Commit graph

39957 commits

Author SHA1 Message Date
Ava Chow
411ba32af2
Merge bitcoin/bitcoin#24748: test/BIP324: functional tests for v2 P2P encryption
bc9283c441 [test] Add functional test to test early key response behaviour in BIP 324 (stratospher)
ffe6a56d75 [test] Check whether v2 TestNode performs downgrading (stratospher)
ba737358a3 [test] Add functional tests to test v2 P2P behaviour (stratospher)
4115cf9956 [test] Ignore BIP324 decoy messages (stratospher)
8c054aa04d [test] Allow inbound and outbound connections supporting v2 P2P protocol (stratospher)
382894c3ac  [test] Reconnect using v1 P2P when v2 P2P terminates due to magic byte mismatch (stratospher)
a94e350ac0 [test] Build v2 P2P messages (stratospher)
bb7bffed79 [test] Use lock for sending P2P messages in test framework (stratospher)
5b91fb14ab [test] Read v2 P2P messages (stratospher)
05bddb20f5 [test] Perform initial v2 handshake (stratospher)
a049d1bd08 [test] Introduce EncryptedP2PState object in P2PConnection (stratospher)
b89fa59e71 [test] Construct class to handle v2 P2P protocol functions (stratospher)
8d6c848a48 [test] Move MAGIC_BYTES to messages.py (stratospher)
595ad4b168 [test/crypto] Add ECDH (stratospher)
4487b80517 [rpc/net] Allow v2 p2p support in addconnection (stratospher)

Pull request description:

  This PR introduces support for v2 P2P encryption(BIP 324) in the existing functional test framework and adds functional tests for the same.

  ### commits overview
  1. introduces a new class `EncryptedP2PState` to store the keys, functions for performing the initial v2 handshake and encryption/decryption.
  3. this class is used by `P2PConnection` in inbound/outbound connections to perform the initial v2 handshake before the v1 version handshake. Only after the initial v2 handshake is performed do application layer P2P messages(version, verack etc..) get exchanged. (in a v2 connection)
      - `v2_state` is the object of class `EncryptedP2PState` in `P2PConnection` used to store its keys, session-id etc.
      - a node [advertising](https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md#advertising-to-support-v2-p2p) support for  v2 P2P is different from a node actually [supporting v2 P2P](https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md#supporting-v2-p2p) (differ when false advertisement of services occur)
          - introduce a boolean variable `supports_v2_p2p` in `P2PConnection` to denote if it supports v2 P2P.
          - introduce a boolean variable `advertises_v2_p2p` to denote whether `P2PConnection` which mimics peer behaviour advertises V2 P2P support. Default option is `False`.
      - In the test framework, you can create Inbound and Outbound connections to `TestNode`
          1. During **Inbound Connections**, `P2PConnection` is the initiator [`TestNode` <--------- `P2PConnection`]
              - Case 1:
                  - if the `TestNode` advertises/signals v2 P2P support (means `self.nodes[i]` set up with `"-v2transport=1"`), different behaviour will be exhibited based on whether:
                      1. `P2PConnection` supports v2 P2P
                      2. `P2PConnection` does not support v2 P2P
                 - In a real world scenario, the initiator node would intrinsically know if they support v2 P2P based on whatever code they choose to run. However, in the test scenario where we mimic peer behaviour, we have no way of knowing if `P2PConnection` should support v2 P2P or not. So `supports_v2_p2p` boolean variable is used as an option to enable support for v2 P2P in `P2PConnection`.
                - Since the `TestNode` advertises v2 P2P support (using "-v2transport=1"), our initiator `P2PConnection` would send:
                  1. (if the `P2PConnection` supports v2 P2P) ellswift + garbage bytes to initiate the connection
                  2. (if the `P2PConnection` does not support v2 P2P) version message to initiate the connection
             - Case 2:
                  - if the `TestNode` doesn't signal v2 P2P support; `P2PConnection` being the initiator would send version message to initiate a connection.
         2. During **Outbound Connections** [TestNode --------> P2PConnection]
             - initiator `TestNode` would send:
                  - (if the `P2PConnection` advertises v2 P2P) ellswift + garbage bytes to initiate the connection
                  - (if the `P2PConnection` advertises v2 P2P) version message to initiate the connection
            - Suppose `P2PConnection` advertises v2 P2P support when it actually doesn't support v2 P2P (false advertisement scenario)
                 - `TestNode` sends ellswift + garbage bytes
                 - `P2PConnection` receives but can't process it and disconnects.
                 - `TestNode` then tries using v1 P2P and sends version message
                 - `P2PConnection` receives/processes this successfully and they communicate on v1 P2P

  4. the encrypted P2P messages follow a different format - 3 byte length + 1-13 byte message_type + payload + 16 byte MAC
  5. includes support for testing decoy messages and v2 connection downgrade(using false advertisement - when a v2 node makes an outbound connection to a node which doesn't support v2 but is advertised as v2 by some malicious
  intermediary)

  ### run the tests
  * functional test - `test/functional/p2p_v2_encrypted.py` `test/functional/p2p_v2_earlykeyresponse.py`

  I'm also super grateful to @ dhruv for his really valuable feedback on this branch.
  Also written a more elaborate explanation here - https://github.com/stratospher/blogosphere/blob/main/integration_test_bip324.md

ACKs for top commit:
  naumenkogs:
    ACK bc9283c441
  mzumsande:
    Code Review ACK bc9283c441
  theStack:
    Code-review ACK bc9283c441
  glozow:
    ACK bc9283c441

Tree-SHA512: 9b54ed27e925e1775e0e0d35e959cdbf2a9a1aab7bcf5d027e66f8b59780bdd0458a7a4311ddc7dd67657a4a2a2cd5034ead75524420d58a83f642a8304c9811
2024-01-29 12:31:31 -05:00
fanquake
87fcc93acc
Merge bitcoin/bitcoin#27495: ci: Use LLVM 17.0.6 & DEBUG=1 in depends for MSAN jobs
8531e1e731 ci: Use DEBUG=1 in depends for MSAN jobs (fanquake)
800ddef6b9 ci: use LLVM 17.0.6 in MSAN jobs (fanquake)

Pull request description:

  Switch to using LLVM 17.0.6 and `DEBUG=1` in MSAN CI jobs.

ACKs for top commit:
  maflcko:
    lgtm ACK 8531e1e731

Tree-SHA512: 819889762aeb78f95c4f955978890c6d98884bed0c7ff97ec072f4c7c1119ee3e3268ccab795bb1c801d36a206e16c6c1195e7a2bc7af94b580d17e49c632161
2024-01-29 16:45:59 +00:00
fanquake
759195040a
Merge bitcoin/bitcoin#29329: fuzz: Print coverage summary after run_once
fab97d81ce fuzz: Print coverage summary after run_once (MarcoFalke)

Pull request description:

  This can be used to quickly check the coverage effects of a code change or qa-assets change.

ACKs for top commit:
  dergoegge:
    ACK fab97d81ce

Tree-SHA512: 0ac913c14698f39e76e0e7bf124f182220031796d6443edb34c6e4615e128157cf746da661b216c4640a41964e977249712445ca9c005b1b4a3737adabdb4a7d
2024-01-29 16:24:51 +00:00
MarcoFalke
fab97d81ce
fuzz: Print coverage summary after run_once 2024-01-29 15:24:29 +01:00
fanquake
478ac185be
Merge bitcoin/bitcoin#29298: depends: patch libool out of libnatpmp/miniupnpc
5b9d5bf866 depends: remove (darwin) libtool now that it's no longer used (Cory Fields)
3ef6563495 depends: use ar rather than libtool for miniupnpc/libnatpmp (Cory Fields)

Pull request description:

  An alternative to https://github.com/bitcoin/bitcoin/pull/29232

  Rather than switching to the CMake builds which [proved problematic](https://github.com/bitcoin/bitcoin/pull/29232#issuecomment-1898513919), do the quick and dirty thing of just patching out libtool. Doesn't seem to introduce any new issues.

  This should buy us time to upstream the necessary CMake fixes.

ACKs for top commit:
  TheCharlatan:
    ACK 5b9d5bf866
  fanquake:
    ACK 5b9d5bf866

Tree-SHA512: c75c4bcc9332d8c1fc3395e2b5fc7265849186afc7005700f662ab291e6ea1f111025fad733d0b0b39d35029d1b757d3f1937d63aad3c0c3b88d0f8ac902ee18
2024-01-29 12:09:13 +00:00
Ava Chow
5fbcc8f056
Merge bitcoin/bitcoin#29180: crypto: remove use of BUILD_BITCOIN_INTERNAL macro in sha256
bbf218d061 crypto: remove sha256_sse4 from the base crypto helper lib (Cory Fields)
4dbd0475d8 crypto: remove use of BUILD_BITCOIN_INTERNAL macro in sha256 (Cory Fields)

Pull request description:

  Replace it with a more explicit `DISABLE_OPTIMIZED_SHA256` and clean up some.

  The macro was originally used by libbitcoinconsensus which opts out of optimized sha256 for the sake of simplicity.

  Also remove the `BUILD_BITCOIN_INTERNAL` define from libbitcoinkernel for now as it does not export an api. When it does we can pick a less confusing define to control its exports.

  Removing the define should have the effect of enabling sha256 optimizations for the kernel.

ACKs for top commit:
  TheCharlatan:
    Re-ACK bbf218d061
  hebasto:
    re-ACK bbf218d061

Tree-SHA512: 7c17592bb2d3e671779f96903cb36887c5785408213bffbda1ae37b66e6bcfaffaefd0c1bf2d1a407060cd377e3d4881cde3a73c429a1aacb677f370314a066a
2024-01-26 18:56:41 -05:00
Ava Chow
ff0eac055f
Merge bitcoin/bitcoin#29283: test: ensure output is large enough to pay for its fees
3bfc5bd36e test: ensure output is large enough to pay for its fees (stickies-v)

Pull request description:

  Fixes a (rare) intermittency issue in wallet_import_rescan.py

  Since we [use](03752444cd/test/functional/wallet_import_rescan.py (L296)) `subtract_fee_from_outputs=[0]` in the `send` command, the output amount must at least be as large as the fee we're paying.

  Example in CI: https://api.cirrus-ci.com/v1/task/6107972259020800/logs/ci.log

  ```
  2024-01-18T22:16:12.383000Z TestFramework (INFO): Test that the mempool is rescanned as well if the rescan parameter is set to true
  2024-01-18T22:16:20.187000Z TestFramework (ERROR): JSONRPC error
  Traceback (most recent call last):
    File "/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/test_framework/test_framework.py", line 131, in main
      self.run_test()
    File "/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/wallet_import_rescan.py", line 292, in run_test
      child = self.nodes[1].send(
    File "/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/test_framework/coverage.py", line 50, in __call__
      return_val = self.auth_service_proxy_instance.__call__(*args, **kwargs)
    File "/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/test/functional/test_framework/authproxy.py", line 129, in __call__
      raise JSONRPCException(response['error'], status)
  test_framework.authproxy.JSONRPCException: The transaction amount is too small to pay the fee (-4)
  ```

  Can be reproduced locally by forcing usage of the lowest possible value produced by `get_rand_amount()` ([thanks furszy](https://github.com/bitcoin/bitcoin/pull/29283#pullrequestreview-1832956095)):

  <details>
  <summary>git diff on 5f3a0574c4</summary>

  ```diff
  diff --git a/test/functional/wallet_import_rescan.py b/test/functional/wallet_import_rescan.py
  index 7f01d23941..925849d5c0 100755
  --- a/test/functional/wallet_import_rescan.py
  +++ b/test/functional/wallet_import_rescan.py
  @@ -270,7 +270,7 @@ class ImportRescanTest(BitcoinTestFramework):
                   address_type=variant.address_type.value,
               ))
               variant.key = self.nodes[1].dumpprivkey(variant.address["address"])
  -            variant.initial_amount = get_rand_amount() * 2
  +            variant.initial_amount = Decimal(str(round(AMOUNT_DUST, 8))) * 2
               variant.initial_txid = self.nodes[0].sendtoaddress(variant.address["address"], variant.initial_amount)
               variant.confirmation_height = 0
               variant.timestamp = timestamp

  ```
  </details>

ACKs for top commit:
  achow101:
    ACK 3bfc5bd36e
  glozow:
    utACK 3bfc5bd36e, didn't experience this issue but in theory a minimum of `AMOUNT_DUST` could be too low to pay the fees
  furszy:
    utACK 3bfc5bd36

Tree-SHA512: 821ab94a510772e90528b2cef368bbf70309d8fd1dcda53dce75dd1bf91622358e80fea4d9fc68249b9d598892306c66f6c843b4a6855a9f9a9175f7b41109c6
2024-01-26 18:33:46 -05:00
Hennadii Stepanov
fa2bcf627b
Merge bitcoin-core/gui#789: Avoid non-self-contained Windows header
8023640a71 qt: Avoid non-self-contained Windows header (Hennadii Stepanov)

Pull request description:

  Using the `windows.h` header guarantees correctness regardless of the content of other headers.

  For more details, please refer to https://stackoverflow.com/questions/4845198/fatal-error-no-target-architecture-in-visual-studio

  Fixes the MSVC build when using the upcoming CMake-based build system and Qt packages installed via the vcpkg package manager.

  Related to https://github.com/hebasto/bitcoin/pull/77.

ACKs for top commit:
  theuni:
    ACK 8023640a71. It's not completely clear to me why this currently works, but I don't think it's worth wasting more time on. `windows.h` seems more correct regardless.

Tree-SHA512: 1c03f909943111fb2663f86d33ec9a947bc5903819e5bd94f436f6b0782d9f5c5d80d9cd3490674ecd8921b2981c509e97e41580bccc436f8b5c7db84b4e493c
2024-01-26 20:40:46 +00:00
Cory Fields
5b9d5bf866 depends: remove (darwin) libtool now that it's no longer used
Note that this is completely unrelated to gnu usage of libtool.
2024-01-26 19:52:52 +00:00
Cory Fields
3ef6563495 depends: use ar rather than libtool for miniupnpc/libnatpmp 2024-01-26 19:12:45 +00:00
fanquake
6bacd11b09
Merge bitcoin/bitcoin#29327: fuzz: also set MSAN_SYMBOLIZER_PATH
cf937b2068 fuzz: also set MSAN_SYMBOLIZER_PATH (fanquake)

Pull request description:

  Should resolve: https://github.com/bitcoin-core/qa-assets/issues/167.

ACKs for top commit:
  dergoegge:
    utACK cf937b2068

Tree-SHA512: a7670b5054c2c9ec830db2a4dd4d78d8a0ee7d793a80d32942d78b5e459015344040fa9ce9d73f4f23cd920d5ca2e65c110e201723e4935de8f57fda0b6d5ce7
2024-01-26 16:44:30 +00:00
fanquake
cf937b2068
fuzz: also set MSAN_SYMBOLIZER_PATH 2024-01-26 13:56:09 +00:00
fanquake
8531e1e731
ci: Use DEBUG=1 in depends for MSAN jobs
Followup to #27448, which was deffered, as it produces #27448 and
another similar issue in sqlite, see comment here:
https://github.com/bitcoin/bitcoin/pull/27448#issuecomment-1514902450.
2024-01-26 13:39:05 +00:00
fanquake
800ddef6b9
ci: use LLVM 17.0.6 in MSAN jobs 2024-01-26 13:38:52 +00:00
fanquake
e3b68b3b83
Merge bitcoin/bitcoin#28875: build: Pass sanitize flags to instrument libsecp256k1 code
cbea49c0d3 build: Pass sanitize flags to instrument `libsecp256k1` code (Hennadii Stepanov)

Pull request description:

  This PR is a revived https://github.com/bitcoin/bitcoin/pull/27991 with an addressed [comment](https://github.com/bitcoin/bitcoin/pull/27991#discussion_r1252148488).

  Fixes https://github.com/bitcoin/bitcoin/issues/27990.

  Might be tested as follows:
  ```
  $ ./autogen.sh && ./configure --enable-fuzz --with-sanitizers=fuzzer CC=clang-13 CXX=clang++-13
  $ make clean > /dev/null && make
  $ objdump --disassemble=secp256k1_xonly_pubkey_serialize src/test/fuzz/fuzz | grep __sanitizer_cov
   1953bd0:e8 bb c6 05 ff       call   9b0290 <__sanitizer_cov_trace_const_cmp8>
   1953d32:e8 69 c4 05 ff       call   9b01a0 <__sanitizer_cov_trace_pc_indir>
   1953d58:e8 43 c4 05 ff       call   9b01a0 <__sanitizer_cov_trace_pc_indir>
   1953d82:e8 19 c4 05 ff       call   9b01a0 <__sanitizer_cov_trace_pc_indir>
  ```

ACKs for top commit:
  fanquake:
    ACK cbea49c0d3
  dergoegge:
    reACK cbea49c0d3

Tree-SHA512: 801994e75b711d20eaf0d675f378da07d693f4a7de026efd93860f5f1deabed855a83eca3561725263e4fe605fcc5f91eb73c021ec91c831864e6deb575e3885
2024-01-26 11:31:34 +00:00
Ava Chow
717103bcce
Merge bitcoin/bitcoin#29315: refactor: Compile unreachable walletdb code
fa3373d3ad refactor: Compile unreachable code (MarcoFalke)

Pull request description:

  When unreachable code isn't compiled, compile failures are not detected.

  Fix this by leaving it unreachable, but compiling it.

  Fixes https://github.com/bitcoin/bitcoin/pull/28999#discussion_r1465010916

ACKs for top commit:
  achow101:
    ACK fa3373d3ad
  ryanofsky:
    Code review ACK fa3373d3ad. This looks good, and should prevent code in the else blocks from accidentally breaking.

Tree-SHA512: 3a3764915dfc935bf5d7a48f1ca151dcbac340c1cbdce8236b24ae9b4f04d6ee9771ed058ca60bcbca6e19d13671de3517f828a8f7ab6444c7cc4e3538d1ba4e
2024-01-25 17:16:09 -05:00
Ava Chow
36720994a4
Merge bitcoin/bitcoin#20827: During IBD, prune as much as possible until we get close to where we will eventually keep blocks
d298ff8b62 During IBD, prune as much as possible until we get close to where we will eventually keep blocks (Luke Dashjr)

Pull request description:

  This should reduce pruning flushes even more, speeding up IBD with pruning on systems that have a sufficient dbcache.

  Assumes 1 MB per block between tip and best header chain. Simply adds this to the buffer pruning is trying to leave available, which results in pruning almost everything up until we get close to where we need to be keeping blocks.

ACKs for top commit:
  andrewtoth:
    ACK d298ff8b62
  fjahr:
    utACK d298ff8b62
  achow101:
    ACK d298ff8b62

Tree-SHA512: 2a482376bfb177e2ba7c2f0bb0b58b02efdb38b34755a18d1fc3e869df5959c85b6f1009e1386fa8b89c4f90d520383e36bd3e21dec221042315134efb1a455b
2024-01-25 15:20:17 -05:00
fanquake
ac923e70e7
Merge bitcoin/bitcoin#29287: depends: Do not override CFLAGS when building SQLite with DEBUG=1
5fb8f0f80f depends: Do not override CFLAGS when building SQLite with DEBUG=1 (Hennadii Stepanov)
2b0dd88f1c depends: Ensure definitions are passed when building SQLite with DEBUG=1 (Hennadii Stepanov)

Pull request description:

  The `--enable-debug` configure option for the SQLite package does two things:
  ```autoconf
  #-----------------------------------------------------------------------
  #   --enable-debug
  #
  AC_ARG_ENABLE(debug, [AS_HELP_STRING(
    [--enable-debug], [build with debugging features enabled [default=no]])],
    [], [])
  AC_MSG_CHECKING([Build type])
  if test x"$enable_debug" = "xyes"; then
    BUILD_CFLAGS="$BUILD_CFLAGS -DSQLITE_DEBUG -DSQLITE_ENABLE_SELECTTRACE -DSQLITE_ENABLE_WHERETRACE"
    CFLAGS="-g -O0"
    AC_MSG_RESULT([debug])
  else
    AC_MSG_RESULT([release])
  fi
  #-----------------------------------------------------------------------
  ```

  It adds three preprocessor definitions and overrides `CFLAGS` with `"-g -O0"`. The latter breaks the user's ability to provide sanitizer and LTO flags.

  This PR might be especially useful for OSS-Fuzz where `DEBUG=1` has been used since https://github.com/google/oss-fuzz/pull/10503.

  Also it makes a workaround for building SQLite for 32-bit unneeded. For details, please refer to https://github.com/hebasto/oss-fuzz/tree/240120-sqlite.

  Changes in https://github.com/bitcoin/bitcoin/pull/29282 might not be strictly required now. However, I consider them an improvement.

ACKs for top commit:
  fanquake:
    ACK 5fb8f0f80f - downstream is also green, so i'll fixup the PR there.

Tree-SHA512: 8593d8a0237ebb270d5da763fb65ed642ab8ed0d44e57704a34154621f49e3d5c58b462cc0070251fa1ba556c58a3c7d3620530d6839dc6dc9e0887010330eca
2024-01-25 15:46:56 +00:00
MarcoFalke
fa3373d3ad
refactor: Compile unreachable code
When unreachable code isn't compiled, compile failures are not detected.

Fix this by leaving it unreachable, but compiling it.

Fixes https://github.com/bitcoin/bitcoin/pull/28999#discussion_r1465010916

Can be reviewed with --ignore-all-space
2024-01-25 16:25:55 +01:00
fanquake
7699a1aab8
Merge bitcoin/bitcoin#29313: ci: Update cache action
ec25e74542 ci: Update cache action (Hennadii Stepanov)

Pull request description:

  This PR fixes deprecation [warnings](https://github.com/bitcoin/bitcoin/actions/runs/7652979339) for Node.js 16 actions in the GHA CI:
  ![image](https://github.com/bitcoin/bitcoin/assets/32963518/ea7b0708-8b2f-446f-a16d-ecc2c8a1da45)

  See:
  - https://github.com/marketplace/actions/cache
  - https://github.com/actions/cache/releases/tag/v4.0.0

Top commit has no ACKs.

Tree-SHA512: 48503abab5d188d6fac2a1ead62512c217a831f611c4dce0e05666d72fac4db26f947cbe9a42fda0307cbdcb9aa0bd4b4d7a15ac2c14c757f92ba2916da0020b
2024-01-25 14:23:41 +00:00
Hennadii Stepanov
5fb8f0f80f
depends: Do not override CFLAGS when building SQLite with DEBUG=1
The `--enable-debug` configure option for the SQLite package does two
things. It adds three preprocessor definitions and overrides CFLAGS with
"-g -O0". The latter breaks the user's ability to provide sanitizer and
LTO flags.
2024-01-25 12:25:27 +00:00
Hennadii Stepanov
2b0dd88f1c
depends: Ensure definitions are passed when building SQLite with DEBUG=1
The SQLite build system overrides the `CFLAGS` when is configured with
the `--enable-debug` option.
2024-01-25 12:23:49 +00:00
Hennadii Stepanov
ec25e74542
ci: Update cache action
This change fixes deprecation warnings for Node.js 16 actions in the GHA
CI.

See:
- https://github.com/marketplace/actions/cache
- https://github.com/actions/cache/releases/tag/v4.0.0
2024-01-25 11:55:57 +00:00
Hennadii Stepanov
8023640a71
qt: Avoid non-self-contained Windows header
Using the `windows.h` header guarantees correctness regardless of the
content of other headers.
For more details, please refer to https://stackoverflow.com/questions/4845198/fatal-error-no-target-architecture-in-visual-studio

Fixes the MSVC build when using the upcoming CMake-based build system
and Qt packages installed via the vcpkg package manager.
2024-01-25 10:26:26 +00:00
fanquake
4ad83ef09b
Merge bitcoin/bitcoin#29205: build: always set -g -O2 in CORE_CXXFLAGS
00c1e2aa44 build: fix optimisation flags used for --coverage (fanquake)
1dc2c9b385 ci: cleanup C*FLAG usage in Valgrind jobs (fanquake)
6cc2a38c13 build: add sanitizer flags to configure output (fanquake)
08cd5aca18 build: always set -g -O2 in CORE_CXXFLAGS (fanquake)

Pull request description:

  Rather than trying to sporadically rely on / override Autoconf default behaviour. Just always override (if unset), and always set the flags we want (which are the same as the Autoconf defaults).

  Removes the need for duplicate code to clear (if not overridden) `CXXFLAGS`.

  Fixes cases of "missing" `-O2`. i.e this PR when running a Valgrind CI job with changes here:
  ```bash
  CXXFLAGS        =  -g -O2  -fdebug-prefix-map=$(abs_top_srcdir)=.  -Wstack-protector -fstack-protector-all -mbranch-protection=bti   -Werror  -fsanitize=fuzzer  -gdwarf-4
  ```

  Fixes configure output to reflect actual compilation flag ordering, so it's useful.

  Note that if we do still end up with a duplicate "-g -O2" when compiling, that has no effect, and I don't really thinks it's something worth trying to optimize.

ACKs for top commit:
  TheCharlatan:
    lgtm ACK 00c1e2aa44
  hebasto:
    ACK 00c1e2aa44, I have reviewed the code and it looks OK. Also tested `ci/test/00_setup_env_native_valgrind.sh`.
  theuni:
    ACK 00c1e2aa44

Tree-SHA512: cf6c7acf813ba10b198561e83eb72e9b2532a39cb1767c452d031e82921dcd42a47b129735b24c4e36131fd0c8fe7457f7cae870c1e011cdfdd430bdc4d4912b
2024-01-25 10:12:56 +00:00
stratospher
bc9283c441 [test] Add functional test to test early key response behaviour in BIP 324
- A node initiates a v2 connection by sending 64 bytes ellswift
- In BIP 324 "The responder waits until one byte is received which does not match the
  V1_PREFIX (16 bytes consisting of the network magic followed by "version\x00\x00\x00\x00\x00".)"
- It's possible that the 64 bytes ellswift sent by an initiator starts with a prefix of V1_PREFIX
- Example form of 64 bytes ellswift could be:
	4 bytes network magic + 60 bytes which aren't prefixed with remaining V1_PREFIX
- We test this behaviour:
	- when responder receives 4 byte network magic -> no response received by initiator
	- when first mismatch happens -> response received by initiator
2024-01-25 11:12:15 +05:30
stratospher
ffe6a56d75 [test] Check whether v2 TestNode performs downgrading 2024-01-25 11:10:50 +05:30
stratospher
ba737358a3 [test] Add functional tests to test v2 P2P behaviour 2024-01-25 11:10:50 +05:30
stratospher
4115cf9956 [test] Ignore BIP324 decoy messages
Also allow P2PConnection::send_message() to send decoy messages for
writing tests.
2024-01-25 11:10:50 +05:30
stratospher
8c054aa04d [test] Allow inbound and outbound connections supporting v2 P2P protocol
- Add an optional `supports_v2_p2p` parameter to specify if the inbound
and outbound connections support v2 P2P protocol.
- In the `addconnection_callback` which gets called when creating
outbound connections, call the `addconnection` RPC with v2 P2P protocol
support enabled.
2024-01-25 11:10:50 +05:30
stratospher
382894c3ac [test] Reconnect using v1 P2P when v2 P2P terminates due to magic byte mismatch
- When a v2 TestNode makes an outbound connection to a P2PInterface node
which doesn't support v2 but is advertised as v2 by some malicious
intermediary, the TestNode sends 64 bytes ellswift. The v1 node doesn't
understand this and disconnects. Then the v2 TestNode reconnects by
sending a v1/version message.
2024-01-25 11:10:48 +05:30
stratospher
a94e350ac0 [test] Build v2 P2P messages 2024-01-25 11:09:52 +05:30
stratospher
bb7bffed79 [test] Use lock for sending P2P messages in test framework
Messages are built, encrypted and sent over the socket in v2
connections. If a race condition happens between python's main
thread and p2p thread with both of them trying to send a message,
it's possible that the messages get encrypted with wrong keystream.

Messages are built and sent over the socket in v1 connections.
So there's no problem if messages are sent in the wrong order.

Co-authored-by: Martin Zumsande <mzumsande@gmail.com>
Co-authored-by: theStack <sebastian.falbesoner@gmail.com>
2024-01-25 11:09:52 +05:30
stratospher
5b91fb14ab [test] Read v2 P2P messages 2024-01-25 11:09:52 +05:30
stratospher
05bddb20f5 [test] Perform initial v2 handshake 2024-01-25 11:09:52 +05:30
stratospher
a049d1bd08 [test] Introduce EncryptedP2PState object in P2PConnection
Instantiate this object when the connection supports v2 P2P transport
protocol.

- When a P2PConnection is opened, perform initiate_v2_handshake() if the
connection is an initiator. application layer messages are only sent after
the initial v2 handshake is over (for both initiator and responder).
2024-01-25 11:09:50 +05:30
Ava Chow
207220ce8b
Merge bitcoin/bitcoin#29302: wallet: clarify replaced_by_txid and replaces_txid in help output
ff54314d4a wallet: clarify replaced_by_txid and replaces_txid in help output (marco)

Pull request description:

  Resolves issue #27781

ACKs for top commit:
  achow101:
    ACK ff54314d4a
  ryanofsky:
    Code review ACK ff54314d4a. Seems like a helpful clarification

Tree-SHA512: b13a0e24505dfaee083467ac6f357b96460b5d1841dc29c4df4a503c290d379cef3d50fcc76f33bbc95741f484dd9d2461b0c2e8bdebf57a8a72edfbeece2a79
2024-01-24 13:04:27 -05:00
fanquake
ea4ddd8652
Merge bitcoin/bitcoin#29304: fuzz: Exit and log stderr for parse_test_list errors
9d09c873a5 fuzz: Exit and log stderr for parse_test_list errors (dergoegge)

Pull request description:

  We should log all errors that occur when attempting to print the harness list in the fuzz test runner.

ACKs for top commit:
  maflcko:
    lgtm ACK 9d09c873a5

Tree-SHA512: 50471b732c8cbe287dacba14487e7c8a5826f146432d93aa3bb55d063a8ba158d01641d6cb1360241dd4cd54ef5e045b0412f9cc34d06c181134921d1f1ceced
2024-01-24 15:14:16 +00:00
dergoegge
9d09c873a5 fuzz: Exit and log stderr for parse_test_list errors 2024-01-24 11:42:30 +00:00
stratospher
b89fa59e71 [test] Construct class to handle v2 P2P protocol functions
The class `EncryptedP2PState` stores the 4 32-byte keys, session id,
garbage terminators, whether it's an initiator/responder, whether the
initial handshake has been completed etc.. It also contains functions
to perform the v2 handshake and to encrypt/decrypt p2p v2 messages.

- In an inbound connection to TestNode, P2PConnection is the initiator
and `initiate_v2_handshake()`, `complete_handshake()`, `authenticate_handshake()`
are called on it. [ TestNode <----------------- P2PConnection ]

- In an outbound connection from TestNode, P2PConnection is the responder
and `respond_v2_handshake()`, `complete_handshake()`, `authenticate_handshake()`
are called on it. [ TestNode -----------------> P2PConnection ]
2024-01-24 11:51:47 +05:30
marco
ff54314d4a wallet: clarify replaced_by_txid and replaces_txid in help output 2024-01-23 17:34:16 -07:00
Ava Chow
e69796c79c
Merge bitcoin/bitcoin#28560: wallet, rpc: FundTransaction refactor
18ad1b9142 refactor: pass CRecipient to FundTransaction (josibake)
5ad19668db refactor: simplify `CreateRecipients` (josibake)
47353a608d refactor: remove out param from `ParseRecipients` (josibake)
f7384b921c refactor: move parsing to new function (josibake)
6f569ac903 refactor: move normalization to new function (josibake)
435fe5cd96 test: add tests for fundrawtx and sendmany rpcs (josibake)

Pull request description:

  ## Motivation

  The primary motivation for this PR is to enable `FundTransaction` to take a vector of `CRecipient` objects to allow passing BIP352 silent payment addresses to RPCs that use `FundTransaction` (e.g. `send`, `walletcreatefundedpsbt`). To do that, SFFO logic needs to be moved out of `FundTransaction` so the `CRecipient` objects with the correct SFFO information can be created and then passed to `FundTransaction`.

  As a secondary motivation, this PR moves the SFFO stuff closer to the caller, making the code cleaner and easier to understand. This is done by having a single function which parses RPC inputs for SFFO and consistently using the `set<int>` method for communicating SFFO.

  I'm also not convinced we need to pass a full `CMutableTx` object to `FundTransaction`, but I'm leaving that for a follow-up PR/discussion, as its not a blocker for silent payments.

ACKs for top commit:
  S3RK:
    reACK 18ad1b9142
  josibake:
    > According to my `range-diff` nothing changed. reACK [18ad1b9](18ad1b9142)
  achow101:
    ACK 18ad1b9142

Tree-SHA512: d61f017cf7d98489ef216475b68693fd77e7b53a26a6477dcd73e7e5ceff5036b2d21476e377839e710bb73644759d42c4f9f4b14ed96b3e56ed87b07aa6d1a7
2024-01-23 16:40:58 -05:00
Ava Chow
2f218c664b
Merge bitcoin/bitcoin#28921: multiprocess: Add basic type conversion hooks
6acec6b9ff multiprocess: Add type conversion code for UniValue types (Ryan Ofsky)
0cc74fce72 multiprocess: Add type conversion code for serializable types (Ryan Ofsky)
4aaee23921 test: add ipc test to test multiprocess type conversion code (Ryan Ofsky)

Pull request description:

  Add type conversion hooks to allow `UniValue` objects, and objects that have `CDataStream` `Serialize` and `Unserialize` methods to be used as arguments and return values in Cap'nProto interface methods. Also add unit test to verify the hooks are working and data can be round-tripped correctly.

  The non-test code in this PR was previously part of #10102 and has been split off for easier review, but the test code is new.

  ---

  This PR is part of the [process separation project](https://github.com/bitcoin/bitcoin/issues/28722).

ACKs for top commit:
  achow101:
    ACK 6acec6b9ff
  dergoegge:
    reACK 6acec6b9ff

Tree-SHA512: 5d2cbc5215d488b876d34420adf91205dabf09b736183dcc85aa86255e3804c2bac5bab6792dacd585ef99a1d92cf29c8afb3eb65e4d953abc7ffe41994340c6
2024-01-23 16:22:29 -05:00
Ava Chow
874c8bdb9e
Merge bitcoin/bitcoin#29144: init: handle empty settings file gracefully
e9014042a6 settings: add auto-generated warning msg for editing the file manually (furszy)
966f5de99a init: improve corrupted/empty settings file error msg (furszy)

Pull request description:

  Small and simple issue reported [here](https://community.umbrel.com/t/bitcoin-docker-container-keeps-restarting/2144).

  Improving a confusing situation reported by users who did not understand why a
  settings parsing error occurred when the file was empty and did not know how to solve it.

  Empty setting file could be due (1) corruption or (2) an user manually cleaning up the file content.
  In both scenarios, the 'Unable to parse settings file' error does not help the user move forward.

ACKs for top commit:
  achow101:
    ACK e9014042a6
  hebasto:
    re-ACK e9014042a6.
  ryanofsky:
    Code review ACK e9014042a6. Just whitespace formatting changes and shortening a test string literal since last review
  shaavan:
    Code review ACK e9014042a6

Tree-SHA512: 2910654c6b9e9112de391eedb8e46980280f822fa3059724dd278db7436804dd27fae628d2003f2c6ac1599b07ac5c589af016be693486e949f558515e662bec
2024-01-23 15:14:03 -05:00
Ava Chow
6f732ffc3c
Merge bitcoin/bitcoin#28774: wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it
32a9f13cb8 wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it (Vasil Dimov)

Pull request description:

  `CWallet::GetEncryptionKey()` would return a reference to the internal
  `CWallet::vMasterKey`, guarded by `CWallet::cs_wallet`, which is unsafe.

  Returning a copy would be a shorter solution, but could have security
  implications of the master key remaining somewhere in the memory even
  after `CWallet::Lock()` (the current calls to
  `CWallet::GetEncryptionKey()` are safe, but that is not future proof).

  So, instead of `EncryptSecret(m_storage.GetEncryptionKey(), ...)`
  change the `GetEncryptionKey()` method to provide the encryption
  key to a given callback:
  `m_storage.WithEncryptionKey([](const CKeyingMaterial& k) { EncryptSecret(k, ...); })`

  This silences the following (clang 18):

  ```
  wallet/wallet.cpp:3520:12: error: returning variable 'vMasterKey' by reference requires holding mutex 'cs_wallet' [-Werror,-Wthread-safety-reference-return]
   3520 |     return vMasterKey;
        |            ^
  ```

  ---
  _Previously this PR modified both ArgsManager and wallet code. But the ArgsManager commit 856c88776f was merged in https://github.com/bitcoin/bitcoin/pull/29040 so now this only affects wallet code. The previous PR description was:_

  Avoid this unsafe pattern from `ArgsManager` and `CWallet`:

  ```cpp
  class A
  {
      Mutex mutex;
      Foo member GUARDED_BY(mutex);
      const Foo& Get()
      {
          LOCK(mutex);
          return member;
      } // callers of `Get()` will have access to `member` without owning the mutex.
  ```

ACKs for top commit:
  achow101:
    ACK 32a9f13cb8
  ryanofsky:
    Code review ACK 32a9f13cb8. This seems like a potentially real race condition, and the fix here is pretty simple.
  furszy:
    ACK 32a9f13c

Tree-SHA512: 133da84691642afc1a73cf14ad004a7266cb4be1a6a3ec634d131dca5dbcdef52522c1d5eb04f5b6c4e06e1fc3e6ac57315f8fe1e207b464ca025c2b4edefdc1
2024-01-23 15:05:23 -05:00
Ava Chow
7cb7759b25
Merge bitcoin/bitcoin#29272: wallet: fix coin selection tracing to return -1 when no change pos
d55fdb1a49 Move TRACEx parameters to seperate lines (Richard Myers)
2d58629ee6 wallet: fix coin selection tracing to return -1 when no change pos (Richard Myers)

Pull request description:

  This is a bugfix for from when [optional was introduced](758501b713)  for `change_pos` in the wallet. When optional `change_pos` is unset, we should return -1 and not 0.

  I added two new checks to the `test/functional/interface_usdt_coinselection.py` which adds coverage for the situations when `normal_create_tx_internal` and `aps_create_tx_internal` events occur with no change.

  You can reproduce this bug using the coin-selection-simulation scripts as described in [issue #16](https://github.com/achow101/coin-selection-simulation/issues/16). You can also run the `interface_usdt_coinselection.py` test  without the changes to `wallet/spend.cpp`.

ACKs for top commit:
  0xB10C:
    ACK d55fdb1a49
  achow101:
    ACK d55fdb1a49
  murchandamus:
    ACK d55fdb1a49

Tree-SHA512: 6efac3b756bdf51debbcb759dc3c4b7a4304626bc047b70025cec02f3a04937ace7712e9558ac71e560fd136005a98c518ac5bb4b90c3282d776beccd0de9749
2024-01-23 14:33:43 -05:00
fanquake
f1ab078ed7
Merge bitcoin/bitcoin#29276: depends: Update libmultiprocess library to fix C++20 macos build error
b8105b3ed7 depends: Update libmultiprocess library to fix C++20 macos build error (Ryan Ofsky)

Pull request description:

  Fixes #29248

  The std::result_of type was removed in c++20, but was being referenced in some old, unused code in the library. The issue was fixed in:

  - https://github.com/chaincodelabs/libmultiprocess/pull/91

  This update also includes other recent libmultiprocess changes to improve C++20 support and fix build issues:

  - https://github.com/chaincodelabs/libmultiprocess/pull/89
  - https://github.com/chaincodelabs/libmultiprocess/pull/90
  - https://github.com/chaincodelabs/libmultiprocess/pull/93

ACKs for top commit:
  fanquake:
    ACK b8105b3ed7.

Tree-SHA512: 2ca64b5fc27be752baba38df4b4faf62152e18c70ead6e0e063f1cb0c25dd5d924dec7ebfd7f8bbd651ae50eb35e8d8b591a9847c36f22558b5f5effccf56536
2024-01-23 17:06:57 +00:00
fanquake
8c9dceb962
Merge bitcoin/bitcoin#29291: Add test for negative transaction version w/ CSV to tx_valid.json
97181decf5 Add test for negative transaction version w/ CSV to tx_valid.json (Chris Stewart)

Pull request description:

  This PR adds a static test vector corresponding to the bug found in various implementations of the bitcoin protocol discovered by dergoegge

  For more information see:

  https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455

ACKs for top commit:
  darosior:
    ACK 97181decf5
  dergoegge:
    ACK 97181decf5

Tree-SHA512: 92bbcd3cd10a569757b4de91e1b2bcfebc2b75ddb0160be36d8e512a6fa4623cced1aba93bd1cc044962cd2b10e1d184ef109ccdfe3cfcf85cf4b9585d80d115
2024-01-23 16:53:37 +00:00
stratospher
8d6c848a48 [test] Move MAGIC_BYTES to messages.py
This avoids circular dependency happening when importing MAGIC_BYTES.
Before,
	p2p.py <--import for EncryptedP2PState-- v2_p2p.py
	  |					    ^
	  |				            |
	  └---------import for MAGIC_BYTES----------┘
Now, MAGIC_BYTES are kept separately in messages.py

Co-authored-by: Martin Zumsande <mzumsande@gmail.com>
2024-01-23 22:04:55 +05:30
stratospher
595ad4b168 [test/crypto] Add ECDH
Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
2024-01-23 22:04:55 +05:30