diff --git a/alethzero/MainWin.cpp b/alethzero/MainWin.cpp index 0ad5ba938..280a70fe1 100644 --- a/alethzero/MainWin.cpp +++ b/alethzero/MainWin.cpp @@ -353,8 +353,16 @@ void Main::on_enableOptimizer_triggered() on_data_textChanged(); } +QString Main::contents(QString _s) +{ + return QString::fromStdString(dev::asString(dev::contents(_s.toStdString()))); +} + void Main::load(QString _s) { + QString contents = QString::fromStdString(dev::asString(dev::contents(_s.toStdString()))); + ui->webView->page()->currentFrame()->evaluateJavaScript(contents); + /* QFile fin(_s); if (!fin.open(QFile::ReadOnly)) return; @@ -375,7 +383,7 @@ void Main::load(QString _s) //eval(line); line.clear(); } - } + }*/ } void Main::on_loadJS_triggered() @@ -679,7 +687,7 @@ void Main::on_importKeyFile_triggered() try { js::mValue val; - json_spirit::read_string(asString(contents(s.toStdString())), val); + json_spirit::read_string(asString(dev::contents(s.toStdString())), val); auto obj = val.get_obj(); if (obj["encseed"].type() == js::str_type) { @@ -948,7 +956,7 @@ void Main::refreshBlockCount() cwatch << "refreshBlockCount()"; auto d = ethereum()->blockChain().details(); auto diff = BlockInfo(ethereum()->blockChain().block()).difficulty; - ui->blockCount->setText(QString("%6 #%1 @%3 T%2 N%4 D%5").arg(d.number).arg(toLog2(d.totalDifficulty)).arg(toLog2(diff)).arg(dev::eth::c_protocolVersion).arg(dev::eth::c_databaseVersion).arg(m_privateChain.size() ? "[" + m_privateChain + "] " : "testnet")); + ui->blockCount->setText(QString("%6 #%1 @%3 T%2 PV%4 D%5").arg(d.number).arg(toLog2(d.totalDifficulty)).arg(toLog2(diff)).arg(dev::eth::c_protocolVersion).arg(dev::eth::c_databaseVersion).arg(m_privateChain.size() ? "[" + m_privateChain + "] " : "testnet")); } static bool blockMatch(string const& _f, dev::eth::BlockDetails const& _b, h256 _h, BlockChain const& _bc) diff --git a/alethzero/MainWin.h b/alethzero/MainWin.h index 9f7ad97de..14877f610 100644 --- a/alethzero/MainWin.h +++ b/alethzero/MainWin.h @@ -85,6 +85,7 @@ public slots: void note(QString _entry); void debug(QString _entry); void warn(QString _entry); + QString contents(QString _file); void onKeysChanged(); diff --git a/libdevcore/Common.h b/libdevcore/Common.h index 87cc069b3..198119f24 100644 --- a/libdevcore/Common.h +++ b/libdevcore/Common.h @@ -59,6 +59,7 @@ using bytesConstRef = vector_ref; // Numeric types. using bigint = boost::multiprecision::number>; +using u128 = boost::multiprecision::number>; using u256 = boost::multiprecision::number>; using s256 = boost::multiprecision::number>; using u160 = boost::multiprecision::number>; diff --git a/libdevcore/CommonJS.cpp b/libdevcore/CommonJS.cpp index 96f4b1896..c09a5b565 100644 --- a/libdevcore/CommonJS.cpp +++ b/libdevcore/CommonJS.cpp @@ -38,31 +38,20 @@ bytes jsToBytes(std::string const& _s) return bytes(); } -std::string jsPadded(std::string const& _s, unsigned _l, unsigned _r) +bytes padded(bytes _b, unsigned _l) { - bytes b = jsToBytes(_s); - while (b.size() < _l) - b.insert(b.begin(), 0); - while (b.size() < _r) - b.push_back(0); - return asString(b).substr(b.size() - std::max(_l, _r)); + while (_b.size() < _l) + _b.insert(_b.begin(), 0); + while (_b.size() < _l) + _b.push_back(0); + return asBytes(asString(_b).substr(_b.size() - std::max(_l, _l))); } -std::string jsPadded(std::string const& _s, unsigned _l) +bytes unpadded(bytes _b) { - if (_s.substr(0, 2) == "0x" || _s.find_first_not_of("0123456789") == std::string::npos) - // Numeric: pad to right - return jsPadded(_s, _l, _l); - else - // Text: pad to the left - return jsPadded(_s, 0, _l); -} - -std::string jsUnpadded(std::string _s) -{ - auto p = _s.find_last_not_of((char)0); - _s.resize(p == std::string::npos ? 0 : (p + 1)); - return _s; + auto p = asString(_b).find_last_not_of((char)0); + _b.resize(p == std::string::npos ? 0 : (p + 1)); + return _b; } } diff --git a/libdevcore/CommonJS.h b/libdevcore/CommonJS.h index be98c2372..80e1a9ca1 100644 --- a/libdevcore/CommonJS.h +++ b/libdevcore/CommonJS.h @@ -47,9 +47,8 @@ inline std::string toJS(dev::bytes const& _n) } bytes jsToBytes(std::string const& _s); -std::string jsPadded(std::string const& _s, unsigned _l, unsigned _r); -std::string jsPadded(std::string const& _s, unsigned _l); -std::string jsUnpadded(std::string _s); +bytes padded(bytes _b, unsigned _l); +bytes unpadded(bytes _s); template FixedHash jsToFixed(std::string const& _s) { @@ -61,7 +60,7 @@ template FixedHash jsToFixed(std::string const& _s) return (typename FixedHash::Arith)(_s); else // Binary - return FixedHash(asBytes(jsPadded(_s, N))); + return FixedHash(); // FAIL } inline std::string jsToFixed(double _s) @@ -79,7 +78,7 @@ template boost::multiprecision::number>(_s); else // Binary - return fromBigEndian>>(asBytes(jsPadded(_s, N))); + return 0; // FAIL } inline Address jsToAddress(std::string const& _s) { return jsToFixed(_s); } @@ -89,7 +88,7 @@ inline u256 jsToU256(std::string const& _s) { return jsToInt<32>(_s); } inline std::string jsToBinary(std::string const& _s) { - return jsUnpadded(dev::toString(jsToBytes(_s))); + return dev::toString(unpadded(jsToBytes(_s))); } inline std::string jsToDecimal(std::string const& _s) diff --git a/libdevcore/Exceptions.h b/libdevcore/Exceptions.h index bbc928da4..5d03c195f 100644 --- a/libdevcore/Exceptions.h +++ b/libdevcore/Exceptions.h @@ -45,7 +45,7 @@ struct FileError: virtual Exception {}; typedef boost::error_info errinfo_invalidSymbol; typedef boost::error_info errinfo_wrongAddress; typedef boost::error_info errinfo_comment; -typedef boost::error_info errinfo_required; -typedef boost::error_info errinfo_got; +typedef boost::error_info errinfo_required; +typedef boost::error_info errinfo_got; typedef boost::tuple RequirementError; } diff --git a/libdevcore/FixedHash.h b/libdevcore/FixedHash.h index 2353a100c..0e387ab8a 100644 --- a/libdevcore/FixedHash.h +++ b/libdevcore/FixedHash.h @@ -240,6 +240,7 @@ using h520 = FixedHash<65>; using h512 = FixedHash<64>; using h256 = FixedHash<32>; using h160 = FixedHash<20>; +using h128 = FixedHash<16>; using h512s = std::vector; using h256s = std::vector; using h160s = std::vector; diff --git a/libdevcrypto/SHA3MAC.cpp b/libdevcrypto/AES.cpp similarity index 64% rename from libdevcrypto/SHA3MAC.cpp rename to libdevcrypto/AES.cpp index 9498ef87b..56885ae36 100644 --- a/libdevcrypto/SHA3MAC.cpp +++ b/libdevcrypto/AES.cpp @@ -1,40 +1,60 @@ /* This file is part of cpp-ethereum. - + cpp-ethereum is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + cpp-ethereum is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with cpp-ethereum. If not, see . */ -/** @file SHA3MAC.cpp +/** @file AES.cpp * @author Alex Leverington * @date 2014 - * - * SHA3 MAC */ #include "CryptoPP.h" -#include "SHA3MAC.h" +#include "AES.h" +using namespace std; using namespace dev; using namespace dev::crypto; +using namespace dev::crypto::aes; using namespace CryptoPP; -void crypto::sha3mac(bytesConstRef _secret, bytesConstRef _plain, bytesRef _output) +struct aes::Aes128Ctr +{ + Aes128Ctr(h128 _k) + { + mode.SetKeyWithIV(_k.data(), sizeof(h128), Nonce::get().data()); + } + CTR_Mode::Encryption mode; +}; + +Stream::Stream(StreamType, h128 _ckey): + m_cSecret(_ckey) +{ + cryptor = new Aes128Ctr(_ckey); +} + +Stream::~Stream() +{ + delete cryptor; +} + +void Stream::update(bytesRef) +{ + +} + +size_t Stream::streamOut(bytes&) { - CryptoPP::SHA3_256 ctx; - assert(_secret.size() > 0); - ctx.Update((byte*)_secret.data(), _secret.size()); - ctx.Update((byte*)_plain.data(), _plain.size()); - assert(_output.size() >= 32); - ctx.Final(_output.data()); + return 0; } diff --git a/libdevcrypto/AES.h b/libdevcrypto/AES.h new file mode 100644 index 000000000..f0646eb85 --- /dev/null +++ b/libdevcrypto/AES.h @@ -0,0 +1,89 @@ +/* + This file is part of cpp-ethereum. + + cpp-ethereum is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + cpp-ethereum is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with cpp-ethereum. If not, see . + */ +/** @file AES.h + * @author Alex Leverington + * @date 2014 + * + * AES + * todo: use openssl + */ + +#pragma once + +#include +#include "Common.h" + +namespace dev +{ +namespace crypto +{ +namespace aes +{ + +struct Aes128Ctr; +enum StreamType { Encrypt, Decrypt }; + +/** + * @brief Encrypted stream + */ +class Stream +{ +public: + // streamtype maybe irrelevant w/ctr + Stream(StreamType _t, h128 _ckey); + ~Stream(); + + virtual void update(bytesRef io_bytes); + + /// Move ciphertext to _bytes. + virtual size_t streamOut(bytes& o_bytes); + +private: + Stream(Stream const&) = delete; + Stream& operator=(Stream const&) = delete; + + h128 m_cSecret; + bytes m_text; + + Aes128Ctr* cryptor; +}; + + +/** + * @brief Encrypted stream with inband SHA3 mac at specific interval. + */ +class AuthenticatedStream: public Stream +{ +public: + AuthenticatedStream(StreamType _t, h128 _ckey, h128 _mackey, unsigned _interval): Stream(_t, _ckey), m_macSecret(_mackey) { m_macInterval = _interval; } + + AuthenticatedStream(StreamType _t, Secret const& _s, unsigned _interval): Stream(_t, h128(_s)), m_macSecret(FixedHash<16>((byte const*)_s.data()+16,h128::ConstructFromPointer)) { m_macInterval = _interval; } + + /// Adjust mac interval. Next mac will be xored with value. + void adjustInterval(unsigned _interval) { m_macInterval = _interval; } + +private: + AuthenticatedStream(AuthenticatedStream const&) = delete; + AuthenticatedStream& operator=(AuthenticatedStream const&) = delete; + + std::atomic m_macInterval; + h128 m_macSecret; +}; + +} +} +} \ No newline at end of file diff --git a/libdevcrypto/All.h b/libdevcrypto/All.h index db6d7c615..9070725e9 100644 --- a/libdevcrypto/All.h +++ b/libdevcrypto/All.h @@ -1,12 +1,8 @@ #pragma once #include "Common.h" -#include "CryptoPP.h" -#include "EC.h" +#include "AES.h" +#include "ECDHE.h" #include "FileSystem.h" -#include "MemoryDB.h" -#include "OverlayDB.h" #include "SHA3.h" -#include "SHA3MAC.h" -#include "TrieCommon.h" #include "TrieDB.h" diff --git a/libdevcrypto/Common.cpp b/libdevcrypto/Common.cpp index 2db65aae3..fa5a544a1 100644 --- a/libdevcrypto/Common.cpp +++ b/libdevcrypto/Common.cpp @@ -23,89 +23,104 @@ #include #include #include -#include "EC.h" #include "SHA3.h" #include "FileSystem.h" +#include "CryptoPP.h" #include "Common.h" using namespace std; using namespace dev; -using namespace crypto; +using namespace dev::crypto; -//#define ETH_ADDRESS_DEBUG 1 +static Secp256k1 s_secp256k1; -Address dev::toAddress(Secret _secret) +Public dev::toPublic(Secret const& _secret) { - return KeyPair(_secret).address(); + Public p; + s_secp256k1.toPublic(_secret, p); + return std::move(p); } -KeyPair KeyPair::create() +Address dev::toAddress(Public const& _public) { - static mt19937_64 s_eng(time(0) + chrono::high_resolution_clock::now().time_since_epoch().count()); - uniform_int_distribution d(0, 255); - - for (int i = 0; i < 100; ++i) - { - h256 sec; - for (unsigned i = 0; i < 32; ++i) - sec[i] = (byte)d(s_eng); - - KeyPair ret(sec); - if (ret.address()) - return ret; - } - return KeyPair(); + return s_secp256k1.toAddress(_public); } -KeyPair::KeyPair(h256 _sec): - m_secret(_sec) +Address dev::toAddress(Secret const& _secret) { - toPublic(m_secret, m_public); - if (verifySecret(m_secret, m_public)) - m_address = right160(dev::sha3(m_public.ref())); - -#if ETH_ADDRESS_DEBUG - cout << "---- ADDRESS -------------------------------" << endl; - cout << "SEC: " << m_secret << endl; - cout << "PUB: " << m_public << endl; - cout << "ADR: " << m_address << endl; -#endif + Public p; + s_secp256k1.toPublic(_secret, p); + return s_secp256k1.toAddress(p); } -KeyPair KeyPair::fromEncryptedSeed(bytesConstRef _seed, std::string const& _password) -{ - return KeyPair(sha3(aesDecrypt(_seed, _password))); -} - -void dev::encrypt(Public _k, bytesConstRef _plain, bytes& o_cipher) +void dev::encrypt(Public const& _k, bytesConstRef _plain, bytes& o_cipher) { bytes io = _plain.toBytes(); - crypto::encrypt(_k, io); + s_secp256k1.encrypt(_k, io); o_cipher = std::move(io); } -bool dev::decrypt(Secret _k, bytesConstRef _cipher, bytes& o_plaintext) +bool dev::decrypt(Secret const& _k, bytesConstRef _cipher, bytes& o_plaintext) { bytes io = _cipher.toBytes(); - crypto::decrypt(_k, io); + s_secp256k1.decrypt(_k, io); if (io.empty()) return false; o_plaintext = std::move(io); return true; } -Public dev::recover(Signature _sig, h256 _message) +Public dev::recover(Signature const& _sig, h256 const& _message) +{ + return s_secp256k1.recover(_sig, _message.ref()); +} + +Signature dev::sign(Secret const& _k, h256 const& _hash) +{ + return s_secp256k1.sign(_k, _hash); +} + +bool dev::verify(Public const& _p, Signature const& _s, h256 const& _hash) { - return crypto::recover(_sig, _message.ref()); + return s_secp256k1.verify(_p, _s, _hash.ref(), true); } -Signature dev::sign(Secret _k, h256 _hash) +KeyPair KeyPair::create() { - return crypto::sign(_k, _hash); + static mt19937_64 s_eng(time(0) + chrono::high_resolution_clock::now().time_since_epoch().count()); + uniform_int_distribution d(0, 255); + + for (int i = 0; i < 100; ++i) + { + KeyPair ret(FixedHash<32>::random(s_eng)); + if (ret.address()) + return ret; + } + return KeyPair(); } -bool dev::verify(Public _p, Signature _s, h256 _hash) +KeyPair::KeyPair(h256 _sec): + m_secret(_sec) +{ + if (s_secp256k1.verifySecret(m_secret, m_public)) + m_address = s_secp256k1.toAddress(m_public); +} + +KeyPair KeyPair::fromEncryptedSeed(bytesConstRef _seed, std::string const& _password) { - return crypto::verify(_p, _s, bytesConstRef(_hash.data(), 32), true); + return KeyPair(sha3(aesDecrypt(_seed, _password))); +} + +h256 crypto::kdf(Secret const& _priv, h256 const& _hash) +{ + // H(H(r||k)^h) + h256 s; + sha3mac(Nonce::get().ref(), _priv.ref(), s.ref()); + s ^= _hash; + sha3(s.ref(), s.ref()); + + if (!s || !_hash || !_priv) + BOOST_THROW_EXCEPTION(InvalidState()); + return std::move(s); } h256 Nonce::get(bool _commit) @@ -125,7 +140,7 @@ h256 Nonce::get(bool _commit) else { // todo: replace w/entropy from user and system - std::mt19937_64 s_eng(time(0)); + std::mt19937_64 s_eng(time(0) + chrono::high_resolution_clock::now().time_since_epoch().count()); std::uniform_int_distribution d(0, 255); for (unsigned i = 0; i < 32; ++i) s_seed[i] = (byte)d(s_eng); diff --git a/libdevcrypto/Common.h b/libdevcrypto/Common.h index e95eefa40..2ec332d8d 100644 --- a/libdevcrypto/Common.h +++ b/libdevcrypto/Common.h @@ -52,30 +52,36 @@ using Address = h160; /// A vector of Ethereum addresses. using Addresses = h160s; -/// A vector of Ethereum addresses. +/// A set of Ethereum addresses. using AddressSet = std::set; /// A vector of secrets. using Secrets = h256s; /// Convert a secret key into the public key equivalent. +Public toPublic(Secret const& _secret); + +/// Convert a public key to address. +Address toAddress(Public const& _public); + +/// Convert a secret key into address of public key equivalent. /// @returns 0 if it's not a valid secret key. -Address toAddress(Secret _secret); +Address toAddress(Secret const& _secret); /// Encrypts plain text using Public key. -void encrypt(Public _k, bytesConstRef _plain, bytes& o_cipher); +void encrypt(Public const& _k, bytesConstRef _plain, bytes& o_cipher); /// Decrypts cipher using Secret key. -bool decrypt(Secret _k, bytesConstRef _cipher, bytes& o_plaintext); +bool decrypt(Secret const& _k, bytesConstRef _cipher, bytes& o_plaintext); /// Recovers Public key from signed message hash. -Public recover(Signature _sig, h256 _hash); +Public recover(Signature const& _sig, h256 const& _hash); /// Returns siganture of message hash. -Signature sign(Secret _k, h256 _hash); +Signature sign(Secret const& _k, h256 const& _hash); /// Verify signature. -bool verify(Public _k, Signature _s, h256 _hash); +bool verify(Public const& _k, Signature const& _s, h256 const& _hash); /// Simple class that represents a "key pair". /// All of the data of the class can be regenerated from the secret key (m_secret) alone. @@ -119,6 +125,9 @@ namespace crypto { struct InvalidState: public dev::Exception {}; +/// Key derivation +h256 kdf(Secret const& _priv, h256 const& _hash); + /** * @brief Generator for nonce material */ diff --git a/libdevcrypto/CryptoPP.cpp b/libdevcrypto/CryptoPP.cpp index 1b51d5bd5..858fd53ff 100644 --- a/libdevcrypto/CryptoPP.cpp +++ b/libdevcrypto/CryptoPP.cpp @@ -21,25 +21,206 @@ #include "CryptoPP.h" +using namespace std; using namespace dev; using namespace dev::crypto; using namespace CryptoPP; +static_assert(dev::Secret::size == 32, "Secret key must be 32 bytes."); +static_assert(dev::Public::size == 64, "Public key must be 64 bytes."); +static_assert(dev::Signature::size == 65, "Signature must be 65 bytes."); -/// Integer and Point Conversion: +void Secp256k1::encrypt(Public const& _k, bytes& io_cipher) +{ + ECIES::Encryptor e; + initializeDLScheme(_k, e); + + size_t plen = io_cipher.size(); + bytes ciphertext; + ciphertext.resize(e.CiphertextLength(plen)); + + { + lock_guard l(x_rng); + e.Encrypt(m_rng, io_cipher.data(), plen, ciphertext.data()); + } + + memset(io_cipher.data(), 0, io_cipher.size()); + io_cipher = std::move(ciphertext); +} + +void Secp256k1::decrypt(Secret const& _k, bytes& io_text) +{ + CryptoPP::ECIES::Decryptor d; + initializeDLScheme(_k, d); + + size_t clen = io_text.size(); + bytes plain; + plain.resize(d.MaxPlaintextLength(io_text.size())); + + DecodingResult r; + { + lock_guard l(x_rng); + r = d.Decrypt(m_rng, io_text.data(), clen, plain.data()); + } + + if (!r.isValidCoding) + { + io_text.clear(); + return; + } + + io_text.resize(r.messageLength); + io_text = std::move(plain); +} + +Signature Secp256k1::sign(Secret const& _k, bytesConstRef _message) +{ + return sign(_k, sha3(_message)); +} + +Signature Secp256k1::sign(Secret const& _key, h256 const& _hash) +{ + // assumption made by signing alogrithm + asserts(m_q == m_qs); + + Signature sig; + + Integer k(kdf(_key, _hash).data(), 32); + if (k == 0) + BOOST_THROW_EXCEPTION(InvalidState()); + k = 1 + (k % (m_qs - 1)); + + ECP::Point rp; + Integer r; + { + lock_guard l(x_params); + rp = m_params.ExponentiateBase(k); + r = m_params.ConvertElementToInteger(rp); + } + sig[64] = 0; +// sig[64] = (r >= m_q) ? 2 : 0; + + Integer kInv = k.InverseMod(m_q); + Integer z(_hash.asBytes().data(), 32); + Integer s = (kInv * (Integer(_key.asBytes().data(), 32)*r + z)) % m_q; + if (r == 0 || s == 0) + BOOST_THROW_EXCEPTION(InvalidState()); + +// if (s > m_qs) +// { +// s = m_q - s; +// if (sig[64]) +// sig[64] ^= 1; +// } + + sig[64] |= rp.y.IsOdd() ? 1 : 0; + r.Encode(sig.data(), 32); + s.Encode(sig.data() + 32, 32); + return sig; +} + +bool Secp256k1::verify(Signature const& _signature, bytesConstRef _message) +{ + return !!recover(_signature, _message); +} -void pp::exportPublicKey(CryptoPP::DL_PublicKey_EC const& _k, Public& _p) +bool Secp256k1::verify(Public const& _p, Signature const& _sig, bytesConstRef _message, bool _hashed) +{ + // todo: verify w/o recovery (if faster) + return _p == _hashed ? recover(_sig, _message) : recover(_sig, sha3(_message).ref()); +} + +Public Secp256k1::recover(Signature _signature, bytesConstRef _message) +{ + Public recovered; + + Integer r(_signature.data(), 32); + Integer s(_signature.data()+32, 32); + // cryptopp encodes sign of y as 0x02/0x03 instead of 0/1 or 27/28 + byte encodedpoint[33]; + encodedpoint[0] = _signature[64]|2; + memcpy(&encodedpoint[1], _signature.data(), 32); + + ECP::Element x; + { + lock_guard l(x_curve); + m_curve.DecodePoint(x, encodedpoint, 33); + if (!m_curve.VerifyPoint(x)) + return recovered; + } + +// if (_signature[64] & 2) +// { +// r += m_q; +// lock_guard l(x_params); +// if (r >= m_params.GetMaxExponent()) +// return recovered; +// } + + Integer z(_message.data(), 32); + Integer rn = r.InverseMod(m_q); + Integer u1 = m_q - (rn.Times(z)).Modulo(m_q); + Integer u2 = (rn.Times(s)).Modulo(m_q); + + ECP::Point p; + byte recoveredbytes[65]; + { + lock_guard l(x_curve); + // todo: make generator member + p = m_curve.CascadeMultiply(u2, x, u1, m_params.GetSubgroupGenerator()); + m_curve.EncodePoint(recoveredbytes, p, false); + } + memcpy(recovered.data(), &recoveredbytes[1], 64); + return recovered; +} + +bool Secp256k1::verifySecret(Secret const& _s, Public& _p) +{ + DL_PrivateKey_EC k; + k.Initialize(m_params, secretToExponent(_s)); + if (!k.Validate(m_rng, 3)) + return false; + + DL_PublicKey_EC pub; + k.MakePublicKey(pub); + if (!k.Validate(m_rng, 3)) + return false; + + exportPublicKey(pub, _p); + return true; +} + +void Secp256k1::agree(Secret const& _s, Public const& _r, h256& o_s) +{ + ECDH::Domain d(m_oid); + assert(d.AgreedValueLength() == sizeof(o_s)); + byte remote[65] = {0x04}; + memcpy(&remote[1], _r.data(), 64); + assert(d.Agree(o_s.data(), _s.data(), remote)); +} + +void Secp256k1::exportPublicKey(CryptoPP::DL_PublicKey_EC const& _k, Public& o_p) { bytes prefixedKey(_k.GetGroupParameters().GetEncodedElementSize(true)); - secp256k1Params.GetCurve().EncodePoint(prefixedKey.data(), _k.GetPublicElement(), false); + + { + lock_guard l(x_params); + m_params.GetCurve().EncodePoint(prefixedKey.data(), _k.GetPublicElement(), false); + assert(Public::size + 1 == _k.GetGroupParameters().GetEncodedElementSize(true)); + } - assert(Public::size + 1 == _k.GetGroupParameters().GetEncodedElementSize(true)); - memcpy(_p.data(), &prefixedKey[1], Public::size); + memcpy(o_p.data(), &prefixedKey[1], Public::size); } -void pp::exponentToPublic(Integer const& _e, Public& _p) +void Secp256k1::exponentToPublic(Integer const& _e, Public& o_p) { CryptoPP::DL_PublicKey_EC pk; - pk.Initialize(secp256k1Params, secp256k1Params.ExponentiateBase(_e)); - pp::exportPublicKey(pk, _p); -} \ No newline at end of file + + { + lock_guard l(x_params); + pk.Initialize(m_params, m_params.ExponentiateBase(_e)); + } + + exportPublicKey(pk, o_p); +} + diff --git a/libdevcrypto/CryptoPP.h b/libdevcrypto/CryptoPP.h index dc5d6a610..69189aaab 100644 --- a/libdevcrypto/CryptoPP.h +++ b/libdevcrypto/CryptoPP.h @@ -23,6 +23,7 @@ #pragma once +#include // need to leave this one disabled for link-time. blame cryptopp. #pragma GCC diagnostic ignored "-Wunused-function" #pragma warning(push) @@ -48,42 +49,85 @@ #include #pragma warning(pop) #pragma GCC diagnostic pop +#include "SHA3.h" #include "Common.h" namespace dev { namespace crypto { -namespace pp -{ - + using namespace CryptoPP; + +inline ECP::Point publicToPoint(Public const& _p) { Integer x(_p.data(), 32); Integer y(_p.data() + 32, 32); return std::move(ECP::Point(x,y)); } + +inline Integer secretToExponent(Secret const& _s) { return std::move(Integer(_s.data(), Secret::size)); } + +/** + * CryptoPP secp256k1 algorithms. + */ +class Secp256k1 +{ +public: + Secp256k1(): m_oid(ASN1::secp256k1()), m_params(m_oid), m_curve(m_params.GetCurve()), m_q(m_params.GetGroupOrder()), m_qs(m_params.GetSubgroupOrder()) {} -/// CryptoPP random number pool -static CryptoPP::AutoSeededRandomPool PRNG; + Address toAddress(Public const& _p) { return right160(sha3(_p.ref())); } -/// CryptoPP EC Cruve -static const CryptoPP::OID secp256k1Curve = CryptoPP::ASN1::secp256k1(); + void toPublic(Secret const& _s, Public& o_public) { exponentToPublic(Integer(_s.data(), sizeof(_s)), o_public); } -static const CryptoPP::DL_GroupParameters_EC secp256k1Params(secp256k1Curve); + /// Encrypts text (replace input). + void encrypt(Public const& _k, bytes& io_cipher); -static ECP::Point publicToPoint(Public const& _p) { Integer x(_p.data(), 32); Integer y(_p.data() + 32, 32); return std::move(ECP::Point(x,y)); } + /// Decrypts text (replace input). + void decrypt(Secret const& _k, bytes& io_text); -static Integer secretToExponent(Secret const& _s) { return std::move(Integer(_s.data(), Secret::size)); } - -void exportPublicKey(CryptoPP::DL_PublicKey_EC const& _k, Public& _p); - -static void exportPrivateKey(CryptoPP::DL_PrivateKey_EC const& _k, Secret& _s) { _k.GetPrivateExponent().Encode(_s.data(), Secret::size); } + /// @returns siganture of message. + Signature sign(Secret const& _k, bytesConstRef _message); + + /// @returns compact siganture of provided hash. + Signature sign(Secret const& _k, h256 const& _hash); + + /// Verify compact signature (public key is extracted from signature). + bool verify(Signature const& _signature, bytesConstRef _message); + + /// Verify signature. + bool verify(Public const& _p, Signature const& _sig, bytesConstRef _message, bool _hashed = false); -void exponentToPublic(Integer const& _e, Public& _p); + /// Recovers public key from compact signature. Uses libsecp256k1. + Public recover(Signature _signature, bytesConstRef _message); -template -void initializeDLScheme(Secret const& _s, T& io_operator) { io_operator.AccessKey().Initialize(pp::secp256k1Params, secretToExponent(_s)); } + /// Verifies _s is a valid secret key and returns corresponding public key in o_p. + bool verifySecret(Secret const& _s, Public& o_p); -template -void initializeDLScheme(Public const& _p, T& io_operator) { io_operator.AccessKey().Initialize(pp::secp256k1Params, publicToPoint(_p)); } + void agree(Secret const& _s, Public const& _r, h256& o_s); + +protected: + void exportPrivateKey(DL_PrivateKey_EC const& _k, Secret& o_s) { _k.GetPrivateExponent().Encode(o_s.data(), Secret::size); } + + void exportPublicKey(DL_PublicKey_EC const& _k, Public& o_p); + + void exponentToPublic(Integer const& _e, Public& o_p); + + template void initializeDLScheme(Secret const& _s, T& io_operator) { std::lock_guard l(x_params); io_operator.AccessKey().Initialize(m_params, secretToExponent(_s)); } + + template void initializeDLScheme(Public const& _p, T& io_operator) { std::lock_guard l(x_params); io_operator.AccessKey().Initialize(m_params, publicToPoint(_p)); } + +private: + OID m_oid; + + std::mutex x_rng; + AutoSeededRandomPool m_rng; + + std::mutex x_params; + DL_GroupParameters_EC m_params; + + std::mutex x_curve; + DL_GroupParameters_EC::EllipticCurve m_curve; + + Integer m_q; + Integer m_qs; +}; } } -} diff --git a/libdevcrypto/EC.cpp b/libdevcrypto/EC.cpp deleted file mode 100644 index e6e6d2329..000000000 --- a/libdevcrypto/EC.cpp +++ /dev/null @@ -1,202 +0,0 @@ -/* - This file is part of cpp-ethereum. - - cpp-ethereum is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - cpp-ethereum is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with cpp-ethereum. If not, see . - */ -/** @file EC.cpp - * @author Alex Leverington - * @date 2014 - * - * ECDSA, ECIES - */ - -#include -#include "CryptoPP.h" -#include "SHA3.h" -#include "SHA3MAC.h" -#include "EC.h" - -static_assert(dev::Secret::size == 32, "Secret key must be 32 bytes."); -static_assert(dev::Public::size == 64, "Public key must be 64 bytes."); -static_assert(dev::Signature::size == 65, "Signature must be 65 bytes."); - -using namespace std; -using namespace dev; -using namespace dev::crypto; -using namespace CryptoPP; -using namespace pp; - -static const int c_publicKeySize = 65; // Public key size for I/O is 65 bytes (there's an extra byte that we don't really need). - -void crypto::toPublic(Secret const& _s, Public& o_public) -{ - exponentToPublic(Integer(_s.data(), sizeof(_s)), o_public); -} - -h256 crypto::kdf(Secret const& _priv, h256 const& _hash) -{ - // H(H(r||k)^h) - h256 s; - sha3mac(Nonce::get().ref(), _priv.ref(), s.ref()); - s ^= _hash; - sha3(s.ref(), s.ref()); - - if (!s || !_hash || !_priv) - BOOST_THROW_EXCEPTION(InvalidState()); - return std::move(s); -} - -void crypto::encrypt(Public const& _k, bytes& io_cipher) -{ - ECIES::Encryptor e; - initializeDLScheme(_k, e); - size_t plen = io_cipher.size(); - bytes c; - c.resize(e.CiphertextLength(plen)); - // todo: use StringSource with io_cipher as input and output. - e.Encrypt(PRNG, io_cipher.data(), plen, c.data()); - memset(io_cipher.data(), 0, io_cipher.size()); - io_cipher = std::move(c); -} - -void crypto::decrypt(Secret const& _k, bytes& io_text) -{ - CryptoPP::ECIES::Decryptor d; - initializeDLScheme(_k, d); - size_t clen = io_text.size(); - bytes p; - p.resize(d.MaxPlaintextLength(io_text.size())); - // todo: use StringSource with io_text as input and output. - DecodingResult r = d.Decrypt(PRNG, io_text.data(), clen, p.data()); - if (!r.isValidCoding) - { - io_text.clear(); - return; - } - io_text.resize(r.messageLength); - io_text = std::move(p); -} - -Signature crypto::sign(Secret const& _k, bytesConstRef _message) -{ - return crypto::sign(_k, sha3(_message)); -} - -Signature crypto::sign(Secret const& _key, h256 const& _hash) -{ - ECDSA::Signer signer; - initializeDLScheme(_key, signer); - - Integer const& q = secp256k1Params.GetGroupOrder(); - Integer const& qs = secp256k1Params.GetSubgroupOrder(); - Integer e(_hash.asBytes().data(), 32); - - Integer k(kdf(_key, _hash).data(), 32); - if (k == 0) - BOOST_THROW_EXCEPTION(InvalidState()); - k = 1 + (k % (qs - 1)); - - ECP::Point rp = secp256k1Params.ExponentiateBase(k); - Integer r = secp256k1Params.ConvertElementToInteger(rp); - int recid = ((r >= q) ? 2 : 0) | (rp.y.IsOdd() ? 1 : 0); - - Integer kInv = k.InverseMod(q); - Integer s = (kInv * (Integer(_key.asBytes().data(), 32)*r + e)) % q; - assert(!!r && !!s); - - if (s > qs) - { - s = q - s; - if (recid) - recid ^= 1; - } - - Signature sig; - r.Encode(sig.data(), 32); - s.Encode(sig.data() + 32, 32); - sig[64] = recid; - return sig; -} - -bool crypto::verify(Signature const& _signature, bytesConstRef _message) -{ - return crypto::verify(crypto::recover(_signature, _message), _signature, _message); -} - -bool crypto::verify(Public const& _p, Signature const& _sig, bytesConstRef _message, bool _hashed) -{ - static const size_t c_derMaxEncodingLength = 72; - if (_hashed) - { - assert(_message.size() == 32); - byte encpub[65] = {0x04}; - memcpy(&encpub[1], _p.data(), 64); - byte dersig[c_derMaxEncodingLength]; - size_t cssz = DSAConvertSignatureFormat(dersig, c_derMaxEncodingLength, DSA_DER, _sig.data(), 64, DSA_P1363); - assert(cssz <= c_derMaxEncodingLength); - return (1 == secp256k1_ecdsa_verify(_message.data(), _message.size(), dersig, cssz, encpub, c_publicKeySize)); - } - - ECDSA::Verifier verifier; - initializeDLScheme(_p, verifier); - return verifier.VerifyMessage(_message.data(), _message.size(), _sig.data(), sizeof(Signature) - 1); -} - -Public crypto::recover(Signature _signature, bytesConstRef _message) -{ - secp256k1_start(); - - byte pubkey[c_publicKeySize]; - int keySize; - if (!secp256k1_ecdsa_recover_compact(_message.data(), 32, _signature.data(), pubkey, &keySize, 0, (int)_signature[64]) || keySize != c_publicKeySize) - return Public(); - -#if ETH_CRYPTO_TRACE - h256* sig = (h256 const*)_signature.data(); - cout << "---- RECOVER -------------------------------" << endl; - cout << "MSG: " << _message << endl; - cout << "R S V: " << sig[0] << " " << sig[1] << " " << (int)(_signature[64] - 27) << "+27" << endl; - cout << "PUB: " << toHex(bytesConstRef(&(pubkey[1]), 64)) << endl; -#endif - - Public ret; - memcpy(&ret, &(pubkey[1]), sizeof(Public)); - return ret; -} - -bool crypto::verifySecret(Secret const& _s, Public const& _p) -{ - secp256k1_start(); - int ok = secp256k1_ecdsa_seckey_verify(_s.data()); - if (!ok) - return false; - - byte pubkey[c_publicKeySize]; - - int keySize; - ok = secp256k1_ecdsa_pubkey_create(pubkey, &keySize, _s.data(), 0); - if (!ok || keySize != c_publicKeySize) - return false; - - ok = secp256k1_ecdsa_pubkey_verify(pubkey, c_publicKeySize); - if (!ok) - return false; - - for (int i = 0; i < 32; i++) - if (pubkey[i+1]!=_p[i]) - return false; - - return true; -} - diff --git a/libdevcrypto/EC.h b/libdevcrypto/EC.h deleted file mode 100644 index 2a4155edf..000000000 --- a/libdevcrypto/EC.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - This file is part of cpp-ethereum. - - cpp-ethereum is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - cpp-ethereum is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with cpp-ethereum. If not, see . - */ -/** @file EC.h - * @author Alex Leverington - * @date 2014 - * - * ECDSA, ECIES - */ - -#pragma once - -#include "Common.h" - -namespace dev -{ -namespace crypto -{ - -void toPublic(Secret const& _s, Public& o_public); -h256 kdf(Secret const& _priv, h256 const& _hash); - -/// Encrypts text (in place). -void encrypt(Public const& _k, bytes& io_cipher); - -/// Decrypts text (in place). -void decrypt(Secret const& _k, bytes& io_text); - -/// Returns siganture of message. -Signature sign(Secret const& _k, bytesConstRef _message); - -/// Returns compact siganture of message hash. -Signature sign(Secret const& _k, h256 const& _hash); - -/// Verify compact signature (public key is extracted from message). -bool verify(Signature const& _signature, bytesConstRef _message); - -/// Verify signature. -bool verify(Public const& _p, Signature const& _sig, bytesConstRef _message, bool _hashed = false); - -/// Recovers public key from compact signature. Uses libsecp256k1. -Public recover(Signature _signature, bytesConstRef _message); - -bool verifySecret(Secret const& _s, Public const& _p); - -} - -} - diff --git a/libdevcrypto/ECDHE.cpp b/libdevcrypto/ECDHE.cpp new file mode 100644 index 000000000..deae3bc6d --- /dev/null +++ b/libdevcrypto/ECDHE.cpp @@ -0,0 +1,100 @@ +/* + This file is part of cpp-ethereum. + + cpp-ethereum is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + cpp-ethereum is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with cpp-ethereum. If not, see . + */ +/** @file ECDHE.cpp + * @author Alex Leverington + * @date 2014 + */ + +#include "SHA3.h" +#include "CryptoPP.h" +#include "ECDHE.h" + +using namespace std; +using namespace dev; +using namespace dev::crypto; + +static Secp256k1 s_secp256k1; + +void ECDHE::agree(Public const& _remote, Secret& o_sharedSecret) +{ + if (m_remoteEphemeral) + // agreement can only occur once + BOOST_THROW_EXCEPTION(InvalidState()); + + m_remoteEphemeral = _remote; + s_secp256k1.agree(m_ephemeral.sec(), m_remoteEphemeral, o_sharedSecret); +} + +void ECDHEKeyExchange::agree(Public const& _remoteEphemeral) +{ + s_secp256k1.agree(m_ephemeral.sec(), _remoteEphemeral, m_ephemeralSecret); +} + +void ECDHEKeyExchange::exchange(bytes& o_exchange) +{ + if (!m_ephemeralSecret) + // didn't agree on public remote + BOOST_THROW_EXCEPTION(InvalidState()); + + // The key exchange payload is in two parts and is encrypted + // using ephemeral keypair. + // + // The first part is the 'prefix' which is a zero-knowledge proof + // allowing the remote to resume or emplace a previous session. + // If a session previously exists: + // prefix is sha3(token) // todo: ephemeral entropy from both sides + // If a session doesn't exist: + // prefix is sha3(m_ephemeralSecret) + // + // The second part is encrypted using the public key which relates to the prefix. + + Public encpk = m_known.first ? m_known.first : m_remoteEphemeral; + bytes exchange(encpk.asBytes()); + + // This is the public key which we would like the remote to use, + // which maybe different than the previously-known public key. + // + // Here we should pick an appropriate alias or generate a new one, + // but for now, we use static alias passed to constructor. + // + Public p = toPublic(m_alias.m_secret); + exchange.resize(exchange.size() + sizeof(p)); + memcpy(&exchange[exchange.size() - sizeof(p)], p.data(), sizeof(p)); + + // protocol parameters; should be fixed size + bytes v(1, 0x80); + exchange.resize(exchange.size() + v.size()); + memcpy(&exchange[exchange.size() - v.size()], v.data(), v.size()); + + h256 auth; + sha3mac(m_alias.m_secret.ref(), m_ephemeralSecret.ref(), auth.ref()); + Signature sig = s_secp256k1.sign(m_alias.m_secret, auth); + exchange.resize(exchange.size() + sizeof(sig)); + memcpy(&exchange[exchange.size() - sizeof(sig)], sig.data(), sizeof(sig)); + + aes::AuthenticatedStream aes(aes::Encrypt, m_ephemeralSecret, 0); + h256 prefix(sha3(m_known.second ? m_known.second : (h256)m_remoteEphemeral)); + aes.update(prefix.ref()); + + s_secp256k1.encrypt(encpk, exchange); + aes.update(&exchange); + + aes.streamOut(o_exchange); +} + + + diff --git a/libdevcrypto/ECDHE.h b/libdevcrypto/ECDHE.h new file mode 100644 index 000000000..f77f7fcff --- /dev/null +++ b/libdevcrypto/ECDHE.h @@ -0,0 +1,109 @@ +/* + This file is part of cpp-ethereum. + + cpp-ethereum is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + cpp-ethereum is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with cpp-ethereum. If not, see . + */ +/** @file ECDHE.h + * @author Alex Leverington + * @date 2014 + * + * Elliptic curve Diffie-Hellman ephemeral key exchange + */ + +#pragma once + +#include "AES.h" + +namespace dev +{ +namespace crypto +{ + +/// Public key of remote and corresponding shared secret. +typedef std::pair AliasSession; + +/** + * @brief An addressable EC key pair. + */ +class Alias +{ + friend class ECDHEKeyExchange; // todo: remove +public: + Alias(Secret _s): m_secret(_s) {}; + + AliasSession session(Address _a) { return m_sessions.count(_a) ? m_sessions.find(_a)->second : AliasSession(); } + +private: + std::map m_sessions; + Secret m_secret; +}; + +/** + * @brief Derive DH shared secret from EC keypairs. + * As ephemeral keys are single-use, agreement is limited to a single occurence. + */ +class ECDHE +{ +public: + /// Constructor (pass public key for ingress exchange). + ECDHE(): m_ephemeral(KeyPair::create()) {}; + + /// Public key sent to remote. + Public pubkey() { return m_ephemeral.pub(); } + + /// Input public key for dh agreement, output generated shared secret. + void agree(Public const& _remoteEphemeral, Secret& o_sharedSecret); + +protected: + KeyPair m_ephemeral; ///< Ephemeral keypair; generated. + Public m_remoteEphemeral; ///< Public key of remote; parameter. +}; + +/** + * @brief Secure exchange of static keys. + * Key exchange is encrypted with public key of remote and then encrypted by block cipher. For a blind remote the ecdhe public key is used to encrypt exchange, and for a known remote the known public key is used. The block cipher key is derived from ecdhe shared secret. + * + * Usage: Agree -> Exchange -> Authenticate + */ +class ECDHEKeyExchange: private ECDHE +{ +public: + /// Exchange with unknown remote (pass public key for ingress exchange) + ECDHEKeyExchange(Alias& _k): m_alias(_k) {}; + + /// Exchange with known remote + ECDHEKeyExchange(Alias& _k, AliasSession _known): m_alias(_k), m_known(_known) {}; + + /// Provide public key for dh agreement to generate shared secret. + void agree(Public const& _remoteEphemeral); + + /// @returns encrypted payload of key exchange + void exchange(bytes& o_exchange); + + /// Decrypt payload, check mac, check trust, decrypt exchange, authenticate exchange, verify version, verify signature, and if no failure occurs, update or creats trust and derive session-shared-secret. + bool authenticate(bytes _exchangeIn); + +private: + Secret m_ephemeralSecret; + Alias m_alias; + AliasSession m_known; + Secret m_sharedAliasSecret; + + FixedHash<16> m_sharedC; + FixedHash<16> m_sharedM; +}; + +} +} + diff --git a/libdevcrypto/SHA3.cpp b/libdevcrypto/SHA3.cpp index 4a0cd469e..1fc9be950 100644 --- a/libdevcrypto/SHA3.cpp +++ b/libdevcrypto/SHA3.cpp @@ -86,6 +86,16 @@ h256 sha3(bytesConstRef _input) sha3(_input, bytesRef(&ret[0], 32)); return ret; } + +void sha3mac(bytesConstRef _secret, bytesConstRef _plain, bytesRef _output) +{ + CryptoPP::SHA3_256 ctx; + assert(_secret.size() > 0); + ctx.Update((byte*)_secret.data(), _secret.size()); + ctx.Update((byte*)_plain.data(), _plain.size()); + assert(_output.size() >= 32); + ctx.Final(_output.data()); +} bytes aesDecrypt(bytesConstRef _ivCipher, std::string const& _password, unsigned _rounds, bytesConstRef _salt) { diff --git a/libdevcrypto/SHA3.h b/libdevcrypto/SHA3.h index 7aa4db246..f27e378ba 100644 --- a/libdevcrypto/SHA3.h +++ b/libdevcrypto/SHA3.h @@ -55,6 +55,9 @@ inline h256 sha3(bytes const& _input) { return sha3(bytesConstRef((bytes*)&_inpu /// Calculate SHA3-256 hash of the given input (presented as a binary-filled string), returning as a 256-bit hash. inline h256 sha3(std::string const& _input) { return sha3(bytesConstRef(_input)); } + +/// Calculate SHA3-256 MAC +void sha3mac(bytesConstRef _secret, bytesConstRef _plain, bytesRef _output); /// Calculate SHA3-256 hash of the given input (presented as a FixedHash), returns a 256-bit hash. template inline h256 sha3(FixedHash const& _input) { return sha3(_input.ref()); } diff --git a/libdevcrypto/SHA3MAC.h b/libdevcrypto/SHA3MAC.h deleted file mode 100644 index 4b2d06eac..000000000 --- a/libdevcrypto/SHA3MAC.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - This file is part of cpp-ethereum. - - cpp-ethereum is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - cpp-ethereum is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with cpp-ethereum. If not, see . - */ -/** @file SHA3MAC.h - * @author Alex Leverington - * @date 2014 - * - * SHA3 MAC - */ - -#pragma once - -#include -#include - -namespace dev -{ -namespace crypto -{ - -void sha3mac(bytesConstRef _secret, bytesConstRef _plain, bytesRef _output); - -} -} - diff --git a/libethcore/CommonEth.cpp b/libethcore/CommonEth.cpp index 3c0a93481..21bdaba2e 100644 --- a/libethcore/CommonEth.cpp +++ b/libethcore/CommonEth.cpp @@ -28,7 +28,6 @@ using namespace std; using namespace dev; using namespace dev::eth; -//#define ETH_ADDRESS_DEBUG 1 namespace dev { namespace eth @@ -84,30 +83,4 @@ std::string formatBalance(u256 _b) return ret.str(); } -Address toAddress(Secret _private) -{ - secp256k1_start(); - - byte pubkey[65]; - int pubkeylen = 65; - int ok = secp256k1_ecdsa_seckey_verify(_private.data()); - if (!ok) - return Address(); - ok = secp256k1_ecdsa_pubkey_create(pubkey, &pubkeylen, _private.data(), 0); - assert(pubkeylen == 65); - if (!ok) - return Address(); - ok = secp256k1_ecdsa_pubkey_verify(pubkey, 65); - if (!ok) - return Address(); - auto ret = right160(dev::sha3(bytesConstRef(&(pubkey[1]), 64))); -#if ETH_ADDRESS_DEBUG - cout << "---- ADDRESS -------------------------------" << endl; - cout << "SEC: " << _private << endl; - cout << "PUB: " << toHex(bytesConstRef(&(pubkey[1]), 64)) << endl; - cout << "ADR: " << ret << endl; -#endif - return ret; -} - }} diff --git a/libethcore/CryptoHeaders.h b/libethcore/CryptoHeaders.h deleted file mode 100644 index 4ff63f1d7..000000000 --- a/libethcore/CryptoHeaders.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - This file is part of cpp-ethereum. - - cpp-ethereum is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - cpp-ethereum is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with cpp-ethereum. If not, see . -*/ -/** @file CryptoHeaders.h - * @author Tim Hughes - * @date 2014 - */ -#pragma once - -// need to leave this one disabled -#pragma GCC diagnostic ignored "-Wunused-function" - -#pragma warning(push) -#pragma warning(disable:4100 4244) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#pragma GCC diagnostic ignored "-Wunused-parameter" -#include -#include -#include -#include -#pragma warning(pop) -#pragma GCC diagnostic pop diff --git a/libethereum/Executive.cpp b/libethereum/Executive.cpp index 30676765f..f7cbcf3e3 100644 --- a/libethereum/Executive.cpp +++ b/libethereum/Executive.cpp @@ -71,7 +71,7 @@ bool Executive::setup(bytesConstRef _rlp) if (m_t.gas() < gasCost) { clog(StateDetail) << "Not enough gas to pay for the transaction: Require >" << gasCost << " Got" << m_t.gas(); - BOOST_THROW_EXCEPTION(OutOfGas()); + BOOST_THROW_EXCEPTION(OutOfGas() << RequirementError((bigint)gasCost, (bigint)m_t.gas())); } u256 cost = m_t.value() + m_t.gas() * m_t.gasPrice(); @@ -80,14 +80,14 @@ bool Executive::setup(bytesConstRef _rlp) if (m_s.balance(m_sender) < cost) { clog(StateDetail) << "Not enough cash: Require >" << cost << " Got" << m_s.balance(m_sender); - BOOST_THROW_EXCEPTION(NotEnoughCash() << RequirementError((int)cost, (int)m_s.balance(m_sender))); + BOOST_THROW_EXCEPTION(NotEnoughCash() << RequirementError((bigint)cost, (bigint)m_s.balance(m_sender))); } u256 startGasUsed = m_s.gasUsed(); if (startGasUsed + m_t.gas() > m_s.m_currentBlock.gasLimit) { clog(StateDetail) << "Too much gas used in this block: Require <" << (m_s.m_currentBlock.gasLimit - startGasUsed) << " Got" << m_t.gas(); - BOOST_THROW_EXCEPTION(BlockGasLimitReached() << RequirementError((int)(m_s.m_currentBlock.gasLimit - startGasUsed), (int)m_t.gas())); + BOOST_THROW_EXCEPTION(BlockGasLimitReached() << RequirementError((bigint)(m_s.m_currentBlock.gasLimit - startGasUsed), (bigint)m_t.gas())); } // Increment associated nonce for sender. diff --git a/libethereum/State.cpp b/libethereum/State.cpp index 2645e228b..e1d9f3834 100644 --- a/libethereum/State.cpp +++ b/libethereum/State.cpp @@ -114,8 +114,6 @@ State::State(Address _coinbaseAddress, OverlayDB const& _db): m_ourAddress(_coinbaseAddress), m_blockReward(c_blockReward) { - secp256k1_start(); - // Initialise to the state entailed by the genesis block; this guarantees the trie is built correctly. m_state.init(); @@ -139,8 +137,6 @@ State::State(OverlayDB const& _db, BlockChain const& _bc, h256 _h): m_state(&m_db), m_blockReward(c_blockReward) { - secp256k1_start(); - // TODO THINK: is this necessary? m_state.init(); @@ -328,8 +324,8 @@ StateDiff State::diff(State const& _c) const for (auto i: _c.m_cache) ads.insert(i.first); - cnote << *this; - cnote << _c; +// cnote << *this; +// cnote << _c; for (auto i: ads) { @@ -797,8 +793,6 @@ h256 State::oldBloom() const LogBloom State::logBloom() const { LogBloom ret; - auto sa = sha3(m_currentBlock.coinbaseAddress.ref()); - ret.shiftBloom<3>(sa); for (TransactionReceipt const& i: m_receipts) ret |= i.bloom(); return ret; diff --git a/libevm/VM.h b/libevm/VM.h index 73d80b944..f99bce288 100644 --- a/libevm/VM.h +++ b/libevm/VM.h @@ -45,7 +45,7 @@ public: virtual bytesConstRef go(ExtVMFace& _ext, OnOpFunc const& _onOp = {}, uint64_t _steps = (uint64_t)-1) override final; - void require(u256 _n) { if (m_stack.size() < _n) BOOST_THROW_EXCEPTION(StackTooSmall() << RequirementError(int(_n), m_stack.size())); } + void require(u256 _n) { if (m_stack.size() < _n) BOOST_THROW_EXCEPTION(StackTooSmall() << RequirementError((bigint)_n, (bigint)m_stack.size())); } void requireMem(unsigned _n) { if (m_temp.size() < _n) { m_temp.resize(_n); } } u256 curPC() const { return m_curPC; } diff --git a/libp2p/Host.cpp b/libp2p/Host.cpp index bf8d96506..996e219db 100644 --- a/libp2p/Host.cpp +++ b/libp2p/Host.cpp @@ -385,8 +385,8 @@ void Host::populateAddresses() shared_ptr Host::noteNode(NodeId _id, bi::tcp::endpoint _a, Origin _o, bool _ready, NodeId _oldId) { RecursiveGuard l(x_peers); - if (_a.port() < 30300 || _a.port() > 30303) - cwarn << "Wierd port being recorded!"; + if (_a.port() < 30300 || _a.port() > 30305) + cwarn << "Weird port being recorded: " << _a.port(); if (_a.port() >= /*49152*/32768) { @@ -778,7 +778,7 @@ bytes Host::saveNodes() const { Node const& n = *(i.second); // TODO: PoC-7: Figure out why it ever shares these ports.//n.address.port() >= 30300 && n.address.port() <= 30305 && - if (!n.dead && n.address.port() > 0 && n.address.port() < /*49152*/32768 && n.id != id() && !isPrivateAddress(n.address.address())) + if (!n.dead && chrono::system_clock::now() - n.lastConnected < chrono::seconds(3600 * 48) && n.address.port() > 0 && n.address.port() < /*49152*/32768 && n.id != id() && !isPrivateAddress(n.address.address())) { nodes.appendList(10); if (n.address.address().is_v4()) @@ -786,8 +786,8 @@ bytes Host::saveNodes() const else nodes << n.address.address().to_v6().to_bytes(); nodes << n.address.port() << n.id << (int)n.idOrigin - << std::chrono::duration_cast(n.lastConnected.time_since_epoch()).count() - << std::chrono::duration_cast(n.lastAttempted.time_since_epoch()).count() + << chrono::duration_cast(n.lastConnected.time_since_epoch()).count() + << chrono::duration_cast(n.lastAttempted.time_since_epoch()).count() << n.failedAttempts << (unsigned)n.lastDisconnect << n.score << n.rating; count++; } diff --git a/libqethereum/QEthereum.h b/libqethereum/QEthereum.h index 4f276b7e1..0824b0139 100644 --- a/libqethereum/QEthereum.h +++ b/libqethereum/QEthereum.h @@ -83,6 +83,7 @@ private: { \ _frame->disconnect(); \ _frame->addToJavaScriptWindowObject("_web3", qweb, QWebFrame::ScriptOwnership); \ + _frame->addToJavaScriptWindowObject("env", _env, QWebFrame::QtOwnership); \ _frame->evaluateJavaScript(contentsOfQResource(":/js/es6-promise-2.0.0.js")); \ _frame->evaluateJavaScript(contentsOfQResource(":/js/main.js")); \ _frame->evaluateJavaScript(contentsOfQResource(":/js/qt.js")); \ diff --git a/libweb3jsonrpc/WebThreeStubServer.cpp b/libweb3jsonrpc/WebThreeStubServer.cpp index 092faae09..5b362cde5 100644 --- a/libweb3jsonrpc/WebThreeStubServer.cpp +++ b/libweb3jsonrpc/WebThreeStubServer.cpp @@ -240,7 +240,7 @@ static shh::Envelope toSealed(Json::Value const& _json, shh::Message const& _m, static pair toWatch(Json::Value const& _json) { - shh::BuildTopicMask bt(shh::BuildTopicMask::Empty); + shh::BuildTopicMask bt; Public to; if (!_json["to"].empty()) @@ -252,12 +252,8 @@ static pair toWatch(Json::Value const& _json) bt.shift(jsToBytes(_json["topic"].asString())); else if (_json["topic"].isArray()) for (auto i: _json["topic"]) - { if (i.isString()) bt.shift(jsToBytes(i.asString())); - else - bt.shift(); - } } return make_pair(bt.toTopicMask(), to); } @@ -374,10 +370,10 @@ static TransactionSkeleton toTransaction(Json::Value const& _json) ret.data = jsToBytes(_json["code"].asString()); else if (_json["data"].isArray()) for (auto i: _json["data"]) - dev::operator +=(ret.data, jsToBytes(jsPadded(i.asString(), 32))); + dev::operator +=(ret.data, padded(jsToBytes(i.asString()), 32)); else if (_json["code"].isArray()) for (auto i: _json["code"]) - dev::operator +=(ret.data, jsToBytes(jsPadded(i.asString(), 32))); + dev::operator +=(ret.data, padded(jsToBytes(i.asString()), 32)); else if (_json["dataclose"].isArray()) for (auto i: _json["dataclose"]) dev::operator +=(ret.data, jsToBytes(i.asString())); @@ -511,7 +507,7 @@ std::string WebThreeStubServer::shh_newGroup(std::string const& _id, std::string std::string WebThreeStubServer::shh_newIdentity() { - cnote << this << m_ids; +// cnote << this << m_ids; KeyPair kp = KeyPair::create(); m_ids[kp.pub()] = kp.secret(); return toJS(kp.pub()); @@ -539,7 +535,7 @@ int WebThreeStubServer::eth_peerCount() bool WebThreeStubServer::shh_post(Json::Value const& _json) { - cnote << this << m_ids; +// cnote << this << m_ids; shh::Message m = toMessage(_json); Secret from; diff --git a/libwhisper/Common.cpp b/libwhisper/Common.cpp index 83f289875..0d54af089 100644 --- a/libwhisper/Common.cpp +++ b/libwhisper/Common.cpp @@ -69,7 +69,7 @@ TopicMask BuildTopicMask::toTopicMask() const TopicMask ret; ret.reserve(m_parts.size()); for (auto const& h: m_parts) - ret.push_back(make_pair(TopicPart(h), h ? ~TopicPart() : TopicPart())); + ret.push_back(make_pair(TopicPart(h), ~TopicPart())); return ret; } diff --git a/libwhisper/Common.h b/libwhisper/Common.h index 312cbf6d3..5ce7d3b1c 100644 --- a/libwhisper/Common.h +++ b/libwhisper/Common.h @@ -114,17 +114,12 @@ private: class BuildTopicMask: BuildTopic { public: - enum EmptyType { Empty }; - - BuildTopicMask() { shift(); } - BuildTopicMask(EmptyType) {} + BuildTopicMask() {} template BuildTopicMask(T const& _t) { shift(_t); } template BuildTopicMask& shift(T const& _r) { BuildTopic::shift(_r); return *this; } BuildTopicMask& shiftRaw(h256 const& _h) { BuildTopic::shiftRaw(_h); return *this; } - BuildTopic& shift() { m_parts.push_back(h256()); return *this; } - BuildTopicMask& operator()() { shift(); return *this; } template BuildTopicMask& operator()(T const& _t) { shift(_t); return *this; } operator TopicMask() const { return toTopicMask(); } diff --git a/stdserv.js b/stdserv.js index 55ae90d86..fe681414e 100644 --- a/stdserv.js +++ b/stdserv.js @@ -1,67 +1,41 @@ -eth = web3.eth; - -env.note('Creating Config...') -var configCode = eth.lll(" -{ - [[69]] (caller) - (returnlll { - (when (&& (= (calldatasize) 64) (= (caller) @@69)) - (for {} (< @i (calldatasize)) [i](+ @i 64) - [[ (calldataload @i) ]] (calldataload (+ @i 32)) - ) - ) - (return @@ $0) - }) -} -") -env.note('Config code: ' + configCode) -var config; -eth.transact({ 'code': configCode }, function(a) { config = a; }); - -env.note('Config at address ' + config) - -var nameRegCode = eth.lll(" -{ - [[(address)]] 'NameReg - [['NameReg]] (address) - [[config]] 'Config - [['Config]] config - [[69]] (caller) - (returnlll { - (when (= $0 'register) { - (when @@ $32 (stop)) - (when @@(caller) [[@@(caller)]] 0) - [[$32]] (caller) - [[(caller)]] $32 - (stop) - }) - (when (&& (= $0 'unregister) @@(caller)) { - [[@@(caller)]] 0 - [[(caller)]] 0 - (stop) - }) - (when (&& (= $0 'kill) (= (caller) @@69)) (suicide (caller))) - (return @@ $0) - }) -} -"); -env.note('NameReg code: ' + nameRegCode) - -var nameReg; - -env.note('Create NameReg...') -eth.transact({ 'code': nameRegCode }, function(a) { nameReg = a; }); - -env.note('Register NameReg...') -eth.transact({ 'to': config, 'data': ['0', nameReg] }); - +var compile = function(name) { return web3.eth.lll(env.contents("../../dapp-bin/" + name + "/" + name + ".lll")); }; +var create = function(code) { return web3.eth.transact({ 'code': code }); }; +var send = function(from, val, to) { return web3.eth.transact({ 'from': from, 'value': val, 'to': to }); }; +var initService = function(name, index, dep) { return dep.then(function(){ var ret = compile(name).then(create); register(ret, index); return ret; }); }; + +var config = compile("config").then(create); +var register = function(address, index) { return web3.eth.transact({ 'to': config, 'gas': '10000', 'data': [index + '', address] }); }; +var nameReg = initService("namereg", 0, config); +var regName = function(account, name) { return web3.eth.transact({ 'from': account, 'to': nameReg, 'gas': '10000', 'data': [ web3.fromAscii('register'), web3.fromAscii(name) ] }); }; +var coins = initService("coins", 1, nameReg); +var coin = initService("coin", 2, coins); +var approve = function(account, approvedAddress) { web3.eth.transact({ 'from': account, 'to': coin, 'gas': '10000', 'data': [ web3.fromAscii('approve'), approvedAddress ] }); }; +var exchange = initService("exchange", 3, coin); +var offer = function(account, haveCoin, haveVal, wantCoin, wantVal) { web3.eth.transact({ 'from': account, 'to': exchange, 'gas': '10000', 'data': [web3.fromAscii('new'), haveCoin, haveVal, wantCoin, wantVal] }); }; + +config.then(function() { + web3.eth.accounts.then(function(accounts) + { + var funded = send(accounts[0], '100000000000000000000', accounts[1]); + funded.then(function(){ env.note("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); regName(accounts[1], 'Gav Would'); env.note("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); approve(accounts[1], exchange); }); + regName(accounts[0], 'Gav'); + approve(accounts[0], exchange).then(function(){ offer(accounts[0], coin, '5000', '0', '5000000000000000000'); }); + + // TODO: once we have a new implementation of DNSReg. + // env.note('Register gav.eth...') + // eth.transact({ 'to': dnsReg, 'data': [web3.fromAscii('register'), web3.fromAscii('gav'), web3.fromAscii('opensecrecy.com')] }); + }); +}); + +// TODO +/* var nameRegJeff; env.note('Create NameRegJeff...') eth.transact({ 'code': nameRegCode }, function(a) { nameRegJeff = a; }); env.note('Register NameRegJeff...') -eth.transact({ 'to': config, 'data': ['4', nameReg] }); +eth.transact({ 'to': config, 'data': ['4', nameRegJeff] }); var dnsRegCode = '0x60006000546000600053602001546000600053604001546020604060206020600073661005d2720d855f1d9976f88bb10c1a3398c77f6103e8f17f7265676973746572000000000000000000000000000000000000000000000000600053606001600060200201547f446e735265670000000000000000000000000000000000000000000000000000600053606001600160200201546000600060006000604060606000600053604001536103e8f1327f6f776e65720000000000000000000000000000000000000000000000000000005761011663000000e46000396101166000f20060006000547f72656769737465720000000000000000000000000000000000000000000000006000602002350e0f630000006d596000600160200235560e0f630000006c59600032560e0f0f6300000057596000325657600260200235600160200235576001602002353257007f64657265676973746572000000000000000000000000000000000000000000006000602002350e0f63000000b95960016020023532560e0f63000000b959600032576000600160200235577f6b696c6c000000000000000000000000000000000000000000000000000000006000602002350e0f630000011559327f6f776e6572000000000000000000000000000000000000000000000000000000560e0f63000001155932ff00'; @@ -73,240 +47,6 @@ env.note('DnsReg at address ' + dnsReg) env.note('Register DnsReg...') eth.transact({ 'to': config, 'data': ['4', dnsReg] }); - -var coinRegCode = eth.lll(" -{ -(regname 'CoinReg) -(returnlll { - (def 'name $0) - (def 'denom $32) - (def 'address (caller)) - (when (|| (& 0xffffffffffffffffffffffffff name) @@name) (stop)) - (set 'n (+ @@0 1)) - [[0]] @n - [[@n]] name - [[name]] address - [[(sha3 name)]] denom -}) -} -"); - -var coinReg; -env.note('Create CoinReg...') -eth.transact({ 'code': coinRegCode }, function(a) { coinReg = a; }); - -env.note('Register CoinReg...') -eth.transact({ 'to': config, 'data': ['1', coinReg] }); - -var gavCoinCode = eth.lll(" -{ -[[ (caller) ]] 0x1000000 -[[ 0x69 ]] (caller) -[[ 0x42 ]] (number) - -(regname 'GavCoin) -(regcoin 'GAV 1000) - -(returnlll { - (when (&& (= $0 'kill) (= (caller) @@0x69)) (suicide (caller))) - (when (= $0 'balance) (return @@$32)) - (when (= $0 'approved) (return @@ (sha3pair (if (= (calldatasize) 64) (caller) $64) $32)) ) - - (when (= $0 'approve) { - [[(sha3pair (caller) $32)]] $32 - (stop) - }) - - (when (= $0 'send) { - (set 'fromVar (if (= (calldatasize) 96) - (caller) - { - (when (! @@ (sha3pair (origin) (caller))) (return 0)) - (origin) - } - )) - (def 'to $32) - (def 'value $64) - (def 'from (get 'fromVar)) - (set 'fromBal @@from) - (when (< @fromBal value) (return 0)) - [[ from ]]: (- @fromBal value) - [[ to ]]: (+ @@to value) - (return 1) - }) - - (set 'n @@0x42) - (when (&& (|| (= $0 'mine) (! (calldatasize))) (> (number) @n)) { - (set 'b (- (number) @n)) - [[(coinbase)]] (+ @@(coinbase) (* 1000 @b)) - [[(caller)]] (+ @@(caller) (* 1000 @b)) - [[0x42]] (number) - (return @b) - }) - - (return @@ $0) -}) -} -"); - -var gavCoin; -env.note('Create GavCoin...') -eth.transact({ 'code': gavCoinCode }, function(a) { gavCoin = a; }); - -env.note('Register GavCoin...') -eth.transact({ 'to': config, 'data': ['2', gavCoin] }); - - -var exchangeCode = eth.lll(" -{ -(regname 'Exchange) - -(def 'min (a b) (if (< a b) a b)) - -(def 'head (_list) @@ _list) -(def 'next (_item) @@ _item) -(def 'inc (itemref) [itemref]: (next @itemref)) -(def 'rateof (_item) @@ (+ _item 1)) -(def 'idof (_item) @@ (+ _item 2)) -(def 'wantof (_item) @@ (+ _item 3)) -(def 'newitem (rate who want list) { - (set 'pos (sha3trip rate who list)) - [[ (+ @pos 1) ]] rate - [[ (+ @pos 2) ]] who - [[ (+ @pos 3) ]] want - @pos -}) -(def 'stitchitem (parent pos) { - [[ pos ]] @@ parent - [[ parent ]] pos -}) -(def 'addwant (_item amount) [[ (+ _item 3) ]] (+ @@ (+ _item 3) amount)) -(def 'deductwant (_item amount) [[ (+ _item 3) ]] (- @@ (+ _item 3) amount)) - -(def 'xfer (contract to amount) - (if contract { - [0] 'send - [32] to - [64] amount - (msg allgas contract 0 0 96) - } - (send to amount) - ) -) - -(def 'fpdiv (a b) (/ (+ (/ b 2) (* a (exp 2 128))) b)) -(def 'fpmul (a b) (/ (* a b) (exp 2 128)) ) - -(returnlll { - (when (= $0 'new) { - (set 'offer $32) - (set 'xoffer (if @offer $64 (callvalue))) - (set 'want $96) - (set 'xwant $128) - (set 'rate (fpdiv @xoffer @xwant)) - (set 'irate (fpdiv @xwant @xoffer)) - - (unless (&& @rate @irate @xoffer @xwant) (stop)) - - (when @offer { - (set 'arg1 'send) - (set 'arg2 (address)) - (set 'arg3 @xoffer) - (set 'arg4 (caller)) - (unless (msg allgas @offer 0 arg1 128) (stop)) - }) - (set 'list (sha3pair @offer @want)) - (set 'ilist (sha3pair @want @offer)) - - (set 'last @ilist) - (set 'item @@ @last) - - (for {} (&& @item (>= (rateof @item) @irate)) {} { - (set 'offerA (min @xoffer (wantof @item))) - (set 'wantA (fpmul @offerA (rateof @item))) - - (set 'xoffer (- @xoffer @offerA)) - (set 'xwant (- @xwant @wantA)) - - (deductwant @item @offerA) - - (xfer @offer (idof @item) @offerA) - (xfer @want (caller) @wantA) - - (unless @xoffer (stop)) - - (set 'item @@ @item) - [[ @last ]] @item - }) - - (set 'last @list) - (set 'item @@ @last) - - (set 'newpos (newitem @rate (caller) @xwant @list)) - - (for {} (&& @item (!= @item @newpos) (>= (rateof @item) @rate)) { (set 'last @item) (inc item) } {}) - (if (= @item @newpos) - (addwant @item @wantx) - (stitchitem @last @newpos) - ) - (stop) - }) - (when (= $0 'delete) { - (set 'offer $32) - (set 'want $64) - (set 'rate $96) - (set 'list (sha3pair @offer @want)) - (set 'last @list) - (set 'item @@ @last) - (for {} (&& @item (!= (idof @item) (caller)) (!= (rateof @item) @rate)) { (set 'last @item) (inc item) } {}) - (when @item { - (set 'xoffer (fpmul (wantof @item) (rateof @item))) - [[ @last ]] @@ @item - (xfer @offer (caller) @xoffer) - }) - (stop) - }) - (when (= $0 'price) { - (set 'offer $32) - (set 'want $96) - (set 'item (head (sha3pair @offer @want))) - (return (if @item (rateof @list) 0)) - }) -}) -} -"); - -var exchange; -env.note('Create Exchange...') -eth.transact({ 'code': exchangeCode }, function(a) { exchange = a; }); - -env.note('Register Exchange...') -eth.transact({ 'to': config, 'data': ['3', exchange] }); - - - - -env.note('Register my name...') -eth.transact({ 'to': nameReg, 'data': [ web3.fromAscii('register'), web3.fromAscii('Gav') ] }); - -env.note('Dole out ETH to other address...') -eth.transact({ 'value': '100000000000000000000', 'to': eth.accounts[1] }); - -env.note('Register my other name...') -eth.transact({ 'from': eth.keys[1], 'to': nameReg, 'data': [ web3.fromAscii('register'), web3.fromAscii("Gav Would") ] }); - -env.note('Approve Exchange...') -eth.transact({ 'to': gavCoin, 'data': [ web3.fromAscii('approve'), exchange ] }); - -env.note('Approve Exchange on other address...') -eth.transact({ 'from': eth.keys[1], 'to': gavCoin, 'data': [ web3.fromAscii('approve'), exchange ] }); - -env.note('Make offer 5000GAV/5ETH...') -eth.transact({ 'to': exchange, 'data': [web3.fromAscii('new'), gavCoin, '5000', '0', '5000000000000000000'] }); - -env.note('Register gav.eth...') -eth.transact({ 'to': dnsReg, 'data': [web3.fromAscii('register'), web3.fromAscii('gav'), web3.fromAscii('opensecrecy.com')] }); - -env.note('All done.') +*/ // env.load('/home/gav/Eth/cpp-ethereum/stdserv.js') diff --git a/test/TestHelperCrypto.h b/test/TestHelperCrypto.h deleted file mode 100644 index 01e97c21f..000000000 --- a/test/TestHelperCrypto.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - This file is part of cpp-ethereum. - - cpp-ethereum is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - cpp-ethereum is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with cpp-ethereum. If not, see . - */ -/** @file TestHelperCrypto.h - * @author Alex Leverington - * @date 2014 - */ - -#pragma once - -#include - -using namespace std; -using namespace CryptoPP; - -void SavePrivateKey(const PrivateKey& key, const string& file = "ecies.private.key") -{ - FileSink sink(file.c_str()); - key.Save(sink); -} - -void SavePublicKey(const PublicKey& key, const string& file = "ecies.public.key") -{ - FileSink sink(file.c_str()); - key.Save(sink); -} - -void LoadPrivateKey(PrivateKey& key, const string& file = "ecies.private.key") -{ - FileSource source(file.c_str(), true); - key.Load(source); -} - -void LoadPublicKey(PublicKey& key, const string& file = "ecies.public.key") -{ - FileSource source(file.c_str(), true); - key.Load(source); -} diff --git a/test/crypto.cpp b/test/crypto.cpp index 06e55658a..08236135a 100644 --- a/test/crypto.cpp +++ b/test/crypto.cpp @@ -27,9 +27,9 @@ #include #include #include -#include -#include -#include "TestHelperCrypto.h" +#include +#include +#include using namespace std; using namespace dev; @@ -38,9 +38,24 @@ using namespace CryptoPP; BOOST_AUTO_TEST_SUITE(devcrypto) +static Secp256k1 s_secp256k1; +static CryptoPP::AutoSeededRandomPool s_rng; +static CryptoPP::OID s_curveOID(CryptoPP::ASN1::secp256k1()); +static CryptoPP::DL_GroupParameters_EC s_params(s_curveOID); +static CryptoPP::DL_GroupParameters_EC::EllipticCurve s_curve(s_params.GetCurve()); + +BOOST_AUTO_TEST_CASE(verify_secert) +{ + h256 empty; + KeyPair kNot(empty); + BOOST_REQUIRE(!kNot.address()); + KeyPair k(sha3(empty)); + BOOST_REQUIRE(k.address()); +} + BOOST_AUTO_TEST_CASE(common_encrypt_decrypt) { - string message("Now is the time for all good persons to come to the aide of humanity."); + string message("Now is the time for all good persons to come to the aid of humanity."); bytes m = asBytes(message); bytesConstRef bcr(&m); @@ -56,103 +71,50 @@ BOOST_AUTO_TEST_CASE(common_encrypt_decrypt) BOOST_REQUIRE(plain == asBytes(message)); } -BOOST_AUTO_TEST_CASE(cryptopp_vs_secp256k1) -{ - ECIES::Decryptor d(pp::PRNG, pp::secp256k1Curve); - ECIES::Encryptor e(d.GetKey()); - - Secret s; - pp::exportPrivateKey(d.GetKey(), s); - - Public p; - pp::exportPublicKey(e.GetKey(), p); - - BOOST_REQUIRE(dev::toAddress(s) == right160(dev::sha3(p.ref()))); - - Secret previous = s; - for (auto i = 0; i < 2; i++) - { - ECIES::Decryptor d(pp::PRNG, pp::secp256k1Curve); - ECIES::Encryptor e(d.GetKey()); - - Secret s; - pp::exportPrivateKey(d.GetKey(), s); - BOOST_REQUIRE(s != previous); - - Public p; - pp::exportPublicKey(e.GetKey(), p); - - h160 secp256k1Addr = dev::toAddress(s); - h160 cryptoppAddr = right160(dev::sha3(p.ref())); - if (secp256k1Addr != cryptoppAddr) - { - BOOST_REQUIRE(secp256k1Addr == cryptoppAddr); - break; - } - } -} - BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_secp256k1libport) { - // cryptopp implementation of secp256k1lib sign_compact w/recid parameter and recovery of public key from signature - + secp256k1_start(); + // base secret Secret secret(sha3("privacy")); // we get ec params from signer - const CryptoPP::DL_GroupParameters_EC params = pp::secp256k1Params; ECDSA::Signer signer; // e := sha3(msg) bytes e(fromHex("0x01")); e.resize(32); - int tests = 2; // Oct 29: successful @ 1500 + int tests = 2; while (sha3(&e, &e), secret = sha3(secret.asBytes()), tests--) { KeyPair key(secret); Public pkey = key.pub(); - pp::initializeDLScheme(secret, signer); + signer.AccessKey().Initialize(s_params, secretToExponent(secret)); h256 he(sha3(e)); Integer heInt(he.asBytes().data(), 32); h256 k(crypto::kdf(secret, he)); Integer kInt(k.asBytes().data(), 32); - kInt %= params.GetSubgroupOrder()-1; + kInt %= s_params.GetSubgroupOrder()-1; - ECP::Point rp = params.ExponentiateBase(kInt); - Integer const& q = params.GetGroupOrder(); - Integer r = params.ConvertElementToInteger(rp); - int recid = ((r >= q) ? 2 : 0) | (rp.y.IsOdd() ? 1 : 0); + ECP::Point rp = s_params.ExponentiateBase(kInt); + Integer const& q = s_params.GetGroupOrder(); + Integer r = s_params.ConvertElementToInteger(rp); Integer kInv = kInt.InverseMod(q); Integer s = (kInv * (Integer(secret.asBytes().data(), 32)*r + heInt)) % q; BOOST_REQUIRE(!!r && !!s); - -/* - // For future reference: - // According to maths, this codepath can't be reached, however, it's in secp256k1. - // Commenting this out diverges from codebase implementation. - // To be removed after upstream PR and proof are evaulated. - - if (s > params.GetSubgroupOrder()) - { - // note: this rarely happens - s = params.GetGroupOrder() - s; - if (recid) - recid ^= 1; - } - */ Signature sig; + sig[64] = rp.y.IsOdd() ? 1 : 0; r.Encode(sig.data(), 32); s.Encode(sig.data() + 32, 32); - sig[64] = recid; Public p = dev::recover(sig, he); BOOST_REQUIRE(p == pkey); // verify w/cryptopp - BOOST_REQUIRE(crypto::verify(pkey, sig, bytesConstRef(&e))); + BOOST_REQUIRE(s_secp256k1.verify(pkey, sig, bytesConstRef(&e))); // verify with secp256k1lib byte encpub[65] = {0x04}; @@ -166,16 +128,18 @@ BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_secp256k1libport) BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) { + secp256k1_start(); + // cryptopp integer encoding Integer nHex("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2H"); Integer nB(fromHex("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2").data(), 32); BOOST_REQUIRE(nHex == nB); - bytes sbytes(fromHex("0x01")); - Secret secret(sha3(sbytes)); // 5fe7f977e71dba2ea1a68e21057beebb9be2ac30c6410aa38d4f3fbe41dcffd2 + bytes sbytes(fromHex("0xFFFF")); + Secret secret(sha3(sbytes)); KeyPair key(secret); - bytes m(fromHex("0x01")); + bytes m(1, 0xff); int tests = 2; while (m[0]++, tests--) { @@ -183,45 +147,45 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) Integer hInt(hm.asBytes().data(), 32); h256 k(hm ^ key.sec()); Integer kInt(k.asBytes().data(), 32); - + // raw sign w/cryptopp (doesn't pass through cryptopp hash filter) ECDSA::Signer signer; - pp::initializeDLScheme(key.sec(), signer); + signer.AccessKey().Initialize(s_params, secretToExponent(key.sec())); Integer r, s; signer.RawSign(kInt, hInt, r, s); // verify cryptopp raw-signature w/cryptopp ECDSA::Verifier verifier; - pp::initializeDLScheme(key.pub(), verifier); + verifier.AccessKey().Initialize(s_params, publicToPoint(key.pub())); Signature sigppraw; r.Encode(sigppraw.data(), 32); s.Encode(sigppraw.data() + 32, 32); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppraw.data(), 64)); - BOOST_REQUIRE(crypto::verify(key.pub(), sigppraw, bytesConstRef(&m))); +// BOOST_REQUIRE(crypto::verify(key.pub(), sigppraw, bytesConstRef(&m))); BOOST_REQUIRE(dev::verify(key.pub(), sigppraw, hm)); // sign with cryptopp, verify, recover w/sec256lib Signature seclibsig(dev::sign(key.sec(), hm)); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), seclibsig.data(), 64)); - BOOST_REQUIRE(crypto::verify(key.pub(), seclibsig, bytesConstRef(&m))); +// BOOST_REQUIRE(crypto::verify(key.pub(), seclibsig, bytesConstRef(&m))); BOOST_REQUIRE(dev::verify(key.pub(), seclibsig, hm)); BOOST_REQUIRE(dev::recover(seclibsig, hm) == key.pub()); // sign with cryptopp (w/hash filter?), verify with cryptopp bytes sigppb(signer.MaxSignatureLength()); - size_t ssz = signer.SignMessage(pp::PRNG, m.data(), m.size(), sigppb.data()); + size_t ssz = signer.SignMessage(s_rng, m.data(), m.size(), sigppb.data()); Signature sigpp; memcpy(sigpp.data(), sigppb.data(), 64); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppb.data(), ssz)); - BOOST_REQUIRE(crypto::verify(key.pub(), sigpp, bytesConstRef(&m))); +// BOOST_REQUIRE(crypto::verify(key.pub(), sigpp, bytesConstRef(&m))); BOOST_REQUIRE(dev::verify(key.pub(), sigpp, hm)); // sign with cryptopp and stringsource hash filter string sigstr; - StringSource ssrc(asString(m), true, new SignerFilter(pp::PRNG, signer, new StringSink(sigstr))); + StringSource ssrc(asString(m), true, new SignerFilter(s_rng, signer, new StringSink(sigstr))); FixedHash retsig((byte const*)sigstr.data(), Signature::ConstructFromPointer); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), retsig.data(), 64)); - BOOST_REQUIRE(crypto::verify(key.pub(), retsig, bytesConstRef(&m))); +// BOOST_REQUIRE(crypto::verify(key.pub(), retsig, bytesConstRef(&m))); BOOST_REQUIRE(dev::verify(key.pub(), retsig, hm)); /// verification w/sec256lib @@ -247,92 +211,102 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) } } -BOOST_AUTO_TEST_CASE(cryptopp_public_export_import) -{ - ECIES::Decryptor d(pp::PRNG, pp::secp256k1Curve); - ECIES::Encryptor e(d.GetKey()); - - Secret s; - pp::exportPrivateKey(d.GetKey(), s); - Public p; - pp::exportPublicKey(e.GetKey(), p); - Address addr = right160(dev::sha3(p.ref())); - BOOST_REQUIRE(toAddress(s) == addr); - - KeyPair l(s); - BOOST_REQUIRE(l.address() == addr); -} - BOOST_AUTO_TEST_CASE(ecies_eckeypair) { KeyPair k = KeyPair::create(); - string message("Now is the time for all good persons to come to the aide of humanity."); + string message("Now is the time for all good persons to come to the aid of humanity."); string original = message; bytes b = asBytes(message); - encrypt(k.pub(), b); + s_secp256k1.encrypt(k.pub(), b); BOOST_REQUIRE(b != asBytes(original)); - decrypt(k.sec(), b); + s_secp256k1.decrypt(k.sec(), b); BOOST_REQUIRE(b == asBytes(original)); } -BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) +BOOST_AUTO_TEST_CASE(ecdh) { - // New connections require new ECDH keypairs - // Every new connection requires a new EC keypair - // Every new trust requires a new EC keypair - // All connections should share seed for PRF (or PRNG) for nonces + cnote << "Testing ecdh..."; + + ECDH::Domain dhLocal(s_curveOID); + SecByteBlock privLocal(dhLocal.PrivateKeyLength()); + SecByteBlock pubLocal(dhLocal.PublicKeyLength()); + dhLocal.GenerateKeyPair(s_rng, privLocal, pubLocal); + + ECDH::Domain dhRemote(s_curveOID); + SecByteBlock privRemote(dhRemote.PrivateKeyLength()); + SecByteBlock pubRemote(dhRemote.PublicKeyLength()); + dhRemote.GenerateKeyPair(s_rng, privRemote, pubRemote); + + assert(dhLocal.AgreedValueLength() == dhRemote.AgreedValueLength()); + + // local: send public to remote; remote: send public to local + // Local + SecByteBlock sharedLocal(dhLocal.AgreedValueLength()); + assert(dhLocal.Agree(sharedLocal, privLocal, pubRemote)); + // Remote + SecByteBlock sharedRemote(dhRemote.AgreedValueLength()); + assert(dhRemote.Agree(sharedRemote, privRemote, pubLocal)); + + // Test + Integer ssLocal, ssRemote; + ssLocal.Decode(sharedLocal.BytePtr(), sharedLocal.SizeInBytes()); + ssRemote.Decode(sharedRemote.BytePtr(), sharedRemote.SizeInBytes()); + + assert(ssLocal != 0); + assert(ssLocal == ssRemote); + + + // Now use our keys + KeyPair a = KeyPair::create(); + byte puba[65] = {0x04}; + memcpy(&puba[1], a.pub().data(), 64); + + KeyPair b = KeyPair::create(); + byte pubb[65] = {0x04}; + memcpy(&pubb[1], b.pub().data(), 64); + + ECDH::Domain dhA(s_curveOID); + Secret shared; + BOOST_REQUIRE(dhA.Agree(shared.data(), a.sec().data(), pubb)); + BOOST_REQUIRE(shared); } -BOOST_AUTO_TEST_CASE(cryptopp_ecies_message) +BOOST_AUTO_TEST_CASE(ecdhe) { - cnote << "Testing cryptopp_ecies_message..."; - - string const message("Now is the time for all good persons to come to the aide of humanity."); - - ECIES::Decryptor localDecryptor(pp::PRNG, pp::secp256k1Curve); - SavePrivateKey(localDecryptor.GetPrivateKey()); + cnote << "Testing ecdhe..."; - ECIES::Encryptor localEncryptor(localDecryptor); - SavePublicKey(localEncryptor.GetPublicKey()); - - ECIES::Decryptor futureDecryptor; - LoadPrivateKey(futureDecryptor.AccessPrivateKey()); - futureDecryptor.GetPrivateKey().ThrowIfInvalid(pp::PRNG, 3); + ECDHE a, b; + BOOST_CHECK_NE(a.pubkey(), b.pubkey()); - ECIES::Encryptor futureEncryptor; - LoadPublicKey(futureEncryptor.AccessPublicKey()); - futureEncryptor.GetPublicKey().ThrowIfInvalid(pp::PRNG, 3); - - // encrypt/decrypt with local - string cipherLocal; - StringSource ss1 (message, true, new PK_EncryptorFilter(pp::PRNG, localEncryptor, new StringSink(cipherLocal) ) ); - string plainLocal; - StringSource ss2 (cipherLocal, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocal) ) ); - - // encrypt/decrypt with future - string cipherFuture; - StringSource ss3 (message, true, new PK_EncryptorFilter(pp::PRNG, futureEncryptor, new StringSink(cipherFuture) ) ); - string plainFuture; - StringSource ss4 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, futureDecryptor, new StringSink(plainFuture) ) ); + ECDHE local; + ECDHE remote; - // decrypt local w/future - string plainFutureFromLocal; - StringSource ss5 (cipherLocal, true, new PK_DecryptorFilter(pp::PRNG, futureDecryptor, new StringSink(plainFutureFromLocal) ) ); + // local tx pubkey -> remote + Secret sremote; + remote.agree(local.pubkey(), sremote); - // decrypt future w/local - string plainLocalFromFuture; - StringSource ss6 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocalFromFuture) ) ); + // remote tx pbukey -> local + Secret slocal; + local.agree(remote.pubkey(), slocal); + + BOOST_REQUIRE(sremote); + BOOST_REQUIRE(slocal); + BOOST_REQUIRE_EQUAL(sremote, slocal); +} + +BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) +{ + // New connections require new ECDH keypairs + // Every new connection requires a new EC keypair + // Every new trust requires a new EC keypair + // All connections should share seed for PRF (or PRNG) for nonces - BOOST_REQUIRE(plainLocal == message); - BOOST_REQUIRE(plainFuture == plainLocal); - BOOST_REQUIRE(plainFutureFromLocal == plainLocal); - BOOST_REQUIRE(plainLocalFromFuture == plainLocal); } BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) @@ -346,21 +320,28 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) rng.GenerateBlock(key, key.size()); // cryptopp uses IV as nonce/counter which is same as using nonce w/0 ctr - byte ctr[AES::BLOCKSIZE]; - rng.GenerateBlock(ctr, sizeof(ctr)); + FixedHash ctr; + rng.GenerateBlock(ctr.data(), sizeof(ctr)); + + // used for decrypt + FixedHash ctrcopy(ctr); - string text = "Now is the time for all good persons to come to the aide of humanity."; - // c++11 ftw + string text = "Now is the time for all good persons to come to the aid of humanity."; unsigned char const* in = (unsigned char*)&text[0]; unsigned char* out = (unsigned char*)&text[0]; string original = text; + string doublespeak = text + text; string cipherCopy; try { CTR_Mode::Encryption e; - e.SetKeyWithIV(key, key.size(), ctr); + e.SetKeyWithIV(key, key.size(), ctr.data()); + + // 68 % 255 should be difference of counter e.ProcessData(out, in, text.size()); + ctr = h128(u128(ctr) + text.size() % 16); + BOOST_REQUIRE(text != original); cipherCopy = text; } @@ -372,7 +353,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) try { CTR_Mode< AES >::Decryption d; - d.SetKeyWithIV(key, key.size(), ctr); + d.SetKeyWithIV(key, key.size(), ctrcopy.data()); d.ProcessData(out, in, text.size()); BOOST_REQUIRE(text == original); } @@ -390,7 +371,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) out = (unsigned char*)&cipherCopy[0]; CTR_Mode::Encryption e; - e.SetKeyWithIV(key, key.size(), ctr); + e.SetKeyWithIV(key, key.size(), ctrcopy.data()); e.ProcessData(out, in, text.size()); // yep, ctr mode. diff --git a/windows/LibEthereum.vcxproj b/windows/LibEthereum.vcxproj index 77b8f7e1a..4ae5d5bf8 100644 --- a/windows/LibEthereum.vcxproj +++ b/windows/LibEthereum.vcxproj @@ -68,14 +68,14 @@ true + - + - @@ -574,4 +574,4 @@ - \ No newline at end of file + diff --git a/windows/LibEthereum.vcxproj.filters b/windows/LibEthereum.vcxproj.filters index 9d32fd9f6..fd03dd451 100644 --- a/windows/LibEthereum.vcxproj.filters +++ b/windows/LibEthereum.vcxproj.filters @@ -435,10 +435,10 @@ libethereum - + libevmcore - + libevmcore @@ -480,4 +480,4 @@ {d838fece-fc20-42f6-bff5-97c236159b80} - \ No newline at end of file +