lukechilds
/
BlueWallet
mirror of https://github.com/lukechilds/BlueWallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

FIX: BIP38 should reject invalid passwords

receivehooks
Overtorment 5 years ago
parent
20ff1c8871
commit
463bf9feb4
3 changed files with 20 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      blue_modules/bip38/index.js
  2. 2
      package-lock.json
  3. 11
      tests/unit/Bip38.test.js

8
blue_modules/bip38/index.js
View File

@ -146,6 +146,7 @@ async function decrypt (string, passphrase, progressCallback, scryptParams) {
async function decryptECMult (buffer, passphrase, progressCallback, scryptParams) {
passphrase = Buffer.from(passphrase, 'utf8')
const bufferOrig = buffer;
buffer = buffer.slice(1) // FIXME: we can avoid this
scryptParams = scryptParams || SCRYPT_PARAMS
@ -212,6 +213,13 @@ async function decryptECMult (buffer, passphrase, progressCallback, scryptParams
// d = passFactor * factorB (mod n)
var d = passInt.multiply(factorB).mod(curve.n)
// added by overtorment: see https://github.com/bitcoinjs/bip38/issues/60
// verify salt matches address
var address = getAddress(d, compressed)
var checksum = hash256(address).slice(0, 4)
var salt = bufferOrig.slice(3, 7)
assert.deepEqual(salt, checksum)
return {
privateKey: d.toBuffer(32),
compressed: compressed

2
package-lock.json
View File

@ -11562,7 +11562,7 @@
"from": "git+https://github.com/BlueWallet/react-native-biometrics.git#2.0.0"
},
"react-native-blue-crypto": {
"version": "git+https://github.com/Overtorment/react-native-blue-crypto.git#30a0a054c634033cb3d0247a0a18a95fd616e45e",
"version": "git+https://github.com/Overtorment/react-native-blue-crypto.git#21d4d914a0170adb79e009f36539b90bd25f7669",
"from": "git+https://github.com/Overtorment/react-native-blue-crypto.git"
},
"react-native-camera": {

11
tests/unit/Bip38.test.js
View File

@ -31,6 +31,8 @@ it('bip38 decodes slow', async () => {
let encryptedKey = '6PnU5voARjBBykwSddwCdcn6Eu9EcsK24Gs5zWxbJbPZYW7eiYQP8XgKbN';
let callbackWasCalled = false;
let decryptedKey = await bip38.decrypt(encryptedKey, 'qwerty', () => {
// callbacks make sense only with pure js scrypt implementation (nodejs and browsers).
// on RN scrypt is handled by native module and takes ~4 secs
callbackWasCalled = true;
});
assert.ok(callbackWasCalled);
@ -39,4 +41,13 @@ it('bip38 decodes slow', async () => {
wif.encode(0x80, decryptedKey.privateKey, decryptedKey.compressed),
'KxqRtpd9vFju297ACPKHrGkgXuberTveZPXbRDiQ3MXZycSQYtjc',
);
let wasError = false;
try {
await bip38.decrypt(encryptedKey, 'a');
} catch (_) {
wasError = true;
}
assert.ok(wasError);
});

Write Preview
Loading…
Cancel
Save