diff options
| -rw-r--r-- | src/common/dns_utils.cpp | 12 | ||||
| -rw-r--r-- | src/common/dns_utils.h | 8 | ||||
| -rw-r--r-- | src/cryptonote_core/blockchain_storage.cpp | 80 | ||||
| -rw-r--r-- | src/cryptonote_core/blockchain_storage.h | 7 | ||||
| -rw-r--r-- | src/cryptonote_core/checkpoints.cpp | 26 | ||||
| -rw-r--r-- | src/cryptonote_core/checkpoints.h | 4 | ||||
| -rw-r--r-- | src/cryptonote_core/checkpoints_create.cpp | 193 | ||||
| -rw-r--r-- | src/cryptonote_core/checkpoints_create.h | 76 | ||||
| -rw-r--r-- | src/cryptonote_core/cryptonote_core.cpp | 52 | ||||
| -rw-r--r-- | src/cryptonote_core/cryptonote_core.h | 11 | ||||
| -rw-r--r-- | src/daemon/daemon.cpp | 9 | ||||
| -rw-r--r-- | src/p2p/net_node.inl | 4 | ||||
| -rw-r--r-- | src/wallet/wallet2.cpp | 13 | ||||
| -rw-r--r-- | tests/unit_tests/dns_resolver.cpp | 27 |
14 files changed, 425 insertions, 97 deletions
diff --git a/src/common/dns_utils.cpp b/src/common/dns_utils.cpp index 346761e74..0376ab9a9 100644 --- a/src/common/dns_utils.cpp +++ b/src/common/dns_utils.cpp @@ -118,9 +118,11 @@ DNSResolver::~DNSResolver() } } -std::vector<std::string> DNSResolver::get_ipv4(const std::string& url) +std::vector<std::string> DNSResolver::get_ipv4(const std::string& url, bool& dnssec_available, bool& dnssec_valid) { std::vector<std::string> addresses; + dnssec_available = false; + dnssec_valid = false; char urlC[1000]; // waaaay too big, but just in case... strncpy(urlC, url.c_str(), 999); @@ -148,9 +150,11 @@ std::vector<std::string> DNSResolver::get_ipv4(const std::string& url) return addresses; } -std::vector<std::string> DNSResolver::get_ipv6(const std::string& url) +std::vector<std::string> DNSResolver::get_ipv6(const std::string& url, bool& dnssec_available, bool& dnssec_valid) { std::vector<std::string> addresses; + dnssec_available = false; + dnssec_valid = false; char urlC[1000]; // waaaay too big, but just in case... strncpy(urlC, url.c_str(), 999); @@ -178,9 +182,11 @@ std::vector<std::string> DNSResolver::get_ipv6(const std::string& url) return addresses; } -std::vector<std::string> DNSResolver::get_txt_record(const std::string& url) +std::vector<std::string> DNSResolver::get_txt_record(const std::string& url, bool& dnssec_available, bool& dnssec_valid) { std::vector<std::string> records; + dnssec_available = false; + dnssec_valid = false; char urlC[1000]; // waaaay too big, but just in case... strncpy(urlC, url.c_str(), 999); diff --git a/src/common/dns_utils.h b/src/common/dns_utils.h index dd6946dc4..9958e4ca2 100644 --- a/src/common/dns_utils.h +++ b/src/common/dns_utils.h @@ -71,9 +71,11 @@ public: * * @param url A string containing a URL to query for * + * @param dnssec_available + * * @return vector of strings containing ipv4 addresses */ - std::vector<std::string> get_ipv4(const std::string& url); + std::vector<std::string> get_ipv4(const std::string& url, bool& dnssec_available, bool& dnssec_valid); /** * @brief gets ipv6 addresses from DNS query @@ -85,7 +87,7 @@ public: * * @return vector of strings containing ipv6 addresses */ - std::vector<std::string> get_ipv6(const std::string& url); + std::vector<std::string> get_ipv6(const std::string& url, bool& dnssec_available, bool& dnssec_valid); /** * @brief gets all TXT records from a DNS query for the supplied URL; @@ -96,7 +98,7 @@ public: * @return A vector of strings containing a TXT record; or an empty vector */ // TODO: modify this to accomodate DNSSEC - std::vector<std::string> get_txt_record(const std::string& url); + std::vector<std::string> get_txt_record(const std::string& url, bool& dnssec_available, bool& dnssec_valid); /** * @brief Gets the singleton instance of DNSResolver diff --git a/src/cryptonote_core/blockchain_storage.cpp b/src/cryptonote_core/blockchain_storage.cpp index e664a39c5..6f1b4121c 100644 --- a/src/cryptonote_core/blockchain_storage.cpp +++ b/src/cryptonote_core/blockchain_storage.cpp @@ -47,6 +47,7 @@ #include "common/boost_serialization_helper.h" #include "warnings.h" #include "crypto/hash.h" +#include "cryptonote_core/checkpoints_create.h" //#include "serialization/json_archive.h" using namespace cryptonote; @@ -441,6 +442,13 @@ difficulty_type blockchain_storage::get_difficulty_for_next_block() bool blockchain_storage::rollback_blockchain_switching(std::list<block>& original_chain, size_t rollback_height) { CRITICAL_REGION_LOCAL(m_blockchain_lock); + + // fail if rollback_height passed is too high + if (rollback_height > m_blocks.size()) + { + return true; + } + //remove failed subchain for(size_t i = m_blocks.size()-1; i >=rollback_height; i--) { @@ -1773,3 +1781,75 @@ bool blockchain_storage::add_new_block(const block& bl_, block_verification_cont return handle_block_to_main_chain(bl, id, bvc); } +//------------------------------------------------------------------ +void blockchain_storage::check_against_checkpoints(checkpoints& points, bool enforce) +{ + const auto& pts = points.get_points(); + + for (const auto& pt : pts) + { + // if the checkpoint is for a block we don't have yet, move on + if (pt.first >= m_blocks.size()) + { + continue; + } + + if (!m_checkpoints.check_block(pt.first, get_block_hash(m_blocks[pt.first].bl))) + { + // if asked to enforce checkpoints, roll back to a couple of blocks before the checkpoint + if (enforce) + { + LOG_ERROR("Checkpoint failed when adding new checkpoints, rolling back!"); + std::list<block> empty; + rollback_blockchain_switching(empty, pt.first - 2); + } + else + { + LOG_ERROR("Checkpoint failed when adding new checkpoints, this could be very bad."); + } + } + } +} +//------------------------------------------------------------------ +// returns false if any of the checkpoints loading returns false. +// That should happen only if a checkpoint is added that conflicts +// with an existing checkpoint. +bool blockchain_storage::update_checkpoints(const std::string& file_path, bool check_dns) +{ + if (!cryptonote::load_checkpoints_from_json(m_checkpoints, file_path)) + { + return false; + } + + // if we're checking both dns and json, load checkpoints from dns. + // if we're not hard-enforcing dns checkpoints, handle accordingly + if (m_enforce_dns_checkpoints && check_dns) + { + if (!cryptonote::load_checkpoints_from_dns(m_checkpoints)) + { + return false; + } + } + else if (check_dns) + { + checkpoints dns_points; + cryptonote::load_checkpoints_from_dns(dns_points); + if (m_checkpoints.check_for_conflicts(dns_points)) + { + check_against_checkpoints(dns_points, false); + } + else + { + LOG_PRINT_L0("One or more checkpoints fetched from DNS conflicted with existing checkpoints!"); + } + } + + check_against_checkpoints(m_checkpoints, true); + + return true; +} +//------------------------------------------------------------------ +void blockchain_storage::set_enforce_dns_checkpoints(bool enforce_checkpoints) +{ + m_enforce_dns_checkpoints = enforce_checkpoints; +} diff --git a/src/cryptonote_core/blockchain_storage.h b/src/cryptonote_core/blockchain_storage.h index 0f7295516..08c007a4a 100644 --- a/src/cryptonote_core/blockchain_storage.h +++ b/src/cryptonote_core/blockchain_storage.h @@ -78,7 +78,7 @@ namespace cryptonote uint64_t already_generated_coins; }; - blockchain_storage(tx_memory_pool& tx_pool):m_tx_pool(tx_pool), m_current_block_cumul_sz_limit(0), m_is_in_checkpoint_zone(false), m_is_blockchain_storing(false) + blockchain_storage(tx_memory_pool& tx_pool):m_tx_pool(tx_pool), m_current_block_cumul_sz_limit(0), m_is_in_checkpoint_zone(false), m_is_blockchain_storing(false), m_enforce_dns_checkpoints(false) {}; bool init() { return init(tools::get_default_data_dir(), true); } @@ -180,6 +180,9 @@ namespace cryptonote void print_blockchain(uint64_t start_index, uint64_t end_index); void print_blockchain_index(); void print_blockchain_outs(const std::string& file); + void check_against_checkpoints(checkpoints& points, bool enforce); + bool update_checkpoints(const std::string& file_path, bool check_dns); + void set_enforce_dns_checkpoints(bool enforce_checkpoints); private: typedef std::unordered_map<crypto::hash, size_t> blocks_by_id_index; @@ -214,6 +217,8 @@ namespace cryptonote std::atomic<bool> m_is_in_checkpoint_zone; std::atomic<bool> m_is_blockchain_storing; + bool m_enforce_dns_checkpoints; + bool switch_to_alternative_blockchain(std::list<blocks_ext_by_hash::iterator>& alt_chain, bool discard_disconnected_chain); bool pop_block_from_blockchain(); bool purge_block_data_from_blockchain(const block& b, size_t processed_tx_count); diff --git a/src/cryptonote_core/checkpoints.cpp b/src/cryptonote_core/checkpoints.cpp index c76a23841..25759792b 100644 --- a/src/cryptonote_core/checkpoints.cpp +++ b/src/cryptonote_core/checkpoints.cpp @@ -44,8 +44,13 @@ namespace cryptonote { crypto::hash h = null_hash; bool r = epee::string_tools::parse_tpod_from_hex_string(hash_str, h); - CHECK_AND_ASSERT_MES(r, false, "WRONG HASH IN CHECKPOINTS!!!"); - CHECK_AND_ASSERT_MES(0 == m_points.count(height), false, "WRONG HASH IN CHECKPOINTS!!!"); + CHECK_AND_ASSERT_MES(r, false, "Failed to parse checkpoint hash string into binary representation!"); + + // return false if adding at a height we already have AND the hash is different + if (m_points.count(height)) + { + CHECK_AND_ASSERT_MES(h == m_points[height], false, "Checkpoint at given height already exists, and hash for new checkpoint was different!"); + } m_points[height] = h; return true; } @@ -93,6 +98,7 @@ namespace cryptonote uint64_t checkpoint_height = it->first; return checkpoint_height < block_height; } + //--------------------------------------------------------------------------- uint64_t checkpoints::get_max_height() { std::map< uint64_t, crypto::hash >::const_iterator highest = @@ -101,5 +107,21 @@ namespace cryptonote boost::bind(&std::map< uint64_t, crypto::hash >::value_type::first, _2 ) ) ); return highest->first; } + //--------------------------------------------------------------------------- + const std::map<uint64_t, crypto::hash>& checkpoints::get_points() + { + return m_points; + } + bool checkpoints::check_for_conflicts(checkpoints& other) + { + for (auto& pt : other.get_points()) + { + if (m_points.count(pt.first)) + { + CHECK_AND_ASSERT_MES(pt.second == m_points[pt.first], false, "Checkpoint at given height already exists, and hash for new checkpoint was different!"); + } + } + return true; + } } diff --git a/src/cryptonote_core/checkpoints.h b/src/cryptonote_core/checkpoints.h index 3dee48682..132917228 100644 --- a/src/cryptonote_core/checkpoints.h +++ b/src/cryptonote_core/checkpoints.h @@ -30,6 +30,7 @@ #pragma once #include <map> +#include <vector> #include "cryptonote_basic_impl.h" @@ -45,7 +46,8 @@ namespace cryptonote bool check_block(uint64_t height, const crypto::hash& h, bool& is_a_checkpoint) const; bool is_alternative_block_allowed(uint64_t blockchain_height, uint64_t block_height) const; uint64_t get_max_height(); - + const std::map<uint64_t, crypto::hash>& get_points(); + bool check_for_conflicts(checkpoints& other); private: std::map<uint64_t, crypto::hash> m_points; }; diff --git a/src/cryptonote_core/checkpoints_create.cpp b/src/cryptonote_core/checkpoints_create.cpp new file mode 100644 index 000000000..808bc46a7 --- /dev/null +++ b/src/cryptonote_core/checkpoints_create.cpp @@ -0,0 +1,193 @@ +// Copyright (c) 2014, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers + +#include "checkpoints_create.h" +#include "common/dns_utils.h" +#include "include_base_utils.h" +#include <sstream> +#include <random> +#include "storages/portable_storage_template_helper.h" // epee json include + +namespace cryptonote +{ + +struct t_hashline +{ + uint64_t height; + std::string hash; + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(height) + KV_SERIALIZE(hash) + END_KV_SERIALIZE_MAP() +}; + +struct t_hash_json { + std::vector<t_hashline> hashlines; + BEGIN_KV_SERIALIZE_MAP() + KV_SERIALIZE(hashlines) + END_KV_SERIALIZE_MAP() +}; + +bool create_checkpoints(cryptonote::checkpoints& checkpoints) +{ + ADD_CHECKPOINT(1, "771fbcd656ec1464d3a02ead5e18644030007a0fc664c0a964d30922821a8148"); + ADD_CHECKPOINT(10, "c0e3b387e47042f72d8ccdca88071ff96bff1ac7cde09ae113dbb7ad3fe92381"); + ADD_CHECKPOINT(100, "ac3e11ca545e57c49fca2b4e8c48c03c23be047c43e471e1394528b1f9f80b2d"); + ADD_CHECKPOINT(1000, "5acfc45acffd2b2e7345caf42fa02308c5793f15ec33946e969e829f40b03876"); + ADD_CHECKPOINT(10000, "c758b7c81f928be3295d45e230646de8b852ec96a821eac3fea4daf3fcac0ca2"); + ADD_CHECKPOINT(22231, "7cb10e29d67e1c069e6e11b17d30b809724255fee2f6868dc14cfc6ed44dfb25"); + ADD_CHECKPOINT(29556, "53c484a8ed91e4da621bb2fa88106dbde426fe90d7ef07b9c1e5127fb6f3a7f6"); + ADD_CHECKPOINT(50000, "0fe8758ab06a8b9cb35b7328fd4f757af530a5d37759f9d3e421023231f7b31c"); + ADD_CHECKPOINT(80000, "a62dcd7b536f22e003ebae8726e9e7276f63d594e264b6f0cd7aab27b66e75e3"); + ADD_CHECKPOINT(202612, "bbd604d2ba11ba27935e006ed39c9bfdd99b76bf4a50654bc1e1e61217962698"); + ADD_CHECKPOINT(202613, "e2aa337e78df1f98f462b3b1e560c6b914dec47b610698b7b7d1e3e86b6197c2"); + ADD_CHECKPOINT(202614, "c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb"); + ADD_CHECKPOINT(205000, "5d3d7a26e6dc7535e34f03def711daa8c263785f73ec1fadef8a45880fde8063"); + ADD_CHECKPOINT(220000, "9613f455933c00e3e33ac315cc6b455ee8aa0c567163836858c2d9caff111553"); + ADD_CHECKPOINT(230300, "bae7a80c46859db355556e3a9204a337ae8f24309926a1312323fdecf1920e61"); + ADD_CHECKPOINT(230700, "93e631240ceac831da1aebfc5dac8f722c430463024763ebafa888796ceaeedf"); + ADD_CHECKPOINT(231350, "b5add137199b820e1ea26640e5c3e121fd85faa86a1e39cf7e6cc097bdeb1131"); + ADD_CHECKPOINT(232150, "955de8e6b6508af2c24f7334f97beeea651d78e9ade3ab18fec3763be3201aa8"); + + return true; +} + +bool load_checkpoints_from_json(cryptonote::checkpoints& checkpoints, std::string json_hashfile_fullpath) +{ + boost::system::error_code errcode; + if (! (boost::filesystem::exists(json_hashfile_fullpath, errcode))) + { + LOG_PRINT_L0("Blockchain checkpoints file not found"); + return true; + } + + LOG_PRINT_L0("Adding checkpoints from blockchain hashfile"); + + uint64_t prev_max_height = checkpoints.get_max_height(); + LOG_PRINT_L0("Hard-coded max checkpoint height is " << prev_max_height); + t_hash_json hashes; + epee::serialization::load_t_from_json_file(hashes, json_hashfile_fullpath); + for (std::vector<t_hashline>::const_iterator it = hashes.hashlines.begin(); it != hashes.hashlines.end(); ) + { + uint64_t height; + height = it->height; + if (height <= prev_max_height) { + LOG_PRINT_L0("ignoring checkpoint height " << height); + } else { + std::string blockhash = it->hash; + LOG_PRINT_L0("Adding checkpoint height " << height << ", hash=" << blockhash); + ADD_CHECKPOINT(height, blockhash); + } + ++it; + } + + return true; +} + +bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints) +{ + static const std::vector<std::string> dns_urls = { "checkpoints.moneropulse.se" + , "checkpoints.moneropulse.org" + , "checkpoints.moneropulse.net" + , "checkpoints.moneropulse.co" + }; + bool avail, valid; + std::vector<std::string> records; + + std::random_device rd; + std::mt19937 gen(rd()); + std::uniform_int_distribution<int> dis(0, dns_urls.size() - 1); + int first_index = dis(gen); + + int cur_index = first_index; + do + { + records = tools::DNSResolver::instance().get_txt_record(dns_urls[cur_index], avail, valid); + if (records.size() == 0 || (avail && !valid)) + { + cur_index++; + if (cur_index == dns_urls.size()) + { + cur_index = 0; + } + continue; + } + break; + } while (cur_index != first_index); + + if (records.size() == 0) + { + LOG_PRINT_L1("Fetching checkpoints from DNS TXT records failed, no TXT records available."); + return true; + } + + if (avail && !valid) + { + LOG_PRINT_L0("DNSSEC present and failed validation for query last url, and all other urls either failed validation or returned no records"); + return true; + } + + for (auto& record : records) + { + auto pos = record.find(":"); + if (pos != std::string::npos) + { + uint64_t height; + crypto::hash hash; + + // parse the first part as uint64_t, + // if this fails move on to the next record + std::stringstream ss(record.substr(0, pos)); + if (!(ss >> height)) + { + continue; + } + + // parse the second part as crypto::hash, + // if this fails move on to the next record + std::string hashStr = record.substr(pos + 1); + if (!epee::string_tools::parse_tpod_from_hex_string(hashStr, hash)) + { + continue; + } + + ADD_CHECKPOINT(height, hashStr); + } + } + return true; +} + +bool load_new_checkpoints(cryptonote::checkpoints& checkpoints, std::string json_hashfile_fullpath) +{ + // TODO: replace hard-coded url with const string or #define + return (load_checkpoints_from_json(checkpoints, json_hashfile_fullpath) && load_checkpoints_from_dns(checkpoints)); +} + +} // namespace cryptonote diff --git a/src/cryptonote_core/checkpoints_create.h b/src/cryptonote_core/checkpoints_create.h index 7512ddd95..92a970e9f 100644 --- a/src/cryptonote_core/checkpoints_create.h +++ b/src/cryptonote_core/checkpoints_create.h @@ -36,77 +36,13 @@ #define ADD_CHECKPOINT(h, hash) CHECK_AND_ASSERT(checkpoints.add_checkpoint(h, hash), false); #define JSON_HASH_FILE_NAME "checkpoints.json" -struct t_hashline +namespace cryptonote { - uint64_t height; - std::string hash; - BEGIN_KV_SERIALIZE_MAP() - KV_SERIALIZE(height) - KV_SERIALIZE(hash) - END_KV_SERIALIZE_MAP() -}; -struct t_hash_json { - std::vector<t_hashline> hashlines; - BEGIN_KV_SERIALIZE_MAP() - KV_SERIALIZE(hashlines) - END_KV_SERIALIZE_MAP() -}; + bool create_checkpoints(cryptonote::checkpoints& checkpoints); -namespace cryptonote { - inline bool create_checkpoints(cryptonote::checkpoints& checkpoints) - { - ADD_CHECKPOINT(1, "771fbcd656ec1464d3a02ead5e18644030007a0fc664c0a964d30922821a8148"); - ADD_CHECKPOINT(10, "c0e3b387e47042f72d8ccdca88071ff96bff1ac7cde09ae113dbb7ad3fe92381"); - ADD_CHECKPOINT(100, "ac3e11ca545e57c49fca2b4e8c48c03c23be047c43e471e1394528b1f9f80b2d"); - ADD_CHECKPOINT(1000, "5acfc45acffd2b2e7345caf42fa02308c5793f15ec33946e969e829f40b03876"); - ADD_CHECKPOINT(10000, "c758b7c81f928be3295d45e230646de8b852ec96a821eac3fea4daf3fcac0ca2"); - ADD_CHECKPOINT(22231, "7cb10e29d67e1c069e6e11b17d30b809724255fee2f6868dc14cfc6ed44dfb25"); - ADD_CHECKPOINT(29556, "53c484a8ed91e4da621bb2fa88106dbde426fe90d7ef07b9c1e5127fb6f3a7f6"); - ADD_CHECKPOINT(50000, "0fe8758ab06a8b9cb35b7328fd4f757af530a5d37759f9d3e421023231f7b31c"); - ADD_CHECKPOINT(80000, "a62dcd7b536f22e003ebae8726e9e7276f63d594e264b6f0cd7aab27b66e75e3"); - ADD_CHECKPOINT(202612, "bbd604d2ba11ba27935e006ed39c9bfdd99b76bf4a50654bc1e1e61217962698"); - ADD_CHECKPOINT(202613, "e2aa337e78df1f98f462b3b1e560c6b914dec47b610698b7b7d1e3e86b6197c2"); - ADD_CHECKPOINT(202614, "c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb"); - ADD_CHECKPOINT(205000, "5d3d7a26e6dc7535e34f03def711daa8c263785f73ec1fadef8a45880fde8063"); - ADD_CHECKPOINT(220000, "9613f455933c00e3e33ac315cc6b455ee8aa0c567163836858c2d9caff111553"); - ADD_CHECKPOINT(230300, "bae7a80c46859db355556e3a9204a337ae8f24309926a1312323fdecf1920e61"); - ADD_CHECKPOINT(230700, "93e631240ceac831da1aebfc5dac8f722c430463024763ebafa888796ceaeedf"); - ADD_CHECKPOINT(231350, "b5add137199b820e1ea26640e5c3e121fd85faa86a1e39cf7e6cc097bdeb1131"); - ADD_CHECKPOINT(232150, "955de8e6b6508af2c24f7334f97beeea651d78e9ade3ab18fec3763be3201aa8"); + bool load_checkpoints_from_json(cryptonote::checkpoints& checkpoints, std::string json_hashfile_fullpath); + bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints); + bool load_new_checkpoints(cryptonote::checkpoints& checkpoints, std::string json_hashfile_fullpath); - return true; - } - - inline bool load_checkpoins_from_json(cryptonote::checkpoints& checkpoints, std::string json_hashfile_fullpath) - { - boost::system::error_code errcode; - if (! (boost::filesystem::exists(json_hashfile_fullpath, errcode))) - { - LOG_PRINT_L0("Blockchain checkpoints file not found"); - return true; - } - - LOG_PRINT_L0("Adding checkpoints from blockchain hashfile"); - - uint64_t prev_max_height = checkpoints.get_max_height(); - LOG_PRINT_L0("Hard-coded max checkpoint height is " << prev_max_height); - t_hash_json hashes; - epee::serialization::load_t_from_json_file(hashes, json_hashfile_fullpath); - for (std::vector<t_hashline>::const_iterator it = hashes.hashlines.begin(); it != hashes.hashlines.end(); ) - { - uint64_t height; - height = it->height; - if (height <= prev_max_height) { - LOG_PRINT_L0("ignoring checkpoint height " << height); - } else { - std::string blockhash = it->hash; - LOG_PRINT_L0("Adding checkpoint height " << height << ", hash=" << blockhash); - ADD_CHECKPOINT(height, blockhash); - } - ++it; - } - - return true; - } -} +} // namespace cryptonote diff --git a/src/cryptonote_core/cryptonote_core.cpp b/src/cryptonote_core/cryptonote_core.cpp index 964d61e2f..d9d8a7faf 100644 --- a/src/cryptonote_core/cryptonote_core.cpp +++ b/src/cryptonote_core/cryptonote_core.cpp @@ -41,6 +41,7 @@ using namespace epee; #include "cryptonote_config.h" #include "cryptonote_format_utils.h" #include "misc_language.h" +#include <csignal> DISABLE_VS_WARNINGS(4355) @@ -54,7 +55,10 @@ namespace cryptonote m_miner(this), m_miner_address(boost::value_initialized<account_public_address>()), m_starter_message_showed(false), - m_target_blockchain_height(0) + m_target_blockchain_height(0), + m_checkpoints_path(""), + m_last_dns_checkpoints_update(0), + m_last_json_checkpoints_update(0) { set_cryptonote_protocol(pprotocol); } @@ -71,6 +75,39 @@ namespace cryptonote m_blockchain_storage.set_checkpoints(std::move(chk_pts)); } //----------------------------------------------------------------------------------- + void core::set_checkpoints_file_path(const std::string& path) + { + m_checkpoints_path = path; + } + //----------------------------------------------------------------------------------- + void core::set_enforce_dns_checkpoints(bool enforce_dns) + { + m_blockchain_storage.set_enforce_dns_checkpoints(enforce_dns); + } + //----------------------------------------------------------------------------------------------- + bool core::update_checkpoints() + { + bool res = true; + if (time(NULL) - m_last_dns_checkpoints_update >= 3600) + { + res = m_blockchain_storage.update_checkpoints(m_checkpoints_path, true); + m_last_dns_checkpoints_update = time(NULL); + m_last_json_checkpoints_update = time(NULL); + } + else if (time(NULL) - m_last_json_checkpoints_update >= 600) + { + res = m_blockchain_storage.update_checkpoints(m_checkpoints_path, false); + m_last_json_checkpoints_update = time(NULL); + } + + // if anything fishy happened getting new checkpoints, bring down the house + if (!res) + { + graceful_exit(); + } + return res; + } + //----------------------------------------------------------------------------------- void core::init_options(boost::program_options::options_description& /*desc*/) { } @@ -127,6 +164,10 @@ namespace cryptonote r = m_blockchain_storage.init(m_config_folder, testnet); CHECK_AND_ASSERT_MES(r, false, "Failed to initialize blockchain storage"); + // load json & DNS checkpoints, and verify them + // with respect to what blocks we already have + CHECK_AND_ASSERT_MES(update_checkpoints(), false, "One or more checkpoints loaded from json or dns conflicted with existing checkpoints."); + r = m_miner.init(vm, testnet); CHECK_AND_ASSERT_MES(r, false, "Failed to initialize blockchain storage"); @@ -418,6 +459,10 @@ namespace cryptonote //----------------------------------------------------------------------------------------------- bool core::handle_incoming_block(const blobdata& block_blob, block_verification_context& bvc, bool update_miner_blocktemplate) { + // load json & DNS checkpoints every 10min/hour respectively, + // and verify them with respect to what blocks we already have + CHECK_AND_ASSERT_MES(update_checkpoints(), false, "One or more checkpoints loaded from json or dns conflicted with existing checkpoints."); + bvc = boost::value_initialized<block_verification_context>(); if(block_blob.size() > get_max_block_size()) { @@ -545,4 +590,9 @@ namespace cryptonote uint64_t core::get_target_blockchain_height() const { return m_target_blockchain_height; } + //----------------------------------------------------------------------------------------------- + void core::graceful_exit() + { + raise(SIGTERM); + } } diff --git a/src/cryptonote_core/cryptonote_core.h b/src/cryptonote_core/cryptonote_core.h index ba2aed015..10522451c 100644 --- a/src/cryptonote_core/cryptonote_core.h +++ b/src/cryptonote_core/cryptonote_core.h @@ -30,6 +30,8 @@ #pragma once +#include <ctime> + #include <boost/program_options/options_description.hpp> #include <boost/program_options/variables_map.hpp> @@ -92,6 +94,8 @@ namespace cryptonote void set_cryptonote_protocol(i_cryptonote_protocol* pprotocol); void set_checkpoints(checkpoints&& chk_pts); + void set_checkpoints_file_path(const std::string& path); + void set_enforce_dns_checkpoints(bool enforce_dns); bool get_pool_transactions(std::list<transaction>& txs); size_t get_pool_transactions_count(); @@ -119,6 +123,8 @@ namespace cryptonote void set_target_blockchain_height(uint64_t target_blockchain_height); uint64_t get_target_blockchain_height() const; + bool update_checkpoints(); + private: bool add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block); bool add_new_tx(const transaction& tx, tx_verification_context& tvc, bool keeped_by_block); @@ -139,6 +145,7 @@ namespace cryptonote bool handle_command_line(const boost::program_options::variables_map& vm, bool testnet); bool on_update_blocktemplate_interval(); bool check_tx_inputs_keyimages_diff(const transaction& tx); + void graceful_exit(); tx_memory_pool m_mempool; @@ -155,6 +162,10 @@ namespace cryptonote std::atomic<bool> m_starter_message_showed; uint64_t m_target_blockchain_height; + + std::string m_checkpoints_path; + time_t m_last_dns_checkpoints_update; + time_t m_last_json_checkpoints_update; }; } diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp index 5c209482e..da09acfd4 100644 --- a/src/daemon/daemon.cpp +++ b/src/daemon/daemon.cpp @@ -69,6 +69,7 @@ namespace , "Run on testnet. The wallet must be launched with --testnet flag." , false }; + const command_line::arg_descriptor<bool> arg_dns_checkpoints = {"enforce-dns-checkpointing", "checkpoints from DNS server will be enforced", false}; } bool command_line_preprocessor(const boost::program_options::variables_map& vm) @@ -135,6 +136,7 @@ int main(int argc, char* argv[]) command_line::add_arg(desc_cmd_sett, arg_log_level); command_line::add_arg(desc_cmd_sett, arg_console); command_line::add_arg(desc_cmd_sett, arg_testnet_on); + command_line::add_arg(desc_cmd_sett, arg_dns_checkpoints); cryptonote::core::init_options(desc_cmd_sett); cryptonote::core_rpc_server::init_options(desc_cmd_sett); @@ -206,16 +208,19 @@ int main(int argc, char* argv[]) CHECK_AND_ASSERT_MES(res, 1, "Failed to initialize checkpoints"); boost::filesystem::path json(JSON_HASH_FILE_NAME); boost::filesystem::path checkpoint_json_hashfile_fullpath = data_dir / json; - res = cryptonote::load_checkpoins_from_json(checkpoints, checkpoint_json_hashfile_fullpath.string().c_str()); - CHECK_AND_ASSERT_MES(res, 1, "Failed to load initial checkpoints"); //create objects and link them cryptonote::core ccore(NULL); + // tell core if we're enforcing dns checkpoints + bool enforce_dns = command_line::get_arg(vm, arg_dns_checkpoints); + ccore.set_enforce_dns_checkpoints(enforce_dns); + if (testnet_mode) { LOG_PRINT_L0("Starting in testnet mode!"); } else { ccore.set_checkpoints(std::move(checkpoints)); + ccore.set_checkpoints_file_path(checkpoint_json_hashfile_fullpath.string()); } cryptonote::t_cryptonote_protocol_handler<cryptonote::core> cprotocol(ccore, NULL); diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl index 08fd1d1e6..2953bdb7a 100644 --- a/src/p2p/net_node.inl +++ b/src/p2p/net_node.inl @@ -252,7 +252,9 @@ namespace nodetool // for some time yet. for (const std::string& addr_str : m_seed_nodes_list) { - std::vector<std::string> addr_list = tools::DNSResolver::instance().get_ipv4(addr_str); + // TODO: care about dnssec avail/valid + bool avail, valid; + std::vector<std::string> addr_list = tools::DNSResolver::instance().get_ipv4(addr_str, avail, valid); for (const std::string& a : addr_list) { append_net_address(m_seed_nodes, a + ":18080"); diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 3161f3b16..6fb672798 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -833,12 +833,17 @@ std::vector<std::vector<cryptonote::tx_destination_entry>> split_amounts( */ std::vector<std::string> wallet2::addresses_from_url(const std::string& url, bool& dnssec_valid) { - // TODO: update this correctly once DNSResolver::get_txt_record() supports it. - dnssec_valid = false; - std::vector<std::string> addresses; // get txt records - auto records = tools::DNSResolver::instance().get_txt_record(url); + bool dnssec_available, dnssec_isvalid; + auto records = tools::DNSResolver::instance().get_txt_record(url, dnssec_available, dnssec_isvalid); + + // TODO: update this to allow for conveying that dnssec was not available + if (dnssec_available && dnssec_isvalid) + { + dnssec_valid = true; + } + else dnssec_valid = false; // for each txt record, try to find a monero address in it. for (auto& rec : records) diff --git a/tests/unit_tests/dns_resolver.cpp b/tests/unit_tests/dns_resolver.cpp index 27e981ef1..d4b0efe43 100644 --- a/tests/unit_tests/dns_resolver.cpp +++ b/tests/unit_tests/dns_resolver.cpp @@ -37,13 +37,15 @@ TEST(DNSResolver, IPv4Success) { tools::DNSResolver resolver; - auto ips = resolver.get_ipv4("example.com"); + bool avail, valid; + + auto ips = resolver.get_ipv4("example.com", avail, valid); ASSERT_EQ(1, ips.size()); ASSERT_STREQ("93.184.216.119", ips[0].c_str()); - ips = tools::DNSResolver::instance().get_ipv4("example.com"); + ips = tools::DNSResolver::instance().get_ipv4("example.com", avail, valid); ASSERT_EQ(1, ips.size()); @@ -55,11 +57,13 @@ TEST(DNSResolver, IPv4Failure) // guaranteed by IANA/ICANN/RFC to be invalid tools::DNSResolver resolver; - auto ips = resolver.get_ipv4("example.invalid"); + bool avail, valid; + + auto ips = resolver.get_ipv4("example.invalid", avail, valid); ASSERT_EQ(0, ips.size()); - ips = tools::DNSResolver::instance().get_ipv4("example.invalid"); + ips = tools::DNSResolver::instance().get_ipv4("example.invalid", avail, valid); ASSERT_EQ(0, ips.size()); } @@ -68,13 +72,15 @@ TEST(DNSResolver, IPv6Success) { tools::DNSResolver resolver; - auto ips = resolver.get_ipv6("example.com"); + bool avail, valid; + + auto ips = resolver.get_ipv6("example.com", avail, valid); ASSERT_EQ(1, ips.size()); ASSERT_STREQ("2606:2800:220:6d:26bf:1447:1097:aa7", ips[0].c_str()); - ips = tools::DNSResolver::instance().get_ipv6("example.com"); + ips = tools::DNSResolver::instance().get_ipv6("example.com", avail, valid); ASSERT_EQ(1, ips.size()); @@ -86,19 +92,22 @@ TEST(DNSResolver, IPv6Failure) // guaranteed by IANA/ICANN/RFC to be invalid tools::DNSResolver resolver; - auto ips = resolver.get_ipv6("example.invalid"); + bool avail, valid; + + auto ips = resolver.get_ipv6("example.invalid", avail, valid); ASSERT_EQ(0, ips.size()); - ips = tools::DNSResolver::instance().get_ipv6("example.invalid"); + ips = tools::DNSResolver::instance().get_ipv6("example.invalid", avail, valid); ASSERT_EQ(0, ips.size()); } TEST(DNSResolver, GetTXTRecord) { + bool avail, valid; - std::vector<std::string> records = tools::DNSResolver::instance().get_txt_record("donate.monero.cc"); + std::vector<std::string> records = tools::DNSResolver::instance().get_txt_record("donate.monero.cc", avail, valid); EXPECT_NE(0, records.size()); |