twisterarmy
/
twister-core
mirror of https://github.com/twisterarmy/twister-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Properly implement spam signing and checking to prevent it from been used to impersonate users. 

"nobody" is an exception so default client could still send unauthenticated/anonymous spam
messages.
miguelfreitas
Miguel Freitas 11 years ago
parent
277c917b53
commit
2c48386b4e
3 changed files with 48 additions and 73 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      TODO
  2. 59
      src/bitcoind.cpp
  3. 52
      src/main.cpp

4
TODO
Unescape View File

@ -66,10 +66,6 @@ of his own torrent) @@ -66,10 +66,6 @@ of his own torrent)
- Estimate number of online followers by quering the "tracker" resource (implement a value within
this resource to report the number of torrent peers)
- Properly implement spam signing and checking to prevent it from been used to impersonate users.
"nobody" might be an exception so default client could still send unauthenticated/anonymous spam
messages.
- Define and enforce html directory to serve from. Do installation scripts.
- Don't accept dht "post"+k if k violates the validatePostNumberForUser() rule.

59
src/bitcoind.cpp
Unescape View File

@ -124,64 +124,6 @@ bool AppInit(int argc, char* argv[]) @@ -124,64 +124,6 @@ bool AppInit(int argc, char* argv[])
}
static const string strSecret1C ("Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw");
static bool TestCreateSpamMsgTx()
{
CTransaction txNew;
txNew.message = CScript() << strSpamMessage;
CBitcoinSecret bsecret1;
bsecret1.SetString (strSecret1C);
CKey key;
key.MakeNewKey(true);
//CKey key = bsecret1.GetKey();
CPubKey pubkey( key.GetPubKey() );
printf("key valid: %d compressed: %d\n", key.IsValid(), key.IsCompressed());
printf("pubkey: %s\n", EncodeBase64(&pubkey[0], pubkey.size()).c_str() );
// compute message hash and sign it
CHashWriter ss(SER_GETHASH, PROTOCOL_VERSION);
ss << txNew.message;
uint256 hashMsg = ss.GetHash();
// vchSig is sig(hash(message))
vector<unsigned char> vchSig;
if (!key.Sign(hashMsg, vchSig)) {
printf("CreateNewBlock: Failed to sign SpamMessage\n");
return false;
}
/*
vector<unsigned char> vchSigCompact;
if (!key.SignCompact(hashMsg, vchSigCompact)) {
printf("CreateNewBlock: Failed to sign SpamMessage2\n");
return false;
}
printf("sign size: %zu signCompact size: %zu\n", vchSig.size(), vchSigCompact.size());
printf("signCompact: %s\n", EncodeBase64(&vchSigCompact[0], vchSigCompact.size()).c_str());
*/
printf("CreateSpamMsgTx: msg = %s user = %s hash = %s signedhash = %s\n", txNew.message.ToString().c_str(), strSpamUser.c_str(),
hashMsg.ToString().c_str(), EncodeBase64(&vchSig[0], vchSig.size()).c_str() );
// add username and signature
txNew.userName = CScript() << strSpamUser;
txNew.userName += CScript() << vchSig;
txNew.pubKey.clear(); // pubKey will be updated to include extranonce
txNew.nNonce = 0; // no update needed for spamMessage's nonce.
std::vector< std::vector<unsigned char> > vData;
txNew.userName.ExtractPushData(vData);
printf("Verify: %d\n", pubkey.Verify(hashMsg,vData[1]));
exit(1);
}
extern void GenesisMiner();
extern void noui_connect();
int main(int argc, char* argv[])
@ -190,7 +132,6 @@ int main(int argc, char* argv[]) @@ -190,7 +132,6 @@ int main(int argc, char* argv[])
fHaveGUI = false;
//GenesisMiner();
//TestCreateSpamMsgTx();
// Connect bitcoind signal handlers
noui_connect();

52
src/main.cpp
Unescape View File

@ -425,10 +425,45 @@ bool CheckTransaction(const CTransaction& tx, CValidationState &state) @@ -425,10 +425,45 @@ bool CheckTransaction(const CTransaction& tx, CValidationState &state)
{
// Basic checks that don't depend on any context
if (tx.IsSpamMessage()) {
if (tx.message.size() > MAX_SPAM_MSG_SIZE)
string spamMsg = tx.message.ExtractPushDataString(0);
if (!spamMsg.size())
return state.DoS(100, error("CheckTransaction() : invalid or empty spam message"));
if (spamMsg.size() > MAX_SPAM_MSG_SIZE)
return state.DoS(100, error("CheckTransaction() : spam message too big"));
// [MF] TODO: check message signature
// [MF] Problem: registration of this user may be in the block itself, better check later.
string spamUser = tx.userName.ExtractPushDataString(0);
if( spamUser != "nobody" ) {
string strSign = tx.userName.ExtractPushDataString(1);
if (!strSign.size())
return state.DoS(100, error("CheckTransaction() : spam signature missing"));
vector<unsigned char> vchSig((const unsigned char*)strSign.data(),
(const unsigned char*)strSign.data() + strSign.size());
CPubKey pubkey;
CTransaction txPubKey;
uint256 hashBlock;
uint256 userhash = SerializeHash(spamUser);
if( !GetTransaction(userhash, txPubKey, hashBlock) )
return state.DoS(100, error("CheckTransaction() : spam signed by unknown user"));
std::vector< std::vector<unsigned char> > vData;
if( !txPubKey.pubKey.ExtractPushData(vData) || vData.size() < 1 )
return state.DoS(100, error("CheckTransaction() : spam signed with broken pubkey"));
pubkey = CPubKey(vData[0]);
// compute message hash for signature checking
CHashWriter ss(SER_GETHASH, PROTOCOL_VERSION);
ss << strMessageMagic;
ss << tx.message;
CPubKey pubkeyRec;
if (!pubkeyRec.RecoverCompact(ss.GetHash(), vchSig))
return state.DoS(100, error("CheckTransaction() : RecoverCompact failed for spammsg"));
if (pubkeyRec.GetID() != pubkey.GetID())
return state.DoS(100, error("CheckTransaction() : spam signature verification failed"));
}
} else {
if (tx.userName.empty())
return state.DoS(10, error("CheckTransaction() : username empty"));
@ -1713,12 +1748,11 @@ bool ProcessBlock(CValidationState &state, CNode* pfrom, CBlock* pblock, CDiskBl @@ -1713,12 +1748,11 @@ bool ProcessBlock(CValidationState &state, CNode* pfrom, CBlock* pblock, CDiskBl
if( pblock->vtx[0].IsSpamMessage() ) {
string msg = pblock->vtx[0].message.ExtractPushDataString(0);
string user = pblock->vtx[0].userName.ExtractPushDataString(0);
// [MF] FIXME: validate user properly
if( msg.length() <= 140 ) {
// SpamMessage was already validated in CheckBlock => CheckTransation
printf("ProcessBlock: msg='%s' user='%s'\n", msg.c_str(), user.c_str());
receivedSpamMessage(msg, user);
}
}
return true;
}
@ -3492,7 +3526,7 @@ static bool CreateSpamMsgTx(CTransaction &txNew, std::vector<unsigned char> &sal @@ -3492,7 +3526,7 @@ static bool CreateSpamMsgTx(CTransaction &txNew, std::vector<unsigned char> &sal
std::string strUsername = strSpamUser;
CKeyID keyID;
if( !pwalletMain->GetKeyIdFromUsername(strSpamUser, keyID) ) {
if( strSpamUser != "nobody" && !pwalletMain->GetKeyIdFromUsername(strSpamUser, keyID) ) {
if( pwalletMain->vchDefaultKey.IsValid() ) {
keyID = pwalletMain->vchDefaultKey.GetID();
strUsername = pwalletMain->mapKeyMetadata[keyID].username;
@ -3534,6 +3568,10 @@ static bool CreateSpamMsgTx(CTransaction &txNew, std::vector<unsigned char> &sal @@ -3534,6 +3568,10 @@ static bool CreateSpamMsgTx(CTransaction &txNew, std::vector<unsigned char> &sal
txNew.pubKey.clear(); // pubKey will be updated to include extranonce
txNew.nNonce = 0; // no update needed for spamMessage's nonce.
CValidationState state;
bool ret = CheckTransaction(txNew, state);
printf("CheckTransaction returned %d\n", ret );
return true;
}

Write Preview
Loading…
Cancel
Save