From 43b3c6c8f4277aef3a188a48957b8abb8ae5facd Mon Sep 17 00:00:00 2001 From: librelois Date: Sat, 27 Feb 2021 22:13:48 +0100 Subject: [PATCH] fix(dubp): member account index require strong secret code --- Cargo.lock | 106 +++++++++++++++++------------- native/dubp_rs/Cargo.toml | 4 +- native/dubp_rs/src/dewif/bip32.rs | 19 ++++++ native/dubp_rs/src/error.rs | 12 ++-- native/dubp_rs/src/secret_code.rs | 8 +++ 5 files changed, 98 insertions(+), 51 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7aa0546..69a91e3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,33 +2,32 @@ # It is not intended for manual editing. [[package]] name = "aes" -version = "0.4.0" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7001367fde4c768a19d1029f0a8be5abd9308e1119846d5bd9ad26297b8faf5" +checksum = "884391ef1066acaa41e766ba8f596341b96e93ce34f9a43e7d24bf0a0eaf0561" dependencies = [ "aes-soft", "aesni", - "block-cipher", + "cipher", ] [[package]] name = "aes-soft" -version = "0.4.0" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4925647ee64e5056cf231608957ce7c81e12d6d6e316b9ce1404778cc1d35fa7" +checksum = "be14c7498ea50828a38d0e24a765ed2effe92a705885b57d029cd67d45744072" dependencies = [ - "block-cipher", - "byteorder", + "cipher", "opaque-debug", ] [[package]] name = "aesni" -version = "0.7.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d050d39b0b7688b3a3254394c3e30a9d66c41dcf9b05b0e2dbdc623f6505d264" +checksum = "ea2e11f5e94c2f7d386164cc2aa1f97823fed6f259e486940a71c174dd01b0ce" dependencies = [ - "block-cipher", + "cipher", "opaque-debug", ] @@ -81,9 +80,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.12.3" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff" +checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" [[package]] name = "bitflags" @@ -106,20 +105,11 @@ dependencies = [ "digest", ] -[[package]] -name = "block-cipher" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa136449e765dc7faa244561ccae839c394048667929af599b5d931ebe7b7f10" -dependencies = [ - "generic-array", -] - [[package]] name = "bs58" -version = "0.3.1" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "476e9cd489f9e121e02ffa6014a8ef220ecb15c05ed23fc34cca13925dc283fb" +checksum = "771fe0050b883fcc3ea2359b1a96bcfbc090b7116eae7c3c512c7a083fdf23d3" [[package]] name = "bumpalo" @@ -129,9 +119,9 @@ checksum = "63396b8a4b9de3f4fdfb320ab6080762242f66a8ef174c49d8e19b674db4cdbe" [[package]] name = "byteorder" -version = "1.3.4" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de" +checksum = "ae44d1a3d5a19df61dd0c8beb138458ac2a53a7ac09eba97d55592540004306b" [[package]] name = "cbindgen" @@ -169,6 +159,15 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cipher" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801" +dependencies = [ + "generic-array", +] + [[package]] name = "clang" version = "0.24.0" @@ -222,9 +221,9 @@ dependencies = [ [[package]] name = "cryptoxide" -version = "0.3.0" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2824e117f942b77e942b14162316711d66f07d14b0f37a44fa4b4cad592b8fa" +checksum = "46212f5d1792f89c3e866fb10636139464060110c568edd7f73ab5e9f736c26d" [[package]] name = "dart-bindgen" @@ -261,9 +260,9 @@ dependencies = [ [[package]] name = "dup-crypto" -version = "0.43.2" +version = "0.44.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5612539417a1204863d10dda1cb313fe7a34da8596d30fa93da8af125c928abb" +checksum = "e4281497a99e7bb67d54800671558d707c48ca35320f8c5747fb0eda4d8cbc71" dependencies = [ "aes", "arrayvec", @@ -273,7 +272,7 @@ dependencies = [ "byteorder", "cryptoxide", "ed25519-bip32", - "getrandom", + "getrandom 0.2.2", "once_cell", "ring", "serde", @@ -335,7 +334,18 @@ checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" dependencies = [ "cfg-if 1.0.0", "libc", - "wasi", + "wasi 0.9.0+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" +dependencies = [ + "cfg-if 1.0.0", + "libc", + "wasi 0.10.2+wasi-snapshot-preview1", ] [[package]] @@ -425,9 +435,9 @@ checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0" [[package]] name = "opaque-debug" -version = "0.2.3" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "ppv-lite86" @@ -459,7 +469,7 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" dependencies = [ - "getrandom", + "getrandom 0.1.16", "libc", "rand_chacha", "rand_core", @@ -482,7 +492,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" dependencies = [ - "getrandom", + "getrandom 0.1.16", ] [[package]] @@ -538,18 +548,18 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "serde" -version = "1.0.118" +version = "1.0.123" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06c64263859d87aa2eb554587e2d23183398d617427327cf2b3d0ed8c69e4800" +checksum = "92d5161132722baa40d802cc70b15262b98258453e85e5d1d365c757c73869ae" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.118" +version = "1.0.123" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c84d3526699cd55261af4b941e4e725444df67aa4f9e6a3564f18030d12672df" +checksum = "9391c295d64fc0abb2c556bad848f33cb8296276b1ad2677d1ae1ace4f258f31" dependencies = [ "proc-macro2", "quote", @@ -596,9 +606,9 @@ checksum = "1e81da0851ada1f3e9d4312c704aa4f8806f0f9d69faaf8df2f3464b4a9437c2" [[package]] name = "syn" -version = "1.0.57" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4211ce9909eb971f111059df92c45640aad50a619cf55cd76476be803c4c68e6" +checksum = "c700597eca8a5a762beb35753ef6b94df201c81cca676604f547495a0d7f0081" dependencies = [ "proc-macro2", "quote", @@ -642,18 +652,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.23" +version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76cc616c6abf8c8928e2fdcc0dbfab37175edd8fb49a4641066ad1364fdab146" +checksum = "e0f4a65597094d4483ddaed134f409b2cb7c1beccf25201a9f73c719254fa98e" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.23" +version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9be73a2caec27583d0046ef3796c3794f868a5bc813db689eed00c7631275cd1" +checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0" dependencies = [ "proc-macro2", "quote", @@ -717,6 +727,12 @@ version = "0.9.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" +[[package]] +name = "wasi" +version = "0.10.2+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" + [[package]] name = "wasm-bindgen" version = "0.2.70" diff --git a/native/dubp_rs/Cargo.toml b/native/dubp_rs/Cargo.toml index 8d19598..6468d2e 100644 --- a/native/dubp_rs/Cargo.toml +++ b/native/dubp_rs/Cargo.toml @@ -11,10 +11,10 @@ crate-type = ["rlib"] [dependencies] allo-isolate = "0.1.6" -dup-crypto = { version = "0.43.2", features = ["bip32-ed25519", "dewif", "mnemonic", "mnemonic_french", "scrypt"] } +dup-crypto = { version = "0.44.0", features = ["bip32-ed25519", "dewif", "mnemonic", "mnemonic_french", "scrypt"] } fast-threadpool = { version = "0.3.0", default-features = false } once_cell = { version = "1.3.1", default-features = false, features = ["std"] } -thiserror = "1.0.23" +thiserror = "1.0.24" [build-dependencies] cbindgen = "0.14.3" diff --git a/native/dubp_rs/src/dewif/bip32.rs b/native/dubp_rs/src/dewif/bip32.rs index 374dcaf..1fa982c 100644 --- a/native/dubp_rs/src/dewif/bip32.rs +++ b/native/dubp_rs/src/dewif/bip32.rs @@ -15,12 +15,31 @@ use crate::*; +const MEMBER_ACCOUNT_INDEX: u32 = 0; + pub(crate) fn get_accounts_pubkeys( currency: Currency, dewif: &str, secret_code: &str, accounts_indexs: Vec, ) -> Result, DubpError> { + if accounts_indexs.contains( + &DerivationIndex::hard(MEMBER_ACCOUNT_INDEX).map_err(DubpError::InvalidDerivationIndex)?, + ) { + if crate::secret_code::is_ascii_letters(secret_code) { + let log_n = + dup_crypto::dewif::read_dewif_log_n(ExpectedCurrency::Specific(currency), dewif) + .map_err(DubpError::DewifReadError)?; + let expected_secret_code_len = + crate::secret_code::compute_secret_code_len(true, SecretCodeType::Letters, log_n)?; + + if secret_code.len() < expected_secret_code_len { + return Err(DubpError::SecretCodeTooShort); + } + } else { + return Err(DubpError::InvalidSecretCodeType); + } + } let mut keypairs = dup_crypto::dewif::read_dewif_file_content( ExpectedCurrency::Specific(currency), dewif, diff --git a/native/dubp_rs/src/error.rs b/native/dubp_rs/src/error.rs index 379a48c..33f60a6 100644 --- a/native/dubp_rs/src/error.rs +++ b/native/dubp_rs/src/error.rs @@ -22,20 +22,24 @@ use crate::*; pub(crate) enum DubpError { #[error("{0}")] DewifReadError(DewifReadError), - #[error("I/O error: {0}")] - IoErr(io::Error), - #[error("{0}")] - InvalidDerivationIndex(InvalidDerivationIndex), #[error("Digits secret code forbid for member wallet")] DigitsCodeForbidForMemberWallet, #[error("It is forbidden to retrieve the master public key of an HD wallet.")] GetMasterPubkeyOfHdWallet, + #[error("I/O error: {0}")] + IoErr(io::Error), + #[error("{0}")] + InvalidDerivationIndex(InvalidDerivationIndex), + #[error("Invalid secret code type")] + InvalidSecretCodeType, #[error("this wallet is not an HD wallet")] NotHdWallet, #[error("this account index is not a transparent account index")] NotTransparentAccountIndex, #[error("A given parameter is null")] NullParamErr, + #[error("Secret code too short: please change your secret code")] + SecretCodeTooShort, #[error("fail to generate random bytes")] RandErr, #[error("Unknown currency name")] diff --git a/native/dubp_rs/src/secret_code.rs b/native/dubp_rs/src/secret_code.rs index 2020b37..ae42d23 100644 --- a/native/dubp_rs/src/secret_code.rs +++ b/native/dubp_rs/src/secret_code.rs @@ -58,6 +58,14 @@ pub(crate) fn gen_secret_code( } } +pub(crate) fn is_ascii_letters(secret_code: &str) -> bool { + secret_code.len() + == secret_code + .chars() + .filter(|char| char.is_ascii_alphabetic()) + .count() +} + fn gen_random_digits(n: usize) -> Result { let mut digits_string = dup_crypto::rand::gen_u32() .map_err(|_| DubpError::RandErr)?