Commit c095370f authored by Cédric Moreau's avatar Cédric Moreau
Browse files

Merge branch '1390-tweetnacl' into '1.7'

Resolve "Duniter uses a buggy version of TweetNaCl"

See merge request nodes/typescript/duniter!1283
parents 24bd5270 cca43e4e
......@@ -20,7 +20,7 @@ const SIGNATURE = "[A-Za-z0-9+\\/=]{87,88}"
const USER_ID = "[A-Za-z0-9_-]{2,100}"
const INTEGER = "(0|[1-9]\\d{0,18})"
const FINGERPRINT = "[A-F0-9]{64}"
const BLOCK_VERSION = "(10|11)"
const BLOCK_VERSION = "(10|11|12)"
const TX_VERSION = "(10)"
const DIVIDEND = "[1-9][0-9]{0,5}"
const ZERO_OR_POSITIVE_INT = "0|[1-9][0-9]{0,18}"
......@@ -101,8 +101,10 @@ export const CommonConstants = {
SIGNATURE
},
BLOCK_GENERATED_VERSION: 10,
BLOCK_NEW_GENERATED_VERSION: 11, // Put it to 11 when ready
// Version of genesis block
BLOCK_GENESIS_VERSION: 10,
// Highest supported version of DUBP protocol (= next version of the protocol)
DUBP_NEXT_VERSION: 12,
LAST_VERSION_FOR_TX: 10,
TRANSACTION_VERSION: 10,
DOCUMENTS_VERSION: 10,
......
......@@ -50,13 +50,27 @@ export class Key {
}
}
signBuggy(msg:string) {
return Promise.resolve(this.signSyncBuggy(msg))
}
signSyncBuggy(msg:string) {
const m = decodeUTF8(msg);
const signedMsg = naclBinding.sign(m, this.rawSec());
const sig = new Uint8Array(crypto_sign_BYTES);
for (let i = 0; i < sig.length; i++) {
sig[i] = signedMsg[i];
}
return encodeBase64(sig)
};
sign(msg:string) {
return Promise.resolve(this.signSync(msg))
}
signSync(msg:string) {
const m = decodeUTF8(msg);
const signedMsg = naclBinding.sign(m, this.rawSec());
const signedMsg = nacl.sign(m, this.rawSec());
const sig = new Uint8Array(crypto_sign_BYTES);
for (let i = 0; i < sig.length; i++) {
sig[i] = signedMsg[i];
......@@ -85,7 +99,7 @@ export function KeyGen(pub:string, sec:string) {
* Verify a signature against data & public key.
* Return true of false as callback argument.
*/
export function verify(rawMsg:string, rawSig:string, rawPub:string) {
export function verifyBuggy(rawMsg:string, rawSig:string, rawPub:string) {
const msg = decodeUTF8(rawMsg);
const sig = decodeBase64(rawSig);
const pub = Base58decode(rawPub);
......@@ -98,3 +112,16 @@ export function verify(rawMsg:string, rawSig:string, rawPub:string) {
// Call to verification lib...
return naclBinding.verify(m, sm, pub);
}
/**
* Verify a signature against data & public key.
* Return true of false as callback argument.
*/
export function verify(rawMsg:string, rawSig:string, rawPub:string) {
const msg = decodeUTF8(rawMsg);
const sig = decodeBase64(rawSig);
const pub = Base58decode(rawPub);
// Call to verification lib...
return nacl.sign.detached.verify(msg, sig, pub);
}
......@@ -53,7 +53,7 @@ export class BlockchainContext {
// But if no HEAD_1 exist, we must initialize a block with default values
if (!this.vHEAD_1) {
block = {
version: constants.BLOCK_GENERATED_VERSION,
version: constants.BLOCK_GENESIS_VERSION,
time: Math.round(Date.now() / 1000),
powMin: this.conf.powMin || 0,
powZeros: 0,
......
......@@ -99,7 +99,7 @@ module.exports = {
PUBLIC_KEY: exact(PUBKEY),
DOCUMENTS_VERSION: CommonConstants.DOCUMENTS_VERSION,
BLOCK_GENERATED_VERSION: CommonConstants.BLOCK_GENERATED_VERSION,
BLOCK_GENESIS_VERSION: CommonConstants.BLOCK_GENESIS_VERSION,
LAST_VERSION_FOR_TX: 10,
TRANSACTION_VERSION: CommonConstants.TRANSACTION_VERSION,
......
......@@ -13,7 +13,7 @@
import {hashf} from "../common"
import {Cloneable} from "./Cloneable"
import {verify} from "../common-libs/crypto/keyring"
import {verify, verifyBuggy} from "../common-libs/crypto/keyring"
export interface BaseDTO {
base: number
......@@ -237,7 +237,7 @@ export class TransactionDTO implements Cloneable {
}
}
getTransactionSigResult() {
getTransactionSigResult(dubp_version: number) {
const sigResult = new TxSignatureResultImpl(this.issuers.slice())
let i = 0
const raw = this.getRawTxNoSig()
......@@ -245,14 +245,19 @@ export class TransactionDTO implements Cloneable {
while (matching && i < this.signatures.length) {
const sig = this.signatures[i]
const pub = this.issuers[i]
sigResult.sigs[i].ok = matching = verify(raw, sig, pub)
if (dubp_version >= 12) {
sigResult.sigs[i].ok = verify(raw, sig, pub)
} else {
sigResult.sigs[i].ok = verifyBuggy(raw, sig, pub)
}
matching = sigResult.sigs[i].ok
i++
}
return sigResult
}
checkSignatures() {
return this.getTransactionSigResult().allMatching
checkSignatures(dubp_version: number) {
return this.getTransactionSigResult(dubp_version).allMatching
}
static fromJSONObject(obj:any, currency:string = "") {
......
......@@ -18,7 +18,7 @@ import {RevocationDTO} from "./dto/RevocationDTO"
import {CertificationDTO} from "./dto/CertificationDTO"
import {TransactionDTO} from "./dto/TransactionDTO"
import {DBHead} from "./db/DBHead"
import {verify} from "./common-libs/crypto/keyring"
import {verifyBuggy} from "./common-libs/crypto/keyring"
import {rawer, txunlock} from "./common-libs/index"
import {CommonConstants} from "./common-libs/constants"
import {MembershipDTO} from "./dto/MembershipDTO"
......@@ -2089,7 +2089,7 @@ async function sigCheckRevoke(entry: MindexEntry, dal: FileDAL, currency: string
sig: idty.sig,
revocation: ''
});
let sigOK = verify(rawRevocation, sig, pubkey);
let sigOK = verifyBuggy(rawRevocation, sig, pubkey);
if (!sigOK) {
throw Error("Revocation signature must match");
}
......@@ -2144,7 +2144,7 @@ async function checkCertificationIsValid (block: BlockDTO, cert: CindexEntry, fi
buid: buid,
sig: ''
})
const verified = verify(raw, cert.sig, cert.issuer);
const verified = verifyBuggy(raw, cert.sig, cert.issuer);
if (!verified) {
throw constants.ERRORS.WRONG_SIGNATURE_FOR_CERT
}
......@@ -2160,7 +2160,7 @@ function txSourceUnlock(ENTRY:SindexEntry, source:{ conditions: string, written_
const tx = ENTRY.txObj;
const unlockParams:string[] = TransactionDTO.unlock2params(ENTRY.unlock || '')
const unlocksMetadata:UnlockMetadata = {}
const sigResult = TransactionDTO.fromJSONObject(tx).getTransactionSigResult()
const sigResult = TransactionDTO.fromJSONObject(tx).getTransactionSigResult(HEAD.version)
if (!source.conditions) {
return false // Unlock fail
}
......
......@@ -16,7 +16,7 @@ import {FileDAL} from "../dal/fileDAL"
import {DBBlock} from "../db/DBBlock"
import {TransactionDTO, TxSignatureResult} from "../dto/TransactionDTO"
import {BlockDTO} from "../dto/BlockDTO"
import {verify} from "../common-libs/crypto/keyring"
import {verifyBuggy} from "../common-libs/crypto/keyring"
import {rawer, txunlock} from "../common-libs/index"
import {CommonConstants} from "../common-libs/constants"
import {IdentityDTO} from "../dto/IdentityDTO"
......@@ -94,7 +94,7 @@ export const GLOBAL_RULES_FUNCTIONS = {
return true;
},
checkSourcesAvailability: async (block:{ transactions:TransactionDTO[], medianTime: number }, conf:ConfDTO, dal:FileDAL, findSourceTx:(txHash:string) => Promise<DBTx|null>) => {
checkSourcesAvailability: async (block:{ version: number, transactions:TransactionDTO[], medianTime: number }, conf:ConfDTO, dal:FileDAL, findSourceTx:(txHash:string) => Promise<DBTx|null>) => {
const txs = block.transactions
const current = await dal.getCurrentBlockOrNull();
for (const tx of txs) {
......@@ -150,7 +150,7 @@ export const GLOBAL_RULES_FUNCTIONS = {
unlocksMetadata.elapsedTime = block.medianTime - dbSrc.written_time;
}
const sigs = tx.getTransactionSigResult()
const sigs = tx.getTransactionSigResult(block.version)
try {
if (!txunlock(dbSrc.conditions, unlocksForCondition, sigs, unlocksMetadata)) {
......@@ -213,13 +213,18 @@ export const GLOBAL_RULES_HELPERS = {
checkSingleTransaction: (
tx:TransactionDTO,
block:{ medianTime: number },
dubp_version: number,
medianTime: number,
conf:ConfDTO,
dal:FileDAL,
findSourceTx:(txHash:string) => Promise<DBTx|null>) => GLOBAL_RULES_FUNCTIONS.checkSourcesAvailability({
transactions: [tx],
medianTime: block.medianTime
}, conf, dal, findSourceTx),
findSourceTx:(txHash:string) => Promise<DBTx|null>) => GLOBAL_RULES_FUNCTIONS.checkSourcesAvailability(
{
version: dubp_version,
transactions: [tx],
medianTime: medianTime
},
conf, dal, findSourceTx
),
checkTxBlockStamp: async (tx:TransactionDTO, dal:FileDAL) => {
const number = parseInt(tx.blockstamp.split('-')[0])
......@@ -317,7 +322,7 @@ async function checkCertificationShouldBeValid (block:{ number:number, currency:
buid: buid,
sig: ''
})
const verified = verify(raw, cert.sig, cert.from);
const verified = verifyBuggy(raw, cert.sig, cert.from);
if (!verified) {
throw constants.ERRORS.WRONG_SIGNATURE_FOR_CERT
}
......
......@@ -16,7 +16,7 @@ import {ConfDTO} from "../dto/ConfDTO"
import {CindexEntry, IndexEntry, Indexer, MindexEntry, SindexEntry} from "../indexer"
import {BaseDTO, TransactionDTO} from "../dto/TransactionDTO"
import {DBBlock} from "../db/DBBlock"
import {verify} from "../common-libs/crypto/keyring"
import {verify, verifyBuggy} from "../common-libs/crypto/keyring"
import {hashf} from "../common"
import {CommonConstants} from "../common-libs/constants"
import {IdentityDTO} from "../dto/IdentityDTO"
......@@ -87,8 +87,13 @@ export const LOCAL_RULES_FUNCTIONS = {
},
checkBlockSignature: async (block:BlockDTO) => {
if (!verify(block.getSignedPart(), block.signature, block.issuer))
// Historically, Duniter used a buggy version of TweetNaCl (see #1390)
// Starting with the v12 blocks, Duniter uses a fixed version of TweetNaCl.
if (block.version >= 12 && !verify(block.getSignedPart(), block.signature, block.issuer)) {
throw Error('Block\'s signature must match');
} else if (!verifyBuggy(block.getSignedPart(), block.signature, block.issuer)) {
throw Error('Block\'s signature must match');
}
return true;
},
......@@ -108,7 +113,7 @@ export const LOCAL_RULES_FUNCTIONS = {
while (!wrongSig && i < block.identities.length) {
const idty = IdentityDTO.fromInline(block.identities[i]);
idty.currency = block.currency;
wrongSig = !verify(idty.rawWithoutSig(), idty.sig, idty.pubkey);
wrongSig = !verifyBuggy(idty.rawWithoutSig(), idty.sig, idty.pubkey);
if (wrongSig) {
throw Error('Identity\'s signature must match');
}
......@@ -385,7 +390,7 @@ export const LOCAL_RULES_FUNCTIONS = {
const txs = block.transactions
// Check rule against each transaction
for (const tx of txs) {
if (!tx.checkSignatures()) {
if (!tx.checkSignatures(block.version)) {
throw Error('Signature from a transaction must match')
}
}
......@@ -439,7 +444,7 @@ function getTransactionDepth(txHash:string, sindex:SindexShortEntry[], localDept
}
function checkSingleMembershipSignature(ms:any) {
return verify(ms.getRaw(), ms.signature, ms.issuer);
return verifyBuggy(ms.getRaw(), ms.signature, ms.issuer);
}
function checkBunchOfTransactions(transactions:TransactionDTO[], conf:ConfDTO, medianTime: number, options?:{ dontCareAboutChaining?:boolean }){
......@@ -529,7 +534,7 @@ export const LOCAL_RULES_HELPERS = {
return !current
// 1. We use legacy version
? constants.BLOCK_GENERATED_VERSION : (async () => {
? constants.BLOCK_GENESIS_VERSION : (async () => {
// 2. If we can, we go to the next version
const blocksInFrame = (await dal.getBlocksBetween(current.number - current.issuersFrame + 1, current.number))
......@@ -539,8 +544,9 @@ export const LOCAL_RULES_HELPERS = {
const nbNoncesWithNextVersionCode = lastNonceOfEachIssuer.filter(nonce => nonce.substr(-11, 3) === '999').length
// More than 70% of the computing network converted? Let's go to next version.
if (Math.floor(nbNoncesWithNextVersionCode / uniqIssuersInFrame.length) > 0.6) {
return constants.BLOCK_NEW_GENERATED_VERSION
let propIssuersReadyToJump = nbNoncesWithNextVersionCode / uniqIssuersInFrame.length;
if (propIssuersReadyToJump > 0.7) {
return constants.DUBP_NEXT_VERSION
}
// Otherwise, we stay on same version
......
......@@ -12,7 +12,7 @@
// GNU Affero General Public License for more details.
import {Contacter} from "./contacter"
import {verify} from "../../../lib/common-libs/crypto/keyring"
import {verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {rawer} from "../../../lib/common-libs/index"
import {HttpRequirements} from "../../bma/lib/dtos"
......@@ -80,7 +80,7 @@ export const req2fwd = async (requirements: HttpRequirements, toHost:string, toP
buid: received.blockstamp
});
try {
const chkSig = verify(rawCertNoSig, received.sig, received.from)
const chkSig = verifyBuggy(rawCertNoSig, received.sig, received.from)
if (!chkSig) {
throw "Wrong signature for certification?!"
}
......
......@@ -19,7 +19,7 @@ import {GLOBAL_RULES_HELPERS} from "../../../lib/rules/global_rules"
import {LOCAL_RULES_HELPERS} from "../../../lib/rules/local_rules"
import {Indexer} from "../../../lib/indexer"
import {DBBlock} from "../../../lib/db/DBBlock"
import {verify} from "../../../lib/common-libs/crypto/keyring"
import {verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {rawer} from "../../../lib/common-libs/index"
import {hashf} from "../../../lib/common"
import {CommonConstants} from "../../../lib/common-libs/constants"
......@@ -144,8 +144,8 @@ export class BlockGenerator {
const tx = TransactionDTO.fromJSONObject(obj);
try {
await LOCAL_RULES_HELPERS.checkBunchOfTransactions(passingTxs.concat(tx), this.conf, medianTime, options)
const nextBlockWithFakeTimeVariation = { medianTime: current.medianTime + 1 };
await GLOBAL_RULES_HELPERS.checkSingleTransaction(tx, nextBlockWithFakeTimeVariation, this.conf, this.dal, async (txHash:string) => {
const fakeTimeVariation = current.medianTime + 1;
await GLOBAL_RULES_HELPERS.checkSingleTransaction(tx, current.version, fakeTimeVariation, this.conf, this.dal, async (txHash:string) => {
return Underscore.findWhere(passingTxs, { hash: txHash }) || null
});
await GLOBAL_RULES_HELPERS.checkTxBlockStamp(tx, this.dal);
......@@ -380,7 +380,7 @@ export class BlockGenerator {
const idty = IdentityDTO.fromJSONObject(identity);
idty.currency = this.conf.currency;
const createIdentity = idty.rawWithoutSig();
const verified = verify(createIdentity, idty.sig, idty.pubkey);
const verified = verifyBuggy(createIdentity, idty.sig, idty.pubkey);
if (!verified) {
throw constants.ERRORS.IDENTITY_WRONGLY_SIGNED;
}
......@@ -761,7 +761,7 @@ class NextBlockGenerator implements BlockGeneratorInterface {
idty_sig: targetIdty.sig,
buid: current ? [cert.block_number, targetBlock.hash].join('-') : CommonConstants.SPECIAL_BLOCK,
}).getRawUnSigned();
if (verify(rawCert, certSig, cert.from)) {
if (verifyBuggy(rawCert, certSig, cert.from)) {
cert.sig = certSig;
let exists = false;
if (current) {
......
......@@ -163,7 +163,7 @@ export class BlockProver {
const remainder = difficulty % 16;
const nbZeros = (difficulty - remainder) / 16;
const highMark = CommonConstants.PROOF_OF_WORK.UPPER_BOUND[remainder];
const notifyVersionJumpReady = block.version === 10 && CommonConstants.BLOCK_NEW_GENERATED_VERSION === 11
const notifyVersionJumpReady: boolean = (block.version + 1) === CommonConstants.DUBP_NEXT_VERSION;
return (async () => {
......
......@@ -17,7 +17,7 @@ import {hashf} from "../../../lib/common"
import {DBBlock} from "../../../lib/db/DBBlock"
import {ConfDTO} from "../../../lib/dto/ConfDTO"
import {ProverConstants} from "./constants"
import {KeyGen} from "../../../lib/common-libs/crypto/keyring"
import {KeyGen, verify, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {dos2unix} from "../../../lib/common-libs/dos2unix"
import {rawer} from "../../../lib/common-libs/index"
import {ProcessCpuProfiler} from "../../../ProcessCpuProfiler"
......@@ -36,7 +36,9 @@ export function createPowWorker() {
// By default, we do not prefix the PoW by any number
let prefix = 0;
let signatureFunc:any, lastSecret:any, currentCPU = 1;
let sigFuncSaved: (msg:string) => string;
let verifyFuncSaved: (msg:string, sig:string) => boolean;
let lastSecret:any, lastVersion: number, currentCPU:number = 1;
process.on('uncaughtException', (err:any) => {
console.error(err.stack || Error(err))
......@@ -115,21 +117,36 @@ export function createPowWorker() {
prefix *= 100 * ProverConstants.NONCE_RANGE
}
const highMark = stuff.highMark;
// Define sigFunc
// Use Buggy version for performance reasons
let sigFunc = null;
if (signatureFunc && lastSecret === pair.sec) {
sigFunc = signatureFunc;
}
else {
if (sigFuncSaved && lastSecret === pair.sec) {
sigFunc = sigFuncSaved;
} else {
lastSecret = pair.sec;
sigFunc = (msg:string) => KeyGen(pair.pub, pair.sec).signSync(msg)
sigFunc = (msg:string) => KeyGen(pair.pub, pair.sec).signSyncBuggy(msg)
}
signatureFunc = sigFunc;
let pow = "", sig = "", raw = "";
// Define verifyFunc
let verifyFunc = null;
if (verifyFuncSaved && lastSecret === pair.sec && lastVersion === block.version) {
verifyFunc = verifyFuncSaved;
} else {
lastSecret = pair.sec;
lastVersion = block.version;
if (block.version >= 12) {
verifyFunc = (msg:string, sig:string) => verify(msg, sig, pair.pub)
} else {
verifyFunc = (msg:string, sig:string) => verifyBuggy(msg, sig, pair.pub)
}
}
/*****************
* GO!
****************/
let pow = "", sig = "", raw = "";
let pausePeriod = 1;
let testsCount = 0;
let found = false;
......@@ -195,6 +212,12 @@ export function createPowWorker() {
}
if (charOK) {
found = !!(pow[nbZeros].match(new RegExp('[0-' + highMark + ']')))
if (found) {
let sigOk = verifyFunc(raw, sig);
if (!sigOk) {
found = false;
}
}
}
if (!found && nbZeros > 0 && j - 1 >= ProverConstants.POW_MINIMAL_TO_SHOW) {
pSend({ pow: { pow: pow, block: block, nbZeros: nbZeros }});
......
......@@ -24,7 +24,7 @@ import {WS2PConstants} from "./constants"
import {PeerDTO, WS2PEndpoint} from '../../../lib/dto/PeerDTO';
import {GlobalFifoPromise} from "../../../service/GlobalFifoPromise"
import {OtherConstants} from "../../../lib/other_constants"
import {Key, verify} from "../../../lib/common-libs/crypto/keyring"
import {Key, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {WS2PServerMessageHandler} from "./interface/WS2PServerMessageHandler"
import {WS2PMessageHandler} from "./impl/WS2PMessageHandler"
import {CommonConstants} from '../../../lib/common-libs/constants';
......@@ -208,8 +208,8 @@ export class WS2PCluster {
) {
const head:WS2PHead = { message: h.message, sig: h.sig, messageV2: h.messageV2, sigV2: h.sigV2, step: h.step }
const sigOK = verify(head.message, head.sig, pub)
const sigV2OK = (head.messageV2 !== undefined && head.sigV2 !== undefined) ? verify(head.messageV2, head.sigV2, pub):false
const sigOK = verifyBuggy(head.message, head.sig, pub)
const sigV2OK = (head.messageV2 !== undefined && head.sigV2 !== undefined) ? verifyBuggy(head.messageV2, head.sigV2, pub):false
if ((sigV2OK && sigOK) || sigOK) {
// Already known or more recent or closer ?
const step = (this.headsCache[fullId]) ? this.headsCache[fullId].step || 0:0
......@@ -605,9 +605,9 @@ export class WS2PCluster {
const prefix = this.server.conf.prefix || ProverConstants.DEFAULT_PEER_ID
const { freeMemberRoom , freeMirorRoom } = await this.countFreeRooms()
const message = `${api}:HEAD:1:${key.publicKey}:${number}-${hash}:${ws2pId}:${software}:${softVersion}:${prefix}`
const sig = key.signSync(message)
const sig = key.signSyncBuggy(message)
const messageV2 = `${api}:HEAD:2:${key.publicKey}:${number}-${hash}:${ws2pId}:${software}:${softVersion}:${prefix}:${freeMemberRoom}:${freeMirorRoom}`
const sigV2 = key.signSync(messageV2)
const sigV2 = key.signSyncBuggy(messageV2)
const myHead:WS2PHead = {
message,
......
......@@ -11,7 +11,7 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
import {Key, verify} from "../../../lib/common-libs/crypto/keyring"
import {Key, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {WS2PMessageHandler} from "./impl/WS2PMessageHandler"
import {BlockDTO} from "../../../lib/dto/BlockDTO"
import {IdentityDTO} from "../../../lib/dto/IdentityDTO"
......@@ -129,7 +129,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
async sendACK(ws: any): Promise<void> {
const challengeMessage = `WS2P:ACK:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendACK >>> ' + challengeMessage)
const sig = this.pair.signSync(challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
await ws.send(JSON.stringify({
auth: 'ACK',
pub: this.pair.pub,
......@@ -153,7 +153,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
this.givenCurrency.resolve(this.currency)
const challengeMessage = (ws2pVersion > 1) ? `WS2P:${type}:${this.currency}:${pub}:${ws2pId}:${challenge}`:`WS2P:${type}:${this.currency}:${pub}:${challenge}`
Logger.log('registerCONNECT >>> ' + challengeMessage)
const verified = verify(challengeMessage, sig, pub)
const verified = verifyBuggy(challengeMessage, sig, pub)
if (verified) {
this.remoteVersion = ws2pVersion
this.challenge = challenge
......@@ -166,7 +166,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
async registerOK(sig: string): Promise<boolean> {
const challengeMessage = `WS2P:OK:${this.currency}:${this.remotePub}:${this.challenge}`
Logger.log('registerOK >>> ' + challengeMessage)
this.authenticatedByRemote = verify(challengeMessage, sig, this.remotePub)
this.authenticatedByRemote = verifyBuggy(challengeMessage, sig, this.remotePub)
if (!this.authenticatedByRemote) {
this.serverAuthReject("Wrong signature from remote OK")
} else {
......@@ -215,7 +215,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
if (ws2pVersion > 1) {
const challengeMessage = `WS2P:${ws2pVersion}:${connectWord}:${this.currency}:${this.pair.pub}:${this.ws2pId}:${this.challenge}`
Logger.log('sendCONNECT >>> ' + challengeMessage)
const sig = this.pair.signSync(challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
await ws.send(JSON.stringify({
auth: `${connectWord}`,
version: ws2pVersion,
......@@ -229,7 +229,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
} else if (ws2pVersion == 1) {
const challengeMessage = `WS2P:${connectWord}:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendCONNECT >>> ' + challengeMessage)
const sig = this.pair.signSync(challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
await ws.send(JSON.stringify({
auth: `${connectWord}`,
pub: this.pair.pub,
......@@ -248,7 +248,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
}
const challengeMessage = `WS2P:ACK:${this.currency}:${pub}:${this.challenge}`
Logger.log('registerACK >>> ' + challengeMessage)
this.authenticated = verify(challengeMessage, sig, pub)
this.authenticated = verifyBuggy(challengeMessage, sig, pub)
if (!this.authenticated) {
this.serverAuthReject("Wrong signature from server ACK")
} else {
......@@ -260,7 +260,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
async sendOK(ws:any): Promise<void> {
const challengeMessage = `WS2P:OK:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendOK >>> ' + challengeMessage)
const sig = this.pair.signSync(challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
await ws.send(JSON.stringify({
auth: 'OK',
sig
......
......@@ -21,7 +21,7 @@ import {RevocationDTO} from "../lib/dto/RevocationDTO"
import {BasicIdentity, IdentityDTO} from "../lib/dto/IdentityDTO"
import {CertificationDTO} from "../lib/dto/CertificationDTO"
import {DBCert} from "../lib/dal/sqliteDAL/CertDAL"
import {verify} from "../lib/common-libs/crypto/keyring"
import {verifyBuggy} from "../lib/common-libs/crypto/keyring"
import {FIFOService} from "./FIFOService"
import {MindexEntry} from "../lib/indexer"
import {DataErrors} from "../lib/common-libs/errors"
......@@ -121,7 +121,7 @@ export class IdentityService extends FIFOService {
this.logger.info('⬇ IDTY %s %s', idty.pubkey, idty.uid);
try {
// Check signature's validity
let verified = verify(createIdentity, idty.sig, idty.pubkey);
let verified = verifyBuggy(createIdentity, idty.sig, idty.pubkey);
if (!verified) {
throw constants.ERRORS.SIGNATURE_DOES_NOT_MATCH;
}
......@@ -149,7 +149,7 @@ export class IdentityService extends FIFOService {
}
toSave.expires_on = basedBlock.medianTime + this.conf.idtyWindow;
}
await GLOBAL_RULES_FUNCTIONS.checkIdentitiesAreWritable({ identities: [idtyObj.inline()], version: (current && current.version) || constants.BLOCK_GENERATED_VERSION }, this.conf, this.dal);
await GLOBAL_RULES_FUNCTIONS.checkIdentitiesAreWritable({ identities: [idtyObj.inline()], version: (current && current.version) || constants.BLOCK_GENESIS_VERSION }, this.conf, this.dal);
if (byAbsorption !== BY_ABSORPTION) {
if (!(await this.dal.idtyDAL.sandbox.acceptNewSandBoxEntry({
certsCount: 0,
......@@ -271,7 +271,7 @@ export class IdentityService extends FIFOService {
return this.pushFIFO<RevocationDTO>(hash, async () => {
try {
this.logger.info('⬇ REVOCATION %s %s', revoc.pubkey, revoc.idty_uid);
let verified = verify(raw, revoc.revocation, revoc.pubkey);
let verified = verifyBuggy(raw, revoc.revocation, revoc.pubkey);
if (!verified) {
throw 'Wrong signature for revocation';
}
......
......@@ -16,7 +16,7 @@ import {FileDAL} from "../lib/dal/fileDAL"
import {DBBlock} from "../lib/db/DBBlock"