Qortal/altcoinj
3
0
Fork 0
mirror of https://github.com/Qortal/altcoinj.git synced 2025-02-12 10:15:52 +00:00
Code Issues Projects Releases Wiki Activity

HDW: Fix a decryption bug where we were (again) accidentally relying on padding checks to detect wrong passwords. Check the watching key derives correctly to fix.

Browse Source
This commit is contained in:
Mike Hearn 2014-04-22 22:14:21 +02:00
parent 24e41f01c6
commit b374ba5108
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/java/com/google/bitcoin/crypto/DeterministicKey.java
View File

@ -289,6 +289,9 @@ public class DeterministicKey extends ECKey {
return checkNotNull(downCursor.priv); return checkNotNull(downCursor.priv);
} }
/**
* Derives a child at the given index (note: not the "i" value).
*/
public DeterministicKey derive(int child) { public DeterministicKey derive(int child) {
return HDKeyDerivation.deriveChildKey(this, new ChildNumber(child, true)); return HDKeyDerivation.deriveChildKey(this, new ChildNumber(child, true));
} }

3
core/src/main/java/com/google/bitcoin/wallet/DeterministicKeyChain.java
View File

@ -553,6 +553,9 @@ public class DeterministicKeyChain implements EncryptableKeyChain {
checkState(seed.isEncrypted()); checkState(seed.isEncrypted());
DeterministicSeed decSeed = seed.decrypt(getKeyCrypter(), aesKey); DeterministicSeed decSeed = seed.decrypt(getKeyCrypter(), aesKey);
DeterministicKeyChain chain = new DeterministicKeyChain(decSeed); DeterministicKeyChain chain = new DeterministicKeyChain(decSeed);
// Now double check that the keys match to catch the case where the key is wrong but padding didn't catch it.
if (!chain.getWatchingKey().getPubKeyPoint().equals(getWatchingKey().getPubKeyPoint()))
throw new KeyCrypterException("Provided AES key is wrong");
chain.lookaheadSize = lookaheadSize; chain.lookaheadSize = lookaheadSize;
// Now copy the (pubkey only) leaf keys across to avoid rederiving them. The private key bytes are missing // Now copy the (pubkey only) leaf keys across to avoid rederiving them. The private key bytes are missing
// anyway so there's nothing to decrypt. // anyway so there's nothing to decrypt.

5
core/src/test/java/com/google/bitcoin/wallet/KeyChainGroupTest.java
View File

@ -27,6 +27,7 @@ import com.google.bitcoin.utils.BriefLogFormatter;
import com.google.bitcoin.utils.Threading; import com.google.bitcoin.utils.Threading;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import org.bitcoinj.wallet.Protos; import org.bitcoinj.wallet.Protos;
import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.spongycastle.crypto.params.KeyParameter; import org.spongycastle.crypto.params.KeyParameter;
@ -43,7 +44,8 @@ public class KeyChainGroupTest {
private static final int LOOKAHEAD_SIZE = 5; private static final int LOOKAHEAD_SIZE = 5;
private KeyChainGroup group; private KeyChainGroup group;
public KeyChainGroupTest() { @Before
public void setup() {
BriefLogFormatter.init(); BriefLogFormatter.init();
Utils.setMockClock(); Utils.setMockClock();
group = new KeyChainGroup(); group = new KeyChainGroup();
@ -92,7 +94,6 @@ public class KeyChainGroupTest {
@Test @Test
public void findKey() throws Exception { public void findKey() throws Exception {
ECKey a = group.freshKey(KeyChain.KeyPurpose.RECEIVE_FUNDS); ECKey a = group.freshKey(KeyChain.KeyPurpose.RECEIVE_FUNDS);
assertTrue(a instanceof DeterministicKey);
ECKey b = group.freshKey(KeyChain.KeyPurpose.CHANGE); ECKey b = group.freshKey(KeyChain.KeyPurpose.CHANGE);
ECKey c = new ECKey(); ECKey c = new ECKey();
ECKey d = new ECKey(); // Not imported. ECKey d = new ECKey(); // Not imported.