fix: remove optionals from wallet set up #4984
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jorgeantonio21
commented
Dec 1, 2022
| ); | ||
| return Err(WalletStorageError::InvalidPassphrase); | ||
| let cipher = match (db_passphrase_hash, db_encryption_salt) { | ||
| (None, None) => { |
There was a problem hiding this comment.
We will clean up this code in a posterior PR, which goal is to change the Backend api. Doing so here, would require a lot of further refactoring.
SWvheerden
reviewed
Dec 2, 2022
There was a problem hiding this comment.
This looks good.
But I would say we need to remove all the possible encryption stuff in this PR.
This PR is already big, but most of the changes are tests.
We still have the ``apply_encryptionandremove_encryption` functions. I would remove them.
We are enforcing encryption, but in the same breath, we allow a public outward function to decrypt the db.
When this PR gets merged, we should not have the backend be in two possible states, it should only be encrypted.
jorgeantonio21
added
P-controversial
stringhandler
approved these changes
Dec 7, 2022
stringhandler
pushed a commit
that referenced
this pull request
Dec 8, 2022
#5022) Description --- Enforces display of seed words for newly created wallet. Motivation and Context --- In a previous refactor (#4984), a component of the wallet was accidentally removed, namely the prompt of seed words for newly created wallet. How Has This Been Tested? --- In a folder with no wallet db, run `cargo run --release --bin tari_console_wallet` and chose the option create new wallet.
stringhandler
pushed a commit
that referenced
this pull request
Jan 3, 2023
Description --- Improves handling of database encryption keys. Motivation and Context --- A [recent PR](#4984) hardens the codebase's handling of encrypted database fields. It stores the derived key used for encryption as a `Zeroizing` array. This work changes the key type to be a `Hidden` wrapper of a `SafeArray`, which prevents unintended output of the key and tries to prevent copies and moves. How Has This Been Tested? --- Existing tests pass.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Currently, it is possible to set up a wallet (in creation/recovery/existing mode) without a password. This is not desirable, as in that case, sensitive data might be potentially stored in the database and leak in memory. We address this issue by enforcing passphrase creation.
Motivation and Context
For more details see issue #4977.
How Has This Been Tested?