// Copyright (c) 2025, The Monero Project // // All rights reserved. // // Redistribution and use in source and binary forms, with or without modification, are // permitted provided that the following conditions are met: // // 1. Redistributions of source code must retain the above copyright notice, this list of // conditions and the following disclaimer. // // 2. Redistributions in binary form must reproduce the above copyright notice, this list // of conditions and the following disclaimer in the documentation and/or other // materials provided with the distribution. // // 3. Neither the name of the copyright holder nor the names of its contributors may be // used to endorse or promote products derived from this software without specific // prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "gtest/gtest.h" #include "carrot_core/output_set_finalization.h" #include "carrot_core/payment_proposal.h" #include "carrot_impl/format_utils.h" #include "carrot_impl/input_selection.h" #include "carrot_impl/tx_builder_inputs.h" #include "carrot_impl/tx_proposal_utils.h" #include "carrot_mock_helpers.h" #include "common/container_helpers.h" #include "crypto/generators.h" #include "cryptonote_basic/account.h" #include "cryptonote_basic/subaddress_index.h" #include "cryptonote_basic/cryptonote_format_utils.h" #include "cryptonote_core/blockchain.h" #include "curve_trees.h" #include "fcmp_pp/prove.h" #include "ringct/bulletproofs_plus.h" #include "ringct/rctOps.h" #include "ringct/rctSigs.h" using namespace carrot; namespace { //---------------------------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------------------------- static constexpr rct::xmr_amount MAX_AMOUNT_FCMP_PP = MONEY_SUPPLY / (FCMP_PLUS_PLUS_MAX_INPUTS + FCMP_PLUS_PLUS_MAX_OUTPUTS + 1); //---------------------------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------------------------- using CarrotEnoteVariant = tools::variant; //---------------------------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------------------------- struct CarrotOutputContextsAndKeys { std::vector enotes; std::vector encrypted_payment_ids; std::vector output_pairs; }; //---------------------------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------------------------- static const CarrotOutputContextsAndKeys generate_random_carrot_outputs( const mock::mock_carrot_and_legacy_keys &keys, const std::size_t old_n_leaf_tuples, const std::size_t new_n_leaf_tuples) { CarrotOutputContextsAndKeys outs; outs.enotes.reserve(new_n_leaf_tuples); outs.encrypted_payment_ids.reserve(new_n_leaf_tuples); outs.output_pairs.reserve(new_n_leaf_tuples); for (std::size_t i = 0; i < new_n_leaf_tuples; ++i) { const std::uint64_t output_id = old_n_leaf_tuples + i; fcmp_pp::curve_trees::OutputContext output_pair{ .output_id = output_id }; CarrotPaymentProposalV1 normal_payment_proposal{ .destination = keys.cryptonote_address(), .amount = rct::randXmrAmount(MAX_AMOUNT_FCMP_PP), .randomness = gen_janus_anchor() }; CarrotPaymentProposalVerifiableSelfSendV1 selfsend_payment_proposal{ .proposal = CarrotPaymentProposalSelfSendV1{ .destination_address_spend_pubkey = keys.cryptonote_address().address_spend_pubkey, .amount = rct::randXmrAmount(MAX_AMOUNT_FCMP_PP), .enote_type = i % 2 ? CarrotEnoteType::CHANGE : CarrotEnoteType::PAYMENT, .enote_ephemeral_pubkey = gen_x25519_pubkey() }, .subaddr_index = {0, 0} }; bool push_coinbase = false; CarrotCoinbaseEnoteV1 coinbase_enote; RCTOutputEnoteProposal rct_output_enote_proposal; encrypted_payment_id_t encrypted_payment_id; const unsigned int enote_derive_type = i % 7; switch (enote_derive_type) { case 0: // coinbase enote get_coinbase_output_proposal_v1(normal_payment_proposal, mock::gen_block_index(), coinbase_enote); push_coinbase = true; break; case 1: // normal enote main address get_output_proposal_normal_v1(normal_payment_proposal, mock::gen_key_image(), rct_output_enote_proposal, encrypted_payment_id); break; case 2: // normal enote subaddress normal_payment_proposal.destination = keys.subaddress({mock::gen_subaddress_index()}); get_output_proposal_normal_v1(normal_payment_proposal, mock::gen_key_image(), rct_output_enote_proposal, encrypted_payment_id); break; case 3: // special enote main address get_output_proposal_special_v1(selfsend_payment_proposal.proposal, keys.k_view_incoming_dev, keys.cryptonote_address().address_spend_pubkey, mock::gen_key_image(), std::nullopt, rct_output_enote_proposal); break; case 4: // special enote subaddress selfsend_payment_proposal.subaddr_index.index = mock::gen_subaddress_index(); selfsend_payment_proposal.proposal.destination_address_spend_pubkey = keys.subaddress(selfsend_payment_proposal.subaddr_index).address_spend_pubkey; get_output_proposal_special_v1(selfsend_payment_proposal.proposal, keys.k_view_incoming_dev, keys.cryptonote_address().address_spend_pubkey, mock::gen_key_image(), std::nullopt, rct_output_enote_proposal); break; case 5: // internal main address get_output_proposal_internal_v1(selfsend_payment_proposal.proposal, keys.s_view_balance_dev, mock::gen_key_image(), std::nullopt, rct_output_enote_proposal); break; case 6: // internal subaddress selfsend_payment_proposal.subaddr_index.index = mock::gen_subaddress_index(); selfsend_payment_proposal.proposal.destination_address_spend_pubkey = keys.subaddress(selfsend_payment_proposal.subaddr_index).address_spend_pubkey; get_output_proposal_internal_v1(selfsend_payment_proposal.proposal, keys.s_view_balance_dev, mock::gen_key_image(), std::nullopt, rct_output_enote_proposal); break; } if (push_coinbase) { output_pair.output_pair.output_pubkey = coinbase_enote.onetime_address; output_pair.output_pair.commitment = rct::zeroCommitVartime(coinbase_enote.amount); outs.enotes.push_back(coinbase_enote); outs.encrypted_payment_ids.emplace_back(); } else { output_pair.output_pair.output_pubkey = rct_output_enote_proposal.enote.onetime_address; output_pair.output_pair.commitment = rct_output_enote_proposal.enote.amount_commitment; outs.enotes.push_back(rct_output_enote_proposal.enote); } outs.encrypted_payment_ids.push_back(encrypted_payment_id); outs.output_pairs.push_back(output_pair); } return outs; } } //anonymous namespace //---------------------------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------------------------- TEST(carrot_fcmp, receive_scan_spend_and_verify_serialized_carrot_tx) { // In this test we: // 1. Populate a curve tree with Carrot-derived enotes to Alice // 2. Scan those enotes and construct a transfer-style tx to Bob // 3. Serialize that tx, then deserialize it // 4. Verify non-input consensus rules on the deserialized tx // 5. Verify FCMP membership in the curve tree on the deserialized tx // 6. Scan the deserialized tx to Bob mock::mock_carrot_and_legacy_keys alice; mock::mock_carrot_and_legacy_keys bob; alice.generate(); bob.generate(); const size_t n_inputs = crypto::rand_range(CARROT_MIN_TX_INPUTS, FCMP_PLUS_PLUS_MAX_INPUTS); const size_t n_outputs = crypto::rand_range(CARROT_MIN_TX_OUTPUTS, FCMP_PLUS_PLUS_MAX_OUTPUTS); const std::size_t selene_chunk_width = fcmp_pp::curve_trees::SELENE_CHUNK_WIDTH; const std::size_t helios_chunk_width = fcmp_pp::curve_trees::HELIOS_CHUNK_WIDTH; const std::size_t tree_depth = 3; const std::size_t n_tree_layers = tree_depth + 1; const size_t expected_num_selene_branch_blinds = (tree_depth + 1) / 2; const size_t expected_num_helios_branch_blinds = tree_depth / 2; LOG_PRINT_L1("Test carrot_impl.receive_scan_spend_and_verify_serialized_carrot_tx with selene chunk width " << selene_chunk_width << ", helios chunk width " << helios_chunk_width << ", tree depth " << tree_depth << ", number of inputs " << n_inputs << ", number of outputs " << n_outputs); // Tree params uint64_t min_leaves_needed_for_tree_depth = 0; const auto curve_trees = test::init_curve_trees_test(selene_chunk_width, helios_chunk_width, tree_depth, min_leaves_needed_for_tree_depth); // Generate enotes... LOG_PRINT_L1("Generating carrot-derived enotes to Alice"); const auto new_outputs = generate_random_carrot_outputs(alice, 0, min_leaves_needed_for_tree_depth ); ASSERT_GT(min_leaves_needed_for_tree_depth, n_inputs); // generate output ids to use as inputs... std::set picked_output_ids_set; while (picked_output_ids_set.size() < n_inputs) picked_output_ids_set.insert(crypto::rand_idx(min_leaves_needed_for_tree_depth)); std::vector picked_output_ids(picked_output_ids_set.cbegin(), picked_output_ids_set.cend()); std::shuffle(picked_output_ids.begin(), picked_output_ids.end(), crypto::random_device{}); // scan inputs and make key images and opening hints... // a z C_a K_o opening hint output id using input_info_t = std::tuple; LOG_PRINT_L1("Alice scanning inputs"); std::unordered_map input_info_by_ki; rct::xmr_amount input_amount_sum = 0; for (const size_t picked_output_id : picked_output_ids) { // find index into new_outputs based on picked_output_id size_t new_outputs_idx; for (new_outputs_idx = 0; new_outputs_idx < new_outputs.output_pairs.size(); ++new_outputs_idx) { if (new_outputs.output_pairs.at(new_outputs_idx).output_id == picked_output_id) break; } ASSERT_LT(new_outputs_idx, new_outputs.enotes.size()); // compile information about this enote const CarrotEnoteVariant &enote_v = new_outputs.enotes.at(new_outputs_idx); OutputOpeningHintVariant opening_hint; std::vector scan_results; if (enote_v.is_type()) { const CarrotEnoteV1 &enote = enote_v.unwrap(); const encrypted_payment_id_t encrypted_payment_id = new_outputs.encrypted_payment_ids.at(new_outputs_idx); mock::mock_scan_enote_set({enote}, encrypted_payment_id, alice, scan_results); ASSERT_EQ(1, scan_results.size()); const mock::mock_scan_result_t &scan_result = scan_results.front(); const auto subaddr_it = alice.subaddress_map.find(scan_result.address_spend_pubkey); ASSERT_NE(alice.subaddress_map.cend(), subaddr_it); opening_hint = CarrotOutputOpeningHintV1{ .source_enote = enote, .encrypted_payment_id = encrypted_payment_id, .subaddr_index = subaddr_it->second }; } else // is coinbase { const CarrotCoinbaseEnoteV1 &enote = enote_v.unwrap(); mock::mock_scan_coinbase_enote_set({enote}, alice, scan_results); ASSERT_EQ(1, scan_results.size()); const mock::mock_scan_result_t &scan_result = scan_results.front(); ASSERT_EQ(alice.cryptonote_address().address_spend_pubkey, scan_result.address_spend_pubkey); opening_hint = CarrotCoinbaseOutputOpeningHintV1{ .source_enote = enote, .derive_type = AddressDeriveType::Carrot }; } ASSERT_EQ(1, scan_results.size()); const mock::mock_scan_result_t &scan_result = scan_results.front(); const fcmp_pp::curve_trees::OutputPair &output_pair = new_outputs.output_pairs.at(new_outputs_idx).output_pair; const crypto::key_image ki = alice.derive_key_image(scan_result.address_spend_pubkey, scan_result.sender_extension_g, scan_result.sender_extension_t, output_pair.output_pubkey); ASSERT_EQ(0, input_info_by_ki.count(ki)); input_info_by_ki[ki] = {scan_result.amount, rct::sk2rct(scan_result.amount_blinding_factor), output_pair.commitment, output_pair.output_pubkey, opening_hint, new_outputs.output_pairs.at(new_outputs_idx).output_id}; input_amount_sum += scan_result.amount; } // generate n_outputs-1 payment proposals to bob ... LOG_PRINT_L1("Generating payment proposals to Bob"); rct::xmr_amount output_amount_remaining = rct::randXmrAmount(input_amount_sum); std::vector bob_payment_proposals; for (size_t i = 0; i < n_outputs - 1; ++i) { const bool use_subaddress = i % 2 == 1; const CarrotDestinationV1 addr = use_subaddress ? bob.subaddress({mock::gen_subaddress_index()}) : bob.cryptonote_address(); const rct::xmr_amount amount = rct::randXmrAmount(output_amount_remaining); bob_payment_proposals.push_back(CarrotPaymentProposalV1{ .destination = addr, .amount = amount, .randomness = gen_janus_anchor() }); output_amount_remaining -= amount; } // make a transfer-type tx proposal // @TODO: this can fail sporadically if fee exceeds remaining funds LOG_PRINT_L1("Creating transaction proposal"); const rct::xmr_amount fee_per_weight = 1; CarrotTransactionProposalV1 tx_proposal; make_carrot_transaction_proposal_v1_transfer(bob_payment_proposals, /*selfsend_payment_proposals=*/{}, fee_per_weight, /*extra=*/{}, cryptonote::transaction_type::TRANSFER, [&input_info_by_ki] ( const boost::multiprecision::int128_t&, const std::map&, const std::size_t, const std::size_t, std::vector& key_images_out) { key_images_out.clear(); key_images_out.reserve(input_info_by_ki.size()); for (const auto &info : input_info_by_ki) { key_images_out.push_back(CarrotSelectedInput{ .amount = std::get<0>(info.second), .key_image = info.first }); } }, alice.carrot_account_spend_pubkey, {{0, 0}, AddressDeriveType::Carrot}, {}, {}, tx_proposal); ASSERT_EQ(n_outputs, tx_proposal.normal_payment_proposals.size() + tx_proposal.selfsend_payment_proposals.size()); // collect core selfsend proposals std::vector selfsend_payment_proposal_cores; for (const CarrotPaymentProposalVerifiableSelfSendV1 &selfsend_payment_proposal : tx_proposal.selfsend_payment_proposals) selfsend_payment_proposal_cores.push_back(selfsend_payment_proposal.proposal); // derive output enote set LOG_PRINT_L1("Deriving enotes"); std::vector output_enote_proposals; encrypted_payment_id_t encrypted_payment_id; size_t change_index; std::unordered_map normal_payments_indices; get_output_enote_proposals(tx_proposal.normal_payment_proposals, selfsend_payment_proposal_cores, tx_proposal.dummy_encrypted_payment_id, &alice.s_view_balance_dev, &alice.k_view_incoming_dev, alice.carrot_account_spend_pubkey, tx_proposal.key_images_sorted.at(0), output_enote_proposals, encrypted_payment_id, cryptonote::transaction_type::TRANSFER, change_index, normal_payments_indices); // Collect balance info and enotes std::vector input_onetime_addresses; std::vector input_amount_commitments; std::vector input_amount_blinding_factors; std::vector output_amounts; std::vector output_amount_blinding_factors; std::vector output_enotes; for (size_t i = 0; i < n_inputs; ++i) { const input_info_t &input_info = input_info_by_ki.at(tx_proposal.key_images_sorted.at(i)); input_onetime_addresses.push_back(std::get<3>(input_info)); input_amount_commitments.push_back(std::get<2>(input_info)); input_amount_blinding_factors.push_back(std::get<1>(input_info)); } for (const RCTOutputEnoteProposal &output_enote_proposal : output_enote_proposals) { output_amounts.push_back(output_enote_proposal.amount); output_amount_blinding_factors.push_back(rct::sk2rct(output_enote_proposal.amount_blinding_factor)); output_enotes.push_back(output_enote_proposal.enote); } // make pruned tx LOG_PRINT_L1("Storing carrot to transaction"); cryptonote::transaction tx = store_carrot_to_transaction_v1(output_enotes, tx_proposal.key_images_sorted, tx_proposal.sources, tx_proposal.fee, tx_proposal.tx_type, tx_proposal.amount_burnt, {}, // change_masks {}, // return_enote encrypted_payment_id); ASSERT_EQ(2, tx.version); ASSERT_EQ(0, tx.unlock_time); ASSERT_EQ(n_inputs, tx.vin.size()); ASSERT_EQ(n_outputs, tx.vout.size()); ASSERT_EQ(n_outputs, tx.rct_signatures.outPk.size()); // Generate bulletproof+ LOG_PRINT_L1("Generating Bulletproof+"); tx.rct_signatures.p.bulletproofs_plus.push_back(rct::bulletproof_plus_PROVE(output_amounts, output_amount_blinding_factors)); ASSERT_EQ(n_outputs, tx.rct_signatures.p.bulletproofs_plus.at(0).V.size()); // expand tx and calculate signable tx hash LOG_PRINT_L1("Calculating signable tx hash"); hw::device &hwdev = hw::get_device("default"); ASSERT_TRUE(cryptonote::expand_transaction_1(tx, /*base_only=*/false)); const crypto::hash tx_prefix_hash = cryptonote::get_transaction_prefix_hash(tx); tx.rct_signatures.message = rct::hash2rct(tx_prefix_hash); tx.rct_signatures.p.pseudoOuts.resize(n_inputs); // @TODO: make this not necessary to call get_mlsag_hash const crypto::hash signable_tx_hash = rct::rct2hash(rct::get_pre_mlsag_hash(tx.rct_signatures, hwdev)); // rerandomize inputs LOG_PRINT_L1("Making rerandomized inputs"); std::vector rerandomized_outputs; make_carrot_rerandomized_outputs_nonrefundable(input_onetime_addresses, input_amount_commitments, input_amount_blinding_factors, output_amount_blinding_factors, rerandomized_outputs); // Make SA/L proofs LOG_PRINT_L1("Generating FCMP++ SA/L proofs"); std::vector actual_key_images; std::vector sal_proofs; for (size_t i = 0; i < n_inputs; ++i) { const CarrotOpenableRerandomizedOutputV1 openable_opening_hint{ .rerandomized_output = rerandomized_outputs.at(i), .opening_hint = std::get<4>(input_info_by_ki.at(tx_proposal.key_images_sorted.at(i))) }; make_sal_proof_any_to_carrot_v1(signable_tx_hash, openable_opening_hint, alice.k_prove_spend, alice.k_generate_image, alice.s_view_balance_dev, alice.k_view_incoming_dev, alice.s_generate_address_dev, tools::add_element(sal_proofs), tools::add_element(actual_key_images)); } // Init tree in memory LOG_PRINT_L1("Initializing tree with " << min_leaves_needed_for_tree_depth << " leaves"); CurveTreesGlobalTree global_tree(*curve_trees); ASSERT_TRUE(global_tree.grow_tree(0, min_leaves_needed_for_tree_depth, new_outputs.output_pairs)); LOG_PRINT_L1("Finished initializing tree with " << min_leaves_needed_for_tree_depth << " leaves"); // Make FCMP paths LOG_PRINT_L1("Calculating FCMP paths"); std::vector fcmp_proof_inputs(n_inputs); for (size_t i = 0; i < n_inputs; ++i) { const size_t leaf_idx = std::get<5>(input_info_by_ki.at(tx_proposal.key_images_sorted.at(i))); const auto path = global_tree.get_path_at_leaf_idx(leaf_idx); const std::size_t path_leaf_idx = leaf_idx % curve_trees->m_c1_width; const fcmp_pp::curve_trees::OutputPair output_pair = {rct::rct2pk(path.leaves[path_leaf_idx].O), path.leaves[path_leaf_idx].C}; const auto output_tuple = fcmp_pp::curve_trees::output_to_tuple(output_pair); const auto path_for_proof = curve_trees->path_for_proof(path, output_tuple); const auto helios_scalar_chunks = fcmp_pp::tower_cycle::scalar_chunks_to_chunk_vector( path_for_proof.c2_scalar_chunks); const auto selene_scalar_chunks = fcmp_pp::tower_cycle::scalar_chunks_to_chunk_vector( path_for_proof.c1_scalar_chunks); const auto path_rust = fcmp_pp::path_new({path_for_proof.leaves.data(), path_for_proof.leaves.size()}, path_for_proof.output_idx, {helios_scalar_chunks.data(), helios_scalar_chunks.size()}, {selene_scalar_chunks.data(), selene_scalar_chunks.size()}); fcmp_proof_inputs[i].path = path_rust; } // make FCMP blinds LOG_PRINT_L1("Calculating branch and output blinds"); for (size_t i = 0; i < n_inputs; ++i) { fcmp_pp::ProofInput &proof_input = fcmp_proof_inputs[i]; const FcmpRerandomizedOutputCompressed &rerandomized_output = rerandomized_outputs.at(i); // calculate individual blinds uint8_t *blinded_o_blind = fcmp_pp::blind_o_blind(fcmp_pp::o_blind(rerandomized_output)); uint8_t *blinded_i_blind = fcmp_pp::blind_i_blind(fcmp_pp::i_blind(rerandomized_output)); uint8_t *blinded_i_blind_blind = fcmp_pp::blind_i_blind_blind(fcmp_pp::i_blind_blind(rerandomized_output)); uint8_t *blinded_c_blind = fcmp_pp::blind_c_blind(fcmp_pp::c_blind(rerandomized_output)); // make output blinds proof_input.output_blinds = fcmp_pp::output_blinds_new( blinded_o_blind, blinded_i_blind, blinded_i_blind_blind, blinded_c_blind); // generate selene blinds proof_input.selene_branch_blinds.reserve(expected_num_selene_branch_blinds); for (size_t j = 0; j < expected_num_selene_branch_blinds; ++j) proof_input.selene_branch_blinds.push_back(fcmp_pp::selene_branch_blind()); // generate helios blinds proof_input.helios_branch_blinds.reserve(expected_num_helios_branch_blinds); for (size_t j = 0; j < expected_num_helios_branch_blinds; ++j) proof_input.helios_branch_blinds.push_back(fcmp_pp::helios_branch_blind()); // dealloc individual blinds free(blinded_o_blind); free(blinded_i_blind); free(blinded_i_blind_blind); free(blinded_c_blind); } // Make FCMP membership proof LOG_PRINT_L1("Generating FCMP++ membership proofs"); std::vector fcmp_proof_inputs_rust; for (size_t i = 0; i < n_inputs; ++i) { fcmp_pp::ProofInput &proof_input = fcmp_proof_inputs.at(i); fcmp_proof_inputs_rust.push_back(fcmp_pp::fcmp_prove_input_new( rerandomized_outputs.at(i), proof_input.path, proof_input.output_blinds, proof_input.selene_branch_blinds, proof_input.helios_branch_blinds)); free(proof_input.path); free(proof_input.output_blinds); for (const uint8_t *branch_blind : proof_input.selene_branch_blinds) free(const_cast(branch_blind)); for (const uint8_t *branch_blind : proof_input.helios_branch_blinds) free(const_cast(branch_blind)); } const fcmp_pp::FcmpMembershipProof membership_proof = fcmp_pp::prove_membership(fcmp_proof_inputs_rust, n_tree_layers); // Dealloc FCMP proof inputs for (const uint8_t *proof_input : fcmp_proof_inputs_rust) free(const_cast(proof_input)); // Attach rctSigPrunable to tx LOG_PRINT_L1("Storing rctSig prunable"); const std::uint64_t fcmp_block_reference_index = mock::gen_block_index(); tx.rct_signatures.p = store_fcmp_proofs_to_rct_prunable_v1(std::move(tx.rct_signatures.p.bulletproofs_plus), rerandomized_outputs, sal_proofs, membership_proof, fcmp_block_reference_index, n_tree_layers); tx.pruned = false; // Serialize tx to bytes LOG_PRINT_L1("Serializing & deserializing transaction"); const cryptonote::blobdata tx_blob = cryptonote::tx_to_blob(tx); // Deserialize tx cryptonote::transaction deserialized_tx; ASSERT_TRUE(cryptonote::parse_and_validate_tx_from_blob(tx_blob, deserialized_tx)); // Expand tx auto tree_root = global_tree.get_tree_root(); const crypto::hash tx_prefix_hash_2 = cryptonote::get_transaction_prefix_hash(deserialized_tx); ASSERT_TRUE(cryptonote::Blockchain::expand_transaction_2(deserialized_tx, tx_prefix_hash_2, {}, tree_root)); // Verify non-input consensus rules on tx LOG_PRINT_L1("Verifying non-input consensus rules"); cryptonote::tx_verification_context tvc{}; ASSERT_TRUE(cryptonote::ver_non_input_consensus(deserialized_tx, tvc, HF_VERSION_FCMP_PLUS_PLUS)); ASSERT_FALSE(tvc.m_verifivation_failed); ASSERT_FALSE(tvc.m_verifivation_impossible); ASSERT_FALSE(tvc.m_added_to_pool); ASSERT_FALSE(tvc.m_low_mixin); ASSERT_FALSE(tvc.m_double_spend); ASSERT_FALSE(tvc.m_invalid_input); ASSERT_FALSE(tvc.m_invalid_output); ASSERT_FALSE(tvc.m_too_big); ASSERT_FALSE(tvc.m_overspend); ASSERT_FALSE(tvc.m_fee_too_low); ASSERT_FALSE(tvc.m_too_few_outputs); ASSERT_FALSE(tvc.m_tx_extra_too_big); ASSERT_FALSE(tvc.m_nonzero_unlock_time); // Recalculate signable tx hash from deserialized tx and check const crypto::hash signable_tx_hash_2 = rct::rct2hash(rct::get_pre_mlsag_hash(deserialized_tx.rct_signatures, hwdev)); ASSERT_EQ(signable_tx_hash, signable_tx_hash_2); // Pre-verify SAL proofs LOG_PRINT_L1("Verify SA/L proofs"); ASSERT_EQ(deserialized_tx.vin.size(), n_inputs); ASSERT_EQ(deserialized_tx.vin.size(), deserialized_tx.rct_signatures.p.fcmp_ver_helper_data.key_images.size()); ASSERT_EQ(deserialized_tx.vin.size(), deserialized_tx.rct_signatures.p.pseudoOuts.size()); ASSERT_GT(deserialized_tx.rct_signatures.p.fcmp_pp.size(), (3*32 + FCMP_PP_SAL_PROOF_SIZE_V1) * n_inputs); for (size_t i = 0; i < n_inputs; ++i) { const uint8_t * const pbytes = deserialized_tx.rct_signatures.p.fcmp_pp.data() + (3*32 + FCMP_PP_SAL_PROOF_SIZE_V1) * i; FcmpInputCompressed input; fcmp_pp::FcmpPpSalProof sal_proof(FCMP_PP_SAL_PROOF_SIZE_V1); memcpy(&input, pbytes, 3*32); memcpy(&sal_proof[0], pbytes + 3*32, FCMP_PP_SAL_PROOF_SIZE_V1); memcpy(input.C_tilde, deserialized_tx.rct_signatures.p.pseudoOuts.at(i).bytes, 32); const crypto::key_image &ki = deserialized_tx.rct_signatures.p.fcmp_ver_helper_data.key_images.at(i); ASSERT_TRUE(fcmp_pp::verify_sal(signable_tx_hash_2, input, ki, sal_proof)); } // Verify all RingCT non-semantics LOG_PRINT_L1("Verify RingCT non-semantics consensus rules"); ASSERT_TRUE(rct::verRctNonSemanticsSimple(deserialized_tx.rct_signatures)); free(tree_root); // Load carrot from tx LOG_PRINT_L1("Parsing carrot info from deserialized transaction"); std::vector parsed_enotes; std::vector parsed_key_images; rct::xmr_amount parsed_fee; std::optional parsed_encrypted_payment_id; ASSERT_TRUE(try_load_carrot_from_transaction_v1(deserialized_tx, parsed_enotes, parsed_key_images, parsed_fee, parsed_encrypted_payment_id)); // Bob scan LOG_PRINT_L1("Bob scanning"); std::vector bob_scan_results; mock::mock_scan_enote_set(parsed_enotes, parsed_encrypted_payment_id.value_or(encrypted_payment_id_t{}), bob, bob_scan_results); ASSERT_EQ(bob_payment_proposals.size(), bob_scan_results.size()); // Compare bob scan results to bob payment proposals std::unordered_set matched_scan_results; for (size_t i = 0; i < bob_payment_proposals.size(); ++i) { bool matched = false; for (size_t j = 0; j < bob_scan_results.size(); ++j) { if (matched_scan_results.count(j)) continue; else if (compare_scan_result(bob_scan_results.at(j), bob_payment_proposals.at(i))) { matched = true; matched_scan_results.insert(j); break; } } ASSERT_TRUE(matched); } } //----------------------------------------------------------------------------------------------------------------------