// The above method uses this one internally...
bool OTAccount::GenerateNewAccount(const OTPseudonym & theServer, const OTMessage & theMessage,
const OTAccount::AccountType eAcctType/*=OTAccount::simple*/)
{
// First we generate a secure random number into a binary object.
OTPayload thePayload;
thePayload.SetPayloadSize(100);
if (!RAND_bytes((unsigned char*)thePayload.GetPayloadPointer(), 100))
{
OTLog::Error("The PRNG is not seeded!\n");
// abort( );
return false;
}
// Next we calculate that binary object into a message digest (an OTIdentifier).
OTIdentifier newID;
if (!newID.CalculateDigest(thePayload))
{
OTLog::Error("Error generating new account ID.\n");
return false;
}
// Next we get that digest (which is a binary hash number)
// and extract a human-readable standard string format of that hash,
// into an OTString.
OTString strID(newID);
SetRealAccountID(newID); // Set the account number based on what we just generated.
SetPurportedAccountID(newID); // Might as well set them both. (Safe here to do so, for once.)
m_strName.Set(strID); // So it's not blank. The user can always change it.
// Next we create the full path filename for the account using the ID.
m_strFilename.Format("%s%s%s%s%s", OTLog::Path(), OTLog::PathSeparator(),
OTLog::AccountFolder(),
OTLog::PathSeparator(), strID.Get());
// Then we try to load it, in order to make sure that it doesn't already exist.
if (LoadContractRawFile())
{
OTLog::Error("Error generating new account ID, account already exists.\n");
return false;
}
// Set up the various important starting values of the account.
m_AcctType = eAcctType; // account type defaults to OTAccount::simple. But there are also issuer accts...
// for basket accounts, the server is the user.
if (OTAccount::basket == eAcctType)
{
theServer.GetIdentifier(m_AcctUserID);
}
else
{
m_AcctUserID.SetString(theMessage.m_strNymID);
}
m_AcctAssetTypeID.SetString(theMessage.m_strAssetID);
OTString TEMPstr(m_AcctAssetTypeID);
OTLog::vOutput(3, "Creating new account, type:\n%s\nChanged to ID then back to string:\n%s\n",
theMessage.m_strAssetID.Get(), TEMPstr.Get());
OTIdentifier SERVER_ID(theMessage.m_strServerID);
SetRealServerID(SERVER_ID); // todo this assumes the serverID on the message is correct. It's vetted, but still...
SetPurportedServerID(SERVER_ID);
const time_t tDate = time(NULL); // Today, now.
m_BalanceDate.Format("%d", tDate);
m_BalanceAmount.Set("0");
// Sign the Account (so we know that we did)... Otherwise someone could put a fake
// account file on the server if the code wasn't designed to verify the signature on the
// account.
SignContract(theServer);
SaveContract();
// Save the Account to storage (based on its ID.)
SaveAccount();
// Don't know why I had this here. Putting SaveAccount() instead.
// OTString strFilename(m_strFilename);
// SaveContract(strFilename.Get()); // Saves the account to a specific filename
// No need to create the inbox and outbox ledgers...they will be created automatically
// if they do not exist when they are needed.
return true;
}
bool OTEnvelope::Decrypt(OTString & theOutput, const OTSymmetricKey & theKey, const OTPassword & thePassword)
{
const char * szFunc = "OTEnvelope::Decrypt";
// ------------------------------------------------
OT_ASSERT((thePassword.isPassword() && (thePassword.getPasswordSize() > 0)) || (thePassword.isMemory() && (thePassword.getMemorySize() > 0)));
OT_ASSERT(theKey.IsGenerated());
// -----------------------------------------------
OTPassword theRawSymmetricKey;
if (false == theKey.GetRawKeyFromPassphrase(thePassword, theRawSymmetricKey))
{
OTLog::vError("%s: Failed trying to retrieve raw symmetric key using password. (Wrong password?)\n",
szFunc);
return false;
}
// -----------------------------------------------
//
uint32_t nRead = 0;
uint32_t nRunningTotal = 0;
m_dataContents.reset(); // Reset the fread position on this object to 0.
// ****************************************************************************
//
// Read the ENVELOPE TYPE (as network order version -- and convert to host version.)
//
// 0 == Error
// 1 == Asymmetric Key (this function -- Seal / Open)
// 2 == Symmetric Key (other functions -- Encrypt / Decrypt use this.)
// Anything else: error.
//
uint16_t env_type_n = 0;
if (0 == (nRead = m_dataContents.OTfread(reinterpret_cast<uint8_t*>(&env_type_n),
static_cast<uint32_t>(sizeof(env_type_n)))))
{
OTLog::vError("%s: Error reading Envelope Type. Expected asymmetric(1) or symmetric (2).\n", szFunc);
return false;
}
nRunningTotal += nRead;
OT_ASSERT(nRead == static_cast<uint32_t>(sizeof(env_type_n)));
// ----------------------------------------------------------------------------
// convert that envelope type from network to HOST endian.
//
const uint16_t env_type = static_cast<uint16_t>(ntohs(static_cast<uint16_t>(env_type_n)));
// nRunningTotal += env_type; // NOPE! Just because envelope type is 1 or 2, doesn't mean we add 1 or 2 extra bytes to the length here. Nope!
if (2 != env_type)
{
const uint32_t l_env_type = static_cast<uint32_t>(env_type);
OTLog::vError("%s: Error: Expected Envelope for Symmetric key (type 2) but instead found type: %ld.\n",
szFunc, l_env_type);
return false;
}
// ****************************************************************************
//
// Read network-order IV size (and convert to host version)
//
const uint32_t max_iv_length = OTCryptoConfig::SymmetricIvSize(); // I believe this is a max length, so it may not match the actual length of the IV.
// Read the IV SIZE (network order version -- convert to host version.)
//
uint32_t iv_size_n = 0;
if (0 == (nRead = m_dataContents.OTfread(reinterpret_cast<uint8_t*>(&iv_size_n),
static_cast<uint32_t>(sizeof(iv_size_n)))))
{
OTLog::vError("%s: Error reading IV Size.\n", szFunc);
return false;
}
nRunningTotal += nRead;
OT_ASSERT(nRead == static_cast<uint32_t>(sizeof(iv_size_n)));
// ----------------------------------------------------------------------------
// convert that iv size from network to HOST endian.
//
const uint32_t iv_size_host_order = ntohl(iv_size_n);
if (iv_size_host_order > max_iv_length)
{
OTLog::vError("%s: Error: iv_size (%ld) is larger than max_iv_length (%ld).\n",
szFunc, static_cast<long>(iv_size_host_order), static_cast<long>(max_iv_length));
return false;
}
// nRunningTotal += iv_size_host_order; // Nope!
// ****************************************************************************
//
// Then read the IV (initialization vector) itself.
//
OTPayload theIV;
theIV.SetPayloadSize(iv_size_host_order);
if (0 == (nRead = m_dataContents.OTfread(static_cast<uint8_t*>(const_cast<void *>(theIV.GetPayloadPointer())),
static_cast<uint32_t>(iv_size_host_order))))
{
OTLog::vError("%s: Error reading initialization vector.\n", szFunc);
return false;
}
nRunningTotal += nRead;
OT_ASSERT(nRead == static_cast<uint32_t>(iv_size_host_order));
OT_ASSERT(nRead <= max_iv_length);
// ----------------------------------------------------------------------------
// We create an OTPayload object to store the ciphertext itself, which begins AFTER the end of the IV.
// So we see pointer + nRunningTotal as the starting point for the ciphertext.
// the size of the ciphertext, meanwhile, is the size of the entire thing, MINUS nRunningTotal.
//
OTPayload theCipherText(static_cast<const void*>(
static_cast<const uint8_t *>(m_dataContents.GetPointer()) + nRunningTotal
),
m_dataContents.GetSize() - nRunningTotal);
// ----------------------------------------------------------------------------
// Now we've got all the pieces together, let's try to decrypt it...
//
OTPayload thePlaintext; // for output.
const bool bDecrypted = OTCrypto::It()->Decrypt(theRawSymmetricKey, // The symmetric key, in clear form.
// -------------------------------
static_cast<const char *>(theCipherText.GetPayloadPointer()), // This is the Ciphertext.
theCipherText.GetSize(),
// -------------------------------
theIV,
// -------------------------------
thePlaintext); // OUTPUT. (Recovered plaintext.) You can pass OTPassword& OR OTPayload& here (either will work.)
// -----------------------------------------------
// theOutput is where we'll put the decrypted data.
//
theOutput.Release();
if (bDecrypted)
{
// -----------------------------------------------------
// Make sure it's null-terminated...
//
uint32_t nIndex = thePlaintext.GetSize()-1;
(static_cast<uint8_t*>(const_cast<void *>(thePlaintext.GetPointer())))[nIndex] = '\0';
// -----------------------------------------------------
// Set it into theOutput (to return the plaintext to the caller)
//
theOutput.Set(static_cast<const char *>(thePlaintext.GetPointer()));
// ----------------
}
return bDecrypted;
}
//static
bool OTAsymmetricKey_OpenSSL::OTAsymmetricKey_OpenSSLPrivdp::ArmorPrivateKey(EVP_PKEY & theKey, OTASCIIArmor & ascKey, Timer & theTimer, OTPasswordData * pPWData/*=NULL*/, OTPassword * pImportPassword/*=NULL*/)
{
bool bReturnVal = false;
ascKey.Release();
// ----------------------------------------
// Create a new memory buffer on the OpenSSL side
OpenSSL_BIO bmem = BIO_new(BIO_s_mem());
OT_ASSERT(NULL != bmem);
int64_t lSize = 0;
// ----------------------------------------
// write a private key to that buffer, from theKey
//
OTPasswordData thePWData("OTAsymmetricKey_OpenSSL::ArmorPrivateKey is calling PEM_write_bio_PrivateKey...");
if (NULL == pPWData)
pPWData = &thePWData;
int32_t nWriteBio = 0;
if (NULL == pImportPassword)
nWriteBio = PEM_write_bio_PrivateKey(bmem, &theKey, EVP_des_ede3_cbc(), // todo should this algorithm be hardcoded?
NULL, 0, OTAsymmetricKey::GetPasswordCallback(), pPWData);
else
nWriteBio = PEM_write_bio_PrivateKey(bmem, &theKey, EVP_des_ede3_cbc(), // todo should this algorithm be hardcoded?
NULL, 0, 0, const_cast<void*>(reinterpret_cast<const void*>(pImportPassword->getPassword())));
if (0 == nWriteBio)
{
OTLog::vError("%s: Failed writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
}
else
{
// TODO (remove theTimer entirely. OTCachedKey replaces already.)
// I set this timer because the above required a password. But now that master key is working,
// the above would flow through even WITHOUT the user typing his passphrase (since master key still
// not timed out.) Resulting in THIS timer being reset! Todo: I already shortened this timer to 30
// seconds, but need to phase it down to 0 and then remove it entirely! Master key takes over now!
//
theTimer.start(); // Note: this isn't the ultimate timer solution. See notes in ReleaseKeyLowLevel.
// --------------------
OTLog::vOutput(5, "%s: Success writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
OTPayload theData;
char * pChar = NULL;
// After the below call, pChar will point to the memory buffer where the private key supposedly is,
// and lSize will contain the size of that memory.
//
lSize = BIO_get_mem_data(bmem, &pChar);
uint32_t nSize = static_cast<uint32_t>(lSize);
if (nSize > 0)
{
// Set the buffer size in our own memory.
theData.SetPayloadSize(nSize);
// void * pv =
OTPassword::safe_memcpy((static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer()))), // destination
theData.GetSize(), // size of destination buffer.
pChar, // source
nSize); // length of source.
// bool bZeroSource=false); // if true, sets the source buffer to zero after copying is done.
// ------------------------------------------------
// This base64 encodes the private key data, which
// is already encrypted to its passphase as well.
//
ascKey.SetData(theData);
OTLog::vOutput(5, "%s: Success copying private key into memory.\n", __FUNCTION__);
bReturnVal = true;
}
else
{
OTLog::vError("%s: Failed copying private key into memory.\n", __FUNCTION__);
}
}
return bReturnVal;
}
// Take a public key, theKey (input), and create an armored version of
// it into ascKey (output.)
//
// OpenSSL loaded key ===> ASCII-Armored export of same key.
//
//static
//
bool OTAsymmetricKey_OpenSSL::OTAsymmetricKey_OpenSSLPrivdp::ArmorPublicKey(EVP_PKEY & theKey, OTASCIIArmor & ascKey)
{
bool bReturnVal = false;
const char * szFunc = "OTAsymmetricKey_OpenSSL::ArmorPublicKey";
ascKey.Release();
// ----------------------------------------
// Create a new memory buffer on the OpenSSL side
OpenSSL_BIO bmem = BIO_new(BIO_s_mem());
OT_ASSERT_MSG(NULL != bmem, "OTAsymmetricKey_OpenSSL::ArmorPublicKey: ASSERT: NULL != bmem");
int64_t lSize = 0;
// ----------------------------------------
// write a public key to that buffer, from theKey (parameter.)
//
int32_t nWriteBio = PEM_write_bio_PUBKEY(bmem, &theKey);
if (0 == nWriteBio)
{
OTLog::vError("%s: Error: Failed writing EVP_PKEY to memory buffer.\n", szFunc);
}
else
{
OTLog::vOutput(5, "%s: Success writing EVP_PKEY to memory buffer.\n", szFunc);
OTPayload theData;
char * pChar = NULL;
// After the below call, pChar will point to the memory buffer where the public key
// supposedly is, and lSize will contain the size of that memory.
//
lSize = BIO_get_mem_data(bmem, &pChar);
uint32_t nSize = static_cast<uint32_t>(lSize); // todo security, etc. Fix this assumed type conversion.
if (nSize > 0)
{
// Set the buffer size in our own memory.
theData.SetPayloadSize(nSize);
// void * pv =
OTPassword::safe_memcpy((static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer()))), // destination
theData.GetSize(), // size of destination buffer.
pChar, // source
nSize); // length of source.
// bool bZeroSource=false); // if true, sets the source buffer to zero after copying is done.
// ------------------------------------------------
// This base64 encodes the public key data
//
ascKey.SetData(theData);
OTLog::vOutput(5, "%s: Success copying public key into memory.\n", szFunc);
bReturnVal = true;
}
else
{
OTLog::vError("%s: Failed copying public key into memory.\n", szFunc);
}
}
return bReturnVal;
}
// NOTE: OpenSSL will store the EVP_PKEY inside the X509, and when I get it,
// I'm not supposed to destroy the x509 until I destroy the EVP_PKEY FIRST!
// (AND it reference-counts.)
// Since I want ability to destroy the two, independent of each other, I made
// static functions here for copying public and private keys, so I am ALWAYS
// working with MY OWN copy of any given key, and not OpenSSL's reference-counted
// one.
//
// Furthermore, BIO_mem_buf doesn't allocate its own memory, but uses the memory
// you pass to it. You CANNOT free that memory until you destroy the BIO.
//
// That's why you see me copying one bio into a payload, before copying it into
// the next bio. Todo security: copy it into an OTPassword here, instead of an
// OTPayload, which is safer, and more appropriate for a private key. Make sure
// OTPassword can accommodate a bit larger size than what it does now.
//
//static // CALLER must EVP_pkey_free!
EVP_PKEY * OTAsymmetricKey_OpenSSL::OTAsymmetricKey_OpenSSLPrivdp::CopyPrivateKey(EVP_PKEY & theKey, OTPasswordData * pPWData/*=NULL*/, OTPassword * pImportPassword/*=NULL*/)
{
const EVP_CIPHER * pCipher = EVP_des_ede3_cbc(); // todo should this algorithm be hardcoded?
// ----------------------------------------
// Create a new memory buffer on the OpenSSL side
OpenSSL_BIO bmem = BIO_new(BIO_s_mem());
OT_ASSERT(NULL != bmem);
EVP_PKEY * pReturnKey = NULL;
// ----------------------------------------
// write a private key to that buffer, from theKey
//
OTPasswordData thePWDataWrite("OTAsymmetricKey_OpenSSL::CopyPrivateKey is calling PEM_write_bio_PrivateKey...");
// todo optimization: might just remove the password callback here, and just write the private key in the clear,
// and then load it up again, saving the encrypt/decrypt step that otherwise occurs, and then as long as we OpenSSL_cleanse
// the BIO, then it SHOULD stil be safe, right?
//
int32_t nWriteBio = false;
if (NULL == pImportPassword)
nWriteBio = PEM_write_bio_PrivateKey(bmem, &theKey, pCipher,
NULL, 0, OTAsymmetricKey::GetPasswordCallback(), NULL == pPWData ? &thePWDataWrite : pPWData);
else
nWriteBio = PEM_write_bio_PrivateKey(bmem, &theKey, pCipher,
NULL, 0, 0, const_cast<void*>(reinterpret_cast<const void*>(pImportPassword->getPassword())));
// ------------------------------------------------------------------------
if (0 == nWriteBio)
{
OTLog::vError("%s: Failed writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
}
else
{
OTLog::vOutput(5, "%s: Success writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
char * pChar = NULL;
// After the below call, pChar will point to the memory buffer where the private key supposedly is,
// and lSize will contain the size of that memory.
//
const int64_t lSize = BIO_get_mem_data(bmem, &pChar);
const uint32_t nSize = static_cast<uint32_t>(lSize);
if (nSize > 0)
{
OTPayload theData;
// Set the buffer size in our own memory.
theData.SetPayloadSize(nSize);
void * pv =
OTPassword::safe_memcpy((static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer()))), // destination
theData.GetSize(), // size of destination buffer.
pChar, // source
nSize); // length of source.
// bool bZeroSource=false); // if true, sets the source buffer to zero after copying is done.
if (NULL != pv)
{
// -----------------------------------------------
// Next, copy theData's contents into a new BIO_mem_buf,
// so OpenSSL can load the key out of it.
//
OpenSSL_BIO keyBio = BIO_new_mem_buf(static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer())),
theData.GetSize());
OT_ASSERT_MSG(NULL != keyBio, "OTAsymmetricKey_OpenSSL::CopyPrivateKey: Assert: NULL != keyBio \n");
// -------------------------------------------
// Next we load up the key from the BIO string into an instantiated key object.
//
OTPasswordData thePWData("OTAsymmetricKey_OpenSSL::CopyPrivateKey is calling PEM_read_bio_PUBKEY...");
if (NULL == pImportPassword)
pReturnKey = PEM_read_bio_PrivateKey( keyBio, NULL, OTAsymmetricKey::GetPasswordCallback(), NULL == pPWData ? &thePWData : pPWData);
else
pReturnKey = PEM_read_bio_PrivateKey( keyBio, NULL, 0, const_cast<void*>(reinterpret_cast<const void*>(pImportPassword->getPassword())));
// -------------------------------------------
}
else
OTLog::vError("%s: Error: Failed copying memory from BIO into OTPayload.\n");
// -------------------------------------------
}
else
{
OTLog::vError("%s: Failed copying private key into memory.\n", __FUNCTION__);
}
}
return pReturnKey;
}
//static // CALLER must EVP_pkey_free!
EVP_PKEY * OTAsymmetricKey_OpenSSL::OTAsymmetricKey_OpenSSLPrivdp::CopyPublicKey(EVP_PKEY & theKey, OTPasswordData * pPWData/*=NULL*/, OTPassword * pImportPassword/*=NULL*/)
{
// ----------------------------------------
// Create a new memory buffer on the OpenSSL side
OpenSSL_BIO bmem = BIO_new(BIO_s_mem());
OT_ASSERT_MSG(NULL != bmem, "OTAsymmetricKey_OpenSSL::CopyPublicKey: ASSERT: NULL != bmem");
EVP_PKEY * pReturnKey = NULL;
// ----------------------------------------
// write a public key to that buffer, from theKey (parameter.)
//
int32_t nWriteBio = PEM_write_bio_PUBKEY(bmem, &theKey);
if (0 == nWriteBio)
{
OTLog::vError("%s: Error: Failed writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
}
else
{
OTLog::vOutput(5, "%s: Success writing EVP_PKEY to memory buffer.\n", __FUNCTION__);
char * pChar = NULL;
// After the below call, pChar will point to the memory buffer where the public key
// supposedly is, and lSize will contain the size of that memory.
//
const int64_t lSize = BIO_get_mem_data(bmem, &pChar);
const uint32_t nSize = static_cast<uint32_t>(lSize);
if (nSize > 0)
{
OTPayload theData;
// Set the buffer size in our own memory.
theData.SetPayloadSize(nSize);
void * pv =
OTPassword::safe_memcpy((static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer()))), // destination
theData.GetSize(), // size of destination buffer.
pChar, // source
nSize); // length of source.
// bool bZeroSource=false); // if true, sets the source buffer to zero after copying is done.
if (NULL != pv)
{
// -----------------------------------------------
// Next, copy theData's contents into a new BIO_mem_buf,
// so OpenSSL can load the key out of it.
//
OpenSSL_BIO keyBio = BIO_new_mem_buf(static_cast<char*>(const_cast<void*>(theData.GetPayloadPointer())),
theData.GetSize());
OT_ASSERT_MSG(NULL != keyBio, "OTAsymmetricKey_OpenSSL::CopyPublicKey: Assert: NULL != keyBio \n");
// -------------------------------------------
// Next we load up the key from the BIO string into an instantiated key object.
//
OTPasswordData thePWData(NULL == pImportPassword ?
"Enter your wallet master passphrase. (OTAsymmetricKey_OpenSSL::CopyPublicKey is calling PEM_read_bio_PUBKEY...)" :
"Enter the passphrase for your exported Nym.");
if (NULL == pImportPassword)
pReturnKey = PEM_read_bio_PUBKEY(keyBio, NULL, OTAsymmetricKey::GetPasswordCallback(), NULL == pPWData ? &thePWData : pPWData);
else
pReturnKey = PEM_read_bio_PUBKEY(keyBio, NULL, 0, pImportPassword);
// -------------------------------------------
// We don't need the BIO anymore.
// Free the BIO and related buffers, filters, etc. (auto with scope).
//
}
else
OTLog::vError("%s: Error: Failed copying memory from BIO into OTPayload.\n");
// -------------------------------------------
}
else
{
OTLog::vError("%s: Failed copying private key into memory.\n", __FUNCTION__);
}
}
return pReturnKey;
}
