diff options
| author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-06-09 13:02:16 +0000 |
|---|---|---|
| committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2020-08-27 12:44:04 +0000 |
| commit | 82ee01699c2b910e44fd7362bd47d3a1cc9c26af (patch) | |
| tree | 5dcce86d8b82e8dab9821bae6120252c27c864f1 /tests/unit_tests/ringct.cpp | |
| parent | unit_tests: add ge_triple_scalarmult_base_vartime test (diff) | |
| download | monero-82ee01699c2b910e44fd7362bd47d3a1cc9c26af.tar.xz | |
Integrate CLSAGs into monero
They are allowed from v12, and MLSAGs are rejected from v13.
Diffstat (limited to 'tests/unit_tests/ringct.cpp')
| -rw-r--r-- | tests/unit_tests/ringct.cpp | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp index 807bab64a..75fe9ecfb 100644 --- a/tests/unit_tests/ringct.cpp +++ b/tests/unit_tests/ringct.cpp @@ -38,6 +38,7 @@ #include "ringct/rctSigs.h" #include "ringct/rctOps.h" #include "device/device.hpp" +#include "string_tools.h" using namespace std; using namespace crypto; @@ -137,6 +138,169 @@ TEST(ringct, MG_sigs) ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R)); } +TEST(ringct, CLSAG) +{ + const size_t ring_size = 11; + const size_t idx = 5; + keyV P, C; + key p, z; + const key message = identity(); + key backup; + clsag clsag; + + for (size_t i = 0; i < ring_size; ++i) + { + key Sk, Pk; + skpkGen(Sk, Pk); + P.push_back(Pk); + skpkGen(Sk, Pk); + C.push_back(Pk); + } + skpkGen(p, P[idx]); + skpkGen(z, C[idx]); + + // bad p at creation + clsag = CLSAG_Gen(zero(), P, p, C, z, idx); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + + // bad index at creation + try + { + clsag = CLSAG_Gen(message, P, p, C, z, (idx + 1) % ring_size); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + } + catch (...) { /* either exception, or failure to verify above */ } + + // bad z at creation + try + { + clsag = CLSAG_Gen(message, P, p, C, skGen(), idx); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + } + catch (...) { /* either exception, or failure to verify above */ } + + // bad C at creation + backup = C[idx]; + C[idx] = scalarmultBase(skGen()); + try + { + clsag = CLSAG_Gen(message, P, p, C, z, idx); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + } + catch (...) { /* either exception, or failure to verify above */ } + C[idx] = backup; + + // bad p at creation + try + { + clsag = CLSAG_Gen(message, P, skGen(), C, z, idx); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + } + catch (...) { /* either exception, or failure to verify above */ } + + // bad P at creation + backup = P[idx]; + P[idx] = scalarmultBase(skGen()); + try + { + clsag = CLSAG_Gen(message, P, p, C, z, idx); //, hw::get_device("default")); + ASSERT_FALSE(CLSAG_Ver(message, P, C, clsag)); + } + catch (...) { /* either exception, or failure to verify above */ } + P[idx] = backup; + + // good + clsag = CLSAG_Gen(message, P, p, C, z, idx); //, hw::get_device("default")); + ASSERT_TRUE(CLSAG_Ver(message, P, C, clsag)); + + // bad message at verification + ASSERT_FALSE(CLSAG_Ver(zero(), P, C, clsag)); + + // bad real P at verification + backup = P[idx]; + P[idx] = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(zero(), P, C, clsag)); + P[idx] = backup; + + // bad fake P at verification + backup = P[(idx + 1) % ring_size]; + P[(idx + 1) % ring_size] = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(zero(), P, C, clsag)); + P[(idx + 1) % ring_size] = backup; + + // bad real C at verification + backup = C[idx]; + C[idx] = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(zero(), P, C, clsag)); + C[idx] = backup; + + // bad fake C at verification + backup = C[(idx + 1) % ring_size]; + C[(idx + 1) % ring_size] = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(zero(), P, C, clsag)); + C[(idx + 1) % ring_size] = backup; + + // empty s + auto sbackup = clsag.s; + clsag.s.clear(); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.s = sbackup; + + // too few s elements + backup = clsag.s.back(); + clsag.s.pop_back(); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.s.push_back(backup); + + // too many s elements + clsag.s.push_back(skGen()); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.s.pop_back(); + + // bad s in clsag at verification + for (auto &s: clsag.s) + { + backup = s; + s = skGen(); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + s = backup; + } + + // bad c1 in clsag at verification + backup = clsag.c1; + clsag.c1 = skGen(); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.c1 = backup; + + // bad I in clsag at verification + backup = clsag.I; + clsag.I = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.I = backup; + + // bad D in clsag at verification + backup = clsag.D; + clsag.D = scalarmultBase(skGen()); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.D = backup; + + // D not in main subgroup in clsag at verification + backup = clsag.D; + rct::key x; + ASSERT_TRUE(epee::string_tools::hex_to_pod("c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa", x)); + clsag.D = rct::addKeys(clsag.D, x); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + clsag.D = backup; + + // swapped I and D in clsag at verification + std::swap(clsag.I, clsag.D); + ASSERT_FALSE(CLSAG_Ver(identity(), P, C, clsag)); + std::swap(clsag.I, clsag.D); + + // check it's still good, in case we failed to restore + ASSERT_TRUE(CLSAG_Ver(message, P, C, clsag)); +} + TEST(ringct, range_proofs) { //Ring CT Stuff |