Minor non-blocker updates to Crypto. #360
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Inline comment and idea come from the encprivkeys branch by Matt Corallo <matt@bluematt.me>.
This commit adds support for ckeys, or enCrypted private keys, to the wallet. All keys are stored in memory in their encrypted form and thus the passphrase is required from the user to spend coins, or to create new addresses. Keys are encrypted with AES-256-CBC through OpenSSL's EVP library. The key is calculated via EVP_BytesToKey using SHA512 with (by default) 25000 rounds and a random salt. By default, the user's wallet remains unencrypted until they call the RPC command encryptwallet <password> or, from the GUI menu, Options-> Encrypt Wallet. When the user is attempting to call RPC functions which require the password to unlock the wallet, an error will be returned unless they call walletpassword <password> <time to keep key in memory> first. A keypoolrefill command has been added which tops up the users keypool (requiring the password via walletpassword first). keypoolsize has been added to the output of getinfo to show the user the number of keys left before they need to specify their password and call topupkeypool. When the keypool runs out (and wallet is locked) GetOrReuseKeyFromPool returns vchDefaultKey, meaning miners may start to generate many blocks to vchDefaultKey instead of a new key each time. A walletpasswordchange <oldpassword> <newpassword> has been added to allow the user to change their password via RPC. Whenever keying material (unencrypted private keys, the user's password, the wallet's AES key) is stored unencrypted in memory, any reasonable attempt is made to mlock/VirtualLock that memory before storing the keying material. This is not true in several (commented) cases where mlock/VirtualLocking the memory is not possible. Although encryption of private keys in memory can be very useful on desktop systems (as some small amount of protection against stupid viruses), on an RPC server, the password is entered fairly insecurely. Thus, the only main advantage encryption has for RPC servers is for RPC servers that do not spend coins, except in rare cases, eg. a webserver of a merchant which only receives payment except for cases of manual intervention. Thanks to jgarzik for the original patch and sipa for all his input.
|
This grew way to quick, so I merged it into the Crypto pull. |
jtimon
pushed a commit
to jtimon/bitcoin
that referenced
this pull request
Mar 11, 2016
991d637 Pedersen commitments, borromean ring signatures, and ZK range proofs. 6ab73e4 Add 64-bit integer utilities bd2895f Merge pull request bitcoin#371 e5a9047 [Trivial] Remove double semicolons c18b869 Merge pull request bitcoin#360 3026daa Merge pull request bitcoin#302 03d4611 Add sage verification script for the group laws a965937 Merge pull request bitcoin#361 83221ec Add experimental features to configure 5d4c5a3 Prevent damage_array in the signature test from going out of bounds. 419bf7f Merge pull request bitcoin#356 6c527ec Merge pull request bitcoin#357 445f7f1 Fix for Windows compile issue 03d84a4 Benchmark against OpenSSL verification 2bfb82b Merge pull request bitcoin#351 06aeea5 Turn secp256k1_ec_pubkey_serialize outlen to in/out 970164d Merge pull request bitcoin#348 6466625 Improvements for coordinate decompression e2100ad Merge pull request bitcoin#347 8e48787 Change secp256k1_ec_pubkey_combine's count argument to size_t. c69dea0 Clear output in more cases for pubkey_combine, adds tests. 269d422 Comment copyediting. b4d17da Merge pull request bitcoin#344 4709265 Merge pull request bitcoin#345 26abce7 Adds 32 static test vectors for scalar mul, sqr, inv. 5b71a3f Better error case handling for pubkey_create & pubkey_serialize, more tests. 3b7bc69 Merge pull request bitcoin#343 eed87af Change contrib/laxder from headers-only to files compilable as standalone C d7eb1ae Merge pull request bitcoin#342 7914a6e Make lax_der_privatekey_parsing.h not depend on internal code 73f64ff Merge pull request bitcoin#339 9234391 Overhaul flags handling 1a36898 Make flags more explicit, add runtime checks. 1a3e03a Merge pull request bitcoin#340 96be204 Add additional tests for eckey and arg-checks. bb5aa4d Make the tweak function zeroize-output-on-fail behavior consistent. 4a243da Move secp256k1_ec_privkey_import/export to contrib. 1b3efc1 Move secp256k1_ecdsa_sig_recover into the recovery module. e3cd679 Eliminate all side-effects from VERIFY_CHECK() usage. b30fc85 Avoid nonce_function_rfc6979 algo16 argument emulation. 70d4640 Make secp256k1_ec_pubkey_create skip processing invalid secret keys. 6c476a8 Minor comment improvements. 131afe5 Merge pull request bitcoin#334 0c6ab2f Introduce explicit lower-S normalization fea19e7 Add contrib/lax_der_parsing.h 3bb9c44 Rewrite ECDSA signature parsing code fa57f1b Use secp256k1_rand_int and secp256k1_rand_bits more 49b3749 Add new tests for the extra testrand functions f684d7d Faster secp256k1_rand_int implementation 251b1a6 Improve testrand: add extra random functions 31994c8 Merge pull request bitcoin#338 f79aa88 Bugfix: swap arguments to noncefp c98df26 Merge pull request bitcoin#319 67f7da4 Extensive interface and operations tests for secp256k1_ec_pubkey_parse. ee2cb40 Add ARG_CHECKs to secp256k1_ec_pubkey_parse/secp256k1_ec_pubkey_serialize 7450ef1 Merge pull request bitcoin#328 68a3c76 Merge pull request bitcoin#329 98135ee Merge pull request bitcoin#332 37100d7 improve ECDH header-doc b13d749 Fix couple of typos in API comments 7c823e3 travis: fixup module configs cc3141a Merge pull request bitcoin#325 ee58fae Merge pull request bitcoin#326 213aa67 Do not force benchmarks to be statically linked. 338fc8b Add API exports to secp256k1_nonce_function_default and secp256k1_nonce_function_rfc6979. 52fd03f Merge pull request bitcoin#320 9f6993f Remove some dead code. 357f8cd Merge pull request bitcoin#314 118cd82 Use explicit symbol visibility. 4e64608 Include public module headers when compiling modules. 1f41437 Merge pull request bitcoin#316 fe0d463 Merge pull request bitcoin#317 cfe0ed9 Fix miscellaneous style nits that irritate overactive static analysis. 2b199de Use the explicit NULL macro for pointer comparisons. 9e90516 Merge pull request bitcoin#294 dd891e0 Get rid of _t as it is POSIX reserved 201819b Merge pull request bitcoin#313 912f203 Eliminate a few unbraced statements that crept into the code. eeab823 Merge pull request bitcoin#299 486b9bb Use a flags bitfield for compressed option to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export 05732c5 Callback data: Accept pointers to either const or non-const data 1973c73 Bugfix: Reinitialise buffer lengths that have been used as outputs 788038d Use size_t for lengths (at least in external API) c9d7c2a secp256k1_context_set_{error,illegal}_callback: Restore default handler by passing NULL as function argument 9aac008 secp256k1_context_destroy: Allow NULL argument as a no-op 64b730b secp256k1_context_create: Use unsigned type for flags bitfield cb04ab5 Merge pull request bitcoin#309 a551669 Merge pull request bitcoin#295 81e45ff Update group_impl.h 85e3a2c Merge pull request bitcoin#112 b2eb63b Merge pull request bitcoin#293 dc0ce9f [API BREAK] Change argument order to out/outin/in 6d947ca Merge pull request bitcoin#298 c822693 Merge pull request bitcoin#301 6d04350 Merge pull request bitcoin#303 7ab311c Merge pull request bitcoin#304 5fb3229 Fixes a bug where bench_sign would fail due to passing in too small a buffer. 263dcbc remove unused assignment b183b41 bugfix: "ARG_CHECK(ctx != NULL)" makes no sense 6da1446 build: fix parallel build 5eb4356 Merge pull request bitcoin#291 c996d53 Print success 9f443be Move pubkey recovery code to separate module d49abbd Separate ECDSA recovery tests 439d34a Separate recoverable and normal signatures a7b046e Merge pull request bitcoin#289 f66907f Improve/reformat API documentation secp256k1.h 2f77487 Add context building benchmarks cc623d5 Merge pull request bitcoin#287 de7e398 small typo fix 2b4cf41 Use pkg-config always when possible, with failover to manual checks for libcrypto REVERT: 71ed475 Pedersen commitments, borromean ring signatures, and ZK range proofs. REVERT: afd1379 Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: 991d637d80377f09d574afb8482c45ed628f17a3
laanwj
added a commit
to laanwj/bitcoin
that referenced
this pull request
Aug 16, 2016
7a49cac Merge bitcoin#410: Add string.h include to ecmult_impl 0bbd5d4 Add string.h include to ecmult_impl c5b32e1 Merge bitcoin#405: Make secp256k1_fe_sqrt constant time 926836a Make secp256k1_fe_sqrt constant time e2a8e92 Merge bitcoin#404: Replace 3M + 4S doubling formula with 2M + 5S one 8ec49d8 Add note about 2M + 5S doubling formula 5a91bd7 Merge bitcoin#400: A couple minor cleanups ac01378 build: add -DSECP256K1_BUILD to benchmark_internal build flags a6c6f99 Remove a bunch of unused stdlib #includes 65285a6 Merge bitcoin#403: configure: add flag to disable OpenSSL tests a9b2a5d configure: add flag to disable OpenSSL tests b340123 Merge bitcoin#402: Add support for testing quadratic residues e6e9805 Add function for testing quadratic residue field/group elements. efd953a Add Jacobi symbol test via GMP fa36a0d Merge bitcoin#401: ecmult_const: unify endomorphism and non-endomorphism skew cases c6191fd ecmult_const: unify endomorphism and non-endomorphism skew cases 0b3e618 Merge bitcoin#378: .gitignore build-aux cleanup 6042217 Merge bitcoin#384: JNI: align shared files copyright/comments to bitcoinj's 24ad20f Merge bitcoin#399: build: verify that the native compiler works for static precomp b3be852 Merge bitcoin#398: Test whether ECDH and Schnorr are enabled for JNI aa0b1fd build: verify that the native compiler works for static precomp eee808d Test whether ECDH and Schnorr are enabled for JNI 7b0fb18 Merge bitcoin#366: ARM assembly implementation of field_10x26 inner (rebase of bitcoin#173) 001f176 ARM assembly implementation of field_10x26 inner 0172be9 Merge bitcoin#397: Small fixes for sha256 3f8b78e Fix undefs in hash_impl.h 2ab4695 Fix state size in sha256 struct 6875b01 Merge bitcoin#386: Add some missing `VERIFY_CHECK(ctx != NULL)` 2c52b5d Merge bitcoin#389: Cast pointers through uintptr_t under JNI 43097a4 Merge bitcoin#390: Update bitcoin-core GitHub links 31c9c12 Merge bitcoin#391: JNI: Only call ecdsa_verify if its inputs parsed correctly 1cb2302 Merge bitcoin#392: Add testcase which hits additional branch in secp256k1_scalar_sqr d2ee340 Merge #388: bench_ecdh: fix call to secp256k1_context_create 093a497 Add testcase which hits additional branch in secp256k1_scalar_sqr a40c701 JNI: Only call ecdsa_verify if its inputs parsed correctly faa2a11 Update bitcoin-core GitHub links 47b9e78 Cast pointers through uintptr_t under JNI f36f9c6 bench_ecdh: fix call to secp256k1_context_create bcc4881 Add some missing `VERIFY_CHECK(ctx != NULL)` for functions that use `ARG_CHECK` 6ceea2c align shared files copyright/comments to bitcoinj's 70141a8 Update .gitignore 7b549b1 Merge bitcoin#373: build: fix x86_64 asm detection for some compilers bc7c93c Merge bitcoin#374: Add note about y=0 being possible on one of the sextic twists e457018 Merge bitcoin#364: JNI rebased 86e2d07 JNI library: cleanup, removed unimplemented code 3093576 JNI library bd2895f Merge pull request bitcoin#371 e72e93a Add note about y=0 being possible on one of the sextic twists 3f8fdfb build: fix x86_64 asm detection for some compilers e5a9047 [Trivial] Remove double semicolons c18b869 Merge pull request bitcoin#360 3026daa Merge pull request bitcoin#302 03d4611 Add sage verification script for the group laws a965937 Merge pull request bitcoin#361 83221ec Add experimental features to configure 5d4c5a3 Prevent damage_array in the signature test from going out of bounds. 419bf7f Merge pull request bitcoin#356 03d84a4 Benchmark against OpenSSL verification git-subtree-dir: src/secp256k1 git-subtree-split: 7a49cac
maflcko
pushed a commit
to maflcko/bitcoin-core
that referenced
this pull request
Dec 13, 2016
8225239 Merge bitcoin#433: Make the libcrypto detection fail the newer API. 12de863 Make the libcrypto detection fail the newer API. 2928420 Merge bitcoin#427: Remove Schnorr from travis as well 8eecc4a Remove Schnorr from travis as well a8abae7 Merge bitcoin#310: Add exhaustive test for group functions on a low-order subgroup b4ceedf Add exhaustive test for verification 83836a9 Add exhaustive tests for group arithmetic, signing, and ecmult on a small group 20b8877 Add exhaustive test for group functions on a low-order subgroup 80773a6 Merge bitcoin#425: Remove Schnorr experiment e06e878 Remove Schnorr experiment 04c8ef3 Merge bitcoin#407: Modify parameter order of internal functions to match API parameter order 6e06696 Merge bitcoin#411: Remove guarantees about memcmp-ability 40c8d7e Merge bitcoin#421: Update scalar_4x64_impl.h a922365 Merge bitcoin#422: Restructure nonce clearing 3769783 Restructure nonce clearing 0f9e69d Restructure nonce clearing 9d67afa Update scalar_4x64_impl.h 7d15cd7 Merge bitcoin#413: fix auto-enabled static precompuatation 00c5d2e fix auto-enabled static precompuatation 91219a1 Remove guarantees about memcmp-ability 7a49cac Merge bitcoin#410: Add string.h include to ecmult_impl 0bbd5d4 Add string.h include to ecmult_impl 353c1bf Fix secp256k1_ge_set_table_gej_var parameter order 541b783 Fix secp256k1_ge_set_all_gej_var parameter order 7d893f4 Fix secp256k1_fe_inv_all_var parameter order c5b32e1 Merge bitcoin#405: Make secp256k1_fe_sqrt constant time 926836a Make secp256k1_fe_sqrt constant time e2a8e92 Merge bitcoin#404: Replace 3M + 4S doubling formula with 2M + 5S one 8ec49d8 Add note about 2M + 5S doubling formula 5a91bd7 Merge bitcoin#400: A couple minor cleanups ac01378 build: add -DSECP256K1_BUILD to benchmark_internal build flags a6c6f99 Remove a bunch of unused stdlib #includes 65285a6 Merge bitcoin#403: configure: add flag to disable OpenSSL tests a9b2a5d configure: add flag to disable OpenSSL tests b340123 Merge bitcoin#402: Add support for testing quadratic residues e6e9805 Add function for testing quadratic residue field/group elements. efd953a Add Jacobi symbol test via GMP fa36a0d Merge bitcoin#401: ecmult_const: unify endomorphism and non-endomorphism skew cases c6191fd ecmult_const: unify endomorphism and non-endomorphism skew cases 0b3e618 Merge bitcoin#378: .gitignore build-aux cleanup 6042217 Merge bitcoin#384: JNI: align shared files copyright/comments to bitcoinj's 24ad20f Merge bitcoin#399: build: verify that the native compiler works for static precomp b3be852 Merge bitcoin#398: Test whether ECDH and Schnorr are enabled for JNI aa0b1fd build: verify that the native compiler works for static precomp eee808d Test whether ECDH and Schnorr are enabled for JNI 7b0fb18 Merge bitcoin#366: ARM assembly implementation of field_10x26 inner (rebase of bitcoin#173) 001f176 ARM assembly implementation of field_10x26 inner 0172be9 Merge bitcoin#397: Small fixes for sha256 3f8b78e Fix undefs in hash_impl.h 2ab4695 Fix state size in sha256 struct 6875b01 Merge bitcoin#386: Add some missing `VERIFY_CHECK(ctx != NULL)` 2c52b5d Merge bitcoin#389: Cast pointers through uintptr_t under JNI 43097a4 Merge bitcoin#390: Update bitcoin-core GitHub links 31c9c12 Merge bitcoin#391: JNI: Only call ecdsa_verify if its inputs parsed correctly 1cb2302 Merge bitcoin#392: Add testcase which hits additional branch in secp256k1_scalar_sqr d2ee340 Merge #388: bench_ecdh: fix call to secp256k1_context_create 093a497 Add testcase which hits additional branch in secp256k1_scalar_sqr a40c701 JNI: Only call ecdsa_verify if its inputs parsed correctly faa2a11 Update bitcoin-core GitHub links 47b9e78 Cast pointers through uintptr_t under JNI f36f9c6 bench_ecdh: fix call to secp256k1_context_create bcc4881 Add some missing `VERIFY_CHECK(ctx != NULL)` for functions that use `ARG_CHECK` 6ceea2c align shared files copyright/comments to bitcoinj's 70141a8 Update .gitignore 7b549b1 Merge bitcoin#373: build: fix x86_64 asm detection for some compilers bc7c93c Merge bitcoin#374: Add note about y=0 being possible on one of the sextic twists e457018 Merge bitcoin#364: JNI rebased 86e2d07 JNI library: cleanup, removed unimplemented code 3093576 JNI library bd2895f Merge pull request bitcoin#371 e72e93a Add note about y=0 being possible on one of the sextic twists 3f8fdfb build: fix x86_64 asm detection for some compilers e5a9047 [Trivial] Remove double semicolons c18b869 Merge pull request bitcoin#360 3026daa Merge pull request bitcoin#302 03d4611 Add sage verification script for the group laws a965937 Merge pull request bitcoin#361 83221ec Add experimental features to configure 5d4c5a3 Prevent damage_array in the signature test from going out of bounds. 419bf7f Merge pull request bitcoin#356 03d84a4 Benchmark against OpenSSL verification git-subtree-dir: src/secp256k1 git-subtree-split: 8225239
deadalnix
pushed a commit
to deadalnix/bitcoin
that referenced
this pull request
Jan 19, 2017
83221ec Add experimental features to configure (Pieter Wuille)
deadalnix
pushed a commit
to deadalnix/bitcoin
that referenced
this pull request
Mar 20, 2017
Removal of alert system
classesjack
pushed a commit
to classesjack/bitcoin
that referenced
this pull request
Jan 2, 2018
fix the help message for rpc example port
lateminer
pushed a commit
to lateminer/bitcoin
that referenced
this pull request
Oct 16, 2019
version 0.6.3
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For a pull after new wallet crypto.