// Copyright (c) 2018-2023, The Monero Project // // All rights reserved. // // Redistribution and use in source and binary forms, with or without modification, are // permitted provided that the following conditions are met: // // 1. Redistributions of source code must retain the above copyright notice, this list of // conditions and the following disclaimer. // // 2. Redistributions in binary form must reproduce the above copyright notice, this list // of conditions and the following disclaimer in the documentation and/or other // materials provided with the distribution. // // 3. Neither the name of the copyright holder nor the names of its contributors may be // used to endorse or promote products derived from this software without specific // prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include #include #include #include "include_base_utils.h" #include "string_tools.h" #include "rpc_payment_signature.h" #undef MONERO_DEFAULT_LOG_CATEGORY #define MONERO_DEFAULT_LOG_CATEGORY "daemon.rpc.payment" #define TIMESTAMP_LEEWAY (60 * 1000000) /* 60 seconds, in microseconds */ namespace cryptonote { std::string make_rpc_payment_signature(const crypto::secret_key &skey) { std::string s; crypto::public_key pkey; crypto::secret_key_to_public_key(skey, pkey); crypto::signature sig; const uint64_t now = std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); char ts[17]; int ret = snprintf(ts, sizeof(ts), "%16.16" PRIx64, now); CHECK_AND_ASSERT_MES(ret == 16, "", "snprintf failed"); ts[16] = 0; CHECK_AND_ASSERT_MES(strlen(ts) == 16, "", "Invalid time conversion"); crypto::hash hash; crypto::cn_fast_hash(ts, 16, hash); crypto::generate_signature(hash, pkey, skey, sig); s = epee::string_tools::pod_to_hex(pkey) + ts + epee::string_tools::pod_to_hex(sig); return s; } bool verify_rpc_payment_signature(const std::string &message, crypto::public_key &pkey, uint64_t &ts) { if (message.size() != 2 * sizeof(crypto::public_key) + 16 + 2 * sizeof(crypto::signature)) { MDEBUG("Bad message size: " << message.size()); return false; } const std::string pkey_string = message.substr(0, 2 * sizeof(crypto::public_key)); const std::string ts_string = message.substr(2 * sizeof(crypto::public_key), 16); const std::string signature_string = message.substr(2 * sizeof(crypto::public_key) + 16); if (!epee::string_tools::hex_to_pod(pkey_string, pkey)) { MDEBUG("Bad client id"); return false; } crypto::signature signature; if (!epee::string_tools::hex_to_pod(signature_string, signature)) { MDEBUG("Bad signature"); return false; } crypto::hash hash; crypto::cn_fast_hash(ts_string.data(), 16, hash); if (!crypto::check_signature(hash, pkey, signature)) { MDEBUG("signature does not verify"); return false; } char *endptr = NULL; errno = 0; unsigned long long ull = strtoull(ts_string.c_str(), &endptr, 16); if (ull == ULLONG_MAX && errno == ERANGE) { MDEBUG("bad timestamp"); return false; } ts = ull; const uint64_t now = std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); if (ts > now + TIMESTAMP_LEEWAY) { MDEBUG("Timestamp is in the future"); return false; } if (ts < now - TIMESTAMP_LEEWAY) { MDEBUG("Timestamp is too old"); return false; } return true; } }