X-Git-Url: https://git.novaco.in/?a=blobdiff_plain;f=src%2Fkey.cpp;h=1f4253365a36d2ba6f02ee5804e051f57f05ca7f;hb=d9a9ab764d542fe29e177ff600eff108269d0a57;hp=20ea691a5d340324a2df44a3931ce58c2a0703e1;hpb=9e58e0a8ca28b15a4bfa677f5b23891972db40fd;p=novacoin.git diff --git a/src/key.cpp b/src/key.cpp index 20ea691..1f42533 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -80,7 +80,12 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch x = BN_CTX_get(ctx); if (!BN_copy(x, order)) { ret=-1; goto err; } if (!BN_mul_word(x, i)) { ret=-1; goto err; } - if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; } + + // Get internal R and S pointers + const BIGNUM *ecsig_r, *ecsig_s; + ECDSA_SIG_get0(ecsig, &ecsig_r, &ecsig_s); + + if (!BN_add(x, x, ecsig_r)) { ret=-1; goto err; } field = BN_CTX_get(ctx); if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; } if (BN_cmp(x, field) >= 0) { ret=0; goto err; } @@ -98,12 +103,12 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; } if (8*msglen > n) BN_rshift(e, e, 8-(n & 7)); zero = BN_CTX_get(ctx); - if (!BN_zero(zero)) { ret=-1; goto err; } + BN_zero(zero); if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; } rr = BN_CTX_get(ctx); - if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_inverse(rr, ecsig_r, order, ctx)) { ret=-1; goto err; } sor = BN_CTX_get(ctx); - if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_mul(sor, ecsig_s, rr, order, ctx)) { ret=-1; goto err; } eor = BN_CTX_get(ctx); if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; } if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; } @@ -165,15 +170,14 @@ const unsigned char vchMaxModHalfOrder[32] = { const unsigned char *vchZero = NULL; -void CKey::SetCompressedPubKey() +void CKey::SetCompressedPubKey(bool fCompressed) { - EC_KEY_set_conv_form(pkey, POINT_CONVERSION_COMPRESSED); - fCompressedPubKey = true; + EC_KEY_set_conv_form(pkey, fCompressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED); } void CKey::Reset() { - fCompressedPubKey = fSet = false; + fSet = false; if (pkey != NULL) EC_KEY_free(pkey); pkey = EC_KEY_new_by_curve_name(NID_secp256k1); @@ -193,7 +197,6 @@ CKey::CKey(const CKey& b) if (pkey == NULL) throw key_error("CKey::CKey(const CKey&) : EC_KEY_dup failed"); fSet = b.fSet; - fCompressedPubKey = b.fCompressedPubKey; } CKey::CKey(const CSecret& b, bool fCompressed) @@ -209,7 +212,6 @@ CKey& CKey::operator=(const CKey& b) if (!EC_KEY_copy(pkey, b.pkey)) throw key_error("CKey::operator=(const CKey&) : EC_KEY_copy failed"); fSet = b.fSet; - fCompressedPubKey = b.fCompressedPubKey; return (*this); } @@ -226,7 +228,7 @@ bool CKey::IsNull() const bool CKey::IsCompressed() const { - return fCompressedPubKey; + return (EC_KEY_get_conv_form(pkey) == POINT_CONVERSION_COMPRESSED); } bool CKey::CheckSignatureElement(const unsigned char *vch, int len, bool half) { @@ -264,8 +266,7 @@ void CKey::MakeNewKey(bool fCompressed) { if (!EC_KEY_generate_key(pkey)) throw key_error("CKey::MakeNewKey() : EC_KEY_generate_key failed"); - if (fCompressed) - SetCompressedPubKey(); + SetCompressedPubKey(fCompressed); fSet = true; } @@ -311,8 +312,7 @@ bool CKey::SetSecret(const CSecret& vchSecret, bool fCompressed) } BN_clear_free(bn); fSet = true; - if (fCompressed || fCompressedPubKey) - SetCompressedPubKey(); + SetCompressedPubKey(fCompressed); return true; } @@ -327,39 +327,19 @@ CSecret CKey::GetSecret(bool &fCompressed) const int n=BN_bn2bin(bn,&vchRet[32 - nBytes]); if (n != nBytes) throw key_error("CKey::GetSecret(): BN_bn2bin failed"); - fCompressed = fCompressedPubKey; + fCompressed = IsCompressed(); return vchRet; } bool CKey::WritePEM(BIO *streamObj, const SecureString &strPassKey) const // dumppem 4KJLA99FyqMMhjjDe7KnRXK4sjtv9cCtNS /tmp/test.pem 123 { EVP_PKEY *evpKey = EVP_PKEY_new(); - bool result = true; - - do - { - if (!EVP_PKEY_assign_EC_KEY(evpKey, pkey)) - { - result = error("CKey::WritePEM() : Error initializing EVP_PKEY instance."); - break; - } + if (!EVP_PKEY_assign_EC_KEY(evpKey, pkey)) + return error("CKey::WritePEM() : Error initializing EVP_PKEY instance."); + if(!PEM_write_bio_PKCS8PrivateKey(streamObj, evpKey, EVP_aes_256_cbc(), (char *)&strPassKey[0], strPassKey.size(), NULL, NULL)) + return error("CKey::WritePEM() : Error writing private key data to stream object"); - if(!PEM_write_bio_PKCS8PrivateKey(streamObj, evpKey, EVP_aes_256_cbc(), (char *)&strPassKey[0], strPassKey.size(), NULL, NULL)) - { - result = error("CKey::WritePEM() : Error writing private key data to stream object"); - break; - } - - if(!PEM_write_bio_PUBKEY(streamObj, evpKey)) - { - result = error("CKey::WritePEM() : Error writing public key data to stream object"); - break; - } - } - while(false); - - EVP_PKEY_free(evpKey); - return result; + return true; } CSecret CKey::GetSecret() const @@ -400,12 +380,20 @@ bool CKey::Sign(uint256 hash, std::vector& vchSig) return false; const EC_GROUP *group = EC_KEY_get0_group(pkey); CBigNum order, halforder; - EC_GROUP_get_order(group, &order, NULL); - BN_rshift1(&halforder, &order); + EC_GROUP_get_order(group, order.get(), NULL); + BN_rshift1(halforder.get(), order.get()); + + // Get internal R and S pointers + const BIGNUM *current_s = ECDSA_SIG_get0_s(sig); + // enforce low S values, by negating the value (modulo the order) if above order/2. - if (BN_cmp(sig->s, &halforder) > 0) { - BN_sub(sig->s, &order, sig->s); + if (BN_cmp(current_s, halforder.get()) > 0) { + BIGNUM *updated_s = BN_new(); + BN_copy(updated_s, current_s); + BN_sub(updated_s, order.get(), updated_s); + ECDSA_SIG_set0(sig, NULL, updated_s); } + unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough unsigned char *pos = &vchSig[0]; @@ -432,16 +420,25 @@ bool CKey::SignCompact(uint256 hash, std::vector& vchSig) return false; const EC_GROUP *group = EC_KEY_get0_group(pkey); CBigNum order, halforder; - EC_GROUP_get_order(group, &order, NULL); - BN_rshift1(&halforder, &order); + EC_GROUP_get_order(group, order.get(), NULL); + BN_rshift1(halforder.get(), order.get()); + + // Get internal R and S pointers + const BIGNUM *current_s = ECDSA_SIG_get0_s(sig); + // enforce low S values, by negating the value (modulo the order) if above order/2. - if (BN_cmp(sig->s, &halforder) > 0) { - BN_sub(sig->s, &order, sig->s); + if (BN_cmp(current_s, halforder.get()) > 0) { + BIGNUM *updated_s = BN_new(); + BN_copy(updated_s, current_s); + BN_sub(updated_s, order.get(), updated_s); + ECDSA_SIG_set0(sig, NULL, updated_s); } + vchSig.clear(); vchSig.resize(65,0); - int nBitsR = BN_num_bits(sig->r); - int nBitsS = BN_num_bits(sig->s); + int nBitsR = BN_num_bits(ECDSA_SIG_get0_r(sig)); + int nBitsS = BN_num_bits(ECDSA_SIG_get0_s(sig)); + bool fCompressedPubKey = IsCompressed(); if (nBitsR <= 256 && nBitsS <= 256) { int8_t nRecId = -1; @@ -449,8 +446,7 @@ bool CKey::SignCompact(uint256 hash, std::vector& vchSig) { CKey keyRec; keyRec.fSet = true; - if (fCompressedPubKey) - keyRec.SetCompressedPubKey(); + keyRec.SetCompressedPubKey(fCompressedPubKey); if (ECDSA_SIG_recover_key_GFp(keyRec.pkey, sig, (unsigned char*)&hash, sizeof(hash), i, 1) == 1) if (keyRec.GetPubKey() == this->GetPubKey()) { @@ -466,8 +462,8 @@ bool CKey::SignCompact(uint256 hash, std::vector& vchSig) } vchSig[0] = nRecId+27+(fCompressedPubKey ? 4 : 0); - BN_bn2bin(sig->r,&vchSig[33-(nBitsR+7)/8]); - BN_bn2bin(sig->s,&vchSig[65-(nBitsS+7)/8]); + BN_bn2bin(ECDSA_SIG_get0_r(sig),&vchSig[33-(nBitsR+7)/8]); + BN_bn2bin(ECDSA_SIG_get0_s(sig),&vchSig[65-(nBitsS+7)/8]); fOk = true; } ECDSA_SIG_free(sig); @@ -486,22 +482,21 @@ bool CPubKey::SetCompactSignature(uint256 hash, const std::vector if (nV<27 || nV>=35) return false; ECDSA_SIG *sig = ECDSA_SIG_new(); - BN_bin2bn(&vchSig[1],32,sig->r); - BN_bin2bn(&vchSig[33],32,sig->s); - + BIGNUM *sig_r, *sig_s; + BN_bin2bn(&vchSig[1],32,sig_r); + BN_bin2bn(&vchSig[33],32,sig_s); + ECDSA_SIG_set0(sig, sig_r, sig_s); + bool fSuccessful = false; EC_KEY* pkey = EC_KEY_new_by_curve_name(NID_secp256k1); if (nV >= 31) { nV -= 4; EC_KEY_set_conv_form(pkey, POINT_CONVERSION_COMPRESSED); } - do { if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), nV - 27, 0) != 1) break; - ECDSA_SIG_free(sig); - int nSize = i2o_ECPublicKey(pkey, NULL); if (!nSize) break; @@ -510,13 +505,14 @@ bool CPubKey::SetCompactSignature(uint256 hash, const std::vector if (i2o_ECPublicKey(pkey, &pbegin) != nSize) break; Set(vchPubKey.begin(), vchPubKey.end()); - return IsValid(); + fSuccessful = IsValid(); } while (false); - ECDSA_SIG_free(sig); - Invalidate(); - return false; + EC_KEY_free(pkey); + if (!fSuccessful) + Invalidate(); + return fSuccessful; } bool CPubKey::Verify(const uint256 &hash, const std::vector& vchSig) const @@ -524,35 +520,37 @@ bool CPubKey::Verify(const uint256 &hash, const std::vector& vchS if (vchSig.empty() || !IsValid()) return false; - const unsigned char* pbegin = &vbytes[0]; EC_KEY *pkey = EC_KEY_new_by_curve_name(NID_secp256k1); - if (!o2i_ECPublicKey(&pkey, &pbegin, size())) - return false; // Unable to parse public key - - // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. - unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); - const unsigned char* sigptr = &vchSig[0]; + assert(norm_sig); - if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) + assert(pkey); + + bool ret = false; + do { - /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on - * error. But OpenSSL's own use of this function redundantly frees the - * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a - * clear contract for the function behaving the same way is more - * conservative. - */ - ECDSA_SIG_free(norm_sig); - return false; - } - int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); + int derlen; + uint8_t *norm_der = NULL; + const uint8_t* pbegin = &vbytes[0]; + const uint8_t* sigptr = &vchSig[0]; + + // Trying to parse public key + if (!o2i_ECPublicKey(&pkey, &pbegin, size())) + break; + // New versions of OpenSSL are rejecting a non-canonical DER signatures, de/re-serialize first. + if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) + break; + if ((derlen = i2d_ECDSA_SIG(norm_sig, &norm_der)) <= 0) + break; + + // -1 = error, 0 = bad sig, 1 = good + ret = ECDSA_verify(0, (const unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; + OPENSSL_free(norm_der); + } while(false); + ECDSA_SIG_free(norm_sig); - if (derlen <= 0) - return false; + EC_KEY_free(pkey); - // -1 = error, 0 = bad sig, 1 = good - bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; - OPENSSL_free(norm_der); return ret; } @@ -561,8 +559,6 @@ bool CPubKey::VerifyCompact(uint256 hash, const std::vector& vchS CPubKey key; if (!key.SetCompactSignature(hash, vchSig)) return false; - if ((*this) != key) - return false; return true; } @@ -658,7 +654,7 @@ bool CPoint::getBytes(std::vector &vchBytes) // ECC multiplication by specified multiplier bool CPoint::ECMUL(const CBigNum &bnMultiplier) { - if (!EC_POINT_mul(group, point, NULL, point, &bnMultiplier, NULL)) { + if (!EC_POINT_mul(group, point, NULL, point, bnMultiplier.get(), NULL)) { printf("CPoint::ECMUL() : EC_POINT_mul failed"); return false; } @@ -669,7 +665,7 @@ bool CPoint::ECMUL(const CBigNum &bnMultiplier) // Calculate G*m + q bool CPoint::ECMULGEN(const CBigNum &bnMultiplier, const CPoint &qPoint) { - if (!EC_POINT_mul(group, point, &bnMultiplier, qPoint.point, BN_value_one(), NULL)) { + if (!EC_POINT_mul(group, point, bnMultiplier.get(), qPoint.point, BN_value_one(), NULL)) { printf("CPoint::ECMULGEN() : EC_POINT_mul failed."); return false; } @@ -783,6 +779,8 @@ bool CMalleablePubKey::SetString(const std::string& strMalleablePubKey) if (!DecodeBase58Check(strMalleablePubKey, vchTemp)) { throw key_error("CMalleablePubKey::SetString() : Provided key data seems corrupted."); } + if (vchTemp.size() != 68) + return false; CDataStream ssKey(vchTemp, SER_NETWORK, PROTOCOL_VERSION); ssKey >> *this; @@ -1050,7 +1048,8 @@ bool CMalleableKey::SetString(const std::string& strMutableKey) if (!DecodeBase58Check(strMutableKey, vchTemp)) { throw key_error("CMalleableKey::SetString() : Provided key data seems corrupted."); } - + if (vchTemp.size() != 66) + return false; CDataStream ssKey(vchTemp, SER_NETWORK, PROTOCOL_VERSION); ssKey >> *this; @@ -1194,6 +1193,9 @@ bool CMalleableKeyView::SetString(const std::string& strMutableKey) throw key_error("CMalleableKeyView::SetString() : Provided key data seems corrupted."); } + if (vchTemp.size() != 67) + return false; + CDataStream ssKey(vchTemp, SER_NETWORK, PROTOCOL_VERSION); ssKey >> *this;