public async Task Todo6()
{
var tasks = new List <Task>();
for (var i = 0; i < 200; i++)
{
tasks.Add(new Task(async() => await AliceClient.GetAccountAsync()));
}
tasks.AsParallel().ForAll(x => x.Start());
await Task.WhenAll(tasks);
await AliceClient.CountAsync();
await AliceClient.CountAsync();
await AliceClient.CountAsync();
await AliceClient.CountAsync();
await AliceClient.CountAsync();
var account = await(await AliceClient.GetAccountByIdAsync(1)).Response <Account>();
if (account.Counter != 5)
{
throw new Exception($"counter is {account.Counter}");
}
}
public async Task AliceTimesoutAsync()
{
// Alice times out when its deadline is reached.
WabiSabiConfig cfg = new();
var round = WabiSabiFactory.CreateRound(cfg);
using Key key = new();
var coin = WabiSabiFactory.CreateCoin(key);
var rpc = WabiSabiFactory.CreatePreconfiguredRpcClient(coin);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(cfg, rpc, round);
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
// Register Alices.
var minAliceDeadline = DateTimeOffset.UtcNow + cfg.ConnectionConfirmationTimeout * 0.9;
var aliceClient = new AliceClient(round.Id, arenaClient, coin, round.FeeRate, key.GetBitcoinSecret(round.Network));
await aliceClient.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
var alice = Assert.Single(round.Alices);
alice.Deadline = DateTimeOffset.UtcNow - TimeSpan.FromMilliseconds(1);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Empty(round.Alices);
await arena.StopAsync(CancellationToken.None);
}
CreateRoundWithTwoConfirmedConnectionsAsync(Arena arena, Key key1, Coin coin1, Key key2, Coin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
var round = Assert.Single(arena.Rounds);
// Register Alices.
var aliceClient1 = new AliceClient(round.Id, arenaClient, coin1, round.FeeRate, key1.GetBitcoinSecret(round.Network));
var aliceClient2 = new AliceClient(round.Id, arenaClient, coin2, round.FeeRate, key2.GetBitcoinSecret(round.Network));
await aliceClient1.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await aliceClient2.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.ConnectionConfirmation, round.Phase);
// Confirm connections.
await aliceClient1.ConfirmConnectionAsync(TimeSpan.FromSeconds(1), round.MaxVsizeAllocationPerAlice, CancellationToken.None).ConfigureAwait(false);
await aliceClient2.ConfirmConnectionAsync(TimeSpan.FromSeconds(1), round.MaxVsizeAllocationPerAlice, CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
return(round,
arenaClient,
new[]
public async Task RegisterAliceInputThenConfirmAsync(NetworkType networkType)
{
(BitcoinPubKeyAddress activeOutputAddress, BitcoinPubKeyAddress changeOutputAddress, string blindedDataHex, string proof, List <TxoRef> utxos) = LiveServerTestsFixture.GetAliceInputData(networkType);
// blinded activeOutputAddress.ScriptPubKey
byte[] blinded = ByteHelpers.FromHex(blindedDataHex);
var inputProofModels = utxos.Select(txrf => new InputProofModel
{
Input = txrf,
Proof = proof // blinded.BlindedData signed with private key owning utxos
});
using (var aliceClient = await AliceClient.CreateNewAsync(changeOutputAddress, blinded, inputProofModels, LiveServerTestsFixture.UriMappings[networkType]))
{
Assert.NotNull(aliceClient.BlindedOutputSignature);
try
{
await aliceClient.PostConfirmationAsync();
// need to uncofirm or test will fail when run again
await aliceClient.PostUnConfirmationAsync();
}
catch (Exception ex)
{
await aliceClient.PostUnConfirmationAsync();
throw ex;
}
}
}
private volatile bool _disposedValue = false; // To detect redundant calls
public ClientRoundRegistration(AliceClient aliceClient, IEnumerable <SmartCoin> coinsRegistereds, BitcoinAddress changeAddress)
{
AliceClient = Guard.NotNull(nameof(aliceClient), aliceClient);
CoinsRegistered = Guard.NotNullOrEmpty(nameof(coinsRegistereds), coinsRegistereds);
ChangeAddress = Guard.NotNull(nameof(changeAddress), changeAddress);
ActiveOutputs = Enumerable.Empty <ActiveOutput>();
}
public void ClearRegistration()
{
CoinsRegistered.Clear();
ChangeOutputAddress = null;
ActiveOutputAddress = null;
UnblindedSignature = null;
RoundHash = null;
AliceClient?.Dispose();
AliceClient = null;
Signed = false;
PostedOutput = false;
}
public async Task AliceTimesoutAsync()
{
// Alice times out when its deadline is reached.
WabiSabiConfig cfg = new();
var round = WabiSabiFactory.CreateRound(cfg);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
var smartCoin = BitcoinFactory.CreateSmartCoin(key, 10m);
var rpc = WabiSabiFactory.CreatePreconfiguredRpcClient(smartCoin.Coin);
using Arena arena = await ArenaBuilder.From(cfg).With(rpc).CreateAndStartAsync(round);
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), arena);
await roundStateUpdater.StartAsync(CancellationToken.None);
// Register Alices.
var keyChain = new KeyChain(km, new Kitchen(""));
using CancellationTokenSource cancellationTokenSource = new();
var task = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, smartCoin, keyChain, roundStateUpdater, cancellationTokenSource.Token);
while (round.Alices.Count == 0)
{
await Task.Delay(10);
}
var alice = Assert.Single(round.Alices);
alice.Deadline = DateTimeOffset.UtcNow - TimeSpan.FromMilliseconds(1);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Empty(round.Alices);
cancellationTokenSource.Cancel();
try
{
await task;
throw new InvalidOperationException("The operation should throw!");
}
catch (Exception exc)
{
Assert.True(exc is OperationCanceledException or WabiSabiProtocolException);
}
await roundStateUpdater.StopAsync(CancellationToken.None);
await arena.StopAsync(CancellationToken.None);
}
CreateRoundWithOutputsReadyToSignAsync(Arena arena, Key key1, Coin coin1, Key key2, Coin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var round = Assert.Single(arena.Rounds);
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
// Register Alices.
var aliceClient1 = new AliceClient(round.Id, arenaClient, coin1, round.FeeRate, key1.GetBitcoinSecret(round.Network));
var aliceClient2 = new AliceClient(round.Id, arenaClient, coin2, round.FeeRate, key2.GetBitcoinSecret(round.Network));
await aliceClient1.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await aliceClient2.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.ConnectionConfirmation, round.Phase);
// Confirm connections.
await aliceClient1.ConfirmConnectionAsync(TimeSpan.FromMilliseconds(100), round.MaxVsizeAllocationPerAlice, CancellationToken.None).ConfigureAwait(false);
await aliceClient2.ConfirmConnectionAsync(TimeSpan.FromMilliseconds(100), round.MaxVsizeAllocationPerAlice, CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
// Register outputs.
var bobClient = new BobClient(round.Id, arenaClient);
using var destKey1 = new Key();
using var destKey2 = new Key();
await bobClient.RegisterOutputAsync(
coin1.Amount - round.FeeRate.GetFee(coin1.ScriptPubKey.EstimateInputVsize()),
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient1.RealAmountCredentials,
aliceClient1.RealVsizeCredentials,
CancellationToken.None).ConfigureAwait(false);
await bobClient.RegisterOutputAsync(
coin2.Amount - round.FeeRate.GetFee(coin2.ScriptPubKey.EstimateInputVsize()),
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient2.RealAmountCredentials,
aliceClient2.RealVsizeCredentials,
CancellationToken.None).ConfigureAwait(false);
return(round, aliceClient1, aliceClient2);
}
CreateRoundWithOutputsReadyToSignAsync(Arena arena, Key key1, SmartCoin coin1, Key key2, SmartCoin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var round = Assert.Single(arena.Rounds);
round.MaxVsizeAllocationPerAlice = 11 + 31 + MultipartyTransactionParameters.SharedOverhead;
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
// Register Alices.
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), arena);
await roundStateUpdater.StartAsync(CancellationToken.None);
using var identificationKey = new Key();
var task1 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin1, key1.GetBitcoinSecret(round.Network), identificationKey, roundStateUpdater, CancellationToken.None);
var task2 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin2, key2.GetBitcoinSecret(round.Network), identificationKey, roundStateUpdater, CancellationToken.None);
while (Phase.OutputRegistration != round.Phase)
{
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
}
await Task.WhenAll(task1, task2);
var aliceClient1 = task1.Result;
var aliceClient2 = task2.Result;
// Register outputs.
var bobClient = new BobClient(round.Id, arenaClient);
using var destKey1 = new Key();
using var destKey2 = new Key();
await bobClient.RegisterOutputAsync(
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient1.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient1.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None).ConfigureAwait(false);
await bobClient.RegisterOutputAsync(
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient2.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient2.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None).ConfigureAwait(false);
await roundStateUpdater.StopAsync(CancellationToken.None);
return(round, aliceClient1, aliceClient2);
}
CreateRoundWithTwoConfirmedConnectionsAsync(Arena arena, Key key1, Coin coin1, Key key2, Coin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
var round = Assert.Single(arena.Rounds);
// Register Alices.
var aliceClient1 = new AliceClient(round.Id, arenaClient, coin1, round.FeeRate, key1.GetBitcoinSecret(round.Network));
var aliceClient2 = new AliceClient(round.Id, arenaClient, coin2, round.FeeRate, key2.GetBitcoinSecret(round.Network));
await aliceClient1.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await aliceClient2.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.ConnectionConfirmation, round.Phase);
// Confirm connections.
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), new ArenaRequestHandlerAdapter(arena));
await aliceClient1.ConfirmConnectionAsync(
TimeSpan.FromSeconds(1),
new long[] { coin1.EffectiveValue(round.FeeRate) },
new long[] { round.MaxVsizeAllocationPerAlice - coin1.ScriptPubKey.EstimateInputVsize() },
roundStateUpdater,
CancellationToken.None).ConfigureAwait(false);
await aliceClient2.ConfirmConnectionAsync(
TimeSpan.FromSeconds(1),
new long[] { coin2.EffectiveValue(round.FeeRate) },
new long[] { round.MaxVsizeAllocationPerAlice - coin2.ScriptPubKey.EstimateInputVsize() },
roundStateUpdater,
CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
return(round,
arenaClient,
new[]
{
aliceClient1,
aliceClient2
});
}
public CcjClient(Network network, BlindingRsaPubKey blindingPubKey, KeyManager keyManager, Uri ccjHostUri, IPEndPoint torSocks5EndPoint = null)
{
Network = Guard.NotNull(nameof(network), network);
BlindingPubKey = Guard.NotNull(nameof(blindingPubKey), blindingPubKey);
KeyManager = Guard.NotNull(nameof(keyManager), keyManager);
AliceClient = new AliceClient(ccjHostUri, torSocks5EndPoint);
BobClient = new BobClient(ccjHostUri, torSocks5EndPoint);
SatoshiClient = new SatoshiClient(ccjHostUri, torSocks5EndPoint);
Rounds = new List <CcjClientRound>();
_running = 0;
Stop = new CancellationTokenSource();
_frequentStatusProcessingIfNotMixing = 0;
CoinsWaitingForMix = new List <MixCoin>();
MixLock = new AsyncLock();
}
public async Task CreateNewAsync()
{
var config = new WabiSabiConfig {
MaxInputCountByRound = 1
};
var round = WabiSabiFactory.CreateRound(config);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
SmartCoin coin1 = BitcoinFactory.CreateSmartCoin(key, Money.Coins(1m));
var mockRpc = WabiSabiFactory.CreatePreconfiguredRpcClient(coin1.Coin);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(config, mockRpc, round);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
await using var coordinator = new ArenaRequestHandler(config, new Prison(), arena, mockRpc.Object);
var wabiSabiApi = new WabiSabiController(coordinator);
var insecureRandom = new InsecureRandom();
var roundState = RoundState.FromRound(round);
var arenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(insecureRandom),
roundState.CreateVsizeCredentialClient(insecureRandom),
wabiSabiApi);
Assert.Equal(Phase.InputRegistration, arena.Rounds.First().Phase);
var bitcoinSecret = km.GetSecrets("", coin1.ScriptPubKey).Single().PrivateKey.GetBitcoinSecret(Network.Main);
var aliceClient = new AliceClient(round.Id, arenaClient, coin1.Coin, round.FeeRate, bitcoinSecret);
await aliceClient.RegisterInputAsync(CancellationToken.None);
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), wabiSabiApi);
Task confirmationTask = aliceClient.ConfirmConnectionAsync(
TimeSpan.FromSeconds(1),
new long[] { coin1.EffectiveValue(round.FeeRate) },
new long[] { roundState.MaxVsizeAllocationPerAlice - coin1.ScriptPubKey.EstimateInputVsize() },
roundStateUpdater,
CancellationToken.None);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
await confirmationTask;
Assert.Equal(Phase.ConnectionConfirmation, arena.Rounds.First().Phase);
}
public async Task CreateNewAsync()
{
var config = new WabiSabiConfig {
MaxInputCountByRound = 1
};
var round = WabiSabiFactory.CreateRound(config);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(config, round);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
SmartCoin coin1 = BitcoinFactory.CreateSmartCoin(key, Money.Coins(1m));
var outpoint = coin1.OutPoint;
var mockRpc = new Mock <IRPCClient>();
mockRpc.Setup(rpc => rpc.GetTxOutAsync(outpoint.Hash, (int)outpoint.N, true))
.ReturnsAsync(new NBitcoin.RPC.GetTxOutResponse
{
IsCoinBase = false,
Confirmations = coin1.Height,
TxOut = coin1.TxOut,
});
await using var coordinator = new ArenaRequestHandler(config, new Prison(), arena, mockRpc.Object);
CredentialPool amountCredentialPool = new();
CredentialPool weightCredentialPool = new();
var arenaClient = new ArenaClient(round.AmountCredentialIssuerParameters, round.WeightCredentialIssuerParameters, amountCredentialPool, weightCredentialPool, coordinator, new InsecureRandom());
Assert.Equal(Phase.InputRegistration, arena.Rounds.First().Value.Phase);
var bitcoinSecret = km.GetSecrets("", coin1.ScriptPubKey).Single().PrivateKey.GetBitcoinSecret(Network.Main);
var aliceClient = await AliceClient.CreateNewAsync(arenaClient, new[] { coin1.Coin }, bitcoinSecret, round.Id, round.Hash, round.FeeRate);
Task confirmationTask = aliceClient.ConfirmConnectionAsync(TimeSpan.FromSeconds(3), CancellationToken.None);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
await confirmationTask;
Assert.Equal(Phase.ConnectionConfirmation, arena.Rounds.First().Value.Phase);
}
public async Task AliceTimesoutAsync()
{
// Alice times out when its deadline is reached.
WabiSabiConfig cfg = new();
var round = WabiSabiFactory.CreateRound(cfg);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
var smartCoin = BitcoinFactory.CreateSmartCoin(key, 10m);
var rpc = WabiSabiFactory.CreatePreconfiguredRpcClient(smartCoin.Coin);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(cfg, rpc, round);
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), arena);
await roundStateUpdater.StartAsync(CancellationToken.None);
// Register Alices.
using var identificationKey = new Key();
var esk = km.GetSecrets("", smartCoin.ScriptPubKey).Single();
using CancellationTokenSource cancellationTokenSource = new();
var task = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, smartCoin, esk.PrivateKey.GetBitcoinSecret(round.Network), identificationKey, roundStateUpdater, cancellationTokenSource.Token);
while (round.Alices.Count == 0)
{
await Task.Delay(10);
}
var alice = Assert.Single(round.Alices);
alice.Deadline = DateTimeOffset.UtcNow - TimeSpan.FromMilliseconds(1);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Empty(round.Alices);
cancellationTokenSource.Cancel();
await Assert.ThrowsAsync <OperationCanceledException>(async() => await task);
await roundStateUpdater.StopAsync(CancellationToken.None);
await arena.StopAsync(CancellationToken.None);
}
CreateRoundWithTwoConfirmedConnectionsAsync(Arena arena, Key key1, SmartCoin coin1, Key key2, SmartCoin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
var round = Assert.Single(arena.Rounds);
round.MaxVsizeAllocationPerAlice = 11 + 31 + MultipartyTransactionParameters.SharedOverhead;
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), arena);
await roundStateUpdater.StartAsync(CancellationToken.None);
var identificationKey = new Key();
var task1 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin1, key1.GetBitcoinSecret(round.Network), identificationKey, roundStateUpdater, CancellationToken.None);
var task2 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin2, key2.GetBitcoinSecret(round.Network), identificationKey, roundStateUpdater, CancellationToken.None);
while (Phase.ConnectionConfirmation != round.Phase)
{
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
}
await Task.WhenAll(task1, task2);
var aliceClient1 = task1.Result;
var aliceClient2 = task2.Result;
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
await roundStateUpdater.StopAsync(CancellationToken.None);
return(round,
arenaClient,
new[]
{
aliceClient1,
aliceClient2
});
}
CreateRoundWithTwoConfirmedConnectionsAsync(Arena arena, IKeyChain keyChain, SmartCoin coin1, SmartCoin coin2)
{
// Get the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
var round = Assert.Single(arena.Rounds);
// Refresh the Arena States because of vsize manipulation.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), arena);
await roundStateUpdater.StartAsync(CancellationToken.None);
var task1 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin1, keyChain, roundStateUpdater, CancellationToken.None);
var task2 = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), arenaClient, coin2, keyChain, roundStateUpdater, CancellationToken.None);
while (Phase.ConnectionConfirmation != round.Phase)
{
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
}
await Task.WhenAll(task1, task2);
var aliceClient1 = await task1;
var aliceClient2 = await task2;
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
await roundStateUpdater.StopAsync(CancellationToken.None);
return(round,
arenaClient,
new[]
{
aliceClient1,
aliceClient2
});
}
private async Task ProcessStatusAsync()
{
try
{
IEnumerable <CcjRunningRoundState> states = await SatoshiClient.GetAllRoundStatesAsync();
using (await MixLock.LockAsync())
{
foreach (CcjRunningRoundState state in states)
{
CcjClientRound round = Rounds.SingleOrDefault(x => x.State.RoundId == state.RoundId);
if (round == null) // It's a new running round.
{
var r = new CcjClientRound(state);
Rounds.Add(r);
RoundAdded?.Invoke(this, r);
}
else
{
round.State = state;
RoundUpdated?.Invoke(this, round);
}
}
var roundsToRemove = new List <long>();
foreach (CcjClientRound round in Rounds)
{
CcjRunningRoundState state = states.SingleOrDefault(x => x.RoundId == round.State.RoundId);
if (state == null) // The round is not running anymore.
{
foreach (MixCoin rc in round.CoinsRegistered)
{
CoinsWaitingForMix.Add(rc);
}
roundsToRemove.Add(round.State.RoundId);
}
}
foreach (long roundId in roundsToRemove)
{
Rounds.RemoveAll(x => x.State.RoundId == roundId);
RoundRemoved?.Invoke(this, roundId);
}
}
int delay = new Random().Next(0, 7); // delay the response to defend timing attack privacy
await Task.Delay(TimeSpan.FromSeconds(delay), Stop.Token);
using (await MixLock.LockAsync())
{
CoinsWaitingForMix.RemoveAll(x => x.SmartCoin.SpenderTransactionId != null); // Make sure coins those were somehow spent are removed.
CcjClientRound inputRegistrableRound = Rounds.First(x => x.State.Phase == CcjRoundPhase.InputRegistration);
if (inputRegistrableRound.AliceUniqueId == null) // If didn't register already, check what can we register.
{
try
{
var coinsToRegister = new List <MixCoin>();
var amountSoFar = Money.Zero;
Money amountNeededExceptInputFees = inputRegistrableRound.State.Denomination + inputRegistrableRound.State.FeePerOutputs * 2;
var tooSmallInputs = false;
foreach (MixCoin coin in CoinsWaitingForMix
.Where(x => x.SmartCoin.Confirmed || x.SmartCoin.Label.Contains("CoinJoin", StringComparison.Ordinal)) // Where our label contains CoinJoin, CoinJoins can be registered even if not confirmed, our label will likely be CoinJoin only if it was a previous CoinJoin, otherwise the server will refuse us.
.OrderByDescending(y => y.SmartCoin.Amount) // First order by amount.
.OrderByDescending(z => z.SmartCoin.Confirmed)) // Then order by the amount ordered ienumerable by confirmation, so first try to register confirmed coins.
{
coinsToRegister.Add(coin);
if (inputRegistrableRound.State.MaximumInputCountPerPeer < coinsToRegister.Count)
{
tooSmallInputs = true;
break;
}
amountSoFar += coin.SmartCoin.Amount;
if (amountSoFar > amountNeededExceptInputFees + inputRegistrableRound.State.FeePerInputs * coinsToRegister.Count)
{
break;
}
}
// If input count doesn't reach the max input registration AND there are enough coins queued, then register to mix.
if (!tooSmallInputs && amountSoFar > amountNeededExceptInputFees + inputRegistrableRound.State.FeePerInputs * coinsToRegister.Count)
{
var changeKey = KeyManager.GenerateNewKey("CoinJoin Change Output", KeyState.Locked, isInternal: true);
var activeKey = KeyManager.GenerateNewKey("CoinJoin Active Output", KeyState.Locked, isInternal: true);
var blind = BlindingPubKey.Blind(activeKey.GetP2wpkhScript().ToBytes());
var inputProofs = new List <InputProofModel>();
foreach (var coin in coinsToRegister)
{
var inputProof = new InputProofModel
{
Input = coin.SmartCoin.GetOutPoint(),
Proof = coin.Secret.PrivateKey.SignMessage(ByteHelpers.ToHex(blind.BlindedData))
};
inputProofs.Add(inputProof);
}
InputsResponse inputsResponse = await AliceClient.PostInputsAsync(changeKey.GetP2wpkhScript(), blind.BlindedData, inputProofs.ToArray());
if (!BlindingPubKey.Verify(inputsResponse.BlindedOutputSignature, blind.BlindedData))
{
throw new NotSupportedException("Coordinator did not sign the blinded output properly.");
}
CcjClientRound roundRegistered = Rounds.SingleOrDefault(x => x.State.RoundId == inputsResponse.RoundId);
if (roundRegistered == null)
{
// If our SatoshiClient doesn't yet know about the round because of the dealy create it.
// Make its state as it'd be the same as our assumed round was, except the roundId and registeredPeerCount, it'll be updated later.
roundRegistered = new CcjClientRound(CcjRunningRoundState.CloneExcept(inputRegistrableRound.State, inputsResponse.RoundId, registeredPeerCount: 1));
Rounds.Add(roundRegistered);
RoundAdded?.Invoke(this, roundRegistered);
}
foreach (var coin in coinsToRegister)
{
roundRegistered.CoinsRegistered.Add(coin);
CoinsWaitingForMix.Remove(coin);
}
roundRegistered.ActiveOutput = activeKey;
roundRegistered.ChangeOutput = changeKey;
roundRegistered.UnblindedSignature = BlindingPubKey.UnblindSignature(inputsResponse.BlindedOutputSignature, blind.BlindingFactor);
roundRegistered.AliceUniqueId = inputsResponse.UniqueId;
RoundUpdated?.Invoke(this, roundRegistered);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
else // We registered, let's confirm we're online.
{
try
{
string roundHash = await AliceClient.PostConfirmationAsync(inputRegistrableRound.State.RoundId, (Guid)inputRegistrableRound.AliceUniqueId);
if (roundHash != null) // Then the phase went to connection confirmation.
{
inputRegistrableRound.RoundHash = roundHash;
inputRegistrableRound.State.Phase = CcjRoundPhase.ConnectionConfirmation;
RoundUpdated?.Invoke(this, inputRegistrableRound);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
foreach (CcjClientRound ongoingRound in Rounds.Where(x => x.State.Phase != CcjRoundPhase.InputRegistration && x.AliceUniqueId != null))
{
try
{
if (ongoingRound.State.Phase == CcjRoundPhase.ConnectionConfirmation)
{
if (ongoingRound.RoundHash == null) // If we didn't already obtained our roundHash obtain it.
{
string roundHash = await AliceClient.PostConfirmationAsync(inputRegistrableRound.State.RoundId, (Guid)inputRegistrableRound.AliceUniqueId);
if (roundHash == null)
{
throw new NotSupportedException("Coordinator didn't gave us the expected roundHash, even though it's in ConnectionConfirmation phase.");
}
else
{
ongoingRound.RoundHash = roundHash;
RoundUpdated?.Invoke(this, ongoingRound);
}
}
}
else if (ongoingRound.State.Phase == CcjRoundPhase.OutputRegistration)
{
if (ongoingRound.RoundHash == null)
{
throw new NotSupportedException("Coordinator progressed to OutputRegistration phase, even though we didn't obtain roundHash.");
}
await BobClient.PostOutputAsync(ongoingRound.RoundHash, ongoingRound.ActiveOutput.GetP2wpkhScript(), ongoingRound.UnblindedSignature);
}
else if (ongoingRound.State.Phase == CcjRoundPhase.Signing)
{
Transaction unsignedCoinJoin = await AliceClient.GetUnsignedCoinJoinAsync(ongoingRound.State.RoundId, (Guid)ongoingRound.AliceUniqueId);
if (NBitcoinHelpers.HashOutpoints(unsignedCoinJoin.Inputs.Select(x => x.PrevOut)) != ongoingRound.RoundHash)
{
throw new NotSupportedException("Coordinator provided invalid roundHash.");
}
Money amountBack = unsignedCoinJoin.Outputs
.Where(x => x.ScriptPubKey == ongoingRound.ActiveOutput.GetP2wpkhScript() || x.ScriptPubKey == ongoingRound.ChangeOutput.GetP2wpkhScript())
.Sum(y => y.Value);
Money minAmountBack = ongoingRound.CoinsRegistered.Sum(x => x.SmartCoin.Amount); // Start with input sum.
minAmountBack -= ongoingRound.State.FeePerOutputs * 2 + ongoingRound.State.FeePerInputs * ongoingRound.CoinsRegistered.Count; // Minus miner fee.
Money actualDenomination = unsignedCoinJoin.GetIndistinguishableOutputs().OrderByDescending(x => x.count).First().value; // Denomination may grow.
Money expectedCoordinatorFee = new Money((ongoingRound.State.CoordinatorFeePercent * 0.01m) * decimal.Parse(actualDenomination.ToString(false, true)), MoneyUnit.BTC);
minAmountBack -= expectedCoordinatorFee; // Minus expected coordinator fee.
// If there's no change output then coordinator protection may happened:
if (unsignedCoinJoin.Outputs.All(x => x.ScriptPubKey != ongoingRound.ChangeOutput.GetP2wpkhScript()))
{
Money minimumOutputAmount = new Money(0.0001m, MoneyUnit.BTC); // If the change would be less than about $1 then add it to the coordinator.
Money onePercentOfDenomination = new Money(actualDenomination.ToDecimal(MoneyUnit.BTC) * 0.01m, MoneyUnit.BTC); // If the change is less than about 1% of the newDenomination then add it to the coordinator fee.
Money minimumChangeAmount = Math.Max(minimumOutputAmount, onePercentOfDenomination);
minAmountBack -= minimumChangeAmount; // Minus coordinator protections (so it won't create bad coinjoins.)
}
if (amountBack < minAmountBack)
{
throw new NotSupportedException("Coordinator did not add enough value to our outputs in the coinjoin.");
}
new TransactionBuilder()
.AddKeys(ongoingRound.CoinsRegistered.Select(x => x.Secret).ToArray())
.AddCoins(ongoingRound.CoinsRegistered.Select(x => x.SmartCoin.GetCoin()))
.SignTransactionInPlace(unsignedCoinJoin, SigHash.All);
var myDic = new Dictionary <int, WitScript>();
for (int i = 0; i < unsignedCoinJoin.Inputs.Count; i++)
{
var input = unsignedCoinJoin.Inputs[i];
if (ongoingRound.CoinsRegistered.Select(x => x.SmartCoin.GetOutPoint()).Contains(input.PrevOut))
{
myDic.Add(i, unsignedCoinJoin.Inputs[i].WitScript);
}
}
await AliceClient.PostSignaturesAsync(ongoingRound.State.RoundId, (Guid)ongoingRound.AliceUniqueId, myDic);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
}
}
catch (TaskCanceledException ex)
{
Logger.LogTrace <CcjClient>(ex);
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
private async Task TryRegisterCoinsAsync(CcjClientRound inputRegistrableRound)
{
try
{
List <(uint256 txid, uint index)> registrableCoins = State.GetRegistrableCoins(
inputRegistrableRound.State.MaximumInputCountPerPeer,
inputRegistrableRound.State.Denomination,
inputRegistrableRound.State.FeePerInputs,
inputRegistrableRound.State.FeePerOutputs).ToList();
if (registrableCoins.Any())
{
BitcoinAddress changeAddress = null;
BitcoinAddress activeAddress = null;
lock (CustomChangeAddressesLock)
{
if (CustomChangeAddresses.Count > 0)
{
changeAddress = CustomChangeAddresses.First();
CustomChangeAddresses.RemoveFirst();
}
}
lock (CustomActiveAddressesLock)
{
if (CustomActiveAddresses.Count > 0)
{
activeAddress = CustomActiveAddresses.First();
CustomActiveAddresses.RemoveFirst();
}
}
if (changeAddress is null || activeAddress is null)
{
IEnumerable <HdPubKey> allUnusedInternalKeys = KeyManager.GetKeys(keyState: null, isInternal: true).Where(x => x.KeyState != KeyState.Used);
if (changeAddress is null)
{
string changeLabel = "ZeroLink Change";
IEnumerable <HdPubKey> allChangeKeys = allUnusedInternalKeys.Where(x => x.Label == changeLabel);
HdPubKey changeKey = null;
KeyManager.AssertLockedInternalKeysIndexed(14);
IEnumerable <HdPubKey> internalNotCachedLockedKeys = KeyManager.GetKeys(KeyState.Locked, isInternal: true).Except(AccessCache.Keys);
if (allChangeKeys.Count() >= 7 || !internalNotCachedLockedKeys.Any()) // Then don't generate new keys, because it'd bloat the wallet.
{
// Find the first one that we did not try to register in the current session.
changeKey = allChangeKeys.FirstOrDefault(x => !AccessCache.ContainsKey(x));
// If there is no such a key, then use the oldest.
if (changeKey == default)
{
changeKey = AccessCache.Where(x => allChangeKeys.Contains(x.Key)).OrderBy(x => x.Value).First().Key;
}
changeKey.SetLabel(changeLabel);
changeKey.SetKeyState(KeyState.Locked);
}
else
{
changeKey = internalNotCachedLockedKeys.RandomElement();
changeKey.SetLabel(changeLabel);
}
changeAddress = changeKey.GetP2wpkhAddress(Network);
AccessCache.AddOrReplace(changeKey, DateTimeOffset.UtcNow);
}
if (activeAddress is null)
{
string activeLabel = "ZeroLink Mixed Coin";
IEnumerable <HdPubKey> allActiveKeys = allUnusedInternalKeys.Where(x => x.Label == activeLabel);
HdPubKey activeKey = null;
KeyManager.AssertLockedInternalKeysIndexed(14);
IEnumerable <HdPubKey> internalNotCachedLockedKeys = KeyManager.GetKeys(KeyState.Locked, isInternal: true).Except(AccessCache.Keys);
if (allActiveKeys.Count() >= 7 || !internalNotCachedLockedKeys.Any()) // Then don't generate new keys, because it'd bloat the wallet.
{
// Find the first one that we did not try to register in the current session.
activeKey = allActiveKeys.FirstOrDefault(x => !AccessCache.ContainsKey(x));
// If there is no such a key, then use the oldest.
if (activeKey == default)
{
activeKey = AccessCache.Where(x => allActiveKeys.Contains(x.Key)).OrderBy(x => x.Value).First().Key;
}
activeKey.SetLabel(activeLabel);
activeKey.SetKeyState(KeyState.Locked);
activeAddress = activeKey.GetP2wpkhAddress(Network);
}
else
{
activeKey = internalNotCachedLockedKeys.RandomElement();
activeKey.SetLabel(activeLabel);
}
activeAddress = activeKey.GetP2wpkhAddress(Network);
AccessCache.AddOrReplace(activeKey, DateTimeOffset.UtcNow);
}
}
KeyManager.ToFile();
var blind = CoordinatorPubKey.Blind(activeAddress.ScriptPubKey.ToBytes());
var inputProofs = new List <InputProofModel>();
foreach ((uint256 txid, uint index)coinReference in registrableCoins)
{
SmartCoin coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
coin.Secret = coin.Secret ?? KeyManager.GetSecrets(OnePiece, coin.ScriptPubKey).Single();
var inputProof = new InputProofModel
{
Input = coin.GetTxoRef(),
Proof = coin.Secret.PrivateKey.SignMessage(ByteHelpers.ToHex(blind.BlindedData))
};
inputProofs.Add(inputProof);
}
AliceClient aliceClient = await AliceClient.CreateNewAsync(Network, changeAddress, blind.BlindedData, inputProofs, CcjHostUri, TorSocks5EndPoint);
byte[] unblindedSignature = CoordinatorPubKey.UnblindSignature(aliceClient.BlindedOutputSignature, blind.BlindingFactor);
if (!CoordinatorPubKey.Verify(unblindedSignature, activeAddress.ScriptPubKey.ToBytes()))
{
throw new NotSupportedException("Coordinator did not sign the blinded output properly.");
}
CcjClientRound roundRegistered = State.GetSingleOrDefaultRound(aliceClient.RoundId);
if (roundRegistered is null)
{
// If our SatoshiClient doesn't yet know about the round because of the dealy create it.
// Make its state as it'd be the same as our assumed round was, except the roundId and registeredPeerCount, it'll be updated later.
roundRegistered = new CcjClientRound(CcjRunningRoundState.CloneExcept(inputRegistrableRound.State, aliceClient.RoundId, registeredPeerCount: 1));
State.AddOrReplaceRound(roundRegistered);
}
foreach ((uint256 txid, uint index)coinReference in registrableCoins)
{
var coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
roundRegistered.CoinsRegistered.Add(coin);
State.RemoveCoinFromWaitingList(coin);
}
roundRegistered.ActiveOutputAddress = activeAddress;
roundRegistered.ChangeOutputAddress = changeAddress;
roundRegistered.UnblindedSignature = unblindedSignature;
roundRegistered.AliceClient = aliceClient;
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
private async Task TryRegisterCoinsAsync(CcjClientRound inputRegistrableRound)
{
try
{
// Select the most suitable coins to regiter.
List <TxoRef> registrableCoins = State.GetRegistrableCoins(
inputRegistrableRound.State.MaximumInputCountPerPeer,
inputRegistrableRound.State.Denomination,
inputRegistrableRound.State.FeePerInputs,
inputRegistrableRound.State.FeePerOutputs).ToList();
// If there are no suitable coins to register return.
if (!registrableCoins.Any())
{
return;
}
(HdPubKey change, IEnumerable <HdPubKey> actives)outputAddresses = GetOutputsToRegister(inputRegistrableRound.State.Denomination, inputRegistrableRound.State.SchnorrPubKeys.Count(), registrableCoins);
SchnorrPubKey[] schnorrPubKeys = inputRegistrableRound.State.SchnorrPubKeys.ToArray();
List <Requester> requesters = new List <Requester>();
var blindedOutputScriptHashes = new List <uint256>();
var registeredAddresses = new List <BitcoinAddress>();
for (int i = 0; i < schnorrPubKeys.Length; i++)
{
if (outputAddresses.actives.Count() <= i)
{
break;
}
BitcoinAddress address = outputAddresses.actives.Select(x => x.GetP2wpkhAddress(Network)).ElementAt(i);
SchnorrPubKey schnorrPubKey = schnorrPubKeys[i];
var outputScriptHash = new uint256(Hashes.SHA256(address.ScriptPubKey.ToBytes()));
var requester = new Requester();
uint256 blindedOutputScriptHash = requester.BlindMessage(outputScriptHash, schnorrPubKey);
requesters.Add(requester);
blindedOutputScriptHashes.Add(blindedOutputScriptHash);
registeredAddresses.Add(address);
}
byte[] blindedOutputScriptHashesByte = ByteHelpers.Combine(blindedOutputScriptHashes.Select(x => x.ToBytes()));
uint256 blindedOutputScriptsHash = new uint256(Hashes.SHA256(blindedOutputScriptHashesByte));
var inputProofs = new List <InputProofModel>();
foreach (TxoRef coinReference in registrableCoins)
{
SmartCoin coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
coin.Secret = coin.Secret ?? KeyManager.GetSecrets(SaltSoup(), coin.ScriptPubKey).Single();
var inputProof = new InputProofModel {
Input = coin.GetTxoRef(),
Proof = coin.Secret.PrivateKey.SignCompact(blindedOutputScriptsHash)
};
inputProofs.Add(inputProof);
}
AliceClient aliceClient = null;
try
{
aliceClient = await AliceClient.CreateNewAsync(inputRegistrableRound.RoundId, registeredAddresses, schnorrPubKeys, requesters, Network, outputAddresses.change.GetP2wpkhAddress(Network), blindedOutputScriptHashes, inputProofs, CcjHostUriAction, TorSocks5EndPoint);
}
catch (HttpRequestException ex) when(ex.Message.Contains("Input is banned", StringComparison.InvariantCultureIgnoreCase))
{
string[] parts = ex.Message.Split(new[] { "Input is banned from participation for ", " minutes: " }, StringSplitOptions.RemoveEmptyEntries);
string minutesString = parts[1];
int minuteInt = int.Parse(minutesString);
string bannedInputString = parts[2].TrimEnd('.');
string[] bannedInputStringParts = bannedInputString.Split(':', StringSplitOptions.RemoveEmptyEntries);
TxoRef coinReference = new TxoRef(new uint256(bannedInputStringParts[1]), uint.Parse(bannedInputStringParts[0]));
SmartCoin coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
coin.BannedUntilUtc = DateTimeOffset.UtcNow + TimeSpan.FromMinutes(minuteInt);
Logger.LogWarning <CcjClient>(ex.Message.Split('\n')[1]);
await DequeueCoinsFromMixNoLockAsync(coinReference, "Failed to register the coin with the coordinator.");
aliceClient?.Dispose();
return;
}
catch (HttpRequestException ex) when(ex.Message.Contains("Provided input is not unspent", StringComparison.InvariantCultureIgnoreCase))
{
string[] parts = ex.Message.Split(new[] { "Provided input is not unspent: " }, StringSplitOptions.RemoveEmptyEntries);
string spentInputString = parts[1].TrimEnd('.');
string[] bannedInputStringParts = spentInputString.Split(':', StringSplitOptions.RemoveEmptyEntries);
TxoRef coinReference = new TxoRef(new uint256(bannedInputStringParts[1]), uint.Parse(bannedInputStringParts[0]));
SmartCoin coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
coin.SpentAccordingToBackend = true;
Logger.LogWarning <CcjClient>(ex.Message.Split('\n')[1]);
await DequeueCoinsFromMixNoLockAsync(coinReference, "Failed to register the coin with the coordinator. The coin is already spent.");
aliceClient?.Dispose();
return;
}
catch (HttpRequestException ex) when(ex.Message.Contains("No such running round in InputRegistration.", StringComparison.InvariantCultureIgnoreCase))
{
Logger.LogInfo <CcjClient>("Client tried to register a round that is not in InputRegistration anymore. Trying again later.");
aliceClient?.Dispose();
return;
}
catch (HttpRequestException ex) when(ex.Message.Contains("too-long-mempool-chain", StringComparison.InvariantCultureIgnoreCase))
{
Logger.LogInfo <CcjClient>("Coordinator failed because too much unconfirmed parent transactions. Trying again later.");
aliceClient?.Dispose();
return;
}
var coinsRegistered = new List <SmartCoin>();
foreach (TxoRef coinReference in registrableCoins)
{
var coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin is null)
{
throw new NotSupportedException("This is impossible.");
}
coinsRegistered.Add(coin);
State.RemoveCoinFromWaitingList(coin);
}
var registration = new ClientRoundRegistration(aliceClient, coinsRegistered, outputAddresses.change.GetP2wpkhAddress(Network));
CcjClientRound roundRegistered = State.GetSingleOrDefaultRound(aliceClient.RoundId);
if (roundRegistered is null)
{
// If our SatoshiClient does not yet know about the round, because of delay, then delay the round registration.
DelayedRoundRegistration?.Dispose();
DelayedRoundRegistration = registration;
}
roundRegistered.Registration = registration;
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
CreateRoundWithOutputsReadyToSignAsync(Arena arena, Key key1, Coin coin1, Key key2, Coin coin2)
{
// Create the round.
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
var round = Assert.Single(arena.Rounds);
var arenaClient = WabiSabiFactory.CreateArenaClient(arena);
// Register Alices.
var aliceClient1 = new AliceClient(round.Id, arenaClient, coin1, round.FeeRate, key1.GetBitcoinSecret(round.Network));
var aliceClient2 = new AliceClient(round.Id, arenaClient, coin2, round.FeeRate, key2.GetBitcoinSecret(round.Network));
await aliceClient1.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await aliceClient2.RegisterInputAsync(CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.ConnectionConfirmation, round.Phase);
// Confirm connections.
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), new ArenaRequestHandlerAdapter(arena));
await aliceClient1.ConfirmConnectionAsync(
TimeSpan.FromMilliseconds(100),
new long[] { coin1.EffectiveValue(round.FeeRate) },
new long[] { round.MaxVsizeAllocationPerAlice - coin1.ScriptPubKey.EstimateInputVsize() },
roundStateUpdater,
CancellationToken.None).ConfigureAwait(false);
await aliceClient2.ConfirmConnectionAsync(
TimeSpan.FromMilliseconds(100),
new long[] { coin2.EffectiveValue(round.FeeRate) },
new long[] { round.MaxVsizeAllocationPerAlice - coin2.ScriptPubKey.EstimateInputVsize() },
roundStateUpdater,
CancellationToken.None).ConfigureAwait(false);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromSeconds(21));
Assert.Equal(Phase.OutputRegistration, round.Phase);
// Register outputs.
var bobClient = new BobClient(round.Id, arenaClient);
using var destKey1 = new Key();
using var destKey2 = new Key();
await bobClient.RegisterOutputAsync(
coin1.Amount - round.FeeRate.GetFee(coin1.ScriptPubKey.EstimateInputVsize()),
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient1.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient1.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None).ConfigureAwait(false);
await bobClient.RegisterOutputAsync(
coin2.Amount - round.FeeRate.GetFee(coin2.ScriptPubKey.EstimateInputVsize()),
destKey1.PubKey.WitHash.ScriptPubKey,
aliceClient2.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient2.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None).ConfigureAwait(false);
return(round, aliceClient1, aliceClient2);
}
private async Task TryRegisterCoinsAsync(CcjClientRound inputRegistrableRound)
{
try
{
List <(uint256 txid, uint index)> registrableCoins = State.GetRegistrableCoins(
inputRegistrableRound.State.MaximumInputCountPerPeer,
inputRegistrableRound.State.Denomination,
inputRegistrableRound.State.FeePerInputs,
inputRegistrableRound.State.FeePerOutputs).ToList();
if (registrableCoins.Any())
{
BitcoinAddress changeAddress = null;
BitcoinAddress activeAddress = null;
lock (CustomChangeAddressesLock)
{
if (CustomChangeAddresses.Count > 0)
{
changeAddress = CustomChangeAddresses.First();
CustomChangeAddresses.RemoveFirst();
}
}
lock (CustomActiveAddressesLock)
{
if (CustomActiveAddresses.Count > 0)
{
activeAddress = CustomActiveAddresses.First();
CustomActiveAddresses.RemoveFirst();
}
}
changeAddress = changeAddress ?? KeyManager.GenerateNewKey("ZeroLink Change", KeyState.Locked, isInternal: true, toFile: false).GetP2wpkhAddress(Network);
activeAddress = activeAddress ?? KeyManager.GenerateNewKey("ZeroLink Mixed Coin", KeyState.Locked, isInternal: true, toFile: false).GetP2wpkhAddress(Network);
KeyManager.ToFile();
var blind = CoordinatorPubKey.Blind(activeAddress.ScriptPubKey.ToBytes());
var inputProofs = new List <InputProofModel>();
foreach ((uint256 txid, uint index)coinReference in registrableCoins)
{
var coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin == null)
{
throw new NotSupportedException("This is impossible.");
}
var inputProof = new InputProofModel
{
Input = coin.GetTxoRef(),
Proof = coin.Secret.PrivateKey.SignMessage(ByteHelpers.ToHex(blind.BlindedData))
};
inputProofs.Add(inputProof);
}
AliceClient aliceClient = await AliceClient.CreateNewAsync(Network, changeAddress, blind.BlindedData, inputProofs, CcjHostUri, TorSocks5EndPoint);
byte[] unblindedSignature = CoordinatorPubKey.UnblindSignature(aliceClient.BlindedOutputSignature, blind.BlindingFactor);
if (!CoordinatorPubKey.Verify(unblindedSignature, activeAddress.ScriptPubKey.ToBytes()))
{
throw new NotSupportedException("Coordinator did not sign the blinded output properly.");
}
CcjClientRound roundRegistered = State.GetSingleOrDefaultRound(aliceClient.RoundId);
if (roundRegistered == null)
{
// If our SatoshiClient doesn't yet know about the round because of the dealy create it.
// Make its state as it'd be the same as our assumed round was, except the roundId and registeredPeerCount, it'll be updated later.
roundRegistered = new CcjClientRound(CcjRunningRoundState.CloneExcept(inputRegistrableRound.State, aliceClient.RoundId, registeredPeerCount: 1));
State.AddOrReplaceRound(roundRegistered);
}
foreach ((uint256 txid, uint index)coinReference in registrableCoins)
{
var coin = State.GetSingleOrDefaultFromWaitingList(coinReference);
if (coin == null)
{
throw new NotSupportedException("This is impossible.");
}
roundRegistered.CoinsRegistered.Add(coin);
State.RemoveCoinFromWaitingList(coin);
}
roundRegistered.ActiveOutputAddress = activeAddress;
roundRegistered.ChangeOutputAddress = changeAddress;
roundRegistered.UnblindedSignature = unblindedSignature;
roundRegistered.AliceClient = aliceClient;
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
public async Task BanningTestsAsync()
{
(string password, IRPCClient rpc, Network network, Coordinator coordinator, ServiceConfiguration serviceConfiguration, BitcoinStore bitcoinStore, Backend.Global global) = await Common.InitializeTestEnvironmentAsync(RegTestFixture, 1);
Money denomination = Money.Coins(0.1m);
decimal coordinatorFeePercent = 0.1m;
int anonymitySet = 3;
int connectionConfirmationTimeout = 120;
var roundConfig = RegTestFixture.CreateRoundConfig(denomination, 140, 0.7, coordinatorFeePercent, anonymitySet, 240, connectionConfirmationTimeout, 1, 1, 1, 24, true, 11);
coordinator.RoundConfig.UpdateOrDefault(roundConfig, toFile: true);
coordinator.AbortAllRoundsInInputRegistration("");
await rpc.GenerateAsync(3); // So to make sure we have enough money.
Uri baseUri = new Uri(RegTestFixture.BackendEndPoint);
var fundingTxCount = 0;
var inputRegistrationUsers = new List <(Requester requester, uint256 blinded, BitcoinAddress activeOutputAddress, BitcoinAddress changeOutputAddress, IEnumerable <InputProofModel> inputProofModels, List <(Key key, BitcoinWitPubKeyAddress address, uint256 txHash, Transaction tx, OutPoint input)> userInputData)>();
CoordinatorRound round = null;
for (int i = 0; i < roundConfig.AnonymitySet; i++)
{
var userInputData = new List <(Key key, BitcoinWitPubKeyAddress inputAddress, uint256 txHash, Transaction tx, OutPoint input)>();
var activeOutputAddress = new Key().PubKey.GetAddress(ScriptPubKeyType.Segwit, network);
var changeOutputAddress = new Key().PubKey.GetAddress(ScriptPubKeyType.Segwit, network);
round = coordinator.GetCurrentInputRegisterableRoundOrDefault();
Requester requester = new Requester();
uint256 blinded = requester.BlindScript(round.MixingLevels.GetBaseLevel().Signer.Key.PubKey, round.MixingLevels.GetBaseLevel().Signer.R.PubKey, activeOutputAddress.ScriptPubKey);
uint256 blindedOutputScriptsHash = new uint256(Hashes.SHA256(blinded.ToBytes()));
var inputProofModels = new List <InputProofModel>();
int numberOfInputs = new Random().Next(1, 7);
var receiveSatoshiSum = 0;
for (int j = 0; j < numberOfInputs; j++)
{
var key = new Key();
var receiveSatoshi = new Random().Next(1000, 100000000);
receiveSatoshiSum += receiveSatoshi;
if (j == numberOfInputs - 1)
{
receiveSatoshi = 100000000;
}
BitcoinWitPubKeyAddress inputAddress = key.PubKey.GetSegwitAddress(network);
uint256 txHash = await rpc.SendToAddressAsync(inputAddress, Money.Satoshis(receiveSatoshi));
fundingTxCount++;
Assert.NotNull(txHash);
Transaction transaction = await rpc.GetRawTransactionAsync(txHash);
var coin = transaction.Outputs.GetCoins(inputAddress.ScriptPubKey).Single();
OutPoint input = coin.Outpoint;
var inputProof = new InputProofModel {
Input = input, Proof = key.SignCompact(blindedOutputScriptsHash)
};
inputProofModels.Add(inputProof);
GetTxOutResponse getTxOutResponse = await rpc.GetTxOutAsync(input.Hash, (int)input.N, includeMempool : true);
// Check if inputs are unspent.
Assert.NotNull(getTxOutResponse);
userInputData.Add((key, inputAddress, txHash, transaction, input));
}
inputRegistrationUsers.Add((requester, blinded, activeOutputAddress, changeOutputAddress, inputProofModels, userInputData));
}
var mempool = await rpc.GetRawMempoolAsync();
Assert.Equal(inputRegistrationUsers.SelectMany(x => x.userInputData).Count(), mempool.Length);
while ((await rpc.GetRawMempoolAsync()).Length != 0)
{
await rpc.GenerateAsync(1);
}
var aliceClients = new List <Task <AliceClient> >();
foreach (var user in inputRegistrationUsers)
{
aliceClients.Add(AliceClient.CreateNewAsync(round.RoundId, new[] { user.activeOutputAddress }, new[] { round.MixingLevels.GetBaseLevel().SchnorrKey.SchnorrPubKey }, new[] { user.requester }, network, user.changeOutputAddress, new[] { user.blinded }, user.inputProofModels, baseUri, null));
}
long roundId = 0;
var users = new List <(Requester requester, uint256 blinded, BitcoinAddress activeOutputAddress, BitcoinAddress changeOutputAddress, IEnumerable <InputProofModel> inputProofModels, List <(Key key, BitcoinWitPubKeyAddress address, uint256 txHash, Transaction tx, OutPoint input)> userInputData, AliceClient aliceClient, UnblindedSignature unblindedSignature)>();
for (int i = 0; i < inputRegistrationUsers.Count; i++)
{
var user = inputRegistrationUsers[i];
var request = aliceClients[i];
var aliceClient = await request;
if (roundId == 0)
{
roundId = aliceClient.RoundId;
}
else
{
Assert.Equal(roundId, aliceClient.RoundId);
}
// Because it's valuetuple.
users.Add((user.requester, user.blinded, user.activeOutputAddress, user.changeOutputAddress, user.inputProofModels, user.userInputData, aliceClient, null));
}
Assert.Equal(users.Count, roundConfig.AnonymitySet);
var confirmationRequests = new List <Task <(RoundPhase currentPhase, IEnumerable <ActiveOutput>)> >();
foreach (var user in users)
{
confirmationRequests.Add(user.aliceClient.PostConfirmationAsync());
}
RoundPhase roundPhase = RoundPhase.InputRegistration;
int k = 0;
foreach (var request in confirmationRequests)
{
var resp = await request;
if (roundPhase == RoundPhase.InputRegistration)
{
roundPhase = resp.currentPhase;
}
else
{
Assert.Equal(roundPhase, resp.currentPhase);
}
var user = users.ElementAt(k);
user.unblindedSignature = resp.Item2.First().Signature;
}
using (var satoshiClient = new SatoshiClient(baseUri, null))
{
var times = 0;
while (!(await satoshiClient.GetAllRoundStatesAsync()).All(x => x.Phase == RoundPhase.InputRegistration))
{
await Task.Delay(100);
if (times > 50) // 5 sec, 3 should be enough
{
throw new TimeoutException("Not all rounds were in InputRegistration.");
}
times++;
}
}
int bannedCount = coordinator.UtxoReferee.CountBanned(false);
Assert.Equal(0, bannedCount);
aliceClients.Clear();
round = coordinator.GetCurrentInputRegisterableRoundOrDefault();
foreach (var user in inputRegistrationUsers)
{
aliceClients.Add(AliceClient.CreateNewAsync(round.RoundId, new[] { user.activeOutputAddress }, new[] { round.MixingLevels.GetBaseLevel().SchnorrKey.SchnorrPubKey }, new[] { user.requester }, network, user.changeOutputAddress, new[] { user.blinded }, user.inputProofModels, baseUri, null));
}
roundId = 0;
users = new List <(Requester requester, uint256 blinded, BitcoinAddress activeOutputAddress, BitcoinAddress changeOutputAddress, IEnumerable <InputProofModel> inputProofModels, List <(Key key, BitcoinWitPubKeyAddress address, uint256 txHash, Transaction tx, OutPoint input)> userInputData, AliceClient aliceClient, UnblindedSignature unblindedSignature)>();
for (int i = 0; i < inputRegistrationUsers.Count; i++)
{
var user = inputRegistrationUsers[i];
var request = aliceClients[i];
var aliceClient = await request;
if (roundId == 0)
{
roundId = aliceClient.RoundId;
}
else
{
Assert.Equal(roundId, aliceClient.RoundId);
}
// Because it's valuetuple.
users.Add((user.requester, user.blinded, user.activeOutputAddress, user.changeOutputAddress, user.inputProofModels, user.userInputData, aliceClient, null));
}
Assert.Equal(users.Count, roundConfig.AnonymitySet);
confirmationRequests = new List <Task <(RoundPhase currentPhase, IEnumerable <ActiveOutput>)> >();
foreach (var user in users)
{
confirmationRequests.Add(user.aliceClient.PostConfirmationAsync());
}
using (var satoshiClient = new SatoshiClient(baseUri, null))
{
var times = 0;
while (!(await satoshiClient.GetAllRoundStatesAsync()).All(x => x.Phase == RoundPhase.InputRegistration))
{
await Task.Delay(100);
if (times > 50) // 5 sec, 3 should be enough
{
throw new TimeoutException("Not all rounds were in InputRegistration.");
}
times++;
}
}
bannedCount = coordinator.UtxoReferee.CountBanned(false);
Assert.True(bannedCount >= roundConfig.AnonymitySet);
foreach (var aliceClient in aliceClients)
{
aliceClient?.Dispose();
}
}
public async Task NotingTestsAsync()
{
(string password, IRPCClient rpc, Network network, Coordinator coordinator, ServiceConfiguration serviceConfiguration, BitcoinStore bitcoinStore, Backend.Global global) = await Common.InitializeTestEnvironmentAsync(RegTestFixture, 1);
Money denomination = Money.Coins(1m);
decimal coordinatorFeePercent = 0.1m;
int anonymitySet = 2;
int connectionConfirmationTimeout = 1;
bool doesNoteBeforeBan = true;
CoordinatorRoundConfig roundConfig = RegTestFixture.CreateRoundConfig(denomination, 140, 0.7, coordinatorFeePercent, anonymitySet, 240, connectionConfirmationTimeout, 1, 1, 1, 24, doesNoteBeforeBan, 11);
coordinator.RoundConfig.UpdateOrDefault(roundConfig, toFile: true);
coordinator.AbortAllRoundsInInputRegistration("");
Uri baseUri = new Uri(RegTestFixture.BackendEndPoint);
var registerRequests = new List <(BitcoinWitPubKeyAddress changeOutputAddress, uint256 blindedData, InputProofModel[] inputsProofs)>();
AliceClient aliceClientBackup = null;
CoordinatorRound round = coordinator.GetCurrentInputRegisterableRoundOrDefault();
for (int i = 0; i < roundConfig.AnonymitySet; i++)
{
BitcoinWitPubKeyAddress activeOutputAddress = new Key().PubKey.GetSegwitAddress(network);
BitcoinWitPubKeyAddress changeOutputAddress = new Key().PubKey.GetSegwitAddress(network);
Key inputKey = new Key();
BitcoinWitPubKeyAddress inputAddress = inputKey.PubKey.GetSegwitAddress(network);
var requester = new Requester();
uint256 blinded = requester.BlindScript(round.MixingLevels.GetBaseLevel().Signer.Key.PubKey, round.MixingLevels.GetBaseLevel().Signer.R.PubKey, activeOutputAddress.ScriptPubKey);
uint256 blindedOutputScriptsHash = new uint256(Hashes.SHA256(blinded.ToBytes()));
uint256 txHash = await rpc.SendToAddressAsync(inputAddress, Money.Coins(2));
await rpc.GenerateAsync(1);
Transaction transaction = await rpc.GetRawTransactionAsync(txHash);
Coin coin = transaction.Outputs.GetCoins(inputAddress.ScriptPubKey).Single();
OutPoint input = coin.Outpoint;
InputProofModel inputProof = new InputProofModel {
Input = input, Proof = inputKey.SignCompact(blindedOutputScriptsHash)
};
InputProofModel[] inputsProofs = new InputProofModel[] { inputProof };
registerRequests.Add((changeOutputAddress, blinded, inputsProofs));
aliceClientBackup = await AliceClient.CreateNewAsync(round.RoundId, new[] { activeOutputAddress }, new[] { round.MixingLevels.GetBaseLevel().SchnorrKey.SchnorrPubKey }, new[] { requester }, network, changeOutputAddress, new[] { blinded }, inputsProofs, baseUri, null);
}
await WaitForTimeoutAsync(baseUri);
int bannedCount = coordinator.UtxoReferee.CountBanned(false);
Assert.Equal(0, bannedCount);
int notedCount = coordinator.UtxoReferee.CountBanned(true);
Assert.Equal(anonymitySet, notedCount);
round = coordinator.GetCurrentInputRegisterableRoundOrDefault();
foreach (var registerRequest in registerRequests)
{
await AliceClient.CreateNewAsync(round.RoundId, aliceClientBackup.RegisteredAddresses, round.MixingLevels.GetAllLevels().Select(x => x.SchnorrKey.SchnorrPubKey), aliceClientBackup.Requesters, network, registerRequest.changeOutputAddress, new[] { registerRequest.blindedData }, registerRequest.inputsProofs, baseUri, null);
}
await WaitForTimeoutAsync(baseUri);
bannedCount = coordinator.UtxoReferee.CountBanned(false);
Assert.Equal(anonymitySet, bannedCount);
notedCount = coordinator.UtxoReferee.CountBanned(true);
Assert.Equal(anonymitySet, notedCount);
}
public async Task RegisterOutputTestAsync()
{
var config = new WabiSabiConfig {
MaxInputCountByRound = 1
};
var round = WabiSabiFactory.CreateRound(config);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
SmartCoin coin1 = BitcoinFactory.CreateSmartCoin(key, Money.Coins(2m));
var mockRpc = WabiSabiFactory.CreatePreconfiguredRpcClient(coin1.Coin);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(config, mockRpc, round);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
ZeroCredentialPool zeroAmountCredential = new();
ZeroCredentialPool zeroVsizeCredential = new();
await using var coordinator = new ArenaRequestHandler(config, new Prison(), arena, mockRpc.Object);
var insecureRandom = new InsecureRandom();
var wabiSabiApi = new WabiSabiController(coordinator);
var roundState = RoundState.FromRound(round);
var aliceArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(zeroAmountCredential, insecureRandom),
roundState.CreateVsizeCredentialClient(zeroVsizeCredential, insecureRandom),
wabiSabiApi);
var bobArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(zeroAmountCredential, insecureRandom),
roundState.CreateVsizeCredentialClient(zeroVsizeCredential, insecureRandom),
wabiSabiApi);
Assert.Equal(Phase.InputRegistration, round.Phase);
var bitcoinSecret = km.GetSecrets("", coin1.ScriptPubKey).Single().PrivateKey.GetBitcoinSecret(Network.Main);
var aliceClient = new AliceClient(round.Id, aliceArenaClient, coin1.Coin, round.FeeRate, bitcoinSecret);
await aliceClient.RegisterInputAsync(CancellationToken.None);
Task confirmationTask = aliceClient.ConfirmConnectionAsync(TimeSpan.FromSeconds(1), roundState.MaxVsizeAllocationPerAlice, CancellationToken.None);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
await confirmationTask;
Assert.Equal(Phase.ConnectionConfirmation, round.Phase);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
Assert.Equal(Phase.OutputRegistration, round.Phase);
using var destinationKey = new Key();
var destination = destinationKey.PubKey.WitHash.ScriptPubKey;
var bobClient = new BobClient(round.Id, bobArenaClient);
await bobClient.RegisterOutputAsync(Money.Coins(0.25m), destination, aliceClient.RealAmountCredentials, aliceClient.RealVsizeCredentials, CancellationToken.None);
var bob = Assert.Single(round.Bobs);
Assert.Equal(destination, bob.Script);
Assert.Equal(25_000_000, bob.CredentialAmount);
}
public void Update(ILogger logger)
{
logger = logger ?? new NullLogger();
int height = Services.BlockExplorerService.GetCurrentHeight();
CycleParameters cycle;
CyclePhase phase;
if (ClientChannelNegotiation == null)
{
cycle = Parameters.CycleGenerator.GetRegistratingCycle(height);
phase = CyclePhase.Registration;
}
else
{
cycle = ClientChannelNegotiation.GetCycle();
var phases = new CyclePhase[]
{
CyclePhase.Registration,
CyclePhase.ClientChannelEstablishment,
CyclePhase.TumblerChannelEstablishment,
CyclePhase.PaymentPhase,
CyclePhase.TumblerCashoutPhase,
CyclePhase.ClientCashoutPhase
};
if (!phases.Any(p => cycle.IsInPhase(p, height)))
{
return;
}
phase = phases.First(p => cycle.IsInPhase(p, height));
}
logger.LogInformation("Cycle " + cycle.Start + " in phase " + Enum.GetName(typeof(CyclePhase), phase) + ", ending in " + (cycle.GetPeriods().GetPeriod(phase).End - height) + " blocks");
FeeRate feeRate = null;
switch (phase)
{
case CyclePhase.Registration:
if (ClientChannelNegotiation == null)
{
//Client asks for voucher
var voucherResponse = BobClient.AskUnsignedVoucher();
//Client ensures he is in the same cycle as the tumbler (would fail if one tumbler or client's chain isn't sync)
var tumblerCycle = Parameters.CycleGenerator.GetCycle(voucherResponse.CycleStart);
Assert(tumblerCycle.Start == cycle.Start, "invalid-phase");
//Saving the voucher for later
StartCycle = cycle.Start;
ClientChannelNegotiation = new ClientChannelNegotiation(Parameters, cycle.Start);
ClientChannelNegotiation.ReceiveUnsignedVoucher(voucherResponse);
logger.LogInformation("Registration Complete");
}
break;
case CyclePhase.ClientChannelEstablishment:
if (ClientChannelNegotiation.Status == TumblerClientSessionStates.WaitingTumblerClientTransactionKey)
{
var key = AliceClient.RequestTumblerEscrowKey(cycle.Start);
ClientChannelNegotiation.ReceiveTumblerEscrowKey(key.PubKey, key.KeyIndex);
//Client create the escrow
var txout = ClientChannelNegotiation.BuildClientEscrowTxOut();
feeRate = GetFeeRate();
var clientEscrowTx = Services.WalletService.FundTransaction(txout, feeRate);
if (clientEscrowTx == null)
{
logger.LogInformation("Not enough funds in the wallet to tumble");
break;
}
SolverClientSession = ClientChannelNegotiation.SetClientSignedTransaction(clientEscrowTx);
var redeem = SolverClientSession.CreateRedeemTransaction(feeRate, Services.WalletService.GenerateAddress($"Cycle {cycle.Start} Client Redeem").ScriptPubKey);
var escrowLabel = $"Cycle {cycle.Start} Client Escrow";
Services.BlockExplorerService.Track(escrowLabel, redeem.PreviousScriptPubKey);
Services.BroadcastService.Broadcast(escrowLabel, clientEscrowTx);
Services.TrustedBroadcastService.Broadcast($"Cycle {cycle.Start} Client Redeem (locked until {redeem.Transaction.LockTime})", redeem);
logger.LogInformation("Client escrow broadcasted " + clientEscrowTx.GetHash());
logger.LogInformation("Client escrow redeem " + redeem.Transaction.GetHash() + " will be broadcast later if tumbler unresponsive");
}
else if (ClientChannelNegotiation.Status == TumblerClientSessionStates.WaitingSolvedVoucher)
{
TransactionInformation clientTx = GetTransactionInformation(SolverClientSession.EscrowedCoin, true);
var state = ClientChannelNegotiation.GetInternalState();
if (clientTx != null && clientTx.Confirmations >= cycle.SafetyPeriodDuration)
{
//Client asks the public key of the Tumbler and sends its own
var aliceEscrowInformation = ClientChannelNegotiation.GenerateClientTransactionKeys();
var voucher = AliceClient.SignVoucher(new Models.SignVoucherRequest
{
MerkleProof = clientTx.MerkleProof,
Transaction = clientTx.Transaction,
KeyReference = state.TumblerEscrowKeyReference,
ClientEscrowInformation = aliceEscrowInformation,
TumblerEscrowPubKey = state.ClientEscrowInformation.OtherEscrowKey
});
ClientChannelNegotiation.CheckVoucherSolution(voucher);
logger.LogInformation("Voucher solution obtained");
}
}
break;
case CyclePhase.TumblerChannelEstablishment:
if (ClientChannelNegotiation != null && ClientChannelNegotiation.Status == TumblerClientSessionStates.WaitingGenerateTumblerTransactionKey)
{
//Client asks the Tumbler to make a channel
var bobEscrowInformation = ClientChannelNegotiation.GetOpenChannelRequest();
var tumblerInformation = BobClient.OpenChannel(bobEscrowInformation);
PromiseClientSession = ClientChannelNegotiation.ReceiveTumblerEscrowedCoin(tumblerInformation);
//Tell to the block explorer we need to track that address (for checking if it is confirmed in payment phase)
var escrowTumblerLabel = $"Cycle {cycle.Start} Tumbler Escrow";
Services.BlockExplorerService.Track(escrowTumblerLabel, PromiseClientSession.EscrowedCoin.ScriptPubKey);
//Channel is done, now need to run the promise protocol to get valid puzzle
var cashoutDestination = DestinationWallet.GetNewDestination();
feeRate = GetFeeRate();
var sigReq = PromiseClientSession.CreateSignatureRequest(cashoutDestination, feeRate);
var commiments = BobClient.SignHashes(cycle.Start, PromiseClientSession.Id, sigReq);
var revelation = PromiseClientSession.Reveal(commiments);
var proof = BobClient.CheckRevelation(cycle.Start, PromiseClientSession.Id, revelation);
var puzzle = PromiseClientSession.CheckCommitmentProof(proof);
SolverClientSession.AcceptPuzzle(puzzle);
logger.LogInformation("Tumbler escrow broadcasted " + PromiseClientSession.EscrowedCoin.Outpoint.Hash);
}
break;
case CyclePhase.PaymentPhase:
if (PromiseClientSession != null)
{
TransactionInformation tumblerTx = GetTransactionInformation(PromiseClientSession.EscrowedCoin, false);
//Ensure the tumbler coin is confirmed before paying anything
if (tumblerTx == null || tumblerTx.Confirmations < cycle.SafetyPeriodDuration)
{
if (tumblerTx != null)
{
logger.LogInformation("Tumbler escrow " + tumblerTx.Transaction.GetHash() + " expecting " + cycle.SafetyPeriodDuration + " current is " + tumblerTx.Confirmations);
}
else
{
logger.LogInformation("Tumbler escrow not found");
}
return;
}
if (SolverClientSession.Status == SolverClientStates.WaitingGeneratePuzzles)
{
logger.LogInformation("Tumbler escrow confirmed " + tumblerTx.Transaction.GetHash());
feeRate = GetFeeRate();
var puzzles = SolverClientSession.GeneratePuzzles();
var commmitments = AliceClient.SolvePuzzles(cycle.Start, SolverClientSession.Id, puzzles);
var revelation2 = SolverClientSession.Reveal(commmitments);
var solutionKeys = AliceClient.CheckRevelation(cycle.Start, SolverClientSession.Id, revelation2);
var blindFactors = SolverClientSession.GetBlindFactors(solutionKeys);
var offerInformation = AliceClient.CheckBlindFactors(cycle.Start, SolverClientSession.Id, blindFactors);
var offerSignature = SolverClientSession.SignOffer(offerInformation);
var offerRedeem = SolverClientSession.CreateOfferRedeemTransaction(feeRate, Services.WalletService.GenerateAddress($"Cycle {cycle.Start} Tumbler Redeem").ScriptPubKey);
//May need to find solution in the fulfillment transaction
var offerLabel = $"Cycle {cycle.Start} Client Offer Redeem (locked until {offerRedeem.Transaction.LockTime})";
Services.BlockExplorerService.Track(offerLabel, offerRedeem.PreviousScriptPubKey);
Services.TrustedBroadcastService.Broadcast(offerLabel, offerRedeem);
logger.LogInformation("Offer redeem " + offerRedeem.Transaction.GetHash() + " locked until " + offerRedeem.Transaction.LockTime.Height);
try
{
solutionKeys = AliceClient.FulfillOffer(cycle.Start, SolverClientSession.Id, offerSignature);
SolverClientSession.CheckSolutions(solutionKeys);
logger.LogInformation("Solution recovered from cooperative tumbler");
}
catch
{
logger.LogWarning("Uncooperative tumbler detected, keep connection open.");
}
logger.LogInformation("Payment completed");
}
}
break;
case CyclePhase.ClientCashoutPhase:
if (SolverClientSession != null)
{
//If the tumbler is uncooperative, he published solutions on the blockchain
if (SolverClientSession.Status == SolverClientStates.WaitingPuzzleSolutions)
{
var transactions = Services.BlockExplorerService.GetTransactions(SolverClientSession.GetOfferScriptPubKey(), false);
SolverClientSession.CheckSolutions(transactions.Select(t => t.Transaction).ToArray());
logger.LogInformation("Solution recovered from blockchain transaction");
}
if (SolverClientSession.Status == SolverClientStates.Completed)
{
var tumblingSolution = SolverClientSession.GetSolution();
var transaction = PromiseClientSession.GetSignedTransaction(tumblingSolution);
Services.BroadcastService.Broadcast($"Cycle {cycle.Start} Client Cashout", transaction);
logger.LogInformation("Client Cashout completed " + transaction.GetHash());
}
}
break;
}
}
public async Task RegisterOutputTestAsync()
{
var config = new WabiSabiConfig {
MaxInputCountByRound = 1
};
var round = WabiSabiFactory.CreateRound(config);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
SmartCoin coin1 = BitcoinFactory.CreateSmartCoin(key, Money.Coins(2m));
var mockRpc = WabiSabiFactory.CreatePreconfiguredRpcClient(coin1.Coin);
using Arena arena = await ArenaBuilder.From(config).With(mockRpc).CreateAndStartAsync(round);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
using var memoryCache = new MemoryCache(new MemoryCacheOptions());
var idempotencyRequestCache = new IdempotencyRequestCache(memoryCache);
using CoinJoinFeeRateStatStore coinJoinFeeRateStatStore = new(config, arena.Rpc);
var wabiSabiApi = new WabiSabiController(idempotencyRequestCache, arena, coinJoinFeeRateStatStore);
InsecureRandom insecureRandom = InsecureRandom.Instance;
var roundState = RoundState.FromRound(round);
var aliceArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(insecureRandom),
roundState.CreateVsizeCredentialClient(insecureRandom),
wabiSabiApi);
var bobArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(insecureRandom),
roundState.CreateVsizeCredentialClient(insecureRandom),
wabiSabiApi);
Assert.Equal(Phase.InputRegistration, round.Phase);
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), wabiSabiApi);
await roundStateUpdater.StartAsync(CancellationToken.None);
var keyChain = new KeyChain(km, new Kitchen(""));
var task = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), aliceArenaClient, coin1, keyChain, roundStateUpdater, CancellationToken.None);
do
{
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
}while (round.Phase != Phase.ConnectionConfirmation);
var aliceClient = await task;
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
Assert.Equal(Phase.OutputRegistration, round.Phase);
using var destinationKey = new Key();
var destination = destinationKey.PubKey.WitHash.ScriptPubKey;
var bobClient = new BobClient(round.Id, bobArenaClient);
await bobClient.RegisterOutputAsync(
destination,
aliceClient.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None);
var bob = Assert.Single(round.Bobs);
Assert.Equal(destination, bob.Script);
var credentialAmountSum = aliceClient.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber).Sum(x => x.Value);
Assert.Equal(credentialAmountSum, bob.CredentialAmount);
}
public async Task RegisterOutputTestAsync()
{
var config = new WabiSabiConfig {
MaxInputCountByRound = 1
};
var round = WabiSabiFactory.CreateRound(config);
var km = ServiceFactory.CreateKeyManager("");
var key = BitcoinFactory.CreateHdPubKey(km);
SmartCoin coin1 = BitcoinFactory.CreateSmartCoin(key, Money.Coins(2m));
var mockRpc = WabiSabiFactory.CreatePreconfiguredRpcClient(coin1.Coin);
using Arena arena = await WabiSabiFactory.CreateAndStartArenaAsync(config, mockRpc, round);
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
await using var coordinator = new ArenaRequestHandler(config, new Prison(), arena, mockRpc.Object);
var insecureRandom = new InsecureRandom();
var wabiSabiApi = new WabiSabiController(coordinator);
var roundState = RoundState.FromRound(round);
var aliceArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(insecureRandom),
roundState.CreateVsizeCredentialClient(insecureRandom),
wabiSabiApi);
var bobArenaClient = new ArenaClient(
roundState.CreateAmountCredentialClient(insecureRandom),
roundState.CreateVsizeCredentialClient(insecureRandom),
wabiSabiApi);
Assert.Equal(Phase.InputRegistration, round.Phase);
var bitcoinSecret = km.GetSecrets("", coin1.ScriptPubKey).Single().PrivateKey.GetBitcoinSecret(Network.Main);
using RoundStateUpdater roundStateUpdater = new(TimeSpan.FromSeconds(2), wabiSabiApi);
await roundStateUpdater.StartAsync(CancellationToken.None);
var task = AliceClient.CreateRegisterAndConfirmInputAsync(RoundState.FromRound(round), aliceArenaClient, coin1, bitcoinSecret, roundStateUpdater, CancellationToken.None);
do
{
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
}while (round.Phase != Phase.ConnectionConfirmation);
var aliceClient = await task;
await arena.TriggerAndWaitRoundAsync(TimeSpan.FromMinutes(1));
Assert.Equal(Phase.OutputRegistration, round.Phase);
using var destinationKey = new Key();
var destination = destinationKey.PubKey.WitHash.ScriptPubKey;
var bobClient = new BobClient(round.Id, bobArenaClient);
await bobClient.RegisterOutputAsync(
destination,
aliceClient.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber),
aliceClient.IssuedVsizeCredentials.Take(ProtocolConstants.CredentialNumber),
CancellationToken.None);
var bob = Assert.Single(round.Bobs);
Assert.Equal(destination, bob.Script);
var credentialAmountSum = aliceClient.IssuedAmountCredentials.Take(ProtocolConstants.CredentialNumber).Sum(x => x.Value);
Assert.Equal(credentialAmountSum, bob.CredentialAmount);
}
