From b577d23764efeea252b20e7d97811bf8f309b1d6 Mon Sep 17 00:00:00 2001
From: Roman Khlopkov <roman.khlopkov@demlabs.net>
Date: Mon, 20 Sep 2021 12:19:38 +0300
Subject: [PATCH] [+] Sign size calc
---
dap-sdk/crypto/include/dap_sign.h | 2 +-
dap-sdk/crypto/src/dap_sign.c | 6 ++++--
modules/chain/dap_chain_ledger.c | 6 +++++-
modules/common/dap_chain_datum_tx.c | 2 +-
modules/consensus/dag-pos/dap_chain_cs_dag_pos.c | 5 +++--
modules/net/srv/dap_chain_net_srv_order.c | 5 +++--
6 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/dap-sdk/crypto/include/dap_sign.h b/dap-sdk/crypto/include/dap_sign.h
index 0c01cfb7c6..4018361a65 100755
--- a/dap-sdk/crypto/include/dap_sign.h
+++ b/dap-sdk/crypto/include/dap_sign.h
@@ -127,7 +127,7 @@ uint8_t* dap_sign_get_sign(dap_sign_t *a_sign, size_t *a_sign_out);
uint8_t* dap_sign_get_pkey(dap_sign_t *a_sign, size_t *a_pub_key_out);
bool dap_sign_get_pkey_hash(dap_sign_t *a_sign, dap_chain_hash_fast_t * a_sign_hash);
-bool dap_sign_verify_size(dap_sign_t *a_sign);
+bool dap_sign_verify_size(dap_sign_t *a_sign, size_t a_max_key_size);
dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign);
const char * dap_sign_type_to_str(dap_sign_type_t a_chain_sign_type);
dap_sign_type_t dap_sign_type_from_str(const char * a_type_str);
diff --git a/dap-sdk/crypto/src/dap_sign.c b/dap-sdk/crypto/src/dap_sign.c
index c518366970..11c17df04a 100755
--- a/dap-sdk/crypto/src/dap_sign.c
+++ b/dap-sdk/crypto/src/dap_sign.c
@@ -315,10 +315,12 @@ bool dap_sign_get_pkey_hash(dap_sign_t *a_sign, dap_chain_hash_fast_t * a_sign_h
}
-bool dap_sign_verify_size(dap_sign_t *a_sign)
+bool dap_sign_verify_size(dap_sign_t *a_sign, size_t a_max_key_size)
{
if (a_sign->header.sign_pkey_size > a_sign->header.sign_size)
return false;
+ if (a_sign->header.sign_pkey_size > a_max_key_size)
+ return false;
return true;
}
@@ -349,7 +351,7 @@ dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign)
*/
int dap_sign_verify(dap_sign_t * a_chain_sign, const void * a_data, const size_t a_data_size)
{
- if (!a_chain_sign || !a_data || !dap_sign_verify_size(a_chain_sign))
+ if (!a_chain_sign || !a_data)
return -2;
dap_enc_key_t * l_key = dap_sign_to_enc_key(a_chain_sign);
diff --git a/modules/chain/dap_chain_ledger.c b/modules/chain/dap_chain_ledger.c
index a21907184f..d9eaf907ae 100644
--- a/modules/chain/dap_chain_ledger.c
+++ b/modules/chain/dap_chain_ledger.c
@@ -1113,12 +1113,16 @@ int dap_chain_ledger_token_emission_add_check(dap_ledger_t *a_ledger, const dap_
dap_sign_get_pkey_hash(l_sign,&l_sign_pkey_hash);
// Find pkey in auth hashes
for(uint16_t k=0; k< l_token_item->auth_signs_total; k++ ){
- if ( dap_hash_fast_compare(&l_sign_pkey_hash, &l_token_item->auth_signs_pkey_hash[k]))
+ if ( dap_hash_fast_compare(&l_sign_pkey_hash, &l_token_item->auth_signs_pkey_hash[k])) {
// Verify if its token emission header signed
+ if (!dap_sign_verify_size(l_sign, a_token_emission_size)) {
+ break;
+ }
if( dap_sign_verify(l_sign,&a_token_emission->hdr, sizeof (a_token_emission) ) ){
l_aproves++;
break;
}
+ }
}
l_offset+=l_sign_size;
}else
diff --git a/modules/common/dap_chain_datum_tx.c b/modules/common/dap_chain_datum_tx.c
index 2c8a7d8f45..6f48ec58ed 100644
--- a/modules/common/dap_chain_datum_tx.c
+++ b/modules/common/dap_chain_datum_tx.c
@@ -237,7 +237,7 @@ int dap_chain_datum_tx_verify_sign(dap_chain_datum_tx_t *tx)
log_it(L_WARNING,"Incorrect signature's header, possible corrupted data");
return -4;
}
- if(dap_sign_verify(l_sign, tx->tx_items, tx_items_pos) != 1) {
+ if (!dap_sign_verify_size(l_sign, tx_items_size) || dap_sign_verify(l_sign, tx->tx_items, tx_items_pos) != 1) {
// invalid signature
ret = 0;
tx_items_pos += l_item_tx_size;
diff --git a/modules/consensus/dag-pos/dap_chain_cs_dag_pos.c b/modules/consensus/dag-pos/dap_chain_cs_dag_pos.c
index 5e810d4c82..fc2be92cdd 100644
--- a/modules/consensus/dag-pos/dap_chain_cs_dag_pos.c
+++ b/modules/consensus/dag-pos/dap_chain_cs_dag_pos.c
@@ -238,8 +238,9 @@ static int s_callback_event_verify(dap_chain_cs_dag_t * a_dag, dap_chain_cs_dag_
}
size_t l_dag_event_size_without_sign = dap_chain_cs_dag_event_calc_size_excl_signs(a_dag_event,a_dag_event_size);
- int l_sign_verify_ret = dap_sign_verify(l_sign,a_dag_event,l_dag_event_size_without_sign);
- if ( l_sign_verify_ret != 0){
+ bool l_sign_verify_ret = dap_sign_verify_size(l_sign, a_dag_event_size) &&
+ dap_sign_verify(l_sign,a_dag_event,l_dag_event_size_without_sign) == 0;
+ if ( !l_sign_verify_ret ){
log_it(L_WARNING, "Event's sign is incorrect: code %d", l_sign_verify_ret);
return -41;
diff --git a/modules/net/srv/dap_chain_net_srv_order.c b/modules/net/srv/dap_chain_net_srv_order.c
index 9e1f98e2e0..a85237c4df 100644
--- a/modules/net/srv/dap_chain_net_srv_order.c
+++ b/modules/net/srv/dap_chain_net_srv_order.c
@@ -34,7 +34,7 @@
#if DAP_SRV_STAKE_USED
#include "dap_chain_net_srv_stake.h"
#else
-static bool dap_chain_net_srv_stake_key_delegated() { return false; }
+static bool dap_chain_net_srv_stake_key_delegated(dap_chain_addr_t *a_addr) { UNUSED(a_addr); return false; }
#endif
//#include "dap_chain_net_srv_geoip.h"
@@ -535,7 +535,8 @@ static void s_srv_order_callback_notify(void *a_arg, const char a_op_code, const
dap_chain_global_db_gr_del(dap_strdup(a_key), a_group);
} else {
dap_sign_t *l_sign = (dap_sign_t *)&l_order->ext[l_order->ext_size];
- if (!dap_sign_verify(l_sign, l_order, sizeof(dap_chain_net_srv_order_t) + l_order->ext_size)) {
+ if (!dap_sign_verify_size(l_sign, a_value_len) ||
+ dap_sign_verify(l_sign, l_order, sizeof(dap_chain_net_srv_order_t) + l_order->ext_size) != 1) {
dap_chain_global_db_gr_del(dap_strdup(a_key), a_group);
DAP_DELETE(l_gdb_group_str);
return;
--
GitLab