void fill_serialno_fixed(char *s) { uint32_t uuid[8]; desig_get_unique_id(uuid); sha256_Raw((const uint8_t *)uuid, 12, (uint8_t *)uuid); sha256_Raw((const uint8_t *)uuid, 32, (uint8_t *)uuid); data2hex(uuid, 12, s); }
int memory_write_aeskey(const char *password, int len, PASSWORD_ID id) { int ret = 0; uint8_t password_b[MEM_PAGE_LEN]; memset(password_b, 0, MEM_PAGE_LEN); if (!password) { commander_fill_report("password", FLAG_ERR_PASSWORD_LEN, STATUS_ERROR); return STATUS_ERROR; } if (len < PASSWORD_LEN_MIN) { commander_fill_report("password", FLAG_ERR_PASSWORD_LEN, STATUS_ERROR); return STATUS_ERROR; } if (strlen(password) < PASSWORD_LEN_MIN) { commander_fill_report("password", FLAG_ERR_PASSWORD_LEN, STATUS_ERROR); return STATUS_ERROR; } sha256_Raw((const uint8_t *)password, len, password_b); sha256_Raw(password_b, MEM_PAGE_LEN, password_b); switch ((int)id) { case PASSWORD_MEMORY: memcpy(MEM_aeskey_memory_, password_b, MEM_PAGE_LEN); ret = STATUS_SUCCESS; break; case PASSWORD_2FA: memcpy(MEM_aeskey_2FA_, password_b, MEM_PAGE_LEN); ret = STATUS_SUCCESS; break; case PASSWORD_STAND: ret = memory_eeprom_crypt(password_b, MEM_aeskey_stand_, MEM_AESKEY_STAND_ADDR); break; case PASSWORD_CRYPT: ret = memory_eeprom_crypt(password_b, MEM_aeskey_crypt_, MEM_AESKEY_CRYPT_ADDR); break; case PASSWORD_VERIFY: ret = memory_eeprom_crypt(password_b, MEM_aeskey_verify_, MEM_AESKEY_VERIFY_ADDR); break; default: memset(password_b, 0, MEM_PAGE_LEN); commander_fill_report("password", FLAG_ERR_PASSWORD_ID, STATUS_ERROR); return STATUS_ERROR; } memset(password_b, 0, MEM_PAGE_LEN); if (ret == STATUS_SUCCESS) { return STATUS_SUCCESS; } else { commander_fill_report("password", FLAG_ERR_ATAES, STATUS_ERROR); return STATUS_ERROR; } }
void btc_tx_hash(const btc_tx* tx, uint8_t* hashout) { cstring* txser = cstr_new_sz(1024); btc_tx_serialize(txser, tx); sha256_Raw((const uint8_t*)txser->str, txser->len, hashout); sha256_Raw(hashout, 32, hashout); cstr_free(txser, true); }
int memory_aeskey_is_erased(PASSWORD_ID id) { uint8_t mem_aeskey_erased[MEM_PAGE_LEN]; sha256_Raw((const uint8_t *)MEM_PAGE_ERASE, MEM_PAGE_LEN, mem_aeskey_erased); sha256_Raw(mem_aeskey_erased, MEM_PAGE_LEN, mem_aeskey_erased); if (memcmp(memory_read_aeskey(id), mem_aeskey_erased, 32)) { return STATUS_MEM_NOT_ERASED; } else { return STATUS_MEM_ERASED; } }
int memory_bootloader_hash(uint8_t *hash, bool cached) { static uint8_t cached_hash[SHA256_DIGEST_LENGTH]; if(cached_hash[0] == '\0' || !cached) { sha256_Raw((const uint8_t *)FLASH_BOOT_START, FLASH_BOOT_LEN, cached_hash); sha256_Raw(cached_hash, SHA256_DIGEST_LENGTH, cached_hash); } memcpy(hash, cached_hash, SHA256_DIGEST_LENGTH); return SHA256_DIGEST_LENGTH; }
int base58_encode_check(const uint8_t *data, int datalen, char *str, int strsize) { if (datalen > 128) { return 0; } uint8_t buf[datalen + 32]; uint8_t *hash = buf + datalen; memcpy(buf, data, datalen); sha256_Raw(data, datalen, hash); sha256_Raw(hash, 32, hash); size_t res = strsize; bool success = b58enc(str, &res, buf, datalen + 4); MEMSET_BZERO(buf, sizeof(buf)); return success ? res : 0; }
int base58_encode_check(const uint8_t *data, int len, char *str) { int outlen; switch (len) { case 78: // xpub/xprv 78 outlen = 111; break; case 34: // WIF privkey 1+32+1 outlen = 52; break; case 21: // address 1+20 outlen = 34; break; default: return 0; } uint8_t mydata[82], hash[32]; sha256_Raw(data, len, hash); sha256_Raw(hash, 32, hash); memcpy(mydata, data, len); memcpy(mydata + len, hash, 4); // checksum uint32_t rem, tmp; const char code[] = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; int i, j; for (j = 0; j < outlen; j++) { rem = mydata[0] % 58; mydata[0] /= 58; for (i = 1; i < len + 4; i++) { tmp = rem * 24 + mydata[i]; // 2^8 == 4*58 + 24 mydata[i] = rem * 4 + (tmp / 58); rem = tmp % 58; } str[j] = code[rem]; } // remove duplicite 1s at the end while (outlen > 1 && str[outlen - 1] == code[0] && str[outlen - 2] == code[0]) { outlen--; } str[outlen] = 0; char s; // reverse string for (i = 0; i < outlen / 2; i++) { s = str[i]; str[i] = str[outlen - 1 - i]; str[outlen - 1 - i] = s; } return outlen; }
void hmac_sha256(const void *key_p, const uint32_t keylen, const void *msg_p, const uint32_t msglen, uint8_t *hmac) { const uint8_t *key = key_p; const uint8_t *msg = msg_p; int i; uint8_t buf[SHA256_BLOCK_LENGTH], o_key_pad[SHA256_BLOCK_LENGTH], i_key_pad[SHA256_BLOCK_LENGTH]; SHA256_CTX ctx; memset(buf, 0, SHA256_BLOCK_LENGTH); if (keylen > SHA256_BLOCK_LENGTH) { sha256_Raw(key, keylen, buf); } else { memcpy(buf, key, keylen); } for (i = 0; i < SHA256_BLOCK_LENGTH; i++) { o_key_pad[i] = buf[i] ^ 0x5c; i_key_pad[i] = buf[i] ^ 0x36; } sha256_Init(&ctx); sha256_Update(&ctx, i_key_pad, SHA256_BLOCK_LENGTH); sha256_Update(&ctx, msg, msglen); sha256_Final(buf, &ctx); sha256_Init(&ctx); sha256_Update(&ctx, o_key_pad, SHA256_BLOCK_LENGTH); sha256_Update(&ctx, buf, SHA256_DIGEST_LENGTH); sha256_Final(hmac, &ctx); MEMSET_BZERO(buf, sizeof(buf)); MEMSET_BZERO(o_key_pad, sizeof(o_key_pad)); MEMSET_BZERO(i_key_pad, sizeof(i_key_pad)); }
static int variant_signature_check(const SignedVariantInfo *svi) { uint8_t sigindex1 = svi->meta.sig_index1; uint8_t sigindex2 = svi->meta.sig_index2; uint8_t sigindex3 = svi->meta.sig_index3; if(sigindex1 < 1 || sigindex1 > PUBKEYS) { return SIG_FAIL; } /* Invalid index */ if(sigindex2 < 1 || sigindex2 > PUBKEYS) { return SIG_FAIL; } /* Invalid index */ if(sigindex3 < 1 || sigindex3 > PUBKEYS) { return SIG_FAIL; } /* Invalid index */ if(sigindex1 == sigindex2) { return SIG_FAIL; } /* Duplicate use */ if(sigindex1 == sigindex3) { return SIG_FAIL; } /* Duplicate use */ if(sigindex2 == sigindex3) { return SIG_FAIL; } /* Duplicate use */ uint8_t info_fingerprint[32]; sha256_Raw((void *)&svi->info, svi->meta.code_len, info_fingerprint); if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], &svi->meta.sig1[0], info_fingerprint) != 0) return SIG_FAIL; if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], &svi->meta.sig2[0], info_fingerprint) != 0) return SIG_FAIL; if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], &svi->meta.sig3[0], info_fingerprint) != 0) return SIG_FAIL; return SIG_OK; }
void lisk_get_address_from_public_key(const uint8_t *public_key, char *address) { uint64_t digest[4]; sha256_Raw(public_key, 32, (uint8_t *)digest); bn_format_uint64(digest[0], NULL, "L", 0, 0, false, address, MAX_LISK_ADDRESS_SIZE); }
const char *mnemonic_from_data(const uint8_t *data, int len) { if (len % 4 || len < 16 || len > 32) { return 0; } uint8_t bits[32 + 1]; memcpy(bits, data, len); sha256_Raw(data, len, bits); bits[len] = bits[0]; memcpy(bits, data, len); int mlen = len * 3 / 4; static char mnemo[24 * 10]; int i, j, idx; char *p = mnemo; for (i = 0; i < mlen; i++) { idx = 0; for (j = 0; j < 11; j++) { idx <<= 1; idx += (bits[(i * 11 + j) / 8] & (1 << (7 - ((i * 11 + j) % 8)))) > 0; } strcpy(p, wordlist[idx]); p += strlen(wordlist[idx]); *p = (i < mlen - 1) ? ' ' : 0; p++; } return mnemo; }
const uint16_t *mnemonic_from_data_indexes(const uint8_t *data, int len) { if (len % 4 || len < 16 || len > 32) { return 0; } uint8_t bits[32 + 1]; sha256_Raw(data, len, bits); // checksum bits[len] = bits[0]; // data memcpy(bits, data, len); int mlen = len * 3 / 4; static uint16_t mnemo[24]; int i, j, idx; for (i = 0; i < mlen; i++) { idx = 0; for (j = 0; j < 11; j++) { idx <<= 1; idx += (bits[(i * 11 + j) / 8] & (1 << (7 - ((i * 11 + j) % 8)))) > 0; } mnemo[i] = idx; } return mnemo; }
/* * memory_storage_hash() - SHA256 hash of storage area * * INPUT * - hash: buffer to be filled with hash * - storage_location: current storage location (changes due to wear leveling) * OUTPUT * none */ int memory_storage_hash(uint8_t *hash, Allocation storage_location) { const uint8_t *storage_location_start; storage_location_start = (const uint8_t *)flash_write_helper(storage_location); sha256_Raw(storage_location_start, STORAGE_SECTOR_LEN, hash); return SHA256_DIGEST_LENGTH; }
int b58check(const void *bin, size_t binsz, const char *base58str) { unsigned char buf[32]; const uint8_t *binc = bin; unsigned i; if (binsz < 4) return -4; sha256_Raw(bin, binsz - 4, buf); sha256_Raw(buf, 32, buf); if (memcmp(&binc[binsz - 4], buf, 4)) return -1; // Check number of zeros is correct AFTER verifying checksum (to avoid possibility of accessing base58str beyond the end) for (i = 0; binc[i] == '\0' && base58str[i] == '1'; ++i) {} // Just finding the end of zeros, nothing to do in loop if (binc[i] == '\0' || base58str[i] == '1') return -3; return binc[0]; }
int btc_base58_encode_check(const uint8_t* data, int datalen, char* str, int strsize) { int ret; if (datalen > 128) { return 0; } uint8_t buf[datalen + 32]; uint8_t* hash = buf + datalen; memcpy(buf, data, datalen); sha256_Raw(data, datalen, hash); sha256_Raw(hash, 32, hash); size_t res = strsize; if (btc_base58_encode(str, &res, buf, datalen + 4) != true) { ret = 0; } else { ret = res; } memset(buf, 0, sizeof(buf)); return ret; }
void lisk_message_hash(const uint8_t *message, size_t message_len, uint8_t hash[32]) { SHA256_CTX ctx; sha256_Init(&ctx); sha256_Update(&ctx, (const uint8_t *)"\x15" "Lisk Signed Message:\n", 22); uint8_t varint[5]; uint32_t l = ser_length(message_len, varint); sha256_Update(&ctx, varint, l); sha256_Update(&ctx, message, message_len); sha256_Final(&ctx, hash); sha256_Raw(hash, 32, hash); }
static void runtest (void) { unsigned char md1[SHA256_DIGEST_LENGTH]; unsigned char md2[SHA256_DIGEST_LENGTH]; sha256_Raw((unsigned char *)data1, strlen(data1), md1); sha256_Raw((unsigned char *)data2, strlen(data2), md2); struct bloom bloom; assert(bloom_init(&bloom, 1000, 0.001) == true); bloom_insert(&bloom, md1, sizeof(md1)); assert(bloom_contains(&bloom, md1, sizeof(md1)) == true); assert(bloom_contains(&bloom, md2, sizeof(md2)) == false); cstring *ser = cstr_new_sz(1024); ser_bloom(ser, &bloom); struct bloom bloom2; __bloom_init(&bloom2); struct const_buffer buf = { ser->str, ser->len }; assert(deser_bloom(&bloom2, &buf) == true); assert(bloom.nHashFuncs == bloom2.nHashFuncs); assert(bloom.vData->len == bloom2.vData->len); assert(memcmp(bloom.vData->str, bloom2.vData->str, bloom2.vData->len) == 0); assert(bloom_contains(&bloom2, md1, sizeof(md1)) == true); assert(bloom_contains(&bloom2, md2, sizeof(md2)) == false); bloom_free(&bloom2); bloom_free(&bloom); cstr_free(ser, true); }
int hdnode_public_ckd(HDNode *inout, uint32_t i) { uint8_t data[1 + 32 + 4]; uint8_t I[32 + 32]; uint8_t fingerprint[32]; curve_point a, b; bignum256 c; if (i & 0x80000000) { // private derivation return 0; } else { // public derivation memcpy(data, inout->public_key, 33); } write_be(data + 33, i); sha256_Raw(inout->public_key, 33, fingerprint); ripemd160(fingerprint, 32, fingerprint); inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3]; memset(inout->private_key, 0, 32); if (!ecdsa_read_pubkey(inout->public_key, &a)) { return 0; } hmac_sha512(inout->chain_code, 32, data, sizeof(data), I); memcpy(inout->chain_code, I + 32, 32); bn_read_be(I, &c); if (!bn_is_less(&c, &order256k1)) { // >= order return 0; } scalar_multiply(&c, &b); // b = c * G point_add(&a, &b); // b = a + b #if USE_PUBKEY_VALIDATE if (!ecdsa_validate_pubkey(&b)) { return 0; } #endif inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01); bn_write_be(&b.x, inout->public_key + 1); inout->depth++; inout->child_num = i; return 1; }
void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t keylen) { static CONFIDENTIAL uint8_t i_key_pad[SHA256_BLOCK_LENGTH]; memzero(i_key_pad, SHA256_BLOCK_LENGTH); if (keylen > SHA256_BLOCK_LENGTH) { sha256_Raw(key, keylen, i_key_pad); } else { memcpy(i_key_pad, key, keylen); } for (int i = 0; i < SHA256_BLOCK_LENGTH; i++) { hctx->o_key_pad[i] = i_key_pad[i] ^ 0x5c; i_key_pad[i] ^= 0x36; } sha256_Init(&(hctx->ctx)); sha256_Update(&(hctx->ctx), i_key_pad, SHA256_BLOCK_LENGTH); memzero(i_key_pad, sizeof(i_key_pad)); }
int hdnode_private_ckd(HDNode *inout, uint32_t i) { uint8_t data[1 + 32 + 4]; uint8_t I[32 + 32]; uint8_t fingerprint[32]; bignum256 a, b; if (i & 0x80000000) { // private derivation data[0] = 0; memcpy(data + 1, inout->private_key, 32); } else { // public derivation memcpy(data, inout->public_key, 33); } write_be(data + 33, i); sha256_Raw(inout->public_key, 33, fingerprint); ripemd160(fingerprint, 32, fingerprint); inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3]; bn_read_be(inout->private_key, &a); hmac_sha512(inout->chain_code, 32, data, sizeof(data), I); memcpy(inout->chain_code, I + 32, 32); memcpy(inout->private_key, I, 32); bn_read_be(inout->private_key, &b); if (!bn_is_less(&b, &order256k1)) { // >= order return 0; } bn_addmod(&a, &b, &order256k1); if (bn_is_zero(&a)) { return 0; } inout->depth++; inout->child_num = i; bn_write_be(&a, inout->private_key); hdnode_fill_public_key(inout); return 1; }
void logdb_write_record(logdb_log_db* db, logdb_record *rec) { SHA256_CTX ctx = db->hashctx; SHA256_CTX ctx_final; uint8_t hash[SHA256_DIGEST_LENGTH]; /* serialize record to buffer */ cstring *serbuf = cstr_new_sz(1024); logdb_record_ser(rec, serbuf); /* create hash of the body */ sha256_Raw((const uint8_t*)serbuf->str, serbuf->len, hash); /* write record header */ assert(fwrite(record_magic, 8, 1, db->file) == 1); sha256_Update(&ctx, record_magic, 8); /* write partial hash as body checksum&indicator (body start) */ assert(fwrite(hash, db->hashlen, 1, db->file) == 1); sha256_Update(&ctx, hash, db->hashlen); /* write the body */ fwrite(serbuf->str, serbuf->len, 1, db->file); sha256_Update(&ctx, (uint8_t *)serbuf->str, serbuf->len); /* write partial hash as body checksum&indicator (body end) */ assert(fwrite(hash, db->hashlen, 1, db->file) == 1); sha256_Update(&ctx, hash, db->hashlen); cstr_free(serbuf, true); ctx_final = ctx; sha256_Final(hash, &ctx_final); assert(fwrite(hash, db->hashlen, 1, db->file) == 1); db->hashctx = ctx; }
void test_logdb(logdb_log_db* (*new_func)()) { logdb_log_db *db; enum logdb_error error = 0; struct buffer key = {"key0", 4}; struct buffer value = {"val0", 4}; struct buffer key1; struct buffer value1; cstring *outtest; cstring *value_test; unsigned char testbin[4] = {0x00, 0x10, 0x20, 0x30}; struct buffer value0_new = {"dumb", 4}; struct buffer key2 = {"pkey", 4}; struct buffer value2; struct buffer smp_value; struct buffer smp_key; uint8_t txbin[10240]; uint8_t txbin_rev[10240]; char hexrev[98]; int outlenrev; long fsize; char *buf; char *wrk_buf; FILE *f; unsigned int i; value2.p = testbin; value2.len = 4; key1.p = (char *)key1str; key1.len = strlen(key1str); value1.p = (char *)value1str; value1.len = strlen(value1str); unlink(dbtmpfile); db = new_func(); u_assert_int_eq(logdb_load(db, "file_that_should_not_exists.dat", false, NULL), false); u_assert_int_eq(logdb_load(db, dbtmpfile, true, NULL), true); logdb_append(db, &key, &value); logdb_append(db, &key1, &value1); u_assert_int_eq(logdb_cache_size(db), 2); outtest = logdb_find_cache(db, &key1); u_assert_int_eq(strcmp(outtest->str, value1str),0); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); u_assert_int_eq(logdb_count_keys(db), 2); value_test = logdb_find(db, &key1); u_assert_int_eq(strcmp(value_test->str, value1str), 0); value_test = logdb_find(db, &key); u_assert_int_eq(memcmp(value_test->str, value.p, value.len), 0); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); logdb_append(db, &key2, &value2); logdb_flush(db); logdb_free(db); /* check if private key is available */ db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, &key2); u_assert_int_eq(memcmp(value_test->str, value2.p, value2.len), 0); value_test = logdb_find(db, &key); u_assert_int_eq(memcmp(value_test->str, value.p, value.len), 0); /* delete a record */ logdb_delete(db, &key2); logdb_flush(db); logdb_free(db); /* find and check the deleted record */ db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, &key); u_assert_int_eq(memcmp(value_test->str, value.p, value.len), 0); value_test = logdb_find(db, &key2); u_assert_int_eq((int)value_test, 0); /* should be null */ /* overwrite a key */ logdb_append(db, &key, &value0_new); value_test = logdb_find(db, &key); u_assert_int_eq(memcmp(value_test->str, value0_new.p, value0_new.len), 0); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, &key); u_assert_int_eq(memcmp(value_test->str, value0_new.p, value0_new.len), 0); logdb_flush(db); logdb_free(db); /* simulate corruption */ f = fopen(dbtmpfile, "rb"); fseek(f, 0, SEEK_END); fsize = ftell(f); fseek(f, 0, SEEK_SET); buf = malloc(fsize + 1); fread(buf, fsize, 1, f); fclose(f); /* ---------------------------------------------------- */ wrk_buf = safe_malloc(fsize + 1); memcpy(wrk_buf, buf, fsize); wrk_buf[0] = 0x88; /* wrong header */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_WRONG_FILE_FORMAT); logdb_free(db); /* ---------------------------------------------------- */ memcpy(wrk_buf, buf, fsize); wrk_buf[66] = 0x00; /* wrong checksum hash */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_CHECKSUM); logdb_free(db); /* ---------------------------------------------------- */ memcpy(wrk_buf, buf, fsize); wrk_buf[42] = 0xFF; /* wrong value length */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_DATASTREAM_ERROR); logdb_free(db); free(buf); free(wrk_buf); /* --- large db test */ unlink(dbtmpfile); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, true, NULL), true); for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); smp_key.p = hashbin; smp_key.len = outlen; outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); smp_value.p = txbin; smp_value.len = outlen; logdb_append(db, &smp_key, &smp_value); } u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); smp_key.p = hashbin; smp_key.len = outlen; outtest = logdb_find(db, &smp_key); outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); u_assert_int_eq(outlen, outtest->len); } logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); memcpy(hexrev, tx->txhash, sizeof(tx->txhash)); utils_reverse_hex(hexrev, strlen(tx->txhash)); outlenrev = sizeof(tx->txhash) / 2; utils_hex_to_bin(hexrev, txbin_rev, strlen(hexrev), &outlenrev); smp_key.p = hashbin; smp_key.len = outlen; outtest = logdb_find(db, &smp_key); outlen = strlen(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); u_assert_int_eq(outlen, outtest->len); /* hash transaction data and check hashes */ if (strlen(tx->hextx) > 2) { uint8_t tx_hash_check[SHA256_DIGEST_LENGTH]; sha256_Raw(txbin, outlen, tx_hash_check); sha256_Raw(tx_hash_check, 32, tx_hash_check); u_assert_int_eq(memcmp(tx_hash_check, txbin_rev, SHA256_DIGEST_LENGTH), 0); } } /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); smp_key.p = hashbin; smp_key.len = outlen; logdb_delete(db, &smp_key); } u_assert_int_eq(logdb_count_keys(db), 0); logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), 0); for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); smp_key.p = hashbin; smp_key.len = outlen; outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); smp_value.p = txbin; smp_value.len = outlen; logdb_append(db, &smp_key, &smp_value); } logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); smp_key.p = hashbin; smp_key.len = outlen; outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); smp_value.p = txbin; smp_value.len = outlen; logdb_append(db, &smp_key, &smp_value); } logdb_flush(db); logdb_free(db); }
void test_logdb(logdb_log_db* (*new_func)()) { logdb_log_db *db; enum logdb_error error = 0; cstring *key;// key= {"key0", 4}; cstring *value;// = {"val0", 4}; cstring *key1; cstring *value1; cstring *outtest; cstring *value_test; unsigned char testbin[4] = {0x00, 0x10, 0x20, 0x30}; cstring *value0;// = {"dumb", 4}; cstring *key2;// = {"pkey", 4}; cstring *value2; cstring *smp_value; cstring *smp_key; uint8_t txbin[10240]; uint8_t txbin_rev[10240]; char hexrev[98]; int outlenrev; long fsize; char *buf; char *wrk_buf; FILE *f; unsigned int i; char bufs[300][65]; rb_red_blk_node *nodetest; unsigned int cnt = 0; logdb_record* rec; key = cstr_new("key0"); value = cstr_new("val0"); value0 = cstr_new("dumb"); value1 = cstr_new_sz(10); value2 = cstr_new_sz(10); key1 = cstr_new_sz(10); key2 = cstr_new("key2"); cstr_append_buf(value2, testbin, sizeof(testbin)); cstr_append_buf(value2, testbin, sizeof(testbin)); cstr_append_buf(key1, key1str, strlen(key1str)); cstr_append_buf(value1, value1str, strlen(value1str)); unlink(dbtmpfile); db = new_func(); u_assert_int_eq(logdb_load(db, "file_that_should_not_exists.dat", false, NULL), false); u_assert_int_eq(logdb_load(db, dbtmpfile, true, NULL), true); logdb_append(db, NULL, key, value); logdb_append(db, NULL, key1, value1); u_assert_int_eq(logdb_cache_size(db), 2); outtest = logdb_find_cache(db, key1); u_assert_int_eq(strcmp(outtest->str, value1str),0); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); u_assert_int_eq(logdb_count_keys(db), 2); value_test = logdb_find(db, key1); u_assert_int_eq(strcmp(value_test->str, value1str), 0); value_test = logdb_find(db, key); u_assert_int_eq(memcmp(value_test->str, value->str, value->len), 0); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); logdb_append(db, NULL, key2, value2); logdb_flush(db); logdb_free(db); /* check if private key is available */ db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, key2); u_assert_int_eq(memcmp(value_test->str, value2->str, value2->len), 0); value_test = logdb_find(db, key); u_assert_int_eq(memcmp(value_test->str, value->str, value->len), 0); /* delete a record */ logdb_delete(db, NULL, key2); logdb_flush(db); logdb_free(db); /* find and check the deleted record */ db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, key); u_assert_int_eq(memcmp(value_test->str, value->str, value->len), 0); value_test = logdb_find(db, key2); u_assert_int_eq((int)value_test, 0); /* should be null */ /* overwrite a key */ logdb_append(db, NULL, key, value0); value_test = logdb_find(db, key); u_assert_int_eq(memcmp(value_test->str, value0->str, value0->len), 0); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); value_test = logdb_find(db, key); u_assert_int_eq(memcmp(value_test->str, value0->str, value0->len), 0); logdb_flush(db); logdb_free(db); /* simulate corruption */ f = fopen(dbtmpfile, "rb"); fseek(f, 0, SEEK_END); fsize = ftell(f); fseek(f, 0, SEEK_SET); buf = malloc(fsize + 1); fread(buf, fsize, 1, f); fclose(f); /* ---------------------------------------------------- */ wrk_buf = safe_malloc(fsize + 1); memcpy(wrk_buf, buf, fsize); wrk_buf[0] = 0x88; /* wrong header */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_WRONG_FILE_FORMAT); logdb_free(db); /* ---------------------------------------------------- */ memcpy(wrk_buf, buf, fsize); wrk_buf[66] = 0x00; /* wrong checksum hash */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_CHECKSUM); logdb_free(db); /* ---------------------------------------------------- */ memcpy(wrk_buf, buf, fsize); wrk_buf[42] = 0xFF; /* wrong value length */ unlink(dbtmpfile); f = fopen(dbtmpfile, "wb"); fwrite(wrk_buf, 1, fsize, f); fclose(f); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), false); u_assert_int_eq(error, LOGDB_ERROR_DATASTREAM_ERROR); logdb_free(db); free(buf); free(wrk_buf); /* --- large db test */ unlink(dbtmpfile); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, true, NULL), true); smp_key = cstr_new_sz(100); smp_value = cstr_new_sz(100); for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); cstr_erase(smp_value, 0, smp_value->len); cstr_append_buf(smp_value, txbin, outlen); logdb_append(db, NULL, smp_key, smp_value); } u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); outtest = logdb_find(db, smp_key); outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); u_assert_int_eq(outlen, outtest->len); } logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); memcpy(hexrev, tx->txhash, sizeof(tx->txhash)); utils_reverse_hex(hexrev, strlen(tx->txhash)); outlenrev = sizeof(tx->txhash) / 2; utils_hex_to_bin(hexrev, txbin_rev, strlen(hexrev), &outlenrev); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); outtest = logdb_find(db, smp_key); outlen = strlen(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); u_assert_int_eq(outlen, outtest->len); /* hash transaction data and check hashes */ if (strlen(tx->hextx) > 2) { uint8_t tx_hash_check[SHA256_DIGEST_LENGTH]; sha256_Raw(txbin, outlen, tx_hash_check); sha256_Raw(tx_hash_check, 32, tx_hash_check); u_assert_int_eq(memcmp(tx_hash_check, txbin_rev, SHA256_DIGEST_LENGTH), 0); } } /* check all records */ for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); logdb_delete(db, NULL, smp_key); } u_assert_int_eq(logdb_count_keys(db), 0); logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), 0); for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); cstr_erase(smp_value, 0, smp_value->len); cstr_append_buf(smp_value, txbin, outlen); logdb_append(db, NULL, smp_key, smp_value); } logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); logdb_flush(db); logdb_free(db); db = new_func(); error = 0; u_assert_int_eq(logdb_load(db, dbtmpfile, false, &error), true); u_assert_int_eq(error, LOGDB_SUCCESS); u_assert_int_eq(logdb_count_keys(db), (sizeof(sampledata) / sizeof(sampledata[0]))); if(new_func == logdb_rbtree_new) { logdb_rbtree_db* handle = (logdb_rbtree_db *)db->cb_ctx; size_t size = rbtree_count(handle->tree); nodetest = NULL; while ((nodetest = rbtree_enumerate_next(handle->tree))) { rec = (logdb_record *)nodetest->info; utils_bin_to_hex((unsigned char *)rec->key->str, rec->key->len, bufs[cnt]); for(i = 0; i < cnt; i++) { u_assert_int_eq(strcmp(bufs[i], bufs[cnt]) != 0, 1); } cnt++; } u_assert_int_eq(size, cnt); } for (i = 0; i < (sizeof(sampledata) / sizeof(sampledata[0])); i++) { const struct txtest *tx = &sampledata[i]; uint8_t hashbin[sizeof(tx->txhash) / 2]; int outlen = sizeof(tx->txhash) / 2; utils_hex_to_bin(tx->txhash, hashbin, strlen(tx->txhash), &outlen); cstr_erase(smp_key, 0, smp_key->len); cstr_append_buf(smp_key, hashbin, outlen); outlen = sizeof(tx->hextx) / 2; utils_hex_to_bin(tx->hextx, txbin, strlen(tx->hextx), &outlen); cstr_erase(smp_value, 0, smp_value->len); cstr_append_buf(smp_value, txbin, outlen); logdb_append(db, NULL, smp_key, smp_value); } logdb_flush(db); logdb_free(db); /* test switch mem mapper after initialitaion. */ db = logdb_new(); logdb_set_memmapper(db, &logdb_rbtree_mapper, NULL); logdb_flush(db); logdb_free(db); unlink(dbtmpfile); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, true, NULL), true); // create transaction, don't store logdb_txn* txn = logdb_txn_new(); logdb_append(db, txn, key, value); logdb_append(db, txn, key1, value1); u_assert_int_eq(logdb_cache_size(db), 0); logdb_txn_free(txn); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); // db should still be empty u_assert_int_eq(logdb_count_keys(db), 0); // create transaction, store it this time txn = logdb_txn_new(); logdb_append(db, txn, key, value); logdb_append(db, txn, key1, value1); logdb_txn_commit(db, txn); u_assert_int_eq(logdb_cache_size(db), 2); logdb_txn_free(txn); logdb_flush(db); logdb_free(db); db = new_func(); u_assert_int_eq(logdb_load(db, dbtmpfile, false, NULL), true); // now we should have the two persisted items from the txn u_assert_int_eq(logdb_count_keys(db), 2); logdb_flush(db); logdb_free(db); cstr_free(key, true); cstr_free(value, true); cstr_free(value0, true); cstr_free(value1, true); cstr_free(value2, true); cstr_free(key1, true); cstr_free(key2, true); cstr_free(smp_key, true); cstr_free(smp_value, true); }
btc_bool btc_tx_sighash(const btc_tx* tx_to, const cstring* fromPubKey, unsigned int in_num, int hashtype, uint8_t* hash) { if (in_num >= tx_to->vin->len) return false; btc_bool ret = true; btc_tx* tx_tmp = btc_tx_new(); btc_tx_copy(tx_tmp, tx_to); cstring* new_script = cstr_new_sz(fromPubKey->len); btc_script_copy_without_op_codeseperator(fromPubKey, new_script); unsigned int i; btc_tx_in* tx_in; for (i = 0; i < tx_tmp->vin->len; i++) { tx_in = vector_idx(tx_tmp->vin, i); cstr_resize(tx_in->script_sig, 0); if (i == in_num) cstr_append_buf(tx_in->script_sig, new_script->str, new_script->len); } cstr_free(new_script, true); /* Blank out some of the outputs */ if ((hashtype & 0x1f) == SIGHASH_NONE) { /* Wildcard payee */ if (tx_tmp->vout) vector_free(tx_tmp->vout, true); tx_tmp->vout = vector_new(1, btc_tx_out_free_cb); /* Let the others update at will */ for (i = 0; i < tx_tmp->vin->len; i++) { tx_in = vector_idx(tx_tmp->vin, i); if (i != in_num) tx_in->sequence = 0; } } else if ((hashtype & 0x1f) == SIGHASH_SINGLE) { /* Only lock-in the txout payee at same index as txin */ unsigned int n_out = in_num; if (n_out >= tx_tmp->vout->len) { //TODO: set error code ret = false; goto out; } vector_resize(tx_tmp->vout, n_out + 1); for (i = 0; i < n_out; i++) { btc_tx_out* tx_out; tx_out = vector_idx(tx_tmp->vout, i); tx_out->value = -1; if (tx_out->script_pubkey) { cstr_free(tx_out->script_pubkey, true); tx_out->script_pubkey = NULL; } } /* Let the others update at will */ for (i = 0; i < tx_tmp->vin->len; i++) { tx_in = vector_idx(tx_tmp->vin, i); if (i != in_num) tx_in->sequence = 0; } } /* Blank out other inputs completely; not recommended for open transactions */ if (hashtype & SIGHASH_ANYONECANPAY) { if (in_num > 0) vector_remove_range(tx_tmp->vin, 0, in_num); vector_resize(tx_tmp->vin, 1); } cstring* s = cstr_new_sz(512); btc_tx_serialize(s, tx_tmp); ser_s32(s, hashtype); sha256_Raw((const uint8_t*)s->str, s->len, hash); sha256_Raw(hash, 32, hash); cstr_free(s, true); out: btc_tx_free(tx_tmp); return ret; }
int memory_bootloader_hash(uint8_t *hash) { sha256_Raw(FLASH_PTR(FLASH_BOOT_START), FLASH_BOOT_LEN, hash); sha256_Raw(hash, 32, hash); return 32; }
static bool bp_script_eval(parr *stack, const cstring *script, const struct bp_tx *txTo, unsigned int nIn, unsigned int flags, int nHashType) { struct const_buffer pc = { script->str, script->len }; struct const_buffer pend = { script->str + script->len, 0 }; struct const_buffer pbegincodehash = { script->str, script->len }; struct bscript_op op; bool rc = false; cstring *vfExec = cstr_new(NULL); parr *altstack = parr_new(0, buffer_freep); mpz_t bn, bn_Zero, bn_One; mpz_init(bn); mpz_init_set_ui(bn_Zero, 0); mpz_init_set_ui(bn_One,1); if (script->len > MAX_SCRIPT_SIZE) goto out; unsigned int nOpCount = 0; bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0; struct bscript_parser bp; bsp_start(&bp, &pc); while (pc.p < pend.p) { bool fExec = !count_false(vfExec); if (!bsp_getop(&op, &bp)) goto out; enum opcodetype opcode = op.op; if (op.data.len > MAX_SCRIPT_ELEMENT_SIZE) goto out; if (opcode > OP_16 && ++nOpCount > MAX_OPS_PER_SCRIPT) goto out; if (disabled_op[opcode]) goto out; if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) { if (fRequireMinimal && !CheckMinimalPush(&op.data, opcode)) goto out; stack_push(stack, (struct buffer *) &op.data); } else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF)) switch (opcode) { // // Push value // case OP_1NEGATE: case OP_1: case OP_2: case OP_3: case OP_4: case OP_5: case OP_6: case OP_7: case OP_8: case OP_9: case OP_10: case OP_11: case OP_12: case OP_13: case OP_14: case OP_15: case OP_16: mpz_set_si(bn, (int)opcode - (int)(OP_1 - 1)); stack_push_str(stack, bn_getvch(bn)); break; // // Control // case OP_NOP: break; case OP_CHECKLOCKTIMEVERIFY: { if (!(flags & SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) { // not enabled; treat as a NOP2 if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) goto out; break; } if (stack->len < 1) goto out; // Note that elsewhere numeric opcodes are limited to // operands in the range -2**31+1 to 2**31-1, however it is // legal for opcodes to produce results exceeding that // range. This limitation is implemented by CastToBigNum's // default 4-byte limit. // // If we kept to that limit we'd have a year 2038 problem, // even though the nLockTime field in transactions // themselves is uint32 which only becomes meaningless // after the year 2106. // // Thus as a special case we tell CastToBigNum to accept up // to 5-byte bignums, which are good until 2**39-1, well // beyond the 2**32-1 limit of the nLockTime field itself. if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, 5)) goto out; // In the rare event that the argument may be < 0 due to // some arithmetic being done first, you can always use // 0 MAX CHECKLOCKTIMEVERIFY. if (mpz_sgn(bn) < 0) goto out; uint64_t nLockTime = mpz_get_ui(bn); // Actually compare the specified lock time with the transaction. if (!CheckLockTime(nLockTime, txTo, nIn)) goto out; break; } case OP_CHECKSEQUENCEVERIFY: { if (!(flags & SCRIPT_VERIFY_CHECKSEQUENCEVERIFY)) { // not enabled; treat as a NOP3 if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) goto out; break; } if (stack->len < 1) goto out; // nSequence, like nLockTime, is a 32-bit unsigned integer // field. See the comment in CHECKLOCKTIMEVERIFY regarding // 5-byte numeric operands. if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, 5)) goto out; // In the rare event that the argument may be < 0 due to // some arithmetic being done first, you can always use // 0 MAX CHECKSEQUENCEVERIFY. if (mpz_sgn(bn) < 0) goto out; uint32_t nSequence = mpz_get_ui(bn); // To provide for future soft-fork extensibility, if the // operand has the disabled lock-time flag set, // CHECKSEQUENCEVERIFY behaves as a NOP. if ((nSequence & SEQUENCE_LOCKTIME_DISABLE_FLAG) != 0) break; // Compare the specified sequence number with the input. if (!CheckSequence(nSequence, txTo, nIn)) goto out; break; } case OP_NOP1: case OP_NOP4: case OP_NOP5: case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10: if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) goto out; break; case OP_IF: case OP_NOTIF: { // <expression> if [statements] [else [statements]] endif bool fValue = false; if (fExec) { if (stack->len < 1) goto out; struct buffer *vch = stacktop(stack, -1); fValue = CastToBool(vch); if (opcode == OP_NOTIF) fValue = !fValue; popstack(stack); } uint8_t vc = (uint8_t) fValue; cstr_append_c(vfExec, vc); break; } case OP_ELSE: { if (vfExec->len == 0) goto out; uint8_t *v = (uint8_t *) &vfExec->str[vfExec->len - 1]; *v = !(*v); break; } case OP_ENDIF: if (vfExec->len == 0) goto out; cstr_erase(vfExec, vfExec->len - 1, 1); break; case OP_VERIFY: { if (stack->len < 1) goto out; bool fValue = CastToBool(stacktop(stack, -1)); if (fValue) popstack(stack); else goto out; break; } case OP_RETURN: goto out; // // Stack ops // case OP_TOALTSTACK: if (stack->len < 1) goto out; stack_push(altstack, stacktop(stack, -1)); popstack(stack); break; case OP_FROMALTSTACK: if (altstack->len < 1) goto out; stack_push(stack, stacktop(altstack, -1)); popstack(altstack); break; case OP_2DROP: // (x1 x2 -- ) if (stack->len < 2) goto out; popstack(stack); popstack(stack); break; case OP_2DUP: { // (x1 x2 -- x1 x2 x1 x2) if (stack->len < 2) goto out; struct buffer *vch1 = stacktop(stack, -2); struct buffer *vch2 = stacktop(stack, -1); stack_push(stack, vch1); stack_push(stack, vch2); break; } case OP_3DUP: { // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3) if (stack->len < 3) goto out; struct buffer *vch1 = stacktop(stack, -3); struct buffer *vch2 = stacktop(stack, -2); struct buffer *vch3 = stacktop(stack, -1); stack_push(stack, vch1); stack_push(stack, vch2); stack_push(stack, vch3); break; } case OP_2OVER: { // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2) if (stack->len < 4) goto out; struct buffer *vch1 = stacktop(stack, -4); struct buffer *vch2 = stacktop(stack, -3); stack_push(stack, vch1); stack_push(stack, vch2); break; } case OP_2ROT: { // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2) if (stack->len < 6) goto out; struct buffer *vch1 = stack_take(stack, -6); struct buffer *vch2 = stack_take(stack, -5); parr_remove_range(stack, stack->len - 6, 2); stack_push_nocopy(stack, vch1); stack_push_nocopy(stack, vch2); break; } case OP_2SWAP: // (x1 x2 x3 x4 -- x3 x4 x1 x2) if (stack->len < 4) goto out; stack_swap(stack, -4, -2); stack_swap(stack, -3, -1); break; case OP_IFDUP: { // (x - 0 | x x) if (stack->len < 1) goto out; struct buffer *vch = stacktop(stack, -1); if (CastToBool(vch)) stack_push(stack, vch); break; } case OP_DEPTH: // -- stacksize mpz_set_ui(bn, stack->len); stack_push_str(stack, bn_getvch(bn)); break; case OP_DROP: // (x -- ) if (stack->len < 1) goto out; popstack(stack); break; case OP_DUP: { // (x -- x x) if (stack->len < 1) goto out; struct buffer *vch = stacktop(stack, -1); stack_push(stack, vch); break; } case OP_NIP: // (x1 x2 -- x2) if (stack->len < 2) goto out; parr_remove_idx(stack, stack->len - 2); break; case OP_OVER: { // (x1 x2 -- x1 x2 x1) if (stack->len < 2) goto out; struct buffer *vch = stacktop(stack, -2); stack_push(stack, vch); break; } case OP_PICK: case OP_ROLL: { // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn) // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn) if (stack->len < 2) goto out; int n = stackint(stack, -1, fRequireMinimal); popstack(stack); if (n < 0 || n >= (int)stack->len) goto out; struct buffer *vch = stacktop(stack, -n-1); if (opcode == OP_ROLL) { vch = buffer_copy(vch->p, vch->len); parr_remove_idx(stack, stack->len - n - 1); stack_push_nocopy(stack, vch); } else stack_push(stack, vch); break; } case OP_ROT: { // (x1 x2 x3 -- x2 x3 x1) // x2 x1 x3 after first swap // x2 x3 x1 after second swap if (stack->len < 3) goto out; stack_swap(stack, -3, -2); stack_swap(stack, -2, -1); break; } case OP_SWAP: { // (x1 x2 -- x2 x1) if (stack->len < 2) goto out; stack_swap(stack, -2, -1); break; } case OP_TUCK: { // (x1 x2 -- x2 x1 x2) if (stack->len < 2) goto out; struct buffer *vch = stacktop(stack, -1); stack_insert(stack, vch, -2); break; } case OP_SIZE: { // (in -- in size) if (stack->len < 1) goto out; struct buffer *vch = stacktop(stack, -1); mpz_set_ui(bn, vch->len); stack_push_str(stack, bn_getvch(bn)); break; } case OP_EQUAL: case OP_EQUALVERIFY: { // (x1 x2 - bool) if (stack->len < 2) goto out; struct buffer *vch1 = stacktop(stack, -2); struct buffer *vch2 = stacktop(stack, -1); bool fEqual = buffer_equal(vch1, vch2); // OP_NOTEQUAL is disabled because it would be too easy to say // something like n != 1 and have some wiseguy pass in 1 with extra // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001) //if (opcode == OP_NOTEQUAL) // fEqual = !fEqual; popstack(stack); popstack(stack); stack_push_str(stack, fEqual ? bn_getvch(bn_One) : bn_getvch(bn_Zero)); if (opcode == OP_EQUALVERIFY) { if (fEqual) popstack(stack); else goto out; } break; } // // Numeric // case OP_1ADD: case OP_1SUB: case OP_NEGATE: case OP_ABS: case OP_NOT: case OP_0NOTEQUAL: { // (in -- out) if (stack->len < 1) goto out; if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize)) goto out; switch (opcode) { case OP_1ADD: mpz_add_ui(bn, bn, 1); break; case OP_1SUB: mpz_sub_ui(bn, bn, 1); break; case OP_NEGATE: mpz_neg(bn, bn); break; case OP_ABS: mpz_abs(bn, bn); break; case OP_NOT: mpz_set_ui(bn, mpz_sgn(bn) == 0 ? 1 : 0); break; case OP_0NOTEQUAL: mpz_set_ui(bn, mpz_sgn(bn) == 0 ? 0 : 1); break; default: // impossible goto out; } popstack(stack); stack_push_str(stack, bn_getvch(bn)); break; } case OP_ADD: case OP_SUB: case OP_BOOLAND: case OP_BOOLOR: case OP_NUMEQUAL: case OP_NUMEQUALVERIFY: case OP_NUMNOTEQUAL: case OP_LESSTHAN: case OP_GREATERTHAN: case OP_LESSTHANOREQUAL: case OP_GREATERTHANOREQUAL: case OP_MIN: case OP_MAX: { // (x1 x2 -- out) if (stack->len < 2) goto out; mpz_t bn1, bn2; mpz_init(bn1); mpz_init(bn2); if (!CastToBigNum(bn1, stacktop(stack, -2), fRequireMinimal, nDefaultMaxNumSize) || !CastToBigNum(bn2, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize)) { mpz_clear(bn1); mpz_clear(bn2); goto out; } switch (opcode) { case OP_ADD: mpz_add(bn, bn1, bn2); break; case OP_SUB: mpz_sub(bn, bn1, bn2); break; case OP_BOOLAND: mpz_set_ui(bn, !(mpz_sgn(bn1) == 0) && !(mpz_sgn(bn2) == 0) ? 1 : 0); break; case OP_BOOLOR: mpz_set_ui(bn, !(mpz_sgn(bn1) == 0) || !(mpz_sgn(bn2) == 0) ? 1 : 0); break; case OP_NUMEQUAL: case OP_NUMEQUALVERIFY: mpz_set_ui(bn, mpz_cmp(bn1, bn2) == 0 ? 1 : 0); break; case OP_NUMNOTEQUAL: mpz_set_ui(bn, mpz_cmp(bn1, bn2) != 0 ? 1 : 0); break; case OP_LESSTHAN: mpz_set_ui(bn, mpz_cmp(bn1, bn2) < 0 ? 1 : 0); break; case OP_GREATERTHAN: mpz_set_ui(bn, mpz_cmp(bn1, bn2) > 0 ? 1 : 0); break; case OP_LESSTHANOREQUAL: mpz_set_ui(bn, mpz_cmp(bn1, bn2) <= 0 ? 1 : 0); break; case OP_GREATERTHANOREQUAL: mpz_set_ui(bn, mpz_cmp(bn1, bn2) >= 0 ? 1 : 0); break; case OP_MIN: if (mpz_cmp(bn1, bn2) < 0) mpz_set(bn, bn1); else mpz_set(bn, bn2); break; case OP_MAX: if (mpz_cmp(bn1, bn2) > 0) mpz_set(bn, bn1); else mpz_set(bn, bn2); break; default: // impossible break; } popstack(stack); popstack(stack); stack_push_str(stack, bn_getvch(bn)); mpz_clear(bn1); mpz_clear(bn2); if (opcode == OP_NUMEQUALVERIFY) { if (CastToBool(stacktop(stack, -1))) popstack(stack); else goto out; } break; } case OP_WITHIN: { // (x min max -- out) if (stack->len < 3) goto out; mpz_t bn1, bn2, bn3; mpz_init(bn1); mpz_init(bn2); mpz_init(bn3); bool rc1 = CastToBigNum(bn1, stacktop(stack, -3), fRequireMinimal, nDefaultMaxNumSize); bool rc2 = CastToBigNum(bn2, stacktop(stack, -2), fRequireMinimal, nDefaultMaxNumSize); bool rc3 = CastToBigNum(bn3, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize); bool fValue = (mpz_cmp(bn2, bn1) <= 0 && mpz_cmp(bn1, bn3) < 0); popstack(stack); popstack(stack); popstack(stack); stack_push_str(stack, fValue ? bn_getvch(bn_One) : bn_getvch(bn_Zero)); mpz_clear(bn1); mpz_clear(bn2); mpz_clear(bn3); if (!rc1 || !rc2 || !rc3) goto out; break; } // // Crypto // case OP_RIPEMD160: case OP_SHA1: case OP_SHA256: case OP_HASH160: case OP_HASH256: { // (in -- hash) if (stack->len < 1) goto out; struct buffer *vch = stacktop(stack, -1); unsigned int hashlen; unsigned char md[32]; switch (opcode) { case OP_RIPEMD160: hashlen = 20; ripemd160(vch->p, vch->len, md); break; case OP_SHA1: hashlen = 20; sha1_Raw(vch->p, vch->len, md); break; case OP_SHA256: hashlen = 32; sha256_Raw(vch->p, vch->len, md); break; case OP_HASH160: hashlen = 20; bu_Hash160(md, vch->p, vch->len); break; case OP_HASH256: hashlen = 32; bu_Hash(md, vch->p, vch->len); break; default: // impossible goto out; } popstack(stack); struct buffer buf = { md, hashlen }; stack_push(stack, &buf); break; } case OP_CODESEPARATOR: // Hash starts after the code separator memcpy(&pbegincodehash, &pc, sizeof(pc)); break; case OP_CHECKSIG: case OP_CHECKSIGVERIFY: { // (sig pubkey -- bool) if (stack->len < 2) goto out; struct buffer *vchSig = stacktop(stack, -2); struct buffer *vchPubKey = stacktop(stack, -1); // Subset of script starting at the most recent codeseparator cstring *scriptCode = cstr_new_buf(pbegincodehash.p, pbegincodehash.len); // Drop the signature, since there's no way for // a signature to sign itself string_find_del(scriptCode, vchSig); if (!CheckSignatureEncoding(vchSig, flags) || !CheckPubKeyEncoding(vchPubKey, flags)) { cstr_free(scriptCode, true); goto out; } bool fSuccess = bp_checksig(vchSig, vchPubKey, scriptCode, txTo, nIn); cstr_free(scriptCode, true); popstack(stack); popstack(stack); stack_push_str(stack, fSuccess ? bn_getvch(bn_One) : bn_getvch(bn_Zero)); if (opcode == OP_CHECKSIGVERIFY) { if (fSuccess) popstack(stack); else goto out; } break; } case OP_CHECKMULTISIG: case OP_CHECKMULTISIGVERIFY: { // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool) int i = 1; if ((int)stack->len < i) goto out; int nKeysCount = stackint(stack, -i, fRequireMinimal); if (nKeysCount < 0 || nKeysCount > MAX_PUBKEYS_PER_MULTISIG) goto out; nOpCount += nKeysCount; if (nOpCount > MAX_OPS_PER_SCRIPT) goto out; int ikey = ++i; i += nKeysCount; if ((int)stack->len < i) goto out; int nSigsCount = stackint(stack, -i, fRequireMinimal); if (nSigsCount < 0 || nSigsCount > nKeysCount) goto out; int isig = ++i; i += nSigsCount; if ((int)stack->len < i) goto out; // Subset of script starting at the most recent codeseparator cstring *scriptCode = cstr_new_buf(pbegincodehash.p, pbegincodehash.len); // Drop the signatures, since there's no way for // a signature to sign itself int k; for (k = 0; k < nSigsCount; k++) { struct buffer *vchSig =stacktop(stack, -isig-k); string_find_del(scriptCode, vchSig); } bool fSuccess = true; while (fSuccess && nSigsCount > 0) { struct buffer *vchSig = stacktop(stack, -isig); struct buffer *vchPubKey = stacktop(stack, -ikey); // Note how this makes the exact order of pubkey/signature evaluation // distinguishable by CHECKMULTISIG NOT if the STRICTENC flag is set. // See the script_(in)valid tests for details. if (!CheckSignatureEncoding(vchSig, flags) || !CheckPubKeyEncoding(vchPubKey, flags)) { cstr_free(scriptCode, true); goto out; } // Check signature bool fOk = bp_checksig(vchSig, vchPubKey, scriptCode, txTo, nIn); if (fOk) { isig++; nSigsCount--; } ikey++; nKeysCount--; // If there are more signatures left than keys left, // then too many signatures have failed if (nSigsCount > nKeysCount) fSuccess = false; } cstr_free(scriptCode, true); // Clean up stack of actual arguments while (i-- > 1) popstack(stack); // A bug causes CHECKMULTISIG to consume one extra argument // whose contents were not checked in any way. // // Unfortunately this is a potential source of mutability, // so optionally verify it is exactly equal to zero prior // to removing it from the stack. if ((int)stack->len < 1) goto out; if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(stack, -1)->len) goto out; popstack(stack); stack_push_str(stack, fSuccess ? bn_getvch(bn_One) : bn_getvch(bn_Zero)); if (opcode == OP_CHECKMULTISIGVERIFY) { if (fSuccess) popstack(stack); else goto out; } break; } default: goto out; } // Size limits if (stack->len + altstack->len > 1000) goto out; } rc = (vfExec->len == 0 && bp.error == false); out: mpz_clears(bn, bn_Zero, bn_One, NULL); parr_free(altstack, true); cstr_free(vfExec, true); return rc; }
int base58_decode_check(const char *str, uint8_t *data) { const char decode[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, -1, -1, -1, -1, -1, -1, -1, 9, 10, 11, 12, 13, 14, 15, 16, -1, 17, 18, 19, 20, 21, -1, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, -1, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57 }; int outlen; switch (strlen(str)) { case 111: // xpub/xprv outlen = 78; break; case 52: // WIF privkey outlen = 35; break; case 27: // address case 28: case 29: case 30: case 31: case 32: case 33: case 34: outlen = 21; break; default: return 0; } uint8_t mydata[82], hash[32]; memset(mydata, 0, sizeof(mydata)); int i, j, k; while (*str) { i = *str; if (i < 0 || i >= (int)sizeof(decode)) { // invalid character return 0; } k = decode[i]; if (k == -1) { // invalid character return 0; } for (j = outlen + 4 - 1; j >= 0; j--) { k += mydata[j] * 58; mydata[j] = k & 0xFF; k >>= 8; } str++; } sha256_Raw(mydata, outlen, hash); sha256_Raw(hash, 32, hash); if (memcmp(mydata + outlen, hash, 4)) { // wrong checksum return 0; } memcpy(data, mydata, outlen); return outlen; }
int mnemonic_check(const char *mnemonic) { if (!mnemonic) { return 0; } uint32_t i, n; i = 0; n = 0; while (mnemonic[i]) { if (mnemonic[i] == ' ') { n++; } i++; } n++; // check number of words if (n != 12 && n != 18 && n != 24) { return 0; } char current_word[10]; uint32_t j, k, ki, bi; uint8_t bits[32 + 1]; memset(bits, 0, sizeof(bits)); i = 0; bi = 0; while (mnemonic[i]) { j = 0; while (mnemonic[i] != ' ' && mnemonic[i] != 0) { if (j >= sizeof(current_word)) { return 0; } current_word[j] = mnemonic[i]; i++; j++; } current_word[j] = 0; if (mnemonic[i] != 0) i++; k = 0; for (;;) { if (!wordlist[k]) { // word not found return 0; } if (strcmp(current_word, wordlist[k]) == 0) { // word found on index k for (ki = 0; ki < 11; ki++) { if (k & (1 << (10 - ki))) { bits[bi / 8] |= 1 << (7 - (bi % 8)); } bi++; } break; } k++; } } if (bi != n * 11) { return 0; } bits[32] = bits[n * 4 / 3]; sha256_Raw(bits, n * 4 / 3, bits); if (n == 12) { return (bits[0] & 0xF0) == (bits[32] & 0xF0); // compare first 4 bits } else if (n == 18) { return (bits[0] & 0xFC) == (bits[32] & 0xFC); // compare first 6 bits } else if (n == 24) { return bits[0] == bits[32]; // compare 8 bits } return 0; }
void fsm_msgSignIdentity(SignIdentity *msg) { RESP_INIT(SignedIdentity); layoutSignIdentity(&(msg->identity), msg->has_challenge_visual ? msg->challenge_visual : 0); if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Sign identity cancelled"); layoutHome(); return; } if (!protectPin(true)) { layoutHome(); return; } uint8_t hash[32]; if (!msg->has_identity || cryptoIdentityFingerprint(&(msg->identity), hash) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Invalid identity"); layoutHome(); return; } uint32_t address_n[5]; address_n[0] = 0x80000000 | 13; address_n[1] = 0x80000000 | hash[ 0] | (hash[ 1] << 8) | (hash[ 2] << 16) | (hash[ 3] << 24); address_n[2] = 0x80000000 | hash[ 4] | (hash[ 5] << 8) | (hash[ 6] << 16) | (hash[ 7] << 24); address_n[3] = 0x80000000 | hash[ 8] | (hash[ 9] << 8) | (hash[10] << 16) | (hash[11] << 24); address_n[4] = 0x80000000 | hash[12] | (hash[13] << 8) | (hash[14] << 16) | (hash[15] << 24); const HDNode *node = fsm_getDerivedNode(address_n, 5); if (!node) return; uint8_t public_key[33]; // copy public key to temporary buffer memcpy(public_key, node->public_key, sizeof(public_key)); if (msg->has_ecdsa_curve_name) { const ecdsa_curve *curve = get_curve_by_name(msg->ecdsa_curve_name); if (curve) { // correct public key (since fsm_getDerivedNode uses secp256k1 curve) ecdsa_get_public_key33(curve, node->private_key, public_key); } } bool sign_ssh = msg->identity.has_proto && (strcmp(msg->identity.proto, "ssh") == 0); int result = 0; layoutProgressSwipe("Signing", 0); if (sign_ssh) { // SSH does not sign visual challenge result = sshMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes); } else { uint8_t digest[64]; sha256_Raw(msg->challenge_hidden.bytes, msg->challenge_hidden.size, digest); sha256_Raw((const uint8_t *)msg->challenge_visual, strlen(msg->challenge_visual), digest + 32); result = cryptoMessageSign(digest, 64, node->private_key, resp->signature.bytes); } if (result == 0) { if (sign_ssh) { resp->has_address = false; } else { resp->has_address = true; uint8_t addr_raw[21]; ecdsa_get_address_raw(node->public_key, 0x00, addr_raw); // hardcoded Bitcoin address type base58_encode_check(addr_raw, 21, resp->address, sizeof(resp->address)); } resp->has_public_key = true; resp->public_key.size = 33; memcpy(resp->public_key.bytes, public_key, 33); resp->has_signature = true; resp->signature.size = 65; msg_write(MessageType_MessageType_SignedIdentity, resp); } else { fsm_sendFailure(FailureType_Failure_Other, "Error signing identity"); } layoutHome(); }