mirror of
https://github.com/lightningnetwork/lnd.git
synced 2024-11-19 01:43:16 +01:00
f9d99153e0
The ChangePasswords method should re-encrypt all the root keys found in the store, not just the default root key.
533 lines
13 KiB
Go
533 lines
13 KiB
Go
package macaroons
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/rand"
|
|
"fmt"
|
|
"io"
|
|
"sync"
|
|
|
|
"github.com/btcsuite/btcwallet/snacl"
|
|
"github.com/btcsuite/btcwallet/walletdb"
|
|
"github.com/lightningnetwork/lnd/kvdb"
|
|
)
|
|
|
|
const (
|
|
// RootKeyLen is the length of a root key.
|
|
RootKeyLen = 32
|
|
)
|
|
|
|
var (
|
|
// rootKeyBucketName is the name of the root key store bucket.
|
|
rootKeyBucketName = []byte("macrootkeys")
|
|
|
|
// DefaultRootKeyID is the ID of the default root key. The first is
|
|
// just 0, to emulate the memory storage that comes with bakery.
|
|
DefaultRootKeyID = []byte("0")
|
|
|
|
// encryptionKeyID is the name of the database key that stores the
|
|
// encryption key, encrypted with a salted + hashed password. The
|
|
// format is 32 bytes of salt, and the rest is encrypted key.
|
|
encryptionKeyID = []byte("enckey")
|
|
|
|
// ErrAlreadyUnlocked specifies that the store has already been
|
|
// unlocked.
|
|
ErrAlreadyUnlocked = fmt.Errorf("macaroon store already unlocked")
|
|
|
|
// ErrStoreLocked specifies that the store needs to be unlocked with
|
|
// a password.
|
|
ErrStoreLocked = fmt.Errorf("macaroon store is locked")
|
|
|
|
// ErrPasswordRequired specifies that a nil password has been passed.
|
|
ErrPasswordRequired = fmt.Errorf("a non-nil password is required")
|
|
|
|
// ErrKeyValueForbidden is used when the root key ID uses encryptedKeyID as
|
|
// its value.
|
|
ErrKeyValueForbidden = fmt.Errorf("root key ID value is not allowed")
|
|
|
|
// ErrRootKeyBucketNotFound specifies that there is no macaroon root key
|
|
// bucket yet which can/should only happen if the store has been
|
|
// corrupted or was initialized incorrectly.
|
|
ErrRootKeyBucketNotFound = fmt.Errorf("root key bucket not found")
|
|
|
|
// ErrEncKeyNotFound specifies that there was no encryption key found
|
|
// even if one was expected to be generated.
|
|
ErrEncKeyNotFound = fmt.Errorf("macaroon encryption key not found")
|
|
|
|
// ErrDefaultRootKeyNotFound is returned when the default root key is
|
|
// not found in the DB when it is expected to be.
|
|
ErrDefaultRootKeyNotFound = fmt.Errorf("default root key not found")
|
|
)
|
|
|
|
// RootKeyStorage implements the bakery.RootKeyStorage interface.
|
|
type RootKeyStorage struct {
|
|
kvdb.Backend
|
|
|
|
encKeyMtx sync.RWMutex
|
|
encKey *snacl.SecretKey
|
|
}
|
|
|
|
// NewRootKeyStorage creates a RootKeyStorage instance.
|
|
func NewRootKeyStorage(db kvdb.Backend) (*RootKeyStorage, error) {
|
|
// If the store's bucket doesn't exist, create it.
|
|
err := kvdb.Update(db, func(tx kvdb.RwTx) error {
|
|
_, err := tx.CreateTopLevelBucket(rootKeyBucketName)
|
|
return err
|
|
}, func() {})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Return the DB wrapped in a RootKeyStorage object.
|
|
return &RootKeyStorage{
|
|
Backend: db,
|
|
encKey: nil,
|
|
}, nil
|
|
}
|
|
|
|
// CreateUnlock sets an encryption key if one is not already set, otherwise it
|
|
// checks if the password is correct for the stored encryption key.
|
|
func (r *RootKeyStorage) CreateUnlock(password *[]byte) error {
|
|
r.encKeyMtx.Lock()
|
|
defer r.encKeyMtx.Unlock()
|
|
|
|
// Check if we've already unlocked the store; return an error if so.
|
|
if r.encKey != nil {
|
|
return ErrAlreadyUnlocked
|
|
}
|
|
|
|
// Check if a nil password has been passed; return an error if so.
|
|
if password == nil {
|
|
return ErrPasswordRequired
|
|
}
|
|
|
|
return kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
dbKey := bucket.Get(encryptionKeyID)
|
|
if len(dbKey) > 0 {
|
|
// We've already stored a key, so try to unlock with
|
|
// the password.
|
|
encKey := &snacl.SecretKey{}
|
|
err := encKey.Unmarshal(dbKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = encKey.DeriveKey(password)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
r.encKey = encKey
|
|
return nil
|
|
}
|
|
|
|
// We haven't yet stored a key, so create a new one.
|
|
encKey, err := snacl.NewSecretKey(
|
|
password, scryptN, scryptR, scryptP,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = bucket.Put(encryptionKeyID, encKey.Marshal())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
r.encKey = encKey
|
|
return nil
|
|
}, func() {})
|
|
}
|
|
|
|
// ChangePassword decrypts all the macaroon root keys with the old password and
|
|
// then encrypts them again with the new password.
|
|
func (r *RootKeyStorage) ChangePassword(oldPw, newPw []byte) error {
|
|
// We need the store to already be unlocked. With this we can make sure
|
|
// that there already is a key in the DB.
|
|
if r.encKey == nil {
|
|
return ErrStoreLocked
|
|
}
|
|
|
|
// Check if a nil password has been passed; return an error if so.
|
|
if oldPw == nil || newPw == nil {
|
|
return ErrPasswordRequired
|
|
}
|
|
|
|
return kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
|
|
// The encryption key must be present, otherwise we are in the
|
|
// wrong state to change the password.
|
|
encKeyDB := bucket.Get(encryptionKeyID)
|
|
if len(encKeyDB) == 0 {
|
|
return ErrEncKeyNotFound
|
|
}
|
|
|
|
// Unmarshal parameters for old encryption key and derive the
|
|
// old key with them.
|
|
encKeyOld := &snacl.SecretKey{}
|
|
err := encKeyOld.Unmarshal(encKeyDB)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = encKeyOld.DeriveKey(&oldPw)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Create a new encryption key from the new password.
|
|
encKeyNew, err := snacl.NewSecretKey(
|
|
&newPw, scryptN, scryptR, scryptP,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// foundDefaultRootKey is used to keep track of if we have
|
|
// found and re-encrypted the default root key so that we can
|
|
// return an error if it is not found.
|
|
var foundDefaultRootKey bool
|
|
err = bucket.ForEach(func(k, v []byte) error {
|
|
// Skip the key if it is the encryption key ID since
|
|
// we do not want to re-encrypt this.
|
|
if bytes.Equal(k, encryptionKeyID) {
|
|
return nil
|
|
}
|
|
|
|
if bytes.Equal(k, DefaultRootKeyID) {
|
|
foundDefaultRootKey = true
|
|
}
|
|
|
|
// Now try to decrypt the root key with the old
|
|
// encryption key, encrypt it with the new one and then
|
|
// store it in the DB.
|
|
decryptedKey, err := encKeyOld.Decrypt(v)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
encryptedKey, err := encKeyNew.Encrypt(decryptedKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return bucket.Put(k, encryptedKey)
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !foundDefaultRootKey {
|
|
return ErrDefaultRootKeyNotFound
|
|
}
|
|
|
|
// Finally, store the new encryption key parameters in the DB
|
|
// as well.
|
|
err = bucket.Put(encryptionKeyID, encKeyNew.Marshal())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
r.encKey = encKeyNew
|
|
return nil
|
|
}, func() {})
|
|
}
|
|
|
|
// Get implements the Get method for the bakery.RootKeyStorage interface.
|
|
func (r *RootKeyStorage) Get(_ context.Context, id []byte) ([]byte, error) {
|
|
r.encKeyMtx.RLock()
|
|
defer r.encKeyMtx.RUnlock()
|
|
|
|
if r.encKey == nil {
|
|
return nil, ErrStoreLocked
|
|
}
|
|
var rootKey []byte
|
|
err := kvdb.View(r.Backend, func(tx kvdb.RTx) error {
|
|
bucket := tx.ReadBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
dbKey := bucket.Get(id)
|
|
if len(dbKey) == 0 {
|
|
return fmt.Errorf("root key with id %s doesn't exist",
|
|
string(id))
|
|
}
|
|
|
|
decKey, err := r.encKey.Decrypt(dbKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rootKey = make([]byte, len(decKey))
|
|
copy(rootKey[:], decKey)
|
|
return nil
|
|
}, func() {
|
|
rootKey = nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return rootKey, nil
|
|
}
|
|
|
|
// RootKey implements the RootKey method for the bakery.RootKeyStorage
|
|
// interface.
|
|
func (r *RootKeyStorage) RootKey(ctx context.Context) ([]byte, []byte, error) {
|
|
r.encKeyMtx.RLock()
|
|
defer r.encKeyMtx.RUnlock()
|
|
|
|
if r.encKey == nil {
|
|
return nil, nil, ErrStoreLocked
|
|
}
|
|
var rootKey []byte
|
|
|
|
// Read the root key ID from the context. If no key is specified in the
|
|
// context, an error will be returned.
|
|
id, err := RootKeyIDFromContext(ctx)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
if bytes.Equal(id, encryptionKeyID) {
|
|
return nil, nil, ErrKeyValueForbidden
|
|
}
|
|
|
|
err = kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
dbKey := bucket.Get(id)
|
|
|
|
// If there's a root key stored in the bucket, decrypt it and
|
|
// return it.
|
|
if len(dbKey) != 0 {
|
|
decKey, err := r.encKey.Decrypt(dbKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rootKey = make([]byte, len(decKey))
|
|
copy(rootKey[:], decKey[:])
|
|
return nil
|
|
}
|
|
|
|
// Otherwise, create a new root key, encrypt it,
|
|
// and store it in the bucket.
|
|
newKey, err := generateAndStoreNewRootKey(bucket, id, r.encKey)
|
|
rootKey = newKey
|
|
return err
|
|
}, func() {
|
|
rootKey = nil
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
return rootKey, id, nil
|
|
}
|
|
|
|
// GenerateNewRootKey generates a new macaroon root key, replacing the previous
|
|
// root key if it existed.
|
|
func (r *RootKeyStorage) GenerateNewRootKey() error {
|
|
// We need the store to already be unlocked. With this we can make sure
|
|
// that there already is a key in the DB that can be replaced.
|
|
if r.encKey == nil {
|
|
return ErrStoreLocked
|
|
}
|
|
return kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
|
|
// The default root key should be created even if it does not
|
|
// yet exist, so we do this separately from the rest of the
|
|
// root keys.
|
|
_, err := generateAndStoreNewRootKey(
|
|
bucket, DefaultRootKeyID, r.encKey,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Now iterate over all the other root keys that may exist
|
|
// and re-generate each of them.
|
|
return bucket.ForEach(func(k, v []byte) error {
|
|
if bytes.Equal(k, encryptionKeyID) {
|
|
return nil
|
|
}
|
|
|
|
if bytes.Equal(k, DefaultRootKeyID) {
|
|
return nil
|
|
}
|
|
|
|
_, err := generateAndStoreNewRootKey(
|
|
bucket, k, r.encKey,
|
|
)
|
|
|
|
return err
|
|
})
|
|
}, func() {})
|
|
}
|
|
|
|
// SetRootKey sets the default macaroon root key, replacing the previous root
|
|
// key if it existed.
|
|
func (r *RootKeyStorage) SetRootKey(rootKey []byte) error {
|
|
if r.encKey == nil {
|
|
return ErrStoreLocked
|
|
}
|
|
if len(rootKey) != RootKeyLen {
|
|
return fmt.Errorf("root key must be %v bytes",
|
|
RootKeyLen)
|
|
}
|
|
|
|
encryptedKey, err := r.encKey.Encrypt(rootKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
if bucket == nil {
|
|
return ErrRootKeyBucketNotFound
|
|
}
|
|
|
|
return bucket.Put(DefaultRootKeyID, encryptedKey)
|
|
}, func() {})
|
|
}
|
|
|
|
// Close closes the underlying database and zeroes the encryption key stored
|
|
// in memory.
|
|
func (r *RootKeyStorage) Close() error {
|
|
r.encKeyMtx.Lock()
|
|
defer r.encKeyMtx.Unlock()
|
|
|
|
if r.encKey != nil {
|
|
r.encKey.Zero()
|
|
r.encKey = nil
|
|
}
|
|
|
|
// Since we're not responsible for _creating_ the connection to our DB
|
|
// backend, we also shouldn't close it. This should be handled
|
|
// externally as to not interfere with remote DB connections in case we
|
|
// need to open/close the store twice as happens in the password change
|
|
// case.
|
|
return nil
|
|
}
|
|
|
|
// generateAndStoreNewRootKey creates a new random RootKeyLen-byte root key,
|
|
// encrypts it with the given encryption key and stores it in the bucket.
|
|
// Any previously set key will be overwritten.
|
|
func generateAndStoreNewRootKey(bucket walletdb.ReadWriteBucket, id []byte,
|
|
key *snacl.SecretKey) ([]byte, error) {
|
|
|
|
rootKey := make([]byte, RootKeyLen)
|
|
if _, err := io.ReadFull(rand.Reader, rootKey); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
encryptedKey, err := key.Encrypt(rootKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return rootKey, bucket.Put(id, encryptedKey)
|
|
}
|
|
|
|
// ListMacaroonIDs returns all the root key ID values except the value of
|
|
// encryptedKeyID.
|
|
func (r *RootKeyStorage) ListMacaroonIDs(_ context.Context) ([][]byte, error) {
|
|
r.encKeyMtx.RLock()
|
|
defer r.encKeyMtx.RUnlock()
|
|
|
|
// Check it's unlocked.
|
|
if r.encKey == nil {
|
|
return nil, ErrStoreLocked
|
|
}
|
|
|
|
var rootKeySlice [][]byte
|
|
|
|
// Read all the items in the bucket and append the keys, which are the
|
|
// root key IDs we want.
|
|
err := kvdb.View(r.Backend, func(tx kvdb.RTx) error {
|
|
// appendRootKey is a function closure that appends root key ID
|
|
// to rootKeySlice.
|
|
appendRootKey := func(k, _ []byte) error {
|
|
// Only append when the key value is not encryptedKeyID.
|
|
if !bytes.Equal(k, encryptionKeyID) {
|
|
rootKeySlice = append(rootKeySlice, k)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
return tx.ReadBucket(rootKeyBucketName).ForEach(appendRootKey)
|
|
}, func() {
|
|
rootKeySlice = nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return rootKeySlice, nil
|
|
}
|
|
|
|
// DeleteMacaroonID removes one specific root key ID. If the root key ID is
|
|
// found and deleted, it will be returned.
|
|
func (r *RootKeyStorage) DeleteMacaroonID(
|
|
_ context.Context, rootKeyID []byte) ([]byte, error) {
|
|
|
|
r.encKeyMtx.RLock()
|
|
defer r.encKeyMtx.RUnlock()
|
|
|
|
// Check it's unlocked.
|
|
if r.encKey == nil {
|
|
return nil, ErrStoreLocked
|
|
}
|
|
|
|
// Check the rootKeyID is not empty.
|
|
if len(rootKeyID) == 0 {
|
|
return nil, ErrMissingRootKeyID
|
|
}
|
|
|
|
// Deleting encryptedKeyID or DefaultRootKeyID is not allowed.
|
|
if bytes.Equal(rootKeyID, encryptionKeyID) ||
|
|
bytes.Equal(rootKeyID, DefaultRootKeyID) {
|
|
|
|
return nil, ErrDeletionForbidden
|
|
}
|
|
|
|
var rootKeyIDDeleted []byte
|
|
err := kvdb.Update(r.Backend, func(tx kvdb.RwTx) error {
|
|
bucket := tx.ReadWriteBucket(rootKeyBucketName)
|
|
|
|
// Check the key can be found. If not, return nil.
|
|
if bucket.Get(rootKeyID) == nil {
|
|
return nil
|
|
}
|
|
|
|
// Once the key is found, we do the deletion.
|
|
if err := bucket.Delete(rootKeyID); err != nil {
|
|
return err
|
|
}
|
|
rootKeyIDDeleted = rootKeyID
|
|
|
|
return nil
|
|
}, func() {
|
|
rootKeyIDDeleted = nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return rootKeyIDDeleted, nil
|
|
}
|