forked from TrueCloudLab/neoneo-go
keys: clean temporary data during key imports
Don't leak anything this way.
This commit is contained in:
Roman Khimov
parent
74bf4a8e3f
commit
3c722a9498
3 changed files with 14 additions and 1 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||
"golang.org/x/crypto/scrypt"
|
||||
"golang.org/x/text/unicode/norm"
|
||||
)
|
||||
|
|
@ -52,10 +53,15 @@ func NEP2Encrypt(priv *PrivateKey, passphrase string, params ScryptParams) (s st
|
|||
if err != nil {
|
||||
return s, err
|
||||
}
|
||||
defer slice.Clean(derivedKey)
|
||||
|
||||
derivedKey1 := derivedKey[:32]
|
||||
derivedKey2 := derivedKey[32:]
|
||||
xr := xor(priv.Bytes(), derivedKey1)
|
||||
|
||||
privBytes := priv.Bytes()
|
||||
defer slice.Clean(privBytes)
|
||||
xr := xor(privBytes, derivedKey1)
|
||||
defer slice.Clean(xr)
|
||||
|
||||
encrypted, err := aesEncrypt(xr, derivedKey2)
|
||||
if err != nil {
|
||||
|
|
@ -93,6 +99,7 @@ func NEP2Decrypt(key, passphrase string, params ScryptParams) (*PrivateKey, erro
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer slice.Clean(derivedKey)
|
||||
|
||||
derivedKey1 := derivedKey[:32]
|
||||
derivedKey2 := derivedKey[32:]
|
||||
|
|
@ -102,8 +109,10 @@ func NEP2Decrypt(key, passphrase string, params ScryptParams) (*PrivateKey, erro
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer slice.Clean(decrypted)
|
||||
|
||||
privBytes := xor(decrypted, derivedKey1)
|
||||
defer slice.Clean(privBytes)
|
||||
|
||||
// Rebuild the private key.
|
||||
privKey, err := NewPrivateKeyFromBytes(privBytes)
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/btcsuite/btcd/btcec"
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||
"github.com/nspcc-dev/rfc6979"
|
||||
)
|
||||
|
||||
|
|
@ -48,6 +49,7 @@ func NewPrivateKeyFromHex(str string) (*PrivateKey, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer slice.Clean(b)
|
||||
return NewPrivateKeyFromBytes(b)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -53,6 +54,7 @@ func WIFDecode(wif string, version byte) (*WIF, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer slice.Clean(b)
|
||||
|
||||
if version == 0x00 {
|
||||
version = WIFVersion
|
||||
|
|
|
|||
Loading…
Reference in a new issue