From 42ec5585424ceb91bed07826dde15697c020661a Mon Sep 17 00:00:00 2001 From: Gleb Naumenko Date: Tue, 11 Aug 2020 10:42:26 +0300 Subject: [PATCH 01/18] Justify the choice of ADDR cache lifetime --- src/net.cpp | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/net.cpp b/src/net.cpp index 883e57bdf0..7841965f60 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -2545,6 +2545,31 @@ std::vector CConnman::GetAddresses(Network requestor_network, size_t m if (m_addr_response_caches.find(requestor_network) == m_addr_response_caches.end() || m_addr_response_caches[requestor_network].m_update_addr_response < current_time) { m_addr_response_caches[requestor_network].m_addrs_response_cache = GetAddresses(max_addresses, max_pct); + + // Choosing a proper cache lifetime is a trade-off between the privacy leak minimization + // and the usefulness of ADDR responses to honest users. + // + // Longer cache lifetime makes it more difficult for an attacker to scrape + // enough AddrMan data to maliciously infer something useful. + // By the time an attacker scraped enough AddrMan records, most of + // the records should be old enough to not leak topology info by + // e.g. analyzing real-time changes in timestamps. + // + // It takes only several hundred requests to scrape everything from an AddrMan containing 100,000 nodes, + // so ~24 hours of cache lifetime indeed makes the data less inferable by the time + // most of it could be scraped (considering that timestamps are updated via + // ADDR self-announcements and when nodes communicate). + // We also should be robust to those attacks which may not require scraping *full* victim's AddrMan + // (because even several timestamps of the same handful of nodes may leak privacy). + // + // On the other hand, longer cache lifetime makes ADDR responses + // outdated and less useful for an honest requestor, e.g. if most nodes + // in the ADDR response are no longer active. + // + // However, the churn in the network is known to be rather low. Since we consider + // nodes to be "terrible" (see IsTerrible()) if the timestamps are older than 30 days, + // max. 24 hours of "penalty" due to cache shouldn't make any meaningful difference + // in terms of the freshness of the response. m_addr_response_caches[requestor_network].m_update_addr_response = current_time + std::chrono::hours(21) + GetRandMillis(std::chrono::hours(6)); } return m_addr_response_caches[requestor_network].m_addrs_response_cache; From 81b00f87800f40cb14f2131ff27668bd2bb9e551 Mon Sep 17 00:00:00 2001 From: Gleb Naumenko Date: Tue, 11 Aug 2020 12:41:26 +0300 Subject: [PATCH 02/18] Add indexing ADDR cache by local socket addr --- src/net.cpp | 20 ++++++++++++++------ src/net.h | 12 ++++++++---- src/net_processing.cpp | 2 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index 7841965f60..e43b480612 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -94,6 +94,7 @@ const std::string NET_MESSAGE_COMMAND_OTHER = "*other*"; static const uint64_t RANDOMIZER_ID_NETGROUP = 0x6c0edd8036ef4036ULL; // SHA256("netgroup")[0:8] static const uint64_t RANDOMIZER_ID_LOCALHOSTNONCE = 0xd93e69e2bbfa5735ULL; // SHA256("localhostnonce")[0:8] +static const uint64_t RANDOMIZER_ID_ADDRCACHE = 0x1cf2e4ddd306dda9ULL; // SHA256("addrcache")[0:8] // // Global state variables // @@ -2539,12 +2540,19 @@ std::vector CConnman::GetAddresses(size_t max_addresses, size_t max_pc return addresses; } -std::vector CConnman::GetAddresses(Network requestor_network, size_t max_addresses, size_t max_pct) +std::vector CConnman::GetAddresses(CNode& requestor, size_t max_addresses, size_t max_pct) { + SOCKET socket; + WITH_LOCK(requestor.cs_hSocket, socket = requestor.hSocket); + auto local_socket_bytes = GetBindAddress(socket).GetAddrBytes(); + uint64_t cache_id = GetDeterministicRandomizer(RANDOMIZER_ID_ADDRCACHE) + .Write(requestor.addr.GetNetwork()) + .Write(local_socket_bytes.data(), local_socket_bytes.size()) + .Finalize(); const auto current_time = GetTime(); - if (m_addr_response_caches.find(requestor_network) == m_addr_response_caches.end() || - m_addr_response_caches[requestor_network].m_update_addr_response < current_time) { - m_addr_response_caches[requestor_network].m_addrs_response_cache = GetAddresses(max_addresses, max_pct); + if (m_addr_response_caches.find(cache_id) == m_addr_response_caches.end() || + m_addr_response_caches[cache_id].m_update_addr_response < current_time) { + m_addr_response_caches[cache_id].m_addrs_response_cache = GetAddresses(max_addresses, max_pct); // Choosing a proper cache lifetime is a trade-off between the privacy leak minimization // and the usefulness of ADDR responses to honest users. @@ -2570,9 +2578,9 @@ std::vector CConnman::GetAddresses(Network requestor_network, size_t m // nodes to be "terrible" (see IsTerrible()) if the timestamps are older than 30 days, // max. 24 hours of "penalty" due to cache shouldn't make any meaningful difference // in terms of the freshness of the response. - m_addr_response_caches[requestor_network].m_update_addr_response = current_time + std::chrono::hours(21) + GetRandMillis(std::chrono::hours(6)); + m_addr_response_caches[cache_id].m_update_addr_response = current_time + std::chrono::hours(21) + GetRandMillis(std::chrono::hours(6)); } - return m_addr_response_caches[requestor_network].m_addrs_response_cache; + return m_addr_response_caches[cache_id].m_addrs_response_cache; } bool CConnman::AddNode(const std::string& strNode) diff --git a/src/net.h b/src/net.h index c72eada3ff..c9ab579eb2 100644 --- a/src/net.h +++ b/src/net.h @@ -269,7 +269,7 @@ class CConnman * A non-malicious call (from RPC or a peer with addr permission) should * call the function without a parameter to avoid using the cache. */ - std::vector GetAddresses(Network requestor_network, size_t max_addresses, size_t max_pct); + std::vector GetAddresses(CNode& requestor, size_t max_addresses, size_t max_pct); // This allows temporarily exceeding m_max_outbound_full_relay, with the goal of finding // a peer that is better than all our current peers. @@ -447,15 +447,19 @@ class CConnman /** * Addr responses stored in different caches - * per network prevent cross-network node identification. + * per (network, local socket) prevent cross-network node identification. * If a node for example is multi-homed under Tor and IPv6, * a single cache (or no cache at all) would let an attacker * to easily detect that it is the same node by comparing responses. + * Indexing by local socket prevents leakage when a node has multiple + * listening addresses on the same network. + * * The used memory equals to 1000 CAddress records (or around 32 bytes) per * distinct Network (up to 5) we have/had an inbound peer from, - * resulting in at most ~160 KB. + * resulting in at most ~160 KB. Every separate local socket may + * add up to ~160 KB extra. */ - std::map m_addr_response_caches; + std::map m_addr_response_caches; /** * Services this instance offers. diff --git a/src/net_processing.cpp b/src/net_processing.cpp index 60bdfbe9f5..bf359a0d68 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -3516,7 +3516,7 @@ void PeerLogicValidation::ProcessMessage(CNode& pfrom, const std::string& msg_ty if (pfrom.HasPermission(PF_ADDR)) { vAddr = m_connman.GetAddresses(MAX_ADDR_TO_SEND, MAX_PCT_ADDR_TO_SEND); } else { - vAddr = m_connman.GetAddresses(pfrom.addr.GetNetwork(), MAX_ADDR_TO_SEND, MAX_PCT_ADDR_TO_SEND); + vAddr = m_connman.GetAddresses(pfrom, MAX_ADDR_TO_SEND, MAX_PCT_ADDR_TO_SEND); } FastRandomContext insecure_rand; for (const CAddress &addr : vAddr) { From 83ad65f31b5c9441ae1618614082e584854a14e1 Mon Sep 17 00:00:00 2001 From: Gleb Naumenko Date: Tue, 11 Aug 2020 13:39:56 +0300 Subject: [PATCH 03/18] Address nits in ADDR caching --- src/net.cpp | 12 ++++++------ src/net.h | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index e43b480612..8ac45dbcb5 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -2550,10 +2550,10 @@ std::vector CConnman::GetAddresses(CNode& requestor, size_t max_addres .Write(local_socket_bytes.data(), local_socket_bytes.size()) .Finalize(); const auto current_time = GetTime(); - if (m_addr_response_caches.find(cache_id) == m_addr_response_caches.end() || - m_addr_response_caches[cache_id].m_update_addr_response < current_time) { - m_addr_response_caches[cache_id].m_addrs_response_cache = GetAddresses(max_addresses, max_pct); - + auto r = m_addr_response_caches.emplace(cache_id, CachedAddrResponse{}); + CachedAddrResponse& cache_entry = r.first->second; + if (cache_entry.m_cache_entry_expiration < current_time) { // If emplace() added new one it has expiration 0. + cache_entry.m_addrs_response_cache = GetAddresses(max_addresses, max_pct); // Choosing a proper cache lifetime is a trade-off between the privacy leak minimization // and the usefulness of ADDR responses to honest users. // @@ -2578,9 +2578,9 @@ std::vector CConnman::GetAddresses(CNode& requestor, size_t max_addres // nodes to be "terrible" (see IsTerrible()) if the timestamps are older than 30 days, // max. 24 hours of "penalty" due to cache shouldn't make any meaningful difference // in terms of the freshness of the response. - m_addr_response_caches[cache_id].m_update_addr_response = current_time + std::chrono::hours(21) + GetRandMillis(std::chrono::hours(6)); + cache_entry.m_cache_entry_expiration = current_time + std::chrono::hours(21) + GetRandMillis(std::chrono::hours(6)); } - return m_addr_response_caches[cache_id].m_addrs_response_cache; + return cache_entry.m_addrs_response_cache; } bool CConnman::AddNode(const std::string& strNode) diff --git a/src/net.h b/src/net.h index c9ab579eb2..21faea591a 100644 --- a/src/net.h +++ b/src/net.h @@ -442,7 +442,7 @@ class CConnman */ struct CachedAddrResponse { std::vector m_addrs_response_cache; - std::chrono::microseconds m_update_addr_response{0}; + std::chrono::microseconds m_cache_entry_expiration{0}; }; /** @@ -454,10 +454,10 @@ class CConnman * Indexing by local socket prevents leakage when a node has multiple * listening addresses on the same network. * - * The used memory equals to 1000 CAddress records (or around 32 bytes) per + * The used memory equals to 1000 CAddress records (or around 40 bytes) per * distinct Network (up to 5) we have/had an inbound peer from, - * resulting in at most ~160 KB. Every separate local socket may - * add up to ~160 KB extra. + * resulting in at most ~196 KB. Every separate local socket may + * add up to ~196 KB extra. */ std::map m_addr_response_caches; From 0d04784af151de249bbbcbad51e6e8ad9af8f5a3 Mon Sep 17 00:00:00 2001 From: Gleb Naumenko Date: Sun, 23 Aug 2020 17:31:45 +0300 Subject: [PATCH 04/18] Refactor the functional test --- test/functional/p2p_getaddr_caching.py | 47 ++++++++------------------ 1 file changed, 14 insertions(+), 33 deletions(-) diff --git a/test/functional/p2p_getaddr_caching.py b/test/functional/p2p_getaddr_caching.py index 6622ea9ec2..2b75ad5175 100755 --- a/test/functional/p2p_getaddr_caching.py +++ b/test/functional/p2p_getaddr_caching.py @@ -5,13 +5,8 @@ """Test addr response caching""" import time -from test_framework.messages import ( - CAddress, - NODE_NETWORK, - NODE_WITNESS, - msg_addr, - msg_getaddr, -) + +from test_framework.messages import msg_getaddr from test_framework.p2p import ( P2PInterface, p2p_lock @@ -21,21 +16,9 @@ assert_equal, ) +# As defined in net_processing. MAX_ADDR_TO_SEND = 1000 - -def gen_addrs(n): - addrs = [] - for i in range(n): - addr = CAddress() - addr.time = int(time.time()) - addr.nServices = NODE_NETWORK | NODE_WITNESS - # Use first octets to occupy different AddrMan buckets - first_octet = i >> 8 - second_octet = i % 256 - addr.ip = "{}.{}.1.1".format(first_octet, second_octet) - addr.port = 8333 - addrs.append(addr) - return addrs +MAX_PCT_ADDR_TO_SEND = 23 class AddrReceiver(P2PInterface): @@ -62,18 +45,16 @@ def set_test_params(self): self.num_nodes = 1 def run_test(self): - self.log.info('Create connection that sends and requests addr messages') - addr_source = self.nodes[0].add_p2p_connection(P2PInterface()) - - msg_send_addrs = msg_addr() self.log.info('Fill peer AddrMan with a lot of records') - # Since these addrs are sent from the same source, not all of them will be stored, - # because we allocate a limited number of AddrMan buckets per addr source. - total_addrs = 10000 - addrs = gen_addrs(total_addrs) - for i in range(int(total_addrs/MAX_ADDR_TO_SEND)): - msg_send_addrs.addrs = addrs[i * MAX_ADDR_TO_SEND:(i + 1) * MAX_ADDR_TO_SEND] - addr_source.send_and_ping(msg_send_addrs) + for i in range(10000): + first_octet = i >> 8 + second_octet = i % 256 + a = "{}.{}.1.1".format(first_octet, second_octet) + self.nodes[0].addpeeraddress(a, 8333) + + # Need to make sure we hit MAX_ADDR_TO_SEND records in the addr response later because + # only a fraction of all known addresses can be cached and returned. + assert(len(self.nodes[0].getnodeaddresses(0)) > int(MAX_ADDR_TO_SEND / (MAX_PCT_ADDR_TO_SEND / 100))) responses = [] self.log.info('Send many addr requests within short time to receive same response') @@ -89,7 +70,7 @@ def run_test(self): responses.append(addr_receiver.get_received_addrs()) for response in responses[1:]: assert_equal(response, responses[0]) - assert(len(response) < MAX_ADDR_TO_SEND) + assert(len(response) == MAX_ADDR_TO_SEND) cur_mock_time += 3 * 24 * 60 * 60 self.nodes[0].setmocktime(cur_mock_time) From e9a6d8b13b0558b17cdafbd32fd2663b4138ff11 Mon Sep 17 00:00:00 2001 From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Date: Fri, 5 Jun 2020 10:22:53 +0300 Subject: [PATCH 05/18] p2p: Unify Send and Receive protocol versions There is no change in behavior on the P2P network. --- src/net.cpp | 26 ----------------------- src/net.h | 13 +++++------- src/net_processing.cpp | 34 +++++++++++++++--------------- src/test/denialofservice_tests.cpp | 10 ++++----- src/test/fuzz/net.cpp | 25 +++++++++------------- src/test/fuzz/process_message.cpp | 2 +- src/test/fuzz/process_messages.cpp | 2 +- 7 files changed, 39 insertions(+), 73 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index e35d05cec0..84f1f9f068 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -621,32 +621,6 @@ bool CNode::ReceiveMsgBytes(const char *pch, unsigned int nBytes, bool& complete return true; } -void CNode::SetSendVersion(int nVersionIn) -{ - // Send version may only be changed in the version message, and - // only one version message is allowed per session. We can therefore - // treat this value as const and even atomic as long as it's only used - // once a version message has been successfully processed. Any attempt to - // set this twice is an error. - if (nSendVersion != 0) { - error("Send version already set for node: %i. Refusing to change from %i to %i", id, nSendVersion, nVersionIn); - } else { - nSendVersion = nVersionIn; - } -} - -int CNode::GetSendVersion() const -{ - // The send version should always be explicitly set to - // INIT_PROTO_VERSION rather than using this value until SetSendVersion - // has been called. - if (nSendVersion == 0) { - error("Requesting unset send version for node: %i. Using %i", id, INIT_PROTO_VERSION); - return INIT_PROTO_VERSION; - } - return nSendVersion; -} - int V1TransportDeserializer::readHeader(const char *pch, unsigned int nBytes) { // copy data to temporary parsing buffer diff --git a/src/net.h b/src/net.h index 60c3dc6aef..021abb5982 100644 --- a/src/net.h +++ b/src/net.h @@ -827,7 +827,6 @@ class CNode std::deque vRecvGetData; uint64_t nRecvBytes GUARDED_BY(cs_vRecv){0}; - std::atomic nRecvVersion{INIT_PROTO_VERSION}; std::atomic nLastSend{0}; std::atomic nLastRecv{0}; @@ -1014,6 +1013,7 @@ class CNode const NodeId id; const uint64_t nLocalHostNonce; const ConnectionType m_conn_type; + std::atomic m_greatest_common_version{INIT_PROTO_VERSION}; //! Services offered to this peer. //! @@ -1033,7 +1033,6 @@ class CNode const ServiceFlags nLocalServices; const int nMyStartingHeight; - int nSendVersion{0}; NetPermissionFlags m_permissionFlags{ PF_NONE }; std::list vRecvMsg; // Used only by SocketHandler thread @@ -1065,16 +1064,14 @@ class CNode bool ReceiveMsgBytes(const char *pch, unsigned int nBytes, bool& complete); - void SetRecvVersion(int nVersionIn) + void SetCommonVersion(int greatest_common_version) { - nRecvVersion = nVersionIn; + m_greatest_common_version = greatest_common_version; } - int GetRecvVersion() const + int GetCommonVersion() const { - return nRecvVersion; + return m_greatest_common_version; } - void SetSendVersion(int nVersionIn); - int GetSendVersion() const; CService GetAddrLocal() const; //! May not be called more than once diff --git a/src/net_processing.cpp b/src/net_processing.cpp index 05f5188266..e75fe59f08 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -669,12 +669,12 @@ static void MaybeSetPeerAsAnnouncingHeaderAndIDs(NodeId nodeid, CConnman& connma // As per BIP152, we only get 3 of our peers to announce // blocks using compact encodings. connman.ForNode(lNodesAnnouncingHeaderAndIDs.front(), [&connman, nCMPCTBLOCKVersion](CNode* pnodeStop){ - connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetSendVersion()).Make(NetMsgType::SENDCMPCT, /*fAnnounceUsingCMPCTBLOCK=*/false, nCMPCTBLOCKVersion)); + connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetCommonVersion()).Make(NetMsgType::SENDCMPCT, /*fAnnounceUsingCMPCTBLOCK=*/false, nCMPCTBLOCKVersion)); return true; }); lNodesAnnouncingHeaderAndIDs.pop_front(); } - connman.PushMessage(pfrom, CNetMsgMaker(pfrom->GetSendVersion()).Make(NetMsgType::SENDCMPCT, /*fAnnounceUsingCMPCTBLOCK=*/true, nCMPCTBLOCKVersion)); + connman.PushMessage(pfrom, CNetMsgMaker(pfrom->GetCommonVersion()).Make(NetMsgType::SENDCMPCT, /*fAnnounceUsingCMPCTBLOCK=*/true, nCMPCTBLOCKVersion)); lNodesAnnouncingHeaderAndIDs.push_back(pfrom->GetId()); return true; }); @@ -1585,7 +1585,7 @@ void static ProcessGetBlockData(CNode& pfrom, const CChainParams& chainparams, c LogPrint(BCLog::NET, "%s: ignoring request from peer=%i for old block that isn't in the main chain\n", __func__, pfrom.GetId()); } } - const CNetMsgMaker msgMaker(pfrom.GetSendVersion()); + const CNetMsgMaker msgMaker(pfrom.GetCommonVersion()); // disconnect node in case we have reached the outbound limit for serving historical blocks if (send && connman.OutboundTargetReached(true) && @@ -1728,7 +1728,7 @@ void static ProcessGetData(CNode& pfrom, const CChainParams& chainparams, CConnm std::deque::iterator it = pfrom.vRecvGetData.begin(); std::vector vNotFound; - const CNetMsgMaker msgMaker(pfrom.GetSendVersion()); + const CNetMsgMaker msgMaker(pfrom.GetCommonVersion()); const std::chrono::seconds now = GetTime(); // Get last mempool request time @@ -1834,14 +1834,14 @@ void PeerManager::SendBlockTransactions(CNode& pfrom, const CBlock& block, const resp.txn[i] = block.vtx[req.indexes[i]]; } LOCK(cs_main); - const CNetMsgMaker msgMaker(pfrom.GetSendVersion()); + const CNetMsgMaker msgMaker(pfrom.GetCommonVersion()); int nSendFlags = State(pfrom.GetId())->fWantsCmpctWitness ? 0 : SERIALIZE_TRANSACTION_NO_WITNESS; m_connman.PushMessage(&pfrom, msgMaker.Make(nSendFlags, NetMsgType::BLOCKTXN, resp)); } void PeerManager::ProcessHeadersMessage(CNode& pfrom, const std::vector& headers, bool via_compact_block) { - const CNetMsgMaker msgMaker(pfrom.GetSendVersion()); + const CNetMsgMaker msgMaker(pfrom.GetCommonVersion()); size_t nCount = headers.size(); if (nCount == 0) { @@ -2211,7 +2211,7 @@ static void ProcessGetCFilters(CNode& peer, CDataStream& vRecv, const CChainPara } for (const auto& filter : filters) { - CSerializedNetMsg msg = CNetMsgMaker(peer.GetSendVersion()) + CSerializedNetMsg msg = CNetMsgMaker(peer.GetCommonVersion()) .Make(NetMsgType::CFILTER, filter); connman.PushMessage(&peer, std::move(msg)); } @@ -2263,7 +2263,7 @@ static void ProcessGetCFHeaders(CNode& peer, CDataStream& vRecv, const CChainPar return; } - CSerializedNetMsg msg = CNetMsgMaker(peer.GetSendVersion()) + CSerializedNetMsg msg = CNetMsgMaker(peer.GetCommonVersion()) .Make(NetMsgType::CFHEADERS, filter_type_ser, stop_index->GetBlockHash(), @@ -2315,7 +2315,7 @@ static void ProcessGetCFCheckPt(CNode& peer, CDataStream& vRecv, const CChainPar } } - CSerializedNetMsg msg = CNetMsgMaker(peer.GetSendVersion()) + CSerializedNetMsg msg = CNetMsgMaker(peer.GetCommonVersion()) .Make(NetMsgType::CFCHECKPT, filter_type_ser, stop_index->GetBlockHash(), @@ -2406,10 +2406,10 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat PushNodeVersion(pfrom, m_connman, GetAdjustedTime()); if (nVersion >= WTXID_RELAY_VERSION) { - m_connman.PushMessage(&pfrom, CNetMsgMaker(INIT_PROTO_VERSION).Make(NetMsgType::WTXIDRELAY)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make(NetMsgType::WTXIDRELAY)); } - m_connman.PushMessage(&pfrom, CNetMsgMaker(INIT_PROTO_VERSION).Make(NetMsgType::VERACK)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make(NetMsgType::VERACK)); pfrom.nServices = nServices; pfrom.SetAddrLocal(addrMe); @@ -2431,7 +2431,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat } // Change version - pfrom.SetSendVersion(nSendVersion); + pfrom.SetCommonVersion(nSendVersion); pfrom.nVersion = nVersion; if((nServices & NODE_WITNESS)) @@ -2520,11 +2520,11 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat } // At this point, the outgoing message serialization version can't change. - const CNetMsgMaker msgMaker(pfrom.GetSendVersion()); + const CNetMsgMaker msgMaker(pfrom.GetCommonVersion()); if (msg_type == NetMsgType::VERACK) { - pfrom.SetRecvVersion(std::min(pfrom.nVersion.load(), PROTOCOL_VERSION)); + pfrom.SetCommonVersion(std::min(pfrom.nVersion.load(), PROTOCOL_VERSION)); if (!pfrom.IsInboundConn()) { // Mark this node as currently connected, so we update its timestamp later. @@ -3872,7 +3872,7 @@ bool PeerManager::ProcessMessages(CNode* pfrom, std::atomic& interruptMsgP } CNetMessage& msg(msgs.front()); - msg.SetVersion(pfrom->GetRecvVersion()); + msg.SetVersion(pfrom->GetCommonVersion()); // Check network magic if (!msg.m_valid_netmagic) { LogPrint(BCLog::NET, "PROCESSMESSAGE: INVALID MESSAGESTART %s peer=%d\n", SanitizeString(msg.m_command), pfrom->GetId()); @@ -3920,7 +3920,7 @@ void PeerManager::ConsiderEviction(CNode& pto, int64_t time_in_seconds) AssertLockHeld(cs_main); CNodeState &state = *State(pto.GetId()); - const CNetMsgMaker msgMaker(pto.GetSendVersion()); + const CNetMsgMaker msgMaker(pto.GetCommonVersion()); if (!state.m_chain_sync.m_protect && pto.IsOutboundOrBlockRelayConn() && state.fSyncStarted) { // This is an outbound peer subject to disconnection if they don't @@ -4082,7 +4082,7 @@ bool PeerManager::SendMessages(CNode* pto) return true; // If we get here, the outgoing message serialization version is set and can't change. - const CNetMsgMaker msgMaker(pto->GetSendVersion()); + const CNetMsgMaker msgMaker(pto->GetCommonVersion()); // // Message: ping diff --git a/src/test/denialofservice_tests.cpp b/src/test/denialofservice_tests.cpp index f4d2204e1c..b7cd12053a 100644 --- a/src/test/denialofservice_tests.cpp +++ b/src/test/denialofservice_tests.cpp @@ -85,7 +85,7 @@ BOOST_AUTO_TEST_CASE(outbound_slow_chain_eviction) // Mock an outbound peer CAddress addr1(ip(0xa0b0c001), NODE_NONE); CNode dummyNode1(id++, ServiceFlags(NODE_NETWORK | NODE_WITNESS), 0, INVALID_SOCKET, addr1, 0, 0, CAddress(), "", ConnectionType::OUTBOUND_FULL_RELAY); - dummyNode1.SetSendVersion(PROTOCOL_VERSION); + dummyNode1.SetCommonVersion(PROTOCOL_VERSION); peerLogic->InitializeNode(&dummyNode1); dummyNode1.nVersion = 1; @@ -138,7 +138,7 @@ static void AddRandomOutboundPeer(std::vector &vNodes, PeerManager &pee CAddress addr(ip(g_insecure_rand_ctx.randbits(32)), NODE_NONE); vNodes.emplace_back(new CNode(id++, ServiceFlags(NODE_NETWORK | NODE_WITNESS), 0, INVALID_SOCKET, addr, 0, 0, CAddress(), "", ConnectionType::OUTBOUND_FULL_RELAY)); CNode &node = *vNodes.back(); - node.SetSendVersion(PROTOCOL_VERSION); + node.SetCommonVersion(PROTOCOL_VERSION); peerLogic.InitializeNode(&node); node.nVersion = 1; @@ -230,7 +230,7 @@ BOOST_AUTO_TEST_CASE(peer_discouragement) banman->ClearBanned(); CAddress addr1(ip(0xa0b0c001), NODE_NONE); CNode dummyNode1(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr1, 0, 0, CAddress(), "", ConnectionType::INBOUND); - dummyNode1.SetSendVersion(PROTOCOL_VERSION); + dummyNode1.SetCommonVersion(PROTOCOL_VERSION); peerLogic->InitializeNode(&dummyNode1); dummyNode1.nVersion = 1; dummyNode1.fSuccessfullyConnected = true; @@ -244,7 +244,7 @@ BOOST_AUTO_TEST_CASE(peer_discouragement) CAddress addr2(ip(0xa0b0c002), NODE_NONE); CNode dummyNode2(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr2, 1, 1, CAddress(), "", ConnectionType::INBOUND); - dummyNode2.SetSendVersion(PROTOCOL_VERSION); + dummyNode2.SetCommonVersion(PROTOCOL_VERSION); peerLogic->InitializeNode(&dummyNode2); dummyNode2.nVersion = 1; dummyNode2.fSuccessfullyConnected = true; @@ -281,7 +281,7 @@ BOOST_AUTO_TEST_CASE(DoS_bantime) CAddress addr(ip(0xa0b0c001), NODE_NONE); CNode dummyNode(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr, 4, 4, CAddress(), "", ConnectionType::INBOUND); - dummyNode.SetSendVersion(PROTOCOL_VERSION); + dummyNode.SetCommonVersion(PROTOCOL_VERSION); peerLogic->InitializeNode(&dummyNode); dummyNode.nVersion = 1; dummyNode.fSuccessfullyConnected = true; diff --git a/src/test/fuzz/net.cpp b/src/test/fuzz/net.cpp index cd0c93b8d0..a85c353243 100644 --- a/src/test/fuzz/net.cpp +++ b/src/test/fuzz/net.cpp @@ -48,7 +48,7 @@ void test_one_input(const std::vector& buffer) fuzzed_data_provider.ConsumeRandomLengthString(32), fuzzed_data_provider.PickValueInArray({ConnectionType::INBOUND, ConnectionType::OUTBOUND_FULL_RELAY, ConnectionType::MANUAL, ConnectionType::FEELER, ConnectionType::BLOCK_RELAY, ConnectionType::ADDR_FETCH})}; while (fuzzed_data_provider.ConsumeBool()) { - switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 12)) { + switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 11)) { case 0: { node.CloseSocketDisconnect(); break; @@ -58,7 +58,7 @@ void test_one_input(const std::vector& buffer) break; } case 2: { - node.SetSendVersion(fuzzed_data_provider.ConsumeIntegral()); + node.SetCommonVersion(fuzzed_data_provider.ConsumeIntegral()); break; } case 3: { @@ -71,21 +71,17 @@ void test_one_input(const std::vector& buffer) break; } case 4: { - node.SetRecvVersion(fuzzed_data_provider.ConsumeIntegral()); - break; - } - case 5: { const CNode* add_ref_node = node.AddRef(); assert(add_ref_node == &node); break; } - case 6: { + case 5: { if (node.GetRefCount() > 0) { node.Release(); } break; } - case 7: { + case 6: { if (node.m_addr_known == nullptr) { break; } @@ -96,7 +92,7 @@ void test_one_input(const std::vector& buffer) node.AddAddressKnown(*addr_opt); break; } - case 8: { + case 7: { if (node.m_addr_known == nullptr) { break; } @@ -108,7 +104,7 @@ void test_one_input(const std::vector& buffer) node.PushAddress(*addr_opt, fast_random_context); break; } - case 9: { + case 8: { const std::optional inv_opt = ConsumeDeserializable(fuzzed_data_provider); if (!inv_opt) { break; @@ -116,11 +112,11 @@ void test_one_input(const std::vector& buffer) node.AddKnownTx(inv_opt->hash); break; } - case 10: { + case 9: { node.PushTxInventory(ConsumeUInt256(fuzzed_data_provider)); break; } - case 11: { + case 10: { const std::optional service_opt = ConsumeDeserializable(fuzzed_data_provider); if (!service_opt) { break; @@ -128,7 +124,7 @@ void test_one_input(const std::vector& buffer) node.SetAddrLocal(*service_opt); break; } - case 12: { + case 11: { const std::vector b = ConsumeRandomLengthByteVector(fuzzed_data_provider); bool complete; node.ReceiveMsgBytes((const char*)b.data(), b.size(), complete); @@ -143,10 +139,9 @@ void test_one_input(const std::vector& buffer) (void)node.GetLocalNonce(); (void)node.GetLocalServices(); (void)node.GetMyStartingHeight(); - (void)node.GetRecvVersion(); const int ref_count = node.GetRefCount(); assert(ref_count >= 0); - (void)node.GetSendVersion(); + (void)node.GetCommonVersion(); (void)node.RelayAddrsWithConn(); const NetPermissionFlags net_permission_flags = fuzzed_data_provider.ConsumeBool() ? diff --git a/src/test/fuzz/process_message.cpp b/src/test/fuzz/process_message.cpp index 3d6947ca92..3ef03137ec 100644 --- a/src/test/fuzz/process_message.cpp +++ b/src/test/fuzz/process_message.cpp @@ -71,7 +71,7 @@ void test_one_input(const std::vector& buffer) CNode& p2p_node = *MakeUnique(0, ServiceFlags(NODE_NETWORK | NODE_WITNESS | NODE_BLOOM), 0, INVALID_SOCKET, CAddress{CService{in_addr{0x0100007f}, 7777}, NODE_NETWORK}, 0, 0, CAddress{}, std::string{}, ConnectionType::OUTBOUND_FULL_RELAY).release(); p2p_node.fSuccessfullyConnected = true; p2p_node.nVersion = PROTOCOL_VERSION; - p2p_node.SetSendVersion(PROTOCOL_VERSION); + p2p_node.SetCommonVersion(PROTOCOL_VERSION); connman.AddTestNode(p2p_node); g_setup->m_node.peerman->InitializeNode(&p2p_node); try { diff --git a/src/test/fuzz/process_messages.cpp b/src/test/fuzz/process_messages.cpp index c9433d325a..f722eeac3a 100644 --- a/src/test/fuzz/process_messages.cpp +++ b/src/test/fuzz/process_messages.cpp @@ -51,7 +51,7 @@ void test_one_input(const std::vector& buffer) p2p_node.fSuccessfullyConnected = true; p2p_node.fPauseSend = false; p2p_node.nVersion = PROTOCOL_VERSION; - p2p_node.SetSendVersion(PROTOCOL_VERSION); + p2p_node.SetCommonVersion(PROTOCOL_VERSION); g_setup->m_node.peerman->InitializeNode(&p2p_node); connman.AddTestNode(p2p_node); From 8d2026796a6f7add0c2cda9806e759817d1eae6f Mon Sep 17 00:00:00 2001 From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Date: Fri, 5 Jun 2020 10:23:11 +0300 Subject: [PATCH 06/18] refactor: Rename local variable nSendVersion --- src/net_processing.cpp | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/net_processing.cpp b/src/net_processing.cpp index e75fe59f08..c23d1f6764 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -2350,13 +2350,11 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat uint64_t nServiceInt; ServiceFlags nServices; int nVersion; - int nSendVersion; std::string cleanSubVer; int nStartingHeight = -1; bool fRelay = true; vRecv >> nVersion >> nServiceInt >> nTime >> addrMe; - nSendVersion = std::min(nVersion, PROTOCOL_VERSION); nServices = ServiceFlags(nServiceInt); if (!pfrom.IsInboundConn()) { @@ -2405,11 +2403,16 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat if (pfrom.IsInboundConn()) PushNodeVersion(pfrom, m_connman, GetAdjustedTime()); + // Change version + const int greatest_common_version = std::min(nVersion, PROTOCOL_VERSION); + pfrom.SetCommonVersion(greatest_common_version); + pfrom.nVersion = nVersion; + if (nVersion >= WTXID_RELAY_VERSION) { - m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make(NetMsgType::WTXIDRELAY)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make(NetMsgType::WTXIDRELAY)); } - m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make(NetMsgType::VERACK)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make(NetMsgType::VERACK)); pfrom.nServices = nServices; pfrom.SetAddrLocal(addrMe); @@ -2430,10 +2433,6 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat pfrom.m_tx_relay->fRelayTxes = fRelay; // set to true after we get the first filter* message } - // Change version - pfrom.SetCommonVersion(nSendVersion); - pfrom.nVersion = nVersion; - if((nServices & NODE_WITNESS)) { LOCK(cs_main); @@ -2479,7 +2478,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat } // Get recent addresses - m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make(NetMsgType::GETADDR)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make(NetMsgType::GETADDR)); pfrom.fGetAddr = true; // Moves address from New to Tried table in Addrman, resolves @@ -2503,7 +2502,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat // If the peer is old enough to have the old alert system, send it the final alert. if (pfrom.nVersion <= 70012) { CDataStream finalAlert(ParseHex("60010000000000000000000000ffffff7f00000000ffffff7ffeffff7f01ffffff7f00000000ffffff7f00ffffff7f002f555247454e543a20416c657274206b657920636f6d70726f6d697365642c2075706772616465207265717569726564004630440220653febd6410f470f6bae11cad19c48413becb1ac2c17f908fd0fd53bdc3abd5202206d0e9c96fe88d4a0f01ed9dedae2b6f9e00da94cad0fecaae66ecf689bf71b50"), SER_NETWORK, PROTOCOL_VERSION); - m_connman.PushMessage(&pfrom, CNetMsgMaker(nSendVersion).Make("alert", finalAlert)); + m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make("alert", finalAlert)); } // Feeler connections exist only to verify if address is online. From e084d45562b94827b3a7873895882fcaae9f4d48 Mon Sep 17 00:00:00 2001 From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Date: Fri, 5 Jun 2020 10:25:24 +0300 Subject: [PATCH 07/18] p2p: Remove SetCommonVersion() from VERACK handler SetCommonVersion() is already called from the VERSION message handler. There is no change in behavior on the P2P network. --- src/net_processing.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/net_processing.cpp b/src/net_processing.cpp index c23d1f6764..301b32aca7 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -2523,8 +2523,6 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat if (msg_type == NetMsgType::VERACK) { - pfrom.SetCommonVersion(std::min(pfrom.nVersion.load(), PROTOCOL_VERSION)); - if (!pfrom.IsInboundConn()) { // Mark this node as currently connected, so we update its timestamp later. LOCK(cs_main); From ddefb5c0b759950942ac03f28c43b548af7b4033 Mon Sep 17 00:00:00 2001 From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Date: Tue, 25 Aug 2020 01:58:15 +0300 Subject: [PATCH 08/18] p2p: Use the greatest common version in peer logic --- src/net.cpp | 2 +- src/net_processing.cpp | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/net.cpp b/src/net.cpp index 84f1f9f068..db44e8cbb0 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1167,7 +1167,7 @@ void CConnman::InactivityCheck(CNode *pnode) LogPrintf("socket sending timeout: %is\n", nTime - pnode->nLastSend); pnode->fDisconnect = true; } - else if (nTime - pnode->nLastRecv > (pnode->nVersion > BIP0031_VERSION ? TIMEOUT_INTERVAL : 90*60)) + else if (nTime - pnode->nLastRecv > (pnode->GetCommonVersion() > BIP0031_VERSION ? TIMEOUT_INTERVAL : 90*60)) { LogPrintf("socket receive timeout: %is\n", nTime - pnode->nLastRecv); pnode->fDisconnect = true; diff --git a/src/net_processing.cpp b/src/net_processing.cpp index 301b32aca7..72b3b17397 100644 --- a/src/net_processing.cpp +++ b/src/net_processing.cpp @@ -1359,7 +1359,7 @@ void PeerManager::NewPoWValidBlock(const CBlockIndex *pindex, const std::shared_ LockAssertion lock(::cs_main); // TODO: Avoid the repeated-serialization here - if (pnode->nVersion < INVALID_CB_NO_BAN_VERSION || pnode->fDisconnect) + if (pnode->GetCommonVersion() < INVALID_CB_NO_BAN_VERSION || pnode->fDisconnect) return; ProcessBlockAvailability(pnode->GetId()); CNodeState &state = *State(pnode->GetId()); @@ -2408,7 +2408,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat pfrom.SetCommonVersion(greatest_common_version); pfrom.nVersion = nVersion; - if (nVersion >= WTXID_RELAY_VERSION) { + if (greatest_common_version >= WTXID_RELAY_VERSION) { m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make(NetMsgType::WTXIDRELAY)); } @@ -2500,7 +2500,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat AddTimeData(pfrom.addr, nTimeOffset); // If the peer is old enough to have the old alert system, send it the final alert. - if (pfrom.nVersion <= 70012) { + if (greatest_common_version <= 70012) { CDataStream finalAlert(ParseHex("60010000000000000000000000ffffff7f00000000ffffff7ffeffff7f01ffffff7f00000000ffffff7f00ffffff7f002f555247454e543a20416c657274206b657920636f6d70726f6d697365642c2075706772616465207265717569726564004630440220653febd6410f470f6bae11cad19c48413becb1ac2c17f908fd0fd53bdc3abd5202206d0e9c96fe88d4a0f01ed9dedae2b6f9e00da94cad0fecaae66ecf689bf71b50"), SER_NETWORK, PROTOCOL_VERSION); m_connman.PushMessage(&pfrom, CNetMsgMaker(greatest_common_version).Make("alert", finalAlert)); } @@ -2533,14 +2533,14 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat pfrom.m_tx_relay == nullptr ? "block-relay" : "full-relay"); } - if (pfrom.nVersion >= SENDHEADERS_VERSION) { + if (pfrom.GetCommonVersion() >= SENDHEADERS_VERSION) { // Tell our peer we prefer to receive headers rather than inv's // We send this to non-NODE NETWORK peers as well, because even // non-NODE NETWORK peers can announce blocks (such as pruning // nodes) m_connman.PushMessage(&pfrom, msgMaker.Make(NetMsgType::SENDHEADERS)); } - if (pfrom.nVersion >= SHORT_IDS_BLOCKS_VERSION) { + if (pfrom.GetCommonVersion() >= SHORT_IDS_BLOCKS_VERSION) { // Tell our peer we are willing to provide version 1 or 2 cmpctblocks // However, we do not request new block announcements using // cmpctblock messages. @@ -2566,7 +2566,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat pfrom.fDisconnect = true; return; } - if (pfrom.nVersion >= WTXID_RELAY_VERSION) { + if (pfrom.GetCommonVersion() >= WTXID_RELAY_VERSION) { LOCK(cs_main); if (!State(pfrom.GetId())->m_wtxid_relay) { State(pfrom.GetId())->m_wtxid_relay = true; @@ -3581,8 +3581,7 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat } if (msg_type == NetMsgType::PING) { - if (pfrom.nVersion > BIP0031_VERSION) - { + if (pfrom.GetCommonVersion() > BIP0031_VERSION) { uint64_t nonce = 0; vRecv >> nonce; // Echo the message back with the nonce. This allows for two useful features: @@ -4100,7 +4099,7 @@ bool PeerManager::SendMessages(CNode* pto) } pto->fPingQueued = false; pto->m_ping_start = GetTime(); - if (pto->nVersion > BIP0031_VERSION) { + if (pto->GetCommonVersion() > BIP0031_VERSION) { pto->nPingNonceSent = nonce; m_connman.PushMessage(pto, msgMaker.Make(NetMsgType::PING, nonce)); } else { @@ -4639,7 +4638,7 @@ bool PeerManager::SendMessages(CNode* pto) // // Message: feefilter // - if (pto->m_tx_relay != nullptr && pto->nVersion >= FEEFILTER_VERSION && gArgs.GetBoolArg("-feefilter", DEFAULT_FEEFILTER) && + if (pto->m_tx_relay != nullptr && pto->GetCommonVersion() >= FEEFILTER_VERSION && gArgs.GetBoolArg("-feefilter", DEFAULT_FEEFILTER) && !pto->HasPermission(PF_FORCERELAY) // peers with the forcerelay permission should not filter txs to us ) { CAmount currentFilter = m_mempool.GetMinFee(gArgs.GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000).GetFeePerK(); From a2147d7dadec1febcd9c2b8ebbbf78dce6d0556b Mon Sep 17 00:00:00 2001 From: Karl-Johan Alm Date: Thu, 30 Apr 2020 12:25:45 +0900 Subject: [PATCH 09/18] validation: move GetWitnessCommitmentIndex to consensus/validation --- src/consensus/validation.h | 27 +++++++++++++++++++++++++++ src/validation.cpp | 26 +++----------------------- src/validation.h | 5 ----- 3 files changed, 30 insertions(+), 28 deletions(-) diff --git a/src/consensus/validation.h b/src/consensus/validation.h index 2a93a090d6..e007c481df 100644 --- a/src/consensus/validation.h +++ b/src/consensus/validation.h @@ -12,6 +12,12 @@ #include #include +/** Index marker for when no witness commitment is present in a coinbase transaction. */ +static constexpr int NO_WITNESS_COMMITMENT{-1}; + +/** Minimum size of a witness commitment structure. Defined in BIP 141. **/ +static constexpr size_t MINIMUM_WITNESS_COMMITMENT{38}; + /** A "reason" why a transaction was invalid, suitable for determining whether the * provider of the transaction should be banned/ignored/disconnected/etc. */ @@ -151,4 +157,25 @@ static inline int64_t GetTransactionInputWeight(const CTxIn& txin) return ::GetSerializeSize(txin, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) * (WITNESS_SCALE_FACTOR - 1) + ::GetSerializeSize(txin, PROTOCOL_VERSION) + ::GetSerializeSize(txin.scriptWitness.stack, PROTOCOL_VERSION); } +/** Compute at which vout of the block's coinbase transaction the witness commitment occurs, or -1 if not found */ +inline int GetWitnessCommitmentIndex(const CBlock& block) +{ + int commitpos = NO_WITNESS_COMMITMENT; + if (!block.vtx.empty()) { + for (size_t o = 0; o < block.vtx[0]->vout.size(); o++) { + const CTxOut& vout = block.vtx[0]->vout[o]; + if (vout.scriptPubKey.size() >= MINIMUM_WITNESS_COMMITMENT && + vout.scriptPubKey[0] == OP_RETURN && + vout.scriptPubKey[1] == 0x24 && + vout.scriptPubKey[2] == 0xaa && + vout.scriptPubKey[3] == 0x21 && + vout.scriptPubKey[4] == 0xa9 && + vout.scriptPubKey[5] == 0xed) { + commitpos = o; + } + } + } + return commitpos; +} + #endif // BITCOIN_CONSENSUS_VALIDATION_H diff --git a/src/validation.cpp b/src/validation.cpp index cf2f9dde62..be1374e810 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -3395,31 +3395,11 @@ bool IsWitnessEnabled(const CBlockIndex* pindexPrev, const Consensus::Params& pa return (height >= params.SegwitHeight); } -int GetWitnessCommitmentIndex(const CBlock& block) -{ - int commitpos = -1; - if (!block.vtx.empty()) { - for (size_t o = 0; o < block.vtx[0]->vout.size(); o++) { - const CTxOut& vout = block.vtx[0]->vout[o]; - if (vout.scriptPubKey.size() >= MINIMUM_WITNESS_COMMITMENT && - vout.scriptPubKey[0] == OP_RETURN && - vout.scriptPubKey[1] == 0x24 && - vout.scriptPubKey[2] == 0xaa && - vout.scriptPubKey[3] == 0x21 && - vout.scriptPubKey[4] == 0xa9 && - vout.scriptPubKey[5] == 0xed) { - commitpos = o; - } - } - } - return commitpos; -} - void UpdateUncommittedBlockStructures(CBlock& block, const CBlockIndex* pindexPrev, const Consensus::Params& consensusParams) { int commitpos = GetWitnessCommitmentIndex(block); static const std::vector nonce(32, 0x00); - if (commitpos != -1 && IsWitnessEnabled(pindexPrev, consensusParams) && !block.vtx[0]->HasWitness()) { + if (commitpos != NO_WITNESS_COMMITMENT && IsWitnessEnabled(pindexPrev, consensusParams) && !block.vtx[0]->HasWitness()) { CMutableTransaction tx(*block.vtx[0]); tx.vin[0].scriptWitness.stack.resize(1); tx.vin[0].scriptWitness.stack[0] = nonce; @@ -3433,7 +3413,7 @@ std::vector GenerateCoinbaseCommitment(CBlock& block, const CBloc int commitpos = GetWitnessCommitmentIndex(block); std::vector ret(32, 0x00); if (consensusParams.SegwitHeight != std::numeric_limits::max()) { - if (commitpos == -1) { + if (commitpos == NO_WITNESS_COMMITMENT) { uint256 witnessroot = BlockWitnessMerkleRoot(block, nullptr); CHash256().Write(witnessroot).Write(ret).Finalize(witnessroot); CTxOut out; @@ -3571,7 +3551,7 @@ static bool ContextualCheckBlock(const CBlock& block, BlockValidationState& stat bool fHaveWitness = false; if (nHeight >= consensusParams.SegwitHeight) { int commitpos = GetWitnessCommitmentIndex(block); - if (commitpos != -1) { + if (commitpos != NO_WITNESS_COMMITMENT) { bool malleated = false; uint256 hashWitness = BlockWitnessMerkleRoot(block, &malleated); // The malleation check is ignored; as the transaction tree itself diff --git a/src/validation.h b/src/validation.h index 534162d64a..f3738a49ec 100644 --- a/src/validation.h +++ b/src/validation.h @@ -93,8 +93,6 @@ static const unsigned int DEFAULT_CHECKLEVEL = 3; // one 128MB block file + added 15% undo data = 147MB greater for a total of 545MB // Setting the target to >= 550 MiB will make it likely we can respect the target. static const uint64_t MIN_DISK_SPACE_FOR_BLOCK_FILES = 550 * 1024 * 1024; -/** Minimum size of a witness commitment structure. Defined in BIP 141. **/ -static constexpr size_t MINIMUM_WITNESS_COMMITMENT{38}; struct BlockHasher { @@ -306,9 +304,6 @@ bool TestBlockValidity(BlockValidationState& state, const CChainParams& chainpar * Note that transaction witness validation rules are always enforced when P2SH is enforced. */ bool IsWitnessEnabled(const CBlockIndex* pindexPrev, const Consensus::Params& params); -/** Compute at which vout of the block's coinbase transaction the witness commitment occurs, or -1 if not found */ -int GetWitnessCommitmentIndex(const CBlock& block); - /** Update uncommitted block structures (currently: only the witness reserved value). This is safe for submitted blocks. */ void UpdateUncommittedBlockStructures(CBlock& block, const CBlockIndex* pindexPrev, const Consensus::Params& consensusParams); From 404682b7cdb54494e7c98f0ba0cac8b51f379750 Mon Sep 17 00:00:00 2001 From: Karl-Johan Alm Date: Wed, 17 Jul 2019 17:41:32 +0900 Subject: [PATCH 10/18] add signet basic support (signet.cpp) Co-authored-by: Anthony Towns --- src/Makefile.am | 2 + src/consensus/params.h | 7 ++ src/signet.cpp | 149 +++++++++++++++++++++++++++++++++++++++++ src/signet.h | 42 ++++++++++++ 4 files changed, 200 insertions(+) create mode 100644 src/signet.cpp create mode 100644 src/signet.h diff --git a/src/Makefile.am b/src/Makefile.am index 175501d4a6..53ad03d41f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -201,6 +201,7 @@ BITCOIN_CORE_H = \ script/signingprovider.h \ script/standard.h \ shutdown.h \ + signet.h \ streams.h \ support/allocators/secure.h \ support/allocators/zeroafterfree.h \ @@ -321,6 +322,7 @@ libbitcoin_server_a_SOURCES = \ rpc/server.cpp \ script/sigcache.cpp \ shutdown.cpp \ + signet.cpp \ timedata.cpp \ torcontrol.cpp \ txdb.cpp \ diff --git a/src/consensus/params.h b/src/consensus/params.h index 61b1fbc2e5..85ab3f61ef 100644 --- a/src/consensus/params.h +++ b/src/consensus/params.h @@ -80,6 +80,13 @@ struct Params { int64_t DifficultyAdjustmentInterval() const { return nPowTargetTimespan / nPowTargetSpacing; } uint256 nMinimumChainWork; uint256 defaultAssumeValid; + + /** + * If true, witness commitments contain a payload equal to a Bitcoin Script solution + * to the signet challenge. See BIP325. + */ + bool signet_blocks{false}; + std::vector signet_challenge; }; } // namespace Consensus diff --git a/src/signet.cpp b/src/signet.cpp new file mode 100644 index 0000000000..a29f89b58e --- /dev/null +++ b/src/signet.cpp @@ -0,0 +1,149 @@ +// Copyright (c) 2019-2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include