diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/multisig/multisig_account.h | 45 | ||||
-rw-r--r-- | src/multisig/multisig_account_kex_impl.cpp | 173 | ||||
-rw-r--r-- | src/wallet/api/wallet.cpp | 15 | ||||
-rw-r--r-- | src/wallet/api/wallet.h | 1 | ||||
-rw-r--r-- | src/wallet/api/wallet2_api.h | 9 | ||||
-rw-r--r-- | src/wallet/wallet2.cpp | 211 | ||||
-rw-r--r-- | src/wallet/wallet2.h | 25 | ||||
-rw-r--r-- | src/wallet/wallet_rpc_server.cpp | 41 | ||||
-rw-r--r-- | src/wallet/wallet_rpc_server.h | 2 | ||||
-rw-r--r-- | src/wallet/wallet_rpc_server_commands_defs.h | 29 |
10 files changed, 416 insertions, 135 deletions
diff --git a/src/multisig/multisig_account.h b/src/multisig/multisig_account.h index 2ea8d0133..dc2fbabd8 100644 --- a/src/multisig/multisig_account.h +++ b/src/multisig/multisig_account.h @@ -103,7 +103,8 @@ namespace multisig * * - prepares a kex msg for the first round of multisig key construction. * - the local account's kex msgs are signed with the base_privkey - * - the first kex msg transmits the local base_common_privkey to other participants, for creating the group's common_privkey + * - the first kex msg transmits the local base_common_privkey to other participants, for creating the group's + * common_privkey */ multisig_account(const crypto::secret_key &base_privkey, const crypto::secret_key &base_common_privkey); @@ -190,24 +191,48 @@ namespace multisig * - If force updating with maliciously-crafted messages, the resulting account will be invalid (either unable * to complete signatures, or a 'hostage' to the malicious signer [i.e. can't sign without his participation]). */ - void kex_update(const std::vector<multisig_kex_msg> &expanded_msgs, - const bool force_update_use_with_caution = false); + void kex_update(const std::vector<multisig_kex_msg> &expanded_msgs, const bool force_update_use_with_caution = false); + /** + * brief: get_multisig_kex_round_booster - Create a multisig kex msg for the kex round that follows the kex round this + * account is currently working on, in order to 'boost' another participant's kex setup. + * - A booster message is for the round after the in-progress round because get_next_kex_round_msg() provides access + * to the in-progress round's message. + * - Useful for 'jumpstarting' the following kex round when you don't have messages from all other signers to complete + * the current round. + * - Sanitizes input messages and produces a new kex msg for round 'num_completed_rounds + 2'. + * + * - For example, in 2-of-3 escrowed purchasing, the [vendor, arbitrator] pair can boost the second round + * of key exchange by calling this function with the 'round 1' messages of each other. + * Then the [buyer] can use the resulting boost messages, in combination with [vender, arbitrator] round 1 messages, + * to complete the address in one step. In other words, call initialize_kex() on the round 1 messages, + * then call kex_update() on the round 2 booster messages to finish the multisig key. + * + * - Note: The 'threshold' and 'num_signers' are inputs here in case kex has not been initialized yet. + * param: threshold - threshold for multisig (M in M-of-N) + * param: num_signers - number of participants in multisig (N) + * param: expanded_msgs - set of multisig kex messages to process + * return: multisig kex message for next round + */ + multisig_kex_msg get_multisig_kex_round_booster(const std::uint32_t threshold, + const std::uint32_t num_signers, + const std::vector<multisig_kex_msg> &expanded_msgs) const; private: // implementation of kex_update() (non-transactional) void kex_update_impl(const std::vector<multisig_kex_msg> &expanded_msgs, const bool incomplete_signer_set); /** - * brief: initialize_kex_update - Helper for kex_update_impl() - * - Collect the local signer's shared keys to ignore in incoming messages, build the aggregate ancillary key - * if appropriate. + * brief: get_kex_exclude_pubkeys - collect the local signer's shared keys to ignore in incoming messages + * return: keys held by the local account corresponding to the 'in-progress round' + * - If 'in-progress round' is the final round, these are the local account's shares of the final aggregate key. + */ + std::vector<crypto::public_key> get_kex_exclude_pubkeys() const; + /** + * brief: initialize_kex_update - initialize the multisig account for the first kex round * param: expanded_msgs - set of multisig kex messages to process * param: kex_rounds_required - number of rounds required for kex (not including post-kex verification round) - * outparam: exclude_pubkeys_out - keys held by the local account corresponding to round 'current_round' - * - If 'current_round' is the final round, these are the local account's shares of the final aggregate key. */ void initialize_kex_update(const std::vector<multisig_kex_msg> &expanded_msgs, - const std::uint32_t kex_rounds_required, - std::vector<crypto::public_key> &exclude_pubkeys_out); + const std::uint32_t kex_rounds_required); /** * brief: finalize_kex_update - Helper for kex_update_impl() * param: kex_rounds_required - number of rounds required for kex (not including post-kex verification round) diff --git a/src/multisig/multisig_account_kex_impl.cpp b/src/multisig/multisig_account_kex_impl.cpp index ef0acf307..9be760e78 100644 --- a/src/multisig/multisig_account_kex_impl.cpp +++ b/src/multisig/multisig_account_kex_impl.cpp @@ -567,7 +567,7 @@ namespace multisig // note: do NOT remove the local signer from the pubkey origins map, since the post-kex round can be force-updated with // just the local signer's post-kex message (if the local signer were removed, then the post-kex message's pubkeys - // would be completely lost) + // would be completely deleted) // evaluate pubkeys collected @@ -608,7 +608,7 @@ namespace multisig * INTERNAL * * brief: multisig_kex_process_round_msgs - Process kex messages for the active kex round. - * - A wrapper around evaluate_multisig_kex_round_msgs() -> multisig_kex_make_next_msg(). + * - A wrapper around evaluate_multisig_kex_round_msgs() -> multisig_kex_make_round_keys(). * - In other words, evaluate the input messages and try to make a message for the next round. * - Note: Must be called on the final round's msgs to evaluate the final key components * recommended by other participants. @@ -623,7 +623,7 @@ namespace multisig * outparam: keys_to_origins_map_out - map between round keys and identity keys * - If in the final round, these are key shares recommended by other signers for the final aggregate key. * - Otherwise, these are the local account's DH derivations for the next round. - * - See multisig_kex_make_next_msg() for an explanation. + * - See multisig_kex_make_round_keys() for an explanation. * return: multisig kex message for next round, or empty message if 'current_round' is the final round */ //---------------------------------------------------------------------------------------------------------------------- @@ -684,59 +684,67 @@ namespace multisig //---------------------------------------------------------------------------------------------------------------------- // multisig_account: INTERNAL //---------------------------------------------------------------------------------------------------------------------- - void multisig_account::initialize_kex_update(const std::vector<multisig_kex_msg> &expanded_msgs, - const std::uint32_t kex_rounds_required, - std::vector<crypto::public_key> &exclude_pubkeys_out) + std::vector<crypto::public_key> multisig_account::get_kex_exclude_pubkeys() const { + // exclude all keys the local account recommends + std::vector<crypto::public_key> exclude_pubkeys; + if (m_kex_rounds_complete == 0) { - // the first round of kex msgs will contain each participant's base pubkeys and ancillary privkeys + // in the first round, only the local pubkey is recommended by the local signer + exclude_pubkeys.emplace_back(m_base_pubkey); + } + else + { + // in other rounds, kex msgs will contain participants' shared keys, so ignore shared keys the account helped + // create for this round + for (const auto &shared_key_with_origins : m_kex_keys_to_origins_map) + exclude_pubkeys.emplace_back(shared_key_with_origins.first); + } - // collect participants' base common privkey shares - // note: duplicate privkeys are acceptable, and duplicates due to duplicate signers - // will be blocked by duplicate-signer errors after this function is called - std::vector<crypto::secret_key> participant_base_common_privkeys; - participant_base_common_privkeys.reserve(expanded_msgs.size() + 1); + return exclude_pubkeys; + } + //---------------------------------------------------------------------------------------------------------------------- + // multisig_account: INTERNAL + //---------------------------------------------------------------------------------------------------------------------- + void multisig_account::initialize_kex_update(const std::vector<multisig_kex_msg> &expanded_msgs, + const std::uint32_t kex_rounds_required) + { + // initialization is only needed during the first round + if (m_kex_rounds_complete > 0) + return; - // add local ancillary base privkey - participant_base_common_privkeys.emplace_back(m_base_common_privkey); + // the first round of kex msgs will contain each participant's base pubkeys and ancillary privkeys, so we prepare + // them here - // add other signers' base common privkeys - for (const auto &expanded_msg : expanded_msgs) - { - if (expanded_msg.get_signing_pubkey() != m_base_pubkey) - { - participant_base_common_privkeys.emplace_back(expanded_msg.get_msg_privkey()); - } - } + // collect participants' base common privkey shares + // note: duplicate privkeys are acceptable, and duplicates due to duplicate signers + // will be blocked by duplicate-signer errors after this function is called + std::vector<crypto::secret_key> participant_base_common_privkeys; + participant_base_common_privkeys.reserve(expanded_msgs.size() + 1); - // make common privkey - make_multisig_common_privkey(std::move(participant_base_common_privkeys), m_common_privkey); + // add local ancillary base privkey + participant_base_common_privkeys.emplace_back(m_base_common_privkey); - // set common pubkey - CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(m_common_privkey, m_common_pubkey), - "Failed to derive public key"); + // add other signers' base common privkeys + for (const multisig_kex_msg &expanded_msg : expanded_msgs) + { + if (expanded_msg.get_signing_pubkey() != m_base_pubkey) + participant_base_common_privkeys.emplace_back(expanded_msg.get_msg_privkey()); + } - // if N-of-N, then the base privkey will be used directly to make the account's share of the final key - if (kex_rounds_required == 1) - { - m_multisig_privkeys.clear(); - m_multisig_privkeys.emplace_back(m_base_privkey); - } + // make common privkey + make_multisig_common_privkey(std::move(participant_base_common_privkeys), m_common_privkey); - // exclude all keys the local account recommends - // - in the first round, only the local pubkey is recommended by the local signer - exclude_pubkeys_out.emplace_back(m_base_pubkey); - } - else - { - // in other rounds, kex msgs will contain participants' shared keys + // set common pubkey + CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(m_common_privkey, m_common_pubkey), + "Failed to derive public key"); - // ignore shared keys the account helped create for this round - for (const auto &shared_key_with_origins : m_kex_keys_to_origins_map) - { - exclude_pubkeys_out.emplace_back(shared_key_with_origins.first); - } + // if N-of-N, then the base privkey will be used directly to make the account's share of the final key + if (kex_rounds_required == 1) + { + m_multisig_privkeys.clear(); + m_multisig_privkeys.emplace_back(m_base_privkey); } } //---------------------------------------------------------------------------------------------------------------------- @@ -771,9 +779,7 @@ namespace multisig result_keys.reserve(result_keys_to_origins_map.size()); for (const auto &result_key_and_origins : result_keys_to_origins_map) - { result_keys.emplace_back(result_key_and_origins.first); - } // compute final aggregate key, update local multisig privkeys with aggregation coefficients applied m_multisig_pubkey = generate_multisig_aggregate_key(std::move(result_keys), m_multisig_privkeys); @@ -811,7 +817,8 @@ namespace multisig // derived pubkey = multisig_key * G crypto::public_key_memsafe derived_pubkey; m_multisig_privkeys.push_back( - calculate_multisig_keypair_from_derivation(derivation_and_origins.first, derived_pubkey)); + calculate_multisig_keypair_from_derivation(derivation_and_origins.first, derived_pubkey) + ); // save the account's kex key mappings for this round [derived pubkey : other signers who will have the same key] m_kex_keys_to_origins_map[derived_pubkey] = std::move(derivation_and_origins.second); @@ -863,8 +870,7 @@ namespace multisig "Multisig kex has already completed all required rounds (including post-kex verification)."); // initialize account update - std::vector<crypto::public_key> exclude_pubkeys; - initialize_kex_update(expanded_msgs, kex_rounds_required, exclude_pubkeys); + this->initialize_kex_update(expanded_msgs, kex_rounds_required); // process messages into a [pubkey : {origins}] map multisig_keyset_map_memsafe_t result_keys_to_origins_map; @@ -875,12 +881,75 @@ namespace multisig m_threshold, m_signers, expanded_msgs, - exclude_pubkeys, + this->get_kex_exclude_pubkeys(), incomplete_signer_set, result_keys_to_origins_map); // finish account update - finalize_kex_update(kex_rounds_required, std::move(result_keys_to_origins_map)); + this->finalize_kex_update(kex_rounds_required, std::move(result_keys_to_origins_map)); + } + //----------------------------------------------------------------- + // multisig_account: EXTERNAL + //----------------------------------------------------------------- + multisig_kex_msg multisig_account::get_multisig_kex_round_booster(const std::uint32_t threshold, + const std::uint32_t num_signers, + const std::vector<multisig_kex_msg> &expanded_msgs) const + { + // the messages passed in should be required for the next kex round of this account (the round it is currently + // working on) + const std::uint32_t expected_msgs_round{m_kex_rounds_complete + 1}; + const std::uint32_t kex_rounds_required{multisig_kex_rounds_required(num_signers, threshold)}; + + CHECK_AND_ASSERT_THROW_MES(num_signers > 1, "Must be at least one other multisig signer."); + CHECK_AND_ASSERT_THROW_MES(num_signers <= config::MULTISIG_MAX_SIGNERS, "Too many multisig signers specified."); + CHECK_AND_ASSERT_THROW_MES(expected_msgs_round < kex_rounds_required, + "Multisig kex booster: this account has already completed all intermediate kex rounds so it can't make a kex " + "booster (there is no round available to boost)."); + CHECK_AND_ASSERT_THROW_MES(expanded_msgs.size() > 0, "At least one input kex message expected."); + + // sanitize pubkeys from input msgs + multisig_keyset_map_memsafe_t pubkey_origins_map; + const std::uint32_t msgs_round{ + multisig_kex_msgs_sanitize_pubkeys(expanded_msgs, this->get_kex_exclude_pubkeys(), pubkey_origins_map) + }; + CHECK_AND_ASSERT_THROW_MES(msgs_round == expected_msgs_round, "Kex messages were not for expected round."); + + // remove the local signer from sanitized messages + remove_key_from_mapped_sets(m_base_pubkey, pubkey_origins_map); + + // make DH derivations for booster message + multisig_keyset_map_memsafe_t derivation_to_origins_map; + multisig_kex_make_round_keys(m_base_privkey, std::move(pubkey_origins_map), derivation_to_origins_map); + + // collect keys for booster message + std::vector<crypto::public_key> next_msg_keys; + next_msg_keys.reserve(derivation_to_origins_map.size()); + + if (msgs_round + 1 == kex_rounds_required) + { + // final kex round: send DH derivation pubkeys in the message + for (const auto &derivation_and_origins : derivation_to_origins_map) + { + // multisig_privkey = H(derivation) + // derived pubkey = multisig_key * G + crypto::public_key_memsafe derived_pubkey; + calculate_multisig_keypair_from_derivation(derivation_and_origins.first, derived_pubkey); + + // save keys that should be recommended to other signers + // - The keys multisig_key*G are sent to other participants in the message, so they can be used to produce the final + // multisig key via generate_multisig_spend_public_key(). + next_msg_keys.push_back(derived_pubkey); + } + } + else //(msgs_round + 1 < kex_rounds_required) + { + // intermediate kex round: send DH derivations directly in the message + for (const auto &derivation_and_origins : derivation_to_origins_map) + next_msg_keys.push_back(derivation_and_origins.first); + } + + // produce a kex message for the round after the round this account is currently working on + return multisig_kex_msg{msgs_round + 1, m_base_privkey, std::move(next_msg_keys)}.get_msg(); } //---------------------------------------------------------------------------------------------------------------------- } //namespace multisig diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp index 58cb84947..a6dabddb6 100644 --- a/src/wallet/api/wallet.cpp +++ b/src/wallet/api/wallet.cpp @@ -1354,6 +1354,21 @@ std::string WalletImpl::exchangeMultisigKeys(const std::vector<std::string> &inf return string(); } +std::string WalletImpl::getMultisigKeyExchangeBooster(const std::vector<std::string> &info, + const std::uint32_t threshold, + const std::uint32_t num_signers) { + try { + clearStatus(); + + return m_wallet->get_multisig_key_exchange_booster(epee::wipeable_string(m_password), info, threshold, num_signers); + } catch (const exception& e) { + LOG_ERROR("Error on boosting multisig key exchange: " << e.what()); + setStatusError(string(tr("Failed to boost multisig key exchange: ")) + e.what()); + } + + return string(); +} + bool WalletImpl::exportMultisigImages(string& images) { try { clearStatus(); diff --git a/src/wallet/api/wallet.h b/src/wallet/api/wallet.h index d1bf4f759..7ca126dd7 100644 --- a/src/wallet/api/wallet.h +++ b/src/wallet/api/wallet.h @@ -148,6 +148,7 @@ public: std::string getMultisigInfo() const override; std::string makeMultisig(const std::vector<std::string>& info, uint32_t threshold) override; std::string exchangeMultisigKeys(const std::vector<std::string> &info, const bool force_update_use_with_caution = false) override; + std::string getMultisigKeyExchangeBooster(const std::vector<std::string> &info, const uint32_t threshold, const uint32_t num_signers) override; bool exportMultisigImages(std::string& images) override; size_t importMultisigImages(const std::vector<std::string>& images) override; bool hasMultisigPartialKeyImages() const override; diff --git a/src/wallet/api/wallet2_api.h b/src/wallet/api/wallet2_api.h index 53210832b..bd641fc0e 100644 --- a/src/wallet/api/wallet2_api.h +++ b/src/wallet/api/wallet2_api.h @@ -803,6 +803,15 @@ struct Wallet */ virtual std::string exchangeMultisigKeys(const std::vector<std::string> &info, const bool force_update_use_with_caution) = 0; /** + * @brief getMultisigKeyExchangeBooster - obtain partial information for the key exchange round after the in-progress round, + * to speed up another signer's key exchange process + * @param info - base58 encoded key derivations returned by makeMultisig or exchangeMultisigKeys function call + * @param threshold - number of required signers to make valid transaction. Must be <= number of participants. + * @param num_signers - total number of multisig participants. + * @return new info string if more rounds required or exception if no more rounds (i.e. no rounds to boost) + */ + virtual std::string getMultisigKeyExchangeBooster(const std::vector<std::string> &info, const uint32_t threshold, const uint32_t num_signers) = 0; + /** * @brief exportMultisigImages - exports transfers' key images * @param images - output paramter for hex encoded array of images * @return true if success diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 9b09d0920..951e8cb6a 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -5509,32 +5509,77 @@ void wallet2::restore(const std::string& wallet_, const epee::wipeable_string& p } } //---------------------------------------------------------------------------------------------------- -std::string wallet2::make_multisig(const epee::wipeable_string &password, - const std::vector<std::string> &initial_kex_msgs, - const std::uint32_t threshold) +epee::misc_utils::auto_scope_leave_caller wallet2::decrypt_account_for_multisig(const epee::wipeable_string &password) { // decrypt account keys + // note: this conditional's clauses are old and undocumented epee::misc_utils::auto_scope_leave_caller keys_reencryptor; if (m_ask_password == AskPasswordToDecrypt && !m_unattended && !m_watch_only) { crypto::chacha_key chacha_key; crypto::generate_chacha_key(password.data(), password.size(), chacha_key, m_kdf_rounds); - m_account.encrypt_viewkey(chacha_key); - m_account.decrypt_keys(chacha_key); + this->decrypt_keys(chacha_key); keys_reencryptor = epee::misc_utils::create_scope_leave_handler( - [&, this, chacha_key]() + [this, chacha_key]() { - m_account.encrypt_keys(chacha_key); - m_account.decrypt_viewkey(chacha_key); + this->encrypt_keys(chacha_key); } ); } - // create multisig account - multisig::multisig_account multisig_account{ - multisig::get_multisig_blinded_secret_key(get_account().get_keys().m_spend_secret_key), - multisig::get_multisig_blinded_secret_key(get_account().get_keys().m_view_secret_key) + return keys_reencryptor; +} +//---------------------------------------------------------------------------------------------------- +void wallet2::get_uninitialized_multisig_account(multisig::multisig_account &account_out) const +{ + // create uninitialized multisig account + account_out = multisig::multisig_account{ + // k_base = H(normal private spend key) + multisig::get_multisig_blinded_secret_key(this->get_account().get_keys().m_spend_secret_key), + // k_view = H(normal private view key) + multisig::get_multisig_blinded_secret_key(this->get_account().get_keys().m_view_secret_key) + }; +} +//---------------------------------------------------------------------------------------------------- +void wallet2::get_reconstructed_multisig_account(multisig::multisig_account &account_out) const +{ + const multisig::multisig_account_status ms_status{this->get_multisig_status()}; + CHECK_AND_ASSERT_THROW_MES(ms_status.multisig_is_active, + "The wallet is not multisig, so the multisig account couldn't be reconstructed"); + + // reconstruct multisig account + crypto::public_key common_pubkey; + crypto::secret_key_to_public_key(this->get_account().get_keys().m_view_secret_key, common_pubkey); + + multisig::multisig_keyset_map_memsafe_t kex_origins_map; + for (const auto &derivation : m_multisig_derivations) + kex_origins_map[derivation]; + + account_out = multisig::multisig_account{ + m_multisig_threshold, + m_multisig_signers, + this->get_account().get_keys().m_spend_secret_key, + this->get_account().get_keys().m_view_secret_key, + this->get_account().get_keys().m_multisig_keys, + this->get_account().get_keys().m_view_secret_key, + m_account_public_address.m_spend_public_key, + common_pubkey, + m_multisig_rounds_passed, + std::move(kex_origins_map), + "" }; +} +//---------------------------------------------------------------------------------------------------- +std::string wallet2::make_multisig(const epee::wipeable_string &password, + const std::vector<std::string> &initial_kex_msgs, + const std::uint32_t threshold) +{ + // decrypt account keys + epee::misc_utils::auto_scope_leave_caller keys_reencryptor{this->decrypt_account_for_multisig(password)}; + + // create multisig account + multisig::multisig_account multisig_account; + this->get_uninitialized_multisig_account(multisig_account); // open initial kex messages, validate them, extract signers std::vector<multisig::multisig_kex_msg> expanded_msgs; @@ -5542,7 +5587,7 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, expanded_msgs.reserve(initial_kex_msgs.size()); signers.reserve(initial_kex_msgs.size() + 1); - for (const auto &msg : initial_kex_msgs) + for (const std::string &msg : initial_kex_msgs) { expanded_msgs.emplace_back(msg); @@ -5551,17 +5596,19 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, CHECK_AND_ASSERT_THROW_MES(expanded_msgs.back().get_round() == 1, "Trying to make multisig with message that has invalid multisig kex round (should be '1')."); - // 2. duplicate signers not allowed + // 2. duplicate signers not allowed (the number of signers is implied by the number of initial kex messages passed + // in, so we can't just ignore duplicates here) CHECK_AND_ASSERT_THROW_MES(std::find(signers.begin(), signers.end(), expanded_msgs.back().get_signing_pubkey()) == signers.end(), "Duplicate signers not allowed when converting a wallet to multisig."); - // add signer (skip self for now) - if (expanded_msgs.back().get_signing_pubkey() != multisig_account.get_base_pubkey()) - signers.push_back(expanded_msgs.back().get_signing_pubkey()); + // add signer + signers.push_back(expanded_msgs.back().get_signing_pubkey()); } - // add self to signers - signers.push_back(multisig_account.get_base_pubkey()); + // expect that self is in the input list (this guarantees that the input list size always equals the number of intended + // signers for the account [when combined with duplicate checking]) + CHECK_AND_ASSERT_THROW_MES(std::find(signers.begin(), signers.end(), multisig_account.get_base_pubkey()) != signers.end(), + "The local account's signer key was not found in initial multisig kex messages when converting a wallet to multisig."); // intialize key exchange multisig_account.initialize_kex(threshold, signers, expanded_msgs); @@ -5572,12 +5619,13 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, { // Save the original i.e. non-multisig keys so the MMS can continue to use them to encrypt and decrypt messages // (making a wallet multisig overwrites those keys, see account_base::make_multisig) - m_original_address = get_account().get_keys().m_account_address; - m_original_view_secret_key = get_account().get_keys().m_view_secret_key; + m_original_address = this->get_account().get_keys().m_account_address; + m_original_view_secret_key = this->get_account().get_keys().m_view_secret_key; m_original_keys_available = true; } - clear(); + // clear wallet caches + this->clear(); // account base MINFO("Creating multisig address..."); @@ -5587,14 +5635,14 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, multisig_account.get_multisig_privkeys()), "Failed to create multisig wallet account due to bad keys"); - init_type(hw::device::device_type::SOFTWARE); + this->init_type(hw::device::device_type::SOFTWARE); m_original_keys_available = true; m_multisig = true; m_multisig_threshold = threshold; m_multisig_signers = signers; m_multisig_rounds_passed = 1; - // derivations stored (should be empty in last round) + // derivations stored (note: should be empty in last kex round) m_multisig_derivations.clear(); m_multisig_derivations.reserve(multisig_account.get_kex_keys_to_origins_map().size()); @@ -5608,12 +5656,12 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, keys_reencryptor = epee::misc_utils::auto_scope_leave_caller(); if (!m_wallet_file.empty()) - create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); + this->create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); - setup_new_blockchain(); + this->setup_new_blockchain(); if (!m_wallet_file.empty()) - store(); + this->store(); return multisig_account.get_next_kex_round_msg(); } @@ -5622,45 +5670,15 @@ std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &passwor const std::vector<std::string> &kex_messages, const bool force_update_use_with_caution /*= false*/) { - const multisig::multisig_account_status ms_status{get_multisig_status()}; + const multisig::multisig_account_status ms_status{this->get_multisig_status()}; CHECK_AND_ASSERT_THROW_MES(ms_status.multisig_is_active, "The wallet is not multisig"); // decrypt account keys - epee::misc_utils::auto_scope_leave_caller keys_reencryptor; - if (m_ask_password == AskPasswordToDecrypt && !m_unattended && !m_watch_only) - { - crypto::chacha_key chacha_key; - crypto::generate_chacha_key(password.data(), password.size(), chacha_key, m_kdf_rounds); - m_account.encrypt_viewkey(chacha_key); - m_account.decrypt_keys(chacha_key); - keys_reencryptor = epee::misc_utils::create_scope_leave_handler( - [&, this, chacha_key]() - { - m_account.encrypt_keys(chacha_key); - m_account.decrypt_viewkey(chacha_key); - } - ); - } + epee::misc_utils::auto_scope_leave_caller keys_reencryptor{this->decrypt_account_for_multisig(password)}; // reconstruct multisig account - multisig::multisig_keyset_map_memsafe_t kex_origins_map; - - for (const auto &derivation : m_multisig_derivations) - kex_origins_map[derivation]; - - multisig::multisig_account multisig_account{ - m_multisig_threshold, - m_multisig_signers, - get_account().get_keys().m_spend_secret_key, - crypto::null_skey, //base common privkey: not used - get_account().get_keys().m_multisig_keys, - get_account().get_keys().m_view_secret_key, - m_account_public_address.m_spend_public_key, - m_account_public_address.m_view_public_key, - m_multisig_rounds_passed, - std::move(kex_origins_map), - "" - }; + multisig::multisig_account multisig_account; + this->get_reconstructed_multisig_account(multisig_account); // KLUDGE: early return if there are no kex messages and main kex is complete (will return the post-kex verification round // message) (it's a kludge because this behavior would be more appropriate for a standalone wallet method) @@ -5676,7 +5694,7 @@ std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &passwor std::vector<multisig::multisig_kex_msg> expanded_msgs; expanded_msgs.reserve(kex_messages.size()); - for (const auto &msg : kex_messages) + for (const std::string &msg : kex_messages) expanded_msgs.emplace_back(msg); // update multisig kex @@ -5712,27 +5730,27 @@ std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &passwor if (!m_wallet_file.empty()) { - bool r = store_keys(m_keys_file, password, false); + bool r = this->store_keys(m_keys_file, password, false); THROW_WALLET_EXCEPTION_IF(!r, error::file_save_error, m_keys_file); if (boost::filesystem::exists(m_wallet_file + ".address.txt")) { - r = save_to_file(m_wallet_file + ".address.txt", m_account.get_public_address_str(m_nettype), true); + r = this->save_to_file(m_wallet_file + ".address.txt", m_account.get_public_address_str(m_nettype), true); if(!r) MERROR("String with address text not saved"); } } m_subaddresses.clear(); m_subaddress_labels.clear(); - add_subaddress_account(tr("Primary account")); + this->add_subaddress_account(tr("Primary account")); if (!m_wallet_file.empty()) - store(); + this->store(); } // wallet/file relationship if (!m_wallet_file.empty()) - create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); + this->create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); return multisig_account.get_next_kex_round_msg(); } @@ -5740,16 +5758,63 @@ std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &passwor std::string wallet2::get_multisig_first_kex_msg() const { // create multisig account - multisig::multisig_account multisig_account{ - // k_base = H(normal private spend key) - multisig::get_multisig_blinded_secret_key(get_account().get_keys().m_spend_secret_key), - // k_view = H(normal private view key) - multisig::get_multisig_blinded_secret_key(get_account().get_keys().m_view_secret_key) - }; + multisig::multisig_account multisig_account; + this->get_uninitialized_multisig_account(multisig_account); return multisig_account.get_next_kex_round_msg(); } //---------------------------------------------------------------------------------------------------- +std::string wallet2::get_multisig_key_exchange_booster(const epee::wipeable_string &password, + const std::vector<std::string> &kex_messages, + const std::uint32_t threshold, + const std::uint32_t num_signers) +{ + CHECK_AND_ASSERT_THROW_MES(kex_messages.size() > 0, "No key exchange messages passed in."); + + // decrypt account keys + epee::misc_utils::auto_scope_leave_caller keys_reencryptor{this->decrypt_account_for_multisig(password)}; + + // prepare multisig account + multisig::multisig_account multisig_account; + + const multisig::multisig_account_status ms_status{this->get_multisig_status()}; + CHECK_AND_ASSERT_THROW_MES(!ms_status.is_ready, "Multisig wallet creation process has already been finished."); + + if (ms_status.multisig_is_active) + { + // case: this wallet is in the middle of multisig key exchange + // - boost the round that comes after the in-progress round + + CHECK_AND_ASSERT_THROW_MES(threshold == m_multisig_threshold, + "Expected threshold does not match multisig wallet setting."); + CHECK_AND_ASSERT_THROW_MES(num_signers == m_multisig_signers.size(), + "Expected number of signers does not match multisig wallet setting."); + + // reconstruct multisig account + this->get_reconstructed_multisig_account(multisig_account); + } + else + { + // case: make_multisig() has not been called + // DANGER: If 'num_signers - threshold > 1', but this wallet's future multisig settings + // will be 'num_signers - threshold == 1', then the booster message WILL leak the + // future multisig wallet's private keys in this case where the wallet2 multisig wallet is uninitialized. + + this->get_uninitialized_multisig_account(multisig_account); + } + + // open kex messages + std::vector<multisig::multisig_kex_msg> expanded_msgs; + expanded_msgs.reserve(kex_messages.size()); + + for (const std::string &msg : kex_messages) + expanded_msgs.emplace_back(msg); + + // get kex booster message + // note: booster does not change wallet state other than decrypting/reencrypting account keys + return multisig_account.get_multisig_kex_round_booster(threshold, num_signers, expanded_msgs).get_msg(); +} +//---------------------------------------------------------------------------------------------------- multisig::multisig_account_status wallet2::get_multisig_status() const { multisig::multisig_account_status ret; diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 5f2f0e0c4..d06dc678b 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -86,6 +86,7 @@ class Serialization_portability_wallet_Test; class wallet_accessor_test; +namespace multisig { class multisig_account; } namespace tools { @@ -892,6 +893,23 @@ private: */ void restore(const std::string& wallet_, const epee::wipeable_string& password, const std::string &device_name, bool create_address_file = false); + private: + /*! + * \brief Decrypts the account keys + * \return an RAII reencryptor for the account keys + */ + epee::misc_utils::auto_scope_leave_caller decrypt_account_for_multisig(const epee::wipeable_string &password); + /*! + * \brief Creates an uninitialized multisig account + * \outparam: the uninitialized multisig account + */ + void get_uninitialized_multisig_account(multisig::multisig_account &account_out) const; + /*! + * \brief Reconstructs a multisig account from wallet2 state + * \outparam: the reconstructed multisig account + */ + void get_reconstructed_multisig_account(multisig::multisig_account &account_out) const; + public: /*! * \brief Creates a multisig wallet * \return empty if done, non empty if we need to send another string @@ -914,6 +932,13 @@ private: */ std::string get_multisig_first_kex_msg() const; /*! + * \brief Use multisig kex messages for an in-progress kex round to 'boost' the following round for another group member + */ + std::string get_multisig_key_exchange_booster(const epee::wipeable_string &password, + const std::vector<std::string> &kex_messages, + const std::uint32_t threshold, + const std::uint32_t num_signers); + /*! * Export multisig info * This will generate and remember new k values */ diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 376c58f89..86bfadeae 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -4248,6 +4248,47 @@ namespace tools return true; } //------------------------------------------------------------------------------------------------------------------------------ + bool wallet_rpc_server::on_get_multisig_key_exchange_booster(const wallet_rpc::COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER::request& req, wallet_rpc::COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER::response& res, epee::json_rpc::error& er, const connection_context *ctx) + { + if (!m_wallet) return not_open(er); + if (m_restricted) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + const multisig::multisig_account_status ms_status{m_wallet->get_multisig_status()}; + + if (ms_status.is_ready) + { + er.code = WALLET_RPC_ERROR_CODE_ALREADY_MULTISIG; + er.message = "This wallet is multisig, and already finalized"; + return false; + } + + if (req.multisig_info.size() == 0) + { + er.code = WALLET_RPC_ERROR_CODE_THRESHOLD_NOT_REACHED; + er.message = "Needs multisig info from more participants"; + return false; + } + + try + { + res.multisig_info = m_wallet->get_multisig_key_exchange_booster(req.password, + req.multisig_info, + req.threshold, + req.num_signers); + } + catch (const std::exception &e) + { + er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR; + er.message = std::string("Error calling exchange_multisig_info_booster: ") + e.what(); + return false; + } + return true; + } + //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er, const connection_context *ctx) { if (!m_wallet) return not_open(er); diff --git a/src/wallet/wallet_rpc_server.h b/src/wallet/wallet_rpc_server.h index bfb7013e2..bc025d138 100644 --- a/src/wallet/wallet_rpc_server.h +++ b/src/wallet/wallet_rpc_server.h @@ -151,6 +151,7 @@ namespace tools MAP_JON_RPC_WE("import_multisig_info", on_import_multisig, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG) MAP_JON_RPC_WE("finalize_multisig", on_finalize_multisig, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG) MAP_JON_RPC_WE("exchange_multisig_keys", on_exchange_multisig_keys, wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS) + MAP_JON_RPC_WE("get_multisig_key_exchange_booster", on_get_multisig_key_exchange_booster, wallet_rpc::COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER) MAP_JON_RPC_WE("sign_multisig", on_sign_multisig, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG) MAP_JON_RPC_WE("submit_multisig", on_submit_multisig, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG) MAP_JON_RPC_WE("validate_address", on_validate_address, wallet_rpc::COMMAND_RPC_VALIDATE_ADDRESS) @@ -242,6 +243,7 @@ namespace tools bool on_import_multisig(const wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); bool on_finalize_multisig(const wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); bool on_exchange_multisig_keys(const wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::request& req, wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); + bool on_get_multisig_key_exchange_booster(const wallet_rpc::COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER::request& req, wallet_rpc::COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); bool on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); bool on_submit_multisig(const wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); bool on_validate_address(const wallet_rpc::COMMAND_RPC_VALIDATE_ADDRESS::request& req, wallet_rpc::COMMAND_RPC_VALIDATE_ADDRESS::response& res, epee::json_rpc::error& er, const connection_context *ctx = NULL); diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h index 2173f5b6e..acf24c87b 100644 --- a/src/wallet/wallet_rpc_server_commands_defs.h +++ b/src/wallet/wallet_rpc_server_commands_defs.h @@ -2481,6 +2481,35 @@ namespace wallet_rpc typedef epee::misc_utils::struct_init<response_t> response; }; + struct COMMAND_RPC_GET_MULTISIG_KEY_EXCHANGE_BOOSTER + { + struct request_t + { + std::string password; + std::vector<std::string> multisig_info; + uint32_t threshold; + uint32_t num_signers; + + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(password) + KV_SERIALIZE(multisig_info) + KV_SERIALIZE(threshold) + KV_SERIALIZE(num_signers) + END_KV_SERIALIZE_MAP() + }; + typedef epee::misc_utils::struct_init<request_t> request; + + struct response_t + { + std::string multisig_info; + + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(multisig_info) + END_KV_SERIALIZE_MAP() + }; + typedef epee::misc_utils::struct_init<response_t> response; + }; + struct COMMAND_RPC_SIGN_MULTISIG { struct request_t |