From 8aba0d4b4cfdf0103c7bb3096efc45224ad6de6d Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 7 Nov 2016 19:28:15 +0000 Subject: [PATCH] wallet: encrypt outputs and key images files with the view key This key is available to both cold and hot wallet. Authenticated encryption will guard against interception and/or modification of the file. --- src/simplewallet/simplewallet.cpp | 57 +++++++++++++++++++++++-------- src/wallet/wallet2.cpp | 55 +++++++++++++++++++++++++++++ src/wallet/wallet2.h | 6 ++++ 3 files changed, 104 insertions(+), 14 deletions(-) diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 12a04ee8..ce1dac71 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -77,8 +77,8 @@ typedef cryptonote::simple_wallet sw; #define DEFAULT_MIX 4 -#define KEY_IMAGE_EXPORT_FILE_MAGIC "Monero key image export\001" -#define OUTPUT_EXPORT_FILE_MAGIC "Monero output export\001" +#define KEY_IMAGE_EXPORT_FILE_MAGIC "Monero key image export\002" +#define OUTPUT_EXPORT_FILE_MAGIC "Monero output export\002" // workaround for a suspected bug in pthread/kernel on MacOS X #ifdef __APPLE__ @@ -4018,8 +4018,10 @@ bool simple_wallet::export_key_images(const std::vector &args) try { std::vector> ski = m_wallet->export_key_images(); - std::string data(KEY_IMAGE_EXPORT_FILE_MAGIC, strlen(KEY_IMAGE_EXPORT_FILE_MAGIC)); + std::string magic(KEY_IMAGE_EXPORT_FILE_MAGIC, strlen(KEY_IMAGE_EXPORT_FILE_MAGIC)); const cryptonote::account_public_address &keys = m_wallet->get_account().get_keys().m_account_address; + + std::string data; data += std::string((const char *)&keys.m_spend_public_key, sizeof(crypto::public_key)); data += std::string((const char *)&keys.m_view_public_key, sizeof(crypto::public_key)); for (const auto &i: ski) @@ -4027,7 +4029,10 @@ bool simple_wallet::export_key_images(const std::vector &args) data += std::string((const char *)&i.first, sizeof(crypto::key_image)); data += std::string((const char *)&i.second, sizeof(crypto::signature)); } - bool r = epee::file_io_utils::save_string_to_file(filename, data); + + // encrypt data, keep magic plaintext + std::string ciphertext = m_wallet->encrypt_with_view_secret_key(data); + bool r = epee::file_io_utils::save_string_to_file(filename, magic + ciphertext); if (!r) { fail_msg_writer() << tr("failed to save file ") << filename; @@ -4067,14 +4072,25 @@ bool simple_wallet::import_key_images(const std::vector &args) fail_msg_writer() << "Bad key image export file magic in " << filename; return true; } - const size_t headerlen = magiclen + 2 * sizeof(crypto::public_key); + + try + { + data = m_wallet->decrypt_with_view_secret_key(std::string(data, magiclen)); + } + catch (const std::exception &e) + { + fail_msg_writer() << "Failed to decrypt " << filename << ": " << e.what(); + return true; + } + + const size_t headerlen = 2 * sizeof(crypto::public_key); if (data.size() < headerlen) { fail_msg_writer() << "Bad data size from file " << filename; return true; } - const crypto::public_key &public_spend_key = *(const crypto::public_key*)&data[magiclen]; - const crypto::public_key &public_view_key = *(const crypto::public_key*)&data[magiclen + sizeof(crypto::public_key)]; + const crypto::public_key &public_spend_key = *(const crypto::public_key*)&data[0]; + const crypto::public_key &public_view_key = *(const crypto::public_key*)&data[sizeof(crypto::public_key)]; const cryptonote::account_public_address &keys = m_wallet->get_account().get_keys().m_account_address; if (public_spend_key != keys.m_spend_public_key || public_view_key != keys.m_view_public_key) { @@ -4133,11 +4149,13 @@ bool simple_wallet::export_outputs(const std::vector &args) boost::archive::binary_oarchive ar(oss); ar << outs; - std::string data(OUTPUT_EXPORT_FILE_MAGIC, strlen(OUTPUT_EXPORT_FILE_MAGIC)); + std::string magic(OUTPUT_EXPORT_FILE_MAGIC, strlen(OUTPUT_EXPORT_FILE_MAGIC)); const cryptonote::account_public_address &keys = m_wallet->get_account().get_keys().m_account_address; - data += std::string((const char *)&keys.m_spend_public_key, sizeof(crypto::public_key)); - data += std::string((const char *)&keys.m_view_public_key, sizeof(crypto::public_key)); - bool r = epee::file_io_utils::save_string_to_file(filename, data + oss.str()); + std::string header; + header += std::string((const char *)&keys.m_spend_public_key, sizeof(crypto::public_key)); + header += std::string((const char *)&keys.m_view_public_key, sizeof(crypto::public_key)); + std::string ciphertext = m_wallet->encrypt_with_view_secret_key(header + oss.str()); + bool r = epee::file_io_utils::save_string_to_file(filename, magic + ciphertext); if (!r) { fail_msg_writer() << tr("failed to save file ") << filename; @@ -4177,14 +4195,25 @@ bool simple_wallet::import_outputs(const std::vector &args) fail_msg_writer() << "Bad output export file magic in " << filename; return true; } - const size_t headerlen = magiclen + 2 * sizeof(crypto::public_key); + + try + { + data = m_wallet->decrypt_with_view_secret_key(std::string(data, magiclen)); + } + catch (const std::exception &e) + { + fail_msg_writer() << "Failed to decrypt " << filename << ": " << e.what(); + return true; + } + + const size_t headerlen = 2 * sizeof(crypto::public_key); if (data.size() < headerlen) { fail_msg_writer() << "Bad data size from file " << filename; return true; } - const crypto::public_key &public_spend_key = *(const crypto::public_key*)&data[magiclen]; - const crypto::public_key &public_view_key = *(const crypto::public_key*)&data[magiclen + sizeof(crypto::public_key)]; + const crypto::public_key &public_spend_key = *(const crypto::public_key*)&data[0]; + const crypto::public_key &public_view_key = *(const crypto::public_key*)&data[sizeof(crypto::public_key)]; const cryptonote::account_public_address &keys = m_wallet->get_account().get_keys().m_account_address; if (public_spend_key != keys.m_spend_public_key || public_view_key != keys.m_view_public_key) { diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index f57a8d2c..2a4b6fbf 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -4410,6 +4410,61 @@ size_t wallet2::import_outputs(const std::vector(); + ciphertext.resize(plaintext.size() + sizeof(iv) + (authenticated ? sizeof(crypto::signature) : 0)); + crypto::chacha8(plaintext.data(), plaintext.size(), key, iv, &ciphertext[sizeof(iv)]); + memcpy(&ciphertext[0], &iv, sizeof(iv)); + if (authenticated) + { + crypto::hash hash; + crypto::cn_fast_hash(ciphertext.data(), ciphertext.size() - sizeof(signature), hash); + crypto::public_key pkey; + crypto::secret_key_to_public_key(skey, pkey); + crypto::signature &signature = *(crypto::signature*)&ciphertext[ciphertext.size() - sizeof(crypto::signature)]; + crypto::generate_signature(hash, pkey, skey, signature); + } + return std::move(ciphertext); +} +//---------------------------------------------------------------------------------------------------- +std::string wallet2::encrypt_with_view_secret_key(const std::string &plaintext, bool authenticated) const +{ + return encrypt(plaintext, get_account().get_keys().m_view_secret_key, authenticated); +} +//---------------------------------------------------------------------------------------------------- +std::string wallet2::decrypt(const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated) const +{ + THROW_WALLET_EXCEPTION_IF(ciphertext.size() < sizeof(chacha8_iv), + error::wallet_internal_error, "key_image generated ephemeral public key not matched with output_key"); + + crypto::chacha8_key key; + crypto::generate_chacha8_key(&skey, sizeof(skey), key); + const crypto::chacha8_iv &iv = *(const crypto::chacha8_iv*)&ciphertext[0]; + std::string plaintext; + plaintext.resize(ciphertext.size() - sizeof(iv) - (authenticated ? sizeof(crypto::signature) : 0)); + if (authenticated) + { + crypto::hash hash; + crypto::cn_fast_hash(ciphertext.data(), ciphertext.size() - sizeof(signature), hash); + crypto::public_key pkey; + crypto::secret_key_to_public_key(skey, pkey); + const crypto::signature &signature = *(const crypto::signature*)&ciphertext[ciphertext.size() - sizeof(crypto::signature)]; + THROW_WALLET_EXCEPTION_IF(!crypto::check_signature(hash, pkey, signature), + error::wallet_internal_error, "Failed to authenticate criphertext"); + } + crypto::chacha8(ciphertext.data() + sizeof(iv), ciphertext.size() - sizeof(iv), key, iv, &plaintext[0]); + return std::move(plaintext); +} +//---------------------------------------------------------------------------------------------------- +std::string wallet2::decrypt_with_view_secret_key(const std::string &ciphertext, bool authenticated) const +{ + return decrypt(ciphertext, get_account().get_keys().m_view_secret_key, authenticated); +} +//---------------------------------------------------------------------------------------------------- void wallet2::generate_genesis(cryptonote::block& b) { if (m_testnet) { diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index b34db0b6..552d2e5b 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -480,6 +480,12 @@ namespace tools uint64_t import_key_images(const std::vector> &signed_key_images, uint64_t &spent, uint64_t &unspent); void update_pool_state(); + + std::string encrypt(const std::string &plaintext, const crypto::secret_key &skey, bool authenticated = true) const; + std::string encrypt_with_view_secret_key(const std::string &plaintext, bool authenticated = true) const; + std::string decrypt(const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated = true) const; + std::string decrypt_with_view_secret_key(const std::string &ciphertext, bool authenticated = true) const; + private: /*! * \brief Stores wallet information to wallet file.