fix: add check for old db encryption and provide warning (#3549)

Description --- The new CipherSeed encryption scheme changed the way in which a wallet’s encryption keys are derived from the passphrase. This is a breaking change for which a migration was non-trivial. However, if this version is run on an old database it breaks the database structure so reverting to an old version was not possible. This PR adds a check for the old DB encryption data and before the db migration is performed produces an error with a description of the issue. How Has This Been Tested? --- Manually
tari-project · Nov 8, 2021 · 69bbbdf · 69bbbdf
1 parent 9194501
commit 69bbbdf
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/base_layer/wallet/migrations/2021-10-27-103505_update_key_manager_state/down.sql b/base_layer/wallet/migrations/2021-10-27-103505_update_key_manager_state/down.sql
@@ -1 +1,2 @@
--- This file should undo anything in `up.sql`
+ALTER TABLE key_manager_states
+    RENAME COLUMN seed TO master_key;
diff --git a/base_layer/wallet/migrations/2021-10-27-103505_update_key_manager_state/up.sql b/base_layer/wallet/migrations/2021-10-27-103505_update_key_manager_state/up.sql
@@ -1,2 +1,2 @@
-ALTER TABLE main.key_manager_states
+ALTER TABLE key_manager_states
     RENAME COLUMN master_key TO seed;
diff --git a/base_layer/wallet/src/storage/sqlite_db.rs b/base_layer/wallet/src/storage/sqlite_db.rs
@@ -606,7 +606,7 @@ fn check_db_encryption_status(
 /// A Sql version of the wallet setting key-value table
 #[derive(Clone, Debug, Queryable, Insertable, PartialEq)]
 #[table_name = "wallet_settings"]
-struct WalletSettingSql {
+pub(crate) struct WalletSettingSql {
     key: String,
     value: String,
 }

diff --git a/base_layer/wallet/src/storage/sqlite_utilities.rs b/base_layer/wallet/src/storage/sqlite_utilities.rs
@@ -27,7 +27,7 @@ use crate::{
     storage::{database::WalletDatabase, sqlite_db::WalletSqliteDatabase},
     transaction_service::storage::sqlite_db::TransactionServiceSqliteDatabase,
 };
-use diesel::{Connection, SqliteConnection};
+use diesel::{Connection, ExpressionMethods, QueryDsl, SqliteConnection};
 use fs2::FileExt;
 use log::*;
 use std::{
@@ -69,6 +69,8 @@ pub fn run_migration_and_create_sqlite_connection<P: AsRef<Path>>(
     let connection = SqliteConnection::establish(path_str)?;
     connection.execute("PRAGMA foreign_keys = ON; PRAGMA busy_timeout = 60000;")?;
 
+    check_for_incompatible_db_encryption(&connection)?;
+
     embed_migrations!("./migrations");
     embedded_migrations::run(&connection)
         .map_err(|err| WalletStorageError::DatabaseMigrationError(format!("Database migration failed {}", err)))?;
@@ -163,3 +165,24 @@ pub fn initialize_sqlite_database_backends(
         contacts_backend,
     ))
 }
+
+/// This method detects if the database contains the old incompatable encryption data and errors rather than breaking
+/// the DB
+/// TODO remove at next testnet reset
+fn check_for_incompatible_db_encryption(connection: &SqliteConnection) -> Result<(), WalletStorageError> {
+    use crate::{diesel::RunQueryDsl, schema::wallet_settings, storage::sqlite_db::WalletSettingSql};
+
+    if wallet_settings::table
+        .filter(wallet_settings::key.eq("MasterSecretKey".to_string()))
+        .first::<WalletSettingSql>(connection)
+        .is_ok()
+    {
+        return Err(WalletStorageError::AeadError(
+            "This wallet database is incompatible with the new form of encryption. Halting to preserve this database \
+             structure. Revert to a version of tari_console_wallet prior to 0.13.0"
+                .to_string(),
+        ));
+    }
+
+    Ok(())
+}