|
|
|
|
@ -9,21 +9,21 @@ Low-level protocol-related functions. |
|
|
|
|
from __future__ import absolute_import |
|
|
|
|
|
|
|
|
|
import base64 |
|
|
|
|
from binascii import hexlify |
|
|
|
|
import hashlib |
|
|
|
|
import os |
|
|
|
|
import random |
|
|
|
|
import socket |
|
|
|
|
import ssl |
|
|
|
|
from struct import pack, unpack, Struct |
|
|
|
|
import sys |
|
|
|
|
import time |
|
|
|
|
import traceback |
|
|
|
|
from binascii import hexlify |
|
|
|
|
from struct import pack, unpack, Struct |
|
|
|
|
|
|
|
|
|
import defaults |
|
|
|
|
import highlevelcrypto |
|
|
|
|
import state |
|
|
|
|
from addresses import encodeVarint, decodeVarint, decodeAddress, varintDecodeError |
|
|
|
|
from addresses import ( |
|
|
|
|
encodeVarint, decodeVarint, decodeAddress, varintDecodeError) |
|
|
|
|
from bmconfigparser import BMConfigParser |
|
|
|
|
from debug import logger |
|
|
|
|
from helper_sql import sqlExecute |
|
|
|
|
@ -321,33 +321,41 @@ def assembleErrorMessage(fatal=0, banTime=0, inventoryVector='', errorText=''): |
|
|
|
|
|
|
|
|
|
def decryptAndCheckPubkeyPayload(data, address): |
|
|
|
|
""" |
|
|
|
|
Version 4 pubkeys are encrypted. This function is run when we already have the |
|
|
|
|
address to which we want to try to send a message. The 'data' may come either |
|
|
|
|
off of the wire or we might have had it already in our inventory when we tried |
|
|
|
|
to send a msg to this particular address. |
|
|
|
|
Version 4 pubkeys are encrypted. This function is run when we |
|
|
|
|
already have the address to which we want to try to send a message. |
|
|
|
|
The 'data' may come either off of the wire or we might have had it |
|
|
|
|
already in our inventory when we tried to send a msg to this |
|
|
|
|
particular address. |
|
|
|
|
""" |
|
|
|
|
# pylint: disable=unused-variable |
|
|
|
|
try: |
|
|
|
|
status, addressVersion, streamNumber, ripe = decodeAddress(address) |
|
|
|
|
addressVersion, streamNumber, ripe = decodeAddress(address)[1:] |
|
|
|
|
|
|
|
|
|
readPosition = 20 # bypass the nonce, time, and object type |
|
|
|
|
embeddedAddressVersion, varintLength = decodeVarint(data[readPosition:readPosition + 10]) |
|
|
|
|
embeddedAddressVersion, varintLength = decodeVarint( |
|
|
|
|
data[readPosition:readPosition + 10]) |
|
|
|
|
readPosition += varintLength |
|
|
|
|
embeddedStreamNumber, varintLength = decodeVarint(data[readPosition:readPosition + 10]) |
|
|
|
|
embeddedStreamNumber, varintLength = decodeVarint( |
|
|
|
|
data[readPosition:readPosition + 10]) |
|
|
|
|
readPosition += varintLength |
|
|
|
|
# We'll store the address version and stream number (and some more) in the pubkeys table. |
|
|
|
|
# We'll store the address version and stream number |
|
|
|
|
# (and some more) in the pubkeys table. |
|
|
|
|
storedData = data[20:readPosition] |
|
|
|
|
|
|
|
|
|
if addressVersion != embeddedAddressVersion: |
|
|
|
|
logger.info('Pubkey decryption was UNsuccessful due to address version mismatch.') |
|
|
|
|
logger.info( |
|
|
|
|
'Pubkey decryption was UNsuccessful' |
|
|
|
|
' due to address version mismatch.') |
|
|
|
|
return 'failed' |
|
|
|
|
if streamNumber != embeddedStreamNumber: |
|
|
|
|
logger.info('Pubkey decryption was UNsuccessful due to stream number mismatch.') |
|
|
|
|
logger.info( |
|
|
|
|
'Pubkey decryption was UNsuccessful' |
|
|
|
|
' due to stream number mismatch.') |
|
|
|
|
return 'failed' |
|
|
|
|
|
|
|
|
|
tag = data[readPosition:readPosition + 32] |
|
|
|
|
readPosition += 32 |
|
|
|
|
# the time through the tag. More data is appended onto signedData below after the decryption. |
|
|
|
|
# the time through the tag. More data is appended onto |
|
|
|
|
# signedData below after the decryption. |
|
|
|
|
signedData = data[8:readPosition] |
|
|
|
|
encryptedData = data[readPosition:] |
|
|
|
|
|
|
|
|
|
@ -355,13 +363,15 @@ def decryptAndCheckPubkeyPayload(data, address): |
|
|
|
|
toAddress, cryptorObject = state.neededPubkeys[tag] |
|
|
|
|
if toAddress != address: |
|
|
|
|
logger.critical( |
|
|
|
|
'decryptAndCheckPubkeyPayload failed due to toAddress mismatch.' |
|
|
|
|
' This is very peculiar. toAddress: %s, address %s', |
|
|
|
|
toAddress, |
|
|
|
|
address) |
|
|
|
|
# the only way I can think that this could happen is if someone encodes their address data two different |
|
|
|
|
# ways. That sort of address-malleability should have been caught by the UI or API and an error given to |
|
|
|
|
# the user. |
|
|
|
|
'decryptAndCheckPubkeyPayload failed due to toAddress' |
|
|
|
|
' mismatch. This is very peculiar.' |
|
|
|
|
' toAddress: %s, address %s', |
|
|
|
|
toAddress, address |
|
|
|
|
) |
|
|
|
|
# the only way I can think that this could happen |
|
|
|
|
# is if someone encodes their address data two different ways. |
|
|
|
|
# That sort of address-malleability should have been caught |
|
|
|
|
# by the UI or API and an error given to the user. |
|
|
|
|
return 'failed' |
|
|
|
|
try: |
|
|
|
|
decryptedData = cryptorObject.decrypt(encryptedData) |
|
|
|
|
@ -372,17 +382,17 @@ def decryptAndCheckPubkeyPayload(data, address): |
|
|
|
|
return 'failed' |
|
|
|
|
|
|
|
|
|
readPosition = 0 |
|
|
|
|
bitfieldBehaviors = decryptedData[readPosition:readPosition + 4] |
|
|
|
|
# bitfieldBehaviors = decryptedData[readPosition:readPosition + 4] |
|
|
|
|
readPosition += 4 |
|
|
|
|
publicSigningKey = '\x04' + decryptedData[readPosition:readPosition + 64] |
|
|
|
|
readPosition += 64 |
|
|
|
|
publicEncryptionKey = '\x04' + decryptedData[readPosition:readPosition + 64] |
|
|
|
|
readPosition += 64 |
|
|
|
|
specifiedNonceTrialsPerByte, specifiedNonceTrialsPerByteLength = decodeVarint( |
|
|
|
|
decryptedData[readPosition:readPosition + 10]) |
|
|
|
|
specifiedNonceTrialsPerByteLength = decodeVarint( |
|
|
|
|
decryptedData[readPosition:readPosition + 10])[1] |
|
|
|
|
readPosition += specifiedNonceTrialsPerByteLength |
|
|
|
|
specifiedPayloadLengthExtraBytes, specifiedPayloadLengthExtraBytesLength = decodeVarint( |
|
|
|
|
decryptedData[readPosition:readPosition + 10]) |
|
|
|
|
specifiedPayloadLengthExtraBytesLength = decodeVarint( |
|
|
|
|
decryptedData[readPosition:readPosition + 10])[1] |
|
|
|
|
readPosition += specifiedPayloadLengthExtraBytesLength |
|
|
|
|
storedData += decryptedData[:readPosition] |
|
|
|
|
signedData += decryptedData[:readPosition] |
|
|
|
|
@ -391,12 +401,15 @@ def decryptAndCheckPubkeyPayload(data, address): |
|
|
|
|
readPosition += signatureLengthLength |
|
|
|
|
signature = decryptedData[readPosition:readPosition + signatureLength] |
|
|
|
|
|
|
|
|
|
if highlevelcrypto.verify(signedData, signature, hexlify(publicSigningKey)): |
|
|
|
|
logger.info('ECDSA verify passed (within decryptAndCheckPubkeyPayload)') |
|
|
|
|
else: |
|
|
|
|
logger.info('ECDSA verify failed (within decryptAndCheckPubkeyPayload)') |
|
|
|
|
if not highlevelcrypto.verify( |
|
|
|
|
signedData, signature, hexlify(publicSigningKey)): |
|
|
|
|
logger.info( |
|
|
|
|
'ECDSA verify failed (within decryptAndCheckPubkeyPayload)') |
|
|
|
|
return 'failed' |
|
|
|
|
|
|
|
|
|
logger.info( |
|
|
|
|
'ECDSA verify passed (within decryptAndCheckPubkeyPayload)') |
|
|
|
|
|
|
|
|
|
sha = hashlib.new('sha512') |
|
|
|
|
sha.update(publicSigningKey + publicEncryptionKey) |
|
|
|
|
ripeHasher = hashlib.new('ripemd160') |
|
|
|
|
@ -404,34 +417,37 @@ def decryptAndCheckPubkeyPayload(data, address): |
|
|
|
|
embeddedRipe = ripeHasher.digest() |
|
|
|
|
|
|
|
|
|
if embeddedRipe != ripe: |
|
|
|
|
# Although this pubkey object had the tag were were looking for and was |
|
|
|
|
# encrypted with the correct encryption key, it doesn't contain the |
|
|
|
|
# correct pubkeys. Someone is either being malicious or using buggy software. |
|
|
|
|
logger.info('Pubkey decryption was UNsuccessful due to RIPE mismatch.') |
|
|
|
|
# Although this pubkey object had the tag were were looking for |
|
|
|
|
# and was encrypted with the correct encryption key, |
|
|
|
|
# it doesn't contain the correct pubkeys. Someone is |
|
|
|
|
# either being malicious or using buggy software. |
|
|
|
|
logger.info( |
|
|
|
|
'Pubkey decryption was UNsuccessful due to RIPE mismatch.') |
|
|
|
|
return 'failed' |
|
|
|
|
|
|
|
|
|
# Everything checked out. Insert it into the pubkeys table. |
|
|
|
|
|
|
|
|
|
logger.info( |
|
|
|
|
os.linesep.join([ |
|
|
|
|
'within decryptAndCheckPubkeyPayload,' |
|
|
|
|
' addressVersion: %s, streamNumber: %s' % addressVersion, streamNumber, |
|
|
|
|
'ripe %s' % hexlify(ripe), |
|
|
|
|
'publicSigningKey in hex: %s' % hexlify(publicSigningKey), |
|
|
|
|
'publicEncryptionKey in hex: %s' % hexlify(publicEncryptionKey), |
|
|
|
|
]) |
|
|
|
|
'within decryptAndCheckPubkeyPayload, ' |
|
|
|
|
'addressVersion: %s, streamNumber: %s\nripe %s\n' |
|
|
|
|
'publicSigningKey in hex: %s\npublicEncryptionKey in hex: %s', |
|
|
|
|
addressVersion, streamNumber, hexlify(ripe), |
|
|
|
|
hexlify(publicSigningKey), hexlify(publicEncryptionKey) |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
t = (address, addressVersion, storedData, int(time.time()), 'yes') |
|
|
|
|
sqlExecute('''INSERT INTO pubkeys VALUES (?,?,?,?,?)''', *t) |
|
|
|
|
return 'successful' |
|
|
|
|
except varintDecodeError: |
|
|
|
|
logger.info('Pubkey decryption was UNsuccessful due to a malformed varint.') |
|
|
|
|
logger.info( |
|
|
|
|
'Pubkey decryption was UNsuccessful due to a malformed varint.') |
|
|
|
|
return 'failed' |
|
|
|
|
except Exception: |
|
|
|
|
logger.critical( |
|
|
|
|
'Pubkey decryption was UNsuccessful because of an unhandled exception! This is definitely a bug! \n%s', |
|
|
|
|
traceback.format_exc()) |
|
|
|
|
'Pubkey decryption was UNsuccessful because of' |
|
|
|
|
' an unhandled exception! This is definitely a bug! \n%s', |
|
|
|
|
traceback.format_exc() |
|
|
|
|
) |
|
|
|
|
return 'failed' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
