forked from TrueCloudLab/neoneo-go
keys: clean temporary data during key imports
Don't leak anything this way.
This commit is contained in:
parent
74bf4a8e3f
commit
3c722a9498
3 changed files with 14 additions and 1 deletions
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||||
"golang.org/x/crypto/scrypt"
|
"golang.org/x/crypto/scrypt"
|
||||||
"golang.org/x/text/unicode/norm"
|
"golang.org/x/text/unicode/norm"
|
||||||
)
|
)
|
||||||
|
@ -52,10 +53,15 @@ func NEP2Encrypt(priv *PrivateKey, passphrase string, params ScryptParams) (s st
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return s, err
|
return s, err
|
||||||
}
|
}
|
||||||
|
defer slice.Clean(derivedKey)
|
||||||
|
|
||||||
derivedKey1 := derivedKey[:32]
|
derivedKey1 := derivedKey[:32]
|
||||||
derivedKey2 := derivedKey[32:]
|
derivedKey2 := derivedKey[32:]
|
||||||
xr := xor(priv.Bytes(), derivedKey1)
|
|
||||||
|
privBytes := priv.Bytes()
|
||||||
|
defer slice.Clean(privBytes)
|
||||||
|
xr := xor(privBytes, derivedKey1)
|
||||||
|
defer slice.Clean(xr)
|
||||||
|
|
||||||
encrypted, err := aesEncrypt(xr, derivedKey2)
|
encrypted, err := aesEncrypt(xr, derivedKey2)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -93,6 +99,7 @@ func NEP2Decrypt(key, passphrase string, params ScryptParams) (*PrivateKey, erro
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer slice.Clean(derivedKey)
|
||||||
|
|
||||||
derivedKey1 := derivedKey[:32]
|
derivedKey1 := derivedKey[:32]
|
||||||
derivedKey2 := derivedKey[32:]
|
derivedKey2 := derivedKey[32:]
|
||||||
|
@ -102,8 +109,10 @@ func NEP2Decrypt(key, passphrase string, params ScryptParams) (*PrivateKey, erro
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer slice.Clean(decrypted)
|
||||||
|
|
||||||
privBytes := xor(decrypted, derivedKey1)
|
privBytes := xor(decrypted, derivedKey1)
|
||||||
|
defer slice.Clean(privBytes)
|
||||||
|
|
||||||
// Rebuild the private key.
|
// Rebuild the private key.
|
||||||
privKey, err := NewPrivateKeyFromBytes(privBytes)
|
privKey, err := NewPrivateKeyFromBytes(privBytes)
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/btcsuite/btcd/btcec"
|
"github.com/btcsuite/btcd/btcec"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||||
"github.com/nspcc-dev/rfc6979"
|
"github.com/nspcc-dev/rfc6979"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -48,6 +49,7 @@ func NewPrivateKeyFromHex(str string) (*PrivateKey, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer slice.Clean(b)
|
||||||
return NewPrivateKeyFromBytes(b)
|
return NewPrivateKeyFromBytes(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -53,6 +54,7 @@ func WIFDecode(wif string, version byte) (*WIF, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
defer slice.Clean(b)
|
||||||
|
|
||||||
if version == 0x00 {
|
if version == 0x00 {
|
||||||
version = WIFVersion
|
version = WIFVersion
|
||||||
|
|
Loading…
Reference in a new issue