`ProveField` cleanups in `keystore` (#5050)

Cleanup for `ProveField` warnings in `keystore` module.
Note that `ProveField` is disabled by default in makefile, but sometimes
these pop up when doing a regular `nim c`, and cleaning these may allow
enabling the warning in some future.
This commit is contained in:
Etan Kissling 2023-06-15 14:53:42 +02:00 committed by GitHub
parent ce1503b51f
commit 142a3e91e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 8 deletions

View File

@ -855,16 +855,24 @@ proc decryptCryptoField*(crypto: Crypto, decKey: openArray[byte],
return DecryptionStatus.InvalidKeystore return DecryptionStatus.InvalidKeystore
if len(decKey) < keyLen: if len(decKey) < keyLen:
return DecryptionStatus.InvalidKeystore return DecryptionStatus.InvalidKeystore
let derivedChecksum = shaChecksum(decKey.toOpenArray(16, 31), let valid =
crypto.cipher.message.bytes) case crypto.checksum.function
if derivedChecksum != crypto.checksum.message: of sha256Checksum:
template params: auto {.used.} = crypto.checksum.params
template message: auto = crypto.checksum.message
message == shaChecksum(decKey.toOpenArray(16, 31),
crypto.cipher.message.bytes)
if not valid:
return DecryptionStatus.InvalidPassword return DecryptionStatus.InvalidPassword
var aesCipher: CTR[aes128] case crypto.cipher.function
outSecret.setLen(crypto.cipher.message.bytes.len) of aes128CtrCipher:
aesCipher.init(decKey.toOpenArray(0, 15), crypto.cipher.params.iv.bytes) template params: auto = crypto.cipher.params
aesCipher.decrypt(crypto.cipher.message.bytes, outSecret) var aesCipher: CTR[aes128]
aesCipher.clear() outSecret.setLen(crypto.cipher.message.bytes.len)
aesCipher.init(decKey.toOpenArray(0, 15), params.iv.bytes)
aesCipher.decrypt(crypto.cipher.message.bytes, outSecret)
aesCipher.clear()
DecryptionStatus.Success DecryptionStatus.Success
proc getDecryptionKey*(crypto: Crypto, password: KeystorePass, proc getDecryptionKey*(crypto: Crypto, password: KeystorePass,
@ -943,6 +951,7 @@ proc getSaltKey(keystore: Keystore, password: KeystorePass): KdfSaltKey =
proc `==`*(a, b: KdfSaltKey): bool {.borrow.} proc `==`*(a, b: KdfSaltKey): bool {.borrow.}
proc hash*(salt: KdfSaltKey): Hash {.borrow.} proc hash*(salt: KdfSaltKey): Hash {.borrow.}
{.push warning[ProveField]:off.}
func `==`*(a, b: Kdf): bool = func `==`*(a, b: Kdf): bool =
# We do not care about `message` field. # We do not care about `message` field.
if a.function != b.function: if a.function != b.function:
@ -961,6 +970,7 @@ func `==`*(a, b: Kdf): bool =
(aparams.p == bparams.p) and (aparams.r == bparams.r) and (aparams.p == bparams.p) and (aparams.r == bparams.r) and
(len(seq[byte](aparams.salt)) > 0) and (len(seq[byte](aparams.salt)) > 0) and
(seq[byte](aparams.salt) == seq[byte](bparams.salt)) (seq[byte](aparams.salt) == seq[byte](bparams.salt))
{.pop.}
func `==`*(a, b: Cipher): bool = func `==`*(a, b: Cipher): bool =
# We do not care about `params` and `message` fields. # We do not care about `params` and `message` fields.