From 84cc3b916e45ef9c2f3b71abc9f36808095adac8 Mon Sep 17 00:00:00 2001 From: Riccardo Spagni Date: Sun, 7 Oct 2018 19:57:26 +0200 Subject: [PATCH] Merge pull request #4036 9acf42d3 Multisig M/N functionality core tests added (naughtyfox) 9f3963e8 Arbitrary M/N multisig schemes: * support in wallet2 * support in monero-wallet-cli * support in monero-wallet-rpc * support in wallet api * support in monero-gen-trusted-multisig * unit tests for multisig wallets creation (naughtyfox) --- src/gen_multisig/gen_multisig.cpp | 15 +- src/multisig/multisig.cpp | 44 +- src/multisig/multisig.h | 24 +- src/simplewallet/simplewallet.cpp | 61 ++- src/simplewallet/simplewallet.h | 1 + src/wallet/api/wallet.cpp | 14 + src/wallet/api/wallet.h | 1 + src/wallet/api/wallet2_api.h | 6 + src/wallet/wallet2.cpp | 410 ++++++++++++++----- src/wallet/wallet2.h | 17 + src/wallet/wallet_rpc_server.cpp | 51 ++- src/wallet/wallet_rpc_server.h | 2 + src/wallet/wallet_rpc_server_commands_defs.h | 25 ++ tests/core_tests/chaingen.h | 43 +- tests/core_tests/chaingen_main.cpp | 10 + tests/core_tests/multisig.cpp | 152 ++++++- tests/core_tests/multisig.h | 60 +++ tests/unit_tests/multisig.cpp | 183 ++++----- 18 files changed, 853 insertions(+), 266 deletions(-) diff --git a/src/gen_multisig/gen_multisig.cpp b/src/gen_multisig/gen_multisig.cpp index b69ca52ff..8262e86f7 100644 --- a/src/gen_multisig/gen_multisig.cpp +++ b/src/gen_multisig/gen_multisig.cpp @@ -130,8 +130,8 @@ static bool generate_multisig(uint32_t threshold, uint32_t total, const std::str ss << " " << name << std::endl; } - // finalize step if needed - if (!extra_info[0].empty()) + //exchange keys unless exchange_multisig_keys returns no extra info + while (!extra_info[0].empty()) { std::unordered_set pkeys; std::vector signers(total); @@ -145,11 +145,7 @@ static bool generate_multisig(uint32_t threshold, uint32_t total, const std::str } for (size_t n = 0; n < total; ++n) { - if (!wallets[n]->finalize_multisig(pwd_container->password(), pkeys, signers)) - { - tools::fail_msg_writer() << genms::tr("Error finalizing multisig"); - return false; - } + extra_info[n] = wallets[n]->exchange_multisig_keys(pwd_container->password(), pkeys, signers); } } @@ -246,11 +242,6 @@ int main(int argc, char* argv[]) return 1; } - if (threshold != total-1 && threshold != total) - { - tools::fail_msg_writer() << genms::tr("Error: unsupported scheme: only N/N and N-1/N are supported"); - return 1; - } bool create_address_file = command_line::get_arg(*vm, arg_create_address_file); if (!generate_multisig(threshold, total, basename, testnet ? TESTNET : stagenet ? STAGENET : MAINNET, create_address_file)) return 1; diff --git a/src/multisig/multisig.cpp b/src/multisig/multisig.cpp index a0a788b7d..33d0a312f 100644 --- a/src/multisig/multisig.cpp +++ b/src/multisig/multisig.cpp @@ -84,6 +84,43 @@ namespace cryptonote } } //----------------------------------------------------------------- + std::vector generate_multisig_derivations(const account_keys &keys, const std::vector &derivations) + { + std::vector multisig_keys; + crypto::secret_key blinded_skey = get_multisig_blinded_secret_key(keys.m_spend_secret_key); + for (const auto &k: derivations) + { + rct::key d = rct::scalarmultKey(rct::pk2rct(k), rct::sk2rct(blinded_skey)); + multisig_keys.push_back(rct::rct2pk(d)); + } + + return multisig_keys; + } + //----------------------------------------------------------------- + crypto::secret_key calculate_multisig_signer_key(const std::vector& multisig_keys) + { + rct::key secret_key = rct::zero(); + for (const auto &k: multisig_keys) + { + sc_add(secret_key.bytes, secret_key.bytes, (const unsigned char*)k.data); + } + + return rct::rct2sk(secret_key); + } + //----------------------------------------------------------------- + std::vector calculate_multisig_keys(const std::vector& derivations) + { + std::vector multisig_keys; + multisig_keys.reserve(derivations.size()); + + for (const auto &k: derivations) + { + multisig_keys.emplace_back(get_multisig_blinded_secret_key(rct::rct2sk(rct::pk2rct(k)))); + } + + return multisig_keys; + } + //----------------------------------------------------------------- crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector &skeys) { rct::key view_skey = rct::sk2rct(get_multisig_blinded_secret_key(skey)); @@ -92,7 +129,7 @@ namespace cryptonote return rct::rct2sk(view_skey); } //----------------------------------------------------------------- - crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector &pkeys) + crypto::public_key generate_multisig_M_N_spend_public_key(const std::vector &pkeys) { rct::key spend_public_key = rct::identity(); for (const auto &pk: pkeys) @@ -141,4 +178,9 @@ namespace cryptonote return true; } //----------------------------------------------------------------- + uint32_t multisig_rounds_required(uint32_t participants, uint32_t threshold) + { + CHECK_AND_ASSERT_THROW_MES(participants >= threshold, "participants must be greater or equal than threshold"); + return participants - threshold + 1; + } } diff --git a/src/multisig/multisig.h b/src/multisig/multisig.h index f95611441..93a756812 100644 --- a/src/multisig/multisig.h +++ b/src/multisig/multisig.h @@ -41,9 +41,31 @@ namespace cryptonote crypto::secret_key get_multisig_blinded_secret_key(const crypto::secret_key &key); void generate_multisig_N_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey); void generate_multisig_N1_N(const account_keys &keys, const std::vector &spend_keys, std::vector &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey); + /** + * @brief generate_multisig_derivations performs common DH key derivation. + * Each middle round in M/N scheme is DH exchange of public multisig keys of other participants multiplied by secret spend key of current participant. + * this functions does the following: new multisig key = secret spend * public multisig key + * @param keys - current wallet's keys + * @param derivations - public multisig keys of other participants + * @return new public multisig keys derived from previous round. This data needs to be exchange with other participants + */ + std::vector generate_multisig_derivations(const account_keys &keys, const std::vector &derivations); + crypto::secret_key calculate_multisig_signer_key(const std::vector& derivations); + /** + * @brief calculate_multisig_keys. Calculates secret multisig keys from others' participants ones as follows: mi = H(Mi) + * @param derivations - others' participants public multisig keys. + * @return vector of current wallet's multisig secret keys + */ + std::vector calculate_multisig_keys(const std::vector& derivations); crypto::secret_key generate_multisig_view_secret_key(const crypto::secret_key &skey, const std::vector &skeys); - crypto::public_key generate_multisig_N1_N_spend_public_key(const std::vector &pkeys); + /** + * @brief generate_multisig_M_N_spend_public_key calculates multisig wallet's spend public key by summing all of public multisig keys + * @param pkeys unique public multisig keys + * @return multisig wallet's spend public key + */ + crypto::public_key generate_multisig_M_N_spend_public_key(const std::vector &pkeys); bool generate_multisig_key_image(const account_keys &keys, size_t multisig_key_index, const crypto::public_key& out_key, crypto::key_image& ki); void generate_multisig_LR(const crypto::public_key pkey, const crypto::secret_key &k, crypto::public_key &L, crypto::public_key &R); bool generate_multisig_composite_key_image(const account_keys &keys, const std::unordered_map& subaddresses, const crypto::public_key& out_key, const crypto::public_key &tx_public_key, const std::vector& additional_tx_public_keys, size_t real_output_index, const std::vector &pkis, crypto::key_image &ki); + uint32_t multisig_rounds_required(uint32_t participants, uint32_t threshold); } diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 3112280c9..4ec7e3eb4 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -924,7 +924,7 @@ bool simple_wallet::make_multisig(const std::vector &args) { success_msg_writer() << tr("Another step is needed"); success_msg_writer() << multisig_extra_info; - success_msg_writer() << tr("Send this multisig info to all other participants, then use finalize_multisig [...] with others' multisig info"); + success_msg_writer() << tr("Send this multisig info to all other participants, then use exchange_multisig_keys [...] with others' multisig info"); return true; } } @@ -998,6 +998,61 @@ bool simple_wallet::finalize_multisig(const std::vector &args) return true; } +bool simple_wallet::exchange_multisig_keys(const std::vector &args) { + bool ready; + if (m_wallet->key_on_device()) + { + fail_msg_writer() << tr("command not supported by HW wallet"); + return true; + } + if (!m_wallet->multisig(&ready)) + { + fail_msg_writer() << tr("This wallet is not multisig"); + return true; + } + if (ready) + { + fail_msg_writer() << tr("This wallet is already finalized"); + return true; + } + + const auto orig_pwd_container = get_and_verify_password(); + if(orig_pwd_container == boost::none) + { + fail_msg_writer() << tr("Your original password was incorrect."); + return true; + } + + if (args.size() < 2) + { + fail_msg_writer() << tr("usage: exchange_multisig_keys [...]"); + return true; + } + + try + { + std::string multisig_extra_info = m_wallet->exchange_multisig_keys(orig_pwd_container->password(), args); + if (!multisig_extra_info.empty()) + { + message_writer() << tr("Another step is needed"); + message_writer() << multisig_extra_info; + message_writer() << tr("Send this multisig info to all other participants, then use exchange_multisig_keys [...] with others' multisig info"); + return true; + } else { + uint32_t threshold, total; + m_wallet->multisig(NULL, &threshold, &total); + success_msg_writer() << tr("Multisig wallet has been successfully created. Current wallet type: ") << threshold << "/" << total; + } + } + catch (const std::exception &e) + { + fail_msg_writer() << tr("Failed to perform multisig keys exchange: ") << e.what(); + return true; + } + + return true; +} + bool simple_wallet::export_multisig(const std::vector &args) { bool ready; @@ -2508,6 +2563,10 @@ simple_wallet::simple_wallet() boost::bind(&simple_wallet::finalize_multisig, this, _1), tr("finalize_multisig [...]"), tr("Turn this wallet into a multisig wallet, extra step for N-1/N wallets")); + m_cmd_binder.set_handler("exchange_multisig_keys", + boost::bind(&simple_wallet::exchange_multisig_keys, this, _1), + tr("exchange_multisig_keys [...]"), + tr("Performs extra multisig keys exchange rounds. Needed for arbitrary M/N multisig wallets")); m_cmd_binder.set_handler("export_multisig_info", boost::bind(&simple_wallet::export_multisig, this, _1), tr("export_multisig_info "), diff --git a/src/simplewallet/simplewallet.h b/src/simplewallet/simplewallet.h index 2d23d6248..39b715b73 100644 --- a/src/simplewallet/simplewallet.h +++ b/src/simplewallet/simplewallet.h @@ -210,6 +210,7 @@ namespace cryptonote bool prepare_multisig(const std::vector& args); bool make_multisig(const std::vector& args); bool finalize_multisig(const std::vector &args); + bool exchange_multisig_keys(const std::vector &args); bool export_multisig(const std::vector& args); bool import_multisig(const std::vector& args); bool accept_loaded_tx(const tools::wallet2::multisig_tx_set &txs); diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp index 58a6db689..de1bfdae1 100644 --- a/src/wallet/api/wallet.cpp +++ b/src/wallet/api/wallet.cpp @@ -1188,6 +1188,20 @@ string WalletImpl::makeMultisig(const vector& info, uint32_t threshold) return string(); } +std::string WalletImpl::exchangeMultisigKeys(const std::vector &info) { + try { + clearStatus(); + checkMultisigWalletNotReady(m_wallet); + + return m_wallet->exchange_multisig_keys(epee::wipeable_string(m_password), info); + } catch (const exception& e) { + LOG_ERROR("Error on exchanging multisig keys: ") << e.what(); + setStatusError(string(tr("Failed to make multisig: ")) + e.what()); + } + + return string(); +} + bool WalletImpl::finalizeMultisig(const vector& extraMultisigInfo) { try { clearStatus(); diff --git a/src/wallet/api/wallet.h b/src/wallet/api/wallet.h index 8e2af347d..6d343888b 100644 --- a/src/wallet/api/wallet.h +++ b/src/wallet/api/wallet.h @@ -137,6 +137,7 @@ public: MultisigState multisig() const override; std::string getMultisigInfo() const override; std::string makeMultisig(const std::vector& info, uint32_t threshold) override; + std::string exchangeMultisigKeys(const std::vector &info) override; bool finalizeMultisig(const std::vector& extraMultisigInfo) override; bool exportMultisigImages(std::string& images) override; size_t importMultisigImages(const std::vector& images) override; diff --git a/src/wallet/api/wallet2_api.h b/src/wallet/api/wallet2_api.h index 68ea26262..ec1a84877 100644 --- a/src/wallet/api/wallet2_api.h +++ b/src/wallet/api/wallet2_api.h @@ -706,6 +706,12 @@ struct Wallet * @return in case of N / N wallets returns empty string since no more key exchanges needed. For N - 1 / N wallets returns base58 encoded extra multisig info */ virtual std::string makeMultisig(const std::vector& info, uint32_t threshold) = 0; + /** + * @brief exchange_multisig_keys - provides additional key exchange round for arbitrary multisig schemes (like N-1/N, M/N) + * @param info - base58 encoded key derivations returned by makeMultisig or exchangeMultisigKeys function call + * @return new info string if more rounds required or an empty string if wallet creation is done + */ + virtual std::string exchangeMultisigKeys(const std::vector &info) = 0; /** * @brief finalizeMultisig - finalizes N - 1 / N multisig wallets creation * @param extraMultisigInfo - wallet participants' extra multisig info obtained with makeMultisig call diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 303e2fb5f..7871fe99c 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -122,6 +122,7 @@ using namespace cryptonote; #define FIRST_REFRESH_GRANULARITY 1024 static const std::string MULTISIG_SIGNATURE_MAGIC = "SigMultisigPkV1"; +static const std::string MULTISIG_EXTRA_INFO_MAGIC = "MultisigxV1"; namespace { @@ -133,6 +134,42 @@ namespace dir /= ".shared-ringdb"; return dir.string(); } + + std::string pack_multisignature_keys(const std::string& prefix, const std::vector& keys, const crypto::secret_key& signer_secret_key) + { + std::string data; + crypto::public_key signer; + CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(signer_secret_key, signer), "Failed to derive public spend key"); + data += std::string((const char *)&signer, sizeof(crypto::public_key)); + + for (const auto &key: keys) + { + data += std::string((const char *)&key, sizeof(crypto::public_key)); + } + + data.resize(data.size() + sizeof(crypto::signature)); + + crypto::hash hash; + crypto::cn_fast_hash(data.data(), data.size() - sizeof(crypto::signature), hash); + crypto::signature &signature = *(crypto::signature*)&data[data.size() - sizeof(crypto::signature)]; + crypto::generate_signature(hash, signer, signer_secret_key, signature); + + return MULTISIG_EXTRA_INFO_MAGIC + tools::base58::encode(data); + } + + std::vector secret_keys_to_public_keys(const std::vector& keys) + { + std::vector public_keys; + public_keys.reserve(keys.size()); + + std::transform(keys.begin(), keys.end(), std::back_inserter(public_keys), [] (const crypto::secret_key& k) -> crypto::public_key { + crypto::public_key p; + CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(k, p), "Failed to derive public spend key"); + return p; + }); + + return public_keys; + } } namespace @@ -776,6 +813,7 @@ wallet2::wallet2(network_type nettype, uint64_t kdf_rounds, bool unattended): m_callback(0), m_trusted_daemon(false), m_nettype(nettype), + m_multisig_rounds_passed(0), m_always_confirm_transfers(true), m_print_ring_members(false), m_store_tx_info(true), @@ -2918,6 +2956,7 @@ bool wallet2::clear() m_address_book.clear(); m_subaddresses.clear(); m_subaddress_labels.clear(); + m_multisig_rounds_passed = 0; return true; } @@ -2932,6 +2971,7 @@ bool wallet2::store_keys(const std::string& keys_file_name, const epee::wipeable { std::string account_data; std::string multisig_signers; + std::string multisig_derivations; cryptonote::account_base account = m_account; crypto::chacha_key key; @@ -2984,6 +3024,14 @@ bool wallet2::store_keys(const std::string& keys_file_name, const epee::wipeable CHECK_AND_ASSERT_MES(r, false, "failed to serialize wallet multisig signers"); value.SetString(multisig_signers.c_str(), multisig_signers.length()); json.AddMember("multisig_signers", value, json.GetAllocator()); + + r = ::serialization::dump_binary(m_multisig_derivations, multisig_derivations); + CHECK_AND_ASSERT_MES(r, false, "failed to serialize wallet multisig derivations"); + value.SetString(multisig_derivations.c_str(), multisig_derivations.length()); + json.AddMember("multisig_derivations", value, json.GetAllocator()); + + value2.SetUint(m_multisig_rounds_passed); + json.AddMember("multisig_rounds_passed", value2, json.GetAllocator()); } value2.SetInt(m_always_confirm_transfers ? 1 :0); @@ -3156,6 +3204,8 @@ bool wallet2::load_keys(const std::string& keys_file_name, const epee::wipeable_ m_multisig = false; m_multisig_threshold = 0; m_multisig_signers.clear(); + m_multisig_rounds_passed = 0; + m_multisig_derivations.clear(); m_always_confirm_transfers = false; m_print_ring_members = false; m_default_mixin = 0; @@ -3214,6 +3264,8 @@ bool wallet2::load_keys(const std::string& keys_file_name, const epee::wipeable_ m_multisig = field_multisig; GET_FIELD_FROM_JSON_RETURN_ON_ERROR(json, multisig_threshold, unsigned int, Uint, m_multisig, 0); m_multisig_threshold = field_multisig_threshold; + GET_FIELD_FROM_JSON_RETURN_ON_ERROR(json, multisig_rounds_passed, unsigned int, Uint, false, 0); + m_multisig_rounds_passed = field_multisig_rounds_passed; if (m_multisig) { if (!json.HasMember("multisig_signers")) @@ -3234,6 +3286,24 @@ bool wallet2::load_keys(const std::string& keys_file_name, const epee::wipeable_ LOG_ERROR("Field multisig_signers found in JSON, but failed to parse"); return false; } + + //previous version of multisig does not have this field + if (json.HasMember("multisig_derivations")) + { + if (!json["multisig_derivations"].IsString()) + { + LOG_ERROR("Field multisig_derivations found in JSON, but not String"); + return false; + } + const char *field_multisig_derivations = json["multisig_derivations"].GetString(); + std::string multisig_derivations = std::string(field_multisig_derivations, field_multisig_derivations + json["multisig_derivations"].GetStringLength()); + r = ::serialization::parse_binary(multisig_derivations, m_multisig_derivations); + if (!r) + { + LOG_ERROR("Field multisig_derivations found in JSON, but failed to parse"); + return false; + } + } } GET_FIELD_FROM_JSON_RETURN_ON_ERROR(json, always_confirm_transfers, int, Int, false, true); m_always_confirm_transfers = field_always_confirm_transfers; @@ -3869,12 +3939,12 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, CHECK_AND_ASSERT_THROW_MES(!view_keys.empty(), "empty view keys"); CHECK_AND_ASSERT_THROW_MES(view_keys.size() == spend_keys.size(), "Mismatched view/spend key sizes"); CHECK_AND_ASSERT_THROW_MES(threshold > 1 && threshold <= spend_keys.size() + 1, "Invalid threshold"); - CHECK_AND_ASSERT_THROW_MES(threshold == spend_keys.size() || threshold == spend_keys.size() + 1, "Unsupported threshold case"); std::string extra_multisig_info; - crypto::hash hash; - - clear(); + std::vector multisig_keys; + rct::key spend_pkey = rct::identity(); + rct::key spend_skey; + std::vector multisig_signers; // decrypt keys epee::misc_utils::auto_scope_leave_caller keys_reencryptor; @@ -3887,43 +3957,78 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, keys_reencryptor = epee::misc_utils::create_scope_leave_handler([&, this, chacha_key]() { m_account.encrypt_keys(chacha_key); m_account.decrypt_viewkey(chacha_key); }); } - MINFO("Creating spend key..."); - std::vector multisig_keys; - rct::key spend_pkey, spend_skey; + // In common multisig scheme there are 4 types of key exchange rounds: + // 1. First round is exchange of view secret keys and public spend keys. + // 2. Middle round is exchange of derivations: Ki = b * Mj, where b - spend secret key, + // M - public multisig key (in first round it equals to public spend key), K - new public multisig key. + // 3. Secret spend establishment round sets your secret multisig keys as follows: kl = H(Ml), where M - is *your* public multisig key, + // k - secret multisig key used to sign transactions. k and M are sets of keys, of course. + // And secret spend key as the sum of all participant's secret multisig keys + // 4. Last round establishes multisig wallet's public spend key. Participants exchange their public multisig keys + // and calculate common spend public key as sum of all unique participants' public multisig keys. + // Note that N/N scheme has only first round. N-1/N has 2 rounds: first and last. Common M/N has all 4 rounds. + + // IMPORTANT: wallet's public spend key is not equal to secret_spend_key * G! + // Wallet's public spend key is the sum of unique public multisig keys of all participants. + // secret_spend_key * G = public signer key + if (threshold == spend_keys.size() + 1) { + // In N / N case we only need to do one round and calculate secret multisig keys and new secret spend key + MINFO("Creating spend key..."); + + // Calculates all multisig keys and spend key cryptonote::generate_multisig_N_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey); - } - else if (threshold == spend_keys.size()) - { - cryptonote::generate_multisig_N1_N(get_account().get_keys(), spend_keys, multisig_keys, spend_skey, spend_pkey); - // We need an extra step, so we package all the composite public keys - // we know about, and make a signed string out of them - std::string data; - crypto::public_key signer; - CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(rct::rct2sk(spend_skey), signer), "Failed to derive public spend key"); - data += std::string((const char *)&signer, sizeof(crypto::public_key)); - - for (const auto &msk: multisig_keys) - { - rct::key pmsk = rct::scalarmultBase(rct::sk2rct(msk)); - data += std::string((const char *)&pmsk, sizeof(crypto::public_key)); - } - - data.resize(data.size() + sizeof(crypto::signature)); - crypto::cn_fast_hash(data.data(), data.size() - sizeof(signature), hash); - crypto::signature &signature = *(crypto::signature*)&data[data.size() - sizeof(crypto::signature)]; - crypto::generate_signature(hash, signer, rct::rct2sk(spend_skey), signature); - - extra_multisig_info = std::string("MultisigxV1") + tools::base58::encode(data); + // Our signer key is b * G, where b is secret spend key. + multisig_signers = spend_keys; + multisig_signers.push_back(get_multisig_signer_public_key(get_account().get_keys().m_spend_secret_key)); } else { - CHECK_AND_ASSERT_THROW_MES(false, "Unsupported threshold case"); + // We just got public spend keys of all participants and deriving multisig keys (set of Mi = b * Bi). + // note that derivations are public keys as DH exchange suppose it to be + auto derivations = cryptonote::generate_multisig_derivations(get_account().get_keys(), spend_keys); + + spend_pkey = rct::identity(); + multisig_signers = std::vector(spend_keys.size() + 1, crypto::null_pkey); + + if (threshold == spend_keys.size()) + { + // N - 1 / N case + + // We need an extra step, so we package all the composite public keys + // we know about, and make a signed string out of them + MINFO("Creating spend key..."); + + // Calculating set of our secret multisig keys as follows: mi = H(Mi), + // where mi - secret multisig key, Mi - others' participants public multisig key + multisig_keys = cryptonote::calculate_multisig_keys(derivations); + + // calculating current participant's spend secret key as sum of all secret multisig keys for current participant. + // IMPORTANT: participant's secret spend key is not an entire wallet's secret spend! + // Entire wallet's secret spend is sum of all unique secret multisig keys + // among all of participants and is not held by anyone! + spend_skey = rct::sk2rct(cryptonote::calculate_multisig_signer_key(multisig_keys)); + + // Preparing data for the last round to calculate common public spend key. The data contains public multisig keys. + extra_multisig_info = pack_multisignature_keys(MULTISIG_EXTRA_INFO_MAGIC, secret_keys_to_public_keys(multisig_keys), rct::rct2sk(spend_skey)); + } + else + { + // M / N case + MINFO("Preparing keys for next exchange round..."); + + // Preparing data for middle round - packing new public multisig keys to exchage with others. + extra_multisig_info = pack_multisignature_keys(MULTISIG_EXTRA_INFO_MAGIC, derivations, m_account.get_keys().m_spend_secret_key); + spend_skey = rct::sk2rct(m_account.get_keys().m_spend_secret_key); + + // Need to store middle keys to be able to proceed in case of wallet shutdown. + m_multisig_derivations = derivations; + } } - // the multisig view key is shared by all, make one all can derive + clear(); MINFO("Creating view key..."); crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(get_account().get_keys().m_view_secret_key, view_keys); @@ -3935,18 +4040,10 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, m_account_public_address = m_account.get_keys().m_account_address; m_watch_only = false; m_multisig = true; - m_multisig_threshold = threshold; m_key_device_type = hw::device::device_type::SOFTWARE; - - if (threshold == spend_keys.size() + 1) - { - m_multisig_signers = spend_keys; - m_multisig_signers.push_back(get_multisig_signer_public_key()); - } - else - { - m_multisig_signers = std::vector(spend_keys.size() + 1, crypto::null_pkey); - } + m_multisig_threshold = threshold; + m_multisig_signers = multisig_signers; + ++m_multisig_rounds_passed; // re-encrypt keys keys_reencryptor = epee::misc_utils::auto_scope_leave_caller(); @@ -3961,13 +4058,147 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, return extra_multisig_info; } -std::string wallet2::make_multisig(const epee::wipeable_string &password, - const std::vector &info, - uint32_t threshold) +std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &password, + const std::vector &info) +{ + THROW_WALLET_EXCEPTION_IF(info.empty(), + error::wallet_internal_error, "Empty multisig info"); + + if (info[0].substr(0, MULTISIG_EXTRA_INFO_MAGIC.size()) != MULTISIG_EXTRA_INFO_MAGIC) + { + THROW_WALLET_EXCEPTION_IF(false, + error::wallet_internal_error, "Unsupported info string"); + } + + std::vector signers; + std::unordered_set pkeys; + + THROW_WALLET_EXCEPTION_IF(!unpack_extra_multisig_info(info, signers, pkeys), + error::wallet_internal_error, "Bad extra multisig info"); + + return exchange_multisig_keys(password, pkeys, signers); +} + +std::string wallet2::exchange_multisig_keys(const epee::wipeable_string &password, + std::unordered_set derivations, + std::vector signers) +{ + CHECK_AND_ASSERT_THROW_MES(!derivations.empty(), "empty pkeys"); + CHECK_AND_ASSERT_THROW_MES(!signers.empty(), "empty signers"); + + bool ready = false; + CHECK_AND_ASSERT_THROW_MES(multisig(&ready), "The wallet is not multisig"); + CHECK_AND_ASSERT_THROW_MES(!ready, "Multisig wallet creation process has already been finished"); + + // keys are decrypted + epee::misc_utils::auto_scope_leave_caller keys_reencryptor; + if (m_ask_password == AskPasswordToDecrypt && !m_unattended && !m_watch_only) + { + crypto::chacha_key chacha_key; + crypto::generate_chacha_key(password.data(), password.size(), chacha_key, m_kdf_rounds); + m_account.encrypt_viewkey(chacha_key); + m_account.decrypt_keys(chacha_key); + keys_reencryptor = epee::misc_utils::create_scope_leave_handler([&, this, chacha_key]() { m_account.encrypt_keys(chacha_key); m_account.decrypt_viewkey(chacha_key); }); + } + + if (m_multisig_rounds_passed == multisig_rounds_required(m_multisig_signers.size(), m_multisig_threshold) - 1) + { + // the last round is passed and we have to calculate spend public key + // add ours if not included + crypto::public_key local_signer = get_multisig_signer_public_key(); + + if (std::find(signers.begin(), signers.end(), local_signer) == signers.end()) + { + signers.push_back(local_signer); + for (const auto &msk: get_account().get_multisig_keys()) + { + derivations.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(msk)))); + } + } + + CHECK_AND_ASSERT_THROW_MES(signers.size() == m_multisig_signers.size(), "Bad signers size"); + + // Summing all of unique public multisig keys to calculate common public spend key + crypto::public_key spend_public_key = cryptonote::generate_multisig_M_N_spend_public_key(std::vector(derivations.begin(), derivations.end())); + m_account_public_address.m_spend_public_key = spend_public_key; + m_account.finalize_multisig(spend_public_key); + + m_multisig_signers = signers; + std::sort(m_multisig_signers.begin(), m_multisig_signers.end(), [](const crypto::public_key &e0, const crypto::public_key &e1){ return memcmp(&e0, &e1, sizeof(e0)); }); + + ++m_multisig_rounds_passed; + m_multisig_derivations.clear(); + + // keys are encrypted again + keys_reencryptor = epee::misc_utils::auto_scope_leave_caller(); + + if (!m_wallet_file.empty()) + { + bool r = store_keys(m_keys_file, password, false); + THROW_WALLET_EXCEPTION_IF(!r, error::file_save_error, m_keys_file); + + if (boost::filesystem::exists(m_wallet_file + ".address.txt")) + { + r = file_io_utils::save_string_to_file(m_wallet_file + ".address.txt", m_account.get_public_address_str(m_nettype)); + if(!r) MERROR("String with address text not saved"); + } + } + + m_subaddresses.clear(); + m_subaddress_labels.clear(); + add_subaddress_account(tr("Primary account")); + + if (!m_wallet_file.empty()) + store(); + + return {}; + } + + // Below are either middle or secret spend key establishment rounds + + for (const auto& key: m_multisig_derivations) + derivations.erase(key); + + // Deriving multisig keys (set of Mi = b * Bi) according to DH from other participants' multisig keys. + auto new_derivations = cryptonote::generate_multisig_derivations(get_account().get_keys(), std::vector(derivations.begin(), derivations.end())); + + std::string extra_multisig_info; + if (m_multisig_rounds_passed == multisig_rounds_required(m_multisig_signers.size(), m_multisig_threshold) - 2) // next round is last + { + // Next round is last therefore we are performing secret spend establishment round as described above. + MINFO("Creating spend key..."); + + // Calculating our secret multisig keys by hashing our public multisig keys. + auto multisig_keys = cryptonote::calculate_multisig_keys(std::vector(new_derivations.begin(), new_derivations.end())); + // And summing it to get personal secret spend key + crypto::secret_key spend_skey = cryptonote::calculate_multisig_signer_key(multisig_keys); + + m_account.make_multisig(m_account.get_keys().m_view_secret_key, spend_skey, rct::rct2pk(rct::identity()), multisig_keys); + + // Packing public multisig keys to exchange with others and calculate common public spend key in the last round + extra_multisig_info = pack_multisignature_keys(MULTISIG_EXTRA_INFO_MAGIC, secret_keys_to_public_keys(multisig_keys), spend_skey); + } + else + { + // This is just middle round + MINFO("Preparing keys for next exchange round..."); + extra_multisig_info = pack_multisignature_keys(MULTISIG_EXTRA_INFO_MAGIC, new_derivations, m_account.get_keys().m_spend_secret_key); + m_multisig_derivations = new_derivations; + } + + ++m_multisig_rounds_passed; + + create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); + return extra_multisig_info; +} + +void wallet2::unpack_multisig_info(const std::vector& info, + std::vector &public_keys, + std::vector &secret_keys) const { // parse all multisig info - std::vector secret_keys(info.size()); - std::vector public_keys(info.size()); + public_keys.resize(info.size()); + secret_keys.resize(info.size()); for (size_t i = 0; i < info.size(); ++i) { THROW_WALLET_EXCEPTION_IF(!verify_multisig_info(info[i], secret_keys[i], public_keys[i]), @@ -4011,75 +4242,51 @@ std::string wallet2::make_multisig(const epee::wipeable_string &password, "Found local spend public key, but not local view secret key - something very weird"); } } +} +std::string wallet2::make_multisig(const epee::wipeable_string &password, + const std::vector &info, + uint32_t threshold) +{ + std::vector secret_keys(info.size()); + std::vector public_keys(info.size()); + unpack_multisig_info(info, public_keys, secret_keys); return make_multisig(password, secret_keys, public_keys, threshold); } bool wallet2::finalize_multisig(const epee::wipeable_string &password, std::unordered_set pkeys, std::vector signers) { - CHECK_AND_ASSERT_THROW_MES(!pkeys.empty(), "empty pkeys"); + exchange_multisig_keys(password, pkeys, signers); + return true; +} - // keys are decrypted - epee::misc_utils::auto_scope_leave_caller keys_reencryptor; - if (m_ask_password == AskPasswordToDecrypt && !m_unattended && !m_watch_only) +bool wallet2::unpack_extra_multisig_info(const std::vector& info, + std::vector &signers, + std::unordered_set &pkeys) const +{ + // parse all multisig info + signers.resize(info.size(), crypto::null_pkey); + for (size_t i = 0; i < info.size(); ++i) { - crypto::chacha_key chacha_key; - crypto::generate_chacha_key(password.data(), password.size(), chacha_key, m_kdf_rounds); - m_account.encrypt_viewkey(chacha_key); - m_account.decrypt_keys(chacha_key); - keys_reencryptor = epee::misc_utils::create_scope_leave_handler([&, this, chacha_key]() { m_account.encrypt_keys(chacha_key); m_account.decrypt_viewkey(chacha_key); }); + if (!verify_extra_multisig_info(info[i], pkeys, signers[i])) + { + return false; + } } - // add ours if not included - crypto::public_key local_signer; - CHECK_AND_ASSERT_THROW_MES(crypto::secret_key_to_public_key(get_account().get_keys().m_spend_secret_key, local_signer), - "Failed to derive public spend key"); - if (std::find(signers.begin(), signers.end(), local_signer) == signers.end()) - { - signers.push_back(local_signer); - for (const auto &msk: get_account().get_multisig_keys()) - { - pkeys.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(msk)))); - } - } - - CHECK_AND_ASSERT_THROW_MES(signers.size() == m_multisig_signers.size(), "Bad signers size"); - - crypto::public_key spend_public_key = cryptonote::generate_multisig_N1_N_spend_public_key(std::vector(pkeys.begin(), pkeys.end())); - m_account_public_address.m_spend_public_key = spend_public_key; - m_account.finalize_multisig(spend_public_key); - - m_multisig_signers = signers; - std::sort(m_multisig_signers.begin(), m_multisig_signers.end(), [](const crypto::public_key &e0, const crypto::public_key &e1){ return memcmp(&e0, &e1, sizeof(e0)); }); - - // keys are encrypted again - keys_reencryptor = epee::misc_utils::auto_scope_leave_caller(); - - create_keys_file(m_wallet_file, false, password, boost::filesystem::exists(m_wallet_file + ".address.txt")); - - m_subaddresses.clear(); - m_subaddress_labels.clear(); - add_subaddress_account(tr("Primary account")); - - if (!m_wallet_file.empty()) - store(); - return true; } bool wallet2::finalize_multisig(const epee::wipeable_string &password, const std::vector &info) { - // parse all multisig info std::unordered_set public_keys; - std::vector signers(info.size(), crypto::null_pkey); - for (size_t i = 0; i < info.size(); ++i) + std::vector signers; + if (!unpack_extra_multisig_info(info, signers, public_keys)) { - if (!verify_extra_multisig_info(info[i], public_keys, signers[i])) - { - MERROR("Bad multisig info"); - return false; - } + MERROR("Bad multisig info"); + return false; } + return finalize_multisig(password, public_keys, signers); } @@ -4142,14 +4349,13 @@ bool wallet2::verify_multisig_info(const std::string &data, crypto::secret_key & bool wallet2::verify_extra_multisig_info(const std::string &data, std::unordered_set &pkeys, crypto::public_key &signer) { - const size_t header_len = strlen("MultisigxV1"); - if (data.size() < header_len || data.substr(0, header_len) != "MultisigxV1") + if (data.size() < MULTISIG_EXTRA_INFO_MAGIC.size() || data.substr(0, MULTISIG_EXTRA_INFO_MAGIC.size()) != MULTISIG_EXTRA_INFO_MAGIC) { MERROR("Multisig info header check error"); return false; } std::string decoded; - if (!tools::base58::decode(data.substr(header_len), decoded)) + if (!tools::base58::decode(data.substr(MULTISIG_EXTRA_INFO_MAGIC.size()), decoded)) { MERROR("Multisig info decoding error"); return false; diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 7857f36f1..680196f01 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -574,6 +574,14 @@ namespace tools const std::vector &view_keys, const std::vector &spend_keys, uint32_t threshold); + std::string exchange_multisig_keys(const epee::wipeable_string &password, + const std::vector &info); + /*! + * \brief Any but first round of keys exchange + */ + std::string exchange_multisig_keys(const epee::wipeable_string &password, + std::unordered_set pkeys, + std::vector signers); /*! * \brief Finalizes creation of a multisig wallet */ @@ -1248,6 +1256,12 @@ namespace tools bool get_rct_distribution(uint64_t &start_height, std::vector &distribution); uint64_t get_segregation_fork_height() const; + void unpack_multisig_info(const std::vector& info, + std::vector &public_keys, + std::vector &secret_keys) const; + bool unpack_extra_multisig_info(const std::vector& info, + std::vector &signers, + std::unordered_set &pkeys) const; void cache_tx_data(const cryptonote::transaction& tx, const crypto::hash &txid, tx_cache_data &tx_cache_data) const; @@ -1298,6 +1312,9 @@ namespace tools bool m_multisig; /*!< if > 1 spend secret key will not match spend public key */ uint32_t m_multisig_threshold; std::vector m_multisig_signers; + //in case of general M/N multisig wallet we should perform N - M + 1 key exchange rounds and remember how many rounds are passed. + uint32_t m_multisig_rounds_passed; + std::vector m_multisig_derivations; bool m_always_confirm_transfers; bool m_print_ring_members; bool m_store_tx_info; /*!< request txkey to be returned in RPC, and store in the wallet cache file */ diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 2b5ef3157..e0b631aaf 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -3125,7 +3125,7 @@ namespace tools return false; } - if (req.multisig_info.size() < threshold - 1) + if (req.multisig_info.size() < 1 || req.multisig_info.size() > total) { er.code = WALLET_RPC_ERROR_CODE_THRESHOLD_NOT_REACHED; er.message = "Needs multisig info from more participants"; @@ -3152,6 +3152,55 @@ namespace tools return true; } //------------------------------------------------------------------------------------------------------------------------------ + bool wallet_rpc_server::on_exchange_multisig_keys(const wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::request& req, wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::response& res, epee::json_rpc::error& er) + { + if (!m_wallet) return not_open(er); + if (m_restricted) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + bool ready; + uint32_t threshold, total; + if (!m_wallet->multisig(&ready, &threshold, &total)) + { + er.code = WALLET_RPC_ERROR_CODE_NOT_MULTISIG; + er.message = "This wallet is not multisig"; + return false; + } + + if (ready) + { + er.code = WALLET_RPC_ERROR_CODE_ALREADY_MULTISIG; + er.message = "This wallet is multisig, and already finalized"; + return false; + } + + if (req.multisig_info.size() < 1 || req.multisig_info.size() > total) + { + er.code = WALLET_RPC_ERROR_CODE_THRESHOLD_NOT_REACHED; + er.message = "Needs multisig info from more participants"; + return false; + } + + try + { + res.multisig_info = m_wallet->exchange_multisig_keys(req.password, req.multisig_info); + if (res.multisig_info.empty()) + { + res.address = m_wallet->get_account().get_public_address_str(m_wallet->nettype()); + } + } + catch (const std::exception &e) + { + er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR; + er.message = std::string("Error calling exchange_multisig_info: ") + e.what(); + return false; + } + return true; + } + //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er) { if (!m_wallet) return not_open(er); diff --git a/src/wallet/wallet_rpc_server.h b/src/wallet/wallet_rpc_server.h index ab7917a78..ab896aa3b 100644 --- a/src/wallet/wallet_rpc_server.h +++ b/src/wallet/wallet_rpc_server.h @@ -141,6 +141,7 @@ namespace tools MAP_JON_RPC_WE("export_multisig_info", on_export_multisig, wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG) MAP_JON_RPC_WE("import_multisig_info", on_import_multisig, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG) MAP_JON_RPC_WE("finalize_multisig", on_finalize_multisig, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG) + MAP_JON_RPC_WE("exchange_multisig_keys", on_exchange_multisig_keys, wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS) MAP_JON_RPC_WE("sign_multisig", on_sign_multisig, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG) MAP_JON_RPC_WE("submit_multisig", on_submit_multisig, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG) MAP_JON_RPC_WE("get_version", on_get_version, wallet_rpc::COMMAND_RPC_GET_VERSION) @@ -218,6 +219,7 @@ namespace tools bool on_export_multisig(const wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::response& res, epee::json_rpc::error& er); bool on_import_multisig(const wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::response& res, epee::json_rpc::error& er); bool on_finalize_multisig(const wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::response& res, epee::json_rpc::error& er); + bool on_exchange_multisig_keys(const wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::request& req, wallet_rpc::COMMAND_RPC_EXCHANGE_MULTISIG_KEYS::response& res, epee::json_rpc::error& er); bool on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er); bool on_submit_multisig(const wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::response& res, epee::json_rpc::error& er); bool on_get_version(const wallet_rpc::COMMAND_RPC_GET_VERSION::request& req, wallet_rpc::COMMAND_RPC_GET_VERSION::response& res, epee::json_rpc::error& er); diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h index e46745339..2377b69e3 100644 --- a/src/wallet/wallet_rpc_server_commands_defs.h +++ b/src/wallet/wallet_rpc_server_commands_defs.h @@ -1990,6 +1990,31 @@ namespace wallet_rpc }; }; + struct COMMAND_RPC_EXCHANGE_MULTISIG_KEYS + { + struct request + { + std::string password; + std::vector multisig_info; + + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(password) + KV_SERIALIZE(multisig_info) + END_KV_SERIALIZE_MAP() + }; + + struct response + { + std::string address; + std::string multisig_info; + + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(address) + KV_SERIALIZE(multisig_info) + END_KV_SERIALIZE_MAP() + }; + }; + struct COMMAND_RPC_SIGN_MULTISIG { struct request diff --git a/tests/core_tests/chaingen.h b/tests/core_tests/chaingen.h index 34b205ae5..6b9277a30 100644 --- a/tests/core_tests/chaingen.h +++ b/tests/core_tests/chaingen.h @@ -544,6 +544,7 @@ inline bool do_replay_file(const std::string& filename) } return do_replay_events(events); } + //-------------------------------------------------------------------------- #define GENERATE_ACCOUNT(account) \ cryptonote::account_base account; \ @@ -556,47 +557,7 @@ inline bool do_replay_file(const std::string& filename) { \ for (size_t msidx = 0; msidx < total; ++msidx) \ account[msidx].generate(); \ - std::unordered_set all_multisig_keys; \ - std::vector> view_keys(total); \ - std::vector> spend_keys(total); \ - for (size_t msidx = 0; msidx < total; ++msidx) \ - { \ - for (size_t msidx_inner = 0; msidx_inner < total; ++msidx_inner) \ - { \ - if (msidx_inner != msidx) \ - { \ - crypto::secret_key vkh = cryptonote::get_multisig_blinded_secret_key(account[msidx_inner].get_keys().m_view_secret_key); \ - view_keys[msidx].push_back(vkh); \ - crypto::secret_key skh = cryptonote::get_multisig_blinded_secret_key(account[msidx_inner].get_keys().m_spend_secret_key); \ - crypto::public_key pskh; \ - crypto::secret_key_to_public_key(skh, pskh); \ - spend_keys[msidx].push_back(pskh); \ - } \ - } \ - } \ - for (size_t msidx = 0; msidx < total; ++msidx) \ - { \ - std::vector multisig_keys; \ - crypto::secret_key spend_skey; \ - crypto::public_key spend_pkey; \ - if (threshold == total) \ - cryptonote::generate_multisig_N_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \ - else \ - cryptonote::generate_multisig_N1_N(account[msidx].get_keys(), spend_keys[msidx], multisig_keys, (rct::key&)spend_skey, (rct::key&)spend_pkey); \ - crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(account[msidx].get_keys().m_view_secret_key, view_keys[msidx]); \ - account[msidx].make_multisig(view_skey, spend_skey, spend_pkey, multisig_keys); \ - for (const auto &k: multisig_keys) \ - all_multisig_keys.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k)))); \ - } \ - if (threshold < total) \ - { \ - std::vector spend_public_keys; \ - for (const auto &k: all_multisig_keys) \ - spend_public_keys.push_back(k); \ - crypto::public_key spend_pkey = cryptonote::generate_multisig_N1_N_spend_public_key(spend_public_keys); \ - for (size_t msidx = 0; msidx < total; ++msidx) \ - account[msidx].finalize_multisig(spend_pkey); \ - } \ + make_multisig_accounts(account, threshold); \ } while(0) #define MAKE_ACCOUNT(VEC_EVENTS, account) \ diff --git a/tests/core_tests/chaingen_main.cpp b/tests/core_tests/chaingen_main.cpp index abc412318..84254cfdb 100644 --- a/tests/core_tests/chaingen_main.cpp +++ b/tests/core_tests/chaingen_main.cpp @@ -223,6 +223,16 @@ int main(int argc, char* argv[]) GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1__no_threshold); GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_2_no_threshold); GENERATE_AND_PLAY(gen_multisig_tx_invalid_33_1_3_no_threshold); + GENERATE_AND_PLAY(gen_multisig_tx_valid_24_1_2); + GENERATE_AND_PLAY(gen_multisig_tx_valid_24_1_2_many_inputs); + GENERATE_AND_PLAY(gen_multisig_tx_valid_25_1_2); + GENERATE_AND_PLAY(gen_multisig_tx_valid_25_1_2_many_inputs); + GENERATE_AND_PLAY(gen_multisig_tx_valid_48_1_234); + GENERATE_AND_PLAY(gen_multisig_tx_valid_48_1_234_many_inputs); + GENERATE_AND_PLAY(gen_multisig_tx_valid_24_1_no_signers); + GENERATE_AND_PLAY(gen_multisig_tx_valid_25_1_no_signers); + GENERATE_AND_PLAY(gen_multisig_tx_valid_48_1_no_signers); + GENERATE_AND_PLAY(gen_multisig_tx_valid_48_1_23_no_threshold); GENERATE_AND_PLAY(gen_bp_tx_valid_1); GENERATE_AND_PLAY(gen_bp_tx_invalid_1_1); diff --git a/tests/core_tests/multisig.cpp b/tests/core_tests/multisig.cpp index 46cc0ff35..fe5feb942 100644 --- a/tests/core_tests/multisig.cpp +++ b/tests/core_tests/multisig.cpp @@ -41,6 +41,87 @@ using namespace cryptonote; //#define NO_MULTISIG +void make_multisig_accounts(std::vector& account, uint32_t threshold) +{ + std::vector all_view_keys; + std::vector> derivations(account.size()); + //storage for all set of multisig derivations and spend public key (in first round) + std::unordered_set exchanging_keys; + + for (size_t msidx = 0; msidx < account.size(); ++msidx) + { + crypto::secret_key vkh = cryptonote::get_multisig_blinded_secret_key(account[msidx].get_keys().m_view_secret_key); + all_view_keys.push_back(vkh); + + crypto::secret_key skh = cryptonote::get_multisig_blinded_secret_key(account[msidx].get_keys().m_spend_secret_key); + crypto::public_key pskh; + crypto::secret_key_to_public_key(skh, pskh); + + derivations[msidx].push_back(pskh); + exchanging_keys.insert(pskh); + } + + uint32_t roundsTotal = 1; + if (threshold < account.size()) + roundsTotal = account.size() - threshold; + + //secret multisig keys of every account + std::vector> multisig_keys(account.size()); + std::vector spend_skey(account.size()); + std::vector spend_pkey(account.size()); + for (uint32_t round = 0; round < roundsTotal; ++round) + { + std::unordered_set roundKeys; + for (size_t msidx = 0; msidx < account.size(); ++msidx) + { + // subtracting one's keys from set of all unique keys is the same as key exchange + auto myKeys = exchanging_keys; + for (const auto& d: derivations[msidx]) + myKeys.erase(d); + + if (threshold == account.size()) + { + cryptonote::generate_multisig_N_N(account[msidx].get_keys(), std::vector(myKeys.begin(), myKeys.end()), multisig_keys[msidx], (rct::key&)spend_skey[msidx], (rct::key&)spend_pkey[msidx]); + } + else + { + derivations[msidx] = cryptonote::generate_multisig_derivations(account[msidx].get_keys(), std::vector(myKeys.begin(), myKeys.end())); + roundKeys.insert(derivations[msidx].begin(), derivations[msidx].end()); + } + } + + exchanging_keys = roundKeys; + roundKeys.clear(); + } + + std::unordered_set all_multisig_keys; + for (size_t msidx = 0; msidx < account.size(); ++msidx) + { + std::unordered_set view_keys(all_view_keys.begin(), all_view_keys.end()); + view_keys.erase(all_view_keys[msidx]); + + crypto::secret_key view_skey = cryptonote::generate_multisig_view_secret_key(account[msidx].get_keys().m_view_secret_key, std::vector(view_keys.begin(), view_keys.end())); + if (threshold < account.size()) + { + multisig_keys[msidx] = cryptonote::calculate_multisig_keys(derivations[msidx]); + spend_skey[msidx] = cryptonote::calculate_multisig_signer_key(multisig_keys[msidx]); + } + account[msidx].make_multisig(view_skey, spend_skey[msidx], spend_pkey[msidx], multisig_keys[msidx]); + for (const auto &k: multisig_keys[msidx]) { + all_multisig_keys.insert(rct::rct2pk(rct::scalarmultBase(rct::sk2rct(k)))); + } + } + + if (threshold < account.size()) + { + std::vector public_keys(std::vector(all_multisig_keys.begin(), all_multisig_keys.end())); + crypto::public_key spend_pkey = cryptonote::generate_multisig_M_N_spend_public_key(public_keys); + + for (size_t msidx = 0; msidx < account.size(); ++msidx) + account[msidx].finalize_multisig(spend_pkey); + } +} + //---------------------------------------------------------------------------------------------------------------------- // Tests @@ -55,7 +136,6 @@ bool gen_multisig_tx_validation_base::generate_with(std::vector= 2, false, "Bad scheme"); CHECK_AND_ASSERT_MES(threshold <= total, false, "Bad scheme"); - CHECK_AND_ASSERT_MES(threshold >= total - 1, false, "Unsupported scheme"); #ifdef NO_MULTISIG CHECK_AND_ASSERT_MES(total <= 5, false, "Unsupported scheme"); #endif @@ -480,6 +560,48 @@ bool gen_multisig_tx_valid_89_3_1245789::generate(std::vector& return generate_with(events, 2, mixin, amount_paid, true, 8, 9, 3, {1, 2, 4, 5, 7, 8, 9}, NULL, NULL); } +bool gen_multisig_tx_valid_24_1_2::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, true, 2, 4, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_24_1_2_many_inputs::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 4, mixin, amount_paid, true, 2, 4, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_25_1_2::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, true, 2, 5, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_25_1_2_many_inputs::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 4, mixin, amount_paid, true, 2, 5, 1, {2}, NULL, NULL); +} + +bool gen_multisig_tx_valid_48_1_234::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, true, 4, 8, 1, {2, 3, 4}, NULL, NULL); +} + +bool gen_multisig_tx_valid_48_1_234_many_inputs::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 4, mixin, amount_paid, true, 4, 8, 1, {2, 3, 4}, NULL, NULL); +} + bool gen_multisig_tx_invalid_22_1__no_threshold::generate(std::vector& events) const { const size_t mixin = 4; @@ -521,3 +643,31 @@ bool gen_multisig_tx_invalid_45_5_23_no_threshold::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, false, 2, 4, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_valid_25_1_no_signers::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, false, 2, 5, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_valid_48_1_no_signers::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, false, 4, 8, 1, {}, NULL, NULL); +} + +bool gen_multisig_tx_valid_48_1_23_no_threshold::generate(std::vector& events) const +{ + const size_t mixin = 4; + const uint64_t amount_paid = 10000; + return generate_with(events, 2, mixin, amount_paid, false, 4, 8, 1, {2, 3}, NULL, NULL); +} diff --git a/tests/core_tests/multisig.h b/tests/core_tests/multisig.h index f0157a6d1..9e4cb3a23 100644 --- a/tests/core_tests/multisig.h +++ b/tests/core_tests/multisig.h @@ -161,6 +161,42 @@ struct gen_multisig_tx_valid_89_3_1245789: public gen_multisig_tx_validation_bas }; template<> struct get_test_options: public get_test_options {}; +struct gen_multisig_tx_valid_24_1_2: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_24_1_2_many_inputs: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_25_1_2: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_25_1_2_many_inputs: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_48_1_234: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_48_1_234_many_inputs: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + // invalid struct gen_multisig_tx_invalid_22_1__no_threshold: public gen_multisig_tx_validation_base { @@ -197,3 +233,27 @@ struct gen_multisig_tx_invalid_45_5_23_no_threshold: public gen_multisig_tx_vali bool generate(std::vector& events) const; }; template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_24_1_no_signers: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_25_1_no_signers: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_48_1_no_signers: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; + +struct gen_multisig_tx_valid_48_1_23_no_threshold: public gen_multisig_tx_validation_base +{ + bool generate(std::vector& events) const; +}; +template<> struct get_test_options: public get_test_options {}; diff --git a/tests/unit_tests/multisig.cpp b/tests/unit_tests/multisig.cpp index 83924c7af..7268f2690 100644 --- a/tests/unit_tests/multisig.cpp +++ b/tests/unit_tests/multisig.cpp @@ -49,9 +49,19 @@ static const struct { "9t6Hn946u3eah5cuncH1hB5hGzsTUoevtf4SY7MHN5NgJZh2SFWsyVt3vUhuHyRKyrCQvr71Lfc1AevG3BXE11PQFoXDtD8", "bbd3175ef9fd9f5eefdc43035f882f74ad14c4cf1799d8b6f9001bc197175d02" + }, + { + "9zmAWoNyNPbgnYSm3nJNpAKHm6fCcs3MR94gBWxp9MCDUiMUhyYFfyQETUDLPF7DP6ZsmNo6LRxwPP9VmhHNxKrER9oGigT", + "f2efae45bef1917a7430cda8fcffc4ee010e3178761aa41d4628e23b1fe2d501" + }, + { + "9ue8NJMg3WzKxTtmjeXzWYF5KmU6dC7LHEt9wvYdPn2qMmoFUa8hJJHhSHvJ46UEwpDyy5jSboNMRaDBKwU54NT42YcNUp5", + "a4cef54ed3fd61cd78a2ceb82ecf85a903ad2db9a86fb77ff56c35c56016280a" } }; +static const size_t KEYS_COUNT = 5; + static void make_wallet(unsigned int idx, tools::wallet2 &wallet) { ASSERT_TRUE(idx < sizeof(test_addresses) / sizeof(test_addresses[0])); @@ -76,126 +86,87 @@ static void make_wallet(unsigned int idx, tools::wallet2 &wallet) } } -static void make_M_2_wallet(tools::wallet2 &wallet0, tools::wallet2 &wallet1, unsigned int M) +static std::vector exchange_round(std::vector& wallets, const std::vector& mis) { - ASSERT_TRUE(M <= 2); - - make_wallet(0, wallet0); - make_wallet(1, wallet1); - - std::vector sk0(1), sk1(1); - std::vector pk0(1), pk1(1); - - wallet0.decrypt_keys(""); - std::string mi0 = wallet0.get_multisig_info(); - wallet0.encrypt_keys(""); - wallet1.decrypt_keys(""); - std::string mi1 = wallet1.get_multisig_info(); - wallet1.encrypt_keys(""); - - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi1, sk0[0], pk0[0])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi0, sk1[0], pk1[0])); - - ASSERT_FALSE(wallet0.multisig() || wallet1.multisig()); - wallet0.make_multisig("", sk0, pk0, M); - wallet1.make_multisig("", sk1, pk1, M); - - ASSERT_TRUE(wallet0.get_account().get_public_address_str(cryptonote::TESTNET) == wallet1.get_account().get_public_address_str(cryptonote::TESTNET)); - - bool ready; - uint32_t threshold, total; - ASSERT_TRUE(wallet0.multisig(&ready, &threshold, &total)); - ASSERT_TRUE(ready); - ASSERT_TRUE(threshold == M); - ASSERT_TRUE(total == 2); - ASSERT_TRUE(wallet1.multisig(&ready, &threshold, &total)); - ASSERT_TRUE(ready); - ASSERT_TRUE(threshold == M); - ASSERT_TRUE(total == 2); -} - -static void make_M_3_wallet(tools::wallet2 &wallet0, tools::wallet2 &wallet1, tools::wallet2 &wallet2, unsigned int M) -{ - ASSERT_TRUE(M <= 3); - - make_wallet(0, wallet0); - make_wallet(1, wallet1); - make_wallet(2, wallet2); - - std::vector sk0(2), sk1(2), sk2(2); - std::vector pk0(2), pk1(2), pk2(2); - - wallet0.decrypt_keys(""); - std::string mi0 = wallet0.get_multisig_info(); - wallet0.encrypt_keys(""); - wallet1.decrypt_keys(""); - std::string mi1 = wallet1.get_multisig_info(); - wallet1.encrypt_keys(""); - wallet2.decrypt_keys(""); - std::string mi2 = wallet2.get_multisig_info(); - wallet2.encrypt_keys(""); - - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi1, sk0[0], pk0[0])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi2, sk0[1], pk0[1])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi0, sk1[0], pk1[0])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi2, sk1[1], pk1[1])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi0, sk2[0], pk2[0])); - ASSERT_TRUE(tools::wallet2::verify_multisig_info(mi1, sk2[1], pk2[1])); - - ASSERT_FALSE(wallet0.multisig() || wallet1.multisig() || wallet2.multisig()); - std::string mxi0 = wallet0.make_multisig("", sk0, pk0, M); - std::string mxi1 = wallet1.make_multisig("", sk1, pk1, M); - std::string mxi2 = wallet2.make_multisig("", sk2, pk2, M); - - const size_t nset = !mxi0.empty() + !mxi1.empty() + !mxi2.empty(); - ASSERT_TRUE((M < 3 && nset == 3) || (M == 3 && nset == 0)); - - if (nset > 0) - { - std::unordered_set pkeys; - std::vector signers(3, crypto::null_pkey); - ASSERT_TRUE(tools::wallet2::verify_extra_multisig_info(mxi0, pkeys, signers[0])); - ASSERT_TRUE(tools::wallet2::verify_extra_multisig_info(mxi1, pkeys, signers[1])); - ASSERT_TRUE(tools::wallet2::verify_extra_multisig_info(mxi2, pkeys, signers[2])); - ASSERT_TRUE(pkeys.size() == 3); - ASSERT_TRUE(wallet0.finalize_multisig("", pkeys, signers)); - ASSERT_TRUE(wallet1.finalize_multisig("", pkeys, signers)); - ASSERT_TRUE(wallet2.finalize_multisig("", pkeys, signers)); + std::vector new_infos; + for (size_t i = 0; i < wallets.size(); ++i) { + new_infos.push_back(wallets[i].exchange_multisig_keys("", mis)); } - ASSERT_TRUE(wallet0.get_account().get_public_address_str(cryptonote::TESTNET) == wallet1.get_account().get_public_address_str(cryptonote::TESTNET)); - ASSERT_TRUE(wallet0.get_account().get_public_address_str(cryptonote::TESTNET) == wallet2.get_account().get_public_address_str(cryptonote::TESTNET)); + return new_infos; +} - bool ready; - uint32_t threshold, total; - ASSERT_TRUE(wallet0.multisig(&ready, &threshold, &total)); - ASSERT_TRUE(ready); - ASSERT_TRUE(threshold == M); - ASSERT_TRUE(total == 3); - ASSERT_TRUE(wallet1.multisig(&ready, &threshold, &total)); - ASSERT_TRUE(ready); - ASSERT_TRUE(threshold == M); - ASSERT_TRUE(total == 3); - ASSERT_TRUE(wallet2.multisig(&ready, &threshold, &total)); - ASSERT_TRUE(ready); - ASSERT_TRUE(threshold == M); - ASSERT_TRUE(total == 3); +static void make_wallets(std::vector& wallets, unsigned int M) +{ + ASSERT_TRUE(wallets.size() > 1 && wallets.size() <= KEYS_COUNT); + ASSERT_TRUE(M <= wallets.size()); + + std::vector mis(wallets.size()); + + for (size_t i = 0; i < wallets.size(); ++i) { + make_wallet(i, wallets[i]); + + wallets[i].decrypt_keys(""); + mis[i] = wallets[i].get_multisig_info(); + wallets[i].encrypt_keys(""); + } + + for (auto& wallet: wallets) { + ASSERT_FALSE(wallet.multisig() || wallet.multisig() || wallet.multisig()); + } + + std::vector mxis; + for (size_t i = 0; i < wallets.size(); ++i) { + // it's ok to put all of multisig keys in this function. it throws in case of error + mxis.push_back(wallets[i].make_multisig("", mis, M)); + } + + while (!mxis[0].empty()) { + mxis = exchange_round(wallets, mxis); + } + + for (size_t i = 0; i < wallets.size(); ++i) { + ASSERT_TRUE(mxis[i].empty()); + bool ready; + uint32_t threshold, total; + ASSERT_TRUE(wallets[i].multisig(&ready, &threshold, &total)); + ASSERT_TRUE(ready); + ASSERT_TRUE(threshold == M); + ASSERT_TRUE(total == wallets.size()); + + if (i != 0) { + // "equals" is transitive relation so we need only to compare first wallet's address to each others' addresses. no need to compare 0's address with itself. + ASSERT_TRUE(wallets[0].get_account().get_public_address_str(cryptonote::TESTNET) == wallets[i].get_account().get_public_address_str(cryptonote::TESTNET)); + } + } } TEST(multisig, make_2_2) { - tools::wallet2 wallet0, wallet1; - make_M_2_wallet(wallet0, wallet1, 2); + std::vector wallets(2); + make_wallets(wallets, 2); } TEST(multisig, make_3_3) { - tools::wallet2 wallet0, wallet1, wallet2; - make_M_3_wallet(wallet0, wallet1, wallet2, 3); + std::vector wallets(3); + make_wallets(wallets, 3); } TEST(multisig, make_2_3) { - tools::wallet2 wallet0, wallet1, wallet2; - make_M_3_wallet(wallet0, wallet1, wallet2, 2); + std::vector wallets(3); + make_wallets(wallets, 2); +} + +TEST(multisig, make_2_4) +{ + std::vector wallets(4); + make_wallets(wallets, 2); +} + +TEST(multisig, make_2_5) +{ + std::vector wallets(5); + make_wallets(wallets, 2); }