ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-11-20 10:35:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Protocol Amendment: Always Require Fully-Canonical Signatures

Browse Source
This commit is contained in:
Mo Morsi
2020-02-11 16:16:50 -05:00
committed by Carl Hua
parent 053b6d9fd3
commit ec137044a0
8 changed files with 128 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Builds/CMake/RippledCore.cmake
View File

@@ -687,6 +687,7 @@ target_sources (rippled PRIVATE
src/test/app/ValidatorKeys_test.cpp src/test/app/ValidatorKeys_test.cpp
src/test/app/ValidatorList_test.cpp src/test/app/ValidatorList_test.cpp
src/test/app/ValidatorSite_test.cpp src/test/app/ValidatorSite_test.cpp
src/test/app/tx/apply_test.cpp
#[===============================[ #[===============================[
test sources: test sources:
subdir: basics subdir: basics

7
src/ripple/app/tx/impl/apply.cpp
View File

@@ -47,7 +47,12 @@ checkValidity(HashRouter& router,
if (!(flags & SF_SIGGOOD)) if (!(flags & SF_SIGGOOD))
{ {
// Don't know signature state. Check it. // Don't know signature state. Check it.
auto const sigVerify = tx.checkSign(); auto const requireCanonicalSig =
rules.enabled(featureRequireFullyCanonicalSig) ?
STTx::RequireFullyCanonicalSig::yes :
STTx::RequireFullyCanonicalSig::no;
auto const sigVerify = tx.checkSign(requireCanonicalSig);
if (! sigVerify.first) if (! sigVerify.first)
{ {
router.setFlags(id, SF_SIGBAD); router.setFlags(id, SF_SIGBAD);

4
src/ripple/protocol/Feature.h
View File

@@ -110,6 +110,8 @@ class FeatureCollections
"DeletableAccounts", "DeletableAccounts",
// fixQualityUpperBound should be activated before FlowCross // fixQualityUpperBound should be activated before FlowCross
"fixQualityUpperBound", "fixQualityUpperBound",
"fix1781", // XRPEndpointSteps should be included in the circular payment check
"RequireFullyCanonicalSig"
}; };
std::vector<uint256> features; std::vector<uint256> features;
@@ -397,6 +399,8 @@ extern uint256 const fixCheckThreading;
extern uint256 const fixPayChanRecipientOwnerDir; extern uint256 const fixPayChanRecipientOwnerDir;
extern uint256 const featureDeletableAccounts; extern uint256 const featureDeletableAccounts;
extern uint256 const fixQualityUpperBound; extern uint256 const fixQualityUpperBound;
extern uint256 const fix1781;
extern uint256 const featureRequireFullyCanonicalSig;
} // ripple } // ripple

14
src/ripple/protocol/STTx.h
View File

@@ -132,8 +132,13 @@ public:
/** Check the signature. /** Check the signature.
@return `true` if valid signature. If invalid, the error message string. @return `true` if valid signature. If invalid, the error message string.
*/ */
enum class RequireFullyCanonicalSig : bool
{
no,
yes
};
std::pair<bool, std::string> std::pair<bool, std::string>
checkSign() const; checkSign(RequireFullyCanonicalSig requireCanonicalSig) const;
// SQL Functions with metadata. // SQL Functions with metadata.
static static
@@ -150,8 +155,11 @@ public:
std::string const& escapedMetaData) const; std::string const& escapedMetaData) const;
private: private:
std::pair<bool, std::string> checkSingleSign () const; std::pair<bool, std::string>
std::pair<bool, std::string> checkMultiSign () const; checkSingleSign (RequireFullyCanonicalSig requireCanonicalSig) const;
std::pair<bool, std::string>
checkMultiSign (RequireFullyCanonicalSig requireCanonicalSig) const;
uint256 tid_; uint256 tid_;
TxType tx_type_; TxType tx_type_;

4
src/ripple/protocol/impl/Feature.cpp
View File

@@ -129,6 +129,8 @@ detail::supportedAmendments ()
"fixPayChanRecipientOwnerDir", "fixPayChanRecipientOwnerDir",
"DeletableAccounts", "DeletableAccounts",
"fixQualityUpperBound", "fixQualityUpperBound",
"fix1781",
"RequireFullyCanonicalSig"
}; };
return supported; return supported;
} }
@@ -187,5 +189,7 @@ uint256 const fixCheckThreading = *getRegisteredFeature("fixCheckThreading");
uint256 const fixPayChanRecipientOwnerDir = *getRegisteredFeature("fixPayChanRecipientOwnerDir"); uint256 const fixPayChanRecipientOwnerDir = *getRegisteredFeature("fixPayChanRecipientOwnerDir");
uint256 const featureDeletableAccounts = *getRegisteredFeature("DeletableAccounts"); uint256 const featureDeletableAccounts = *getRegisteredFeature("DeletableAccounts");
uint256 const fixQualityUpperBound = *getRegisteredFeature("fixQualityUpperBound"); uint256 const fixQualityUpperBound = *getRegisteredFeature("fixQualityUpperBound");
uint256 const fix1781 = *getRegisteredFeature("fix1781");
uint256 const featureRequireFullyCanonicalSig = *getRegisteredFeature("RequireFullyCanonicalSig");
} // ripple } // ripple

23
src/ripple/protocol/impl/STTx.cpp
View File

@@ -22,6 +22,7 @@
#include <ripple/basics/Log.h> #include <ripple/basics/Log.h>
#include <ripple/basics/safe_cast.h> #include <ripple/basics/safe_cast.h>
#include <ripple/basics/StringUtilities.h> #include <ripple/basics/StringUtilities.h>
#include <ripple/protocol/Feature.h>
#include <ripple/protocol/HashPrefix.h> #include <ripple/protocol/HashPrefix.h>
#include <ripple/protocol/jss.h> #include <ripple/protocol/jss.h>
#include <ripple/protocol/Protocol.h> #include <ripple/protocol/Protocol.h>
@@ -177,7 +178,8 @@ void STTx::sign (
tid_ = getHash(HashPrefix::transactionID); tid_ = getHash(HashPrefix::transactionID);
} }
std::pair<bool, std::string> STTx::checkSign() const std::pair<bool, std::string>
STTx::checkSign(RequireFullyCanonicalSig requireCanonicalSig) const
{ {
std::pair<bool, std::string> ret {false, ""}; std::pair<bool, std::string> ret {false, ""};
try try
@@ -186,7 +188,9 @@ std::pair<bool, std::string> STTx::checkSign() const
// at the SigningPubKey. It it's empty we must be // at the SigningPubKey. It it's empty we must be
// multi-signing. Otherwise we're single-signing. // multi-signing. Otherwise we're single-signing.
Blob const& signingPubKey = getFieldVL (sfSigningPubKey); Blob const& signingPubKey = getFieldVL (sfSigningPubKey);
ret = signingPubKey.empty () ? checkMultiSign () : checkSingleSign (); ret = signingPubKey.empty () ?
checkMultiSign (requireCanonicalSig) :
checkSingleSign (requireCanonicalSig);
} }
catch (std::exception const&) catch (std::exception const&)
{ {
@@ -250,7 +254,8 @@ STTx::getMetaSQL (Serializer rawTxn,
% getSequence () % inLedger % status % rTxn % escapedMetaData); % getSequence () % inLedger % status % rTxn % escapedMetaData);
} }
std::pair<bool, std::string> STTx::checkSingleSign () const std::pair<bool, std::string>
STTx::checkSingleSign (RequireFullyCanonicalSig requireCanonicalSig) const
{ {
// We don't allow both a non-empty sfSigningPubKey and an sfSigners. // We don't allow both a non-empty sfSigningPubKey and an sfSigners.
// That would allow the transaction to be signed two ways. So if both // That would allow the transaction to be signed two ways. So if both
@@ -261,7 +266,10 @@ std::pair<bool, std::string> STTx::checkSingleSign () const
bool validSig = false; bool validSig = false;
try try
{ {
bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig); bool const fullyCanonical =
(getFlags() & tfFullyCanonicalSig) ||
(requireCanonicalSig == RequireFullyCanonicalSig::yes);
auto const spk = getFieldVL (sfSigningPubKey); auto const spk = getFieldVL (sfSigningPubKey);
if (publicKeyType (makeSlice(spk))) if (publicKeyType (makeSlice(spk)))
@@ -287,7 +295,8 @@ std::pair<bool, std::string> STTx::checkSingleSign () const
return {true, ""}; return {true, ""};
} }
std::pair<bool, std::string> STTx::checkMultiSign () const std::pair<bool, std::string>
STTx::checkMultiSign (RequireFullyCanonicalSig requireCanonicalSig) const
{ {
// Make sure the MultiSigners are present. Otherwise they are not // Make sure the MultiSigners are present. Otherwise they are not
// attempting multi-signing and we just have a bad SigningPubKey. // attempting multi-signing and we just have a bad SigningPubKey.
@@ -314,7 +323,9 @@ std::pair<bool, std::string> STTx::checkMultiSign () const
auto const txnAccountID = getAccountID (sfAccount); auto const txnAccountID = getAccountID (sfAccount);
// Determine whether signatures must be full canonical. // Determine whether signatures must be full canonical.
bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig); bool const fullyCanonical =
(getFlags() & tfFullyCanonicalSig) ||
(requireCanonicalSig == RequireFullyCanonicalSig::yes);
// Signers must be in sorted order by AccountID. // Signers must be in sorted order by AccountID.
AccountID lastAccountID (beast::zero); AccountID lastAccountID (beast::zero);

83
src/test/app/tx/apply_test.cpp Normal file
View File

@@ -0,0 +1,83 @@
//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2020 Dev Null Productions
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#include <ripple/app/tx/apply.h>
#include <ripple/basics/StringUtilities.h>
#include <ripple/protocol/Feature.h>
#include <test/jtx/Env.h>
namespace ripple {
class Apply_test : public beast::unit_test::suite
{
public:
void run() override
{
testcase ("Require Fully Canonicial Signature");
testFullyCanonicalSigs();
}
void testFullyCanonicalSigs()
{
// Construct a payments w/out a fully-canonical tx
const std::string non_fully_canonical_tx =
"12000022000000002400000001201B00497D9C6140000000000F6950684000000"
"00000000C732103767C7B2C13AD90050A4263745E4BAB2B975417FA22E87780E1"
"506DDAF21139BE74483046022100E95670988A34C4DB0FA73A8BFD6383872AF43"
"8C147A62BC8387406298C3EADC1022100A7DC80508ED5A4750705C702A81CBF9D"
"2C2DC3AFEDBED37BBCCD97BC8C40E08F8114E25A26437D923EEF4D6D815DF9336"
"8B62E6440848314BB85996936E4F595287774684DC2AC6266024BEF";
auto ret = strUnHex (non_fully_canonical_tx);
SerialIter sitTrans (makeSlice(*ret));
STTx const tx = *std::make_shared<STTx const> (std::ref (sitTrans));
{
test::jtx::Env no_fully_canonical (*this,
test::jtx::supported_amendments() -
featureRequireFullyCanonicalSig);
Validity valid = checkValidity(no_fully_canonical.app().getHashRouter(),
tx,
no_fully_canonical.current()->rules(),
no_fully_canonical.app().config()).first;
if(valid != Validity::Valid)
fail("Non-Fully canoncial signature was not permitted");
}
{
test::jtx::Env fully_canonical (*this,
test::jtx::supported_amendments());
Validity valid = checkValidity(fully_canonical.app().getHashRouter(),
tx,
fully_canonical.current()->rules(),
fully_canonical.app().config()).first;
if(valid == Validity::Valid)
fail("Non-Fully canoncial signature was permitted");
}
pass();
}
};
BEAST_DEFINE_TESTSUITE(Apply,app,ripple);
} // ripple

3
src/test/protocol/STTx_test.cpp
View File

@@ -1489,7 +1489,8 @@ public:
}); });
j.sign (keypair.first, keypair.second); j.sign (keypair.first, keypair.second);
unexpected (!j.checkSign().first, "Transaction fails signature test"); unexpected (!j.checkSign(STTx::RequireFullyCanonicalSig::yes).first,
"Transaction fails signature test");
Serializer rawTxn; Serializer rawTxn;
j.add (rawTxn); j.add (rawTxn);