Commit graph

241 commits

Author SHA1 Message Date
Jeff Garzik
bb7d0fc12f Merge pull request #2928 from jgarzik/cnb-txout
CreateNewBlock / getblocktemplate cleaning
2013-08-25 18:49:25 -07:00
Peter Todd
214d45b6b9
Document and test OP_RESERVED weirdness
Seems it was forgotten about when IsPushOnly() and the unittests were
written. A particular oddity is that OP_RESERVED doesn't count towards
the >201 opcode limit unlike every other named opcode.
2013-08-25 12:37:07 -04:00
Jeff Garzik
7e17018995 CreateNewBlock() now takes scriptPubKey argument,
rather than a key.

CreateNewBlockWithKey() helper is added to restore existing functionality,
making this an equivalent-transformation change.
2013-08-24 00:33:46 -04:00
Peter Todd
4eecdcacaf
Add MurmurHash3() unit test
Useful as a source of test vectors to anyone re-implementing bloom
filters.
2013-08-20 07:30:39 -04:00
Gavin Andresen
3f20f82209 Merge pull request #2880 from gavinandresen/test_numequal
More unit tests for OP_NUMEQUAL
2013-08-15 18:53:49 -07:00
Gavin Andresen
a0bb001431 Merge pull request #2886 from gavinandresen/rpctiming
Make RPC password resistant to timing attacks
2013-08-15 18:53:26 -07:00
Gregory Maxwell
47491a90b6 Merge pull request #2131 from sipa/evens
Only create signatures with even S, and verification mode to check.
2013-08-15 18:42:28 -07:00
Gavin Andresen
13d3b1c144 Merge pull request #2829 from sipa/bip32
BIP 32 derivation + test vectors
2013-08-15 16:40:03 -07:00
Pieter Wuille
a81cd96805 Only create signatures with even S, and verification mode to check.
To fix a minor malleability found by Sergio Lerner (reported here:
https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898)

The problem is that if (R,S) is a valid ECDSA signature for a given
message and public key, (R,-S) is also valid. Modulo N (the order
of the secp256k1 curve), this means that both (R,S) and (R,N-S) are
valid. Given that N is odd, S and N-S have a different lowest bit.
We solve the problem by forcing signatures to have an even S value,
excluding one of the alternatives.

This commit just changes the signing code to always produce even S
values, and adds a verification mode to check it. This code is not
enabled anywhere yet. Existing tests in key_tests.cpp verify that
the produced signatures are still valid.
2013-08-16 00:17:50 +02:00
Gavin Andresen
8dc206a1e2 Reject non-canonically-encoded sizes
The length of vectors, maps, sets, etc are serialized using
Write/ReadCompactSize -- which, unfortunately, do not use a
unique encoding.

So deserializing and then re-serializing a transaction (for example)
can give you different bits than you started with. That doesn't
cause any problems that we are aware of, but it is exactly the type
of subtle mismatch that can lead to exploits.

With this pull, reading a non-canonical CompactSize throws an
exception, which means nodes will ignore 'tx' or 'block' or
other messages that are not properly encoded.

Please check my logic... but this change is safe with respect to
causing a network split. Old clients that receive
non-canonically-encoded transactions or blocks deserialize
them into CTransaction/CBlock structures in memory, and then
re-serialize them before relaying them to peers.

And please check my logic with respect to causing a blockchain
split: there are no CompactSize fields in the block header, so
the block hash is always canonical. The merkle root in the block
header is computed on a vector<CTransaction>, so
any non-canonical encoding of the transactions in 'tx' or 'block'
messages is erased as they are read into memory by old clients,
and does not affect the block hash. And, as noted above, old
clients re-serialize (with canonical encoding) 'tx' and 'block'
messages before relaying to peers.
2013-08-09 10:01:35 +10:00
Gavin Andresen
42656ea2e5 Make RPC password resistant to timing attacks
Fixes issue#2838; this is a tweaked version of pull#2845 that
should not leak the length of the password and is more generic,
in case we run into other situations where we need
timing-attack-resistant comparisons.
2013-08-08 19:58:57 +10:00
Gavin Andresen
ddd0e2f616 Merge pull request #2871 from gavinandresen/simplify_maporphan
Simplify storage of orphan transactions, fix CVE-2013-4627
2013-08-06 17:11:48 -07:00
Gavin Andresen
bdd34642dc More unit tests for NUMEQUAL 2013-08-06 16:06:07 +10:00
Gavin Andresen
ae759b3788 Merge pull request #2849 from petertodd/if-else-else
Add unittests for multiple ELSEs in a row
2013-08-05 01:53:57 -07:00
Gavin Andresen
159bc48193 Simplify storage of orphan transactions
Orphan transactions were stored as a CDataStream pointer;
this changes the mapOrphanTransactions data structures to
store orphans as a CTransaction.

This also fixes CVE-2013-4627 by always re-serializing
transactions before relaying them.
2013-08-02 16:10:25 +10:00
Jeff Garzik
d247a5d130 Move internal miner/block creation to separate miner.cpp module.
Public functions referenced elsewhere are added to miner.h.
2013-07-31 09:43:35 -04:00
Peter Todd
aff83e9c02 Add unittests for multiple ELSEs in a row
IF ELSE ELSE ENDIF is a valid construct; execution or non-execution
inverts on each ELSE encountered.
2013-07-23 05:12:38 -04:00
constantined
2ecb7555a9 Switch to using raw_utf8 2013-07-23 04:51:29 +03:00
Pieter Wuille
a59db19ee3 BIP32 test vectors 2013-07-15 01:07:19 +02:00
Jeff Garzik
d598872726 Merge pull request #2743 from jgarzik/reject-reason
Log reason for non-standard transaction rejection
2013-07-10 08:50:49 -07:00
Gregory Maxwell
e5c4dfdfc0 Make the rand tests determinstic. (fixes #2714)
This avoids spurious errors with the old tests but still tests
 enough that if the rng is replaced with a totally broken one
 it should still fail.
2013-07-07 09:54:47 -07:00
Eric Lombrozo
38991ffa8a Pulled CheckBlock out of CBlock. 2013-06-23 19:59:35 -07:00
Pieter Wuille
12dff9801f Add HMAC-SHA512 to hash 2013-06-24 00:56:45 +02:00
Jeff Garzik
980bfe6ef8 Log reason for non-standard transaction rejection 2013-06-23 02:05:25 -04:00
Mike Hearn
0e4b317555 Introduce a CChainParameters singleton class and regtest mode.
The new class is accessed via the Params() method and holds
most things that vary between main, test and regtest networks.
The regtest mode has two purposes, one is to run the
bitcoind/bitcoinj comparison tool which compares two separate
implementations of the Bitcoin protocol looking for divergence.

The other is that when run, you get a local node which can mine
a single block instantly, which is highly convenient for testing
apps during development as there's no need to wait 10 minutes for
a block on the testnet.
2013-06-19 16:28:52 +02:00
Eric Lombrozo
05df3fc68d Removed AcceptToMemoryPool method from CTransaction. This method belongs to the mempool instance.
Removed AreInputsStandard from CTransaction, made it a regular function in main.
Moved CTransaction::GetOutputFor to CCoinsViewCache.

Moved GetLegacySigOpCount and GetP2SHSigOpCount out of CTransaction into regular functions in main.

Moved GetValueIn and HaveInputs from CTransaction into CCoinsViewCache.

Moved AllowFree, ClientCheckInputs, CheckInputs, UpdateCoins, and CheckTransaction out of CTransaction and into main.

Moved IsStandard and IsFinal out of CTransaction and put them in main as IsStandardTx and IsFinalTx. Moved GetValueOut out of CTransaction into main. Moved CTxIn, CTxOut, and CTransaction into core.

Added minimum fee parameter to CTxOut::IsDust() temporarily until CTransaction is moved to core.h so that CTxOut needn't know about CTransaction.
2013-06-05 23:15:20 -07:00
Wladimir J. van der Laan
cd945c3bc9 Merge pull request #2727 from TheBlueMatt/master
One more data-driven test-case
2013-06-03 09:14:58 -07:00
Matt Corallo
14c12b094b Add new data-driven test-case. 2013-06-02 20:51:01 +02:00
Philip Kaufmann
3260b4c090 remove GetBoolArg() fDefault parameter defaulting to false
- explicitly set the default of all GetBoolArg() calls
- rework getarg_test.cpp and util_tests.cpp to cover this change
- some indentation fixes
- move macdockiconhandler.h include in bitcoin.cpp to the "our headers"
  section
2013-06-01 12:53:57 +02:00
Jeff Garzik
e2f42142a0 Merge pull request #2600 from sipa/keyrefactor
Refactor key.cpp/.h
2013-05-30 07:55:25 -07:00
Jeff Garzik
9d01dd7658 Merge pull request #2104 from al42and/listreceivedbyaddress_txids
listreceivedbyaddress now provides tx ids (issue #1149)
2013-05-30 07:42:01 -07:00
Jeff Garzik
af93273799 Merge pull request #2657 from gmaxwell/its_after_may15_forever
It's after 2013-05-15 forever now, so remove the code for the May 15 fork
2013-05-30 07:35:44 -07:00
Pieter Wuille
dfa23b94c2 CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-30 05:20:21 +02:00
Matt Corallo
e175c16f5b Add a few data-driven tests for SIGHASH_ANYONECANPAY 2013-05-21 18:16:43 +02:00
Gregory Maxwell
a824121eb8 It's after 2013-05-15 forever now, so remove the code for the May 15 fork. 2013-05-16 13:34:01 -07:00
Gavin Andresen
8de9bb53af Define dust transaction outputs, and make them non-standard 2013-05-03 10:52:09 -04:00
Gavin Andresen
b8e1dc2e53 Remove flaky util thread unit tests 2013-05-03 10:45:00 -04:00
Gavin Andresen
21eb5adadb Port Thread* methods to boost::thread_group 2013-04-03 19:57:13 -04:00
Gavin Andresen
72f14d26ec LoopForever and ThreadTrace helpers 2013-04-03 19:57:13 -04:00
Gavin Andresen
87b9931bed Fix signed/unsigned comparison warnings 2013-04-03 14:04:21 -04:00
Gavin Andresen
e5f163a041 -alertnotify=<cmd>
Runs a shell command when an AppliesToMe() alert is received.
%s in the <cmd> string is replaced with the alert.strStatusBar
message.
2013-03-19 15:16:30 -04:00
Gavin Andresen
1472308d67 Some unit tests for CAlert 2013-03-19 11:35:04 -04:00
Gavin Andresen
d3e8c6a9d3 Update unit test to match rule enforcement starts 21 March 2013-03-17 22:01:59 -04:00
Gavin Andresen
8c222dca4f CheckBlock rule until 15-May for 10,000 BDB lock compatibility 2013-03-17 21:52:47 -04:00
Peter Todd
091f184190 Test canonical prunable txout format explicitly 2013-03-01 02:41:28 -05:00
Peter Todd
6131d1d9df Add coverage for all invalid ops
0xba thru 0xff
2013-03-01 02:24:08 -05:00
Gregory Maxwell
907a2aa4c7 Internal RNG for approximateBestSubset to prevent degenerate behavior.
This fixes test_bitcoin failures on openbsd reported by dhill on IRC.

  On some systems rand() is a simple LCG over 2^31 and so it produces
an even-odd sequence.  ApproximateBestSubset was only using the least
significant bit and so every run of the iterative solver would be the
same for some inputs, resulting in some pretty dumb decisions.

Using something other than the least significant bit would paper over
the issue but who knows what other way a system's rand() might get us
here.  Instead we use an internal RNG with a period of something like
2^60 which is well behaved.  This also makes it possible to make the
selection deterministic for the tests, if we wanted to implement that.
2013-02-18 14:13:39 -08:00
Pieter Wuille
386037615a Make sure the genesis block is present after reindex 2013-02-01 23:29:59 +01:00
Pieter Wuille
ef3988ca36 CValidationState framework 2013-01-30 03:56:44 +01:00
Gavin Andresen
0e31ae9818 Merge pull request #2060 from sipa/parallel
Parallel script verification
2013-01-17 16:58:58 -08:00
Matt Corallo
e1a4f3778c Add nFlags to CBloomFilter to make filter updating optional. 2013-01-16 14:34:06 -05:00
Matt Corallo
21aaf255ff Use CPartialMerkleTree for CMerkleBlock transactions. 2013-01-16 14:34:06 -05:00
Pieter Wuille
4bedfa9223 Add CPartialMerkleTree
This adds a compact representation for a subset of a merkle tree's
nodes.
2013-01-16 14:34:06 -05:00
Matt Corallo
b1f99bed6f Add a nTweak to bloom filters to tweak the seed. 2013-01-16 12:48:02 -05:00
Matt Corallo
2878c67cb5 Add test cases for CMerkleBlock and CBloomFilter. 2013-01-16 12:48:02 -05:00
Pieter Wuille
45a1ec51b1 Merge pull request #2115 from forrestv/getblocktemplate_allfees
Provide fee data for all txs in RPC getblocktemplate response
2013-01-10 13:09:51 -08:00
Pieter Wuille
f9cae832e6 Parallelize script verification
* During block verification (when parallelism is requested), script
  check actions are stored instead of being executed immediately.
* After every processed transactions, its signature actions are
  pushed to a CScriptCheckQueue, which maintains a queue and some
  synchronization mechanism.
* Two or more threads (if enabled) start processing elements from
  this queue,
* When the block connection code is finished processing transactions,
  it joins the worker pool until the queue is empty.

As cs_main is held the entire time, and all verification must be
finished before the block continues processing, this does not reach
the best possible performance. It is a less drastic change than
some more advanced mechanisms (like doing verification out-of-band
entirely, and rolling back blocks when a failure is detected).

The -par=N flag controls the number of threads (1-16). 0 means auto,
and is the default.
2013-01-08 02:00:59 +01:00
Jeff Garzik
ea9788517b test/util_tests.cpp: one more DateTimeStrFormat 'T' removal 2013-01-01 19:48:28 -05:00
Forrest Voight
03cac0bb8e changed CreateNewBlock to return a CBlockTemplate object, which includes per-tx fee and sigop count data 2012-12-19 16:12:58 -05:00
Andrey
1a20469428 Updated help and tests for getreceivedby(account|address) 2012-12-16 23:10:32 +04:00
Pieter Wuille
33766c9557 Merge pull request #2096 from 94m3k1n9/fix-time-formats
Change timestamps to use ISO8601 formatting
2012-12-13 14:39:57 -08:00
Gavin Andresen
d339da70e5 Merge pull request #1825 from roques/bignum2
Bignum2
2012-12-12 09:23:16 -08:00
Richard Schwab
303b0009dc Change timestamps to use ISO8601 formatting 2012-12-12 16:32:22 +01:00
Pieter Wuille
487db8a2b1 Make test_bitcoin run in a temp datadir 2012-11-29 22:09:16 +01:00
Pieter Wuille
99d0d0f356 Introduce script verification flags
These flags select features to be enabled/disabled during script
evaluation/checking, instead of several booleans passed along.
Currently these flags are defined:
* SCRIPT_VERIFY_P2SH: enable BIP16-style subscript evaluation
* SCRIPT_VERIFY_STRICTENC: enforce strict adherence to pubkey/sig encoding standards.
2012-11-15 23:00:16 +01:00
Pieter Wuille
c7075c4b65 Fix tests after cache tweaks 2012-11-10 00:09:57 +01:00
Pieter Wuille
7fea484674 Add -reindex, to perform in-place reindexing of block chain files
Flushes the blktree/ and coins/ databases, and reindexes the
block chain files, as if their contents was loaded via -loadblock.

Based on earlier work by Jeff Garzik.
2012-11-09 01:06:32 +01:00
Gavin Andresen
03346a61b1 Add redeemScript to listunspent output and signrawtransaction input
signrawtransaction was unable to sign pay-to-script-hash inputs
when given the list of private keys to use. With this commit
you can provide the p2sh redemption script in the list of
inputs.
2012-10-29 13:34:35 -04:00
Gavin Andresen
2d43f88e1f Tests for raw transactions argument checking 2012-10-29 13:34:35 -04:00
Gavin Andresen
c4d884e20e No need for test fixture now that multisig is enabled on main network. 2012-10-29 13:34:35 -04:00
Philip Kaufmann
729b180686 change blockchain -> block chain (spelling)
- Wiki says "block chain" is correct ;)
- remove some unneeded spaces I found in the source, while fixing the spelling
2012-10-21 21:32:25 +02:00
Pieter Wuille
4ca60bba5c Remove BDB block database support 2012-10-20 23:08:57 +02:00
Pieter Wuille
e1bfbab802 Add LevelDB MemEnv support
Support LevelDB memory-backed environments, and use them in unit tests.
2012-10-20 23:08:57 +02:00
Pieter Wuille
d979e6e36a Use singleton block tree database instance 2012-10-20 23:08:57 +02:00
Pieter Wuille
13c51f20f6 Direct CCoins references
To prevent excessive copying of CCoins in and out of the CCoinsView
implementations, introduce a GetCoins() function in CCoinsViewCache
with returns a direct reference. The block validation and connection
logic is updated to require caching CCoinsViews, and exploits the
GetCoins() function heavily.
2012-10-20 23:08:57 +02:00
Pieter Wuille
450cbb0944 Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.

The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.

The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.

The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.

For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-10-20 23:08:57 +02:00
Pieter Wuille
0fa593d0fb Compact serialization for amounts
Special serializer/deserializer for amount values. It is optimized for
values which have few non-zero digits in decimal representation. Most
amounts currently in the txout set take only 1 or 2 bytes to
represent.
2012-10-20 23:08:56 +02:00
Pieter Wuille
4d6144f97f Compact serialization for variable-length integers
Variable-length integers: bytes are a MSB base-128 encoding of the number.
The high bit in each byte signifies whether another digit follows. To make
the encoding is one-to-one, one is subtracted from all but the last digit.
Thus, the byte sequence a[] with length len, where all but the last byte
has bit 128 set, encodes the number:

  (a[len-1] & 0x7F) + sum(i=1..len-1, 128^i*((a[len-i-1] & 0x7F)+1))

Properties:
* Very small (0-127: 1 byte, 128-16511: 2 bytes, 16512-2113663: 3 bytes)
* Every integer has exactly one encoding
* Encoding does not depend on size of original integer type
2012-10-20 23:08:56 +02:00
Jeff Garzik
dee0ee2ac9 Merge pull request #1742 from sipa/canonical
Check for canonical public keys and signatures
2012-10-20 10:56:04 -07:00
Wladimir J. van der Laan
d6b13283d1 data-driven base58 CBitcoinAddress/CBitcoinSecret tests
Arbitrary numbers of test vectors can be generated using the script
`gen_base58_test_vectors.py`.
2012-10-01 04:57:26 +02:00
Pieter Wuille
58bc86e37f Check for canonical public keys and signatures
Only enabled inside tests for now.
2012-09-21 01:24:25 +02:00
Gavin Andresen
6cbae37667 Merge branch 'testdata' of git://github.com/TheBlueMatt/bitcoin 2012-09-18 19:22:40 -04:00
Gavin Andresen
a0971337d0 Merge branch 'refactor_times' of git://github.com/luke-jr/bitcoin 2012-09-18 10:59:31 -04:00
Christian von Roques
6f0cecfc47 tests for SetCompact and GetCompact of CBigNum 2012-09-15 19:08:50 +02:00
Luke Dashjr
da7b8c1260 Bugfix: Initialize CWallet::nOrderPosNext on an empty wallet, and save it in db 2012-09-08 04:55:36 +00:00
xanatos
af8c050bff Wrong address added to collection in test
The wrong address is added to the collection. As was written a second copy of address1 was added (and so address2 was useless).
2012-09-07 16:04:39 +03:00
Matt Corallo
65786afb05 Add various tests for CTransaction::CheckTransaction() 2012-09-05 22:33:59 -04:00
Matt Corallo
1fcebc16c5 check tx.CheckTransaction for data-driven tx tests.
(and change so that only one case has to fail to make a tx_invalid
test correct)
2012-09-05 22:33:59 -04:00
Pieter Wuille
af1c6b93b7 Merge pull request #1699 from laanwj/2012_08_securealloc
Handle locked pages more robustly (Fixes issue #1462)
2012-08-24 04:38:57 -07:00
Luke Dashjr
9c7722b7c5 Store a fixed order of transactions (and accounting) in the wallet
For backward compatibility, new accounting data is stored after a \0 in the comment string.
This way, old versions and third-party software should load and store them, but all actual use (listtransactions, for example) ignores it.
2012-08-23 18:18:20 +00:00
Wladimir J. van der Laan
e95568b78d Handle locked pages more robustly (Fixes issue #1462)
Memory locks do not stack, that is, pages which have been locked several times by calls to mlock()
will be unlocked by a single call to munlock(). This can result in keying material ending up in swap when
those functions are used naively. In this commit a class "LockedPageManager" is added
that simulates stacking memory locks by keeping a counter per page.
2012-08-23 06:55:35 +02:00
Gavin Andresen
f39ab4c8d0 Merge branch 'testdata' of git://github.com/TheBlueMatt/bitcoin 2012-08-21 13:58:24 -04:00
Pieter Wuille
143acc7672 Merge pull request #1687 from gavinandresen/quietunit
Suppress output when running unit tests.
2012-08-21 07:07:51 -07:00
Matt Corallo
fc4743faa8 Add data-driven transaction tests. 2012-08-20 12:12:41 -04:00
Matt Corallo
336a0abbbb Add a few test cases to data-driven script tests. 2012-08-20 12:12:41 -04:00
Gavin Andresen
4d51be1cf3 Suppress output when running unit tests.
This does two things:
1) Now does not output to debug.log if -printtodebugger flag is passed
2) Unit tests set -printtodebugger so only test results are output to stdout

Note that -printtodebugger only actually prints to the debugger on Windows.
2012-08-20 11:33:20 -04:00
Gavin Andresen
3fcec0d4a0 Set block.nVersion to fix miner unit test 2012-08-20 10:46:07 -04:00
Matt Corallo
8555a3e3cc Remove useless non-cross-platform tests. 2012-08-17 12:40:09 -04:00
Philip Kaufmann
efdcf94174 fix further spelling errors / remove a tab in the source 2012-08-02 10:09:29 +02:00
Luke Dashjr
3c726dd3c0 Bugfix: Use standard BTC unit in comments 2012-08-01 17:49:57 +00:00