From a73c419eee6de7a2d94df4eb0a4f79e42744926a Mon Sep 17 00:00:00 2001 From: chris Date: Fri, 24 May 2019 15:31:05 +0100 Subject: [PATCH] Multi-sign validator lists for extra security --- src/cryptonote_basic/validators.cpp | 40 ++++++++++++++----- .../validators_commands_defs.h | 9 +++-- 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/src/cryptonote_basic/validators.cpp b/src/cryptonote_basic/validators.cpp index 50e73cdb4c..18143bd793 100644 --- a/src/cryptonote_basic/validators.cpp +++ b/src/cryptonote_basic/validators.cpp @@ -43,23 +43,41 @@ namespace electroneum { LOG_PRINT_L2("Validator List Struct received: " << store_t_to_json(res)); - string vl_publicKey = this->testnet ? - "BC41B6767BCCF23AD25A2D9A528FF47C7FABA4790B8FC2E61D11050E95E01878" : - "F669F5CDD45CE7C540A5E85CAB04F970A30E20D2C939FD5ACEB18280C9319C1D"; + std::vector testnet_vl_publicKeys = {"BC41B6767BCCF23AD25A2D9A528FF47C7FABA4790B8FC2E61D11050E95E01878", + "1B74C1751E67E01AF775201AF37554B1B62AF43454CA26E8621BAD81A1CFBC9B", + "953C06A618F276D19B303B04BA9858ECFFD885895D84A72F32C559DC5B82323C"}; - //Check against our hardcoded public-key to make sure it's a valid message - if (res.public_key != vl_publicKey) { - LOG_PRINT_L1("Validator list has invalid public_key."); + std::vector mainnet_vl_publicKeys = {"F669F5CDD45CE7C540A5E85CAB04F970A30E20D2C939FD5ACEB18280C9319C1D", + "0CACB4F4691FC0CE024064BCC16E1288B0FEB5A2424CACEEBFB82C11DE3C070C", + "9C4D0765201F78C46A7FA0EBDDF556AB98F624193FCDB1352194AAAE93F6461B"}; + + std::vector vl_publicKeys = this->testnet ? testnet_vl_publicKeys : mainnet_vl_publicKeys; + + //Check against our hardcoded public-keys to make sure it's a valid message + if (res.pubkeys.size() != vl_publicKeys.size()) { + LOG_PRINT_L1("Validator list has too few public keys."); + return false; + } + + if (res.signatures.size() != vl_publicKeys.size()) { + LOG_PRINT_L1("Validator list has too few signatures."); return false; } - bool is_signature_valid = crypto::verify_signature(res.blob, unhex(string(res.public_key)), - unhex(string(res.signature))); - if (!is_signature_valid) { - LOG_PRINT_L1("Validator list has invalid signature and will be ignored."); + //Check against our hardcoded public-keys to make sure it's a valid message + if (res.pubkeys != vl_publicKeys) { + LOG_PRINT_L1("Validator list has one or more invalid public keys."); return false; } + //We sign our validator lists with multiple keys for security purposes. + for (unsigned int i = 0; i < vl_publicKeys.size(); ++i){ + if(!crypto::verify_signature(res.blob, unhex(string(vl_publicKeys[i])), unhex(string(res.signatures[i])))){ + LOG_PRINT_L1("Validator list has an invalid signature and will be ignored."); + return false; + } + } + LOG_PRINT_L2("Validator List received: " << crypto::base64_decode(res.blob)); LOG_PRINT_L2("BEFORE"); @@ -84,7 +102,7 @@ namespace electroneum { return true; }); - //Serialize & save valid http response to propagate to p2p uppon request + //Serialize & save valid http response to propagate to p2p upon request this->serialized_v_list = store_t_to_json(res); this->last_updated = time(nullptr); this->status = ValidatorsState::Valid; diff --git a/src/cryptonote_basic/validators_commands_defs.h b/src/cryptonote_basic/validators_commands_defs.h index 2303c008cd..9836fe45ab 100644 --- a/src/cryptonote_basic/validators_commands_defs.h +++ b/src/cryptonote_basic/validators_commands_defs.h @@ -62,16 +62,17 @@ namespace electroneum { }; struct v_list_struct { - std::string public_key; + std::string blob; - std::string signature; int version = 0; + std::vector signatures; + std::vector pubkeys; BEGIN_KV_SERIALIZE_MAP() - KV_SERIALIZE(public_key) KV_SERIALIZE(blob) - KV_SERIALIZE(signature) KV_SERIALIZE(version) + KV_SERIALIZE(signatures) + KV_SERIALIZE(pubkeys) END_KV_SERIALIZE_MAP() }; }