From 0be6e08dd0faf5f7e3492652f00b8904e7e8216d Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sat, 26 Mar 2016 23:22:57 +0000
Subject: [PATCH] wallet: do not leak owned amounts to the daemon unless
 --trusted-daemon

This will be slower, though more private.

New trusted_daemon parameter to the matching RPC call, false by default.
---
 src/simplewallet/simplewallet.cpp            | 2 +-
 src/wallet/wallet2.cpp                       | 9 +++++----
 src/wallet/wallet2.h                         | 4 ++--
 src/wallet/wallet_rpc_server.cpp             | 2 +-
 src/wallet/wallet_rpc_server_commands_defs.h | 2 ++
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
index dd166ede5..04170df62 100644
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@@ -2221,7 +2221,7 @@ bool simple_wallet::sweep_unmixable(const std::vector<std::string> &args_)
   try
   {
     // figure out what tx will be necessary
-    auto ptx_vector = m_wallet->create_unmixable_sweep_transactions();
+    auto ptx_vector = m_wallet->create_unmixable_sweep_transactions(m_trusted_daemon);
 
     if (ptx_vector.empty())
     {
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 7d308e615..3ec2265fa 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -2688,7 +2688,7 @@ std::vector<uint64_t> wallet2::get_unspent_amounts_vector()
   return vector;
 }
 //----------------------------------------------------------------------------------------------------
-std::vector<size_t> wallet2::select_available_unmixable_outputs()
+std::vector<size_t> wallet2::select_available_unmixable_outputs(bool trusted_daemon)
 {
   // request all outputs with at least 3 instances, so we can use mixin 2 with
   epee::json_rpc::request<cryptonote::COMMAND_RPC_GET_OUTPUT_HISTOGRAM::request> req_t = AUTO_VAL_INIT(req_t);
@@ -2697,7 +2697,8 @@ std::vector<size_t> wallet2::select_available_unmixable_outputs()
   req_t.jsonrpc = "2.0";
   req_t.id = epee::serialization::storage_entry(0);
   req_t.method = "get_output_histogram";
-  req_t.params.amounts = get_unspent_amounts_vector();
+  if (trusted_daemon)
+    req_t.params.amounts = get_unspent_amounts_vector();
   req_t.params.min_count = 3;
   req_t.params.max_count = 0;
   bool r = net_utils::invoke_http_json_remote_command2(m_daemon_address + "/json_rpc", req_t, resp_t, m_http_client);
@@ -2720,14 +2721,14 @@ std::vector<size_t> wallet2::select_available_unmixable_outputs()
   });
 }
 //----------------------------------------------------------------------------------------------------
-std::vector<wallet2::pending_tx> wallet2::create_unmixable_sweep_transactions()
+std::vector<wallet2::pending_tx> wallet2::create_unmixable_sweep_transactions(bool trusted_daemon)
 {
   // From hard fork 1, we don't consider small amounts to be dust anymore
   const bool hf1_rules = use_fork_rules(2); // first hard fork has version 2
   tx_dust_policy dust_policy(hf1_rules ? 0 : ::config::DEFAULT_DUST_THRESHOLD);
 
   // may throw
-  std::vector<size_t> unmixable_outputs = select_available_unmixable_outputs();
+  std::vector<size_t> unmixable_outputs = select_available_unmixable_outputs(trusted_daemon);
   size_t num_dust_outputs = unmixable_outputs.size();
 
   if (num_dust_outputs == 0)
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 2b6cdab92..566be59c6 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -289,7 +289,7 @@ namespace tools
     void commit_tx(std::vector<pending_tx>& ptx_vector);
     std::vector<pending_tx> create_transactions(std::vector<cryptonote::tx_destination_entry> dsts, const size_t fake_outs_count, const uint64_t unlock_time, const uint64_t fee, const std::vector<uint8_t> extra);
     std::vector<wallet2::pending_tx> create_transactions_2(std::vector<cryptonote::tx_destination_entry> dsts, const size_t fake_outs_count, const uint64_t unlock_time, const uint64_t fee_UNUSED, const std::vector<uint8_t> extra);
-    std::vector<pending_tx> create_unmixable_sweep_transactions();
+    std::vector<pending_tx> create_unmixable_sweep_transactions(bool trusted_daemon);
     bool check_connection();
     void get_transfers(wallet2::transfer_container& incoming_transfers) const;
     void get_payments(const crypto::hash& payment_id, std::list<wallet2::payment_details>& payments, uint64_t min_height = 0) const;
@@ -404,7 +404,7 @@ namespace tools
     void check_pending_txes();
     std::vector<uint64_t> get_unspent_amounts_vector();
     std::vector<size_t> select_available_outputs(std::function<bool(const transfer_details &td)> f);
-    std::vector<size_t> select_available_unmixable_outputs();
+    std::vector<size_t> select_available_unmixable_outputs(bool trusted_daemon);
 
     cryptonote::account_base m_account;
     std::string m_daemon_address;
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 83e1f7535..d7d99c2ae 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -347,7 +347,7 @@ namespace tools
 
     try
     {
-      std::vector<wallet2::pending_tx> ptx_vector = m_wallet.create_unmixable_sweep_transactions();
+      std::vector<wallet2::pending_tx> ptx_vector = m_wallet.create_unmixable_sweep_transactions(req.trusted_daemon);
 
       m_wallet.commit_tx(ptx_vector);
 
diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h
index 40d6fd8f8..2c4e26406 100644
--- a/src/wallet/wallet_rpc_server_commands_defs.h
+++ b/src/wallet/wallet_rpc_server_commands_defs.h
@@ -178,9 +178,11 @@ namespace wallet_rpc
     struct request
     {
       bool get_tx_keys;
+      bool trusted_daemon;
 
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(get_tx_keys)
+        KV_SERIALIZE(trusted_daemon)
       END_KV_SERIALIZE_MAP()
     };