Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Reported by QuarksLab.
|
|
|
|
Also constrains bulletproofs to simple rct, for simplicity
|
|
|
|
29dea03 epee: resize vectors where possible in serialization (moneromooo-monero)
76affd9 epee: some speedup in parsing (moneromooo-monero)
dc6c069 db_lmdb: speedup the get_output_distribution common case (moneromooo-monero)
76ac5a8 wallet2: ask for a binary output distribution, for speed (moneromooo-monero)
|
|
1f2409e Do memwipe for critical secret keys copied to rct::key (stoffu)
|
|
ac09cfa wallet2: remove obsolete pruned/unpruned case (moneromooo-monero)
|
|
|
|
10475ab node_rpc_proxy: fix fork earliest height caching [RYO backport] (fireice-uk)
|
|
8439306 wallet2: do not divide by 0 on invalid daemon response (moneromooo-monero)
|
|
|
|
|
|
|
|
The secret spend key is kept encrypted in memory, and
decrypted on the fly when needed.
Both spend and view secret keys are kept encrypted in a JSON
field in the keys file. This avoids leaving the keys in
memory due to being manipulated by the JSON I/O API.
|
|
|
|
|
|
0f75717 wallet2: avoid using arbitrary random values when unknown (moneromooo-monero)
|
|
4520cfd wallet2: guard against bad outputs in import_outputs (moneromooo-monero)
|
|
a3fe1c5 simplewallet: add set_tx_key for importing tx keys from 3rd party wallets (stoffu)
|
|
ff37bd0 wallet2: fix O(n^2) behaviour in import_key_images (moneromooo-monero)
|
|
1c6cfd3 wallet-rpc: add get_address_index command (stoffu)
|
|
37f0799 wallet: distinguish coinbase from other txes in show_transfers (moneromooo-monero)
|
|
f2e65c6 wallet2: consider minimum fee when testing if balance is sufficient (stoffu)
|
|
bcab579 wallet: allow adjusting number of rounds for the key derivation function (stoffu)
|
|
34d4b79 wallet2: use a gamma distribution to pick fake outs (moneromooo-monero)
|
|
xref https://github.com/ryo-currency/ryo-currency/pull/86
|
|
All daemons will not support pruned blocks
|
|
|
|
|
|
|
|
|
|
|
|
also some minor speedup
|
|
|
|
2951436 wallet: warn when payment IDs are used (moneromooo-monero)
|
|
a4272de wallet2: unlock keys file before calling verify_password (needed for Windows) (stoffu)
|
|
That takes a lot of time for even not so large wallets
|
|
8c4db68 node_rpc_proxy: factor a few RPC calls using get_info (moneromooo-monero)
|
|
d6440ab wallet2: recover from index out of hashchain bounds error (moneromooo-monero)
|
|
d6d78f1 Allow fractional outputs to be ignored (stoffu)
|
|
3e46db9 rpc: add a non binary get_transaction_pool_hashes RPC (moneromooo-monero)
|
|
|
|
This can happen when there's a very large reorg on the daemon
(ie, on testnet)
|
|
Subaddresses are better for privacy
|
|
This should be proof against any way one might get to multiple
processing, such as generating the same derivation from the
same pubkey, etc
|
|
as per "An Empirical Analysis of Linkability in the Monero
Blockchain", by Miller et al.
|
|
58cceaad wallet2: fix double counting outs if the tx pubkey is duplicated (moneromooo-monero)
|
|
df9d50a8 wallet2: fix read buffer overflow in import_key_images (moneromooo-monero)
|
|
2a19697b wallet2: fix double header in unsigned transfer file (moneromooo-monero)
|
|
bc443494 wallet2: fix out of sync account tag cache (moneromooo-monero)
|
|
|
|
Also added notes to WalletManager::verifyWalletPassword (which afaik seems unused
by anyone at the moment) regarding the need to unlock the keys file beforehand.
|
|
|
|
Takes advantage of caching
|
|
9a39b7d wallet2: fix build for windows (std::max again) (moneromooo-monero)
|
|
|
|
|
|
dcbc17e wallet: include a suggested number of confirmations based on amount (moneromooo-monero)
|
|
8db23df wallet: on first refresh, start off with a quantized height (moneromooo-monero)
|
|
0a5292c wallet2: use decoded amount when reporting repeated output key (stoffu)
|
|
25c15dc wallet2: use correct fee for split txes (stoffu)
|
|
798dfcf wallet: allow unspendable unmixable outputs to be discarded (stoffu)
|
|
08b85a8 cryptonote_config: add get_config to refactor x = testnet ? config::testnet::X : stagenet ? config::stagenet::X : config::X (stoffu)
0cf80ba net_node: resolve host for node addresses given via command line flags (stoffu)
|
|
This is based on how much an attacking miner stands to lose in block
rewardy by mining a private chain which double spends a payment.
This is not foolproof, since mining is based on luck, and breaks
down as the attacking miner nears 50% of the network hash rate,
and the estimation is based on a constant block reward.
|
|
a2b557f 6795bd0 209ec96 ed2c81e a830db2 57ea902 31a895e ba8331c f7f1917 41be339 f025ae9 ef2cb63 dcfd299 5d3e702 2704624 2771a18 0e4c7d0 (moneromooo-monero)
|
|
Speeds up syncing with a lot of outgoing outputs as key generation
runs Cryptonight.
|
|
Decrease the number of worker threads by one to account
for the fact the calling thread acts as a worker thread now
|
|
|
|
|
|
key derivation and checking for incoming outputs are threaded
in batch before adding blocks to the local blockchain. Other
minor bits and bobs are also cached.
|
|
|
|
|
|
|
|
Processing typically is the bottleneck
|
|
|
|
|
|
also use reserve where appropriate
|
|
|
|
|
|
d7a6b72 wallet2: fix bulletproof cold signing (moneromooo-monero)
|
|
bf26920 wallet2: fix get_approximate_blockchain_height for stagenet (stoffu)
|
|
|
|
|
|
|
|
|
|
5a412b7 disable file size sanity check when loading the wallet cache (moneromooo-monero)
|
|
89e51ec simple-wallet-cli: Add warnings about inaccurate balances to to watch-only wallet (jcktm)
|
|
9c2a7b4 wallet-rpc: watch-only and cold wallet features added (ph4r05)
|
|
eb9f3a3 check_spend_proof (itssteven)
|
|
This would cause crashes when trying to tag an account that was
just created
|
|
for privacy reasons, so an untrusted node can't easily track
wallets from IP address to IP address, etc. The granularity
is 1024 blocks, which is about a day and a half.
|
|
|
|
|
|
|
|
config::testnet::X : stagenet ? config::stagenet::X : config::X
|
|
b21bc00 Wallet: added methods to sign and verify arbitrary message with multisig public signer's key (libwallet & wallet api) (naughtyfox)
|
|
f80b157 wallet2: don't ask for pruned txes yet, we still parse the entire tx (moneromooo-monero)
|
|
Cold signing was always using Borromean range proofs, causing
a larger tx, and an incorrect fee
|
|
|
|
- unsigned_txset, signed_txset in transfer / submit_transfer / sign_transfer
- export_outputs, import_outputs
Squashed commits:
[f4d9f3d4] wallet-rpc: do_not_relay removed from submit_transfer
[5b16a86f] wallet-rpc: review-fix - method signature changes, renaming
[b7fbb10a] wallet-rpc: naming fixes (unsigned vs signed), consts renamed
[8c7d2727] wallet-rpc: sign_transfer added
[481d024a] wallet2: sign_tx splitted to work with strings and structs, more granular
[2a474db9] wallet-rpc: wallet2::load_unsigned_tx split to load from str, file
[b1e3a018] wallet-rpc: review fix, load_tx_from_str variable rename
[1f6373be] wallet-rpc: review fix: save_tx_to_{str,file}
[2a08eafc] wallet-rpc: review comments fixes
- redundant this removed from wallet2.cpp
- load_tx_from_str, load_tx_from_file
[43498052] wallet-rpc: submit_transfer added
[9c45d1ad] wallet-rpc: watch_only check, return unsigned_txset
[62831396] wallet2: added string variants to load_tx, save_tx
- analogously to save_multisig_tx
- required for monero-wallet-rpc to support watch-only wallet
|
|
47fdb74 WalletApi: getMultisigInfo entry for gui wallets... (naughtyfox)
47fdb74 Refactored: work with wallet api statuses to make setting and getting operations atomic along with error strings (naughtyfox)
|
|
|
|
|
|
80d2f80 wallet2: Update function parameter documentation (leonklingele)
|
|
|
|
|
|
wallet
|
|
|
|
My intention is to mitigate #3761 by returning "bad signature", rather than throwing an error, as the error is triggered inappropriately in the case of checking a different txid than the one used to create the signature, which causes issues for monerophp: https://github.com/monero-integrations/monerophp/issues/72 & my temp fix: https://github.com/monero-integrations/monerophp/pull/74
|
|
ffeeefde speedup get_output_histogram for all amounts when min_count > 0 (moneromooo-monero)
2dae0f20 wallet2: add missing parameters to get_output_histogram (moneromooo-monero)
|
|
5bd7f760 import_multisig_info: fix sanity check crash in detach_blockchain (Mikhail Mitkevichl)
|
|
public signer's key (libwallet & wallet api)
|
|
|
|
|
|
875c1cab wallet2: increase rpc timeout for get_output_distribution (moneromooo-monero)
70f23217 add top height to get_output_distribution, and cache it for rct (moneromooo-monero)
8c7363fb rpc: add missing perf timer for get_output_distribution (moneromooo-monero)
|
|
|
|
This should cache the vast majority of calls for long running wallets
|
|
|
|
|
|
When additional keys was needed, the TX scan failed because the
derivation data was always recomputed with the main tx_key and not
the corresponding additional one.
Moreover this patch avoid perf decreasing when not using HW device.
|
|
73951cbd wallet2: request transactions in slices when scanning for known rings (moneromooo-monero)
25fe67e4 rpc: allow getting pruned blocks from gettransactions (moneromooo-monero)
|
|
24acb66e wallet2: fix misc issues when the ringdb can't be initialized (moneromooo-monero)
|
|
0b26c4d5 wallet2: move segregation height to v7 (moneromooo-monero)
|
|
eecfb57d wallet: warn if not using the default ring size (moneromooo-monero)
|
|
|
|
11c933e1 fix lambda compile error on openbsd (moneromooo-monero)
|
|
c77d2bfa Add the possibility to export private view key for fast scan. (cslashm)
100b7bc1 Change mutex lock model to avoid dead lock and ensure locks are always released. (cslashm)
641dfc99 Automatic height setup when creating/restoring hw device. (cslashm)
|
|
eaa8bfe7 wallet2: set from_height of GET_OUTPUT_DISTRIBUTION correctly The previous expression (stoffu)
0a619f78 wallet2: enable the mitigation only after the fork height (stoffu)
|
|
0098ed33 wallet2: fix for loading settings of key reuse mitigation (stoffu)
|
|
This avoid massive memory consumption for huge wallets
|
|
and get them pruned in find_and_save_rings, since it does not need
the pruned data in the first place.
Also set decode_to_json to false where missing, we don't need this
either.
|
|
since people seem to really want to use things the wrong way.
|
|
On client startup the device asks for authorization to export the private view key.
If user agree, the client hold the private view key allowing a fast blockchain scan.
If the user does not agree, the blockchain scan is fully done via the device.
|
|
|
|
WalletApi: makeMultisig call introduced
WalletApi: finalizeMultisig call introduced
WalletApi: new calls exportMultisigImages and importMultisigImages
WalletApi: method to return multisig wallet creation state
WalletApi: create multisig transaction, sign multisig transaction, commit transaction and get multisig data are added
WalletApi: identation and style fixes
|
|
|
|
The previous expression
req_t.from_height = X ? Y >= Z : 0;
forces the parameter to take the value of either 0 or 1.
|
|
|
|
|
|
|
|
via user setting first, then DNS TXT record, hardcoded fallback
|
|
57c0b1ed Fix typos in various files (Dimitris Apostolou)
|
|
It can now take a txid (to display rings for all its inputs),
and will print rings in a format that set_ring understands
|
|
This will avoid careless forkers polluting the shared database
even if they make their own chain. They'll then automatically
start using another subdb, and any key-reusing fork of those
forks will reuse their subdbs.
|
|
This is so one can set rings for spent key images in case the
attackers don't merge the ring matching patch set.
|
|
|
|
|
|
If a pre-fork output is spent on both Monero and attack chain,
any post-fork output can be deduced to be a fake output, thereby
decreasing the effective ring size.
The segregate-per-fork-outputs option, on by default, allows
selecting only pre-fork outputs in this case, so that the same
ring can be used when spending it on the other side, which does
not decrease the effective ring size.
This is intended to be SET when intending to spend Monero on the
attack fork, and to be UNSET if not intending to spend Monero
on the attack fork (since it leaks the fact that the output being
spent is pre-fork).
If the user is not certain yet whether they will spend pre-fork
outputs on a key reusing fork, the key-reuse-mitigation2 option
should be SET instead.
If you use this option and intend to spend Monero on both forks,
then spend real Monero first.
|
|
This maps key images to rings, so that different forks can reuse
the rings by key image. This avoids revealing the real inputs like
would happen if two forks spent the same outputs with different
rings. This database is meant to be shared with all Monero forks
which don't bother making a new chain, putting users' privacy at
risk in the process. It is placed in a shared data directory by
default ($HOME/.shared-ringdb on UNIX like systems). You may
use --shared-ringdb-dir to override this location, and should
then do so for all Monero forks for them to share the database.
|
|
|
|
|
|
This completes and fixes various parameters docs
|
|
invoke_http_json_rpc("/json_rpc",methodname,...) to reduce boilerplate
|
|
c577abab wallet: fix auto low priority so that it takes effect only when saved default is 0 (stoffu)
|
|
1d39b265 wallet2: fix use_fork_rules() when querying version that is defined but not enabled yet (stoffu)
|
|
9abeff59 wallet2: handle no blocks returned in refresh to mean no new blocks (moneromooo-monero)
|
|
|
|
When #3303 was merged, a cyclic dependency chain was generated:
libdevice <- libcncrypto <- libringct <- libdevice
This was because libdevice needs access to a set of basic crypto operations
implemented in libringct such as scalarmultBase(), while libringct also needs
access to abstracted crypto operations implemented in libdevice such as
ecdhEncode(). To untangle this cyclic dependency chain, this patch splits libringct
into libringct_basic and libringct, where the basic crypto ops previously in
libringct are moved into libringct_basic. The cyclic dependency is now resolved
thanks to this separation:
libcncrypto <- libringct_basic <- libdevice <- libcryptonote_basic <- libringct
This eliminates the need for crypto_device.cpp and rctOps_device.cpp.
Also, many abstracted interfaces of hw::device such as encrypt_payment_id() and
get_subaddress_secret_key() were previously implemented in libcryptonote_basic
(cryptonote_format_utils.cpp) and were then called from hw::core::device_default,
which is odd because libdevice is supposed to be independent of libcryptonote_basic.
Therefore, those functions were moved to device_default.cpp.
|
|
|
|
aa8bef0c fix error message typo in wallet2.cpp (cryptochangements34)
|
|
1979d53d wallet: fixes and tweaks to the save_watch_only command (moneromooo-monero)
|
|
73dd883d Ledger HW Bug fixes (Cédric)
|
|
91d97dd4 fuzz_tests: set small subaddress lookahead for speed (moneromooo-monero)
5f85cc7e wallet2: guard against overflowing of subaddress indices (moneromooo-monero)
|
|
649a1b7a wallet2 / simplewallet: Must opt-in to create '.address.txt' files for new wallets (Leon Klingele)
|
|
|
|
enabled yet
|
|
default is 0
|
|
Fix the way the REAL mode is handle:
Let create_transactions_2 and create_transactions_from construct the vector of transactions.
Then iterate on it and resign.
We just need to add 'outs' list in the TX struct for that.
Fix default secret keys value when DEBUG_HWDEVICE mode is off
The magic value (00...00 for view key and FF..FF for spend key) was not correctly set
when DEBUG_HWDEVICE was off. Both was set to 00...00.
Add sub-address info in ABP map in order to correctly display destination sub-address on device
Fix DEBUG_HWDEVICE mode:
- Fix compilation errors.
- Fix control device init in ledger device.
- Add more log.
Fix sub addr control
Fix debug Info
|
|
This is not a possible return from the daemon, but I want this in
now so all wallets handle this when the daemon starts doing so.
|
|
wallets
Previously, a file containing the unencrypted Monero address was
created by default in the wallet's directory. This file might pose
as a privacy risk. The creation of this file is now opt-in and can
be enabled by providing
--create-address-file
|
|
|
|
- save the new keys file as FOO-watchonly.keys, not FOO.keys-watchonly
- catch any exception (eg, I/O errors) and error out
- print the new keys filename in simplewallet
|
|
|
|
43026822 Wallet2 + CLI wallet: UTF-8 support for filenames and paths under Windows (rbrunner7)
|
|
0e7ad2e2 Wallet API: generalize 'bool testnet' to 'NetworkType nettype' (stoffu)
af773211 Stagenet (stoffu)
cc9a0bee command_line: allow args to depend on more than one args (stoffu)
55f8d917 command_line::get_arg: remove 'required' for dependent args as they're always optional (stoffu)
450306a0 command line: allow has_arg to handle arg_descriptor<bool,false,true> #3318 (stoffu)
9f9e095a Use `genesis_tx` parameter in `generate_genesis_block`. #3261 (Jean Pierre Dudey)
|
|
f3b74e75 Fix refresh height estimation (Howard Chu)
|
|
|
|
|
|
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.
Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.
The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and the "Ledger", which delegates
all calls to Ledger device.
|
|
|
|
df5273de wallet2: fix auto_low_priority field name typo on load (moneromooo-monero)
|
|
89ad162a wallet2: remove unused m_subaddresses_inv (moneromooo-monero)
f2c4c399 wallet2: speed up subaddress generation (by about a third) (moneromooo-monero)
|
|
3c33e131 wallet2: don't store invalid key image when watch-only (stoffu)
0133b348 wallet2: don't throw when spent amount is inconsistent (stoffu)
|
|
|
|
|
|
Since commit b0426d4c refresh height for a newly created wallet
connected to a sync'd daemon was off by a month. Now we only use
the 1 month safety margin if we're unable to talk to a daemon.
|
|
3be98036 wallet-cli: Do not ask for scan_from_height if it explicitly is set to zero. (Maximilian Lupke)
|
|
a85dbb3f Fixed typos and wording tweaks (Maxithi)
|
|
|
|
|
|
|
|
|
|
and set v7 height to 1057027 on testnet (one block earlier)
This is to easily dump current nodes since we're going to change
the v7 rules with this.
|
|
|
|
not full)
|
|
|
|
269ba252 wallet2::import_blockchain fix import loop (Jaquee)
|
|
3160a930 wallet2: remove {set|get}_default_decimal_point and use the same funcs under cryptonote:: instead (stoffu)
7d1088d3 wallet2: make scan_output const and omit keys arg (stoffu)
bc1ee2c2 wallet2: make member functions const when possible (stoffu)
|
|
ca336c62 simplewallet: check file overwrite when exporting stuff (stoffu)
|