Electroneum
device_ledger.hpp
Go to the documentation of this file.
1 // Copyright (c) 2017-2019, The Monero Project
2 //
3 // All rights reserved.
4 //
5 // Redistribution and use in source and binary forms, with or without modification, are
6 // permitted provided that the following conditions are met:
7 //
8 // 1. Redistributions of source code must retain the above copyright notice, this list of
9 // conditions and the following disclaimer.
10 //
11 // 2. Redistributions in binary form must reproduce the above copyright notice, this list
12 // of conditions and the following disclaimer in the documentation and/or other
13 // materials provided with the distribution.
14 //
15 // 3. Neither the name of the copyright holder nor the names of its contributors may be
16 // used to endorse or promote products derived from this software without specific
17 // prior written permission.
18 //
19 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
20 // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
21 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
22 // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
27 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 //
29 
30 
31 #pragma once
32 
33 #include <cstddef>
34 #include <string>
35 #include "device.hpp"
36 #include "log.hpp"
37 #include "device_io_hid.hpp"
38 #include <boost/thread/mutex.hpp>
39 #include <boost/thread/recursive_mutex.hpp>
40 
41 namespace hw {
42 
43  namespace ledger {
44 
45  /* Minimal supported version */
46  #define MINIMAL_APP_VERSION_MAJOR 1
47  #define MINIMAL_APP_VERSION_MINOR 0
48  #define MINIMAL_APP_VERSION_MICRO 0
49 
50  #define VERSION(M,m,u) ((M)<<16|(m)<<8|(u))
51  #define VERSION_MAJOR(v) (((v)>>16)&0xFF)
52  #define VERSION_MINOR(v) (((v)>>8)&0xFF)
53  #define VERSION_MICRO(v) (((v)>>0)&0xFF)
54 
55  #define MINIMAL_APP_VERSION VERSION(MINIMAL_APP_VERSION_MAJOR, MINIMAL_APP_VERSION_MINOR, MINIMAL_APP_VERSION_MICRO)
56 
57  void register_all(std::map<std::string, std::unique_ptr<device>> &registry);
58 
59  #ifdef WITH_DEVICE_LEDGER
60 
61  namespace {
62  bool apdu_verbose =true;
63  }
64 
65  void set_apdu_verbose(bool verbose);
66 
67  class ABPkeys {
68  public:
69  rct::key Aout;
70  rct::key Bout;
71  bool is_subaddress;
72  bool is_change_address;
73  bool additional_key ;
74  size_t index;
75  rct::key Pout;
76  rct::key AKout;
77  ABPkeys(const rct::key& A, const rct::key& B, const bool is_subaddr, bool is_subaddress, bool is_change_address, size_t index, const rct::key& P,const rct::key& AK);
78  ABPkeys(const ABPkeys& keys) ;
79  ABPkeys() {index=0;is_subaddress=false;is_change_address=false;additional_key=false;}
80  ABPkeys &operator=(const ABPkeys &keys);
81  };
82 
83  class Keymap {
84  public:
85  std::vector<ABPkeys> ABP;
86 
87  bool find(const rct::key& P, ABPkeys& keys) const;
88  void add(const ABPkeys& keys);
89  void clear();
90  void log();
91  };
92 
93  class SecHMAC {
94  public:
95  uint32_t sec[32];
96  uint32_t hmac[32];
97 
98  SecHMAC(const uint8_t s[32], const uint8_t m[32]);
99 
100  };
101 
102  class HMACmap {
103  public:
104  std::vector<SecHMAC> hmacs;
105 
106  void find_mac(const uint8_t sec[32], uint8_t hmac[32]) ;
107  void add_mac(const uint8_t sec[32], const uint8_t hmac[32]) ;
108  void clear() ;
109  };
110 
111 
112  #define BUFFER_SEND_SIZE 262
113  #define BUFFER_RECV_SIZE 262
114 
115  class device_ledger : public hw::device {
116  private:
117  // Locker for concurrent access
118  mutable boost::recursive_mutex device_locker;
119  mutable boost::mutex command_locker;
120 
121  //IO
122  hw::io::device_io_hid hw_device;
123  unsigned int length_send;
124  unsigned char buffer_send[BUFFER_SEND_SIZE];
125  unsigned int length_recv;
126  unsigned char buffer_recv[BUFFER_RECV_SIZE];
127  unsigned int sw;
128  unsigned int id;
129  void logCMD(void);
130  void logRESP(void);
131  unsigned int exchange(unsigned int ok=0x9000, unsigned int mask=0xFFFF);
132  unsigned int exchange_wait_on_input(unsigned int ok=0x9000, unsigned int mask=0xFFFF);
133  void reset_buffer(void);
134  int set_command_header(unsigned char ins, unsigned char p1 = 0x00, unsigned char p2 = 0x00);
135  int set_command_header_noopt(unsigned char ins, unsigned char p1 = 0x00, unsigned char p2 = 0x00);
136  void send_simple(unsigned char ins, unsigned char p1 = 0x00);
137  void send_secret(const unsigned char sec[32], int &offset);
138  void receive_secret(unsigned char sec[32], int &offset);
139 
140  // hw running mode
141  device_mode mode;
142  bool tx_in_progress;
143 
144  // map public destination key to ephemeral destination key
145  Keymap key_map;
146  bool add_output_key_mapping(const crypto::public_key &Aout, const crypto::public_key &Bout, const bool is_subaddress, const bool is_change,
147  const bool need_additional, const size_t real_output_index,
148  const rct::key &amount_key, const crypto::public_key &out_eph_public_key);
149  //hmac for some encrypted value
150  HMACmap hmac_map;
151 
152  // To speed up blockchain parsing the view key maybe handle here.
153  crypto::secret_key viewkey;
154  bool has_view_key;
155 
156  //extra debug
157  #ifdef DEBUG_HWDEVICE
158  device *controle_device;
159  #endif
160 
161  public:
162  device_ledger();
163  ~device_ledger();
164 
165  device_ledger(const device_ledger &device) = delete ;
166  device_ledger& operator=(const device_ledger &device) = delete;
167 
168  explicit operator bool() const override {return this->connected(); }
169 
170  bool reset(void);
171 
172  /* ======================================================================= */
173  /* SETUP/TEARDOWN */
174  /* ======================================================================= */
175  bool set_name(const std::string &name) override;
176 
177  const std::string get_name() const override;
178  bool init(void) override;
179  bool release() override;
180  bool connect(void) override;
181  bool disconnect() override;
182  bool connected(void) const;
183 
184  bool set_mode(device_mode mode) override;
185 
186  device_type get_type() const override {return device_type::LEDGER;};
187  device_protocol_t device_protocol() const override { return PROTOCOL_PROXY; };
188 
189  /* ======================================================================= */
190  /* LOCKER */
191  /* ======================================================================= */
192  void lock(void) override;
193  void unlock(void) override;
194  bool try_lock(void) override;
195 
196  /* ======================================================================= */
197  /* WALLET & ADDRESS */
198  /* ======================================================================= */
199  bool get_public_address(cryptonote::account_public_address &pubkey) override;
200  bool get_secret_keys(crypto::secret_key &viewkey , crypto::secret_key &spendkey) override;
201  bool generate_chacha_key(const cryptonote::account_keys &keys, crypto::chacha_key &key, uint64_t kdf_rounds) override;
202 
203 
204  /* ======================================================================= */
205  /* SUB ADDRESS */
206  /* ======================================================================= */
207  bool derive_subaddress_public_key(const crypto::public_key &pub, const crypto::key_derivation &derivation, const std::size_t output_index, crypto::public_key &derived_pub) override;
208  crypto::public_key get_subaddress_spend_public_key(const cryptonote::account_keys& keys, const cryptonote::subaddress_index& index) override;
209  std::vector<crypto::public_key> get_subaddress_spend_public_keys(const cryptonote::account_keys &keys, uint32_t account, uint32_t begin, uint32_t end) override;
210  cryptonote::account_public_address get_subaddress(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &index) override;
211  crypto::secret_key get_subaddress_secret_key(const crypto::secret_key &sec, const cryptonote::subaddress_index &index) override;
212  crypto::secret_key get_subaddress_private_spendkey(const cryptonote::account_keys& keys, const cryptonote::subaddress_index &subaddr_index) override;
213  crypto::secret_key get_subaddress_private_viewkey(const crypto::secret_key &main_wallet_sec_view, crypto::secret_key &subaddress_sec_spend) override;
214  /* ======================================================================= */
215  /* DERIVATION & KEY */
216  /* ======================================================================= */
217  bool verify_keys(const crypto::secret_key &secret_key, const crypto::public_key &public_key) override;
218  bool scalarmultKey(rct::key & aP, const rct::key &P, const rct::key &a) override;
219  bool scalarmultBase(rct::key &aG, const rct::key &a) override;
220  bool sc_secret_add(crypto::secret_key &r, const crypto::secret_key &a, const crypto::secret_key &b) override;
221  crypto::secret_key generate_keys(crypto::public_key &pub, crypto::secret_key &sec, const crypto::secret_key& recovery_key = crypto::secret_key(), bool recover = false) override;
222  // Mulsub (q - c*x mod l) which takes encrypted q and x
223  bool mulsub_eqx(crypto::ec_scalar& r, const crypto::ec_scalar& c, const crypto::ec_scalar& x, const crypto::ec_scalar& q);
224  bool generate_key_derivation(const crypto::public_key &pub, const crypto::secret_key &sec, crypto::key_derivation &derivation) override;
225  bool conceal_derivation(crypto::key_derivation &derivation, const crypto::public_key &tx_pub_key, const std::vector<crypto::public_key> &additional_tx_pub_keys, const crypto::key_derivation &main_derivation, const std::vector<crypto::key_derivation> &additional_derivations) override;
226  bool derivation_to_scalar(const crypto::key_derivation &derivation, const size_t output_index, crypto::ec_scalar &res) override;
227  bool derive_secret_key(const crypto::key_derivation &derivation, const std::size_t output_index, const crypto::secret_key &sec, crypto::secret_key &derived_sec) override;
228  bool derive_public_key(const crypto::key_derivation &derivation, const std::size_t output_index, const crypto::public_key &pub, crypto::public_key &derived_pub) override;
229  bool secret_key_to_public_key(const crypto::secret_key &sec, crypto::public_key &pub) override;
230  bool generate_key_image(const crypto::public_key &pub, const crypto::secret_key &sec, crypto::key_image &image) override;
231 
232  /* ======================================================================= */
233  /* TRANSACTION */
234  /* ======================================================================= */
235  void generate_tx_proof(const crypto::hash &prefix_hash,
236  const crypto::public_key &R, const crypto::public_key &A, const boost::optional<crypto::public_key> &B, const crypto::public_key &D, const crypto::secret_key &r,
237  crypto::signature &sig) override;
238 
239  bool open_tx(crypto::secret_key &tx_key) override;
240 
241  bool encrypt_payment_id(crypto::hash8 &payment_id, const crypto::public_key &public_key, const crypto::secret_key &secret_key) override;
242 
243  rct::key genCommitmentMask(const rct::key &amount_key) override;
244 
245  bool ecdhEncode(rct::ecdhTuple & unmasked, const rct::key & sharedSec, bool short_format) override;
246  bool ecdhDecode(rct::ecdhTuple & masked, const rct::key & sharedSec, bool short_format) override;
247 
248  bool generate_output_ephemeral_keys(const size_t tx_version, const cryptonote::account_keys &sender_account_keys, const crypto::public_key &txkey_pub, const crypto::secret_key &tx_key,
249  const cryptonote::tx_destination_entry &dst_entr, const boost::optional<cryptonote::account_public_address> &change_addr, const size_t output_index,
250  const bool &need_additional_txkeys, const std::vector<crypto::secret_key> &additional_tx_keys,
251  std::vector<crypto::public_key> &additional_tx_public_keys,
252  std::vector<rct::key> &amount_keys,
253  crypto::public_key &out_eph_public_key) override;
254 
255  bool mlsag_prehash(const std::string &blob, size_t inputs_size, size_t outputs_size, const rct::keyV &hashes, const rct::ctkeyV &outPk, rct::key &prehash) override;
256  bool mlsag_prepare(const rct::key &H, const rct::key &xx, rct::key &a, rct::key &aG, rct::key &aHP, rct::key &rvII) override;
257  bool mlsag_prepare(rct::key &a, rct::key &aG) override;
258  bool mlsag_hash(const rct::keyV &long_message, rct::key &c) override;
259  bool mlsag_sign( const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) override;
260 
261  bool close_tx(void) override;
262 
263  bool get_transaction_prefix_hash(const cryptonote::transaction_prefix& tx, crypto::hash& tx_prefix_hash) override;
264  bool generate_ring_signature(const crypto::hash &prefix_hash, const crypto::key_image &image,
265  const std::vector<const crypto::public_key *> &pubsvector,
266  const crypto::secret_key &sec, std::size_t sec_index,
267  crypto::signature *sig) override;
268  bool generate_input_signature(const crypto::hash &prefix_hash, const uint32_t input_index, const crypto::secret_key sec_view, const crypto::secret_key sec_spend, crypto::signature& signature) override;
269  bool hash_to_scalar(boost::shared_ptr<crypto::rs_comm> buf, size_t length, crypto::ec_scalar &res) override;
270 
271  };
272 
273 
274  #ifdef DEBUG_HWDEVICE
275  extern crypto::secret_key dbg_viewkey;
276  extern crypto::secret_key dbg_spendkey;
277  #endif
278 
279  #endif //WITH_DEVICE_LEDGER
280  }
281 
282 }
283 
const char * res
Definition: hmac_keccak.cpp:41
void derivation_to_scalar(const key_derivation &derivation, size_t output_index, ec_scalar &res)
Definition: crypto.h:279
void derive_secret_key(const key_derivation &derivation, std::size_t output_index, const secret_key &base, secret_key &derived_key)
Definition: crypto.h:282
::std::string string
Definition: gtest-port.h:1097
POD_CLASS key_derivation
Definition: crypto.h:98
void scalarmultKey(key &aP, const key &P, const key &a)
Definition: rctOps.cpp:368
const char * key
Definition: hmac_keccak.cpp:39
epee::mlocked< tools::scrubbed< ec_scalar > > secret_key
Definition: crypto.h:82
void register_all(std::map< std::string, std::unique_ptr< device >> &registry)
void generate_input_signature(const hash prefix_hash, const uint32_t input_index, const secret_key sec_view, const secret_key sec_spend, signature &sig)
Definition: crypto.h:299
unsigned char uint8_t
Definition: stdint.h:124
void ecdhEncode(ecdhTuple &unmasked, const key &sharedSec, bool v2)
Definition: rctOps.cpp:697
const char * name
struct hash_func hashes[]
key genCommitmentMask(const key &sk)
Definition: rctOps.cpp:687
bool generate_key_derivation(const public_key &key1, const secret_key &key2, key_derivation &derivation)
Definition: crypto.h:272
std::vector< key > keyV
Definition: rctTypes.h:88
void generate_tx_proof(const hash &prefix_hash, const public_key &R, const public_key &A, const boost::optional< public_key > &B, const public_key &D, const secret_key &r, signature &sig)
Definition: crypto.h:311
void generate_key_image(const public_key &pub, const secret_key &sec, key_image &image)
Definition: crypto.h:324
unsigned int uint32_t
Definition: stdint.h:126
cryptonote::simple_wallet sw
POD_CLASS ec_scalar
Definition: crypto.h:74
bool derive_subaddress_public_key(const public_key &out_key, const key_derivation &derivation, std::size_t output_index, public_key &result)
Definition: crypto.h:286
void generate_ring_signature(const hash &prefix_hash, const key_image &image, const public_key *const *pubs, std::size_t pubs_count, const secret_key &sec, std::size_t sec_index, signature *sig)
Definition: crypto.h:327
std::vector< ctkey > ctkeyV
Definition: rctTypes.h:100
unsigned __int64 uint64_t
Definition: stdint.h:136
secret_key generate_keys(public_key &pub, secret_key &sec, const secret_key &recovery_key=secret_key(), bool recover=false)
Definition: crypto.h:250
Definition: device.cpp:38
POD_CLASS public_key
Definition: crypto.h:76
const char * buf
Definition: slow_memmem.cpp:74
void ecdhDecode(ecdhTuple &masked, const key &sharedSec, bool v2)
Definition: rctOps.cpp:712
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition: pointer.h:1124
void scalarmultBase(key &aG, const key &a)
Definition: rctOps.cpp:350
POD_CLASS signature
Definition: crypto.h:108
void get_transaction_prefix_hash(const transaction_prefix &tx, crypto::hash &h)
POD_CLASS hash8
Definition: hash.h:53
void hash_to_scalar(const void *data, std::size_t length, crypto::ec_scalar &res)
Definition: crypto.cpp:44
POD_CLASS key_image
Definition: crypto.h:102
Matcher< T > A()
bool derive_public_key(const key_derivation &derivation, std::size_t output_index, const public_key &base, public_key &derived_key)
Definition: crypto.h:275
int bool
Definition: stdbool.h:36
connection< TProtocol > & operator=(const connection< TProtocol > &obj)
bool generate_output_ephemeral_keys(const size_t tx_version, const cryptonote::account_keys &sender_account_keys, const crypto::public_key &txkey_pub, const crypto::secret_key &tx_key, const cryptonote::tx_destination_entry &dst_entr, const boost::optional< cryptonote::account_public_address > &change_addr, const size_t output_index, const bool &need_additional_txkeys, const std::vector< crypto::secret_key > &additional_tx_keys, std::vector< crypto::public_key > &additional_tx_public_keys, std::vector< rct::key > &amount_keys, crypto::public_key &out_eph_public_key)
POD_CLASS hash
Definition: hash.h:50
bool secret_key_to_public_key(const secret_key &sec, public_key &pub)
Definition: crypto.h:262
const char * spendkey
Definition: multisig.cpp:38
void verbose(enum verbosity_value level, const char *format,...) ATTR_FORMAT(printf
int rows
Definition: crypto.h:86