Age | Commit message (Collapse) | Author | Files | Lines |
|
9acf42d3 Multisig M/N functionality core tests added (naughtyfox)
9f3963e8 Arbitrary M/N multisig schemes: * support in wallet2 * support in monero-wallet-cli * support in monero-wallet-rpc * support in wallet api * support in monero-gen-trusted-multisig * unit tests for multisig wallets creation (naughtyfox)
|
|
bef1750f unit_tests: fix longstanding DNS related unit test (moneromooo-monero)
|
|
Coverity 182560
|
|
Coverity 188426
|
|
Coverity 188436, 188433, 188428, 188415, 188416, 188410, 188400,
188298, 188299, 188321, 188342, 188343, 188355, 188357, 188361,
188366, 188374
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- fix integer overflow in n_bulletproof_amounts
- check input scalars are in range
- remove use of environment variable to tweak straus performance
- do not use implementation defined signed shift for signum
|
|
|
|
|
|
|
|
|
|
Also constrains bulletproofs to simple rct, for simplicity
|
|
|
|
Ported from sarang's java code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This class will allow mlocking small objects, of which there
may be several per page. It adds refcounting so pages are only
munlocked when the last object on that page munlocks.
|
|
The secret spend key is kept encrypted in memory, and
decrypted on the fly when needed.
Both spend and view secret keys are kept encrypted in a JSON
field in the keys file. This avoids leaving the keys in
memory due to being manipulated by the JSON I/O API.
|
|
|
|
|
|
This actually prevents copy elision
|
|
|
|
- Support for classes
- Added `remove_prefix` function
- Added `to_mut_span` and `as_mut_byte_span`
|
|
|
|
It was actually incorrect, as it would not return commitment
|
|
|
|
Fixes failing test during Arch package build (due to attempt to write to
~/.bitmonero/...).
Prefix temp dir path with "monero-" because we are not putting it on the
system, so good to identify ourselves in case the dir gets left over due
to crash, etc.
|
|
|
|
This gets rid of the temporary precalc cache.
Also make the RPC able to send data back in binary or JSON,
since there can be a lot of data
This bumps the LMDB database format to v3, with migration.
|
|
|
|
on_generateblocks RPC call combines functionality from the on_getblocktemplate and on_submitblock RPC calls to allow rapid block creation. Difficulty is set permanently to 1 for regtest.
Makes use of FAKECHAIN network type, but takes hard fork heights from mainchain
Default reserve_size in generate_blocks RPC call is now 1. If it is 0, the following error occurs 'Failed to calculate offset for'.
Queries hard fork heights info of other network types
|
|
For some reason, this confuses and kills ASAN on startup
as it thinks const uint8_t ipv4_network_address::ID is
defined multiple times.
|
|
Helps a bit when running with valgrind
|
|
Decrease the number of worker threads by one to account
for the fact the calling thread acts as a worker thread now
|
|
also use reserve where appropriate
|
|
This should help new nodes predict how much disk space will be
needed for a full sync
|
|
a connection's timeout is halved for every extra connection
from the same host.
Also keep track of when we don't need to use a connection
anymore, so we can close it and free the resource for another
connection.
Also use the longer timeout for non routable local addresses.
|
|
|
|
|
|
|
|
|
|
|
|
non-existent versions
|
|
This bumps DB version to 2, migration code will run for v1 DBs
|
|
|
|
|
|
This reverts commit 20ef37bbcac7715d5299dd77d401583420e07ced, reversing
changes made to 40070a661fd2ff503e07f4ed48dfe9fe67cfa297.
|
|
|
|
|
|
|
|
|
|
Annoyingly, its locking semantics are borked since it does not
do any locking
|
|
|
|
|
|
|
|
|
|
|
|
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.
Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.
The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and the "Ledger", which delegates
all calls to Ledger device.
|
|
|
|
|
|
DNSSEC aware servers picked from https://wiki.ipfire.org/dns/public-servers
|
|
|
|
|
|
decodeRct returns the amount, which may be zero
|
|
|
|
|
|
monero/tests/unit_tests/memwipe.cpp:50:8: Warning: suggest explicit braces to avoid ambiguous 'else' [-Wdangling-else]
if (wipe) ASSERT_TRUE(memcmp(quux, "bar", 3));
|
|
Signed-off-by: Maxithi <34792056+Maxithi@users.noreply.github.com>
|
|
|
|
|
|
|
|
The author doesn't seem to be finishing/fixing this, and it
doesn't do anything.
|
|
|
|
and remove a leftover debugging sanity check
|
|
While there, move the wallet2 ctor to the cpp file as it's a huge
amount of init list now, and remove an unused one.
|
|
|
|
|
|
|
|
Useful to speed tests up and avoid unnecessary leftover files
|
|
|
|
Scheme by luigi1111:
Multisig for RingCT on Monero
2 of 2
User A (coordinator):
Spendkey b,B
Viewkey a,A (shared)
User B:
Spendkey c,C
Viewkey a,A (shared)
Public Address: C+B, A
Both have their own watch only wallet via C+B, a
A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants)
A and B watch for incoming outputs
B creates "half" key images for discovered output D:
I2_D = (Hs(aR)+c) * Hp(D)
B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D),
and sending the pubkeys with I2_D.
A also creates "half" key images:
I1_D = (Hs(aR)+b) * Hp(D)
Then I_D = I1_D + I2_D
Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction).
A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D
to his own generated ones where they are needed (secret row L, R).
At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r,
which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo).
B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well).
B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D
to his cache, allowing him to verify spent status as well.
NOTE:
A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively.
Otherwise, trickery like the following becomes possible:
A creates viewkey a,A, spendkey b,B, and sends a,A,B to B.
B creates a fake key C = zG - B. B sends C back to A.
The combined spendkey C+B then equals zG, allowing B to spend funds at any time!
The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature).
2 of 3
User A (coordinator)
Shared viewkey a,A
"spendkey" j,J
User B
"spendkey" k,K
User C
"spendkey" m,M
A collects K and M from B and C
B collects J and M from A and C
C collects J and K from A and B
A computes N = nG, n = Hs(jK)
A computes O = oG, o = Hs(jM)
B anc C compute P = pG, p = Hs(kM) || Hs(mK)
B and C can also compute N and O respectively if they wish to be able to coordinate
Address: N+O+P, A
The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other
needed part of the signature/key images from either of the other two.
Alternatively, if secure communication exists between parties:
A gives j to B
B gives k to C
C gives m to A
Address: J+K+M, A
3 of 3
Identical to 2 of 2, except the coordinator must collect the key images from both of the others.
The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it
or send it back to A.
N-1 of N
Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around
(using either the secure or insecure method).
For example (ignoring viewkey so letters line up):
[4 of 5]
User: spendkey
A: a
B: b
C: c
D: d
E: e
a -> B, b -> C, c -> D, d -> E, e -> A
Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with
the transaction so the signers know if they should use 1 or both keys.
Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each.
Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning:
1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image)
2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator
must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use.
You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might
also be straightforward enough to support with minimal changes from N-1 format.
You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc.
The process is somewhat cumbersome:
To create a N/N multisig wallet:
- each participant creates a normal wallet
- each participant runs "prepare_multisig", and sends the resulting string to every other participant
- each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N)
As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent:
- each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant
- each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants
Then, a transaction may be initiated:
- one of the participants runs "transfer ADDRESS AMOUNT"
- this partly signed transaction will be written to the "multisig_monero_tx" file
- the initiator sends this file to another participant
- that other participant runs "sign_multisig multisig_monero_tx"
- the resulting transaction is written to the "multisig_monero_tx" file again
- if the threshold was not reached, the file must be sent to another participant, until enough have signed
- the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
|
|
free might overwrite the memory, so we can't expect to see
the NULs we overwrote with, but at least we shouldn't see
the original data.
|
|
As a followon side effect, this makes a lot of inline code
included only in particular cpp files (and instanciated
when necessary.
|
|
|
|
|
|
Based on Java code from Sarang Noether
|
|
|
|
|
|
It's meant to avoid being optimized out
memory_cleanse lifted from bitcoin
|
|
While there, also use the new is_arg_defaulted API instead of
going to poke the internal API directly.
|
|
|
|
Those have no reason to be in a generic module
|
|
It's nasty, and actually breaks on Solaris, where if.h fails to
build due to:
struct map *if_memmap;
|
|
|
|
This patch allows to filter out sensitive information for queries that rely on the pool state, when running in restricted mode.
This filtering is only applied to data sent back to RPC queries. Results of inline commands typed locally in the daemon are not affected.
In practice, when running with `--restricted-rpc`:
* get_transaction_pool will list relayed transactions with the fields "last relayed time" and "received time" set to zero.
* get_transaction_pool will not list transaction that have do_not_relay set to true, and will not list key images that are used only for such transactions
* get_transaction_pool_hashes.bin will not list such transaction
* get_transaction_pool_stats will not count such transactions in any of the aggregated values that are computed
The implementation does not make filtering the default, so developers should be mindful of this if they add new RPC functionality.
Fixes #2590.
|
|
|
|
|
|
Tests for checking proper error throwing for out-of-bounds subaddress
indexes, and proper addition of subaddresses.
Signed-off-by: Cole Lightfighter <cole@onicsla.bz>
|
|
Basic unit test fixture, and initialization of a subaddress account.
Signed-off-by: Cole Lightfighter <cole@onicsla.bz>
|
|
Reported by iDunk on IRC
|
|
tcp://a.b.c.d
|
|
The commands handler must not be destroyed before the config
object, or we'll be accessing freed memory.
An earlier attempt at using boost::shared_ptr to control object
lifetime turned out to be very invasive, though would be a
better solution in theory.
|
|
|
|
rather than a raw string without option
|
|
|
|
|
|
- internal nullptr checks
- prevent modifications to network_address (shallow copy issues)
- automagically works with any type containing interface functions
- removed fnv1a hashing
- ipv4_network_address now flattened with no base class
|
|
and relax the not-empty safety check to stay more intuitiuve
|
|
This fixes test failure on builds that happen
to be built in 'build/' instead of 'build/release'.
Use boost filesystem path type.
|
|
Word list authored by: sorpaas
Sources:
lo gimste jo'u lo ma'oste (http://guskant.github.io/lojbo/gismu-cmavo.html)
N-grams of Lojban corpus (https://mw.lojban.org/papri/N-grams_of_Lojban_corpus)
|
|
This saves a lot of space and load/save time for wallet caches
|
|
|
|
It was always returning true, and could not be foreseen to
usefully return errors in the future. This silences CID 162652
as well as saves some checking code in a few places.
|
|
|
|
|
|
This shaves a lot of space off binaries
|
|
This ensures no information is leaked by the ordering
|
|
And optimize import startup:
Remember start_height position during initial count_blocks pass
to avoid having to reread entire file again to arrive at start_height
|
|
Instead of constantly creating and destroying threads
|
|
This algorithm is adapted from Raymond Chen's code:
https://blogs.msdn.microsoft.com/oldnewthing/20170109-00/?p=95145
|
|
Defaults to off, but fluffy blocks are forced enabled on testnet
|
|
|
|
If monerod is started with default sync mode, set it to SAFE after
synchronization completes. Set it back to FAST if synchronization
restarts (e.g. because another peer has a longer blockchain).
If monerod is started with an explicit sync mode, none of this
automation takes effect.
|
|
Hide LMDB-specific stuff behind blockchain_db.h. Nobody besides blockchain_db.cpp
should ever be including DB-specific headers any more.
|
|
|
|
Not used yet.
|
|
Word list authored by: Engelberg, ProkhorZ
Sources:
Baza Radikaro Oficiala
Reta Vortaro (http://www.reta-vortaro.de/revo/)
Esperanto Panorama - Esperanto-English Dictionary (http://www.esperanto-panorama.net/vortaro/eoen.htm)
ESPDIC - Paul Denisowski (http://www.denisowski.org/Esperanto/ESPDIC/espdic.txt)
|
|
|
|
Add get_fork_version and add_ideal_fork_version to core so
cryptonote_protocol does not have to need the Blockchain
class directly, as it's not in its dependencies, and add
those to the fake core classes in tests too.
|
|
|
|
A block queue is now placed between block download and
block processing. Blocks are now requested only from one
peer (unless starved).
Includes a new sync_info coommand.
|
|
|
|
Avoids exception spam for the "nope, not found" case
|
|
Changed Blockchain::for_all_blocks() to for_blocks_range()
Operate on blockchain in-place instead of building a copy first.
|
|
Integration could go further (ie, return_tx_to_pool calls should
not be needed anymore, possibly other things).
poolstate.bin is now obsolete.
|
|
|
|
|
|
|
|
|
|
- Performance improvements
- Added `span` for zero-copy pointer+length arguments
- Added `std::ostream` overload for direct writing to output buffers
- Removal of unused `string_tools::buff_to_hex`
|
|
|
|
and a test to go with it
Remember to run the test when changing word lists, or simplewallet
will throw uncaught if that word list is used.
|
|
An idea from smooth
|
|
|
|
Minimum mixin 4 and enforced ringct is moved from v5 to v6.
v5 is now used for an increased minimum block size (from 60000
to 300000) to cater for larger typical/minimum transaction size.
The fee algorithm is also changed to decrease the base per kB
fee, and add a cheap tier for those transactions which we do
not care if they get delayed (or even included in a block).
|
|
BlockchainDB functions virtual again to avoid missing symbols error
|
|
|
|
should fix a cross dependency betewen cryptonote_basic and
blockchain_db
|
|
|
|
|
|
Fix unit_tests build (get_output_key API change)
|
|
It is simple, supports simple x.y.z type numeric versions,
and does not attempt any kind of validation
|
|
|
|
Due to the change in ordering for adding block and tx data
to the database in f2986ccfc1f41023cd667dbb488a10df492eb8e7,
adding a block twice now throws TX_EXISTS, not BLOCK_EXISTS.
|
|
This speeds up operations such as serving blocks to syncing peers
|
|
- fix wrong block being used when a new block is received between
a node elaying a fluffy block and sending a new fluffy block
with txes a peer did not have
- misc a neverending ping pong requesting the same missing txids
when a new block is received in the meantime, causing the top
block to not be the one we need
- send the original fluffy block message block height when sending
a new fluffy block, not the current top height, which might
have been updated since
- avoid sending back the whole block blob when asking for txes,
send only the hash instead
- plus misc cleanup and additional debugging logs
|
|
|
|
|
|
|
|
|
|
If a checksum word is present, language detection would use
just the word prefixes. However, a set of word prefixes may
be found in more than one language, and so the wrong language
may be found first, which could then fail the checksum, since
the check may be done with a different unique prefix length
from the one it was created from.
We now make a checksum test when we we detect a language from
prefixes only, to make sure we have the correct one.
|
|
Faster throughput while avoiding corruption. I.e., makes
running with --db-sync-mode safe more tolerable.
|
|
|
|
Also print its value when printing pool
|
|
|
|
This is a normal occurence in many cases, and there is no need
to spam the log with those when it is.
|
|
|
|
|
|
tools::dns_utils; support integrated address with dns lookup
|
|
|
|
|
|
- It builds but no further testing has been done.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The fee will vary based on the base reward and the current
block size limit:
fee = (R/R0) * (M0/M) * F0
R: base reward
R0: reference base reward (10 monero)
M: block size limit
M0: minimum block size limit (60000)
F0: 0.002 monero
Starts applying at v4
|
|
|