6 files changed, 122 insertions, 25 deletions

diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp
index e00f9d2e9..152a7dcd7 100644
--- a/src/wallet/api/wallet.cpp
+++ b/src/wallet/api/wallet.cpp
@@ -1998,7 +1998,7 @@ bool WalletImpl::checkReserveProof(const std::string &address, const std::string
 
 std::string WalletImpl::signMessage(const std::string &message)
 {
-  return m_wallet->sign(message);
+  return m_wallet->sign(message, tools::wallet2::sign_with_spend_key);
 }
 
 bool WalletImpl::verifySignedMessage(const std::string &message, const std::string &address, const std::string &signature) const
@@ -2008,7 +2008,7 @@ bool WalletImpl::verifySignedMessage(const std::string &message, const std::stri
   if (!cryptonote::get_account_address_from_str(info, m_wallet->nettype(), address))
     return false;
 
-  return m_wallet->verify(message, info.address, signature);
+  return m_wallet->verify(message, info.address, signature).valid;
 }
 
 std::string WalletImpl::signMultisigParticipant(const std::string &message) const
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 31aaaddea..653b4da12 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -12207,51 +12207,114 @@ void wallet2::set_account_tag_description(const std::string& tag, const std::str
   m_account_tags.first[tag] = description;
 }
 
-std::string wallet2::sign(const std::string &data, cryptonote::subaddress_index index) const
-{
+static crypto::hash get_message_hash(const std::string &data)
+{
+  KECCAK_CTX ctx;
+  keccak_init(&ctx);
+  keccak_update(&ctx, (const uint8_t*)config::HASH_KEY_MESSAGE_SIGNING, sizeof(config::HASH_KEY_MESSAGE_SIGNING)); // includes NUL
+  char len_buf[(sizeof(size_t) * 8 + 6) / 7];
+  char *ptr = len_buf;
+  tools::write_varint(ptr, data.size());
+  CHECK_AND_ASSERT_THROW_MES(ptr > len_buf && ptr <= len_buf + sizeof(len_buf), "Length overflow");
+  keccak_update(&ctx, (const uint8_t*)len_buf, ptr - len_buf);
+  keccak_update(&ctx, (const uint8_t*)data.data(), data.size());
   crypto::hash hash;
-  crypto::cn_fast_hash(data.data(), data.size(), hash);
+  keccak_finish(&ctx, (uint8_t*)&hash);
+  return hash;
+}
+
+std::string wallet2::sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index) const
+{
+  const crypto::hash hash = get_message_hash(data);
   const cryptonote::account_keys &keys = m_account.get_keys();
   crypto::signature signature;
-  crypto::secret_key skey;
+  crypto::secret_key skey, m;
   crypto::public_key pkey;
   if (index.is_zero())
   {
-    skey = keys.m_spend_secret_key;
-    pkey = keys.m_account_address.m_spend_public_key;
+    switch (signature_type)
+    {
+      case sign_with_spend_key:
+        skey = keys.m_spend_secret_key;
+        pkey = keys.m_account_address.m_spend_public_key;
+        break;
+      case sign_with_view_key:
+        skey = keys.m_view_secret_key;
+        pkey = keys.m_account_address.m_view_public_key;
+        break;
+#if 0
+      case sign_with_both_keys:
+#endif
+      default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested");
+    }
   }
   else
   {
-    skey = keys.m_spend_secret_key;
-    crypto::secret_key m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index);
-    sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey);
+    switch (signature_type)
+    {
+      case sign_with_spend_key:
+        skey = keys.m_spend_secret_key;
+        m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index);
+        sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey);
+        break;
+      case sign_with_view_key:
+        skey = keys.m_spend_secret_key;
+        m = m_account.get_device().get_subaddress_secret_key(keys.m_view_secret_key, index);
+        sc_add((unsigned char*)&skey, (unsigned char*)&m, (unsigned char*)&skey);
+        sc_mul((unsigned char*)&skey, (unsigned char*)&keys.m_view_secret_key, (unsigned char*)&skey);
+        break;
+#if 0
+      case sign_with_both_keys: skey = ...; break;
+#endif
+      default: CHECK_AND_ASSERT_THROW_MES(false, "Invalid signature type requested");
+    }
     secret_key_to_public_key(skey, pkey);
   }
   crypto::generate_signature(hash, pkey, skey, signature);
-  return std::string("SigV1") + tools::base58::encode(std::string((const char *)&signature, sizeof(signature)));
+  return std::string("SigV2") + tools::base58::encode(std::string((const char *)&signature, sizeof(signature)));
 }
 
-bool wallet2::verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const
+tools::wallet2::message_signature_result_t wallet2::verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const
 {
-  const size_t header_len = strlen("SigV1");
-  if (signature.size() < header_len || signature.substr(0, header_len) != "SigV1") {
+  static const size_t v1_header_len = strlen("SigV1");
+  static const size_t v2_header_len = strlen("SigV2");
+  const bool v1 = signature.size() >= v1_header_len && signature.substr(0, v1_header_len) == "SigV1";
+  const bool v2 = signature.size() >= v2_header_len && signature.substr(0, v2_header_len) == "SigV2";
+  if (!v1 && !v2)
+  {
     LOG_PRINT_L0("Signature header check error");
-    return false;
+    return {};
   }
   crypto::hash hash;
-  crypto::cn_fast_hash(data.data(), data.size(), hash);
+  if (v1)
+  {
+    crypto::cn_fast_hash(data.data(), data.size(), hash);
+  }
+  else
+  {
+    hash = get_message_hash(data);
+  }
   std::string decoded;
-  if (!tools::base58::decode(signature.substr(header_len), decoded)) {
+  if (!tools::base58::decode(signature.substr(v1 ? v1_header_len : v2_header_len), decoded)) {
     LOG_PRINT_L0("Signature decoding error");
-    return false;
+    return {};
   }
   crypto::signature s;
   if (sizeof(s) != decoded.size()) {
     LOG_PRINT_L0("Signature decoding error");
-    return false;
+    return {};
   }
   memcpy(&s, decoded.data(), sizeof(s));
-  return crypto::check_signature(hash, address.m_spend_public_key, s);
+  if (crypto::check_signature(hash, address.m_spend_public_key, s))
+    return {true, v1 ? 1u : 2u, !v2, sign_with_spend_key };
+  if (crypto::check_signature(hash, address.m_view_public_key, s))
+    return {true, v1 ? 1u : 2u, !v2, sign_with_view_key };
+#if 0
+  rct::key both = ...;
+  if (crypto::check_signature(hash, rct::rct2pk(both), s))
+    return {true, v1 ? 1u : 2u, !v2, sign_with_both_keys };
+#endif
+  return {};
 }
 
 std::string wallet2::sign_multisig_participant(const std::string& data) const
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 117e4e2f2..7a142d016 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -1341,8 +1341,10 @@ private:
      */
     void set_account_tag_description(const std::string& tag, const std::string& description);
 
-    std::string sign(const std::string &data, cryptonote::subaddress_index index = {0, 0}) const;
-    bool verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const;
+    enum message_signature_type_t { sign_with_spend_key, sign_with_view_key, sign_with_both_keys };
+    std::string sign(const std::string &data, message_signature_type_t signature_type, cryptonote::subaddress_index index = {0, 0}) const;
+    struct message_signature_result_t { bool valid; unsigned version; bool old; message_signature_type_t type; };
+    message_signature_result_t verify(const std::string &data, const cryptonote::account_public_address &address, const std::string &signature) const;
 
     /*!
      * \brief sign_multisig_participant signs given message with the multisig public signer key
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 0ed749cb7..ae5b692df 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -2007,7 +2007,20 @@ namespace tools
       return false;
     }
 
-    res.signature = m_wallet->sign(req.data, {req.account_index, req.address_index});
+    tools::wallet2::message_signature_type_t signature_type = tools::wallet2::sign_with_spend_key;
+    if (req.signature_type == "spend" || req.signature_type == "")
+      signature_type = tools::wallet2::sign_with_spend_key;
+    else if (req.signature_type == "view")
+      signature_type = tools::wallet2::sign_with_view_key;
+    else if (req.signature_type == "both")
+      signature_type = tools::wallet2::sign_with_both_keys;
+    else
+    {
+      er.code = WALLET_RPC_ERROR_CODE_INVALID_SIGNATURE_TYPE;
+      er.message = "Invalid signature type requested";
+      return false;
+    }
+    res.signature = m_wallet->sign(req.data, signature_type, {req.account_index, req.address_index});
     return true;
   }
   //------------------------------------------------------------------------------------------------------------------------------
@@ -2042,7 +2055,17 @@ namespace tools
       return false;
     }
 
-    res.good = m_wallet->verify(req.data, info.address, req.signature);
+    const auto result = m_wallet->verify(req.data, info.address, req.signature);
+    res.good = result.valid;
+    res.version = result.version;
+    res.old = result.old;
+    switch (result.type)
+    {
+      case tools::wallet2::sign_with_spend_key: res.signature_type = "spend"; break;
+      case tools::wallet2::sign_with_view_key: res.signature_type = "view"; break;
+      case tools::wallet2::sign_with_both_keys: res.signature_type = "both"; break;
+      default: res.signature_type = "invalid"; break;
+    }
     return true;
   }
   //------------------------------------------------------------------------------------------------------------------------------
diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h
index 5b2536bf1..73904bae8 100644
--- a/src/wallet/wallet_rpc_server_commands_defs.h
+++ b/src/wallet/wallet_rpc_server_commands_defs.h
@@ -1618,11 +1618,13 @@ namespace wallet_rpc
       std::string data;
       uint32_t account_index;
       uint32_t address_index;
+      std::string signature_type;
 
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(data)
         KV_SERIALIZE_OPT(account_index, 0u)
         KV_SERIALIZE_OPT(address_index, 0u)
+        KV_SERIALIZE(signature_type)
       END_KV_SERIALIZE_MAP()
     };
     typedef epee::misc_utils::struct_init<request_t> request;
@@ -1657,9 +1659,15 @@ namespace wallet_rpc
     struct response_t
     {
       bool good;
+      unsigned version;
+      bool old;
+      std::string signature_type;
 
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(good);
+        KV_SERIALIZE(version);
+        KV_SERIALIZE(old);
+        KV_SERIALIZE(signature_type);
       END_KV_SERIALIZE_MAP()
     };
     typedef epee::misc_utils::struct_init<response_t> response;
diff --git a/src/wallet/wallet_rpc_server_error_codes.h b/src/wallet/wallet_rpc_server_error_codes.h
index 9b455af6a..f7c5bb0e1 100644
--- a/src/wallet/wallet_rpc_server_error_codes.h
+++ b/src/wallet/wallet_rpc_server_error_codes.h
@@ -76,3 +76,4 @@
 #define WALLET_RPC_ERROR_CODE_NON_DETERMINISTIC      -43
 #define WALLET_RPC_ERROR_CODE_INVALID_LOG_LEVEL      -44
 #define WALLET_RPC_ERROR_CODE_ATTRIBUTE_NOT_FOUND    -45
+#define WALLET_RPC_ERROR_CODE_INVALID_SIGNATURE_TYPE -47