Store HDSeed in CCryptoKeyStore

6 years ago · ec653523ad
3 changed files with 168 additions and 0 deletions
--- a/src/gtest/test_keystore.cpp
+++ b/src/gtest/test_keystore.cpp
@ -240,6 +240,66 @@ public:
    bool Unlock(const CKeyingMaterial& vMasterKeyIn) { return CCryptoKeyStore::Unlock(vMasterKeyIn); }
 };

+TEST(keystore_tests, StoreAndRetrieveHDSeedInEncryptedStore) {
+    TestCCryptoKeyStore keyStore;
+    CKeyingMaterial vMasterKey(32, 0);
+    GetRandBytes(vMasterKey.data(), 32);
+    HDSeed seedOut;
+
+    // 1) Test adding a seed to an unencrypted key store, then encrypting it
+    auto seed = HDSeed::Random();
+    EXPECT_FALSE(keyStore.HaveHDSeed());
+    EXPECT_FALSE(keyStore.GetHDSeed(seedOut));
+
+    ASSERT_TRUE(keyStore.SetHDSeed(seed));
+    EXPECT_TRUE(keyStore.HaveHDSeed());
+    ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
+    EXPECT_EQ(seed, seedOut);
+
+    ASSERT_TRUE(keyStore.EncryptKeys(vMasterKey));
+    EXPECT_FALSE(keyStore.GetHDSeed(seedOut));
+
+    // Unlocking with a random key should fail
+    CKeyingMaterial vRandomKey(32, 0);
+    GetRandBytes(vRandomKey.data(), 32);
+    EXPECT_FALSE(keyStore.Unlock(vRandomKey));
+
+    // Unlocking with a slightly-modified vMasterKey should fail
+    CKeyingMaterial vModifiedKey(vMasterKey);
+    vModifiedKey[0] += 1;
+    EXPECT_FALSE(keyStore.Unlock(vModifiedKey));
+
+    // Unlocking with vMasterKey should succeed
+    ASSERT_TRUE(keyStore.Unlock(vMasterKey));
+    ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
+    EXPECT_EQ(seed, seedOut);
+
+    // 2) Test replacing the seed in an already-encrypted key store
+    auto seed2 = HDSeed::Random();
+    ASSERT_TRUE(keyStore.SetHDSeed(seed2));
+    EXPECT_TRUE(keyStore.HaveHDSeed());
+    ASSERT_TRUE(keyStore.GetHDSeed(seedOut));
+    EXPECT_EQ(seed2, seedOut);
+
+    // 3) Test adding a new seed to an already-encrypted key store
+    TestCCryptoKeyStore keyStore2;
+
+    // Add a Sprout address so the wallet has something to test when decrypting
+    ASSERT_TRUE(keyStore2.AddSproutSpendingKey(libzcash::SproutSpendingKey::random()));
+
+    ASSERT_TRUE(keyStore2.EncryptKeys(vMasterKey));
+    ASSERT_TRUE(keyStore2.Unlock(vMasterKey));
+
+    EXPECT_FALSE(keyStore2.HaveHDSeed());
+    EXPECT_FALSE(keyStore2.GetHDSeed(seedOut));
+
+    auto seed3 = HDSeed::Random();
+    ASSERT_TRUE(keyStore2.SetHDSeed(seed3));
+    EXPECT_TRUE(keyStore2.HaveHDSeed());
+    ASSERT_TRUE(keyStore2.GetHDSeed(seedOut));
+    EXPECT_EQ(seed3, seedOut);
+}
+
 TEST(keystore_tests, store_and_retrieve_spending_key_in_encrypted_store) {
    TestCCryptoKeyStore keyStore;
    uint256 r {GetRandHash()};
--- a/src/wallet/crypter.cpp
+++ b/src/wallet/crypter.cpp
@ -121,6 +121,23 @@ static bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<u
    return cKeyCrypter.Decrypt(vchCiphertext, *((CKeyingMaterial*)&vchPlaintext));
 }

+static bool DecryptHDSeed(
+    const CKeyingMaterial& vMasterKey,
+    const std::vector<unsigned char>& vchCryptedSecret,
+    const uint256& seedFp,
+    HDSeed& seed)
+{
+    CKeyingMaterial vchSecret;
+
+    // Use seed's fingerprint as IV
+    // TODO: Handle IV properly when we make encryption a supported feature
+    if(!DecryptSecret(vMasterKey, vchCryptedSecret, seedFp, vchSecret))
+        return false;
+
+    seed = HDSeed(vchSecret);
+    return seed.Fingerprint() == seedFp;
+}
+
 static bool DecryptKey(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCryptedSecret, const CPubKey& vchPubKey, CKey& key)
 {
    CKeyingMaterial vchSecret;
@ -202,6 +219,15 @@ bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)

        bool keyPass = false;
        bool keyFail = false;
+        {
+            HDSeed seed;
+            if (!DecryptHDSeed(vMasterKeyIn, cryptedHDSeed.second, cryptedHDSeed.first, seed))
+            {
+                keyFail = true;
+            } else {
+                keyPass = true;
+            }
+        }
        CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();
        for (; mi != mapCryptedKeys.end(); ++mi)
        {
@ -261,6 +287,67 @@ bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)
    return true;
 }

+bool CCryptoKeyStore::SetHDSeed(const HDSeed& seed)
+{
+    {
+        LOCK(cs_SpendingKeyStore);
+        if (!IsCrypted()) {
+            return CBasicKeyStore::SetHDSeed(seed);
+        }
+
+        if (IsLocked())
+            return false;
+
+        std::vector<unsigned char> vchCryptedSecret;
+        // Use seed's fingerprint as IV
+        // TODO: Handle this properly when we make encryption a supported feature
+        auto seedFp = seed.Fingerprint();
+        if (!EncryptSecret(vMasterKey, seed.RawSeed(), seedFp, vchCryptedSecret))
+            return false;
+
+        // This will call into CWallet to store the crypted seed to disk
+        if (!SetCryptedHDSeed(seedFp, vchCryptedSecret))
+            return false;
+    }
+    return true;
+}
+
+bool CCryptoKeyStore::SetCryptedHDSeed(
+    const uint256& seedFp,
+    const std::vector<unsigned char>& vchCryptedSecret)
+{
+    {
+        LOCK(cs_SpendingKeyStore);
+        if (!IsCrypted()) {
+            return false;
+        }
+
+        cryptedHDSeed = std::make_pair(seedFp, vchCryptedSecret);
+    }
+    return true;
+}
+
+bool CCryptoKeyStore::HaveHDSeed() const
+{
+    LOCK(cs_SpendingKeyStore);
+    if (!IsCrypted())
+        return CBasicKeyStore::HaveHDSeed();
+
+    return !cryptedHDSeed.second.empty();
+}
+
+bool CCryptoKeyStore::GetHDSeed(HDSeed& seedOut) const
+{
+    LOCK(cs_SpendingKeyStore);
+    if (!IsCrypted())
+        return CBasicKeyStore::GetHDSeed(seedOut);
+
+    if (cryptedHDSeed.second.empty())
+        return false;
+
+    return DecryptHDSeed(vMasterKey, cryptedHDSeed.second, cryptedHDSeed.first, seedOut);
+}
+
 bool CCryptoKeyStore::AddKeyPubKey(const CKey& key, const CPubKey &pubkey)
 {
    {
@ -463,6 +550,20 @@ bool CCryptoKeyStore::EncryptKeys(CKeyingMaterial& vMasterKeyIn)
            return false;

        fUseCrypto = true;
+        {
+            std::vector<unsigned char> vchCryptedSecret;
+            // Use seed's fingerprint as IV
+            // TODO: Handle this properly when we make encryption a supported feature
+            auto seedFp = hdSeed.Fingerprint();
+            if (!EncryptSecret(vMasterKeyIn, hdSeed.RawSeed(), seedFp, vchCryptedSecret)) {
+                return false;
+            }
+            // This will call into CWallet to store the crypted seed to disk
+            if (!SetCryptedHDSeed(seedFp, vchCryptedSecret)) {
+                return false;
+            }
+        }
+        hdSeed = HDSeed();
        BOOST_FOREACH(KeyMap::value_type& mKey, mapKeys)
        {
            const CKey &key = mKey.second;
--- a/src/wallet/crypter.h
+++ b/src/wallet/crypter.h
@ -10,6 +10,7 @@
 #include "streams.h"
 #include "support/allocators/secure.h"
 #include "zcash/Address.hpp"
+#include "zcash/zip32.h"

 class uint256;

@ -127,6 +128,7 @@ public:
 class CCryptoKeyStore : public CBasicKeyStore
 {
 private:
+    std::pair<uint256, std::vector<unsigned char>> cryptedHDSeed;
    CryptedKeyMap mapCryptedKeys;
    CryptedSproutSpendingKeyMap mapCryptedSproutSpendingKeys;
    CryptedSaplingSpendingKeyMap mapCryptedSaplingSpendingKeys;
@ -172,6 +174,11 @@ public:

    bool Lock();

+    virtual bool SetCryptedHDSeed(const uint256& seedFp, const std::vector<unsigned char> &vchCryptedSecret);
+    bool SetHDSeed(const HDSeed& seed);
+    bool HaveHDSeed() const;
+    bool GetHDSeed(HDSeed& seedOut) const;
+
    virtual bool AddCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret);
    bool AddKeyPubKey(const CKey& key, const CPubKey &pubkey);
    bool HaveKey(const CKeyID &address) const