ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

sign_for RPC command fixes (RIPD-182):

Browse Source 
o Remove warning written to log by sign_for command.

 o The sign_for RPC command previously only worked in the
   "json sign_for" form.  The command now works as a straight
   "sign_for".  The "offline" parameter also works.

 o Don't autofill Fee or Paths when signing offline.
This commit is contained in:
Scott Schurr
2015-09-17 17:56:12 -07:00
parent 780a553662
commit c28c516b22
8 changed files with 212 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/ripple/protocol/impl/Sign.cpp
View File

@@ -51,6 +51,37 @@ verify (STObject const& st,
true);
}
// Questions regarding buildMultiSigningData:
//
// Why do we include the Signer.Account in the blob to be signed?
//
// Unless you include the Account which is signing in the signing blob,
// you could swap out any Signer.Account for any other, which may also
// be on the SignerList and have a RegularKey matching the
// Signer.SigningPubKey.
//
// That RegularKey may be set to allow some 3rd party to sign transactions
// on the account's behalf, and that RegularKey could be common amongst all
// users of the 3rd party. That's just one example of sharing the same
// RegularKey amongst various accounts and just one vulnerability.
//
// "When you have something that's easy to do that makes entire classes of
// attacks clearly and obviously impossible, you need a damn good reason
// not to do it." -- David Schwartz
//
// Why would we include the signingFor account in the blob to be signed?
//
// In the current signing scheme, the account that a signer is `signing
// for/on behalf of` is the tx_json.Account.
//
// Later we might support more levels of signing. Suppose Bob is a signer
// for Alice, and Carol is a signer for Bob, so Carol can sign for Bob who
// signs for Alice. But suppose Alice has two signers: Bob and Dave. If
// Carol is a signer for both Bob and Dave, then the signature needs to
// distinguish between Carol signing for Bob and Carol signing for Dave.
//
// So, if we support multiple levels of signing, then we'll need to
// incorporate the "signing for" accounts into the signing data as well.
Serializer
buildMultiSigningData (STObject const& obj, AccountID const& signingID)
{