spvnode: added software decrypts, master_key and encrypted file

such: added software encrypts/decrypts, bip32_master_key, mnemonic_to_key, use_tpm, encrypted file and parameter checks
seal: added constants, updated password hash, file names, error output and un-used variables
wallet: added master_key parameter and software encrypts/decypts
doc: added mnemonic_to_key, use_tpm, encrypted file and bip32_master_key in tools.md
ci/ql: added test-passwd config option
cmake: added WIN32 and enabled USE_TPM2
config: disabled test-passwd by default

.github/workflows/ci.yml

@@ -39,15 +39,15 @@ jobs:
             os: ubuntu-20.04
             packages: g++-arm-linux-gnueabihf qemu-user-static qemu-user
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             run-tests: true
             goal: install
           - name: aarch64-linux
             host: aarch64-linux-gnu
             os: ubuntu-20.04
             packages: g++-aarch64-linux-gnu qemu-user-static qemu-user
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared"
+            config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared --enable-test-passwd"
             run-tests: true
             goal: install
           - name: x86_64-linux-dbg
@@ -56,7 +56,7 @@ jobs:
             run-tests: true
             packages: python3-dev python3-dbg python
             dep-opts: "DEBUG=1 SPEED=slow V=1"
-            config-opts: "--enable-debug"
+            config-opts: "--enable-debug --enable-test-passwd"
             goal: install
           - name: x86_64-linux-openenclave
             host: x86_64-pc-linux-gnu
@@ -71,7 +71,7 @@ jobs:
             os: macos-latest
             run-tests: true
             dep-opts: "SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             packages: cmake zlib xorriso
             goal: install
             sdk: 12.2
@@ -99,7 +99,7 @@ jobs:
               sudo update-alternatives --set x86_64-w64-mingw32-g++  /usr/bin/x86_64-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: ""
+            config-opts: "--enable-test-passwd"
             run-tests: true
             goal: install
           - name: i686-win
@@ -121,7 +121,7 @@ jobs:
               sudo update-alternatives --set i686-w64-mingw32-g++  /usr/bin/i686-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: ""
+            config-opts: "--enable-test-passwd"
             run-tests: true
             goal: install
           - name: i686-linux
@@ -130,7 +130,7 @@ jobs:
             packages: g++-multilib bc
             run-tests: true
             dep-opts: "SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             goal: install
 
     runs-on: ${{ matrix.os }}

.github/workflows/ql.yml

@@ -62,7 +62,7 @@ jobs:
     - name: build libdogecoin
       run: |
        ./autogen.sh
-       ./configure --prefix=`pwd`/depends/x86_64-pc-linux-gnu
+       ./configure --prefix=`pwd`/depends/x86_64-pc-linux-gnu --enable-test-passwd
        make check -j3 VERBOSE=1
 
     - name: perform codeql analysis

CMakeLists.txt

@@ -26,9 +26,9 @@ SET(WITH_LOGDB TRUE CACHE BOOL "enable logdb")
 SET(WITH_UNISTRING TRUE CACHE BOOL "enable unistring functions")
 SET(WITH_WALLET TRUE CACHE BOOL "enable wallet")
 SET(USE_SSE2 FALSE CACHE BOOL "enable scrypt sse2")
-SET(USE_TPM2 FALSE CACHE BOOL "enable tpm_tests")
+SET(USE_TPM2 TRUE CACHE BOOL "enable tpm2")
 SET(USE_OPENENCLAVE FALSE CACHE BOOL "enable openenclave")
-SET(TEST_PASSWD TRUE CACHE BOOL "enable test password")
+SET(TEST_PASSWD FALSE CACHE BOOL "enable test password")
 SET(RANDOM_DEVICE "/dev/urandom" CACHE STRING "set the device to read random data from")
 
 # Set a default build type if none was specified
@@ -273,7 +273,7 @@ IF(USE_TESTS)
         test/utils_tests.c
         test/vector_tests.c
 )
-IF (USE_TPM2)
+IF (WIN32 AND USE_TPM2)
     TARGET_LINK_LIBRARIES(tests ${LIBDOGECOIN_NAME} ${LIBUNISTRING} tbs ncrypt crypt32)
 ELSE()
     TARGET_LINK_LIBRARIES(tests ${LIBDOGECOIN_NAME} ${LIBUNISTRING})
@@ -329,7 +329,7 @@ IF(WITH_NET)
         src/spv.c
     )
 
-    IF(USE_TPM2)
+    IF(WIN32 AND USE_TPM2)
         TARGET_LINK_LIBRARIES(${LIBDOGECOIN_NAME} ${LIBEVENT} ${LIBEVENT_PTHREADS} ${LIBUNISTRING} ncrypt crypt32)
     ELSE()
         TARGET_LINK_LIBRARIES(${LIBDOGECOIN_NAME} ${LIBEVENT} ${LIBEVENT_PTHREADS} ${LIBUNISTRING})
@@ -352,7 +352,7 @@ IF(WITH_TOOLS)
 
     ADD_EXECUTABLE(such src/cli/such.c)
     INSTALL(TARGETS such RUNTIME)
-    IF (USE_TPM2)
+    IF (WIN32 AND USE_TPM2)
         TARGET_LINK_LIBRARIES(such ${LIBDOGECOIN_NAME} ${LIBUNISTRING} tbs ncrypt crypt32)
     ELSE()
         TARGET_LINK_LIBRARIES(such ${LIBDOGECOIN_NAME} ${LIBUNISTRING})
@@ -367,7 +367,7 @@ IF(WITH_TOOLS)
         ADD_EXECUTABLE(spvnode src/cli/spvnode.c)
         INSTALL(TARGETS spvnode RUNTIME)
 
-        IF (USE_TPM2)
+        IF (WIN32 AND USE_TPM2)
             TARGET_LINK_LIBRARIES(spvnode ${LIBDOGECOIN_NAME} tbs ncrypt crypt32)
         ELSE()
             TARGET_LINK_LIBRARIES(spvnode ${LIBDOGECOIN_NAME})

configure.ac

@@ -139,11 +139,11 @@ AC_ARG_ENABLE(tests,
   [use_tests=$enableval],
   [use_tests=yes])
 
-AC_ARG_ENABLE([test_passwd],
+AC_ARG_ENABLE([test-passwd],
   [AS_HELP_STRING([--enable-test-passwd],
   [enable test password for encrypt/decrypt])],
   [test_passwd=$enableval],
-  [test_passwd=yes])
+  [test_passwd=no])
 
 AC_MSG_CHECKING([for __builtin_expect])
 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],

doc/tools.md

@@ -14,12 +14,13 @@ The `such` tool can be used by simply running the command `./such` in the top le
 - generate_private_key
 - generate_public_key
 - p2pkh
-- bip32_extended_master_key
+- bip32_master_key
 - derive_child_keys
 - generate_mnemonic
 - list_encryption_keys_in_tpm
-- decrypt_master_key_with_tpm
-- decrypt_mnemonic_with_tpm
+- decrypt_master_key
+- decrypt_mnemonic
+- mnemonic_to_key
 - mnemonic_to_addresses
 - print_keys
 - sign
@@ -41,14 +42,15 @@ Most of these commands require a flag following them to denote things like exist
 | -k, --pubkey  | public_key          | yes | p2pkh -k <public_key> |
 | -m, --derived_path | derived_path        | yes | derive_child_key -p <extended_private_key> -m <derived_path> |
 | -e, --entropy  | hex_entropy | yes | generate_mnemonic -e <hex_entropy> |
-| -n, --mnemonic  | seed_phrase | yes | mnemonic_to_addresses -n <seed_phrase> |
-| -a, --pass_phrase  | pass_phrase | yes | mnemonic_to_addresses -n <seed_phrase> -a <pass_phrase> |
-| -o, --account_int  | account_int | yes | mnemonic_to_addresses -n <seed_phrase> -o <account_int> |
-| -g, --change_level  | change_level | yes | mnemonic_to_addresses -n <seed_phrase> -g <change_level> |
-| -i, --address_index  | address_index | yes | mnemonic_to_addresses -n <seed_phrase> -i <address_index> |
-| -y, --tpm_file | file_num | yes | generate_mnemonic, bip32_extended_master_key, decrypt_master_key_with_tpm, decrypt_mnemonic_with_tpm or mnemonic_to_addresses -y <file_num>
-| -w, --overwrite | overwrite | no | generate_mnemonic or bip32_extended_master_key -w |
-| -b, --silent | silent | no | generate_mnemonic or bip32_extended_master_key -b |
+| -n, --mnemonic  | seed_phrase | yes | mnemonic_to_key or mnemonic_to_addresses -n <seed_phrase> |
+| -a, --pass_phrase  | pass_phrase | yes | mnemonic_to_key or mnemonic_to_addresses -n <seed_phrase> -a <pass_phrase> |
+| -o, --account_int  | account_int | yes | mnemonic_to_key or mnemonic_to_addresses -n <seed_phrase> -o <account_int> |
+| -g, --change_level  | change_level | yes | mnemonic_to_key or mnemonic_to_addresses -n <seed_phrase> -g <change_level> |
+| -i, --address_index  | address_index | yes | mnemonic_to_key or mnemonic_to_addresses -n <seed_phrase> -i <address_index> |
+| -y, --encrypted_file | file_num | yes | generate_mnemonic, bip32_master_key, decrypt_master_key, decrypt_mnemonic, mnemonic_to_key or mnemonic_to_addresses -y <file_num>
+| -w, --overwrite | overwrite | no | generate_mnemonic or bip32_master_key -w |
+| -b, --silent | silent | no | generate_mnemonic or bip32_master_key -b |
+| -j, --use_tpm | use_tpm | no | generate_mnemonic, bip32_master_key, decrypt_master_key, decrypt_mnemonic, mnemonic_to_key or mnemonic_to_addresses -j |
 | -t, --testnet  | designate_testnet   | no  | generate_private_key -t |
 | -s  | script_hex          | yes | comp2der -s <compact_signature> |
 | -x  | transaction_hex     | yes | sign -x <transaction_hex> -s <pubkey_script> -i <index_of_utxo_to_sign> -h <sig_hash_type> |
@@ -62,13 +64,14 @@ Below is a list of all the commands and the flags that they require. As a remind
 | generate_private_key      | None                   | -t   | Generates a private key from a secp256k1 context for either mainnet or testnet. |
 | generate_public_key       | -p                     | -t   | Generates a public key derived from the private key specified. Include the testnet flag if it was generated from testnet. |
 | p2pkh                     | -k                     | -t   | Generates a p2pkh address derived from the public key specified. Include the testnet flag if it was generated from testnet. |
-| bip32_extended_master_key | None                   | -t   | Generate an extended master private key from a secp256k1 context for either mainnet or testnet. |
+| bip32_master_key | None                   | -t   | Generate an extended master private key from a secp256k1 context for either mainnet or testnet. |
 | bip32maintotest           | -p                     | None | Convert a mainnet private key into an equivalent testnet key. |
 | derive_child_keys         | -p, -m                 | -t   | Generates a child key derived from the specified private key using the specified derivation path.
 | generate_mnemonic         | None                   | -e, -y, -w, -b | Generates a 24-word english seed phrase randomly or from optional hex entropy. |
 | list_encryption_keys_in_tpm | None                 | None | List the encryption keys in the TPM. |
-| decrypt_master_key_with_tpm | -y                   | None | Decrypt the master key with the TPM. |
-| decrypt_mnemonic_with_tpm | -y                     | None | Decrypt the mnemonic with the TPM. |
+| decrypt_master_key | -y   | -j | Decrypt the master key with the TPM or SW. |
+| decrypt_mnemonic | -y     | -j | Decrypt the mnemonic with the TPM or SW. |
+| mnemonic_to_key | -n      | -a, -y, -o, g, -i, -t | Generates a private key from a seed phrase with a default path or specified account, change level and index for either mainnet or testnet. |
 | mnemonic_to_addresses     | -n      | -a, -y, -o, g, -i, -t   | Generates an address from a seed phrase with a default path or specified account, change level and index for either mainnet or testnet. |
 | print_keys                | -p                     | -t   | Print all keys associated with the provided private key.
 | sign                      | -x, -s, -i, -h, -p     | -t   | See the definition of sign_raw_transaction in the Transaction API.
@@ -104,7 +107,7 @@ Below are some examples on how to use the `such` tool in practice.
 
 ##### Generate new BIP32 master key
 
-    ./such -c bip32_extended_master_key
+    ./such -c bip32_master_key
     > masterkey: dgpv51eADS3spNJh9qLpW8S7B7uZmusTpNE85NgXsYD7eGuVhebMDfEsj6fNR6DHgpSBCmYdAvw9YRSqRWnFxtYn1bM8AdNipwdi9dDXFCY8vkY
 
 
@@ -136,7 +139,13 @@ Below are some examples on how to use the `such` tool in practice.
     ./such -c generate_mnemonic
     > they nuclear observe moral twenty gym hedgehog damage reveal syrup negative beach best silk alone feel vapor deposit belt host purity run clever deer
 
-#### Geneate an HD address from the seed phrase for a given account (2), change level (1, internal) and index (0) for testnet
+#### Generate a HD master key from the seed phrase for a given account (2), change level (1, internal) and index (0) for testnet
+
+    ./such -c mnemonic_to_key -n "they nuclear observe moral twenty gym hedgehog damage reveal syrup negative beach best silk alone feel vapor deposit belt host purity run clever deer" -o 2 -g 1 -i 0 -t
+    > keypath: m/44'/1'/2'/1/0
+    > private key (wif): cniAjMkD7HpzQKw67ByNsyzqMF8MEJo2y4viH2WEZRXoKHNih1sH
+
+#### Generate an HD address from the seed phrase for a given account (2), change level (1, internal) and index (0) for testnet
 
     ./such -c mnemonic_to_addresses -n "they nuclear observe moral twenty gym hedgehog damage reveal syrup negative beach best silk alone feel vapor deposit belt host purity run clever deer" -o 2 -g 1 -i 0 -t
     > Address: nW7ndt4HZh8XwLYN6v6N2S4mZCbpZPuFxh

include/dogecoin/wallet.h

@@ -129,7 +129,7 @@ LIBDOGECOIN_API void dogecoin_wallet_output_free(dogecoin_output* output);
 /** ------------------------------------ */
 
 LIBDOGECOIN_API dogecoin_wallet* dogecoin_wallet_new(const dogecoin_chainparams *params);
-LIBDOGECOIN_API dogecoin_wallet* dogecoin_wallet_init(const dogecoin_chainparams* chain, const char* address, const char* name, const char* mnemonic_in, const char* pass, const dogecoin_bool tpm, const int file_num);
+LIBDOGECOIN_API dogecoin_wallet* dogecoin_wallet_init(const dogecoin_chainparams* chain, const char* address, const char* name, const char* mnemonic_in, const char* pass, const dogecoin_bool encrypted, const dogecoin_bool tpm, const int file_num, const dogecoin_bool master_key);
 LIBDOGECOIN_API void print_utxos(dogecoin_wallet* wallet);
 LIBDOGECOIN_API void dogecoin_wallet_free(dogecoin_wallet* wallet);
 

src/address.c

@@ -763,6 +763,7 @@ int verifyHDMasterPubKeypairFromEncryptedSeed(const char* wif_privkey_master, co
  * @param account The BIP44 account to generate the derived address.
  * @param index The BIP44 index to generate the derived address.
  * @param change_level The BIP44 change level flag to generate derived address.
+ * @param pass The passphrase (optional).
  * @param p2pkh_pubkey_master The generated master public key.
  * @param is_testnet The flag denoting which network, 0 for mainnet and 1 for testnet.
  * @param file_num The file number to store the encrypted seed.
@@ -788,7 +789,9 @@ int getDerivedHDAddressFromEncryptedMnemonic(const uint32_t account, const uint3
     }
 
     /* Generate the root key from the mnemonic */
-    dogecoin_seed_from_mnemonic(mnemonic, pass, seed);
+    if (dogecoin_seed_from_mnemonic(mnemonic, pass, seed) == -1) {
+        return -1;
+    }
 
     /* Generate the root key from the seed */
     dogecoin_hdnode_from_seed(seed, MAX_SEED_SIZE, &node);

src/cli/spvnode.c

@@ -179,7 +179,9 @@ static struct option long_options[] = {
         {"checkpoint", no_argument, NULL, 'p'},
         {"wallet_file", required_argument, NULL, 'w'},
         {"headers_file", required_argument, NULL, 'h'},
-        {"tpm_file", required_argument, NULL, 'y'},
+        {"encrypted_file", required_argument, NULL, 'y'},
+        {"use_tpm", no_argument, NULL, 'j'},
+        {"master_key", no_argument, NULL, 'k'},
         {"daemon", no_argument, NULL, 'z'},
         {NULL, 0, NULL, 0} };
 
@@ -196,7 +198,8 @@ static void print_version() {
 static void print_usage() {
     print_version();
     printf("Usage: spvnode (-c|continuous) (-i|-ips <ip,ip,...]>) (-m[--maxpeers] <int>) (-t[--testnet]) (-f <headersfile|0 for in mem only>) \
-(-n|-mnemonic <seed_phrase>) (-s|-pass_phrase <pass_phrase>) (-y|-tpm_file <file_num 0-999>) (-w|-wallet_file <filename>) (-h|-headers_file <filename>) (-r[--regtest]) (-d[--debug]) (-s[--timeout] <secs>) <command>\n");
+(-n|-mnemonic <seed_phrase>) (-s|-pass_phrase <pass_phrase>) (-y|-encrypted_file <file_num 0-999>) (-w|-wallet_file <filename>) (-h|-headers_file <filename>) \
+(-k[--master_key] (-j[--use_tpm]) (-r[--regtest]) (-d[--debug]) (-s[--timeout] <secs>) <command>\n");
     printf("Supported commands:\n");
     printf("        scan      (scan blocks up to the tip, creates header.db file)\n");
     printf("\nExamples: \n");
@@ -270,6 +273,8 @@ int main(int argc, char* argv[]) {
     char* headers_name = 0;
     dogecoin_bool full_sync = false;
     dogecoin_bool have_decl_daemon = false;
+    dogecoin_bool encrypted = false;
+    dogecoin_bool master_key = false;
     dogecoin_bool tpm = false;
     int file_num = NO_FILE;
 
@@ -281,7 +286,7 @@ int main(int argc, char* argv[]) {
     data = argv[argc - 1];
 
     /* get arguments */
-    while ((opt = getopt_long_only(argc, argv, "i:ctrds:m:n:f:y:a:w:h:bpz:", long_options, &long_index)) != -1) {
+    while ((opt = getopt_long_only(argc, argv, "i:ctrds:m:n:f:y:a:w:h:bpzkj:", long_options, &long_index)) != -1) {
         switch (opt) {
                 case 'c':
                     quit_when_synced = false;
@@ -320,9 +325,15 @@ int main(int argc, char* argv[]) {
                     headers_name = optarg;
                     break;
                 case 'y':
-                    tpm = true;
+                    encrypted = true;
                     file_num = (int)strtol(optarg, (char**)NULL, 10);
                     break;
+                case 'k':
+                    master_key = true;
+                    break;
+                case 'j':
+                    tpm = true;
+                    break;
                 case 'w':
                     name = optarg;
                     break;
@@ -346,7 +357,7 @@ int main(int argc, char* argv[]) {
         client->sync_completed = spv_sync_completed;
 
 #if WITH_WALLET
-        dogecoin_wallet* wallet = dogecoin_wallet_init(chain, address, name, mnemonic_in, pass, tpm, file_num);
+        dogecoin_wallet* wallet = dogecoin_wallet_init(chain, address, name, mnemonic_in, pass, encrypted, tpm, file_num, master_key);
         print_utxos(wallet);
         client->sync_transaction = dogecoin_wallet_check_transaction;
         client->sync_transaction_ctx = wallet;