Permalink
Browse files

Security issue fix

  • Loading branch information...
aivve committed May 9, 2017
1 parent c8a318f commit 4da156f2f07784ac24dde65d98517b1ffc99156f
Showing with 32 additions and 3 deletions.
  1. +13 −1 src/CryptoNoteCore/Core.cpp
  2. +12 −1 src/crypto/crypto.cpp
  3. +7 −1 src/crypto/crypto.h
@@ -1,4 +1,4 @@
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers, The Karbowanec developers
//
// This file is part of Bytecoin.
//
@@ -276,6 +276,12 @@ bool core::check_tx_semantic(const Transaction& tx, bool keeped_by_block) {
}
bool core::check_tx_inputs_keyimages_diff(const Transaction& tx) {
// parameters used for the additional key_image check
static const Crypto::KeyImage Z = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
static const Crypto::KeyImage I = { { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
static const Crypto::KeyImage L = { { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 } };
std::unordered_set<Crypto::KeyImage> ki;
std::set<std::pair<uint64_t, uint32_t>> outputsUsage;
for (const auto& input : tx.inputs) {
@@ -291,6 +297,12 @@ bool core::check_tx_inputs_keyimages_diff(const Transaction& tx) {
return false;
}
// additional key_image check
if (!(scalarmultKey(in.keyImage, L) == I)) {
logger(ERROR) << "Transaction uses key image not in the valid domain";
return false;
}
// outputIndexes are packed here, first is absolute, others are offsets to previous,
// so first can be zero, others can't
if (std::find(++std::begin(in.outputIndexes), std::end(in.outputIndexes), 0) != std::end(in.outputIndexes)) {
View
@@ -1,4 +1,4 @@
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers, The Karbowanec developers
//
// This file is part of Bytecoin.
//
@@ -298,6 +298,17 @@ namespace Crypto {
ge_p1p1_to_p3(&res, &point2);
}
KeyImage crypto_ops::scalarmultKey(const KeyImage & P, const KeyImage & a) {
ge_p3 A;
ge_p2 R;
// maybe use assert instead?
ge_frombytes_vartime(&A, reinterpret_cast<const unsigned char*>(&P));
ge_scalarmult(&R, reinterpret_cast<const unsigned char*>(&a), &A);
KeyImage aP;
ge_tobytes(reinterpret_cast<unsigned char*>(&aP), &R);
return aP;
}
void crypto_ops::hash_data_to_ec(const uint8_t* data, std::size_t len, PublicKey& key) {
Hash h;
ge_p2 point;
View
@@ -1,4 +1,4 @@
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers
// Copyright (c) 2012-2016, The CryptoNote developers, The Bytecoin developers, The Karbowanec developers
//
// This file is part of Bytecoin.
//
@@ -82,6 +82,8 @@ struct EllipticCurveScalar {
friend bool check_signature(const Hash &, const PublicKey &, const Signature &);
static void generate_key_image(const PublicKey &, const SecretKey &, KeyImage &);
friend void generate_key_image(const PublicKey &, const SecretKey &, KeyImage &);
static KeyImage scalarmultKey(const KeyImage & P, const KeyImage & a);
friend KeyImage scalarmultKey(const KeyImage & P, const KeyImage & a);
static void hash_data_to_ec(const uint8_t*, std::size_t, PublicKey&);
friend void hash_data_to_ec(const uint8_t*, std::size_t, PublicKey&);
static void generate_ring_signature(const Hash &, const KeyImage &,
@@ -219,6 +221,10 @@ struct EllipticCurveScalar {
crypto_ops::generate_key_image(pub, sec, image);
}
inline KeyImage scalarmultKey(const KeyImage & P, const KeyImage & a) {
return crypto_ops::scalarmultKey(P, a);
}
inline void hash_data_to_ec(const uint8_t* data, std::size_t len, PublicKey& key) {
crypto_ops::hash_data_to_ec(data, len, key);
}

0 comments on commit 4da156f

Please sign in to comment.