Tests

applications/tari_console_wallet/src/init/mod.rs

@@ -175,11 +175,12 @@ pub async fn change_password(
     display_password_feedback(&new);
 
     // Use the existing and new passphrases to attempt to change the wallet passphrase
-    wallet.db.change_passphrase(&existing, &new)
-        .map_err(|e| match e {
-            WalletStorageError::InvalidPassphrase => ExitError::new(ExitCode::IncorrectOrEmptyPassword, "Your password was not changed."),
-            _ => ExitError::new(ExitCode::DatabaseError, "Your password was not changed."),
-        })
+    wallet.db.change_passphrase(&existing, &new).map_err(|e| match e {
+        WalletStorageError::InvalidPassphrase => {
+            ExitError::new(ExitCode::IncorrectOrEmptyPassword, "Your password was not changed.")
+        },
+        _ => ExitError::new(ExitCode::DatabaseError, "Your password was not changed."),
+    })
 }
 
 /// Populates the PeerConfig struct from:

base_layer/wallet/src/storage/sqlite_db/wallet.rs

@@ -756,76 +756,60 @@ impl Encryptable<XChaCha20Poly1305> for ClientKeyValueSql {
 mod test {
     use tari_key_manager::cipher_seed::CipherSeed;
     use tari_test_utils::random::string;
-    use tari_utilities::{
-        hex::{from_hex, Hex},
-        ByteArray,
-        Hidden,
-        SafePassword,
-    };
+    use tari_utilities::{hex::from_hex, ByteArray, SafePassword};
     use tempfile::tempdir;
 
     use crate::{
-        error::WalletStorageError,
         storage::{
             database::{DbKey, DbValue, WalletBackend},
             sqlite_db::wallet::{ClientKeyValueSql, WalletSettingSql, WalletSqliteDatabase},
             sqlite_utilities::run_migration_and_create_sqlite_connection,
         },
-        util::encryption::{decrypt_bytes_integral_nonce, encrypt_bytes_integral_nonce, Encryptable},
+        util::encryption::{decrypt_bytes_integral_nonce, Encryptable},
     };
 
     #[test]
-    fn test_unencrypted_secret_public_key_setting() {
-        let db_name = format!("{}.sqlite3", string(8).as_str());
-        let tempdir = tempdir().unwrap();
-        let db_folder = tempdir.path().to_str().unwrap().to_string();
-        let connection = run_migration_and_create_sqlite_connection(format!("{}{}", db_folder, db_name), 16).unwrap();
-        let secret_seed1 = CipherSeed::new();
-
-        {
-            let conn = connection.get_pooled_connection().unwrap();
-            WalletSettingSql::new(DbKey::MasterSeed, secret_seed1.encipher(None).unwrap().to_hex())
-                .set(&conn)
-                .unwrap();
-        }
-
-        let passphrase = SafePassword::from("an example very very secret key.".to_string());
-        match WalletSqliteDatabase::new(connection, passphrase) {
-            Err(WalletStorageError::MissingNonce) => (),
-            Ok(_) => panic!("we should not be able to have a non encrypted master seed in the db"),
-            _ => panic!("unrecognized error"),
-        };
-    }
-
-    #[test]
-    pub fn test_encrypted_seed_validation_during_startup() {
+    fn test_passphrase() {
+        // Set up a database
         let db_name = format!("{}.sqlite3", string(8).as_str());
         let db_tempdir = tempdir().unwrap();
         let db_folder = db_tempdir.path().to_str().unwrap().to_string();
-        let connection = run_migration_and_create_sqlite_connection(format!("{}{}", db_folder, db_name), 16).unwrap();
+        let db_path = format!("{}/{}", db_folder, db_name);
+        let connection = run_migration_and_create_sqlite_connection(db_path, 16).unwrap();
 
-        let passphrase = SafePassword::from("an example very very secret key.".to_string());
+        // Encrypt with a passphrase
+        let db = WalletSqliteDatabase::new(connection.clone(), "passphrase".to_string().into()).unwrap();
 
-        let wallet = WalletSqliteDatabase::new(connection.clone(), passphrase.clone()).unwrap();
+        // Load again with the correct passphrase
+        assert!(WalletSqliteDatabase::new(connection.clone(), "passphrase".to_string().into()).is_ok());
 
-        let seed = CipherSeed::new();
-        {
-            let conn = connection.get_pooled_connection().unwrap();
-            let encrypted_seed_bytes = seed.encipher(None).unwrap();
+        // Try to load with the wrong passphrase
+        assert!(WalletSqliteDatabase::new(connection.clone(), "evil passphrase".to_string().into()).is_err());
 
-            let encrypted_seed = encrypt_bytes_integral_nonce(
-                &wallet.cipher(),
-                b"wallet_setting_master_seed".to_vec(),
-                Hidden::hide(encrypted_seed_bytes),
+        // Try to change the passphrase, but fail
+        assert!(db
+            .change_passphrase(
+                &"evil passphrase".to_string().into(),
+                &"new passphrase".to_string().into()
             )
-            .unwrap();
+            .is_err());
 
-            WalletSettingSql::new(DbKey::MasterSeed, encrypted_seed.to_hex())
-                .set(&conn)
-                .unwrap();
-        }
+        // The existing passphrase still works
+        assert!(WalletSqliteDatabase::new(connection.clone(), "passphrase".to_string().into()).is_ok());
+
+        // The new passphrase doesn't
+        assert!(WalletSqliteDatabase::new(connection.clone(), "new passphrase".to_string().into()).is_err());
+
+        // Successfully change the passphrase
+        assert!(db
+            .change_passphrase(&"passphrase".to_string().into(), &"new passphrase".to_string().into())
+            .is_ok());
+
+        // The existing passphrase no longer works
+        assert!(WalletSqliteDatabase::new(connection.clone(), "passphrase".to_string().into()).is_err());
 
-        assert!(WalletSqliteDatabase::new(connection, passphrase).is_ok());
+        // The new passphrase does
+        assert!(WalletSqliteDatabase::new(connection, "new passphrase".to_string().into()).is_ok());
     }
 
     #[test]