Commit Graph

10935 Commits

Author SHA1 Message Date
Crypto City
97c4f99bef core test for transfering all, leaving nothing for the fee 2019-12-13 01:08:07 +00:00
Crypto City
26519b0820 add cc_transfer wallet RPC 2019-12-13 01:08:07 +00:00
Crypto City
9b8f0a10ea deposit/withdrawal cc functional tests 2019-12-13 01:08:07 +00:00
Crypto City
b8df9f7adb even more unit tests 2019-12-13 01:07:45 +00:00
Crypto City
9ba3a6e427 more unit tests 2019-12-13 01:07:45 +00:00
Crypto City
1b6a6c878a forbid unlock_time in bare txes 2019-12-13 01:07:45 +00:00
Crypto City
aaf0f5098a remove now obsolete view public key, abortive subaddress support, etc 2019-12-13 01:07:45 +00:00
Crypto City
0a36d2a12b unit tests 2019-12-13 01:07:03 +00:00
Crypto City
a57e103b31 rework cc_command 2019-12-13 01:07:03 +00:00
Crypto City
a4bb280922 reject txes that, when combined, spend more than an account's balance 2019-12-13 01:05:09 +00:00
Crypto City
dc153a504e bare txes 2019-12-13 01:05:08 +00:00
Crypto City
b8b2eb22a7 cc tx fix 2019-12-13 01:03:21 +00:00
Crypto City
e7c88e47ed add python bindings to new CC daemon RPC 2019-12-13 01:03:21 +00:00
Crypto City
456a856231 new cc_deposit/cc_withdraw wallet commands 2019-12-13 01:02:27 +00:00
Crypto City
44b5d47585 functional_tests: comment out old obsolete tests 2019-12-13 01:02:13 +00:00
Crypto City
be3369cd6b test popping blocks reverts balance changes 2019-12-13 01:01:05 +00:00
Crypto City
4ffec4dc82 prune in signature 2019-12-13 01:01:05 +00:00
Crypto City
9e359d7dc8 fixup 2019-12-13 01:01:05 +00:00
Crypto City
aca2c2d52e blockchain: propagate error when popping blocks 2019-12-13 01:01:05 +00:00
Crypto City
aed6360776 withdraw test 2019-12-13 01:01:05 +00:00
Crypto City
dc79bba19a tests for invalid signatures 2019-12-13 01:01:05 +00:00
Crypto City
ebcb76aee9 test for going over balance using more than one tx 2019-12-13 01:01:05 +00:00
Crypto City
91064a3581 more tests 2019-12-13 01:01:05 +00:00
Crypto City
649a307097 core_tests: fix get_balance for ringct 2019-12-13 01:01:05 +00:00
Crypto City
2f135eedbd basic account system and tests 2019-12-13 01:01:05 +00:00
Crypto City
692e90c194 Default to asan in debug mode 2019-12-13 01:00:34 +00:00
Crypto City
479b71b6e0 Fix coinbase not being able to include fees larger than subsidy 2019-12-13 01:00:34 +00:00
Crypto City
b17da7dd40 transactions can now involved cc accounts (wip) 2019-12-13 01:00:34 +00:00
Crypto City
1a070ceb7c New DB tables and debug commands 2019-12-13 00:59:22 +00:00
Crypto City
b9ea0d835c foo! 2019-12-13 00:55:07 +00:00
TheCharlatan
8e338e555c
depends: update libsodium to 1.0.18 2019-12-12 23:39:37 +01:00
luigi1111
b4e1dc83d2
Merge pull request #6057
3b8dcc2 wallet2: make keys unlocker reentrant (moneromooo-monero)
2019-12-12 13:49:58 -06:00
luigi1111
9d0d4f1d08
Merge pull request #6056
5a44893 python-rpc: add missing strict_balances parameter for get_accounts (moneromooo-monero)
2019-12-12 13:48:15 -06:00
luigi1111
e5cc6d39a9
Merge pull request #6055
886ed25 blockchain: fix comment wrongly refering to SHA-3 rather than Keccak (moneromooo-monero)
2019-12-12 13:47:04 -06:00
luigi1111
ccde60838b
Merge pull request #6054
017f816 daemon: handle printing higher hash rates (moneromooo-monero)
2019-12-12 13:45:50 -06:00
luigi1111
fb64463c4c
Merge pull request #6052
c96b7ee tx_pool: fix error message assuming incorrectly (moneromooo-monero)
2019-12-12 13:44:50 -06:00
luigi1111
e629db18f4
Merge pull request #6049
45fd72b Updated paper references (SarangNoether)
277003f Minor prover simplification (SarangNoether)
2019-12-12 13:43:57 -06:00
luigi1111
a6fa7d493e
Merge pull request #6041
261abf7 functional_tests: ensure mining stops on error in mining test (moneromooo-monero)
2019-12-12 13:41:05 -06:00
luigi1111
425da2381d
Merge pull request #6037
f49a8ca easylogging++: add screen.xterm-256color to the 'allow colour' TERM list (moneromooo-monero)
2019-12-12 13:40:09 -06:00
luigi1111
a61db51aae
Merge pull request #6027
9768e96 simplewallet: remove remaining payment id dead code (moneromooo-monero)
2019-12-12 13:38:00 -06:00
luigi1111
dad4cf121e
Merge pull request #6018
dce6f05 rpc: Only show version string if it matches expected pattern (ndorf)
3293780 daemon: Use rpc for 'version' command (ndorf)
2019-12-12 13:36:05 -06:00
luigi1111
3531cc5fd2
Merge pull request #5965
5d7ae2d Adding support for hidden (anonymity) txpool (vtnerd)
2019-12-12 13:32:35 -06:00
moneromooo-monero
987c3139dc
print_coinbase_tx_sum now supports 128 bits sums
The tail emission will bring the total above 64 bits
2019-12-12 01:56:59 +00:00
Howard Chu
c361303184
Silence miner debugmsg spam
Don't try to allocate the dataset repeatedly if it has already failed.
2019-12-09 15:59:52 +00:00
moneromooo-monero
d93e1dffa9
simplewallet: warn on refresh if refresh-from-block-height seems off 2019-12-09 14:09:39 +00:00
moneromooo-monero
a6a2ad6cac
simplewallet: set manual refresh mode in rescan_bc
This ensures we get asked for the password if needed
2019-12-07 13:57:26 +00:00
Jason Rhinelander
72ca7e3b0f Fix time comparison math
Dividing `dt` here by 1e6 converts it to seconds, but that is clearly
wrong since `REQUEST_NEXT_SCHEDULED_SPAN_THRESHOLD_STANDBY` is measured
in microseconds.  As a result, this if statement was effectively never
used.
2019-12-05 21:02:18 -04:00
naughtyfox
a2578892c0 --disable-ban-rpc option to prevent RPC users from banning 2019-12-04 17:45:27 +03:00
Bertrand Jacquin
021cf733c6
ssl: server-side: allow multiple version of TLS
boost::asio::ssl::context is created using specifically TLSv1.2, which
blocks the ability to use superior version of TLS like TLSv1.3.

Filtering is also made specially later in the code to remove unsafe
version for TLS such SSLv2, SSLv3 etc..

This change is removing double filtering to allow TLSv1.2 and above to
be used.

testssl.sh 3.0rc5 now reports the following (please note monerod was
built with USE_EXTRA_EC_CERT):

 $ ./testssl.sh --openssl=/usr/bin/openssl \
     --each-cipher --cipher-per-proto \
     --server-defaults --server-preference \
     --vulnerable --heartbleed --ccs --ticketbleed \
     --robot --renegotiation --compression --breach \
     --poodle --tls-fallback --sweet32 --beast --lucky13 \
     --freak --logjam --drown --pfs --rc4 --full \
     --wide --hints 127.0.0.1:38081

 Using "OpenSSL 1.1.1d  10 Sep 2019" [~80 ciphers]
 on ip-10-97-15-6:/usr/bin/openssl
 (built: "Dec  3 21:14:51 2019", platform: "linux-x86_64")

 Start 2019-12-03 21:51:25        -->> 127.0.0.1:38081 (127.0.0.1) <<--

 rDNS (127.0.0.1):       --
 Service detected:       HTTP

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing for server implementation bugs

 No bugs found.

 Testing cipher categories

 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered (OK)
 Average: SEED + 128+256 Bit CBC ciphers       not offered
 Strong encryption (AEAD ciphers)              offered (OK)

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4

 PFS is offered (OK), ciphers follow (client/browser support is important here)

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448

 Testing server preferences

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256

 Testing server defaults (Server Hello)

 TLS extensions (standard)    "renegotiation info/#65281" "EC point formats/#11" "supported versions/#43" "key share/#51" "max fragment length/#1" "extended master secret/#23"
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support       yes
 Session Resumption           Tickets no, ID: no
 TLS clock skew               Random values, no fingerprinting possible

  Server Certificate #1 (in response to request w/o SNI)
   Signature Algorithm          SHA256 with RSA
   Server key size              RSA 4096 bits
   Server key usage             --
   Server extended key usage    --
   Serial / Fingerprints        01 / SHA1 132E42981812F5575FA0AE64922B18A81B38C03F
                                SHA256 EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC
   Common Name (CN)             (no CN field in subject)
   subjectAltName (SAN)         missing (NOT ok) -- Browsers are complaining
   Issuer
   Trust (hostname)             certificate does not match supplied URI
   Chain of trust               NOT ok (self signed)
   EV cert (experimental)       no
   "eTLS" (visibility info)     not present
   Certificate Validity (UTC)   181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
   # of certificates provided   1
   Certificate Revocation List  --
   OCSP URI                     --
                                NOT ok -- neither CRL nor OCSP URI provided
   OCSP stapling                not offered
   OCSP must staple extension   --
   DNS CAA RR (experimental)    not offered
   Certificate Transparency     --

  Server Certificate #2 (in response to request w/o SNI)
   Signature Algorithm          ECDSA with SHA256
   Server key size              EC 256 bits
   Server key usage             --
   Server extended key usage    --
   Serial / Fingerprints        01 / SHA1 E17B765DD8124525B1407E827B89A31FB167647D
                                SHA256 AFB7F44B1C33831F521357E5AEEB813044CB02532143E92D35650A3FF792A7C3
   Common Name (CN)             (no CN field in subject)
   subjectAltName (SAN)         missing (NOT ok) -- Browsers are complaining
   Issuer
   Trust (hostname)             certificate does not match supplied URI
   Chain of trust               NOT ok (self signed)
   EV cert (experimental)       no
   "eTLS" (visibility info)     not present
   Certificate Validity (UTC)   181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
   # of certificates provided   1
   Certificate Revocation List  --
   OCSP URI                     --
                                NOT ok -- neither CRL nor OCSP URI provided
   OCSP stapling                not offered
   OCSP must staple extension   --
   DNS CAA RR (experimental)    not offered
   Certificate Transparency     --

 Testing HTTP header response @ "/"

 HTTP Status Code             404 Not found (Hint: supply a path which doesn't give a "404 Not found")
 HTTP clock skew              Got no HTTP time, maybe try different URL?
 Strict Transport Security    not offered
 Public Key Pinning           --
 Server banner                Epee-based
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             --
 Reverse Proxy banner         --

 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

 Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.3
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256

 Running client simulations (HTTP) via sockets

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 4.2.2                No connection
 Android 4.4.2                TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2   ECDHE-RSA-AES128-GCM-SHA256       256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2   ECDHE-RSA-AES128-GCM-SHA256       256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Android 8.1 (native)         No connection
 Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Chrome 74 (Win 10)           No connection
 Firefox 62 Win 7             TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Firefox 66 (Win 8.1/10)      TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       253 bit ECDH (X25519)
 Edge 17 (Win 10)             TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       253 bit ECDH (X25519)
 Opera 60 (Win 10)            No connection
 Safari 9 iOS 9               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8u161                   TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.1.0j (Debian)      TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 OpenSSL 1.1.1b (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Thunderbird (60.6)           TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
2019-12-03 22:02:16 +00:00
moneromooo-monero
94266eeb89
simplewallet: fix output age display with duplicate heights
The highlight check was based on height, so would highlight
any output at that height, resulting in several matches if
a fake out was picked at the same height as the real spend
2019-12-03 18:50:28 +00:00