diff --git a/dap-sdk/crypto/src/dap_enc_dilithium.c b/dap-sdk/crypto/src/dap_enc_dilithium.c
index bf6ddd748c24db928c2f96e2a2eb4e8e059c5dd7..bf35a074976241b0fa7add50ee1eae2f9d3b4f7f 100755
--- a/dap-sdk/crypto/src/dap_enc_dilithium.c
+++ b/dap-sdk/crypto/src/dap_enc_dilithium.c
@@ -88,7 +88,7 @@ size_t dap_enc_sig_dilithium_verify_sign(struct dap_enc_key * key, const void *
if( l_ret != 0)
log_it(L_WARNING,"Wrong signature, can't open with code %d", l_ret);
- return l_ret>0? l_ret : 0;
+ return l_ret < 0 ? l_ret : 0;
}
void dap_enc_sig_dilithium_key_delete(struct dap_enc_key * key)
diff --git a/dap-sdk/crypto/src/dap_enc_tesla.c b/dap-sdk/crypto/src/dap_enc_tesla.c
index a67cb0618fe84f26f2ebc8c86304d56a8e6b1057..54e40d2e09639b0d264d6fee6e38040453170db6 100755
--- a/dap-sdk/crypto/src/dap_enc_tesla.c
+++ b/dap-sdk/crypto/src/dap_enc_tesla.c
@@ -94,7 +94,7 @@ size_t dap_enc_sig_tesla_verify_sign(struct dap_enc_key * key, const void * msg,
{
if(signature_size < sizeof(tesla_signature_t)) {
log_it(L_ERROR, "bad signature size");
- return 0;
+ return -6;
}
return (tesla_crypto_sign_open((tesla_signature_t *) signature, (unsigned char *) msg, msg_size, key->pub_key_data));
diff --git a/dap-sdk/crypto/src/dap_sign.c b/dap-sdk/crypto/src/dap_sign.c
index 2582d4b1c3a29452a9c377a8c96ef986ae510074..7c64420b0b4202cb9cbf8d8a7a5a3e0332b0667b 100755
--- a/dap-sdk/crypto/src/dap_sign.c
+++ b/dap-sdk/crypto/src/dap_sign.c
@@ -410,7 +410,7 @@ int dap_sign_verify(dap_sign_t * a_chain_sign, const void * a_data, const size_t
case DAP_ENC_KEY_TYPE_SIG_TESLA:
case DAP_ENC_KEY_TYPE_SIG_PICNIC:
case DAP_ENC_KEY_TYPE_SIG_DILITHIUM:
- if(l_key->dec_na(l_key, a_data, a_data_size, l_sign_data, l_sign_data_size) > 0)
+ if(l_key->dec_na(l_key, a_data, a_data_size, l_sign_data, l_sign_data_size) < 0)
l_ret = 0;
else
l_ret = 1;
diff --git a/modules/chain/dap_chain_ledger.c b/modules/chain/dap_chain_ledger.c
index 2c86cc2d6d01b2cddc1533dc8775758123827f69..c7eacc0addd47f215c6234d13a0648b58df54e6a 100644
--- a/modules/chain/dap_chain_ledger.c
+++ b/modules/chain/dap_chain_ledger.c
@@ -370,7 +370,7 @@ int dap_chain_ledger_token_add(dap_ledger_t * a_ledger, dap_chain_datum_token_t
l_token_item->type = a_token->type;
switch(a_token->type){
case DAP_CHAIN_DATUM_TOKEN_TYPE_SIMPLE: {
- l_token_item->total_supply = a_token->header_private.total_supply;\
+ l_token_item->total_supply = a_token->header_private.total_supply;
l_token_item->auth_signs= dap_chain_datum_token_simple_signs_parse(a_token,a_token_size,
&l_token_item->auth_signs_total,
&l_token_item->auth_signs_valid );
@@ -405,7 +405,7 @@ int dap_chain_ledger_token_add(dap_ledger_t * a_ledger, dap_chain_datum_token_t
log_it(L_WARNING,"Unknown token declaration type 0x%04X", a_token->type );
}
// Proc emissions tresholds
- s_treshold_emissions_proc( a_ledger);
+ //s_treshold_emissions_proc( a_ledger); //TODO process thresholds only for no-consensus chains
return 0;
}
@@ -979,6 +979,16 @@ void dap_chain_ledger_load_cache(dap_ledger_t *a_ledger)
pthread_rwlock_init(&l_token_item->token_emissions_rwlock, NULL);
if (l_token_item->datum_token->type == DAP_CHAIN_DATUM_TOKEN_TYPE_SIMPLE) {
l_token_item->total_supply = l_token_item->datum_token->header_private.total_supply;
+ l_token_item->auth_signs= dap_chain_datum_token_simple_signs_parse(l_token_item->datum_token, l_objs[i].value_len,
+ &l_token_item->auth_signs_total,
+ &l_token_item->auth_signs_valid );
+ if (l_token_item->auth_signs_total) {
+ l_token_item->auth_signs_pkey_hash = DAP_NEW_Z_SIZE(dap_chain_hash_fast_t,
+ sizeof(dap_chain_hash_fast_t) * l_token_item->auth_signs_total);
+ for (uint16_t k=0; k < l_token_item->auth_signs_total; k++) {
+ dap_sign_get_pkey_hash(l_token_item->auth_signs[k], &l_token_item->auth_signs_pkey_hash[k]);
+ }
+ }
}
HASH_ADD_STR(l_ledger_pvt->tokens, ticker, l_token_item);
if (i == l_objs_count - 1) {
@@ -1112,7 +1122,7 @@ dap_ledger_t* dap_chain_ledger_create(uint16_t a_check_flags, char *a_net_name)
int dap_chain_ledger_token_emission_add_check(dap_ledger_t *a_ledger, byte_t *a_token_emission, size_t a_token_emission_size)
{
- int ret = 0;
+ int l_ret = 0;
dap_ledger_private_t *l_ledger_priv = PVT(a_ledger);
const char * c_token_ticker = ((dap_chain_datum_token_emission_t *)a_token_emission)->hdr.ticker;
@@ -1139,70 +1149,67 @@ int dap_chain_ledger_token_emission_add_check(dap_ledger_t *a_ledger, byte_t *a_
if(s_debug_more)
log_it(L_ERROR, "Can't add token emission datum of %"DAP_UINT64_FORMAT_U" %s ( %s ): already present in cache",
l_token_emission_item->datum_token_emission->hdr.value, c_token_ticker, l_hash_str);
- ret = -1;
+ l_ret = -1;
}else if ( (! l_token_item) && ( l_threshold_emissions_count >= s_treshold_emissions_max)) {
if(s_debug_more)
log_it(L_WARNING,"Treshold for emissions is overfulled (%zu max)",
s_treshold_emissions_max);
- ret = -2;
- }else{ // Chech emission correctness
- size_t l_emission_size = a_token_emission_size;
- dap_chain_datum_token_emission_t *l_emission = dap_chain_datum_emission_read(a_token_emission, &l_emission_size);
- switch (l_emission->hdr.type){
- case DAP_CHAIN_DATUM_TOKEN_EMISSION_TYPE_AUTH:{
- dap_chain_ledger_token_item_t *l_token_item=NULL;
- pthread_rwlock_rdlock(&PVT(a_ledger)->tokens_rwlock);
- HASH_FIND_STR(PVT(a_ledger)->tokens, l_emission->hdr.ticker, l_token_item);
- pthread_rwlock_unlock(&PVT(a_ledger)->tokens_rwlock);
- if (l_token_item){
- assert(l_token_item->datum_token);
- dap_sign_t * l_sign =(dap_sign_t*) l_emission->data.type_auth.signs;
- size_t l_offset= (byte_t*)l_emission - (byte_t*) l_sign;
- uint16_t l_aproves = 0, l_aproves_valid = l_token_item->auth_signs_valid;
-
- for (uint16_t i=0; i <l_emission->data.type_auth.signs_count && l_offset < l_emission_size; i++){
- size_t l_sign_size = dap_sign_get_size(l_sign);
- l_sign = (dap_sign_t*) ((byte_t*) l_sign + l_sign_size);
- if (UINT16_MAX-l_offset> l_sign_size ){
- dap_chain_hash_fast_t l_sign_pkey_hash;
- dap_sign_get_pkey_hash(l_sign,&l_sign_pkey_hash);
- // Find pkey in auth hashes
- for(uint16_t k=0; k< l_token_item->auth_signs_total; k++ ){
- if ( dap_hash_fast_compare(&l_sign_pkey_hash, &l_token_item->auth_signs_pkey_hash[k])) {
- // Verify if its token emission header signed
- if (!dap_sign_verify_size(l_sign, l_emission_size)) {
- break;
- }
- if (dap_sign_verify(l_sign, &l_emission->hdr, sizeof(l_emission)) == 1) {
- l_aproves++;
- break;
- }
+ l_ret = -2;
+ }
+ DAP_DELETE(l_hash_str);
+ if (l_ret || !PVT(a_ledger)->check_token_emission)
+ return l_ret;
+ // Check emission correctness
+ size_t l_emission_size = a_token_emission_size;
+ dap_chain_datum_token_emission_t *l_emission = dap_chain_datum_emission_read(a_token_emission, &l_emission_size);
+ switch (l_emission->hdr.type){
+ case DAP_CHAIN_DATUM_TOKEN_EMISSION_TYPE_AUTH:{
+ dap_chain_ledger_token_item_t *l_token_item=NULL;
+ pthread_rwlock_rdlock(&PVT(a_ledger)->tokens_rwlock);
+ HASH_FIND_STR(PVT(a_ledger)->tokens, l_emission->hdr.ticker, l_token_item);
+ pthread_rwlock_unlock(&PVT(a_ledger)->tokens_rwlock);
+ if (l_token_item){
+ assert(l_token_item->datum_token);
+ dap_sign_t *l_sign = (dap_sign_t *)l_emission->data.type_auth.signs;
+ size_t l_offset = (byte_t *)l_sign - (byte_t *)l_emission;
+ uint16_t l_aproves = 0, l_aproves_valid = l_token_item->auth_signs_valid;
+ for (uint16_t i = 0; i < l_emission->data.type_auth.signs_count && l_offset < l_emission_size; i++) {
+ if (dap_sign_verify_size(l_sign, l_emission_size - l_offset)) {
+ dap_chain_hash_fast_t l_sign_pkey_hash;
+ dap_sign_get_pkey_hash(l_sign, &l_sign_pkey_hash);
+ // Find pkey in auth hashes
+ for (uint16_t k=0; k< l_token_item->auth_signs_total; k++) {
+ if (dap_hash_fast_compare(&l_sign_pkey_hash, &l_token_item->auth_signs_pkey_hash[k])) {
+ // Verify if its token emission header signed
+ if (dap_sign_verify(l_sign, &l_emission->hdr, sizeof(l_emission->hdr)) == 1) {
+ l_aproves++;
+ break;
}
}
- l_offset+=l_sign_size;
- }else
- l_offset = UINT16_MAX;
- }
+ }
+ size_t l_sign_size = dap_sign_get_size(l_sign);
+ l_offset += l_sign_size;
+ l_sign = (dap_sign_t *)((byte_t *)l_emission + l_offset);
+ } else
+ break;
+ }
- if (l_aproves < l_aproves_valid ){
- if(s_debug_more)
- log_it(L_WARNING, "Emission of %"DAP_UINT64_FORMAT_U" datoshi of %s:%s is wrong: only %u valid aproves when %u need",
- l_emission->hdr.value, a_ledger->net_name, l_emission->hdr.ticker, l_aproves, l_aproves_valid );
- ret = -3;
- }
- }else{
+ if (l_aproves < l_aproves_valid ){
if(s_debug_more)
- log_it(L_WARNING,"Can't find token declaration %s:%s thats pointed in token emission datum", a_ledger->net_name, l_emission->hdr.ticker);
- ret = DAP_CHAIN_CS_VERIFY_CODE_TX_NO_TOKEN;
+ log_it(L_WARNING, "Emission of %"DAP_UINT64_FORMAT_U" datoshi of %s:%s is wrong: only %u valid aproves when %u need",
+ l_emission->hdr.value, a_ledger->net_name, l_emission->hdr.ticker, l_aproves, l_aproves_valid );
+ l_ret = -3;
}
- }break;
- default:{}
- }
- DAP_DELETE(l_emission);
+ }else{
+ if(s_debug_more)
+ log_it(L_WARNING,"Can't find token declaration %s:%s thats pointed in token emission datum", a_ledger->net_name, l_emission->hdr.ticker);
+ l_ret = DAP_CHAIN_CS_VERIFY_CODE_TX_NO_TOKEN;
+ }
+ }break;
+ default:{}
}
- DAP_DELETE(l_hash_str);
-
- return ret;
+ DAP_DELETE(l_emission);
+ return l_ret;
}
/**
diff --git a/modules/consensus/block-poa/dap_chain_cs_block_poa.c b/modules/consensus/block-poa/dap_chain_cs_block_poa.c
index f77f7395b21357b9a8a35c093d1119ad4648ca50..3ee2f2763ac720aee661543967cfde8dd18cc4cb 100644
--- a/modules/consensus/block-poa/dap_chain_cs_block_poa.c
+++ b/modules/consensus/block-poa/dap_chain_cs_block_poa.c
@@ -333,6 +333,7 @@ static int s_callback_block_verify(dap_chain_cs_blocks_t * a_blocks, dap_chain_b
break;
}
}
+ //TODO verify sign itself
l_offset += l_sign_size;
l_sign = (dap_sign_t *)(a_block->meta_n_datum_n_sign + l_offset);
}
diff --git a/modules/net/dap_chain_net.c b/modules/net/dap_chain_net.c
index 13f89ff40cbe22a1ccbfc68ce4235f9a8e174d4f..5fc33561f7336b47b3cf8654e0de609d62d8bec0 100644
--- a/modules/net/dap_chain_net.c
+++ b/modules/net/dap_chain_net.c
@@ -1721,7 +1721,6 @@ int s_net_load(const char * a_net_name, uint16_t a_acl_idx)
case NODE_ROLE_ROOT_MASTER:
case NODE_ROLE_ROOT:
case NODE_ROLE_ARCHIVE:
- l_ledger_flags |= DAP_CHAIN_LEDGER_CHECK_TOKEN_EMISSION;
case NODE_ROLE_MASTER:
l_ledger_flags |= DAP_CHAIN_LEDGER_CHECK_CELLS_DS;
case NODE_ROLE_CELL_MASTER:
diff --git a/modules/net/dap_chain_node_cli_cmd.c b/modules/net/dap_chain_node_cli_cmd.c
index 4090528d68cfbaf274c47e767e33719e33f8f9d5..9bc515534a8bbeb88fc53cef3252ae0de4e051c2 100644
--- a/modules/net/dap_chain_node_cli_cmd.c
+++ b/modules/net/dap_chain_node_cli_cmd.c
@@ -3300,10 +3300,11 @@ int com_token_emit(int a_argc, char ** a_argv, char ** a_str_reply)
memcpy(&l_emission->hdr.address, l_addr, sizeof(l_emission->hdr.address));
time_t l_time = time(NULL);
memcpy(&l_emission->hdr.nonce, &l_time, sizeof(time_t));
+ l_emission->data.type_auth.signs_count = l_certs_size;
// Then add signs
size_t l_offset = 0;
for(size_t i = 0; i < l_certs_size; i++) {
- dap_sign_t * l_sign = dap_cert_sign(l_certs[i], &l_emission->hdr,
+ dap_sign_t *l_sign = dap_cert_sign(l_certs[i], &l_emission->hdr,
sizeof(l_emission->hdr), 0);
size_t l_sign_size = dap_sign_get_size(l_sign);
l_emission_size += l_sign_size;
diff --git a/modules/service/stake/dap_chain_net_srv_stake.c b/modules/service/stake/dap_chain_net_srv_stake.c
index ea3594eff8f126b8fa926597f550813b5053d332..f913f7f3bcd254ef72e7b559fc97953080c37406 100644
--- a/modules/service/stake/dap_chain_net_srv_stake.c
+++ b/modules/service/stake/dap_chain_net_srv_stake.c
@@ -538,7 +538,7 @@ dap_chain_net_srv_stake_item_t *s_stake_item_from_order(dap_chain_net_t *a_net,
}
dap_srv_stake_order_ext_t *l_ext = (dap_srv_stake_order_ext_t *)a_order->ext;
dap_sign_t *l_sign = (dap_sign_t *)(&a_order->ext[a_order->ext_size]);
- if (!dap_sign_verify(l_sign, a_order, dap_chain_net_srv_order_get_size(a_order))) {
+ if (dap_sign_verify(l_sign, a_order, dap_chain_net_srv_order_get_size(a_order)) != 1) {
log_it(L_WARNING, "Order sign is invalid");
return NULL;
}