LCOV - code coverage report
Current view: top level - src/wallet/rpc - encrypt.cpp (source / functions) Hit Total Coverage
Test: fuzz_coverage.info Lines: 15 149 10.1 %
Date: 2024-01-03 14:57:27 Functions: 0 18 0.0 %
Branches: 19 544 3.5 %

           Branch data     Line data    Source code
       1                 :            : // Copyright (c) 2011-2022 The Bitcoin Core developers
       2                 :            : // Distributed under the MIT software license, see the accompanying
       3                 :            : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4                 :            : 
       5                 :            : #include <rpc/util.h>
       6                 :            : #include <wallet/rpc/util.h>
       7                 :            : #include <wallet/wallet.h>
       8                 :            : 
       9                 :            : 
      10                 :            : namespace wallet {
      11                 :          0 : RPCHelpMan walletpassphrase()
      12                 :            : {
      13 [ #  # ][ #  # ]:          0 :     return RPCHelpMan{"walletpassphrase",
                 [ #  # ]
      14         [ #  # ]:          0 :                 "\nStores the wallet decryption key in memory for 'timeout' seconds.\n"
      15                 :            :                 "This is needed prior to performing transactions related to private keys such as sending bitcoins\n"
      16                 :            :             "\nNote:\n"
      17                 :            :             "Issuing the walletpassphrase command while the wallet is already unlocked will set a new unlock\n"
      18                 :            :             "time that overrides the old one.\n",
      19         [ #  # ]:          0 :                 {
      20 [ #  # ][ #  # ]:          0 :                     {"passphrase", RPCArg::Type::STR, RPCArg::Optional::NO, "The wallet passphrase"},
                 [ #  # ]
      21 [ #  # ][ #  # ]:          0 :                     {"timeout", RPCArg::Type::NUM, RPCArg::Optional::NO, "The time to keep the decryption key in seconds; capped at 100000000 (~3 years)."},
                 [ #  # ]
      22                 :            :                 },
      23 [ #  # ][ #  # ]:          0 :                 RPCResult{RPCResult::Type::NONE, "", ""},
         [ #  # ][ #  # ]
      24         [ #  # ]:          0 :                 RPCExamples{
      25                 :            :             "\nUnlock the wallet for 60 seconds\n"
      26 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("walletpassphrase", "\"my pass phrase\" 60") +
         [ #  # ][ #  # ]
                 [ #  # ]
      27                 :          2 :             "\nLock the wallet again (before 60 seconds)\n"
      28 [ +  - ][ +  - ]:          6 :             + HelpExampleCli("walletlock", "") +
         [ +  - ][ -  + ]
         [ #  # ][ #  # ]
         [ #  # ][ #  # ]
         [ #  # ][ #  # ]
      29 [ +  - ][ +  - ]:          2 :             "\nAs a JSON-RPC call\n"
                 [ +  - ]
      30 [ +  - ][ +  - ]:          2 :             + HelpExampleRpc("walletpassphrase", "\"my pass phrase\", 60")
         [ +  - ][ #  # ]
         [ #  # ][ #  # ]
                 [ #  # ]
      31                 :            :                 },
      32                 :          0 :         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
      33                 :            : {
      34                 :          0 :     std::shared_ptr<CWallet> const wallet = GetWalletForJSONRPCRequest(request);
      35 [ #  # ][ #  # ]:          0 :     if (!wallet) return UniValue::VNULL;
      36                 :          0 :     CWallet* const pwallet = wallet.get();
      37                 :            : 
      38                 :            :     int64_t nSleepTime;
      39                 :            :     int64_t relock_time;
      40                 :            :     // Prevent concurrent calls to walletpassphrase with the same wallet.
      41 [ #  # ][ #  # ]:          0 :     LOCK(pwallet->m_unlock_mutex);
      42                 :            :     {
      43 [ #  # ][ #  # ]:          0 :         LOCK(pwallet->cs_wallet);
      44                 :            : 
      45 [ #  # ][ #  # ]:          0 :         if (!pwallet->IsCrypted()) {
      46 [ #  # ][ #  # ]:          0 :             throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrase was called.");
                 [ #  # ]
      47                 :            :         }
      48                 :            : 
      49                 :            :         // Note that the walletpassphrase is stored in request.params[0] which is not mlock()ed
      50                 :          0 :         SecureString strWalletPass;
      51         [ #  # ]:          0 :         strWalletPass.reserve(100);
      52 [ #  # ][ #  # ]:          0 :         strWalletPass = std::string_view{request.params[0].get_str()};
                 [ #  # ]
      53                 :            : 
      54                 :            :         // Get the timeout
      55 [ #  # ][ #  # ]:          0 :         nSleepTime = request.params[1].getInt<int64_t>();
      56                 :            :         // Timeout cannot be negative, otherwise it will relock immediately
      57         [ #  # ]:          0 :         if (nSleepTime < 0) {
      58 [ #  # ][ #  # ]:          0 :             throw JSONRPCError(RPC_INVALID_PARAMETER, "Timeout cannot be negative.");
                 [ #  # ]
      59                 :            :         }
      60                 :            :         // Clamp timeout
      61                 :          0 :         constexpr int64_t MAX_SLEEP_TIME = 100000000; // larger values trigger a macos/libevent bug?
      62         [ #  # ]:          0 :         if (nSleepTime > MAX_SLEEP_TIME) {
      63                 :          0 :             nSleepTime = MAX_SLEEP_TIME;
      64                 :          0 :         }
      65                 :            : 
      66         [ #  # ]:          0 :         if (strWalletPass.empty()) {
      67 [ #  # ][ #  # ]:          0 :             throw JSONRPCError(RPC_INVALID_PARAMETER, "passphrase cannot be empty");
                 [ #  # ]
      68                 :            :         }
      69                 :            : 
      70 [ #  # ][ #  # ]:          0 :         if (!pwallet->Unlock(strWalletPass)) {
      71                 :            :             // Check if the passphrase has a null character (see #27067 for details)
      72         [ #  # ]:          0 :             if (strWalletPass.find('\0') == std::string::npos) {
      73 [ #  # ][ #  # ]:          0 :                 throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
                 [ #  # ]
      74                 :            :             } else {
      75 [ #  # ][ #  # ]:          0 :                 throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered is incorrect. "
                 [ #  # ]
      76                 :            :                                                                     "It contains a null character (ie - a zero byte). "
      77                 :            :                                                                     "If the passphrase was set with a version of this software prior to 25.0, "
      78                 :            :                                                                     "please try again with only the characters up to — but not including — "
      79                 :            :                                                                     "the first null character. If this is successful, please set a new "
      80                 :            :                                                                     "passphrase to avoid this issue in the future.");
      81                 :            :             }
      82                 :            :         }
      83                 :            : 
      84         [ #  # ]:          0 :         pwallet->TopUpKeyPool();
      85                 :            : 
      86         [ #  # ]:          0 :         pwallet->nRelockTime = GetTime() + nSleepTime;
      87                 :          0 :         relock_time = pwallet->nRelockTime;
      88                 :          0 :     }
      89                 :            : 
      90                 :            :     // rpcRunLater must be called without cs_wallet held otherwise a deadlock
      91                 :            :     // can occur. The deadlock would happen when RPCRunLater removes the
      92                 :            :     // previous timer (and waits for the callback to finish if already running)
      93                 :            :     // and the callback locks cs_wallet.
      94         [ #  # ]:          0 :     AssertLockNotHeld(wallet->cs_wallet);
      95                 :            :     // Keep a weak pointer to the wallet so that it is possible to unload the
      96                 :            :     // wallet before the following callback is called. If a valid shared pointer
      97                 :            :     // is acquired in the callback then the wallet is still loaded.
      98                 :          2 :     std::weak_ptr<CWallet> weak_wallet = wallet;
      99 [ #  # ][ #  # ]:          0 :     pwallet->chain().rpcRunLater(strprintf("lockwallet(%s)", pwallet->GetName()), [weak_wallet, relock_time] {
         [ #  # ][ #  # ]
                 [ #  # ]
     100 [ #  # ][ #  # ]:          0 :         if (auto shared_wallet = weak_wallet.lock()) {
     101 [ #  # ][ #  # ]:          0 :             LOCK2(shared_wallet->m_relock_mutex, shared_wallet->cs_wallet);
     102                 :            :             // Skip if this is not the most recent rpcRunLater callback.
     103         [ #  # ]:          0 :             if (shared_wallet->nRelockTime != relock_time) return;
     104         [ #  # ]:          0 :             shared_wallet->Lock();
     105                 :          0 :             shared_wallet->nRelockTime = 0;
     106         [ #  # ]:          2 :         }
     107                 :          0 :     }, nSleepTime);
     108                 :            : 
     109         [ #  # ]:          0 :     return UniValue::VNULL;
     110                 :          0 : },
     111                 :            :     };
     112                 :          0 : }
     113                 :            : 
     114                 :            : 
     115                 :          0 : RPCHelpMan walletpassphrasechange()
     116                 :            : {
     117 [ #  # ][ #  # ]:          0 :     return RPCHelpMan{"walletpassphrasechange",
                 [ #  # ]
     118         [ #  # ]:          0 :                 "\nChanges the wallet passphrase from 'oldpassphrase' to 'newpassphrase'.\n",
     119         [ #  # ]:          0 :                 {
     120 [ #  # ][ #  # ]:          0 :                     {"oldpassphrase", RPCArg::Type::STR, RPCArg::Optional::NO, "The current passphrase"},
                 [ #  # ]
     121 [ #  # ][ #  # ]:          0 :                     {"newpassphrase", RPCArg::Type::STR, RPCArg::Optional::NO, "The new passphrase"},
                 [ #  # ]
     122                 :            :                 },
     123 [ #  # ][ #  # ]:          0 :                 RPCResult{RPCResult::Type::NONE, "", ""},
         [ #  # ][ #  # ]
     124         [ #  # ]:          0 :                 RPCExamples{
     125 [ #  # ][ #  # ]:          0 :                     HelpExampleCli("walletpassphrasechange", "\"old one\" \"new one\"")
                 [ #  # ]
     126 [ #  # ][ #  # ]:          0 :             + HelpExampleRpc("walletpassphrasechange", "\"old one\", \"new one\"")
         [ #  # ][ #  # ]
     127                 :            :                 },
     128                 :          0 :         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
     129                 :            : {
     130                 :          0 :     std::shared_ptr<CWallet> const pwallet = GetWalletForJSONRPCRequest(request);
     131 [ #  # ][ #  # ]:          0 :     if (!pwallet) return UniValue::VNULL;
     132                 :            : 
     133 [ #  # ][ #  # ]:          0 :     if (!pwallet->IsCrypted()) {
     134 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrasechange was called.");
                 [ #  # ]
     135                 :            :     }
     136                 :            : 
     137 [ #  # ][ #  # ]:          0 :     if (pwallet->IsScanningWithPassphrase()) {
     138 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_ERROR, "Error: the wallet is currently being used to rescan the blockchain for related transactions. Please call `abortrescan` before changing the passphrase.");
                 [ #  # ]
     139                 :            :     }
     140                 :            : 
     141 [ #  # ][ #  # ]:          0 :     LOCK2(pwallet->m_relock_mutex, pwallet->cs_wallet);
     142                 :            : 
     143                 :          0 :     SecureString strOldWalletPass;
     144         [ #  # ]:          0 :     strOldWalletPass.reserve(100);
     145 [ #  # ][ #  # ]:          0 :     strOldWalletPass = std::string_view{request.params[0].get_str()};
                 [ #  # ]
     146                 :            : 
     147                 :          0 :     SecureString strNewWalletPass;
     148         [ #  # ]:          0 :     strNewWalletPass.reserve(100);
     149 [ #  # ][ #  # ]:          0 :     strNewWalletPass = std::string_view{request.params[1].get_str()};
                 [ #  # ]
     150                 :            : 
     151         [ #  # ]:          0 :     if (strOldWalletPass.empty() || strNewWalletPass.empty()) {
     152 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_INVALID_PARAMETER, "passphrase cannot be empty");
                 [ #  # ]
     153                 :            :     }
     154                 :            : 
     155 [ #  # ][ #  # ]:          0 :     if (!pwallet->ChangeWalletPassphrase(strOldWalletPass, strNewWalletPass)) {
     156                 :            :         // Check if the old passphrase had a null character (see #27067 for details)
     157         [ #  # ]:          0 :         if (strOldWalletPass.find('\0') == std::string::npos) {
     158 [ #  # ][ #  # ]:          0 :             throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
                 [ #  # ]
     159                 :            :         } else {
     160 [ #  # ][ #  # ]:          0 :             throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The old wallet passphrase entered is incorrect. "
                 [ #  # ]
     161                 :            :                                                                 "It contains a null character (ie - a zero byte). "
     162                 :            :                                                                 "If the old passphrase was set with a version of this software prior to 25.0, "
     163         [ +  - ]:          2 :                                                                 "please try again with only the characters up to — but not including — "
     164         [ +  - ]:          2 :                                                                 "the first null character.");
     165         [ +  - ]:          2 :         }
     166         [ +  - ]:          2 :     }
     167         [ +  - ]:          2 : 
     168 [ +  - ][ #  # ]:          2 :     return UniValue::VNULL;
     169         [ +  - ]:          2 : },
     170         [ +  - ]:          2 :     };
     171                 :          0 : }
     172                 :            : 
     173                 :            : 
     174                 :          0 : RPCHelpMan walletlock()
     175                 :            : {
     176 [ #  # ][ #  # ]:          0 :     return RPCHelpMan{"walletlock",
     177         [ #  # ]:          0 :                 "\nRemoves the wallet encryption key from memory, locking the wallet.\n"
     178                 :            :                 "After calling this method, you will need to call walletpassphrase again\n"
     179                 :            :                 "before being able to call any methods which require the wallet to be unlocked.\n",
     180                 :          0 :                 {},
     181 [ #  # ][ #  # ]:          0 :                 RPCResult{RPCResult::Type::NONE, "", ""},
         [ #  # ][ #  # ]
     182         [ #  # ]:          0 :                 RPCExamples{
     183                 :            :             "\nSet the passphrase for 2 minutes to perform a transaction\n"
     184 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("walletpassphrase", "\"my pass phrase\" 120") +
         [ #  # ][ #  # ]
                 [ #  # ]
     185                 :            :             "\nPerform a send (requires passphrase set)\n"
     186 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("sendtoaddress", "\"" + EXAMPLE_ADDRESS[0] + "\" 1.0") +
         [ #  # ][ #  # ]
         [ #  # ][ #  # ]
     187                 :            :             "\nClear the passphrase since we are done before 2 minutes is up\n"
     188 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("walletlock", "") +
         [ #  # ][ #  # ]
                 [ #  # ]
     189                 :            :             "\nAs a JSON-RPC call\n"
     190 [ #  # ][ #  # ]:          0 :             + HelpExampleRpc("walletlock", "")
         [ #  # ][ #  # ]
     191                 :            :                 },
     192                 :          0 :         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
     193                 :            : {
     194                 :          0 :     std::shared_ptr<CWallet> const pwallet = GetWalletForJSONRPCRequest(request);
     195 [ #  # ][ #  # ]:          0 :     if (!pwallet) return UniValue::VNULL;
     196                 :            : 
     197 [ #  # ][ #  # ]:          0 :     if (!pwallet->IsCrypted()) {
     198 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletlock was called.");
                 [ #  # ]
     199                 :            :     }
     200                 :            : 
     201         [ #  # ]:          0 :     if (pwallet->IsScanningWithPassphrase()) {
     202 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_ERROR, "Error: the wallet is currently being used to rescan the blockchain for related transactions. Please call `abortrescan` before locking the wallet.");
                 [ #  # ]
     203                 :            :     }
     204                 :            : 
     205 [ #  # ][ #  # ]:          0 :     LOCK2(pwallet->m_relock_mutex, pwallet->cs_wallet);
     206                 :            : 
     207         [ #  # ]:          0 :     pwallet->Lock();
     208                 :          0 :     pwallet->nRelockTime = 0;
     209                 :            : 
     210         [ #  # ]:          0 :     return UniValue::VNULL;
     211                 :          0 : },
     212                 :            :     };
     213                 :          0 : }
     214                 :            : 
     215                 :            : 
     216                 :          0 : RPCHelpMan encryptwallet()
     217                 :            : {
     218 [ #  # ][ #  # ]:          0 :     return RPCHelpMan{"encryptwallet",
                 [ #  # ]
     219         [ #  # ]:          0 :                 "\nEncrypts the wallet with 'passphrase'. This is for first time encryption.\n"
     220                 :            :                 "After this, any calls that interact with private keys such as sending or signing \n"
     221                 :            :                 "will require the passphrase to be set prior the making these calls.\n"
     222                 :            :                 "Use the walletpassphrase call for this, and then walletlock call.\n"
     223                 :            :                 "If the wallet is already encrypted, use the walletpassphrasechange call.\n"
     224                 :            :                 "** IMPORTANT **\n"
     225                 :            :                 "For security reasons, the encryption process will generate a new HD seed, resulting\n"
     226                 :            :                 "in the creation of a fresh set of active descriptors. Therefore, it is crucial to\n"
     227                 :            :                 "securely back up the newly generated wallet file using the backupwallet RPC.\n",
     228         [ #  # ]:          0 :                 {
     229 [ #  # ][ #  # ]:          0 :                     {"passphrase", RPCArg::Type::STR, RPCArg::Optional::NO, "The pass phrase to encrypt the wallet with. It must be at least 1 character, but should be long."},
                 [ #  # ]
     230                 :            :                 },
     231 [ #  # ][ #  # ]:          0 :                 RPCResult{RPCResult::Type::STR, "", "A string with further instructions"},
         [ #  # ][ #  # ]
     232         [ #  # ]:          0 :                 RPCExamples{
     233                 :            :             "\nEncrypt your wallet\n"
     234 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("encryptwallet", "\"my pass phrase\"") +
         [ #  # ][ #  # ]
                 [ #  # ]
     235                 :            :             "\nNow set the passphrase to use the wallet, such as for signing or sending bitcoin\n"
     236 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("walletpassphrase", "\"my pass phrase\"") +
         [ #  # ][ #  # ]
                 [ #  # ]
     237                 :            :             "\nNow we can do something like sign\n"
     238 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("signmessage", "\"address\" \"test message\"") +
         [ #  # ][ #  # ]
                 [ #  # ]
     239                 :            :             "\nNow lock the wallet again by removing the passphrase\n"
     240 [ #  # ][ #  # ]:          0 :             + HelpExampleCli("walletlock", "") +
         [ #  # ][ #  # ]
                 [ #  # ]
     241                 :            :             "\nAs a JSON-RPC call\n"
     242 [ #  # ][ #  # ]:          0 :             + HelpExampleRpc("encryptwallet", "\"my pass phrase\"")
         [ #  # ][ #  # ]
     243                 :            :                 },
     244                 :          0 :         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
     245                 :            : {
     246                 :          0 :     std::shared_ptr<CWallet> const pwallet = GetWalletForJSONRPCRequest(request);
     247 [ #  # ][ #  # ]:          0 :     if (!pwallet) return UniValue::VNULL;
     248                 :            : 
     249 [ #  # ][ #  # ]:          0 :     if (pwallet->IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
     250 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_ENCRYPTION_FAILED, "Error: wallet does not contain private keys, nothing to encrypt.");
                 [ #  # ]
     251                 :            :     }
     252                 :            : 
     253 [ #  # ][ #  # ]:          0 :     if (pwallet->IsCrypted()) {
     254 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an encrypted wallet, but encryptwallet was called.");
                 [ #  # ]
     255                 :            :     }
     256                 :            : 
     257         [ #  # ]:          0 :     if (pwallet->IsScanningWithPassphrase()) {
     258 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_ERROR, "Error: the wallet is currently being used to rescan the blockchain for related transactions. Please call `abortrescan` before encrypting the wallet.");
                 [ #  # ]
     259                 :            :     }
     260                 :            : 
     261 [ #  # ][ #  # ]:          0 :     LOCK2(pwallet->m_relock_mutex, pwallet->cs_wallet);
     262                 :            : 
     263                 :          0 :     SecureString strWalletPass;
     264         [ #  # ]:          0 :     strWalletPass.reserve(100);
     265 [ #  # ][ #  # ]:          0 :     strWalletPass = std::string_view{request.params[0].get_str()};
                 [ #  # ]
     266                 :            : 
     267 [ +  - ][ #  # ]:          2 :     if (strWalletPass.empty()) {
     268 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_INVALID_PARAMETER, "passphrase cannot be empty");
                 [ #  # ]
     269                 :            :     }
     270                 :            : 
     271 [ #  # ][ #  # ]:          0 :     if (!pwallet->EncryptWallet(strWalletPass)) {
     272 [ #  # ][ #  # ]:          0 :         throw JSONRPCError(RPC_WALLET_ENCRYPTION_FAILED, "Error: Failed to encrypt the wallet.");
                 [ #  # ]
     273                 :            :     }
     274                 :            : 
     275         [ #  # ]:          0 :     return "wallet encrypted; The keypool has been flushed and a new HD seed was generated. You need to make a new backup with the backupwallet RPC.";
     276                 :          0 : },
     277                 :            :     };
     278                 :          0 : }
     279                 :            : } // namespace wallet

Generated by: LCOV version 1.14