|
|
@ -3,9 +3,11 @@ from fixtures import * # noqa: F401,F403 |
|
|
|
from fixtures import TEST_NETWORK |
|
|
|
from flaky import flaky # noqa: F401 |
|
|
|
from lightning import RpcError, Millisatoshi |
|
|
|
from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT |
|
|
|
from utils import only_one, wait_for, sync_blockheight, EXPERIMENTAL_FEATURES, COMPAT, VALGRIND, SLOW_MACHINE |
|
|
|
|
|
|
|
import os |
|
|
|
import pytest |
|
|
|
import subprocess |
|
|
|
import time |
|
|
|
import unittest |
|
|
|
|
|
|
@ -562,3 +564,45 @@ def test_transaction_annotations(node_factory, bitcoind): |
|
|
|
assert(len(peers) == 1 and len(peers[0]['channels']) == 1) |
|
|
|
scid = peers[0]['channels'][0]['short_channel_id'] |
|
|
|
assert(txs[1]['outputs'][fundidx]['channel'] == scid) |
|
|
|
|
|
|
|
|
|
|
|
@unittest.skipIf(VALGRIND, "It does not play well with prompt and key derivation.") |
|
|
|
def test_hsm_secret_encryption(node_factory, executor): |
|
|
|
l1 = node_factory.get_node() |
|
|
|
password = "reckful\n" |
|
|
|
# We need to simulate a terminal to use termios in `lightningd`. |
|
|
|
master_fd, slave_fd = os.openpty() |
|
|
|
|
|
|
|
# Test we can encrypt an already-existing and not encrypted hsm_secret |
|
|
|
l1.rpc.stop() |
|
|
|
l1.daemon.opts.update({"encrypted-hsm": None}) |
|
|
|
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False) |
|
|
|
time.sleep(3 if SLOW_MACHINE else 1) |
|
|
|
os.write(master_fd, password.encode("utf-8")) |
|
|
|
l1.daemon.wait_for_log("Server started with public key") |
|
|
|
id = l1.rpc.getinfo()["id"] |
|
|
|
|
|
|
|
# Test we cannot start the same wallet without specifying --encrypted-hsm |
|
|
|
l1.stop() |
|
|
|
l1.daemon.opts.pop("encrypted-hsm") |
|
|
|
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT, |
|
|
|
wait_for_initialized=False) |
|
|
|
time.sleep(3 if SLOW_MACHINE else 1) |
|
|
|
os.write(master_fd, password[2:].encode("utf-8")) |
|
|
|
err = "hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option." |
|
|
|
assert l1.daemon.is_in_log(err) |
|
|
|
|
|
|
|
# Test we cannot restore the same wallet with another password |
|
|
|
l1.daemon.opts.update({"encrypted-hsm": None}) |
|
|
|
l1.daemon.start(stdin=slave_fd, stderr=subprocess.STDOUT, |
|
|
|
wait_for_initialized=False) |
|
|
|
time.sleep(3 if SLOW_MACHINE else 1) |
|
|
|
os.write(master_fd, password[2:].encode("utf-8")) |
|
|
|
l1.daemon.wait_for_log("Wrong password for encrypted hsm_secret.") |
|
|
|
|
|
|
|
# Test we can restore the same wallet with the same password |
|
|
|
l1.daemon.start(stdin=slave_fd, wait_for_initialized=False) |
|
|
|
time.sleep(3 if SLOW_MACHINE else 1) |
|
|
|
os.write(master_fd, password.encode("utf-8")) |
|
|
|
l1.daemon.wait_for_log("Server started with public key") |
|
|
|
assert id == l1.rpc.getinfo()["id"] |
|
|
|