From a374a522df6fcee357c9803c6765135ae60c1ba7 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 21 Feb 2017 13:57:10 +0000 Subject: [PATCH 1/2] wallet2: check key image validity domain in import_key_images --- src/wallet/wallet2.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 9069789ca..d2f5bdb7c 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -5274,6 +5274,10 @@ uint64_t wallet2::import_key_images(const std::vector pkeys; pkeys.push_back(&pkey); + THROW_WALLET_EXCEPTION_IF(!(rct::scalarmultKey(rct::ki2rct(key_image), rct::curveOrder()) == rct::identity()), + error::wallet_internal_error, "Key image out of validity domain: input " + boost::lexical_cast(n) + "/" + + boost::lexical_cast(signed_key_images.size()) + ", key image " + epee::string_tools::pod_to_hex(key_image)); + THROW_WALLET_EXCEPTION_IF(!crypto::check_ring_signature((const crypto::hash&)key_image, key_image, pkeys, &signature), error::wallet_internal_error, "Signature check failed: input " + boost::lexical_cast(n) + "/" + boost::lexical_cast(signed_key_images.size()) + ", key image " + epee::string_tools::pod_to_hex(key_image) From 89b2f3061b776fe65771ae5fa16298e60dafd66a Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 16 Apr 2017 15:07:55 +0100 Subject: [PATCH 2/2] tests: fix invalid key image test It was using an invalid key image which wasn't in the key image domain, so the transaction was rejected earlier than the test was expecting --- tests/core_tests/tx_validation.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/core_tests/tx_validation.cpp b/tests/core_tests/tx_validation.cpp index 885b95c69..66460e876 100644 --- a/tests/core_tests/tx_validation.cpp +++ b/tests/core_tests/tx_validation.cpp @@ -163,6 +163,15 @@ namespace throw std::runtime_error("invalid public key wasn't found"); return crypto::public_key(); } + + crypto::key_image generate_invalid_key_image() + { + crypto::key_image key_image; + // a random key image plucked from the blockchain + if (!epee::string_tools::hex_to_pod("6b9f5d1be7c950dc6e4e258c6ef75509412ba9ecaaf90e6886140151d1365b5e", key_image)) + throw std::runtime_error("invalid key image wasn't found"); + return key_image; + } } //---------------------------------------------------------------------------------------------------------------------- @@ -541,8 +550,7 @@ bool gen_tx_key_image_is_invalid::generate(std::vector& events builder.step2_fill_inputs(miner_account.get_keys(), sources); txin_to_key& in_to_key = boost::get(builder.m_tx.vin.front()); - crypto::public_key pub = generate_invalid_pub_key(); - memcpy(&in_to_key.k_image, &pub, sizeof(crypto::ec_point)); + in_to_key.k_image = generate_invalid_key_image(); builder.step3_fill_outputs(destinations); builder.step4_calc_hash();