diff --git a/app/scripts/lib/seed-phrase-verifier.js b/app/scripts/lib/seed-phrase-verifier.js new file mode 100644 index 000000000..9cea22029 --- /dev/null +++ b/app/scripts/lib/seed-phrase-verifier.js @@ -0,0 +1,48 @@ +const KeyringController = require('eth-keyring-controller') + +const seedPhraseVerifier = { + + // Verifies if the seed words can restore the accounts. + // + // The seed words can recreate the primary keyring and the accounts belonging to it. + // The created accounts in the primary keyring are always the same. + // The keyring always creates the accounts in the same sequence. + verifyAccounts (createdAccounts, seedWords) { + + return new Promise((resolve, reject) => { + + if (!createdAccounts || createdAccounts.length < 1) { + return reject(new Error('No created accounts defined.')) + } + + const keyringController = new KeyringController({}) + const Keyring = keyringController.getKeyringClassForType('HD Key Tree') + const opts = { + mnemonic: seedWords, + numberOfAccounts: createdAccounts.length, + } + + const keyring = new Keyring(opts) + keyring.getAccounts() + .then((restoredAccounts) => { + + log.debug('Created accounts: ' + JSON.stringify(createdAccounts)) + log.debug('Restored accounts: ' + JSON.stringify(restoredAccounts)) + + if (restoredAccounts.length !== createdAccounts.length) { + // this should not happen... + return reject(new Error('Wrong number of accounts')) + } + + for (let i = 0; i < restoredAccounts.length; i++) { + if (restoredAccounts[i].toLowerCase() !== createdAccounts[i].toLowerCase()) { + return reject(new Error('Not identical accounts! Original: ' + createdAccounts[i] + ', Restored: ' + restoredAccounts[i])) + } + } + return resolve() + }) + }) + }, +} + +module.exports = seedPhraseVerifier diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index ad4e71792..0a5c1d36f 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -37,6 +37,7 @@ const version = require('../manifest.json').version const BN = require('ethereumjs-util').BN const GWEI_BN = new BN('1000000000') const percentile = require('percentile') +const seedPhraseVerifier = require('./lib/seed-phrase-verifier') module.exports = class MetamaskController extends EventEmitter { @@ -344,6 +345,7 @@ module.exports = class MetamaskController extends EventEmitter { // primary HD keyring management addNewAccount: nodeify(this.addNewAccount, this), placeSeedWords: this.placeSeedWords.bind(this), + verifySeedPhrase: nodeify(this.verifySeedPhrase, this), clearSeedWordCache: this.clearSeedWordCache.bind(this), resetAccount: this.resetAccount.bind(this), importAccountWithStrategy: this.importAccountWithStrategy.bind(this), @@ -565,14 +567,18 @@ module.exports = class MetamaskController extends EventEmitter { // Opinionated Keyring Management // - async addNewAccount (cb) { + async addNewAccount () { const primaryKeyring = this.keyringController.getKeyringsByType('HD Key Tree')[0] - if (!primaryKeyring) return cb(new Error('MetamaskController - No HD Key Tree found')) + if (!primaryKeyring) { + throw new Error('MetamaskController - No HD Key Tree found') + } const keyringController = this.keyringController const oldAccounts = await keyringController.getAccounts() const keyState = await keyringController.addNewAccount(primaryKeyring) const newAccounts = await keyringController.getAccounts() + await this.verifySeedPhrase() + newAccounts.forEach((address) => { if (!oldAccounts.includes(address)) { this.preferencesController.setSelectedAddress(address) @@ -587,14 +593,43 @@ module.exports = class MetamaskController extends EventEmitter { // Used when creating a first vault, to allow confirmation. // Also used when revealing the seed words in the confirmation view. placeSeedWords (cb) { + + this.verifySeedPhrase() + .then((seedWords) => { + this.configManager.setSeedWords(seedWords) + return cb(null, seedWords) + }) + .catch((err) => { + return cb(err) + }) + } + + // Verifies the current vault's seed words if they can restore the + // accounts belonging to the current vault. + // + // Called when the first account is created and on unlocking the vault. + async verifySeedPhrase () { + const primaryKeyring = this.keyringController.getKeyringsByType('HD Key Tree')[0] - if (!primaryKeyring) return cb(new Error('MetamaskController - No HD Key Tree found')) - primaryKeyring.serialize() - .then((serialized) => { - const seedWords = serialized.mnemonic - this.configManager.setSeedWords(seedWords) - cb(null, seedWords) - }) + if (!primaryKeyring) { + throw new Error('MetamaskController - No HD Key Tree found') + } + + const serialized = await primaryKeyring.serialize() + const seedWords = serialized.mnemonic + + const accounts = await primaryKeyring.getAccounts() + if (accounts.length < 1) { + throw new Error('MetamaskController - No accounts found') + } + + try { + await seedPhraseVerifier.verifyAccounts(accounts, seedWords) + return seedWords + } catch (err) { + log.error(err.message) + throw err + } } // ClearSeedWordCache diff --git a/test/unit/seed-phrase-verifier-test.js b/test/unit/seed-phrase-verifier-test.js new file mode 100644 index 000000000..4e314806b --- /dev/null +++ b/test/unit/seed-phrase-verifier-test.js @@ -0,0 +1,133 @@ +const assert = require('assert') +const clone = require('clone') +const KeyringController = require('eth-keyring-controller') +const firstTimeState = require('../../app/scripts/first-time-state') +const seedPhraseVerifier = require('../../app/scripts/lib/seed-phrase-verifier') +const mockEncryptor = require('../lib/mock-encryptor') + +describe('SeedPhraseVerifier', function () { + + describe('verifyAccounts', function () { + + let password = 'passw0rd1' + let hdKeyTree = 'HD Key Tree' + + let keyringController + let vault + let primaryKeyring + + beforeEach(async function () { + keyringController = new KeyringController({ + initState: clone(firstTimeState), + encryptor: mockEncryptor, + }) + + assert(keyringController) + + vault = await keyringController.createNewVaultAndKeychain(password) + primaryKeyring = keyringController.getKeyringsByType(hdKeyTree)[0] + }) + + it('should be able to verify created account with seed words', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + + let serialized = await primaryKeyring.serialize() + let seedWords = serialized.mnemonic + assert.notEqual(seedWords.length, 0) + + let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords) + }) + + it('should be able to verify created account (upper case) with seed words', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + + let upperCaseAccounts = [createdAccounts[0].toUpperCase()] + + let serialized = await primaryKeyring.serialize() + let seedWords = serialized.mnemonic + assert.notEqual(seedWords.length, 0) + + let result = await seedPhraseVerifier.verifyAccounts(upperCaseAccounts, seedWords) + }) + + it('should be able to verify created account (lower case) with seed words', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + let lowerCaseAccounts = [createdAccounts[0].toLowerCase()] + + let serialized = await primaryKeyring.serialize() + let seedWords = serialized.mnemonic + assert.notEqual(seedWords.length, 0) + + let result = await seedPhraseVerifier.verifyAccounts(lowerCaseAccounts, seedWords) + }) + + it('should return error with good but different seed words', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + + let serialized = await primaryKeyring.serialize() + let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium' + + try { + let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords) + assert.fail("Should reject") + } catch (err) { + assert.ok(err.message.indexOf('Not identical accounts!') >= 0, 'Wrong error message') + } + }) + + it('should return error with undefined existing accounts', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + + let serialized = await primaryKeyring.serialize() + let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium' + + try { + let result = await seedPhraseVerifier.verifyAccounts(undefined, seedWords) + assert.fail("Should reject") + } catch (err) { + assert.equal(err.message, 'No created accounts defined.') + } + }) + + it('should return error with empty accounts array', async function () { + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 1) + + let serialized = await primaryKeyring.serialize() + let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium' + + try { + let result = await seedPhraseVerifier.verifyAccounts([], seedWords) + assert.fail("Should reject") + } catch (err) { + assert.equal(err.message, 'No created accounts defined.') + } + }) + + it('should be able to verify more than one created account with seed words', async function () { + + const keyState = await keyringController.addNewAccount(primaryKeyring) + const keyState2 = await keyringController.addNewAccount(primaryKeyring) + + let createdAccounts = await primaryKeyring.getAccounts() + assert.equal(createdAccounts.length, 3) + + let serialized = await primaryKeyring.serialize() + let seedWords = serialized.mnemonic + assert.notEqual(seedWords.length, 0) + + let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords) + }) + }) +}) diff --git a/ui/app/actions.js b/ui/app/actions.js index 8b1480a79..3e26f333b 100644 --- a/ui/app/actions.js +++ b/ui/app/actions.js @@ -296,6 +296,13 @@ function tryUnlockMetamask (password) { dispatch(actions.unlockSucceeded()) dispatch(actions.transitionForward()) forceUpdateMetamaskState(dispatch) + + background.verifySeedPhrase((err) => { + if (err) { + dispatch(actions.displayWarning(err.message)) + } + }) + } }) }