CWalletTx GetValidReceive(ZCJoinSplit& params,
const libzcash::SpendingKey& sk, CAmount value,
bool randomInputs) {
CMutableTransaction mtx;
mtx.nVersion = 2; // Enable JoinSplits
mtx.vin.resize(2);
if (randomInputs) {
mtx.vin[0].prevout.hash = GetRandHash();
mtx.vin[1].prevout.hash = GetRandHash();
} else {
mtx.vin[0].prevout.hash = uint256S("0000000000000000000000000000000000000000000000000000000000000001");
mtx.vin[1].prevout.hash = uint256S("0000000000000000000000000000000000000000000000000000000000000002");
}
mtx.vin[0].prevout.n = 0;
mtx.vin[1].prevout.n = 0;
// Generate an ephemeral keypair.
uint256 joinSplitPubKey;
unsigned char joinSplitPrivKey[crypto_sign_SECRETKEYBYTES];
crypto_sign_keypair(joinSplitPubKey.begin(), joinSplitPrivKey);
mtx.joinSplitPubKey = joinSplitPubKey;
boost::array<libzcash::JSInput, 2> inputs = {
libzcash::JSInput(), // dummy input
libzcash::JSInput() // dummy input
};
boost::array<libzcash::JSOutput, 2> outputs = {
libzcash::JSOutput(sk.address(), value),
libzcash::JSOutput(sk.address(), value)
};
boost::array<libzcash::Note, 2> output_notes;
// Prepare JoinSplits
uint256 rt;
JSDescription jsdesc {params, mtx.joinSplitPubKey, rt,
inputs, outputs, 2*value, 0, false};
mtx.vjoinsplit.push_back(jsdesc);
// Empty output script.
CScript scriptCode;
CTransaction signTx(mtx);
uint256 dataToBeSigned = SignatureHash(scriptCode, signTx, NOT_AN_INPUT, SIGHASH_ALL);
// Add the signature
assert(crypto_sign_detached(&mtx.joinSplitSig[0], NULL,
dataToBeSigned.begin(), 32,
joinSplitPrivKey
) == 0);
CTransaction tx {mtx};
CWalletTx wtx {NULL, tx};
return wtx;
}
static int64_t AddTx(CWallet& wallet, uint32_t lockTime, int64_t mockTime, int64_t blockTime)
{
CMutableTransaction tx;
tx.nLockTime = lockTime;
SetMockTime(mockTime);
CBlockIndex* block = nullptr;
if (blockTime > 0) {
LOCK(cs_main);
auto inserted = mapBlockIndex.emplace(GetRandHash(), new CBlockIndex);
assert(inserted.second);
const uint256& hash = inserted.first->first;
block = inserted.first->second;
block->nTime = blockTime;
block->phashBlock = &hash;
}
CWalletTx wtx(&wallet, MakeTransactionRef(tx));
if (block) {
wtx.SetMerkleBranch(block, 0);
}
{
LOCK(cs_main);
wallet.AddToWallet(wtx);
}
LOCK(wallet.cs_wallet);
return wallet.mapWallet.at(wtx.GetHash()).nTimeSmart;
}
CTransactionRef RandomOrphan()
{
std::map<uint256, COrphanTx>::iterator it;
it = mapOrphanTransactions.lower_bound(GetRandHash());
if (it == mapOrphanTransactions.end())
it = mapOrphanTransactions.begin();
return it->second.tx;
}
static void DuplicateInputs(benchmark::State& state)
{
const CScript SCRIPT_PUB{CScript(OP_TRUE)};
const CChainParams& chainparams = Params();
CBlock block{};
CMutableTransaction coinbaseTx{};
CMutableTransaction naughtyTx{};
CBlockIndex* pindexPrev = ::ChainActive().Tip();
assert(pindexPrev != nullptr);
block.nBits = GetNextWorkRequired(pindexPrev, &block, chainparams.GetConsensus());
block.nNonce = 0;
auto nHeight = pindexPrev->nHeight + 1;
// Make a coinbase TX
coinbaseTx.vin.resize(1);
coinbaseTx.vin[0].prevout.SetNull();
coinbaseTx.vout.resize(1);
coinbaseTx.vout[0].scriptPubKey = SCRIPT_PUB;
coinbaseTx.vout[0].nValue = GetBlockSubsidy(nHeight, chainparams.GetConsensus());
coinbaseTx.vin[0].scriptSig = CScript() << nHeight << OP_0;
naughtyTx.vout.resize(1);
naughtyTx.vout[0].nValue = 0;
naughtyTx.vout[0].scriptPubKey = SCRIPT_PUB;
uint64_t n_inputs = (((MAX_BLOCK_SERIALIZED_SIZE / WITNESS_SCALE_FACTOR) - (CTransaction(coinbaseTx).GetTotalSize() + CTransaction(naughtyTx).GetTotalSize())) / 41) - 100;
for (uint64_t x = 0; x < (n_inputs - 1); ++x) {
naughtyTx.vin.emplace_back(GetRandHash(), 0, CScript(), 0);
}
naughtyTx.vin.emplace_back(naughtyTx.vin.back());
block.vtx.push_back(MakeTransactionRef(std::move(coinbaseTx)));
block.vtx.push_back(MakeTransactionRef(std::move(naughtyTx)));
block.hashMerkleRoot = BlockMerkleRoot(block);
while (state.KeepRunning()) {
CValidationState cvstate{};
assert(!CheckBlock(block, cvstate, chainparams.GetConsensus(), false, false));
assert(cvstate.GetRejectReason() == "bad-txns-inputs-duplicate");
}
}
bool GenerateBeaconKeys(const std::string &cpid, std::string &sOutPubKey, std::string &sOutPrivKey)
{
// First Check the Index - if it already exists, use it
sOutPrivKey = GetArgument("privatekey" + cpid + GetNetSuffix(), "");
sOutPubKey = GetArgument("publickey" + cpid + GetNetSuffix(), "");
// If current keypair is not empty, but is invalid, allow the new keys to be stored, otherwise return 1: (10-25-2016)
if (!sOutPrivKey.empty() && !sOutPubKey.empty())
{
uint256 hashBlock = GetRandHash();
std::string sSignature;
std::string sError;
bool fResult;
fResult = SignBlockWithCPID(cpid, hashBlock.GetHex(), sSignature, sError, true);
if (!fResult)
LogPrintf("GenerateBeaconKeys::Failed to sign block with cpid with existing keys; generating new key pair -> %s", sError);
else
{
fResult = VerifyCPIDSignature(cpid, hashBlock.GetHex(), sSignature);
if (fResult)
{
LogPrintf("GenerateBeaconKeys::Current keypair is valid.");
return true;
}
else
LogPrintf("GenerateBeaconKeys::Signing block with CPID was successful; However Verifying CPID Sign was not; Key pair is not valid, generating new key pair");
}
}
// Generate the Keypair
CKey key;
key.MakeNewKey(false);
CPrivKey vchPrivKey = key.GetPrivKey();
sOutPrivKey = HexStr<CPrivKey::iterator>(vchPrivKey.begin(), vchPrivKey.end());
sOutPubKey = HexStr(key.GetPubKey().Raw());
return true;
}
void static RandomTransaction(CMutableTransaction &tx, bool fSingle) {
tx.nVersion = insecure_rand();
tx.vin.clear();
tx.vout.clear();
tx.nLockTime = (insecure_rand() % 2) ? insecure_rand() : 0;
int ins = (insecure_rand() % 4) + 1;
int outs = fSingle ? ins : (insecure_rand() % 4) + 1;
for (int in = 0; in < ins; in++) {
tx.vin.push_back(CTxIn());
CTxIn &txin = tx.vin.back();
txin.prevout.hash = GetRandHash();
txin.prevout.n = insecure_rand() % 4;
RandomScript(txin.scriptSig);
txin.nSequence = (insecure_rand() % 2) ? insecure_rand() : (unsigned int)-1;
}
for (int out = 0; out < outs; out++) {
tx.vout.push_back(CTxOut());
CTxOut &txout = tx.vout.back();
txout.nValue = insecure_rand() % 100000000;
RandomScript(txout.scriptPubKey);
}
}
CCoinsKeyHasher::CCoinsKeyHasher() : salt(GetRandHash()) {}
#include <memory>
void CConnmanTest::AddNode(CNode& node)
{
LOCK(g_connman->cs_vNodes);
g_connman->vNodes.push_back(&node);
}
void CConnmanTest::ClearNodes()
{
LOCK(g_connman->cs_vNodes);
g_connman->vNodes.clear();
}
uint256 insecure_rand_seed = GetRandHash();
FastRandomContext insecure_rand_ctx(insecure_rand_seed);
extern bool fPrintToConsole;
extern void noui_connect();
BasicTestingSetup::BasicTestingSetup(const std::string& chainName)
{
SHA256AutoDetect();
RandomInit();
ECC_Start();
SetupEnvironment();
SetupNetworking();
InitSignatureCache();
InitScriptExecutionCache();
fPrintToDebugLog = false; // don't want to write to debug.log file
CBlockTreeDB::CBlockTreeDB(size_t nCacheSize, bool fMemory, bool fWipe) : CDBWrapper(GetDataDir() / "blocks" / "index", nCacheSize, fMemory, fWipe) {
if (!Read('S', salt)) {
salt = GetRandHash();
Write('S', salt);
}
}
void static RandomTransaction(CMutableTransaction &tx, bool fSingle, uint32_t consensusBranchId) {
tx.fOverwintered = insecure_rand() % 2;
if (tx.fOverwintered) {
if (insecure_rand() % 2) {
tx.nVersionGroupId = SAPLING_VERSION_GROUP_ID;
tx.nVersion = sapling_version_dist(rng);
} else {
tx.nVersionGroupId = OVERWINTER_VERSION_GROUP_ID;
tx.nVersion = overwinter_version_dist(rng);
}
tx.nExpiryHeight = (insecure_rand() % 2) ? insecure_rand() : 0;
} else {
tx.nVersion = insecure_rand() & 0x7FFFFFFF;
}
tx.vin.clear();
tx.vout.clear();
tx.vShieldedSpend.clear();
tx.vShieldedOutput.clear();
tx.vjoinsplit.clear();
tx.nLockTime = (insecure_rand() % 2) ? insecure_rand() : 0;
int ins = (insecure_rand() % 4) + 1;
int outs = fSingle ? ins : (insecure_rand() % 4) + 1;
int shielded_spends = (insecure_rand() % 4) + 1;
int shielded_outs = (insecure_rand() % 4) + 1;
int joinsplits = (insecure_rand() % 4);
for (int in = 0; in < ins; in++) {
tx.vin.push_back(CTxIn());
CTxIn &txin = tx.vin.back();
txin.prevout.hash = GetRandHash();
txin.prevout.n = insecure_rand() % 4;
RandomScript(txin.scriptSig);
txin.nSequence = (insecure_rand() % 2) ? insecure_rand() : (unsigned int)-1;
}
for (int out = 0; out < outs; out++) {
tx.vout.push_back(CTxOut());
CTxOut &txout = tx.vout.back();
txout.nValue = insecure_rand() % 100000000;
RandomScript(txout.scriptPubKey);
}
if (tx.nVersionGroupId == SAPLING_VERSION_GROUP_ID) {
tx.valueBalance = insecure_rand() % 100000000;
for (int spend = 0; spend < shielded_spends; spend++) {
SpendDescription sdesc;
sdesc.cv = GetRandHash();
sdesc.anchor = GetRandHash();
sdesc.nullifier = GetRandHash();
sdesc.rk = GetRandHash();
randombytes_buf(sdesc.zkproof.begin(), sdesc.zkproof.size());
tx.vShieldedSpend.push_back(sdesc);
}
for (int out = 0; out < shielded_outs; out++) {
OutputDescription odesc;
odesc.cv = GetRandHash();
odesc.cm = GetRandHash();
odesc.ephemeralKey = GetRandHash();
randombytes_buf(odesc.encCiphertext.begin(), odesc.encCiphertext.size());
randombytes_buf(odesc.outCiphertext.begin(), odesc.outCiphertext.size());
randombytes_buf(odesc.zkproof.begin(), odesc.zkproof.size());
tx.vShieldedOutput.push_back(odesc);
}
}
if (tx.nVersion >= 2) {
for (int js = 0; js < joinsplits; js++) {
JSDescription jsdesc;
if (insecure_rand() % 2 == 0) {
jsdesc.vpub_old = insecure_rand() % 100000000;
} else {
jsdesc.vpub_new = insecure_rand() % 100000000;
}
jsdesc.anchor = GetRandHash();
jsdesc.nullifiers[0] = GetRandHash();
jsdesc.nullifiers[1] = GetRandHash();
jsdesc.ephemeralKey = GetRandHash();
jsdesc.randomSeed = GetRandHash();
randombytes_buf(jsdesc.ciphertexts[0].begin(), jsdesc.ciphertexts[0].size());
randombytes_buf(jsdesc.ciphertexts[1].begin(), jsdesc.ciphertexts[1].size());
if (tx.fOverwintered && tx.nVersion >= SAPLING_TX_VERSION) {
libzcash::GrothProof zkproof;
randombytes_buf(zkproof.begin(), zkproof.size());
jsdesc.proof = zkproof;
} else {
jsdesc.proof = libzcash::PHGRProof::random_invalid();
}
jsdesc.macs[0] = GetRandHash();
jsdesc.macs[1] = GetRandHash();
tx.vjoinsplit.push_back(jsdesc);
}
unsigned char joinSplitPrivKey[crypto_sign_SECRETKEYBYTES];
crypto_sign_keypair(tx.joinSplitPubKey.begin(), joinSplitPrivKey);
// Empty output script.
CScript scriptCode;
CTransaction signTx(tx);
uint256 dataToBeSigned = SignatureHash(scriptCode, signTx, NOT_AN_INPUT, SIGHASH_ALL, 0, consensusBranchId);
assert(crypto_sign_detached(&tx.joinSplitSig[0], NULL,
dataToBeSigned.begin(), 32,
joinSplitPrivKey
) == 0);
}
}
TEST(keystore_tests, store_and_retrieve_spending_key_in_encrypted_store) {
TestCCryptoKeyStore keyStore;
uint256 r {GetRandHash()};
CKeyingMaterial vMasterKey (r.begin(), r.end());
libzcash::SpendingKey keyOut;
ZCNoteDecryption decOut;
std::set<libzcash::PaymentAddress> addrs;
// 1) Test adding a key to an unencrypted key store, then encrypting it
auto sk = libzcash::SpendingKey::random();
auto addr = sk.address();
EXPECT_FALSE(keyStore.GetNoteDecryptor(addr, decOut));
keyStore.AddSpendingKey(sk);
ASSERT_TRUE(keyStore.HaveSpendingKey(addr));
ASSERT_TRUE(keyStore.GetSpendingKey(addr, keyOut));
ASSERT_EQ(sk, keyOut);
EXPECT_TRUE(keyStore.GetNoteDecryptor(addr, decOut));
EXPECT_EQ(ZCNoteDecryption(sk.viewing_key()), decOut);
ASSERT_TRUE(keyStore.EncryptKeys(vMasterKey));
ASSERT_TRUE(keyStore.HaveSpendingKey(addr));
ASSERT_FALSE(keyStore.GetSpendingKey(addr, keyOut));
EXPECT_TRUE(keyStore.GetNoteDecryptor(addr, decOut));
EXPECT_EQ(ZCNoteDecryption(sk.viewing_key()), decOut);
// Unlocking with a random key should fail
uint256 r2 {GetRandHash()};
CKeyingMaterial vRandomKey (r2.begin(), r2.end());
EXPECT_FALSE(keyStore.Unlock(vRandomKey));
// Unlocking with a slightly-modified vMasterKey should fail
CKeyingMaterial vModifiedKey (r.begin(), r.end());
vModifiedKey[0] += 1;
EXPECT_FALSE(keyStore.Unlock(vModifiedKey));
// Unlocking with vMasterKey should succeed
ASSERT_TRUE(keyStore.Unlock(vMasterKey));
ASSERT_TRUE(keyStore.GetSpendingKey(addr, keyOut));
ASSERT_EQ(sk, keyOut);
keyStore.GetPaymentAddresses(addrs);
ASSERT_EQ(1, addrs.size());
ASSERT_EQ(1, addrs.count(addr));
// 2) Test adding a spending key to an already-encrypted key store
auto sk2 = libzcash::SpendingKey::random();
auto addr2 = sk2.address();
EXPECT_FALSE(keyStore.GetNoteDecryptor(addr2, decOut));
keyStore.AddSpendingKey(sk2);
ASSERT_TRUE(keyStore.HaveSpendingKey(addr2));
ASSERT_TRUE(keyStore.GetSpendingKey(addr2, keyOut));
ASSERT_EQ(sk2, keyOut);
EXPECT_TRUE(keyStore.GetNoteDecryptor(addr2, decOut));
EXPECT_EQ(ZCNoteDecryption(sk2.viewing_key()), decOut);
ASSERT_TRUE(keyStore.Lock());
ASSERT_TRUE(keyStore.HaveSpendingKey(addr2));
ASSERT_FALSE(keyStore.GetSpendingKey(addr2, keyOut));
EXPECT_TRUE(keyStore.GetNoteDecryptor(addr2, decOut));
EXPECT_EQ(ZCNoteDecryption(sk2.viewing_key()), decOut);
ASSERT_TRUE(keyStore.Unlock(vMasterKey));
ASSERT_TRUE(keyStore.GetSpendingKey(addr2, keyOut));
ASSERT_EQ(sk2, keyOut);
EXPECT_TRUE(keyStore.GetNoteDecryptor(addr2, decOut));
EXPECT_EQ(ZCNoteDecryption(sk2.viewing_key()), decOut);
keyStore.GetPaymentAddresses(addrs);
ASSERT_EQ(2, addrs.size());
ASSERT_EQ(1, addrs.count(addr));
ASSERT_EQ(1, addrs.count(addr2));
}
