From 921dd8dde5d381052d0aa2936304a3541a230c55 Mon Sep 17 00:00:00 2001
From: Sarang Noether <32460187+SarangNoether@users.noreply.github.com>
Date: Sun, 9 Aug 2020 19:11:54 -0400
Subject: Use domain-separated ChaCha20 for in-memory key encryption

---
 src/wallet/wallet2.cpp | 16 ++++++++++++++++
 src/wallet/wallet2.h   | 11 +++++++++++
 2 files changed, 27 insertions(+)

(limited to 'src/wallet')

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index d7ed3e999..f273eb368 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -4349,9 +4349,24 @@ bool wallet2::load_keys_buf(const std::string& keys_buf, const epee::wipeable_st
 
   if (r)
   {
+    // Decrypt keys, using one of two possible methods
     if (encrypted_secret_keys)
     {
+      // First try the updated method
       m_account.decrypt_keys(key);
+      load_info.is_legacy_key_encryption = false;
+
+      // Test address construction to see if decryption succeeded
+      const cryptonote::account_keys &keys = m_account.get_keys();
+      hw::device &hwdev = m_account.get_device();
+      if (!hwdev.verify_keys(keys.m_view_secret_key, keys.m_account_address.m_view_public_key) || !hwdev.verify_keys(keys.m_spend_secret_key, keys.m_account_address.m_spend_public_key))
+      {
+        // Updated method failed; try the legacy method
+        // Note that we must first encrypt the keys again with the same IV
+        m_account.encrypt_keys_same_iv(key);
+        m_account.decrypt_legacy(key);
+        load_info.is_legacy_key_encryption = true;
+      }
     }
     else
     {
@@ -5555,6 +5570,7 @@ void wallet2::load(const std::string& wallet_, const epee::wipeable_string& pass
 {
   clear();
   prepare_file_names(wallet_);
+  MINFO("Keys file: " << m_keys_file);
 
   // determine if loading from file system or string buffer
   bool use_fs = !wallet_.empty();
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 712f91613..1d26c6a00 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -219,6 +219,15 @@ private:
     friend class wallet_keys_unlocker;
     friend class wallet_device_callback;
   public:
+    // Contains data on how keys were loaded, primarily for unit test purposes
+    struct load_info_t {
+        bool is_legacy_key_encryption;
+    };
+
+    const load_info_t &get_load_info() const {
+        return load_info;
+    }
+
     static constexpr const std::chrono::seconds rpc_timeout = std::chrono::minutes(3) + std::chrono::seconds(30);
 
     enum RefreshType {
@@ -1407,6 +1416,8 @@ private:
     static std::string get_default_daemon_address() { CRITICAL_REGION_LOCAL(default_daemon_address_lock); return default_daemon_address; }
 
   private:
+    load_info_t load_info;
+
     /*!
      * \brief  Stores wallet information to wallet file.
      * \param  keys_file_name Name of wallet file
-- 
cgit v1.2.3