ringct: prevent use of full ringct signatures for more than one input

2025-05-05 03:55:00 -04:00 · 2019-04-11 18:41:41 +00:00 · 2019-04-11 18:41:41 +00:00 · 93bb2f48f7
commit 93bb2f48f7
parent 9c77dbf376
4 changed files with 60 additions and 142 deletions
--- a/tests/unit_tests/serialization.cpp
+++ b/tests/unit_tests/serialization.cpp
@ -477,7 +477,7 @@ TEST(Serialization, serializes_ringct_types)
  rct::ecdhTuple ecdh0, ecdh1;
  rct::boroSig boro0, boro1;
  rct::mgSig mg0, mg1;
-  rct::rangeSig rg0, rg1;
+  rct::Bulletproof bp0, bp1;
  rct::rctSig s0, s1;
  cryptonote::transaction tx0, tx1;

@ -566,12 +566,15 @@ TEST(Serialization, serializes_ringct_types)
  ASSERT_TRUE(!memcmp(&boro0, &boro1, sizeof(boro0)));

  // create a full rct signature to use its innards
+  vector<uint64_t> inamounts;
  rct::ctkeyV sc, pc;
  rct::ctkey sctmp, pctmp;
-  tie(sctmp, pctmp) = rct::ctskpkGen(6000);
+  inamounts.push_back(6000);
+  tie(sctmp, pctmp) = rct::ctskpkGen(inamounts.back());
  sc.push_back(sctmp);
  pc.push_back(pctmp);
-  tie(sctmp, pctmp) = rct::ctskpkGen(7000);
+  inamounts.push_back(7000);
+  tie(sctmp, pctmp) = rct::ctskpkGen(inamounts.back());
  sc.push_back(sctmp);
  pc.push_back(pctmp);
  vector<uint64_t> amounts;
@ -588,9 +591,9 @@ TEST(Serialization, serializes_ringct_types)
  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
  rct::skpkGen(Sk, Pk);
  destinations.push_back(Pk);
-  //compute rct data with mixin 500
+  //compute rct data with mixin 3
  const rct::RCTConfig rct_config{ rct::RangeProofPaddedBulletproof, 0 };
-  s0 = rct::genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default"));
+  s0 = rct::genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));

  mg0 = s0.p.MGs[0];
  ASSERT_TRUE(serialization::dump_binary(mg0, blob));
@ -605,66 +608,12 @@ TEST(Serialization, serializes_ringct_types)
  // mixRing and II are not serialized, they are meant to be reconstructed
  ASSERT_TRUE(mg1.II.empty());

-  rg0 = s0.p.rangeSigs.front();
-  ASSERT_TRUE(serialization::dump_binary(rg0, blob));
-  ASSERT_TRUE(serialization::parse_binary(blob, rg1));
-  ASSERT_TRUE(!memcmp(&rg0, &rg1, sizeof(rg0)));
-
-#if 0
-  ASSERT_TRUE(serialization::dump_binary(s0, blob));
-  ASSERT_TRUE(serialization::parse_binary(blob, s1));
-  ASSERT_TRUE(s0.type == s1.type);
-  ASSERT_TRUE(s0.p.rangeSigs.size() == s1.p.rangeSigs.size());
-  for (size_t n = 0; n < s0.p.rangeSigs.size(); ++n)
-  {
-    ASSERT_TRUE(!memcmp(&s0.p.rangeSigs[n], &s1.p.rangeSigs[n], sizeof(s0.p.rangeSigs[n])));
-  }
-  ASSERT_TRUE(s0.p.MGs.size() == s1.p.MGs.size());
-  ASSERT_TRUE(s0.p.MGs[0].ss.size() == s1.p.MGs[0].ss.size());
-  for (size_t n = 0; n < s0.p.MGs[0].ss.size(); ++n)
-  {
-    ASSERT_TRUE(s0.p.MGs[0].ss[n] == s1.p.MGs[0].ss[n]);
-  }
-  ASSERT_TRUE(s0.p.MGs[0].cc == s1.p.MGs[0].cc);
-  // mixRing and II are not serialized, they are meant to be reconstructed
-  ASSERT_TRUE(s1.p.MGs[0].II.empty());
-
-  // mixRing and II are not serialized, they are meant to be reconstructed
-  ASSERT_TRUE(s1.mixRing.size() == 0);
-
-  ASSERT_TRUE(s0.ecdhInfo.size() == s1.ecdhInfo.size());
-  for (size_t n = 0; n < s0.ecdhInfo.size(); ++n)
-  {
-    ASSERT_TRUE(!memcmp(&s0.ecdhInfo[n], &s1.ecdhInfo[n], sizeof(s0.ecdhInfo[n])));
-  }
-  ASSERT_TRUE(s0.outPk.size() == s1.outPk.size());
-  for (size_t n = 0; n < s0.outPk.size(); ++n)
-  {
-    // serialization only does the mask
-    ASSERT_TRUE(!memcmp(&s0.outPk[n].mask, &s1.outPk[n].mask, sizeof(s0.outPk[n].mask)));
-  }
-#endif
-
-  tx0.set_null();
-  tx0.version = 2;
-  cryptonote::txin_to_key txin_to_key1{};
-  txin_to_key1.amount = 100;
-  txin_to_key1.key_offsets.resize(4);
-  cryptonote::txin_to_key txin_to_key2{};
-  txin_to_key2.amount = 200;
-  txin_to_key2.key_offsets.resize(4);
-  tx0.vin.push_back(txin_to_key1);
-  tx0.vin.push_back(txin_to_key2);
-  tx0.vout.push_back(cryptonote::tx_out());
-  tx0.vout.push_back(cryptonote::tx_out());
-  tx0.rct_signatures = s0;
-  ASSERT_EQ(tx0.rct_signatures.p.rangeSigs.size(), 2);
-  ASSERT_TRUE(serialization::dump_binary(tx0, blob));
-  ASSERT_TRUE(serialization::parse_binary(blob, tx1));
-  ASSERT_EQ(tx1.rct_signatures.p.rangeSigs.size(), 2);
-  std::string blob2;
-  ASSERT_TRUE(serialization::dump_binary(tx1, blob2));
-  ASSERT_TRUE(blob == blob2);
+  ASSERT_FALSE(s0.p.bulletproofs.empty());
+  bp0 = s0.p.bulletproofs.front();
+  ASSERT_TRUE(serialization::dump_binary(bp0, blob));
+  ASSERT_TRUE(serialization::parse_binary(blob, bp1));
+  bp1.V = bp0.V; // this is not saved, as it is reconstructed from other tx data
+  ASSERT_EQ(bp0, bp1);
 }

 TEST(Serialization, portability_wallet)