Merge pull request #3409 from scsaba/seed-phrase-verification

Add seed phrase verification script into background process

4 files changed, 232 insertions, 9 deletions

diff --git a/app/scripts/lib/seed-phrase-verifier.js b/app/scripts/lib/seed-phrase-verifier.js
new file mode 100644
index 000000000..9cea22029
--- /dev/null
+++ b/app/scripts/lib/seed-phrase-verifier.js
@@ -0,0 +1,48 @@
+const KeyringController = require('eth-keyring-controller')
+
+const seedPhraseVerifier = {
+
+  // Verifies if the seed words can restore the accounts.
+  //
+  // The seed words can recreate the primary keyring and the accounts belonging to it.
+  // The created accounts in the primary keyring are always the same.
+  // The keyring always creates the accounts in the same sequence.
+  verifyAccounts (createdAccounts, seedWords) {
+
+    return new Promise((resolve, reject) => {
+
+      if (!createdAccounts || createdAccounts.length < 1) {
+        return reject(new Error('No created accounts defined.'))
+      }
+
+      const keyringController = new KeyringController({})
+      const Keyring = keyringController.getKeyringClassForType('HD Key Tree')
+      const opts = {
+        mnemonic: seedWords,
+        numberOfAccounts: createdAccounts.length,
+      }
+
+      const keyring = new Keyring(opts)
+      keyring.getAccounts()
+        .then((restoredAccounts) => {
+
+          log.debug('Created accounts: ' + JSON.stringify(createdAccounts))
+          log.debug('Restored accounts: ' + JSON.stringify(restoredAccounts))
+
+          if (restoredAccounts.length !== createdAccounts.length) {
+            // this should not happen...
+            return reject(new Error('Wrong number of accounts'))
+          }
+
+          for (let i = 0; i < restoredAccounts.length; i++) {
+            if (restoredAccounts[i].toLowerCase() !== createdAccounts[i].toLowerCase()) {
+              return reject(new Error('Not identical accounts! Original: ' + createdAccounts[i] + ', Restored: ' + restoredAccounts[i]))
+            }
+          }
+          return resolve()
+        })
+    })
+  },
+}
+
+module.exports = seedPhraseVerifier
diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js
index ad4e71792..0a5c1d36f 100644
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@@ -37,6 +37,7 @@ const version = require('../manifest.json').version
 const BN = require('ethereumjs-util').BN
 const GWEI_BN = new BN('1000000000')
 const percentile = require('percentile')
+const seedPhraseVerifier = require('./lib/seed-phrase-verifier')
 
 module.exports = class MetamaskController extends EventEmitter {
 
@@ -344,6 +345,7 @@ module.exports = class MetamaskController extends EventEmitter {
       // primary HD keyring management
       addNewAccount: nodeify(this.addNewAccount, this),
       placeSeedWords: this.placeSeedWords.bind(this),
+      verifySeedPhrase: nodeify(this.verifySeedPhrase, this),
       clearSeedWordCache: this.clearSeedWordCache.bind(this),
       resetAccount: this.resetAccount.bind(this),
       importAccountWithStrategy: this.importAccountWithStrategy.bind(this),
@@ -565,14 +567,18 @@ module.exports = class MetamaskController extends EventEmitter {
   // Opinionated Keyring Management
   //
 
-  async addNewAccount (cb) {
+  async addNewAccount () {
     const primaryKeyring = this.keyringController.getKeyringsByType('HD Key Tree')[0]
-    if (!primaryKeyring) return cb(new Error('MetamaskController - No HD Key Tree found'))
+    if (!primaryKeyring) {
+      throw new Error('MetamaskController - No HD Key Tree found')
+    }
     const keyringController = this.keyringController
     const oldAccounts = await keyringController.getAccounts()
     const keyState = await keyringController.addNewAccount(primaryKeyring)
     const newAccounts = await keyringController.getAccounts()
 
+    await this.verifySeedPhrase()
+
     newAccounts.forEach((address) => {
       if (!oldAccounts.includes(address)) {
         this.preferencesController.setSelectedAddress(address)
@@ -587,14 +593,43 @@ module.exports = class MetamaskController extends EventEmitter {
   // Used when creating a first vault, to allow confirmation.
   // Also used when revealing the seed words in the confirmation view.
   placeSeedWords (cb) {
+
+    this.verifySeedPhrase()
+      .then((seedWords) => {
+        this.configManager.setSeedWords(seedWords)
+        return cb(null, seedWords)
+      })
+      .catch((err) => {
+        return cb(err)
+      })
+  }
+
+  // Verifies the current vault's seed words if they can restore the
+  // accounts belonging to the current vault.
+  //
+  // Called when the first account is created and on unlocking the vault.
+  async verifySeedPhrase () {
+
     const primaryKeyring = this.keyringController.getKeyringsByType('HD Key Tree')[0]
-    if (!primaryKeyring) return cb(new Error('MetamaskController - No HD Key Tree found'))
-    primaryKeyring.serialize()
-    .then((serialized) => {
-      const seedWords = serialized.mnemonic
-      this.configManager.setSeedWords(seedWords)
-      cb(null, seedWords)
-    })
+    if (!primaryKeyring) {
+      throw new Error('MetamaskController - No HD Key Tree found')
+    }
+
+    const serialized = await primaryKeyring.serialize()
+    const seedWords = serialized.mnemonic
+
+    const accounts = await primaryKeyring.getAccounts()
+    if (accounts.length < 1) {
+      throw new Error('MetamaskController - No accounts found')
+    }
+
+    try {
+      await seedPhraseVerifier.verifyAccounts(accounts, seedWords)
+      return seedWords
+    } catch (err) {
+      log.error(err.message)
+      throw err
+    }
   }
 
   // ClearSeedWordCache
diff --git a/test/unit/seed-phrase-verifier-test.js b/test/unit/seed-phrase-verifier-test.js
new file mode 100644
index 000000000..4e314806b
--- /dev/null
+++ b/test/unit/seed-phrase-verifier-test.js
@@ -0,0 +1,133 @@
+const assert = require('assert')
+const clone = require('clone')
+const KeyringController = require('eth-keyring-controller')
+const firstTimeState = require('../../app/scripts/first-time-state')
+const seedPhraseVerifier = require('../../app/scripts/lib/seed-phrase-verifier')
+const mockEncryptor = require('../lib/mock-encryptor')
+
+describe('SeedPhraseVerifier', function () {
+
+  describe('verifyAccounts', function () {
+
+    let password = 'passw0rd1'
+    let hdKeyTree = 'HD Key Tree'
+
+    let keyringController
+    let vault
+    let primaryKeyring
+
+    beforeEach(async function () {
+      keyringController = new KeyringController({
+        initState: clone(firstTimeState),
+        encryptor: mockEncryptor,
+      })
+
+      assert(keyringController)
+
+      vault = await keyringController.createNewVaultAndKeychain(password)
+      primaryKeyring = keyringController.getKeyringsByType(hdKeyTree)[0]
+    })
+
+    it('should be able to verify created account with seed words', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = serialized.mnemonic
+      assert.notEqual(seedWords.length, 0)
+    
+      let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords)
+    })
+
+    it('should be able to verify created account (upper case) with seed words', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+
+      let upperCaseAccounts = [createdAccounts[0].toUpperCase()]
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = serialized.mnemonic
+      assert.notEqual(seedWords.length, 0)
+    
+      let result = await seedPhraseVerifier.verifyAccounts(upperCaseAccounts, seedWords)
+    })
+
+    it('should be able to verify created account (lower case) with seed words', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+      let lowerCaseAccounts = [createdAccounts[0].toLowerCase()]
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = serialized.mnemonic
+      assert.notEqual(seedWords.length, 0)
+    
+      let result = await seedPhraseVerifier.verifyAccounts(lowerCaseAccounts, seedWords)
+    })
+
+    it('should return error with good but different seed words', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium'
+      
+      try { 
+        let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords)
+        assert.fail("Should reject")
+      } catch (err) {
+        assert.ok(err.message.indexOf('Not identical accounts!') >= 0, 'Wrong error message')
+      }
+    })
+
+    it('should return error with undefined existing accounts', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium'
+
+      try { 
+        let result = await seedPhraseVerifier.verifyAccounts(undefined, seedWords)
+        assert.fail("Should reject")
+      } catch (err) {
+        assert.equal(err.message, 'No created accounts defined.')
+      }
+    })
+
+    it('should return error with empty accounts array', async function () {
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 1)
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = 'debris dizzy just program just float decrease vacant alarm reduce speak stadium'
+
+      try { 
+        let result = await seedPhraseVerifier.verifyAccounts([], seedWords)
+        assert.fail("Should reject")
+      } catch (err) {
+        assert.equal(err.message, 'No created accounts defined.')
+      }
+    })
+
+    it('should be able to verify more than one created account with seed words', async function () {
+
+      const keyState = await keyringController.addNewAccount(primaryKeyring)
+      const keyState2 = await keyringController.addNewAccount(primaryKeyring)
+
+      let createdAccounts = await primaryKeyring.getAccounts()
+      assert.equal(createdAccounts.length, 3)
+
+      let serialized = await primaryKeyring.serialize()
+      let seedWords = serialized.mnemonic
+      assert.notEqual(seedWords.length, 0)
+    
+      let result = await seedPhraseVerifier.verifyAccounts(createdAccounts, seedWords)
+    })
+  })
+})
diff --git a/ui/app/actions.js b/ui/app/actions.js
index 8b1480a79..3e26f333b 100644
--- a/ui/app/actions.js
+++ b/ui/app/actions.js
@@ -296,6 +296,13 @@ function tryUnlockMetamask (password) {
         dispatch(actions.unlockSucceeded())
         dispatch(actions.transitionForward())
         forceUpdateMetamaskState(dispatch)
+
+        background.verifySeedPhrase((err) => {
+          if (err) {
+            dispatch(actions.displayWarning(err.message))
+          }
+        })
+
       }
     })
   }