From d384860dd7e2b231ee3fea8fe4d5b400c5b0e11e Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Fri, 6 Apr 2012 22:35:12 -0700 Subject: [PATCH 1/9] Support for STI_LEDGERENTRY. --- src/SerializedTypes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SerializedTypes.h b/src/SerializedTypes.h index dc231b49ec..53b1375c68 100644 --- a/src/SerializedTypes.h +++ b/src/SerializedTypes.h @@ -17,7 +17,7 @@ enum SerializedTypeID STI_HASH128=6, STI_HASH160=7, STI_HASH256=8, STI_VL=9, STI_TL=10, // high level types - STI_ACCOUNT=100, STI_TRANSACTION=101 + STI_ACCOUNT=100, STI_TRANSACTION=101, STI_LEDGERENTRY=102 }; class SerializedType From 471c3caf8f0c752359337f0e47ae011adb9108e7 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Fri, 6 Apr 2012 22:35:42 -0700 Subject: [PATCH 2/9] Typo. --- src/SerializedLedger.h | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 src/SerializedLedger.h diff --git a/src/SerializedLedger.h b/src/SerializedLedger.h new file mode 100644 index 0000000000..4bdc7d8d4a --- /dev/null +++ b/src/SerializedLedger.h @@ -0,0 +1,32 @@ +#ifndef __SERIALIZEDLEDGER__ +#define __SERIALIZEDLEDGER__ + +#include "SerializedObject.h" +#include "LedgerFormats.h" + +class SerializedLedger : public STObject +{ +public: + typedef boost::shared_ptr pointer; + +protected: + LedgerEntryType mType; + STUInt16 mVersion; + STObject mObject; + LedgerEntryFormat* mFormat; + +public: + SerializedLedger(SerializerIterator& sit); + SerializedLedger(LedgerEntryType type); + + int getLength() const { return mVersion.getLength() + mObject.getLength(); } + SerializedTypeID getType() const { return STI_LEDGERENTRY; } + SerializedLedger* duplicate() const { return new SerializedLedger(*this); } + std::string getFullText() const; + std::string getText() const; + void add(Serializer& s) const { mVersion.add(s); mObject.add(s); } + + +}; + +#endif From 29659e56f35758e388c02a27e1b3dcb6822b54c3 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Fri, 6 Apr 2012 22:36:24 -0700 Subject: [PATCH 3/9] Stub. --- src/SerializedLedger.cpp | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/SerializedLedger.cpp diff --git a/src/SerializedLedger.cpp b/src/SerializedLedger.cpp new file mode 100644 index 0000000000..3ae422ec79 --- /dev/null +++ b/src/SerializedLedger.cpp @@ -0,0 +1,3 @@ + +#include "SerializedLedger.h" + From e005db76863651cf5c4af9e4a2e5636d1ec9a091 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Fri, 6 Apr 2012 22:39:08 -0700 Subject: [PATCH 4/9] Needed for it to compile on my platform. --- src/Config.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Config.cpp b/src/Config.cpp index df339d23f0..468ffea482 100644 --- a/src/Config.cpp +++ b/src/Config.cpp @@ -2,6 +2,7 @@ #include "ParseSection.h" +#include #include #include From 812445f2050a76824fdd957e31618b31ca7167fe Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Sat, 7 Apr 2012 03:56:40 -0700 Subject: [PATCH 5/9] getFormat -> getTxnFormat --- src/SerializedTransaction.cpp | 4 ++-- src/TransactionFormats.cpp | 2 +- src/TransactionFormats.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/SerializedTransaction.cpp b/src/SerializedTransaction.cpp index b88472d55b..8192a8e71b 100644 --- a/src/SerializedTransaction.cpp +++ b/src/SerializedTransaction.cpp @@ -3,7 +3,7 @@ SerializedTransaction::SerializedTransaction(TransactionType type) { - mFormat=getFormat(type); + mFormat=getTxnFormat(type); if(mFormat==NULL) throw(std::runtime_error("invalid transaction type")); mMiddleTxn.giveObject(new STUInt32("Magic", TransactionMagic)); @@ -33,7 +33,7 @@ SerializedTransaction::SerializedTransaction(SerializerIterator& sit, int length int type=sit.get32(); mMiddleTxn.giveObject(new STUInt32("Type", type)); - mFormat=getFormat(static_cast(type)); + mFormat=getTxnFormat(static_cast(type)); if(!mFormat) throw(std::runtime_error("Transaction has invalid type")); mMiddleTxn.giveObject(new STUInt64("Fee", sit.get64())); diff --git a/src/TransactionFormats.cpp b/src/TransactionFormats.cpp index 455b3a9e46..528a86d3ee 100644 --- a/src/TransactionFormats.cpp +++ b/src/TransactionFormats.cpp @@ -45,7 +45,7 @@ TransactionFormat InnerTxnFormats[]= { NULL, ttINVALID } }; -TransactionFormat* getFormat(TransactionType t) +TransactionFormat* getTxnFormat(TransactionType t) { TransactionFormat* f=InnerTxnFormats; while(f->t_name!=NULL) diff --git a/src/TransactionFormats.h b/src/TransactionFormats.h index 6c68d12c33..08887de169 100644 --- a/src/TransactionFormats.h +++ b/src/TransactionFormats.h @@ -27,5 +27,5 @@ const int TransactionMinLen=32; const int TransactionMaxLen=1048576; extern TransactionFormat InnerTxnFormats[]; -extern TransactionFormat* getFormat(TransactionType t); +extern TransactionFormat* getTxnFormat(TransactionType t); #endif From 2467e668acc591a70449cc55f591b4d92e72a6c9 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Sat, 7 Apr 2012 04:13:22 -0700 Subject: [PATCH 6/9] Cleanup. Minor bugfixes. Better documentation. --- src/ECIES.cpp | 88 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 32 deletions(-) diff --git a/src/ECIES.cpp b/src/ECIES.cpp index d51119aac4..894c0dbb1d 100644 --- a/src/ECIES.cpp +++ b/src/ECIES.cpp @@ -11,17 +11,38 @@ #include "key.h" -#define ECIES_KEY_HASH SHA256 -#define ECIES_KEY_LENGTH (256/8) -#define ECIES_KEY_TYPE uint256 -#define ECIES_ENC_ALGO EVP_aes_256_cbc() -#define ECIES_ENC_KEY_SIZE (256/8) -#define ECIES_ENC_BLK_SIZE (128/8) -#define ECIES_ENC_KEY_TYPE uint256 -#define ECIES_ENC_IV_TYPE uint128 -#define ECIES_HMAC_ALGO EVP_sha256() -#define ECIES_HMAC_SIZE (256/8) -#define ECIES_HMAC_TYPE uint256 +// ECIES uses elliptic curve keys to send an encrypted message. + +// A shared secret is generated from one public key and one private key. +// The same key results regardless of which key is public and which private. + +// Anonymous messages can be sent by generating an ephemeral public/private +// key pair, using that private key with the recipient's public key to +// encrypt and publishing the ephemeral public key. Non-anonymous messages +// can be sent by using your own private key with the recipeint's public key. + +// A random IV is used to encrypt the message and an HMAC is used to ensure +// message integrity. If you need timestamps or need to tell the recipient +// which key to use (his, yours, or ephemeral) you must add that data. +// (Obviously, it can't go in the encrypted portion anyway.) + +// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows: +// 1) IV (unencrypted) +// 2) Encrypted: HMAC of original plaintext +// 3) Encrypted: Original plaintext +// 4) Encrypted: Rest of block/padding + +// Algorithmic choices: +#define ECIES_KEY_HASH SHA256 // Hash used to generate shared secret +#define ECIES_KEY_LENGTH (256/8) // Size of shared secret +#define ECIES_KEY_TYPE uint256 // Type used to hold shared secret +#define ECIES_ENC_ALGO EVP_aes_256_cbc() // Encryption algorithm +#define ECIES_ENC_KEY_SIZE (256/8) // Encryption key size +#define ECIES_ENC_BLK_SIZE (128/8) // Encryption block size +#define ECIES_ENC_IV_TYPE uint128 // Type used to hold IV +#define ECIES_HMAC_ALGO EVP_sha256() // HMAC algorithm +#define ECIES_HMAC_SIZE (256/8) // Size of HMAC +#define ECIES_HMAC_TYPE uint256 // Type used to hold HMAC static void* ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen) { // This function must not be changed as it must be what ECDH_compute_key expects @@ -59,13 +80,7 @@ ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey) return key; } -// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows: -// 1) IV (unencrypted) -// 2) Encrypted: HMAC of original plaintext -// 3) Encrypted: Original plaintext -// 4) Encrypted: Rest of block/padding - -static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector data) +static ECIES_HMAC_TYPE makeHMAC(const ECIES_KEY_TYPE& secret, const std::vector data) { HMAC_CTX ctx; HMAC_CTX_init(&ctx); @@ -82,37 +97,39 @@ static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector hmac(ml); - if(HMAC_Final(&ctx, &(hmac.front()), &ml) != 1) + ECIES_HMAC_TYPE ret; + unsigned int ml = ECIES_HMAC_SIZE; + if(HMAC_Final(&ctx, ret.begin(), &ml) != 1) { HMAC_CTX_cleanup(&ctx); throw std::runtime_error("finalize hmac"); } - - ECIES_HMAC_TYPE ret; - memcpy(ret.begin(), &(hmac.front()), ECIES_HMAC_SIZE); + assert(ml == ECIES_HMAC_SIZE); + HMAC_CTX_cleanup(&ctx); return ret; } std::vector CKey::encryptECIES(CKey& otherKey, const std::vector& plaintext) { - ECIES_KEY_TYPE secret=getECIESSecret(otherKey); - ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext); ECIES_ENC_IV_TYPE iv; if(RAND_bytes(static_cast(iv.begin()), ECIES_ENC_BLK_SIZE) != 1) throw std::runtime_error("insufficient entropy"); + ECIES_KEY_TYPE secret=getECIESSecret(otherKey); + ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext); + EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1) { EVP_CIPHER_CTX_cleanup(&ctx); + secret.zero(); throw std::runtime_error("init cipher ctx"); } + secret.zero(); std::vector out(plaintext.size() + ECIES_HMAC_SIZE + ECIES_ENC_KEY_SIZE + ECIES_ENC_BLK_SIZE, 0); int len=0, bytesWritten; @@ -160,10 +177,9 @@ std::vector CKey::encryptECIES(CKey& otherKey, const std::vector< std::vector CKey::decryptECIES(CKey& otherKey, const std::vector& ciphertext) { - ECIES_KEY_TYPE secret=getECIESSecret(otherKey); // minimum ciphertext = IV + HMAC + 1 block - if(ciphertext.size() < ((2*ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) ) + if(ciphertext.size() < ((2 * ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) ) throw std::runtime_error("ciphertext too short"); // extract IV @@ -173,9 +189,10 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< // begin decrypting EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - + ECIES_KEY_TYPE secret=getECIESSecret(otherKey); if(EVP_DecryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1) { + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to init cipher"); } @@ -184,8 +201,9 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< ECIES_HMAC_TYPE hmac; int outlen=ECIES_HMAC_SIZE; if( (EVP_DecryptUpdate(&ctx, hmac.begin(), &outlen, - &(ciphertext.front()) + ECIES_ENC_BLK_SIZE, ECIES_HMAC_SIZE+1) != 1) || (outlen != ECIES_HMAC_SIZE) ) + &(ciphertext.front()) + ECIES_ENC_BLK_SIZE, ECIES_HMAC_SIZE + 1) != 1) || (outlen != ECIES_HMAC_SIZE) ) { + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to extract hmac"); } @@ -194,26 +212,32 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< std::vector plaintext(ciphertext.size() - ECIES_HMAC_SIZE - ECIES_ENC_BLK_SIZE); outlen=plaintext.size(); if(EVP_DecryptUpdate(&ctx, &(plaintext.front()), &outlen, - &(ciphertext.front())+ECIES_ENC_BLK_SIZE+ECIES_HMAC_SIZE+1, - ciphertext.size()-ECIES_ENC_BLK_SIZE-ECIES_HMAC_SIZE-1) != 1) + &(ciphertext.front()) + ECIES_ENC_BLK_SIZE + ECIES_HMAC_SIZE + 1, + ciphertext.size() - ECIES_ENC_BLK_SIZE - ECIES_HMAC_SIZE - 1) != 1) { + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to extract plaintext"); } + // decrypt padding int flen = 0; if(EVP_DecryptFinal(&ctx, &(plaintext.front()) + outlen, &flen) != 1) { + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("plaintext had bad padding"); } plaintext.resize(flen + outlen); + // verify integrity if(hmac != makeHMAC(secret, plaintext)) { + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("plaintext had bad hmac"); } + secret.zero(); EVP_CIPHER_CTX_cleanup(&ctx); return plaintext; From c029ca84275b73724a069f2d3ef827e1c6f7cab6 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Sat, 7 Apr 2012 05:11:06 -0700 Subject: [PATCH 7/9] Out of extreme paranoia, ensure HMAC key and ENC key are different. --- src/ECIES.cpp | 72 ++++++++++++++++++++++++++++++--------------------- src/key.h | 2 +- 2 files changed, 43 insertions(+), 31 deletions(-) diff --git a/src/ECIES.cpp b/src/ECIES.cpp index 894c0dbb1d..1e24db73a5 100644 --- a/src/ECIES.cpp +++ b/src/ECIES.cpp @@ -19,12 +19,12 @@ // Anonymous messages can be sent by generating an ephemeral public/private // key pair, using that private key with the recipient's public key to // encrypt and publishing the ephemeral public key. Non-anonymous messages -// can be sent by using your own private key with the recipeint's public key. +// can be sent by using your own private key with the recipient's public key. // A random IV is used to encrypt the message and an HMAC is used to ensure // message integrity. If you need timestamps or need to tell the recipient // which key to use (his, yours, or ephemeral) you must add that data. -// (Obviously, it can't go in the encrypted portion anyway.) +// (Obviously, key information can't go in the encrypted portion anyway.) // Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows: // 1) IV (unencrypted) @@ -33,29 +33,21 @@ // 4) Encrypted: Rest of block/padding // Algorithmic choices: -#define ECIES_KEY_HASH SHA256 // Hash used to generate shared secret -#define ECIES_KEY_LENGTH (256/8) // Size of shared secret -#define ECIES_KEY_TYPE uint256 // Type used to hold shared secret +#define ECIES_KEY_HASH SHA512 // Hash used to expand shared secret +#define ECIES_KEY_LENGTH (512/8) // Size of expanded shared secret +#define ECIES_MIN_SEC (128/8) // The minimum equivalent security #define ECIES_ENC_ALGO EVP_aes_256_cbc() // Encryption algorithm +#define ECIES_ENC_KEY_TYPE uint256 // Type used to hold shared secret #define ECIES_ENC_KEY_SIZE (256/8) // Encryption key size #define ECIES_ENC_BLK_SIZE (128/8) // Encryption block size #define ECIES_ENC_IV_TYPE uint128 // Type used to hold IV #define ECIES_HMAC_ALGO EVP_sha256() // HMAC algorithm -#define ECIES_HMAC_SIZE (256/8) // Size of HMAC -#define ECIES_HMAC_TYPE uint256 // Type used to hold HMAC +#define ECIES_HMAC_KEY_TYPE uint256 // Type used to hold HMAC key +#define ECIES_HMAC_KEY_SIZE (256/8) // Size of HMAC key +#define ECIES_HMAC_TYPE uint256 // Type used to hold HMAC value +#define ECIES_HMAC_SIZE (256/8) // Size of HMAC value -static void* ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen) -{ // This function must not be changed as it must be what ECDH_compute_key expects - if (*olen < ECIES_KEY_LENGTH) - { - assert(false); - return NULL; - } - *olen = ECIES_KEY_LENGTH; - return ECIES_KEY_HASH(static_cast(input), ilen, static_cast(output)); -} - -ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey) +void CKey::getECIESSecret(CKey& otherKey, ECIES_ENC_KEY_TYPE& enc_key, ECIES_HMAC_KEY_TYPE& hmac_key) { // Retrieve a secret generated from an EC key pair. At least one private key must be known. if(!pkey || !otherKey.pkey) throw std::runtime_error("missing key"); @@ -73,19 +65,27 @@ ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey) } else throw std::runtime_error("no private key"); - ECIES_KEY_TYPE key; - if (ECDH_compute_key(key.begin(), ECIES_KEY_LENGTH, EC_KEY_get0_public_key(pubkey), - privkey, ecies_key_derivation) != ECIES_KEY_LENGTH) + unsigned char rawbuf[512]; + int buflen=ECDH_compute_key(rawbuf, 512, EC_KEY_get0_public_key(pubkey), privkey, NULL); + if(buflen < ECIES_MIN_SEC) throw std::runtime_error("ecdh key failed"); - return key; + + unsigned char hbuf[ECIES_KEY_LENGTH]; + ECIES_KEY_HASH(rawbuf, buflen, hbuf); + memset(rawbuf, 0, ECIES_HMAC_KEY_SIZE); + + assert((ECIES_ENC_KEY_SIZE + ECIES_HMAC_KEY_SIZE) >= ECIES_KEY_LENGTH); + memcpy(enc_key.begin(), hbuf, ECIES_ENC_KEY_SIZE); + memcpy(hmac_key.begin(), hbuf + ECIES_ENC_KEY_SIZE, ECIES_HMAC_KEY_SIZE); + memset(hbuf, 0, ECIES_KEY_LENGTH); } -static ECIES_HMAC_TYPE makeHMAC(const ECIES_KEY_TYPE& secret, const std::vector data) +static ECIES_HMAC_TYPE makeHMAC(const ECIES_HMAC_KEY_TYPE& secret, const std::vector data) { HMAC_CTX ctx; HMAC_CTX_init(&ctx); - if(HMAC_Init_ex(&ctx, secret.begin(), ECIES_KEY_LENGTH, ECIES_HMAC_ALGO, NULL) != 1) + if(HMAC_Init_ex(&ctx, secret.begin(), ECIES_HMAC_KEY_SIZE, ECIES_HMAC_ALGO, NULL) != 1) { HMAC_CTX_cleanup(&ctx); throw std::runtime_error("init hmac"); @@ -117,8 +117,11 @@ std::vector CKey::encryptECIES(CKey& otherKey, const std::vector< if(RAND_bytes(static_cast(iv.begin()), ECIES_ENC_BLK_SIZE) != 1) throw std::runtime_error("insufficient entropy"); - ECIES_KEY_TYPE secret=getECIESSecret(otherKey); - ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext); + ECIES_ENC_KEY_TYPE secret; + ECIES_HMAC_KEY_TYPE hmacKey; + getECIESSecret(otherKey, secret, hmacKey); + ECIES_HMAC_TYPE hmac=makeHMAC(hmacKey, plaintext); + hmacKey.zero(); EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); @@ -189,10 +192,14 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< // begin decrypting EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - ECIES_KEY_TYPE secret=getECIESSecret(otherKey); + ECIES_ENC_KEY_TYPE secret; + ECIES_HMAC_KEY_TYPE hmacKey; + getECIESSecret(otherKey, secret, hmacKey); + if(EVP_DecryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1) { secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to init cipher"); } @@ -204,6 +211,7 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< &(ciphertext.front()) + ECIES_ENC_BLK_SIZE, ECIES_HMAC_SIZE + 1) != 1) || (outlen != ECIES_HMAC_SIZE) ) { secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to extract hmac"); } @@ -216,6 +224,7 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< ciphertext.size() - ECIES_ENC_BLK_SIZE - ECIES_HMAC_SIZE - 1) != 1) { secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("unable to extract plaintext"); } @@ -225,19 +234,22 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< if(EVP_DecryptFinal(&ctx, &(plaintext.front()) + outlen, &flen) != 1) { secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("plaintext had bad padding"); } plaintext.resize(flen + outlen); // verify integrity - if(hmac != makeHMAC(secret, plaintext)) + if(hmac != makeHMAC(hmacKey, plaintext)) { secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); throw std::runtime_error("plaintext had bad hmac"); } secret.zero(); + hmacKey.zero(); EVP_CIPHER_CTX_cleanup(&ctx); return plaintext; @@ -270,7 +282,7 @@ bool checkECIES(void) std::vector decrypt=recipientPriv.decryptECIES(senderPub, ciphertext); if(decrypt != message) return false; -// std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl; + std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl; } return true; } diff --git a/src/key.h b/src/key.h index 2586cbf919..c563fbfa3f 100644 --- a/src/key.h +++ b/src/key.h @@ -277,7 +277,7 @@ public: // ECIES functions. These throw on failure // returns a 32-byte secret unique to these two keys. At least one private key must be known. - uint256 getECIESSecret(CKey& otherKey); + void getECIESSecret(CKey& otherKey, uint256& enc_key, uint256& hmac_key); // encrypt/decrypt functions with integrity checking. // Note that the other side must somehow know what keys to use From 65f2546f05a8a2bf61ba2d103c1a726d9e97c082 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Sat, 7 Apr 2012 05:12:36 -0700 Subject: [PATCH 8/9] Remove chatty logging --- src/ECIES.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ECIES.cpp b/src/ECIES.cpp index 1e24db73a5..2e4e7e8813 100644 --- a/src/ECIES.cpp +++ b/src/ECIES.cpp @@ -282,7 +282,7 @@ bool checkECIES(void) std::vector decrypt=recipientPriv.decryptECIES(senderPub, ciphertext); if(decrypt != message) return false; - std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl; +// std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl; } return true; } From 0e78e6805315e8cba8d2e153b5919bb135e5ec54 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Sat, 7 Apr 2012 05:15:56 -0700 Subject: [PATCH 9/9] Improve unit test. --- src/ECIES.cpp | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/ECIES.cpp b/src/ECIES.cpp index 2e4e7e8813..c3ba79481b 100644 --- a/src/ECIES.cpp +++ b/src/ECIES.cpp @@ -258,19 +258,25 @@ std::vector CKey::decryptECIES(CKey& otherKey, const std::vector< bool checkECIES(void) { CKey senderPriv, recipientPriv, senderPub, recipientPub; - senderPriv.MakeNewKey(); - recipientPriv.MakeNewKey(); - - if(!senderPub.SetPubKey(senderPriv.GetPubKey())) - throw std::runtime_error("key error"); - if(!recipientPub.SetPubKey(recipientPriv.GetPubKey())) - throw std::runtime_error("key error"); for(int i=0; i<30000; i++) { + if((i%100)==0) + { // generate new keys every 100 times +// std::cerr << "new keys" << std::endl; + senderPriv.MakeNewKey(); + recipientPriv.MakeNewKey(); + + if(!senderPub.SetPubKey(senderPriv.GetPubKey())) + throw std::runtime_error("key error"); + if(!recipientPub.SetPubKey(recipientPriv.GetPubKey())) + throw std::runtime_error("key error"); + } + // generate message std::vector message(4096); int msglen=i%3000; + if(RAND_bytes(static_cast(&message.front()), msglen) != 1) throw std::runtime_error("insufficient entropy"); message.resize(msglen); @@ -281,7 +287,11 @@ bool checkECIES(void) // decrypt message with recipient's private key and sender's public key std::vector decrypt=recipientPriv.decryptECIES(senderPub, ciphertext); - if(decrypt != message) return false; + if(decrypt != message) + { + assert(false); + return false; + } // std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl; } return true;