Code modifications to integrate Ledger HW device into monero-wallet-cli.

The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.

Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.

The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and  the "Ledger", which delegates
all calls to Ledger device.

tests/core_tests/CMakeLists.txt

@@ -70,6 +70,7 @@ target_link_libraries(core_tests
     p2p
     version
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET core_tests

tests/core_tests/chaingen.cpp

@@ -43,7 +43,7 @@
 #include "cryptonote_basic/miner.h"
 
 #include "chaingen.h"
-
+#include "device/device.hpp"
 using namespace std;
 
 using namespace epee;
@@ -368,7 +368,7 @@ bool init_spent_output_indices(map_output_idx_t& outs, map_output_t& outs_mine,
             crypto::public_key out_key = boost::get<txout_to_key>(oi.out).key;
             std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
             subaddresses[from.get_keys().m_account_address.m_spend_public_key] = {0,0};
-            generate_key_image_helper(from.get_keys(), subaddresses, out_key, get_tx_pub_key_from_extra(*oi.p_tx), get_additional_tx_pub_keys_from_extra(*oi.p_tx), oi.out_no, in_ephemeral, img);
+            generate_key_image_helper(from.get_keys(), subaddresses, out_key, get_tx_pub_key_from_extra(*oi.p_tx), get_additional_tx_pub_keys_from_extra(*oi.p_tx), oi.out_no, in_ephemeral, img, hw::get_device(("default")));
 
             // lookup for this key image in the events vector
             BOOST_FOREACH(auto& tx_pair, mtx) {

tests/core_tests/multisig.cpp

@@ -34,7 +34,7 @@
 #include "common/apply_permutation.h"
 #include "chaingen.h"
 #include "multisig.h"
-
+#include "device/device.hpp"
 using namespace epee;
 using namespace crypto;
 using namespace cryptonote;
@@ -367,7 +367,7 @@ bool gen_multisig_tx_validation_base::generate_with(std::vector<test_event_entry
   for (size_t n = 0; n < tx.vout.size(); ++n)
   {
     CHECK_AND_ASSERT_MES(typeid(txout_to_key) == tx.vout[n].target.type(), false, "Unexpected tx out type");
-    if (is_out_to_acc_precomp(subaddresses, boost::get<txout_to_key>(tx.vout[n].target).key, derivation, additional_derivations, n))
+    if (is_out_to_acc_precomp(subaddresses, boost::get<txout_to_key>(tx.vout[n].target).key, derivation, additional_derivations, n, hw::get_device(("default"))))
     {
       ++n_outs;
       CHECK_AND_ASSERT_MES(tx.vout[n].amount == 0, false, "Destination amount is not zero");

tests/core_tests/rct.cpp

@@ -31,6 +31,7 @@
 #include "ringct/rctSigs.h"
 #include "chaingen.h"
 #include "rct.h"
+#include "device/device.hpp"
 
 using namespace epee;
 using namespace crypto;
@@ -133,9 +134,9 @@ bool gen_rct_tx_validation_base::generate_with(std::vector<test_event_entry>& ev
       crypto::secret_key amount_key;
       crypto::derivation_to_scalar(derivation, o, amount_key);
       if (rct_txes[n].rct_signatures.type == rct::RCTTypeSimple || rct_txes[n].rct_signatures.type == rct::RCTTypeSimpleBulletproof)
-        rct::decodeRctSimple(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4]);
+        rct::decodeRctSimple(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4], hw::get_device("default"));
       else
-        rct::decodeRct(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4]);
+        rct::decodeRct(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4], hw::get_device("default"));
     }
 
     CHECK_AND_ASSERT_MES(generator.construct_block_manually(blk_txes[n], blk_last, miner_account,

tests/core_tests/tx_validation.cpp

@@ -30,6 +30,7 @@
 
 #include "chaingen.h"
 #include "tx_validation.h"
+#include "device/device.hpp"
 
 using namespace epee;
 using namespace crypto;
@@ -62,7 +63,7 @@ namespace
         std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
         subaddresses[sender_account_keys.m_account_address.m_spend_public_key] = {0,0};
         auto& out_key = reinterpret_cast<const crypto::public_key&>(src_entr.outputs[src_entr.real_output].second.dest);
-        generate_key_image_helper(sender_account_keys, subaddresses, out_key, src_entr.real_out_tx_key, src_entr.real_out_additional_tx_keys, src_entr.real_output_in_tx_index, in_ephemeral, img);
+        generate_key_image_helper(sender_account_keys, subaddresses, out_key, src_entr.real_out_tx_key, src_entr.real_out_additional_tx_keys, src_entr.real_output_in_tx_index, in_ephemeral, img, hw::get_device(("default")));
 
         // put key image into tx input
         txin_to_key input_to_key;

tests/crypto/CMakeLists.txt

@@ -42,7 +42,10 @@ add_executable(cncrypto-tests
   ${crypto_headers})
 target_link_libraries(cncrypto-tests
   PRIVATE
+    wallet
+    cryptonote_core
     common
+    device
     ${Boost_SYSTEM_LIBRARY}
     ${EXTRA_LIBRARIES})
 set_property(TARGET cncrypto-tests

tests/crypto/crypto.cpp

@@ -33,7 +33,7 @@
 #include "crypto-tests.h"
 
 bool check_scalar(const crypto::ec_scalar &scalar) {
-  return crypto::sc_check(crypto::operator &(scalar)) == 0;
+  return sc_check(crypto::operator &(scalar)) == 0;
 }
 
 void random_scalar(crypto::ec_scalar &res) {
@@ -45,13 +45,13 @@ void hash_to_scalar(const void *data, std::size_t length, crypto::ec_scalar &res
 }
 
 void hash_to_point(const crypto::hash &h, crypto::ec_point &res) {
-  crypto::ge_p2 point;
-  crypto::ge_fromfe_frombytes_vartime(&point, reinterpret_cast<const unsigned char *>(&h));
-  crypto::ge_tobytes(crypto::operator &(res), &point);
+  ge_p2 point;
+  ge_fromfe_frombytes_vartime(&point, reinterpret_cast<const unsigned char *>(&h));
+  ge_tobytes(crypto::operator &(res), &point);
 }
 
 void hash_to_ec(const crypto::public_key &key, crypto::ec_point &res) {
-  crypto::ge_p3 tmp;
+  ge_p3 tmp;
   crypto::hash_to_ec(key, tmp);
-  crypto::ge_p3_tobytes(crypto::operator &(res), &tmp);
+  ge_p3_tobytes(crypto::operator &(res), &tmp);
 }

tests/fuzz/CMakeLists.txt

@@ -32,6 +32,7 @@ target_link_libraries(block_fuzz_tests
     cryptonote_core
     p2p
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET block_fuzz_tests
@@ -44,6 +45,7 @@ target_link_libraries(transaction_fuzz_tests
     cryptonote_core
     p2p
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET transaction_fuzz_tests
@@ -57,6 +59,7 @@ target_link_libraries(signature_fuzz_tests
     cryptonote_core
     p2p
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET signature_fuzz_tests
@@ -70,6 +73,7 @@ target_link_libraries(cold-outputs_fuzz_tests
     cryptonote_core
     p2p
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET cold-outputs_fuzz_tests
@@ -83,6 +87,7 @@ target_link_libraries(cold-transaction_fuzz_tests
     cryptonote_core
     p2p
     epee
+    device
     ${CMAKE_THREAD_LIBS_INIT}
     ${EXTRA_LIBRARIES})
 set_property(TARGET cold-transaction_fuzz_tests

tests/libwallet_api_tests/CMakeLists.txt

@@ -38,6 +38,8 @@ add_executable(libwallet_api_tests
   ${libwallet_api_tests_headers})
 
 target_link_libraries(libwallet_api_tests
+  PUBLIC
+  device
   PRIVATE
     wallet_api
     wallet

tests/performance_tests/generate_key_image_helper.h

@@ -35,6 +35,7 @@
 #include "cryptonote_basic/cryptonote_format_utils.h"
 
 #include "single_tx_test_base.h"
+#include "device/device.hpp"
 
 class test_generate_key_image_helper : public single_tx_test_base
 {
@@ -48,6 +49,6 @@ public:
     std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
     subaddresses[m_bob.get_keys().m_account_address.m_spend_public_key] = {0,0};
     crypto::public_key out_key = boost::get<cryptonote::txout_to_key>(m_tx.vout[0].target).key;
-    return cryptonote::generate_key_image_helper(m_bob.get_keys(), subaddresses, out_key, m_tx_pub_key, m_additional_tx_pub_keys, 0, in_ephemeral, ki);
+    return cryptonote::generate_key_image_helper(m_bob.get_keys(), subaddresses, out_key, m_tx_pub_key, m_additional_tx_pub_keys, 0, in_ephemeral, ki, hw::get_device("default"));
   }
 };

tests/performance_tests/is_out_to_acc.h

@@ -66,7 +66,7 @@ public:
     std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
     subaddresses[m_bob.get_keys().m_account_address.m_spend_public_key] = {0,0};
     std::vector<crypto::key_derivation> additional_derivations;
-    boost::optional<cryptonote::subaddress_receive_info> info = cryptonote::is_out_to_acc_precomp(subaddresses, tx_out.key, m_derivation, additional_derivations, 0);
+    boost::optional<cryptonote::subaddress_receive_info> info = cryptonote::is_out_to_acc_precomp(subaddresses, tx_out.key, m_derivation, additional_derivations, 0, hw::get_device("default"));
     return (bool)info;
   }
 

tests/performance_tests/rct_mlsag.h

@@ -65,7 +65,7 @@ public:
     {
         sk[j] = xm[ind][j];
     }
-    IIccss = MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows);
+    IIccss = MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows, hw::get_device("default"));
 
     return true;
   }
@@ -75,7 +75,7 @@ public:
     if (ver)
       MLSAG_Ver(rct::identity(), P, IIccss, rows);
     else
-      MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows);
+      MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows, hw::get_device("default"));
     return true;
   }
 

tests/unit_tests/ringct.cpp

@@ -37,6 +37,7 @@
 #include "ringct/rctTypes.h"
 #include "ringct/rctSigs.h"
 #include "ringct/rctOps.h"
+#include "device/device.hpp"
 
 using namespace std;
 using namespace crypto;
@@ -111,7 +112,7 @@ TEST(ringct, MG_sigs)
             sk[j] = xm[ind][j];
         }
         key message = identity();
-        mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R);
+        mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
         ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R));
 
         //#MG sig: false one
@@ -132,7 +133,7 @@ TEST(ringct, MG_sigs)
             sk[j] = xx[ind][j];
         }
         sk[2] = skGen();//asume we don't know one of the private keys..
-        IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R);
+        IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
         ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R));
 }
 
@@ -171,13 +172,13 @@ TEST(ringct, range_proofs)
         destinations.push_back(Pk);
 
         //compute rct data with mixin 500
-        rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);
+        rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 
         //verify rct data
         ASSERT_TRUE(verRct(s));
 
         //decode received amount
-        decodeRct(s, amount_keys[1], 1, mask);
+        decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
 
         // Ring CT with failing MG sig part should not verify!
         // Since sum of inputs != outputs
@@ -188,13 +189,13 @@ TEST(ringct, range_proofs)
 
 
         //compute rct data with mixin 500
-        s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);
+        s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 
         //verify rct data
         ASSERT_FALSE(verRct(s));
 
         //decode received amount
-        decodeRct(s, amount_keys[1], 1, mask);
+        decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
 }
 
 TEST(ringct, range_proofs_with_fee)
@@ -235,13 +236,13 @@ TEST(ringct, range_proofs_with_fee)
         destinations.push_back(Pk);
 
         //compute rct data with mixin 500
-        rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);
+        rctSig s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 
         //verify rct data
         ASSERT_TRUE(verRct(s));
 
         //decode received amount
-        decodeRct(s, amount_keys[1], 1, mask);
+        decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
 
         // Ring CT with failing MG sig part should not verify!
         // Since sum of inputs != outputs
@@ -252,13 +253,13 @@ TEST(ringct, range_proofs_with_fee)
 
 
         //compute rct data with mixin 500
-        s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);
+        s = genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 
         //verify rct data
         ASSERT_FALSE(verRct(s));
 
         //decode received amount
-        decodeRct(s, amount_keys[1], 1, mask);
+        decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
 }
 
 TEST(ringct, simple)
@@ -310,13 +311,13 @@ TEST(ringct, simple)
         //compute sig with mixin 2
         xmr_amount txnfee = 1;
 
-        rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2);
+        rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2, hw::get_device("default"));
 
         //verify ring ct signature
         ASSERT_TRUE(verRctSimple(s));
 
         //decode received amount corresponding to output pubkey index 1
-        decodeRctSimple(s, amount_keys[1], 1, mask);
+        decodeRctSimple(s, amount_keys[1], 1, mask,  hw::get_device("default"));
 }
 
 static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee)
@@ -344,7 +345,7 @@ static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amount
         }
     }
 
-    return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);;
+    return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 }
 
 static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee)
@@ -370,7 +371,7 @@ static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input
         destinations.push_back(Pk);
     }
 
-    return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3);;
+    return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3, hw::get_device("default"));
 }
 
 static bool range_proof_test(bool expected_valid,

tests/unit_tests/serialization.cpp

@@ -47,6 +47,7 @@
 #include "wallet/wallet2.h"
 #include "gtest/gtest.h"
 #include "unit_tests_utils.h"
+#include "device/device.hpp"
 using namespace std;
 using namespace crypto;
 
@@ -590,7 +591,7 @@ TEST(Serialization, serializes_ringct_types)
   rct::skpkGen(Sk, Pk);
   destinations.push_back(Pk);
   //compute rct data with mixin 500
-  s0 = rct::genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3);
+  s0 = rct::genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, hw::get_device("default"));
 
   mg0 = s0.p.MGs[0];
   ASSERT_TRUE(serialization::dump_binary(mg0, blob));