Commit Graph

4369 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
eb3b5196e1
aezeed: add comprehensive, mostly property-based tests 2018-03-01 17:10:53 -08:00
Olaoluwa Osuntokun
ffac0336e6
aezeed: add new package implementing the aezeed cipher seed scheme
In this commit, we add a new package implementing the aezeed cipher
seed scheme. This is a new scheme developed that aims to overcome the
two major short comings of BIP39: a lack of a version, and a lack of a
wallet birthday. A lack a version means that wallets may not
necessarily know *how* to re-derive addresses during the recovery
process. A lack of a birthday means that wallets don’t know how far
back to look in the chain to ensure that they derive *all* the proper
user addresses.

The aezeed scheme addresses these two drawbacks and adds a number of
desirable features. First, we start with the following plaintext seed:
{1 byte internal version || 2 byte timestamp || 16 bytes of entropy}.

The version field is for wallets to be able to know *how* to re-derive
the keys of the wallet.

The 2 byte timestamp is expressed in Bitcoin Days Genesis, meaning that
the number of days since the timestamp in Bitcoin’s genesis block. This
allow us to save space, and also avoid using a wasteful level of
granularity. With the currently, this can express time up until 2188.

Finally, the entropy is raw entropy that should be used to derive
wallet’s HD root.

Next, we’ll take the plaintext seed described above and encipher it to
procure a final cipher text. We’ll then take this cipher text (the
CipherSeed) and encode that using a 24-word mnemonic. The enciphering
process takes a user defined passphrase. If no passphrase is provided,
then the string “aezeed” will be used.

To encipher a plaintext seed (19 bytes) to arrive at an enciphered
cipher seed (33 bytes), we apply the following operations:
   * First we take the external version an append it to our buffer. The
external version describes *how* we encipher. For the first version
(version 0), we’ll use scrypt(n=32768, r=8, p=1) and aezeed.
  * Next, we’ll use scrypt (with the version 9 params) to generate a
strong key for encryption. We’ll generate a 32-byte key using 5 bytes
as a salt. The usage of the salt is meant to make the creation of
rainbow tables infeasible.
  * Next, the enciphering process. We use aezeed, modern AEAD with
nonce-misuse resistance properties. The important trait we exploit is
that it’s an *arbitrary input length block cipher*. Additionally, it
has what’s essentially a configurable MAC size. In our scheme we’ll use
a value of 4, which acts as a 32-bit checksum. We’ll encrypt with our
generated seed, and use an AD of (version || salt). We'll them compute a
checksum over all the data, using crc-32, appending the result to the
end.
  * Finally, we’ll encode this 33-byte cipher text using the default
world list of BIP 39 to produce 24 english words.

The `aezeed` cipher seed scheme has a few cool properties, notably:
   * The mnemonic itself is a cipher text, meaning leaving it in
plaintext is advisable if the user also set a passphrase. This is in
contrast to BIP 39 where the mnemonic alone (without a passphrase) may
be sufficient to steal funds.
   * A cipherseed can be modified to *change* the passphrase. This
means that if the users wants a stronger passphrase, they can decipher
(with the old passphrase), then encipher (with a new passphrase).
Compared to BIP 39, where if the users used a passphrase, since the
mapping is one way, they can’t change the passphrase of their existing
HD key chain.
  * A cipher seed can be *upgraded*. Since we have an external version,
offline tools can be provided to decipher using the old params, and
encipher using the new params. In the future if we change ciphers,
change scrypt, or just the parameters of scrypt, then users can easily
upgrade their seed with an offline tool.
  * We're able to verify that a user has input the incorrect passphrase,
and that the user has input the incorrect mnemonic independently.
2018-03-01 17:10:50 -08:00
Olaoluwa Osuntokun
a9dc4f80f2
chainntnfs/neutrinonotify: log height hint for spend notifications 2018-03-01 16:49:28 -08:00
Olaoluwa Osuntokun
9479b085e2
Merge pull request #785 from brndnmtthws/master
Add more details on using macaroons with GRPC.
2018-02-28 19:27:13 -08:00
t4sk
55f751fd37 routing/router Fix FindRoutes in router test
In router_test FindRoutes is passing DefaultFinalCLTVDelta in place
where numPaths is expected. This commit passes a default numPaths for
function calls to FindRoutes so that final cltv delta are correctly
passed.
2018-02-28 19:25:19 -08:00
Brenden Matthews
37aa9759db
docs: Add details to macaroon usage with GRPC. 2018-02-28 16:19:48 -05:00
Brenden Matthews
eed0e9ac67
docs: Show macaroon usage with Java GRPC example. 2018-02-28 16:19:48 -05:00
Olaoluwa Osuntokun
f7ec490f44
Merge pull request #762 from halseth/fee-estimator
Add types for representing fee rates
2018-02-26 17:22:50 -08:00
John Griffith
0468f7b308 fundingmanager: Added additional test to check a pending channel
initiated by the user doesn't timeout.

Split assertNumPendingChannels into assertNumPendingChannelsRemains,
and assertNumPendingChannelsRemains to prevent possible false
positives passing tests
2018-02-26 16:44:34 -08:00
John Griffith
63ee31b83f fundingmanager: Added additional check so that pending channels don't
timeout for the channel initiator
2018-02-26 16:44:34 -08:00
Olaoluwa Osuntokun
7f04d927a0
rpc: fix queryroutes bug that assumed precise number of returned routes
In this commit, we fix a bug in the query routes RPC that could at
times lead to a panic. This would happen if the number of returned
routes was less than the number of expected routes. To remedy this,
we’ll return the minimum of the number of requested routes, and the
number of routes actually returned.
2018-02-26 16:31:50 -08:00
Johan T. Halseth
2db5e56754
lnwire: add todo for changing to SatPerKWeight for fee rates 2018-02-26 22:42:28 +01:00
Johan T. Halseth
b9f09a666d
lnd test: calculate channel reserve based on balance before fees 2018-02-26 22:42:27 +01:00
Johan T. Halseth
24d30e6495
peer test: remove var casting 2018-02-26 22:42:27 +01:00
Johan T. Halseth
f42c16b612
lnd test: ensure static fee is not rounded down 2018-02-26 22:42:27 +01:00
Johan T. Halseth
004563b20b
channeldb: add todo making feerate explicit type 2018-02-26 22:42:27 +01:00
Johan T. Halseth
dd6872da31
lnwallet test: add TestFeeRateTypes and TestStaticFeeEstimator 2018-02-26 22:42:27 +01:00
Johan T. Halseth
7b30425111
multi test: update tests/mocks to use EstimateFeePerVSize 2018-02-26 22:42:27 +01:00
Johan T. Halseth
ba3f3e1942
rpcserver: express fee rates using types 2018-02-26 22:42:27 +01:00
Johan T. Halseth
b9d1eceda3
peer: use EstimateFeePerVSize 2018-02-26 22:42:26 +01:00
Johan T. Halseth
d4cedc2917
breacharbiter: use EstimateFeePerVSize 2018-02-26 22:42:26 +01:00
Johan T. Halseth
e48d51db92
pilot: express fee rates using types, use EstimateFeePerVSize 2018-02-26 22:42:26 +01:00
Johan T. Halseth
3dc9e3c7d4
server: express fee rates using fee rate types 2018-02-26 22:42:26 +01:00
Johan T. Halseth
5f267bcc5b
utxonursery: use EstimateFeePerVSize 2018-02-26 22:42:26 +01:00
Johan T. Halseth
2a9aa092d8
fundingmanager: express fee rates using types, use EstimateFeePerVSize 2018-02-26 22:42:26 +01:00
Johan T. Halseth
3e12f823b2
chancloser: express fee rates in sat/vbyte 2018-02-26 22:42:26 +01:00
Johan T. Halseth
6d5c0679f4
chainregistry: express fee rates in sat/vbyte 2018-02-26 22:42:25 +01:00
Johan T. Halseth
166637bb55
contractcourt: use vsize fee estimate and new fee rate types 2018-02-26 22:42:25 +01:00
Johan T. Halseth
4d2a36dce8
htlcswitch tests: update tests to new FeeEstimator and fee rate types 2018-02-26 22:42:25 +01:00
Johan T. Halseth
80277c0517
htlcswitch: use fee rate types instead of btcutil.Amount for fee rates 2018-02-26 22:42:25 +01:00
Johan T. Halseth
d7834ca4eb
lnwallet tests: update tests to new FeeEstimator and fee rate types 2018-02-26 22:42:25 +01:00
Johan T. Halseth
1f839d2526
lnwallet/channel: denominate in fee rate types 2018-02-26 22:42:25 +01:00
Johan T. Halseth
e1bb762cf7
lnwallet: denominate in fee rate types 2018-02-26 22:42:25 +01:00
Johan T. Halseth
088d9bc42f
lnwallet: add VSize method for returning size from TxWeightEstimator 2018-02-26 22:42:24 +01:00
Johan T. Halseth
f6ac5658e2
lnwallet: make SendOutputs take feerate in SatPerVByte 2018-02-26 22:42:24 +01:00
Johan T. Halseth
68557e43c1
lnwallet: add feerate types, make estimator return sat/vbyte 2018-02-26 22:42:24 +01:00
Olaoluwa Osuntokun
158c78da60
lnd: remove invalid cipher suite 2018-02-26 13:29:19 -08:00
Olaoluwa Osuntokun
c846c4d2e0
lnd: correct typo in cipher suite sets, use sha2 2018-02-26 13:04:52 -08:00
Olaoluwa Osuntokun
94746c2d12
Merge pull request #780 from Roasbeef/brontide-reduce-allocs
brontide: reduce memory allocs by using static buf for next header+msg
2018-02-26 13:04:27 -08:00
Olaoluwa Osuntokun
0c16ab6b32
brontide: reduce memory allocs by using static buf for next header+msg
In this commit, we reduce the total number of allocations that a
brontide session will incur over its lifetime. Profiling on one of my
nodes showed that we were generating a lot of garbage due to
re-creating a 65KB buffer to read the next message each time the
ReadMessage method was called.

To reduce the total number of memory allocations, we’ll now simply
re-use a buffer for both the cipher text header, and the cipher text
itself.
2018-02-24 19:30:45 -08:00
Olaoluwa Osuntokun
e5f9b28e39
Merge pull request #776 from Roasbeef/rpc-ec-cert
lnd: switch to using ECC certs for the rpcserver
2018-02-24 13:14:54 -08:00
Olaoluwa Osuntokun
f7eeea71e2
lnd: switch to using ECC certs for the rpcserver
In this commit, we modify our initial cert generation to *only* generate
and advertise cipher suites that purely use ECC. We do this is as
switching to ECC results in much faster startup time for a fresh
installation, and is also more modern crypto.  # Please enter the commit
message for your changes. Lines starting
2018-02-23 18:24:23 -08:00
Olaoluwa Osuntokun
83b779dcdf
build: update glide to latest btcwallet
In this commit, we update glide to the latest version of btcwallet that
includes fixes for better fee estimation, and also fixes to ensure that
transaction broadcast is reliable across all current backend
implementations.
2018-02-23 16:48:51 -08:00
Olaoluwa Osuntokun
f815c6ca14
Merge pull request #774 from halseth/reservation-cancellation
Reservation cancellation during failing funding flow
2018-02-23 15:36:11 -08:00
Dave Kerr
5fd236c870 docs: update reason for using btcd fork
We require roasbeef's fork of btcd as it has the neutrino serving additions, but mainline btcd doesn't yet.
2018-02-23 15:27:23 -08:00
Johan T. Halseth
b0d1be282c
fundingmanager: cancel reservation if unable to send initial msg to peer 2018-02-23 15:41:32 +01:00
Johan T. Halseth
ff1dc2bbd4
funding: ensure we fail funding flow if unable to query wallet 2018-02-23 15:41:32 +01:00
Johan T. Halseth
00ea46d9ae
Merge pull request #767 from sangaman/master
zpay32: handle segwit prefixes > 2 chars
2018-02-21 14:42:47 +01:00
Johan T. Halseth
31ec79e7ae
Merge branch 'master' into master 2018-02-21 13:54:26 +01:00
Olaoluwa Osuntokun
1c3dbb2543
Merge pull request #771 from cfromknecht/report-double-spend-for-brar
lnwallet/btcwallet/btcwallet: adds extra double spend case
2018-02-20 22:06:19 -08:00