improve the filtering of incoming requests by checking if they have
explicitly set an expiration tag. If so, they will only be ignored if
this timestamp is exceeded. Otherwise requests older than 30 secons will
get ignored and an error will get sent to the client so the client is
aware it's request arrived too late.
This is done to prevent handling requests the user may already expects
to have failed.
Notably verifymessage and decrypt(message) were silently ignoring trailing garbage
or inserted non-base64 characters present in signatures/ciphertext.
(both the CLI commands and in the GUI)
I think it is much cleaner and preferable to treat such signatures/ciphertext as invalid.
In fact I find it surprising that base64.b64decode(validate=False) is the default.
Perhaps we should create a helper function for it that set validate=True and use that.
don't return the spending methods pay_invoice and multi_pay_invoice in
the get_info request and the info event so connections can be used for
services that enforce receive only connections.
This new `Transaction.verify_sig_for_txin` function is an instance method of `Transaction` instead of `PartialTransaction`.
It takes a complete txin, a pubkey and a signature, and verifies the signature.
- `get_preimage_script` is renamed to `get_scriptcode_for_sighash` and now effectively has two implementations:
- the old impl became `PartialTxInput.get_scriptcode_for_sighash`
- this assumes we are the ones constructing a spending txin and can have knowledge beyond what will be revealed onchain
- the new impl is in the base class, `TxInput.get_scriptcode_for_sighash`
- this assumes the txin is already "complete", and mimics a consensus-verifier by extracting the required fields
from the already complete witness/scriptSig and the scriptpubkey of the funding utxo
- `serialize_preimage` now does not require a PartialTransaction, it also works on the base class Transaction
-----
I intend to use this for debugging only atm: I noticed TxBatcher sometimes creates invalid signatures by seeing
that bitcoind rejects txs with `mandatory-script-verify-flag-failed (Signature must be zero for failed CHECK(MULTI)SIG operation)`.
However the txs in question have multiple txins, with some txins containing multiple signatures, and bitcoind does not tell us
which txin/signature is invalid. Knowing which signature is invalid would be a start, but I can now add some temp debug logging
to `serialize_preimage` to compare the message being signed with the message being verified.
As can be seen from the tests, the signature and the pubkey needs to be manually extracted from the txin to be verified:
we still don't have a script interpreter so we don't have logic to "verify a txin". However this new code adds logic
to verify a signature for a txin/pubkey combo (which is a small part of an interpreter/verifier).
Checks if the pubkey of the author sending the psbt cosigning
request is in our list of cosigner pubkeys to prevent accepting
"fake" requests from other pubkeys.
store all plugin data by plugin name in a root dictionary `plugin_data`
inside the wallet db so that plugin data can get deleted again.
Prunes the data of plugins from the wallet db on wallet stop if the
plugin is not installed anymore.
there is no available documentation on what this plugin does or how it
works, also the concept isn't well known. By adding some information in
the form of a help box the user can understand the concept of what this
plugin does and how it is used.
* Timelock Recovery Extension
* Timelock Recovery Extension tests
* Use fee_policy instead of fee_est
Following 3f327eea07
* making tx with base_tx
Following ab14c3e138
* move plugin metadata from __init__.py to manifest.json
* removing json large indentation
* timelock recovery icon
* timelock recovery plugin: fix typos
* timelock recovery plugin: use menu instead of status bar.
The status bar should be used for displaying status. For example,
hardware wallet plugins use it because their connection status is
changing and needs to be displayed.
* timelock recovery plugin: ask for password only once
* timelock recovery plugin: ask whether to create cancellation tx in the initial window
* remove unnecessary code.
(calling run_hook from a plugin does not make sense)
* show alert and cancellation address at the end.
skip unnecessary dialog
* timelock recovery plugin: do not show transactions one by one.
Set the fee policy in the first dialog, and use the same fee
policy for all tx. We could add 3 sliders to this dialog, if
different fees are needed, but I think this really isn't
really necessary.
* simplify default_wallet for tests
All the lightning-related stuff is irrelevant for
this plugin.
Also use a different destination address
for the test recovery-plan (an address
that does not belong to the same wallet).
* Fee selection should be above fee calculation
also show fee calculation result with "fee: " label.
* hide Sign and Broadcast buttons during view
* recalculate cancellation transaction
The checkbox could be clicked after the fee rate
has been set. Calling update_transactions() may seem
inefficient, but it's the simplest way to avoid such edge-cases.
Also set the context's cancellation transaction to None when the
checkbox is unset.
* use context.cancellation_tx instead of checkbox value
context.cancellation_tx will be None iff the checkbox was unset
* hide cancellation address if not used
* init monospace font correctly
* timelock recovery plugin: add input info at signing time.
Fixes trezor exception: 'Missing previous tx'
* timelock recovery: remove unused parameters
* avoid saving the tx in a separate var
fixing the assertions
* avoid caching recovery & cancellation inputs
* timelock recovery: separate help window from agreement.
move agreement at the end of the flow, rephrase it
* do not cache alert_tx_outputs
* do not crash when not enough funds
not enough funds can happen
when multiple addresses are specified
in payto_e, with an amount larger
than the wallet has - so we set
the payto_e color to red.
It can also happen when the user
selects a really high fee, but this
is not common in a "recovery"
wallet with significant funds.
* If files not saved - ask before closing
* move the checkbox above the save buttons
people read the text from top to
bottom and may not understand
why the buttons are disabled
---------
Co-authored-by: f321x <f321x@tutamail.com>
Co-authored-by: ThomasV <thomasv@electrum.org>
Accepting a PSBT opens the Tx dialog and pauses receiving additional PSBTs until the Tx dialog is closed.
Rejecting a PSBT will start a cooldown and accept all pending PSBTs into the history for later inspection.
- both internal and external plugins require GUI install
(except internal HW plugins, which are 'auto-loaded' and hidden)
- remove init_qt hook
- in Qt, reload wallet windows if plugin enabled/disabled
- add 'uninstall' button to PluginDialog
- add 'add plugins' button to wizard hw screen
- add icons to the plugin list
