diff --git a/client/asset/eth/eth.go b/client/asset/eth/eth.go index 1f0dbba87c..61dd3dd297 100644 --- a/client/asset/eth/eth.go +++ b/client/asset/eth/eth.go @@ -120,11 +120,13 @@ var ( findRedemptionCoinID = []byte("FindRedemption Coin") - seedDerivationPath = []uint32{hdkeychain.HardenedKeyStart + 44, - hdkeychain.HardenedKeyStart + 60, - hdkeychain.HardenedKeyStart, - 0, - 0} + seedDerivationPath = []uint32{ + hdkeychain.HardenedKeyStart + 44, // purpose 44' for HD wallets + hdkeychain.HardenedKeyStart + 60, // eth coin type 60' + hdkeychain.HardenedKeyStart, // account 0' + 0, // branch 0 + 0, // index 0 + } ) // WalletConfig are wallet-level configuration settings. @@ -342,11 +344,10 @@ func CreateWallet(createWalletParams *asset.CreateWalletParams) error { } extKey, err := keygen.GenDeepChild(createWalletParams.Seed, seedDerivationPath) - defer extKey.Zero() if err != nil { return err } - + defer extKey.Zero() privateKey, err := extKey.SerializedPrivKey() defer encode.ClearBytes(privateKey) if err != nil { @@ -2107,10 +2108,10 @@ func (w *TokenWallet) EstimateRegistrationTxFee(feeRate uint64) uint64 { // various external wallets. func (w *assetWallet) RestorationInfo(seed []byte) ([]*asset.WalletRestoration, error) { extKey, err := keygen.GenDeepChild(seed, seedDerivationPath) - defer extKey.Zero() if err != nil { return nil, err } + defer extKey.Zero() privateKey, err := extKey.SerializedPrivKey() defer encode.ClearBytes(privateKey) if err != nil { @@ -2119,9 +2120,14 @@ func (w *assetWallet) RestorationInfo(seed []byte) ([]*asset.WalletRestoration, return []*asset.WalletRestoration{ &asset.WalletRestoration{ - Target: "MetaMask", - Seed: hex.EncodeToString(privateKey), - Instructions: "1. Open the settings menu\n2. Select \"Import Account\"\n3. Make sure \"Private Key\" is selected and paste the seed into the box", + Target: "MetaMask", + Seed: hex.EncodeToString(privateKey), + Instructions: "Accounts can be imported by private key only if MetaMask has already be initialized. " + + "If this is your first time installing MetaMask, create a new wallet and secret recovery phrase. " + + "Then, to import your DEX account into MetaMask, follow the steps below:\n" + + `1. Open the settings menu + 2. Select "Import Account" + 3. Make sure "Private Key" is selected, and paste the private key above into the box`, }, }, nil } diff --git a/client/core/core.go b/client/core/core.go index b93e52bd19..056cb17e5b 100644 --- a/client/core/core.go +++ b/client/core/core.go @@ -7032,11 +7032,13 @@ func (c *Core) WalletRestorationInfo(pw []byte, assetID uint32) ([]*asset.Wallet if err != nil { return nil, fmt.Errorf("WalletRestorationInfo password error: %w", err) } + defer crypter.Close() seed, _, err := c.assetSeedAndPass(assetID, crypter) if err != nil { return nil, fmt.Errorf("assetSeedAndPass error: %w", err) } + defer encode.ClearBytes(seed) wallet, found := c.wallet(assetID) if !found { diff --git a/client/webserver/api.go b/client/webserver/api.go index 83128c55d4..96b29b1716 100644 --- a/client/webserver/api.go +++ b/client/webserver/api.go @@ -426,6 +426,7 @@ func (s *WebServer) apiRestoreWalletInfo(w http.ResponseWriter, r *http.Request) AssetID uint32 Pass encode.PassBytes }{} + defer form.Pass.Clear() if !readPost(w, r, form) { return } @@ -456,7 +457,6 @@ func (s *WebServer) apiAccountDisable(w http.ResponseWriter, r *http.Request) { // Disable account. err := s.core.AccountDisable(form.Pass, form.Host) - zero(form.Pass) if err != nil { s.writeAPIError(w, fmt.Errorf("error disabling account: %w", err)) return diff --git a/dex/keygen/keygen.go b/dex/keygen/keygen.go index 5fb0e6fa19..620dce8395 100644 --- a/dex/keygen/keygen.go +++ b/dex/keygen/keygen.go @@ -20,10 +20,10 @@ func (*RootKeyParams) HDPubKeyVersion() [4]byte { // GenDeepChild derives the leaf of a path of children from a root extended key. func GenDeepChild(seed []byte, kids []uint32) (*hdkeychain.ExtendedKey, error) { root, err := hdkeychain.NewMaster(seed, &RootKeyParams{}) - defer root.Zero() if err != nil { return nil, err } + defer root.Zero() genChild := func(parent *hdkeychain.ExtendedKey, childIdx uint32) (*hdkeychain.ExtendedKey, error) { err := hdkeychain.ErrInvalidChild for err == hdkeychain.ErrInvalidChild {