walletunlocker+lnd: implement stateless wallet initialization

This commit is contained in:
Oliver Gugger 2020-10-06 17:23:38 +02:00
parent 4b0b20c98b
commit e7aa9256ab
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
3 changed files with 566 additions and 94 deletions

157
lnd.go

@ -410,7 +410,8 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
if !cfg.NoMacaroons {
// Create the macaroon authentication/authorization service.
macaroonService, err = macaroons.NewService(
cfg.networkDir, "lnd", false, macaroons.IPLockChecker,
cfg.networkDir, "lnd", walletInitParams.StatelessInit,
macaroons.IPLockChecker,
)
if err != nil {
err := fmt.Errorf("unable to set up macaroon "+
@ -421,17 +422,42 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
defer macaroonService.Close()
// Try to unlock the macaroon store with the private password.
// Ignore ErrAlreadyUnlocked since it could be unlocked by the
// wallet unlocker.
err = macaroonService.CreateUnlock(&privateWalletPw)
if err != nil {
if err != nil && err != macaroons.ErrAlreadyUnlocked {
err := fmt.Errorf("unable to unlock macaroons: %v", err)
ltndLog.Error(err)
return err
}
// Create macaroon files for lncli to use if they don't exist.
if !fileExists(cfg.AdminMacPath) && !fileExists(cfg.ReadMacPath) &&
// In case we actually needed to unlock the wallet, we now need
// to create an instance of the admin macaroon and send it to
// the unlocker so it can forward it to the user. In no seed
// backup mode, there's nobody listening on the channel and we'd
// block here forever.
if !cfg.NoSeedBackup {
adminMacBytes, err := bakeMacaroon(
ctx, macaroonService, adminPermissions(),
)
if err != nil {
return err
}
// The channel is buffered by one element so writing
// should not block here.
walletInitParams.MacResponseChan <- adminMacBytes
}
// If the user requested a stateless initialization, no macaroon
// files should be created.
if !walletInitParams.StatelessInit &&
!fileExists(cfg.AdminMacPath) &&
!fileExists(cfg.ReadMacPath) &&
!fileExists(cfg.InvoiceMacPath) {
// Create macaroon files for lncli to use if they don't
// exist.
err = genMacaroons(
ctx, macaroonService, cfg.AdminMacPath,
cfg.ReadMacPath, cfg.InvoiceMacPath,
@ -443,6 +469,28 @@ func Main(cfg *Config, lisCfg ListenerCfg, shutdownChan <-chan struct{}) error {
return err
}
}
// As a security service to the user, if they requested
// stateless initialization and there are macaroon files on disk
// we log a warning.
if walletInitParams.StatelessInit {
msg := "Found %s macaroon on disk (%s) even though " +
"--stateless_init was requested. Unencrypted " +
"state is accessible by the host system. You " +
"should change the password and use " +
"--new_mac_root_key with --stateless_init to " +
"clean up and invalidate old macaroons."
if fileExists(cfg.AdminMacPath) {
ltndLog.Warnf(msg, "admin", cfg.AdminMacPath)
}
if fileExists(cfg.ReadMacPath) {
ltndLog.Warnf(msg, "readonly", cfg.ReadMacPath)
}
if fileExists(cfg.InvoiceMacPath) {
ltndLog.Warnf(msg, "invoice", cfg.InvoiceMacPath)
}
}
}
// Now we're definitely done with the unlocker, shut it down so we can
@ -950,6 +998,21 @@ func fileExists(name string) bool {
return true
}
// bakeMacaroon creates a new macaroon with newest version and the given
// permissions then returns it binary serialized.
func bakeMacaroon(ctx context.Context, svc *macaroons.Service,
permissions []bakery.Op) ([]byte, error) {
mac, err := svc.NewMacaroon(
ctx, macaroons.DefaultRootKeyID, permissions...,
)
if err != nil {
return nil, err
}
return mac.M().MarshalBinary()
}
// genMacaroons generates three macaroon files; one admin-level, one for
// invoice access and one read-only. These can also be used to generate more
// granular macaroons.
@ -960,57 +1023,48 @@ func genMacaroons(ctx context.Context, svc *macaroons.Service,
// access invoice related calls. This is useful for merchants and other
// services to allow an isolated instance that can only query and
// modify invoices.
invoiceMac, err := svc.NewMacaroon(
ctx, macaroons.DefaultRootKeyID, invoicePermissions...,
)
if err != nil {
return err
}
invoiceMacBytes, err := invoiceMac.M().MarshalBinary()
invoiceMacBytes, err := bakeMacaroon(ctx, svc, invoicePermissions)
if err != nil {
return err
}
err = ioutil.WriteFile(invoiceFile, invoiceMacBytes, 0644)
if err != nil {
os.Remove(invoiceFile)
_ = os.Remove(invoiceFile)
return err
}
// Generate the read-only macaroon and write it to a file.
roMacaroon, err := svc.NewMacaroon(
ctx, macaroons.DefaultRootKeyID, readPermissions...,
)
if err != nil {
return err
}
roBytes, err := roMacaroon.M().MarshalBinary()
roBytes, err := bakeMacaroon(ctx, svc, readPermissions)
if err != nil {
return err
}
if err = ioutil.WriteFile(roFile, roBytes, 0644); err != nil {
os.Remove(admFile)
_ = os.Remove(roFile)
return err
}
// Generate the admin macaroon and write it to a file.
adminPermissions := append(readPermissions, writePermissions...)
admMacaroon, err := svc.NewMacaroon(
ctx, macaroons.DefaultRootKeyID, adminPermissions...,
)
if err != nil {
return err
}
admBytes, err := admMacaroon.M().MarshalBinary()
admBytes, err := bakeMacaroon(ctx, svc, adminPermissions())
if err != nil {
return err
}
if err = ioutil.WriteFile(admFile, admBytes, 0600); err != nil {
_ = os.Remove(admFile)
return err
}
return nil
}
// adminPermissions returns a list of all permissions in a safe way that doesn't
// modify any of the source lists.
func adminPermissions() []bakery.Op {
admin := make([]bakery.Op, len(readPermissions)+len(writePermissions))
copy(admin[:len(readPermissions)], readPermissions)
copy(admin[len(readPermissions):], writePermissions)
return admin
}
// WalletUnlockParams holds the variables used to parameterize the unlocking of
// lnd's wallet after it has already been created.
type WalletUnlockParams struct {
@ -1039,6 +1093,15 @@ type WalletUnlockParams struct {
// UnloadWallet is a function for unloading the wallet, which should
// be called on shutdown.
UnloadWallet func() error
// StatelessInit signals that the user requested the daemon to be
// initialized stateless, which means no unencrypted macaroons should be
// written to disk.
StatelessInit bool
// MacResponseChan is the channel for sending back the admin macaroon to
// the WalletUnlocker service.
MacResponseChan chan []byte
}
// waitForWalletPassword will spin up gRPC and REST endpoints for the
@ -1054,12 +1117,10 @@ func waitForWalletPassword(cfg *Config, restEndpoints []net.Addr,
chainConfig = cfg.Litecoin
}
// The macaroon files are passed to the wallet unlocker since they are
// also encrypted with the wallet's password. These files will be
// deleted within it and recreated when successfully changing the
// wallet's password.
// The macaroonFiles are passed to the wallet unlocker so they can be
// deleted and recreated in case the root macaroon key is also changed
// during the change password operation.
macaroonFiles := []string{
filepath.Join(cfg.networkDir, macaroons.DBFilename),
cfg.AdminMacPath, cfg.ReadMacPath, cfg.InvoiceMacPath,
}
pwService := walletunlocker.New(
@ -1074,6 +1135,10 @@ func waitForWalletPassword(cfg *Config, restEndpoints []net.Addr,
var shutdownFuncs []func()
shutdown := func() {
// Make sure nothing blocks on reading on the macaroon channel,
// otherwise the GracefulStop below will never return.
close(pwService.MacResponseChan)
for _, shutdownFn := range shutdownFuncs {
shutdownFn()
}
@ -1204,23 +1269,27 @@ func waitForWalletPassword(cfg *Config, restEndpoints []net.Addr,
}
return &WalletUnlockParams{
Password: password,
Birthday: birthday,
RecoveryWindow: recoveryWindow,
Wallet: newWallet,
ChansToRestore: initMsg.ChanBackups,
UnloadWallet: loader.UnloadWallet,
Password: password,
Birthday: birthday,
RecoveryWindow: recoveryWindow,
Wallet: newWallet,
ChansToRestore: initMsg.ChanBackups,
UnloadWallet: loader.UnloadWallet,
StatelessInit: initMsg.StatelessInit,
MacResponseChan: pwService.MacResponseChan,
}, shutdown, nil
// The wallet has already been created in the past, and is simply being
// unlocked. So we'll just return these passphrases.
case unlockMsg := <-pwService.UnlockMsgs:
return &WalletUnlockParams{
Password: unlockMsg.Passphrase,
RecoveryWindow: unlockMsg.RecoveryWindow,
Wallet: unlockMsg.Wallet,
ChansToRestore: unlockMsg.ChanBackups,
UnloadWallet: unlockMsg.UnloadWallet,
Password: unlockMsg.Passphrase,
RecoveryWindow: unlockMsg.RecoveryWindow,
Wallet: unlockMsg.Wallet,
ChansToRestore: unlockMsg.ChanBackups,
UnloadWallet: unlockMsg.UnloadWallet,
StatelessInit: unlockMsg.StatelessInit,
MacResponseChan: pwService.MacResponseChan,
}, shutdown, nil
case <-signal.ShutdownChannel():

@ -16,6 +16,13 @@ import (
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/lnwallet"
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
"github.com/lightningnetwork/lnd/macaroons"
)
var (
// ErrUnlockTimeout signals that we did not get the expected unlock
// message before the timeout occurred.
ErrUnlockTimeout = errors.New("got no unlock message before timeout")
)
// ChannelsToRecover wraps any set of packed (serialized+encrypted) channel
@ -54,6 +61,11 @@ type WalletInitMsg struct {
// ChanBackups a set of static channel backups that should be received
// after the wallet has been initialized.
ChanBackups ChannelsToRecover
// StatelessInit signals that the user requested the daemon to be
// initialized stateless, which means no unencrypted macaroons should be
// written to disk.
StatelessInit bool
}
// WalletUnlockMsg is a message sent by the UnlockerService when a user wishes
@ -85,6 +97,11 @@ type WalletUnlockMsg struct {
// UnloadWallet is a function for unloading the wallet, which should
// be called on shutdown.
UnloadWallet func() error
// StatelessInit signals that the user requested the daemon to be
// initialized stateless, which means no unencrypted macaroons should be
// written to disk.
StatelessInit bool
}
// UnlockerService implements the WalletUnlocker service used to provide lnd
@ -100,10 +117,18 @@ type UnlockerService struct {
// sent.
UnlockMsgs chan *WalletUnlockMsg
// MacResponseChan is the channel for sending back the admin macaroon to
// the WalletUnlocker service.
MacResponseChan chan []byte
chainDir string
noFreelistSync bool
netParams *chaincfg.Params
macaroonFiles []string
// macaroonFiles is the path to the three generated macaroons with
// different access permissions. These might not exist in a stateless
// initialization of lnd.
macaroonFiles []string
}
// New creates and returns a new UnlockerService.
@ -111,11 +136,15 @@ func New(chainDir string, params *chaincfg.Params, noFreelistSync bool,
macaroonFiles []string) *UnlockerService {
return &UnlockerService{
InitMsgs: make(chan *WalletInitMsg, 1),
UnlockMsgs: make(chan *WalletUnlockMsg, 1),
chainDir: chainDir,
netParams: params,
macaroonFiles: macaroonFiles,
InitMsgs: make(chan *WalletInitMsg, 1),
UnlockMsgs: make(chan *WalletUnlockMsg, 1),
// Make sure we buffer the channel is buffered so the main lnd
// goroutine isn't blocking on writing to it.
MacResponseChan: make(chan []byte, 1),
chainDir: chainDir,
netParams: params,
macaroonFiles: macaroonFiles,
}
}
@ -127,7 +156,7 @@ func New(chainDir string, params *chaincfg.Params, noFreelistSync bool,
// Once the cipherseed is obtained and verified by the user, the InitWallet
// method should be used to commit the newly generated seed, and create the
// wallet.
func (u *UnlockerService) GenSeed(ctx context.Context,
func (u *UnlockerService) GenSeed(_ context.Context,
in *lnrpc.GenSeedRequest) (*lnrpc.GenSeedResponse, error) {
// Before we start, we'll ensure that the wallet hasn't already created
@ -297,6 +326,7 @@ func (u *UnlockerService) InitWallet(ctx context.Context,
Passphrase: password,
WalletSeed: cipherSeed,
RecoveryWindow: uint32(recoveryWindow),
StatelessInit: in.StatelessInit,
}
// Before we return the unlock payload, we'll check if we can extract
@ -306,9 +336,25 @@ func (u *UnlockerService) InitWallet(ctx context.Context,
initMsg.ChanBackups = *chansToRestore
}
u.InitMsgs <- initMsg
// Deliver the initialization message back to the main daemon.
select {
case u.InitMsgs <- initMsg:
// We need to read from the channel to let the daemon continue
// its work and to get the admin macaroon. Once the response
// arrives, we directly forward it to the client.
select {
case adminMac := <-u.MacResponseChan:
return &lnrpc.InitWalletResponse{
AdminMacaroon: adminMac,
}, nil
return &lnrpc.InitWalletResponse{}, nil
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
}
// UnlockWallet sends the password provided by the incoming UnlockWalletRequest
@ -351,6 +397,7 @@ func (u *UnlockerService) UnlockWallet(ctx context.Context,
RecoveryWindow: recoveryWindow,
Wallet: unlockedWallet,
UnloadWallet: loader.UnloadWallet,
StatelessInit: in.StatelessInit,
}
// Before we return the unlock payload, we'll check if we can extract
@ -360,12 +407,25 @@ func (u *UnlockerService) UnlockWallet(ctx context.Context,
walletUnlockMsg.ChanBackups = *chansToRestore
}
// At this point we was able to open the existing wallet with the
// At this point we were able to open the existing wallet with the
// provided password. We send the password over the UnlockMsgs
// channel, such that it can be used by lnd to open the wallet.
u.UnlockMsgs <- walletUnlockMsg
select {
case u.UnlockMsgs <- walletUnlockMsg:
// We need to read from the channel to let the daemon continue
// its work. But we don't need the returned macaroon for this
// operation, so we read it but then discard it.
select {
case <-u.MacResponseChan:
return &lnrpc.UnlockWalletResponse{}, nil
return &lnrpc.UnlockWalletResponse{}, nil
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
}
// ChangePassword changes the password of the wallet and sends the new password
@ -408,18 +468,32 @@ func (u *UnlockerService) ChangePassword(ctx context.Context,
if err != nil {
return nil, err
}
// Unload the wallet to allow lnd to open it later on.
defer loader.UnloadWallet()
// Since the macaroon database is also encrypted with the wallet's
// password, we'll remove all of the macaroon files so that they're
// re-generated at startup using the new password. We'll make sure to do
// this after unlocking the wallet to ensure macaroon files don't get
// deleted with incorrect password attempts.
for _, file := range u.macaroonFiles {
err := os.Remove(file)
if err != nil && !os.IsNotExist(err) {
return nil, err
// Now that we've opened the wallet, we need to close it in case of an
// error. But not if we succeed, then the caller must close it.
orderlyReturn := false
defer func() {
if !orderlyReturn {
_ = loader.UnloadWallet()
}
}()
// Before we actually change the password, we need to check if all flags
// were set correctly. The content of the previously generated macaroon
// files will become invalid after we generate a new root key. So we try
// to delete them here and they will be recreated during normal startup
// later. If they are missing, this is only an error if the
// stateless_init flag was not set.
if in.NewMacaroonRootKey || in.StatelessInit {
for _, file := range u.macaroonFiles {
err := os.Remove(file)
if err != nil && !in.StatelessInit {
return nil, fmt.Errorf("could not remove "+
"macaroon file: %v. if the wallet "+
"was initialized stateless please "+
"add the --stateless_init "+
"flag", err)
}
}
}
@ -434,11 +508,86 @@ func (u *UnlockerService) ChangePassword(ctx context.Context,
"%v", err)
}
// The next step is to load the macaroon database, change the password
// then close it again.
// Attempt to open the macaroon DB, unlock it and then change
// the passphrase.
macaroonService, err := macaroons.NewService(
netDir, "lnd", in.StatelessInit,
)
if err != nil {
return nil, err
}
err = macaroonService.CreateUnlock(&privatePw)
if err != nil {
closeErr := macaroonService.Close()
if closeErr != nil {
return nil, fmt.Errorf("could not create unlock: %v "+
"--> follow-up error when closing: %v", err,
closeErr)
}
return nil, err
}
err = macaroonService.ChangePassword(privatePw, in.NewPassword)
if err != nil {
closeErr := macaroonService.Close()
if closeErr != nil {
return nil, fmt.Errorf("could not change password: %v "+
"--> follow-up error when closing: %v", err,
closeErr)
}
return nil, err
}
// If requested by the user, attempt to replace the existing
// macaroon root key with a new one.
if in.NewMacaroonRootKey {
err = macaroonService.GenerateNewRootKey()
if err != nil {
closeErr := macaroonService.Close()
if closeErr != nil {
return nil, fmt.Errorf("could not generate "+
"new root key: %v --> follow-up error "+
"when closing: %v", err, closeErr)
}
return nil, err
}
}
err = macaroonService.Close()
if err != nil {
return nil, fmt.Errorf("could not close macaroon service: %v",
err)
}
// Finally, send the new password across the UnlockPasswords channel to
// automatically unlock the wallet.
u.UnlockMsgs <- &WalletUnlockMsg{Passphrase: in.NewPassword}
walletUnlockMsg := &WalletUnlockMsg{
Passphrase: in.NewPassword,
Wallet: w,
StatelessInit: in.StatelessInit,
UnloadWallet: loader.UnloadWallet,
}
select {
case u.UnlockMsgs <- walletUnlockMsg:
// We need to read from the channel to let the daemon continue
// its work and to get the admin macaroon. Once the response
// arrives, we directly forward it to the client.
orderlyReturn = true
select {
case adminMac := <-u.MacResponseChan:
return &lnrpc.ChangePasswordResponse{
AdminMacaroon: adminMac,
}, nil
return &lnrpc.ChangePasswordResponse{}, nil
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
case <-ctx.Done():
return nil, ErrUnlockTimeout
}
}
// ValidatePassword assures the password meets all of our constraints.

@ -3,8 +3,10 @@ package walletunlocker_test
import (
"bytes"
"context"
"fmt"
"io/ioutil"
"os"
"path"
"testing"
"time"
@ -13,8 +15,10 @@ import (
"github.com/btcsuite/btcwallet/waddrmgr"
"github.com/btcsuite/btcwallet/wallet"
"github.com/lightningnetwork/lnd/aezeed"
"github.com/lightningnetwork/lnd/channeldb/kvdb"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/lnwallet"
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
"github.com/lightningnetwork/lnd/macaroons"
"github.com/lightningnetwork/lnd/walletunlocker"
@ -24,6 +28,7 @@ import (
var (
testPassword = []byte("test-password")
testSeed = []byte("test-seed-123456789")
testMac = []byte("fakemacaroon")
testEntropy = [aezeed.EntropySize]byte{
0x81, 0xb6, 0x37, 0xd8,
@ -44,6 +49,12 @@ var (
)
func createTestWallet(t *testing.T, dir string, netParams *chaincfg.Params) {
createTestWalletWithPw(t, testPassword, testPassword, dir, netParams)
}
func createTestWalletWithPw(t *testing.T, pubPw, privPw []byte, dir string,
netParams *chaincfg.Params) {
// Instruct waddrmgr to use the cranked down scrypt parameters when
// creating new wallet encryption keys.
fastScrypt := waddrmgr.FastScryptOptions
@ -60,13 +71,66 @@ func createTestWallet(t *testing.T, dir string, netParams *chaincfg.Params) {
netDir := btcwallet.NetworkDir(dir, netParams)
loader := wallet.NewLoader(netParams, netDir, true, 0)
_, err := loader.CreateNewWallet(
testPassword, testPassword, testSeed, time.Time{},
pubPw, privPw, testSeed, time.Time{},
)
require.NoError(t, err)
err = loader.UnloadWallet()
require.NoError(t, err)
}
func createSeedAndMnemonic(t *testing.T,
pass []byte) (*aezeed.CipherSeed, aezeed.Mnemonic) {
cipherSeed, err := aezeed.New(
keychain.KeyDerivationVersion, &testEntropy, time.Now(),
)
require.NoError(t, err)
// With the new seed created, we'll convert it into a mnemonic phrase
// that we'll send over to initialize the wallet.
mnemonic, err := cipherSeed.ToMnemonic(pass)
require.NoError(t, err)
return cipherSeed, mnemonic
}
// openOrCreateTestMacStore opens or creates a bbolt DB and then initializes a
// root key storage for that DB and then unlocks it, creating a root key in the
// process.
func openOrCreateTestMacStore(tempDir string, pw *[]byte,
netParams *chaincfg.Params) (*macaroons.RootKeyStorage, error) {
netDir := btcwallet.NetworkDir(tempDir, netParams)
err := os.MkdirAll(netDir, 0700)
if err != nil {
return nil, err
}
db, err := kvdb.Create(
kvdb.BoltBackendName, path.Join(netDir, macaroons.DBFilename),
true,
)
if err != nil {
return nil, err
}
store, err := macaroons.NewRootKeyStorage(db)
if err != nil {
_ = db.Close()
return nil, err
}
err = store.CreateUnlock(pw)
if err != nil {
_ = store.Close()
return nil, err
}
_, _, err = store.RootKey(defaultRootKeyIDContext)
if err != nil {
_ = store.Close()
return nil, err
}
return store, nil
}
// TestGenSeedUserEntropy tests that the gen seed method generates a valid
// cipher seed mnemonic phrase and user provided source of entropy.
func TestGenSeed(t *testing.T) {
@ -183,17 +247,9 @@ func TestInitWallet(t *testing.T) {
service := walletunlocker.New(testDir, testNetParams, true, nil)
// Once we have the unlocker service created, we'll now instantiate a
// new cipher seed instance.
cipherSeed, err := aezeed.New(
keychain.KeyDerivationVersion, &testEntropy, time.Now(),
)
require.NoError(t, err)
// With the new seed created, we'll convert it into a mnemonic phrase
// that we'll send over to initialize the wallet.
// new cipher seed and its mnemonic.
pass := []byte("test")
mnemonic, err := cipherSeed.ToMnemonic(pass)
require.NoError(t, err)
cipherSeed, mnemonic := createSeedAndMnemonic(t, pass)
// Now that we have all the necessary items, we'll now issue the Init
// command to the wallet. This should check the validity of the cipher
@ -205,13 +261,29 @@ func TestInitWallet(t *testing.T) {
CipherSeedMnemonic: mnemonic[:],
AezeedPassphrase: pass,
RecoveryWindow: int32(testRecoveryWindow),
StatelessInit: true,
}
_, err = service.InitWallet(ctx, req)
require.NoError(t, err)
errChan := make(chan error, 1)
go func() {
response, err := service.InitWallet(ctx, req)
if err != nil {
errChan <- err
return
}
if !bytes.Equal(response.AdminMacaroon, testMac) {
errChan <- fmt.Errorf("mismatched macaroon: "+
"expected %x, got %x", testMac,
response.AdminMacaroon)
}
}()
// The same user passphrase, and also the plaintext cipher seed
// should be sent over and match exactly.
select {
case err := <-errChan:
t.Fatalf("InitWallet call failed: %v", err)
case msg := <-service.InitMsgs:
msgSeed := msg.WalletSeed
require.Equal(t, testPassword, msg.Passphrase)
@ -221,6 +293,11 @@ func TestInitWallet(t *testing.T) {
require.Equal(t, cipherSeed.Birthday, msgSeed.Birthday)
require.Equal(t, cipherSeed.Entropy, msgSeed.Entropy)
require.Equal(t, testRecoveryWindow, msg.RecoveryWindow)
require.Equal(t, true, msg.StatelessInit)
// Send a fake macaroon that should be returned in the response
// in the async code above.
service.MacResponseChan <- testMac
case <-time.After(defaultTestTimeout):
t.Fatalf("password not received")
@ -288,6 +365,7 @@ func TestUnlockWallet(t *testing.T) {
req := &lnrpc.UnlockWalletRequest{
WalletPassword: testPassword,
RecoveryWindow: int32(testRecoveryWindow),
StatelessInit: true,
}
// Should fail to unlock non-existing wallet.
@ -305,23 +383,39 @@ func TestUnlockWallet(t *testing.T) {
require.Error(t, err)
// With the correct password, we should be able to unlock the wallet.
_, err = service.UnlockWallet(ctx, req)
require.NoError(t, err)
errChan := make(chan error, 1)
go func() {
// With the correct password, we should be able to unlock the
// wallet.
_, err := service.UnlockWallet(ctx, req)
if err != nil {
errChan <- err
}
}()
// Password and recovery window should be sent over the channel.
select {
case err := <-errChan:
t.Fatalf("UnlockWallet call failed: %v", err)
case unlockMsg := <-service.UnlockMsgs:
require.Equal(t, testPassword, unlockMsg.Passphrase)
require.Equal(t, testRecoveryWindow, unlockMsg.RecoveryWindow)
require.Equal(t, true, unlockMsg.StatelessInit)
// Send a fake macaroon that should be returned in the response
// in the async code above.
service.MacResponseChan <- testMac
case <-time.After(defaultTestTimeout):
t.Fatalf("password not received")
}
}
// TestChangeWalletPassword tests that we can successfully change the wallet's
// password needed to unlock it.
func TestChangeWalletPassword(t *testing.T) {
// TestChangeWalletPasswordNewRootkey tests that we can successfully change the
// wallet's password needed to unlock it and rotate the root key for the
// macaroons in the same process.
func TestChangeWalletPasswordNewRootkey(t *testing.T) {
t.Parallel()
// testDir is empty, meaning wallet was not created from before.
@ -331,8 +425,18 @@ func TestChangeWalletPassword(t *testing.T) {
_ = os.RemoveAll(testDir)
}()
// Changing the password of the wallet will also try to change the
// password of the macaroon DB. We create a default DB here but close it
// immediately so the service does not fail when trying to open it.
store, err := openOrCreateTestMacStore(
testDir, &testPassword, testNetParams,
)
require.NoError(t, err)
require.NoError(t, store.Close())
// Create some files that will act as macaroon files that should be
// deleted after a password change is successful.
// deleted after a password change is successful with a new root key
// requested.
var tempFiles []string
for i := 0; i < 3; i++ {
file, err := ioutil.TempFile(testDir, "")
@ -350,8 +454,9 @@ func TestChangeWalletPassword(t *testing.T) {
newPassword := []byte("hunter2???")
req := &lnrpc.ChangePasswordRequest{
CurrentPassword: testPassword,
NewPassword: newPassword,
CurrentPassword: testPassword,
NewPassword: newPassword,
NewMacaroonRootKey: true,
}
// Changing the password to a non-existing wallet should fail.
@ -387,8 +492,24 @@ func TestChangeWalletPassword(t *testing.T) {
// When providing the correct wallet's current password and a new
// password that meets the length requirement, the password change
// should succeed.
_, err = service.ChangePassword(ctx, req)
require.NoError(t, err)
errChan := make(chan error, 1)
go doChangePassword(service, testDir, req, errChan)
// The new password should be sent over the channel.
select {
case err := <-errChan:
t.Fatalf("ChangePassword call failed: %v", err)
case unlockMsg := <-service.UnlockMsgs:
require.Equal(t, newPassword, unlockMsg.Passphrase)
// Send a fake macaroon that should be returned in the response
// in the async code above.
service.MacResponseChan <- testMac
case <-time.After(defaultTestTimeout):
t.Fatalf("password not received")
}
// The files should no longer exist.
for _, tempFile := range tempFiles {
@ -396,13 +517,146 @@ func TestChangeWalletPassword(t *testing.T) {
t.Fatal("file exists but it shouldn't")
}
}
}
// The new password should be sent over the channel.
// TestChangeWalletPasswordStateless checks that trying to change the password
// of an existing wallet that was initialized stateless works when when the
// --stateless_init flat is set. Also checks that if no password is given,
// the default password is used.
func TestChangeWalletPasswordStateless(t *testing.T) {
t.Parallel()
// testDir is empty, meaning wallet was not created from before.
testDir, err := ioutil.TempDir("", "testchangepasswordstateless")
require.NoError(t, err)
defer func() {
_ = os.RemoveAll(testDir)
}()
// Changing the password of the wallet will also try to change the
// password of the macaroon DB. We create a default DB here but close it
// immediately so the service does not fail when trying to open it.
store, err := openOrCreateTestMacStore(
testDir, &lnwallet.DefaultPrivatePassphrase, testNetParams,
)
require.NoError(t, err)
require.NoError(t, store.Close())
// Create a temp file that will act as the macaroon DB file that will
// be deleted by changing the password.
tmpFile, err := ioutil.TempFile(testDir, "")
require.NoError(t, err)
tempMacFile := tmpFile.Name()
err = tmpFile.Close()
require.NoError(t, err)
// Create a file name that does not exist that will be used as a
// macaroon file reference. The fact that the file does not exist should
// not throw an error when --stateless_init is used.
nonExistingFile := path.Join(testDir, "does-not-exist")
// Create a new UnlockerService with our temp files.
service := walletunlocker.New(testDir, testNetParams, true, []string{
tempMacFile, nonExistingFile,
})
// Create a wallet we can try to unlock. We use the default password
// so we can check that the unlocker service defaults to this when
// we give it an empty CurrentPassword to indicate we come from a
// --noencryptwallet state.
createTestWalletWithPw(
t, lnwallet.DefaultPublicPassphrase,
lnwallet.DefaultPrivatePassphrase, testDir, testNetParams,
)
// We make sure that we get a proper error message if we forget to
// add the --stateless_init flag but the macaroon files don't exist.
badReq := &lnrpc.ChangePasswordRequest{
NewPassword: testPassword,
NewMacaroonRootKey: true,
}
ctx := context.Background()
_, err = service.ChangePassword(ctx, badReq)
require.Error(t, err)
// Prepare the correct request we are going to send to the unlocker
// service. We don't provide a current password to indicate there
// was none set before.
req := &lnrpc.ChangePasswordRequest{
NewPassword: testPassword,
StatelessInit: true,
NewMacaroonRootKey: true,
}
// Since we indicated the wallet was initialized stateless, the service
// will block until it receives the macaroon through the channel
// provided in the message in UnlockMsgs. So we need to call the service
// async and then wait for the unlock message to arrive so we can send
// back a fake macaroon.
errChan := make(chan error, 1)
go doChangePassword(service, testDir, req, errChan)
// Password and recovery window should be sent over the channel.
select {
case err := <-errChan:
t.Fatalf("ChangePassword call failed: %v", err)
case unlockMsg := <-service.UnlockMsgs:
require.Equal(t, newPassword, unlockMsg.Passphrase)
require.Equal(t, testPassword, unlockMsg.Passphrase)
// Send a fake macaroon that should be returned in the response
// in the async code above.
service.MacResponseChan <- testMac
case <-time.After(defaultTestTimeout):
t.Fatalf("password not received")
}
}
func doChangePassword(service *walletunlocker.UnlockerService, testDir string,
req *lnrpc.ChangePasswordRequest, errChan chan error) {
// When providing the correct wallet's current password and a
// new password that meets the length requirement, the password
// change should succeed.
ctx := context.Background()
response, err := service.ChangePassword(ctx, req)
if err != nil {
errChan <- fmt.Errorf("could not change password: %v", err)
return
}
if !bytes.Equal(response.AdminMacaroon, testMac) {
errChan <- fmt.Errorf("mismatched macaroon: expected "+
"%x, got %x", testMac, response.AdminMacaroon)
}
// Close the macaroon DB and try to open it and read the root
// key with the new password.
store, err := openOrCreateTestMacStore(
testDir, &testPassword, testNetParams,
)
if err != nil {
errChan <- fmt.Errorf("could not create test store: %v", err)
return
}
_, _, err = store.RootKey(defaultRootKeyIDContext)
if err != nil {
errChan <- fmt.Errorf("could not get root key: %v", err)
return
}
// Do cleanup now. Since we are in a go func, the defer at the
// top of the outer would not work, because it would delete
// the directory before we could check the content in here.
err = store.Close()
if err != nil {
errChan <- fmt.Errorf("could not close store: %v", err)
return
}
err = os.RemoveAll(testDir)
if err != nil {
errChan <- err
return
}
}