Bool SignerReal::notarize( PublicKey pubkey, Signature signature, Digest hash, Monitor& monitor )
{
if (!check_interface(monitor)) return false;
eprovider::TheKey thepubkey = creator.getCreatureCurrentTheKey(pubkey);
Size hashsize;
RECOVER_CALL(hashsize = iface->getMaxHashSize(thepubkey, error));
Padder curpad = padder;
if (pubkey.getPadder(Monitor()))
{
curpad = pubkey.getPadder(monitor);
} else if (signature.getPadder(Monitor()))
{
curpad = signature.getPadder(monitor);
} else {
//TODO: find default padder
}
if (curpad.ok() && hashsize.bits()) hash = curpad.pad(hash, hashsize, monitor); if (!monitor) return Bool();
Data hashblock = hash.asData();
Image signimage = signature.encode(monitor);
Snapshot signblock = signimage.snapshot();
Bool result;
RECOVER_CALL( (result = iface->notarizeHash(session,hashblock.get(), hashblock.size(), signblock.get(), signblock.size(), signblock.encid(), thepubkey, error)) );
return result;
}
bool
verifyDigest (PublicKey const& publicKey,
uint256 const& digest,
Slice const& sig,
bool mustBeFullyCanonical)
{
if (publicKeyType(publicKey) != KeyType::secp256k1)
LogicError("sign: secp256k1 required for digest signing");
auto const canonicality = ecdsaCanonicality(sig);
if (! canonicality)
return false;
if (mustBeFullyCanonical &&
(*canonicality != ECDSACanonicality::fullyCanonical))
return false;
secp256k1_pubkey pubkey_imp;
if(secp256k1_ec_pubkey_parse(
secp256k1Context(),
&pubkey_imp,
reinterpret_cast<unsigned char const*>(
publicKey.data()),
publicKey.size()) != 1)
return false;
secp256k1_ecdsa_signature sig_imp;
if(secp256k1_ecdsa_signature_parse_der(
secp256k1Context(),
&sig_imp,
reinterpret_cast<unsigned char const*>(
sig.data()),
sig.size()) != 1)
return false;
if (*canonicality != ECDSACanonicality::fullyCanonical)
{
secp256k1_ecdsa_signature sig_norm;
if(secp256k1_ecdsa_signature_normalize(
secp256k1Context(),
&sig_norm,
&sig_imp) != 1)
return false;
return secp256k1_ecdsa_verify(
secp256k1Context(),
&sig_norm,
reinterpret_cast<unsigned char const*>(
digest.data()),
&pubkey_imp) == 1;
}
return secp256k1_ecdsa_verify(
secp256k1Context(),
&sig_imp,
reinterpret_cast<unsigned char const*>(
digest.data()),
&pubkey_imp) == 1;
}
/*
Calculation of the Account ID
The AccountID is a 160-bit identifier that uniquely
distinguishes an account. The account may or may not
exist in the ledger. Even for accounts that are not in
the ledger, cryptographic operations may be performed
which affect the ledger. For example, designating an
account not in the ledger as a regular key for an
account that is in the ledger.
Why did we use half of SHA512 for most things but then
SHA256 followed by RIPEMD160 for account IDs? Why didn't
we do SHA512 half then RIPEMD160? Or even SHA512 then RIPEMD160?
For that matter why RIPEMD160 at all why not just SHA512 and keep
only 160 bits?
Answer (David Schwartz):
The short answer is that we kept Bitcoin's behavior.
The longer answer was that:
1) Using a single hash could leave ripple
vulnerable to length extension attacks.
2) Only RIPEMD160 is generally considered safe at 160 bits.
Any of those schemes would have been acceptable. However,
the one chosen avoids any need to defend the scheme chosen.
(Against any criticism other than unnecessary complexity.)
"The historical reason was that in the very early days,
we wanted to give people as few ways to argue that we were
less secure than Bitcoin. So where there was no good reason
to change something, it was not changed."
*/
AccountID
calcAccountID (PublicKey const& pk)
{
ripesha_hasher rsh;
rsh(pk.data(), pk.size());
auto const d = static_cast<
ripesha_hasher::result_type>(rsh);
AccountID id;
static_assert(sizeof(d) == sizeof(id), "");
std::memcpy(id.data(), d.data(), d.size());
return id;
}
const KeyPair* EllipticCurveCryptographyFactory::generateKeyPair(const CryptoPP::OID& curveId) {
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> groupParameters(curveId);
CryptoPP::ECDH<CryptoPP::ECP>::Domain ecdh(groupParameters);
PublicKey* pub = new PublicKey(ecdh.PublicKeyLength());
PrivateKey* priv = new PrivateKey(ecdh.PrivateKeyLength());
CryptoPP::AutoSeededRandomPool rng;
ecdh.GenerateKeyPair(rng, priv->data(), pub->data());
KeyPair* keys = new KeyPair(pub, priv);
return keys;
}
NodeID
calcNodeID (PublicKey const& pk)
{
ripesha_hasher h;
h(pk.data(), pk.size());
auto const digest = static_cast<
ripesha_hasher::result_type>(h);
static_assert(NodeID::bytes ==
sizeof(ripesha_hasher::result_type), "");
NodeID result;
std::memcpy(result.data(),
digest.data(), digest.size());
return result;
}
bool
verify (PublicKey const& publicKey,
Slice const& m,
Slice const& sig,
bool mustBeFullyCanonical)
{
if (auto const type = publicKeyType(publicKey))
{
if (*type == KeyType::secp256k1)
{
return verifyDigest (publicKey,
sha512Half(m), sig, mustBeFullyCanonical);
}
else if (*type == KeyType::ed25519)
{
if (! ed25519Canonical(sig))
return false;
// We internally prefix Ed25519 keys with a 0xED
// byte to distinguish them from secp256k1 keys
// so when verifying the signature, we need to
// first strip that prefix.
return ed25519_sign_open(
m.data(), m.size(), publicKey.data() + 1,
sig.data()) == 0;
}
}
return false;
}
static PublicKey getKey(Provider *p, const I &in, const QSecureArray &, ConvertResult *result)
{
PublicKey k;
PKeyContext *c = static_cast<PKeyContext *>(getContext("pkey", p));
if(!c)
{
if(result)
*result = ErrorDecode;
return k;
}
ConvertResult r = fromData(c, in);
if(result)
*result = r;
if(r == ConvertGood)
k.change(c);
return k;
}
bool Signer::verify(
const std::vector<unsigned char> &data,
const std::vector<unsigned char> &signature,
const PublicKey &key) const
{
kulloAssert(key.type() == AsymmetricKeyType::Signature);
Botan::PK_Verifier ver(*key.p->pubkey, EMSA);
return ver.verify_message(data, signature);
}
STValidation::STValidation(
uint256 const& ledgerHash,
std::uint32_t ledgerSeq,
uint256 const& consensusHash,
NetClock::time_point signTime,
PublicKey const& publicKey,
SecretKey const& secretKey,
NodeID const& nodeID,
bool isFull,
FeeSettings const& fees,
std::vector<uint256> const& amendments)
: STObject(getFormat(), sfValidation), mNodeID(nodeID), mSeen(signTime)
{
// This is our own public key and it should always be valid.
if (!publicKeyType(publicKey))
LogicError("Invalid validation public key");
assert(mNodeID.isNonZero());
setFieldH256(sfLedgerHash, ledgerHash);
setFieldH256(sfConsensusHash, consensusHash);
setFieldU32(sfSigningTime, signTime.time_since_epoch().count());
setFieldVL(sfSigningPubKey, publicKey.slice());
if (isFull)
setFlag(kFullFlag);
setFieldU32(sfLedgerSequence, ledgerSeq);
if (fees.loadFee)
setFieldU32(sfLoadFee, *fees.loadFee);
if (fees.baseFee)
setFieldU64(sfBaseFee, *fees.baseFee);
if (fees.reserveBase)
setFieldU32(sfReserveBase, *fees.reserveBase);
if (fees.reserveIncrement)
setFieldU32(sfReserveIncrement, *fees.reserveIncrement);
if (!amendments.empty())
setFieldV256(sfAmendments, STVector256(sfAmendments, amendments));
setFlag(vfFullyCanonicalSig);
auto const signingHash = getSigningHash();
setFieldVL(
sfSignature, signDigest(getSignerPublic(), secretKey, signingHash));
setTrusted();
}
Ed25519::Ed25519 (
SecretKey const& secretKey,
PublicKey const& publicKey,
Slice message)
{
if (publicKeyType (publicKey) != KeyType::ed25519)
LogicError ("An Ed25519 public key is required.");
// When PublicKey wraps an Ed25519 key it prefixes
// the key itself with a 0xED byte. We carefully
// skip that byte.
std::memcpy (
payload_.data(),
publicKey.data() + 1,
publicKey.size() - 1);
// Now sign:
ed25519_sign (
message.data(),
message.size(),
secretKey.data(),
payload_.data(),
payload_.data() + pubkey_size_);
}
int64_t
PibDb::addKey(const Name& keyName, const PublicKey& key)
{
if (keyName.empty())
return 0;
Name&& identity = keyName.getPrefix(-1);
if (!hasIdentity(identity))
addIdentity(identity);
sqlite3_stmt* statement;
sqlite3_prepare_v2(m_database,
"INSERT INTO keys (identity_id, key_name, key_type, key_bits) \
values ((SELECT id FROM identities WHERE identity=?), ?, ?, ?)",
-1, &statement, nullptr);
sqlite3_bind_block(statement, 1, identity.wireEncode(), SQLITE_TRANSIENT);
sqlite3_bind_block(statement, 2, keyName.wireEncode(), SQLITE_TRANSIENT);
sqlite3_bind_int(statement, 3, key.getKeyType());
sqlite3_bind_blob(statement, 4, key.get().buf(), key.get().size(), SQLITE_STATIC);
sqlite3_step(statement);
sqlite3_finalize(statement);
return sqlite3_last_insert_rowid(m_database);
}
ptr_lib::shared_ptr<IdentityCertificate>
IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
const PublicKey& publicKey,
const Name& signerCertificateName,
const MillisecondsSince1970& notBefore,
const MillisecondsSince1970& notAfter)
{
ptr_lib::shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = certificatePrefix;
MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
// Get the number of seconds.
ostringstream oss;
oss << floor(ti / 1000.0);
certificateName.append("ID-CERT").append(oss.str());
certificate->setName(certificateName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
certificate->encode();
ptr_lib::shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
KeyLocator keyLocator;
keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig->setKeyLocator(keyLocator);
sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey.getDigest());
certificate->setSignature(*sha256Sig);
SignedBlob unsignedData = certificate->wireEncode();
ptr_lib::shared_ptr<IdentityCertificate> signerCertificate = getCertificate(signerCertificateName);
Name signerkeyName = signerCertificate->getPublicKeyName();
Blob sigBits = privateKeyStorage_->sign(unsignedData, signerkeyName);
sha256Sig->setSignature(sigBits);
return certificate;
}
STValidation::STValidation (
uint256 const& ledgerHash,
NetClock::time_point signTime,
PublicKey const& publicKey,
bool isFull)
: STObject (getFormat (), sfValidation)
, mSeen (signTime)
{
// Does not sign
setFieldH256 (sfLedgerHash, ledgerHash);
setFieldU32 (sfSigningTime, signTime.time_since_epoch().count());
setFieldVL (sfSigningPubKey, publicKey.slice());
mNodeID = calcNodeID(publicKey);
assert (mNodeID.isNonZero ());
if (isFull)
setFlag (kFullFlag);
}
Key
Identity::addKey(const PublicKey& publicKey, const name::Component& keyId)
{
validityCheck();
name::Component actualKeyId = keyId;
if (actualKeyId == EMPTY_KEY_ID) {
const Block& digest = publicKey.computeDigest();
actualKeyId = name::Component(digest.wire(), digest.size());
}
if (!m_needRefreshKeys && m_keys.find(actualKeyId) == m_keys.end()) {
// if we have already loaded all the keys, but the new key is not one of them
// the KeyContainer should be refreshed
m_needRefreshKeys = true;
}
return Key(m_name, actualKeyId, publicKey, m_impl);
}
PublicKey PublicKey::fromHexString(QString const& hexString) {
PublicKey pk;
pk.publicKey = QByteArray::fromHex(hexString.toLatin1());
pk.calculateFingerprintFromPublicKey();
return pk;
}
inline uint qHash(const PublicKey &key) {
return qHash(key.GetParameters()->GetKeyGroup()->ElementToByteArray(key.GetElement()));
}
/**
* Equality operator
* @param other integer to compare
*/
inline bool operator==(const PublicKey &other) const
{
return (_public_key == other.GetElement());
}
Address::Address(PublicKey const & publicKey)
: value_(ripemd160(sha256(publicKey.value())))
, valid_(true)
{
}
PublicKey PublicKey::fromDecodedServerResponse(QByteArray const& response) {
PublicKey pk;
pk.publicKey = response.left(Key::getPublicKeyLength());
pk.calculateFingerprintFromPublicKey();
return pk;
}
bool
ValidatorList::trustedPublisher (PublicKey const& identity) const
{
boost::shared_lock<boost::shared_mutex> read_lock{mutex_};
return identity.size() && publisherLists_.count (identity);
}
SymmetricKey PrivateKey::deriveKey(const PublicKey &theirs)
{
const PKeyContext *theirContext = static_cast<const PKeyContext *>(theirs.context());
return static_cast<PKeyContext *>(context())->key()->deriveKey(*(theirContext->key()));
}
