From 490a87f89b38914f2c43cdd1091bafe8e129c377 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jul 2024 15:14:41 +0100 Subject: [PATCH 1/6] Bump email_address from 0.2.4 to 0.2.5 (#1128) Bumps [email_address](https://github.com/johnstonskj/rust-email_address) from 0.2.4 to 0.2.5. - [Commits](https://github.com/johnstonskj/rust-email_address/compare/v0.2.4...v0.2.5) --- updated-dependencies: - dependency-name: email_address dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6b9718cd..3f29f2de 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1173,9 +1173,9 @@ dependencies = [ [[package]] name = "email_address" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2153bd83ebc09db15bcbdc3e2194d901804952e3dc96967e1cd3b0c5c32d112" +checksum = "c1019fa28f600f5b581b7a603d515c3f1635da041ca211b5055804788673abfe" dependencies = [ "serde", ] diff --git a/Cargo.toml b/Cargo.toml index 483e12e4..774268d7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,7 @@ bip39 = "2.0.0" bitcoin = "0.30.1" chrono = { version = "0.4.38", default-features = false, features = ["serde"] } cipher = "0.4.4" -email_address = "0.2.4" +email_address = "0.2.5" file-rotate = "0.7.6" hex = "0.4.3" iban_validate = "4.0.1" From dd3a8da932d1e940a3cc54f4cc167fb9f7076545 Mon Sep 17 00:00:00 2001 From: Andrei <92177534+andrei-21@users.noreply.github.com> Date: Thu, 4 Jul 2024 15:28:14 +0100 Subject: [PATCH 2/6] Check supported countries on phone number registration (#1129) --- src/lib.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index be214993..cef70060 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -2563,8 +2563,9 @@ impl LightningNode { /// /// Requires network: **yes** pub fn request_phone_number_verification(&self, phone_number: String) -> Result<()> { - let phone_number = - PhoneNumber::parse(&phone_number).map_to_invalid_input("Invalid phone number")?; + let phone_number = self + .parse_phone_number(phone_number) + .map_to_invalid_input("Invalid phone number")?; self.rt .handle() @@ -2587,8 +2588,9 @@ impl LightningNode { /// /// Requires network: **yes** pub fn verify_phone_number(&self, phone_number: String, otp: String) -> Result<()> { - let phone_number = - PhoneNumber::parse(&phone_number).map_to_invalid_input("Invalid phone number")?; + let phone_number = self + .parse_phone_number(phone_number) + .map_to_invalid_input("Invalid phone number")?; self.rt .handle() From 2bc147367fcdc9e418dd2fb8b9247a8f863abad4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 09:19:36 +0000 Subject: [PATCH 3/6] Bump serde from 1.0.203 to 1.0.204 Bumps [serde](https://github.com/serde-rs/serde) from 1.0.203 to 1.0.204. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.203...v1.0.204) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3f29f2de..565d1074 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3523,9 +3523,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] @@ -3544,9 +3544,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", From 9ba7a101b5cb69916464e07b0c71a44783d4927b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 09:19:56 +0000 Subject: [PATCH 4/6] Bump qrcode from 0.14.0 to 0.14.1 Bumps [qrcode](https://github.com/kennytm/qrcode-rust) from 0.14.0 to 0.14.1. - [Release notes](https://github.com/kennytm/qrcode-rust/releases) - [Commits](https://github.com/kennytm/qrcode-rust/commits/v0.14.1) --- updated-dependencies: - dependency-name: qrcode dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3f29f2de..ef2e7154 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2946,9 +2946,9 @@ dependencies = [ [[package]] name = "qrcode" -version = "0.14.0" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e719ca51966ff9f5a8436edb00d6115b3c606a0bb27c8f8ca74a38ff2b036d" +checksum = "d68782463e408eb1e668cf6152704bd856c78c5b6417adaee3203d8f4c1fc9ec" [[package]] name = "querystring" diff --git a/Cargo.toml b/Cargo.toml index 774268d7..fe3f4b63 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,7 +77,7 @@ rusqlite = { version = "0.29.0", features = [ anyhow = "1" colored = "2.1.0" ctor = "0.2.8" -qrcode = { version = "0.14.0", default-features = false } +qrcode = { version = "0.14.1", default-features = false } rustyline = { version = "14.0.0", features = ["derive"] } serial_test = { version = "3.1.1", features = ["file_locks"] } strip-ansi-escapes = "0.2.0" From f88b47fda76720c47ffc1167c0a965913a57f161 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 10:31:29 +0100 Subject: [PATCH 5/6] Bump uuid from 1.9.1 to 1.10.0 (#1132) Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/1.9.1...1.10.0) --- updated-dependencies: - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index acb64437..ea4bb360 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4526,9 +4526,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.9.1" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5de17fd2f7da591098415cff336e12965a28061ddace43b59cb3c430179c9439" +checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" dependencies = [ "serde", "sha1_smol", diff --git a/Cargo.toml b/Cargo.toml index fe3f4b63..e76b3727 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -51,7 +51,7 @@ simplelog = { version = "0.12.2" } thiserror = "1.0.61" tokio = { version = "1.38.0", features = ["rt-multi-thread", "time", "sync"] } uniffi = "0.28.0" -uuid = { version = "1.9.1", features = ["v5"] } +uuid = { version = "1.10.0", features = ["v5"] } # Bundle sqlite for all targets except iOS. [target.'cfg(not(target_os = "ios"))'.dependencies] From 1993a78b822f25eb1325423bc176bb6a3588efa5 Mon Sep 17 00:00:00 2001 From: Andrei <92177534+andrei-21@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:55:50 +0100 Subject: [PATCH 6/6] Encrypt phone number (#1133) --- Cargo.lock | 14 +++++++------- Cargo.toml | 14 +++++++------- src/lib.rs | 33 +++++++++++++++++++++++++-------- 3 files changed, 39 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ea4bb360..d573c66f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -743,7 +743,7 @@ dependencies = [ [[package]] name = "chameleon" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "graphql", "honeybadger", @@ -948,7 +948,7 @@ dependencies = [ [[package]] name = "crow" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "graphql", "honeybadger", @@ -1609,7 +1609,7 @@ dependencies = [ [[package]] name = "graphql" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "chrono", "graphql_client", @@ -1801,7 +1801,7 @@ dependencies = [ [[package]] name = "honeybadger" version = "1.0.1" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "base64 0.22.1", "bdk", @@ -2627,7 +2627,7 @@ dependencies = [ [[package]] name = "parrot" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "graphql", "honeybadger", @@ -2730,7 +2730,7 @@ dependencies = [ [[package]] name = "pigeon" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "graphql", "honeybadger", @@ -3790,7 +3790,7 @@ dependencies = [ [[package]] name = "squirrel" version = "0.1.0" -source = "git+https://github.com/getlipa/wild?tag=v1.24.0#7fce8e6bb9cb4d672392ed6a2193b64a0d203777" +source = "git+https://github.com/getlipa/wild?tag=v1.25.0#06b231cd578addc00e1c49b4c02f3338b67e6c98" dependencies = [ "bdk", "graphql", diff --git a/Cargo.toml b/Cargo.toml index e76b3727..1aab48a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,14 +17,14 @@ name = "uniffi_lipalightninglib" parser = { path = "parser" } pocketclient = { path = "pocketclient" } -chameleon = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } -crow = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } -graphql = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } -honeybadger = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } -parrot = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } +chameleon = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } +crow = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } +graphql = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } +honeybadger = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } +parrot = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } perro = { git = "https://github.com/getlipa/perro", tag = "v1.2.0" } -pigeon = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } -squirrel = { git = "https://github.com/getlipa/wild", tag = "v1.24.0" } +pigeon = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } +squirrel = { git = "https://github.com/getlipa/wild", tag = "v1.25.0" } breez-sdk-core = { git = "https://github.com/andrei-21/breez-sdk", rev = "d2454cfb" } diff --git a/src/lib.rs b/src/lib.rs index cef70060..fc107720 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -88,7 +88,7 @@ pub use crate::secret::{generate_secret, mnemonic_to_secret, words_by_prefix, Se pub use crate::swap::{ FailedSwapInfo, ResolveFailedSwapInfo, SwapAddressInfo, SwapInfo, SwapToLightningFees, }; -use crate::symmetric_encryption::deterministic_encrypt; +use crate::symmetric_encryption::{decrypt, deterministic_encrypt, encrypt}; use crate::task_manager::TaskManager; use crate::util::{ replace_byte_arrays_by_hex_string, unix_timestamp_to_system_time, LogIgnoreError, @@ -286,6 +286,7 @@ pub struct LightningNode { environment: Environment, allowed_countries_country_iso_3166_1_alpha_2: Vec, phone_number_prefix_parser: PhoneNumberPrefixParser, + persistence_encryption_key: [u8; 32], } /// Contains the fee information for the options to resolve on-chain funds from channel closes. @@ -422,13 +423,10 @@ impl LightningNode { "Couldn't create a fiat topup client", )?; + let persistence_encryption_key = derive_persistence_encryption_key(&strong_typed_seed)?; let backup_client = RemoteBackupClient::new(environment.backend_url.clone(), Arc::clone(&async_auth)); - let backup_manager = BackupManager::new( - backup_client, - db_path, - derive_persistence_encryption_key(&strong_typed_seed)?, - ); + let backup_manager = BackupManager::new(backup_client, db_path, persistence_encryption_key); let task_manager = Arc::new(Mutex::new(TaskManager::new( rt.handle(), @@ -475,6 +473,7 @@ impl LightningNode { allowed_countries_country_iso_3166_1_alpha_2: config .phone_number_allowed_countries_iso_3166_1_alpha_2, phone_number_prefix_parser, + persistence_encryption_key, }) } @@ -2541,7 +2540,8 @@ impl LightningNode { /// /// Requires network: **yes** pub fn query_verified_phone_number(&self) -> Result> { - self.rt + let encrypted_number = self + .rt .handle() .block_on(pigeon::query_verified_phone_number( &self.environment.backend_url, @@ -2550,7 +2550,17 @@ impl LightningNode { .map_to_runtime_error( RuntimeErrorCode::AuthServiceUnavailable, "Failed to query verified phone number", - ) + )?; + if let Some(encrypted_number) = encrypted_number { + let encrypted_number = hex::decode(encrypted_number) + .map_to_permanent_failure("Failed to hex decode verified phone number")?; + let number = decrypt(&encrypted_number, &self.persistence_encryption_key)?; + let number = std::str::from_utf8(&number) + .map_to_permanent_failure("Failed to decrypt verified phone number")? + .to_string(); + return Ok(Some(number)); + } + Ok(None) } /// Start the verification process for a new phone number. This will trigger an SMS containing @@ -2567,12 +2577,19 @@ impl LightningNode { .parse_phone_number(phone_number) .map_to_invalid_input("Invalid phone number")?; + let encrypted_number = encrypt( + phone_number.e164.as_bytes(), + &self.persistence_encryption_key, + )?; + let encrypted_number = hex::encode(encrypted_number); + self.rt .handle() .block_on(pigeon::request_phone_number_verification( &self.environment.backend_url, &self.async_auth, phone_number.e164, + encrypted_number, )) .map_to_runtime_error( RuntimeErrorCode::AuthServiceUnavailable,