Normalize salt, iv, uuid params of .toV3() before encrypting

Previously if `salt`, `iv` and/or `uuid` options were supplied as strings to
`.toV3()` they would be passed to `pbkdf2Sync`/`scrypt` as strings, but during
decryption these options were always converted to Buffer instances such that
supplying strings resulted in runtime errors during encryption or output that
could not be decrypted.

This commit fixes the inconsistencies, guards against bad inputs, and also
makes encrypted output match up with the output of other wallet libraries, e.g.
`ethers`, whenever the equivalent encryption options are used consistently
across libraries.

.npmrc

@@ -0,0 +1 @@
+package-lock = false

package.json

@@ -60,8 +60,11 @@
     "@types/bn.js": "^4.11.5",
     "@types/mocha": "^5.2.7",
     "@types/node": "^12.0.10",
+    "@types/lodash.zip": "^4.2.6",
     "coveralls": "^3.0.0",
+    "ethers": "^4.0.33",
     "husky": "^2.1.0",
+    "lodash.zip": "^4.2.0",
     "mocha": "^5.2.0",
     "nyc": "^14.1.1",
     "prettier": "^1.15.3",

src/index.ts

@@ -9,6 +9,19 @@ const uuidv4 = require('uuid/v4')
 // parameters for the toV3() method
 
 interface V3Params {
+  kdf: string
+  cipher: string
+  salt: string | Buffer
+  iv: string | Buffer
+  uuid: string | Buffer
+  dklen: number
+  c: number
+  n: number
+  r: number
+  p: number
+}
+
+interface V3ParamsStrict {
   kdf: string
   cipher: string
   salt: Buffer
@@ -21,8 +34,40 @@ interface V3Params {
   p: number
 }
 
-function mergeToV3ParamsWithDefaults(params?: Partial<V3Params>): V3Params {
-  const v3Defaults: V3Params = {
+function validateHexString(paramName: string, str: string, length?: number) {
+  if (!str && typeof length !== 'number') {
+    return str
+  }
+  if (str.toLowerCase().startsWith('0x')) {
+    str = str.slice(2)
+  }
+  if (!/^[0-9a-f]{2}([0-9a-f]{2})*$/i.test(str)) {
+    const howMany = typeof length === 'number' ? length : 'empty or a non-zero even number of'
+    throw new Error(`Invalid ${paramName}, string must be ${howMany} hex characters`)
+  }
+  if (typeof length === 'number' && str.length !== length) {
+    throw new Error(`Invalid ${paramName}, string must be ${length} hex characters`)
+  }
+  return str
+}
+
+function validateBuffer(paramName: string, buff: Buffer, length?: number) {
+  if (!Buffer.isBuffer(buff)) {
+    const howManyHex =
+      typeof length === 'number' ? `${length * 2}` : 'empty or a non-zero even number of'
+    const howManyBytes = typeof length === 'number' ? ` (${length} bytes)` : ''
+    throw new Error(
+      `Invalid ${paramName}, must be a string (${howManyHex} hex characters) or buffer${howManyBytes}`,
+    )
+  }
+  if (typeof length === 'number' && buff.length !== length) {
+    throw new Error(`Invalid ${paramName}, buffer must be ${length} bytes`)
+  }
+  return buff
+}
+
+function mergeToV3ParamsWithDefaults(params?: Partial<V3Params>): V3ParamsStrict {
+  const v3Defaults: V3ParamsStrict = {
     cipher: 'aes-128-ctr',
     kdf: 'scrypt',
     salt: randomBytes(32),
@@ -38,17 +83,38 @@ function mergeToV3ParamsWithDefaults(params?: Partial<V3Params>): V3Params {
   if (!params) {
     return v3Defaults
   }
+
+  if (typeof params.salt === 'string') {
+    params.salt = Buffer.from(validateHexString('salt', params.salt), 'hex')
+  }
+  if (typeof params.iv === 'string') {
+    params.iv = Buffer.from(validateHexString('iv', params.iv, 32), 'hex')
+  }
+  if (typeof params.uuid === 'string') {
+    params.uuid = Buffer.from(validateHexString('uuid', params.uuid, 32), 'hex')
+  }
+
+  if (params.salt) {
+    validateBuffer('salt', params.salt)
+  }
+  if (params.iv) {
+    validateBuffer('iv', params.iv, 16)
+  }
+  if (params.uuid) {
+    validateBuffer('uuid', params.uuid, 16)
+  }
+
   return {
-    cipher: params.cipher || 'aes-128-ctr',
-    kdf: params.kdf || 'scrypt',
-    salt: params.salt || randomBytes(32),
-    iv: params.iv || randomBytes(16),
-    uuid: params.uuid || randomBytes(16),
-    dklen: params.dklen || 32,
-    c: params.c || 262144,
-    n: params.n || 262144,
-    r: params.r || 8,
-    p: params.p || 1,
+    cipher: params.cipher || v3Defaults.cipher,
+    kdf: params.kdf || v3Defaults.kdf,
+    salt: params.salt || v3Defaults.salt,
+    iv: params.iv || v3Defaults.iv,
+    uuid: params.uuid || v3Defaults.uuid,
+    dklen: params.dklen || v3Defaults.dklen,
+    c: params.c || v3Defaults.c,
+    n: params.n || v3Defaults.n,
+    r: params.r || v3Defaults.r,
+    p: params.p || v3Defaults.p,
   }
 }
 
@@ -60,6 +126,14 @@ const enum KDFFunctions {
 }
 
 interface ScryptKDFParams {
+  dklen: number
+  n: number
+  p: number
+  r: number
+  salt: Buffer
+}
+
+interface ScryptKDFParamsOut {
   dklen: number
   n: number
   p: number
@@ -68,27 +142,35 @@ interface ScryptKDFParams {
 }
 
 interface PBKDFParams {
+  c: number
+  dklen: number
+  prf: string
+  salt: Buffer
+}
+
+interface PBKDFParamsOut {
   c: number
   dklen: number
   prf: string
   salt: string
 }
 
 type KDFParams = ScryptKDFParams | PBKDFParams
+type KDFParamsOut = ScryptKDFParamsOut | PBKDFParamsOut
 
-function kdfParamsForPBKDF(opts: V3Params): PBKDFParams {
+function kdfParamsForPBKDF(opts: V3ParamsStrict): PBKDFParams {
   return {
     dklen: opts.dklen,
-    salt: opts.salt.toString('hex'),
+    salt: opts.salt,
     c: opts.c,
     prf: 'hmac-sha256',
   }
 }
 
-function kdfParamsForScrypt(opts: V3Params): ScryptKDFParams {
+function kdfParamsForScrypt(opts: V3ParamsStrict): ScryptKDFParams {
   return {
     dklen: opts.dklen,
-    salt: opts.salt.toString('hex'),
+    salt: opts.salt,
     n: opts.n,
     r: opts.r,
     p: opts.p,
@@ -130,7 +212,7 @@ interface V3Keystore {
     }
     ciphertext: string
     kdf: string
-    kdfparams: KDFParams
+    kdfparams: KDFParamsOut
     mac: string
   }
   id: string
@@ -361,6 +443,7 @@ export default class Wallet {
 
   // public instance methods
 
+  // tslint:disable-next-line
   public getPrivateKey(): Buffer {
     return this.privKey
   }
@@ -369,6 +452,7 @@ export default class Wallet {
     return ethUtil.bufferToHex(this.privKey)
   }
 
+  // tslint:disable-next-line
   public getPublicKey(): Buffer {
     return this.pubKey
   }
@@ -394,9 +478,9 @@ export default class Wallet {
       throw new Error('This is a public key only wallet')
     }
 
-    const v3Params: V3Params = mergeToV3ParamsWithDefaults(opts)
+    const v3Params: V3ParamsStrict = mergeToV3ParamsWithDefaults(opts)
 
-    let kdfParams: PBKDFParams | ScryptKDFParams
+    let kdfParams: KDFParams
     let derivedKey: Buffer
     switch (v3Params.kdf) {
       case KDFFunctions.PBKDF:
@@ -449,7 +533,10 @@ export default class Wallet {
         cipherparams: { iv: v3Params.iv.toString('hex') },
         cipher: v3Params.cipher,
         kdf: v3Params.kdf,
-        kdfparams: kdfParams,
+        kdfparams: {
+          ...kdfParams,
+          salt: kdfParams.salt.toString('hex'),
+        },
         mac: mac.toString('hex'),
       },
     }