Commit graph

30 commits

Author SHA1 Message Date
Cory Fields
a354a59f1f wallet: move crypter to wallet 2015-03-22 15:18:55 -04:00
Cory Fields
1630219d90 openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
2015-02-15 11:34:02 -05:00
Wladimir J. van der Laan
93b7544501
Merge pull request #5319
35f7227 Clean up wallet encryption code. (Daniel Kraft)
2015-02-04 13:56:57 +01:00
sandakersmann
f914f1a746
Added "Core" to copyright headers
Github-Pull: #5494
Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60
2014-12-19 19:55:32 +01:00
Michael Ford
78253fcbad Remove references to X11 licence 2014-12-16 15:56:50 +08:00
Daniel Kraft
35f7227a86 Clean up wallet encryption code.
Add a new method DecryptKey in crypter.cpp, that combines the logic for
decrypting, initialising and validating a CKey object.  This was
previously duplicated.
2014-12-04 21:37:26 +01:00
Cory Fields
066e2a1403 script: move CScriptID to standard.h and add a ctor for creating them from CScripts
This allows for a reversal of the current behavior.

This:
CScript foo;
CScriptID bar(foo.GetID());

Becomes:
CScript foo;
CScriptID bar(foo);

This way, CScript is no longer dependent on CScriptID or Hash();
2014-10-17 13:44:14 -04:00
Pieter Wuille
dc54e9db98
Merge pull request #4825
8d657a6 Fixing compiler warning C4800: 'type' forcing value to bool 'true' or 'false' (ENikS)
2014-09-16 04:47:55 +02:00
jtimon
cbd22a50c4 Move CScript class and dependencies to script/script 2014-09-08 20:19:31 +02:00
jtimon
86dbeea2cd Rename script.h/.cpp to scriptutils.h/.cpp (plus remove duplicated includes) 2014-09-08 20:19:31 +02:00
ENikS
8d657a6517 Fixing compiler warning C4800: 'type' forcing value to bool 'true' or 'false' 2014-09-06 15:59:59 -04:00
Wladimir J. van der Laan
ad49c256c3 Split up util.cpp/h
Split up util.cpp/h into:

- string utilities (hex, base32, base64): no internal dependencies, no dependency on boost (apart from foreach)
- money utilities (parsesmoney, formatmoney)
- time utilities (gettime*, sleep, format date):
- and the rest (logging, argument parsing, config file parsing)

The latter is basically the environment and OS handling,
and is stripped of all utility functions, so we may want to
rename it to something else than util.cpp/h for clarity (Matt suggested
osinterface).

Breaks dependency of sha256.cpp on all the things pulled in by util.
2014-08-26 13:25:22 +02:00
Matt Corallo
a35b55b522 Dont run full check every time we decrypt wallet. 2014-08-10 18:36:07 -07:00
Gregory Maxwell
1e21c17d20 Make CCryptoKeyStore::Unlock check all keys.
CCryptoKeyStore::Unlock has a loop to attempt decrypting each key which
 only executes once, likely due to a simple mistake when the code was
 originally written.

This patch fixes the behavior by making it check all keys. It also adds
 a fatal assertion in the case some decrypt but some do not, since that
 indicates that the wallet is in some kind of really bad state.

This may make unlocking noticeably slower on wallets with many keys.
2014-08-10 18:36:06 -07:00
Wladimir J. van der Laan
829c920387 Move CCryptoKeyStore to crypter.cpp
This breaks the dependency on crypter for disable-wallet builds.
2013-12-04 12:46:13 +01:00
Brandon Dahler
51ed9ec971 Cleanup code using forward declarations.
Use misc methods of avoiding unnecesary header includes.
Replace int typedefs with int##_t from stdint.h.
Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h.
Normalize QT_VERSION ifs where possible.
Resolve some indirect dependencies as direct ones.
Remove extern declarations from .cpp files.
2013-11-10 09:36:28 -06:00
super3
db0e8ccd90 Bump Year Number to 2013 2013-10-20 15:25:06 -04:00
Philip Kaufmann
852605d8d1 remove windows.h from crypter.cpp includes
- remove an unneeded windows.h include (comes from allocators.h, which is
  included in crypter.h)
2013-07-24 22:35:44 +02:00
Pieter Wuille
dfa23b94c2 CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-30 05:20:21 +02:00
Philip Kaufmann
0f8a647782 don't use memset() in privacy/security relevant code parts
As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.

For details see: http://www.viva64.com/en/b/0178/

- change memset() to OPENSSL_cleanse() where appropriate
- change a hard-coded number from netbase.cpp into a sizeof()
2012-11-09 12:53:53 +01:00
Wladimir J. van der Laan
0b886ad1bd Make CCrypter use LockedPageManager to manage locked pages
Replace direct calls to mlock.

Also, change the class to lock the memory areas in the constructor and unlock them again in the destructor. This makes sure that locked pages won't leak.
2012-08-23 06:55:35 +02:00
Luke Dashjr
814efd6f1f Bugfix: Fix a variety of misspellings 2012-08-01 17:49:51 +00:00
Pieter Wuille
6b6aaa1698 Further reduce header dependencies
This commit removes the dependency of serialize.h on PROTOCOL_VERSION,
and makes this parameter required instead of implicit. This is much saner,
as it makes the places where changing a version number can have an
influence obvious.
2012-04-17 20:03:42 +02:00
Pieter Wuille
ed6d0b5f85 Remove headers.h 2012-04-17 20:00:55 +02:00
Jeff Garzik
9fb89c26f3 Fix misc. minor sign-comparison warnings 2012-04-15 17:00:20 -04:00
Pieter Wuille
e5c027b49b Verify status of encrypt/decrypt calls to detect failed padding 2012-04-05 02:07:53 +02:00
Gavin Andresen
882164196e Update all copyrights to 2012 2012-02-07 11:28:30 -05:00
Dylan Noblesmith
94f778bdeb Implement an mlock()'d string class for storing passphrases
SecureString is identical to std::string except with secure_allocator
substituting for std::allocator. This makes casting between them
impossible, so converting between the two at API boundaries requires
calling ::c_str() for now.
2011-11-26 06:02:04 +00:00
Gavin Andresen
6853e627f1 Fix build on windows and mac
Replaced all occurrences of #if* __WXMSW__ with WIN32,
and all occurrences of __WXMAC_OSX__ with MAC_OSX, and made
sure those are defined appropriately in the makefile and bitcoin-qt.pro.
2011-10-07 11:02:21 -04:00
Matt Corallo
4e87d341f7 Add wallet privkey encryption.
This commit adds support for ckeys, or enCrypted private keys, to the wallet.
All keys are stored in memory in their encrypted form and thus the passphrase
is required from the user to spend coins, or to create new addresses.

Keys are encrypted with AES-256-CBC using OpenSSL's EVP library. The key is
calculated via EVP_BytesToKey using SHA512 with (by default) 25000 rounds and
a random salt.

By default, the user's wallet remains unencrypted until they call the RPC
command encryptwallet <passphrase> or, from the GUI menu, Options->
Encrypt Wallet.

When the user is attempting to call RPC functions which require the password
to unlock the wallet, an error will be returned unless they call
walletpassphrase <passphrase> <time to keep key in memory> first.

A keypoolrefill command has been added which tops up the users keypool
(requiring the passphrase via walletpassphrase first).
keypoolsize has been added to the output of getinfo to show the user the
number of keys left before they need to specify their passphrase (and call
keypoolrefill).

Note that walletpassphrase will automatically fill keypool in a separate
thread which it spawns when the passphrase is set. This could cause some
delays in other threads waiting for locks on the wallet passphrase, including
one which could cause the passphrase to be stored longer than expected,
however it will not allow the passphrase to be used longer than expected as
ThreadCleanWalletPassphrase will attempt to get a lock on the key as soon
as the specified lock time has arrived.

When the keypool runs out (and wallet is locked) GetOrReuseKeyFromPool
returns vchDefaultKey, meaning miners may start to generate many blocks to
vchDefaultKey instead of a new key each time.

A walletpassphrasechange <oldpassphrase> <newpassphrase> has been added to
allow the user to change their password via RPC.

Whenever keying material (unencrypted private keys, the user's passphrase,
the wallet's AES key) is stored unencrypted in memory, any reasonable attempt
is made to mlock/VirtualLock that memory before storing the keying material.
This is not true in several (commented) cases where mlock/VirtualLocking the
memory is not possible.

Although encryption of private keys in memory can be very useful on desktop
systems (as some small amount of protection against stupid viruses), on an
RPC server, the password is entered fairly insecurely. Thus, the only main
advantage encryption has for RPC servers is for RPC servers that do not spend
coins, except in rare cases, eg. a webserver of a merchant which only receives
payment except for cases of manual intervention.

Thanks to jgarzik for the original patch and sipa, gmaxwell and many others
for all their input.

Conflicts:

	src/wallet.cpp
2011-07-13 02:11:25 +02:00