Commit Graph

13 Commits

Author SHA1 Message Date
Dave Collins
85f0c09df2
secp256k1: Start v3 module dev cycle.
Upcoming changes constitute breaking public API changes to the secp256k1
module, therefore, this follows the process for introducing major API
breaks which consists of:

- Bump the major version in the go.mod of the affected module if not
  already done since the last release tag
- Add a replacement to the go.mod in the main module if not already done
  since the last release tag
- Update all imports in the repo to use the new major version as
  necessary
- Make necessary modifications to allow all other modules to use the new
  version in the same commit
- Repeat the process for any other modules the require a new major as a
  result of consuming the new major(s)
2020-01-29 13:45:59 -06:00
Dave Collins
cebab1ef64
multi: Use secp256k1/v2 module.
This updates the following modules to use the secp256k1/v2 module:

- blockchain
- chaincfg/v2
- dcrutil/v2
- hdkeychain/v2
- mempool/v3
- txscript/v2
- main

The hdkeychain/v3 and txscript/v2 modules both use types from secp256k1
in their public API.

Consequently, in order avoid forcing them to bump their major versions,
secp256k1/v1.0.3 was released with the types redefined in terms of the
secp256k1/v2 module so callers still using v1 of the module that are not
ready to upgrade to the v2 module yet can interoperate by updating to
the latest patch version.
2019-10-08 10:14:13 -05:00
Dave Collins
ae32a34020
txscript: Use secp256k1 types in sig cache.
This modifies the signature cache to accept concrete secp256k1
signatures and pubkeys to break its dependency on the chainec package
which is planned to be removed in the future.

There are no other types that are currently using the signature cache
and, if additional types are desired, they should be handled uniquely,
either through the use of a separate cache or through specialized and
efficient conversion code.

Not all signature algorithms are based on EC crypto, particularly
post-quantum algorithms, so it doesn't make sense to try to shoehorn all
signature algorithms into an EC interface.
2019-06-24 15:13:38 -05:00
Dave Collins
e570fb8d75
txscript: Remove checks for impossible conditions.
This removes a couple of checks for impossible conditions found by the
staticcheck linter.  In the case of executeOpcode, bytes are always >= 0
and, similarly for SigCache.Add, uint are always >= 0.
2019-04-01 14:34:51 -05:00
David Hill
e45c34fbfc multi: release the mutex earlier 2018-02-13 13:55:02 -06:00
cjepson
c323abbc10 Merge in btcd '7f07fb1093dd80105d36d61c8fb8a16f6e9d9b29'
Merge in btcd commit 7f07fb1093.
2016-09-23 14:40:27 -04:00
cjepson
02bb5123d6 Merge in btcd commit '3b39edcaa1e867efc4223d95ca1496aaadf8eca3'
Merges in 3b39edcaa1 from btcd.
2016-09-22 15:52:37 -04:00
Dave Collins
fe65e81af0 Apply various upstream comment fixes.
Contains the following upstream commits:
- 87182a2ddf
  - This commit does not apply to Decred so it has been reverted
- 89af747603
  - This commit has already been cherry picked and is a NOOP
- d0cdd53720
  - This commit has already been cherry picked and is a NOOP
- df20c1074c
- ff0c787237
- 6e133b58da
- 34a94b7d0b
- 14ccab80e7
2016-05-27 00:35:06 -05:00
Mawueli Kofi Adzoe
7f07fb1093 txscript: Fix typo. (#700)
* Fix tiny typo. Bump copyright year.
* Clarify documentation.
2016-05-22 23:23:20 -05:00
Dave Collins
e310d1dac5 Integrate a valid ECDSA signature cache
Upstream commit 0029905d43
2016-05-18 13:37:06 -05:00
Olaoluwa Osuntokun
3b39edcaa1 txscript: optimize sigcache lookup (#598)
Profiles discovered that lookups into the signature cache included an
expensive comparison to the stored `sigInfo` struct. This lookup had the
potential to be more expensive than directly verifying the signature
itself!

In addition, evictions were rather expensive because they involved
reading from /dev/urandom, or equivalent, for each eviction once the
signature cache was full as well as potentially iterating over every
item in the cache in the worst-case.

To remedy this poor performance several changes have been made:
* Change the lookup key to the fixed sized 32-byte signature hash
* Perform a full equality check only if there is a cache hit which
    results in a significant  speed up for both insertions and existence
checks
* Override entries in the case of a colliding hash on insert Add an
* .IsEqual() method to the Signature and PublicKey types in the
  btcec package to facilitate easy equivalence testing
* Allocate the signature cache map with the max number of entries in
  order to avoid unnecessary map re-sizes/allocations
* Optimize evictions from the signature cache Delete the first entry
* seen which is safe from manipulation due to
    the pre image resistance of the hash function
* Double the default maximum number of entries within the signature
  cache due to the reduction in the size of a cache entry
  * With this eviction scheme, removals are effectively O(1)

Fixes #575.
2016-04-13 21:56:10 -05:00
Mawuli Adzoe
14ccab80e7 Review and fix typos in SigCache code. 2015-12-30 11:57:15 -07:00
Olaoluwa Osuntokun
0029905d43 Integrate a valid ECDSA signature cache into btcd
Introduce an ECDSA signature verification into btcd in order to
mitigate a certain DoS attack and as a performance optimization.

The benefits of SigCache are two fold. Firstly, usage of SigCache
mitigates a DoS attack wherein an attacker causes a victim's client to
hang due to worst-case behavior triggered while processing attacker
crafted invalid transactions. A detailed description of the mitigated
DoS attack can be found here: https://bitslog.wordpress.com/2013/01/23/fixed-bitcoin-vulnerability-explanation-why-the-signature-cache-is-a-dos-protection/
Secondly, usage of the SigCache introduces a signature verification
optimization which speeds up the validation of transactions within a
block, if they've already been seen and verified within the mempool.

The server itself manages the sigCache instance. The blockManager and
txMempool respectively now receive pointers to the created sigCache
instance. All read (sig triplet existence) operations on the sigCache
will not block unless a separate goroutine is adding an entry (writing)
to the sigCache. GetBlockTemplate generation now also utilizes the
sigCache in order to avoid unnecessarily double checking signatures
when generating a template after previously accepting a txn to the
mempool. Consequently, the CPU miner now also employs the same
optimization.

The maximum number of entries for the sigCache has been introduced as a
config parameter in order to allow users to configure the amount of
memory consumed by this new additional caching.
2015-10-08 17:31:42 -07:00