wallet: Don't allow an HDSeed to be overwritten
We can maybe relax this restriction later once we have worked out the UX implications.
This commit is contained in:
parent
4c1a26fb60
commit
b33a7ec46e
|
@ -35,10 +35,10 @@ TEST(keystore_tests, StoreAndRetrieveHDSeed) {
|
|||
auto seed2 = HDSeed::Random();
|
||||
EXPECT_NE(seed, seed2);
|
||||
|
||||
// We should be able to set and retrieve a different seed
|
||||
ASSERT_TRUE(keyStore.SetHDSeed(seed2));
|
||||
// We should not be able to set and retrieve a different seed
|
||||
EXPECT_FALSE(keyStore.SetHDSeed(seed2));
|
||||
ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
|
||||
EXPECT_EQ(seed2, seedOut);
|
||||
EXPECT_EQ(seed, seedOut);
|
||||
}
|
||||
|
||||
TEST(keystore_tests, sapling_keys) {
|
||||
|
@ -276,12 +276,12 @@ TEST(keystore_tests, StoreAndRetrieveHDSeedInEncryptedStore) {
|
|||
ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
|
||||
EXPECT_EQ(seed, seedOut);
|
||||
|
||||
// 2) Test replacing the seed in an already-encrypted key store
|
||||
// 2) Test replacing the seed in an already-encrypted key store fails
|
||||
auto seed2 = HDSeed::Random();
|
||||
ASSERT_TRUE(keyStore.SetHDSeed(seed2));
|
||||
EXPECT_FALSE(keyStore.SetHDSeed(seed2));
|
||||
EXPECT_TRUE(keyStore.HaveHDSeed());
|
||||
ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
|
||||
EXPECT_EQ(seed2, seedOut);
|
||||
EXPECT_EQ(seed, seedOut);
|
||||
|
||||
// 3) Test adding a new seed to an already-encrypted key store
|
||||
TestCCryptoKeyStore keyStore2;
|
||||
|
|
|
@ -26,6 +26,11 @@ bool CKeyStore::AddKey(const CKey &key) {
|
|||
bool CBasicKeyStore::SetHDSeed(const HDSeed& seed)
|
||||
{
|
||||
LOCK(cs_SpendingKeyStore);
|
||||
if (!hdSeed.IsNull()) {
|
||||
// Don't allow an existing seed to be changed. We can maybe relax this
|
||||
// restriction later once we have worked out the UX implications.
|
||||
return false;
|
||||
}
|
||||
hdSeed = seed;
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -219,7 +219,7 @@ bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)
|
|||
|
||||
bool keyPass = false;
|
||||
bool keyFail = false;
|
||||
{
|
||||
if (!cryptedHDSeed.first.IsNull()) {
|
||||
HDSeed seed;
|
||||
if (!DecryptHDSeed(vMasterKeyIn, cryptedHDSeed.second, cryptedHDSeed.first, seed))
|
||||
{
|
||||
|
@ -322,6 +322,12 @@ bool CCryptoKeyStore::SetCryptedHDSeed(
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!cryptedHDSeed.first.IsNull()) {
|
||||
// Don't allow an existing seed to be changed. We can maybe relax this
|
||||
// restriction later once we have worked out the UX implications.
|
||||
return false;
|
||||
}
|
||||
|
||||
cryptedHDSeed = std::make_pair(seedFp, vchCryptedSecret);
|
||||
}
|
||||
return true;
|
||||
|
@ -550,20 +556,22 @@ bool CCryptoKeyStore::EncryptKeys(CKeyingMaterial& vMasterKeyIn)
|
|||
return false;
|
||||
|
||||
fUseCrypto = true;
|
||||
{
|
||||
std::vector<unsigned char> vchCryptedSecret;
|
||||
// Use seed's fingerprint as IV
|
||||
// TODO: Handle this properly when we make encryption a supported feature
|
||||
auto seedFp = hdSeed.Fingerprint();
|
||||
if (!EncryptSecret(vMasterKeyIn, hdSeed.RawSeed(), seedFp, vchCryptedSecret)) {
|
||||
return false;
|
||||
}
|
||||
// This will call into CWallet to store the crypted seed to disk
|
||||
if (!SetCryptedHDSeed(seedFp, vchCryptedSecret)) {
|
||||
return false;
|
||||
if (!hdSeed.IsNull()) {
|
||||
{
|
||||
std::vector<unsigned char> vchCryptedSecret;
|
||||
// Use seed's fingerprint as IV
|
||||
// TODO: Handle this properly when we make encryption a supported feature
|
||||
auto seedFp = hdSeed.Fingerprint();
|
||||
if (!EncryptSecret(vMasterKeyIn, hdSeed.RawSeed(), seedFp, vchCryptedSecret)) {
|
||||
return false;
|
||||
}
|
||||
// This will call into CWallet to store the crypted seed to disk
|
||||
if (!SetCryptedHDSeed(seedFp, vchCryptedSecret)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
hdSeed = HDSeed();
|
||||
}
|
||||
hdSeed = HDSeed();
|
||||
BOOST_FOREACH(KeyMap::value_type& mKey, mapKeys)
|
||||
{
|
||||
const CKey &key = mKey.second;
|
||||
|
|
Loading…
Reference in New Issue