Core/grin-wallet
0
0
Fork 0
mirror of https://github.com/mimblewimble/grin-wallet.git synced 2025-01-21 03:21:08 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
grin-wallet/libwallet/tests/libwallet.rs
Yeastplume 9450d2a3b8
Compact slate merge (#404) 
* Add support for sending compact slates (#366)

* WIP add support for sending compact slates

* add repopulate_tx function to internal API

* first pass at compacted slate working

* move slate compaction to separate function

* test fixes

* support compact slate inits in invoice workflow

* add compress flags to send and invoice

* attempting to remove is_compact and assume all V4 slates begin as compact

* attempting to calculate offsets when full tx data isn't available

* update calc_commit to use participant blind data

* update doctests for compact slates

* start to remove unneeded fields from serialization

* make num_participants optional

* remove other_version from slate

* use grin master branch

* remove message field

* lock height assumed to be 0 if it doesn't exist

* don't serialise receiver signature when null

* don't serialize payment_info if not needed

* remove participant id from participant info

* add note on id field

* fix finalize and receive doctests

* finalize_tx tests, init_send_tx tests

* doctests for process_invoice_tx, retrieve_tx, tx_lock_outputs

* finished test changes

* update from grin master

* rebuild PR from diff (#380)

* recreate PR from diff (#381)

* serialize tx struct into top level coms object (#382)

* remove height (#383)

* Add State Slate (#384)

* add state field to slate and SlateV4

* set slate state at each transaction stage, add check to tests

* serialize slate status properly

* V4 Slate field tweaks (#386)

* various tweaks to V4 slate

* field renaming

* serialize slate v4 ID as base64 (#387)

* remove amount and fee where not needed (#388)

* Final Changes for compact Slate (#389)

* add tests for all types of file output, remove message args

* default range proof serialization

* shorten output features serialization

* rename payment proof fields in slate v4

* v4 payment proof serialization

* Binary Slates (#385)

* start test implementation

* add experimental binary serialization to slate

* serialize id

* serialize fields that can be skipped as a separate struct

* factor out sigs serialization

* clean up sigs and coms serialization

* completed v4 bin serialization

* add manual de/ser traits for V4 bin slate

* add simple byte array serializer

* complete wiring in of bin slate serialization

* clarify comment

* clarify comment

* update version

* test output dir name fix

* update slate v4 change description

* add binary output to command line

* Remove unneeded signature data during S2 and I2 stages (#390)

* remove unneeded return signature data during S2

* remove unneeded sig data from I2

* Doctest Fixes for compact slate branch (#392)

* begin to fix doctests

* more doctest fixes

* fix receive_tx

* update get_stored_tx to accept an UUID instead of a tx object, and operate on a raw Transaction object (#394)

* Fixes to async transaction posting (#395)

* unstash post_tx changes

* add offset during S3 and I3

* Revert slate id serialization to hex-string uuid (#396)

* update from master (#397)

* v3.x.x - v4.0.0 wallet compatibility fixes (#398)

* changes to support http sending to v3 wallets

* sending via http/tor TO 3.0.0 wallet works

* receiving FROM 3.0.0 wallets works over http/tor

* output converted V3 slate when needed

* paying invoices from 3.0.0 wallets working

* handle all participant info in slate states

* sending and receiving standard file transactions between v3 and 4 wallets confirmed working

* all file-based workflows working

* fixes resulting from tests

* remove reminder warnings

* remove lock_height, add kernel_features + arguments (#399)

* grin-wallet master now building against grin master (#402) (#403)

Co-authored-by: Antioch Peverell <apeverell@protonmail.com>

* Enhanced offset creation (#407)

* initial tests reworking offset creation

* invoice flow fixing + tests

* further test fixes

* change offset name in v4 slate, base64 serialize

* logic optimisation

* changes based on review feedback

Co-authored-by: Antioch Peverell <apeverell@protonmail.com>
2020-05-19 11:19:03 +01:00

524 lines
14 KiB
Rust
Raw Blame History

// Copyright 2019 The Grin Developers
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//! core::libtx specific tests
use grin_wallet_libwallet::Context;
use grin_wallet_util::grin_core::core::transaction;
use grin_wallet_util::grin_core::libtx::{aggsig, proof};
use grin_wallet_util::grin_keychain::{
BlindSum, BlindingFactor, ExtKeychain, ExtKeychainPath, Keychain, SwitchCommitmentType,
};
use grin_wallet_util::grin_util::secp;
use grin_wallet_util::grin_util::secp::key::{PublicKey, SecretKey};
use rand::thread_rng;
fn kernel_sig_msg() -> secp::Message {
transaction::KernelFeatures::Plain { fee: 0 }
.kernel_sig_msg()
.unwrap()
}
#[test]
fn aggsig_sender_receiver_interaction() {
let parent = ExtKeychainPath::new(1, 1, 0, 0, 0).to_identifier();
let switch = SwitchCommitmentType::Regular;
let sender_keychain = ExtKeychain::from_random_seed(true).unwrap();
let receiver_keychain = ExtKeychain::from_random_seed(true).unwrap();
// Calculate the kernel excess here for convenience.
// Normally this would happen during transaction building.
let kernel_excess = {
let id1 = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let skey1 = sender_keychain.derive_key(0, &id1, switch).unwrap();
let skey2 = receiver_keychain.derive_key(0, &id1, switch).unwrap();
let keychain = ExtKeychain::from_random_seed(true).unwrap();
let blinding_factor = keychain
.blind_sum(
&BlindSum::new()
.sub_blinding_factor(BlindingFactor::from_secret_key(skey1))
.add_blinding_factor(BlindingFactor::from_secret_key(skey2)),
)
.unwrap();
keychain
.secp()
.commit(0, blinding_factor.secret_key(&keychain.secp()).unwrap())
.unwrap()
};
let s_cx;
let mut rx_cx;
// sender starts the tx interaction
let (sender_pub_excess, _sender_pub_nonce) = {
let keychain = sender_keychain.clone();
let id1 = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let skey = keychain.derive_key(0, &id1, switch).unwrap();
// dealing with an input here so we need to negate the blinding_factor
// rather than use it as is
let bs = BlindSum::new();
let blinding_factor = keychain
.blind_sum(&bs.sub_blinding_factor(BlindingFactor::from_secret_key(skey)))
.unwrap();
let blind = blinding_factor.secret_key(&keychain.secp()).unwrap();
s_cx = Context::new(&keychain.secp(), blind, &parent, false, false);
s_cx.get_public_keys(&keychain.secp())
};
let pub_nonce_sum;
let pub_key_sum;
// receiver receives partial tx
let (receiver_pub_excess, _receiver_pub_nonce, rx_sig_part) = {
let keychain = receiver_keychain.clone();
let key_id = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
// let blind = blind_sum.secret_key(&keychain.secp())?;
let blind = keychain.derive_key(0, &key_id, switch).unwrap();
rx_cx = Context::new(&keychain.secp(), blind, &parent, false, false);
let (pub_excess, pub_nonce) = rx_cx.get_public_keys(&keychain.secp());
rx_cx.add_output(&key_id, &None, 0);
pub_nonce_sum = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).1,
&rx_cx.get_public_keys(keychain.secp()).1,
],
)
.unwrap();
pub_key_sum = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).0,
&rx_cx.get_public_keys(keychain.secp()).0,
],
)
.unwrap();
let msg = kernel_sig_msg();
let sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&rx_cx.sec_key,
&rx_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
(pub_excess, pub_nonce, sig_part)
};
// check the sender can verify the partial signature
// received in the response back from the receiver
{
let keychain = sender_keychain.clone();
let msg = kernel_sig_msg();
let sig_verifies = aggsig::verify_partial_sig(
&keychain.secp(),
&rx_sig_part,
&pub_nonce_sum,
&receiver_pub_excess,
Some(&pub_key_sum),
&msg,
);
assert!(!sig_verifies.is_err());
}
// now sender signs with their key
let sender_sig_part = {
let keychain = sender_keychain.clone();
let msg = kernel_sig_msg();
let sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&s_cx.sec_key,
&s_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
sig_part
};
// check the receiver can verify the partial signature
// received by the sender
{
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
let sig_verifies = aggsig::verify_partial_sig(
&keychain.secp(),
&sender_sig_part,
&pub_nonce_sum,
&sender_pub_excess,
Some(&pub_key_sum),
&msg,
);
assert!(!sig_verifies.is_err());
}
// Receiver now builds final signature from sender and receiver parts
let (final_sig, final_pubkey) = {
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
let our_sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&rx_cx.sec_key,
&rx_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
// Receiver now generates final signature from the two parts
let final_sig = aggsig::add_signatures(
&keychain.secp(),
vec![&sender_sig_part, &our_sig_part],
&pub_nonce_sum,
)
.unwrap();
// Receiver calculates the final public key (to verify sig later)
let final_pubkey = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).0,
&rx_cx.get_public_keys(keychain.secp()).0,
],
)
.unwrap();
(final_sig, final_pubkey)
};
// Receiver checks the final signature verifies
{
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
// Receiver check the final signature verifies
let sig_verifies = aggsig::verify_completed_sig(
&keychain.secp(),
&final_sig,
&final_pubkey,
Some(&final_pubkey),
&msg,
);
assert!(!sig_verifies.is_err());
}
// Check we can verify the sig using the kernel excess
{
let keychain = ExtKeychain::from_random_seed(true).unwrap();
let msg = kernel_sig_msg();
let sig_verifies =
aggsig::verify_single_from_commit(&keychain.secp(), &final_sig, &msg, &kernel_excess);
assert!(!sig_verifies.is_err());
}
}
#[test]
fn aggsig_sender_receiver_interaction_offset() {
let parent = ExtKeychainPath::new(1, 1, 0, 0, 0).to_identifier();
let switch = SwitchCommitmentType::Regular;
let sender_keychain = ExtKeychain::from_random_seed(true).unwrap();
let receiver_keychain = ExtKeychain::from_random_seed(true).unwrap();
// This is the kernel offset that we use to split the key
// Summing these at the block level prevents the
// kernels from being used to reconstruct (or identify) individual transactions
let kernel_offset = SecretKey::new(&sender_keychain.secp(), &mut thread_rng());
// Calculate the kernel excess here for convenience.
// Normally this would happen during transaction building.
let kernel_excess = {
let id1 = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let skey1 = sender_keychain.derive_key(0, &id1, switch).unwrap();
let skey2 = receiver_keychain.derive_key(0, &id1, switch).unwrap();
let keychain = ExtKeychain::from_random_seed(true).unwrap();
let blinding_factor = keychain
.blind_sum(
&BlindSum::new()
.sub_blinding_factor(BlindingFactor::from_secret_key(skey1))
.add_blinding_factor(BlindingFactor::from_secret_key(skey2))
// subtract the kernel offset here like as would when
// verifying a kernel signature
.sub_blinding_factor(BlindingFactor::from_secret_key(kernel_offset.clone())),
)
.unwrap();
keychain
.secp()
.commit(0, blinding_factor.secret_key(&keychain.secp()).unwrap())
.unwrap()
};
let s_cx;
let mut rx_cx;
// sender starts the tx interaction
let (sender_pub_excess, _sender_pub_nonce) = {
let keychain = sender_keychain.clone();
let id1 = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let skey = keychain.derive_key(0, &id1, switch).unwrap();
// dealing with an input here so we need to negate the blinding_factor
// rather than use it as is
let blinding_factor = keychain
.blind_sum(
&BlindSum::new()
.sub_blinding_factor(BlindingFactor::from_secret_key(skey))
// subtract the kernel offset to create an aggsig context
// with our "split" key
.sub_blinding_factor(BlindingFactor::from_secret_key(kernel_offset)),
)
.unwrap();
let blind = blinding_factor.secret_key(&keychain.secp()).unwrap();
s_cx = Context::new(&keychain.secp(), blind, &parent, false, false);
s_cx.get_public_keys(&keychain.secp())
};
// receiver receives partial tx
let pub_nonce_sum;
let pub_key_sum;
let (receiver_pub_excess, _receiver_pub_nonce, sig_part) = {
let keychain = receiver_keychain.clone();
let key_id = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let blind = keychain.derive_key(0, &key_id, switch).unwrap();
rx_cx = Context::new(&keychain.secp(), blind, &parent, false, false);
let (pub_excess, pub_nonce) = rx_cx.get_public_keys(&keychain.secp());
rx_cx.add_output(&key_id, &None, 0);
pub_nonce_sum = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).1,
&rx_cx.get_public_keys(keychain.secp()).1,
],
)
.unwrap();
pub_key_sum = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).0,
&rx_cx.get_public_keys(keychain.secp()).0,
],
)
.unwrap();
let msg = kernel_sig_msg();
let sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&rx_cx.sec_key,
&rx_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
(pub_excess, pub_nonce, sig_part)
};
// check the sender can verify the partial signature
// received in the response back from the receiver
{
let keychain = sender_keychain.clone();
let msg = kernel_sig_msg();
let sig_verifies = aggsig::verify_partial_sig(
&keychain.secp(),
&sig_part,
&pub_nonce_sum,
&receiver_pub_excess,
Some(&pub_key_sum),
&msg,
);
assert!(!sig_verifies.is_err());
}
// now sender signs with their key
let sender_sig_part = {
let keychain = sender_keychain.clone();
let msg = kernel_sig_msg();
let sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&s_cx.sec_key,
&s_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
sig_part
};
// check the receiver can verify the partial signature
// received by the sender
{
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
let sig_verifies = aggsig::verify_partial_sig(
&keychain.secp(),
&sender_sig_part,
&pub_nonce_sum,
&sender_pub_excess,
Some(&pub_key_sum),
&msg,
);
assert!(!sig_verifies.is_err());
}
// Receiver now builds final signature from sender and receiver parts
let (final_sig, final_pubkey) = {
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
let our_sig_part = aggsig::calculate_partial_sig(
&keychain.secp(),
&rx_cx.sec_key,
&rx_cx.sec_nonce,
&pub_nonce_sum,
Some(&pub_key_sum),
&msg,
)
.unwrap();
// Receiver now generates final signature from the two parts
let final_sig = aggsig::add_signatures(
&keychain.secp(),
vec![&sender_sig_part, &our_sig_part],
&pub_nonce_sum,
)
.unwrap();
// Receiver calculates the final public key (to verify sig later)
let final_pubkey = PublicKey::from_combination(
keychain.secp(),
vec![
&s_cx.get_public_keys(keychain.secp()).0,
&rx_cx.get_public_keys(keychain.secp()).0,
],
)
.unwrap();
(final_sig, final_pubkey)
};
// Receiver checks the final signature verifies
{
let keychain = receiver_keychain.clone();
let msg = kernel_sig_msg();
// Receiver check the final signature verifies
let sig_verifies = aggsig::verify_completed_sig(
&keychain.secp(),
&final_sig,
&final_pubkey,
Some(&final_pubkey),
&msg,
);
assert!(!sig_verifies.is_err());
}
// Check we can verify the sig using the kernel excess
{
let keychain = ExtKeychain::from_random_seed(true).unwrap();
let msg = kernel_sig_msg();
let sig_verifies =
aggsig::verify_single_from_commit(&keychain.secp(), &final_sig, &msg, &kernel_excess);
assert!(!sig_verifies.is_err());
}
}
#[test]
fn test_rewind_range_proof() {
let keychain = ExtKeychain::from_random_seed(true).unwrap();
let builder = proof::ProofBuilder::new(&keychain);
let key_id = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let key_id2 = ExtKeychain::derive_key_id(1, 2, 0, 0, 0);
let switch = SwitchCommitmentType::Regular;
let commit = keychain.commit(5, &key_id, switch).unwrap();
let extra_data = [99u8; 64];
let proof = proof::create(
&keychain,
&builder,
5,
&key_id,
switch,
commit,
Some(extra_data.to_vec().clone()),
)
.unwrap();
let proof_info = proof::rewind(
keychain.secp(),
&builder,
commit,
Some(extra_data.to_vec().clone()),
proof,
)
.unwrap();
assert!(proof_info.is_some());
let (r_amount, r_key_id, r_switch) = proof_info.unwrap();
assert_eq!(r_amount, 5);
assert_eq!(r_key_id, key_id);
assert_eq!(r_switch, switch);
// cannot rewind with a different commit
let commit2 = keychain.commit(5, &key_id2, switch).unwrap();
let proof_info = proof::rewind(
keychain.secp(),
&builder,
commit2,
Some(extra_data.to_vec().clone()),
proof,
)
.unwrap();
assert!(proof_info.is_none());
// cannot rewind with a commitment to a different value
let commit3 = keychain.commit(4, &key_id, switch).unwrap();
let proof_info = proof::rewind(
keychain.secp(),
&builder,
commit3,
Some(extra_data.to_vec().clone()),
proof,
)
.unwrap();
assert!(proof_info.is_none());
// cannot rewind with wrong extra committed data
let wrong_extra_data = [98u8; 64];
let proof_info = proof::rewind(
keychain.secp(),
&builder,
commit,
Some(wrong_extra_data.to_vec().clone()),
proof,
)
.unwrap();
assert!(proof_info.is_none());
}
Reference in a new issue View git blame Copy permalink