electrum/lib/verifier.py

# Electrum - Lightweight Bitcoin Client
# Copyright (c) 2012 Thomas Voegtlin
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
# (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
from .util import ThreadJob, bh2u
from .bitcoin import Hash, hash_decode, hash_encode
from .transaction import Transaction


class InnerNodeOfSpvProofIsValidTx(Exception): pass


class SPV(ThreadJob):
    """ Simple Payment Verification """

    def __init__(self, network, wallet):
        self.wallet = wallet
        self.network = network
        self.blockchain = network.blockchain()
        self.merkle_roots = {}  # txid -> merkle root (once it has been verified)
        self.requested_merkle = set()  # txid set of pending requests

    def run(self):
        interface = self.network.interface
        if not interface:
            return
        blockchain = interface.blockchain
        if not blockchain:
            return
        lh = self.network.get_local_height()
        unverified = self.wallet.get_unverified_txs()
        for tx_hash, tx_height in unverified.items():
            # do not request merkle branch before headers are available
            if (tx_height > 0) and (tx_height <= lh):
                header = blockchain.read_header(tx_height)
                if header is None:
                    index = tx_height // 2016
                    if index < len(blockchain.checkpoints):
                        self.network.request_chunk(interface, index)
                else:
                    if (tx_hash not in self.requested_merkle
                            and tx_hash not in self.merkle_roots):

                        self.network.get_merkle_for_transaction(
                                tx_hash,
                                tx_height,
                                self.verify_merkle)
                        self.print_error('requested merkle', tx_hash)
                        self.requested_merkle.add(tx_hash)

        if self.network.blockchain() != self.blockchain:
            self.blockchain = self.network.blockchain()
            self.undo_verifications()

    def verify_merkle(self, r):
        if self.wallet.verifier is None:
            return  # we have been killed, this was just an orphan callback
        if r.get('error'):
            self.print_error('received an error:', r)
            return
        params = r['params']
        merkle = r['result']
        # Verify the hash of the server-provided merkle branch to a
        # transaction matches the merkle root of its block
        tx_hash = params[0]
        tx_height = merkle.get('block_height')
        pos = merkle.get('pos')
        try:
            merkle_root = self.hash_merkle_root(merkle['merkle'], tx_hash, pos)
        except InnerNodeOfSpvProofIsValidTx:
            self.print_error("merkle verification failed for {} (inner node looks like tx)"
                             .format(tx_hash))
            return
        header = self.network.blockchain().read_header(tx_height)
        # FIXME: if verification fails below,
        # we should make a fresh connection to a server to
        # recover from this, as this TX will now never verify
        if not header:
            self.print_error(
                "merkle verification failed for {} (missing header {})"
                .format(tx_hash, tx_height))
            return
        if header.get('merkle_root') != merkle_root:
            self.print_error(
                "merkle verification failed for {} (merkle root mismatch {} != {})"
                .format(tx_hash, header.get('merkle_root'), merkle_root))
            return
        # we passed all the tests
        self.merkle_roots[tx_hash] = merkle_root
        try:
            # note: we could pop in the beginning, but then we would request
            # this proof again in case of verification failure from the same server
            self.requested_merkle.remove(tx_hash)
        except KeyError: pass
        self.print_error("verified %s" % tx_hash)
        self.wallet.add_verified_tx(tx_hash, (tx_height, header.get('timestamp'), pos))
        if self.is_up_to_date() and self.wallet.is_up_to_date():
            self.wallet.save_verified_tx(write=True)

    @classmethod
    def hash_merkle_root(cls, merkle_s, target_hash, pos):
        h = hash_decode(target_hash)
        for i in range(len(merkle_s)):
            item = merkle_s[i]
            h = Hash(hash_decode(item) + h) if ((pos >> i) & 1) else Hash(h + hash_decode(item))
            cls._raise_if_valid_tx(bh2u(h))
        return hash_encode(h)

    @classmethod
    def _raise_if_valid_tx(cls, raw_tx: str):
        # If an inner node of the merkle proof is also a valid tx, chances are, this is an attack.
        # https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-June/016105.html
        # https://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180609/9f4f5b1f/attachment-0001.pdf
        # https://bitcoin.stackexchange.com/questions/76121/how-is-the-leaf-node-weakness-in-merkle-trees-exploitable/76122#76122
        tx = Transaction(raw_tx)
        try:
            tx.deserialize()
        except:
            pass
        else:
            raise InnerNodeOfSpvProofIsValidTx()

    def undo_verifications(self):
        height = self.blockchain.get_checkpoint()
        tx_hashes = self.wallet.undo_verifications(self.blockchain, height)
        for tx_hash in tx_hashes:
            self.print_error("redoing", tx_hash)
            self.remove_spv_proof_for_tx(tx_hash)

    def remove_spv_proof_for_tx(self, tx_hash):
        self.merkle_roots.pop(tx_hash, None)
        try:
            self.requested_merkle.remove(tx_hash)
        except KeyError:
            pass

    def is_up_to_date(self):
        return not self.requested_merkle
Relicensing 9 years ago			`# Electrum - Lightweight Bitcoin Client`
			`# Copyright (c) 2012 Thomas Voegtlin`
simple payment verification: check targets, use block headers file. 12 years ago			`#`
Relicensing 9 years ago			`# Permission is hereby granted, free of charge, to any person`
			`# obtaining a copy of this software and associated documentation files`
			`# (the "Software"), to deal in the Software without restriction,`
			`# including without limitation the rights to use, copy, modify, merge,`
			`# publish, distribute, sublicense, and/or sell copies of the Software,`
			`# and to permit persons to whom the Software is furnished to do so,`
			`# subject to the following conditions:`
simple payment verification: check targets, use block headers file. 12 years ago			`#`
Relicensing 9 years ago			`# The above copyright notice and this permission notice shall be`
			`# included in all copies or substantial portions of the Software.`
simple payment verification: check targets, use block headers file. 12 years ago			`#`
Relicensing 9 years ago			`# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,`
			`# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF`
			`# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND`
			`# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS`
			`# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN`
			`# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN`
			`# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`# SOFTWARE.`
Check SPV proof inner nodes not to be valid transactions. (#4436) 7 years ago			`from .util import ThreadJob, bh2u`
Improving imports (#4448) 7 years ago			`from .bitcoin import Hash, hash_decode, hash_encode`
Check SPV proof inner nodes not to be valid transactions. (#4436) 7 years ago			`from .transaction import Transaction`


			`class InnerNodeOfSpvProofIsValidTx(Exception): pass`
simple payment verification: check targets, use block headers file. 12 years ago

Make the verifier a thread job instead of a thread The verifier, like the synchronizer, now runs as part of the network proxy thread. 9 years ago			`class SPV(ThreadJob):`
spv: request previous headers recursively in order to support blockchain reorgs 12 years ago			`""" Simple Payment Verification """`
simple payment verification: check targets, use block headers file. 12 years ago
Move the verified and unverified txs to the wallet. 10 years ago			`def __init__(self, network, wallet):`
			`self.wallet = wallet`
minor fixes 11 years ago			`self.network = network`
fix undo_verification 8 years ago			`self.blockchain = network.blockchain()`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`self.merkle_roots = {} # txid -> merkle root (once it has been verified)`
			`self.requested_merkle = set() # txid set of pending requests`
separate blockchain verifier from transaction verifier 11 years ago
simple payment verification: check targets, use block headers file. 12 years ago			`def run(self):`
fix #3858 7 years ago			`interface = self.network.interface`
			`if not interface:`
			`return`
			`blockchain = interface.blockchain`
			`if not blockchain:`
fix #3955: fix interference between verifier and catch_up 7 years ago			`return`
Use network to get local height 9 years ago			`lh = self.network.get_local_height()`
Make the verifier a thread job instead of a thread The verifier, like the synchronizer, now runs as part of the network proxy thread. 9 years ago			`unverified = self.wallet.get_unverified_txs()`
Small optimization for large wallets Previously the verifier job would scan all transactions in unverified_tx each time it ran. Nothing was ever removed from this map; it would essentially be the full set of transactions. As the job runs about 10 times a second, for a wallet with 500 txs this would be 5,000 useless loops a second. This patch makes unverified_tx be simply the set of confirmed transactions that haven't yet been verified. txs are added once confirmed, and removed once verified. Hence it will almost always be empty. 9 years ago			`for tx_hash, tx_height in unverified.items():`
			`# do not request merkle branch before headers are available`
Replace initial headers download with hardcoded checkpoints 7 years ago			`if (tx_height > 0) and (tx_height <= lh):`
fix #3955: fix interference between verifier and catch_up 7 years ago			`header = blockchain.read_header(tx_height)`
			`if header is None:`
fix #3635 7 years ago			`index = tx_height // 2016`
fix #3955: fix interference between verifier and catch_up 7 years ago			`if index < len(blockchain.checkpoints):`
fix #3858 7 years ago			`self.network.request_chunk(interface, index)`
Replace initial headers download with hardcoded checkpoints 7 years ago			`else:`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`if (tx_hash not in self.requested_merkle`
			`and tx_hash not in self.merkle_roots):`
Remove explicit send calls, part deux (#4408) * Rename synchronous_get to synchronous_send This makes it more inline with the method 'send' of which synchronous_send is the, well, synchronous version. * Move protocol strings from scripts to network This is again a small step in the right direction. The network module is going to accumulate more and more of these simple methods. Once everything is moved into that module, that module is going to be split. Note that I've left the scripts which use scripts/util.py alone. I suspect the same functionality can be reached when using just lib/network.py and that scripts/util.py is obsolete. * Remove protocol string from verifier and websocket Websocket still has some references, that'll take more work to remove. Once the network module has been split this should be easy. I took the liberty to rename a variable to better show what it is. * Remove protocol strings from remainder The naming scheme I'm following for the newly introduced methods in the network module is: 'blockchain.<subject>.<action>' -> def <action>_(for\|to)_<subject> * Move explicit protocol calls closer to each other This makes it easier to keep track of the methods which are due to be extracted. * Remove `send` when using `get_transaction` This is the final step to formalize (the informal) interface of the network module. A chance of note is changed interface for async/sync calls. It is no longer required to use the `synchronous_send` call. Merely NOT passing a callback makes the call synchronous. I feel this makes the API more intuitive to work with and easier to replace with a different network module. * Remove send from get_merkle_for_transaction The pattern which emerged for calling the lambda yielded an slight refactor. I'm not happy with the name for the `__invoke` method. * Remove explict send from websockets * Remove explicit send from scripts * Remove explicit send from wallet * Remove explicit sync_send from commands, scripts * Remove optional timeout parameter This parameter doesn't seem to be used a lot and removing it makes the remaining calls easier. Potentionally a contentious choice! * Rename `broadcast` to `broadcast_transaction` Doing so makes the method name consistent with the other ElectrumX protocol method names. * Remove synchronous_send Now every method is intuitive in what it does, no special handling required. The `broadcast_transaction` method is weird. I've opted not to change the return type b/c I found it hard to know what the exact consequences are. But ideally this method should just works as all the other ElectrumX related messages. On the other hand this shows nicely how you _can_ do something differnt quite easy. * Rename the awkwardly name `__invoke` method The new name reflects what it does. * Process the result of linter feedback I've used flake8-diff (and ignored a couple of line length warnings). * Rename tx_response to on_tx_response This fell through the cracks when this branch was rebased. * subscript_to_scripthash should be get_balance An oversight while refactoring. * Add missing return statement Without this statement the transaction would have been broadcasted twice. * Pass list of tuples to send not single tuple * Add @staticmethod decorator * Fix argument to be an array 7 years ago
			`self.network.get_merkle_for_transaction(`
			`tx_hash,`
			`tx_height,`
			`self.verify_merkle)`
Replace initial headers download with hardcoded checkpoints 7 years ago			`self.print_error('requested merkle', tx_hash)`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`self.requested_merkle.add(tx_hash)`
Make the verifier a thread job instead of a thread The verifier, like the synchronizer, now runs as part of the network proxy thread. 9 years ago
fix undo_verification 8 years ago			`if self.network.blockchain() != self.blockchain:`
			`self.blockchain = self.network.blockchain()`
			`self.undo_verifications()`

Simply verifier now network is in-process 9 years ago			`def verify_merkle(self, r):`
fix #4026 7 years ago			`if self.wallet.verifier is None:`
			`return # we have been killed, this was just an orphan callback`
Make the verifier a thread job instead of a thread The verifier, like the synchronizer, now runs as part of the network proxy thread. 9 years ago			`if r.get('error'):`
			`self.print_error('received an error:', r)`
			`return`
			`params = r['params']`
Simply verifier now network is in-process 9 years ago			`merkle = r['result']`
			`# Verify the hash of the server-provided merkle branch to a`
			`# transaction matches the merkle root of its block`
Make the verifier a thread job instead of a thread The verifier, like the synchronizer, now runs as part of the network proxy thread. 9 years ago			`tx_hash = params[0]`
			`tx_height = merkle.get('block_height')`
			`pos = merkle.get('pos')`
Check SPV proof inner nodes not to be valid transactions. (#4436) 7 years ago			`try:`
			`merkle_root = self.hash_merkle_root(merkle['merkle'], tx_hash, pos)`
			`except InnerNodeOfSpvProofIsValidTx:`
			`self.print_error("merkle verification failed for {} (inner node looks like tx)"`
			`.format(tx_hash))`
			`return`
Detect blockchain splits and validate multiple chains 8 years ago			`header = self.network.blockchain().read_header(tx_height)`
logging: some extra network-related lines 7 years ago			`# FIXME: if verification fails below,`
			`# we should make a fresh connection to a server to`
			`# recover from this, as this TX will now never verify`
			`if not header:`
			`self.print_error(`
			`"merkle verification failed for {} (missing header {})"`
			`.format(tx_hash, tx_height))`
			`return`
			`if header.get('merkle_root') != merkle_root:`
			`self.print_error(`
			`"merkle verification failed for {} (merkle root mismatch {} != {})"`
			`.format(tx_hash, header.get('merkle_root'), merkle_root))`
do not stop thread if a tx is not verified 11 years ago			`return`
new protocol: the server sends serialized tx, deserialize it in the client 12 years ago			`# we passed all the tests`
do not store merkle root before verification succeeded. keep it in requested_merkle for the session 11 years ago			`self.merkle_roots[tx_hash] = merkle_root`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`try:`
			`# note: we could pop in the beginning, but then we would request`
			`# this proof again in case of verification failure from the same server`
			`self.requested_merkle.remove(tx_hash)`
			`except KeyError: pass`
Move the verified and unverified txs to the wallet. 10 years ago			`self.print_error("verified %s" % tx_hash)`
			`self.wallet.add_verified_tx(tx_hash, (tx_height, header.get('timestamp'), pos))`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`if self.is_up_to_date() and self.wallet.is_up_to_date():`
			`self.wallet.save_verified_tx(write=True)`
init headers file 12 years ago
fix #4026 7 years ago			`@classmethod`
			`def hash_merkle_root(cls, merkle_s, target_hash, pos):`
simple payment verification: check targets, use block headers file. 12 years ago			`h = hash_decode(target_hash)`
protocol v0.4: use position for branching 12 years ago			`for i in range(len(merkle_s)):`
			`item = merkle_s[i]`
misc ui and lib fixes for py3 8 years ago			`h = Hash(hash_decode(item) + h) if ((pos >> i) & 1) else Hash(h + hash_decode(item))`
Check SPV proof inner nodes not to be valid transactions. (#4436) 7 years ago			`cls._raise_if_valid_tx(bh2u(h))`
simple payment verification: check targets, use block headers file. 12 years ago			`return hash_encode(h)`

Check SPV proof inner nodes not to be valid transactions. (#4436) 7 years ago			`@classmethod`
			`def _raise_if_valid_tx(cls, raw_tx: str):`
			`# If an inner node of the merkle proof is also a valid tx, chances are, this is an attack.`
			`# https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-June/016105.html`
			`# https://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180609/9f4f5b1f/attachment-0001.pdf`
			`# https://bitcoin.stackexchange.com/questions/76121/how-is-the-leaf-node-weakness-in-merkle-trees-exploitable/76122#76122`
			`tx = Transaction(raw_tx)`
			`try:`
			`tx.deserialize()`
			`except:`
			`pass`
			`else:`
			`raise InnerNodeOfSpvProofIsValidTx()`

fix undo_verification 8 years ago			`def undo_verifications(self):`
			`height = self.blockchain.get_checkpoint()`
			`tx_hashes = self.wallet.undo_verifications(self.blockchain, height)`
Remove wallet.get_transactions() Because references are returned, it's not threadsafe as ThomasV pointed out. 10 years ago			`for tx_hash in tx_hashes:`
			`self.print_error("redoing", tx_hash)`
wallet/verifier: persist wallet.verified_tx when verifier finishes Previously verified_tx was only persisted in wallet.stop_threads(), hence only on clean shutdowns. 7 years ago			`self.remove_spv_proof_for_tx(tx_hash)`

			`def remove_spv_proof_for_tx(self, tx_hash):`
			`self.merkle_roots.pop(tx_hash, None)`
			`try:`
			`self.requested_merkle.remove(tx_hash)`
			`except KeyError:`
			`pass`

			`def is_up_to_date(self):`
			`return not self.requested_merkle`