direct seeded wallet password setup on reconfigure

When reconfiguring a seeded wallet (new or existing), avoid calling setWalletPassword, which unlocks and locks the wallet to test the password's validity. Unfortunately when creating a new seeded wallet the wallet is really unlocked for recovery/discovery, so it is incorrect to tread this as a locked wallet. Just set the pw and encPW directly. This fixes assetSeedAndPass computing seeded wallet password as the hash of an empty slice instead the hash of the seed. Add a test to ensure the derived wallet seed and password are deterministic and depend on both asset ID and app seed.
decred · Oct 28, 2021 · 242f597 · 242f597
1 parent f4194e0
commit 242f597
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 13 deletions.
diff --git a/client/core/core.go b/client/core/core.go
@@ -1794,8 +1794,8 @@ func (c *Core) CreateWallet(appPW, walletPW []byte, form *WalletForm) error {
 }
 
 // createSeededWallet initializes a seeded wallet with an asset-specific seed
-// derived deterministically from the app seed and a random password. The
-// password is returned for encrypting and storing.
+// and password derived deterministically from the app seed. The password is
+// returned for encrypting and storing.
 func (c *Core) createSeededWallet(assetID uint32, crypter encrypt.Crypter, form *WalletForm) ([]byte, error) {
 	seed, pw, err := c.assetSeedAndPass(assetID, crypter)
 	if err != nil {
@@ -1829,13 +1829,18 @@ func (c *Core) assetSeedAndPass(assetID uint32, crypter encrypt.Crypter) (seed,
 		return nil, nil, fmt.Errorf("app seed decryption error: %w", err)
 	}
 
+	seed, pass = assetSeedAndPass(assetID, appSeed)
+	return seed, pass, nil
+}
+
+func assetSeedAndPass(assetID uint32, appSeed []byte) ([]byte, []byte) {
 	b := make([]byte, len(appSeed)+4)
 	copy(b, appSeed)
 	binary.BigEndian.PutUint32(b[len(appSeed):], assetID)
 
 	s := blake256.Sum256(b)
-	p := blake256.Sum256(seed)
-	return s[:], p[:], nil
+	p := blake256.Sum256(s[:])
+	return s[:], p[:]
 }
 
 // assetDataDirectory is a directory for a wallet to use for local storage.
@@ -2072,19 +2077,27 @@ func (c *Core) ReconfigureWallet(appPW, newWalletPW []byte, form *WalletForm) er
 			return newError(existenceCheckErr, "error checking wallet pre-existence: %v", err)
 		}
 
-		if !exists {
-			newWalletPW, err = c.createSeededWallet(assetID, crypter, form)
+		// The password on a seeded wallet is deterministic, based on the seed
+		// itself, so if the seeded wallet of this Type for this asset already
+		// exists, recompute the password from the app seed.
+		var pw []byte
+		if exists {
+			_, pw, err = c.assetSeedAndPass(assetID, crypter)
 			if err != nil {
-				return newError(createWalletErr, "error creating new %q-type %s wallet: %v", form.Type, unbip(assetID), err)
+				return newError(authErr, "error retrieving wallet password: %v", err)
 			}
-		} else if oldDef.Seeded {
-			_, newWalletPW, err = c.assetSeedAndPass(assetID, crypter)
+		} else {
+			pw, err = c.createSeededWallet(assetID, crypter, form)
 			if err != nil {
-				return newError(authErr, "error retrieving wallet password: %v", err)
+				return newError(createWalletErr, "error creating new %q-type %s wallet: %v", form.Type, unbip(assetID), err)
 			}
 		}
+		dbWallet.EncryptedPW, err = crypter.Encrypt(pw)
+		if err != nil {
+			return fmt.Errorf("wallet password encryption error: %w", err)
+		}
 
-		if oldWallet.connected() && oldDef.Seeded {
+		if oldDef.Seeded && oldWallet.connected() {
 			oldWallet.Disconnect()
 			restartOnFail = true
 		}
@@ -2260,6 +2273,14 @@ func (c *Core) SetWalletPassword(appPW []byte, assetID uint32, newPW []byte) err
 
 // setWalletPassword updates the (encrypted) password for the wallet.
 func (c *Core) setWalletPassword(wallet *xcWallet, newPW []byte, crypter encrypt.Crypter) error {
+	walletDef, err := walletDefinition(wallet.AssetID, wallet.walletType)
+	if err != nil {
+		return err
+	}
+	if walletDef.Seeded {
+		return newError(passwordErr, "cannot set a password on a seeded wallet")
+	}
+
 	// Connect if necessary.
 	wasConnected := wallet.connected()
 	if !wasConnected {
@@ -2292,7 +2313,7 @@ func (c *Core) setWalletPassword(wallet *xcWallet, newPW []byte, crypter encrypt
 		wallet.setEncPW(nil)
 	}
 
-	err := c.db.SetWalletPassword(wallet.dbID, wallet.encPW())
+	err = c.db.SetWalletPassword(wallet.dbID, wallet.encPW())
 	if err != nil {
 		return codedError(dbErr, err)
 	}
@@ -5513,7 +5534,7 @@ func (c *Core) listen(dc *dexConnection) {
 		tStart := time.Now()
 		defer func() {
 			if eTime := time.Since(tStart); eTime > 250*time.Millisecond {
-				c.log.Infof("checkTrades completed in %v", eTime)
+				c.log.Warnf("checkTrades completed in %v (slow)", eTime)
 			}
 		}()
 

diff --git a/client/core/core_test.go b/client/core/core_test.go
@@ -7305,3 +7305,66 @@ func TestCredentialHandling(t *testing.T) {
 	// registration detected for somedex.tld:7232, but failed to connect to the
 	// Decred wallet"
 }
+
+func TestCore_assetSeedAndPass(t *testing.T) {
+	// This test ensures the derived wallet seed and password are deterministic
+	// and depend on both asset ID and app seed.
+
+	// NOTE: the blake256 hash of an empty slice is:
+	// []byte{0x71, 0x6f, 0x6e, 0x86, 0x3f, 0x74, 0x4b, 0x9a, 0xc2, 0x2c, 0x97, 0xec, 0x7b, 0x76, 0xea, 0x5f,
+	//        0x59, 0x8, 0xbc, 0x5b, 0x2f, 0x67, 0xc6, 0x15, 0x10, 0xbf, 0xc4, 0x75, 0x13, 0x84, 0xea, 0x7a}
+	// The above was very briefly the password for all seeded wallets, not released.
+
+	tests := []struct {
+		name     string
+		appSeed  []byte
+		assetID  uint32
+		wantSeed []byte
+		wantPass []byte
+	}{
+		{
+			name:    "base",
+			appSeed: []byte{1, 2, 3},
+			assetID: 2,
+			wantSeed: []byte{
+				0xac, 0x61, 0xb1, 0xbc, 0x77, 0xd0, 0xa6, 0xd5, 0xd2, 0xb5, 0xc9, 0x77, 0x91, 0xd6, 0x4a, 0xaf,
+				0x4a, 0xa3, 0x47, 0xb7, 0xb, 0x85, 0xe, 0x82, 0x1c, 0x79, 0xab, 0xc0, 0x86, 0x50, 0xee, 0xda},
+			wantPass: []byte{
+				0xd8, 0xf0, 0x27, 0x4d, 0xbc, 0x56, 0xb0, 0x74, 0x1e, 0x20, 0x3b, 0x98, 0xe9, 0xaa, 0x5c, 0xba,
+				0x13, 0xfd, 0x60, 0x3b, 0x83, 0x76, 0x2e, 0x4b, 0x5d, 0x6d, 0x19, 0x57, 0x89, 0xe2, 0x8b, 0xc7},
+		},
+		{
+			name:    "change app seed",
+			appSeed: []byte{2, 2, 3},
+			assetID: 2,
+			wantSeed: []byte{
+				0xf, 0xc9, 0xf, 0xa8, 0xb3, 0xe9, 0x31, 0x2a, 0xba, 0xf1, 0xda, 0x70, 0x41, 0x81, 0x49, 0xed,
+				0xad, 0x47, 0x9, 0xcd, 0xe2, 0x17, 0x14, 0xd, 0x63, 0x49, 0x8a, 0xd8, 0xff, 0x1f, 0x3e, 0x8b},
+			wantPass: []byte{
+				0x78, 0x21, 0x72, 0x59, 0xbe, 0x39, 0xea, 0x54, 0x10, 0x46, 0x7d, 0x7e, 0xa, 0x95, 0xc4, 0xa0,
+				0xd8, 0x73, 0xce, 0x1, 0xb2, 0x49, 0x98, 0x6c, 0x68, 0xc5, 0x69, 0x69, 0xa7, 0x13, 0xc1, 0xce},
+		},
+		{
+			name:    "change asset ID",
+			appSeed: []byte{1, 2, 3},
+			assetID: 0,
+			wantSeed: []byte{
+				0xe1, 0xad, 0x62, 0xe4, 0x60, 0xfd, 0x75, 0x91, 0x3d, 0x41, 0x2e, 0x8e, 0xc5, 0x72, 0xd4, 0xa2,
+				0x39, 0x2d, 0x32, 0x86, 0xf0, 0x6b, 0xf7, 0xdf, 0x48, 0xcc, 0x57, 0xb1, 0x4b, 0x7b, 0xc6, 0xce},
+			wantPass: []byte{
+				0x52, 0xba, 0x59, 0x21, 0xd3, 0xc5, 0x6b, 0x2, 0x2c, 0x12, 0xc1, 0x98, 0xdc, 0x84, 0xed, 0x68,
+				0x6, 0x35, 0xa6, 0x25, 0xd0, 0xc4, 0x49, 0x5a, 0x13, 0xc3, 0x12, 0xfb, 0xeb, 0xb3, 0x61, 0x88},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			seed, pass := assetSeedAndPass(tt.assetID, tt.appSeed)
+			if !bytes.Equal(pass, tt.wantPass) {
+				t.Errorf("pass not as expected, got %#v", pass)
+			}
+			if !bytes.Equal(seed, tt.wantSeed) {
+				t.Errorf("seed not as expected, got %#v", seed)
+			}
+		})
+	}
+}