reject malformed keystore files (#3201)

PBKDF2 based keystore files are required to have `dklen >= 32`. This patch ensures that keystores not fulfilling that requirement are properly rejected.
2021-12-15 19:55:11 +01:00 · 2021-12-15 19:55:11 +01:00 · 0037e6b89c
parent 0f44d2eff7
commit 0037e6b89c
1 changed files with 6 additions and 3 deletions
--- a/beacon_chain/spec/keystore.nim
+++ b/beacon_chain/spec/keystore.nim
@ -596,16 +596,17 @@ func scrypt(password: openArray[char], salt: openArray[byte],
  discard scrypt(password, salt, N, r, p, xyv, b, result)

 func areValid(params: Pbkdf2Params): bool =
-  # https://www.ietf.org/rfc/rfc2898.txt
-  if params.c == 0 or params.dkLen == 0 or params.salt.bytes.len == 0:
+  if params.c == 0 or params.dkLen < 32 or params.salt.bytes.len == 0:
    return false

+  # https://www.ietf.org/rfc/rfc2898.txt
  let hLen = case params.prf
    of HmacSha256: 256 / 8
-
  params.dklen <= high(uint32).uint64 * hLen.uint64

 func areValid(params: ScryptParams): bool =
+  static: doAssert scryptParams.dklen >= 32
+
  params.dklen == scryptParams.dklen and
  params.n == scryptParams.n and
  params.r == scryptParams.r and
@ -615,6 +616,8 @@ func areValid(params: ScryptParams): bool =
 proc decryptCryptoField*(crypto: Crypto,
                         password: KeystorePass,
                         outSecret: var seq[byte]): DecryptionStatus =
+  # https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition
+
  if crypto.cipher.message.bytes.len == 0:
    return InvalidKeystore