From 7a6d533014f66b6880c44e5fcb0957251ce7cd1e Mon Sep 17 00:00:00 2001 From: Josh Juran Date: Tue, 6 Jan 2015 12:51:38 -0800 Subject: [PATCH] Refactor GenerateDeterministicKey and its call sites: Remove the use of ec_key parameters and return values from ECDSA crypto prototypes. Don't store key data into an ec_key variable only to fetch it back into the original type again. Use uint256 and Blob explicitly. Pass private keys as uint256, and pass public keys as either pointer and length or Blob in calls to ECDSA{Sign,Verify}() and {en,de}cryptECIES(). Replace GenerateRootDeterministicKey() with separate functions returning either the public or private key, since no caller needs both at once. Simplify the use of GenerateDeterministicKey within RippleAddress. Call a single routine rather than pass the result of one as input to another. Add openssl unit with RAII classes for bignum, bn_ctx, and ec_point plus free utility functions. Rewrite the functions in GenerateDeterministicKey.cpp to use RAII rather than explicit cleanup code: * factor out secp256k1_group and secp256k1_order for reuse rather than computing them each time * replace getPublicKey() with serialize_ec_point(), which makes, sets, and destroys an ec_key internally (sparing the caller those details) and calls i2o_ECPublicKey() directly * return bignum rather than ec_key from GenerateRootDeterministicKey() * return ec_point rather than EC_KEY* from GenerateRootPubKey() Move ECDSA{Private,Public}Key() to a new ECDSAKey unit. Move ec_key.h into impl/ since it's no longer used outside crypto/. Remove now-unused member functions from ec_key. Change tabs to spaces; trim trailing whitespace (including blank lines). --- Builds/VisualStudio2013/RippleD.vcxproj | 14 +- .../VisualStudio2013/RippleD.vcxproj.filters | 18 +- src/ripple/app/paths/Pathfinder.cpp | 2 +- src/ripple/crypto/ECDSA.h | 11 +- src/ripple/crypto/ECIES.h | 6 +- src/ripple/crypto/GenerateDeterministicKey.h | 10 +- src/ripple/crypto/impl/ECDSA.cpp | 75 +--- src/ripple/crypto/impl/ECDSAKey.cpp | 92 +++++ src/ripple/crypto/impl/ECDSAKey.h | 36 ++ src/ripple/crypto/impl/ECIES.cpp | 14 +- .../crypto/impl/GenerateDeterministicKey.cpp | 326 ++++-------------- src/ripple/crypto/impl/ec_key.cpp | 50 +-- src/ripple/crypto/{ => impl}/ec_key.h | 8 - src/ripple/crypto/impl/openssl.cpp | 154 +++++++++ src/ripple/crypto/impl/openssl.h | 200 +++++++++++ src/ripple/crypto/tests/CKey.test.cpp | 8 +- src/ripple/protocol/STTx.h | 2 +- src/ripple/protocol/impl/RippleAddress.cpp | 104 ++---- src/ripple/unity/crypto.cpp | 2 + 19 files changed, 649 insertions(+), 483 deletions(-) mode change 100755 => 100644 Builds/VisualStudio2013/RippleD.vcxproj create mode 100644 src/ripple/crypto/impl/ECDSAKey.cpp create mode 100644 src/ripple/crypto/impl/ECDSAKey.h rename src/ripple/crypto/{ => impl}/ec_key.h (89%) create mode 100644 src/ripple/crypto/impl/openssl.cpp create mode 100644 src/ripple/crypto/impl/openssl.h diff --git a/Builds/VisualStudio2013/RippleD.vcxproj b/Builds/VisualStudio2013/RippleD.vcxproj old mode 100755 new mode 100644 index 04d7bd7c7..0254c344e --- a/Builds/VisualStudio2013/RippleD.vcxproj +++ b/Builds/VisualStudio2013/RippleD.vcxproj @@ -1945,8 +1945,6 @@ - - @@ -1967,15 +1965,27 @@ True + + True + + + True True + + True + + True + + + True diff --git a/Builds/VisualStudio2013/RippleD.vcxproj.filters b/Builds/VisualStudio2013/RippleD.vcxproj.filters index efdcd7167..6560fd77c 100644 --- a/Builds/VisualStudio2013/RippleD.vcxproj.filters +++ b/Builds/VisualStudio2013/RippleD.vcxproj.filters @@ -2871,9 +2871,6 @@ ripple\crypto - - ripple\crypto - ripple\crypto @@ -2895,15 +2892,30 @@ ripple\crypto\impl + + ripple\crypto\impl + + + ripple\crypto\impl + ripple\crypto\impl ripple\crypto\impl + + ripple\crypto\impl + ripple\crypto\impl + + ripple\crypto\impl + + + ripple\crypto\impl + ripple\crypto\impl diff --git a/src/ripple/app/paths/Pathfinder.cpp b/src/ripple/app/paths/Pathfinder.cpp index 55495a10e..7966f079a 100644 --- a/src/ripple/app/paths/Pathfinder.cpp +++ b/src/ripple/app/paths/Pathfinder.cpp @@ -568,7 +568,7 @@ STPathSet Pathfinder::getBestPaths ( bool useExtraPath = false; if (pathsIterator == mPathRanks.end()) - useExtraPath = true; + useExtraPath = true; else if (extraPathsIterator == extraPathRanks.end()) usePath = true; else if (extraPathsIterator->quality < pathsIterator->quality) diff --git a/src/ripple/crypto/ECDSA.h b/src/ripple/crypto/ECDSA.h index fa0fda349..76af17041 100644 --- a/src/ripple/crypto/ECDSA.h +++ b/src/ripple/crypto/ECDSA.h @@ -20,18 +20,17 @@ #ifndef RIPPLE_CRYPTO_ECDSA_H_INCLUDED #define RIPPLE_CRYPTO_ECDSA_H_INCLUDED -#include #include #include namespace ripple { -openssl::ec_key ECDSAPrivateKey (uint256 const& serialized); -openssl::ec_key ECDSAPublicKey (Blob const& serialized); +Blob ECDSASign (uint256 const& hash, uint256 const& key); -Blob ECDSASign (uint256 const& hash, const openssl::ec_key& key); - -bool ECDSAVerify (uint256 const& hash, Blob const& sig, const openssl::ec_key& key); +bool ECDSAVerify (uint256 const& hash, + Blob const& sig, + std::uint8_t const* key_data, + std::size_t key_size); } // ripple diff --git a/src/ripple/crypto/ECIES.h b/src/ripple/crypto/ECIES.h index d6f66c725..5e73657ab 100644 --- a/src/ripple/crypto/ECIES.h +++ b/src/ripple/crypto/ECIES.h @@ -20,7 +20,7 @@ #ifndef RIPPLE_CRYPTO_ECIES_H_INCLUDED #define RIPPLE_CRYPTO_ECIES_H_INCLUDED -#include +#include #include namespace ripple { @@ -29,8 +29,8 @@ namespace ripple { // encrypt/decrypt functions with integrity checking. // Note that the other side must somehow know what keys to use -Blob encryptECIES (const openssl::ec_key& secretKey, const openssl::ec_key& publicKey, Blob const& plaintext); -Blob decryptECIES (const openssl::ec_key& secretKey, const openssl::ec_key& publicKey, Blob const& ciphertext); +Blob encryptECIES (uint256 const& secretKey, Blob const& publicKey, Blob const& plaintext); +Blob decryptECIES (uint256 const& secretKey, Blob const& publicKey, Blob const& ciphertext); } // ripple diff --git a/src/ripple/crypto/GenerateDeterministicKey.h b/src/ripple/crypto/GenerateDeterministicKey.h index 92f4e6076..6070d45bb 100644 --- a/src/ripple/crypto/GenerateDeterministicKey.h +++ b/src/ripple/crypto/GenerateDeterministicKey.h @@ -25,15 +25,15 @@ #ifndef RIPPLE_CRYPTO_GENERATEDETERMINISTICKEY_H_INCLUDED #define RIPPLE_CRYPTO_GENERATEDETERMINISTICKEY_H_INCLUDED -#include #include -#include namespace ripple { -openssl::ec_key GenerateRootDeterministicKey (const uint128& passPhrase); -openssl::ec_key GeneratePublicDeterministicKey (Blob const& generator, int n); -openssl::ec_key GeneratePrivateDeterministicKey (Blob const& family, const BIGNUM* rootPriv, int n); +Blob GenerateRootDeterministicPublicKey (const uint128& passPhrase); +uint256 GenerateRootDeterministicPrivateKey (const uint128& passPhrase); + +Blob GeneratePublicDeterministicKey (Blob const& generator, int n); +uint256 GeneratePrivateDeterministicKey (Blob const& family, uint128 const& seed, int n); } // ripple diff --git a/src/ripple/crypto/impl/ECDSA.cpp b/src/ripple/crypto/impl/ECDSA.cpp index 2dd02b2b1..671ef044d 100644 --- a/src/ripple/crypto/impl/ECDSA.cpp +++ b/src/ripple/crypto/impl/ECDSA.cpp @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include #include #include @@ -34,63 +36,7 @@ namespace ripple { using openssl::ec_key; -static EC_KEY* new_initialized_EC_KEY() -{ - EC_KEY* key = EC_KEY_new_by_curve_name (NID_secp256k1); - - if (key == nullptr) - { - throw std::runtime_error ("new_initialized_EC_KEY() : EC_KEY_new_by_curve_name failed"); - } - - EC_KEY_set_conv_form (key, POINT_CONVERSION_COMPRESSED); - - return key; -} - -ec_key ECDSAPrivateKey (uint256 const& serialized) -{ - EC_KEY* key = new_initialized_EC_KEY(); - - BIGNUM* bn = BN_bin2bn (serialized.begin(), serialized.size(), nullptr); - - if (bn == nullptr) - { - // leaks key - throw std::runtime_error ("ec_key::ec_key: BN_bin2bn failed"); - } - - const bool ok = EC_KEY_set_private_key (key, bn); - - BN_clear_free (bn); - - if (! ok) - { - EC_KEY_free (key); - } - - return ec_key::acquire ((ec_key::pointer_t) key); -} - -ec_key ECDSAPublicKey (Blob const& serialized) -{ - EC_KEY* key = new_initialized_EC_KEY(); - - std::uint8_t const* begin = &serialized[0]; - - if (o2i_ECPublicKey (&key, &begin, serialized.size()) != nullptr) - { - EC_KEY_set_conv_form (key, POINT_CONVERSION_COMPRESSED); - } - else - { - EC_KEY_free (key); - } - - return ec_key::acquire ((ec_key::pointer_t) key); -} - -Blob ECDSASign (uint256 const& hash, const openssl::ec_key& key) +static Blob ECDSASign (uint256 const& hash, const openssl::ec_key& key) { Blob result; @@ -112,15 +58,28 @@ Blob ECDSASign (uint256 const& hash, const openssl::ec_key& key) return result; } +Blob ECDSASign (uint256 const& hash, uint256 const& key) +{ + return ECDSASign (hash, ECDSAPrivateKey (key)); +} + static bool ECDSAVerify (uint256 const& hash, std::uint8_t const* sig, size_t sigLen, EC_KEY* key) { // -1 = error, 0 = bad sig, 1 = good return ECDSA_verify (0, hash.begin(), hash.size(), sig, sigLen, key) > 0; } -bool ECDSAVerify (uint256 const& hash, Blob const& sig, const openssl::ec_key& key) +static bool ECDSAVerify (uint256 const& hash, Blob const& sig, const openssl::ec_key& key) { return ECDSAVerify (hash, sig.data(), sig.size(), (EC_KEY*) key.get()); } +bool ECDSAVerify (uint256 const& hash, + Blob const& sig, + std::uint8_t const* key_data, + std::size_t key_size) +{ + return ECDSAVerify (hash, sig, ECDSAPublicKey (key_data, key_size)); +} + } // ripple diff --git a/src/ripple/crypto/impl/ECDSAKey.cpp b/src/ripple/crypto/impl/ECDSAKey.cpp new file mode 100644 index 000000000..96dd06209 --- /dev/null +++ b/src/ripple/crypto/impl/ECDSAKey.cpp @@ -0,0 +1,92 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2012, 2013 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2011 The Bitcoin developers +// Distributed under the MIT/X11 software license, see the accompanying +// file license.txt or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include +#include + +namespace ripple { + +using openssl::ec_key; + +static EC_KEY* new_initialized_EC_KEY() +{ + EC_KEY* key = EC_KEY_new_by_curve_name (NID_secp256k1); + + if (key == nullptr) + { + throw std::runtime_error ("new_initialized_EC_KEY() : EC_KEY_new_by_curve_name failed"); + } + + EC_KEY_set_conv_form (key, POINT_CONVERSION_COMPRESSED); + + return key; +} + +ec_key ECDSAPrivateKey (uint256 const& serialized) +{ + BIGNUM* bn = BN_bin2bn (serialized.begin(), serialized.size(), nullptr); + + if (bn == nullptr) + { + throw std::runtime_error ("ec_key::ec_key: BN_bin2bn failed"); + } + + EC_KEY* key = new_initialized_EC_KEY(); + + const bool ok = EC_KEY_set_private_key (key, bn); + + BN_clear_free (bn); + + if (! ok) + { + EC_KEY_free (key); + } + + return ec_key::acquire ((ec_key::pointer_t) key); +} + +ec_key ECDSAPublicKey (std::uint8_t const* data, std::size_t size) +{ + EC_KEY* key = new_initialized_EC_KEY(); + + if (o2i_ECPublicKey (&key, &data, size) != nullptr) + { + EC_KEY_set_conv_form (key, POINT_CONVERSION_COMPRESSED); + } + else + { + EC_KEY_free (key); + } + + return ec_key::acquire ((ec_key::pointer_t) key); +} + +ec_key ECDSAPublicKey (Blob const& serialized) +{ + return ECDSAPublicKey (&serialized[0], serialized.size()); +} + +} // ripple diff --git a/src/ripple/crypto/impl/ECDSAKey.h b/src/ripple/crypto/impl/ECDSAKey.h new file mode 100644 index 000000000..78b807026 --- /dev/null +++ b/src/ripple/crypto/impl/ECDSAKey.h @@ -0,0 +1,36 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2014 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +#ifndef RIPPLE_ECDSAKEY_H +#define RIPPLE_ECDSAKEY_H + +#include +#include +#include + +namespace ripple { + +openssl::ec_key ECDSAPrivateKey (uint256 const& serialized); +openssl::ec_key ECDSAPublicKey (Blob const& serialized); + +openssl::ec_key ECDSAPublicKey (std::uint8_t const* data, std::size_t size); + +} // ripple + +#endif diff --git a/src/ripple/crypto/impl/ECIES.cpp b/src/ripple/crypto/impl/ECIES.cpp index 6b8bb974f..f5deb444b 100644 --- a/src/ripple/crypto/impl/ECIES.cpp +++ b/src/ripple/crypto/impl/ECIES.cpp @@ -19,6 +19,8 @@ #include #include +#include +#include #include #include #include @@ -97,6 +99,14 @@ static void getECIESSecret (const openssl::ec_key& secretKey, const openssl::ec_ memset (hbuf, 0, ECIES_KEY_LENGTH); } +static void getECIESSecret (uint256 const& secretKey, + Blob const& publicKey, + ECIES_ENC_KEY_TYPE& enc_key, + ECIES_HMAC_KEY_TYPE& hmac_key) +{ + getECIESSecret (ECDSAPrivateKey (secretKey), ECDSAPublicKey (publicKey), enc_key, hmac_key); +} + static ECIES_HMAC_TYPE makeHMAC (const ECIES_HMAC_KEY_TYPE& secret, Blob const& data) { HMAC_CTX ctx; @@ -129,7 +139,7 @@ static ECIES_HMAC_TYPE makeHMAC (const ECIES_HMAC_KEY_TYPE& secret, Blob const& return ret; } -Blob encryptECIES (const openssl::ec_key& secretKey, const openssl::ec_key& publicKey, Blob const& plaintext) +Blob encryptECIES (uint256 const& secretKey, Blob const& publicKey, Blob const& plaintext) { ECIES_ENC_IV_TYPE iv; @@ -204,7 +214,7 @@ Blob encryptECIES (const openssl::ec_key& secretKey, const openssl::ec_key& publ return out; } -Blob decryptECIES (const openssl::ec_key& secretKey, const openssl::ec_key& publicKey, Blob const& ciphertext) +Blob decryptECIES (uint256 const& secretKey, Blob const& publicKey, Blob const& ciphertext) { // minimum ciphertext = IV + HMAC + 1 block if (ciphertext.size () < ((2 * ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) ) diff --git a/src/ripple/crypto/impl/GenerateDeterministicKey.cpp b/src/ripple/crypto/impl/GenerateDeterministicKey.cpp index 33d59814c..8b10f76e9 100644 --- a/src/ripple/crypto/impl/GenerateDeterministicKey.cpp +++ b/src/ripple/crypto/impl/GenerateDeterministicKey.cpp @@ -19,23 +19,38 @@ #include #include -#include -#include +#include +#include #include #include -#include #include #include namespace ripple { -using openssl::ec_key; +namespace openssl { + +static EC_GROUP const* const secp256k1_group = EC_GROUP_new_by_curve_name (NID_secp256k1); +static bignum const secp256k1_order = get_order (secp256k1_group); + +} // namespace openssl + +using namespace openssl; + +static Blob serialize_ec_point (ec_point const& point) +{ + Blob result (33); + + serialize_ec_point (point, &result[0]); + + return result; +} uint256 getSHA512Half (void const* data, std::size_t bytes) { uint256 j[2]; - SHA512 (reinterpret_cast(data), bytes, + SHA512 (reinterpret_cast(data), bytes, reinterpret_cast (j)); return j[0]; } @@ -56,43 +71,12 @@ copy_uint32 (FwdIt out, std::uint32_t v) // --> seed // <-- private root generator + public root generator -ec_key GenerateRootDeterministicKey (uint128 const& seed) +static bignum GenerateRootDeterministicKey (uint128 const& seed) { - BN_CTX* ctx = BN_CTX_new (); - - if (!ctx) return ec_key::invalid; - - EC_KEY* pkey = EC_KEY_new_by_curve_name (NID_secp256k1); - - if (!pkey) - { - BN_CTX_free (ctx); - return ec_key::invalid; - } - - EC_KEY_set_conv_form (pkey, POINT_CONVERSION_COMPRESSED); - - BIGNUM* order = BN_new (); - - if (!order) - { - BN_CTX_free (ctx); - EC_KEY_free (pkey); - return ec_key::invalid; - } - - if (!EC_GROUP_get_order (EC_KEY_get0_group (pkey), order, ctx)) - { - assert (false); - BN_free (order); - EC_KEY_free (pkey); - BN_CTX_free (ctx); - return ec_key::invalid; - } - // find non-zero private key less than the curve's order - BIGNUM* privKey = nullptr; + bignum privKey; std::uint32_t seq = 0; + do { // buf: 0 seed 16 seq 20 @@ -102,114 +86,54 @@ ec_key GenerateRootDeterministicKey (uint128 const& seed) copy_uint32 (buf.begin() + 16, seq++); uint256 root = getSHA512Half (buf.data(), buf.size()); std::fill (buf.begin(), buf.end(), 0); // security erase - privKey = BN_bin2bn ((const unsigned char*) &root, sizeof (root), privKey); - if (privKey == nullptr) - { - EC_KEY_free (pkey); - BN_free (order); - BN_CTX_free (ctx); - return ec_key::invalid; - } + privKey.assign ((unsigned char const*) &root, sizeof (root)); root.zero(); // security erase } - while (BN_is_zero (privKey) || (BN_cmp (privKey, order) >= 0)); + while (privKey.is_zero() || privKey >= secp256k1_order); - BN_free (order); + return privKey; +} - if (!EC_KEY_set_private_key (pkey, privKey)) - { - // set the random point as the private key - assert (false); - EC_KEY_free (pkey); - BN_clear_free (privKey); - BN_CTX_free (ctx); - return ec_key::invalid; - } +// --> seed +// <-- private root generator + public root generator +Blob GenerateRootDeterministicPublicKey (uint128 const& seed) +{ + bn_ctx ctx; - EC_POINT* pubKey = EC_POINT_new (EC_KEY_get0_group (pkey)); + bignum privKey = GenerateRootDeterministicKey (seed); - if (!EC_POINT_mul (EC_KEY_get0_group (pkey), pubKey, privKey, nullptr, nullptr, ctx)) - { - // compute the corresponding public key point - assert (false); - BN_clear_free (privKey); - EC_POINT_free (pubKey); - EC_KEY_free (pkey); - BN_CTX_free (ctx); - return ec_key::invalid; - } + // compute the corresponding public key point + ec_point pubKey = multiply (secp256k1_group, privKey, ctx); - BN_clear_free (privKey); + privKey.clear(); // security erase - if (!EC_KEY_set_public_key (pkey, pubKey)) - { - assert (false); - EC_POINT_free (pubKey); - EC_KEY_free (pkey); - BN_CTX_free (ctx); - return ec_key::invalid; - } + return serialize_ec_point (pubKey); +} - EC_POINT_free (pubKey); +uint256 GenerateRootDeterministicPrivateKey (uint128 const& seed) +{ + bignum key = GenerateRootDeterministicKey (seed); - BN_CTX_free (ctx); - -#ifdef EC_DEBUG - assert (EC_KEY_check_key (pkey) == 1); // CAUTION: This check is *very* expensive -#endif - return ec_key::acquire ((ec_key::pointer_t) pkey); + return uint256_from_bignum_clear (key); } // Take ripple address. // --> root public generator (consumes) // <-- root public generator in EC format -static EC_KEY* GenerateRootPubKey (BIGNUM* pubGenerator) +static ec_point GenerateRootPubKey (bignum&& pubGenerator) { - if (pubGenerator == nullptr) - { - assert (false); - return nullptr; - } + ec_point pubPoint = bn2point (secp256k1_group, pubGenerator.get()); - EC_KEY* pkey = EC_KEY_new_by_curve_name (NID_secp256k1); - - if (!pkey) - { - BN_free (pubGenerator); - return nullptr; - } - - EC_KEY_set_conv_form (pkey, POINT_CONVERSION_COMPRESSED); - - EC_POINT* pubPoint = EC_POINT_bn2point (EC_KEY_get0_group (pkey), pubGenerator, nullptr, nullptr); - BN_free (pubGenerator); - - if (!pubPoint) - { - assert (false); - EC_KEY_free (pkey); - return nullptr; - } - - if (!EC_KEY_set_public_key (pkey, pubPoint)) - { - assert (false); - EC_POINT_free (pubPoint); - EC_KEY_free (pkey); - return nullptr; - } - - EC_POINT_free (pubPoint); - - return pkey; + return pubPoint; } // --> public generator -static BIGNUM* makeHash (Blob const& pubGen, int seq, BIGNUM const* order) +static bignum makeHash (Blob const& pubGen, int seq, bignum const& order) { int subSeq = 0; - BIGNUM* ret = nullptr; + + bignum result; assert(pubGen.size() == 33); do @@ -222,167 +146,51 @@ static BIGNUM* makeHash (Blob const& pubGen, int seq, BIGNUM const* order) copy_uint32 (buf.begin() + 37, subSeq++); uint256 root = getSHA512Half (buf.data(), buf.size()); std::fill(buf.begin(), buf.end(), 0); // security erase - ret = BN_bin2bn ((const unsigned char*) &root, sizeof (root), ret); - if (!ret) return nullptr; + result.assign ((unsigned char const*) &root, sizeof (root)); root.zero(); // security erase } - while (BN_is_zero (ret) || (BN_cmp (ret, order) >= 0)); + while (result.is_zero() || result >= order); - return ret; + return result; } // --> public generator -ec_key GeneratePublicDeterministicKey (Blob const& pubGen, int seq) +Blob GeneratePublicDeterministicKey (Blob const& pubGen, int seq) { // publicKey(n) = rootPublicKey EC_POINT_+ Hash(pubHash|seq)*point - BIGNUM* generator = BN_bin2bn ( - pubGen.data(), - pubGen.size(), - nullptr); + ec_point rootPubKey = GenerateRootPubKey (bignum (pubGen)); - if (generator == nullptr) - return ec_key::invalid; - - EC_KEY* rootKey = GenerateRootPubKey (generator); - const EC_POINT* rootPubKey = EC_KEY_get0_public_key (rootKey); - BN_CTX* ctx = BN_CTX_new (); - EC_KEY* pkey = EC_KEY_new_by_curve_name (NID_secp256k1); - EC_POINT* newPoint = 0; - BIGNUM* order = 0; - BIGNUM* hash = 0; - bool success = true; - - if (!ctx || !pkey) success = false; - - if (success) - EC_KEY_set_conv_form (pkey, POINT_CONVERSION_COMPRESSED); - - if (success) - { - newPoint = EC_POINT_new (EC_KEY_get0_group (pkey)); - - if (!newPoint) success = false; - } - - if (success) - { - order = BN_new (); - - if (!order || !EC_GROUP_get_order (EC_KEY_get0_group (pkey), order, ctx)) - success = false; - } + bn_ctx ctx; // Calculate the private additional key. - if (success) - { - hash = makeHash (pubGen, seq, order); + bignum hash = makeHash (pubGen, seq, secp256k1_order); - if (!hash) success = false; - } + // Calculate the corresponding public key. + ec_point newPoint = multiply (secp256k1_group, hash, ctx); - if (success) - { - // Calculate the corresponding public key. - EC_POINT_mul (EC_KEY_get0_group (pkey), newPoint, hash, nullptr, nullptr, ctx); + // Add the master public key and set. + add_to (secp256k1_group, rootPubKey, newPoint, ctx); - // Add the master public key and set. - EC_POINT_add (EC_KEY_get0_group (pkey), newPoint, newPoint, rootPubKey, ctx); - EC_KEY_set_public_key (pkey, newPoint); - } - - if (order) BN_free (order); - - if (hash) BN_free (hash); - - if (newPoint) EC_POINT_free (newPoint); - - if (ctx) BN_CTX_free (ctx); - - if (rootKey) EC_KEY_free (rootKey); - - if (pkey && !success) EC_KEY_free (pkey); - - return success ? ec_key::acquire ((ec_key::pointer_t) pkey) : ec_key::invalid; + return serialize_ec_point (newPoint); } // --> root private key -ec_key GeneratePrivateDeterministicKey (Blob const& pubGen, const BIGNUM* rootPrivKey, int seq) +uint256 GeneratePrivateDeterministicKey (Blob const& pubGen, uint128 const& seed, int seq) { // privateKey(n) = (rootPrivateKey + Hash(pubHash|seq)) % order - BN_CTX* ctx = BN_CTX_new (); + bignum rootPrivKey = GenerateRootDeterministicKey (seed); - if (ctx == nullptr) return ec_key::invalid; - - EC_KEY* pkey = EC_KEY_new_by_curve_name (NID_secp256k1); - - if (pkey == nullptr) - { - BN_CTX_free (ctx); - return ec_key::invalid; - } - - EC_KEY_set_conv_form (pkey, POINT_CONVERSION_COMPRESSED); - - BIGNUM* order = BN_new (); - - if (order == nullptr) - { - BN_CTX_free (ctx); - EC_KEY_free (pkey); - return ec_key::invalid; - } - - if (!EC_GROUP_get_order (EC_KEY_get0_group (pkey), order, ctx)) - { - BN_free (order); - BN_CTX_free (ctx); - EC_KEY_free (pkey); - return ec_key::invalid; - } + bn_ctx ctx; // calculate the private additional key - BIGNUM* privKey = makeHash (pubGen, seq, order); - - if (privKey == nullptr) - { - BN_free (order); - BN_CTX_free (ctx); - EC_KEY_free (pkey); - return ec_key::invalid; - } + bignum privKey = makeHash (pubGen, seq, secp256k1_order); // calculate the final private key - BN_mod_add (privKey, privKey, rootPrivKey, order, ctx); - BN_free (order); - EC_KEY_set_private_key (pkey, privKey); + add_to (rootPrivKey, privKey, secp256k1_order, ctx); - // compute the corresponding public key - EC_POINT* pubKey = EC_POINT_new (EC_KEY_get0_group (pkey)); + rootPrivKey.clear(); // security erase - if (!pubKey) - { - BN_clear_free (privKey); - BN_CTX_free (ctx); - EC_KEY_free (pkey); - return ec_key::invalid; - } - - if (EC_POINT_mul (EC_KEY_get0_group (pkey), pubKey, privKey, nullptr, nullptr, ctx) == 0) - { - BN_clear_free (privKey); - EC_POINT_free (pubKey); - EC_KEY_free (pkey); - BN_CTX_free (ctx); - return ec_key::invalid; - } - - BN_clear_free (privKey); - EC_KEY_set_public_key (pkey, pubKey); - - EC_POINT_free (pubKey); - BN_CTX_free (ctx); - - return ec_key::acquire ((ec_key::pointer_t) pkey); + return uint256_from_bignum_clear (privKey); } } // ripple diff --git a/src/ripple/crypto/impl/ec_key.cpp b/src/ripple/crypto/impl/ec_key.cpp index d903582ec..6b8fc985a 100644 --- a/src/ripple/crypto/impl/ec_key.cpp +++ b/src/ripple/crypto/impl/ec_key.cpp @@ -23,7 +23,7 @@ // file license.txt or http://www.opensource.org/licenses/mit-license.php. #include -#include +#include #include namespace ripple { @@ -63,53 +63,5 @@ void ec_key::destroy() } } -uint256 ec_key::get_private_key() const -{ - uint256 result; - result.zero(); - - if (valid()) - { - const BIGNUM* bn = EC_KEY_get0_private_key (get_EC_KEY (*this)); - - if (bn == nullptr) - { - throw std::runtime_error ("ec_key::get_private_key: EC_KEY_get0_private_key failed"); - } - - BN_bn2bin (bn, result.end() - BN_num_bytes (bn)); - } - - return result; -} - -std::size_t ec_key::get_public_key_size() const -{ - int const size = i2o_ECPublicKey (get_EC_KEY (*this), nullptr); - - if (size == 0) - { - throw std::runtime_error ("ec_key::get_public_key_size() : i2o_ECPublicKey failed"); - } - - if (size > get_public_key_max_size()) - { - throw std::runtime_error ("ec_key::get_public_key_size() : i2o_ECPublicKey() result too big"); - } - - return size; -} - -std::uint8_t ec_key::get_public_key (std::uint8_t* buffer) const -{ - std::uint8_t* begin = buffer; - - int const size = i2o_ECPublicKey (get_EC_KEY (*this), &begin); - - assert (size == get_public_key_size()); - - return std::uint8_t (size); -} - } // openssl } // ripple diff --git a/src/ripple/crypto/ec_key.h b/src/ripple/crypto/impl/ec_key.h similarity index 89% rename from src/ripple/crypto/ec_key.h rename to src/ripple/crypto/impl/ec_key.h index e1f21e109..2698d4ed6 100644 --- a/src/ripple/crypto/ec_key.h +++ b/src/ripple/crypto/impl/ec_key.h @@ -67,14 +67,6 @@ public: } bool valid() const { return ptr != nullptr; } - - uint256 get_private_key() const; - - static std::size_t get_public_key_max_size() { return 33; } - - std::size_t get_public_key_size() const; - - std::uint8_t get_public_key (std::uint8_t* buffer) const; }; } // openssl diff --git a/src/ripple/crypto/impl/openssl.cpp b/src/ripple/crypto/impl/openssl.cpp new file mode 100644 index 000000000..ecb4d46c4 --- /dev/null +++ b/src/ripple/crypto/impl/openssl.cpp @@ -0,0 +1,154 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2014 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +#include +#include + +namespace ripple { +namespace openssl { + +bignum::bignum() +{ + ptr = BN_new(); + + if (ptr == nullptr) + { + throw std::runtime_error ("BN_new() failed"); + } +} + +void bignum::assign (uint8_t const* data, size_t size) +{ + // This reuses and assigns ptr + BIGNUM* bn = BN_bin2bn (data, size, ptr); + + if (bn == nullptr) + { + throw std::runtime_error ("BN_bin2bn() failed"); + } +} + +void bignum::assign_new (uint8_t const* data, size_t size) +{ + // ptr must not be allocated + + ptr = BN_bin2bn (data, size, nullptr); + + if (ptr == nullptr) + { + throw std::runtime_error ("BN_bin2bn() failed"); + } +} + +bn_ctx::bn_ctx() +{ + ptr = BN_CTX_new(); + + if (ptr == nullptr) + { + throw std::runtime_error ("BN_CTX_new() failed"); + } +} + +bignum get_order (EC_GROUP const* group, bn_ctx& ctx) +{ + bignum result; + + if (!EC_GROUP_get_order (group, result.get(), ctx.get())) + { + throw std::runtime_error ("EC_GROUP_get_order() failed"); + } + + return result; +} + +ec_point::ec_point (EC_GROUP const* group) +{ + ptr = EC_POINT_new (group); + + if (ptr == nullptr) + { + throw std::runtime_error ("EC_POINT_new() failed"); + } +} + +void add_to (EC_GROUP const* group, + ec_point const& a, + ec_point& b, + bn_ctx& ctx) +{ + if (!EC_POINT_add (group, b.get(), a.get(), b.get(), ctx.get())) + { + throw std::runtime_error ("EC_POINT_add() failed"); + } +} + +ec_point multiply (EC_GROUP const* group, + bignum const& n, + bn_ctx& ctx) +{ + ec_point result (group); + + if (!EC_POINT_mul (group, result.get(), n.get(), nullptr, nullptr, ctx.get())) + { + throw std::runtime_error ("EC_POINT_mul() failed"); + } + + return result; +} + +ec_point bn2point (EC_GROUP const* group, BIGNUM const* number) +{ + EC_POINT* result = EC_POINT_bn2point (group, number, nullptr, nullptr); + + if (result == nullptr) + { + throw std::runtime_error ("EC_POINT_bn2point() failed"); + } + + return ec_point::acquire (result); +} + +static ec_key ec_key_new_secp256k1_compressed() +{ + EC_KEY* key = EC_KEY_new_by_curve_name (NID_secp256k1); + + if (key == nullptr) throw std::runtime_error ("EC_KEY_new_by_curve_name() failed"); + + EC_KEY_set_conv_form (key, POINT_CONVERSION_COMPRESSED); + + return ec_key::acquire ((ec_key::pointer_t) key); +} + +void serialize_ec_point (ec_point const& point, std::uint8_t* ptr) +{ + ec_key key = ec_key_new_secp256k1_compressed(); + + if (EC_KEY_set_public_key((EC_KEY*) key.get(), point.get()) <= 0) + { + throw std::runtime_error ("EC_KEY_set_public_key() failed"); + } + + int const size = i2o_ECPublicKey ((EC_KEY*) key.get(), &ptr); + + assert (size <= 33); +} + +} // openssl +} // ripple diff --git a/src/ripple/crypto/impl/openssl.h b/src/ripple/crypto/impl/openssl.h new file mode 100644 index 000000000..f79bd0d2e --- /dev/null +++ b/src/ripple/crypto/impl/openssl.h @@ -0,0 +1,200 @@ +//------------------------------------------------------------------------------ +/* + This file is part of rippled: https://github.com/ripple/rippled + Copyright (c) 2014 Ripple Labs Inc. + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ +//============================================================================== + +#ifndef RIPPLE_OPENSSL_H +#define RIPPLE_OPENSSL_H + +#include +#include +#include +#include + +namespace ripple { +namespace openssl { + +class bignum +{ +private: + BIGNUM* ptr; + + // non-copyable + bignum (bignum const&) = delete; + bignum& operator=(bignum const&) = delete; + + void assign_new (uint8_t const* data, size_t size); + +public: + bignum(); + + ~bignum() + { + if ( ptr != nullptr) + { + BN_free (ptr); + } + } + + bignum (uint8_t const* data, size_t size) + { + assign_new (data, size); + } + + template + explicit bignum (T const& thing) + { + assign_new (thing.data(), thing.size()); + } + + bignum(bignum&& that) : ptr( that.ptr ) + { + that.ptr = nullptr; + } + + bignum& operator= (bignum&& that) + { + using std::swap; + + swap( ptr, that.ptr ); + + return *this; + } + + BIGNUM * get() { return ptr; } + BIGNUM const* get() const { return ptr; } + + bool is_zero() const { return BN_is_zero (ptr); } + + void clear() { BN_clear (ptr); } + + void assign (uint8_t const* data, size_t size); +}; + +inline bool operator< (bignum const& a, bignum const& b) +{ + return BN_cmp (a.get(), b.get()) < 0; +} + +inline bool operator>= (bignum const& a, bignum const& b) +{ + return !(a < b); +} + +inline uint256 uint256_from_bignum_clear (bignum& number) +{ + uint256 result; + result.zero(); + + BN_bn2bin (number.get(), result.end() - BN_num_bytes (number.get())); + + number.clear(); + + return result; +} + +class bn_ctx +{ +private: + BN_CTX* ptr; + + // non-copyable + bn_ctx (bn_ctx const&); + bn_ctx& operator=(bn_ctx const&); + +public: + bn_ctx(); + + ~bn_ctx() + { + BN_CTX_free (ptr); + } + + BN_CTX * get() { return ptr; } + BN_CTX const* get() const { return ptr; } +}; + +bignum get_order (EC_GROUP const* group, bn_ctx& ctx); + +inline bignum get_order (EC_GROUP const* group) +{ + bn_ctx ctx; + + return get_order (group, ctx); +} + +inline void add_to (bignum const& a, + bignum& b, + bignum const& modulus, + bn_ctx& ctx) +{ + BN_mod_add (b.get(), a.get(), b.get(), modulus.get(), ctx.get()); +} + +class ec_point +{ +public: + typedef EC_POINT* pointer_t; + +private: + pointer_t ptr; + + ec_point (pointer_t raw) : ptr(raw) + { + } + +public: + static ec_point acquire (pointer_t raw) + { + return ec_point (raw); + } + + ec_point (EC_GROUP const* group); + + ~ec_point() { EC_POINT_free (ptr); } + + ec_point (ec_point const&) = delete; + ec_point& operator=(ec_point const&) = delete; + + ec_point(ec_point&& that) + { + ptr = that.ptr; + that.ptr = nullptr; + } + + EC_POINT * get() { return ptr; } + EC_POINT const* get() const { return ptr; } +}; + +void add_to (EC_GROUP const* group, + ec_point const& a, + ec_point& b, + bn_ctx& ctx); + +ec_point multiply (EC_GROUP const* group, + bignum const& n, + bn_ctx& ctx); + +ec_point bn2point (EC_GROUP const* group, BIGNUM const* number); + +// output buffer must hold 33 bytes +void serialize_ec_point (ec_point const& point, std::uint8_t* ptr); + +} // openssl +} // ripple + +#endif diff --git a/src/ripple/crypto/tests/CKey.test.cpp b/src/ripple/crypto/tests/CKey.test.cpp index 877e2cfcd..20b945599 100644 --- a/src/ripple/crypto/tests/CKey.test.cpp +++ b/src/ripple/crypto/tests/CKey.test.cpp @@ -40,11 +40,8 @@ public: seed1.SetHex ("71ED064155FFADFA38782C5E0158CB26"); seed2.SetHex ("CF0C3BE4485961858C4198515AE5B965"); - openssl::ec_key root1 = GenerateRootDeterministicKey (seed1); - openssl::ec_key root2 = GenerateRootDeterministicKey (seed2); - - uint256 const priv1 = root1.get_private_key(); - uint256 const priv2 = root2.get_private_key(); + uint256 const priv1 = GenerateRootDeterministicPrivateKey (seed1); + uint256 const priv2 = GenerateRootDeterministicPrivateKey (seed2); unexpected (to_string (priv1) != "7CFBA64F771E93E817E15039215430B53F7401C34931D111EAB3510B22DBB0D8", "Incorrect private key for generator"); @@ -57,4 +54,3 @@ public: BEAST_DEFINE_TESTSUITE(CKey,ripple_data,ripple); } // ripple - diff --git a/src/ripple/protocol/STTx.h b/src/ripple/protocol/STTx.h index df9c9f5b1..995e00c2a 100644 --- a/src/ripple/protocol/STTx.h +++ b/src/ripple/protocol/STTx.h @@ -52,7 +52,7 @@ public: explicit STTx (SerialIter& sit); explicit STTx (TxType type); - + // Only called from ripple::RPC::transactionSign - can we eliminate this? explicit STTx (STObject const& object); diff --git a/src/ripple/protocol/impl/RippleAddress.cpp b/src/ripple/protocol/impl/RippleAddress.cpp index 393e63a9b..7109a59f9 100644 --- a/src/ripple/protocol/impl/RippleAddress.cpp +++ b/src/ripple/protocol/impl/RippleAddress.cpp @@ -30,18 +30,11 @@ #include #include #include -#include #include #include namespace ripple { -static BIGNUM* GetSecretBN (const openssl::ec_key& keypair) -{ - // DEPRECATED - return BN_dup (EC_KEY_get0_private_key ((EC_KEY*) keypair.get())); -} - // <-- seed static uint128 PassPhraseToKey (std::string const& passPhrase) { @@ -57,25 +50,14 @@ static uint128 PassPhraseToKey (std::string const& passPhrase) return ret; } -static Blob getPublicKey (openssl::ec_key const& key) -{ - Blob result (33); - - key.get_public_key (&result[0]); - - return result; -} - static bool verifySignature (Blob const& pubkey, uint256 const& hash, Blob const& sig, ECDSA fullyCanonical) { - if (! isCanonicalECDSASig (sig, fullyCanonical)) - { - return false; - } - - openssl::ec_key key = ECDSAPublicKey (pubkey); - - return key.valid() && ECDSAVerify (hash, sig, key); + if (! isCanonicalECDSASig (sig, fullyCanonical)) + { + return false; + } + + return ECDSAVerify (hash, sig, &pubkey[0], pubkey.size()); } RippleAddress::RippleAddress () @@ -116,7 +98,7 @@ RippleAddress RippleAddress::createNodePublic (RippleAddress const& naSeed) RippleAddress naNew; // YYY Should there be a GetPubKey() equiv that returns a uint256? - naNew.setNodePublic (getPublicKey (GenerateRootDeterministicKey (naSeed.getSeed()))); + naNew.setNodePublic (GenerateRootDeterministicPublicKey (naSeed.getSeed())); return naNew; } @@ -229,7 +211,7 @@ RippleAddress RippleAddress::createNodePrivate (RippleAddress const& naSeed) { RippleAddress naNew; - naNew.setNodePrivate (GenerateRootDeterministicKey (naSeed.getSeed()).get_private_key()); + naNew.setNodePrivate (GenerateRootDeterministicPrivateKey (naSeed.getSeed())); return naNew; } @@ -302,9 +284,7 @@ void RippleAddress::setNodePrivate (uint256 hash256) void RippleAddress::signNodePrivate (uint256 const& hash, Blob& vchSig) const { - openssl::ec_key key = ECDSAPrivateKey (getNodePrivate()); - - vchSig = ECDSASign (hash, key); + vchSig = ECDSASign (hash, getNodePrivate()); if (vchSig.empty()) throw std::runtime_error ("Signing failed."); @@ -502,7 +482,7 @@ void RippleAddress::setAccountPublic (Blob const& vPublic) void RippleAddress::setAccountPublic (RippleAddress const& generator, int seq) { - setAccountPublic (getPublicKey (GeneratePublicDeterministicKey (generator.getGenerator(), seq))); + setAccountPublic (GeneratePublicDeterministicKey (generator.getGenerator(), seq)); } bool RippleAddress::accountPublicVerify ( @@ -571,30 +551,18 @@ void RippleAddress::setAccountPrivate (uint256 hash256) void RippleAddress::setAccountPrivate ( RippleAddress const& generator, RippleAddress const& naSeed, int seq) { - openssl::ec_key publicKey = GenerateRootDeterministicKey (naSeed.getSeed()); - openssl::ec_key secretKey = GeneratePrivateDeterministicKey (generator.getGenerator(), GetSecretBN (publicKey), seq); - - setAccountPrivate (secretKey.get_private_key()); + uint256 secretKey = GeneratePrivateDeterministicKey (generator.getGenerator(), naSeed.getSeed(), seq); + + setAccountPrivate (secretKey); } bool RippleAddress::accountPrivateSign (uint256 const& uHash, Blob& vucSig) const { - openssl::ec_key key = ECDSAPrivateKey (getAccountPrivate()); - - if (!key.valid()) - { - // Bad private key. - WriteLog (lsWARNING, RippleAddress) - << "accountPrivateSign: Bad private key."; - - return false; - } - - vucSig = ECDSASign (uHash, key); + vucSig = ECDSASign (uHash, getAccountPrivate()); const bool ok = !vucSig.empty(); - - CondLog (!ok, lsWARNING, RippleAddress) - << "accountPrivateSign: Signing failed."; + + CondLog (!ok, lsWARNING, RippleAddress) + << "accountPrivateSign: Signing failed."; return ok; } @@ -602,22 +570,10 @@ bool RippleAddress::accountPrivateSign (uint256 const& uHash, Blob& vucSig) cons Blob RippleAddress::accountPrivateEncrypt ( RippleAddress const& naPublicTo, Blob const& vucPlainText) const { - openssl::ec_key secretKey = ECDSAPrivateKey (getAccountPrivate()); - openssl::ec_key publicKey = ECDSAPublicKey (naPublicTo.getAccountPublic()); - - Blob vucCipherText; + uint256 secretKey = getAccountPrivate(); + Blob publicKey = naPublicTo.getAccountPublic(); - if (! publicKey.valid()) - { - WriteLog (lsWARNING, RippleAddress) - << "accountPrivateEncrypt: Bad public key."; - } - - if (! secretKey.valid()) - { - WriteLog (lsWARNING, RippleAddress) - << "accountPrivateEncrypt: Bad private key."; - } + Blob vucCipherText; { try @@ -635,22 +591,10 @@ Blob RippleAddress::accountPrivateEncrypt ( Blob RippleAddress::accountPrivateDecrypt ( RippleAddress const& naPublicFrom, Blob const& vucCipherText) const { - openssl::ec_key secretKey = ECDSAPrivateKey (getAccountPrivate()); - openssl::ec_key publicKey = ECDSAPublicKey (naPublicFrom.getAccountPublic()); - - Blob vucPlainText; + uint256 secretKey = getAccountPrivate(); + Blob publicKey = naPublicFrom.getAccountPublic(); - if (! publicKey.valid()) - { - WriteLog (lsWARNING, RippleAddress) - << "accountPrivateDecrypt: Bad public key."; - } - - if (! secretKey.valid()) - { - WriteLog (lsWARNING, RippleAddress) - << "accountPrivateDecrypt: Bad private key."; - } + Blob vucPlainText; { try @@ -710,7 +654,7 @@ void RippleAddress::setGenerator (Blob const& vPublic) RippleAddress RippleAddress::createGeneratorPublic (RippleAddress const& naSeed) { RippleAddress naNew; - naNew.setGenerator (getPublicKey (GenerateRootDeterministicKey (naSeed.getSeed()))); + naNew.setGenerator (GenerateRootDeterministicPublicKey (naSeed.getSeed())); return naNew; } diff --git a/src/ripple/unity/crypto.cpp b/src/ripple/unity/crypto.cpp index aaa0e5854..b5eca920e 100644 --- a/src/ripple/unity/crypto.cpp +++ b/src/ripple/unity/crypto.cpp @@ -26,8 +26,10 @@ #include #include #include +#include #include #include +#include #include #include