Merge branch 'master' of github.com:jedmccaleb/NewCoin

src/Config.cpp

@@ -2,6 +2,7 @@
 
 #include "ParseSection.h"
 
+#include <iostream>
 #include <fstream>
 #include <boost/lexical_cast.hpp>
 

src/ECIES.cpp

@@ -11,30 +11,43 @@
 
 #include "key.h"
 
-#define ECIES_KEY_HASH		SHA256
+// ECIES uses elliptic curve keys to send an encrypted message.
-#define ECIES_KEY_LENGTH	(256/8)
-#define ECIES_KEY_TYPE		uint256
-#define ECIES_ENC_ALGO		EVP_aes_256_cbc()
-#define ECIES_ENC_KEY_SIZE 	(256/8)
-#define ECIES_ENC_BLK_SIZE	(128/8)
-#define ECIES_ENC_KEY_TYPE	uint256
-#define ECIES_ENC_IV_TYPE	uint128
-#define ECIES_HMAC_ALGO		EVP_sha256()
-#define ECIES_HMAC_SIZE		(256/8)
-#define ECIES_HMAC_TYPE		uint256
 
-static void* ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen)
+// A shared secret is generated from one public key and one private key.
-{ // This function must not be changed as it must be what ECDH_compute_key expects
+// The same key results regardless of which key is public and which private.
-	if (*olen < ECIES_KEY_LENGTH)
-	{
-		assert(false);
-		return NULL;
-	}
-	*olen = ECIES_KEY_LENGTH;
-	return ECIES_KEY_HASH(static_cast<const unsigned char *>(input), ilen, static_cast<unsigned char *>(output));
-}
 
-ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey)
+// Anonymous messages can be sent by generating an ephemeral public/private
+// key pair, using that private key with the recipient's public key to
+// encrypt and publishing the ephemeral public key. Non-anonymous messages
+// can be sent by using your own private key with the recipient's public key.
+
+// A random IV is used to encrypt the message and an HMAC is used to ensure
+// message integrity. If you need timestamps or need to tell the recipient
+// which key to use (his, yours, or ephemeral) you must add that data.
+// (Obviously, key information can't go in the encrypted portion anyway.)
+
+// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows:
+// 1) IV (unencrypted)
+// 2) Encrypted: HMAC of original plaintext
+// 3) Encrypted: Original plaintext
+// 4) Encrypted: Rest of block/padding
+
+// Algorithmic choices:
+#define ECIES_KEY_HASH		SHA512				// Hash used to expand shared secret
+#define ECIES_KEY_LENGTH	(512/8)				// Size of expanded shared secret
+#define ECIES_MIN_SEC       (128/8)				// The minimum equivalent security
+#define ECIES_ENC_ALGO		EVP_aes_256_cbc()	// Encryption algorithm
+#define ECIES_ENC_KEY_TYPE	uint256				// Type used to hold shared secret
+#define ECIES_ENC_KEY_SIZE 	(256/8)				// Encryption key size
+#define ECIES_ENC_BLK_SIZE	(128/8)				// Encryption block size
+#define ECIES_ENC_IV_TYPE	uint128				// Type used to hold IV
+#define ECIES_HMAC_ALGO		EVP_sha256()		// HMAC algorithm
+#define ECIES_HMAC_KEY_TYPE	uint256				// Type used to hold HMAC key
+#define ECIES_HMAC_KEY_SIZE (256/8)				// Size of HMAC key
+#define ECIES_HMAC_TYPE     uint256				// Type used to hold HMAC value
+#define ECIES_HMAC_SIZE		(256/8)				// Size of HMAC value
+
+void CKey::getECIESSecret(CKey& otherKey, ECIES_ENC_KEY_TYPE& enc_key, ECIES_HMAC_KEY_TYPE& hmac_key)
 { // Retrieve a secret generated from an EC key pair. At least one private key must be known.
 	if(!pkey || !otherKey.pkey)
 		throw std::runtime_error("missing key");
@@ -52,25 +65,27 @@ ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey)
 	}
 	else throw std::runtime_error("no private key");
 
-	ECIES_KEY_TYPE key;
+	unsigned char rawbuf[512];
-	if (ECDH_compute_key(key.begin(), ECIES_KEY_LENGTH, EC_KEY_get0_public_key(pubkey),
+	int buflen=ECDH_compute_key(rawbuf, 512, EC_KEY_get0_public_key(pubkey), privkey, NULL);
-			privkey, ecies_key_derivation) != ECIES_KEY_LENGTH)
+	if(buflen < ECIES_MIN_SEC)
 		throw std::runtime_error("ecdh key failed");
-	return key;
+
+	unsigned char hbuf[ECIES_KEY_LENGTH];
+	ECIES_KEY_HASH(rawbuf, buflen, hbuf);
+	memset(rawbuf, 0, ECIES_HMAC_KEY_SIZE);
+
+	assert((ECIES_ENC_KEY_SIZE + ECIES_HMAC_KEY_SIZE) >= ECIES_KEY_LENGTH);
+	memcpy(enc_key.begin(), hbuf, ECIES_ENC_KEY_SIZE);
+	memcpy(hmac_key.begin(), hbuf + ECIES_ENC_KEY_SIZE, ECIES_HMAC_KEY_SIZE);
+	memset(hbuf, 0, ECIES_KEY_LENGTH);
 }
 
-// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows:
+static ECIES_HMAC_TYPE makeHMAC(const ECIES_HMAC_KEY_TYPE& secret, const std::vector<unsigned char> data)
-// 1) IV (unencrypted)
-// 2) Encrypted: HMAC of original plaintext
-// 3) Encrypted: Original plaintext
-// 4) Encrypted: Rest of block/padding
-
-static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector<unsigned char> data)
 {
 	HMAC_CTX ctx;
 	HMAC_CTX_init(&ctx);
 	
-	if(HMAC_Init_ex(&ctx, secret.begin(), ECIES_KEY_LENGTH, ECIES_HMAC_ALGO, NULL) != 1)
+	if(HMAC_Init_ex(&ctx, secret.begin(), ECIES_HMAC_KEY_SIZE, ECIES_HMAC_ALGO, NULL) != 1)
 	{
 		HMAC_CTX_cleanup(&ctx);
 		throw std::runtime_error("init hmac");
@@ -82,37 +97,42 @@ static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector<unsigne
 		throw std::runtime_error("update hmac");
 	}
 
-	unsigned int ml=EVP_MAX_MD_SIZE;
+	ECIES_HMAC_TYPE ret;
-	std::vector<unsigned char> hmac(ml);
+	unsigned int ml = ECIES_HMAC_SIZE;
-	if(HMAC_Final(&ctx, &(hmac.front()), &ml) != 1)
+	if(HMAC_Final(&ctx, ret.begin(), &ml) != 1)
 	{
 		HMAC_CTX_cleanup(&ctx);
 		throw std::runtime_error("finalize hmac");
 	}
-
+	assert(ml == ECIES_HMAC_SIZE);
-	ECIES_HMAC_TYPE ret;
+	HMAC_CTX_cleanup(&ctx);
-	memcpy(ret.begin(), &(hmac.front()), ECIES_HMAC_SIZE);
 
 	return ret;
 }
 
 std::vector<unsigned char> CKey::encryptECIES(CKey& otherKey, const std::vector<unsigned char>& plaintext)
 {
-	ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
-	ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext);
 
 	ECIES_ENC_IV_TYPE iv;
 	if(RAND_bytes(static_cast<unsigned char *>(iv.begin()), ECIES_ENC_BLK_SIZE) != 1)
 		throw std::runtime_error("insufficient entropy");
 
+	ECIES_ENC_KEY_TYPE secret;
+	ECIES_HMAC_KEY_TYPE hmacKey;
+	getECIESSecret(otherKey, secret, hmacKey);
+	ECIES_HMAC_TYPE hmac=makeHMAC(hmacKey, plaintext);
+	hmacKey.zero();
+
 	EVP_CIPHER_CTX ctx;
 	EVP_CIPHER_CTX_init(&ctx);
 
 	if (EVP_EncryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1)
 	{
 		EVP_CIPHER_CTX_cleanup(&ctx);
+		secret.zero();
 		throw std::runtime_error("init cipher ctx");
 	}
+	secret.zero();
 
 	std::vector<unsigned char> out(plaintext.size() + ECIES_HMAC_SIZE + ECIES_ENC_KEY_SIZE + ECIES_ENC_BLK_SIZE, 0);
 	int len=0, bytesWritten;
@@ -160,10 +180,9 @@ std::vector<unsigned char> CKey::encryptECIES(CKey& otherKey, const std::vector<
 
 std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<unsigned char>& ciphertext)
 {
-	ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
 
 	// minimum ciphertext = IV + HMAC + 1 block
-	if(ciphertext.size() < ((2*ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) )
+	if(ciphertext.size() < ((2 * ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) )
 		throw std::runtime_error("ciphertext too short");
 
 	// extract IV
@@ -173,9 +192,14 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
 	// begin decrypting
 	EVP_CIPHER_CTX ctx;
 	EVP_CIPHER_CTX_init(&ctx);
+	ECIES_ENC_KEY_TYPE secret;
+	ECIES_HMAC_KEY_TYPE hmacKey;
+	getECIESSecret(otherKey, secret, hmacKey);
 
 	if(EVP_DecryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1)
 	{
+		secret.zero();
+		hmacKey.zero();
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		throw std::runtime_error("unable to init cipher");
 	}
@@ -184,8 +208,10 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
 	ECIES_HMAC_TYPE hmac;
 	int outlen=ECIES_HMAC_SIZE;
 	if( (EVP_DecryptUpdate(&ctx, hmac.begin(), &outlen,
-		&(ciphertext.front()) + ECIES_ENC_BLK_SIZE,	ECIES_HMAC_SIZE+1) != 1) || (outlen != ECIES_HMAC_SIZE) )
+		&(ciphertext.front()) + ECIES_ENC_BLK_SIZE,	ECIES_HMAC_SIZE + 1) != 1) || (outlen != ECIES_HMAC_SIZE) )
 	{
+		secret.zero();
+		hmacKey.zero();
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		throw std::runtime_error("unable to extract hmac");
 	}
@@ -194,26 +220,36 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
 	std::vector<unsigned char> plaintext(ciphertext.size() - ECIES_HMAC_SIZE - ECIES_ENC_BLK_SIZE);
 	outlen=plaintext.size();
 	if(EVP_DecryptUpdate(&ctx, &(plaintext.front()), &outlen,
-		&(ciphertext.front())+ECIES_ENC_BLK_SIZE+ECIES_HMAC_SIZE+1,
+		&(ciphertext.front()) + ECIES_ENC_BLK_SIZE + ECIES_HMAC_SIZE + 1,
-		ciphertext.size()-ECIES_ENC_BLK_SIZE-ECIES_HMAC_SIZE-1) != 1)
+		ciphertext.size() - ECIES_ENC_BLK_SIZE - ECIES_HMAC_SIZE - 1) != 1)
 	{
+		secret.zero();
+		hmacKey.zero();
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		throw std::runtime_error("unable to extract plaintext");
 	}
 
+	// decrypt padding
 	int flen = 0;
 	if(EVP_DecryptFinal(&ctx, &(plaintext.front()) + outlen, &flen) != 1)
 	{
+		secret.zero();
+		hmacKey.zero();
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		throw std::runtime_error("plaintext had bad padding");
 	}
 	plaintext.resize(flen + outlen);
 
-	if(hmac != makeHMAC(secret, plaintext))
+	// verify integrity
+	if(hmac != makeHMAC(hmacKey, plaintext))
 	{
+		secret.zero();
+		hmacKey.zero();
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		throw std::runtime_error("plaintext had bad hmac");
 	}
+	secret.zero();
+	hmacKey.zero();
 
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	return plaintext;
@@ -222,6 +258,12 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
 bool checkECIES(void)
 {
 	CKey senderPriv, recipientPriv, senderPub, recipientPub;
+
+	for(int i=0; i<30000; i++)
+	{
+		if((i%100)==0)
+		{ // generate new keys every 100 times
+//			std::cerr << "new keys" << std::endl;
 			senderPriv.MakeNewKey();
 			recipientPriv.MakeNewKey();
 
@@ -229,12 +271,12 @@ bool checkECIES(void)
 				throw std::runtime_error("key error");
 			if(!recipientPub.SetPubKey(recipientPriv.GetPubKey()))
 				throw std::runtime_error("key error");
+		}
 
-	for(int i=0; i<30000; i++)
-	{
 		// generate message
 		std::vector<unsigned char> message(4096);
 		int msglen=i%3000;
+
 		if(RAND_bytes(static_cast<unsigned char *>(&message.front()), msglen) != 1)
 			throw std::runtime_error("insufficient entropy");
 		message.resize(msglen);
@@ -245,7 +287,11 @@ bool checkECIES(void)
 		// decrypt message with recipient's private key and sender's public key
 		std::vector<unsigned char> decrypt=recipientPriv.decryptECIES(senderPub, ciphertext);
 
-		if(decrypt != message) return false;
+		if(decrypt != message)
+		{
+			assert(false);
+			return false;
+		}
 //		std::cerr << "Msg(" << msglen << ") ok " << ciphertext.size() << std::endl;
 	}
 	return true;

src/SerializedLedger.cpp

@@ -0,0 +1,3 @@
+
+#include "SerializedLedger.h"
+

src/SerializedLedger.h

@@ -0,0 +1,32 @@
+#ifndef __SERIALIZEDLEDGER__
+#define __SERIALIZEDLEDGER__
+
+#include "SerializedObject.h"
+#include "LedgerFormats.h"
+
+class SerializedLedger : public STObject
+{
+public:
+	typedef boost::shared_ptr<SerializedLedger> pointer;
+
+protected:
+	LedgerEntryType mType;
+	STUInt16 mVersion;
+	STObject mObject;
+	LedgerEntryFormat* mFormat;
+
+public:
+	SerializedLedger(SerializerIterator& sit);
+	SerializedLedger(LedgerEntryType type);
+
+	int getLength() const { return mVersion.getLength() + mObject.getLength(); }
+	SerializedTypeID getType() const { return STI_LEDGERENTRY; }
+    SerializedLedger* duplicate() const { return new SerializedLedger(*this); }
+    std::string getFullText() const;
+    std::string getText() const;
+    void add(Serializer& s) const { mVersion.add(s); mObject.add(s); }
+
+
+};
+
+#endif

src/SerializedTransaction.cpp

@@ -3,7 +3,7 @@
 
 SerializedTransaction::SerializedTransaction(TransactionType type)
 {
-	mFormat=getFormat(type);
+	mFormat=getTxnFormat(type);
 	if(mFormat==NULL) throw(std::runtime_error("invalid transaction type"));
 
 	mMiddleTxn.giveObject(new STUInt32("Magic", TransactionMagic));
@@ -33,7 +33,7 @@ SerializedTransaction::SerializedTransaction(SerializerIterator& sit, int length
 
 	int type=sit.get32();
 	mMiddleTxn.giveObject(new STUInt32("Type", type));
-	mFormat=getFormat(static_cast<TransactionType>(type));
+	mFormat=getTxnFormat(static_cast<TransactionType>(type));
 	if(!mFormat) throw(std::runtime_error("Transaction has invalid type"));
 	mMiddleTxn.giveObject(new STUInt64("Fee", sit.get64()));
 

src/SerializedTypes.h

@@ -17,7 +17,7 @@ enum SerializedTypeID
 	STI_HASH128=6, STI_HASH160=7, STI_HASH256=8, STI_VL=9, STI_TL=10,
 
 	// high level types
-	STI_ACCOUNT=100, STI_TRANSACTION=101
+	STI_ACCOUNT=100, STI_TRANSACTION=101, STI_LEDGERENTRY=102
 };
 
 class SerializedType

src/TransactionFormats.cpp

@@ -45,7 +45,7 @@ TransactionFormat InnerTxnFormats[]=
 	{ NULL, ttINVALID }
 };
 
-TransactionFormat* getFormat(TransactionType t)
+TransactionFormat* getTxnFormat(TransactionType t)
 {
 	TransactionFormat* f=InnerTxnFormats;
 	while(f->t_name!=NULL)

src/TransactionFormats.h

@@ -27,5 +27,5 @@ const int TransactionMinLen=32;
 const int TransactionMaxLen=1048576;
 
 extern TransactionFormat InnerTxnFormats[];
-extern TransactionFormat* getFormat(TransactionType t);
+extern TransactionFormat* getTxnFormat(TransactionType t);
 #endif

src/key.h

@@ -277,7 +277,7 @@ public:
 	// ECIES functions. These throw on failure
 
 	// returns a 32-byte secret unique to these two keys. At least one private key must be known.
-	uint256 getECIESSecret(CKey& otherKey);
+	void getECIESSecret(CKey& otherKey, uint256& enc_key, uint256& hmac_key);
 
 	// encrypt/decrypt functions with integrity checking.
 	// Note that the other side must somehow know what keys to use