBase(xm[i][j]); + } + } + for (j = 0 ; j < R ; j++) { + sk[j] = xm[ind][j]; + } + key message = identity(); + mgSig IIccss = MLSAG_Gen(message, P, sk, ind, R); + ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R)); + + //#MG sig: false one + N = 3;// #cols + R = 3;// #rows + xtmp = skvGen(R); + keyM xx(N, xtmp);// = [[None]*N] #just used to generate test public keys + sk = skvGen(R); + //P (N, xtmp);// = keyM[[None]*N] #stores the public keys; + + ind = 2; + for (j = 0 ; j < R ; j++) { + for (i = 0 ; i < N ; i++) + { + xx[i][j] = skGen(); + P[i][j] = scalarmultBase(xx[i][j]); + } + sk[j] = xx[ind][j]; + } + sk[2] = skGen();//asume we don't know one of the private keys.. + IIccss = MLSAG_Gen(message, P, sk, ind, R); + ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R)); +} + +TEST(ringct, range_proofs) +{ + //Ring CT Stuff + //ct range proofs + ctkeyV sc, pc; + ctkey sctmp, pctmp; + //add fake input 5000 + tie(sctmp, pctmp) = ctskpkGen(6000); + sc.push_back(sctmp); + pc.push_back(pctmp); + + + tie(sctmp, pctmp) = ctskpkGen(7000); + sc.push_back(sctmp); + pc.push_back(pctmp); + vector<xmr_amount >amounts; + rct::keyV amount_keys; + key mask; + + //add output 500 + amounts.push_back(500); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + keyV destinations; + key Sk, Pk; + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + + //add output for 12500 + amounts.push_back(12500); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + //compute rct data with mixin 500 + rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3); + + //verify rct data + ASSERT_TRUE(verRct(s)); + + //decode received amount + ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask)); + + // Ring CT with failing MG sig part should not verify! + // Since sum of inputs != outputs + + amounts[1] = 12501; + skpkGen(Sk, Pk); + destinations[1] = Pk; + + + //compute rct data with mixin 500 + s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3); + + //verify rct data + ASSERT_FALSE(verRct(s)); + + //decode received amount + ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask)); +} + +TEST(ringct, range_proofs_with_fee) +{ + //Ring CT Stuff + //ct range proofs + ctkeyV sc, pc; + ctkey sctmp, pctmp; + //add fake input 5000 + tie(sctmp, pctmp) = ctskpkGen(6001); + sc.push_back(sctmp); + pc.push_back(pctmp); + + + tie(sctmp, pctmp) = ctskpkGen(7000); + sc.push_back(sctmp); + pc.push_back(pctmp); + vector<xmr_amount >amounts; + keyV amount_keys; + key mask; + + //add output 500 + amounts.push_back(500); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + keyV destinations; + key Sk, Pk; + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + //add txn fee for 1 + //has no corresponding destination.. + amounts.push_back(1); + amount_keys.push_back(hash_to_scalar(zero())); + + //add output for 12500 + amounts.push_back(12500); + amount_keys.push_back(hash_to_scalar(zero())); + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + //compute rct data with mixin 500 + rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3); + + //verify rct data + ASSERT_TRUE(verRct(s)); + + //decode received amount + ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask)); + + // Ring CT with failing MG sig part should not verify! + // Since sum of inputs != outputs + + amounts[1] = 12501; + skpkGen(Sk, Pk); + destinations[1] = Pk; + + + //compute rct data with mixin 500 + s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3); + + //verify rct data + ASSERT_FALSE(verRct(s)); + + //decode received amount + ASSERT_TRUE(decodeRct(s, amount_keys[1], 1, mask)); +} + +TEST(ringct, simple) +{ + ctkeyV sc, pc; + ctkey sctmp, pctmp; + //this vector corresponds to output amounts + vector<xmr_amount>outamounts; + //this vector corresponds to input amounts + vector<xmr_amount>inamounts; + //this keyV corresponds to destination pubkeys + keyV destinations; + keyV amount_keys; + key mask; + + //add fake input 3000 + //the sc is secret data + //pc is public data + tie(sctmp, pctmp) = ctskpkGen(3000); + sc.push_back(sctmp); + pc.push_back(pctmp); + inamounts.push_back(3000); + + //add fake input 3000 + //the sc is secret data + //pc is public data + tie(sctmp, pctmp) = ctskpkGen(3000); + sc.push_back(sctmp); + pc.push_back(pctmp); + inamounts.push_back(3000); + + //add output 5000 + outamounts.push_back(5000); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + //add the corresponding destination pubkey + key Sk, Pk; + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + //add output 999 + outamounts.push_back(999); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + //add the corresponding destination pubkey + skpkGen(Sk, Pk); + destinations.push_back(Pk); + + key message = skGen(); //real message later (hash of txn..) + + //compute sig with mixin 2 + xmr_amount txnfee = 1; + + rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, txnfee, 2); + + //verify ring ct signature + ASSERT_TRUE(verRctSimple(s)); + + //decode received amount corresponding to output pubkey index 1 + ASSERT_TRUE(decodeRctSimple(s, amount_keys[1], 1, mask)); +} + +static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee) +{ + ctkeyV sc, pc; + ctkey sctmp, pctmp; + vector<xmr_amount >amounts; + keyV destinations; + keyV amount_keys; + key Sk, Pk; + + for (int n = 0; n < n_inputs; ++n) { + tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]); + sc.push_back(sctmp); + pc.push_back(pctmp); + } + + for (int n = 0; n < n_outputs; ++n) { + amounts.push_back(output_amounts[n]); + amount_keys.push_back(rct::hash_to_scalar(rct::zero())); + skpkGen(Sk, Pk); + if (n < n_outputs - 1 || !last_is_fee) + destinations.push_back(Pk); + } + + return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, 3);; +} + +static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee) +{ + ctkeyV sc, pc; + ctkey sctmp, pctmp; + vector<xmr_amount> inamounts, outamounts; + keyV destinations; + keyV amount_keys; + key Sk, Pk; + + for (int n = 0; n < n_inputs; ++n) { + inamounts.push_back(input_amounts[n]); + tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]); + sc.push_back(sctmp); + pc.push_back(pctmp); + } + + for (int n = 0; n < n_outputs; ++n) { + outamounts.push_back(output_amounts[n]); + amount_keys.push_back(hash_to_scalar(zero())); + skpkGen(Sk, Pk); + destinations.push_back(Pk); + } + + return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, fee, 3);; +} + +static bool range_proof_test(bool expected_valid, + int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee, bool simple) +{ + //compute rct data + bool valid; + try { + rctSig s; + // simple takes fee as a parameter, non-simple takes it as an extra element to output amounts + if (simple) { + s = make_sample_simple_rct_sig(n_inputs, input_amounts, last_is_fee ? n_outputs - 1 : n_outputs, output_amounts, last_is_fee ? output_amounts[n_outputs - 1] : 0); + valid = verRctSimple(s); + } + else { + s = make_sample_rct_sig(n_inputs, input_amounts, n_outputs, output_amounts, last_is_fee); + valid = verRct(s); + } + } + catch (const std::exception &e) { + valid = false; + } + + if (valid == expected_valid) { + return testing::AssertionSuccess(); + } + else { + return testing::AssertionFailure(); + } +} + +#define NELTS(array) (sizeof(array)/sizeof(array[0])) + +TEST(ringct, range_proofs_reject_empty_outs) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_empty_outs_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_empty_ins) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_empty_ins_simple) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_all_empty) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_all_empty_simple) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_empty) +{ + const uint64_t inputs[] = {0}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_empty_simple) +{ + const uint64_t inputs[] = {0}; + const uint64_t outputs[] = {}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_empty_zero) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {0}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_empty_zero_simple) +{ + const uint64_t inputs[] = {}; + const uint64_t outputs[] = {0}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_zero) +{ + const uint64_t inputs[] = {0}; + const uint64_t outputs[] = {0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_zero_simple) +{ + const uint64_t inputs[] = {0}; + const uint64_t outputs[] = {0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_out_first) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {0, 5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_out_first_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {0, 5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_out_last) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5000, 0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_out_last_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5000, 0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_out_middle) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {2500, 0, 2500}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_out_middle_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {2500, 0, 2500}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_in_first) +{ + const uint64_t inputs[] = {0, 5000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_in_first_simple) +{ + const uint64_t inputs[] = {0, 5000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_in_last) +{ + const uint64_t inputs[] = {5000, 0}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_in_last_simple) +{ + const uint64_t inputs[] = {5000, 0}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_zero_in_middle) +{ + const uint64_t inputs[] = {2500, 0, 2500}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_zero_in_middle_simple) +{ + const uint64_t inputs[] = {2500, 0, 2500}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_single_lower) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_single_lower_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_single_higher) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5001}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_single_higher_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5001}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_single_out_negative) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {(uint64_t)-1000ll}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_single_out_negative_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {(uint64_t)-1000ll}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_out_negative_first) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {(uint64_t)-1000ll, 6000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_out_negative_first_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {(uint64_t)-1000ll, 6000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_out_negative_last) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {6000, (uint64_t)-1000ll}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_out_negative_last_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {6000, (uint64_t)-1000ll}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_out_negative_middle) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_out_negative_middle_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_single_in_negative) +{ + const uint64_t inputs[] = {(uint64_t)-1000ll}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_single_in_negative_simple) +{ + const uint64_t inputs[] = {(uint64_t)-1000ll}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_in_negative_first) +{ + const uint64_t inputs[] = {(uint64_t)-1000ll, 6000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_in_negative_first_simple) +{ + const uint64_t inputs[] = {(uint64_t)-1000ll, 6000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_in_negative_last) +{ + const uint64_t inputs[] = {6000, (uint64_t)-1000ll}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_in_negative_last_simple) +{ + const uint64_t inputs[] = {6000, (uint64_t)-1000ll}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_in_negative_middle) +{ + const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_in_negative_middle_simple) +{ + const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_reject_higher_list) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_reject_higher_list_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_1_to_1) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_1_to_1_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_1_to_N) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_1_to_N_simple) +{ + const uint64_t inputs[] = {5000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false,true)); +} + +TEST(ringct, range_proofs_accept_N_to_1) +{ + const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_N_to_1_simple) +{ + const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000}; + const uint64_t outputs[] = {5000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_N_to_N) +{ + const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_N_to_N_simple) +{ + const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000}; + const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, range_proofs_accept_very_long) +{ + const size_t N=12; + uint64_t inputs[N]; + uint64_t outputs[N]; + for (size_t n = 0; n < N; ++n) { + inputs[n] = n; + outputs[n] = n; + } + std::random_shuffle(inputs, inputs + N); + std::random_shuffle(outputs, outputs + N); + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false)); +} + +TEST(ringct, range_proofs_accept_very_long_simple) +{ + const size_t N=12; + uint64_t inputs[N]; + uint64_t outputs[N]; + for (size_t n = 0; n < N; ++n) { + inputs[n] = n; + outputs[n] = n; + } + std::random_shuffle(inputs, inputs + N); + std::random_shuffle(outputs, outputs + N); + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); +} + +TEST(ringct, HPow2) +{ + key G = scalarmultBase(d2h(1)); + + key H = hashToPointSimple(G); + for (int j = 0 ; j < ATOMS ; j++) { + ASSERT_TRUE(equalKeys(H, H2[j])); + addKeys(H, H, H); + } +} + +static const xmr_amount test_amounts[]={0, 1, 2, 3, 4, 5, 10000, 10000000000000000000ull, 10203040506070809000ull, 123456789123456789}; + +TEST(ringct, ecdh_roundtrip) +{ + key k; + ecdhTuple t0, t1; + + for (auto amount: test_amounts) { + skGen(k); + + t0.mask = skGen(); + t0.amount = d2h(amount); + + t1 = t0; + ecdhEncode(t1, k); + ecdhDecode(t1, k); + ASSERT_TRUE(t0.mask == t1.mask); + ASSERT_TRUE(equalKeys(t0.mask, t1.mask)); + ASSERT_TRUE(t0.amount == t1.amount); + ASSERT_TRUE(equalKeys(t0.amount, t1.amount)); + } +} + +TEST(ringct, d2h) +{ + key k, P1; + skpkGen(k, P1); + for (auto amount: test_amounts) { + d2h(k, amount); + ASSERT_TRUE(amount == h2d(k)); + } +} + +TEST(ringct, d2b) +{ + for (auto amount: test_amounts) { + bits b; + d2b(b, amount); + ASSERT_TRUE(amount == b2d(b)); + } +} + +TEST(ringct, prooveRange_is_non_deterministic) +{ + key C[2], mask[2]; + for (int n = 0; n < 2; ++n) + proveRange(C[n], mask[n], 80); + ASSERT_TRUE(memcmp(C[0].bytes, C[1].bytes, sizeof(C[0].bytes))); + ASSERT_TRUE(memcmp(mask[0].bytes, mask[1].bytes, sizeof(mask[0].bytes))); +} + +TEST(ringct, fee_0_valid) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {2000, 0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_0_valid_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {2000, 0}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +TEST(ringct, fee_non_0_valid) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1900, 100}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_non_0_valid_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1900, 100}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +TEST(ringct, fee_non_0_invalid_higher) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1990, 100}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_non_0_invalid_higher_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1990, 100}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +TEST(ringct, fee_non_0_invalid_lower) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1000, 100}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_non_0_invalid_lower_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1000, 100}; + EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +TEST(ringct, fee_burn_valid_one_out) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {0, 2000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_burn_valid_one_out_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {0, 2000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +TEST(ringct, fee_burn_valid_zero_out) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {2000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false)); +} + +TEST(ringct, fee_burn_valid_zero_out_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {2000}; + EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true)); +} + +#define TEST_rctSig_elements(name, op) \ +TEST(ringct, rctSig_##name) \ +{ \ + const uint64_t inputs[] = {1000, 1000}; \ + const uint64_t outputs[] = {1000, 1000}; \ + rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true); \ + ASSERT_TRUE(rct::verRct(sig)); \ + op; \ + ASSERT_FALSE(rct::verRct(sig)); \ +} + +TEST_rctSig_elements(rangeSigs_empty, sig.p.rangeSigs.resize(0)); +TEST_rctSig_elements(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back())); +TEST_rctSig_elements(rangeSigs_too_few, sig.p.rangeSigs.pop_back()); +TEST_rctSig_elements(mgSig_MG_empty, sig.p.MGs.resize(0)); +TEST_rctSig_elements(mgSig_ss_empty, sig.p.MGs[0].ss.resize(0)); +TEST_rctSig_elements(mgSig_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back())); +TEST_rctSig_elements(mgSig_ss_too_few, sig.p.MGs[0].ss.pop_back()); +TEST_rctSig_elements(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0)); +TEST_rctSig_elements(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back())); +TEST_rctSig_elements(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back()); +TEST_rctSig_elements(mgSig_II_empty, sig.p.MGs[0].II.resize(0)); +TEST_rctSig_elements(mgSig_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back())); +TEST_rctSig_elements(mgSig_II_too_few, sig.p.MGs[0].II.pop_back()); +TEST_rctSig_elements(mixRing_empty, sig.mixRing.resize(0)); +TEST_rctSig_elements(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back())); +TEST_rctSig_elements(mixRing_too_few, sig.mixRing.pop_back()); +TEST_rctSig_elements(mixRing0_empty, sig.mixRing[0].resize(0)); +TEST_rctSig_elements(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back())); +TEST_rctSig_elements(mixRing0_too_few, sig.mixRing[0].pop_back()); +TEST_rctSig_elements(ecdhInfo_empty, sig.ecdhInfo.resize(0)); +TEST_rctSig_elements(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back())); +TEST_rctSig_elements(ecdhInfo_too_few, sig.ecdhInfo.pop_back()); +TEST_rctSig_elements(outPk_empty, sig.outPk.resize(0)); +TEST_rctSig_elements(outPk_too_many, sig.outPk.push_back(sig.outPk.back())); +TEST_rctSig_elements(outPk_too_few, sig.outPk.pop_back()); + +#define TEST_rctSig_elements_simple(name, op) \ +TEST(ringct, rctSig_##name##_simple) \ +{ \ + const uint64_t inputs[] = {1000, 1000}; \ + const uint64_t outputs[] = {1000}; \ + rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000); \ + ASSERT_TRUE(rct::verRctSimple(sig)); \ + op; \ + ASSERT_FALSE(rct::verRctSimple(sig)); \ +} + +TEST_rctSig_elements_simple(rangeSigs_empty, sig.p.rangeSigs.resize(0)); +TEST_rctSig_elements_simple(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back())); +TEST_rctSig_elements_simple(rangeSigs_too_few, sig.p.rangeSigs.pop_back()); +TEST_rctSig_elements_simple(mgSig_empty, sig.p.MGs.resize(0)); +TEST_rctSig_elements_simple(mgSig_too_many, sig.p.MGs.push_back(sig.p.MGs.back())); +TEST_rctSig_elements_simple(mgSig_too_few, sig.p.MGs.pop_back()); +TEST_rctSig_elements_simple(mgSig0_ss_empty, sig.p.MGs[0].ss.resize(0)); +TEST_rctSig_elements_simple(mgSig0_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back())); +TEST_rctSig_elements_simple(mgSig0_ss_too_few, sig.p.MGs[0].ss.pop_back()); +TEST_rctSig_elements_simple(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0)); +TEST_rctSig_elements_simple(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back())); +TEST_rctSig_elements_simple(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back()); +TEST_rctSig_elements_simple(mgSig0_II_empty, sig.p.MGs[0].II.resize(0)); +TEST_rctSig_elements_simple(mgSig0_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back())); +TEST_rctSig_elements_simple(mgSig0_II_too_few, sig.p.MGs[0].II.pop_back()); +TEST_rctSig_elements_simple(mixRing_empty, sig.mixRing.resize(0)); +TEST_rctSig_elements_simple(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back())); +TEST_rctSig_elements_simple(mixRing_too_few, sig.mixRing.pop_back()); +TEST_rctSig_elements_simple(mixRing0_empty, sig.mixRing[0].resize(0)); +TEST_rctSig_elements_simple(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back())); +TEST_rctSig_elements_simple(mixRing0_too_few, sig.mixRing[0].pop_back()); +TEST_rctSig_elements_simple(pseudoOuts_empty, sig.pseudoOuts.resize(0)); +TEST_rctSig_elements_simple(pseudoOuts_too_many, sig.pseudoOuts.push_back(sig.pseudoOuts.back())); +TEST_rctSig_elements_simple(pseudoOuts_too_few, sig.pseudoOuts.pop_back()); +TEST_rctSig_elements_simple(ecdhInfo_empty, sig.ecdhInfo.resize(0)); +TEST_rctSig_elements_simple(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back())); +TEST_rctSig_elements_simple(ecdhInfo_too_few, sig.ecdhInfo.pop_back()); +TEST_rctSig_elements_simple(outPk_empty, sig.outPk.resize(0)); +TEST_rctSig_elements_simple(outPk_too_many, sig.outPk.push_back(sig.outPk.back())); +TEST_rctSig_elements_simple(outPk_too_few, sig.outPk.pop_back()); + +TEST(ringct, reject_gen_simple_ver_non_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1000}; + rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000); + ASSERT_FALSE(rct::verRct(sig)); +} + +TEST(ringct, reject_gen_non_simple_ver_simple) +{ + const uint64_t inputs[] = {1000, 1000}; + const uint64_t outputs[] = {1000, 1000}; + rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true); + ASSERT_FALSE(rct::verRctSimple(sig)); +} |