Merge pull request #524 from sipa/signandverif
Sign and verify message with bitcoin address
This commit is contained in:
commit
f4769e44a3
6 changed files with 372 additions and 38 deletions
|
@ -526,6 +526,72 @@ Value sendtoaddress(const Array& params, bool fHelp)
|
|||
return wtx.GetHash().GetHex();
|
||||
}
|
||||
|
||||
static const string strMessageMagic = "Bitcoin Signed Message:\n";
|
||||
|
||||
Value signmessage(const Array& params, bool fHelp)
|
||||
{
|
||||
if (fHelp || params.size() != 2)
|
||||
throw runtime_error(
|
||||
"signmessage <bitcoinaddress> <message>\n"
|
||||
"Sign a message with the private key of an address");
|
||||
|
||||
if (pwalletMain->IsLocked())
|
||||
throw JSONRPCError(-13, "Error: Please enter the wallet passphrase with walletpassphrase first.");
|
||||
|
||||
string strAddress = params[0].get_str();
|
||||
string strMessage = params[1].get_str();
|
||||
|
||||
CBitcoinAddress addr(strAddress);
|
||||
if (!addr.IsValid())
|
||||
throw JSONRPCError(-3, "Invalid address");
|
||||
|
||||
CKey key;
|
||||
if (!pwalletMain->GetKey(addr, key))
|
||||
throw JSONRPCError(-4, "Private key not available");
|
||||
|
||||
CDataStream ss(SER_GETHASH);
|
||||
ss << strMessageMagic;
|
||||
ss << strMessage;
|
||||
|
||||
vector<unsigned char> vchSig;
|
||||
if (!key.SignCompact(Hash(ss.begin(), ss.end()), vchSig))
|
||||
throw JSONRPCError(-5, "Sign failed");
|
||||
|
||||
return EncodeBase64(&vchSig[0], vchSig.size());
|
||||
}
|
||||
|
||||
Value verifymessage(const Array& params, bool fHelp)
|
||||
{
|
||||
if (fHelp || params.size() != 3)
|
||||
throw runtime_error(
|
||||
"verifymessage <bitcoinaddress> <signature> <message>\n"
|
||||
"Verify a signed message");
|
||||
|
||||
string strAddress = params[0].get_str();
|
||||
string strSign = params[1].get_str();
|
||||
string strMessage = params[2].get_str();
|
||||
|
||||
CBitcoinAddress addr(strAddress);
|
||||
if (!addr.IsValid())
|
||||
throw JSONRPCError(-3, "Invalid address");
|
||||
|
||||
bool fInvalid = false;
|
||||
vector<unsigned char> vchSig = DecodeBase64(strSign.c_str(), &fInvalid);
|
||||
|
||||
if (fInvalid)
|
||||
throw JSONRPCError(-5, "Malformed base64 encoding");
|
||||
|
||||
CDataStream ss(SER_GETHASH);
|
||||
ss << strMessageMagic;
|
||||
ss << strMessage;
|
||||
|
||||
CKey key;
|
||||
if (!key.SetCompactSignature(Hash(ss.begin(), ss.end()), vchSig))
|
||||
return false;
|
||||
|
||||
return (key.GetAddress() == addr);
|
||||
}
|
||||
|
||||
|
||||
Value getreceivedbyaddress(const Array& params, bool fHelp)
|
||||
{
|
||||
|
@ -1627,6 +1693,8 @@ pair<string, rpcfn_type> pCallTable[] =
|
|||
make_pair("sendmany", &sendmany),
|
||||
make_pair("gettransaction", &gettransaction),
|
||||
make_pair("listtransactions", &listtransactions),
|
||||
make_pair("signmessage", &signmessage),
|
||||
make_pair("verifymessage", &verifymessage),
|
||||
make_pair("getwork", &getwork),
|
||||
make_pair("listaccounts", &listaccounts),
|
||||
make_pair("settxfee", &settxfee),
|
||||
|
@ -1799,43 +1867,6 @@ int ReadHTTP(std::basic_istream<char>& stream, map<string, string>& mapHeadersRe
|
|||
return nStatus;
|
||||
}
|
||||
|
||||
string EncodeBase64(string s)
|
||||
{
|
||||
BIO *b64, *bmem;
|
||||
BUF_MEM *bptr;
|
||||
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
||||
bmem = BIO_new(BIO_s_mem());
|
||||
b64 = BIO_push(b64, bmem);
|
||||
BIO_write(b64, s.c_str(), s.size());
|
||||
BIO_flush(b64);
|
||||
BIO_get_mem_ptr(b64, &bptr);
|
||||
|
||||
string result(bptr->data, bptr->length);
|
||||
BIO_free_all(b64);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
string DecodeBase64(string s)
|
||||
{
|
||||
BIO *b64, *bmem;
|
||||
|
||||
char* buffer = static_cast<char*>(calloc(s.size(), sizeof(char)));
|
||||
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
||||
bmem = BIO_new_mem_buf(const_cast<char*>(s.c_str()), s.size());
|
||||
bmem = BIO_push(b64, bmem);
|
||||
BIO_read(bmem, buffer, s.size());
|
||||
BIO_free_all(bmem);
|
||||
|
||||
string result(buffer);
|
||||
free(buffer);
|
||||
return result;
|
||||
}
|
||||
|
||||
bool HTTPAuthorized(map<string, string>& mapHeaders)
|
||||
{
|
||||
string strAuth = mapHeaders["authorization"];
|
||||
|
|
140
src/key.h
140
src/key.h
|
@ -75,6 +75,76 @@ err:
|
|||
return(ok);
|
||||
}
|
||||
|
||||
int static inline ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
|
||||
{
|
||||
if (!eckey) return 0;
|
||||
|
||||
int ret = 0;
|
||||
BN_CTX *ctx = NULL;
|
||||
|
||||
BIGNUM *x = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
BIGNUM *order = NULL;
|
||||
BIGNUM *sor = NULL;
|
||||
BIGNUM *eor = NULL;
|
||||
BIGNUM *field = NULL;
|
||||
EC_POINT *R = NULL;
|
||||
EC_POINT *O = NULL;
|
||||
EC_POINT *Q = NULL;
|
||||
BIGNUM *rr = NULL;
|
||||
BIGNUM *zero = NULL;
|
||||
int n = 0;
|
||||
int i = recid / 2;
|
||||
|
||||
const EC_GROUP *group = EC_KEY_get0_group(eckey);
|
||||
if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
|
||||
BN_CTX_start(ctx);
|
||||
order = BN_CTX_get(ctx);
|
||||
if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
|
||||
x = BN_CTX_get(ctx);
|
||||
if (!BN_copy(x, order)) { ret=-1; goto err; }
|
||||
if (!BN_mul_word(x, i)) { ret=-1; goto err; }
|
||||
if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
|
||||
field = BN_CTX_get(ctx);
|
||||
if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
|
||||
if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
|
||||
if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
|
||||
if (check)
|
||||
{
|
||||
if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
||||
if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
|
||||
if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
|
||||
}
|
||||
if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
||||
n = EC_GROUP_get_degree(group);
|
||||
e = BN_CTX_get(ctx);
|
||||
if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
|
||||
if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
|
||||
zero = BN_CTX_get(ctx);
|
||||
if (!BN_zero(zero)) { ret=-1; goto err; }
|
||||
if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
|
||||
rr = BN_CTX_get(ctx);
|
||||
if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
|
||||
sor = BN_CTX_get(ctx);
|
||||
if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
|
||||
eor = BN_CTX_get(ctx);
|
||||
if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
|
||||
if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
|
||||
if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
if (R != NULL) EC_POINT_free(R);
|
||||
if (O != NULL) EC_POINT_free(O);
|
||||
if (Q != NULL) EC_POINT_free(Q);
|
||||
return ret;
|
||||
}
|
||||
|
||||
class key_error : public std::runtime_error
|
||||
{
|
||||
|
@ -221,6 +291,66 @@ public:
|
|||
return true;
|
||||
}
|
||||
|
||||
// create a compact signature (65 bytes), which allows reconstructing the used public key
|
||||
bool SignCompact(uint256 hash, std::vector<unsigned char>& vchSig)
|
||||
{
|
||||
bool fOk = false;
|
||||
ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);
|
||||
if (sig==NULL)
|
||||
return false;
|
||||
vchSig.clear();
|
||||
vchSig.resize(65,0);
|
||||
int nBitsR = BN_num_bits(sig->r);
|
||||
int nBitsS = BN_num_bits(sig->s);
|
||||
if (nBitsR <= 256 && nBitsS <= 256)
|
||||
{
|
||||
int nRecId = -1;
|
||||
for (int i=0; i<4; i++)
|
||||
{
|
||||
CKey keyRec;
|
||||
keyRec.fSet = true;
|
||||
if (ECDSA_SIG_recover_key_GFp(keyRec.pkey, sig, (unsigned char*)&hash, sizeof(hash), i, 1) == 1)
|
||||
if (keyRec.GetPubKey() == this->GetPubKey())
|
||||
{
|
||||
nRecId = i;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (nRecId == -1)
|
||||
throw key_error("CKEy::SignCompact() : unable to construct recoverable key");
|
||||
|
||||
vchSig[0] = nRecId+27;
|
||||
BN_bn2bin(sig->r,&vchSig[33-(nBitsR+7)/8]);
|
||||
BN_bn2bin(sig->s,&vchSig[65-(nBitsS+7)/8]);
|
||||
fOk = true;
|
||||
}
|
||||
ECDSA_SIG_free(sig);
|
||||
return fOk;
|
||||
}
|
||||
|
||||
// reconstruct public key from a compact signature
|
||||
bool SetCompactSignature(uint256 hash, const std::vector<unsigned char>& vchSig)
|
||||
{
|
||||
if (vchSig.size() != 65)
|
||||
return false;
|
||||
if (vchSig[0]<27 || vchSig[0]>=31)
|
||||
return false;
|
||||
ECDSA_SIG *sig = ECDSA_SIG_new();
|
||||
BN_bin2bn(&vchSig[1],32,sig->r);
|
||||
BN_bin2bn(&vchSig[33],32,sig->s);
|
||||
|
||||
EC_KEY_free(pkey);
|
||||
pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
|
||||
if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), vchSig[0] - 27, 0) == 1)
|
||||
{
|
||||
fSet = true;
|
||||
ECDSA_SIG_free(sig);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
|
||||
{
|
||||
// -1 = error, 0 = bad sig, 1 = good
|
||||
|
@ -229,6 +359,16 @@ public:
|
|||
return true;
|
||||
}
|
||||
|
||||
bool VerifyCompact(uint256 hash, const std::vector<unsigned char>& vchSig)
|
||||
{
|
||||
CKey key;
|
||||
if (!key.SetCompactSignature(hash, vchSig))
|
||||
return false;
|
||||
if (GetPubKey() != key.GetPubKey())
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
CBitcoinAddress GetAddress() const
|
||||
{
|
||||
return CBitcoinAddress(GetPubKey());
|
||||
|
|
20
src/test/base64_tests.cpp
Normal file
20
src/test/base64_tests.cpp
Normal file
|
@ -0,0 +1,20 @@
|
|||
#include <boost/test/unit_test.hpp>
|
||||
|
||||
#include "../util.h"
|
||||
|
||||
BOOST_AUTO_TEST_SUITE(base64_tests)
|
||||
|
||||
BOOST_AUTO_TEST_CASE(base64_testvectors)
|
||||
{
|
||||
static const string vstrIn[] = {"","f","fo","foo","foob","fooba","foobar"};
|
||||
static const string vstrOut[] = {"","Zg==","Zm8=","Zm9v","Zm9vYg==","Zm9vYmE=","Zm9vYmFy"};
|
||||
for (int i=0; i<sizeof(vstrIn)/sizeof(vstrIn[0]); i++)
|
||||
{
|
||||
string strEnc = EncodeBase64(vstrIn[i]);
|
||||
BOOST_CHECK(strEnc == vstrOut[i]);
|
||||
string strDec = DecodeBase64(strEnc);
|
||||
BOOST_CHECK(strDec == vstrIn[i]);
|
||||
}
|
||||
}
|
||||
|
||||
BOOST_AUTO_TEST_SUITE_END()
|
|
@ -9,6 +9,7 @@
|
|||
#include "script_tests.cpp"
|
||||
#include "transaction_tests.cpp"
|
||||
#include "DoS_tests.cpp"
|
||||
#include "base64_tests.cpp"
|
||||
|
||||
CWallet* pwalletMain;
|
||||
|
||||
|
|
140
src/util.cpp
140
src/util.cpp
|
@ -443,7 +443,6 @@ vector<unsigned char> ParseHex(const string& str)
|
|||
return ParseHex(str.c_str());
|
||||
}
|
||||
|
||||
|
||||
void ParseParameters(int argc, char* argv[])
|
||||
{
|
||||
mapArgs.clear();
|
||||
|
@ -470,6 +469,145 @@ void ParseParameters(int argc, char* argv[])
|
|||
}
|
||||
}
|
||||
|
||||
string EncodeBase64(const unsigned char* pch, size_t len)
|
||||
{
|
||||
static const char *pbase64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
|
||||
string strRet="";
|
||||
strRet.reserve((len+2)/3*4);
|
||||
|
||||
int mode=0, left=0;
|
||||
const unsigned char *pchEnd = pch+len;
|
||||
|
||||
while (pch<pchEnd)
|
||||
{
|
||||
int enc = *(pch++);
|
||||
switch (mode)
|
||||
{
|
||||
case 0: // we have no bits
|
||||
strRet += pbase64[enc >> 2];
|
||||
left = (enc & 3) << 4;
|
||||
mode = 1;
|
||||
break;
|
||||
|
||||
case 1: // we have two bits
|
||||
strRet += pbase64[left | (enc >> 4)];
|
||||
left = (enc & 15) << 2;
|
||||
mode = 2;
|
||||
break;
|
||||
|
||||
case 2: // we have four bits
|
||||
strRet += pbase64[left | (enc >> 6)];
|
||||
strRet += pbase64[enc & 63];
|
||||
mode = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (mode)
|
||||
{
|
||||
strRet += pbase64[left];
|
||||
strRet += '=';
|
||||
if (mode == 1)
|
||||
strRet += '=';
|
||||
}
|
||||
|
||||
return strRet;
|
||||
}
|
||||
|
||||
string EncodeBase64(const string& str)
|
||||
{
|
||||
return EncodeBase64((const unsigned char*)str.c_str(), str.size());
|
||||
}
|
||||
|
||||
vector<unsigned char> DecodeBase64(const char* p, bool* pfInvalid)
|
||||
{
|
||||
static const int decode64_table[256] =
|
||||
{
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1,
|
||||
-1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
|
||||
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28,
|
||||
29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
|
||||
49, 50, 51, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
|
||||
};
|
||||
|
||||
if (pfInvalid)
|
||||
*pfInvalid = false;
|
||||
|
||||
vector<unsigned char> vchRet;
|
||||
vchRet.reserve(strlen(p)*3/4);
|
||||
|
||||
int mode = 0;
|
||||
int left = 0;
|
||||
|
||||
while (1)
|
||||
{
|
||||
int dec = decode64_table[*p];
|
||||
if (dec == -1) break;
|
||||
p++;
|
||||
switch (mode)
|
||||
{
|
||||
case 0: // we have no bits and get 6
|
||||
left = dec;
|
||||
mode = 1;
|
||||
break;
|
||||
|
||||
case 1: // we have 6 bits and keep 4
|
||||
vchRet.push_back((left<<2) | (dec>>4));
|
||||
left = dec & 15;
|
||||
mode = 2;
|
||||
break;
|
||||
|
||||
case 2: // we have 4 bits and get 6, we keep 2
|
||||
vchRet.push_back((left<<4) | (dec>>2));
|
||||
left = dec & 3;
|
||||
mode = 3;
|
||||
break;
|
||||
|
||||
case 3: // we have 2 bits and get 6
|
||||
vchRet.push_back((left<<6) | dec);
|
||||
mode = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (pfInvalid)
|
||||
switch (mode)
|
||||
{
|
||||
case 0: // 4n base64 characters processed: ok
|
||||
break;
|
||||
|
||||
case 1: // 4n+1 base64 character processed: impossible
|
||||
*pfInvalid = true;
|
||||
break;
|
||||
|
||||
case 2: // 4n+2 base64 characters processed: require '=='
|
||||
if (left || p[0] != '=' || p[1] != '=' || decode64_table[p[2]] != -1)
|
||||
*pfInvalid = true;
|
||||
break;
|
||||
|
||||
case 3: // 4n+3 base64 characters processed: require '='
|
||||
if (left || p[0] != '=' || decode64_table[p[1]] != -1)
|
||||
*pfInvalid = true;
|
||||
break;
|
||||
}
|
||||
|
||||
return vchRet;
|
||||
}
|
||||
|
||||
string DecodeBase64(const string& str)
|
||||
{
|
||||
vector<unsigned char> vchRet = DecodeBase64(str.c_str());
|
||||
return string((const char*)&vchRet[0], vchRet.size());
|
||||
}
|
||||
|
||||
|
||||
bool WildcardMatch(const char* psz, const char* mask)
|
||||
|
|
|
@ -178,6 +178,10 @@ bool ParseMoney(const std::string& str, int64& nRet);
|
|||
bool ParseMoney(const char* pszIn, int64& nRet);
|
||||
std::vector<unsigned char> ParseHex(const char* psz);
|
||||
std::vector<unsigned char> ParseHex(const std::string& str);
|
||||
std::vector<unsigned char> DecodeBase64(const char* p, bool* pfInvalid = NULL);
|
||||
std::string DecodeBase64(const std::string& str);
|
||||
std::string EncodeBase64(const unsigned char* pch, size_t len);
|
||||
std::string EncodeBase64(const std::string& str);
|
||||
void ParseParameters(int argc, char* argv[]);
|
||||
const char* wxGetTranslation(const char* psz);
|
||||
bool WildcardMatch(const char* psz, const char* mask);
|
||||
|
|
Loading…
Reference in a new issue