Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wallet: bugfix, invalid crypted key "checksum_valid" set #26532

Merged
merged 4 commits into from
Nov 29, 2022
Merged

wallet: bugfix, invalid crypted key "checksum_valid" set #26532

merged 4 commits into from
Nov 29, 2022

Conversation

furszy
Copy link
Member

@furszy furszy commented Nov 18, 2022
edited
Loading

At wallet load time, the crypted key "checksum_valid" variable is always set to false. Which, on every wallet decryption call, forces the process to re-write all the ckeys to db when it's not needed.

Note:
The first commit fixes the issue, the two commits in the middle are cleanups so DuplicateMockDatabase
can be used without duplicating code. And, the last one is pure test coverage for the crypted keys loading
process.

Includes test coverage for the following scenarios:

  1. "All ckeys checksums valid" test:
    Loads an encrypted wallet with all the crypted keys with a valid checksum and
    verifies that 'CWallet::Unlock' doesn't force an entire crypted keys re-write.

    (we force a complete ckeys re-write if we find any missing crypted key checksum
    during the wallet loading process)

  2. "Missing checksum in one ckey" test:
    Verifies that loading up a wallet with, at least one, 'ckey' with no checksum
    triggers a complete re-write of the crypted keys.

  3. "Invalid ckey checksum error" test:
    Verifies that loading up a ckey with an invalid checksum stops the wallet loading
    process with a corruption error.

  4. "Invalid ckey pubkey error" test:
    Verifies that loading up a ckey with an invalid pubkey stops the wallet loading
    process with a corruption error.

@furszy
wallet: bugfix, invalid crypted key "checksum_valid" set
cc5a5e8 
At wallet load time, we set the crypted key "checksum_valid" variable always to false.
Which, on every wallet decryption call, forces the process to re-write the entire ckeys to db when
it's not needed.
@DrahtBot
Copy link
Contributor

DrahtBot commented Nov 18, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK aureleoules, achow101
Stale ACK luke-jr

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #26153 (Reduce wasted pseudorandom bytes in ChaCha20 + various improvements by sipa)
  • #25909 (wallet: coverage for receiving txes with same id but different witness data by furszy)
  • #25766 (wallet: Include a signature with encrypted keys to mitigate a wallet scam by achow101)
  • #25361 (BIP324: Cipher suite by dhruv)
  • #25325 (Add pool based memory resource by martinus)
  • #24914 (wallet: Load database records in a particular order by achow101)
  • #23561 (BIP324: Handshake prerequisites by dhruv)
  • #23233 (BIP324: Add encrypted p2p transport {de}serializer by dhruv)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@achow101
Copy link
Member

Good catch! Do you think it's possible to have a test for this?

This was referenced Nov 19, 2022
Closed
Merged
@bitcoin bitcoin deleted a comment Nov 19, 2022
@furszy
Copy link
Member Author

furszy commented Nov 19, 2022
edited
Loading

Good catch! Do you think it's possible to have a test for this?

Yep :), added test coverage for it and more inside 4db80c9.

Covered the following scenarios

  1. "All ckeys checksums valid" test:
    Loads an encrypted wallet with all the crypted keys with a valid checksum and
    verifies that 'CWallet::Unlock' doesn't force an entire crypted keys re-write.

    (we force a complete ckeys re-write if we find any missing crypted key checksum
    during the wallet loading process)

  2. "Missing checksum in one ckey" test:
    Verifies that loading up a wallet with, at least one, 'ckey' with no checksum
    triggers a complete re-write of the crypted keys.

  3. "Invalid ckey checksum error" test:
    Verifies that loading up a ckey with an invalid checksum stops the wallet loading
    process with a corruption error.

  4. "Invalid ckey pubkey error" test:
    Verifies that loading up a ckey with an invalid pubkey stops the wallet loading
    process with a corruption error.

Extra note:
The two commits in the middle are cleanups so I can use the DuplicateMockDatabase
function without duplicating code.

Going to update the PR description with this too.

@furszy furszy force-pushed the 2022_wallet_fix_ckeys_checksum branch 2 times, most recently from 17a499a to 4db80c9 Compare November 19, 2022 14:33
@bitcoin bitcoin deleted a comment Nov 19, 2022
This was referenced Nov 20, 2022
Merged
Closed
achow101
achow101 reviewed Nov 21, 2022
View reviewed changes
Copy link
Member

@achow101 achow101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 4db80c9

src/Makefile.test_util.include Outdated Show resolved Hide resolved
src/wallet/test/util.cpp Outdated Show resolved Hide resolved
@furszy furszy force-pushed the 2022_wallet_fix_ckeys_checksum branch from 4db80c9 to bb71809 Compare November 21, 2022 20:29
@furszy
refactor: unify test/util/wallet.h with wallet/test/util.h
ee7a984 
files share the same purpose, and we shouldn't have wallet code
inside the test directory.

This later is needed to use wallet util functions in the bench
and test binaries without be forced to duplicate them.
@furszy
refactor: move DuplicateMockDatabase to wallet/test/util.h
373c996
@furszy
test: load wallet, coverage for crypted keys
13d9760 
Adds test coverage for the wallet's crypted key loading from db process.
The following scenarios are covered:

1) "All ckeys checksums valid" test:
   Loads an encrypted wallet with all the crypted keys with a valid checksum and
   verifies that 'CWallet::Unlock' doesn't force an entire crypted keys re-write.

   (we force a complete ckeys re-write if we find any missing crypted key checksum
    during the wallet loading process)

2) "Missing checksum in one ckey" test:
   Verifies that loading up a wallet with, at least one, 'ckey' with no checksum
   triggers a complete re-write of the crypted keys.

3) "Invalid ckey checksum error" test:
   Verifies that loading up a ckey with an invalid checksum stops the wallet loading
   process with a corruption error.

4) "Invalid ckey pubkey error" test:
   Verifies that loading up a ckey with an invalid pubkey stops the wallet loading
   process with a corruption error.
@furszy furszy force-pushed the 2022_wallet_fix_ckeys_checksum branch from bb71809 to 13d9760 Compare November 21, 2022 20:30
@furszy
Copy link
Member Author

furszy commented Nov 21, 2022

Updated per feedback, thanks achow101.

Small Diff:

  1. Added ENABLE_WALLET guard for the wallet/test/util.h and util.cpp files at the test_util makefile level.
  2. Moved ADDRESS_BCRT1_UNSPENDABLE from wallet/test/util.h to wallet_balance.cpp (it's only used there).

This was referenced Nov 22, 2022
Closed
Merged
Closed
Closed
Closed
aureleoules
aureleoules approved these changes Nov 22, 2022
View reviewed changes
Copy link
Member

@aureleoules aureleoules left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 13d9760

Cherry-picked the last three commits on master and verified the tests do not pass. I also verified that the tests correctly test the behavior.

src/wallet/test/walletload_tests.cpp Show resolved Hide resolved
src/wallet/test/walletload_tests.cpp Show resolved Hide resolved
@achow101
Copy link
Member

ACK 13d9760

@fanquake fanquake requested a review from Sjors November 23, 2022 22:00
luke-jr
luke-jr approved these changes Nov 29, 2022
View reviewed changes
Copy link
Member

@luke-jr luke-jr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK cc5a5e8 by itself (did not review refactors or new test)

@achow101 achow101 merged commit 5690848 into bitcoin:master Nov 29, 2022
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Dec 1, 2022
@achow101
Merge bitcoin#26532: wallet: bugfix, invalid crypted key "checksum_va…
f2e4361 
…lid" set
@furszy furszy deleted the 2022_wallet_fix_ckeys_checksum branch May 27, 2023 01:47
UdjinM6 pushed a commit to UdjinM6/dash that referenced this pull request Dec 10, 2023
@furszy @UdjinM6
partial merge bitcoin#26532: wallet: bugfix, invalid crypted key "che…
17b8dd6 
…cksum_valid" set

backports cc5a5e8 obly

```
wallet: bugfix, invalid crypted key "checksum_valid" set

At wallet load time, we set the crypted key "checksum_valid" variable always to false.
Which, on every wallet decryption call, forces the process to re-write the entire ckeys to db when
it's not needed.
```
UdjinM6 pushed a commit to UdjinM6/dash that referenced this pull request Dec 10, 2023
@furszy @UdjinM6
partial merge bitcoin#26532: wallet: bugfix, invalid crypted key "che…
d7bae33 
…cksum_valid" set

backports cc5a5e8 only

```
wallet: bugfix, invalid crypted key "checksum_valid" set

At wallet load time, we set the crypted key "checksum_valid" variable always to false.
Which, on every wallet decryption call, forces the process to re-write the entire ckeys to db when
it's not needed.
```
PastaPastaPasta added a commit to dashpay/dash that referenced this pull request Dec 11, 2023
@PastaPastaPasta
Merge pull request #5759 from UdjinM6/bp26532
985da9a 
backport: partial merge bitcoin#26532: wallet: bugfix, invalid crypted key "checksum_valid" set
ogabrielides pushed a commit to ogabrielides/dash that referenced this pull request Dec 22, 2023
@PastaPastaPasta @ogabrielides
Merge pull request dashpay#5759 from UdjinM6/bp26532
8364e4b 
backport: partial merge bitcoin#26532: wallet: bugfix, invalid crypted key "checksum_valid" set
PastaPastaPasta added a commit to ogabrielides/dash that referenced this pull request Dec 24, 2023
@PastaPastaPasta
Merge pull request dashpay#5759 from UdjinM6/bp26532
f0feb36 
backport: partial merge bitcoin#26532: wallet: bugfix, invalid crypted key "checksum_valid" set
@bitcoin bitcoin locked and limited conversation to collaborators May 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@achow101 achow101 achow101 left review comments

@luke-jr luke-jr luke-jr approved these changes

@aureleoules aureleoules aureleoules approved these changes

@Sjors Sjors Awaiting requested review from Sjors

Assignees
No one assigned
Labels
Wallet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@furszy @DrahtBot @achow101 @luke-jr @aureleoules