aboutsummaryrefslogtreecommitdiff
path: root/tests/unit_tests/serialization.cpp (follow)
AgeCommit message (Collapse)AuthorFilesLines
2018-09-04Merge pull request #4264luigi11111-1/+1
0c8d8f6 unit_tests: remove std::move in return statement (moneromooo-monero)
2018-08-16wallet2: make --restricted-rpc available for wallet RPC onlystoffu1-2/+1
2018-08-15unit_tests: remove std::move in return statementmoneromooo-monero1-1/+1
This actually prevents copy elision
2018-08-08wallet: allow adjusting number of rounds for the key derivation functionstoffu1-1/+1
2018-03-05Stagenetstoffu1-14/+14
2018-03-04Code modifications to integrate Ledger HW device into monero-wallet-cli.cslashm1-1/+2
The basic approach it to delegate all sensitive data (master key, secret ephemeral key, key derivation, ....) and related operations to the device. As device has low memory, it does not keep itself the values (except for view/spend keys) but once computed there are encrypted (with AES are equivalent) and return back to monero-wallet-cli. When they need to be manipulated by the device, they are decrypted on receive. Moreover, using the client for storing the value in encrypted form limits the modification in the client code. Those values are transfered from one C-structure to another one as previously. The code modification has been done with the wishes to be open to any other hardware wallet. To achieve that a C++ class hw::Device has been introduced. Two initial implementations are provided: the "default", which remaps all calls to initial Monero code, and the "Ledger", which delegates all calls to Ledger device.
2018-02-12unit_tests.serialization: refactored with ASSERT_EQ_MAPstoffu1-17/+21
2018-01-26Update 2018 copyrightxmr-eric1-1/+1
2018-01-10Merge pull request #2990Riccardo Spagni1-1/+0
2d17feb0 factor STL container serialization (moneromooo-monero)
2017-12-25Add a chacha20 variant to go with chacha8moneromooo-monero1-4/+4
2017-12-22factor STL container serializationmoneromooo-monero1-1/+0
2017-12-17Add N/N multisig tx generation and signingmoneromooo-monero1-1/+1
Scheme by luigi1111: Multisig for RingCT on Monero 2 of 2 User A (coordinator): Spendkey b,B Viewkey a,A (shared) User B: Spendkey c,C Viewkey a,A (shared) Public Address: C+B, A Both have their own watch only wallet via C+B, a A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants) A and B watch for incoming outputs B creates "half" key images for discovered output D: I2_D = (Hs(aR)+c) * Hp(D) B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D), and sending the pubkeys with I2_D. A also creates "half" key images: I1_D = (Hs(aR)+b) * Hp(D) Then I_D = I1_D + I2_D Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction). A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D to his own generated ones where they are needed (secret row L, R). At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r, which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo). B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well). B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D to his cache, allowing him to verify spent status as well. NOTE: A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively. Otherwise, trickery like the following becomes possible: A creates viewkey a,A, spendkey b,B, and sends a,A,B to B. B creates a fake key C = zG - B. B sends C back to A. The combined spendkey C+B then equals zG, allowing B to spend funds at any time! The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature). 2 of 3 User A (coordinator) Shared viewkey a,A "spendkey" j,J User B "spendkey" k,K User C "spendkey" m,M A collects K and M from B and C B collects J and M from A and C C collects J and K from A and B A computes N = nG, n = Hs(jK) A computes O = oG, o = Hs(jM) B anc C compute P = pG, p = Hs(kM) || Hs(mK) B and C can also compute N and O respectively if they wish to be able to coordinate Address: N+O+P, A The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other needed part of the signature/key images from either of the other two. Alternatively, if secure communication exists between parties: A gives j to B B gives k to C C gives m to A Address: J+K+M, A 3 of 3 Identical to 2 of 2, except the coordinator must collect the key images from both of the others. The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it or send it back to A. N-1 of N Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around (using either the secure or insecure method). For example (ignoring viewkey so letters line up): [4 of 5] User: spendkey A: a B: b C: c D: d E: e a -> B, b -> C, c -> D, d -> E, e -> A Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with the transaction so the signers know if they should use 1 or both keys. Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each. Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning: 1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image) 2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use. You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might also be straightforward enough to support with minimal changes from N-1 format. You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc. The process is somewhat cumbersome: To create a N/N multisig wallet: - each participant creates a normal wallet - each participant runs "prepare_multisig", and sends the resulting string to every other participant - each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N) As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent: - each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant - each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants Then, a transaction may be initiated: - one of the participants runs "transfer ADDRESS AMOUNT" - this partly signed transaction will be written to the "multisig_monero_tx" file - the initiator sends this file to another participant - that other participant runs "sign_multisig multisig_monero_tx" - the resulting transaction is written to the "multisig_monero_tx" file again - if the threshold was not reached, the file must be sent to another participant, until enough have signed - the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
2017-11-14remove "using namespace std" from headersmoneromooo-monero1-0/+1
It's nasty, and actually breaks on Solaris, where if.h fails to build due to: struct map *if_memmap;
2017-10-15Merge pull request #2610Riccardo Spagni1-4/+4
44c1d160 unit_tests: fix compiling on Windows (iDunk5400)
2017-10-08unit_tests: fix compiling on WindowsiDunk54001-4/+4
2017-10-07Subaddresseskenshi841-10/+10
2017-09-28tests: pass data dir as argredfish1-8/+9
This fixes test failure on builds that happen to be built in 'build/' instead of 'build/release'. Use boost filesystem path type.
2017-04-11Improvements for epee binary to hex functions:Lee Clagett1-4/+0
- Performance improvements - Added `span` for zero-copy pointer+length arguments - Added `std::ostream` overload for direct writing to output buffers - Removal of unused `string_tools::buff_to_hex`
2017-03-23core: cache tx and block hashes in the respective classesmoneromooo-monero1-0/+14
An idea from smooth
2017-02-21update copyright year, fix occasional lack of newline at line endRiccardo Spagni1-1/+1
2017-02-08extract some basic code from libcryptonote_core into libcryptonote_basickenshi841-2/+2
2017-01-14unit_tests: fix portable serialization tests hardcoded data pathmoneromooo-monero1-4/+4
2017-01-03portable serializer: tests addedkenshi841-0/+513
2016-12-20Fixed uninitialized valgrind errors in serialization testsLee Clagett1-2/+4
2016-12-04ringct: switch to Borromean signaturesShen Noether1-7/+7
2016-11-20tests: fix uninitialized data valgrind reports in serialization testsmoneromooo-monero1-1/+4
2016-10-29ringct: check the size of amount_keys is the same as destinationsmoneromooo-monero1-0/+1
2016-09-14rct: rework serialization to avoid storing vector sizesmoneromooo-monero1-2/+5
2016-08-28rct: rework v2 txes into prunable and non prunable datamoneromooo-monero1-12/+13
Nothing is pruned, but this allows easier changes later.
2016-08-28rct: change the simple flag to a typemoneromooo-monero1-1/+1
for future expansion
2016-08-28rct: avoid the need for the last II elementShen Noether1-4/+2
This element is used in the generation of the MLSAG, but isn't needed in verification. Also misc changes in the cryptonote code to match, by mooo.
2016-08-28rct: do not serialize senderPk - it is not used anymoremoneromooo-monero1-1/+3
2016-08-28rct: make the amount key derivable by a third party with the tx keymoneromooo-monero1-1/+3
Scheme design from luigi1114.
2016-08-28rct: do not serialize public keys in outPkmoneromooo-monero1-1/+2
They can be reconstructed from vout
2016-08-28integrate simple rct apimoneromooo-monero1-1/+2
2016-08-28rct: add the tx prefix hash into the MLSAGmoneromooo-monero1-1/+1
to protect the non-signatures parts of the tx from tampering.
2016-08-28ringct: do not serialize what can be reconstructedmoneromooo-monero1-19/+11
The mixRing (output keys and commitments) and II fields (key images) can be reconstructed from vin data. This saves some modest amount of space in the tx.
2016-08-28make rct tx serialization workmoneromooo-monero1-0/+201
It may be suboptimal, but it's a pain to have to rebuild everything when some of this changes. Also, no clue why there seems to be two different code paths for serializing a tx...
2015-12-31updated copyright yearRiccardo Spagni1-1/+1
2015-01-02year updated in licenseRiccardo Spagni1-1/+1
2014-09-25Revert "low risk, potentially varint overflow bug patched thanks to BBR"Riccardo Spagni1-31/+0
This reverts commit 4e2b2b942daa4206ec44c66e59863670dfe3fde4.
2014-09-24low risk, potentially varint overflow bug patched thanks to BBRRiccardo Spagni1-0/+31
2014-07-23License updated to BSD 3-clausefluffypony1-3/+29
2014-03-03moved all stuff to githubAntonio Juarez1-0/+418