New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
macaroons: ensure all root keys are re-encrypted or regenerated #7705
macaroons: ensure all root keys are re-encrypted or regenerated #7705
Conversation
dd0bbb2
to
c8a47d7
Compare
dc32ad8
to
d1e5fa0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great find and nice fix! Main missing thing is a small unit test, other than that looks good to me!
This commit adds to the existing TestStoreGenerateNewRootKey to show that the method only successfully regenerates the root key in the default root key ID location. This will be fixed in an upcoming commit.
With this commit, GenerateNewRootKey will regenerate the Default root key and will then also check if any other root keys exist and regenerate those as well.
d1e5fa0
to
1e1e0ae
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice, LGTM 🎉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🥛
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🥛
This commits uses TestStoreChangePassword to demonstrate that currently the ChangePassword function only changes the password of the default root key and not that of other root keys. This will be fixed in an upcoming commit.
The ChangePasswords method should re-encrypt all the root keys found in the store, not just the default root key.
1e1e0ae
to
0787cb1
Compare
Currently, the macaroon store
ChangePassword
method will only re-encrypt the root key stored at thedefault root key ID location (0) and
GenerateNewRootKey
will only re-generate the root key stored at the default location. This PR updates these methods so that all root keys stored in the db are re-encrypted/re-generated respectively.This will fix an issue noticed in Litd: lightninglabs/lightning-terminal#549