commit/bbdaddc33eb0f97c35ded4b2435a8918befd1c49/Sign_8cpp_source.html

#include <xrpl/protocol/AccountID.h>

#include <xrpl/protocol/HashPrefix.h>

#include <xrpl/protocol/KeyType.h>

#include <xrpl/protocol/PublicKey.h>

#include <xrpl/protocol/SField.h>

#include <xrpl/protocol/STExchange.h>

#include <xrpl/protocol/STObject.h>

#include <xrpl/protocol/SecretKey.h>

#include <xrpl/protocol/Serializer.h>

#include <xrpl/protocol/Sign.h>


namespace ripple {


void


sign(

    STObject& st,

    HashPrefix const& prefix,

    KeyType type,

    SecretKey const& sk,

    SF_VL const& sigField)

{

    Serializer ss;

    ss.add32(prefix);

    st.addWithoutSigningFields(ss);

    set(st, sigField, sign(type, sk, ss.slice()));

}


bool


verify(

    STObject const& st,

    HashPrefix const& prefix,

    PublicKey const& pk,

    SF_VL const& sigField)

{

    auto const sig = get(st, sigField);

    if (!sig)

        return false;

    Serializer ss;

    ss.add32(prefix);

    st.addWithoutSigningFields(ss);

    return verify(

        pk, Slice(ss.data(), ss.size()), Slice(sig->data(), sig->size()));

}


// Questions regarding buildMultiSigningData:

//

// Why do we include the Signer.Account in the blob to be signed?

//

// Unless you include the Account which is signing in the signing blob,

// you could swap out any Signer.Account for any other, which may also

// be on the SignerList and have a RegularKey matching the

// Signer.SigningPubKey.

//

// That RegularKey may be set to allow some 3rd party to sign transactions

// on the account's behalf, and that RegularKey could be common amongst all

// users of the 3rd party. That's just one example of sharing the same

// RegularKey amongst various accounts and just one vulnerability.

//

//   "When you have something that's easy to do that makes entire classes of

//    attacks clearly and obviously impossible, you need a damn good reason

//    not to do it."  --  David Schwartz

//

// Why would we include the signingFor account in the blob to be signed?

//

// In the current signing scheme, the account that a signer is `signing

// for/on behalf of` is the tx_json.Account.

//

// Later we might support more levels of signing.  Suppose Bob is a signer

// for Alice, and Carol is a signer for Bob, so Carol can sign for Bob who

// signs for Alice.  But suppose Alice has two signers: Bob and Dave.  If

// Carol is a signer for both Bob and Dave, then the signature needs to

// distinguish between Carol signing for Bob and Carol signing for Dave.

//

// So, if we support multiple levels of signing, then we'll need to

// incorporate the "signing for" accounts into the signing data as well.

Serializer


buildMultiSigningData(STObject const& obj, AccountID const& signingID)

{

    Serializer s{startMultiSigningData(obj)};

    finishMultiSigningData(signingID, s);

    return s;

}


Serializer


startMultiSigningData(STObject const& obj)

{

    Serializer s;

    s.add32(HashPrefix::txMultiSign);

    obj.addWithoutSigningFields(s);

    return s;

}


}  // namespace ripple

ripple::PublicKey
A public key.
Definition PublicKey.h:43

ripple::STObject
Definition STObject.h:38

ripple::STObject::addWithoutSigningFields
void addWithoutSigningFields(Serializer &s) const
Definition STObject.h:944

ripple::SecretKey
A secret key.
Definition SecretKey.h:19

ripple::Serializer
Definition Serializer.h:22

ripple::Serializer::size
std::size_t size() const noexcept
Definition Serializer.h:53

ripple::Serializer::data
void const * data() const noexcept
Definition Serializer.h:59

ripple::Serializer::add32
int add32(T i)
Definition Serializer.h:75

ripple::Serializer::slice
Slice slice() const noexcept
Definition Serializer.h:47

ripple::Slice
An immutable linear range of bytes.
Definition Slice.h:27

ripple::base_uint< 160, detail::AccountIDTag >

ripple
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:6

ripple::finishMultiSigningData
void finishMultiSigningData(AccountID const &signingID, Serializer &s)
Definition Sign.h:65

ripple::startMultiSigningData
Serializer startMultiSigningData(STObject const &obj)
Break the multi-signing hash computation into 2 parts for optimization.
Definition Sign.cpp:85

ripple::verify
bool verify(PublicKey const &publicKey, Slice const &m, Slice const &sig, bool mustBeFullyCanonical=true) noexcept
Verify a signature on a message.
Definition PublicKey.cpp:270

ripple::buildMultiSigningData
Serializer buildMultiSigningData(STObject const &obj, AccountID const &signingID)
Return a Serializer suitable for computing a multisigning TxnSignature.
Definition Sign.cpp:77

ripple::set
bool set(T &target, std::string const &name, Section const &section)
Set a value from a configuration Section If the named value is not found or doesn't parse as a T,...
Definition BasicConfig.h:296

ripple::sign
Buffer sign(PublicKey const &pk, SecretKey const &sk, Slice const &message)
Generate a signature for a message.
Definition SecretKey.cpp:237

ripple::KeyType
KeyType
Definition KeyType.h:9

ripple::get
T get(Section const &section, std::string const &name, T const &defaultValue=T{})
Retrieve a key/value pair from a section.
Definition BasicConfig.h:336

ripple::HashPrefix
HashPrefix
Prefix for hashing functions.
Definition HashPrefix.h:36

ripple::HashPrefix::txMultiSign
@ txMultiSign
inner transaction to multi-sign

ripple::TypedField
A field with a type known at compile time.
Definition SField.h:301