From 33129bf170e7a135021d0f10abd9fbb4115dfa51 Mon Sep 17 00:00:00 2001 From: Sergiy Lavrynenko Date: Fri, 29 May 2020 17:16:49 +0300 Subject: [PATCH 1/2] SKALE-2589 fixed IMA token message verification, message fields were disassembled incorrectly --- libdevcore/BMPBN.h | 10 +++ libweb3jsonrpc/SkaleStats.cpp | 111 +++++++++++++++++++++++++--------- 2 files changed, 94 insertions(+), 27 deletions(-) diff --git a/libdevcore/BMPBN.h b/libdevcore/BMPBN.h index 72881389e..347bd2010 100644 --- a/libdevcore/BMPBN.h +++ b/libdevcore/BMPBN.h @@ -124,6 +124,16 @@ inline T decode( const uint8_t* input, size_t length ) { return result; } +template < class T > +inline T decode_inv( const uint8_t* input, size_t length ) { + std::vector< uint8_t > vi; + if ( input && length ) { + for ( size_t i = 0; i < length; ++i ) + vi.insert( vi.begin(), input[i] ); + } + return decode< T >( vi.data(), vi.size() ); +} + template < class T > inline std::string toHexStringWithPadding( const T& value, size_t nPadding = std::string::npos, bool bWith0x = true ) { diff --git a/libweb3jsonrpc/SkaleStats.cpp b/libweb3jsonrpc/SkaleStats.cpp index 12600d0ff..ff5de76b5 100644 --- a/libweb3jsonrpc/SkaleStats.cpp +++ b/libweb3jsonrpc/SkaleStats.cpp @@ -897,34 +897,54 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(1), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 contractPosition = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"contractPosition\" is " << toJS( contractPosition ) << std::endl; nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(2), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 addressTo = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"addressTo\" is " << toJS( addressTo ) << std::endl; nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(3), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 amount = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"amount\" is " << toJS( amount ) << std::endl; nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(4), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfName = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"sizeOfName\" is " << toJS( sizeOfName ) << std::endl; nPos += nFiledSize; nFiledSize = sizeOfName.convert_to< size_t >(); + // std::cout << "\"nFiledSize\" is " << nFiledSize << std::endl; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(5), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); std::string strName( "" ); strName.insert( strName.end(), ( ( char* ) ( vecBytes.data() ) ) + nPos, ( ( char* ) ( vecBytes.data() ) ) + nPos + nFiledSize ); @@ -932,13 +952,21 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(6), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfSymbol = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"sizeOfSymbol\" is " << toJS( sizeOfSymbol ) << std::endl; nPos += 32; nFiledSize = sizeOfSymbol.convert_to< size_t >(); + // std::cout << "\"nFiledSize\" is " << nFiledSize << std::endl; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(7), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); std::string strSymbol( "" ); strSymbol.insert( strSymbol.end(), ( ( char* ) ( vecBytes.data() ) ) + nPos, ( ( char* ) ( vecBytes.data() ) ) + nPos + nFiledSize ); @@ -946,15 +974,23 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // nFiledSize = 1; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(8), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const uint8_t nDecimals = uint8_t( vecBytes[nPos] ); + // std::cout << "\"nDecimals\" is " << nDecimals << std::endl; nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC20(9), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 totalSupply = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + // std::cout << "\"totalSupply\" is " << toJS( totalSupply ) << std::endl; nPos += nFiledSize; // if ( nPos > cntMessageBytes ) { @@ -1003,34 +1039,49 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(1), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 contractPosition = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(2), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 addressTo = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(3), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 tokenID = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); nPos += nFiledSize; // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(4), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfName = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); nPos += nFiledSize; nFiledSize = sizeOfName.convert_to< size_t >(); if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(5), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); std::string strName( "" ); strName.insert( strName.end(), ( ( char* ) ( vecBytes.data() ) ) + nPos, ( ( char* ) ( vecBytes.data() ) ) + nPos + nFiledSize ); @@ -1038,13 +1089,19 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(6), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfSymbol = - BMPBN::decode< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); + BMPBN::decode_inv< dev::u256 >( vecBytes.data() + nPos, nFiledSize ); nPos += 32; nFiledSize = sizeOfSymbol.convert_to< size_t >(); if ( ( nPos + nFiledSize ) > cntMessageBytes ) - throw std::runtime_error( "IMA message to short" ); + throw std::runtime_error( + skutils::tools::format( "IMA message to short, ERC721(7), nPos=%zu, " + "nFiledSize=%zu, cntMessageBytes=%zu", + nPos, nFiledSize, cntMessageBytes ) ); std::string strSymbol( "" ); strSymbol.insert( strSymbol.end(), ( ( char* ) ( vecBytes.data() ) ) + nPos, ( ( char* ) ( vecBytes.data() ) ) + nPos + nFiledSize ); From 33bdc48b7bec0b3d385ec7e6d74fa4eff1e0e4be Mon Sep 17 00:00:00 2001 From: Sergiy Lavrynenko Date: Thu, 4 Jun 2020 13:37:25 +0300 Subject: [PATCH 2/2] SKALE-2589 misprint fix --- libweb3jsonrpc/SkaleStats.cpp | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/libweb3jsonrpc/SkaleStats.cpp b/libweb3jsonrpc/SkaleStats.cpp index ff5de76b5..c9e649a42 100644 --- a/libweb3jsonrpc/SkaleStats.cpp +++ b/libweb3jsonrpc/SkaleStats.cpp @@ -898,7 +898,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(1), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(1), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 contractPosition = @@ -909,7 +909,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(2), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(2), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 addressTo = @@ -920,7 +920,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(3), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(3), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 amount = @@ -931,7 +931,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(4), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(4), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfName = @@ -942,7 +942,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // std::cout << "\"nFiledSize\" is " << nFiledSize << std::endl; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(5), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(5), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); std::string strName( "" ); @@ -953,7 +953,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(6), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(6), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfSymbol = @@ -964,7 +964,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { // std::cout << "\"nFiledSize\" is " << nFiledSize << std::endl; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(7), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(7), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); std::string strSymbol( "" ); @@ -975,7 +975,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 1; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(8), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(8), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const uint8_t nDecimals = uint8_t( vecBytes[nPos] ); @@ -985,7 +985,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC20(9), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC20(9), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 totalSupply = @@ -1040,7 +1040,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(1), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(1), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 contractPosition = @@ -1050,7 +1050,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(2), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(2), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 addressTo = @@ -1060,7 +1060,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(3), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(3), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 tokenID = @@ -1070,7 +1070,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(4), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(4), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfName = @@ -1079,7 +1079,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = sizeOfName.convert_to< size_t >(); if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(5), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(5), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); std::string strName( "" ); @@ -1090,7 +1090,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = 32; if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(6), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(6), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); const dev::u256 sizeOfSymbol = @@ -1099,7 +1099,7 @@ Json::Value SkaleStats::skale_imaVerifyAndSign( const Json::Value& request ) { nFiledSize = sizeOfSymbol.convert_to< size_t >(); if ( ( nPos + nFiledSize ) > cntMessageBytes ) throw std::runtime_error( - skutils::tools::format( "IMA message to short, ERC721(7), nPos=%zu, " + skutils::tools::format( "IMA message too short, ERC721(7), nPos=%zu, " "nFiledSize=%zu, cntMessageBytes=%zu", nPos, nFiledSize, cntMessageBytes ) ); std::string strSymbol( "" );