Commit graph

140 commits

Author SHA1 Message Date
Josh Rickmar
d714bf3310 Refactor wallet opening.
Rather than the main package being responsible for opening the address
and transaction managers, the namespaces of these components are
passed as parameters to the wallet.Open function.

Additionally, the address manager Options struct has been split into
two: ScryptOptions which holds the scrypt parameters needed during
passphrase key derivation, and OpenCallbacks which is only passed to
the Open function to allow the caller to provide additional details
during upgrades.

These changes are being done in preparation for a notification server
in the wallet package, with callbacks passed to the Open and Create
functions in waddrmgr and wtxmgr.  Before this could happen, the
wallet package had to be responsible for actually opening the managers
from their namespaces.
2015-05-14 14:33:33 -04:00
Dave Collins
c820c8a015 Relicense to the btcsuite developers. 2015-05-01 12:20:05 -05:00
Josh Rickmar
0ae57f2564 Fix waddrmgr version 4 upgrade path.
If the account number to name index mapped the default account name to
an alias, the upgrade would not succeed and the upgrade would be
aborted (and rolled back).

This became a problem for upgrading old (pre-v3) wallets since the v3
upgrade did not rename the previous "" account to "default", but
instead just created an alias.

Fix tested by @dajohi, who ran into this issue with a wallet upgrade
from an older keystore version.
2015-05-01 12:24:22 -04:00
Josh Rickmar
ec6034e2d9 Modify default account naming policy.
Rather than disallowing the default account to be renamed as was
proposed in #245 (and implemented in #246), the default account name
is no longer considered a reserved name by the address manager.
Instead, it is simply the initial name used for the first initial
account.

A database upgrade removes any additional aliases for the default
account in the database.  This prevents a lookup for some name which
is not an account name from mapping to the default account
unexpectedly (potentially preventing incorrect account usage from the
RPC server due to bad iteraction with default parameters).

All unset account names in a JSON-RPC request are expected to be set
nil by btcjson.  This behavior depends on btcsuite/btcd#399.

Additionally, the manager no longer considers the wildcard * to be a
reserved account name.  Due to poor API decisions, the RPC server
overloads the meaning of account fields to optionally allow referring
to all accounts at a time, or a single account.  This is not a address
manager responsibility, though, as a future cleaner API should not use
multiple differet meanings for the same field across multiple
requests.  Therefore, don't burden down future APIs with this quirk
and prevent incorrect wildcard usage from the RPC server.

Closes #245.
2015-05-01 01:30:20 -04:00
Javed Khan
ee72c81a73 Added additional test cases for account tests 2015-04-27 22:53:58 +05:30
Javed Khan
74208f90c1 CurrentAddress: subsequently return new address 2015-04-16 06:34:25 +05:30
Manan Patel
3940e853f8 golinted waddrmgr package 2015-04-02 15:43:32 -05:00
Guilherme Salgado
2181f4859d votingpool: implement Pool.StartWithdrawal()
<http://opentransactions.org/wiki/index.php/Voting_Pool_Withdrawal_Process>

Also includes some refactorings and other improvements, including better docs
and a new error type (votingpool.Error) used for all votingpool-specific
errors.
2015-04-01 15:55:42 +01:00
Javed Khan
68a9168d9e Updated waddrmgr to manage account names 2015-03-19 06:28:23 +05:30
Javed Khan
85fe722e99 Mark used addresses as such 2015-03-11 01:23:46 +05:30
Josh Rickmar
4d9c43593d Consolidate and optimize zero functions.
This introduce a new internal package to deal with the explicit
clearing of data (such as private keys) in byte slices, byte arrays
(32 and 64-bytes long), and multi-precision "big" integers.

Benchmarks from a xeon e3 (Xor is the zeroing funcion which Bytes
replaces):

BenchmarkXor32  30000000                52.1 ns/op
BenchmarkXor64  20000000                91.5 ns/op
BenchmarkRange32        50000000                31.8 ns/op
BenchmarkRange64        30000000                49.5 ns/op
BenchmarkBytes32        200000000               10.1 ns/op
BenchmarkBytes64        100000000               15.4 ns/op
BenchmarkBytea32        1000000000               2.24 ns/op
BenchmarkBytea64        300000000                4.46 ns/op

Removes an XXX from the votingpool package.
2015-03-05 21:32:33 -05:00
Dave Collins
c8bdd71074 waddrmgr: Make create/update logic more explicit.
This commit makes the creation and updating of the address manager more
explicit so it's easier to upgrade in the future.

In particular, rather than treating the initial creation as an upgrade by
relying on creating the initial buckets on the fly on each load, the code
now explicitly provides distinct create and upgrade paths that are invoked
from the Create and Open functions, respectively.

It also adds some commented out sample code to illustrate how upgrades
should be done and a check to ensure bumping the version number without
writing upgrade code results in a new error, ErrUpgrade, being returned.

Finally, a test has been added for the new functionality.
2015-03-04 14:12:47 -06:00
Dave Collins
8f9f53a618 Switch to new waddrmgr package
This commit converts the wallet to use the new secure hierarchical
deterministic wallet address manager package as well as the walletdb
package.

The following is an overview of modified functionality:

- The wallet must now be created before starting the executable
- A new flag --create has been added to create the new wallet using wizard
  style question and answer prompts
- Starting the process without an existing wallet will instruct now
  display a message to run it with --create
- Providing the --create flag with an existing wallet will simply show an
  error and return

In addition the snacl package has been modified to return the memory after
performing scrypt operations to the OS.

Previously a runtime.GC was being invoked which forced it to release the
memory as far as the garbage collector is concerned, but the memory was
not released back to the OS immediatley.  This modification allows the
memory to be released immedately since it won't be needed again until the
next wallet unlock.
2015-03-02 11:55:42 -06:00
Dave Collins
a210a85113 waddrmgr: Update more documentation for walletdb. 2015-02-10 00:17:28 -06:00
Dave Collins
99e4a8f4b3 waddrmgr: Update documentation for walletdb.
This commit updates the documentation which discusses creating and opening
the manager to properly mention the wallet database namespace as well as
another typo.
2015-02-10 00:11:00 -06:00
Dave Collins
b2ebd20d75 Update btcec path import paths to new location. 2015-02-06 11:06:45 -06:00
Josh Rickmar
ad80e9f384 Address several issues pointed out by lint and vet.
This brings the entire tree closer to but not 100% goclean.sh clean.
2015-02-06 01:04:01 -05:00
Dave Collins
4a1067b6f1 Update btcnet path import paths to new location. 2015-02-05 23:58:46 -06:00
Dave Collins
23c9dc423e Update btcwire path import paths to new location. 2015-02-05 15:41:38 -06:00
Josh Rickmar
1b7cd45029 Optimize unlocks for already unlocked addrmgrs.
This is performed by saving the SHA512(salt+passphrase) of the
waddrmgr.Manager private passphrase each time the manager is unlocked.
If another call to Unlock is performed before the next Lock, the hash
is applied to the new input.  If it matches, we know the passphrase is
(likely) equal, so return early and continue using the crypto keys
already in memory.  If it does not match, we know for certain the
passphrase is incorrect and the manager is locked.
2015-01-31 20:34:12 -05:00
Josh Rickmar
79b1839883 waddrmgr: Avoid unnecessarily rederiving keys on unlock.
The slice of keys which must have their private extended keys derived
on unlock was never being removed from and all of these keys were
being rederived unnecessarily on every unlock.  Fix this by re-slicing
the deriveOnUnlock slice to remove the just derived key if the
derivation was successful.
2015-01-31 18:47:08 -05:00
Dave Collins
f05ab25696 Update btcwallet import paths to new location. 2015-01-17 00:25:53 -06:00
Dave Collins
7db8ff3f9a Update btcec import paths to new location. 2015-01-16 18:08:45 -06:00
Dave Collins
a26a65e2e0 Update btcnet import paths to new location. 2015-01-16 17:32:30 -06:00
Dave Collins
283aa28be5 Update btcwire import paths to new location. 2015-01-16 16:03:04 -06:00
Dave Collins
04f692fbbb Update fastsha256 import paths to new location. 2015-01-16 09:11:25 -06:00
Dave Collins
f37b4e84eb Allow main waddrmgr test to run in parallel. 2015-01-15 20:36:09 -06:00
Dave Collins
afeb509c45 Update btcutil import paths to new location. 2015-01-15 10:48:58 -06:00
Guilherme Salgado
24dcd206d2 Implement the deposit side of Voting Pools
This contains the APIs to create and retrieve Voting Pools and Series (with
public/private keys) from a walletdb namespace, plus the generation of deposit
addresses (using m-of-n multi-sig P2SH scripts according to the series
configuration).
2014-11-12 11:41:44 -06:00
Dave Collins
454d290b68 Convert waddrmgr to new walletdb package.
This commit converts the waddrmgr package to use the new walletdb package
semantics.

Since waddrmgr no longer controls the database, it is unable to make a
copy of the database and return it as the old ExportWatchingOnly function
required.  As a result, it has been renamed to ConvertToWatchingOnly and
it now modifies the namespace provided to it.  The idea is that the caller
which does control the database can now make a copy of the database, get
the waddrmgr namespace in the database copy and invoke the new function
to modify it.  This also works well with other packages that might also
need to make modifications for watching-only mode.

In addition, the following changes are made:

- All places that worked with database paths now work with the
  walletdb.Namespace interface
- The managerTx code is replaced to use the walletdb.Tx interface
- The code which checks if the manager already exists is updated to work
  with the walletdb.Namespace interface
- The LatestDbVersion constant is now LatestMgrVersion since it no longer
  controls the database
2014-11-11 15:07:16 -06:00
Dave Collins
3cd0aa011d Cleanup recent encrypt/decrypt test additions.
This commit cleans up the recent test addition for testing the positive
and negative error paths of the Encrypt and Decrypt functions.

In particular:

- Add comments to all new functions
- Close the manager before trying to delete the file which is otherwise in
  use
- Rename the temp prefix since these are not pool tests
- Rename setUp to setupManager to make it a bit more explicit what it's
  doing
2014-11-10 21:39:57 -06:00
Lars Hesel Christensen
b4214fc93c Add tests for new encryption API on the manager
100% coverage on selectCryptoKey, Encrypt, Decrypt.
2014-11-10 21:11:23 -06:00
Dave Collins
e3769bcec6 Add the new ErrInvalidKeyType to the stringer map.
Also add it to the stringer test.
2014-10-31 10:20:58 -05:00
Dave Collins
732ffe4ed1 Address a couple of nits with recent En(De)crypt.
This commit adds comments about the specific crypto key types, moves the
selectCryptoKey function before the Encrypt/Decrypt functions that call it
to be more consistent with the rest of the code base, and slightly
modifies the verbiage of the comment.
2014-10-31 10:09:44 -05:00
Lars Hesel Christensen
7f7f6f33cb Expose functions needed from the voting pool package 2014-10-31 11:28:26 +01:00
Dave Collins
fb7e87b1ef Move new addrmgr Options type and default to top.
Default values near the top of the file is preferrable so they are more
easily spotted.
2014-10-29 02:27:38 -05:00
Lars Hesel Christensen
402fcf0dd0 Make scrypt parameters overridable/optional 2014-10-28 23:46:28 -05:00
Dave Collins
966b6b0ec7 Unexport the cryptoKey type.
The crypto key type unsed in the manager is not needed outside of the
package.  Also, rather than having the newCryptoKey func return the
specific cryptoKey type, make it return the EncryptorDecryptor interface.
This will allow it to be overridden with another type that implements the
interface from the tests.
2014-10-13 16:19:12 -05:00
Guilherme Salgado
85f4856230 Allow injection of crypto keys into the manager.
Useful to test error conditions.

Also provide a new function that wraps snacl.GenerateCryptoKey(),
defined as a variable so that it can be replaced in tests.
2014-10-13 16:19:11 -05:00
Dave Collins
d0938d817f Provide new wallet address manager package.
This commit implements a new secure, scalable, hierarchical deterministic
wallet address manager package.

The following is an overview of features:

- BIP0032 hierarchical deterministic keys
- BIP0043/BIP0044 multi-account hierarchy
- Strong focus on security:
  - Fully encrypted database including public information such as
    addresses as well as private information such as private keys and
    scripts needed to redeem pay-to-script-hash transactions
  - Hardened against memory scraping through the use of actively clearing
    private material from memory when locked
  - Different crypto keys used for public, private, and script data
  - Ability for different passphrases for public and private data
  - Scrypt-based key derivation
  - NaCl-based secretbox cryptography (XSalsa20 and Poly1305)
  - Multi-tier scalable key design to allow instant password changes
    regardless of the number of addresses stored
- Import WIF keys
- Import pay-to-script-hash scripts for things such as multi-signature
  transactions
- Ability to export a watching-only version which does not contain any
  private key material
- Programmatically detectable errors, including encapsulation of errors
  from packages it relies on
- Address synchronization capabilities

This commit only provides the implementation package.  It does not
include integration into to the existing wallet code base or conversion of
existing addresses.  That functionality will be provided by future
commits.
2014-10-13 16:19:09 -05:00