Skip to content

Commit

Permalink
Protocol Amendment: Always Require Fully-Canonical Signatures
Browse files Browse the repository at this point in the history
  • Loading branch information
movitto authored and carlhua committed Mar 5, 2020
1 parent 053b6d9 commit ec13704
Show file tree
Hide file tree
Showing 8 changed files with 128 additions and 11 deletions.
1 change: 1 addition & 0 deletions Builds/CMake/RippledCore.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -687,6 +687,7 @@ target_sources (rippled PRIVATE
src/test/app/ValidatorKeys_test.cpp
src/test/app/ValidatorList_test.cpp
src/test/app/ValidatorSite_test.cpp
src/test/app/tx/apply_test.cpp
#[===============================[
test sources:
subdir: basics
Expand Down
7 changes: 6 additions & 1 deletion src/ripple/app/tx/impl/apply.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,12 @@ checkValidity(HashRouter& router,
if (!(flags & SF_SIGGOOD))
{
// Don't know signature state. Check it.
auto const sigVerify = tx.checkSign();
auto const requireCanonicalSig =
rules.enabled(featureRequireFullyCanonicalSig) ?
STTx::RequireFullyCanonicalSig::yes :
STTx::RequireFullyCanonicalSig::no;

auto const sigVerify = tx.checkSign(requireCanonicalSig);
if (! sigVerify.first)
{
router.setFlags(id, SF_SIGBAD);
Expand Down
4 changes: 4 additions & 0 deletions src/ripple/protocol/Feature.h
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,8 @@ class FeatureCollections
"DeletableAccounts",
// fixQualityUpperBound should be activated before FlowCross
"fixQualityUpperBound",
"fix1781", // XRPEndpointSteps should be included in the circular payment check
"RequireFullyCanonicalSig"
};

std::vector<uint256> features;
Expand Down Expand Up @@ -397,6 +399,8 @@ extern uint256 const fixCheckThreading;
extern uint256 const fixPayChanRecipientOwnerDir;
extern uint256 const featureDeletableAccounts;
extern uint256 const fixQualityUpperBound;
extern uint256 const fix1781;
extern uint256 const featureRequireFullyCanonicalSig;

} // ripple

Expand Down
14 changes: 11 additions & 3 deletions src/ripple/protocol/STTx.h
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,13 @@ class STTx final
/** Check the signature.
@return `true` if valid signature. If invalid, the error message string.
*/
enum class RequireFullyCanonicalSig : bool
{
no,
yes
};
std::pair<bool, std::string>
checkSign() const;
checkSign(RequireFullyCanonicalSig requireCanonicalSig) const;

// SQL Functions with metadata.
static
Expand All @@ -150,8 +155,11 @@ class STTx final
std::string const& escapedMetaData) const;

private:
std::pair<bool, std::string> checkSingleSign () const;
std::pair<bool, std::string> checkMultiSign () const;
std::pair<bool, std::string>
checkSingleSign (RequireFullyCanonicalSig requireCanonicalSig) const;

std::pair<bool, std::string>
checkMultiSign (RequireFullyCanonicalSig requireCanonicalSig) const;

uint256 tid_;
TxType tx_type_;
Expand Down
4 changes: 4 additions & 0 deletions src/ripple/protocol/impl/Feature.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ detail::supportedAmendments ()
"fixPayChanRecipientOwnerDir",
"DeletableAccounts",
"fixQualityUpperBound",
"fix1781",
"RequireFullyCanonicalSig"
};
return supported;
}
Expand Down Expand Up @@ -187,5 +189,7 @@ uint256 const fixCheckThreading = *getRegisteredFeature("fixCheckThreading");
uint256 const fixPayChanRecipientOwnerDir = *getRegisteredFeature("fixPayChanRecipientOwnerDir");
uint256 const featureDeletableAccounts = *getRegisteredFeature("DeletableAccounts");
uint256 const fixQualityUpperBound = *getRegisteredFeature("fixQualityUpperBound");
uint256 const fix1781 = *getRegisteredFeature("fix1781");
uint256 const featureRequireFullyCanonicalSig = *getRegisteredFeature("RequireFullyCanonicalSig");

} // ripple
23 changes: 17 additions & 6 deletions src/ripple/protocol/impl/STTx.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include <ripple/basics/Log.h>
#include <ripple/basics/safe_cast.h>
#include <ripple/basics/StringUtilities.h>
#include <ripple/protocol/Feature.h>
#include <ripple/protocol/HashPrefix.h>
#include <ripple/protocol/jss.h>
#include <ripple/protocol/Protocol.h>
Expand Down Expand Up @@ -177,7 +178,8 @@ void STTx::sign (
tid_ = getHash(HashPrefix::transactionID);
}

std::pair<bool, std::string> STTx::checkSign() const
std::pair<bool, std::string>
STTx::checkSign(RequireFullyCanonicalSig requireCanonicalSig) const
{
std::pair<bool, std::string> ret {false, ""};
try
Expand All @@ -186,7 +188,9 @@ std::pair<bool, std::string> STTx::checkSign() const
// at the SigningPubKey. It it's empty we must be
// multi-signing. Otherwise we're single-signing.
Blob const& signingPubKey = getFieldVL (sfSigningPubKey);
ret = signingPubKey.empty () ? checkMultiSign () : checkSingleSign ();
ret = signingPubKey.empty () ?
checkMultiSign (requireCanonicalSig) :
checkSingleSign (requireCanonicalSig);
}
catch (std::exception const&)
{
Expand Down Expand Up @@ -250,7 +254,8 @@ STTx::getMetaSQL (Serializer rawTxn,
% getSequence () % inLedger % status % rTxn % escapedMetaData);
}

std::pair<bool, std::string> STTx::checkSingleSign () const
std::pair<bool, std::string>
STTx::checkSingleSign (RequireFullyCanonicalSig requireCanonicalSig) const
{
// We don't allow both a non-empty sfSigningPubKey and an sfSigners.
// That would allow the transaction to be signed two ways. So if both
Expand All @@ -261,7 +266,10 @@ std::pair<bool, std::string> STTx::checkSingleSign () const
bool validSig = false;
try
{
bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig);
bool const fullyCanonical =
(getFlags() & tfFullyCanonicalSig) ||
(requireCanonicalSig == RequireFullyCanonicalSig::yes);

auto const spk = getFieldVL (sfSigningPubKey);

if (publicKeyType (makeSlice(spk)))
Expand All @@ -287,7 +295,8 @@ std::pair<bool, std::string> STTx::checkSingleSign () const
return {true, ""};
}

std::pair<bool, std::string> STTx::checkMultiSign () const
std::pair<bool, std::string>
STTx::checkMultiSign (RequireFullyCanonicalSig requireCanonicalSig) const
{
// Make sure the MultiSigners are present. Otherwise they are not
// attempting multi-signing and we just have a bad SigningPubKey.
Expand All @@ -314,7 +323,9 @@ std::pair<bool, std::string> STTx::checkMultiSign () const
auto const txnAccountID = getAccountID (sfAccount);

// Determine whether signatures must be full canonical.
bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig);
bool const fullyCanonical =
(getFlags() & tfFullyCanonicalSig) ||
(requireCanonicalSig == RequireFullyCanonicalSig::yes);

// Signers must be in sorted order by AccountID.
AccountID lastAccountID (beast::zero);
Expand Down
83 changes: 83 additions & 0 deletions src/test/app/tx/apply_test.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2020 Dev Null Productions
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================

#include <ripple/app/tx/apply.h>
#include <ripple/basics/StringUtilities.h>
#include <ripple/protocol/Feature.h>
#include <test/jtx/Env.h>

namespace ripple {

class Apply_test : public beast::unit_test::suite
{
public:
void run() override
{
testcase ("Require Fully Canonicial Signature");
testFullyCanonicalSigs();
}

void testFullyCanonicalSigs()
{
// Construct a payments w/out a fully-canonical tx
const std::string non_fully_canonical_tx =
"12000022000000002400000001201B00497D9C6140000000000F6950684000000"
"00000000C732103767C7B2C13AD90050A4263745E4BAB2B975417FA22E87780E1"
"506DDAF21139BE74483046022100E95670988A34C4DB0FA73A8BFD6383872AF43"
"8C147A62BC8387406298C3EADC1022100A7DC80508ED5A4750705C702A81CBF9D"
"2C2DC3AFEDBED37BBCCD97BC8C40E08F8114E25A26437D923EEF4D6D815DF9336"
"8B62E6440848314BB85996936E4F595287774684DC2AC6266024BEF";

auto ret = strUnHex (non_fully_canonical_tx);
SerialIter sitTrans (makeSlice(*ret));
STTx const tx = *std::make_shared<STTx const> (std::ref (sitTrans));

{
test::jtx::Env no_fully_canonical (*this,
test::jtx::supported_amendments() -
featureRequireFullyCanonicalSig);

Validity valid = checkValidity(no_fully_canonical.app().getHashRouter(),
tx,
no_fully_canonical.current()->rules(),
no_fully_canonical.app().config()).first;

if(valid != Validity::Valid)
fail("Non-Fully canoncial signature was not permitted");
}

{
test::jtx::Env fully_canonical (*this,
test::jtx::supported_amendments());

Validity valid = checkValidity(fully_canonical.app().getHashRouter(),
tx,
fully_canonical.current()->rules(),
fully_canonical.app().config()).first;
if(valid == Validity::Valid)
fail("Non-Fully canoncial signature was permitted");
}

pass();
}
};

BEAST_DEFINE_TESTSUITE(Apply,app,ripple);

} // ripple
3 changes: 2 additions & 1 deletion src/test/protocol/STTx_test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1489,7 +1489,8 @@ class STTx_test : public beast::unit_test::suite
});
j.sign (keypair.first, keypair.second);

unexpected (!j.checkSign().first, "Transaction fails signature test");
unexpected (!j.checkSign(STTx::RequireFullyCanonicalSig::yes).first,
"Transaction fails signature test");

Serializer rawTxn;
j.add (rawTxn);
Expand Down

0 comments on commit ec13704

Please sign in to comment.