LaconicNetwork/cosmos-sdk
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

fix: xsalsa20 decryptsimmetric (#15000)

Browse Source
This commit is contained in:
Julián Toledano 2023-02-13 11:03:49 +01:00 committed by GitHub
parent a90569c7e4
commit cee91a5fc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/armor.go
View File

@ -200,7 +200,7 @@ func decryptPrivKey(saltBytes []byte, encBytes []byte, passphrase string) (privK
key = crypto.Sha256(key) // Get 32 bytes
privKeyBytes, err := xsalsa20symmetric.DecryptSymmetric(encBytes, key)
if err != nil && err.Error() == "Ciphertext decryption failed" {
if err != nil && err == xsalsa20symmetric.ErrCiphertextDecrypt {
return privKey, sdkerrors.ErrWrongPassword
} else if err != nil {
return privKey, err

7
crypto/keyring/keyring_test.go
View File

@ -23,6 +23,7 @@ import (
"github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1"
"github.com/cosmos/cosmos-sdk/crypto/types"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/cosmos/cosmos-sdk/types/tx/signing"
)
@ -436,7 +437,7 @@ func TestKeyringKeybaseExportImportPrivKey(t *testing.T) {
// try import the key - wrong password
err = kb.ImportPrivKey("john2", keystr, "bad pass")
require.Equal(t, "failed to decrypt private key: ciphertext decryption failed", err.Error())
require.True(t, errors.Is(err, sdkerrors.ErrWrongPassword))
// try import the key with the correct password
require.NoError(t, kb.ImportPrivKey("john2", keystr, "somepassword"))
@ -1248,7 +1249,7 @@ func TestAltKeyring_ImportExportPrivKey(t *testing.T) {
newUID := otherID
// Should fail importing with wrong password
err = kr.ImportPrivKey(newUID, armor, "wrongPass")
require.EqualError(t, err, "failed to decrypt private key: ciphertext decryption failed")
require.True(t, errors.Is(err, sdkerrors.ErrWrongPassword))
err = kr.ImportPrivKey(newUID, armor, passphrase)
require.NoError(t, err)
@ -1278,7 +1279,7 @@ func TestAltKeyring_ImportExportPrivKey_ByAddress(t *testing.T) {
newUID := otherID
// Should fail importing with wrong password
err = kr.ImportPrivKey(newUID, armor, "wrongPass")
require.EqualError(t, err, "failed to decrypt private key: ciphertext decryption failed")
require.True(t, errors.Is(err, sdkerrors.ErrWrongPassword))
err = kr.ImportPrivKey(newUID, armor, passphrase)
require.NoError(t, err)

4
crypto/xsalsa20symmetric/symmetric.go
View File

@ -15,6 +15,8 @@ const (
secretLen = 32
)
var ErrCiphertextDecrypt = errors.New("ciphertext decryption failed")
// secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase))
// The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) {
@ -49,7 +51,7 @@ func DecryptSymmetric(ciphertext []byte, secret []byte) (plaintext []byte, err e
plaintext = make([]byte, len(ciphertext)-nonceLen-secretbox.Overhead)
_, ok := secretbox.Open(plaintext[:0], ciphertext[nonceLen:], &nonceArr, &secretArr)
if !ok {
return nil, errors.New("ciphertext decryption failed")
return nil, ErrCiphertextDecrypt
}
return plaintext, nil
}