Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
5b4fea7 Copyright: Update to 2023 (mj-xmr)
|
|
|
|
Co-authored-by: plowsof <plowsof@protonmail.com>
extra files
|
|
04a1e28 ledger support for hf 15 (BP+, view tags) (j-berman)
|
|
f7f1445 device: set ledger min app version (selsta)
|
|
4d7f6f5 GCC: fix some unused warnings (Jeffrey Ryan)
|
|
|
|
|
|
hash_extra: don't test for success in `jh_hash` and `skein_hash` since its guaranteed
device_ledger: move anonymous global variable apdu_verbose into .cpp file
Add comments to `refreshed` method variable in wallet2
|
|
|
|
0f7b20a Added support for Ledger Nano S Plus (Mathias Herberts)
|
|
Implements view tags as proposed by @UkoeHB in MRL issue
https://github.com/monero-project/research-lab/issues/73
At tx construction, the sender adds a 1-byte view tag to each
output. The view tag is derived from the sender-receiver
shared secret. When scanning for outputs, the receiver can
check the view tag for a match, in order to reduce scanning
time. When the view tag does not match, the wallet avoids the
more expensive EC operations when deriving the output public
key using the shared secret.
|
|
|
|
|
|
The current code does work by accident, but it might break if
someone uses ASSERT_SW in a different place, or if variables
get renamed.
|
|
|
|
5e63f6c Ledger: member 'mode' was shadowing that of base class (mj-xmr)
|
|
13a8a57 trezor: try empty passphrase first (Dusan Klinec)
|
|
|
|
|
|
- Try empty passphrase first when opening a wallet, as all Trezors will have passphrase enabled by default by Trezor Suite by default.
This feature enables easier access to all users using disabled passphrase (or empty passhprase)
- If wallet address differs from device address with empty passphrase, another opening attempt is made, without passphrase suppression,
so user can enter his passhprase if using some. In this scenario, nothing changes to user, wallet opening just consumes one more call
to Trezor (get wallet address with empty passphrase)
- also change how m_passphrase is used. Previous version did not work well with recent passphrase entry mechanism change (made in Trezor),
thus this commit fixes the behaviour).
|
|
d52d21b ledger: don't lock for software device (tobtoht)
|
|
ce40c33 ledger: use software device if we have view key (tobtoht)
|
|
|
|
|
|
|
|
There are quite a few variables in the code that are no longer
(or perhaps never were) in use. These were discovered by enabling
compiler warnings for unused variables and cleaning them up.
In most cases where the unused variables were the result
of a function call the call was left but the variable
assignment removed, unless it was obvious that it was
a simple getter with no side effects.
|
|
|
|
The scalar z has not been generated on the HW thus it can't be sent
encrypted. The value is derived from the exported private view key.
|
|
|
|
|
|
|
|
|
|
They are allowed from v12, and MLSAGs are rejected from v13.
|
|
267ce5b71 avoid a couple needless copies (moneromooo-monero)
|
|
|
|
|
|
72cdfa4a2 fix a few typos in error messages (moneromooo-monero)
|
|
5ef0607da Update copyright year to 2020 (SomaticFanatic)
|
|
buffer_send[4] (LC) is an unsigned char, len should not
exceed 254 (255 - 1 for the option).
|
|
Reported by adrelanos
|
|
Update copyright year to 2020
|
|
e509ede trezor: adapt to new passphrase mechanism (ph4r05)
|
|
688a3e8 Add timelock verification on device (cslashm)
|
|
- choice where to enter passphrase is now made on the host
- use wipeable string in the comm stack
- wipe passphrase memory
- protocol optimizations, prepare for new firmware version
- minor fixes and improvements
- tests fixes, HF12 support
|
|
|
|
6e1cb5a device: Ledger - fix wide char hidapi error string conversion (xiphon)
|
|
80d5320 Hash domain separation (SarangNoether)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
26f7a26 device: fix ledger requesting secret keys export twice (xiphon)
|
|
Coverity 200185
|
|
Coverity 200183
|
|
|
|
std::logic_error()
|
|
f074b6b device: show address on device display (ph4r05)
|
|
- Trezor: support for device address display (subaddress, integrated address)
- Wallet::API support added
- Simplewallet:
- address device [<index>]
- address new <label> // shows address on device also
- integrated_address [device] <payment_id|address> // new optional "device" arg to display also on the device
|
|
GCC wants operator= aand copy ctor to be both defined, or neither
|
|
c68fe787 device/trezor: add button pressed request (Dusan Klinec)
827f52ad wallet: API changes to enable passphrase entry (Dusan Klinec)
|
|
|
|
|
|
Enhance debug info
|
|
New scheme key destination contrfol
Fix dummy decryption in debug mode
|
|
|
|
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec)
a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec)
d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
|
|
- import only key images generated by cold signing process
- wallet_api: trezor methods added
- wallet: button request code added
- const added to methods
- wallet2::get_tx_key_device() tries to decrypt stored tx private keys using the device.
- simplewallet supports get_tx_key and get_tx_proof on hw device using the get_tx_key feature
- live refresh enables refresh with trezor i.e. computing key images on the fly. More convenient and efficient for users.
- device: has_ki_live_refresh added
- a thread is watching whether live refresh is being computed, if not for 30 seconds, it terminates the live refresh process - switches Trezor state
|
|
|
|
|
|
|
|
|
|
|
|
Implies protocol version management.
|
|
6c060e6a device: proper handling of user input (selsta)
|
|
93c21644 device_ledger: remove full_name variable (selsta)
|
|
Found by knaccc
|
|
(1) If the user denies something on the Ledger,
a proper error message is now shown.
(2) Ledger doesn't time out anymore while waiting
on user input.
(3) Lower the timeout to 2 seconds, this is enough for
normal Ledger <-> System communication.
|
|
This variable was never set, resulting in the
device name always showing as "disconnected".
|
|
d71f89e2 device/trezor: device/trezor: correct device initialization, status check (Dusan Klinec)
65b9bca7 device/trezor: python2 compatibility - bundle dependencies (Dusan Klinec)
9cf636af device/trezor: ask for KI sync on first refresh (Dusan Klinec)
d21dad70 device: enable to use multiple independent device wallets (Dusan Klinec)
318cc784 device/trezor: passphrase entry on host (Dusan Klinec)
|
|
- adds a new option `--hw-device-deriv-path` to the simple wallet. Enables to specify wallet derivation path / wallet code (path avoided so it can be misinterpreted as a file path).
- devices can use different derivation mechanisms. Trezor uses standard SLIP-10 mechanism with fixed SLIP-44 prefix for Monero
- Trezor: when empty, the default derivation mechanism is used with 44'/128'/0'. When entered the derivation path is 44'/128'/PATH.
- Trezor: the path is always taken as elements are hardened (1<<31 bit turned on)
|
|
aee7a4e3 wallet_rpc_server: do not use RPC data if the call failed (moneromooo-monero)
1a0733e5 windows_service: fix memory leak (moneromooo-monero)
0dac3c64 unit_tests: do not rethrow a copy of an exception (moneromooo-monero)
5d9915ab cryptonote: fix get_unit for non default settings (moneromooo-monero)
d4f50cb1 remove some unused code (moneromooo-monero)
61163971 a few minor (but easy) performance tweaks (moneromooo-monero)
30023074 tests: slow_memmem now returns size_t (moneromooo-monero)
|
|
|
|
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required
- callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens
- wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
|
|
Found by codacy.com
|
|
|
|
d6937e37 ringct: use dummy bulletproofs when in fake mode, for speed (moneromooo-monero)
|
|
62f94e1b device_io_hid.cpp: fix copyright header (moneromooo-monero)
|
|
fd62b6e7 blocks: use auto-generated .c files instead of 'LD -r -b binary' (xiphon)
|
|
|
|
|
|
|
|
|
|
|
|
c716a331 device: increase ledger timeout to 2 minutes (selsta)
|
|
bd7b800f device_io_hid: fix DEFAULT_* type (too short) and init time (moneromooo-monero)
|
|
|
|
|
|
8f22e808 device: destroy device objects on exit (moneromooo-monero)
|
|
c5a97315 Remove last traces of libpcsc-lite (moneromooo-monero)
|
|
This reverts commit 79d46c4d551a9b1261801960095bf4d24967211a, reversing
changes made to c9fc61dbb56cca442c775faa2554a7460879b637.
|
|
|
|
|
|
|
|
4d0a8db0 device: fix warnings about overridden functions (moneromooo-monero)
|
|
Remove PCSC dependencies which is a bit hard (not user friendly) to install on linux and Mac
Split Ledger logic and device IO
|
|
|
|
|
|
- device name is a new wallet property
- full device name is now a bit more structured so we can address particular device vendor + device path. Example: 'Ledger', 'Trezor:udp', 'Trezor:udp:127.0.0.1:21324', 'Trezor:bridge:usb01'. The part before ':' identifies HW device implementation, the optional part after ':' is device path to look for.
- new --hw-device parameter added to the wallet, can name the hardware device
- device reconnect added
|
|
|
|
Also constrains bulletproofs to simple rct, for simplicity
|
|
|
|
|
|
|
|
87e158b device_ledger: factor the prologue code (moneromooo-monero)
|
|
34de7bc2 device_ledger: fix buffer underflow on bad data from device (moneromooo-monero)
41e9cab4 device: misc cleanup (moneromooo-monero)
3b4dec2d device_ledger: fix potential buffer overflow from bad size calc (moneromooo-monero)
|
|
0309615 device_ledger: fix bad memory access on connect error (moneromooo-monero)
|
|
|
|
|
|
use snprintf "just in case" where appropriate
consistently use unsigned for temp values
pass std::string by const ref rather than by value
add length check (which can't happen in practice) for memcpy
|
|
|
|
|
|
PR3843 based on release-v0.12 => rebased on master
|
|
|
|
When additional keys was needed, the TX scan failed because the
derivation data was always recomputed with the main tx_key and not
the corresponding additional one.
Moreover this patch avoid perf decreasing when not using HW device.
|
|
0beb94f3 device: fix endianess dependence on subaddress secret key generation (moneromooo-monero)
|
|
On client startup the device asks for authorization to export the private view key.
If user agree, the client hold the private view key allowing a fast blockchain scan.
If the user does not agree, the blockchain scan is fully done via the device.
|
|
Additional cosmetic fixes:
move 'name' as protected
remove unnecessary local var
Fix debug log
|
|
We now force little endianness
|
|
hash: add prehashed version cn_slow_hash_prehashed
slow-hash: let cn_slow_hash take 4th parameter for deciding prehashed or not
slow-hash: add support for prehashed version for the other 3 platforms
|
|
|
|
When #3303 was merged, a cyclic dependency chain was generated:
libdevice <- libcncrypto <- libringct <- libdevice
This was because libdevice needs access to a set of basic crypto operations
implemented in libringct such as scalarmultBase(), while libringct also needs
access to abstracted crypto operations implemented in libdevice such as
ecdhEncode(). To untangle this cyclic dependency chain, this patch splits libringct
into libringct_basic and libringct, where the basic crypto ops previously in
libringct are moved into libringct_basic. The cyclic dependency is now resolved
thanks to this separation:
libcncrypto <- libringct_basic <- libdevice <- libcryptonote_basic <- libringct
This eliminates the need for crypto_device.cpp and rctOps_device.cpp.
Also, many abstracted interfaces of hw::device such as encrypt_payment_id() and
get_subaddress_secret_key() were previously implemented in libcryptonote_basic
(cryptonote_format_utils.cpp) and were then called from hw::core::device_default,
which is odd because libdevice is supposed to be independent of libcryptonote_basic.
Therefore, those functions were moved to device_default.cpp.
|
|
|
|
Fix the way the REAL mode is handle:
Let create_transactions_2 and create_transactions_from construct the vector of transactions.
Then iterate on it and resign.
We just need to add 'outs' list in the TX struct for that.
Fix default secret keys value when DEBUG_HWDEVICE mode is off
The magic value (00...00 for view key and FF..FF for spend key) was not correctly set
when DEBUG_HWDEVICE was off. Both was set to 00...00.
Add sub-address info in ABP map in order to correctly display destination sub-address on device
Fix DEBUG_HWDEVICE mode:
- Fix compilation errors.
- Fix control device init in ledger device.
- Add more log.
Fix sub addr control
Fix debug Info
|
|
|
|
This is the first variant of many, with the intent to improve
Monero's resistance to ASICs and encourage mining decentralization.
|
|
|
|
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.
Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.
The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and the "Ledger", which delegates
all calls to Ledger device.
|