Commit Graph

361 Commits

Author SHA1 Message Date
Riccardo Spagni
9d91301faa
Merge pull request #5496
0eb0d6b8 rpc: improve get_output_distribution (moneromooo-monero)
2019-05-07 17:30:27 +02:00
moneromooo-monero
5e0da6fb68
change SSL certificate fingerprint whitelisting from SHA1 to SHA-256
SHA1 is too close to bruteforceable
2019-04-26 11:37:15 +00:00
moneromooo-monero
0eb0d6b802
rpc: improve get_output_distribution
It can now handle small reorgs without having to rescan the
whole blockchain.

Also add a test for it.
2019-04-25 16:49:29 +00:00
Riccardo Spagni
1b092f3a44
Merge pull request #5452
c30d93fc rpc: add a pruned bool to the prune_blockchain call (moneromooo-monero)
2019-04-16 22:48:50 +02:00
Riccardo Spagni
68d131615e
Merge pull request #5448
d009f6dd rpc: fix get_block_hashes.bin from wallet on pruned blockchain (moneromooo-monero)
bb0ef5b1 blockchain: lock the blockchain while pruning (moneromooo-monero)
2019-04-16 22:47:36 +02:00
Riccardo Spagni
f376cd5605
Merge pull request #5446
7d79222f daemon: remove debug info (moneromooo-monero)
8fec0f98 functional_tests: add sweep_single test (moneromooo-monero)
9880d61b wallet_rpc_server: remove unused code (moneromooo-monero)
8a61b33d rpc: omit irrelevant fields for pool txes in gettransactions (moneromooo-monero)
56508524 rpc: add relayed in get_transaction output (moneromooo-monero)
82e510f1 rpc: set default log category in core_rpc_server.h (moneromooo-monero)
2019-04-16 22:46:29 +02:00
Riccardo Spagni
8af1a89e4c
Merge pull request #5441
b3648232 daemon: fix ratio not being floating point (moneromooo-monero)
e1b097b9 core_rpc_server: remove dummy assigning int to bool (moneromooo-monero)
2019-04-16 22:44:41 +02:00
Riccardo Spagni
1f01070a0c
Merge pull request #5434
ccb996af rpc: new sanity check on relayed transactions (moneromooo-monero)
2019-04-16 22:41:40 +02:00
Riccardo Spagni
45e1f7c292
Merge pull request #5428
f3425f8d rpc.getblocktemplate: set reserved_offset to zero when reserve_size==0 (stoffu)
2019-04-16 22:39:18 +02:00
moneromooo-monero
c30d93fcd9
rpc: add a pruned bool to the prune_blockchain call 2019-04-16 15:15:14 +00:00
moneromooo-monero
d009f6dd61
rpc: fix get_block_hashes.bin from wallet on pruned blockchain
We want to get all blocks here, even pruned ones
2019-04-15 22:27:15 +00:00
moneromooo-monero
565085245a
rpc: add relayed in get_transaction output 2019-04-15 09:11:50 +00:00
Riccardo Spagni
e89aa2ec56
Merge pull request #5421
e78cea74 rpc: fix off by one in get_height (moneromooo-monero)
2019-04-15 09:22:50 +02:00
Riccardo Spagni
9bd0983d5e
Merge pull request #5402
cbf32241 rpc: make wide_difficulty hexadecimal (moneromooo-monero)
2019-04-15 09:18:10 +02:00
moneromooo-monero
e1b097b99b
core_rpc_server: remove dummy assigning int to bool
Coverity 197653
2019-04-14 09:26:12 +00:00
moneromooo-monero
ccb996afc6
rpc: new sanity check on relayed transactions
This will weed out some transactions with silly rings
2019-04-12 20:22:09 +00:00
stoffu
f3425f8d32
rpc.getblocktemplate: set reserved_offset to zero when reserve_size==0 2019-04-12 18:55:38 +09:00
moneromooo-monero
e78cea74bd
rpc: fix off by one in get_height 2019-04-11 17:24:02 +00:00
moneromooo-monero
064ab12340
functional_tests: add more blockchain related tests
Related to emission, reorgs, getting tx data back, output
distribution and histogram
2019-04-11 11:07:58 +00:00
Riccardo Spagni
4a2cc76c84
Merge pull request #5376
c746f45d Add hash of top block to /getheight RPC (Howard Chu)
2019-04-11 13:01:54 +02:00
Riccardo Spagni
3a4008f0fc
Merge pull request #5374
a2561653 wallet: new option to start background mining (moneromooo-monero)
2019-04-11 13:01:30 +02:00
Lee Clagett
21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett
1f5ed328aa Change default SSL to "enabled" if user specifies fingerprint/certificate
Currently if a user specifies a ca file or fingerprint to verify peer,
the default behavior is SSL autodetect which allows for mitm downgrade
attacks. It should be investigated whether a manual override should be
allowed - the configuration is likely always invalid.
2019-04-06 23:47:07 -04:00
Lee Clagett
a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
moneromooo-monero
e8cf7dcc2b
rpc: merge the two get_info implementations 2019-04-06 14:04:24 +00:00
moneromooo-monero
cbf3224180
rpc: make wide_difficulty hexadecimal
This should be friendlier for clients which don't have bignum support
2019-04-05 16:30:16 +00:00
moneromooo-monero
a2561653cb
wallet: new option to start background mining
The setup-background-mining option can be used to select
background mining when a wallet loads. The user will be asked
the first time the wallet is created.
2019-04-04 18:10:45 +00:00
stoffu
a299dc96f7
rpc.gettransactions: fill as_json with partial tx in pruned mode 2019-04-04 18:08:01 +09:00
Riccardo Spagni
1ed6441925
Merge pull request #5327
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
2019-04-01 17:32:01 +02:00
Riccardo Spagni
a69b71dc41
Merge pull request #5326
dc20d774 rpc: add miner tx hash to block header response (moneromooo-monero)
2019-04-01 17:31:36 +02:00
Riccardo Spagni
97831e5f8b
Merge pull request #5308
a7211793 rpc: quantize db size up to 5 GB in restricted mode (moneromooo-monero)
2019-04-01 17:27:56 +02:00
Howard Chu
c746f45d3e
Add hash of top block to /getheight RPC 2019-04-01 01:02:58 +01:00
moneromooo-monero
91f4c7f45f
Make difficulty 128 bit instead of 64 bit
Based on Boolberry work by:
  jahrsg <jahr@jahr.me>
  cr.zoidberg <crypto.zoidberg@gmail.com>
2019-03-24 21:03:19 +00:00
rbrunner7
c23ea7962d New interactive daemon command 'print_net_stats': Global traffic stats 2019-03-24 16:58:57 +01:00
Riccardo Spagni
df50181ab2
Merge pull request #5237
3907588b rpc: make fill_pow restricted (moneromooo-monero)
2019-03-21 14:46:20 +02:00
moneromooo-monero
dc20d77459
rpc: add miner tx hash to block header response 2019-03-21 00:24:12 +00:00
moneromooo-monero
a7211793ba
rpc: quantize db size up to 5 GB in restricted mode 2019-03-17 21:27:52 +00:00
Riccardo Spagni
848591c4d8
Merge pull request #5190
551104fb daemon: add --public-node mode, RPC port propagation over P2P (xiphon)
2019-03-17 17:56:04 +02:00
Riccardo Spagni
429930534d
Merge pull request #5185
59478c80 daemon: new mining_status command (moneromooo-monero)
2019-03-17 17:55:32 +02:00
Riccardo Spagni
fd231226b9
Merge pull request #5177
bb2aed8e rpc: quantize db size up to 5 GB in restricted mode (moneromooo-monero)
2019-03-17 17:52:56 +02:00
moneromooo-monero
59478c80dd
daemon: new mining_status command 2019-03-09 20:51:53 +00:00
moneromooo-monero
3907588bf6
rpc: make fill_pow restricted
It's slow work, so let's not expose it
2019-03-06 00:05:41 +00:00
binaryFate
1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
Martijn Otto
057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
Riccardo Spagni
46fd181cca
Merge pull request #4054
24569454 epee: add SSL support (moneromooo-monero)
2019-03-04 21:17:21 +02:00
moneromooo-monero
b8787f4302
ArticMine's new block weight algorithm
This curbs runaway growth while still allowing substantial
spikes in block weight

Original specification from ArticMine:

here is the scaling proposal
Define: LongTermBlockWeight
Before fork:
LongTermBlockWeight = BlockWeight
At or after fork:
LongTermBlockWeight = min(BlockWeight, 1.4*LongTermEffectiveMedianBlockWeight)
Note: To avoid possible consensus issues over rounding the LongTermBlockWeight for a given block should be calculated to the nearest byte, and stored as a integer in the block itself. The stored LongTermBlockWeight is then used for future calculations of the LongTermEffectiveMedianBlockWeight and not recalculated each time.
Define:   LongTermEffectiveMedianBlockWeight
LongTermEffectiveMedianBlockWeight = max(300000, MedianOverPrevious100000Blocks(LongTermBlockWeight))
Change Definition of EffectiveMedianBlockWeight
From (current definition)
EffectiveMedianBlockWeight  = max(300000, MedianOverPrevious100Blocks(BlockWeight))
To (proposed definition)
EffectiveMedianBlockWeight  = min(max(300000, MedianOverPrevious100Blocks(BlockWeight)), 50*LongTermEffectiveMedianBlockWeight)
Notes:
1) There are no other changes to the existing penalty formula, median calculation, fees etc.
2) There is the requirement to store the LongTermBlockWeight of a block unencrypted in the block itself. This  is to avoid possible consensus issues over rounding and also to prevent the calculations from becoming unwieldy as we move away from the fork.
3) When the  EffectiveMedianBlockWeight cap is reached it is still possible to mine blocks up to 2x the EffectiveMedianBlockWeight by paying the corresponding penalty.

Note: the long term block weight is stored in the database, but not in the actual block itself,
since it requires recalculating anyway for verification.
2019-03-04 09:33:58 +00:00
xiphon
551104fbf1 daemon: add --public-node mode, RPC port propagation over P2P 2019-02-25 02:40:23 +03:00
moneromooo-monero
bb2aed8e4d
rpc: quantize db size up to 5 GB in restricted mode 2019-02-21 23:49:53 +00:00
moneromooo-monero
2456945408
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-02-02 20:05:33 +00:00
Lee Clagett
973403bc9f Adding initial support for broadcasting transactions over Tor
- Support for ".onion" in --add-exclusive-node and --add-peer
  - Add --anonymizing-proxy for outbound Tor connections
  - Add --anonymous-inbounds for inbound Tor connections
  - Support for sharing ".onion" addresses over Tor connections
  - Support for broadcasting transactions received over RPC exclusively
    over Tor (else broadcast over public IP when Tor not enabled).
2019-01-28 23:56:33 +00:00