f09bc7ec98
c1dde3a949No longer shutdown after encrypting the wallet (Andrew Chow)d7637c5a3fAfter encrypting the wallet, reload the database environment (Andrew Chow)5d296ac810Add function to close all Db's and reload the databae environment (Andrew Chow)a769461d5eMove BerkeleyEnvironment deletion from internal method to callsite (Andrew Chow) Pull request description: This is the replacement for #11678 which implements @ryanofsky's [suggestion](https://github.com/bitcoin/bitcoin/pull/11678#pullrequestreview-76464511). Shutting down the software was to prevent the BDB environment from writing unencrypted private keys to disk in the database log files, as was noted [here](https://bitcointalk.org/index.php?topic=51474.msg616068#msg616068). This PR replaces the shutdown behavior with a CDBEnv flush, close, and reopen which achieves the same effect: everything is cleanly flushed and closed, the log files are removed, and then the environment reopened to continue normal operation. To ensure that no unencrypted private keys are in the log files after encrypting the wallet, I wrote [this script](https://gist.github.com/achow101/7f7143e6c3d3fdc034d3470e72823e9d) to pull private keys from the original wallet file and searches for these keys in the log files (note that you will have to change your file paths to make it work on your own machine). As for concerns about private keys being written to slack space or being kept in memory, these behaviors no longer exist after the original wallet encryption PR and the shutting down solution from 2011. cc @ryanofsky Tree-SHA512: 34b894283b0677a873d06dee46dff8424dec85a2973009ac9b84bcf3d22d05f227c494168c395219d9aee3178e420cf70d4b3eeacc9785aa86b6015d25758e75
167 lines
7.1 KiB
Python
Executable file
167 lines
7.1 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
# Copyright (c) 2016-2018 The Bitcoin Core developers
|
|
# Distributed under the MIT software license, see the accompanying
|
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
"""Test the dumpwallet RPC."""
|
|
|
|
import os
|
|
|
|
from test_framework.test_framework import BitcoinTestFramework
|
|
from test_framework.util import (
|
|
assert_equal,
|
|
assert_raises_rpc_error,
|
|
)
|
|
|
|
|
|
def read_dump(file_name, addrs, script_addrs, hd_master_addr_old):
|
|
"""
|
|
Read the given dump, count the addrs that match, count change and reserve.
|
|
Also check that the old hd_master is inactive
|
|
"""
|
|
with open(file_name, encoding='utf8') as inputfile:
|
|
found_addr = 0
|
|
found_script_addr = 0
|
|
found_addr_chg = 0
|
|
found_addr_rsv = 0
|
|
witness_addr_ret = None
|
|
hd_master_addr_ret = None
|
|
for line in inputfile:
|
|
# only read non comment lines
|
|
if line[0] != "#" and len(line) > 10:
|
|
# split out some data
|
|
key_date_label, comment = line.split("#")
|
|
key_date_label = key_date_label.split(" ")
|
|
# key = key_date_label[0]
|
|
date = key_date_label[1]
|
|
keytype = key_date_label[2]
|
|
|
|
imported_key = date == '1970-01-01T00:00:01Z'
|
|
if imported_key:
|
|
# Imported keys have multiple addresses, no label (keypath) and timestamp
|
|
# Skip them
|
|
continue
|
|
|
|
addr_keypath = comment.split(" addr=")[1]
|
|
addr = addr_keypath.split(" ")[0]
|
|
keypath = None
|
|
if keytype == "inactivehdseed=1":
|
|
# ensure the old master is still available
|
|
assert (hd_master_addr_old == addr)
|
|
elif keytype == "hdseed=1":
|
|
# ensure we have generated a new hd master key
|
|
assert (hd_master_addr_old != addr)
|
|
hd_master_addr_ret = addr
|
|
elif keytype == "script=1":
|
|
# scripts don't have keypaths
|
|
keypath = None
|
|
else:
|
|
keypath = addr_keypath.rstrip().split("hdkeypath=")[1]
|
|
|
|
# count key types
|
|
for addrObj in addrs:
|
|
if addrObj['address'] == addr.split(",")[0] and addrObj['hdkeypath'] == keypath and keytype == "label=":
|
|
# a labeled entry in the wallet should contain both a native address
|
|
# and the p2sh-p2wpkh address that was added at wallet setup
|
|
if len(addr.split(",")) == 2:
|
|
addr_list = addr.split(",")
|
|
# the entry should be of the first key in the wallet
|
|
assert_equal(addrs[0]['address'], addr_list[0])
|
|
witness_addr_ret = addr_list[1]
|
|
found_addr += 1
|
|
break
|
|
elif keytype == "change=1":
|
|
found_addr_chg += 1
|
|
break
|
|
elif keytype == "reserve=1":
|
|
found_addr_rsv += 1
|
|
break
|
|
|
|
# count scripts
|
|
for script_addr in script_addrs:
|
|
if script_addr == addr.rstrip() and keytype == "script=1":
|
|
found_script_addr += 1
|
|
break
|
|
|
|
return found_addr, found_script_addr, found_addr_chg, found_addr_rsv, hd_master_addr_ret, witness_addr_ret
|
|
|
|
|
|
class WalletDumpTest(BitcoinTestFramework):
|
|
def set_test_params(self):
|
|
self.num_nodes = 1
|
|
self.extra_args = [["-keypool=90", "-addresstype=legacy", "-deprecatedrpc=addwitnessaddress"]]
|
|
self.rpc_timeout = 120
|
|
|
|
def skip_test_if_missing_module(self):
|
|
self.skip_if_no_wallet()
|
|
|
|
def setup_network(self, split=False):
|
|
self.add_nodes(self.num_nodes, extra_args=self.extra_args)
|
|
self.start_nodes()
|
|
|
|
def run_test(self):
|
|
wallet_unenc_dump = os.path.join(self.nodes[0].datadir, "wallet.unencrypted.dump")
|
|
wallet_enc_dump = os.path.join(self.nodes[0].datadir, "wallet.encrypted.dump")
|
|
|
|
# generate 20 addresses to compare against the dump
|
|
# but since we add a p2sh-p2wpkh address for the first pubkey in the
|
|
# wallet, we will expect 21 addresses in the dump
|
|
test_addr_count = 20
|
|
addrs = []
|
|
for i in range(0,test_addr_count):
|
|
addr = self.nodes[0].getnewaddress()
|
|
vaddr= self.nodes[0].getaddressinfo(addr) #required to get hd keypath
|
|
addrs.append(vaddr)
|
|
# Should be a no-op:
|
|
self.nodes[0].keypoolrefill()
|
|
|
|
# Test scripts dump by adding a P2SH witness and a 1-of-1 multisig address
|
|
witness_addr = self.nodes[0].addwitnessaddress(addrs[0]["address"], True)
|
|
multisig_addr = self.nodes[0].addmultisigaddress(1, [addrs[1]["address"]])["address"]
|
|
script_addrs = [witness_addr, multisig_addr]
|
|
|
|
# dump unencrypted wallet
|
|
result = self.nodes[0].dumpwallet(wallet_unenc_dump)
|
|
assert_equal(result['filename'], wallet_unenc_dump)
|
|
|
|
found_addr, found_script_addr, found_addr_chg, found_addr_rsv, hd_master_addr_unenc, witness_addr_ret = \
|
|
read_dump(wallet_unenc_dump, addrs, script_addrs, None)
|
|
assert_equal(found_addr, test_addr_count) # all keys must be in the dump
|
|
assert_equal(found_script_addr, 2) # all scripts must be in the dump
|
|
assert_equal(found_addr_chg, 0) # 0 blocks where mined
|
|
assert_equal(found_addr_rsv, 90 * 2) # 90 keys plus 100% internal keys
|
|
assert_equal(witness_addr_ret, witness_addr) # p2sh-p2wsh address added to the first key
|
|
|
|
#encrypt wallet, restart, unlock and dump
|
|
self.nodes[0].encryptwallet('test')
|
|
self.nodes[0].walletpassphrase('test', 10)
|
|
# Should be a no-op:
|
|
self.nodes[0].keypoolrefill()
|
|
self.nodes[0].dumpwallet(wallet_enc_dump)
|
|
|
|
found_addr, found_script_addr, found_addr_chg, found_addr_rsv, _, witness_addr_ret = \
|
|
read_dump(wallet_enc_dump, addrs, script_addrs, hd_master_addr_unenc)
|
|
assert_equal(found_addr, test_addr_count)
|
|
assert_equal(found_script_addr, 2)
|
|
assert_equal(found_addr_chg, 90 * 2) # old reserve keys are marked as change now
|
|
assert_equal(found_addr_rsv, 90 * 2)
|
|
assert_equal(witness_addr_ret, witness_addr)
|
|
|
|
# Overwriting should fail
|
|
assert_raises_rpc_error(-8, "already exists", lambda: self.nodes[0].dumpwallet(wallet_enc_dump))
|
|
|
|
# Restart node with new wallet, and test importwallet
|
|
self.stop_node(0)
|
|
self.start_node(0, ['-wallet=w2'])
|
|
|
|
# Make sure the address is not IsMine before import
|
|
result = self.nodes[0].getaddressinfo(multisig_addr)
|
|
assert(result['ismine'] == False)
|
|
|
|
self.nodes[0].importwallet(wallet_unenc_dump)
|
|
|
|
# Now check IsMine is true
|
|
result = self.nodes[0].getaddressinfo(multisig_addr)
|
|
assert(result['ismine'] == True)
|
|
|
|
if __name__ == '__main__':
|
|
WalletDumpTest().main()
|