| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1dc3b1a wallet: add --extra-entropy command line flag (moneromooo-monero)
|
|
New CLI wallet variable: export-format with options "binary" (the default),
or "ascii". "Binary" behaves as before, "ascii" forces the wallet to convert
data to ASCII using base64.
Reading files from the disk tries to auto detect what format has been
used (using a magic string added when exporting the data).
Implements https://github.com/monero-project/monero/issues/2859
|
|
It lets the user add custom entropy to the PRNG.
It does this by hashing the new data and xoring the resulting
hash with the PRNG state.
|
|
8be5fea simplewallet: optional all flag to export_outputs/export_key_images (moneromooo-monero)
|
|
7b9a420 Replace std::random_shuffle with std::shuffle (tomsmeding)
|
|
b2bfcab wallet2: fix change subaddress mixup when sending pre rct outputs (moneromooo-monero)
|
|
64fb0f8 device: tx_key caching fixed, store recovered txkey (ph4r05)
|
|
According to [1], std::random_shuffle is deprecated in C++14 and removed
in C++17. Since std::shuffle is available since C++11 as a replacement
and monero already requires C++11, this is a good replacement.
A cryptographically secure random number generator is used in all cases
to prevent people from perhaps copying an insecure std::shuffle call
over to a place where a secure one would be warranted. A form of
defense-in-depth.
[1]: https://en.cppreference.com/w/cpp/algorithm/random_shuffle
|
|
df83ed7 consensus: from v12, enforce >= 2 outputs (moneromooo-monero)
|
|
dd58057 Remember RPC version on initial connect (hyc)
|
|
f074b6b device: show address on device display (ph4r05)
|
|
e4d100b wallet2: don't wait a day before using new version fees (moneromooo-monero)
|
|
bc94ba4 wallet: distinguish between empty and absent attributes (moneromooo-monero)
|
|
25a7cfd add a few checks where it seems appropriate (moneromooo-monero)
1a66a86 remove unused code (moneromooo-monero)
|
|
|
|
|
|
- Trezor: support for device address display (subaddress, integrated address)
- Wallet::API support added
- Simplewallet:
- address device [<index>]
- address new <label> // shows address on device also
- integrated_address [device] <payment_id|address> // new optional "device" arg to display also on the device
|
|
|
|
Don't keep asking for it on an intact connection
Wallet is too chatty over the wire
|
|
9bfa4c20 Fix allow any cert mode in wallet rpc when configured over rpc (Lee Clagett)
3544596f Add ssl_options support to monerod's rpc mode. (Lee Clagett)
c9aaccf3 Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. (Lee Clagett)
|
|
|
|
also add a note when receiving the tx, because the user
might not notice the "XXX blocks to unlock" in the balance.
|
|
Fixed by crCr62U0
|
|
1c44e658 wallet2: reject standalone short payment IDs in monero: URI API (moneromooo-monero)
|
|
b4ca72dd wallet2: fix infinite loop picking outputs in corner case (moneromooo-monero)
|
|
30 blocks should be more than enough to drain the txpool of
transactions made with the old fee scheme
|
|
|
|
5e0da6fb change SSL certificate fingerprint whitelisting from SHA1 to SHA-256 (moneromooo-monero)
|
|
64983fce wallet2: default to trying to keep 5 outputs of 2+ monero (moneromooo-monero)
|
|
|
|
|
|
If we have fewer outputs available on the chain than what we
require, but the output we're spending already has a ring,
it would loop picking outputs randomly, but never find enough.
Also tune logs for better debugging this kind of thing.
|
|
SHA1 is too close to bruteforceable
|
|
4be18df3 tx_sanity_check: relax uniqueness check a bit (moneromooo-monero)
b386ae57 wallet2: add missing "sanity check failed" reason message (moneromooo-monero)
|
|
c519d1df wallet2: fix wrong change being recorded in sweep_all (moneromooo-monero)
|
|
In the case where previously a second unneeded output would be
added to a transaction. This should help *some* of the cases
where outputs are slowly being consolidated, leading to the
whole balance being locked when sending monero.
|
|
|
|
|
|
leading to the sanity check triggering
|
|
|
|
|
|
Based on python code by sarang:
https://github.com/SarangNoether/skunkworks/blob/outputs/outputs/simulate.py
|
|
b18f0b10 wallet: new --offline option (moneromooo-monero)
|
|
ccb996af rpc: new sanity check on relayed transactions (moneromooo-monero)
|
|
2c221d1b wallet2: update estimate_rct_tx_size for smaller rct proofs (moneromooo-monero)
|
|
374f388d wallet_rpc_server: add a all flag to export_outputs (moneromooo-monero)
|
|
It will avoid connecting to a daemon (so useful for cold signing
using a RPC wallet), and not perform DNS queries.
|
|
b40392fb wallet2: add --no-dns flag (moneromooo-monero)
|
|
15f27c80 wallet2: support multi out txes without change in sanity check (moneromooo-monero)
|
|
a2195b9b crypto: replace rand<T>()%N idiom with unbiased rand_idx(N) (stoffu)
|
|
c68fe787 device/trezor: add button pressed request (Dusan Klinec)
827f52ad wallet: API changes to enable passphrase entry (Dusan Klinec)
|
|
This will weed out some transactions with silly rings
|
|
|
|
0be5b2ee simplewallet: new unset_ring command (moneromooo-monero)
|
|
c12b43cb wallet: add number of blocks required for the balance to fully unlock (moneromooo-monero)
3f1e9e84 wallet2: set confirmations to 0 for pool txes in proofs (moneromooo-monero)
36c037ec wallet_rpc_server: error out on getting the spend key from a hot wallet (moneromooo-monero)
cd1eaff2 wallet_rpc_server: always fill out subaddr_indices in get_transfers (moneromooo-monero)
|
|
a2561653 wallet: new option to start background mining (moneromooo-monero)
|
|
displays total sent and received bytes
|
|
if we don't want to export new outputs only
|
|
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
|
|
|
|
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
|
|
|
|
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
|
|
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.
This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
|
|
050bb337 wallet2: factor the watchonly/multisig/etc fields on creation (moneromooo-monero)
|
|
d45b85e1 wallet2: skip derivation precalc for blocks we know we'll skip (moneromooo-monero)
|
|
c84ea299 cryptonote_basic: some more minor speedups (moneromooo-monero)
e40eb2ad cryptonote_basic: speedup calculate_block_hash (moneromooo-monero)
547a9708 cryptonote: block parsing + hash calculation speedup (moneromooo-monero)
11604b6d blockchain: avoid unneeded block copy (moneromooo-monero)
8461df04 save some database calls when getting top block hash and height (moneromooo-monero)
3bbc3661 Avoid repeated (de)serialization when syncing (moneromooo-monero)
|
|
cafa15b9 wallet2: set confirmations to 0 for pool txes in proofs (moneromooo-monero)
|
|
The setup-background-mining option can be used to select
background mining when a wallet loads. The user will be asked
the first time the wallet is created.
|
|
|
|
|
|
|
|
Useful when debugging, though not much for users
|
|
|
|
It makes more sense than (uint64_t)-1, which is going to look
like very much confirmed when not checking in_pool
|
|
f825055d wallet_rpc_server: error out on getting the spend key from a hot wallet (moneromooo-monero)
67aa4adc wallet_rpc_server: add a set_daemon RPC (moneromooo-monero)
705acbac wallet2: init some variables to default values if loading old wallets (moneromooo-monero)
f82bc29e wallet_rpc_server: always fill out subaddr_indices in get_transfers (moneromooo-monero)
01efdc6a wallet_rpc_server: set confirmations to 0 for pending/pool txes (moneromooo-monero)
|
|
|
|
|
|
18faa6da wallet: add freeze/thaw/frozen commands (moneromooo-monero)
|
|
7c440915 Add get_tx_proof support, needed for new sanity check (cslashm)
98fdcb2a Add support for V11 protocol with BulletProofV2 and short amount. New scheme key destination contrfol Fix dummy decryption in debug mode (cslashm)
3a981a33 Add application version compatibility check. (cslashm)
|
|
f1a3796a wallet2: fix tx sanity check change test for the sweep_all case (moneromooo-monero)
|
|
4500236f wallet2: make use_fork_rules handle chain heights lower than leeway (moneromooo-monero)
|
|
0a6cb30d wallet: flush output cache upon reorg (moneromooo-monero)
|
|
8fd7452b wallet: move light wallet RPC out of core RPC (moneromooo-monero)
|
|
a8b98a0b wallet: fix memory only wallets (moneromooo-monero)
|
|
328d291f wallet2: set seed language when creating from json (moneromooo-monero)
|
|
a52366c1 wallet2: fix generation from json when restore height is not set (moneromooo-monero)
|
|
Enhance debug info
|
|
There's half a dozen calls, and it's easy to miss some when
adding a new field.
|
|
|
|
|
|
This saves a duplicate serialization step
|
|
at least when using restore_deterministic_wallet
|
|
|
|
It makes more sense than (uint64_t)-1, which is going to look
like very much confirmed when not checking in_pool
|
|
adf6d773 wallet: fix offline signing calling a daemon RPC (moneromooo-monero)
|
|
These commands let one freeze outputs by key image, so they
do not appear in balance, nor are considered when creating
a transaction, etc
This is helpful when receiving an output from a suspected spy,
who might try to track your other outputs by seeing with what
other outputs it gets spent.
The frozen command may be used without parameters to list all
currently frozen outputs.
|
|
|
|
We generate and check tx proofs and verify the amounts in those
match what the original amounts were.
|
|
576116d4 wallet: fix load failure if the mms isn't usable (moneromooo-monero)
|
|
3f6f90bb wallet2: do not use invalid keys as fake outs in rings (moneromooo-monero)
|
|
c6a70af8 wallet2: key image import fixes (moneromooo-monero)
|
|
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec)
a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec)
d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
|
|
- import only key images generated by cold signing process
- wallet_api: trezor methods added
- wallet: button request code added
- const added to methods
- wallet2::get_tx_key_device() tries to decrypt stored tx private keys using the device.
- simplewallet supports get_tx_key and get_tx_proof on hw device using the get_tx_key feature
- live refresh enables refresh with trezor i.e. computing key images on the fly. More convenient and efficient for users.
- device: has_ki_live_refresh added
- a thread is watching whether live refresh is being computed, if not for 30 seconds, it terminates the live refresh process - switches Trezor state
|
|
8b514645 add multisig tx sets to describe_transfer rpc endpoint (spoke0)
|
|
f42263eb wallet: adds rescan_bc option with preserving key images (Dusan Klinec)
|
|
b674728d Better error when sending a tx with a too large extra field (moneromooo-monero)
|
|
8630a028 wallet: fix payment ID decryption for construction data (Dusan Klinec)
|
|
1f2930ce Update 2019 copyright (binaryFate)
|
|
|
|
Fixes output usage tracking
|
|
It's not nothing to do with it
|
|
- enables to perform rescan_spent / ki sync with untrusted daemon. Spent check status involves RPC calls which require trusted daemon status as it leaks information. The new call performs soft reset while preserving key images thus a sequence: refresh, ki sync / import, rescan_bc keep_ki will correctly perform spent checking without need for trusted daemon.
- useful to detect spent outputs with untrusted daemon on watch_only / multisig / hw-cold wallets after expensive key image sync.
- cli: rescan_bc keep_ki
|
|
|
|
It was not recovering then, but creating a new random address
|
|
It's better to just ignore them, the user does not really need
to know they're here. If the mask is wrong, they'll fail to be
used, and sweeping will fail as it tries to use it.
Reported by Josh Davis.
|
|
|
|
|
|
- return the right output data when offset is not zero
- do not consider import failed if result height is zero
(it can be 0 if unknown)
- select the right tx pubkey when using subaddresses (it's faster,
and we might select the wrong one if we got an output using one
of the additional tx keys)
- account for skipped outputs for spent/unspent balance info
"spent" is arguably wrong, since it will count spent change
multiple times as it goes through receive/spend cycles.
|
|
|
|
057c279c epee: add SSL support (Martijn Otto)
|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
|
|
|
|
d2c95ab9 Don't decrypt keys in view only wallets in wallet_keys_unlocker (Doyle)
|
|
9d58749b wallet2: fix hashchain going out of sync on refresh error (moneromooo-monero)
|
|
24569454 epee: add SSL support (moneromooo-monero)
|
|
fa2fbc39 wallet2: fix mishandling rct outputs in coinbase tx (moneromooo-monero)
|
|
|
|
Reported by cutcoin
|
|
|
|
|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
23813c71 blockchain: add --reorg-notify (moneromooo-monero)
f6db59b0 notify: handle arbitrary tags (moneromooo-monero)
ff959216 notify: warn if the spec contains one of '"\ (moneromooo-monero)
13852678 common: set MONERO_DEFAULT_LOG_CATEGORY for notify and spawn (moneromooo-monero)
|
|
|
|
2112060d wallet2: fix duplicate tx notifications for pool txes (moneromooo-monero)
|
|
96e35506 wallet2: fix incorrect patch for determining fork rules (moneromooo-monero)
|
|
8258a9e7 wallet: do not check txpool in background mode (moneromooo-monero)
|
|
b6534c40 ringct: remove unused senderPk from ecdhTuple (moneromooo-monero)
7d375981 ringct: the commitment mask is now deterministic (moneromooo-monero)
99d946e6 ringct: encode 8 byte amount, saving 24 bytes per output (moneromooo-monero)
cdc3ccec ringct: save 3 bytes on bulletproof size (moneromooo-monero)
f931e16c add a bulletproof version, new bulletproof type, and rct config (moneromooo-monero)
|
|
Found by knaccc
|
|
This makes it easier to modify the bulletproof format
|
|
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
|
|
|
|
|
|
This allows filling in transfer_details when a cold signed tx
gets seen in a block next
|
|
9092fc4b wallet: do not display daemon controlled text if untrusted (moneromooo-monero)
|
|
d7354c78 wallet_rpc_server: add all field to export_key_images (moneromooo-monero)
|
|
de9dcdd1 wallet2: finalize_multisig now rejects non N-1/N multisig wallets (moneromooo-monero)
|
|
99765b21 Remove unused hash in export_key_images (doy-lee)
|
|
841a6acd wallet2: fix accessing unwound stack on exception (moneromooo-monero)
|
|
808a1f1e wallet2: cut down on the number of useless derivation threads (moneromooo-monero)
|
|
219548f2 Sync hashchain bug fixed (naughtyfox)
|
|
611db08a Wallet: Initialize members without default ctor. (Tadeas Moravec)
|
|
Half of the patch was correct, but half was introducing another bug,
where a wallet asking for a fork that the daemon does not know about
yet would decide to use those rules.
|
|
|
|
This avoids the constant message about needed to run refresh
to enter a password.
Also mention the txpool when asking for the password if the
reason is a pool tx.
|
|
2d7b0236 wallet2: clear all payments on soft rescan_bc (moneromooo-monero)
|
|
It can get heavy for large wallets
|
|
|
|
|
|
To use if you want all key images, not just the ones for
recently imported outputs
|
|
|
|
|
|
|
|
|
|
|
|
Found by Coverity (188336 in Anonimal's Coverity account).
|
|
|
|
d71f89e2 device/trezor: device/trezor: correct device initialization, status check (Dusan Klinec)
65b9bca7 device/trezor: python2 compatibility - bundle dependencies (Dusan Klinec)
9cf636af device/trezor: ask for KI sync on first refresh (Dusan Klinec)
d21dad70 device: enable to use multiple independent device wallets (Dusan Klinec)
318cc784 device/trezor: passphrase entry on host (Dusan Klinec)
|
|
They'll get duplicated otherwise
|
|
When doing a first refresh on HW-token based wallet KI sync is required if money were received. Received money may indicate wallet was already used before the restore I.e., some transaction could have been already sent from the wallet. The spent UTXO would not be detected as spent which could lead to double spending errors on submitting a new transaction.
Thus if the wallet is HW-token based with the cold signing protocol and the first refresh detected received money the user is asked to perform the key image sync.
|
|
- adds a new option `--hw-device-deriv-path` to the simple wallet. Enables to specify wallet derivation path / wallet code (path avoided so it can be misinterpreted as a file path).
- devices can use different derivation mechanisms. Trezor uses standard SLIP-10 mechanism with fixed SLIP-44 prefix for Monero
- Trezor: when empty, the default derivation mechanism is used with 44'/128'/0'. When entered the derivation path is 44'/128'/PATH.
- Trezor: the path is always taken as elements are hardened (1<<31 bit turned on)
|
|
aee7a4e3 wallet_rpc_server: do not use RPC data if the call failed (moneromooo-monero)
1a0733e5 windows_service: fix memory leak (moneromooo-monero)
0dac3c64 unit_tests: do not rethrow a copy of an exception (moneromooo-monero)
5d9915ab cryptonote: fix get_unit for non default settings (moneromooo-monero)
d4f50cb1 remove some unused code (moneromooo-monero)
61163971 a few minor (but easy) performance tweaks (moneromooo-monero)
30023074 tests: slow_memmem now returns size_t (moneromooo-monero)
|
|
b5573fc2 wallet2: resume processing when tx extra is partially broken (stoffu)
|
|
56e616e8 wallet2: add n_vouts to capture list (moneromooo-monero)
|
|
2b3595d0 various: do not propagate exception through dtor (moneromooo-monero)
|
|
6732fc7f Fix issue 4793 - M/N multisig transaction signature (naughtyfox)
|
|
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required
- callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens
- wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
|
|
fc98f7a0 rpc: speedup get_outs.bin (moneromooo-monero)
|
|
|
|
b9b307d1 rpc: speedup get_output_distribution (moneromooo-monero)
|
|
1a4d1603 wallet2: remove redundant chacha key generation in store_keys (stoffu)
|
|
Found by codacy.com
|
|
Found by codacy.com
|
|
Motivated by https://monero.stackexchange.com/questions/10483
Some exchanges appear to have customized the wallet software
in an inappropriate way, making the tx extra field partially
unreadable. PR #3716 changed the wallet behavior disallowing
such partially valid tx extra.
An example tx reported by the user is
e87c675a85f34ecac58a8846613d25062f1813e1023c552b705afad32b972c38
where the normal tx pubkey appears again with the aditional
tx pubkeys tag `04` which is inappropriate.
|
|
|
|
|
|
and decrease the amount of data carried around
|
|
e198b06e Fix: out_of_hashchain_bounds_error in refresh (Hasan Pekdemir)
|
|
0afdb00b wallet2: fix print_ring printing double entries for transactions (moneromooo-monero)
|
|
8f3963d2 wallet2: demote a few uninteresting recurring logs to TRACE (moneromooo-monero)
|
|
1598f01c wallet2: use padded bulletproofs for multisig signing (stoffu)
|
|
Coverity 189689, 189690, 189692, 189695
|
|
6e1282b6 wallet2: fix off by one in output picking (moneromooo-monero)
|
|
|
|
|
|
9335d5a2 wallet2: save ring in the ringdb once a tx is created (moneromooo-monero)
|
|
107f3398 wallet2: fix ring reuse breaking when using histogram (moneromooo-monero)
|
