From 965551f8980c09b7d34894ca4e2698f8e16d30e9 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Thu, 10 Nov 2011 21:15:05 -0800 Subject: [PATCH] Updates. Prevent one type of signature being introduced as another. Some indexes. --- BinaryFormats.txt | 33 +++++++++++++++++++++------------ SQLiteDatabases.sql | 30 ++++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/BinaryFormats.txt b/BinaryFormats.txt index d7c7f40057..4eabd5435b 100644 --- a/BinaryFormats.txt +++ b/BinaryFormats.txt @@ -15,6 +15,13 @@ validating hashes or signatures. Sadly, Google's protocol buffers are not suitable for the inner portions of signed or hashed objects. +For signatures, the object is always prefixed with a 4-byte object type. +This prevents a malicious entity from presenting a signed object of one type +as an object of another type, for which the signature would be valid. + +Note: Signed blocks that exceed the length in this specification should be +accepted and the extraneous information ignored. Nodes may opt to ignore +objects they consider abusively long (a 1KB transaction, for example). 1) Account ID @@ -37,18 +44,17 @@ Fields: 4) 4-byte source account sequence number, unsigned BE integer 5) 4-byte source ledger index, unsigned BE integer 6) 4-byte arbitrary source tag, unsigned BE integer -7) Signature of the 104-byte contents of fields 1-6 +7) Prefix 0x54584E00 signature of 104-byte contents of fields 1-6 3) Transaction (ledger format) Fields: 1) Transaction in signed format -2) 16-byte fees held, unsigned BE integer +2) 8-byte fees held, unsigned BE integer - -4) Ledger (signed format) +5) Ledger (signed format) Fields: 1) 4-byte ledger index, unsigned BE integer @@ -56,12 +62,15 @@ Fields: 3) 32-byte hash of previous ledger 4) 32-byte hash of root of the transaction tree for this ledger 5) 32-byte hash of root of the account tree for this ledger +6) 8-byte timestamp [remaining fields only in proposed ledger -6) 8-byte timestamp when ledger is proposed 7) 4-byte confidence, unsigned BE integer x/255 +8) Signature: + Accepted: Prefix (0x4C475200) of 116 byte fields 1-6 + Proposed: Prefix (0x4C475000) of 120 byte fields 1-8 -5) Account status (ledger format) +6) Account status (ledger format) Fields: 1) 20-byte Account ID @@ -70,7 +79,7 @@ Fields: -6) Non-Leaf Tree Node +7) Non-Leaf Tree Node Contains 32 hashes, each 20-bytes. They correspond to hashes of the nodes for the 32 possible values of the *first* 5 bits of the *next* byte of the @@ -78,7 +87,7 @@ RIPEMD160 hash. By convention, an empty node has a hash of zero. -7) Leaf Node +8) Leaf Node Contains every item in this node, sorted in order of increasing raw binary order. (Elements that start with a zero byte come first.) In practice, this @@ -101,7 +110,7 @@ Fields: 4) 8-byte node flags (to be defined) 5) 8-byte timestamp (seconds since 1/1/70) 6) Node Info Block -7) Signature of fields 1-6 above. +7) Prefixed (0x4E4F4400) signature of fields 1-6 above. The node info block consists of one or more node info elements. Each element consists of a 1-byte element type, a 3-byte element length, and the element @@ -110,9 +119,9 @@ element types are defined: 0 = IPv4 Contact Information (4-byte address, 2-byte port) 1 = IPv6 Contact Information (16-byte address, 2-byte port) -2 = Hanko URL -3 = Node Name -4 = Organization Name +2 = Node Name +3 = Organization Name +4 = Node Certificate 5 = URL 6 = Admin Email 7 = Node Policy URL diff --git a/SQLiteDatabases.sql b/SQLiteDatabases.sql index 5d9133501c..9b576fd95d 100644 --- a/SQLiteDatabases.sql +++ b/SQLiteDatabases.sql @@ -1,11 +1,11 @@ CREATE TABLE Transactions ( -- trans in all state - TransactionID BLOB PRIMARY KEY, + TransID BLOB PRIMARY KEY, NodeHash BLOB, FromName BLOB, -- 20 byte hash of pub key FromPubKey BLOB, - FromSeq BIGINT UNSIGNED, -- account seq + FromSeq BIGINT UNSIGNED, -- account seq DestName BLOB, -- 20 byte hash of pub key Ident BIGINT, SourceLedger BIGINT UNSIGNED, -- ledger source expected @@ -14,8 +14,8 @@ CREATE TABLE Transactions ( -- trans in all state Status VARCHAR(12) NOT NULL ); -CREATE INDEX TransactionHashSet -- needed to fetch hash groups -ON Transactions(LedgerCommited, NodeHash); +CREATE INDEX TransHashSet ON Transactions(LedgerCommited, NodeHash); + CREATE TABLE PubKeys ( -- holds pub keys for nodes and accounts @@ -32,6 +32,9 @@ CREATE TABLE AccountStatus ( -- holds balances and sequence numbers LastLedger BIGINT UNSIGNED -- 2^60 if still valid ); +CREATE UNIQUE INDEX CurrentStatus ON AccountStatus(AccountName, LastLedger); + + CREATE TABLE Ledgers ( -- closed ledgers LedgerHash BLOB PRIMARY KEY, LedgerSeq BIGINT UNSIGNED, @@ -43,19 +46,26 @@ CREATE TABLE Ledgers ( -- closed ledgers Status VARCHAR(1) ); +CREATE INDEX SeqLedger ON Ledgers(LedgerSeq); + CREATE TABLE AccountSetHashNodes ( - NodeID BLOB, LedgerSeq BIGINT UNSIGNED, + NodeID BLOB, Hashes BLOB -- 32 hashes, each 20 bytes ); -CREATE TABLE TransactionSetHashNodes ( - NodeID BLOB, +CREATE UNIQUE INDEX FindAccountHashNodes ON AccountSetHashNodes(LedgerSeq, NodeID); + + +CREATE TABLE TransSetHashNodes ( LedgerSeq BIGINT UNSIGNED, + NodeID BLOB, Hashes BLOB -- 32 hashes, each 20 bytes ); +CREATE UNIQUE INDEX FindTransHashNodes ON TransSetHashNodes(LedgerSeq, NodeID); + CREATE TABLE LedgerConfirmations ( LedgerSeq BIGINT UNSIGNED, @@ -64,6 +74,9 @@ CREATE TABLE LedgerConfirmations ( Signature BLOB ); +CREATE INDEX SeqLedgerConf ON LedgerConfirmations(LedgerSeq); + + CREATE TABLE TrustedNodes ( Hanko BLOB PRIMARY KEY, TrustLevel SMALLINT, @@ -80,7 +93,7 @@ CREATE TABLE KnownNodes ( CREATE TABLE ByHash ( -- used to synch nodes Hash BLOB PRIMARY KEY, - Type VARCHAR(12) NOT NULL, + ObjType CHAR(1) NOT NULL, LedgerIndex BIGINT UNSIGNED, -- 2^60 if valid now, 0 if none Object BLOB ); @@ -92,3 +105,4 @@ CREATE TABLE LocalAccounts ( -- wallet PrivateKey BLOB Comment TEXT ); +