Merge branch 'secrets_handling' of gitea.rho.la:cheng/wallet into secrets_handling

src/frame.cpp

@@ -505,6 +505,28 @@ void Frame::NewWalletDisplay(const wxFileName& filename, const char* human_legib
 void Frame::OnSaveNew(wxCommandEvent& WXUNUSED(event))
 {
 	wxFileName wxFileWallet = GetPathForNewWallet();
+	wxMessageDialog dlg(singletonFrame,
+		std::string(R"|(Do you want to write down the secret and
+set its password and security handling now?
+(you can always do this later, but you need to
+do it before your wallet has something worth
+stealing or something that you want to backup
+because it would be bad to lose it.)
+Master Secret:
+)|") + DeriveWordListSecret(),
+		R"|(strong master secret created)|",
+		wxNO_DEFAULT| wxYES_NO | wxCANCEL |wxCENTRE
+	);
+	auto retval = dlg.ShowModal();  //Possible return values wxID_YES, wxID_NO, wxID_OK or wxID_CANCEL
+	if (retval == wxID_CANCEL)throw MyException(WalletCreationCancelled_sz);
+	if (retval == wxID_YES) {
+		wxMessageDialog dlg(singletonFrame,
+			"mISSING CODE TO SET SECURITY PROPERTIES",
+			"SET SECURITY CAPTION",
+			wxOK | wxCENTRE
+		);
+		auto retval=dlg.ShowModal(); //Possible return values wxID_OK or wxID_CANCEL
+	}
 	NewWalletDisplay(wxFileWallet, wxFileWallet.GetFullPath().ToUTF8());
 }
 

src/localization.cpp

@@ -147,6 +147,7 @@ OversizeBase58String::OversizeBase58String() noexcept :
 
 
 const char FailureToThrowExpectedException_sz[]{ "Exception not thrown for deliberate error in unit test" };
+const char WalletCreationCancelled_sz[]{ R"|(Creation of new master secret and wallet cancelled)|" };
 
 
 //	Random words for the passphrase.

src/localization.h

@@ -14,7 +14,7 @@
 //	so unicode does not matter but it did a short time ago, and when we get
 //	around to localization, providing several versions of the localization
 //	file in several languages, it will matter again.  Since network is utf8
-//	the whole program has to be utf, even if localization not an issue.
+//	the whole program has to be utf8, even if localization not an issue.
 
 //Menu strings
 struct menu_string {
@@ -74,6 +74,7 @@ inline constexpr auto sz_public_key_of{ R"|(Public key of ")|" };
 inline constexpr auto sz_fails_to_correspond{ R"|(" fails to correspond to master secret.
 This wallet cannot communicate as this identity.)|" };
 constexpr auto sz_unexpected_error{ R"|(unexpected error)|" };
+extern const char WalletCreationCancelled_sz[];
 
 //Command line parameters
 extern const wchar_t wsz_commandLineLogo[];

src/secrets.cpp

@@ -30,6 +30,25 @@ std::array<char, 27> DeriveTextSecret(const scalar & blob, uint_fast64_t i){
 	return txt;
 }
 
+std::string DeriveWordListSecret() {
+	randombytes_stir();
+	std::array<char, 256> buff;
+	std::array<byte, 32> rand;
+	randombytes_buf(rand);
+	hash<256> h(rand);  //works with std::array, does not work with C style arrays because of decay to pointer.
+	char* p = &buff[0];
+	auto rnd{ static_cast<const uint16_t*> (static_cast<const void*>(&h)) };
+	auto end{ rnd + 12 };
+	static_assert(0x800 == sizeofwordlist);
+	for (; rnd < end; rnd++) {
+		const char* q = ar_sz_bip_0039_wordlist[(*rnd) & 0x7ff];
+		while (*q && p < &buff[sizeof(buff) - 1])*p++ = *q++;
+		*p++ = ' ';
+	}
+	*p = '\0';
+	return std::string(&buff[0]);
+}
+
 //Derive a strong hash secret from a string with password strengthening.
 //Net effect is convert one scalar into another by a process that is lengthy and costly.
 ristretto255::hash<512> DeriveStrongSecretHash(const char* const passwd) {

src/secrets.h

@@ -12,6 +12,7 @@ template <class T, std::enable_if_t<std::_Is_standard_unsigned_integer<T>, int>
 constexpr int rounded_log2(const T val) noexcept {
 	return std::numeric_limits<T>::digits - std::countl_zero(val);
 }
+std::string DeriveWordListSecret();
 
 namespace ristretto255 {
 	class extended_public_key;

src/serialization.h

@@ -50,15 +50,15 @@
 	};
 
 	//	This template generates a span over an indexable byte type,
-	//	such as a C array or an std::array, but not pointers
-	template<class T> 
-	concept byte_spannable = requires (T a) {
-		std::size(a);
-		a[0];
-	} && sizeof(std::declval<T>()[0]) == 1;
-
-	template<byte_spannable T>
-	auto serialize(const T& a) {
+	//	such as an std::array, but not pointers.
+	//	due to decay to pointer, does not quite work on C arrays, though in
+	//	theory it should.
+	template < typename T>
+	std::enable_if_t<
+		!std::is_pointer<T>::value   &&
+		sizeof(std::declval<T>()[0]) == 1,
+		std::span<const byte>
+	> serialize(const T& a) {
 		int l;
 		const void* pt;
 		if constexpr (std::is_same_v<std::remove_cvref_t<T>, std::string>) {
@@ -308,7 +308,7 @@
 		}
 		else return false;
 	};
-	
+
 	template<typename... Args>
 	concept has_machine_independent_representation = serializable<Args...>();
 

src/unit_test.cpp

@@ -170,8 +170,14 @@ static bool checkDataConversionsProduceExpected(void){
 	ILogMessage("\tChecking hashing, string conversion, scalar and point generation.");
 	try {
 		char brownfox[]{ "the quick brown fox jumped over the lazy dog" };
+		// Being a C style array, length not available to hash, so treats it as null terminated string
+		// We might as well have declared it as a pointer to const char string, due
+		// to decay to pointer.
 		char* p_brownfox{ brownfox };
+		// Being a C style array, length not available to hash, so treats it as null terminated string
 		std::array<char, 27>ar_brownfox{ "the quick brown fox jumped" };
+		//	Being an std::array, c++ style array, the length _is_ available to hash, so treats it
+		//	as a stream of bytes, the fact that these bytes happen to be characters is irrelevant
 		char* p_over{ p_brownfox + 27 };
 		wxString wx_over{ p_over };
 		*--ar_brownfox.end() = ' '; //fixes the trailing nul appended to ar_brownfox, so that it is