ci/ql: added enable-test-passwd option

cmake: added TEST_PASSWD option (default off)
cmake: added random PASSWD_STR to option
configure: added enable-test-passwd option (default off)
configure: added random PASSWD_STR to option
docs: added note about options
seal: added test_password parameter for software
seal: added TEST_PASSWD and test_password checks
such: added NULL for unused parameter
wallet: added NULL for unused parameter
gitignore: added encrypted store
test: added test_password and TEST_PASSWD check for PASSWD_STR

.github/workflows/ci.yml

@@ -39,15 +39,15 @@ jobs:
             os: ubuntu-20.04
             packages: g++-arm-linux-gnueabihf qemu-user-static qemu-user
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             run-tests: true
             goal: install
           - name: aarch64-linux
             host: aarch64-linux-gnu
             os: ubuntu-20.04
             packages: g++-aarch64-linux-gnu qemu-user-static qemu-user
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared"
+            config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared --enable-test-passwd"
             run-tests: true
             goal: install
           - name: x86_64-linux-dbg
@@ -56,22 +56,22 @@ jobs:
             run-tests: true
             packages: python3-dev python3-dbg python
             dep-opts: "DEBUG=1 SPEED=slow V=1"
-            config-opts: "--enable-debug"
+            config-opts: "--enable-debug --enable-test-passwd"
             goal: install
           - name: x86_64-linux-openenclave
             host: x86_64-pc-linux-gnu
             os: ubuntu-20.04
             run-tests: true
             packages: python3-dev python3-dbg python
             dep-opts: "DEBUG=1 SPEED=slow V=1"
-            config-opts: "--enable-debug --enable-openenclave CFLAGS=-U_FORTIFY_SOURCE"
+            config-opts: "--enable-debug --enable-openenclave --enable-test-passwd CFLAGS=-U_FORTIFY_SOURCE"
             goal: install
           - name: x86_64-macos
             host: x86_64-apple-darwin15
             os: macos-latest
             run-tests: true
             dep-opts: "SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             packages: cmake zlib xorriso
             goal: install
             sdk: 12.2
@@ -99,7 +99,7 @@ jobs:
               sudo update-alternatives --set x86_64-w64-mingw32-g++  /usr/bin/x86_64-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: ""
+            config-opts: "--enable-test-passwd"
             run-tests: true
             goal: install
           - name: i686-win
@@ -121,7 +121,7 @@ jobs:
               sudo update-alternatives --set i686-w64-mingw32-g++  /usr/bin/i686-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
-            config-opts: ""
+            config-opts: "--enable-test-passwd"
             run-tests: true
             goal: install
           - name: i686-linux
@@ -130,7 +130,7 @@ jobs:
             packages: g++-multilib bc
             run-tests: true
             dep-opts: "SPEED=slow V=1"
-            config-opts: "--enable-static --disable-shared"
+            config-opts: "--enable-static --disable-shared --enable-test-passwd"
             goal: install
 
     runs-on: ${{ matrix.os }}

.github/workflows/ql.yml

@@ -62,7 +62,7 @@ jobs:
     - name: build libdogecoin
       run: |
        ./autogen.sh
-       ./configure --prefix=`pwd`/depends/x86_64-pc-linux-gnu
+       ./configure --prefix=`pwd`/depends/x86_64-pc-linux-gnu --enable-test-passwd
        make check -j3 VERBOSE=1
 
     - name: perform codeql analysis

.gitignore

@@ -149,3 +149,7 @@ include/include.am
 # QR
 qrtest.png
 qrtest.jpg
+
+# Store
+store/*
+.store/*

CMakeLists.txt

@@ -28,7 +28,8 @@ SET(WITH_WALLET TRUE CACHE BOOL "enable wallet")
 SET(USE_SSE2 FALSE CACHE BOOL "enable scrypt sse2")
 SET(USE_TPM2 TRUE CACHE BOOL "enable tpm2")
 SET(USE_OPENENCLAVE FALSE CACHE BOOL "enable openenclave")
-SET(TEST_PASSWD TRUE CACHE BOOL "enable test password")
+SET(TEST_PASSWD FALSE CACHE BOOL "enable test password")
+string(RANDOM LENGTH 12 ALPHABET abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 PASSWD_STR)
 SET(RANDOM_DEVICE "/dev/urandom" CACHE STRING "set the device to read random data from")
 
 # Set a default build type if none was specified
@@ -113,6 +114,7 @@ IF(USE_OPENENCLAVE)
 ENDIF()
 IF(TEST_PASSWD)
     ADD_DEFINITIONS(-DTEST_PASSWD=1)
+    ADD_DEFINITIONS(-DPASSWD_STR="${PASSWD_STR}")
 ENDIF()
 
 MESSAGE(STATUS "")
@@ -127,6 +129,9 @@ MESSAGE(STATUS "")
 MESSAGE(STATUS "  USE_SSE2       = ${USE_SSE2}")
 MESSAGE(STATUS "  USE_TPM2       = ${USE_TPM2}")
 MESSAGE(STATUS "  TEST_PASSWD    = ${TEST_PASSWD}")
+IF(TEST_PASSWD)
+MESSAGE(STATUS "                   ${PASSWD_STR}")
+ENDIF()
 MESSAGE(STATUS "")
 MESSAGE(STATUS "  openenclave    = ${USE_OPENENCLAVE}")
 MESSAGE(STATUS "")

configure.ac

@@ -141,9 +141,9 @@ AC_ARG_ENABLE(tests,
 
 AC_ARG_ENABLE([test-passwd],
   [AS_HELP_STRING([--enable-test-passwd],
-  [enable test password for encrypt/decrypt (default is yes)])],
+  [enable test password for encrypt/decrypt (default is no)])],
   [test_passwd=$enableval],
-  [test_passwd=yes])
+  [test_passwd=no])
 
 AC_MSG_CHECKING([for __builtin_expect])
 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],
@@ -190,6 +190,8 @@ fi
 
 if test "x$test_passwd" = xyes; then
   AC_DEFINE_UNQUOTED([TEST_PASSWD],[1],[Define to 1 to enable test password])
+  PASSWD_STR=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 12`
+  AC_DEFINE_UNQUOTED([PASSWD_STR],["$PASSWD_STR"],[Define to set test password])
 fi
 
 if test "x$with_net" = xyes; then
@@ -249,6 +251,9 @@ echo "  with unistring  = $with_unistring"
 echo
 echo "  SSE2 Scrypt     = $use_scrypt_sse2"
 echo "  test password   = $test_passwd"
+if test "x$test_passwd" = xyes; then
+echo "                    $PASSWD_STR"
+fi
 echo
 echo "  openenclave     = $use_openenclave"
 echo

doc/getting_started.md

@@ -52,7 +52,21 @@ At this step there are plenty of flags that can be specified, the two most perti
 ./configure LD_LIBRARY_PATH='path/to/additional/libraries'
 ./configure CFLAGS='-Ipath/to/additional/include/files'
 ```
+If you're building on Windows, you'll need to use `cmake` instead of `./configure`:
 
+```c
+mkdir build
+cd build
+cmake ..
+```
+Another useful flag is `--enable-test-passwd`, which will generate a random password for testing software encryption/decryption. This flag disables the need for a password to be entered when testing TPM encryption/decryption. _Note: this flag is for testing purposes only._ This flag is disabled by default, but can be enabled with the `./configure` command or by using `cmake`:
+```c
+./configure --enable-test-passwd
+```
+```c
+cmake -DTEST_PASSWD=TRUE ..
+```
+## _`--enable-test-passwd` is for **testing purposes only**._
 For a complete list of all different configuration options, you can run the command `./configure --help`.
 
 Finally, once you have configured the library to your liking, it is ready to be built. This can be done with the simple `make` command:

include/dogecoin/seal.h

@@ -40,10 +40,10 @@ LIBDOGECOIN_API dogecoin_bool dogecoin_encrypt_seed_with_tpm (const SEED seed, c
 LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_seed_with_tpm (SEED seed, const int file_num);
 
 /* Encrypt a BIP32 seed with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_encrypt_seed_with_sw (const SEED seed, const size_t size, const int file_num, const dogecoin_bool overwrite);
+LIBDOGECOIN_API dogecoin_bool dogecoin_encrypt_seed_with_sw (const SEED seed, const size_t size, const int file_num, const dogecoin_bool overwrite, const char* test_password);
 
 /* Decrypt a BIP32 seed with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_seed_with_sw (SEED seed, const int file_num);
+LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_seed_with_sw (SEED seed, const int file_num, const char* test_password);
 
 /* Generate a BIP39 mnemonic and encrypt it with the TPM */
 LIBDOGECOIN_API dogecoin_bool dogecoin_generate_mnemonic_encrypt_with_tpm(MNEMONIC mnemonic, const int file_num, const dogecoin_bool overwrite, const char* lang, const char* space, const char* words);
@@ -52,10 +52,10 @@ LIBDOGECOIN_API dogecoin_bool dogecoin_generate_mnemonic_encrypt_with_tpm(MNEMON
 LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_mnemonic_with_tpm(MNEMONIC mnemonic, const int file_num);
 
 /* Generate a BIP39 mnemonic and encrypt it with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_generate_mnemonic_encrypt_with_sw(MNEMONIC mnemonic, const int file_num, const dogecoin_bool overwrite, const char* lang, const char* space, const char* words);
+LIBDOGECOIN_API dogecoin_bool dogecoin_generate_mnemonic_encrypt_with_sw(MNEMONIC mnemonic, const int file_num, const dogecoin_bool overwrite, const char* lang, const char* space, const char* words, const char* test_password);
 
 /* Decrypt a BIP39 mnemonic with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_mnemonic_with_sw(MNEMONIC mnemonic, const int file_num);
+LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_mnemonic_with_sw(MNEMONIC mnemonic, const int file_num, const char* test_password);
 
 /* Generate a BIP32 HD node and encrypt it with the TPM */
 LIBDOGECOIN_API dogecoin_bool dogecoin_generate_hdnode_encrypt_with_tpm(dogecoin_hdnode* out, const int file_num, const dogecoin_bool overwrite);
@@ -64,10 +64,10 @@ LIBDOGECOIN_API dogecoin_bool dogecoin_generate_hdnode_encrypt_with_tpm(dogecoin
 LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_hdnode_with_tpm(dogecoin_hdnode* out, const int file_num);
 
 /* Generate a BIP32 HD node and encrypt it with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_generate_hdnode_encrypt_with_sw(dogecoin_hdnode* out, const int file_num, const dogecoin_bool overwrite);
+LIBDOGECOIN_API dogecoin_bool dogecoin_generate_hdnode_encrypt_with_sw(dogecoin_hdnode* out, const int file_num, const dogecoin_bool overwrite, const char* test_password);
 
 /* Decrypt a BIP32 HD node object with software */
-LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_hdnode_with_sw(dogecoin_hdnode* out, const int file_num);
+LIBDOGECOIN_API dogecoin_bool dogecoin_decrypt_hdnode_with_sw(dogecoin_hdnode* out, const int file_num, const char* test_password);
 
 /* List all encryption keys in the TPM */
 LIBDOGECOIN_API dogecoin_bool dogecoin_list_encryption_keys_in_tpm(wchar_t* names[], size_t* count);

src/cli/such.c

@@ -640,7 +640,7 @@ static void print_usage()
     print_version();
     printf("Usage: such -c <cmd> (-m|-derived_path <bip_derived_path>) (-k|-pubkey <publickey>) (-p|-privkey <privatekey>) (-h|-sighash <sighash type>) \
 (-s|-script <script pubkey>) (-i|-input_index <input index>) (-x|-raw_tx <raw hex tx>) (-o|-account_int <account_int>) (-g|-change_level <change_level>) \
-(-e|-entropy <hex_entropy>) (-n|-mnemonic <seed_phrase>) (-a|-pass_phrase) (-y|-encrypted_file <file_num 0-99>) (-w[--overwrite]) (-b[--silent]) \
+(-e|-entropy <hex_entropy>) (-n|-mnemonic <seed_phrase>) (-a|-pass_phrase) (-y|-encrypted_file <file_num 0-999>) (-w[--overwrite]) (-b[--silent]) \
 (-j[--use_tpm]) (-t[--testnet]) (-r[--regtest])\n");
     printf("Available commands:\n");
     printf("generate_public_key (requires -p <wif>),\n");
@@ -883,7 +883,7 @@ int main(int argc, char* argv[])
 
             else {
                 /* generate and encrypt a new hd master key with software */
-                if (!dogecoin_generate_hdnode_encrypt_with_sw(&node, file_num, overwrite)) {
+                if (!dogecoin_generate_hdnode_encrypt_with_sw(&node, file_num, overwrite, NULL)) {
                     printf("bip32_extended_master_key (-y <file_num>, -j (use_tpm) and -w (overwrite), all optional),\n");
                     return showError("Failed to generate master key in sofware");
                     }
@@ -1229,7 +1229,7 @@ int main(int argc, char* argv[])
 
             else {
                 /* decrypt master key from software */
-                if (dogecoin_decrypt_hdnode_with_sw (&node, file_num) == false) {
+                if (dogecoin_decrypt_hdnode_with_sw (&node, file_num, NULL) == false) {
                     printf("decrypt_master_key (requires -y <file_num>, -j (use_tpm) optional),\n");
                     return showError("failed to decrypt master key with software\n");
                     }
@@ -1277,7 +1277,7 @@ int main(int argc, char* argv[])
 
             else {
                 /* decrypt mnemonic from software */
-                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num) == false) {
+                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num, NULL) == false) {
                     printf("decrypt_mnemonic (requires -y <file_num>, -j (use_tpm) optional),\n");
                     return showError("failed to decrypt mnemonic with software\n");
                     }
@@ -1318,7 +1318,7 @@ int main(int argc, char* argv[])
 
             else {
                 /* get mnemonic from software */
-                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num) == false) {
+                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num, NULL) == false) {
                     printf("mnemonic_to_key (requires -y <file_num>, -j (use_tpm) optional),\n");
                     return showError("failed to decrypt mnemonic with software\n");
                     }
@@ -1397,7 +1397,7 @@ int main(int argc, char* argv[])
 
             else {
                 /* get mnemonic from software */
-                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num) == false) {
+                if (dogecoin_decrypt_mnemonic_with_sw (mnemonic, file_num, NULL) == false) {
                     printf("mnemonic_to_addresses (requires -y <file_num>, -j (use_tpm), -o <account_int>, -g <change_level>, -i <address_index> and -a, all optional),\n");
                     return showError("failed to decrypt mnemonic with software\n");
                     }