mirror of
https://github.com/ElementsProject/lightning.git
synced 2025-03-02 18:35:00 +01:00
pytest: test hsm_secret encryption
This commit is contained in:
darosior
neil saitug
parent
c9982f9f49
commit
1c27545f9e
1 changed files with 45 additions and 1 deletions
|
|
@ -3,9 +3,11 @@ from fixtures import * # noqa: F401,F403
|
|||
from fixtures import TEST_NETWORK
|
||||
from flaky import flaky # noqa: F401
|
||||
from lightning import RpcError, Millisatoshi
|
||||
from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT
|
||||
from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT, VALGRIND, SLOW_MACHINE
|
||||
|
||||
import os
|
||||
import pytest
|
||||
import subprocess
|
||||
import time
|
||||
import unittest
|
||||
|
||||
|
|
@ -562,3 +564,45 @@ def test_transaction_annotations(node_factory, bitcoind):
|
|||
assert(len(peers) == 1 and len(peers[0]['channels']) == 1)
|
||||
scid = peers[0]['channels'][0]['short_channel_id']
|
||||
assert(txs[1]['outputs'][fundidx]['channel'] == scid)
|
||||
|
||||
|
||||
@unittest.skipIf(VALGRIND, "It does not play well with prompt and key derivation.")
|
||||
def test_hsm_secret_encryption(node_factory, executor):
|
||||
l1 = node_factory.get_node()
|
||||
password = "reckful\n"
|
||||
# We need to simulate a terminal to use termios in `lightningd`.
|
||||
master_fd, slave_fd = os.openpty()
|
||||
|
||||
# Test we can encrypt an already-existing and not encrypted hsm_secret
|
||||
l1.rpc.stop()
|
||||
l1.daemon.opts.update({"encrypted-hsm": None})
|
||||
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False)
|
||||
time.sleep(3 if SLOW_MACHINE else 1)
|
||||
os.write(master_fd, password.encode("utf-8"))
|
||||
l1.daemon.wait_for_log("Server started with public key")
|
||||
id = l1.rpc.getinfo()["id"]
|
||||
|
||||
# Test we cannot start the same wallet without specifying --encrypted-hsm
|
||||
l1.stop()
|
||||
l1.daemon.opts.pop("encrypted-hsm")
|
||||
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT,
|
||||
wait_for_initialized=False)
|
||||
time.sleep(3 if SLOW_MACHINE else 1)
|
||||
os.write(master_fd, password[2:].encode("utf-8"))
|
||||
err = "hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option."
|
||||
assert l1.daemon.is_in_log(err)
|
||||
|
||||
# Test we cannot restore the same wallet with another password
|
||||
l1.daemon.opts.update({"encrypted-hsm": None})
|
||||
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT,
|
||||
wait_for_initialized=False)
|
||||
time.sleep(3 if SLOW_MACHINE else 1)
|
||||
os.write(master_fd, password[2:].encode("utf-8"))
|
||||
l1.daemon.wait_for_log("Wrong password for encrypted hsm_secret.")
|
||||
|
||||
# Test we can restore the same wallet with the same password
|
||||
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False)
|
||||
time.sleep(3 if SLOW_MACHINE else 1)
|
||||
os.write(master_fd, password.encode("utf-8"))
|
||||
l1.daemon.wait_for_log("Server started with public key")
|
||||
assert id == l1.rpc.getinfo()["id"]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue