Merge pull request #43 from multiversx/add-extra-check-decrypt-secret…

…-key Added extra check when decrypting secret key
multiversx · Dec 7, 2023 · 0b9d2b8 · 0b9d2b8
2 parents bbdfd56 + 5c9ce42
commit 0b9d2b8
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 5 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-wallet",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "Wallet components for MultiversX",
   "main": "out/index.js",
   "types": "out/index.d.js",

diff --git a/src/testdata/withDummySecretKey.json b/src/testdata/withDummySecretKey.json
@@ -0,0 +1,23 @@
+{
+    "version": 4,
+    "kind": "secretKey",
+    "id": "c1d4b111-b8d2-4916-a213-bcfd237edd29",
+    "address": "0139472eff6886771a982f3083da5d421f24c29181e63888228dc81ca60d69e1",
+    "bech32": "erd1qyu5wthldzr8wx5c9ucg8kjagg0jfs53s8nr3zpz3hypefsdd8ssycr6th",
+    "crypto": {
+        "ciphertext": "75fbe213fc1964ce03100cf7d873748edf83a02631c8af9abdb23d210b9a2a15940bea2e56718f7bd710a938df5eb424c629e6a39b6ee056ed80d6e5f3b97791",
+        "cipherparams": {
+            "iv": "226d13be12373603af2b4edefcaa436f"
+        },
+        "cipher": "aes-128-ctr",
+        "kdf": "scrypt",
+        "kdfparams": {
+            "dklen": 32,
+            "salt": "d57862c212bac142a89da97fb9bf9f5c91c8e8ddba952262dafe928e1c8a9906",
+            "n": 4096,
+            "r": 8,
+            "p": 1
+        },
+        "mac": "5bab92263237c5d595f565622dd2e61ea3dfd43580cecda7fd2f42d469b42e7f"
+    }
+}
diff --git a/src/userWallet.ts b/src/userWallet.ts
@@ -95,7 +95,11 @@ export class UserWallet {
      * From an encrypted keyfile, given the password, loads the secret key and the public key.
      */
     static decryptSecretKey(keyFileObject: any, password: string): UserSecretKey {
-        // Here, we do not check the "kind" field. Older keystore files (holding only secret keys) do not have this field.
+        // Here, we check the "kind" field only for files that have it. Older keystore files (holding only secret keys) do not have this field.
+        const kind = keyFileObject.kind;
+        if (kind && kind !== UserWalletKind.SecretKey){
+            throw new Err(`Expected keystore kind to be ${UserWalletKind.SecretKey}, but it was ${kind}.`);
+        }
 
         const encryptedData = UserWallet.edFromJSON(keyFileObject);
 
@@ -111,7 +115,7 @@ export class UserWallet {
 
     static decryptMnemonic(keyFileObject: any, password: string): Mnemonic {
         if (keyFileObject.kind != UserWalletKind.Mnemonic) {
-            throw new Err(`Expected kind to be ${UserWalletKind.Mnemonic}, but it was ${keyFileObject.kind}.`);
+            throw new Err(`Expected keystore kind to be ${UserWalletKind.Mnemonic}, but it was ${keyFileObject.kind}.`);
         }
 
         const encryptedData = UserWallet.edFromJSON(keyFileObject);

diff --git a/src/users.spec.ts b/src/users.spec.ts
@@ -327,11 +327,25 @@ describe("test user wallets", () => {
     it("should create UserSigner from wallet", async function () {
         const keyFileObjectWithoutKind = await loadTestKeystore("withoutKind.json");
         const keyFileObjectWithMnemonic = await loadTestKeystore("withDummyMnemonic.json");
+        const keyFileObjectWithSecretKey = await loadTestKeystore("withDummySecretKey.json");
 
         assert.equal(UserSigner.fromWallet(keyFileObjectWithoutKind, password).getAddress().bech32(), "erd1qyu5wthldzr8wx5c9ucg8kjagg0jfs53s8nr3zpz3hypefsdd8ssycr6th");
         assert.equal(UserSigner.fromWallet(keyFileObjectWithMnemonic, password).getAddress().bech32(), "erd1qyu5wthldzr8wx5c9ucg8kjagg0jfs53s8nr3zpz3hypefsdd8ssycr6th");
+        assert.equal(UserSigner.fromWallet(keyFileObjectWithSecretKey, password).getAddress().bech32(), "erd1qyu5wthldzr8wx5c9ucg8kjagg0jfs53s8nr3zpz3hypefsdd8ssycr6th");
         assert.equal(UserSigner.fromWallet(keyFileObjectWithMnemonic, password, 0).getAddress().bech32(), "erd1qyu5wthldzr8wx5c9ucg8kjagg0jfs53s8nr3zpz3hypefsdd8ssycr6th");
         assert.equal(UserSigner.fromWallet(keyFileObjectWithMnemonic, password, 1).getAddress().bech32(), "erd1spyavw0956vq68xj8y4tenjpq2wd5a9p2c6j8gsz7ztyrnpxrruqzu66jx");
         assert.equal(UserSigner.fromWallet(keyFileObjectWithMnemonic, password, 2).getAddress().bech32(), "erd1k2s324ww2g0yj38qn2ch2jwctdy8mnfxep94q9arncc6xecg3xaq6mjse8");
     });
+
+    it("should throw error when decrypting secret key with keystore-mnemonic file", async function () {
+        const userWallet = UserWallet.fromMnemonic({
+            mnemonic: DummyMnemonic,
+            password: ``
+        });
+        const keystoreMnemonic = userWallet.toJSON();
+
+        assert.throws(() => {
+            UserWallet.decryptSecretKey(keystoreMnemonic, ``)
+        }, `Expected keystore kind to be secretKey, but it was mnemonic.`);
+    });
 });