akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
3bdc968f39
lnd.xprv/walletunlocker/service.go

369 lines
12 KiB
Go
Raw Normal View History

walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
package walletunlocker
import (
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
"crypto/rand"
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
"errors"
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
"fmt"
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
"os"
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
"time"
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
"github.com/lightningnetwork/lnd/aezeed"
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
"github.com/lightningnetwork/lnd/lnrpc"
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
"github.com/lightningnetwork/lnd/lnwallet"
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
"github.com/roasbeef/btcd/chaincfg"
"github.com/roasbeef/btcwallet/wallet"
"golang.org/x/net/context"
walletunlocker: use KeyDerivationVersion for generating cipher seed Replace hard coded internal version with KeyDerivationVersion specified in keychain package.
2018-05-21 15:29:07 +03:00
"github.com/lightningnetwork/lnd/keychain"
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
)
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// WalletInitMsg is a message sent by the UnlockerService when a user wishes to
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// set up the internal wallet for the first time. The user MUST provide a
// passphrase, but is also able to provide their own source of entropy. If
// provided, then this source of entropy will be used to generate the wallet's
// HD seed. Otherwise, the wallet will generate one itself.
type WalletInitMsg struct {
// Passphrase is the passphrase that will be used to encrypt the wallet
// itself. This MUST be at least 8 characters.
Passphrase []byte
// WalletSeed is the deciphered cipher seed that the wallet should use
// to initialize itself.
WalletSeed *aezeed.CipherSeed
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// RecoveryWindow is the address look-ahead used when restoring a seed
// with existing funds. A recovery window zero indicates that no
// recovery should be attempted, such as after the wallet's initial
// creation.
RecoveryWindow uint32
}
// WalletUnlockMsg is a message sent by the UnlockerService when a user wishes
// to unlock the internal wallet after initial setup. The user can optionally
// specify a recovery window, which will resume an interrupted rescan for used
// addresses.
type WalletUnlockMsg struct {
// Passphrase is the passphrase that will be used to encrypt the wallet
// itself. This MUST be at least 8 characters.
Passphrase []byte
// RecoveryWindow is the address look-ahead used when restoring a seed
// with existing funds. A recovery window zero indicates that no
// recovery should be attempted, such as after the wallet's initial
// creation, but before any addresses have been created.
RecoveryWindow uint32
walletunlocker: pass unlocked wallet back to lnd to avoid double unlock
2018-05-22 10:45:59 +03:00
// Wallet is the loaded and unlocked Wallet. This is returned
// through the channel to avoid it being unlocked twice (once to check
// if the password is correct, here in the WalletUnlocker and again
// later when lnd actually uses it). Because unlocking involves scrypt
// which is resource intensive, we want to avoid doing it twice.
Wallet *wallet.Wallet
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
}
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
// UnlockerService implements the WalletUnlocker service used to provide lnd
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// with a password for wallet encryption at startup. Additionally, during
// initial setup, users can provide their own source of entropy which will be
// used to generate the seed that's ultimately used within the wallet.
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
type UnlockerService struct {
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// InitMsgs is a channel that carries all wallet init messages.
InitMsgs chan *WalletInitMsg
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// UnlockMsgs is a channel where unlock parameters provided by the rpc
walletunlocker: don't utilize the macaroon authentication service In this commit we remove all instances of the macaroon authentication service from the UnlockerService struct. We do this, as in the future, the macaroons themselves will be encrypted using the user’s passphrase, therefore we wouldn’t be able to _verify_ the macaroon unless the wallet itself was encrypted.
2017-10-20 05:46:42 +03:00
// client to be used to unlock and decrypt an existing wallet will be
// sent.
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
UnlockMsgs chan *WalletUnlockMsg
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
chainDir string
netParams *chaincfg.Params
macaroonFiles []string
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
}
// New creates and returns a new UnlockerService.
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
func New(chainDir string, params *chaincfg.Params,
macaroonFiles []string) *UnlockerService {
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
return &UnlockerService{
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
InitMsgs: make(chan *WalletInitMsg, 1),
UnlockMsgs: make(chan *WalletUnlockMsg, 1),
chainDir: chainDir,
netParams: params,
macaroonFiles: macaroonFiles,
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
}
}
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// GenSeed is the first method that should be used to instantiate a new lnd
// instance. This method allows a caller to generate a new aezeed cipher seed
// given an optional passphrase. If provided, the passphrase will be necessary
// to decrypt the cipherseed to expose the internal wallet seed.
//
// Once the cipherseed is obtained and verified by the user, the InitWallet
// method should be used to commit the newly generated seed, and create the
// wallet.
func (u *UnlockerService) GenSeed(ctx context.Context,
in *lnrpc.GenSeedRequest) (*lnrpc.GenSeedResponse, error) {
// Before we start, we'll ensure that the wallet hasn't already created
// so we don't show a *new* seed to the user if one already exists.
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
loader := wallet.NewLoader(u.netParams, netDir, 0)
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
walletExists, err := loader.WalletExists()
if err != nil {
return nil, err
}
if walletExists {
return nil, fmt.Errorf("wallet already exists")
}
var entropy [aezeed.EntropySize]byte
switch {
// If the user provided any entropy, then we'll make sure it's sized
// properly.
case len(in.SeedEntropy) != 0 && len(in.SeedEntropy) != aezeed.EntropySize:
return nil, fmt.Errorf("incorrect entropy length: expected "+
"16 bytes, instead got %v bytes", len(in.SeedEntropy))
// If the user provided the correct number of bytes, then we'll copy it
// over into our buffer for usage.
case len(in.SeedEntropy) == aezeed.EntropySize:
copy(entropy[:], in.SeedEntropy[:])
// Otherwise, we'll generate a fresh new set of bytes to use as entropy
// to generate the seed.
default:
if _, err := rand.Read(entropy[:]); err != nil {
return nil, err
}
}
// Now that we have our set of entropy, we'll create a new cipher seed
// instance.
//
walletunlocker: use KeyDerivationVersion for generating cipher seed Replace hard coded internal version with KeyDerivationVersion specified in keychain package.
2018-05-21 15:29:07 +03:00
cipherSeed, err := aezeed.New(
keychain.KeyDerivationVersion, &entropy, time.Now(),
)
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
if err != nil {
return nil, err
}
// With our raw cipher seed obtained, we'll convert it into an encoded
// mnemonic using the user specified pass phrase.
mnemonic, err := cipherSeed.ToMnemonic(in.AezeedPassphrase)
if err != nil {
return nil, err
}
// Additionally, we'll also obtain the raw enciphered cipher seed as
// well to return to the user.
encipheredSeed, err := cipherSeed.Encipher(in.AezeedPassphrase)
if err != nil {
return nil, err
}
return &lnrpc.GenSeedResponse{
CipherSeedMnemonic: []string(mnemonic[:]),
EncipheredSeed: encipheredSeed[:],
}, nil
}
// InitWallet is used when lnd is starting up for the first time to fully
// initialize the daemon and its internal wallet. At the very least a wallet
// password must be provided. This will be used to encrypt sensitive material
// on disk.
//
// In the case of a recovery scenario, the user can also specify their aezeed
// mnemonic and passphrase. If set, then the daemon will use this prior state
// to initialize its internal wallet.
//
// Alternatively, this can be used along with the GenSeed RPC to obtain a
// seed, then present it to the user. Once it has been verified by the user,
// the seed can be fed into this RPC in order to commit the new wallet.
func (u *UnlockerService) InitWallet(ctx context.Context,
in *lnrpc.InitWalletRequest) (*lnrpc.InitWalletResponse, error) {
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
// Make sure the password meets our constraints.
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
password := in.WalletPassword
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
if err := validatePassword(password); err != nil {
return nil, err
walletunlocker: check that password is at least 8 characters
2017-11-14 07:12:49 +03:00
}
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// Require that the recovery window be non-negative.
recoveryWindow := in.RecoveryWindow
if recoveryWindow < 0 {
return nil, fmt.Errorf("recovery window %d must be "+
"non-negative", recoveryWindow)
}
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// We'll then open up the directory that will be used to store the
// wallet's files so we can check if the wallet already exists.
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
loader := wallet.NewLoader(u.netParams, netDir, uint32(recoveryWindow))
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
walletExists, err := loader.WalletExists()
if err != nil {
return nil, err
}
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// If the wallet already exists, then we'll exit early as we can't
// create the wallet if it already exists!
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
if walletExists {
return nil, fmt.Errorf("wallet already exists")
}
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// At this point, we know that the wallet doesn't already exist. So
// we'll map the user provided aezeed and passphrase into a decoded
// cipher seed instance.
var mnemonic aezeed.Mnemonic
copy(mnemonic[:], in.CipherSeedMnemonic[:])
// If we're unable to map it back into the ciphertext, then either the
// mnemonic is wrong, or the passphrase is wrong.
cipherSeed, err := mnemonic.ToCipherSeed(in.AezeedPassphrase)
if err != nil {
return nil, err
}
// With the cipher seed deciphered, and the auth service created, we'll
// now send over the wallet password and the seed. This will allow the
// daemon to initialize itself and startup.
initMsg := &WalletInitMsg{
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
Passphrase: password,
WalletSeed: cipherSeed,
RecoveryWindow: uint32(recoveryWindow),
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
}
u.InitMsgs <- initMsg
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
return &lnrpc.InitWalletResponse{}, nil
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
}
// UnlockWallet sends the password provided by the incoming UnlockWalletRequest
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// over the UnlockMsgs channel in case it successfully decrypts an existing
// wallet found in the chain's wallet database directory.
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
func (u *UnlockerService) UnlockWallet(ctx context.Context,
in *lnrpc.UnlockWalletRequest) (*lnrpc.UnlockWalletResponse, error) {
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
password := in.WalletPassword
recoveryWindow := uint32(in.RecoveryWindow)
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
loader := wallet.NewLoader(u.netParams, netDir, recoveryWindow)
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
// Check if wallet already exists.
walletExists, err := loader.WalletExists()
if err != nil {
return nil, err
}
if !walletExists {
// Cannot unlock a wallet that does not exist!
return nil, fmt.Errorf("wallet not found")
}
// Try opening the existing wallet with the provided password.
walletunlocker: pass unlocked wallet back to lnd to avoid double unlock
2018-05-22 10:45:59 +03:00
unlockedWallet, err := loader.OpenExistingWallet(password, false)
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
if err != nil {
walletunlocker: modify service to implement new 2-step wallet creation In this commit, we extend the UnlockerService to account for the new changes in the lnrpc definition. Setting up the daemon for the first time is now two step process: first the user will generate a new seed via the GenSeed method, then the user will present this new seed (and optional pass) to the InitWallet method which then will finalize the wallet creation. This two step process ensures that we don't commit the wallet changes in the case that the user doesn't actually "ACK" the new seed. In the case that the user already has an existing seed, they can re-enter it and skip straight to the InitWallet step. We also update the tests to account for the new API changes.
2018-02-02 07:44:40 +03:00
// Could not open wallet, most likely this means that provided
// password was incorrect.
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
return nil, err
}
walletunlocker: pass unlocked wallet back to lnd to avoid double unlock
2018-05-22 10:45:59 +03:00
// We successfully opened the wallet and pass the instance back to
// avoid it needing to be unlocked again.
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
walletUnlockMsg := &WalletUnlockMsg{
Passphrase: password,
RecoveryWindow: recoveryWindow,
walletunlocker: pass unlocked wallet back to lnd to avoid double unlock
2018-05-22 10:45:59 +03:00
Wallet: unlockedWallet,
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
}
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
// At this point we was able to open the existing wallet with the
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
// provided password. We send the password over the UnlockMsgs
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
// channel, such that it can be used by lnd to open the wallet.
walletunlocker: accept recovery window from InitWallet
2018-03-27 00:07:22 +03:00
u.UnlockMsgs <- walletUnlockMsg
walletunlocker: add package walletunlocker The walletunlocker package contains the UnlockerService, which implements the lnrpc.WalletUnlocker interface. This service is used for receiving a password from the user over RPC, and doing simple validity checks like making sure the user is not trying to create a new wallet if one already exists, and that in case the wallet exists, the provided password is correct. The service will the pass the passwords over the CreatePasswords or UnlockPasswords channels, for use within lnd.go.
2017-10-12 12:13:58 +03:00
return &lnrpc.UnlockWalletResponse{}, nil
}
lnd+walletunlocker: implement ChangePassword RPC
2018-04-20 10:14:41 +03:00
// ChangePassword changes the password of the wallet and sends the new password
// across the UnlockPasswords channel to automatically unlock the wallet if
// successful.
func (u *UnlockerService) ChangePassword(ctx context.Context,
in *lnrpc.ChangePasswordRequest) (*lnrpc.ChangePasswordResponse, error) {
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
loader := wallet.NewLoader(u.netParams, netDir, 0)
// First, we'll make sure the wallet exists for the specific chain and
// network.
walletExists, err := loader.WalletExists()
if err != nil {
return nil, err
}
if !walletExists {
return nil, errors.New("wallet not found")
}
publicPw := in.CurrentPassword
privatePw := in.CurrentPassword
// If the current password is blank, we'll assume the user is coming
// from a --noencryptwallet state, so we'll use the default passwords.
if len(in.CurrentPassword) == 0 {
publicPw = lnwallet.DefaultPublicPassphrase
privatePw = lnwallet.DefaultPrivatePassphrase
}
// Make sure the new password meets our constraints.
if err := validatePassword(in.NewPassword); err != nil {
return nil, err
}
// Load the existing wallet in order to proceed with the password change.
w, err := loader.OpenExistingWallet(publicPw, false)
if err != nil {
return nil, err
}
// Unload the wallet to allow lnd to open it later on.
defer loader.UnloadWallet()
// Since the macaroon database is also encrypted with the wallet's
// password, we'll remove all of the macaroon files so that they're
// re-generated at startup using the new password. We'll make sure to do
// this after unlocking the wallet to ensure macaroon files don't get
// deleted with incorrect password attempts.
for _, file := range u.macaroonFiles {
if err := os.Remove(file); err != nil {
return nil, err
}
}
// Attempt to change both the public and private passphrases for the
// wallet. This will be done atomically in order to prevent one
// passphrase change from being successful and not the other.
err = w.ChangePassphrases(
publicPw, in.NewPassword, privatePw, in.NewPassword,
)
if err != nil {
return nil, fmt.Errorf("unable to change wallet passphrase: "+
"%v", err)
}
// Finally, send the new password across the UnlockPasswords channel to
// automatically unlock the wallet.
u.UnlockMsgs <- &WalletUnlockMsg{Passphrase: in.NewPassword}
return &lnrpc.ChangePasswordResponse{}, nil
}
// validatePassword assures the password meets all of our constraints.
func validatePassword(password []byte) error {
// Passwords should have a length of at least 8 characters.
if len(password) < 8 {
return errors.New("password must have at least 8 characters")
}
return nil
}
Reference in New Issue Copy Permalink