Commit 01690ecf authored by Éloïs's avatar Éloïs
Browse files

[enh] keyring: use duniteroxyde to sign and verify

parent 40c1c56d
......@@ -4,8 +4,6 @@ node_modules/
npm-debug.log
bin/jpgp*.jar
.idea/
naclb/build
naclb/node_modules
gui/nw
# Vim swap files
......
......@@ -4,8 +4,6 @@ node_modules/
npm-debug.log
bin/jpgp*.jar
.idea/
naclb/build
naclb/node_modules
gui/nw
# Vim swap files
......
# CHANGELOG
## v1.8.0 (XX XXXX 2019)
### Highlights
- Migration to Nodejs v10
### Code
- [enh] migrate `naclb` to rust implementation `dup-crypto-rs`
- [enh] migrate `wotb` to rust implementation `dubp-wot`
- #1373: Support for Nodejs v10
- #1372: `scryptb` removal
- [enh] Upgrade TypeScript to 3.4.3
......@@ -13,14 +19,17 @@
- [enh] StatsDAL => replaced by LevelDB indexes
### BMA
- [enh] Document `network/ws2p/heads`
- [fix] In case of wrong network configuration, Duniter could crash on startup
- [fix] `/branches` should not throw if current block does not exist
### CI
- Add dockerisation in Duniter CI
- Add g1 and gt control hash has changed to add `replayable_on`
Thanks @c-geek, @Moul, @vtexier
Thanks @c-geek, @librelois, @Moul, @vtexier
## v1.7.21: (12th Fev 2020)
- #1394: Former member back in the WoT with only 4 certifiers
......
......@@ -62,7 +62,7 @@ If you wish to participate/debate on Duniter, you can:
Duniter is using modules on different git repositories:
- [WotB](https://git.duniter.org/libs/dubp-wot): compute Web of Trust.
- [Duniteroxyde](https://git.duniter.org/nodes/typescript/duniteroxyde): Neon binding for rust DUBP libs.
- [Debug](https://github.com/duniter/duniter-debug): debug tool.
- [Web admin](https://git.duniter.org/nodes/typescript/modules/duniter-ui): web administration interface (optional).
- [GVA](https://git.duniter.org/nodes/typescript/modules/gva-api): Future client API aimed to replace BMA. GVA stands for GraphQL Validation API.
......
......@@ -13,6 +13,8 @@
"use strict";
const G1 = "g1"
const GT = "g1-test"
const CURRENCY = "[a-zA-Z0-9-_ ]{2,50}"
const BASE58 = "[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+"
const PUBKEY = "[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{43,44}"
......@@ -86,6 +88,9 @@ export const duniterDocument2str = (type:DuniterDocument) => {
export const CommonConstants = {
G1,
GT,
FORMATS: {
CURRENCY,
PUBKEY,
......
......@@ -11,14 +11,7 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
import {Base58decode, Base58encode} from "./base58"
import {decodeBase64, decodeUTF8, encodeBase64} from "./nacl-util"
const nacl = require('tweetnacl');
const seedrandom = require('seedrandom');
const naclBinding = require('naclb');
const crypto_sign_BYTES = 64;
import {KeyPairBuilder, generateRandomSeed, seedToSecretKey} from "duniteroxyde"
export class Key {
......@@ -39,10 +32,6 @@ export class Key {
return this.sec
}
private rawSec() {
return Base58decode(this.secretKey)
}
json() {
return {
pub: this.publicKey,
......@@ -50,78 +39,22 @@ export class Key {
}
}
signBuggy(msg:string) {
return Promise.resolve(this.signSyncBuggy(msg))
}
signSyncBuggy(msg:string) {
const m = decodeUTF8(msg);
const signedMsg = naclBinding.sign(m, this.rawSec());
const sig = new Uint8Array(crypto_sign_BYTES);
for (let i = 0; i < sig.length; i++) {
sig[i] = signedMsg[i];
}
return encodeBase64(sig)
};
sign(msg:string) {
return Promise.resolve(this.signSync(msg))
}
signSync(msg:string) {
const m = decodeUTF8(msg);
const signedMsg = nacl.sign(m, this.rawSec());
const sig = new Uint8Array(crypto_sign_BYTES);
for (let i = 0; i < sig.length; i++) {
sig[i] = signedMsg[i];
}
return encodeBase64(sig)
const signator = KeyPairBuilder.fromSecretKey(this.secretKey);
return signator.sign(msg);
};
}
export function randomKey() {
const byteseed = new Uint8Array(32)
for (let i = 0; i < 32; i++) {
byteseed[i] = Math.floor(seedrandom()() * 255) + 1
}
const keypair = nacl.sign.keyPair.fromSeed(byteseed)
const seed = generateRandomSeed();
const secretKey = seedToSecretKey(seed);
const keypair = KeyPairBuilder.fromSecretKey(secretKey);
return new Key(
Base58encode(new Buffer(keypair.publicKey)),
Base58encode(new Buffer(keypair.secretKey))
keypair.getPublicKey(),
secretKey,
)
}
export function KeyGen(pub:string, sec:string) {
return new Key(pub, sec)
}
/**
* Verify a signature against data & public key.
* Return true of false as callback argument.
*/
export function verifyBuggy(rawMsg:string, rawSig:string, rawPub:string) {
const msg = decodeUTF8(rawMsg);
const sig = decodeBase64(rawSig);
const pub = Base58decode(rawPub);
const m = new Uint8Array(crypto_sign_BYTES + msg.length);
const sm = new Uint8Array(crypto_sign_BYTES + msg.length);
let i;
for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];
for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];
// Call to verification lib...
return naclBinding.verify(m, sm, pub);
}
/**
* Verify a signature against data & public key.
* Return true of false as callback argument.
*/
export function verify(rawMsg:string, rawSig:string, rawPub:string) {
const msg = decodeUTF8(rawMsg);
const sig = decodeBase64(rawSig);
const pub = Base58decode(rawPub);
// Call to verification lib...
return nacl.sign.detached.verify(msg, sig, pub);
}
......@@ -13,7 +13,7 @@
import {hashf} from "../common"
import {Cloneable} from "./Cloneable"
import {verify, verifyBuggy} from "../common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
export interface BaseDTO {
base: number
......@@ -248,7 +248,8 @@ export class TransactionDTO implements Cloneable {
if (dubp_version >= 12) {
sigResult.sigs[i].ok = verify(raw, sig, pub)
} else {
sigResult.sigs[i].ok = verifyBuggy(raw, sig, pub)
// TODO ESZ list all invalid transactions
sigResult.sigs[i].ok = verify(raw, sig, pub)
}
matching = sigResult.sigs[i].ok
i++
......
......@@ -18,7 +18,7 @@ import {RevocationDTO} from "./dto/RevocationDTO"
import {CertificationDTO} from "./dto/CertificationDTO"
import {TransactionDTO} from "./dto/TransactionDTO"
import {DBHead} from "./db/DBHead"
import {verifyBuggy} from "./common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {rawer, txunlock} from "./common-libs/index"
import {CommonConstants} from "./common-libs/constants"
import {MembershipDTO} from "./dto/MembershipDTO"
......@@ -2086,7 +2086,7 @@ async function sigCheckRevoke(entry: MindexEntry, dal: FileDAL, currency: string
sig: idty.sig,
revocation: ''
});
let sigOK = verifyBuggy(rawRevocation, sig, pubkey);
let sigOK = verify(rawRevocation, sig, pubkey);
if (!sigOK) {
throw Error("Revocation signature must match");
}
......@@ -2141,7 +2141,7 @@ async function checkCertificationIsValid (block: BlockDTO, cert: CindexEntry, fi
buid: buid,
sig: ''
})
const verified = verifyBuggy(raw, cert.sig, cert.issuer);
const verified = verify(raw, cert.sig, cert.issuer);
if (!verified) {
throw constants.ERRORS.WRONG_SIGNATURE_FOR_CERT
}
......
......@@ -16,7 +16,7 @@ import {FileDAL} from "../dal/fileDAL"
import {DBBlock} from "../db/DBBlock"
import {TransactionDTO, TxSignatureResult} from "../dto/TransactionDTO"
import {BlockDTO} from "../dto/BlockDTO"
import {verifyBuggy} from "../common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {rawer, txunlock} from "../common-libs/index"
import {CommonConstants} from "../common-libs/constants"
import {IdentityDTO} from "../dto/IdentityDTO"
......@@ -322,7 +322,7 @@ async function checkCertificationShouldBeValid (block:{ number:number, currency:
buid: buid,
sig: ''
})
const verified = verifyBuggy(raw, cert.sig, cert.from);
const verified = verify(raw, cert.sig, cert.from);
if (!verified) {
throw constants.ERRORS.WRONG_SIGNATURE_FOR_CERT
}
......
......@@ -16,7 +16,7 @@ import {ConfDTO} from "../dto/ConfDTO"
import {CindexEntry, IndexEntry, Indexer, MindexEntry, SindexEntry} from "../indexer"
import {BaseDTO, TransactionDTO} from "../dto/TransactionDTO"
import {DBBlock} from "../db/DBBlock"
import {verify, verifyBuggy} from "../common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {hashf} from "../common"
import {CommonConstants} from "../common-libs/constants"
import {IdentityDTO} from "../dto/IdentityDTO"
......@@ -27,6 +27,10 @@ import {FileDAL} from "../dal/fileDAL"
const constants = CommonConstants
const maxAcceleration = require('./helpers').maxAcceleration
const INVALID_G1_BLOCKS = new Set([15144, 31202, 85448, 87566, 90830, 109327, 189835, 199172, 221274, 253582]);
const INVALID_GT_BLOCKS = new Set([24316, 62067, 62551, 93288, 173118, 183706, 196196, 246027, 247211, 263207,
307038, 328741, 335914, 377316, 395714, 396024, 407913, 422366, 496751]);
export const LOCAL_RULES_FUNCTIONS = {
checkParameters: async (block:BlockDTO) => {
......@@ -88,12 +92,28 @@ export const LOCAL_RULES_FUNCTIONS = {
checkBlockSignature: async (block:BlockDTO) => {
// Historically, Duniter used a buggy version of TweetNaCl (see #1390)
// Starting with the v12 blocks, Duniter uses a fixed version of TweetNaCl.
if (block.version >= 12 && !verify(block.getSignedPart(), block.signature, block.issuer)) {
throw Error('Block\'s signature must match');
} else if (!verifyBuggy(block.getSignedPart(), block.signature, block.issuer)) {
throw Error('Block\'s signature must match');
// Starting with the v12 blocks, Duniter uses a fixed version of TweetNaCl.
if (!verify(block.getSignedPart(), block.signature, block.issuer)) {
if (block.version >= 12) {
throw Error('Block\'s signature must match');
}
// If DUBP < v12, block may have invalid signature
else if (block.currency === constants.G1) {
if (!INVALID_G1_BLOCKS.has(block.number)) {
throw Error('Block\'s signature must match');
}
}
else if (block.currency === constants.GT) {
if (!INVALID_GT_BLOCKS.has(block.number)) {
throw Error('Block\'s signature must match');
}
}
// Unknown currencies must have valid signature
else {
throw Error('Block\'s signature must match');
}
}
return true;
},
......@@ -113,7 +133,7 @@ export const LOCAL_RULES_FUNCTIONS = {
while (!wrongSig && i < block.identities.length) {
const idty = IdentityDTO.fromInline(block.identities[i]);
idty.currency = block.currency;
wrongSig = !verifyBuggy(idty.rawWithoutSig(), idty.sig, idty.pubkey);
wrongSig = !verify(idty.rawWithoutSig(), idty.sig, idty.pubkey);
if (wrongSig) {
throw Error('Identity\'s signature must match');
}
......@@ -444,7 +464,7 @@ function getTransactionDepth(txHash:string, sindex:SindexShortEntry[], localDept
}
function checkSingleMembershipSignature(ms:any) {
return verifyBuggy(ms.getRaw(), ms.signature, ms.issuer);
return verify(ms.getRaw(), ms.signature, ms.issuer);
}
function checkBunchOfTransactions(transactions:TransactionDTO[], conf:ConfDTO, medianTime: number, options?:{ dontCareAboutChaining?:boolean }){
......
......@@ -12,7 +12,7 @@
// GNU Affero General Public License for more details.
import {Contacter} from "./contacter"
import {verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {rawer} from "../../../lib/common-libs/index"
import {HttpRequirements} from "../../bma/lib/dtos"
......@@ -80,7 +80,7 @@ export const req2fwd = async (requirements: HttpRequirements, toHost:string, toP
buid: received.blockstamp
});
try {
const chkSig = verifyBuggy(rawCertNoSig, received.sig, received.from)
const chkSig = verify(rawCertNoSig, received.sig, received.from)
if (!chkSig) {
throw "Wrong signature for certification?!"
}
......
......@@ -35,7 +35,7 @@ import {WS2PRequester} from "../../../ws2p/lib/WS2PRequester"
import {WS2PMessageHandler} from "../../../ws2p/lib/impl/WS2PMessageHandler"
import {WS2PResponse} from "../../../ws2p/lib/impl/WS2PResponse"
import {DataErrors} from "../../../../lib/common-libs/errors"
import {KeyGen} from "../../../../lib/common-libs/crypto/keyring"
import {Key} from "../../../../lib/common-libs/crypto/keyring"
import {WS2PRemoteContacter} from "./WS2PRemoteContacter"
import {Keypair} from "../../../../lib/dto/ConfDTO"
......@@ -141,7 +141,7 @@ export class RemoteSynchronizer extends AbstractSynchronizer {
// If BMA is unreachable and the connection is not marked as strict BMA, let's try WS2P
if (!api && access.isBMA !== true) {
const pair = KeyGen(keypair.pub, keypair.sec)
const pair = new Key(keypair.pub, keypair.sec)
const connection = WS2PConnection.newConnectionToAddress(1,
`ws://${host}:${port}${path && ' ' + path || ''}`,
new (class SyncMessageHandler implements WS2PMessageHandler {
......
......@@ -19,7 +19,7 @@ import {GLOBAL_RULES_HELPERS} from "../../../lib/rules/global_rules"
import {LOCAL_RULES_HELPERS} from "../../../lib/rules/local_rules"
import {Indexer} from "../../../lib/indexer"
import {DBBlock} from "../../../lib/db/DBBlock"
import {verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {rawer} from "../../../lib/common-libs/index"
import {hashf} from "../../../lib/common"
import {CommonConstants} from "../../../lib/common-libs/constants"
......@@ -380,7 +380,7 @@ export class BlockGenerator {
const idty = IdentityDTO.fromJSONObject(identity);
idty.currency = this.conf.currency;
const createIdentity = idty.rawWithoutSig();
const verified = verifyBuggy(createIdentity, idty.sig, idty.pubkey);
const verified = verify(createIdentity, idty.sig, idty.pubkey);
if (!verified) {
throw constants.ERRORS.IDENTITY_WRONGLY_SIGNED;
}
......@@ -761,7 +761,7 @@ class NextBlockGenerator implements BlockGeneratorInterface {
idty_sig: targetIdty.sig,
buid: current ? [cert.block_number, targetBlock.hash].join('-') : CommonConstants.SPECIAL_BLOCK,
}).getRawUnSigned();
if (verifyBuggy(rawCert, certSig, cert.from)) {
if (verify(rawCert, certSig, cert.from)) {
cert.sig = certSig;
let exists = false;
if (current) {
......
......@@ -17,7 +17,7 @@ import {hashf} from "../../../lib/common"
import {DBBlock} from "../../../lib/db/DBBlock"
import {ConfDTO} from "../../../lib/dto/ConfDTO"
import {ProverConstants} from "./constants"
import {KeyGen, verify, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {Ed25519Signator, KeyPairBuilder} from "duniteroxyde"
import {dos2unix} from "../../../lib/common-libs/dos2unix"
import {rawer} from "../../../lib/common-libs/index"
import {ProcessCpuProfiler} from "../../../ProcessCpuProfiler"
......@@ -37,7 +37,6 @@ export function createPowWorker() {
let prefix = 0;
let sigFuncSaved: (msg:string) => string;
let verifyFuncSaved: (msg:string, sig:string) => boolean;
let lastSecret:any, lastVersion: number, currentCPU:number = 1;
process.on('uncaughtException', (err:any) => {
......@@ -119,27 +118,13 @@ export function createPowWorker() {
const highMark = stuff.highMark;
// Define sigFunc
// Use Buggy version for performance reasons
const signator = KeyPairBuilder.fromSecretKey(pair.sec);
let sigFunc = null;
if (sigFuncSaved && lastSecret === pair.sec) {
sigFunc = sigFuncSaved;
} else {
lastSecret = pair.sec;
sigFunc = (msg:string) => KeyGen(pair.pub, pair.sec).signSyncBuggy(msg)
}
// Define verifyFunc
let verifyFunc = null;
if (verifyFuncSaved && lastSecret === pair.sec && lastVersion === block.version) {
verifyFunc = verifyFuncSaved;
} else {
lastSecret = pair.sec;
lastVersion = block.version;
if (block.version >= 12) {
verifyFunc = (msg:string, sig:string) => verify(msg, sig, pair.pub)
} else {
verifyFunc = (msg:string, sig:string) => verifyBuggy(msg, sig, pair.pub)
}
sigFunc = (msg:string) => signator.sign(msg)
}
/*****************
......@@ -212,12 +197,6 @@ export function createPowWorker() {
}
if (charOK) {
found = !!(pow[nbZeros].match(new RegExp('[0-' + highMark + ']')))
if (found) {
let sigOk = verifyFunc(raw, sig);
if (!sigOk) {
found = false;
}
}
}
if (!found && nbZeros > 0 && j - 1 >= ProverConstants.POW_MINIMAL_TO_SHOW) {
pSend({ pow: { pow: pow, block: block, nbZeros: nbZeros }});
......
......@@ -24,7 +24,8 @@ import {WS2PConstants} from "./constants"
import {PeerDTO, WS2PEndpoint} from '../../../lib/dto/PeerDTO';
import {GlobalFifoPromise} from "../../../service/GlobalFifoPromise"
import {OtherConstants} from "../../../lib/other_constants"
import {Key, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {Key} from "../../../lib/common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {WS2PServerMessageHandler} from "./interface/WS2PServerMessageHandler"
import {WS2PMessageHandler} from "./impl/WS2PMessageHandler"
import {CommonConstants} from '../../../lib/common-libs/constants';
......@@ -208,8 +209,8 @@ export class WS2PCluster {
) {
const head:WS2PHead = { message: h.message, sig: h.sig, messageV2: h.messageV2, sigV2: h.sigV2, step: h.step }
const sigOK = verifyBuggy(head.message, head.sig, pub)
const sigV2OK = (head.messageV2 !== undefined && head.sigV2 !== undefined) ? verifyBuggy(head.messageV2, head.sigV2, pub):false
const sigOK = verify(head.message, head.sig, pub)
const sigV2OK = (head.messageV2 !== undefined && head.sigV2 !== undefined) ? verify(head.messageV2, head.sigV2, pub):false
if ((sigV2OK && sigOK) || sigOK) {
// Already known or more recent or closer ?
const step = (this.headsCache[fullId]) ? this.headsCache[fullId].step || 0:0
......@@ -605,9 +606,9 @@ export class WS2PCluster {
const prefix = this.server.conf.prefix || ProverConstants.DEFAULT_PEER_ID
const { freeMemberRoom , freeMirorRoom } = await this.countFreeRooms()
const message = `${api}:HEAD:1:${key.publicKey}:${number}-${hash}:${ws2pId}:${software}:${softVersion}:${prefix}`
const sig = key.signSyncBuggy(message)
const sig = key.signSync(message)
const messageV2 = `${api}:HEAD:2:${key.publicKey}:${number}-${hash}:${ws2pId}:${software}:${softVersion}:${prefix}:${freeMemberRoom}:${freeMirorRoom}`
const sigV2 = key.signSyncBuggy(messageV2)
const sigV2 = key.signSync(messageV2)
const myHead:WS2PHead = {
message,
......
......@@ -11,7 +11,8 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
import {Key, verifyBuggy} from "../../../lib/common-libs/crypto/keyring"
import {Key} from "../../../lib/common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {WS2PMessageHandler} from "./impl/WS2PMessageHandler"
import {BlockDTO} from "../../../lib/dto/BlockDTO"
import {IdentityDTO} from "../../../lib/dto/IdentityDTO"
......@@ -129,7 +130,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
async sendACK(ws: any): Promise<void> {
const challengeMessage = `WS2P:ACK:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendACK >>> ' + challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
const sig = this.pair.signSync(challengeMessage)
await ws.send(JSON.stringify({
auth: 'ACK',
pub: this.pair.pub,
......@@ -153,7 +154,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
this.givenCurrency.resolve(this.currency)
const challengeMessage = (ws2pVersion > 1) ? `WS2P:${type}:${this.currency}:${pub}:${ws2pId}:${challenge}`:`WS2P:${type}:${this.currency}:${pub}:${challenge}`
Logger.log('registerCONNECT >>> ' + challengeMessage)
const verified = verifyBuggy(challengeMessage, sig, pub)
const verified = verify(challengeMessage, sig, pub)
if (verified) {
this.remoteVersion = ws2pVersion
this.challenge = challenge
......@@ -166,7 +167,7 @@ export class WS2PPubkeyRemoteAuth implements WS2PRemoteAuth {
async registerOK(sig: string): Promise<boolean> {
const challengeMessage = `WS2P:OK:${this.currency}:${this.remotePub}:${this.challenge}`
Logger.log('registerOK >>> ' + challengeMessage)
this.authenticatedByRemote = verifyBuggy(challengeMessage, sig, this.remotePub)
this.authenticatedByRemote = verify(challengeMessage, sig, this.remotePub)
if (!this.authenticatedByRemote) {
this.serverAuthReject("Wrong signature from remote OK")
} else {
......@@ -215,7 +216,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
if (ws2pVersion > 1) {
const challengeMessage = `WS2P:${ws2pVersion}:${connectWord}:${this.currency}:${this.pair.pub}:${this.ws2pId}:${this.challenge}`
Logger.log('sendCONNECT >>> ' + challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
const sig = this.pair.signSync(challengeMessage)
await ws.send(JSON.stringify({
auth: `${connectWord}`,
version: ws2pVersion,
......@@ -229,7 +230,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
} else if (ws2pVersion == 1) {
const challengeMessage = `WS2P:${connectWord}:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendCONNECT >>> ' + challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
const sig = this.pair.signSync(challengeMessage)
await ws.send(JSON.stringify({
auth: `${connectWord}`,
pub: this.pair.pub,
......@@ -248,7 +249,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
}
const challengeMessage = `WS2P:ACK:${this.currency}:${pub}:${this.challenge}`
Logger.log('registerACK >>> ' + challengeMessage)
this.authenticated = verifyBuggy(challengeMessage, sig, pub)
this.authenticated = verify(challengeMessage, sig, pub)
if (!this.authenticated) {
this.serverAuthReject("Wrong signature from server ACK")
} else {
......@@ -260,7 +261,7 @@ export class WS2PPubkeyLocalAuth implements WS2PLocalAuth {
async sendOK(ws:any): Promise<void> {
const challengeMessage = `WS2P:OK:${this.currency}:${this.pair.pub}:${this.challenge}`
Logger.log('sendOK >>> ' + challengeMessage)
const sig = this.pair.signSyncBuggy(challengeMessage)
const sig = this.pair.signSync(challengeMessage)
await ws.send(JSON.stringify({
auth: 'OK',
sig
......
......@@ -21,7 +21,7 @@ import {RevocationDTO} from "../lib/dto/RevocationDTO"
import {BasicIdentity, IdentityDTO} from "../lib/dto/IdentityDTO"
import {CertificationDTO} from "../lib/dto/CertificationDTO"
import {DBCert} from "../lib/dal/sqliteDAL/CertDAL"
import {verifyBuggy} from "../lib/common-libs/crypto/keyring"
import {verify} from "duniteroxyde"
import {FIFOService} from "./FIFOService"
import {MindexEntry} from "../lib/indexer"
import {DataErrors} from "../lib/common-libs/errors"
......@@ -121,7 +121,7 @@ export class IdentityService extends FIFOService {
this.logger.info('⬇ IDTY %s %s', idty.pubkey, idty.uid);
try {
// Check signature's validity
let verified = verifyBuggy(createIdentity, idty.sig, idty.pubkey);
let verified = verify(createIdentity, idty.sig, idty.pubkey);
if (!verified) {
throw constants.ERRORS.SIGNATURE_DOES_NOT_MATCH;
}
......@@ -271,7 +271,7 @@ export class IdentityService extends FIFOService {
return this.pushFIFO<RevocationDTO>(hash, async () => {
try {
this.logger.info('⬇ REVOCATION %s %s', revoc.pubkey, revoc.idty_uid);
let verified = verifyBuggy(raw, revoc.revocation, revoc.pubkey);
let verified = verify(raw, revoc.revocation, revoc.pubkey);
if (!verified) {
throw 'Wrong signature for revocation';
}
......