add multisig core test and factor multisig building blocks

xdraylin · Dec 17, 2017 · 66e34e8 · 66e34e8
1 parent f4eda44
commit 66e34e8
Show file tree

Hide file tree

Showing 17 changed files with 1,019 additions and 127 deletions.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -114,6 +114,7 @@ add_subdirectory(ringct)
 add_subdirectory(checkpoints)
 add_subdirectory(cryptonote_basic)
 add_subdirectory(cryptonote_core)
+add_subdirectory(multisig)
 if(NOT IOS)
   add_subdirectory(blockchain_db)
 endif()

diff --git a/src/cryptonote_core/CMakeLists.txt b/src/cryptonote_core/CMakeLists.txt
@@ -59,6 +59,7 @@ target_link_libraries(cryptonote_core
     common
     cncrypto
     blockchain_db
+    multisig
     ringct
     ${Boost_DATE_TIME_LIBRARY}
     ${Boost_PROGRAM_OPTIONS_LIBRARY}

diff --git a/src/cryptonote_core/cryptonote_tx_utils.cpp b/src/cryptonote_core/cryptonote_tx_utils.cpp
@@ -40,6 +40,7 @@ using namespace epee;
 #include "crypto/crypto.h"
 #include "crypto/hash.h"
 #include "ringct/rctSigs.h"
+#include "multisig/multisig.h"
 
 using namespace crypto;
 
@@ -72,21 +73,6 @@ namespace cryptonote
     LOG_PRINT_L2("destinations include " << num_stdaddresses << " standard addresses and " << num_subaddresses << " subaddresses");
   }
   //---------------------------------------------------------------
-  bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki)
-  {
-     crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
-     bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
-     CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
-
-     r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub);
-     CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index <<  ", " << ack.m_account_address.m_spend_public_key << ")");
-
-     crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec);
-
-     crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki);
-     return true;
-  }
-  //---------------------------------------------------------------
   bool construct_miner_tx(size_t height, size_t median_size, uint64_t already_generated_coins, size_t current_block_size, uint64_t fee, const account_public_address &miner_address, transaction& tx, const blobdata& extra_nonce, size_t max_outs, uint8_t hard_fork_version) {
     tx.vin.clear();
     tx.vout.clear();

diff --git a/src/multisig/CMakeLists.txt b/src/multisig/CMakeLists.txt
@@ -0,0 +1,52 @@
+# Copyright (c) 2017, The Monero Project
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+#    conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+#    of conditions and the following disclaimer in the documentation and/or other
+#    materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without specific
+#    prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+set(multisig_sources
+  multisig.cpp)
+
+set(multisig_headers)
+
+set(multisig_private_headers
+  multisig.h)
+
+monero_private_headers(multisig
+  ${multisig_private_headers})
+
+monero_add_library(multisig
+  ${multisig_sources}
+  ${multisig_headers}
+  ${multisig_private_headers})
+
+target_link_libraries(multisig
+  PUBLIC
+    ringct
+    cryptonote_basic
+    common
+    cncrypto
+  PRIVATE
+    ${EXTRA_LIBRARIES})
diff --git a/src/multisig/multisig.cpp b/src/multisig/multisig.cpp
@@ -0,0 +1,152 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <unordered_set>
+#include "include_base_utils.h"
+#include "crypto/crypto.h"
+#include "ringct/rctOps.h"
+#include "cryptonote_basic/account.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "multisig.h"
+
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "multisig"
+
+using namespace std;
+
+namespace cryptonote
+{
+  //-----------------------------------------------------------------
+  bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki)
+  {
+    crypto::key_derivation recv_derivation = AUTO_VAL_INIT(recv_derivation);
+    bool r = crypto::generate_key_derivation(tx_public_key, ack.m_view_secret_key, recv_derivation);
+    CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to generate_key_derivation(" << tx_public_key << ", " << ack.m_view_secret_key << ")");
+
+    r = crypto::derive_public_key(recv_derivation, real_output_index, ack.m_account_address.m_spend_public_key, in_ephemeral.pub);
+    CHECK_AND_ASSERT_MES(r, false, "key image helper: failed to derive_public_key(" << recv_derivation << ", " << real_output_index <<  ", " << ack.m_account_address.m_spend_public_key << ")");
+
+    crypto::derive_secret_key(recv_derivation, real_output_index, ack.m_spend_secret_key, in_ephemeral.sec);
+
+    crypto::generate_key_image(in_ephemeral.pub, in_ephemeral.sec, ki);
+    return true;
+  }
+  //-----------------------------------------------------------------
+  void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
+  {
+    // the multisig spend public key is the sum of all spend public keys
+    multisig_keys.clear();
+    spend_pkey = rct::pk2rct(keys.m_account_address.m_spend_public_key);
+    for (const auto &k: spend_keys)
+      rct::addKeys(spend_pkey, spend_pkey, rct::pk2rct(k));
+    multisig_keys.push_back(keys.m_spend_secret_key);
+    spend_skey = rct::sk2rct(keys.m_spend_secret_key);
+  }
+  //-----------------------------------------------------------------
+  void generate_multisig_N1_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
+  {
+    multisig_keys.clear();
+    spend_pkey = rct::identity();
+    spend_skey = rct::zero();
+
+    // create all our composite private keys
+    for (const auto &k: spend_keys)
+    {
+      rct::keyV data;
+      data.push_back(rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(keys.m_spend_secret_key)));
+      static const rct::key salt = { {'M', 'u', 'l', 't' , 'i', 's', 'i', 'g' , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00 , 0x00, 0x00, 0x00,0x00  } };
+      data.push_back(salt);
+      rct::key msk = rct::hash_to_scalar(data);
+      multisig_keys.push_back(rct::rct2sk(msk));
+      sc_add(spend_skey.bytes, spend_skey.bytes, msk.bytes);
+    }
+  }
+  //-----------------------------------------------------------------
+  crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys)
+  {
+    crypto::hash hash;
+    crypto::cn_fast_hash(&skey, sizeof(crypto::hash), hash);
+    rct::key view_skey = rct::hash2rct(hash);
+    for (const auto &k: skeys)
+      sc_add(view_skey.bytes, view_skey.bytes, rct::sk2rct(k).bytes);
+    return rct::rct2sk(view_skey);
+  }
+  //-----------------------------------------------------------------
+  crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys)
+  {
+    rct::key spend_public_key = rct::identity();
+    for (const auto &pk: pkeys)
+    {
+      rct::addKeys(spend_public_key, spend_public_key, rct::pk2rct(pk));
+    }
+    return rct::rct2pk(spend_public_key);
+  }
+  //-----------------------------------------------------------------
+  bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index)
+  {
+    if (multisig_key_index >= keys.m_multisig_keys.size())
+      return false;
+    if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki))
+      return false;
+    // we got the ephemeral keypair, but the key image isn't right as it's done as per our private spend key, which is multisig
+    crypto::generate_key_image(in_ephemeral.pub, keys.m_multisig_keys[multisig_key_index], ki);
+    return true;
+  }
+  //-----------------------------------------------------------------
+  void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R)
+  {
+    rct::scalarmultBase((rct::key&)L, rct::sk2rct(k));
+    crypto::generate_key_image(pkey, k, (crypto::key_image&)R);
+  }
+  //-----------------------------------------------------------------
+  bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector<crypto::key_image> &pkis, crypto::key_image &ki)
+  {
+    cryptonote::keypair in_ephemeral;
+    if (!cryptonote::generate_key_image_helper_old(keys, tx_public_key, real_output_index, in_ephemeral, ki))
+      return false;
+    std::unordered_set<crypto::key_image> used;
+    for (size_t m = 0; m < keys.m_multisig_keys.size(); ++m)
+    {
+      crypto::key_image pki;
+      bool r = cryptonote::generate_multisig_key_image(keys, tx_public_key, real_output_index, in_ephemeral, pki, m);
+      if (!r)
+        return false;
+      used.insert(pki);
+    }
+    for (const auto &pki: pkis)
+    {
+      if (used.find(pki) == used.end())
+      {
+        used.insert(pki);
+        rct::addKeys((rct::key&)ki, rct::ki2rct(ki), rct::ki2rct(pki));
+      }
+    }
+    return true;
+  }
+  //-----------------------------------------------------------------
+}
diff --git a/src/multisig/multisig.h b/src/multisig/multisig.h
@@ -0,0 +1,50 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+#include <vector>
+#include <unordered_map>
+#include "crypto/crypto.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "ringct/rctTypes.h"
+
+namespace cryptonote
+{
+  struct account_keys;
+
+  bool generate_key_image_helper_old(const account_keys& ack, const crypto::public_key& tx_public_key, size_t real_output_index, keypair& in_ephemeral, crypto::key_image& ki);
+
+  void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
+  void generate_multisig_N1_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey);
+  crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector<crypto::secret_key> &skeys);
+  crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector<crypto::public_key> &pkeys);
+  bool generate_multisig_key_image(const account_keys &keys, const crypto::public_key& tx_public_key, size_t real_output_index, cryptonote::keypair& in_ephemeral, crypto::key_image& ki, size_t multisig_key_index);
+  void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R);
+  bool generate_multisig_composite_key_image(const account_keys &keys, const crypto::public_key &tx_public_key, size_t real_output_index, const std::vector<crypto::key_image> &pkis, crypto::key_image &ki);
+}
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
@@ -868,22 +868,9 @@ bool simple_wallet::finalize_multisig(const std::vector<std::string> &args)
     return true;
   }
 
-  // parse all multisig info
-  std::unordered_set<crypto::public_key> public_keys;
-  std::vector<crypto::public_key> signers(args.size(), crypto::null_pkey);
-  for (size_t i = 0; i < args.size(); ++i)
-  {
-    if (!tools::wallet2::verify_extra_multisig_info(args[i], public_keys, signers[i]))
-    {
-      fail_msg_writer() << tr("Bad multisig info: ") << args[i];
-      return true;
-    }
-  }
-
-  // we have all pubkeys now
   try
   {
-    if (!m_wallet->finalize_multisig(orig_pwd_container->password(), public_keys, signers))
+    if (!m_wallet->finalize_multisig(orig_pwd_container->password(), args))
     {
       fail_msg_writer() << tr("Failed to finalize multisig");
       return true;

diff --git a/src/wallet/CMakeLists.txt b/src/wallet/CMakeLists.txt
@@ -51,6 +51,7 @@ monero_add_library(wallet
   ${wallet_private_headers})
 target_link_libraries(wallet
   PUBLIC
+    multisig
     common
     cryptonote_core
     mnemonics
@@ -104,6 +105,7 @@ if (BUILD_GUI_DEPS)
     set(libs_to_merge
             wallet_api
             wallet
+            multisig
             cryptonote_core
             cryptonote_basic
             mnemonics