ci: added openenclave and encrypt test targets

cmake: added encrypt test option and updated test_passwd option (default off)
configure: added encrypt test option and updated test_passwd option (default off)
openenclave: updated include and lib paths
docs: added note about test_passwd option (--enable-test-passwd)
test: added TEST_ENCRYPT check for test_tpm
gitignore: added encrypted store

.github/workflows/ci.yml

@@ -25,14 +25,20 @@ jobs:
       matrix:
         name:
           - armhf-linux
+          - armhf-linux-test-encrypt
           - aarch64-linux
+          - aarch64-linux-test-encrypt
           - x86_64-linux-dbg
           - x86_64-linux-openenclave
           - x86_64-macos
+          - x86_64-macos-test-encrypt
           # - arm64-macos
           - x86_64-win
+          - x86_64-win-test-encrypt
           - i686-win
+          - i686-win-test-encrypt
           - i686-linux
+          - i686-linux-openenclave
         include:
           - name: armhf-linux
             host: arm-linux-gnueabihf
@@ -42,6 +48,14 @@ jobs:
             config-opts: "--enable-static --disable-shared"
             run-tests: true
             goal: install
+          - name: armhf-linux-test-encrypt
+            host: arm-linux-gnueabihf
+            os: ubuntu-20.04
+            packages: g++-arm-linux-gnueabihf qemu-user-static qemu-user
+            dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
+            config-opts: "--enable-static --disable-shared --enable-test-encrypt --enable-test-passwd"
+            run-tests: true
+            goal: install
           - name: aarch64-linux
             host: aarch64-linux-gnu
             os: ubuntu-20.04
@@ -50,6 +64,14 @@ jobs:
             config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared"
             run-tests: true
             goal: install
+          - name: aarch64-linux-test-encrypt
+            host: aarch64-linux-gnu
+            os: ubuntu-20.04
+            packages: g++-aarch64-linux-gnu qemu-user-static qemu-user
+            dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
+            config-opts: "LIBS='-levent_pthreads' --enable-static --disable-shared --enable-test-encrypt --enable-test-passwd"
+            run-tests: true
+            goal: install
           - name: x86_64-linux-dbg
             host: x86_64-pc-linux-gnu
             os: ubuntu-20.04
@@ -64,7 +86,7 @@ jobs:
             run-tests: true
             packages: python3-dev python3-dbg python
             dep-opts: "DEBUG=1 SPEED=slow V=1"
-            config-opts: "--enable-debug --enable-openenclave CFLAGS=-U_FORTIFY_SOURCE"
+            config-opts: "--enable-debug --enable-test-encrypt --enable-test-passwd --enable-openenclave CFLAGS=-U_FORTIFY_SOURCE"
             goal: install
           - name: x86_64-macos
             host: x86_64-apple-darwin15
@@ -77,6 +99,17 @@ jobs:
             sdk: 12.2
             sdk-build: 12B45b
             sdk-shasum: "df75d30ecafc429e905134333aeae56ac65fac67cb4182622398fd717df77619"
+          - name: x86_64-macos-test-encrypt
+            host: x86_64-apple-darwin15
+            os: macos-latest
+            run-tests: true
+            dep-opts: "SPEED=slow V=1"
+            config-opts: "--enable-static --disable-shared --enable-test-encrypt --enable-test-passwd"
+            packages: cmake zlib xorriso
+            goal: install
+            sdk: 12.2
+            sdk-build: 12B45b
+            sdk-shasum: "df75d30ecafc429e905134333aeae56ac65fac67cb4182622398fd717df77619"
           # - name: arm64-macos
           #   host: arm64-apple-darwin
           #   os: macos-latest
@@ -102,6 +135,20 @@ jobs:
             config-opts: ""
             run-tests: true
             goal: install
+          - name: x86_64-win-test-encrypt
+            host: x86_64-w64-mingw32
+            arch: i386
+            os: ubuntu-20.04
+            packages: python3 nsis g++-mingw-w64-x86-64 wine64 wine-stable bc wine-binfmt
+            postinstall: |
+              sudo dpkg -s mono-runtime && sudo apt-get remove mono-runtime || echo "Very nothing to uninstall."
+              sudo update-alternatives --set x86_64-w64-mingw32-gcc  /usr/bin/x86_64-w64-mingw32-gcc-posix
+              sudo update-alternatives --set x86_64-w64-mingw32-g++  /usr/bin/x86_64-w64-mingw32-g++-posix
+              sudo update-binfmts --import /usr/share/binfmts/wine
+            dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
+            config-opts: "--enable-test-encrypt --enable-test-passwd"
+            run-tests: true
+            goal: install
           - name: i686-win
             host: i686-w64-mingw32
             arch: i386
@@ -124,6 +171,28 @@ jobs:
             config-opts: ""
             run-tests: true
             goal: install
+          - name: i686-win-test-encrypt
+            host: i686-w64-mingw32
+            arch: i386
+            os: ubuntu-20.04
+            packages: python3-pip python3-setuptools nsis g++ g++-mingw-w64-i686 mingw-w64-i686-dev wine-stable winehq-stable bc wine-binfmt binfmt-support
+            preinstall: |
+              OS_FLAVOR=$(cat /etc/*ease | grep UBUNTU_CODENAME | cut -d "=" -f 2)
+              if [ ! -d "/etc/apt/keyrings" ]; then sudo mkdir -pm755 /etc/apt/keyrings; fi
+              sudo wget -O /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
+              sudo wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/$OS_FLAVOR/winehq-$OS_FLAVOR.sources
+              sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
+              sudo apt-get update -qq
+              sudo apt-get install -yqq --allow-downgrades libgd3/focal libpcre2-8-0/focal libpcre2-16-0/focal libpcre2-32-0/focal libpcre2-posix2/focal
+              sudo apt-get purge -yqq libmono* moby* mono* php* libgdiplus libpcre2-posix3 libzip4
+            postinstall: |
+              sudo update-alternatives --set i686-w64-mingw32-gcc /usr/bin/i686-w64-mingw32-gcc-posix
+              sudo update-alternatives --set i686-w64-mingw32-g++  /usr/bin/i686-w64-mingw32-g++-posix
+              sudo update-binfmts --import /usr/share/binfmts/wine
+            dep-opts: "CROSS_COMPILE='yes' SPEED=slow V=1"
+            config-opts: "--enable-test-encrypt --enable-test-passwd"
+            run-tests: true
+            goal: install
           - name: i686-linux
             host: i686-pc-linux-gnu
             os: ubuntu-20.04
@@ -132,6 +201,14 @@ jobs:
             dep-opts: "SPEED=slow V=1"
             config-opts: "--enable-static --disable-shared"
             goal: install
+          - name: i686-linux-openenclave
+            host: i686-pc-linux-gnu
+            os: ubuntu-20.04
+            packages: g++-multilib bc
+            run-tests: true
+            dep-opts: "SPEED=slow V=1"
+            config-opts: "--enable-static --disable-shared --enable-test-encrypt --enable-test-passwd --enable-openenclave CFLAGS=-U_FORTIFY_SOURCE"
+            goal: install
 
     runs-on: ${{ matrix.os }}
 
@@ -147,7 +224,7 @@ jobs:
 
       - name: install packages
         run: |
-          if ([ "${{ matrix.name }}" == "x86_64-macos" ] || [ "${{ matrix.name }}" == "arm64-macos" ]); then
+          if ([ "${{ matrix.name }}" == "x86_64-macos" ] || [ "${{ matrix.name }}" == "arm64-macos" || [ "${{ matrix.name }}" == "x86_64-macos-test-encrypt" ]); then
               brew update
               brew install automake coreutils ${{ matrix.packages }}
               echo PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH" >> ~/.bashrc
@@ -216,7 +293,7 @@ jobs:
           build_dir=./build/libdogecoin-${{ github.sha }}-${{ matrix.name }}
           make -j"$(getconf _NPROCESSORS_ONLN)" SPEED=slow V=1
           mkdir -p $build_dir/bin $build_dir/docs $build_dir/examples $build_dir/include $build_dir/lib
-          if ([ "${{ matrix.name }}" == "x86_64-win" ] || [ "${{ matrix.name }}" == "i686-win" ]); then
+          if ([ "${{ matrix.name }}" == "x86_64-win" ] || [ "${{ matrix.name }}" == "i686-win" ] || [ "${{ matrix.name }}" == "x86_64-win-test-encrypt" ] || [ "${{ matrix.name }}" == "i686-win-test-encrypt" ]); then
               cp spvnode.exe such.exe sendtx.exe $build_dir/bin/
           else
               cp spvnode such sendtx $build_dir/bin/
@@ -239,14 +316,20 @@ jobs:
               "armhf-linux")
               qemu-arm -E LD_LIBRARY_PATH=/usr/arm-linux-gnueabihf/lib/ /usr/arm-linux-gnueabihf/lib/ld-linux-armhf.so.3 ./tests
               ;;
+              "armhf-linux-test-encrypt")
+              qemu-arm -E LD_LIBRARY_PATH=/usr/arm-linux-gnueabihf/lib/ /usr/arm-linux-gnueabihf/lib/ld-linux-armhf.so.3 ./tests
+              ;;
               "aarch64-linux")
               qemu-aarch64 -E LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib/ /usr/aarch64-linux-gnu/lib/ld-linux-aarch64.so.1 ./tests
               ;;
+              "aarch64-linux-test-encrypt")
+              qemu-aarch64 -E LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib/ /usr/aarch64-linux-gnu/lib/ld-linux-aarch64.so.1 ./tests
+              ;;
               "x86_64-linux-dbg")
               make check -j"$(getconf _NPROCESSORS_ONLN)" V=1
               python3 tooltests.py
               ;;
-              "x86_64-linux-openenclave")
+              "x86_64-linux-openenclave" | "i686-linux-openenclave")
               make check -j"$(getconf _NPROCESSORS_ONLN)" V=1
               python3 tooltests.py
               sudo make install

.gitignore

@@ -149,3 +149,7 @@ include/include.am
 # QR
 qrtest.png
 qrtest.jpg
+
+# Store
+store/*
+.store/*

CMakeLists.txt

@@ -28,7 +28,8 @@ SET(WITH_WALLET TRUE CACHE BOOL "enable wallet")
 SET(USE_SSE2 FALSE CACHE BOOL "enable scrypt sse2")
 SET(USE_TPM2 TRUE CACHE BOOL "enable tpm2")
 SET(USE_OPENENCLAVE FALSE CACHE BOOL "enable openenclave")
-SET(TEST_PASSWD TRUE CACHE BOOL "enable test password")
+SET(TEST_ENCRYPT TRUE CACHE BOOL "enable test encrypt")
+SET(TEST_PASSWD FALSE CACHE BOOL "enable test password")
 SET(RANDOM_DEVICE "/dev/urandom" CACHE STRING "set the device to read random data from")
 
 # Set a default build type if none was specified
@@ -111,6 +112,9 @@ ENDIF()
 IF(USE_OPENENCLAVE)
     ADD_DEFINITIONS(-DUSE_OPENENCLAVE=1)
 ENDIF()
+IF(TEST_ENCRYPT)
+    ADD_DEFINITIONS(-DTEST_ENCRYPT=1)
+ENDIF()
 IF(TEST_PASSWD)
     ADD_DEFINITIONS(-DTEST_PASSWD=1)
 ENDIF()
@@ -126,6 +130,7 @@ MESSAGE(STATUS "  WITH_WALLET    = ${WITH_WALLET}")
 MESSAGE(STATUS "")
 MESSAGE(STATUS "  USE_SSE2       = ${USE_SSE2}")
 MESSAGE(STATUS "  USE_TPM2       = ${USE_TPM2}")
+MESSAGE(STATUS "  TEST_ENCRYPT   = ${TEST_ENCRYPT}")
 MESSAGE(STATUS "  TEST_PASSWD    = ${TEST_PASSWD}")
 MESSAGE(STATUS "")
 MESSAGE(STATUS "  openenclave    = ${USE_OPENENCLAVE}")

configure.ac

@@ -139,11 +139,17 @@ AC_ARG_ENABLE(tests,
   [use_tests=$enableval],
   [use_tests=yes])
 
+AC_ARG_ENABLE([test-encrypt],
+  [AS_HELP_STRING([--enable-test-encrypt],
+  [disable test encrypt/decrypt (default is no)])],
+  [test_encrypt=$enableval],
+  [test_encrypt=no])
+
 AC_ARG_ENABLE([test-passwd],
   [AS_HELP_STRING([--enable-test-passwd],
-  [enable test password for encrypt/decrypt (default is yes)])],
+  [enable test password for encrypt/decrypt (default is no)])],
   [test_passwd=$enableval],
-  [test_passwd=yes])
+  [test_passwd=no])
 
 AC_MSG_CHECKING([for __builtin_expect])
 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],
@@ -188,6 +194,10 @@ if test "x$enable_debug" = xyes; then
   AC_DEFINE_UNQUOTED([ENABLE_DEBUG],[1],[Define to 1 to enable debug output])
 fi
 
+if test "x$test_encrypt" = xyes; then
+  AC_DEFINE_UNQUOTED([TEST_ENCRYPT],[1],[Define to 1 to enable test encrypt/decrypt])
+fi
+
 if test "x$test_passwd" = xyes; then
   AC_DEFINE_UNQUOTED([TEST_PASSWD],[1],[Define to 1 to enable test password])
 fi
@@ -248,6 +258,7 @@ echo "  with wallet     = $with_wallet"
 echo "  with unistring  = $with_unistring"
 echo
 echo "  SSE2 Scrypt     = $use_scrypt_sse2"
+echo "  test encrypt    = $test_encrypt"
 echo "  test password   = $test_passwd"
 echo
 echo "  openenclave     = $use_openenclave"

doc/getting_started.md

@@ -53,6 +53,13 @@ At this step there are plenty of flags that can be specified, the two most perti
 ./configure CFLAGS='-Ipath/to/additional/include/files'
 ```
 
+Another useful flag is `--enable-test-passwd`, which will enable a test password for encrypting and decrypting mnemonics and private keys.
+```c
+./configure --enable-test-passwd
+```
+
+### `--enable-test-passwd` is for **testing purposes only** and should never be used in production.
+
 For a complete list of all different configuration options, you can run the command `./configure --help`.
 
 Finally, once you have configured the library to your liking, it is ready to be built. This can be done with the simple `make` command:

src/openenclave/enclave/CMakeLists.txt

@@ -19,10 +19,24 @@ endif ()
 target_compile_definitions(enclave PUBLIC OE_API_VERSION=2)
 
 # Need for the generated file libdogecoin_t.h
-target_include_directories(enclave PRIVATE ${CMAKE_CURRENT_BINARY_DIR} /usr/local/include/dogecoin ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/include/dogecoin)
+target_include_directories(enclave PRIVATE
+${CMAKE_CURRENT_BINARY_DIR}
+/usr/local/include/dogecoin
+${CMAKE_SOURCE_DIR}/../../depends/i686-pc-linux-gnu/include/dogecoin
+${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/include/dogecoin
+)
 
 # Add search paths to find the enclave libraries.
-target_link_directories(enclave PRIVATE /lib/x86_64-linux-gnu/ /lib64/ /usr/local/lib /usr/lib/x86_64-linux-gnu ${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/lib)
+target_link_directories(enclave PRIVATE
+/lib/i686-pc-linux-gnu
+/lib/x86_64-linux-gnu
+/lib64/
+/usr/local/lib
+/usr/lib/i686-pc-linux-gnu
+/usr/lib/x86_64-linux-gnu
+${CMAKE_SOURCE_DIR}/../../depends/i686-pc-linux-gnu/lib
+${CMAKE_SOURCE_DIR}/../../depends/x86_64-pc-linux-gnu/lib
+)
 
 if (LVI_MITIGATION MATCHES ControlFlow)
   # Helper to enable compiler options for LVI mitigation.

test/unittester.c

@@ -140,7 +140,9 @@ int main()
     u_run_test(test_sha_hmac);
     u_run_test(test_signmsg);
     u_run_test(test_signmsg_ext);
+#if TEST_ENCRYPT
     u_run_test(test_tpm);
+#endif
     u_run_test(test_transaction);
     u_run_test(test_tx_serialization);
     u_run_test(test_invalid_tx_deser);