Commit Graph

14 Commits

Author SHA1 Message Date
Alex Jbanca 3978048afa
feat: Make DB re-encryption fault proof (#3607)
Improve the error management in order to avoid DB corruption in case the process is killed while encrypting the DB.

Changes:
Use sqlcipher_export instead of rekey to change the DB password. The advantage is that sqlcipher_export will operate on a new DB file and we don't need to modify the current account unless the export is successful.
Keeping the rekey requires to create a DB copy before trying to re-encrypt the DB, but the DB copy is risky in case the DB file changes wile the copy is in progress. It could also lead to DB corruption.
2023-06-14 13:12:23 +03:00
Alex Jbanca 43b2c3b7ce
perf(sqlCipher): Increase cipher page size to 8192 (#3591)
* perf(sqlCipher): Increase cipher page size to 8192

Increasing the cipher page size to 8192 requires DB re-encryption. The process is as follows:
//Login to v3 DB
PRAGMA key = 'key';
PRAGMA cipher_page_size = 1024"; // old Page size
PRAGMA cipher_hmac_algorithm = HMAC_SHA1";
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1";
PRAGMA kdf_iter = kdfIterationsNumber";

//Create V4 DB with increased page size
ATTACH DATABASE 'newdb.db' AS newdb KEY 'key';
PRAGMA newdb.cipher_page_size = 8192; // new Page size
PRAGMA newdb.cipher_hmac_algorithm = HMAC_SHA1"; // same as in v3
PRAGMA newdb.cipher_kdf_algorithm = PBKDF2_HMAC_SHA1"; // same as in v3
PRAGMA newdb.kdf_iter = kdfIterationsNumber"; // same as in v3
SELECT sqlcipher_export('newdb');
DETACH DATABASE newdb;

//Login to V4 DB
...

Worth noting:
The DB migration will happen on the first successful login.
The new DB version will have a different name to be able to distinguish between different DB versions.Versions naming mirrors sqlcipher major version (naming conventions used by sqlcipher), meaning that we're migrating from V3 to V4 DB (even if we're not fully aligned with V4 standards). The DB is not migrated to the v4 standard `SHA512` due to performance reasons. Our custom `SHA1` implementation is fully optimised for perfomance.

* perf(sqlCipher): Fixing failing tests

Update the new DB file format in Delete account, Change password and Decrypt database flows

* perf(SQLCipher): Increase page size - send events to notify when the DB re-encryption starts/ends
2023-06-13 18:20:21 +03:00
Alex Jbanca e8c4b7647f
chore(upgradeSQLCipher): Upgrading SQLCipher to version 5.4.5 (#3559)
* chore(upgradeSQLCipher): Upgrading SQLCipher to version 5.4.5

Changes:
### github.com/mutecomm/go-sqlcipher
1. The improved crypto argorighms from go-sqlcipher v3 are merged in v4
	Tags:
	v4.4.2-status.1 - merge `burn_stack` improvement
	v4.4.2-status.2 - merge `SHA1` improvement
	v4.4.2-status.4- merge 'AES' improvement
2. Fixed `go-sqlcipher` to support v3 database in compatibility mode (`sqlcipher` already supports this) (Tag: v4.4.2-status.3)
3. Upgrade `sqlcipher` to v5.4.5 (Tag: v4.5.4-status.1)

### github.com/status-im/migrate/v4
1. Upgrade `go-sqlcipher` version in `github.com/status-im/migrate/v4`

### status-go
1. Upgrade `go-sqlcipher` and `migrate` modules in status-go
2. Configure the DB connections to open the DB in v3 compatibility mode

* chore(upgradeSQLCipher): Use sqlcipher v3 configuration to encrypt a plain text database

* chore(upgradeSQLCipher): Scanning NULL BLOB value should return nil

Fixing failing tests: TestSyncDeviceSuite/TestPairingSyncDeviceClientAsReceiver;  TestSyncDeviceSuite/TestPairingSyncDeviceClientAsSender

Considering the following configuration:
1. Table with BLOB column has 1 NULL value
2. Query the value
3. Rows.Scan(&dest sql.NullString)

Expected: dest.Valid == false; dest.String == nil
Actual: dest.Valid == true; dest.String == ""

* chore: Bump go-sqlcipher version to include NULL BLOB fix
2023-06-07 08:58:01 +03:00
Alex Jbanca 790efc16aa fix(databaseLocks): Fixing database lock errors on transactions
The default transaction lock is `deferred`. This means that the transaction will automatically become read or write transaction based on the first DB operation. In case the first operation is `SELECT` the transaction becomes read transaction, otherwise write transaction. When a read transaction tries to write the DB sqlite will promote the transaction to a write transaction if there is no other transaction that holds a lock. When the promotion fails `database is locked` error is returned. The error is returned immediately and does not use the busy handler.
In our case almost all read transaction would fail with `database is locked` error.

This fix is changing the default transaction lock to `IMMEDIATE`. It translates to `BEGIN IMMEDIATE` instead of `BEGIN`. In this mode, the transaction will be created as a write transaction no matter what DB operation will run as part of the transaction. The write transaction will try to obtain the DB lock immediately when `BEGIN IMMEDIATE` is called and the busy handler is used when the DB is locked by other transaction.

Fixing: https://github.com/status-im/status-desktop/issues/10838
2023-05-31 08:46:26 +02:00
Patryk Osmaczko 5777bb429a feat: enable multiple db connections with sqlcipher
part of: status-im/status-desktop#10558
2023-05-23 14:43:42 +02:00
Andrea Maria Piana 6acb34bab7 Allow setting up wallet with new config
This commit does a few things:

1) Extend create/import account endpoint to get wallet config, some of
   which has been moved to the backend
2) Set up a loop for retrieving balances every 10 minutes, caching the
   balances
3) Return information about which checks are not passing when trying to
   join a token gated community
4) Add tests to the token gated communities
5) Fixes an issue with addresses not matching when checking for
   permissions

The move to the wallet as a background task is not yet complete, I need
to publish a signal, and most likely I will disable it before merging
for now, as it's currently not used by desktop/mobile, but the PR was
  getting to big
2023-05-19 13:23:21 +01:00
IvanBelyakoff 48078393f9
feat: Update saved addresses DB to store ENS, isTest flag and chains (#3183)
prefixes. Changed primary keys and API methods.
Fixed tests and added new ones.
Fixed saved addresses and transaction tests to use ':memory:' sqlite
DB instead of a tmp file to speed up testing by hundred of times.

Fixes #8599
2023-03-06 16:26:46 +03:00
Richard Ramos bf9abfc350
feat: make kdf iterations configurable when creating a multiaccount (#2796) 2022-09-27 16:27:20 -04:00
Shivek Khurana 81171ad9e6
Expose password reset function (#2223)
Handled edge-cases
2021-06-23 14:51:21 +05:30
Andrea Maria Piana c55659b4f6
Add community notifications (#2160)
This commit introduces the following changes:

- `local-notifications` require as body an interface complying with
`json.Marshaler`
- removed unmarshaling of `Notifications` as not used (we only Marshal
notifications)
- `protocol/messenger.go` creates directly a `Notification` instead of
having an intermediate format
- add community notifications on request to join
- move parsing of text in status-go for notifications
2021-03-31 18:23:45 +02:00
Andrea Maria Piana b1a1a223c2
Add export/import methods 2021-01-26 09:39:54 +01:00
Dmitry Shulyak be9c55bc16
Accounts data management (#1530)
* WIP accounts implementation

* Accounts datasore and changes to status mobile API

* Add library changes and method to update config

* Handle error after account selection

* Add two methods to start account to backend

* Use encrypted database for settings and add a service for them

* Resolve linter warning

* Bring back StartNode StopNode for tests

* Add sub accounts and get/save api

* Changes to accounts structure

* Login use root address and fetch necessary info from database

* Cover accounts store with tests

* Refactor in progress

* Initialize status keystore instance before starting ethereum node

* Rework library tests

* Resolve failures in private api test and send transaction test

* Pass pointer to initialized config to unmarshal

* Use multiaccounts/accounts naming consistently

Multiaccount is used as a login identifier
Account references an address and a key, if account is not watch-only.

* Add login timestamp stored in the database to accounts.Account object

* Add photo-path field for multiaccount struct

* Add multiaccoutns rpc with updateAccount method

Update to any other account that wasn't used for login will return an error

* Fix linter in services/accounts

* Select account before starting a node

* Save list of accounts on first login

* Pass account manager to accounts service to avoid selecting account before starting a node

* Add logs to login with save and regualr login
2019-08-20 18:38:40 +03:00
Dmitry 1a37e6b25a Use same kdf_iter as for protocol db 2019-08-08 09:11:27 +03:00
Dmitry Shulyak 047c9b5263
Download transfers starting from latest block header (#1467) 2019-06-14 13:16:30 +03:00