Descriptor checksums #15368
Descriptor checksums #15368
Conversation
|
Can a motivation for the placement be given? Accidentally eliding it for whatever reason neuters the protection while still maintaining a valid descriptor, but clearly it seems simpler from an implementation and compatibility perspective. |
|
@gsanders Well for critical RPCs the plan is that the checksum won't be optional. I just haven't included that in this PR as it means adapting a bunch of tests, which I only want to do once the checksum algorithm is final. |
|
Concept ACK |
|
Concept ACK. It'd be nice to read a draft to update doc/descriptors.md. |
|
Added a section to |
There was a problem hiding this comment.
Concept ACK, will review shortly. Agree that deriveaddress and importmulti should require a checksum. The introduction of getdescriptorinfo means there's no need to make that opt-out.
Do I understand correctly that the checksum is either based on the canonical form, i.e. based on public keys, or skips keys altogether (but that seems suboptimal when these keys are not in checksummed xpub form)? Otherwise the result of getdescriptorinfo could be confusing if you feed it an xpriv.
Maybe return a warning if a user does provide an xpriv that they should clear their shell command history (and generally recommend either not doing that, or providing a safer method like #15346).
|
The surrounding code looks good other than the comments above, haven't reviewed the actual checksum code itself yet |
|
lightly tested ACK, code changes look good to me, haven't checked any of the magic numbers in |
sipa
force-pushed
the
201902_descsum
branch
6 times, most recently
from
1f4aad9 to
5a04daf
Compare
|
Several changes:
|
sipa
force-pushed
the
201902_descsum
branch
3 times, most recently
from
36694bb to
d62fba0
Compare
|
Breaks Travis due to #14918. |
Sjors
left a comment
Sjors
left a comment
There was a problem hiding this comment.
tACK 4f95087 modulo RPC help syntax
I can't vouch for the actual math, but the documentation, Sage code, tests and Python re-implementation are comforting. One way, perhaps overkill, to sanity check that the checksum works as intended is to generate a whole bunch of deterministic typos and see that they are indeed detected.
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
| * - As many alphabetic characters are in the same group (while following the above restrictions). | ||
| * | ||
| * If p(x) gives the position of a character c in this character set, every group of 3 characters | ||
| * (a,b,c) is encoded as the 4 symbols (p(a) & 31, p(b) & 31, p(c) & 31, (p(a) / 32) + 3 * (p(b) / 32) + 9 * (p(c) / 32). |
There was a problem hiding this comment.
I'm not sure if I'm reading this wrong, but isn't the fourth symbol in the wrong order, shouldn't this be (p(c) / 32) + 3 * (p(b) / 32) + 9 * (p(a) / 32)?
|
utACK fd637be |
fd637be Add checksums to descriptors.md (Pieter Wuille) be62903 Make descriptor checksums mandatory in deriveaddresses and importmulti (Pieter Wuille) b52cb63 Add getdescriptorinfo to compute checksum (Pieter Wuille) 3b40bff Descriptor checksum (Pieter Wuille) Pull request description: This adds support for a descriptor-specific 8-character checksum. Descriptors may optionally be suffixed with a `#` plus these 8 checksum characters. Any descriptor that contains a `#` at the end must be followed by a valid checksum. If the `#` is missing entirely, it is valid without checksum. All RPCs are updated to report descriptors that include the checksum. On input, they are optional except in `deriveaddress` and `importmulti`, which require descriptors which include a checksum. A new RPC is also added to analyse descriptors (`getdescriptorinfo`), which can be used to compute the checksum for a descriptor without. Tree-SHA512: a8294b09155eb6c67fbc178b5e2d3fbc0e9bec8b6de57a13f8835550d51c2cb32a428b3c9a188ded42b454d594e9305edbd4797906b755de77a8f33c79165f6b
cbf2d75 qa: Add getdescriptorinfo functional test (João Barbosa) Pull request description: The `getdescriptorinfo` RPC was added in #15368, this PR adds some tests. Top commit has no ACKs. Tree-SHA512: 5bf3fb5842b975089821c7ac52202ecb23df255f655862646eb532e38e335ff963f8973bcf5b8bba386183281dc9bfe7279ba1cf25fd518c9a45fb45a9243e4d
Summary: bitcoin/bitcoin@3b40bff --- Partial backport of Core [[bitcoin/bitcoin#15368 | PR15368]] Test Plan: ninja check test_runner.py rpc_scantxoutset.py Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D6600
Summary: bitcoin/bitcoin@b52cb63 --- Depends on D6600 Partial backport of Core [[bitcoin/bitcoin#15368 | PR15368]] Test Plan: ninja test_runner.py wallet_address_types Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D6601
…es and importmulti Summary: bitcoin/bitcoin@be62903 --- Depends on D6601 Partial backport of Core [[bitcoin/bitcoin#15368 | PR15368]] Test Plan: ninja test_runner.py rpc_deriveaddresses wallet_importmulti Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D6602
Summary: bitcoin/bitcoin@fd637be --- Depends on D6602 Concludes backport of Core [[bitcoin/bitcoin#15368 | PR15368]] Test Plan: none Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D6609
11 participants
This adds support for a descriptor-specific 8-character checksum.
Descriptors may optionally be suffixed with a
#plus these 8 checksum characters. Any descriptor that contains a#at the end must be followed by a valid checksum. If the#is missing entirely, it is valid without checksum.All RPCs are updated to report descriptors that include the checksum. On input, they are optional except in
deriveaddressandimportmulti, which require descriptors which include a checksum.A new RPC is also added to analyse descriptors (
getdescriptorinfo), which can be used to compute the checksum for a descriptor without.