From 743608ec16e27a3c1ca2febd4e80391a32c23efd Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Wed, 20 May 2020 21:43:09 +0000 Subject: [PATCH 1/2] wallet: allow signing a message with spend or view key --- src/cryptonote_config.h | 1 + src/device/device.hpp | 1 + src/device/device_default.cpp | 6 ++ src/device/device_default.hpp | 1 + src/device/device_ledger.cpp | 6 ++ src/device/device_ledger.hpp | 1 + src/simplewallet/simplewallet.cpp | 38 +++++-- src/wallet/api/wallet.cpp | 4 +- src/wallet/wallet2.cpp | 101 +++++++++++++++---- src/wallet/wallet2.h | 6 +- src/wallet/wallet_rpc_server.cpp | 27 ++++- src/wallet/wallet_rpc_server_commands_defs.h | 8 ++ src/wallet/wallet_rpc_server_error_codes.h | 1 + tests/functional_tests/sign_message.py | 15 ++- tests/fuzz/signature.cpp | 4 +- utils/python-rpc/framework/wallet.py | 3 +- 16 files changed, 179 insertions(+), 44 deletions(-) diff --git a/src/cryptonote_config.h b/src/cryptonote_config.h index f4709dc01..99d998824 100644 --- a/src/cryptonote_config.h +++ b/src/cryptonote_config.h @@ -230,6 +230,7 @@ namespace config const unsigned char HASH_KEY_CLSAG_ROUND[] = "CLSAG_round"; const unsigned char HASH_KEY_CLSAG_AGG_0[] = "CLSAG_agg_0"; const unsigned char HASH_KEY_CLSAG_AGG_1[] = "CLSAG_agg_1"; + const char HASH_KEY_MESSAGE_SIGNING[] = "MessageSignature"; namespace testnet { diff --git a/src/device/device.hpp b/src/device/device.hpp index 582eb2242..a6694ad09 100644 --- a/src/device/device.hpp +++ b/src/device/device.hpp @@ -162,6 +162,7 @@ namespace hw { virtual std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) = 0; virtual cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) = 0; virtual crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) = 0; + virtual crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) = 0; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/device/device_default.cpp b/src/device/device_default.cpp index 145197212..cb63deb15 100644 --- a/src/device/device_default.cpp +++ b/src/device/device_default.cpp @@ -207,6 +207,12 @@ namespace hw { return m; } + crypto::secret_key device_default::get_subaddress_view_secret_key(const crypto::secret_key &a, const cryptonote::subaddress_index &index) { + crypto::secret_key skey = get_subaddress_secret_key(a, index); + sc_mul((unsigned char*)skey.data, (const unsigned char*)skey.data, (const unsigned char*)a.data); + return skey; + } + /* ======================================================================= */ /* DERIVATION & KEY */ /* ======================================================================= */ diff --git a/src/device/device_default.hpp b/src/device/device_default.hpp index 2493bd67d..e49a75b1c 100644 --- a/src/device/device_default.hpp +++ b/src/device/device_default.hpp @@ -85,6 +85,7 @@ namespace hw { std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) override; cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) override; crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; + crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp index 4e89f835d..ec5c52e58 100644 --- a/src/device/device_ledger.cpp +++ b/src/device/device_ledger.cpp @@ -880,6 +880,12 @@ namespace hw { return sub_sec; } + crypto::secret_key device_ledger::get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) { +#warning TODO + MERROR("Not implemented yet"); + return crypto::null_skey; + } + /* ======================================================================= */ /* DERIVATION & KEY */ /* ======================================================================= */ diff --git a/src/device/device_ledger.hpp b/src/device/device_ledger.hpp index d3ec08288..f82339f7a 100644 --- a/src/device/device_ledger.hpp +++ b/src/device/device_ledger.hpp @@ -249,6 +249,7 @@ namespace hw { std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) override; cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) override; crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; + crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 02540a844..c974313a0 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -223,7 +223,7 @@ namespace const char* USAGE_GET_TX_NOTE("get_tx_note "); const char* USAGE_GET_DESCRIPTION("get_description"); const char* USAGE_SET_DESCRIPTION("set_description [free text note]"); - const char* USAGE_SIGN("sign [,] "); + const char* USAGE_SIGN("sign [,] [--spend|--view|--both] "); const char* USAGE_VERIFY("verify
"); const char* USAGE_EXPORT_KEY_IMAGES("export_key_images [all] "); const char* USAGE_IMPORT_KEY_IMAGES("import_key_images "); @@ -9877,7 +9877,7 @@ bool simple_wallet::sign(const std::vector &args) fail_msg_writer() << tr("command not supported by HW wallet"); return true; } - if (args.size() != 1 && args.size() != 2) + if (args.size() != 1 && args.size() != 2 && args.size() != 3) { PRINT_USAGE(USAGE_SIGN); return true; @@ -9893,17 +9893,33 @@ bool simple_wallet::sign(const std::vector &args) return true; } + tools::wallet2::message_signature_type_t message_signature_type = tools::wallet2::sign_with_spend_key; subaddress_index index{0, 0}; - if (args.size() == 2) + for (unsigned int idx = 0; idx + 1 < args.size(); ++idx) { unsigned int a, b; - if (sscanf(args[0].c_str(), "%u,%u", &a, &b) != 2) + if (sscanf(args[idx].c_str(), "%u,%u", &a, &b) == 2) { - fail_msg_writer() << tr("Invalid subaddress index format"); + index.major = a; + index.minor = b; + } + else if (args[idx] == "--spend") + { + message_signature_type = tools::wallet2::sign_with_spend_key; + } + else if (args[idx] == "--view") + { + message_signature_type = tools::wallet2::sign_with_view_key; + } + else if (args[idx] == "--both") + { + message_signature_type = tools::wallet2::sign_with_both_keys; + } + else + { + fail_msg_writer() << tr("Invalid subaddress index format, and not a signature type: ") << args[idx]; return true; } - index.major = a; - index.minor = b; } const std::string &filename = args.back(); @@ -9917,7 +9933,7 @@ bool simple_wallet::sign(const std::vector &args) SCOPED_WALLET_UNLOCK(); - std::string signature = m_wallet->sign(data, index); + std::string signature = m_wallet->sign(data, message_signature_type, index); success_msg_writer() << signature; return true; } @@ -9948,14 +9964,14 @@ bool simple_wallet::verify(const std::vector &args) return true; } - r = m_wallet->verify(data, info.address, signature); - if (!r) + tools::wallet2::message_signature_result_t result = m_wallet->verify(data, info.address, signature); + if (!result.valid) { fail_msg_writer() << tr("Bad signature from ") << address_string; } else { - success_msg_writer() << tr("Good signature from ") << address_string; + success_msg_writer() << tr("Good signature from ") << address_string << (result.old ? " (using old signature algorithm)" : "") << " with " << (result.type == tools::wallet2::sign_with_spend_key ? "spend key" : result.type == tools::wallet2::sign_with_view_key ? "view key" : result.type == tools::wallet2::sign_with_both_keys ? "both spend and view keys" : "unknown key combination (suspicious)"); } return true; } diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp index e00f9d2e9..152a7dcd7 100644 --- a/src/wallet/api/wallet.cpp +++ b/src/wallet/api/wallet.cpp @@ -1998,7 +1998,7 @@ bool WalletImpl::checkReserveProof(const std::string &address, const std::string std::string WalletImpl::signMessage(const std::string &message) { - return m_wallet->sign(message); + return m_wallet->sign(message, tools::wallet2::sign_with_spend_key); } bool WalletImpl::verifySignedMessage(const std::string &message, const std::string &address, const std::string &signature) const @@ -2008,7 +2008,7 @@ bool WalletImpl::verifySignedMessage(const std::string &message, const std::stri if (!cryptonote::get_account_address_from_str(info, m_wallet->nettype(), address)) return false; - return m_wallet->verify(message, info.address, signature); + return m_wallet->verify(message, info.address, signature).valid; } std::string WalletImpl::signMultisigParticipant(const std::string &message) const diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 31aaaddea..653b4da12 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -12207,51 +12207,114 @@ void wallet2::set_account_tag_description(const std::string& tag, const std::str m_account_tags.first[tag] = description; } -std::string wallet2::sign(const std::string &data, cryptonote::subaddress_index index) const -{ +static crypto::hash get_message_hash(const std::string &data) +{ + KECCAK_CTX ctx; + keccak_init(&ctx); + keccak_update(&ctx, (const uint8_t*)config::HASH_KEY_MESSAGE_SIGNING, sizeof(config::HASH_KEY_MESSAGE_SIGNING)); // includes NUL + char len_buf[(sizeof(size_t) * 8 + 6) / 7]; + char *ptr = len_buf; + tools::write_varint(ptr, data.size()); + CHECK_AND_ASSERT_THROW_MES(ptr > len_buf && ptr <= len_buf + sizeof(len_buf), "Length overflow"); + keccak_update(&ctx, (const uint8_t*)len_buf, ptr - len_buf); + keccak_update(&ctx, (const uint8_t*)data.data(), data.size()); crypto::hash hash; - crypto::cn_fast_hash(data.data(), data.size(), hash); + keccak_finish(&ctx, (uint8_t*)&hash); + return hash; +} + +std::string wallet2::sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index) const +{ + const crypto::hash hash = get_message_hash(data); const cryptonote::account_keys &keys = m_account.get_keys(); crypto::signature signature; - crypto::secret_key skey; + crypto::secret_key skey, m; crypto::public_key pkey; if (index.is_zero()) { - skey = keys.m_spend_secret_key; - pkey = keys.m_account_address.m_spend_public_key; + switch (signature_type) + { + case sign_with_spend_key: + skey = keys.m_spend_secret_key; + pkey = keys.m_account_address.m_spend_public_key; + break; + case sign_with_view_key: + skey = keys.m_view_secret_key; + pkey = keys.m_account_address.m_view_public_key; + break; +#if 0 + case sign_with_both_keys: +#endif + default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested"); + } } else { - skey = keys.m_spend_secret_key; - crypto::secret_key m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); - sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey); + switch (signature_type) + { + case sign_with_spend_key: + skey = keys.m_spend_secret_key; + m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); + sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey); + break; + case sign_with_view_key: + skey = keys.m_spend_secret_key; + m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); + sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey); + sc_mul((unsigned char*)&skey, (unsigned char*)&keys.m_view_secret_key, (unsigned char*)&skey); + break; +#if 0 + case sign_with_both_keys: skey = ...; break; +#endif + default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested"); + } secret_key_to_public_key(skey, pkey); } crypto::generate_signature(hash, pkey, skey, signature); - return std::string("SigV1") + tools::base58::encode(std::string((const char *)&signature, sizeof(signature))); + return std::string("SigV2") + tools::base58::encode(std::string((const char *)&signature, sizeof(signature))); } -bool wallet2::verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const +tools::wallet2::message_signature_result_t wallet2::verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const { - const size_t header_len = strlen("SigV1"); - if (signature.size() < header_len || signature.substr(0, header_len) != "SigV1") { + static const size_t v1_header_len = strlen("SigV1"); + static const size_t v2_header_len = strlen("SigV2"); + const bool v1 = signature.size() >= v1_header_len && signature.substr(0, v1_header_len) == "SigV1"; + const bool v2 = signature.size() >= v2_header_len && signature.substr(0, v2_header_len) == "SigV2"; + if (!v1 && !v2) + { LOG_PRINT_L0("Signature header check error"); - return false; + return {}; } crypto::hash hash; - crypto::cn_fast_hash(data.data(), data.size(), hash); + if (v1) + { + crypto::cn_fast_hash(data.data(), data.size(), hash); + } + else + { + hash = get_message_hash(data); + } std::string decoded; - if (!tools::base58::decode(signature.substr(header_len), decoded)) { + if (!tools::base58::decode(signature.substr(v1 ? v1_header_len : v2_header_len), decoded)) { LOG_PRINT_L0("Signature decoding error"); - return false; + return {}; } crypto::signature s; if (sizeof(s) != decoded.size()) { LOG_PRINT_L0("Signature decoding error"); - return false; + return {}; } memcpy(&s, decoded.data(), sizeof(s)); - return crypto::check_signature(hash, address.m_spend_public_key, s); + if (crypto::check_signature(hash, address.m_spend_public_key, s)) + return {true, v1 ? 1u : 2u, !v2, sign_with_spend_key }; + if (crypto::check_signature(hash, address.m_view_public_key, s)) + return {true, v1 ? 1u : 2u, !v2, sign_with_view_key }; +#if 0 + rct::key both = ...; + if (crypto::check_signature(hash, rct::rct2pk(both), s)) + return {true, v1 ? 1u : 2u, !v2, sign_with_both_keys }; +#endif + return {}; } std::string wallet2::sign_multisig_participant(const std::string& data) const diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 117e4e2f2..7a142d016 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -1341,8 +1341,10 @@ private: */ void set_account_tag_description(const std::string& tag, const std::string& description); - std::string sign(const std::string &data, cryptonote::subaddress_index index = {0, 0}) const; - bool verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const; + enum message_signature_type_t { sign_with_spend_key, sign_with_view_key, sign_with_both_keys }; + std::string sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index = {0, 0}) const; + struct message_signature_result_t { bool valid; unsigned version; bool old; message_signature_type_t type; }; + message_signature_result_t verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const; /*! * \brief sign_multisig_participant signs given message with the multisig public signer key diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 0ed749cb7..ae5b692df 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -2007,7 +2007,20 @@ namespace tools return false; } - res.signature = m_wallet->sign(req.data, {req.account_index, req.address_index}); + tools::wallet2::message_signature_type_t signature_type = tools::wallet2::sign_with_spend_key; + if (req.signature_type == "spend" || req.signature_type == "") + signature_type = tools::wallet2::sign_with_spend_key; + else if (req.signature_type == "view") + signature_type = tools::wallet2::sign_with_view_key; + else if (req.signature_type == "both") + signature_type = tools::wallet2::sign_with_both_keys; + else + { + er.code = WALLET_RPC_ERROR_CODE_INVALID_SIGNATURE_TYPE; + er.message = "Invalid signature type requested"; + return false; + } + res.signature = m_wallet->sign(req.data, signature_type, {req.account_index, req.address_index}); return true; } //------------------------------------------------------------------------------------------------------------------------------ @@ -2042,7 +2055,17 @@ namespace tools return false; } - res.good = m_wallet->verify(req.data, info.address, req.signature); + const auto result = m_wallet->verify(req.data, info.address, req.signature); + res.good = result.valid; + res.version = result.version; + res.old = result.old; + switch (result.type) + { + case tools::wallet2::sign_with_spend_key: res.signature_type = "spend"; break; + case tools::wallet2::sign_with_view_key: res.signature_type = "view"; break; + case tools::wallet2::sign_with_both_keys: res.signature_type = "both"; break; + default: res.signature_type = "invalid"; break; + } return true; } //------------------------------------------------------------------------------------------------------------------------------ diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h index 5b2536bf1..73904bae8 100644 --- a/src/wallet/wallet_rpc_server_commands_defs.h +++ b/src/wallet/wallet_rpc_server_commands_defs.h @@ -1618,11 +1618,13 @@ namespace wallet_rpc std::string data; uint32_t account_index; uint32_t address_index; + std::string signature_type; BEGIN_KV_SERIALIZE_MAP() KV_SERIALIZE(data) KV_SERIALIZE_OPT(account_index, 0u) KV_SERIALIZE_OPT(address_index, 0u) + KV_SERIALIZE(signature_type) END_KV_SERIALIZE_MAP() }; typedef epee::misc_utils::struct_init request; @@ -1657,9 +1659,15 @@ namespace wallet_rpc struct response_t { bool good; + unsigned version; + bool old; + std::string signature_type; BEGIN_KV_SERIALIZE_MAP() KV_SERIALIZE(good); + KV_SERIALIZE(version); + KV_SERIALIZE(old); + KV_SERIALIZE(signature_type); END_KV_SERIALIZE_MAP() }; typedef epee::misc_utils::struct_init response; diff --git a/src/wallet/wallet_rpc_server_error_codes.h b/src/wallet/wallet_rpc_server_error_codes.h index 9b455af6a..f7c5bb0e1 100644 --- a/src/wallet/wallet_rpc_server_error_codes.h +++ b/src/wallet/wallet_rpc_server_error_codes.h @@ -76,3 +76,4 @@ #define WALLET_RPC_ERROR_CODE_NON_DETERMINISTIC -43 #define WALLET_RPC_ERROR_CODE_INVALID_LOG_LEVEL -44 #define WALLET_RPC_ERROR_CODE_ATTRIBUTE_NOT_FOUND -45 +#define WALLET_RPC_ERROR_CODE_INVALID_SIGNATURE_TYPE -47 diff --git a/tests/functional_tests/sign_message.py b/tests/functional_tests/sign_message.py index 7ce2f2c18..73c714450 100755 --- a/tests/functional_tests/sign_message.py +++ b/tests/functional_tests/sign_message.py @@ -43,8 +43,10 @@ from framework.wallet import Wallet class MessageSigningTest(): def run_test(self): self.create() - self.check_signing(False) - self.check_signing(True) + self.check_signing(False, False) + self.check_signing(False, True) + self.check_signing(True, False) + self.check_signing(True, True) def create(self): print('Creating wallets') @@ -66,8 +68,8 @@ class MessageSigningTest(): assert res.address == self.address[i] assert res.seed == seeds[i] - def check_signing(self, subaddress): - print('Signing/verifing messages with ' + ('subaddress' if subaddress else 'standard address')) + def check_signing(self, subaddress, spend_key): + print('Signing/verifing messages with ' + ('subaddress' if subaddress else 'standard address') + ' ' + ('spend key' if spend_key else 'view key')) messages = ['foo', ''] if subaddress: address = [] @@ -84,11 +86,14 @@ class MessageSigningTest(): account_index = 0 address_index = 0 for message in messages: - res = self.wallet[0].sign(message, account_index = account_index, address_index = address_index) + res = self.wallet[0].sign(message, account_index = account_index, address_index = address_index, signature_type = 'spend' if spend_key else 'view') signature = res.signature for i in range(2): res = self.wallet[i].verify(message, address[0], signature) assert res.good + assert not res.old + assert res.version == 2 + assert res.signature_type == 'spend' if spend_key else 'view' res = self.wallet[i].verify('different', address[0], signature) assert not res.good res = self.wallet[i].verify(message, address[1], signature) diff --git a/tests/fuzz/signature.cpp b/tests/fuzz/signature.cpp index 2a3e65c25..c587ff6cd 100644 --- a/tests/fuzz/signature.cpp +++ b/tests/fuzz/signature.cpp @@ -59,6 +59,6 @@ BEGIN_INIT_SIMPLE_FUZZER() END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() - bool valid = wallet->verify("test", address, std::string((const char*)buf, len)); - std::cout << "Signature " << (valid ? "valid" : "invalid") << std::endl; + tools::wallet2::message_signature_result_t result = wallet->verify("test", address, s); + std::cout << "Signature " << (result.valid ? "valid" : "invalid") << std::endl; END_SIMPLE_FUZZER() diff --git a/utils/python-rpc/framework/wallet.py b/utils/python-rpc/framework/wallet.py index ac9ba2d3a..d97c24143 100644 --- a/utils/python-rpc/framework/wallet.py +++ b/utils/python-rpc/framework/wallet.py @@ -706,13 +706,14 @@ class Wallet(object): } return self.rpc.send_json_rpc_request(check_reserve_proof) - def sign(self, data, account_index = 0, address_index = 0): + def sign(self, data, account_index = 0, address_index = 0, signature_type = ""): sign = { 'method': 'sign', 'params' : { 'data': data, 'account_index': account_index, 'address_index': address_index, + 'signature_type': signature_type, }, 'jsonrpc': '2.0', 'id': '0' From fa06c39d9731b90dfd58ecd6cdfd3c936ee139a7 Mon Sep 17 00:00:00 2001 From: Sarang Noether <32460187+SarangNoether@users.noreply.github.com> Date: Fri, 28 Aug 2020 19:38:00 -0400 Subject: [PATCH 2/2] Bind signature to full address and signing mode --- src/cryptonote_config.h | 2 +- src/device/device.hpp | 1 - src/device/device_default.cpp | 6 -- src/device/device_default.hpp | 1 - src/device/device_ledger.cpp | 6 -- src/device/device_ledger.hpp | 1 - src/simplewallet/simplewallet.cpp | 8 +-- src/wallet/wallet2.cpp | 64 ++++++++++++-------- src/wallet/wallet2.h | 2 +- src/wallet/wallet_rpc_server.cpp | 3 - src/wallet/wallet_rpc_server_commands_defs.h | 2 +- tests/functional_tests/sign_message.py | 2 + 12 files changed, 47 insertions(+), 51 deletions(-) diff --git a/src/cryptonote_config.h b/src/cryptonote_config.h index 99d998824..f50ab6a40 100644 --- a/src/cryptonote_config.h +++ b/src/cryptonote_config.h @@ -230,7 +230,7 @@ namespace config const unsigned char HASH_KEY_CLSAG_ROUND[] = "CLSAG_round"; const unsigned char HASH_KEY_CLSAG_AGG_0[] = "CLSAG_agg_0"; const unsigned char HASH_KEY_CLSAG_AGG_1[] = "CLSAG_agg_1"; - const char HASH_KEY_MESSAGE_SIGNING[] = "MessageSignature"; + const char HASH_KEY_MESSAGE_SIGNING[] = "MoneroMessageSignature"; namespace testnet { diff --git a/src/device/device.hpp b/src/device/device.hpp index a6694ad09..582eb2242 100644 --- a/src/device/device.hpp +++ b/src/device/device.hpp @@ -162,7 +162,6 @@ namespace hw { virtual std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) = 0; virtual cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) = 0; virtual crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) = 0; - virtual crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) = 0; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/device/device_default.cpp b/src/device/device_default.cpp index cb63deb15..145197212 100644 --- a/src/device/device_default.cpp +++ b/src/device/device_default.cpp @@ -207,12 +207,6 @@ namespace hw { return m; } - crypto::secret_key device_default::get_subaddress_view_secret_key(const crypto::secret_key &a, const cryptonote::subaddress_index &index) { - crypto::secret_key skey = get_subaddress_secret_key(a, index); - sc_mul((unsigned char*)skey.data, (const unsigned char*)skey.data, (const unsigned char*)a.data); - return skey; - } - /* ======================================================================= */ /* DERIVATION & KEY */ /* ======================================================================= */ diff --git a/src/device/device_default.hpp b/src/device/device_default.hpp index e49a75b1c..2493bd67d 100644 --- a/src/device/device_default.hpp +++ b/src/device/device_default.hpp @@ -85,7 +85,6 @@ namespace hw { std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) override; cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) override; crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; - crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp index ec5c52e58..4e89f835d 100644 --- a/src/device/device_ledger.cpp +++ b/src/device/device_ledger.cpp @@ -880,12 +880,6 @@ namespace hw { return sub_sec; } - crypto::secret_key device_ledger::get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) { -#warning TODO - MERROR("Not implemented yet"); - return crypto::null_skey; - } - /* ======================================================================= */ /* DERIVATION & KEY */ /* ======================================================================= */ diff --git a/src/device/device_ledger.hpp b/src/device/device_ledger.hpp index f82339f7a..d3ec08288 100644 --- a/src/device/device_ledger.hpp +++ b/src/device/device_ledger.hpp @@ -249,7 +249,6 @@ namespace hw { std::vector get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) override; cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) override; crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; - crypto::secret_key get_subaddress_view_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override; /* ======================================================================= */ /* DERIVATION & KEY */ diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index c974313a0..f37d77933 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -223,7 +223,7 @@ namespace const char* USAGE_GET_TX_NOTE("get_tx_note "); const char* USAGE_GET_DESCRIPTION("get_description"); const char* USAGE_SET_DESCRIPTION("set_description [free text note]"); - const char* USAGE_SIGN("sign [,] [--spend|--view|--both] "); + const char* USAGE_SIGN("sign [,] [--spend|--view] "); const char* USAGE_VERIFY("verify
"); const char* USAGE_EXPORT_KEY_IMAGES("export_key_images [all] "); const char* USAGE_IMPORT_KEY_IMAGES("import_key_images "); @@ -9911,10 +9911,6 @@ bool simple_wallet::sign(const std::vector &args) { message_signature_type = tools::wallet2::sign_with_view_key; } - else if (args[idx] == "--both") - { - message_signature_type = tools::wallet2::sign_with_both_keys; - } else { fail_msg_writer() << tr("Invalid subaddress index format, and not a signature type: ") << args[idx]; @@ -9971,7 +9967,7 @@ bool simple_wallet::verify(const std::vector &args) } else { - success_msg_writer() << tr("Good signature from ") << address_string << (result.old ? " (using old signature algorithm)" : "") << " with " << (result.type == tools::wallet2::sign_with_spend_key ? "spend key" : result.type == tools::wallet2::sign_with_view_key ? "view key" : result.type == tools::wallet2::sign_with_both_keys ? "both spend and view keys" : "unknown key combination (suspicious)"); + success_msg_writer() << tr("Good signature from ") << address_string << (result.old ? " (using old signature algorithm)" : "") << " with " << (result.type == tools::wallet2::sign_with_spend_key ? "spend key" : result.type == tools::wallet2::sign_with_view_key ? "view key" : "unknown key combination (suspicious)"); } return true; } diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 653b4da12..918b3fd41 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -12207,11 +12207,16 @@ void wallet2::set_account_tag_description(const std::string& tag, const std::str m_account_tags.first[tag] = description; } -static crypto::hash get_message_hash(const std::string &data) +// Set up an address signature message hash +// Hash data: domain separator, spend public key, view public key, mode identifier, payload data +static crypto::hash get_message_hash(const std::string &data, const crypto::public_key &spend_key, const crypto::public_key &view_key, const uint8_t mode) { KECCAK_CTX ctx; keccak_init(&ctx); keccak_update(&ctx, (const uint8_t*)config::HASH_KEY_MESSAGE_SIGNING, sizeof(config::HASH_KEY_MESSAGE_SIGNING)); // includes NUL + keccak_update(&ctx, (const uint8_t*)&spend_key, sizeof(crypto::public_key)); + keccak_update(&ctx, (const uint8_t*)&view_key, sizeof(crypto::public_key)); + keccak_update(&ctx, (const uint8_t*)&mode, sizeof(uint8_t)); char len_buf[(sizeof(size_t) * 8 + 6) / 7]; char *ptr = len_buf; tools::write_varint(ptr, data.size()); @@ -12223,13 +12228,20 @@ static crypto::hash get_message_hash(const std::string &data) return hash; } +// Sign a message with a private key from either the base address or a subaddress +// The signature is also bound to both keys and the signature mode (spend, view) to prevent unintended reuse std::string wallet2::sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index) const { - const crypto::hash hash = get_message_hash(data); const cryptonote::account_keys &keys = m_account.get_keys(); crypto::signature signature; crypto::secret_key skey, m; + crypto::secret_key skey_spend, skey_view; crypto::public_key pkey; + crypto::public_key pkey_spend, pkey_view; // to include both in hash + crypto::hash hash; + uint8_t mode; + + // Use the base address if (index.is_zero()) { switch (signature_type) @@ -12237,38 +12249,42 @@ std::string wallet2::sign(const std::string &data, message_signature_type_t sign case sign_with_spend_key: skey = keys.m_spend_secret_key; pkey = keys.m_account_address.m_spend_public_key; + mode = 0; break; case sign_with_view_key: skey = keys.m_view_secret_key; pkey = keys.m_account_address.m_view_public_key; + mode = 1; break; -#if 0 - case sign_with_both_keys: -#endif default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested"); } + hash = get_message_hash(data,keys.m_account_address.m_spend_public_key,keys.m_account_address.m_view_public_key,mode); } + // Use a subaddress else { + skey_spend = keys.m_spend_secret_key; + m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); + sc_add((unsigned char*)&skey_spend, (unsigned char*)&m, (unsigned char*)&skey_spend); + secret_key_to_public_key(skey_spend,pkey_spend); + sc_mul((unsigned char*)&skey_view, (unsigned char*)&keys.m_view_secret_key, (unsigned char*)&skey_spend); + secret_key_to_public_key(skey_view,pkey_view); switch (signature_type) { case sign_with_spend_key: - skey = keys.m_spend_secret_key; - m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); - sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey); + skey = skey_spend; + pkey = pkey_spend; + mode = 0; break; case sign_with_view_key: - skey = keys.m_spend_secret_key; - m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index); - sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey); - sc_mul((unsigned char*)&skey, (unsigned char*)&keys.m_view_secret_key, (unsigned char*)&skey); + skey = skey_view; + pkey = pkey_view; + mode = 1; break; -#if 0 - case sign_with_both_keys: skey = ...; break; -#endif default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested"); } secret_key_to_public_key(skey, pkey); + hash = get_message_hash(data,pkey_spend,pkey_view,mode); } crypto::generate_signature(hash, pkey, skey, signature); return std::string("SigV2") + tools::base58::encode(std::string((const char *)&signature, sizeof(signature))); @@ -12290,10 +12306,6 @@ tools::wallet2::message_signature_result_t wallet2::verify(const std::string &da { crypto::cn_fast_hash(data.data(), data.size(), hash); } - else - { - hash = get_message_hash(data); - } std::string decoded; if (!tools::base58::decode(signature.substr(v1 ? v1_header_len : v2_header_len), decoded)) { LOG_PRINT_L0("Signature decoding error"); @@ -12305,15 +12317,19 @@ tools::wallet2::message_signature_result_t wallet2::verify(const std::string &da return {}; } memcpy(&s, decoded.data(), sizeof(s)); + + // Test each mode and return which mode, if either, succeeded + if (v2) + hash = get_message_hash(data,address.m_spend_public_key,address.m_view_public_key,(uint8_t) 0); if (crypto::check_signature(hash, address.m_spend_public_key, s)) return {true, v1 ? 1u : 2u, !v2, sign_with_spend_key }; + + if (v2) + hash = get_message_hash(data,address.m_spend_public_key,address.m_view_public_key,(uint8_t) 1); if (crypto::check_signature(hash, address.m_view_public_key, s)) return {true, v1 ? 1u : 2u, !v2, sign_with_view_key }; -#if 0 - rct::key both = ...; - if (crypto::check_signature(hash, rct::rct2pk(both), s)) - return {true, v1 ? 1u : 2u, !v2, sign_with_both_keys }; -#endif + + // Both modes failed return {}; } diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 7a142d016..62ed111f1 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -1341,7 +1341,7 @@ private: */ void set_account_tag_description(const std::string& tag, const std::string& description); - enum message_signature_type_t { sign_with_spend_key, sign_with_view_key, sign_with_both_keys }; + enum message_signature_type_t { sign_with_spend_key, sign_with_view_key }; std::string sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index = {0, 0}) const; struct message_signature_result_t { bool valid; unsigned version; bool old; message_signature_type_t type; }; message_signature_result_t verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const; diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index ae5b692df..03db8b70f 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -2012,8 +2012,6 @@ namespace tools signature_type = tools::wallet2::sign_with_spend_key; else if (req.signature_type == "view") signature_type = tools::wallet2::sign_with_view_key; - else if (req.signature_type == "both") - signature_type = tools::wallet2::sign_with_both_keys; else { er.code = WALLET_RPC_ERROR_CODE_INVALID_SIGNATURE_TYPE; @@ -2063,7 +2061,6 @@ namespace tools { case tools::wallet2::sign_with_spend_key: res.signature_type = "spend"; break; case tools::wallet2::sign_with_view_key: res.signature_type = "view"; break; - case tools::wallet2::sign_with_both_keys: res.signature_type = "both"; break; default: res.signature_type = "invalid"; break; } return true; diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h index 73904bae8..81f83fb18 100644 --- a/src/wallet/wallet_rpc_server_commands_defs.h +++ b/src/wallet/wallet_rpc_server_commands_defs.h @@ -47,7 +47,7 @@ // advance which version they will stop working with // Don't go over 32767 for any of these #define WALLET_RPC_VERSION_MAJOR 1 -#define WALLET_RPC_VERSION_MINOR 19 +#define WALLET_RPC_VERSION_MINOR 20 #define MAKE_WALLET_RPC_VERSION(major,minor) (((major)<<16)|(minor)) #define WALLET_RPC_VERSION MAKE_WALLET_RPC_VERSION(WALLET_RPC_VERSION_MAJOR, WALLET_RPC_VERSION_MINOR) namespace tools diff --git a/tests/functional_tests/sign_message.py b/tests/functional_tests/sign_message.py index 73c714450..dbb7cfd6d 100755 --- a/tests/functional_tests/sign_message.py +++ b/tests/functional_tests/sign_message.py @@ -100,6 +100,8 @@ class MessageSigningTest(): assert not res.good res = self.wallet[i].verify(message, address[0], signature + 'x') assert not res.good + res = self.wallet[i].verify(message, address[0], signature.replace('SigV2','SigV1')) + assert not res.good if __name__ == '__main__': MessageSigningTest().run_test()